358 Lotus blogs updated hourly. Who will post next? Home | Downloads | Events | Pods | Blogs | Search | myPL | About 
 
Latest 7 Posts
Domino TLS POODLE Fix released
Sun, Dec 21st 2014 158
iNotes Redirect without Anonymous Access
Fri, Dec 5th 2014 201
Short Description Creating a Domino Keyring File with the new Keyring Tool and a Windows CA using Binary Formats
Tue, Dec 2nd 2014 174
Traveler 9.0.1 IF7
Fri, Nov 7th 2014 315
Some Additonal TLS 1.0 Information
Thu, Nov 6th 2014 356
Domino TLS 1.0 SHA-2 Support to prevent POODLE has been shipped today
Mon, Nov 3rd 2014 345
TLS and SHA-2 Support and the POODLE Attack
Tue, Oct 21st 2014 332
Top 10
Some Additonal TLS 1.0 Information
Thu, Nov 6th 2014 356
Domino TLS 1.0 SHA-2 Support to prevent POODLE has been shipped today
Mon, Nov 3rd 2014 345
TLS and SHA-2 Support and the POODLE Attack
Tue, Oct 21st 2014 332
Traveler 9.0.1 IF7
Fri, Nov 7th 2014 315
IBM Sametime Limited Use 9 release for IBM Notes/Domino 9.0.1 customers
Wed, Oct 30th 2013 250
Notes Domio Traveler 9.0.1 is available
Tue, Oct 29th 2013 249
iNotes Redirect without Anonymous Access
Fri, Dec 5th 2014 201
Traveler Support for iOS 7
Thu, Aug 22nd 2013 192
Traveler Issues with Attachments containing special chars after updating to 9.0.1 IF6
Sat, Sep 27th 2014 175
Short Description Creating a Domino Keyring File with the new Keyring Tool and a Windows CA using Binary Formats
Tue, Dec 2nd 2014 174


FTIndex Crash with C-API based tools caused by a change in D8.5.3
Daniel Nashed    


We ran into this problem quite badly and the root cause was hard to track.
One of my applications (nshrun -- a tool to do multiple tasks in parallel on multiple databases) started to crash without a meaningful call-stack.
I started to figure out the root cause and identified that the C-API call FTIndex causes a crash of the calling function because the stack is damaged.

It turned out that IBM changed the structure of the statistic buffer for FTIndex by adding two new variables.
This change caused incompatibility with all existing applications using this structure with FTIndex.
When using a previous version of the C-API toolkit the memory buffer passed to the function was to small and the function did overwrite memory which caused the stack to be corrupt.

The problem exists with 8.5.3 and 8.5.3 FP1 and will be corrected in 8.5.3 FP2 and 8.5.4. The exposed structure will be reverted back to the old format.
In the meantime to get your application working you have multiple options

a.) wait for 8.5.3 FP2 or 8.5.4
b.) don't use the statistics returned and pass NULL as the parameter
c.) recompile just for 8.5.3 with the current 8.5.3 C-API
d.) redefine the structure in your earlier toolkit version and compile -- for older versions the bigger buffer does not cause any issues

There is a upcoming technote (TN #1590244) which is not yet released and the SPR we got for the problem is APAR#LO68258/SPR #VDES8SMFCJ.

I am going to compile my applications with a changed header structure to ensure it will continue to work with all releases of Domino.

-- Daniel



STATUS LNPUBLIC FTIndex(DBHANDLE hDB,WORD Options,char far *StopFile, FT_INDEX_STATS far *retStats);

In version 853, the structure FT_INDEX_STATS was updated as shown below in both product code and the C API toolkit.
typedef struct
{
DWORD DocsAdded; /* # of new documents */
DWORD DocsUpdated; /* # of revised documents */
DWORD DocsDeleted; /* # of deleted documents */
DWORD BytesIndexed; /* # of bytes indexed */
DWORD Merges; /* # of index merges */
DWORD MergeMsec; /* Msec spent merging */
}
FT_INDEX_STATS;

In previous versions on the product, this structure was defined as shown below.
typedef struct
{
DWORD DocsAdded; /* # of new documents */
DWORD DocsUpdated; /* # of revised documents */
DWORD DocsDeleted; /* # of deleted documents */
DWORD BytesIndexed; /* # of bytes indexed */
}
FT_INDEX_STATS;

---------------------
http://blog.nashcom.de/nashcomblog.nsf/dx/ftindex-crash-with-c-api-based-tools-caused-by-a-change-in-d8.5.3.htm
Apr 10, 2012
34 hits



Recent Blog Posts
158


Domino TLS POODLE Fix released
Sun, Dec 21st 2014 5:12a   Daniel Nashed
As reported before the IF that introduced TLS 1.0 is vulnerable to the new PODDLE issue. IBM released a new IF for all supported versions that fixes this issue. After installing the IF you can re-enable the CBC ciphers which are now reported as not vulnerable by the SSL Labs Test site. In addition to this fix IBM officially introduces a new notes.ini variable to disable SSL V3. DISABLE_SSLV3=1 will disable SSL V3 completely. But as mentioned before you should be completely sure if you wa [read] Keywords: domino ibm notes security
201


iNotes Redirect without Anonymous Access
Fri, Dec 5th 2014 9:15a   Daniel Nashed
When running iNotes you might only want to allow authenticated connections to your Domino Server over HTTP. But on the other side you want to use the iNotes Redirect database which contains some images and other design that should load even the user is not yet authenticated. There is a Wiki article that describes in detail what to do. Thanks to IBM pointing out that parameter! http://www.lotus.com/ldd/dominowiki.nsf/dx/Allowing_Anonymous_Access_to_iNotes_Redirect_images__while_preventing_An [read] Keywords: connections domino ibm inotes ldd lotus database server wiki
174


Short Description Creating a Domino Keyring File with the new Keyring Tool and a Windows CA using Binary Formats
Tue, Dec 2nd 2014 5:11a   Daniel Nashed
Now that more and more customers are using the new keyring tool we run into interesting constellations. Microsoft uses binary formats instead of the ascii based PEM format that the keyring tool requires. Openssl does not only help you to create the key and the certficates. You can also use it to convert the certificate formats. I have written a short step by step short documentation for my customer including some troubleshooting steps and tricks. To keep it short I have left out the re [read] Keywords: domino ibm ldd lotus notes linux microsoft password server
315


Traveler 9.0.1 IF7
Fri, Nov 7th 2014 5:15a   Daniel Nashed
Finally Traveler 9.0.1 IF7 is available. I don't see a fixlist yet but I got a fixlist from a customer from the latest hotfix he got. The IF should fix all attachment issues which came up with IF6, includes the latest Android client and should also have an updated certificate for APNS. So now you can install 9.0.1 IF7 in combination with Domino 9.0.1 FP2 IF1 which introduces TLS 1.0 in one go with just one downtime. FixCentral Download Link: http://www.ibm.com/support/fixcentr [read] Keywords: domino ibm lotus notes traveler
356


Some Additonal TLS 1.0 Information
Thu, Nov 6th 2014 11:12a   Daniel Nashed
TLS 1.0 and the removal of SSL 3.0 from browsers that triggered the whole discussion is not just something that needs to be addresses on a Domino server. IBM has done a lot of work in quite a short time and now that customers are implementing the fix it shows that also other software is effected. Introducing TLS 1.0 for Domino was the first step from IBM to ensure that clients that only support TLS 1.0 and higher can still connect to the Domino server. For now IBM still has SSL 3.0 enabled [read] Keywords: agent connections domino ibm lotus notes notes client application applications database email java security server smtp
345


Domino TLS 1.0 SHA-2 Support to prevent POODLE has been shipped today
Mon, Nov 3rd 2014 6:16p   Daniel Nashed
As blogged before IBM was already working on addressing the POODLE attack by finally implementing TLS 1.0 for all internet protocols. Today IBM shipped an Interims Fix to introduce TLS 1.0 which is very important because many browsers and other software vendors are about to drop SSL 3.0 support. So you need those fixes to continue to use secure protocols like HTTS, secure SMTP, LDAP, IMAP, POP3, DIIOP.. There are a couple of changes which are described in the following Wiki documents. And [read] Keywords: domino ibm ldd lotus traveler application applications linux security server smtp wiki




332


TLS and SHA-2 Support and the POODLE Attack
Tue, Oct 21st 2014 12:11p   Daniel Nashed
IBM has officially responded to the POODLE attack and also officially responded to newer crypto standards. Very good news for Domino! IBM will introduce TLS 1.0/1.2 and SHA-2 support for all protocols soon! The current technotes mention a very short timeframe and it looks like we are going to get fixes at least for the current Domino 9.0.1 code stream. Some fixes will be also in the 8.5.x code-stream but some of the improvements like SHA-2 support cannot be back ported. So you should be pr [read] Keywords: domino ibm network security server smtp
175


Traveler Issues with Attachments containing special chars after updating to 9.0.1 IF6
Sat, Sep 27th 2014 6:12a   Daniel Nashed
Before leaving for holidays last week the first customer contacted me about issues with attachments that have blanks, umlauts or other characters in the attachment name. I could not reproduce it on iOS but on Android but without the error message in the log that he got. Meanwhile it is clear that this issue affects all devices types and there is a fix that should hopefully address this problem. IBM is working on a new IF to address the issue and also possible other related issues but mean [read] Keywords: ibm notes traveler mobile
143


My Top 3 Formula Commands for working in the Notes Client
Thu, Sep 18th 2014 11:16p   Daniel Nashed
All of those commands are not new at all. They are all round for a very long time. But they make my day easier. I am surprised that many still don't know at least the first two. The last one is more a convenience when working with replicas. @Command([AdminRemoteConsole]) Before Release 5 there wasn't an admin client and the admin/designer was integrated into the normal client. The old live console is still in the client and you don't need an admin client -- just the right per [read] Keywords: admin notes notes client
130


Important Update on Traveler iOS 8 Support -- You have to install an IF!
Mon, Sep 15th 2014 3:13p   Daniel Nashed
There are some last minute changes in iOS which are only in the final version. Apple changed the EAS Sync ID which used to match the Device ID. There has been planning for that change for a while but Apple should have introduce that change already in the Beta releases. However this change causes issues in device mapping for the companion/todo app. IBM released a IF for 9.0.1/9.0.0.1/8.5.3 UP2 today to address this issue and added some background logic to map the device ID. There is a A [read] Keywords: ibm ldd lotus traveler apple




Created and Maintained by Yancy Lent - About - Blog Submission - Suggestions - Change Log - Blog Widget - Advertising - Mobile Edition