HP Tru64 UNIX and TruCluster Server Version 5.
© Copyright 2010 Hewlett-Packard Development Company, L.P. Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license. The information contained herein is subject to change without notice.
Table of Contents About This Manual..........................................................................................................11 Audience...............................................................................................................................................11 Organization.........................................................................................................................................11 Related Documentation.........................................
Enhancements to binary.errlog................................................................................................23 Updated Printer Support.................................................................................................................24 ICSNET Pseudo Driver Performance Optimization........................................................................24 sys_Check upgraded to version 145............................................................................................
Changes to find.....................................................................................................................38 Changes to rm.......................................................................................................................38 Changes to uucp...................................................................................................................38 Changes to uudecode..........................................................................................
Additional Steps for IPsec Connections.....................................................................................51 Potential NFS Duplicate Request Cache Scalability Limitation with High Loads and Uncharacteristic File Access Behavior on Clustered NFS Servers.............................................52 Tuning the NFS Server Duplicate Request Cache......................................................................53 Performance of hwmgr Commands on Large System Configurations.................
4 Worldwide Language Support Patches...................................................................175 New Release Notes..............................................................................................................................175 Prior Release Notes.............................................................................................................................175 Localization of Message Catalog...............................................................................
List of Figures A-1 8 Enhanced Distance Cluster Configuration..................................................................................
List of Tables 2-1 5-1 5-2 5-3 5-4 5-5 5-6 5-7 5-8 5-9 5-10 5-11 A-1 Reference Pages Revised in Previous Version 5.1B Patch Kits......................................................58 Superseded CSPs 02298.01 to 02493.00........................................................................................180 Superseded CSPs 01936.01 to 02355.00........................................................................................181 Superseded CSPs 00021.00 to 00283.00..................................
About This Manual This manual contains information specific to Version 5.1B-6 of the Tru64 UNIX® operating system, TruCluster Server software, and Worldwide Language Support products. It briefly describes the patches contained in this kit and provides information you should be aware of when installing or removing this kit. Audience This manual is for those who upgrade their operating system to Tru64 UNIX Version 5.1B-6.
— — — — Tru64 UNIX Installation Guide Tru64 UNIX System Administration TruCluster Server Cluster Installation TruCluster Server Cluster Administration These guides, and most of the documentation related to the Tru64 UNIX operating system, are available online at the following Web Page: http://h30097.www3.hp.
1 Kit Installation and Removal This chapter provides information you need to be aware of before you install or remove this kit. It is organized as follows: • The “Required Storage Space” section lists the approximate storage space requirements for this patch kit when installing the operating system patches alone and in combination with the TruCluster Server and Worldwide Language Support (WLS) patches.
• • • “Installation Release Notes” (page 14) provides information about installing this kit. “Kit Removal Release Notes” (page 18) provides information about removing this kit. “Cluster-Specific Installation and Removal Release Notes” (page 20) provides information specifically for the installation and removal of this kit on a system running the TruCluster Server software. Installation Release Notes The following notes provide important information you need to be aware of before installing the Version 5.
1. Create a backup copy of the /sbin/init.d/snmpd script. For example: # cp /sbin/init.d/snmpd /tmp An alternative to backing up this file, in which you manually modify it, is provided following step 7. 2. 3. Run the Version 5.1B-5 or higher dupatch utility and select Option 5, Patch Baseline Analysis/Adjustment. For detailed instructions, see the Patch Kit Installation Instructions .
Stop sendmail Before Installing Kit It is important that you stop the sendmail mailer daemon before installing this kit. Failing to do so can lead to the loss of queued mails. Lost mails cannot be recovered. To stop the daemon, enter the following command: # /sbin/init.d/sendmail stop Commands Must Be Run on BIND Systems After Kit Installation After installing this kit on a system configured to be BIND server, run the following command: # rcmgr set BIND_SERVERARGS "-c /etc/namedb/named.
Run ipsec Command After Installing Kit If you are running IP Security (ipsec) on your system, run the following command after installing this kit to determine if any unsafe connections exist: # /usr/sbin/sysman ipsec A warning message will alert you to any potential problems. Procedure to Update lprsetup.dat File If you use the /usr/sbin/printconfig application to configure printer queues, run the following command as root to update the /etc/lprsetup.
# /sbin/showfdmn domain_name Id Date Created LogPgs Version Domain Name 447350cd.000eba90 Tue May 23 11:13:33 2006 512 4 domain_name Vol 512-Blks Free % Used Cmode Rblks Wblks Vol Name 1L 71132000 71121632 0% on 256 256 /dev/disk/dsk4c Use the showfile command to determine if an RBMT file has more than one page. To do this, select any mounted fileset from the domain in question, find the mount point for the fileset, and enter the following command. (Note that .tags/M-6 represents volume 1.
These patch kits cannot be removed. However, you can remove any subsequent patch kits. For example, if you installed NHD-7 with Patch Kit 4 and later installed Patch Kit 5, you cannot remove Patch Kit 4, but can remove Patch Kit 5. If you must remove the patch kit, the only solution is to rebuild your system environment by reinstalling the Version 5.1B operating system and then restoring your system to its state before you installed NHD-7 with the unwanted patch kit.
Note: If during the dupatch installation and deletion processes you see a Special Instruction about running this script, you should ignore that instruction unless your system meets the requirement described here. Cluster-Specific Installation and Removal Release Notes This section provides information you need to be aware of if you are installing or removing patch kits from a TruCluster Server environment.
Migrating a Patched Standalone System to a Cluster Installing only the base patches on a non-cluster system omits various patches (including some security patches) because of dependencies on TruCluster Server patches. Such patches are not needed in standalone systems. However, if the standalone system is then clustered using the clu_create command and you attempt to apply the cluster patches, many patches will fail with errors because various prerequisite patches failed.
Enabling the Version Switch After Installation Some patches require you to run the versw -switch command to enable the new functions delivered in those patches. (See the Patch Kit Installation Instructions for information about version switches.) Enter the command as follows after dupatch has completed the installation process: # versw -switch The new functionality will not be available until after you reboot your system.
2 Tru64 UNIX Patches This chapter provides information about the defect fixes included in Version 5.1B-6 for the base operating system. This chapter is organized as follows: • The “New Release Notes” section lists release notes that are specific to the Tru64 UNIX patches in this kit, as well as release notes that are of general interest. • The “Prior Release Notes” section lists release notes listed from the initial Version 5.1B release through Version 5.1B-5.
This kit introduces the following additional enhancements to binary.errlog file: 1. 2. 3. 4. Introduce a set of markers in the binary.errlog file frame work to track the events occurring in the CAM layer and log the most recent log that was attempted on the system. Increase the internal buffer .blbuf through the sysconfigtab variable, if necessary. Notify the user upon disk full state to clear the disk space and restart the binlogd daemon. Provide crash extensions to dump .
Support for the Latest Daylight Saving Time (DST) Changes This kit updates the /etc/zoneinfo time zone data files to incorporate all changes as of (date of change) in time zones around the world, most notably the following: Australia The Australian provinces of Victoria, New South Wales, South Australia, Tasmania, and the Australian Capital Territory decided on harmonising and extending daylight saving arrangements from April 2008. The Western Australia DST was incorporated starting 3 December 2006.
The manuals for the current release, manuals and documentation sets from previous releases of Tru64 UNIX, TruCluster software, ASU, Internet Express, and other products, are also provided online from the following Tru64 UNIX Documentation website: http://h30097.www3.hp.com/docs/ Standards Conformance Tru64 UNIX continues to conform to the UNIX 98 and POSIX standards.
New Sysconfig Tunable to Reduce Contention on AdvFS Frag Files A new sysconfig tunable AdvfsFragGroupDealloc has been introduced to set the frag group deallocation policy for the AdvFS filesystem. Using this tunable, you can enable or disable the frag group deallocation policy. The default is enabled . File operations such as rm and close, which release a single frag, can trigger the frag group deallocation process when a list of free frags is encountered.
O_APPEND Flag has no Effect on Behaviour of pwrite() The pwrite() system call has been modified to conform to UNIX98 standard behavior. O_APPEND flag now will have no effect on the behaviour of pwrite(). The sysconfig tunable pwrite_no_append (in VFS subsystem) has to be set to 1 to enable this behavior. smmsp User and Group Not Required for sendmail The smmsp user, group, and the /usr/var/spool/clientmqueue directory were created as a future requirement for sendmail in the previous patch release v5.1B-4.
2. 3. Install the Version 5.1 B-5 or higher patch kit. Install Internet Express System Authentication LDAP Module (IAELDAMXXX). For example: setld –l IAELDAMXXX where, XXX stands for the IAELDAM version. IBM Tivoli Storage Manager (TSM) client problems fixed The following issues with running the IBM Tivoli Storage Manager (TSM) are fixed in the current version: • • The TSM client performs full backups rather than incremental backups.
ics_tcp_lag_dist Specifies the lag traffic distribution algorithm for a LAG interface. ics_tcp_lag_serv_weights Based on this value, the channel traffic for an ICS channel is distributed over the LAG interface. CAUTION: Do not modify the default value of these attributes unless instructed to do so by support personnel. The following restrictions apply the to the use of these attributes: • Supported only on DEGPA (alt), DEGXA (bcm), and DE60x (ee) network interface cards (NICs).
information about BIND actions to take when installing this kit.) This new version from the Internet Software Consortium represents a major rewrite of nearly all aspects of the underlying BIND architecture.
• HBA_GetFcpTargetMappingV2 • HBA_GetFcpPersistentBinding • HBA_SendScsiInquiry • HBA_ScsiInquiryV2 • HBA_SendReportLUNs • HBA_ScsiReportLunsV2 • HBA_SendReadCapacity • HBA_ScsiReadCapacityV2 For information about each of these APIs, see the Storage Management HBA API (SM-HBA) standard (T11/1695-D) available at the www.t11.org website: http://www.t11.org/ftp/t11/pub/sm/hba/06-382v1.pdf The API information is listed under FC-HBA Function Calls.
New options have been added and some existing options have been improved. Review the revised reference pages included in this kit before using these enhanced tools. mountd Daemon Gets New Port-Selection Option A new option to the mountd daemon lets you specify a port number for mountd to bind to. Currently, when mountd starts it takes an arbitrary port number, which is different every time you boot your system.
Command Option Now Provides Additional EMX Driver Information After installing this kit, issuing the following command for an EMX adapter will return the hardware revision, firmware revision, SAN address, and full duplex flag attributes: # hwmgr -get att New EMX Subsystem Attribute Turns on LLER for Tape I/O This release provides a new attribute, erp_ller, to the EMX subsystem that allows you to turn on Link Level Error Recovery (LLER) for tape I/O.
• • Blind connection reset attacks can be triggered by an attacker sending forged ICMP "Destination Unreachable, host unreachable" packets or ICMP "Destination Unreachable, port unreachable" packets. Blind throughput-reduction attacks can be caused by an attacker sending a forged ICMP type 4 (Source Quench) packet. Path MTU Discovery (RFC 1191) describes a technique for dynamically discovering the MTU (maximum transmission unit) of an arbitrary internet path.
# /usr/sbin/rcmgr -c set ADVFSD "no" • Run the following command to enable the advfsd daemon at boot time on a stand-alone system: # /usr/sbin/rcmgr delete ADVFSD • Run the following command on any cluster member to enable the advfsd daemon at boot time on all members of a cluster: # /usr/sbin/rcmgr -c delete ADVFSD New ftpd Command Option Prevents Login Delays A new option to the File Transfer Protocol server daemon, (ftpd -n ), can prevent login delays and time-outs in an environment where host name
Free space available: 46296K rmvol: Can't remove 2 volume(s) from domain 'test' See the revised rmvol(8) reference page included in this kit for more information and additional examples. New disklabel Command Option Expands Partitions A new option to the disklabel command lets you extend a partition that is currently in use. This option, F, is used with the -e option as follows: # /sbin/disklabel -e -F disk For more information, see the revised disklabel(8) reference page included in this kit.
Changes to chmod The chmod command has been modified to force it to consider the umask when the who(ugoa) argument is not specified. To produce this POSIX compliant-action, set the new STDS_FLAG to ALL: STDS_FLAG=ALL If STDS_FLAG is not set or is set to NULL, chmod does not consider the umask value while changing to the permissions specified. This was the default action before chmod was modified.
If STDS_FLAG is not set or is set to NULL, when uucp, attempts to create a regular file with the same name as an existing directory, the attempt fails and the file attributes are not changed. This was the default action before uucp was modified. Changes to uudecode The uudecode command has been enhanced to recognize symbolic file mode. For example, consider a case in which an editor was used to modify the first line of a source file of an encoded file from this: begin 744 example.
shall set the POLLWRBAND flag in the corresponding revents member when found. When no writes have taken place on any of the priority bands, a call to poll( ) blocks will time out and return failure. The poll( ) system call has been modified so if you need standards-compliant behavior, you can use the new std_unix98 attribute. If std_unix98 is set to a value of either 1 or 2, then the UNIX98_POLLWRBAND bit (defined as a macro in the /usr/sys/include/sys/param.
The following list provides a brief description of these new attributes. For more information about setting the attributes, see the new sys_attrs_nfs(5) reference page delivered in this kit. • nfs_server: — nfs_write_gather and nfs3_write_gather Improves NFS V2 and V3 performance by gathering several write requests, performing a single sync, and sending all of the replies. — nfs_ufs_lbolt and nfs3_ufs_lbolt Enables or disables a delay when NFS V2 and NFS V3 returns writes.
LSM hot-sparing Improved The Logical Storage Manager (LSM) command volwatch has been enhanced to improve LSM hot-sparing, which pro-actively replaces plexes that are based on failing storage devices and recovers their data. Now when hot-sparing is performing a recovery, it will avoid using a plex that it is relocating — unless it has no other choice.
New Attribute Controls Tape Driver Path Control A new cam tape subsystem attribute, enable_preferred_path, lets you control preferred path behavior for a tape driver. Enabling this attribute (1) causes the tape driver to assign different paths to different tape drives. The default (0) disables preferred path behavior. The revised sys_attrs_cam(5) reference page delivered in this kit describes the enable_preferred_path attribute.
A fix to remote job reprinting that this patch kit provides can trigger reprints which, under conditions previously described, do not appear to be needed. Support for the Name Services Switch Added The Name Service Switch (NSS) has been added to Tru64 UNIX as a replacement for the svc.conf database service selection. The NSS provides a more extensible database service selector and supports a dynamic list of databases. Using the NSS allows you to add LDAP as a source for netgroup data.
With some expertise, such an attack can be used to gain root access to the system. Enabling the executable_data tunable changes a potential system compromise into, at worst, a denial-of-service attack. A vulnerable program may still contain a buffer overflow, but an exploit that writes an instruction stream into the buffer and attempts to transfer control to those instructions will fail, because memory protection will prohibit instruction execution from that area of memory.
Enhancements to pmgrd Daemon and collect Utility Patches in this kit provide enhancements to the performance manager metrics server daemon, pmgrd, and the collect utility. Performance Manager Metrics Server Daemon (pmgrd) The following features have been added to pmgrd: • Support for monitoring the disk I/O rates.
New Control Option for /usr/sbin/audit_tool Command This kit provides the following new control option for the /usr/sbin/audit_tool command: # /usr/sbin/audit_tool -. [path] This option causes audit_tool to use [path] for the archive/recovery directory that contains archived audit logs, thereby overriding the directory specified in the audit log, which by default is /var/audit.
Autoloader Firmware Upgrade Changes WWND A firmware upgrade to v1.50 or N14r on the 1x8 Autoloader causes the WWID to change. As a result, the existing device associated with the media changer is no longer accessible. For complete details see the Customer Advisory available at: http://h30097.www3.hp.com/unix/erp/c00753663.html Some Smart Array Errors May Not Be Recoverable When booting your system you may see a message similar to the following: Smart Array at ciss(1) not responding - disabled.
The fact that TCP sessions can be reset by sending suitable RST and SYN packets is a design feature of TCP. According to RFC 793, an RST or SYN attack is only possible when the source IP address and TCP port can be forged (also called spoofed). In that case TCP sessions, including Telnet, SSH, SFTP and HTTP may be disconnected without warning. TCP sessions that have been disconnected can be re-established.
# sysconfig -q inet tcp_syn_win /tmp/tcp_syn_win_merge # sysconfigdb -m -f /tmp/tcp_syn_win_merge inet # sysconfigdb -l inet inet: tcp_syn_win = 2048 Modification to Changer Driver May Affect Some Applications As a side effect of resolving issues with multiple access to the changer, the changer driver now requires a short period of exclusive access to the changer device as part of opening the device.
sendmail Application Size/Length Limits Can Cause Problems When upgrading older releases of sendmail, be aware that the 5.1B version of sendmail has MIME header/content marker size limits and message header length limits. These limits have been added to stop a Denial of Service (DoS) attack on the sendmail server.
# sysman ipsec Once you have started SysMan, you will need to modify the configuration of each IPsec and IKE connection to add the identity of the remote hosts that are allowed to connect. You enter this information on the third dialog box you see during the connection configuration wizard; the dialog box is titled “Manage IPsec: Add/Modify Connection: IKE Proposal.
tcp: calls badxids badverfs timeouts newcreds 0 0 0 0 0 creates connects badconns inputs avails interrupts 0 0 0 0 0 0 udp: calls badxids badverfs timeouts newcreds *retrans* 224518870 959 0 101985 0 0 badcalls timers waits 102013 110894 0 Client nfs: calls * retrans* badcalls nclget 224414222 4248 28 224414282 nclsleep ndestroys ncleans 0 6219 224408063 \ If an overwhelmed duplicate request cache condition occurs, we recommend you perform one or more of the following tasks: • Ensure that there are shor
Performance of hwmgr Commands on Large System Configurations On large system configurations, certain hwmgr commands may take a long time to run and can produce voluminous output. For example: • On a system connected to a large storage area network, the hwmgr -view devices command can take a long time to begin displaying output, because it must first select devices from all of the hardware components in the system and then retrieve, format, and sort the output report.
Loading Firmware from a BOOTP Server The fwupgrade command has been modified to allow the specified firmware update image to be loaded from a BOOTP server in a connected network. This process must use the bootpd daemon. Create a symbolic link from the shipping location of bootpd to the expected location: # ln -s /usr/opt/obsolete/usr/sbin/bootpd /usr/sbin/bootp You must manually create the bootptab file on the server.
Problem Seen on Systems with Smart Array Controller This section describes the steps you should take if your system is configured with a Smart Array controller and you see the following event logged: Host name: unx104 SCSI CAM ERROR PACKET SCSI device class: CISS (Smart Array) Bus Number: 6 Target Number: 4 Lon Number: 0 … ... Event Information: Command timed out...resetting controller If this occurs, take the following steps: 1. Create a file named ciss.
// // // // key
command and Manage CPUs suitlet will not let you put them on line until you use the ccod -l or ccod -p command to either loan or purchase the CPU. The workaround is to use the codconfig [cpu_id_list] command to mark the CPUs as spare, and then use either the hwmgr command or the Manage CPUs suitlet to take them off line (sometimes referred to as offlining them). In the following example, N is the CPU number.
Table 2-1 Reference Pages Revised in Previous Version 5.1B Patch Kits (continued) chmod(1) clu_ping(8) clua_services(4) cluamgr(8) codconfig(8) collect(8) cp(1) csh(1) dd(1) ddr.
The code required to make these changes may be delivered by multiple patches. As a result, you may see the same description listed under more than one patch. Also, because Tru64 UNIX patch kits are cumulative, each new kit contains all of the fixes and enhancements that were provided in earlier kits. This can result in changes to components being made multiple times. For example, a patch may deliver several versions of the same driver. In such cases, the latest version is installed on your system.
• • • • • Enables Tru64 xntpd to support Meinberg clocks. Fixes a potential security problem reported on BIND running on the HP Tru64 UNIX Operating System, where remote attackers could spoof answers returned from zones using some of the DNSKEY algorithms. Fixes the remotely exploitable buffer overflow problem identified in HP Tru64 UNIX NTP (Network Time Protocol)and prevents unexpected termination of an application while requesting for peer information from a remote time server.
• • Corrects problems with RFC1323 TCP timestamps and PAWS implementation. Provides an enhancement to remove drawbacks of using TCP keepalives and make LAN cluster more resilient. Patch 28002.00 OSFADVFS540 • Corrects a time stamp problem in . • Fixes vrestore to restore the file attributes properly. • Fixes an issue with vdump(8), where it gets into an infinite loop after the end of tape is reached. Patch 28003.
• • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • Provides additional Fibre Channel HBA port type definitions in the FC-HBA header file, hbaapi.h. Fixes a problem in printf family of functions when number grouping is requested. Corrects DST starting 3 December 2006 for Western Australia per the Public Domain time zone source kit (tzdata2007a). Fixes a file descriptor leak in pthread library. Update newfs to not set disklabel on newfs failure.
• • Removes the code for smmsp user and group creation. Fixes an issue in strncmp. Patch 28010.00 OSFBIN540 • Fixes a potential system panic from an illegal memory reference due to a race condition in the class scheduling code. • Fixes consumption of processor resources for an extended period creation of a core file for processes with large address spaces, thereby avoiding blocking other threads of execution and leading to a time out panic.
• • • • • • • • • • • • • • • • • • • Corrects fixfdmn to display proper error messages when open()or write() calls to the device fail. Fixes kernel memory fault panic in network stack. Corrects an issue with the TCP congestion control algorithm in Tru64 UNIX. Corrects a problem with the Tru64 NFS server where, under certain conditions, directories may not be visible to clients. Fixes a problem with read of /dev/mem which resulted in netstat hang. Add support in cluster alias to handle socket unlisten.
• • Fixes a problem in handling invalid inputs in the libc inet_network routine. Fixes an issue in strncmp. Patch 28028.00 OSFENVMON540 • Fixes a problem in /sbin/init.d/envmon which prevented the envmon daemon from starting in Japanese locale. • Fixes a problem in /sbin/init.d/smauth and /sbin/init.d/smsd which prevented the smauth and smsd daemons from starting or restarting in Japanese locale. Patch 28034.00 OSFHWBASE540 • Corrects firmware problem with HSZ70.
• • • • • • • • • Fixes a problem with read of /dev/mem which resulted in netstat hang. Prevents monitoring thread issuing IO when disk is in recovery. Provides event markers to track missing binary.errlog events. Fixes mistaken report of user id change in audit data for mach trap. Fixes an issue with usage of GH regions and chunks. Fixes an issue in pointer synchronization for USB hub devices. Fixes potential hang in tape backup applications. Fixes a problem in getsysinfo.
• • Updates volstat utility and kernel to report cluster-wide LSM statistics. Fixes a diskgroup deport problem during multiple plex detaches. Patch 28052.00 OSFLSMBIN540 • Fixes a simple_lock_fault in LSM's dirty region log code which is seen under a low memory condition. • Fixes the clsm checksum error seen with a disappearing vold while volrestore is run. • Adds support into LSM for 2TB LUNs. • Updates volstat utility and kernel to report cluster-wide LSM statistics. Patch 28054.
netstat(1) praliases(1) proplist(4) ps(1) sendmail(8) sftp2(1) sialog(4) signal(2) ssh2(1) ssh-agent2(1) sshd2_config(4) sys_attrs_advfs(5) sys_attrs_cam(5) sys_attrs_generic(5) sys_attrs_inet(5) sys_attrs_vfs(5) sys_attrs_vm(5) useradd(8) vacation(1) vfast(8) vipw(8) w(1) Patch 28062.00 OSFNFS540 • Fixes an issue with NFS rpc.lockd in the lock reclaim path. • Fixes the mountd problem when user supplies wrong port number.
PATCH 28085.00 OSFX11540 • This fix addresses a X-Motif list widget problem while selecting an item from a long list. PATCH 28102.00 OSFCDSABASE540 • Fixes a problem with CDSA configuration where mod_install program can core dump. PATCH 28107.00 OSFLDPAUTH540 • • Fixes ldapcd daemon to service the requests faster after failover from primary Active Directory to Backup Active Directory. Fixes the locale problem in ldapcd daemon script. PATCH 28113.
— — • • • Enables acctcom to read more than one input file. Enables acctcom to work with pipes. Fixes the acctcom command with respect to the display of tty lines. Corrects a problem in which accounting reports show the wrong connection time for the users who remain logged in during the execution of runacct. Enables the acctcon1 command to calculate the connect time for local logins in case of run level changes. Patch 27002.
• Makes the following changes to the vdump, rvdump, and vrestore commands: — Causes vdump and rvdump to report when all hard links siblings cannot be archived through the specified path and causes them to correct the bytes to backup estimate calculation when hard links are archived. — Causes vdump and vrestore to act as expected upon receiving an interrupt (^C). — Fixes vdump and vrestore to pick up correct messages in all locales.
• • • • • • • • • • • • • • • • • • • • • • • • • • • • Allows fixfdmn to repair a rare on-disk structure problem with directories. This condition only shows up on a domains with multiple volume in which property lists are used. Corrects several very rare cases where fixfdmn incorrectly fixes certain AdvFS file domains. Causes the vdump -C option to display compression ratio. Causes vrestore to display error message for end of tape. Identifies non-tape target device during rvdump and rvrestore actions.
• • • • • • • • • • • • • • • • • • • • • • • • • • • 74 Corrects AdvFS quota handling and enforcement to prevent EIO and false out-of-space conditions and account for directory index blocks. Corrects the following problem with read-only and dual mounted file systems: If the system crashes after a read-only dual mount, the next time the system is booted the AdvFS domain panics on the files systems that were previously mounted as read-only dual mount.
• Fixes a problem in which a domain panic may occur in idx_lookup_node_int or bs_frag_dealloc under heavy file system activity, generating one of the following messages: idx_lookup_node_int: bs_refpg failed bs_frag_dealloc: rbf_pinpg (4) failed, return code = -1035 • • • • • • • • • • • • • • • • • • • • • • • • • • • Fixes a part of AdvFS migration code in order to prevent rmvol "Can't remove volume" error. Replaces the system panics caused by "Can't clear bit twice" with a domain panic.
6. 7. • • • Corrects the NFS server's handling of files open for direct I/O. Fixes an internal problem in the kernel's AdvFS, UFS, and NFS file systems where extended attributes with extremely long names (greater than 247 characters) could not be set on files. The new limit is 254 + a null string terminator.
— — • • • • • • • • • • • • • • • • A mismatch between the value reported by the write system call and the number of bytes written. Unavailable and unused storage. Causes the deallocation of preallocated storage that the caller is not using. Improves the flushing of the AdvFS log. Fixes an error that can cause a multivolume domain to report ENO_MORE_BLKS when some volumes still have free storage. Fixes a condition that causes a kernel memory fault.
• • • • • • • • • • • • • • • Fixes a problem in which a read past the last page of the BMT occurs. Fixes the vfast utility error "vfast: cannot get frag list; 14 - Bad address." Fixes a "u_map_delete failed while deallocating map" error. Extends synchronization during directIO writes to include the storage allocation phase. Fixes a kernel memory fault that occurs while reading a file with a data inconsistency.
• • • Fixes a mailsetup failure if the host name is “unix.” Corrects a problem in which crash dumps to Fibre Channel swap devices do not always succeed. Fixes the following problems with the acl_set_file() function: acl_set_file() fails and returns errno = 22 acl_set_file() does not fail if file does not exist • • • • • • • • • • • • • • • • • • • • • • • • • • • Corrects a problem with the arena memory allocator.
• • • • • • • • • • • • • • • • • • • • • • • • • • • 80 Fixes a POSIX standard violation in the strfmon() function by causing preceding and following spaces to be padded to the return value to make an equal length between positive and negative values. Fixes the getnameinfo routine to display an IPv4 address instead of an IPv4 mapped IPv6 address when the BIND mapping does not exist. Fixes issues with "disklabel -e" that occur when extending a disk partition currently in use and open.
• • • • • • • • • • • • • • • • • • • • • • • • • • • • • Adds support in cleanPR for HSG60/HSV100/MSA/HP-XP enclosures. Corrects a panic while creating or extending a large UFS file system. Fixes cron job scheduling for Daylight Savings time events. Corrects a potential security vulnerability where, under certain circumstances, system integrity may be compromised. This may be in the form of improper file or privilege management.
• • • • • • • • • • • • • • • • • • • • • • • • • • • • 82 Corrects a potential security vulnerability in which the Home Directory and login shell attributes for a user account are not suppled to the audit daemon for authentication failures. Fixes a problem in XTI caused by a blocked mutex lock in which a thread attempting to send an abortive disconnect hangs. Installs DECthreads V3.20-029c. Fixes a problem with floating point data inconsistencies in threaded applications.
• • • • • • • • • • • • • • • • • • • • • • • • • Addresses compiler warnings caused by calling a function with too few arguments. Adds informative messages during a rolling upgrade when a problem is encountered with the merging of the .login file. Corrects vmstat to display correct free page counts a on NUMA systems. Adds a -M command option to newfs to allow permissions of an MFS root directory to be specified when it is first created. Adds EVM notification support for UFS file systems.
• • • • Eliminates compiler warnings in ln. Eliminates compiler warnings in ksh. Enhances the cron command to perform extensive logging. Fixes following problems in sh: — A service denial problem that occurs when a quoted here doc script is executed. — A problem with handling ELF files. — A condition in which the shell variable $- does not hold the -C set option when it is turned on.
• • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • Fixes a situation in which awk does not process input files specified in the BEGIN section. Corrects a problem with the cdvd command that causes two minor problems with its output. Fixes a problem that occurs when linking kernel object files from an archive library. The problem was the linker always adds four __exc_* symbol references to the final linked image.
• • • • • • • • • • • • • • • • • • • • • • • • • • • • • • 86 Corrects a condition in which a user would receive a protocol-handshake error when a high priority binlog event is reported via an email message. (The problem is caused by EVM's use of DECevent to translate the binlog event, which requires the HOME environment variable to be set.) Corrects the behavior of munlockall in the realtime library (librt).
• • • • • • • • • • • • • • • • • • • • • • • • • • • • • • Adds a -R switch to MFS to allocate memory on one RAD. The default MFS behavior is to stripe memory across all RADs that have memory; the -R switch may improve MFS performance in many cases. Fixes a problem that prevents access to AutoFS file systems if ACLs are enabled. Makes the cchwtest tool for Common Criteria security evaluation.
• • • • • • • • • • • • • • • • • • • • • • • • • • • • • 88 Corrects a problem in which the pop3d command dumps core when SSO (single sign-on) is configured. Corrects a problem in which long-running programs using Enhanced Security interfaces (such as getespwnam) directly grow in memory use over time. Provides an RFC3542 compliant implementation of IPv6 Advanced API. Fixes a ksh core dump problem that occurs when too many files are opened; for example, when executing too many scripts simultaneously.
• • • • • • • • • • • • • • • • • • • • • • • • • • • • • • Provides an enhanced version of the rm command that fixes a problem with VMS NFS mounts in which many files are not deleted because of shuffling effects in the file system. Fixes a timestamp problem with binlogd Fixes an issue with setld/pax. Fixes a memory fault or segmentation fault problem that occurs when a root user tries to change a NIS user's password on the NIS master that is using BASE security.
• • Fixes an awk() argument buffer limitation that can cause patch installations to fail if a large number of subsets (in excess of 500) are loaded on the system. Fixes sh to handle a large number of open files. Patch 27010.00 OSFBIN540 • • • • • • • • • • • • • • • • • • • • • • • • • • • • 90 Provides support for identifying references to half-open pipes via the fuser utility. Improves performance for some multithreaded applications running on AlphaServer GS320 and GS1280 class systems.
• • • • • • Fixes the handling of NFS requests that have an erroneous file handle length field. Corrects the output of wired pages and gh regions found in the -P option of the vmstat command when run on a NUMA system. Improves the performance and chances of success of the Tru64 kernel malloc routine, especially when used by drivers which use the M_NOWAIT option. Fixes an invalid kernel memory fault panic in the code responsible for the generation of random numbers.
• • • Fixes a problem that causes some TCP connections to reset when sending large amounts of data (more than 2GB) to a very efficient receiving host. Corrects the incompatibility of the waitpid() system call with revised UNIX98 standards.
• • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • Fixes a situation in which mmap memory locked with mlockall() using the MCL_FUTURE flag does not become wired automatically. Fixes a problem in which fuser is unable to report on all referenced resources when attempting to identify reasons for unmount failures. Improves the process exit procedure for processes that have had the nice command used on them.
• • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • 94 Fixes a problem in which a Tru64 UNIX NFS client panics when it receives a null entry as a response to a readdirplus request from an NFS server. Fixes a problem in which a Tru64 UNIX NFS server panics as a result of receiving illegal file access mode from an NFS client. Corrects a rounding error for the vm attribute vm_bigpg_thresh. Corrects the handling of bad pages when big pages are enabled.
• • • • • • • • • • • • the setuid privilege. This patch allows a system administrator to enable memory management protections that limit potential buffer overflow vulnerabilities. Prevents a kernel memory fault panic that occurs when the audit daemon is set to periodically dump the kernel audit buffers to the audit log file (auditd -d freq). Corrects conditions that cause "blkfree: freeing free block" and "blkfree: freeing free frag" panics.
• • • • • • • • • • • • • • • • • • • • • • • • • • • 96 Resolves kernel memory faults in the TCP/IP subsystem. Fixes a problem where threads can hang mallocing memory. Increases the default values for udp_ttl and tcp_ttl to 128 hops. Fixes a condition that causes the "rdg: unwiring" panic. Increases the default limit of DLI packets to 16 KB and makes the limit tunable. This corrects a problem in which attempts to send packets larger than 5000 bytes (jumbo packets) can fail.
• • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • Allows tasks with just one SCS thread to be migrated in the same manner as single threaded processes in NUMA environments. Addresses a problem in IPv6 subsystem that causes a system to panic. Adds support for AlphaServer ES47/ES80/GS1280 platforms to allow the use of processors having different speeds in the same chassis.
• • • • • • • • • • • • • • • • • • • • • • • • • • • • 98 Enables suitable monitoring of individual NetRAIN interfaces Provides a tunable attribute that gives system administrators the ability to adjust the weight that the kernel places on the NUMA locality for forks on AlphaServer GS80, GS160, GS320, and GS1280 systems. Sets a software limit to prevent serious performance problems that can occur when TCP connections that have an rate-limit enforced by a downstream network device overrun the device.
• • • • • • • • • • • • • • • • • • • • • • • • • • • • • • Fixes two potential problems in the NFS V3 client in which unstable writes can remain uncommitted when they should have been committed to stable storage. Removes erroneous "No B-cache detected" messages from certain configurations. Prevents a potential panic that generates the message “memory_test=partial” or “memory_test=none.” Allows the stat system call to correctly report the st_blocks on a CD-ROM file.
• • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • 100 Corrects a problem in which the cp -p command will not copy DMAPI-managed region information. Addresses an issue in which the default value for kernel flag mobileipv6_enabled is 1 Corrects the cause of a panic on a cluster system when renaming a root specified by the chroot command.
• • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • Fixes a problem in which questionable behavior by non-TRU64 NFS clients results in NFS over TCP server threads hanging. Fixes a problem related to the deletion of binding cache entries in mobile IPv6, which affects multi-RAD systems like the AlphaServer GS1280. Addresses issues that may be seen as panics or hangs having to do with the UBC. Introduces the vm_overflow tunable. Provides enhancements for NetRAIN operations.
• • • • • • • • • • • • • • • • • • • • • • • • • 102 Resolves a potential system hang in the kernel virtual memory subsystem when running the ClearCase V5.0 Multiversion File System (MVFS). Fixes a problem that prevents 6to4 and autotunnels from being disabled properly when the corresponding IPv4 address is deleted. Fix to send maximum sized packets on FDDI networks when pmtu_enabled=0. Makes Tru64 UNIX V5.1B compatible with V5.
• • • • • • • Prevents a race condition in the code dealing with kernel address space data structures. Improves NFS to help prevent an NFS client from creating more than one TCP connection for a mount point and to prevent a system panic if the problem occurs. Fixes a lockmode 4 only panic due to a lock ordering problem. Resolves a problem that could result in freeing active memory buffers. Prevents the growth of a stack object when code invokes an mmap system call.
• • • • • • • • • • • • • • • • • • • • • • • • • • • • • 104 tape driver can now assign different paths to different tape drives to improve tape I/O performance. Fixes problems that happen when volume expansion (mount -u -o extend) races with other code. Corrects a C++ compilation error when including conf.h. Makes the poll() function compliant with revised UNIX98 standards. Revises the btcreate utility to overcome the 32MB firmware limitation on SAS kernel size.
• • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • Prevents problems in the USB subsystem that include memory leaks, data inconsistencies, and USB device configuration problems. Fixes problems in the USB driver layer that include potentially minor performance degradations if using USB devices and occasional USB device failures. Corrects a problem in which a temporary file is left behind during the creation of bootable tape with the UFS file system.
• • • • • • • • • • • • • • • • • • • • • • • • • • • 106 Adds the ability to join more than 20 IP multicast groups on a given socket. Changes the implementation of the NFS server's duplicate request cache from a statically allocated monolithic entity to a dynamically allocated entity. Fixes a problem in which some IP fragments of NFS over UDP read replies may be sent to the wrong MAC address. Improves the performance of systems that perform heavy file I/O.
Patch 27012.00 OSFC2SEC540 • • • • • • • • • • Fixes problems with prpasswdd and rpc.yppasswdd that can cause these daemons to consume high CPU time when run in a TruCluster Server environment. Allows root to log in on the console when Enhanced Security is enabled and u_numunsuclog exceeds u_maxtries. Modifies the prpasswdd and rpc.yppasswdd daemons to properly handle /var/tcb/files on a file system from different from /var.
An attempt to start a new process on host "hostname" failed • Corrects a problem in which the application builder core dumps when trying to generate code for menu items with the set-label action type. Patch 27015.00 OSFCDEDT540 • • • • • • • • • • • • • Corrects several potential security vulnerabilities where, under certain circumstances, system integrity may be compromised. These may be in the form of improper file access. Fixes the message catalog for the CDE application dtprintinfo.
• Corrects a problem that can occur when the screen saver tries to activate on a system that has reached the maximum number of processes allowed per user and the following message is displayed: An attempt to start a new process on host "hostname" failed • Corrects a potential security vulnerability in CDE code that may result in unauthorized privileged access. This may be in the form of local and remote security domain risks.
• • • Fixes a problem in the /etc/.mrg..protocols merge script that causes incorrect permissions on the /etc/protocols file. Corrects the netstat and ifconfig commands so that when a MAC address is printed, it uses 2 digit hex octets with leading zeros. Corrects a potential security vulnerability that may result in a Denial of Service (DoS). This potential vulnerability may be in the form of local and remote security domain risks.
• • • • • • • • • • • • • • • • • • • • • • • • • • • • • • Corrects a potential security vulnerability where, under certain circumstances, system integrity may be compromised. This may be in the form of mrouted daemon incorrectly creating and accessing temporary files. Adds a required call to yp_unbind() after getnameinfo() in order to close all ports when using telnet on some machines. Provides comment handling capability in the route initialization script for parsing /etc/routes file.
• Corrects a potential locally exploitable integer overflow vulnerability in the Network Time Protocol. This potential vulnerability could lead to clients receiving an incorrect date/time offset, resulting in an incorrect date/time on the client. SRT4718 - NTP (Severity - High) • • • • • • Modifies the ip6_setup script to limit some Mobile IPv6 questions to LAN interfaces only. Corrects a problem in which ftpd core dumps when a 1000 or more directories are present.
• • • • • • • • • • • • • • • • • • • • • • • • Fixes an extended regular expression problem where the interval expression {m,n} is handled incorrectly. Fixes a problem from pre-Version 5.0 releases in the way the libc mktime() function handles potentially ambiguous tm struct times that fall within a backward clock shift and that have an initially negative tm_isdst value. Fixes various problems in the libc functions getdate(), strptime(), callrpc(), strncasecmp() and fork().
• • • • • • • • Corrects a problem in which a DNS resolver routines never time out if interrupted by signals. Provides an RFC3542 compliant implementation of IPv6 Advanced API. Fixes a nonconcurrency issue for multithreaded applications calling popen() and certain "FILE *" routines such as fread(). Fixes a deadlock condition in multithreaded applications that call fork() and other libc callback routines such as exit handlers, __fini_* routines.
• • • Corrects a performance problem on systems with many sensors by reducing the polling frequency. Prevents a long boot pause on AlphaServer GS1280 systems with large disk and sensor counts. Fixes issues with envmond with respect to log messages and the execution of shutdown scripts. Patch 27030.00 OSFEXAMPLES540 • Eliminates the use of a /tmp file in a SysMan CLI example. Patch 27031.00 OSFEXER540 • • Corrects the memory exerciser user.syslog message from "Started" to "Stopped".
• • • • • • • • • • • • • • • • • • • • • • • • • • • • • • 116 Modifies netstat and ifconfig so that when a MAC address is printed, it is printed using 2-digit hex octets with leading zeros. Fixes a problem in which Smart Array 5300 logical volumes are counted as RAID controllers. Adds dumprmt.msg for remote dump/restore messages. This new message catalog file is used in both rdump and rrestore programs. Corrects a potential system crash when shutting down after using a DAPBA or DAPCA ATM adapter.
• • • • • • • • • • • • • • • • • • • • • • • • Fixes an I/O hang condition on Fibre Channel. Corrects a problem in which Tru64 UNIX sees an HP-XP RAID array controller as a disk after an HP-XP storage device is added to the system. Updates the Radeon graphics driver to not reject multi-headed configurations. Fixes a memory fault condition in the emx driver that occurs when responding to an inquiry command from a remote port in the fabric.
Patch 27035.00 OSFHWBIN540 • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • 118 Prevents the state machine performing Bad Block Replacement on a disk for which BBR is disabled. Fixes a rare panic during boot on GS1280/ES80/ES47. Fixes a "lock_fault" panic that can happen during system startup and shutdown. Corrects the handling of certain disk “not ready” conditions to prevent long I/O stall times. Provides performance enhancements based on the vm_overflow feature added in V5.1B-3.
• • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • Fixes a problem with KZPAC (SWXCR controller) that occurs when an open() issued on a deleted unit succeeds and a read I/O request results in a system crash. Allows systems with multiple paths to a large number of devices to boot faster. Changes the way the aha_chim OSM driver handles timeouts. Previously, timeouts were handled by registering a timer in the kernel callout queue for each I/O that timed out.
• • • • • • • • • • • • • Enables SmartArray 5300 controller hardware events to be logged to the binary.errlog during boot time. This is useful in diagnosing logical volume state change and physical drive hotswaps that can occur while the system in not booted. Fixes a simple lock panic in the floppy diskette driver. Prevents the memory troller from starting on titan and tsunami platforms with aluminum ev68 CPUs.
• • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • Fixes a condition that causes a system hang when using open3D over the AGP bus on an AlphaServer GS1280. Fixes a problem that can cause an ES45 to hang if the Xserver is restarted or the system is rebooted without a power cycle when using the Radeon AGP graphics device. Fixes a problem with USB hubs (or any other bus device) that occurs when they are removed from a running system.
• • • • • • • • • • • • • • • • • • • • • • • • • • • 122 Prevents an IDE bus hang caused when issuing a play audio track command from scu to an ATAPI CD-ROM containing an enhanced CD. Installs Version 1.08 of the ciss driver. Fixes a problem with non-U.S. USB keyboards used in non-U.S. locales in which the keyboards are treated as U.S. keyboards by the operating system. Fixes various problems in the bcm driver for DEGXA Gigabit Ethernet that can cause crashes.
• • • • • • • • • • • • • • • • • • • • • • • • • Corrects problems in which tape devices become unavailable, do not respond, report unrecoverable errors, or cause a kernel memory fault. Corrects problems in the aha_chim driver that could result in bus hangs, panics and inappropriate access of freed memory during high rate of bus resets. Modifies the changer device driver so that it reports the manufacturer ID attribute as could be seen with the hwmgr -view devices command.
• • • • • • • • • • • • • • • • • • • • • • • • • • • • • • 124 Fixes a problem with the USB keyboard driver that affects keyboard operation when the X server is not running. Specifically, the autorepeat function it may appear jumpy, or keys may appear to press themselves after they are released. Fixes a problem relating to gh_chunks allocation on some configurations. Fixes various problems in the bcm driver for DEGXA Gigabit Ethernet adapters.
• • • • • • • • • • • • • • • • • • • • • • • • • • • • Corrects a problem that causes a system panic while running applications that open a RAID device and the faulting routine is control_port_open. Fixes an I/O hang condition on Fibre Channel. Fixes a rare case in which the target of a ladebug-invoked routine (via the call func command) aborts with a segmentation fault while derefencing the gp register. Corrects a problem in which an unconfigured PCI devices can cause a panic during boot.
• • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • 126 Improves error handling and I/O timing. Fixes hangs that can occur prior to disk spinups. Improves system recovery when media errors occur. Eliminates a condition that causes a panic to occur when removing sensors on a ES47 system. Fixes a problem with HSG80 controllers due to bad count for persistent reservation keys. Improves the performance of systems that perform heavy file I/O.
• • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • Corrects a problem in which AlphaServer GS1280/ES80/ES47 systems may report false over-temperature conditions if the temperature drops to (or below) 9 degrees Celsius (48 F). Allows hwmgr -redirect to work with lockmode 4. Fixes invalid queue entries and system panics following Retries Exhausted. Fixes a persistent reduction in SCSI queue depth after a queue full occurs. Fixes a race condition in xpt_async_event_thread.
• • • • • • • • • • • • • • • • • • • • • • • • Fixes a kernel memory fault that can occur during boot on some large AlphaServer GS1280 systems. Enhances CAM disk driver resiliency. Fixes a potential I/O hang with the KZPCC backplane RAID adapter. Fixes a rare occurrence where on a shared parallel SCSI bus disks may become inaccessible to hosts under certain fault conditions. Fixes the panic "no locks owned by cpu" caused by the bcm driver (DEGXA) when the device is shut down.
• • • Fixes and improves the mcutil program by correcting how bus resets are handled by the program and by enhancing its error reporting capabilities. Corrects an issue in which multiple access to changer devices (for example, via Legato/Networker) could lead to a kernel memory fault in the changer driver. Fixes problems with DS15 environmental monitoring. Patch 27038.00 OSFINCLUDE540 • • • • • • • • • • • • • Corrects a problem introduced in Tru64 UNIX V5.
• • Corrects a problem in which the /usr/bin/mailauth -ini command does not create a usable database. Corrects a potential security vulnerability in BIND 8 code that could result in a local or remotely exploited Denial of Service (DoS). SSRT3653 - BIND v8 — Severity - High • • • • Adds support for IEEE 802.1Q (VLAN). Makes start-up scripts in /sbin/init.d world readable.
• • • • Fixes a premature termination of the ofile kdbx extension and warning messages in various kdbx extensions. Fixes problems in the kdbx u and vnode extensions. Provides enhanced kdbx debugging features to include a -A flag for route and to keep inpcb from truncating port numbers. Updates Mobile IPv6 code to be compliant with the latest RFC. Patch 27046.00 OSFLAT540 • Makes start-up scripts in /sbin/init.d world readable. Patch 27047.
• • • • • • • • • • • the setuid privilege. This patch allows a system administrator to enable memory management protections that limit potential buffer overflow vulnerabilities. Installs version V2.1-120 of /usr/lib/libots3.a and /usr/shlib/libots3.so to fix a problem where long running OpenMP applications might overflow an internal libots3 counter, resulting in a breakdown of thread synchronization. Installs DECthreads V3.
• • • • • • • • • • • • • • • • • • • • • • Corrects a problem in which volmigrate returns a shell error when attempting to migrate an AdvFS domain with multiple filesets. These domains can now be migrated as long as all the filesets are mounted. Prevents inconsistent LSM volumes when the name of a partition that is being encapsulated matches the name of a current LSM volume. Corrects a problem in which smsd triggers LSM configuration errors when querying LSM in a cluster.
• • • • • • • • • • • • • • • • • • • Causes LSM tol issue an error if a nonroot user tries to run the volencap command. Decreases CLSM boot times in large cluster configurations. Fixes problems in vol_new_disk ioctl when errors are encountered when loading a disk in the kernel. Fixes a problem with the disk group loglen getting set to 0 when adding a disk to a non-rootdg disk group. Fixes an LSM problem in which device failures may not be handled properly in a cluster.
• • • • • • • • • • • • • • Fixes a klog inconsistency during node boot in which it is possible that no nodes in the cluster respond to a klog sync request and the booting node simply clears the disk group klog. Decreases CLSM boot times in large cluster configurations. Fixes problems in the vol_new_disk ioctl when errors are encountered when loading a disk in the kernel. Fixes the cause of a panic in LSM voldrl_commit_delete that occurs during a transaction abort.
Patch 27055.00 OSFMANOS540 • • • • • • • • • • • • • • • • • • • • • • • • • • 136 Updates the following reference pages: uucp(1), gethostbyaddr(3), getnameinfo(3), sys_attrs_io(5), kdbx(8), named(8), and volwatch(1) . Updates the following reference pages: awk(1), chmod(1), cp(1), ex(1), find(1), rm(1), uuencode(1), vi(1), and which(1). Provides the dig(1) and host(1) reference pages to support BIND 9.
• • • • • • • • • • • • • • • • • • • • • • • • • • • • • Revises the sys_attrs_lsm(5) reference page to document scalability and performance with LSM spin locks. Revises the fuser(8) reference page Revises the binlogd(8) reference page to document information about adding a CDSL (Context Dependent Symbolic Link) to the binlog archive directory. Revises the voliod(8) reference page to document a change to the voliod -f set 0 command.
circumstances, a remote attacker could force an error so that a portion of a plain-text message can be intercepted by the attacker. Corrects the following vulnerability: SSRT5957 - IPsec (Severity - High) • • • • • • • • • • Fixes a problem in which a stack trace occurs during quicksetup if the host name and any NFS parameters are changed. Modifies the netconfig application to prevent breaking automation while using the SysMan command-line interface.
• • • • • • Fixes the behavior of the rpc.rquotad daemon in a cluster. Addresses a mountd problem in which spurious signals can cause mountd to dump core and a second problem that causes .INCLUDE parsing to function incorrectly. Enables AutoFS mount-on paths to have the correct maximum length when AutoFs files are mapped directly. Fixes an rpc.
— — — — — — • • • • • • • • • • • • LaserJet 4200 LaserJet 4250 LaserJet 4300 LaserJet 4350 LaserJet 9040 LaserJet 9050 Fixes a problem with lpstat -o in handling hyphens in printer names. If there is a hyphen in printer name, lpstat -o was interpreting it as a job-id instead of printer name. Corrects a problem that exists with print jobs submitted on clusters that occurs when an “on”attribute in /etc/printcap is specified for one node and a job is submitted on another node.
Patch 27073.00 OSFSDE540 • • • • • • • • • • Fixes various problems in the dbx and object file tools: dbx, ostrip, strip, mcs, dis, cord, file, and stdump. Fixes the way the spike code optimization tool handles -arch and -tune options. Using these options with previous versions of spike resulted in unproductive error messages and/or system crashes.
• • • • • • • • • • • Corrects a potential security vulnerability that could result in non-privileged users gaining unauthorized privileged access on the system. Provides the ability for the collect utility to salvage data files with missing termination records. Provides the collect utility with the ability to report local and remote I/O access statistics for cluster storage devices in a TruCluster Server environment.
Patch 27079.00 OSFSYSMAN540 • • • • • • • • • • • • • • • • • • • • • • • • • • • Fixes a smsd core dump problem in a cluster. Fixes repeated AdvFS domain panics triggered by smsd. Fixes a problem in dxaccounts, where the Modify option dumps core when more than one NIS user is selected on the NIS client. Corrects a problem in the SysMan advfsmgr utility, where the size of a very large fileset is shown as zero. Fixes a problem where sysman -station does not work in the French locale.
• • • • • • • • • • • • • • • • • • • • • • • • • • • 144 Corrects a problem in some cluster configurations that causes the SysMan Station to fail to generate the hardware view and a Java stack trace is generated indicating that the routine "HardwareLayout.fancyPlace" was being executed at the time of the trace. Provides enhancements for file system suitlets.
• • • • • • • • • • • Eliminates two warning messages from the SysMan Security Configuration tool. One appears when changing the root password on systems with ASU installed and the other appears when a user tries to trim auth logs before they are created. Corrects a problem in which running the usermod command with certain options, such as -x distributed grace_limit, results in a “Cross-device link” error when the var and yp directories belong to two different filesets, on a NIS master.
• • • • • • • • • • • Addresses a problem with the usermod command when it is used to move a user's home directory to a subdirectory of the old home directory, causing the deletion of the old home directory (and thereby, the newly created home directory). Addresses a problem with the userdel command when it is used to delete an NIS local plus or minus user. Fixes a problem of not being able to change the user login name in SysMan account management application.
• program and possibly execute commands at the elevated privileges if the program file has the setuid privilege. Provides protection against a class of potential security vulnerabilities called buffer overflows. Buffer overflows are sometimes exploited in an attempt to subvert the function of a privileged program and possibly execute commands at the elevated privileges if the program file has the setuid privilege.
• • • • • • • • • • • Corrects a potential security vulnerability where, under certain circumstances, system integrity may be compromised when a buffer overflow occurs in the dxsysinfo utility. Buffer overflows are sometimes exploited in an attempt to subvert the function of a privileged program and possibly execute commands at the elevated privileges if the program file has the setuid privilege. Corrects the way the dxkerneltuner application handles memory.
Patch 27095.00 OSFXMIT540 • • • Corrects a potential security vulnerability where, under certain circumstances, system integrity may be compromised. This may be in the form of improper file access. Fixes various problems with the X font server and with the X server's interaction with X font servers. Corrects a potential file permissions vulnerability and a potential buffer overflow in the X Window System. The potential vulnerabilities are locally exploitable, resulting in unauthorized privileged access.
• • • • • • Modifies dxaccounts to allow it to change the local user password in Enhanced Security environment. Corrects a problem in which the locking and unlocking of multiple selected users did not happen under C2 security. Fixes the cause of a core dump that occurs during copy/paste operations of Local/NIS template. Corrects a problem in which the dxaccounts application incorrectly creates a default expiration date of Feb 1, 1995 for new user accounts.
Patch 27110.00 OSFOPENGL540 • • Fixes a problem in which the OpenGL glTexCoordPointerEXT() command can cause a segmentation fault. Restores two extensions missing from OpenGL library to the list of GL extensions it supports for indirect rendering. Patch 27113.00 OSFSSHBASE540 • • • • • • • • • • • • • • • Corrects a potential issue with scp2 and sftp2. Fixes the cause of memory leaks in sshd. Provides protection against a class of potential security vulnerabilities called buffer overflows.
Patch 27115.00 OSFSSOW2K540 • • • 152 Fixes memory leaks in the libgssldap library used by ldapcd. The leaks caused intermittent SSO SIA authentication failures. Corrects an "address already in use" problem with klogin and kshell. Fixes a problem that occurs when running a GSSAPI application, where instead of returning error-specific strings, generic error-strings are returned.
3 TruCluster Server Patches This chapter provides information about the defect fixes included in Version 5.1B-6 for the TruCluster Server software. This release contains only defect fixes. There are no new features or enhancements added in this release of TruCluster Server software. It is organized as follows: • “New Release Notes” lists release notes that are specific to the TruCluster Server software patches in this kit and TruCluster Server issues in general.
Noncritical Errors During a rolling upgrade to install this patch kit , you may encounter the following noncritical situations: • The tagged file for ifaccess.conf (.Old..ifaccess.conf) may disappear. This error will not cause any problems with the rolling upgrade procedure or the installation of the kit. A message would alert you to this condition if you use the clu_upgrade undo command. Running the clu_upgrade -v check setup at the start of the procedure will fix this error.
for i in /usr/.smdb./$(OSF|TCR|IOS|OSH)*.sts do grep -q "_INSTALLED" $i 2>/dev/null && /usr/lbin/fverify -y <"${i%.sts}.inv" done 3. Rerun installupdate, dupatch, or nhd_install, whichever is appropriate, and complete the rolling upgrade. For information about rolling upgrades, see the Patch Kit Installation Instructions and the installupdate(8) and clu_upgrade(8) reference pages.
1. On a member that is up, enter the following command to restart AutoFS. (The member where AutoFS is to run, target_member, must be up and running in multi-user mode.) # /usr/sbin/caa_startautofs -c target_member 2. Continue with the rolling upgrade procedure. Messages Displayed During Rolling Upgrade Can Be Ignored You can ignore the following messages if you see them displayed during a rolling upgrade: • kill:1048674: no such process This message may be displayed after the roll stage.
Please fix the previously reported problems, and then rerun the 'clu_create' command. If you see these messages, enter the following command: # ls -tlr /usr/.smdb./*PAT*.sts If this command returns a file with 000000 in its name, you will have to run the clu_create command with the -f option to force the creation of your cluster. The problem is caused by the cluster software misinterpreting the existence of some patches and will be corrected in a future patch kit.
• If PRPASSWDD_ARGS did not exist before this upgrade (that is, if rcmgr get PRPASSWDD_ARGS at this point shows only -disable), then delete PRPASSWDD_ARGS: # rcmgr -c delete PRPASSWDD_ARGS • If PRPASSWDD_ARGS existed before this upgrade, then reset PRPASSWDD_ARGS to the original string: # rcmgr -c set PRPASSWDD_ARGS \ "`rcmgr get PRPASSWDD_ARGS | sed 's/ -disable//'`" 5. Check that PRPASSWDD_ARGS is now set to what you expect: # rcmgr get PRPASSWDD_ARGS 6.
8. Stop the prpasswdd daemon on every node in the cluster: # /sbin/init.d/prpasswd stop 9. Force a checkpoint of db_checkpoint, using the db_checkpoint command with the -1 (number 1) option : # /usr/tcb/bin/db_checkpoint -1 -h /var/tcb/files Continue with the instructions even if this command fails. 10. Delete the files in the dblogs directory: # rm -f /var/tcb/files/dblogs/* 11.
If this occurs, we recommend that you immediately do the following: 1. Use the following command to unmount the filesystem: # cfsmgr -u -p [mountpoint] 2. If other mounted filesets exist in the same domain, unmount them (they should also be in the "Not Served" state): # cfsmgr -u -d [domain] For steps on checking an AdvFS domain, see the AdvFS Administration Guide, Section 6.3.1, steps 3-7. 3. Run diagnostics on the domain prior to remounting its file systems.
1. 2. Insert the Tru64 UNIX Associated Products Disk 2 into the CD-ROM drive of an active member. Mount the CD-ROM to /mnt. For example: # mount -r /dev/disk/cdrom0c /mnt 3. Mount the boot disk of the AlphaServer ES47 or AlphaServer GS1280 on its specific mount point; for example: # mount root5_domain#root /cluster/members/member5/boot_partition 4. Extract the original clu_genvmunix from the CD-ROM and copy it to the boot disk of the AlphaServer ES47 or AlphaServer GS1280 member.
Configuring Data Protector for Oracle Integration When Configuring Data Protector for Oracle integration, libobk.so should be linked with /usr/omni/lib/libob2oracle8_64bit.so. The Data Protector UNIX Integration Guide incorrectly states that it should be linked with /usr/ omni/lib/libob2oracle8_64.so. Set ipport_userreserved Attribute on Large Systems Larger systems can encounter portmapper problems in a local area network (LAN) cluster if the value of the ipport_userreserved attribute has not been tuned.
• • • • • • • • • • • • • • • • • • Fixes an infinite loop under certain circumstances in cms_do_mount_rpc(). Added option to unset all flags for a service in /etc/clua_services. Corrects a reference count issue in the KGS subsystem. Fixes node panic with ics_unable_to_make_progress: netisrs stalled, though netisr thread was not actually stalled. Provides a fix for a domain panic caused by hung IOs on a busy or faulty disk drive.
• • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • 164 Corrects a problem in which the simultaneous booting of multiple nodes results in a panic due to an unknown node in a remote member node list. Corrects a problem in a Memory Channel cluster in which a panic occurs in a booted member when a booting member goes down because of panic/halt/shutdown. Fixes a problem in which a thread enters dio code while an extent map is being refreshed.
• • • • • • • • • • • • • • • • • • • • • • Fixes incorrect CFS token structure warnings. Prevents file inconsistency due to a race between lookup and remove. Provides a new cluster-specific link aggregation distribution algorithm when using LAG in a LAN cluster. Fixes a simple lock timeout panic issue in kch and a possible hang at boot time Prevents an AIO DirectIO to return invalid data while reading a fragged file.
• • • • • • • • • • • • • • • • • • • • • • • • • • 166 Fixes a Distributed Lock Manager panic when calling the dlm_get_lkinfo() routine passing an lkid of a lock block that has already been declared dead by the deadlock detection thread. Corrects a problem to allow the use of 255 in the LAN Interconnect IP address. Fixes a CFS client panic during a file system read operation where the server goes down.
• • • • • • • • • • • • • • • • • • • • • • • • • • • • • Fixes a problem in which aliasd creates multiple similar virtual subnet static routes in the gated.conf.memberX, thereby causing gated to fail to load. Fixes issues associated with the initialization of the Memory Channel driver. Provides a function to query the status of aliasd. Fixes an IPv6 bind problem in a cluster environment. Fixes multiple disable or enable problems with cluamgr. Fixes a tok_wait hang problem on Sierra Clusters.
• • • • • • • • • • • • • • • • • • • • • • • • • • • • 168 Fixes a problem in the cluster kernel in which a cluster member panics while doing remote I/O over the interconnect. Fixes a hang that occurs when multiple nodes are shutting down simultaneously; fixes a Cluster File System panic that occurs when using raw Asynchronous I/O; and provides additional code to assist in problem diagnosis.
• • • • • • • • • • • • • • • • • • • • • • • • • • Fixes a panic that may occur during an unmount. Corrects several problems with various installation commands and utilities. Fixes a memory leak in the clu_get_info interface. Enhances cluster file system performance when using file locks to coordinate file access. Causes the correct error message for freezefs -q to be displayed on a non-AdvFS file system.
• • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • 170 Fixes a problem in the Memory Channel driver. Corrects a condition that occurs during a rolling upgrade in which the clu_ifaccess script removes the tag file for /etc/ifaccess and sends out a warning message. Forces a reboot to resolve communications problems in a two node cluster rather than hang. Corrects lock acquires after mpsleep. Causes a rebuild delay remainder to be minimally second.
• Fixes several small issues with clu_upgrade: — A "process not found" message displayed when finishing the setup stage of clu_upgrade has been removed. — The ability to roll on a one-node cluster is maintained.
• • • • • • • • • • • • • • • • • • • • • • • • • • • • 172 Fixes an incorrect if statement, which although a low- risk problem, could block access to a disk device. Corrects a confusing error message. Fixes a problem seen in a LAN cluster when the CPUs on a member system are not installed contiguously in the lower order slots. Allows the quorum disk to be used in spite of transient errors with the quorum disk hardware.
• • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • Corrects a kernel memory fault in drd_local_device_close. Fixes a kernel memory fault issue on LAN-based clusters that do not have a Memory Channel adapter installed on the systems. Fixes problem of non-root users not being able to execute the caa_stat command. Provides enhancements to CAA commands and the caad daemon.
• • • • • • • • • • • Corrects trapOID for traps generated from the clu_mibs subagent and provides event definitions for traps in MIB files to support Openview. Fixes an inappropriate message that is displayed during CAA resource relocation when invoked from SysMan. Fixes 64-byte memory leak in the drd/kgs interface. Modifies CNX to check for communication errors while a node joins the cluster. Fixes a synchronization issue with a cluster alias ID set among cluster members.
4 Worldwide Language Support Patches This chapter provides information about the release notes and patches included in Version 5.1B-6 for the Worldwide Language Support (WLS) subset for the Tru64 UNIX operating system. This chapter is organized as follows: • “New Release Notes” section lists release notes that are specific to this kit.
• • Corrects a problem with iconv converter that generates wrong character codes for a Unicode surrogate pair. Includes ICONV_OLD_SURROGATE environment variable for backward compatibility. When the ICONV_OLD_SURROGATE environment variable is set to a non-null value, iconv generates the same codes as before. Patch 28256.00 IOSZHCNBASE540 • Provides modified localization messages for Japanese and Chinese locales.
• • • Provides new error messages for the dtprintinfo and dtwm applications. Makes applications display correct error messages under the Japanese locale setting. Updates the Japanese version of message and uil files to keep up with the English version. Patch 27125.00 IOSJPSYSMAN540 • • • • • Adds localization messages for Japanese locales. The messages are to be added to catch up with the addition of messages in the English version that have been updated after the V5.1B-3 release.
Patch 27214.00 IOSWWBASE540 • Fixes a display width mismatch problem in the zh_CN.GB18030 locale. Patch 27215.00 IOSWWBIN540 • Fixes a problem with the Asian tty that can cause a kernel crash and a hang-up problem during a certain type of the login/logout stress test. Patch 27248.00 IOSWWSYSMAN540 • Corrects a potential security vulnerability where, under certain circumstances, system integrity may be compromised. This may be in the form of improper file access. Patch 27251.
5 CSPs Included in This Kit This chapter lists the customer-specific patches (CSPs) for Tru64 UNIX and TruCluster Server that are superseded by patches in this kit. To find out which CSPs are on your system, use the dupatch utility's patch tracking feature, as described in the Patch Kit Installation Instructions.
New Superseded Tru64 UNIX CSPs The numbers in the following tables represent Tru64 UNIX CSPs that are superseded in the current release. Table 5-1 Superseded CSPs 02298.01 to 02493.00 Patch C 02298.01 Patch C 02356.00 Patch C 02357.00 Patch C 02360.00 Patch C 02363.00 Patch C 02366.00 Patch C 02370.01 180 CSPs Included in This Kit Patch C 02371.01 Patch C 02402.00 Patch C 02410.01 Patch C 02419.00 Patch C 02420.00 Patch C 02422.00 Patch C 02426.00 Patch C 02426.01 Patch C 02432.00 Patch C 02433.
Tru64 UNIX CSPs Superseded in Previous Kits The numbers in the following tables represent Tru64 UNIX CSPs that were included in previous kits. Table 5-2 Superseded CSPs 01936.01 to 02355.00 Patch C 01936.01 Patch C 01937.00 Patch C 01944.04 Patch C 01945.02 Patch C 01947.00 Patch C 01949.00 Patch C 01956.00 Patch C 01960.00 Patch C 01977.00 Patch C 01988.00 Patch C 01990.00 Patch C 02002.00 Patch C 02016.01 Patch C 02017.00 Patch C 02023.00 Patch C 02023.01 Patch C 02026.00 Patch C 02028.00 Patch C 02029.
Table 5-3 Superseded CSPs 00021.00 to 00283.00 Patch C 00021.00 Patch C 00027.00 Patch C 00028.00 Patch C 00029.00 Patch C 00030.00 Patch C 00031.02 Patch C 00034.00 Patch C 00037.00 Patch C 00039.00 Patch C 00041.00 Patch C 00042.00 Patch C 00044.00 Patch C 00051.00 Patch C 00052.00 Patch C 00062.00 Patch C 00063.00 Patch C 00066.00 Patch C 00067.00 Patch C 00073.00 Patch C 00074.00 Patch C 00075.00 Patch C 00075.01 Patch C 00075.02 Patch C 00075.03 Patch C 00076.00 Patch C 00077.00 Patch C 00078.
Table 5-4 Superseded CSPs 00283.01 to 00543.00 Patch C 00283.01 Patch C 00287.00 Patch C 00287.01 Patch C 00288.00 Patch C 00290.00 Patch C 00290.01 Patch C 00291.00 Patch C 00292.00 Patch C 00295.00 Patch C 00296.00 Patch C 00297.00 Patch C 00298.00 Patch C 00299.00 Patch C 00300.00 Patch C 00300.02 Patch C 00300.03 Patch C 00300.04 Patch C 00302.00 Patch C 00302.01 Patch C 00302.02 Patch C 00302.03 Patch C 00303.00 Patch C 00307.00 Patch C 00308.00 Patch C 00308.01 Patch C 00309.03 Patch C 00311.
Table 5-5 Superseded CSPs 00545.00 to 00855.01 Patch C 00545.00 Patch C 00548.00 Patch C 00549.00 Patch C 00552.00 Patch C 00553.00 Patch C 00555.00 Patch C 00556.00 Patch C 00556.01 Patch C 00561.00 Patch C 00562.00 Patch C 00563.00 Patch C 00563.01 Patch C 00564.00 Patch C 00564.01 Patch C 00564.02 Patch C 00567.00 Patch C 00570.00 Patch C 00575.00 Patch C 00583.00 Patch C 00586.00 Patch C 00594.00 Patch C 00599.00 Patch C 00600.00 Patch C 00602.00 Patch C 00603.00 Patch C 00607.00 Patch C 00608.
Table 5-6 Superseded CSPs 00856.00 to 01107.00 Patch C 00856.00 Patch C 00856.01 Patch C 00858.00 Patch C 00859.00 Patch C 00861.00 Patch C 00863.00 Patch C 00865.00 Patch C 00867.00 Patch C 00867.02 Patch C 00868.00 Patch C 00869.00 Patch C 00872.05 Patch C 00875.03 Patch C 00876.0 Patch C 00878.03 Patch C 00880.00 Patch C 00881.00 Patch C 00882.00 Patch C 00883.00 Patch C 00884.00 Patch C 00884.01 Patch C 00885.00 Patch C 00885.01 Patch C 00886.00 Patch C 00887.00 Patch C 00888.00 Patch C 00889.
Table 5-7 Superseded CSPs 00538.01 to 01361.02 Patch C 00538.01 Patch C 00833.00 Patch C 00933.02 Patch C 00999.00 Patch C 01018.00 Patch C 01020.00 Patch C 01028.00 Patch C 01035.00 Patch C 01039.00 Patch C 01046.00 Patch C 01053.00 Patch C 01080.00 Patch C 01087.00 Patch C 01094.00 Patch C 01094.01 Patch C 01101.00 Patch C 01101.01 Patch C 01114.01 Patch C 01114.02 Patch C 01114.03 Patch C 01121.01 Patch C 01130.01 Patch C 01132.00 Patch C 01133.00 Patch C 01134.00 Patch C 01137.00 Patch C 01138.
Table 5-8 Superseded CSPs 01362.00 to Patch C 01934.00 Patch C 01362.00 Patch C 01362.02 Patch C 01363.04 Patch C 01375.00 Patch C 01376.00 Patch C 01379.00 Patch C 01380.00 Patch C 01380.01 Patch C 01382.00 Patch C 01383.00 Patch C 01384.00 Patch C 01385.00 Patch C 01387.00 Patch C 01388.00 Patch C 01388.02 Patch C 01389.00 Patch C 01389.06 Patch C 01389.07 Patch C 01389.10 Patch C 01389.11 Patch C 01389.12 Patch C 01389.15 Patch C 01389.16 Patch C 01392.00 Patch C 01393.00 Patch C 01395.00 Patch C 01397.
New Superseded TruCluster Server CSPs The numbers in the following table represents TruCluster Server CSPs that are superseded in this kit. Table 5-9 New Superseded TruCluster Server CSPs Patch C 00428.00 Patch C 00429.00 Patch C 00434.00 Patch C 00450.00 TruCluster Server CSPs Superseded in Previous Kit The numbers in the following table represents TruCluster Server CSPs that were superseded in previous V5.1B patch kits. Table 5-10 TruCluster CSPs Superseded in Previous V5.1B Kits Patch C 00390.
Table 5-11 TruCluster CSPs Superseded in Previous V5.1B Kits Patch C 00005.00 Patch C 00008.00 Patch C 00009.00 Patch C 00010.00 Patch C 00014.00 Patch C 00014.01 Patch C 00017.00 Patch C 00017.01 Patch C 00017.02 Patch C 00020.00 Patch C 00020.01 Patch C 00022.00 Patch C 00024.00 Patch C 00027.00 Patch C 00027.01 Patch C 00029.00 Patch C 00029.01 Patch C 00030.02 Patch C 00031.00 Patch C 00032.00 Patch C 00033.00 Patch C 00034.00 Patch C 00036.00 Patch C 00037.00 Patch C 00037.01 Patch C 00039.
A Setting Up an Enhanced Distance Cluster An Enhanced Distance Cluster allows a cluster to be extended between two sites up to 100 km apart to assist recovery in the event of a disaster. An Enhanced Distance Cluster provides basic high availability services in the event of the loss of a single component.
• If a site disaster occurs that involves multiple failures, high availability will be lost. Therefore, there needs to be procedures in place for the manual rebooting of the surviving site. The surviving site will work as a normal cluster with minimal or no data loss. • A single, combined span of up to 100 km using three switches and two segments of 50 km. • The configuration must have at least one physical subnet to which all cluster members and the default cluster alias belong.
For example, ORACLE RAC uses a cluster interconnect for its own lock manager traffic and an increase in latency could lead to unpredictable results. Additionally, multi-instance applications can increase the burden on the cluster interconnect and affect inter-member cluster communication so should follow the configuration recommendations in the next section. • An Enhanced Distance Cluster should not be used for the following workloads due to their I/O characteristics and directory locations.
B Prior Patch Installation Changes Beginning with Version 5.1B-2, we changed the way Tru64 UNIX patch kits are installed and removed, and Version 5.1B-3 introduced additional changes. The following sections describe these changes. See the Patch Kit Installation Instructions manual for complete information about installing, removing, and managing Tru64 UNIX patch kits. Changes Made in Version 5.1B-3 If you did not install Version 5.
way the patches are packaged and installed. In this example, the SPO4 identifies the patch as belonging to Version 5.1B-2 (Patch Kit 4), the OSF...540 identifies the subset the patch is included in, and the SSRT2275 indicates a type of security patch. 196 • All or none patch removal As with the installation process, if you want to remove a patch, you must remove all of them. That is, you can no longer select individual patches for removal.
C Component Licensing This appendix provides the licenses for software components included in this kit. HP Tru64 UNIX Version 5.1B-6 Consolidated Patch Kit ATTENTION: USE OF THE SOFTWARE IS SUBJECT TO THE HP Tru64 UNIX Version 5.1B-6 Consolidated Patch Kit SOFTWARE LICENSE AGREEMENT BELOW. YOU MUST REVIEW THE AGREEMENT AND EITHER ACCEPT OR NOT ACCEPT THE AGREEMENT. IF YOU DO NOT ACCEPT THE AGREEMENT, YOU MAY NOT USE THE SOFTWARE.
1) The terms set forth herein; and 2) HP's third party suppliers' terms that accompany the Software. In the event of a conflict, the third party suppliers' terms that accompany the Software will take precedence over the terms set forth herein. The terms applicable to this transaction in total are referred t o as the "Agreement". A valid software license to use HP Tru64 UNIX Version 5.
e) Updates, upgrades or other enhancements are only available under HP Support agreements. HP reserves the right to require additional licenses and fees for Use of the Software on Devices other than the Devices in which the Bundled Software were installed by HP. f) Customer will not modify, disassemble or decompile the Software without HP's prior written consent.
DFARS 252.227-7014(Jun 1995) or as a "commercial item" as defined in FAR 2.101(a), or as "Restricted computer software" as defined in FAR 52.227-19 (Jun 1987) (or any equivalent agency regulation or contract clause), whichever is applicable. The Customer agrees that it has only those rights provided for such Software by the applicable FAR or DFARS clause or the HP standard software agreement for the product involved. 4.
INFORMATIONAL CONTENT, AND FITNESS FOR A PARTICULAR PURPOSE WITH RESPECT TO THE ANCILLARY SOFTWARE; THE ENTIRE RISK AS TO THE RESULTS AND PERFORMANCE OF THE ANCILLARY SOFTWARE IS ASSUMED BY YOU. Software Limited Warranty. HP warrants to you that the Software will not fail to execute its programming instructions after the date of purchase, for the period specified above, due to defects in material and workmanship when properly installed and used.
OF THIS AGREEMENT SHALL BE LIMITED TO THE GREATER OF THE AMOUNT ACTUALLY PAID BY YOU FOR THE SOFTWARE OR U.S.$5.00. Your use of the Software is entirely at your own risk. Some jurisdictions do not allow the exclusion or limitation of liability for incidental or consequential damages, so the above limitation may not apply to you to the extent prohibited by such local laws. Note.
separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner.
do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License.
Copyright [yyyy] [name of copyright owner] Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
httpd@ncsa.uiuc.edu Copyright (C) 1995, Board of Trustees of the University of Illinois md5.c: NCSA HTTPd code which uses the md5c.c RSA Code Original Code Copyright (C) 1994, Jeff Hostetler, Spyglass, Inc. Portions of Content-MD5 code Copyright (C) 1993, 1994 by Carnegie Mellon University (see Copyright below). Portions of Content-MD5 code Copyright (C) 1991 Bell Communications Research, Inc. (Bellcore) (see Copyright below). Portions extracted from mpack, John G. Myers - jgm+@cmu.
Algorithm" in all material mentioning or referencing this software or this function. License is also granted to make and use derivative works provided that such works are identified as "derived from the RSA Data Security, Inc. MD5 Message-Digest Algorithm" in all material mentioning or referencing the derived work. RSA Data Security, Inc. makes no representations concerning either the merchantability of this software or the suitability of this software for any particular purpose.
Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All rights reserved. License to copy and use this software is granted provided that it is identified as the "RSA Data Security, Inc. MD4 Message-Digest Algorithm" in all material mentioning or referencing this software or this function. License is also granted to make and use derivative works provided that such works are identified as "derived from the RSA Data Security, Inc.
distribution. 3. The end-user documentation included with the redistribution, if any, must include the following acknowledgment: "This product includes software developed by the Apache Software Foundation (http://www.apache.org/)." Alternately, this acknowledgment may appear in the software itself, if and wherever such third-party acknowledgments normally appear. 4.
documentation for any purpose is hereby granted without fee, provided that the above copyright notice appear in all copies and that both that copyright notice and this permission notice appear in supporting documentation, and that the name of M.I.T. not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission. M.I.T. makes no representations about the suitability of this software for any purpose.
This software is provided "as is" and any express or implied waranties, including but not limited to, the implied warranties of merchantability and fitness for a particular purpose are disclaimed. In no event shall Zeus Technology Ltd. be liable for any direct, indirect, incidental, special, exemplary, or consequential damaged (including, but not limited to, procurement of substitute good or services; loss of use, data, or profits; or business interruption) however caused and on theory of liability.
* * * * * * * * * * * * * 4. Redistributions of any form whatsoever must retain the following acknowledgment: "This product includes software developed by Computing Services at Carnegie Mellon University (http://www.cmu.edu/computing/).
1.7. "Larger Work" means a work which combines Covered Code or portions thereof with code not governed by the terms of this License. 1.8. "License" means this document. 1.8.1. "Licensable" means having the right to grant, to the maximum extent possible, whether at the time of the initial grant or subsequently acquired, any and all of the rights conveyed herein. 1.9. "Modifications" means any addition to or deletion from the substance or structure of either the Original Code or any previous Modifications.
Original Code (or portions thereof). (c) the licenses granted in this Section 2.1(a) and (b) are effective on the date Initial Developer first distributes Original Code under the terms of this License. (d) Notwithstanding Section 2.
Electronic Distribution Mechanism to anyone to whom you made an Executable version available; and if made available via Electronic Distribution Mechanism, must remain available for at least twelve (12) months after the date it initially became available, or at least six (6) months after a subsequent version of that particular Modification has been made available to such recipients.
Initial Developer or such Contributor as a result of warranty, support, indemnity or liability terms You offer. 3.6. Distribution of Executable Versions. You may distribute Covered Code in Executable form only if the requirements of Section 3.1-3.5 have been met for that Covered Code, and if You include a notice stating that the Source Code version of the Covered Code is available under the terms of this License, including a description of how and where You have fulfilled the obligations of Section 3.2.
6.3. Derivative Works.
alleging that such Participant's Contributor Version directly or indirectly infringes any patent where such claim is resolved (such as by license or settlement) prior to the initiation of patent infringement litigation, then the reasonable value of the licenses granted by such Participant under Sections 2.1 or 2.2 shall be taken into account in determining the amount or value of any payment or license. 8.4. In the event of termination under Sections 8.1 or 8.
out of its utilization of rights under this License and You agree to work with Initial Developer and Contributors to distribute such responsibility on an equitable basis. Nothing herein is intended or shall be deemed to constitute any admission of liability. 13. MULTIPLE-LICENSED CODE. Initial Developer may designate portions of the Covered Code as "Multiple-Licensed".
Individual files and/or contributed packages may be copyright by other parties and subject to additional restrictions. This work is derived from the University of Michigan LDAP v3.3 distribution. Information concerning this software is available at < http://www.umich.edu/~dirsvcs/ldap/. This work also contains materials derived from public sources. Additional information about OpenLDAP can be obtained at < http://www.openldap.org/. --Portions Copyright 1998-2004 Kurt D. Zeilenga.
materials and delivery. (b) Redistributions are accompanied by a copy of the Source Code or by an irrevocable offer to provide a copy of the Source Code for up to three years at the cost of materials and delivery. Such redistributions must allow further use, modification, and redistribution of the Source Code under substantially the same terms as this license. For the purposes of redistribution "Source Code" means the complete compilable and linkable source code of sendmail including all modifications. 2.
1. Definitions. "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity.
where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted.
appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License. 8. Limitation of Liability.
The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it.
is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). Whether that is true depends on what the Program does. 1.
1 and 2 above on a medium customarily used for software interchange; or, b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, c) Accompany it with the information you received as to the offer to distrib
license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program. If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances.
12.
the U.S. government, the Government shall have only "Restricted Rights" in the software and related documentation as defined in the Federal Acquisition Regulations (FARs) in Clause 52.227.19 (c) (2). If you are acquiring the software on behalf of the Department of Defense, the software shall be classified as "Commercial Computer Software" and the Government shall have only "Restricted Rights" as defined in Clause 252.227-7013 (c) (1) of DFARs. Notwithstanding the foregoing, the authors grant the U.S.
c. give non-standard executables non-standard names, and clearly document the differences in manual pages (or equivalent), together with instructions on where to get the Standard Version. d. make other distribution arrangements with the Copyright Holder. 5. You may charge a reasonable copying fee for any distribution of this Package. You may charge any fee you choose for support of this Package. You may not charge a fee for this Package itself.
