Release Notes for HP TCP/IP Services for OpenVMS V5.6 Update ECO 3 ________________________________________________________________ © 2008 Hewlett-Packard Development Company, L.P. UNIX[R] is a registered trademark of The Open Group. Microsoft[R] is a US registered trademark of Microsoft Corporation. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein. Proprietary computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license. The HP TCP/IP Services for OpenVMS documentation is available on CD-ROM. --------------------------------------------------------------------------- Installation Note --------------------------------------------------------------------------- This V5.6 ECO 3 kit is delivered as a complete product kit. It is not necessary to install the original V5.6 kit before installing ECO 3. --------------------------------------------------------------------------- Known Problems and Restrictions --------------------------------------------------------------------------- Reference: 30-14-195 The dnssec_signzone utility can experience a hang when invoked via a foreign symbol. The utility does not exhibit this behavior when run from the command line using a foreign symbol or MCR, nor when the -r option is used to specify a source of entropy. Reference: 75-109-1614 In SFTP, an "ls" command entered using a path in OpenVMS format displays with UNIX style formatting, e.g.: sftp> ls [.ssh_testfiles] ./ssh_testfiles ./ssh_testfiles/98277_SLF.Z;1 Reference: 30-15-53 An IP address added to a tunnel interface cannot be seen with ifconfig. The new address cannot be seen unless you do a netstat -rn. Reference: 30-14-201 COPY /FTP does not properly support ODS-5 filesystem files. Reference: 30-14-202 VMS mail using a distribution list to invalid remote addresses does not get bounced. However, mail to an invalid local address does get bounced. Reference: 30-14-203 In SFTP, the "ls -R" command fails to handle subdirectories if the directory filename includes ODS-5 extended characters. Reference: 30-14-204 The sftp command: sftp> ls [.ssh_testfiles]*.* does not give a complete listing. The following commands work properly: sftp> ls [.ssh_testfiles]*.*;* sftp> ls [.ssh_testfiles]* Reference: 30-14-205 The SFTP "get" command is not parsing version numbers to the file correctly. For example, the following input gets a version of the file although the version number is invalid: sftp> get TCPIP$FTP_SERVER.LOG;-5000000 Reference: 30-14-206 No error message appears with an SFTP "get" on a file with an invalid version number and also a wildcard character. Reference: 30-14-207 In SFTP, the "lrm" command fails with the wildcard character ("*"). sftp> lrm *.*;* Command failed. sftp> lrm BIG_VFC.*;* Command failed. Reference: customer contact Use of the colon character (":") in the pathname for the source and/or destination filename parameters to the SCP command may cause a delay. Due to an overloading of the colon character in SCP syntax to indicate a hostname and in OpenVMS as a path delimiter, what is intended to be an OpenVMS logical name for a device or directory in an SCP file parameter may be checked as a hostname first and passed to a DNS lookup. Normally this is benign, but this could incur an otherwise unexplainable wait in an environment experiencing DNS lookup delays. To avoid the possibility of confusion, use UNIX-style filename syntax. Reference: 70-5-2986 After a "SET SERVICE" command is used to define a new user defined TCP service, if the same "SET SERVICE" command is entered again, the service may appear disabled and cannot be re-enabled. Reference: 75-118-315 The SFTP client exhibits a memory leak. It runs out of memory and generates an error message following extensive use of wildcard filenames in get and put operations. --------------------------------------------------------------------------- Corrections for HP TCP/IP Services V5.6 BIND Server and Resolver Components --------------------------------------------------------------------------- ECO 1 updates ------------- 23-Jun-2006 Alpha and IA64 Problem: TCPIP$BIND_STARTUP.COM produced %SYSTEM-W-NOSUCHFILE and %DCL-E-INVIFNEST errors when the SYS$SHARE:SSL$LIBCRYPTO_SHR32.EXE image was not present on the system. Deliverables: TCPIP$BIND_STARTUP.COM Reference: TCPIP_BUGS Note 3474 17-Jul-2006 Alpha and IA64 Problem: A %LIBRAR-E-LOOKUPERR error occurred during TCPIP$CONFIG of the BIND server. It mistakenly looked for LOOPBACK_DB. Deliverables: TCPIP$CONFIG.COM Reference: PTR 30-13-391, TCPIP_BUGS Note 3477 19-Sep-2006 Alpha and IA64 Problem: TCPIP$BINDSETUP needed to conform to new BIND localhost database file name. Deliverables: TCPIP$BINDSETUP.COM Reference: PTR 70-5-3006, TCPIP_BUGS Note 3500 26-Sep-2006 IA64 Only Problem: Entering a CTRL/C during the output of a TCPIP SHOW HOST (/NOLOCAL) command could trigger an ACCVIO error within the BIND resolver. Deliverables: TCPIP$ACCESS_SHR.EXE Reference: PTR 75-118-17, TCPIP_BUGS Note 3503 17-Oct-2006 Alpha and IA64 Problem: Add the ability to produce memory usage statistics for the BIND Server. Deliverables: TCPIP$BIND_SERVER.EXE Reference: PTR 70-5-3031, TCPIP_BUGS Note 3508 Note: There is now a method to display the memory usage statistics for the BIND Server. First, define the logical name: $ DEFINE /SYSTEM TCPIP$BIND_MEMSTATS 1 TCPIP$BIND_MEMSTATS is an existence logical name. The value does not matter; all that matters is that it is defined. Use either the "rndc stats" command or the "TCPIP SHOW NAME /STATISTICS" command to send the memory usage statistics to the file TCPIP$BIND.STATS. The memstats information will complement the server Statistics Dump information that is normally sent to the file. 25-Jan-2006 Alpha and IA64 Problem: A delay was experienced using the "route add" command when the BIND resolver is disabled. Deliverables: TCPIP$IPC_SHR.EXE Reference: TCPIP_BUGS Note 3531, PTR 70-5-3070 31-Jan-2006 Alpha and IA64 Problem: TCPDUMP, and potentially other applications, failed to resolve names from the local host db. (When _SOCKADDR_LEN was not defined, a call to the getaddrinfo() function would not look in the local host database.) When getaddrinfo() was called with the hints arg as NULL, the routine would ACCVIO. Deliverables: TCPIP$IPC_SHR.EXE Reference: TCPIP_BUGS Note 3534 23-Mar-2007 Alpha and IA64 Problem: The getaddrinfo() function sometimes returned AF_INET structures even when the AI_V4MAPPED flag was set. The most obvious effect was that attempting to reach an unresponsive host via TELNET would provoke a strange IPv6-looking address in the TELNET client's "Trying ..." message. Deliverables: TCPIP$IPC_SHR.EXE References: PTR 75-13-1872, TCPIP_BUGS Note 3556 25-Apr-2007 Alpha and IA64 Problem: Specifying an invalid port number to getnameinfo() results in an ACCVIO error. Deliverables: TCPIP$IPC_SHR.EXE Reference: TCPIP_BUGS Note 3570 7-May-2007 Alpha and IA64 Problem: The getnameinfo() NI_* flag values were improperly changed for V5.6 when updating to the BIND 9 resolver. Changing these values broke applications that were built on pre_v5.6 versions of TCP/IP Services for OpenVMS. Deliverables: NETDB.H TCPIP$IPC_SHR.EXE (multiple applications) Reference: TCPIP_BUGS Note 3582 Note: The NI_* flag values for the getnameinfo() function were improperly changed with the V5.6 release. This would cause any applications using the NI_* flag values that were built against pre-V5.6 TCP/IP versions to not run as expected on TCP/IP V5.6. This problem has been corrected, and the flag values have been returned to their pre-V5.6 definitions. Note that any applications using the NI_* flag values that were built against V5.6 will no longer execute properly on V5.6 ECO1 or later. These applications should be rebuilt. ECO 2 updates ------------- 16-Jul-2007 Alpha and IA64 Problem: The undocumented TCPIP$SYSTEM:HOSTS.DAT ASCII file was still being provided during TCP/IP installation, but the file is no longer used by the BIND resolver. Deliverables: None Reference: TCPIP_BUGS Note 3598 ECO 3 updates ------------- 9-Aug-2007 Alpha and IA64 Problem: Query ID's generated by the DNS server were vulnerable to cryptographic analysis. Deliverables: TCPIP$BIND_SERVER.EXE Reference: TCPIP_BUGS Note 3608 8-May-2008 Alpha and IA64 Problem: BIND cluster-wide startup and shutdown command procedures were generated with embedded physical device names, requiring extra work upon changing to a new system disk. Deliverables: TCPIP$BIND_CLUSTER_SETUP.COM Reference: QXCM1000787147 15-May-2008 Alpha and IA64 Problem: The BIND9 Resolver aborted when multiple threads called getadrinfo simultaneously, even though RFC 3493 describes getaddrinfo as a thread safe or re-entrant function. Deliverables: TCPIP$IPC_SHR.EXE Reference: 75-118-578 25-Jul-2008 Alpha and IA64 Problem: The BIND/DNS server was vulnerable to a widely publicized spoofing and cache-poisoning attack. Deliverables: TCPIP$BIND_SERVER.EXE Reference: SSRT080058 --------------------------------------------------------------------------- Corrections for HP TCP/IP Services V5.6 DHCP Component --------------------------------------------------------------------------- ECO 1 updates ------------- 15-Sep-2006 Alpha and IA64 Problem: When DNS updates were enabled, the DHCP server would not update the DNS server correctly if the netmask for the client's network differed from 255.255.255.0. Deliverables: TCPIP$DHCP_SERVER.EXE Reference: PTR 70-5-2947, TCPIP_BUGS Note 3498 24-Jan-2007 Alpha and IA64 Problem: The DHCP client, when run in a cluster where the TCPIP$* data files were shared between cluster members, could incur RMS-E-FLK errors when running the TCPIP$$SETHOSTNAME.COM script's SET HOST and SET NOHOST commands. Deliverables: TCPIP$DHCP_CLIENT.EXE Reference: TCPIP_BUGS Note 3528 ECO 2 updates ------------- 4-Apr-2007 Alpha and IA64 Problem: There was no way to disable the OpenVMS DHCP server on one or more interfaces. It always listened on all interfaces. To address this, a new logical name is now supported: TCPIP$DHCP_IGNOR_IFS. Deliverables: TCPIP$DHCP_SERVER.EXE References: PTR 70-5-3005, QXCM1000365692 ECO 3 updates ------------- 10-Dec-2007 Alpha and IA64 Problem: The DHCPSIGHUP command had to be issued twice in order to update the DHCP Debug Level. Deliverables: TCPIP$DHCP_CLIENT.EXE TCPIP$DHCP_DBDUMP.EXE TCPIP$DHCP_SERVER.EXE TCPIP$DHCP_CLIENT_CONF.EXE TCPIP$DHCP_BPASCIITODBMOD.EXE Reference: 75-117-53 --------------------------------------------------------------------------- Corrections for HP TCP/IP Services V5.6 failSAFE IP Component --------------------------------------------------------------------------- ECO 1 updates ------------- 26-Jul-2006 Alpha and IA64 Problem: FailSAFE IP would not read its configuration file if stored in STREAM_LF format. Deliverables: TCPIP$FAILSAFE.EXE Reference: PTR 70-5-2692 2-Nov-2006 Alpha and IA64 Problem: In some configurations, failSAFE would pick the wrong interface to monitor. This was displayed on OPCOM and in the logfile during failSAFE IP startup. Deliverables: TCPIP$FAILSAFE.EXE Reference: PTR 70-5-3037, TCPIP_BUGS Note 3513 31-Jan-2007 Alpha and IA64 Problem: If the interface_list was not specified, then the default behavior should be to monitor *all* interfaces. A previous ECO fix broke this default. Deliverables: TCPIP$FAILSAFE.EXE Reference: PTR 70-5-3074 8-May-2007 Alpha and IA64 Problem: failSAFE IP failover sometimes lost the default route when IPv6 was configured. Deliverables: TCPIP$FAILSAFE.EXE Reference: PTR 75-118-364 ECO 3 updates ------------- 19-Oct-2007 Alpha and IA64 Problem: Under certain circumstances, only the first static route was reliably failing over. This was typically the default route. Deliverables: TCPIP$FAILSAFE.EXE Reference: 75-117-58 --------------------------------------------------------------------------- Corrections for HP TCP/IP Services V5.6 FINGER Components --------------------------------------------------------------------------- ECO 3 updates ------------- 4-Jun-08 Alpha and IA64 Problem: The FINGER server did not properly enforce file access restrictions when following symbolic links. The client was vulnerable to a format string attack. Deliverables: TCPIP$FINGER.EXE TCPIP$FINGER_SERVER.EXE Reference: SSRT080079, TCIP_BUGS Note 3674 --------------------------------------------------------------------------- Corrections for HP TCP/IP Services V5.6 FTP Server and Client Components --------------------------------------------------------------------------- ECO 1 updates ------------- 8-Mar-2007 Alpha and IA64 Problem: The FTP server, upon receiving a USER command in a session that was already logged in, failed to return a proper error, leading to a hang. It should send "503 User SMITH, is already logged in". Deliverables: TCPIP$FTP_SERVER.EXE Reference: PTR 70-5-3087 16-Mar-2007 Alpha and IA64 Problem: COPY/FTP TEST.EXE_OLD nodename"username password"::*.EXE created a file named "_.EXE" on the remote system. Also, COPY/FTP TEST.EXE_OLD nodename"username password"::FILE.* created a file named "FILE._" on the remote system. Deliverables: TCPIP$FTP_CLIENT.EXE References: PTR 70-5-3052, QXCM1000383582 23-Mar-2007 Alpha and IA64 Problem: FTP did not understand "expanded" rooted logical name syntax. Deliverables: TCPIP$FTP_CLIENT.EXE TCPIP$FTP_SERVER.EXE References: PTR 70-5-2594, QXCM1000188905 10-May-2007(REV.1) Alpha and IA64 Problem: The FTP server terminates with an ACCVIO error when there are a lot of connections and disconnections. The FTP server also gets error messages such as: session connection from 127.124.172.114 at 11-JAN-2007 18:42:08.42 %SYSTEM-F-NOSLOT, no PCB available %TCPIP-E-FTP_CREPRC, failed to create a child process Deliverables: TCPIP$FTP.EXE Reference: PTR's 70-5-3068 and 70-5-2879 ECO 2 updates ------------- 29-Jun-2007 Alpha and IA64 Problem: The DIRECTORY /FTP command would not return a failure status, even when the target file did not exist. Deliverables: TCPIP$FTP_CLIENT.EXE Reference: QXCM1000438988 ECO 3 updates ------------- 3-Sep-2007 Alpha and IA64 Problem: The FTP client did not properly construct wildcarded filenames. COPY /FTP TEST.EXE_OLD nodename"username password"::*.EXE created a file named "_.EXE" on the remote system. Also, COPY /FTP TEST.EXE_OLD nodename"username password"::FILE.* would create a file named "FILE._" on the remote system. Deliverables: TCPIP$FTP_CLIENT.EXE Reference: QXCM1000383582, QXCM1000435497, QXCM1000452204 27-Sep-2007 Alpha and IA64 Problem: Entries made in the TCPIP$ETC:IPNODES.DAT file were not seen by the FTP client. Deliverables: TCPIP$FTP_CLIENT.EXE Reference: PTR 75-109-1540 5-Oct-2007 Alpha and IA64 Problem: The OpenVMS FTP client was echoing keyboard input associated with the Account (ACCT) command. Because some FTP servers use the "account" as a secondary password, this raised security concerns. Deliverables: TCPIP$FTP_CLIENT.EXE Reference: QXCM1000372468 22-Apr-2008 Alpha and IA64 Problem: Because of a non existent owner on the destination system, the commands GET /FDL and COPY /FTP/FDL would fail. The original owner should be omitted or ignored. Deliverables: TCPIP$FTP_CLIENT.EXE Reference: QXCM1000790809, Note 2562 10-May-2008 Alpha and IA64 Problem: When using passive mode on a multihomed system, the FTP client was not careful to ensure that the source IP address for the data connection matched the one used for the control connection. Many FTP servers reject such connections for security reasons. Deliverables: TCPIP$FTP_CLIENT.EXE Reference: 70-5-2961 --------------------------------------------------------------------------- Corrections for HP TCP/IP Services V5.6 IMAP Server Component --------------------------------------------------------------------------- ECO 1 updates ------------- 6-Jun-2007 Alpha and IA64 Problem: The IMAP server crashed while LISTing >100 empty folders. Deliverables: TCPIP$IMAP_SERVER.EXE Reference: PTR 75-109-1667 ECO 3 updates ------------- 28-Feb-08 Alpha and IA64 Problem: An IMAP server process could hang in the exception handler. Deliverables: TCPIP$SMTP_MAILSHR.EXE Reference: QXCM1000435029 --------------------------------------------------------------------------- Corrections for HP TCP/IP Services V5.6 INETDRIVER Component --------------------------------------------------------------------------- ECO 2 updates ------------- 5-Jun-2007 Alpha and IA64 Problem: Users of the SRI QIO interface (INETDRIVER) experienced a system crash with INVEXCEPTN in routine KVCI$$GENERATE_ASSOC_ID. Deliverables: TCPIP$INETDRIVER.EXE References: QXCM1000428905, TCPIP_BUGS Note 3589 --------------------------------------------------------------------------- Corrections for HP TCP/IP Services V5.6 IPC (socket library) Component --------------------------------------------------------------------------- ECO 1 updates ------------- 31-Jul-2006 Alpha and IA64 Problem: Defintions were missing for certain TCP socket options in SYS$SHARE:TCPIP$INETDEF.*. The defintions added with this revision are: #define INET$C_TCP_TSOPTENA 16 /* time stamp option */ #define INET$C_TCP_PAWS 32 /* PAWS option */ #define INET$C_TCP_SACKENA 64 /* SACK enabled */ Couterparts with the TCPIP$ prefix, in place of the INET$ prefix, were also added. Deliverables: TCPIP$INETDEF.* Reference: PTR 70-5-2980 3-Nov-2006 Alpha and IA64 Problem: The getnameinfo() function returned an "unknown name or service" error if the specified address could not be found. The RFC states that it should return the address. The routine also did not honor the NI_NAMEREQD or NI_NOFQDN flags in all cases. Deliverables: TCPIP$IPC_SHR.EXE Reference: TCPIP_BUGS Note 3514 ECO 3 updates ------------- 10-Nov-2007 Alpha and IA64 Problem: freeaddrinfo() caused an ACCVIO condition when passed a NULL pointer. Deliverables: TCPIP$IPC_SHR.EXE Reference: 75-117-35 6-Nov-2007 Alpha and IA64 Problem: The BIND9 Resolver sent queries for IPv6 addresses before querying for IPv4 addresses, even when no local IPv6 addresses were configured. Deliverables: TCPIP$IPC_SHR.EXE Reference: QXCM1000463232, Note 11183 20-Nov-2007 Alpha and IA64 Problem: The BIND9 Resolver AI_ALL and AI_V4MAPPED flags for getaddrinfo were inadvertently shifted, preventing IPv6 applications built against previous versions of TCPIP from working on TCPIP V5.6. NOTE: Because the previous flag values are restored, some IPv6 applications built for the original TCPIP V5.6 release will no longer function correctly following the installation of this ECO kit. The relevant header file is "netdb.h". Application developers having trouble with these flags should ensure they are using a "netdb.h" file with the old (and recently restored) values. Deliverables: NETDB.H, Full kit Reference: QXCM1000463763 --------------------------------------------------------------------------- Corrections for HP TCP/IP Services V5.6 LPD Component --------------------------------------------------------------------------- ECO 1 updates ------------- 20-Dec-2006 Alpha and IA64 Problem: LPD printing with the qualifier /PARAMETERS=MAIL included an incorrect job status in the resulting mail message. Deliverables: TCPIP$LPD_SHR.EXE Reference: PTR 75-109-1670 22-Jan-2007 Alpha and IA64 Problem: Printing to an LPD queue with a large (over 1024 characters) setup module was inefficient. Although correct output was printed, the logfile showed that for each job, there was a series of attempts to read the setup module into increasingly large buffers. Deliverables: TCPIP$LPD_SHR.EXE TCPIP$LPD_SMB.EXE Reference: PTR 70-5-3033/QXCM1000373653 Note: A new configuration parameter "Setup-Buffer-Size" (in the TCPIP$LPD.CONF file) will allow the system manager to specify the initial setup module buffer size. The default value is 1024 bytes. ECO 3 updates ------------- 24-Sep-2007 Alpha and IA64 Problem: Overly numerous "TCPIP-E-LPD_REQREJECT" messages appeared when attempting to deliver LPD jobs to a printer that was not in service. Deliverables: TCPIP$LPD_SHR.EXE TCPIP$LPD_RCV.EXE TCPIP$LPD_SMB.EXE TCPIP$LPD_UTILITIES.EXE Reference: QXCM1000460114 17-Sep-2008 Alpha only Problem: A latent coding defect within the LPD symbiont led the symbiont to exit with an ACCVIO condition once the VMS83A_RMS V8.0 (or later) patch was installed on an OpenVMS 8.3 Alpha system. NOTE: LPD users should install this TCPIP V5.6 ECO 3 kit along with the RMS V8.0 or V9.0 patch. Deliverables: TCPIP$LPD_SMB.EXE Reference: QXCM1000834160 --------------------------------------------------------------------------- Corrections for HP TCP/IP Services V5.6 Management Utilities --------------------------------------------------------------------------- ECO 1 updates ------------- 3-Aug-2006 Alpha and IA64 Problem: "netstat -i" was not correctly displaying network names. Deliverables: TCPIP$NETSTAT.EXE Reference: PTR 70-5-2981 23-Apr-2007 Alpha and IA64 Problem: Attempting to use the "dig" utility resulted in a misleading and unsightly error message when the BIND resolver was not enabled. Deliverables: TCPIP$DIG.EXE TCPIP$HOST.EXE Reference: QXCM1000419862 ECO 2 updates ------------- 8-May-2007 Alpha and IA64 Problem: TCPIP$CONFIG.COM did not see devices where their controller letter did not begin with "A". For example, if EIB existed but EIA did not, then the EI controller did not appear in the Interface menu. Deliverables: TCPIP$CONFIG.COM Reference: PTR 75-118-22 14-Jun-2007 Alpha and IA64 Problem: Issuing the following command resulted in an ACCVIO due to a missing argument for the ip6hoplimit value: $ ifconfig we0 inet6 ip6hoplimit Deliverables: TCPIP$IFCONFIG.EXE Reference: PTR 75-117-29 ECO 3 updates ------------- 28-Aug-2007 Alpha and IA64 Problem: When executing 'netstat -z', it would return the message: netstat: -z is not implemented on this operating system Netstat will now zero the counters. In addition, if you attempt to use the -z option without privileges, netstat will no longer attempt to display the counters, but rather display a simple message: netstat: must be root to zero counters Deliverables: TCPIP$NETSTAT.EXE Reference: QXCM1000452533 --------------------------------------------------------------------------- Corrections for HP TCP/IP Services V5.6 NET (Kernel) Components --------------------------------------------------------------------------- ECO 1 updates ------------- 24-Jul-2006 Alpha and IA64 Problem: Various system crashes were reported, involving corruption of non-paged pool. Deliverables: TCPIP$INTERNET_SERVICES.EXE Reference: PTR 75-109-1814, QXCM1000349964, QXCM1000330020, QXCM1000352590 1-Dec-2006 Alpha and IA64 Problem: SACK retransmission resulted in too much data being retransmitted; that is, it retransmitted beyond the SACK Left Edge, SLE. Deliverables: TCPIP$INTERNET_SERVICES*.EXE,.STB Reference: PTR 70-5-3025, Note 10983 6-Mar-2007 Alpha and IA64 Problem: While it was possible to set the socket options, it was not possible to sense two of them: SHARE and FULL_DUPLEX_CLOSE. Deliverables: TCPIP$INTERNET_SERVICES.EXE Reference: PTR 70-5-3086, QXCM1000401933, TCPIP_BUGS Note 3545 13-Mar-2007 Alpha and IA64 Problem: The system crashed after a mysterious failure to start TCPIP, reporting a SPLIPLHIGH error. Deliverables: TCPIP$BGDRIVER.EXE Reference: PTR 75-118-237, TCPIP_BUGS Note 3547 13-Mar-2007 Alpha and IA64 Problem: Setting the inet sysconfig parameter "ovms_printf_to_opcom" may cause a crash, at TCPIP start, on any version of the scaling kernel. The crash will happen if the startup code attempts to print something, for instance: sysconfigtab: attribute sobacklog_hiwat in subsystem socket can't be configured Deliverables: TCPIP$INTERNET_SERVICES.EXE Reference: PTR 30-15-127, TCPIP_BUGS Note 3548 13-Mar-2007 Alpha and IA64 Problem: A system crash occurred due to a coded bugcheck in routine m_copym() because an unexpected negative offset was calculated during SACK (selective acknowledgement) processing. Deliverables: TCPIP$INTERNET_SERVICES.EXE References: PTR 70-5-3066, 70-5-3071, 70-5-3073, QXCM1000391369, QXCM1000394833, QXCM1000395526, TCPIP_BUGS Note 3549 20-Mar-2007 Alpha and IA64 Problem: The system occasionally crashed or created an ACK storm during some circumstances involving packet loss and SACK processing. Deliverables: TCPIP$INTERNET_SERVICES.EXE References: PTR 70-5-3073, 70-5-3025, 70-5-3066, 70-5-3071 14-Apr-2007 Alpha and IA64 Problem: A system crash within the TCPIP$INTERNET_SERVICES execlet occurred while processing a select() call. Deliverables: TCPIP$INTERNET_SERVICES.EXE Reference: TCPIP_BUGS Note 3566 30-Apr-2007 Alpha and IA64 Problem: It was not possible to disable certain error messages displayed via OPCOM or directly to the operator console. Deliverables: TCPIP$INTERNET_SERVICES.EXE References: PTR 70-5-3094, QXCM1000408850, TCPIP_BUGS Note 3573 Note: Messages like the following: arp: local IP address nn.nn.nn.nn in use by hardware address mm-mm-mm-mm-mm-mm can now be displayed in several ways: $ sysconfig -r inet ovms_printf_to_opcom=1 ! On OPCOM $ sysconfig -r inet ovms_printf_to_opcom=0 ! On OPA0: $ sysconfig -r inet log_open=1 ! No display In the future, the final setting may send messages to the SYSLOG facility if and when it is implemented. 30-Apr-2007 Alpha and IA64 Problem: The system crashed during a select() operation, or immediately afterward. Deliverables: TCPIP$INTERNET_SERVICES.EXE References: PTR 70-5-3103, QXCM1000414296, TCPIP_BUGS Note 3574 30-Apr-2007 Alpha and IA64 Problem: The system crashed during TCPIP shutdown followed by startup. Deliverables: TCPIP$INTERNET_SERVICES.EXE Reference: PTR 75-118-18, TCPIP_BUGS Note 3575 7-May-2007 Alpha and IA64 Problem: Add debug code to verify MBAG free list during get and free. Deliverables: TCPIP$INTERNET_SERVICES.EXE References: WFM3218636053, TCPIP_BUGS Note 3579 7-May-2007 Alpha and IA64 Problem: Process went into RWAST state during process rundown. Deliverables: TCPIP$INTERNET_SERVICES.EXE References: PTR 75-117-25, TCPIP_BUGS Note 3580 ECO 2 updates ------------- 21-Jun-2007 Alpha and IA64 Problem: Under certain conditions, use of the select() function resulted in a non-paged pool memory leak. Deliverables: TCPIP$INTERNET_SERVICES.EXE Reference: QXCM1000437259, TCPIP_BUGS Note 3594 27-Jun-2007 Alpha and IA64 Problem: A select() operation with certain parameters could cause the issuing process to enter RWAST state. Deliverables: TCPIP$INTERNET_SERVICES.EXE Reference: QXCM1000437259, TCPIP_BUGS Notes 3595 and 3602 27-Jun-2007 Alpha and IA64 Problem: Multicast traffic could be lost when aggressive IGMP snooping was enabled on a switch. This was the result of OpenVMS delaying IGMP reports when the IGMP query specified a maximum response time less than 10 seconds. Deliverables: TCPIP$INTERNET_SERVICES.EXE Reference: QXCM1000419821 19-Jul-2007 Alpha and IA64 Problem: Extensive use of Out Of Band data by applications could trigger a system crash at offset PANIC_C+00330 (V5.6-9, IA64). Deliverables: TCPIP$INTERNET_SERVICES.EXE References: QXCM1000424026, TCPIP_BUGS Note 3601 ECO 3 updates ------------- 14-Oct-2007 Alpha and IA64 Problem: The INETACP process experienced a deadlock, frequently stuck in RWAST state. The internal AQB (work queue) would be non-empty, with perhaps hundreds of outstanding requests. Deliverables: TCPIP$INETACP.EXE TCPIP$INTERNET_SERVICES.EXE Reference: 70-5-2625, QXCM1000436195, QXCM1000471509, Note 10846, Note 11092, TCPIP_BUGS Note 3623 19-Oct-2007 Alpha and IA64 Problem: When the TCPIP$INETACP process attempted to write an error message, but the socket send buffer was full, a hang could result. Deliverables: TCPIP$INETACP.EXE Reference: QXCM1000715356, TCPIP_BUGS Note 3628 21-Dec-2007 Alpha and IA64 Problem: A system crash with INCONSTATE status could occur during processing of badly formed SACK packets. Deliverables: TCPIP$INTERNET_SERVICES.EXE Reference: QXCM1000770128, QXCM1000742235 26-Jan-2008 IA64 only Problem: On OpenVMS Integrity systems, the TCPIP START ROUTING command failed to actually start a dynamic routing process (ROUTED or GATED). Deliverables: TCPIP$INETACP.EXE Reference: TCPIP_BUGS Note 3643, QXCM1000753868 18-Feb-2008 Alpha and IA64 Problem: ICMP6 timeouts would occur more frequently than the required 500ms and 200ms. Deliverables: TCPIP$INTERNET_SERVICES.EXE Reference: TCPIP_BUGS Note 3644 18-Apr-2008 Alpha and IA64 Problem: A system crash occured with PGFIPLHI status, with a PC of INET_SENSE_SOCKET_COUNTERS_C+004A8 (on A56-ECO2). Deliverables: TCPIP$INTERNET_SERVICES.EXE Reference: QXCM1000791937, TCPIP_BUGS Note 3656 18-Apr-2008 Alpha and IA64 Problem: Service limits for NOLISTEN services were not strictly enforced. Deliverables: TCPIP$INTERNET_SERVICES.EXE Reference: QXCM1000784646, TCPIP_BUGS Note 3657 6-May-2008 Alpha and IA64 Problem: An MBUF leak (type MT_CONTROL) was observed within the kernel. Deliverables: TCPIP$INTERNET_SERVICES.EXE Reference: QXCM1000780406, TCPIP_BUGS Note 3661 7-May-2008 Alpha and IA64 Problem: The following ND6 test cases failed during IPv6 Logo testing: 11. Part A: Neighbor Solicitation Origination, Target Address Being Link-local 12. Part B: Neighbor Solicitation Origination, Target Address Being Global Deliverables: TCPIP$INTERNET_SERVICES.EXE Reference: TCPIP_BUGS Note 3666 11-Oct-2008 Alpha and IA64 Problem: An INCONSTATE bugcheck could occur when an application specified invalid parameters on an IO$_READVBLK QIO operation. Deliverables: TCPIP$INTERNET_SERVICES.EXE Reference: QXCM1000861376, TCPIP_BUGS Note 3682 --------------------------------------------------------------------------- Corrections for HP TCP/IP Services V5.6 NFS Client Component --------------------------------------------------------------------------- ECO 1 updates ------------- 25-Jan-2006 Alpha and IA64 Problem: When using the NFS client, the system crashed with PGFIPLHI, Pagefault with IPL too high, or INVEXCEPTN, Exception while above ASTDEL. Deliverables: TCPIP$DNFS_MOUNT_SHR.EXE Reference: TCPIP_BUGS Note 3529 --------------------------------------------------------------------------- Corrections for HP TCP/IP Services V5.6 NFS Server and related Components --------------------------------------------------------------------------- ECO 1 updates ------------- 8-Aug-2006 Alpha and IA64 Problem: LOCKD temporary files were not being removed from SYS$SYSDEVICE:[TCPIP$NFSLCK] after they were no longer needed. The files were named LOCKDxxxxPID.;1 where xxxx was a unique series of letters and PID was the pid for the process. The files were zero blocks in size, but the customer was concerned what effect leaving these files unchecked might have in a production environment. Deliverables: TCPIP$LOCKD_RUN.COM Reference: PTR 70-5-2973, Note 10956, TCPIP_BUGS Note 3486 25-Jan-2006 Alpha and IA64 Problem: While using the NFS server, the following system crash occurred: INVEXCEPTN, Exception while above ASTDEL Exception was an "Unaligned Reference Fault" for an address that was inside an NFS KPB thread stack. The exception address was inside the "EFI/PAL/SAL Memory" region (see SDA CLUE SHOW MEMORY /LAYOUT command). Deliverables: TCPIP$NFS_SERVICES.EXE Reference: TCPIP_BUGS Note 3530 ECO 3 updates ------------- 27-Feb-2008 Alpha and IA64 Problem: The NFS server failed to trigger a defined exception handler. Deliverables: TCPIP$CFS_SHR.EXE Reference: QXCM1000406175, TCPIP_BUGS Note 3646 27-Feb-2008 Alpha and IA64 Problem: An INVEXCEPTN bugcheck occurred at OPENVMS_BFS_GETATTR_VMS line 87591: REMQUEQ from PSPEC$A_NFS_USER_BLOCKS[0]. Other PC's were also possible. Deliverables: TCPIP$NFS_SERVER.EXE Reference: QXCM1000464565, QXCM1000752720, TCPIP_BUGS Note 3647 6-Mar-2008 Alpha and IA64 Problem: The LOCKD process crashed with an ACCVIO condition. Deliverables: TCPIP$LOCKD.EXE; Reference: QXCM1000458999 11-Apr-2008 Alpha and IA64 Problem: The NFS server failed to create files with names that contain an odd number of bytes (e.g. "a.t", "aaa.t", and "aaaaa.t"). The server returned ENOENT. Deliverables: TCPIP$CFS_SHR.EXE Reference: QXCM1000796289, TCPIP_BUGS Note 3654 --------------------------------------------------------------------------- Corrections for HP TCP/IP Services V5.6 NTP Component --------------------------------------------------------------------------- ECO 1 updates ------------- 4-Dec-2006 Alpha and IA64 Problem: NTPDC incorrectly displayed the "keyid" as optional in the usage and help statements. Deliverables: TCPIP$NTPDC.EXE Reference: TCPIP_BUGS Note 3519 Note: A related correction applies to the Management Guide, section 13.8.3.3 NTPDC Request Commands: For broadcast bullet only: change "[prefer]" to "[minpoll]". 21-Mar-2007 Alpha and IA64 Problem: NTP does not synchronize during the repeated hour at the summer to winter time change. Deliverables: TCPIP$NTP.EXE Reference: 70-5-3076, TCPIP_BUGS Note 3555 --------------------------------------------------------------------------- Corrections for HP TCP/IP Services V5.6 POP Component --------------------------------------------------------------------------- ECO 2 updates ------------- 19-Jun-2007 IA64 only Problem: The version number on POP's "XTND STATS" command was fixed at compile time, on the Integrity platform, rather than being based upon the image ident of the POP server. Deliverables: TCPIP$POP_SERVER.EXE Reference: PTR 75-118-363 --------------------------------------------------------------------------- Corrections for HP TCP/IP Services V5.6 PWIP Component --------------------------------------------------------------------------- ECO 1 updates ------------- 20-Sep-2006 Alpha and IA64 Problem: A system crash occurred during PWIP shutdown: "DECNET, DECnet detected a fatal error". Deliverables: TCPIP$PWIPDRIVER.EXE Reference: PTR 70-5-3004, QXCM1000351730, TCPIP_BUGS Note 3501 4-Apr-2007 Alpha and IA64 Problem: Bulk data transfer (such as file copy) performance across a PWIP connection (such as DECnet over IP) was slow, relative to FTP, over certain types of networks. There was no way to increase the TCP window size for such a connection. Deliverables: TCPIP$PWIPACP.EXE References: QXCM1000414330, TCPIP_BUGS Note 3561 Note: Two new TCPIP logical names are available: TCPIP$PWIP_TCPRCVBUF - Receive socket buffer size TCPIP$PWIP_TCPSNDBUF - Send socket size These should be defined system-wide prior to starting PWIP. If not defined, the default behavior remains unchanged. --------------------------------------------------------------------------- Corrections for HP TCP/IP Services V5.6 SMTP Component --------------------------------------------------------------------------- ECO 1 updates ------------- 8-Aug-2006 Alpha and IA64 Problem: Having a large number of recipients in the TO field of an arriving SMTP message could lead to corrupt header lines. Deliverables: TCPIP$SMTP_MAILSHR.EXE TCPIP$SMTP_SYMBIONT.EXE TCPIP$SMTP_RECEIVER.EXE Reference: PTR 70-5-2970 15-Feb-2007 Alpha and IA64 Problems: 1. VMS MAIL does not support lines longer than 255 characters. Long header lines are becoming increasingly common in the modern Internet. While fetching such messages, the IMAP server would return some headers in the body part of the mail, causing it to appear corrupted to the client. 2. IMAP had trouble fetching mails with lowercase or mixed case RFC headers. Deliverables: TCPIP$SMTP_MAILSHR.EXE TCPIP$SMTP_SYMBIONT.EXE TCPIP$SMTP_RECEIVER.EXE Reference: TCPIP_BUGS Note 3540 12-Apr-2007 Alpha and IA64 Problem: The SMTP server could not deliver mail when the domain name was a combination of letters and numbers. As per RFC, the domain name can be any combination of numbers and letters. Deliverables: TCPIP$SMTP_MAILSHR.EXE Reference: PTR 70-5-3101 ECO 3 updates ------------- 21-Sep-2007 Alpha and IA64 Problem: SMTP distribution list filenames were not always formed properly, and it was not possible to specify a location other than TCPIP$SMTP_COMMON: to contain *.DIS files. Deliverables: TCPIP$SMTP_MAILSHR.EXE TCPIP$SMTP_RECEIVER.EXE TCPIP$SMTP_RUN_SCRIPT.EXE TCPIP$SMTP_SFF.EXE TCPIP$SMTP_SYMBIONT.EXE TCPIP$SMTP_UTILITIES.EXE Reference: PTR 75-118-375 18-Sep-2007 Alpha and IA64 Problem: A customer reported a change in behavior for how the TCPIP$SMTP_FROM logical affected the SMTP Return-Path header when defined. The Return-Path should reflect the contents of the logical name, as it did prior to TCPIP V5.6, with no need to encapsulate the value within . Deliverables: TCPIP$SMTP_MAILSHR.EXE Reference: QXCM1000462739 --------------------------------------------------------------------------- Corrections for HP TCP/IP Services V5.6 SNMP Component --------------------------------------------------------------------------- ECO 1 updates ------------- 15-Aug-2006 Alpha and IA64 Problem: An SNMP request (tcpip$snmp_request) command did not return an error message when the specified hostname was invalid. Deliverables: TCPIP$ESNMP_SERVER.EXE TCPIP$SNMP_REQUEST.EXE TCPIP$SNMP_TRAPRCV.EXE TCPIP$SNMP_TRAPSND.EXE Reference: PTR 75-109-1634 (part 2) 27-Oct-2006 Alpha and IA64 Problem: The TCPIP$HR_MIB process was dying with an ACCVIO message. Deliverables: TCPIP$HR_MIB.EXE Reference: PTR 70-5-3008, QXCM1000366516 3-May-2007 Alpha and IA64 Problem: SNMP would not start on a system with IPv6 disabled. Deliverables: TCPIP$ESNMP_SERVER.EXE TCPIP$HR_MIB.EXE TCPIP$OS_MIBS.EXE TCPIP$SNMP_REQUEST.EXE TCPIP$SNMP_TRAPRCV.EXE TCPIP$SNMP_TRAPSND.EXE Reference: PTR 75-118-331 --------------------------------------------------------------------------- Corrections for HP TCP/IP Services V5.6 SSH, SCP and SFTP Components --------------------------------------------------------------------------- ECO 1 updates ------------- 5-Jul-2006 Alpha and IA64 Problem: The "ls -l" command in SFTP was not working. Deliverables: All SSH images Reference: PTR 70-5-2758 (part 2) 7-Jul-2006 Alpha and IA64 Problem: An ACCVIO error could occur in the SSH client if the identifier name for the current UIC was not the same as the username. Deliverables: All SSH images Reference: PTR 70-5-2874 Note: To keep compatibility with older versions, the logical name TCPIP$SSH_ALLOW_IDENT_MISMATCH must be assigned (in the system table) to enable the new behavior. If not assigned, or if assigned with numeric value 0, the code behaves as in previous versions. 18-Jul-2006 Alpha and IA64 Problem: Within SFTP, wildcard ("*") processing did not work properly on "ls" or, if the target file already existed, on "mget". Deliverables: All SSH images Reference: PTR 75-109-1799 25-Jul-2006 Alpha and IA64 Problem: Within SFTP, it was necessary to enter an extra after pressing , , or . Also, display of the resulting messages like "** Interrupt **" was not consistent with other TCPIP components, nor with longstanding VMS usage. Deliverables: All SSH images Reference: PTR 70-5-2976 Note: A new logical name, TCPIP$SSH_SFTP_SUPPRESS_EXIT_MESSAGES, is available to suppress display of the following messages: - CTRL/Z -> ** Exit ** - CTRL/Y -> ** Interrupt ** - CTRL/C -> ** Cancel ** It is effective if defined at the system level (/SYSTEM) with any value except 0. 22-Aug-2006 Alpha and IA64 Problem: SSH access to an account with an expired password and a PWDLIFETIME of 0 still required a password change, unlike TELNET or SET HOST. Deliverables: All SSH images Reference: PTR 70-5-2993 22-Aug-2006 Alpha and IA64 Problem: The SFTP command "put *.*;*" triggered an ACCVIO error. Deliverables: All SSH images Reference: PTR 75-117-3 28-Aug-2006 Alpha and IA64 Problem: From a PC SFTP client, specifically the one from SSH Inc., the ability to navigate to subdirectories had regressed from a previous fix for PTR 70-5-2880. Deliverables: All SSH images Reference: PTR 70-5-2985 28-Aug-2006 Alpha and IA64 Problem: In SFTP, an "ls -R" command resulted in an error and no display of any files in subdirectories. Deliverables: All SSH images Reference: PTR 70-5-2995 31-Aug-2006 Alpha and IA64 Problem: Using SCP or SFTP to transfer a file larger than 2 GB resulted in a corrupt file. Deliverables: All SSH images Reference: PTR 75-109-1623, TCPIP_BUGS Note 3493 13-Sep-2006 Alpha and IA64 Problem: In SFTP, output from an "ls" command failed to list ODS-5 extended filenames. Deliverables: All SSH images Reference: PTR 75-117-5 13-Sep-2006 Alpha and IA64 Problem: SFTP complained about an error returned by the stat() function during a "get" operation, even if the files were in a subdirectory of the current source with recursion disabled. Deliverables: All SSH images Reference: PTR 75-117-1 25-Sep-2006 Alpha and IA64 Problem: The SSH server enforces an idle session timeout value. There were two issues: 1. The actual idle timeout was about 10% greater than the configured IdleTimeOut value. 2. Activity from the client after approximately 90% of the IdleTimeOut duration was not counted; the session was cut off anyway. Deliverables: All SSH images Reference: PTR 70-5-3016 Note: A new logical name (TCPIP$SSH_SHIFT_IDLE_TIMEOUT), when defined as anything other than "0" causes a shifting of the window of actual enforced timeout values. Rather than allowing an idle user a grace period of up to 10% of the configured IdleTimeOut, the timeout will actually be enforced at some time between 95% and 105% of that value. 11-Oct-2006 Alpha and IA64 Problem: An ACCVIO error occurred in SSH during password validation. Deliverables: TCPIP$SSH_SSH2.EXE Reference: PTR 70-5-3023 11-Oct-2006 Alpha and IA64 Problem: There were two issues related to the password change feature in SSH: 1. The old password sent by a client was ignored by the OpenVMS SSH server. 2. The OpenVMS client never prompted the user for an old password. Deliverables: All SSH images Reference: PTR 70-5-3024 Notes: 1. On the SSH server, if the value for pwdlifetime for a user account in the SYSUAF is 0 (none), the user at the client is not prompted to update his password even if it has expired. This is an OpenVMS feature, not specific to SSH. Cross-reference case 70-5-2993, which explicitly made SSH consistent with OpenVMS/DCL behavior. 2. For the password update feature to work, the appropriate value in SSHD2_CONFIG. must be set to "yes" (without the quotation marks). Client is VMS: AllowVmsLoginWithExpiredPw (default is yes) Client is not VMS: AllowNonvmsLoginWithExpiredPw (default is no) 3. For some clients, if the value of AllowedAuthentications in SSHD2_CONFIG. is set to password only, the following situation may occur for the user at the client: a. Client prompts for the account password. b. User enters the correct password. c. The password has expired; client prompts user to re-enter the old and new passwords. d. The user enters an incorrect old password. e. Client now re-prompts the user to enter a password, as described in step a. However, when the user enters the correct password, step c does not occur. Instead, step e is repeated. f. Eventually, the login attempt fails. This behavior does not occur with the OpenVMS client. 4. There is a new logical name: To enable prompting for old password in the OpenVMS SSH client when updating an expired password, use the following command: $ DEFINE /SYSTEM TCPIP$SSH_NUM_OLD_PASSWORD_CHECKS n where "n" is the number of guesses that the client is to be allowed for the old password. You should make this value less than or equal to the value of the variable PasswordGuesses in the server configuation file SSHD2_CONFIG. A separate mechanism is required to define the value for the client since it does not have access to SSHD2_CONFIG., but only to SSH2_CONFIG. To make this value permanent across reboots, include the command in the system startup procedure. Note that if n = 0 or "0", or the logical is not defined, the SSH client will not prompt for the old password. 27-Nov-2006 Alpha and IA64 Problem: When using SCP to copy a file to a remote non-OpenVMS server, the error message "got EOF reading file" sometimes appeared at the conclusion of an otherwise successful copy operation. Deliverables: All SSH images Reference: PTR 70-5-3051, Note 11032 7-Dec-2006 Alpha and IA64 Problem: The "scp -r" command does not work as it did in V5.4 ECO 5. Deliverables: All SSH images Reference: PTR 70-5-3055 Note: The -r option is intended to be used when the source path specifies a directory, not including filename(s). Copy of files where filename is specified does not require use of the -r option. Note, however, that when a filename is specified, even if it is in a subdirectory of the current default, the file is copied to the target default. When a directory name is used as the source and -r is specified, the directory tree is reproduced on the target system. The fix for this case enables the OpenVMS SCP client to handle directory levels more than one deep when the -r option is used. As before, recursive copy is not supported for the SFTP client. Also, recursive copy with filenames not specified preserves the version number of the source file. This behavior means that when the target of a "put" command is also an OpenVMS system, the file will not be copied if that version already exists. An error message like the following is displayed: tcpip$ssh_scp2.exe: warning: open: ./testroot/AFILE.TXT;1 (dst): unspecified failure (server msg: 'syserr: bad file number, file: ./testroot/AFILE.TXT;1') 5-Jan-2007 Alpha and IA64 Problem: In SFTP and SCP, directory logical names were getting translated on the client system instead of being passed to the server. Deliverables: All SSH images Reference: PTR 30-15-136 Note: Logical names entered through the SCP and SFTP clients should be translated on the server system. For example, if the client and server systems have a different translation for the same system-wide logical name, the one on the server should be used. Note that because the SFTP server does not execute the SYS$SYLOGIN command procedure, some logical names available in interactive sessions are not available, e.g., SYS$LOGIN. If a user does not have access to the directory referenced by a logical name (e.g., TCPIP$SSH_HOME for a non-privileged account), a "cd" in SFTP will fail, as expected. Also note that from a non-OpenVMS client, no attempt is made to translate a string as a logical name; behavior depends on the client. For example, from a Red Hat Linux system: sftp> cd name (no leading slash before "name") results in an attempt to move to the [.name] subdirectory of the current default location. sftp> cd /name results in an attempt to go to a device "name", with no directory specified, which fails. Current default: dev1:[user1]; dev1:[user2] does not exist: sftp> cd dirname sftp> pwd Remote working directory: /DEV1/user1/dirname sftp> cd /dev1 Couldn't canonicalise: No such file or directory sftp> cd /dev1/user1 sftp> pwd Remote working directory: /dev1/000000/user1 sftp> cd /dev1/user2 Couldn't stat remote file: No such file or directory 15-Jan-2006 Alpha and IA64 Problems: 1. Within SFTP, the "cd .." command did not work, and "ls *.*;" did not work for directories. 2. SFTP behavior was inconsistent for "cd" and "ls" when the target directory did not allow full user access. 3. For directories allowing READ+EXECUTE access, the "ls" command sometimes resulted in an error message along with a display of the appropriate filenames. 4. For directories allowing EXECUTE access only, "ls" should not list files, but it did list them (along with an error message). It should list a file only if that specific name is specified by the user. Deliverables: All SSH images Reference: PTR 70-5-2965 Note: The following are some differences from DCL or FTP behavior and messages: When an "ls" encounters a file for which attributes are not accessible to the user on the SFTP server, the following text is included in any message displayed: "no privilege for attempted operation". For example: fcr_readdir_lstat: G-R.TXT;1 (src): no such file (server msg: 'platform cannot stat() filename: file does not exist or no privilege for attempted operation.') Like FTP and DCL, SFTP does not allow a general "ls" (with no filename specified) for a directory on the server to which the user has E(xecute) access only. However, unlike FTP or DCL, SFTP does not work for an "ls" followed by a specific filename in an E access directory. For certain files, mainly those that do not exist on the server, the following new client-based message is displayed instead of the standard message sent by the server: no such file (client msg: no such file or directory, or no privilege for attempted operation) 13-Feb-2007 Alpha and IA64 Problem: If the TCPIP$SOCKET_TRACE logical name was defined, the SSH server could not complete authentication and all logins failed. Deliverables: All SSH images Reference: TCPIP_BUGS Note 3538 13-Feb-2007 Alpha and IA64 Problem: The SSH server could generate an ACCVIO error when the SSH client used an existing SSH connection for a new SFTP session. Deliverables: All SSH images Reference: TCPIP_BUGS Note 3539 21-Feb-2007 Alpha and IA64 Problem: When logging into OpenVMS with SSH, messages displaying the last interactive and last non-interactive login times were not displayed. Neither was a message flagging the number of login failures since the last successful login. Deliverables: All SSH images Reference: TCPIP_BUGS Note 3541 2-Mar-2007 Alpha and IA64 Problem: X11 chaining with a TCP/IP Services host in the middle of the chain caused the X application to fail authentication. For example, if host1 through host3 were OpenVMS systems: host1> SSH "+X" host2 ...snip... host2> SSH "+X" host3 ...snip... host3> RUN SYS$SYSTEM:DECW$CLOCK warning: X11 auth data does not match fake data. XIO: fatal IO error 65535 (network partner disconnected logical link) on X server "_WSA12:" Deliverables: All SSH images Reference: PTR 70-5-3083, TCPIP_BUGS Note 3544 18-Mar-1007 Alpha and IA64 Problem: Public key authentication caused an ACCVIO error within the OpenVMS SSH server when attempted by a specific non-OpenVMS client. Deliverables: All SSH images Reference: PTR 70-5-3047 Note: Some clients may attempt keyboard interactive client authentication, which may send a null username string. The new code should handle this situation; in case of errors, the workaround is to change or add the following line in the TCPIP$SSH_DEVICE:[TCPIP$SSH.SSH2]SSHD2_CONFIG. file: PreserveUserKeyCase no 14-Mar-2007 Alpha and IA64 Problem: SFTP "put" to servers running Sterling or Tumbleweed software failed with errors such as "Operation unsupported" or "The requested operation cannot be performed because there is a file transfer in progress". Deliverables: All SSH images Reference: PTR 70-5-3040, 70-5-3049 8-Mar-2007 Alpha and IA64 Problem: SFTP sessions did not set the last non-interactive login time in the user's UAF record, which was inconsistent with FTP. Neither SFTP sessions nor single command mode SSH logins got an SSH-generated USER type accounting record, as do other interactive terminal logins. Deliverables: All SSH images Reference: TCPIP_BUGS Note 3552 8-Mar-2007 Alpha and IA64 Problem: When the Tectia SSH client was used and multiple file transfer windows were open, the SSH server could be sent into a tight loop. When using a client that multiplexed SFTP sessions over existing SSH connections, each time an SFTP session ended, the SSH server parent process (the process running TCPIP$SSH_SSHD2.EXE) was left with a link to a BG device that no longer existed, a waste of resources for the server process. Deliverables: All SSH images References: PTR 70-5-2972, TCPIP_BUGS Note 3557 28-Mar-2007 Alpha and IA64 Problem: The ListenAddress SSH server configuration field is not supported on TCP/IP Services for OpenVMS. Instead, the same effect can be achieved by using the command TCPIP SET SERVICE /ADDRESS. However, this difference was not obvious to users. A warning message, generated by the SSH server, was added to point the user to that command. Deliverables: All SSH images Reference: TCPIP_BUGS Note 3558 29-Mar-2007 Alpha and IA64 Problem: Protections on key files created by the SSH_KEYGEN utility were UNIX-style, not OpenVMS-style. Specifically, they allowed only READ and not EXECUTE access. For example: KEYFILE.; -- (RWD,RWD,,) KEYFILE.PUB -- (RWD,RWD,R,R) Deliverables: All SSH images Reference: PTR 70-5-3099 23-Mar-2007 Alpha and IA64 Problem: The "-e" switch on the SSH_KEYGEN utility did not work. Deliverables: All SSH images Reference: TCPIP_BUGS Note 3560 6-Apr-2007 Alpha and IA64 Problem: When a password was expired and the UAF DisForce_Pwd_Change flag was set, the SSH server did not set the PWD_EXPIRED or PWD2_EXPIRED UAF flag to prevent subsequent logins should the user not change their password with SET PASSWORD. This allowed circumvention of password expiration as users with expired passwords could continue to log in. When logging in with the PWD_EXPIRED or PWD2_EXPIRED UAF flag set, the SSH server did not issue a text warning to the client as they expected from using TELNET and other login methods: Your password has expired; contact your system manager Instead, the SSH server cued three times for password, even if the password was entered correctly, and then disconnected. Note: If a user's account has the DisForce_Pwd_Change UAF flag set, and the user does not change their expired password during password-based login, any subsequent login (including SSH public key) will be rejected until the user's PWD_EXPIRED (or PWD2_EXPIRED) flag is reset by the system administrator. When logging in with the PWD_EXPIRED or PWD2_EXPIRED UAF flag set, the SSH server now correctly returns the text: Your password has expired; contact your system manager However, some clients do not display the message. Deliverables: All SSH images Reference: TCPIP_BUGS Note 3569 18-Apr-2007 Alpha and IA64 Problem: SSH access to Integrity ILO console resulted in the error: warning: Authentication failed. Disconnected; key exchange or algorithm negotiation failed (Key exchange failed.) Deliverables: All SSH images Reference: PTR 70-5-3102 25-Apr-2007 Alpha and IA64 Problem: The SSH server faild to send an explanatory message back to the client during an attempted password change if the chosen password was too short. Deliverables: All SSH images Reference: PTR 70-5-3108 Note: Once a password is entered, a message about the password being too short or in the history list is returned, or if the new password is good, the user is logged in. The value of PasswordGuesses in sshd2_config is not checked for new password entry guesses. 30-Apr-2007 Alpha and IA64 Problem: Connecting from an OpenVMS SSH client to AIX OpenSSH server resulted in the following error message: "Did not receive identification string from n.n.n.n" Deliverables: All SSH images Reference: TCPIP_BUGS Note 3576 Note: The SSH client's modified behavior (sending an SSH protocol version string of "SSH-2.0" rather than "SSH-1.99") applies only when the new TCPIP$SSH_AIX_PATCH logical is defined in the SYSTEM table with a non-zero value. ECO 2 updates ------------- 11-Jun-2007 Alpha and IA64 Problem: An attempt to log into a non-existent account via SSH with password authentication would cause an SSH server ACCVIO. Deliverables: All SSH images References: PTR 75-118-447, TCPIP_BUGS Note 3590 13-Jun-2007 Alpha and IA64 Problem: The SSH server configuration parameter UserLoginLimit was ignored. Deliverables: All SSH images Reference: TCPIP_BUGS Note 3591 5-Jul-2007 Alpha and IA64 Problem: When using SSH in single command mode with the TCP/IP Services for OpenVMS SSH server, where the command being issued used X11 forwarding (such as CREATE/TERMINAL/DETACH), the command frequently failed with an error such as "X Toolkit Error: Can't Open display". A call to WAIT in TCPIP$SSH_RCMD.COM worked around the problem but introduced additional delay. When interactively logging into the TCP/IP Services for OpenVMS SSH server, every login incurred an unnecessary one second delay. Deliverables: All SSH images TCPIP$SSH_RCMD.COM References: QXCM1000437086, TCPIP_BUGS Note 3597 ECO 3 updates ------------- 13-Sep-2007 Alpha and IA64 Problem: If SSH_KEYGEN was used from an account whose RIGHTSLIST identifier was missing, an ACCVIO occurred rather than a more graceful error message. Deliverables: All SSH images Reference: QXCM1000441218, TCPIP_BUGS Note 3613 14-Sep-2007 Alpha and IA64 Problem: When an SSH client tried to open multiple interactive login sessions over one SSH TCP connection, the TCP/IP Services for OpenVMS SSH server looped or exited with an error, rather than gracefully rejecting the additional sessions. Deliverables: All SSH images Reference: QXCM1000456374, TCPIP_BUGS Note 3614 18-Sep-2007 Alpha and IA64 Problem: When an SFTP client user issued a rename command for a file with an OpenVMS version number, an error was returned. The file was not renamed. Deliverables: TCPIP$SSH_SFTP-SERVER2.EXE Reference: QXCM1000463757, TCPIP_BUGS Note 3615 28-Sep-2007 Alpha and IA64 Problem: The SSH server did not provide a "password aging" message when the user logged into the system with a nearly expired password: WARNING - Your password expires on Saturday, 29-SEP-2007 08:10:14 Deliverables: TCPIP$SSH_SSHD2.EXE Reference: QXCM1000446153, TCPIP_BUGS Note 3625 24-Oct-2007 Alpha and IA64 Problem: During a forced password change, if the user tried to re-enter the old password as the new one, the SSH server would simply close the connection rather than displaying an error message and allowing the user to choose a different password. Deliverables: All SSH images Reference: QXCM1000459616, TCPIP_BUGS Note 3626 12-Nov-2007 Alpha and IA64 Problem: An ACCVIO occurred in the SCP or SFTP client when the batch mode option ("-B") was used from a DCL procedure in a subprocess where SYS$OUTPUT or SYS$INPUT had been re-defined to point to a file. Deliverables: All SSH images Reference: TCPIP_BUGS Note 3631 3-Dec-2007 Alpha and IA64 Problem: During a forced password change, the SSH server did not perform weak password checking or system-dictionary checking on the proposed new password. Deliverables: All SSH images Reference: QXCM1000470479, TCPIP_BUGS Note 3634 10-Dec-2007 Alpha and IA64 Problem: An SSH login via public key authentication could, if the target user had the DISFORCE_PWD_CHANGE flag set, improperly set the PWD_EXPIRED or PWD_EXPIRED2 flag, even though the expired password was not used. Deliverables: All SSH images Reference: QXCM1000751748, QXCM1000747350, QXCM1000751011, QXCM1000751748, TCPIP_BUGS Note 3636 14-Jan-2008 Alpha and IA64 Problem: The LCD command in SFTP failed with a "CD failed" error if not yet connected to a remote sftp server, although it should still have been possible to change the local directory. Also, the CD command returned the same error when an OpenVMS-style directory specification was used while connected to a non-OpenVMS server. Deliverables: All SSH images Reference: QXCM1000757137, TCPIP_BUGS Note 3639 16-Jan-2008 Alpha and IA64 Problem: The sftp client was not properly directing error and command messages to stderr (SYS$ERROR) and stdout (SYS$OUTPUT) as appropriate. Deliverables: TCPIP$SSH_SFTP2.EXE Reference: QXCM1000748663, TCPIP_BUGS Note 3640 21-Jan-2008 Alpha and IA64 Problem: The sftp and scp utilites were not properly 'put'ing fixed record format files to non-VMS systems. The data was appearing truncated on the remote end. Deliverables: TCPIP$SSH_SFTP2.EXE TCPIP$SSH_SCP2.EXE Reference: QXCM1000758061, TCPIP_BUGS Note 3641 25-Jan-2008 Alpha and IA64 Problem: Spurious debug messages appeared at the end of an SFTP log file. Deliverables: TCPIP$SSH_SFTP2.EXE Reference: QXCM1000748663, TCPIP_BUGS Note 3642 21-Feb-2008 Alpha and IA64 Problem: Authentication failed when attempting to use the OpenVMS SSH client to connect to an HP ProLiant iLO mpSSH Server. Deliverables: TCPIP$SSH_SSH2.EXE Reference: QXCM1000778532, TCPIP_BUGS Note 3645 28-Feb-2008 Alpha and IA64 Problem: When using SSH with public key authentication, only the first 3 IdKeys were processed from the IDENTIFICATION. file. Deliverables: TCPIP$SSH_SSH2.EXE TCPIP$SSH_SSHD2.EXE Reference: QXCM1000759099, TCPIP_BUGS Note 3649 5-Mar-2008 Alpha and IA64 Problem: 1) When sftp'd to a UNIX system, lcd to a logical name spec worked the first time, but subsequent attempts to lcd to any logical name would fail. 2) When sftp'd to an OpenVMS or UNIX system, lcd to a logical name spec followed by an lcd to a directory spec in OpenVMS- style format (eg, [.tmp]) would fail with the error: "Warning: chdir(/sys$login/./tmp) errno = 2 PWD failed." Deliverables: TCPIP$SSH_SFTP2.EXE Reference: QXCM1000777288, TCPIP_BUGS Note 3650 17-Mar-2008 Alpha and IA64 Problem: SSH port forwarding failed if the SSHD2_CONFIG. option ResolveClientHostName was set to 'no'. Deliverables: TCPIP$SSH_SSHD2.EXE Reference: QXCM1000789083, Note 11301, TCPIP_BUGS Note 3651 4-Apr-2008 Alpha and IA64 Problem: Transferring a very large number of files using SFTP could result in a memory allocation error ("Not enough memory" or TCPIP-F-SSH_ALLOC_ERROR) due to a memory leak. Deliverables: TCPIP$SSH_SFTP2.EXE Reference: QXCM1000744167, TCPIP_BUGS Note 3653 15-Apr-2008 Alpha and IA64 Problem: All of the various types of SSH connection requests (e.g., ssh interactive sessions, single command mode, sftp) were handled as NETWORK access, instead of differentiating by session type. Deliverables: TCPIP$SSH_SSHD2.EXE Reference: QXCM1000783218, TCPIP_BUGS Note 3655 21-Apr-2008 Alpha and IA64 Problem: If a UAF account was "expired", SSH did not properly notify the user. It also logged an inappropriate intrusion record when a valid but expired password was presented. Deliverables: TCPIP$SSH_SSHD2.EXE Reference: QXCM1000759070, TCPIP_BUGS Note 3658 28-Apr-2008 Alpha and IA64 Problem: SSH allowed characters from the extended character set to be used when creating a password during an expired password change event, even if the UAF flag PWDMIX was not set. Deliverables: TCPIP$SSH_SSHD2.EXE Reference: QXCM1000800025, TCPIP_BUGS Note 3660 6-May-2008 Alpha and IA64 Problem: Accessing files via SFTP caused excessive Security alarms in the Audit log complaining that EXECUTE access was required for the SYSUAF.DAT file. Deliverables: TCPIP$SSH_SFTP-SERVER2.EXE Reference: QXCM1000780256, TCPIP_BUGS Note 3662 15-May-2008 Alpha and IA64 Problem: The SYS$ANNOUNCE message was displayed after login, and display of the SYS$WELCOME message was not implemented. Deliverables: TCPIP$SSH_SSHD2.EXE SSHD2_CONFIG. Reference: QXCM1000783406, TCPIP_BUGS Note 3665 5-Jun-2008 Alpha and IA64 Problem: Using the SFTP "ls -l" command with wildcards ('*') failed, as did the "rename" command when the specified name was a directory. Deliverables: TCPIP$SSH_SFTP2.EXE Reference: QXCM1000809723, TCPIP_BUGS Note 3673 2-Jul-2008 Alpha and IA64 Problem: Attempts to open a second Tectia SSH client session would result in both sessions getting disconnected. Deliverables: TCPIP$SSH_SSHD2.EXE Reference: TCPUP_BUGS Note 3675 --------------------------------------------------------------------------- Corrections for HP TCP/IP Services V5.6 SYSCONFIG Images --------------------------------------------------------------------------- ECO 3 updates ------------- 9-Sep-2007 Alpha and IA64 Problem: The sysconfigdb command generated a "%SYSTEM-F-SSFAIL, system service failure" exception instead of exiting gracefully upon detecting an error. Deliverables: TCPIP$SYSCONFIGDB.EXE Reference: QXCM1000441503 --------------------------------------------------------------------------- Corrections for HP TCP/IP Services V5.6 TCPDUMP Utility Component --------------------------------------------------------------------------- ECO 1 updates ------------- 06-Feb-2007 Alpha and IA64 Problem: Even when given invalid command line arguments, TCPDUMP would exit with a success status. It should exit with something more descriptive, such as %SYSTEM-E-ABORT (condition code 42). Deliverables: TCPIP$TCPDUMP.EXE Reference: PTR 70-5-3072 --------------------------------------------------------------------------- Corrections for HP TCP/IP Services V5.6 TELNET Component --------------------------------------------------------------------------- ECO 1 updates ------------- 26-Sep-2006 Alpha and IA64 Problem: The destination address associated with an outbound TN device was not always set correctly. Deliverables: TCPIP$TELNET.EXE Reference: PTR 70-5-2916, QXCM1000316661, TCPIP_BUGS Note 3502 29-Nov-2006 Alpha and IA64 Problem: Allocating a freshly-created outbound TN device was not possible because the device was initially marked as mounted. The message "SYSTEM-F-DEVMOUNT, device is already mounted" would result from an attempt to use the DCL ALLOCATE command. Deliverables: TCPIP$TNDRIVER.EXE Reference: TCPIP_BUGS Note 3517 19-Dec-2006 Alpha and IA64 Problem: The system crashed with the following message: INVEXCEPTN @SMP$ACQUIRE_C + 00034. Deliverables: TCPIP$TNDRIVER.EXE Reference: QXCM1000380951, TCPIP_BUGS Note 3523 14-Apr-2007 Alpha and IA64 Problem: Further logins were blocked once the seed for TN devices exceeds 9999. Deliverables: TCPIP$TNDRIVER.EXE References: QXCM1000379192, Note 11066, TCPIP_BUGS Note 3565 --------------------------------------------------------------------------- Corrections for HP TCP/IP Services V5.6 User Control Program Component --------------------------------------------------------------------------- ECO 1 updates ------------- 13-Apr-2007 Alpha and IA64 Problem: While executing TCPIP$CONFIG.COM in an attempt to initially configure TCPIP, entering a very long domain name could trigger a failure, making it impossible to configure the system. The underlying cause was a failing TCPIP SHOW CONFIGURATION COMMUNICATION /OUTPUT=filename command, which had an 80-character line length limitation. Deliverables: TCPIP$UCP.EXE Reference: PTR 70-5-3107 8-May-2007 Alpha and IA64 Problem: The TCPIP SHOW COMMUNICATION command truncates its output when the domain name is more than 29 characters long. Deliverables: TCPIP$UCP.EXE Reference: QXCM1000420508 18-May-2007 Alpha and IA64 Problem: The SET NAME_SERVICE /INITIALIZE /CLUSTER command attempts to find the file TCPIP$BIND_RUNNING_*.DAT;* but fails because the semantics of the TCPIP$BIND_COMMON logical name have changed. Deliverables: TCPIP$UCP.EXE Reference: QXCM1000422519 ECO 3 updates ------------- 29-May-2007 Alpha and IA64 Problem: When used with the DCL command PIPE, the output from a TCPIP SHOW DEVICE_SOCKET command is not properly formatted. Deliverables: TCPIP$UCP.EXE Reference: QXCM1000421550