Objavljena je nadogradnja programskog paketa IBM Tivoli Common Reporting koja ispravlja uočeni sigurnosni nedostatak. Zlonamjernim korisnicima on omogućuje pristup korisničkim lozinkama.

+-------------------------------------------------------------------------------+|
||Readme file for IBM Tivoli Common Reporting 2.1.0.0 Interim Fix 5||
|+-------------------------------------------------------------------------------+|


+----------------------------- NOTE ------------------------------------------+
|Before using this information and the product it supports, read the|
|information in 4."Notices".							    |
+-------------------------------------------------------------------------------+
This edition applies to Interim Fix 5 for version 2, release 1 of IBM Tivoli Common Reporting (program number 5724-T69).

Copyright International Business Machines Corporation 2011.
US Government Users Restricted Rights -- Use, duplication or disclosure 
restricted by GSA ADP Schedule Contract with IBM Corp.

+-----------------+
|Table of Contents|
+-----------------+
	1. Description
	1.1 APARs included
	1.2 Internal defects
	2. Applying Tivoli Common Reporting 2.1.0.0 Interim Fix 5
	3. Uninstalling Tivoli Common Reporting 2.1.0.0 Interim Fix 5
	4. Notices
	
+-----------------+
| 1. Description|
+-----------------+
The Interim Fix 5 for Tivoli Common Reporting 2.1.0.0 contains fixes for internal defect having security issue.

This readme contains the most current information for this interim fix and takes precedence over all other documentation.

+-----------------------+
| 1.1 APARs included|
+-----------------------+
The Interim Fix 5 for Tivoli Common Reporting 2.1.0.0 does not contain fixes for any APARs.

+------------------------+
| 1.2 Internal defects|
+------------------------+
	TSM 1208 - TCR 2.1 updating data source leaves plain text password in reportCli.log
		When TCR Command line (CLI) is used to add a data source OR modify a data source, the password given in the input
		is consumed and stored in the generated reportCli.log files. This poses a security issue to the deployers/customers.
		To fix this issue, some code has been modified and now the raw password is not printed in the reportCli.log file;
		Instead, the passwords are masked with 'xxxxx' characters.

+---------------------------------------------------------------------+
| 2 Applying Tivoli Common Reporting 2.1.0.0 Interim Fix 5|
+---------------------------------------------------------------------+
To apply the fix:

	1.	On the computer where Tivoli Common Reporting server has been 
		installed, unpack the 2.1.0.0-TIV-TCR-IF5.zip into a temporary directory. 

	2. 	Stop the Tivoli Common Reporting server.

	3. 	Install the interim fix by running the following command from shell:
			
			install[.sh|.bat] -i <TCR_2100_HOME>
		
		- where <TCR_2100_HOME> is the directory where Tivoli Common Reporting
			is installed.
			Example: /opt/IBM/tivoli/tipv2Components/TCRComponent
		- You may have to add executable permission (+x) for the install.sh 
			script on Linux/UNIX platforms (chmod u+x install.sh).
		- Due to case-sensitivity of Deployment Engine, the value used for 
			<TCR_2101_HOME> must be exactly the same as the directory path 
			entered during the TCR 2.1.0.0 installation. A common error is to 
			use a non capital letter for the installation drive on Windows. 
			If the disk where you installed Tivoli Common Reporting server 
			is "C:", you have to use a capital letter when specifying it, 
			for example:

			install.bat -i c:IBM	ivoli	ipv2ComponentsTCRComponent will not work, while
			install.bat -i C:IBM	ivoli	ipv2ComponentsTCRComponent will work.

	4.	Verify the installation:
		
			Navigate to the folder where the Deployment Engine
			has been installed.
		
			For Windows the folder is:
				%ProgramFiles%IBMCommonacsi in
			Type listIU.cmd and the output should show that the TCR Interim Fix 5 has been installed.
			(Fix Name:TCR-2100-0005)
			
			For UNIX-like systems:
			Source the DE environment by running the following command: 
				. /var/ibm/common/acsi/setenv.sh for root user, or
				. ~/.acsi_<USERNAME>/setenv.sh for non-root users.
			Make sure you include the . (dot and space) characters when running the command.
			Browse to the following directory:
				/usr/ibm/common/acsi/bin for root user, or
				~/.acsi_<USERNAME>/bin for non-user users.
			Type listIU.sh and the output should show that the TCR Interim Fix 5 has been installed 
			(Fix Name:TCR-2100-0005)

	5. 	Start the Tivoli Common Reporting server.

+-------------------------------------------------------------+
| 3 Uninstalling Tivoli Common Reporting 2.1.0.0 Interim Fix 5|
+-------------------------------------------------------------+
To remove from your Tivoli Common Reporting instance the Tivoli Common Reporting 2.1.0.0 Interim Fix 5, follow these steps:

	1. 	Stop the Tivoli Common Reporting server.

	2. 	Run the following command from shell:
		./install.sh -r <TCR_2100_HOME>

	3.	Start the server.

+----------+
| 4 Notices|
+----------+
This information was developed for products and services offered in the
U.S.A. IBM may not offer the products, services, or features discussed
in this document in other countries. Consult your local IBM
representative for information on the products and services currently
available in your area. Any reference to an IBM product, program, or
service is not intended to state or imply that only that IBM product,
program, or service may be used. Any functionally equivalent product,
program, or service that does not infringe any IBM intellectual property
right may be used instead. However, it is the user's responsibility to
evaluate and verify the operation of any non-IBM product, program, or
service.

IBM may have patents or pending patent applications covering subject
matter described in this document. The furnishing of this document does
not give you any license to these patents. You can send license
inquiries, in writing, to:



IBM Director of Licensing
IBM Corporation
North Castle Drive
Armonk, NY 10504-178, U.S.A.

For license inquiries regarding double-byte (DBCS) information, contact
the IBM Intellectual Property Department in your country or send
inquiries, in writing, to:

IBM World Trade Asia Corporation
Licensing
2-31 Roppongi 3-chome, Minato-ku
Tokyo 106, Japan

The following paragraph does not apply to the United Kingdom or any
other country where such provisions are inconsistent with local law:

INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS PUBLICATION
"AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

Some states do not allow disclaimer of express or implied warranties in
certain transactions, therefore, this statement might not apply to you.

This information could include technical inaccuracies or typographical
errors. Changes are periodically made to the information herein; these
changes will be incorporated in new editions of the publication. IBM may
make improvements and/or changes in the product(s) and/or the program(s)
described in this publication at any time without notice.

Any references in this information to non-IBM Web sites are provided for
convenience only and do not in any manner serve as an endorsement of
those Web sites. The materials at those Web sites are not part of the
materials for this IBM product and use of those Web sites is at your own
risk.

IBM may use or distribute any of the information you supply in any way
it believes appropriate without incurring any obligation to you.

Licensees of this program who wish to have information about it for the
purpose of enabling: (i) the exchange of information between
independently created programs and other programs (including this one)
and (ii) the mutual use of the information which has been exchanged,
should contact:

IBM Corporation
2Z4A/101
11400 Burnet Road
Austin, TX  78758 	U.S.A.

Such information may be available, subject to appropriate terms and
conditions, including in some cases, payment of a fee.

The licensed program described in this document and all licensed
material available for it are provided by IBM under terms of the IBM
Customer Agreement, IBM International Program License Agreement or any
equivalent agreement between us.

Any performance data contained herein was determined in a controlled
environment. Therefore, the results obtained in other operating
environments may vary significantly. Some measurements may have been
made on development-level systems and there is no guarantee that these
measurements will be the same on generally available systems.
Furthermore, some measurement may have been estimated through
extrapolation. Actual results may vary. Users of this document should
verify the applicable data for their specific environment.

Information concerning non-IBM products was obtained from the suppliers
of those products, their published announcements or other publicly
available sources. IBM has not tested those products and cannot confirm
the accuracy of performance, compatibility or any other claims related
to non-IBM products. Questions on the capabilities of non-IBM products
should be addressed to the suppliers of those products.

This information contains examples of data and reports used in daily
business operations. To illustrate them as completely as possible, the
examples include the names of individuals, companies, brands, and
products. All of these names are fictitious and any similarity to the
names and addresses used by an actual business enterprise is entirely
coincidental.

+--------------+
|4.1 Trademarks|
+--------------+
The following terms are trademarks of the IBM Corporation in the United
States or other countries or both: 

IBM
The IBM logo 
AIX
DB2
DB2® Universal Database
Tivoli
WebSphere
zSeries

Microsoft®, Windows®, and the Windows logo are registered trademarks, of
Microsoft Corporation in the U.S. and other countries.

UNIX is a registered trademark of The Open Group in the United States
and other countries.

Intel® is a trademark of Intel Corporation in the United States, other
countries, or both.

Linux® is a trademark of Linus Torvalds in the United States, other
countries, or both.

Other company, product, and service names may be trademarks or service
marks of others.