ECO kit SSH-014_A055
SSH-014_A055 ECO kit rev 1.4 For MultiNet V5.5 Rev A 24-Jul-2017
Copyright (c) 2010-2016 Process Software LLC
This ECO kit provides a new version of the following files for
V5.5 Rev A, V5.4 Rev A, and for MultiNet V5.3, Rev A:
LDAP-PLUGIN.EXE LOAD_SSHLEI.EXE PUBLICKEY-SERVER.EXE
PUBLICKEY_ASSISTANT.EXE SCP-SERVER1.EXE
SCP2.EXE SECURID-PLUGIN.EXE SFTP-SERVER2.EXE
SFTP2.EXE SSH-ADD2.EXE SSH-AGENT2.EXE
SSH-CERTTOOL.EXE SSH-CERTVIEW.EXE SSH-CMPCLIENT.EXE
SSH-KEYGEN.EXE SSH-KEYGEN2.EXE SSH-SIGNER2.EXE
SSH2.EXE SSHD.EXE SSHD2.EXE
SSHD_MASTER.EXE SSHLEI.EXE SSH_FSCLM.EXE
SSH_ZLIB.EXE UNLOAD_SSHLEI.EXE START_SSH.COM
SSHSHR.EXE MULTINET.CLD
For Multinet V5.3 systems, the following ECOs must be
applied:
MASTER_SERVER-080_A053
FILTER_SERVER-070_A053
NOTE: A system reboot is required after installing this kit.
This kit has an ECO ranking of 2.
The following problems are fixed by this ECO:
o Fix problems in SFTP2 when transfering files from VMS to non-VMS when
a transfer mode was not set.
SSH-014_A055 ECO Rank 3 20-Jul-2017
o Correct a problem with ill-formed audits on logout.
SSH-014_A055 ECO Rank 3 20-Jul-2017
o The format of the /ASCII qualifier on the SCP2 command line has been
expanded to allow for the specification of separate source and
destination newline sequences such as /ASCII=(SOURCE=VMS,DEST=UNIX).
Old syntax (/ASCII=UNIX) is the same as /ASCII=(DEST=UNIX). This
requires that the new USER.CLD be used to set the commands in the
command tables. Use the following command line to save these as the
system command tables:
$ set command/table=sys$common:[syslib]dcltables.exe -
/output=sys$common:[syslib]dcltables.exe multinet:user.cld
$ install replace sys$library:dcltables
SSH-013_A055 ECO Rank 3 28-Apr-2017
o Changes to SFTP2 and SFTP-SERVER2 to fix problems with CD and files
named .; in the directory. SSH-012_A055 ECO Rank 3
o Changes to debugging output in SCP2 to make it more like earlier
patches. SSH-011_A055 ECO rank 3
o Map two different status code groups used in SFTP2 into a single one
to resolve problems with SFTP2 sometime returning unexpected
completion status when operating in batch mode.
SSH-010_A055 ECO rank 3
o Correct a potential memory leak in SFTP2. SSH-010_A055 ECO Rank 3
o Additional checks in SFTP2 to detect a freed data structure and reduce
the chance of an ACCVIO. SSH-010_A055 ECO Rank 3
o Correct problems with waiting for connection to terminate from
OpenSSH. SSH-061_A054 ECO Rank 3
o Add checking to a connection run-down routine to see if a data
structure has been freed before using it. This corrects an error that
could show up as STKOVF or ACCVIO. SSH-060_A054 ECO Rank 3
o Increase the number of sessions on ia64 systems to 5000. The system
may encounter tuning or performance limitations before this number is
reached. SSH-058_A054 ECO Rank 3
o Synchronize status returning with process termination when the logical
MULTINET_SSH_COMMAND_OLD_STYLE is defined so that the status of the
executed command is returned. Note that this will make it such that
the output includes the out of process termination as if "LOGOUT/FULL"
had been done. Command termination may also be delayed, typically for
1 second.
SSH-057_A054 ECO Rank 3
o Correct a build problem in SCP2, SFTP2, and SFTP-SERVER2 for AXP
systems running OpenVMS V7 and V8 that are accessing large files.
Improve end of transfer detection.
SSH-057_A054 ECO Rank 3
Correct a potential looping problem in SSHD2.
SSH-057_A054 ECO Rank 3
o Modify the requirements for a translatable file to include all files
with variable and veriable-fixed control records, and not restrict it
to just the files that have carriage-return carriage control as well.
SSH-056_A054 ECO Rank 3
o Define the system wide logical MULTINET_SSH_NO_LEADING_SPACE_NEWLINE
to prevent an space & newline from being written out before the users
command on remote command execution.
SSH-055_A054 ECO Rank 3
o Correct a communication problem between SSH2 and SCP2/SFTP2.
SSH-054_A054 ECO Rank 3
o Return correct success/fail status for SCP commands initiated from
systems using OpenSSH and other implementations that do RCP over
SSH for an SCP command.
SSH-054_A054 ECO Rank 3
o Correct a problem with client (SCP/SFTP) processes hanging.
SSH-053_A054 ECO Rank 3
o Correct a problem with processes hanging in RWMBX state.
SSH-052_A054 ECO Rank 3
o Improve detection of data in mailbox.
SSH-051_A054 ECO Rank 3
o Correct a coding error in SSH-049_A054.
SSH-050_A054 ECO Rank 3
o Correct a problem when attempting to write to a mailbox that is full.
SSH-049_A054 ECO Rank 3
o Improve reporting of EOF when translating VMS text files to stream-lf.
SSH-048_A054 ECO Rank 3
o Don't return EOF for attempts to read zero bytes by SFTP-SERVER2.
SSH-047_A054 ECO Rank 3
o Modify SCP2 and SFTP2 so that they do not post read requests that
start after the end of file.
SSH-046_A054 ECO Rank 3
o Correct a problem in SFTP2 where the path string is duplicated.
SSH-046_A054 ECO Rank 3
o Increase SFTP-SERVER2 polling frequency for the parent so that it
recognizes loss sooner and reduces the amount of time it can consume
system resources.
SSH-045_A054 ECO Rank 3
o Improve communication of shutdown request from SSHD2 to SFTP-SERVER2.
SSH-045_a054 ECO Rank 3
o Correct a problem on Alpha/AXP systems with transferring files larger
than 2GB. There are no changes for VAX or ia64 systems.
SSH-044_A054 ECO rank 3
o Correct a potential deadlock condition between SSHD and subsystems.
SSH-042_A054 ECO rank 2
----------------------------------------------------------------------
This kit also includes the following changes from previous ECO kits:
o Correct a data corruption issue in VMS transfers introduced in
SSH-032_A054. [SSH-033_A054]
o Performance improvments for MULTINET_SSH_ACCESS_AUTHORIZATION
processing. [SSH-033_A054]
o Provide the logical MULTINET_SFTP_OPEN_AS_BINARY, which can be
defined to Yes, True or 1 to cause the SFTP server to open files in
binary mode instead of Stream-LF. [SSH-032_A054]
o Correct an ACCVIO in SCP2 and SFTP2 that can be experienced when
copying very small files to a VMS system. [SSH-031_A054, DE 11324]
o Provide more flexibility in how user access authorization is done
for the various access modes. [SSH-031_A054, DE 11272]
When the logical MULTINET_SSH_ACCESS_AUTHORIZATION is defined
/system user authentication checking will take place separately
from action authorization checking. The value of the logical will
be used to determine whether or not the desire action is allowed at
this time. The value of the logical should be a string of the format:
SHELL=,EXEC=,SUBSYSTEM=
where is one of NETWORK, LOCAL, REMOTE. If one of SHELL,
EXEC, or SUBSYSTEM is omitted, then that type of access will not be
allowed at all.
o Correct a possible crash.
[DE 11254]
o Correct an error in displaying the VMS format of the path in SFTP2.
Note that this change requires both the client and the server to be
running this patch for the correction to work. If the server is
running an older patch a fallback method is used to format the path to
VMS and it may result in errors.
o Correct an error when attempting to do a MKDIR or RMDIR in VMS mode.
[DE 11249]
o Change a lock to be node specific as the resource that it is
controlling is node specific. This will reduce the effect on one node
in a cluster being busy from causing problems on connection startup on
other members of the cluster. Also modify the process startup look to
recognize when it hasn't found an open slot in the active process
database and return an error instead of endlessly looping.
[DE 11250]
o Make public key authentication work regardless of the case that
the username is passed in.
[DE 11252]
o Correct a problem with the possibility of a command issued from a Linux
system causing a hang.
[DE 11256]
-----------------------------------------------------------------------------
Post-Installation Instructions
A system reboot is required after applying this ECO.