This patch contains changes to header files contained in the optionally loaded OSFINCLUDE410 subset. The following problems were corrected in the header files: PROBLEM: (SSRT0296U) (Patch ID: OSF410-400189) ******** A potential security vulnerability has been discovered in BIND, where under certain circumstances, system integrity may be compromised. This may be in the form of improper file or privilege management. DIGITAL has corrected this potential vulnerability. PROBLEM: (QAR 45580) (Patch ID: OSF410-400239-1) ******** Multithreaded applications that call the pthread_mutex_destroy routine may fail when there are no threads referencing the mutex. This is caused by a race condition inside the pthread_mutex_unlock code. The typical symptom will be a return value of EBUSY from pthread_mutex_destroy. *** NOTE *** Applications using "inline" mutex operations, as described in the pthread.h header file, will need to RECOMPILE with the application of this patch. The instruction sequences for the pthread_mutex_unlock routine have changed. Please refer to the existing note in pthread.h entitled "NOTICED: inline function performance vs. binary compatibility" for more information. PROBLEM: (QAR 52332) (Patch ID: OSF410-400239-1) ******** Over time, a multithreaded application may find that asynchronous signals are not being delivered to it. The asynchronous signal may have originated outside the application or from within it. The effect will be that the signal is pending against a thread, the thread will NOT have the signal blocked, but it will not be delivered to that thread. PROBLEM: (Patch ID: OSF410-400331) ******** When the /etc/passwd file is very large, a performance degradation may occur. When the number of passwd entries reaches up into the 30,000 to 80,000 range or greater, mkpasswd will sometimes fail to create a hashed (ndbm) database. Since the purpose of this database is to allow for efficient (fast) searches for passwd file information, failure to build it causes commands that rely on it to do a linear search of /etc/passwd. This results in a serious per- formance degradation for those commands. For customers choosing to use the mkpasswd -s option to avoid this type of failure, a potential database/binary compatibility problem may arise. If a customer application that accesses the password database created by mkpasswd is built statically (non-shared), that application will be unable to read from or write to the password database correctly. This would cause the customer application to fail either by generating incorrect results or by possibly dumping core. Any statically linked application would be affected if it directly or indirectly calls any of the libc ndbm routines documented in the ndbm(3) man page and then accesses the password database. To remedy this situation, the customer would need to re-link the application. Customers who do not use the mkpasswd -s option will not see this database/ binary compatibility problem. PROBLEM: (MCPM31P0Q/QAR 60741) (Patch ID: OSF410-405440) ******** This patch is a fix to libtli/libxti to correctly handle a continuation data message still on the stream head. PROBLEM: (SSRT0546U, SSRT0542U) (Patch ID: OSF410-405403) ******** A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised. This may be in the form of improper file or privilege management. Digital has corrected this potential vulnerability. In addressing this issue, a warning message not previously seen may be placed in the daemon.log by named. An example of the message follows: Jan 7 14:03:25 hostname named[316]: owner name "xx_yy.zz.com" IN (secondary) is invalid - proceeding anyway This message has no impact on system operation and will only be seen once for any given node name on a BIND server at startup. It is informing the user that this node name contains non-standard characters. Standard characters are defined as A-Z, a-z, 0-9 and hyphen. Non-standard characters are characters that fall out of the standard set such as underscores.