HP Tru64 UNIX and TruCluster Server Version 5.
© Copyright 2006 Hewlett-Packard Development Company, L.P. Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license. The information contained herein is subject to change without notice.
Table of Contents About This Manual..........................................................................................................13 1 Audience..............................................................................................................................................13 2 Organization.........................................................................................................................................13 3 Related Documentation....................................
1.35 New Attribute Controls Tape Driver Path Control...............................................................................29 1.36 pr Command Behavior Now Works as Described in Reference Page......................................................30 1.37 Kit's Session Log Made More Useful...................................................................................................30 1.38 Sys_Check Version 143 Provided................................................................................
3.2.1.6 Production Version of Motif 2.1 Provided..............................................................................45 3.2.1.7 Protection Against Buffer Overflow Exploitation Added........................................................46 3.2.1.8 Enhancements to pmgrd Daemon and collect Utility..............................................................47 3.2.1.8.1 Performance Manager Metrics Server Daemon (pmgrd).................................................47 3.2.1.8.
4.1.12 When Taking a Cluster Member to Single-User Mode, First Halt the Member..............................151 4.1.13 Login Failure Possible with C2 Security Enabled .......................................................................151 4.1.13.1 Preventing the problem....................................................................................................151 4.1.13.2 Correcting the problem.....................................................................................................
C.5 OpenLDAP License..........................................................................................................................212 C.6 Sendmail License..............................................................................................................................213 C.7 Tomcat License.................................................................................................................................214 C.8 GNU General Public License...................................
List of Figures A-1 Enhanced Distance Cluster Configuration..................................................................................
List of Tables 3-1 3-2 3-3 6-1 6-2 6-3 6-4 6-5 6-6 6-7 6-8 A-1 Reference Pages Revised for Version 5.1B-4..................................................................................59 Reference Pages for BIND 9...........................................................................................................60 Reference Pages Revised in Previous Version 5.1B Patch Kits......................................................60 Superseded CSPs 00538.01 to 01361.02.................................
About This Manual This manual contains information specific to Version 5.1B-4 of the Tru64 UNIX® operating system, TruCluster Server software, and Worldwide Language Support products. It briefly describes the patches contained in this kit and provides information you should be aware of when installing or removing this kit. 1 Audience This manual is for those who upgrade their operating system to Tru64 UNIX Version 5.1B-4.
— — — — Tru64 UNIX Installation Guide Tru64 UNIX System Administration TruCluster Server Cluster Installation TruCluster Server Cluster Administration These guides, and most of the documentation related to the Tru64 UNIX operating system, are available on line at the following Web Page: http://h30097.www3.hp.
1 Enhancements, Improvements, and Features This chapter describes key new features, enhancements, and improvements delivered in Version 5.1B-4 1.1 Enhanced Cluster Interconnect Extended to 100 KM This release provides support for Enhanced Distance Clusters. An Enhanced Distance Cluster is a cluster in which the interconnect has been extended up to 100 km using a gigabit LAN Ethernet connection.
• • • • NetRAIN virtual interfaces cannot be included in link aggregation groups. Ports must be operating in full duplex mode. Ports in the same link aggregation group must operate at the same data rate. Ports in a link aggregation group must be attached to the same system, either server-to-server or server-to-switch. Link aggregation enables system administrators to combine two or more physical Ethernet Network Interface Cards (NICs) and create a single virtual link.
— — IXFR, DDNS, Notify, EDNS0 Improved standards conformance • Views — One server process can provide multiple views of the DNS namespace, for example, an “inside” view to certain clients, and an “outside” view to others. • • Multiprocessor Support Improved Portability Architecture See Table 3-2 (page 60) for a list of BIND reference pages delivered in this kit. 1.
For information about each of these APIs, see the Storage Management HBA API (SM-HBA) standard (T11/1695-D) available at the www.t11.org Web site: http://www.t11.org/ftp/t11/pub/sm/hba/06-382v1.pdf The API information is listed under FC-HBA Function Calls. 1.8 New Cluster Command Sends ping Packets over TCP A new TruCluster Server command, clu_ping, sends ping packages over the TCP layer rather than the Internode Communication Subsystem (ICS) layer on clusters with LAN as the interconnect.
By using the new mountd -p, you can force mountd to bind to the specified port number instead of using the random port number. For example: # mountd -p 1024 For more information, see the revised mountd(8) reference page that is installed with this kit. 1.12 envmond Daemon Modified to Use EVM Events The envmond daemon has been modified to allow it to use EVM events instead of the hwmgr command to determine the environmental status of the system.
1.14 Command Option Now Provides Additional EMX Driver Information After installing this kit, issuing the following command for an EMX adapter will return the hardware revision, firmware revision, SAN address, and full duplex flag attributes: # hwmgr -get att 1.15 New EMX Subsystem Attribute Turns on LLER for Tape I/O This release provides a new attribute, erp_ller, to the EMX subsystem that allows you to turn on Link Level Error Recovery (LLER) for tape I/O.
• • Blind connection reset attacks can be triggered by an attacker sending forged ICMP "Destination Unreachable, host unreachable" packets or ICMP "Destination Unreachable, port unreachable" packets. Blind throughput-reduction attacks can be caused by an attacker sending a forged ICMP type 4 (Source Quench) packet. Path MTU Discovery (RFC 1191) describes a technique for dynamically discovering the MTU (maximum transmission unit) of an arbitrary internet path.
# /usr/sbin/rcmgr set ADVFSD "no" • Run the following command on any cluster member to disable the advfsd daemon at boot time on all members of a cluster: # /usr/sbin/rcmgr -c set ADVFSD "no" • Run the following command to enable the advfsd daemon at boot time on a stand-alone system: # /usr/sbin/rcmgr delete ADVFSD • Run the following command on any cluster member to enable the advfsd daemon at boot time on all members of a cluster: # /usr/sbin/rcmgr -c delete ADVFSD 1.
Also, the new rmvol -s option performs a free-space check before beginning rmvol operations. If calculations determine that not enough free space will be available for the complete migration of all data for all volumes requested for removal, rmvol will fail before migrating any data. Upon failure, the amount of free space needed for complete migration of all data is displayed.
1.25.2 Changes to awk and nawk The awk and nawk commands have been modified to interpret numbers and the equal sign (=) as text strings when specified as arguments to “program text.” To produce this POSIX compliant action, set the new STDS_FLAG to ALL: STDS_FLAG=ALL When STDS_FLAG is set to ALL, variable names that do not begin with the alphabetic character or underscore are considered invalid.
If STDS_FLAG is not set or is set to NULL, find will treat the first hyphen as special and exit with an error. This was the default action before find was modified. 1.25.7 Changes to rm The rm command has been modified to handle an excessive depth of files. Even if the pathname is longer than PATH_MAX by multiple times, rm will delete the directory with all its subdirectories and exit with value 0.
1.26.1 waitpid() System Call Prior to the installation of this kit, the waitpid() system call failed to conform to the following UNIX98 requirement: A call to pid_t waitpid(pid_t pid, int *stat_loc, int options) when • the calling process has SA_NOCLDWAIT set or has SIGCHLD set to SIG_IGN and • has no unwaited for children that were transformed into zombie processes shall block until all of its children terminate, fail, and set errno to ECHILD.
By default, booting will wait for all hwc registrations to be completed. However, you can force the boot process to complete to the login prompt earlier by changing boot_wait_hwc_regs to 0. In either case hwc_registration_complete can be queried. This will be set to 1 as soon as registration is complete. In addition, you can also choose to receive a console message, an EVM event, or both when all paths have registered.
— nfs3_maxreadahead Controls the number of outstanding read-aheads. — nfs3_readaheads Controls the number of read-aheads for NFS V3. • rpc: — use_fastsend Enables or disables the optimization of client and server code used by NFS over UDP. — use_fastroute Enables or disables improved fastsend optimization that affect the NFS server. 1.29 New cam Attribute Controls Path Usage A new attribute, cam_ccfg_aa_enable, has been added to the cam subsystem to control preferred path usage.
1.32 fsdb Utility Now Operates on File System Image The fsdb utility is now capable of operating on a file system image as well as a special file. The name argument will first be processed as a special file; should that fail, it will be processed as a regular file. To avoid conflict, an optional f argument will force the name argument to be processed only as a regular file. See the revised fsdb(8) reference page delivered in this kit. 1.
1.36 pr Command Behavior Now Works as Described in Reference Page The pr command has been modified to handle the i [character] [gap] option (which replaces multiple space characters with tab characters) so that it performs as documented in the pr(1) reference page. 1.37 Kit's Session Log Made More Useful If you view the session log for this release, you may notice that it is smaller than it has been in the past.
2 Kit Installation and Removal This chapter provides information you need to be aware of before you install or remove this kit. It is organized as follows: • The “Required Storage Space” section lists the approximate storage space requirements for this patch kit when installing the operating system patches alone and in combination with the TruCluster Server and Worldwide Language Support (WLS) patches.
• • • “Installation Release Notes” (page 32) provides information about installing this kit. “Kit Removal Release Notes” (page 36) provides information about removing this kit. “Cluster-Specific Installation and Removal Release Notes” (page 38) provides information specifically for the installation and removal of this kit on a system running the TruCluster Server software. 2.2.
3. After Phase 5 of the baseline procedure, answer y to the following question: Do you want to enable the installation of any of these patches? [y/n]: y 4. 5. Phase 5 reports patches that do not pass installation applicability tests due to the current state of your system. The installation of Patch 26020.00 was prevented because of changed system files. The dupatch utility reports the known information about the files contained in each patch and asks if you want to enable the installation.
2.2.1.2 Stop sendmail Before Installing Kit (new) It is important that you stop the sendmail mailer daemon before installing this kit. Failing to do so can lead to the loss of queued mails. Lost mails cannot be recovered. To stop the daemon, enter the following command: # /sbin/init.d/sendmail stop 2.2.1.
# sysman -clone -apply -force config.cdf For more information, see the note titled Correction to Configuration Cloning Restrictions in the “Corrections to Manuals” section of the online Technical Updates document for Version 5.1B. The following link will take you to the Technical Updates document: http://h30097.www3.hp.com/docs/updates/V51B/html/index.html 2.2.1.
In summary, the following domains are not in danger: • Version 3 domains • Domains created under Version 5.1B-4 • Domains with RBMT files that are not longer than one page The showfile and showdmn commands can provide information about your domains. Use the showdmn command to find out what volumes a domain has. For example: # /sbin/showfdmn domain_name Id Date Created 447350cd.
2.2.2.1 Some Patch Kits Cannot Be Removed You cannot remove a patch kit on systems that have New Hardware Delivery 7 (NHD-7) kit installed when either of the following conditions exist: • The patch kit you want to remove was installed before the NHD kit. For example, if you installed Patch Kit 2 and then installed NHD-7, you cannot remove that patch kit. However, if you later installed Patch Kit 4, you can remove that patch kit. • The patch kit was installed with NHD-7.
# /etc/dn_fix_dat.sh 3. Reboot normally. If you also need to reverse the version switch as described in “Script Required to Reverse Version Switch”, run the /etc/dn_fix_dat.sh script after step 5 in that process.
ideally, you must first remove the CSP using dupatch. Before performing this action, you should contact your HP Service Representative to determine if this patch kit contains the CSP. If it does not, you may need to obtain a new CSP from HP in order to install the patch kit and retain the CSP fix. Or, you may use dupatch baselining to enable the patch installation.
# # # # 2. cd /var/adm/patch/backup tar cvf /var/adm/patch/BACKUP.tar * cd /var/adm/patch/doc tar cvf /var/adm/patch/DOC.tar * After the switch step (clu_upgrade switch) untar the files you created in step 1: # # # # cd /var/adm/patch/backup tar xvf /var/adm/patch/BACKUP.tar cd /var/adm/patch/doc tar xvf /var/adm/patch/DOC.tar This will restore the files under the following directories: • /var/adm/patch/backup • /var/adm/patch/doc 2.2.3.
to a pro-patched state. Because the no-roll procedure automatically boots your system, you cannot use that patch kit removal method if doing so would restore your system to a pre-patched state 2.2.3.10 Do Not Install Prior NHD Kits on a Patched System Do not install the NHD–5 or NHD–6 kits on your TruCluster Server system if you have installed this patch kit or earlier patch kits. Doing so may cause an incorrect system configuration.
3 Tru64 UNIX Patches This chapter provides information about the patches included in Version 5.1B-4 for the base operating system. It also includes any general information about working with these patches. This chapter is organized as follows: • The “New Release Notes” section lists release notes that are specific to the Tru64 UNIX patches in this kit, as well as release notes that are of general interest. • The “Prior Release Notes” section lists release notes listed from the initial Version 5.
If you have not installed Version 3.6 or higher and the Insight Manager processes do not run after rebooting your system, restart them using the Insight Manger startup scripts. 3.1.4 Autoloader Firmware Upgrade Changes WWND A firmware upgrade to v1.50 or N14r on the 1x8 Autoloader causes the WWID to change. As a result, the existing device associated with the media changer is no longer accessible. For complete details see the Customer Advisory available at: http://h30097.www3.hp.com/unix/erp/c00753663.
information, see “Potential Security Vulnerability Identified ” and a revised sys_attrs_inet(8) reference page, which is installed with this kit. 3.2.1.2 New fuser Option Aids Query Search A new option, -a, has been added to the fuser command to expand a query to search of all cluster members. See the fuser(8) reference page for more information. 3.2.1.
3.2.1.7 Protection Against Buffer Overflow Exploitation Added This kit provides a security feature to prevent the execution of instructions that reside in heap or other data areas of process memory. The result is additional protection against buffer overflow exploits. This feature is similar in concept to Tru64 UNIX executable stack protection. This feature is implemented as a dynamic sysconfig tunable variable, executable_data, in the proc subsystem.
Process 1185 Invalid write/execute mmap (...) Process 1185 Invalid write/execute mmap Process 1185 Invalid write/execute mmap Process 1185 Invalid write/execute mmap SIGSEGV 11* segmentation violation (...) Abort (core dumped) call modified. call modified. call modified. call modified. Certain privileged Pascal programs may also fail when executable_data is enabled.
See pmgrd(8) for more details. 3.2.1.8.2 New Features Added to collect Utility The following features have been added to the collect utility, which is updated from Version 2.0.0 to 2.0.5: • AdvFS monitoring capability. (See “Enhancements to pmgrd Daemon and collect Utility” for a list of AdvFS metrics that are monitored.) Enables collect to report AdvFS volume I/O queue and fileset vnode operation statistics. You can specify the domain or fileset to be monitored, using the -A option.
3.2.2.3 Potential Security Vulnerability Identified The industry standard TCP specification, RFC793, has a vulnerability in which an attacker can reset established TCP connections using the TCP RST (Reset) or SYN (Synchronize) flags. These packets need to have source and destination IP addresses that match the established connection as well as the same source and destination TCP ports. The fact that TCP sessions can be reset by sending suitable RST and SYN packets is a design feature of TCP.
tcp_syn_win = -1 # sysconfig -r inet tcp_syn_win=2048 tcp_syn_win: reconfigured # sysconfig -q inet tcp_syn_win inet: tcp_syn_win = 2048 # sysconfig -q inet tcp_syn_win /tmp/tcp_syn_win_merge # sysconfigdb -m -f /tmp/tcp_syn_win_merge inet # sysconfigdb -l inet inet: tcp_syn_win = 2048 3.2.2.
# /sbin/init.d/advfsd stop # /sbin/init.d/smsd stop To restart the daemons enter the following commands: # /sbin/init.d/advfsd start # /sbin/init.d/smsd start 3.2.2.8 sendmail Application Size/Length Limits Can Cause Problems When upgrading older releases of sendmail, be aware that the 5.1B version of sendmail has MIME header/content marker size limits and message header length limits. These limits have been added to stop a Denial of Service (DoS) attack on the sendmail server.
3.2.2.10 Reboot May Resolve Problem with Smart Array Controller If a problem with your Smart Array controller generates the following message, try rebooting your system: Smart Array at ciss(1) not responding - disabled. If the reboot does not re-enable the hardware, you will need to call your HP support representative to have the unit repaired. 3.2.2.11 Additional Steps for IPsec Connections This kit fixes a potential security vulnerability in IP security (IPsec).
You can minimize the likelihood of these problems as follows: • Avoid congestion on your LAN and cluster interconnect. • Ensure your servers have enough excess capacity to respond quickly to NFS requests that modify the file system (writes, file and directory creation, and so forth.) • Increase the size of the server's duplicate request cache when the nfsstat command shows a large number of retransmits to clients.
Problems may occur with the duplicate request cache in some cases, under heavy NFS server load and over high aggregate network bandwidth involving changes to file systems (changes caused by the use of the creat, link, unlink, mkdir, rmdir, truncate, utimes, and write commands). These problems can occur if all the elements in the duplicate request cache are cycled between an initial client transmission and subsequent retransmission.
The change to the following voliod command produces an error and the number of LSM kernel I/O daemons remain unchanged: # voliod -f set 0 lsm:voliod: ERROR: VOL_IO_DAEMON_SET failed: Permission denied 3.2.2.16 Possible Problem when Processing Many Command Parameters When running commands or scripts that must process a large amount of command parameters, your system may hang or you may see an error similar to this: /sbin/ls: arg list too long.
See the fwupgrade(8), bootptab(4), and bootpd(8) reference pages for more information. 3.2.2.18 Changes to tar, pax, and cpio Behavior When extracting or listing an archive using the tar, pax, or cpio commands, specifying a slash (/) at the end of argument will cause the command to act upon the directory and not the contents in the directory. For example: # tar xvf filename.
Phase 4 - Report changed system files and missing files ======================================================= This phase provides information to help you make choices later in this process. It reports both 'missing' and files whose origin cannot be determined. Some of these files may affect patch installation. You will want to consider this information when you later make decisions in phase 5. * list of changed files with unknown origin: -----------------------------------------./etc/lprsetup.
# hwmgr -view devices # hwmgr -view hierarchy • The Environmental Monitoring daemon, envmond, is running. As a workaround to the problem, you can modify one of the following two files and then reboot your system for the new setting to take effect: • /etc/rc.config Turn off environmental monitoring by changing the entry ENVMON_CONFIGURED=1 to ENVMON_CONFIGURED=0 You can also use the envconfig utility to modify the /etc/rc.config file. See envconfig(8) for information.
3.2.2.23.4 Repeated Reboots May Cause Panic Repeated reboots of the system may cause a kernel memory fault panic, but does not result in the loss of data. A reboot after the panic should be successful. A fix for this problem will be included in a future release. 3.2.2.24 Caution on Updating to Version 5.1B with DEGXA NICs Do not attempt to do an update installation or rolling upgrade from Version 5.1A to Version 5.1B when the network device is a DEGXA-TA or DEGXA-SA and you have the Version 5.
Table 3-2 Reference Pages for BIND 9 dig(1)* host(1)* named.conf(5)* mdc.conf(5)* dnssec-keygen(8)* dnssec-makekeyset(8)* dnssec-signkey(8)* dnssec-signzone(8)* named(8) named-checkconf(8)* named-checkzone(8)* nsupdate(8)* rndc(8)* rndc-confgen(8)* * These reference pages are new with this release. Table 3-3 Reference Pages Revised in Previous Version 5.
3.4.1 New Patches The patch summaries in this section describe changes that are new in this release. Patch 27001.00 OSFACCT540 • Corrects the action of the dodisk command to skip the commented file systems contained in the /etc/fstab file. • Fixes acctcom to exit with proper error message when used with invalid user ID and group ID. • Causes the file protections of /var/adm/pacct and ownership of /var/adm/wtmp to act as expected by the accounting utilities. Patch 27002.
• • • • • • • • • • • • Corrects a problem with the AdvFS bitfile state where, under certain circumstances, the state of the bitfile is changed without holding the lock that protects the state. Fixes an issue with vfast in which a vfast thread might cause a "kernel memory fault" panic because of a race condition. Fixes a potential panic on an active domain doing heavy I/O while trying to create a new fileset. Fixes problems that occurs when volume expansion (mount -u -o extend) races with other code.
• • • • • • • • • • • • • • • • • • • • • • • • • • • • • • example, an mfs request that fails due to insufficient memory should report back a failure message but instead triggers a segfault in the caller. Resolves a problem that could cause rexec() to hang. Provides a switch that allows users to specify a port number for mountd. Fixes getaddrinfo so it works properly when IPv6 is not configured.
• • • • • • • • • • • • • • • • • Corrects a memory leak problem associated with the clu_get_info API seen on stand-alone systems. Corrects potential security vulnerabilities in the gzip program. These vulnerabilities could be exploited by a remote unauthorized user to execute arbitrary code or cause a Denial of Service (DoS). Fixes a POSIX standard violation in the wcstod() function. Previously, an incorrect pointer was set to the endptr parameter of wcstod() for cases where no conversion was made.
• • • • • • • • • • • • • • • • • • • • • • • • Handles reservation conflict errors to address cluster node hang during boot. Updates the audit system to display additional information for numa_syscalls and msfs_syscall system calls. Provides a tunable attribute to allow the reserving of a percentage of vnodes for root use. Fixes an issue in the VM subsystem in which a page that is not managed by VM is incorrectly identified as being managed by VM.
• • • • • • • • • • • • • • • • • • • • • • Fixes a panic condition in the NFS client code resulting from the mishandling of unaligned data on clustered systems. Corrects a kernel memory fault that results from the de-referencing of a null processor pointer encountered when auditing a network event after having sent a SIGKILL to the auditd daemon. Forces the use of a non-cluster interconnect address in audit records.
• • • • • • • • • • Fixes a rare kernel memory fault problem that occurs during an ES80 boot. Provides a new cluster-specific link aggregation distribution algorithm when using LAG in a LAN cluster. Allows for control ports to be deleted using the hwmgr command. Fixes a potential deadlock hang between a migration and a flush on a file.
• • • • • • • • • • • • • Corrects default values for YESEXPR and NOEXPR defined in the localedef command and libc to get correct return value from nl_langinfo(YESEXPR) and nl_langinfo(NOEXPR) Resolves a problem that could cause the rexec() function to hang. Fixes the getaddrinfo() routine to work properly when IPv6 is not configured. Fixes memory leaks in the libc getipnodebyname routine, which is used by ldapcd. The leaks caused intermittent SSO SIA authentication failures.
• • • • • • • • • • • • • • • • • • • • • • • • • • • • • • Changes the way page migrations occur on a NUMA system to address poor performance due to excessive paging. Corrects a problem with pagetable page allocations that can leave a thread waiting indefinitely during a fork operation. Corrects the cause of "ubc_wire: hash failed" panics on non-NUMA systems. Correct the cause of "not wired" panics with System V shared memory and bigpages.
• • • • • • • • • • • • • • • • • • • • • • Provides transmit/receive flow control settings and driver revision to the bcm Gigabit Ethernet driver boot time startup messages. Provides a fix for the proper operation of DS25 onboard bcm LEDs. Fixes an issue in the error recovery procedure of CISS adapters. Improves failure detection handling due to command timeouts. Fixes a potential race condition that causes a kernel memory fault by the changer code.
Patch 27045.00 OSFKTOOLS540 • Enhances the inpcb kdbx extension to display additional PID information. • Updates the kdbx audit extension to accommodate a new device driver state and optionally fetch data appropriately. • Enhances the kdbx netstat extension. Patch 27050.00 OSFLIBA540 • Updates the audit system to display additional information for the numa_syscalls and msfs_syscall system calls.
• • Updates the uucp(1), gethostbyaddr(3), getnameinfo(3), sys_attrs_io(5), kdbx(8), named(8), and volwatch(1) reference pages. Updates the dd(1), ksh(1), vi(1), aio_return(3), sshd2_config(4), emx(7), dxshutdown(8), newfs(8), prpasswdd(8), sshd2(8), and ypset(8) reference pages. Patch 27055.00 OSFMANOS540 • Updates the following reference pages: uucp(1), gethostbyaddr(3), getnameinfo(3), sys_attrs_io(5), kdbx(8), named(8), and volwatch(1) .
Patch 27065.00 OSFOEMBASE540 • Updates Tru64 UNIX version information in accordance with HP rebranding efforts. Patch 27068.00 OSFPGMR540 • Fixes a sendmail registration issue with PSM. Patch 27069.00 OSFPRINT540 • Provides LPD support for the following HP Printers: — Color LaserJet 4650 — Color LaserJet 9500 — LaserJet 4200 — LaserJet 4250 — LaserJet 4300 — LaserJet 4350 — LaserJet 9040 — LaserJet 9050 • Fixes a problem with lpstat -o in handling hyphens in printer names.
Patch 27084.00 OSFUUCP540 • Corrects a problem with the uucp command in which it changes the time stamps of the destination file when the destination file already exists as a directory. Patch 27085.00 OSFX11540 • Corrects a problem that occurs when attempting to open a Java applet on a V1.7 Mozilla browser displayed from a Redhat Linux RHEL 3 (update 6) to a Tru64 UNIX V5.1B-3 graphics console. The browser closes and dtwm spins at 99% CPU usage.
• • • • • • • • Fixes the fwtmp command so it does not display invalid (negative) PIDs when the number of decimal digits of PID value exceeds 5. Corrects a potential security vulnerability where, under certain circumstances, system integrity may be compromised. This may be in the form of improper file or privilege management. Corrects an error in the script in lastlogin.sh. Makes start up scripts in /sbin/init.d world readable.
• Makes the following changes to the vdump, rvdump, and vrestore commands: — Causes vdump and rvdump to report when all hard links siblings cannot be archived through the specified path and causes them to correct the bytes to backup estimate calculation when hard links are archived. — Causes vdump and vrestore to act as expected upon receiving an interrupt (^C). — Fixes vdump and vrestore to pick up correct messages in all locales.
• • • • • • • • • • • • • • • • • • • • • • • • • • • • Allows fixfdmn to repair a rare on-disk structure problem with directories. This condition only shows up on a domains with multiple volume in which property lists are used. Corrects several very rare cases where fixfdmn incorrectly fixes certain AdvFS file domains. Causes the vdump -C option to display compression ratio. Causes vrestore to display error message for end of tape. Identifies non-tape target device during rvdump and rvrestore actions.
• • • • • • • • Modifies the CFS flushing behavior during an rmvol. Helps reduce the size of extent maps of clone files cases where the original is modified extensively under direct I/O. Enhances /sbin/advfs/tag2name command to print the name of the associated directory when given the tag of an index file. Corrects a potential problem with modifying files via direct I/O when there is a clone fileset. Fixes a race during AdvFS volume removal that can cause a panic in the bs_osf_complete() routine.
• • • • • • • • • Fixes an AdvFS path that can cause a panic in the advfs_page_busy() routine. Fixes a deadlocking problem in the kernel where a file open on a clone could hang when ACLs are enabled. Fixes a hang that can occur during the renaming of an AdvFS file. Displays the correct error message for freezefs -q on a non-AdvFS file system. Adds comment to reserve 0x10000000 and 0x20000000 for AutoFS flags. Prevents a O_DSYNC write failure under the following situation: 1. The user creates a new file.
• Fixes a cluster panic with the following error message: panic (cpu 3): ics_unable_to_make_progress: heartbeat checking blocked • • • • • • • • • • • • • • • • • • • • • • • • Fixes an rmvol E_PAGE_NOT_MAPPED error. Eliminates an ENO_MORE_BLKS error seen performing a copy-on-write procedure to a clone file while an rmvol operation is in progress. Increases from 4 to 6 the number of pages that can be pinned at deletion time. Improves the informational messages returned by a few domain panic strings.
• • • • • • • • • • • • • • • • • • • • • • • • Fixes a cluster hang where one node tries to get a DIO token and another node tries to start a transaction while a third thread is waiting for the clu_clonextnt_lk lock. Fixes a potential deadlock hang between a truncate system call and a read system call on a clustered system. Prevents a vfast thread from using too much CPU when scanning the AdvFS sbm. Provides corresponding memory frees to various mallocs in AdvFS.
• • • • • • • • • • • • • • • • • • • • • • • • • • • • 82 Corrects a security issue in which rsh and other rcmds incorrectly report ESUCCESS when the remote side of a connection terminates before fully establishing a connection. Updates sysconfig to use the cluster interconnect, thereby allowing for a greater SSI collaboration. This fix will help with changing variables on hung systems, single user systems, and normal running systems.
• • • • Fixes several potential security vulnerabilities where, under certain circumstances, system integrity may be compromised. These may be in the form of improper file or privilege management. Corrects a potential security vulnerability where, under certain circumstances, system integrity may be compromised. This may be in the form of improper file access. Corrects a problem in which a core dump occurs when using csh from the Japanese locale.
• • • • • • • • • • • • • • • • • • • • • • • • 84 Fixes a problem in which attempts by the runtime loader (/sbin/loader) to free a null pointer are in error. Corrects the behavior of the more command when nonexisting file and a nonempty file with a long file name are both specified. Causes /usr/opt/ultrix/usr/bin/make to properly check dependencies on archive libraries. Fixes various problems in the dbx and object file tools: dbx, ostrip, strip, mcs, dis, cord, file, and stdump.
• • • • • • • • • • • • • • • • • • • • • • • • • • Eliminates compiler warnings in mkdir. Corrects a problem in which performing a sort on a large database using numerous keys fails during the consolidation phase of the temporary files. Fixes a typo in mkcdsl. Updates the NIS start-up script to correctly start NIS on the cluster alias. Fixes a problem with bcheckrc that occurs when it is run multiple times. Fixes a problem with non-U.S. USB keyboards used in non-U.S.
• • • • • • • • • • • • • • • • • • • • • • • • • • • • 86 Fixes a situation in which the header fields displayed by the output of the ps command are not aligned properly. Corrects a problem with the class scheduler under the following conditions: 1. The class scheduler is started then stopped. 2. System owned semaphores are removed with the ipcrm -s command 3. The class scheduler fails to restart with the error "class_open: allocate or access semaphore Invalid argument.
• • • • • • • • • • • • • • • • • • • • • • • • • • • • • • Corrects a problem in which logins in TruCluster environments using Enhanced Security could hang on any member other than the one serving /var to CFS. Fixes a problem with SIA that caused the Internet Express LDAP Authentication module to be unable to look up default group information for a user at login time. Causes the appropriate exit status to be returned when a disk is full. Lets awk accept input records of a length up to 5,119 bytes.
• • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • 88 Fixes the pattern substitution problem in ksh with respect to the patterns ${parameter#pattern} and ${parameter%pattern}. Adds per-binary big page controls to complement the system-wide tunable attributes. Updates the audit_tool usage message. Fixes a performance problem in the libc mktime() routine.
• • Corrects a problem in which the mailsetup command does not allow changes to the local user list in a noncluster environment. Corrects a potential security vulnerability that may result in unauthorized Privileged Access or a Denial of Service (DoS). This may be in the form of local and remote security domain risks. (SSRT2384 rpc — Severity - High) • • • • • • • • • • • • • • • • • • • • • • • • • Adds support for NEW_OPEN_MAX_SYSTEM (64K) file descriptors to libaio.
• • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • 90 Corrects the default answer for cleanPR clean. Corrects the behavior of the svr4 -t option of the df command in a cluster environment. Allows V5 auditd servers to communicate with V4 auditd clients. Fixes a problem with csh that may cause a “Missing }” error. Fixes problems with Enhanced Security user accounts that reference a template.
• • • • • Resolves several DECThreads faults and resolves performance issues with certain Java applications. fixes memory leak problem in cron. Raises the highest ID handled by edquota and repquota and converts the repquota program to using the GETQUOTA/GETQUOTA64 quotactl's for obtaining data, instead of directly reading from the quota file. This results in more recent data and, in a cluster, consistent data across all nodes. It also enables handling the highest UIDs (up to 4294967294).
• • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • 92 Fixes a problem in which fuser is unable to report on all referenced resources when attempting to identify reasons for unmount failures. Improves the process exit procedure for processes that have had the nice command used on them. Corrects a potential security vulnerability where, under certain circumstances, system integrity may be compromised. This may be in the form of improper file access.
• • • • • • • • • • • • • • • • • • • • • • • • • • • • • • Fixes a problem in which a Tru64 UNIX NFS server panics as a result of receiving illegal file access mode from an NFS client. Corrects a rounding error for the vm attribute vm_bigpg_thresh. Corrects the handling of bad pages when big pages are enabled. Fixes the cause of "page mapped" panics when using mmap calls with dev/mem to access free big pages. Increases the TCP window increased from 96 KB to 500 KB to improve performance.
• • • • • • • • • • • • Prevents a kernel memory fault panic that occurs when the audit daemon is set to periodically dump the kernel audit buffers to the audit log file (auditd -d freq). Corrects conditions that cause "blkfree: freeing free block" and "blkfree: freeing free frag" panics. Allows systems configured to use NTP to keep accurate time regardless off whether the NTP daemon is running.
• • • • • • • • • • • • • • • • • • • • • • • • • • Increases the default values for udp_ttl and tcp_ttl to 128 hops. Fixes a condition that causes the "rdg: unwiring" panic. Increases the default limit of DLI packets to 16 KB and makes the limit tunable. This corrects a problem in which attempts to send packets larger than 5000 bytes (jumbo packets) can fail. Improves the fragment gathering mechanism to boost performance.
• • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • 96 Addresses a problem in IPv6 subsystem that causes a system to panic. Adds support for AlphaServer ES47/ES80/GS1280 platforms to allow the use of processors having different speeds in the same chassis. Corrects the problem of the statfs() function returning EINVAL when operating on an fattach() function clone streams device. Addresses a scaling issue seen on large multiprocessor systems in dealing with the class scheduling subsystem.
• • • • • • • • • • • • • • • • • • • • • • • • • • • • Provides a tunable attribute that gives system administrators the ability to adjust the weight that the kernel places on the NUMA locality for forks on AlphaServer GS80, GS160, GS320, and GS1280 systems. Sets a software limit to prevent serious performance problems that can occur when TCP connections that have an rate-limit enforced by a downstream network device overrun the device.
• • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • 98 Removes erroneous "No B-cache detected" messages from certain configurations. Prevents a potential panic that generates the message “memory_test=partial” or “memory_test=none.” Allows the stat system call to correctly report the st_blocks on a CD-ROM file. Improves performance for applications with large in-core data sets Corrects a system panic caused by stack growth.
• • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • Corrects the cause of a panic on a cluster system when renaming a root specified by the chroot command. Fixes a kernel memory leak that occurs during routing table updates, which over time, can cause memory shortages for machines attached to a constantly changing network, as in the case of mobile IP.
• • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • 100 Addresses issues that may be seen as panics or hangs having to do with the UBC. Introduces the vm_overflow tunable. Provides enhancements for NetRAIN operations. Corrects race in streams I/O completion and timeout logic. Adds the ability to decouple RPC client retransmission activity from UDP or interface transmission completion handling.
• • • • • • • • • • • • • • • • • • • • • • • • • • Makes Tru64 UNIX V5.1B compatible with V5.1A in regard to the handling of the relationship between a controlling terminal and the “session” structure. Fixes the fastpath send of RPC modules to correct conditions in which it ignores the VMAC setting and it excludes source and destination UDP port numbers when LAG is enabled. Fixes a problem in which the NFS server, in certain cases, does not update the access time on the files it serves.
• • • Prevents the growth of a stack object when code invokes an mmap system call. Corrects a kernel memory fault panic clock_tick(). Fixes the following panics: page is not primary page mcs_unlock: current lock not found • • • • Corrects a memory leak caused by a race condition that can lead to the incorrect decrementing of reference counts of vm_anon objects, which can cause orphaned pages. Fixes an “mcs_lock: lock already owned by cpu” panic.
• • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • Corrects problems with file object selection and deselection and directories. Corrects NUMA performance issues associated with auditing. Adds support for IEEE 802.1Q (VLAN). Adds support for IEEE 802.1Q (VLAN) (DE50x, lan_common.h). Adds support to get live status information for air movers and power supplies on AlphaServer GS1280 systems and to log intrusion packets to the error log.
• • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • 104 Adds the function prototype numa_query_pid() to numa.h. Changes the use of /etc/svc.conf to /etc/nsswitch.conf to allow netgroup data to be provided from LDAP in addition to NIS. Provides support for the Philips USB controller, which is shipped on some AlphaServer GS1280 systems. Without this patch, the Philips USB controller may fail to detect and configure devices connected to it.
• • • • • • • • • • • • • Fixes a logic error in the virtual memory macros used for accessing the memory descriptor. Allows multiple retries to mount the root file system and the ability to adjust the retry period. Fixes a problem in which the operating system receives an environmental machine check packet from the firmware but fails to correctly recognize the sensor that is identified as faulty by the machine check.
1. 2. 3. • • Select a date Choose Browse-Compare Calendars... Press the Mail... button. Fixes the dtcm warning message when selecting View –> Day in dtcm. Resolves a potential buffer overflow within the X PixMap routines. Patch 27014.00 OSFCDEDEV540 • • • Fixes several potential security vulnerabilities where, under certain circumstances, system integrity may be compromised when a buffer overflow occurs in the DtSvc utility.
Patch 27016.00 OSFCDEMAIL540 • • Corrects several potential security vulnerabilities where, under certain circumstances, system integrity may be compromised. These may be in the form of improper file access. Corrects a potential security vulnerability that may result in unauthorized Privileged Access or a Denial of Service (DoS). This may be in the form of local and remote security domain risks. Patch 27019.
• • • • • • Fixes a problem in the operation of the IPv6 neighbor discovery daemon where IPv6 addresses are not automatically configured on PPP interfaces. Adds support for IEEE 802.1Q (VLAN). Fixes a problem that prevents startslip from extracting all the information from the acucap file. Fixes a problem in the /etc/.mrg..protocols merge script that causes incorrect permissions on the /etc/protocols file.
• • • • • • • • • • • • • • • • • • • • • • • • • • • • Resolves a problem with gated where adding a route may not succeed under certain circumstances. Corrects a potential security vulnerability where, under certain circumstances, system integrity may be compromised. This may occur when the gated daemon or gated control utility (gdc) incorrectly access temporary files. Corrects a potential security vulnerability where, under certain circumstances, system integrity may be compromised.
• • • • • Fixes a problem with FTP byte/hash count when the file size exceeds 2 GB. Modifies niffconfig to display appropriate error messages. Corrects a problem in which ftp reget works incorrectly when restarting at 2 GB or larger. Provides enhancements for NetRAIN operations. Corrects a potential locally exploitable integer overflow vulnerability in the Network Time Protocol.
• • • • • • • • • • • • • • • • • • • • • • • • • the setuid privilege. This patch allows a system administrator to enable memory management protections that limit potential buffer overflow vulnerabilities. Corrects a problem in which some networking applications, especially X.25 and X.29, stopped working as expected because of interactions with security-related fixes and how the fstat() function behaves on their sockets.
Patch 27022.00 OSFDCMT540 • Corrects several potential security vulnerabilities where, under certain circumstances, system integrity may be compromised. These may be in the form of improper file or privilege management. Patch 27023.00 OSFDCMTEXT540 • Corrects a potential security vulnerability where, under certain circumstances, system integrity may be compromised. This may be in the form of improper file or privilege management. Patch 27026.
Patch 27030.00 OSFEXAMPLES540 • Eliminates the use of a /tmp file in a SysMan CLI example. Patch 27031.00 OSFEXER540 • Corrects a message from memx. Patch 27034.00 OSFHWBASE540 • • • • • • • • • • • • • • • • • • • • • Fixes several I/O error handling and error reporting problems in the Tru64 Emulex Fibre Channel driver that can result in inefficient error handling or misleading error log entries. Updates the bcm driver to V1.0.
• • • • • • • • • • • • • • • • • • • • • • • • • • • • • • 114 Changes the fwupgrade command to allow the specified firmware update image to be located on a BOOTP server in a connected network.
• • • • • • • • • • • • • • • • Updates the tu driver to support Ethernet Multicast addresses larger than 512, which is necessary to support a large number of IPv6 addresses Updates the alt driver to V2.0.20 to fix issues with IPv6, NFS performance and SNMP Fixes an improper handling of domain, area, and fabric RSCNs, or Registered State Change Notifications by the emx driver that results in the nondetection of path failures to storage devices in the fabric.
• • • • • • • • • • • • • Enables SmartArray 5300 controller hardware events to be logged to the binary.errlog during boot time. This is useful in diagnosing logical volume state change and physical drive hotswaps that can occur while the system in not booted. Fixes a simple lock panic in the floppy diskette driver. Prevents the memory troller from starting on titan and tsunami platforms with aluminum ev68 CPUs.
• • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • Fixes a problem in the alt driver for DEGPA Gigabit Ethernet adapters. This problem affects all Tru64 UNIX systems containing DEGPA network interfaces. Fixes a condition that causes a system hang when using open3D over the AGP bus on an AlphaServer GS1280. Fixes a problem that can cause an ES45 to hang if the Xserver is restarted or the system is rebooted without a power cycle when using the Radeon AGP graphics device.
• • • • • • • • • • • • • • • • • • • • • • • • • • • 118 Corrects a potential system crash when shutting down after using a DAPBA or DAPCA ATM adapter. Prevents an IDE bus hang caused when issuing a play audio track command from scu to an ATAPI CD-ROM containing an enhanced CD. Installs Version 1.08 of the ciss driver. Fixes a problem with non-U.S. USB keyboards used in non-U.S. locales in which the keyboards are treated as U.S. keyboards by the operating system.
• • • • • • • • • • • • • • • • • • • • • • • • • • Corrects a race condition that may result in hung disks under certain circumstances, for example, after a SCSI reset. Corrects problems in which tape devices become unavailable, do not respond, report unrecoverable errors, or cause a kernel memory fault. Corrects problems in the aha_chim driver that could result in bus hangs, panics and inappropriate access of freed memory during high rate of bus resets.
• • • • • • • • • • • • • • • • • • • • • • • • • • • • • • 120 Fixes a problem with the USB keyboard driver that affects keyboard operation when the X server is not running. Specifically, the autorepeat function it may appear jumpy, or keys may appear to press themselves after they are released. Fixes a problem relating to gh_chunks allocation on some configurations. Fixes various problems in the bcm driver for DEGXA Gigabit Ethernet adapters.
• • • • • • • • • • • • • • • • • • • • • • • • • • • • Corrects a problem that causes a system panic while running applications that open a RAID device and the faulting routine is control_port_open. Fixes an I/O hang condition on Fibre Channel. Fixes a rare case in which the target of a ladebug-invoked routine (via the call func command) aborts with a segmentation fault while derefencing the gp register. Corrects a problem in which an unconfigured PCI devices can cause a panic during boot.
• • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • 122 Improves error handling and I/O timing. Fixes hangs that can occur prior to disk spinups. Improves system recovery when media errors occur. Eliminates a condition that causes a panic to occur when removing sensors on a ES47 system. Fixes a problem with HSG80 controllers due to bad count for persistent reservation keys. Improves the performance of systems that perform heavy file I/O.
• • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • Allows hwmgr -redirect to work with lockmode 4. Fixes invalid queue entries and system panics following Retries Exhausted. Fixes a persistent reduction in SCSI queue depth after a queue full occurs. Fixes a race condition in xpt_async_event_thread. Fixes an “mcs_lock:lock already owned by cpu” panic. Fixes an issue with the storage subsystem I/O Barrier error handling.
• • • • • • • • • • • • • • • • • • • • • • Fixes a potential I/O hang with the KZPCC backplane RAID adapter. Fixes a rare occurrence where on a shared parallel SCSI bus disks may become inaccessible to hosts under certain fault conditions. Fixes the panic "no locks owned by cpu" caused by the bcm driver (DEGXA) when the device is shut down. Fixes a problem that causes incorrect parent bus information from being printed for Smart Array 53xx adapters. Corrects a lock initialization during boot.
• • Corrects an issue in which multiple access to changer devices (for example, via Legato/Networker) could lead to a kernel memory fault in the changer driver. Fixes problems with DS15 environmental monitoring. Patch 27038.00 OSFINCLUDE540 • • • • • • • • • • • Offers the sticky connection feature for a cluster alias. Modifies the getaddinfo to compile properly with the POSIX_SOURCE compiler flag. Fixes various problems in the libc functions getdate(), strptime(), callrpc(), strncasecmp() and fork().
• • • • • • • • • • • • • • Fixes the mkcdsl command and updates the NIS start-up script to correctly start NIS on the cluster alias. Corrects several potential security vulnerabilities where, under certain circumstances, system integrity may be compromised. These may be in the form of improper file or privilege management. Fixes a problem in tcpdump that causes it to not filter UDP traffic properly. Corrects a potential problem in screend.
Patch 27046.00 OSFLAT540 • Makes start-up scripts in /sbin/init.d world readable. Patch 27047.00 OSFLDBBASE540 • Provides Version V69 of the ladebug debugger to cause it to properly return from a fork call when CATCHFORKS is set. Patch 27048.00 OSFLDBDOC540 • Provides Version V69 of the ladebug debugger to cause it to properly return from a fork call when CATCHFORKS is set. Patch 27049.
• • • Adds support for NEW_OPEN_MAX_SYSTEM (64K) file descriptors to libaio. Installs DECthreads V3.20-049a, which fixes a problem that could cause some threaded applications to hang. Resolves several DECthreads faults and resolves performance issues with certain Java applications. Patch 27051.00 OSFLSMBASE540 • • • • • • • • • • • • • • • • • • 128 Corrects several label strings in the SysMan LSM application.
• • • • • • • • • • • • • • • • • • • • • • • • • • • Corrects an internationalization problem in which an instructional message that is output by the LSM voldiskadm command's list option is incorrect because it had not been entered properly in the message catalog. Improves null partition checking code. Modifies the volassist command to correctly output a warning message for its shrink operations. Enables a full recovery to occur in the event of an invalid magic number found in the recovery map.
Patch 27052.00 OSFLSMBIN540 • Prevents the following panics on systems using LSM or CLSM with low free memory: mcs_lock: lock already owned by cpu mcs_unlock: current lock not found • Suppresses the following erroneous console warning message that may be provided when cluster root is under LSM control. WARNING: cluster root devices are on private buses! • • • • • • • • • • • • • • • • • 130 LSM does not support such configurations.
Patch 27053.00 OSFLSMX11540 • Fixes a problem in the LSMSA GUI where the application throws a Null Pointer Exception while trying to display volume and fileset information on systems having ASU file-on-file mounts. Patch 27054.00 OSFMANOP540 • • • Revises the EvmEventPost(3) reference page to document the return value EvmERROR_CONNECTION_LOST. Revises the nsdispatch(3) reference page. Revises the getaddrinfo(3) reference page to document the POSIX_SOURCE compiler flag. Patch 27055.
• • • • • • • • • • • • • • • • • • • • • • • • • • Revises the voliod(8) reference page to document a change to the voliod -f set 0 command. Revises the evminfo(1) reference page to document the addition of the auth option to the -verify option, which allows users to check for syntax errors in the EVM authorization file. Revises the kdbx(8) reference page to document the addition of the -A flag to route. Revises the netstat(1), sys_attrs_inet(5), sys_attrs_net(5) and route(8) reference pages.
• • • • • • • Corrects a potential security vulnerability where, under certain circumstances, system integrity may be compromised. This may be in the form of improper file access. Corrects a problem in which when DHCP is selected for a network interface card, netconfig places invalid data in the /etc/hosts file. Changes the use of the configuration file /etc/svc.conf to /etc/nsswitch.conf to allow netgroup data to be provided from LDAP, rather than only from NIS.
Patch 27064.00 OSFOBSOLETE540 • Updates Tru64 UNIX version information in accordance with HP rebranding efforts. Patch 27065.00 • Corrects a potential security vulnerability where, under certain circumstances, system integrity may be compromised. This may be in the form of improper file or privilege management. OSFOEMBASE540 Patch 27068.00 OSFPGMR540 • • • • • • • Updates sysconfig to use the cluster interconnect, thereby allowing for a greater SSI collaboration.
• • Fixes an error in which remote job reprinting does not occur when needed. Adds a new /etc/printcap option, sr, to suppress job reprinting. Patch 27070.00 OSFRCS540 • Corrects a potential security vulnerability where, under certain circumstances, system integrity may be compromised. This may be in the form of improper file or privilege management. Patch 27071.00 OSFRIS540 • Corrects a joind failover problem and an extracted RIS area issue. Patch 27072.
Patch 27075.00 OSFSER540 • • • • • • • • • Fixes a problem in which the X server shared memory extension sometimes does not display images properly in windows of depth 16 or 24. Corrects a problem that occurs with the Oxygen VX1 graphics card in which XCopyPlane copies all bitplanes rather than only the requested bitplane. Fixes a memory leak in the X server PanoramiX/Xinerama Extension that can cause a process to core dump.
• • • • • • • • Fixes a problem with the collect that cause it to report incorrect packet count information when a large number of incoming/outgoing packets occur per second. Improves collect so it can properly handle dynamic changes to resources such as AdvFS file systems and disks. The collect utility now also ensures that errors are logged through syslog so they are not lost when it is run in historic mode.
• • • • • • • • • • • • • • • • • • • • • • • • • 138 Corrects a potential security vulnerability where, under certain circumstances, system integrity may be compromised. This may be in the form of passwords that have a length outside of the intended range. Updates the account management tools to use the latest versions of the ASU (Advanced Server for UNIX) API calls when ASU is in use on the server. Provides support for SmartArray disk controllers.
• • • • • • • • • • • • • • • • • Improves the input validation for Client, Server and IP address fields for the pap-secrets and chap-secrets file. Corrects a problem in curses mode in which AlphaServer Management Server tool incorrectly displays selected nodes and loses column headers after viewing help. Corrects a condition that causes double clicking table headers in Manage CPUs and AMS causes traceback. Corrects a class loader hang that occurs when run by non-root users.
• • • • • • • • • • • • • • • • Modifies the SysMan Display Currently Mounted File Systems application to correct a problem in which it incorrectly lists file-on-file mounts. Modifies the SysMan Mount File Systems application to correct a problem in which it incorrectly mounts entries in /etc/fstab file. Fixes a problem where the SysMan Unmount File Systems application does not display file-on-file mounts correctly.
• • • Corrects several potential security vulnerabilities where, under certain circumstances, system integrity may be compromised. These may be in the form of improper file or privilege management. Corrects a potential security vulnerability where, under certain circumstances, system integrity may be compromised when a buffer overflow occurs in the uucp utility.
Patch 27086.00 OSFXADMIN540 • • • • • • • • • • • • • Corrects a potential security vulnerability in the XDM (X Display Manager) software. This potential vulnerability, which may be locally and remotely exploitable, could result in a denial of service (DOS), unauthorized privileged access, or both. Corrects a problem in which host icons overlap in the dxhosts application.
Patch 27095.00 OSFXMIT540 • • • Corrects a potential security vulnerability where, under certain circumstances, system integrity may be compromised. This may be in the form of improper file access. Fixes various problems with the X font server and with the X server's interaction with X font servers. Corrects a potential file permissions vulnerability and a potential buffer overflow in the X Window System. The potential vulnerabilities are locally exploitable, resulting in unauthorized privileged access.
• • • • • Corrects a problem in which the locking and unlocking of multiple selected users did not happen under C2 security. Fixes the cause of a core dump that occurs during copy/paste operations of Local/NIS template. Corrects a problem in which the dxaccounts application incorrectly creates a default expiration date of Feb 1, 1995 for new user accounts. Fixes a problem with copy/paste operations using dxaccounts. Fixes a problem that occurs when creating a new user with useradd. Patch 27102.
• • • • • • • • • • • • program and possibly execute commands at the elevated privileges if the program file has the setuid privilege. This patch allows a system administrator to enable memory management protections that limit potential buffer overflow vulnerabilities. Fixes the error "Xauth data does not match fake data." that can occur when multiple SSH sessions from the same client are open on different cluster member nodes.
4 TruCluster Server Patches This chapter provides information about the patches included in Version 5.1B-4 for the TruCluster Server software. It is organized as follows: • “New Patches” lists release notes that are specific to the TruCluster Server software patches in this kit and TruCluster Server issues in general.
4.1.4 Unrecoverable Failure Procedure The procedure to follow if you encounter unrecoverable failures while running dupatch during a rolling upgrade has changed. The new procedure calls for you to run the clu_upgrade -undo install command and then set the system baseline. The procedure is explained in the Patch Kit Installation Instructions as notes in Section 5.3 and Section 5.6. 4.1.
4.1.8 Missing Entry Messages Can Be Ignored During Rolling Patch During the setup stage of a rolling patch, you might see a message like the following: Creating tagged files. ............................................................ clubase: Entry not found in /cluster/admin/tmp/stanza.stdin.597530 clubase: Entry not found in /cluster/admin/tmp/stanza.stdin.597568 An Entry not found message will appear once for each member in the cluster. The number in the message corresponds to a PID.
# /usr/sbin/caa_startautofs -c target_member 2. Continue with the rolling upgrade procedure. 4.1.10 Messages Displayed During Rolling Upgrade Can Be Ignored You can ignore the following messages if you see them displayed during a rolling upgrade: • kill:1048674: no such process This message may be displayed after the roll stage. For example: # clu_upgrade roll This is the cluster upgrade program. The 'roll' stage has completed successfully.
The system is not configured properly for cluster creation. Please fix the previously reported problems, and then rerun the 'clu_create' command. If you see these messages, enter the following command: # ls -tlr /usr/.smdb./*PAT*.sts If this command returns a file with 000000 in its name, you will have to run the clu_create command with the -f option to force the creation of your cluster.
# rcmgr -c set PRPASSWDD_ARGS \ "`rcmgr get PRPASSWDD_ARGS` -disable" 2. Stop the prpasswdd daemon on every node in the cluster: # /sbin/init.d/prpasswd stop 3. 4. Perform the rolling upgrade procedure through the clu_upgrade switch step and reboot all the cluster members.
5. Check to see if the problem has been resolved. If it has been resolved, you are finished. If you still see the problem, observe the following warning and continue to step 6. Warning! Continue with the following steps only if the following conditions are met: • You encountered the described problem while doing a rolling upgrade of a cluster running Enhanced Security. • You performed all previous steps. • All user authentications (logins) still fail. 6.
# rcmgr -c delete PRPASSWDD_ARGS • If PRPASSWDD_ARGS existed before this upgrade, then reset PRPASSWDD_ARGS to the original string: # rcmgr -c set PRPASSWDD_ARGS \ "`rcmgr get PRPASSWDD_ARGS | sed 's/ -disable//'`" 13. Check that PRPASSWDD_ARGS is now set to what you expect: # rcmgr get PRPASSWDD_ARGS 14. Start the prpasswdd daemon on every node in the cluster: # /sbin/init.d/prpasswd start 15. Re-enable logins on the cluster by deleting the file /etc/nologin: # rm /etc/nologin 16.
Note: In rare cases, the warning message will be accompanied by a system panic. This will occur if CFS error handling is unable to successfully unmount the underlying physical file system. If this occurs, the console will direct you to use cfsmgr to unmount the domain on one of the remaining nodes prior to rebooting the member. This action will prevent the rebooted member from attempting to failover-mount the file system and will minimize access to the domain.
# umount /mnt # umount /cluster/members/member5/boot_partition 6. Reboot the AlphaServer ES47 or AlphaServer GS1280. 4.1.17 Problems with clu_upgrade Switch Stage If the clu_upgrade switch stage does not complete successfully, you may see a message like the following: versw: No switch due to inconsistent versions The problem can be due to one or more members running genvmunix, a generic kernel.
If this value is not set for a LAN cluster with larger machines, the machines may run out of ports for interconnect services. For more information, see the manual Tuning Tru64 UNIX for Internet Servers. 4.2 Summary of TruCluster Server Software Patches The following sections provide brief descriptions of the changes delivered in this patch kit and in prior Version 5.1B patch kits for the TruCluster Server software products. Each patch provides fixes to subsets of the operating system.
• • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • 158 Fixes a hang during cluster bootup caused by early reservation conflicts. Provides enhancements to the caa_relocate command. Provides a new command, clu_ping, to determine the status of the interconnects in a stretched cluster environment. Improves CFS client writing to do the following: — reduce the logging of ERROR 69 for user disk space quota exhausted. — support partial write success.
• • • • • • • • Fixes a problem with CAA placement policy when host names in "HOSTING MEMBERS" are in uppercase letters. Corrects a problem in which CAA is incorrectly showing the status of network resources on a halted member. Fixes a problem in cfs block reservation code where cfs attempted to release a lock more than once. Introduces a code tracing capability of the aliasd and aliasd_niff daemons to improve troubleshooting. Prevents a race that can occur during the planned relocation of a file system.
• • • • • • • • • • • • • • • • • • • • • • • • • • • • 160 Fixes a forced unmount of nonfailoverable file system (that is, NFS and AutoFS) panic in the case that the initiator is down. Enables a cluster to boot even if the cluster root domain devices are private to different cluster members. Although this is not a recommended configuration, it should not result in an unbootable cluster. Currently, this is with respect to cluster root domains not under LSM control.
• • • • • • • • • • • • • • • • • • • • • • • • • • Fixes a tok_wait hang problem on Sierra Clusters. Adds the ability to change the default interconnect interface name. Corrects several problems in the cluster install and upgrade utilities. Fixes a problem in which an RDG (Reliable DataGram) kernel thread can starve other timeshare threads on a uniprocessor cluster member. In particular, system services such as networking threads can be affected.
• • • • • • • • • • • • • • • • • • • • • • • • • • • • • • 162 Corrects a problem in which a panic displaying the message “error CNX MGR: cnx_comm_error: invalid node state” occurs on a LAN cluster running under load when other members are rebooting. Addresses an error in which caa_register -u produces with no balance data. Addresses a resource inaccessibility issue that can occur if the hosting member crashes during a remote caa_stop operation.
• • • • • • • • • • • • • • • • • • • • • • Causes the correct error message for freezefs -q to be displayed on a non-AdvFS file system. Fixes a problem in one of the shipped rc scripts whereby Oracle fails during startup on a clustered system. Addresses a panic that occurs on a booting node. Fixes a coding error, a memory leak, and a deinitialization problem in the cluster interconnect networking layer. Fixes a problem in the Device Request Dispatcher. Provides clu_upgrade enhancements.
• • • • • • • • • • • • • • • • • • • • • • • • • • • • • • 164 Corrects lock acquires after mpsleep. Causes a rebuild delay remainder to be minimally second. Allows the cluster to provide new functions to the dupatch command before a member is rolled, and also provides a mechanism for backing out the added functions. Addresses a memory leak in the Memory Channel transport layer.
• Addresses a problem on LAN clusters related to improper keep-alive timeouts that can be identified when the following console message is displayed during normal operations (that is, no know failures and no nodes are rebooting): — WARNING: ics_socket_event: error 60 on channel 0, assume node # is down • Fixes a problem that occurs when the interconnect is configured using NetRAIN, cluster_rebuild_delay is set significantly below the default value, and members are rebooting or failures are occurring on t
• • • • • • • • • • • • • • • • • • • • • • • • • • • • 166 Corrects an internal logic error that causes the performance of file deletion to be suboptimal. Fixes a deadlock that occurs when no members have valid paths to a device and all the nodes in the cluster are attempting failover at the same time. Fixes problems seen in the TruCluster RDG component. Fixes a race condition in a routine that allocates memory for Memory Channel logical rail and physical rail use.
• • • • • • • • • • • • • • • • • • • • • • • • • • • • • • Resolves a resource exhaustion problem in the TruCluster kgs/kch subsystem on high-end clusters, typically with large storage configurations. Fixes an assert failure in cfs the server. Resolves a problem that occurs when adjusting sysconfig clua attributes sticky_entry_timeout and sticky_db_cleanup_interval. Ensures that if only a portion of an AIO/DIO write completes, the correct number of bytes written will be returned.
• • • • • • • • Modifies CNX to check for communication errors while a node joins the cluster. Fixes a synchronization issue with a cluster alias ID set among cluster members. Prevents a panic from ocurring during a failover mount if the AdvFS on-disk file system ID (fsid) does not match the current cluster-wide fsid for the file system. Fixes an intermittent core issue in the aliasd daemon caused by inproper handling of the interface list. Fixes an assertion panic "set-num_rmt_mbr_nodes = 0".
5 Worldwide Language Support Patches This chapter provides information about the patches included in Version 5.1B-4 for the Worldwide Language Support (WLS) subset to the Tru64 UNIX operating system. 5.1 Summary of Worldwide Language Support Patches The following sections provide brief descriptions of the changes delivered in this patch kit and in prior Version 5.1B patch kits for the WLS subset of the Tru64 UNIX operating system. Each patch provides fixes to subsets of the WLS software.
Patch 27102.00 IOSJPBASE540 • Provides updated Japanese message files for the SysMan suitlets and others. • Fixes a problem that causes the iconv converter to produce incorrect strings every 4,096 bytes of the output in the codeset conversion between Japanese mainframe codesets (ibmkanji/JEF/KEIS) and other supported Japanese codesets, such as eucJP. • Fixes an ASU problem in Japanese locales where a double-byte hyphen character in a file name is incorrectly converted to an ASCII underscore character.
Patch 27131.00 IOSJPXADMIN540 • Provides updated Japanese message files for the SysMan suitlets and others. Patch 27134.00 IOSJPXSYSMAN540 • • • Provides new Japanese online help files for SysMan file system applications as well as update translations for other SysMan applications. Provides updated Japanese message files for the SysMan suitlets and others. Updates the Japanese version of message and uil files to keep up with the English version. Patch 27214.
6 CSPs Included in This Kit This chapter lists the customer-specific patches (CSPs) for Tru64 UNIX and TruCluster Server that are superseded by patches in this kit. To find out which CSPs are on your system, use the dupatch utility's patch tracking feature, as described in the Patch Kit Installation Instructions.
Table 6-1 Superseded CSPs 00538.01 to 01361.02 Patch C 00538.01 Patch C 00833.00 Patch C 00933.02 Patch C 00999.00 Patch C 01018.00 Patch C 01020.00 Patch C 01028.00 Patch C 01035.00 Patch C 01039.00 Patch C 01046.00 Patch C 01053.00 Patch C 01080.00 Patch C 01087.00 Patch C 01094.00 Patch C 01094.01 Patch C 01101.00 Patch C 01101.01 Patch C 01114.01 Patch C 01114.02 Patch C 01114.03 Patch C 01121.01 Patch C 01130.01 Patch C 01132.00 Patch C 01133.00 Patch C 01134.00 Patch C 01137.00 Patch C 01138.
Table 6-2 Superseded CSPs 01362.00 to Patch C 01934.00 Patch C 01362.00 Patch C 01362.02 Patch C 01363.04 Patch C 01375.00 Patch C 01376.00 Patch C 01379.00 Patch C 01380.00 Patch C 01380.01 Patch C 01382.00 Patch C 01383.00 Patch C 01384.00 Patch C 01385.00 Patch C 01387.00 Patch C 01388.00 Patch C 01388.02 Patch C 01389.00 Patch C 01389.06 Patch C 01389.07 Patch C 01389.10 Patch C 01389.11 Patch C 01389.12 Patch C 01389.15 Patch C 01389.16 Patch C 01392.00 Patch C 01393.00 Patch C 01395.00 Patch C 01397.
6.2 Tru64 UNIX CSPs Superseded in Pervious Kits The numbers in the following tables represent Tru64 UNIX CSPs that were included in previous kits. Table 6-3 Superseded CSPs 00021.00 to 00283.00 Patch C 00021.00 Patch C 00027.00 Patch C 00028.00 Patch C 00029.00 Patch C 00030.00 Patch C 00031.02 Patch C 00034.00 Patch C 00037.00 Patch C 00039.00 Patch C 00041.00 Patch C 00042.00 Patch C 00044.00 Patch C 00051.00 Patch C 00052.00 Patch C 00062.00 Patch C 00063.00 Patch C 00066.00 Patch C 00067.
Table 6-4 Superseded CSPs 00283.01 to 00543.00 Patch C 00283.01 Patch C 00287.00 Patch C 00287.01 Patch C 00288.00 Patch C 00290.00 Patch C 00290.01 Patch C 00291.00 Patch C 00292.00 Patch C 00295.00 Patch C 00296.00 Patch C 00297.00 Patch C 00298.00 Patch C 00299.00 Patch C 00300.00 Patch C 00300.02 Patch C 00300.03 Patch C 00300.04 Patch C 00302.00 Patch C 00302.01 Patch C 00302.02 Patch C 00302.03 Patch C 00303.00 Patch C 00307.00 Patch C 00308.00 Patch C 00308.01 Patch C 00309.03 Patch C 00311.
Table 6-5 Superseded CSPs 00545.00 to 00849.11 Patch C 00545.00 Patch C 00548.00 Patch C 00549.00 Patch C 00552.00 Patch C 00553.00 Patch C 00555.00 Patch C 00556.00 Patch C 00556.01 Patch C 00561.00 Patch C 00562.00 Patch C 00563.00 Patch C 00563.01 Patch C 00564.00 Patch C 00564.01 Patch C 00564.02 Patch C 00567.00 Patch C 00570.00 Patch C 00575.00 Patch C 00583.00 Patch C 00586.00 Patch C 00594.00 Patch C 00599.00 Patch C 00600.00 Patch C 00602.00 Patch C 00603.00 Patch C 00607.00 Patch C 00608.
Table 6-6 Superseded CSPs 00850.00 to 01107.00 Patch C 00856.00 Patch C 00856.01 Patch C 00858.00 Patch C 00859.00 Patch C 00861.00 Patch C 00863.00 Patch C 00865.00 Patch C 00867.00 Patch C 00867.02 Patch C 00868.00 Patch C 00869.00 Patch C 00872.05 Patch C 00875.03 Patch C 00876.01 Patch C 00878.03 Patch C 00880.00 Patch C 00881.00 Patch C 00882.00 Patch C 00883.00 Patch C 00884.00 Patch C 00884.01 Patch C 00885.00 Patch C 00885.01 Patch C 00886.00 Patch C 00887.00 Patch C 00888.00 Patch C 00889.
Table 6-7 New Superseded TruCluster CSPs Patch C 00142.01 Patch C 00207.03 Patch C 00258.00 Patch C 00264.00 Patch C 00264.01 Patch C 00266.00 Patch C 00266.01 Patch C 00266.02 Patch C 00266.03 Patch C 00266.04 Patch C 00266.05 Patch C 00270.08 Patch C 00271.00 Patch C 00274.00 Patch C 00274.01 Patch C 00274.02 Patch C 00275.00 Patch C 00278.00 Patch C 00278.01 Patch C 00284.00 Patch C 00286.00 Patch C 00286.01 Patch C 00287.00 Patch C 00288.00 Patch C 00290.00 Patch C 00290.01 Patch C 00291.
Table 6-8 TruCluster CSPs Superseded in Prior V5.1B Kits Patch C 00005.00 Patch C 00008.00 Patch C 00009.00 Patch C 00010.00 Patch C 00014.00 Patch C 00014.01 Patch C 00017.00 Patch C 00017.01 Patch C 00017.02 Patch C 00020.00 Patch C 00020.01 Patch C 00022.00 Patch C 00024.00 Patch C 00027.00 Patch C 00027.01 Patch C 00029.00 Patch C 00029.01 Patch C 00030.02 Patch C 00031.00 Patch C 00032.00 Patch C 00033.00 Patch C 00034.00 Patch C 00036.00 Patch C 00037.00 Patch C 00037.01 Patch C 00039.
A Setting Up an Enhanced Distance Cluster An Enhanced Distance Cluster allows a cluster to be extended between two sites up to 100 km apart to assist recovery in the event of a disaster. An Enhanced Distance Cluster provides basic high availability services in the event of the loss of a single component.
• If a site disaster occurs that involves multiple failures, high availability will be lost. Therefore, there needs to be procedures in place for the manual rebooting of the surviving site. The surviving site will work as a normal cluster with minimal or no data loss. • A single, combined span of up to 100 km using three switches and two segments of 50 km. • The configuration must have at least one physical subnet to which all cluster members and the default cluster alias belong.
For example, ORACLE RAC uses a cluster interconnect for its own lock manager traffic and an increase in latency could lead to unpredictable results. Additionally, multi-instance applications can increase the burden on the cluster interconnect and affect inter-member cluster communication so should follow the configuration recommendations in the next section. • An Enhanced Distance Cluster should not be used for the following workloads due to their I/O characteristics and directory locations.
B Prior Patch Installation Changes Beginning with Version 5.1B-2, we changed the way Tru64 UNIX patch kits are installed and removed, and Version 5.1B-3 introduced additional changes. The following sections describe these changes. See the Patch Kit Installation Instructions manual for complete information about installing, removing, and managing Tru64 UNIX patch kits. B.1 Changes Made in Version 5.1B-3 If you did not install Version 5.
way the patches are packaged and installed. In this example, the SPO4 identifies the patch as belonging to Version 5.1B-2 (Patch Kit 4), the OSF...540 identifies the subset the patch is included in, and the SSRT2275 indicates a type of security patch. 188 • All or none patch removal As with the installation process, if you want to remove a patch, you must remove all of them. That is, you can no longer select individual patches for removal.
C Component Licensing This appendix provides the licenses for sofware components included in this kit. C.1 HP Tru64 UNIX Version Version 5.1B-4 Consolidated Patch Kit ATTENTION: USE OF THE SOFTWARE IS SUBJECT TO THE HP Tru64 UNIX Version 5.1B-4 Consolidated Patch Kit SOFTWARE LICENSE AGREEMENT BELOW. YOU MUST REVIEW THE AGREEMENT AND EITHER ACCEPT OR NOT ACCEPT THE AGREEMENT. IF YOU DO NOT ACCEPT THE AGREEMENT, YOU MAY NOT USE THE SOFTWARE.
1) the terms set forth herein; and 2) HP's third party suppliers' terms that accompany the Software. In the event of a conflict, the third party suppliers' terms that accompany the Software will take precedence over the terms set forth herein. The terms applicable to this transaction in total are referred t o as the "Agreement". A valid software license to use HP Tru64 UNIX Version 5.
e) Updates, upgrades or other enhancements are only available under HP Support agreements. HP reserves the right to require additional licenses and fees for Use of the Software on Devices other than the Devices in which the Bundled Software were installed by HP. f) Customer will not modify, disassemble or decompile the Software without HP's prior written consent.
DFARS 252.227-7014(Jun 1995) or as a "commercial item" as defined in FAR 2.101(a), or as "Restricted computer software" as defined in FAR 52.227-19 (Jun 1987) (or any equivalent agency regulation or contract clause), whichever is applicable. The Customer agrees that it has only those rights provided for such Software by the applicable FAR or DFARS clause or the HP standard software agreement for the product involved. 4.
INFORMATIONAL CONTENT, AND FITNESS FOR A PARTICULAR PURPOSE WITH RESPECT TO THE ANCILLARY SOFTWARE; THE ENTIRE RISK AS TO THE RESULTS AND PERFORMANCE OF THE ANCILLARY SOFTWARE IS ASSUMED BY YOU. Software Limited Warranty. HP warrants to you that the Software will not fail to execute its programming instructions after the date of purchase, for the period specified above, due to defects in material and workmanship when properly installed and used.
OF THIS AGREEMENT SHALL BE LIMITED TO THE GREATER OF THE AMOUNT ACTUALLY PAID BY YOU FOR THE SOFTWARE OR U.S.$5.00. Your use of the Software is entirely at your own risk. Some jurisdictions do not allow the exclusion or limitation of liability for incidental or consequential damages, so the above limitation may not apply to you to the extent prohibited by such local laws. Note.
"Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof.
excluding those notices that do not pertain to any part of the Derivative Works; and (d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form
or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability.
* Permission is granted to anyone to use this software for any purpose on any * * * * * * * * * * * * * * * computer system, and to alter it and redistribute it freely, subject to the following restrictions: 1. The author is not responsible for the consequences of use of this software, no matter how awful, even if they arise from flaws in it. 2. The origin of this software must not be misrepresented, either by explicit claim or by omission.
WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. Copyright (c) 1991 Bell Communications Research, Inc.
License to copy and use this software is granted provided that it is identified as the "RSA Data Security, Inc. MD5 Message-Digest Algorithm" in all material mentioning or referencing this software or this function. License is also granted to make and use derivative works provided that such works are identified as "derived from the RSA Data Security, Inc. MD5 Message-Digest Algorithm" in all material mentioning or referencing the derived work. RSA Data Security, Inc.
is identified as the "RSA Data Security, Inc. MD4 Message-Digest Algorithm" in all material mentioning or referencing this software or this function. License is also granted to make and use derivative works provided that such works are identified as "derived from the RSA Data Security, Inc. MD4 Message-Digest Algorithm" in all material mentioning or referencing the derived work. RSA Data Security, Inc.
==================================================================== This software consists of voluntary contributions made by many individuals on behalf of the Apache Software Foundation. For more information on the Apache Software Foundation, please see http://www.apache.org/. This file came from the SDBM package (written by oz@nexus.yorku.ca). That package was under public domain.
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 2. The origin of this software must not be misrepresented, either by explicit claim or by omission. In practice, this means that if you use PCRE in software which you distribute to others, commercially or otherwise, you must put a sentence like this Regular expression support is provided by the PCRE library package, which is open source software, written by Philip Hazel, and copyright by the University of Cambridge, England.
a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
it is not a bug). If you wish to provide financial support to the Cyrus Project, send a check payable to "Carnegie Mellon University" to Project Cyrus Computing Services Carnegie Mellon University 5000 Forbes Ave Pittsburgh, PA 15213 USA C.4 Mozilla License MOZILLA PUBLIC LICENSE Version 1.1 --------------1. Definitions. 1.0.1. "Commercial Use" means distribution or otherwise making the Covered Code available to a third party. 1.1.
1.10. "Original Code" means Source Code of computer software code which is described in the Source Code notice required by Exhibit A as Original Code, and which, at the time of its release under this License is not already Covered Code governed by this License. 1.10.1. "Patent Claims" means any patent claim(s), now owned or hereafter acquired, including without limitation, method, process, and apparatus claims, in any patent Licensable by grantor. 1.11.
created by such Contributor (or portions thereof) either on an unmodified basis, with other Modifications, as Covered Code and/or as part of a Larger Work; and (b) under Patent Claims infringed by the making, using, or selling of Modifications made by that Contributor either alone and/or in combination with its Contributor Version (or portions of such combination), to make, use, sell, offer for sale, have made, and/or otherwise dispose of: 1) Modifications made by that Contributor (or portions thereof); and
3.4. Intellectual Property Matters (a) Third Party Claims. If Contributor has knowledge that a license under a third party's intellectual property rights is required to exercise the rights granted by such Contributor under Sections 2.1 or 2.2, Contributor must include a text file with the Source Code distribution titled "LEGAL" which describes the claim and the party making the claim in sufficient detail that a recipient will know whom to contact.
license You must make it absolutely clear that any terms which differ from this License are offered by You alone, not by the Initial Developer or any Contributor. You hereby agree to indemnify the Initial Developer and every Contributor for any liability incurred by the Initial Developer or such Contributor as a result of any such terms You offer. 3.7. Larger Works. You may create a Larger Work not governed by the terms of Work as a single product.
DEFECTS, MERCHANTABLE, FIT FOR A PARTICULAR PURPOSE OR NON-INFRINGING. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE COVERED CODE IS WITH YOU. SHOULD ANY COVERED CODE PROVE DEFECTIVE IN ANY RESPECT, YOU (NOT THE INITIAL DEVELOPER OR ANY OTHER CONTRIBUTOR) ASSUME THE COST OF ANY NECESSARY SERVICING, REPAIR OR CORRECTION. THIS DISCLAIMER OF WARRANTY CONSTITUTES AN ESSENTIAL PART OF THIS LICENSE. NO USE OF ANY COVERED CODE IS AUTHORIZED HEREUNDER EXCEPT UNDER THIS DISCLAIMER. 8. TERMINATION. 8.1.
ANY INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES OF ANY CHARACTER INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF GOODWILL, WORK STOPPAGE, COMPUTER FAILURE OR MALFUNCTION, OR ANY AND ALL OTHER COMMERCIAL DAMAGES OR LOSSES, EVEN IF SUCH PARTY SHALL HAVE BEEN INFORMED OF THE POSSIBILITY OF SUCH DAMAGES. THIS LIMITATION OF LIABILITY SHALL NOT APPLY TO LIABILITY FOR DEATH OR PERSONAL INJURY RESULTING FROM SUCH PARTY'S NEGLIGENCE TO THE EXTENT APPLICABLE LAW PROHIBITS SUCH LIMITATION.
Software distributed under the License is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License for the specific language governing rights and limitations under the License. The Original Code is ______________________________________. The Initial Developer of the Original Code is ________________________. Portions created by ______________________ are Copyright (C) ______ _______________________. All Rights Reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted only as authorized by the OpenLDAP Public License. --Portions Copyright 1999-2003 Howard Y.H. Chu. Portions Copyright 1999-2003 Symas Corporation. Portions Copyright 1998-2003 Hallvard B. Furuseth. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that this notice is preserved.
3. Redistributions in binary form must reproduce the Copyright Notice, these license terms, and the disclaimer/limitation of liability set forth as paragraph 6 below, in the documentation and/or other materials provided with the distribution. For the purposes of binary distribution the "Copyright Notice" refers to the following language: "Copyright (c) 1998-2004 Sendmail, Inc. All rights reserved." 4. Neither the name of Sendmail, Inc.
"Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity.
this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitte
names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file. 7. Disclaimer of Warranty.
C.8 GNU General Public License This license covers the following software: • RCS • GZIP • Ident GNU GENERAL PUBLICGN LICENSE Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc. 675 Mass Ave, Cambridge, MA 02139, USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The licenses for most software are designed to take away your freedom to share and change it.
modification follow. GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License.
entire whole, and thus to each and every part regardless of who wrote it. Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Program.
the Program or works based on it. 6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License. 7.
to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. NO WARRANTY 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.
and need not follow the licensing terms described here, provided that the new terms are clearly indicated on the first page of each file where they apply. IN NO EVENT FOR DIRECT, ARISING OUT DERIVATIVES POSSIBILITY SHALL THE AUTHORS OR DISTRIBUTORS BE LIABLE TO ANY PARTY INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES OF THE USE OF THIS SOFTWARE, ITS DOCUMENTATION, OR ANY THEREOF, EVEN IF THE AUTHORS HAVE BEEN ADVISED OF THE OF SUCH DAMAGE.
2. You may apply bug fixes, portability fixes and other modifications derived from the Public Domain or from the Copyright Holder. A Package modified in such a way shall still be considered the Standard Version. 3. You may otherwise modify your copy of this Package in any way, provided that you insert a prominent notice in each changed file stating how and when you changed that file, and provided that you do at least ONE of the following: a.
WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. C.11 Zlib License License /* zlib.h -- interface of the 'zlib' general purpose compression library version 1.2.1, November 17th, 2003 Copyright (C) 1995-2003 Jean-loup Gailly and Mark Adler This software is provided 'as-is', without any express or implied warranty. In no event will the authors be held liable for any damages arising from the use of this software.