Hardware Management Console Readme For use with HMC Version 9 Release 1 M942 Updated: 29 September 2021 (C) Copyright International Business Machines Corp., 2021 All rights reserved. Contents <#ibm-content> The information in this Readme contains the fix list and other package information about the Hardware Management Console. * PTF MH01895 <#MH01895> * PTF MH01896 <#MH01896> * Package information <#package> * General and Security fixes <#fixes> * Command line changes <#command> * Installation <#install> Terminology *x86* - This term is used to reference the legacy HMC that runs on x86/Intel/AMD hardware for both the 7042 Machine Type appliances and the Virtual HMC that can run on the Intel hypervisors (KVM, VMWare, Xen). *ppc64 or ppc64le* - describes the Linux code that is compiled to run on Power-based servers or LPARS (Logical Partitions) PTF MH01895 HMC V9 R1.942.3 - for 7042 Machine Types or vHMC for x86 hypervisors (5765-HMW) This package includes an interim fix for the HMC V9 R1 M942 service pack. You can also reference this package by PTF MH01895 and APAR MB04286. This interim fix can be installed on an existing HMC Version 9 Release 1 M942 Service Pack (PTF MH01876) installation with or without additional fix packs. NOTE: This PTF supersedes MH01879 and MH01886. /Package information/ Package name Size Checksum (sha1sum) APAR# PTF# MH01895_x86.iso 4188768256 cb91d53d67f28d800ae6833dc5e64fe9bd346cc0 MB04286 MH01895 Splash Panel information (or lshmc -V output) "version= Version: 9 Release: 1 Service Pack: 942 HMC Build level 2107130247 MH01876 - HMC V9R1 M942 MH01895 - iFix for HMC V9R1 M942 ","base_version=V9R1 " PTF MH01896 HMC V9 R1.942.3 - for 7063 Machine Types or vHMC for PowerVM (5765-HMB) This package includes an interim fix for the HMC V9 R1.942.0 service pack. You can also reference this package by PTF MH01896 and APAR MB04287. This image can be installed on an existing HMC Version 9 Release 1 M942 Service Pack (PTF MH01877) installation with or without additional fix packs. NOTE: This PTF supersedes MH01880 and MH01887. /Package information/ Package name Size Checksum (sha1sum) APAR# PTF# MH01896_ppc.iso 4169914368 ec8ff07b2a59a5a11974651b2824a4992e5829e5 MB04287 MH01896 Splash Panel information (or lshmc -V output) "version= Version: 9 Release: 1 Service Pack: 942 HMC Build level 2107130247 MH01877 - HMC V9R1 M942 MH01896 - iFix for HMC V9R1 M942 ","base_version=V9R1 " *General fixes* * Fix to HMC startup resulting in the HMC GUI being inaccessible. Symptoms include the local console hanging at the grid screen and remote web access returning "/Service Unavailable/" when attempting to connect. * Fixed an issue that prevented the network busy dialog from closing at the local console. Clicking the upper right X would force close the window. * Fixed an issue that can cause the HMC to lose connections to all servers for a brief time with service events E2FF1409 and E23D040A being reported. This will cause all running server tasks such as server firmware upgrade to fail. * Fixed an issue where server hardware discovery information initiated by one HMC is not immediately available on a second HMC. * Fixed an issue that can cause SRC E212E161 to be reported for HmcRmc.properties. * Fixed an issue where Electronic Service Agent (ESA) files are not deleted after being transmitted to IBM causing root file system ("/") to exceed 85% used and E212E136 to be reported. * Fixed an issue where the HMC is unable to start up completely, instead hanging at the grey "grid screen" with no login, due to a bad read of a log file that occurred from an earlier abnormal termination. * Fixed an issue where saveupgdata or bkconsdata command may fail with "/rc = 1/" due to rpm database issue. * Fixed an issue to prevent re-reporting of old BMC events when a BMC reset occurs at runtime. * Fixed an issue that cause a deadlock in ESA with SRC E35A0074 and E35A0075 after a HMC reboot. *Security fix* * Fixed an issue where the external links on the HMC logon page do not suppress "referer" information. This may be reported by scan tools as CWE-200 or SI-11. * Addressed restricted shell vulnerability: CVE-2021-29707 * Addressed bind vulnerability: CVE-2021-25215 * After apply of this PTF, the webui cipher list is reset to the default values. Users that have modified the cipher list should record the ciphers prior to apply of the PTF, then restore the ciphers after the mandatory reboot. The commands *lshmcencr *and *chhmcecnr *can be used to record or modify ciphers. *Command line changes * * The commands *alias *and *unalias *have been removed from restricted shell. * The restricted shell *sed *command has been modified to restrict certain escape characters. *Previously released fixes also included in this PTF: * *MH01886/MH01887* 04/09/21 * Fixed issues with viewing PCM settings or dashboard due to incomplete installation of postgress with incorrect file permissions. * Fixed an issue that caused the lshwres command for listing SR-IOV logical ports to fail with "/HSCL8016 An unknown error occurred while trying to perform this command./" The command only failed when run with the -F option on Power9 systems with FW930 or earlier and on Power7 and Power8 systems. * Fixed additional rpm command hang issues in ppc HMC. Symptoms include hangs running pedbg collection and backup console data (*bkconsdata*). The workaround is to cancel the hung task (or reboot hmc) then log in as user hscpe with role hmcpe and execute "*runsig -s 700*" to clear the rpm lock. * The timeout value for the time allowed from launching the Open Terminal Window task to connecting the vterm application is increased to 2 minutes * Fixed an issue that caused the Create System Plan GUI task and the *mksysplan *command to fail with "/not a hexadecimal character/" when a virtual switch name contains a forward slash ‘/’ character. * Fixed an issue to prevent the HMC from calling home with SRC E212E161 * Fixed an issue that caused a startup failure of the postgres database everytime HMC was rebooted. Symptoms include call home reporting of SRC E35A0020 and error "/javax.ws.rs.ext.MessageBodyReader/” when navigating to the PCM GUI panels. * Fixed an issue with the REST call "//rest/api/uom/ManagedSystem?hwinventory=true/" that does not return the results of the PowerSupplies and FANs for servers at FW950. * Circumvented a rare issue that caused the GUI and command line to become unresponsive on an HMC that is the master HMC for a Power enterprise pool * IBM SDK, Java Technology Edition Quarterly update *MH01879/MH01880* 02/12/21 * Fixed an issue that caused call home SRCs E212E136 and E332FFFF Symptoms include performance degradation leading to one or more of the HMC services no longer responding. Other possible SRCs after longer run time are E212E161 and E212E114, * Fix rare rpm command hang issue in ppc HMC . Symptoms include hangs installing HMC corrective service PTFs, running pedbg collection and installing server firmware updates. If this issue is encountered during this PTF installation, the workaround is to cancel the hung task (or reboot hmc) then log in as user hscpe with role hmcpe and execute "runsig -s 700" to clear the rpm lock. Then reattempt the install. * Fix error while formatting USB device from GUI resulting in /Error!! Format USB flash memory drive was not completed successfully. /The CLI formatmedia option would succeed * Fix for PCM getting disabled when managed system is power recycled requiring manual renablement of PCM for the system. * Fixed an issue causing the PCM service to report SRC E35A0083 repeatedly indicating it has exceeded the memory threshold. * Fixed an issue that caused the used bond interfaces to be incorrectly listed under list of Available Adapters while creating/editing bond interface. * Fix to retain the label e for the USB memory device when formatted using Japanese language. * Fixed an issue with HMC backup and update functionalities when the SFTP password contains spaces resulting in error message: /An incorrect user ID and password or key combination was entered. Specify a valid user ID and password or key and try the command again./ * Fixed the NullPointerException issue when connection drops due to a network glitch while handling NVRAM change eventually resulting in callhome SRC E3550046. * Fixed the *chlickey *command to handle an extra newline at the end of license key file resulting in error message: "/The file lickeyfile.txt contains license key information that is not valid./" * Improved error message to be more meaningful (HSCL1584) when Live Update fails due to user’s access restrictions to resources resulting in message: "/HSCL8016 An unknown error occurred while trying to perform this command. Retry the command. If the error persists, contact your software support representative./" * Fixed an issue that doesn’t allow editing the load sharing option when the failover is already enabled before launching Edit Network Bridge Window. * Fix NullPointerException observed when firewall is enabled in bond configuration when all ethernet interfaces are consumed for creating network bonds. * Fix for 'Backup Management Console data' which shows running on task panel even after the user then selected to restore the data and rebooted the console. * Latest Cloud Connector has been included for compatible with CMC. * Addressed the BIND vulnerabilities: CVE-2020-8622, CVE-2020-8623 and CVE-2020-8624 * Addressed the openSSL vulnerabilities: CVE-2020-1971 Installation Installation instructions for HMC Version 9 upgrades and corrective service can be found at these locations: Upgrading or restoring HMC Version 9 Updating,upgrading, and migrating your HMC machine code Instructions and images for upgrading via a remote network install can be found here: HMC V9 network installation images and installation instructions