ECO kit SSH-014_A055

SSH-014_A055 ECO kit rev 1.4 For MultiNet V5.5 Rev A		24-Jul-2017

    Copyright (c) 2010-2016 Process Software LLC

    This ECO kit provides a new version of the following files for
    V5.5 Rev A, V5.4 Rev A, and for MultiNet V5.3, Rev A:

	LDAP-PLUGIN.EXE     LOAD_SSHLEI.EXE     PUBLICKEY-SERVER.EXE
	PUBLICKEY_ASSISTANT.EXE                 SCP-SERVER1.EXE     
	SCP2.EXE            SECURID-PLUGIN.EXE  SFTP-SERVER2.EXE    
	SFTP2.EXE           SSH-ADD2.EXE       	SSH-AGENT2.EXE      
	SSH-CERTTOOL.EXE    SSH-CERTVIEW.EXE    SSH-CMPCLIENT.EXE  
	SSH-KEYGEN.EXE      SSH-KEYGEN2.EXE     SSH-SIGNER2.EXE     
	SSH2.EXE            SSHD.EXE            SSHD2.EXE           
	SSHD_MASTER.EXE     SSHLEI.EXE         	SSH_FSCLM.EXE       
	SSH_ZLIB.EXE        UNLOAD_SSHLEI.EXE   START_SSH.COM
	SSHSHR.EXE	    MULTINET.CLD

    For Multinet V5.3 systems, the following ECOs must be
    applied:

	MASTER_SERVER-080_A053
	FILTER_SERVER-070_A053

    NOTE: A system reboot is required after installing this kit.

    This kit has an ECO ranking of 2.

    The following problems are fixed by this ECO:
     o  Fix problems in SFTP2 when transfering files from VMS to non-VMS when
        a transfer mode was not set.
	SSH-014_A055 ECO Rank 3 20-Jul-2017

     o  Correct a problem with ill-formed audits on logout.
	SSH-014_A055 ECO Rank 3	20-Jul-2017

     o  The format of the /ASCII qualifier on the SCP2 command line has been
	expanded to allow for the specification of separate source and
	destination newline sequences such as /ASCII=(SOURCE=VMS,DEST=UNIX).
	Old syntax (/ASCII=UNIX) is the same as /ASCII=(DEST=UNIX). This
	requires that the new USER.CLD be used to set the commands in the
	command tables. Use the following command line to save these as the
	system command tables:
		$ set command/table=sys$common:[syslib]dcltables.exe -
		  /output=sys$common:[syslib]dcltables.exe multinet:user.cld
		$ install replace sys$library:dcltables
	SSH-013_A055 ECO Rank 3 28-Apr-2017

     o  Changes to SFTP2 and SFTP-SERVER2 to fix problems with CD and files
        named .; in the directory.  SSH-012_A055 ECO Rank 3

     o  Changes to debugging output in SCP2 to make it more like earlier
	patches. SSH-011_A055 ECO rank 3

     o  Map two different status code groups used in SFTP2 into a single one
	to resolve problems with SFTP2 sometime returning unexpected
	completion status when operating in batch mode.
	SSH-010_A055 ECO rank 3

     o  Correct a potential memory leak in SFTP2. SSH-010_A055 ECO Rank 3

     o  Additional checks in SFTP2 to detect a freed data structure and reduce
	the chance of an ACCVIO.  SSH-010_A055 ECO Rank 3

     o  Correct problems with waiting for connection to terminate from
	OpenSSH. SSH-061_A054 ECO Rank 3

     o  Add checking to a connection run-down routine to see if a data
	structure has been freed before using it. This corrects an error that
	could show up as STKOVF or ACCVIO. SSH-060_A054 ECO Rank 3

     o  Increase the number of sessions on ia64 systems to 5000. The system
        may encounter tuning or performance limitations before this number is
        reached. SSH-058_A054 ECO Rank 3

     o  Synchronize status returning with process termination when the logical
	MULTINET_SSH_COMMAND_OLD_STYLE is defined so that the status of the
	executed command is returned. Note that this will make it such that
	the output includes the out of process termination as if "LOGOUT/FULL"
	had been done. Command termination may also be delayed, typically for
	1 second.
	SSH-057_A054 ECO Rank 3

     o  Correct a build problem in SCP2, SFTP2, and SFTP-SERVER2 for AXP
	systems running OpenVMS V7 and V8 that are accessing large files.
	Improve end of transfer detection.
	SSH-057_A054 ECO Rank 3

	Correct a potential looping problem in SSHD2.
	SSH-057_A054 ECO Rank 3

     o  Modify the requirements for a translatable file to include all files
	with variable and veriable-fixed control records, and not restrict it
	to just the files that have carriage-return carriage control as well.
	SSH-056_A054 ECO Rank 3

     o  Define the system wide logical MULTINET_SSH_NO_LEADING_SPACE_NEWLINE
        to prevent an space & newline from being written out before the users
        command on remote command execution.
	SSH-055_A054 ECO Rank 3

     o  Correct a communication problem between SSH2 and SCP2/SFTP2.
	SSH-054_A054 ECO Rank 3

     o  Return correct success/fail status for SCP commands initiated from
	systems using OpenSSH and other implementations that do RCP over
	SSH for an SCP command.
	SSH-054_A054 ECO Rank 3

     o  Correct a problem with client (SCP/SFTP) processes hanging.
	SSH-053_A054 ECO Rank 3

     o  Correct a problem with processes hanging in RWMBX state.
	SSH-052_A054 ECO Rank 3

     o  Improve detection of data in mailbox.
	SSH-051_A054 ECO Rank 3

     o  Correct a coding error in SSH-049_A054.
	SSH-050_A054 ECO Rank 3

     o  Correct a problem when attempting to write to a mailbox that is full.
	SSH-049_A054 ECO Rank 3

     o  Improve reporting of EOF when translating VMS text files to stream-lf.
	SSH-048_A054 ECO Rank 3

     o  Don't return EOF for attempts to read zero bytes by SFTP-SERVER2.
        SSH-047_A054 ECO Rank 3

     o  Modify SCP2 and SFTP2 so that they do not post read requests that
	start after the end of file.
	SSH-046_A054 ECO Rank 3

     o  Correct a problem in SFTP2 where the path string is duplicated.
        SSH-046_A054 ECO Rank 3

     o  Increase SFTP-SERVER2 polling frequency for the parent so that it
	recognizes loss sooner and reduces the amount of time it can consume
	system resources.
	SSH-045_A054 ECO Rank 3

     o  Improve communication of shutdown request from SSHD2 to SFTP-SERVER2.
	SSH-045_a054 ECO Rank 3

     o  Correct a problem on Alpha/AXP systems with transferring files larger
        than 2GB. There are no changes for VAX or ia64 systems.
	SSH-044_A054 ECO rank 3

     o  Correct a potential deadlock condition between SSHD and subsystems.
        SSH-042_A054 ECO rank 2

    ----------------------------------------------------------------------
    This kit also includes the following changes from previous ECO kits:

     o  Correct a data corruption issue in VMS transfers introduced in
        SSH-032_A054. [SSH-033_A054]

     o  Performance improvments for MULTINET_SSH_ACCESS_AUTHORIZATION
        processing.  [SSH-033_A054]

     o  Provide the logical MULTINET_SFTP_OPEN_AS_BINARY, which can be
	defined to Yes, True or 1 to cause the SFTP server to open files in
	binary mode instead of Stream-LF. [SSH-032_A054]

     o	Correct an ACCVIO in SCP2 and SFTP2 that can be experienced when
	copying very small files to a VMS system. [SSH-031_A054, DE 11324]

     o	Provide more flexibility in how user access authorization is done
	for the various access modes. [SSH-031_A054, DE 11272]

	When the logical MULTINET_SSH_ACCESS_AUTHORIZATION is defined
	/system user authentication checking will take place separately
	from action authorization checking. The value of the logical will
	be used to determine whether or not the desire action is allowed at
	this time. The value of the logical should be a string of the format:

        SHELL=,EXEC=,SUBSYSTEM=

	where  is one of NETWORK, LOCAL, REMOTE. If one of SHELL,
	EXEC, or SUBSYSTEM is omitted, then that type of access will not be
	allowed at all.

     o  Correct a possible crash.
	[DE 11254]

     o  Correct an error in displaying the VMS format of the path in SFTP2.
	Note that this change requires both the client and the server to be
	running this patch for the correction to work. If the server is
	running an older patch a fallback method is used to format the path to
	VMS and it may result in errors.

     o  Correct an error when attempting to do a MKDIR or RMDIR in VMS mode.
	[DE 11249]

     o  Change a lock to be node specific as the resource that it is
        controlling is node specific. This will reduce the effect on one node
        in a cluster being busy from causing problems on connection startup on
        other members of the cluster. Also modify the process startup look to
        recognize when it hasn't found an open slot in the active process
        database and return an error instead of endlessly looping.
        [DE 11250]

     o  Make public key authentication work regardless of the case that
        the username is passed in.
	[DE 11252]

     o  Correct a problem with the possibility of a command issued from a Linux
	system causing a hang.
	[DE 11256]



-----------------------------------------------------------------------------

                        Post-Installation Instructions

    A system reboot is required after applying this ECO.


MultiNet ECO, Process Software