PROBLEM: (SSRT2275) (PATCH ID: OSF445-599) ******** This patch provides protection against a class of potential security vulnerabilities called buffer overflows. Buffer overflows are sometimes exploited in an attempt to subvert the function of a privileged program and possibly execute commands at the elevated privileges if the program file has the setuid privilege. This patch allows a system administrator to enable memory management protections that limit potential buffer overflow vulnerabilities. (Change Attribute) is a new tool which can enable or disable execution from data (stack or heap) by changing a binary's file attribute. PROBLEM: (80620) (PATCH ID: OSF445-072) ******** This patch fixes a printing problem where lpd reads any data from the printer that has not been read, for local and remote connections. The read-backs for remote connections cause an additional 2 second timeout which may cause a job-submit failure on the job-number wrap-around. This patch fixes the problem by performing the read-backs for local connections only. PROBLEM: (78515, 80638, 80639, 80877) (PATCH ID: OSF445-082) ******** This patch fixes the following four printing problems: - A user is unable to delete a print job from a remote system with a hostname greater than 32 characters because the hostname was truncated. - When a TCP/IP connection fails, the retry algorithm would take longer to print jobs due to a long retry interval. - A timing hole during lpd last-job completion and shutdown needed to be closed. - It was not possible to print to the lpd queue using Windows 2000. PROBLEM: (76329, 76559) (PATCH ID: OSF445-115) ******** This patch corrects a problem in which, under certain conditions, unnecessary error messages are written to the lpr.log file. PROBLEM: (82203, 81354, 85602) (PATCH ID: OSF445-136) ******** This fix introduces the "JJ" /etc/printcap parameter, which allows the user to choose either one tcp/ip connection for all jobs in the print queue (JJ=1), or a tcp/ip connection for each job in the print queue (JJ=0). It also closes a timing hole that existed when lpd was shutting down. This patch fixes a problem in which lpd hangs when printing to advanced server queues (using /dev/null). PROBLEM: (79675, 79343) (PATCH ID: OSF445-063) ******** This patch updates the emx Fiber Channel driver to revision 1.22, correcting the following problem: Command timeout problem seen in large configurations. Commands would not be transmitted to the device correctly and would hang on the bus. Other commands would finish successfully while these commands were hung. The adapter would then timeout the command and abort it. This behavior was causing a decrease in performance. PROBLEM: (BCPM804R1) (PATCH ID: OSF445-111) ******** This patch fixes the following DE600/DE602 10/100 Ethernet adapters problems: - the primary CPU may appear hung on networks where switches send "Flow Control Pause" frames if they become overloaded, and - transmit timeout messages appearing in the console log due to the driver timing out a frame. PROBLEM: (none) (PATCH ID: OSF445-113) ******** This patch provides the device driver support for 3DLabs Oxygen VX1 graphics adapter. PROBLEM: (none) (PATCH ID: OSF445-109) ******** This patch provides support for the DEGPA-TA (1000BaseT) Gigabit Ethernet device. PROBLEM: (BCGM32243) (PATCH ID: OSF445-164) ******** This fixes a "u_anon_free: page busy" panic. An example stack trace: panic("u_anon_free: page busy") u_anon_free() u_anon_unmap() u_map_delete() vm_map_remove() vm_deallocate() procfs_read() vn_read() rwuio() read() syscall() _Xsyscall() PROBLEM: (85404) (PATCH ID: OSF445-202) ******** This patch fixes a problem with the driver for Gigabit Ethernet adapters (DEGPA-FA and DEGPA-TA) which prevented its use in a NetRAIN (Redundant Array of Independent Network Adapters) set. In order to add an interface to a NetRAIN set, the interface must not be busy. However, even when the Gigabit Ethernet interface ("alt") is not explicitly started by the system administrator or by a startup script, sometimes the interface will be started automatically as a result of activity on the network. If an attempt is then made to add this interface to a NetRAIN set, NetRAIN will report that the device is busy and thus cannot be used. This patch corrects the Gigabit Ethernet driver so that it will not start unless explicity told to do so by either the system administrator or by a startup script. PROBLEM: (VNO65701A) (PATCH ID: OSF445-174) ******** This patch fixes an issue with lightweight wiring of pages and shared memory regions. This problem can occur when running Oracle and may cause ORA-01034: Oracle not available" errors when attempting to connect to Oracle databases. PROBLEM: (82173, 82174, 82682, 83069, 82134, 84017, 84089, 84403, 84513, 85200) (PATCH ID: OSF445-183) ******** This patch fixes a problem where cascaded switches can hang the system at failover time. PROBLEM: (83662, 83714) (PATCH ID: OSF445-163) ******** The receiver on the DE60x will hang. Packets can be sent from the interface but are never received. "netstat -s -i" will typically show a high number of data overruns for the affected interface. Running "ifconfig down" followed by "ifconfig up" will restart the receiver, as will rebooting. lan_config behavior was not as expected with previous versions of the DE60x driver. There are two options to lan_config, -s (speed) and -x (mode). "lan_config -s100" would revert the mode to half-duplex, since "-x" was omitted. Conversely, "lan_config -x1" would revert the speed to 10, since "-s" was omitted. A workaround is to always specify "-s" and "-x" on the lan_config command-line. PROBLEM: (71646, 46891) (PATCH ID: OSF445-011) ******** This patch fixes a problem in ksh. When the current working directory is / and the command 'cd ..' is entered, the following error message is displayed: ksh: ..: bad directory PROBLEM: (76587, 52442) (PATCH ID: OSF445-019) ******** This patch fixes a problem in ksh in which a space after the -p switch would cause the command to fail. PROBLEM: (TKTRB0023) (PATCH ID: OSF445-162) ******** This patch fixes a multibyte character boundary condition handling bug in ksh. This problem happens only when MB_CUR_MAX of the multibyte locale is greater than 2 and a 2-byte character is divided into two parts on a 1024-byte block boundary. In this case, additional bytes may be skipped leading to incorrect execution of the ksh script. PROBLEM: (TKTBC0080, TKTB10082) (PATCH ID: OSF445-181) ******** This patch fixes two ksh problems. 1. ksh command line editing may not work correctly in emacs mode when the LANG environment variable is set to a multi-byte Asian locale. 2. ksh script may crash if the script changes the LANG environment variable to a multi-byte Asian locale. PROBLEM: (79556) (PATCH ID: OSF445-001) ******** The output string for the swprintf() interface was not NULL terminated. PROBLEM: (79876) (PATCH ID: OSF445-023) ******** If the "where" or "t" ladebug command does not show all the currently active functions, it may be because of this problem. The program being debugged had to have been built with "split procedures", which is done via options in the om and spike tools. For spike, split procedures are generated if profiling is specified. For om, split procedures are generated if profiling AND the -split_procedure option are specified. PROBLEM: (TKTR30011, 78909) (PATCH ID: OSF445-025) ******** If a code segment contained a gmtime() call between calls to tzset(), or any function specified to call tzset() (such as localtime(), mktime(), strftime(), etc) , the tzname[0] array could contain erroneous time zone data referring to the "GMT" zone abbreviation instead of the local time zone, as specified in the TZ environment variable or default time zone for the system. PROBLEM: (62211) (PATCH ID: OSF445-031) ******** This fix increases the length of the user names for rsh and rexec to allow for NT interoperabilty. PROBLEM: (72100, 74961, 75971, 77080, 77288, 79588) (PATCH ID: OSF445-112) ******** Threaded applications which make extensive use of synchronization objects (mutexes, condition variables) may encounter performance and scaling regressions when run on some EV6 SMP machines. Customers encountering these regressions may observe negative scaling, decreased application throughput and increased CPU utilitzation, as the number of EV6 CPUs is increased. This version of DECthreads contains changes to the implementation of synchronization objects and thread scheduling around those objects to improve performance on all SMP systems. No functional or interface changes were made. PROBLEM: (BCSM807S5) (PATCH ID: OSF445-108) ******** Some applications assume that initial allocations of memory from the C run-time library's malloc() function will return zero-filled memory. The problem is that malloc() and free() often write into the first 16 bytes of the allocated memory. This change to malloc() zeros out the first 16 bytes in the allocated memory. The result is that memory allocated prior to any call to free() -- and prior to any other run-time library function that might call free -- should be zero filled. PROBLEM: (84534, 84535) (PATCH ID: OSF445-165) ******** This patch fixes a problem that might occur with threaded applications linked against older versions of DECthreads. The DECthreads internal symbol __pthreads_legacy_init_routine may show up as an unresolved symbol at load time when those applications are run on systems on which a newer version of DECthreads has been installed. PROBLEM: (SSRT1-19U) (PATCH ID: OSF445-170) ******** A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised. This may be in the form of improper file or privilege management. Compaq has corrected this potential vulnerability. PROBLEM: (SSRT0689U) (PATCH ID: OSF445-138) ******** A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised. This may be in the form of improper file or privilege management. Compaq has corrected this potential vulnerability. PROBLEM: (UTO97639A) (PATCH ID: OSF445-098) ******** This patch prevents warning messages of 'not currently mounted' from displaying for filessyetsm you did not request to umount. An example follows: # umount -a -t ufs /test5: not currently mounted <==== These are AdVFS filesystems /test2: not currently mounted /test1: not currently mounted PROBLEM: (BCGM4134M, BCPM71NXQ, BRO45678A, BCGM814ON, BCPM51JZ6, 81811, 77292, 79179, 84598 N/A) (PATCH ID: OSF445-107) ******** This patch upgrades sys_check utility to version 119.1 and provides the following changes: - fixes two NFS problems - fixes the ra200info tool from core dumping - utilizes Compaq ANalyze when available - utilizes storages new cliscript tool in place of hszterm - update asu section PROBLEM: (BCGMA1D6Z) (PATCH ID: OSF445-157) ******** sys_check is incorrectly evaluating the number of HSG controllers connected to a system, especially in a multipath configuration on v5.0a/V5.1. Doing so causes sys_check to run considerably longer. PROBLEM: (72111, 74264) (PATCH ID: OSF445-012) ******** This patch fixes a problem with verify. When verify is run on a brand new domain, nfs warnings are displayed even though no nfs related activity is being done. PROBLEM: (BCGMC0WVV) (PATCH ID: OSF445-040) ******** This patch fixes a system hang that could last up to a few minutes with large files when performing synchronous IO requests. The fix is to split up msync() requests into manageable pieces so users can continue working. PROBLEM: (76777) (PATCH ID: OSF445-068) ******** This patch fixes a problem where the output of a "ps" command, the PAGEIN column reports 0 for all processes. After installing this patch, the ps PAGEIN value increases as advfs accesses the disk for vm accesses (but not for normal file read). PROBLEM: (80270) (PATCH ID: OSF445-073) ******** This patch turns off AdvFS assert which, when turned on, a performance degradation in Advfs occurs. The Advfs assert are used for isolating problems during development. PROBLEM: (79769) (PATCH ID: OSF445-079) ******** A kernel memory fault can occur on an smp machine when one thread is extending a clone frags file and another thread does a stat system call on a file with a frag. The stack trace is as follows: 5 panic src/kernel/bsd/subr_prf.c : 804 6 trap src/kernel/arch/alpha/trap.c : 1762 7 _XentMM src/kernel/arch/alpha/locore.s : 1748 8 x_page_to_blk src/kernel/msfs/bs/bs_stg.c : 6191 9 x_page_to_blkmap src/kernel/msfs/bs/bs_stg.c : 5928 10 x_page_mapped src/kernel/msfs/bs/bs_stg.c : 6281 11 bs_frag_has_stg src/kernel/msfs/bs/bs_bitfile_sets.c : 2229 12 msfs_getattr src/kernel/msfs/osf/msfs_vnops.c : 1525 13 vn_stat src/kernel/vfs/vfs_vnops.c : 1277 14 stat1 src/kernel/vfs/vfs_syscalls.c : 3056 15 lstat src/kernel/vfs/vfs_syscalls.c : 3034 16 syscall src/kernel/arch/alpha/syscall_trap.c : 627 17 _Xsyscall src/kernel/arch/alpha/locore.s : 1512 PROBLEM: (77274, 78605) (PATCH ID: OSF445-083) ******** This patch fixes a problem with AdvFS. An AdvFS domain becomes inaccessible when using the mount -d option. PROBLEM: (BCPMB215Q) (PATCH ID: OSF445-005) ******** This patch fixes a kernel memory fault in VMAC code if_addnewaddr(). The fault will occur from ifconfig(8) and the stack will include: _XentMM bcmp if_addnewaddr ifioctl soo_ioctl ioctl_base ioctl syscall PROBLEM: (UVO74098) (PATCH ID: OSF445-007) ******** This patch adds a fix to VMAC functionality when used with NETrain. PROBLEM: (EVT91336A) (PATCH ID: OSF445-010) ******** This patch fixes a problem where the following can occur during a system panic: - system calls interrupts - mpsleep() returns an EINTR error when the panicstr is non-NULL - an indefinite looping at a very high priority PROBLEM: (MGO85573B, N/A) (PATCH ID: OSF445-016) ******** This patch fixes a bug such that when 'fuser -k' is issued on a dismounted NFS mount point in which some process is running, a hang will occur. A new flag, -p, has been introduced. When the -p flag is used with the -c flag, as in 'fuser -c -p -k /mnt', the parent directories are ignored and the processes are gracefully killed. PROBLEM: (74277, 74545) (PATCH ID: OSF445-017) ******** This patch fixes a problem in which operations on NFS files can hang indefinately. PROBLEM: (13096) (PATCH ID: OSF445-026) ******** In the per-VP scheduling state that is shared between the kernel and the DECthreads library scheduler, the compiler generates ldq/stq pairs for a 32-bit data object that neighbors another 32-bit variable. This patch fixes the stq that causes a word tear that corrupts the per-VP floating point flag field called nxm_fp_owned. The affected data structures are defined in . PROBLEM: (BCGM10RFF, 77112) (PATCH ID: OSF445-004) ******** This patch fixes a problem where if the size of a message queue was increased, writers to the queue that were blocked would not wake up for processing. The msgctl(2) and msgsnd(2) system calls now test if the message queue size has increased and if there are writers waiting to get unblocked, then wakeup the writers and let them proceed. PROBLEM: (HPAQB1FTS) (PATCH ID: OSF445-049) ******** This patch fixes a system panic with panic string: "psig: catch not set" An example stack trace is as follows: panic() psig() mach_checksig() PROBLEM: (QCAPUN003) (PATCH ID: OSF445-062) ******** This patch fixes a problem where the system appears to hang. A child process is holding a lock too long and preventing other processes from doing work. The child process is waiting to be re-parented as its parent is winding down. No new processes can be created, although certain existing processes will still continue to function. A forced crash will reveal several processes waiting for the pgrphash lock. The pgrphash lock will be held by a child process waiting for its parent to die which is being held up by an external event. A sample stack trace for the child process holding the pgrphash lock 0 thread_block 1 get_parent 2 fixjobc 3 pgmv 4 setpgrp1 5 setpgid 6 syscall 7 _Xsyscall PROBLEM: (77713) (PATCH ID: OSF445-064) ******** This patch fixes a problem in which the POSIX interval timer is not resilent to clock slowdown cause either by NTP or by a backwards change of the clock. PROBLEM: (ISO100518) (PATCH ID: OSF445-066) ******** This patch fixes a kernel memory fault panic seen under certain circumstances when a process or thread was setting its priority. A typical stack trace would be: > 0 boot src/kernel/arch/alpha/machdep.c : 1890 1 panic src/kernel/bsd/subr_prf.c : 834 2 trap src/kernel/arch/alpha/trap.c : 1659 3 _XentMM src/kernel/arch/alpha/locore.s : 1645 4 nxm_manager_boost src/kernel/kern/syscall_subr.c : 2503 5 trap src/kernel/arch/alpha/trap.c : 2132 6 _Xsyscall src/kernel/arch/alpha/locore.s : 1537 PROBLEM: (BCSM702LV, MGO59344E, MGO75812A) (PATCH ID: OSF445-101) ******** There is a potential for a system panic in routine sbflush() if there is an attempt to flush a socket buffer while it is locked by another thread. This patch corrects the problem. PROBLEM: (73112, 78765) (PATCH ID: OSF445-095) ******** This patch fixes two panics that has the following error messages: simple_lock: time limit exceeded -and- simple_lock: lock already owned by cpu Sample stack traces are listed below: Stack trace #1 simple_lock: time limit exceeded pc of caller: 0xffffffff000adf44 lock address: 0xfffffc001879ca80 lock info addr: 0xfffffc0001404cd0 lock class name: task.lock current lock state: 0xd00000bd000ac4cd panic (cpu 0): simple_lock: time limit exceeded syncing disks... done Stack trace #2 12 panic("simple_lock: lock already owned by cpu") 13 simple_lock_fault() 14 simple_lock_state_violation() 15 thread_deallocate() 16 task_swapout() 17 task_swapout_thread() PROBLEM: (HPAQ20N23) (PATCH ID: OSF445-069) ******** This patch corrects a problem with the incorrect ordering of network interfaces which was resulting in network partitions. PROBLEM: (HPAQ30SQ8) (PATCH ID: OSF445-008) ******** This patch fixes a panic in in_pcbfree() when ASE fails over NFS applications that use listener sockets. The stack trace will look like the following: panic in_pcbfree tcp_input ipintr netisr_thread PROBLEM: (BCSM412FX) (PATCH ID: OSF445-065) ******** This patch fixes a panic in in_pcbfree() when NFS is implemented over TCP. If an NFS server stops servicing requests to clients and the server is rebooted to clear the NFS problem, the clients panic in in_pcbfree(). A typical client stack trace is: panic in_pcbfree tcp_input ipintr PROBLEM: (EVT19938A, MGO53352A, TKTB30013, 79783, BCSM50XTD, BCSM511NN, BCSM51BGL) (PATCH ID: OSF445-075) ******** This patch fixes problems seen in the relocation of NFS services when clients have at least one of the filesystems mounted over TCP. The symptom is that at least one of the filesystems will fail to unmount when the failover is attempted. When analysis of that system is completed, at least one of the nfs_tcp_threads will be hung in rrok3free(). The stack trace will look similar to this: 0 thread_block() 1 mpsleep() 2 rrok3free() 3 svcktcp_reply() 4 svc_sendreply() 5 rfs_sendreply() 6 rfs_dispatch() 7 nfs_rpc_recv() 8 nfs_tcp_thread () PROBLEM: (MGO45830B) (PATCH ID: OSF445-002) ******** System spends excessive time in the internet checksum routine due to an invalid message length. Performance is degraded significantly. PROBLEM: (67762, 74793, HPAQ112FQ) (PATCH ID: OSF445-058) ******** This patch fixes reply values for NFS writes which were causing protocol violations. PROBLEM: (MGO59344C, 80674) (PATCH ID: OSF445-106) ******** This patch is to prevent a hang that can occur using NFS over TCP. Many NFS TCP server threads will be blocked for several minutes and their stack trace will look like the following: 0 thread_block 1 mpsleep 2 sosleep 3 sosbwait 4 sosend 5 xdrrecmbuf_send 6 svcktcp_reply 7 svc_sendreply 8 rfs_sendreply 9 rfs_dispatch 10 nfs_rpc_recv 11 nfs_tcp_thread This problem is a race condition and will only be seen on SMP systems. PROBLEM: (TKTBC0035, 78015) (PATCH ID: OSF445-015) ******** This patch fixes a problem where the operating system only looks in slot 0 for the primary CPU when in console mode. This can be seen when examining the binary.errlog with the DECevent utility. On a EV6 CPU system, DECevent displays the text in an incorrect format that translates to an EV5 CPU. PROBLEM: (74651, 75705) (PATCH ID: OSF445-013) ******** This patch fixes a problem where a root user was not allowed to check file access on behalf of a user without completely becoming the user. The functionality is needed by the ASU (Advanced Server for UNIX) product. PROBLEM: (MGO90721A) (PATCH ID: OSF445-029) ******** This patch fixes a problem with simple_lock: time limit exceeded panic seen on SMP systems with the namei.nch_lockinfo lock. A typical entry in the /var/adm/messages file would be: simple_lock: time limit exceeded pc of caller: 0xfffffc00004445d8 lock address: 0xfffffc0000eb50e8 lock info addr: 0xfffffc0000772be0 lock class name: namei.nch_lockinfo current lock state: 0x800000be00443b45 (cpu=0,pc=0xfffffc0000443b44,busy) PROBLEM: (TKTR30001) (PATCH ID: OSF445-037) ******** This patch fixes a race condition in the UBC code where a lookup is done on a page being invalidated (freed). The lookup continued to access the data structure after it was freed, and depending on who uses the data structure next, this causes the lookup to think that the invalidation did not complete and wait. PROBLEM: (58325) (PATCH ID: OSF445-052) ******** This patch fixes UFS metadata update performance by adding a mount option, "delayed", for UFS to convert synchronous metadata writes into delayed metadata writes. The File System is often used as a cache for transitory data such as in web servers. Applications such as Squid web proxy server will get a significant performance boost by enabling this option. Restoring from tape is another application that can be benefited from this. PROBLEM: (79937) (PATCH ID: OSF445-076) ******** This patch fixes a hang or simple_lock_state_violation panic in biodone. This patch places mount throttle fields under the new mount_throttle_lock (locking requirements described in mount.h). These fields previously were under the mount lock. The problem is that it was possible for the mount lock to be held in a context which could be interrupted by a higher priority event, such as biodone, which could also require this lock. The solution is to protect these fields under a different lock and spl. The key pieces of the stack trace for this problem are: biodone() -- wants mount lock ... ... -- interrupt service routines ... _XentInt() -- interrupt ... vfs_unbusy() -- some routine which takes the mount lock (vfs_unbusy is not unique here) ... PROBLEM: (82489, SSRT0676U) (PATCH ID: OSF445-171) ******** A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised. This may be in the form of improper file or privilege management. Compaq has corrected this potential vulnerability. PROBLEM: (STL069451) (PATCH ID: OSF445-144) ******** This patch corrects a problem in which a single application's creating and removing of files repeatedly in the absence of other applications working on the same fileset can cause poor 'update' daemon performance due to a flawed kernel hashing algorithm. PROBLEM: (BCGM805NL) (PATCH ID: OSF445-189) ******** These changes address panics which can occur if a signal is sent to a multi-threaded task in which one or more threads are calling exit() or exec(). The panic is invariably a kernel memory fault whose faulting virtual address is usually 0x50. The following panic message is typical: trap: invalid memory read access from kernel mode faulting virtual address: 0x0000000000000050 pc of faulting instruction: 0xfffffc0000283bc0 ra contents at time of fault: 0xfffffc0000283bb4 sp contents at time of fault: 0xfffffe0450d77360 An example stack trace: 0 thread_block 1 thread_preempt 2 boot 3 panic 4 trap 5 _XentMM 6 thread_signal_wakeup 7 psignal_internal 8 kill 9 syscall 10 _Xsyscall PROBLEM: (81379, 77978) (PATCH ID: OSF445-131) ******** The system returns the incorrect status from read EEROM. PROBLEM: (76224) (PATCH ID: OSF445-123) ******** This patch corrects a problem where a directory entry may be attempted to be changed to "." and the code checks for this prevents it from happening. PROBLEM: (78711, 78577, 78703, 78751, 79066) (PATCH ID: OSF445-133) ******** This patch fixes a panic in AdvFS which has the following error message: panic: Unaligned kernel space access from kernel mode The stack trace is listed below: 21 afault_trap() 22 _XentUna() 23 seq_search() 24 msfs_lookup() 25 cfs_comm_lookup() 26 cfscall_lookup() 27 cfs_lookup() 29 _F64_stat1() 30 lstat() 31 syscall() 32 _Xsyscall() PROBLEM: (83661, 85312, STL111443) (PATCH ID: OSF445-182) ******** This patch fixes a problem where the setgid bit of a directory was not being set when created, if its parent directory has the setgid bit set. PROBLEM: (MGO69211A) (PATCH ID: OSF445-178) ******** This patch fixes an AdvFS hang that is caused by a thread waiting for flushCv notification and is holding resources that other threads want. This type of hang has been experienced when shutting the system down. PROBLEM: (ALC-2-076) (PATCH ID: OSF445-173) ******** This patch provides support for activating temporary atomic write data logging on all files within the mount point. The data logging is turned off when the fileset is unmounted. PROBLEM: (80302, 80232) (PATCH ID: OSF445-119) ******** This patch fixes a kernel memory fault from ufs_mount(). PROBLEM: (BCPMB0MC4, 117-2-306, 84332) (PATCH ID: OSF445-172) ******** This patch fixes a system hang caused by netisr queue corruption due to a race condition that is primarily encountered by third party drivers and layered products that call schednetisr_nospl(). PROBLEM: (MGO16194A) (PATCH ID: OSF445-196) ******** This patch fixes the simple lock timeout panic seen when working with NFS loopback mounted file systems with large numbers of dirty pages. The stack trace will usualy include ubc_written_cluster(). : 3 panic 4 trap 5 _XentMM 6 ubc_page_alloc 7 nfs3_getapage 8 nfs3_getpage 9 rw3vp_cache 10 rw3vp 11 nfs3_rdwr 12 vn_write 13 rwuio 14 write 15 syscall 16 _Xsyscall PROBLEM: (68328, 68412) (PATCH ID: OSF445-120) ******** This patch prevents a system panic from occurring while using ADVFS. A typical stack trace may look similar to this: 5 panic(s = "SMP Assertion failed") 6 advfs_sad() 7 vd_htop_already_valid() 8 migrate_normal() 9 mig_migrate() 10 bs_migrate() 11 msfs_syscall_op_migrate() 12 msfs_real_syscall() 13 msfs_syscall() 14 syscall() 15 _Xsyscall() PROBLEM: (79241, 79696, 80978) (PATCH ID: OSF445-126) ******** This patch fixes "simple_lock: time limit exceeded" system panic either from cache_lookup() or cache_enter(). This is caused by the namecache LRU list getting corrupted. PROBLEM: (HPAQ30LKL) (PATCH ID: OSF445-151) ******** This patch fixes inaccuracy problems when using setrlimit/getrlimit with a threaded application. PROBLEM: (78704) (PATCH ID: OSF445-191) ******** This patch fixes a hang in the ufs filesystem. PROBLEM: (EVT0523123) (PATCH ID: OSF445-190) ******** This patch fixes a memory leak when named pipes (FIFOs) are used. PROBLEM: (BCPM91FRG, 82491) (PATCH ID: OSF445-188) ******** This patch fixes a problem that causes Tarantella Enterprise 1.41 not to install on Tru64 UNIX. PROBLEM: (84853) (PATCH ID: OSF445-166) ******** CDFS media burned in 2001 shows the wrong dates. PROBLEM: (ALC-2-076) (PATCH ID: OSF445-200) ******** This patch fixes a timing window where flushing data to disk can be incomplete when a system is going down. Note this can only occur if all of these conditions are true: o More than one thread calls the reboot() system call without first going through shutdown, /sbin/reboot, or /sbin/halt (note the operating system itself does not do this, it would have to be an application program which is calling reboot()). o O_SYNC is not in use. o AdvFS data logging is not in use. PROBLEM: (MGO10736A, EVT0396650, TPOB36405, BCSM10NZK) (PATCH ID: OSF445-187) ******** This patch fixes a problem where threads can hang in x_load_inmem_xtnt_map() when called from x_page_to_blkmap(). A typical hung thread will have the following calls at the top of its stack trace: 0 thread_block 1 lock_read 2 x_load_inmem_xtnt_map 3 x_page_to_blkmap 4 x_page_to_iolist 5 blkmap PROBLEM: (ALC-2-076) (PATCH ID: OSF445-197) ******** This patch fixes a potential problem flushing data to disk when using data logging with sparse files in an AdvFS filesystem. PROBLEM: (GB_G00942) (PATCH ID: OSF445-195) ******** This patch corrects an AdvFS panic which can occur during a rmfset operation. The panic string: "rbf_delete_int: can't find bf attributes" PROBLEM: (MGO02694A) (PATCH ID: OSF445-179) ******** This patch fixes hangs in AdvFS fileset operations such as clone creation and deletion when I/O errors or device full conditions resulted in the operation being "undone". PROBLEM: (GOZ96332B) (PATCH ID: OSF445-203) ******** This patch fixes a problem when using multiple subnets on a netowrk interface; ARP request packets sent by the system will contain the IP alias address in the sender field when that alias is in the same subnet as the requested IP address. PROBLEM: (GOZ03925B) (PATCH ID: OSF445-204) ******** This patch fixes a problem when using an IP alias address on a network interface. Applications making IOCTL calls (such as SIOGIFNETMASK and SIOCGIFBRADDR) accessing the IP alias address will now return the correct values for the alias instead of the primary address. PROBLEM: (HGO073056) (PATCH ID: OSF445-186) ******** This patch fixes a problem where threads can hang while renaming files on nfs mounted filesystems. This can occur when two threads are renaming files, one from directory "a" to directory "b" and the other from directory "b" to "a". A typical stack trace for a hung thread looks like: 0 thread_block 1 lock_write 2 nfs3_rename 3 rename 4 syscall PROBLEM: (EVT18628A, 59132) (PATCH ID: OSF445-212) ******** This patch modifies advfs kernel code and several utilities. AdvFS will no longer panic with the following error: ADVFS EXCEPTION : panic cpu(0) : bad frag free list. The code is modified so that during frag allocation when advfs determines that the frag group header's free list has been corrupted, it stops using it and marks it BAD. It is then removed from the free list so no more allocations can take place AND no deallocations are performed. The verify, shfragbf and vfragpg programs are modified to report BAD frag groups. PROBLEM: (76966) (PATCH ID: OSF445-116) ******** This patch fixes two problems with the consvar command: 1. Consvar -s now sets a tape device as a boot device from the console 2. Consvar -g now displays a listing of the console settings as intended PROBLEM: (87559) (PATCH ID: OSF445-242) ******** The problem causes a system panic. The panic string will be: "simple_unlock: lock not owned by cpu" and will occur in the biodone routine. Typical stack trace: (dbx) t > 0 stop_secondary_cpu() 1 panic() 2 event_timeout() 3 xcpu_puts() 4 printf() 5 panic() 6 simple_lock_fault() 7 simple_unlock_owner_violation() 8 biodone() 9 cdisk_complete() 10 xpt_callback_thread() PROBLEM: (ZPO038883) (PATCH ID: OSF445-035) ******** This patch fixes a problem of NetRain devices failing to come up after the "rcinet restart" command is entered. The error message displayed is "/sbin/rc3.d/S00inet: ifconfig failed - ifconfig: ioctl (SIOCIFADD): Function not implemented" PROBLEM: (60651, 77772, 60651, 66106, 64050) (PATCH ID: OSF445-020) ******** This patch fixes the following problems with the mv command: - An invalid error message when attempting to move files in which the source name is the same as the destination name The message would look something like the following: mv: rename foo to foo/fooo: Invalid argument The error message, with this patch, will now look something like the following: mv: foo and foo are identical - When using "mv -i" to rename a symlink pointing to a file on a different filesystem owned by a different user results in the prompt: Ownership of y will change. Continue? - When moving a file from one filesystem to another, the "mv" command will copy the file rather than using the rename() system call. If there are any errors writing to the destination filesystem, the destination file is unlink()'d, and "mv" returns an error to the shell. This can also result in the loss of a file. PROBLEM: (BCSM40LZ1, 79464) (PATCH ID: OSF445-104) ******** This patch corrects the problem with the mv(1) command deleting files in the directory when the user moves a directory to itself. PROBLEM: (BCSM40LZ1, 79464) (PATCH ID: OSF445-096) ******** This patch corrects the problem with the mv(1) command deleting files in the directory when the user moves a directory to itself. PROBLEM: (BCGMC1ZNX, HPAQ80JML, BCGMA0G3H, BCGMA2191) (PATCH ID: OSF445-046) ******** This patch fixes a problem where some crontab jobs would run multiple times in the same minute. This problem was introduced by another cron patch on a previous patch kit. In fixing an earlier problem, cron was changed so that if a crontab was submitted that contained an entry for the current minute, the entry was run immediately. Previously, the entry was not run. This change in behavior caused a problem for crontab jobs which updated crontab without deleting the entry that started them. Such jobs could be run multiple times during their first minute. PROBLEM: (78912, FNO95387A, BCGM51P8N) (PATCH ID: OSF445-085) ******** This patch fixes two cron problems: 1) the cron daemon does intensive logging and fills up the disk, and 2) multiple cron daemons continue to run and consume system resources due to the fact that after a user is deleted from the system there are still jobs running on the users behalf. PROBLEM: (76155, 76156, 77967) (PATCH ID: OSF445-039) ******** This patch fixes a kernel memory fault caused by either one of the following conditions: 1. On EV6 platforms, when the debugger is used to view the OT_DEVMAP object mapping memory in I/O space that is mapped to a user process. 2. When routine pmap_coproc_exit_notify() modifies the pmaps' coproc_tbi function to be 0, a null pointer, while it is being checked by routine pmap_remove_all() PROBLEM: (EVT38717A, 81694) (PATCH ID: OSF445-158) ******** This patch fixes a problem in which the 'vi' editor core dumps when it finds invalid syntax during a substitute operation. PROBLEM: (78368) (PATCH ID: OSF445-102) ******** The what command will process only the first file provided to it in a list of input files. This is true if the input is provided as a wild card or if multiple files names are explicitely provided. PROBLEM: (BCPM50TPC, 80243) (PATCH ID: OSF445-139) ******** This patch fixes several problems when bindsetup is used to change hostnames. PROBLEM: (52718, 74111, 61261) (PATCH ID: OSF445-067) ******* Problem 1: Dbx stack trace is incomplete. In certain cases, dbx's 'where' command did not produce a complete stack trace. This was seen when debugging at the assembly level and using the 'stepi' command to step into a routine, or when there is a fault in some library routines. The following shows some instances of the problem. Stepping into a routine with stepi ('si'), Getting a stack trace ('where' or 't') Attempt to 'return' >*[main:68, 0x1200018b0] ldq r27, -32568(gp) (dbx) ni >*[main:68, 0x1200018b4] jsr r26, (r27), 0x120005e60 (dbx) si >*[_OtsMove, 0x3ff800d5e60] amask 0x1, r19 (dbx) t > 0 _OtsMove(0x3ff800d5bd0, 0x4, 0x120001850, 0x3, 0x4) [0x3ff800d5e60] (dbx) return no place to return to (dbx) up (dbx) t > 0 _OtsMove(0x3ff800d5bd0, 0x4, 0x120001850, 0x3, 0x4) [0x3ff800d5e60] Stepping into a routine until the stack is correct >*[main:68, 0x1200018cc] ldq r21, 40(r8) (dbx) ni >*[main:68, 0x1200018d0] bsr r26, recurse+0x8(line 29) (dbx) si >*[recurse:29, 0x120001638] ldq r28, -16448(sp) (dbx) t > 0 recurse(inbox = (...)) ["crashit.c":29, 0x120001638] (dbx) ni >*[recurse:29, 0x12000163c] ldq r28, -4096(sp) (dbx) ni >*[recurse:29, 0x120001640] ldq r28, -12256(sp) (dbx) ni >*[recurse:29, 0x120001644] lda sp, -16448(sp) (dbx) ni >*[recurse:29, 0x120001648] stq r26, 8144(sp) (dbx) t > 0 recurse(inbox = (...)) ["crashit.c":29, 0x120001648] (dbx) ni >*[recurse:29, 0x12000164c] stq r16, 16400(sp) (dbx) t > 0 recurse(inbox = (...)) ["crashit.c":29, 0x12000164c] 1 main(argc = 3, argv = 0x11ffffce8) ["crashit.c":68, 0x1200018d0] Problem 2: Dbx cannot set a variable after viewing a non-local variable: Dbx has several methods of looking for variables. If the variable is not found in the current routine, active procedures on the stack are searched, and then global variables are searched. When dbx searched up the stack for the variable, it failed to reset an internal pointer and the assignment to a local variable failed. main: 52 if (argc < 3) { (dbx) stop in justtryme [2] stop in justtryme (dbx) r 0 3 [2] stopped at [justtryme:21 ,0x1200015d4] deepend = levels; (dbx) n [justtryme:23 ,0x1200015d8] printf("Cpu %d going down, stack about %d levels deep\n", cpu, deepend); (dbx) p iter /* A variable local to the main routine 3 (dbx) assign deepend = 10 10 (dbx) p deepend 3 (dbx) q Problem 3: Dbx receives signal 66 on vfork: When debugging a program that executes a vfork, dbx exhibited this: dbx version 3.11.10 Type 'help' for help. main: 11 signal( SIGCHLD, handler ); (dbx) r signal [signal 66] at >*[__vfork, 0x3ff800e7968] beq r19, 0x3ff800e7980 (dbx) The correct behaviour follows: main: 11 signal( SIGCHLD, handler ); (dbx) r New child attached. Use switch to gain access to process 5774 child: 5774 (dbx) PROBLEM: (BCSM816C6, HPAQ2144F) (PATCH ID: OSF445-053) ******** This patch fixes a problem with btcreate command where default restore fails is the disklabel is different and fixes a problem with slow robot media changers not waiting long enough between vdumps for the next tape to be loaded by some media changers. PROBLEM: (ZPO148195) (PATCH ID: OSF445-510) ******** This patch adds code to print greater than 61 UNIX domain sockets & change file read errors from /dev/kmem to ignore and continue in a running system. PROBLEM: (89053) (PATCH ID: OSF445-367) ******** The error path in xfer_xtnts_to_clone() could cause the following two panic messages: "bs_real_invalidate_pages(#): buf refd or pinned" "bs_purge_dirty: buf refd or pinned" PROBLEM: (90214, 90549) (PATCH ID: OSF445-308) ******** This patch fixes a kernel memory fault due to a bug in kernel code. A typical stack trace that could be an indication of this problem appears as the following: > 0 stop_secondary_cpu src/kernel/arch/alpha/cpu.c : 1346 1 panic src/kernel/bsd/subr_prf.c : 1296 2 event_timeout src/kernel/arch/alpha/cpu.c : 2212 3 printf src/kernel/bsd/subr_prf.c : 981 4 panic src/kernel/bsd/subr_prf.c : 1353 5 trap src/kernel/arch/alpha/trap.c : 2266 6 _XentMM src/kernel/arch/alpha/locore.s : 2143 7 free src/kernel/bsd/kern_malloc.c : 2164 8 semop src/kernel/bsd/svipc_sem.c : 1424 9 syscall src/kernel/arch/alpha/syscall_trap.c : 725 10 _Xsyscall src/kernel/arch/alpha/locore.s : 1814 PROBLEM: (GOZ48787C) (PATCH ID: OSF445-272) ******** This patch corrects a problem with ICMP redirect processing which resulted in incorrect ICMP redirect messages. PROBLEM: (BCGM51RKR) (PATCH ID: OSF445-334) ******** This addresses a kernel memory fault panic in malloc_thread(). panic() trap() _XentMM() malloc_thread() PROBLEM: (87975, SSRT0711U) (PATCH ID: OSF445-506) ******** A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised. This may be in the form of improper file or privilege management. HP has corrected this potential vulnerability. PROBLEM: (91927, 95450) (PATCH ID: OSF445-598) ******** PROBLEM: on EV6 systems, removing execute permission from memory may not take effect immediately. No typical stack trace, no potential for panic. PROBLEM: If a set of kernel virtual addresses at the high end of virtual memory are unmapped, the system may panic with "delete_pv_entry: mapping not in pv_list". The failure can be identified with the following stack trace: 1 panic src/kernel/bsd/subr_prf.c : 1325 2 event_timeout src/kernel/arch/alpha/cpu.c : 2341 3 printf src/kernel/bsd/subr_prf.c : 1008 4 panic src/kernel/bsd/subr_prf.c : 1382 5 delete_pv_entry src/kernel/arch/alpha/pmap.c : 2496 6 pmap_remove_range src/kernel/arch/alpha/pmap.c : 3389 7 pmap_remove src/kernel/arch/alpha/pmap.c : 3588 8 anon_remap src/kernel/vm/vm_anon.c : 1412 9 anon_grow src/kernel/vm/vm_anon.c : 1126 10 u_anon_grow src/kernel/vm/u_mape_anon.c : 5414 11 u_map_entry_grow src/kernel/vm/vm_umap.c : 1424 12 u_map_enter src/kernel/vm/vm_umap.c : 1490 13 u_anon_create src/kernel/vm/u_mape_anon.c : 1558 14 smmap src/kernel/bsd/kern_mman.c : 1309 15 syscall src/kernel/arch/alpha/syscall_trap.c : 725 PROBLEM: (HPAQ20H9Q) (PATCH ID: OSF445-377) ******** This fix corrects a problem where df was showing negative values for large nfs filesystems. PROBLEM: (SE_G04310, DSATL0S0X) (PATCH ID: OSF445-494) ******** This patch corrects a problem introduced in a prior patch which can result in a system panic when outputting through the packet filter. PROBLEM: (FR_G01637) (PATCH ID: OSF445-378) ******** To avoid a form of log corruption we no longer reuse log pages. In one case this corruption resulted in a system hang caused by a huge, unreasonable malloc. PROBLEM: (90264, 90340) (PATCH ID: OSF445-634) ******** PROBLEM: When the disk is nearly full and the BMT needs to be extended, if the extension failed, the system would panic with a message like the following: ftx_done_urdr: handle level N1 doesn't match ftx lvl N2 This problem is now fixed. PROBLEM: If a disk is very fragmented and we try to extend the BMT (e.g because we are creating new files), the extension might fail even though there is disk space left and the BMT has not reached its theoretical maximum number of extents (about 680). In some cases, the number of extents in the BMT was as low as 200. This fix ensures that we will not fail the BMT extension unless we have reached the theoretical maximum number of extents. Note that the extension can still fail if we run up against this maximum, even though there might be disk space left. PROBLEM: (90927, SSRT1-40U, SSRT1-41U, SSRT1-42U, SSRT1-45U, SSRT1-48U) (PATCH ID: OSF445-352) ******** A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised. This may be in the form of improper file access. Compaq has corrected this potential vulnerability. In addition the following changes were made: - shell inline input files are more secure - sh noclobber and new constructs added Updated sh, csh and ksh ----------------------- The updated shells in this kit all implement the following changes when processing shell inline input files: - File permissions allow only read and write for owner - If excessive inline input file name collisions occur the the following error message will be returned: "Unable to create temporary file" sh noclobber option and >| , >>| constructs added ------------------------------------------------- A noclobber option similar to that already available with csh and ksh has been added to the Bourne shell. When the noclobber option is used (set -C), the shell behavior for the redirection operators > and >> changes as follows: - For > with noclobber set, sh will return an error rather than overwrite an existing file. If the specified filename is actually a symlink, the presence of the symlink satisfies the criteria "file exists" whether or not the symlink target exists, and sh returns an error. The >| construct will suppress these checks and create the file. - For >> with noclobber set, output is appended to the tail of an existing file. If the filename is actually a symlink whose target does not exist, sh returns an error rather than create the file. The >>| construct will suppress these checks and create the file. ksh noclobber behavior clarified -------------------------------- For > with noclobber set, ksh returns an error rather than overwrite an existing file. If the filename is actually a symlink, the presence of the symlink satisfies the criteria "file exists" whether or not the symlink target exists, and ksh returns an error. The >| construct will suppress these checks and create the file. For >> with noclobber set, output is appended to the tail of an existing file. If the filename is actually a symlink to a non-existent file, ksh returns an error. csh noclobber behavior clarified -------------------------------- For > with noclobber set, csh returns an error rather than overwrite an existing file. If the filename is actually a symlink, the presence of the symlink satisfies the criteria "file exists" whether or not the symlink target exists, and csh returns an error. The >! construct will suppress these checks and create the file. For >> with noclobber set, output is appended to the tail of an existing file. If the filename is actually a symlink to a non-existant file, csh returns an error. The >>! construct will suppress these checks and create the file. PROBLEM: (88588) (PATCH ID: OSF445-516) ******** A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised. This may be in the form of improper file access. Compaq has corrected this potential vulnerability. PROBLEM: (93526) (PATCH ID: OSF445-595) ******** This patch fixes problem while expanding positional parameters in bourne shell. The expansion "$@" should generate zero fields when there are no positional parameters specified for the shell function. PROBLEM: (93714, 88135, 92143, 86119) (PATCH ID: OSF445-504) ******** PROBLEM: audit_tool does not correctly display information for a fcntl F_DUPFD event. PROBLEM: audit_tool -R command causes a core dump. PROBLEM: The audit_tool generates unaligned access messages for the exportfs system call when recording both writeaddrs and rootaddrs vectors. PROBLEM: (84959, 87086, 74573, MGO00009A) (PATCH ID: OSF445-274) ******** This patch corrects two problems: 1) The table() system will not abort connections properly if a tcb hash table number is greater than 1. 2) There was a kmf in 'option_scan' due to SMP race between cfgmgr(CFG_OP_CONFIGURE)" and "sysconfigdb(CFG_OP_RECONFIGURE)". The fix was to add a lock around access to cfg_db. An example of the stack trace would be: 5 panic 6 trap 7 _XentMM 8 option_scan 9 pci_driver_configure 10 configure_driver 11 wdd_pwa_configure 12 subsys_conf 13 kmodcall 14 syscall 15 _Xsyscall PROBLEM: (93643) (PATCH ID: OSF445-517) ******** Fixed two code paths where we could accidentally lookup the unspecified address (0.0.0.0), find an ARP entry for it, and start the timer ticking away on it eventually causing a panic. PROBLEM: (88758) (PATCH ID: OSF445-294) ******** The routine msfs_unmount() could cause a hang if the underlying filesystem is currently busy. PROBLEM: (89814, 117-1-18182) (PATCH ID: OSF445-309) ******** This patch corrects a problem in which ksh fails to substitute the tilde (~) character for a user's home directory after an assignment using the "#" or "%" characters has been used. PROBLEM: (92205, 82981) (PATCH ID: OSF445-423) ******** This change fixes kernel memory faults caused by ufs_sync_int accessing an inactivated or de-allocated vnode. In irefresh the MOUNT_VLIST_LOCK is dropped when calling vgone and iget. The mounted vnode list could change during this time and the pointer to the next vnode could become invalid causing a Kernel Memory Fault panic. PROBLEM: (SSRT1-26) (PATCH ID: OSF445-210) ******** A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised. This may be in the form of improper file or privilege management. Compaq has corrected this potential vulnerability. PROBLEM: (91871, none) (PATCH ID: OSF445-433) ******** This problem will only appear if rt_preempt_opt is set to 1. Invalidating a portion of a very large file, via a call to ftruncate for example, can make the filesystem appear hung. Other programs that attempt to access that filesystem will hang until the original invalidation completes. PROBLEM: (95121) (PATCH ID: OSF445-602) ******** This patch fixes a ksh problem related to cleaning the process associated with control terminal when a login session is abruptly stopped. This problem occurs when trap(1) defined either in a startup script or a script executed within the current shell process. PROBLEM: (89165) (PATCH ID: OSF445-269) ******** This patch fixes kernel panics which can occur in the context of threaded applications. The panic string is "trap: invalid memory write access from kernel mode" and the faulting virtual address is always 0x0000000000000048. PROBLEM: (76393) (PATCH ID: OSF445-426) ******** To avoid a lock hierarchy violation open the clone before loading the extents of the original file. PROBLEM: (86737, SQO73719A) (PATCH ID: OSF445-224) ******** This patch fixes a kernel memory fault. The crash is listed below: > 0 stop_secondary_cpu src/kernel/arch/alpha/cpu.c : 614 1 panic src/kernel/bsd/subr_prf.c : 751 2 event_timeout src/kernel/arch/alpha/cpu.c : 1183 3 xcpu_puts src/kernel/bsd/subr_prf.c : 895 4 printf src/kernel/bsd/subr_prf.c : 423 5 panic src/kernel/bsd/subr_prf.c : 804 6 trap src/kernel/arch/alpha/trap.c : 1760 7 _XentMM src/kernel/arch/alpha/locore.s : 1741 8 signal_parent src/kernel/bsd/kern_sig.c : 6622 9 issig src/kernel/bsd/kern_sig.c : 4957 10 mpsleep src/kernel/bsd/kern_synch.c : 553 11 pse_read src/kernel/streams/str_scalls.c : 1538 12 spec_read src/kernel/vfs/spec_vnops.c : 2216 13 msfsspec_read src/kernel/msfs/osf/msfs_vnops.c : 4598 14 vn_read src/kernel/vfs/vfs_vnops.c : 1107 15 rwuio src/kernel/bsd/sys_generic.c : 1950 16 read src/kernel/bsd/sys_generic.c : 1900 17 syscall src/kernel/arch/alpha/syscall_trap.c : 627 18 _Xsyscall src/kernel/arch/alpha/locore.s : 1505 PROBLEM: (95049, TKT370920) (PATCH ID: OSF445-630) ******** This patch addresses three basic issues: 1) The TCP window has been increased from 96 KB to 500 KB for performance improvements. 2) This patch will have the netisr thread dynamically estimate the reply size and subsequently reserve the space in the socket buffer. 3) A new timeout check has been added to notice when the data hasn't been ACKnowledged in 30-50 seconds and copies those buffers. This will allow the UBC to free up those mbufs and not tie them up. PROBLEM: (SSRT1-40U, SSRT1-41U, SSRT1-42U, SSRT1-45U, SSRT1-48U) (PATCH ID: OSF445-364) ******** A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised. This may be in the form of improper file access. Compaq has corrected this potential vulnerability. PROBLEM: (94251, 94298) (PATCH ID: OSF445-459) ******** A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised when a buffer overflow occurs. Buffer overflows are sometimes exploited in an attempt to subvert the function of a privileged program and possibly execute commands at the elevated privileges if the program file has the setuid privilege. HP has corrected this potential vulnerability. PROBLEM: (KAOB74580) (PATCH ID: OSF445-513) ******** This patch corrects a problem with could result either in the panic of a cluster member or in inconsistent data when the sbcompress_threshold configurable is set. PROBLEM: (95085, SSRT2384) (PATCH ID: OSF445-591) ******** A potential security vulnerability has been discovered in the HP Tru64 UNIX operating system that may result in a Denial of Service (DoS). This potential vulnerability may be in the form of local and remote security domain risks. The following potential security vulnerability has been corrected: SSRT2384 rpc (Severity - High) PROBLEM: (88561) (PATCH ID: OSF445-484) ******** A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised. This may be in the form of improper file or privilege management. HP has corrected this potential vulnerability. PROBLEM: (IT_G01812, SSRT0756U) (PATCH ID: OSF445-327) ******** A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised. This may be in the form of improper file or privilege management. Compaq has corrected this potential vulnerability. PROBLEM: (BE_G01325) (PATCH ID: OSF445-227) ******** This patch prevents the error message "local HSM Error: msgsvc: socket close failed" from being generated when an application closes the socket with return state 0. PROBLEM: (89465, 89744, INVALID, 90057, 90077, 90272) (PATCH ID: OSF445-360) ******** The patch updates the emx driver to v2.03 and fixes a problem which could cause an emx driver panic during adapter resets. PROBLEM: (70-25-47) (PATCH ID: OSF445-500) ******** This patch fixes a problem that may be encountered by threaded applications using pthread_kill(). Under some circumstances, when one application thread attempts to signal a second thread using pthread_kill(), the pthreads library will return success, but the signal will never be sent to the target thread. This unfortunate condition may occur when the target thread is blocked in the kernel at the time the signal is sent. PROBLEM: (HPAQ70382) (PATCH ID: OSF445-523) ******** Fix for kernel memory fault panic in the IP multicast loopback code. One would only see this panic if there are IP multicast packets while someone is using packetfilter to monitor the interface. 4 panic src/kernel/bsd/subr_prf.c : 1353 5 trap src/kernel/arch/alpha/trap.c : 2266 6 _XentMM src/kernel/arch/alpha/locore.s : 2143 7 _OtsMove src/kernel/arch/alpha/ots_move_alpha.s : 1762 8 m_copydata src/kernel/bsd/uipc_mbuf.c : 865 9 eestart_locked src/kernel/io/dec/netif/if_ee.c : 4839 10 eestart src/kernel/io/dec/netif/if_ee.c : 4530 11 ether_output src/kernel/net/if_ethersubr.c : 1624 12 ip_output src/kernel/netinet/ip_output.c : 998 13 udp_output src/kernel/netinet/udp_usrreq.c : 1954 14 udp_usrreq src/kernel/netinet/udp_usrreq.c : 2153 15 sosend src/kernel/bsd/uipc_socket.c : 3109 16 sendit src/kernel/bsd/uipc_syscalls.c : 1154 17 sendto src/kernel/bsd/uipc_syscalls.c : 869 18 syscall src/kernel/arch/alpha/syscall_trap.c : 725 19 _Xsyscall src/kernel/arch/alpha/locore.s : 1814 PROBLEM: (TKT232044) (PATCH ID: OSF445-340) ******** NetRAIN virtual interface counters are not maintained properly, which affected reporting via netstat and snmp, and affects the proper operation of NetRAIN. PROBLEM: (SSRT1-40U, SSRT1-41U, SSRT1-42U, SSRT1-45U, SSRT1-48U) (PATCH ID: OSF445-393) ******** A potential security vulnerability has been discovered, where under certain circumstances, users can clobber temporary files created by shell commands and utilities (e.g. under /sbin, /usr/sbin, /usr/bin, and /etc). Compaq has corrected this potential vulnerability. PROBLEM: (117-1-19056) (PATCH ID: OSF445-406) ******** This fix corrects a problem in which ksh did not clean up the processes associated with a terminal once the window was closed. PROBLEM: (AT_G02038) (PATCH ID: OSF445-316) ******** This patch fixes a problem which can result in a panic, hang, or corruption from vnode deallocation during an unmount. This also fixes a 'VFS_UNMOUNT panic' upon unmount. PROBLEM: (BCPM11DLJ) (PATCH ID: OSF445-235) ******** In ubc_page_alloc() if there are a lot of pages in excess we can loop for long time especially if there are a lot of clean pages. The object lock is not dropped. We panic with simple_lock_timeout. PROBLEM: (DE_G03130, 91613) (PATCH ID: OSF445-411) ******** This patch fixes heap and stack limitations in older O.S. versions required for SAP. PROBLEM: (BCGM21TMQ) (PATCH ID: OSF445-244) ******** This correction avoids an AdvFS command problem. In rare cases, migrate programs (rmvol, balance, migrate, defragment) would fail to migrate a file due to E_PAGE_NOT_MAPPED: nail/-> rmvol -v /dev/rza13c eng-mdvt1 rmvol: Removing volume '/dev/rza13c' from domain 'eng-mdvt1' rmvol: Moving file file name: (setTag: 1.32769 (0x1.0x8001), tag: 1.32769 (0x1.0x8001)) moving pages - page offset: 8672, page count: 1424 rmvol: Can't move file (setTag: 1.32769 (0x1.0x8001), tag: 1.32769 (0x1.0x8001)) pages rmvol: Error = E_PAGE_NOT_MAPPED (-1035) rmvol: Can't move file (setTag: 1.32769 (0x1.0x8001), tag: 1.32769 (0x1.0x8001)) metadata rmvol: Can't remove volume '/dev/rza13c' from domain 'eng-mdvt1' PROBLEM: (94189, 94095, SSRT, SSRT) (PATCH ID: OSF445-476) ******** A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be comprimised when a buffer overflow occurs in the ypmatch and traceroute utilities. Buffer overflows are sometimes exploited in an attempt to subvert the funcuion of a privileged program and possibly execute commands at the elevated privileges if the program file has the setuid privilege. HP has corrected this potential vulnerability. PROBLEM: (92670) (PATCH ID: OSF445-425) ******** This patch prevents a panic in fifo_write with the panic message "NULL fifo_bufhdr append pointer". PROBLEM: (BE_G01949, 81659) (PATCH ID: OSF445-321) ******** This patch fixes a problem that causes a system panic when a program calls sendfile(2) to access a file via NFS. A typical stack trace would look like this: 1 panic 2 trap 3 _XentMM 4 crhold 5 nfs3_getpage 6 umc_getobj_page 7 so_sendfile 8 sendfile 9 syscall 10 _Xsyscall PROBLEM: (BCGMA1Q9S, 89434) (PATCH ID: OSF445-324) ******** This patch fixes a problem where decreasing the smoothsync_age does not always have an effect. PROBLEM: (94859, 94097) (PATCH ID: OSF445-545) ******** This patch corrects a problem found wherein the rmtmpfiles script would produce errors at startup of the form: dirclean: lstat failure for starting directory: /.osonly_tmp/: No such file or directory The same error would show up nightly from the cleanup commands in root's crontab. The directory will now be created if necessary when the rmtmpfiles script runs. PROBLEM: (92820) (PATCH ID: OSF445-462) ******** A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised. This may be in the form of improper file access. HP has corrected this potential vulnerability. PROBLEM: (90902, SSRT0788U) (PATCH ID: OSF445-317) ******** When the LANG environment variable is set to a very long string, some applications may crash with memory fault. This patch fixes the problem. PROBLEM: (92818) (PATCH ID: OSF445-464) ******** A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised. This may be in the form of improper file access. HP has corrected this potential vulnerability. PROBLEM: (55230, 55285, MGO92234A, MGO17951A, TPO085779) (PATCH ID: OSF445-524) ******** This patch will fix sync related processing of vnodes in Advfs, NFS. PROBLEM: (90468) (PATCH ID: OSF445-313) ******** This patch fixes a potential race condition in the Virtual Memory subsystem. The race condition is between the vm_page_prewrite() and vm_page_stealer() routines. There is a small window where both of those routines, running in different kernel threads, can get access to the same page on the inactive list. Once this happens, one thread will try to "clean" the page because it's modified, while the other thread will simply "free" the page because the first thread cleared the modified state. This quickly results in a crash involving the VM page lists. The crash on a V4.0F system where this problem was originally reported was a "kernel memory fault" although other types of crashes are likely. Here is the stacktrace from the V4.0F crashdump that this srequest addresses: crash> tf : 5 panic src/kernel/bsd/subr_prf.c : 804 6 trap src/kernel/arch/alpha/trap.c : 1760 7 _XentMM src/kernel/arch/alpha/locore.s : 1741 8 vm_page_clean_in_place_done src/kernel/vm/vm_pagelru.c : 1650 9 vm_async_swdone_lwc src/kernel/vm/vm_swap.c : 1230 10 lwc_schedule src/kernel/bsd/lwc.c : 172 11 thread_block src/kernel/kern/sched_prim.c : 2207 12 xpt_callback_thread src/kernel/io/cam/xpt.c : 3201 In this crash, the vm_page_clean_in_place_done() routine was called (indirectly) as a result of an I/O-completion for the page being written to the swap device. The vm_page_clean_in_place_done() expected to remove the page from the inactive list and put it on the free list. However, since the vm_page_stealer() had already earlier "freed" the page, the page now belonged to Advfs and was now on the UBC lists. With the page on the UBC list, the "p" pointers are null and the vm_page_clean_in_place_done() routine crashes when it invokes the VM_PAGE_QUEUES_REMOVE(pp) macro. PROBLEM: (81126) (PATCH ID: OSF445-398) ******** The sed command may perform very slowly if a regular expression that starts with ".*" is used with line joining operation. This patch fixes this performance problem. PROBLEM: (SSRT0742U) (PATCH ID: OSF445-263) ******** A potential security vulnerability has been discovered in the kernel, where under certain circumstances a race condition can occur that could allow a non-root user to modify any file and possibly gain root access. PROBLEM: (93039, BCGM603V0,) (PATCH ID: OSF445-458) ******** This fix prevents a sign promotion generated by the compiler while comparing 32 bit int variable with 64 bit unsigned long variable. This leads to an incorrect comparison which, in turns, leads to an unnecessary directory lookup warning message on the nfs client when the client receives a directory fileid with bit 31 sign bit on. On a lesser extend, it also causes a slight nfs client caching performance penalty. PROBLEM: (94136, 95831, SSRT2275) (PATCH ID: OSF445-619) ******** This patch provides protection against a class of potential security vulnerabilities called buffer overflows. Buffer overflows are sometimes exploited in an attempt to subvert the function of a privileged program and possibly execute commands at the elevated privileges if the program file has the setuid privilege. This patch allows a system administrator to enable memory management protections that limit potential buffer overflow vulnerabilities. PROBLEM: (91618) (PATCH ID: OSF445-607) ******** When enhanced core file naming is on, an incorrect msg is printed when core dumps. The message file has been modifed accordingly to correct this problem. PROBLEM: (DSATL24MS) (PATCH ID: OSF445-508) ******** This patch resolves "lock_clear_recursive: recursion not enabled" panics. A typical stack trace would be: lock_fault lock_clear_recursive in_fastpcbconnect tcp_input ipintr netisr_thread PROBLEM: (BCGM6022J, BCGM704G5, BCGM704G8, 93947) (PATCH ID: OSF445-501) ******** This patch corrects the problem where telnetd leaves an extra udp port open. PROBLEM: (CLD/QAR/SPR, ---------------------, DE_G02338, 85263, 84086) (PATCH ID: OSF445-332) ******** This patch fixes mbuf memory corruption that can cause kernel memory fault panics. PROBLEM: (94224) (PATCH ID: OSF445-530) ******** .Some CDROM media created by third party software can be mounted, but not viewed with commands such as ls() or find(). PROBLEM: (90130) (PATCH ID: OSF445-300) ******** This change is a fix for locking on retry case for multi-threaded select/poll. A panic with the following stack trace is indicative of this problem: PANIC: "thread_block: simple lock owned" panic thread_block() lock_wait lock_write solock soclose soo_close closef selscan do_scan select syscall _Xsyscall PROBLEM: (94247) (PATCH ID: OSF445-468) ******** A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised when a buffer overflow occurs in the csh utility. Buffer overflows are sometimes exploited in an attempt to subvert the function of a privileged program and possibly execute commands at the elevated privileges if the program file has the setuid privilege. HP has corrected this potential vulnerability. PROBLEM: (92819) (PATCH ID: OSF445-471) ******** A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised. This may be in the form of improper file access. HP has corrected this potential vulnerability. PROBLEM: (SSRT1-40U, SSRT1-41U, SSRT1-42U, SSRT1-45U, SSRT1-48U) (PATCH ID: OSF445-351) ******** A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised. This may be in the form of improper file access. Compaq has corrected this potential vulnerability. PROBLEM: (93321, 87630, 93320, 86058) (PATCH ID: OSF445-639) ******** This patch fixes following problems in sh. o Service denial problem when a quoted here doc script is executed. o Problem with handling ELF files. o The shell variable $- not holding -C set option when it is turned on. o Printing broken characters when type builtin utility of sh is invoked in Japanese locale. PROBLEM: (95529) (PATCH ID: OSF445-621) ******** PROBLEM: a kernel memory fault panic occurs in the audcntl routine (kern_auditcalls.c) the first time the audit daemon attempts flush its kernel buffers to the audit log at user selected frequency (auditd -d freq). This problem may also occur when the audcntl syscall GET_DATALEN function is used from a privileged user id. PROBLEM: (82569, PTR) (PATCH ID: OSF445-374) ******** The child process of a fork() can deadlock during pthread reinitialization. This might happen when old threads are being cleared and the TSD (Thread Specific Data) deconstructors are called. These destructors call malloc free and can deadlock within libc, because libc mutexes are still locked for the fork. The child process will deadlock over an internal DECthreads scheduler mutex. The result may be a DECthreads bugcheck containing information similar to the following: %DECthreads bugcheck (version V3.16-028), terminating execution. % Reason: krnMcsLock: deadlock detected, cell = 0x3ffc01b1330 % Running PROBLEM: (87244) (PATCH ID: OSF445-231) ******** Now vi handles key properly for tags functionality. PROBLEM: (90369, FR_G02425) (PATCH ID: OSF445-312) ******** This patch fixes a problem with ksh. When a ksh menu is started from within user's .profile, ksh will not stop when the telnet session is stopped. PROBLEM: (90927, SSRT1-40U, SSRT1-41U, SSRT1-42U, SSRT1-45U, SSRT1-48U) (PATCH ID: OSF445-350) ******** A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised. This may be in the form of improper file access. Compaq has corrected this potential vulnerability. PROBLEM: (BCSM71HXG) (PATCH ID: OSF445-291) ******** Correction in cron to correctly handle backslashes included "\" commands so that crontab and /dev/console output do not include backslashes. PROBLEM: (93908) (PATCH ID: OSF445-442) ******** This patch corrects a failure in the safe_open() routine which caused symbolic links given by a relative path from the current working directory sometimes to give ENOENT errors incorrectly. This was specific to having no 'real' (non-".") leading components before the first symlink was found. PROBLEM: (77830) (PATCH ID: OSF445-381) ******** New log changes increased parallelism and uncovered this bug. The #ifdefs are backwards in the page validation routine. This can happen when a page is unpinned for the first time and an ftx_fail causes a read of that log page. PROBLEM: (89093) (PATCH ID: OSF445-529) ******** Offlining a CPU with bound process(es) can lead to a "malloc_check_checksum: memory pool corruption" panic. 0 stop_secondary_cpu 1 panic 2 malloc_check_checksum 3 malloc_internal 4 _ms_malloc 5 _ftx_start_i 6 bmt_free_bf_mcells_i 7 bmt_free_bf_mcells 8 del_dealloc_stg 9 stg_remove_stg_finish 10 bs_close_one 11 msfs_inactive 12 vrele 13 vn_close 14 closef 15 close 16 syscall 17 _Xsyscall PROBLEM: (86382) (PATCH ID: OSF445-222) ******** This patch fixes a problem that effects threaded programs compiled with the taso option on Tru64 UNIX V4.0G. The default stack size for taso threads in DECthreads V3.16, prior to this patch, was incorrectly being set to 1Mb. With this patch, normal and taso applications on V4.0G will use the same default stack size. PROBLEM: (89295, 89838) (PATCH ID: OSF445-356) ******** PROBLEM: (89295, 89838) (PATCH ID: ) DEGPA and NetRAIN ----------------- DEGPA adapters will cease to communicate occasionally in a NetRAIN configuration. Investigation via ifconfig will reveal the MAC (HWaddr) addresses are the same, which is not a valid configuration. # ifconfig -va alt0: flags=c63 NetRAIN Virtual Interface: nr1 NetRAIN Attached Interfaces: ( alt0 alt1 ) Active Interface: ( alt0 ) HWaddr 0:60:6d:21:24:7b alt1: flags=c63 NetRAIN Virtual Interface: nr1 NetRAIN Attached Interfaces: ( alt0 alt1 ) Active Interface: ( alt0 ) HWaddr 0:60:6d:21:24:7b DEGPA and vMAC -------------- DEGPA adapters have not previously supported vMAC (for example with cluster alias). Clients within same subnet as cluster alias are not able to ping nor telnet their cluster alias due to the vMAC address not responding. PROBLEM: (88013) (PATCH ID: OSF445-275) ******** This patch fixes a rare panic in the driver for the DE600/DE602 10/100 Ethernet adapter. The panic is the result of a kernel memory fault that occurs when an ioctl is sent to the driver (for instance using "ifconfig"), or when a machine is shutting down to reboot. Typically it will only occur when there is high traffic on the network. The stack trace may show ee_rint as the routine in which the kernel memory fault occurred: 1 panic() 2 trap() 3 _XentMM() 4 ee_rint() 5 ee_rx_intr_work_thread() The stack trace may alternatively show ee_add_rfd_buf as the routine in which the kernel memory fault occurred: 1 panic() 2 trap() 3 _XentMM() 4 ee_add_rfd_buf() PROBLEM: (DK_G02854, DK_G02868, DK_G02590, DK_G02988) (PATCH ID: OSF445-358) ******** This patch fixes a problem where a system crash occurs at the end (or immediately after) a rmvol on an AdvFS domain. A panic string like the following will be seen: panic (cpu 0): lsn_io_list: current lsn > hiflushlsn N1 = -1550805214, N2 = 1026 N1 can be any high negative number, and N2 will be 1026. This panic will likely cause the domain in question to become corrupt and unmountable. If the domain becomes unmountable, the customer should restore data from backup. This panic will only occur on systems that have installed the BL17 patch. It is also possible that a customer may see a hang in bs_bf_flush_nowait instead of this panic. PROBLEM: (88424, 88447, 88485, 88536, SSRT1-40U, SSRT1-41U, SSRT1-42U, SSRT1-45U, SSRT1-48U) (PATCH ID: OSF445-436) ******** A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised. This may be in the form of improper file access. Compaq has corrected this potential vulnerability. PROBLEM: (90990) (PATCH ID: OSF445-379) ******** System will panic and/or data corruption may occur by changing fifo parameter pipe-databuf-size while fifo operations are in flight. Panic information: (dbx) t > 0 boot(reason = (unallocated - symbol optimized away), howto = (unallocated - symbol optimized away)) ["../../../../src/kernel/arch/alpha/machdep.c":2644, 0xfffffc000067b854] 1 panic(s = (unallocated - symbol optimized away)) ["../../../../src/kernel/ bsd/subr_prf.c":1401, 0xfffffc000029f4a0] 2 trap(a0 = (...), a1 = (...), a2 = (...), code = (unallocated - symbol optimized away), exc_frame = (unallocated - symbol optimized away)) ["../../../../src/kernel/arch/alpha/trap.c":2266, 0xfffffc00006696e0] 3 _XentMM(0x1, 0xfffffc00005d0fc0, 0xfffffc00008409a0, 0xfffffc0059d72400, 0x0) ["../../../../src/kernel/arch/alpha/locore.s":2143, 0xfffffc0000663154] 4 fifo_write(vp = (unallocated - symbol optimized away), uiop = (unallocated - symbol optimized away), ioflag = (unallocated - symbol optimized away), cred = (unallocated - symbol optimized away)) ["../../../../src/kernel/vfs/ fifo_vnops.c":1161, 0xfffffc00005d0fc0] 5 nfsfifo_write(0xfffffc00005f7044, 0xfffffc00927b00c0, 0xfffffe04a223f878, 0xfffffc0030481d40, 0xfffffe04a223f878) ["../../../../src/kernel/nfs/ nfs_vnodeops.c":3939, 0xfffffc0000533e38] 6 vn_write(0xfffffc00002b3230, 0xfffffe04a223f878, 0xfffffc004dd7f200, 0x0, 0x4000) ["../../../../src/kernel/vfs/vfs_vnops.c":1427, 0xfffffc00005f7040] 7 rwuio(0xfffffe04a2238000, 0xfffffc000cbc9880, 0xfffffc00927b00c0, 0xfffffe04a223f8f0, 0x1) ["../../../../src/kernel/bsd/sys_generic.c":2257, 0xfffffc00002b3284] 8 write(0xb4000, 0xfffffc0000000001, 0x4000, 0x100000000, 0xffffffff00000002) ["../../../../src/kernel/bsd/sys_generic.c":2179, 0xfffffc00002b3118] 9 syscall(0x4000, 0x0, 0x0, 0x1200012fc, 0x0) ["../../../../src/kernel/arch/ alpha/syscall_trap.c":725, 0xfffffc000065f700] 10 _Xsyscall(0x8, 0x3ff800d1d18, 0x1400080b0, 0x3, 0x11fff8000) ["../../../.. /src/kernel/arch/alpha/locore.s":1814, 0xfffffc0000662edc] PROBLEM: (DBDQ80HPS, 89463) (PATCH ID: OSF445-281) ******** The problem is a corruption of binary.errlog, that was introduced into BL 17. This patch will correct the problem. PROBLEM: (TKT200039, QAR88885) (PATCH ID: OSF445-283) ******** This patch eliminates a Simple Lock Time Limit Exceeded due to the IoQueueMutex being held in bs_real_invalidate_pages. The following data is relevant to identifying this situation: (From pmsgbuf) lock class name: IoQueueMutex current lock state:0xc00000ad003ec215 (cpu=0,pc=0xfffffc00003ec214,busy) The pc above is in the routine bs_real_invalidate_pages. There is a running thread which has that routine in its stack before being interrupted by the forced crash. PROBLEM: (DEK063069, BE_G01725, BCSM20DQH, STL351462, BCSM20RBF, HPAQC1VVB, 91815, HPAQ12S9K, BE_G03046) (PATCH ID: OSF445-368) ******** This patch fixes a problem with multi-threaded applications that can cause the application to consume 100% of the CPU usage time. The problem is two-fold: (1) a race condition in posting and delivering signals exists and (2) nxm_idle() fails to clear a condition that keeps it from ultimately blocking as it should when invoked by an idle scheduler thread. PROBLEM: (89158) (PATCH ID: OSF445-279) ******** This patch fixes an lpd problem, a memory leak associated with the allocation of a buffer. PROBLEM: (DE_G03995) (PATCH ID: OSF445-437) ******** This fixes a problem in the VM subsystem that could cause a crash with the panic string "vm_page_ssm_unwire". An example stack trace: 4 panic 5 vm_page_ssm_unwire 6 u_ssm_unwire 7 u_ssm_fault 8 vl_unwire 9 u_map_wire 10 lw_unwire_new 11 vm_map_pageable PROBLEM: (95126) (PATCH ID: OSF445-586) ******** This patch prevents segmentation faults when sia_ses_init is passed a malformed argument vector. This problem was discovered when dxchpwd was passed several -x arguments. The Motif libraries modified the argument vector during intialization. This modified vector eventually caused a segmentation fault in SIA initialization. PROBLEM: (94525) (PATCH ID: OSF445-495) ******** A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised when a buffer overflow occurs in the sh utility. Buffer overflows are sometimes exploited in an attempt to subvert the function of a privileged program and possibly execute commands at the elevated privileges if the program file has the setuid privilege. HP has corrected this potential vulnerability. PROBLEM: (87037) (PATCH ID: OSF445-266) ******** This patch provides the /usr/lbin/mkstemp program which allows the mechanism to create a secure temporary file. PROBLEM: (117-1-15923) (PATCH ID: OSF445-209) ******** This fix resolves a problem in which there was a panic ('simple lock: time limit exceeded') in 'spec_reclaim' PROBLEM: (none) (PATCH ID: OSF445-336) ******** This patch provides fuser functionality to allow detecting unlinked referenced files. Deleted files still occupy filesystem space until the last reference on that file gets closed. Without the functionality provided here, there is no easy approach to identifying which is responsible for keeping that filesystem space. PROBLEM: (94450, SSRT2309) (PATCH ID: OSF445-485) ******** A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised when a buffer overflow occurs in the xdr library, which is used by the rpc library. Buffer overflows are sometimes exploited in an attempt to subvert the function of a privileged program and possibly execute commands at the elevated privileges if the program file has the setuid privilege. HP has corrected this potential vulnerability. PROBLEM: (94472, SSRT2301) (PATCH ID: OSF445-490) ******** A potential security vulnerability has been discovered in the HP Tru64 UNIX operating system, where under certain circumstances, system integrity may be compromised through improper file access (overwriting of files). This potential vulnerability is in the form of a local security domain risk. The following potential security vulnerability has been corrected: o SSRT2301 uudecode (Severity - Medium) PROBLEM: (93382) (PATCH ID: OSF445-434) ******** This problem only occurs when Access Control Lists (ACLs) are enabled. It only occurs on AdvFS filesystems. If there is a Default Access ACL on a directory and a symbolic link is created in the directory the permissions on the symbolic link will appear to be the permissions from the Default Access ACL when you look at the permissions, e.g. with ls(1) or stat(2). Permissions are ignored for symbolic links, so access through the symbolic link is not affected. With this patch, new symbolic links created will show the proper permissions, rwxrwxrwx (777). PROBLEM: (117-1-17467:BCSM60KGT, 74405) (PATCH ID: OSF445-292) ******** Applications that use the fwrite() library call may fail when the total number of bytes to be written is larger than 2 GB. Also, when the total number of bytes to be written is a multiple of 4 GB, fwrite() may indicate success, when in reality, no data has actually been written. This patch addresses these problems. PROBLEM: (91908) (PATCH ID: OSF445-400) ******** A performance regression with 2-level threads scheduling was seen. PROBLEM: (67870) (PATCH ID: OSF445-625) ******** This patch eliminates the compiler warnings in ksh. PROBLEM: (93730, SSRT0845U) (PATCH ID: OSF445-463) ******** A potential security vulnerability has been identified in the HP Tru64 UNIX operating system which may result in non-privileged users gaining unauthorized access to files or privileged access on the system. This potential vulnerability may be in the form of a local and remote security domain risk. Cross Reference: VU#809347 The following potential security vulnerability has been corrected: o SSRT0845U stdio file descriptors (Severity - High) PROBLEM: (BCPM61VLJ, 88819) (PATCH ID: OSF445-299) ******** This patch corrects a problem where the SNMP interface counter ifInUcastPkts occassionally decrements or jumps to an arbitrary, large value. PROBLEM: (85811, 85406, 85726, 86107, 86375, 86657, 86828, 87776, 80684, 88062, 87339, 88063, 88243, 86895, 87339, 80116) (PATCH ID: OSF445-262) ******** The patch updates the emx driver to V2.01 and fixes the following problems: . a problem of unexpected tape i/o aborts . panic of can't grow probe list . several kernel memory faults within the driver . redundant adapter failures no longer panic the system . a problem of panicing with low memory resources . stalling i/o during reprobing when a cluster member goes down. PROBLEM: (91301, SSRT0771U) (PATCH ID: OSF445-355) ******** When the LANG and LOCPATH environment variables are set to a very long string, the application may crash with segmentation fault. This patch fixes the problem. PROBLEM: (92041) (PATCH ID: OSF445-534) ******** Systems configured with VX1 graphics cards will not switch the graphics head display to VGA text mode. When the Xserver window system is running, VGA text display mode should be restored when the halt button is pressed. Console commands can then be echo'd to the VGA display for diagnostic purposes. Without this fix, the console commands will not be displayed. PROBLEM: (89979) (PATCH ID: OSF445-636) ******** Patch eliminates compiler warnings in 'ksh'. PROBLEM: (HPAQA117F, 91886) (PATCH ID: OSF445-349) ******** This patch fixes a problem with strerror. When memory is exhausted, strerror can not allocate a buffer for the error string. This patch provides an alternate buffer for strerror when memory is exhausted. PROBLEM: (90180, GROWTH) (PATCH ID: OSF445-306) ******** In programs that use both malloc and mmap, malloc can sometimes allocate very large amounts of memory from the kernel, more than 100 times the amount of memory requested. This causes unnecessary use of swap space. This patch fixes malloc's overallocation of memory. PROBLEM: (91773) (PATCH ID: OSF445-386) ******** Fix for internal kernel panic "get_xm_page_range_info:kernel memory fault" | This kernel panic occurs infrequently when one thread is | adding storage to a file and another thread is actively | migrating the same file. If the file appending the storage | encounters an error of no more blocks (file system full) | any partial storage added is removed and the in memory | extent map is set to null. When the migrate thread | encounters this extent map null condition, it expects the | extent map to not be null and panics. | PROBLEM: (117-1-15923) (PATCH ID: OSF445-218) ******** A problem was discovered with the fix described in v40gsupportos-209-blotcky. This fix has already been submitted. The purpose of this srequest is to back out this fix. PROBLEM: (95046) (PATCH ID: OSF445-574) ******** A panic can occur when reading granularity hint memory from another process via the procfs interface. Typical stack trace as follows: 4 panic 5 trap 6 _XentMM 7 vm_handle_if_gran_hint 8 procfs_read 9 vn_read 10 rwuio 11 read 12 syscall 13 _Xsyscall PROBLEM: (88548) (PATCH ID: OSF445-503) ******** A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised. This may be in the form of improper file or privilege management. HP has corrected this potential vulnerability. PROBLEM: (BCGMC1CKJ, FR_G03239) (PATCH ID: OSF445-370) ******** This correction avoids a silent infinite loop in vdump by correcting the AdvFS system call OP_GET_BKUP_XTNT_MAP. The call will now return the valid xtntCnt when it fails due to E_NOT_ENOUGH_XTNTS. PROBLEM: (LU_G01229) (PATCH ID: OSF445-342) ******** This fixes a problem with vm_faults against anon objects mapped by multiple map entires. PROBLEM: (EVT0496318B, 87204) (PATCH ID: OSF445-304) ******** This patch is to correct the problem where the DLI queue stalls when there is no traffic in the TCP/IP or HDLC stacks. In order to enable this fix, one needs to set the netisrwakeupthreshold = 0 as this will allow more than one netisr to be run by a user process. PROBLEM: (81917, 95245) (PATCH ID: OSF445-582) ******** This patch address 2 issues. 1) When file system is full (/var) and crontab is issued to edit the crontab entries, earlier it use to truncate the entries. Now it performs check on whether the new entries are copied before replacing the existing entries 2) If a file system is full and we are editing a file in 'vi', then there is a possibility that file gets truncated upon write operation. Now vi has been modified to handle this scenario by reserving the blocks required ahead. If it fails in reserving the blocks, it comes out with error without truncating the existing file. PROBLEM: (TKT361836, TKT376858) (PATCH ID: OSF445-543) ******** This patch corrects the problem where a user may experience a core dump, when using csh from the Japanese locale. PROBLEM: (93126, 93724) (PATCH ID: OSF445-438) ******** Excessive FIDS_LOCK contention is observed when large number of files using system based file locking. Result from "lockinfo -sort=misses -d 20 -f 200 -p 25 -l 20" will shows at the top of the list with a high miss rate. PROBLEM: (63460, 67037) (PATCH ID: OSF445-637) ******** The cron daemon was not logging the commands it runs on the request of users, even when the loglevel is set to 4 in /var/adm/cron/queuedefs. This is because there was no support for this feature in cron. Now we have this support. PROBLEM: (HPAQB1F1V) (PATCH ID: OSF445-216) ******** This patch fixes a problem in which the "mv" command will not perform a move if the inode of the file is the same as the inode of the destination directory, even though said file and directory reside on different file systems. PROBLEM: (TKT327302) (PATCH ID: OSF445-536) ******** This patch fixes a problem in the kernel network subsystem that caused a kernel memory fault panic in the routine m_adj(). PROBLEM: (90982, 92619, 92647) (PATCH ID: OSF445-416) ******** This patch fixes three problems with the "ee" driver for DE60x Ethernet cards. These problems affect all Tru64 systems containing DE60x network interfaces. Transmit timeout race --------------------- Occasionally a transmit timeout in the "ee" driver will cause the machine to panic due to a race condition between the transmit timeout code and the receive code. The message log will contain a transmit timeout, shortly followed by the panic: ee2: Transmit timeout (scbsts = f0006050, mask = f0000c00) trap: invalid memory read access from kernel mode faulting virtual address: 0x0000000000000010 pc of faulting instruction: 0xffffffff006d0b80 ... The stack trace will be similar to the following: > 0 stop_secondary_cpu src/kernel/arch/alpha/cpu.c : 1358 1 panic src/kernel/bsd/subr_prf.c : 1299 2 event_timeout src/kernel/arch/alpha/cpu.c : 2268 3 printf src/kernel/bsd/subr_prf.c : 984 4 panic src/kernel/bsd/subr_prf.c : 1356 5 trap src/kernel/arch/alpha/trap.c : 2278 6 _XentMM src/kernel/arch/alpha/locore.s : 2213 7 ee_add_rfd_buf_locked src/kernel/io/dec/netif/if_ee.c : 2632 8 ee_add_rfd_buf src/kernel/io/dec/netif/if_ee.c : 2522 9 ee_rint src/kernel/io/dec/netif/if_ee.c : 5718 10 ee_rx_intr_work_thread src/kernel/io/dec/netif/if_ee.c : 5439 Memory allocation error checking -------------------------------- There is no recorded instance of this occurring, but error checking was added to buffer allocation in the receive path to prevent a panic if MALLOC is unable to obtain memory. DMA resource allocation ----------------------- It is possible for the platform subsystem to return fewer DMA resources than requested if resources are running low. Previously this would potentially cause a panic since the adapter might DMA into a memory location not owned by the driver. This patch recognizes and prevents that situation in the driver. PROBLEM: (HPAQA117F/QAR90317) (PATCH ID: OSF445-335) ******** This patch fixes a problem with fopen. Prior to this fix, fopen would return "File not found" if it ran out of memory while trying to open a file. With this patch, fopen will return "Not enough space" when memory is exceeded. PROBLEM: (84529, 87164) (PATCH ID: OSF445-314) ******** This patch fixes a bug that could cause a panic with the panic string "ubc_object_free: page still resident". PROBLEM: (SSRT1-40U, SSRT1-48U) (PATCH ID: OSF445-225) ******** A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised. This may be in the form of improper file or privilege management. Compaq has corrected this potential vulnerability. PROBLEM: (86535, DE_G03524) (PATCH ID: OSF445-385) ******** This patch corrects a problem where gated will no longer complain each time it attempts to send an OSPF HELLO packet and possibly fill up log files. PROBLEM: (92212, DEK064589) (PATCH ID: OSF445-427) ******** System panics in audit_rec_build when auditing execve with the exec_argp or exec_envp audit style enabled. PROBLEM: (SSRT0759U) (PATCH ID: OSF445-318) ******** A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised. This may be in the form of file corruption due to the manner in which setuid/setgid programs core dump. Compaq has corrected this potential vulnerability. PROBLEM: (87371) (PATCH ID: OSF445-301) ******** This patch corrects locking problems in vclean(). PROBLEM: (MGO80078A) (PATCH ID: OSF445-236) ******** In u_anon_dupu(), error handling path at label pg_error should remove the entries that have been made in the physical map PROBLEM: (BCGM7243T, TKT194594) (PATCH ID: OSF445-237) ******** This patch fixes a problem where network interfaces can appear unresponsive to network traffic. PROBLEM: (SSRT2270) (PATCH ID: OSF445-472) ******** A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised when a buffer overflow occurs in the BIND utility. Buffer overflows are sometimes exploited in an attempt to subvert the function of a privileged program and possibly execute commands at the elevated privileges if the program file has the setuid privilege. HP has corrected this potential vulnerability. PROBLEM: (95294) (PATCH ID: OSF445-600) ******** For sites which have either the /tmp or /var/tmp filesystem as a separate AdvFS domain, the nightly dirclean entries in root's crontab file previously generated error messages for failures to remove these entries. The /usr/sbin/dirclean utility no longer attempts to remove the .tags directory or the quota.group and quota.user files. (For UFS filesystems, dirclean will still remove a .tags directory normally.) PROBLEM: (BCSM218KR) (PATCH ID: OSF445-373) ******** This patch fixes a problem with dataless client failure over a network and also corrects a problem with bootable tape devices potentially failing due to a kernel memory fault. PROBLEM: (82734, 88992, 93322, 93499) (PATCH ID: OSF445-430) ******** Problem 1: The new_wire_method problem is a conflict between light weight wiring of segmented shared memory (ssm) and direct io. The problem can manifest itself in one of two ways: - Oracle users receive "Cannot connect to Oracle" error message - System performance degrades when users try to disconnect from Oracle Problem 2: The kernel malloc problem has only be seen with the ARMTech software and the panic is due to a malloc request size of zero. Stack trace follows: 1 panic src/kernel/bsd/subr_prf.c:1299 2 event_timeout src/kernel/arch/alpha/cpu.c:2322 3 printf src/kernel/bsd/subr_prf.c:984 4 panic src/kernel/bsd/subr_prf.c:1356 5 malloc_internal src/kernel/bsd/kern_malloc.c:1602 6 arm_db_load_keys database_files.c:208 7 read_tier structure_manager.c:401 8 read_definitions structure_manager.c:235 9 arm_db_new_structure structure_manager.c:679 10 arm_db_Initialise database_manager.c:449 11 ARMTsupport_configure export/build/ARM1_0-T64-Release1_0/ARMTech/src/ arch/Tru64/kern/common/support_module.c:239 12 subsys_conf src/kernel/bsd/subsys_conf.c:2529 13 kmodcall src/kernel/bsd/kern_kmodcall.c:317 14 syscall src/kernel/arch/alpha/syscall_trap.c:725 15 _Xsyscall src/kernel/arch/alpha/locore.s:1870 PROBLEM: (TKT244440) (PATCH ID: OSF445-290) ******** While in an Asian locale (such as Japanese) and executing a ksh command that deals with directories with Asian language names, a segmentation fault and core dump may occur. This patch fixes this problem. PROBLEM: (88653, HPAQ507XC) (PATCH ID: OSF445-257) ******** This patch corrects a problem in the virtual file system that could cause panic with the panic string "kernel memory fault." PROBLEM: (84839) (PATCH ID: OSF445-375) ******** When displaying unlinked references, output the reference flag to indicate the type of reference. This is helpful in the case of closed, unlinked, and mmapped references. PROBLEM: (none, wc.symlink.003.sec_tunables) (PATCH ID: OSF445-415) ******** A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised. This may be in the form of improper file access. Compaq has corrected this potential vulnerability. PROBLEM: (85602) (PATCH ID: OSF445-232) ******** This patch fixes a problem in which lpd hangs when printing to advanced server queues (using /dev/null). PROBLEM: (87175, BCPM41T19, 87301) (PATCH ID: OSF445-248) ******** A system detected a power issue and attempted to shutdown. It ran the powerdown_thread, which is not bound to a specific cpu. Eventually resettodr, which requires execution on the master cpu, was called. The powerdown thread started on cpu 2 and did not move from there. Thus, the system panic'd when the code in resettodr checked the cpu number. The stack trace is below: > 0 stop_secondary_cpu src/kernel/arch/alpha/cpu.c : 614 1 panic src/kernel/bsd/subr_prf.c : 751 2 event_timeout src/kernel/arch/alpha/cpu.c : 1183 3 xcpu_puts src/kernel/bsd/subr_prf.c : 895 4 printf src/kernel/bsd/subr_prf.c : 423 5 panic src/kernel/bsd/subr_prf.c : 804 6 resettodr src/kernel/arch/alpha/clock.c : 379 7 boot src/kernel/arch/alpha/machdep.c : 1991 8 powerdown_thread src/kernel/arch/alpha/machdep.c : 4274 PROBLEM: (92275) (PATCH ID: OSF445-596) ******** ARP request for a permanent ARP entry is ignored, user cannot connect from remote system. Using non-permanent ARP works fine. The ARP request packet was inadvertently dropped, so no reply was sent. Fixed by not dropping ARP request packets, only ARP reply packets. PROBLEM: (94880) (PATCH ID: OSF445-554) ******** This fix corrects an lpc regression in the lpc buffer overflow fix. PROBLEM: (HPAQ10CJS, BCSM11BF0) (PATCH ID: OSF445-219) ******** This patch corrects an AdvFS problem where an on-disk variable wraps when more than 64k metadata entries are required to map the disk blocks of a file or metadata file. The side effects of this problem were data inconsistencies and an incorrect available size for the domain. PROBLEM: (90927, SSRT1-40U, SSRT1-41U, SSRT1-42U, SSRT1-45U, SSRT1-48U) (PATCH ID: OSF445-357) ******** PROBLEM: (90927) (PATCH ID: ) A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised. This may be in the form of improper file access. Compaq has corrected this potential vulnerability. PROBLEM: (SSRT2260) (PATCH ID: OSF445-479) ******** A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised when a buffer overflow occurs in the lpq, lpr and lprm commnads. Buffer overflows are sometimes exploited in an attempt to subvert the function of a privileged program and possibly execute commnads and the elevated privileges if the program file has the setuid privilege. HP has corrected this potential vulnerability. PROBLEM: (STL226954, 87527, 87856) (PATCH ID: OSF445-247) ******** This patch corrects the problem in which /usr/bin/ksh hangs for certain scripts that contain wait(1). PROBLEM: (BCPMA0L7X) (PATCH ID: OSF445-325) ******** This patch fixes an "unaligned access" panic when attempting to free or malloc memory from the 512 byte kernel memory bucket (bucket 5). A typical stack trace of the panicing thread looks like the following. 5 panic src/kernel/bsd/subr_prf.c : 804 6 afault_trap src/kernel/arch/alpha/trap.c : 2594 7 _XentUna src/kernel/arch/alpha/locore.s : 1863 8 free_trim src/kernel/bsd/kern_malloc.c : 1624 9 free src/kernel/bsd/kern_malloc.c : 1677 10 getnewvnode src/kernel/vfs/vfs_subr.c : 1985 11 get_n_setup_new_vnode src/kernel/msfs/bs/bs_access.c : 3326 12 rbf_access_one_int src/kernel/msfs/bs/bs_access.c : 2803 13 rbf_access_int src/kernel/msfs/bs/bs_access.c : 2608 14 rbf_vfs_access src/kernel/msfs/bs/bs_access.c : 2458 15 bf_get_l src/kernel/msfs/osf/msfs_misc.c : 1321 16 msfs_lookup src/kernel/msfs/osf/msfs_lookup.c : 839 17 namei src/kernel/vfs/vfs_lookup.c : 610 18 stat1 src/kernel/vfs/vfs_syscalls.c : 3087 19 lstat src/kernel/vfs/vfs_syscalls.c : 3067 20 syscall src/kernel/arch/alpha/syscall_trap.c : 627 21 _Xsyscall src/kernel/arch/alpha/locore.s : 1505 PROBLEM: (BCGM10S95, QAR82871) (PATCH ID: OSF445-208) ******** This patch fixes a problem that dual mounting causes panic. The panic string would be; "rbs_access_one_int: domain different from ftx domain." PROBLEM: (92353, BCPM30LC8) (PATCH ID: OSF445-457) ******** Errors occur when running SAS. PROBLEM: (87008) (PATCH ID: OSF445-303) ******** This problem is seen when debugging kernel crash dumps. The corruption is always page-aligned and usually in the sparse VM "managed" space. "kmem -v" under the "crash" analysis tool may identify this type of corruption, however this problem is not limited to kmem allocations. The corruption can take any form -- application data, kernel data, database -- depending on which wrong page happens to be selected. PROBLEM: (117-1-19737) (PATCH ID: OSF445-401) ******** This fix corrects a problem in which sh was using a high amount of CPU time. PROBLEM: (72225, 82023) (PATCH ID: OSF445-330) ******** This patch corrects a race condition which could result in a failure to set the modification time of a file. This occurs only on a ufs filesystem. PROBLEM: (94417) (PATCH ID: OSF445-541) ******** The audit_tool search algorithms did not differentiate between prived, non_prived, unset audit uids. PROBLEM: (SSRT2275) (PATCH ID: OSF445-618) ******** This patch provides protection against a class of potential security vulnerabilities called buffer overflows. Buffer overflows are sometimes exploited in an attempt to subvert the function of a privileged program and possibly execute commands at the elevated privileges if the program file has the setuid privilege. This patch allows a system administrator to enable memory management protections that limit potential buffer overflow vulnerabilities. PROBLEM: (93714, 92650, 92212, 83371, 94138, 95676) (PATCH ID: OSF445-564) ******** PROBLEM: Not all audit data in the log is displayed after being sorted. PROBLEM: System panic in audit_rec_build. PROBLEM: Setting select/deselect flag on a directory does not affect if an audit event is generated (with obj select/obj deselect) when an audited file operation is performed. PROBLEM: (93488, 93445, 93446, 93447, 93448, 93449, 93524) (PATCH ID: OSF445-544) ******** This patch prevents a situation where the system will panic when certain system calls are made with bad input. PROBLEM: (SSRT2322) (PATCH ID: OSF445-573) ******** A potential security vulnerability has been identified in the HP Tru64 UNIX operating system which may result in a Denial of Service (DoS). This may be in the form of local and remote security domain risks. The following potential vulnerability has been corrected: o SSRT2322 - BIND resolver (Severity - High) PROBLEM: (81512) (PATCH ID: OSF445-441) ******** This problem will only be seen if you mmap a file with the MAP_PRIVATE flag. The time that it takes for the msync system call to complete will grow exponentially with the range that is passed in. With files that are a gigabyte or more, the msync call can take several minutes to complete. This patch signifigantly decreases the amount of time that msync takes to complete. PROBLEM: (HGO091469, 87558) (PATCH ID: OSF445-320) ******** A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised. This could result in a panic with the string: "lock_clear_recursive: recursion not enabled." Compaq has corrected this potential vulnerability. PROBLEM: (BCGM41R20, BCGM70QF0) (PATCH ID: OSF445-273) ******** This patch fixes a problem where a system with a dual-mounted AdvFS filesystem can panic with the panic string, "bs_unpinpg: unpin sync with writeRef >1". The stack trace will typically look like the following. panic advfs_sad bs_unpin_pg set_vd_mounted bs_bfdmn_activate bs_bfdmn_tbl_activate bs_bfset_activate_int bs_bfset_activate advfs_mountfs msfs_mount mount1 mount syscall _Xsyscall PROBLEM: (IT_G02713) (PATCH ID: OSF445-409) ******** This patch fixes a problem that caused the 4.3BSD socket interface to return incorrect values for IOCTL calls accessing IP alias address information. PROBLEM: (93623) (PATCH ID: OSF445-444) ******** There are some device driver errors that may succeed if they are retried. This change allows AdvFS to initiate a retry if one of those errors is detected. /sbin/sysconfig -r advfs AdvfsIORetryControl=nn where nn is 0-9 and modifies the number of retries AdvFS will attempt. AdvFS initiated retries are in addition to the retries that the device driver will already be doing. /sbin/sysconfig -q advfs AdvfsIORetryControl will display the current AdvFS initiated retry value. If an I/O fails and it is one of the errors that may be helped by an AdvFS initiated retry, then a message will be written to the console providing information on how to modify AdvFS I/O retry behavior, as well as the current AdvFS retry settings. PROBLEM: (87391, 89027, 84361, 89376, 89775) (PATCH ID: OSF445-333) ******** This patch fixes the following problems: - KMF while unmounting cfs file system - panic with "simple lock: minumum_spl violation" - panic with "simple lock: time limit exceeded" in "spec_reclaim" - specalias structures not being freed - mount command with the extend -u option caused panic PROBLEM: (91602, 92396) (PATCH ID: OSF445-392) ******** The cdfs file system, based upon ISO9660 format, limited the size of the file system to 2.1GB which is less than the available space offered by DVD media formatted for ISO9660. This patch allows access to the full capacity of DVD media when utilizing an ISO9660 formatted file system on it. PROBLEM: (STL428023) (PATCH ID: OSF445-456) ******** Do no initialize USB Hub on systems where USB is not supported. This avoids a rare KMF where the faulting virtual address and pc are : fault_va = 0x6275685f627374 = "usb_hub" fault_pc = 0x6275685f627374 = "usb_hub" PROBLEM: (93003) (PATCH ID: OSF445-443) ******** This patch alleviates a temporary hang/pause condition seen when forking or running down an application with several child processes, from a parent process having an extremely large number of unique or discontigous memory allocations. The temporary hang/pause occurs during the forking or run-down of child processes belonging to a parent process with an extremely large number of map entries (>30000). The hang is the result of having to inherit or remove the extensive list of map entires to or from the child process while other activity is taking place against the process address space. The hang/pause condition is only temporary and should eventually make forward progress. The length of the hang is related to the number of map entries the parent process has and the number of child processes involved. The larger the number of map entries and the more child processes involved, the longer the hang. Map entries are descriptors that describe the various parts of a processes address space. A map entry is created for each unique or non-adjacent address space that is created. Depending on which CPU the forking or exitting process is running on, the hang may cause telnet or ping requests to also hang temporarily. PROBLEM: (DE_G02010, 89577, 90046) (PATCH ID: OSF445-289) ******** This patch fixes a problem when there is a "hole" in the virtual disk array. When this occurs, the disk partition "appears" in the output even though it doesn't exist. The error output produced comes from advscan where it shows domains existing when they don't (the hole). Additionally, the mount -o dual produces an I/O error. This looks like: # /sbin/advfs/advscan rz2 Scanning devices /dev/rrz2 Found domains: d Domain Id 3b38b962.00094a1e Created Tue Jun 26 18:33:38 2001 Domain volumes 2 /etc/fdmns links 2 Actual partitions found: rz2d rz2f rz2g* <----- Partition g still has the old domain ID! d1 Domain Id 3b38ba1a.000cfffa Created Tue Jun 26 18:36:42 2001 Domain volumes 2 /etc/fdmns links 2 Actual partitions found: rz2e And: # mount -o dual d1#1 /mnt1 Dual mounting a split mirror AdvFS filesystem. This takes a short while to update the domain's ID. d1#1 on /mnt1: I/O error PROBLEM: (117-1-21461/QAR) (PATCH ID: OSF445-572) ******** Prior to this fix, lpd treated entries in /etc/hosts.lpd in a case sensitive manner (meaning that "node.domain" was treated differently than "Node.Domain"). This fix causes lpd to treat entries in /etc/hosts.lpd in a case insensitive manner (meaning that now entries of the form "node.domain" are viewed as identical to mixed case entries of the form "Node.Domain"). PROBLEM: (HPAQ11G64, HPAQ41Q65, 86633) (PATCH ID: OSF445-261) ******** This patch corrects the problem of a simple lock timeout due to posix timers and it also corrects some inaccuracies of the posix realtime timers. PROBLEM: (BCSM31TQK) (PATCH ID: OSF445-410) ******** This patch fixes a problem where calling send() with the AIO flags set can cause the system to panic with a kernel memory fault in the "aio_send" code. PROBLEM: (117-1-17857:CA1Q70314, 89329) (PATCH ID: OSF445-293) ******** Applications that call fread() with large amounts of data may experience excessive I/O activity and slower performance than expected. Also, applications which issue individual fread() calls with a total data size representation that is greater than 32 bits (2^32 of data) will always read less than the requested amount due to a truncation error in fread(). This patch addresses these problems. PROBLEM: (86740, 91581) (PATCH ID: OSF445-532) ******** PROBLEM: When creating sub-directories, the system may hang if the system imposed link limit is reached for a particular parent directory. PROBLEM: When using synchronous IO, a false indication of success will be returned when writing to a file and exceeding the file size limits imposed by the operating system. PROBLEM: (TKTB10144, 45781, 86466) (PATCH ID: OSF445-220) ******** This patch corrects a problem where an fcntl() with the FIFO parameter would return errno=22 (Invalid Argument). PROBLEM: (82393, MGO90408A) (PATCH ID: OSF445-655) ******** This patch fixes a problem caused when the Tru64 TCP layer prematurely closes a slow, but good connection with TCP reset. An example is when a Networker backup stalls while the server has to reload a tape. PROBLEM: (87224) (PATCH ID: OSF445-505) ******** A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised. This may be in the form of improper file or privilege management. HP has corrected this potential vulnerability. PROBLEM: (91547) (PATCH ID: OSF445-606) ******** When two concurrent process tries to move a file, only one process will be able to "unlink" the original file. In case, if both the process completes simultaneously, only one of the process can unlink the file after moving it to the specified destination. Since, the errno is not checked while unlinking the file, both the process return from "mv" command without any error. This fix takes care of this situation. PROBLEM: (FR_G03596, DK_G03587, 85043, 85680, 88962, 88967, 90177) (PATCH ID: OSF445-418) ******** System may panic with: u_anon_free: page busy and the following stack trace: 0 boot 1 panic 2 u_anon_free 3 u_anon_unmap 4 u_map_delete 5 vm_map_exit 6 exit 7 syscall 8 _Xsyscall This is due to I/O clustering leaving pages held in certain code paths. PROBLEM: (94442) (PATCH ID: OSF445-481) ******** A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised when a buffer overflow occurs in the dxterm utility. Buffer overflows are sometimes exploited in an attempt to subvert the function of a privileged program and possibly execute commands at the elevated privileges if the program file has the setuid privilege. HP has corrected this potential vulnerability. PROBLEM: (DEK035065, 87183, 77549) (PATCH ID: OSF445-341) ******** This patch corrects a Kernel Memory Fault that could result from an inp pointer disappearing when the listen socket is in the process of closing at the same time a new connection is establishing. An example stack trace might look like: crash> tf > 0 stop_secondary_cpu src/kernel/arch/alpha/cpu.c : 585 1 panic src/kernel/bsd/subr_prf.c : 751 2 event_timeout src/kernel/arch/alpha/cpu.c : 1159 3 xcpu_puts src/kernel/bsd/subr_prf.c : 895 4 printf src/kernel/bsd/subr_prf.c : 423 5 panic src/kernel/bsd/subr_prf.c : 804 6 trap src/kernel/arch/alpha/trap.c : 1707 7 _XentMM src/kernel/arch/alpha/locore.s : 1677 8 tcp_input src/kernel/netinet/tcp_input.c : 913 9 ipintr src/kernel/netinet/ip_input.c : 1222 10 netisr_thread src/kernel/net/netisr.c : 1181 PROBLEM: (92687) (PATCH ID: OSF445-585) ******** This patch fixes a Tru64 nfs server panic caused by receiving illegal file access mode from the Tru64 nfs client. PROBLEM: (SSRT2266) (PATCH ID: OSF445-514) ******** A potential security vulnerability has been identified in the HP Tru64 UNIX operating system that may result in denial of service. This may be in the form of local and remote security domain risks. The following potential security vulnerability has been corrected: o SSRT2266 IGMP (Severity - High) PROBLEM: (THALES-594, STL160583) (PATCH ID: OSF445-407) ******** This patch corrects a problem which had resulted in broadcast or multicast packets being processed multiple times on behalf of a NetRAIN device, once for each backup interface. PROBLEM: (SSRT0781U) (PATCH ID: OSF445-353) ******** A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised. This may be in the form of network programs core dumping. Compaq has corrected this potential vulnerability. PROBLEM: (BCPM205PB) (PATCH ID: OSF445-339) ******** This fixes a kernel memory fault panic in msg_rpc_trap(). An example stack trace would be: panic() trap() _XentMM() msg_rpc_trap() _Xsyscall() PROBLEM: (87753, GOZ56536C) (PATCH ID: OSF445-258) ******** This patch fixes a system panic resulting from a rare race condition. The panic error message is a kernel memory fault. PROBLEM: (SSRT1-40U, SSRT1-41U, SSRT1-42U, SSRT1-45U, SSRT1-48U) (PATCH ID: OSF445-412) ******** A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised. This may be in the form of improper file access. Compaq has corrected this potential vulnerability. As part of this correction, this patch provides two new utilities and three new libc routines. The utilities are /usr/bin/mktemp and /usr/sbin/dirclean, and the libc routines are mkdtemp(), mkstemps(), and safe_open(). This change also updates the /sbin/init.d/rmtmpfiles script and root's crontab to use /usr/sbin/dirclean. PROBLEM: (FR_G01704, 89108) (PATCH ID: OSF445-276) ******** This patch is to correct the problem of a rexec command hanging on a system. PROBLEM: (88592, SSRT1-40U, SSRT1-41U, SSRT1-42U, SSRT1-45U, SSRT1-48U) (PATCH ID: OSF445-535) ******** A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised. This may be in the form of improper file access. Compaq has corrected this potential vulnerability. PROBLEM: (UVO58439K) (PATCH ID: OSF445-344) ******** This patch fixes a problem of incorrect default route modification in which there is a race condition between gated startup and installation of static routes. PROBLEM: (85506, 85749) (PATCH ID: OSF445-284) ******** This patch fixes a potential security problem. PROBLEM: (92468, 93276, 93877) (PATCH ID: OSF445-461) ******** This patch fixes two problems in the "ee" driver for DE60x 10/100 Ethernet adapters. These problems affect all Tru64 systems containing DE60x network interfaces. (1) A panic can occur while a system is rebooting if the "ee" driver is actively receiving data when its shutdown routine is called. This fix prevents buffers from being freed while they are still in use. (2) Occasionally a packet can stall in the send queue instead of being transmitted. It will be pushed onto the wire by the next packet that is transmitted. This fix prevents packets from stalling in the send queue. PROBLEM: (94301) (PATCH ID: OSF445-469) ******** A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised when a buffer overflow occurs in the ksh utility. Buffer overflows are sometimes exploited in an attempt to subvert the function of a privileged program and possibly execute commands at the elevated privileges if the program file has the setuid privilege. HP has corrected this potential vulnerability. PROBLEM: (37500) (PATCH ID: OSF445-626) ******** Patch makes start up scripts in /sbin/init.d world readable. PROBLEM: (95630) (PATCH ID: OSF445-649) ******** This patch fixes sh problem while executing a here document through command substitution. PROBLEM: (94382, 94807, FR_G04495, FR_G05021) (PATCH ID: OSF445-552) ******** This patch corrects a problem in AdvFS where it avoids a potential stranded log record in memory that doesn't get out to disk by fixing a race condition. PROBLEM: (94297) (PATCH ID: OSF445-466) ******** A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised. A malicious user can attempt to subvert a program file that has the setuid or setgid privilege and possibly execute commands at an elevated privilege level. HP has corrected this potential vulnerability. PROBLEM: (88474, 89240, HPAQ610G9) (PATCH ID: OSF445-282) ******** This patch fixes a problem with the c shell (csh) so that it now correctly recognizes the backslash ('\') meta character. PROBLEM: (93744, 93747, 94094, 94139, 94123, SSRT2190, SSRT2192, SSRT2257, SSRT2259, SSRT2262) (PATCH ID: OSF445-453) ******** A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised when a buffer overflow occurs in the chfn, chsh, or passwd utilities. Buffer overflows are sometimes exploited in an attempt to subvert the function of a privileged program and possibly execute commands at the elevated privileges if the program file has the setuid privilege. HP has corrected this potential vulnerability. PROBLEM: (SSRT0740U) (PATCH ID: OSF445-286) ******** A potential security vulnerability has been discovered in the networking, where under certain circumstances a remote system can take over packets destined for another host. PROBLEM: (FR_G04662) (PATCH ID: OSF445-496) ******** This patch corrects a problem which could result in an alias IP address being incorrectly promoted to being the primary address when another alias is removed. PROBLEM: (BCPMB05HS) (PATCH ID: OSF445-361) ******** This patch fixes a problem where a system can panic with a kernel memory fault in malloc() while mallocing from the 512 byte bucket (bucket 5). A typical stack trace would look like the following. panic() trap() _XentMM() malloc() initnewvnode() getnewvnode() procfs_lookup() namei() vn_open() copen() open() syscall() _Xsyscall() PROBLEM: (74585, BCSM41PFG, BCSM9074) (PATCH ID: OSF445-285) ******** This patch corrects the problem with csh(1) where if a non-root user performed an ls(1) with wild card characters on a directory having permission 700, then it would display the invalid error message, "Glob aborted." Now it displays the correct error message of "Permission denied". PROBLEM: (85223, 84579) (PATCH ID: OSF445-297) ******** This patch corrects an NFS hang when the delayed option is used with the mount command. PROBLEM: (95682, 95733, SSRT2439, SSRT2341) (PATCH ID: OSF445-647) ******** In certain conditions a too-small buffer could be allocated. Similarly, under certain circumstances, pointers to a buffer within the RPC subsystem could be set beyond the buffer's bounds. This patch fixes these problems. PROBLEM: (EVT0467943) (PATCH ID: OSF445-278) ******** The patch fixes a problem that sometimes caused the system to select the incorrect IP source address for out-going connections when using IP aliases and subnetting on a network interface. PROBLEM: (92276, 90218, 94063, 94493) (PATCH ID: OSF445-454) ******** This patch fixes three problems with the "alt" driver for DEGPA Gigabit Ethernet adapters. These problems affect all Tru64 systems containing DEGPA network interfaces. (1) A workaround for a DEGPA hardware bug that can, in rare conditions, cause the machine to panic. When this panic is encountered, the following details will be present in the crash dump: (a) alt_recv_complete will be in the stack trace. (b) The _XentMM trap() will be for memory location 0x50. (2) A fix for a receiver hang that can occur in extremely low memory conditions. When this bug is encountered, the interface will be able to transmit but not receive, so it will not be reachable by any other node on the network. This bug can be verified by checking for a zero value std_rx_buf field in the softc, which means that the adapter has zero mbufs available for receiving: crash> pd alt_softc[0]->std_rx_buf 0 (3) A fix for a DEGPA hardware bug that causes transmission errors on 4G boundaries in physical memory. This can result in NFS hangs and other errors in machines with >4G physical memory. PROBLEM: (63702, PROBLEM) (PATCH ID: OSF445-624) ******** The crontab entry of kind " * * 31 * * " was scheduled on wrong days for the months having only 30 days. Now this problem is fixed. PROBLEM: (94599) (PATCH ID: OSF445-509) ******** A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised when a buffer overflow occurs in the telnetd daemon. Buffer overflows are sometimes exploited in an attempt to subvert the function of a privileged program and possibly execute commands at the elevated privileges if the program file has the setuid privilege. HP has corrected this potential vulnerability. PROBLEM: (92479, BCGM30G4Q) (PATCH ID: OSF445-395) ******** "An "mcs_lock: lock aready owned by cpu" system panic occurs against task-lock for applications that directly call nxm_get_bindings. An example stack trace may be: 4 panic 5 simple_lock_fault 6 mcs_lock_state_violation 7 task_hold 8 thread_ex_check 9 sigexit 10 psig 11 trap 12 _XentMM PROBLEM: (86308, BCSM3169H) (PATCH ID: OSF445-337) ******** This patch fixes a potential problem where system responsiveness may be impacted. In certain situations, this impact may prevent other processes from running for several seconds. This problem can occur during a filesystem synch when there are many filesystems where each contains several hundred thousand files. Note that AdvFS filesystems do not exhibit this problem. PROBLEM: (87205, MGO81177A) (PATCH ID: OSF445-277) ******** This patch fixes a system panic with panic string: "lock_terminate: lock held". This is being caused by the table call which, when accessing an open file table from another task, was not doing the proper locking. An example stack trace is as follows: _panic_string: 0xfffffc00006642a8 = "lock_terminate: lock held" Begin Trace for machine_slot[paniccpu].cpu_panic_thread: > 0 stop_secondary_cpu(do_lwc = 0x0) ... 1 panic(0x3ae55dd2, 0x1f, 0x60000, 0x0, 0x1) ... 2 event_timeout(func = 0xfffffc000028fef0, ... 3 xcpu_puts(0xfffffc000028fef0, 0xfffffc00007672a0, ... 4 printf(0xfffffc0000662d08, 0x3, 0xfffffc00006642a8, ... 5 panic(0x0, 0x1, 0x0, 0x0, 0x0) ... 6 lock_terminate(l = 0xfffffc0291e9e4e0) ... 7 procfs_inactive(vp = 0xfffffc0291e9e400) ... 8 vrele(vp = 0xfffffc0291e9e400) ... 9 vn_close(0xfffffc000026a284, 0xfffffc00de7810c0, ... 10 closef(0x0, 0xfffffffeeffe78f0, 0xfffffc000026971c, ... 11 close(0xfffffc00de7810c0, 0xfffffc02990ecca0, ... 12 syscall(0x11ffff670, 0x1, 0xc38, 0x9603600000003, ... 13 _Xsyscall(0x8, 0x3ff800d5928, 0x140076c30, 0xa, ... End Trace for machine_slot[paniccpu].cpu_panic_thread: PROBLEM: (GB_G01298) (PATCH ID: OSF445-223) ******** This patch corrects a kernel memory fault panic in clntktcp_connect(). PROBLEM: (95440) (PATCH ID: OSF445-643) ******** PROBLEM: audit_tool when printing out execve audit events in brief mode (-B) may append nonsense characters to the output, example: # audit_tool `auditd -dq` -e execve -B AUID:RUID:EUID PID RES/(ERR) EVENT -------------- --- --------- ----- 0:0:0 697 0x0 execve ( /usr/sbin/auditmask M-4M-^?^C ) 0:0:0 697 0x0 execve ( /sbin/ls M-mM-^A ) 0:0:0 697 0x0 execve ( /usr/sbin/auditd ) 0:0:0 697 0x0 execve ( /usr/sbin/audit_tool M-1M-4M-|^C ) 0:0:0 697 0x0 execve ( ./audit_tool ) 0:0:0 697 0x0 execve ( /usr/sbin/auditmask M-4M-^?^C ) PROBLEM: (91884, SSRT1-45U) (PATCH ID: OSF445-372) ******** A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised. This may be in the form of improper file access. Compaq has corrected this potential vulnerability. PROBLEM: (93904) (PATCH ID: OSF445-448) ******** When an application which is linked against libpthread calls dlclose, some libc internal exception handling information is not freed. Although it is a small amount of memory lost on each dlclose operation, applications which repeatedly open and close libraries may notice this problem. This patch corrects the problem. PROBLEM: () (PATCH ID: OSF445-319) ******** This patch fixes the predictable TCP Sequence Number. PROBLEM: (95001) (PATCH ID: OSF445-601) ******** Memory leaks are avoided in bourne shell. PROBLEM: (85854) (PATCH ID: OSF445-439) ******** Bourne shell has a major problem when you use type utility. When you run type utility with file path of more than 69 chars, then sh generates invalid memory reference, and thus causes memory fault. When ever memory fault is generated, it calls the signal hadler fault() routine, and this intern calls growstack() routine. When multiple times called fault(), and growstack drastically increases stack area, and thus this process will not allow other process to make use of swap space. Hence, all applications will shutdown, and system hangs. The problem is so happened that static char array size msgbuf[128] is used to store standard o/p of type utility. When file path is 69 characters, then overall o/p of type utility will become more than 128 chars and thus running out of space. To avoid this problem have allocated memory dynamically of size standard o/p of type utility. Steps to reproduce: ------------------- #mkdir -p caopreprod/apl/dec04/fluent/fluent5.3/alpha/3d_node #touch caopreprod/apl/dec04/fluent/fluent5.3/alpha/3d_node/fluent_smpi.5.3.18 #chmod +x caopreprod/apl/dec04/fluent/fluent5.3/alpha/3d_node/fluent_smpi.5.3.18 # type sh sh is /sbin/sh # sh # type caopreprod/apl/dec04/fluent/fluent5.3/alpha/3d_node/fluent_smpi.5.3.18 > -> swap space below 10 percent freeswap space below 10 percent free Unable to obtain requested swap space Unable to obtain requested swap space no space PROBLEM: (DE_G02408, 90319) (PATCH ID: OSF445-323) ******** This patch fixes a kernel build failure seen during an Update Installation from CD-ROM. The problem affects systems whose default time zone (/etc/zoneinfo/localtime) is not in North or South America. For example, this problem affects a system in Germany running V4.0G with the symbolic link /etc/zoneinfo/localtime pointing to ./Europe/Berlin. After the installupdate command loads the new subsets and the system reboots from the new generic kernel, the custom kernel build fails with this message: Make: Don't know how to make kern/lockinfo.c PROBLEM: (93451) (PATCH ID: OSF445-675) ******** After installing V4.0F Patch Kit 7 (BL18), gettimezone fails to correctly present the time zone choices menu. PROBLEM: (95264, SSRT2412) (PATCH ID: OSF445-648) ******** A potential security vulnerability has been discovered that may result in a denial of service (DoS) on RPC-based HP Tru64 UNIX servers with Enhanced Security (C2) enabled. This potential security vulnerability may be in the form of local and remote security domain risks. SSRT2412 portmapper with Enhanced Security (C2)enabled (Severity - High) PROBLEM: (96183) (PATCH ID: OSF445-692) ******** /usr/bin/csh was picking wrong message catalog entry from the translated message catalog when LANG set to japanese locale. Patch fixes this problem PROBLEM: (96196) (PATCH ID: OSF445-695) ******** This fixes a problem in the Network startup script where we could fail to configure an interface with an IP address. PROBLEM: (96333, SSRT2323) (PATCH ID: OSF445-700) ******** Fix to close a security hole described in SSRT2323. I have included the relevant exerpts below. II. Problem Description A few system calls were identified that contained assumptions that a given argument was always a positive integer, while in fact the argument was handled as a signed integer. As a result, the boundary checking code would fail if the system call were entered with a negative argument. III. Impact The affected system calls could be called with large negative arguments, causing the kernel to return a large portion of kernel memory. Such memory might contain sensitive information, such as PROBLEM: (221-1-931) (PATCH ID: OSF445-651) ******** This patch fixes the problem encountered with the Bourne shell when a filename with trailing slash ("/") is used as an argument to the command. PROBLEM: (95536) (PATCH ID: OSF445-654) ******** This patch corrects a NIS client hang sometimes seen when trying to connect with some third party NIS servers that only support the V2 NIS protocol. PROBLEM: (57336, 90066, BCGM51RKR) (PATCH ID: OSF445-315) ******** This patch fixes two issues: - If multiple processes attempted to access the same file at the same time and access to the file should have been allowed by an ACL on the file, access may have been denied instead. Now access will be allowed as expected. - If the ACL on a file was corrupted the corrupted data was being passed into the kernel causing a variety of problems, including panics in kernel malloc/free after it was called by the ACL code. Now more of the ACL data is being validated. The system will respond to the corrupted data with an "Invalid Argument" error. One example panic: trap: invalid memory write access from kernel mode 3 _XentMM 4 free_common 5 free 6 kfree 7 sp_delete_ir 8 acl_ir_cache_delete 9 LOCK_DONE_SECATTR PROBLEM: (90390, 94386, 96169, 96295, BCGM400N5) (PATCH ID: OSF445-706) ******** This patch fixes four problems in the "ee" driver for DE60x Ethernet adapters: 1. Previous versions of the driver would use a full-size buffer for the range of packet lengths from 64-1518 bytes. This patch allows the driver to copy into a small buffer when appropriate to prevent the driver from consuming excessive amounts of memory. 2. A timing window was identified which could result in the occurance of a transmit timeout. The window was closed to prevent the problem. 3. Flow control is now enabled by default in the driver to reduce the possibility of dropping frames. 4. The default size of the receive ring was increased from 32 to 256 entries to enhance receive performance and mitigate the possibility of dropping frames. PROBLEM: (96593) (PATCH ID: OSF445-717) ******** This patch fixes IO hangs that occur on fibre channel when multiple ports are removed from the fabric simultaneously. Example triggers of this problem include the loss of a non-adjacent switch on a multi-switch SAN or an unexpected powering down of a storage device. PROBLEM: (96800) (PATCH ID: OSF445-729) ******** The patch fixes a memory fault condition in the emx driver that occurs when responding to an inquiry command from a remote port in the fabric. The problem is that a data structure is not being correctly referenced when attempting to gather inquiry information about the HBA.