Kit Name: DEC-AXPVMS-VMS732_MUP-V0100--4.PCSI Kit Applies To: OpenVMS ALPHA V7.3-2 Approximate Kit Size: 720 blocks Installation Rating: INSTALL_1 Reboot Required: No Superseded Kits: None Mandatory Kit Dependencies: VMS732_UPDATE-V0400 VMS732_PCSI-V0100 Optional Kit Dependencies: None VMS732_MUP-V0100.PCSI-DCX_AXPEXE Checksum: 1143004061 DEC-AXPVMS-VMS732_MUP-V0100--4.PCSI Checksum: 3728656657 ======================================================================= Hewlett-Packard OpenVMS ECO Cover Letter ======================================================================= 1 KIT NAME: VMS732_MUP-V0100 2 KIT DESCRIPTION: 2.1 Installation Rating: INSTALL_1 : To be installed by all customers. This installation rating, based upon current CLD information, is provided to serve as a guide to which customers should apply this remedial kit. (Reference attached Disclaimer of Warranty and Limitation of Liability Statement) 2.2 Reboot Requirement: No reboot is necessary after installation of this kit. 2.3 Version(s) of OpenVMS to which this kit may be applied: OpenVMS ALPHA V7.3-2 2.4 New functionality or new hardware support provided: No 3 KITS SUPERSEDED BY THIS KIT: - None 4 KIT DEPENDENCIES: 4.1 The following remedial kit(s), or later, must be installed BEFORE installation of this, or any required kit: - VMS732_PCSI-V0100 - VMS732_UPDATE-V0400 Page 2 4.2 In order to receive all the corrections listed in this kit, the following remedial kits, or later, should also be installed: - None 5 NEW FUNCTIONALITY AND/OR PROBLEMS ADDRESSED IN THE VMS732_MUP-V0100 KIT 5.1 New functionality addressed in this kit Not Applicable 5.2 Problems addressed in this kit 5.2.1 Potential Security Vulnerability 5.2.1.1 Problem Description: HP has determined that systems running OpenVMS on Alpha servers and Integrity servers have a potential security vulnerability. This vulnerability could be exploited, allowing non-privileged users or remote users to cause a system crash. To protect against this potential security risk, HP is making a mandatory update patch available for OpenVMS customers. This patch is provided by installing this VMS732_MUP-V0100 kit. Images Affected: - [SYSEXE]SET.EXE 5.2.1.2 CLDs, and QARs reporting this problem: 5.2.1.2.1 CLD(s) None. 5.2.1.2.2 QAR(s) None. 5.2.1.3 Problem Analysis: See problem description. Page 3 5.2.1.4 Release Version of OpenVMS that will contain this change: Next release of OpenVMS Alpha after V8.2 5.2.1.5 Work-arounds: None. 5.2.2 Requested Date Value Not Set By VOLUME/VOLUME=ACCESS_DATES 5.2.2.1 Problem Description: If a user specifies a date on the SET VOLUME/VOLUME=ACCESS_DATES command, the date value that is set is 0, not the requested value. Images Affected: - [SYSEXE]SET.EXE 5.2.2.2 CLDs, and QARs reporting this problem: 5.2.2.2.1 CLD(s) None. 5.2.2.2.2 QAR(s) None. 5.2.2.3 Problem Analysis: See problem description. 5.2.2.4 Release Version of OpenVMS that will contain this change: OpenVMS Alpha V8.2 5.2.2.5 Work-arounds: None. Page 4 5.2.3 If /FAST_SKIP Qualifier Used No Other Qualifiers Are Processed 5.2.3.1 Problem Description: If the /FAST_SKIP qualifier is used no other qualifiers are processed. For example a SET MAGTAPE/FAST_SKIP=ALWAYS/SKIP=FILES=1 command will only execute the FAST_SKIP part of the command. Images Affected: - [SYSEXE]SET.EXE 5.2.3.2 CLDs, and QARs reporting this problem: 5.2.3.2.1 CLD(s) QXCM1000206475 5.2.3.2.2 QAR(s) None. 5.2.3.3 Problem Analysis: The check for /FAST_SKIP occurs before the check to see if a tape was mounted, after which the program exited. 5.2.3.4 Release Version of OpenVMS that will contain this change: Next release of OpenVMS Alpha after V8.2 5.2.3.5 Work-arounds: None. 5.2.4 SET DEVICE/RESET=ERROR may fail with %SYSTEM-F-BADCHAIN 5.2.4.1 Problem Description: A SET DEVICE/RESET=ERROR command may fail with a %SYSTEM-F-BADCHAIN error. Images Affected: - [SYSEXE]SET.EXE Page 5 5.2.4.2 CLDs, and QARs reporting this problem: 5.2.4.2.1 CLD(s) None. 5.2.4.2.2 QAR(s) None. 5.2.4.3 Problem Analysis: See problem description. 5.2.4.4 Release Version of OpenVMS that will contain this change: Next release of OpenVMS Alpha after V8.2 5.2.4.5 Work-arounds: None. 5.2.5 SET DEVICE/RESET=ERROR Does Not Clear Error Count 5.2.5.1 Problem Description: SET DEVICE/RESET=ERROR does not clear the error count of template devices. For example: $ SHOW DEVICE EWA0 Device Device Error Name Status Count EWA0: Online 5 $ SET DEVICE EWA0/RESET=ERROR_COUNT $ SHOW DEVICE EWA0 Device Device Error Name Status Count EWA0: Online 5 Images Affected: - [SYSEXE]SET.EXE Page 6 5.2.5.2 CLDs, and QARs reporting this problem: 5.2.5.2.1 CLD(s) QXCM1000236335 5.2.5.2.2 QAR(s) None. 5.2.5.3 Problem Analysis: SET DEVICE/RESET is operating on a clone of the template device instead of the original UCB. 5.2.5.4 Release Version of OpenVMS that will contain this change: Next release of OpenVMS Alpha after V8.2 5.2.5.5 Work-arounds: None. 6 FILES PATCHED OR REPLACED: o [SYSEXE]SET.EXE (new image) Image Identification Information image name: "SET" image file identification: "X01-13" image file build identification: "XA99-0060111010" link date/time: 30-AUG-2005 06:56:41.20 linker identification: "A11-50" Overall Image Checksum: 2601679197 7 INSTALLATION INSTRUCTIONS 7.1 Compressed File This kit is provided as a DCX compressed kit. To expand this file to the installable .PCSI file, run the file with a RUN file_name command. When the file is run you will see the following output: $ RUN VMS732_MUP-V0100.PCSI-DCX_AXPEXE FTSV DCX auto-extractible compressed file for OpenVMS (AXP) Page 7 FTSV V3.0 -- FTSV$DCX_AXP_AUTO_EXTRACT Copyright (c) Digital Equipment Corp. 1993 Options: [output_file_specification] [input_file_specification] The decompressor needs to know the filename to use for the decompressed file. If you don't specify any, it will use the original name of the file before it was compressed, and create it in the current directory. If you specify a directory name, the file will be created in that directory. Decompress into (file specification): If you want the file to be expanded into a different directory, enter the directory specification. DO NOT enter a new file name. The expanded file must retain the original name. If you want to expand the file via batch, the command file must contain an answer to the Decompress into "(file specification)" question, either a or an alternate directory specification 7.2 Installation Command Install this kit with the POLYCENTER Software installation utility by logging into the SYSTEM account, and typing the following at the DCL prompt: PRODUCT INSTALL VMS732_MUP/NOSAVE_RECOVERY_DATA [/SOURCE=location of Kit] o The kit location may be a tape drive, CD, or a disk directory that contains the kit. The /SOURCE qualifier is not needed if the PRODUCT INSTALL command is executed from the same directory as the kit location. o Because this kit corrects a security vulnerability, the replaced file will not be saved as SET.EXE_OLD. o See section "7.4 Special Installation Instructions" for additional information on the /NOSAVE_RECOVERY_DATA qualifier. o Additional help on installing PCSI kits can be found by typing HELP PRODUCT INSTALL at the system prompt. 7.3 Scripting of Answers to Installation Questions During installation, this kit will ask and require user response to several questions. If you wish to automate the installation of this kit and avoid having to provide responses to these questions, you must create a DCL command procedure that includes the following logical name definitions and commands: Page 8 o To avoid the BACKUP question, define the following: $ DEFINE/SYS NO_ASK$BACKUP TRUE o Add the following qualifiers to the PRODUCT INSTALL command and add that command to the DCL procedure. /PROD=DEC/BASE=AXPVMS/VER=V1.0/NOSAVE_RECOVERY_DATA o De-assign the logical names assigned For example, a sample command file to install the VMS732_MUP-V0100 kit would be: $ DEFINE/SYS NO_ASK$BACKUP TRUE $! $ PROD INSTALL VMS732_MUP/PRODUCER=DEC/BASE=AXPVMS- /VER=V1.0/NOSAVE_RECOVERY_DATA $! $ DEASSIGN/SYS NO_ASK$BACKUP $! $ exit $! 7.4 Special Installation Instructions: The VMS732_MUP-V0100 kit corrects a security vulnerability. Use of the /SAVE_RECOVERY_DATA qualifier will cause PCSI to save a copy of the replaced, defective file. If, at some future time, this file is restored the system will be re-exposed to this security vulnerability. Because of this, HP recommends that, if possible, the /NOSAVE_RECOVERY_DATA qualifier be used in place of the /SAVE_RECOVERY_DATA qualifier. Note, however, that if the /NOSAVE_RECOVERY_DATA qualifier is used, recovery data for this kit will not be saved and all previously created recovery data sets will be deleted. This will prevent you from using the PRODUCT UNDO PATCH command to uninstall this or previously installed kits for which recovery data had been saved. 8 COPYRIGHT AND DISCLAIMER: (C) Copyright 2005 Hewlett-Packard Development Company, L.P. Confidential computer software. Valid license from HP and/or its subsidiaries required for possession, use, or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license. Page 9 Neither HP nor any of its subsidiaries shall be liable for technical or editorial errors or omissions contained herein. The information in this document is provided "as is" without warranty of any kind and is subject to change without notice. The warranties for HP products are set forth in the express limited warranty statements accompanying such products. Nothing herein should be construed as constituting an additional warranty. DISCLAIMER OF WARRANTY AND LIMITATION OF LIABILITY THIS PATCH IS PROVIDED AS IS, WITHOUT WARRANTY OF ANY KIND. ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR PARTICULAR PURPOSE, OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED TO THE EXTENT PERMITTED BY APPLICABLE LAW. IN NO EVENT WILL HP BE LIABLE FOR ANY LOST REVENUE OR PROFIT, OR FOR SPECIAL, INDIRECT, CONSEQUENTIAL, INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY, WITH RESPECT TO ANY PATCH MADE AVAILABLE HERE OR TO THE USE OF SUCH PATCH.