7.4 Release Notes

In-place upgrade from Red Hat Enterprise Linux 6 to Red Hat Enterprise Linux 7

cloud-init moved to the Base channel

SSSD in a container now fully supported

Identity Management now supports FIPS

SSSD supports obtaining a Kerberos ticket when users authenticate with a smart card

SSSD enables logging in to different user accounts with the same smart card certificate

IdM web UI enables smart card login

New packages: keycloak-httpd-client-install

New Kerberos credential cache type: KCM

AD users can log in to the web UI to access their self-service page

SSSD enables configuring an AD subdomain in the SSSD server mode

[domain/main_domain/trusted_domain]

[domain/ipa.com/ad.com]

SSSD supports user and group lookups and authentication with short names in AD environments

SSSD supports user and group resolution, authentication, and authorization in setups without UIDs or SIDs

SSSD introduces the sssctl user-checks command, which checks basic SSSD functionality in a single operation

Support for secrets as a service

IdM enables semi-automatic upgrades of the IdM DNS records on an external DNS server

IdM now generates SHA-256 certificate and public key fingerprints

IdM supports flexible mapping mechanisms for linking smart card certificates to user accounts

New user-space tools enable a more convenient LMDB debugging

openldap rebased to version 2.4.44

Improved security of DNS lookups and robustness of service principal lookups in Identity Management

samba rebased to version 4.6.2

authconfig can enable SSSD to authenticate users with smart cards

# authconfig --enablesssd --enablesssdauth --enablesmartcard --smartcardmodule=sssd --smartcardaction=0 --updateall

authconfig can now enable account locking

Improved performance of the IdM server

The default session expiration period in the IdM web UI has changed

The dbmon.sh script now uses instance names to connect to Directory Server instances

SERVID=slapd-localhost INCR=1 BINDDN="cn=Directory Manager" BINDPW="password" dbmon.sh

Directory Server now uses the SSHA_512 password storage scheme as default

Directory Server now uses the tcmalloc memory allocator

Directory Server now uses the nunc-stans framework

Improved performance of the Directory Server memberOf plug-in

Directory Server now logs severity levels in the error log file

Directory Server now supports the PBKDF2_SHA256 password storage scheme

Improved auto-tuning support in Directory Server

New PKI configuration parameter allows control of the TCP keepalive option

PKI Server now creates PKCS #12 files using strong encryption

CC-compliant algorithms available for encryption operations

New options to allow configuring visibility of menu items in the TPS interface

Added a profile component to copy certificate Subject Common Name to the Subject Alternative Name extension

New option to remove LDAP entries before LDIF import

pki_ca_signing_record_create=False
pki_ca_signing_serial_number=X

Certificate System now supports externally authenticated users

Certificate System now supports enabling and disabling certificate and CRL publishing

ca.publish.enable = True|False

ca.publish.enable = True
ca.publish.cert.enable = False

ca.publish.enable = True
ca.publish.crl.enable = False

The searchBase configuration option has been added to the DirAclAuthz PKI Server plug-in

For better performance, Certificate System now supports ephemeral

Section headers in PKI deployment configuration file are no longer case sensitive

Certificate System now supports installing a CA using HSM on FIPS-enabled Red Hat Enterprise Linux

CMC requests now use a random IV for AES and 3DES encryption

clufter rebased to version 0.76.0 and fully supported

Support for quorum devices in a Pacemaker cluster

Support for Booth cluster ticket manager

Support added for using shared storage with the SBD daemon

Full support for CTDB resource agent

The High Availability and Resilient Storage Add-Ons are now available for IBM POWER, little endian

pcs now provides the ability to set up a cluster with encrypted corosync communication

New commands for supporting and removing remote and guest nodes

Ability to configure pcsd bind addresses

New option to the pcs resource unmanage command to disable monitor operations

Support for regular expressions in pcs command line when configuring location constraints

Specifying nodes in fencing topology by a regular expression or a node attribute and its value

pcs stonith level add 1 "regexp%node[1-3]" apc1,apc2
pcs stonith level add 1 "regexp%node[4-6]" apc3,apc4

pcs node attribute node1 rack=1
pcs node attribute node2 rack=1
pcs node attribute node3 rack=1
pcs node attribute node4 rack=2
pcs node attribute node5 rack=2
pcs node attribute node6 rack=2
pcs stonith level add 1 attrib%rack=1 apc1,apc2
pcs stonith level add 1 attrib%rack=2 apc3,apc4

Support for Oracle 11g for the resource agents Oracle and OraLsnr

Support for using SBD with shared storage

Support for NodeUtilization resource agent

pcp rebased to version 3.11.8

systemtap rebased to version 3.1

valgrind rebased to version 3.12

New package: unitsofmeasurement

SSL/TLS certificate verification for HTTP clients is now enabled by default in the Python standard library

Support for %gemspec_add_dep and %gemspec_remove_dep has been added

ipmitool rebased to version 1.8.18

lshw updated for the little-endian variant of IBM Power

perf now supports uncore events on Intel Xeon v5

dmidecode updated

iSCSI now supports configuring the ALUA operation by using targetcli

jansson rebased to version 2.10

A new compatibility environmental variable for egrep and fgrep

GREP_LEGACY_EGREP_FGREP_PS=1

lastcomm now supports the --pid option

New package: perl-Perl4-CoreLibs

tar now follows symlinks to directories when extracting from the archive

The IO::Socket::SSL Perl module now supports restricting of TLS version

The Net:SSLeay Perl module now supports restricting of TLS version

wget now supports specification of the TLS protocol version

tcpdump rebased to version 4.9.0

The option to set capture direction for tcpdump changed from -P to -Q

OpenJDK now supports SystemTap on the 64-bit ARM architecture

sos rebased to version 3.4

targetd rebased to version 0.8.6

shim rebased to version 12-1

rubygem-abrt rebased to version 0.3.0

New package: http-parser

Intel and IBM POWER transactional memory support for all default POSIX mutexes

glibc now supports group merging

glibc now supports optimized string comparison functions on The IBM POWER9 architecture

Improved performance for dynamically loaded libraries using the Intel SSE, AVX and AVX512 features

elfutils rebased to version 0.168

bison rebased to version 3.0.4

The system default CA bundle has been set as default in the compiled-in default setting or configuration in Mutt

objdump mixed listing speed up

ethtool support for human readable output from the fjes driver

ecj rebased to version 4.5.2

rhino rebased to version 1.7R5

scap-security-guide and oscap-docker now support containers

GNOME rebased to version 3.22.3

The xorg-x11-drv-libinput driver has been added to the X.Org input drivers

Change of default driver for some Intel and nVidia Hardware

dconf-editor is now provided by a separate package

SELinux security labels are now supported on the OverlayFS file system

NFSoRDMA server is now fully supported

autofs now supports the browse options of amd format maps

To make searching logs easier, autofs now provides identifiers of mount request log entries

GFS2 on IBM z Systems is now supported in SSI environments

gfs2-utils rebased to version 3.1.10

FUSE now supports SEEK_HOLE and SEEK_DATA in lseek calls

NFS server now supports limited copy-offload

SELinux is supported for use with GFS2 file systems

NFSoRDMA client and server now support Kerberos authentication

rpc.idmapd now supports obtaining NFSv4 ID Domains from DNS

NFSv4.1 is now the default NFS mount protocol

Setting nfs-utils configuration options has been centralized in nfs.conf

Locking performance for NFSv4.1 mounts has been improved for certain workloads

The CephFS kernel client is fully supported with Red Hat Ceph Storage 3

Hardware utility tools now correctly identify recently released hardware

New Wacom driver introduced in 7.4 to support upcoming tablets

Wacom kernel driver now supports ThinkPad X1 Yoga touch screen

The touch functionality has been added to the Wacom Cintiq 27 QHDT tablets

AMDGPU now supports the Southern Islands, Sea Islands, Volcanic Islands and Arctic Islands chipsets

Support added for the AMD mobile graphics

Netronome NFP devices are supported

nvme-cli rebased to version 1.3

The queued spinlocks have been implemented into the Linux kernel

rapl now supports Intel Xeon v2 servers

Further support for Intel Platform Controller Hub [PCH] devices

Included genwqe-tools to enable use of hardware accelerated zLib on IBM Power and s390x

librtas rebased to version 2.0.1

The NFP driver

Enable latest NVIDIA cards in Nouveau

Support for Wacom ExpressKey Remote

Wacom Cintiq 27 QHD now supports ExpressKey Remote

Anaconda enables users to set RAID chunk size

Anaconda text mode now supports IPoIB interfaces

inst.debug enables a more convenient debugging of Anaconda installation issues

Kickstart installation failure automatically triggers %onerror scripts

Anaconda can now wait for network to become available before starting the installation

Multiple network locations of stage2 or Kickstart files can be specified to prevent installation failure

autopart --nohome in a kickstart file disables the creation of /home/ in automatic partitioning

Loading driver disks from hard disk drives and USBs enabled

driverdisk LABEL=DD:/e1000.rpm

inst.dd=hd:LABEL=DD:/dd.rpm

Changes in automatic partitioning behavior for LVM thin pools

32-bit boot loaders can now boot 64-bit kernels on UEFI

Lorax can now ignore SSL errors

shim-signed rebased to version 12

gnu-efi rebased to version 3.0.5.-9

Backward compatibility enabled for killproc() and status()

DHCP_FQDN allows specifying a fully qualified domain name of the system

You can now create thin logical volume snapshots during the installation process

Kernel version in RHEL 7.4

The NVMe driver rebased to kernel version 4.10

crash rebased to version 7.1.9

crash now analyzes vmcore dumps for IBM Power ISA 3.0

crash updated for IBM Power and for the little-endian variant of IBM Power

memkind updated to version 1.3.0

Jitter Entropy RNG added to the kernel

/dev/random now shows notifications and warnings for the urandom pool initialization

fjes updated to version 1.2

Full support for user name spaces

makedumpfile updated to version 1.6.1

qat updated to the latest upstream version

Addition of intel-cmt-cat package

i40e now supports trusted and untrusted VFs

Kernel support for OVS 802.1ad (QinQ)

Live post-copy migration support for shared memory and hugetlbfs

New package: dbxtool

mlx5 now supports SRIOV-trusted VFs

rwsem performance updates from the 4.9 kernel backported

getrandom added to the Linux kernel

A new status line, Umask, has been included in /proc/<PID>/status

Intel® Omni-Path Architecture (OPA) host software

The XTS-AES key verification now meets the FIPS 140-2 requirements

mlx5 is now supported on IBM z Systems

The perf tool now supports processor cache-line contention detection

SCSI-MQ support in the lpfc driver

About Red Hat Enterprise Linux for Real Time Kernel

kernel-rt rebased

NetworkManager rebased to version 1.8

NetworkManager now supports additional features for routes

NetworkManager now better handles devices state

NetworkManager now supports MACsec (IEEE 802.1AE)

NetworkManager now supports changing and enforcing 802-3 link properties

NetworkManager now supports ordering bond slaves based on device names

NetworkManager now supports VFs for SR-IOV devices

Kernel GRE rebased to version 4.8

dnsmasq rebased to version 2.76

BIND changes the way it handles URI resource records, impacting also URI backward compatibility

A DHCP client hook example added for DDNS for Microsoft Azure cloud

dhcp_release6 now releases IPv6 addresses

Sendmail now supports ECDHE

telnet now supports the -6 option

Adjustable TTL limit for caching negative DNS responses in Unbound

The scalability of UDP sockets has been improved

IP now supports IP_BIND_ADDRESS_NO_PORT in the kernel

IPVS Source Hash scheduling now supports L4 hashing and SH fallback

iproute now supports changing bridge port options

New options of Sockets API Extensions for SCTP (RFC 6458) implemented

ss now supports SCTP sockets list

wpa_supplicant rebased to version 2.6

Linux kernel now contains the switchdev infrastructure and mlxsw

The Linux bridge code rebased to version 4.9

bind-dyndb-ldap rebased to version 11.1

DynDB API from the upstream version 9.11.0 of BIND added to Red Hat Enterprise Linux

tboot rebased to version 1.9.5

Packages related to rdma consolidated by rebase into rdma-core version 13

OVN IP address management support added for static MAC addresses

Enhanced networked reliability on multihomed hosts

Offloading of GENEVE, VXLAN, and GRE tunnels is now supported

LCO for tunnel traffic is now supported

Improved tunnel performance on NICs

NPT is now supported in the kernel

DNS configuration is now supported through the D-Bus API

PPP support is now moved into a separate package

The tc utility now supports flower

Fix to the CRC32c value computation in SCTP forwarding path

New packages: iperf3

Installation of OVN now supports easily-configurable firewalld rules

netlink now supports bridge master attributes

New packages: tang, clevis, jose, luksmeta

New package: usbguard

openssh rebased to version 7.4

audit rebased to version 2.7.6

opensc rebased to version 0.16.0

openssl rebased to version 1.0.2k

openssl-ibmca rebased to version 1.3.0

OpenSCAP 1.2 is NIST-certified

libreswan rebased to version 3.20

Audit now supports filtering based on session ID

libseccomp now supports IBM Power architectures

AUDIT_KERN_MODULE now records module loading

OpenSSH now uses SHA-2 for public key signatures

firewalld now supports additional IP sets

firewalld now supports actions on ICMP types in rich rules

firewalld now supports disabled automatic helper assignment

nss and nss-util now use SHA-256 by default

Audit filter exclude rules now contain additional fields

PROCTITLE now provides the full command in Audit events

nss-softokn rebased to version 3.28.3

libica rebased to version 3.0.2

opencryptoki rebased to version 3.6.2

AUDIT_NETFILTER_PKT events are now normalized

p11tool now supports writing objects by specifying a stored ID

new package: nss-pem

pmrfc3164 replaces pmrfc3164sd in rsyslog

libreswan now supports right=%opportunisticgroup

ca-certificates now meet Mozilla Firefox 52.2 ESR requirements

nss now meets Mozilla Firefox 52.2 ESR requirements for certificates

scap-security-guide rebased to version 0.1.33

chrony rebased to version 3.1

linuxptp rebased to version 1.8

tuned rebased to version 2.8.0

logrotate now uses /var/lib/logrotate/logrotate.status as the default state file

rsyslog rebased to version 8.24.0

New cache configuration options for mod_nss

Database and prefix options have been removed from nss_pcache

New package: libfastjson

tuned now supports initrd overlays

[bootloader]
initrd_add_dir=${i:PROFILE_DIR}/overlay.img

openwsman now supports disabling of particular SSL protocols

rear rebased to version 2.0

python-tornado rebased to version 4.2.1

Support added in LVM for RAID level takeover

LVM now supports RAID reshaping

Device Mapper linear devices now support DAX

libstoragemgmt rebased to version 1.4.0

mpt3sas updated to version 15.100.00.00

The lpfc_no_hba_reset module parameter for the lpfc driver is now available

LVM now detects Veritas Dynamic Multi-Pathing systems and no longer accesses the underlying device paths directly

The libnvdimm kernel subsystem now supports PMEM subdivision

Warning messages when multipathd is not running

c library interface added to multipathd to give structured output

New remove retries multipath configuration value

New multipathd reset multipaths stats commands

New disable_changed_wwids mulitpath configuration parameter

Updated built-in configuration for HPE 3PAR array

Added built-in configuration for NFINIDAT InfiniBox.* devices

device-mapper-multipath now supports the max_sectors_kb configuration parameter

New detect_checker multipath configuration parameter

Multipath now has a built-in default configuration for Nimble Storage devices

LVM supports reducing the size of a RAID logical volume

iprutils rebased to version 2.4.14

mdadm rebased to version 4.0

LVM extends the size of a thin pool logical volume when a thin pool fills over 50 percent

LVM now supports dm-cache metadata version 2

Support for DIF/DIX (T10 PI) on specified hardware

The dmstats facility can now track the statistics for files that change

Support for thin snapshots of cached logical volumes

New package: nvmetcli

Device DAX is now available for NVDIMM devices

New payload_gpgcheck option added to yum

A no-proxy configuration is available for virt-who

virt-who respects independent interval settings

Password options added to virt-who-password

Regular expressions and wildcards can be used in some virt-who configuration parameters

virt-who configuration files are easier to manage

ENA drivers for Amazon Web Services

Synthetic Hyper-V FC adapters are supported by the storvsc driver

Parent HBA can be defined by a WWNN/WWPN pair

libvirt rebased to version 3.2.0

KVM now supports MCE

Added support for rx batching on tun/tap devices

libguestfs rebased to version 1.36.3

Improved virt-v2v installation of QXL drivers

virt-v2v can export disk images to qcow2 format 1.1

Additional virt tools can work on LUKS whole-disk encrypted guests

Tab completion for all libguestfs commands

Resized disks can be written directly to a remote location

User namespace is now fully supported

Driver added for devices that connect over a PCI Express bus in guest virtual machine under Hyper-V

Red Hat Enterprise Linux Atomic Host

Addition of CtrlAltDelBurstAction for Systemd

cgred can now resolve rules concerning NSS users and groups

yum no longer reports package conflicts after installing ipa-client

In FIPS mode, the slapd_pk11_getInternalKeySlot() function is now used to retrieve the key slot for a token

Certificate System no longer fails to install with a Thales HSM on systems in FIPS mode

The dependency list for pkispawn now correctly includes openssl

Installation failed: [Errno 2] No such file or directory

Error messages from the PKI Server profile framework are now passed through to the client

Certificate System does not start a Lightweight CA key replication during installation

PKI Server now correctly compares subject DNs during startup

KRA installation no longer fails when connecting to an intermediate CA with an incomplete certificate chain

The startTime field in certificate profiles now uses long integer format

Subordinate CA installation no longer fails due with a PKCS#11 token is not logged in error

The pkispawn script now correctly sets the ECC key sizes

CA clone installation in FIPS mode no longer fails

PKI Server no longer fails to start when an entryUSN attribute contains a value larger than 32-bit

Tomcat now works with IPv6 by default

pkispawn no longer generates invalid NSS database passwords

Certificate retrieval no longer fails when adding a user certificate with the --serial option

CA web interface no longer shows a blank certificate request page if there is only one entry

Installing PKI Server in a container environment no longer displays a warning

Re-enrolling a token using a G&D smart card no longer fails

PKI Server provides more detailed information about certificate validation errors on startup

PKI Server no longer fails to re-initialize the LDAPProfileSubsystem profile

Extracting private keys generated on an HSM no longer fails

pkispawn no longer generates passwords consisting only of digits

CA certificates are now imported with correct trust flags

Generating a symmetric key no longer fails when using the --usage verify option

Subsequent PKI installation no longer fails

Two-step subordinate CA installation in FIPS mode no longer fails

The audit log no longer records success when a certificate request was rejected or canceled

PKI subsystems which failed self tests are now automatically re-enabled on startup

CERT_REQUEST_PROCESSED audit log entries now include certificate serial number instead of encoded data

[AuditEvent=CERT_REQUEST_PROCESSED]...[InfoName=certificate][InfoValue=MIIDBD...]

[AuditEvent=CERT_REQUEST_PROCESSED]...[CertSerialNum=7]

Updating the LDAPProfileSubsystem profile now supports removing attributes

Pacemaker Remote may shut down, even if its connection to the cluster is unmanaged

pcs now validates the name and the host of a remote and guest node

New syntax of master option in pcs resource create command allows correct creation of meta attributes

pcs resource create resource_id standard:provider:type|type [resource options] master [master_options...]

pcs resource create resource_id standard:provider:type|type [resource_options] meta meta_options... master [master_options...]

pcs resource create resource_id standard:provider:type|type [resource_options] clone

The PCRE library now correctly recognizes non-ASCII printable characters as required by Unicode

Applications using Bundler to manage dependencies can now properly load the JSON library

Git can now be used with HTTP or HTTPS and SSO

rescan-scsi-bus.sh --luns=1 now scans only LUNs numbered with 1

ps no longer removes prefixes from wait channel names

tcsh no longer becomes unresponsive when the .history file is located on a network file system

$ cat /etc/csh.cshrc
# csh configuration for all shell invocations.
set savehist = (1024 merge lock)

fcoeadm --target no longer causes fcoeadm to crash

tar option --directory no longer ignored

tar options --xattrs-exclude and --xattrs-include no longer ignored

tar now restores incremental backup correctly

The perl-homedir profile scripts now support csh

PERL_HOMEDIR=0: Command not found.

getaddrinfo no longer accessing uninitialised data

Additional security checks performed in malloc implementation in glibc

chrpath rebased to version 0.16

Updated translations for the system-config-language package

Mutt no longer send emails with an incomplete From header when a host name lacks the domain part

strace displays correctly the O_TMPFILE flag and mode for open() function

ld no longer enters an infinite loop when linking large programs

gold warning messages for cross object references to hidden symbols fixed

OProfile default event on Intel Xeon® C3xxx Processors with Denverton SOC fixed

Empathy now can validate certificate chains for Google Talk

Setting the retry timeout can now prevent autofs from starting without mounts from SSSD

The autofs package now contains the README.autofs-schema file and an updated schema

automount no longer needs to be restarted to access maps stored on the NIS server

Checking local mount availability with autofs no longer leads to a lengthy timeout before failing

The journal is marked as idle when mounting a GFS2 file system as read-only

The id command no longer shows incorrect UIDs and GIDs

Labeled NFS is now turned off by default

autofs mounts no longer enter an infinite loop after reaching a shutdown state

autofs is now more reliable when handling namespaces

Automatic partitioning now works when installing on a single FBA DASD on IBM z Series

Activation of bridge configured in Kickstart no longer fails when Kickstart proceeds from the disk

Anaconda now correctly allows creating users without passwords

Minimal installation no longer installs open-vm-tools-desktop and dependencies

Anaconda no longer generates invalid Kickstart files

Anaconda no longer fails to identify RAID arrays specified by name

Kickstart no longer accepts passwords that are too short

Initial Setup now correctly opens in a graphical interface over SSH on IBM z Systems

Extra time is no longer needed for installation when geolocation services are enabled

The ifup-aliases script now sends gratuitous ARP updates when adding new IP addresses

The netconsole utility now launches correctly

rc.debug kernel allows easier debugging of initscripts

The system no longer fails to terminate with /usr on iSCSI or NFS

rhel-autorelabel no longer corrupts the filesystem

The rpmbuild command now correctly processes Perl requires

Installer now correctly recognizes BIOS RAID devices when using ignoredisk in Kickstart

Single quotes now work for values in the ifcfg-* files

ONBOOT='yes'

rhel-import-state no longer changes access permissions for /dev/shm/, allowing the system to boot correctly

Backward compatibility enabled for Red Hat Enterprise Linux 6 initscripts

initscripts now specifies /etc/rwtab and /etc/statetab as configuration files

The ifup script no longer slows down NetworkManager

Gnome Initial Setup can now be disabled by the firstboot --disable command in kickstart

Setting NM_CONTROLLED now works correctly across all the ifcfg-* files

The dhclient command no longer incorrectly uses localhost when hostname is not set

The initscripts utility now handles LVM2 correctly

The service network stop command no longer attempts to stop services which are already stopped

ifdown on a loopback device now works correctly

Scripts in initscripts handle static IPv6 address assignment more robustly

Deselecting an add-on option in Software Selection no longer requires a double-click

The target system hostname can be configured via installer boot options in Kickstart installations

Anaconda no longer asks for Installation Source verification after network configuration

Disks using the OEMDRV label are now correctly ignored during automatic installation

RAID 4 and RAID 10 creation and activation fully supported

kdump now works with legacy type 12 NVDIMMs

Creating a file that inherits ACLs no longer loses mask

Removing USB no longer causes a might_sleep() warning on MRG Realtime kernel

SNMP response is no longer timed out

ICMP redirects no longer cause kernel to crash

The net.ipv4.ip_nonlocal_bind kernel parameter is set in name spaces

bind: Cannot assign requested address.

The netfilter REJECT rule now works on SCTP packets

NetworkManager no longer duplicates a connection with already-set DHCP_HOSTNAME

Improved SCTP congestion_window management

Value of DCTCP alpha now drops to 0 and cwnd remains at values more than 137

ss now displays correctly cwnd

Value of cwnd no longer increases using DCTCP

Negated range matches have been fixed

# nft add rule ip ip_table filter_chain_input ip length != 100-200 drop

The nmcli connection show command now displays the correct output for both empty and NULL values

snmpd no longer rejects large packets from AgentX subagents

Macvlan can now be unregistered correctly

Configurations that depend on chrooting in user-non-searchable paths now work properly

firewalld now supports all ICMP types

docker.pp replaced with container.pp in selinux-policy

Recently-added kernel classes and permission defined in selinux-policy

nss now properly handles PKCS#12 files

OpenSCAP now produces only useful messages and warnings

AIDE now logs in the syslog format

Installations with the OpenSCAP security-hardening profile now proceed

OpenSCAP and SSG are now able to scan RHV-H systems correctly

OpenSCAP now handles also uncompressed XML files in a CVE OVAL feed

rear now correctly preserves Linux capabilities

sblim-cmpi-fsvol no longer shows file systems mounted with DM as disabled

SPNEGO in Cyrus SASL is now compatible with Microsoft Windows

Data are no longer lost when the MariaDB init script fails

ypbind no longer starts before access to the network is guaranteed

Remote users' account settings are no longer reverted to default settings on restart due to ypbind

yppasswd no longer crashes due to Network Information System security features used

Evince now displays PostScript files again

db_verify no longer causes libdb to run out of free mutexes

Unable to allocate memory for mutex; resize mutex region

ghostscript no longer becomes unresponsive in some situations

Converting postscript to PDF no longer causes ps2pdf to terminate unexpectedly

sapconf now works correctly with higher kernel.shmall and kernel.shmmax values

integer expression expected

lvconvert --repair now works properly on cache logical volumes

LVM2 library incompatibilities no longer cause device monitoring to fail and be lost during an upgrade

be2iscsi driver errors no longer cause the system to become unresponsive

Interaction problems no longer occur with the lvmetad daemon when mirror segment type is used

The multipathd daemon no longer shows incorrect error messages for blacklisted devices

Multipath now flags device reloads when there are no usable paths

Read requests sent after failed writes will always return the same data on multipath devices

When a path device in a multipath device switches to read-only, the multipath device will be reloaded read-only

Users no longer get potentially confusing stale data for multipath devices that are not being checked

The multipathd daemon no longer hangs as a result of running the prioritizer on failed paths

New RAID4 volumes, and existing RAID4 or RAID10 logical volumes after a system upgrade are now correctly activated

LVM tools no longer crash due to an incorrect status of PVs

Undercloud no longer fails on a system with no configured repositories

the yum commands provided by the yum-plugin-verify now set the exit status to 1 if any mismatches are found

SeaBIOS recognizes SCSI devices with a non-zero LUN

The libguestfs tools now correctly handle guests where /usr/ is not on the same partition as root

virt-v2v can convert Windows guests with corrupted or damaged Windows registries

Converting Windows guests with non-system dynamic disks using virt-v2v now works correctly

Guests can be converted to Glance images, regardless of the Glance client version

Red Hat Enterprise Linux 6.2 - 6.5 guest virtual machines can now be converted using virt-v2v

Btrfs entries in /etc/fstab are now parsed correctly by libguestfs

libguestfs can now correctly open libvirt domain disks that require authentication

Converted Windows UEFI guests boot properly

The virt-v2v utility now ignores proxy environment variables consistently

virt-v2v only copies rhev-apt.exe and rhsrvany.exe when needed

Guests with VLAN over a bonded interaface no longer stop passing traffic after a failover

virt-v2v imports OVAs that do not have the <ovf:Name> attribute

The systemd-importd VM and container image import and export service

Use of AD and LDAP sudo providers

DNSSEC available as Technology Preview in IdM

Identity Management JSON-RPC API available as Technology Preview

The Custodia secrets service provider is now available

Containerized Identity Management server available as Technology Preview

The pcs tool now manages bundle resources in Pacemaker

Shenandoah garbage collector

File system DAX is now available for ext4 and XFS as a Technology Preview

pNFS and Block Layout Support

OverlayFS

pNFS SCSI layouts client and server support is now provided

Btrfs file system

Trusted Computing Group TPM 2.0 System API library and management utilities available

New package: tss2

LSI Syncro CS HA-DAS adapters

Multi-threaded xz compression in rpm-build

Heterogeneous memory management included as a Technology Preview

criu rebased to version 2.12

kexec as a Technology Preview

kexec fast reboot as a Technology Preview

Unprivileged access to name spaces can be enabled as a Technology Preview

KASLR as a Technology Preview

Updated NFSv4 pNFS clients with flexible file layout

CUIR enhanced scope detection

SCSI-MQ as a Technology Preview in the qla2xxx driver

Intel Cache Allocation Technology as a Technology Preview

New scheduler class: SCHED_DEADLINE

Cisco usNIC driver

Cisco VIC kernel driver

Trusted Network Connect

SR-IOV functionality in the qlcnic driver

The libnftnl and nftables packages

The flower classifier with off-loading support

New packages: ansible

The tang-nagios and clevis-udisk2 subpackages available as a Technology Preview

USBGuard is now available for IBM Power as a Technology Preview

Multi-queue I/O scheduling for SCSI

Targetd plug-in from the libStorageMgmt API

Support for Data Integrity Field/Data Integrity Extension (DIF/DIX)

USB 3.0 support for KVM guests

Select Intel network adapters now support SR-IOV as a guest on Hyper-V

No-IOMMU mode for VFIO drivers

The ibmvnic Device Driver has been added

virt-v2v can now use vmx configuration files to convert VMware guests

virt-v2v can convert Debian and Ubuntu guests

Virtio devices can now use vIOMMU

Open Virtual Machine Firmware

Storage Drivers

Network Drivers

Graphics Drivers and Miscellaneous Drivers

Storage Driver Updates

Network Driver Updates

Graphics Driver and Miscellaneous Driver Updates

Deprecated packages related to Identity Management

Deprecated Insecure Algorithms and Protocols

Legacy CA certificates removed from the ca-certificates package

coolkey replaced with opensc

The inputname option of the rsyslog imudp module has been deprecated

FedFS has been deprecated

Btrfs has been deprecated

tcp_wrappers deprecated

nautilus-open-terminal replaced with gnome-terminal-nautilus

sslwrap() removed from Python

Symbols from libraries linked as dependencies no longer resolved by ld

Windows guest virtual machine support limited

libnetlink is deprecated

S3 and S4 power management states for KVM have been deprecated

The Certificate Server plug-in udnPwdDirAuth is discontinued

Red Hat Access plug-in for IdM is discontinued

The Ipsilon identity provider service for federated single sign-on

Several rsyslog options deprecated

Deprecated symbols from the memkind library

Options of Sockets API Extensions for SCTP (RFC 6458) deprecated

Managing NetApp ONTAP using SSLv2 and SSLv3 is no longer supported by libstorageMgmt

dconf-dbus-1 has been deprecated and dconf-editor is now delivered separately

FreeRADIUS no longer accepts Auth-Type := System

Deprecated Device Drivers

SFN4XXX adapters have been deprecated

Software initiated only FCoE storage technologies have been deprecated

Containers using the libvirt-lxc tooling have been deprecated

sudo unexpectedly denies access when performing group lookups

sudoers: files sss

Defaults !match_group_by_gid

sudoers: sss files

The KCM credential cache is not suitable for a large number of credentials in a single credential cache

The sssd-secrets component crashes when it is under load

SSSD does not correctly handle multiple certificate matching rules with the same priority

SSSD can look up only unique certificates in ID overrides

The ipa-advise command does not fully configure smart card authentication

The libwbclient library fails to connect to Samba shares hosted on Red Hat Enterprise Linux 7.4

Certificate System ubsystems experience communication problems with TLS_ECDHE_RSA_* ciphers and certain HSMs

Performance of regular expressions cannot be boosted with the JIT technique if executable stack is disabled

getsebool -a | grep execmem

Memory leaks occur when certain applications fail to exit after unloading the Gluster libraries

URL to DISA SRGs is incorrect

The ensure_gpgcheck_repo_metadata rule fails

The SSG pam_faillock module utilization check incorrectly accepts default=die

Updating totem alone fails

The operating system always assumes Wacom Expresskeys Remote mode 1 when booting

Cannot install downloaded RPM files from Nautilus

Sorry, this did not work, File is not supported

Yelp does not correctly display HTML formatted files

Automatic modesetting fails when attaching monitors with some AMD hardware

Gnome Documents can not display some documents when installed without LibreOffice due to a missing dependency

Application Installer displays packages even though they can not be installed on big endian architectures

The Add/Remove Software tool (gpk-application) does not use a newly imported key on the first try

Resizing a display of a virtual machine with multiple displays using multiple PCI devices causes X to crash

Nautilus does not hide icons in the GNOME Classic Session

Incorrect dependency in flatpak

flatpak: error while loading shared libraries: libostree-1.so.1: cannot open shared object file: No such file or directory

sudo yum -y install flatpak flatpak-libs

Firefox does not start after update

Limited support for visuals in Xorg

NetApp storage appliances serving NFSv4 are advised to check their configuration

vserver nfs show -vserver <vserver-name> -fields v4.0-acl,v4.0-read-delegation,v4.0-write-delegation,v4.0-referrals,v4.0-migration,v4.1-referrals,v4.1-migration,v4.1-acl,v4.1-read-delegation,v4.1-write-delegation

The i40e driver rejects the most general HWTSTAMP filter

FIPS mode unsupported when installing from an HTTPS kickstart source

PXE boot with UEFI and IPv6 displays the GRUB2 shell instead of the operating system selection menu

Specifying a driverdisk partition with non-alphanumeric characters generates an invalid output Kickstart file

driverdisk "CDLABEL=Fedora 23 x86_64:/path/to/rpm"

The Scientific Computing variant is missing packages required for certain security profiles

kexec fails when secondary cores do not offline

File-system corruption due to incorrect flushing of cache has been fixed but I/O operations can be slower

FW supports sync cache Yes

Wacom Cintiq 12WX is not redetected when unplugged and plugged in quickly

Installing to some IBM POWER8 machines using a Virtual DVD fails when starting GUI

Entering full screen mode using a keyboard shortcut causes display problems on VMWare ESXi 5.5

[drm:vmw_cmdbuf_work_func [vmwgfx]] *ERROR* Command buffer error.

svga.maxWidth = X
svga.maxHeight = Y
svga.vramSize = "X * Y * 4"

svga.maxWidth = 1920
svga.maxHeight = 1080
svga.vramSize = "8294400"

KSC currently does not support xz compression

Invalid architecture, supported architectures are x86_64, ppc64, s390x

Verification of signatures using the MD5 hash algorithm is disabled in Red Hat Enterprise Linux 7

Environment=OPENSSL_ENABLE_MD5_VERIFY=1

freeradius might fail when upgrading from RHEL 7.3

certutil does not return the NSS database password requirements in FIPS mode

certutil: could not authenticate to token NSS FIPS 140-2 Certificate DB.: SEC_ERROR_IO: An I/O error occurred during security authorization.

systemd-importd runs as init_t

The SCAP password length requirement is ignored in the kickstart installation

rhnsd.pid is writable by group and others

# chmod go-w /var/run/rhnsd.pid

No support for thin provisioning on top of RAID in a cluster

Anaconda installation can fail when LVM or md device has metadata from a previous install

System upgrade may cause Yum to install unneeded 32-bit packages if rdma-core is installed

Booting OVMF guests fails

Bridge creation with virsh iface-bridge fails

Guests sometimes fail to boot on ESXi 5.5

The STIG for Red Hat Virtualization Hypervisor profile is not displayed in Anaconda