This patch corrects the following: - Fixes a problem in which multithreaded applications that reference a pthread_mutex_destroy routine may fail with EBUSY or the application may hang. - Fixes a problem with the DECthreads "legacy" library. - Fixes problems that might cause threaded programs running under DIGITAL UNIX 4.0 to hang. Specifically, this patch addresses situations related to DECthread bugcheck, pthread_once() or cma_once(), and unhandled exceptions. - Fixes problems in threaded programs related to DECthreads bugchecks, fork(), stack corruptions and exception handling problems. This patch may also fix problems with non-threaded programs relating to exception handling. - Threaded applications seeing a deadlock with fork(), premature stack overflows, corrupted mutexes, orphaned condition variable or mutex blocking structures. - Multi-threaded programs running on a multiprocessor may behave as if they have fewer CPUs available for execution. A considerable performance degradation can be observed in some cases. - A potential security vulnerability has been discovered in BIND (Domain Name Service), where under certain circumstances, system integrity may be compromised. This may be in the form of improper file or privilege management. DIGITAL has corrected this potential vulnerability. - Fixes a problem with the mkpasswd command. Hashed password database files (for example, /etc/passwd.pag and /etc/passwd.dir) are deleted before new database files are created. - Fixes a problem in which mallopt(M_MXFAST), instead of making malloc() faster makes it as much as 65 times slower. - Fixes a problem where a call to popen() hangs after a bad call to pclose() in a threaded program. - A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised. This may be in the form of improper file or privilege management. DIGITAL has corrected this potential vulnerability. - Older call_shared FORTRAN applications to find missing symbols in libc.so. - A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised. This may be in the form of improper file or privilege management. DIGITAL has corrected this potential vulnerability. - Fixes a deadlock problem that may occur with multithreaded applications calling any of the functions for getting system database information (gethostent, getservent, etc.) and which also call fork. The deadlock may occur when such applications are run on systems configured to use YP services. - The interaction of signals with setjmp/longjmp called repeatedly in a loop was causing a segmentation violation and core dump in a customer's application. - A problem that prevents gethostent() from returning all YP or bind served entries. - inet_makeaddr() routine in libc that was returning 8 bytes instead of 4. - Deadlocks that may occur in multithreaded applications which make concurrent use of the fork() and fclose() functions, or the getenv()/setenv() and any time-related function (e.g., localtime()). - A problem from memory leaks with heavily threaded applications using NIS services for passwd, group, and other system database files. - The malloc function fails to allocate all available space within the 2GB address space allowed by the taso option. - This patch fixes problems with redundant close operations on file descriptors by Network Information Services (NIS) and Remote Procedure Calls (RPC) in multithreaded applications. - Fixes a problem in which the rcmd function may cause the system to dump core. - This is a mandatory patch. Fixes the following two problems that occur in the DECthreads core library: o The process blocked signal mask, as set by sigprocmask(), is cleared in the child process following a fork(). o Under certain load conditions, a DECthreads bugcheck occurs in pthread_kill(). This results in a core dump. - Allows customers to create hashed passwd databases from large passwd files by using a new option (-s) to the mkpasswd command. The -s option increases the block size of the database page file. - Fixes a TCP/IP problem that can occur with programs linked with the libc library. These programs may return a value of (-1) when calling the svc_tcp() function. - Fixes a deadlock issue between fork() processing and exception handling DIGITAL UNIX 4.0. An exception occurring during a fork() operation would cause the child and parent processes to hang with no cpu activity. - Fixes a problem in libc. The allocation of pty's sometimes doesn't work correctly. This can cause problems with the EMACS editor. - Fixes two problems in the DECthreads library: o On multiprocessor platforms, condition variable broadcasts were occasionally being lost. o Stack unwinding during exception processing was losing contexts, resulting in incorrect stack traces. - Corrects a problem related to the statically initialized mutexes in DECthreads library (libpthread.so). - Fixes a problem whereby a call to the libc dbm_open() routine followed immediately by a call to dbm_close() causes hashed database directory files to be truncated. - Corrects a problem which occurs when pthread_cond_timedwait() is called with a large timeout value (greater than 23 days). - There is a problem in the Bind 4.9.3 patch which may cause incorrect messages to be reported. It may also cause statically linked programs using certain network functions in libc to core dump. - Fixes a problem with call_shared executables that are linked with libc.a instead of libc.so. A symptom of this problem is that routines like dlopen(3) and __fini_* routines are not run. - Fixes a problem with the auditd daemon. If auditd is logging to a server and the server becomes unavailable, the CPU usage for the daemon rises dramatically. - Fixes a problem in which RPC client functions do not correctly handle system calls interrupted by a signal (EINTR errors). - Fixes a problem that causes the readdir_r() function to read past the end of its input buffer. - Fixes an AdvFS problem in which improper handling of I/O queues causes either a kernel memory fault or the following panics: "bs_invalidate: cache rundown" "rm_or_moveq: ioDesc not on a queue" - Command nslookup will sometimes display the incorrect error message for non-english locales. - A potential audit vulnerability has been discovered, where under certain circumstances, the audit trail of a user may be compromised. DIGITAL has corrected this potential vulnerability. - Fixes a DECthreads problem in which a threaded program may unexpectedly abort a process. - Fixes a bug found in 'pthread_kill' call. The bug may cause a thread program to terminate when the program tries to send a kill signal to a terminated thread. - Fixes a problem with the syslog function. Some syslog messages may fail to to get written to a log file when the system is experiencing a heavy I/O load. - Fixes a problem with rexec(3) losing socket descriptors. - Fixes a problem with the statvfs function. statvfs returns a wrong status when the file system is full. - Fixes a problem whereby exceptions propagating out of (or thrown from) __init routines in C (or C++) programs are not caught by the last chance handler and result in an infinite loop. - Fixes a problem which occurs when a program attempts to create a thread with stacksize or guardsize greater than maximum signed long integer. - Corrects two problems: 1) A process hang when an application linked with libpthread performs a realloc(0,0). 2) A memory leak when small blocks are allocated with valloc(). - Under enhanced security, sometimes users (even root) are unable to log in on graphics console, even after using dxdevices or edauth to clear the t_failures count. - On systems running enhanced security, user-written applications that call auth_for_terminal() may fail with a segmentation fault. - Fixes a problem in the DECthreads library for Digital UNIX. During a fork() operation, DECthreads temporarily replaces its signal-to-exception mapping for synchronous signals by installing the system default handler. This fix permits any user-installed handlers to remain in place during the fork() operation. - Fixes a scanset processing problem in swscanf(). - Fixes a problem that causes a segmentation fault when doprnt calls strlen with non-null-terminated char arrays. - Fixes a problem with disklabel, where the command failed if the device was unable to provide disk geometry information. - Fixes a problem where a call to dbm_open() followed immediately by a call to dbm_close() caused hashed database directory files to be unnecessarily flushed. The ndbm routines were not threadsafe because of the definition and use of buffer ovfbuf, and dbm_open had some problems in its error handling code. The calculation of the page block size in dbm_open() did not make some necessary checks on size limits. - Fixes a problem in the audit daemon when it is used as a network server. Child auditd processes that are serving network connections fail to reap their child processes (such as when log files are compressed), leaving them as defunct processes on the system. - Resolves a problem with Enhanced Security not handling a voucher correctly from some other security mechanism such as DCE. The scenario to reproduce the problem would be: a user incorrectly enters his username at the first "login:" prompt, but subsequently corrects the login name when prompted again after the first failure. Without this patch, the user upon successfully typing their login/password on the second try would still receive the message "login incorrect". - Fixes a problem with printing floating point values using the width and precision specifiers. Previously, the leading and trailing zero counts were often miscalculated. - Fixes a memory leak in the libc glob() function. - Fixes a virtual memory problem that may cause the system to panic with one of the following messages. pmap_begin_mutex_region timeout or: simple_lock timeout - Adds automatic detection of a cdfs file system for the mount(8) command. - Fixes a problem that occurs if the kernel tunable variable "old-obreak" is set to zero and the system is running the Korn shell (ksh). The shell gets caught in an infinite loop printing a message similar to the following. Eventually the process will core dump. /adp/bin/adpbkup[135]: no space - Fixes a problem that occurs when using the Korn shell (ksh). Keyboard input is not echoed when a user exits via a trap, after editor options have been set in ksh. - Fixes a problem with the ksh shell program. ksh prevents a command which runs in a sub-process from writing to a tape device. - Fixes a problem in which the ksh command periodically prints erroneous characters instead of the command that was typed. - Fixes a problem in which the ksh shell sometimes reverses the group id (GID) and the effective group id (egid) of the calling process. - Fixes problems that occur when using the ksh shell. When the PATH for a command is not found, the following error message is displayed. Also, when the set command is executed, the system core dumps. /bin/ksh: invalid multibyte character - Fixes a problem that occurs when using the Korn shell (ksh). Variables set with the typeset -L[n] built-in command do not work correctly when other subshells are spawned. - Fixes a problem that was caused by the Korn shell running in EMACS mode. When a window was resized with a width that exceeded 160 characters, the next command (or even a return) would cause the ksh utility to core dump. - Fixes a problem in the Korn shell in which the "lt" operator did not work correctly when the first expression was more than ten digits. - Fixes a problem when builtin variables (ex. TMOUT) are exported as readonly with values > 256. The 'set' command (display all variables) will cause ksh to core dump with the error "stack overflow". - Corrects several serious problems with the "csh" command. Some of these problems can cause the "grep" and "find" commands to fail, when the user runs the commands under the "csh" shell. - Fixes a problem that occurs when using the C shell (csh). When a command that does both wildcard expansion and command substitution is run in csh, incorrect results are produced. - Fixes the problem that csh may omit the data byte 0x80 when processing a a string in the ja_JP.SJIS or zh_TW.big5 locales. - Corrects a problem which results in a superuser being able to inadvertently bring the system down to single user mode by accidentally killing pid 1 (init) when trying to kill a background job (%1). - Fixes a memory management problem that occurs on systems running the Korn shell. Incorrect results occur when the length of the parameter to the echo command is altered. - Correct quota command to return worst error status on exit. - Allows system managers to both set and obtain quotas for users and groups which are numeric when using the edquota, vedquota, quota and vquota programs. - Fixes a problem with the edquota utility, which prevented a user from creating quotas for UIDs or GIDs that did not already exist in the /etc/passwd or /etc/group files. - Fixes problems that occur with the dump and rdump commands. The commands will fail with the following error message: available blocks n < estimated blocks m When a member of group "operator" logged into the console and (r)dump was invoked with the -n flag, an extraneous file (/dev/:0) was created. - Fixes a problem in which the dump command fails when the full pathname of the output file is not given. - Fixes a problem in which the vquota, vedquota, quota, edquota, dump, csh, and nslookup commands will sometimes display incorrect error messages for non-English locales. - Fixes a problem in which BIND client applications are not able to resolve node names. Network applications running on a BIND client such as ping, telnet, and ftp using node names that are resolved by a BIND server will result in resolution errors such as "unknown host". - A potential security vulnerability has been discovered , where under certain circumstances, system integrity may be compromised. This may be in the form of improper file or privilege management. Digital has corrected this potential vulnerability.