Chapter 10. General Updates
The Matahari agent framework (matahari-*) packages are deprecated starting with the Red Hat Enterprise Linux 6.3 release. Focus for remote systems management has shifted towards the use of the CIM infrastructure. This infrastructure relies on an already existing standard which provides a greater degree of interoperability for all users. It is strongly recommended that users discontinue the use of the matahari packages and other packages which depend on the Matahari infrastructure (specifically, libvirt-qmf and fence-virtd-libvirt-qpid). It is recommended that users uninstall Matahari from their systems to remove any possibility of security issues being exposed.
- The matahari packages are not installed by default starting with Red Hat Enterprise Linux 6.3 and are not enabled by default to start on boot when they are installed. Manual action is needed to both install and enable the
matahariservices. - The default configuration for qpid (the transport agent used by Matahari) does not enable access control lists (ACLs) or SSL. Without ACLs/SSL, the Matahari infrastructure is not secure. Configuring Matahari without ACLs/SSL is not recommended and may reduce your system's security.
- The matahari-services agent is specifically designed to allow remote manipulation of services (start, stop). Granting a user access to Matahari services is equivalent to providing a remote user with root access. Using Matahari agents should be treated as equivalent to providing remote root SSH access to a host.
- By default in Red Hat Enterprise Linux, the Matahari broker (
qpiddrunning on port49000) does not require authentication. However, the Matahari broker is not remotely accessible unless the firewall is disabled, or a rule is added to make it accessible. Given the capabilities exposed by Matahari agents, if Matahari is enabled, system administrators should be extremely cautious with the options that affect remote access to Matahari.
Red Hat Enterprise Linux 6.3 includes an scl-utils package which provides a runtime utility and packaging macros for packaging Software Collections. Software Collections allow users to concurrently install multiple versions of the same RPM packages on the system. Using the scl utility, users may enable specific versions of RPMs which are installed in the /opt directory. For more information on Software Collections, refer to the Software Collections Guide.
With Red Hat Enterprise Linux 6.3, the openssl-ibmca package is part of the System z default installation. This avoids the need for manual installation steps.
Red Hat Enterprise Linux 6.3 provides the MySQL InnoDB storage engine as a plug-in for AMD64 and Intel 64 architectures. The plugin offers additional features and better performance than the built-in InnoDB storage engine.
Red Hat Enterprise Linux 6.3 includes full support for OpenJDK 7 as an alternative to OpenJDK 6. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit.
The java-1.7.0-oracle and java-1.7.0-ibm packages are now available in Red Hat Enterprise Linux 6.3.
The initscripts package has been updated to allow users to set the NIS domain name. This is done by configuring the NISDOMAIN parameter in the /etc/sysconfig/network file, or other relevant configuration files.
Previously, when certain groups were permitted to access all logs via ACLs, these ACLs were removed when the logs were rotated. In Red Hat Enterprise Linux 6.3, the logrotate utility supports ACLs, and logs that are rotated preserve any ACL settings.
The wacomcpl package has been deprecated and has been removed from the package set. The wacomcpl package provided graphical configuration of Wacom tablet settings. This functionality is now integrated into the GNOME Control Center.
The NumPy package which is designed to manipulate large multi-dimensional arrays of arbitrary records has been updated to version 1.4.1. This updated version includes these changes:
- When operating on
0-darrays,numpy.maxand other functions accept only the following parameters:axis=0,axis=-1, andaxis=None. Using out-of-bounds axes indicates a bug, for which NumPy now raises an error. - Specifying the
axis > MAX_DIMSparameter is no longer allowed; NumPy now raises an error, instead of behaving the same as whenaxis=Nonewas specified.
The rsyslog package has been upgraded to major version 5. This upgrade introduces various enhancements and fixes multiple bugs. The following are the most important changes:
- The
$HUPisRestartdirective has been removed and is no longer supported. Restart-type HUP processing is therefore no longer available. Now, when the SIGHUP signal is received, outputs (log files in most cases) are only re-opened to support log rotation. - The format of the spool files (for example, disk-assisted queues) has changed. In order to switch to the new format, drain the spool files, for example, by shutting down
rsyslogd. Then, proceed with the Rsyslog upgrade, and startrsyslogdagain. Once upgraded, the new format is automatically used. - When the
rsyslogddaemon was running in the debug mode (using the-doption), it ran in the foreground. This has been fixed and the daemon is now forked and runs in the background, as is expected.
