Patch Name: PHNE_29774 Patch Description: s700_800 11.11 sendmail(1m) 8.9.3 patch Creation Date: 03/11/03 Post Date: 03/11/27 Hardware Platforms - OS Releases: s700: 11.11 s800: 11.11 Products: N/A Filesets: InternetSrvcs.INETSVCS-RUN,fr=B.11.11,fa=HP-UX_B.11.11_32/64,v=HP InternetSrvcs.INET-ENG-A-MAN,fr=B.11.11,fa=HP-UX_B.11.11_32/64,v=HP Automatic Reboot?: No Status: General Release Critical: No (superseded patches were critical) PHNE_28761: ABORT Category Tags: defect_repair general_release critical halts_system manual_dependencies Path Name: /hp-ux_patches/s700_800/11.X/PHNE_29774 Symptoms: PHNE_29774: SR 8606330618 / CR JAGae91741: 1. Under some circumstances, Sendmail does not parse the headers properly. SR 8606331548 / CR JAGae92668: 2. Under certain circumstances, Sendmail does not parse some rulesets properly. PHNE_28810: SR 8606314706 / CR JAGae77457: 1. Information present in manpages delivered with PHNE_28761 is incorrect. PHNE_28761: SR 8606268804 / CR JAGae33040: 1. Under certain conditions, sendmail or its associated utilities may not operate properly. SR 8606269073 / CR JAGae33308: 2. Under certain conditions, sendmail does not terminate/restart properly. SR 8606294401 / CR JAGae58098: 3. In some cases, sendmail does not parse the mail headers properly. SR 8606284379 / CR JAGae48326: 4. Under certain conditions, sendmail does not process the mail queue properly. SR 8606300319 / CR JAGae63788: 5. Sendmail logs transient parse errors on the console. SR 8606305635 / CR JAGae68683: 6. In some cases, sendmail does not parse the headers properly. SR 8606305628 / CR JAGae68676: 7. In some cases, sendmail relays mails illegally. PHNE_26305: SR 8606194375 / CR JAGad63585: 1. When there is a large number of active TCP connections, 'ndd' invoked by identd holds the TCP lock for over a minute. This causes a Transfer Of Control(TOC). SR 8606248880/ CR JAGae15277 2. identd terminates on receiving a SIGPIPE signal and it does not log an appropriate error message in the syslog file. SR 8606267547/JAGae31789 3. Sendmail does not log the transient error message, "Name server timeout" in the log file while processing the mail queue. PHNE_25184: SR 8606189011 / CR JAGad58227: 1. When a user searches for aliases using nis+, the search will fail. SR 8606213171 / CR JAGad82359: 2. Sendmail can mishandle addresses in "Diagnostic-Code:" warning message. Defect Description: PHNE_29774: SR 8606330618 / CR JAGae91741: 1. Under some circumstances, Sendmail does not parse the headers properly. Resolution: Code has now been modified to fix the problem. SR 8606331548 / CR JAGae92668: 2. Under certain circumstances, Sendmail does not parse some rulesets properly. Resolution: Code has now been modified to fix the problem. PHNE_28810: SR 8606314706 / CR JAGae77457: 1. The patch PHNE_28761 contains an incorrect version of manpages. Resolution: The correct version of the manpages are included in the current patch PHNE_28810. PHNE_28761: SR 8606268804 / CR JAGae33040: 1. Under certain conditions, sendmail or its associated utilities may not operate properly. Resolution: Code has now been modified to fix the problem. SR 8606269073 / CR JAGae33308: 2. Due to a race condition, sendmail does not terminate/restart properly. Resolution: Code has now been modified to fix the problem. SR 8606294401 / CR JAGae58098: 3. In some cases, sendmail does not parse the mail headers properly. Resolution : The code has been modified to parse the mail headers properly. SR 8606284379 / CR JAGae48326: 4. Under certain conditions, sendmail does not process the mail queue properly. Resolution: Use /usr/newconfig/etc/mail/sendmail.cf as the base configuration file (/etc/mail/sendmail.cf) with site-specific changes as required and restart the sendmail daemon. SR 8606300319 / CR JAGae63788: 5. Transient parse error notifications are displayed on the console. Resolution: The error messages are now logged as a LOG_INFO message at Loglevel >8, when the option "AlertTmpFailure" is disabled or commented out in the sendmail configuration file /etc/mail/sendmail.cf. SR 8606305635 / CR JAGae68683: 6. In some cases, sendmail does not parse the headers properly. Resolution: The code has been modified to parse the headers properly. SR 8606305628 / CR JAGae68676: 7. Sendmail illegally relays mails with specially quoted recipient address. Resolution: A new ruleset has been added in the /usr/newconfig/etc/mail/sendmail.cf file to strip quotes in the recipient address and disallow illegal relaying caused by specially quoted recipient address. Use /usr/newconfig/etc/mail/sendmail.cf as base configuration file (/etc/mail/sendmail.cf) with site-specific changes as required and restart the sendmail daemon. PHNE_26305: SR 8606194375 / CR JAGad63585: 1. identd uses 'ndd' to get the credentials of the remote owner of a TCP connection and when a large number of active TCP connections is present in the system, ndd causes TOC. Resolution: The identd code has been modified to use a new ioctl() command instead of 'ndd' to avoid TOC. SR 8606248880/ CR JAGae15277 2. identd does not contain any specific signal handler to handle the signal SIGPIPE and identd terminates, as the default behavior of SIGPIPE is to terminate the process. Resolution: A signal handler has now been included in identd to handle the signal SIGPIPE. Hence, identd terminates with an appropriate error message logged as LOG_DEBUG in the syslog file as: "SIGPIPE triggered, exiting" The error message is logged only if the `-l' option is given as an argument to identd. SR 8606267547/JAGae31789 3. When Sendmail is unable to resolve the address of the host using the name service, a transient error "Name Server Timeout" occurs. This error is displayed on the terminal and is not logged in syslog file. The default syslog file is /var/adm/syslog/mail.log. Resolution : Sendmail now logs the transient error messages in the syslog file when the option "AlertTmpFailure" is enabled in the sendmail configuration file /etc/mail/sendmail.cf. The error messages are logged as a LOG_ALERT message at Loglevel >=2, and contain the status information as specified below: stat= "Transient parse error -- message queued for future delivery" To enable this option in the Configuration file the following steps need to be performed: a) Use /usr/newconfig/etc/mail/sendmail.cf as the base Sendmail configuration file (/etc/mail/sendmail.cf) with site-specific changes as required. b) Edit "#O AlertTmpFailure=False" entry in the /etc/mail/sendmail.cf as: O AlertTmpFailure=True c) Restart the Sendmail daemon. To make the sendmail configuration file compatible with lower versions of this patch, the "AlertTmpFailure" option must be removed or commented in the sendmail.cf file. PHNE_25184: SR 8606189011 / CR JAGad58227: 1. In sendmail-8.9.3, an alias search using nis+ fails due to incorrect compilation flag. Resolution: Sendmail-8.9.3 is now built with an appropriate compilation flag. SR 8606213171 / CR JAGad82359: 2. Sendmail can mishandle addresses in "Diagnostic-Code:" warning message. Resolution: The code has been modified to resolve this problem. Enhancement: No SR: 8606330618 8606331548 8606314706 8606194375 8606248880 8606267547 8606189011 8606213171 8606268804 8606269073 8606294401 8606284379 8606300319 8606305635 8606305628 Patch Files: InternetSrvcs.INETSVCS-RUN,fr=B.11.11, fa=HP-UX_B.11.11_32/64,v=HP: /usr/sbin/sendmail /usr/sbin/makemap /usr/sbin/mailstats /usr/lbin/identd /usr/sbin/itest /usr/sbin/killsm /usr/newconfig/etc/mail/convert_awk /usr/newconfig/etc/mail/cf/README /usr/newconfig/etc/mail/cf/cf/gen_cf /usr/newconfig/etc/mail/cf/cf/generic-hpux10.cf /usr/newconfig/etc/mail/sendmail.cf /usr/newconfig/etc/mail/cf/m4/cfhead.m4 /usr/newconfig/etc/mail/cf/m4/proto.m4 /usr/share/doc/LICENSE.SMAIL893 InternetSrvcs.INET-ENG-A-MAN,fr=B.11.11, fa=HP-UX_B.11.11_32/64,v=HP: /usr/share/man/man1m.Z/sendmail.1m /usr/share/man/man1m.Z/identd.1m /usr/share/man/man1.Z/mailstats.1 /usr/share/man/man1.Z/praliases.1 /usr/share/man/man1m.Z/killsm.1m what(1) Output: InternetSrvcs.INETSVCS-RUN,fr=B.11.11, fa=HP-UX_B.11.11_32/64,v=HP: /usr/sbin/sendmail: Copyright (c) 1998 HEWLETT PACKARD COMPANY and its l icensors, including Sendmail, Inc., and the Regents of the University of California. All rights reserved. version.c 8.9.3.1 (Berkeley) 10/10/2003 (PHNE_ 29774) /usr/sbin/makemap: makemap.c 8.71 (Berkeley) 03/26/2003 (PHNE_288 10) /usr/sbin/mailstats: mailstats.c 8.29 (Berkeley) 03/26/2003 (PHNE_288 10) Copyright (c) 1988, 1993 /usr/sbin/killsm: killsm 03/26/2003 PHNE_28810 /usr/lbin/identd: $Revision identd 2.7.4 (PHNE_26305) $ /usr/sbin/itest: $Revision itest 2.7.4 (PHNE_26305) $ /usr/newconfig/etc/mail/cf/cf/generic-hpux10.cf: cfhead.m4 8.23 (Berkeley) 03/26/2003 ##### cf.m4 8.29 (Berkeley) 5/19/1998 ##### generic-hpux10.mc 8.8 (Berkeley) 5/19/1998 ## ### hpux10.m4 8.14 (Berkeley) 10/6/1998 ##### generic.m4 8.9 (Berkeley) 5/19/1998 ##### redirect.m4 8.10 (Berkeley) 5/19/1998 ##### use_cw_file.m4 8.6 (Berkeley) 5/19/1998 ##### domaintable.m4 8.9 (Berkeley) 10/6/1998 ##### mailertable.m4 8.10 (Berkeley) 10/6/1998 ##### genericstable.m4 8.8 (Berkeley) 10/6/1998 ## ### virtusertable.m4 8.8 (Berkeley) 10/6/1998 ## ### always_add_domain.m4 8.6 (Berkeley) 5/19/1998 ## ### proto.m4 8.243 (Berkeley) 03/26/2003 ##### local.m4 8.30 (Berkeley) 6/30/1998 ##### smtp.m4 8.38 (Berkeley) 5/19/1998 ##### uucp.m4 8.30 (Berkeley) 5/19/1998 ##### /usr/newconfig/etc/mail/sendmail.cf: cfhead.m4 8.23 (Berkeley) 03/26/2003 ##### cf.m4 8.29 (Berkeley) 5/19/1998 ##### generic-hpux10.mc 8.8 (Berkeley) 5/19/1998 ## ### hpux10.m4 8.14 (Berkeley) 10/6/1998 ##### generic.m4 8.9 (Berkeley) 5/19/1998 ##### redirect.m4 8.10 (Berkeley) 5/19/1998 ##### use_cw_file.m4 8.6 (Berkeley) 5/19/1998 ##### domaintable.m4 8.9 (Berkeley) 10/6/1998 ##### mailertable.m4 8.10 (Berkeley) 10/6/1998 ##### genericstable.m4 8.8 (Berkeley) 10/6/1998 ## ### virtusertable.m4 8.8 (Berkeley) 10/6/1998 ## ### always_add_domain.m4 8.6 (Berkeley) 5/19/1998 ## ### proto.m4 8.243 (Berkeley) 03/26/2003 ##### local.m4 8.30 (Berkeley) 6/30/1998 ##### smtp.m4 8.38 (Berkeley) 5/19/1998 ##### uucp.m4 8.30 (Berkeley) 5/19/1998 ##### /usr/newconfig/etc/mail/cf/README: README 8.186 (Berkeley) 03/26/2003 /usr/newconfig/etc/mail/convert_awk: None /usr/newconfig/etc/mail/cf/cf/gen_cf: None /usr/newconfig/etc/mail/cf/m4/cfhead.m4: cfhead.m4 8.23 (Berkeley) 03/26/2003') /usr/newconfig/etc/mail/cf/m4/proto.m4: proto.m4 8.243 (Berkeley) 03/26/2003') /usr/share/doc/LICENSE.SMAIL893: None InternetSrvcs.INET-ENG-A-MAN,fr=B.11.11, fa=HP-UX_B.11.11_32/64,v=HP: /usr/share/man/man1m.Z/sendmail.1m: None /usr/share/man/man1m.Z/identd.1m: None /usr/share/man/man1.Z/mailstats.1: None /usr/share/man/man1.Z/praliases.1: None /usr/share/man/man1m.Z/killsm.1m: None cksum(1) Output: InternetSrvcs.INETSVCS-RUN,fr=B.11.11, fa=HP-UX_B.11.11_32/64,v=HP: 2627297511 864256 /usr/sbin/sendmail 3788571579 430080 /usr/sbin/makemap 2475215714 16384 /usr/sbin/mailstats 3579986710 1053 /usr/sbin/killsm 125478848 16384 /usr/sbin/itest 604822235 32768 /usr/lbin/identd 848421388 2197 /usr/newconfig/etc/mail/convert_awk 33091609 18405 /usr/newconfig/etc/mail/cf/cf/gen_cf 3933042482 90808 /usr/newconfig/etc/mail/cf/README 240173196 94478 /usr/newconfig/etc/mail/cf/cf/ generic-hpux10.cf 240173196 94478 /usr/newconfig/etc/mail/sendmail.cf 2170413046 57952 /usr/newconfig/etc/mail/cf/m4/proto.m4 3416297469 49231 /usr/newconfig/etc/mail/cf/m4/cfhead.m4 3452043810 4590 /usr/share/doc/LICENSE.SMAIL893 InternetSrvcs.INET-ENG-A-MAN,fr=B.11.11, fa=HP-UX_B.11.11_32/64,v=HP: 1311084351 12207 /usr/share/man/man1m.Z/sendmail.1m 1520281684 3347 /usr/share/man/man1m.Z/identd.1m 510252392 975 /usr/share/man/man1m.Z/killsm.1m 927523491 2401 /usr/share/man/man1.Z/mailstats.1 3924566826 1652 /usr/share/man/man1.Z/praliases.1 Patch Conflicts: None Patch Dependencies: None Hardware Dependencies: None Other Dependencies: The identd(1M) functionality supplied by this patch requires a minimum Transport patch level of PHNE_25642. Supersedes: PHNE_25184 PHNE_26305 PHNE_28761 PHNE_28810 Equivalent Patches: PHNE_29773: s700: 11.00 s800: 11.00 PHNE_29912: s700: 11.22 s800: 11.22 PHNE_29913: s700: 11.23 s800: 11.23 Patch Package Size: 870 KBytes Installation Instructions: Please review all instructions and the Hewlett-Packard SupportLine User Guide or your Hewlett-Packard support terms and conditions for precautions, scope of license, restrictions, and, limitation of liability and warranties, before installing this patch. ------------------------------------------------------------ 1. Back up your system before installing a patch. 2. Login as root. 3. Copy the patch to the /tmp directory. 4. Move to the /tmp directory and unshar the patch: cd /tmp sh PHNE_29774 5. Run swinstall to install the patch: swinstall -x autoreboot=true -x patch_match_target=true \ -s /tmp/PHNE_29774.depot By default swinstall will archive the original software in /var/adm/sw/save/PHNE_29774. If you do not wish to retain a copy of the original software, include the patch_save_files option in the swinstall command above: -x patch_save_files=false WARNING: If patch_save_files is false when a patch is installed, the patch cannot be deinstalled. Please be careful when using this feature. For future reference, the contents of the PHNE_29774.text file is available in the product readme: swlist -l product -a readme -d @ /tmp/PHNE_29774.depot To put this patch on a magnetic tape and install from the tape drive, use the command: dd if=/tmp/PHNE_29774.depot of=/dev/rmt/0m bs=2k Special Installation Instructions: To comply with industry-standard sendmail(1M) practices, after the installation of PHNE_28761, or any superseding patch, the following behavior will be observed: 1. Non-root users will not be able to print system-wide sendmail aliases using the praliases(1) command. 2. Non-root users will not be able to print mail traffic statistics using the mailstats(1) command. 3. Non-root users will not be able to send signals to sendmail processes, even their own. 4. Sendmail reacts more appropriately to signals, which may introduce some delay in terminating and restarting sendmail daemon. The behaviors one and two mentioned above may remain even after the removal of the patch. PHNE_28761 or its superseding patches deliver a new copy of the sendmail configuration file /etc/mail/sendmail.cf as /usr/newconfig/etc/mail/sendmail.cf. You need to merge your site-specific customizations with this new sendmail.cf file. Then, stop and start the sendmail daemon by using the following commands: /sbin/init.d/sendmail stop /sbin/init.d/sendmail start