The fix is shipped as file IBM.HHOP850.UI18898
The fix has rework (build) date 2014178 (27 Jun 2014)
The following fixes are prerequisites for this fix:
These prerequisites can be downloaded from the Developer for System z Recommended Fixes page, if not included as file IBM.HHOP850.<prereq>.
Steps required to install the fix:
A sequential data set must be allocated on the z/OS system to receive the fix that you will upload from your workstation. You can do this by submitting the job below. Add a job card and modify the parameters to meet your site's requirements before submitting.
//ALLOC EXEC PGM=IEFBR14 //* //UI18898 DD DSN=hlq.IBM.HHOP850.UI18898, // DISP=(NEW,CATLG,DELETE), // DSORG=PS, // RECFM=FB, // LRECL=80, // UNIT=SYSALLDA, //* VOL=SER=volser, //* BLKSIZE=6160, // SPACE=(TRK,(112,20)) //*
Upload the file in binary format from your workstation to the z/OS data set. On a Windows system, you can use FTP from a command prompt to upload the file. In the sample dialog shown below, commands or other information entered by the user are in bold, and the following values are assumed:
| User enters: | Values |
|---|---|
| mvsaddr | TC P/IP address of the z/OS system |
| tsouid | Your TSO user ID |
| tsopw | Your TSO password |
| d: | Your drive containing the fix files |
| hlq | High-level qualifier that you used for the data set that you allocated in the job above |
C:\>ftp mvsaddr Connected to mvsaddr. 220-FTPD1 IBM FTP CS %version% at mvsaddr, %time% on %date%. 220 Connection will close if idle for more than 60 minutes. User (mvsaddr:(none)): tsouid 331 Send password please. Password: tsopw 230 tsouid is logged on. Working directory is "tsouid.". ftp> cd .. 250 "" is the working directory name prefix. ftp> cd hlq 250 "hlq." is the working directory name prefix. ftp> binary 200 Representation type is Image ftp> put d:\IBM.HHOP850.UI18898 200 Port request OK. 125 Storing data set hlq.IBM.HHOP850.UI18898 250 Transfer completed successfully 6209600 bytes sent in 0.28 seconds ftp> quit 221 Quit command received. Goodbye.
++HOLD(UI18898) SYS FMID(HHOP850) REASON(ACTION) DATE(14178)
COMMENT
(****************************************************************
* Affected function: RSE *
****************************************************************
* Description: new environment variables *
****************************************************************
* Timing: pre-APPLY *
****************************************************************
* Part: /usr/lpp/rdz/samples/rsed.envvars *
* [/etc/rdz/rsed.envvars] *
****************************************************************
This fix updates the sample rsed.envvars by adding the
following optional directives:
#_RSE_JAVAOPTS="$_RSE_JAVAOPTS -Dlog.file.mode=RW.N.N"
Access permission mask for log files and log directories. The
default is RW.N.N, which allows the owner read and write access.
The owner's default group and everyone else have no access. To
set the required access permissions, uncomment and customize.
UNIX standards dictate that permissions can be set for three
types of users: owner, group, and other. The fields in this
variable match this order, and the fields are separated by a
period (.). Each field can be empty (which equals N), or have
N, R, W, or RW as values, where N = none, R = read and W =
write.
#_RSE_JAVAOPTS="$_RSE_JAVAOPTS -Dlog.secure.mode=true"
Validate log-directory ownership. The default is false, which
skips the test where RSE validates that a user (RSE daemon
itself or a client user ID) is the owner of the directory in
which the logs will be written. Uncomment and specify true to
enable the directory ownership test and write the log files only
if it is successful. Console message FEK301E is issued when the
test is not successful.
****************************************************************
* Affected function: RSE *
****************************************************************
* Description: new environment variables *
****************************************************************
* Timing: post-APPLY *
****************************************************************
* Part: /usr/lpp/rdz/samples/rsed.envvars *
* [/etc/rdz/rsed.envvars] *
****************************************************************
This fix updated sample file rsed.envvars.
Redo your customizations, if any, after applying this
maintenance.
****************************************************************
* Affected function: console messages *
****************************************************************
* Description: new message, FEK301E, FEK303E, FEK304W, FEK305E *
****************************************************************
* Timing: post-APPLY *
****************************************************************
* Part: n/a *
****************************************************************
This maintenance introduces new console messages
FEK301E = {0} (uid:{1}) does not own the directory of {2}
(file_owner uid:{3})
FEK303E = The symbolic link, {0}, cannot be used as a log
directory
When rsed.envvars variable log.secure.mode is enabled, RSE will
validate that a user (client or RSE itself) owns the directory
in which log files will be written, and that the log directory
is not a symbolic link. These messages are issued when the
related test fails.
FEK304W Invalid {0}, {1}, was specified. The default mode, {3},
is used instead.
RSE will issue this message when an inviled file permission
mask is specified in rsed.envvars.
FEK305E The ID, {0}, does not have appropriate privileges to
access {1}.
RSE will issue this message when it cannot access a log
directory.
****************************************************************
* Affected function: log files *
****************************************************************
* Description: new script to update log file access permits *
****************************************************************
* Timing: post-APPLY *
****************************************************************
* Part: FEK.SFEKSAMP(FEKPBITS) *
* [FEK.#CUST.JCL(FEKPBITS)] *
****************************************************************
This maintenance adds a new sample JCL, SFEKSAMP(FEKPBITS),
which can be used to update existing log file permissions.
It is intended to update an existing log infrastructure so all
log files comply with the new, more secure, file access permits.
****************************************************************
* Affected function: CARMA *
****************************************************************
* Description: enhanced client version function *
****************************************************************
* Timing: post-APPLY *
****************************************************************
* Part: not applicable *
****************************************************************
This fix allows the host to gather the version of a CARMA client
down to the ifix level. It requires that the client is at a
matching or more recent service level to function as advertised.
****************************************************************
* Affected function: RSE *
****************************************************************
* Description: new environment variables *
****************************************************************
* Timing: pre-APPLY *
****************************************************************
* Part: /usr/lpp/rdz/samples/rsed.envvars *
* [/etc/rdz/rsed.envvars] *
****************************************************************
This fix updates the sample rsed.envvars by adding the
following optional directives:
#_RSE_JAVAOPTS="$_RSE_JAVAOPTS -Denable.saf.check=true"
Verify access permits before accessing a data set. The default
value is false. Uncomment and specify true if you want RSE to
call your security product before accessing a data set to avoid
S913 abends (access denied). RSE itself recovers from an S913
abend, but Language Environment (LE) does count the S913 abend
if you specify a non-zero value for the ERRCOUNT LE option.
#_RSE_JAVAOPTS="$_RSE_JAVAOPTS -Denable.dDVIPA=true"
Enable distributed dynamic VIPA support. The default value is
false. Uncomment and specify true if you want to use RSE in a
distributed dynamic VIPA setup.
#_RSE_JAVAOPTS="$_RSE_JAVAOPTS -Ddisplay.users=true"
Automated display of active users. The default is false.
Uncomment and specify true to enable an automated display of
active users in rseserver.log on each user logon and logoff.
#_RSE_JAVAOPTS="$_RSE_JAVAOPTS -Dkeep.stats.copy.local=true"
Keep ISPF statistics during a local copy. The default is false,
which implies that ISPF statistics like create-date and
changed-by are updated for the target data set or member.
Uncomment and specify true to keep the original ISPF statistics
during a copy where source and target are on the same host
system.
****************************************************************
* Affected function: RSE *
****************************************************************
* Description: new environment variables *
****************************************************************
* Timing: post-APPLY *
****************************************************************
* Part: /usr/lpp/rdz/samples/rsed.envvars *
* [/etc/rdz/rsed.envvars] *
****************************************************************
This fix updated sample file rsed.envvars.
Redo your customizations, if any, after applying this
maintenance.
****************************************************************
* Affected function: CARMA *
****************************************************************
* Description: CA Endevor(R) SCM VSAM update *
****************************************************************
* Timing: post-APPLY *
****************************************************************
* Part: SFEKVSM2(CRA0VCAD) *
****************************************************************
This maintenance updates the CRADEF VSAM data set
used by the Developer for System z interface to CA Endevor(R).
To apply these changes to your active VSAM data set, resubmit
the customized SFEKSAMP(CRA$VCAD).
****************************************************************
* Affected function: CARMA *
****************************************************************
* Description: updated CLIST startup script *
****************************************************************
* Timing: pre-APPLY *
****************************************************************
* Part: FEK.SFEKSAMP(CRASUBMT) *
* [FEK.#CUST.CNTL(CRASUBMT)] *
* FEK.SFEKSAMP(CRASUBCA) *
* [FEK.#CUST.CNTL(CRASUBCA)] *
****************************************************************
This maintenance updates sample JCL, SFEKSAMP(CRASUB*),
which is used to start CARMA in batch-submit mode.
It allows for a longer startup argument string.
****************************************************************
* Affected function: CARMA *
****************************************************************
* Description: updated CLIST startup script *
****************************************************************
* Timing: post-APPLY *
****************************************************************
* Part: FEK.SFEKSAMP(CRASUBMT) *
* [FEK.#CUST.CNTL(CRASUBMT)] *
* FEK.SFEKSAMP(CRASUBCA) *
* [FEK.#CUST.CNTL(CRASUBCA)] *
****************************************************************
This fix updated sample members CRASUB*.
Redo your customizations, if any, after applying this
maintenance.).
SMP/E ACCEPT the prerequisites to facilitate an easy backout of the fix, if required. Note that once accepted, you cannot backout the accepted prerequisites.
This step can be skipped if there are no prerequisites, or if there is a reason to not make a prerequisite permanent.
You can accept the prerequisites by submitting the job below. Add a job card and modify the parameters to meet your site's requirements before submitting.
//*
//* Change #globalcsi to the data set name of your global CSI.
//* Change #dzone to your CSI distribution zone name.
//*
//ACCEPT EXEC PGM=GIMSMP,REGION=0M
//SMPCSI DD DISP=OLD,DSN=#globalcsi
//SMPCNTL DD *
SET BOUNDARY(#dzone) .
ACCEPT SELECT(
UK98515
UK92638
UK83670
) REDO COMPRESS(ALL) BYPASS(HOLDSYS,HOLDERROR).
//*
SMP/E RECEIVE and APPLY the fix.
You can do this by submitting the job below. Add a job card and modify the parameters to meet your site's requirements before submitting.
//* //* Change hlq to the high level qualifier used to upload the fix. //* Change (2x) #globalcsi to the data set name of your global CSI. //* Change #tzone to your CSI target zone name. //* //RECEIVE EXEC PGM=GIMSMP,REGION=0M //SMPCSI DD DISP=OLD,DSN=#globalcsi //SMPPTFIN DD DISP=SHR,DSN=hlq.IBM.HHOP850.UI18898 //SMPCNTL DD * SET BOUNDARY(GLOBAL) . RECEIVE SELECT(UI18898) SYSMODS LIST . //* //APPLY EXEC PGM=GIMSMP,REGION=0M //SMPCSI DD DISP=OLD,DSN=#globalcsi //SMPCNTL DD * SET BOUNDARY(#tzone) . APPLY SELECT(UI18898) REDO COMPRESS(ALL) BYPASS(HOLDSYS,HOLDERROR). //*
Restart started tasks to activate changes.