Dear SCO Customer,
UnixWare 7.1.4 Maintenance Pack 4 (MP4) is a required update for your UnixWare 7.1.4 system and should be applied at your next maintenance period. This Maintenance Pack contains updated features, fixes, and security updates as well as all the features and fixes delivered in previous UnixWare 7.1.4 Maintenance Packs.
Please read the following notes and recommendations before you begin installing the Maintenance Pack.
In addition to these installation and release notes, the /info directory on the UnixWare 7.1.4 MP4 CD provides additional documentation. In particular, that directory provides this document in txt, html, and pdf formats; HBA and NICs device driver README files; Java release notes; and additional Samba configuration information (as outlined in the Samba Environment portion of the §7.4: Maintenance Pack 4 Highlights
The UnixWare 7.1.4 Maintenance Pack 4 should only be installed on:
UnixWare 7.1.4
If you are performing an in place upgrade to UnixWare 7.1.4 from UnixWare 7.1.1, UnixWare 7.1.2 (Open UNIX 8.0.0), or UnixWare 7.1.3, you must be sure to reboot the system after upgrading to Release 7.1.4 and before installing this maintenance pack.
Perform a full backup of your system and verify the integrity of the backup before you install the Maintenance Pack. It is always a good idea to have a full system backup available before beginning any system update procedure.
The maintenance pack consists of the Maintenance Pack Set, plus a number of updated packages that are separate from the Maintenance Pack Set, as shown in the following table. A green version number in the table indicates when a new version of a package was introduced.
uw714mp4 - UnixWare 7.1.4 Maintenance Pack 4 Set
The uw714mp4 set installs these seven packages: |
||||||||
Package Name and Description | UW714 | MP1 | MP2 | MP3 | post MP3 |
MP4 | ||
1 | uw714m4 | UnixWare 7.1.4 Maintenance Pack 4 | 7.1.4 | |||||
2 | libC | UnixWare Runtime C++ Library | 8.0.2 | 8.0.2d | ||||
3 | libc | Runtime C Library | 8.0.2 | 8.0.2a | 8.0.2b | 8.0.2c | 8.0.2e | |
4 | libthread | Runtime Thread Library | 8.0.2 | 8.0.2a | 8.0.2a |
8.0.2a |
8.0.2b | |
5 | pam | Pluggable Authentication Modules | New in MP1 | 0.77 | 0.77 |
0.77a | 0.77c | |
6 | udienv | UDI 1.01 Runtime Environment | 8.0.2 | 8.0.2c | 8.0.2d | |||
7 | usb | USB 2.0 Drivers | 8.0.2 | 8.0.2c | 8.0.2c | |||
UnixWare Packages These packages and the Open Source packages that follow can be installed after you install uw714mp4: |
||||||||
Package Name and Description | UW714 | MP1 | MP2 | MP3 | post MP3 |
MP4 | ||
1 | nics | Network Infrastructure and Configuration Subsystem | 8.0.2 | 8.0.2a | 8.0.2b | 8.0.2c | 8.0.2d | |
2 | nd | Network Drivers | 8.0.2 | 8.0.2b | 8.0.2c | 8.0.2f | ||
3 | ldap | Lightweight Directory Access Protocol services | 8.0.1 | 8.0.1a | 8.0.1a |
8.0.1a | ||
4 | libosr | Runtime OpenServer Libraries | 8.0.2 | 8.0.2a | 8.0.2a |
8.0.2a | ||
5 | uccs | OUDK Optimizing C Compilation System | 8.0.2 | 8.0.2a | 8.0.2b | 8.0.2c | 8.0.2d | |
6 | uw7mpdoc | Updated Guides and Manual Pages | New in MP1 | 7.1.4a | 7.1.4a | 7.1.4a | 7.1.4a | |
7 | basex | X11R6 Base X Runtime System | 8.0.2 | 8.0.2a | 8.0.2b | 8.0.2c | ||
8 | xserver | X11R6 X Server | 8.0.2 | 8.0.2a | 8.0.2b | 8.0.2c | 8.0.2e | |
9 | xclients | X11R6 X Clients | 8.0.2 | 8.0.2a | 8.0.2.a |
8.0.2.a |
||
10 | xcontrib | X11R6 Contributed X Clients | 8.0.2 | 8.0.2a | 8.0.2b | 8.0.2c | 8.0.2c | |
11 | xdrivers | X11R6 Graphics Drivers | 8.0.2 | 8.0.2a | 8.0.2b | 8.0.2b | ||
12 | j2jre131 | Java 2 SE 1.3.1 Runtime Environment | 1.3.1.10 | 1.3.1.22 | ||||
13 | j2sdk131 | Java 2 SE 1.3.1 Software Development Kit | 1.3.1.10 | 1.3.1.22 | ||||
14 | j2plg131 | Java 2 SE 1.3.1 Java Plug-in | 1.3.1.10 | 1.3.1.22 | ||||
15 | j2pls131 | Java 2 SE 1.3.1 Demos & Debug | 1.3.1.10 | 1.3.1.22 | ||||
16 | j2jre142 | Java 2 SE 1.4.2 Runtime Environment | 1.4.2.03 | 1.4.2.17 | ||||
17 | j2sdk142 | Java 2 SE 1.4.2 Software Development Kit | 1.4.2.03 | 1.4.2.17 | ||||
18 | j2plg142 | Java 2 SE 1.4.2 Java Plug-in | 1.4.2.03 | 1.4.2.17 | ||||
19 | j2jre150 | Java 2 SE 5.0 Runtime Environment | New in MP4 | 1.5.0.15 | ||||
20 | j2sdk150 | Java 2 SE 5.0 Software Development Kit | New in MP4 | 1.5.0.15 | ||||
21 | j2plg150 | Java 2 SE 5.0 Java Plug-in | New in MP4 | 1.5.0.15 | ||||
Open Source Packages | ||||||||
Package Name and Description | UW714 | MP1 | MP2 | MP3 | post MP3 |
MP4 | ||
1 | zlib | General Purpose Data Compression Library | 1.2.1 | 1.2.1-01 | 1.2.3 | 1.2.3 | ||
2 | openssl | OpenSSL | 0.9.7c | 0.9.7d | 0.9.7d |
0.9.7i | 0.9.7ia | |
3 | openssld | OpenSSL Documentation | 0.9.7c | 0.9.7d | 0.9.7d |
0.9.7i | 0.9.7i | |
4 | db | Berkeley DB Library | 4.1 | 4.1.25 | 4.4.20 | 4.4.20 | ||
5 | libpng | PNG (Portable Network Graphics) Library | 1.2.5 | 1.2.7 | 1.2.7 | 1.2.12a | ||
6 | tiff | TIFF Library and Utilities | 3.5.7 | 3.7.3 | 3.7.3 | |||
7 | gs | ESP Ghostscript | 7.05.6 | 7.07.1 | 7.07.1-02 | |||
8 | cups | Common Unix Printing System | 1.1.19-01 | 1.1.19-02 | 1.1.19-03 | 1.1.19-03 |
1.3.3 | |
9 | foomatic | Foomatic Filters and PPDs | 3.0.0-01 | 3.0.0-02 | 3.0.2 | 3.0.2 |
3.0.2 | |
10 | hpijs | HP Inkjet Printer Driver | 1.5 | 1.5-01 | 1.5-02 | 1.5-02 |
1.5-02 | |
11 | gzip | GNU file compression utilities | 1.2.4 | 1.3.5 | 1.3.5 | |||
12 | cdrtools | Cdrtools A set of tools for CD/DVD Recorders | 2.01a27 | 7.1.4 (2.01.01a01) |
7.1.4 (2.01.01a01) |
|||
13 | openssh | Open Secure Shell | 3.7.1p2 | 3.8.1p1 | 3.9p1-01 | 4.2p1 | 4.6p1 | |
14 | openldap | OpenLDAP Software Suite(*) | 2.1.22 | 2.1.22-01 | 2.3.27 | 2.3.27 | ||
15 | samba | Samba(**) | 3.0.0 | 3.0.4 | 3.0.10 | 3.0.10 | 3.0.24 | 3.0.24-01 |
16 | squid | Squid Caching Proxy Server | 2.4.STABLE7 | 2.5.STABLE7 | 2.5.STABLE12 | 2.5.STABLE12 | ||
17 | modjk | mod_jk Apache Tomcat Connector*** | New in MP4 | 1.2.25-03 | 1.2.25-03 | |||
18 | MySQL | MySQL multithreaded SQL database server | 3.23.49 | 4.1.11 | 5.0.19 | 5.0.19 | ||
19 | mozilla | Mozilla 1.7.12 | 1.2.1b | 1.7.12 | 1.7.13a | |||
20 | ipf | IP Filter | New in MP2 | 4.1.3 | 4.1.3a | 4.1.3a | ||
21 | cupsdev | Common Unix Printing System Development Environment | 1.1.19 | 1.3.3 | ||||
22 | cupsle | Common Unix Printing System Language Extension | New in MP4 | 1.3.3 | ||||
23 | curl | cURL | 7.10.3-2 | 7.15.1 | ||||
24 | heimdal | Heimdal Kerberos 5 Implementation | New in Samba Supplement |
0.6.6 | 0.6.6 | |||
25 | javasoap | javasoap - Apache Axis SOAP Web Services and Apache Xerces-J XML Parser |
1.0 | 1.2 | ||||
26 | jpeg | JPEG Library and Utilities | 6b | 6b | ||||
27 | mplayer | MPlayer - movie player | New in MP4 | 1.0 | 1.0 | |||
28 | openslp | Open Service Location Protocol | 1.0.6a | 1.0.6a | ||||
29 | perl | The Perl Programming Language | 5.8.3 | 5.8.8 | 5.8.8a | |||
30 | perlmods | Additional Modules for Perl | 5.8.3 | 5.8.8 | 5.8.8 | |||
31 | pgsql | PostgreSQL Database Management System | 7.4.2 | 8.2.6-01 | ||||
32 | readline | GNU Readline Library | New in Samba Supplement |
5.1 | 5.1 | |||
33 | sasl | Cyrus-SASL | New in MP4 | 2.1.22 | ||||
34 | sendmail | Sendmail | New in MP4 | 8.13.8 | ||||
35 | tomcat | tomcat - Apache Tomcat app server for Java servlets, JSP, web services |
4.1.30 | 4.1.31 | 4.1.31-01 | |||
HBA Packages (install separately) | ||||||||
Package Name and Description | UW714 FCS CD #1 |
UW714 HBA CD |
MP1/MP2 | MP3 | post MP3 |
MP4 | ||
1 | aacraid | aacraid - Adaptec AACRAID Family PCI SCSI IHV HBA | 8.0.2 | 8.0.3 | 8.0.3 | |||
2 | adp94xx | adp94xx - Adaptec SAS HostRaid HBA | 1.4 | 1.4 | ||||
3 | ahci | ahci - AHCI HBA Driver | 1.2 | 1.2 | ||||
4 | ide | ide - Generic IDE/ATAPI Driver | 7.1.3b | 7.1.4a | 7.1.4g | 7.1.4g | ||
5 | mega | mega - LSI Logic MegaRAID HBA | 8.0.2 | 8.0.3b | 8.0.3b | |||
6 | megasas | megasas - LSI Logic MegaRAID SAS HBA | 1.1 | 1.1 | ||||
7 | mpt | mpt - LSI Logic MPT IHV HBA | 8.0.1 |
8.0.2 | 8.1.0 | 8.1.0 |
* The OpenLDAP package for both the Samba supplement (a post UnixWare 7.1.4 MP3 supplement that is superseded by UnixWare 7.1.4 MP4) and MP4 includes three distributions: openldap; pam_ldap-180 (also provided in MP3); and nss_ldap-257.
** The samba package, as of the Samba Supplement and MP4, includes the Samba and smbldap-tools version 0.9.2 distributions.
*** UnixWare 7.1.4 MP4 provides the modjk package for the first time. modjk replaces the earlier modjk1, "mod_jk2 for Apache 1," package. The modjk1 package (version 2.0.4) was introduced in UnixWare 7.1.4 MP1 and provided in UnixWare 7.1.4 MP2 and MP3.
NOTES:
# install.sh <pkgname>where <pkgname> is the name of the package you are reinstalling.
For example, if you have already installed version 2.3.27 of the openldap package, running
# install.shwith no arguments will not display openldap in the package selection menu. Therefore, if you want to reinstall openldap version 2.3.27 over itself, issue the command
# install.sh openldap
This maintenance pack supersedes and obsoletes:
uw714mp1 | UnixWare 7.1.4 Maintenance Pack 1 Set |
uw714mp2 | UnixWare 7.1.4 Maintenance Pack 2 Set |
uw714mp3 | UnixWare 7.1.4 Maintenance Pack 3 Set |
ptf9050 | UnixWare 7.1.4 Licensing Supplement |
ptf9051 | UnixWare 7.1.4 Maintenance Pack 2 Supplement |
ptf9052 | ptf9052 - UnixWare 7.1.4 Maintenance Pack 3 Supplement |
ptf9053 | ptf9053 - UnixWare Australia Timezone Update |
ptf9054 | ptf9054 - UnixWare 7.1.4 Processor Licensing Update |
These packages and sets do not need to be removed prior to installing uw714mp4; the uw714mp4 installation locks down these packages so that they are no longer removable.
An install.sh script is provided to simplify installation, as described in the §2: Installing the Maintenance Pack section below. Use of this script is highly recommended.
The install.sh script installs the following:
Installing uw714mp4 will update the libc, libC, and libthread runtime libraries; the uw714m4 patch; the required pam package; and update the udi and udiusb device drivers packages. The runtime libraries and device driver packages, once installed, are not removable.
The uw7mpdoc package.
Newer versions of the updated packages listed above, provided either:
Alternatively, with care you can install packages individually. Note that this can be time consuming since many packages depend on other packages. So, in addition to the packages you want to install, you need to determine which prerequisite packages must be installed. Then you need to determine the order to install all these packages. install.sh simplifies this process for you by accounting for all these permutations.
If you did not install some of the above packages when initially installing UnixWare 7.1.4, you can do so using the install.sh script. You do not need to first install the original UnixWare 7.1.4 versions. Please refer to the §2: Installing the Maintenance Pack section below.
A mkiso.sh script is provided with this maintenance pack to create custom maintenance pack ISO image files and/or CDs from the original maintenance pack ISO image file or CD, as described in the Custom CD Creation Instructions section below.
NOTE:
- To use this feature, you need the cdrtools package installed.
- To burn the custom ISO image file, you need a writable CD drive and CD Media.
If your system was originally installed with a release prior to UnixWare 7.1.3 and has the obsolete scohelp package installed, we recommend removing scohelp before you add the MP. This will ensure the full benefit of the security enhancements in the MP (changes to numerous file and directory permissions). To see if scohelp is installed, enter the following shell command:
# pkginfo scohelp
To remove the package, enter the following two commands as root:
# /etc/scohelphttp stop # pkgrm scohelp
UnixWare 7.1.4 MP4 includes an upgrade to sendmail 8.13.8. In addition, 7.1.4 MP4 provides sendmail as part of a separate self-updating package, also named sendmail. Previously, sendmail was part of the base system package.
Delivery of sendmail in a self-updating package carries two implications going forward:
It is possible to deselect installation of the new sendmail package, but the old sendmail hasn't been tested with UnixWare 7.1.4 MP4, and is not supported going forward.
Also, the new sendmail daemon is automatically started during installation of the sendmail package unless your system has SCOoffice installed.
Removal of modjk1 does not undo changes made to the httpd.conf file as part of the installation of modjk1. As a result, /etc/apache startssl will not succeed and applications such as The SCO Mobile Hipcheck™ Server 1.1 may not function correctly.
So if you previously installed modjk1 and are upgrading to modjk (strongly recommended), then before you upgrade, please edit the file /usr/lib/apache/conf/httpd.conf and remove these two lines:
LoadModule jk2_module libexec/libmod_jk2.so AddModule mod_jk2.c
UnixWare 7.1.4's tomcat package cannot be installed on a system that is being used to run the SCO Mobile Server, either as part of the HipCheck server product (set HCms, package HCservice) or standalone (package SCOms). This is because of a conflict between the libraries and configuration information for the two Java-based application servers involved.
NOTE: This also means that the HipCheck agent (package HcSCOUA), which relies upon Tomcat, cannot be installed on a system that is running the SCO Mobile Server.
IMPORTANT: Upgrading OpenLDAP from version 2.1.22 or 2.1.22-01 to version 2.3.27 will result in any existing OpenLDAP database data no longer being accessible. To make existing data accessible, the database should be backed up before the upgrade and then restored following the upgrade.
The following procedure can be used to backup an existing OpenLDAP database:# kill `ps -e | grep slapd | awk '{print $1}'`
# slapcat -l /var/openldap-data/openldap.ldif
After the OpenLDAP upgrade, the OpenLDAP database backup can be restored using the following procedure:
# ls -1 /etc/openldap DB_CONFIG.example ldap.conf ldap.conf.default ldap.conf.pre2.3.27 schema slapd.conf slapd.conf.default slapd.conf.pre2.3.27 # ls -1 /etc/openldap/schema README corba.schema corba.schema.default corba.schema.pre2.3.27 ...
# cd /var # mv openldap-data openldap-data.bak # mkdir openldap-data # chmod 700 openldap-data
# slapadd -l /var/openldap-data.bak/openldap.ldif
A warning will display, although it doesn't affect the restoration of the database:
bdb_db_open: Warning - No DB_CONFIG file found in directory /var/openldap-data: (2) Expect poor performance for suffix dc=my-domain,dc=com.
DB_CONFIG.example can be used to create /var/openldap-data/DB_CONFIG, to avoid warnings as with the slapadd command above. See /usr/share/db/doc/index.html for more information.
PostgreSQL 8.2.6 is included on the UnixWare 7.1.4 Maintenance Pack CD. This release of the PostgreSQL Database Server includes many performance and security enhancements. Systems running a prior release of PostgreSQL are encouraged to upgrade in order to take advantage of these features.
However, to provide these features, PostgreSQL 8.2.6 includes a change in internal database format and is a major upgrade from PostgreSQL 7.x and PostgreSQL 8.1.3. For this reason, you must perform a dump and subsequent restore of all PostgreSQL 7.x/8.1.3 databases that you want to preserve across the upgrade. Detailed instructions on this process are provided below.
To preserve data from a PostgreSQL 7.x or PostgreSQL 8.1.3 database and restore the data into a PostgreSQL 8.2.6 database on UnixWare 7, follow this procedure.
On the system running PostgreSQL 7.x/8.1.3, log in as the PostgreSQL super-user:
# su - postgres
Perform a dump of the databases you wish to preserve using either pg_dumpall(1) or pg_dump(1). Backing up all databases using pg_dumpall is the recommended procedure.
For example, to preserve all databases in a cluster, you could enter the shell command:
$ pg_dumpall > exampledb.out
To preserve only the database /exampledb/, you could enter the shell command:
$ pg_dump -F c -f exampledb.out exampledb
Move the existing default data directory to your PostgreSQL backups directory:
$ mkdir backups $ mv data backups/data-7.4.7
$ mkdir backups $ mv data backups/data-8.1.3
Exit the PostgreSQL super-user account
Install PostgreSQL from the UnixWare 7.1.4 MP4 CD by following the instructions below in §2: Installing the Maintenance Pack.
Log in as the PostgreSQL super-user:
# su - postgres
Restore the preserved databases from any previous dumps, as in this example for the database we backed up in Step 2:
$ psql -f exampledb.out postgres
Reboot the system.
Detailed documentation on backing up and restoring PostgreSQL databases is available both in the online documentation:
``Migration Between Releases''
``Backup and Restore''
And, online at the PostgreSQL web site:
http://www.postgresql.org/docs/8.2/static/migration.html
http://www.postgresql.org/docs/8.2/static/backup.html
More Information
If you have questions regarding this supplement, or the product on which it is installed, please contact your software supplier or support representative.
Log in as root.
Do one of the following:
If you are installing the maintenance pack from CD, insert the maintenance pack CD into the primary CD drive and enter:
# mount /dev/cdrom/cdrom1 /install
If you are installing this maintenance pack from the web, download the uw714mp4.iso file to your server from:
http://www.sco.com/support/update/download/release.php?rid=337
In the directory where you downloaded the uw714mp4.iso file, enter:
# mount `marry -a uw714mp4.iso` /install
Change directory to /install:
# cd /install
Do one of the following:
To install the required uw714mp4 set and the updated packages on your system, enter:
# ./install.sh
This will show you a menu screen asking whether you want to review the list of packages to be installed, or accept the default list determined by install.sh. Typically you would answer yes.
If you answer yes to the first screen, you will then be shown a menu screen listing the names of the packages that are part of this maintenance pack. By default:
The menu screen displays ten packages at a time:
Based on your package selection (or the default package selection if you answered no at the first screen), additional per-package prompts are displayed and a final package dependency check is done. If any missing package dependency are detected, install.sh lists those and allows you to revise your package selections.
Then all the MP4 packages are installed without additional user prompting. At the conclusion of the installation a status message is displayed enumerating which packages were installed and whether there were any installation failures (along with a listing of any package that did not successfully install).
NOTE: The install.sh script also accepts two options, -n (non-interactive) and -v (verbose). The -n flag skips the menu screens and proceeds to install the default selection of packages. This includes setting certain package options such as (in some cases) removing the deprecated modjk1 package and Mozilla 1.2.x (if installed). The -v flag provides more status information during the installation.
To individually install packages and or the uw714mp4 set, enter:
# ./install.sh [packages]
where packages can be the uw714mp4 set or any of the packages listed in Section I, except for packages in the uw714mp4 set and the HBAs. The entire uw714mp4 set should be selected for installation and the HBA are separately installed (see the next step of this procedure).
You should update the corresponding HBA device drivers if you are experiencing issues with an HBA that have been resolved with this maintenance pack. Similarly, if you install any new HBAs in the future, it would be prudent to follow these instructions to ensure that you are using the latest HBA device driver.
To install these packages, do the following as root:
# /sbin/sdiconfig -lnoting the lines with HBA in them.
# pkgadd -d /install
This will bring up a list of HBA device driver packages you can install.
Once all the drivers you selected are installed, you are prompted again for additional selections or to quit. Continue the process until all desired drivers are installed, and then enter q at the prompt.
Individual device driver packages may have additional prompting; read the prompts carefully. Typically, select the default responses that are offered.
# umount /installand remove the MP CD from the CD drive.
After all desired packages are installed, reboot the system by typing:
# shutdown -i6 -g0 -y
To enable Samba and OpenLDAP to start on boot, run:
# /etc/init.d/samba enable # /etc/init.d/openldap enable
Please note that it is strongly advised that you ensure these services are properly configured before attempting to enable or start them.
If you install a package (e.g., acp) from the UnixWare media kit that has been updated by the maintenance pack on a system with the maintenance pack installed, you will see the following warning message:
The <acp> package was installed after installing the <uw714m4> package. WARNING: The <uw714m4> package contains updates to the above package(s). Please reinstall the <uw714m4> package. Failure to do so may leave your system in an inconsistent state.
This warning message will be displayed after every pkgadd until you reinstall the uw714m4 package. To do this, mount the maintenance pack CD and type the following two commands as root:
# pkgadd -d /mount_point/images/uw714mp4.image uw714m4 # shutdown -i6 -g0 -y
The javasoap package does not install in the ja locale. The work-around is to mount the MP4 CD or ISO image; cd to the mount point; and run either:
# cat images/javasoap.image | LANG=C pkgadd -d- javasoapor:
LANG=C ./install.sh javasoap(ID: 534937)
Htdoc index rebuild failures have been observed after installing 7.l.4mp4 on systems that have previously installed 7.1.4mp3 and the Samba supplement. While the db package released in 7.1.4mp4 fixes index rebuild failures seen with the Samba supplement, the db package version number was not updated. As a result, if the Samba supplement is installed, installation of 7.1.4mp4 will not detect that a new version of db should be installed, and therefore the updated doc files included in that package will not be installed, and the doc indexing problems in the Samba supplement will remain on the system.
To fix these doc index rebuild failures, follow these instructions to install the new db package and rebuild the index:
# install.sh db
# mkdir /usr/lib/docview/db.bak # mv /usr/lib/docview/db/* /usr/lib/docview/db.bak
# /usr/lib/docview/conf/rundig -i
Once you are satisfied with new index files, remove the backups created above:
# rm -rf /usr/lib/docview/db.bak
After installing the updated nd package, you may see the following warning message on every boot:
WARNING: eeE8: eeE8ValidateChecksum: EEPROM checksum validation failed (slot5,port1)
This warning comes from the eeE8 driver version 3.0.2 for the following NIC:
Vendor ID 0x8086 (INTEL)
Device ID 0x1229
Subsystem Vendor ID 0x8086
Subsystem ID 0x9
This message can be safely ignored.
(ID: 530830)
Due to changes in the PC Card subsystem, if you have a Network Interface Card (NIC) configured in your laptop prior to installing this maintenance pack, it may not function after the MP is installed. To enable it, you must run the Network Configuration Manager (scoadmin network or netcfg), remove the NIC, and then add it again.
Before you can configure a PC Card NIC in your laptop, the pcic driver must be configured using the following steps:
Power down the laptop.
Insert your PC Card NIC into a slot.
Power on the system. On Toshiba laptops, enter the system BIOS as the system comes up and ensure that the following parameter is set as shown:
Controller Mode = Cardbus/16-bit
Log in as root.
Run the Device Configuration Utility: 'dcu'.
Select 'Software Device Drivers'.
Select 'Miscellaneous'.
Page down to the 'pcic' driver.
If the pcic driver is already marked by an asterisk (*), then the driver is already configured. Exit the dcu without saving your changes and skip to Step 17.
Otherwise, select the 'pcic' driver using the space bar.
Press F5 (New).
Set the following values:
Unit: 0 IPL: 0 ITYPE: 0 IRQ: 0 IOStart: 0 IOEnd: 0 MemStart: This field is automatically set by the pcic driver. Don't change this setting. MemEnd: This field is automatically set by the pcic driver. Don't change this setting. DMA: -1 BindCPU: Leave this field blank.
Press F10 (Apply and Return).
Press Enter (Return).
Select 'Return to DCU Main Menu'.
Select 'Apply Changes and Exit DCU'.
At the root prompt, enter the following three commands:
# rm /etc/conf/pack.d/pcic/_drv.o # /etc/conf/bin/idbuild -B # init 6
When the system is booting up, you should see a message indicating that the card was detected following the copyright screen. For example:
EG: Intel Pro/100 Cardbus PC Card detected in socket 0
Run the Network Configuration Manager (scoadmin network or netcfg) to configure your NIC.
Exit the Network Configuration Manager and reboot:
init 6
OKP
If you are running the OpenServer Kernel Personality (OKP), you may see error messages like the following after installing the MP:
UX:unixware: ERROR: Unable to change root to /unixware: Invalid argument
This is caused by the default setting of the new CHROOT_SECURITY parameter
(see #8 in ''Problems Fixed in Maintenance Pack 2'',
below).
For OKP to function properly,
you must set CHROOT_SECURITY to "0" and reboot the system.
(ID: 531761)
To configure sendmail and to upgrade your smarter host configuration. see the Sendmail portion of the §7.4: Maintenance Pack 4 Highlights
Delays up to 80 seconds long in sendmail startup have been seen on systems in which a configured NIC was disconnected or otherwise down.
UnixWare 7.l.4 MP4 provides a new Cyrus-Sasl (sasl) package delivering a subset of Cyrus-SASL version 2.1.22. The primary purpose of this package is to enable Sendmail 8.13.8. Very little additional Cyrus-Sasl functionality is provided. For example, the saslauthd daemon is built without PAM support and is not started up on boot.
There are some errors in the sasl packaging. These errors do not affect the system when using a default Sendmail configuration, but may affect some non-default configurations.
The following error message may be reported in syslog:
May 28 07:51:38 server01 sendmail[10320]: error: safesasl(/usr/lib/sasl2/libotp.so.2) failed: Group writable directory
The problem can be fixed by turning off group write permissions for /usr/lib/sasl2, as follows:
# chmod g-w /usr/lib/sasl2
A number of symlinks in /usr/lib/sasl2 are links into / instead of
the current directory.
For example,
/usr/lib/sasl2/libanonymous.so
is a link to /libanonymous.so.2 rather than libanonymous.so.2.
There are five additional instances in which the symlink points to /
rather than the current directory.
(ID: 534947:1)
To fix this problem, append this line:
zoom="1"
to the $HOME/.mplayer/config configuration file.
(ID: 534416:1)
If you are upgrading from earlier versions of the db, openldap, or samba packages, then please note that the earlier libraries remain on your system.
This is to enable applications that dynamically linked with these libraries to continue to function. However, to avoid any security issues with the earlier version's library you may want to remove these old libraries:
db: /usr/lib/libdb-4.1.a /usr/lib/libdb-4.1.so /usr/lib/libdb-4.1.so.0 /usr/lib/libdb-4.1.so.0.0.0 openldap: /usr/lib/liblber.so.2.0.122 /usr/lib/libldap.so.2 /usr/lib/libldap.so.2.0.122 /usr/lib/libldap_r.so.2 /usr/lib/libldap_r.so.2.0.122 samba: /usr/lib/samba/lib/charset/CP437.so /usr/lib/samba/lib/charset/CP850.so /usr/lib/samba/lib/libsmbclient.a /usr/lib/samba/lib/libsmbclient.so /usr/lib/samba/lib/libsmbclient.so.0 /usr/lib/samba/lib/libsmbclient.so.0.1 /usr/lib/samba/lib/vfs/audit.so /usr/lib/samba/lib/vfs/cap.so /usr/lib/samba/lib/vfs/default_quota.so /usr/lib/samba/lib/vfs/expand_msdfs.so /usr/lib/samba/lib/vfs/extd_audit.so /usr/lib/samba/lib/vfs/fake_perms.so /usr/lib/samba/lib/vfs/full_audit.so /usr/lib/samba/lib/vfs/netatalk.so /usr/lib/samba/lib/vfs/readonly.so /usr/lib/samba/lib/vfs/recycle.so /usr/lib/samba/lib/vfs/shadow_copy.so
To remove an old library:
/usr/sbin/removef <package_name> <filename> rm <filename>
After removing all the old libraries for package then enter:
/usr/sbin/removef -f <package_name>
For example
/usr/sbin/removef db /usr/lib/libdb-4.1.a /usr/sbin/removef db /usr/lib/libdb-4.1.so /usr/sbin/removef db /usr/lib/libdb-4.1.so.0 /usr/sbin/removef db /usr/lib/libdb-4.1.so.0.0.0 rm /usr/lib/libdb-4.1.a rm /usr/lib/libdb-4.1.so rm /usr/lib/libdb-4.1.so.0 rm /usr/lib/libdb-4.1.so.0.0.0 /usr/sbin/removef -f db
If you are upgrading perl and/or perlmods from the previous UnixWare version (5.8.3) then please note:
cd /var/sadm/pkg/perlmods/install chmod 744 cleanup.sh ./cleanup.sh > cleanup.sh.out 2>&1 chmod 644 cleanup.sh cd /var/sadm/pkg/perl/install chmod 744 cleanup.sh ./cleanup.sh > cleanup.sh.out 2>&1 chmod 644 cleanup.sh
The openldap package ships with a line in its configuration file /etc/openldap/slapd.conf which references a schema file installed by the samba package. If samba is not installed, then the referenced file isn't present, and the openldap slapd daemon will fail to start, and will instead generate error messages similar to the following in the system log /var/adm/syslog:
Apr 9 17:36:25 stb022 slapd[17854]: could not stat config file "/etc/openldap/schema/samba.schema": No such file or directory (2) Apr 9 17:36:25 stb022 slapd[17854]: slapd destroy: freeing system resources. Apr 9 17:36:25 stb022 slapd[17854]: slapd stopped.
To fix this problem, either:
include /etc/openldap/schema/samba.schema
Installing the new version of the samba package automatically copies the existing Samba configuration (if one exists) from the previous release's /usr/lib/samba/lib/smb.conf and /usr/lib/samba/private/* files. The copied files are under /etc/samba. For your convenience, symlinks for the binaries and the smb.conf file are left in the old /usr/lib/samba locations.
However, if your prior configuration specified any alternate or additional configuration files (e.g., a usermap file), they need to be copied separately.
Also note: If the new Samba version is removed then your current configuration will not be restored to the previous /usr/lib/samba/lib location. When downgrading, administrators are advised to backup all configuration files before removing the new samba package.
Starting with the UnixWare 7.1.4 MP3 Samba Supplement, some of UnixWare's previous conventions were altered. The following changes were made:
/etc/init.d/samba enable
The openldap and samba packages contain extra PAM modules. If you have configured any PAM services to use modules provided by any of these packages, and then uninstall the package(s), any service configured to use the uninstalled module(s) will fail. This will prevent that service from successfully logging in.
If local console logins are affected, pkgrm will abort.
Each package that provides extra PAM modules attempts to detect this scenario. If detected, you are offered the option to abort the package removal. If you do not abort, a warning is displayed at the conclusion of the package removal.
If the above warnings are ignored, and you lose the ability to log in via any remote service, you will need to first locally reboot your system. Then enter the following commands into the bootloader to bring your system up in single-user mode:INITSTATE=s b
Once booted in single-user mode you need to reconfigure your PAM service(s), and remove the offending module(s) from the configuration file(s).
There was a feature added by the Samba team that automatically disables any shares that do not have an explicitly set path. Thus, if you initially define any shares through the SWAT interface, they automatically get an extra "available = no" parameter added to their service definition. Once the share is defined you may remove the "available = no" attribute either manually from the smb.conf file, or via SWAT by toggling the setting under the service definition from the "SHARES" tab. This will then enable your service.
The heimdal package may, at boot, generate error messages on the console and in the system log /var/adm/syslog similar to the following:
Apr 29 18:20:38 stb020 kadmind[18794]: bind: /var/heimdal/kdc.conf:0: cannot open file
This occurs because heimdal ships in an enabled state by default and is starting without a proper configuration. To fix this problem, either:
/etc/init.d/kdc disable
Follow steps 1 to 3 of §2: Installing the Maintenance Pack.
Enter:
# ./mkiso.sh
This will ask you the name of the ISO image file. The default is /uw714mp4.iso.
After entering the ISO path name, a menu screen listing the names of the packages that are part of this maintenance pack is displayed.
By default all packages are selected.
Deselect the packages that you want to exclude from your custom CD. and press "Apply" to continue. Since the menu screen can only display ten packages at a time, pressing "Apply" will show the next list of packages. Pressing "Apply" on the final screen will create the CD ISO image file.
Note: The uw714mp4 package cannot be deselected.
To burn the ISO image file, insert the CD media in your writable CD drive and enter:
# cdrecord -v -dao -speed=16 -fs=10m -dev=device -driveropts=burnfree filename
where device is the SCSI target for the CD drive and filename is the name of your custom ISO image file.
Use cdrecord -scanbus to get device information. Please refer to the cdrecord(1) manual page for details.
You can effectively remove the maintenance pack by restoring from the backup that you created prior to installing the maintenance pack; see note 4, Back Up Your System in §1: Before Installing the Maintenance Pack. Alternatively, if a backup is not available or for any other reason, you can use the following procedure to remove the maintenance pack:
Log in as root.
To remove the Maintenance Pack package:
# pkgrm uw714m4
NOTES:
- Removal of the uw714mp4 set is not recommended. In particular, the device driver and library packages are not removable.
- The IP Filter (ipf) and Open Secure Shell (openssh) packages are functionally dependent on the uw714m4 package. These packages will not work if uw714m4 is removed.
- The uccs package cannot be uninstalled due to inherent dependencies.
To fully restore your system to its prior state, you then need to remove the MP4 CD packages that are not part of the MP4 set. (See the MP4 CD package table above.) However, you may have other packages installed that depend on these MP4 upgraded packages. So you will have to remove the dependent packages before removing some packages installed by MP4. pkgrm informs you of such dependencies when you try to remove a package. To then reinstall your system configuration to match what it was before installing MP4, reinstall the packages from your original UnixWare 7.1.4 media and the media for the most recent prior MP (MP1, MP2, or MP3), if any, that was installed on your system.
As noted in PAM Modules, take extra care when removing packages that include PAM modules as it's possible to end up disabling many (or all) of the ways to log into your system when it's configured to use authentication modules that have just been uninstalled.
After all the packages are removed, reboot the system by typing:
# shutdown -i6 -g0 -y
The following summarizes the major features and improvements in this Maintenance Pack. They are listed in the order in which the features were introduced in this and previous UnixWare 7.1.4 Maintenance Packs.
Also see the §8: Problems Fixed in this Maintenance Pack for the complete list of changes made in this Maintenance Pack.
A new encryption feature has been added to the marry(7) driver. Using the marry(1M) command, an empty regular file is associated with a block special device name, and encryption is enabled on the file. A file system is created on the block special device using the mkfs(1M) command, and the block special device is mounted using the mount(1M) command. Once mounted, all data written to the file is encrypted using the 128 bit Advanced Encryption Standard (also known as 128bit AES and the Rijndael block cipher); all data read from the file is decrypted. A simple example follows:
In the commands below in this procedure, regfile is the full pathname to the regular file that will contain the encrypted file system. Make sure that regfile does not exist; if it does, rename or delete it before continuing. Create regfile and assign appropriate permissions and ownership, as in this example:
# touch regfile # chmod 660 regfile # chown root regfile # chgrp appgrp regfile
In the commands below in this procedure, mountpoint is the full pathname of the directory to be used to mount the file system. Make sure that mountpoint is an empty directory; move or delete any data residing there before continuing. If mountpoint does not exist, create it and assign appropriate permissions and ownership, as in this example:
# mkdir mountpoint # chown root mountpoint # chgrp appgrp mountpoint # chmod 750 mountpoint
Marry a block special device to regfile and enable encryption on the device:
# cryptfs=`marry -a -b blksz -c "passphrase" regfile`
In the example above, the output of the marry command (which can be quite long depending on the path used for regfile) is assigned to the $cryptfs environment variable; this is done only to simplify typing the commands in the next step.
The blksz is the maximum size of the married device, in 512-byte blocks, plus 5 blocks for encryption information. So, if you want a file system with a maximum size of 10000 512-byte blocks, use 10005 for blksz. The passphrase (similar to a password, but longer) is used to generate the keys that encrypt and decrypt the contents of regfile. See the marry(1M) manual page for a full explanation of passphrase.
Make and mount the file system:
# mkfs -F vxfs $cryptfs blksz-5 # mount $cryptfs mountpoint
Note that $cryptfs is the output of the marry command from the previous step. Also note that the block size used in the mkfs command must be 5 blocks less than the blksz used in the previous marry command.
Please note that an encrypted file system requires more system overhead than a regular file system; this can have a significant effect on performance, depending on the intended use of the encrypted file system. See the marry(1M) and marry(7) manual pages for more information, including the limitations of this interface.
The Perl module mod_jk1 is used to connect an Apache Web Server to a Tomcat Java Application Server, to provide Web access to Java Applications. Apache and Tomcat are part of the SCOx Web Enabling and Web Services Substrate software, distributed as part of Release 7.1.4. Information on configuring mod_jk1 can be found on the Apache Jakarta Project server at: http://jakarta.apache.org/tomcat/connectors-doc/jk2/jk/quickhowto.html. Tomcat documentation can be found on the Tomcat website at http://jakarta.apache.org/tomcat, and Apache documentation is available from the default Apache server running on UnixWare on port 80 (http://localhost:80).
The Pluggable Authentication Modules (PAM) feature allows an administrator to manage the authentication policy used by all applications that support PAM without making any changes to those applications. PAM is implemented through:
Please see the PAM documentation for more information.
The samba package provides an update to the Samba 3.0 distributed with Release 7.1.4. This version is enabled for the Pluggable Authentication Modules (PAM) feature, the Name Service Switch (NSS) feature, and also supports the use of multibyte characters for Asian locales. If you install and enable PAM, you must also install the PAM-enabled Samba 3.0 package, since the version of Samba distributed with Release 7.1.4 (and other previous versions) will no longer work once PAM is enabled.
IP Filter 4.1.3 is an advanced open source filtering package which provides both firewall and network address translation (NAT) services. It is the most common filtering package supported across different implementations of the UNIX System. Documentation for IP Filtering is provided on the UnixWare 7.1.4 Documentation Web Site at http://uw714doc.sco.com/en/NET_tcp/ipfintro.html.
The lsof command version 4.73 lists information about currently open files. Executing lsof as root with no options displays a line describing each file that has been opened by every currently running process; this list can be large. lsof supports the following options:
lsof [-?abChlnNoOPRstUvV] [+|-c c] [+|-d s] [+|-D D] [+|-f[cfgGn]] [-F [f]] [-g [s]] [-i [i]] [-k k] [+|-L [l]] [-m m] [+|-M] [-o [o]] [-p s] [+|-r [t]] [-S [t]] [-T [t]] [-u s] [+|-w] [-x [fl]] [--] [names] Defaults in parentheses; comma-separate set (s) items; dash-separate ranges. -?|-h list help -a AND selections (OR) -b avoid kernel blocks -c c cmd c, /c/[bix] +c w COMMAND width (9) -C no kernel name cache +d s dir s files -d s select by FD set +D D dir D tree *SLOW?* -D D ?|i|b|r|u[path] -i select IPv[46] files -l list UID numbers -n no host names -N select NFS files -o list file offset -O avoid overhead *RISK -P no port names -R list paRent PID -s list file size -t terse listing -T disable TCP/TPI info -U select Unix socket -v list version info -V verbose search +|-w Warnings (+) -- end option scan +f|-f +filesystem or -file names +|-f[cfgGn] Ct,Fstr,flaGs,Node -F [f] select fields; -F? for help -k k kernel symbols (/stand/unix) +|-L [l] list (+) suppress (-) link counts < l (0 = all; default = 0) -m m kernel memory (/dev/kmem) +|-M portMap registration (-) -o o o 0t offset digits (8) -p s select by PID set -S [t] t second stat timeout (15) -T fqs TCP/TPI Fl,Q,St (s) info -g [s] select by process group ID set and print process group IDs -i i select by IPv[46] address: [46][proto][@host|addr][:svc_list|port_list] +|-r [t] repeat every t seconds (15); + until no files, - forever -u s exclude(^)|select login|UID set s -x [fl] cross over +d|+D File systems or symbolic Links names select named files or files on named file systems
For the current lsof manual page, please see: ftp://lsof.itap.purdue.edu/pub/tools/unix/lsof/lsof_man. A FAQ is available at: ftp://lsof.itap.purdue.edu/pub/tools/unix/lsof/FAQ.
Laptop PC Card support has been updated to include CardBus Card support. The following NIC drivers have been updated to include PC Card support: d21x, e3E and nat.
The following new adapters are now supported, including CardBus NICs and selected PRISM II Wireless PC Card NICs:
3Com EtherLink III 3C589C 0101058906 3Com EtherLink III 3C589D 0101058906 3Com 10Mbps LAN PC Card 3CCE589EC 3Com 10Mbps LAN PC Card 3CXE589DT 3Com 10Mbps LAN PC Card 3CCE589ET 3Com 10/100 LAN PC Card 3C3FE574BT Intel PRO/100 CardBus II MBLA3300 Intel PRO/100 S Mobile Adapter MBLA3300 C3 Intel PRO/100 CardBus II MBLA3400 Linksys Combo PCMCIA EthernetCard EC2T Linksys EtherFast 10/100 PC Card PCMPC100 Linksys EtherFast 10/100 CardBus Card PCMPC200 Linksys Wireless-B Notebook Adapter (802.11b) Netgear 10/100 PCMCIA FA410 Netgear 10/100 PCMCIA Mobile Adapter FA411 Netgear 10/100 CardBus FA510 Netgear 802.11b Wireless PC Card MA401 Socket Communications EA Socket Communications LP-E
Also see Maintenance Pack Notes and Limitations, below, if you are installing the Maintenance Pack on a laptop that already has a PC Card or CardBus NIC installed.
Support for the ATI Radeon ES1000/RN50 video card has been added to the xdrivers-8.0.2b package.
Please see the description of the updated printer drivers, updated network drivers, and the updated X Drivers provided with Maintenance Pack 2, in Problems Fixed in Maintenance Pack 2 below.
Please see the package table in §1: Before Installing the Maintenance Pack for a list of the updated and new open source packages provide in MP4.
Multiple core processors have two or more processor cores in each physical package, continuing the trend started with hyperthreading, but offering enhanced parallelism and improved performance due to additional processor cores.
Multiple processor cores are automatically detected and utilized if they are available. However, hyperthreaded processors are not utilized unless the administrator specifically requests their use. No additional CPU licenses are required to use either multiple processor cores or hyperthreaded processors.
The use of multiple processor cores can be disabled with the boot parameter "MULTICORE=N" entered at the boot prompt or added to the "/stand/boot" file. Having multiple core support enabled has no effect on systems that do not have multiple core processors. If the use of multiple processor cores is explicitly disabled with the "MULTICORE=N" boot parameter, then the use of hyperthreaded processors is also disabled.
Hyperthreaded processor support is still disabled by default. Support for hyperthreaded processors can be enabled with any of the following boot parameters:
ENABLE_HT=Y HYPERTHREAD=Y ENABLE_JT=Y
The Intel Centrino Wireless driver (ipw) has been added, and supports the Intel PRO/Wireless 2200BG built-in laptop network card.
A new PAM module (pam_ldap) has been added that allows authentication via PAM against an LDAP Server. OpenLDAP includes two new files: /usr/lib/security/pam_ldap.so and /usr/lib/nss/ldap.so. These two files together can be used to provide authentication against an OpenLDAP server. For an explanation of using LDAP and PAM, please see http://www.tldp.org/HOWTO/LDAP-Implementation-HOWTO/pamnss.html.
Please see the Drivers section for Maintenance Pack 3 in Problems Fixed in Maintenance Pack 3 below.
Please see the package table in §1: Before Installing the Maintenance Pack for a list of the updated and new open source packages provide in MP4.
Changes have been made to the kernel and libraries that support running binaries that were created using the SCO OpenServer 6 Development System in "-K udk" mode.
UnixWare 7.1.4 MP4 adds an Accelerated Graphics Port (AGP) driver for faster access to the graphics controller. It uses a Graphics Address Remapping Table (GART) to map discontiguous host memory into a physically contiguous view for DMA transfer to video memory. It is primarily used for running the X11 server on the Intel i81x and AMD 7x1 class of controllers.
UnixWare 7.1.4 MP4 includes an upgrade to bind version 9.4.2. Among other features and fixes, this includes the security fix (CVE-2007-2930, VU#927905) related to weak DNS query IDs, which could allow remote attackers to poison the DNS caches.
CUPS provides an alternative printing subsystem (and server) for UnixWare 7.1.4, using Internet Printing Protocol ("IPP") as the basis for managing print jobs and queues, and adding network printer browsing and PostScript Printer Description ("PPD") based printing options.
UnixWare 7.1.4 Maintenance Pack 4 includes CUPS version 1.3.3. Among the CUPS features added in this update are the following:
@LOCAL
).
For a full list of updated features please see the documentation available at or below http://www.cups.org/documentation.php.
The timezone rules were updated to reflect all known changes through the end of March 2008, which includes the recent changes to Australia's and New Zealand's rules.
Updated aacraid, adp94xx, ahci, ide, mega, megasas, and mpt device drivers are included on the UnixWare 7.1.4 MP4 CD. These are the same updated device drivers that are also provided on the OpenServer 6.0.0 MP3 CD.
The HBA Packages section of the table under §1: Before Installing the Maintenance Pack lists the version numbers of the HBA drivers.
To upgrade any of the above device drivers on your already installed UnixWare 7.1.4 or OpenServer 6.0.0 system, mount the UnixWare 7.1.4 MP4 CD and run
README files for the MP4 device driver can be found on the MP4 CD in the /info/drivers directory.
Following Sun's recent announcement of a synchronized release of the Java 2 Standard Editions on all supported versions of J2SE to address numerous reported security issues, SCO is releasing the same updates for the following J2SE versions supported on UnixWare 7.1.4:
For a complete list of security issues resolved in each J2SE version, check the Release Notes for that version in the:
info/java
directory of the MP4 CD or uw714mp4.iso,
once mounted
/opt/java2-1.x.x
These J2SE updates are the same J2SE updates recently posted on the SCO support web-site. If you have previously downloaded and installed any of these J2SE updates, the MP4 installation process will not select those packages for reinstallation.
Multiple major versions of J2SE can co-exist on your SCO UNIX platform.
The installation is to a version specific directory in /opt
.
J2SE 1.3.1 ==>Updates to each major version of J2SE install in the same base directory./opt/java2-1.3.1
J2SE 1.4.2 ==>/opt/java2-1.4.2
J2SE 5.0 ==>/opt/java2-1.5.0
Prior to the synchronized release of J2SE 1.3.1_22, 1.4.2_17 and 5.0 update 15,
the installation of the JRE piece for each of these major point releases
would automatically symbolicly link /usr/java
and
/usr/java2
to point to the "newly" installed JRE
directory.
Starting with these synchronized J2SE releases,
the symbolic links will only be updated if the JRE being installed
is a later J2SE version than the current symbolic links.
For example, if prior to installation of J2SE 1.4.2_17, the symbolic links were:
Following the installation of J2SE 1.4.2_17, the links would be:/usr/java
==>/opt/java2-1.3.1
/usr/java2
==>/opt/java2-1.5.0
/usr/java
==>/opt/java2-1.4.2
/usr/java2
==>/opt/java2-1.5.0
Removal of the J2SE 1.4.7_17 will attempt to restore the pre-installation links,
if and only if an executable /opt/java2-1.3.1/bin/java
still exists on the system.
System administrators can and should readjust these symbolic links as needed by their specific system and software requirements.
Other software released by SCO for your SCO UNIX platform, as well as third party applications that use Java, may require a specifc J2SE major version. That software may either reference the J2SE of interest through:
JAVA_HOME
that points to /usr/java
or directly to the installation directory /opt/java2-1.x.x
/usr/java/bin/command
or /opt/java2-1.x.x/bin/command
Caution: Before removing earlier/other major versions of J2SE on your system, be certain that other installed software does not require that version. For example, the Apache-Tomcat product released on UnixWare 7.1.4 and OpenServer 6.0.0 have been configured, tested and certified with J2SE 1.4.2. Removal of that JRE will result in Tomcat failing to start.
MP4 updates the Network Driver Package (nd) to version 8.0.6f. A README file for the package is on the MP CD in the /info/drivers directory. This file provides more information about the nd package, including the list of supported network cards, as well as what is new in this package from the previous version.
PostgreSQL 8.2.6 is included on the UnixWare 7.1.4 MP4 CD. This release of the PostgreSQL Database Server includes many performance and security enhancements. A complete list of changes can be found at http://www.postgresql.org/docs/8.2/static/release-8.2.html .
Systems running a prior release of PostgreSQL are encouraged to upgrade to take advantage of these features. However, due to internal database format changes made by the PostgreSQL developers to provide these features, a dump of any existing databases you wish to preserved must be performed prior to installing this upgrade. Details on this process are provided here in these release notes.
SCO provided the UnixWare 7.1.4 MP3 Samba Supplement after UnixWare 7.1.4 MP3 shipped . The Samba supplement provided a collection of UnixWare packages to enable a greatly enhanced and more robust Samba environment than previously offered in any SCO product. This functionality is provided by MP4 if you install the packages that make up the Samba Supplement. In particular, select the samba and perlmods packages when running install.sh. install.sh will notify you if you need to install any other prerequisite packages.
In addition to the enhanced Samba functionality provided by the UnixWare 7.1.4 Maintenance Pack 3 Samba Supplement, Cups support is integrated with Samba in MP4.
Samba is a standardized technology used to support Microsoft file and print sharing on UnixWare and many other platforms. In addition to enabling Windows/UNIX(R) resource sharing, Samba provides consistent user administration and administration throughout your networked environment, making use of PAM and NSS as appropriate.
For more information about Samba capabilities, configuration options, and general usage, please review the following materials from the Samba Team:
Additionally, the /info/samba directory of the MP4 CD provides the following procedures for configuring your UnixWare Samba server:
Complete example configuration files for each HOWTO are included in their respective directories.
UnixWare 7.1.4 MP4 includes Sendmail 8, version 8.13.8. The sendmail mail transfer agent (MTA) handles the transport of messages to and from your system and supports local, networked (SMTP), and dial-out (UUCP) mail delivery.
This server also supports multi-homing, which means that it can function as a mail gateway to other servers on the network.
During the sendmail upgrade, any "smarter host" setting currently configured for sendmail will be preserved and included in the new configuration, but any additional nondefault configuration settings (generally rare) will need to be redone by hand using /etc/mail/manage_sendmail.
The old /etc/sendmail.cf configuration file is renamed /etc/sendmail.cf.save and can be checked for previous settings. An /etc/sendmail.cf symlink points to the new /etc/mail/sendmail.cf configuration file used by the updated sendmail. If you had made sendmail configuration setting changes (other than "smarter host") through "scoadmin mail", you should note these settings before updating to the new sendmail. Once updated, "scoadmin mail" invokes /etc/mail/manage_sendmail, not the old interface.
Administrators who used (or plan to use) more advanced sendmail configuration options should read the documentation available under http://www.sendmail.org/doc.
UnixWare 7.1.4 MP4 provides a new product, Apache Tomcat mod_jk Module (mod_jk). This replaces the mod_jk2 functionality that was previously part of the Apache Tomcat Servlet Container (tomcat) product. The prior mod_jk2 implementation is deprecated and interferes with other Java web server applications such as the SCO Mobility Server.
UnixWare 7.1.4 MP4 provides updated UDI and USB subsystems. This includes the enhancements provided by the earlier UnixWare 7.1.4 MP3 USB Supplement (original release) plus the additional bug fixes provided by version A of the UnixWare 7.1.4 MP3 USB Supplement.
The UnixWare 7.1.4 MP3 USB Supplement provided an enhanced USB driver that added support for both USB modems and serial adapters. The device driver adds support for USB modems that conform to the CDC/ACM specification. Written to the Uniform Driver Interface (UDI) specification, the new driver includes a number of fixes that improve performance and device support.
Among the USB devices supported by that supplement and MP4 are:
(*) Zoom has intermittent start-up failures due to firmware problems.
(**) If a vendor changed the product ID in PL-2303 and FT8U232 then the device may not work with this release.
UnixWare 7.1.4 MP4 also provides these additional bug fixes that were not in the original UnixWare 7.1.4 Maintenance Pack 3 USB supplement but were in the updated version A of that supplement:
Notes on USB Serial and Modem Device Names follow:
After installing MP4, once your system is rebooted any supported USB Serial and USB Modem devices connected to the system will be automatically recognized and device nodes for these devices will be created. You can use the command
usbprobeto verify that your USB Serial Adapter/Modem has been detected by UnixWare 7.1.4.
To list the serial ports of the USB devices that are recognized by your system run the command:
This will return output similar to:
crw-rw-rw- 1 root root 295,108 Oct 24 10:05 /dev/usb_ser0A crw-rw-rw- 1 root root 295,107 Oct 24 10:05 /dev/usb_ser0a crw-rw-rw- 1 root root 295,106 Oct 24 10:05 /dev/usb_ser0h crw-rw-rw- 1 root root 295,105 Oct 24 10:05 /dev/usb_ser0s /dev/usb_ser: total 0 crw-rw-rw- 1 root root 295,108 Oct 24 10:05 tty.03001-3.A crw-rw-rw- 1 root root 295,107 Oct 24 10:05 tty.03001-3.a crw-rw-rw- 1 root root 295,106 Oct 24 10:05 tty.03001-3.h crw-rw-rw- 1 root root 295,105 Oct 24 10:05 tty.03001-3.s
where
/dev/usb_ser/tty.03001.3.A /dev/usb_ser/tty.03001.3.a /dev/usb_ser/tty.03001.3.h /dev/usb_ser/tty.03001.3.s
are USB Serial Device names for the serial ports where the first five digit number is the location of the host controller interface (HCI) to which the serial port/modem is connected. It's five digits represent the PCI bus number (two digits), the PCI device number (two digits), and the PCI function number (the final digit). For example:
/dev/usb_ser/tty.03001.3.A
The above device name indicates that the HCI is located at PCI bus number 03, PCI device 00, PCI function 1. Note that this number is completely determined by the hardware vendor's PCI configuration.
The remainder of the device name after the second period is a sequence of from one to six decimal numbers, each of which can be from one to three digits. The final number, which is required, indicates the port number on the device to which the serial port/modem is physically connected. Up to five hubs can be connected between the serial port/modem and the PC USB port, and the ports to which these devices are connected are indicated by the five optional three digit numbers in the device name, separated by periods.
In the example above, the serial port is connected to PC USB Port 3.
A device name like /dev/usb_ser/tty.00072.1.4.2 indicates the following device configuration:
PC USB Port 1 --- | Hub#1 Port 1 PC USB Port 2 | Hub#1 Port 2 | Hub#1 Port 3 | Hub#1 Port 4 --- | Hub#2 Port 1 ... | Hub#2 Port 2 --- USB Serial Port
Configuring USB Modem Devices: The SCOadmin Serial Manager and SCOadmin Modem Manager do not currently support the configuration of USB Serial and Modem devices. You can however manually configure your USB Modem as follows:
scoadmin modemand choose:
Modem -> Add -> Manual Configuration...
Host -> Exitto exit from the SCOadmin Modem Manager.
Direct term/00m,M - .... ACU term/00m,M - .....to:
Direct usb_ser0A,M - ..... ACU usb_ser0A,M - ......
For example if the original lines read:
Direct term/00m,M - 57600 direct ACU term/00m,M - 57600 MultiTech_MT5634MUreplace them with:
Direct usb_ser0A,M - 57600 direct ACU usb_ser0A,M - 57600 MultiTech_MT5634MU
usb_ser0A:u::reserved:reserved:login:/dev/usb_ser0A:bohr:0:auto:60:auto:ldterm,ttcompat:login\::::::#to the file /etc/saf/ttymon1_pmtab.
pmadm -e -p ttymon1 -s usb_ser0AFor testing purposes you may want to disable the login using:
pmadm -d -p ttymon1 -s usb_ser0A
cu -l usb_ser0AIf successful you will see the message
Connectedand the modem should respond to "at" commands.
~.and this will return you to the Unix shell prompt.
This release includes version 0.9.2 of smbldap-tools. This set of Perl based utilities allows Samba to manipulate an LDAP database on the fly. This functionality is necessary for adding domain users, machine accounts, and performing other such administrative tasks. Please refer to the PDC HOWTO file in the /info/samba/PDC directory of the MP CD or the examples in the /etc/smbldap-tools/examples directory (of an installed MP4 system) for proper usage.
The UnixWare 7.1.4 Maintenance Pack 4 CD includes the mplayer package that was previously provided in the UnixWare 7.1.4 MPlayer Supplement. This package provides MPlayer, a movie and animation player that supports a wide range of codecs and file formats including AVI, MPEG, QuickTime, FLC/FLI, and WMV.
NOTE: This version does not support the playing of DVDs.
MPlayer uses the OSS sound APIs. To enable sound support, install the 4Front oss package which is available from http://www.sco.com/support/update/download/release.php?rid=284.
Additional information on MPlayer can be found in the documentation included in the mplayer package and at http://www.mplayerhq.hu/design7/info.html.
The UnixWare 7.1.4 Maintenance Pack 1 set (uw714mp1) contains the following fixes. These fixes are also included in UnixWare 7.1.4 Maintenance Pack 4 set (uw714mp4). o uw714m1 package fixes: Feature and usability enhancements: 1. The following UnixWare 7.1.4 functionality is now provided: o Pluggable authentication modules (PAM) support o Encrypted file system support These features are described in the online documentation that is provided with the uw7mpdoc package that accompanies this maintenance pack. See the "New Features and Notes" section of the online documentation. fz528611 fz529097 2. Intel microcode updates. erg712621/ptf9050/fz529619 3. kcrash macros updates. fz529663 4. Additional source files for DBA usage with MySQL provided with the SCOx enablement package. Modified Makefile, eelsdba_mysql.c, initdb.mysql and README are provided for use with latest MySQL package. fz529851 5. Enabled large file support in compress. fz529876 Security improvements: 6. SECURITY: Some files and directories were created incorrectly allowing write permission to arbitrary users. Some system daemons were running with a file creation mask (umask) set to 0. fz528862 7. SECURITY: Security vulnerability issues in TCP are fixed according to this IETF draft: http://www.ietf.org/internet-drafts/draft-ietf-tcpm-tcpsecure-00.txt erg712598/fz529384 8. SECURITY: Two new inconfig tunables have been introduced to address the TCP Rose Attack: o ip_maxfragpackets: This is the maximum number of fragmented packets that IP will accept. The default is 800. o ip_maxfragsperpacket: This is the maximum number of fragments per packet that IP will accept. The default is 16. erg712605/fz529414 SCOSA-2005.14 Reliability improvements: 9. Fixed kernel panic on errant umem_free() in [g|s]etgroups_sco. fz528775 10. Fixed a memory corruption bug caused by not stopping netbios when the system was brought to init state 1. ptf9050b/fz529565 11. Fixed process hangs due to race between exiting children and SIGCLD processing in the parent. erg712596/fz529361 Networking improvements: 12. Changed use of types u_[short,int,long] to u[short,int,long]_t in <netinet/tcp.h> since the former are not always defined. fz529581 13. The SHUT_RD, SHUT_WR, and SHUT_RDRW macros in <sys/socket.h> are defined only when at least one XOPEN-ish feature test macro is defined. This is counter to our "everything visible by default" model for headers. The TOG SUS says that SHUT_* macros can be defined in general, so there's no reason not to define these with no conditional inclusion coverage. fz529698 14. Under some circumstances, ppp could go into an infinite loop of read calls in the libnsl ics_read_data() routine. erg712620/fz529611 Installation tools improvements: 15. By the time pkgadd executes the preinstall script of a package, it has already updated the contents file with the information from the package's pkgmap file. Hence if the preinstall script is terminated for some reason, the contents file is left in a bad state - the files are not installed on the system but they are present in the contents file. This has been fixed so that the contents file is not updated until the files are installed. fz519105 16. Fixed a problem where pkginstall, pkgremove and installf can destroy the software contents file if it is already locked by another process. fz198541 Licensing improvements: 17. The license policy daemon ignores custom licenses from earlier releases. For example, if your system license had previously included extra users, not separately licensed but included in your original, those users would be ignored. This has been fixed. ptf9050a/fz529560 o Runtime C Library (libc) version 8.0.2a fixes: 18. Bad parsing of some special strings in string-to-floating code. fz529765 o Runtime Thread Library (libthread) version 8.0.2a fixes: 19. Oracle may hang while starting by going into an infinite loop in libthread's thr_keycreate(). erg712658/fz529884 Additional bug fixes and enhancements were provided with the supplemental packages that were distributed with UnixWare 7.1.4 Maintenance Pack 1. These fixes are also included in the supplemental packages provided with UnixWare 7.1.4 Maintenance Pack 4. o Documentation: 1. The Updated Base System Guides (uw7mpdoc) package, version 7.1.4a, provides documentation for the PAM, encrypted file system, modjk1, and Samba features delivered with uw714mp1 and its supplemental packages. o PAM: 2. The following supplemental packages have been updated to enable support for PAM. They can only be installed if the pam package (contained in uw714mp4 set) is installed: cups - Common Unix Printing System, version 1.1.19-02 openssh - Open Secure Shell, version 3.8.1p1 samba - SMB based file/printer sharing, version 3.0.4 xcontrib - X11R6 Contributed X Clients, version 8.0.2a o The Foomatic Filters and PPDs (foomatic) package, version 3.0.0-02, and the HP Inkjet Printer Driver (hpijs) package, version 1.5-01, contain this fix: 3. Fixed obscure corruption of a few data files. fz529615 o The Netdriver Infrastructure and Configuration Subsystem (nics) package, version 8.0.2a, contains this fix: 4. A time delay of 1 sec in dlpiclose() was causing some applications, e.g. getmany (accessing mib-2 table) to consume large amounts of CPU time. This time delay ensured that all in-transit packets were processed before closing the SAP. This delay is removed and the code reworked to use message based synchronization during closedown. dlpiclose() now constructs a M_CTL packet containing a message of type dl_ctlmsg_t. This message contains DLPI primitive set as DL_CLOSESAP and a pointer to the SAP structure. This message is queued at the DLPI lower read queue so that dlpilrsrv will handle it. It then goes to sleep. When dlpilrsrv receives this message, it is assured that all messages before it have been sent upstream, i.e., there are no in-transit packets. dlpilrsrv signals dlpiclose to close the SAP. erg712282/fz526486 o The Open Secure Shell (openssh) package, version 3.8.1p1, contains these fixes: 5. OpenSSH has been updated from version 3.7.1p2 to 3.8.1p1 and support for PAM has been enabled. Please see the openssh website for the list of changes. http://www.openssh.com/ fz528611 6. SECURITY: OpenSSH only gives significance to the first 8 characters of a password. erg712648/fz529827 SCOSA-2005.19 o The OpenSSL - Secure Sockets Layer / TLS Cryptography Toolkit (openssl) package, version 0.9.7d, contains this fix: 7. SECURITY: OpenSSL has been updated from version 0.9.7c to 0.9.7d to fix several security issues with the earlier version. Please see the openssl website for the list of changes. http://www.openssl.org/ erg712602/fz529411 SCOS-2005.7 o The OpenSSL Documentation (openssld) package, version 0.9.7d, provides the updated documentation for the openssl package version 0.9.7d. o The SMB based file/printer sharing (samba) package, version 3.0.4, contains these fixes: 8. Samba has been updated from version 3.0.0 to 3.0.4 to enable PAM and to provide multibyte support. Please see the samba website for the list of changes. http://www.samba.org/samba/ fz529665 9. Swat server status page shows smbd "not running" even when it is. fz528969 o The OUDK Optimizing C Compilation System (uccs) package, version 8.0.2a, contains these fixes: 10. With the introduction of NSS, SCO has changed some existing APIs and added some new APIs to support NSS. Customers building binaries that use these APIs will find that their compile will fail with undefined symbol references similar to the following: Undefined first referenced symbol in file getspnam_r libperl.so getpwent_r libperl.so getgrent_r libperl.so Note: This problem is only seen in systems upgraded from earlier UnixWare releases to UnixWare 7.1.4. 11. C compiler bug fixed. In -Xt mode, the compiler may incorrectly attempt to combine two typedef's that are not numeric types. erg712635/fz529721 12. Make command bug fixed. $(XD:str=rep) broken, where X is any of the @*<%? special characters. erg712665/fz529930 o The X11R6 X Server (xserver) package, version 8.0.2a, contains this fix: 13. SECURITY: Some files and directories were created incorrectly allowing write permission to arbitrary users. Some system daemons were running with a file creation mask (umask) set to 0. fz528862 o The Additional Modules for Perl (modjk1) package, version 2.0.4, contains this fix: 14. Provides the modjk connector for Apache 1 and Tomcat. Apache 2 users do not need this package. Notes: o This package is not installed by default. o This package will not conflict with modjk for Apache 2 & Tomcat as the library is installed in a different location. fz529629
The UnixWare 7.1.4 Maintenance Pack 2 set (uw714mp2) contains the following fixes. These fixes are also included in UnixWare 7.1.4 Maintenance Pack 4 set (uw714mp4). o uw714m2 package fixes: Feature and usability enhancements: 1. Updated Laptop PC Card support to include CardBus support. fz529602 2. Updated /sbin/p6update to support new Intel Prescott and Nacona processors. Includes additional microcode updates. fz530177 3. Enhanced /etc/hw command to decode Pentium 4 cache size information and system memory sizes in excess of 4Gb. fz525623 fz528909 4. Added lsof command version 4.73. Lsof is a UNIX-specific tool. Its name stands for LiSt Open Files, and it does just that. It lists information about files that are open by the processes running on a UNIX system. The lsof provided is compiled with the following flags: -DINKERNEL -Kthread -Kalloca -O2 See the complete copyright notice at the end of this file. fz530110 5. Increased the number of users from 1 to 2 for the default Business Edition license. fz530379 6. Added the Japanese Gaigi character definitions to Japanese locales. erg712726/fz530392 7. For X11R6 applications, allow the NumLock key to be used with Motif accelerator and mnemonic keys for pulldown menus. To enable this feature, set the environment variable "XMNUMLOCK=ALL" for the process. erg712703/fz530229 Security improvements: 8. SECURITY: A new file system tunable, CHROOT_SECURITY is provided to protect against a known exploit for escaping from a chroot prison. The new tunable is described in /etc/conf/dtune.d/fs and defined in /etc/conf/mtune.d/fs. Protection is provided by the default value of 1 but traditional behavior may be obtained by setting CHROOT_SECURITY to 0, and rebooting the system. erg712509/fz528555 SCOSA-2005.2 9. SECURITY: ICMP error messages are discarded for TCP connections if TCP sequence number in ICMP payroll is not in the range of the data already send but not yet acknowledged. erg712758/fz530661 10. SECURITY: Fixed the Common Desktop Environment dtlogin XDMCP Parser Remote Double Free vulnerability. erg712592/fz529303 SCOSA-2005.18 11. SECURITY: Fixed the following Denial of Service vulnerability. When the NFS mountd service is run by inetd and an NFS mount related request is received from a remote (or local) host, inetd will repeatedly create the mountd process and as a result increasingly consume memory. This problem also exists for the following inetd services: ypupdated, rusersd, sprayd, and walld. To fix this, the mountd service is updated from a "dgram" service to a "tli" service. The socket_type (in /etc/inet.d/inetd.conf) is also changed from "dgram" to "tli" for the following inetd services: mountd, ypupdated, rusersd, sprayd, and walld. erg712731/fz530479 SCOSA-2005.1 12. SECURITY: An upgrade to the KAME implementation of internet key exchange (IKE) daemon implementation which includes several security fixes. erg712650/fz529836 SCOSA-2005.10 Reliability improvements: 13. Fixed kernel panic caused by Merge trying to save FPU state when FPU hasn't been used. fz529860 14. Fixed various bugs in fork that in turn could lead to kernel panics in priocntl. The fixes had to do with ensuring that per-lwp properties were inherited consistently across a fork. fz529463 15. Fixed kernel panic that can sometimes occur due to race condition between fdetach of a named pipe and the last close on the pipe's file descriptors. erg711929/fz519727 16. Fixed kernel panic and kernel memory corruptions caused by an erroneous pointer left in a STREAMS lower multiplexor queue structure during execution of an I_LINK or I_PLINK ioctl. erg712470/fz528449 17. Fixed deadlock that can occur if an NMI occurs on one CPU at the same time that another CPU takes a clock interrupt and attempts to recalibrate the clock. erg712722/fz530382 Networking improvements: 18. Fixed bugs in the scoadmin dhcp and address allocation managers that cause tcl failures and hangs. fz526860 fz528398 fz528404 fz528650 fz529146 fz529522 19. For /dev/tcp, /dev/udp and other related device nodes, permission is given to root to change access and modification times, and to change mode, uid and gid if they are different from the current ones. erg712672/fz528399 20. Fixed IP packet filtering. erg712619/fz529605 21. Fixed race between tcp input processing and tcp close processing. erg712585/fz529161 22. The netstat -I <interface> <interval> command displays output incorrectly, if the machine gets a lot of packets in a particular interval. erg712663/fz529916 23. System gets many "Out of stream" messages in osmlog and kernel panics afterwards. erg712707/fz530251 24. SNMP time ticks are being interpreted as signed 32-bit integers instead of unsigned 32-bit integers erg712732/fz530366 25. An errant assumption about the maximum size of tcp/ip header including the MAC header and the STREAM headers would not exceed 256 bytes caused the system to write past the allocated space. The allocation optimization now properly accounts for the MAC header if it does not exceed the 256 byte KMA pool size. fz530654 26. There was a namespace conflict within the definition of inet_ntoa. The kernel version is renamed to inet_ntoa_r. This helps to ease porting of open source applications to UnixWare. fz529706 27. Changes to ip_var.h to allow porting of open source applications without requiring the inclusion of some UnixWare-specific headers. fz529708 28. Moved _tcpconn and tcp_dbg_hdr data structures and associated defines from tcp.h to tcp_var.h to allow porting of open source applications without requiring the inclusion of some UnixWare-specific headers. fz530909 USB improvements: 29. Certain USB keyboards exhibit a jitter that is usually seen as the repetition of a previous character. erg712294/fz527741 30. Fixed a potential problem with newer EHCI USB controllers that are controlled by the system BIOS. The visible symptom is that devices attached to the EHCI ports of certain systems won't work. fz530306 31. Low and full speed USB devices attached directly (i.e. not via a USB 2.0 hub) to an EHCI controller will get a message logged to the console 'Device reset timeout during enumeration!' when they are discovered. The message is benign; the devices work as expected. This fix eliminates the cause of the distracting message. fz530377 32. Fixed bug in UDI bridge mapper that caused shared PCI interrupts to remain un-acknowledged during USB host controller initialization leading to system hangs. erg712677/fz530090 erg712699/fz530174 33. Attempting to autoconfigure a USB mouse via the mouseadmin command did not work properly, and the mouse test would always fail. This problem would only be encountered by those adding or switching to a USB mouse, post ISL, and attempting to autoconfigure it through mouseadmin. fz530587 Motif library and X improvements:: 34. Fixed a bug where the change of background of the Motif Scale widget with XtSetValues has no effect if the widget was not realized yet. erg712682/fz530146 35. Fixed the XmATTACH_OPPOSITE_FORM attachment in the children of a Form widget using the incorrect sign of the value, which causes the form to resize itself to become smaller and smaller. erg712697/fz530166 36. Fixed the display of the Japanese messages in programs based on the Athena widgets. Note: Portions of this fix are contained in the xserver, xclients, and xcontrib packages. These packages must be installed or the commands will stop working in Japanese! erg712661/fz529890 Misc improvements: 37. Changes to acpi and mps drivers to recognize pci devices that were previously not found. Includes an upgrade to the latest version of the acpi driver. fz530205 erg712706/fz530250 38. Online and offline of processors may work incorrectly on systems where the processors report more than one logical processor per physical package when hyperthreading is disabled in the system BIOS. fz530165 39. Fixed problems caused by the Intel ICH3-S chipset occasionally returning bad real-time clock values. Symptom was that some platforms may hang on boot with warning messages from psm_time_spin_adjust. erg712593/fz529317 40. Various "off by one" errors fixed in the interval timer code. erg712667/fz529962 41. Disksetup's default blocksize does not work with large VxFS file systems. erg712615/fz529483 42. Fixed the reserve bitmap buffer setup to wrong channel/snode during VxFS snapshot creation, which caused snapshots to be disabled due to read i/o failures on good drives. erg712644/fz529774 43. init failing to change runlevels. There was a race condition in the waitproc function in the init code that has been fixed. erg712313/fz527890 44. System hangs on boot - idmknodd last process run. There was a race condition in the waitproc function in the init code that has been fixed. erg712607/fz529426 45. Fields incorrectly labeled in rtpm utility in Japanese locale. fz530091 46. The auditrpt -f <filename> command is causing segmentation faults on some audit report data files. erg712760/fz530410 47. The ap command is causing segmentation fault. Note: Portion of this fix is in the libc package. erg712675/fz530046 48. The creatiadb command is not working. erg712678/fz530093 49. The ps command will now report NI values as set by nice(2), rather than always displaying a 0 in that output column. This is only a compatibility measure and does not imply that the value set by nice(2) will affect scheduling behavior. fz530118 50. Printer manager GUI hangs while adding local printers on a freshly installed system. fz530092 51. C++ template instantiation fails when object file has non-.o suffix To fix this, .ti and .ii suffixes now append to, rather than replace, non-.o object suffixes. fz530247 52. A function call argument that is an expression with "side effects", cannot be used directly more than once when doing function inlining. A C++ "? :" expression, in which the third operand (conditionally evaluated) created a short-lived temp class object, was incorrectly replicated when replacing a multiply-referenced parameter in an inlined function. fz530178 53. For NIS systems, correct lookup-by-GID failure. Note: Portion of this fix is in the libc package. fz530952 54. We now have libcrypto.so from openssl package also and it defines _des_crypt() which is also defined by libcrypt.so. Updated libcrypt.so to use its own definition so that things remain sane. fz530438 55. Updated the /usr/lib/apache/conf/httpd.conf file if apache-1.3.29 and php-4.3.5 are installed, or the /opt/apache2/conf/conf.d/php4.conf file if apache2-2.0.49 and php4-4.3.5 are installed, with: AddType application/x-httpd-php .php .php3 .inc .phtml AddType application/x-httpd-php-source .phps In future, installation of php or php4 should update these files. fz529730 56. Fixed Tomcat 4.1.30 start script to implement a nohup. In future, this will be fixed in the tomcat package. fz530103 57. Fixed the Perl 5.8.3 configuration files to remove build pathnames. In future, this will be fixed in the perl package. fz530344 58. Fixed a syntax error in Mozilla start script. In future, this will be fixed in the mozilla package. fz530539 o Runtime C Library (libc) version 8.0.2b fixes: Note: All fixes in the libc package are also included in the uccs package. 59. Fixed a memory leak in tzset(). erg712729/fz530421 60. 61The ap command is causing segmentation fault. erg712675/fz530046 61. PAM enabled services do not update syslog correctly. fz530185 fz529908 62. For NIS systems, correct lookup-by-GID failure. fz530952 Additional bug fixes and enhancements are provided with the following packages that are distributed with UnixWare 7.1.4 Maintenance Pack 2. These fixes are also included in the supplemental packages provided with UnixWare 7.1.4 Maintenance Pack 4. o The Common Unix Printing System (cups) package, version 1.1.19-03: 1. SECURITY: Fixed a Denial of Service vulnerability. It was possible to disable browsing in CUPS by sending an empty UDP datagram to port 631 where cupsd is running. erg712688/fz530153 SCOSA-2004.15 , o The Foomatic Filters and PPDs (foomatic) package, version 3.0.2: 2. SECURITY: Foomatic has been updated from version 3.0.0-02 to 3.0.2 to fix a security problem. Please see the foomatic website for the list of changes. http://www.linuxprinting.org/foomatic.html erg712704/fz530505 SCOSA-2005.12 o The HP Inkjet Printer Driver (hpijs) package, version 1.5-02: 3. Updated and new PPD files for non-HP printers from the foomatic-3.0.2 distribution. erg712704/fz530505 o The Lightweight Directory Access Protocol services (ldap) package, version 8.0.1a: 4. LDAP fails to start with the following error message: dynamic linker: /usr/lib/ldap/slapd: relocation error symbol not found: ldapdebug_level referenced from /usr/lib/ldap/slapd erg712679/fz527615 o The Runtime OpenServer library (libosr) package, version 8.0.2a: 5. This version contains an updated libc.so.1 and three new libraries: libm.so.1, libcurses.so.1, and libsocket.so.2. fz529055 o The PNG (Portable Network Graphics) Library (libpng) package, version 1.2.7: 6. SECURITY: Libpng has been updated from version 1.2.5 to 1.2.7 to fix several security problems. Please see the libpng website for the list of changes. http://www.libpng.org/pub/png/libpng.html erg712684/fz530149 SCOSA-2004.16 o The Network Drivers (nd) package, version 8.0.2b: 7. Updated Intel PRO/100 (eeE8) Network Driver to version 2.9.1. fz530765 8. Updated Intel PRO/1000 (e1008g) Network Driver to version 7.4.9. fz530764 9. Updated Broadcom Gigabit (bcme) Network Driver to version 7.5.22. fz530259 10. The following NIC drivers have been updated to include PC Card support: d21x, e3E and nat. fz529602 11. The following new adapters are now supported including CardBus NICs and selected PRISM II Wireless PC Card NICs: 3Com EtherLink III 3C589C 0101058906 3Com EtherLink III 3C589D 0101058906 3Com 10Mbps LAN PC Card 3CCE589EC 3Com 10Mbps LAN PC Card 3CXE589DT 3Com 10Mbps LAN PC Card 3CCE589ET 3Com 10/100 LAN PC Card 3C3FE574BT Intel PRO/100 CardBus II MBLA3300 Intel PRO/100 S Mobile Adapter MBLA3300 C3 Intel PRO/100 CardBus II MBLA3400 Linksys Combo PCMCIA EthernetCard EC2T Linksys EtherFast 10/100 PC Card PCMPC100 Linksys EtherFast 10/100 CardBus Card PCMPC200 Linksys Wireless-B Notebook Adapter (802.11b) Netgear 10/100 PCMCIA FA410 Netgear 10/100 PCMCIA Mobile Adapter FA411 Netgear 10/100 CardBus FA510 Netgear 802.11b Wireless PC Card MA401 Socket Communications EA Socket Communications LP-E o The Network Infrastructure and Configuration Subsystem (nics) package, version 8.0.2b: 12. System kernel panics under heavy load in dlpi_hwfail_handler. There was race condition in txmon handler. erg712681/fz530124 o The Open Secure Shell (openssh) package, version 3.9p1-01: 13. OpenSSH has been updated from version 3.8.1p1 to 3.9p1. Please see the openssh website for the list of changes. http://www.openssh.com/ 14. When sshd is stopped and restarted, it no longer works. The user trying to get in gets the following message: Read from socket failed: Resource temporarily unavailable fz529865 15. Host based authentication does not work with openssh. fz530102 16. Cannot login to an account with an expired password with openssh. fz530287 o The Samba (samba) package, version 3.0.10: 17. SECURITY: Samba has been updated from version 3.0.4 to 3.0.10 to fix several security problems. Please see the samba website for the list of changes. http://www.samba.org/samba/ erg712735/fz530486 SCOSA-2004.15 erg712754/fz530644 o The Squid Caching Proxy Server (squid) package, version 2.5.STABLE7: 18. SECURITY: Squid has been updated from version 2.4.STABLE7 to 2.5.STABLE7 to fix several security problems. Please see the squid website for the list of changes. http://www.squid-cache.org/ erg712610/fz529457 SCOSA-2005.16 erg712740/fz530514 o The OUDK Optimizing C Compilation System (uccs) package, version 8.0.2b: 19. SECURITY: Fixed predictable temporary file creation by the cscope command that can be exploited by any local attacker to remove arbitrary files on the vulnerable file system via the infamous symlink vulnerability. erg712738/fz530500 20. When doing optimization on functions with exceptionally large code blocks where the total number of arguments passed to calls in a single block exceeds 8000, the C or C++ compiler may generate incorrect memory addresses for local variables. This problem has only occurred in atypical 4GL generated source code. erg712757/fz530656 21. Invalid #define of setterm() macro in curses.h. fz530412 22. When alloca() is used as an argument to another function call, the stack of the current frame may be corrupted such that invalid (saved) register values may be returned to the callee. fz527215 fz531008 o The General Purpose Data Compression Library (zlib) package, version 1.2.1-01: 23. SECURITY: Fixed a Denial of Service vulnerability. Fixed error handling in the inflate implementation to avoid incorrectly continuing to process in error state. erg712692/fz530158 SCOSA-2004.17 o The X11R6 Base X Runtime System (basex) package, version 8.0.2a: 24. SECURITY: Fail-soft mechanism is implemented for handling cases where the permissions and/or owner of the /tmp/.X11-unix, /tmp/.ICE-unix, and /tmp/.font-unix directories are not correctly set. Fail-soft means, if the permission and/or owner is improperly set, the component would try to properly set it. If it is unable to do that, it would generate error/warning message(s), but the component would not fail. Note: Portions of this fix are contained in the xserver package. erg712694/fz530161 SCOSA-2005.8 25. Fixed XtAppAddInput() function. Added missing brackets around XPOLL_READ, XPOLL_WRITE, XPOLL_EXCEPT erg712671/fz529974 o The X11R6 X Server (xserver) package, version 8.0.2b: 26. Invoking "scoadmin video" on an Intel SE7520JR2 white box server to adjust graphics resolution in either character or graphics mode causes the system console to start blinking, and there is no recovery other than rebooting. erg712755/fz530648 o The X11R6 Contributed X Clients (xcontrib) package, version 8.0.2a: 27. Fixed warning message from the xtetris command. fz530182 28. The puzzle command is causing segmentation fault. erg712700/fz530183 29. The ar command displays incorrect message in Japanese environment. erg712640/fz529737 o The X11R6 Graphics Drivers (xdrivers) package, version 8.0.2a: 30. Added the Matrox G550 Video Adapter support to the mtx driver. fz530771 o The IP Filter (ipf) package, version 4.1.3: 31. IP Filter 4.1.3 is an advanced open source filtering package which provides both firewall and network address translation services. It is the most common filtering package supported across different flavors of UNIX. For a complete list of features and services provided, please check the following URLs. o http://coombs.anu.edu.au/~avalon/ o http://www.obfuscation.org/ipf/ipf-howto.txt fz530132
o Diem Computime Radio Clock o ELV/DCF7000 clock o HOPF 6021 clock o Meinberg clocks o RCC 8000 clock o Schmid DCF77 clock o WHARTON 400A Series clock o VARITEXT clock(ID: 531232:2 ESC: erg712797)
Multiple core processors have two or more processor cores in each physical package, continuing the trend started with hyperthreading, but offering enhanced parallelism and improved performance due to additional processor cores.
Multiple processor cores are automatically detected and utilized if they are available. However, hyperthreaded processors are not utilized unless the administrator specifically requests their use. No additional CPU licenses are required to use either multiple processor cores or hyperthreaded processors.
The use of multiple processor cores can be disabled with the boot parameter "MULTICORE=N" entered at the boot prompt or added to the "/stand/boot" file. Having multiple core support enabled has no effect on systems that do not have multiple core processors. If the use of multiple processor cores is explicitly disabled with the "MULTICORE=N" boot parameter, then the use of hyperthreaded processors is also disabled.
Hyperthreaded processor support is still disabled by default. Support for hyperthreaded processors can be enabled with any of the following boot parameters:
ENABLE_HT=Y HYPERTHREAD=Y ENABLE_JT=Y(ID: 532712:3 SLS: ptf9051b)
System has halted and may be powered off (Press any key to reboot)Added a spin pause instruction into the loop; this is allegedly thermal friendly.
o Diem Computime Radio Clock o ELV/DCF7000 clock o HOPF 6021 clock o Meinberg clocks o RCC 8000 clock o Schmid DCF77 clock o WHARTON 400A Series clock o VARITEXT clock(ID: 531232:2 ESC: erg712797)
more: Illegal byte sequence(ID: 531424 ESC: erg712800)
UX:iconv: ERROR: No support for eucJP to sjisThis problem has been resolved.
The fixes in this section are contained in the uw714m4, libc, and uccs packages.
*ptr1++ = .... *ptr2 ....and both pointers had the same value an earlier sequence point in the current code block.
o CARP o Heap removal policy o ICMP o Delay pools o User-Agent logging o Kill parent on shutdown o SNMP monitoring o HTCP o USE_CACHE_DIGESTSAdditionally enabled the following:
o Referer logging(ID: 531636:2 ESC: erg712823)
Note: After installing the latest Mozilla package, you will also need to download and install the latest Java packages so that Mozilla continues to work properly. The Java packages are available separately from the UnixWare 7.1.4 Supplement Page at: http://www.sco.com/support/update/download/product.php?pfid=1&prid=6.
eeE8 3.0.2, Intel(R) PRO/100 supported adapters: ================== CardBus Adapters ============ Intel PRO/100 CardBus II MBLA3300 Intel PRO/100 S Mobile Adapter MBLA3300 C3 Intel PRO/100 CardBus II MBLA3400 645477-xxx PRO/10+ PCI PILA8500 649439-xxx PRO/10+ PCI PILA8520 701738-xxx Pro/100+ PCI Management Adapter PILA8461 668081-xxx Pro/100+ PCI PILA8460 721383-xxx Pro/100+ PCI Management Adapter PILA8460B 741462-xxx Pro/100+ PCI PILA8460BN 748566-xxx PRO/100 S Management PILA8460BUS 748564-xxx PRO/100 S Management PILA8464B 742252-xxx InBusiness(tm) 10/100 adapter SA101TX 351361-xxx PRO/100 PCI PILA8465 352509-xxx EtherExpress(tm) PRO/100B PCI adapter PILA8465B 352433-xxx PRO/100B PCI T4 PILA8475B 691334-xxx PRO/100+ PCI Management Adapter PILA8900 A80897-xxx PRO/100 M Desktop PILA8460M 751767-xxx PRO/100 S Desktop PILA8460C3 ================== Server Adapters ============ 714303-xxx PRO/100+ Dual Port Server Adapter PILA8472 748565-xxx PRO/100 S Server PILA8474B 748568-xxx Intel(c)PRO/100 S Server PILA8474BUS 710550-xxx PRO/100+ PCI Server Adapter PILA8470 729757-xxx PRO/100+ Server Adapter PILA8470B A56831-xxx PRO/100 S Dual Port Server Adapter PILA8472C3 752438-xxx PRO/100 S Server PILA8470C3 A28276-001 Intel(c) PRO/100+ Dual Port Server Adapter 61PMCA00 82559 Fast Ethernet LOM with Alert on LAN PRO/100 S Mobile LAN on Motherboard PRO/100 VM Network Connection PRO/100 VE Network Connection HP NC1120 Ethernet NIC HP NC3120 Fast Ethernet NIC HP NC3121 Fast Ethernet NIC HP NC3122 Fast Ethernet NIC HP NC3123 Fast Ethernet NIC HP NC3131 Fast Ethernet NIC HP NC3132 Fast Ethernet NIC HP NC3133 Fast Ethernet NIC HP NC3134 Fast Ethernet NIC HP NC3135 Fast Ethernet Upgrade Module HP NC3160 Fast Ethernet NIC HP NC3162 Fast Ethernet NIC HP NC3163 Fast Ethernet NIC HP 10/100 TX PCI Intel WOL UTP Controller(ID: 532544:1)
struct A func_returning_struct (); func_returning_struct().ptr -> other_field;This problem has been fixed. (ID: 534445:1 SLS: ptf9052h)
int main(void){return memset();}Unfortunately this would result in strange diagnostics like "no actual for asm formal: y". This fix changes the compiler so that it will not issue such complaints unless the ASM function code is actually present in the compilation unit. (ID: 534158:1)
NOTE: MP3 was re-released in May, 2006 to fix this one bug.
(ID: 533587:1)Specifying "ACPI=X" in /stand/boot or at the interactive boot prompt enables hybrid ACPI/MPS initialization when hyperthreading or multicore support is also enabled. Hybrid ACPI/MPS initialization should be enabled only if the default full-ACPI based initialization fails.
2. Implement dynamic PCI interrupt assignment to fix interrupt related problems seen on some platforms when hyperthreading, multicore, and/or ACPI are enabled. Observed problems included excess interrupt activity, poor device response, and device timeouts.
3. Allow override of kernel algorithms for sorting the processors listed in ACPI BIOS tables through the use of the new LAPIC_SORT parameter. This is necessary on some platforms to ensure that all logical processors can be used even if the ACPIS BIOS tables does not list them in the proper order.
Specifying "LAPIC_SORT=Y" in /stand/boot or at the interactive boot prompt will cause the kernel to reorder the processors listed in the ACPI BIOS tables; "LAPIC_SORT=N" disables that reordering. If LAPIC_SORT is unspecified, then the kernel uses its own internal algorithm to determine whether to reorder the processors listed in the tables. (ID: 533926:2 SLS: ptf9052d)
1. The OS sometimes failed to recognize some processor cores because of mishandling of the LAPIC_SORT boot parameter. Previously, the LAPIC_SORT boot parameter erroneously defaulted to NO and setting it to YES has no effect; it now defaults to YES.
2. The number of available processor cores may be cut in half on systems on which the processor supports hyperthreading but on which the BIOS has hyperthreading disabled.
3. An error in the processor licensing check could prevent some processor cores from coming online even when the system had the requisite processor licensing. (ID: 534338:3)
This very unusual situation only occurred when an inode number was first used for /dev/udp or /dev/tcp, then deleted, and then reused for a named pipe. (ID: 533770:4 SLS: ptf9052c)
Note: These prerequisite packages are always installed by ISL and should not be pkgrm. If you pkgrm any of these packages then you may encounter MP4 pkgadd failures due to missing prerequisites:
acp base ed els expect fmli libC libc libm libosr libthread ls modem mouse netmgt nsu openssh openssl openssld perl5 scoadmin syshead tclrun terminf uccs udidk udienv usb vtclrun zlib update714(ID: 534715:1)
1. More consistent per-package menu screens (e.g., Mozilla 1.2.x upgrade screen).
2. A screen offering the user the option to skip the package selection screens (default values are used). Per-package prompts are still displayed.
3. Fully installed packages are not displayed on the installation selection screens. This makes it clear which packages are available on the UnixWare 7.1.4 MP CD that you may want to install. (You can stiill use install.sh to overlay the current version of a package on top of itself. Simply run "install.sh pkgname".)
4. install.sh's concluding status message now shows SKIPPED (not offered for installation since this or an earlier version is already installed) packages before the just installed packages and any package installation failures. This helps ensure that the installed package list does not scroll off your screen.
5. The mpdoc package is only selected for installation if the current version is not already on the system. Previously the package was always selected resulting in unneeded reinstallations. (ID: 534817:1)
1. In general noninteractive MP4 installs (install.sh -n) are discouraged. This option is intended for replicated servers where an interactive install was first done on a test server. To avoid accidentally using the -n option, a message is displayed and the user is given a short period of time (15 - 20 seconds) to abort the installation.
2. If a 1.2.x version of Mozilla is installed, install.sh in interactive mode asks if it can be removed (if you answer no then the new Mozilla version is not installed). In non-interactive mode the old version is removed and the new version is installed.
3. If the deprecated modjk1 is installed then, by default, install.sh selects modjk. In interactive mode you are prompted whether to keep the old modjk1 or upgrade to the new modjk. In non-interactive mode the old modjk1 is removed and the new modjk is installed.
4. In interactive mode a new menu screen is displayed asking if you want to review and/or change the default package selection. The package selection screens are then displayed only if you request this at the initial prompt. (ID: 534841:1)
An integer overflow condition may result in a memory allocation request returning an allocated region that is incorrectly sized. The client may then be able to use the XDrawPoint() and XGetImage() functions to read and write to arbitrary locations in the X server's address space.
A malicious local authenticated attacker may be able to execute arbitrary code with the privileges of the X server.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2495 to this issue.
The X server was updated to a repaired version. (ID: 532989:2 ESC: erg712937)
Stack-based buffer overflow in the init_syms function in MySQL 4.0 before 4.0.25, 4.1 before 4.1.13, and 5.0 before 5.0.7-beta allowed remote authenticated users who can create user-defined functions to execute arbitrary code via a long function_name field.
MySQL was prone to a buffer overflow vulnerability here. There were insufficient bounds checks of user-defined function argument data.
This issue could have been exploited by a database user with sufficient access to create a user-defined function. It may also have been possible to exploit this issue through latent SQL injection vulnerabilities in third-party applications that used the database as a backend.
Successful exploitation would have resulted in the execution of arbitrary code in the context of the database server process.
The newer MySQL versions do not suffer from this vulnerability. (ID: 533383:2)
The following Copyright Notice is required by the lsof command source:
/* * Copyright 2002 Purdue Research Foundation, West Lafayette, * Indiana 47907. All rights reserved. * * Written by Victor A. Abell * * This software is not subject to any license of the American * Telephone and Telegraph Company or the Regents of the * University of California. * * Permission is granted to anyone to use this software for * any purpose on any computer system, and to alter it and * redistribute it freely, subject to the following * restrictions: * * 1. Neither the authors nor Purdue University are responsible * for any consequences of the use of this software. * * 2. The origin of this software must not be misrepresented, * either by explicit claim or by omission. Credit to the * authors and Purdue University must appear in documentation * and sources. * * 3. Altered versions must be plainly marked as such, and must * not be misrepresented as being the original software. * * 4. This notice may not be removed or altered. */
Document Issued: June 2008
Copyright © 2008 The SCO Group, Inc. All rights reserved.