Patch Name: PHCO_24542

Patch Description: s700_800 11.00 libsec cumulative patch

Creation Date: 01/07/06

Post Date: 01/08/06

Hardware Platforms - OS Releases:
	s700: 11.00
	s800: 11.00

Products: N/A

Filesets:
	OS-Core.UX-CORE,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP
	ProgSupport.PROG-MIN,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP
	OS-Core.CORE-SHLIBS,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP
	OS-Core.CORE-64SLIB,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP
	ProgSupport.PROG-MN-64ALIB,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP

Automatic Reboot?: No

Status: General Release

Critical:
	Yes
	PHCO_24542: ABORT
	PHCO_23422: OTHER
		Reduces potential severe performance impact on a
		Trusted System with a very large I/O buffer cache
		and heavy I/O; the system may appear to be hung.

Category Tags:
	defect_repair enhancement general_release critical
	halts_system

Path Name: /hp-ux_patches/s700_800/11.X/PHCO_24542

Symptoms:
	PHCO_24542:
	(SR: 8606107314 CR: JAGab77493)
	On a trusted system, certain devices do not lock
	properly.

	(SR: 8606206706 CR: JAGad75879)
	On a trusted system, libsec could core dump when
	called by a multithreaded application.

	PHCO_23422:
	(SR: 8606180704 CR: JAGad49925)
	There are severe login delays on a Trusted System with a
	large I/O buffer cache; the system appears to be hung.

	(SR: 8606176050 CR: JAGad45290)
	Libsec could core dump in rare circumstances.

	This patch also removes the change that was done in the
	previous libsec patch - PHCO_20771, since that patch does
	not fix the problem it was intended to fix. That problem
	has now been fixed in inetd patch PHNE_21835.

	PHCO_20771:
	(SR: 8606124802 CR: JAGac40194)
	Child inetd process hangs for non-root service on trusted
	11.0 system with PHNE_17027 installed.

	PHCO_17622:
	(SR: 1653271601 CR: JAGaa51497)
	Login cannot obtain database info for some pty terminals.

Defect Description:
	PHCO_24542:
	(SR: 8606107314 CR: JAGab77493)
	On a trusted system, certain devices do not lock
	properly, because libsec improperly identifies
	them as pseudo-devices.

	Resolution:
	Updated the pseudo-device identification algorithm.

	(SR: 8606206706 CR: JAGad75879)
	On a trusted system, a multithreaded application may
	coredump if it calls libsec with more than one thread.
	Libsec does not support two or more simultaneous threads,
	however, a coredump could occur even in the case where
	the threads are not simultaneous.

	Resolution:
	Libsec now properly handles two or more non-simultaneous
	threads.

	PHCO_23422:
	(SR: 8606180704 CR: JAGad49925)
	A login to a Trusted System with a very large buffer cache
	can take an extremely long time, because libsec sync's the
	entire buffer cache each time it updates the /tcb database.

	Resolution:
	Libsec no longer sync's the entire buffer cache when it
	updates the /tcb database. Now it syncs only the database
	files which were modified.

	(SR: 8606176050 CR: JAGad45290)
	A buffer allocated in libsec is too small and could cause
	a core dump.

	Resolution:
	Increased the size of a buffer that could overflow.

	PHCO_20771:
	(SR: 8606124802 CR: JAGac40194)
	Customer has a process spawned by inetd that needs to run
	as a non-root user. The environment is trusted HP-UX 11.0.
	After installing PHNE_17027, when a request for the
	non-root service arrives, inetd forks a child which hangs
	prior to exec'ing the appropriate executable.
	The problem is because some libsec functions leave the
	"default file" file pointer open after returning, and
	think the file pointer is still opened and usable after
	someone else (inetd in this case) closes all opened file
	descriptors.

	Resolution:
	The relevant libsec functions now close the "default file"
	file pointer (via a endprdfent call) before returning.

	PHCO_17622:
	(SR: 1653271601 CR: JAGaa51497)
	Missing pty entries in /tcb/files/ttys and devasign files.

	Resolution:
	The fix is for libsec to generate the pty structures needed
	by the caller routines without looking up the databases.
	The ttys and devassign files were never intended for ptys.

SR:
	8606124802 1653271601 5003431114 8606180704 8606176050
	8606107314 8606206706

Patch Files:
	
	OS-Core.UX-CORE,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP:
	/usr/lib/nls/msg/C/libsec.cat

	ProgSupport.PROG-MIN,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP:
	/usr/lib/libsec.a

	OS-Core.CORE-SHLIBS,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP:
	/usr/lib/libsec.2

	OS-Core.CORE-64SLIB,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP:
	/usr/lib/pa20_64/libsec.2

	ProgSupport.PROG-MN-64ALIB,fr=B.11.00,
		fa=HP-UX_B.11.00_32/64,v=HP:
	/usr/lib/pa20_64/libsec.a

what(1) Output:
	
	ProgSupport.PROG-MIN,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP:
	/usr/lib/libsec.a:
		$Revision: 82.25 $

	OS-Core.UX-CORE,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP:
	/usr/lib/nls/msg/C/libsec.cat:
		None

	OS-Core.CORE-SHLIBS,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP:
	/usr/lib/libsec.2:
		$Revision: 82.25 $

	OS-Core.CORE-64SLIB,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP:
	/usr/lib/pa20_64/libsec.2:
		$Revision: 82.25 $

	ProgSupport.PROG-MN-64ALIB,fr=B.11.00,
		fa=HP-UX_B.11.00_32/64,v=HP:
	/usr/lib/pa20_64/libsec.a:
		$Revision: 82.25 $

cksum(1) Output:
	
	ProgSupport.PROG-MIN,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP:
	668610955 124704 /usr/lib/libsec.a

	OS-Core.UX-CORE,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP:
	83746606 416 /usr/lib/nls/msg/C/libsec.cat

	OS-Core.CORE-SHLIBS,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP:
	4166985483 147456 /usr/lib/libsec.2

	OS-Core.CORE-64SLIB,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP:
	4166034636 141048 /usr/lib/pa20_64/libsec.2

	ProgSupport.PROG-MN-64ALIB,fr=B.11.00,
		fa=HP-UX_B.11.00_32/64,v=HP:
	1378217045 228338 /usr/lib/pa20_64/libsec.a

Patch Conflicts: None

Patch Dependencies: None

Hardware Dependencies: None

Other Dependencies: None

Supersedes:
	PHCO_17622 PHCO_20771 PHCO_23422

Equivalent Patches:
	PHCO_24613:
	s700: 11.11
	s800: 11.11

Patch Package Size: 670 KBytes

Installation Instructions:
	Please review all instructions and the Hewlett-Packard
	SupportLine User Guide or your Hewlett-Packard support terms
	and conditions for precautions, scope of license,
	restrictions, and, limitation of liability and warranties,
	before installing this patch.
	------------------------------------------------------------
	1. Back up your system before installing a patch.

	2. Login as root.

	3. Copy the patch to the /tmp directory.

	4. Move to the /tmp directory and unshar the patch:

		cd /tmp
		sh PHCO_24542

	5. Run swinstall to install the patch:

		swinstall -x autoreboot=true -x patch_match_target=true \
			  -s /tmp/PHCO_24542.depot

	By default swinstall will archive the original software in 
	/var/adm/sw/save/PHCO_24542.  If you do not wish to retain a
	copy of the original software, use the patch_save_files option:

		swinstall -x autoreboot=true -x patch_match_target=true \
			  -x patch_save_files=false -s /tmp/PHCO_24542.depot

	WARNING: If patch_save_files is false when a patch is installed,
		 the patch cannot be deinstalled.  Please be careful
		 when using this feature.

	For future reference, the contents of the PHCO_24542.text file is 
	available in the product readme:

		swlist -l product -a readme -d @ /tmp/PHCO_24542.depot

	To put this patch on a magnetic tape and install from the
	tape drive, use the command:

		dd if=/tmp/PHCO_24542.depot of=/dev/rmt/0m bs=2k

Special Installation Instructions: None

