Patch Name: PHSS_28802 Patch Description: s700_800 11.04 VirtualVault 4.5 TGP Logging Enhancement Creation Date: 03/05/15 Post Date: 03/06/23 Hardware Platforms - OS Releases: s700: 11.04 s800: 11.04 Products: VirtualVault A.04.50 Filesets: VaultTGP.TGP-CORE,fr=A.04.50,fa=HP-UX_B.11.04_32/64,v=HP Automatic Reboot?: No Status: General Release Critical: No Category Tags: defect_repair general_release Path Name: /hp-ux_patches/s700_800/11.X/PHSS_28802 Symptoms: PHSS_28802: Provide enhanced verbose logging for TGP. PHSS_24611: This patch addresses two different TGP problems: 1) When TGP logging is disabled, TGP fails to initialize. 2) When the TGP configuration file contains disabled entries, TGP will error terminate upon the receipt of proxy request. Defect Description: PHSS_28802: Provide enhanced verbose logging for TGP. Resolution: Enhanced TGP verbose logging is provided. PHSS_24611: Problem 1) In the case that TGP logging is disabled, TGP was passing a null string to fileno. Problem 2) In the case that a TGP entry was disabled, the socket descriptor for the disabled entry was set to -1. Later, this socket descriptor was used as though it was valid. Resolution: Error checking has been added to the TGP code to prevent invalid data from being passed to fileno and FD_ISSET. Enhancement: No SR: 8606207236 8606298161 Patch Files: VaultTGP.TGP-CORE,fr=A.04.50,fa=HP-UX_B.11.04_32/64,v=HP: /tcb/lib/tgpd what(1) Output: VaultTGP.TGP-CORE,fr=A.04.50,fa=HP-UX_B.11.04_32/64,v=HP: /tcb/lib/tgpd: $Source: src/tgproxy/main.c, vaultTGP, vaultTGP_4.5 $ $Date: 03/05/15 08:23:48 $ $Revision: 1.11 .1.1 PATCH_11.04 (PHSS_28802) $ $Source: src/tgproxy/configuration.c, vaultTGP, vaul tTGP_4.5 $ $Date: 03/05/15 08:23:21 $ $Revis ion: 1.8.2.1 PATCH_11.04 (PHSS_28802) $ $Source: src/tgproxy/proxy.c, vaultTGP, vaultTGP_4.5 $ $Date: 03/05/15 08:24:13 $ $Revision: 1.1 0.2.1 PATCH_11.04 (PHSS_28802) $ $Source: src/tgproxy/tgp_audit.c, vaultTGP, vaultTGP _4.5 $ $Date: 03/05/15 08:26:29 $ $Revision: 1.6 PATCH_11.04 (PHSS_28802) $ HP VirtualVault, tgpd, revision A.01.01 src/lib/conf/gpent.c, vaultTGP, vaultTGP_4.5 1.6.1. 5 04/20/00 $Source: src/lib/debug/pdebug.c, vaultTGP, vaultTGP_ 4.5 $ $Date: 01/07/10 10:59:01 $ $Revision: 1.6 PATCH_11.04 (PHSS_24611) $ cksum(1) Output: VaultTGP.TGP-CORE,fr=A.04.50,fa=HP-UX_B.11.04_32/64,v=HP: 3396674686 78063 /tcb/lib/tgpd Patch Conflicts: None Patch Dependencies: None Hardware Dependencies: None Other Dependencies: None Supersedes: PHSS_24611 Equivalent Patches: PHSS_28803: s700: 11.04 s800: 11.04 Patch Package Size: 60 KBytes Installation Instructions: Please review all instructions and the Hewlett-Packard SupportLine User Guide or your Hewlett-Packard support terms and conditions for precautions, scope of license, restrictions, and, limitation of liability and warranties, before installing this patch. ------------------------------------------------------------ 1. Back up your system before installing a patch. 2. Login as root. 3. Copy the patch to the /tmp directory. 4. Move to the /tmp directory and unshar the patch: cd /tmp sh PHSS_28802 5. Run swinstall to install the patch: swinstall -x autoreboot=true -x patch_match_target=true \ -s /tmp/PHSS_28802.depot By default swinstall will archive the original software in /var/adm/sw/save/PHSS_28802. If you do not wish to retain a copy of the original software, include the patch_save_files option in the swinstall command above: -x patch_save_files=false WARNING: If patch_save_files is false when a patch is installed, the patch cannot be deinstalled. Please be careful when using this feature. For future reference, the contents of the PHSS_28802.text file is available in the product readme: swlist -l product -a readme -d @ /tmp/PHSS_28802.depot To put this patch on a magnetic tape and install from the tape drive, use the command: dd if=/tmp/PHSS_28802.depot of=/dev/rmt/0m bs=2k Special Installation Instructions: PHSS_24611: The patch installation replaces the Trusted Gateway Proxy Daemon (tgpd). Use the 'Start or Stop Trusted Gateway Proxy' interface to stop the daemon before installing the patch and to restart it after installing the patch. In the event that the TGP daemon is not stopped prior to this patch installation, the daemon will be terminated.