IBM Support

IBM Tivoli Composite Application Manager for Transactions Response Time 7.4.0.1 Interim Fix 57 Readme File

Fix Readme


Abstract

Readme file for: 7.4.0.1-TIV-CAMRT-IF0057
Product - Component Release: 7.4.0.1
Update Name: 7.4.0.1-TIV-CAMRT-IF0057
Fix ID: 7.4.0.1-TIV-CAMRT-AIX-IF0057, 7.4.0.1-TIV-CAMRT-LINUX-IF0057, 7.4.0.1-TIV-CAMRT-WINDOWS-IF0057
Publication Date: 20 February 2022
Last modified date: 20 February 2022
Description: This interim fix contains Java update for IBM SDK, Java Technology Edition Quarterly CPU - Oct 2021 - Includes Oracle October 2021 CPU (minus CVE-2021-35550/35561/35603) plus CVE-2021-41035.

Content

Download location
Prerequisites and co-requisites
Installing
Additional information
List of fixes  

Download location

Below is a list of components, platforms, and file names that apply to this readme file.

Fix Download for AIX

Product - Component Name: Platform: Fix:
Tivoli Composite Application Manager for Transactions AIX 7.4.0.1-TIV-CAMRT-AIX-IF0057

Fix Download for Linux

Product - Component Name: Platform: Fix:
Tivoli Composite Application Manager for Transactions Linux 7.4.0.1-TIV-CAMRT-LINUX-IF0057

Fix Download for Windows

Product - Component Name: Platform: Fix:
Tivoli Composite Application Manager for Transactions Windows
 

Prerequisites and co-requisites

This upgrade for the Robotic Response Time agents, which is part of ITCAM for Transactions: Response Time, might be applied to the following base versions. It must be applied to a machine on which Robotic Response Time agent has been installed.

  • 7.4.0.1 - AIX, Linux, Windows
  • 7.4.0.2 - AIX, Linux, Windows
Notes:
  1. Supported base versions include interim fixes applied to any of the above release levels.
  2. This interim fix is a quarterly SDK update. The update replaces the Java SDK without changing the product version. This interim fix might be applied to versions 7.4.0.1 and 7.4.0.2.
 

This patch replaces the two JREs shipped with the Robotic Response Time (T6) agent, bringing them to the latest level. This remediates multiple security issues.

 

This patch is applicable for T6 agents:

  • Version 7.4.0.1
  • Version 7.4.0.2
  • Windows, AIX, and Linux platforms.

The T6's JREs are only used when playing back Rational Performance Tester (RPT) scripts, thus not available on Solaris and HPUX (RPT playback is not supported on Solaris and HPUX). 7.4 agent needs to update Java 80 and Java 70 JREs. These variations are noted in the installation steps below. Any customizations done to the existing JREs need to be preserved. Since these JREs are product-specific (ie only used by the T6 agent), there can only be at most one customization as instructed by IBM support, which is to enable strong encryption by updating the JRE's encryption policy (see technote in Installing).



This patch only includes Java70 and Java80 updates.  After the patch, the Java versions will be:
  • Java 7.0 SR11
  • Java 8.0 SR07

Related material:
This interim fix is a cumulative Java upgrade for Java PSIRT. Updates in these releases are included in this upgrade.
  • 7.4.0.1 - IF0005
  • 7.4.0.1 - IF0007
  • 7.4.0.1 - IF0009
  • 7.4.0.1 - IF0012
  • 7.4.0.1 - IF0015
  • 7.4.0.1 - IF0018
  • 7.4.0.1 - IF0021
  • 7.4.0.1 - IF0024
  • 7.4.0.1 - IF0027
  • 7.4.0.1 - IF0030
  • 7.4.0.1 - IF0032
  • 7.4.0.1 - IF0033
  • 7.4.0.1 - IF0034
  • 7.4.0.1 - IF0039
  • 7.4.0.1 - IF0041
  • 7.4.0.1 - IF0047
  • 7.4.0.1 - IF0049
  • 7.4.0.1 - IF0050
  • 7.4.0.1 - IF0051
  • 7.4.0.1 - IF0052
  • 7.4.0.1 - IF0055
  • 7.4.0.1 - IF0056
Oracle® Critical Patch Update Advisory - April 2021

Installation information

Before Installing

Validate pre-existing Java70 and Java80 are older than ones delivered in this interim fix.
The RRT Agent's Javas are located in

  • Windows:
    • Java70: $ITMHOME\tmaitm6\java70
    • Java80: $ITMHOME\tmaitm6\java80 - only in 7.4.0.1-IF8 and later
  • Unix:
    • Java70: $ITMHOME/tmaitm6/java70
    • Java80: $ITMHOME/tmaitm6/java80 - only in 7.4.0.1-IF8 and later

Check the versions, for example
C:\ibm\itm\TMAITM6> .\java80\jre\bin\java.exe -version

Java version "1.8.0_151"
Java(TM) SE Runtime Environment (build 8.0.5.7 - pwi3280sr5fp7-20171216_01(SR5 FP7)) IBM J9 VM (build 2.9, JRE 1.8.0 Windows Server 2008 R2 x86-32 20171215_373586 (JIT enabled, AOT enabled)
OpenJ9 - 5aa401f
OMR - 101e793
IBM - b4a79bf)
JCL - 20171214_01 based on Oracle jdk8u151-b12

 

Installing

Notes

  1. If you have updated the T6 JRE to use strong encryption, you must manually back up the policy files and copy them to the new JREs. The two files are:
    • \lib\security\local_policy.jar
    • \lib\security\US_export_policy.jar
See technote - How to enable strong encryption > 128 bit
https://www.ibm.com/support/pages/node/85585
See technote - Does the RRT agent support TLS 1.1/1.2 and 256-bit ciphers?
https://www.ibm.com/support/pages/node/529695
 
  • Back up existing Java70 and Java80
    1. Stop the T6 agent
    2. Backup existing Java JREs, for example
      > On Windows - cd c:\IBM\ITM\tmaitm6\
      > On Linux or Unix - cd /opt/IBM/ITM/tmaitm6
      > move java70 java70.old
      > move java80 java80.old - only in 7.4.0.1-IF8 and later.
  • Replace the JREs
    1. Unzip/Untar the archive to the same directory, for example, after unarchiving your directory structure is:

      Windows - c:\IBM\ITM\TMAITM6>dir java*
      Volume in drive C has no label.
      Volume Serial Number is 44AB-01FC

      Directory of c:\IBM\ITM\TMAITM6

      ........
      29/05/2013 02:04 PM <DIR> java70
      13/02/2013 02:14 PM <DIR> java70.old
      28/08/2016 07:08 PM <DIR> java80
      28/08/2016 07:17 PM <DIR> java80.old
      0 File(s) 0 bytes
      4 Dir(s) 40,808,731,648 bytes free


      Linux or Unix - /opt/IBM/ITM/tmaitm6>ls -dl java*
      ........
      drwxr-xr-x 4 root root 4096 Feb 2 01:10 java70
      drwxr-xr-x 4 root root 4096 Sep 19 14:20 java70.bak
      drwxr-xr-x 4 root root 4096 Feb 2 01:10 java80
      drwxr-xr-x 4 root root 4096 Sep 19 14:20 java80.bak
    2. If applicable, copy the following unrestricted policy files from the "java70.old" and "java80.old" directories to the new "java70" and "java80" directories:

      Windows:
      java70.old\lib\security\local_policy.jar to java70\lib\security
      java70.old\lib\security\US_export_policy.jar to java70\lib\security

      java80.old\lib\security\local_policy.jar to java80\lib\security
      java80.old\lib\security\US_export_policy.jar to java80\lib\security


      Linux or Unix:
      java70.bak/lib/security/local_policy.jar to java70/lib/security
      java70.bak/lib/security/US_export_policy.jar to java70/lib/security

      java80.bak/lib/security/local_policy.jar to java80/lib/security
      java80.bak/lib/security/US_export_policy.jar to java80/lib/security
  • Validate the updated JRE version/function
    1. Check version number of JRE 7.0, for example
      >java70\jre\bin>java -version
      java version "1.7.0"
      Java(TM) SE Runtime Environment (build pwi3270sr11-20211006_01(SR11))
      IBM J9 VM (build 2.6, JRE 1.7.0 Windows Server 2016 x86-32 20211005_014446 (JIT enabled, AOT enabled)
      J9VM - R26_Java726_SR11_20211005_1445_B14446
      JIT  - r11_20211005_14446
      GC   - R26_Java726_SR11_20211005_1445_B14446
      J9CL - 20211005_14446)
      JCL - 20210923_01 based on Oracle jdk7u321-b08
      >java80\jre\bin>java -version
      java version "1.8.0_311"
      Java(TM) SE Runtime Environment (build 8.0.7.0 - pwi3280sr7-20211025_01(SR7))
      IBM J9 VM (build 2.9, JRE 1.8.0 Windows Server 2019 x86-32-Bit 20211022_15212 (JIT enabled, AOT enabled)
      OpenJ9   - 6abb372
      OMR      - b898db9
      IBM      - 2f2c48b)
      JCL - 20210930_01 based on Oracle jdk8u311-b11
  • Restart Agent and ensure Rational Performance Tester Script playback works.
  • (Optional) Delete the backup Java runtimes.

Additional information

The Secure Hash Algorithm 256(SHA256) checksums of the images are as follows:

7.4.0.1-TIV-CAMRT-AIX-IF0057.tar - C09396C0F84E49026BE80909E59ECE054FDC912B12671126312F2F0C4431E515
7.4.0.1-TIV-CAMRT-Linux-IF0057.tar - D6429F9B97239C1A53F71B2C3BB2C18660523A0D5C1799123E8B8497B409A564
7.4.0.1-TIV-CAMRT-Windows-IF0057.zip - F4B8C565E21AFF8FB134ECFAD04310179F3C99D26A63D3F98E1B0000BABC6912

List of fixes

A) APAR Content:
N/A


B) Additional Non-APAR Defects:
Defect 31977: PSIRT PVR0308418 IBM SDK, Java Technology Edition Quarterly CPU - Oct 2021 - Includes Oracle October 2021 CPU (minus CVE-2021-35550/35561/35603) plus CVE-2021-41035


C) Enhancements
N/A

Document change history

 
Version Date Description of change
1.0 26 Feb 2022 Initial Version

[{"Type":"MASTER","Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS5MD2","label":"Tivoli Composite Application Manager for Transactions"},"ARM Category":[{"code":"a8m500000008i3OAAQ","label":"ITCAM-for-Transactions-\u003ERobotic Response Time RRT"}],"Platform":[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"}],"Version":"All Versions"}]

Document Information

Modified date:
21 February 2022

UID

ibm16556426