Patch Name: PHSS_30950 Patch Description: s700_800 11.04 Webproxy server 2.1 update Creation Date: 04/06/21 Post Date: 04/07/06 Hardware Platforms - OS Releases: s700: 11.04 s800: 11.04 Products: HP Webproxy A.02.10 Filesets: HP_Webproxy.HPWEB-PX-CORE,fr=A.02.10,fa=HP-UX_B.11.04_32/64,v=HP Automatic Reboot?: No Status: General Release Critical: No Category Tags: defect_repair enhancement general_release Path Name: /hp-ux_patches/s700_800/11.X/PHSS_30950 Symptoms: PHSS_30950: 1. Webproxy server may exhibit unexpected behavior for versions prior to Apache web server 1.3.31. 2. SSL-enabled Webproxy server may exhibit unexpected behavior for mod_ssl versions prior to 2.8.18 3. mod_proxy module of Webproxy may exhibit unexpected behavior in Apache server versions 1.3.26 to 1.3.31. PHSS_30649: 1. SSL-enabled Webproxy server may exhibit unexpected behavior for OpenSSL versions prior to 0.9.7d 2. When a conditional request is issued and the response is a cached 304 (HTTP_NOT_MODIFIED), the response content type is set to text/plain even if it is a different content type. 3. When speedcard is enabled Webproxy server may not start. PHSS_30058: 1. Webproxy server may exhibit unexpected behavior in versions prior to Apache web server 1.3.29. 2. SSL-enabled Webproxy server may exhibit unexpected behavior for OpenSSL versions prior to 0.9.7c. Defect Description: PHSS_30950: 1. Webproxy server may exhibit unexpected behavior for versions prior to Apache web server 1.3.31. 2. SSL-enabled Webproxy server may exhibit unexpected behavior for mod_ssl versions prior to 2.8.18 3. mod_proxy module of Webproxy may exhibit unexpected behavior in Apache server versions 1.3.26 to 1.3.31. Resolution: 1. Migrated Apache version for Webproxy server from 1.3.29 to 1.3.31. 2. Migrated mod_ssl module of Webproxy Server to 2.8.18. 3. Apache provided a patch for the mod_proxy module that adds a check for invalid content length. PHSS_30649: 1. SSL-enabled outside Webproxy server may exhibit unexpected behavior for OpenSSL versions prior to 0.9.7d 2. In Webproxy, the Content-Type header received from the upstream server is filled into the response structure in the mod_proxy module even if it receives Content-Type as null. When the core module receives null Content-Type from the mod_proxy, it is set to the default content type i.e. text/plain. 3. When speedcard is enabled, Webproxy server may not start with OpenSSL versions that have RSA blinding turned on. Resolution: 1. Migrated OpenSSL version for Webproxy server to 0.9.7d. 2. A check for null content type is introduced before filling the response structure with the Content-Type header from the upstream server. 3. Rainbow Technologies provided a patch for the OpenSSL speedcard encryption library. PHSS_30058: 1. Webproxy server may exhibit unexpected behavior in versions prior to Apache web server 1.3.29. 2. SSL-enabled Webproxy server may exhibit unexpected behavior for OpenSSL versions prior to 0.9.7c. Resolution: 1. Migrated Apache version for Webproxy server from 1.3.28 to 1.3.29. 2. Migrated OpenSSL version for Webproxy server from 0.9.6j to 0.9.7c. Enhancement: No (superseded patches contained enhancements) PHSS_30058: This patch introduces the support for AES ciphers for Webproxy server. SR: 8606295989 8606339401 8606356238 8606355700 8606354848 8606363846 8606367047 8606367048 Patch Files: HP_Webproxy.HPWEB-PX-CORE,fr=A.02.10,fa=HP-UX_B.11.04_32/64, v=HP: /opt/vvproxy/bin/httpd.static /opt/vvproxy/bin/httpd /opt/vvproxy/bin/ab /opt/vvproxy/bin/htdigest /opt/vvproxy/bin/htpasswd /opt/vvproxy/bin/logresolve /opt/vvproxy/bin/rotatelogs /opt/vvproxy/bin/proxyaffinity /opt/vvproxy/libexec/libhttpd.sl /opt/vvproxy/libexec/libhttpd.ep /opt/vvproxy/libexec/libssl.so /opt/vvproxy/libexec/libproxy.so /opt/vvproxy/libexec/mod_access.so /opt/vvproxy/libexec/mod_actions.so /opt/vvproxy/libexec/mod_alias.so /opt/vvproxy/libexec/mod_asis.so /opt/vvproxy/libexec/mod_auth.so /opt/vvproxy/libexec/mod_autoindex.so /opt/vvproxy/libexec/mod_cgi.so /opt/vvproxy/libexec/mod_dir.so /opt/vvproxy/libexec/mod_env.so /opt/vvproxy/libexec/mod_headers.so /opt/vvproxy/libexec/mod_imap.so /opt/vvproxy/libexec/mod_include.so /opt/vvproxy/libexec/mod_log_config.so /opt/vvproxy/libexec/mod_mime.so /opt/vvproxy/libexec/mod_negotiation.so /opt/vvproxy/libexec/mod_rewrite.so /opt/vvproxy/libexec/mod_setenvif.so /opt/vvproxy/libexec/mod_userdir.so /opt/vvproxy/libexec/mod_usertrack.so /opt/vvproxy/libexec/speedcard/libssl.so /opt/vvproxy/libexec/engine/libssl.so /opt/vvproxy/libexec/SSLProxy/libssl.so /etc/auth/system/files.fcdb/25.patches/30058_PHSS.fcdb what(1) Output: HP_Webproxy.HPWEB-PX-CORE,fr=A.02.10,fa=HP-UX_B.11.04_32/64, v=HP: /opt/vvproxy/bin/ab: None /opt/vvproxy/bin/proxyaffinity: None /opt/vvproxy/bin/htdigest: None /opt/vvproxy/bin/htpasswd: None /opt/vvproxy/bin/httpd: $Source: src/main/http_main.c, vaultWP, vaultWP_2.1 $ $Date: 04/06/25 06:34:19 $ $Revision: 1.9 PATCH_11.04 (PHSS_30950) $ /opt/vvproxy/bin/logresolve: None /opt/vvproxy/bin/rotatelogs: None /opt/vvproxy/bin/httpd.static: $Source: src/modules/proxy/mod_proxy.c, vaultWP, vau ltWP_2.1 $ $Date: 04/06/25 06:37:23 $ $Revis ion: 1.8 PATCH_11.04 (PHSS_30950) $ $Source: src/modules/ssl/mod_ssl.c, vaultWP, vaultWP _2.1 $ $Date: 04/06/25 06:36:25 $ $Revision: 1.3 PATCH_11.04 (PHSS_30950) $ mod_ssl/2.8.18 $Source: src/modules/standard/mod_rewrite.c, vaultWP , vaultWP_2.1 $ $Date: 04/06/25 06:37:49 $ $ Revision: 1.7 PATCH_11.04 (PHSS_30950) $ $Source: src/main/http_main.c, vaultWP, vaultWP_2.1 $ $Date: 04/06/25 06:34:19 $ $Revision: 1.9 PATCH_11.04 (PHSS_30950) $ /opt/vvproxy/libexec/speedcard/libssl.so: $Source: src/modules/ssl/mod_ssl.c, vaultWP, vaultWP _2.1 $ $Date: 04/06/25 06:36:25 $ $Revision: 1.3 PATCH_11.04 (PHSS_30950) $ mod_ssl/2.8.18 /opt/vvproxy/libexec/SSLProxy/libssl.so: $Source: src/modules/ssl/mod_ssl.c, vaultWP, vaultWP _2.1 $ $Date: 04/06/25 06:36:25 $ $Revision: 1.3 PATCH_11.04 (PHSS_30950) $ mod_ssl/2.8.18 /opt/vvproxy/libexec/engine/libssl.so: $Source: src/modules/ssl/mod_ssl.c, vaultWP, vaultWP _2.1 $ $Date: 04/06/25 06:36:25 $ $Revision: 1.3 PATCH_11.04 (PHSS_30950) $ mod_ssl/2.8.18 /opt/vvproxy/libexec/libhttpd.ep: $Source: src/main/http_main.c, vaultWP, vaultWP_2.1 $ $Date: 04/06/25 06:34:19 $ $Revision: 1.9 PATCH_11.04 (PHSS_30950) $ /opt/vvproxy/libexec/libhttpd.sl: $Source: src/main/http_main.c, vaultWP, vaultWP_2.1 $ $Date: 04/06/25 06:34:19 $ $Revision: 1.9 PATCH_11.04 (PHSS_30950) $ /opt/vvproxy/libexec/libproxy.so: $Source: src/modules/proxy/mod_proxy.c, vaultWP, vau ltWP_2.1 $ $Date: 04/06/25 06:37:23 $ $Revis ion: 1.8 PATCH_11.04 (PHSS_30950) $ /opt/vvproxy/libexec/libssl.so: $Source: src/modules/ssl/mod_ssl.c, vaultWP, vaultWP _2.1 $ $Date: 04/06/25 06:36:25 $ $Revision: 1.3 PATCH_11.04 (PHSS_30950) $ mod_ssl/2.8.18 /opt/vvproxy/libexec/mod_access.so: None /opt/vvproxy/libexec/mod_actions.so: None /opt/vvproxy/libexec/mod_alias.so: None /opt/vvproxy/libexec/mod_asis.so: None /opt/vvproxy/libexec/mod_auth.so: None /opt/vvproxy/libexec/mod_autoindex.so: None /opt/vvproxy/libexec/mod_cgi.so: None /opt/vvproxy/libexec/mod_dir.so: None /opt/vvproxy/libexec/mod_env.so: None /opt/vvproxy/libexec/mod_headers.so: None /opt/vvproxy/libexec/mod_imap.so: None /opt/vvproxy/libexec/mod_include.so: None /opt/vvproxy/libexec/mod_log_config.so: None /opt/vvproxy/libexec/mod_mime.so: None /opt/vvproxy/libexec/mod_negotiation.so: None /opt/vvproxy/libexec/mod_rewrite.so: $Source: src/modules/standard/mod_rewrite.c, vaultWP , vaultWP_2.1 $ $Date: 04/06/25 06:37:49 $ $ Revision: 1.7 PATCH_11.04 (PHSS_30950) $ /opt/vvproxy/libexec/mod_setenvif.so: None /opt/vvproxy/libexec/mod_userdir.so: None /opt/vvproxy/libexec/mod_usertrack.so: None /etc/auth/system/files.fcdb/25.patches/30058_PHSS.fcdb: src/host/30058_PHSS.fcdb, vaultWP, vaultWP_2.1 1.2 11/27/03 cksum(1) Output: HP_Webproxy.HPWEB-PX-CORE,fr=A.02.10,fa=HP-UX_B.11.04_32/64, v=HP: 855499044 82083 /opt/vvproxy/bin/ab 4155180456 36960 /opt/vvproxy/bin/htdigest 3994012342 73896 /opt/vvproxy/bin/htpasswd 3007323685 57446 /opt/vvproxy/bin/httpd 1671138104 2801136 /opt/vvproxy/bin/httpd.static 1444937659 24642 /opt/vvproxy/bin/logresolve 3825048086 57440 /opt/vvproxy/bin/proxyaffinity 1848136987 28733 /opt/vvproxy/bin/rotatelogs 2712244910 24637 /opt/vvproxy/libexec/libhttpd.ep 3507528660 1092321 /opt/vvproxy/libexec/libhttpd.sl 628714436 303498 /opt/vvproxy/libexec/libproxy.so 2836053722 2162500 /opt/vvproxy/libexec/libssl.so 1751412255 20509 /opt/vvproxy/libexec/mod_access.so 3880707197 16406 /opt/vvproxy/libexec/mod_actions.so 1335012666 20526 /opt/vvproxy/libexec/mod_alias.so 2108532681 12299 /opt/vvproxy/libexec/mod_asis.so 903231693 24602 /opt/vvproxy/libexec/mod_auth.so 401096175 65630 /opt/vvproxy/libexec/mod_autoindex.so 75910978 32807 /opt/vvproxy/libexec/mod_cgi.so 607741429 16404 /opt/vvproxy/libexec/mod_dir.so 3431905706 12312 /opt/vvproxy/libexec/mod_env.so 2838686860 12312 /opt/vvproxy/libexec/mod_headers.so 207594635 45112 /opt/vvproxy/libexec/mod_imap.so 727130973 90215 /opt/vvproxy/libexec/mod_include.so 269101433 45190 /opt/vvproxy/libexec/mod_log_config.so 1109473234 36921 /opt/vvproxy/libexec/mod_mime.so 3568421208 73838 /opt/vvproxy/libexec/mod_negotiation.so 2243478167 164056 /opt/vvproxy/libexec/mod_rewrite.so 618674894 20513 /opt/vvproxy/libexec/mod_setenvif.so 3854116166 20498 /opt/vvproxy/libexec/mod_userdir.so 2858004557 32820 /opt/vvproxy/libexec/mod_usertrack.so 4001814664 2162500 /opt/vvproxy/libexec/speedcard/libssl.so 306146571 2178931 /opt/vvproxy/libexec/SSLProxy/libssl.so 1988300900 2318725 /opt/vvproxy/libexec/engine/libssl.so 2926250086 496 /etc/auth/system/files.fcdb/25.patches/ 30058_PHSS.fcdb Patch Conflicts: None Patch Dependencies: None Hardware Dependencies: None Other Dependencies: None Supersedes: PHSS_30058 PHSS_30649 Equivalent Patches: PHSS_30949: s700: 11.04 s800: 11.04 Patch Package Size: 5140 KBytes Installation Instructions: Please review all instructions and the Hewlett-Packard SupportLine User Guide or your Hewlett-Packard support terms and conditions for precautions, scope of license, restrictions, and, limitation of liability and warranties, before installing this patch. ------------------------------------------------------------ 1. Back up your system before installing a patch. 2. Login as root. 3. Copy the patch to the /tmp directory. 4. Move to the /tmp directory and unshar the patch: cd /tmp sh PHSS_30950 5. Run swinstall to install the patch: swinstall -x autoreboot=true -x patch_match_target=true \ -s /tmp/PHSS_30950.depot By default swinstall will archive the original software in /var/adm/sw/save/PHSS_30950. If you do not wish to retain a copy of the original software, include the patch_save_files option in the swinstall command above: -x patch_save_files=false WARNING: If patch_save_files is false when a patch is installed, the patch cannot be deinstalled. Please be careful when using this feature. For future reference, the contents of the PHSS_30950.text file is available in the product readme: swlist -l product -a readme -d @ /tmp/PHSS_30950.depot To put this patch on a magnetic tape and install from the tape drive, use the command: dd if=/tmp/PHSS_30950.depot of=/dev/rmt/0m bs=2k Special Installation Instructions: PHSS_30950: Refer to the ITRC article number CAST040621141235818 for information on potential Speedcard crypto accelerator inaccessibility problem. PHSS_30058: After patch installation or removal, the Webproxy server must be manually restarted.