========================================================== Maintenance for IBM Sterling Connect:Direct for UNIX 4.1.0 ========================================================== This maintenance archive includes module replacements for the C:D UNIX 4.1.0 code base. It is applicable to C:D UNIX version 4.1.0, and contains all the new functionality and fixes as described in the C:D UNIX 4.1.0 Release notes, as well as fixes for the issues listed below. This release implements IBM's standard V.R.M.F method of identifying software. V, R, M and F are Version, Release, Modification and Fix Pack respectively. In general, V.R.M imply new functionality, while F is an accumulation of fixes called a Fix Pack. The term Fix Pack will be used going forward in place of Cumulative Maintenance. Individual fixes also have a new name, Interim Fixes, or iFixes for short. iFixes are numbered sequentially from one starting with any increment to V, R, M or F. Please see IBM's website for further details regarding this methodology. After applying the maintenance, the CLI banner will report that your C:D version is 4.1.0.x, where x is the current Fix Pack. It will also display the date that the maintenance was created. For more information, please refer to the C:D UNIX 4.1.0 Release Notes. ============================== iFixes to C:D for UNIX 4.1.0.0 ============================== 001) QC18588 commit date: 18 Apr 2011 --------------------------------------- Stack overflow exploit potential in ndmsmgr. 002) QC18587 commit date: 25 Apr 2011 --------------------------------------- Null pointer dereference vulnerability in ndmsmgr. 003) QC18972 commit date: 26 Apr 2011 --------------------------------------- Added "daily" keyword that when specified with an elapsed time in the startt parameter of a submit command will schedule the process for the next day at the specified time. 004) QC19021 commit date: 26 Apr 2011 --------------------------------------- Trailing blanks are not stripped from first record of a text file received with strip.blanks=yes and codepage conversion. 005) QC18999 commit date: 06 May 2011 --------------------------------------- XIPT011I error when Control Center attempts to import a large (greater than 16k) trusted certificate file. 006) QC19050 commit date: 22 Jun 2011 --------------------------------------- Added functionality to allow server connections to strongly secure sensitive information in session overhead and leave data which may not be sensitive unencrypted to enhance performance. Documentation for this feature and how to use it is available on our IBM Sterling Support Center website. ----------------------------------------------------------- iFixes listed above are accumulated in C:D for UNIX 4.1.0.1 ----------------------------------------------------------- ============================== iFixes to C:D for UNIX 4.1.0.1 ============================== 001) QC19079 commit date: 29 Jul 2011 --------------------------------------- XSMG271I error on restarted wildcard copy step when local user on sending node is other than the C:D installer. 002) QC19299 commit date: 29 Jul 2011 --------------------------------------- SVSJ032I error sending a binary file to a z/OS destination file with V or VB record format. 003) QC19065 commit date: 01 Aug 2011 --------------------------------------- XSMG605I error when copy step to OS/400 node fails and connection is via Secure+ STS with digital signatures enabled. 004) QC19324 commit date: 05 Aug 2011 --------------------------------------- Scheduled process fails with XSQF009I error if cdpmgr is recycled before the scheduled process start time. 005) QC19435 commit date: 08 Aug 2011 --------------------------------------- Files written and closed by C:D on NFS destination may not be immediately ready for processing due to NFS delayed writes. Added initparm to optionally call fsync function to attempt to flush all data to disk before closing file. New initparm is "fsync.after.receive" and is part of the "copy.parms" record of initparm.cfg. It takes a value of 'y' or 'n', with 'y' indicating to call fsync before closing a data file that was received. Default value is 'n'. 006) QC19414 commit date: 09 Aug 2011 --------------------------------------- cdcust option to run "Configurations requiring root privilege" is ineffective when root user is configured with a nologin shell. 007) QC19633 commit date: 15 Aug 2011 --------------------------------------- cdinstall fails to detect and provide notice when the installed C:D version is newer than the installing version. ----------------------------------------------------------- iFixes listed above are accumulated in C:D for UNIX 4.1.0.2 ----------------------------------------------------------- ============================== iFixes to C:D for UNIX 4.1.0.2 ============================== 001) QC19725 commit date: 27 Sep 2011 --------------------------------------- Process with snodeid override specified submitted on C:D UNIX node via a submit statement within another C:D process may fail to pass snode security. NOTE: The previous designation of 'QC' for a product issue will be transitioned to 'RTC' due to the migration to the IBM Rational tool tracking system. Also, most fixes will also refer to an APAR number pursuant to implementing IBM defect description terminology. 002) RTC303677 / APAR IC81358 commit date: 03 Feb 2012 -------------------------------------------------------- Statistics archive files may be owned by root. 003) QC20035 commit date: 02 Mar 2012 --------------------------------------- An LCCA082I error is generated after cdpmgr has been started by root and a Secure+ configuration command is issued from a KQV client, like Sterling Control Center. 004) QC20157 commit date: 06 Apr 2012 --------------------------------------- Null pointer dereference vulnerability in ndmsmgr for Secure+ connections. Vulnerability could enable denial of service attack. 005) QC20403 commit date: 06 Apr 2012 --------------------------------------- Potential for XPMR018I error when client such as Sterling Control Center attempts to update the initparm.cfg file. 006) QC20041 commit date: 09 Apr 2012 --------------------------------------- Possible denial of service if attacker can play back multiple simulated sessions that include large malformed session control packets that generate lots of errors. 007) QC20473 commit date: 10 Apr 2012 --------------------------------------- Some records on z/OS VB destination file are not filled to LRECL specification when sending a UNIX file with datatype=binary and codepage conversion specified. 008) QC19832 commit date: 10 Apr 2012 --------------------------------------- On AIX systems, temporary work files are created in /tmp instead of {C:D install dir}/work/{C:D node name} directory for processes submitted by a user without write permission in the {C:D install dir}/work/{C:D node name} directory. 009) QC19857 commit date: 12 Apr 2012 --------------------------------------- View process command may hang and generate many XUPC023I errors when viewing a submitted process that includes a submit step with an snodeid or pnodeid override. 010) QC20043 commit date: 18 Apr 2012 --------------------------------------- Stack overflow vulnerability in ndmauthc. An attacker could exploit the vulnerability to execute commands with CDU installer authority. 011) QC20044 commit date: 19 Apr 2012 --------------------------------------- Stack overflow vulnerability in modules that read the initparm.cfg file, like cdpmgr and ndmsmgr. 012) QC20158 commit date: 25 Apr 2012 --------------------------------------- ndmsmgr segmentation violation during S+ connection attempt using a malicious certficate with an inordinately long subject. Possible denial of service. 013) QC20638 commit date: 25 Apr 2012 --------------------------------------- ndmcmgr may be terminated by segmentation violation (signal 11 in most cases) when a client such as C:D Browser or Control Center adds a Functional Authority (new user). 014) RTC140725 / APAR IC82150 commit date: 27 Apr 2012 -------------------------------------------------------- Improved safe initialization procedures for suid files ndmauthc, ndmauths, and cdpmgr. 015) RTC315406 commit date: 27 Apr 2012 ----------------------------------------- cdinstall indication of disk space requirement to install File Agent is too low. 016) QC19758 commit date: 27 Apr 2012 --------------------------------------- C:D HP NonStop reports an invalid feedback code in the completion status for a run task step submitted to C:D UNIX. 017) RTC328127 / APAR IC83593 commit date: 21 May 2012 -------------------------------------------------------- On exit, cdcust may give an inappropriate warning about incomplete root authority configurations. 018) RTC103045 commit date: 24 May 2012 ----------------------------------------- When Secure+ is installed on a node for the first time, it must be initialized. The initialization procedure requires the Connect:Direct node name, but it is not offered by default. 019) RTC326139 commit date: 30 May 2012 ----------------------------------------- When SSL/TLS is enabled, updating the .SEAServer entry in Secure+ would fail even when External Authentication is disabled: "Error: The .SEAServer host name must be specified." 020) RTC140646 commit date: 31 May 2012 ----------------------------------------- Clients like Sterling Control Center or Connect:Direct Browser are able to set an invalid tcp.api value in the local.node netmap entry causing future api connections to be rejected. 021) RTC328994 / APAR IC84027 commit date: 08 Jun 2012 -------------------------------------------------------- spcli may display resolved symbolic link values for pathnames entered with symbolic links specified 022) RTC333723 / APAR IC84003 commit date: 08 Jun 2012 -------------------------------------------------------- When Connect:Direct UNIX (CDU) receives a redirect message, SCPA007I, from Connect:Direct z/OS Plex environment, CDU inappropriately records a non- zero completion code. Plex redirection is a normal operational flow. ----------------------------------------------------------- iFixes listed above are accumulated in C:D for UNIX 4.1.0.3 ----------------------------------------------------------- In addition, C:D for UNIX 4.1.0.3 adds certification for AIX 7.1 on IBM pSeries, and Red Hat Enterprise Linux (RHEL) version 6.2 on Intel and AMD x86/x86-64. Please note the following list of system libraries that are required to run on RHEL 6.2: libXtst-1.0.99.2-3.el6.i686 libXmu-1.0.5-1.el6.i686 libXt-1.0.7-1.el6.i686 libXft-2.1.13-4.1.el6.i686 libX11-1.3-2.el6.i686 libXi-1.3-3.el6.i686 libXext-1.1-3.el6.i686 libXau-1.0.5-1.el6.i686 libXrender-0.9.5-1.el6.i686 ============================== iFixes to C:D for UNIX 4.1.0.3 ============================== 001) RTC336221 / APAR IC85214 commit date: 09 Aug 2012 -------------------------------------------------------- If multiple comm.info fields are defined in a netmap entry (valid for some SNA connections), cdpmgr will leak memory whenever the netmap entry is referenced. 002) RTC336094 / APAR IC84762 commit date: 17 Aug 2012 -------------------------------------------------------- comm.bufsize value defaults to 4096 when it's not specified in either the remote node record or the local.node record of the netmap.cfg file. Documented default is 65536. 003) RTC345214 / APAR IC86456 commit date: 13 Sep 2012 -------------------------------------------------------- Improper upgrade procedure resulting in mismatched Secure+ libraries causes cdpmgr to hang on start up. 004) RTC350216 / APAR IC86881 commit date: 03 Oct 2012 -------------------------------------------------------- Secure cdpmgr initialization procedure to sanitize inherited environment variables, added for APAR IC82150, may prevent run task steps that depend on one or more of the inherited environment variables from working properly. Solution adds initparm record ndm.env_vars:sanitize=[y|n] to allow user option to prevent cdpmgr from sanitizing inherited environment variables. Default value is 'y'. NOTE: This new initparm is added for convenience. IBM recommends coding run task steps so that they don't rely on inherited environment variables. 005) RTC336848 / APAR IC85987 commit date: 31 Oct 2012 -------------------------------------------------------- cdpmgr server is killed when command logging is turned on and a client, such as Sterling Control Center, attempts to import a large Secure+ trusted certificates file. 006) RTC356606 / APAR IC88093 commit date: 09 Nov 2012 -------------------------------------------------------- Certain business scenarios may require the need to specify a non-standard record delimiter for UNIX text files. Added new copy step sysopt called RECDL. The value of this sysopt is specified as x{hex value of character to be used as the text file record delimiter}, and will cause C:D to use the indicated character as the text file record delimiter instead of the traditional ASCII LF. For example, if the source file is in EBCDIC and using the EBCDIC NL (new line character) as the record delimiter, the source file sysopts would include ":RECDL=x15:". 007) RTC341549 / APAR IC86449 commit date: 24 Jan 2013 -------------------------------------------------------- On AIX 6.1 and above, a copy step that overwrites a local file to which the local user has no write permission is successful. 008) RTC349446 / APAR IC87996 commit date: 28 Jan 2013 -------------------------------------------------------- The Partitioned Data Set (PDS) member name, key word PPMN, is listed twice in the Copy Termination Record (record id CTRC) that is logged to statistics when copying a file to or from a zSeries PDS member. 009) RTC355425 / APAR IC89092 commit date: 28 Jan 2013 -------------------------------------------------------- Upgrading to 4.1.0 from a release previous to 4.1.0 configured with Secure+ generates some inappropriate messages indicating that the initialize Secure+ operation failed. 010) RTC363760 / APAR IC89667 commit date: 09 May 2013 -------------------------------------------------------- Secure+ SSL connection initiated to Connect:Direct for z/OS uses a 16k buffer even when both sides have larger buffer sizes specified. 011) RTC363064 / APAR IC89513 commit date: 09 May 2013 -------------------------------------------------------- On some Solaris systems, CLI may fail to connect, reporting XSEC016I message. ndmauthc or ndmauths may also generate a core file when this happens. 012) RTC374346 / APAR IC91973 commit date: 09 May 2013 -------------------------------------------------------- Greater than two gig file transfers fail with XSQF006I on Linux systems with kernel version 3.x. 013) RTC373823 / APAR IC91661 commit date: 09 May 2013 -------------------------------------------------------- Custom program using the Connect:Direct UNIX API may generate XCMG000I errors when submitting a command. Server may show an XSEC012I error concurrently. 014) RTC371183 / APAR IC92400 commit date: 09 May 2013 -------------------------------------------------------- Run task steps that rely on a LANG environment variable setting other than the system default value execute incorrectly. ----------------------------------------------------------- iFixes listed above are accumulated in C:D for UNIX 4.1.0.4 ----------------------------------------------------------- ============================== iFixes to C:D for UNIX 4.1.0.4 ============================== 001) RTC380719 / APAR IC93901 commit date: 03 Jul 2013 -------------------------------------------------------- XUTL003I error generated when non default CLI configuration file name is used. 002) RTC382658 / APAR IC93913 commit date: 08 Jul 2013 -------------------------------------------------------- Automated install fails with CDAI019E message when the target installation directory already exists. Solution adds installation variable named cdai_ignoreExistingInstallDir (--ignoreExistingInstallDir from the command line) with a default value of "n". Setting the variable to "y" causes cdinstall_a to ignore an existing target installation directory and proceed with the installation. Use this variable with caution when engaging in automated deployment across multiple systems. 003) RTC387381 / APAR IC94090 commit date: 12 Jul 2013 -------------------------------------------------------- DBCS converted data received from a FB record format source file is corrupted. 004) RTC383178 / APAR IC94423 commit date: 26 Jul 2013 -------------------------------------------------------- Copy step sending a file to a new data set on Connect:Direct for z/OS fails and reports SVSH018I message when the block size for the new file is specified as or defaulted to zero. 005) RTC390618 / APAR IC94780 commit date: 09 Aug 2013 -------------------------------------------------------- Copy step receiving a file in binary mode may fail and report XCPR001I message. 006) RTC391980 / APAR IC94963 commit date: 16 Aug 2013 -------------------------------------------------------- Copy step sending a zero byte source file to a z/OS destination file with VB record format fails and reports various error messages, including SVSJ013I and SVS5018I. 007) RTC383156 / APAR IC95144 commit date: 26 Aug 2013 -------------------------------------------------------- Connect:Direct for UNIX configured to use PAM authentication fails to reject a user with an invalid account, for example, an account with an expired password. 008) RTC395446 / APAR IC95766 commit date: 05 Sep 2013 -------------------------------------------------------- Session establishment and run task processing may slow down with high session concurrency, particularly running on AIX with system auditing turned on. 009) RTC391741 / APAR IC95823 commit date: 10 Sep 2013 -------------------------------------------------------- spadmin.sh or spcli.sh can fail to execute, reporting java error StringIndexOutOfBoundsException. 010) RTC391977 / APAR IC95830 commit date: 13 Sep 2013 -------------------------------------------------------- Copy to Connect:Direct for z/OS with disp=old specification may result in altered destination file allocation DCB specifications. Copy step may also fail with errors similar to SVSJ032I. 011) RTC390415 / APAR IC96647 commit date: 14 Oct 2013 -------------------------------------------------------- cfgcheck doesn't generate a warning when a configuration file contains duplicate record names. 012) RTC383962 / APAR IC93810 commit date: 14 Oct 2013 -------------------------------------------------------- cfgcheck reports XRIA002I for validly configured initparm.cfg records ndm.env_vars and secure+ and the copy.parms record parameter fsync.after.receive. 013) RTC401300 / APAR IC97377 commit date: 01 Nov 2013 -------------------------------------------------------- Copy step sending a file to a new data set on Connect:Direct for z/OS fails and reports SVSH018I message when the record format for the new file is specified as Fixed Block (FB) and no other DCB attributes are specified. 014) RTC396978 / APAR IC97870 commit date: 21 Nov 2013 -------------------------------------------------------- SPCli doesn't support updating the Base Record of the .Local node. Solution adds following syntax to the update localnode command: BaseName=. 015) RTC397838 / APAR IC98425 commit date: 19 Dec 2013 -------------------------------------------------------- Automated installation script, cdinstall_a, hangs if the trace command line option is specified as yes and there is no options file specified. 016) RTC405133 / APAR IC98685 commit date: 13 Jan 2014 -------------------------------------------------------- Excessive statistics generated causing performance degradation when the sess.default value for a remote node is set to some value greater than one, and multiple processes get queued up for that remote node. 017) RTC409075 / APAR IC98932 commit date: 23 Jan 2014 -------------------------------------------------------- Auditing processes on AIX 6.1 and greater may consume significant CPU resources during and after a Connect:Direct for UNIX high load scenario. 018) RTC409808 / APAR IC99214 commit date: 06 Feb 2014 -------------------------------------------------------- Multiple concurrent API connections submitting processes for execution may occasionally confuse two C:D processes, such that the one process is submitted twice, running once with the correct process name and number, and again with an incorrect process name and number, and the other process not running at all. Alternatively, the issue might manifest as occasional XSQF009I and XSMG405I event messages with fdbk=2 referring to temporary files in the Connect:Direct for UNIX work directory. 019) RTC411883 / APAR IC99434 commit date: 12 Feb 2014 -------------------------------------------------------- IBM Sterling Connect:Direct for UNIX is affected by a vulnerability in the IBM Runtime Environment, Java(TM) Technology Edition (CVE-2013-1500). NOTE: This fix ends Connect:Direct for UNIX support for SLES 9, as the updated JRE required doesn't run on that version. SuSE ended support for SLES 9 in 2011. 020) RTC402862 / APAR IC99558 commit date: 21 Feb 2014 -------------------------------------------------------- Automated install script cdinstall_a will fail reporting CDAI025E if the default umask setting for the adminUserid is more restrictive than 22. Solution adds installation variable named cdai_allowUmaskReset (-- allowUmaskReset from the command line) with a default value of "y". Variable has no effect if the default umask of the adminUserid is 22 or less. If the default umask of the adminUserid is greater than 22, "y" causes cdinstall_a to reset the umask of the adminUserid to 22. Setting the variable to "n" in that case causes cdinstall_a to proceed with the more restrictive than recommended umask setting. Caution: If the installation procedure proceeds with a umask setting that is more restrictive than the recommended value, some users may not have the necessary permissions to use Connect:Direct for UNIX. 021) RTC406237 / APAR IC99599 commit date: 26 Feb 2014 -------------------------------------------------------- cdcust may generate a false warning that Connect:Direct configurations requiring root authority were not completed when run on a system with SELinux ACL implemented. 022) RTC400200 / APAR IT00471 commit date: 20 Mar 2014 -------------------------------------------------------- On some Linux systems, run task steps will generate system log messages indicating ndmsmgr attempted an unknown command via ioctl32. 023) RTC420670 / APAR IT01040 commit date: 16 Apr 2014 -------------------------------------------------------- Processes may fail reporting XSQF009I, "Get step return code file failed" when a step return code file with the same name exists. Step return code files are temporary files used by Connect:Direct to capture state information of a running process. Compounding the problem, the error for this scenario does not get propagated to the PRED statistic record, causing a client that submitted the process programmatically and waited on the result to conclude the process succeeded. 024) RTC423881 / APAR IT01701 commit date: 09 May 2014 -------------------------------------------------------- z/OS file allocation attributes specified in a type defaults file (typekey) may not be honored. Copy step may also fail with errors similar to SVSJ032I. 025) RTC418516 / APAR IT02062 commit date: 03 Jun 2014 -------------------------------------------------------- The first several characters of the file name specification are cut off when received by 64 bit File Open Exits on Linux or Solaris x86 platforms. WARNING: All File Open Exits, including 32 bit versions, must be recompiled after applying this fix. 026) RTC423131 / APAR IT02518 commit date: 12 Jun 2014 -------------------------------------------------------- An XPAE003I message is generated for a select statistics command issued with a destfile or srcfile parameter value enclosed in double quotes, which are required if the value contains spaces, equal signs or other reserved characters. 027) RTC429551 / APAR IT02558 / CVE-2014-0224 commit date: 30 Jun 2014 ------------------------------------------------------------------------ Connect:Direct for UNIX Secure+ Option uses OpenSSL, which is vulnerable to a man-in-the-middle attack, caused by the use of weak keying material in SSL/TLS clients and servers. A remote attacker could exploit this vulnerability using a specially-crafted handshake to conduct man-in-the-middle attacks to decrypt and modify traffic. WARNING: FIPS mode is no longer supported in this release for HP-UX! This applies to both PA-RISC and Itanium. BEFORE applying this fix, HP-UX customers MUST disable all FIPS mode for all nodes. If HP-UX customers do not disable FIPS mode before applying this fix, all FIPS mode sessions will fail, and FIPS mode cannot be disabled once the fix has been applied. HP-UX customers that require FIPS mode support must upgrade to Connect:Direct for UNIX 4.2.0 to remediate this issue. NOTE: Key certificates using the PKCS5 1.5 PBE-MD5-DES algorithm to encrypt the private key need to be converted manually. See http://www.ibm.com/support/docview.wss?uid=swg21676660 for details. 028) RTC433224 / APAR IT03227 commit date: 17 Jul 2014 -------------------------------------------------------- The fsync.after.receive initparm option, used to make sure files written and closed by C:D on an NFS destination are immediately ready for processing, doesn't detect when the NFS resource is out of space. Note, the fix for this issue changes the fsync.after.receive default value to "Y". 029) RTC392436 / APAR IT03077 commit date: 18 Jul 2014 -------------------------------------------------------- An upgrade command performed by the automated installation script (cdinstall_a) will fail if pre-existing configuration files don't pass the configuration check, or if the sample.cd process fails to complete successfully, even when the configuration errors or sample.cd operation failure is considered tolerable. Fix adds a variable to cdinstall_a called cdai_verifyUpgrade. This variable allows users to choose whether to verify an upgrade or not. Valid values are "y" (the default) and "n". 030) RTC431679 / APAR IT03078 commit date: 18 Jul 2014 -------------------------------------------------------- The automated installation script, cdinstall_a, doesn't provide an option to deploy a custom trusted root certificate file. Fix adds a variable, cdai_trustedRootCertFile, that allows users to deploy a custom trusted root certificate file. If cdai_trustedRootCertFile is specified, then the automated installation will arbitrarily use this file as the trusted root certificate file. If cdai_trustedRootCertFile is not specified, then the automated installation procedure will customize and use the default trusted root certificate file that is included in the Connect:Direct for UNIX installation file. The default trusted root certificate file will be customized by adding the certificate portion of the deployed keycert file and any other deployed certificates to it. 031) RTC431680 / APAR IT03079 commit date: 18 Jul 2014 -------------------------------------------------------- Some Secure+ certificate files deployed during an automated installation (cdinstall_a) end up owned by root. 032) RTC102568 / APAR IT03815 commit date: 20 Aug 2014 -------------------------------------------------------- An interrupted snode process goes into WAIT/WS state until pnode resumes the process. If pnode never resumes the process, the snode process will remain in the TCQ in WAIT/WS indefinitely. Fix adds a new parameter to the tcq record of the initparm.cfg, ckpt.max.age. This parameter specifies the number of days that an snode process will remain in WAIT/WS state waiting for the pnode to resume the process before it is automatically deleted. The default value is 8. 033) RTC438479 / APAR IT04033 commit date: 28 Aug 2014 -------------------------------------------------------- Connect:Direct for UNIX Secure+ Option uses OpenSSL, which is vulnerable to the following two issues: CVE-2014-3508: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in OBJ_obj2txt. If applications echo pretty printing output, an attacker could exploit this vulnerability to read information from the stack. CVE-2014-3511: OpenSSL could allow a remote attacker to bypass security restrictions, caused by the negotiation of TLS 1.0 instead of higher protocol versions by the OpenSSL SSL/TLS server code when handling a badly fragmented ClientHello message. An attacker could exploit this vulnerability using man-in-the-middle techniques to force a downgrade to TLS 1.0.