README Progress (R) DataDirect (R) Progress(R) DataDirect(R) for ODBC for Oracle(TM) Wire Protocol Driver Windows Platforms (32 and 64-bit) Release 8.0.2 May 10, 2022 *********************************************************************** Copyright (C) 2022 Progress Software Corporation and/or its subsidiaries or affiliates. All Rights Reserved. *********************************************************************** This README file contains information for Progress(R) DataDirect(R) for ODBC for Oracle(TM) Wire Protocol Driver. This README file contains information not included in the PROGRESS DATADIRECT(R) FOR ODBC FOR ORACLE WIRE PROTOCOL DRIVER USER'S GUIDE AND REFERENCE. CONTENTS Driver Requirements Installation Directory Changes Since 8.0.2 GA Changes for 8.0.2 GA Changes for 8.0.1 GA Driver WorkAround Options Notes, Known Problems, and Restrictions Documentation Installed Files for the 32-bit Driver Installed Files for the 64-bit Driver Driver Requirements IMPORTANT: You must have the Microsoft Data Access Components (MDAC) installed to use this product. * For 32-bit Windows systems, version 2.6 or higher is required. * For 64-bit Windows systems, version 2.8 or higher is required. Depending on the version of your Windows operating system, these components may already be installed. You can download a utility that determines whether MDAC is installed and its version from the following Microsoft site: http://msdn.microsoft.com/en-us/data/aa937730.aspx You can also download MDAC from the same site. Installation Directory * The default installation directory for the 32-bit driver on a 64-bit system is: C:\Program Files (86)\Progress\DataDirect\ODBC_80 * The default installation directory for all other installations is: C:\Program Files\Progress\DataDirect\ODBC_80 Changes Since 8.0.2 GA Certifications -------------- * Certified with Oracle 21c R1 (21.1) (driver version 08.02.2502 (B0920, U0675)) * Certified with Oracle 19c R1 (19.1) (driver version 08.02.2245 (B0498, U0347)) * Certified with Oracle Autonomous Transaction Processing Cloud 19c R1 (19.1*) (driver version 08.02.2245 (B0498, U0347)) * Certified with Windows Server 2019 Driver version 08.02.2200 (B0413, U0280) * Certified with Oracle 18c R3 (18.3) (driver version 08.02.2158 (B0380, U0258)) * Certified with Oracle Database Cloud Service 18c R1 (18.1) (driver version 08.02.2114 (B0330, U0219)) * Certified with Oracle 18c R1 (18.1) (driver version 08.02.2114 (B0330, U0219)) * Certified with Oracle Autonomous Data Warehouse Cloud 12c R2 (12.2) (driver version 08.02.2099 (B0294, U0194)) Support for Windows Certificate Store ------------------------------------- The driver has been enhanced to support the Windows certificate store for TLS/SSL server authentication. Refer to the user's guide for details. SSL Enhancement (1.1.1n) ------------------------ The default version of the OpenSSL library has been upgraded to version 1.1.1n, which fixes the following security vulnerabilities: * Infinite loop in BN_mod_sqrt() reachable when parsing certificates (CVE-2022-0778) * BN_mod_exp may produce incorrect results on MIPS (CVE-2021-4160) This upgrade is available in build 08.02.0216 of the following OpenSSL library files: ivtls28.dll (32-bit) and ddtls28.dll (64-bit). Version 1.1.1n also addresses vulnerabilities resolved by earlier versions of the library. For more information on OpenSSL vulnerabilities resolved by this upgrade, refer to the corresponding OpenSSL announcements at: https://www.openssl.org/news/vulnerabilities-1.1.1.html Note: By default, the driver will attempt to load version 1.1.1 of the library; however, if the library cannot be loaded, the driver will fall back to version 1.0.2. See "Designating an OpenSSL Library" in the "Notes, Known Issues, and Restrictions" section for more information. Support for TLS/SSL server authentication in a serverless environment --------------------------------------------------------------------- The driver has been enhanced to support TLS/SSL server authentication for the applications deployed in a serverless environment. The driver stores the TLS/SSL certificates in memory and lets applications use TLS/SSL server authentication without storing the truststore file on the disk. To use this enhancement, specify the content of the certificate in the refreshed Trust Store (Truststore) connection option or the new SQL_COPT_INMEMORY_TRUSTSTORECERT pre-connection attribute. Refer to the user's guide for details. curl Library Enhancement (7.80.0) --------------------------------- The curl library files that are installed with the product have been upgraded to version 7.80.0, which fixes a number of potential security vulnerabilities. For more information on the vulnerabilities resolved by this enhancement, refer to: https://curl.haxx.se/docs/vulnerabilities.html. This upgrade is available starting in build 08.02.0278 of the curl library files. Bind Params As Unicode Option ----------------------------- The driver has been enhanced with the new Bind Params As Unicode (BindParamsAsUnicode) option, which specifies whether the driver converts data in bind parameters from the SQL_CHAR, SQL_VARCHAR, and SQL_LONGVARCHAR ODBC data types to the SQL_WCHAR, SQL_WVARCHAR, and SQL_WLONGVARCHAR types when C type is set to SQL_C_WCHAR. When certain applications bind SQL_C_WCHAR data to a non-Unicode ODBC type, this behavior may result in the substitution of some characters. Enabling this option allows you to avoid character substitution by configuring the driver to use the corresponding Unicode ODBC type. See "Notes, Known Problems, and Restrictions" for more information. SSL Enhancement (1.1.1l) ------------------------ Note: OpenSSL library 1.1.1l has been replaced with version 1.1.1n. In addition to fixing multiple new vulnerabilities, version 1.1.1n also addresses the vulnerabilities resolved by version 1.1.1l. The default version of the OpenSSL library has been upgraded to version 1.1.1l, which fixes the following security vulnerabilities: * SM2 Decryption Buffer Overflow (CVE-2021-3711) * Read buffer overruns processing ASN.1 strings (CVE-2021-3712) This upgrade is available in build 08.02.0181 of the following OpenSSL library files: ivtls28.dll (32-bit) and ddtls28.dll (64-bit). BatchFailureReturnsError Option ------------------------------- The driver has been enhanced with the new BatchFailureReturnsError option, which determines the behavior of the driver when encountering an error in a parameter array insert with bulk load disabled. If set to 1 (enabled), the driver returns SQL_ERROR and rolls back the operation when encountering an error in any of the parameter sets. If set to 0 (Disabled), the driver returns SQL_ SUCCESS _WITH_INFO and commits the rows that were successfully inserted prior to encountering the error. curl Library Enhancement (7.75.0) --------------------------------- The curl library files that are installed with the product have been upgraded to version 7.75.0, which fixes a number of potential security vulnerabilities. For more information on the vulnerabilities resolved by this enhancement, refer to: https://curl.haxx.se/docs/vulnerabilities.html. This upgrade is available starting in build 08.02.0239 of the curl library files. SSL Enhancement (1.1.1k) ------------------------ Note: OpenSSL library 1.1.1k has been replaced with version 1.1.1l. In addition to fixing multiple new vulnerabilities, version 1.1.1l also addresses the vulnerabilities resolved by version 1.1.1k. The default version of the OpenSSL library has been upgraded to version 1.1.1k, which fixes the following security vulnerabilities: * CA certificate check bypass with X509_V_FLAG_X509_STRICT (CVE-2021-3450) * NULL pointer deref in signature_algorithms processing (CVE-2021-3449) * Null pointer deref in X509_issuer_and_serial_hash() (CVE-2021-23841) * Integer overflow in CipherUpdate (CVE-2021-23840) This upgrade is available in build 08.02.0162 of the following OpenSSL library files: ivtls28.dll (32-bit) and ddtls28.dll (64-bit). XA Interface Support -------------------- The driver has been enhanced to support distributed transactions. It implements the XA interface to enable support for distributed transactions. For details, refer to the user's guide. Documentation ------------- Any product package made available after February 9, 2021 will not include the HTML help system or user's guide PDF. The full documentation set, including these items, is available from the Progress Information Hub: https://docs.progress.com/category/datadirect-oracle While the product packages will not include these documentation items, the installation Help directory will provide an HTML redirect for direct access to the HTML help. Note that all Progress DataDirect for ODBC documentation has been migrated to the Progress Information Hub: https://docs.progress.com SSL Enhancement (1.1.1i) ------------------------ Note: OpenSSL library 1.1.1i has been replaced with version 1.1.1k. In addition to fixing multiple new vulnerabilities, version 1.1.1k also addresses the vulnerabilities resolved by version 1.1.1gi. The default version of the OpenSSL library has been upgraded to version 1.1.1i, which fixes the following security vulnerability: Incorrect behavior of the GENERAL_NAME_cmp function (CVE-2020-1971). This upgrade is available in build 08.02.0101 of the following OpenSSL library files: ivtls28.dll (32-bit) and ddtls28.dll (64-bit). Extended Connection Failover Support for the TNSNAMES.ORA File Connections -------------------------------------------------------------------------- The driver has been enhanced to support extended connection failover for the connections established using the TNSNAMES.ORA file. Refer to the user's guide for details. SSL Enhancement (1.1.1g) ------------------------ Note: OpenSSL library 1.1.1g has been replaced with version 1.1.1k. In addition to fixing multiple new vulnerabilities, version 1.1.1k also addresses the vulnerabilities resolved by version 1.1.1g. The default version of the OpenSSL library has been upgraded to version 1.1.1g, which fixes the following security vulnerabilities: * Segmentation fault in SSL_check_chain (CVE-2020-1967) * rsaz_512_sqr overflow bug on x86_64 (CVE-2019-1551) Timestamp Logging in Packet Logs -------------------------------- The drivers using base version B0649 and later have been enhanced to include timestamp in the internal packet logs by default. If you want to disable the timestamp logging in packet logs, set PacketLoggingOptions=1. The internal packet logging is not enabled by default. To enable it, set EnablePacketLogging=1. Oracle Wallet Password Store Support ------------------------------------ The driver has been enhanced to support Oracle Wallet Password Stores. When this feature is enabled, the driver retrieves database credentials from an Oracle Wallet to be used for authentication to the server. The driver has also been enhanced with the new Credentials Wallet Entry (CredentialsWalletEntry), Credentials Wallet Path (CredentialsWalletPath), Wallet Password (CredentialsWalletPassword) options, which allow you to configure this feature. Note: Oracle Wallet Password Store functionality requires the OpenSSL 1.1.1 library. Earlier versions of the library, including those installed with the driver, are not supported by the feature. LDAP Support ------------ The driver has been enhanced to support using connection information stored in an LDAP entry to establish a connection. You can configure the driver to use LDAP with the new LDAP Distinguished Name (LDAPDistinguishedName) option and refreshed Host (HostName) and Port Number (PortNumber) options. SSL Enhancement (1.0.2u) ------------------------ OpenSSL library 1.0.2r has been replaced with version 1.0.2u. In addition to fixing multiple new vulnerabilities, version 1.0.2u also addresses the vulnerabilities resolved by version 1.0.2r. Version 1.0.2u of the OpenSSL library fixes the following security vulnerabilities: * x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli (CVE-2019-1563) * Padding Oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey (CVE-2019-1563) * Compute ECC cofactors if not provided during EC_GROUP construction (CVE-2019-1547) * Installation paths in diverse Windows builds (CVE-2019-1552) Note: By default, the driver will attempt to load version 1.1.1 of the library; however, if the library cannot be loaded, the driver will fall back to version 1.0.2. curl Library Enhancement ------------------------- The curl library files that are installed with the product have been upgraded to version 7.66.0, which fixes a number of potential security vulnerabilities. For more information on the vulnerabilities resolved by this enhancement, refer to: https://curl.haxx.se/docs/vulnerabilities.html. This upgrade is available starting in build 08.02.0116 of the curl library files. Support for Oracle Connection Manager ------------------------------------- The driver has been enhanced to support connecting through Oracle Connection Manager using the TNSNAMES.ORA file. Refer to the user's guide for details. SSL Enhancement (1.1.1d) ------------------------ Note: OpenSSL library 1.1.1d has been replaced with version 1.1.1g. In addition to fixing multiple new vulnerabilities, version 1.1.1g also addresses the vulnerabilities resolved by version 1.1.1d. The default version of the OpenSSL library, 1.0.2r, has reached the end of its product life-cycle and has been upgraded to version 1.1.1d. In additon to recieving full update support, version 1.1.1d fixes the following security vulnerabilities: * Padding Oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey (CVE-2019-1563) * Windows builds with insecure path defaults (CVE-2019-1552) * Fork Protection (CVE-2019-1549) * ECDSA remote timing attack (CVE-2019-1547) * ChaCha20-Poly1305 with long nonces (CVE-2019-1543) * Timing vulnerability in ECDSA signature generation (CVE-2018-0735) This upgrade is available in the 1.1.1 version of the OpenSSL library files, ivtls28.dll (32-bit) and ddtls28.dll (64-bit). Note: By default, the driver will attempt to load version 1.1.1 of the library; however, if the library cannot be loaded, the driver will fall back to version 1.0.2. AllowedOpenSSLVersions ---------------------- Determines which version of the OpenSSL library file the driver uses for data encryption when multiple versions are installed with the product. For example, when specifying a value of 1.1.1 (AllowedOpenSSLVersions=1.1.1), the driver uses the 1.1.1 version of the library stored in the \drivers subdirectory. Refer to the user's guide for more information. See "Designating an OpenSSL Library" in the "Notes, Known Issues, and Restrictions" section for build numbers and a comparison of these libraries. Support for Windows Platforms ----------------------------- The following Windows platforms have reached the end of their product lifecycle and are no longer supported by the driver: * Windows 8.0 (versions 8.1 and higher are still supported) * Windows Vista (all versions) * Windows XP (all versions) * Windows Server 2003 (all versions) Statement Attributes Enhancement -------------------------------- The driver has been enhanced to support the following new statement attributes that allow you to override connection option settings for an individual statement: * SQL_ATTR_BULK_LOAD_ENABLED statement attribute overrides the EnableBulkLoad option * SQL_ATTR_IANA_APP_CODE_PAGE statement attribute overrides the IANAAppCodePage option Refer to the User's Guide for more information. SSL Enhancement (1.0.2r) ------------------------ Note: A newer version of the OpenSSL library, 1.1.1g, is now installed with the product. In addition to fixing multiple new vulnerabilities, version 1.1.1g also addresses the vulnerabilities resolved by version 1.0.2r. The default OpenSSL library version has been updated to 1.0.2r, which fixes the following security vulnerabilities: * 0-byte record padding oracle (CVE-2019-1559) * Microarchitecture timing vulnerability in ECC scalar multiplication (CVE-2018-5407) * Timing vulnerability in DSA signature generation (CVE-2018-0734) * Client DoS due to large DH parameter (CVE-2018-0732) * Cache timing vulnerability in RSA Key Generation (CVE-2018-0737) * Constructed ASN.1 types with a recursive definition could exceed the stack (CVE-2018-0739) This upgrade is available starting in build 08.02.0194 of the OpenSSL library file. HTTP Proxy Support ------------------ The driver has been enhanced to support connecting to a proxy server through an HTTP connection. HTTP proxy support is configurable with the new Proxy Host, Proxy Mode, Proxy Password, Proxy Port, and Proxy User connection options. Note: The HTTP proxy connections do not currently support SSL data encryption. Oracle Database Vault --------------------- Support has been added for Oracle Database Vault. Impersonation Support --------------------- The driver has been enhanced with the new Impersonate User connection option that allows you to specify the proxy user ID used for impersonation. The user ID specified using this option determines your permissions and identity when executing queries. Setting the Service Name/SID in the Server listener.ora File ------------------------------------------------------------ The driver has been enhanced to support using the default Service Name or SID specified in the server-side listener.ora file. Setting Array Size with SQL_ATTR_ROW_ARRAY_SIZE ----------------------------------------------- The setting of the Array Size option can now be overridden by specifying the number of rows to fetch using the SQL_ATTR_ROW_ARRAY_SIZE statement attribute. Oracle Database Exadata Cloud Service ------------------------------------- Support has been added for the Oracle Database Exadata Cloud Service. SSL Enhancement (1.0.2n) for All SSL-Enabled Drivers ---------------------------------------------------- Note: OpenSSL library 1.0.2n has been replaced with version 1.0.2u. In addition to fixing multiple new vulnerabilities, version 1.0.2u also addresses the vulnerabilities resolved by version 1.0.2n. Version 1.0.2n of the OpenSSL library fixes the following security vulnerabilities: * rsaz_1024_mul_avx2 overflow bug on x86_64(CVE-2017-3738) * Read/write after SSL object in error state (CVE-2017-3737) * bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736) * Malformed X.509 IPAddressFamily could cause OOB read (CVE-2017-3735) Changes for 8.0.2 GA Certifications -------------- * Certified with Oracle 12c R2 (12.2) (driver version 08.01.2067 (B0252, U0168)) * Certified with Windows Server 2016 (driver version 08.01.2047 (B0226, U0145)) Oracle Wallet ------------- Support for Oracle Wallet, including: * Oracle Wallet SSL Authentication * Using Oracle Wallet as a keystore or truststore for SSL data encryption. Oracle Internet Directory ------------------------- The driver has been enhanced to support using Oracle Internet Directory for LDAP Authentication. No additional driver configuration is required when authenticating with Oracle Internet Directory. Oracle Advanced Security ------------------------ The driver has been enhanced to support the following new data integrity algorithms for Oracle 12c and higher: SHA256, SHA384, SHA512. To use these algorithms, specify their values using the Data Integrity Types connection option and enable data integrity checks with the Data Integrity Level connection option. As a result of this enhancement, the default value for the Data Integrity Types connection option has changed to the following: MD5,SHA1,SHA256,SHA384,SHA512 Maximum Identifier Length ------------------------- The maximum supported length of identifiers has been increased to 128 bytes when connecting to Oracle 12c R2 (12.2) databases. SSL Enhancement (1.0.2k) ------------------------ Note: OpenSSL library 1.0.2k has been replaced with version 1.0.2u. In addition to fixing multiple new vulnerabilities, version 1.0.2u also addresses the vulnerabilities resolved by version 1.0.2k. The default OpenSSL library version has been updated to 1.0.2k, which fixes the following security vulnerabilities: * Truncated packet could crash via OOB read (CVE-2017-3731) * BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732) * Montgomery multiplication may produce incorrect results (CVE-2016-7055) Changes for 8.0.1 GA Oracle 12 and 12a Authentication Protocols ------------------------------------------ The driver now supports the Oracle 12 and 12a authentication protocols, which provide improved security. Visual Studio 2015 Upgrade -------------------------- The driver is now compiled using Visual Studio 2015 for improved security. SDU Size Connection Option -------------------------- The new SDU Size connection option allows you to specify the size in bytes of the Session Data Unit (SDU) that the driver requests when connecting to the server. Support Binary XML Connection Option ------------------------------------ The new Support Binary XML connection option enables the driver to support XMLType with binary storage on servers running Oracle 12c and higher. LOB Prefetch Size Connection Option ----------------------------------- The new LOB Prefetch Size connection option allows you to specify the size of prefetch data the driver returns for BLOBs and CLOBs for Oracle database versions 12.1.0.1 and higher. With LOB prefetch enabled, the driver can return LOB meta-data and the beginning of LOB data along with the LOB locator during a fetch operation. This can have significant performance impact, especially for smaller LOBs that can potentially be entirely prefetched, because the data is available without having to go through the LOB protocol. Implicit Result Sets -------------------- The driver now supports implicit result sets returned from stored procedures. SSL Enhancement (1.0.2j) ------------------------ Note: OpenSSL library 1.0.2j has been replaced with version 1.0.2u. In addition to fixing multiple new vulnerabilities, version 1.0.2u also addresses the vulnerabilities resolved by version 1.0.2j. The default OpenSSL library version has been updated to 1.0.2j, which fixes the the following security vulnerabilities: * "Missing CRL sanity check" (CVE-2016-7052) * "OCSP Status Request extension unbounded memory growth" (CVE-2016-6304) * "SWEET32 Mitigation" (CVE-2016-2183) * "OOB write in MDC2_Update()" (CVE-2016-6303) * "Malformed SHA512 ticket DoS" (CVE-2016-6302) * "OOB write in BN_bn2dec()" (CVE-2016-2182) * "OOB read in TS_OBJ_print_bio()" (CVE-2016-2180) * "Pointer arithmetic undefined behaviour" (CVE-2016-2177) * "Constant time flag not preserved in DSA signing" (CVE-2016-2178) * "DTLS buffered message DoS" (CVE-2016-2179) * "DTLS replay protection DoS" (CVE-2016-2181) * "Certificate message OOB reads" (CVE-2016-6306) Deprecated Enable N-CHAR Support Connection Option -------------------------------------------------- The Enable N-CHAR Support connection option has been deprecated, and the driver behavior has been updated to always provide support for the N-types NCHAR, NVARCHAR2 and NCLOB. For compatibility purposes, the EnableNcharSupport attribute will continue to be supported for this release, but it will be deprecated in subsequent versions of the product. Deprecated Enable Timestamp with Timezone Connection Option ----------------------------------------------------------- The Enable Timestamp with Timezone connection option has been deprecated, and the driver behavior has been updated to always expose timestamps with timezones to the application. For compatibility purposes, the EnableTimestampwithTimezone attribute will continue to be supported for this release, but it will be deprecated in subsequent versions of the product. Default Value for for the Data Integrity Level Connection Option ---------------------------------------------------------------- The default value for the Data Integrity Level connection option has been updated to 1 (Accepted). A data integrity check can now be made on data sent between the driver and the database server by default. Default Value for the Encryption Level Connection Option -------------------------------------------------------- The default value for the Encryption Level connection option has been updated to 1 (Accepted). By default, encryption is now used on data sent between the driver and the database server if the database server requests or requires it. Driver WorkAround Options Progress DataDirect has included non-standard connection options (workarounds) for the driver that enable you to take full advantage of packaged ODBC-enabled applications requiring non-standard or extended behavior. Refer to the chapter "WorkAround options" in THE PROGRESS DATADIRECT FOR ODBC DRIVERS REFERENCE for a description of these options. Notes, Known Issues, and Restrictions Character Limit of the Trust Store Field (Driver setup dialog) --------------------------------------------------------------- The Trust Store field on the Driver setup dialog supports content up to 8192 characters in length. For specifying certificate content longer than 8192 characters, edit the registry and manually add the entry to the DSN. Bind Params As Unicode Connection Option ---------------------------------------- GUI Name: Bind Params As Unicode Attribute: BindParamsAsUnicode (BPAU) Purpose: Specifies whether the driver converts data in bind parameters from the SQL_CHAR, SQL_VARCHAR and SQL_LONGVARCHAR ODBC data types to the SQL_WCHAR, SQL_WVARCHAR, and SQL_WLONGVARCHAR types when C type is set to SQL_C_WCHAR. When certain applications bind SQL_C_WCHAR data to a non-Unicode ODBC type, this behavior may result in the substitution of some characters. Enabling this option allows you to avoid character substitution by configuring the driver to use the corresponding Unicode ODBC type. Valid Values: 0 | 1 Behavior: If set to 1 (Enabled), the driver converts data bound to the SQL_CHAR, SQL_VARCHAR and SQL_LONGVARCHAR ODBC data types to the SQL_WCHAR, SQL_WVARCHAR, and SQL_WLONGVARCAR data types when C type is set to SQL_C_WCHAR. If set to 0 (Disabled), the driver does not convert data bound to the SQL_CHAR, SQL_VARCHAR and SQL_LONGVARCHAR data types. Default: 0 (Disabled) GUI Tab: Advanced Specifying values for the same connection option multiple times --------------------------------------------------------------- The driver does not support specifying values for the same connection option multiple times in a connection string or DSN. If a value is specified using the same attribute multiple times or using both long and short attributes, the connection may fail or the driver may not behave as intended. Designating an OpenSSL Library ------------------------------ Although version 1.1.1n of the OpenSSL library is the most secure version of the library, some characteristics of the library can cause connections to certain databases to fail. To allow you to continue using earlier versions until your environment is ready to migrate to version 1.1.1n, the product also installs earlier versions of the library. The following versions of the OpenSSL library have been installed with this product, listed in order of most secure to least secure: * (Default) 1.1.1n (file version 08.02.0216 of tls28.dll) * 1.0.2u (file version 08.02.0244 of ssl28.dll) When determining which version of the OpenSSL library to use, consider the following factors: For version 1.1.1n: Upgrading to 1.1.1n provides you with a fully supported version of the OpenSSL library that receives feature and security updates. Versions 1.0.2 and earlier have reached the end of their product lifecycle and will no longer receive public updates after 12/31/2019. Upgrading to 1.1.1n fixes the following vulnerabilities in additon to vulnerabilities resolved by earlier versions of the library: * Infinite loop in BN_mod_sqrt() reachable when parsing certificates (CVE-2022-0778) * BN_mod_exp may produce incorrect results on MIPS (CVE-2021-4160) * SM2 Decryption Buffer Overflow (CVE-2021-3711) * Read buffer overruns processing ASN.1 strings (CVE-2021-3712) * CA certificate check bypass with X509_V_FLAG_X509_STRICT (CVE-2021-3450) * NULL pointer deref in signature_algorithms processing (CVE-2021-3449) * Null pointer deref in X509_issuer_and_serial_hash() (CVE-2021-23841) * Integer overflow in CipherUpdate (CVE-2021-23840) * Incorrect behavior of the GENERAL_NAME_cmp function (CVE-2020-1971). * Segmentation fault in SSL_check_chain (CVE-2020-1967) * rsaz_512_sqr overflow bug on x86_64 (CVE-2019-1551) * Padding Oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey (CVE-2019-1563) * Windows builds with insecure path defaults (CVE-2019-1552) * Fork Protection (CVE-2019-1549) * ECDSA remote timing attack (CVE-2019-1547) * ChaCha20-Poly1305 with long nonces (CVE-2019-1543) * Timing vulnerability in ECDSA signature generation (CVE-2018-0735) Upgrading to version 1.1.1n includes the following risks: * The SSL v2 protocol is not supported. If your environment requires SSL v2, the driver will be unable to connect using this library. Refer to "Designating an OpenSSL library" in the User's Guide and Reference for instructions on using an earlier version of the OpenSSL library. For more information on the OpenSSL vulnerabilities mentioned in this section, refer to the corresponding OpenSSL announcements at https://www.openssl.org/. For Oracle 8 Server Users ------------------------- The driver uses the XA protocol support in Oracle 8 to provide distributed transaction support. For recovery to work correctly, you must grant appropriate privileges on any server that will participate in a distributed transaction. You must grant the SELECT privilege on SYS.DBA_PENDING_TRANSACTIONS to all users that will use MTS. Refer to the Oracle 8 documentation for details on using Oracle XA. 126 Error When Modifying Data Sources on Windows 10 --------------------------------------------------- You may receive a 126 error when adding or configuring a data source stored on a network location. This is caused by the settings of the User Account Control (UAC) security feature on Windows 10. To work around this issue: Important: Implementing this fix disables security safeguards that are designed to protect your machine. Before starting, refer to the following Microsoft documentation for potential risks associated with disabling the UAC feature: http://windows.microsoft.com/en-us/ windows/what-are-user-account-control-settings 1. From the Start menu, type regedit in the search field; then, select regedit from the results list. The Registry Editor window opens. 2. Navigate to the following registry subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System 3. Right-click on the subkey; then, select New > DWORD Value. 4. Rename the new value EnableLinkedConnections. 5. Right-click EnableLinkedConnections, and then click Modify. The Edit DWORD Value window opens. 6. In the Value data field, type 1. Click OK. 7. Close the Registry Editor; then, restart your computer. For SSL Users ------------- When trying to connect to a database using SSL encryption, you may receive an error message similar to: "PRNG not seeded". This is because certain versions of some operating systems do not generate truly random numbers necessary for encryption. For more information about this error and available patches, please refer to the Web site: http://www.openssl.org/support/faq.html#USER1 ODBC Development on Windows Platforms -------------------------------------- Please read the notices.txt file in the installation directory for licensing information regarding the ODBC Core Components. Contact your Progress DataDirect representative if you have any questions. SQLColAttribute(s) ------------------ The column attributes 1001 and 1002, which were assigned as DataDirect- specific attributes, were inadvertently used as system attributes by the Microsoft 3.0 ODBC implementation. Applications using those attributes must now use 1901 and 1902, respectively. SQL_C_NUMERIC ------------- Because of inconsistencies in the ODBC specification, users attempting to use SQL_C_NUMERIC parameters must set the precision and scale values of the corresponding structure and the descriptor fields in the Application Parameter Descriptor. For Developers Using IIS ------------------------ One of the most common connectivity issues encountered while using IIS (Microsoft's Internet Information Server) concerns the use and settings of the account permissions. If you encounter problems using DataDirect drivers with an IIS server, refer to KnowledgeBase document number 4274 on the Progress DataDirect web site: http://knowledgebase.datadirect.com. For Microsoft Access Users -------------------------- Some SQL implementations, such as PROGRESS, do not allow queries to contain the COUNT function without the DISTINCT set quantifier. For example, "SELECT COUNT(empid) FROM employees" is not a valid SQL query for PROGRESS. This type of query can be generated using Microsoft Access and results in an error. Documentation PROGRESS DATADIRECT FOR ODBC FOR ORACLE WIRE PROTOCOL DRIVER DOCUMENTATION SET ------------------------------------------------------------------------------ The driver documentation set is available from the Progress Information Hub: https://docs.progress.com/category/datadirect-oracle You can access the online help system directly via the HTML redirect in the installation Help directory. Uninstalling the Driver You can uninstall the product or individual drivers through the Uninstall DataDirect for ODBC 8.0 option in the DataDirect program group. Installed Files for 32-bit Driver This file list assumes a full installation of the driver and documentation. The installer copies the following file to the Windows system directory: ivtrc28.dll DataDirect trace library The installer copies the following files and subdirectories to the product installation directory, by default: For the 32-bit driver on 64-bit machines: C:\Program Files (86)\Progress\DataDirect\ODBC_80 For all other installations: C:\Program Files\Progress\DataDirect\ODBC_80 fixes.txt List of fixes since last release license.txt Progress DataDirect license agreement \drivers: ivcurl28.dll Library used for HTTP connections ivicu28.dll Unicode conversion tables ivldap28.dll Library for LDAP connections ivora28.dll Oracle Wire Protocol driver ivora28r.dll Oracle Wire Protocol driver resource file IVODBC.LIC DataDirect license file ivssl28.dll TLS/SSL support file (OpenSSL library file, version 1.0.2u) ivtls28.dll TLS/SSL support file (OpenSSL library file, version 1.1.1n) ivtrc28.dll DataDirect trace library qesqlext.h Header file for DataDirect-specific ODBC Definitions \drivers\OpenSSL: \1.0.2u\ivssl28.dll TLS/SSL support file (OpenSSL library file, version 1.0.2u) \latest\ivtls28.dll TLS/SSL support file (OpenSSL library file, version 1.1.1n) \help: *.html HTML redirects to online connector help systems and documentation resources \jre: *.* Files associated with the Oracle WP driver \NOTICES: ODBC for Oracle 8.0 NOTICES.TXT Third-party vendor license agreements \READMES: ODBC FOR Oracle 8.0 README.TXT This file \samples: \bulk\bulk.c Bulk example source \bulk\bulk.exe Bulk application \bulk\bulk.mak Bulk example make file \bulk\bulk.sln Bulk example solution file \bulk\bulk.vcproj Bulk example project file \bulkstrm\bulk.cpp Bulk streaming example source \bulkstrm\bulk.hpp Bulk streaming example header \bulkstrm\bulk.rc Bulk streaming example resource file \bulkstrm\bulkstreaming.sln Bulk streaming example solution file \bulkstrm\bulkstreaming.vcproj Bulk streaming example project file \bulkstrm\bulkstrm.exe Bulk streaming example application \bulkstrm\bulkstrm.txt Bulk streaming description \bulkstrm\msgprintf.hpp Bulk streaming example header file \bulkstrm\ProgressDataDirect.bmp \bulkstrm\ProgressDataDirect.ico \bulkstrm\winmain.cpp Bulk streaming example source file \example\example.c Example source \example\Example.exe Example application \example\example.h Example header \example\Example.mak Example make file \example\Example.sln Example solution file \example\Example.vcproj Example project file \example\example.txt Example description \TOOLS: ddextwin.exe License Extender utility ddprocinfo.exe Processor Information utility DSNConverterSIL.exe Data Source Converter utility XMLP.exe A GUI demo tool that persists a result set to an XML data file \UNINSTALL\*.* Files used to uninstall the product Installed Files for 64-bit Driver This file list assumes a full installation of all drivers and documentation. The installer copies the following file to the Windows system directory: ddtrc28.dll DataDirect trace library The installer copies the following files and subdirectories to the product installation directory, by default: C:\Program Files\Progress\DataDirect\ODBC_80\: fixes.txt List of fixes since last release license.txt Progress DataDirect license agreement \drivers: ddcurl28.dll Library used for HTTP connections ddicu28.dll Unicode conversion tables ddldap28.dll Library for LDAP connections ddora28.dll Oracle Wire Protocol driver ddora28r.dll Oracle Wire Protocol driver resource file DDODBC.LIC DataDirect license file ddssl28.dll TLS/SSL support file (OpenSSL library file, version 1.0.2u) ddtls28.dll TLS/SSL support file (OpenSSL library file, version 1.1.1n) qesqlext.h Header file for DataDirect-specific ODBC Definitions ddtrc28.dll DataDirect trace library \drivers\OpenSSL: 1.0.2u\ddssl28.dll TLS\SSL support file (OpenSSL library file, version 1.0.2u) latest\ddtls28.dll TLS\SSL support file (OpenSSL library file, version 1.1.1n) \help: *.html HTML redirects to online connector help systems and documentation resources \jre: *.* Files associated with the Oracle WP driver \NOTICES: ODBC for Oracle 8.0 NOTICES.TXT Third-party vendor license agreements \READMES: ODBC for Oracle 8.0 README.TXT This file \samples: \bulk\bulk.c Bulk example source \bulk\bulk.exe Bulk application \bulk\bulk.mak Bulk example make file \bulk\bulk.sln Bulk example solution file \bulk\bulk.vcproj Bulk example project file \bulkstrm\bulk.cpp Bulk streaming example source \bulkstrm\bulk.hpp Bulk streaming example header \bulkstrm\bulk.rc Bulk streaming example resource file \bulkstrm\bulkstreaming.sln Bulk streaming example solution file \bulkstrm\bulkstreaming.vcproj Bulk streaming example project file \bulkstrm\bulkstrm.exe Bulk streaming example application \bulkstrm\bulkstrm.txt Bulk streaming description \bulkstrm\msgprintf.hpp Bulk streaming example header file \bulkstrm\ProgressDataDirect.bmp \bulkstrm\ProgressDataDirect.ico \bulkstrm\winmain.cpp Bulk streaming example source file \example\example.c Example source \example\Example.exe Example application \example\example.h Example header \example\Example.mak Example make file \example\Example.sln Example solution file \example\Example.vcproj Example project file \example\example.txt Example description \TOOLS: ddextwin.exe License Extender utility ddprocinfo.exe Processor Information utility DSNConverterSIL.exe Data Source Converter utility XMLP.exe A GUI demo tool that persists a result set to an XML data file \UNINSTALL\*.* Files used to uninstall the product ~~~~~~~~~~~~~~~~~ May 10, 2022 End of README.TXT