A fix is available
APAR status
Closed as program error.
Error description
z/OS Explorer 3.1.1.34 internal defect fix
Local fix
n/a
Problem summary
**************************************************************** * USERS AFFECTED: 1. All users that does not have $SHELL * * profile defined. * * 2. The server got affected. * * 3. All user connection to system having * * tape-type device dataset. * * 4. All users using uploading a local * * Unix-file to a dataset. * * 5. All ACF2 RSE users. * * 6. Users using TLS1.3 * **************************************************************** * PROBLEM DESCRIPTION: 1. Command miner when invoked without * * a $SHELL defined will default to "sh". * * 2. Debugging shows holder of * * stdout/err (of ThreadPools) kept by * * Daemon keeps growing with duplicates. * * Daemon's message listener usually * * would print out garbage when Daemon * * stops. * * 3. Tape-device type currently is * * logged at info level and as active. * * The active status logging should be * * corrected and at debug level only. * * 4. Under the assumption that CRLF * * newline on Windows is equivalent with * * LF on Unix-like and should be convert * * in the same way when uploading to * * z/OS datatset. The last newline of * * the file should be translated to an * * empty record for the last block of * * the dataset file. * * Unix-like uploading is currently * * missing the last record for the last * * LF of the file. * * 5. An error code in PTF UI79568 or * * UI79780 causes the input RACF class * * and resource not retrieved when * * calling the profile routine. * * 6. Improper detecting TLSv1.3 * * protocol and ciphers definitions may * * cause improper ssl translation to * * sync between Daemon and Server Thread. * **************************************************************** 1. "/bin/sh" is the proper value for the shell setting. 2. Daemon has the holders for stdout/err fds of ThreadPools to collect their message for logging. It does not reset each round it scans the ThreadPools and keep accumulating duplicates fds. Daemon's message listener process terminates abruptly when exiting causing Daemon end printing out garbage when stops. 3. Minimize the tape-device info as debug to avoid too much logging for system with high number of tape-device dataset. 4. The last CRLF on Windows and LF on Unix-like should be treated the same in uploading to z/OS dataset. The missing of the last LF translation on Unix-like causes a diff between original and the download file. 5. For system using ACF2, the improper input cause a RACF errors and fails the login. 6. The masking is used in GSK filtering for the protocols supported by an RSE server. It was used in bitwise & op filtering, so the definition should go by bit position. The existing bits 0 (i.e. 1),1 (i.e 2), 2 (i.e 4) used for TLS1, TLSv1.1 and TLSv1.2. So the mask for TLSv1.3 should be 8 (bit 3), not 5 as currently defined.
Problem conclusion
1. When it is not defined, have $SHELL default to the proper value "/bin/sh" instead of "sh". 2. Reset the std fd holder in each round of scan. Have the messaging process sending an exit ack back to Daemon for its message listener to display properly. 3. Tape-device type active status is corrected and logged only at debug level 4. Adding and empty record for the Unix-like detected LF newline at its EOF, assuming file feed from Windows newline always have CRLF as newline correctly. 5. Fix the error in parsing to feed the input properly to the check routine. 6. The supported ciphers definition is needed for GSK cipher filter merge to sync up with java Server ssl. Note: With this change, the java handshake still fails. It just helps to straighten up the ssl sync and trouble shooting later.
Temporary fix
Comments
APAR Information
APAR number
PH51234
Reported component name
EXP FOR Z/OS HO
Reported component ID
5655EXP23
Reported release
310
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2022-12-01
Closed date
2022-12-02
Last modified date
2023-01-03
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UI83561
Modules/Macros
FEJENF70 FEJJCNFG FEJJJCL FEJJMON FEJTSO FEK1SMPE FEK2RCVE FEK3ALOC FEK4ZFS FEK5MKD FEK6DDEF FEK7APLY FEK8ACPT FEK@CERR FEK@CONE FEK@CONF FEK@CUST FEK@DEB FEK@DESC FEK@FLOW FEK@GEN FEK@GENW FEK@ISPF FEK@IVP FEK@IVPD FEK@IVPW FEK@JCN1 FEK@JCNE FEK@JESJ FEK@MAIN FEK@MIGO FEK@OPTE FEK@OPTG FEK@OPTN FEK@PRIM FEK@RSE1 FEK@RSEO FEK@STRT FEK@TAB1 FEK@TAB2 FEK@TAB3 FEK@WRK1 FEK@WRK2 FEK@WRK3 FEK@WRK4 FEK@WRK5 FEKAPPCC FEKAPPCL FEKAPPCX FEKATTR FEKDSI FEKEESX0 FEKFASIZ FEKFATT1 FEKFBLD FEKFCIPH FEKFCLIE FEKFCMOD FEKFCMPR FEKFCMSG FEKFCOMM FEKFCOPY FEKFCOR6 FEKFCORE FEKFDBBF FEKFDBBP FEKFDBG FEKFDBG6 FEKFDBGM FEKFDIR FEKFDIR6 FEKFDIVP FEKFDST0 FEKFDST1 FEKFDST2 FEKFENVF FEKFENVI FEKFENVP FEKFENVR FEKFENVS FEKFEPL FEKFICUL FEKFISPF FEKFIVP0 FEKFIVPA FEKFIVPD FEKFIVPI FEKFIVPJ FEKFIVPT FEKFJESM FEKFJESU FEKFJVM FEKFLATR FEKFLDSI FEKFLDSL FEKFLEOP FEKFLOGS FEKFLPTH FEKFMAI6 FEKFMAIN FEKFMINE FEKFMINS FEKFMNTL FEKFNTCE FEKFOMVS FEKFPATT FEKFPRDS FEKFPTC FEKFRIVP FEKFRMSG FEKFRSES FEKFRSRV FEKFSCMD FEKFSEND FEKFSSL FEKFSTUP FEKFT000 FEKFT001 FEKFT002 FEKFT003 FEKFT004 FEKFT005 FEKFT006 FEKFT007 FEKFT008 FEKFT009 FEKFT010 FEKFT011 FEKFT012 FEKFT013 FEKFT014 FEKFT015 FEKFT016 FEKFT017 FEKFT018 FEKFT019 FEKFT020 FEKFT021 FEKFT022 FEKFT023 FEKFT024 FEKFT025 FEKFT026 FEKFT028 FEKFT029 FEKFT030 FEKFT031 FEKFT032 FEKFT033 FEKFT034 FEKFTIVP FEKFTRKS FEKFTSO FEKFUTIL FEKFVERS FEKFXITA FEKFXITL FEKFZME FEKFZMF FEKFZOS FEKHCONF FEKHCUST FEKHDEB FEKHDESC FEKHFLOW FEKHGEN FEKHISPF FEKHIVP FEKHIVPD FEKHJESJ FEKHMAIN FEKHMIGO FEKHOPTE FEKHOPTN FEKHPRIM FEKHRSE1 FEKHRSEO FEKHSTRT FEKHTAB1 FEKHTAB2 FEKINIT FEKKEYS FEKLOGR FEKLOGS FEKM00 FEKM01 FEKM02 FEKMKDIR FEKMOUNT FEKMSGC FEKMSGS FEKRACF FEKRSED FEKSAPF FEKSAPPL FEKSBPX FEKSCLAS FEKSCLOG FEKSCMD FEKSCPYM FEKSCPYU FEKSDSN FEKSENV FEKSETUP FEKSISPF FEKSJCFG FEKSJCMD FEKSJMON FEKSLPA FEKSPROG FEKSPTKT FEKSRSED FEKSSERV FEKSSTC FEKSSU FEKSUSER FEKXCFGE FEKXCFGI FEKXCFGM FEKXCFGT FEKXMAIN FEKXML HUHFCOR6 HUHFCORE
Fix information
Fixed component name
EXP FOR Z/OS HO
Fixed component ID
5655EXP23
Applicable component levels
R310 PSY UI83561
UP22/12/13 P F212
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSBDYH","label":"IBM Explorer for z\/OS"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"310","Line of Business":{"code":"LOB35","label":"Mainframe SW"}}]
Document Information
Modified date:
05 January 2023