Mit der heutigen Ausgabe des SCO techSTREETS informieren wir Sie ber das Update Pack3 fr SCO UnixWare 7.1.3. Update Pack3 steht ab sofort auf unserer Downloadseite zur Verfgung. Nur Kunden mit registriertem SCO Update Service knnen Update Pack 3 installieren. Ein wichtiger Bestandteil des Update Pack3 sind die SCOx Komponenten, die erstmals fr UnixWare 7 zur Verfgung stehen und als separates ISO CD Image zur Verfgung gestellt werden. Mit freundlichen Gren Rainer Flucke The SCO Group GmbH UnixWare 7.1.3 Update Pack 3 Release und Installation Notes finden Sie auf dem Webserver im Supportbereich (/support/update/download/uw713up.html) Update Pack 3: neue Features ============================ Update Pack 3 beinhaltet alle Features aus Update Pack 1 und Update Pack 2 und die folgenden neuen Features: (Am Ende dieses techSTREETs sind zu einigen Features weitergehende Informationen in englischer Sprache angefgt) Features im Update Set: Graphics: VESA BIOS Initialization of Newer Video Cards Hardware: Enhanced Hyperthreading Support Internationalization: India Time Zone Listed Licensing: Enhancements and Fixes Mail and Messaging: Updated Sendmail Message Catalog Format Networking: DNS Manager Enhancements Performance: Swap Space Limit Extended to 4GB Printing: USB Support Shells: Updated ksh Features in den zustzlichen Paketen auf der Update Pack CD Hardware: Updated Drivers Online Documentation: Updated Topics and Manual Pages Printing: CUPS (Common Unix Print Spooler) Programming: JPEG (image compression) Library Programming: PNG Library Programming: TIFF Image Library and Utilities SCOx Support SCOx Komponenten (Extra CD Image) 1. Support Komponenten fr Web Services 2. Web Services Toolkits 3. Apache 2.0 Web Server 4. Perl 5.8.0 5. SOAP und XML fr Perl 6. Weitere Module fr Perl 7. mod_perl fr Apache Hinweise zu den SCOx Komponenten ================================ Die Support Komponenten enthalten Web-Server wie Apache und Tomcat, C/C++ Compiler, einen PHP Interpreter, die Java Runtime Umgebung, Datenbank Server wie MySQL/Postgres, XML Parser wie expat und libxml2, Standard SSL Toolkits und verschiedene andere Hilfsmittel. Die Web Services Toolkits bieten u.a. Bibliotheken um SOAP basierende Anwendungen zu entwicklen. Derzeit untersttzt das Toolkit die Programmierung in C/C++, Java und PHP. Die Pakete Perl 5.8.0, Weitere Module fr Perl, mod_perl fr Apache und SOAP/XML bilden die Basis fr die Entwicklung von SOAP basierenden Anwendungen in Perl. Der Apache 2.0 Web Server ist als optionaler Web Server gedacht. Er ersetzt nicht automatisch den per default installierten Apache Web Server. Voraussetzungen fr die Installation von Update Pack 3 ====================================================== - Sie haben eine SCO Update Lizenz fr UnixWare erworben - Sie setzen Unixware 7.1.3 ein. Maintenance Packs (mpack1,mpack2) oder Update Packs (up1,up2) knnen , mssen aber nicht installiert sein. (jede beliebige Kombination) Wenn ein neueres Maintenance Pack als Version 2 installiert ist, muss es VOR der Installation von Update Pack3 deinstalliert werden. (pkgrm) Bitte beachten Sie, das Sie auf einem System mit installiertem Maintenance Pack, nach der Installation des Update Packs NICHT versuchen sollten, ein Maintenance Pack zu deinstallieren. Das Update Pack besteht aus einem Update Pack Set und mehreren individuellen Softwarepaketen. Fr die Installation der meisten individuellen Pakete, ist die Installation des Update Sets Voraussetzung. Wenn eines der individuellen Softwarepakete auch auf Systemen OHNE Update Paket Set untersttzt ist, so ist das explizit in der detaillierten Featurebeschreibung zum Update Pack3 erwhnt. Verfgbarkeit von Update Packs ============================== Sie knnen die Update Packs vom Web laden oder alternativ durch Kauf der Update Service CD Option die Packs per CD zugesendet bekommen. Installation ============ Installieren Sie das Paket "uli" von der Update Pack CD. (pkgadd -d cdrom1 uli) und rufen anschliessend im Administrationstool "scoadmin" im Menu "Software", den Update Manager auf und folgen den Anweisungen. Fr Hinweise zur weiteren Intsllationsmglichkeiten, lesen Sie bitte die Release Notes zum Update Pack auf dem, SCO Webserver im Support Download Bereich. Um zu berprfen, ob das Update Pack installiert ist, knnen Sie folgendes Kommando verwenden: # pkginfo -lc set uw713up3 PKGINST: uw713up3 NAME: UnixWare 7 Release 7.1.3 Update Pack 3 ... STATUS: completely installed -------------------------------------------------------------------------------- Anhang: Erluterung zu einigen neuen Features und "known" problems in englischer Sprache: ================================================================================ Features in the Update Pack Set: The features listed in this section are installed with the Update Pack Set. See the Installation Procedures section for how to install the Update Pack Set. Graphics: VESA BIOS Initialization of Newer Video Cards A new boot(4) parameter has been added that allows newer video cards and chips (such as the nVidia GeForce onboard chip) to work with UnixWare. In these newer cards and chips, EGA environment tables are no longer provided and the video modes must be initialized by the kernel using VESA BIOS calls instead. If the USE_VESA_BIOS boot parameter is set on boot, then the kernel will initialize the video modes using VESA BIOS calls; if it is not set or set to "NO" (the default), then the EGA environment table is used. Hardware: Enhanced Hyperthreading Support Support for hyperthreading (Jackson technology) on Intel Pentium 4 processors has been enhanced to work on uniprocessor systems (such as Intel Pentium 4 3.06GHz or later processors) that do not have Intel Multi-Processor Specification (MPS) firmware BIOS tables. Hyperthreading is disabled by default. See the description of the ENABLE_JT boot parameter on the boot(4) manual page. Internationalization: India Time Zone Now Listed An entry has been added for India Standard Time (IST) to the list of time zones presented in both the SCOadmin International Settings Manager (scoadmin international) and the SCOadmin Time Manager (scoadmin system time). After setting the new time zone, reboot the system and set the current system date and time, if necessary, to the current local date and time using the Time Manager or the date(1) command. Licensing: Enhancements and Fixes A number of enhancements and fixes have been made to the Licensing subsystem. Most of these are listed in the Problems Fixed section. The following changes in the Licensing subsystem are significant to administrators and users: * The maximum number of simultaneous users, as determined by your current licenses, is now strictly enforced. Each connection (for example, via telnet, rlogin, ssh) counts as a "user", even if the same login is using multiple connections. If the number of allowable users (determined by the installed licenses) is exceeded, additional logins are denied until a current user logs off the system. See the Installation and Licensing topic in the online documentation for more information about licensing. Mail and Messaging: Updated Sendmail The current version of sendmail(1M), 8.10.1, has been fixed to close a number of recently reported security vulnerabilities. These are listed in the Problems Fixed section. Multi-line Message Catalog Format The mkmsgs(1) command has been enhanced to accept message strings that span more than one line in the input file. Multi-line messages are encapsulated in the input file with "%<" and "%>" delimiters on a line by themselves, as in the following example: %< first line of message second line of message ... %> Multi-line messages are limited to a total of 4095 characters in the input file. Only space, tab, and linefeed characters are allowed on the lines with the delimiters. Networking: DNS Manager Enhancements The security and reliability of the rndc(1M) program and the handling of secret keys used between rndc and DNS/BIND control channels has been improved. Performance: Swap Space Limit Extended to 4GB The upper limit on the amount of swap space that can be allocated has been increased from 2GB (2 gigabytes) to 4GB. Use the swap command to increase the current swap space size. See the swap(1M) manual page and the sections Configuring systems for large physical memory and Adding swap space for more information. Printing: USB Support Support for connecting a single USB printer to UnixWare has been added. Both the System V LP subsystem and the optional CUPS printing subsystem (see CUPS) support the addition of a single USB printer. To configure a USB printer using the active print subsystem from the command line, use the lpadmin(1M) command. Use the scoadmin printer graphical interface to add a USB printer to System V LP. If CUPS is the current printing subsystem, use the CUPS graphical interface on http://localhost:931 to configure a USB printer. When defining the printer, use the USB device name. When a USB printer is connected to the system and turned on, two device nodes are created automatically for the printer. They can be listed by entering: ls -tr /dev/usb_prnt* /dev/usblp* The device node names are defined as follows: /dev/usb_prnt# The # appearing in the device name is the order the printer was recognized as attached. If you have only one printer, it will always be /dev/usb_prnt0 regardless of how it is physically connected. If you have multiple USB printers (not currently supported), the digits at the end should not be regarded as stable: they will change as, for example, device timing varies and configuration changes are made. /dev/usblp-#####-[###.###.]### The first five digit number is the location of the host controller interface (HCI) to which the printer is connected. It's five digits represent the PCI bus number (two digits), the PCI device number (two digits), and the PCI function number (the final digit). For example: /dev/usblp-00072-1.4.2 where the HCI is PCI bus number 00, PCI device 07, PCI function 2. The remainder of the device name after the second dash is a sequence of from one to three decimal numbers (each of which can be from one to three digits). The final number, which is required, indicates the port number on the device to which the printer is physically connected. Up to two hubs can be connected between the printer and the PC USB port, and the ports to which these devices are connected are indicated by the two optional three digit number in the device name. For example, if a USB printer were connected directly to the first USB port on the system, the device name might look like this: /dev/usblp-00072-1 A device name like /dev/usblp-00072-1.4.2 indicates the following device configuration: PC USB Port 1 <-> | Hub#1 Port 1 PC USB Port 2 | Hub#1 Port 2 | Hub#1 Port 3 | Hub#1 Port 4 <-> | Hub#2 Port 1 ... | Hub#2 Port 2 <-> USB Printer ... where Hub#1 is connected into the system's first USB port, a second hub is plugged into Hub#1 Port 4, and the USB Printer is plugged into Hub#2 Port 2. This device name is completely unique and will not change as long as the physical configuration of the USB devices is not changed. See the documentation for Both LP and CUPS (if installed) under the Printing topic in DocView for more information on managing the printing subsystem. Shells: Updated ksh The UNIX95 version of the Korn shell, /u95/bin/ksh, has been updated to fix a number of problems: * Fixed the pwd builtin so it no longer returns a double leading slash (//) for pathnames under some conditions. * Fixed the shell so that it no longer resets the user's idle time every 10 minutes, as reported by commands such as w(1). . * Fixed the autoload function so that it works when invoked from within a command substitution. ------------------------------------------------------------------------ Features in Other Packages: The features listed in this section are contained in separate packages from the Update Pack Set. To install them, either select them from the Upgrade Wizard when you install the Update Pack Set, or follow the instructions in the section Installing Additional Packages after the Update Pack Set. Hardware: Updated Drivers The ide host bus adapter (HBA) driver has been updated to includes a number of bug fixes, as well as the following new features: * Compliance with the ATA/ATAPI-6 standard (see http://www.t13.org). * Supported IDE hard disk capacity has increased from 128GB (gigabytes) to just below 1TB (terabyte), a total of 1,099,510,579,200 bytes (1 terabyte minus 1 megabyte). Full 48-bit addressing in the driver allows support for IDE hard disks up to 1PB (1 petabyte; 1,125,899,906,842,624 or 250 bytes) in size; however, the 32-bit addressing used by the kernel limits IDE hard disk support on UnixWare to just below 1TB (a terabyte is 240 bytes). The ide driver is available as a separate package image in the Update Pack, as well as a floppy disk image suitable for use during a fresh install of UnixWare. The floppy image is available at: SCO FTP Server: /pub/unixware7/drivers/storage. The Broadcom bcme networking card driver has been updated to version 6.0.16. This version fixes known kernel panics in the previous driver, which occurred when calling bcopy to copy a transmit buffer. The driver code has also been improved for better transmit performance. The updated driver is includesd in the nd package. For a list of network cards supported by the bcme driver, please see the Update Pack 2 Notes. Online Documentation: Updated Topics and Manual Pages Updated manual pages and online guides are provided by the baseman and basedoc packages, as well as some of the other packages includesd with the Update Pack (e.g., cupsdoc, openssld, jpeg, tiff, libpng). Both guides and manual pages can be viewed using any browser via the DocView Documentation Server. By default, DocView can be reached at http://hostname:8458, where hostname is the network node name of the UnixWare system, or localhost when using a browser on your UnixWare 7 system. The browser can be running on native UnixWare, on the Linux Kernel Personality (LKP), or on the OpenServer Kernel Personality (OKP). The manual pages can also be viewed using the man(1) command; this must be done from a UnixWare shell. (The man commands under LKP and OKP display the manual pages installed in those environments, not the UnixWare 7 pages.) Note that none of the Update Pack documentation packages rebuild DocView's Search index, so any documentation added will not be searchable using DocView's Search button until indexing is run. This is done, by default, at 3:10AM local time by a root crontab(1) entry. If this time is not appropriate for your site, you can edit the crontab entry to change the time indexing is run. In general, it is a good idea to run indexing when the system load is low, since indexing can consume considerable time and system resources, depending on the amount of text being indexed. Alternately, you can run indexing manually using the /usr/lib/docview/conf/rundig command after you finish installing documentation from the Update Pack. Printing: CUPS (Common Unix Print Spooler) Version 1.1.19 of the Common UNIX Printing System (CUPS) is available in three separate packages (see Update Pack Contents): cups Client and Server Software for CUPS cupsdevCUPS Development Libraries cupsdocCUPS Online Guides and Manual Pages The current CUPS implementation supports all the documented features of CUPS, with the following exceptions: * libpaper * PAM * PHP scripts * python scripts You must install the Update Pack before you install cups, or CUPS will not work properly. The following packages are required by CUPS to provide the indicated functionality; they can be installed either before or after cups: libpngprinting PNG image files jpeg printing JPEG image Files tiff printing TIFF image files zlib decompressing image files After you install cups, the System V LP Subsystem is still the default printing subsystem. Use the chprnsys(1M) command to switch between the System V LP and CUPS printing subsystems, as in this example: # chprnsys cups The chprnsys command, among other things, reconfigures the system manual pages so that the pages appropriate to the currently active print subsystem are displayed by the man command and by DocView. The online CUPS guides can be viewed under the Printing topic in DocView, when CUPS is the active print subsystem. (Note that you must install cupsdoc to get all the revised manual pages and CUPS guides.) Note that once you install cups, the Update Pack installation is locked until cups is removed. See the section Known Problems and Workarounds. Programming: JPEG Image Compression) Library and Utilities The jpeg package (see Update Pack Contents) installs libjpeg and associated utilities from Version 6b of the Independent JPEG Group's open source JPEG image compression software. The libjpeg library allows applications to compress images and store them in JFIF format files, and decompress JFIF format files containing JPEG compressed images. For JPEG release notes, see the jpeg(7) manual page. The following utilities are also provided; see the associated manual pages listed below: jpeg(7) release notes, getting started information, references cjpeg(1) sample application for converting PPM, PGM, BMP, Targa image formats to JPEG djpeg(1) sample application for converting JPEG files to PPM, PGM, BMP, GIF, Targa image formats jpegtran(1)utility for lossless transcoding between different JPEG processes rdjpgcom(1)extracts textual comments from JFIF files wrjpgcom(1)inserts textual comments in JFIF files See the JPEG Archive Site at ftp://ftp.uu.net/graphics/jpeg for more documentation on the JPEG software. Programming: PNG (Portable Network Graphics) Image Library The libpng package (see Update Pack Contents) installs Version 1.2.5 of libpng, an open source library that applications can use to manipulate PNG (Portable Network Graphics) raster image files. See libpng(5) for release notes, a usage overview, and further references. See libpng(3) and libpngpf(3) for function definitions. Further documentation and archives are available at http://www.libpng.org, or ftp://ftp.uu.net/graphics/png. This package requires that the zlib package (see Update Pack Contents) is already installed. Programming: TIFF Image Library and Utilities The libtiff package contains a library for manipulating Tag Image File Format (TIFF) image files, along with TIFF-related utilities. This version of libtiff supports TIFF version 4.0, 5.0, and 6.0 files. The package installs its own manual pages: * See Section 3t. See the libtiff(3t) manual page for an introduction. * Also see the following command manual pages: fax2ps (1) - convert a TIFF facsimile to compressed fax2tiff (1) - create a TIFF Class F fax file from raw fax data gif2tiff (1) - create a TIFF file from a GIF87 format image file pal2rgb (1) - convert a palette color TIFF image to a full color image ppm2tiff (1) - create a TIFF file from a PPM image file ras2tiff (1) - create a TIFF file from a Sun rasterfile rgb2ycbcr (1) - convert non-YCbCr TIFF images to a YCbCr TIFF image sgi2tiff (1) - create a TIFF file from an SGI image file thumbnail (1) - create a TIFF file with thumbnail images tiff2bw (1) - convert a color TIFF image to greyscale tiff2ps (1) - convert a TIFF image to PS tiff2rgba (1) - convert a TIFF image to RGBA color space tiffcmp (1) - compare two TIFF files tiffcp (1) - copy (and possibly convert) a TIFF file tiffdither (1) - convert a greyscale image to bilevel using dithering tiffdump (1) - print verbatim information about TIFF files tiffgt (1) - display an image stored in a TIFF file (Silicon Graphics version) tiffinfo (1) - print information about TIFF files tiffmedian (1) - apply the median cut algorithm to data in a TIFF file tiffsplit (1) - split a multi-image TIFF into single-image TIFF files tiffsv (1) - save an image from the framebuffer in a TIFF file (Silicon Graphics version) SCOx Client API and Web Services Support The SCOx Client API is a set of application programming interfaces that use standard web technologies such as WSDL, SOAP, XML, and XML Schemas to enable your applications to interface with SCObiz. SCObiz is a comprehensive web site development, deployment, and hosting service through which SCO's partners can provide web site hosting solutions to their customers. SCObiz provides an infrastructure that enables solution providers to quickly and easily create e-Commerce or information-oriented web sites. The web services supported by SCOx and SCObiz enable applications to exchange data directly over the internet, without human intervention. Such applications can be anything from simple requests to complex business processes. The SCOx client libraries and web services are available on a separate CD image, and in separate downloadable sets. Release notes and installation instructions can be found at the top level of the SCOx CD image, and on the UnixWare Supplements Page. Also see the SCOx and SCObiz Web Sites. Known Problems and Workarounds Installation: xAPIC Support Installation: OpenSSH requires OpenSSL Installation: Timezone and Locale Clashes Display Warnings Installation: Upgrade Wizard Exits if Space Pressed Repeatedly Installation: Warnings About Changed Files Installation/Removal: Installing CUPS Locks Update Pack Mozilla: Japanese characters are not echoed as they are typed Online Documentation: "Print Book" Problems OKP: Do Not Add OKP License Before Installing OKP Removal: Removing Update Set Leaves xterm in Reverse Video Security: Updated Perl CGI.pm Squid: Documentation Errata Installation: xAPIC Support xAPIC support was designed for IBM x440 systems. On some platforms, such as the IBM xSeries 360 (x360), the OS detects it should use xAPIC but the platform does not properly support it. If this happens, the symptoms are device timeouts (either a disk driver or HBA) very early during the boot process. The system will display a message stating that an HBA or disk command has timed out, and the system will become unresponsive (hang). If you are using a Multi-Processing (MP) system with Pentium 4 (Xeon) processors and this occurs do the following: 1. Reset the system. 2. When the system displays the UnixWare logo during the boot sequence, interrupt the boot by pressing any key. 3. At the boot prompt enter: USE_XAPIC=N boot The system should now boot normally. 4. Once the system is running, edit /stand/boot and add the following entry to the file: USE_XAPIC=N This will ensure that you do not need to interrupt the boot process again. Installation: OpenSSH requires OpenSSL You may see the following error during installation of the OpenSSH (openssh) package: ##Executing postinstall script. dynamic linker: /usr/sbin/sshd: could not open libcrypto.so.0.9.7 Killed /etc/init.d/opensshd: Error 137 starting /usr/sbin/sshd....Bailing. This indicates that the OpenSSL (openssl) package is not installed; the installation of openssh, however, will still report success. To fix this, install the openssl package from the Update Pack 2 media and then re-install openssh. 527982 Installation: Timezone and Locale Clashes Display Warnings If you install the Update Pack on a freshly installed UnixWare 7.1.3 system, you may see Warning messages during installation. This happens most commonly when you specify the correct local time when installing UnixWare 7.1.3, but select a locale whose timezone differs from the local timezone. As a result, there can be a mismatch between the current system time and the time stamp on the files installed from the Update Pack, which causes the following warning to be displayed: WARNING: Reapply uw713u3 package. Failure to do so may leave your system in an inconsistent state. If this occurs, execute the following command: pkginfo -l | grep INSTDATE | sort -u | more Wait until the latest time returned by the above command has passed, and then reinstall the the uw713u3 package: pkgadd -d device uw713u3 Where device is the location of the mounted Update Pack CD, CD image, or Update Set image. 527540 Installation: Upgrade Wizard Exits if Space Pressed Repeatedly When launching the Upgrde Wizard using the uli command from a desktop window, the Upgrade Wizard may exit unexpectedly if you press the space bar a few times while it is loading. To work around this, re-run the Upgrade Wizard. 527905 Installation: Warnings About Changed Files During installation of the Update Pack on a system that was upgraded from a release prior to Release 7.1.3, warnings such as the following may be displayed: UX:pkginstall: WARNING: /etc/conf/pack.d/msr/Driver.o UX:pkginstall: WARNING: /etc/conf/pack.d/pcid/Driver.o UX:pkginstall: WARNING: /etc/conf/pack.d/ppp/Driver.o UX:pkginstall: WARNING: /etc/conf/pack.d/pppml/Driver.o ... The Warnings displayed on your system will depend on the originally installed release. These Warnings are expected and can be safely ignored. 527406 Installation/Removal: Installing CUPS Locks Update Pack Installing the cups package locks the Update Pack installation; you cannot remove the Update Pack after installing cups. This is due to the interdependencies that arise once the cups package is installed and enabled. If you want to remove the Update Pack, you must first remove the cups package, as in this example: # chprnsys lp # pkgrm -n cups The chprnsys command above ensures that System V LP is the current print subsystem, and the pkgrm command removes cups. Any related packages you installed along with cups should also be removed since they will not work properly once the Update Pack is removed. See Printing: CUPS (Common Unix Print Spooler). 528344 DocView "Print Book" Problems with non-English Text Problems have been observed with the DocView (http://hostname:8458) PRINT BOOK facility: 1. Some files do not print when selected from the PRINT BOOK list, or the incorrect content is printed instead. This occurs in C and non-C locales. 2. Multibyte files cannot be printed (this includes, for example, Japanese-language documentation from the jabasedoc package on the Localized Documentation CD in the UnixWare Media Kit) from the PRINT BOOK list. This is because the underlying engine in DocView for printing HTML (HTMLDOC) does not support multibyte files. 3. Some documents are not being printed in foreign languages when locale is properly selected and the foreign-language documentation is installed. The workaround in all these cases is to display the files individually from the DocView SITE MAP interface (which is identical to the PRINT BOOK list), and use your browser's Print command to print the files. For example, if you use the PRINT BOOK interface to print a New Features file and it does not work, click on the SITE MAP button on the DocView menu (http://hostname:8458) and select the name of the link that you wanted to print (the SITE MAP and PRINT BOOK lists are identical). Once the document is loaded into the browser, print it using your browser's Print command (File > Print in Netscape) to print to a local printer or to a file. The formats available depend on your local browser's setup. 527817 OKP: Do Not Add OKP License Before Installing OKP If you are installing the OpenServer Kernel Personality (OKP) product on top of the Upgrade Pack, do not add the OKP License to the License Manager before beginning installation of OKP. Instead, add the license during installation of OKP, as described in the OKP Release Notes. If you do add an OKP License to the License Manager before the OKP product is installed, the License Manager may report the following when you install the license: Licensing of is successfully completed Thereafter, the main License Manager screen may list the OKP license incorrectly, as follows: Unknown Product with id 181 If this occurs, you should remove the OKP license (License > Remove in the License Manager menu) and then add it again (License > Add). The License Manager will then display the license correctly. 528252 Removal: Removing Update Set Leaves xterm in Reverse Video If you remove the Update Set using the pkgrm(1M) command in an xterm window, the window may be changed to reverse video mode after the removal is complete. This does not indicate any problem with the removal of the Update Set. To return the window to normal video mode, enter: tput reset 527620 Security: Updated Perl CGI.pm CGI.pm is a Perl module (contained in the perl package available from the base UnixWare media) that provides function calls for form definition. There is a vulnerability present in forms created with the start_form() and start_multipart_form() functions defined in CGI.pm. If the action for the form is left unspecified in a call to either function, the form action can be manipulated by a malicious user (using an appropriate URL) to launch a cross site scripting attack against the host system. If you use the CGI.pm module in any Perl programs, it is recommended that you install the perlmods package, available on the SCOx CD. The perlmods package contains an updated CGI.pm module that closes this vulnerability. 528214 Squid: Documentation Errata The squid manual page installed by the squid package from the base UnixWare media contains a number of errors: * The Squid proxy server control script is located at /etc/init.d/squid. * The Squid software is located under /usr/lib/squid. * To start up Squid, your UnixWare system must already be connected to the internet, and the Domain Name Service (DNS) daemon in.named(1M) must be running. Squid must be able to reach at least one of the specified DNS servers; otherwise, it will not start. Follow this procedure to configure and begin using Squid: 1. Edit the file /usr/lib/squid/etc/squid.conf, and make the following changes: a. Search for the visible_hostname keyword, and insert a line like the following: visible_hostname nodename where nodename is the name you want returned by the server to clients in messages. b. Enable access for your clients. This is done with a combination of the http_access and acl keywords (search for http_access keyword; the acl section is just above it in the file). To simply allow all hosts to access squid, enter a single http_access statement: http_access allow all Most sites will want better security, and allow only known sites to access the proxy. The following two statements allow only hosts on the "10.0.0" subnet to access the server: acl local 10.0.0.0/255.255.255.0 http_access allow local Note that the ordering of http_access entries in the squid.conf file is important. You may need to put entries for local clients at the top of the list of http_access entries in order for them to work. See the comments in the file /usr/lib/squid/etc/squid.conf as well as the Squid documentation installed along with the squid package, in the online documentation under Internet and Intranet, for more information on configuring Squid. 2. Enter, as root: /usr/lib/squid/bin/squid -z to initialize the Squid caches. 3. Start Squid: /etc/init.d/squid start 4. On each client (including the local system), set the browser's preferences to go to the proxy server instead of connecting directly to the internet. In Netscape or Mozilla, this is done by opening the browser Preferences (Edit > Preferences) and selecting Advanced > Proxies. Select Manual Configuration, and click on View. In the following window, set at least the http: and ftp: entries to point to the nodename or IP address of the UnixWare system running the Squid proxy server; then, set the port for both entries to 3128, the default port on which the UnixWare Squid server listens for requests. Save your changes to the browser's Preferences. The browser will now access the internet through the Squid proxy. Check the files under /usr/lib/squid/logs if you encounter problems. ------------------------------------------------------------------------ (c) Copyright 2003 The SCO Group, Inc. All rights reserved. *****************************************************************