==========================================================
Maintenance for IBM Sterling Connect:Direct for UNIX 4.1.0
==========================================================

This maintenance archive includes module replacements for the C:D UNIX 4.1.0 
code base. It is applicable to C:D UNIX version 4.1.0, and contains all the new 
functionality and fixes as described in the C:D UNIX 4.1.0 Release notes, as 
well as fixes for the issues listed below.

This release implements IBM's standard V.R.M.F method of identifying software. 
V, R, M and F are Version, Release, Modification and Fix Pack respectively.  In 
general, V.R.M imply new functionality, while F is an accumulation of fixes 
called a Fix Pack.  The term Fix Pack will be used going forward in place of 
Cumulative Maintenance.  Individual fixes also have a new name, Interim Fixes, 
or iFixes for short.  iFixes are numbered sequentially from one starting with 
any increment to V, R, M or F.  Please see IBM's website for further details 
regarding this methodology.  

After applying the maintenance, the CLI banner will report that your C:D version 
is 4.1.0.x, where x is the current Fix Pack.  It will also display the date that 
the maintenance was created.

For more information, please refer to the C:D UNIX 4.1.0 Release Notes.

==============================
iFixes to C:D for UNIX 4.1.0.0
==============================

001) QC18588  commit date:  18 Apr 2011
---------------------------------------
     Stack overflow exploit potential in ndmsmgr.

002) QC18587  commit date:  25 Apr 2011
---------------------------------------
     Null pointer dereference vulnerability in ndmsmgr.

003) QC18972  commit date:  26 Apr 2011
---------------------------------------
     Added "daily" keyword that when specified with an elapsed time in the 
     startt parameter of a submit command will schedule the process for the next 
     day at the specified time.

004) QC19021  commit date:  26 Apr 2011
---------------------------------------
     Trailing blanks are not stripped from first record of a text file received 
     with strip.blanks=yes and codepage conversion.

005) QC18999  commit date:  06 May 2011
---------------------------------------
     XIPT011I error when Control Center attempts to import a large (greater than 
     16k) trusted certificate file.

006) QC19050  commit date:  22 Jun 2011
---------------------------------------
     Added functionality to allow server connections to strongly secure 
     sensitive information in session overhead and leave data which may not be 
     sensitive unencrypted to enhance performance.  Documentation for this 
     feature and how to use it is available on our IBM Sterling Support Center 
     website.

-----------------------------------------------------------
iFixes listed above are accumulated in C:D for UNIX 4.1.0.1
-----------------------------------------------------------

==============================
iFixes to C:D for UNIX 4.1.0.1
==============================

001) QC19079  commit date:  29 Jul 2011
---------------------------------------
     XSMG271I error on restarted wildcard copy step when local user on sending 
     node is other than the C:D installer.

002) QC19299  commit date:  29 Jul 2011
---------------------------------------
     SVSJ032I error sending a binary file to a z/OS destination file with V or 
     VB record format.

003) QC19065  commit date:  01 Aug 2011
---------------------------------------
     XSMG605I error when copy step to OS/400 node fails and connection is via 
     Secure+ STS with digital signatures enabled.

004) QC19324  commit date:  05 Aug 2011
---------------------------------------
     Scheduled process fails with XSQF009I error if cdpmgr is recycled before 
     the scheduled process start time.

005) QC19435  commit date:  08 Aug 2011
---------------------------------------
     Files written and closed by C:D on NFS destination may not be immediately 
     ready for processing due to NFS delayed writes.  Added initparm to 
     optionally call fsync function to attempt to flush all data to disk before 
     closing file.  New initparm is "fsync.after.receive" and is part of the 
     "copy.parms" record of initparm.cfg.  It takes a value of 'y' or 'n', with 
     'y' indicating to call fsync before closing a data file that was received. 
     Default value is 'n'.

006) QC19414  commit date:  09 Aug 2011
---------------------------------------
     cdcust option to run "Configurations requiring root privilege" is 
     ineffective when root user is configured with a nologin shell.

007) QC19633  commit date:  15 Aug 2011
---------------------------------------
     cdinstall fails to detect and provide notice when the installed C:D version 
     is newer than the installing version.

-----------------------------------------------------------
iFixes listed above are accumulated in C:D for UNIX 4.1.0.2
-----------------------------------------------------------

==============================
iFixes to C:D for UNIX 4.1.0.2
==============================

001) QC19725  commit date:  27 Sep 2011
---------------------------------------
     Process with snodeid override specified submitted on C:D UNIX node via a 
     submit statement within another C:D process may fail to pass snode security.

NOTE:  The previous designation of 'QC' for a product issue will be transitioned to 
       'RTC' due to the migration to the IBM Rational tool tracking system.  Also, 
       most fixes will also refer to an APAR number pursuant to implementing IBM 
       defect description terminology.

002) RTC303677 / APAR IC81358  commit date:  03 Feb 2012
--------------------------------------------------------
     Statistics archive files may be owned by root.

003) QC20035  commit date:  02 Mar 2012
---------------------------------------
     An LCCA082I error is generated after cdpmgr has been started by root and a Secure+
     configuration command is issued from a KQV client, like Sterling Control Center.

004) QC20157  commit date:  06 Apr 2012
---------------------------------------
     Null pointer dereference vulnerability in ndmsmgr for Secure+ connections.  
     Vulnerability could enable denial of service attack.

005) QC20403  commit date:  06 Apr 2012
---------------------------------------
     Potential for XPMR018I error when client such as Sterling Control Center attempts 
     to update the initparm.cfg file.

006) QC20041  commit date:  09 Apr 2012
---------------------------------------
     Possible denial of service if attacker can play back multiple simulated sessions 
     that include large malformed session control packets that generate lots of errors.

007) QC20473  commit date:  10 Apr 2012
---------------------------------------
     Some records on z/OS VB destination file are not filled to LRECL specification 
     when sending a UNIX file with datatype=binary and codepage conversion specified.

008) QC19832  commit date:  10 Apr 2012
---------------------------------------
     On AIX systems, temporary work files are created in /tmp instead of
     {C:D install dir}/work/{C:D node name} directory for processes submitted by a user 
     without write permission in the {C:D install dir}/work/{C:D node name} directory.

009) QC19857  commit date:  12 Apr 2012
---------------------------------------
     View process command may hang and generate many XUPC023I errors when viewing a 
     submitted process that includes a submit step with an snodeid or pnodeid override.

010) QC20043  commit date:  18 Apr 2012
---------------------------------------
     Stack overflow vulnerability in ndmauthc.  An attacker could exploit the 
     vulnerability to execute commands with CDU installer authority.

011) QC20044  commit date:  19 Apr 2012
---------------------------------------
     Stack overflow vulnerability in modules that read the initparm.cfg file, like 
     cdpmgr and ndmsmgr.

012) QC20158  commit date:  25 Apr 2012
---------------------------------------
     ndmsmgr segmentation violation during S+ connection attempt using a malicious 
     certficate with an inordinately long subject.  Possible denial of service.

013) QC20638  commit date:  25 Apr 2012
---------------------------------------
     ndmcmgr may be terminated by segmentation violation (signal 11 in most cases) 
     when a client such as C:D Browser or Control Center adds a Functional Authority 
     (new user).

014) RTC140725 / APAR IC82150  commit date:  27 Apr 2012
--------------------------------------------------------
     Improved safe initialization procedures for suid files ndmauthc, ndmauths, and 
     cdpmgr.

015) RTC315406  commit date:  27 Apr 2012
-----------------------------------------
     cdinstall indication of disk space requirement to install File Agent is too low.

016) QC19758  commit date:  27 Apr 2012
---------------------------------------
     C:D HP NonStop reports an invalid feedback code in the completion status for a
     run task step submitted to C:D UNIX.

017) RTC328127 / APAR IC83593  commit date:  21 May 2012
--------------------------------------------------------
     On exit, cdcust may give an inappropriate warning about incomplete root 
     authority configurations.

018) RTC103045  commit date:  24 May 2012
-----------------------------------------
     When Secure+ is installed on a node for the first time, it must be initialized.  
     The initialization procedure requires the Connect:Direct node name, but it is not 
     offered by default.

019) RTC326139  commit date:  30 May 2012
-----------------------------------------
     When SSL/TLS is enabled, updating the .SEAServer entry in Secure+ would fail even 
     when External Authentication is disabled: "Error: The .SEAServer host name must 
     be specified."

020) RTC140646  commit date:  31 May 2012
-----------------------------------------
     Clients like Sterling Control Center or Connect:Direct Browser are able to set an 
     invalid tcp.api value in the local.node netmap entry causing future api 
     connections to be rejected.

021) RTC328994 / APAR IC84027  commit date:  08 Jun 2012
--------------------------------------------------------
     spcli may display resolved symbolic link values for pathnames entered with
     symbolic links specified

022) RTC333723 / APAR IC84003  commit date:  08 Jun 2012
--------------------------------------------------------
     When Connect:Direct UNIX (CDU) receives a redirect message, SCPA007I, from 
     Connect:Direct z/OS Plex environment, CDU inappropriately records a non-zero 
     completion code.  Plex redirection is a normal operational flow.

-----------------------------------------------------------
iFixes listed above are accumulated in C:D for UNIX 4.1.0.3
-----------------------------------------------------------

In addition, C:D for UNIX 4.1.0.3 adds certification for AIX 7.1 on IBM pSeries,
and Red Hat Enterprise Linux (RHEL) version 6.2 on Intel and AMD x86/x86-64.

Please note the following list of system libraries that are required to run on RHEL 
6.2:

libXtst-1.0.99.2-3.el6.i686
libXmu-1.0.5-1.el6.i686
libXt-1.0.7-1.el6.i686
libXft-2.1.13-4.1.el6.i686
libX11-1.3-2.el6.i686
libXi-1.3-3.el6.i686
libXext-1.1-3.el6.i686
libXau-1.0.5-1.el6.i686
libXrender-0.9.5-1.el6.i686

==============================