Kit Name: DEC-AXPVMS-VMS82A_MUP-V0100--4.PCSI
    Kit Applies To: OpenVMS ALPHA V8.2
    Approximate Kit Size: 768 blocks
    Installation Rating: INSTALL_1
    Reboot Required: No
    Superseded Kits: None
    Mandatory Kit Dependencies: None
    Optional Kit Dependencies: None
    VMS82A_MUP-V0100.PCSI-DCX_AXPEXE Checksum: 623713352
    DEC-AXPVMS-VMS82A_MUP-V0100--4.PCSI Checksum: 3788311910


    
    =======================================================================
     Hewlett-Packard OpenVMS ECO Cover Letter
    =======================================================================




1  KIT NAME:

     VMS82A_MUP-V0100


2  KIT DESCRIPTION:

     2.1  Installation Rating:

     INSTALL_1 :  To be installed by all customers.

     This installation rating, based upon current CLD information, is
     provided to serve as a guide to which customers should apply this
     remedial kit.  (Reference attached Disclaimer of Warranty and
     Limitation of Liability Statement)


     2.2  Reboot Requirement:

     No reboot is necessary after installation of this kit.


     2.3  Version(s) of OpenVMS to which this kit may be applied:

     OpenVMS ALPHA V8.2


     2.4  New functionality or new hardware support provided:

     No


3  KITS SUPERSEDED BY THIS KIT:


      -  None



4  KIT DEPENDENCIES:

     4.1  The following remedial kit(s), or later, must be installed
          BEFORE installation of this, or any required kit:


      -  None



     4.2  In order to receive all the corrections listed in this kit,
          the following remedial kits, or later, should also be
          installed:


      -  None


                                                                Page 2


5  NEW FUNCTIONALITY AND/OR PROBLEMS ADDRESSED IN THE VMS82A_MUP-V0100
   KIT

     5.1  New functionality addressed in this kit

          Not Applicable


     5.2  Problems addressed in this kit

          5.2.1  Potential Security Vulnerability

               5.2.1.1  Problem Description:

               HP has determined that systems running OpenVMS on Alpha
               servers and Integrity servers have a potential security
               vulnerability.  This vulnerability could be exploited,
               allowing non-privileged users or remote users to cause a
               system crash.  To protect against this potential security
               risk, HP is making a mandatory update patch available for
               OpenVMS customers.  This patch is provided by installing
               this VMS82A_MUP-V0100 kit.

               Images Affected:

                -  [SYSEXE]SET.EXE



               5.2.1.2  CLDs, and QARs reporting this problem:

                    5.2.1.2.1  CLD(s)

                    None.


                    5.2.1.2.2  QAR(s)

                    None.


               5.2.1.3  Problem Analysis:

               See Problem Description


               5.2.1.4  Release Version of OpenVMS that will contain
                        this change:

               Next release of OpenVMS Alpha after V8.2

                                                                Page 3


               5.2.1.5  Work-arounds:

               None.


          5.2.2  If /FAST_SKIP Qualifier Used No Other Qualifiers Are
                 processed

               5.2.2.1  Problem Description:

               If the /FAST_SKIP qualifier is used no other qualifiers
               are processed.  For example a SET
               MAGTAPE/FAST_SKIP=ALWAYS/SKIP=FILES=1 command will only
               execute the FAST_SKIP part of the command.

               Images Affected:

                -  [SYSEXE]SET.EXE



               5.2.2.2  CLDs, and QARs reporting this problem:

                    5.2.2.2.1  CLD(s)

                    QXCM1000206475


                    5.2.2.2.2  QAR(s)

                    None.


               5.2.2.3  Problem Analysis:

               The check for /FAST_SKIP occurs before the check to see
               if a tape was mounted, after which the program exited.


               5.2.2.4  Release Version of OpenVMS that will contain
                        this change:

               Next release of OpenVMS Alpha after V8.2


               5.2.2.5  Work-arounds:

               None.


          5.2.3  SET DEVICE/RESET=ERROR Does Not Clear Error Count


                                                                Page 4


               5.2.3.1  Problem Description:

               SET DEVICE/RESET=ERROR does not clear the error count of
               template devices.  For example:

               $ SHOW DEVICE EWA0

               Device        Device           Error
               Name          Status           Count
               EWA0:         Online               5

               $ SET DEVICE EWA0/RESET=ERROR_COUNT
               $ SHOW DEVICE EWA0

               Device        Device           Error
               Name          Status           Count
               EWA0:         Online               5

               Images Affected:

                -  [SYSEXE]SET.EXE



               5.2.3.2  CLDs, and QARs reporting this problem:

                    5.2.3.2.1  CLD(s)

                    QXCM1000236335


                    5.2.3.2.2  QAR(s)

                    None.


               5.2.3.3  Problem Analysis:

               SET DEVICE/RESET is operating on a clone of the template
               device instead of the original UCB.


               5.2.3.4  Release Version of OpenVMS that will contain
                        this change:

               Next release of OpenVMS Alpha after V8.2


               5.2.3.5  Work-arounds:

               None.

                                                                Page 5


          5.2.4  SET DEVICE/RESET=ERROR may fail with %SYSTEM-F-BADCHAIN

               5.2.4.1  Problem Description:

               A SET DEVICE/RESET=ERROR command may fail with a
               %SYSTEM-F-BADCHAIN error.

               Images Affected:

                -  [SYSEXE]SET.EXE



               5.2.4.2  CLDs, and QARs reporting this problem:

                    5.2.4.2.1  CLD(s)

                    None.


                    5.2.4.2.2  QAR(s)

                    None.


               5.2.4.3  Problem Analysis:

               See problem description.


               5.2.4.4  Release Version of OpenVMS that will contain
                        this change:

               Next release of OpenVMS Alpha after V8.2


               5.2.4.5  Work-arounds:

               None.


          5.2.5  SET FILE/PROTECTION May Fail On ODS-5 Wildcard
                 Specifications

               5.2.5.1  Problem Description:

               A SET FILE/PROTECTION command may fail on some ODS-5
               wildcard specifications:

               $ DEFINE BUILD_ROOT DISK$DISK0:[user1.]-
                 /TRANSLATION_ATTRIBUTES=CONCEALED
               $ SET PROTECTION=GROUP=RE /LOG *.*
               %SET-I-PROTECTED, protection on BUILD_ROOT:[x]c.DIR;1 
               changed to S:RWE,O:RE,G:RE,W:E
               %SET-E-PRONOTCHG, protection on BUILD_ROOT:[x]d.txt;1 
               not changed -RMS-E-DNF, directory not found


                                                                Page 6


               Images Affected:

                -  [SYSEXE]SET.EXE



               5.2.5.2  CLDs, and QARs reporting this problem:

                    5.2.5.2.1  CLD(s)

                    QXCM1000234997


                    5.2.5.2.2  QAR(s)

                    75-109-221


               5.2.5.3  Problem Analysis:

               After the first directory rename, the path cache gets
               flushed because a directory changed.  LIB$SET_FILE_PROT
               forces case sensitive lookup, so subsequent files cannot
               find the directory.


               5.2.5.4  Release Version of OpenVMS that will contain
                        this change:

               Next release of OpenVMS Alpha after V8.2


               5.2.5.5  Work-arounds:

               None.


6  FILES PATCHED OR REPLACED:


      o  [SYSEXE]SET.EXE (new image)

         Image Identification Information
          
         image name: "SET"
         image file identification: "X01-13"
         image file build identification: "XAJT-0070050008"
         link date/time: 1-SEP-2005 07:41:31.49
         linker identification:  "A11-50"
         Overall Image Checksum: 221708738



                                                                Page 7


7  INSTALLATION INSTRUCTIONS

     7.1  Compressed File

     This kit is provided as a DCX compressed kit.  To expand this file
     to the installable .PCSI file, run the file with a RUN file_name
     command.  When the file is run you will see the following output:

     $ RUN VMS82A_MUP-V0100.PCSI-DCX_AXPEXE

     FTSV DCX auto-extractible compressed file for OpenVMS (AXP)
     FTSV V3.0 -- FTSV$DCX_AXP_AUTO_EXTRACT
     Copyright (c) Digital Equipment Corp. 1993

     Options: [output_file_specification] [input_file_specification]

     The decompressor needs to know the filename to use for the
     decompressed file. If you don't specify any, it will use the original
     name of the file before it was compressed, and create it in the
     current directory.  If you specify a directory name, the file will be
     created in that directory.

     Decompress into (file specification):

     If you want the file to be expanded into a different directory,
     enter the directory specification.  DO NOT enter a new file name.
     The expanded file must retain the original name.

     If you want to expand the file via batch, the command file must
     contain an answer to the Decompress into "(file specification)"
     question, either a <CR> or an alternate directory specification


     7.2  Installation Command

     Install this kit with the POLYCENTER Software installation utility
     by logging into the SYSTEM account, and typing the following at the
     DCL prompt:

     PRODUCT INSTALL VMS82A_MUP/NOSAVE_RECOVERY_DATA
     [/SOURCE=location of Kit]


      o  The kit location may be a tape drive, CD, or a disk directory
         that contains the kit.  The /SOURCE qualifier is not needed if
         the PRODUCT INSTALL command is executed from the same directory
         as the kit location.

      o  Because this kit corrects a security vulnerability, the
         replaced file will not be saved as SET.EXE_OLD.

      o  See section "7.4 Special Installation Instructions" for
         additional information on the /NOSAVE_RECOVERY_DATA qualifier.

      o  Additional help on installing PCSI kits can be found by typing
         HELP PRODUCT INSTALL at the system prompt.

                                                                Page 8


     7.3  Scripting of Answers to Installation Questions

     During installation, this kit will ask and require user response to
     several questions.  If you wish to automate the installation of
     this kit and avoid having to provide responses to these questions,
     you must create a DCL command procedure that includes the following
     logical name definitions and commands:

      o  To avoid the BACKUP question, define the following:

              $ DEFINE/SYS NO_ASK$BACKUP TRUE

      o  Add the following qualifiers to the PRODUCT INSTALL command and
         add that command to the DCL procedure.

           /PROD=DEC/BASE=AXPVMS/VER=V1.0/NOSAVE_RECOVERY_DATA



     For example, a sample command file to install the VMS82A_MUP-V0100
     kit would be:

     $ DEFINE/SYS NO_ASK$BACKUP TRUE
     $!
     $ PROD INSTALL VMS82A_MUP/PRODUCER=DEC/BASE=AXPVMS-
            /VER=V1.0/SAVE_RECOVERY_DATA
     $!
     $ DEASSIGN/SYS NO_ASK$BACKUP
     $!
     $ exit
     $!


     7.4  Special Installation Instructions:

     The VMS82A_MUP-V0100 kit corrects a security vulnerability.  Use of
     the /SAVE_RECOVERY_DATA qualifier will cause PCSI to save a copy of
     the replaced, defective file.  If, at some future time, this file
     is restored the system will be re-exposed to this security
     vulnerability.  Because of this, HP recommends that, if possible,
     the /NOSAVE_RECOVERY_DATA qualifier be used in place of the
     /SAVE_RECOVERY_DATA qualifier.  Note, however, that if the
     /NOSAVE_RECOVERY_DATA qualifier is used, recovery data for this kit
     will not be saved and all previously created recovery data sets
     will be deleted.  This will prevent you from using the PRODUCT UNDO
     PATCH command to uninstall this or previously installed kits for
     which recovery data had been saved.


8  COPYRIGHT AND DISCLAIMER:

     (C) Copyright 2005 Hewlett-Packard Development Company, L.P.
     Confidential computer software.  Valid license from HP and/or its
     subsidiaries required for possession, use, or copying.

                                                                Page 9


     Consistent with FAR 12.211 and 12.212, Commercial Computer
     Software, Computer Software Documentation, and Technical Data for
     Commercial Items are licensed to the U.S.  Government under
     vendor's standard commercial license.

     Neither HP nor any of its subsidiaries shall be liable for
     technical or editorial errors or omissions contained herein.  The
     information in this document is provided "as is" without warranty
     of any kind and is subject to change without notice.  The
     warranties for HP products are set forth in the express limited
     warranty statements accompanying such products.  Nothing herein
     should be construed as constituting an additional warranty.

     DISCLAIMER OF WARRANTY AND LIMITATION OF LIABILITY

     THIS PATCH IS PROVIDED AS IS, WITHOUT WARRANTY OF ANY KIND.  ALL
     EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES,
     INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR
     PARTICULAR PURPOSE, OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED TO THE
     EXTENT PERMITTED BY APPLICABLE LAW.  IN NO EVENT WILL HP BE LIABLE
     FOR ANY LOST REVENUE OR PROFIT, OR FOR SPECIAL, INDIRECT,
     CONSEQUENTIAL, INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND
     REGARDLESS OF THE THEORY OF LIABILITY, WITH RESPECT TO ANY PATCH
     MADE AVAILABLE HERE OR TO THE USE OF SUCH PATCH.