Readme File for IBM® Platform Symphony 7.1 Fix Pack 1 Interim Fix 468017

Readme file for: IBM Platform Symphony

Product/Component Release: 7.1 Fix Pack 1

Update Name: Interim Fix 468017

Fix ID: sym-7.1-build468017

Publication date: September 8, 2017

This readme file provides guidance on upgrading Apache Struts to version 2.3.34 in IBM Platform Symphony 7.1 Fix Pack 1 in order to fix the S2-052 vulnerability.

Contents

1.   List of Fixes

2.  Download location

3.   Products or components affected

4.   Installation and configuration

5.  Uninstallation

6.   Copyright and trademark information

1.    List of Fixes

APAR: P102370

2.    Download location

Download interim fix 468017 from the following location: https://www.ibm.com/eserver/support/fixes/

3.    Products or components affected

Component name, Platform, Fix ID:

PMC, linux2.6-glibc2.3-x86_64, sym-7.1-build468017

4.    Installation and configuration

Follow these steps to upgrade Struts in a cluster with Platform Symphony 7.1 Fix Pack 1 installed:

Before installation

a.      Log on to each management host in the cluster and download the struts-2.3.34-lib.zip package from the following location:

http://archive.apache.org/dist/struts/2.3.34/struts-2.3.34-lib.zip.

b.      Stop the Platform Management Console service (WEBGUI):

> egosh user logon -u Admin -x Admin  

> egosh service stop WEBGUI

c.      For recovery purposes, move the files corresponding to your host operating system to a backup directory.

> mkdir -p /tmp/guibackup/symgui

> mkdir -p /tmp/guibackup/perfgui

> mv $EGO_TOP/gui/3.1/lib/commons-fileupload-1.3.1.jar /tmp/guibackup/

> mv $EGO_TOP/gui/soam/7.1/symgui/WEB-INF/lib/commons-fileupload-1.3.1.jar /tmp/guibackup/symgui/

> mv $EGO_TOP/gui/3.1/lib/commons-io-1.2.jar /tmp/guibackup/

> mv $EGO_TOP/gui/soam/7.1/symgui/WEB-INF/lib/org.apache.commons-io-1.4.jar /tmp/guibackup/symgui/

> mv $EGO_TOP/gui/soam/7.1/symgui/WEB-INF/lib/commons-lang3-3.1.jar /tmp/guibackup/symgui/

> mv $EGO_TOP/gui/perf/3.1/perfgui/WEB-INF/lib/freemarker-2.3.18.jar /tmp/guibackup/perfgui/

> mv $EGO_TOP/gui/soam/7.1/symgui/WEB-INF/lib/freemarker-2.3.18.jar /tmp/guibackup/symgui/

> mv $EGO_TOP/gui/soam/7.1/symgui/WEB-INF/lib/javassist-3.9.0.GA.jar /tmp/guibackup/symgui/

> mv $EGO_TOP/gui/perf/3.1/perfgui/WEB-INF/lib/ognl-3.0.6.jar /tmp/guibackup/perfgui/

> mv $EGO_TOP/gui/soam/7.1/symgui/WEB-INF/lib/ognl-3.0.6.jar /tmp/guibackup/symgui/

> mv $EGO_TOP/gui/perf/3.1/perfgui/WEB-INF/lib/struts2-core-2.3.16.3.jar /tmp/guibackup/perfgui/

> mv $EGO_TOP/gui/soam/7.1/symgui/WEB-INF/lib/struts2-core-2.3.16.3.jar /tmp/guibackup/symgui/

> mv $EGO_TOP/gui/soam/7.1/symgui/WEB-INF/lib/struts2-json-plugin-2.3.16.3.jar /tmp/guibackup/symgui/

> mv $EGO_TOP/gui/soam/7.1/symgui/WEB-INF/lib/struts2-spring-plugin-2.3.16.3.jar /tmp/guibackup/symgui/

> mv $EGO_TOP/gui/soam/7.1/symgui/WEB-INF/lib/velocity-1.5.jar /tmp/guibackup/symgui/

> mv $EGO_TOP/gui/soam/7.1/symgui/WEB-INF/lib/xstream-1.4.2.jar /tmp/guibackup/symgui/

> mv $EGO_TOP/gui/perf/3.1/perfgui/WEB-INF/lib/xwork-core-2.3.16.3.jar /tmp/guibackup/perfgui/

> mv $EGO_TOP/gui/soam/7.1/symgui/WEB-INF/lib/xwork-core-2.3.16.3.jar /tmp/guibackup/symgui/

Note: Move all old files to other directory to avoid compatibility issue.

Installation

On each management host, unzip the struts-2.3.34-lib.zip package and copy the following files to your cluster directory.

> unzip -u struts-2.3.34-lib.zip

> cd struts-2.3.34/lib/

> cp -rf commons-fileupload-1.3.2.jar $EGO_TOP/gui/3.1/lib/

> cp -rf commons-fileupload-1.3.2.jar $EGO_TOP/gui/soam/7.1/symgui/WEB-INF/lib/

> cp -rf commons-io-2.2.jar $EGO_TOP/gui/3.1/lib/

> cp -rf commons-io-2.2.jar $EGO_TOP/gui/soam/7.1/symgui/WEB-INF/lib/

> cp -rf commons-lang3-3.2.jar $EGO_TOP/gui/3.1/lib/

> cp -rf commons-lang3-3.2.jar $EGO_TOP/gui/soam/7.1/symgui/WEB-INF/lib/

> cp -rf freemarker-2.3.22.jar $EGO_TOP/gui/perf/3.1/perfgui/WEB-INF/lib/

> cp -rf freemarker-2.3.22.jar $EGO_TOP/gui/soam/7.1/symgui/WEB-INF/lib/

> cp -rf javassist-3.11.0.GA.jar $EGO_TOP/gui/soam/7.1/symgui/WEB-INF/lib/

> cp -rf ognl-3.0.21.jar $EGO_TOP/gui/perf/3.1/perfgui/WEB-INF/lib/

> cp -rf ognl-3.0.21.jar $EGO_TOP/gui/soam/7.1/symgui/WEB-INF/lib/

> cp -rf struts2-core-2.3.34.jar $EGO_TOP/gui/perf/3.1/perfgui/WEB-INF/lib/

> cp -rf struts2-core-2.3.34.jar $EGO_TOP/gui/soam/7.1/symgui/WEB-INF/lib/

> cp -rf struts2-json-plugin-2.3.34.jar $EGO_TOP/gui/soam/7.1/symgui/WEB-INF/lib/

> cp -rf struts2-spring-plugin-2.3.34.jar $EGO_TOP/gui/soam/7.1/symgui/WEB-INF/lib/

> cp -rf velocity-1.6.4.jar $EGO_TOP/gui/soam/7.1/symgui/WEB-INF/lib/

> cp -rf xstream-1.4.10.jar $EGO_TOP/gui/soam/7.1/symgui/WEB-INF/lib/

> cp -rf xwork-core-2.3.34.jar $EGO_TOP/gui/perf/3.1/perfgui/WEB-INF/lib/

> cp -rf xwork-core-2.3.34.jar $EGO_TOP/gui/soam/7.1/symgui/WEB-INF/lib/

After installation

a.      On each management host, delete all subdirectories and files in the GUI work directory:

> rm -rf $EGO_TOP/gui/work/*

b.      Launch your browser and clear the browser cache.

c.      Log on to the master host as the cluster administrator and start the WEBGUI service:

> egosh user logon -u Admin -x Admin

> egosh service start WEBGUI

5.    Uninstallation

If required, follow these steps to uninstall the Struts upgrade in a cluster with Platform Symphony 7.1 Fix Pack 1 installed:

a.      Log on to the master host as the cluster administrator and stop the WEBGUI service:

> egosh user logon -u Admin -x Admin

> egosh service stop WEBGUI

b.      Delete the following files that were introduced by this interim fix:

> rm -fr $EGO_TOP/gui/soam/7.1/symgui/WEB-INF/lib/struts2-spring-plugin-2.3.34.jar

> rm -fr $EGO_TOP/gui/soam/7.1/symgui/WEB-INF/lib/struts2-core-2.3.34.jar

> rm -fr $EGO_TOP/gui/soam/7.1/symgui/WEB-INF/lib/struts2-json-plugin-2.3.34.jar

> rm -fr $EGO_TOP/gui/soam/7.1/symgui/WEB-INF/lib/javassist-3.11.0.GA.jar

> rm -fr $EGO_TOP/gui/soam/7.1/symgui/WEB-INF/lib/freemarker-2.3.22.jar

> rm -fr $EGO_TOP/gui/soam/7.1/symgui/WEB-INF/lib/ognl-3.0.21.jar

> rm -fr $EGO_TOP/gui/soam/7.1/symgui/WEB-INF/lib/xwork-core-2.3.34.jar

> rm -fr $EGO_TOP/gui/soam/7.1/symgui/WEB-INF/lib/xstream-1.4.10.jar

> rm -fr $EGO_TOP/gui/soam/7.1/symgui/WEB-INF/lib/velocity-1.6.4.jar

> rm -fr $EGO_TOP/gui/soam/7.1/symgui/WEB-INF/lib/commons-fileupload-1.3.2.jar

> rm -fr $EGO_TOP/gui/soam/7.1/symgui/WEB-INF/lib/commons-lang3-3.2.jar

> rm -fr $EGO_TOP/gui/soam/7.1/symgui/WEB-INF/lib/commons-io-2.2.jar

> rm -fr $EGO_TOP/gui/3.1/lib/commons-fileupload-1.3.2.jar

> rm -fr $EGO_TOP/gui/3.1/lib/commons-io-2.2.jar

> rm -fr $EGO_TOP/gui/3.1/lib/commons-lang3-3.2.jar 

> rm -fr $EGO_TOP/gui/perf/3.1/perfgui/WEB-INF/lib/struts2-core-2.3.34.jar

> rm -fr $EGO_TOP/gui/perf/3.1/perfgui/WEB-INF/lib/xwork-core-2.3.34.jar

> rm -fr $EGO_TOP/gui/perf/3.1/perfgui/WEB-INF/lib/freemarker-2.3.22.jar

> rm -fr $EGO_TOP/gui/perf/3.1/perfgui/WEB-INF/lib/ognl-3.0.21.jar

c.      On each management host, restore the following files from your backup:

> mv /tmp/guibackup/*.jar $EGO_TOP/gui/3.1/lib/

> mv /tmp/guibackup/perfgui/*.jar $EGO_TOP/gui/perf/3.1/perfgui/WEB-INF/lib/

> mv /tmp/guibackup/symgui/*.jar $EGO_TOP/gui/soam/7.1/symgui/WEB-INF/lib/

d.      On each management host, delete all subdirectories and files in the GUI work directory:

> rm -rf $EGO_TOP/gui/work/*

e.      Launch your browser and clear the browser cache.

f.       Log on to the master host as the cluster administrator and start the WEBGUI service:

> egosh user logon -u Admin -x Admin

> egosh service start WEBGUI

6.    Copyright and trademark information

© Copyright IBM Corporation 2017

U.S. Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.

IBM®, the IBM logo and ibm.com® are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.