Update Pack 2 contained all the new features listed below, as well as the new features from Update Pack 1. See the section Problems Fixed for the maintenance fixes included in the current Update Pack, and the section Known Problems for limitations and workarounds.
The features listed in this section are installed with the Update Pack Set. See the Installation Procedures section for how to install the Update Pack Set.
Previously, the system calls shmget(2), msgget(2), and semget(2) returned 32-bit InterProcess Communication (IPC) IDs for shared resources under UnixWare. OpenServer and Xenix applications, however, expect IPC IDs that are positive, signed 16-bit numbers.
A new flag, IPC_SMALLID, may be passed in to the IPC routines listed above.
If this flag is passed in, then, on success, the invoked function returns a 16-bit IPC ID.
Otherwise, a 32-bit IPC ID is returned.
The IPC_SMALLID flag is introduced for use in cases in which a native
UnixWare application requires a small IPC ID in order to share the ID and
associated object with OpenServer or Xenix applications.
For example, the Xenix emulator included with the OpenServer Kernel Personality (OKP) product
uses IPC_SMALLID for every IPC ID it requests, so Xenix
applications can use IPC as expected.
In addition to the IPC_SMALLID flag, three new tunables are also available for cases where the entire system
must be tuned to return 16-bit IPC IDs to support OpenServer and Xenix applications.
These tunables are SHMSMALLID, MSGSMALLID, and SEMSMALLID, and they affect
the return values of shmget(2), msgget(2), and semget(2), respectively.
Each has a default value of 0, and a range of values of 0 to 1.
Each tunable controls whether the corresponding IPC system call returns a 16-bit ID by default.
If the tunable is set to 0 (the default), then the corresponding routine always returns a
32-bit ID; if the tunable is set to 1, then the corresponding routine always returns a 16-bit ID.
The kernel has been modified to always return 16-bit IPC IDs to a running application that it recognizes as an OpenServer or Xenix executable, regardless of the setting of the above tuneables.
The dtlogin(X1) daemon has been enhanced to save the desktop chosen when a user logs in. The next time the same user logs in, the previously used desktop will be launched, unless the user chooses another from the Desktop menu on the Graphical Login screen.
Two new keywords that control this feature can be specified in the file /etc/default/login:
SAVEUSERGUIDEFAULTWINDOWMANAGERDEFAULTWINDOWMANAGER is used.Once a user has logged into a graphical desktop, the dtlogin menu Options > Session will display the following choices:
[Last Desktop Session Selected] Common Desktop Environment (CDE) and UNIX Personality Panorama Session and UNIX Personality KDE2 and Linux Personality (LKP) Failsafe Session
(If you do not have LKP installed, the entry "KDE2 and Linux Personality (LKP)" will not be displayed.)
Your default window manager is either the system default window manager
(DEFAULTWINDOWMANAGER) as specified in /etc/default/login or the window
manager you previously selected from the Options > Session menu.
You can change your personal default window manager by selecting a new
window manager from the Options > Session menu.
Your personal default window manager overrides the system default window
manager unless SAVEUSERGUI is set to NO.
The SCOadmin Filesystems Manager has been moved from the main SCOadmin screen (started from the CDE or Panorama Desktop menus, or from the command line with the scoadmin command), to a new Storage folder. The Storage folder also contains the new Disk, Partition, and Slice Managers, described below.
The asy and asyc drivers (see the asyc(7) manual page) are now configured by default to support up to ten total serial ports. The ports are named following the conventions described in the section Hardware > Configuring Serial Ports > Serial device node naming conventions in the online documentation. The drivers now support 16654 UARTS on the motherboard, as well as Digi Classicboard and Connecttech Blue Heat PCI cards.
PCI devices honor the resmgr entries created or modified by dcu(1M). Note that only scanned (i.e. not PCI) devices may be used for kdb(1M) or console devices.
For more information on the ConnecTech and Digi boards mentioned above, see
the respective companies' web sites:
http://www.dgii.com/products/multiport%20serial%20cards/classicboard.jsp
http://www.connecttech.com/sub/Products/ProductList.asp
The DNS Manager (scoadmin dns) has been updated with the following fixes and enhancements:
The DNS Manager will launch only one server deamon. In previous releases, the DNS Manager would invoke another DNS server when the Manager was started or terminated.
Enhanced the Manager so that it does not remove configuration and zone data file information entered by other mechanisms (e.g., vi(1) or h2n(1M)). This was a problem in earlier releases.
Enhanced h2n(1M) so that it will work properly with files created or edited by the DNS Manager (e.g., uses the same conventions, such as zone data file names). In previous releases, you could not use both tools on the same set of files.
The Server pull down menu now adds options reliably to the current configuration. The DNS configuration file it produces is validated with the named-checkconf utility. It also cleans up appropriately when configuration options and statements are removed.
Add and Modify Zones commands for the Primary server type have been improved:
The System V LP printing subsystem has been enhanced to allow a maximum of 999 print jobs per printer, or class of printers. In previous releases, only 999 print jobs for the entire system were permitted.
By default, privileged processes (i.e., processes running as root) do not dump core files, to prevent
unprivileged access to sensitive data that may be contained in the core file.
(See the core(4) manual page for a description of core files.)
A new tunable parameter (COREFILE_SECURE) has been introduced that, if set in the current environment of a
privileged process, allows the process to dump a core file when a program exception occurs.
Such core files should be protected from unprivileged access by ensuring the file permissions allow only owner access,
and that the file is owned by root.
You can do this using the following commands:
chmod 400 corefile chown root corefile
COREFILE_SECURE can also be set for the entire system using the System Tuner.
Enter scoadmin system tuner at a shell prompt, or launch SCOadmin from the desktop and select
System > System Tuner.
Three new SCOadmin managers provide a graphical mass storage management interface:
These managers are grouped under a new Storage folder in the SCOadmin main window. Start SCOadmin from the CDE or Panorama desktop menus, or by entering scoadmin at a UNIX shell prompt. Managers can also be started from the command line using their names; for example, scoadmin disk starts the Disk Manager. Use the Help button on the main window of any Storage manager to display the online documentation, or look under the Mass Storage Devices Overview topic at the top level of DocView on http://hostname:8458.
The features listed in this section are contained in separate packages from the Update Pack Set. To install them, either select them from the Upgrade Wizard when you install the Update Pack Set, or follow the instructions in the section Installing Additional Packages after the Update Pack Set. See Update Pack Contents for the list of additional packages available.
The following HBA drivers are new or updated:
This updated version of the adst70 driver fixes a panic that occurred previously on transition to init(1M) state 1.
This new driver supports the following Adaptec Host Bus Adapters:
| Adapter | Chip | Type |
| AHA29320x, AHA39320x | AIC-7901A, AIC-7902A4 | Ultra320 SCSI |
This new driver supports the following Intel® Host Bus Adapters:
| Adapter | Type |
| SRCFC22C | Dual Channel 2 Gb/s Fibre Channel RAID w/Ultra160 SCSI |
| SRCS14L | Four Port S-ATA RAID |
| SRCMR | Modular RAID on Motherboard Ultra160 SCSI |
| SRCU-31 | Single Channel Ultra160 SCSI RAID |
| SRCU-31L | Single Channel Ultra160 SCSI RAID |
| SRCU-32 | Dual Channel Ultra160 SCSI RAID |
Diskette images of these drivers suitable for use during a new installation of UnixWare are available at ftp://ftp.sco.com/pub/unixware7/drivers/storage.
Also see the Compatible Hardware Page for the latest supported hardware and drivers.
The nd package contains the following updated NIC drivers.
3Com 3C996/3C1000/3C94X Gigabit Ethernet Broadcom BCM5700 NetXtreme Gigabit Ethernet Broadcom BCM5701 NetXtreme Gigabit Ethernet Broadcom BCM5702 NetXtreme Gigabit Ethernet Broadcom BCM5703 NetXtreme Gigabit Ethernet Broadcom BCM5704 NetXtreme Gigabit Ethernet Broadcom BCM5704S NetXtreme Gigabit Ethernet Broadcom BCM5705 NetXtreme Gigabit Ethernet Broadcom BCM5782 NetXtreme Gigabit Ethernet for hp HP NC6770 Gigabit Ethernet HP NC7760 Gigabit Ethernet HP NC7761 Gigabit Server Ethernet HP NC7770 Gigabit Ethernet HP NC7771 Gigabit Ethernet HP NC7772 Gigabit Server Ethernet HP NC7780 Gigabit Ethernet HP NC7781 Gigabit Ethernet HP NC7782 Gigabit Ethernet HP NC7783 Gigabit Ethernet
PRO/1000 Gigabit Server Adapter PWLA8490 PRO/1000 Gigabit Server Adapter PWLA8490G1 PRO/1000 F Server Adapter PWLA8490SX PRO/1000 Gigabit Adapter PWLA8490SXG1P20 PRO/1000 T Server Adapter PWLA8490T PRO/1000 T Server Adapter PWLA8490TG1P20 PRO/1000 XT Server Adapter PWLA8490XT PRO/1000 XT Server Adapter PWLA8490XTL PRO/1000 XT Lo Profile Server Adapter PWLA8490XTL PRO/1000 XF Server Adapter PWLA8490XF IBM Netfinity Gigabit Ethernet SX Adapter 09N3599 IBM Netfinity Gigabit Ethernet SX Adapter 30L7076 IBM Gigabit Ethernet SX Server Adapter 06P3718 IBM Gigabit Ethernet Server Adapter 22P4618 PRO/1000 MT Desktop Adapter PWLA8390MT PRO/1000 MT Server Adapter PWLA8490MT PRO/1000 MT Dual Port Server Adapter PWLA8492MT PRO/1000 MF Server Adapter PWLA8490MF PRO/1000 MF Dual Port Server Adapter PWLA8492MF
PRO/100+ Management Adapter (PILA8900) PRO/100 Server (PILA8480) Pro/100B T4 (PILA8475B) PRO/100 S Server (PILA8474B) PRO/100 S Server (PILA8474BUS) PRO/100+ Dual Port Server Adapter (PILA8472) PRO/100+ Server Adapter (PILA8470) PRO/100+ Server Adapter (PILA8470B) PRO/100+ Dual Port Server Adapter (61PMCA00) PRO/100 (PILA8465) PRO/100B Adapter (PILA8465B) InBusiness 10/100 Adapter (SA101TX) PRO/100 S Management (PILA8464B) Pro/100+ Management Adapter (PILA8461) Pro/100+ (PILA8460) Pro/100+ Management Adapter (PILA8460B) Pro/100+ (PILA8460BN) PRO/100 S Management (PILA8460BUS) Pro/10+ (PILA8500) Pro/10+ (PILA8520)
See the Compatible Hardware Page for the latest supported hardware and drivers.
The xdrivers package provides a new nvidia graphics driver that supports the following graphics cards from NVIDIA Corporation:
NVIDIA RIVA TNT2/TNT2 Pro NVIDIA RIVA TNT2 Ultra NVIDIA Vanta/Vanta LT NVIDIA RIVA TNT2 Model 64/Model 64 Pro NVIDIA Aladdin TNT2 NVIDIA GeForce2 MX/MX 400 NVIDIA GeForce2 MX 100/200 NVIDIA Quadro2 MXR/EX
Also see the Compatible Hardware Page for the latest supported hardware and drivers.
The Mozilla internet browser, version 1.2.1, is included in a separate package as an alternative to Netscape Communicator 4.61 (delivered in the base Release 7.1.3 system). If you install Mozilla using the Upgrade Wizard when you install the Update Set, all prerequisite packages will be installed as well. If you install Mozilla using pkgadd(1M), you will need to install them in the order shown (after installing the Update Set) to enable Mozilla on UnixWare 7.1.3:
The j2re131 and j2plg131 packages are required for Java plug-in support only.
For example, if you download all the .image files from the download site to /var/spool/pkg, use the following commands to install these packages:
pkgadd -d /var/spool/pkg/basex.image all pkgadd -d /var/spool/pkg/xserver.image all pkgadd -d /var/spool/pkg/glib.image all pkgadd -d /var/spool/pkg/gtk.image all pkgadd -d /var/spool/pkg/libIDL.image all pkgadd -d /var/spool/pkg/mozilla.image all pkgadd -d /var/spool/pkg/j2jre131.image all pkgadd -d /var/spool/pkg/j2plg131.image all
If you are using a mounted CD or CD ISO image (see Step 1 and 2 of Installing the Update Pack from CD), mounted under /install, enter the following:
pkgadd -d /install basex pkgadd -d /install xserver pkgadd -d /install/glib.image all pkgadd -d /install/gtk.image all pkgadd -d /install/libIDL.image all pkgadd -d /install/mozilla.image all pkgadd -d /install j2jre131 pkgadd -d /install j2plg131
A mozilla(1) manual page is installed with the browser, and can be viewed with the man(1) command or with DocView on http://hostname:8458.
The following notes apply to using the Update Pack 2 version of Mozilla in locales other than en_US.
The mozilla released in the Update Pack 2 has been built for the US English locales. All menus and help material are in English.
Localization of the user interfaces are provided by individual contributors to the Mozilla Localization Project. These typically:
Language Packs currently available for Mozilla 1.2.1 are:
Asturian, Belarusian, Breton, Catalan, Simplified Chinese (China), Traditional Chinese (Hong Kong), Traditional Chinese (Taiwan), Czech, Danish, Dutch, English (United Kingdom), Esperanto, Estonian, French, Galician, German, Greek, Hungarian, Italian, Korean, Lithuanian, Mongolian, Norwegian Nynorsk, Telugu, Turkish, Romanian, Russian, Slovak, Slovenian, Sorbian, Spanish (Latin America), Spanish (Argentina), Spanish (Spain), Polish, Portuguese (Brazil) and Ukrainian.
To install individual Language Packs, do the following as root in Mozilla:
NOTE: Do not attempt to download Mozilla "Content Packs". These contain binaries and libraries compiled for locales on specific operating systems. There are currently no Content Packs for Mozilla running on UnixWare 7, and loading one of them may result in unexpected behavior.
Once a Language Pack is installed, it must be enabled in Mozilla. Select Edit > Preferences > Appearance > Language/Contents, and choose the Installed Language Pack desired. Then restart Mozilla for the new language pack to take effect.
When using Mozilla in a Japanese locale, Japanese characters may not be displayed as they are typed using the X input method (invoked by typing Shift+Space). The Japanese characters are instead displayed when Enter is pressed. This behavior is the default setting of the xim.input_style attribute in the Mozilla browser. To have characters displayed as they are typed in Japanese locales, add the following line to each user's java script preferences file (typically $HOME/.mozilla/default/*/prefs.js):
user_pref("xim.input_style", "over-the-spot");
The basedoc and baseman packages contain guide material and manual pages for the new features, enhancements, and fixes delivered with Update Pack 2. They assume that the packages of the same name from Release 7.1.3 are already installed. Online documentation is viewed using the DocView documentation server (docview), at http://hostname:8458, where hostname is the network node name of the UnixWare system (e.g., system1, system1.yourdomain.com, etc.) or localhost. The document you are reading now is found under New Features and Notes.
The OpenSSL package has been updated to 0.9.7 with a security fix that prevents a timing-based attack on cipher suites used in SSL and TLS. OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a general purpose cryptography library. A user level command, openssl(1), is provided that performs a variety of cryptographic functions.
Documentation for OpenSSL is packaged separately in openssld on the UnixWare 7.1.3 Updates and Upgrades CD #2. The following manual pages are installed under /usr/man, and can be viewed via man(1) or the DocView Man Pages button (http://hostname:8458):
asn1parse.1 ca.1 CA.pl.1 ciphers.1 crl.1 crl2pkcs7.1 dgst.1 dhparam.1 dsa.1 dsaparam.1 enc.1 gendsa.1 genrsa.1 nseq.1 openssl.1 passwd.1 | pkcs12.1 pkcs7.1 pkcs8.1 rand.1 req.1 rsa.1 rsautl.1 s_client.1 s_server.1 sess_id.1 smime.1 speed.1 spkac.1 verify.1 version.1 x509.1 | bio.3 blowfish.3 bn.3 bn_internal.3 buffer.3 crypto.3 d2i_DHparams.3 d2i_RSAPublicKey.3 des.3 dh.3 dsa.3 err.3 evp.3 hmac.3 lh_stats.3 lhash.3 | md5.3 mdc2.3 OPENSSL_VERSION_NUMBER.3 OpenSSL_add_all_algorithms.3 rand.3 rc4.3 ripemd.3 rsa.3 sha.3 ssl.3 threads.3 config.5 des_modes.7 |
For more information on OpenSSL see the OpenSSL Web Site.
The openssh 3.4p1 package has been updated to fix several minor problems with the location and file permissions of /etc/sshd.pid, and the location of /usr/X11R6.1/bin/xauth. OpenSSH is a suite of network connectivity tools that encrypts all traffic to effectively eliminate eavesdropping, connection hijacking, and other network-level attacks. OpenSSH provides a variety of secure tunneling capabilities and authentication methods. This version fixes a major security vulnerability present in versions 2.3.1 to 3.3, and is built with privilege separation and compression turned on. SSH protocol versions 1.3, 1.5, and 2.0 are supported.
The OpenSSH suite includes:
Manual pages are provided for all of the above commands, as well as pages for the ssh_config(5) and sshd_config(5) SSH client and server configuration files. To display them, use the man(1) command or DocView on http://hostname:8458. For more information on OpenSSH, please go to the OpenSSH Web Site http://www.openssh.org/manual.html.
NOTE: You should install OpenSSL from the Update Pack before installing OpenSSH, even if you have a previous version of OpenSSL already installed.
Ethernet packets are required by RFC894 and RFC1042 to be a minimum of 46 bytes. Smaller packets are required to be padded with zeros to the 46 byte minimum, but the standards do not specify what part of the system (e.g., the kernel, the driver, etc.) should do the padding. As a result of this ambiguity in the standard, some drivers will pad Ethernet packets themselves (sometimes called "auto-padding") with random data obtained from a buffer. The information contained in the buffer is used as padding in the Ethernet frame, and therefore is available to any program that is monitoring network packets.
UnixWare closes this vulnerability by padding the Ethernet buffer with zeros at the DLPI level, before the driver (or any other entity) has an opportunity to pad the buffer with non-zero data.
The system is updated with this enhancement by the nics package.
The zlib data compression library package (/usr/lib/libz.so) has been updated to eliminate a security vulnerability due to a buffer overflow condition in the gzprintf function. The zlib Manual from the zlib Home Page is available as a manual page; enter man zlib or use the Man Pages button in DocView on http://hostname:8458.
Samba provides filesharing capabilities using native Microsoft SMB and CIFS protocols for interoperability with Microsoft operating systems. Samba 2.2.8a is provided in two versions: a single-byte version for Western locales (samba) and a multibyte version suitable for Asian locales (sambamb). The important difference between the two versions is the sorting algorithm used for file ordering which determines whether the file sorting is compatible with wide-character or ascii character code environments.
Note the following when installing Samba:
If you are upgrading from a previous release of Samba on UnixWare, save a copy of your existing /usr/lib/samba/lib/smb.conf file before you begin installation, so you can restore any settings that might be affected by the upgrade.
If Samba fails to start, make sure the directory /usr/lib/samba/private exists, that it has 755 permission, and is owned by user root and group bin; then, start Samba, as shown:
# cd /usr/lib/samba # mkdir private # chgrp bin private # chown root private # /etc/init.d/samba start
By default, /tmp is automatically shared. This can be a security concern, since various system utilities keep temporary data in /tmp. To remove the /tmp share, log into SWAT (see above) and select the Shares icon. On the next screen, highlight the tmp share in the list box and select the Delete Share button.
Samba cannot run together with Advanced File and Print Sharing (AFPS; found on the Optional Services CD #3), nor with the NetBIOS protocol running. If Samba will not start, do the following to determine if AFPS or NetBIOS are running, and disable them if necessary:
Enter:
# cd /etc/rc2.d
S74netbios S99ms_srv
If these one or both of these files exist, enter the appropriate command or commands shown below:
# mv S74netbios s74netbios # mv S99ms_srv s99ms_srv
# shutdown -i6 -g0 -y
Start Samba:
# /etc/init.d/samba start
Samba is configured with the SWAT (Samba Web Administration Tool) utility using a web browser on http://hostname:901; links to all the Samba documentation are provided from there. To start SWAT:
As root, enter:
# /usr/lib/samba/sbin/swat
Point a web browser at http://localhost:901.
Log in to SWAT as root.
The main SWAT screen provides links to all the Samba documentation. Select the Status icon to start the Samba daemons.
To start, stop, and restart Samba from the command line, use the /etc/init.d/samba command, as in this example:
# /etc/init.d/samba start
To enable Samba at system startup, enter the following:
# /etc/init.d/samba enable
Samba will now start up automatically whenever the system boots. The disable parameter returns Samba to manual startup.
Localization settings in both the single-byte and multibyte versions are accessed from the SWAT Home Page by clicking on the Globals tab, and then selecting Advanced View. Set appropriate values for your locale for the client code page, the character encoding system, and the other options (each option has context-sensitive help). Please refer to the documentation for smb.conf for futher details.
Note: the smbfs file system and associated commands (smbmnt, smbmount, smbumount) are not supported on Release 7.1.3. Other client tools, such as smbspool, are supported.
More Samba documentation and other resources are provided on the Samba Home Page.
© Copyright 2003 The SCO Group, Inc. All rights reserved.