NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > IBM AIX Digests> 2000-q4

Subject: Re: New_AIXV4_Fixes
From: AIX Service Mail Server (aixservaustin.ibm.com)
Date: Wed Oct 25 2000 - 02:14:04 CDT

Next message: AIX Service Mail Server: "Re: 43_maintenance"
Previous message: AIX Service Mail Server: "Re: 43_maintenance"
Next in thread: AIX Service Mail Server: "Re: New_AIXV4_Fixes"
Maybe reply: AIX Service Mail Server: "Re: New_AIXV4_Fixes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

APAR: IR42524 COMPID: 5697F4800 REL: 410
ABSTRACT: SECUREMAIL: FILE HANDLES INCREASE WHEN OVERFLOW USED WITH FAN_OU

PROBLEM DESCRIPTION:
File handles increase when overflow used with FAN_OUT.

PROBLEM SUMMARY:
SecureMail was leaking file handles.

PROBLEM CONCLUSION:
Leak plugged.

------

APAR: IR42568 COMPID: 5697F4800 REL: 410
ABSTRACT: COREDUMP WHEN STARTING GUI

PROBLEM DESCRIPTION:
customer has fw V4.1.2 + fwaixfilter4_41; AIX433ML02
everytime the fwconfig GUI is started he gets a coredump in
'ibmfwrcs'.

PROBLEM SUMMARY:
catalog contention causing core on some systems

PROBLEM CONCLUSION:
Rebuilt fwutils.a and uploaded to
ftp://testcase.software.ibm.com.aix/fromibm/fwGUIcore41.tar

------

APAR: IR42569 COMPID: 5697F4800 REL: 410
ABSTRACT: NAT CANNOT BE SET TO TIMEOUT UNDER 15 MIN.

PROBLEM DESCRIPTION:
Customer tries to setup NAT to timeout below 15 min and when he
looks in log, the ICA messages 9045 and 9047 still reflect the
default 15min

PROBLEM SUMMARY:
NAT timeout needs to be less than 15 minutes.

PROBLEM CONCLUSION:
A 5 minute timeout has been allowed.

------

APAR: IR42587 COMPID: 5697F4800 REL: 410
ABSTRACT: AFTER APPLICATION OF PTF UR52101,LOGIN CANNOT HAVE BEEN DONE

PROBLEM DESCRIPTION:
Customer applied UR52101 under AIXV433.
Then,user cannot enter firewall console screen anymore under
this new ptf level system.
On the screen,user entered userid then passward screen came
but it shows the following error;
server not responding. press close and restart logon process

PROBLEM SUMMARY:
After installing 4.1.2 PTF, customer is unable
to connect to the firewall using the configuration client.

PROBLEM CONCLUSION:
Code fixed to allow connection.

------

APAR: IR42656 COMPID: 5697F4800 REL: 410
ABSTRACT: CRASH IN FLTR_IN_CHK() M_COPYDATA() ON FIREWALL 4.1.X

PROBLEM DESCRIPTION:
firewall running 4.1.0 - 4.1.1 - 4.1.2 may crash if receives a
malicious or malformed tcpip packet with a length but no data
panic_trap 0
m_copydata 98a68:
filter4:fltr_in_chk aec
netinet:ipintr_noqueue 3c0
netinet:in_newstack 24
SYMPTOM CODEPIDS/5765C3403 LVLS/430 PCSS/SPI1 MS/700
FLDS/panic_tra VALU/7c810808 FLDS/m_copydat VALU/98

PROBLEM SUMMARY:
Code was not handling misformed packets
packets correctly.

PROBLEM CONCLUSION:
Code changed to detect misformed packets
and discard them.

------

APAR: IR42958 COMPID: 5697F4800 REL: 410
ABSTRACT: FTP DYNAMIC FILTERS ARE BEING DISPLAYED IN WRONG LAYER

PROBLEM DESCRIPTION:
Dynamic filter rules have a priority that is the same as
lower level filter rules.

LOCAL FIX:
Manually edit fwconns file.

PROBLEM SUMMARY:
After installing the 4.1.2 PTF, when a
connections is added to the lower layer, connections in the
dynamic ftp layer are also displayed in the lower layer. There
is also a migration problem that is documented under another
APAR.

PROBLEM CONCLUSION:
Connections are now displayed in the correct
layers.

------

APAR: IR42975 COMPID: 5697F4800 REL: 410
ABSTRACT: CONNECTION CONFIGURATION LIMITATION (# OBJECTS X # RULES)

PROBLEM DESCRIPTION:
The # of objects times # of rules must be less than or equal to
128. This has been discussed in management meetings and a fix
has been agreed to by L3 mgmt by end of July, in the year
2000. You receive an 'ioctl' error when updating filter rules
when a connection exceeds the 128 limit.

PROBLEM SUMMARY:
Due to limitations in kernel code, a connection
cannot generate more than 128 rules.

PROBLEM CONCLUSION:
COde added to fail connection activation
when a connection would generate more that 128 rules.

------

APAR: IR42987 COMPID: 5697F4800 REL: 410
ABSTRACT: SOCKS RESETS CONNECTIONS THROUGH FW WITHOUT EXPLANATION

PROBLEM DESCRIPTION:
Customer's socks connections were being reset by the firewall.
An iptrace shows a RST packet originating on the firewall which
resets the connection.

PROBLEM SUMMARY:
Socks connections were being reset by the
firewall.

PROBLEM CONCLUSION:
the connections were being refused for the
purpose of blocking IP address spoofing. To fix the problem:
In s5.conf, change the following line:
ipspoofing = TRUE; ==> ipspoofing = FALSE;
This tells the socks server that the firewall may receive
connections on an IP address different from the one specified in
the configuration file. The socks server will still reject
connections that are not allowed.
The only difference is that it will process connections received
on an alias IP address.

------

APAR: IR43038 COMPID: 5697F4800 REL: 410
ABSTRACT: FIREWALL 4.1.2 DOES NOT LOG SOCKS5 MESSAGES TO THE FW LOG

PROBLEM DESCRIPTION:
Firewall 4.1.2 does not log an messages from the socks5 deamon
to the firewall log.

LOCAL FIX:
Use a 3rd party socks5 daemon

PROBLEM SUMMARY:
Blanks messages are logged in the firewall log.

PROBLEM CONCLUSION:
Code fixed to log correctly.

------

APAR: IR43073 COMPID: 5697F4800 REL: 410
ABSTRACT: SOME RULES IN THE LOWER LAYER DO NOT LIST CORRECTLY WITH THE

PROBLEM DESCRIPTION:
When issuing the command, 'fwfilter cmd=list', the results
are not correct. Some of the filters in the lower layer do not
display anything for the interface field, it is just blank.
Customer is worried this bug could cause problems especially
if the above command grabs the data from kernel where the
filters are active.

PROBLEM SUMMARY:
Some rules in lower layer do not list correctly
with fwfilter cmd=list.

PROBLEM CONCLUSION:
The problem only occurred with connections
in the Dynamic FTP Layer. This was due to an error in the
design for Dynamic FTP.

------

APAR: IR43111 COMPID: 5697F4800 REL: 410
ABSTRACT: SCRIPT NEEDED TO MIGRATE CONNECTIONS BACK TO LOWER LAYER

PROBLEM DESCRIPTION:
Need migration tool for Apar#IR42958. Customers should not have
to recreate a bunch of their dynamic FTP rules for this to
owrk after upgrading.

LOCAL FIX:
Recreate all rules.

PROBLEM SUMMARY:
Prior to installing the 4.1.2 PTF, the Lower
Layer is layer 5. After installing the 4.1.2 PTF, the Lower
Layer is layer 6 and the Dynamic FTP Layer is layer 5. However,
connections are not migrated and thus show up in the Dynamic FTP
Layer.

PROBLEM CONCLUSION:
A migration script has been created that
moves the Lower Layer connections to the new Lower Layer.

TEMPORARY FIX:
The migration script can be downloaded from
ftp://testcase.software.ibm.com/aix/fromibm as fwmgfilt. When
the 4.1.3 PTF is available, the migration will be performed
when the PTF is installed unless the 4.1.2 PTF has previously
been installed. The 4.1.3 PTF will superceed the 4.1.2 PTF and
thus 4.1.2 will no longer be available. In other word, the 4.1.3
PTF will installed directly on top of the 4.1.1 PTF.

------

APAR: IR43138 COMPID: 5697F4800 REL: 410
ABSTRACT: TN TO FW: IF INVALID USER NAME -> "LOGIN FAILED" INSTEAD OF PASS

PROBLEM DESCRIPTION:
when performing telnet (either from secure or non-secure side)
providing an invalid username,
firewall immediately says 'Login failed.'
Normally there should be a prompt for a password masking the
fact the userid doesn't exist on the system.

PROBLEM SUMMARY:
Telnetting to firewall results in a message
stating INVALID USER NAME -> "LOGIN FAILED" instead of a
password prompt.

PROBLEM CONCLUSION:
Code modified to issue a password prompt
rather than issue a specific message which allows a hacker to
pinpoint whether a userid is valid.

------

APAR: IR43168 COMPID: 5697F4800 REL: 410
ABSTRACT: SYSTEM CRASHES DUE TO MEMORY NOT FREEING UP WHEN USING THE COMMA

PROBLEM DESCRIPTION:
When running the command 'fwfilter cmd=update' the system crashe
s. The crash is the system freezes and you can't run any comman
ds. A core is created at crash time.

PROBLEM SUMMARY:
Firewall crashes when filter rules updated.

PROBLEM CONCLUSION:
Data structured obtained via xmalloc was
being freed incorrectly. Code fixed to free data structure
correctly.

------

APAR: IR43175 COMPID: 5697F4800 REL: 410
ABSTRACT: USING EFM, VPN NOT ACTIVE AFTER REBOOT

PROBLEM DESCRIPTION:
FW 4120. When using EFM to manage VPN's on a remote firewall,at
reboot those VPN will not become activated.
Reason : command : fwtunnl cmd=activate tunnel=1 (executed in
/etc/rc.tcpip) fails with error that only enterprise FW manager
is allowed to activate the tunnels.
What is the procedure to get the VPN's activated at boot-time
without intervention from the enterprise firewall manager ?

PROBLEM SUMMARY:
Using EFM, VPN not active after reboot

PROBLEM CONCLUSION:
Changed restart code to restart tunnels from
stored state information.

------

APAR: IR43207 COMPID: 5697F4800 REL: 410
ABSTRACT: AS A NON-ROOT FW ADMIN, CANNOT REMOVE A PROXY USER.

PROBLEM DESCRIPTION:
User create a FW admin with all rights checked off to
administer the FW. When the admin tries to remove a proxy user
he received as error stating that, 'Only a primary firewall
adminsitrator can remove a user'. I have reproduced this problem
and so has Averall. Root has no problem doing this, just all
other FW admins can't remove proxy users even though they have
the rights to do so. We have tested this on 4.2 and it fails
there as well.

PROBLEM SUMMARY:
User create a FW admin with all rights checked off to
administer the FW. When the admin tries to remove a proxy user
he received an error stating that, 'Only a primary firewall
adminsitrator can remove a user'. Root has no problem deleting
a proxy user, but all other Firewall Administrators can't remove
proxy users even though they have the rights to do so.

PROBLEM CONCLUSION:
The code was checking for the word "proxy"
and "Proxy User" was being returned. The check has been fixed.

------

APAR: IR43242 COMPID: 5697F4800 REL: 410
ABSTRACT: A CORE FILE IS PRODUCED EVERY TIME FWCFGNAT -UI IS RUNNING, NAT

PROBLEM DESCRIPTION:
a core file is produced every time fwcfgnat -ui. NAT is not work
ing. They found that this is related to getmsg that is running
the profile. We got an efix but now we open that apar to have
the fix included into a ptf

PROBLEM SUMMARY:
The getmsg script called the customer's
modified version of /etc/profile which caused NAT to create a
core file.

PROBLEM CONCLUSION:
The getmsg script has been updated to no
longer call /etc/profile.

------

APAR: IR43364 COMPID: 5697F4800 REL: 410
ABSTRACT: MAKE IT EASY TO MOVE CONNECTIONS BETWEEN LAYERS

PROBLEM DESCRIPTION:
Would like to see it easier to move connections between layers.
Either with the move button or by editing the Position field in
the connection when you double click on it. This would make it
much, much, more user friendly to move connections around
instead of having to delete old connections and create a new
one.

PROBLEM SUMMARY:
Changing the layer for a connection requires copying the
connection to create a new one and then deleting the existing
one. It should be easy to change the layer.

PROBLEM CONCLUSION:
Code changed to allow updating the layer for
a connection.

------

APAR: IR43378 COMPID: 5697F4800 REL: 410
ABSTRACT: SOCKS GUI CONVERSION TO *.CONF FILES INCORRECT

PROBLEM DESCRIPTION:
Using the fwconfig gui, socks screen if you input a port number
in one rule the vlaue is held over in subsequent rules until
another port number is selected.
The various conf files then report incorrect configuration
information. s5.conf will even contradict socks5.conf
For examples see PMR record 25153.b001.c866

LOCAL FIX:
None - any manual edit of the conf files is overwritten when
rules are regenerated.

PROBLEM SUMMARY:
wrong port numbers being assigned in socks
server config file

PROBLEM CONCLUSION:
changed config generation code to properly
assign all port numbers

------

APAR: IR43473 COMPID: 5697F4800 REL: 410
ABSTRACT: FWCONFIG: THE NAME OF INTERFACE IS LOST AFTER CHANGING

PROBLEM DESCRIPTION:
If customer changes rule or service setting with fwconfig,
"Interface" column is changed from English word "specific(en0)"
to Japanese word "specific". The name of interface is lost.
But after restarting fwconfig, the column returns to English.

PROBLEM SUMMARY:
Name of the interface is lost when the Rule
settings are changed.

PROBLEM CONCLUSION:
Details for interface being lost:
Interface field of Rule settings has 4 values
1. Secure
2. NonSecure
3. Both
4. Specific
When the interface is Specific, we need to select the interface
name from set of interfaces of the Firewall.
Firewall 4.1 code maintains two variables for this purpose
1. strInterface - Used for internal comparisons & updating the

------

APAR: IR43510 COMPID: 5697F4800 REL: 410
ABSTRACT: SOCKS HAS MEMORY LEAK

PROBLEM DESCRIPTION:
Socks has memory leak.

------

APAR: IR43511 COMPID: 5697F4800 REL: 410
ABSTRACT: FWNWOBJ COMMAND FAILS TO DISPLAY OBJECTS

PROBLEM DESCRIPTION:
The script fwnobj alters the objects file using the fwnwobj "$"
command. This needs to be changed so that the command does not
alter the objects file.

PROBLEM SUMMARY:
objects displayed incorrectly in GUI

PROBLEM CONCLUSION:
Parsing code incorectly interpreting chars
that differ between operating system levels.

------

APAR: IR43512 COMPID: 5697F4800 REL: 410
ABSTRACT: UNABLE TO TAKE ACCESS LOG CORRECTLY ON FIREWALL V4.1

PROBLEM DESCRIPTION:
After migrating Firewall NT from V3.3 to V4.1, user cannot
see the access log by Explorer. So when check the log files,
(ibmproxy-log.xxxxxxxx, xxxxxxxx is 8digit number like yyyymmdd)
find they are all "0" byte. On the other hand, ibmproxy-error.
xxxxxxxx (error log) is available.

PROBLEM SUMMARY:
WTE is not putting any inforamtion in the log
files. The files are being created but are empty.

PROBLEM CONCLUSION:
The logging plugin was fixed.

------

APAR: IR43514 COMPID: 5697F4800 REL: 410
ABSTRACT: DBCS X'837C' CAN'T BE ACCEPTED AS EXPLANATION OF CONNECTION RULE

PROBLEM DESCRIPTION:
The customer found the dbcs problem with FireWall
connection rule configuration. When they create new
connection rule, the explanation field can't accept
dbcs charactor x"837C".
The error message is :
"Fail to update. null do not have the authority for
next function group : traffic control"

PROBLEM SUMMARY:
DBCS X'837C' not accepted in description field
for connection rules.

PROBLEM CONCLUSION:
DBCS X'837C' is now accepted.

------

APAR: IR43515 COMPID: 5697F4800 REL: 410
ABSTRACT: SECURE INFORMATION EXPOSED

PROBLEM DESCRIPTION:
Secure information being exposed in mail header.

PROBLEM SUMMARY:
extra mail header info was being relayed out.

PROBLEM CONCLUSION:
Added "/" as a domain terminator.

------

APAR: IR43517 COMPID: 5697F4800 REL: 410
ABSTRACT: CANNOT CHANGE SET RULE LOGGING YES/NO USING GUI

PROBLEM DESCRIPTION:
cannot change set rule logging yes/no using GUI

PROBLEM SUMMARY:
cannot set rule logging yes/no using GUI

PROBLEM CONCLUSION:
fix GUI

------

APAR: IR43519 COMPID: 5697F4800 REL: 410
ABSTRACT: WHEN USING NETWORK GROUP IN A SOCKS SERVICES CONNECTIONS,WE CANN

PROBLEM DESCRIPTION:
Customer is using a group of network as the source object for
the socks connection where they defined the socks services.
When customer add a new network to the group and regenerate the
rules the permit lines are added to /etc/sockd.conf and also
in /etc/security/s5.conf. However when removing one network
from the group and regenerate the rules, /etc/sockd.conf
is not touch so /etc/security/s5.conf still contain the permit
lines for the network we removed. The only way to have this
work is to erase /etc/sockd.conf before regenerating the rules.

LOCAL FIX:
removing /etc/sockd.conf before regenerating the rules

PROBLEM SUMMARY:
When using a network group in a socks services
connection, one group cannot be removed without deleting
sockd.conf.

PROBLEM CONCLUSION:
Code changed to allow removal of group.

------

APAR: IR43677 COMPID: 5697F4800 REL: 410
ABSTRACT: BASE SOCKS DELETE PROCESS TOO AGGRESSIVE!

PROBLEM DESCRIPTION:
If you have 2 connections with socks rules involved that
explode out to be the same. ie: the resultant exploded socks
rules are the duplicates of one another, then only one
rule is added to the sockd.conf file and the duplicate rule
is thrown out. This seems like a good thing, but then
when you delete one of the connections, the one socks rule
that is representing both connections is deleted as well. This
means that the remaining active connection is without his socks

------

APAR: IR43680 COMPID: 5697F4800 REL: 410
ABSTRACT: REPORT UTILITIES NOT HANDLING OVERWRITE EXISTING FILE

PROBLEM DESCRIPTION:
FWSBS - Report Utilities, when report utilities is selected and
an existing filename is chosen, for the output file, you get a
message "Overwrite existing file?" Yes/No and if you choose Yes,
you get an error
d:\firewall\log\d:\firewall\log\local4.log20000111
error: access denied or creation failed.

------

APAR: IR43690 COMPID: 5697F4800 REL: 410
ABSTRACT: SECURE HOSTNAME EXPOSE TO NONSECURE SITE WITH DOMAIN NAME HIDDI

PROBLEM DESCRIPTION:
1. set Domain Name Hidding to Yes
   put secure network domain in Domain Name Hidding GUI
2. send mail from secure site (lotus note) to nonsecure site
   (outlook).
3. the secure hostname expose to the nonsecure site in the
   "receive by" line

------

APAR: IR43691 COMPID: 5697F4800 REL: 410
ABSTRACT: OPENING CONNECTION INCLUDES THAT CONNECTION

PROBLEM DESCRIPTION:
On FWNT, if you open an unactive connection, and then hit OK, it
activates that connection. You don't realize it at first because
it still shows as deactivated, but if you refresh you will see i
is activated. If you regenerate, it is put into the filter list.

------

APAR: IR43692 COMPID: 5697F4800 REL: 410
ABSTRACT: WTE - IBMPROXY NOT STARTING AUTOMATICALLY AFTER INSTALL

PROBLEM DESCRIPTION:
IBMPROXY does not start automatically.
After installing the fileset.
ALso, A message appears when trying to save
config changes to WTE:
"Unable to inform the WEB Proxy.....error 2."
This makes sense because the proxy isn't running but then if I
start the proxy and tr to save change from the GUI, I get hte
same message

------

APAR: IR43693 COMPID: 5697F4800 REL: 410
ABSTRACT: MAIL GUI DOESN'T MATCH THE SETTING IN FWSECUREMAIL.CFG

PROBLEM DESCRIPTION:
1. check the Mail GUI "Proxy Characteristics", the button for
   "Enable Domain Name Hiding" is checked.
2. in /etc/security/fwsecuremail.cfg file,
   change the SMTPSB.HIDE_SECURE_NAMES to A (detail state in
   Readme)
3. fwsecuremail cmd=refresh
4. send mail from secure to nonsecure the Domain Name Hiding is
   working.
5. go back to the Mail GUI "Proxy Characteristics", the button f
   SMTPSB.HIDE_SECURE_NAMES in the fwsecuremail.cfg is set to A.
6. if user doesn't pay attention to this error, and click "ok" o
   the Mail GUI panel. The SecureMail won't do the Domain Name
   Hiding.

------

APAR: IR43694 COMPID: 5697F4800 REL: 410
ABSTRACT: LOGFILE DISPLAYING INCORRECT FORMATTING DATA WHEN PIPED FWLOGTX

PROBLEM DESCRIPTION:
An unexpected error occurs in the logfile.
The "misformtted isn't exactly right.

------

APAR: IR43695 COMPID: 5697F4800 REL: 410
ABSTRACT: DATA CONNECTION HANG AFTER CHANGING THE MAX CONCURRENT SESSIONS

PROBLEM DESCRIPTION:
1. do a dynamic ftp from nonsecure site to secure site to get
a huge file.
2. change the max concurrent sessions from the GUI for dynamic
ftp during data connection.
3. the data connection hang.

------

APAR: IR43696 COMPID: 5697F4800 REL: 410
ABSTRACT: UNABLE TO CLOSE WTE PANEL

PROBLEM DESCRIPTION:
From the Main GUI panel, I clicked on: HTTP
When the HTTP screen came up, I clicked on: OK (didn't change
a thing) Received the following error:
'maxcontentlengthbuffer' parameter is not appropriate in this
context.
I went back to FW4.1.1 and it fails the same way there. I
realize that the PTF did not introduce this problem but it is a

------

APAR: IR43697 COMPID: 5697F4800 REL: 410
ABSTRACT: WTE - PERMIT AUTHENTICATION DOES NOT WORK

PROBLEM DESCRIPTION:
If a user is created with PERMIT authentication for WTE,
and the user does not enter a password when prompted by
the browser, the authentication will fail.
The user must supply a non-zero length password before the
permit authentication will succeed. This is a defect because
the user should not have to specify a password if they have
PERMIT authentication.

------

APAR: IR43698 COMPID: 5697F4800 REL: 410
ABSTRACT: VPN TYPE NETOBJECT: REMOVE REFERENCES FROM CFGCLI GUI

PROBLEM DESCRIPTION:
Remove references to VPN type in Network Object
Add panel since it appears that the VPN type has
been removed.
Former VPN types will show up as host types.

------

APAR: IR43699 COMPID: 5697F4800 REL: 410
ABSTRACT: BASE FWSNMPSUBAGENT MISSPELLING FWSOCKS5 ON A TRAP.

PROBLEM DESCRIPTION:
The SNMP subagent of the FW generates
n incorrect spelling of fwSocks5 when
it is creating a trap.

------

APAR: IR43700 COMPID: 5697F4800 REL: 410
ABSTRACT: FRA:AIX ERROR MESSAGES DURING REBOOT

PROBLEM DESCRIPTION:
A message is displayed during the reboot of the machine,
somethin about krbpingd not responding.
At the end of the boot process, an other message is displayed
on loging:
(tod) Rule "Fail /Usage*" conflict with Rule "Service /Usage*".
Edouard

------

APAR: IR43701 COMPID: 5697F4800 REL: 410
ABSTRACT: FWCONNS CREATES CONNECTION IN DYNAMIC FTP LAYER

PROBLEM DESCRIPTION:
I tried to work with some command line interface and found in
" Fwconns " the connections are created under dynamic layer and
if specifying type=upper it displays " parameter type is not
needed . When type is not given then all the connections are
created under Dynamic FTP layer.

------

APAR: IR43702 COMPID: 5697F4800 REL: 410
ABSTRACT: WTE- SPURIOUS MESSAGE AT AIX REBOOT WITH FIREWALL INSTALLED.

PROBLEM DESCRIPTION:
We are seeing the following message at reboot after install of
the Firewall 4.2 on AIX. (tod) Rule "Fail /Usage*" conflict
with Rule "Service /Usage*" Vijay has taken a look at it and
thinks it is the ibmproxy (WTE) daemon putting something to
stdout because it doesn't have a log file specified ?

------

APAR: IR44003 COMPID: 5697F4800 REL: 410
ABSTRACT: NAT DOES NOT ACCOUNT FOR OPTIONALLY EXTENDED IP HEADER WHEN PARS

PROBLEM DESCRIPTION:
NAT is not processing packets with optional tcp header fields

PROBLEM SUMMARY:
NAT does not account for optiuonally extended
tcp headers.

PROBLEM CONCLUSION:
Fix ported from earlier release of firewall.

------

APAR: IY10671 COMPID: 576554801 REL: 110
ABSTRACT: 05/2000 COBOL DEVELOPMENT FIXES AND ENHANCEMENTS

PROBLEM DESCRIPTION:
This APAR is for the COBOL Set for AIX compiler and library
fixes and enhancements corresponding to VA COBOL V3.

PROBLEM SUMMARY:
This is an APAR to contain ptfs for fixes and
enhancements corresponding to the 05/2000 VA COBOL release.

PROBLEM CONCLUSION:
Apply related PTFs.

------

APAR: IY10680 COMPID: 576554802 REL: 110
ABSTRACT: 05/2000 COBOL DEVELOPMENT FIXES AND ENHANCEMENTS

PROBLEM DESCRIPTION:
This APAR is for the COBOL Set for AIX compiler and library
fixes and enhancements corresponding to VA COBOL V3.
Problem: COBPATH storage not freed at termination
CMVC defect 19751

PROBLEM SUMMARY:
This is an APAR to contain ptfs for fixes and
enhancements corresponding to the 05/2000 VA COBOL release.

PROBLEM CONCLUSION:
Apply related PTFs.

------

APAR: IY12054 COMPID: 5765C3403 REL: 433
ABSTRACT: AIX 4330-06 RECOMMENDED MAINTENANCE LEVEL

PROBLEM DESCRIPTION:
This APAR delivers the 4330-06 Recommended Maintenance Level for
AIX 4.3.3. This package applies to AIX 4.3.3 only, and should
be ordered specifying a service level of 4330 or higher.
This is a packaging APAR only. It will not appear in the list
of APARs on the SMIT "Update Software by Fix (APAR)" panel, nor
will the 'instfix' command show this APAR as being installed
after the updates delivered by this package are installed.
To install all updates from this package that apply to installed
filesets on your system, use the command:
  smit update_all
Installing all updates is recommended. However, you can install
selected updates from this package using the command:
  smit update_by_fix
Once installed, you can determine if all fileset updates for the
4330-06 level are installed using the following command. The
'oslevel' command will still indicate AIX 4.3.3.0.
  instfix -ik 4330-06_AIX_ML
If the output indicates that not all filesets are found, you
can determine which filesets are not updated using the command:
  instfix -ciqk 4330-06_AIX_ML | grep ":-:"

PROBLEM SUMMARY:
Packaging only.

PROBLEM CONCLUSION:
Packaging only.

------

APAR: IY12427 COMPID: 576552900 REL: 230
ABSTRACT: EUNFENCE APPEARS SUCCESSFUL BUT HAS FAILED DUE TO NO PRIMARY

PROBLEM DESCRIPTION:
When the switch primary node tries to unfence a node, there must
be an existing backup node for the fence to work properly, but
the switch logs can indicate that such a fence is successful,
and the SDR switch_responds Class can incorrectly show the node
unfenced. The logs and SDR should show the fence failed.
We should also log when the primary can't choose a backup node
because there is no other node running the same code version as
the primary.

PROBLEM SUMMARY:
Eunfence may appear successful but may actually fail
if there is no operational primary backup node. In a
system with dependent nodes, a backup candidate may be
rejected if its PSSP level (as determined by the SDR
code_version attribute in the Node class) is not the
same as the primary node's code_version.

PROBLEM CONCLUSION:
The fault_service daemon will attempt to unfence the node
even if there is no operational backup. In the
pick_backup()
function of the Worm, the backup candidate's eligibility
test was changed: in a system with dependent nodes, the
backup candidate must be at PSSP-2.3 or higher (as
indicated by the SDR code_version attribute in the Node
class).

------

APAR: IY12954 COMPID: 5639I3700 REL: 310
ABSTRACT: CANNOT CONFIGURE VAX CLIENT IN SOLARIS DCE 3.1 SERVERS

PROBLEM DESCRIPTION:
We find we are unable to configure a VAX/VMS DCE full client
into a DCE cell where the server runs DCE3.1 on Solaris 7.
Attempting to configure the VAX DCE client with server
on DCE3.1 on AIX gives the same result.

LOCAL FIX:
The problem is that DCE mistakely modified the ticket request
data from VAX dce1.1 and
passed it to the decoder, so the dceoder was not able to
decode it and failed.

------

APAR: IY12981 COMPID: 5639I3700 REL: 310
ABSTRACT: STALE ENDPOINTS CLEANED OUT SLOWLY

PROBLEM DESCRIPTION:
Transarc opened a PMR 16790,111,000
The customer reports that the dced endpoint mapper does not
delete stale endpoints. This was fixed in previous releases of
DCE by defect #16728. This fix was not carried over into
DCE3.1. Please refer to the ep_ping1() function in
src/admin/dced/server/oeops.c which is where the changes
began.
We had our own fix in defect 39595 for aixdce210 and aixdce22.
We merged this defect in dce310 and Transarc tried the fix and
confirmed that the stale endpoints are removed.

------

APAR: IY13174 COMPID: 576552900 REL: 230
ABSTRACT: IF_LS KERNEL EXTENSION CAUSES PERF. PROB ON NON-POWER NODE WITH

PROBLEM DESCRIPTION:
Performance problems can occur on non-power nodes (e.g POWERPC),
when transferring large amounts of data over the SP-Switch.
A kernel trace shows a looping of "resume interrupt process" and
"PROGRAM CHECK", which is burning up a lot of CPU. The problem
is that the instruction is a POWER instruction, which must be
emulated.

PROBLEM SUMMARY:
On non-POWER machines (e.g. POWERPC) a performance
problem can occur when the SP switch is under a very
heavy load.

PROBLEM CONCLUSION:
The switch IP kernel extension, if_ls, has been changed
to remove POWER instructions which must be emulated
on non-POWER machines (e.g. POWERPC), as emulating
instructions can cause a performance problem.

------

APAR: IY13225 COMPID: 5639I3700 REL: 310
ABSTRACT: ACL_EDIT RETURNS A BAD STATUS ON THE MODIFICATION OF THE

PROBLEM DESCRIPTION:
In aixdce22 a change in the dced checks
the object uuid of the acl_edit request.
If its set to nil a rpc status of
"Unknown interface" will be returned.

------

APAR: IY13228 COMPID: 5639I3700 REL: 310
ABSTRACT: SENDMAIL WHICH USES DCE AUTHENICATION APPEARS TO HANG WHILE

PROBLEM DESCRIPTION:
Sendmail appears to hang while communicating
with the 'dceunixd'. In the 'DCE' object code,
if the 'dceunixd' takes a while to respond to
a request, 'talk_to_helper_daemon' will close
the connection and open a new one resending
the inital request. This incorrect action
will leave 'dceunixd' with an abandoned request.
'dceunixd' will not know about the abandoned
until trying to 'sendmsg' the request to
'talk_to_helper_daemon'.

------

APAR: IY13231 COMPID: 5639I3700 REL: 310
ABSTRACT: USING THE 'DCECP REGISTRY CONNECT ...' COMMAND WITH GROUPS AND

PROBLEM DESCRIPTION:
The 'dcecp registry connect ...' command is
broken when using groups and organizations
other than 'none'. The group and organizations
flags are used to create the trusted accounts
for intercell access. The end result of the
command is a removal of the organization and
the removal of the admin account (principal
and groups stays intact).

------

APAR: IY13233 COMPID: 5639I3700 REL: 310
ABSTRACT: DCE 2.2 RGY_EDIT -V -A <NONEXISTING_ACCOUNT> RETURNS 0

PROBLEM DESCRIPTION:
"rgy_edit -v -a <nonexisting_account_name>" on a DCE 2.1
system returns a status code of "88".
"rgy_edit -v -a <nonexisting_account_name>" on a DCE 2.2
system returns a status code of "0".

------

APAR: IY13238 COMPID: 5639I3700 REL: 310
ABSTRACT: 'ACCOUNT_CURSOR' VARIABLE IS NOT INITIALIZED

PROBLEM DESCRIPTION:
In AIX/DCE integrated login, when the customer logs into
the machine with a wrong password, and then, with the right
password next time, it still fails to log him in. He is
facing this problem only when he runs dceunixd with "-t"
flag.

------

APAR: IY13390 COMPID: 5765B8100 REL: 220
ABSTRACT: DTXA ADAPTER DOES NOT ALWAYS DETECT DTMF TONES.

PROBLEM DESCRIPTION:
The DTXA adapter does not always detect DTMF tones.

------

APAR: IY13406 COMPID: 5639I3700 REL: 310
ABSTRACT: RS_REPLIST_READ SHOULD INITIALIZE OUT PARAMS

PROBLEM DESCRIPTION:
If a secd gets a call to the rs_replist_read interface while it
is not in a state to handle the request (like while it is
initializing), it could try to marshal uninitialized data and
get a core dump. Similarly for the rdacl_get_printstring and
rdacl_get_manager_types interfaces.

------

APAR: IY13408 COMPID: 5639I3700 REL: 310
ABSTRACT: CONFIG CMDS SHOW INCORRECT CDS TYPE

PROBLEM DESCRIPTION:

------

APAR: IY13409 COMPID: 5639I3700 REL: 310
ABSTRACT: INPUT_DATABASE() READS DATA INTO TOO-SMALL BUFFER

PROBLEM DESCRIPTION:
Some memory in secd's heap will be corrupted, likely resulting
in a core dump.

------

APAR: IY13414 COMPID: 5639I3700 REL: 310
ABSTRACT: MEMORY LEAKS IN DCEUNIXD

PROBLEM DESCRIPTION:
Dceunixd will grow in size if the same id logins continously

------

APAR: IY13415 COMPID: 5639I3700 REL: 310
ABSTRACT: CONVERT POPENS IN CONFIG CODE TO USE CFGPOPEN CLASS

PROBLEM DESCRIPTION:
CONVERT POPENS IN CONFIG CODE TO USE CFGPOPEN CLASS.

------

APAR: IY13416 COMPID: 5639I3700 REL: 310
ABSTRACT: SHOW.CFG IS SHOWING DTS SERVER AS NOT RUNNING EVEN THOUGH IT IS

PROBLEM DESCRIPTION:
DTS server was executing the code pertaining to "Class 2"
type of servers in the config module, despite it being
classified as "Class 1". That is, DTS is not checked under
the "Class1" category.

------

APAR: IY13418 COMPID: 5639I3700 REL: 310
ABSTRACT: MASTER MISSING FROM /.:/SEC-V1 AFTER REGISTRY DESIGNATEMASTER

PROBLEM DESCRIPTION:
Master missing from /.:/sec-v1 after registry designate
This problem only occurs when you try to promote a Solaris
replica to master.

------

APAR: IY13543 COMPID: 5765E2600 REL: 500
ABSTRACT: APPLICATION WITH NESTED TRY/CATCH BLOCKS FAILS

PROBLEM DESCRIPTION:
Random application errors occur with the call stack pointing
to the function __CleanupCatch in the C++ runtime libraries
when the customer's application has source code which
multiple instances of exceptions being thrown from multiple
nested try/catch blocks.

PROBLEM CONCLUSION:
When a catch block is exited all the stack
Pointer is reset to what is correct for the routine containing
the catch block. All exception objects that are allocated
below the new stack pointer should be run and removed from the
exception chain. Otherwise the exception objects may be
overridden by later function calls.
The current logic can be insufficient in a routine that has
mutliple instances of exceptions being thrown from multiple
catch blocks. The solution is to do one final 'sweep' of the
Exception chain before resetting the stack pointer and jumping
into user code.

------

APAR: IY13638 COMPID: 5765B8100 REL: 220
ABSTRACT: UNDER STRESS DIRECTTALK IS GENERATING AN ERROR 17971 -

PROBLEM DESCRIPTION:
Under stress DirectTalk is generating an error 17971 -
"Voice response failed to service DTQA or DTXA interrupt
fast enough".

PROBLEM SUMMARY:
Under stress DirectTalk is generating an error
17971 - "Voice response failed to service DTQA or DTXA interrupt
fast enough".

PROBLEM CONCLUSION:
Driver code changed to handle this problem

------

APAR: IY13657 COMPID: 5765B8100 REL: 220
ABSTRACT: TROMBONE CUSTOM SERVER DOES NOT TERMINATE 3RD PARTY CALL

PROBLEM DESCRIPTION:
Trombone Custom Server does not terminate 3rd party call
when calling party attempts to terminate trombone operation
using caller DTMF.

PROBLEM SUMMARY:
Trombone Custom Server does not terminate 3rd
party call when calling party attempts to terminate trombone
operation using caller DTMF.

PROBLEM CONCLUSION:
Added code into Custom Server to send host
event to outgoing call state table (default IBMTromboneOut)
when originator requested termination using DTMF.
Also fixed situation where total_processes can be less than
two (channels configured only 12).
Also fixed default value of outbound state table entry point.

------

APAR: IY13658 COMPID: 5765B8100 REL: 220
ABSTRACT: TSLOT CLOSES DOWN WITHOUT INFORMATION

PROBLEM DESCRIPTION:
In some circumstances TSLOT (The Time Slot process) will
shutdown without any diagnostic information, and also
on return from a system call willl shutdown unexpectedly.

PROBLEM SUMMARY:
A system call did not use the required
macro to allow only correct return codes to TSLOT.

PROBLEM CONCLUSION:
Macro used correctly on system call, and
Diagnostic information improved to aid debugging.

------

APAR: IY13821 COMPID: 576552900 REL: 230
ABSTRACT: LATEST PSSP 2.3 FIXES AS OF OCTOBER 2000

PROBLEM DESCRIPTION:
This is the lastest PSSP ptf as of October 2000.
Order this apar to get all of the ptfs as of October 2000.

PROBLEM SUMMARY:
This is a packaging apar for PSSP 2.3 fixes
as of October 2000.

PROBLEM CONCLUSION:
This is a packaging apar for PSSP 2.3 fixes
as of October 2000.

------

Next message: AIX Service Mail Server: "Re: 43_maintenance"
Previous message: AIX Service Mail Server: "Re: 43_maintenance"
Next in thread: AIX Service Mail Server: "Re: New_AIXV4_Fixes"
Maybe reply: AIX Service Mail Server: "Re: New_AIXV4_Fixes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]