Patch Name: PHSS_30646 Patch Description: s700_800 11.04 Virtualvault 4.6 TGP update Creation Date: 04/04/01 Post Date: 04/04/19 Hardware Platforms - OS Releases: s700: 11.04 s800: 11.04 Products: Virtualvault A.04.60 Filesets: VaultTGP.TGP-CORE,fr=A.04.60,fa=HP-UX_B.11.04_32/64,v=HP Automatic Reboot?: No Status: General Release Critical: No Category Tags: defect_repair general_release Path Name: /hp-ux_patches/s700_800/11.X/PHSS_30646 Symptoms: PHSS_30646: 1. When SSL is enabled, tgp daemon may exhibit unexpected behavior for OpenSSL versions prior to 0.9.7d PHSS_29891: 1. When SSL is enabled, tgp daemon may exhibit unexpected behavior for OpenSSL versions prior to 0.9.7c PHSS_28803: 1. Provide enhanced verbose logging for TGP. 2. When SSL is enabled, tgp deemon may exhibit unexpected behavior. PHSS_27637: 1. When IP aliasing is configured, trying to create/modify TGP service entries through 'Trusted Gateway Proxy Administration' screen results in an error, "Sufficient memory can not be allocated to create the CREATE screen." The same kind of error occurs while trying to modify a TGP service entry. 2. When SSL is enabled, tgp daemon may exhibit unexpected behavior. Defect Description: PHSS_30646: 1. When SSL is enabled, tgp daemon may exhibit unexpected behavior for OpenSSL versions prior to 0.9.7d Resolution: 1. Migrated OpenSSL version of TGP to 0.9.7d PHSS_29891: 1. When SSL is enabled, tgp daemon may exhibit unexpected behavior for OpenSSL versions prior to 0.9.7c Resolution: 1. Migrated OpenSSL version of TGP to 0.9.7c. PHSS_28803: 1. Provide enhanced verbose logging for TGP. 2. When SSL is enabled, tgp deemon may exhibit unexpected behavior. Resolution: 1. TGP logging enhancement has been provided. 2. Migrated OpenSSL version of TGP to 0.9.6j. PHSS_27637: 1. The tgp-edit cgi fails to fetch the MAC label for a lan interface when that interface is configured with multiple IP addresses (IP aliasing). 2. When SSL is enabled, tgp daemon may exhibit unexpected behavior. Resolution: 1. Since the MAC label associated with a lan interface must be the same for all aliases of that interface, query the interface without the alias name (use lan0 instead of lan0:1). 2. TGP daemon has been built with OpenSSL version 0.9.6e to fix the problem. Enhancement: No SR: 8606355700 8606272389 8606270675 8606298161 8606311448 8606295989 Patch Files: VaultTGP.TGP-CORE,fr=A.04.60,fa=HP-UX_B.11.04_32/64,v=HP: /var/opt/vaultTS/inside/vault/bin/tgp-edit /tcb/lib/tgpd what(1) Output: VaultTGP.TGP-CORE,fr=A.04.60,fa=HP-UX_B.11.04_32/64,v=HP: /var/opt/vaultTS/inside/vault/bin/tgp-edit: $Source: src/admin/cgi/tgp-edit/tgp-edit.c, vaultTGP , vaultTGP_4.6 $ $Date: 02/08/22 13:01:31 $ $Revision: 1.8.1.12 PATCH_11.04 (PHSS_27637) $ /tcb/lib/tgpd: $Source: src/tgproxy/main.c, vaultTGP, vaultTGP_4.6 $ $Date: 03/05/15 08:43:01 $ $Revision: 1.17 .1.1 PATCH_11.04 (PHSS_28803) $ $Source: src/tgproxy/configuration.c, vaultTGP, vaul tTGP_4.6 $ $Date: 03/05/15 08:42:39 $ $Revis ion: 1.8.3.1 PATCH_11.04 (PHSS_28803) $ $Source: src/tgproxy/proxy.c, vaultTGP, vaultTGP_4.6 $ $Date: 03/05/15 08:43:22 $ $Revision: 1.1 0.3.1 PATCH_11.04 (PHSS_28803) $ $Source: src/tgproxy/tgp_audit.c, vaultTGP, vaultTGP _4.6 $ $Date: 03/05/15 08:45:15 $ $Revision: 1.7 PATCH_11.04 (PHSS_28803) $ HP VirtualVault, tgpd, revision A.04.60 cksum(1) Output: VaultTGP.TGP-CORE,fr=A.04.60,fa=HP-UX_B.11.04_32/64,v=HP: 690668110 78055 /var/opt/vaultTS/inside/vault/bin/tgp-edit 1741990499 1246164 /tcb/lib/tgpd Patch Conflicts: None Patch Dependencies: None Hardware Dependencies: None Other Dependencies: None Supersedes: PHSS_27637 PHSS_28803 PHSS_29891 Equivalent Patches: PHSS_30642: s700: 11.04 s800: 11.04 Patch Package Size: 580 KBytes Installation Instructions: Please review all instructions and the Hewlett-Packard SupportLine User Guide or your Hewlett-Packard support terms and conditions for precautions, scope of license, restrictions, and, limitation of liability and warranties, before installing this patch. ------------------------------------------------------------ 1. Back up your system before installing a patch. 2. Login as root. 3. Copy the patch to the /tmp directory. 4. Move to the /tmp directory and unshar the patch: cd /tmp sh PHSS_30646 5. Run swinstall to install the patch: swinstall -x autoreboot=true -x patch_match_target=true \ -s /tmp/PHSS_30646.depot By default swinstall will archive the original software in /var/adm/sw/save/PHSS_30646. If you do not wish to retain a copy of the original software, include the patch_save_files option in the swinstall command above: -x patch_save_files=false WARNING: If patch_save_files is false when a patch is installed, the patch cannot be deinstalled. Please be careful when using this feature. For future reference, the contents of the PHSS_30646.text file is available in the product readme: swlist -l product -a readme -d @ /tmp/PHSS_30646.depot To put this patch on a magnetic tape and install from the tape drive, use the command: dd if=/tmp/PHSS_30646.depot of=/dev/rmt/0m bs=2k Special Installation Instructions: PHSS_27637: The patch installation replaces the Trusted Gateway Proxy Daemon (tgpd). Use the 'Start or Stop Trusted Gateway Proxy' interface to stop the daemon before installing the patch and to restart it after installing the patch. In the event that the TGP daemon is not stopped prior to this patch installation, the daemon will be terminated.