************************************************************************ * P110115 * Connect:Enterprise 1.5.0 fixes after base product. * These fixes require C:E 1.5.0 base product as prerequisite. * * USE THE JCL AT THE BOTTOM OF THIS README TO UNLOAD THE FIXES TO THE * CORRECT LIBRARIES. * ************************************************************************ * Fix Identifier: D18744 Case 266104 Description of Issue: CSC/ICO (Cross System Client/InterConnect Option) EXTRACT fails with RC=08. The SYSPRINT file contains the following messages: CMA150S - EXTRACT FAILED FOR BATCH#: nnnnnnn, MBX APPC ERRCD: 0232 (REQUEST CODE: C$R20) CMA182I - C:E APPC ERRCD 0232: VSAM DATA RECORD TOO LARGE FOR INTERFACE PARAMETER STRUCTURE (IPS) BUFFER CSC/ICO will successfully extract batches containing records up to a maximum LRECL of 32352 bytes. When the LRECL exceeds this value, the extract fails as described above. The reason for this LRECL limitation is because an extract reply (C$H00 header + C$R20 trailer + LLdata) can hold up to a maximum LRECL of 32352, in a single data packet. Since logical batch data records cannot physically span across multiple C$R20 reply packets, this has always been a limititaion, when performing CSC/ICO extracts. Note: Batches, with a longer LRECL of up to 32760, are successfully extracted using the offline utilities (STOUTL EXTRACT). Description of Fix: Modified the CSC/ICO API to support record spanning across multiple R20 replies, up to a maximum LRECL of 32760. The new default behavior for CSC/ICO extract is to support record spanning across multiple R20 replies. A new EXTRACT SYSIN parameter has been added (SPANR20=YES|NO) to optionally turn off R20 record spanning, if desired. Parameter Definition --------- ---------- SPANR20=YES|NO Short form: N/A Abbreviated form: N/A CSC/ICO Utilities: EXTRACT Specifies whether or not long records will be spanned across multiple R20 replies. R20 record spanning allows longer records (LRECL of 32353-32760) to be successfully extracted. NO = Do not span longer logical batch data records across multiple R20 replies. If a batch contains a record longer than 32352 bytes, the extract will fail. YES = Span long logical batch data records across multiple R20 replies. Longer batch data records (i.e. 32353-32760) will be spanned across multiple R20 replies. YES is the default value. User written CICS programs - Instructions to Support R20 Spanning ----------------------------------------------------------------- If you have a CICS program calling the Connect:Enterprise LU62 API (CM62001/CM62002) to perform batch data requests using the C$R20 trailer, you may modfiy your program to support R20 spanning, allowing batches with longer records to be successfully retrieved as follows (see macro C$R20): 1) R20 Request Processing ------------------------- In the initial C$R20 request (i.e. flag byte R20TRLRT is set to R20REQ), set flag byte R20RQFL1 with bit flag R20RSPAN. This indicates to the C:E z/OS online system the requesting program supports R20 spanning and can process logical records which are spanned across multiple R20 replies. R20RQFL1 DS XL1 REQUEST FLAG 1 (API SETS THESE FLAGS) R20RSPAN EQU X'20' R20 RECORD SPANNING SUPPORTED 2) R20 Reply processing ----------------------- Modify you program to check flag byte R20MHFLG for bit flags R20SPANf, R20SPANM, and R20SPANL. Connect:Enterprise will set one of these values in a given C$R20 trailer, when it spans a record across multiple replies. These flags indicate to the requesting program which segment of the spanned record is present in this R20 reply. R20MHFLG DS X R20 MINI HEADER FLAG R20RSPANF EQU X'80' SPANNED RECORD - FIRST SEGMENT * The last LLdata in this R20 * is a first record segment R20RSPANM EQU X'40' SPANNED RECORD - MIDDLE SEGMENT * The first LLdata in this R20 * is a middle record segment R20RSPANL EQU X'20' SPANNED RECORD - LAST SEGMENT * The first LLdata in this R20 * is a last record segment Based on the above flags, modify your program to buffer a spanned, record, piecing it together and then process as normal after the last segment is completed (i.e. R20RSPANL is set). MODULES UPDATED: STCPPR20 STFTPC45 STFTPS41 STOAPI00 STSCDR00 MACRO UPDATED: A$SRB C$R20 CCM$CONW CCM$T00W M$FCWA EXAMPLES UPDATED: CSCEXT LOAD MODULES AFFECTED: STCPPR20 STFTPC45 STFTPS41 STOAPI00 STSCDR00 Fix Availablity Date: May, 2011 High Impact (Y/N): N Reported Severity: 3 Defect is security related(Y/N): N Pre-requisites: Fix Identifier: D18854 Case 284448 Description of Issue: "Multi-Volume-High-Available-RBA" calculation is incorrect when primary volume allocation is greater than 2GB. This calculation erroneously treated the primary volume "High-Allocated-RBA" value as a 32-bit signed integer (instead of 64-bit unsigned integer). Consequently, when the high order bit was turned on (i.e. > 2GB), it was treated as a negative sign, instead of part of the actual RBA value. The net effect is that whenever a >2GB High-Allocated-RBA value was multplied by the number of volumes, it resulted in a large negative number, which in turn caused the space used calculation and space display functions to treat it is as a very large value. Description of Fix: Use grande instructions (LG, MLG, STG) to correctly perform a 64-bit unsigned integer calculation. MODULES UPDATED: BTVSMACS LOAD MODULES AFFECTED: BTVSMSRV Fix Availablity Date: March, 2011 High Impact (Y/N): N Reported Severity: 2 Defect is security related(Y/N): N Pre-requisites: Fix Identifier: D19174 Description of Issue: When a remote FTP client logs on to the C:E z/OS FTP server, the incorrect flag bits are checked when initializing the session control block with values for the following *OPTIONS parameters: - FTP_DEFAULT_SERVER_COLL_EMPTY_BATCH=NO|YES - FTP_DEFAULT_SERVER_XMIT_EMPTY_BATCH=NO|YES The initialization routine erroneously checked the DEFAULT_CLIENT parameter flags, instead of the DEFAULT_SERVER flags. Description of Fix: Modify the check to correclty interrogate the DEFAULT_SERVER flags. MODULES UPDATED: STFTPS30 LOAD MODULES AFFECTED: STFTPS30 Fix Availablity Date: July, 2011 High Impact (Y/N): N Reported Severity: 3 Defect is security related(Y/N): N Pre-requisites: Fix Identifier: D19265 Description of Issue: A STOUTL batch job that has many EXTRACTs in a single step may encounter an "out of storage" type error. Mainly this is seen as: "LSCX100 **** WARNING **** ERRNO = ENOMEM". The reason is that all OUTFILE DDs are kept OPEN until the end of step. Description of Fix: This fix will close the OUTFILE after the current EXTRACT is finished, which will free up the DCB buffers. If the OUTFILE is needed for any subsequent EXTRACT the file will be OPENed with the append option and the data will be written at the end of the file. New/Changed Messages: CMU173I - OUTFILE=xxxxxxxx was reopened in appended mode for this EXTRACT Description: The xxxxxxxx DD was initially opened and closed for a previous EXTRACT and is now being opened again for this EXTRACT and the data will be appended to the end. Action: none MODULES UPDATED: STCMNOOP STCUTAUMT STUTCBAS STUTCEX1 LOAD MODULES AFFECTED: STOUTL STUTAUMT Fix Availablity Date: June 2011 High Impact (Y/N): N Reported Severity: 3 Defect is security related(Y/N): N Pre-requisites: Fix Identifier: D19267 Description of Issue: FTP session can get "hung" in a READ for control port data when the full response (data) is not read into the buffer and another READ has to be done to retrieve the rest. Description of Fix: There are two correction with this fix. One is to ensure that the READ has at least 5 bytes of data when doing SSL. This will ensure the SSL Header has been retrieved. Second fix is to correct the problem when the "NL" X'0D0A' has been split between two READS. MODULES UPDATED: STFTPC05 LOAD MODULES AFFECTED: STFTPC05 Fix Availablity Date: June 2011 High Impact (Y/N): N Reported Severity: 3 Defect is security related(Y/N): N Pre-requisites: Fix Identifier: D19355 Case 316832 Description of Issue: CMB2181E - C:E TCP TCP/IP REQUEST TCPfunc FAILED WITH RC=0071, RSN=011C. A write to the data port (TCPSEND request) resulted in the above messaqe, indicating that the specified File Descriptor (i.e. socket descriptor) is invalid. This was caused by an erroneous attempt to write to the data port after the data connection had already been properly closed and the previously used File Descriptor had been allocated by the system to another session. If the File Descriptor is allocated to another session prior to the erroneous 2nd write attempt, the error will occur. If the File Descriptor is NOT allocated to another session prior to the erroneous 2nd write attempt, the error will not occur. In other words, there is a small window in which this error can occur when multiple auto connect sessions are concurrently processing a put command (STOR/STOU). The timing has to be such that the second erroneous TCP WRITE in a session has to occur after the released socket (File Descriptor) has been re-allocated to another session. Description of Fix: Moved a check from the bottom of a loop to the top of the loop which determines if the data port has already been closed, during put (STOR/STOU) processing. If the data connection is already closed, the loop is exited (TCP write is skipped). MODULES UPDATED: STFTPC45 LOAD MODULES AFFECTED: STFTPC45 Fix Availablity Date: July, 2011 High Impact (Y/N): N Reported Severity: 3 Defect is security related(Y/N): N Pre-requisites: Fix Identifier: D19357 Case 319000 Description of Issue: 0C4 abend occurred when opening the VLF log file during an ICO/CSC (Inter-Connect Option / Cross System Client) C$R20 extract request. The cause of the abend was due to a corrupt address in the TAEB chain (Task Abend Exit Block). Beginning with CUM1404, a performance enhancement was implemented to reduce a pair of redundant OPEN/CLOSE requests against the VLF. With this modification, it became possible that one CP task (Command Processor) could erroneously update the storage belonging to another CP task. Description of Fix: Modify STVSMSWL to use BTVSMOPC (instead of BTVSMOPN), when the program is called by a CP task. This is the open macro already being used for the VPF, VCF and VBQ files, when a CP task opens these files for a transaction which can span across multiple CP subtasks (i.e. C$A20 / C$R20 - add / extract transactions). This modified open macro chains the TAEBs off of the SRB control block, which represents the transaction, instead of chaining them off of storage belonging to a specific task, thus avoiding potential for a data overlay. MODULES UPDATED: STVSMSWL MACRO UPDATED: S$VSMSWL LOAD MODULES AFFECTED: STVSMSWL Fix Availablity Date: July, 2011 High Impact (Y/N): N Reported Severity: 3 Defect is security related(Y/N): N Pre-requisites: Fix Identifier: D19405 Case 322603 Description of Issue: An 0C7 abend can occur in the C:E z/OS FTP client, when the remote FTP server sends an empty file (i.e. open/close data port, without sending any data) -and- the server sends both a positive intermediate 150 reply and final 226 reply to the client. This potential abend condition was introduced by enhancement D17969 (empty batch support), beginning with CUM1405. Description of Fix: During end of batch processing, added a check to validate that a VCF batch control record exist in the buffer and should in fact be updated. MODULES UPDATED: STFTPC35 LOAD MODULES AFFECTED: STFTPC35 Fix Availablity Date: July, 2011 High Impact (Y/N): N Reported Severity: 3 Defect is security related(Y/N): N Pre-requisites: Fix Identifier: D20644 Description of Issue: An SNA session startup error can cause a RC Summary record to not be created and therefore an error occurs when the RC Detail record is attempted to be written. The error is: CMB259E - INVALID VLF RECORD KEY DETECTED - SNAPOUT DUMP CAPTURED Description of Fix: Ensure that a RC Summary record has been written by validating the Date/Time in the VLF record. If needed, then write the RC Summary record which fills in the Date/Time in the LOG record. MODULES UPDATED: STPB10 LOAD MODULES AFFECTED: STPDPB Fix Availablity Date: December 2011 High Impact (Y/N): N Reported Severity: 3 Defect is security related(Y/N): N Pre-requisites: Fix Identifier: I58702 APAR: PM58702 PMR: 90621,999,000 RTC: 250813 Description of Issue: When FTP collected batches are EXTRACTed with STOUTL using RECSEP=Cxx message CMU143I may be issued and the output file may have missing data. Message CMU108W could be issued many times for an EXTRACT command. Description of Fix: Though RECSEP=Cxx should not be used for FTP batches this fix will check and if the batch is FTP collected and if the batch was "recordized" when collected the EXTRACT will function as if RECSEP=Txx coded. Only issue the CMU108W message once for an EXTRACT command if applicable. MODULES UPDATED: STUTCEXT STUTCEX1 STUTCEX3 HEADER UPDATED: #UTCPRMS LOAD MODULES AFFECTED: STOUTL Fix Availablity Date: June 2012 High Impact (Y/N): N Reported Severity: 3 Defect is security related(Y/N): N Pre-requisites: Fix Identifier: I59523 APAR: PM59523 PMR: 32226,49R,000 RTC: 313171 Description of Issue: During Connect:Enterprise shutdown an abend dump may be taken in the BPX address space for an SEC6. COMPON=BPX,COMPID=SCPX1,ISSUER=BPXMIPCE,MODULE=BPXPRSRB+1592, ABEND=S0EC6,REASON=0BF20050 Description of Fix: The AIO for the ACCEPT was being reused for the CANCEL request. This fix will use a new AIO work area for the CANCEL. Also if the TCPSCH trace is active at $$SHUTDOWN the AIO control blocks for the CANCEL request will be output to the SNAPOUT DD. MODULES UPDATED: STCEMB01 LOAD MODULES AFFECTED: STCEMA01 STCEMA06 Fix Availablity Date: June 2012 High Impact (Y/N): N Reported Severity: 3 Defect is security related(Y/N): N Pre-requisites: Fix Identifier: I64971 APAR: PM64971 PMR: 71587,379,000 RTC: 326316 Description of Issue: CMB251E - LOGON SECURITY CHECK FAILED Security Exit sets XX$LGNOK (logon security check complete bit) but the RACROUTE calls are still invoked. Description of Fix: The "User Changeable Area" length has changed in version 1.4 due to the batchid length changing from 24 to 64 bytes and the incorrect length was being checked. This fix also puts the EXIT's program name in the title heading of the dump output that is produced when exit tracing in active. MODULES UPDATED: STFC60 STSP03 STSP103 MACRO UPDATED: M$XCB S$FC60 S$SP03 S$SP103 LOAD MODULES AFFECTED: STFC01 STMAIN Fix Availablity Date: June 2012 High Impact (Y/N): N Reported Severity: 3 Defect is security related(Y/N): Y Pre-requisites: Fix Identifier: FI73294 APAR: PM73294 PMR: 34401,499,000 RTC: 349229 Description of Issue: 1)The following error occured during C:E online shutdown processing: CMB2181E - C:ETCP TCP/IP REQUEST ACCEPT FAILED WITHRC=0071, RS=011C This was caused by an erroneous cancel for a TCP/IP ACCEPT command. 2)The C:E Online final shutdown message is issued prematurely: CMB006I - Connect:Enterprise SHUTDOWN COMPLETE Description of Fix: 1)During shutdown processing, bypass the cancel on the TCP ACCEPT. 2)Issue the CMB006I after all processing is completed, immediately prior to exiting the main C:E Online program (STMAIN). MODULES UPDATED: STMC01 STCEMB01 LOAD MODULES AFFECTED: STMAIN STCEMA01 STCEMA06 Fix Availablity Date: Sept. 2012 High Impact (Y/N): N Reported Severity: 3 Defect is security related(Y/N): N Pre-requisites: None. Fix Identifier: I73543 APAR: PM73543 PMR: 34605,422,000 RTC: 353631 Description of Issue: An ABEND EC6 may be encountered in a Connect:Enterprise FTP server thread. This has been observed when the session is being timed out due to the FTP_CONNECT_INTERVAL value. COMPON=BPX,COMPID=SCPX1,ISSUER=BPXMIPCE,MODULE=BPXPRSRB+1592, ABEND=S0EC6,REASON=0BF20050 Description of Fix: Cancel any outstanding AIO request before reusing the AIO work area for the current I/O request. MODULES UPDATED: STCEMB01 STFTPS30 MACRO UPDATED: M$SMTCB LOAD MODULES AFFECTED: STCEMA01 STCEMA06 STCEMB06 Fix Availablity Date: October 2012 High Impact (Y/N): N Reported Severity: 3 Defect is security related(Y/N): N Pre-requisites: Fix Identifier: I74253 APAR: PM74253 PMR: 60981,442,000 RTC: 359527 Description of Issue: S0C4 PGM=STOUTL +0010287C S0C4 abends at other offsets may be possible. Description of Fix: Recompile all STOUTL elements to pick up any/all changes. A previously updated C header caused storage area offsets to be changed. This change requires ALL elements to be recompiled. MODULES UPDATED: STOUTL LOAD MODULES AFFECTED: STOUTL BTINIRST BTKERMGR BTPCSRV BTTMRSRV : BTVSMOSX BTVSMSRV Fix Availablity Date: December 2012 High Impact (Y/N): N Reported Severity: 3 Defect is security related(Y/N): N Pre-requisites: Fix Identifier: I74468 APAR: PM74468 PMR: 79200,49R,000 RTC: 356567 Description of Issue: Attempting to "Browse" or "Peek" a batch may generate error message: STSCDA00 20070503-14.53 nnnnnnnn ADDVN¦¦¦ #0045711 R15=00000600 RC=7FFFFEF8 RSN=FFFFF811 SCDS is full¦ Description of Fix: This message may be erroneously generated because of the contents of the processors PSA (Prefixed Save Area). STSCDA00 was referencing the low-core address of the PSA instead of addressing the DataSpace contents because of executing in Pri-Mode when the program should be in AR-Mode MODULES UPDATED: STSCDA00 LOAD MODULES AFFECTED: STSCDA00 Fix Availablity Date: December 2012 High Impact (Y/N): N Reported Severity: 3 Defect is security related(Y/N): N Pre-requisites: Fix Identifier: FI80918 APAR: PM80918 PMR: 37579,422,000 RTC: 362642 Description of Issue: (1) DISCINTV does not time out sessions as expected. (2) When a remote FTP Client's data port is using L-1 the session may hang if the port can not be opened. Description of Fix: (1) If a PASV socket attempt fails the status flag is NOT reset and when the DISCINTV timer is reset because the status is still set "get socket" state. This fix will reset the status to the previous state before the "get socket" failure. (2) If the L-1 has not be opened and all retry attempts (if any) have been exhausted set the Data Port flag as "disconnected" which will allow the Control Port timer to not be reset. MODULES UPDATED: STFTPS00 STFTPS30 STFTPS40 STFTPS41 LOAD MODULES AFFECTED: STFTPS00 STFTPS30 STFTPS40 STFTPS41 Fix Availablity Date: February 2013 High Impact (Y/N): N Reported Severity: 3 Defect is security related(Y/N): N Pre-requisites: Fix Identifier: I88886 APAR: PM88886 RTC: 372093 Description of Issue: S0C4 abend during Connect:Enterprise initialization after message CMB333I - Connect:Enterprise GLOBAL STORAGE BLOCK BUILT AT: is issued. Description of Fix: StoInitKernel fails to successfully initialize. TskLocateTsk is executed as part of "early termination". This routine causes the abend due to the previous failure. Eliminating TskLocateTsk when this failurre occurs will cause normal early termination code to proceed which will display the appropriate termination message. Action: Increase the REGION size. MODULES UPDATED: BTINIMGR BT$ENTRY ISPLLIB MODULES AFFECTED: BTKERMGR LOAD MODULES AFFECTED: BTINIRST BTKERMGR BTPCSRV : BTTMRSRV BTVSMSRV STOUTL Fix Availablity Date: May 2013 High Impact (Y/N): N Reported Severity: 3 Defect is security related(Y/N): N Pre-requisites: Fix Identifier: FI89005 APAR: PM89005 PMR: 27692,082,000 RTC: 376770 Description of Enhancement: Add support to allow the default Mailbox ID for an FTP client (TYPE=FTP_CLIENT) to be specified in the remote definition in ODF. Currently, the default is the same as the USER (remote name). Feature Documentation: In the *REMOTES section of the ODF for an FTP CLIENT specify: NAME=rmtname TYPE=FTP_CLIENT DEFAULT_MAILBOX=mailboxid MODULES UPDATED: STFTPS30 STMC35 MACRO UPDATED: M$RCB LOAD MODULES AFFECTED: STFTPS30 STINIT Fix Availablity Date: May 2013 High Impact (Y/N): N Reported Severity: 3 Defect is security related(Y/N): N Pre-requisites: Fix Identifier: FI94117 APAR: PM94117 PMR: 69526,519,000 RTC: 392875 Description of Issue: FTP Auto Connect Scripts uses REXX language scripts. There are several predefined REXX variables that are created in storage so they may be accessible to any external script. Any reading or updating of these variables cause the storage location to be validated using the VSMLOC macro. The usage of the VSMLOC may cause unnecessary high CPU cycles (spike in CPU). Description of Fix: The use of the VSMLOC is being eliminated and replaced with an ESTAE recovery routine in the event that the storage is invalid. MODULES UPDATED: STREXX07 LOAD MODULES AFFECTED: STREXX07 Fix Availablity Date: August 2013 High Impact (Y/N): N Reported Severity: 3 Defect is security related(Y/N): N Pre-requisites: Fix Identifier: FI94936 APAR: PM94936 PMR: N/A RTC: 392745 Description of Issue: z/OS 2.1 compatibility fix 1) IEC190I Invalid DCBE: DCBE ID IS NOT 'DCBE' 2) CMB2181E - C:E TCP TCP/IP REQUEST GIVSOCK FAILED WITH RC=0076, RS=012E Description of Fix: 1) Correct address of DCBE pointer. 2) Move Client_ID to local storage for the BPX1GIV and BPX1TAK services. MODULES UPDATED: STCEMB01 STMC96 LOAD MODULES AFFECTED: STCEMA01 STCEMA06 STMC96 Fix Availablity Date: August 2013 High Impact (Y/N): Y Reported Severity: N/A Defect is security related(Y/N): N Pre-requisites: Fix Identifier: PM96454 APAR: PM96454 PMR: 33780,442,000 RTC: 395298 Description of Issue: CMB2130I - C:E TCPL CONNECT REQUEST REJECTED DUE TO NO AVAILABLE THREADS. When the C:E FTP server thread receives the QUIT command from an FTP client and the previous command was "PASV" the thread will hang if the Control/Data port timers are not set. Description of Fix: When the C:E FTP server thread receives the QUIT command from an FTP client and the previous command was "PASV" then the QUITNOW logic will be executed and prevent the thread from hanging. This fix is aslo enhancing the TCPSCHD trace. MODULES UPDATED: STFTPS30 STCEMB01 LOAD MODULES AFFECTED: STFTPS30 STCEMA01 STCEMA06 Fix Availablity Date: September 2013 High Impact (Y/N): N Reported Severity: 3 Defect is security related(Y/N): N Pre-requisites: Fix Identifier: I97219 APAR: PM97219 PMR: 63741,235,631 RTC: 396267 Description of Issue: Message CMB247W may be issued more than once a minute. This may happen if adding several batches at the same time as a STOUTL ERASE is being executed. Description of Fix: Only issue the CMB247W message once a minute unless the percentage of batches used has changed. MODULES UPDATED: STFC120 STFC20 STUTCER1 MACRO UPDATED: M$SCB LOAD MODULES AFFECTED: STFC01 STFC120 STOUTL Fix Availablity Date: September 2013 High Impact (Y/N): N Reported Severity: 3 Defect is security related(Y/N): N Pre-requisites: Fix Identifier: FI97692 APAR: PM97692 PMR: 57388,499,000 RTC: 397868 Description of Issue: ISPF options 24.19 and 24.20 do not produce JCL for the Batch Utility Functions. Description of Fix: The ISPF skeleton PDS member names were never added to the M@SKELS program when implemented in C:E 1.4.00. MODULES UPDATED: M@SKELS ISPLLIB MODULES AFFECTED: M@SKELS Fix Availablity Date: September 2013 High Impact (Y/N): N Reported Severity: 3 Defect is security related(Y/N): N Pre-requisites: Fix Identifier: I04944 APAR: PI04944 PMR: 73649,499,000 RTC: 401693 Description of Issue: A dynamically added FTP_CLIENT entry defaults to a NULL mailbox ID. Description of Fix: Check MailboxID value and use the USERNAME if the MailboxID is NULL or BLANKS. MODULES UPDATED: STFTPS30 LOAD MODULES AFFECTED: STFTPS30 Fix Availablity Date: October 2013 High Impact (Y/N): N Reported Severity: 3 Defect is security related(Y/N): N Pre-requisites: FI89005 Fix Identifier: I10624 APAR: FI10624 PMR: 66781,49R,000 RTC: 412364 Description of Issue: The CMB006I - Connect:Enterprise SHUTDOWN COMPLETE message is coming out when the VERIFYONLY parameter is used. Description of Fix: Do not issue the CMB006I message when VERIFYONLY is used. MODULES UPDATED: STMC01 LOAD MODULES AFFECTED: STMAIN Fix Availablity Date: February 2014 High Impact (Y/N): N Reported Severity: 3 Defect is security related(Y/N): N Pre-requisites: Fix Identifier: I13783 APAR: PI13783 PMR: 85329,49R,000 (1.4.05) RTC: 414494 PMR: 38652,7TD,000 (1.5.00) RTC: 414464 Description of Issue: CMB238I - xxxxx NOT DEALLOCATED, ACTIVE FILE I/O FOR APPC/FTP Unable to deallocate VBQ/VLF file because a storage overlay causing the file's "use count" to be incorrect. Description of Fix/Enhancement: This fix will attempt to detect that the "use count" has been corrupted and correct it internally. The $$DALLOC command has been enhancement to provide a new FORCE parameter. If the CMB238I message is issued and the file is actually not "in use", you may append the FORCE=YES parameter to the $$DALLOC command to ignore the file's "use count". MODULES UPDATED: STCMDDAL STSP17 : STCPPA20 STCPPO70 STCPPR26 STCPPR30 STCPPR35 : STCPPU22 STCPPU31 STFC101 STSCDM00 STVSMSWI : STVSMSWL MACRO UPDATED: M$RFBLK LOAD MODULES AFFECTED: STCPPA20 STCPPO70 STCPPR26 STCPPR30 STCPPR35 : STCPPU22 STCPPU31 STFC101 STSCDM00 STVSMSWI : STVSMSWL STMAIN Fix Availablity Date: March 2014 High Impact (Y/N): N Reported Severity: 3 Defect is security related(Y/N): N Pre-requisites: Fix Identifier: FI08907 APAR: PI08907 PMR: 35716,004,000 RTC: 413426 This APAR has been revised to include a second description and fix. Description of Issue: 1) CMB2130I - C:E TCPL CONNECT REQUEST REJECTED DUE TO NO AVAILABLE THREADS. When the C:E FTP server thread receives the QUIT command from an FTP client and the previous command was "PASV" the thread will hang if the Control/Data port timers are not set. 2) An FTP Server thread can hang and the DISCINTV does not cause the session to disconnect when using SSL/TLS. Description of Fix: 1) When the C:E FTP server thread receives the QUIT command from an FTP client and the previous command was "PASV" then the QUITNOW logic will be executed and prevent the thread from hanging. 2) Always set the CP timer regardless if the USER has successfully logged in or not. This fix is also enhancing the TCPSCHD trace. MODULES UPDATED: STFTPS30 STCEMB01 STCEMA06 LOAD MODULES AFFECTED: STFTPS30 STCEMA01 STCEMA06 Fix Availablity Date: April 2014 High Impact (Y/N): N Reported Severity: 3 Defect is security related(Y/N): N Pre-requisites: Fix Identifier: FI26743 APAR: PI26743 PMR: 17832,082,000 RTC: 443153 Description of Issue: CMB2174E - C:E TCP THREAD TERMINATION ERROR DETECTED ON TCPACM00 BY STTCPA40. ERROR CODE=0909 $$LIST CERT commands does not free the Thread queue element and will eventually run out if more than 6 are issued. Description of Fix: This fix will reset the ITCQLOCK flag in the element so it will be reused for other Auto Connect requests. MODULES UPDATED: STTCPA00 LOAD MODULES AFFECTED: STTCPA00 Fix Availablity Date: High Impact (Y/N): N Reported Severity: 3 Defect is security related(Y/N): N Pre-requisites: Fix Identifier: FI26901 APAR: PI26901 PMR: 17223,082,000 RTC: 444152 Description of Issue: 1) Connections using SSL/TLS may encounter the following error when processing the QUIT script command: 604 Connection to server terminated by Control Port error. 2) The AC script may still be attempted even if the LOGON failed with a 421 response from the server. Description of Fix: 1) An extra CP Read was being done if the SSL-Goodbye Kiss (1503) was in the last SSL data buffer (1703). The port has already been closed. 2) Check for a 421 response from the PASS command. MODULES UPDATED: STFTPC05 LOAD MODULES AFFECTED: STFTPC05 Fix Availablity Date: Oct 2014 High Impact (Y/N): N Reported Severity: 3 Defect is security related(Y/N): N Pre-requisites: Fix Identifier: FI28122 APAR: PI28122 PMR: 35941,082,000 RTC: 445458 Description of Issue: EOB rule kicked off a SUBMIT and CE did an incorrect symbolic substitution. Customer was using &DATE1 and CE substituted it with the JULIAN DATE + THE NUMBER 1 (201409281). This is the way CE was always designed, but the customer needs to be able to use &DATE1 as is. Description of Fix: Fix introduces new control cards $$VARSUB=ON and $$VARSUB=OFF that can be used to turn symbolic substitution on and off. By default $$VARSUB=ON so customers expecting symbolic substitution are not disrupted. Also the $$VARSUB control cards are deleted before the job is sent to the JES reader. Example: JCL before CE submits //ALEXJCL JOB (1111),'ALEX XU',NOTIFY=AXU1,CLASS=A //* //COPYIT EXEC PGM=IEBGENER //SYSPRINT DD SYSOUT=* //SYSUT1 DD * $$VARSUB=OFF THIS SHOULD BE DELETED &DAYV THIS SHOULD BE NOT SUBSTITUTED. @DAYV THIS SHOULD BE NOT SUBSTITUTED. $$VARSUB=ON THIS SHOULD BE DELETED TOO &DAYV THIS SHOULD BE SUBSTITUTED. @DAYV THIS SHOULD BE SUBSTITUTED. //SYSUT2 DD SYSOUT=* //SYSIN DD DUMMY //* JCL submitted by CE: //ALEXJCL JOB (1111),'ALEX XU',NOTIFY=AXU1,CLASS=A //COPYIT EXEC PGM=IEBGENER //SYSPRINT DD SYSOUT=* //SYSUT1 DD * MY INPUT IS: &DAYV THIS SHOULD BE NOT SUBSTITUTED. @DAYV THIS SHOULD BE NOT SUBSTITUTED. MondayV THIS SHOULD BE SUBSTITUTED. Monday V THIS SHOULD BE SUBSTITUTED. //SYSUT2 DD SYSOUT=* //SYSIN DD DUMMY //* MODULES UPDATED: STRPPI05 LOAD MODULES AFFECTED: STRPPI05 Fix Availablity Date: October 2014 High Impact (Y/N): N Reported Severity: 2 Defect is security related(Y/N): N Pre-requisites: Fix Identifier: FI28142 APAR: PI28142 PMR: N/A RTC: 446181 Description of Issue: This fix is to address the SSL 3.0 Protocol Vulnerability and the POODLE (Padding Oracle On Downgraded Legacy Encryption) Attack. Description of Fix: A new ODF parameter has been implemented that will allow encryption protocols to be enabled or disabled (by not specifying them). SECURITY_PROTOCOL is the new ODF parameter to specify the encryption protocol you wish to enable. SSL=YES functionality has been changed if SECURITY_PROTOCOL is specified. Only those protocols specified in SECURITY_PROTOCOL are enabled. SSL=NO functionality has not been changed. The valid syntax for SECURITY_PROTOCOL is: SECURITY_PROTOCOL=(parm1,parm2) or SECURITY_PROTOCOL=(parm1) Valid values for "parm1" and/or "parm2" are: SSLV3 TLSV1 Example ODF parameters to disable SSLV3 and enable TLSV1: SSL=YES SECURITY_PROTOCOL=(TLSV1) MODULES UPDATED: STCC02 STMC30 STCEMA06 STFTPC05 : STFTPC50 STFTPS30 STTCPS10 LOAD MODULES AFFECTED: STCEMA06 STFTPC05 STFTPC50 STFTPS30 STINIT STMAIN STTCPS10 Fix Availablity Date: October 2014 High Impact (Y/N): Y Reported Severity: 3 Defect is security related(Y/N): Y Pre-requisites: Fix Identifier: FI21277 APAR: PI21277 PMR: N/A RTC: 433085 Description of Issue: $$INVOKE RULES=EOB,BATCHNUM=12345678 causes S0C7 abend and terminates the C:E ONLINE. Description of Fix: Error validation needs corrected to properly set the error status passed back to STCC12. MODULES UPDATED: STSP08 LOAD MODULES AFFECTED: STMAIN Fix Availablity Date: November 2014 High Impact (Y/N): N Reported Severity: 3 Defect is security related(Y/N): N Pre-requisites: Fix Identifier: FI26879 APAR: PI26879 PMR: RTC: 447469 Description of Issue: OPENTEXT FTP Server sends a 214- as a keep-alive. The CE FTP Client treated this as a 226 Transfer Complete. Description of Fix: Correct FTP Client response to the 214- and 214. MODULES UPDATED: STCEMB01 STCEMA06 STFTPC05 LOAD MODULES AFFECTED: STCEMA01 STCEMA06 STMAIN Fix Availablity Date: Dec 2014 High Impact (Y/N): N Reported Severity: 3 Defect is security related(Y/N): N Pre-requisites: Fix Identifier: FI27902 APAR: PI27902 PMR: RTC: 450492 Description of Issue: Connect:Enterprise SSL/TLS connection failed. The full Control Port response for the PROT P command is not being received. The session hangs until the Control Port timeout interval is reached. Description of Fix: The FTP Server was not sending the full response in a single buffer like most servers. Instead the response was split into 2 SSL/TLS messages. This fix is to go issue another TCP READ if the response buffer does not have a valid X'15' NewLine character terminating the message. MODULES UPDATED: STFTPC05 MACRO UPDATED: M$SMTCB LOAD MODULES AFFECTED: STFTPC05 Fix Availablity Date: Dec 2014 High Impact (Y/N): N Reported Severity: 3 Defect is security related(Y/N): N Pre-requisites: Fix Identifier: FI22893 APAR: PI22893 PMR: 15823,019,866 RTC: 436087 Description of Issue: S0C1 writing to NDMCMDS when executing ICO via the ROUTE instruction in an EOB rule. Description of Fix: This fix changes the logic to determine the C:D level by looking at DMGRAT instead of the DMCHLAPI eyecatcher. This will ensure the proper APIINIT call is done for the C:D DDs that ICO uses. This fix also corrects a minor issue with z/OS 2.1 where IEC190I Invalid DCBE: DCBE ID IS NOT 'DCBE' will be issued if using the TRANSLAT DD in the CE Online. LOAD MODULES AFFECTED: STMC96 Fix Availablity Date: January 2015 High Impact (Y/N): N Reported Severity: 3 Defect is security related(Y/N): N Pre-requisites: Fix Identifier: FI10210 APAR: PI10210 PMR: n/a RTC: 410570 Description of Issue: The CE Online was hung after a $$SHUTDOWN command was entered. The hang was caused by the CE Online waiting for a POST back from the VSAM Server that the CLOSE of a file had been done. The VSAM Server never did the POST because of a Storage Validation error. Description of Fix: To resolve this issue when the $$SHUTDOWN is being executed the OUB will now have a 'shutdown' flag turned on and this will be propagated to the VSAM Server. When a file is being closed and the 'shutdown' flag is on then the WAIT/POST logic will be bypassed allowing the the CE Online to finish terminating. MODULES UPDATED: BTPCPC1 BTVSMMGR BTVSMSRC STVSMTRM MACRO UPDATED: M$SMOUB HEADER UPDATED: BT#VSM LOAD MODULES AFFECTED: BTINIRST BTKERMGR BTPCSRV BTTMRSRV BTVSMOSX BTVSMSRV STAP001 STMAIN STMAIN ISPLLIB MODULES AFFECTED: BTKERMGR Fix Availablity Date: January 2015 High Impact (Y/N): N Reported Severity: 3 Defect is security related(Y/N): N Pre-requisites: Fix Identifier: FI36478 APAR: PI36478 PMR: 20853,442,000 RTC: 458246 Description of Issue: AIX FTP Client unable to make successful SSL connection. The AIX client is encrypting the FTP command without a CRLF and then encrypting the CRLF in a packet by itself. The server receives both packets in the same TCP buffer but only decrypts the first, and does another TCP read looking for the CRLF. Since the AIX has already sent it there is nothing to receive, and both sides hang until a time-out. Description of Fix: From TCPSCH traces the gsk_secure_socket_read() function returns with GSK_OK but had remaining data in the buffer. MODULES UPDATED: STCEMA06 STFTPS30 LOAD MODULES AFFECTED: STCEMA06 STFTPS30 Fix Availablity Date: March 2015 High Impact (Y/N): N Reported Severity: 1 Defect is security related(Y/N): N Pre-requisites: Fix Identifier: FI42353 APAR: PI42353 PMR: 94936,004,000 RTC: 467860 Description of Issue: Using ISPF/CICS to turn on FTP tracing can erroneously activate TCPSCH tracing for ALL REMOTES. Description of Fix: Do not issue $$TRACE TCPSCHRMT= if REMOTE is not specified. MODULES UPDATED: STCPPO23 LOAD MODULES AFFECTED: STCPPO23 Fix Availablity Date: June 2015 High Impact (Y/N): N Reported Severity: 3 Defect is security related(Y/N): N Pre-requisites: Fix Identifier: FI49022 APAR: PI49022 PMR: 18835,082,000 RTC: 477525 Description of Issue: REMOTE ODF parameter: REMOTE_FILENAME_LENGTH= is not properly working. It only works for BCHSEP=OPT4. For BCHSEP=NONE or BCHSEP=OPT3 it uses a GLOBAL ODF parameter: FTP_DEFAULT_CLIENT_BCHSEP_OPT3_FILENAME_FORMAT FTP_DEFAULT_CLIENT_BCHSEP_NONE_FILENAME_FORMAT Description of Fix: If REMOTE_FILENAME_LENGTH= is specifically coded on the REMOTE definition then honor it instead of the FTP_DEFAULT parameters. MODULES UPDATED: STFTPC41 LOAD MODULES AFFECTED: STFTPC41 Fix Availablity Date: September 2015 High Impact (Y/N): N Reported Severity: 3 Defect is security related(Y/N): N Pre-requisites: Fix Identifier: FI45207 APAR: PI45207 PMR: 82230,442,000 RTC: 472025 Description of Issue: OPENTEXT FTP Server sends a 214- as a keep-alive. The CE FTP Client may treat this as a Transfer Complete status. Description of Fix: Correct FTP Client response to the 214- and 214 and put a diagnostic DISPLAY out to the Dialog Trace DD that the 226 response is needed. MODULES UPDATED: STFTPC05 LOAD MODULES AFFECTED: STFTPC05 Fix Availablity Date: July 2015 High Impact (Y/N): N Reported Severity: 2 Defect is security related(Y/N): N Pre-requisites: *********************************************************************** * Installing a C:E z/OS fix package from IBM Fix Central. * * The fix consists of one file that must be untersed/unpacked using * the IBM program TRSMAIN. The file created from this will be a PDS. * There will usually only be three members in this PDS: * OBJECT, LOAD and SOURCE. * These PDS members are in TSO TRANSMIT format and must be converted * into PDS libraries using the TSO RECEIVE command. * * The following steps will assist you in doing these procedures. * * 1) Allocate file to contain the BIN dataset from the zipped file. * //ALLOCATE JOB ... //ALLOC1 EXEC PGM=IEFBR14 //GETFIX DD DISP=(NEW,CATLG,DELETE), // DSN=$CE.V1500.P110115.BIN, <== BIN file from zipped file // SPACE=(CYL,(2,2),RLSE), // DCB=(DSORG=PS,RECFM=FB,LRECL=1024,BLKSIZE=6144),UNIT=SYSDA //* * 2) Run JCL like the following to UNPACK the BIN dataset into a PDS. //UNPACK JOB ... //****************************************************************** //* //* This step will create a PDS with the following members: //* OBJECT //* LOAD //* SOURCE //* Each member is a PDS that is in TSO TRANSMIT format. //* //****************************************************************** //UNPACK EXEC PGM=TRSMAIN,PARM=UNPACK //SYSPRINT DD SYSOUT=X //INFILE DD DISP=SHR,DSN=$CE.V1500.P110115.BIN //OUTFILE DD DISP=(NEW,CATLG), // DSN=$CE.V1500.P110115.XMIPDS, // SPACE=(TRK,(100,5,10),RLSE),UNIT=SYSDA //* * 3) Run JCL like the following to TSO RECEIVE the UNPACKED members * to a PDS. Do not allocate the libraries before running * this job. They will be allocated for you. //****************************************************************** //* RECEIVE FIX file IN WEB/EMAIL FORMAT INTO PDS FORMAT. //* Note: May require dataset such as tsoid.NAMES.TEXT with content: //* :NICK. tsoid //* :USERID. tsoid //* :NAME. C:E FIX //****************************************************************** //RECVPDS EXEC PGM=IKJEFT01,DYNAMNBR=55,COND=(0,NE) //SYSPRINT DD SYSOUT=X //SYSTSPRT DD SYSOUT=X //SYSTSIN DD * RECEIVE USERID(tsoid) - INDATASET('$CE.V1500.P110115.XMIPDS(SOURCE)') DSNAME('$CE.V1500.P110115.SOURCE') - UNIT(SYSDA) RECEIVE USERID(tsoid) - INDATASET('$CE.V1500.P110115.XMIPDS(OBJECT)') DSNAME('$CE.V1500.P110115.OBJECT') - UNIT(SYSDA) RECEIVE USERID(tsoid) - INDATASET('$CE.V1500.P110115.XMIPDS(LOAD)') DSNAME('$CE.V1500.P110115.LOAD') - UNIT(SYSDA) //* * After running the TSO RECEIVE job, your fix will be in the PDS, * P110115.load. * *********************************************************************** * 4) Run JCL like the following to copy the LOAD, OBJECT and SOURCE * members into Connect:Enterprise libraries. These C:E fix libraries * need to be concatenated with your base C:E libraries or merged * with them. It is suggested that if you plan to merge your base * and fix libraries, that you first test by concatenating them or * make a backup of your base libraries so that the fix libraries * can be backed out if necessary. See concatenating example below: * * //STEPLIB DD DISP=SHR,DSN=$CE.RDX150.P110115.LOAD * DISP=SHR,DSN=$CE.RDX150.CUM.LOAD * DISP=SHR,DSN=$CE.RDX150.BASE.LOAD //ALLOCATE JOB ... //* //ALLCOPY PROC HLQ=$CE.RDX150.P110115, // RF=FB,LR=80,BL=0,PR=,SE=,DIR=44, // OLIB=,COPY= //* //ALLOC EXEC PGM=IEFBR14 //ALLOCDS DD DISP=(NEW,CATLG),DSN=&HLQ..&OLIB, // UNIT=SYSDA,SPACE=(TRK,(&PR,&SE,&DIR)), // DCB=(BLKSIZE=&BL,LRECL=&LR,RECFM=&RF,DSORG=PO) //* //COPY EXEC PGM=IEBCOPY //SYSPRINT DD SYSOUT=* //INLOAD DD DISP=OLD,DSN=$CE.V1500.P110115.LOAD //INSOURCE DD DISP=OLD,DSN=$CE.V1500.P110115.SOURCE //INOBJECT DD DISP=OLD,DSN=$CE.V1500.P110115.OBJECT //SYSUT2 DD DISP=SHR,DSN=&HLQ..&OLIB //SYSIN DD DISP=SHR,DSN=$CE.V1500.P110115.SOURCE(©) //* // PEND //* //* Split out C:E RDX Maintenance //EXAMPLE EXEC ALLCOPY,OLIB=EXAMPLE,PR=3,SE=1,DIR=44,COPY=$$CEXP //OBJECT EXEC ALLCOPY,OLIB=OBJECT,PR=60,SE=30,DIR=89,COPY=$$COBJ, // BL=3200 //SOURCE EXEC ALLCOPY,OLIB=SOURCE,PR=15,SE=5,DIR=44,COPY=$$CSRC //LOAD EXEC ALLCOPY,OLIB=LOAD,PR=90,SE=30,DIR=89,COPY=$$CLOAD, // BL=6144,RF=U,LR=0 //* //* //* Split out C:E RDX CICS Interface Maintenance //CILOAD EXEC ALLCOPY,OLIB=CILOAD,PR=15,SE=5,DIR=44,COPY=$$CCLOAD, // RF=U,LR=0,BL=6144 //* //* //* Split out C:E RDX ISPF Interface Maintenance //ISPLLIB EXEC ALLCOPY,OLIB=ISPLLIB,PR=15,SE=5,DIR=44,COPY=$$CILLIB, // BL=6144,RF=U,LR=0 //ISPPLIB EXEC ALLCOPY,OLIB=ISPPLIB,PR=3,SE=1,DIR=44,COPY=$$CIPLIB //ISPSLIB EXEC ALLCOPY,OLIB=ISPSLIB,PR=3,SE=1,DIR=44,COPY=$$CISLIB //ISPMLIB EXEC ALLCOPY,OLIB=ISPMLIB,PR=3,SE=1,DIR=44,COPY=$$CIMLIB //ISPTLIB EXEC ALLCOPY,OLIB=ISPTLIB,PR=3,SE=1,DIR=44,COPY=$$CITLIB //* *********************************************************************** * 5) This fix updated load module STMAIN and/or program STTC10. * If you relinked STMAIN during your initial installation of * Connect:Enterprise because of sensitivity to the BTAM RESETPL * macro level at your site, please relink STMAIN using EXAMPLE * JCL member ASMTC10 after installing this maintenance.