Aug 23th 2016 Dear Connect:Direct for i5/OS customer, Enclosed please find a CD containing the latest cumulative maintenance for Connect:Direct for i5/OS 3.8.00. Please call IBM for details on IBM APARs. Cumulative Maintenance Contents: 1608A ---------------------------------------------- All the modified objects which are addressed by following issues. ======================= D380F1503A ================================ APAR IT06028 Process is not running using permanent session managers. Solution: Put a counter in to allow 15 processes to run, then start a new session manager, working on a more permanent fix. Object: PMGR - PMGR (PGM) IT07472 Error CSPA081E-Unable to initialize workspace, after upgrading to 3.8, remote netmap was not in SPADMIN. Solution: Put back in logic to issue a warning Object: SMMAIN - SMMAIN (PGM) IC99154 If the SNODEID JOBD has more then 52 libraries in their list we receive an error CPF9999 Solution: Increase variables to allow for larger library lists. Object: XRTVUSRL - RMTSYSTEM (PGM) IT07616 Long delay on DNS lookup as the DNS server is not responding to a IPv6 request. Solution: Change the getaddrinfo() call to use AI_ADDRCONFIG flag Object: SDIP_TCPIP - SMMAIN (PGM) IT08034 Can not send secure to SI/CDSA 5.2.4.0 getting CSPA203E error. CDSA only supports SSL & TLS can not take TLS1.2 handshake. Solution: Change SPADMIN to allow only one protocol to be entered. Changed to toolkit to only turn on one protocol, not higher. Object: SPADMIN2 - SPADMIN (PGM) CDSSLGSK - SMMAIN (PGM) ======================= D380F1506A ================================ APAR IT09661 Added fix from 3.7: IC94327 A MBCS transfer using codepage(284, 1208) is successful but there is some garbage in the destination file Solution: Clean up the use of some of the internal variables used for iconv() that were causing errors on new i5/OS releases. Object: SMCOPY - SMMAIN (PGM) ======================= D380F1507A ================================ IT08726 z/OS Sending a binary file to i5 IFS will end with error ACOP009I if source file length greater then 32754 Solution: Remove logic on record length change for IFS files. Object: SMFILE - SMMAIN (PGM) ======================= D380F1508A ================================ IT10851 During a Secure+ session a C:D server may create multiple SSL records when encrypting a buffer for transmission. If the remote node cannot handle multiple records, the session fails. Solution: Decrypt the data a second time if only 1 byte was decrypted during the first attempt. Object: CDSSLGSK - SMMAIN (PGM) ======================= D380F1510A ================================ IT11651 CDSMGR hangs - joblog shows The pointer parameter passed to free or realloc is not valid. Solution: Removed logic that was causing the error. Object: SMPROC - SMMAIN (PGM) ======================= D380F1511A ================================ IT12308 >>>> Message "ID" Not found was displaying instead of the proper message text. Solution: Corrected the corrupt message file. Object: NDMMESSAGE - (FILE) ======================= D380F1601A ================================ Internal: Any user can access the SPADMIN (Secure+ Admin Utility) panel. Solution: Corrected the program to only allow those users with administrative authority to access this panel. Object: SPADMIN - (PGM) Internal: C2M3003 - Data was truncated on an input, output or update operation was appear in the joblog for each record read when running SPADMIN. Solution: Corrected the program so the messages no longer appear in the joblog. Object: SPADMIN - (PGM) ======================= D380F1601B ================================ IT13286 Ending a 5250 session abnormally makes the interactive job generate a huge number of spool files while running SPADMIN. Solution: End the program with minimal errors when the 5250 session is ended abnormally. Object: SPADMIN2 - (PGM) ======================= D380F1602A ================================ IT13235 The Translation table cannot tranlate some traditional Chinese characters. Solution: Opened the rules to include hex value x'FB' through x'FE' Object: CRTCDXTC - CRTCDXTC (PGM) ======================= D380F1602B ================================ ENHANCEMENT *PUBLIC authority needs to be set to *EXCLUDE on all objects in the Connect:Direct library. Solution: A new command can be run that will modify the authority on all Connect:Direct objects. The Connect:Direct Administrator will become the owner, *PUBLIC will be set to *EXCLUDE and a specified group profile (ibm i user id of choice) will be granted *USE access. Object: SETCDAUT - (CMD) SETCDAUT SETCDAUTV - (CL) SETCDAUT - (PNLGRP) ======================= D380F1603A ================================ Internal Some defects from 3.7 were never synched into 3.8 IC91866 CDSND fails with RACF error but retries the connection the command should not retry a security failure. Solution: Corrected logic if error was found not to continue. Object: SDIP_TCPIP - SMMAIN (PGM) IC92491 MCH3601 error from module SDIP_TCPIP from procedure tcp_read_header. Solution: Added additional logic checking for readv(). Object: SDIP_TCPIP - SMMAIN (PGM) IC94325 Using I5OS in netmap with CDRCV gives a message 'Error detected in prompt override program command string' Solution: Correct logic checking. Object: GETENVIRN - CDRCV (PGM) ======================= D380F1604A ================================ ENHANCEMENT Full support of Connect Direct in an iASP. Solution: Two new commands have been created to provide full support of Connect Direct in an iASP. UPDCDIASP will update your Connect Direct system when you have manually moved your system to an iASP. SETCDIASP will move your Connect Direct system to an iASP. Review the word documents to determine which command should be run to add full support of an iASP to your Connect Direct system. Object: SETCDIASP UPDCDIASP - (CMD) SETCDIASP STRCD UNINSTALLM UPDATECD UPDCDIASP STRCD - (CL) PMGR - (PGM) SETCDIASP UPDCDIASP - (PNLGRP) ======================= D380F1604B ================================ IT14898 Secure Plus Protocol Flags not behaving as expected. Solution: Made the Secure Plus work more consistently with the new versions of C:D Unix and C:D Windows Object: SDIP_TCPIP - SMMAIN (PGM) CDSSLGSK - SMMAIN (PGM) ======================= D380F1605A ================================ IT15127 Receiving error ASMT015I - Unable to establish the specified security environment when a multi-process is submitted with 2 different user id's. Solution: Ended the RMTSYSTEM job at the end of each process allowing to new process to start with current credentials. Object: SMPROC - SMMAIN (PGM) ======================= D380F1607A ================================ IT16155 When sending a file from the IFS file system and compression was turned on, the file was not being compressed and the resulting file was larger than the original file. Solution: Corrected the compression logic. Object: SMCOPY - SMMAIN (PGM) ======================= D380F1608A ================================ IT16725 During a Secure+ session a C:D server the snode on occasions will hang. This is because of the combination of the buffer size and file size. When there is only 1 byte left to decrypt, the program assumes the beast remediation virus code is in place and attempts to decrypt the remaining data when there is none. This causes the snode to hang. Solution: Verify there is more data to be decrypted before performing the decrypt function again. Object: CDSSLGSK - SMMAIN (PGM)