========================================================================== The checksum's (found through sum -r) of the files that you have received (other than this README) are as follows: 30144 14 patchSG0003117 60740 74 patchSG0003117.eoe_man 10439 1975 patchSG0003117.eoe_sw 55729 104 patchSG0003117.eoe_sw64 40506 15 patchSG0003117.idb 56900 15 patchSG0003117.netman_data_man 05186 17 patchSG0003117.nfs_man 38617 73 patchSG0003117.nfs_sw ========================================================================== - 1 - 1. Patch_SG0003117_Release_Note This release note describes patch SG0003117 to IRIX 6.2. 1.1 Supported_Hardware_Platforms This patch contains bug fixes for all platforms. 1.2 Supported_Software_Platforms This patch contains bug fixes for IRIX 6.2. The software cannot be installed on other configurations. Installing the networking kernel rollup patch 2673 or its successor is recommended. This patch replaces patches SG0001366, SG0001485, SG0001811, SG0002070, SG0002611 and SG0003000. 1.3 Bugs_Fixed_by_Patch_SG0003117 This patch contains fixes for the following bugs in IRIX 6.2. It includes all of the changes of patches SG0001366, SG0001485, SG0001811, SG0002070, SG0002611 and SG0003000. Bug numbers from Silicon Graphics bug tracking system are included for reference. 1.3.1 New_Fixes_in_Patch_SG0003117 o DNS named daemon updated from Bind 4.9.7 to fix known security problems. (ID 598413) o The DHCP database can be edited while the DHCP server is executing. The utility program to do this is dhcpdb. This utility also allows printing, dumping, and reloading the database. See the man page for dhcpdb(1M). The HOSTNAME_TAG to request a specific name is supported. This is used by Windows clients and optionally by SGI clients. The name is given to the client only if it is not in use. Server will free up leases that were expired to serve additional clients. Server works correctly with NT clients using DHCP option 81. 1.3.2 Bugs_Fixed_by_Patch_SG0003000 o ftpd's use of the utmpx and utmp files could lead to apparent deadlock among ftpd's. utmpx and utmpx - 2 - corruption is also possible. (ID 579436) This fix has one known side effect: some ftp connections on a system with a high number of ftp connections may not be logged to the utmp and utmpx files; wtmp and wtmpx logging occurs unchanged. Prior to this fix, ftpd would not log a connection to the utmp and utmpx when the number of simultaneous connections surpassed 62. This limitation has been relaxed so that 254 simultaneous ftp connections can be logged to the utmp and utmpx files. Installing libc rollup patch 2867 or later is recommended for a more solution to problems created by the interaction of ftpd and libc's utmp and utmpx code. o Some clients using the Client identifier option may not get a lease. The DHCP relay agent failed to forward bootp requests. (ID 575557). o syslogd could filter messages erroneously when the same message was received from different hosts (ID 559214). o ruptime/rwho hosts/users limits were too small (ID 590260). o DHCP server and the relay agent allows debugging to be set on/off using USR1/USR2 signals. The server can be configured to return a default set of options regardless of what the client requests. When state changes occur and are reflected in the etherToIP database a script can be set up to be called. The host table for bootptab entries was limited to 2048. This is now set to increase as needed. o The proclaim client supports vfe, gfe, and eg interfaces. (ID 594355) o Server entry is added correctly to the hosts file if necessary on the client when a DNS domain is returned. (ID 593825) o rsh failing on 700 user directories w/ .rhosts file. rshd calls ruserok as root. For NFS3, root can be mapped to "nobody" which will fail since access is denied for group "other". Retry a second time as owner. (ID 525594) o rsh cannot handle exported 0700 nfsv3 directories. rshd does chdir() as root. For NFS3, root can be mapped to - 3 - "nobody" which will fail since access is denied for group "other". Retry a second time as owner. (ID 563934) o rshd keeps /dev/log open longer than necessary. closelog() done at wrong place. (ID 565309) 1.3.3 Bugs_Fixed_by_Patch_SG0002611 o inetd could fail to find user 'root' in the password file or NIS map (ID 459895). This was partially corrected in patch SG0002070, but not completely. o The API functions of rsvpd have been split out into librsvp.so. The API has been updated to the new interface defined in ISI rel4.1a6. rsvpd has also been updated ISI rel4.1a6. (ID 541409). o portmap could run out of child table slots (ID 519538). o timeslave should support a GPS receiver (ID 548138), and should keep working past 2000 (ID 555856) (Y2K bug). o ftp/ftpd should support time after year 2000 (ID 540871) (Y2K bug). o Experimental support for large TCP windows has been added to ftp and ftpd. o New DHCP server backend introduced making it faster and scalable. o DHCP server supports client ID and static allocation of IP addresses (ID 554541). o ProclaimServerMgr fixed to be able to show leases from the new dhcp server backend (ID 554888). o DHCP client (proclaim) changed to support client id and correctly assigns domain name (ID 533815). o Change in Internet Gateway to be able to show leases from the dhcp server backend. NOTE: If the Internet Gateway is being used to view the leases given out by a DHCP server run the command: /usr/WebFace/bin/htmake -h newsplash.shtml -l -s admin /usr/WebFace/Source /usr/ns-home/httpd-gateway/docs/webface to make Internet Gateway aware of changes due to changes in the dhcp server backend. If the Internet Gateway v2.1.1 or earlier is installed after this patch is installed you will need to re-install this patch. - 4 - o DHCP server assigns NetBIOS name server, but misses node type (ID 559199). 1.3.4 Bugs_Fixed_by_Patch_SG0002070 o ftp left cleartext passwords in core dumps (ID 481873). o ftpd left cleartext passwords in core dumps (ID 482190). o ftp forced the user to enter an account from the terminal even if it was specified in .netrc (ID 493382). o /usr/sbin/ProclaimServerMgr couldn't stat "/var/dhcp/etherToIP" (ID 393088). o DHCP Server may give out duplicate addresses if range exhausted (ID 463113). o DHCP server does not correctly work with alternate hosts and ethers file. (ID 463119). o DHCP server does not allow preassignment of DNS addresses (ID 463120). o dhcp_relay coredumps under some conditions (ID 469183). o DHCP server core dumps if no config files are loaded (ID 470827). o Loading configurations that are disabled causes incorrect behaviour (ID 477707). o Server gives out address not in range with -x option (ID 481297). o Several bugs in DHCP server (ID 482476). o With the -x flag enabled duplicate names in ethers can be created (ID 484863). o ProclaimServerMgr dies with "Error: file "file4" isn't open" (ID 487655). o A race between rlogin and xwsh could result in erroneous window sizes being reported to remote systems (ID 432928). o rlogin could dump core if an excessively long TERM variable was used (ID 499575). - 5 - o Security issue when rlogin dumps core (ID 498603). o Cannot choose hostname/address when hostname/address is default (ID 500523). o The handling of large numbers of remote shell connections has been improved (ID 500241). o rsvpd has been updated. The one shipped with 6.2 is obsolete and incompatible with the latest RSVP specification. (ID 506376). o rpcbind could dump core (ID 508398). o portmap could run out of memory (ID 502760). 1.3.5 Bugs_Fixed_by_Patch_SG0001811 o Bug 393088: /usr/sbin/ProclaimServerMgr couldn't stat "/var/dhcp/etherToIP" o Bug 463113: DHCP Server may give out duplicate addresses if range exhausted o Bug 463119: DHCP server does not correctly work with alternate hosts and ethers file. o Bug 463120: DHCP server does not allow preassignment of dns addresses. o Bug 469183: dhcp_relay coredumps under some conditions o Bug 470827: DHCP server core dumps if no config files are loaded. o Bug 477707: Loading configurations that are disabled causes incorrect behaviour. o Bug 481297: Server gives out address not in range with -x option o Bug 482476: Several bugs in DHCP server o Bug 484863: With the -x flag enabled duplicate names in ethers can be created o Bug 487655: ProclaimServerMgr dies with "Error: file "file4" isn't open" - 6 - 1.3.6 Bugs_Fixed_by_Patch_SG0001485 o Bug 8180: ypbind now tries to bind using multicast. To bind to a NIS server not on the local network, the distant system running `ypserv` must have `portmap` configured to listen to multicast requests. `portmap` in this patch is safe from the denial of service attacks from the Internet if multicast reception that could conceivably attack previous versions of `portmap` if multicast service is turned on. o Bug 32332: yp domain names are now completely case insensitive. o The ypserv crash whose symptom was rebinding to other servers has been fixed. o Bug 294178: Named now supports round-robin record sorting. o Bug 373847: The timeslave WWW/Traconex problems are fixed by ignoring the "spare" bits that are set by the Traconex version of the WWV receiver. The parity problems are solved by documenting the reuirements of timeslave in the man page. o Bug 391952: the ipfilterd.1m man page was missing from the IRIX release; this patch provides it. o Bug 394367: Named now supports requests to alias addresses. (Requires networking rollup patch 1418 or later) o Bug 397235: ypbind and ypbind now tolerate a system with more than 20 network interfaces. o Bug 417545 and 418059: Named has been upgraded to Bind-4.9.6 which fixes a problem with expanding domainnames with spaces. This would cause named to fail all requests with errors about failing to resolve CNAME or NS information. o Telnet, telnetd, rlogin, rlogind, timed, and timeslave now specify IP "low delay" type of service (TOS). o On 64-bit systems, arp -a would not show all addresses in the ARP cache (ID 348619). o Timeslave would dump core (ID 363058). - 7 - o The BOOTP and DHCP servers failed to function on systems using IP aliases (ID 394059) o Inetd could dump core if the NIS password map changed after inetd started up. A failure to locate a user would result in a NULL-pointer dereference (ID 396323). o The FTP server could dump core if a PASV command was issued prior to the user logging in (ID 406579). 1.3.7 Bugs_Fixed_by_Patch_SG0001366 o The FTP server would allow logins to accounts with expired passwords (ID 273287). o The IRIX 6.2 ifconfig command does not attempt to set the destination address for a point-to-point network interface, a regression which was caused when ifconfig was modified to support IP aliases. This affected some but not all PPP systems. A symptom of this problem is "netstat -rn" displaying misformatted information when listing routes involving such interfaces. (ID 323866,375099) o Rpcbind could hang and disrupt networking services (ID 348335). o Inetd could dump core if IP aliases were in use (ID 351375). o FTP server processes would sometimes hang forever in an accept() call (ID 353649). o Inetd could leak file descriptors when services were shutdown due to heavy load (ID 368997). o Timeslave -Y could force the year wrong on New Year's Eves. (ID 558302). 1.4 Subsystems_Included_in_Patch_SG0003117 This patch release includes these subsystems: o patchSG0003117.eoe_sw.svr4net o patchSG0003117.eoe_sw.unix - 8 - 1.5 Installation_Instructions Because you want to install only the patches for problems you have encountered, patch software is not installed by default. After reading the descriptions of the bugs fixed in this patch (see Section 1.3), determine the patches that meet your specific needs. If, after reading Sections 1.1 and 1.2 of these release notes, you are unsure whether your hardware and software meet the requirements for installing a particular patch, run inst. The inst program does not allow you to install patches that are incompatible with your hardware or software. Patch software is installed like any other Silicon Graphics software product. Follow the instructions in your Software Installation Administrator's Guide to bring up the miniroot form of the software installation tools. Follow these steps to select a patch for installation: 1. At the Inst> prompt, type install patchSGxxxxxxx where xxxxxxx is the patch number. 2. Initiate the installation sequence. Type Inst> go 3. You may find that two patches have been marked as incompatible. (The installation tools reject an installation request if an incompatibility is detected.) If this occurs, you must deselect one of the patches. Inst> keep patchSGxxxxxxx where xxxxxxx is the patch number. 4. After completing the installation process, exit the inst program by typing Inst> quit - 9 - 1.6 Patch_Removal_Instructions To remove a patch, use the versions remove command as you would for any other software subsystem. The removal process reinstates the original version of software unless you have specifically removed the patch history from your system. versions remove patchSGxxxxxxx where xxxxxxx is the patch number. To keep a patch but increase your disk space, use the versions removehist command to remove the patch history. versions removehist patchSGxxxxxxx where xxxxxxx is the patch number. 1.7 Known_Problems