Patch Name: PHNE_29460 Patch Description: s700_800 11.00 ftpd(1M) and ftp(1) patch Creation Date: 04/01/30 Post Date: 04/02/10 Hardware Platforms - OS Releases: s700: 11.00 s800: 11.00 Products: N/A Filesets: InternetSrvcs.INETSVCS-RUN,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP InternetSrvcs.INET-ENG-A-MAN,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP Automatic Reboot?: No Status: General Release Critical: No (superseded patches were critical) PHNE_23949: ABORT Category Tags: defect_repair enhancement general_release critical halts_system Path Name: /hp-ux_patches/s700_800/11.X/PHNE_29460 Symptoms: PHNE_29460: 1. JAGae85593/SR8606323128. Under certain conditions ftpd does not work properly. 2. JAGae58493/SR8606294799. 'get' command of ftp does not function properly. 3. JAGae21322/SR8606257010. In an FTP session, when the command "ls" is executed with the pathname of any file followed by "/.", FTP displays the long listing of the file instead of displaying the error message "not found". For instance, when "ls /etc/passwd/." is issued in an FTP session, the long listing of the file "/etc/passwd" is displayed. 4. JAGae02255/SR8606233030. When an ftp patch PHNE_23949 or any of its preceding patches is installed in a system where a higher version of ftpd, such as wu-ftpd 2.6 is installed and enabled, the system reports swverify error for certain ftp product files. PHNE_23949: 1. JAGad28151/SR8606158821. In Secure Internet Services environment ftp client dumps core while interacting with the KDC. 2. JAGad28158/SR8606158828. In Secure Internet Services environment ftp exits with the following error message: Authentication data (ADAT) exchange failed. 3. JAGad62651/SR8606193439. ftpd does not function properly for some commands. 4. JAGad64866/SR8606195662. swverify logs error messages for few manpages after installing 11.00 install media. PHNE_21936: 1. JAGac95166/SR8606130295. In an ftp session if ls command is run for a file that does not exist, then "not found" error message does not appear. 2. JAGad05557/SR8606136433. There is a 3 second delay in displaying the ftp login prompt. 3. JAGad12040/SR8606142685. The ftpd does not function properly. 4. JAGab14503/SR8606156747. ER: Compilation and code changes for ftpd to reduce memory usage to improve the performance of ftpd. 5. JAGad07683/SR8606138481. The suppresshostname and suppressbanner options in the ftpd configuration file, ftpaccess, are not working as expected. 6. JAGad17009/SR8606147667 The ftpd manpage mentions sub-logins are available, but that facility does not exist. PHNE_20714: 1. JAGac40026. Size of the renamed file is wrong if rename is done across file systems and the destination file exists and is greater than the source file. 2. JAGab84556. The size of the file transferred is always logged as zero in the xferlog file. 3. JAGac78389. During the deinstall phase PHNE_18377 tries to delete the definition of the file /etc/ftpd/ftpusers from the fileset "InternetSrvcs.INETSVCS-RUN" even though the file does not exist in this fileset. PHNE_20783: Site specific patch. 1. JAGac40026. Size of the renamed file is wrong if rename is done across file systems and the destination file exists and is greater than the source file. PHNE_18377: 1. wu-ftpd guest logins cause unnecessary syslog messages. 2. ftpd does not work with PAM. 3. Enhancement request to suppress the banner when connecting to ftpd. 4. ftpd does not correctly calculate the file size with files > 2 gigabytes 5. Ftp cannot rename across file systems. 6. ftpd fails to restart a transfer from an offset. 7. ftpd server does not function properly. 8. The ftp client does not function properly. PHNE_18354: * When PHNE_17188 is installed on a clean system where any of the previous ftp patches are not installed, a directory named /1 will be created. PHNE_17188: * Swverify reports errors on the patch. * In ascii mode the ftp server does not respond correctly to the "size" command. * Using "|" as stdin for "put" fails when calling sendfile() in bin mode. * New WU-ftp on 11.0 is attempting to log to /etc/wtmpx. * Syslog shows error when closing connection for anonymous ftp. * ftp client does not function properly. PHNE_17106: * Patch postinstall script gets "bad system call" error. PHNE_14479: * ftp: problem with passing files. * FTP Newer command does not work as documented if file does not exist. * FTP:don't get error message if filesystem gets full. * Proxy Get command not working. * ftpd does not allow ports under 1024 even with -p option. * FTP giving error 425:Can't create data socket. * have inbound/outbound transfer logging in ftpd. * FTP Newer command has problem handling dates. * ftp (binary) "put" command in 11.0 with hash on prints only one "#" * Have ftp support logon banners. * Have anon. ftp like account on a per user basis. Defect Description: PHNE_29460: 1. JAGae85593/SR8606323128. Under certain conditions ftpd does not work properly. Resolution: * Code has now been modified to rectify the problem. 2. JAGae58493/SR8606294799. 'get' command of ftp does not function properly. Resolution: * Code changes have been made to fix the problem. 3. JAGae21322/SR8606257010. The trailing pattern "/." in the pathname is ignored by the function which handles the malformed pathnames. This causes the "ls" command to misinterpret the pathname. Resolution: * Code has been modified to ensure that the trailing pattern "/." in the pathname is not ignored, and "ls" command identifies the pathname properly. 4. JAGae02255/SR8606233030. While installing an ftp patch PHNE_23949 or any of its preceding patches, the patch control script does not verify if a higher version of ftpd is installed and enabled in the system. Hence, the system reports swverify errors because the certain ftp product files are not backed up and the Installed Product Database (IPD) is also not updated. Resolution: * The patch control script now checks if a higher version of ftpd is installed and enabled in the system both while installing and removing the patch. The ftp patch is not installed or removed if a higher version of ftpd is enabled in the system. Hence, the system does not report any swverify errors. PHNE_23949: 1. JAGad28151/SR8606158821. In Secure Internet Services environment, while interacting with different KDCs ftp was receiving more than 1024 bytes of data. ftp was not handling this properly. Resolution: * ftp client's buffer size has been increased to handle upto 4096 bytes of data coming from KDC and proper check has been made so that ftp does not dump core. 2. JAGad28158/SR8606158828. In Secure Internet Services environment, while interacting with different KDCs, ftpd was receiving ADAT command with more than 1024 bytes of data which ftpd was unable to recognize. Resolution: * Now ftpd allows upto 4096 bytes command size to ADAT command. 3. JAGad62651/SR8606193439. ftpd does not function properly for some commands. Resolution: * Code changes have been made to fix the problem. 4. JAGad64866/SR8606195662. /sbin/init.d/inetsvcs file which is provided by Internet Services Project was modifying a few of the man pages to include Kerberos information and was not updating the IPD for those man pages. Resolution: * Now inetsvcs file is modified to update IPD for the changed man pages. PHNE_21936: 1. JAGac95166/SR8606130295. stderr is closed for all the commands except STAT command of ftpd. Thus, ftp was not getting error message for ls command from ftpd. Resolution: * Now stderr is open for ls command. 2. JAGad05557/SR8606136433. While resolving the hostname, if name resolution fails ftp server sleeps for 3 seconds and after 3 seconds it tries again to resolve the hostname. Thus there is a 3 second delay in displaying the ftp login prompt. Resolution: * Now ftpd sleeps only if the name resolution failure is temporary, otherwise it does not sleep and the prompt is displayed immediately. 3. JAGad12040/SR8606142685. The ftpd does not function properly. Resolution: * Code changes are made to fix the problem. 4. JAGab14503/SR8606156747. The ftpd was consuming more memory and swap space. Resolution: * Compilation changes and code changes are done to reduce memory usage, thereby improving the performance of ftpd. 5. JAGad07683/SR8606138481. All the options in the ftpaccess files are stored in a linked list.Each node stores one option entry. Before searching for the entry, the pointer variable which is passed has to be initialized to NULL. This is not done. Resolution: * Now the variable is initialized to NULL, before searching any option of the ftpaccess file which is stored in the linked list. 6. JAGad17009/SR8606147667 The ftpd sub-login facility has been removed and the corresponding man page updation is not done. Resolution: * The ftpd man page has been revised by removing the sub-login information. PHNE_20714: 1. JAGac40026. The existence of the destination file was not checked prior to the execution of the rename. Resolution: * The code to check and delete the destination file was added. 2. JAGab84556. The byte count of the transfer was not being updated when the "get " command was given. Resolution: * The code was changed to update the byte count during data transfer. 3. JAGac78389. The postremove script of PHNE_18377 does not check for the existence of the file in the Installed Product Database before removing it. Resolution: * The postinstall and postremove scripts have been modified to resolve this problem. PHNE_20783: 1. JAGac40026. The existence of the destination file was not checked prior to the execution of the rename. Resolution: * The code to check and delete the destination file was added. PHNE_18377: 1. The Pam session was not closed before doing a chroot to the guest users home directory. Resolution: * The Pam session is closed before doing a chroot to the guest users home directory. 2. Ftpd would try to re-authenticate the user using PAM from the /etc/passwd file and would fail. Resolution: * Code change made to avoid the re-authentication. 3. The machine name being printed in the ftpd banner should be suppressed. Resolution: * Added a new clause "suppresshostname" to ftpaccess, the ftpd configuration file, which if set to "yes" suppresses the machine name in the ftpd banner. 4. The wrong conversion character was used in the format string to define the filesize. Resolution: * The conversion character in the format was changed to the offset_uformat macro. 5. The renamecmd() in ftpd did not check to see if the rename was across different logical devices. Resolution: * The check for a different logical device and the code to copy the files across different logical devices was added. 6. The format of the conversion character used in the reply string was wrong. Resolution: * Changed the conversion character of the format string to the macro offset_uformat. 7. The ftpd server does not function properly. Resolution: * Code change was done to fix the problem. 8. The ftp client does not function properly. Resolution: * Code change was made to fix the problem. PHNE_18354: * The preinstall and postinstall scripts of the patch PHNE_17188 were responsible for these defect since there were spaces between 1 and > while redirecting the output of mkdir commands. Resolution: * An extra space between 1 and > while redirecting the output of mkdir command in postinstall and postremove scripts creates the directory /1. The space between 1 and > is removed to fix this problem. PHNE_17188: * /sbin/init.d/inetsvcs concatenates the ftp and ftpd manpages unnecessarily. * In ascii mode the response to the size command is a string "offset_uformat" instead of the file size. * A pipe's file descriptor cannot be passed to sendfile system call. So sendfile was not used for transferring files. * ftpd was trying to log into /etc/wtmpx file instead of /etc/wtmp file. * A PAM session is not opened for anonymous ftp, but ftpd was trying to close the session while closing the connection. * ftp client does not function properly. PHNE_17106: * Patch installation scripts should use only those commands which are available in /usr/sbin. PHNE_14479: * ftp: problem with passing files. * FTP Newer command does not work as documented if file does not exist. * FTP:don't get error message if filesystem gets full. * Proxy Get command not working. * ftpd does not allow ports under 1024 even with -p option. * FTP giving error 425:Can't create data socket. * have inbound/outbound transfer logging in ftpd. * FTP Newer command has problem handling dates. * ftp (binary) "put" command in 11.0 with hash on prints only one "#" * Have ftp support logon banners. * Have anon. ftp like account on a per user basis. Enhancement: No (superseded patches contained enhancements) PHNE_21936: Enhancement request to improve the performance of ftpd by reducing its memory usage. PHNE_18377: Enhancement request to suppress the machine name in the banner displayed while connecting to ftpd. PHNE_14479: Enhancement request to enable a new version of ftpd. Additional enhancements like ftp logon banners and anonymous like accounts on a per user basis were also introduced through this patch. SR: 8606323128 8606294799 8606257010 8606233030 8606158821 8606158828 8606193439 8606195662 8606130295 8606136433 8606142685 8606156747 8606138481 8606147667 8606112243 8606127587 8606124643 5003455543 5003464115 1653296475 1653301077 1653299495 8606196702 8606105026 8606109374 4701424416 8606196700 5003440339 5003440347 5003428946 4701415174 4701409938 8606196696 4701373696 5003369611 1653232942 1653245852 1653254193 5003386581 8606196694 1653245845 1653250944 5003389122 1653174136 8606196692 Patch Files: InternetSrvcs.INETSVCS-RUN,fr=B.11.00, fa=HP-UX_B.11.00_32/64,v=HP: /usr/bin/ftp /usr/lbin/ftpd /usr/bin/ftpcount /usr/bin/ftpshut /usr/bin/ftprestart /usr/bin/ckconfig /usr/newconfig/etc/ftpd/ftpaccess /usr/newconfig/etc/ftpd/ftpconversions /usr/newconfig/etc/ftpd/ftpgroups /usr/newconfig/etc/ftpd/ftphosts /usr/share/doc/RelNotes_newftp.txt /sbin/init.d/inetsvcs InternetSrvcs.INET-ENG-A-MAN,fr=B.11.00, fa=HP-UX_B.11.00_32/64,v=HP: /usr/share/man/man1.Z/ftp.1 /usr/share/man/man1.Z/kftp.1 /usr/share/man/man1m.Z/ftpd.1m /usr/share/man/man1m.Z/kftpd.1m /usr/share/man/man1.Z/ftpcount.1 /usr/share/man/man1.Z/ftpwho.1 /usr/share/man/man1.Z/ftpshut.1 /usr/share/man/man1.Z/ftprestart.1 /usr/share/man/man1.Z/ckconfig.1 /usr/share/man/man4.Z/ftpusers.4 /usr/share/man/man4.Z/ftpaccess.4 /usr/share/man/man4.Z/ftpconversions.4 /usr/share/man/man4.Z/ftpgroups.4 /usr/share/man/man4.Z/ftphosts.4 /usr/share/man/man5.Z/xferlog.5 what(1) Output: InternetSrvcs.INETSVCS-RUN,fr=B.11.00, fa=HP-UX_B.11.00_32/64,v=HP: /usr/bin/ftp: Copyright (c) 1985, 1989 Regents of the University o f California. main.c based on 5.13 (Berkeley) 3/14/89 cmds.c 5.18 (Berkeley) 4/20/89 Revision 1.1.214.8 Wed Dec 17 11:42:40 GMT 2003 ftp.c 5.28 (Berkeley) 4/20/89 cmdtab.c 5.9 (Berkeley) 3/21/89 glob.c 5.7 (Berkeley) 12/14/88 ruserpass.c 5.1 (Berkeley) 3/1/89 domacro.c 1.6 (Berkeley) 2/28/89 /usr/lbin/ftpd: $Id: ftpd.c,v 1.22 1996/04/15 05:51:04 sob Exp sob $ based on ftpd.c 5.40 (Berkeley) 7/2/91 Copyright (c) 1985, 1988, 1990 Regents of the Univer sity of California. $Id: ftpcmd.y,v 1.8 1996/03/15 06:26:20 sob Exp $ ba sed on ftpcmd.y 5.24 (Berkeley) 2/25/91 Revision 1.1.214.9 Wed Dec 17 11:41:58 GMT 2003 $Id: glob.c,v 1.6 1996/03/16 04:00:06 sob Exp $ from glob.c 5.9 (Berkeley) 2/25/91 popen.c 5.9 (Berkeley) 2/25/91 $Id: logwtmp.c,v 1.7 1995/10/15 06:35:17 sob Exp $ logwtmp.c 5.7 (Berkeley) 2/25/91 $Id: access.c,v 1.8 1996/03/15 07:29:08 sob Exp $ $Id: extensions.c,v 1.16 1996/03/15 06:26:20 sob Exp $ $Id: realpath.c,v 1.7 1996/03/15 08:15:56 sob Exp $ $Id: private.c,v 1.6 1995/12/11 09:20:19 sob Exp $ /usr/bin/ftpcount: Revision 1.1.214.2 Mon May 11 12:21:14 GMT 1998 /usr/bin/ftpshut: Revision 1.1.214.2 Mon May 11 12:21:14 GMT 1998 /usr/bin/ftprestart: Revision 1.1.214.2 Mon May 11 12:21:14 GMT 1998 /usr/bin/ckconfig: None /usr/newconfig/etc/ftpd/ftpaccess: None /usr/newconfig/etc/ftpd/ftpconversions: None /usr/newconfig/etc/ftpd/ftpgroups: None /usr/newconfig/etc/ftpd/ftphosts: None /usr/share/doc/RelNotes_newftp.txt: None /sbin/init.d/inetsvcs: $Revision: 1.1.214.5 $ InternetSrvcs.INET-ENG-A-MAN,fr=B.11.00, fa=HP-UX_B.11.00_32/64,v=HP: /usr/share/man/man1.Z/ftp.1: None /usr/share/man/man1.Z/kftp.1: None /usr/share/man/man1m.Z/ftpd.1m: None /usr/share/man/man1m.Z/kftpd.1m: None /usr/share/man/man1.Z/ftpcount.1: None /usr/share/man/man1.Z/ftpwho.1: None /usr/share/man/man1.Z/ftpshut.1: None /usr/share/man/man1.Z/ftprestart.1: None /usr/share/man/man1.Z/ckconfig.1: None /usr/share/man/man4.Z/ftpusers.4: None /usr/share/man/man4.Z/ftpaccess.4: None /usr/share/man/man4.Z/ftpconversions.4: None /usr/share/man/man4.Z/ftpgroups.4: None /usr/share/man/man4.Z/ftphosts.4: None /usr/share/man/man5.Z/xferlog.5: None cksum(1) Output: InternetSrvcs.INETSVCS-RUN,fr=B.11.00, fa=HP-UX_B.11.00_32/64,v=HP: 2279942798 114688 /usr/bin/ftp 2211311493 151552 /usr/lbin/ftpd 120867078 20480 /usr/bin/ftpcount 3144509903 20480 /usr/bin/ftpshut 216301279 20480 /usr/bin/ftprestart 1696028592 20480 /usr/bin/ckconfig 2530493535 1710 /usr/newconfig/etc/ftpd/ftpaccess 843320757 321 /usr/newconfig/etc/ftpd/ftpconversions 348098628 118 /usr/newconfig/etc/ftpd/ftpgroups 1821506561 190 /usr/newconfig/etc/ftpd/ftphosts 3978870043 35302 /usr/share/doc/RelNotes_newftp.txt 146235130 2374 /sbin/init.d/inetsvcs InternetSrvcs.INET-ENG-A-MAN,fr=B.11.00, fa=HP-UX_B.11.00_32/64,v=HP: 852902322 19893 /usr/share/man/man1.Z/ftp.1 3547424081 10867 /usr/share/man/man1.Z/kftp.1 2619053066 13520 /usr/share/man/man1m.Z/ftpd.1m 1306417349 7695 /usr/share/man/man1m.Z/kftpd.1m 1098911474 619 /usr/share/man/man1.Z/ftpcount.1 3909842611 623 /usr/share/man/man1.Z/ftpwho.1 297592968 1930 /usr/share/man/man1.Z/ftpshut.1 3526917656 718 /usr/share/man/man1.Z/ftprestart.1 2269010262 700 /usr/share/man/man1.Z/ckconfig.1 4003849439 1084 /usr/share/man/man4.Z/ftpusers.4 2793542921 8679 /usr/share/man/man4.Z/ftpaccess.4 1437776495 1696 /usr/share/man/man4.Z/ftpconversions.4 3787830717 1267 /usr/share/man/man4.Z/ftpgroups.4 1257697957 741 /usr/share/man/man4.Z/ftphosts.4 337216578 1783 /usr/share/man/man5.Z/xferlog.5 Patch Conflicts: None Patch Dependencies: None Hardware Dependencies: None Other Dependencies: None Supersedes: PHNE_14479 PHNE_17106 PHNE_17188 PHNE_18354 PHNE_18377 PHNE_20783 PHNE_20714 PHNE_21936 PHNE_23949 Equivalent Patches: PHNE_29461: s700: 11.11 s800: 11.11 Patch Package Size: 310 KBytes Installation Instructions: Please review all instructions and the Hewlett-Packard SupportLine User Guide or your Hewlett-Packard support terms and conditions for precautions, scope of license, restrictions, and, limitation of liability and warranties, before installing this patch. ------------------------------------------------------------ 1. Back up your system before installing a patch. 2. Login as root. 3. Copy the patch to the /tmp directory. 4. Move to the /tmp directory and unshar the patch: cd /tmp sh PHNE_29460 5. Run swinstall to install the patch: swinstall -x autoreboot=true -x patch_match_target=true \ -s /tmp/PHNE_29460.depot By default swinstall will archive the original software in /var/adm/sw/save/PHNE_29460. If you do not wish to retain a copy of the original software, include the patch_save_files option in the swinstall command above: -x patch_save_files=false WARNING: If patch_save_files is false when a patch is installed, the patch cannot be deinstalled. Please be careful when using this feature. For future reference, the contents of the PHNE_29460.text file is available in the product readme: swlist -l product -a readme -d @ /tmp/PHNE_29460.depot To put this patch on a magnetic tape and install from the tape drive, use the command: dd if=/tmp/PHNE_29460.depot of=/dev/rmt/0m bs=2k Special Installation Instructions: Existing installations do not have to modify their ftp configuration unless they want to use the new features. There is one exception; there is a difference in the ftp daemon options between legacy ftp and the new June 1998 version of ftp. In the older version of ftp, the -A option enables Kerberos authentication. In the new version of ftp, the -K option enables Kerberos authentication, and the -A option is used to disable the ftpaccess file. So if you are using Kerberos authentication, you will need to edit /etc/inetd.conf to change the existing -A option to -K. This version of FTP has some new configuration files that can be used to take advantage of new functionality. Sample of the new configuration files are provided in /usr/newconfig/etc/ftpd. You can edit these files as per your need and copy them to the location /etc/ftpd. You can get information on the new features introduced by this new version of ftpd from the file: /usr/share/doc/RelNotes_newftp.txt NOTE: 1. WU-ftpd does not support sublogins on anonymous ftp. 2. Two new options, "suppresshostname" and "suppressversion" have been added to the ftpaccess file (ftpd configuration file). More details on these can be found in the ftpaccess(4) manpage.