PROBLEM: (CLD SOO101148, QAR 60948) (Patch ID: OSF435-425353) ******** This patch fixes a memory leak in the libc glob() function. PROBLEM: (SSRT0546U, SSRT0542U) (Patch ID: OSF435-001) ******** A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised. This may be in the form of improper file or privilege management. Digital has corrected this potential vulnerability. In addressing this issue, a warning message not previously seen may be placed in the daemon.log by named. An example of the message follows: Jan 7 14:03:25 hostname named[316]: owner name "xx_yy.zz.com" IN (secondary) is invalid - proceeding anyway This message has no impact on system operation and will only be seen once for any given node name on a BIND server at startup. It is informing the user that this node name contains non-standard characters. Standard characters are defined as A-Z, a-z, 0-9 and hyphen. Non-standard characters are characters that fall out of the standard set such as underscores. PROBLEM: (CLD's BCGMC1GJ4, HPAQC1L0D, HPAQC1L10) (Patch ID: OSF435-405520) ******** This patch fixes a problem in which BIND client applications are not able to resolve node names. Network applications running on a BIND client such as ping, telnet, and ftp using node names that are resolved by a BIND server will result in resolution errors such as "unknown host". In addressing security-related BIND issues, an area of BIND functionality was altered. Non-standard characters that fall out of the standard set such as underscores caused a node name resolution problem. In addition, when "bind" is the first service listed for the "hosts" database in /etc/svc.conf, BIND lookups fail. PROBLEM: (QAR 62714 58520) (Patch ID: OSF435-087) ******** This patch fixes a virtual memory problem that may cause the system to panic with one of the following messages. pmap_begin_mutex_region timeout or: simple_lock timeout PROBLEM: (68695, 57663) (Patch ID: OSF435-116) ******** This patch fixes a problem in which a multithreaded process that forks and also loads a shared object may hang due to a deadlock. In particular, this affects Java users who will be using the new Fast Java Virtual Machine (FJVM). If you kill the hung process with a quit signal in order to get a core file and run ladebug on it, you would see that both the exc read and ldr mutexes would be locked, as shown in the following example: deneb> ./u2 hello Quit(coredump) deneb> ladebug u2 core Welcome to the Ladebug Debugger Version 4.0-44 ------------------ object file name: u2 core file name: core Reading symbolic information ...done Core file produced from executable u2 Thread 0x1 terminated at PC 0x3ff814d8fa8 by signal QUIT (ladebug) show mutex with state==locked Mutex Name State Owner Pri Type Waiters (+Count) ------ ------------------------- ----- ------ --- -------- ---------------- 3 exc cr Lock 2 Recurs 4 exc read rwl Lock 2 Normal 16 Global lock Lock 2 Recurs 17 ldr Lock 1 Recurs 2 19 atfork Lock 2 Normal 20 sia[0] Lock 2 Normal 21 sia[1] Lock 2 Normal 22 sia[2] Lock 2 Normal 23 sia[3] Lock 2 Normal 24 sia[4] Lock 2 Normal 25 sia[5] Lock 2 Normal 26 sia[6] Lock 2 Normal 27 sia[7] Lock 2 Normal 28 sia[8] Lock 2 Normal 29 sia[9] Lock 2 Normal 30 sia[10] Lock 2 Normal 31 sia[11] Lock 2 Normal 32 sia[12] Lock 2 Normal 33 sia[13] Lock 2 Normal 34 sia[14] Lock 2 Normal 35 sia[15] Lock 2 Normal 36 Lock 2 Recurs 37 atof Lock 2 Normal PROBLEM: (MG0103887) (Patch ID: OSF435-156) ******** The routines wprintf(), swprintf() and fwprintf() incorrectly handle the 'S' format. When printing, they count the number of bytes inthe same way that printf() sprintf() and fprintf() do. The standard indicates that the wide char routines must count by logical characters. After the patch is applies, the three routines will correctly calculate and print the correct number of logical characters in all locales. PROBLEM: (CLD's BCGM10PM6 and DMO100420) (Patch ID: OSF435-405564) ******** This patch fixes a problem from a previous libc patch in which the gethostbyaddr function is not able to resolve node names. Non-standard characters that fall out of the standard set, such as underscores, cause a node name resolution problem for the gethostbyaddr function. PROBLEM: (QAR 65717) (Patch ID: OSF435-425464) ******** This patch fixes a problem whereby a program that is compiled with the -pthread or -threads option and the -p or -pg option will not terminate if the _exit(2) library routine is called when the program is executed. When this occurs, the program's process will be seen to use a large percentage of the available CPU time, as shown by the ps(1) command; for example: 1> ps u USER PID %CPU %MEM VSZ RSS TTY S STARTED TIME COMMAND username 657 93.3 0.2 2.24M 424K ttyp1 R + 08:09:42 0:08.84 ./a.out The program can be stopped using the kill(1) command; for example "kill -9 657". If the program is run in a debugger, such as dbx(1) or ladebug(1), the segmentation fault that causes the non-termination can be seen; for example, in a program compiled with -pg (with -p the fault occurs in _prof_moncontrol): 2> dbx a.out dbx version 3.11.10 Type 'help' for help. main: 52 int i = 0; (dbx) run thread 0x3 signal Segmentation fault at >*[_gprof_moncontrol, 0x120003b10] l dl r2, 24(r9) (dbx) t 3 > 0 _gprof_moncontrol(0x140072000, 0x3ffc00802a0, 0x14000d300, 0x140027108, 0 x1 00000000) [0x120003b10] 1 _gprof_monstop(0x14000d300, 0x140027108, 0x100000000, 0x140027108, 0x3ff8 00 d92c4) [0x1200043f0] 2 _exit(0x100000000, 0x140027108, 0x3ff800d92c4, 0x1, 0x3ff800e0518) [0x3ff 80 0d92c0] (dbx) PROBLEM: (QAR 61080) (Patch ID: OSF435-425270) ******** In threaded applications, user-installed handlers for synchronous signals may be ignored during a fork() operation. Receipt of a synchronous signal at that time would cause the system default action to be taken. PROBLEM: (QAR 58658) (Patch ID: OSF435-024) ******** Thread-aware debuggers (particularly TotalView) that make extensive use of the libpthreaddebug.so HOLD/UNHOLD mechanisms for breakpoints may expose a race condition that can lead to a SIGSEGV within the user-mode thread scheduling code. This can lead to a "quiet" process exit: a core file is generated, but no message appears, and the proc filesystem reports a normal termination to the debugger. Other HOLD-related races can result in the process being debugged ignoring the debugger's HOLD request, or in corrupting the saved state of a thread. PROBLEM: (QAR 58658) (Patch ID: OSF435-024) ******** DECthreads can optimize the performance of some common thread operations for programs compiled using DEC C, by utilizing the DEC C asm() syntax to include machine instructions. DECthreads does not use asm() syntax under other compilers, but nevertheless with the gcc compiler asm() syntax. PROBLEM: (QAR 60358) (Patch ID: OSF435-024) ******** This patch corrects a problem related to "call system" fortran statement. A fortran program, which is compiled with -omp switch (openMP), hangs on a "call system" fortran statement in a fortran program. PROBLEM: (HPAQ60QV9,QAR 62953) (Patch ID: OSF435-425387) ******** This patch fixes a problem with the dd command in which dd aborts after a read error. This problem occurs even when the "conv=noerror" parameter is specified. The XPG4 standard specifies that an "indeterminate read" should be skipped (not written), and then after stats are reported, the read/write behavior should be continued. PROBLEM: (QAR 66683) (Patch ID: OSF435-129) ******** DECthreads was not properly changing the priority of a suspended thread, adversely effecting Java programs. The routine pthread_setschedparam() was not properly handling threads that are suspended. PROBLEM: (QAR 66254) (Patch ID: OSF435-129) ******** The routines, pthread_mutex_trylock() and tis_mutex_trylock(), as coded in the libpthread and libc, respectively, can cause uncontested lock operations to take the "slow path" when they would not have to otherwise. This shows a significant performance problem for the malloc mutex under heavy load. PROBLEM: (QAR 60355) (Patch ID: OSF435-129) ******** A bug in DECthreads affected the preemption of realtime SCS threads. In one instance a low priority SCS thread would run before a higher priority SCS threads. Another problem occurred when one SCS thread joined with another SCS thread, by calling the pthread_join() function before the "target" SCS thread had terminated. In that situation, the joiner thread may never be unblocked from the wait. PROBLEM: (CLD HPAQ81B6C) (Patch ID: OSF435-129) ******** Multithreaded applications can experience performance problems if they are run on multi-cpu systems and make heavy use of any of the functions on the malloc(3) manpage. This includes C++ applications making heavy use of "new" and "delete". The primary fix for this problem exists within libc, however DECthreads contained inefficiencies in the mutex logic code which made the problem worse. PROBLEM: (HPAQ81B6C) (Patch ID: OSF435-130) ******** Multithreaded applications can experience performance problems if they are run on multiCPU systems and make heavy use of any of the functions on the malloc(3) manpage (including C++ applications making heavy use of "new" and "delete"). On profiling these applications, they will be seen to be spending a large percentage of their CPU time in two pthreads functions (pthread_mutex_block and pthread_mutex_unblock) which are called from the malloc family of functions. The problem becomes worse under the following conditions: the number of threads increases, the number of CPUs increases, or more calls are made to the malloc functions. PROBLEM: ( QAR 69251) (Patch ID: OSF435-425582) ******** With version 52, Ladebug has begun to employ a "user thread hold" mechanism. This patch fixes problems in DECthreads, when using this mechanism, which might result in missed breakpoints and watchpoints, as well as causing application hangs. PROBLEM: ( CLD HPAQ21HQ9) (Patch ID: OSF435-425582) ******** This patch fixes a DECthreads problem in which an invalid scheduling priority bugcheck in encountered. This is caused by incorrect referencing of scheduling data structures inside DECthreads. PROBLEM: ( QAR 69364) (Patch ID: OSF435-425582) ******** This patch fixes a problem in DECthreads manager thread logic. The manager thread is being scheduled to run in response to a system event (nxm action, timer queue expiration, etc.) but is not recognizing the event as the reason it was scheduled to run. The manager thread then goes back to sleep, only to wake up again in response to the still unserviced system event. An infinite loop results. PROBLEM: (63960) (Patch ID: OSF435-205) ******** This patch fixes a problem with the wcstod system call causing a core dump. For example, the following program will core dump: #include #include main() { double val; wchar_t *ws = L"-.9e-27"; val = wcstod (ws, (wchar_t **) NULL); printf("%g\n", val); } PROBLEM: (MGO103748/QAR 67141) (Patch ID: OSF435-221) ******** This patch fixes problems with rsh(1), rlogin(1), rcp(1) if netgroup names are defined with capital letters. PROBLEM: (HPAQ50LK2/QAR 52404) (Patch ID: OSF435-227) ******** This patch fixes a problem with portmap by allowing RPC select() timeouts to occur when interrupted by signals. PROBLEM: (CLD: UVO106533, QAR: 72124) (Patch ID: OSF435-234) ******** The strftime() function in libc was not compliant with the latest UNIX95 corrigenda, dated 12 Mar 1999, concerning the %V format specifier. The previous description for this specifier was as follows: > %V is replaced by the week number of the year (Monday as the first > day of the week) as a decimal number [01,53]. If the week containing > 1 January has four or more days in the new year, then it is > considered week 1. Otherwise, it is week 53 of the previous year, > and the next week is week 1. The new wording per the approved corrigenda is: > %V is replaced by the week number of the year (Monday as the first > day of the week) as a decimal number [01,53]. If the week containing > 1 January has four or more days in the new year, then it is > considered week 1. Otherwise, it is the last week of the previous > year, and the next week is week 1. The difference is in the last sentence. The last week of the previous year can be 52 or 53, depending on how many weeks are in the previous year. The previous code complied with the original published UNIX95 spec and returned the value 53 in this case. However, the approved corrigenda referenced above takes precedence and this patch implements that change as required for releases branded for UNIX95. PROBLEM: (QAR 70833) (Patch ID: OSF435-245) ******** DECthreads turns synchronous signals into exceptions for processing by the application program with TRY...ENTRY blocks. If no application TRY block exists, processing defaults to the DECthreads internal routine, excLastChance. Prior to this patch, excLastChance would only reset the handler for the signal if the handler was the DECthreads-installed sigRaiseException routine. Any application-installed handlers remained. This caused a problem for applications whose signal handlers attempt to pass control to previously installed signal handlers, because if the previously installed handler was sigRaiseException, an infinite loop would result. PROBLEM: (QARs 71019, 71358) (Patch ID: OSF435-245) ******** A bug in the DECthreads two-level scheduler was causing Virtual Processors (VPs) to go idle and never be scheduled to run. This resulted in one or more CPUs on SMP machines going unused by threaded applications. PROBLEM: (QAR 62835, QAR 70582) (Patch ID: OSF435-283) ******** This patch fixes a problem of password error messages not being displayed during installation of the security subsystem. If a root password is not entered at the installation interface, then it will be requested during the configuration phase. However, if the user enters an unacceptable password the message explaining why the password was not accepted is not displayed. Instead the message is stored until the user enters a good password and then all of the messages are displayed. PROBLEM: (QAR 68625) (Patch ID: OSF435-223) ******** UFS file systems being checked by fsck may have conditions that cause a dirscan() to end in a segmentation fault. This patch adds a check to dirscan() that will return STOP if this condition exists.This return will be detected by fsck and the user will be queried for action to be taken. PROBLEM: (QAR 64443, QAR 64472, QAR 64473, QAR 67374) (Patch ID: OSF435-256) ******** This patch fixes and enhances the quotacheck and fsck commands. 1) Add a -t option on quotacheck so that either AdvFS or UFS type devices may be selected for -a processing. 2) fsck and quotacheck will no longer try to attempt parallel processing of partitions on the same device or filesets in the same domain. 3) Unique pass numbers are now being processed in numerical order during separate passes. This applies to both fsck and quotacheck 4) If an explicit AdvFS fileset is specified (without -a option) now always perform the quota check even if there is no /etc/fstab entry with quotauser and/or quotagroup specified. 5) Skip any file systems which are not currently mounted on their mount points. 6) Skip any /etc/fstab specified file system which are not mounted on their specified mount point. 7) A quotacheck command line can not have more than 64 arguments, if it does an error will be generated. PROBLEM: (QARS 71007, 73965) (Patch ID: OSF435-327) ******** This patch fixes a problem in which `ufs_fsck` can get blocked while attempting to flush nfs buffers for a service that has become suspended. PROBLEM: (CLD ZUO101615, QAR 71587) (Patch ID: OSF435-356) ******** This patch fixes a problem that was causing the csh globbing function to be extremely slow when accessing file information on NFS, AFS, or VMS file systems.