======================================================================= VMS Software, Inc. OpenVMS ECO Kit Release Notes ======================================================================= 1 KIT NAME: VMS842L1A_NOTARY-V0200 2 KIT DESCRIPTION: 2.1 Installation Rating: INSTALL_1: To be installed by all customers. Note: This kit supports the OpenVMS Signing Manifest V3 format. Future kits, either from VSI, an ISV, or other third-party suppliers, may choose to use this format for signed kits. To avoid obscure errors or confusing messages, the Notary V2.0 kit will be a prerequisite for all future VSI PCSI patch kits on this VSI OpenVMS version. Please install the appropriate Notary V2.0 patch kit for any of the following VSI OpenVMS versions which you use, to allow future patch kit installation to proceed: VSI OpenVMS version Patch kit name ========================================== ====================== VSI OpenVMS for Integrity Servers V8.4-1H1 VMS841H1I_NOTARY-V0200 VSI OpenVMS for Integrity Servers V8.4-2 VMS842I_NOTARY-V0200 VSI OpenVMS for Integrity Servers V8.4-2L1 VMS842L1I_NOTARY-V0200 VSI OpenVMS Alpha V8.4-2L1 VMS842L1A_NOTARY-V0200 VSI OpenVMS Alpha V8.4-2L2 VMS842L2A_NOTARY-V0200 This installation rating serves as a guide to which customers should apply this remedial kit. Reference the attached Disclaimer of Warranty and Limitation of Liability Statement. 2.2 Reboot Requirement: No reboot is necessary after installation of this kit. 2.3 Version(s) of OpenVMS to which this kit may be applied: VSI OpenVMS Alpha V8.4-2L1 3 KITS SUPERSEDED BY THIS KIT: VMS842L1A_NOTARY-V0100 4 KIT DEPENDENCIES: None 5 PROBLEMS ADDRESSED IN THIS KIT 5.1 Signed product installations may continue after validation failure 5.1.1 Problem Description Under certain conditions during product installation, a verification failure of a signed kit will display an error message but the installation procedure will continue without offering an opportunity to abort the installation. This patch kit ensures proper status is maintained by the VMS Notary. The fixed behavior in this kit will be a prerequisite for all future VSI PCSI patch kits to ensure there are no accidental installations of incorrectly signed or damaged products and patch kits. 5.1.2 Images and/or Files Affected: [SYSEXE]VMS_NOTARY.EXE 5.1.3 Quix and/or Bugzilla cases reporting this problem: VSI Bugzilla 1652 5.1.4 Release Version of VSI OpenVMS that will contain this change: Next VSI OpenVMS Alpha release after V8.4-2L2 6 PROBLEMS ADDRESSED FROM PREVIOUS KITS 6.1 Support added for new OpenVMS Signing Manifest Format V3 6.1.1 Problem Description Previously, VSI OpenVMS releases only supported the VSI Signing Manifest V1 format. With the implementation of the ISV Signing program, the OpenVMS Notary shared image requires an update to support both Manifest V1 and V3. The image in this kit provides this support. 6.1.2 Images and/or Files Affected: [SYSLIB]VMS_NOTARY_SHR.EXE 6.1.3 Quix and/or Bugzilla cases reporting this problem: None 6.1.4 Release Version of VSI OpenVMS that will contain this change: Next VSI OpenVMS Alpha release after V8.4-2L2 6.1.5 Workaround While not recommended by VSI, systems that do not have support for V3 manifests can install V3 signed kits by specifying /OPTIONS=(NOVALIDATE_KIT) as part of the PRODUCT INSTALL command. This will skip the integrity checks for V3 signed kits during installation. 6.2 Message regarding ignored filename version numbers is improved 6.2.1 Problem Description The version number for an input filename, if provided, is removed before processing during signing operations. The log message which indicated this has been improved for clarity. 6.2.2 Images and/or Files Affected: [SYSLIB]VMS_NOTARY_SHR.EXE 6.2.3 Quix and/or Bugzilla cases reporting this problem: None 6.2.4 Release Version of VSI OpenVMS that will contain this change: Next VSI OpenVMS Alpha release after V8.4-2L2 6.3 Corrupt Manifest crashes Notary 6.3.1 Problem Description The OpenVMS Notary would detect an invalid certificate, but then failed to correctly handle the error. As a result, later processing would fail to find a certificate and triggered an access violation, terminating the image. This behavior is corrected with the image in this kit. 6.3.2 Images and/or Files Affected: [SYSLIB]VMS_NOTARY_SHR.EXE 6.3.3 Quix and/or Bugzilla cases reporting this problem: None 6.3.4 Release Version of VSI OpenVMS that will contain this change: Next VSI OpenVMS Alpha release after V8.4-2L2 6.4 Status mechanism for VMS_NOTARY image updated 6.4.1 Problem Description Changes to the VMS_NOTARY_SHR image modified the mechanism used to report status. The VMS_NOTARY image in this kit is now compatible with that new mechanism. 6.4.2 Images and/or Files Affected: [SYSEXE]VMS_NOTARY.EXE 6.4.3 Quix and/or Bugzilla cases reporting this problem: None 6.4.4 Release Version of VSI OpenVMS that will contain this change: Next VSI OpenVMS Alpha release after V8.4-2L2 7 IMAGES OR FILES REPLACED: [SYSEXE]VMS_NOTARY.EXE Image name: "VMS_NOTARY" Image file identification: "V1.3" Image build identification: "XE4H-H4N-000016" Link identification: "A13-04" Link Date/Time: 30-AUG-2018 03:59:52.45 Image Checksum (MD5): 9A724186A1D546AB7ECE2752A9D107BA [SYSLIB]VMS_NOTARY_SHR.EXE Image name: "VMS_NOTARY_SHR" Image file identification: "V1.3" Image build identification: "XE4H-H4N-000016" Link identification: "A13-04" Link Date/Time: 30-AUG-2018 03:59:51.51 Image Checksum (MD5): 6EB8A12892A974BB09D82DF90C1FB966 Note: VMS Software, Inc. will only distribute kits in signed form. There is no need for most customers to compare file checksums for security or kit integrity reasons. However, some sites may require such checking even when using signed kits. The image or file checksums are supplied (in MD5 format) to provide comparisons to the extracted final kit files. To find a file checksum, use: $ CHECKSUM/ALGORITHM=MD5 filename $ SHOW SYMBOL CHECKSUM$CHECKSUM 8 INSTALLATION INSTRUCTIONS 8.1 Compressed File This kit is provided as a self-extracting ZIPEXE file. To expand this file to the installable PCSI kit, execute the file image with the following command: $ RUN VMS842L1A_NOTARY-V0200.ZIPEXE 8.2 Installation Command Install this kit with the POLYCENTER Software Installation Utility by logging into the SYSTEM account, and typing the following at the DCL prompt: PRODUCT INSTALL VMS842L1A_NOTARY [/SOURCE=location of kit] Note that this kit will install with the /SAVE_RECOVERY_DATA option enabled. Using this qualifier will allow easy removal of the kit from the system in the event of problems. If you wish to disable this option you must use the /NOSAVE_RECOVERY_DATA qualifier on the PRODUCT INSTALL command. The /SAVE_RECOVERY_DATA qualifier is optional but highly recommended. The kit location may be a tape drive, CD, or a disk directory that contains the kit. The /SOURCE qualifier is not needed if the PRODUCT INSTALL command is executed from the same directory as the kit location. Additional help on installing PCSI kits can be found by typing HELP PRODUCT INSTALL at the system prompt. 9 COPYRIGHT ******************************************************************** * * * VMS SOFTWARE, INC. CONFIDENTIAL. This software is confidential * * proprietary software licensed by VMS Software, Inc., and is not * * authorized to be used, duplicated or disclosed to anyone without * * the prior written permission of VMS Software, Inc. * * Copyright 2018 VMS Software, Inc. * * * ******************************************************************** 10 DISCLAIMER OF WARRANTY AND LIMITATION OF LIABILITY THIS PATCH IS PROVIDED AS IS, WITHOUT WARRANTY OF ANY KIND. ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR PARTICULAR PURPOSE, OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED TO THE EXTENT PERMITTED BY APPLICABLE LAW. IN NO EVENT WILL VMS SOFTWARE, INC. BE LIABLE FOR ANY LOST REVENUE OR PROFIT, OR FOR SPECIAL, INDIRECT, CONSEQUENTIAL, INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY, WITH RESPECT TO ANY PATCH MADE AVAILABLE HERE OR TO THE USE OF SUCH PATCH. 11 PATCH ID AXPVMS-VMS842L1A_NOTARY-V0200--4