6.1 Technical Notes

Bug Fixes

BZ#701554

Password changes did not replicate because the method used to pass the changes to consumer servers was rejected on the consumer. This issue has been corrected, and password changes now replicate as expected.

BZ#701556

Values could be lost when group memberships were synchronized between 389 Directory Server and Active Directory with the Windows Sync feature. The synchronization and modify operations have been altered to prevent this issue, allowing group updates to synchronize with Active Directory.

BZ#701558

The ldclt command-line testing tool crashed during LDAP ADD operations because an LDAP attribute was not set correctly, preventing the creation of entries that did not already exist. This update allows the LDAP ADD to proceed correctly.

BZ#701559

The server crashed if a long running task was started using the cn=tasks,cn=config interface and then the server was shut down before the task completed. This update prevents the server from crashing, but does not gracefully terminate the task, which can leave the server database in an inconsistent state. For example, the fixup-memberof.pl script invokes a tasks to fix up the memberOf attribute in group member entries. If the server is shut down before the task can complete, some entries may not have the correct memberOf values. Users should ensure that tasks are complete before shutting down the server to avoid inconsistency.

BZ#701560

When using the Entry USN feature, deleting an entry caused a memory leak via the entryusn attribute. This update fixes the memory leak.

BZ#576866

Prior to this update, the ABRT GUI did not warn the user when it could not connect to the Gnome keyring daemon (that is, could not save any of the user's settings). With this update, a warning message is displayed in such a case.

BZ#614486

The previous version of ABRT did not properly restore the core_pattern parameter (which is used to specify a coredump file pattern name) if it was too long. This update restores the core_pattern parameter to its previous value when the abrt daemon is stopped.

BZ#623142

If the TAINT_HARDWARE_UNSUPPORTED flag, which detecs hardware not officially supported by Red Hat, is set (in the /proc/sys/kernel/taint file), ABRT indicates that the flag is set in the created crash report.

BZ#649309

The abrt-addon-ccpp plugin crashed due to a segmentation fault if the /proc/[PID]/ directory did not exist. With this update, ABRT no longer crashes in case the /proc/[PID]/ directory does not exist.

BZ#665405

Content from various files in the /var/log/ directory is now included in the creation of an sosreport (which is created via the abrt-plugin-sosreport plugin).

BZ#666267

Prior to this update, the "Help" button in the ABRT GUI displayed the "About" window. With this update, a proper help page is displayed.

BZ#668875

Occasionally, ABRT did not send an attached core dump file along with a crash report. This was due to the large size of the core dump file which was consequently rejected by the server which was receiving the crash report. With this update, attachments and their sizes are listed in the crash report, making it easier to detect any problems caused by the large size of the attachments.

BZ#670492

Previously, ABRT was using "Strata-Message:" headers in server responses. However, servers no longer use these headers. With this update, the aforementioned headers are no longer used by ABRT.

BZ#678724

By default, in Red Hat Enterprise Linux 6, ABRT did not enable any reporters, causing environments which do not run an X server to not be notified of any crashes ABRT detected. With this update, the mailx plugin is enabled as the default reporter for every crash and the root user is now notified of any crashes via the root@localhost mailbox.

BZ#694410

The duplicate hash of a crash was computed from the package NVR (Name, Version, Release), path of the executable and the backtrace hash. This caused the hash to be different for the same bug which occurred in two versions of the same package. With this update, the component name and the backtrace hash are used when computing the duplicate hash.

BZ#680202

With a recent update, the OpenLDAP libraries have been moved to different directory. This update changes the way Adobe Reader links to these libraries.

BZ#593642

Auto-partitioning no longer clears immutable partitions.

BZ#593984

Anaconda no longer creates a new EFI system partition when one is not needed.

BZ#601862, BZ#614812

Anaconda now properly detects ext2's dirty/clean states.

BZ#609570

Anaconda no longer forgets IP method selection in the loader when returning to a previous menu.

BZ#611825

The "Proxy password" field in stage 2 now correctly displays asterisks instead of plain text.

BZ#612476

Text mode now allows IPv6 configuration.

BZ#626025

Anaconda no longer displays free regions of less than 1MB in extended partitions.

BZ#671017

Anaconda no longer loses focus on certain screens.

BZ#634655

".treeinfo" files are now properly fetched over a proxy.

BZ#635201

Anaconda now writes correct NFS (Network File System) repository information into the summary Kickstart file.

BZ#638734

The /boot/ directory can now reside on an ext4 partition.

BZ#654360

Anaconda no longer fails to detect a disk if its size exceeds 1TB.

BZ#678028

Anaconda is once again able to detect the file system on a previously-created RAID device.

BZ#692350

Anaconda now generates the correct, FIPS-enabled initramfs (initial RAM file system) when the kernel option "fips=1" is provided on the kernel command line.

BZ#640260

Anaconda incorrectly failed with a traceback when an attempt to unpack a driver disk to a pre-existing root partition.

BZ#676854

Fingerprint authentication has been disabled on IBM System z because it is not supported on that platform.

BZ#641324

Static IPv4 configuration is now used when requested in stage 2: Anaconda no longer falls back to using DHCP.

BZ#652874

Anaconda is now able to properly detect an md RAID array with a spare disk.

BZ#636533

Anaconda now correctly reports an error when a network-based certificate is specified in Kickstart with no networking setup.

BZ#621490

A custom value is now properly honored when shrinking a file system.

BZ#702430

The "list-harddrives" command output for CCISS devices is now valid input for Kickstart files.

BZ#683891

Anaconda now selects the new kernel after upgrade.

BZ#442980, BZ#529443

This update adds the cnic, bnx2i, and be2net drivers for better iSCSI support.

BZ#633307, 633319

This update adds drivers for the Emulex 10GbE PCI-E Gen2 and Chelsio T4 10GbE network adapters.

BZ#554874

Algorithms from the SHA-2 hash function family can now be used to encrypt the boot loader password.

BZ#607827

Anaconda now allows a username and password to be entered for iSCSI Discovery sessions.

BZ#354432, 614399

The "rdate", "which", "tty" and "ntpdate" commands have been added to the install image.

BZ#663411

The graphical installer now runs using the full display resolution.

BZ#667122, BZ#599042, BZ#678574

Anaconda now features improved SSL certificate-handling.

BZ#621349

It is now possible to specify additional packages when using the "@packages --default" Kickstart option.

BZ#618376

On IBM System z, the /boot/ directory can now be placed on an LVM logical volume.

BZ#644535

Anaconda now supports blacklisting to determine which modules can be loaded during installation.

Security Fix

CVE-2011-1928

The fix for CVE-2011-0419 (released via RHSA-2011:0507) introduced an infinite loop flaw in the apr_fnmatch() function when the APR_FNM_PATHNAME matching flag was used. A remote attacker could possibly use this flaw to cause a denial of service on an application using the apr_fnmatch() function.

Note: This problem affected httpd configurations using the "Location" directive with wildcard URLs. The denial of service could have been triggered during normal operation; it did not specifically require a malicious HTTP request.

This update also addresses additional problems introduced by the rewrite of the apr_fnmatch() function, which was necessary to address the CVE-2011-0419 flaw.

BZ#589099

Previously, the at daemon (atd) wrongly contained permissions 0755 for atd configuration. With this update, atd has the correct permissions 0644 as have all other such files.

BZ#615104

Previously, the initscript caused the "OK" message to be printed twice. With this update, the initscript behaves as expected and does no longer cause echos of messages.

BZ#630019

Previously, the PIE label was not compiled with -fpie/-fPIE. This update adds a PIE compile option for secure positions independently executable on targets.

BZ#595261

Prior to this update, authconfig unnecessarily restarted the user information and authentication services even though there were no configuration changes that would require the restart. With this update, services are no longer restarted unless explicitly required.

BZ#620475

The authentication configuration utility did not keep the "Require smart card for login" check box set when Kerberos was also enabled. When the check box was checked and the configuration was saved with the "Apply" button, the system would correctly require smart card for login. However, on the subsequent run of the authentication configuration utility the check box would be unchecked again and it was necessary to check it again to keep the option switched on. With this update, the "Require smart card for login" stays checked even after subsequent runs of the authentication configuration utility.

BZ#621632

The authentication configuration tool GUI incorrectly duplicated its window when the "Revert" button was pressed. This update fixes the duplicity problem.

BZ#624159

In some cases, when multiple configuration files with the same configuration settings contained different configuration values for a setting, the configuration files contents were not properly synchronized with authconfig. With this update, the synchronization works as expected.

BZ#639747

The authentication configuration tool GUI allowed to choose user identity and authentication schemes which require packages that are not installed on the system by default. With this update, certain identity and authentication schemes cannot be configured when they are not installed on the system.

BZ#663882

The authconfig textual user interface incorrectly required the nss-pam-ldap package to be installed when the configuration used SSSD for LDAP user identification. With this update, the nss-pam-ldap package is not required in such a case.

BZ#674844

Prior to this update, the authentication configuration tool overwrote the cache_credentials value to "True" in the SSSD configuration file (/etc/sssd/sssd.conf) if the configuration allowed using SSSD for the network user information and authentication services. With this update, the "cache_credentials" parameter is no longer overwritten in the aforementioned case.

BZ#676333

The "system-config-authentication" command crashed when executed in an environment without the X server running. With this update, a proper error message is printed in the aforementioned case.

Bug Fixes

BZ#670938

System processes — that is processes with an audit id (auid) of -1 — are logged by the audit subsystem. However, if the ausearch utility was used to locate events where the auid was -1, it would display all events. In this update, under these circumstances, ausearch only returns events with an auid of -1.

BZ#688664

A value of 'syslog' for the 'disk_error_action' parameter in 'auditd.conf' instructs auditd to issue a warning to syslog if an error is encountered when writing audit events to disk. If 'disk_error_action' was set to 'syslog', auditd always attempted to exec() a child process. Consequently, if a disk error was encountered (ie. a disk full error), auditd would attempt to exec() a null child process, and logging would not resume after the disk error was reported to syslog. In this update the child process is not called when the 'syslog' option is used, and logging continues as expected.

BZ#695605

Previously if an audispd plug-in was restarted, the plug-in was not marked as active. Consequently, the remote logging plug-in (audisp-remote) was unable to bind to a privileged port on reconnect because all privileges had been dropped. In these updated packages, audispd plug-ins are marked as active after being restarted, and the audisp-remote plug-in functions as expected.

BZ#697463

Previously, the "autrace -r" command on the IBM System z architecture attempted to audit network syscalls not available on IBM System z. Consequently, an error similar to the following might have been returned:

Error inserting audit rule for pid=13163

With this update, "autrace -r" is now aware of system calls not available on this architecture, which resolves this issue.

BZ#640948

When an ignore directive was included in an audit.rules configuration file, the auditctl utility became unresponsive when attempting to load those rules. With this update, the issue is resolved.

BZ#647128

Previously, the audit_encode_nv_string() function was not checking if the memory allocation (malloc) it was performing succeeded. Consequently, if the malloc operation encountered an out of memory (OOM) error, audit_encode_nv_string() crashed attempting to reference a NULL pointer. With this update, audit_encode_nv_string() checks if the malloc is successful, which resolves this issue.

BZ#647131

Previously, the man page for the "audit_encode_nv_string" function incorrectly documented the return value type as an "int". The man page for "audit_encode_nv_string" now correctly displays return value type for the "audit_encode_nv_string" function as a "char *"

BZ#629480

When using client certificates with autofs, the certificate DN could not be used in LDAP ACLs. This prevented autofs from authenticating via SASL external. With this update, the SASL EXTERNAL authentication mechanism is used for mapping the certificate DN to an LDAP DN, allowing autofs to support SASL External authentication via TLS.

BZ#616426

The autfs initscript did not implement the functions force-reload and try-restart. Instead, the error try-restart and force-reload service action not supported was given and returned 3. This patch adds these initscript options so that the they are now implement and return appropriate values.

BZ#629359

Debugging output from autofs did not include IP addresses for mounts alongside hostname information which made it difficult to debug issues when using round-robin DNS. This update adds this feature, allowing logging output to show the IP address of a mount, rather than just the host name.

BZ#572608

Previously, automount woke up once per second to check for any scheduled tasks, despite the fact that adding a task triggered a wake up of that thread, which lead to a tight loop which used excessive CPU. This update removes these unnecessary wakeups.

BZ#520844

When an autofs map entry had multiple host names associated with it, there was no way to override the effect of the network proximity. This was a problem when a need existed to be able to rely on selection strictly by weight. With this patch, the server response time is also taken into consideration when selecting a server for the target of the mount. The pseudo option --use-weight-only was added that can only be used with master map entries or with individual map entries in order to provide this. For individual map entries, the option no-use-weight-only can also be used to override the master map option.

BZ#666340

If there were characters that matched isspace() (such as \t and \n) in a passed map entry key and there was no space in the key, these character were not properly preserved, which led to failed or incorrect mounts. This was caused by an incorrect attempt at optimization by using a check to see if a space was present in the passed key and only then processing each character of the key individually, escaping any isspace() characters. This patch adds a check for isspace() characters to the same check for a space, eliminating the problem.

BZ#630954

If the map type was explicitly specified for a map, then the map was not properly updated when a re-read was requested. This was because the map stale flag was incorrectly cleared after the lookup module read the map, instead of at the completion of the update procedure. In this patch, the map stale flag should only be cleared if the map read fails for some reason, otherwise it updates when the refresh is completed.

BZ#650009

Previously, when autofs was restarted with active mounts, due to a possible recursion when mounting multi-mount map entries, autofs would block indefinitely. This was caused by a cache readlock which was held when calling mount_subtree() from parse_mount () in parse_sun.c. This patch fixes remount locking which resolves the issue.

BZ#577099

The master map DN string parsing is quite strict and, previously, autofs could not use an automount LDAP DN using the l (localityName) attribute. This patch adds the allowable attribute 'l', the locality.

BZ#700691

A previous bug fix caused the state queue manager thread to stop processing events, and mounts expired and then stopped. This was caused when the state queue task manager transferred an automount point pending task to its task queue for execution. The state queue was then mistakenly being seen as empty when the completing task was the only task in the state queue. This patch adds a check to allow the queue manager thread to continue, resolving the issue.

BZ#700697

The autofs gave a segmentation fault on the next null cache look up in the auto.master file. This was due to a regression issue, where a function to clean the null map entry cache, added to avoid a race when re-reading the master map, mistakenly failed to clear the hash bracket array entries. This patch sets the hash bracket array entries to NULL, resolving the issue.

Security Fix

CVE-2011-1002

A flaw was found in the way the Avahi daemon (avahi-daemon) processed Multicast DNS (mDNS) packets with an empty payload. An attacker on the local network could use this flaw to cause avahi-daemon on a target system to enter an infinite loop via an empty mDNS UDP packet.

BZ#629954, BZ#684276

Previously, the avahi packages in Red Hat Enterprise Linux 6 were not compiled with standard RPM CFLAGS; therefore, the Stack Protector and Fortify Source protections were not enabled, and the debuginfo packages did not contain the information required for debugging. This update corrects this issue by using proper CFLAGS when compiling the packages.

BZ#618289

When using arithmetic evaluation on an associative array with integer values, an attempt to provide an invalid subscript caused Bash to terminate unexpectedly with a segmentation fault. This update applies a patch that corrects this error, and providing an invalid subscript no longer causes the bash interpreter to crash.

BZ#664468

Prior to this update, the Bash interpreter reported broken pipe errors for both external and built-in commands. Since these errors are only relevant for external commands, this update adapts the underlying source code to suppress the broken pipe error messages for built-in commands. As a result, only relevant messages are now presented to user.

BZ#619704

Previous version of the bash(1) manual page did not provide a clear description of the "break", "continue", and "suspend" built-in commands. This update corrects this error, and extends the manual page to provide accurate and complete descriptions of these commands.

Security fix

CVE-2011-1910

An off-by-one flaw was found in the way BIND processed negative responses with large resource record sets (RRSets). An attacker able to send recursive queries to a BIND server that is configured as a caching resolver could use this flaw to cause named to exit with an assertion failure.

Security Fix

CVE-2011-2464

A flaw was discovered in the way BIND handled certain DNS requests. A remote attacker could use this flaw to send a specially-crafted DNS request packet to BIND, causing it to exit unexpectedly due to a failed assertion.

Security Fix

CVE-2011-4313

A flaw was discovered in the way BIND handled certain DNS queries, which caused it to cache an invalid record. A remote attacker could use this flaw to send repeated queries for this invalid record, causing the resolvers to exit unexpectedly due to a failed assertion.

BZ#623638

previously, bind on the 64-bit PowerPC architecture used emulated atomic operations rather than native instructions. In this updated package bind on the 64-bit PowerPC architecture uses the same native atomic operations as the PowerPC architecture.

BZ#677381

previously, the bind package generated the /etc/rndc.key file. However, generating this file used entropy from /dev/random. Consequently, installation of the bind package might have hung. The rndc.key is used by rndc utility for advanced administration commands and is no longer automatically generated during installation of the bind package. Users requiring the rndc utility should generate key themselves, via the "rndc-confgen -a" command.

BZ#623122

under certain circumstances, "named" was entering a deadlock. Consequently, "named" could not be stopped using the "/etc/init.d/named stop". In this updated package, the deadlock no longer occurs, resolving this issue.

BZ#623190

previously, the named_sdb PostgreSQL database backend failed to reconnect to the database when the connection failed during named_sdb startup. With this update, named writes error message to the system log and tries to reconnect during every lookup.

BZ#658045

previously, file conflicts prevented the i686 and x86_64 versions of bind-devel from being installed on the same machine. In this update, the file conflict is resolved and both the i686 and x86_64 bind-devel packages can be installed on the same system.

BZ#622785

previously, initscript killed all processes with the name "named" when stopping the named daemon. With this update, initscript kills only the selected one.

BZ#640538

the return codes of the "dig" utility are documented in the dig man page.

BZ#660676

previously the named.8 manpage mentioned the system-config-bind utility. This utility is not included with Red Hat Enterprise Linux 6. The man page is updated to remove the reference to the system-config-bind utility.

BZ#661663, BZ#672777

the "status" action of the named initscript would not complete when bind-sdb package was installed. These updated packages resolve this issue.

BZ#669163

when resolv.conf contained "search" keyword with no arguments host/nslookup/dig utilities failed to parse it correctly. In these updated packages, such lines are ignored.

BZ#672819

previously, the nsupdate man page incorrectly listed HMAC-MD5 as the only TSIG algorithm. In this updated package, the list of encryption algorithms was removed from the nsupdate man page. The the dnssec-keygen man page contains a complete list of usable encryption algorithms.

BZ#622764

the host utility now honors "debug", "attempts" and "timeout" options in resolv.conf.

BZ#623673

a new option, called DISABLE_ZONE_CHECKING, has been added to /etc/sysconfig/named. This option adds the possibility to bypass zone validation via the named-checkzone utility in initscript and allows to start named with misconfigured zones.

BZ#646932

with this update, size, MD5 and the modification time of /etc/sysconfig/named configuration file is no longer checked via the "rpm -V bind" command.

BZ#667375

Root zone DNSKEY is now included in the bind package, in the /etc/named.root.key file.

BZ#658286

the plugin didn't load child zones correctly. The plugin has been fixed and now loads child zones well.

BZ#662930

named aborted when attempting to connect to a local LDAP server during boot. Now it does not abort but the administrator must call "rndc reload" when LDAP server starts to correctly fetch zones.

BZ#666244

the plugin flooded logs with too many messages. Now those messages are logged only when named is started with the "-d" (debug) parameter.

BZ#667704

the plugin was rebased to 0.2.0 bugfix release.

BZ#667727

queries for ANY type were not handled correctly, only SOA records were returned. The plugin was fixed and now all records are returned when asked.

BZ#667730

the plugin failed to reconnect to the LDAP server when SASL authentication was used. The plugin was fixed and reconnection now works.

BZ#667732

the plugin failed to delete nodes from the LDAP database when all resource records associated with the node were removed. Now the plugin deletes the empty nodes.

BZ#667733

the plugin did not emit enough information when it was configured to use invalid credentials. Now it emits enough details.

BZ#667729

It is now possible to specify allow-query and allow-transfer ACLs for zones.

BZ#667734

It is now possible to set timeout for queries to the LDAP server.

BZ#697703

fix occasional crash in linker

BZ#614443

fix strip to keep the address of an empty section consistent with its offset in the object

BZ#680143

if one of the input files is of a non-ELF format the linker may crash

BZ#578661

add support for ELF objects with more then 65535 program headers

BZ#663587

add support for the large code model on PowerPC

BZ#633448

add support for ELF core dump notes sections for extra s390 registers

BZ#631540

add support for the new instructions in the System

BZ#721079

Prior to this update, an input object file could have a non-empty .toc section but no references to the .toc entries because of a problem in the 64-bit PowerPC linker TOC editing code. As a result, various utilities of the binutils package terminated unexpectedly with a segmentation fault under certain conditions. This update handles local symbols in .toc sections correctly. Now, no more crashes occur.

BZ#583615

When the device list contained the same device as supplied on the command line, blktrace stopped immediately and further I/O tracing was impossible. This occurred when an error returned in BLKTRACESETUP ioctl caused the program to terminate whenever a device was duplicated in the devpaths. This patch ensures devices are not duplicated in the devpaths pool, thus fixing the problem.

BZ#619201

When blktrace was run without parameters, it incorrectly included the version number in its usage message. This resulted in the false assumption that the version number was a required parameter. This update edits the usage message so that the version number is not printed when running blktrace, blkparce or btt without parameters, avoiding any confusion.

BZ#650229

Previously, btreplay would give a 'No such file or directory' error when attempting to execute with /dev/cciss/foo because of the long path name. This was caused by missing the back conversion of underscores to slashes. This update converts the underscores to slashes to restore the device names with longer paths.

BZ#583624

Running 'blktrace -d <device> -k' once did not kill a running background trace. Running it a second time resulted in a 'BLKTRACETEARDOWN: Invalid argument' message, after which any further attempt to run it returned 'BLKTRACESETUP: No such file or directory'. This was caused by the option -k clobbering information about running a trace by the kernel (that is, blk_trace_remove), while files opened in debugfs by blktrace running in the background were not released. In this patch, the documentation is updated to remove the faulty 'kill' option. It advices to send a SIGINT signal via kill(1) to the running background blktrace for its correct termination.

BZ#650243

The documentation falsely gave the impression that blkiomon was not giving the correct output when working with a logical volume device. When working on a logical volume device, blkiomon does not understand the output of blktrace,as a logical volume device is quiet. While working with a physical device, it prints I/O statistics as expected. This patch updates the documentation to reflect this.

BZ#583695

When blkparse was run with a non-existent file as an argument, it returned no errors and the exit-code was zero. This update provides a warning message when a non-existent file is used as an argument and exits with a non-zero status.

BZ#595356

Previously, blktrace would not end after 30 seconds. Instead it would remain running until the user killed it, after which any further attempts to run it failed with an error. This was because when open_ios() failed, tracer_wait_unblock() in thread_main() waits for an event that will never occur. Because the event never occurs, any future attempts to run blktrace failed with an error. This update makes sure that unblock_tracers() is also called when an unsuccessful event occurs, (that is, when nthreads_running != ncpus).

BZ#595413

There was a mistake in the man page for btrecord. It incorrectly documented the option --input-base, which is unsupported, and the supported --max-bunch-time was undocumented. This update replaces --input-base with --input-directory, and adds the option --max-bunch to the btrecord man page.

BZ#595419

The blkiomon man page was missing elements. The options -d and --dump-lldd were not recorded. This patch adds these and a drv_data mast description to the blktrace man page.

BZ#595615

The blkparce man page was missing six elements. These were -A, --set-mask, -a, --act-mask, -D, and --input-directory. These options are now added to the blkparce man page.

BZ#595620

The blktrace man page was missing sixteen elements. These were:

• -d <dev> | --dev=<dev>
• -r <debugfs path> | --relay=<debugfs path>
• -o <file> | --output=<file>
• -D <dir> | --output-dir=<dir>
• -w <time> | --stopwatch=<time>
• -a <action field> | --act-mask=<action field>
• -A <action mask> | --set-mask=<action mask>
• -b <size> | --buffer-size
• -n <number> | --num-sub-buffers=<number>
• -l | --listen
• -h <hostname> | --host=<hostname>
• -p <port number> | --port=<port number>
• -s | --no-sendfile
• -I <devs file> | --input-devs=<devs file>
• -v <version> | --versio
• -V <version> | --version

These options are now added to the blktrace man page.

BZ#595623

The btreplay man page was missing three elements. These were -t, -x, and --acc-factor. These options are now added to the btreplay man page.

BZ#595628

The btt man page was missing four elements. These were -X, -m, --easy-parse-avgs, and --seeks-per-second. These options are now added to the btt man page.

BZ#723503

Prior to this update, the cyclic redundancy check (CRC) was not correctly computed on 64-bit architectures during decompression of gzip archives. In this update, constant-width integer types are used to compute CRC to make the results stable across all architectures.

BZ#645741

The btrfs-progs package has been updated to the latest upstream version, and newly includes the btrfs utility for easier administration of Btrfs file systems.

BZ#615391

Previously, the cpio applet included with busybox printed summary messages to stdout instead of stderr as the stand alone cpio does. Consequently nothing was returned to the shell when the busybox cpio applet ran. The updated applet include a patch that corrects this: the busybox cpio applet now prints summary messages to stderr, returning information to the shell as the standalone utility does.

BZ#621853

As initially released, the "busybox hwclock" utility included with Red Hat Enterprise Linux 6 honored the current Filesystem Hierarchy Standard (FHS 2.3) and assumed the adjtime state file was at /var/lib/hwclock/adjtime. If kexec was invoked to load a second kernel over a crashed kernel, this caused "busybox hwclock" to return incorrect and inconsistent values when compared with the same command running in the first kernel prior to the crash. With this update, the config file for busybox hwclock was reverted to its old behavior. It now assumes the adjtime state file is at /etc/adjtime, as was the case in FHS 2.1, and "busybox hwclock" behaves as expected when run in an initial or reloaded kernel.

BZ#633961

The "busybox awk" utility incorrectly treated all strings of digits with leading zeros as octal integer constants. This meant strings such as "0xffff" and "07777" were handled correctly but strings such as "0.531" were not. As a consequence, awk operations that correctly manipulated such strings as numbers were not handled correctly by busybox awk. With this update, the awk utility included with busybox correctly differentiates between hexadecimal and floating decimal strings and handles manipulations of the latter as expected.

BZ#624142

If the certmonger service failed to contact a CA, the subprocess that submitted the request became defunct. This occurred because the parent process did not read the subprocess status. With this update, the parent process reads the subprocess status and there is no defunct process after a CA contact failure.

BZ#636894

Previously, after installing the certmonger utility, the certmonger service failed to start. This occurred because the package installation did not signal the system bus daemon that it needed to re-read its configuration as to allow the certmonger daemon to connect to the bus. This update fixes the bug and the certmonger service can be started right after the installation.

BZ#652047

Previously, the certmonger utility did not display a user-friendly error message when the user ran the ipa-getcert command with privileges that were insufficient for the system bus to allow it to communicate with the certmonger service. With this update, certmonger suppresses the original error message if a user-friendly message is available. The user can display both messages with the -v option.

BZ#652049

Prior to this update, the ipa-getcert list command did not return any output if certmonger was not tracking any certificates. With this update, the command returns a message that the certificate list is empty.

BZ#687899

Due to inappropriate SELinux policy settings, the certmonger daemon could not execute some of its helper processes. The updated policy now allows certmonger to run these processes and the certmonger libraries create temporary files in a location that certmonger can access.

BZ#688229

The certmonger service accepted a non-existent PIN (Personal Identification Number) file for the NSS (Network Security Services) database if the user ran the ipa-getcert request command with the -p option. This occurred because certmonger failed to detect reading errors in the file with the PIN and proceeded with an empty PIN value. With this update, such reading errors are logged and certmonger proceeded as if it had read an empty PIN value.

BZ#689776

Previously, the certmonger service terminated unexpectedly if the user attempted to use a certificate database stored in a non-existent directory. While preparing an error message to return to its client, the daemon attempted to use already-freed memory, which could have caused a segmentation fault. With this update, certmonger displays a message that the directory does not exist and remains stable in these circumstances.

BZ#690886

After installation of the ipa-client package, the ipa-client-install script runs the ipa-getcert command. As a consequence, the certmonger daemon runs its ipa-submit helper. The helper contacts the IPA server. Previously, if it received a fault message response from the server, it terminated with a segmentation fault and created a core dump; the installation failed. This happened because it attempted to dereference an uninitialized pointer while processing the fault message. With this update, the helper handles the fault message correctly and the enrollment process completes successfully.

BZ#691351

Previously, running the getcert command with an invalid Extended Key Usage parameter caused a segmentation fault. This happened because the command attempted to dereference a NULL pointer while attempting to report that the parameter value was not a valid OID (Object Identifier). With this update, certmonger reports that the OID validation failed and prints a message that the provided Extended Key Usage is invalid.

BZ#695672

Prior to this update, certmonger could have seemingly ignored the attempts to resubmit a certificate with changed Subject and Principal names. This occurred because the certificate changes were not saved if a certificate with the same nickname already existed in the certificate database. With this update, the certmonger utility removes the certificates with the respective nickname before storing the new certificate and the resubmit command works as expected.

BZ#695675

Previously, the certmonger service could have failed to resubmit certificates. This happened if the SELinux policy did not allow certmonger to write to the defined location for storing keys. With this update, the service reads information about the keys to verify that the keys had been generated and stored properly. If the reading fails, the keys are generated again.

BZ#696185

Previously, the getcert tool terminated unexpectedly with a segmentation fault if the user issued the getcert start-tracking command with changed values of the parameters Extended Key Usage, DNS, Email and Principal name. The command caused a buffer overflow in the getcert tool because the internal buffer in the getcert command was too small to hold four new values. This update enlarges the internal buffer of the command and the bug no longer occurs.

BZ#624143

The ipa-getcert and getcert commands did not accept the location of a passphrase, which could provide the encrypted keying material and allow monitoring of an already-issued certificate or key pair. This update adds the -p and -P options to the getcert start-tracking command, which allows the user to pass the utility a PIN either in a file or directly.

BZ#683926

Previously, the certmonger service did not support a verbose mode for the ipa-getcert command. This update adds the --verbose option to the command.

BZ#729803

When submitting a signing request to a Red Hat IPA (Identity, Policy, Audit) CA, certmonger is expected to authenticate using the client's host credentials, and to delegate the client's credentials to the server. Recent updates to libraries on which certmonger depends changed delegation of client credentials from a mandatory operation to an optional operation that is no longer enabled by default, which effectively broke certmonger's support for IPA CAs. This update gives certmonger the ability to explicitly request credential delegation when used with newer versions of these libraries, which introduce an API that allows certmonger to explicitly request that credential delegation be performed.

BZ#797844

When installing multiple Linux Standard Base (LSB) services which only had LSB headers, the stop priority of the related LSB init scripts could have been miscalculated and set to "-1". With this update, the LSB init script ordering mechanism has been fixed, and the stop priority of the LSB init scripts is now set correctly.

BZ#797843

When an LSB init script requiring the "$local_fs" facility was installed with the "install_initd" command, the installation of the script could fail under certain circumstances. With this update, the underlying code has been modified to ignore this requirement because the "$local_fs" facility is always implicitly provided. LSB init scripts with requirements on "$local_fs" are now installed correctly.

Bug Fixes

BZ#645127

While trying to mount a share (DFS or 'classic') with Kerberos, a "mount error(5): Input/output error" occurred due to a problem with the MIT krb5 libraries. cifs.upcall now sets the GSSAPI checksum properly in SPNEGO blobs. This is necessary for proper interoperability with EMC servers when using krb5 authentication, and allows for a successful mount .

BZ#667382

When mounting a share as root with kerberos, cifs.upcall used the ticket of root (/tmp/krb5cc_0) instead the one of the user specified with 'uid=' or 'user='. This was due to the --legacy-uid command line option for cifs.upcall not properly implementing. This patch ensures that it properly implements, allowing successful mounting of a share as root with kerberos.

BZ#669377

When two CIFS shares were mounted on the same server, each for a different user who had valid krb5 credentials, only the one mounted first could access the data. This was because cifs had a built in design limitation of a single set of credentials per mount. That limitation caused the implementation of a number of hacks to deal with it. With this patch mount.cifs now supports the 'cruid=' mount option, fixing this issue.

BZ#696951

mount.cifs did not handle numeric uid=, gid=, or cuid= options correctly, and would often return an error when they were specified. With this patch, a check is run to see if any error occurred by setting errno to 0 before the conversion. If one did then it will attempt to treat the value as a name, allowing them to be correctly handled.

Bug Fix

BZ#849047

Previously, it was not possible to specify start-up options to the dlm_controld daemon. As a consequence, certain features were not working as expected. With this update, it is possible to use the /etc/sysconfig/cman configuration file to specify dlm_controld start-up options, thus fixing this bug.

Bug Fixes

BZ#688201

cman quorum timeout is too short

BZ#595725

CMAN init script race condition has been fixed

BZ#617306

plock owner synchronization has been fixed

BZ#623810

plocks are now ignored until they written to their checkpoint

BZ#623816

plock signatures are now re-sent after a new totem ring forms

BZ#624844

post_join_delay now works after a loss and subsequent regain of quorum

BZ#634718

"service cman stop remove" now functions correctly

BZ#639018

Active cluster nodes with higher configuration version numbers are no longer killed when they join the cluster

BZ#577874

The ccs_tool man page no longer shows 'update' and 'upgrade' subcommands

BZ#614885

ccs_tool cluster configuration editing has been dropped

BZ#617234

The interaction between corosync and cman restarting independently of one another has been improved

BZ#617247

reporting of corosync's exit code has been improved

BZ#619874

cman_tool manual page no longer talks about "config version" as an argument to -r

BZ#620679

Qdiskd now stops voting and exits if removed from the configuration

BZ#624822

gfs_controld: fix plock owner in unmount

BZ#635413

Qdiskd now reports to users when the quorumd "label" attribute overrides the "device" attribute

BZ#636243

Qdiskd now has a hard limit on heuristic timeouts

BZ#649021

Pacemaker-specific versions of dlm_controld and gfs_controld have been removed since they are no longer required

BZ#657041

cman now allows users to select udpu (UDP unicast) corosync transport mechanism

BZ#663433

Qdiskd now assumes votes for each cluster node are 1 when not specified in cluster.conf

BZ#669340

The cman init script can no longer include an incorrect sysconf file

BZ#645830, BZ#618705, BZ#684020, BZ#629017, BZ#680172

The cluster.rng schema has been updated

BZ#680155

A memory leak in the XML parser has been fixed

BZ#688154

Heuristic checks are unreliable

BZ#688734

gfs2_convert no longer exits success without doing anything

BZ#628013

fsck.gfs2 was truncating directories with more than 100,000 entries

BZ#621313

fsck.gfs2 was processing some files twice

BZ#622576

fsck.gfs2 no longer crashes if journals are missing

BZ#632595

When mounting a gfs2 file system, the same device requested on the command line now appears in /proc/mounts and /etc/mtab

BZ#637913

gfs2_convert now resumes after an interrupted conversion

BZ#576640

fsck.gfs2 can now repair rgrps resulting from gfs_grow->gfs2_convert

BZ#624535

mkfs.gfs2 no longer segfaults with 18.55TB and -b512

BZ#656956

mkfs.gfs2 now supports discard request generation

BZ#663037

fsck.gfs2: reports master/root inodes as unused and fixes the bitmap

BZ#630005

gfs2_convert no longer corrupts the file system if the di_height is too large.

BZ#592964

Fenced now sends notifications over DBus

BZ#634623

gfs2_edit now outputs hexadecimal values in lower-case

BZ#634623

gfs2_edit now prints continuation blocks

BZ#634623

gfs2_edit's savemeta and restoremeta functions now report progress

BZ#674843

gfs2_edit has improved handling of corrupt file systems and enhanced

BZ#563901

It is now possible to prevent the cluster software from starting at boot using the kernel command line

BZ#560700

It is now possible to prevent the cluster software from starting at boot using the kernel command line

BZ#728247

Prior to this update, the "suborg" option was not allowed by the cluster configuration schema defined in the /usr/share/cluster/cluster.rng file. As a consequence, when the "suborg" option was specified for the fence_cisco_ucs agent, the cluster refused to validate the configuration schema. The "suborg" option is now properly recognized, which fixes the problem.

BZ#720100

Previously, when a custom multicast address was configured, the configuration parser incorrectly set the default value of the time-to-live (TTL) variable for multicast packet to 0. Consequently, cluster nodes could not communicate with each other. With this update, the default TTL value is set to 1, thus fixing this bug.

Bug Fix

635155

Fixes an issue in which, under certain error conditions, dapl could fail to properly clean up its internal state, potentially resulting in subsequent incorrect operation.

BZ#210200

Previous versions of coolkey would fail to operate correctly if the pcscd daemon in the pcsc-lite package was restarted. Proper operation could be restored by restarting the application which was using coolkey, for example, the Gnome screensaver or the Gnome login screen when used with a smart card login. With this update, applications no longer need to be restarted to function properly when the pcscd daemon is restarted.

BZ#630017

The su utility was previously not built with PIE and RELRO enabled, as they were in Red Hat Enterprise Linux 5. In this update, it is built as a PIE executable and is using RELRO protection.

BZ#628212

Previously, when reading a line longer than 16KiB, the tac utility reallocated its primary buffer. Before exiting, the tac utility tried to free the already freed original buffer, which caused a utility crash after a double free error displayed. This was fixed and the tac utility no longer frees an already freed buffer.

BZ#598631

Previously, the hardware control flow, DTRDSR, was implemented via TC{SG}ETX. This was changed to TC{SG}ET ioctl, which caused the CDTRDSR support in stty to fail. This was fixed to allow stty to correctly handle CDTRDSR control flow.

BZ#683799

Previously, the internalization patch for coreutils had an unsafe initialization of char* bufops that left bufops uninitialized or initialized to NULL on the first usage. This behavior called memmove from an incorrect address, namely from address 0 and size 0. This is now fixed and bufops is correctly initialized for the first use.

BZ#649224

Previously, when the multibyte LC_TIME differed from LC_CTYPE, an assertion failure caused the sort utility to crash irrespective of the parameters provided to it. This is fixed to prevent a crash when the sort utility is run and now works as expected.

BZ#660033

Previously, the information page about 8-bit octal values did not mention checking if the value was lower than 256. Due to this, when a command like "/bin/echo -e '\0610'" was used, the results were not accurate. This is now fixed to provide more accurate information about the behavior of octal values.

BZ#614605

Previously, when the dd utility used pipes, it read and wrote partial blocks. When the size of the block written was shorter than the specified maximum output block size, the "oflag=direct" would turn off, which resulted in degraded I/O performance. The workaround for this behavior, which involves the addition of "iflag=fullblock" is now available in the information documentation.

BZ#662900

Previously, documentation for tail command's --sleep-interval option did not outline the results of inotify support. This is now fixed and the documentation states that with inotify support, the --sleep-interval option is only relevant when the tail command reverts to the old polling-based method.

BZ#609262

Previously, the coreutils information page was not sufficiently clear about behavior when multiple parent and leaf node directories are created. This is now fixed to incorporate additional information in the coreutils information page about the @option mode and its behavior when combined with the --parents option.

Bug Fix

BZ#849552

Previously, the corosync-notifyd daemon, with dbus output enabled, waited 0.5 seconds each time a message was sent through dbus. Consequently, corosync-notifyd was extremely slow in producing output and memory of the Corosync server grew. In addition, when corosync-notifyd was killed, its memory was not freed. With this update, corosync-notifyd no longer slows down its operation with these half-second delays and Corosync now properly frees memory when an IPC client exits.

BZ#619496

Multicast emulation caused an extra delay to the multicast packet transmission, causing unnecessary retransmission of the packet. This update adds the "miss_count_const" constant allowing the user to specify how many times a message is checked before retransmission occurs.

BZ#619918

When denied permissions from SELinux, corosync failed with a segmentation fault. Corosync now passes an error back to the API user when it is unable to create a connection between the server and client instead of causing a segmentation fault.

BZ#613836

When provided an invalid multicast address, corosync failed without errors. This is now fixed, thus corosync displays an error when given an invalid multicast address.

BZ#639023

Corosync client libraries delayed for 2 seconds before they displayed an error on a shut down. This is now fixed, thus the exited flag value before and after sem_wait is checked. If the value is true, ERR_LIBRARY displays.

BZ#640311

The default TTL value in multicast was 1, preventing use on a routed network. The TTL value is now configurable in the corosync configuration file, thus multicast can now be used on a routed network.

BZ#684930, BZ#684920

BZ#640311 introduced a regression.

BZ#665165

Shared memory no longer is leaked if the corosync server unexpectedly exits while connected to corosync clients.

BZ#626962

Running multiple instances of corosync simultaneously would succeed, causing local node errors. This is now fixed to prevent initialization of multiple instances of corosync.

BZ#614104

If cman ran the corosync init script, it would cause the corosync init script to be blocked. This is now fixed to allow corosync to create a Pid file and to allow cman to run corosync.

BZ#629380

Corosync was unable to capture system events and notify the user about them. With this fix, SNMP MIB and daemon are added for system event notification via DBUS and SNMP.

BZ#675859

Member objects in corosync were not found due to validation failure. This is fixed with an addition to the objdb file, thus validation for SNMP/DBUS integration is now successful.

BZ#675741

The corosync build contained invalid version information, which caused rpmdiff to warn the user about version information changes. This was fixed, thus pkgconfig files are now correctly configured to display version as 1.2.3.

BZ#680258

Corosync rebuilds succeeded only on fresh installations due to a regression issue. This is now fixed, thus corosync now rebuilds on existing installations as well.

BZ#675099

A ring id file smaller than 8 bytes caused corosync to abort. This was fixed by recreating the ring id file, thus corosync now does not abort due to the ring id file.

BZ#677975

Inconsistent cluster.conf files amongst nodes caused a memory leak. This is now fixed, thus a configuration reload via cman_tool no longer causes a memory leak.

BZ#675783

During the recovery phase, aisexec exited unexpectedly, resulting in a lost network token. This is now fixed, thus aisexec no longer exits due to a lost token.

BZ#568164

UDPU transport is added, which simulates multicast via UDP unicast. This adds a third transport option to broadcast and multicast in a cluster.

BZ#688691

Fix abort that happens in rare circumstances during shutdown.

BZ#828431

Previously, it was not possible to activate or deactivate debug logs at runtime due to memory corruption in the objdb structure. With this update, the debug logging can now be activated or deactivated on runtime, for example with the command "corosync-objctl -w logging.debug=off".

BZ#810916

Previously, the underlying library of corosync did not delete temporary buffers used for Inter-Process Communication (IPC) that are stored in the /dev/shm shared memory file system. Therefore, if the user without proper privileges attempted to establish an IPC connection, the attempt failed with an error message as expected but memory allocated for temporary buffers was not released. This could eventually result in /dev/shm being fully used and Denial of Service. This update modifies the coroipcc library to let applications delete temporary buffers if the buffers were not deleted by the corosync server. The /dev/shm file system is no longer cluttered with needless data in this scenario and IPC connections can be established as expected.

BZ#791235

Previously, the range condition for the update_aru() function could cause incorrect check of message IDs. Due to this, in rare cases, the corosync utility entered the "FAILED TO RECEIVE" state, and so failed to receive multicast packets. With this update, the range value in the update_aru() function is no longer checked for; the fail_to_recv_const constant performs such checks. Now, corosync does not fail to receive packets.

BZ#726608

Previously, under heavy traffic, receive buffers sometimes overflowed, causing loss of packets. Consequently, retransmit list error messages appeared in the log files. This bug has been fixed, incoming messages are now processed more frequently, and the retransmit list error messages no longer appear in the described scenario.

BZ#727962

Previously, when a combination of a lossy network and a large number of configuration changes was used with corosync, corosync sometimes terminated unexpectedly. This bug has been fixed, and corosync no longer crashes in the described scenario.

BZ#734997

Prior to this update, when corosync ran the "cman_tool join" and "cman_tool leave" commands in a loop, corosync sometimes terminated unexpectedly. This bug has been fixed, and corosync no longer crashes in the described scenario.

BZ#583932

Manual pages for the cracklib-check, cracklib-format, and create-cracklib-dict utilities have been added.

BZ#627449

The Simplified Chinese (zh_CN) translation of one of the error messages the library can produce has been corrected, and no longer contains untranslated strings.

BZ#637735

On 64-bit x86 architectures, using the "bt" command to analyze core dumps from kernel 2.6.27 or later caused it to display an invalid "vgettimeofday" frame above the topmost "system_call_fastpath" frame, followed by two read error messages similar to the following:

bt: read error: kernel virtual address: ffffffffff600000  type: "gdb_readmem_callback"

This error no longer occurs, and the "bt" command now produces correct results for these kernels.

BZ#649050

When analyzing a KVM dump file from a 64-bit x86 guest system, the crash utility failed to determine the starting RIP and RSP hooks. This rendered it unable to produce a correct backtrace for tasks that were either running in user space when the "virsh dump" operation was performed on a live guest, or that were running on interrupt or exception stacks. With this update, the RIP and RSP hooks for a particular dump file are now determined by using the content of the per-CPU registers in the CPU device format. As a result, the "bt" command no longer produces incorrect backtraces for such dump files.

BZ#649051

When analyzing a KVM dump file from an x86 guest system, the crash utility was unable to determine the starting EIP and ESP hooks, and produced an invalid backtrace. With this update, the crash utility has been updated to use the 64-bit CPU device format in x86 KVM dump files by default, and only use the 32-bit format when it is determined that the host machine was running a 32-bit kernel. As a result, running the "bt" command when analyzing such a dump file now produces a correct backtrace.

BZ#649053

When creating a KVM dump file, the "virsh dump" operation marks all non-crashing CPUs as offline. Due to an incorrect use of the "cpu_online_map" mask to determine the CPU count, previous version of the crash utility may have reported a wrong number of CPUs when analyzing dumps created by the "virsh dump" command on x86 guest systems. With this update, the underlying source code has been adapted to use the "cpu_present_map" mask instead, so that the crash utility reports the correct number of CPUs.

BZ#682129

Prior to this update, an attempt to display a backtrace of a non-active swapper task on a 32-bit x86 architecture could cause the crash utility to display the following message:

bt: cannot resolve stack trace:
#0 [c09f1ef4] ia32_sysenter_target at c08208ce

This update applies a patch that resolves this issue, and the crash utility now resolves such backtraces as expected. Additionally, this update ensures that the crash utility is no longer negatively affected by the changes that were introduced in kernel 2.6.32-112.

BZ#633449

The crash utility has been updated to provide support for dump files created on the IBM System z architecture.

BZ#637197

The crash utility now supports compressed and/or filtered dump files generated by the makedumpfile utility on IBM System z.

Enhancement

654066

This updated crda package enhances the kernel with the most current information with regard to wireless regulatory rules, and ensures that these updated rules are enforced.

BZ#615107

The initscript output written to /var/log/boot.log contained a double output of "OK", printed by /etc/init.d/crond and daemon. This error has been corrected: the echo from /etc/init.d/crond is removed, thus the output is now as expected.

BZ#624043

Cronie didn't close file descriptor, which caused other applications such as anacron that are subsequently started by cronie to inherit the file descriptor. This caused SELinux to prevent /bin/bash access. With this update, the file descriptor is no longer inherited by other applications, thus SELinux no longer prevents /bin/bash access.

BZ#675077

An incorrect option in the bash script caused anacron to run daily instead of hourly if the /var/spool/anacron/cron.daily file existed. The error has been corrected: the bash script option is fixed and anacron now runs once a day if the /var/spool/anacron/cron.daily file exists.

BZ#676040

RELRO flags were previously not set by default from crond. This is now fixed so that cronie is compiled with RELRO protection enabled.

BZ#676081

The /usr/bin/crontab was set to use both setuid and setgid permissions, but this was changed to use only setuid.

BZ#677364

Multiple code quality improvements were made, which include: - In src/crontab.c, mkstemp expects six X's to be replaced with digits at the end of each filename. This fix removes the extra X's. - In src/security.c, ccon was not freed after a return. This is fixed and ccon is now freed using context_free. - In anacron/run_job.c, fdin was tested before being initialized. This is fixed to ensure that fdin is now initialized prior to testing.

BZ#612963

Previously, cryptsetup printed twice the error message notifying the user that the queried device did not exist. With this update, the underlying code was changed and the error message is displayed once.

BZ#623121

Prior to this update, when the user attempted to encrypt a device with the MD4 or MD5 hash algorithm, cryptsetup did not alert the user that the encryption with those algorithms was not supported, had failed, and that therefore the device could not be used. With this update, cryptsetup terminates the process and prints a message advising the user to check if the required encryption method is supported.

BZ#674825

Previously, cryptsetup did not remove keys as soon as possible from device control buffers and therefore did not follow FIPS (Federal Information Processing Standard). With this update, the underlying code has been changed and the keys are removed from the buffers as soon as possible.

BZ#677634

Previously, if the user issued the "cryptsetup luksRemoveKey" command with the "--key-file" parameter, the command removed the key defined in the standard input. With this update, such command removes the key defined in the "--key-file" parameter.

BZ#692512

Prior to this update, when updating with the "yum update" command, the device-mapper-libs package was not updated. This occurred because the previous version of the cryptsetup package was compatible with any version of the package. This update adds the dependency to the cryptsetup package and the device-mapper-libs is updated to provide the compatible device-mapper-libs package.

BZ#693371

Previously, when running in FIPS mode, the salt for PBKDF2 (Password-Based Key Derivation Function) was generated with the /dev/urandom device. According to NIST Special Publication 800-132, all or a portion of the salt must be generated with an approved random number generator. With this update, the salt is generated with the FIPS RNG (Random Number Generator) and the criterion is met.

BZ#663869

With this update, cryptsetup uses a FIPS certified random number generator for generation of volume keys when running in FIPS mode.

BZ#663870

This update adds the integrity check of the cryptsetup binary and library for FIPS mode.

BZ#713456

When the cryptsetup or libcryptsetup utility was run in FIPS (Federal Information Processing Standards) mode, the "Running in FIPS mode." message was displayed during initialization of all commands. This sometimes caused minor issues with associated scripts. This bug has been fixed and the message is now displayed only in verbose mode.

BZ#709055

Previously, the libcryptsetup crypt_get_volume_key() function allowed to perform an action not compliant with FIPS. To conform FIPS requirements, the function is now disabled in FIPS mode and returns an EACCES error code to indicate it.

Note that the "luksDump --dump-master-key" command and the key escrow functionality of the volume_key package are also disabled in FIPS mode as a consequence of this update.

BZ#580604

Some printers were incorrectly reporting ink and toner levels via SNMP backend. Support for an SNMP quirk has been added and enabled via the PPD file.

BZ#614908

Previously, lpstat -p always reported job id as '-0'. This was because the jobstate was never IPP_JOB_PROCESSING due to an SVN revision upstream. This patch fixes this issue by adding the attributes needed for jobs.

BZ#616864

The previous 8MB default RIP cache size was insufficient for modern high-resolution (color/photo) printing. This was because filters such as pstoraster could fail. This update increases the default RIP cache size to 128MB to fix this issue.

BZ#624441

If the cupsd daemon was stopped while a job was being sent to a printer using a given backend, that backend was restarted multiple times before the CUPS scheduler actually terminated. In this updated package, the CUPS scheduler tracks whether it is shutting down and does not automatically start new jobs if so.

BZ#632180

The 'restartlog' action was missing in Initscript usage output, preventing its usage. This update adds it.

BZ#634931

Several rpmlint errors and warnings were fixed: - fixing the character encoding in CREDITS.txt - marking the D-Bus configuration file as config file - not marking MIME types and convs files as config files (overrides can be placed as new *.types/*.convs files in /etc/cups) - not marking banners as config files, instead new banners are provided - not marking initscript as a config file - not marking templates and www files as config files, instead a different ServerRoot setting is used to provide local overrides. Please note that a recent security fix required a change to template files - providing a versioned LPRng symbol for rpmlint - using mode 0755 for binaries and libraries where appropriate - moving /etc/cups/pstoraster.convs to /usr/share/cups/mime/ - moving the cups-config man page to the devel sub-package

BZ#642448

Red Hat Enterprise Linux 4 CUPS clients use the character set specified in LANG as the charset attribute in CUPS IPP requests, where Red Hat Enterprise Linux 5 and 6 ignore this, leading to incompatibilities. In these updated packages the CUPS server has been adjusted so that non-UTF-8 clients (e.g. Red Hat Enterprise Linux 4 clients) continue to be accepted.

BZ#646814

The subpackage cups-php consumed library libcups.so2 from subpackage cups-libs even though it did not have an explicit package version requirement. In this update cups-php subpackage now explicitly requires cups-libs of the same version and release.

BZ#654667

The ipp, socket and lpd backends were treating name resolution failures as a permanent error. Because these types of failures can be temporary, the tolerance for DNS failures has been added.

BZ#659692

Previously, the CUPS service did not stop normally if it was running when halting the system or a reboot was performed. Instead, it had to be killed in the final stage of reboot or shut down. This update fixes Initscript so the service is correctly stopped on reboot or halt.

BZ#668010

When the cupsd daemon was running with SELinux features enabled, the file descriptor count was increasing over time until its resources ran out. With this update, the resources are allocated only once so they do not leak file descriptors.

BZ#672614

There was a small typo in sample snmp.conf file. It is fixed in this update.

BZ#736304

The MaxJobs directive controls the maximum number of print jobs that are kept in memory. Previously, once the number of jobs reached the limit, the CUPS system failed to automatically purge the oldest completed job from the system to make room for a new one. This bug has been fixed, and the jobs beyond the limit are now properly purged in the described scenario.

Security Fix

CVE-2011-2192

It was found that cURL always performed credential delegation when authenticating with GSSAPI. A rogue server could use this flaw to obtain the client's credentials and impersonate that client to other servers that are using GSSAPI.

BZ#690273

libcurl introduced a segfault where a RHEL 6.1 machine registered at RHN would result in a segmentation fault (core dumped) after running "yum clean all" and "yum update" respectively. "CERT_GetDefaultCertDB" is now used to prevent a segmentation fault after the "yum clean all" and "yum update" sequence.

BZ#623663

libcurl HTTPS connections failed with a CURLE_OUT_OF_MEMORY error when given a certificate file name without a "/". This is now fixed to treat such a string as certificate nickname and if a file with the same name exists and libcurl runs in verbose mode, a warning is issued. The updated documentation now suggests to use the "./" prefix to load a file from the current directory.

BZ#669048

A rebuild operation for curl failed if the libnih-devel package was installed. This is now fixed to allow a rebuild whether libnih-devel is installed, not installed or has a broken installation.

BZ#669702

libcurl ignored the CA path provided in CURLOPT_CAPATH and consequently curl ignored the "--capath" argument provided. This is fixed so that libcurl now uses the value provided with the "--capath" argument.

BZ#670802

libcurl leaked memory and eventually resulted in a failed NSS shutdown when more than one CA certificate was loaded. This is now fixed so that libcurl works as expected when more than one CA certificates is loaded.

BZ#678594

libcurl leaked memory when an SSL connection failed. This is now fixed to prevent the memory leak during an SSL connection failure.

BZ#651592

libcurl FTP protocol implementation was unable to handle server session timeouts correctly. This is now fixed so that libcurl drops the connection when a 421 timeout response is received.

BZ#655134

libcurl failed when an LDAP request was sent using curl through a HTTP proxy in tunnel mode (curl option "-p" or "--proxytunnel"). Curl tried to connect directly to the LDAP server via the proxy port and consequently failed. This is now fixed to allow libcurl LDAP connections through HTTP proxies to work as expected.

BZ#625685

libcurl was unable to authenticate http proxies via Kerberos. This is now fixed and libcurl can successfully authenticate http proxies via Kerberos.

BZ#678580

When libcurl connected a second time to an SSL server with the same server certificate, the server's certificate was not re-authenticated because libcurl confirmed authenticity before the first connection to the server. This is fixed by disabling the SSL cache when it is not verifying a certificate to force the verification of the certificate on the second use.

BZ#684892

Kerberos authentication was broken for reused curl handles, which prevented "git clone"' from working with Kerberos authenticated web servers. This is now fixed to allow "git clone" operations to successfully authenticate and carry out operations.

BZ#694294

It was not possible to use two distinct client certificates to connect two times in a row to the same SSL server. This is now fixed to allow two different client certifications to connect to the same SSL server.

BZ#727884

As a solution to a security issue, GSSAPI credential delegation was disabled, which broke the functionality of the applications that were relying on delegation, which was incorrectly enabled by libcurl. To fix this issue, the CURLOPT_GSSAPI_DELEGATION libcurl option has been introduced in order to enable delegation explicitly when applications need it. All applications using GSSAPI credential delegation can now use this new libcurl option to be able to run properly.

Security Fix

CVE-2011-1926

It was discovered that cyrus-imapd did not flush the received commands buffer after switching to TLS encryption for IMAP, LMTP, NNTP, and POP3 sessions. A man-in-the-middle attacker could use this flaw to inject protocol commands into a victim's TLS session initialization messages. This could lead to those commands being processed by cyrus-imapd, potentially allowing the attacker to steal the victim's mail or authentication credentials.

Security Fix

CVE-2011-3208

A buffer overflow flaw was found in the cyrus-imapd NNTP server, nntpd. A remote user able to use the nntpd service could use this flaw to crash the nntpd child process or, possibly, execute arbitrary code with the privileges of the cyrus user.

Security Fixes

CVE-2011-3372

An authentication bypass flaw was found in the cyrus-imapd NNTP server, nntpd. A remote user able to use the nntpd service could use this flaw to read or post newsgroup messages on an NNTP server configured to require user authentication, without providing valid authentication credentials.

CVE-2011-3481

A NULL pointer dereference flaw was found in the cyrus-imapd IMAP server, imapd. A remote attacker could send a specially-crafted mail message to a victim that would possibly prevent them from accessing their mail normally, if they were using an IMAP client that relies on the server threading IMAP feature.

BZ#626541

Under certain circumstances, when a thread was waiting on dapls_evd_dto_wait() and the thread received a signal, the function would return an incorrect error code, resulting in the application failing rather than retrying the request.

BZ#626541

Previously, the function dapls_evd_dto_wait() returned, under certain circumstances, an error code when a thread was waiting on the function and the thread received a signal. Due to this behavior, the application failed. With this update, the application retries the request.

BZ#636596

Previously, applications that utilize uDAPL could not use the RDMA over converged Ethernet (RoCE) feature. This update adds these additional entries to the dat.conf file.

BZ#649360

The dat_ia_open() function could, under certain circumstances, fail to return. With this update, the function returns as expected.

BZ#667742

Under certain circumstances dapl could fail to clean up its internal state, resulting in subsequent usage of the library to fail. With this update, the internal state is cleaned up as expected and the library can be used without further problems.

BZ#637980

Previously, dapl could, under certain circumstances, fail to free allocated memory, potentially causing the application to run out of memory and fail. Now, dapl frees all allocated memory.

Security Fix

CVE-2011-2200

A denial of service flaw was found in the way the D-Bus library handled endianness conversion when receiving messages. A local user could use this flaw to send a specially-crafted message to dbus-daemon or to a service using the bus, such as Avahi or NetworkManager, possibly causing the daemon to exit or the service to disconnect from the bus.

Bug Fixes

BZ#863462

When certain multipathd threads started their operation, they did not check if the multipathd daemon was being shut down. Consequently, multipathd could terminate unexpectedly with a segmentation fault on shutdown. With this update, the multipathd threads properly quit if they detect multipathd is shutting down and the crashes no longer occur.

BZ#866553

Previously, multipathd was removing a map twice if it failed to create a multipath device when adding a path device. Consequently, multipathd accessed already freed memory and in some cases terminated unexpectedly when a new path device was added. With this update, multipathd no longer performs the second remove operation and the crashes no longer occur in the described scenario.

BZ#611779

If you sent the multipathd daemon a command consisting only of spaces, the daemon terminated unexpectedly with a segmentation fault. With this update, the daemon is able to handle such commands and no longer crashes in this circumstance.

BZ#635088

Prior to this update, the daemon occasionally grouped paths incorrectly because the multipathd daemon did not recalculate path groups when restoring paths. Now, when a new path goes online, the multipathd daemon verifies whether it needs to recalculate path groups, and refreshes and reads all priorities.

BZ#636071

Previously, if the user edited configuration information with the mpathconf command, the process could have failed. This happened when the user ran the command without any additional arguments due to a conflict of the environment variable DISPLAY with the program variable DISPLAY. With this update, all variables are unset when the script is started and the DISPLAY program variable is renamed. The environment variable DISPLAY remains unchanged when the mpathconf is issued and the command works as expected.

BZ#645605

The DM-Multipath application marked paths as failed if it was unable to determine if a path was offline. With this update, multipath calls the path_checker function to determine the path state in such cases and the problem no longer occurs.

BZ#650797

Previously, multipathd displayed no tgt_node_name value for iSCI devices. This occurred because multipath used the FC (Fibre Channel) path from the sysfs file system to obtain tgt_node_name for iSCI devices. With this update, multipath first tries to acquire the FC path. If it fails, it uses the iSCI target name for the device.

BZ#651389

Previously, if you set dev_loss_tmo to a value greater than 600 in multipath.conf without setting the fast_io_fail_tmo value, the multipathd daemon failed to apply the setting. With this update, the multipathd daemon sets dev_loss_tmo for values over 600 correctly, as long as fast_io_fail_tmo is also set in the /etc/multipath.conf file.

BZ#662731

DM-Multipath could have terminated unexpectedly if the multipath.conf file contained parameters with no value. This occurred because it was trying to acquire the string length of an optional value before verifying that a value was actually defined. With this update, multipathd first checks if the value exists and the bug is fixed.

BZ#622569

On a non-disruptive upgrade (NDU), all paths to EMC Symmetrix arrays could have failed, which caused multipathd to fail all outstanding input/output. DM-Multipath now has a new default configuration for EMC Symmetrix arrays that queues input/output for up to 30 seconds if all paths are down and the problem no longer occurs.

BZ#623644

The multipathd daemon consumed excessive memory when iSCI devices were unloaded and reloaded. This occurred because the daemon was caching unnecessary sysfs data, which caused memory leaks. With this update, multipathd no longer caches these data; it frees the data when the associated device is removed.

BZ#680480

During a double path failure, the sysfs device file is removed and the sysdev path attribute is set to NULL. The sysfs device cache is indexed by the actual sysfs directory, and /sys/block/pathname is a symlink. Prior to this update, if the path was deleted, multipathd was not able to find the actual directory, which /sys/block/pathname pointed to, and searched the cache. With this update, multipathd verifies that sysdev has NULL value before updating it.

BZ#681144

When a path was removed, the multipathd daemon did not always remove the path sysfs device from its cache. The daemon kept searching the cache for the device and created sysfs devices without the vecs lock held. Because of this, paths could have pointed to invalid sysfs devices and caused multipathd to crash. The multipathd daemon now always removes the sysfs device from cache when deleting a path and accesses the cache only with the vecs lock held.

BZ#576919

The log_checker_err option was added to the multipath.conf defaults section. By default, the option is set to always and a path checker error is logged continuously. If set to once, multipathd logs a path checker error once at logging level 2. Any later errors are logged at level 3 until the device is restored.

BZ#599690

Previously, the defaults section of the multipath.conf man page implied that the settings defined in the section became default and overrode the implied settings. Since the HWTABLE cannot be overridden, the wording of the man page has been changed.

BZ#628095

Previously, DM-Multipath did not print any messages when errors were detected in the multipath.conf file. With this update, multipath prints warning messages that inform the user that the configuration files contains invalid or duplicate options and the bug is fixed.

BZ#632734

This update adds the default configuration for Virtual SCSI disks.

BZ#633643

This update adds the default configuration for NEC Storage M.

BZ#636213

This update adds the default configuration for HP P2000.

BZ#636246

This update adds the default configuration for HP OPEN devices.

BZ#644111

If the initramfs file system was not rebuilt when a new storage device was added to the system, the new device could have been assigned a user_friendly_names value that matched the user_friendly_names value already-assigned to another device. This device then stopped working correctly. The multipathd daemon now accepts a -B option, which makes the user_friendly_names bindings file read-only. When initramfs calls multipath with the -B option, devices without a binding to a user_friendly_names use their World Wide Identifier (WWID).

BZ#650664

Previously, the DM-Multipath did not prompt the user to increase the maximum number of open file descriptors (max_fds) if it failed to open a file descriptor due to receiving an EMFILE error. With this update, it prints out a message advising the user to do so.

BZ#602883

Previously, the multipathd deamon printed add map messages whenever it received a change uevent. In order not to clutter logs, multipathd now only prints add map messages for the change uevents of the devices that are not yet monitored.

BZ#639037

Previously, DM-Multipath did not set a default value for the no_path_retry parameter for Hitachi R700 devices. With this update, the parameter value for the devices is set to 6 by default.

BZ#696157

The multipathd daemon could have terminated unexpectedly with a segmentation fault on a multipath device with the path_grouping_policy option set to the group_by_prio value. This occurred when a device path came online after another device path failed because the multipath daemon did not manage to remove the restored path correctly. With this update multipath removes and restores such paths correctly.

BZ#802431

Device-Mapper Multipath uses certain regular expressions in the built-in device configurations to determine a multipath device so that the correct configuration can be applied to the device. Previously, some regular expressions for the device vendor and product ID were set too broad. As a consequence, some devices could be matched with incorrect device configurations. With this update, the product and vendor regular expressions have been set more strict so that all multipath devices can now be properly configured.

BZ#732384

When deleting a multipath device while checking a path, the multipathd daemon did not abort the path check. As a consequence, the daemon terminated when trying to access multipath device information. The problem has been fixed and the multipathd daemon now aborts the path check when deleting a multipath device.

Security Fixes

CVE-2011-2748, CVE-2011-2749

Two denial of service flaws were found in the way the dhcpd daemon handled certain incomplete request packets. A remote attacker could use these flaws to crash dhcpd via a specially-crafted request.

BZ#625846

Previously, it was impossible to configure the dhcrelay service to run the dhcrelay daemon with additional arguments. With this update, a DHCRELAYARGS variable is available for the /etc/sysconfig/dhcrelay configuration file, which allows additional arguments to be passed to the dhcrelay daemon properly.

BZ#627257

Previously, the dhclient utility did not log its PID (process identifier) in syslog entries, making troubleshooting in systems with multiple running dhclients difficult. Now, the dhclient utility logs its PID properly.

BZ#631071

Previously, the dhclient utility sometimes parsed date strings in lease files incorrectly, resulting in syntax error messages in its output. This bug has been fixed and the dates in the lease files are now parsed with no error messages given.

BZ#637763

When the dhclient utility was updating a "search" entry in the /etc/resolv.conf file, it sometimes did not add a missing domain part. This was inconsistent with NetworkManager behavior. Now, while updating the "search" entry, the dhclient utility always adds the domain part of the host name given to the client if it is missing.

BZ#672551

Previously, the dhcpd service with IPv6 support sometimes created a lease file that it was unable to parse. Consequently, once the service was restarted, it went into a loop and could not start. This bug has been fixed and now the service is able to properly parse all lease files it generates.

BZ#681721

DHCP servers at some ISPs send to clients the "interface-mtu" option with the value of 576. Such a low MTU (Maximum Transmission Unit) can cause throughput problems with UDP traffic, among other things. With this update, the dhclient utility now sets the interface MTU only if the value obtained from the server is higher than 576.

BZ#613683

Previously, the dhclient package was missing its LICENSE file. With this update, the file has been added.

BZ#558641

The dhcp package now provides an implementation of Classless Static Route Options for DHCPv4 (RFC 3442). It can supply network route configuration to a large number of hosts without individual configuration of each one.

BZ#660681

The dhcp package now provides support for IPoIB (IP over InfiniBand) interfaces.

BZ#744690

Previously, extended records for Memory Device (DMI type 17) and Memory Array Mapped Address (DMI type 19) DMI types were missing from the dmidecode utility output. With this update, dmidecode has been upgraded to upstream version 2.11, which updates support for the SMBIOS specification to version 2.7.1, thus fixing this bug.

Security Fixes

CVE-2010-3780

A flaw was found in the way Dovecot handled SIGCHLD signals. If a large amount of IMAP or POP3 session disconnects caused the Dovecot master process to receive these signals rapidly, it could cause the master process to crash.

CVE-2010-3707

A flaw was found in the way Dovecot processed multiple Access Control Lists (ACL) defined for a mailbox. In some cases, Dovecot could fail to apply the more specific ACL entry, possibly resulting in more access being granted to the user than intended.

BZ#637056

This erratum upgrades Dovecot to upstream version 2.0.9, providing multiple fixes for the "dsync" utility and improving overall performance. Refer to the "/usr/share/doc/dovecot-2.0.9/ChangeLog" file after installing this update for further information about the changes.

Security Fix

CVE-2011-1929

A denial of service flaw was found in the way Dovecot handled NULL characters in certain header names. A mail message with specially-crafted headers could cause the Dovecot child process handling the target user's connection to crash, blocking them from downloading the message successfully and possibly leading to the corruption of their mailbox.

BZ#595096

When attempting to boot with MD RAID, udev issued error messages about a missing label because dracut was in the process of rewriting the udev rules files while udev attempted to parse them. dracut now creates temporary rules files, and creates a file for udev's use when the file is considered complete.

BZ#610466

Running mkinitrd alone does not override an existing initramfs image. When this is attempted, the message stated that the --force parameter should be used, but mkinitrd only supported the short version -f of this parameter. --force was added to mkinitrd as the long version.

BZ#626389

When booting an IMSM/ISW RAID with dmraid, the mdadm package must be added to a system that has a kickstart minimal install with the noiswmd or rd_NO_MDIMSM parameters specified.

BZ#630911

When multipath is configured to use user-friendly names, it stores the binding between the wwid and the alias in /etc/multipath/bindings. multipath uses this file in initramfs when creating devices during early boot, and in the root file system during normal operation. These files were not synchronized during initramfs creation, which resulted in naming conflicts that prevented new multipath devices from being created after boot. To work around this, the bindings for the devices in /etc/multipath/bindings must be included in the initramfs. This can be done by running dracut -f.

BZ#636668

dracut did not include all multipath configuration files needed for multipath to include the root device in the multipath listing. dracut now copies over the entire /etc/multipath directory to the initramfs.

BZ#640979

dracut used all network configuration parameters from the kernel command line, but did not honor any configuration settings in the iBFT. dracut now parses the iBFT settings to set up the network if the ip=ibft parameter is specified on the kernel command line.

BZ#642083

dracut did not include multipath in the generated generic initramfs, if the host on which it was running had no multipath root device. multipath support is now added to the initramfs unconditionally.

BZ#645799

Previously, dracut had a hard-wired dependency on vconfig; this dependency is no longer required, and has been removed.

BZ#650959

When operating with LVM snapshot volumes, I/O errors could occur because the udev rules in the initramfs did not exclude those volumes and kept them busy. The udev rules in the initramfs were updated to honor the DM_UDEV_DISABLE_OTHER_RULES_FLAG, which fixes this issue.

BZ#669438

cryptsetup was required to perform verification when a system attempted to run in FIPS mode. However, the verification check failed because several checksum files were missing from initramfs, which resulted in all encrypted devices not being activated. The missing checksum files have been replaced, and this issue no longer occurs. Note however that the dracut-fips must be installed at initramfs creation time.

BZ#674238

When multipath ran in the initramfs with user_friendly_names set, if it did not find existing mappings in /etc/multipath/bindings, it created new mappings. These mappings could conflict with the user_friendly_names set in the normal filesystem's /etc/multipath/bindings file. dracut now starts the multipathd daemon with the new -B option so that multipath treats the initial bindings file as read-only.

BZ#675118

The USE_BIOSDEVNAME variable in the parse-biosdevname.sh script was not initialized correctly, which caused an unexpected operator error. This issue was discovered and corrected during development, and did not occur in any production system in the field.

BZ#676018

If a user started dracut with the -l or --local parameter, or set the dracut base directory via the dracutbasedir environment variable, dracut wrote its log to /tmp/dracut.log, which could possibly allow local users to overwrite arbitrary files that were writable to the user running dracut, via a symlink attack. dracut now stores the logfile in $HOME/dracut.log, when in -l or --local mode, if /var/log/dracut.log is not writeable.

BZ#678294

The /var/log/dracut.log file was not created automatically, preventing dracut from writing its logs. dracut now creates its log files if they do not exist.

BZ#691419

The boot parameter did not work when the machine was booted in FIPS mode, resulting in numerous mount errors, failed FIPS integrity tests, and dracut refusing to continue. This issue has been corrected, and the boot parameter can now be used to specify a boot device, as expected.

BZ#692843

If FIPS mode is enabled and the root partition is encrypted, /boot must reside on a non-encrypted, plain (no LVM or RAID) partition, which can be specified with boot=<boot partition> as a boot option on the kernel command line.

BZ#692939

After installing to a remote logical unit via Fibre Channel over Ethernet (FCoE), the root device could not be found, resulting in kernel panic. This occurred because the MAC address and interface for the FCoE device was not defined correctly. Installing to a remote logical unit via FCoE now works.

BZ#696131

The fips.sh script did not wait for the boot drive to be created, which resulted in an error because the file system type did not exist yet. This has been corrected, and the script now waits for the boot drive to be identified.

BZ#634013

Previously all information about the network interfaces to boot from was read from the kernel command line. dracut was extended to use network interface configuration from the OptionROM, if fcoe=edd:nodcb or fcoe=edd:dcb is specified on the kernel command line. ifname= is not needed in this case.

BZ#645648

dracut has been updated to support the new kernel boot option, rdinsmodpost=[module], which allows a user to specify a kernel module to be loaded after all device drivers are loaded automatically.

BZ#670925

dracut now includes the kernel module aes-xts in the initramfs, adding support for FIPS-140.

BZ#677340

A new module, dracut-caps has been added to let users omit selected dracut capabilities, and set one or more sysctl parameters.

BZ#689694

Support has been added for the Emulex Tiger Shark adapter for iSCSI.

BZ#692781

Support for several Broadcom drivers (bnx2, bnx2x and bnx2i) has been added to dracut-network.

BZ#728549

The dm-mod and dm-crypt kernel modules were missing from the list of kernel modules which are pre-loaded for the FIPS-140 (Federal Information Processing Standards) check. With this update, these modules have been added to the list. This update also introduces the dracut-fips-aesni subpackage which should be installed if the aesni-intel module is used in FIPS mode.

BZ#599338

The e2fsprogs package appeared to contain several regressions because of a number of type-punning issues caused by flags used during the process of building Red Hat Enterprise Linux. Additionally, e2fsprogs had a dependency on libcom_err that was not linked to a specific version of libcom_err. A specific version has been defined to prevent interoperability issues between packages.

BZ#631593

The badblocks command aborted with the error "badblocks: File too large while trying to determine device size" when attempting to run on a 16TB file system. This was caused by a bug in the badblocks command, which this bug fixes, resolving the issue.

BZ#654093

A device that is exactly 16T in size was too large to be opened by the resize2fs utility and attempting to resize some large file systems may remove the resize inode feature if no reserved blocks were left after the operation. This resulted in resize2fs to fail on that device, and resizing a file system close to 16T could remove the resize inode, making further resizing impossible. This patch treats 16T file systems as 16T - 4k, as mkfs does, allowing them to be manipulated by the resize2fs utility, resulting in ext3 and ext4 file systems now able to be resized on devices exactly 16T in size. Do not, however, remove resize inode even if 0 reserved blocks remain, so that subsequent downward resizes are still possible.

BZ#643390

When a value greater than INT_MAX (2147483647) was specified as the argument to mke2fs -G <number of groups>, the command did not complete. This was because the argument for int_log2() was "int", therefore when a value exceeding INT_MAX is specified for the -G option, the value of "arg" overflows. Also, e2fsprogs only supports 2^32 block file systems so asking for anything greater cannot be honored. Therefore, this patch rejects a number that overflows, and restricts it to INT_MAX+1 so the result does not wrap. This resolves the issue.

BZ#653234

The filefrag command occasionally returned an incorrect number of extensions, returning 0 instead of 1 when using the -v extension. In this patch, special-casing the number of extensions returned in verbose mode and skipping the printing of the header for columns resolves this issue.

Enhancement

BZ#642394

Auditing support is added to create a kernel audit record that records the information flow between a host, guest, and other network entities.

Security Fix

CVE-2010-4647

A cross-site scripting (XSS) flaw was found in the Eclipse Help Contents web application. An attacker could use this flaw to perform a cross-site scripting attack against victims by tricking them into visiting a specially-crafted Eclipse Help URL.

Bug Fixes

BZ#622713

Incorrect URIs for GNU Tools in the "Help Contents" window have been fixed.

BZ#622867

The profiling of binaries did not work if an Eclipse project was not in an Eclipse workspace. This update adds an automated test for external project profiling, which corrects this issue.

BZ#668890

Running a C/C++ application in Eclipse successfully terminated, but returned an I/O exception not related to the application itself in the Error Log window. With this update, the exception is no longer returned.

BZ#669819

The eclipse-mylyn package showed a "20100916-0100-e3x" qualifier. The qualifier has been modified to "v20100902-0100-e3x" to match the upstream version of eclipse-mylyn.

BZ#673174

Installing the eclipse-mylyn package failed and returned a "Resource temporarily unavailable" error message due to a bug in the packaging. This update fixes this bug and installation now works as expected.

BZ#678364

Building the eclipse-cdt package could fail due to an incorrect interaction with the local file system. Interaction with the local file system is now prevented and the build no longer fails.

BZ#679543

The libhover plug-in, provided by the eclipse-cdt package, used binary data to search for hover topics. The data location was specified externally as a URL which could cause an exception to occur on a system with no Internet access. This update modifies the plug-in so that it pulls the needed data from a local location.

Security Fixes

CVE-2011-1831

A race condition flaw was found in the way mount.ecryptfs_private checked the permissions of a requested mount point when mounting an encrypted file system. A local attacker could possibly use this flaw to escalate their privileges by mounting over an arbitrary directory.

CVE-2011-1832

A race condition flaw in umount.ecryptfs_private could allow a local attacker to unmount an arbitrary file system.

CVE-2011-1834

It was found that mount.ecryptfs_private did not handle certain errors correctly when updating the mtab (mounted file systems table) file, allowing a local attacker to corrupt the mtab file and possibly unmount an arbitrary file system.

CVE-2011-1835

An insecure temporary file use flaw was found in the ecryptfs-setup-private script. A local attacker could use this script to insert their own key that will subsequently be used by a new user, possibly giving the attacker access to the user's encrypted data if existing file permissions allow access.

CVE-2011-1837

A race condition flaw in mount.ecryptfs_private could allow a local attacker to overwrite arbitrary files.

CVE-2011-3145

A race condition flaw in the way temporary files were accessed in mount.ecryptfs_private could allow a malicious, local user to make arbitrary modifications to the mtab file.

CVE-2011-1833

A race condition flaw was found in the way mount.ecryptfs_private checked the permissions of the directory to mount. A local attacker could use this flaw to mount (and then access) a directory they would otherwise not have access to. Note: The fix for this issue is incomplete until a kernel-space change is made. Future Red Hat Enterprise Linux 5 and 6 kernel updates will correct this issue.

BZ#632665

Previously, the edac-utils initscript did not use the standard error codes of other initscripts because several mandatory actions were missing. This update implements the initscript actions "condrestart", "try-restart", "force-reload" and sets the return values for each action accordingly. Now, the initscript uses the standard error code.

BZ#640113

This update extends the maximum number of channels from 2 to 6, in order to allow it to work with some designs that have 4 channels on FB-DIMM motherboards, e.g. the ones with Intel 7300 chipset. By default, this update identifies the motherboard via BIOS DMI board information. If not available, it will fallback to use DMI system information.

BZ#612280

Due to missing support for 4KB disk sectors, an attempt to use the efibootmgr utility to create a boot option on such a device caused the utility to fail with the following error message:

    Error: no partition information on disk [device].
    Cowardly refusing to create a boot option.

This update adapts the efibootmgr utility to provide support for 4KB disk sectors, resolving this issue.

BZ#652858

After prelink had been run on the system, using SystemTap user-space probes that targeted functions or statements in certain shared libraries, or executables based on a separate debuginfo file, caused resolution to the wrong PC location in a linked binary. As a result, the intended probes failed to fire at the correct place in the program, which could have caused the program to crash or misbehave due to a corrupted instruction sequence resulting from incorrect breakpoint insertions. With this update, the libdwfl library code (the libdw.so shared object library) was adjusted to use a more reliable method of compensating for prelink's effect on the address layout of a binary when aligning a runtime PC address with an address computed separately from the separated debuginfo file. SystemTap probes should now work the same on prelinked binaries as they would on binaries that have not been prelinked.

BZ#612385

Prior to this update, Emacs incorrectly displayed Japanese documents using JIS X 0213:2004 (JIS2004) compliant fonts, even though other parts of the system prefer and use older fonts. This update lowers the priority of JIS X 0213:2004 to ensure the consistent use of fonts in the system.

BZ#613759

Previously, the emacs packages required the aspell and hunspell spell checkers to be installed. Since the use of a spell checker is completely optional, this update removes aspell and hunspell from the list of dependencies, so that Emacs can now be installed without these packages.

BZ#657567

Previously, the summary extractor of reStructuredText did not work properly and the documentation process failed. Due to this behavior, building packages could fail. This update resolves this problem. Packages now build successfully.

BZ#696881

When a user tried to migrate their mail folder settings after upgrading to Red Hat Enterprise Linux 6, or restore a backup from the previous version of Evolution, Evolution sometimes terminated unexpectedly. This bug has been fixed and no longer occurs during the migration process.

BZ#585931

When a user created or edited a task in Evolution, the tooltip for the print icon in the toolbar was missing. This tooltip has been added and is now correctly displayed when hovering over the print icon.

BZ#628964

When printing the "Day" view of a calendar in Evolution to a Postscript file, the selected day and month name overlapped the line below. The issue has been resolved; overlaps no longer take place.

BZ#632968

When a user selected the "Submit bug report" option in the "Help" menu, a spurious "Bug Buddy is not installed" error message appeared. Because Bug Buddy is not a component of Red Hat Enterprise Linux 6, the menu option to submit a bug was removed.

BZ#633600

When creating a mail account in the Evolution Account Assistant using the POP protocol, the keyboard shortcut for "Delete after 7 days" (Alt+D) did not work. With this update, the GUI widget accepts the keyboard shortcut for the "Delete after 7 days" functionality and entering the shortcut now works as expected.

BZ#633629

The "Create a Memo" item from the "Message" menu was active when it was not supposed to be. As a consequence, Evolution terminated unexpectedly when the user selected this item. With this update, the "Create a Memo" item is deactivated when it is supposed to be, with the result that the user can no longer crash Evolution by selecting it.

BZ#666875

When viewing an email message larger than the maximum value defined in the settings Edit -> Preferences -> Mail Preferences -> "Do not format messages when text size exceeds [n KB]" caused Evolution to terminate unexpectedly. This bug has been fixed and viewing a message larger than the set value no longer causes Evolution to crash.

BZ#667083

When a user created a calendar meeting in Evolution with at least 16 attendees and right-clicked "Reply to all", the application terminated unexpectedly sometimes. The problem was with the reallocation of memory in glib2 and it has been fixed. Replying to all attendees of a calendar meeting now works as expected.

BZ#633189

When a user clicked into the input field under the Summary header in Task or Memo section in Evolution, and switched its input method to any language managed by ibus (such as Chinese), foreign characters could not be entered. The fix involves calling some functions in the correct order so the events for the input method are registered properly.

BZ#628882, BZ#630316, BZ#632998, BZ#638643

When using one of four Asian locales (ml_IN, hi_IN, ta_IN, zh_TW), the following problems occurred in Evolution Assistant: differing translations for the label and button "Forward" and "Finish", a missing and erroneous translation for the "Forward" label, and the ZWJ/ZWNJ characters visible by mistake. With this update, corrected translations has been provided.

BZ#633181

In the "Evolution Appointment" dialog, when using the Chinese Simplified locale (zh_CN), there was an erroneous translation on the "for" button. The translation has been modified and Evolution now displays a proper button text translation.

BZ#66642

When accessing an address book on an Exchange 2007 server, a flaw in the MAPI extension caused the evolution-data-server process to occasionally crash. This was because evolution-mapi mistook EDataBookView as a GObject, instead of a bonobo_object, and as a result was reffing/unreffing it with g_object_ref/g_object_unref. This patch uses the proper functions for ref/unref, resolving the issue.

BZ#598451

Prior to this update, the fakechroot packages were marked as multilib, which allowed users to install these packages for multiple architectures at the same time. However, this feature is not fully supported by fakechroot. Since the 32-bit version of is not actually needed, this update adds the "ExclusiveArch: x86-64" tag to the RPM spec file, so that the fakechroot packages are now available only for the 64-bit x86 architecture.

BZ#730647

Due to multilib problems, the fakeroot command was only built on 64-bit architectures as a workaround, one which prevented the RPM package from being built on other architectures. This update resolves the multilib problems so that fakeroot now builds successfully on all architectures.

BZ#645917

Previously, in a particular setup with multipath and FCoE services, the system sometimes became unresponsive during shutdown or reboot, and a hard reboot was required to get the system back up. Now, an additional FCoE root filesystem check has been added to the init script and the system no longer hangs during reboot or shutdown in this scenario.

BZ#658076

Sometimes, FCoE devices are not discovered immediately by the system. As a consequence, some FCoE partitions were previously not automounted after a boot. With this update, the FCoE init script waits for a certain amount of time (65 seconds by default), which is enough for most FCoE partitions to be discovered and mounted during the boot.

BZ#678487

Running the fcoeadm tool without the FCoE stack loaded caused the fcoeadm tool to terminate with a backtrace when it tried to free an unallocated pointer. With this update, only successfully allocated pointers are freed and the fcoeadm tool returns a proper error message otherwise.

BZ#689631

After VLAN discovery was tried unsuccessfully 10 times, the default FCoE driver for an interface was used instead of the preferred one. With this update, VLAN discovery is retried indefinitely and FCoE interfaces are now created only upon VLAN discovery, with proper drivers.

BZ#623567

For several fcoe-utils executables, there were minor inconsistencies in the documentation between their command help output and their man pages. With this update, the documentation has been updated and the man pages and help output are now consistent.

BZ#645796

The vconfig package had been marked for removal from the distribution, but the fcoe-utils package required it at runtime. With this update, this dependency has been removed in favor of the iproute package.

BZ#680578

When an FCoE VLAN interface was restarted, the FCoE interface was not re-enabled after the VLAN interface was brought up again. This bug has been fixed and the FCoE interface is now automatically enabled after the VLAN interface is brought up.

BZ#669211

With this update, the fcoe-utils package introduces a new SUPPORTED_DRIVERS configuration option to list all the low-level drivers that can potentially claim a network device. The package also uses the new sysfs module path introduced by the Red Hat Enterprise Linux 6.1 kernel update.

BZ#669839

This update provides the subpackage febootstrap-supermin-helper for the runtime helper program. Now, libguestfs runtime depends only on febootstrap-supermin-helper, which reduces the dependencies.

BZ#618703, BZ#623266

Metadata generation has been corrected in order to provide information for all known parameters for each fencing agent.

BZ#619096

Port is now a synonym of module_name for fence_drac5, making it consistent with other fencing agents.

BZ#648892

Information on how to use fence_ipmi with HP iLO version 3 has been added to the manual page.

BZ#635824

The fence_egenera manual page has been improved.

BZ#640343

fence_scsi now works when devices report "Unit Attention".

BZ#644385

fence_scsi now verifies action results.

BZ#644389

fence_scsi now correctly identifies device mapper multipath devices.

BZ#670910

fence_scsi pattern matching has been improved.

BZ#672597

fence_scsi now logs errors whenever a command fails.

BZ#580492, BZ#678904

Support for Cisco UCS blade systems is now provided.

BZ#614046

It is now possible for one node to delay fencing in a two-node cluster.

BZ#655764

Fence_ipmilan can now use the "diag" option.

BZ#595383

The package has been updated to provide a fencing agent that is able to communicate with Red Hat Enterprise Virtualization Manager, allowing virtual machines to be fenced.

BZ#642671

For Intelligent Platform Management Interface (IPMI) devices, the "power_wait" delay can now be adjusted in order to support newer iLO 3 firmware.

BZ#642235, BZ#680170

Brocade 200E, Brocade 300, Brocade 4100, Brocade 4900, and Brocade 5100 fencing devices are now supported by the fence_brocade agent, and can be used with both Red Hat High Availability and Red Hat Resilient Storage.

BZ#653504

An issue with fence_scsi where the key was erroneously reported as 0 has been addressed.

BZ#678522

fence_wti now correctly handles large (>20) port switches.

BZ#681669, BZ#681674

fence_rhevm has been updated to the current RHEVM development API.

BZ#682715

fence_cisco_ucs was missing from the fence-agents package, but is now included.

BZ#667170

The manual pages now correctly refer to "fence_virt.conf" instead of "fence_virtd.conf."

BZ#690582

Fence-virtd now operates with newer versions of QMF.

BZ#594083

Prior to this update, the file utility could be unable to recognize Python scripts correctly. This update improves the file type recognition, and Python scripts are now identified as expected.

BZ#608686

In accordance with POSIX standards, when the file utility is used on a file that does not exist, cannot be read, or is of an unknown type, it returns 0 exit code. This update extends the manual page to document this behavior.

BZ#610795

The file utility has been updated to recognize the WebM media container.

BZ#637782

The file utility has been updated to recognize the ZIP64 file format.

BZ#643046

The file utility has been updated to recognize volume_key escrow packets.

BZ#670125

Due to an error in a magic pattern, the file utility incorrectly identified GFS file systems as GFS2. With this update, the magic pattern has been corrected, and GFS file systems are now identified as expected.

BZ#669077

The fipscheck library can be linked to binaries (such as cryptsetup) which have to operate when /usr is not mounted. With this update, the fipscheck library relocates from /usr to /lib or /lib64 (depending on the underlying architecture) to allow linking to such binaries.

Security Fixes

CVE-2011-2377

A flaw was found in the way Firefox handled malformed JPEG images. A website containing a malicious JPEG image could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.

CVE-2011-0083, CVE-2011-0085, CVE-2011-2363

Multiple dangling pointer flaws were found in Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.

CVE-2011-2364, CVE-2011-2365, CVE-2011-2374, CVE-2011-2375, CVE-2011-2376

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.

CVE-2011-2371

An integer overflow flaw was found in the way Firefox handled JavaScript Array objects. A website containing malicious JavaScript could cause Firefox to execute that JavaScript with the privileges of the user running Firefox.

CVE-2011-2373

A use-after-free flaw was found in the way Firefox handled malformed JavaScript. A website containing malicious JavaScript could cause Firefox to execute that JavaScript with the privileges of the user running Firefox.

CVE-2011-2362

It was found that Firefox could treat two separate cookies as interchangeable if both were for the same domain name but one of those domain names had a trailing "." character. This violates the same-origin policy and could possibly lead to data being leaked to the wrong domain.

BZ#698313

With previous versions of Firefox on Red Hat Enterprise Linux 5, the "background-repeat" CSS (Cascading Style Sheets) property did not work (such images were not displayed and repeated as expected).

Security Fixes

CVE-2011-2982

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.

CVE-2011-0084

A dangling pointer flaw was found in the Firefox Scalable Vector Graphics (SVG) text manipulation routine. A web page containing a malicious SVG image could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.

CVE-2011-2378

A dangling pointer flaw was found in the way Firefox handled a certain Document Object Model (DOM) element. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.

CVE-2011-2981

A flaw was found in the event management code in Firefox. A website containing malicious JavaScript could cause Firefox to execute that JavaScript with the privileges of the user running Firefox.

CVE-2011-2983

A flaw was found in the way Firefox handled malformed JavaScript. A web page containing malicious JavaScript could cause Firefox to access already freed memory, causing Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.

CVE-2011-2984

It was found that a malicious web page could execute arbitrary code with the privileges of the user running Firefox if the user dropped a tab onto the malicious web page.

Security Fixes

CVE-2011-2995

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.

CVE-2011-2372

A flaw was found in the way Firefox processed the "Enter" keypress event. A malicious web page could present a download dialog while the key is pressed, activating the default "Open" action. A remote attacker could exploit this vulnerability by causing the browser to open malicious web content.

CVE-2011-3000

A flaw was found in the way Firefox handled Location headers in redirect responses. Two copies of this header with different values could be a symptom of a CRLF injection attack against a vulnerable server. Firefox now treats two copies of the Location, Content-Length, or Content-Disposition header as an error condition.

CVE-2011-2999

A flaw was found in the way Firefox handled frame objects with certain names. An attacker could use this flaw to cause a plug-in to grant its content access to another site or the local file system, violating the same-origin policy.

CVE-2011-2998

An integer underflow flaw was found in the way Firefox handled large JavaScript regular expressions. A web page containing malicious JavaScript could cause Firefox to access already freed memory, causing Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.

Security Fixes

CVE-2011-3647

A flaw was found in the way Firefox handled certain add-ons. A web page containing malicious content could cause an add-on to grant itself full browser privileges, which could lead to arbitrary code execution with the privileges of the user running Firefox.

CVE-2011-3648

A cross-site scripting (XSS) flaw was found in the way Firefox handled certain multibyte character sets. A web page containing malicious content could cause Firefox to run JavaScript code with the permissions of a different website.

CVE-2011-3650

A flaw was found in the way Firefox handled large JavaScript scripts. A web page containing malicious JavaScript could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.

BZ#584677

These updated packages introduce a new manual page with an outline of the basic concepts and format of the main configuration file (that is, /etc/firstaidkit/firstaidkit.conf by default). Note that this manual page does not replace a detailed description of available configuration options in the configuration file itself.

BZ#658869

Previously, no screen was provided to change the root password in firstboot. Due to this lack, users had to change the settings of system-config-users to the root password within the Advanced window of firstboot's create user screen. This update adds a module to change the root password. Now, users can view a set the root password in firstboot, if run with the option "the --reconfig".

BZ#659451

Previously, users could not skip the user creation screen. Due to this lack, users had to create a user account with an UID number above or equal to 500 to continue to the next step of the first boot process. With this update, the check for valid user accounts in the system checks whether a user account with a valid login shell is present and not only user accounts with an UID number above or equal to 500. If there's no such user account present firstboot shows a warning, but allows the user to go to the next step. Now, users can skip the user creation part of firstboot.

BZ#463564

Previously, the firstboot utility did not run automatically after installation on IBM's System/390 architecture. Due to this issue, users had to run firstboot manually. This update adds automatic execution. Now, the firstboot utility runs automatically when the root user logs in to the system for the first time with a capable terminal.

Security Fix

CVE-2011-2964

An input sanitization flaw was found in the foomatic-rip print filter. An attacker could submit a print job with the username, title, or job options set to appear as a command line option that caused the filter to use a specified PostScript printer description (PPD) file, rather than the administrator-set one. This could lead to arbitrary code execution with the privileges of the "lp" user.

BZ#689045

Previously, the FreeRADIUS server failed to start when the rlm_perl or rlm_python modules were used due to unresolved symbols encountered by the dynamic loader. This update uses the dynamic loader option which must be explicitly turned on via lt_dladvise to allow loaded modules to globally export their symbols. Now, rlm_perl and rlm_python FreeRADIUS modules are successfully loaded and the FreeRADIUS server successfully starts in this configuration.

BZ#599528

This update makes the radtest script available for testing with IPv6.

Security Fix

CVE-2011-0226

A flaw was found in the way the FreeType font rendering engine processed certain PostScript Type 1 fonts. If a user loaded a specially-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application.

Security Fix

CVE-2011-3256

Multiple input validation flaws were found in the way FreeType processed bitmap font files. If a specially-crafted font file was loaded by an application linked against FreeType, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.

Security Fix

CVE-2011-3439

Multiple input validation flaws were found in the way FreeType processed CID-keyed fonts. If a specially-crafted font file was loaded by an application linked against FreeType, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.

Note: These issues only affected the FreeType 2 font engine.

Security Fix

CVE-2010-3879, CVE-2011-0541, CVE-2011-0542, CVE-2011-0543

Multiple flaws were found in the way fusermount handled the mounting and unmounting of directories when symbolic links were present. A local user in the fuse group could use these flaws to unmount file systems, which they would otherwise not be able to unmount and that were not mounted using FUSE, via a symbolic link attack.

Note: The util-linux-ng RHBA-2011:0699 update must also be installed to fully correct the above flaws.

BZ#630166

These updated packages provide support for the "-mcmodel=medium" and "-mcmodel=large" options on the 64-bit PowerPC architecture. These new options provide the ability to extend the TOC addressing space up to 2GB.

BZ#632366

gcc now has the ability to emit pre-fetch instructions for "memcmp", "memcpy" and "memset" in-line expansions when optimizing for IBM System z10 CPUs.

BZ#624889

Previously, leaf functions that accessed TLS variables in the global or local dynamic model were not generating a large enough stack frame on PowerPC 64-bit. In this updated package, the generated stack frame is now larger than 112 bytes, resolving this issue.

BZ#675132

Previously a regression in the gfortran compiler was causing the "-M" option to not be recognized. In these updated packages the "-M" option is now recognized and functions as expected.

BZ#592502

Previously, the optimizations performed when calculating induction variables during the induction variable optimization (ivopts) pass were not as efficient as previous releases. In these updated packages, the optimizations performed during the induction variable optimization (ivopts) pass is improved.

BZ#618258

Previously, if a Java application built with gcj attempted to submit a print job to a print queue that was disabled, the process would enter a busy loop. This update fixes this issue by first checking if the print queue is null before attempting to send it a print job.

BZ#659582

Previously, using "always_inline" on a function when compiling with "-g" without any "-O" options would cause the compiler to insert debugging annotations in unexpected locations. Consequently, the unexpected annotations caused the compiler to crash with an internal error. In these updated packages, the compiler is modified to properly handle attributes which change optimization levels, such as always_inline, properly.

BZ#632370

This update provides code optimizations for the IBM System z architecture.

BZ#635015

The mask operand for the AVX mask load/store is fixed.

BZ#611435

GDB crashed when reading a kernel core dump file because the value of temporary current inferior process was set to minus_one_ptid (all processes). The value is now set to null_ptid (no processes) and GDB displays the vmcore file.

BZ#625239

When the gcore utility created a core file for an executable compiled with the "-Wl,-z,relro" parameter, GDB was unable to open it. This occurred because the file did not contain the list of shared libraries. Such core files now contain the shared library list and can be opened.

BZ#629236

GDB Python's pretty-printing feature provides an easily-readable view on complex C++ STL data structures. GDB crashed when displaying such structures. This occurred when the pretty printer threw a Python exception and GDB crashed due to a NULL pointer dereference. GDB now displays the easily-readable view of any C++ STL data structure correctly.

BZ#632259

GDB aborted unexpectedly if you set breakpoints on GNU-IFUNC functions and started the debugged program because the breakpoints could not resolve the target functions of the GNU-IFUNC functions at program startup. Breakpoints on GNU-IFUNC functions are now resolved when the program calls the target function.

BZ#636298

With GDB, you can modify VSX registers on PowerPC platforms. Changing some VSX registers corrupted other VSX registers. GDB now sets VSX registers independently.

BZ#639645

GDB aborted unexpectedly when an inferior shared library list changed during an inferior function call. This occurred because GDB reset all breakpoints including the temporary breakpoint, which was created by the call, and attempted to delete the breakpoint again after the call finished. The temporary breakpoint now remains valid during the entire inferior function call.

BZ#639647

GDB could have hung when debugging multithreaded programs with the setuid() function because the siginfo_t information associated with a signal number got lost. GDB now no longer resubmits or reorders signals and the siginfo_t value is preserved.

BZ#661773

GDB terminated unexpectedly after user run the "info program" command because a change of the shared library list corrupted the data in the internal GDB structure "bpstat". The structure now contains correct data even after a change in the shared library list and "info program" works as expected.

BZ#663449

Test suite file break-interp.exp reported for PowerPC platforms several FAIL results. A number of fixes have been applied to address these issues and the test suite for PowerPC now runs successfully.

BZ#682891

GDB crashed when attempting to access dynamic types, such as variable length arrays, using the GDB/MI interface. GDB now no longer crashes under these circumstances.

BZ#688788

On the i686 architecture, the awatch and rwatch commands printed an error when entered before the program-to-be-debugged started. GDB now by default debugs on the native architecture and the commands can be used before the program-to-be-debugged starts.

BZ#562758

Debugged programs may use C++ templates. C++ templates provide template symbols for instantiation of classes and functions. GDB debugged the template instances but the template symbols were not accessible. GDB now displays the template symbols while debugging the template instances.

BZ#609782

Fortran supports array slicing. GDB could not slice multidimensional arrays. GDB now supports slicing of such arrays.

BZ#673696

GDB did not display pthread_t for threads found in the core. GDB now displays pthread_t for the threads.

BZ#621118

Previously, including a large JBIG2 compressed image in the PDF input file could cause the pdf2ps conversion utility to terminate unexpectedly with a segmentation fault. This was caused by the fact that the result of the "jbig2_image_new" function call was not always checked properly. This error has been fixed, and the inclusion of JBIG2 images no longer causes pdf2ps to crash.

BZ#629562

Due to incorrect object management, Ghostscript could attempt to read from uninitialized memory, which could lead to a segmentation fault. This update applies a backported patch that addresses this issue, and Ghostscript no longer crashes.

BZ#629941

The Fontmap.local file installed with the ghostscript package allows a system administrator to override font substitutions. However, previous versions of the Ghostscript suite did not use this file at all. This error has been fixed, and the file is now used as expected.

BZ#675692

Previously, using the ps2pdf utility to convert a PostScript file to the PDF format caused the resulting document to be created without working hyperlinks. This update applies an upstream patch that resolves this issue, and ps2pdf now crates PDF files with correct hyperlinks.

BZ#710651

Previously, the default paper size was selected in portrait orientation when printing documents in landscape orientation. Consequently, the output was printed in portrait orientation and the content was cropped on the right side. With this update, if the paper size matches in landscape mode, that paper size is selected and the landscape orientation is selected for printing.

Security Fixes

CVE-2010-4543

A heap-based buffer overflow flaw was found in the GIMP's Paint Shop Pro (PSP) image file plug-in. An attacker could create a specially-crafted PSP image file that, when opened, could cause the PSP plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP.

CVE-2010-4540, CVE-2010-4541, CVE-2010-4542

A stack-based buffer overflow flaw was found in the GIMP's Lightning, Sphere Designer, and Gfig image filters. An attacker could create a specially-crafted Lightning, Sphere Designer, or Gfig filter configuration file that, when opened, could cause the relevant plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP.

BZ#648498

Previously, snapshots from the Network File System (NFS) mounted home directories located on Network Appliance (NetApp) filers were treated as real mounts and were displayed on the desktop. Due to this behavior, users could not hide or unmount these items. By default, the GNOME desktop treated all mounts under user home directories as custom and put their icons on the desktop. This update follows common practice and hides mounts with path elements that start with a dot.

BZ#646954

Due to an error in glibc libraries, a race condition could occur when traversing a list of currently loaded shared libraries, causing an application to terminate with an error. This error has been fixed, the race condition no longer occurs, and the list of shared libraries can now be traversed as expected.

BZ#642584

On 64-bit x86 systems with support for AVX vector registers, an insufficient alignment of the thread descriptor could cause an application to crash during symbol resolution. With this update, the "TCB_ALIGNMENT" value has been increased to 32 bytes, and applications no longer crash.

BZ#641128

Previously, the generic implementation of the strstr() and memmem() functions did not handle certain periodic patterns correctly and could find a false positive match. This error has been fixed, and both functions now work as expected.

BZ#656530

The long double square root function, sqrtl, sometimes returned an incorrect result if the relative magnitude difference between the high and low halves of the long double exceeded a certain number. This occurred because one of the variables used in the calculation was an unsigned integer. The integer is now signed and the function works correctly.

BZ#623187

The futex(FUTEX_WAKE_OP) method did not default to futex(FUTEX_WAKE) when FUTEX_WAKE_OP was not supported by the kernel. This resulted in the method always failing on these systems. The code change in glibc pthread_cond_signal() that caused this issue has now been corrected.

BZ#661982

The memmove, wmemmove and wmemset operations contained incorrect "__restrict" qualifiers, even though their arguments could overlap. This issue has now been corrected.

BZ#656014

The name service cache daemon (nscd) cached the results of lookups for DNS records even when the DNS records had a time-to-live of 0. nscd now respects DNS time-to-live values, and does not cache the results in this situation.

BZ#653905

Attempting to build the glibc RPM failed when %_enable_debug_packages was either not set, or set to 0. This has been corrected so that debug packages need not be set or enabled in order to build the glibc RPM.

BZ#652661

An uninitialized variable prevented glibc from compiling with the G++ compiler when "sys/timex.h" was included. This has been corrected.

BZ#647448

strchr did not handle its second parameter correctly when %rdi was aligned to a 16-byte boundary and glibc was enabled for multiple architectures on AMD64 or Intel 64 systems with CPUs that supported Supplemental Streaming SIMD Extension (SSE) 4.2. The method would therefore output incorrect results. This has been corrected, and strchr now gives the expected output.

BZ#615701

glibc did not load nosegneg libraries in a 32-bit Xen domain U environment when hwcap 1 nosegneg was set in /etc/ld.so.conf.d/nosegneg.conf, causing the incorrect library to be used. This has been corrected so that the nosegneg libraries are loaded.

BZ#692177

Previously, the sysconf(_SC_*CACHE) method returned 0 for all caches on systems with Intel Xeon processors. This occurred because glibc used cpuid leaf 2 rather than cpuid leaf 4. This update uses cpuid leaf 4 where possible, resolving this issue.

BZ#689471

The strncmp method failed with a segmentation fault when used with Supplemental Streaming SIMD Extension 4 (SSE4). Several checks have been implemented to prevent this.

BZ#601686

Several aspects of glibc code have been optimized for Supplemental Streaming SIMD Extension (SSE), including memcpy(), strcasecmp(), strnlen(), strcasestr() and strncasestr().

BZ#615090

Details about the MALLOC_PERTURB_ (M_PERTURB) operation, which can be used to debug the use of uninitialized or freed heap memory, have been added to the documentation.

BZ#676076

Support for forthcoming AMD processors has been added to glibc's memset operation.

BZ#712125

Under certain circumstances, a threaded process could have been granted incomplete group membership of the user which was running the process. This was caused by glibc using its default method for group membership determination, which led to a situation in which multiple threads interfered with each other while attempting to retrieve information simultaneously. Due to the nature of the group membership determination method used, each thread ended up with a different subset of the entire result set. With this update, the group membership determination method has been modified to precede this interference.

BZ#712407

When a process corrupted its heap, the malloc() function could have entered a deadlock situation while building up an error message string. This caused the process unresponsive. With this update, the code has been modified to use the mmap() function to allocate memory for the error message. This workaround ensures that the malloc() deadlock no longer occurs when allocating memory for an error message when the corrupted process heap is detected, and such a process is now normally aborted.

BZ#712411

Prior to this update, the Name Service Caching Daemon (nscd) did not clear the host cache effectively when repopulating its values. The code has been modified to schedule nscd cache pruning more accurately.

BZ#715387

Previously, nscd did not take into consideration time-to-live (TTL) parameters for the DNS records it was caching. With this update, the code has been modified so that nscd now respects TTL parameters when it answers requests for DNS records.

BZ#607665

Previously, when a user connected two monitors to a computer and set the GNOME Panel to show hide buttons, the panel did not hide but moved to the adjacent monitor instead. This bug has been fixed, moving the panel to the adjacent monitor no longer takes place.

BZ#633853

Previously, there was the untranslated text label "Top Panel" in the GNOME Panel's "Add to Panel" dialog. The problem applied to all non-English locales. The problem has been resolved so that the untranslated text label does not appear anymore in the "Add to Panel" dialog.

BZ#633870

Previously, there was a conflicting accelerator key in the GNOME Panel's Date/Time context menu under the kn_IN locale. The fix for this bug has been provided so that there is no more a conflicting accelerator key in the Date/Time context menu.

Enhancements

BZ#509061, BZ#673231

When windows were grouped by the GNOME Panel in the taskbar, they were grouped in an alphabetical order. Such behavior presented a problem when window title changed. This release introduces an option to disable grouping window alphabetically. The fix to enable the option has been applied both in the gnome-panel and the libwnck package.

BZ#585312

Previously, when an external monitor was connected to a computer, a user was able to move a panel between monitors by pressing the Alt key and dragging a blank area of the panel. This update introduces an enhancement in that the user can now change the settings with regard to moving the panel between monitors in the GNOME Panel "Properties" dialog.

Bug Fixes

BZ#581525

Previously, the Help page for GNOME Power Manager was not displayed when users pressed F1 or selected Help from the menu bar. This has been corrected and the Help page now appears as expected.

BZ#623674

The "do nothing" option, which allowed users to work on external monitors even when their laptop lid was closed, was removed. This prevented users from using external monitors while their laptop was closed. The "do nothing" option has been reinstated to allow this.

BZ#624422

A bug in the docbook2man tool caused the GNOME Power Manager man page (man gnome-power-manager) to appear incorrectly. The man page has been manually corrected while this bug is in effect.

BZ#640296

When an attempt to hibernate failed, an alert was displayed prompting users to check a help file. However, there was no link to the help file, which caused confusion. The alert no longer refers to the help file.

BZ#669113

Changes made to check boxes in the search dialog were not reflected in the terminal engine (vte). This led to confusion and wrong functionality. Problem has been fixed and users should get expected behaviour.

BZ#661840

Devices that did not allow interrupts or required polling were not supported by gPXE UNDI code. This meant that booting did not work when using gPXE images on bare metal with some NICs, such as Emulex 10g. This patch allows the gPXE UNDI code to use polling for underlying devices that do not support interrupts. As a result it is now possible to use gPXE images to boot bare metal hosts using UNDI where it was not possible in some cases.

BZ#672529

Virtual Machines (VM) with virtIO NIC could not access the PXE server, reaching a time out. This was because even though the VM could get an IP address from the DHCP server, it could not reach its own default gateway. The ARP requests that the VM sends were too large and thus not valid, so the default gateway did not answer those ARP requests. A patch has been added that sets the size of the transmitted Ethernet frame to header + data length, allowing the VM to boot via PXE.

BZ#553741

Prior to this update, GRUB only supported the MD5 password encryption. This update introduces support for the SHA-2 cryptographic algorithms, allowing users to encrypt passwords using SHA-256 and SHA-512 hash functions as well.

BZ#654869

GRUB has been updated to allow booting from disk drives with 4KB sector size on UEFI systems.

Bug Fix

BZ#742976

An attempt to install GRUB on a CCISS device may have caused the grub-install utility to report the following error:

        expr: non-numeric argument

When this happened, grub-install failed to install GRUB on this device, but incorrectly reported success and returned a zero exit status. This update applies a patch that ensures that GRUB can now be successfully installed on such devices.

BZ#647922

In the "Open Files" dialog box, the file selected by default failed to be opened upon hitting Enter if the "Location" field was displayed. Users had to select the file manually to actually open it. This update provides a fix to address this issue and the file selected by default now opens correctly.

BZ#647923

The "Open Files" dialog box failed to show contents of the directory selected by default upon hitting Enter if the "Location" field was displayed. Users had to select the directory manually to actually show its contents. This update provides a fix for this issue and the directory selected by default now shows its contents correctly.

BZ#625440

There was a typo in the Marathi (mr_IN) and Telugu (te_IN) translations. Erroneous "calender:MY" string was part of those translations. This update provides corrected translations.

BZ#636476

There was an inconsistency in the Guarati (gu_IN) translation. In ibus's Language Selection Tab, titles for "Up" and "Down" buttons and help labels at the bottom of the dialog box did not match. This update provides an updated translation.

BZ#616145

A flaw in the GVFS client code prevented D-Bus communications from being parsed correctly. Due to this problem, Nautilus became unresponsive when the user attempted to view Trash if a folder with an attached emblem was moved to Trash. This update corrects an error in the enumeration code which resolves this problem. Now, Nautilus no longer becomes unresponsive in such cases.

BZ#616838

Previously, an unused file descriptor was not closed after a fork. Due to this behavior, SELinux prevented /usr/bin/ssh access to the leaked /dev/ptmx file descriptor. This update closes the leaked file descriptor. Now, SELinux alerts no longer appear.

BZ#636540

Previously, the gnome-disk-utility packages did not reflect current version requirements. Due to this lack, potential problems could arise with custom compiled packages. This update requires the correct version of gnome-disk-utility packages.

BZ#645630

Previously, the gvfsd-archive command was unexpectedly aborted when the user attempted to mount an archive file a second time. This update changes the way the gvfsd-archive backend is finalized. Now, gvfsd-archive no longer aborts when the same archive files are mounted for the second time.

BZ#667367

Running the "gvfs-mkdir --help" command caused "--delete-files" to appear instead of "--create-directories". This update fixes the gvfs-mkdir command's help output so that the correct options are displayed.

BZ#624795

Previously, snapshots from the Network File System (NFS) mounted home directories located on Network Appliance (NetApp) filers were treated as real mounts and were displayed on the desktop. This behavior could cause confusion. This update checks and hides mounts with a path element starting with a dot. With this update, these mounts are hidden. Now, snapshot directories are no longer shown in the GUI. To apply this enhancement, the updated glib2 packages must be installed as well.

Bug Fixes

BZ#576048

Previously, the init script for hald did not parse a config file in /etc/sysconfig. This meant that the only way to pass extra parameters to the hald was to start them manually without the init script, or to modify the line that launches hald in the init script itself. This update changes the startup script to parse a config file in /etc/sysconfig for extra configuration parameters.

BZ#676618

When checking hal-device on a device that did not exist, an error in dbus/hal communication was displayed. In this update, hal no longer tries to close shared DBus connections, and therefore avoids printing a warning.

BZ#657017

Due to a problem with the Perl hivex bindings in the spec file, rebuilding of source packages could have failed if compiled from the source RPM. With this update, the issue no longer occurs.

BZ#642631

The hivex package was updated to the upstream version 1.2.3. This enhancement provides several stability improvements.

BZ#608003

Previously, certain Python scripts used the interpreter line "#!/usr/bin/env python". Due to this issue, these scripts used an incorrect version during the execution. With this update, the interpreter line is changed and uses the path /usr/bin/python.

BZ#613707

Previously, the license text was missing. This update adds the license text to the hplip-common sub-package.

BZ#616569

Previously, the hp-toolbox utility failed to add new printers due to incorrect handling of CUPS authentication in the cupsext Python extension. This update corrects the handling. Now, new printers can be added successfully.

BZ#633899

Previously, the CUPS Web Interface button, displayed in hp-toolbox when no connected devices were shown, led to an incorrect URL. This update corrects this URL so that there is no error message shown.

BZ#652255

This update upgrades HPLIP to the current version to allow support for a wider range of HP printers.

Security Fix

CVE-2011-3192

A flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause httpd to use an excessive amount of memory and CPU time via HTTP requests with a specially-crafted Range header.

Security Fixes

CVE-2011-3368

It was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule directive with the proxy flag, a remote attacker could make the proxy connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to the attacker.

CVE-2011-3348

It was discovered that mod_proxy_ajp incorrectly returned an "Internal Server Error" response when processing certain malformed HTTP requests, which caused the back-end server to be marked as failed in configurations where mod_proxy was used in load balancer mode. A remote attacker could cause mod_proxy to not send requests to back-end AJP (Apache JServ Protocol) servers for the retry timeout period or until all back-end servers were marked as failed.

BZ#736592

The fix for CVE-2011-3192 provided by the RHSA-2011:1245 update introduced regressions in the way httpd handled certain Range HTTP header values. This update corrects those regressions.

BZ#631849

Due to a bug in the filter initialization process, filters configured using the mod_filter module were not handled correctly if a "sub-request" took place. For example, using the "FilterChain" directive to configure the "DEFLATE" compression filter with a Server-Side-Include page could result in pages which were only partially compressed. With this update, filters used with mod_filter operate correctly.

BZ#657480

If arguments passed to the ab benchmarking program triggered a memory allocation failure, ab could terminate unexpectedly with a segmentation fault. With this update, the memory allocation failure is now trapped earlier, and the program exits gracefully with an error message. (BZ#645846) * When executing the "service httpd stop" command, a 10-seconds timeout is used before terminating the httpd parent process in case of error. If this timeout was insufficient, resources did not allow the parent process to terminate cleanly and could be leaked. This update introduces the "STOP_TIMEOUT" environment variable, which can be used in the /etc/sysconfig/httpd configuration file to change the timeout. This can be used to allow a longer delay and fix resource leaks if the httpd parent is slow to terminate.

BZ#676635

When configuring the httpd service, using a mod_ldap directive in the "VirtualHost" container caused the HTTP server to stop caching requests to a directory server. This update applies a patch that corrects this error, and the use of mod_ldap directives in the "VirtualHost" context no longer prevents the httpd service from caching LDAP requests.

BZ#676831

Prior to this update, an attempt to use configuration with multiple virtual hosts sharing the same ID and private key file could prevent the httpd service from starting with an error message written to the error_log file. With this update, the underlying source code has been modified to address this issue, and the httpd service now starts as expected.

BZ#679476

When using the prefork Multi-Processing Module (MPM), children processes with persistent connections (that is, with the "KeepAlive" directive set to "On") kept processing new requests even when a graceful restart had been issued. This update applies a patch that corrects this error, and children processes with the persistent connections no longer process new requests when a graceful restart is requested.

BZ#684144

Previously, an attempt to start the httpd service with the mod_ssl module in FIPS mode failed. With this update, an upstream patch has been applied to implement support for the FIPS mode in the mod_ssl module, and httpd no longer fails to start.

BZ#662673

The pci.ids database has been updated to include the information about the MegaRAID SAS Thunderbolt device.

BZ#633837

The pci.ids database has been updated to include the information about the Matrox IMMv2 management controller and integrated MatroxG200eR video controller.

BZ#651915

ibus-x11 displayed at the incorrect window position and did not follow xterm for X11 applications in big endian 64-bit machines such as ppc64 and s390x. This was caused by the call_data->ic_attr[i].value being able to support only CARD32 data (32-bit) while the problematic machines were 64-bit machines. The code was changed to support 64-bit machines, thus ibus now works as expected.

BZ#633330

ibus displayed incorrect text for the "up" and "down" buttons for the Kannada translation. The translated text was corrected, thus now the buttons display the correct translated text.

BZ#635541

ibus displayed inconsistent translations on "up" and "down" buttons compared to text at the bottom of the window referring to "up" and "down" buttons for the Gujarati translation. Translation was amended for consistency and the button text and descriptive text at the bottom of the window are now the same.

BZ#627794

Previously, the IBus-chewing did not specify the rank parameter for the zh-TW locale in the input engine description file. This caused the IBus tool not to provide any default input method engine for the locale. This update adds the input method engines to the chewing.xml file and ibus-chewing is selected as the default input method for zh_TW users.

BZ#610075

Previously, preedit was not restored when the candidate window was restored while focusing in. Due to this behavior, the candidate window remained open after focus changes. This update resolves this issue with a change in the code. Now, the candidate window is hidden as expected.

BZ#641243

When a new user and language were selected during login, ibus-m17n did not load all input methods provided for that language; only one input method was loaded and marked for use as the default input method. The user had to manually search for and add any other input methods that they wanted to use. All input methods for a given language are now loaded upon login, and can be accessed from the ibus-m17n Preferences tab.

BZ#652201

ibus-m17n did not recognize the AltGr (ISO Level 3 Shift) key as a virtual modifier key, making it impossible to input the Rupee Symbol (U+20B9) with an Indic Keyboard. The AltGr key is now recognized by ibus-m17n.

BZ#695204

Previous releases of the ibutils package were not built for the PowerPC 64-bit architecture. This has been fixed and the ibutils package is now built for the PowerPC 64-bit architecture as well.

Security Fixes

CVE-2011-2514

A flaw was discovered in the JNLP (Java Network Launching Protocol) implementation in IcedTea-Web. An unsigned Java Web Start application could use this flaw to manipulate the content of a Security Warning dialog box, to trick a user into granting the application unintended access permissions to local files.

CVE-2011-2513

An information disclosure flaw was discovered in the JNLP implementation in IcedTea-Web. An unsigned Java Web Start application or Java applet could use this flaw to determine the path to the cache directory used to store downloaded Java class and archive files, and therefore determine the user's login name.

Security Fix

CVE-2011-3377

A flaw was found in the same-origin policy implementation in the IcedTea-Web browser plug-in. A malicious Java applet could use this flaw to open network connections to hosts other than the originating host, violating the same-origin policy.

BZ#634146

The im-chooser window was not re-sizable. This caused the title bar text to run into the right-hand close box in some locales. With this update, the im-chooser window is now re-sizable, ensuring the title bar text displays properly no matter the current locale.

BZ#616061

It was not possible to turn off the GTK XIM input-method module from imsettings. As a consequence, users were unable to enter Unicode characters using the Ctrl+Shift+U shortcut. With this update, the default GTK input-method is restored to gtk-im-context-simple, which allows Unicode input with the shortcut. Now only desktop locales that normally need X locale compose default to using the GTK XIM input-method module.

BZ#558575

Previously, initscripts used quoted strings as values following the =~ operators and the strings were thus matched as literal strings. However, they should be matched as regular expressions. With this update, the quotes were dropped and the strings are matched as regular expressions as expected.

BZ#598850

Previously, some systems failed to access the harware clock on system shutdown. This happened because the shutdown script ran the hwclock tool, which attempted to access the /dev/rtc device even if it did not exist. With this update, initscripts verifies if the /dev/rtc device exists before attempting to run the hwclock tool.

BZ#612934

The ifdown command could have failed to stop an NIC (Network Interface Controller) with a warning that the connection was unknown. This happened because, in some cases, the function, which verifies whether the NIC is managed by NetworkManager, returned an incorrect result. With this update, the function returns the correct result and the ifdown command stops the NIC correctly.

BZ#620461

Previously, if there was a bind mount for the / directory, the system could have failed to remount the root directory as a read-only file system on shutdown. This occurred because the script attempted to remount the defined bind mount instead of the root directory. With this update, the root directory is remounted successfully.

BZ#629257

Previously, a conflict between the sulogin tool and the login shell could have prevented the user from entering the root password in single-user mode. This occurred when switching from runlevel 3 because the login shell was not terminated and attempted to accept the input for the sulogin tool. With this update, the tty.conf and serial.conf files have been modified to have the login shell stopped when changing to runlevels S and the problem no longer occurs.

BZ#632584

On interactive startup, in some locals, the shortcut of the Continue key in the respective language did not work. This occurred due to an error in the local po files. With this update, the po files have been updated and the shortcuts work as expected.

BZ#633984

Previously, the network service did not support configurations with multiple IP addresses with the new syntax (IPADDRESSn/PREFIXn). This caused conflicts between network configurations set with the network service and network configurations set with the NetworkManager tool. With this update, the network service supports the configurations with multiple IP addresses with the new syntax and the conflicts no longer occur.

BZ#634996

Previously, the tty.conf file contained a comment with a typographical mistake ("sepcified"). With this update, the word is spelled correctly ("specified").

BZ#635360

Previously, the system was not able to create a logical network with the VLAN (virtual local area network) tag value 0. With this update, this tag value is allowed.

BZ#637058

Previously, the /etc/sysconfig/clock file did not document where the user can configure whether the hwclock tool should be using the local time or UTC (Coordinated Universal Time). This update adds comments documenting the setting location into the sysconfig.txt file.

BZ#645861

Previously, the /etc/ppp/ipv6-up and /etc/ppp/ip-up.ipv6to4 scripts used the incorrect alias ipv6_exec_ip and failed to bring up the routes. This update modifies the scripts so that they uses the ip command and the routes are now brought up as expected.

BZ#648966

For IPoIB (IP over InfiniBand) child interfaces, the value of the DEVICETYPE variable was calculated incorrectly. This happened because the calculation preserved the period (.) sign in the device name. This could have caused failure of the ifup-ib and ifdown-ib scripts. With this update, DEVICETYPE is resolved correctly.

BZ#654101

On shutdown, the system tried to deactivate the sit IPv6 over IPv4 tunnel device even though it was not active. With this update, the system verifies if the device is active before attempting to shut it down.

BZ#658138

Previously, the kexec-disable script was run when switching to runlevel 1. Because the kdump service is disabled in runlevel 1, the script freed the memory reserved for kdump. After the user changed from runlevel 1 to runlevel 3, which has kdump enabled, the system had set reserved memory size to 0 and kdump failed to start up. With this update, the kexec-disable job is no longer run in runlevel 1.

BZ#660036

Previously, all architectures used identical shmmax (maximum size of a shared memory segment) and shmall (maximum size of the total shared memory) values. However, the values vary depending on the system architecture. This update provides the settings of these values for various architectures.

BZ#664051

Previously, various errors occurred when some devices were inserted (for example, PCI network card). This happened because the biodevname tool assigned them interface names containing hash (#) signs, which were forbidden in such names. With this update, interface names can contain hash (#) signs and the problem no longer occurs.

BZ#667211

Previously, initscripts did not distinguish between the period (.) signs used by the sysctl device, which were delimiting the paths, and the period (.) signs used by VLANs, which were delimiting IDs. This caused that all sysctl calls to the VLAN interfaces failed. With this update, when calling a sysctl device, initscripts substitutes the periods in its name with forward slash (/) signs and the sysctl calls to a VLAN interface succeed.

BZ#669110

Previously, a slave network interface of a bonded interface failed to start if it defined the setting MASTER in double quotes (for example, as "bond0"). With this update, the respective scripts have been adapted to parse the value definition correctly even if double-quoted.

BZ#670154

The ifdown command could have failed to stop a bridge device with a warning that the connection was unknown. This happened because the function, which verified whether the device is managed by NetworkManager, returned an incorrect result. With this update, the function returns a correct result and the ifdown command stops the bridge device correctly.

BZ#674397

Section 8 of the sys-unconfig manual page contained various typographical mistakes. With this update, the man page is updated and the mistakes are corrected.

BZ#676708

Previously, a name of a VLAN interface had to start with the eth prefix followed by digits. If the user provided a name, which did not follow these requirements, the interface could not be started or stopped. With this update, the user can provide a custom name and the interface can be operated correctly.

BZ#696110

Previously, the netfs startup script attempted to run the mdadm tool always when the /etc/mdadm.conf file existed and could have failed if mdadm was not installed. With this update, the script first verifies if the mdadm tool is installed and only then runs its binary.

BZ#682879

The system could have failed to unmount the NFS (Network File System) shares on shutdown. This occurred because the system failed to unmount the NFS shares if they were in use. With this update, the unmouting of NFS shares on shutdown has been updated and the NFS shares are unmounted successfully even if in use.

BZ#633323

With this update, the IBM System z profile was updated to allow an optimized performance setting for System z.

Bug Fix

BZ#636756

The file that contains the Oriya translations for iok contained some entries with Latin text appended to the Oriya text. The Latin text caused the key size to increase, thus the keyboard became too large to fit in the display area. The Latin text has now been removed from the Oriya translation, causing the Oriya keyboard and keys size to conform to other languages.

BZ#729805

Prior to this update, GSSAPI credential delegation was disabled in the curl utility due to a security issue. As a result, applications that rely on delegation did not work properly. This update utilizes a new constructor argument in the xmlrpc-c client API to set the new CURLOPT_GSSAPI_DELEGATION curl option. This option enables the credential delegation, thus fixing this bug.

BZ#709329

When an IPA server was installed and then a replica package for a replica server was generated, the installation of the replica server failed. With this update, the installation process waits for the 389DS (389 Directory Server) tasks to complete before restarting the server, fixing this bug.

BZ#709330

Previously, the ipa service was not enabled via the chkconfig tool during the installation of a replica server. Subsequently, when the replica server was restarted, the ipa service was not started. With this update, replica servers are properly configured to start on boot.

BZ#709331

After a replica server was installed, the Managed Entries were not properly configured on replica servers. Subsequently, users had to manually add the configuration using the ldapmodify tool after the replica installation, and then restart the services with the "ipactl restart" command. This bug has been fixed and the configuration is now automatically added as expected.

BZ#709332

When a new reverse zone was created via the ipa-replica-prepare script, the wrong DNS entry was updated, which eventually caused an installation of a replica server to fail. This bug has been fixed and when the named service is restarted after a replica package has been created, the correct DNS entries are now set up for an installation of a replica server.

BZ#631649

The update adds the "delloem" command extensions for Dell OEM hardware, which provide support for Peripheral Component Interconnect Express (PCIe) solutions, LCD setting on panel, NIC setting, and power monitoring. This update also provides manual pages for the "delloem" command extensions.

BZ#663793

This update integrates the Linux Multiple Device (MD) driver with ipmitool to indicate SES (SCSI enclosure services) status and drive activities for PCIe SSD based solutions.

BZ#636943

If the "ip" command was used to create a veth device pair, and the "peer" parameter was specified but the "name" parameter was not used, a segmentation fault occurred. The "name" parameter was an unnecessary requirement for this operation. The need for this parameter has been removed and the command now works as expected.

BZ#641918

The ss man page contained a reference to a nonexistent file. This reference has been updated with the correct file location.

BZ#678986

Previously, attempting to flush a secondary device with "ip secondary" would fail. This issue has now been corrected and secondary devices are flushed as expected.

BZ#670295

Support for adding, deleting, and modifying security contexts or security labels in ipsec policies has been added to the "ip xfrm" command.

BZ#633328

The iprutils package has been updated to provide support for the 6Gb SAS RAID storage controller on 64-bit IBM POWER7.

BZ#747621

Due to an incorrectly placed call of the sysfs_close_bus() structure in the iprlib code, some of the iprutils programs could terminate unexpectedly with a segmentation fault during their initialization. This problem has been corrected, and iprutils programs no longer crash.

BZ#747621

The find_multipath_vset routine used the ARRAY_SIZE() macro to calculate the length of the SCSI device serial number. Previously, the length was calculated incorrectly, which could have led to false positives when looking for the corresponding vset. As a consequence, attempting to delete arrays failed: the target and the second array were set to be read/write protected, writing to both arrays was not possible, and the system had to be rebooted. To fix the problem, the IPR_SERIAL_NUM_LEN macro is now used instead of ARRAY_SIZE.

BZ#747621

With the maximum number of devices attached to one of the new Silicon Integrated Systems (SiS) 64-bit adapters, the configuration data could have grown over the buffer size. With this update, the buffer size has been increased, which fixes the problem and ensures enough space for any possible future growth.

BZ#590186

Previously, ip6tables did not support Portable Transparent Proxy Solution (TPROXY). Due to this lack, the IPv6 transparent proxy support was missing and IPv6 transparency was not available. This update adds this option.

BZ#644273

Previously, the command "service iptables save" did not restore the context for the save file and the save backup file. It also used /tmp for the temporary file. Due to the wrong context of the save and save backup file, there could be an error the next time the save functionality is used. This update restores the context and also saves the temporary files correctly.

BZ#642393

Previously, iptables did not support auditing. Due to this issue, information for remote address/port, target address/port, protocol, and result (success/fail) could not be recorded as an audit event. This update adds the required audit support. This enhancement depends on the presence of auditing support in the kernel.

BZ#786871

The option parser of the iptables utility did not correctly handle the "-m mark" and "-m conmark" options in the same rule. Therefore, the iptables command failed when issued with both options. This update modifies behavior of the option parser so that iptables now works as expected with the "-m mark" and "-m conmark" options specified.

BZ#630022

The ping and ping6 commands were previously not compiled as position independent executables (PIE). In this update, they are now built as PIE executables.

BZ#671579

Previously, the tracepath6 program that is included in the iputils package failed to resolve a target when using the "-n" option and a hostname as the target. The fix for this problem has been provided so that tracepath6 now works as expected.

BZ#688332

Previously, when the rdisc utility that is included in the iputils package was run on a system with an interface having two IP addresses assigned to the interface, an error was issued and rdisc failed to start. The bug has been fixed and the rdisc start failure no longer occurs.

BZ#630023

irqbalance was not previously built with PIE and RELRO enabled, as they were in Red Hat Enterprise Linux 5. In this update, irqbalance is built as a PIE executable and is using RELRO protection.

BZ#691902

When performing SendTargets discovery, the "iface" NIC binding was ignored. Instead, iscsiadm used the network device determined by the "route" command. SendTargets discovery now occurs through the NIC specified in the "iface" binding information.

BZ#631821

If SendTargets discovery required multiple TEXT commands because of a long target list, iscsiadm did not set the Initiator Task Tag in compliance with RFC-3720 as published by the Internet Engineering Task Force. This issue has been fixed, and iscsiadm now sets the Initiator Task Tag correctly.

BZ#634021

Attempting to reboot or shut down a system with a running iSCSI daemon caused the system to stop responding because iSCSI sessions remained running. All iSCSI sessions now shut down correctly, so no issues are encountered on shut down or reboot.

BZ#689359

Previously, iSCSI did not work on the Broadcom NetXtreme II 1GbE Quad Port Copper Adapter (BCM57712) when connected to a Data Center Bridging-enabled (DCB-enabled) switch over VLAN. This occurred because VLAN tagging was set twice, once by uIP and once by the DCB firmware. This update corrects this issue with VLAN tagging.

BZ#640115

The ISCSI_ERR_INVALID_HOST error event was not being handled correctly, leaving iSCSI sessions in memory when the iSCSI driver was attempting to shut down. This resulted in the driver failing to respond during shutdown of sessions that used the Broadcom NetXtreme II Network Adapter driver.

BZ#593269

The iscsiadm and iscsid commands depended on files in /usr, but did not require that /usr was mounted when they were used. This resulted in failures without useful error messages when the user attempted to use these commands when /usr was not mounted. This issue has been corrected, and these failures no longer occur.

BZ#658428

Starting or stopping the iSCSI service while accessing the root partition directly through an iSCSI disk could cause iSCSI to become unresponsive and incorrect status information to be reported. Attempting to stop the iSCSI service in this circumstance now warns that iSCSI cannot be shut down while Root is on an iSCSI disk, and all statuses are reported correctly.

BZ#599539

The brcm_iscsiuio usage message displayed in response to the brcm_iscsiuio --help command contained two unsupported options: --foreground and --pid. The man page omitted five supported options: --debug, --help, -h, -p and --version. The unsupported options have been removed from the usage message, and all supported options have been added to the brcm_iscsiuio man page.

BZ#599542

The iscsiadm usage message displayed in response to the iscsiadm --help command omitted 24 supported options. Additionally, the iscsiadm man page omitted one supported option (--host) and contained one unsupported option (--info). These errors have now been corrected.

BZ#624437

iscsiadm did not accept host names or aliases as valid values for the --portal argument when in "node" mode. This resulted in failure, because iscsiadm expected the value returned during discovery as the value for --portal. iscsiadm now attempts to match a host name to the IP address returned during discovery, so this issue no longer occurs.

BZ#688783

If debug message logging was disabled, the iSCSI daemon failed to set the socket priority according to the Data Center Bridging application priority setting, which resulted in packets being sent with the default priority incorrectly. Socket priority is now set based on the Data Center Bridging application priority setting in this situation.

BZ#640340

When iscsiadm failed or exited incorrectly, it did not output useful error codes. Meaningful error codes now exist for these situations, and are described further in the iscsiadm man page.

BZ#523492

Support for Data Center Bridging has been added to the iSCSI driver.

BZ#635899

brcm_iscsiuio provides the ARP and DHCP functionality to offload iSCSI functionality. Support has been added for IPv6, VLAN, and several new Broadcom network cards.

Security Fixes

CVE-2011-3545, CVE-2011-3547, CVE-2011-3548, CVE-2011-3549, CVE-2011-3552, CVE-2011-3554, CVE-2011-3556

This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. Detailed vulnerability descriptions are linked from the IBM "Security alerts" page.

Security Fixes

CVE-2011-0802, CVE-2011-0814, CVE-2011-0862, CVE-2011-0865, CVE-2011-0867, CVE-2011-0871, CVE-2011-0873

This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. Detailed vulnerability descriptions are linked from the IBM "Security alerts" page.

Security Fixes

CVE-2011-0802, CVE-2011-0814, CVE-2011-0862, CVE-2011-0863, CVE-2011-0865, CVE-2011-0867, CVE-2011-0868, CVE-2011-0869, CVE-2011-0871, CVE-2011-0873

This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. Detailed vulnerability descriptions are linked from the IBM "Security alerts" page.

Security Fixes

CVE-2011-0862

Integer overflow flaws were found in the way Java2D parsed JPEG images and user-supplied fonts. An attacker could use these flaws to execute arbitrary code with the privileges of the user running an untrusted applet or application.

CVE-2011-0871

It was found that the MediaTracker implementation created Component instances with unnecessary access privileges. A remote attacker could use this flaw to elevate their privileges by utilizing an untrusted applet or application that uses Swing.

CVE-2011-0864

A flaw was found in the HotSpot component in OpenJDK. Certain bytecode instructions confused the memory management within the Java Virtual Machine (JVM), resulting in an applet or application crashing.

CVE-2011-0867

An information leak flaw was found in the NetworkInterface class. An untrusted applet or application could use this flaw to access information about available network interfaces that should only be available to privileged code.

CVE-2011-0868

An incorrect float-to-long conversion, leading to an overflow, was found in the way certain objects (such as images and text) were transformed in Java2D. A remote attacker could use this flaw to crash an untrusted applet or application that uses Java2D.

CVE-2011-0869

It was found that untrusted applets and applications could misuse a SOAP connection to incorrectly set global HTTP proxy settings instead of setting them in a local scope. This flaw could be used to intercept HTTP requests.

CVE-2011-0865

A flaw was found in the way signed objects were deserialized. If trusted and untrusted code were running in the same Java Virtual Machine (JVM), and both were deserializing the same signed object, the untrusted code could modify said object by using this flaw to bypass the validation checks on signed objects.

Security Fixes

CVE-2011-3556

A flaw was found in the Java RMI (Remote Method Invocation) registry implementation. A remote RMI client could use this flaw to execute arbitrary code on the RMI server running the registry.

CVE-2011-3557

A flaw was found in the Java RMI registry implementation. A remote RMI client could use this flaw to execute code on the RMI server with unrestricted privileges.

CVE-2011-3521

A flaw was found in the IIOP (Internet Inter-Orb Protocol) deserialization code. An untrusted Java application or applet running in a sandbox could use this flaw to bypass sandbox restrictions by deserializing specially-crafted input.

CVE-2011-3544

It was found that the Java ScriptingEngine did not properly restrict the privileges of sandboxed applications. An untrusted Java application or applet running in a sandbox could use this flaw to bypass sandbox restrictions.

CVE-2011-3548

A flaw was found in the AWTKeyStroke implementation. An untrusted Java application or applet running in a sandbox could use this flaw to bypass sandbox restrictions.

CVE-2011-3551

An integer overflow flaw, leading to a heap-based buffer overflow, was found in the Java2D code used to perform transformations of graphic shapes and images. An untrusted Java application or applet running in a sandbox could use this flaw to bypass sandbox restrictions.

CVE-2011-3554

An insufficient error checking flaw was found in the unpacker for JAR files in pack200 format. A specially-crafted JAR file could use this flaw to crash the Java Virtual Machine (JVM) or, possibly, execute arbitrary code with JVM privileges.

CVE-2011-3560

It was found that HttpsURLConnection did not perform SecurityManager checks in the setSSLSocketFactory method. An untrusted Java application or applet running in a sandbox could use this flaw to bypass connection restrictions defined in the policy.

CVE-2011-3389

A flaw was found in the way the SSL 3 and TLS 1.0 protocols used block ciphers in cipher-block chaining (CBC) mode. An attacker able to perform a chosen plain text attack against a connection mixing trusted and untrusted data could use this flaw to recover portions of the trusted data sent over the connection.

CVE-2011-3547

Note: This update mitigates the CVE-2011-3389 issue by splitting the first application data record byte to a separate SSL/TLS protocol record. This mitigation may cause compatibility issues with some SSL/TLS implementations and can be disabled using the jsse.enableCBCProtection boolean property. This can be done on the command line by appending the flag "-Djsse.enableCBCProtection=false" to the java command.

An information leak flaw was found in the InputStream.skip implementation. An untrusted Java application or applet could possibly use this flaw to obtain bytes skipped by other threads.

CVE-2011-3558

A flaw was found in the Java HotSpot virtual machine. An untrusted Java application or applet could use this flaw to disclose portions of the VM memory, or cause it to crash.

CVE-2011-3553

The Java API for XML Web Services (JAX-WS) implementation in OpenJDK was configured to include the stack trace in error messages sent to clients. A remote client could possibly use this flaw to obtain sensitive information.

CVE-2011-3552

It was found that Java applications running with SecurityManager restrictions were allowed to use too many UDP sockets by default. If multiple instances of a malicious application were started at the same time, they could exhaust all available UDP sockets on the system.

Bug Fix

BZ#659300

In Java GUI (graphical user interface) applications, placeholder characters were displayed when run in the Japanese locale. This happened because the fontconfig file defined a mapping to an unavailable font. With this update, the IPA or VLGothic fonts are mapped instead and Japanese characters are displayed correctly.

Security Fixes

CVE-2011-3389, CVE-2011-3516, CVE-2011-3521, CVE-2011-3544, CVE-2011-3545, CVE-2011-3546, CVE-2011-3547, CVE-2011-3548, CVE-2011-3549, CVE-2011-3550, CVE-2011-3551, CVE-2011-3552, CVE-2011-3553, CVE-2011-3554, CVE-2011-3555, CVE-2011-3556, CVE-2011-3557, CVE-2011-3558, CVE-2011-3560, CVE-2011-3561

This update fixes several vulnerabilities in the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch page.

Security Fixes

CVE-2011-0802, CVE-2011-0814, CVE-2011-0862, CVE-2011-0863, CVE-2011-0864, CVE-2011-0865, CVE-2011-0867, CVE-2011-0868, CVE-2011-0869, CVE-2011-0871, CVE-2011-0873

This update fixes several vulnerabilities in the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page.

BZ#656094

With this update, JSS has been upgraded to upstream version 4.2.6, which provides a number of bug fixes over the previous version. This rebase is necessary to support the Certificate Server.

BZ#676179

Previously, JSS did not release a PK11 slot. Due to this problem, a resource leak occurred and prevented NSS from shutting down because NSS detected that resources were still in use. This update corrects the resource leak and allows NSS to shutdown.

BZ#636975

This update removes the "blk_queue_ordered" and the "blk_queue_physical_block_size" symbols from the Red Hat Enterprise Linux 6.0 kernel ABI whitelists.

BZ#682967

This update adds several newly approved interfaces to the kernel ABI whitelists.

Security Fix

CVE-2011-3365

An input sanitization flaw was found in the KSSL (KDE SSL Wrapper) API. An attacker could supply a specially-crafted SSL certificate (for example, via a web page) to an application using KSSL, such as the Konqueror web browser, causing misleading information to be presented to the user, possibly tricking them into accepting the certificate as valid.

BZ#743951

kdelibs provided its own set of trusted Certificate Authority (CA) certificates. This update makes kdelibs use the system set from the ca-certificates package, instead of its own copy.

Security Fix

CVE-2011-3365

An input sanitization flaw was found in the KSSL (KDE SSL Wrapper) API. An attacker could supply a specially-crafted SSL certificate (for example, via a web page) to an application using KSSL, such as the Konqueror web browser, causing misleading information to be presented to the user, possibly tricking them into accepting the certificate as valid.

Bug Fixes

BZ#840948

Previously in the kernel, when the leap second hrtimer was started, it was possible that the kernel livelocked on the xtime_lock variable. This update fixes the problem by using a mixture of separate subsystem locks (timekeeping and ntp) and removing the xtime_lock variable, thus avoiding the livelock scenarios that could occur in the kernel.

BZ#847364

After the leap second was inserted, applications calling system calls that used futexes consumed almost 100% of available CPU time. This occurred because the kernel's timekeeping structure update did not properly update these futexes. The futexes repeatedly expired, re-armed, and then expired immediately again. This update fixes the problem by properly updating the futex expiration times by calling the clock_was_set_delayed() function, an interrupt-safe method of the clock_was_set() function.

Bug Fixes

BZ#844943

Prior to this update, the find_busiest_group() function used sched_group->cpu_power in the denominator of a fraction with a value of 0. Consequently, a kernel panic occurred. This update prevents the divide by zero in the kernel and the panic no longer occurs.

BZ#846830

Previously, the TCP socket bound to NFS server contained a stale skb_hints socket buffer. Consequently, kernel could terminate unexpectedly. A patch has been provided to address this issue and skb_hints is now properly cleared from the socket, thus preventing this bug.

BZ#853255

Previously, when a server attempted to shut down a socket, the svc_tcp_sendto() function set the XPT_CLOSE variable if the entire reply failed to be transmitted. However, before XPT_CLOSE could be acted upon, other threads could send further replies before the socket was really shut down. Consequently, data corruption could occur in the RPC record marker. With this update, send operations on a closed socket are stopped immediately, thus preventing this bug.

BZ#853951

When a PIT (Programmable Interval Timer) MSB (Most Significant Byte) transition occurred very close to an SMI (System Management Interrupt) execution, the pit_verify_msb() function did not see the MSB transition. Consequently, the pit_expect_msb() function returned success incorrectly, eventually causing a large clock drift in the quick_pit_calibrate() function. As a result, the TSC (Time Stamp Counter) calibration on some systems was off by +/- 20 MHz, which led to inaccurate timekeeping or ntp synchronization failures. This update fixes pit_expect_msb() and the clock drift no longer occurs in the described scenario.

Enhancement

BZ#847731

This update adds support for the Proportional Rate Reduction (PRR) algorithms for the TCP protocol. This algorithm determines TCP's sending rate in fast recovery. PRR avoids excessive window reductions and improves accuracy of the amount of data sent during loss recovery. In addition, a number of other enhancements and bug fixes for TCP are part of this update.

Bug Fix

BZ#891859

On Red Hat Enterprise Linux 6, mounting an NFS export from a Windows 2012 server failed due to the fact that the Windows server contains support for the minor version 1 (v4.1) of the NFS version 4 protocol only, along with support for versions 2 and 3. The lack of the minor version 0 (v4.0) support caused Red Hat Enterprise Linux 6 clients to fail instead of rolling back to version 3 as expected. This update fixes this bug and mounting an NFS export works as expected.

BZ#622327

Previously, an operation such as madvise(MADV_MERGEABLE) may have split VMAs (Virtual Memory Area) without checking if any huge page had to be split into regular pages, leading to huge pages to be still mapped in VMA ranges that would not be large enough to fit huge pages. With this update, huge pages are checked whether they have been split when any VMA is being truncated.

BZ#640576

Occasionally, the anon_vma variable could contain the value null in the page_address_in_vma function and cause kernel panic. With this update, kernel panic no longer occurs.

BZ#640579

Previously, building under memory pressure with KSM (Kernel Shared Memory) caused KSM to collapse with an internal compiler error indicating an error in swapping. With this update, data corruption during swapping no longer occurs.

BZ#640611

The fork() system call led to an rmap walk finding the parent huge-pmd twice instead of once, thus causing a discrepancy between the mapcount and page_mapcount check, which could have led to erratic page counts for subpages. This fix ensures that the rmap walk is accurate when a process is forked, thus resolving the issue.

BZ#642570

The fork() system call led to an rmap walk finding the parent huge-pmd twice instead of once, thus causing a discrepancy between the mapcount and page_mapcount check, which could have led to erratic page counts for subpages. This fix ensures that the rmap walk is accurate when a process is forked, thus resolving the issue.

BZ#646384

Running certain workload tests on a Non-Uniform Memory Architecture (NUMA) system could cause kernel panic at mm/migrate.c:113. This was due to a false positive BUG_ON. With this update, the false positive BUG_ON has been removed.

BZ#622640

If an Intel 82598 10 Gigabit Ethernet Controller was configured in a way that caused peer-to-peer traffic to be sent to the Intel X58 I/O hub (IOH), a PCIe credit starvation problem occurred. As a result, the system would hang. With this update, the system continues to work and does not hang.

BZ#637332

The ixgbe driver has been upgraded to upstream version 3.0.12, which provides a number of bug fixes and enhancements over the previous version.

BZ#696337

During light or no network traffic, the active-backup interface bond using ARP monitoring with validation could go down and return due to an overflow or underflow of system timer interrupt ticks (jiffies). With this update, the jiffies calculation issues problems have been fixed and a bond interface works as expected.

BZ#609516

Booting a system via the Extensible Firmware Interface (EFI) could result in a low resolution of the boot screen due to a VGA palette corruption. With this update, the VGA palette corruption no longer occurs and the boot screen is displayed in the correct resolution and colors.

BZ#626454

Systems with an updated Video BIOS for the AMD RS880 would not properly boot with KMS (Kernel mode-setting) enabled. With this update, the Video BIOS boots successfully when KMS is enabled.

BZ#640870

This update fixes the slow memory leak in the i915 module in DRM (Direct Rendering Manager) and GEM (Graphics Execution Manager).

BZ#640871

Previously, a race condition in the TTM (Translation Table Maps) module of the DRM (Direct Rendering Manager) between the object destruction thread and object eviction could result in a major loss of large objects reference counts. Consequently, this caused a major amount of memory leak. With this update, the race condition no longer occurs and any memory leaks are prevented.

BZ#644896

When booting the latest Red Hat Enterprise Linux 6 kernel (-78.el6), the system hanged shortly after the booting. Access to the file system died and the console started outputting soft lockup messages from the TTM code. With this update, the aforementioned behavior no longer occurs and the system boots as expected.

BZ#530618

Under some circumstances, a kernel panic on installation or boot may occur if the "Interrupt Remapping" feature is enabled in the BIOS. To work around this issue, disable interrupt remapping in the BIOS.

BZ#681017

Under some circumstances, faulty logic in the system BIOS could report that ASPM (Active State Power Management) was not supported on the system, but leave ASPM enabled on a device. This could lead to AER (Advanced Error Reporting) errors that the kernel was unable to handle. With this update, the kernel proactively disables ASPM on devices when the BIOS reports that ASPM is not supported, safely eliminating the aforementioned issues.

BZ#624628

Prior to this update, a guest could use the poll() function to find out whether the host-side connection was open or closed. However, with a SIGIO signal, this can be done asynchronously, without having to explicitly poll each port. With this update, a SIGIO signal is sent for any host connect/disconnect events. Once the SIGIO signal is received, the open/close status of virtio-serial ports can be obtained using the poll() system call.

BZ#628805

The virtio-console device did not handle the hot-unplug operation properly. As a result, virtio-console could access the memory outside the driver's memory area and cause kernel panic on the guest. With this update, multiple fixes to the virtio-console device resolved this issue and the hot-unplug operation works as expected.

BZ#634232

Applications and agents using virtio serial ports would block messages even though there were messages queued up and ready to be read in the virtqueue. This was due to virtio_console's poll function checking whether a port was NULL to determine if a read operation would result in a block of the port. However, in some cases, a port can be NULL even though there are buffers left in the virtqueue to be read. This update introduces a more sophisticated method of checking whether a port contains any data; thus, preventing queued up messages from being incorrectly blocked.

BZ#635535

Prior to this update, user space could submit (using the write() operation) a buffer with zero length to be written to the host, causing the qemu hypervisor instance running on that host to crash. This was caused by the write() operation triggering a virtqueue event on the host, causing a NULL buffer to be accessed. With this update, user space is no longer allowed to submit zero-sized buffers and the aforementioned crash no longer occur.

BZ#643750

Using a virtio serial port from an application, filling it until the write command returns -EAGAIN and then executing a select command for the write command, caused the select command to not return any values when using the virtio serial port in a non-blocking mode. When used in blocking mode, the write command waited until the host indicated it had used up the buffers. This was due to the fact that the poll operation waited for the port->waitqueue pointer; however, nothing woke the waitqueue when there was room again in the queue. With this update, the queue is woken via host notifications so that buffers consumed by the host can be reclaimed, the queue freed, and the application write operations may proceed again.

BZ#643751

If a host was slow in reading data or did not read data at all, blocking write() calls not only blocked the program that called the write() call but also the entire guest. This was caused by the write() calls waiting until an acknowledgment that the data consumed was received from the host. With this update, write() calls no longer wait for such acknowledgment: control is immediately returned to the user space application. This ensures that even if the host is busy processing other data or is not consuming data at all, the guest is not blocked.

BZ#605786

Please note that in future versions of Red Hat Enterprise Linux 6 (i.e. Red Hat Enterprise Linux 6.1 and later) the auto value setting of the crashkernel= parameter (i.e. crashkernel=auto) is deprecated.

BZ#675102

Prior to this update, the /usr/include/linux/fs.h file was broken, causing other packages to fail to build. With this update, the underlying source code has been modified to address this issue, and packages no longer fail to build.

BZ#629178

Prior to this update, the execve utility exhibited the following flaw. When an argument and any environment data were copied from an old task's user stack to the user stack of a newly-execve'd task, the kernel would not allow the process to be interrupted or rescheduled. Therefore, when the argument or environment string data was (abnormally) large, there was no "interactivity" with the process while the execve() function was transferring the data. With this update, fatal signals (like CTRL+c) can now be received and handled and a process is allowed to yield to higher priority processes during the data transfer.

BZ#616296

While not mandated by any specification, Linux systems rely on NMIs (Non-maskable Interrupts) being blocked by an IF-enabling (Interrupt Flag) STI instruction (an x86 instruction that enables interrupts; Set Interrupts); this is also the common behavior of all known hardware. Prior to this update, kernel panic could occur on guests using NMIs extensively (for example, a Linux system with the nmi_watchdog kernel parameter enabled). With this update, an NMI is disallowed when interrupts are blocked by an STI. This is done by checking for the condition and requesting an interrupt window exit if it occurs. As a result, kernel panic no longer occurs.

BZ#645898

Prior to this update, running context-switch intensive workloads on KVM guests resulted in a large number of exits (kvm_exit) due to control register (CR) accesses by the guest, thus, resulting in poor performance. This update includes a number of optimizations which allow the guest not to exit to the hypervisor in the aforementioned case and improve the overall performance.

BZ#626814

In some cases the NFS server fails to notify NFSv4 clients about renames and unlinks done by other clients, or by non-NFS users of the server. An application on a client may then be able to open the file at its old pathname (and read old cached data from it, and perform read locks on it), long after the file no longer exists at that pathname on the server. To work around this issue, use NFSv3 instead of NFSv4. Alternatively, turn off support for leases by writing 0 to /proc/sys/fs/leases-enable (ideally on boot, before the nfs server is started). This change prevents NFSv4 delegations from being given out, restoring correctness at the expense of some performance.

BZ#695488

In a four node cluster environment, a deadlock could occur on machines in the cluster when the nodes accessed a GFS2 file system. This resulted in memory fragmentation which caused the number of network packet fragments in requests to exceed the network hardware limit. The network hardware firmware dropped the network packets exceeding this limit. With this update, the network packet fragmentation was reduced to the limit of the network hardware, no longer causing problems during memory fragmentation.

BZ#627741

The zfcpdump (kdump) kernel on IBM System z could not be debugged using the dump analysis tool crash, because the vmlinux file in the kernel-kdump-debuginfo RPM did not contain DWARF debug information. With this update, the CONFIG_DEBUG_KERNEL parameter is set to yes and the needed debug information is provided.

BZ#647365

On IBM System z systems, user space programs could access the /dev/mem file (which contains an image of main memory), where an accidental memory (write) access could potentially be harmful. To restrict access to memory from user space through the /dev/mem file, the CONFIG_STRICT_DEVMEM configuration option has been enabled for the default kernel. The kdump and debug kernels have this option switched off by default.

BZ#668470

If a CPU is set offline, the nohz_load_balancer CPU is updated. However, under certain circumstances, the nohz_load_balancer CPU would not be updated, causing the offlined CPU to be enqueued with various timers which never expired. As a result, the system could become unresponsive. With this update, the nohz_load_balancer CPU is always updated; systems no longer become unresponsive.

BZ#636678

Previously, in order to install Snapshot 13, boot parameter nomodeset xforcevesa had to be added to the kernel command line, otherwise, the screen turned black and prevented the installation. With this update, the aforementioned boot parameter no longer has to be specified and the installation works as expected.

BZ#635710

The qla2xxx driver for QLogic Fibre Channel Host Bus Adapters (HBAs) has been updated to upstream version 8.03.05.01.06.1-k0, which provides a number of bug fixes and enhancements over the previous version.

BZ#695478

The driver for the NetXen NX3031 network adapter did not support more than 14 fragments for a non-TSO (TCP Segmentation Offload) packet, which could have caused network failures. This update corrects the driver.

BZ#641764

Previously, accounting of reclaimable inodes did not work correctly. When an inode was reclaimed it was only deleted from the per-AG (per Allocation Group) tree. Neither the counter was decreased, nor was the parent tree's AG entry untagged properly. This caused the system to hang indefinitely. With this update, the accounting of reclaimable inodes works properly and the system remains responsive.

BZ#632021

If a Xen guest which specifies a physical path such as /dev/sda1 in its /etc/fstab configuration file, instead of a labeled path, then the following workaround procedure should be followed:

1. The "xen_emul_unplug=never" option should be added to the guest's kernel boot line.
2. The /etc/fstab entry should be modified to specify a partition such as /dev/xvda1 for the /boot partition, or a proper partition label should be used for the file systems on the emulated block device.
3. Finally, if the Xen guest configuration spec uses a line similar to the following:

   disk = [ 'file:/var/lib/xen/images/rhel6-guest.dsk,hda,w', ]

   …then that line should be changed to:

   disk = [ 'tap:aio:/var/lib/xen/images/rhel6-guest.dsk,hda,w', ]

   This line needs to be changed because the Xen para-virtualized disk driver is not supported with file-backed I/O.

BZ#680126

Using the pam_tty_audit.so module (which enables or disables TTY auditing for specified users) in the /etc/pam.d/sudo file and in the /etc/pam.d/system-auth file when the audit package is not installed resulted in soft lock-ups on CPUs. As a result, the kernel became unresponsive. This was due to the kernel exiting immediately after TTY auditing was disabled, without emptying the buffer, which caused the kernel to spin in a loop, copying 0 bytes at each iteration and attempting to push each time without any effect. With this update, a locking mechanism is introduced to prevent the aforementioned behavior.

BZ#625914

Previously, a kernel module not shipped by Red Hat was successfully loaded when the FIPS boot option was enabled. With this update, kernel self-integrity is improved by rejecting to load kernel modules which are not shipped by Red Hat when the FIPS boot option is enabled.

BZ#631547

Previously the cxgb3 (Chelsio Communications T3 10Gb Ethernet) adapter experienced parity errors. With this update, the parity errors are correctly detected and the cxgb3 adapter successfully recovers from them.

BZ#698016

When the iscsi driver detected the platform option-rom, it bypassed its local defaults and used the platform-provided parameters. With this update, if the platform specifies invalid OEM parameters, a warning message is printed, and the iSCSI driver falls back on its sensible internal default parameters rather than failing to load the driver altogether.

BZ#694106

After a raid45->raid0 takeover operation, another takeover operation (for example, raid0->raid5) resulted in kernel panic. This was due to the 'degraded' and 'plug' variables from the mddev structure not being cleared after the raid4->raid0 takeover. With this update, aforementioned variables are properly cleared, and no longer cause kernel panic.

BZ#550724

In some cases, under a small system load involve some I/O operation, processes started to lock up in the D state (that is, became unresponsive). The system load could in some cases climb steadily. This was due to the way the event channel IRQ (Interrupt Request) was set up. Xen events behave like edge-triggered IRQs, however, the kernel was setting them up as level-triggered IRQs. As a result, any action using Xen event channels could lock up a process in the D state. With this update, the handling has been changed from edge-triggered IRQs to level-triggered IRQs and process no longer lock up in the D state.

BZ#643371

A race condition occurred when Xen was presented with an inconsistent page type resulting in the crash of the kernel. With this update, the race condition is prevented and kernel crashes no longer occur.

BZ#645198

The Red Hat Enterprise Linux kernel can now be tainted with a "tech preview" status. If a kernel module causes the tainted status, then running the command "cat /proc/modules" will display a "(T)" next to any module that is tainting the kernel.

For more information about Technology Previews, refer to:

https://access.redhat.com/support/offerings/techpreview/

Important

Running a kernel with the tainted flag set may limit the amount of support that Red Hat can provide for the system.

BZ#694913

The "perf" subsystem failed to load on HP ProLiant servers, and messages similar to the following were logged to the console at boot time:

NMI watchdog disabled for cpu1: unable to create perf event: -2

This update includes a patch that allows the "perf" subsystem to load when using these servers, but only using the same counter that the BIOS uses. The implications of this are that "perf" statistics could be corrupted.

BZ#643667

Previously, Red Hat Enterprise Linux 6 enabled the CONFIG_IMA option in the kernel. This caused the kernel to track all inodes in the system in a radix tree, leading to a huge waste of memory. With this update, an optimized version of a tree (rbtree) is used and memory is no longer wasted.

BZ#615309

Direct Asynchronous I/O (AIO) which is not issued on file system block boundaries, and falls into a hole in a sparse file on ext4 or xfs file systems, may corrupt file data if multiple I/O operations modify the same file system block. Specifically, if qemu-kvm is used with the aio=native I/O mode over a sparse device image hosted on the ext4 or xfs filesystem, guest file system corruption will occur if partitions are not aligned with the host file system block size. This issue can be avoided by using one of the following techniques:

1. Align AIOs on file system block boundaries, or do not write to sparse files using AIO on xfs or ext4 filesystems.
2. KVM: Use a non-sparse system image file or allocate the space by zeroing out the entire file.
3. KVM: Create the image using an ext3 host filesystem instead of ext4.
4. KVM: Invoke qemu-kvm with aio=threads (this is the default).
5. KVM: Align all partitions within the guest image to the host's file system block boundary (default 4k).

BZ#624909

Running a fsstress test which issues various operations on a ext4 filesystem when usrquota is enabled, the following JBD (Journaling Block Device) error was output in /var/log/messages:

JBD: Spotted dirty metadata buffer (dev = sda10, blocknr = 17635). There's a risk of filesystem corruption in case of system crash.

With this update, by always journaling the quota file modification in an ext4 file system the aforementioned message no longer appears in the logs.

BZ#593766

The /var/log/messages file could have slowly filled up with error messages similar to the following:

ACPI Error: Illegal I/O port address/length above 64K: 0x0000000000400020/4 (20090903/hwvalid-154)
ACPI Exception: AE_LIMIT, Returned by Handler for [SystemIO] (20090903/evregion-424)
ACPI Error (psparse-0537): Method parse/execution failed [\_GPE._L09] (Node ffff8800797cd298), AE_LIMIT
ACPI Exception: AE_LIMIT, while evaluating GPE method [_L09] (20090903/evgpe-568)

This error message no longer occurs with this update.

BZ#653245

The kernel syslog contains debugging information that is often useful during exploitation of other vulnerabilities such as kernel heap addresses. With this update, a new CONFIG_SECURITY_DMESG_RESTRICT option has been added to config-generic-rhel which prevents unprivileged users from reading the kernel syslog. This option is by default turned off (0), which means no restrictions.

BZ#627653

A regression was discovered that caused kernel panic during the booting of any SGI UV100 and UV1000 system unless the virtefi command line option was passed to the kernel by GRUB. With this update, the need for the virtefi command line option is removed and the kernel will boots as expected without it.

BZ#659480

Prior to this update, running the hwclock --systohc command could halt a running system. This was due to the interrupt transactions being looped back from a local IOH (Input/Output Hub), through the IOH to a local CPU (erroneously), which caused a conflict with I/O port operations and other transactions. With this update, the conflicts are avoided and the system continues to run after executing the hwclock --systohc command.

BZ#621304

The RELEASE_LOCKOWNER operation has been implemented for the NFSv4 client in order to avoid an exhaustion of NFS server state IDs, which could result in an NFS4ERR_RESOURCE error. Additionally, this update introduces NFSv4 lock state tracking in read/write requests and lock owners labeling.

BZ#626515

An implementation of the SHA (Secure Hash Algorithm) hashing algorithm for the IBM System z architecture did not produce correct hashes and could potentially cause memory corruption due to broken partial block handling. A partial block could break when it was followed by an update which filled it with leftover bytes. Instead of storing the new leftover bytes at the start of the buffer, they were stored immediately after the previous partial block. With this update, the index pointer is reset, thus resolving the aforementioned partial block handling issue.

BZ#661113

Outgoing packets were not fragmented after receiving the icmpv6 pkt-too-big message when using the IPSecv6 tunnel mode. This was due to the lack of IPv6 fragmentation support over an IPsec tunnel. With this update, IPv6 fragmentation is fully supported and works as expected when using the IPSecv6 tunnel mode.

BZ#630810

Prior to this update, performing live migration back and forth during guest installation with network adapters based on the 8168c chipset or the 8111c chipset triggered an rtl8169_interrupt hang due to a RxFIFO overflow. With this update, infinite loops in the IRQ (Interrupt Request) handler caused by RxFIFO overflows are prevented and the aforementioned hang no longer occurs.

BZ#629066

When booting a Red Hat Enterprise Linux 5.5 kernel on a guest on an AMD host system running Red Hat Enterprise Linux 6, the guest kernel crashes due to an unsupported MSR (Model Specific Registers) read of the MSR_K7_CLK_CTL model. With this update, KVM support was added for the MSR_K7_CLK_CTL model specific register used in the AMD K7 CPU models, thus, the kernel crashes no longer occur.

BZ#629836

Previously, a Windows XP host experienced the stop error screen (i.e. the "Blue Screen Of Death" error) when booted with the CPU mode name. With this update, a Windows XP host no longer experiences the aforementioned error due to added KVM (Kernel-based Virtual Machine) support for the MSR_EBC_FREQUENCY_ID model specific register.

BZ#629085

Under certain circumstances, a kernel thread that handles incoming messages from a server could unexpectedly exit by itself. As a result, the kernel thread would free some data structures which could then be referenced by another data structure, resulting in a kernel panic. With this update, kernel threads no longer unexpectedly exit; thus, kernel panic no longer occurs in the aforementioned case.

BZ#641408

Previously, calling the elevator_change function immediately after the blk_init_queue function resulted in a null pointer dereference. With this update, the null pointer dereference no longer occurs.

BZ#623199

In certain network setups (specifically, using VLAN on certain NICs where packets are sent through the VLAN GRO rx path), sending packets from an active ethernet port to another inactive ethernet port could affect the network's bridge and cause the bridge to acquire a wrong bridge port. This resulted in all packets not being passed along in the network. With this update, the underlying source code has been modified to address this issue, and network traffic works as expected.

BZ#683496

Prior to this update, adding a bond over a bridge inside a virtual guest caused the kernel to crash due to a NULL dereference. This update improves the tests for the presence of VLANs configured above bonding (additionally, this update fixes a regression introduced by the patch for BZ#633571) . The new logic determines whether a registration has occurred, instead of testing that the internal vlan_list of a bond is empty. Previously, the system panicked and crashed when vlan_list was not empty, but the vlgrp pointer was still NULL.

BZ#592879

The memory cgroup controller has its own Out of Memory routine (OOM killer) and kills a process at an OOM event. However, a race condition could cause the pagefault_out_of_memory function to be called after the memory cgroup's OOM. This invoked the generic OOM killer and a panic_on_oom could occur. With this update, only the memory cgroup's OOM killer is invoked and used to kill a process should an OOM occur.

BZ#613812

This update provides a number of patches that resolve a mutual exclusion fault which could cause the kernel to become unresponsive.

BZ#634500

Previously, MADV_HUGEPAGE was missing in the include/asm-generic/mman-common.h file which caused madvise to fail to utilize TPH. With this update, the madvise option was removed from /sys/kernel/mm/redhat_transparent_hugepage/enabled since MADV_HUGEPAGE was removed from the madvise system call.

BZ#619818

If device-mapper-multipath is used, and the default path failure timeout value (/sys/class/fc_remote_ports/rport-xxx/dev_loss_tmo) is changed, that the timeout value will revert to the default value after a path fails, and later restored. Note that this issue will present the lpfc, qla2xxx, ibmfc or fnic Fibre Channel drivers. To work around this issue the dev_loss_tmo value must be adjusted after each path fail/restore event

BZ#633907

During an installation through Cisco NPV (N port virtualization) to Brocade, adding a LUN (Logical Unit Number) through Add Advanced Target did not work properly. This was caused by the faulty resending of FLOGI (Fabric Login) when a Fibre Channel switch in the NPV mode rejected requests with zero Destination ID. With this update, the LUN is seen and able to be selected for installation.

BZ#633915

An I/O operation could fast fail when using Device Mapper Multipathing (dm-multipath) if the I/O operation could be retried by the scsi layer. This prevented the multipath layer from starting its error recovery procedure and resulted in unnecessary log messages in the appropriate log files. This update includes a number of optimizations that resolve the aforementioned issue.

BZ#636233

Previously, timing issues could cause the FIP (FCoE Initialization Protocol) FLOGIs to timeout even if there were no problems. This caused the kernel to go into a non-FIP mode even though it should have been in the FIP mode. With this update, the timing issues no longer occur and the kernel no longer switches to the non-FIP mode when logging to the Fibre Channel Switch/Forwarder.

BZ#636771

A Red Hat Enterprise Linux 6.0 host (with root on a local disk) with dm-multipath configured on multiple LUNs (Logical Unit Number) hit kernel panic (at scsi_error_handler) with target controller faults during an I/O operation on the dm-multipath devices. This was caused by multipath using the blk_abort_queue() function to allow lower latency path deactivation. The call to blk_abort_queue proved to be unsafe due to a race (between blk_abort_queue and scsi_request_fn). With this update, the race has been resolved and kernel panic no longer occurs on Red Hat Enterprise Linux 6.0 hosts.

BZ#638297

When an scsi command timed out and the fcoe/libfc driver aborted the command, a race could occur during the clean-up of the command which could result in kernel panic. With this update, the locking mechanism in the clean-up and abort paths was modified, thus, fixing the aforementioned issue.

BZ#643237

Prior to this update, when using Red Hat Enterprise Linux 6 with a qla4xxx driver and FC (Fibre Channel) drivers using the fc class, a device might have been put in the offline state due to a transport problem. Once the transport problem was resolved, the device was not usable until a user manually corrected the state. This update enables the transition from the offline state to the running state, thus, fixing the problem.

BZ#668114

Operating in the FIP (FCoE Initialization Protocol) mode and performing operations that bring up ports could cause the fcoe.ko and fnic.ko modules to not be able to re-login when a port was brought back up. This was due to a bug in the FCoE (Fiber Channel over Ethernet) layer causing improper handling of FCoE LOGO frames while in the FIP mode. With this update, FCoE LOGO frames are properly handled when in the FIP mode and the fcoe.ko and fnic.ko modules no longer fail to re-login.

BZ#632631

Previously, the s390 tape block driver crashed whenever it tried to switch the I/O scheduler. With this update, an official in-kernel API (elevator_change()) is used to switch the I/O scheduler safely; thus, the crashes no longer occurs.

BZ#635199

The barrier implementation in the Red Hat Enterprise Linux 6 kernel works by completely draining the I/O scheduler's queue, then issuing a preflush, a barrier, and finally a postflush request. However, since the supported file systems in Red Hat Enterprise Linux 6 all implement their own ordering guarantees, the block layer need only provide a mechanism to ensure that a barrier request is ordered with respect to other I/O already in the disk cache. This mechanism avoids I/O stalls experienced by queue draining. The block layer will be updated in future kernels to provide this more efficient mechanism of ensuring ordering.

Workloads that include heavy fsync or metadata activity will see an overall improvement in disk performance. Users taking advantage of the proportional weight I/O controller will also see a boost in performance. In preparation for the block layer updates, third party file system developers need to ensure that data ordering surrounding journal commits are handled within the file system itself, since the block layer will no longer provide this functionality.

These future block layer improvements will change some kernel interfaces such that symbols which are not on the kABI whitelist shall be modified. This may result in the need to recompile third party file system or storage drivers.

BZ#636994

Handling ALUA (Asymmetric Logical Unit Access) transitioning states did not work properly due to a faulty SCSI (Small Computer System Interface) ALUA handler. With this update, optimized state transitioning prevents the aforementioned behavior.

BZ#637805

Previously, a write request may have merged with a discard request. This could have posed a potential risk for 3rd party drivers which could possibly issue a discard without waiting properly. With this update, discarding of write block I/O requests by preventing merges of discard and write requests in one block I/O has been introduced, resolving the possible risks.

BZ#638525

Previously, the /proc/maps file which is read by LVM2 (Logical Volume Manager) contained inconsistencies.

BZ#644380

Running the Virtual Desktop Server Manager (VDSM) and performing an lvextend during an intensive Virtual Guest power up caused this operation to fail. Since lvextend was blocked, all components became non-responsive: vgs and lvs commands froze the session, Virtual Guests became Paused or Not Responding. This was caused by a faulty use of a lock. With this update, performing an lvextend operation works as expected.

BZ#658293

The lack of synchronization between the clearing of the QUEUE_FLAG_CLUSTER flag and the setting of the no_cluster flag in the queue_limits variable caused corruption of data. Note that this issue only occurred on hardware that did not support segment merging (that is, clustering). With this update, the synchronization between the aforementioned flags works as expected, thus, corruption of data no longer occurs.

BZ#669411

Deleting an SCSI (Small Computer System Interface) device attached to a device handler caused applications running in user space, which were performing I/O operations on that device, to become unresponsive. This was due to the fact that the SCSI device handler's activation did not propagate the SCSI device deletion via an error code and a callback to the Device-Mapper Multipath. With this update, deletion of an SCSI device attached to a device handler is properly handled and no longer causes certain applications to become unresponsive.

BZ#670572

For a device that used a Target Portal Group (TPG) ID which occupied the full 2 bytes in the RTPG (Report Target Port Groups) response (with either byte exceeding the maximum value that may be stored in a signed char), the kernel's calculated TPG ID would never match the group_id that it should. As a result, this signed char overflow also caused the ALUA handler to incorrectly identify the Asymmetric Access State (AAS) of the specified device as well as incorrectly interpret the supported AAS of the target. With this update, the aforementioned issue has been addressed and no longer occurs.

BZ#680140

Deleting an SCSI (Small Computer System Interface) device attached to a device handler caused applications running in user space, which were performing I/O operations on that device, to become unresponsive. This was due to the fact that the SCSI device handler's activation did not propagate the SCSI device deletion via an error code and a callback to the Device-Mapper Multipath. With this update, deletion of an SCSI device attached to a device handler is properly handled and no longer causes certain applications to become unresponsive.

BZ#647367

Migrating a guest could have resulted in dirty values for the guest being retained in memory, which could have caused both the guest and qemu to crash. The trigger for this was memory pages being both write-protected and dirty simultaneously. With this update, memory pages in the current bitmap are either dirty or write-protected when migrating a guest, with the result that neither qemu nor guest operating systems crash following a migration.

BZ#676579

Intensive usage of resources on a guest lead to a failure of networking on that guest: packets could no longer be received. The failure occurred when a DMA (Direct Memory Access) ring was consumed before NAPI (New API; an interface for networking devices which makes use of interrupt mitigation techniques) was enabled which resulted in a failure to receive the next interrupt request. The regular interrupt handler was not affected in this situation (because it can process packets in-place), however, the OOM (Out Of Memory) handler did not detect the aforementioned situation and caused networking to fail. With this update, NAPI is subsequently scheduled for each napi_enable operation; thus, networking no longer fails under the aforementioned circumstances.

BZ#626956

The kernel panicked when booting the kdump kernel on a s390 system with an initramfs that contained an odd number of bytes. With this update, an initramfs with sufficient padding such that it contains an even number of bytes is generated; thus, the kernel no longer panics.

BZ#631246

Previously, the destination MAC address validation was not checking for NPIV (N_Port ID Virtualization) addresses, which results in FCoE (Fibre Channel over Ethernet) frames being dropped. With this update, the destination MAC address check for FCoE frames has been modified so that multiple N_port IDs can be multiplexed on a single physical N_port.

BZ#641315

Reading the /proc/vmcore file on a Red Hat Enterprise Linux 6 system was not optimal because it did not always take advantage of reading through the cached memory. With this update, access to the /dev/oldmem device in the /proc/vmcore file is cached, resulting in faster copying to user space.

BZ#665110

Bonding, when operating in the ARP monitoring mode, made erroneous assumptions regarding the ownership of ARP frames when it received them for processing. Specifically, it was assumed that the bonding driver code was the only execution context which had access to the ARP frames network buffer data. As a result, an operation was attempted on the said buffer (specifically, to modify the size of the data buffer) which was forbidden by the kernel when a buffer was shared among several execution contexts. The result of such an operation on a shared buffer could lead to data corruption. Consequently, trying to prevent the corruption, the kernel panicked. This shared state in the network buffer could be forced to occur, for example, when running the tcpdump utility to monitor traffic on the bonding interface. Every buffer the bond interface received would be shared between the driver and the tcpdump process, thus, resulting in the aforementioned kernel panic. With this update, for the particular affected path in the bonding driver, each inbound frame is checked whether it is in the shared state. In case a buffer is shared, a private copy is made for exclusive use by the bonding driver, thus, preventing the kernel panic.

BZ#672937

Reading the /proc/vmcore file was previously significantly slower on a Red Hat Enterprise Linux 6 system when compared to a Red Hat Enterprise Linux 5 system. This update enables caching of memory accesses; reading of the /proc/vmcore file is now noticeably faster.

BZ#680478

The kdump kernel (the second kernel) could in some cases become unresponsive due to a pending IPI (Inter-processor Interrupt) from the first kernel. The kernel tries to handle the IPI, but fails to do so due to a NULL pointer dereference. With this update, the underlying source code has been modified to address this issue, and kdump no longer hangs.

BZ#625585

Physical CPU Hotplug is not supported on Red Hat Enterprise Linux 6 i686.

BZ#681870

A Peripheral Component Interconnect Express (PCIe) Active State Power Management (ASPM) was not being properly enabled on some platforms. This resulted in the system becoming unresponsive and followed by a Non-Maskable Interrupt (NMI) on some HP ProLiant systems in the Hewlett Packard Smart Array (HPSA) or on some network cards. With this update, the underlying source code has been modified to address this issue.

BZ#694891

Intel Xeon processor E7 family processors have an issue in which some c-state transitions can cause false correctable Machine Check Exception (MCE) errors to be reported from MCE bank 6 to the user. On some E7 processor family systems, this resulted in "floods" of MCE errors. This patch disables MCE error reporting for bank 6.

BZ#634703

Systems that have an Emulex FC controller (with SLI-3 based firmware) installed could return a kernel panic during installation. With this update, kernel panic no longer occurs during installation.

BZ#651584

Kernel panic could occur when the gfs2_glock_hold function was called within the gfs2_process_unlinked_inode function. This was due to the fact that gfs2_glock_hold was being called without a reference already held on the inode in question. This update, resolves this problem by changing the order in which it acquires references to match that of the NFS code; thus, kernel panic no longer occurs.

BZ#695751

A previously applied patch accidentally removed a check that handled invalid EEPROM (Electrically Erasable Programmable Read-Only Memory) sizes. Without this check the EEPROM validation failed if the EEPROM size was invalid, causing the NIC (Network Interface Controller) to not function properly. This update reintroduces the aforementioned patch, fixing the problem.

BZ#628951

PowerPC systems having more than 1 TB of RAM could randomly crash or become unresponsive due to an incorrect setup of the Segment Lookaside Buffer (SLB) entry for the kernel stack. With this update, the SLB entry is properly set up.

BZ#636978

Previously, the vmstat (virtual memory statistics) tool incorrectly reported the disk I/O as swap-in on ppc64 and other architectures that do not support the TRANSPARENT_HUGEPAGE configuration option in the kernel. With this update, the vmstat tool no longer reports incorrect statistics and works as expected.

BZ#676640

The bnx2i driver could cause a system crash on IBM POWER7 systems. The driver's page tables were not set up properly on Big Endian machines, causing extended error handling (EEH) errors on PowerPC machines. With this update, the page tables are properly set up and a system crash no longer occurs in the aforementioned case.

BZ#678099

A race condition could occur during a threaded coredump causing some threads to not have a full register set. With this update, the underlying source code has been modified to address this issue and prevent the aforementioned race condition.

BZ#681668

If an EEH (Enhanced I/O Error Handling) error occurred too early in the boot process, the kernel panicked with an error message similar to the following:

Unable to handle kernel paging request for data at address 0x00000468
Oops: Kernel access of bad area, sig: 11 [#1]

This situation is detected and avoided with this update, with the result that the machine continues to boot normally.

BZ#683115

A race condition caused by a missing mutual exclusion lock in the device_pm_pre_add() function and the device_pm_pre_add_cleanup() function could occur during the booting of an IBM Power system. As a result, error diagnostic messages were displayed in dmesg. This update adds the missing mutual exclusion lock, resolving this issue.

BZ#684961

On the PowerPC architecture, a PCI adapter with two functions, one of which uses MSI (Message Signaled Interrupts), and one of which uses MSI-X (an extended version of MSI), could have triggered an EEH (Enhanced I/O Error Handling) from an MSI-X signal when MSI was disabled using an older interface. With this update, the newer interface is used to disable MSI, with the result that the adapter no longer signals a stray MSI-X interrupt, and no EEH is registered.

BZ#694327

A previously released patch added a spin_unlock into the dtl_disable function for the virtual processor dispatch trace log file. However, the dtl_function did not include a spin_unlock which could cause a deadlock to occur. With this update, the missing spin_unlock has been added, and a deadlock no longer occurs.

BZ#695678

Section 14.11.3.2 "H_REGISTER_VPA" in the POWER Architecture Platform Reference (PAPR) specified that Dispatch Trace Log (DTL) buffers could not cross Active Memory Sharing (AMS) environments and memory entitlement granule boundaries (of size 4kB). However, kmalloc (a method for allocating memory in the kernel) did not guarantee an alignment of the allocation beyond 8 bytes. This update adds a special kmem cache for DLT buffers with the aforementioned alignment requirement.

BZ#593566

Certain scan requests failed to complete before the network interface was brought down. As a result, a warning will appear in the kernel log regarding wdev_cleanup_work. In some cases connectivity may be lost until the next reboot. If connectivity is restored, then the warning may be safely ignored. In other cases, the driver module may need to be reloaded or the system may need to be rebooted.

BZ#633836

Installing a debug kernel caused the PERC (Dell PowerEdge RAID Controller) 700 adapter to enter an undefined state and produce incorrect error messages. This has been corrected so that installing the debug kernel no longer causes the PERC 700 adapter to enter an undefined state and display erroneous RAID DIMM error messages.

BZ#664832

Systems Management Applications using the libsmbios package could become unresponsive on Dell PowerEdge servers (specifically, Dell PowerEdge 2970 and Dell PowerEdge SC1435). The dcdbas driver can perform an I/O write operation which causes an SMI (System Management Interrupt) to occur. However, the SMI handler processed the SMI well after the outb function was processed, which caused random failures resulting in the aforementioned hang. With this update, the underlying source code has been modified to address this issue, and systems management applications using the libsmbios package no longer become unresponsive.

BZ#692673

If an error occurred during an I/O operation, the SCSI driver reset the megaraid_sas controller to restore it to normal state. However, on Red Hat Enterprise Linux 6, the waiting time to allow a full reset completion for the megaraid_sas controller was too short. The driver incorrectly recognized the controller as stalled, and, as a result, the system stalled as well. With this update, more time is given to the controller to properly restart, thus, the controller operates as expected after being reset.

BZ#638269

The lock reclaim operation on a Red Hat Enterprise Linux 6 NFSv4 client did not work properly when, after a server reboot, an I/O operation which resulted in a STALE_STATEID response was performed before the RENEW call was sent to the server. This behavior was caused due to the improper use of the state flags. While investigating this bug, a different bug was discovered in the state recovery operation which resulted in a reclaim thread looping in the nfs4_reclaim_open_state() function. With this update, both operations have been fixed and work as expected.

BZ#680549

Previously, the UDP (User Datagram Protocol) transmit path ran under a socket lock due to the corking feature, which limited scalability due to having to transmit to the same socket in multiple threads. With this update, the transmit path has been made lockless when corking is not used, which greatly increases UDP transmit speed.

BZ#630060

On a system configured with an HP Smart Array controller, during the kdump process, the capturing kernel could have become unresponsive and the following error message logged:

NMI: IOCK error (debug interrupt?)

As a workaround, the system can be configured by blacklisting the hpsa module in a configuration file such as /etc/modules.d/blacklist.conf, and specifying the disk_timeout option so that saving the vmcore over the network is possible.

BZ#700430

Under certain circumstances, a command could be left unprocessed when using either the cciss or the hpsa driver. This was because the HP Smart Array controller considered all commands to be completed when, in fact, some commands were still left in the completion queue. This could cause the file system to become read-only or panic and the whole system to become unstable. With this update, an extra read operation has been added to both of the aforementioned drivers, fixing this issue.

BZ#617137

On platforms using an Intel 7500 or an Intel 5500 chipset (or their derivatives), occasionally, a VT-d specification defined error occurred in the kdump kernel (the second kernel). As a result of the VT-d error, on some platforms, an SMI (System Management Interrupt) was issued and the system became unresponsive. With this update, a VT-d error is properly handled so that an SMI is no longer issued, and the system no longer hangs.

BZ#664364

Invocating an EFI (Extensible Firmware Interface) call caused a restart or a failure to boot to occur on a system with more than 512GB of memory because the EFI page tables did not map the whole kernel space. EFI page tables used only one PGD (Page Global Directory) entry to map the kernel space; thus, virtual addresses higher than PAGE_OFFSET + 512GB could not be accessed. With this update, EFI page tables map the whole kernel space.

BZ#655231

A previously introduced patch that prevented kbuild to attempt to sign an out-of-the-tree module only fixed this issue for cases when a full kernel tree was used for compiling. Using the kernel-devel package for compilation remained broken. This update allows out-of-the-tree modules to compile using the kernel-devel package only.

BZ#703504

Prior to this update, external modules could be built using the "-Werr" option, which resulted in a failure to build any major third party module. This update, disables the "-Werr" option for external modules, fixing the issue.

BZ#628676

The zfcpdump tool was not able to mount ext4 file systems. Because ext4 is the default file system on Red Hat Enterprise Linux 6, with this update, ext4 file system support was added for the zfcpdump tool.

BZ#629205

The zfcpdump tool was not able to mount ext2 file systems. With this update, ext2 file system support was added for the zfcpdump tool.

BZ#636922

The ALSA HDA audio driver has been updated to improve support for new chipsets and HDA audio codecs.

BZ#693050

The perf subsystem's trace command has been replaced with the script command. Users should now use the script command.

BZ#633571

This update provides VLAN null tagging support (VLAN ID 0 can be used in tags).

BZ#591796, BZ#591797, BZ#624615, BZ#637237

USB 3.0 support has been changed from Technology Preview to full support, and supports Power Management as well as other chips other than NEC.

BZ#704000

This update includes two fixes for the bna driver, specifically:

• A memory leak was caused by an unintentional assignment of the NULL value to the RX path destroy callback function pointer after a correct initialization.
• During a kernel crash, the bna driver control path state machine and firmware did not receive a notification of the crash, and, as a result, were not shut down cleanly.

BZ#704002

This update adds a missing patch to the ixgbe driver to use the kernel's generic routine to set and obtain the DCB (Data Center Bridging) priority. Without this fix, applications could not properly query the DCB priority.

BZ#704009

Prior to this update, the interrupt service routine was performing unnecessary MMIO operation during performance testing on IBM POWER7 machines. With this update, the logic of the routine has been modified so that there are fewer MMIO operations in the performance path of the code. Additionally, as a result of the aforementioned change, an existing condition was exposed where the IPR driver (the controller device driver) could return an unexpected HRRQ (Host Receive Request) interrupt. The original code flagged the interrupt as unexpected and then reset the adapter. After further analysis, it was confirmed that this condition could occasionally occur and the interrupt can be safely ignored. Additional code provided by this update detects this condition, clears the interrupt, and allows the driver to continue without resetting the adapter.

BZ#704011

After receiving an ABTS response, the FCoE (Fibre Channel over Ethernet) DDP error status was cleared. As a result, the FCoE DDP context invalidation was incorrectly bypassed and caused memory corruption. With this update, the underlying source code has been modified to address this issue, and memory corruption no longer occurs.

BZ#704014

The Brocade BFA FC/FCoE driver was previously selectively marked as a Technology Preview based on the type of the adapter. With this update, the Brocade BFA FC/FCoE driver is always marked as a Technology Preview.

BZ#704280

This update standardizes the printed format of UUIDs (Universally Unique Identifier)/GUIDs (Globally Unique Identifier) by using an additional extension to the %p format specifier (which is used to show the memory address value of a pointer).

BZ#704282

The Brocade BFA FC SCSI driver (bfa driver) has been upgraded to version 2.3.2.4. Additionally, this update provides the following two fixes:

• A firmware download memory leak was caused by the release_firmware() function not being called after the request_firmware() function. Similarly, the firmware download interface has been fixed and now works as expected.
• During a kernel crash, the bfa I/O control state machine and firmware did not receive a notification of the crash, and, as a result, were not shut down cleanly.

BZ#712413

Deleting the lost+found directory on a file system with inodes of size greater than 128 bytes and reusing inode 11 for a different file caused the extended attributes for inode 11 (which were set before a umount operation) to not be saved after a file system remount. As a result, the extended attributes were lost after the remount. With this update, inodes store their extended attributes under all circumstances.

BZ#711540

Disk read operations on a memory constrained system could cause allocations to stall. As a result, the system performance would drop considerably. With this update, latencies seen in page reclaim operations have been reduced and their efficiency improved; thus, fixing this issue.

BZ#711528

Multiple GFS2 nodes attempted to unlink, rename, or manipulate files at the same time, causing various forms of file system corruption, panics, and withdraws. This update adds multiple checks for dinode's i_nlink value to assure inode operations such as link, unlink, or rename no longer cause the aforementioned problems.

BZ#711535

Migration of a Windows XP virtual guest during the early stage of a boot caused the virtual guest OS to fail to boot correctly. With this update, the underlying source code has been modified to address this issue, and the virtual guest OS no longer fails to boot.

BZ#713135

When using certain SELinux policies, such as the MLS policy, it was not possible to properly mount the cgroupfs file system due to the way security checks were applied to the new cgroupfs inodes during the mount operation. With this update, the security checks applied during the mount operation have been changed so that they always succeed, and the cgroupfs file system can now be successfully mounted and used with the MLS SELinux policy. This issue did not affect systems which used the default targeted policy.

BZ#711546

Prior to this update, Red Hat Enterprise Linux Xen (up to version 5.6) did not hide 1 GB pages and RDTSCP (enumeration features of CPUID), causing guest soft lock ups on AMD hosts when the guest's memory was greater than 8 GB. With this update, a Red Hat Enterprise Linux 6 HVM (Hardware Virtual Machine) guest is able to run on Red Hat Enterprise Linux Xen 5.6 and lower.

BZ#714190

A kernel panic in the mpt2sas driver could occur on an IBM system using a drive with SMART (Self-Monitoring, Analysis and Reporting Technology) issues. This was because the driver was sending an SEP request while the kernel was in the interrupt context, causing the driver to enter the sleep state. With this update, a fake event is not executed from the interrupt context, assuring the SEP request is properly issued.

BZ#713494

When VLANs stacked on top of multiqueue devices passed through these devices, the queue_mapping value was not properly decremented because the VLAN devices called the physical devices via the ndo_select_queue method. This update removes the multiqueue functionality, resolving this issue.

BZ#713492

Prior to this update, code was missing from the netif_set_real_num_tx_queues() function which prevented an increment of the real number of TX queues (the real_num_tx_queues value). This update adds the missing code; thus, resolving this issue.

BZ#711524

Prior to this update, interrupts were enabled before the dispatch log for the boot CPU was set up, causing kernel panic if a timer interrupt occurred before the log was set up. This update adds a check to the scan_dispatch_log function to ensure the dispatch log has been allocated.

BZ#712414

Prior to this update, in the __cache_alloc() function, the ac variable could be changed after cache_alloc_refill() and the following kmemleak_erase() function could receive an incorrect pointer, causing kernel panic. With this update, the ac variable is updated after the cache_alloc_refill() unconditionally.

BZ#711520

Due to an uninitialized variable (specifically, the isr_ack variable), a virtual guest could become unresponsive when migrated while being rebooted. With this update, the said variable is properly initialized, and virtual guests no longer hang in the aforementioned scenario.

BZ#713458

A previously introduced update intended to prevent IOMMU (I/O Memory Management Unit) domain exhaustion introduced two regressions. The first regression was a race where a domain pointer could be freed while a lazy flush algorithm still had a reference to it, eventually causing kernel panic. The second regression was an erroneous reference removal for identity mapped and VM IOMMU domains, causing I/O errors. Both of these regressions could only be triggered on Intel based platforms, supporting VT-d, booted with the intel_iommu=on boot option. With this update, the underlying source code of the intel-iommu driver has been modified to resolve both of these problems. A forced flush is now used to avoid the lazy use after free issue, and extra checks have been added to avoid the erroneous reference removal.

BZ#713831

Previously, auditing system calls used a simple check to determine whether a return value was positive or negative, which also determined the success of the system call. With an exception of few, this worked on most platforms and with most system calls. For example, the 32 bit mmap system call on the AMD64 architecture could return a pointer which appeared to be of value negative even though pointers are normally of unsigned values. This resulted in the success field being incorrect. This patch fixes the success field for all system calls on all architectures.

BZ#709381

A previously released patch for BZ#625487 introduced a kABI (Kernel Application Binary Interface) workaround that extended struct sock (the network layer representation of sockets) by putting the extension structure in the memory right after the original structure. As a result, the prot->obj_size pointer had to be adjusted in the proto_register function. Prior to this update, the adjustment was done only if the alloc_slab parameter of the proto_register function was not 0. When the alloc_slab parameter was 0, drivers performed allocations themselves using sk_alloc and as the allocated memory was lower than needed, a memory corruption could occur. With this update, the underlying source code has been modified to address this issue, and a memory corruption no longer occurs.

BZ#682989

Prior to this update, the /proc/diskstats file showed erroneous values. This occurred when the kernel merged two I/O operations for adjacent sectors which were located on different disk partitions. Two merge requests were submitted for the adjacent sectors, the first request for the second partition and the second request for the first partition, which was then merged to the first request. The first submission of the merge request incremented the in_flight value for the second partition. However, at the completion of the merge request, the in_flight value of a different partition (the first one) was decremented. This resulted in the erroneous values displayed in the /proc/diskstats file. With this update, the merging of two I/O operations which are located on different disk partitions has been fixed and works as expected.

BZ#711550

This updates introduces a kernel module option that allows the disabling of the Flow Director.

BZ#711548

This update adds XTS (XEX-based Tweaked CodeBook) AES256 self-tests to meet the FIPS-140 requirements.

BZ#711545

This update reduces the overhead of probes provided by kprobe (a dynamic instrumentation system), and enhances the performance of SystemTap.

BZ#719925

This update fixes a regression in which a client would use an UNCHECKED NFS CREATE call when an open system call was attempted with the O_EXCL|O_CREAT flag combination. An EXCLUSIVE NFS CREATE call should have been used instead to ensure that O_EXCL semantics were preserved. As a result, an application could be led to believe that it had created the file when it was in fact created by another application.

BZ#714982

In a GFS2 file system, when the responsibility for deallocation was passed from one node to another, the receiving node may not have had a fully up-to-date inode state. If the sending node has changed the important parts of the state in the mean time (block allocation/deallocation) then this resulted in triggering an assert during the deallocation on the receiving node. With this update, the inode state is refreshed correctly during deallocation on the receiving node, ensuring that deallocation proceeds normally.

BZ#720914

Prior to this update, the ehea driver caused a kernel oops during a memory hotplug if the ports were not up. With this update, the waitqueues are initialized during the port probe operation, instead of during the port open operation.

BZ#725329

Older versions of be2net cards firmware may not recognize certain commands and return illegal/unsupported errors, causing confusing error messages to appear in the logs. With this update, the driver handles these errors gracefully and does not log them.

BZ#726308

This patch fixes the inability of the be2net driver to work in a kdump environment. It clears an interrupt bit (in the card) that may be set while the driver is probed by the kdump kernel after a crash.

BZ#715397

The hpsa driver has been updated to provide a fix for hpsa driver kdump failures.

BZ#716539

Memory limit for x86_64 domU PV guests has been increased to 128 GB: CONFIG_XEN_MAX_DOMAIN_MEMORY=128.

BZ#726095

The patch that fixed BZ#556572 introduced a bug where the page lock was being released too soon, allowing the do_wp_page function to reuse the wrprotected page before PageKsm would be set in page->mapping. With this update, a new version of the original fix was introduced, thus fixing this issue.

BZ#717018

While running gfs2_grow, the file system became unresponsive. This was due to the log not getting flushed when a node dropped its rindex glock so that another node could grow the file system. If the log did not get flushed, GFS2 could corrupt the sd_log_le_rg list, ultimately causing a hang. With this update, a log flush is forced when the rindex glock is invalidated; gfs2_grow completes as expected and the file system remains accessible.

BZ#719928

After hot plugging one of the disks of a non-boot 2-disk RAID1 pair, the md driver would enter an infinite resync loop thinking there was a spare disk available, when, in fact, there was none. This update adds an additional check to detect the previously mentioned situation; thus, fixing this issue.

BZ#723807

This update fixes two bugs related to Rx checksum offloading. These bugs caused a data corruption transferred over r8169 NIC when Rx checksum offloading was enabled.

BZ#719910

The 128-bit multiply operation in the pvclock.h function was missing an output constraint for EDX which caused a register corruption to appear. As a result, Red Hat Enterprise Linux 3.8 and Red Hat Enterprise Linux 3.9 KVM guests with a Red Hat Enterprise Linux 6.1 KVM host kernel exhibited time inconsistencies. With this update, the underlying source code has been modified to address this issue, and time runs as expected on the aforementioned systems.