1801 Varsity Drive
Raleigh, NC 27606-2072 USA
Phone: +1 919 754 3700
Phone: 888 733 4281
Fax: +1 919 754 3701
Error inserting audit rule for pid=13163
/etc/sysconfig/kernel, which would lead to an incorrect kernel being set as the default in future updates. This would cause boot failure. /etc/sysconfig/kernel now updates correctly.
grub.conf file, virt-v2v assumed it was an i686 guest. This resulted in a converted guest that did not boot. virt-v2v now assumes an AMD64 or Intel 64 default architecture instead of i686.
/etc/securetty file. Conversion without this file is now possible.
ControlSet001 was always the current control set, even if ControlSet001 had been marked as failed. The correct control set is now detected, and the VirtIO block driver installed in the correct location.
auto. This made libvirt unable to start the guest. Disk type is now set explicitly based on source metadata or other detection methods.
0, even though conversion failed. The correct values are now returned.
/boot/grub/device.map with converted block device names in certain circumstances. device.map now updates as expected.
C:\Temp directory because it created a C:\temp directory without checking for file names that used alternative cases. virt-v2v now checks for case-sensitive file names before creating an appropriate temporary directory.
-oa flag.
ovf:disk-interface field when converting for Red Hat Enterprise Virtualization. However, this produced an ovf file that was not intelligible to Red Hat Enterprise Virtualization Manager. The disk-interface is now populated with correct enum values (IDE, SCSI, or VirtIO), allowing Red Hat Enterprise Virtualization Manager to understand the ovf file.
sparse or raw. This combination is not supported when importing into a data center that uses block storage (fibre channel or iSCSI). virt-v2v can now convert storage format and allocation policy correctly. Additionally, customers can specify a format and allocation policy compatible with the target data center type by using the -of and -oa command line options.
Can't locate object method "can_handle" via package "Sys::VirtV2V::Converter::RedHat" at /usr/share/perl5/vendor_perl/Sys/VirtV2V/Converter.pm line 121.
/etc/virt-v2v.conf. If you see the following error message when attempting to convert a Windows XP guest:
virt-v2v: No app in config matches os='windows' name='virtio' major='5' minor='1' arch='i386'
/etc/virt-v2v.conf:
<app os='windows' major='5' minor='1' arch='i386' name='virtio'>
<path>/usr/share/virtio-win/drivers/i386/WinXP</path>
</app>
<app os='windows' major='5' minor='1' arch='x86_64' name='virtio'>
<path>/usr/share/virtio-win/drivers/amd64/WinXP</path>
</app>certmonger utility monitors certificate expiration and can refresh certificates with the CAs (Certifying Authorities) in networks that use public-key infrastructure (PKI).
certmonger service failed to contact a CA, the subprocess that submitted the request became defunct. This occurred because the parent process did not read the subprocess status. With this update, the parent process reads the subprocess status and there is no defunct process after a CA contact failure.
ipa-getcert command with privileges that were insufficient for the system bus to allow it to communicate with the certmonger service. With this update, certmonger suppresses the original error message if a user-friendly message is available. The user can display both messages with the -v option.
ipa-getcert list command did not return any output if certmonger was not tracking any certificates. With this update, the command returns a message that the certificate list is empty.
certmonger daemon could not execute some of its helper processes. The updated policy now allows certmonger to run these processes and the certmonger libraries create temporary files in a location that certmonger can access.
ipa-getcert request command with the -p option. This occurred because certmonger failed to detect reading errors in the file with the PIN and proceeded with an empty PIN value. With this update, such reading errors are logged and certmonger proceeded as if it had read an empty PIN value.
ipa-getcert command. As a consequence, the certmonger daemon runs its ipa-submit helper. The helper contacts the IPA server. Previously, if it received a fault message response from the server, it terminated with a segmentation fault and created a core dump; the installation failed. This happened because it attempted to dereference an uninitialized pointer while processing the fault message. With this update, the helper handles the fault message correctly and the enrollment process completes successfully.
getcert command with an invalid Extended Key Usage parameter caused a segmentation fault. This happened because the command attempted to dereference a NULL pointer while attempting to report that the parameter value was not a valid OID (Object Identifier). With this update, certmonger reports that the OID validation failed and prints a message that the provided Extended Key Usage is invalid.
resubmit command works as expected.
getcert tool terminated unexpectedly with a segmentation fault if the user issued the getcert start-tracking command with changed values of the parameters Extended Key Usage, DNS, Email and Principal name. The command caused a buffer overflow in the getcert tool because the internal buffer in the getcert command was too small to hold four new values. This update enlarges the internal buffer of the command and the bug no longer occurs.
ipa-getcert and getcert commands did not accept the location of a passphrase, which could provide the encrypted keying material and allow monitoring of an already-issued certificate or key pair. This update adds the -p and -P options to the getcert start-tracking command, which allows the user to pass the utility a PIN either in a file or directly.
ipa-getcert command. This update adds the --verbose option to the command.
mount error(5): Input/output error
bt: read error: kernel virtual address: ffffffffff600000 type: "gdb_readmem_callback"
bt: cannot resolve stack trace: #0 [c09f1ef4] ia32_sysenter_target at c08208ce
multipathd daemon a command consisting only of spaces, the daemon terminated unexpectedly with a segmentation fault. With this update, the daemon is able to handle such commands and no longer crashes in this circumstance.
mpathconf command, the process could have failed. This happened when the user ran the command without any additional arguments due to a conflict of the environment variable DISPLAY with the program variable DISPLAY. With this update, all variables are unset when the script is started and the DISPLAY program variable is renamed. The environment variable DISPLAY remains unchanged when the mpathconf is issued and the command works as expected.
path_checker function to determine the path state in such cases and the problem no longer occurs.
tgt_node_name value for iSCI devices. This occurred because multipath used the FC (Fibre Channel) path from the sysfs file system to obtain tgt_node_name for iSCI devices. With this update, multipath first tries to acquire the FC path. If it fails, it uses the iSCI target name for the device.
dev_loss_tmo to a value greater than 600 in multipath.conf without setting the fast_io_fail_tmo value, the multipathd daemon failed to apply the setting. With this update, the multipathd daemon sets dev_loss_tmo for values over 600 correctly, as long as fast_io_fail_tmo is also set in the /etc/multipath.conf file.
multipath.conf file contained parameters with no value. This occurred because it was trying to acquire the string length of an optional value before verifying that a value was actually defined. With this update, multipathd first checks if the value exists and the bug is fixed.
multipathd to fail all outstanding input/output. DM-Multipath now has a new default configuration for EMC Symmetrix arrays that queues input/output for up to 30 seconds if all paths are down and the problem no longer occurs.
multipathd daemon consumed excessive memory when iSCI devices were unloaded and reloaded. This occurred because the daemon was caching unnecessary sysfs data, which caused memory leaks. With this update, multipathd no longer caches these data; it frees the data when the associated device is removed.
sysfs device file is removed and the sysdev path attribute is set to NULL. The sysfs device cache is indexed by the actual sysfs directory, and /sys/block/pathname is a symlink. Prior to this update, if the path was deleted, multipathd was not able to find the actual directory, which /sys/block/pathname pointed to, and searched the cache. With this update, multipathd verifies that sysdev has NULL value before updating it.
multipathd daemon did not always remove the path sysfs device from its cache. The daemon kept searching the cache for the device and created sysfs devices without the vecs lock held. Because of this, paths could have pointed to invalid sysfs devices and caused multipathd to crash. The multipathd daemon now always removes the sysfs device from cache when deleting a path and accesses the cache only with the vecs lock held.
log_checker_err option was added to the multipath.conf defaults section. By default, the option is set to always and a path checker error is logged continuously. If set to once, multipathd logs a path checker error once at logging level 2. Any later errors are logged at level 3 until the device is restored.
defaults section of the multipath.conf man page implied that the settings defined in the section became default and overrode the implied settings. Since the HWTABLE cannot be overridden, the wording of the man page has been changed.
multipath.conf file. With this update, multipath prints warning messages that inform the user that the configuration files contains invalid or duplicate options and the bug is fixed.
initramfs file system was not rebuilt when a new storage device was added to the system, the new device could have been assigned a user_friendly_names value that matched the user_friendly_names value already-assigned to another device. This device then stopped working correctly. The multipathd daemon now accepts a -B option, which makes the user_friendly_names bindings file read-only. When initramfs calls multipath with the -B option, devices without a binding to a user_friendly_names use their World Wide Identifier (WWID).
multipathd deamon printed add map messages whenever it received a change uevent. In order not to clutter logs, multipathd now only prints add map messages for the change uevents of the devices that are not yet monitored.
6 by default.
multipathd daemon could have terminated unexpectedly with a segmentation fault on a multipath device with the path_grouping_policy option set to the group_by_prio value. This occurred when a device path came online after another device path failed because the multipath daemon did not manage to remove the restored path correctly. With this update multipath removes and restores such paths correctly.
initramfs generator infrastructure based around udev. The initramfs is loaded together with the kernel at boot time and initializes the system, so it can read and boot from the root partition.
mkinitrd alone does not override an existing initramfs image. When this is attempted, the message stated that the --force parameter should be used, but mkinitrd only supported the short version -f of this parameter. --force was added to mkinitrd as the long version.
noiswmd or rd_NO_MDIMSM parameters specified.
/etc/multipath/bindings. multipath uses this file in initramfs when creating devices during early boot, and in the root file system during normal operation. These files were not synchronized during initramfs creation, which resulted in naming conflicts that prevented new multipath devices from being created after boot. To work around this, the bindings for the devices in /etc/multipath/bindings must be included in the initramfs. This can be done by running dracut -f.
/etc/multipath directory to the initramfs.
ip=ibft parameter is specified on the kernel command line.
initramfs, if the host on which it was running had no multipath root device. multipath support is now added to the initramfs unconditionally.
initramfs did not exclude those volumes and kept them busy. The udev rules in the initramfs were updated to honor the DM_UDEV_DISABLE_OTHER_RULES_FLAG, which fixes this issue.
initramfs, which resulted in all encrypted devices not being activated. The missing checksum files have been replaced, and this issue no longer occurs. Note however that the dracut-fips must be installed at initramfs creation time.
initramfs with user_friendly_names set, if it did not find existing mappings in /etc/multipath/bindings, it created new mappings. These mappings could conflict with the user_friendly_names set in the normal filesystem's /etc/multipath/bindings file. dracut now starts the multipathd daemon with the new -B option so that multipath treats the initial bindings file as read-only.
USE_BIOSDEVNAME variable in the parse-biosdevname.sh script was not initialized correctly, which caused an unexpected operator error. This issue was discovered and corrected during development, and did not occur in any production system in the field.
-l or --local parameter, or set the dracut base directory via the dracutbasedir environment variable, dracut wrote its log to /tmp/dracut.log, which could possibly allow local users to overwrite arbitrary files that were writable to the user running dracut, via a symlink attack. dracut now stores the logfile in $HOME/dracut.log, when in -l or --local mode, if /var/log/dracut.log is not writeable.
/var/log/dracut.log file was not created automatically, preventing dracut from writing its logs. dracut now creates its log files if they do not exist.
boot parameter did not work when the machine was booted in FIPS mode, resulting in numerous mount errors, failed FIPS integrity tests, and dracut refusing to continue. This issue has been corrected, and the boot parameter can now be used to specify a boot device, as expected.
/boot must reside on a non-encrypted, plain (no LVM or RAID) partition, which can be specified with boot=<boot partition> as a boot option on the kernel command line.
fips.sh script did not wait for the boot drive to be created, which resulted in an error because the file system type did not exist yet. This has been corrected, and the script now waits for the boot drive to be identified.
fcoe=edd:nodcb or fcoe=edd:dcb is specified on the kernel command line. ifname= is not needed in this case.
rdinsmodpost=[module], which allows a user to specify a kernel module to be loaded after all device drivers are loaded automatically.
initramfs, adding support for FIPS-140.
Error: no partition information on disk [device]. Cowardly refusing to create a boot option.
libgnomevfs-WARNING **: Deprecated function. User modifications to the MIME database are no longer supported.
strstr() and memmem() functions did not handle certain periodic patterns correctly and could find a false positive match. This error has been fixed, and both functions now work as expected.
sqrtl, sometimes returned an incorrect result if the relative magnitude difference between the high and low halves of the long double exceeded a certain number. This occurred because one of the variables used in the calculation was an unsigned integer. The integer is now signed and the function works correctly.
futex(FUTEX_WAKE_OP) method did not default to futex(FUTEX_WAKE) when FUTEX_WAKE_OP was not supported by the kernel. This resulted in the method always failing on these systems. The code change in glibc pthread_cond_signal() that caused this issue has now been corrected.
%_enable_debug_packages was either not set, or set to 0. This has been corrected so that debug packages need not be set or enabled in order to build the glibc RPM.
strchr did not handle its second parameter correctly when %rdi was aligned to a 16-byte boundary and glibc was enabled for multiple architectures on AMD64 or Intel 64 systems with CPUs that supported Supplemental Streaming SIMD Extension (SSE) 4.2. The method would therefore output incorrect results. This has been corrected, and strchr now gives the expected output.
hwcap 1 nosegneg was set in /etc/ld.so.conf.d/nosegneg.conf, causing the incorrect library to be used. This has been corrected so that the nosegneg libraries are loaded.
sysconf(_SC_*CACHE) method returned 0 for all caches on systems with Intel Xeon processors. This occurred because glibc used cpuid leaf 2 rather than cpuid leaf 4. This update uses cpuid leaf 4 where possible, resolving this issue.
strncmp method failed with a segmentation fault when used with Supplemental Streaming SIMD Extension 4 (SSE4). Several checks have been implemented to prevent this.
memcpy(), strcasecmp(), strnlen(), strcasestr() and strncasestr().
memset operation.
=~ operators and the strings were thus matched as literal strings. However, they should be matched as regular expressions. With this update, the quotes were dropped and the strings are matched as regular expressions as expected.
/dev/rtc device even if it did not exist. With this update, initscripts verifies if the /dev/rtc device exists before attempting to run the hwclock tool.
ifdown command could have failed to stop an NIC (Network Interface Controller) with a warning that the connection was unknown. This happened because, in some cases, the function, which verifies whether the NIC is managed by NetworkManager, returned an incorrect result. With this update, the function returns the correct result and the ifdown command stops the NIC correctly.
/ directory, the system could have failed to remount the root directory as a read-only file system on shutdown. This occurred because the script attempted to remount the defined bind mount instead of the root directory. With this update, the root directory is remounted successfully.
tty.conf and serial.conf files have been modified to have the login shell stopped when changing to runlevels S and the problem no longer occurs.
tty.conf file contained a comment with a typographical mistake ("sepcified"). With this update, the word is spelled correctly ("specified").
0. With this update, this tag value is allowed.
/etc/sysconfig/clock file did not document where the user can configure whether the hwclock tool should be using the local time or UTC (Coordinated Universal Time). This update adds comments documenting the setting location into the sysconfig.txt file.
/etc/ppp/ipv6-up and /etc/ppp/ip-up.ipv6to4 scripts used the incorrect alias ipv6_exec_ip and failed to bring up the routes. This update modifies the scripts so that they uses the ip command and the routes are now brought up as expected.
DEVICETYPE variable was calculated incorrectly. This happened because the calculation preserved the period (.) sign in the device name. This could have caused failure of the ifup-ib and ifdown-ib scripts. With this update, DEVICETYPE is resolved correctly.
kdump service is disabled in runlevel 1, the script freed the memory reserved for kdump. After the user changed from runlevel 1 to runlevel 3, which has kdump enabled, the system had set reserved memory size to 0 and kdump failed to start up. With this update, the kexec-disable job is no longer run in runlevel 1.
shmmax (maximum size of a shared memory segment) and shmall (maximum size of the total shared memory) values. However, the values vary depending on the system architecture. This update provides the settings of these values for various architectures.
#) signs, which were forbidden in such names. With this update, interface names can contain hash (#) signs and the problem no longer occurs.
.) signs used by the sysctl device, which were delimiting the paths, and the period (.) signs used by VLANs, which were delimiting IDs. This caused that all sysctl calls to the VLAN interfaces failed. With this update, when calling a sysctl device, initscripts substitutes the periods in its name with forward slash (/) signs and the sysctl calls to a VLAN interface succeed.
MASTER in double quotes (for example, as "bond0"). With this update, the respective scripts have been adapted to parse the value definition correctly even if double-quoted.
ifdown command could have failed to stop a bridge device with a warning that the connection was unknown. This happened because the function, which verified whether the device is managed by NetworkManager, returned an incorrect result. With this update, the function returns a correct result and the ifdown command stops the bridge device correctly.
eth prefix followed by digits. If the user provided a name, which did not follow these requirements, the interface could not be started or stopped. With this update, the user can provide a custom name and the interface can be operated correctly.
/etc/mdadm.conf file existed and could have failed if mdadm was not installed. With this update, the script first verifies if the mdadm tool is installed and only then runs its binary.
brcm_iscsiuio usage message displayed in response to the brcm_iscsiuio --help command contained two unsupported options: --foreground and --pid. The man page omitted five supported options: --debug, --help, -h, -p and --version. The unsupported options have been removed from the usage message, and all supported options have been added to the brcm_iscsiuio man page.
iscsiadm usage message displayed in response to the iscsiadm --help command omitted 24 supported options. Additionally, the iscsiadm man page omitted one supported option (--host) and contained one unsupported option (--info). These errors have now been corrected.
--portal argument when in "node" mode. This resulted in failure, because iscsiadm expected the value returned during discovery as the value for --portal. iscsiadm now attempts to match a host name to the IP address returned during discovery, so this issue no longer occurs.
5915: WARN_ON_ONCE(test_tsk_need_resched(next));
b43 driver in the Linux kernel. If a system had an active wireless interface that uses the b43 driver, an attacker able to send a specially-crafted frame to that interface could cause a denial of service. (CVE-2011-3359, Moderate)
tpm_read() could allow a local, unprivileged user to read the results of a previously run TPM command. (CVE-2011-1162, Low)