Readme File for IBM® Platform Symphony 7.1 Fix Pack 1
Interim Fix 468017
Readme file for: IBM Platform Symphony
Product/Component Release: 7.1 Fix Pack 1
Update
Name: Interim Fix 468017
Fix
ID:
sym-7.1-build468017
Publication
date:
September 8, 2017
This readme file provides guidance on upgrading
Apache Struts to version 2.3.34 in IBM Platform Symphony 7.1 Fix Pack 1 in order to fix the S2-052 vulnerability.
Contents
1. List of Fixes
2. Download location
3. Products or components
affected
4. Installation and
configuration
5. Uninstallation
6. Copyright and trademark
information
1.
List of Fixes
APAR: P102370
2. Download location
Download interim fix 468017 from
the following location: https://www.ibm.com/eserver/support/fixes/
3. Products or components
affected
Component name, Platform, Fix
ID:
PMC, linux2.6-glibc2.3-x86_64, sym-7.1-build468017
4.
Installation and configuration
Follow these
steps to upgrade Struts in a cluster with Platform Symphony 7.1 Fix Pack 1
installed:
Before installation
a.
Log
on to each management host in the cluster and download the
struts-2.3.34-lib.zip package from the following location:
http://archive.apache.org/dist/struts/2.3.34/struts-2.3.34-lib.zip.
b.
Stop
the Platform Management Console service (WEBGUI):
> egosh
user logon -u Admin -x Admin
> egosh
service stop WEBGUI
c.
For
recovery purposes, move the files corresponding to your host operating system
to a backup directory.
> mkdir -p /tmp/guibackup/symgui
> mkdir -p /tmp/guibackup/perfgui
> mv $EGO_TOP/gui/3.1/lib/commons-fileupload-1.3.1.jar
/tmp/guibackup/
> mv
$EGO_TOP/gui/soam/7.1/symgui/WEB-INF/lib/commons-fileupload-1.3.1.jar /tmp/guibackup/symgui/
> mv $EGO_TOP/gui/3.1/lib/commons-io-1.2.jar
/tmp/guibackup/
> mv
$EGO_TOP/gui/soam/7.1/symgui/WEB-INF/lib/org.apache.commons-io-1.4.jar /tmp/guibackup/symgui/
> mv $EGO_TOP/gui/soam/7.1/symgui/WEB-INF/lib/commons-lang3-3.1.jar
/tmp/guibackup/symgui/
> mv $EGO_TOP/gui/perf/3.1/perfgui/WEB-INF/lib/freemarker-2.3.18.jar /tmp/guibackup/perfgui/
> mv $EGO_TOP/gui/soam/7.1/symgui/WEB-INF/lib/freemarker-2.3.18.jar
/tmp/guibackup/symgui/
> mv $EGO_TOP/gui/soam/7.1/symgui/WEB-INF/lib/javassist-3.9.0.GA.jar
/tmp/guibackup/symgui/
> mv $EGO_TOP/gui/perf/3.1/perfgui/WEB-INF/lib/ognl-3.0.6.jar /tmp/guibackup/perfgui/
> mv $EGO_TOP/gui/soam/7.1/symgui/WEB-INF/lib/ognl-3.0.6.jar
/tmp/guibackup/symgui/
> mv
$EGO_TOP/gui/perf/3.1/perfgui/WEB-INF/lib/struts2-core-2.3.16.3.jar /tmp/guibackup/perfgui/
> mv
$EGO_TOP/gui/soam/7.1/symgui/WEB-INF/lib/struts2-core-2.3.16.3.jar /tmp/guibackup/symgui/
> mv
$EGO_TOP/gui/soam/7.1/symgui/WEB-INF/lib/struts2-json-plugin-2.3.16.3.jar /tmp/guibackup/symgui/
> mv
$EGO_TOP/gui/soam/7.1/symgui/WEB-INF/lib/struts2-spring-plugin-2.3.16.3.jar /tmp/guibackup/symgui/
> mv $EGO_TOP/gui/soam/7.1/symgui/WEB-INF/lib/velocity-1.5.jar
/tmp/guibackup/symgui/
> mv $EGO_TOP/gui/soam/7.1/symgui/WEB-INF/lib/xstream-1.4.2.jar /tmp/guibackup/symgui/
> mv
$EGO_TOP/gui/perf/3.1/perfgui/WEB-INF/lib/xwork-core-2.3.16.3.jar /tmp/guibackup/perfgui/
> mv $EGO_TOP/gui/soam/7.1/symgui/WEB-INF/lib/xwork-core-2.3.16.3.jar
/tmp/guibackup/symgui/
Note: Move all old
files to other directory to avoid compatibility issue.
Installation
On each management host, unzip the struts-2.3.34-lib.zip package and copy
the following files to
your cluster directory.
> unzip
-u struts-2.3.34-lib.zip
> cd struts-2.3.34/lib/
> cp -rf commons-fileupload-1.3.2.jar $EGO_TOP/gui/3.1/lib/
> cp -rf commons-fileupload-1.3.2.jar $EGO_TOP/gui/soam/7.1/symgui/WEB-INF/lib/
> cp -rf commons-io-2.2.jar $EGO_TOP/gui/3.1/lib/
> cp -rf commons-io-2.2.jar $EGO_TOP/gui/soam/7.1/symgui/WEB-INF/lib/
> cp -rf commons-lang3-3.2.jar $EGO_TOP/gui/3.1/lib/
> cp -rf commons-lang3-3.2.jar $EGO_TOP/gui/soam/7.1/symgui/WEB-INF/lib/
> cp -rf freemarker-2.3.22.jar $EGO_TOP/gui/perf/3.1/perfgui/WEB-INF/lib/
> cp -rf freemarker-2.3.22.jar $EGO_TOP/gui/soam/7.1/symgui/WEB-INF/lib/
> cp -rf javassist-3.11.0.GA.jar $EGO_TOP/gui/soam/7.1/symgui/WEB-INF/lib/
> cp -rf ognl-3.0.21.jar $EGO_TOP/gui/perf/3.1/perfgui/WEB-INF/lib/
> cp -rf ognl-3.0.21.jar $EGO_TOP/gui/soam/7.1/symgui/WEB-INF/lib/
> cp -rf struts2-core-2.3.34.jar $EGO_TOP/gui/perf/3.1/perfgui/WEB-INF/lib/
> cp -rf struts2-core-2.3.34.jar $EGO_TOP/gui/soam/7.1/symgui/WEB-INF/lib/
> cp -rf struts2-json-plugin-2.3.34.jar $EGO_TOP/gui/soam/7.1/symgui/WEB-INF/lib/
> cp -rf struts2-spring-plugin-2.3.34.jar $EGO_TOP/gui/soam/7.1/symgui/WEB-INF/lib/
> cp -rf velocity-1.6.4.jar $EGO_TOP/gui/soam/7.1/symgui/WEB-INF/lib/
> cp -rf xstream-1.4.10.jar $EGO_TOP/gui/soam/7.1/symgui/WEB-INF/lib/
> cp -rf xwork-core-2.3.34.jar $EGO_TOP/gui/perf/3.1/perfgui/WEB-INF/lib/
> cp -rf xwork-core-2.3.34.jar $EGO_TOP/gui/soam/7.1/symgui/WEB-INF/lib/
a. On
each management host, delete all subdirectories and files in the GUI work
directory:
> rm -rf $EGO_TOP/gui/work/*
b. Launch
your browser and clear the browser cache.
c. Log on to the master host as the cluster
administrator and start the WEBGUI service:
> egosh user logon -u
Admin -x Admin
> egosh service start WEBGUI
5.
Uninstallation
If required,
follow these steps to uninstall the Struts upgrade in a cluster with Platform
Symphony 7.1 Fix Pack 1 installed:
a.
Log on to the master host as the cluster
administrator and stop the WEBGUI service:
> egosh user logon -u Admin -x Admin
b.
Delete
the following files that were introduced by this interim fix:
> rm
-fr
$EGO_TOP/gui/soam/7.1/symgui/WEB-INF/lib/struts2-spring-plugin-2.3.34.jar
> rm
-fr $EGO_TOP/gui/soam/7.1/symgui/WEB-INF/lib/struts2-core-2.3.34.jar
> rm
-fr $EGO_TOP/gui/soam/7.1/symgui/WEB-INF/lib/struts2-json-plugin-2.3.34.jar
> rm
-fr $EGO_TOP/gui/soam/7.1/symgui/WEB-INF/lib/javassist-3.11.0.GA.jar
> rm
-fr $EGO_TOP/gui/soam/7.1/symgui/WEB-INF/lib/freemarker-2.3.22.jar
> rm
-fr $EGO_TOP/gui/soam/7.1/symgui/WEB-INF/lib/ognl-3.0.21.jar
> rm
-fr $EGO_TOP/gui/soam/7.1/symgui/WEB-INF/lib/xwork-core-2.3.34.jar
> rm
-fr $EGO_TOP/gui/soam/7.1/symgui/WEB-INF/lib/xstream-1.4.10.jar
> rm
-fr $EGO_TOP/gui/soam/7.1/symgui/WEB-INF/lib/velocity-1.6.4.jar
> rm
-fr
$EGO_TOP/gui/soam/7.1/symgui/WEB-INF/lib/commons-fileupload-1.3.2.jar
> rm
-fr $EGO_TOP/gui/soam/7.1/symgui/WEB-INF/lib/commons-lang3-3.2.jar
> rm
-fr $EGO_TOP/gui/soam/7.1/symgui/WEB-INF/lib/commons-io-2.2.jar
> rm
-fr $EGO_TOP/gui/3.1/lib/commons-fileupload-1.3.2.jar
> rm
-fr $EGO_TOP/gui/3.1/lib/commons-io-2.2.jar
> rm
-fr $EGO_TOP/gui/3.1/lib/commons-lang3-3.2.jar
> rm
-fr
$EGO_TOP/gui/perf/3.1/perfgui/WEB-INF/lib/struts2-core-2.3.34.jar
> rm
-fr $EGO_TOP/gui/perf/3.1/perfgui/WEB-INF/lib/xwork-core-2.3.34.jar
> rm
-fr $EGO_TOP/gui/perf/3.1/perfgui/WEB-INF/lib/freemarker-2.3.22.jar
> rm
-fr $EGO_TOP/gui/perf/3.1/perfgui/WEB-INF/lib/ognl-3.0.21.jar
c.
On
each management host, restore the following files from your backup:
> mv /tmp/guibackup/*.jar $EGO_TOP/gui/3.1/lib/
> mv /tmp/guibackup/perfgui/*.jar $EGO_TOP/gui/perf/3.1/perfgui/WEB-INF/lib/
> mv /tmp/guibackup/symgui/*.jar $EGO_TOP/gui/soam/7.1/symgui/WEB-INF/lib/
d.
On
each management host, delete all subdirectories and files in the GUI work
directory:
> rm -rf
$EGO_TOP/gui/work/*
e.
Launch
your browser and clear the browser cache.
f.
Log on to
the master host as the cluster administrator and start the WEBGUI service:
> egosh
user logon -u Admin -x Admin
> egosh service start WEBGUI
6.
Copyright and trademark information
© Copyright IBM
Corporation 2017
U.S. Government Users Restricted Rights - Use, duplication
or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
IBM®, the IBM logo and ibm.com® are trademarks
of International Business Machines Corp., registered in many jurisdictions
worldwide. Other product and service names might be trademarks of IBM or other
companies. A current list of IBM trademarks is available on the Web at
"Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.