1801 Varsity Drive
Raleigh, NC 27606-2072 USA
Phone: +1 919 754 3700
Phone: 888 733 4281
Fax: +1 919 754 3701
Error inserting audit rule for pid=13163
/etc/sysconfig/kernel, which would lead to an incorrect kernel being set as the default in future updates. This would cause boot failure. /etc/sysconfig/kernel now updates correctly.
grub.conf file, virt-v2v assumed it was an i686 guest. This resulted in a converted guest that did not boot. virt-v2v now assumes an AMD64 or Intel 64 default architecture instead of i686.
/etc/securetty file. Conversion without this file is now possible.
ControlSet001 was always the current control set, even if ControlSet001 had been marked as failed. The correct control set is now detected, and the VirtIO block driver installed in the correct location.
auto. This made libvirt unable to start the guest. Disk type is now set explicitly based on source metadata or other detection methods.
0, even though conversion failed. The correct values are now returned.
/boot/grub/device.map with converted block device names in certain circumstances. device.map now updates as expected.
C:\Temp directory because it created a C:\temp directory without checking for file names that used alternative cases. virt-v2v now checks for case-sensitive file names before creating an appropriate temporary directory.
-oa flag.
ovf:disk-interface field when converting for Red Hat Enterprise Virtualization. However, this produced an ovf file that was not intelligible to Red Hat Enterprise Virtualization Manager. The disk-interface is now populated with correct enum values (IDE, SCSI, or VirtIO), allowing Red Hat Enterprise Virtualization Manager to understand the ovf file.
sparse or raw. This combination is not supported when importing into a data center that uses block storage (fibre channel or iSCSI). virt-v2v can now convert storage format and allocation policy correctly. Additionally, customers can specify a format and allocation policy compatible with the target data center type by using the -of and -oa command line options.
Can't locate object method "can_handle" via package "Sys::VirtV2V::Converter::RedHat" at /usr/share/perl5/vendor_perl/Sys/VirtV2V/Converter.pm line 121.
/etc/virt-v2v.conf. If you see the following error message when attempting to convert a Windows XP guest:
virt-v2v: No app in config matches os='windows' name='virtio' major='5' minor='1' arch='i386'
/etc/virt-v2v.conf:
<app os='windows' major='5' minor='1' arch='i386' name='virtio'>
<path>/usr/share/virtio-win/drivers/i386/WinXP</path>
</app>
<app os='windows' major='5' minor='1' arch='x86_64' name='virtio'>
<path>/usr/share/virtio-win/drivers/amd64/WinXP</path>
</app>certmonger utility monitors certificate expiration and can refresh certificates with the CAs (Certifying Authorities) in networks that use public-key infrastructure (PKI).
certmonger service failed to contact a CA, the subprocess that submitted the request became defunct. This occurred because the parent process did not read the subprocess status. With this update, the parent process reads the subprocess status and there is no defunct process after a CA contact failure.
ipa-getcert command with privileges that were insufficient for the system bus to allow it to communicate with the certmonger service. With this update, certmonger suppresses the original error message if a user-friendly message is available. The user can display both messages with the -v option.
ipa-getcert list command did not return any output if certmonger was not tracking any certificates. With this update, the command returns a message that the certificate list is empty.
certmonger daemon could not execute some of its helper processes. The updated policy now allows certmonger to run these processes and the certmonger libraries create temporary files in a location that certmonger can access.
ipa-getcert request command with the -p option. This occurred because certmonger failed to detect reading errors in the file with the PIN and proceeded with an empty PIN value. With this update, such reading errors are logged and certmonger proceeded as if it had read an empty PIN value.
ipa-getcert command. As a consequence, the certmonger daemon runs its ipa-submit helper. The helper contacts the IPA server. Previously, if it received a fault message response from the server, it terminated with a segmentation fault and created a core dump; the installation failed. This happened because it attempted to dereference an uninitialized pointer while processing the fault message. With this update, the helper handles the fault message correctly and the enrollment process completes successfully.
getcert command with an invalid Extended Key Usage parameter caused a segmentation fault. This happened because the command attempted to dereference a NULL pointer while attempting to report that the parameter value was not a valid OID (Object Identifier). With this update, certmonger reports that the OID validation failed and prints a message that the provided Extended Key Usage is invalid.
resubmit command works as expected.
getcert tool terminated unexpectedly with a segmentation fault if the user issued the getcert start-tracking command with changed values of the parameters Extended Key Usage, DNS, Email and Principal name. The command caused a buffer overflow in the getcert tool because the internal buffer in the getcert command was too small to hold four new values. This update enlarges the internal buffer of the command and the bug no longer occurs.
ipa-getcert and getcert commands did not accept the location of a passphrase, which could provide the encrypted keying material and allow monitoring of an already-issued certificate or key pair. This update adds the -p and -P options to the getcert start-tracking command, which allows the user to pass the utility a PIN either in a file or directly.
ipa-getcert command. This update adds the --verbose option to the command.
mount error(5): Input/output error
bt: read error: kernel virtual address: ffffffffff600000 type: "gdb_readmem_callback"
bt: cannot resolve stack trace: #0 [c09f1ef4] ia32_sysenter_target at c08208ce
multipathd daemon a command consisting only of spaces, the daemon terminated unexpectedly with a segmentation fault. With this update, the daemon is able to handle such commands and no longer crashes in this circumstance.
mpathconf command, the process could have failed. This happened when the user ran the command without any additional arguments due to a conflict of the environment variable DISPLAY with the program variable DISPLAY. With this update, all variables are unset when the script is started and the DISPLAY program variable is renamed. The environment variable DISPLAY remains unchanged when the mpathconf is issued and the command works as expected.
path_checker function to determine the path state in such cases and the problem no longer occurs.
tgt_node_name value for iSCI devices. This occurred because multipath used the FC (Fibre Channel) path from the sysfs file system to obtain tgt_node_name for iSCI devices. With this update, multipath first tries to acquire the FC path. If it fails, it uses the iSCI target name for the device.
dev_loss_tmo to a value greater than 600 in multipath.conf without setting the fast_io_fail_tmo value, the multipathd daemon failed to apply the setting. With this update, the multipathd daemon sets dev_loss_tmo for values over 600 correctly, as long as fast_io_fail_tmo is also set in the /etc/multipath.conf file.
multipath.conf file contained parameters with no value. This occurred because it was trying to acquire the string length of an optional value before verifying that a value was actually defined. With this update, multipathd first checks if the value exists and the bug is fixed.
multipathd to fail all outstanding input/output. DM-Multipath now has a new default configuration for EMC Symmetrix arrays that queues input/output for up to 30 seconds if all paths are down and the problem no longer occurs.
multipathd daemon consumed excessive memory when iSCI devices were unloaded and reloaded. This occurred because the daemon was caching unnecessary sysfs data, which caused memory leaks. With this update, multipathd no longer caches these data; it frees the data when the associated device is removed.
sysfs device file is removed and the sysdev path attribute is set to NULL. The sysfs device cache is indexed by the actual sysfs directory, and /sys/block/pathname is a symlink. Prior to this update, if the path was deleted, multipathd was not able to find the actual directory, which /sys/block/pathname pointed to, and searched the cache. With this update, multipathd verifies that sysdev has NULL value before updating it.
multipathd daemon did not always remove the path sysfs device from its cache. The daemon kept searching the cache for the device and created sysfs devices without the vecs lock held. Because of this, paths could have pointed to invalid sysfs devices and caused multipathd to crash. The multipathd daemon now always removes the sysfs device from cache when deleting a path and accesses the cache only with the vecs lock held.
log_checker_err option was added to the multipath.conf defaults section. By default, the option is set to always and a path checker error is logged continuously. If set to once, multipathd logs a path checker error once at logging level 2. Any later errors are logged at level 3 until the device is restored.
defaults section of the multipath.conf man page implied that the settings defined in the section became default and overrode the implied settings. Since the HWTABLE cannot be overridden, the wording of the man page has been changed.
multipath.conf file. With this update, multipath prints warning messages that inform the user that the configuration files contains invalid or duplicate options and the bug is fixed.
initramfs file system was not rebuilt when a new storage device was added to the system, the new device could have been assigned a user_friendly_names value that matched the user_friendly_names value already-assigned to another device. This device then stopped working correctly. The multipathd daemon now accepts a -B option, which makes the user_friendly_names bindings file read-only. When initramfs calls multipath with the -B option, devices without a binding to a user_friendly_names use their World Wide Identifier (WWID).
multipathd deamon printed add map messages whenever it received a change uevent. In order not to clutter logs, multipathd now only prints add map messages for the change uevents of the devices that are not yet monitored.
6 by default.
multipathd daemon could have terminated unexpectedly with a segmentation fault on a multipath device with the path_grouping_policy option set to the group_by_prio value. This occurred when a device path came online after another device path failed because the multipath daemon did not manage to remove the restored path correctly. With this update multipath removes and restores such paths correctly.
initramfs generator infrastructure based around udev. The initramfs is loaded together with the kernel at boot time and initializes the system, so it can read and boot from the root partition.
mkinitrd alone does not override an existing initramfs image. When this is attempted, the message stated that the --force parameter should be used, but mkinitrd only supported the short version -f of this parameter. --force was added to mkinitrd as the long version.
noiswmd or rd_NO_MDIMSM parameters specified.
/etc/multipath/bindings. multipath uses this file in initramfs when creating devices during early boot, and in the root file system during normal operation. These files were not synchronized during initramfs creation, which resulted in naming conflicts that prevented new multipath devices from being created after boot. To work around this, the bindings for the devices in /etc/multipath/bindings must be included in the initramfs. This can be done by running dracut -f.
/etc/multipath directory to the initramfs.
ip=ibft parameter is specified on the kernel command line.
initramfs, if the host on which it was running had no multipath root device. multipath support is now added to the initramfs unconditionally.
initramfs did not exclude those volumes and kept them busy. The udev rules in the initramfs were updated to honor the DM_UDEV_DISABLE_OTHER_RULES_FLAG, which fixes this issue.
initramfs, which resulted in all encrypted devices not being activated. The missing checksum files have been replaced, and this issue no longer occurs. Note however that the dracut-fips must be installed at initramfs creation time.
initramfs with user_friendly_names set, if it did not find existing mappings in /etc/multipath/bindings, it created new mappings. These mappings could conflict with the user_friendly_names set in the normal filesystem's /etc/multipath/bindings file. dracut now starts the multipathd daemon with the new -B option so that multipath treats the initial bindings file as read-only.
USE_BIOSDEVNAME variable in the parse-biosdevname.sh script was not initialized correctly, which caused an unexpected operator error. This issue was discovered and corrected during development, and did not occur in any production system in the field.
-l or --local parameter, or set the dracut base directory via the dracutbasedir environment variable, dracut wrote its log to /tmp/dracut.log, which could possibly allow local users to overwrite arbitrary files that were writable to the user running dracut, via a symlink attack. dracut now stores the logfile in $HOME/dracut.log, when in -l or --local mode, if /var/log/dracut.log is not writeable.
/var/log/dracut.log file was not created automatically, preventing dracut from writing its logs. dracut now creates its log files if they do not exist.
boot parameter did not work when the machine was booted in FIPS mode, resulting in numerous mount errors, failed FIPS integrity tests, and dracut refusing to continue. This issue has been corrected, and the boot parameter can now be used to specify a boot device, as expected.
/boot must reside on a non-encrypted, plain (no LVM or RAID) partition, which can be specified with boot=<boot partition> as a boot option on the kernel command line.
fips.sh script did not wait for the boot drive to be created, which resulted in an error because the file system type did not exist yet. This has been corrected, and the script now waits for the boot drive to be identified.
fcoe=edd:nodcb or fcoe=edd:dcb is specified on the kernel command line. ifname= is not needed in this case.
rdinsmodpost=[module], which allows a user to specify a kernel module to be loaded after all device drivers are loaded automatically.
initramfs, adding support for FIPS-140.
Error: no partition information on disk [device]. Cowardly refusing to create a boot option.
libgnomevfs-WARNING **: Deprecated function. User modifications to the MIME database are no longer supported.
strstr() and memmem() functions did not handle certain periodic patterns correctly and could find a false positive match. This error has been fixed, and both functions now work as expected.
sqrtl, sometimes returned an incorrect result if the relative magnitude difference between the high and low halves of the long double exceeded a certain number. This occurred because one of the variables used in the calculation was an unsigned integer. The integer is now signed and the function works correctly.
futex(FUTEX_WAKE_OP) method did not default to futex(FUTEX_WAKE) when FUTEX_WAKE_OP was not supported by the kernel. This resulted in the method always failing on these systems. The code change in glibc pthread_cond_signal() that caused this issue has now been corrected.
%_enable_debug_packages was either not set, or set to 0. This has been corrected so that debug packages need not be set or enabled in order to build the glibc RPM.
strchr did not handle its second parameter correctly when %rdi was aligned to a 16-byte boundary and glibc was enabled for multiple architectures on AMD64 or Intel 64 systems with CPUs that supported Supplemental Streaming SIMD Extension (SSE) 4.2. The method would therefore output incorrect results. This has been corrected, and strchr now gives the expected output.
hwcap 1 nosegneg was set in /etc/ld.so.conf.d/nosegneg.conf, causing the incorrect library to be used. This has been corrected so that the nosegneg libraries are loaded.
sysconf(_SC_*CACHE) method returned 0 for all caches on systems with Intel Xeon processors. This occurred because glibc used cpuid leaf 2 rather than cpuid leaf 4. This update uses cpuid leaf 4 where possible, resolving this issue.
strncmp method failed with a segmentation fault when used with Supplemental Streaming SIMD Extension 4 (SSE4). Several checks have been implemented to prevent this.
memcpy(), strcasecmp(), strnlen(), strcasestr() and strncasestr().
memset operation.
=~ operators and the strings were thus matched as literal strings. However, they should be matched as regular expressions. With this update, the quotes were dropped and the strings are matched as regular expressions as expected.
/dev/rtc device even if it did not exist. With this update, initscripts verifies if the /dev/rtc device exists before attempting to run the hwclock tool.
ifdown command could have failed to stop an NIC (Network Interface Controller) with a warning that the connection was unknown. This happened because, in some cases, the function, which verifies whether the NIC is managed by NetworkManager, returned an incorrect result. With this update, the function returns the correct result and the ifdown command stops the NIC correctly.
/ directory, the system could have failed to remount the root directory as a read-only file system on shutdown. This occurred because the script attempted to remount the defined bind mount instead of the root directory. With this update, the root directory is remounted successfully.
tty.conf and serial.conf files have been modified to have the login shell stopped when changing to runlevels S and the problem no longer occurs.
tty.conf file contained a comment with a typographical mistake ("sepcified"). With this update, the word is spelled correctly ("specified").
0. With this update, this tag value is allowed.
/etc/sysconfig/clock file did not document where the user can configure whether the hwclock tool should be using the local time or UTC (Coordinated Universal Time). This update adds comments documenting the setting location into the sysconfig.txt file.
/etc/ppp/ipv6-up and /etc/ppp/ip-up.ipv6to4 scripts used the incorrect alias ipv6_exec_ip and failed to bring up the routes. This update modifies the scripts so that they uses the ip command and the routes are now brought up as expected.
DEVICETYPE variable was calculated incorrectly. This happened because the calculation preserved the period (.) sign in the device name. This could have caused failure of the ifup-ib and ifdown-ib scripts. With this update, DEVICETYPE is resolved correctly.
kdump service is disabled in runlevel 1, the script freed the memory reserved for kdump. After the user changed from runlevel 1 to runlevel 3, which has kdump enabled, the system had set reserved memory size to 0 and kdump failed to start up. With this update, the kexec-disable job is no longer run in runlevel 1.
shmmax (maximum size of a shared memory segment) and shmall (maximum size of the total shared memory) values. However, the values vary depending on the system architecture. This update provides the settings of these values for various architectures.
#) signs, which were forbidden in such names. With this update, interface names can contain hash (#) signs and the problem no longer occurs.
.) signs used by the sysctl device, which were delimiting the paths, and the period (.) signs used by VLANs, which were delimiting IDs. This caused that all sysctl calls to the VLAN interfaces failed. With this update, when calling a sysctl device, initscripts substitutes the periods in its name with forward slash (/) signs and the sysctl calls to a VLAN interface succeed.
MASTER in double quotes (for example, as "bond0"). With this update, the respective scripts have been adapted to parse the value definition correctly even if double-quoted.
ifdown command could have failed to stop a bridge device with a warning that the connection was unknown. This happened because the function, which verified whether the device is managed by NetworkManager, returned an incorrect result. With this update, the function returns a correct result and the ifdown command stops the bridge device correctly.
eth prefix followed by digits. If the user provided a name, which did not follow these requirements, the interface could not be started or stopped. With this update, the user can provide a custom name and the interface can be operated correctly.
/etc/mdadm.conf file existed and could have failed if mdadm was not installed. With this update, the script first verifies if the mdadm tool is installed and only then runs its binary.
brcm_iscsiuio usage message displayed in response to the brcm_iscsiuio --help command contained two unsupported options: --foreground and --pid. The man page omitted five supported options: --debug, --help, -h, -p and --version. The unsupported options have been removed from the usage message, and all supported options have been added to the brcm_iscsiuio man page.
iscsiadm usage message displayed in response to the iscsiadm --help command omitted 24 supported options. Additionally, the iscsiadm man page omitted one supported option (--host) and contained one unsupported option (--info). These errors have now been corrected.
--portal argument when in "node" mode. This resulted in failure, because iscsiadm expected the value returned during discovery as the value for --portal. iscsiadm now attempts to match a host name to the IP address returned during discovery, so this issue no longer occurs.
b43 driver in the Linux kernel. If a system had an active wireless interface that uses the b43 driver, an attacker able to send a specially-crafted frame to that interface could cause a denial of service. (CVE-2011-3359, Moderate)
tpm_read() could allow a local, unprivileged user to read the results of a previously run TPM command. (CVE-2011-1162, Low)
perf tool, a part of the Linux kernel's Performance Events implementation, could load its configuration file from the current working directory. If a local user with access to the perf tool were tricked into running perf in a directory that contains a specially-crafted configuration file, it could cause perf to overwrite arbitrary files and directories accessible to that user. (CVE-2011-2905, Low)
AGPGART driver implementation when handling certain IOCTL commands could allow a local user to cause a denial of service or escalate their privileges. (CVE-2011-1745, CVE-2011-2022, Important)
agp_allocate_memory() could allow a local user to cause a denial of service or escalate their privileges. (CVE-2011-1746, Important)
skb_gro_header_slow() in the Linux kernel could lead to GRO (Generic Receive Offload) fields being left in an inconsistent state. An attacker on the local network could use this flaw to trigger a denial of service. GRO is enabled by default in all network drivers that support it. (CVE-2011-2723, Moderate)
PERF_COUNT_SW_CPU_CLOCK counter overflow. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2011-2918, Moderate)
tpacket_rcv() and packet_recvmsg() functions in the Linux kernel. A local, unprivileged user could use these flaws to leak information to user-space. (CVE-2011-2898, Low)
ibmvscsi driver to reset its CRQ, re-registering the CRQ returned H_CLOSED, indicating that the Virtual I/O Server was not ready to receive commands. As a consequence, the ibmvscsi driver offlined the adapter and did not recover. With this update, the interrupt is re-enabled after the reset so that when the Virtual I/O server is ready and sends a CRQ init, it is able to receive it and resume initialization of the VSCSI adapter.
vmcore file after triggering a crash on POWER7 systems with Dynamic DMA Windows enabled. This update provides a number of fixes that address this issue.
mark_tech_preview() function, which would cause kernel lock debugging to be disabled by the add_taint() function. However, the NFS and CIFS modules depend on the FS-Cache module so using either NFS or CIFS would cause the FS-Cache module to be loaded and the kernel tainted. With this update, FS-Cache only taints the kernel when a cache is brought online (for instance by starting the cachefilesd service) and, additionally, the add_taint() function has been modified so that it does not disable lock debugging for informational-only taints.
FSFREEZE ioctl() command to freeze an ext4 file system and mmap I/O operations would result in a deadlock if these two operations ran simultaneously. This update provides a number of patches to address this issue, and a deadlock no longer occurs in the previously-described scenario.
LBA > 0xffffffff & cdb_len < 16 condition, then converts the CDB from the OS to a 16 byte CDB, before firing it as a FastPath I/O operation.
vcpus > 1) during the installation. As soon the installation started after booting from ISO, a blue screen with the following error occurred:
A problem has been detected and windows has been shut down to prevent damage to your computer.
[bnx2x_extract_max_cfg:1079(eth11)]Illegal configuration detected for Max BW - using 100 instead
bnx2x interfaces in the multi-function mode which were not used and had no link, thus, not indicating any actual problems with connectivity. With this update, the message has been removed and no longer appears in kernel log files.
inet6_sk_generic() function was using the obj_size variable to compute the address of its inner structure, causing memory corruption. With this update, the sk_alloc_size() is called every time there is a request for allocation, and memory corruption no longer occurs.
CAP_NET_ADMIN capability, to cause a denial of service or escalate their privileges on systems that have an active wireless interface. (CVE-2011-2517, Important)
napi_reuse_skb() to be called on VLAN packets. An attacker on the local network could use this flaw to send crafted packets to a target, possibly causing a denial of service. (CVE-2011-1576, Moderate)
next_pidmap() could allow a local, unprivileged user to cause a denial of service. (CVE-2011-1593, Moderate)
ksm/ksmtuned services. (CVE-2011-2183, Moderate)
inet_diag_bc_audit() could allow a local, unprivileged user to cause a denial of service. (CVE-2011-2213, Moderate)
fallocate() request, it could result in a denial of service. Setting quotas to prevent users from using all available disk space would prevent exploitation of this flaw. (CVE-2011-2689, Moderate)
sigqueueinfo system call, with si_code set to SI_TKILL and with spoofed process and user IDs, to other processes. This flaw does not allow existing permission checks to be bypassed; signals can only be sent if your privileges allow you to already do so. (CVE-2011-1182, Low)
/proc/[PID]/io is world-readable by default. Previously, these files could be read without any further restrictions. A local, unprivileged user could read these files, belonging to other, possibly privileged processes to gather confidential information, such as the length of a password used in a process. (CVE-2011-2495, Low)
UNCHECKED NFS CREATE call when an open system call was attempted with the O_EXCL|O_CREAT flag combination. An EXCLUSIVE NFS CREATE call should have been used instead to ensure that O_EXCL semantics were preserved. As a result, an application could be led to believe that it had created the file when it was in fact created by another application.
ehea driver caused a kernel oops during a memory hotplug if the ports were not up. With this update, the waitqueues are initialized during the port probe operation, instead of during the port open operation.
be2net cards firmware may not recognize certain commands and return illegal/unsupported errors, causing confusing error messages to appear in the logs. With this update, the driver handles these errors gracefully and does not log them.
be2net driver to work in a kdump environment. It clears an interrupt bit (in the card) that may be set while the driver is probed by the kdump kernel after a crash.
hpsa driver has been updated to provide a fix for hpsa driver kdump failures.
CONFIG_XEN_MAX_DOMAIN_MEMORY=128.
do_wp_page function to reuse the wrprotected page before PageKsm would be set in page->mapping. With this update, a new version of the original fix was introduced, thus fixing this issue.
gfs2_grow, the file system became unresponsive. This was due to the log not getting flushed when a node dropped its rindex glock so that another node could grow the file system. If the log did not get flushed, GFS2 could corrupt the sd_log_le_rg list, ultimately causing a hang. With this update, a log flush is forced when the rindex glock is invalidated; gfs2_grow completes as expected and the file system remains accessible.
md driver would enter an infinite resync loop thinking there was a spare disk available, when, in fact, there was none. This update adds an additional check to detect the previously mentioned situation; thus, fixing this issue.
Rx checksum offloading. These bugs caused a data corruption transferred over r8169 NIC when Rx checksum offloading was enabled.
pvclock.h function was missing an output constraint for EDX which caused a register corruption to appear. As a result, Red Hat Enterprise Linux 3.8 and Red Hat Enterprise Linux 3.9 KVM guests with a Red Hat Enterprise Linux 6.1 KVM host kernel exhibited time inconsistencies. With this update, the underlying source code has been modified to address this issue, and time runs as expected on the aforementioned systems.
be2net driver was using the BE3 chipset in legacy mode. This update enables this chipset to work in a native mode, making it possible to use all 4 ports on a 4-port integrated NIC.
ipip_init() function in the ipip module, and in the ipgre_init() function in the ip_gre module, could be called before network namespaces setup is complete. If packets were received at the time the ipip or ip_gre module was still being loaded into the kernel, it could cause a denial of service. (CVE-2011-1767, CVE-2011-1768, Moderate)
mmap() call with the MAP_PRIVATE flag on /dev/zero would create transparent hugepages and trigger a certain robustness check. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2011-2479, Moderate)
lost+found directory on a file system with inodes of size greater than 128 bytes and reusing inode 11 for a different file caused the extended attributes for inode 11 (which were set before a umount operation) to not be saved after a file system remount. As a result, the extended attributes were lost after the remount. With this update, inodes store their extended attributes under all circumstances.
dinode's i_nlink value to assure inode operations such as link, unlink, or rename no longer cause the aforementioned problems.
cgroupfs file system due to the way security checks were applied to the new cgroupfs inodes during the mount operation. With this update, the security checks applied during the mount operation have been changed so that they always succeed, and the cgroupfs file system can now be successfully mounted and used with the MLS SELinux policy. This issue did not affect systems which used the default targeted policy.
mpt2sas driver could occur on an IBM system using a drive with SMART (Self-Monitoring, Analysis and Reporting Technology) issues. This was because the driver was sending an SEP request while the kernel was in the interrupt context, causing the driver to enter the sleep state. With this update, a fake event is not executed from the interrupt context, assuring the SEP request is properly issued.
queue_mapping value was not properly decremented because the VLAN devices called the physical devices via the ndo_select_queue method. This update removes the multiqueue functionality, resolving this issue.
netif_set_real_num_tx_queues() function which prevented an increment of the real number of TX queues (the real_num_tx_queues value). This update adds the missing code; thus, resolving this issue.
scan_dispatch_log function to ensure the dispatch log has been allocated.
__cache_alloc() function, the ac variable could be changed after cache_alloc_refill() and the following kmemleak_erase() function could receive an incorrect pointer, causing kernel panic. With this update, the ac variable is updated after the cache_alloc_refill() unconditionally.
isr_ack variable), a virtual guest could become unresponsive when migrated while being rebooted. With this update, the said variable is properly initialized, and virtual guests no longer hang in the aforementioned scenario.
intel_iommu=on boot option. With this update, the underlying source code of the intel-iommu driver has been modified to resolve both of these problems. A forced flush is now used to avoid the lazy use after free issue, and extra checks have been added to avoid the erroneous reference removal.
mmap system call on the AMD64 architecture could return a pointer which appeared to be of value negative even though pointers are normally of unsigned values. This resulted in the success field being incorrect. This patch fixes the success field for all system calls on all architectures.
prot->obj_size pointer had to be adjusted in the proto_register function. Prior to this update, the adjustment was done only if the alloc_slab parameter of the proto_register function was not 0. When the alloc_slab parameter was 0, drivers performed allocations themselves using sk_alloc and as the allocated memory was lower than needed, a memory corruption could occur. With this update, the underlying source code has been modified to address this issue, and a memory corruption no longer occurs.
/proc/diskstats file showed erroneous values. This occurred when the kernel merged two I/O operations for adjacent sectors which were located on different disk partitions. Two merge requests were submitted for the adjacent sectors, the first request for the second partition and the second request for the first partition, which was then merged to the first request. The first submission of the merge request incremented the in_flight value for the second partition. However, at the completion of the merge request, the in_flight value of a different partition (the first one) was decremented. This resulted in the erroneous values displayed in the /proc/diskstats file. With this update, the merging of two I/O operations which are located on different disk partitions has been fixed and works as expected.
kprobe (a dynamic instrumentation system), and enhances the performance of SystemTap.
setup_arg_pages() in the Linux kernel. When making the size of the argument and environment area on the stack very large, it could trigger a BUG_ON(), resulting in a local denial of service. (CVE-2010-3858, Moderate)
bcm_release() and raw_release() functions in the Linux kernel's Controller Area Network (CAN) implementation. This could allow a local, unprivileged user to cause a denial of service. (CVE-2011-1598, CVE-2011-1748, Moderate)
cifs_close() function in the Linux kernel's Common Internet File System (CIFS) implementation. A local, unprivileged user with write access to a CIFS file system could use this flaw to cause a denial of service. (CVE-2011-1771, Moderate)
bna driver, specifically:
bna driver control path state machine and firmware did not receive a notification of the crash, and, as a result, were not shut down cleanly.
ixgbe driver to use the kernel's generic routine to set and obtain the DCB (Data Center Bridging) priority. Without this fix, applications could not properly query the DCB priority.
%p format specifier (which is used to show the memory address value of a pointer).
bfa driver) has been upgraded to version 2.3.2.4. Additionally, this update provides the following two fixes:
release_firmware() function not being called after the request_firmware() function. Similarly, the firmware download interface has been fixed and now works as expected.
bfa I/O control state machine and firmware did not receive a notification of the crash, and, as a result, were not shut down cleanly.
0 to /proc/sys/fs/leases-enable (ideally on boot, before the nfs server is started). This change prevents NFSv4 delegations from being given out, restoring correctness at the expense of some performance.
disk = [ 'file:/var/lib/xen/images/rhel6-guest.dsk,hda,w', ]
disk = [ 'tap:aio:/var/lib/xen/images/rhel6-guest.dsk,hda,w', ]
NMI watchdog disabled for cpu1: unable to create perf event: -2
JBD: Spotted dirty metadata buffer (dev = sda10, blocknr = 17635). There's a risk of filesystem corruption in case of system crash.
ACPI Error: Illegal I/O port address/length above 64K: 0x0000000000400020/4 (20090903/hwvalid-154) ACPI Exception: AE_LIMIT, Returned by Handler for [SystemIO] (20090903/evregion-424) ACPI Error (psparse-0537): Method parse/execution failed [\_GPE._L09] (Node ffff8800797cd298), AE_LIMIT ACPI Exception: AE_LIMIT, while evaluating GPE method [_L09] (20090903/evgpe-568)
Unable to handle kernel paging request for data at address 0x00000468 Oops: Kernel access of bad area, sig: 11 [#1]
NMI: IOCK error (debug interrupt?)
perf subsystem's trace command has been replaced with the script command. Users should now use the script command.
kexec fastboot mechanism allows booting a Linux kernel from the context of an already running kernel. The kexec-tools package provides the /sbin/kexec binary and ancillary utilities that form the user-space component of the kernel's kexec feature.
kdump crash recovery service allows users to specify a raw device (that is, a raw disk or partition) as a target location for core dumps. Previously, when a kernel crash occurred and a core dump was written to such a raw device, kdump was unable to retrieve it after a reboot. With this update, the corresponding init script has been updated to search the configured raw device for the presence of a core dump upon the service startup. Now, when the kdump service is started and a core dump is found on the raw device, the init script retrieves it and creates a proper vmcore file in a local file system.
kdump.conf(5) manual page did not provide a description of the blacklist directive. This update corrects this error, and the blacklist directive is now included in the “OPTIONS” section of the kdump.conf(5) manual page as expected.
kdump crash recovery service were presented to a user in the original English version. This update corrects this error, and the Kdump section of the firstboot application no longer contains untranslated strings.
/etc/modprobe.d/modprobe.conf file caused the utility to stop responding. With this update, this error no longer occurs, and mkdumprd now works as expected.
kdump service did not take into account the value of the path option in the /etc/kdump.conf configuration file, and always saved the vmcore file to the /var/crash/ directory. This update adapts the corresponding init script to ensure that kdump uses the directory specified in the configuration.
/usr/sbin/ directory.
kdump service to store core dumps over a network on a system that used channel bonding or bridging caused the mkdumprd utility to display the following error message on the service startup:
Netmask is missed!
kdump crash recovery service is unable to operate in Xen environment. With this update, an attempt to start kdump in such an environment fails with the “Kdump is not supported on this kernel” message.
/etc/kdump.conf configuration file contains the following line:
#core_collector cp --sparse=always
/bin/cp in the initial RAM disk (that is, by using the extra_bins directive) would cause the kdump crash recovery service to fail. This update corrects this error, and the above line is now followed by #extra_bins /bin/cp.
ml_IN language code), certain keyboard shortcuts on the Kdump screen did not work. This update corrects the Malayalam translation of the firstboot application, and all shortcuts can now be used as expected.
ml_IN language code), the first paragraph on the Kdump screen contained an incorrect string. This update adapts the Malayalam translation of the firstboot application, and the Kdump screen is now translated correctly.
kdump service on a system with a large amount of memory (that is, 1TB and more) caused kdump to terminate unexpectedly with a segmentation fault. With this update, the underlying source code has been adapted to address this issue, and kdump no longer crashes
kdump may have failed to resolve an IP address when storing a core dump to a remote server. This update corrects this error, and kdump no longer fails.
kdump crash recovery service failed to start on IBM System x3850 X5 machines. This update applies an upstream patch that extends the size of kcore ELF headers. Now, kdump can be started on such machines as expected.
kdump service to store core dumps to a remote machine over the SSH protocol and changing the core collector to cp caused it to name core dump files vmcore.flat, even when the SCP (Secure Copy) protocol was used. This update corrects this error, and kdump now only uses the .flat file extension when the makedumpfile utility is used as the core collector.
kdump, the screen of the firstboot application incorrectly displayed the Enable kdump? check box as selected, but did not allow a user to change it. This error has been fixed, and the Enable kdump? check box is no longer displayed when the kdump service cannot be configured.
Insufficient memory to configure kdump!
kdump is not running before displaying this message.
initrd). This update adapts mkdumprd to use the /boot/ directory in this case. As a result, mounting the root partition as a read-only file system no longer renders mkdumprd unable to create an initial RAM disk.
kdump crash recovery service unable to recognize the disk drive. This update adapts the mkdumprd utility to ignore disk drive firmware revisions, and kdump now works as expected.
hpsa and cciss drivers, kdump is unable to save core dumps to certain HP Smart Array Controllers that use these drivers. This update ensures that the kdump service is disabled on such controllers.
crashkernel kernel parameter (such as crashkernel=4G-:256M) caused the firstboot application to terminate unexpectedly during the configuration of kdump. This update applies a patch to address this issue, and firstboot no longer crashes.
ru_RU language code) of the firstboot application, the first paragraph on the Kdump screen incorrectly contained the — string. This update corrects this error, and the Kdump section of the firstboot application is now translated correctly.
makedumpfile -V command caused the makedumpfile utility to terminate unexpectedly with a segmentation fault. This update applies an upstream patch that removes -V from the list of supported command line options, and running the above command no longer causes makedumpfile to crash.
kdump service to store core dumps to a raw device caused it to display a message similar to the following when a kernel crash occurred:
kill: cannot kill pid 887: No such process
kdump no longer display the above error message upon a kernel crash.
kdump service recovers the dump file at next startup. Previously, an attempt to use this configuration without the core_collector option specified in the configuration file caused kdump to fail to recover the core dump. With this update, the underlying source code has been adapted to use the makedumpfile utility by default, and kdump is now able to recover core dumps as expected.
kdump crash recovery service, a dialog box appears and prompts a user to reboot the system in order for the changes to take effect. Previously, closing this dialog box by clicking the button had the same effect as clicking , and incorrectly initiated the system restart. This error no longer occurs, and clicking the button now only closes the dialog box as expected.
kdump service may have failed to create a core dump with the following error:
readmem: Can't read the dump memory(/proc/vmcore). Cannot allocate memory
kdump no longer fails to store the core dump.
tmpfs file system, rendering the kdump service unable to start in a diskless environment. With this update, the underlying source code has been adapted to allow the use of the tmpfs file system, so that kdump is now able to start on diskless nodes as expected.
-d option) set to 16 or 31 may have caused the utility to fail. This update applies a patch that addresses this issue, and makedumpfile now works as expected.
--override-resettable option. This allows system administrators to start the kdump service on otherwise unsupported devices, such as HP Smart Array Controllers that use the hpsa or cciss driver.
kdump crash recovery service was unable to find an LVM device identified by a universally unique identifier (UUID). Consequent to this, when a system crashed, kdump may have failed to write a core dump to such a device. This update fixes this error, and kdump now locates LVM devices according to their UUIDs as expected.
/etc/kdump.conf configuration file.
mkmountpoint and umount-all commands are considered incompatible. Mount points created with the mkmountpoint command become invalid after the umount-all command is used. This is now documented in the guestfish man page. Customers should note that it is possible to safely unmount devices that were mounted with mkmountpoint by using the umount command.
-net and vlan=... options in the qemu package are deprecated. To avoid relying on these deprecated options, libguestfs now uses the -netdev option instead.
vfs-type command could not determine the type of a file system newly created by guestfish. This occurred because the vfs-type command tried to read the type from a cache file (blkid.c) that had not yet been updated. The cache file is now deleted between file system creation and attempting to read the file system type, resulting in updated file system information for vfs-type to read.
$HOME variable was not set, guestfish did not expand a path containing ~ (tilde) into a path to the user's home directory. Guestfish now examines the current user's passwd file for the location of the user's home directory so that a path containing ~ can be expanded correctly.
umask. This has been corrected, and guestfish commands that return integers now return them in the natural radix for that number.
get-e2uuid command retrieved file system UUIDs via tune2fs -l. This failed on journaling block devices (JBDs) and other devices that were not second, third or fourth extended file systems (ext2, ext3 or ext4). get-e2uuid has been reimplemented so that it retrieves UUIDs via blkid instead of tune2fs -l, resolving this issue. However, since the get-e2uuid command has been deprecated, customers are advised to retrieve UUIDs with the vfs-uuid command instead.
virt-ls at the command line. The following has been added to the libguestfs documentation:
Libvirt guest names can contain arbitrary characters, some of which have meaning to the shell such as#and space. You may need to quote or escape these characters on the command line. See the shell manual pagesh(1)for details.
virt-list-filesystems at the command line. The following has been added to the libguestfs documentation:
Libvirt guest names can contain arbitrary characters, some of which have meaning to the shell such as#and space. You may need to quote or escape these characters on the command line. See the shell manual pagesh(1)for details.
checksum command contained a file descriptor that was not closed properly in an error path. If the checksum command resulted in an error, this would later prevent the file system from being unmounted with either umount or umount-all. The file descriptor is now closed properly on the error path, so an error in checksum no longer causes problems unmounting file systems.
/etc/fstab of a guest machine contained a reference to a floppy disk (/dev/fd0), both virt-inspector and virt-v2v printed the following harmless warning during inspection or conversion:
unknown filesystem /dev/fd0
/etc/fstab.
/etc/fstab of a guest machine contained a reference to a CD-ROM drive (/dev/hdc), both virt-inspector and virt-v2v printed the following harmless warning during inspection or conversion:
unknown filesystem /dev/hdc
/etc/fstab.
virt-filesystems command failed when used against a guest which had a missing or corrupt file system label. This command has been updated to handle guest file systems with missing or corrupt file system labels.
/etc/fstab did not exist, the guestfish -i command failed with a "No such file or directory" error. In the event of missing devices, guestfish now completes, and reports that some file systems could not be mounted.
libguestfs: trace:) is now added to the beginning of each line of the trace output so that it can be easily distinguished and filtered out of logs with the grep command or similar.
virt-make-resize. This reference should have been to the virt-make-fs tool. The man page has been corrected.
set-trace command was not prepared to handle all possible error conditions. This resulted in a segmentation fault when attempting to handle several conditions. The command now handles trace errors separately, so the segmentation fault no longer occurs.
/etc/fstab of a guest machine contained a reference to a virtio disk (/dev/vda1), virt-inspector printed a warning and ignored the virtio disk. The warning has been suppressed, and virtio disks are now recognized by virt-inspector.
libvirt library to upstream version 0.8.7, fix a number of bugs, and add various enhancements and new features are now available for Red Hat Enterprise Linux 6.
CHANGELOG file installed to /usr/share/doc/libvirt-0.8.7 when the updated package is installed.
virDomainSetMemory() setting, making it impossible to set a hard limit on guest memory consumption. New virDomainGetMemoryParameters and virDomainSetMemoryParameters methods have been introduced to allow users to fine-tune and enforce memory limits.
downtime setting is increased. However, libvirt was sending an incorrectly formatted request to increase the downtime setting of a guest. This update corrects the format of this request to assist in live migration completion.
virsh managedsave dom) even if it failed to restore and start the domain using that file. This caused data loss. The managed state file is now removed only if the restore operation succeeds.
%post script (part of the libvirt-client package) started the libvirt-guests service even when the service was explicitly turned off. The libvirt-guests service is no longer started when explicitly turned off.
virsh vcpuinfo or setting up virtual CPU pinning on a host machine that used NUMA, virsh vcpuinfo showed the incorrect number of virtual CPUs. Virtual CPU pinning could also fail because libvirt reported an incorrect number of CPU sockets per NUMA node. Virtual CPUs are now counted correctly.
/var/lib/libvirt directory to change when a system was upgraded. With this update, correct permissions are assigned to the aforementioned directory.
<boot> element has been introduced, which can be used to specify the exact order of boot devices.
dnsmasq with the correct options so that these statically configured addresses are properly served to the guests.
virsh freecell command could be run with an invalid (non-integer) argument without error, and the free memory for node 0 would still be printed. The validity of the argument is now checked, and an error message is now printed when an invalid value is detected.
virsh detach-interface command was used on a domain with multiple NICs, but a particular MAC address was not specified with --mac, virsh detached the first interface without error. The --mac option is now required where a domain has multiple NICs, and an appropriate error message has been added.
virsh attach-disk, virsh set phy as the driver value by default. Because this value is not supported everywhere, the disk did not persist over domain shutdown, and could prevent domain startup. This update corrects virsh behavior such that the driver value is not set if it is not provided by the user.
setvcpus commands resulted in unknown errors. More useful error messages have been added to this command.
auth data caused unrelated data to be overwritten, which caused a crash in libvirt. The error has been corrected, and auth can now be set without issue.
forward-delay or stp-enable parameters. The string is no longer freed prematurely, and in the event of a problem with these parameters, users receive a specific error message.
openssl x509 -in clientcert.pem -text). This command has been replaced with the following command, which gives more helpful, accurate output:
certtool -i --infile /etc/pki/libvirt/clientcert.pem
--all option has been added to the virsh freecell command to allow the command to iterate across all nodes instead of forcing users to run the command manually on each node. virsh freecell --all will list the free memory on all available nodes.
-redhat-disable-KSM flag.
virsh documentation has been updated to clarify usage of the cpu_shares parameter.
virsh documentation has been updated to remove references to the deprecated virt-mem command.
virsh documentation for the setvcpus, setmem, and setmaxmem sub-commands has been updated to correct and expand the information available for these sub-commands.
libvirtd. Access it with the man libvirtd command.
root or luci attempted to run the luci init script, the service failed to start and a traceback was written to standard error. With this update, the init script has been corrected to terminate with exit code 4 in this case.
luci.log log file. This error has been fixed, and luci now correctly displays “Unknown fence device type” when an unknown or unsupported fence device is encountered.
luci.log log file:
DeprecationWarning: BaseException.message has been deprecated as of Python 2.6
cluster.conf configuration file or shut down the clustering on the nodes. This update corrects this error, and users are now allowed to completely destroy a whole cluster by selecting all of its nodes and clicking the Delete button.
ricci daemon encountered an error, previous version of luci did not present this error to a user and displayed a generic error message instead. In order to make it easier to determine the cause of such errors, this update adapts luci to display the error messages reported by ricci.
fence_scsi from being unfenced at boot time. With this update, the underlying source code has been adapted to provide this functionality, and users are now allowed to configure unfencing from the user interface.
No nodes from this cluster could be contacted. The status of this cluster is unknown.
nodename parameter for the fence_scsi fence agent correctly. This update corrects this error, and the nodename parameter is now handled properly.
fence_egenera fence agent correctly. With this update, the underlying source code has been modified to address this issue, and the username for fence_egenera is now handled correctly.
luci.log log file. This error no longer occurs, and users are now allowed to configure such nodes as expected.
luci.log log file:
AttributeError: 'ClusterNode' object has no attribute 'getID'
OracleListener and OracleInstance resource agents has been added.
ricci daemon on an interface different from the one that is used for the cluster communication.
fence_cisco_ucs fence agent has been added.
fence_rhev fence agent has been added.
fence_brocade to the list of supported fence agents.
request failed: error reading the headers
PKCS#11 module interface used a wrong object type which caused it to return an object with an invalid CKA_CERTIFICATE_TYPE attribute. With this update, the softokn PKCS#11 module interface uses the correct object type.
IPv6 is enabled caused it to enter a loop in the test part of the rebuild. With this update, the selfserv test tool has been modified to use a dual-stack IPv6 listening socket, which can accept connections from both IPv4 and IPv6 clients.
certutil -H command was missing the -W option (which changes the password to a key database). With this update, the -W option has been added to the help page.
pk12util command) did not work for private keys placed in the /etc/pki/nssdb/ directory due to permission restrictions. This update addresses this issue, and the nss-sysinit module now enables the root user to import private key.
This Connection is Untrusted. error even though the web page had a valid security certificate. With this update, this issue has been fixed and visiting the specific web site no longer returns SSL errors.
PKCS#8 encoded PEM (Privacy Enhanced Mail) RSA private key files could not be read by nss and resulted in an error when being imported. With this update, nss correctly handles the aforementioned files.
SECKEY_DestroyPublicKey(SECKEY_ImportDERPublicKey(…)) function.
pkcs11.txt file, it took the current umask (user mask) into an account. However, if run with restrictive umask settings, the pkcs11.txt file could be created with permissions that did not allow non-privileged users to read it. This could cause nss-sysinit to remain disabled even when it was intended to be enabled. With this update, the permissions of the pkcs11.txt file are changed at the end of the run of the setup-nsssysinit.sh script, fixing this issue.
%verify(not md5 size mtime) declarations have been added to the configuration files.
OpenLDAP command and using the LDAPTLS_CACERTDIR variable to pass in an arbitrary directory containing other directories caused the command to abort because OpenLDAP tried to pass down the directory as a file. With this update, specified files that are directories are properly rejected in the aforementioned case.
PayPalEE.cert certificate expired on Oct 31, 2010, which caused the nss package to fail to build. This update prolongs this expiration date of this certificate, and the nss package no longer fails to build.
Error parsing *roff command from file /usr/share/man/man8/nslcd.8.gz
README.nss file. This update adds the file to the documentation.
crm_standby not available, check your installation
AttributeError: 'PackageKitYumBase' object has no attribute 'prerepoconf'
ERROR: pam_pkcs11.c:334: no suitable token available
ERROR: pam_pkcs11.c:445: open_pkcs11_login() failed: Login incorrect
pydoc -k command performs a keyword search of the synopses in all installed Python modules. This command failed on modules that did not import, resulting in a traceback. pydoc -k now ignores modules that have import exceptions, allowing searches on the remaining modules.
commands module selftests was corrected.
lib2to3. This update adds the missing content to the subpackage.
in operator for dbm mappings erroneously returned False for all keys on big-endian 64-bit builds of Python (64-bit PowerPC and IBM System z). This update fixes this issue.
_sqlite3.so module was removed. Execution and "#!" lines from .py files within the standard library that did not require these lines were also removed.
urllib2 module ignored the no_proxy variable for the FTP scheme. This could lead to programs such as yum erroneously accessing a proxy server for ftp:// URLs covered by a no_proxy exclusion. The no_proxy variable now overrides the ftp_proxy variable, enforcing this exclusion.
gdb (configured using the --with-python option) on python applications to generate backtraces caused a traceback error. python-gdb.py, the python module that deals with the case of debugging a python process, was updated to prevent this.
urllib2 module resulted in infinite recursion. This behavior has been patched, and urllib22 now attempts authentication a maximum of five times before authentication is considered failed.
ulimit -n to enable communication with large numbers of subprocesses could still monitor only 1024 file descriptors at a time, due to the subprocess module using the select system call. This could cause an exception:
ValueError: filedescriptor out of range in select()
poll system call, removing this limitation.
urllib2 module was limited to six requests because the retried attribute was not reset when authentication was successful. This attribute is now reset, and authentication requests work as expected.
test_structmembers unit test failed on big-endian 64-bit builds of Python (64-bit PowerPC and IBM System z) because a variable was not well-defined. The variable is now defined correctly, and the unit test works as expected. Note that this issue was discovered and corrected during development, and was not encountered in production systems in the field.
PyErr_Clear() method, which exposed an assertion failure in RhythmBox that resulted in RhythmBox crashing. Python now compensates for the RhythmBox assertion failure.
Makefile.pre.in. The make command interprets a make rule with two dependents as two copies of the rule. On machines with more than one core, this could lead to race conditions in which the compiler attempted to read a partially-overwritten file. This resulted in syntax or link errors when attempting to build python on machines with multiple cores. A check has been added to prevent this issue.
timeout argument, which can be used by the subprocess.call, Popen.communicate and Popen.wait API entry points. This argument allows users to specify either an integer or a float value, which represents the number of seconds these processes will wait for a call to return before raising an exception of type TimeoutExpired.
pyfuntop.stp, which provides a top-like view of all bytecode being executed; and systemtap-example.stp, which shows the function-call hierarchy of Python bytecode.
# rhn_register Segmentation fault (core dumped)
# rhn_register ***MEMORY-ERROR***: rhn_register[11525]: GSlice: assertion failed: sinfo->n_allocated > 0 Aborted (core dumped)
Fatal Python error: deallocating None Aborted (core dumped)
Device '[device_name]' could not be initialized
VGA_RAM_SIZE variable to 16 MB so that the user can now use high resolution modes.
ksm and ksmtuned initscripts were not consistent in their behavior with other initscripts included in Red Hat Enterprise Linux 6. This update modifies the ksm and ksmtuned initscripts so that their behavior is now consistent.
vhostfd command line parameter due to improper handling of file descriptors. With this update, if an invalid argument is provided to the vhostfd parameter, qemu-kvm exits and displays an appropriate warning message.
BUS_MCEERR_AO SIGBUS signals and this caused Software Recoverable Action Optional (SRAO) MCE to kill the qemu-kvm process when a page was constantly used by the virtual guest. The problem has been fixed partly in this update, partly in the kernel update (see BZ#550938) so that SRAO MCE handling now works properly even if the page is being constantly read or written by the virtual guest.
rxbuf_size option. This caused networking to stop if the maximum transmission unit (MTU) of the e1000 virtual network interface controller (NIC) was set to the value of 16110. With this update, support for larger multi-buffer packets has been added so that the MTU can now be set to 16110.
netdump) on a Red Hat Enterprise Linux 3 virtual guest which was based on the i386 architecture caused a failure when using the e1000 NIC emulation. The support for the SECRC field has been added so that netdump now works correctly.
qemu-doc.html file. The problem has been fixed by removing the empty index with this update.
O_DIRECT support. As a consequence, I/O requests to a device with large sector sizes (e.g. the CD-ROM drive) did not work in the cache=none mode. This update has fixed QEMU so that it uses a properly aligned memory for the I/O requests and I/O requests to devices like the CD-ROM drives now work as expected.
committed_memory() function, the ksmtuned service was unable to determine the correct amount of memory used by qemu-kvm processes when no such process existed. This has been fixed and ksmtuned now works as expected.
vhost_net back end did not work. This has been fixed by adding support for a buffer, which can be merged, to the vhost_net back end so that the migration works as expected.
SIGABORT signal rather than clearly indicating the cause for failure to the user. This problem has been resolved so that an error message is now displayed, clearly indicating the failure cause.
-cpu check command line option, the output was not as expected if a valid CPU model name was not provided. As a consequence, the -cpu check and -cpu enforce options did not work with the default CPU model and QEMU failed with a command line interface parsing error. The problem has been fixed so that it is now possible to enter "default" as a CPU model name, which allows the -cpu check and -cpu enforce options to function as expected.
scp command failed during a virtual machine migration in qemu-kvm. This bug has been fixed so that scp does not fail anymore during the migration.
vhost was set as a back end, qemu-kvm terminated unexpectedly. The fix for this problem has been provided with this update so that the VirtIO NIC hot plug works correctly.
initrd file, QEMU failed. As a consequence, a virtual machine was not able to start, and QEMU did not display any error message to the user either. The fix for this bug has been provided by checking for the initrd file's validity and displaying an error message in case of the file's invalidity.
virtio-net) used a packet transmission algorithm that was using a timer to delay a transmission in an attempt to batch multiple packets together. This problem caused a higher virtio-net transmission latency. With this update, the default algorithm has been changed so that the virtio-net transmission latency is now significantly lower.
removable check for virtual media change for devices with the if=none option set. The bug caused a failure when a user changed the media of virtual floppy devices. This problem has been resolved with this update so that changing the media of virtual floppy devices now works without problems.
-nodefconfig option did not work correctly in that QEMU did not read an alternate cpu-x86_64.conf file and used the default cpu-x86_64.conf file instead when combined with the -readconfig option. This bug has been fixed so that the -nodefconfig option now works as intended and expected.
qemu-kvm became unresponsive when it failed to start the vhost_net back end. The bug has been fixed in this update so that qemu-kvm now works as expected when the vhost_net back end is unable to start.
Device '[device_name]' could not be initializedThis update has fixed this bug so that hot-plugging a NIC in a virtual machine with four or more gigabytes of the virtual memory no longer fails.
qemu-img commit command, the file was reopened with the wrong format (the format of the snapshot image), and the following error message was printed:
qemu-img: Error while committing image
qemu-img rebase command. In this update, a metadata cache for Qcow2 has been introduced, and thus performance is now improved.
qemu -cpu check and/or qemu -cpu enforce command, the CPU feature flags vmx and svm were not validated correctly. This could possibly cause a virtual guest's confusion if the feature flags were unintentionally exposed. This problem has been fixed by disallowing the vmx flag in all cases and the svm flag only if a nested Kernel-based Virtual Machine (KVM) is in effect.
snapshot_blkdev command in the QEMU monitor.
vgabios) for the QEMU Standard VGA expected to find the framebuffer memory at the magic address 0xe0000000. Due to the overlapping memory reservations, qemu-kvm aborted unexpectedly when the guest operating system tried to use the address space at 0xe0000000 for other spaces, e.g. mapping resources of hot-plugged PCI devices. This update changes vgabios to lookup the framebuffer memory in PCI space instead. Now, the address space at 0xe0000000 can freely be used by the guest operating system.
ru.orig file have been corrected, and pressing these keys now produces the expected results.
qemu-img create command. In this update, error handling of the output of the qemu-img create command has been made more reliable and the emitted errors are no longer ignored.
pcscd) terminated unexpectedly when a user removed the card during a transaction. The last problem was that the device was only tested in a single card and reader setup so it only supported this particular reader/device setup. All these problems have been resolved in this update so that they no longer occur.
qemu-kvm process exiting. To work around this issue, shut down the virtual guest before adding additional rtl8139 NICs. Alternatively, install the virtio-net drivers and add a VirtIO NIC.
qemu-kvm man page has been updated with information on available -spice options.
Exception in do_call: %r local variable 'smsg' referenced before assignment
rhn_register --nox command) used different names for various window titles and buttons. This update corrects these inconsistencies, and both variants of rhn_register now share the same window titles and button labels.
/usr/share/rhn/up2date_client/messageWindow.py:72: DeprecationWarning: use set_markup() instead
ml_IN language code) of the firstboot application to configure software updates, the Why Register dialog box may have been too long to fit to the screen on certain display resolutions (that is, with height 600px and smaller). This update extends the width of the dialog box to ensure it fits to the screen as expected.
/proc/cpuinfo on IBM System z machines, Red Hat Network Client Tools may have reported an incorrect number of CPUs on this platform. This update adapts the underlying source code to ensure that the correct number of CPUs is reported on IBM System z machines.
networkRetries configuration option in the /etc/sysconfig/rhn/up2date file was set to a non-integer value, network operations of the registration tools did not time out at all. With this update, the registration tools correctly set the default value of networkRetries to 1, and invalid values are now interpreted as a single attempt. As a result, network operations now time out as expected.
yum install --tsflags command failed with the following error:
Command line error: no such option: --tsflags
or_IN language code), the No thanks, I'll connect later button did not have any shortcut key assigned to it. With this update, the button is now associated with the N key.
hostedWhitelist option in the /etc/sysconfig/rhn/up2date configuration file. This update corrects this error, and rhn_register now uses this option as expected.
ru_RU language code) of the firstboot application, various screens regarding the configuration of software updates contained HTML tags, such as <b> or </b>. This update replaces these entities with plain text, and the Russian translation of firstboot is now displayed correctly.
XML-RPC protocol.
useNoSSLForPackages option in the /etc/sysconfig/rhn/up2date configuration file. When enabled (that is, when set to 1), this option forces the use of the HTTP protocol for downloading repository metadata and RPM packages. Note that enabling this option disables Location-Aware Updates.
metadata_expire configuration option, all channels used the default expiration time of 6 hours. This update adapts rhnplugin to use Yum's global settings.
yum remove command failed, and a traceback was written to standard error. This was caused by rhnplugin incorrectly sending the list of removed packages to a Red Hat Network server. This update adapts rhnplugin not to send the list to a server when a system is not registered, and the yum remove command now works as expected.
/sys/devices/system/cpu instead of /proc/cpuinfo, which reports all present CPUs.
/var/cache/yum/rhnplugin.repos file caused certain Yum commands to fail with the following error:
Error: Cannot retrieve repository metadata (repomd.xml) for repository: repository_name. Please verify its path and try againyum groupinstall command may have failed to install the selected package group with the following result:
No packages in any requested group available to install or update
yum groupinstall command now works as expected.
rhnreg_ks --help command in a non-English environment may have failed with a traceback written to standard error. This was caused by the presence of a non-ASCII character in translated strings. With this update, the underlying source code has been adapted to retrieve the strings in Unicode, and running the rhnreg_ks utility with the --help option no longer causes it to crash.
-L (or --available-channels) option, which allows a user to list all available child channels that are related to a system.
serverURL option in the /etc/sysconfig/rhn/up2date configuration file has been updated to mention that a fully qualified domain name (FQDN) must be specified.
lib-zfcp-hbaapi library provided by this package is rebased to version 2.1.
FUSE infrastructure on Linux. This new tool allows you to read and write configuration files on CMS disks directly.
ziomon command exits successfully, it should return a value of 0. Previously, faulty logic caused the command to return an exit status of 1 when run with the --help or -v arguments. The logic is now corrected and ziomon returns 0 when run successfully with --help or -v.
0. Consequently, devices where the subchannel was set to any other value were not processed and did not appear on the IPA list. Now, qethconf recognizes devices where the subchannel is set to values other than 0 and these devices appear correctly in the IPA list.
cio_settle kernel facility is a new mechanism by which processes in user space can monitor CIO actions. Previously, user-space processes could not wait for devices to become available, leading to possible race conditions, particularly as the system started and started processing CIO requests. This updated s390-utils package uses this mechanism to enable user space processes to wait for devices to become usable. Now that processes can wait for device availability, handling of all CIO actions is ensured and race conditions are avoided.
DELAY_MINUTES as a new keyword for the etc/sysconfig/dumpconf configuration file, and updates the dumpconf manual page to describe its use. When configured, the new keyword delays the dump and therefore help to avoid situations where triggering the dump leads to a re-IPL loop.
getty programs and prevents re-spawns through the init program if a terminal is not available.
-h option of the login program. Depending on the implementation of the login program, passing the user ID to login -h can cause timeouts when the target system does not have a working network connection. Now iucvtty no longer passes the user ID and therefore avoids timing out during login.
-Q as a new option to the tunedasd tool that allows it to show the reservation status of a given DASD in relation to the current Linux instance. Used on the command line, tunedasd -Q returns the reservation status to standard out.
format 7 label written by fdasd and dasdfmt was incorrect. Therefore, backups of Linux on System z disks from z/OS did not work when the disk was not fully partitioned. libvtoc now writes the format 7 label correctly and backups work correctly.
/proc/sys/vm/cmm_pages to 0, regardless of its previous value. Also, when where cmm_pages was equal to cmm_inc, cmm_pages did not correctly reach a cmm_min of 0 during run-time. The incorrect checks in the cpuplugd utility are now fixed, so that /proc/sys/vm/cmm_pages maintains its correct value, and the evaluation of cmm_min is now correct.
LUN 0 or the WLUN is already available. If both LUNs are not available, LUN 0 is tried first; if this fails, WLUN is tried.
mon_statd script contained a call to udevsettle instead of udevadm settle, which failed because udevsettle doesn't exist. The call is now corrected and mon_statd works correctly.
fdasd tried to write to an read-only disk, it would attempt to format an error message through libvtoc, where it would cause a buffer overflow. Therefore, rather than a useful error message, users were presented with an error about a buffer overflow. The fdasd tool now prints the error message directly and therefore avoids the buffer overflow.
cupsaddsmb command using the Adobe Postscript Driver. Running the command resulted in the "WERR_UNKNOWN_PRINTER_DRIVER" error message. The problem has been fixed so that the cupsaddsmb command can now be executed successfully without the error.
/etc/rc.d/init.d/nmb startup script contained an erroneous description saying that it started Samba's smbd service. In fact, the nmb script starts the nmbd service, which communicates with NetBIOS name service requests. This update corrects the description in the nmb startup script.
unix charset and display charset in the smb.conf configuration file were not displayed correctly while a user browsed the network file system with the Windows Explorer application. This has been fixed so that file names with characters encoded in ISO-8859-15 are now displayed without any character encoding problems on the Samba network file system.
winbindd daemon. The limit was hard coded to the number of 200 connections, thus disallowing any other winbindd clients that would exceed the limit to connect. A fix resolving this bug has been applied so that it is now possible to exceed the original limit. The limit can now be set by modifying the winbind max clients option.
smb.conf configuration file, which is included in Samba. The name of the SELinux label samba_share_t that a user uses when creating a new directory was misspelled as samba-share_t. The typo has been corrected and the smb.conf file now contains valid information.
smb.conf configuration file, which is included in Samba, misspelled the words "Network" and "Security". The misspellings have been corrected so that the content of the smb.conf file is now spelled properly.
default case parameter in the smb.conf configuration file was unclear and contained misleading punctuation. This update clarifies the description so that it is unambiguous.
posix_fallocate() function in write paths.
smb.conf configuration file is configured in ADS (Active Directory Service) mode. This was not possible with the previous version of the smbpasswd Samba utility. The smbd daemon must run in order to change non-root user passwords with smbpasswd successfully. Also, with the wbinfo --change-user-password command, non-root users can now change both the local user password as well as the remote Active Directory domain password at the same time.
smb.conf Samba configuration file with the testparm utility. The utility was not user-friendly in that its usage was not consistent with the way the sanity check has been called and performed in other similar packages like postfix. This has been improved by adding a new option configtest to the service smb command.
allow_corosync_rw_tmpfs Boolean value allowed third party applications to create, write and read generic tmpfs (temporary file system) files. To prevent this undesired behavior, the Boolean value has been removed, and unless the unconfined policy is disabled, generic tmpfs files can now be managed using the Corosync Cluster Engine.
qemu-kvm binary file, from running. With this update, the SELinux policy has been fixed so that the binary file can now be run as expected.
virsh dominfo command from producing the expected results. This update fixes the relevant policy so that the command now works as expected.
tgtd service emitted Access Vector Cache (AVC) messages. With this update, the relevant policy rules have been modified to resolve this issue, and running the tgtd service no longer emits AVC messages.
cmirror resulted in Access Vector Cache (AVC) messages. This bug has been fixed in this update so that cmirror now runs as expected.
fence_scsi I/O fencing agent, running either the cman startup script, or using the fence_node -U [nodename] command, resulted in failure. This update contains updated SELinux rules and adds the security file context for the /var/lib/cluster/ directory, which allows a cluster with fence_scsi enabled to work properly.
smbd, nmbd, or winbindd service did not work properly. This bug has been fixed, the relevant policy has been added, and SELinux no longer prevents smbcontrol from working properly.
/etc/fstab file. With this update, SELinux rules have been added to allow the mount process to communicate with the gfs_controld service so that GFS2 file systems can now be mounted as expected.
/root/.ssh/ directory, which caused the restorecon command not to function properly. With this update, the relevant security context has been modified in order to fix this bug.
rpc.quotad service has been adjusted in order to make it work properly.
iptables-save or iptables -L, were unable to write to files with output redirection. With this update, the SELinux domain transition from the unconfined_t to iptables_t domain has been removed, and such commands now work as expected.
/etc/resolv.conf file not having the correct security context. This was caused by NetworkManager, which ran under an incorrect SELinux domain (devicekit_power_t). With this update, the proper SELinux domain transition from DeviceKit-power to NetworkManager has been added, and resuming from suspend mode now works as expected.
passwd command in single user mode failed when SELinux was enabled. With this update, the SELinux policy rules have been updated so that passwd can now access the system console as well as all terminals (TTYs) and pseudo-terminals (PTYs) on the operating system.
certmonger service was not permitted to search through directories that contained certificates. This bug has been fixed by updating SELinux policy rules so that they now allow certmonger to access these directories.
ssh command with a ProxyCommand option. With this update, the relevant SELinux policy has been corrected so that the ssh command with a ProxyCommand option works as expected.
/etc/sysconfig/ip6tables.save file has been corrected.
/sys/kernel/debug/ directory was not possible. This error has been fixed so that the updated SELinux policy rules now allow mounting of the /sys/kernel/debug/ directory.
allow_httpd_mod_auth_ntlm_winbind policy was fixed in this update.
pam_tally2 module was added. The new module uses the /var/run/faillock/ directory to store files that record recent login failures for individual users. Due to this change, a new SELinux security context was added for this directory.
udevadm settle command was very slow and took several minutes to complete. This update fixes the relevant policy so that the command now runs much faster.
mount command resulted Access Vector Cache (AVC) messages during the system startup. With this update, the relevant policy has been corrected and mount no longer produces AVC messages.
runlevel 1. This update corrects the SELinux policy, and network can now be started as expected.
certmonger service was not able to track 389-ds certificates due to an incorrect SELinux policy. This update corrects the SELinux policy so that certmonger is now able to track these certificates.
slapi-nis Network Information Service (NIS) server plug-in, Access Vector Cache (AVC) messages were displayed. This update fixes the relevant SELinux policy so that AVC messages do not appear anymore.
ping command if the user_ping Boolean value was enabled. With this update, the relevant policy has been corrected, and users confined to SELinux can run ping as expected.
rpm -qa command from producing the expected results. This update fixes the relevant policy so that the command works as expected.
namespace_init script.
spice-vdagent command has been introduced in this update to enable the SPICE protocol features with SELinux.
rpmverify check of the sssd package. With this update, the sssd package successfully passes the rpmverify check.
multilib platform (for example, i686 on AMD64) were not able to identify the Kerberos server for authentication. With this update, the Kerberos locator plugin is located in the sssd-client package to allow installation of both the 32-bit and 64-bit versions on 64-bit systems.
initgroups for which they were a member of in LDAP. This could cause several issues related to group-based permissions. With this update, the initgroups() call always returns all groups for the specified user.
\' character). As a result, an error was issued that caused SSSD to treat the LDAP server as unreachable. With this update, escaping of characters in LDAP queries has been fixed and works as expected.
getent passwd command on a username with a very large user or group identifier (that is, UID or GID greater than 2147483647) resulted in an empty output. With this update, the underlying source code has been modified to address this issue, and the getent command now returns the expected output.
/etc/security/access.conf and /etc/sudoers. With this update, groups, for which a user has the group as its primary GID, are no longer discarded from the cache.
authorizedService LDAP attributes are now supported.
sssd service to ensure the running instance is properly replaced with the newer version. However, prior to this update, a race condition could occur upon the service shutdown, causing the parent process not to wait for its children to terminate. When this happened, these running sub-processes may have prevented sssd from starting again. With this update, the sssd service has been corrected to wait for the children processes to terminate, so that it can be restarted as expected.
sssd service (either by using the service sssd stop command, or with the SIGTERM signal) could cause SSSD to enter a busy-loop and never complete the shut down. This error has been fixed, and sssd no longer fails to shut down.
sssd service was restarted when it was configured for a local domain. This was due to a tevent request that was not being posted properly. With this update, this issue has been fixed and enumeration works as expected.
-s/--stdin option of the sss_obfuscate command (which obfuscates a plain text password) reads the password to obfuscate from the standard input. However, not specifying the -s/--stdin option resulted in the same behavior. With this update, when no option is specified for the sss_obfuscate command, an interactive dialog for the password is shown.
SFTP (Secure File Transfer Protocol) only and be restricted to the user's home directory resulted in the SFTP connections being closed when SSSD was running on the system. This was due to improper closing of the file descriptors. This update adds additional checks which assure a correct closing of sockets and prevent the dropped SFTP connections.
initgroups lookups. With this update, initgroups lookups have been improved and authentication no longer fails in the aforementioned case.
/etc/sssd/sssd.conf file disappeared from the file after running authconfig-tui or authconfig-gtk.
sss_obfuscate command as a non-root user. With this update, a human-readable error is displayed in such a case instead of the traceback messages.
sss_obfuscate could fail if it could not establish (by reading the /etc/sssd/sssd.conf file) which domain was the default one. With this update, the sss_obfuscate command now always mandates the use of the -d/--domain option which requires a user to specify a domain to be used on the command line.
rfc2307bis_nested_groups_update_sysdb() and save_rfc2307bis_user_memberships() functions calling the sysdb_search_groups() function with a non-sanitized member_dn parameter. With this update, search filters have been fixed and work as expected.
-p/--password option of the sss_obfuscate command was not properly setting the provided password (specifically, it always used an empty string instead of the provided password). As a result, SSSD was unable to successfully complete an LDAP bind. This update removes the -p/--password option of the sss_obfuscate command as it is not safe to pass a password on the command line.
authorizedService attribute for access control, even though a user's authentication request completed successfully, the following message was logged in the /var/log/secure log file:
Authorized service attribute has no matching rule, access denied
START_TLS function when performing LDAP authentication. However, some LDAP servers (especially those configured to work behind SSL accelerators) cannot handle TLS (Transport Layer Security) over LDAPS (Secure LDAP) which prevented authentication from succeeding on those platforms. With this update, SSSD no longer attempts to start TLS if it is connected over LDAPS.
ccache file was not being checked. With this update, the ccache file is checked for any renewable TGTs at every startup unless indicated otherwise.
cn=account subtree of FreeIPAv2. However, the final version of FreeIPAv2 stores them in the cn=hbac subtree instead. This resulted in denial errors from SSSD because no rules could be accepted. With this update, denials/permissions are based on the HBAC rules, and SSSD no longer returns denial errors.
initgroups() request to the backend to ensure that user and group memberships are accurate for the login. However, a bug has been discovered which causes this lookup to be performed on the first domain in the list of domains only. This update fixes this issue; initgroups() requests are properly processed on all existing domains.
initgroups() request on a user, the IPA provider did not properly remove group memberships from the local cache when they were removed from the IPA server. With this update, a removed group is no longer present in the local cache.
ipa-client-install command (which configures an IPA client) is executed with the --realm option, the specified realm is set in all SSSD configuration files in both the realm and the krb5_realm configuration directives.
ipa_server option in the /etc/sssd/sssd.conf file resulted in a successful dynamic update of the DNS records of the IPA DNS server. However, if two or more servers are specified, the update failed. This update addresses this issue, and specifying multiple servers in the ipa_server works as expected.
memberOf attributes defined, SSSD attempted to remove them from the sysdb cache. However, this attribute is exclusively managed by the memberOf plugin. With this update, SSSD no longer attempts to delete the memberOf attribute under any circumstances.
ipactl (an IPA server control interface) command as a non-root user resulted in a segmentation fault. With this update, a segmentation fault no longer occurs.
sssd_nss module tried to delete the entry and failed with a segmentation fault. With this update, the aforementioned netgroups are properly handled, and a segmentation fault no longer occurs.
initgroups() call if it attempted to process a such a group. With this update, groups with multi-values attributes are skipped when issuing an initgroups() call.
/etc/sssd/sssd.conf file (access_provider = krb5) resulted in a traceback error when trying to update all SSSD-related files with the authconfig --enablesssd --enablesssdauth --updateall command. With this update, this issue has been fixed; all SSSD-related files are updated and SSSD starts as expected.
initgroups() call in the IPA provider caused only the user the call was being issued on to be stored in the cache. This was because the group, the user was a part of, only contained that user in the cache and was not being refreshed with the rest of the users of that group. Thus, a command such as getgrnam would only show the single user of that group. With this update, all users are properly taken into account in the aforementioned case.
sss_obfuscate command with the CTRL+D shortcut.
memberuid attribute are now properly handled, and no longer cause new lookups to not be cached properly.
cn attribute for GECOS information (entry in the /etc/passwd file) if the GECOS field is empty, making SSSD fully compliant with section 5.3 of RFC 2307.
select() call could only handle file descriptors smaller than 1024. If an sssd, nss, or pam client was called from an application with many open files, the file descriptor used by the client could be larger than 1024, which resulted in undefined and unexpected behavior. With this update, the poll() call is used instead of the select() call, eliminating any possible memory corruption issues in the calling process.
dns_discovery_domain option. If not specified, the domain part of the machine's hostname is used (previously, it was the name of the SSSD configuration domain). As a backwards-compatibility measure, the SSSD domain is used in case the domain part cannot be acquired from the machine's hostname.
nfs:/share 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
make -C prefix/share/systemtap/runtime/uprobesprefix is the install prefix for SystemTap, and that this manual build of uprobes.ko will only need to be done once.
.debug_frame section in a prelinked shared library was broken on an i686. This update ensures user space shared libraries are no longer a special case, but are treated similarly to other sections using .debug_frames for unwinding, resulting in unwinding working as expected on an i686. This also fixes a similar issue with unwinding through kernel modules.
--remote command, allowing users to build the SystemTap module locally, and execute remotely via SSH.
repnz;ret to end a function. SystemTap's uprobes module then rejected this as an unknown instruction sequence. This patch allows such instructions to be treated as rep;ret = ret, allowing stap to run without risk, even with such optimized GCC code.
/user/bin/dtrace was provided by systemtap-sdt-devel, while dtrace(1) man page was provided by SystemTap. This caused confusion when the binary was not found. This update puts the dtrace(1) man page in the same package as the binary, removing the confusion and resolving this issue.
sys/sdt.h probes were not being activated on IBM System z architectures. This was because some IBM System z architectures do not have noexec mappings for data sections so the .probes section with SDT semaphores was mapped with RWX rather than RW-. This patch checks VM flag needs to accommodate this giving the ability to deal with mappings that are both executable and writable so semaphores can be found.
systemtap.base/bench.exp FAILed. This was due to a change of output from Red Hat Enterprise Linux 6.0 and Red Hat Enterprise Linux 6.1. This patch updates the test to handle newer probe timing report output, preventing this.
systemtap.printf/ring_buffer.exp had 1 FAIL. This was because the variable was already static so needed to be initialized to 0. This patch removes the unneeded initializer and eliminated a warning message from compiling the code, preventing this error.
systemtap.stress/conversions.exp had 3 FAILs. This was because PR12168 eliminated duplicated error messages and changed the count of ERROR and WARNING messages. This patch adds the -vv option which turns off the duplication eliminate and allows an accurate count of the number of times ERROR and WARNING messages occurred, preventing these errors.
systemtap.examples/process/errsnoop build, buildok/syscall.stp, and buildok/syscalls2-detailed.stp failed to build with a semantic error. This patch checks for the existence of dwarf variables instead of using CONFIG_NFSD, which allows these testcases to build successfully.
force key release for these advanced function keys so that the keys behave as expected and unwanted key repeats no longer occur.
scsi_id command only queried one sort of page id and returned either the id of page 0x80 or 0x83 was used for ID_SERIAL_RAW. To query the other id, another run of scsi_id was needed. This update adds two new options to the --page= page code argument: 0x80-0x83 and 0x83-0x80. Both export ID_SERIAL_80 and ID_SERIAL_83:
0x80-0x83, ID_SERIAL_SHORT always equals ID_SERIAL_80.
0x83-0x80, ID_SERIAL_SHORT always equals ID_SERIAL_83.
/etc/scsi_id.config to change the default page code.
# scsi_id --export --page=0x80-0x83 --whitelisted /dev/sdc|grep ID_SERIAL_ ID_SERIAL_RAW="SATA SAMSUNG HD400LDS0AXJ1LL903246 " ID_SERIAL_80=SATA_SAMSUNG_HD400LDS0AXJ1LL903246 ID_SERIAL_SHORT=S0AXJ1LL903246 ID_SERIAL_83=1ATA_SAMSUNG_HD400LD_S0AXJ1LL903246
/lib/udev/cdrom_id failed to get the correct information about the drive and medium. In this update, /lib/udev/cdrom_id has been fixed to correctly read information about the drive and medium of an iDRAC virtual drive.
/etc/udev/rules.d/70-persistent-net.rules. This resulted network interfaces being named incorrectly. In this updated package, these interfaces are no longer listed as persistent, which corrects the naming problem.
udevadm trigger caused a segmentation fault when udevadm if debugging was turned on in /etc/udev.conf. With this update, this option udevadm trigger behaves as expected and the segmentation fault does not occur.
cdrom_id which now works with iDRAC cards.
/dev/hugepages was not created by udev and therefore could not be mounted automatically. This directory is now created in the start_udev script after /dev is mounted.
SUBSYSTEM=="block", ENV{ID_CDROM}=="1", ENV{ACL_MANAGE}="0"ENV{ACL_MANAGE}="0" was not completly honored.
0 as a setting
PIE and RELRO flags, so the daemon was missing some security mechanisms available. This update release fixes the issue.
udevadm trigger to fail with a segmentation fault when a device was delayed. In this release, the memory allocation issue is corrected, and udevadm trigger does not fail when devices are delayed.
READ TOC SCSI command. On such virtual machgines, the Red Hat Enterprise Linux installer (anaconda) could not recognize the DVD medium properly. These updated udev packages include a workaround in cdrom_id which allow virtual machines with faulty implementations of the READ TOC SCSI command to recognize DVDs.
udevadm info --query=property could not be used as input to shell interpreters. This update adds an --export argument so that the output of udevadm info --query=property --option is parsable by the shell.
context=, defcontext=, fscontext=, and rootcontext= options should not be used for remount operations. Prior to this update, using these options when remounting a manually mounted volume could cause the mount utility to fail with an error message similar to the following:
mount: /dev/shm not mounted already, or bad option
context=, defcontext=, fscontext=, and rootcontext= options when remounting a file system, and manually mounted volumes can now be remounted as expected.
tmpfs file system, the previous version of the mount utility incorrectly required root privileges even when the corresponding entry in the /etc/fstab file contained the user option. Consequent to this, an attempt to mount such a file system as a non-root user failed with the following error:
mount: only root can do that
tmpfs file system. As a result, the mount utility no longer requires root privileges when the user option is specified in /etc/fstab.
--help (or -h) command line option caused the utility to return exit status 1, even though it successfully displayed the usage information. This error has been fixed, and losetup now correctly terminates with exit status 0 in this situation.
lscpu: error: cannot open /sys/devices/system/cpu/cpu1/cache/index0/shared_cpu_map: No such file or directory
user option was specified in the /etc/fstab file. This update adapts the mount and umount utilities to provide support for file system subtypes (that is, in the type.subtypefuse.sshfs file systems as expected.
p command to display the partition table, he may have been presented with a message similar to the following:
Partition 1 does not start on physical sector boundary.
_rnetdev mount option. However, this functionality was missing in the package for Red Hat Enterprise Linux 6. With this update, the mount utility has been updated to support this option.
-t command line option, an attempt to use the same character on standard input and as an argument of the -s option caused the utility to terminate unexpectedly with a segmentation fault. With this update, a patch has been applied to address this issue, and the column utility no longer crashes.
fdisk -l and sfdisk -d commands incorrectly listed multipath devices in the /dev/dm-number form. This update corrects this error, and both commands now list multipath devices in the /dev/mapper/mpathnumber form as expected.
CPU op-mode(s) field. With this update, the underlying source code has been modified to address this issue, and lscpu now lists 32-bit capabilities of 64-bit AMD processors as expected.
libuuid library did not provide a safe variant of the uuid_generate_time() function. Under certain circumstances, this may have caused the uuidd service to generate duplicate UUIDs (universally unique identifiers). This update applies a series of patches that introduce a safe variant of the uuid_generate_time() function. As a result, the uuidd service now always generates unique UUIDs.
atime mount option. This update corrects this error, and the mount(8) manual page now describes the atime option properly.
ext3 and ext4 file systems. This update corrects the “Mount options for ext3” and “Mount options for ext4” sections of the manual page to include descriptions of all available ext3 and ext4 mount options as expected.
/usr/sbin/semanage: No such file or directory
There are no enabled repos.
INFO:rhsm-app.repolib:repos updated: Ignored option -q, -v, -d or -e (probably due to merging: -yq != -y -q)
fsfreeze(8) man page.
clearpart --initlabel kickstart command. Adding the --all switch — as in clearpart --initlabel --all — ensures disks are cleared correctly.
attempt to access beyond end of device loop0: rw=0, want=248626, limit=248624may be returned to
sys.log. The errors do not prevent installation and only occur during initial setup. The filesystem created by the installer will function correctly.
multipath -ll output command:
mpatha (3600a59a0000c2fd0003079284c122fec) dm-0, size=2.0G hwhandler='0' |-+- policy='round-robin 0' prio=0 status=enabled | `- #:#:#:# - #:# failed faulty running `-+- policy='round-robin 0' prio=0 status=enabled |- #:#:#:# - #:# failed faulty running `- #:#:#:# - #:# failed faulty runningOutput of this type indicates that there are no paths to the device. The erroneous lines in the output preceded by the string
#:#:#:# will be removed in a future release.
$> lvconvert -m +1 <vg/lv> <new PV> $> lvconvert -m -1 <vg/lv> <old PV>Mirror logs can be handled in a similar fashion:
$> lvconvert --mirrorlog core <vg/lv> $> lvconvert --mirrorlog disk <vg/lv> <new PV>
or $> lvconvert --mirrorlog mirrored <vg/lv> <new PV> $> lvconvert --mirrorlog disk <vg/lv> <old PV>
search entry will not be propagated to /etc/resolv.conf. Consequently, short host names that do not include the domain name will fail to resolve. To workaround this issue, add a search entry manually to /etc/resolv.conf.
option rfc3442-classless-static-routes code 121 = array of unsigned integer 8; option ms-classless-static-routes code 249 = array of unsigned integer 8; also request rfc3442-classless-static-routes; also request ms-classless-static-routes;These lines will ensure that RFC3442 classless static routes are requested from the DHCP server, and that they are properly processed by NetworkManager.
[07/Apr/2011:10:46:23 -0400] slapi_ldap_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: error -2 (Local error) [07/Apr/2011:10:46:23 -0400] NSMMReplicationPlugin - agmt="cn=meToipaqa64vmb.testrelm" (ipaqa64vmb:389): Replication bind with GSSAPI auth failed: LDAP error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Credentials cache file '/tmp/krb5cc_496' not found))These messages can be safely ignored.
lsusb -v -d 147e:2016 | grep bcdDevicewill return the version of the device being used in an individual machine.
lpfc) does support DH-CHAP authentication on Red Hat Enterprise Linux 5, from version 5.4. Future Red Hat Enterprise Linux 6 releases may include DH-CHAP authentication.
05.xx.xx.xx.) Note that following this recommendation is especially important on complex SAS configurations involving multiple SAS expanders.
#!/bin/sh
# Disable hyper-threading processor cores on suspend and hibernate, re-enable
# on resume.
# This file goes into /etc/pm/sleep.d/
case $1 in
hibernate|suspend)
echo 0 > /sys/devices/system/cpu/cpu1/online
echo 0 > /sys/devices/system/cpu/cpu3/online
;;
thaw|resume)
echo 1 > /sys/devices/system/cpu/cpu1/online
echo 1 > /sys/devices/system/cpu/cpu3/online
;;
esac
INFO: task insmod:201 blocked for more than 120 seconds.Refer to BZ#682110 for more information.
nmi_watchdog=0 kernel parameter set, or run echo 0 > /proc/sys/kernel/nmi_watchdog to disable at run time. To re-enable the watchdog, use the command echo 1 > /proc/sys/kernel/nmi_watchdog.
nmi_watchdog=0
nmi_watchdog=2 or nmi_watchdog=lapic parameters. The parameter nmi_watchdog=1 is not supported.
pci=noioapicquirk, is required when installing the 32 bit variant of Red Hat Enterprise Linux 6 on HP xw9300 workstations. Note that the parameter change is not required when installing the 64 bit variant.
Folder > Refresh). Consequently, when replying to a message in the Sent folder, the new message does not immediately appear in the Sent folder. To see the message, force a refresh using one of the methods describe above.
. /etc/sysconfig/keyboard; echo $LAYOUT | grep -q ",us" && gconftool-2
--direct --config-source xml:readwrite:/var/lib/gdm/.gconf --set
/apps/gdm/simple-greeter/recent-layouts --type list --list-type string $(echo
$LAYOUT | awk -F, '{ print "[" $2 "," $1 "]"; }') && echo "DONE"
| Revision History | ||||
|---|---|---|---|---|
| Revision 1-35 | Mon May 23 2011 | |||
| ||||
| Revision 1-31 | Thu May 19 2011 | |||
| ||||