Release Notes for McAfee(R) E-Business Server(TM) Version 8.6.0 for Windows, Solaris (SPARC), AIX, Linux, and HP-UX Copyright (C) 2009 McAfee, Inc. All Rights Reserved ========================================================== NOTE: The release of 8.5.1 included support for Windows Vista, both 32- and 64-bit platforms. Existing 8.5.0 functionality on Windows platforms was unchanged. Refer to Product Changes and Installation/System Requirements for details on Vista support. ========================================================== Thank you for using E-Business Server software. This file contains important information regarding this release. We recommend that you read the entire document. IMPORTANT: McAfee does not support automatic upgrading of a pre-release version of the software. To upgrade to a production release of the software, you must first uninstall the existing version of the software. Please note important installation requirements under the INSTALLATION AND SYSTEM REQUIREMENTS section. __________________________________________________________ WHAT'S IN THIS FILE - New Features - General Product Changes - Installation & System Requirements - Known Issues - Documentation - Copyright & Trademark Attributions - License Information __________________________________________________________ NEW FEATURES AND FIXES Version 8.6.0 (All supported platforms) -------------------- - On UNIX systems, GCC runtime libraries are no longer required. - Added support for new Windows and UNIX OS releases. Refer to INSTALLATION AND SYSTEM REQUIREMENTS for the list of supported systems. - On UNIX systems, you can run the E-Business Server Administration Utility console by issuing the following commands: cd /usr/local/ebs java -jar McAfeeEBSGUI.jar NOTE: You can run the utility only with Java(TM) 2 Runtime Environment version 1.4.2_18 or later from Sun Microsystems, Inc. - Adding DH/DSS key created with MOVEit Central 5.5.0.0 from www.standardnetworks.com may result in SIGBUS on Solaris and HP-UX platforms. This issue has been addressed in this release. - Decrypting a file that was encrypted with Bouncy Castle v1.37 may result in Access Violation Error (or SIGSEG on UNIX platforms). This issue has been addressed in this release. - Other bug fixes. Version 8.5.3 (Windows and Solaris) -------------------- - BOF/DoS vulnerability within the administrative server (EBSAdmin) has been addressed. Prior to version 8.5.3, an attacker was able to send a malformed packet that could cause a heap- based buffer overflow, leading to memory corruption that could result in arbitrary code execution. Version 8.5.2 (Windows and Solaris) -------------------- - DoS vulnerability within the administrative server (EBSAdmin) has been addressed. Prior to version 8.5.2, an attacker was able to crash the server by sending a malformed authentication packet. For more information, refer to: http://labs.idefense.com/intelligence/vulnerabilities/ Version 8.5.1 (Windows and Solaris) -------------------- - Support for 32-bit and 64-bit Windows Vista. Only the installer has been modified. For Vista-based platforms, the installer disables installation of the entropy collection driver and removes the entropy collection driver feature from the custom installation feature set. Version 8.5 (Windows and Solaris) -------------------- - Support for 128-bit Blowfish encryption algorithm. To use the new Blowfish algorithm: - From the server console Keys menu, select "Create New Key-Pair," then select "Blowfish" from the "Default cipher" drop-down list. - At the command line, type "blowfish" for the key-gen cypher command. For example, type: ebs --key-gen --cipher blowfish - Import keys from console. "Import" has been added to the server console Keys menu, enabling you to import key file types PGP (*.pgp) or Armored (*.asc). - Refresh key list. You can now update the console with changes made to the keyring via the command line. From the Keys menu, select "Refresh key list," or right-click the Keys node in the Server View tree, and select "Refresh key list" in the popup menu. - You can now use a single keyring to execute simultaneous E-Business Server tasks on one machine. This addresses concurrency issues. - On Solaris, you can run the E-Business Server Administration Utility console by issuing the following commands: cd /usr/local/ebs java -jar McAfeeEBSGUI.jar Version 8.1.2 (AIX, Linux and HP-UX) -------------------- - BOF/DoS vulnerability within the administrative server (EBSAdmin) has been addressed. Prior to version 8.1.2, an attacker was able to send a malformed packet that could cause a heap- based buffer overflow, leading to memory corruption that could resulted in arbitrary code execution. Version 8.1.1 (AIX, Linux and HP-UX) -------------------- - DoS vulnerability within the administrative server (EBSAdmin) has been addressed. Prior to version 8.1.1, an attacker was able to crash the server by sending a malformed authentication packet. For more information, refer to: http://labs.idefense.com/intelligence/vulnerabilities/ Version 8.1.0 (AIX, Linux and HP-UX) -------------------- - Support for the AIX, Linux and HP-UX platforms. The last supported release was version 7.1.1. - Support for file sizes greater than 2 gigabytes. - The Java API jar file and library are included. Java samples require the Java runtime, version 1.4 or later. - Fixed concurrency issue. You can now use the same key ring to execute multiple EBS tasks from a single machine. - New 'pgp' command link for backwards compatibility with existing client scripts. Version 8.0 (Windows and Solaris) -------------------- - FTP support. - SMTP support. - Improved secure file wiping (--wipe). - New switches (--force, --authenticate, --signed-by, --allow-passphrase-retry). - The E-Business Server Administration Utility, which lets users create and manage keys, and work with the E-Business Server configuration file. - New 'pgp' command link (pgp.exe on Windows) for backwards compatibility with existing client scripts. __________________________________________________________ GENERAL PRODUCT CHANGES Version 8.0 -------------------- Existing users should note the following changes in E-Business Server version 8.0: - The main command-line file name has changed from pgp (pgp.exe on Windows) to ebs (ebs.exe on Windows). - All switches that formerly used "PGP" now use "EBS". Version 8.1.0 -------------------- All of the version 8.0 functionality has been ported to AIX, Linux, and HP-UX platforms. Version 8.5 -------------------- - For Windows users, the E-Business Server installation path has changed to: C:\Program Files\McAfee\McAfee E-Business Server Version 8.6.0 -------------------- All of the version 8.5 functionality has been ported to AIX, Linux, and HP-UX platforms. Per the GNU Public License (GPL) agreement, the source code of the GNU libraries, which have been statically linked into this product, are available as a download link on the same page where you downloaded this product. __________________________________________________________ INSTALLATION AND SYSTEM REQUIREMENTS System Requirements for Windows - Windows 2000 with Service Pack 4 or later - Windows XP Professional with Service Pack 1 or later - Windows 2003 with Service Pack 1 or later - Windows Vista (32/64 bit) - Windows 2008, Standard, Enterprise, Data Center NOTE: On Vista and 2008 platforms, the installer does not install the entropy driver, so it disables the entropy collection driver feature. The user is prompted to type some random text on the keyboard when generating keys. System Requirements for Solaris (SPARC) - SunOS 5.9 - SunOS 5.10 System Requirements for AIX - AIX 5.1, maintenance level 06 or later - AIX 5.2, maintenance level 04 or later - AIX 5.3 (to view man pages, maintenance level 02 is required) - AIX 6.1 System Requirements for HP-UX - HP-UX 11.0 - HP-UX 11.11 - HP-UX 11.23 - HP-UX 11.31 System Requirements for Linux - Red Hat ES 3.0 - Red Hat AS and ES 4.0 - Red Hat AS and ES 5.0 - SUSE ES 9 - SUSE ES 10 Solaris, AIX, Linux, and HP-UX versions are available as a tarball distribution only. See product documentation for system requirements and installation procedures. __________________________________________________________ KNOWN ISSUES 1. You cannot add a Photo ID file larger than 146KB to a key. 2. If your system had version 7.1 installed, you must update the LicenseFile line in the Configuration files to specify the correct license files. 3. When you do not specify a default key, E-Business Server should use the most recent key pair for signing. In this release, however, the software uses the oldest key pair for signing. To work around this issue, specify a default key in the E-Business Server configuration file. 4. The PGP user directory (where user keyrings are stored by default) is not removed during uninstallation. This is as designed. For a full uninstall, remove those directories manually. Use extreme care when doing this, because deleting a keyring permanently deletes any keys on that keyring, and files encrypted to those keys are no longer readable. The default PGP directory is located at: C:\Documents and Settings\\My Documents\pgp 5. Exporting an x.509 certificate with the --with-private option creates a file that does not include the private key. Also, trying to import an x.509 certificate of PKCS #12 format that includes a private key fails. 6. If you are using McAfee Host Intrusion Prevention 6.0, you must manually add E-Business Server to the Host Intrusion "Trusted Application Policy." See the product’s online Help for Prevention instructions to add the E-Business Server to the list of trusted applications. 7. If you are using McAfee AntiSpyware Enterprise 8.5, the default (maximum) protection blocks E-Business Server access to the FTP port. See the AntiSpyware Enterprise 8.5 documentation for instructions to update the Access Protection rule to allow FTP access. __________________________________________________________ DOCUMENTATION Documentation is included on the product CD and/or is available with a valid grant number from the McAfee download site: https://secure.nai.com/us/forms/downloads/upgrades/login.asp NOTE: Electronic copies of all product manuals are saved as Adobe Acrobat .PDF files. The product CD includes the latest version of Acrobat Reader, or you can download any version from the Adobe web site: www.adobe.com/prodindex/acrobat/readstep2.html E-BUSINESS SERVER DOCUMENTATION - Installation Guide. Provides system requirements and instructions for installing the software. - Product Guide. Introduces the product, describes product features, provides detailed instructions for configuring the software, deployment, and ongoing operation and maintenance. - LICENSE Agreement The McAfee License Agreement booklet that includes all of the license types you can purchase for your product. The License Agreement presents general terms and conditions for use of the licensed product. - Release Notes (this ReadMe file) _________________________________________________________ _____________________________________________________ COPYRIGHT AND TRADEMARK ATTRIBUTIONS Copyright (C) 2009 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of McAfee, Inc., or its suppliers or affiliate companies. TRADEMARKS AVERT, EPO, EPOLICY ORCHESTRATOR, FLASHBOX, FOUNDSTONE, GROUPSHIELD, HERCULES, INTRUSHIELD, INTRUSION INTELLIGENCE, LINUXSHIELD, MANAGED MAIL PROTECTION, MAX (MCAFEE SECURITYALLIANCE EXCHANGE), MCAFEE, MCAFEE.COM, NETSHIELD, PORTALSHIELD, PREVENTSYS, PROTECTION-IN-DEPTH STRATEGY, PROTECTIONPILOT, SECURE MESSAGING SERVICE, SECURITYALLIANCE, SITEADVISOR, THREATSCAN, TOTAL PROTECTION, VIREX, VIRUSSCAN, WEBSHIELD are registered trademarks or trademarks of McAfee, Inc. and/or its affiliates in the US and/or other countries. McAfee Red in connection with security is distinctive of McAfee brand products. All other registered and unregistered trademarks herein are the sole property of their respective owners. _____________________________________________________ LICENSE INFORMATION LICENSE AGREEMENT NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANIES YOUR SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEB SITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR A FULL REFUND. LICENSE ATTRIBUTIONS This product includes or may include: * Software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). * Cryptographic software written by Eric A. Young and software written by Tim J. Hudson. * Some software programs that are licensed (or sublicensed) to the user under the GNU General Public License (GPL) or other similar Free Software licenses which, among other rights, permit the user to copy, modify and redistribute certain programs, or portions thereof, and have access to the source code. The GPL requires that for any software covered under the GPL, which is distributed to someone in an executable binary format, that the source code also be made available to those users. For any such software covered under the GPL, the source code is made available on this CD. If any Free Software licenses require that McAfee provide rights to use, copy or modify a software program that are broader than the rights granted in this agreement, then such rights shall take precedence over the rights and restrictions herein. * Software originally written by Henry Spencer, Copyright 1992, 1993, 1994, 1997 Henry Spencer. * Software originally written by Robert Nordier, Copyright (C) 1996-7 Robert Nordier. * Software written by Douglas W. Sauder. * Software developed by the Apache Software Foundation (http://www.apache.org/). A copy of the license agreement for this software can be found at www.apache.org/licenses/LICENSE-2.0.txt. * International Components for Unicode ("ICU") Copyright (C) 1995-2002 International Business Machines Corporation and others. * Software developed by CrystalClear Software, Inc., Copyright (C) 2000 CrystalClear Software, Inc. * FEAD(R) Optimizer(R) technology, Copyright Netopsystems AG, Berlin, Germany. * Outside In(R) Viewer Technology (C) 1992-2001 Stellent Chicago, Inc. and/or Outside In(R) HTML Export, (C) 2001 Stellent Chicago, Inc. * Software copyrighted by Thai Open Source Software Center Ltd. and Clark Cooper, (C) 1998, 1999, 2000. * Software copyrighted by Expat maintainers. * Software copyrighted by The Regents of the University of California, (C) 1996, 1989, 1998-2000. * Software copyrighted by Gunnar Ritter. * Software copyrighted by Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, California 95054, U.S.A., (C) 2003. * Software copyrighted by Gisle Aas. (C) 1995-2003. * Software copyrighted by Michael A. Chase, (C) 1999-2000. * Software copyrighted by Neil Winton, (C) 1995-1996. * Software copyrighted by RSA Data Security, Inc., (C) 1990-1992. * Software copyrighted by Sean M. Burke, (C) 1999, 2000. * Software copyrighted by Martijn Koster, (C) 1995. * Software copyrighted by Brad Appleton, (C) 1996-1999. * Software copyrighted by Michael G. Schwern, (C) 2001. * Software copyrighted by Graham Barr, (C) 1998. * Software copyrighted by Larry Wall and Clark Cooper, (C) 1998-2000. * Software copyrighted by Frodo Looijaard, (C) 1997. * Software copyrighted by the Python Software Foundation, Copyright (C) 2001, 2002, 2003. A copy of the license agreement for this software can be found at www.python.org. * Software copyrighted by Beman Dawes, (C) 1994-1999, 2002. * Software written by Andrew Lumsdaine, Lie-Quan Lee, Jeremy G. Siek (C) 1997-2000 University of Notre Dame. * Software copyrighted by Simone Bordet & Marco Cravero, (C) 2002. * Software copyrighted by Stephen Purcell, (C) 2001. * Software developed by the Indiana University Extreme! Lab (http://www.extreme.indiana.edu/). * Software copyrighted by International Business Machines Corporation and others, (C) 1995-2003. * Software developed by the University of California, Berkeley and its contributors. * Software developed by Ralf S. Engelschall for use in the mod_ssl project (http:// www.modssl.org/). * Software copyrighted by Kevlin Henney, (C) 2000-2002. * Software copyrighted by Peter Dimov and Multi Media Ltd. (C) 2001, 2002. * Software copyrighted by David Abrahams, (C) 2001, 2002. See http://www.boost.org/libs/bind/bind.html for documentation. * Software copyrighted by Steve Cleary, Beman Dawes, Howard Hinnant & John Maddock, (C) 2000. * Software copyrighted by Boost.org, (C) 1999-2002. * Software copyrighted by Nicolai M. Josuttis, (C) 1999. * Software copyrighted by Jeremy Siek, (C) 1999-2001. * Software copyrighted by Daryle Walker, (C) 2001. * Software copyrighted by Chuck Allison and Jeremy Siek, (C) 2001, 2002. * Software copyrighted by Samuel Krempp, (C) 2001. See http://www.boost.org for updates, documentation, and revision history. * Software copyrighted by Doug Gregor (gregod@cs.rpi.edu), (C) 2001, 2002. * Software copyrighted by Cadenza New Zealand Ltd., (C) 2000. * Software copyrighted by Jens Maurer, (C) 2000, 2001. * Software copyrighted by Jaakko Järvi (jaakko.jarvi@cs.utu.fi), (C) 1999, 2000. * Software copyrighted by Ronald Garcia, (C) 2002. * Software copyrighted by David Abrahams, Jeremy Siek, and Daryle Walker, (C) 1999-2001. * Software copyrighted by Stephen Cleary (shammah@voyager.net), (C) 2000. * Software copyrighted by Housemarque Oy , (C) 2001. * Software copyrighted by Paul Moore, (C) 1999. * Software copyrighted by Dr. John Maddock, (C) 1998-2002. * Software copyrighted by Greg Colvin and Beman Dawes, (C) 1998, 1999. * Software copyrighted by Peter Dimov, (C) 2001, 2002. * Software copyrighted by Jeremy Siek and John R. Bandela, (C) 2001. * Software copyrighted by Joerg Walter and Mathias Koch, (C) 2000-2002. * Software copyrighted by Carnegie Mellon University (C) 1989, 1991, 1992. * Software copyrighted by Cambridge Broadband Ltd., (C) 2001-2003. * Software copyrighted by Sparta, Inc., (C) 2003-2004. * Software copyrighted by Cisco, Inc and Information Network Center of Beijing University of Posts and Telecommunications, (C) 2004. * Software copyrighted by Simon Josefsson, (C) 2003. * Software copyrighted by Thomas Jacob, (C) 2003-2004. * Software copyrighted by Advanced Software Engineering Limited, (C) 2004. * Software copyrighted by Todd C. Miller, (C) 1998. * Software copyrighted by The Regents of the University of California, (C) 1990, 1993, with code derived from software contributed to Berkeley by Chris Torek.