Edition 8
1801 Varsity Drive
Raleigh, NC 27606-2072 USA
Phone: +1 919 754 3700
Phone: 888 733 4281
Fax: +1 919 754 3701
bfa/bna driver for Brocade Fibre Channel Host Bus adapters is considered a Technology Preview in Red Hat Enterprise Linux 5.8. (BZ#475695)
tpm-tools are included in this release to enable use of Trusted Platform Module (TPM) hardware. TPM hardware features include (among others):
tpm-tools is a suite of tools used to manage and utilize TPM hardware.
/etc/sysconfig/readonly-root for more details).
firewire-sbp2 module is included in this update as a Technology Preview. This module enables connectivity with FireWire storage devices and scanners.
SBP2 driver may cause the machine to become unresponsive.
/sys/module/fcoe/parameters/create file, for example:
~]# echo eth6 > /sys/module/fcoe/parameters/create
To logout, write the network interface name to the /sys/module/fcoe/parameters/destroy file, for example:
~]# echo eth6 > /sys/module/fcoe/parameters/destroy
For further information on software based FCoE refer to: http://www.open-fcoe.org/open-fcoe/wiki/quickstart.
fnic driver, the Emulex lpfc driver, and the Qlogic qla2xx driver.
cxgb3 driver the libcxgb3 package is needed, and for host channel adapters using the mthca driver the libmthca package is needed.
MALLOC_ARENA_TEST and MALLOC_ARENA_MAX.
MALLOC_ARENA_TEST specifies that a test for the number of cores is performed once the number of memory pools reaches this value. MALLOC_ARENA_MAX sets the maximum number of memory pools used, regardless of the number of cores.
MALLOC_PER_THREAD needs to be set in the environment. This environment variable will become obsolete when this new malloc behavior becomes default in future releases. Users experiencing contention for the malloc resources could try enabling this option.
%post chkconfig --level 12345 openibd on
dd if=/dev/zero of=/dev/USED_DISK count=512ibft, the iSCSI boot firmware table support, use the ip=ibft option as the network install option:
ip=<ip>
IP to use for a network installation, use 'dhcp' for DHCP.
linksleep=SECONDS parameter in addition to the ip=ibft parameter by replacing SECONDS with an integer specifying the number of seconds the installer should wait, for example:
linksleep=10
dhcptimeout=0 parameter does not mean that DHCP will disable timeouts. If the user requires the clients to wait indefinitely, the dhcptimeout parameter needs to be set to a large number.
mpath0: sdb, sdd mpath1: sda, sdc
mpath to the append line in the /etc/yaboot.conf file.
--ondisk=mapper/mpath0 in all part directives of the kickstart file.
%post section of the kickstart file.
%post # Determine the boot device device=; # Set the bootlist in NVRAM if [ "z$device" != "z" ]; then bootlist -m normal $device; # Print the resulting boot list in the log bootlist -m normal -o; bootlist -m normal -r; else echo "Could not determine boot device!"; exit 1; fi
/usr/sbin/portmapsh-3.2# mount 192.168.11.5:/share /mnt/nfs mount: Mounting 192.168.11.5:/share on /mnt/nfs failed: Input/output error
sdc instead of sda).
clearpart --initlabel [disks](BZ#530465)
install.img is located on direct access storage device (DASD) disk, causes the installer to crash, returning a backtrace. anaconda is attempting to re-write (commit) all disk labels when partitioning is complete, but is failing because the partition is busy. To work around this issue, a non-DASD source should be used for install.img. (BZ#455929)
ext3 or ext4 file system, anaconda disables periodic file system checking. Unlike ext2, these file systems are journaled, removing the need for a periodic file system check. In the rare cases where there is an error detected at runtime or an error while recovering the file system journal, the file system check will be run at boot time. (BZ#513480)
/var on a network file system (nfs, iSCSI disk, nbd, etc.) This is because /var contains the utilities required to bring up the network, for example /var/lib/dhcp. However, you may have /var/spool, /var/www or the like on a separate network disk, just not the complete /var file system. (BZ#485478)
/ on a non-iBFT configured iSCSI drive, choose to skip the mounting of the root file system when asked, and then follow the steps below:
$TARGET_IP: IP address of the iSCSI target (drive) $TARGET_IQN: name of the iSCSI target as printed by the discovery command $ROOT_DEV: devicenode (/dev/.....) where your root fs lives
$ mkdir /etc/iscsi $ cat << EOF>> /etc/iscsi/initiatorname.iscsi InitiatorName=iqn.1994-05.com.fedora:d62f2d7c09f EOF
$ iscsid
$ iscsiadm -m discovery -t st -p $TARGET_IP $ iscsiadm -m node -T $TARGET_IQN -p $TARGET_IP --login
$ lvm vgscan $ lvm vgchange -ay
/ partition:
$ mount /dev/path/to/root /mnt/sysimage $ mount -t bind /dev /mnt/sysimage/dev $ mount -t proc proc /mnt/sysimage/proc $ mount -t sysfs sysfs /mnt/sysimage/sys
chroot to the root file system of your installation if wanted
$ chroot /mnt/sysimage /bin/su -
* or @everything is listed in the %packages section of the kickstart file) on a fully virtualized Itanium guest is 768MB. After installation, the memory allocated to the guest can be lowered to the desired amount.
resolution=1024x768 or resolution=1280x1024 to the installer using the boot command line.
locking. Therefore, to mount nfs shares from the %post section of anaconda, use the mount -o nolock,udp command to start the locking daemon before using nfs to mount shares. (BZ#426053)
dom0.
rhn-virtualization-common package manually before attempting to register the system to Red Hat Network. (BZ#431648)
dom0. Once installation finishes, it can then use its own bootloader. However, this can only be achieved by forcing the guest's first reboot to be a shutdown.
swap --grow parameter in a kickstart file without setting the --maxsize parameter at the same time makes anaconda impose a restriction on the maximum size of the swap partition. It does not allow it to grow to fill the device.
vfat file systems will appear as type foreign in the partitioning interface; as such, these devices will not be mounted automatically during system boot. To ensure that such devices are mounted automatically, add an appropriate entry for them to /etc/fstab. For details on how to do so, refer to man fstab. (BZ#467202)
umount -l autofs command has changed. For more information, refer to BZ#452122.
umount -l would unmount all autofs-managed mounts and autofs internal mounts at start-up, and then mounted all autofs mounts again as a part of the start-up procedure. As a result, the execution of the external umount -l command was not needed.
~]# service autofs forcerestart~]# service autofs forcestart# -R <region_size_in_MiB> lvcreate -m1 -L 2T -R 2 -n mirror vol_groupFailure to increase the region size will result in the LVM creation process hanging and may cause other LVM commands to hang. (BZ#514814)
rpmbuild on the compiz source RPM will fail if any KDE or qt development packages (for example, qt-devel) are installed. This is caused by a bug in the compiz configuration script.
qt development packages before attempting to build the compiz package from its source RPM. (BZ#444609)
cpio: read error: Cannot allocate memory
--block-size long option, or use the -B option to set the block size to 5120 bytes. When the block size supported by the tape device is provided, the cpio utility works as expected. (BZ#573943 )
multipathd service starts up before the iscsi service. This provides multipathing support early in the bootup process and is necessary for multipathed iSCSI SAN boot setups. However, once started, the multipathd service adds paths as informed about them by udev. As soon as the multipathd service detects a path that belongs to a multipath device, it creates the device. If the first path that multipathd notices is a passive path, it attempts to make that path active. If it later adds a more optimal path, multipathd activates the more optimal path. In some cases, this can cause a significant overhead during a startup.
multipathd service to start after the iscsi service. This does not apply to systems where the root device is a multipathed iSCSI device, since it the system would become unbootable. To move the service start time run the following commands:
~]#To restore the original start time, run the following command:mv /etc/rc5.d/S06multipathd /etc/rc5.d/S14multipathd~]#mv /etc/rc3.d/S06multipathd /etc/rc3.d/S14multipathd
~]# chkconfig multipathd resetpriorities
(BZ#500998)
multipath command with the -ll option can cause the command to hang if one of the paths is on a blocking device. Note that the driver does not fail a request after some time if the device does not respond.
multipath state without hanging the command, use multipath -l instead. (BZ#214838)
~]# dmraid -ay isw_effjffhbi_Volume0
~]#mkdir /tmp/raid~]#mount /dev/mapper/isw_effjffhbi_Volume0p1 /tmp/raid
~]#mkdir /tmp/raid/tmp/image~]#cd /tmp/raid/tmp/image~]#gzip -cd /tmp/raid/boot/inird-2.6.18-155.el5.img | cpio -imd –quiet
~]#dmraid –ay –I –p –rm_partition “/dev/mapper/isw_effjffhbi_Volume0”~]#kpartx –a –p p “/dev/mapper/isw_effjffhbi_Volume0”~]#mkrtootdev –t ext3 –o defaults,ro /dev/mapper/isw_effjffhbi_Volume0p1
~]#cd /tmp/raid/tmp/image~]#find . –print | cpio –c –o | gzip -9 > /tmp/raid/boot/inird-2.6.18-155.el5.img
~]#umount /dev/mapper/isw_effjffhbi_Volume0p1~]#dmraid -an
sniff may result in an error. This is because some required packages are not installed with dogtail. (BZ#435702)
/usr/bin/setup — provided by the setuptool package.
/usr/bin/rhn_register — provided by the rhn-setup package.
GFS2 file systems.
fsck.gfs2: invalid option -- a". To work around this issue:
~]# mount -o remount,rw /dev/VolGroup00/LogVol00 /
/dev/VolGroup00/LogVol00 / gfs2 defaults 1 1to
/dev/VolGroup00/LogVol00 / gfs2 defaults 1 0
GFS2 as the root file system is unsupported.
/media:
mount /dev/[device name] /media
iscsiadm -m node -T target -p ip -I default -u(BZ#500273)
kernel /xen.gz edd=off(BZ#568336)
blktap may not function as expected, resulting in slow disk I/O causing the guest to operate slowly also. To work around this issue, guests should be installed using a physical disk (i.e. a real partition or a logical volume). (BZ#545692)
nogbpages" parameter on the guest kernel command-line. (BZ#502826)
title Red Hat Enterprise Linux Server (2.6.18-152.el5xen) root (hd0,1) kernel /xen.gz-2.6.18-152.el5 com1=115200,8n1 console=com1 iommu=1 module /vmlinuz-2.6.18-152.el5xen ro root=LABEL=/ console=ttyS0,115200 pci_pt_e820_access=onThis enables the MMCONF access method for the PCI configuration space, a requirement for VF device support
dom0) system to Red Hat Enterprise Linux 5.7 may render existing Red Hat Enterprise Linux 5.4 SMP paravirtualized guests unbootable. This is more likely to occur when the host system has more than 4GB of RAM.
dom0 virtualized kernel may fail to boot. This is because the virtualized kernel failed to properly detect the default console device from the Extensible Firmware Interface (EFI) settings.
console=tty to the kernel boot options in /boot/efi/elilo.conf. (BZ#249076)
dom0 when VGA is enabled by the EFI Maintenance Manager. As such, you need to supply the following serial port information to the dom0 kernel:
io_base address
append= line of the dom0 kernel in /boot/efi/elilo.conf. For example:
append="com1=19200,8n1,0x3f8 -- quiet rhgb console=tty0 console=ttyS0,19200n8"
com1 is the serial port, 19200 is the speed (in bits/second), 8n1 specifies the number of data bits/parity settings, and 0x3f8 is the io_base address. (BZ#433771)
nfsd threads. For such servers, we recommend decreasing the number of threads, or decreasing the I/O size by writing to the /proc/fs/nfsd/max_block_size file before starting nfsd. For example, the following command restores the previous default iosize of 32k:
~]# echo 32767 >/proc/fs/nfsd/max_block_sizeqla4xxx driver fails to discover all iSCSI targets, make sure to Clear Persistent Targets and set up iSCSI again via CTRL+Q in the Qlogic iSCSI optional BIOS.
options oprofile timer=1 to the /etc/modprobe.conf file. (BZ#720587)
shrink_active_list() function. As a result, the spin_lock_irq(&zone->lru_lock) operation disables interrupts, and the following error message is returned when the system hangs:
NMI Watchdog detected LOCKUP
smartdservice running hangs with the following error messages:
Starting smartd: hdc: drive_cmd: status=0x58 { DriveReady SeekComplete
DataRequest }
ide: failed opcode was: 0xa1
hdc: status error: status=0x58 { DriveReady SeekComplete DataRequest }
ide: failed opcode was: unknown
hdc: drive not ready for command
hdc: status timeout: status=0xd8 { Busy }
ide: failed opcode was: unknown
hdc: drive not ready for command
hdc: ATAPI reset complete
hdc: status error: status=0x58 { DriveReady SeekComplete DataRequest }
⋮
smartd service off with the following command:
~]# chkconfig smartd offmodify SRQ verb is not supported by the eHCA adapter and will fail with an error code when called from an application context.
pci=nosort
1:
/sys/class/net/breth0/bridge/multicast_snoopingstrict_wide_port functionality. Multi-controller multipath should behave as a expected.
sas_address1 to all the PHYs on controller1
sas_address2 to all the PHYs on controller2
controller1 to have a distinct address from controller2, otherwise the expander will be unable to correctly route connection requests to the proper initiator. (BZ#651837)
lpfc driver loaded may crash the system during the resume operation. Therefore, systems using the lpfc driver, either unload the lpfc driver before the system is suspended, or ,if that is not possible, do not suspend the system. (BZ#703631)
spinlock_irq() and held for more than 60 seconds. The system can also hang for indeterminate lengths of time.
numastat command. (BZ#529428)
gfs2-kmod package on later versions of Red Hat Enterprise Linux. gfs2-kmod is not required since GFS2 is built into the kernel from 5.3 onwards. The content of the gfs2-kmod package is considered a Technology Preview of GFS2, and has not received any updates since Red Hat Enterprise Linux 5.3 was released.
lpfc_enable_npiv module parameter to zero.
options lpfc_enable_npiv=0to
/etc/modprobe.conf and re-build the initrd image.
lpfc_enable_npiv=0 option in the insmod or modprobe command line.
2010.09.06 or later. (BZ#628534)
ext4 file system is fully supported. However, provisioning ext4 file systems with the anaconda installer is not supported, and ext4 file systems need to be provisioned manually after the installation. (BZ#563943)
0 to /proc/sys/fs/leases-enable (ideally on boot, before the nfs server is started). This change prevents NFSv4 delegations from being given out, restore correctness at the expense of some performance.
ramdisk=/boot/initrd-2.6.18-<kernel-version-number>.el5.img
ramdisk=/boot/initrd-2.6.18-<kernel-version-number>.el5.img,0x02000000
zipl -V should now show 0x02000000 as the starting address for the initial RAM disk (initrd). Stop the logical partition (LPAR), and then manually increase the storage size of the LPAR.
bnx2i.ko and cnic.ko) is loaded. To work around this do not manually load the bnx2i or cnic modules, and temporarily disable the iscsi service from starting. To disable the iscsi service, run:
~]#chkconfig --del iscsi~]#chkconfig --del iscsid
iscsi service may start automatically. To bypass this, during bootup, enter interactive start up and stop the iscsi service from starting.
echo disk < /sys/power/state suspend-to-disk operation. Consequently, the system will not suspend properly, returning messages such as:
Stopping tasks: ====================================================================== stopping tasks timed out after 20 seconds (1 tasks remaining): cciss_scan00 Restarting tasks...<6> Strange, cciss_scan00 not stopped done
bnx2 driver.
/etc/modprobe.d/ containing the following line:
options bnx2 disable_msi=1
pci=nomsi. (BZ#432451)
smartctl tool cannot properly read SMART parameters from SATA devices. (BZ#429606)
acpi_sleep=s3_bios. (BZ#439006)
qla3xxx and qla4xxx drivers support ethernet and iSCSI functions individually. Both drivers do not support the use of ethernet and iSCSI functions simultaneously.
ifdown/ifup commands) may hang the device. To avoid this, allow a 10-second interval after an ifup before issuing an ifdown. Also, allow the same 10-second interval after an ifdown before issuing an ifup. This interval allows ample time to stabilize and re-initialize all functions when an ifup is issued. (BZ#276891)
ib_mthca driver reports a catastrophic error on this hardware, it is usually related to an insufficient completion queue depth relative to the number of outstanding work requests generated by the user application.
opensm is running at the time the error occurs, then you need to manually restart it in order to resume proper operation. (BZ#251934)
radeonfb module.
hal-system-power-suspend to /usr/share/hal/scripts/ containing the following lines:
chvt 1 radeontool light off radeontool dac off
restore-after-standby to the same directory as well, containing the following lines:
radeontool dac on radeontool light on chvt 7
edac module is loaded, BIOS memory reporting will not work. This is because the edac module clears the register that the BIOS uses for reporting memory errors.
edac module) by default. If you wish to ensure BIOS memory reporting on your system, you need to manually blacklist the edac modules. To do so, add the following lines to /etc/modprobe.conf:
blacklist edac_mc blacklist i5000_edac blacklist i3000_edac blacklist e752x_edac
/etc/modprobe.conf:
alias wlan0 iwlagn options iwlagn swcrypto50=1 swcrypto=1where wlan0 is the default interface name of the first Intel WiFi Link device.
Please wait, loading kernel... /pci@8000000f8000000/ide@4,1/disk@0:2,vmlinux-anaconda: No such file or directory boot:To work around this:
~]# setenv real-base 2000000
~]# 0> dev /packages/gui obe
kdump on an IBM Bladecenter QS21 or QS22 configured with NFS root will fail. To avoid this, specify an NFS dump target in /etc/kdump.conf. (BZ#368981)
forcedeth based devices may encounter difficulty accessing memory above 4GB during operation in a kdump kernel. To work around this issue, add the following line to the /etc/sysconfig/kdump file:
KDUMP_COMMANDLINE_APPEND="dma_64bit=0"This work around prevents the
forcedeth network driver from using high memory resources in the kdump kernel, allowing the network to function properly.
kexec/kdump kernel if X is running and using a driver other than vesa. This problem only exists with ATI Rage XL graphics chipsets.
kexec/kdump kernel. (BZ#221656)
makedumpfile to produce erroneous results but not have them reported. This is due to the fact that makedumpfile processes its output data through a pipeline consisting of several stages. If makedumpfile fails, the other stages will still succeed, effectively masking the failure. Should a vmcore appear corrupt, and makedumpfile is in use, it is recommended that the core be recorded without makedumpfile and a bug be reported. (BZ#475487)
kexec purgatory code. This code contains instructions for backing up the first 640k of memory after a crash.
purgatory console output can be useful in diagnosing problems, it is not needed for kdump to properly function. As such, if your Itanium system resets during a kdump operation, disable console output in purgatory by adding --noio to the KEXEC_ARGS variable in /etc/sysconfig/kdump. (BZ#436426)
boot from HD.
~]$ cat /usr/libexec/qemu-kvm.family16 #!/bin/sh ARGS=$@ echo $ARGS | grep -q ' -cpu ' if [ $? -eq 0 ]; then for model in $(/usr/libexec/qemu-kvm -cpu ? \ | sed 's|^x86||g' | tr -d [:blank:]); do ARGS=$(echo $ARGS | \ sed "s|-cpu $model|-cpu $model,family=16|g") done else ARGS="$ARGS -cpu qemu64,family=16" fi echo "$0: exec /usr/libexec/qemu-kvm $ARGS" >&2 exec /usr/libexec/qemu-kvm $ARGS
~]$ chmod 755 /usr/libexec/qemu-kvm.family16~]$ restorecon /usr/libexec/qemu-kvm.family16~]# virsh edit $GUEST<emulator>/usr/libexec/qemu-kvm</emulator>
<emulator>/usr/libexec/qemu-kvm.family16</emulator>
hwclock service starts. It is recommended to disable the hwclock service. Alternatively, enable the ntp service so that it can correct the time once the service is started. (BZ#523478)
virsh edit GUEST
<interface type='network'> ... <model type='e1000' /> </interface>
virsh dumpxml GUEST > /tmp/guest.xml
cp /tmp/guest.xml /tmp/new-guest.xmlvi /tmp/new-guest.xml
<interface type='network'> ... <model type='e1000' /> </interface>
virsh define /tmp/new-guest.xmlvirsh start new-guest
kmod-kvm package do not support kernels prior to version 2.6.18-203.el5. If kmod-kvm is updated and an older kernel is kept installed, error messages similar to the following will be returned if attempting to install these modules on older kernels:
WARNING: /lib/modules/2.6.18-194.el5/weak-updates/kmod-kvm/ksm.ko needs unknown symbol kvm_ksm_spte_count(BZ#509361)
kmod-kvm package are loaded automatically at boot time if the kmod-kvm package is installed. To make these KVM modules available after installing the kmod-kvm package the system either needs to be rebooted or the modules can be loaded manually by running the /etc/sysconfig/modules/kvm.modules script. (BZ#501543)
TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA TLS_DHE_DSS_WITH_AES_256_CBC_SHA TLS_DHE_DSS_WITH_DES_CBC_SHA TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLS_DHE_RSA_WITH_DES_CBC_SHA TLS_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 TLS_RSA_EXPORT_WITH_RC4_40_MD5 TLS_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_DES_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA TLS_RSA_WITH_RC4_128_SHA TLS_RSA_WITH_RC4_128_MD5 TLS_DHE_DSS_WITH_AES_128_CBC_SHA TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA TLS_DHE_DSS_WITH_RC4_128_SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
set ftp:ssl-auth SSL configuration directive. This works both for implicit and explicit FTPS. (BZ#532099)
multipath_component_detection option in the /etc/lvm/lvm.conf.
glxgears window (when glxgears is run). Doing so can lock the system.
Device section of /etc/X11/xorg.conf:
Option "Tiling" "0"
insmod: error inserting '/lib/aes_generic.ko': -1 File existsThis message can safely be ignored. (BZ#466296)
install.log:
Installing kernel-2.6.18-158.el5.s390x cp: cannot stat `/sbin/dmraid.static': No such file or directoryThis message can be safely ignored.
httpd to connect to a remote port which SELinux would otherwise deny:
~]# setsebool -P httpd_can_network_connect=1perftest will fail if different CPU speeds are detected. As such, you should disable CPU speed scaling before running perftest. (BZ#433659)
mvapich and mvapich2 in Red Hat Enterprise Linux 5 are compiled to support only InfiniBand/iWARP interconnects. Consequently, they will not run over ethernet or other network interconnects. (BZ#466390)
cannot open `/tmp/openmpi-upgrade-version.*' for reading: No such file or directoryThe message is harmless and can be safely ignored. (BZ#463919)
openmpi and lam may prevent you from upgrading these packages. This bug manifests in the following error (when attempting to upgrade openmpi or lam:
error: %preun(openmpi-[version]) scriptlet failed, exit status 2openmpi and lam in order to install their latest versions. To do so, use the following rpm command:
rpm -qa | grep '^openmpi-\|^lam-' | xargs rpm -e --noscripts --allmatchesrpmdb: PANIC: fatal region error detected; run recovery error: db4 error(-30977) from db->sync: DB_RUNRECOVERY: Fatal error, run database recovery
1-0 revision: Thu Feb 16 2011. The revision date should be Tue Feb 21 2012. The content of the Release Notes reflects changes made to Red Hat Enterprise Linux 5.8.
<path_to_ISO>/Workstation/repodata/productid/etc/pki/product/ directory, making sure that the file copied ends with .pem (for example, /etc/pki/product/productid.pem)
systemtap-testsuite package fail with an Unknown symbol in module error on some architectures. These test cases include (but are not limited to):
systemtap.base/uprobes.exp
systemtap.base/bz10078.exp
systemtap.base/bz6850.exp
systemtap.base/bz5274.exp
uprobes.ko module. Some updated user-space probe tests provided by the systemtap-testsuite package use symbols available only in the latest uprobes.ko module (also provided by the latest SystemTap update). As such, running these user-space probe tests result in the error mentioned earlier.
rmmod uprobes to manually remove the older uprobes.ko module before running the user-space probe test again. (BZ#499677)
clocksource=acpi_pm or clocksource=jiffies to the kernel command line for the guest. Alternatively, if running under Red Hat Enterprise Linux 5.7 or newer, locate the guest configuration file for the guest and add the hpet=0 option in it.
Domain attempted WRMSR. These messages can be safely ignored; furthermore, they are rate limited and should pose no performance risk. (BZ#477647)
hda: lost interrupt errors.
Stop Error (also known as Blue Screen of Death, or BSOD) was displayed every time when shutting down the guest. To work around this issue, users are advised to uninstall VMware Tools from Microsoft Windows guests before conversion. (BZ#711972)
i810 driver. You should use the default intel driver instead. (BZ#468218)
EDID information from the monitor. When this occurs, the graphics driver will be unable to display resolutions highers than 800x600.
ServerLayout section of /etc/X11/xorg.conf:
Option "Int10Backend" "x86emu"
FINAL File Size = 8948021 bytes. load-base=0x4000 real-base=0xc00000 DEFAULT CATCH!, exception-handler=fff00300
FENCED_OPTS variable was escaped incorrectly. Consequently, only the first option passed to FENCED_OPTS was processed correctly and any further options were ignored. This update corrects the escaping of the FENCED_OPTS and all options are now honored as expected.
shutdown_con variable was not cleared if the shutdown process was killed. This caused the cman service to terminate with a segmentation fault in the unbind_con() function if another process shut down the utility. The shutdown_con variable is now cleared after the shutdown process is canceled and the utility shuts down gracefully.
service_cman.lcrso service did not provide debug symbols because the service was built without the -g CFLAGS option. The gcc compiler then built the debuginfo files without debugging symbols. This flag has been added to the Makefile and the service is now built with debugging symbols as expected.
ping command examples on the qdisk(5) manual page were missing the -w option. If the ping command is run without the option, the action can timeout. With this update, the -w option has been added to the example ping commands.
reboot command with the --missing-as-off option relied on the prompt, and the fencing failed. With this update, fence reboot works as expected.
passwd_script option in the cluster.conf file and fencing could fail. The arguments are now parsed correctly and fencing succeeds as expected.
qdiskd daemon failed to update a Quorum disk device after it was changed and the clustat command showed an old qdisk device as being used. The interactions between the cman utility and qdisk utility have been improved including cman logging, error reports, and checks of Quorum API usage. The qdiskd daemon can now update device names in cman; the error checking at qdickd startup has been improved.
fence_drac5 list operation, Dell Drac CMC devices were not working correctly as fence devices. The fence_drac5 list operation has been fixed for Dell DRAC CMC devices.
fence_vmware_soap() function has been updated to support unique virtual machine names.
KeyError: 'config.uuid'
fenced daemon.
-L option for logging in as a non-privileged user and fence with the user session privileges.
ricci daemon failed to detect if a host was capable of running a virtual machine. As a consequence, the Add a Virtual Machine Service tab was not displayed under Services when using the luci tool. With this update, calling the virsh program is now avoided, and the Add a Virtual Machine Service tab is now displayed under Services.
cluster.conf file was not updated. With this update, luci is modified so that the attribute in cluster.conf is correctly updated to reflect the new name of the resource.
__max_restarts and __restart_expire_time attributes for independent subtrees, but only for non-critical resources. If the user tried to set values for "Maximum number of restart failures before giving up (applies only for non-critical resources)" and "Restart expire time (applies only for non-critical resources)", these values were not added for the resource in the cluster.conf file. This update modifies luci so that users are now able to modify the aforementioned values in luci.
/usr/sbin/clustat) from within the modclusterd daemon or ricci's helper program, modcluster, could make these unresponsive. In such a case, processes depending on them could also become unresponsive or indicate an error. For example, in tools like luci, the affected node could be listed as having communications problems, or the cluster creation could become unresponsive. Patches have been applied to address this issue, and deadlocks no longer occur when executing external programs.
cluster.conf file. With this update, if the user inserts the quote character, the following error message appears:
The resource data submitted for this service is not properly formed
luci_admin restore command did not fully restore a database to the original state. This was because the luci_admin script only added items contained in the previously generated backup XML file. This update adds new options, -u (--update) and -r (--replace), that are used to either keep or remove existing configuration when restoring a database.
fence_ipmilan agent has been updated to support the "-L" option of the ipmilan daemon, thus supporting fencing with user session privileges level.
service luci restart) for the update to take effect.
multipathd daemon did not abort the path check. Consequently, the multipath application terminated unexpectedly if it attempted to access the multipath device information. With this update, multipathd aborts the path check and the daemon no longer crashes in this scenario.
multipathd daemon was looking for Compaq Command Interface for SCSI-3 Support (CCISS) device information at an incorrect location in the sysfs file system. As a consequence, it was impossible to configure multipath on CCISS device. This bug has been fixed, device-mapper-multipath now finds the device information in the described scenario, and multipath can now properly configure CCISS devices.
multipathd daemon was printing warning messages on removal of non-multipath Device Mapper devices. With this update, the underlying code has been fixed and no warning messages are logged on removal of such devices.
multipathd daemon maintains a list of essential directories it needs to be able to access from its private namespace at all times. When unmounting an unnecessary device, multipath checks if the device mount point is not in the list. Previously, multipathd did not check whether the directories listed were symbolic links to the devices and did not consider the devices mounted at the symlinked mount point to be necessary. Consequently, if such a device was marked as unnecessary, multipathd unmounted the device even though the location was listed as essential, because it was listed as a symbolic link. With this update, multipathd detects symbolic links to necessary devices in the list and the symlinked devices are not unmounted. This update also adds a new parameter, keep_dir, which allows users to specify directories that multipathd preserves in its private namespace.
multipathd fails to delete the entire device, it restores any partitions, which were already deleted.
!) character in the CCISS sysfs name to the slash (/) character in the CCISS device name. As a consequence, the callout programs failed to set path priorities for these devices. The multipath utility now supports the new %c wildcard for callout functions and the CCISS names are converted correctly.
multipathd daemon returned incorrect path groupings for the multipath devices configured to use the group_by_node_name grouping policy. This was due to an incorrect reporting of the target node name for iSCSI targets. With this update, multipath checks the iSCSI target name if the FC (Fibre Channel) path check fails and the target name reporting works as expected.
multipathd terminated unexpectedly if the file_timeout parameter was set to 0. With this update, multipathd uses the default file timeout of 90 seconds just as when the parameter is set to a negative value and the problem no longer occurs.
multipathd did not clean some of the buffers used to collect the SCSI data. With this update, the buffers are cleaned properly and the problem no longer occurs.
multipathd assumed that the argument was referring to the file. Multipath now performs a check to prevent such an incorrect argument handling and the commands are executed as expected in this scenario.
manual failback, multipath was incorrectly failed back to the primary path group on a path's priority change. With this update, the device no longer fails back to the primary path group under these circumstances.
selector key word, while device sections were using the path_selector key word. To ensure consistency, the default section now accepts both key words, the selector and path_selector.
file_timeout was not documented. This update adds the respective documentation to the multipath.conf.annotated file.
xfrm6_tunnel_rcv() function in the Linux kernel's IPv6 implementation could lead to a use-after-free or double free flaw in tunnel6_rcv(). A remote attacker could use this flaw to send specially-crafted packets to a target system that is using IPv6 and also has the xfrm6_tunnel kernel module loaded, causing it to crash.
xfrm6_tunnel, you can prevent the xfrm6_tunnel module from being loaded by creating (as the root user) a /etc/modprobe.d/xfrm6_tunnel.conf file, and adding the following line to it:
blacklist xfrm6_tunnel
xfrm6_tunnel module cannot be loaded accidentally. A reboot is not necessary for this change to take effect.
I_LOCK flag in inode->i_state. In addition to this, the write code path also needs the latest stateid returned by open to before it can proceed. It waits for this while holding the I_LOCK bit in inode->state. As a consequence, multi-threaded applications could be blocked when using NFSv4. With this update, the nfs_fhget() function has been modified to use the I_NEW flag for the open code path, thus fixing this bug.
qla2xxx driver and the HBA firmware, storage I/O traffic could become unresponsive during storage fault testing.With this update, these bugs have been fixed and the hangs no longer happen in the described scenario.
dirty_ratio limit. With this update, the code for COMMIT calls has been improved to not skip such calls if the system is under memory pressure and to allow high priority COMMIT calls to bypass inode commit locks. Now, the pauses in traffic no longer occur in the described scenario.
ERROR state, the counter was updated incorrectly when running under the z/VM operating system with the QIOASSIST flag switched on. Consequently, the buffer handling logic in QDIO was working incorrectly. This update fixes the code to update the counter correctly in the described scenario, thus fixing this bug.
vfs-automount infrastructure assumes that the LOOKUP_DIRECTORY flag is included in nameidata flags if a trailing slash character (/) is given on a path being walked. But this flag is private to the __link_path_walk() function so it must be added when looking up the last component. Previously, during a path walk where the path included a trailing slash character, LOOKUP_DIRECTORY was not propagated to path walk functions. Consequently, directories that needed to trigger an automount failed to do so, which resulted in a -ENOTDIR error. This bug has been fixed and the error code is no longer returned in the described scenario.
NF_FORWARD hook did not meet the requirements of the IP stack. Consequently, hosts could terminate unexpectedly. A backported upstream patch has been provided to address this issue and the crashes no longer occur in the described scenario.
kvmclock initialization was used in a guest, it could write to the time stamp counter (TSC) and, under certain circumstances, could cause the kernel to become unresponsive on boot. With this update, TSC synchronization, which is unnecessary due to kvmclock, has been disabled, thus fixing this bug.
be2net driver, if a card was reset due to EEH (Enhanced Error Handling), the error recovery involves ring clean-up and re-creation. However, because worker threads touch this ring, there was a race condition that caused kernel to terminate unexpectedly. With this update, a worker thread is stopped during this clean-up process, thus preventing this bug.
/proc/<PID>/ directories. One of the options is called hidepid= and its value defines how much information about processes is provided to non-owners. The gid= option defines a group that gathers information about all processes. Untrusted users, which are not supposed to monitor tasks in the whole system, should not be added to the group.
Invalid transact2 SMB:
Illegal configuration detected for Max BW - using 100 instead.
eth0: Something bad had happen! Aii! [bnx2x_release_hw_lock:1536(eth0)]Releasing a lock on resource 8 eth0: Recovery flow hasn't been properly completed yet. Try again later. If u still see this message after a few retries then power cycle is required.
bnx2 0003:01:00.1: eth1: Failed waiting for ULP up call to complete
/sbin/kexec binary and utilities that together form the user-space component of the kernel's kexec feature. The /sbin/kexec binary facilitates a new kernel to boot using the kernel's kexec feature either on a normal or a panic reboot. The kexec fastboot mechanism allows booting a Linux kernel from the context of an already running kernel.
SSH (Secure Shell) StrictHostKeyChecking=no option when dumping to SSH targets, causing the target kdump server's SSH host key not to be checked. This could make it easier for a man-in-the-middle attacker on the local network to impersonate the kdump SSH target server and possibly gain access to sensitive information in the vmcore dumps.
initrd files with world-readable permissions. A local user could possibly use this flaw to gain access to sensitive information, such as the private SSH key used to authenticate to a remote server when kdump was configured to dump to an SSH target.
/root/.ssh/ directory and the host's private SSH keys) in the resulting initrd. This could lead to an information leak when initrd files were previously created with world-readable permissions. Note: With this update, only the SSH client configuration, known hosts files, and the SSH key configured via the newly introduced sshkey option in /etc/kdump.conf are included in the initrd. The default is the key generated when running the service kdump propagate command, /root/.ssh/kdump_id_rsa.
kexec no longer attempts to use the reserved memory range, and boots as expected.
mkdumprd utility lacked proper support for using VLAN devices over a bond interface. Consequently, the network could not be correctly set up in the kexec kernel and Kdump failed to capture a core dump. This update modifies mkdumprd so it now provides full support for configuring VLAN devices over a bond interface. Kdump now successfully dumps the vmcore file to a remote machine in such a scenario.
mkdumprd caused Kdump to be unable to bring up a network interface card (NIC) if a NIC configuration file, such as /etc/sysconfig/network-scripts/ifcfg-eth0, did not contain a default gateway. When sending the vmcore file over a network using the SSH or NFS protocol, any attempt to bring the NIC up failed with the following error:
ifup: option with empty value "gateway"
vmcore file. With this update, mkdumprd performs a check whether the default gateway is specified and thus avoids adding an empty gateway into the /etc/kdump.conf file. The vmcore file is now successfully dumped to a remote machine.
mkdumprd caused Kdump to be unable to bring up a bridge device when its slave device was renamed in the kexec kernel. When sending the vmcore file over a bridged network, any attempt to bring the bridge device up failed with a similar error:
ifup: Ignoring unknown interface eth2
vmcore file. This update modifies mkdumprd to search for the correct slave device names in NIC configuration files instead of using the old names. Kdump over a bridged network now works as expected.
CCISS driver, are known to be non-resettable in the kexec kernel. Therefore, when such a device was selected as a dump target, any attempt to dump a core file on it caused the kexec kernel to become unresponsive. This update modifies mkdumprd to check whether the target device is resettable. If the target device is non-resettable, then Kdump will not start and the kexec kernel no longer hangs under these circumstances.
mkdumprd utility was unable to handle errors returned by the makedumpfile command if the command was piped with other commands. Therefore, when sending a core dump file over a network using the SSH protocol and makedumpfile failed, the system rebooted immediately instead of dropping to the shell. This update allows mkdumprd to catch return codes of piped commands so that Kdump now fails right after a makedumpfile failure and the system drops correctly to the shell.
mkdumprd utility did not properly handle renaming of NIC devices in the kexec kernel. Therefore, when sending a core dump using a VLAN device over a bond interface, Kdump displayed various error messages related to VLAN device names. This update modifies mkdumprd so it now works with VLAN device names correctly.
mkdumprd utility did not handle NFS unmount failures correctly. Therefore, when dumping a core over the NFS protocol and a test attempt to unmount an NFS export failed, mkdumprd removed all files from this NFS export. This update corrects mkdumprd so that it only removes empty NFS exports and no data loss occurs under these circumstances.
mkdumprd utility lacked support for the XFS file system, and therefore Kdump failed to capture the vmcore dump file on XFS file systems. This update backports support for the XFS file system from Red Hat Enterprise Linux 6 so Kdump now creates core dumps on XFS file systems as expected.
mkdumprd utility, blacklist. This option allows mkdumprd to prevent specified kernel modules from being loaded into the kexec kernel.
mkdumprd utility supports static route configuration so that Kdump is now able to dump the vmcore file to a remote machine over a network with static routing.
mkdumprd utility has been modified to recognize and support iSCSI devices so that iSCSI devices can now be specified as a dump target.
Hypervisor with an Intel CPU is the only supported implementation. Note that the dump target must be specified in the /etc/kdump.conf file.
KSH-93 is the most recent version of the KornShell by David Korn of AT&T Bell Laboratories. KornShell is a shell programming language which is also compatible with sh, the original Bourne Shell.
ext4 file systems, ksh returned unexpected results even though ext4 file systems support nanosecond resolution. With this update, ksh has been modified to use only second resolution and file time stamps comparison now produces correct results in the scenario described.
ps command because the ps command detected more instances of the same script. With this update, this time window has been significantly reduced so the ps command now detects only one script instance.
eval command to be the last in the script, and did not run it in a separate process. Consequently, using eval or executing commands from another file (that is, by using the . built-in command) may have prevented ksh from executing any subsequent commands. With this update, the underlying source code has been adapted to determine whether a script contains other commands and to perform the selected action in a separate process if it does. As a result, ksh now executes all commands in a script as expected.
IFS variable was unset inside a function used in a script, the memory being used was erroneously freed. Consequently, ksh terminated unexpectedly with a segmentation fault. With this update, ksh allows the IFS variable to be unset, but without freeing the memory so that ksh no longer crashes under these circumstances.
typeset command could cause ksh to terminate unexpectedly with a segmentation fault. This update corrects the array handling in this command and ksh no longer crashes.
$0 was changed to the name of the function instead of keeping the original value, the name of the caller function. With this update, an upstream patch has been applied to correct the code and ksh keeps the name of the caller function in $0 as expected.
trap command to capture a SIGPIPE signal, sending this signal via the built-in echo command could cause its output to be incorrectly added to the redirected output of an external command. With this update, ksh now flushes the output buffer before redirecting any output streams.
eval argument. With this update, an upstream patch has been applied and the ksh no longer hangs in the scenario described.
ulimit built-in function did not properly handle setting of the limit for virtual memory usage, which was set by the -v parameter. Consequently, every time this limit was modified, also the CPU time limit was changed, which was undesirable. This update modifies handling of the virtual memory limit so that it does not influence the CPU time limit anymore.
pipeline to complete when the pipefail option was used. Consequently, a failed exit status was erroneously reported even when the pipeline had not failed. With this update, the code has been improved and the pipefail option now functions as expected.
coprocess. The previous version of ksh did not handle the nested command substitutions correctly, which could result in a race condition between job routines in the signal handler and the parent process. Subsequently, ksh could erroneously close stdout of the running coprocess. With this update, ksh now checks whether the coprocess is running before it attempts to close its file descriptor. KornShell now handles the nested command substitutions properly.
output stream or an error stream was redirected in the sourced script, the respective stream remained redirected in the parent script as well. With this update, file handles are restored after execution of sourced scripts so a parent script is not affected by sourced script redirections.
here document (heredoc - specifies a string literal in command line shells) was combined with an auto-loaded function, interference with the here document processing could occur causing output to be truncated to 8 KB. This update improves the here document processing logic and auto-loaded functions no longer have a negative side effect on here documents.
whence built-in command could enter an infinite loop when used with the -q option. Consequently, ksh consumed up to 100% of CPU and became unresponsive. With this version of ksh, the underlying code of the whence built-in command has been modified and ksh no longer hangs, when -q option is used.
raw mode with echo disabled. Normally, the terminal is restored with the previous settings after the operation has been finished. This did not work in the previous ksh version if the user's locale was set to use multibyte encoding (for example UTF-8). With such a locale, ksh failed to restore the terminal settings if it timed out while executing the read built-in command. Subsequently, the terminal did not echo any characters until it was reset. This updates applies a patch ensuring that the terminal is restored properly after timeout and user's input is now echoed as expected.
kill built-in command did not properly handle errors when it was given an extremely large value as the PID parameter. The kill command then internally reported the code -1, which was interpreted by ksh as the -1 option and ksh thus killed all user processes. This update corrects handling of PID conversion errors so that ksh can no longer misinterpret the kill command return values. The command now, under these circumstances, fails with an error as expected.
ulimit command now provides the ability to read and set the RLIMIT_RTPRIO and RLIMIT_NICE resource limiters.
kvm_vm_ioctl_assign_device() function in the KVM subsystem of a Linux kernel did not check if the user requesting device assignment was privileged or not. A member of the kvm group on the host could assign unused PCI devices, or even devices that were in use and whose resources were not properly claimed by the respective drivers, which could result in the host crashing.
get_real_device: /sys/bus/pci/devices/0000:09:00.0/resource: Too many open filesThe problem has been fixed, and NIC can now be successfully attached to or detached from a guest machine more than 250 times.
Too many assigned devicesHowever, when hot plugging PCI devices, the limitation of maximum number of devices assigned did not take effect, and the user could hot plug more than 8 PCI devices. QEMU has been modified to refuse to assign the ninth and any further hot plugged PCI devices with the aforementioned error message.
mktime() function incorrectly modified an input parameter according to the time zone of the host machine. As a consequence, if the user did not use Network Time Protocol (NTP) and the time zone on the host machine was set to "America/New_York", time displayed on the clock of a guest machine was shifted one hour forward on the first reboot. With this update, mktime() is not used if UTC time is specified, and the correct time is displayed in the aforementioned scenario.
select() to /dev/rtc to wait for clock tick timed outThis update adds support for the AIE mode emulation, so that UIE and AIE mode interrupts now work properly and applications run as expected.
multipath_component_detection option in the /etc/lvm/lvm.conf file.
lvcreate --alloc anywhere command did not guarantee placement of data on different physical devices. With this update, the above command tries to allocate each mirror image to a separate device first before placing it on a device that is already used.
lvconvert command, the exclusive nature of the activation was lost and the cluster-aware mode was attempted. This failed due to the lack of the necessary daemon or kernel module. The following error message was logged:
Unable to send cluster log request [DM_CLOG_CTR] to server: -3
dmeventd, the event monitoring daemon for device-mapper devices. The code has been improved and the redundant information after a resize operation is no longer logged to system log.
lvconvert command to convert a linear device to a mirror with stripes, the lvconvert command entered an infinite loop. The problem occurred if the number of needed extents was not divisible by the number of areas. This has been fixed: the allocation is now properly rejected if the number of extents is not divisible by the number of areas.
dmeventd when they were being written to and filling up even when the threshold was turned off by setting snapshot_autoextend_threshold = 100. This update removes this message as it is now considered redundant because the LVM command lvextend reports all relevant information.
pvcreate command logged the following erroneous error:
/dev/md0 sysfs attr level not in expected format: linear
pvcreate for MD linear devices.
dm_report: left-aligned snprintf() failed
vgsplit command is now able to split a volume group containing a mirror with mirrored logs.
Internal error: Maps lock < unlock
Reserved memory (%ld) not enough: used %ld. Increase activation/reserved_memory?
%ld is replaced with the value of memory used. This provides better information about the source of the problem to the administrator. Preallocated memory can be changed in the lvm.conf file using the reserved_memory option.
lvextend command with the -r option.
initrd file system image. The initrd image is an initial RAM disk that is loaded by a boot loader before the Linux kernel is started.
insmod: error inserting '/lib/raid456.ko': -1 File exists
LABEL-based mounts with iSCSI RAID arrays. Consequently, the following error message was logged when updating the kernel:
/sbin/scsi_id: option requires an argument -- s
lvm.conf file had the command_names or prefix directives set, the output from lvm.static would be corrupted. With this update a patch has been applied to override the system settings while running mkinitrd and the initrd image created now has an uncorrupted lvm.conf file.
dirsync mount option for ext3 file systems. Consequently, if the dirsync option was used for the root file system in the file systems table (fstab), the system did not boot. The following error message was logged:
EXT3-fs: Unrecognized mount option "dirsync" or missing valueThis update includes a patch to support the
dirsync option with the mount command and synchronous directory modifications can now be made while using ext3 file systems.
cp: cannot stat `/sbin/dmraid.static': No such file or directoryWith this update, a requirement for dmraid has been added to the mkinitrd specification file (
mkinitrd.spec). The mkinitrd command now works as expected on IBM System/390 and System z.
network command. Consequently, the DEBUG, PROMISC, and ALLMULTI flags were incorrectly enabled on network interfaces. The problem has been corrected in libdhcp and the mkinitrd spec file has been changed to require libdhcp-devel-1.20-12 or later. As a result, the incorrect flags are no longer set on the network interfaces.
grubby --info=ALL was executed and grub.conf contained Windows boot definitions. With this update, a patch has been applied and grubby no longer crashes but returns non linux entry in the scenario described.
--update-kernel=ALL command directive worked only once. Subsequent use of the --update-kernel=ALL command directive only updated the arguments for the first kernel entry found. With this update a patch has been applied and the problem no longer occurs in the scenario described.
multipath in its list of limitations for FIPS support. With this update, the man page entry for FIPS has been improved to say the following:
/boot Must not be on multipath, nfs, dmraid or mdraid
/etc/rc.sysinit. With this update, a patch has been applied to improve the code and nash-hotplug now exits when the parent process terminates.
/dev/mpath/ directory. As a consequence, the system could not boot if such a multipath device contained the root file system. With this update, the regular expression has been corrected, and mkinitrd now correctly recognizes multipath devices in the /dev/mpath/ directory.
snmpd, wrongly calculated CPU ticks on 32-bit platforms. This resulted in incorrect UCD-SNMP-MIB::systemStats being reported after more than 30 days of uptime. With this update, snmpd calculation of CPU ticks is fixed, and correct systemStats are now reported.
snmpd, enumerated active TCP connections for TCP-MIB::tcpConnectionTable in a very inefficient way with O(n^2) complexity. With many TCP connections, an SNMP client could time out before snmpd processed a request regarding the tcpConnectionTable, and sent a response. This updated improves the enumeration mechanism and snmpd now swiftly responds to SNMP requests in the tcpConnectionTable.
snmpd daemon did not properly recover when the system run out of memory when populating IP-MIB::ipNetToPhysicalTable. Consequently, the daemon sometimes terminated unexpectedly. This update adds additional checks to determine when running out of memory and the snmpd daemon no longer crashes in the scenario described.
/usr/share/snmp/mibs/.index was not marked in the net-snmp package specification file (spec file) as being exempt from verification. Consequently, the rpm -V net-snmpcommand sometimes reported a warning that file /usr/share/snmp/mibs/.index was modified. This file is updated by various SNMP applications and daemons, therefore it should not be checked by rpm -V. With this update, the .index file is explicitly marked as volatile and rpm -V no longer reports its updates.
snmpd daemon. With this update, the object identifier for UCD-SNMP-MIB::dskPercentNode has been restored and it now properly reports percentages of used inodes on storage devices, thus fixing this bug.
snmpd could terminate unexpectedly when monitoring an Object Identifier (OID) using the monitor configuration option while the monitored OID was handled by the external AgentX subagent. With this update, a backported patch has been applied and the snmpd daemon no longer crashes when monitoring such OIDs.
snmpd was started and did not find a network interface which was present during the last snmpd shutdown, the following error message was logged:
snmpd: error finding row index in _ifXTable_container_row_restore realStorageUnits config option was disabled. With this update, calculation of hrStorageUsed is fixed and is now reported correctly in HOST-RESOURCES-MIB::hrStorageTable.
register() method in the NetSNMP::agent module and terminated unexpectedly when this method failed. With this update, the register() method has been fixed and the updated perl modules no longer crash on failure.
snmpd properly recognizes VxFS devices and reports them in HOST-RESOURCES-MIB::hrStorageTable.
snmpd wrongly parsed the OID from the smuxpeer configuration option and thus rejected incoming SMUX communication. With this update, parsing of the smuxpeer configuration option is fixed and snmpd now accepts incoming SMUX requests as expected.
rpc.statd[xxxx]: recv_rply: can't decode RPC message! rpc.statd[xxxx]: *** SIMULATING CRASH! *** rpc.statd[xxxx]: unable to register (statd, 1, udp).
syncrepl) enabled and a large amount of data was replicated, the memory was used extensively. Consequently, the standalone LDAP daemon (slapd) was sometimes not able to allocate enough free memory using its default memory allocation mechanism and slapd fell back on the secondary memory allocation mechanism without freeing the memory properly, causing memory leaks. With this update, the slapd daemon frees the memory correctly in such a scenario, and memory leaks no longer occur.
slapd server may have caused the CPU usage to reach 100% and the server to become unresponsive for about three seconds. With this update, an existing upstream patch has been applied to target this issue, and the OpenLDAP suite now works as expected.
slapd service to terminate unexpectedly with an assertion error. This update applies an upstream patch that adds mutexes to protect multiple threads from accessing a structure with a connection, and the slapd service no longer crashes.
libldap library did not provide the ldap_init_fd() function, even though certain utilities such as cURL rely on it and could not work properly as a result. This update applies a backported upstream patch that implements this API function, and these tools now work as expected.
syncrepl utility configured, adding or removing data from a master server occasionally caused the slapd server to terminate unexpectedly. An upstream patch has been provided and the crashes no longer occur in the described scenario.
slapd service with the ppolicy overlay enabled, an attempt to delete the userPassword attribute could cause the service to terminate unexpectedly, leaving the database in a corrupted state. With this update, an upstream patch has been applied to address this issue, and deleting the userPassword attribute no longer causes the slapd service to crash.
-fno-strict-aliasing option is passed to the compiler to avoid optimizations that can produce invalid code, and no warning messages are now returned during package compilation.
TLS_CACERTDIR option, some of the certificate files were not accessible. Consequently, openldap could not establish TLS (Transport Layer Security) connections. An upstream patch has been provided to address this issue and openldap now establishes TLS connections to the server, even if some certificates specified in TLS_CACERTDIR are inaccessible.
ldap init script was incorrectly marked as a configuration file. When manual modifications had been made to it while the openldap-servers package was installed, and when the package had been updated, the init script was not overwritten as part of the upgrade. With this update, the openldap spec file has been updated to reflect that the ldap init script is not a configuration file, and openldap-servers now overwrites the init script properly in the described scenario.
ldap.conf(5) manual page has been updated to emphasize that to specify Certificate Authorities, the TLS_CACERT option is the preferred one to the TLS_CACERTDIR option.
migrate_all_offline.sh script was used to migrate duplicate accounts, the migration process terminated. With this update, the script no longer interrupts the process, when certain errors occur. Local duplicate accounts no longer cause the migration process to interrupt.
ASEHAagent resource agent previously specified all resource attributes as unique. As a consequence, it was difficult to have more than one ASEHAagent resource present in the cluster because the Resource Group Manager ignores all resources with conflicting "unique" attributes. This update removes the unique flag from all unnecessary attributes so it is now possible to run multiple ASEHAagent resource agents on one cluster node.
nfsclient.sh script correctly. Therefore, rgmanager was unable to detect removal of an NFS export from the export table if there was another NFS export which matched the wildcard pattern. Consequently, rgmanger did not restart the appropriate NFS service as expected. This update corrects wildcard matching logic so that rgmanager now correctly recognizes removal of matched NFS exports and restarts the relevant NFS service.
rg_wait_threads() function during cluster reconfiguration. This could lead to an internal deadlock in rgmanager, which caused the cluster services to become unresponsive. This incorrect call has been removed from the code and deadlocks now no longer occur during cluster reconfiguration.
stopped event could be processed after a service and its dependent services had already been restarted. This forced the dependent services to be restarted erroneously. This update allows rgmanager to ignore the stopped events if dependent services have already been started and the services are no longer restarted unnecessarily.
LVM commands, failed devices could not be removed from a volume group (VG) in the same way as previously. This resulted in an inability to relocate cluster services because the affected VG and logical volumes (LVs) could not be modified while the failed device was present in the VG. This update adds an additional command that is now needed in order to remove the failed physical volume from the VG. Services running on affected LVs can now be relocated correctly.
oracledb resource instances at the same time, several instances could attempt to write into a shared log file at the same moment. This caused all but one resource to fail and the log file to become corrupted. With this update, rgmanager now uses a unique log file per each oracledb resource instance.
SAPDatabase resource agent shipped with the Red Hat Enterprise Linux High Availability add-on was out of sync with the upstream version. This could cause Resource Group Manager to fail to manage SAP instances properly. This update applies multiple upstream patches, which provide several bug fixes and enhancements, including the following:
rc variable has been corrected in several internal functions.
listener service is now started only if some database processes have been found.
eval command is no longer used to start a new process when unnecessary.
SAPDatabase resource agent allows improved handling of SAP database instances in Red Hat cluster environment.
encrypt passwords = no in /etc/samba/smb.conf, Samba clients running on the Windows XP or Windows Server 2003 operating system may not have been able to access Samba shares after installing Microsoft Security Bulletin MS11-043. This update corrects this bug, allowing such clients to use plain-text passwords to access Samba shares.
Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE!
ServerName\None was incremented every time the Identity Mapping (IDMAP) cache expired. Given enough time the GID would eventually reach the top of the range specified by the idmap gid directive in the smb.conf file. Consequently, new allocation of GIDs would not be possible and a group would no longer resolve properly. This update includes an upstream fix and the cache expiry no longer causes GIDs to increment.
winbind produces excessive debug output messages when attempting to register an already-registered IDMAP module. Previously, the messages were set to debug level 0. Consequently, the messages could not be filtered by lowering the log level parameter in smb.conf. With this update, a patch has been applied to increase the debug level of the messages to 5. As a result, the debug messages can now be filtered by setting the smb.conf log level parameter.
force create mode parameter was not honored properly. As a result, files created on a mounted Samba share did not properly follow the umask parameter, and files with undesired permissions were created. With this update, the bug has been fixed and files are now created with the correct permissions.
gidNumber LDAP attribute if Windows Services for UNIX (SFU) are enabled, or if the standard RFC 2307 LDAP attributes in the Active Directory (AD) are used. Instead, Winbind uses the primaryGroupID LDAP attribute. With this update, the man pages have been updated accordingly to reflect the aforementioned limitation.
symlinks = yes parameter was not set. This bug has been fixed in this update so that extracting files from a ZIP archive now works as expected.
idmap_ad specified as the backend, enumerating users was enabled, and most of the users had UIDs, then when calling getent passwd for a user who had no UID, the enumeration stopped and the following error was displayed:
NT_STATUS_NONE_MAPPED
ads_dns_lookup_srv: Failed to resolve _ldap._tcp.._sites.dc._msdcs.AD.EXAMPLE.COM
0 instead of 1. Consequently, using smbclient in a script caused some scripts to fail. With this update, an upstream patch has been applied and smbclient now returns the correct exit status.
smb.conf file. Consequently, the positive and negative entries in the cache would not expire until the opposite type of query was made. This update contains a backported fix for the problem. As a result, the idmap cache time and idmap negative cache time directives now work as expected.
-k option for using Kerberos authentication. Consequently, users were not aware how to use Kerberos authentication with the net utility. This update adds the missing documentation to the man page.
wpa_cli client utility to connect to the running wpa_supplicant daemon. With this update, the SELinux policy has been fixed, and wpa_cli now works as expected.
smartd daemon was not able to set up an monitor of a 3ware device. This update corrects this bug by adding an appropriate policy, which allows the smartd policy to create a fixed disk device node.
cron daemon to read a Kerberos configuration file. This update fixes the relevant SELinux policy to make sure the Kerberos configuration file can be read by the cron daemon.
smartd daemon caused Access Vector Cache (AVC) messages to be written to the audit log file. With this update, the relevant policy has been fixed and the AVC messages are no longer produced in the described scenario.
samba service from scanning the /boot/ directory when responding to quota check requests. The error has been fixed and samba is now allowed to search all mount points in the system.
rsyslogd daemon was unable to connect to a MySQL database when support for the rsyslog-mysql package was enabled. This bug has been fixed and rsyslogd is now allowed to connect to MySQL as expected.
ricci service from installing RPM packages. With this update, the fixed SELinux rules, which allow ricci to install RPM packages, have been provided.
fetchmail.log in their home directory. This update adds a SELinux security context for the .fetchmailrc file located in user home directories to allow the fetchmail application to get external private emails.
procmail mail delivery agent was not allowed to execute the hostname command when HOST_NAME=`hostname` was specified in the configuration file. This update adapts the SELinux policy to support this procmail option.
squid daemon with SELinux enabled, the AVC message related to the netlink_audit_socket SELinux class was written to the audit log file. With this update, the relevant policy has been fixed and using PAM with squid no longer produces these messages.
swat (Samba Web Administration Tool) utility from writing to samba log files. This bug has been fixed and swat is now allowed to write to all samba log files.
sysadm_t SELinux user type transition to the passwd_t SELinux domain, which is intended for the passwd utility.
/etc/passwd.adjunct file contained an incorrect label, resulting in a wrong SELinux security context. This update adds a SELinux security context for /etc/passwd.adjunct to make it possible to use this file on a Network Information Service (NIS) server.
rsyslog clients were incorrectly denied access to port 6514 (syslog-over-TLS). This update adds a new SELinux policy that allows rsyslog clients to connect to this port.
omsnmp module enabled, the latest version of the rsyslog daemon can send log messages as SNMP traps. This update adapts the SELinux policy to support this new functionality.
ricci daemon caused Access Vector Cache (AVC) messages to be written to the audit log file. With this update, the relevant policy has been fixed and starting ricci no longer produces these messages.
nss_ldap module to get information (such as users, hosts, and groups) from LDAP directories. With this update, fixed SELinux rules, which allow finger to connect to the LDAP port to get all needed information from LDAP, have been provided.
ssh-keygen utility, the user is able to generate SSH keys anywhere. However, transition from the unconfined_t to the ssh_keygen_t domain prevented this functionality. To make the ssh-keygen utility work correctly at all times, the ssh_keygen_t SELinux domain type has now been provided as an unconfined type.
sssd service was not allowed to create, delete, or read symbolic links in the /var/lib/sss/pipes/private/ directory. This update fixes the relevant SELinux policy rules to allow sssd to perform these operations.
sssd service did not work properly; if a user authenticated to the sshd service using the Generic Security Services Application Program Interface (GSSAPI), subsequent authentication attempts failed. This update adds an appropriate security file context for the /var/cache/krb5cache/ directory, which allows sssd to work correctly in the described scenario.
iscsiuio binary was not defined in the policy. Consequently, the operation of the iscsid daemon could experience problems. This update adds a SELinux security context for the /sbin/iscsiuio file to make iscsid run in the proper SELinux domain, thus fixing this bug.
pam_oddjob_mkhomedir utility could not be run, home directories could not be created, and actions for the oddjob service were denied. With this update, the appropriate SELinux rule has been provided and SELinux no longer prevents pam_oddjob_mkhomedir from working correctly in the described scenario.
nice utility to modify scheduling priority of the openvpn service failed. This update provides fixed SELinux rules, adds the sys_nice capability, and users are now allowed to modify the scheduling priority as expected.
mcelog service has been added to make mcelog work properly on SELinux Multi-Level Security (MLS) systems.
subscription-manager utility has been provided for selinux-policy.
dhcpc_exec_iptables, has been added to allow the dhcpd daemon to execute iptables commands.
--tmp-dir command option allowing the sosreport tarballs to be stored in a user-specified directory. After this change, sosreport no longer determined a directory for the tarballs from the TMP environment variable. The Red Hat Enterprise Virtualization 2.2 Log Collector application expected sosreport to use the TMP variable therefore Log Collector failed to collect the tarballs correctly from hosts. With this update, sosreport relies on the TMP environment variable again if the directory is not specified by the --tmp-dir option and Log Collector now works as expected.
lstrip() method to extract the release number of the kernel package from the complete NVR (Name, Version, Release) string. This resulted in invalid release strings for certain kernel versions. As a result, sos incorrectly reported warnings for valid gfs2 kernel module configurations. The cluster module has been modified to correctly obtain the release substring from the complete package NVR and false positives are no longer reported for valid package combinations.
sosreport command now runs in single-threaded mode by default. This behavior was previously enabled by running the command with the --no-multithread option. This update adds the --multithread option to allow the previous behavior. As a result, sosreport now behaves more consistently when keyboard interrupts or other signals are received.
kill pid commands where pid is the PID of the sosreport process. In the case the command fails, send the process the SIGKILL signal: issue the kill -9 pid command.
syslogd or rsyslogd daemon for logging. However, the used heuristic incorrectly identified an installed rsyslog as being used even though it was not configured. As a result, sos failed to collect custom-defined log destinations specified in the syslog.conf file of the host. The general module no longer attempts to determine, which log daemon is in use and collects any user-defined log destinations present in either the rsyslog or syslog configuration file.
sosreport command allows the user to restrict the maximum size of log files collected by the general plug-in using the general.syslogsize option. If the limit is exceeded, a portion of the log file is stored in the report in the plug-in sos_commands directory. Prior sos versions did not create a symbolic link from the default location for the size-limited log file to the location in the plug-in commands directory. If the user was unaware that log size limiting was applied, they may have assumed that the file was missing. With this release, sosreport creates symbolic links that point from the default location to the size-limited log file. Users can now find the expected content at the default location within sosreport regardless of the applied log file size limits.
Voulez vous continuer (y/n)?
y) resulted in an error. The expected response string has been changed to match the translated prompt and the program now suggests the correct response.
sosreport command has been modified to report any exceptions raised during plug-in processing to the sos log file or to the terminal output when run in verbose mode. Plug-in exceptions can now be discovered with the normal sos logging mechanisms while retaining the previous behavior of not permitting such exceptions to prematurely terminate the sos process.
sosreport command uses the Python libxml2 bindings to parse XML-formatted files such as /etc/cluster/cluster.conf. A malformed XML markup triggers a parser exception. This exception was caught by the generic module handling routines and was not reported to the user. Systems with a malformed cluster.conf reported no errors but the cluster module terminated abnormally without collecting the full set of data. The cluster module has been modified to catch parser exceptions internally and print a diagnostic message to alert the user to the problem.
/etc/libvirt/ directory and log files in the /var/log/libvirt/ directory are now collected when present.
cs module has now been updated to include support for the later versions, and collection of configuration and log data on the later Red Hat Certificate System works as expected. In addition, the functionality of the dogtag module has been merged to the revised cs module and the dogtag module has been removed from the sos package.
mrggrid module and sos now collects the full logs, configuration, and status information from MRG components automatically.
sosreport command now automatically collects the output of the ibv_devices and ibv_devinfo commands on appropriately equipped systems.
iscsi module that collects configuration and debugging output from the scsi-target-utils package and the information about configured software iSCSI targets is collected automatically.
ipa_server option in the /etc/sssd/sssd.conf file resulted in a successful dynamic update of the DNS records of the IPA DNS server. However, if two or more servers are specified, the update failed. This update addresses this issue, and specifying multiple servers in the ipa_server works as expected.
pam_sss module. As a result, tools that communicate directly with the password-change servers (for example kpasswd) were unable to operate. With this update, SSSD always passes the IP addresses of password change servers to the Kerberos library, thus the bug is fixed.
simple access provider in SSSD required that the user primary group was available to SSSD. As a result, the simple access provider did not work for users whose primary group was a local group stored in the /etc/group file because SSSD only handles remote groups. With this update, the failure to find the user primary group in the simple access provider is no longer treated as fatal so that users with the local primary group are handled correctly by the simple access provider.
initgroups and login operations failed for users whose user names contained special characters. With this update, the user names are now escaped, thus the bug is fixed.
ipa_server parameter resolves to. Previously, when the hostname resolved to an IPv6 address, the LDAP URI routines returned an error. As a result, the IPA provider was unable to function correctly in an IPv6 environment. With this update, the IPA provider now escapes all IPv6 addresses so that they can be consumed by the LDAP routines correctly, thus the bug is fixed.
krb5_renew_interval parameter.
initgroups operation performed too many disk writes, thus slowing the operation down. With this update, all entities retrieved from the remote server are first stored in an internal hash table, and then only a single transaction is used to store all the groups and their memberships so that the initgroups operation is now faster, especially for users who are members of a large number of groups.
initgroups() operation did not return all groups correctly. With this update, SSSD has been changed so that it can examine non-UNIX groups for potential UNIX nested member groups. SSSD is now able to return the complete list of groups even if the hierarchy mixes UNIX and non-UNIX groups.
ldap_default_authtok option was used, the ldap_default_authtok_type option was set to password even if it was not explicitly specified in the configuration file. With this update, password has been made the default value for the ldap_default_authtok_type option, thus the bug is now fixed.
initgroups operation. As a result, the initgroups operation failed. With this update, the IPA provider has been fixed so that the provider now gracefully handles users without group memberships and the initgroups operation succeeds for users who are not members of any group.
/etc/resolv.conf file, if the first one failed to resolve a hostname. As a result, SSSD switched to offline mode without asking the other configured name servers. With this update, the bug has been fixed by configuring the resolver to query all name servers so that hostname resolution correctly retries until it either queries all the configured name servers or resolves the hostname.
ldap_uri parameter was incorrectly configured so that the hostname part was missing, SSSD stored NULL in the pointer, in which the hostname was saved, and used it later on for establishing a connection. As a result, SSSD accessed the NULL pointer and terminated unexpectedly. With this update, the URI parsing function has been changed so it aborts when it cannot parse a valid hostname from the specified URI. SSSD reports an error and does not crash when an invalid ldap_uri parameter is used in the configuration file.
sssd daemon package did not explicitly specify that it required the sssd-client package of the same architecture. As a result, it was difficult to specify to install both primary and secondary architecture sssd-client packages on multiarch systems. With this update, the main sssd package now requires the sssd-client package of the same architecture, thus the bug is fixed.
ccache file for the user if the old ccache file had already expired. The SSH daemon used different processes with different UID values for different parts of the login process. As a result, if a user password expired after the user logged in, SSSD was unable to switch to a new ccache. With this update, SSSD forces removal of the old ccache if the Kerberos authentication subprocess returns a special PAM_NEW_AUTHTOK_REQD return code so that SSSD is able to recreate a ccache file instead of an existing (but inactive) ccache file for a user who logs in via SSH with an expired password.
inotify kernel subsystem to detect whether a Domain Name System (DNS) resolver file was changed. If inotify returned an error (for example due to resource exhaustion), SSSD terminated unexpectedly and network logins no longer worked. With this update, SSSD itself detects the failure in the described scenario and falls back to the five-second polling, fixing this bug.
supportedControl attribute of the server rootDSE entry, SSSD terminated unexpectedly with a segmentation fault. With this update, this bug has been fixed.
GID=0 set which acted like a "root" group. As a result, the operation that processed members belonging to the group with GID=0 was aborted. With this update, groups with GID=0 are treated as non-POSIX groups (that is groups that are containers only and not reported to clients) so that the groups are handled gracefully.
/etc/krb5.conf file is used in the case mentioned above.
member attribute had different value than what was determined as the primary name for that member object. With this update, SSSD stores all user name or group name aliases in the cache. When determining the membership structure, SSSD checks for aliases in addition to the primary name so that the membership structure is correctly determined and returned.
libdbus library failed. To prevent this problem from occurring, UTF-8 validity checks on the string have been added in the underlying SSSD code. SSSD now does not accept username strings that are not compliant with UTF-8 encoding so that SSSD no longer crashes.
libunistring for performing string comparisons where applicable so that SSSD is able to handle UTF-8 strings in the host-based access control rules.
ipa_hbac_treat_deny_as has been added to SSSD. The default value for the option is DENY_ALL, which means that any DENY rule in the whole set of rules will deny access regardless of what is the actual rule. Alternatively, the option can be set to IGNORE to skip the DENY rules.
DENY rules altogether, setting the ipa_hbac_treat_deny_as option to IGNORE may, under certain circumstances, allow access to users who are not intended to be allowed.
/var/tmp/ directory. Because the file names are not standardized, they were not handled by the Security-Enhanced Linux (SELinux) policy correctly. As a result, when using SELinux in Enforcing mode, SSSD did not work with the option krb5_validate set to true. With this update, support to specify the Kerberos replay cache directory, both at compilation time and in the configuration file, has been added into SSSD, also a corresponding SELinux policy update has been made to accommodate the Kerberos replay cache directory, thus the bug is fixed.
Invalid or Missing Entitlement certificates
DBus message to raise the window to the foreground and so caused the crash. With this update, a second instance of subscription-manager-gui is not started in the aforementioned scenario, which prevents the utility from crashing.
HTTPS GET request instead of an HTTPS CONNECT request. As a consequence, retrieving content from the content delivery network (CDN) by using an HTTP proxy failed. With this update, if the user uses https:// instead of http:// for the proxy URL, an HTTPS CONNECT request is made to the proxy instead of an invalid HTTPS GET request. Users are now able to register properly and retrieve the content.
import option, and the root user can now successfully import a certificate.
hypervisorCheckIn() call that allows sending mapping of the host or guest IDs for creating or updating an account.
Partition 1 has different physical/logical beginnings (non-Linux?): phys=(0, 1, 1) logical=(0, 2, 7)
xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux.
clocksource=acpi_pm or clocksource=jiffies parameters to the kernel command line for the guest. Alternatively, if running under Red Hat Enterprise Linux 5.7 or newer, adding hpet=0 to the guest configuration file also fixes this bug. However, these workarounds had serious impact on performance. A patch has been provided to address this issue and now, performance is mostly unaffected in the described scenario when one of the workarounds described above is used.
stopped state in the described scenario, thus fixing this bug.
maxmem parameter on HVM (hardware-assisted virtualization) guests equal to the size of actual memory failed. With this update, a proper rounding method has been provided and attempts to set maxmem as described now succeed.
libvirt API without a serial port specified, the -serial none option was passed to the qemu command line. However, Xen Qemu did not support this option, resulting in an unexpected termination of the guest. With this update, support for the none option has been added to Xen Qemu.
xm list -l command included incorrect memory size as it used an incorrect size variable. With this update, memory of the guest is read directly and correct memory size is reported in the described scenario.
qemu-dm processes were sometimes left in the memory when a guest was destroyed immediately after start. With this update, the protocol output is checked in the described scenario and qemu-dm instances are properly destroyed after a guest is destroyed, thus fixing this bug.
sda:cdrom was added to an HVM domain, wrong media type was set for such disk. This could change the disk order and result in an unbootable domain. With this update, the hd_index parameter is adjusted once and for all disks, thus preventing this bug.
netback and tap interfaces, enabling jumbo frames on guests.
debug-keys command was only accessible from the serial console. This update adds the debug-keys command to the xm utility.
/var/cache/yum/rhnplugin.repos file was not cleaned up properly after a Red Hat Network channel was removed from the list of configured repositories. Consequently, the first run of the yum repolist failed with an error. This update fixes the cache cleaning procedure and the problem no longer occurs.
useNoSSLForPackages option was set. This update adds the useNoSSLForPackages option to the /etc/sysconfig/rhn/up2date configuration file and corrects the option's behavior so that when enabled (that is, when set to 1), the HTTP protocol is used for downloading repository metadata and RPM packages. Enabling this option correctly disables Location-Aware Updates; the option can be used only over HTTPS.
--nogpgcheck option of the yum install command failed to override the gpgcheck=1 configuration option in the /etc/yum/plugins.d/rhnplugin.conf file. Consequently, yum-rhn-plugin ignored the --nogpgcheck option. When installing a package with no signature, the process finished with a message that the package was not signed and returned error code 1. With this update, the underlying code has been modified and the package installation finishes successfully in this scenario.
others.xml and filelist.xml files, which are generally not required for regular yum usage. With this update, rhn_check no longer populates the list of packages after initial setup and rhnplugin downloads only relevant metadata.
yum repolist -C command, which lists the configured repositories without accessing network only using the system cache, failed with the following error message:
TypeError: iteration over non-sequence
Error while executing packages action: empty transaction [[6]]
rhnplugin.repos file contained outdated information, for example, an RHN channel was previously removed from the server, the rhn_check utility failed with the following error when it attempted to retrieve metadata of an unavailable channel:
yum.Errors.RepoError: Cannot retrieve repository metadata (repomd.xml) for repository: rhel-i386-server-5. Please verify its path and try again| Revision History | ||||
|---|---|---|---|---|
| Revision 1-0 | Thu Feb 21 2012 | |||
| ||||