 |
≫ |
|
|
|
パッチ名: PHNE_35950
パッチ摘要: s700_800 11.11 sendmail(1M) 8.9.3パッチ
作成日: 07/05/15
公開日: 07/05/23
ハードウェアプラットフォームおよびOSリリース:
s700: 11.11
s800: 11.11
現象:
PHNE_35950:
(SR:8606472879/CR:JAGag27656)
sendmail(1M)クライアントプロセスが、write(2)システムコールの実行時にル
ープすることがあります。
問題点の説明:
PHNE_35950:
(SR:8606472879/CR:JAGag27656)
write(2)の実行中にエラーが起きると、sendmail(1M)クライアントはいつまで
もループすることがありました。
解決方法:
write(2)システムコールでのエラーを適切に処理するようにsendmail(1M)クラ
イアントを修正しました。
-----------------------------------------------------------------------------
Patch Name: PHNE_35950
Patch Description: s700_800 11.11 sendmail(1M) 8.9.3 patch
Creation Date: 07/05/15
Post Date: 07/05/23
Hardware Platforms - OS Releases:
s700: 11.11
s800: 11.11
Products: N/A
Filesets:
InternetSrvcs.INETSVCS-RUN,fr=B.11.11,fa=HP-UX_B.11.11_32/64,v=HP
InternetSrvcs.INET-ENG-A-MAN,fr=B.11.11,fa=HP-UX_B.11.11_32/64,v=HP
Automatic Reboot?: No
Status: General Release
Critical:
Yes
PHNE_35950: HANG
PHNE_35484: HANG
PHNE_34936: CORRUPTION
PHNE_28761: ABORT
Category Tags:
defect_repair general_release critical halts_system
corruption manual_dependencies
Path Name: /hp-ux_patches/s700_800/11.X/PHNE_35950
Symptoms:
PHNE_35950:
SR 8606472879 / CR JAGag27656:
1. In certain cases, sendmail(1M) client process will hang
on write(2) system call.
PHNE_35484:
SR 8606460337 / CR JAGag16388:
1. The "MaxMessageSize" option in the sendmail configuration
file ("/etc/mail/sendmail.cf") does not work properly if
the size of the mail is over 2GB.
SR 8606457791 / CR JAGag14059:
2. Under certain circumstances, sendmail(1M) loops on
write(2) system call.
SR 8606367763 / CR JAGaf28327:
3. The "PrivacyOptions" option in the sendmail configuration
file ("/etc/mail/sendmail.cf") is not automatically
updated with the "restrictqrun" flag.
PHNE_34936:
SR 8606445282 / CR JAGag02752: Duplicate
SR 8606444296 / CR JAGag01864:
1. In some cases, sendmail(1M) does not process MIME
messages properly.
SR 8606450018 / CR JAGag07124: Duplicate
SR 8606447864 / CR JAGag05151:
2. When a message contains a header folding, sendmail(1M)
treats the continuation line and the headers that follow
this continuation line as the body of the message.
PHNE_31917:
SR 8606443769 / CR JAGag01403: Duplicate
SR 8606437932 / CR JAGaf96078:
1. Under certain circumstances, sendmail(1M) does not
handle timeouts properly.
SR 8606374539 / CR JAGaf34855:
2. sendmail(1M) logs the owner of the connection
as root in the /var/adm/syslog/mail.log file instead
of the user who initiated the connection.
PHNE_29774:
SR 8606330618 / CR JAGae91741:
1. Under some circumstances, sendmail(1M) does not parse the
headers properly.
SR 8606331548 / CR JAGae92668:
2. Under certain circumstances, sendmail(1M) does not parse
some rulesets properly.
PHNE_28810:
SR 8606314706 / CR JAGae77457:
1. Information present in manpages delivered with
PHNE_28761 is incorrect.
PHNE_28761:
SR 8606268804 / CR JAGae33040:
1. Under certain conditions, sendmail(1M) or its associated
utilities may not operate properly.
SR 8606269073 / CR JAGae33308:
2. Under certain conditions, sendmail(1M) does not
terminate/restart properly.
SR 8606294401 / CR JAGae58098:
3. In some cases, sendmail(1M) does not parse the mail
headers properly.
SR 8606284379 / CR JAGae48326:
4. Under certain conditions, sendmail(1M) does not process
the mail queue properly.
SR 8606300319 / CR JAGae63788:
5. sendmail(1M) logs transient parse errors on the console.
SR 8606305635 / CR JAGae68683:
6. In some cases, sendmail(1M) does not parse the headers
properly.
SR 8606305628 / CR JAGae68676:
7. In some cases, sendmail(1M) relays mails illegally.
PHNE_26305:
SR 8606194375 / CR JAGad63585:
1. When there is a large number of active TCP connections,
'ndd' invoked by identd holds the TCP lock for over a
minute. This causes a Transfer Of Control(TOC).
SR 8606248880/ CR JAGae15277
2. identd terminates on receiving a SIGPIPE signal and
it does not log an appropriate error message in the
syslog file.
SR 8606267547/JAGae31789
3. sendmail(1M) does not log the transient error
message, "Name server timeout" in the log file
while processing the mail queue.
PHNE_25184:
SR 8606189011 / CR JAGad58227:
1. When a user searches for aliases using nis+, the search
will fail.
SR 8606213171 / CR JAGad82359:
2. sendmail(1M) can mishandle addresses in
"Diagnostic-Code:" warning message.
Defect Description:
PHNE_35950:
SR 8606472879 / CR JAGag27656:
1. The sendmail client will loop forever if the
sendmail(1M) client fails on write(2). This error
occurs because sendmail(1M) client does not handle
the write(2) system call correctly.
Resolution:
The sendmail(1M) client now handles the write(2)
system call correctly.
PHNE_35484:
SR 8606460337 / CR JAGag16388:
1. The "MaxMessageSize" option in "/etc/mail/sendmail.cf"
restricts sendmail(1M) from accepting mails that are
larger than the size mentioned in the "MaxMessageSize"
option. When an incoming mail is larger than 2GB in
size, the "MaxMessageSize" option does not work as
expected.
Resolution:
sendmail(1M) now works properly with the "MaxMessageSize"
option for mails that are larger than 2GB in size.
SR 8606457791 / CR JAGag14059:
2. Under certain circumstances, sendmail(1M) loops on
write(2) system call.
Resolution:
sendmail(1M) has been modified to fix this problem.
SR 8606367763 / CR JAGaf28327:
3. The "PrivacyOptions" option in the
"/etc/mail/sendmail.cf" file is not automatically
updated with the "restrictqrun" flag.
Resolution:
The "PrivacyOptions" option is now automatically updated
with the "restrictqrun" flag. This option is appended at
the end of the "/etc/mail/sendmail.cf" file. Before
modifying the "/etc/mail/sendmail.cf" file, this patch
stores a copy of the existing "/etc/mail/sendmail.cf"
file in the directory
"/var/adm/sw/save_custom/<patch-ID>" for reference.
<patch-ID> denotes the patch that updates
"/etc/mail/sendmail.cf" file. The sendmail(1M)
configuration file in the directory
"/var/adm/sw/save_custom/<patch-ID>" will exist until
the <patch-ID> is installed in the system.
PHNE_34936:
SR 8606445282 / CR JAGag02752: Duplicate
SR 8606444296 / CR JAGag01864:
1. In some cases, sendmail(1M) does not process MIME
messages properly.
Resolution:
sendmail(1M) now processes MIME messages properly.
SR 8606450018 / CR JAGag07124: Duplicate
SR 8606447864 / CR JAGag05151:
2. A header folding is recognized by a tab or space
character. When a message contains a header folding,
sendmail(1M) does not process the tab or space character
appropriately. Therefore, sendmail(1M) treats the
continuation line and the headers following this
continuation line as part of the body of the message.
Resolution:
sendmail(1M) now processes messages with header folding
properly.
PHNE_31917:
SR 8606443769 / CR JAGag01403: Duplicate
SR 8606437932 / CR JAGaf96078:
1. Under certain circumstances, sendmail(1M) does not
handle timeouts properly.
Resolution:
sendmail(1M) now handles timeouts properly.
SR 8606374539 / CR JAGaf34855:
2. The reply of the HELO command contains root as the
owner of the connection instead of the actual user.
Therefore, sendmail(1M) logs root as the owner of a
connection in the /var/adm/syslog/mail.log file.
Resolution:
sendmail(1M) now logs the user who initiated the
connection, as the owner of the connection in the
/var/adm/syslog/mail.log file.
PHNE_29774:
SR 8606330618 / CR JAGae91741:
1. Under some circumstances, sendmail(1M) does not parse
the headers properly.
Resolution:
Code has now been modified to fix the problem.
SR 8606331548 / CR JAGae92668:
2. Under certain circumstances, sendmail(1M) does not parse
some rulesets properly.
Resolution:
Code has now been modified to fix the problem.
PHNE_28810:
SR 8606314706 / CR JAGae77457:
1. The patch PHNE_28761 contains an incorrect version
of manpages.
Resolution: The correct version of the manpages are
included in the current patch PHNE_28810.
PHNE_28761:
SR 8606268804 / CR JAGae33040:
1. Under certain conditions, sendmail(1M) or its associated
utilities may not operate properly.
Resolution:
Code has now been modified to fix the problem.
SR 8606269073 / CR JAGae33308:
2. Due to a race condition, sendmail(1M) does not
terminate/restart properly.
Resolution:
Code has now been modified to fix the problem.
SR 8606294401 / CR JAGae58098:
3. In some cases, sendmail(1M) does not parse the mail
headers properly.
Resolution :
The code has been modified to parse the mail headers
properly.
SR 8606284379 / CR JAGae48326:
4. Under certain conditions, sendmail(1M) does not process
the mail queue properly.
Resolution:
Use /usr/newconfig/etc/mail/sendmail.cf as the base
configuration file (/etc/mail/sendmail.cf) with
site-specific changes as required and restart the
sendmail(1M) daemon.
SR 8606300319 / CR JAGae63788:
5. Transient parse error notifications are displayed on the
console.
Resolution:
The error messages are now logged as a LOG_INFO message
at Loglevel >8, when the option "AlertTmpFailure" is
disabled or commented out in the sendmail(1M)
configuration file /etc/mail/sendmail.cf.
SR 8606305635 / CR JAGae68683:
6. In some cases, sendmail(1M) does not parse the headers
properly.
Resolution:
The code has been modified to parse the headers
properly.
SR 8606305628 / CR JAGae68676:
7. sendmail(1M) illegally relays mails with specially
quoted recipient address.
Resolution:
A new ruleset has been added in the
/usr/newconfig/etc/mail/sendmail.cf file to strip
quotes in the recipient address and disallow illegal
relaying caused by specially quoted recipient address.
Use /usr/newconfig/etc/mail/sendmail.cf as base
configuration file (/etc/mail/sendmail.cf) with
site-specific changes as required and restart the
sendmail(1M) daemon.
PHNE_26305:
SR 8606194375 / CR JAGad63585:
1. identd uses 'ndd' to get the credentials of the remote
owner of a TCP connection and when a large number of
active TCP connections is present in the system, ndd
causes TOC.
Resolution:
The identd code has been modified to use a new ioctl()
command instead of 'ndd' to avoid TOC.
SR 8606248880/ CR JAGae15277
2. identd does not contain any specific signal handler
to handle the signal SIGPIPE and identd terminates,
as the default behavior of SIGPIPE is to terminate
the process.
Resolution:
A signal handler has now been included in identd to
handle the signal SIGPIPE. Hence, identd terminates
with an appropriate error message logged as
LOG_DEBUG in the syslog file as:
"SIGPIPE triggered, exiting"
The error message is logged only if the `-l' option
is given as an argument to identd.
SR 8606267547/JAGae31789
3. When sendmail(1M) is unable to resolve the address of
the host using the name service, a transient error
"Name Server Timeout" occurs. This error is displayed
on the terminal and is not logged in syslog file.
The default syslog file is /var/adm/syslog/mail.log.
Resolution :
sendmail(1M) now logs the transient error messages in the
syslog file when the option "AlertTmpFailure" is
enabled in the sendmail(1M) configuration file
/etc/mail/sendmail.cf. The error messages are logged
as a LOG_ALERT message at Loglevel >=2, and contain
the status information as specified below:
stat= "Transient parse error -- message queued for
future delivery"
To enable this option in the Configuration file the
following steps need to be performed:
a) Use /usr/newconfig/etc/mail/sendmail.cf as the base
sendmail(1M) configuration file
(/etc/mail/sendmail.cf) with site-specific changes as
required.
b) Edit "#O AlertTmpFailure=False" entry in the
/etc/mail/sendmail.cf as:
O AlertTmpFailure=True
c) Restart the sendmail(1M) daemon.
To make the sendmail(1M) configuration file
compatible with lower versions of this patch,
the "AlertTmpFailure" option must be removed or
commented in the sendmail.cf file.
PHNE_25184:
SR 8606189011 / CR JAGad58227:
1. In sendmail-8.9.3, an alias search using nis+ fails
due to incorrect compilation flag.
Resolution:
sendmail-8.9.3 is now built with an appropriate
compilation flag.
SR 8606213171 / CR JAGad82359:
2. sendmail(1M) can mishandle addresses in
"Diagnostic-Code:" warning message.
Resolution:
The code has been modified to resolve this problem.
Enhancement:
No
SR:
8606472879 8606460337 8606457791 8606367763 8606445282
8606444296 8606450018 8606447864 8606443769 8606437932
8606374539 8606330618 8606331548 8606314706 8606194375
8606248880 8606267547 8606189011 8606213171 8606268804
8606269073 8606294401 8606284379 8606300319 8606305635
8606305628
Patch Files:
InternetSrvcs.INETSVCS-RUN,fr=B.11.11,
fa=HP-UX_B.11.11_32/64,v=HP:
/usr/sbin/sendmail
/usr/sbin/makemap
/usr/sbin/mailstats
/usr/lbin/identd
/usr/sbin/itest
/usr/sbin/killsm
/usr/newconfig/etc/mail/convert_awk
/usr/newconfig/etc/mail/cf/README
/usr/newconfig/etc/mail/cf/cf/gen_cf
/usr/newconfig/etc/mail/cf/cf/generic-hpux10.cf
/usr/newconfig/etc/mail/sendmail.cf
/usr/newconfig/etc/mail/cf/m4/cfhead.m4
/usr/newconfig/etc/mail/cf/m4/proto.m4
/usr/share/doc/LICENSE.SMAIL893
InternetSrvcs.INET-ENG-A-MAN,fr=B.11.11,
fa=HP-UX_B.11.11_32/64,v=HP:
/usr/share/man/man1m.Z/sendmail.1m
/usr/share/man/man1m.Z/identd.1m
/usr/share/man/man1.Z/mailstats.1
/usr/share/man/man1.Z/praliases.1
/usr/share/man/man1m.Z/killsm.1m
what(1) Output:
InternetSrvcs.INETSVCS-RUN,fr=B.11.11,
fa=HP-UX_B.11.11_32/64,v=HP:
/usr/sbin/sendmail:
Copyright (c) 1998 HEWLETT PACKARD COMPANY and its l
icensors,
including Sendmail, Inc., and the Regents of the
University of California. All rights reserved.
version.c 8.9.3 (Berkeley) 10 May 2007 (PHNE_
35950)
/usr/sbin/makemap:
makemap.c 8.71 (Berkeley) 03/26/2003 (PHNE_288
10)
/usr/sbin/mailstats:
mailstats.c 8.29 (Berkeley) 03/26/2003 (PHNE_288
10)
Copyright (c) 1988, 1993
/usr/sbin/killsm:
killsm 03/26/2003 PHNE_28810
/usr/lbin/identd:
$Revision identd 2.7.4 (PHNE_26305) $
/usr/sbin/itest:
$Revision itest 2.7.4 (PHNE_26305) $
/usr/newconfig/etc/mail/cf/cf/generic-hpux10.cf:
cfhead.m4 8.23 (Berkeley) 03/26/2003 #####
cf.m4 8.29 (Berkeley) 5/19/1998 #####
generic-hpux10.mc 8.8 (Berkeley) 5/19/1998 ##
###
hpux10.m4 8.14 (Berkeley) 10/6/1998 #####
generic.m4 8.9 (Berkeley) 5/19/1998 #####
redirect.m4 8.10 (Berkeley) 5/19/1998 #####
use_cw_file.m4 8.6 (Berkeley) 5/19/1998 #####
domaintable.m4 8.9 (Berkeley) 10/6/1998 #####
mailertable.m4 8.10 (Berkeley) 10/6/1998 #####
genericstable.m4 8.8 (Berkeley) 10/6/1998 ##
###
virtusertable.m4 8.8 (Berkeley) 10/6/1998 ##
###
always_add_domain.m4 8.6 (Berkeley) 5/19/1998 ##
###
proto.m4 8.243 (Berkeley) 03/26/2003 #####
local.m4 8.30 (Berkeley) 6/30/1998 #####
smtp.m4 8.38 (Berkeley) 5/19/1998 #####
uucp.m4 8.30 (Berkeley) 5/19/1998 #####
/usr/newconfig/etc/mail/sendmail.cf:
cfhead.m4 8.23 (Berkeley) 03/26/2003 #####
cf.m4 8.29 (Berkeley) 5/19/1998 #####
generic-hpux10.mc 8.8 (Berkeley) 5/19/1998 ##
###
hpux10.m4 8.14 (Berkeley) 10/6/1998 #####
generic.m4 8.9 (Berkeley) 5/19/1998 #####
redirect.m4 8.10 (Berkeley) 5/19/1998 #####
use_cw_file.m4 8.6 (Berkeley) 5/19/1998 #####
domaintable.m4 8.9 (Berkeley) 10/6/1998 #####
mailertable.m4 8.10 (Berkeley) 10/6/1998 #####
genericstable.m4 8.8 (Berkeley) 10/6/1998 ##
###
virtusertable.m4 8.8 (Berkeley) 10/6/1998 ##
###
always_add_domain.m4 8.6 (Berkeley) 5/19/1998 ##
###
proto.m4 8.243 (Berkeley) 03/26/2003 #####
local.m4 8.30 (Berkeley) 6/30/1998 #####
smtp.m4 8.38 (Berkeley) 5/19/1998 #####
uucp.m4 8.30 (Berkeley) 5/19/1998 #####
/usr/newconfig/etc/mail/cf/README:
README 8.186 (Berkeley) 03/26/2003
/usr/newconfig/etc/mail/convert_awk:
None
/usr/newconfig/etc/mail/cf/cf/gen_cf:
None
/usr/newconfig/etc/mail/cf/m4/cfhead.m4:
cfhead.m4 8.23 (Berkeley) 03/26/2003')
/usr/newconfig/etc/mail/cf/m4/proto.m4:
proto.m4 8.243 (Berkeley) 03/26/2003')
/usr/share/doc/LICENSE.SMAIL893:
None
InternetSrvcs.INET-ENG-A-MAN,fr=B.11.11,
fa=HP-UX_B.11.11_32/64,v=HP:
/usr/share/man/man1m.Z/sendmail.1m:
None
/usr/share/man/man1m.Z/identd.1m:
None
/usr/share/man/man1.Z/mailstats.1:
None
/usr/share/man/man1.Z/praliases.1:
None
/usr/share/man/man1m.Z/killsm.1m:
None
cksum(1) Output:
InternetSrvcs.INETSVCS-RUN,fr=B.11.11,
fa=HP-UX_B.11.11_32/64,v=HP:
915266358 864256 /usr/sbin/sendmail
3788571579 430080 /usr/sbin/makemap
2475215714 16384 /usr/sbin/mailstats
3579986710 1053 /usr/sbin/killsm
125478848 16384 /usr/sbin/itest
604822235 32768 /usr/lbin/identd
848421388 2197 /usr/newconfig/etc/mail/convert_awk
33091609 18405 /usr/newconfig/etc/mail/cf/cf/gen_cf
3933042482 90808 /usr/newconfig/etc/mail/cf/README
240173196 94478 /usr/newconfig/etc/mail/cf/cf/
generic-hpux10.cf
240173196 94478 /usr/newconfig/etc/mail/sendmail.cf
2170413046 57952 /usr/newconfig/etc/mail/cf/m4/proto.m4
3416297469 49231 /usr/newconfig/etc/mail/cf/m4/cfhead.m4
3452043810 4590 /usr/share/doc/LICENSE.SMAIL893
InternetSrvcs.INET-ENG-A-MAN,fr=B.11.11,
fa=HP-UX_B.11.11_32/64,v=HP:
1311084351 12207 /usr/share/man/man1m.Z/sendmail.1m
1520281684 3347 /usr/share/man/man1m.Z/identd.1m
510252392 975 /usr/share/man/man1m.Z/killsm.1m
927523491 2401 /usr/share/man/man1.Z/mailstats.1
3924566826 1652 /usr/share/man/man1.Z/praliases.1
Patch Conflicts: None
Patch Dependencies: None
Hardware Dependencies: None
Other Dependencies:
The identd(1M) functionality supplied by this patch
requires a minimum Transport patch level of PHNE_25642.
Supersedes:
PHNE_25184 PHNE_26305 PHNE_28761 PHNE_28810 PHNE_29774 PHNE_31917
PHNE_34936 PHNE_35484
Equivalent Patches: None
Patch Package Size: 880 KBytes
Installation Instructions:
Please review all instructions and the Hewlett-Packard
SupportLine User Guide or your Hewlett-Packard support terms
and conditions for precautions, scope of license,
restrictions, and, limitation of liability and warranties,
before installing this patch.
------------------------------------------------------------
1. Back up your system before installing a patch.
2. Login as root.
3. Copy the patch to the /tmp directory.
4. Move to the /tmp directory and unshar the patch:
cd /tmp
sh PHNE_35950
5. Run swinstall to install the patch:
swinstall -x autoreboot=true -x patch_match_target=true \
-s /tmp/PHNE_35950.depot
By default swinstall will archive the original software in
/var/adm/sw/save/PHNE_35950. If you do not wish to retain a
copy of the original software, include the patch_save_files
option in the swinstall command above:
-x patch_save_files=false
WARNING: If patch_save_files is false when a patch is installed,
the patch cannot be deinstalled. Please be careful
when using this feature.
For future reference, the contents of the PHNE_35950.text file is
available in the product readme:
swlist -l product -a readme -d @ /tmp/PHNE_35950.depot
To put this patch on a magnetic tape and install from the
tape drive, use the command:
dd if=/tmp/PHNE_35950.depot of=/dev/rmt/0m bs=2k
Special Installation Instructions:
This patch may modify the "/etc/mail/sendmail.cf" file
by appending the "O PrivacyOptions=restrictqrun" at the
end.
The temporary solution provided by HP in security
bulletin HPSBUX02108 must be removed before this
patch can be installed.
To comply with industry-standard sendmail(1M) practices,
after the installation of PHNE_28761, or any superseding
patch, the following behavior will be observed:
1. Non-root users will not be able to print system-wide
sendmail aliases using the praliases(1) command.
2. Non-root users will not be able to print mail traffic
statistics using the mailstats(1) command.
3. Non-root users will not be able to send signals to
sendmail processes, even their own.
4. Sendmail reacts more appropriately to signals,
which may introduce some delay in terminating and
restarting sendmail daemon.
The behaviors one and two mentioned above may
remain even after the removal of the patch.
PHNE_28761 or its superseding patches deliver a new copy of
the sendmail configuration file /etc/mail/sendmail.cf as
/usr/newconfig/etc/mail/sendmail.cf. You need to merge your
site-specific customizations with this new sendmail.cf file.
Then, stop and start the sendmail daemon by using the
following commands:
/sbin/init.d/sendmail stop
/sbin/init.d/sendmail start
|
