 |
≫ |
|
|
|
パッチ名: PHNE_34306
パッチ摘要: s700_800 11.23 ftpd(1M)およびftp(1)パッチ
作成日: 06/03/13
公開日: 06/03/20
ハードウェアプラットフォームおよびOSリリース:
s700: 11.23
s800: 11.23
現象:
PHNE_34306:
1.(SR:8606430441 CR:JAGaf89900)
ftpd(1M)でのパターン展開に問題があります。
2.(SR:8606423016 CR:JAGaf82539)
ftpd(1M)が一部の構成情報を正しく処理しません。
問題点の説明:
PHNE_34306:
1.(SR:8606430441 CR:JAGaf89900)
ftpd(1M)でのパターン展開に問題がありました。
解決方法:
パターンを正しく展開するようにftpd(1M)を修正しました。
2.(SR:8606423016 CR:JAGaf82539)
ftpd(1M)は一部の構成情報を正しく処理しませんでした。
解決方法:
構成情報を正しく処理するようにftpd(1M)を修正しました。
-----------------------------------------------------------------------------
Patch Name: PHNE_34306
Patch Description: s700_800 11.23 ftpd(1M) and ftp(1) patch
Creation Date: 06/03/13
Post Date: 06/03/20
Hardware Platforms - OS Releases:
s700: 11.23
s800: 11.23
Products: N/A
Filesets:
InternetSrvcs.INET-ENG-A-MAN,fr=B.11.23,fa=HP-UX_B.11.23_IA/PA,v=HP
InternetSrvcs.INETSVCS2-RUN,fr=B.11.23,fa=HP-UX_B.11.23_IA,v=HP
InternetSrvcs.INETSVCS2-RUN,fr=B.11.23,fa=HP-UX_B.11.23_PA,v=HP
Automatic Reboot?: No
Status: General Release
Critical:
No (superseded patches were critical)
PHNE_32286: CORRUPTION
The fix for CR JAGaf33866 (SR 8606373474) corrects
a possible unreported data loss during file transfer.
Category Tags:
defect_repair enhancement general_release critical
corruption
Path Name: /hp-ux_patches/s700_800/11.X/PHNE_34306
Symptoms:
PHNE_34306:
( SR:8606430441 CR:JAGaf89900 )
ftpd(1M) has problem in globbing patterns.
( SR:8606423016 CR:JAGaf82539 )
ftpd(1M) does not correctly process certain configuration
information.
PHNE_33414:
( SR:8606402783 CR:JAGaf62718 )
ftpd has a problem when failure occurs while establishing
a data connection with the client.
( SR:8606394876 CR:JAGaf54890 )
ftp is unable to log into the virtual domain when the
ftp server is invoked by inetd(1M) and uses the
ftpservers(4) configuration file to enable the virtual
hosting feature.
PHNE_32286:
( SR:8606373474 CR:JAGaf33866 )
In an NFS-mounted filesystem, which is full, the ftp
"get/mget" command fails without displaying any error
message. Also, in some cases in a non-NFS mounted system,
which is full, ftp "get/mget" fails without displaying
any error messages. As a result, unreported data loss
may occur.
( SR:8606379082 CR:JAGaf39331 )
No customer-visible symptoms in most cases.
( SR:8606393355 CR:JAGaf53414 )
ftpd does not handle invalid parameters given with the
"restart" command properly.
PHNE_32043:
( SR:8606379341 CR:JAGaf39590 )
In an IPv6 environment, a delay may be observed in the ftp
connection.
( SR:8606375175 CR:JAGaf35480 )
ftpd(1M) always uses the primary interface address of the
system for the data connection instead of using the address
on which the control connection request is received.
( SR:8606371641 CR:JAGaf32059 )
The "restart" command in ftp does not work properly when
the restart marker is set to a value greater than or
equal to 2 GB.
( SR:8606347852 CR:JAGaf08674 )
In some situations, there is a delay in an ftp
connection after the ftp client displays the
"Connected to" message.
PHNE_31732:
( SR:8606354853 CR:JAGaf15609 )
In an IPv6 environment, when Kerberos is enabled on
PA-RISC systems, ftp does not handle IPv6 addresses.
( SR:8606359484 CR:JAGaf20180 )
This product update provides pre-enablement for future
expansion of the maximum length of the system nodename and
hostname. Any actual expansion capability may be provided
in a future HP-UX nodename and hostname expansion product.
Upon installation, the nodename and hostname expansion
bundle (NodeHostNameXpnd) will install the full set of
product updates (including this one) needed to enable the
expansion.
If the nodename and hostname expansion bundle is not
installed, this product update will have no effect on your
system.
( SR:8606364418 CR:JAGaf25057 )
When ftp tries to transfer a file to an NFS mounted
directory in a system where the disk space is full, ftpd
displays the following error message, even though the
transfer operation has failed:
226 Transfer complete.
( SR:8606365929 CR:JAGaf26559 )
ftpd displays and logs the IPv4-mapped IPv6 address of the
remote host instead of the IPv4 address.
( SR:8606365886 CR:JAGaf26516 )
ftp client displays the IPv4-mapped IPv6 address of the
remote host instead of the IPv4 address.
( SR:8606358690 CR:JAGaf19386 )
This product update is a member of a set needed to
enable auditing without converting to a trusted system.
PHNE_30983:
( SR:8606360143 CR:JAGaf20839 )
ftp does not work properly under certain situations.
( SR:8606350655 CR:JAGaf11467 )
ftpd does not work correctly with certain group IDs.
Defect Description:
PHNE_34306:
( SR:8606430441 CR:JAGaf89900 )
ftpd(1M) has problem in globbing patterns.
Resolution:
ftpd(1M) now globs patterns properly.
( SR:8606423016 CR:JAGaf82539 )
ftpd(1M) does not correctly process certain configuration
information.
Resolution:
ftpd(1M) now processes the configuration information
correctly.
PHNE_33414:
( SR:8606402783 CR:JAGaf62718 )
ftpd has a problem when failure occurs while establishing
a data connection with client.
Resolution:
Code has been modified to solve the problem.
( SR:8606394876 CR:JAGaf54890 )
When the virtual hosting feature is used, ftpd(1M) does
not properly handle the buffer that facilitates virtual
hosting. As a result, ftpd(1M) that is invoked by inetd(1M)
rejects the connection and reports the following error
message in the /var/adm/syslog/syslog.log file:
"FTP LOGIN FAILED(virtual host access denied)"
Resolution:
ftpd(1M) has been modified to properly handle the virtual
hosting feature when ftpd(1M) is invoked by inetd(1M).
PHNE_32286:
( SR:8606373474 CR:JAGaf33866 )
In NFS file systems, the ftp "get/mget" command fails
without displaying any error message because write() does
not always fail even if the file system is full. However,
fclose() fails and sets 'errno' which is not handled by
ftp. In a non-NFS file system, when ftp is used to
"get/mget" a small file in an ASCII mode, the data is not
flushed to the disk until fclose(). If the file system is
full, fclose() fails and sets 'errno' which is not
handled by ftp. Therefore, ftp does not display any
error message in this case.
Resolution:
Code has been modified so that ftp checks whether
fclose() fails in a "get/mget" operation and displays
appropriate error messages if fclose() fails.
( SR:8606379082 CR:JAGaf39331 )
ftpd does not properly manage some internal resources.
Resolution:
ftpd resource management code has been corrected.
( SR:8606393355 CR:JAGaf53414 )
ftpd accepts invalid parameters given with the "restart"
command instead of rejecting them by giving appropriate
error messages.
Resolution:
ftpd now handles invalid parameters given with the "restart"
command properly by displaying appropriate error messages.
PHNE_32043:
( SR:8606379341 CR:JAGaf39590 )
When ftpd is run in an IPv6 environment, it sends
IPv4-mapped IPv6 address of the client system to the DNS
for obtaining the corresponding hostname. If the
IPv4-mapped IPv6 address is not present in the DNS
database, the DNS query times out; and hence a delay in the
ftp connection.
Resolution:
ftpd code has been modified so that ftpd now sends a DNS
query with an IPv4 address instead of IPv4-mapped IPv6
address.
( SR:8606375175 CR:JAGaf35480 )
The incorrect address length passed to the bind() system
call to open the data connection makes ftpd to be bound to
the primary interface address.
Resolution:
Code has been modified to pass the correct address length
to the bind() system call
( SR:8606371641 CR:JAGaf32059 )
The size of the variable, used to manipulate the restart
marker value, is not sufficient to store a value more
than or equal to 2 GB. Therefore, the "restart" command
does not work properly.
Resolution:
ftp and ftpd has been modified so that the "restart"
command works properly for a marker value more than or
equal to 2 GB.
( SR:8606347852 CR:JAGaf08674 )
ftpd sends DNS queries disregarding the configuration
set by the administrator in the /etc/nsswitch.conf file,
even though the user does not use any DNS-related
options in the /etc/ftpd/ftpaccess file. Therefore, if
DNS is not configured properly, there will be a delay
in an ftp connection because ftpd waits for all the DNS
queries to timeout.
Resolution:
Code has been modified to send the DNS queries only if
ftpd is configured to use the DNS-related options in the
/etc/ftpd/ftpaccess file.
PHNE_31732:
( SR:8606354853 CR:JAGaf15609 )
ftp does not process an IPv6 address, when Kerberos is
enabled on PA-RISC systems in an IPv6 environment.
Resolution:
ftp now handles IPv6 addresses when Kerberos is enabled
on PA-RISC systems.
( SR:8606359484 CR:JAGaf20180 )
This product update contains some minor enhancements
required to pre-enable a future HP-UX nodename and
hostname expansion product bundle (NodeHostNameXpnd).
Resolution:
Internal buffers for the nodename or hostname are expanded
in preparation for a future increase to the associated
maximum length constraint.
( SR:8606364418 CR:JAGaf25057 )
ftpd prints the incorrect message "226 Transfer complete."
even though the file transfer has failed because ftpd does
not check the return value of fclose().
Resolution:
ftpd now prints the following error message when fclose()
fails due to insufficient system disk space:
452 Error writing file: No space left on device.
( SR:8606365929 CR:JAGaf26559 )
ftpd does not convert an IPv4-mapped IPv6 address to an IPv4
address before logging or displaying to the standard output.
Resolution:
ftpd now converts an IPv4-mapped IPv6 address to an IPv4
address before logging or displaying to the standard output.
( SR:8606365886 CR:JAGaf26516 )
ftp does not convert an IPv4-mapped IPv6 address to an IPv4
address before displaying to the standard output.
Resolution:
ftp now converts an IPv4-mapped IPv6 address to an IPv4
address before displaying to the standard output.
( SR:8606358690 CR:JAGaf19386 )
This product update contains enhancements required to
enable auditing without converting to a trusted system.
Resolution:
This product is now enhanced to generate proper audit
records for systems that have not converted to trusted
mode.
PHNE_30983:
( SR:8606360143 CR:JAGaf20839 )
ftp does not work properly under certain situations.
Resolution:
Code has been modified to fix the problem.
( SR:8606350655 CR:JAGaf11467 )
ftpd does not handle certain group IDs properly.
Resolution:
ftpd code has been modified to handle all group IDs
properly.
Enhancement:
No (superseded patches contained enhancements)
PHNE_31732:
( SR:8606354853 CR:JAGaf15609 )
Kerberos support in an IPv6 environment for ftp for
PA-RISC systems.
( SR:8606359484 CR:JAGaf20180 )
Support added for future maximum length expansion of
nodename and hostname.
( SR:8606358690 CR:JAGaf19386 )
This product update is a member of a set needed to
enable auditing without converting to a trusted system.
SR:
8606430441 8606423016 8606402783 8606394876 8606350655
8606354853 8606358690 8606359484 8606360143 8606364418
8606365886 8606365929 8606379341 8606375175 8606371641
8606347852 8606373474 8606379082 8606393355
Patch Files:
InternetSrvcs.INET-ENG-A-MAN,fr=B.11.23,
fa=HP-UX_B.11.23_IA/PA,v=HP:
/usr/share/man/man4.Z/ftpaccess.4
InternetSrvcs.INETSVCS2-RUN,fr=B.11.23,fa=HP-UX_B.11.23_IA,
v=HP:
/usr/bin/ftp
/usr/bin/ckconfig
/usr/bin/ftpcount
/usr/lbin/ftpd
/usr/bin/ftprestart
/usr/bin/ftpshut
/usr/bin/privatepw
InternetSrvcs.INETSVCS2-RUN,fr=B.11.23,fa=HP-UX_B.11.23_PA,
v=HP:
/usr/bin/ftp
/usr/bin/ckconfig
/usr/bin/ftpcount
/usr/lbin/ftpd
/usr/bin/ftprestart
/usr/bin/ftpshut
/usr/bin/privatepw
what(1) Output:
InternetSrvcs.INET-ENG-A-MAN,fr=B.11.23,
fa=HP-UX_B.11.23_IA/PA,v=HP:
/usr/share/man/man4.Z/ftpaccess.4:
None
InternetSrvcs.INETSVCS2-RUN,fr=B.11.23,fa=HP-UX_B.11.23_IA,
v=HP:
/usr/bin/ftp:
Copyright (c) 1985, 1989 Regents of the University o
f California.
$Revision: @(#) ftp R11.23_BL2006_0313_1 PATCH_11.23
PHNE_34306
/usr/bin/ckconfig:
Version wuftpd-2.6.1 Mon Mar 13 11:14:52 GMT 2006
$Revision: @(#) ftpd.2.6 R11.23_BL2006_0313_1 PATCH_
11.23 PHNE_34306
/usr/bin/ftpcount:
Version wuftpd-2.6.1 Mon Mar 13 11:14:25 GMT 2006
$Revision: @(#) ftpd.2.6 R11.23_BL2006_0313_1 PATCH_
11.23 PHNE_34306
/usr/lbin/ftpd:
Copyright (c) 1999,2000 WU-FTPD Development Group.
$Id: ftpd.c,v 1.111 2000/07/01 18:17:39 wuftpd Exp $
based on ftpd.c 5.40 (Berkeley) 7/2/91
Version wuftpd-2.6.1 Mon Mar 13 11:14:17 GMT 2006
$Revision: @(#) ftpd.2.6 R11.23_BL2006_0313_1 PATCH_
11.23 PHNE_34306
/usr/bin/ftprestart:
Version wuftpd-2.6.1 Mon Mar 13 11:14:31 GMT 2006
$Revision: @(#) ftpd.2.6 R11.23_BL2006_0313_1 PATCH_
11.23 PHNE_34306
/usr/bin/ftpshut:
Version wuftpd-2.6.1 Mon Mar 13 11:14:40 GMT 2006
$Revision: @(#) ftpd.2.6 R11.23_BL2006_0313_1 PATCH_
11.23 PHNE_34306
/usr/bin/privatepw:
Version wuftpd-2.6.1 Mon Mar 13 11:14:58 GMT 2006
$Revision: @(#) ftpd.2.6 R11.23_BL2006_0313_1 PATCH_
11.23 PHNE_34306
InternetSrvcs.INETSVCS2-RUN,fr=B.11.23,fa=HP-UX_B.11.23_PA,
v=HP:
/usr/bin/ftp:
$Revision: 92453-07 linker linker crt0.o B.11.16.01
030415 $
$Revision: @(#) ftp R11.23_BL2006_0313_1 PATCH_11.23
PHNE_34306
Copyright (c) 1985, 1989 Regents of the University o
f California.
/usr/bin/ckconfig:
$Revision: 92453-07 linker linker crt0.o B.11.16.01
030415 $
$Revision: @(#) ftpd.2.6 R11.23_BL2006_0313_1 PATCH_
11.23 PHNE_34306
Version wuftpd-2.6.1 Mon Mar 13 11:15:50 GMT 2006
/usr/bin/ftpcount:
$Revision: 92453-07 linker linker crt0.o B.11.16.01
030415 $
$Revision: @(#) ftpd.2.6 R11.23_BL2006_0313_1 PATCH_
11.23 PHNE_34306
Version wuftpd-2.6.1 Mon Mar 13 11:15:33 GMT 2006
/usr/lbin/ftpd:
$Revision: 92453-07 linker linker crt0.o B.11.16.01
030415 $
$Revision: @(#) ftpd.2.6 R11.23_BL2006_0313_1 PATCH_
11.23 PHNE_34306
$Id: ftpd.c,v 1.111 2000/07/01 18:17:39 wuftpd Exp $
based on ftpd.c 5.40 (Berkeley) 7/2/91
Copyright (c) 1999,2000 WU-FTPD Development Group.
Version wuftpd-2.6.1 Mon Mar 13 11:15:29 GMT 2006
/usr/bin/ftprestart:
$Revision: 92453-07 linker linker crt0.o B.11.16.01
030415 $
$Revision: @(#) ftpd.2.6 R11.23_BL2006_0313_1 PATCH_
11.23 PHNE_34306
Version wuftpd-2.6.1 Mon Mar 13 11:15:38 GMT 2006
/usr/bin/ftpshut:
$Revision: 92453-07 linker linker crt0.o B.11.16.01
030415 $
$Revision: @(#) ftpd.2.6 R11.23_BL2006_0313_1 PATCH_
11.23 PHNE_34306
Version wuftpd-2.6.1 Mon Mar 13 11:15:43 GMT 2006
/usr/bin/privatepw:
$Revision: 92453-07 linker linker crt0.o B.11.16.01
030415 $
$Revision: @(#) ftpd.2.6 R11.23_BL2006_0313_1 PATCH_
11.23 PHNE_34306
Version wuftpd-2.6.1 Mon Mar 13 11:15:54 GMT 2006
cksum(1) Output:
InternetSrvcs.INET-ENG-A-MAN,fr=B.11.23,
fa=HP-UX_B.11.23_IA/PA,v=HP:
2947500892 20756 /usr/share/man/man4.Z/ftpaccess.4
InternetSrvcs.INETSVCS2-RUN,fr=B.11.23,fa=HP-UX_B.11.23_IA,
v=HP:
3891116166 374076 /usr/bin/ftp
3734017330 42716 /usr/bin/ckconfig
1342043960 42828 /usr/bin/ftpcount
359899700 605872 /usr/lbin/ftpd
1317282703 48244 /usr/bin/ftprestart
1214620606 56828 /usr/bin/ftpshut
1938275329 38444 /usr/bin/privatepw
InternetSrvcs.INETSVCS2-RUN,fr=B.11.23,fa=HP-UX_B.11.23_PA,
v=HP:
286331065 167936 /usr/bin/ftp
2223903783 36864 /usr/bin/ckconfig
4293964199 36864 /usr/bin/ftpcount
2531809446 352256 /usr/lbin/ftpd
3847668281 40960 /usr/bin/ftprestart
2138939152 45056 /usr/bin/ftpshut
1221136332 40960 /usr/bin/privatepw
Patch Conflicts: None
Patch Dependencies:
s700: 11.23: PHCO_31554 PHCO_31590
s800: 11.23: PHCO_31554 PHCO_31590
Hardware Dependencies: None
Other Dependencies: None
Supersedes:
PHNE_33414 PHNE_32286 PHNE_32043 PHNE_31732 PHNE_30983
Equivalent Patches: None
Patch Package Size: 870 KBytes
Installation Instructions:
Please review all instructions and the Hewlett-Packard
SupportLine User Guide or your Hewlett-Packard support terms
and conditions for precautions, scope of license,
restrictions, and, limitation of liability and warranties,
before installing this patch.
------------------------------------------------------------
1. Back up your system before installing a patch.
2. Login as root.
3. Copy the patch to the /tmp directory.
4. Move to the /tmp directory and unshar the patch:
cd /tmp
sh PHNE_34306
5. Run swinstall to install the patch:
swinstall -x autoreboot=true -x patch_match_target=true \
-s /tmp/PHNE_34306.depot
By default swinstall will archive the original software in
/var/adm/sw/save/PHNE_34306. If you do not wish to retain a
copy of the original software, include the patch_save_files
option in the swinstall command above:
-x patch_save_files=false
WARNING: If patch_save_files is false when a patch is installed,
the patch cannot be deinstalled. Please be careful
when using this feature.
For future reference, the contents of the PHNE_34306.text file is
available in the product readme:
swlist -l product -a readme -d @ /tmp/PHNE_34306.depot
To put this patch on a magnetic tape and install from the
tape drive, use the command:
dd if=/tmp/PHNE_34306.depot of=/dev/rmt/0m bs=2k
Special Installation Instructions:
This patch kills all the instances of ftpd but it does not
restart ftpd after the patch installation, because ftpd is
usually invoked by inetd. Therefore, if ftpd is running in
standalone mode (that is, ftpd is started manually with the
'-S' or '-s' option), ftpd must be restarted manually after
installing this patch.
|
