Search

7.8 Release Notes

download PDF
Red Hat Enterprise Linux 7

Release Notes for Red Hat Enterprise Linux 7.8

Red Hat Customer Content Services

Abstract

The Release Notes provide high-level coverage of the improvements and additions that have been implemented in Red Hat Enterprise Linux 7.8 and document known problems in this release, as well as notable bug fixes, Technology Previews, deprecated functionality, and other details.

Preface

Red Hat Enterprise Linux (RHEL) minor releases are an aggregation of individual security, enhancement, and bug fix errata. The Red Hat Enterprise Linux 7 Release Notes document describes the major changes made to the Red Hat Enterprise Linux 7 operating system and its accompanying applications for this minor release, as well as known problems and a complete list of all currently available Technology Previews.

Chapter 1. Overview

Product life cycle

Red Hat Enterprise Linux 7 is now in the Maintenance Support phase of the product life cycle. Future minor releases will focus on retaining and improving stability and reliability rather than adding new features. See the Red Hat Enterprise Linux Life Cycle document for more details.

In-place upgrade

An in-place upgrade offers a way of upgrading a system to a new major release of Red Hat Enterprise Linux by replacing the existing operating system. For a list of currently supported upgrade pahts, see Supported in-place upgrade paths for Red Hat Enterprise Linux.

In-place upgrade from RHEL 7 to RHEL 8

With the release of RHEL 8.2, the supported in-place upgrade path is:

  • From RHEL 7.8 to RHEL 8.2 on the 64-bit Intel, IBM POWER 8 (little endian), and IBM Z architectures
  • From RHEL 7.6 to RHEL 8.2 on architectures that require kernel version 4.14: 64-bit ARM, IBM POWER 9 (little endian), or IBM Z (Structure A)

Instructions on how to perform an in-place upgrade from RHEL 7 to RHEL 8 using the Leapp utility are provided by the document Upgrading from RHEL 7 to RHEL 8. Major differences between RHEL 7 and RHEL 8 are documented in Considerations in adopting RHEL 8. The Leapp utility is available in the RHEL 7 Extras repository.

If you are using CentOS Linux 7 or Oracle Linux 7, you can convert your operating system to RHEL 7 using the convert2rhel utility prior to upgrading to RHEL 8. For instructions, see How to convert from CentOS Linux or Oracle Linux to RHEL.

In-place upgrade from RHEL 6 to RHEL 7

The procedure of an in-place upgrade from RHEL 6 to RHEL 7 and the usage of the Preupgrade Assistant and the Red Hat Upgrade Tool is documented in the Upgrading from RHEL 6 to RHEL 7 guide. Significant differences between the two major releases are documented in the Migration Planning Guide. Note that the Preupgrade Assistant and the Red Hat Upgrade Tool are available in the RHEL 6 Extras repository.

If you are using CentOS Linux 6 or Oracle Linux 6, you can convert your operating system to RHEL 6 using the convert2rhel utility prior to upgrading to RHEL 7. For instructions, see How to convert from CentOS Linux or Oracle Linux to RHEL.

Security

SCAP Security Guide now provides a profile compliant with the Australian Cyber Security Centre (ACSC) Essential Eight Maturity Model.

See Section 4.11, “Security” for more information.

Desktop

Workspace switcher in the GNOME Classic environment has been modified. The switcher is now located in the right part of the bottom bar, and it is designed as a horizontal strip of thumbnails. Switching between workspaces is possible by clicking on the required thumbnail. For details, see Section 4.5, “Desktop”.

Additional resources

  • The Package Manifest document provides a package listing for RHEL 7.
  • The Red Hat Insights service, which enables you to proactively identify, examine, and resolve known technical issues, is now available with all RHEL subscriptions. For instructions on how to install the Red Hat Insights client and register your system to the service, see the Red Hat Insights Get Started page.

Chapter 2. Architectures

Red Hat Enterprise Linux 7 is available on the following architectures: [1]

  • 64-bit AMD
  • 64-bit Intel
  • IBM POWER7+ (big endian)
  • IBM POWER8 (big endian) [2]
  • IBM POWER8 (little endian) [3]
  • IBM POWER9 (little endian) [4][5]
  • IBM Z [4][6]
  • 64-bit ARM [4]

The Red Hat Enterprise Linux 7 is distributed with the kernel version 3.10.0-1127, which provides support for the following architectures:

  • 64-bit AMD
  • 64-bit Intel
  • IBM POWER7+ (big endian)
  • IBM POWER8 (big endian)
  • IBM POWER8 (little endian)
  • IBM Z (kernel version 3.10)

The following architectures remain fully supported and continue to receive z-stream security and bug fix updates in accordance with the Red Hat Enterprise Linux Life Cycle:

  • IBM POWER9 (little endian)
  • IBM Z - Structure A (kernel version 4.14)
  • 64-bit ARM


[1] Note that the Red Hat Enterprise Linux 7 installation is supported only on 64-bit hardware. Red Hat Enterprise Linux 7 is able to run 32-bit operating systems, including previous versions of Red Hat Enterprise Linux, as virtual machines.
[2] Red Hat Enterprise Linux 7 POWER8 (big endian) are currently supported as KVM guests on Red Hat Enterprise Linux 7 POWER8 systems that run the KVM hypervisor, and on PowerVM.
[3] Red Hat Enterprise Linux 7 POWER8 (little endian) is currently supported as a KVM guest on Red Hat Enterprise Linux 7 POWER8 systems that run the KVM hypervisor, and on PowerVM. In addition, Red Hat Enterprise Linux 7 POWER8 (little endian) guests are supported on Red Hat Enterprise Linux 7 POWER9 systems that run the KVM hypervisor in POWER8-compatibility mode on version 4.14 kernel using the kernel-alt package.
[4] This architecture is supported with the kernel version 4.14, provided by the kernel-alt packages. For details, see the Red Hat Enterprise Linux 7.5 Release Notes.
[5] Red Hat Enterprise Linux 7 POWER9 (little endian) is currently supported as a KVM guest on Red Hat Enterprise Linux 7 POWER9 systems that run the KVM hypervisor on version 4.14 kernel using the kernel-alt package, and on PowerVM.
[6] Red Hat Enterprise Linux 7 for IBM Z (both the 3.10 kernel version and the 4.14 kernel version) is currently supported as a KVM guest on Red Hat Enterprise Linux 7 for IBM Z hosts that run the KVM hypervisor on version 4.14 kernel using the kernel-alt package.

Chapter 3. Important Changes to External Kernel Parameters

This chapter provides system administrators with a summary of significant changes in the kernel shipped with Red Hat Enterprise Linux 7. These changes include added or updated proc entries, sysctl, and sysfs default values, boot parameters, kernel configuration options, or any noticeable behavior changes.

New kernel parameters
audit = [KNL]

This parameter enables the audit sub-system.

The value is either 1 = enabled or 0 = disabled. The default value is unset, which is not a new option, but it was previously undocumented.

Format: { "0" | "1" }

audit_backlog_limit = [KNL]

This parameter sets the audit queue size limit.

The default value is 64.

Format: <int> (must be >=0)

ipcmni_extend [KNL]
This parameter extends the maximum number of unique System V IPC identifiers from 32 768 to 16 777 216.
nospectre_v1 [X86,PPC]

This parameter disables mitigations for Spectre Variant 1 (bounds check bypass).

With this option data leaks are possible in the system.

tsx = [X86]

This parameter controls Transactional Synchronization Extensions (TSX) feature in Intel processors that support TSX control.

The options are:

  • on - Enable TSX on the system. Although there are mitigations for all known security vulnerabilities, TSX has been known to be an accelerator for several previous speculation-related CVEs, and so there may be unknown security risks associated with leaving it enabled.
  • off - Disable TSX on the system. Note that this option takes effect only on newer CPUs which are not vulnerable to Microarchitectural Data Sampling (MDS). In other words, they have MSR_IA32_ARCH_CAPABILITIES.MDS_NO=1 and get the new IA32_TSX_CTRL Model-specific register (MSR) through a microcode update. This new MSR allows for a reliable deactivation of the TSX functionality.
  • auto - Disable TSX if X86_BUG_TAA is present, otherwise enable TSX on the system.

    Not specifying this option is equivalent to tsx=on as Red Hat has implicitly made TSX enabled.

    For more details, see documentation of TAA - TSX Asynchronous Abort.

tsx_async_abort = [X86,INTEL]

This parameter controls mitigation for the TSX Async Abort (TAA) vulnerability.

Similar to Micro-architectural Data Sampling (MDS), certain CPUs that support Transactional Synchronization Extensions (TSX) are vulnerable to an exploit against CPU internal buffers. The exploit can forward information to a disclosure gadget under certain conditions.

In vulnerable processors, the speculatively forwarded data can be used in a cache side channel attack, to access data to which the attacker does not have direct access.

The options are:

  • full - Enable TAA mitigation on vulnerable CPUs if TSX is enabled.
  • full,nosmt - Enable TAA mitigation and disable Simultaneous Multi Threading (SMT) on vulnerable CPUs. If TSX is disabled, SMT is not disabled because CPU is not vulnerable to cross-thread TAA attacks.
  • off - Unconditionally disable TAA mitigation.

    On MDS-affected machines, the tsx_async_abort=off parameter can be prevented by an active MDS mitigation as both vulnerabilities are mitigated with the same mechanism. Therefore, to disable this mitigation, you need to specify the mds=off parameter as well.

    Not specifying this option is equivalent to tsx_async_abort=full. On CPUs which are MDS affected and deploy MDS mitigation, TAA mitigation is not required and does not provide any additional mitigation.

    For more details, see documentation of TAA - TSX Asynchronous Abort.

Updated kernel parameters
mitigations = [X86,PPC,S390]

Controls optional mitigations for CPU vulnerabilities. This is a set of curated, arch-independent options, each of which is an aggregation of existing arch-specific options.

The options are:

  • off - Disable all optional CPU mitigations. This improves system performance, but it may also expose users to several CPU vulnerabilities.

    Equivalent to:

    • nopti [X86,PPC]
    • nospectre_v1 [X86,PPC]
    • nobp=0 [S390]
    • nospectre_v2 [X86,PPC,S390]
    • spec_store_bypass_disable=off [X86,PPC]
    • l1tf=off [X86]
    • mds=off [X86]
    • tsx_async_abort=off [X86]
    • kvm.nx_huge_pages=off [X86]

      Exceptions:

      mitigations=off does not have any effect on the kvm.nx_huge_pages parameter if kvm.nx_huge_pages=force.

  • auto (default) - Mitigate all CPU vulnerabilities, but leave Simultaneous multithreading (SMT) enabled, even if it is vulnerable. This is for users who do not want to be surprised by SMT getting disabled across kernel upgrades, or who have other ways of avoiding SMT-based attacks.

    Equivalent to:

    • (default behavior)
  • auto,nosmt - Mitigate all CPU vulnerabilities, disabling Simultaneous multithreading (SMT) if needed. This is for users who always want to be fully mitigated, even if it means losing SMT.

    Equivalent to:

    • l1tf=flush,nosmt [X86]
    • mds=full,nosmt [X86]
    • tsx_async_abort=full,nosmt [X86]
New /proc/sys/fs parameters
negative-dentry-limit

The integer value of this parameter specifies a soft limit on the total number of negative dentries allowed in a system as a percentage of the total system memory available. The allowable range for this value is 0-100. A value of 0 means there is no limit. Each unit represents 0.1% of the total system memory. So 10% is the maximum that can be specified.

On an AMD64 or Intel 64 system with 32GB of memory, a 1% limit translates to about 1.7 million dentries or about 53 thousand dentries per GB of memory.

Chapter 4. New Features

This chapter documents new features and major enhancements introduced in Red Hat Enterprise Linux 7.

4.1. General Updates

Smart-card sharing is now supported on Windows guests with ActivClient drivers

This update adds support for smart-card sharing in virtual machines (VMs) that use a Windows guest OS and ActivClient drivers. This enables smart-card authentication for user logins using emulated or shared smart cards on these VMs.

(BZ#917867)

4.2. Authentication and Interoperability

The ipa-client-automount utility now supports setting an NFS domain that differs from the IdM domain

This enhancement adds the --idmap-domain option to the ipa-client-automount utility. Previously, ipa-client-automount assumed that the NFS domain is the same as the Identity Management (IdM) domain, but this is not always the case. As a result, you can now specify an NFS domain that is different from the IdM domain.

The ipa-client-automount utility now behaves as follows:

  • If --idmap-domain option is not set, ipa-client-automount uses the IdM domain as the NIS domain.
  • If the domain passed to --idmap-domain is set to DNS, ipa-client-automount removes the value specified in the Domain parameter in the /etc/idmapd.conf file, and the idmapd service auto-detects the domain.
  • If the domain passed to --idmap-domain does not match the DNS domain, ipa-client-automount sets the specified value in the Domain parameter in the /etc/idmapd.conf file.

(BZ#1733209)

samba rebased to version 4.10.4

The samba packages have been upgraded to upstream version 4.10.4, which provides a number of bug fixes and enhancements over the previous version:

  • Samba 4.10 fully supports Python 3. Note that future Samba versions will not have any runtime support for Python 2.
  • The JavaScript Object Notation (JSON) logging feature now logs the Windows event ID and logon type for authentication messages.
  • The new vfs_glusterfs_fuse file system in user space (FUSE) module improves the performance when Samba accesses a GlusterFS volume. To enable this module, add glusterfs_fuse to the vfs_objects parameter of the share in the /etc/samba/smb.conf file. Note that vfs_glusterfs_fuse does not replace the existing vfs_glusterfs module.
  • The server message block (SMB) client Python bindings are now deprecated and will be removed in a future Samba release. This only affects users who use the Samba Python bindings to write their own utilities.

Samba automatically updates its tdb database files when the smbd, nmbd, or winbind service starts. Back up the databases files before starting Samba. Note that Red Hat does not support downgrading tdb database files.

For further information about notable changes, read the upstream release notes before updating: https://www.samba.org/samba/history/samba-4.10.0.html

(BZ#1724991)

4.3. Clustering

Default value of Pacemaker concurrent-fencing cluster property now set to true

Pacemaker now defaults the concurrent-fencing cluster property to true. If multiple nodes need to be fenced at the same time and they use different configured fence devices, Pacemaker will execute the fencing simultaneously rather than serialized as before. This can greatly speed up recovery in a large cluster when multiple nodes must be fenced.

(BZ#1710422)

Pacemaker support for configuring resources to remain stopped on clean node shutdown

When a cluster node shuts down, Pacemaker’s default response is to stop all resources running on that node and recover them elsewhere. Some users prefer to have high availability only for failures, and to treat clean shutdowns as scheduled outages. To address this, Pacemaker now supports the shutdown-lock and shutdown-lock-limit cluster properties to specify that resources active on a node when it shuts down should remain stopped until the node next rejoins. Users can now use clean shutdowns as scheduled outages without any manual intervention. For information on configuring resources to remain stopped on a clean node shutdown, see Configuring Resources to Remain Stopped on Clean Node Shutdown.

(BZ#1781820)

4.4. Compiler and Tools

Optimized implementation of SHA-2 operations on IBM PowerPC systems

This update adds an assembly code implementation of SHA-2 operations on IBM PowerPC systems, which significantly improves performance.

(BZ#1498932)

OpenJDK now supports also secp256k1

Previously, Open Java Development Kit (OpenJDK) could use only curves from the NSS library. Consequently, OpenJDK provided only the secp256r1, secp384r1, and secp521r1 curves for elliptic curve cryptography (ECC). With this update, OpenJDK uses the internal ECC implementation and supports also the secp256k1 curve.

(BZ#1746874)

4.5. Desktop

Modified workspace switcher in GNOME Classic

Workspace switcher in the GNOME Classic environment has been modified. The switcher is now located in the right part of the bottom bar, and it is designed as a horizontal strip of thumbnails.

Switching between workspaces is possible by clicking on the required thumbnail. Alternatively, you can also use the kbd:[Ctrl + Alt + ↑] and kbd:[Ctrl + Alt + ↓] keyboard shortcuts to switch between workspaces. The content of the active workspace is shown in the left part of the bottom bar in form of the window list.

When you press the kbd:[Super] key within the particular workspace, you can see the window picker, which includes all windows that are open in this workspace. However, the window picker no longer displays the following elements that were available in the previous release of RHEL:

  • dock (vertical bar on the left side of the screen)
  • workspace switcher (vertical bar on the right side of the screen)
  • search entry

For particular tasks that were previously achieved with the help of these elements, adopt the following approaches:

  • To launch applications, instead of using dock, you can:

    • Use the Applications menu on the top bar
    • Press the kdb:[Alt + F2] keys to make the Enter a Command screen appear, and write the name of the executable into this screen.
  • To switch between workspaces, instead of using the vertical workspace switcher, use the horizontal workspace switcher in the right bottom bar.
  • If you require the search entry or the vertical workspace switcher, use the GNOME Standard environment instead of GNOME Classic.

(BZ#1720286)

GNOME now warns against a root graphical login

With this update, GNOME now displays a warning notification if you log into a graphical session as the root user.

Logging into a graphical session as root causes serious and unexpected issues, is non-secure, and is against Unix principles.

(BZ#1539772)

4.6. Hardware Enablement

Aero adapters are now fully supported

The following Aero adapters, previously available as a Technology Preview, are now fully supported:

  • PCI ID 0x1000:0x00e2 and 0x1000:0x00e6, controlled by the mpt3sas driver
  • PCI ID 0x1000:Ox10e5 and 0x1000:0x10e6, controlled by the megaraid_sas driver

(BZ#1660791, BZ#1660289)

4.7. Installation and Booting

RHEL 7.8 now supports blueprint customizations

With this enhancement, RHEL 7.8 now supports a set of image customizations within blueprints when using the CLI. To make use of these customizations, you must configure them in the blueprint and import (push) to Image Builder. As a result, you are able to add specifications for your system.

(BZ#1718473)

4.8. Kernel

Kernel version in RHEL 7.8

Red Hat Enterprise Linux 7.8 is distributed with the kernel version 3.10.0-1127.

(BZ#1801759)

FUSE file system can be used inside of a user namespace

RHEL 7 now enables users to mount the Filesystem in Userspace (FUSE) based filesystems inside of the user namespace. As a result, users are able to use the fuse-overlayfs command inside of rootless containers that were created with Buildah or Podman utilities.

(BZ#1713642)

ipcmin_extend increases the number of unique System V IPC identifiers

A new kernel command line parameter ipcmin_extend increases the number of unique System V Interprocess Communication (IPC) identifiers from 32,768 to 16,777,216. As a result, users with applications that exceed 32,768 of unique System V IPC identifiers can add ipcmin_extend to port the relevant applications to RHEL without a major redesign.

(BZ#1373519)

Intel® Omni-Path Architecture (OPA) Host Software

Intel® Omni-Path Architecture (OPA) host software is fully supported in Red Hat Enterprise Linux 7.8. Intel OPA provides Host Fabric Interface (HFI) hardware with initialization and setup for high performance data transfers (high bandwidth, high message rate, low latency) between compute and I/O nodes in a clustered environment.

(BZ#1808458)

4.9. Real-Time Kernel

kernel-rt source tree now matches the latest RHEL 7 tree

The kernel-rt sources have been upgraded to the latest Red Hat Enterprise Linux kernel source tree, which provides a number of bug fixes and enhancements over the previous version.

(BZ#1708718)

4.10. Red Hat Enterprise Linux System Roles

A new storage role added to RHEL System Roles

The storage role has been added to RHEL System Roles provided by the rhel-system-roles package, which is available in the RHEL 7 Extras repository.

The storage role can be used to manage local storage using Ansible. Currently, the storage role supports the following types of tasks:

  • Managing file systems on whole disks
  • Managing LVM volume groups
  • Managing logical volumes and their file systems

For more information, see the Knowledgebase article about RHEL System Roles.

(BZ#1410996)

4.11. Security

SCAP Security Guide now provides OSPP 4.2.1 and NCP Profiles

The OSPP (Protection Profile for General Purpose Operating Systems) profile has been updated, and it now conforms to OSPP 4.2.1 baseline. The profile with the ospp42 ID has been merged to the OSPP profile. Administrators should switch systems using the ospp42 profile to ospp because ospp42 is no longer a valid ID.

Additionally, the NCP (NIST National Checklist Program Security Guide) profile with the ncp ID has been introduced. The NCP profile conforms to the OSPP 4.2.1 and implements configuration requirements of additional policies. In particular CNSSI 1253, NIST 800-171, NIST 800-53, USGCB, and OS SRG.

(BZ#1691336)

SCAP Security Guide now supports ACSC Essential Eight

The scap-security-guide packages now provides the Australian Cyber Security Centre (ACSC) Essential Eight compliance profile and a corresponding Kickstart file. With this enhancement, users can install a system that conforms with this security baseline. Furthermore, you can use the OpenSCAP suite for checking security compliance and remediation using this specification of minimum security controls defined by ACSC.

(BZ#1755192)

SCAP Security Guide now correctly disables services

With this update, the SCAP Security Guide (SSG) profiles correctly disable and mask services that should not be started. This guarantees that disabled services are not inadvertently started as a dependency of another service. Before this change, the SSG profiles such as the U.S. Government Commercial Cloud Services (C2S) profile only disabled the service. As a result, services disabled by an SSG profile cannot be started unless you unmask them first.

(BZ#1791583)

SCAP Security Guide rebased to version 0.1.46

The SCAP Security Guide (SSG) packages have been upgraded to version 0.1.46, which provides enhancements and bug fixes over the previous version, most notably:

  • SSG now provides content that follows guidelines conforming to the SCAP 1.3 standard. The 1.3 data streams are compatible with OpenSCAP and used by default.

Note that you can still use content suffixed with -1.2 if you require the use of SCAP 1.2 data streams, as this data moved to the "/usr/share/xml/scap/ssg/content/ssg-rhel7-ds-1.2.xml" path. The new 1.3 data stream is located in the usual path.

(BZ#1726698)

SCAP Security Guide now supports scanning RHEL 8 systems from RHEL 7

The scap-security-guide package now contains SCAP content and Ansible playbooks for RHEL 8. This enables you to scan RHEL 8 systems and containers from a RHEL 7 environment.

(BZ#1777862)

selinux-policy now allows tomcat processes to connect to redis database

This update of selinux-policy packages introduces rules that allow the tomcat_t domain to connect to ports labeled redis_port_t when the tomcat_can_network_connect_db SELinux boolean is enabled. You can now use this boolean to allow tomcat_t to access several databases, which was not previously supported for redis processes.

(BZ#1687497)

sysadm_u users can now log in to graphical sessions

Previously, Linux users mapped to the sysadm_u SELinux user were unable to log in to graphical sessions. The SELinux policy has been updated to allow these users to use graphical sessions while conforming to DISA STIG requirements. If the xdm_sysadm_login Boolean is enabled, the sysadm_u user can now successfully log in to X Window System session from the GNOME Display Manager.

(BZ#1727379)

4.12. Servers and Services

An option for rsyslog to preserve case of FROMHOST for imudp and imtcp is available

This update to the rsyslog service introduces the option to manage letter-case preservation of the FROMHOST property for the imudp and imtcp modules. Setting the preservecase value to on means the FROMHOST property is handled in a case sensitive manner. To avoid breaking existing configurations, the default values of preservecase are on for imtcp and off for imudp.

(BZ#1309698)

4.13. Storage

Support for Data Integrity Field/Data Integrity Extension (DIF/DIX)

DIF/DIX is supported on configurations where the hardware vendor has qualified it and provides full support for the particular host bus adapter (HBA) and storage array configuration on RHEL.

DIF/DIX is not supported on the following configurations:

  • It is not supported for use on the boot device.
  • It is not supported on virtualized guests.
  • Red Hat does not support using the Automatic Storage Management library (ASMLib) when DIF/DIX is enabled.

DIF/DIX is enabled or disabled at the storage device, which involves various layers up to (and including) the application. The method for activating the DIF on storage devices is device-dependent.

For further information on the DIF/DIX feature, see What is DIF/DIX.

(BZ#1649493)

NVMe/FC is now fully supported in Qlogic HBAs

The NVMe over Fibre Channel (NVMe/FC) transport type is now fully supported in Qlogic Fibre Channel (FC) host bus adapters (HBAs), which use the qla2xxx driver.

NVMe/FC is an additional fabric transport type for the Nonvolatile Memory Express (NVMe) protocol, in addition to the Remote Direct Memory Access (RDMA) protocol that was previously introduced in Red Hat Enterprise Linux.

NVMe/FC provides a higher-performance, lower-latency I/O protocol over existing FC infrastructure. This is especially important with solid-state storage arrays, because it allows the performance benefits of NVMe storage to be passed through the fabric transport, rather than being encapsulated in a different protocol, SCSI.

Note that since Red Hat Enterprise Linux 7.6, NVMe/FC is also fully supported with Broadcom Emulex Fibre Channel 32Gbit adapters using the lpfc driver.

(BZ#1642968)

4.14. Atomic Host and Containers

Red Hat Enterprise Linux Atomic Host is a secure, lightweight, and minimal-footprint operating system optimized to run Linux containers.

4.15. Red Hat Software Collections

Red Hat Software Collections is a Red Hat content set that provides a set of dynamic programming languages, database servers, and related packages that you can install and use on all supported releases of Red Hat Enterprise Linux 7 on AMD64 and Intel 64 architectures, the 64-bit ARM architecture, IBM Z, and IBM POWER, little endian. Certain components are available also for all supported releases of Red Hat Enterprise Linux 6 on AMD64 and Intel 64 architectures.

Red Hat Developer Toolset is designed for developers working on the Red Hat Enterprise Linux platform. It provides current versions of the GNU Compiler Collection, GNU Debugger, and other development, debugging, and performance monitoring tools. Red Hat Developer Toolset is included as a separate Software Collection.

Dynamic languages, database servers, and other tools distributed with Red Hat Software Collections do not replace the default system tools provided with Red Hat Enterprise Linux, nor are they used in preference to these tools. Red Hat Software Collections uses an alternative packaging mechanism based on the scl utility to provide a parallel set of packages. This set enables optional use of alternative package versions on Red Hat Enterprise Linux. By using the scl utility, users can choose which package version they want to run at any time.

Important

Red Hat Software Collections has a shorter life cycle and support term than Red Hat Enterprise Linux. For more information, see the Red Hat Software Collections Product Life Cycle.

See the Red Hat Software Collections documentation for the components included in the set, system requirements, known problems, usage, and specifics of individual Software Collections.

See the Red Hat Developer Toolset documentation for more information about the components included in this Software Collection, installation, usage, known problems, and more.

Chapter 5. Device Drivers

This chapter provides a comprehensive listing of all device drivers that are new or have been updated in Red Hat Enterprise Linux 7.

5.1. New Drivers

Graphics Drivers and Miscellaneous Drivers
  • halt poll cpuidle driver (cpuidle-haltpoll.ko.xz)
  • Intel® Trace Hub controller driver (intel_th.ko.xz)
  • Intel® Trace Hub ACPI controller driver (intel_th_acpi.ko.xz)
  • Intel® Trace Hub Global Trace Hub driver (intel_th_gth.ko.xz)
  • Intel® Trace Hub Memory Storage Unit driver (intel_th_msu.ko.xz)
  • Intel® Trace Hub PCI controller driver (intel_th_pci.ko.xz)
  • Intel® Trace Hub PTI/LPP output driver (intel_th_pti.ko.xz)
  • Intel® Trace Hub Software Trace Hub driver (intel_th_sth.ko.xz)
  • dummy_stm device (dummy_stm.ko.xz)
  • stm_console driver (stm_console.ko.xz)
  • System Trace Module device class (stm_core.ko.xz)
  • stm_ftrace driver (stm_ftrace.ko.xz)
  • stm_heartbeat driver (stm_heartbeat.ko.xz)
  • Basic STM framing protocol driver (stm_p_basic.ko.xz)
  • MIPI SyS-T STM framing protocol driver (stm_p_sys-t.ko.xz)
Network Drivers
  • gVNIC Driver (gve.ko.xz): 1.0.0.
  • Failover driver for Paravirtual drivers (net_failover.ko.xz)

5.2. Updated Drivers

Network Driver Updates
  • Emulex OneConnect NIC Driver (be2net.ko.xz) has been updated to version 12.0.0.0r.
  • Intel® Ethernet Connection XL710 Network Driver (i40e.ko.xz) has been updated to version 2.8.20-k.
  • The Netronome Flow Processor (NFP) driver (nfp.ko.xz) has been updated to version 3.10.0-1122.el7.x86_64.
Storage Driver Updates
  • QLogic FCoE Driver (bnx2fc.ko.xz) has been updated to version 2.12.10.
  • Driver for HP Smart Array Controller version (hpsa.ko.xz) has been updated to version 3.4.20-170-RH4.
  • Emulex LightPulse Fibre Channel SCSI driver (lpfc.ko.xz) has been updated to version 0:12.0.0.13.
  • Broadcom MegaRAID SAS Driver (megaraid_sas.ko.xz) has been updated to version 07.710.50.00-rh1.
  • LSI MPT Fusion SAS 3.0 Device Driver (mpt3sas.ko.xz) has been updated to version 31.100.01.00.
  • QLogic QEDF 25/40/50/100Gb FCoE Driver (qedf.ko.xz) has been updated to version 8.37.25.20.
  • QLogic FastLinQ 4xxxx iSCSI Module (qedi.ko.xz) has been updated to version 8.37.0.20.
  • QLogic Fibre Channel HBA Driver (qla2xxx.ko.xz) has been updated to version 10.01.00.20.07.8-k.

Chapter 6. Notable Bug Fixes

This chapter describes bugs fixed in Red Hat Enterprise Linux 7 that have a significant impact on users.

6.1. Authentication and Interoperability

Directory Server rebased to version 1.3.10

The 389-ds-base packages have been upgraded to upstream version 1.3.10, which provides a number of bug fixes over the previous version.

(BZ#1740693)

Directory Server now correctly logs the search base if the server rejects a search operation

Previously, when Directory Server rejected a search operation because of a protocol error, the server logged base="(null)" instead of the actual search base. With this update, Directory Server passes the correct internal variable to the log operation. As a result, the server correctly logs the search base in the mentioned scenario.

(BZ#1662461)

Directory Server improved the logging of the etime value

Previously, if an operation started and completed at the border of a second and the operation took less than one second, Directory Server logged an incorrectly calculated etime value. As a consequence, the logged value was too big. This updates fixes the problem. As a result, the calculated etime value is now closer to the start and end time stamp.

(BZ#1732053)

Directory Server now logs the correct etime value in the access log

Previously, Directory Server incorrectly formatted the etime field in the /var/log/dirsrv/slapd-<instance_name>/access log file. As a consequence, the time value in nanoseconds was 10 times lower than the actual value. This update fixes the problem. As a result, Directory Server now logs the correct nanosecond value in the etime field.

(BZ#1749236)

The severity of a Directory Server log message has been changed

Previously, Directory Server incorrectly logged Event <event_name> should not occur in state <state_name>; going to sleep messages as error. This update changes the severity of this message to warning.

(BZ#1639342)

Directory Server is RFC 4511-compliant when searching for the 1.1 and other attributes in one request

To retrieve only a list of matching distinguished names (DN), LDAP users can search for the 1.1 special attribute. According to RFC 4511, if an LDAP client searches for the 1.1. special attribute in combination with other attributes in one search request, the server must ignore the 1.1 special attribute.

Previously, when a Directory Server user searched for the 1.1 special attribute and other attributes in the same search request, the server returned no attributes. This update fixes the problem. As a result, Directory Server is RFC 4511-compliant in the mentioned scenario.

(BZ#1723545)

Directory Server returns password policy controls in the correct order

Previously, if the password of a user expired, Directory Server returned password policy controls in a different order depending on whether grace logins were exhausted or not. Consequently, this sometimes caused problems in LDAP clients compliant with the RFC 4511 standard. This update fixes the problem, and as a result, Directory Server returns password policy controls in the correct order.

(BZ#1724914)

Directory Server now also applies limits for maximum concurrent cleanAllRUV tasks received from extended operations

Directory Server supports up to 64 concurrent cleanAllRUV tasks. Previously, Directory Server applied this limit only to manually created tasks and not to tasks the server received from extended operations. As a consequence, more than 64 concurrent cleanAllRUV tasks could run at the same time and slow down the server. This update adds a counter to track the number of clean tasks and abort threads. As a result, only up to 64 concurrent cleanAllRUV tasks can run at the same time.

(BZ#1739182)

Importing large LDIF files to Directory Server databases with many nested-subtrees is now significantly faster

Previously, if the Directory Server database contained many nested sub-trees, importing a large LDIF file using the ldif2db and ldif2db.pl utilities was slow. With this update, Directory Server adds the ancestorid index after all entries. As a result, importing LDIF files to a database with many nested sub-trees is now significantly faster.

(BZ#1749595)

Directory Server now processes new operations only after a previous SASL bind fully initialized the connection

During a bind using the Simple Authentication and Security Layer (SASL) framework, Directory Server initializes a set of callback functions. Previously, if Directory Server received an additional operation on the same connection during a SASL bind, this operation could access and use the callback functions even if they were not fully initialized. Consequently, the Directory Server instance terminated unexpectedly. With this update, the server prevents operations from accessing and using the callback structure until the previous SASL bind is successfully initialized. As a result, Directory Server no longer crashes in this situation.

(BZ#1756182)

The cl-dump.pl and cl-dump utilities now remove temporary files after exporting the change log

Previously, the cl-dump.pl and cl-dump utilities in Directory Server created temporary LDIF files in the /var/lib/dirsrv/slapd-<instance_name>/changelogdb/ directory. After the change log was exported, the utilities renamed the temporary files to *.done. As a consequence, if the temporary files were large, this could result in low free disk space. With this update, by default, cl-dump.pl and cl-dump now delete the temporary files at the end of the export. Additionally, the -l option has been added to both utilities to manually preserve the temporary files. As a result, cl-dump.pl and cl-dump free the disk space after exporting the change log or user can optionally enforce the old behavior by using the -l option.

(BZ#1685059)

IdM configures the Apache NSS module to use only TLS 1.2 when installing or updating an IdM server or replica

Previously, when an administrator installed an Identity Management (IdM) server or replica, the installer enabled the TLS 1.0, TLS 1.1, and TLS 1.2 protocols in the Apache web server’s network security service (NSS) module. This update provides the following changes:

  • When you set up a new server or replica, IdM only enables the strong TLS 1.2 protocol.
  • On existing IdM servers and replicas, this update disables the weak TLS 1.0 and TLS 1.1 protocols.

As a result, new and updated IdM servers and replicas use only the strong TLS 1.2 protocol in the Apache web server’s NSS module.

(BZ#1711172)

IdM now correctly updates the certificate record in the cn=CAcert,cn=ipa,cn=etc,<base_DN> entry

Previously, after renewing the Identity Management (IdM) certificate authority (CA) certificate or modifying the CA certificate chain, IdM did not update the certificate record stored in the cn=CAcert,cn=ipa,cn=etc,<base_DN> entry. As a consequence, installations of IdM clients on RHEL 6 failed. With this update, IdM now updates the certificate record in cn=CAcert,cn=ipa,cn=etc,<base_DN>. As a result, installing IdM on RHEL 6 now succeeds after the administrator renews the CA certificate or updates the certificate chain on the IdM CA.

(BZ#1544470)

The ipa-replica-install utility now verifies that the server specified in --server provides all required roles

The ipa-replica-install utility provides a --server option to specify the Identity Management (IdM) server which the installer should use for the enrollment. Previously, ipa-replica-install did not verify that the supplied server provided the certificate authority (CA) and key recovery authority (KRA) roles. As a consequence, the installer replicated domain data from the specified server and CA data from a different server that provided the CA and KRA roles. With this update, ipa-replica-install verifies that the specified server provides all required roles. As a result, if the administrator uses the --server option, ipa-replica-install only replicates data from the specified server.

(BZ#1754494)

ipa sudorule-add-option no longer shows a false error when options are added to an existing sudo rule

Previously, when a sudo rule already contained hosts, hostgroups, users, or usergroups, the ipa sudorule-add-option command incorrectly processed the sudo rule content. Consequently, the ipa sudorule-add-option command used with the sudooption argument returned an error despite completing successfully. This bug has been fixed, and ipa sudorule-add-option now displays an accurate output in the described scenario.

(BZ#1691939)

IdM no longer drops all custom attributes when moving an account from preserved to stage

Previously, IdM processed only some of the attributes defined in a preserved account. Consequently, when moving an account from preserved to stage, all the custom attributes were lost. With this update, IdM processes all the attributes defined in a preserved account and the described problem no longer occurs.

(BZ#1583950)

Sub-CA key replication no longer fails

Previously, a change to the credential cache (ccache) behaviour in the Kerberos library caused lightweight Certificate Authority (CA) key replication to fail. This update adapts the IdM lightweight CA key replication client code to the changed ccache behaviour. As a result, the lightweight CA key replication now works correctly.

(BZ#1755223)

Certificate System now records audit events if the system acts as a client to other subsystems or to the LDAP server

Previously, Certificate System did not contain audit events if the system acted as a client to other subsystems or to the LDAP server. As a consequence, the server did not record any events in this situation. This update adds the CLIENT_ACCESS_SESSION_ESTABLISH_FAILURE, CLIENT_ACCESS_SESSION_ESTABLISH_SUCCESS, and CLIENT_ACCESS_SESSION_TERMINATED events to Certificate System. As a result, Certificate System records these events when acting as a client.

(BZ#1523330)

The python-kdcproxy library no longer drops large Kerberos replies

Previously, if an Active Directory Kerberos Distribution Center (KDC) split large Kerberos replies into multiple TCP packets, the python-kdcproxy library dropped these packages. This update fixes the problem. As a result, python-kdcproxy processes large Kerberos replies correctly.

(BZ#1746107)

6.2. Compiler and Tools

Socket::inet_aton() can now be used from multiple threads safely

Previously, the Socket::inet_aton() function, used for resolving a domain name from multiple Perl threads, called the unsafe gethostbyname() glibc function. Consequently, an incorrect IPv4 address was occasionally returned, or the Perl interpreter terminated unexpectedly. With this update, the Socket::inet_aton() implementation has been changed to use the thread-safe getaddrinfo() glibc function instead of gethostbyname(). As a result, the inet_aton() function from Perl Socket module can be used from multiple threads safely.

(BZ#1693293)

sosreport now generates HTML reports faster

Previously, when the sosreport utility collected tens of thousands of files, generation of HTML report was very slow. This update provides changes to the text report code, improving the report structure and formatting. Additionally, support for reports in the JSON file format has been added. As a result, HTML reports are now generated without delay.

(BZ#1704957)

6.3. Desktop

32- and 64-bit fwupd packages can now be used together when installing or upgrading the system

Previously, the /usr/lib/systemd/system/fwupd.service file in the fwupd packages was different for 32- and 64-bit architectures. Consequently, it was impossible to install both 32- and 64-bit fwupd packages or to upgrade a Red Hat Enterprise Linux 7.5 system with both 32- and 64-bit fwupd packages to a later version. This update fixes fwupd so that the /usr/lib/systemd/system/fwupd.service file is same for both 32- and 64-bit architectures. As a result, installing both 32- and 64-bit fwupd packages, or upgrading a Red Hat Enterprise Linux 7.5 system with both 32- and 64-bit fwupd packages to a later version is now possible.

(BZ#1623466)

A memory leak in libteam has been fixed

Previously, the libteam library used an incorrect JSON API when a user queried the status of a network team. As a consequence, the teamdctl <team_device> state command leaked memory. With this update, the library uses the correct API, and querying the status of a team no longer leaks memory.

(BZ#1704451)

6.4. Installation and Booting

The installation program correctly sets the connection type for Kickstart network team devices

Previously, the installation program used the TYPE="Team" parameter instead of the DEVICETYPE="Team" parameter to specify the connection type in the ifcfg file that is created for Kickstart network team devices. As a consequence, any network team devices using network service were not activated during the boot process. With this update, the installation program uses the DEVICETYPE parameter to specify the connection type in the ifcfg file. As a result, Kickstart network team devices are activated during the boot process even if the system is using network service for network configuration, for example, the NetworkManager service is disabled.

(BZ#1680606)

The installation program correctly handles an exception when GTK is not installed

Previously, the installation program failed to handle an exception when the GTK GUI toolkit was not installed in the environment. As a consequence, the exception was not communicated to the user. With this update, the installation program correctly handles an exception when the GTK GUI toolkit is not installed, and the user is also notified of the exception.

(BZ#1712987)

6.5. Kernel

The IBM Z systems no longer become unresponsive when using certain BCC tools

Previously, due to a bug in the kernel, running dcsnoop, runqlen, and slabratetop utilities from the bcc-tools package caused the IBM Z systems to become unresponsive. This update fixes the problem and IBM Z systems no longer hang in the described scenario.

(BZ#1724027)

Virtual machines no longer enable unnecessary CPU vulnerability mitigation

Previously, the MDS_NO CPU flags, which indicate that the CPU was not vulnerable to the Microarchitectural Data Sampling (MDS) vulnerability, were not exposed to guest operating systems when the virtual machine was using CPU host-passthrough. As a consequence, the guest operating system in some cases automatically enabled CPU vulnerability mitigation features that were not necessary for the host. This update ensures that the MDS_NO flag is properly visible to the guest operating system when using CPU host-passthrough, which prevents the described problem from occurring.

(BZ#1708465, BZ#1677209)

Disabling logging in the nf-logger framework has been fixed

Previously, when an admin used the sysctl or echo commands to turn off an assigned netfilter logger, a NUL-character was not added to the end of the NONE string. Consequently, the strcmp() function failed with a No such file or directory error. This update fixes the problem. As a result, commands, such as sysctl net.netfilter.nf_log.2=NONE work as expected and turn off logging.

(BZ#1770232)

Resuming from hibernation now works on the megaraid_sas driver

Previously, when the megaraid_sas driver resumed from hibernation, the Message Signaled Interrupts (MSIx) allocation did not work correctly. As a consequence, resuming from hibernation failed, and restarting the system was required. This bug has been fixed, and resuming from hibernation now works as expected.

(BZ#1807077)

Kdump no longer fails in the second kernel

Previously, the kdump initramfs image could fail in the second kernel after a disk migration or installation of a new machine with a disk image. This update adds the kdumpctl rebuild command for rebuilding the kdump initramfs image. As a result, users can now rebuild initramfs to ensure that kdump does not fail in the second kernel.

(BZ#1723492)

6.6. Real-Time Kernel

The latency for isolated CPU’s is now reduced by avoiding spurious ktimersoftd activation

Previously, for a KVM-RT configured system, per-CPU ktimersoftd kernel threads ran once every second even in absence of a timer. Consequently, an increased latency occurred on the isolated CPU’s. This update adds an optimization into the real-time kernel that does not wake the ktimersoftd on every tick. As a result, ktimersoftd is not raised on isolated CPU’s, which prevents the interference and reduces the latency.

(BZ#1550584)

6.7. Networking

The tc filter show command now displays filters correctly when the handle is 0xffffffff

Previously, a bug in the TC flower code caused an undesired integer overflow. As a consequence, dumping a flower rule that used 0xffffffff as a handle could result in an infinite loop. This update prevents the integer overflow on 64-bit architectures. As a result, tc filter show no longer loops in this scenario, and filters are now shown correctly.

(BZ#1712737)

The kernel no longer crashes when attempting to apply an invalid TC rule

Previously, while attempting to replace a traffic control (TC) rule with a rule having an invalid goto chain parameter, a kernel crash occurred. With this update, the kernel avoids a NULL dereference in the described scenario. As a result, the kernel no longer crashes, and an error message is logged instead.

(BZ#1712918)

The kernel now correctly updates PMTU when receiving ICMPv6 Packet Too Big message

In certain situations, such as for link-local addresses, more than one route can match a source address. Previously, the kernel did not check the input interface when receiving Internet Control Message Protocol Version 6 (ICMPv6) packets. Therefore, the route lookup could return a destination that did not match the input interface. Consequently, when receiving an ICMPv6 Packet Too Big message, the kernel could update the Path Maximum Transmission Unit (PMTU) for a different input interface. With this update, the kernel checks the input interface during the route lookup. As a result, the kernel now updates the correct destination based on the source address and PMTU works as expected in the described scenario.

(BZ#1722686)

MACsec no longer drops valid frames

Previously, if the cryptographic context for AES-GCM was not completely initialized, decryption of incoming frames failed. Consequently, MACsec dropped valid incoming frames, and increased the InPktsNotValid counter. With this update, the initialization of the cryptographic context has been fixed. Now, decryption with AES-GCM succeeds, and MACsec no longer drops valid frames.

(BZ#1698551)

The kernel no longer crashes when goto chain is used as a secondary TC control action

Previously, when the act gact and act police traffic control (TC) rules used an invalid goto chain parameter as a secondary control action, the kernel terminated unexpectedly. With this update, the kernel avoids using goto chain with a NULL dereference and no longer crashes in the described scenario. Instead, the kernel returns an -EINVAL error message.

(BZ#1729033)

Kernel no longer allows adding duplicate rules with NLM_F_EXCL set

Previously, the kernel never checked the rule content when a new policy routing rule was added. Consequently, the kernel could have added two rules that were exactly the same. This complicated the rule set which could cause problems when NetworkManager tried to cache the rules. With this update, the NLM_F_EXCL flag has been added to the kernel. Now, when a rule is added and the flag is set, the kernel checks the rule content, and returns an EEXIST error if the rule already exists. As a result, kernel no longer adds duplicate rules.

(BZ#1700691)

The ipset list command reports consistent memory for hash set types

When you add entries to a hash set type, the ipset utility must resize the in-memory representation to for new entries by allocating an additional memory block. Previously, ipset set the total per-set allocated size to only the size of the new block instead of adding the value to the current in-memory size. As a consequence, the ip list command reported an inconsistent memory size. With this update, ipset correctly calculates the in-memory size. As a result, the ipset list command now displays the correct in-memory size of the set, and the output matches the actual allocated memory for hash set types.

(BZ#1711520)

firewalld no longer attempts to create IPv6 rules if the IPv6 protocol is disabled

Previously, if the IPv6 protocol was disabled, the firewalld service incorrectly attempted to create rules using the ip6tables utility, even though ip6tables should not be usable. As a consequence, when firewalld initialized the firewall, the service logged error messages. This update fixes the problem, and firewalld now only initializes IPv4 rules if IPv6 is disabled.

(BZ#1738785)

The --remove-rules option of firewall-cmd now removes only direct rules that match the specified criteria

Previously, the --remove-rules option of the firewall-cmd command did not check the rules to remove. As a consequence, the command removed all direct rules instead of a subset rule. This update fixes the problem. As a result, firewall-cmd now removes only direct rules that match the specified criteria.

(BZ#1723610)

Deleting a firewalld rich rule with forward-ports works now as expected

Previously, the firewalld service incorrectly handled the deletion of rules with the forward-ports setting. As a consequence, deleting a rich rule with forward-ports from the runtime configuration failed. This update fixes the problem. As a result, deleting a rich rule with forward-ports works as expected.

(BZ#1637675)

Packets no longer drift to other zones and cause unexpected behavior

Previously, when setting up rules in one zone, the firewalld daemon allowed the packets to be affected by multiple zones. This behavior violated the firewalld zone concept, in which packets may only be part of a single zone. This update fixes the bug and firewalld now prevents packets from being affected by multiple zones.

Warning: This change may affect the availability of some service if the user was knowingly or unknowingly relying on the zone drifting behavior.

(BZ#1713823)

6.8. Security

Accessibility of OpenSCAP HTML reports has been improved

Previously, an Accessible Rich Internet Applications (ARIA) parameter was incorrectly defined in OpenSCAP HTML reports. As a consequence, rule details in the reports were not accessible to users of screenreading software. With this update, the template for report generation has been changed. As a result, users with screen readers can now navigate through rule details and interact with links and buttons.

(BZ#1767826)

SELinux policy now allows sysadm_u users to use semanage with sudo

Previously, SELinux policy was missing rules to allow users with the sysadm_u label to use the semanage command with the sudo command. As a consequence, sysadm_u users could not configure SELinux on the system. This update adds the missing rules, and SELinux users labeled as sysadm_u can now change SELinux configurations.

(BZ#1651253)

6.9. Servers and Services

Manual initialization of MariaDB using mysql_install_db no longer fails

Prior to this update, the mysql_install_db script for initializing the MariaDB database called the resolveip binary from the /usr/libexec/ directory, while the binary was located in /usr/bin/. Consequently, manual initialization of the database using mysql_install_db failed. This update fixes mysql_install_db to correctly locate resolveip. As a result, manual initialization of MariaDB using mysql_install_db no longer fails.

(BZ#1731062)

ReaR updates

RHEL 7.8 introduces a number of updates to the Relax-and-Recover (ReaR) utility.

The build directory handling has been changed. Previously, the build directory was kept in a temporary location in case ReaR encountered a failure. With this update, the build directory is deleted by default in non-interactive runs to prevent consuming disk space.

The semantics of the KEEP_BUILD_DIR configuration variable has been enhanced to include a new errors value. You can set the KEEP_BUILD_DIR variable to the following values:

  • errors to preserve the build directory on errors for debugging (the previous behavior)
  • y (true) to always preserve the build directory
  • n (false) to never preserve the build directory

The default value is an empty string with the meaning of errors when ReaR is being executed interactively (in a terminal) and false if ReaR is being executed non-interactively. Note that KEEP_BUILD_DIR is automatically set to true in debug mode (-d) and in debugscript mode (-D); this behavior has not been changed.

Notable bug fixes include:

  • Support for NetBackup 8.0 has been fixed.
  • ReaR no longer aborts with a bash error similar to xrealloc: cannot allocate on systems with a large number of users, groups, and users per group.
  • The bconsole command now shows its prompt, which enables you to perform a restore operation when using the Bacula integration.
  • ReaR now correctly backs up files also in situations when the docker service is running but no docker root directory has been defined, or when it is impossible to determine the status of the docker service.
  • Recovery no longer fails when using thin pools or recovering a system in Migration Mode.
  • Extremely slow rebuild of initramfs during the recovery process with LVM has been fixed.

(BZ#1693608)

6.10. Storage

Concurrent SG_IO requests in /dev/sg no longer cause data corruption

Previously, the /dev/sg device driver was missing synchronization of kernel data. Concurrent requests on the same file descriptor accessed the same data at the same time in the driver.

As a consequence, the ioctl system call sometimes erroneously used the payload of an SG_IO request for a different command that was sent at the same time as the correct one. This led to disk corruption in certain cases. Red Hat observed this bug in Red Hat Virtualization (RHV).

With this release, concurrency protection has been added in /dev/sg, and the described problem no longer occurs.

(BZ#1710533)

When an image is split off from an active/active cluster mirror, the resulting logical volume is now properly activated

Previously, when you split off an image from an active/active cluster mirror, the resulting new logical volume appeared active but it had no active component. With this fix, the new logical volume is properly activated.

(BZ#1642162)

Chapter 7. Technology Previews

This chapter provides a list of all Technology Previews available in Red Hat Enterprise Linux 7.

For information on Red Hat scope of support for Technology Preview features, see Technology Preview Features Support Scope.

7.1. General Updates

The systemd-importd VM and container image import and export service

Latest systemd version now contains the systemd-importd daemon that was not enabled in the earlier build, which caused the machinectl pull-* commands to fail. Note that the systemd-importd daemon is offered as a Technology Preview and should not be considered stable.

(BZ#1284974)

7.2. Authentication and Interoperability

Containerized Identity Management server available as Technology Preview

The rhel7/ipa-server container image is available as a Technology Preview feature. Note that the rhel7/sssd container image is now fully supported.

For details, see Using Containerized Identity Management Services.

(BZ#1405325)

DNSSEC available as Technology Preview in IdM

Identity Management (IdM) servers with integrated DNS now support DNS Security Extensions (DNSSEC), a set of extensions to DNS that enhance security of the DNS protocol. DNS zones hosted on IdM servers can be automatically signed using DNSSEC. The cryptographic keys are automatically generated and rotated.

Users who decide to secure their DNS zones with DNSSEC are advised to read and follow these documents:

Note that IdM servers with integrated DNS use DNSSEC to validate DNS answers obtained from other DNS servers. This might affect the availability of DNS zones that are not configured in accordance with recommended naming practices described in the Red Hat Enterprise Linux Networking Guide.

(BZ#1115294)

Identity Management JSON-RPC API available as a Technology Preview

An API is available for Identity Management (IdM). To view the API, IdM also provides an API browser as Technology Preview.

In RHEL 7.3, the IdM API was enhanced to enable multiple versions of API commands. Previously, enhancements could change the behavior of a command in an incompatible way. Users are now able to continue using existing tools and scripts even if the IdM API changes. This enables:

  • Administrators to use previous or later versions of IdM on the server than on the managing client.
  • Developers to use a specific version of an IdM call, even if the IdM version changes on the server.

In all cases, the communication with the server is possible, regardless if one side uses, for example, a newer version that introduces new options for a feature.

For details on using the API, see the related Knowlegdebase article.

(BZ#1298286)

Setting up IdM as a hidden replica is now available as a Technology Preview

This enhancement enables administrators to set up an Identity Management (IdM) replica as a hidden replica. A hidden replica is an IdM server that has all services running and available. However, it is not advertised to other clients or masters because no SRV records exist for the services in DNS, and LDAP server roles are not enabled. Therefore, clients cannot use service discovery to detect hidden replicas.

Hidden replicas are primarily designed for dedicated services that can otherwise disrupt clients. For example, a full backup of IdM requires to shut down all IdM services on the master or replica. Since no clients use a hidden replica, administrators can temporarily shut down the services on this host without affecting any clients. Other use cases include high-load operations on the IdM API or the LDAP server, such as a mass import or extensive queries.

To install a new hidden replica, use the ipa-replica-install --hidden-replica command. To change the state of an existing replica, use the ipa server-state command.

(BZ#1518939)

Use of AD and LDAP sudo providers

The Active Directory (AD) provider is a back end used to connect to an AD server. Starting with RHEL 7.2, using the AD sudo provider together with the LDAP provider is available as a Technology Preview. To enable the AD sudo provider, add the sudo_provider=ad setting in the [domain] section of the sssd.conf file.

(BZ#1068725)

The Custodia secrets service provider is available as a Technology Preview

As a Technology Preview, you can use Custodia, a secrets service provider. Custodia stores or serves as a proxy for secrets, such as keys or passwords.

For details, see the upstream documentation at http://custodia.readthedocs.io.

Note that since Red Hat Enterprise Linux 7.6, Custodia has been deprecated.

(BZ#1403214)

7.3. Clustering

Heuristics in corosync-qdevice available as a Technology Preview

Heuristics are a set of commands executed locally on startup, cluster membership change, successful connect to corosync-qnetd, and, optionally, on a periodic basis. When all commands finish successfully on time (their return error code is zero), heuristics have passed; otherwise, they have failed. The heuristics result is sent to corosync-qnetd where it is used in calculations to determine which partition should be quorate.

(BZ#1413573)

New fence-agents-heuristics-ping fence agent

As a Technology Preview, Pacemaker now supports the fence_heuristics_ping agent. This agent aims to open a class of experimental fence agents that do no actual fencing by themselves but instead exploit the behavior of fencing levels in a new way.

If the heuristics agent is configured on the same fencing level as the fence agent that does the actual fencing but is configured before that agent in sequence, fencing issues an off action on the heuristics agent before it attempts to do so on the agent that does the fencing. If the heuristics agent gives a negative result for the off action it is already clear that the fencing level is not going to succeed, causing Pacemaker fencing to skip the step of issuing the off action on the agent that does the fencing. A heuristics agent can exploit this behavior to prevent the agent that does the actual fencing from fencing a node under certain conditions.

A user might want to use this agent, especially in a two-node cluster, when it would not make sense for a node to fence the peer if it can know beforehand that it would not be able to take over the services properly. For example, it might not make sense for a node to take over services if it has problems reaching the networking uplink, making the services unreachable to clients, a situation which a ping to a router might detect in that case.

(BZ#1476401)

The pcs tool now manages bundle resources in Pacemaker

As a Technology Preview starting with Red Hat Enterprise Linux 7.4, Pacemaker supports a special syntax for launching a Docker container with any infrastructure it requires: the bundle. After you have created a Pacemaker bundle, you can create a Pacemaker resource that the bundle encapsulates. For information on Pacemaker support for containers, see High Availability Add-On Reference.

There is one exception to this feature being Technology Preview: As of RHEL 7.4, Red Hat fully supports the usage of Pacemaker bundles for Red Hat Openstack Platform (RHOSP) deployments.

(BZ#1433016)

New LVM and LVM lock manager resource agents

As a Technology Preview, Red Hat Enterprise Linux 7.6 introduces two new resource agents: lvmlockd and LVM-activate.

The LVM-activate agent provides a choice from multiple methods for LVM management throughout a cluster:

  • tagging: the same as tagging with the existing lvm resource agent
  • clvmd: the same as clvmd with the existing lvm resource agent
  • system ID: a new option for using system ID for volume group failover (an alternative to tagging).
  • lvmlockd: a new option for using lvmlockd and dlm for volume group sharing (an alternative to clvmd).

The new lvmlockd resource agent is used to start the lvmlockd daemon when LVM-activate is configured to use lvmlockd.

For information on the lvmlockd and LVM-activate resource agent, see the PCS help screens for those agents. For information on setting up LVM for use with lvmlockd, see the lvmlockd(8) man page.

(BZ#1513957)

7.4. Desktop

Wayland available as a Technology Preview

The Wayland display server protocol is available in Red Hat Enterprise Linux as a Technology Preview with the dependent packages required to enable Wayland support in GNOME, which supports fractional scaling. Wayland uses the libinput library as its input driver.

The following features are currently unavailable or do not work correctly:

  • Multiple GPU support is not possible at this time.
  • The NVIDIA binary driver does not work under Wayland.
  • The xrandr utility does not work under Wayland due to its different approach to handling, resolutions, rotations, and layout.
  • Screen recording, remote desktop, and accessibility do not always work correctly under Wayland.
  • No clipboard manager is available.
  • It is currently impossible to restart GNOME Shell under Wayland.
  • Wayland ignores keyboard grabs issued by X11 applications, such as virtual machines viewers.

(BZ#1481411)

Fractional Scaling available as a Technology Preview

Starting with Red Hat Enterprise Linux 7.5, GNOME provides, as a Technology Preview, fractional scaling to address problems with monitors whose DPI lies in the middle between lo (scale 1) and hi (scale 2).

Due to technical limitations, fractional scaling is available only on Wayland.

(BZ#1481395)

7.5. File Systems

File system DAX is now available for ext4 and XFS as a Technology Preview

Starting with Red Hat Enterprise Linux 7.3, Direct Access (DAX) provides, as a Technology Preview, a means for an application to directly map persistent memory into its address space.

To use DAX, a system must have some form of persistent memory available, usually in the form of one or more Non-Volatile Dual In-line Memory Modules (NVDIMMs), and a file system that supports DAX must be created on the NVDIMM(s). Also, the file system must be mounted with the dax mount option. Then, an mmap of a file on the dax-mounted file system results in a direct mapping of storage into the application’s address space.

(BZ#1274459)

pNFS block layout is now available

As a Technology Preview, Red Hat Enterprise Linux clients can now mount pNFS shares with the block layout feature.

Note that Red Hat recommends using the pNFS SCSI layout instead, which is similar to block layout but easier to use.

(BZ#1111712)

OverlayFS

OverlayFS is a type of union file system. It allows the user to overlay one file system on top of another. Changes are recorded in the upper file system, while the lower file system remains unmodified. This allows multiple users to share a file-system image, such as a container or a DVD-ROM, where the base image is on read-only media. See the Linux kernel documentation for additional information.

OverlayFS remains a Technology Preview under most circumstances. As such, the kernel will log warnings when this technology is activated.

Full support is available for OverlayFS when used with Docker under the following restrictions:

  • OverlayFS is only supported for use as a Docker graph driver. Its use can only be supported for container COW content, not for persistent storage. Any persistent storage must be placed on non-OverlayFS volumes to be supported. Only default Docker configuration can be used; that is, one level of overlay, one lowerdir, and both lower and upper levels are on the same file system.
  • Only XFS is currently supported for use as a lower layer file system.
  • On Red Hat Enterprise Linux 7.3 and earlier, SELinux must be enabled and in enforcing mode on the physical machine, but must be disabled in the container when performing container separation, that is the /etc/sysconfig/docker file must not contain --selinux-enabled. Starting with Red Hat Enterprise Linux 7.4, OverlayFS supports SELinux security labels, and you can enable SELinux support for containers by specifying --selinux-enabled in /etc/sysconfig/docker.
  • The OverlayFS kernel ABI and userspace behavior are not considered stable, and may see changes in future updates.
  • In order to make the yum and rpm utilities work properly inside the container, the user should be using the yum-plugin-ovl packages.

Note that OverlayFS provides a restricted set of the POSIX standards. Test your application thoroughly before deploying it with OverlayFS.

Note that XFS file systems must be created with the -n ftype=1 option enabled for use as an overlay. With the rootfs and any file systems created during system installation, set the --mkfsoptions=-n ftype=1 parameters in the Anaconda kickstart. When creating a new file system after the installation, run the # mkfs -t xfs -n ftype=1 /PATH/TO/DEVICE command. To determine whether an existing file system is eligible for use as an overlay, run the # xfs_info /PATH/TO/DEVICE | grep ftype command to see if the ftype=1 option is enabled.

There are also several known issues associated with OverlayFS in this release. For details, see Non-standard behavior in the Linux kernel documentation.

(BZ#1206277)

Btrfs file system

The B-Tree file system, Btrfs, is available as a Technology Preview in Red Hat Enterprise Linux 7.

Red Hat Enterprise Linux 7.4 introduced the last planned update to this feature. Btrfs has been deprecated, which means Red Hat will not be moving Btrfs to a fully supported feature and it will be removed in a future major release of Red Hat Enterprise Linux.

(BZ#1477977)

7.6. Hardware Enablement

LSI Syncro CS HA-DAS adapters

Red Hat Enterprise Linux 7.1 included code in the megaraid_sas driver to enable LSI Syncro CS high-availability direct-attached storage (HA-DAS) adapters. While the megaraid_sas driver is fully supported for previously enabled adapters, the use of this driver for Syncro CS is available as a Technology Preview. Support for this adapter is provided directly by LSI, your system integrator, or system vendor. Users deploying Syncro CS on Red Hat Enterprise Linux 7.2 and later are encouraged to provide feedback to Red Hat and LSI.

(BZ#1062759)

tss2 enables TPM 2.0 for IBM Power LE

The tss2 package adds IBM implementation of a Trusted Computing Group Software Stack (TSS) 2.0 as a Technology Preview for the IBM Power LE architecture. This package enables users to interact with TPM 2.0 devices.

(BZ#1384452)

The ibmvnic device driver available as a Technology Preview

Since Red Hat Enterprise Linux 7.3, the IBM Virtual Network Interface Controller (vNIC) driver for IBM POWER architectures, ibmvnic, has been available as a Technology Preview. vNIC is a PowerVM virtual networking technology that delivers enterprise capabilities and simplifies network management. It is a high-performance, efficient technology that when combined with SR-IOV NIC provides bandwidth control Quality of Service (QoS) capabilities at the virtual NIC level. vNIC significantly reduces virtualization overhead, resulting in lower latencies and fewer server resources, including CPU and memory, required for network virtualization.

In Red Hat Enterprise Linux 7.6, the ibmvnic driver was upgraded to version 1.0, which provides a number of bug fixes and enhancements over the previous version. Notable changes include:

  • The code that previously requested error information has been removed because no error ID is provided by the Virtual Input-Output (VIOS) Server.
  • Error reporting has been updated with the cause string. As a result, during a recovery, the driver classifies the string as a warning rather than an error.
  • Error recovery on a login failure has been fixed.
  • The failed state that occurred after a failover while migrating Logical Partitioning (LPAR) has been fixed.
  • The driver can now handle all possible login response return values.
  • A driver crash that happened during a failover or Link Power Management (LPM) if the Transmit and Receive (Tx/Rx) queues have changed has been fixed.

(BZ#1519746)

The igc driver available as a Technology Preview

The Intel® 2.5G Ethernet Linux Driver (igc.ko.xz) is available as a Technology Preview.

(BZ#1454918)

The ice driver available as a Technology Preview

The Intel® Ethernet Connection E800 Series Linux Driver (ice.ko.xz) is available as a Technology Preview.

(BZ#1454916)

7.7. Kernel

eBPF system call for tracing

Red Hat Enterprise Linux 7.6 introduced the Extended Berkeley Packet Filter tool (eBPF) as a Technology Preview. This tool is enabled only for the tracing subsystem. For details, see the related Red Hat Knowledgebase article.

(BZ#1559615)

Heterogeneous memory management included as a Technology Preview

Red Hat Enterprise Linux 7 introduced the heterogeneous memory management (HMM) feature as a Technology Preview. This feature has been added to the kernel as a helper layer for devices that want to mirror a process address space into their own memory management unit (MMU). Thus a non-CPU device processor is able to read system memory using the unified system address space. To enable this feature, add experimental_hmm=enable to the kernel command line.

(BZ#1230959)

kexec as a Technology Preview

The kexec system call has been provided as a Technology Preview. This system call enables loading and booting into another kernel from the currently running kernel, thus performing the function of the boot loader from within the kernel. Hardware initialization, which is normally done during a standard system boot, is not performed during a kexec boot, which significantly reduces the time required for a reboot.

(BZ#1460849)

kexec fast reboot as a Technology Preview

The kexec fast reboot feature, which was introduced in Red Hat Enterprise Linux 7.5, continues to be available as a Technology Preview. kexec fast reboot makes the reboot significantly faster. To use this feature, you must load the kexec kernel manually, and then reboot the operating system.

It is not possible to make kexec fast reboot as the default reboot action. Special case is using kexec fast reboot for Anaconda. It still does not enable to make kexec fast reboot default. However, when used with Anaconda, the operating system can automatically use kexec fast reboot after the installation is complete in case that user boots kernel with the anaconda option. To schedule a kexec reboot, use the inst.kexec command on the kernel command line, or include a reboot --kexec line in the Kickstart file.

(BZ#1464377)

perf cqm has been replaced by resctrl

The Intel Cache Allocation Technology (CAT) was introduced in Red Hat Enterprise Linux 7.4 as a Technology Preview. However, the perf cqm tool did not work correctly due to an incompatibility between perf infrastructure and Cache Quality of Service Monitoring (CQM) hardware support. Consequently, multiple problems occurred when using perf cqm.

These problems included most notably:

  • perf cqm did not support the group of tasks which is allocated using resctrl
  • perf cqm gave random and inaccurate data due to several problems with recycling
  • perf cqm did not provide enough support when running different kinds of events together (the different events are, for example, tasks, system-wide, and cgroup events)
  • perf cqm provided only partial support for cgroup events
  • The partial support for cgroup events did not work in cases with a hierarchy of cgroup events, or when monitoring a task in a cgroup and the cgroup together
  • Monitoring tasks for the lifetime caused perf overhead
  • perf cqm reported the aggregate cache occupancy or memory bandwidth over all sockets, while in most cloud and VMM-bases use cases the individual per-socket usage is needed

In Red Hat Enterprise Linux 7.5, perf cqm was replaced by the approach based on the resctrl file system, which addressed all of the aforementioned problems.

(BZ#1457533)

TC HW offloading available as a Technology Preview

Starting with Red Hat Enterprise Linux 7.6, Traffic Control (TC) Hardware offloading has been provided as a Technology Preview.

Hardware offloading enables that the selected functions of network traffic processing, such as shaping, scheduling, policing and dropping, are executed directly in the hardware instead of waiting for software processing, which improves the performance.

(BZ#1503123)

AMD xgbe network driver available as a Technology Preview

Starting with Red Hat Enterprise Linux 7.6, the AMD xgbe network driver has been provided as a Technology Preview.

(BZ#1589397)

Secure Memory Encryption is available only as a Technology Preview

Currently, Secure Memory Encryption (SME) is incompatible with kdump functionality, as the kdump kernel lacks the memory key to decrypt SME-encrypted memory. Red Hat found that with SME enabled, servers under testing might fail to perform some functions and therefore the feature is unfit for use in production. Consequently, SME is changing the support level from Supported to Technology Preview. Customers are encouraged to report any issues found while testing in pre-production to Red Hat or their system vendor.

(BZ#1726642)

criu available as a Technology Preview

Red Hat Enterprise Linux 7.2 introduced the criu tool as a Technology Preview. This tool implements Checkpoint/Restore in User-space (CRIU), which can be used to freeze a running application and store it as a collection of files. Later, the application can be restored from its frozen state.

Note that the criu tool depends on Protocol Buffers, a language-neutral, platform-neutral extensible mechanism for serializing structured data. The protobuf and protobuf-c packages, which provide this dependency, were also introduced in Red Hat Enterprise Linux 7.2 as a Technology Preview. In Red Hat Enterprise Linux 7.8, the criu package provides support for Podman to do a container checkpoint and restore. The newly added functionality only works without SELinux support.

(BZ#1400230)

The mlx5_core driver supports the Mellanox ConnectX-6 Dx network adapter as a Technology Preview

This enhancement adds the PCI IDs of the Mellanox ConnectX-6 Dx network adapter to the mlx5_core driver. On hosts that use this adapter, RHEL loads the mlx5_core driver automatically. Note that Red Hat provides this feature as an unsupported Technology Preview.

(BZ#1685900)

7.8. Networking

Cisco usNIC driver

Cisco Unified Communication Manager (UCM) servers have an optional feature to provide a Cisco proprietary User Space Network Interface Controller (usNIC), which allows performing Remote Direct Memory Access (RDMA)-like operations for user-space applications. The libusnic_verbs driver, which is available as a Technology Preview, makes it possible to use usNIC devices via standard InfiniBand RDMA programming based on the Verbs API.

(BZ#916384)

Cisco VIC kernel driver

The Cisco VIC Infiniband kernel driver, which is available as a Technology Preview, allows the use of Remote Directory Memory Access (RDMA)-like semantics on proprietary Cisco architectures.

(BZ#916382)

Trusted Network Connect

Trusted Network Connect, available as a Technology Preview, is used with existing network access control (NAC) solutions, such as TLS, 802.1X, or IPsec to integrate endpoint posture assessment; that is, collecting an endpoint’s system information (such as operating system configuration settings, installed packages, and others, termed as integrity measurements). Trusted Network Connect is used to verify these measurements against network access policies before allowing the endpoint to access the network.

(BZ#755087)

SR-IOV functionality in the qlcnic driver

Support for Single-Root I/O virtualization (SR-IOV) has been added to the qlcnic driver as a Technology Preview. Support for this functionality will be provided directly by QLogic, and customers are encouraged to provide feedback to QLogic and Red Hat. Other functionality in the qlcnic driver remains fully supported.

Note that the qlcnic driver has been deprecated and is not available in RHEL 8.

(BZ#1259547)

The flower classifier with off-loading support

flower is a Traffic Control (TC) classifier intended to allow users to configure matching on well-known packet fields for various protocols. It is intended to make it easier to configure rules over the u32 classifier for complex filtering and classification tasks. flower also supports the ability to off-load classification and action rules to underlying hardware if the hardware supports it. The flower TC classifier is now provided as a Technology Preview.

(BZ#1393375)

7.9. Red Hat Enterprise Linux System Roles

The postfix role of RHEL System Roles available as a Technology Preview

Red Hat Enterprise Linux System Roles provides a configuration interface for Red Hat Enterprise Linux subsystems, which makes system configuration easier through the inclusion of Ansible Roles. This interface enables managing system configurations across multiple versions of Red Hat Enterprise Linux, as well as adopting new major releases.

Since Red Hat Enterprise Linux 7.4, the rhel-system-roles packages have been distributed through the Extras repository.

The postfix role is available as a Technology Preview.

The following roles are fully supported:

  • kdump
  • network
  • selinux
  • storage
  • timesync

For more information, see the Knowledgebase article about RHEL System Roles.

(BZ#1439896)

rhel-system-roles-sap available as a Technology Preview

The rhel-system-roles-sap package provides Red Hat Enterprise Linux (RHEL) System Roles for SAP, which can be used to automate the configuration of a RHEL system to run SAP workloads. These roles greatly reduce the time to configure a system to run SAP workloads by automatically applying the optimal settings that are based on best practices outlined in relevant SAP Notes. Access is limited to RHEL for SAP Solutions offerings. Please contact Red Hat Customer Support if you need assistance with your subscription.

The following new roles in the rhel-system-roles-sap package are available as a Technology Preview:

  • sap-preconfigure
  • sap-netweaver-preconfigure
  • sap-hana-preconfigure

For more information, see Red Hat Enterprise Linux System Roles for SAP.

Note: RHEL 7.8 for SAP Solutions is currently not scheduled to be validated for use with SAP HANA on Intel 64 architecture and IBM POWER8. Other SAP applications and database products, for example, SAP NetWeaver and SAP ASE, can use RHEL 7.8 features. Please consult SAP Notes 2369910 and 2235581 for the latest information about validated releases and SAP support.

(BZ#1660838)

7.10. Security

SECCOMP can be now enabled in libreswan

As a Technology Preview, the seccomp=enabled|tolerant|disabled option has been added to the ipsec.conf configuration file, which makes it possible to use the Secure Computing mode (SECCOMP). This improves the syscall security by whitelisting all the system calls that Libreswan is allowed to execute. For more information, see the ipsec.conf(5) man page.

(BZ#1375750)

pk12util can now import certificates with RSA-PSS keys

The pk12util tool now provides importing a certificate signed with the RSA-PSS algorithm as a Technology Preview.

Note that if the corresponding private key is imported and has the PrivateKeyInfo.privateKeyAlgorithm field that restricts the signing algorithm to RSA-PSS, it is ignored when importing the key. See MZBZ#1413596 for more information.

(BZ#1431210)

Support for certificates signed with RSA-PSS in certutil has been improved

Support for certificates signed with the RSA-PSS algorithm in the certutil tool has been improved. Notable enhancements and fixes include:

  • The --pss option is now documented.
  • The PKCS#1 v1.5 algorithm is no longer used for self-signed signatures when a certificate is restricted to use RSA-PSS.
  • Empty RSA-PSS parameters in the subjectPublicKeyInfo field are no longer printed as invalid when listing certificates.
  • The --pss-sign option for creating regular RSA certificates signed with the RSA-PSS algorithm has been added.

Support for certificates signed with RSA-PSS in certutil is provided as a Technology Preview.

(BZ#1425514)

NSS is now able to verify RSA-PSS signatures on certificates

Since the RHEL 7.5 version of the nss package, the Network Security Services (NSS) libraries provide verifying RSA-PSS signatures on certificates as a Technology Preview. Prior to this update, clients using NSS as the SSL backend were not able to establish a TLS connection to a server that offered only certificates signed with the RSA-PSS algorithm.

Note that the functionality has the following limitations:

  • The algorithm policy settings in the /etc/pki/nss-legacy/rhel7.config file do not apply to the hash algorithms used in RSA-PSS signatures.
  • RSA-PSS parameters restrictions between certificate chains are ignored and only a single certificate is taken into account.

(BZ#1432142)

USBGuard enables blocking USB devices while the screen is locked as a Technology Preview

With the USBGuard framework, you can influence how an already running usbguard-daemon instance handles newly inserted USB devices by setting the value of the InsertedDevicePolicy runtime parameter. This functionality is provided as a Technology Preview, and the default choice is to apply the policy rules to figure out whether to authorize the device or not.

See the Blocking USB devices while the screen is locked Knowledgebase article.

(BZ#1480100)

7.11. Storage

Multi-queue I/O scheduling for SCSI

Red Hat Enterprise Linux 7 includes a new multiple-queue I/O scheduling mechanism for block devices known as blk-mq. The scsi-mq package allows the Small Computer System Interface (SCSI) subsystem to make use of this new queuing mechanism. This functionality is provided as a Technology Preview and is not enabled by default. To enable it, add scsi_mod.use_blk_mq=Y to the kernel command line.

Also note that although blk-mq is intended to offer improved performance, particularly for low-latency devices, it is not guaranteed to always provide better performance. Notably, in some cases, enabling scsi-mq can result in significantly deteriorated performance, especially on systems with many CPUs.

(BZ#1109348)

Targetd plug-in from the libStorageMgmt API

Since Red Hat Enterprise Linux 7.1, storage array management with libStorageMgmt, a storage array independent API, has been fully supported. The provided API is stable, consistent, and allows developers to programmatically manage different storage arrays and utilize the hardware-accelerated features provided. System administrators can also use libStorageMgmt to manually configure storage and to automate storage management tasks with the included command-line interface.

The Targetd plug-in is not fully supported and remains a Technology Preview.

(BZ#1119909)

SCSI-MQ as a Technology Preview in the qla2xxx and lpfc drivers

The qla2xxx driver updated in Red Hat Enterprise Linux 7.4 can enable the use of SCSI-MQ (multiqueue) with the ql2xmqsupport=1 module parameter. The default value is 0 (disabled).

The SCSI-MQ functionality is provided as a Technology Preview when used with the qla2xxx or the lpfc drivers.

Note that a recent performance testing at Red Hat with async IO over Fibre Channel adapters using SCSI-MQ has shown significant performance degradation under certain conditions.

(BZ#1414957)

7.12. System and Subscription Management

YUM 4 available as Technology Preview

YUM version 4, a next generation of the YUM package manager, is available as a Technology Preview in the Red Hat Enterprise Linux 7 Extras repository.

YUM 4 is based on the DNF technology and offers the following advantages over the standard YUM 3 used on RHEL 7:

  • Increased performance
  • Support for modular content
  • Well-designed stable API for integration with tooling

To install YUM 4, run the yum install nextgen-yum4 command.

Make sure to install the dnf-plugin-subscription-manager package, which includes the subscription-manager plug-in. This plug-in is required for accessing protected repositories provided by the Red Hat Customer Portal or Red Hat Satellite 6, and for automatic updates of the /etc/yum.repos.d/redhat.repo file.

To manage packages, use the yum4 command and its particular options the same way as the yum command.

For detailed information about differences between the new YUM 4 tool and YUM 3, see Changes in DNF CLI compared to YUM.

For instructions on how to enable the Extras repository, see the Knowledgebase article How to subscribe to the Extras channel/repo.

(BZ#1461652)

7.13. Virtualization

USB 3.0 support for KVM guests

USB 3.0 host adapter (xHCI) emulation for KVM guests remains a Technology Preview in Red Hat Enterprise Linux 7.

(BZ#1103193)

Select Intel network adapters now support SR-IOV in RHEL guests on Hyper-V

As a Technology Preview, Red Hat Enterprise Linux guest operating systems running on a Hyper-V hypervisor can now use the single-root I/O virtualization (SR-IOV) feature for Intel network adapters supported by the ixgbevf and i40evf drivers. This feature is enabled when the following conditions are met:

  • SR-IOV support is enabled for the network interface controller (NIC)
  • SR-IOV support is enabled for the virtual NIC
  • SR-IOV support is enabled for the virtual switch
  • The virtual function (VF) from the NIC is attached to the virtual machine.

The feature is currently supported with Microsoft Windows Server 2019 and 2016.

(BZ#1348508)

No-IOMMU mode for VFIO drivers

As a Technology Preview, this update adds No-IOMMU mode for virtual function I/O (VFIO) drivers. The No-IOMMU mode provides the user with full user-space I/O (UIO) access to a direct memory access (DMA)-capable device without a I/O memory management unit (IOMMU). Note that in addition to not being supported, using this mode is not secure due to the lack of I/O management provided by IOMMU.

(BZ#1299662)

Azure M416v2 as a host for RHEL 7 guests

As a Technology Preview, the Azure M416v2 instance type can now be used as a host for virtual machines that use RHEL 7.6 and later as the guest operating systems.

(BZ#1661654)

virt-v2v can convert Debian and Ubuntu guests

As a Technology Preview, the virt-v2v utility can now convert Debian and Ubuntu guest virtual machines. Note that the following problems currently occur when performing this conversion:

  • virt-v2v cannot change the default kernel in the GRUB2 configuration, and the kernel configured in the guest is not changed during the conversion, even if a more optimal version of the kernel is available on the guest.
  • After converting a Debian or Ubuntu VMware guest to KVM, the name of the guest’s network interface may change, and thus requires manual configuration.

(BZ#1387213)

GPU-based mediated devices now support the VNC console

As a Technology Preview, the Virtual Network Computing (VNC) console is now available for use with GPU-based mediated devices, such as the NVIDIA vGPU technology. As a result, it is now possible to use these mediated devices for real-time rendering of a virtual machine’s graphical output.

(BZ#1475770)

Open Virtual Machine Firmware

The Open Virtual Machine Firmware (OVMF) is available as a Technology Preview in Red Hat Enterprise Linux 7. OVMF is a UEFI secure boot environment for AMD64 and Intel 64 guests. However, OVMF is not bootable with virtualization components available in RHEL 7. Note that OVMF is fully supported in RHEL 8.

(BZ#653382)

Chapter 8. Known Issues

This chapter documents known problems in Red Hat Enterprise Linux 7.

8.1. Authentication and Interoperability

Potential risk when using the default value for ldap_id_use_start_tls option

When using ldap:// without TLS for identity lookups, it can pose a risk for an attack vector. Particularly a man-in-the-middle (MITM) attack which could allow an attacker to impersonate a user by altering, for example, the UID or GID of an object returned in an LDAP search.

Currently, the SSSD configuration option to enforce TLS, ldap_id_use_start_tls, defaults to false. Ensure that your setup operates in a trusted environment and decide if it is safe to use unencrypted communication for id_provider = ldap. Note id_provider = ad and id_provider = ipa are not affected as they use encrypted connections protected by SASL and GSSAPI.

If it is not safe to use unencrypted communication, enforce TLS by setting the ldap_id_use_start_tls option to true in the /etc/sssd/sssd.conf file. The default behavior is planned to be changed in a future release of RHEL.

(JIRA:RHELPLAN-155168)

8.2. Compiler and Tools

GCC thread sanitizer included in RHEL no longer works

Due to incompatible changes in kernel memory mapping, the thread sanitizer included with the GNU C Compiler (GCC) compiler version in RHEL no longer works. Additionally, the thread sanitizer cannot be adapted to the incompatible memory layout. As a result, it is no longer possible to use the GCC thread sanitizer included with RHEL.

As a workaround, use the version of GCC included in Red Hat Developer Toolset to build code which uses the thread sanitizer.

(BZ#1569484)

8.3. Desktop

The radeon driver fails to reset hardware correctly in the kexec context

When booting a kernel from the currently running kernel, such as when performing the kdump process, the radeon kernel driver currently does not properly reset hardware. Instead, radeon terminates unexpectedly, which causes the rest of the kdump service to fail.

To work around this bug, blacklist radeon in kdump by adding the following line to the /etc/kdump.conf file:

dracut_args --omit-drivers "radeon"

Afterwards, restart the machine and kdump.

Note that in this scenario, no graphics will be available during kdump, but kdump will complete successfully.

(BZ#1509444)

8.4. File Systems

System boot might fail due to persistent memory file systems

Systems with a large amount of persistent memory take a long time to boot. If the /etc/fstab file configures persistent memory file systems, the system might time out waiting for the devices to become available. The boot process then fails and presents the user with an emergency prompt.

To work around the problem, increase the DefaultTimeoutStartSec value in the /etc/systemd/system.conf file. Use a sufficiently large value, such as 1200s. As a result, the system boot no longer times out.

(BZ#1666535, BZ#1634341)

8.5. Installation and Booting

RHEL 7.7 and later installations add spectre_v2=retpoline to Intel Cascade Lake systems 

RHEL 7.7 and later installations add the spectre_v2=retpoline kernel parameter to Intel Cascade Lake systems, and as a consequence, system performance is affected. To work around this problem and ensure the best performance, complete the following steps.

  1. Remove the kernel boot parameter on Intel Cascade Lake systems:

    # grubby --remove-args="spectre_v2=retpoline" --update-kernel=DEFAULT
  2. Reboot the system:

    # reboot

(BZ#1767612)

iSCSI installation failing with Emulex OneConnect card

After connecting an Emulex OneConnect card and configuring it for iSCSI boot, when you start the RHEL installation, the Anaconda installer returns an exception and the installation terminates unexpectedly.

To work around this problem, add the rd.iscsi.firmware parameter to the boot command line post installation and you will be able to successfully boot into RHEL. However, note that the boot process with this workaround takes a little longer.

(BZ#1632274)

8.6. Kernel

The system boot sometimes fails on large systems

During the boot process, the udev device manager sometimes generates too many rules on large systems. For example, the problem has manifested on a system with 32 TB of memory and 192 CPUs. As a consequence, the boot process becomes unresponsive or times out and switches to the emergency shell.

To work around the problem, increase the udev.children-max value:

  1. Add the udev.children-max=1000 option to the kernel command line in the /etc/default/grub file. You can experiment with different values of udev.children-max to see which value results in the fastest boot on your system.
  2. Limit the udev.children-max value for the kdump kernel:

    Add the udev.children-max option to the KDUMP_COMMANDLINE_REMOVE line in the /etc/sysconfig/kdump file.

    If you do not specify the kdump option, the system might enter emergency mode after a kdump or fadump capture on IBM POWER systems.

  3. Restart the kdump service:

    # systemctl restart kdump

As a result, the system boots successfully.

(BZ#1722855)

The mirror segment type causes system deadlock in stacked configurations

The usage of the mirror segment type and putting any logical volumes on top of it causes system deadlock in stacked configurations. To work around this problem, Red Hat recommends using RAID 1 logical volumes with segment type raid1.

To convert mirror devices to raid1, see Converting a Mirrored LVM Device to a RAID1 Device.

(BZ#1772107)

The zlib compression format may slow down a vmcore capture

The kdump configuration file uses the lzo compression format (makedumpfile -l) by default. Modification of the configuration file to use the zlib compression format (makedumpfile -c) is likely to bring a better compression factor at the expense of slowing down the vmcore capture process. As a consequence, it may take kdump approximately 4 times longer to capture a vmcore when zlib is used as compared to lzo. As a result, Red Hat recommends that you use the default lzo for cases where speed is the main driving factor. However, if the target machine is low on available space, zlib is a better option.

(BZ#1737111)

Intel network device that uses the ice driver does not pass traffic when using bridge-over-VLAN topology

Ethernet devices do not transmit Internet Control Message Protocol (ICMP) echo request and reply traffic if all of the following conditions meet:

  • The Ethernet device uses the ice Intel driver.
  • The Ethernet device is a member of a bridge.
  • The bridge uses VLAN tagging according to the 802.1Q protocol

As a consequence, Network Interface Controller (NIC) does not pass traffic for the described network topology. There is no workaround available to this problem.

(BZ#1787295)

8.7. Networking

Verification of signatures using the MD5 hash algorithm is disabled in Red Hat Enterprise Linux 7

It is impossible to connect to any Wi-Fi Protected Access (WPA) Enterprise Access Point (AP) that requires MD5 signed certificates. To work around this problem, copy the wpa_supplicant.service file from the /usr/lib/systemd/system/ directory to the /etc/systemd/system/ directory and add the following line to the Service section of the file:

Environment=OPENSSL_ENABLE_MD5_VERIFY=1

Then run the systemctl daemon-reload command as root to reload the service file.

Important

Note that MD5 certificates are highly insecure and Red Hat does not recommend using them.

(BZ#1062656)

bind-utils DNS lookup utilities support fewer search domains than glibc

The dig, host, and nslookup DNS lookup utilities from the bind-utils package support only up to 8 search domains, while the glibc resolver in the system supports any number of search domains. As a consequence, the DNS lookup utilities may get different results than applications when a search in the /etc/resolv.conf file contains more than 8 domains.

To work around this problem, use one of the following:

  • Full names ending with a dot, or
  • Fewer than nine domains in the resolv.conf search clause.

Note that it is not recommended to use more than three domains.

(BZ#1758317)

8.8. Security

Auditd server does not start on remote logging servers using KRB5 peer authentication

The SELinux policy does not contain the auditd_tmp_t file type for the temporary directories and files created by processes running under auditd_t SELinux type. This prevents starting the auditd service on a server when KRB5 peer authentication is used for remote logging.

To work around this problem, either set auditd_t domain to permissive mode or build a custom SELinux policy that allows processes running under auditd_t type to create and modify files and directories in the /var/tmp directory. As a result, auditd server using KRB5 peer authentication for remote logging can be started only after applying the described workaround.

(BZ#1752577)

Audit executable watches on symlinks do not work

File monitoring provided by the -w option cannot directly track a path. It has to resolve the path to a device and an inode to make a comparison with the executed program. A watch monitoring an executable symlink monitors the device and an inode of the symlink itself instead of the program executed in memory, which is found from the resolution of the symlink. Even if the watch resolves the symlink to get the resulting executable program, the rule triggers on any multi-call binary called from a different symlink. This results in flooding logs with false positives. Consequently, Audit executable watches on symlinks do not work.

To work around the problem, set up a watch for the resolved path of the program executable, and filter the resulting log messages using the last component listed in the comm= or proctitle= fields.

(BZ#1421794)

8.9. Servers and Services

Upgrade to RHEL 7.8 fails when mariadb-test or postgresql-docs are installed on Workstation

The mariadb-test and postgresql-docs packages have been moved to the Workstation Optional repository. Consequently, if these packages are installed, it is impossible to update a system with a Workstation variant to RHEL 7.8. To work around this problem, uninstall mariadb-test and postgresql-docs prior to upgrading to RHEL 7.8.

(BZ#1749776)

FreeRADIUS silently truncates Tunnel-Passwords longer than 249 characters

If a Tunnel-Password is longer than 249 characters, the FreeRADIUS service silently truncates it. This may lead to unexpected password incompatibilities with other systems.

To work around the problem, choose a password that is 249 characters or fewer.

(BZ#1463673)

8.10. Storage

The system sometimes becomes unresponsive in low-memory situations with external MD metadata

The system might periodically become unresponsive if all of the following conditions occur:

  • The Multiple Devices (MD) storage subsystem is configured to use external metadata arrays.
  • The system reaches a low-memory situation.
  • The MD user space performs an allocation that writes data back to the same device that MD is allocating for.

To work around the problem, ensure that the system has enough free memory. As a result, the system does not become unresponsive when MD performs the allocation.

(BZ#1703180)

8.11. Virtualization

Live migration of virtual machines between hosts with different physical address sizes does not work in some cases

Live migration of a virtual machine (VM) that uses a hot-plugged CPU currently fails in some cases if the hosts have different physical address sizes. To work around this problem, do not live migrate between such hosts while using a CPU hot-plug. Alternatively, do not hot-plug a CPU to a VM that has been migrated to a host with a different physical address size.

(BZ#1607311)

virt-clone always shows a 100% progress bar when --nonsparse is used

Currently, when the virt-clone utility is used with the --nonparse option, the progress bar displayed in the CLI always shows 100% completion of the process. As a consequence, the user cannot see the actual progress of cloning the virtual machine.

(BZ#1746771)

RHEL 7 virtual machines sometimes cannot boot on and migrate to Witherspoon hosts

RHEL 7 virtual machines (VMs) that use the pseries-rhel7.6.0-sxxm machine type in some cases fail to boot on Power9 S922LC for HPC hosts (also known as Witherspoon) that use the DD2.3 CPU.

Attempting to boot such a VM instead generates the following error message:

qemu-kvm: Requested safe indirect branch capability level not supported by kvm

In addition, migrating VMs that use the pseries-rhel7.6.0-sxxm machine type to Witherspoon hosts from other hosts fails.

(BZ#1751054)

kdump does not support setting nr_cpus to 2 or higher in Hyper-V virtual machines

When using RHEL 7.8 as a guest operating system on a Microsoft Hyper-V hypervisor, the kdump kernel in some cases becomes unresponsive when the nr_cpus parameter is set to 2 or higher. To avoid this problem from occurring, do not change the default nr_cpus=1 parameter in the /etc/sysconfig/kdump file of the guest.

(BZ#1773478)

Chapter 9. Deprecated Functionality

This chapter provides an overview of functionality that has been deprecated in all minor releases of Red Hat Enterprise Linux 7 up to Red Hat Enterprise Linux 7.

Deprecated functionality continues to be supported until the end of life of Red Hat Enterprise Linux 7. Deprecated functionality will likely not be supported in future major releases of this product and is not recommended for new deployments. For the most recent list of deprecated functionality within a particular major release, refer to the latest version of release documentation.

Deprecated hardware components are not recommended for new deployments on the current or future major releases. Hardware driver updates are limited to security and critical fixes only. Red Hat recommends replacing this hardware as soon as reasonably feasible.

A package can be deprecated and not recommended for further use. Under certain circumstances, a package can be removed from a product. Product documentation then identifies more recent packages that offer functionality similar, identical, or more advanced to the one deprecated, and provides further recommendations.

For details regarding differences between RHEL 7 and RHEL 8, see Considerations in adopting RHEL 8.

9.1. Deprecated Packages

The following packages are now deprecated. For information regarding replaced packages or availability in an unsupported RHEL 8 repository (if applicable), see Considerations in adopting RHEL 8.

  • a2ps
  • abrt-addon-upload-watch
  • abrt-devel
  • abrt-gui-devel
  • abrt-retrace-client
  • acpid-sysvinit
  • advancecomp
  • adwaita-icon-theme-devel
  • adwaita-qt-common
  • adwaita-qt4
  • agg
  • aic94xx-firmware
  • akonadi
  • akonadi-devel
  • akonadi-mysql
  • alacarte
  • alsa-tools
  • anaconda-widgets-devel
  • ant-antunit
  • ant-antunit-javadoc
  • antlr-C++-doc
  • antlr-python
  • antlr-tool
  • apache-commons-collections-javadoc
  • apache-commons-collections-testframework
  • apache-commons-configuration
  • apache-commons-configuration-javadoc
  • apache-commons-daemon
  • apache-commons-daemon-javadoc
  • apache-commons-daemon-jsvc
  • apache-commons-dbcp
  • apache-commons-dbcp-javadoc
  • apache-commons-digester
  • apache-commons-digester-javadoc
  • apache-commons-jexl
  • apache-commons-jexl-javadoc
  • apache-commons-lang-javadoc
  • apache-commons-pool
  • apache-commons-pool-javadoc
  • apache-commons-validator
  • apache-commons-validator-javadoc
  • apache-commons-vfs
  • apache-commons-vfs-ant
  • apache-commons-vfs-examples
  • apache-commons-vfs-javadoc
  • apache-rat
  • apache-rat-core
  • apache-rat-javadoc
  • apache-rat-plugin
  • apache-rat-tasks
  • apr-util-nss
  • args4j
  • args4j-javadoc
  • ark
  • ark-libs
  • asciidoc-latex
  • at-spi
  • at-spi-devel
  • at-spi-python
  • at-sysvinit
  • atlas-static
  • attica
  • attica-devel
  • audiocd-kio
  • audiocd-kio-devel
  • audiocd-kio-libs
  • audiofile
  • audiofile-devel
  • audit-libs-python
  • audit-libs-static
  • authconfig
  • authconfig-gtk
  • authd
  • autogen-libopts-devel
  • automoc
  • autotrace-devel
  • avahi-dnsconfd
  • avahi-glib-devel
  • avahi-gobject-devel
  • avahi-qt3
  • avahi-qt3-devel
  • avahi-qt4
  • avahi-qt4-devel
  • avahi-tools
  • avahi-ui
  • avahi-ui-devel
  • avahi-ui-tools
  • avalon-framework
  • avalon-framework-javadoc
  • avalon-logkit
  • avalon-logkit-javadoc
  • bacula-console-bat
  • bacula-devel
  • bacula-traymonitor
  • baekmuk-ttf-batang-fonts
  • baekmuk-ttf-dotum-fonts
  • baekmuk-ttf-fonts-common
  • baekmuk-ttf-fonts-ghostscript
  • baekmuk-ttf-gulim-fonts
  • baekmuk-ttf-hline-fonts
  • base64coder
  • base64coder-javadoc
  • batik
  • batik-demo
  • batik-javadoc
  • batik-rasterizer
  • batik-slideshow
  • batik-squiggle
  • batik-svgpp
  • batik-ttf2svg
  • bcc-devel
  • bcel
  • bison-devel
  • blas-static
  • blas64-devel
  • blas64-static
  • bltk
  • bluedevil
  • bluedevil-autostart
  • bmc-snmp-proxy
  • bogofilter-bogoupgrade
  • bridge-utils
  • bsdcpio
  • bsh-demo
  • bsh-utils
  • btrfs-progs
  • btrfs-progs-devel
  • buildnumber-maven-plugin
  • buildnumber-maven-plugin-javadoc
  • bwidget
  • bzr
  • bzr-doc
  • cairo-tools
  • cal10n
  • caribou
  • caribou-antler
  • caribou-devel
  • caribou-gtk2-module
  • caribou-gtk3-module
  • cdi-api-javadoc
  • cdparanoia-static
  • cdrskin
  • ceph-common
  • check-static
  • cheese-libs-devel
  • cifs-utils-devel
  • cim-schema-docs
  • cim-schema-docs
  • cjkuni-ukai-fonts
  • clutter-gst2-devel
  • clutter-tests
  • cmpi-bindings-pywbem
  • cobertura
  • cobertura-javadoc
  • cockpit-machines-ovirt
  • codehaus-parent
  • codemodel
  • codemodel-javadoc
  • cogl-tests
  • colord-extra-profiles
  • colord-kde
  • compat-cheese314
  • compat-dapl
  • compat-dapl-devel
  • compat-dapl-static
  • compat-dapl-utils
  • compat-db
  • compat-db-headers
  • compat-db47
  • compat-exiv2-023
  • compat-gcc-44
  • compat-gcc-44-c++
  • compat-gcc-44-gfortran
  • compat-glade315
  • compat-glew
  • compat-glibc
  • compat-glibc-headers
  • compat-gnome-desktop314
  • compat-grilo02
  • compat-libcap1
  • compat-libcogl-pango12
  • compat-libcogl12
  • compat-libcolord1
  • compat-libf2c-34
  • compat-libgdata13
  • compat-libgfortran-41
  • compat-libgnome-bluetooth11
  • compat-libgnome-desktop3-7
  • compat-libgweather3
  • compat-libical1
  • compat-libmediaart0
  • compat-libmpc
  • compat-libpackagekit-glib2-16
  • compat-libstdc++-33
  • compat-libtiff3
  • compat-libupower-glib1
  • compat-libxcb
  • compat-locales-sap-common
  • compat-openldap
  • compat-openmpi16
  • compat-openmpi16-devel
  • compat-opensm-libs
  • compat-poppler022
  • compat-poppler022-cpp
  • compat-poppler022-glib
  • compat-poppler022-qt
  • compat-sap-c++-5
  • compat-sap-c++-6
  • compat-sap-c++-7
  • conman
  • console-setup
  • coolkey
  • coolkey-devel
  • cpptest
  • cpptest-devel
  • cppunit
  • cppunit-devel
  • cppunit-doc
  • cpuid
  • cracklib-python
  • crda-devel
  • crit
  • criu-devel
  • crypto-utils
  • cryptsetup-python
  • cvs
  • cvs-contrib
  • cvs-doc
  • cvs-inetd
  • cvsps
  • cyrus-imapd-devel
  • dapl
  • dapl-devel
  • dapl-static
  • dapl-utils
  • dbus-doc
  • dbus-python-devel
  • dbus-tests
  • dbusmenu-qt
  • dbusmenu-qt-devel
  • dbusmenu-qt-devel-docs
  • debugmode
  • dejagnu
  • dejavu-lgc-sans-fonts
  • dejavu-lgc-sans-mono-fonts
  • dejavu-lgc-serif-fonts
  • deltaiso
  • dhcp-devel
  • dialog-devel
  • dleyna-connector-dbus-devel
  • dleyna-core-devel
  • dlm-devel
  • dmraid
  • dmraid-devel
  • dmraid-events
  • dmraid-events-logwatch
  • docbook-simple
  • docbook-slides
  • docbook-style-dsssl
  • docbook-utils
  • docbook-utils-pdf
  • docbook5-schemas
  • docbook5-style-xsl
  • docbook5-style-xsl-extensions
  • docker-rhel-push-plugin
  • dom4j
  • dom4j-demo
  • dom4j-javadoc
  • dom4j-manual
  • dovecot-pigeonhole
  • dracut-fips
  • dracut-fips-aesni
  • dragon
  • drm-utils
  • drpmsync
  • dtdinst
  • e2fsprogs-static
  • ecj
  • edac-utils-devel
  • efax
  • efivar-devel
  • egl-utils
  • ekiga
  • ElectricFence
  • emacs-a2ps
  • emacs-a2ps-el
  • emacs-auctex
  • emacs-auctex-doc
  • emacs-git
  • emacs-git-el
  • emacs-gnuplot
  • emacs-gnuplot-el
  • emacs-php-mode
  • empathy
  • enchant-aspell
  • enchant-voikko
  • eog-devel
  • epydoc
  • espeak-devel
  • evince-devel
  • evince-dvi
  • evolution-data-server-doc
  • evolution-data-server-perl
  • evolution-data-server-tests
  • evolution-devel
  • evolution-devel-docs
  • evolution-tests
  • expat-static
  • expect-devel
  • expectk
  • farstream
  • farstream-devel
  • farstream-python
  • farstream02-devel
  • fedfs-utils-admin
  • fedfs-utils-client
  • fedfs-utils-common
  • fedfs-utils-devel
  • fedfs-utils-lib
  • fedfs-utils-nsdbparams
  • fedfs-utils-python
  • fedfs-utils-server
  • felix-bundlerepository
  • felix-bundlerepository-javadoc
  • felix-framework
  • felix-framework-javadoc
  • felix-osgi-obr
  • felix-osgi-obr-javadoc
  • felix-shell
  • felix-shell-javadoc
  • fence-sanlock
  • festival
  • festival-devel
  • festival-docs
  • festival-freebsoft-utils
  • festival-lib
  • festival-speechtools-devel
  • festival-speechtools-libs
  • festival-speechtools-utils
  • festvox-awb-arctic-hts
  • festvox-bdl-arctic-hts
  • festvox-clb-arctic-hts
  • festvox-jmk-arctic-hts
  • festvox-kal-diphone
  • festvox-ked-diphone
  • festvox-rms-arctic-hts
  • festvox-slt-arctic-hts
  • file-static
  • filebench
  • filesystem-content
  • finch
  • finch-devel
  • finger
  • finger-server
  • flatpak-devel
  • flex-devel
  • fltk-fluid
  • fltk-static
  • flute-javadoc
  • folks
  • folks-devel
  • folks-tools
  • fontforge-devel
  • fontpackages-tools
  • fonttools
  • fop
  • fop-javadoc
  • fprintd-devel
  • freeradius-python
  • freetype-demos
  • fros
  • fros-gnome
  • fros-recordmydesktop
  • fwupd-devel
  • fwupdate-devel
  • gamin-python
  • gavl-devel
  • gcab
  • gcc-gnat
  • gcc-go
  • gcc-objc
  • gcc-objc++
  • gcc-plugin-devel
  • gconf-editor
  • gd-progs
  • gdk-pixbuf2-tests
  • gdm-devel
  • gdm-pam-extensions-devel
  • gedit-devel
  • gedit-plugin-bookmarks
  • gedit-plugin-bracketcompletion
  • gedit-plugin-charmap
  • gedit-plugin-codecomment
  • gedit-plugin-colorpicker
  • gedit-plugin-colorschemer
  • gedit-plugin-commander
  • gedit-plugin-drawspaces
  • gedit-plugin-findinfiles
  • gedit-plugin-joinlines
  • gedit-plugin-multiedit
  • gedit-plugin-smartspaces
  • gedit-plugin-synctex
  • gedit-plugin-terminal
  • gedit-plugin-textsize
  • gedit-plugin-translate
  • gedit-plugin-wordcompletion
  • gedit-plugins
  • gedit-plugins-data
  • gegl-devel
  • geoclue
  • geoclue-devel
  • geoclue-doc
  • geoclue-gsmloc
  • geoclue-gui
  • GeoIP
  • GeoIP-data
  • GeoIP-devel
  • GeoIP-update
  • geronimo-jaspic-spec
  • geronimo-jaspic-spec-javadoc
  • geronimo-jaxrpc
  • geronimo-jaxrpc-javadoc
  • geronimo-jms
  • geronimo-jta
  • geronimo-jta-javadoc
  • geronimo-osgi-support
  • geronimo-osgi-support-javadoc
  • geronimo-saaj
  • geronimo-saaj-javadoc
  • ghostscript-chinese
  • ghostscript-chinese-zh_CN
  • ghostscript-chinese-zh_TW
  • ghostscript-cups
  • ghostscript-devel
  • ghostscript-gtk
  • giflib-utils
  • gimp-data-extras
  • gimp-help
  • gimp-help-ca
  • gimp-help-da
  • gimp-help-de
  • gimp-help-el
  • gimp-help-en_GB
  • gimp-help-es
  • gimp-help-fr
  • gimp-help-it
  • gimp-help-ja
  • gimp-help-ko
  • gimp-help-nl
  • gimp-help-nn
  • gimp-help-pt_BR
  • gimp-help-ru
  • gimp-help-sl
  • gimp-help-sv
  • gimp-help-zh_CN
  • git-bzr
  • git-cvs
  • git-gnome-keyring
  • git-hg
  • git-p4
  • gjs-tests
  • glade
  • glade3
  • glade3-libgladeui
  • glade3-libgladeui-devel
  • glassfish-dtd-parser
  • glassfish-dtd-parser-javadoc
  • glassfish-jaxb-javadoc
  • glassfish-jsp
  • glassfish-jsp-javadoc
  • glew
  • glib-networking-tests
  • gmp-static
  • gnome-clocks
  • gnome-common
  • gnome-contacts
  • gnome-desktop3-tests
  • gnome-devel-docs
  • gnome-dictionary
  • gnome-doc-utils
  • gnome-doc-utils-stylesheets
  • gnome-documents
  • gnome-documents-libs
  • gnome-icon-theme
  • gnome-icon-theme-devel
  • gnome-icon-theme-extras
  • gnome-icon-theme-legacy
  • gnome-icon-theme-symbolic
  • gnome-packagekit
  • gnome-packagekit-common
  • gnome-packagekit-installer
  • gnome-packagekit-updater
  • gnome-python2
  • gnome-python2-bonobo
  • gnome-python2-canvas
  • gnome-python2-devel
  • gnome-python2-gconf
  • gnome-python2-gnome
  • gnome-python2-gnomevfs
  • gnome-settings-daemon-devel
  • gnome-software-devel
  • gnome-vfs2
  • gnome-vfs2-devel
  • gnome-vfs2-smb
  • gnome-weather
  • gnome-weather-tests
  • gnote
  • gnu-efi-utils
  • gnu-getopt
  • gnu-getopt-javadoc
  • gnuplot-latex
  • gnuplot-minimal
  • gob2
  • gom-devel
  • google-noto-sans-korean-fonts
  • google-noto-sans-simplified-chinese-fonts
  • google-noto-sans-traditional-chinese-fonts
  • gperftools
  • gperftools-devel
  • gperftools-libs
  • gpm-static
  • grantlee
  • grantlee-apidocs
  • grantlee-devel
  • graphviz-graphs
  • graphviz-guile
  • graphviz-java
  • graphviz-lua
  • graphviz-ocaml
  • graphviz-perl
  • graphviz-php
  • graphviz-python
  • graphviz-ruby
  • graphviz-tcl
  • groff-doc
  • groff-perl
  • groff-x11
  • groovy
  • groovy-javadoc
  • grub2
  • grub2-ppc-modules
  • grub2-ppc64-modules
  • gsm-tools
  • gsound-devel
  • gssdp-utils
  • gstreamer
  • gstreamer-devel
  • gstreamer-devel-docs
  • gstreamer-plugins-bad-free
  • gstreamer-plugins-bad-free-devel
  • gstreamer-plugins-bad-free-devel-docs
  • gstreamer-plugins-base
  • gstreamer-plugins-base-devel
  • gstreamer-plugins-base-devel-docs
  • gstreamer-plugins-base-tools
  • gstreamer-plugins-good
  • gstreamer-plugins-good-devel-docs
  • gstreamer-python
  • gstreamer-python-devel
  • gstreamer-tools
  • gstreamer1-devel-docs
  • gstreamer1-plugins-base-devel-docs
  • gstreamer1-plugins-base-tools
  • gstreamer1-plugins-ugly-free-devel
  • gtk-vnc
  • gtk-vnc-devel
  • gtk-vnc-python
  • gtk-vnc2-devel
  • gtk3-devel-docs
  • gtk3-immodules
  • gtk3-tests
  • gtkhtml3
  • gtkhtml3-devel
  • gtksourceview3-tests
  • gucharmap
  • gucharmap-devel
  • gucharmap-libs
  • gupnp-av-devel
  • gupnp-av-docs
  • gupnp-dlna-devel
  • gupnp-dlna-docs
  • gupnp-docs
  • gupnp-igd-python
  • gutenprint-devel
  • gutenprint-extras
  • gutenprint-foomatic
  • gvfs-tests
  • gvnc-devel
  • gvnc-tools
  • gvncpulse
  • gvncpulse-devel
  • gwenview
  • gwenview-libs
  • hamcrest
  • hawkey-devel
  • hesiod
  • highcontrast-qt
  • highcontrast-qt4
  • highcontrast-qt5
  • highlight-gui
  • hispavoces-pal-diphone
  • hispavoces-sfl-diphone
  • hsakmt
  • hsakmt-devel
  • hspell-devel
  • hsqldb
  • hsqldb-demo
  • hsqldb-javadoc
  • hsqldb-manual
  • htdig
  • html2ps
  • http-parser-devel
  • httpunit
  • httpunit-doc
  • httpunit-javadoc
  • i2c-tools-eepromer
  • i2c-tools-python
  • ibus-pygtk2
  • ibus-qt
  • ibus-qt-devel
  • ibus-qt-docs
  • ibus-rawcode
  • ibus-table-devel
  • ibutils
  • ibutils-devel
  • ibutils-libs
  • icc-profiles-openicc
  • icon-naming-utils
  • im-chooser
  • im-chooser-common
  • ImageMagick
  • ImageMagick-c++
  • ImageMagick-c++-devel
  • ImageMagick-devel
  • ImageMagick-doc
  • ImageMagick-perl
  • imake
  • imsettings
  • imsettings-devel
  • imsettings-gsettings
  • imsettings-libs
  • imsettings-qt
  • imsettings-xim
  • indent
  • infinipath-psm
  • infinipath-psm-devel
  • iniparser
  • iniparser-devel
  • iok
  • ipa-gothic-fonts
  • ipa-mincho-fonts
  • ipa-pgothic-fonts
  • ipa-pmincho-fonts
  • iperf3-devel
  • iproute-doc
  • ipset-devel
  • ipsilon
  • ipsilon-authform
  • ipsilon-authgssapi
  • ipsilon-authldap
  • ipsilon-base
  • ipsilon-client
  • ipsilon-filesystem
  • ipsilon-infosssd
  • ipsilon-persona
  • ipsilon-saml2
  • ipsilon-saml2-base
  • ipsilon-tools-ipa
  • iputils-sysvinit
  • iscsi-initiator-utils-devel
  • isdn4k-utils
  • isdn4k-utils-devel
  • isdn4k-utils-doc
  • isdn4k-utils-static
  • isdn4k-utils-vboxgetty
  • isomd5sum-devel
  • isorelax
  • istack-commons-javadoc
  • ixpdimm_sw
  • ixpdimm_sw-devel
  • ixpdimm-cli
  • ixpdimm-monitor
  • jai-imageio-core
  • jai-imageio-core-javadoc
  • jakarta-commons-httpclient-demo
  • jakarta-commons-httpclient-javadoc
  • jakarta-commons-httpclient-manual
  • jakarta-oro
  • jakarta-taglibs-standard
  • jakarta-taglibs-standard-javadoc
  • jandex
  • jandex-javadoc
  • jansson-devel-doc
  • jarjar
  • jarjar-javadoc
  • jarjar-maven-plugin
  • jasper
  • jasper-utils
  • java-1.6.0-openjdk
  • java-1.6.0-openjdk-demo
  • java-1.6.0-openjdk-devel
  • java-1.6.0-openjdk-javadoc
  • java-1.6.0-openjdk-src
  • java-1.7.0-openjdk
  • java-1.7.0-openjdk-accessibility
  • java-1.7.0-openjdk-demo
  • java-1.7.0-openjdk-devel
  • java-1.7.0-openjdk-headless
  • java-1.7.0-openjdk-javadoc
  • java-1.7.0-openjdk-src
  • java-1.8.0-openjdk-accessibility-debug
  • java-1.8.0-openjdk-debug
  • java-1.8.0-openjdk-demo-debug
  • java-1.8.0-openjdk-devel-debug
  • java-1.8.0-openjdk-headless-debug
  • java-1.8.0-openjdk-javadoc-debug
  • java-1.8.0-openjdk-javadoc-zip-debug
  • java-1.8.0-openjdk-src-debug
  • java-11-openjdk-debug
  • java-11-openjdk-demo-debug
  • java-11-openjdk-devel-debug
  • java-11-openjdk-headless-debug
  • java-11-openjdk-javadoc-debug
  • java-11-openjdk-javadoc-zip-debug
  • java-11-openjdk-jmods-debug
  • java-11-openjdk-src-debug
  • javamail
  • jaxen
  • jboss-ejb-3.1-api
  • jboss-ejb-3.1-api-javadoc
  • jboss-el-2.2-api
  • jboss-el-2.2-api-javadoc
  • jboss-jaxrpc-1.1-api
  • jboss-jaxrpc-1.1-api-javadoc
  • jboss-servlet-2.5-api
  • jboss-servlet-2.5-api-javadoc
  • jboss-servlet-3.0-api
  • jboss-servlet-3.0-api-javadoc
  • jboss-specs-parent
  • jboss-transaction-1.1-api
  • jboss-transaction-1.1-api-javadoc
  • jdom
  • jettison
  • jettison-javadoc
  • jetty-annotations
  • jetty-ant
  • jetty-artifact-remote-resources
  • jetty-assembly-descriptors
  • jetty-build-support
  • jetty-build-support-javadoc
  • jetty-client
  • jetty-continuation
  • jetty-deploy
  • jetty-distribution-remote-resources
  • jetty-http
  • jetty-io
  • jetty-jaas
  • jetty-jaspi
  • jetty-javadoc
  • jetty-jmx
  • jetty-jndi
  • jetty-jsp
  • jetty-jspc-maven-plugin
  • jetty-maven-plugin
  • jetty-monitor
  • jetty-parent
  • jetty-plus
  • jetty-project
  • jetty-proxy
  • jetty-rewrite
  • jetty-runner
  • jetty-security
  • jetty-server
  • jetty-servlet
  • jetty-servlets
  • jetty-start
  • jetty-test-policy
  • jetty-test-policy-javadoc
  • jetty-toolchain
  • jetty-util
  • jetty-util-ajax
  • jetty-version-maven-plugin
  • jetty-version-maven-plugin-javadoc
  • jetty-webapp
  • jetty-websocket-api
  • jetty-websocket-client
  • jetty-websocket-common
  • jetty-websocket-parent
  • jetty-websocket-server
  • jetty-websocket-servlet
  • jetty-xml
  • jing
  • jing-javadoc
  • jline-demo
  • jna
  • jna-contrib
  • jna-javadoc
  • joda-convert
  • joda-convert-javadoc
  • js
  • js-devel
  • jsch-demo
  • json-glib-tests
  • jsr-311
  • jsr-311-javadoc
  • juk
  • junit
  • junit-demo
  • jvnet-parent
  • k3b
  • k3b-common
  • k3b-devel
  • k3b-libs
  • kaccessible
  • kaccessible-libs
  • kactivities
  • kactivities-devel
  • kamera
  • kate
  • kate-devel
  • kate-libs
  • kate-part
  • kcalc
  • kcharselect
  • kcm_colors
  • kcm_touchpad
  • kcm-gtk
  • kcolorchooser
  • kcoloredit
  • kde-base-artwork
  • kde-baseapps
  • kde-baseapps-devel
  • kde-baseapps-libs
  • kde-filesystem
  • kde-l10n
  • kde-l10n-Arabic
  • kde-l10n-Basque
  • kde-l10n-Bosnian
  • kde-l10n-British
  • kde-l10n-Bulgarian
  • kde-l10n-Catalan
  • kde-l10n-Catalan-Valencian
  • kde-l10n-Croatian
  • kde-l10n-Czech
  • kde-l10n-Danish
  • kde-l10n-Dutch
  • kde-l10n-Estonian
  • kde-l10n-Farsi
  • kde-l10n-Finnish
  • kde-l10n-Galician
  • kde-l10n-Greek
  • kde-l10n-Hebrew
  • kde-l10n-Hungarian
  • kde-l10n-Icelandic
  • kde-l10n-Interlingua
  • kde-l10n-Irish
  • kde-l10n-Kazakh
  • kde-l10n-Khmer
  • kde-l10n-Latvian
  • kde-l10n-Lithuanian
  • kde-l10n-LowSaxon
  • kde-l10n-Norwegian
  • kde-l10n-Norwegian-Nynorsk
  • kde-l10n-Polish
  • kde-l10n-Portuguese
  • kde-l10n-Romanian
  • kde-l10n-Serbian
  • kde-l10n-Slovak
  • kde-l10n-Slovenian
  • kde-l10n-Swedish
  • kde-l10n-Tajik
  • kde-l10n-Thai
  • kde-l10n-Turkish
  • kde-l10n-Ukrainian
  • kde-l10n-Uyghur
  • kde-l10n-Vietnamese
  • kde-l10n-Walloon
  • kde-plasma-networkmanagement
  • kde-plasma-networkmanagement-libreswan
  • kde-plasma-networkmanagement-libs
  • kde-plasma-networkmanagement-mobile
  • kde-print-manager
  • kde-runtime
  • kde-runtime-devel
  • kde-runtime-drkonqi
  • kde-runtime-libs
  • kde-settings
  • kde-settings-ksplash
  • kde-settings-minimal
  • kde-settings-plasma
  • kde-settings-pulseaudio
  • kde-style-oxygen
  • kde-style-phase
  • kde-wallpapers
  • kde-workspace
  • kde-workspace-devel
  • kde-workspace-ksplash-themes
  • kde-workspace-libs
  • kdeaccessibility
  • kdeadmin
  • kdeartwork
  • kdeartwork-screensavers
  • kdeartwork-sounds
  • kdeartwork-wallpapers
  • kdeclassic-cursor-theme
  • kdegraphics
  • kdegraphics-devel
  • kdegraphics-libs
  • kdegraphics-strigi-analyzer
  • kdegraphics-thumbnailers
  • kdelibs
  • kdelibs-apidocs
  • kdelibs-common
  • kdelibs-devel
  • kdelibs-ktexteditor
  • kdemultimedia
  • kdemultimedia-common
  • kdemultimedia-devel
  • kdemultimedia-libs
  • kdenetwork
  • kdenetwork-common
  • kdenetwork-devel
  • kdenetwork-fileshare-samba
  • kdenetwork-kdnssd
  • kdenetwork-kget
  • kdenetwork-kget-libs
  • kdenetwork-kopete
  • kdenetwork-kopete-devel
  • kdenetwork-kopete-libs
  • kdenetwork-krdc
  • kdenetwork-krdc-devel
  • kdenetwork-krdc-libs
  • kdenetwork-krfb
  • kdenetwork-krfb-libs
  • kdepim
  • kdepim-devel
  • kdepim-libs
  • kdepim-runtime
  • kdepim-runtime-libs
  • kdepimlibs
  • kdepimlibs-akonadi
  • kdepimlibs-apidocs
  • kdepimlibs-devel
  • kdepimlibs-kxmlrpcclient
  • kdeplasma-addons
  • kdeplasma-addons-devel
  • kdeplasma-addons-libs
  • kdesdk
  • kdesdk-cervisia
  • kdesdk-common
  • kdesdk-devel
  • kdesdk-dolphin-plugins
  • kdesdk-kapptemplate
  • kdesdk-kapptemplate-template
  • kdesdk-kcachegrind
  • kdesdk-kioslave
  • kdesdk-kmtrace
  • kdesdk-kmtrace-devel
  • kdesdk-kmtrace-libs
  • kdesdk-kompare
  • kdesdk-kompare-devel
  • kdesdk-kompare-libs
  • kdesdk-kpartloader
  • kdesdk-kstartperf
  • kdesdk-kuiviewer
  • kdesdk-lokalize
  • kdesdk-okteta
  • kdesdk-okteta-devel
  • kdesdk-okteta-libs
  • kdesdk-poxml
  • kdesdk-scripts
  • kdesdk-strigi-analyzer
  • kdesdk-thumbnailers
  • kdesdk-umbrello
  • kdeutils
  • kdeutils-common
  • kdeutils-minimal
  • kdf
  • kernel-rt-doc
  • kernel-rt-trace
  • kernel-rt-trace-devel
  • kernel-rt-trace-kvm
  • keytool-maven-plugin
  • keytool-maven-plugin-javadoc
  • kgamma
  • kgpg
  • kgreeter-plugins
  • khotkeys
  • khotkeys-libs
  • kiconedit
  • kinfocenter
  • kio_sysinfo
  • kmag
  • kmenuedit
  • kmix
  • kmod-oracleasm
  • kolourpaint
  • kolourpaint-libs
  • konkretcmpi
  • konkretcmpi-devel
  • konkretcmpi-python
  • konsole
  • konsole-part
  • kross-interpreters
  • kross-python
  • kross-ruby
  • kruler
  • ksaneplugin
  • kscreen
  • ksnapshot
  • ksshaskpass
  • ksysguard
  • ksysguard-libs
  • ksysguardd
  • ktimer
  • kwallet
  • kwin
  • kwin-gles
  • kwin-gles-libs
  • kwin-libs
  • kwrite
  • kxml
  • kxml-javadoc
  • lapack64-devel
  • lapack64-static
  • lasso-devel
  • latrace
  • lcms2-utils
  • ldns-doc
  • ldns-python
  • libabw-devel
  • libabw-doc
  • libabw-tools
  • libappindicator
  • libappindicator-devel
  • libappindicator-docs
  • libappstream-glib-builder
  • libappstream-glib-builder-devel
  • libart_lgpl
  • libart_lgpl-devel
  • libasan-static
  • libavc1394-devel
  • libbase-javadoc
  • libblockdev-btrfs
  • libblockdev-btrfs-devel
  • libblockdev-crypto-devel
  • libblockdev-devel
  • libblockdev-dm-devel
  • libblockdev-fs-devel
  • libblockdev-kbd-devel
  • libblockdev-loop-devel
  • libblockdev-lvm-devel
  • libblockdev-mdraid-devel
  • libblockdev-mpath-devel
  • libblockdev-nvdimm-devel
  • libblockdev-part-devel
  • libblockdev-swap-devel
  • libblockdev-utils-devel
  • libblockdev-vdo-devel
  • libbluedevil
  • libbluedevil-devel
  • libbluray-devel
  • libbonobo
  • libbonobo-devel
  • libbonoboui
  • libbonoboui-devel
  • libbytesize-devel
  • libcacard-tools
  • libcap-ng-python
  • libcdr-devel
  • libcdr-doc
  • libcdr-tools
  • libcgroup-devel
  • libchamplain-demos
  • libchewing
  • libchewing-devel
  • libchewing-python
  • libcmis-devel
  • libcmis-tools
  • libcryptui
  • libcryptui-devel
  • libdb-devel-static
  • libdb-java
  • libdb-java-devel
  • libdb-tcl
  • libdb-tcl-devel
  • libdbi
  • libdbi-dbd-mysql
  • libdbi-dbd-pgsql
  • libdbi-dbd-sqlite
  • libdbi-devel
  • libdbi-drivers
  • libdbusmenu-doc
  • libdbusmenu-gtk2
  • libdbusmenu-gtk2-devel
  • libdbusmenu-gtk3-devel
  • libdhash-devel
  • libdmapsharing-devel
  • libdmmp-devel
  • libdmx-devel
  • libdnet-progs
  • libdnet-python
  • libdnf-devel
  • libdv-tools
  • libdvdnav-devel
  • libeasyfc-devel
  • libeasyfc-gobject-devel
  • libee
  • libee-devel
  • libee-utils
  • libesmtp
  • libesmtp-devel
  • libestr-devel
  • libetonyek-doc
  • libetonyek-tools
  • libevdev-utils
  • libexif-doc
  • libexttextcat-devel
  • libexttextcat-tools
  • libfastjson-devel
  • libfdt
  • libfonts-javadoc
  • libformula-javadoc
  • libfprint-devel
  • libfreehand-devel
  • libfreehand-doc
  • libfreehand-tools
  • libgcab1-devel
  • libgccjit
  • libgdither-devel
  • libgee06
  • libgee06-devel
  • libgepub
  • libgepub-devel
  • libgfortran-static
  • libgfortran4
  • libgfortran5
  • libgit2-devel
  • libglade2
  • libglade2-devel
  • libGLEWmx
  • libgnat
  • libgnat-devel
  • libgnat-static
  • libgnome
  • libgnome-devel
  • libgnome-keyring-devel
  • libgnomecanvas
  • libgnomecanvas-devel
  • libgnomeui
  • libgnomeui-devel
  • libgo
  • libgo-devel
  • libgo-static
  • libgovirt-devel
  • libgudev-devel
  • libgxim
  • libgxim-devel
  • libgxps-tools
  • libhangul-devel
  • libhbaapi-devel
  • libhif-devel
  • libical-glib
  • libical-glib-devel
  • libical-glib-doc
  • libid3tag
  • libid3tag-devel
  • libiec61883-utils
  • libieee1284-python
  • libimobiledevice-python
  • libimobiledevice-utils
  • libindicator
  • libindicator-devel
  • libindicator-gtk3-devel
  • libindicator-tools
  • libinvm-cim
  • libinvm-cim-devel
  • libinvm-cli
  • libinvm-cli-devel
  • libinvm-i18n
  • libinvm-i18n-devel
  • libiodbc
  • libiodbc-devel
  • libipa_hbac-devel
  • libiptcdata-devel
  • libiptcdata-python
  • libitm-static
  • libixpdimm-cim
  • libixpdimm-core
  • libjpeg-turbo-static
  • libkcddb
  • libkcddb-devel
  • libkcompactdisc
  • libkcompactdisc-devel
  • libkdcraw
  • libkdcraw-devel
  • libkexiv2
  • libkexiv2-devel
  • libkipi
  • libkipi-devel
  • libkkc-devel
  • libkkc-tools
  • libksane
  • libksane-devel
  • libkscreen
  • libkscreen-devel
  • libkworkspace
  • liblayout-javadoc
  • libloader-javadoc
  • liblognorm-devel
  • liblouis-devel
  • liblouis-doc
  • liblouis-utils
  • libmatchbox-devel
  • libmbim-devel
  • libmediaart-devel
  • libmediaart-tests
  • libmnl-static
  • libmodman-devel
  • libmodulemd-devel
  • libmpc-devel
  • libmsn
  • libmsn-devel
  • libmspub-devel
  • libmspub-doc
  • libmspub-tools
  • libmtp-examples
  • libmudflap
  • libmudflap-devel
  • libmudflap-static
  • libmwaw-devel
  • libmwaw-doc
  • libmwaw-tools
  • libmx
  • libmx-devel
  • libmx-docs
  • libndp-devel
  • libnetfilter_cthelper-devel
  • libnetfilter_cttimeout-devel
  • libnftnl-devel
  • libnl
  • libnl-devel
  • libnm-gtk
  • libnm-gtk-devel
  • libntlm
  • libntlm-devel
  • libobjc
  • libodfgen-doc
  • libofa
  • libofa-devel
  • liboil
  • liboil-devel
  • libopenraw-pixbuf-loader
  • liborcus-devel
  • liborcus-doc
  • liborcus-tools
  • libosinfo-devel
  • libosinfo-vala
  • libotf-devel
  • libpagemaker-devel
  • libpagemaker-doc
  • libpagemaker-tools
  • libpinyin-devel
  • libpinyin-tools
  • libpipeline-devel
  • libplist-python
  • libpng-static
  • libpng12-devel
  • libproxy-kde
  • libpst
  • libpst-devel
  • libpst-devel-doc
  • libpst-doc
  • libpst-python
  • libpurple-perl
  • libpurple-tcl
  • libqmi-devel
  • libquadmath-static
  • LibRaw-static
  • librelp-devel
  • libreoffice
  • libreoffice-bsh
  • libreoffice-gdb-debug-support
  • libreoffice-glade
  • libreoffice-librelogo
  • libreoffice-nlpsolver
  • libreoffice-officebean
  • libreoffice-officebean-common
  • libreoffice-postgresql
  • libreoffice-rhino
  • libreofficekit-devel
  • librepo-devel
  • libreport-compat
  • libreport-devel
  • libreport-gtk-devel
  • libreport-web-devel
  • librepository-javadoc
  • librevenge-doc
  • librsvg2-tools
  • libseccomp-devel
  • libselinux-static
  • libsemanage-devel
  • libsemanage-static
  • libserializer-javadoc
  • libsexy
  • libsexy-devel
  • libsmbios-devel
  • libsmi-devel
  • libsndfile-utils
  • libsolv-demo
  • libsolv-devel
  • libsolv-tools
  • libspiro-devel
  • libss-devel
  • libssh2
  • libsss_certmap-devel
  • libsss_idmap-devel
  • libsss_nss_idmap-devel
  • libsss_simpleifp-devel
  • libstaroffice-devel
  • libstaroffice-doc
  • libstaroffice-tools
  • libstdc++-static
  • libstoragemgmt-devel
  • libstoragemgmt-targetd-plugin
  • libtar-devel
  • libteam-devel
  • libtheora-devel-docs
  • libtiff-static
  • libtimezonemap-devel
  • libtnc
  • libtnc-devel
  • libtranslit
  • libtranslit-devel
  • libtranslit-icu
  • libtranslit-m17n
  • libtsan-static
  • libudisks2-devel
  • libuninameslist-devel
  • libunwind
  • libunwind-devel
  • libusal-devel
  • libusb-static
  • libusbmuxd-utils
  • libuser-devel
  • libvdpau-docs
  • libverto-glib
  • libverto-glib-devel
  • libverto-libevent-devel
  • libverto-tevent
  • libverto-tevent-devel
  • libvirt-cim
  • libvirt-daemon-driver-lxc
  • libvirt-daemon-lxc
  • libvirt-gconfig-devel
  • libvirt-glib-devel
  • libvirt-gobject-devel
  • libvirt-java
  • libvirt-java-devel
  • libvirt-java-javadoc
  • libvirt-login-shell
  • libvirt-snmp
  • libvisio-doc
  • libvisio-tools
  • libvma-devel
  • libvma-utils
  • libvoikko-devel
  • libvpx-utils
  • libwebp-java
  • libwebp-tools
  • libwpd-tools
  • libwpg-tools
  • libwps-tools
  • libwsman-devel
  • libwvstreams
  • libwvstreams-devel
  • libwvstreams-static
  • libxcb-doc
  • libXevie
  • libXevie-devel
  • libXfont
  • libXfont-devel
  • libxml2-static
  • libxslt-python
  • libXvMC-devel
  • libzapojit
  • libzapojit-devel
  • libzmf-devel
  • libzmf-doc
  • libzmf-tools
  • lldpad-devel
  • log4cxx
  • log4cxx-devel
  • log4j-manual
  • lpsolve-devel
  • lua-devel
  • lua-static
  • lvm2-cluster
  • lvm2-python-libs
  • lvm2-sysvinit
  • lz4-static
  • m17n-contrib
  • m17n-contrib-extras
  • m17n-db-devel
  • m17n-db-extras
  • m17n-lib-devel
  • m17n-lib-tools
  • m2crypto
  • malaga-devel
  • man-pages-cs
  • man-pages-es
  • man-pages-es-extra
  • man-pages-fr
  • man-pages-it
  • man-pages-ja
  • man-pages-ko
  • man-pages-pl
  • man-pages-ru
  • man-pages-zh-CN
  • mariadb-bench
  • marisa-devel
  • marisa-perl
  • marisa-python
  • marisa-ruby
  • marisa-tools
  • maven-changes-plugin
  • maven-changes-plugin-javadoc
  • maven-deploy-plugin
  • maven-deploy-plugin-javadoc
  • maven-doxia-module-fo
  • maven-ear-plugin
  • maven-ear-plugin-javadoc
  • maven-ejb-plugin
  • maven-ejb-plugin-javadoc
  • maven-error-diagnostics
  • maven-gpg-plugin
  • maven-gpg-plugin-javadoc
  • maven-istack-commons-plugin
  • maven-jarsigner-plugin
  • maven-jarsigner-plugin-javadoc
  • maven-javadoc-plugin
  • maven-javadoc-plugin-javadoc
  • maven-jxr
  • maven-jxr-javadoc
  • maven-osgi
  • maven-osgi-javadoc
  • maven-plugin-jxr
  • maven-project-info-reports-plugin
  • maven-project-info-reports-plugin-javadoc
  • maven-release
  • maven-release-javadoc
  • maven-release-manager
  • maven-release-plugin
  • maven-reporting-exec
  • maven-repository-builder
  • maven-repository-builder-javadoc
  • maven-scm
  • maven-scm-javadoc
  • maven-scm-test
  • maven-shared-jar
  • maven-shared-jar-javadoc
  • maven-site-plugin
  • maven-site-plugin-javadoc
  • maven-verifier-plugin
  • maven-verifier-plugin-javadoc
  • maven-wagon-provider-test
  • maven-wagon-scm
  • maven-war-plugin
  • maven-war-plugin-javadoc
  • mdds-devel
  • meanwhile-devel
  • meanwhile-doc
  • memcached-devel
  • memstomp
  • mesa-demos
  • mesa-libxatracker-devel
  • mesa-private-llvm
  • mesa-private-llvm-devel
  • metacity-devel
  • mgetty
  • mgetty-sendfax
  • mgetty-viewfax
  • mgetty-voice
  • migrationtools
  • minizip
  • minizip-devel
  • mkbootdisk
  • mobile-broadband-provider-info-devel
  • mod_auth_kerb
  • mod_auth_mellon-diagnostics
  • mod_nss
  • mod_revocator
  • ModemManager-vala
  • mono-icon-theme
  • mozjs17
  • mozjs17-devel
  • mozjs24
  • mozjs24-devel
  • mpich-3.0-autoload
  • mpich-3.0-doc
  • mpich-3.2-autoload
  • mpich-3.2-doc
  • mpitests-compat-openmpi16
  • msv-demo
  • msv-msv
  • msv-rngconv
  • msv-xmlgen
  • mvapich2-2.0-devel
  • mvapich2-2.0-doc
  • mvapich2-2.0-psm-devel
  • mvapich2-2.2-devel
  • mvapich2-2.2-doc
  • mvapich2-2.2-psm-devel
  • mvapich2-2.2-psm2-devel
  • mvapich23-devel
  • mvapich23-doc
  • mvapich23-psm-devel
  • mvapich23-psm2-devel
  • nagios-plugins-bacula
  • nasm
  • nasm-doc
  • nasm-rdoff
  • ncurses-static
  • nekohtml
  • nekohtml-demo
  • nekohtml-javadoc
  • nepomuk-core
  • nepomuk-core-devel
  • nepomuk-core-libs
  • nepomuk-widgets
  • nepomuk-widgets-devel
  • net-snmp-gui
  • net-snmp-perl
  • net-snmp-python
  • net-snmp-sysvinit
  • netsniff-ng
  • NetworkManager-glib
  • NetworkManager-glib-devel
  • newt-static
  • nfsometer
  • nfstest
  • nhn-nanum-brush-fonts
  • nhn-nanum-fonts-common
  • nhn-nanum-myeongjo-fonts
  • nhn-nanum-pen-fonts
  • nmap-frontend
  • nss_compat_ossl
  • nss_compat_ossl-devel
  • nss-pem
  • nss-pkcs11-devel
  • ntp-doc
  • ntp-perl
  • nuvola-icon-theme
  • nuxwdog
  • nuxwdog-client-java
  • nuxwdog-client-perl
  • nuxwdog-devel
  • objectweb-anttask
  • objectweb-anttask-javadoc
  • objectweb-asm
  • ocaml-brlapi
  • ocaml-calendar
  • ocaml-calendar-devel
  • ocaml-csv
  • ocaml-csv-devel
  • ocaml-curses
  • ocaml-curses-devel
  • ocaml-docs
  • ocaml-emacs
  • ocaml-fileutils
  • ocaml-fileutils-devel
  • ocaml-gettext
  • ocaml-gettext-devel
  • ocaml-libvirt
  • ocaml-libvirt-devel
  • ocaml-ocamlbuild-doc
  • ocaml-source
  • ocaml-x11
  • ocaml-xml-light
  • ocaml-xml-light-devel
  • oci-register-machine
  • okular
  • okular-devel
  • okular-libs
  • okular-part
  • opa-libopamgt-devel
  • opal
  • opal-devel
  • open-vm-tools-devel
  • open-vm-tools-test
  • opencc-tools
  • openchange-client
  • openchange-devel
  • openchange-devel-docs
  • opencv-devel-docs
  • opencv-python
  • OpenEXR
  • openhpi-devel
  • openjade
  • openjpeg-devel
  • openjpeg-libs
  • openldap-servers
  • openldap-servers-sql
  • openlmi
  • openlmi-account
  • openlmi-account-doc
  • openlmi-fan
  • openlmi-fan-doc
  • openlmi-hardware
  • openlmi-hardware-doc
  • openlmi-indicationmanager-libs
  • openlmi-indicationmanager-libs-devel
  • openlmi-journald
  • openlmi-journald-doc
  • openlmi-logicalfile
  • openlmi-logicalfile-doc
  • openlmi-networking
  • openlmi-networking-doc
  • openlmi-pcp
  • openlmi-powermanagement
  • openlmi-powermanagement-doc
  • openlmi-providers
  • openlmi-providers-devel
  • openlmi-python-base
  • openlmi-python-providers
  • openlmi-python-test
  • openlmi-realmd
  • openlmi-realmd-doc
  • openlmi-service
  • openlmi-service-doc
  • openlmi-software
  • openlmi-software-doc
  • openlmi-storage
  • openlmi-storage-doc
  • openlmi-tools
  • openlmi-tools-doc
  • openobex
  • openobex-apps
  • openobex-devel
  • openscap-containers
  • openscap-engine-sce-devel
  • openslp-devel
  • openslp-server
  • opensm-static
  • opensp
  • openssh-server-sysvinit
  • openssl-static
  • openssl098e
  • openwsman-perl
  • openwsman-ruby
  • oprofile-devel
  • oprofile-gui
  • oprofile-jit
  • optipng
  • ORBit2
  • ORBit2-devel
  • orc-doc
  • ortp
  • ortp-devel
  • oscilloscope
  • oxygen-cursor-themes
  • oxygen-gtk
  • oxygen-gtk2
  • oxygen-gtk3
  • oxygen-icon-theme
  • PackageKit-yum-plugin
  • pakchois-devel
  • pam_krb5
  • pam_pkcs11
  • pam_snapper
  • pango-tests
  • paps-devel
  • passivetex
  • pax
  • pciutils-devel-static
  • pcp-collector
  • pcp-monitor
  • pcre-tools
  • pcre2-static
  • pcre2-tools
  • pentaho-libxml-javadoc
  • pentaho-reporting-flow-engine-javadoc
  • perl-AppConfig
  • perl-Archive-Extract
  • perl-B-Keywords
  • perl-Browser-Open
  • perl-Business-ISBN
  • perl-Business-ISBN-Data
  • perl-CGI-Session
  • perl-Class-Load
  • perl-Class-Load-XS
  • perl-Class-Singleton
  • perl-Config-Simple
  • perl-Config-Tiny
  • perl-Convert-ASN1
  • perl-CPAN-Changes
  • perl-CPANPLUS
  • perl-CPANPLUS-Dist-Build
  • perl-Crypt-CBC
  • perl-Crypt-DES
  • perl-Crypt-OpenSSL-Bignum
  • perl-Crypt-OpenSSL-Random
  • perl-Crypt-OpenSSL-RSA
  • perl-Crypt-PasswdMD5
  • perl-Crypt-SSLeay
  • perl-CSS-Tiny
  • perl-Data-Peek
  • perl-DateTime
  • perl-DateTime-Format-DateParse
  • perl-DateTime-Locale
  • perl-DateTime-TimeZone
  • perl-DBD-Pg-tests
  • perl-DBIx-Simple
  • perl-Devel-Cover
  • perl-Devel-Cycle
  • perl-Devel-EnforceEncapsulation
  • perl-Devel-Leak
  • perl-Devel-Symdump
  • perl-Digest-SHA1
  • perl-Email-Address
  • perl-FCGI
  • perl-File-Find-Rule-Perl
  • perl-File-Inplace
  • perl-Font-AFM
  • perl-Font-TTF
  • perl-FreezeThaw
  • perl-GD
  • perl-GD-Barcode
  • perl-Hook-LexWrap
  • perl-HTML-Format
  • perl-HTML-FormatText-WithLinks
  • perl-HTML-FormatText-WithLinks-AndTables
  • perl-HTML-Tree
  • perl-HTTP-Daemon
  • perl-Image-Base
  • perl-Image-Info
  • perl-Image-Xbm
  • perl-Image-Xpm
  • perl-Inline
  • perl-Inline-Files
  • perl-IO-CaptureOutput
  • perl-IO-stringy
  • perl-JSON-tests
  • perl-LDAP
  • perl-libxml-perl
  • perl-List-MoreUtils
  • perl-Locale-Maketext-Gettext
  • perl-Locale-PO
  • perl-Log-Message
  • perl-Log-Message-Simple
  • perl-Mail-DKIM
  • perl-Mixin-Linewise
  • perl-Module-Implementation
  • perl-Module-Manifest
  • perl-Module-Signature
  • perl-Net-Daemon
  • perl-Net-DNS-Nameserver
  • perl-Net-DNS-Resolver-Programmable
  • perl-Net-LibIDN
  • perl-Net-Telnet
  • perl-Newt
  • perl-Object-Accessor
  • perl-Object-Deadly
  • perl-Package-Constants
  • perl-Package-DeprecationManager
  • perl-Package-Stash
  • perl-Package-Stash-XS
  • perl-PAR-Dist
  • perl-Parallel-Iterator
  • perl-Params-Validate
  • perl-Parse-CPAN-Meta
  • perl-Parse-RecDescent
  • perl-Perl-Critic
  • perl-Perl-Critic-More
  • perl-Perl-MinimumVersion
  • perl-Perl4-CoreLibs
  • perl-PlRPC
  • perl-Pod-Coverage
  • perl-Pod-Coverage-TrustPod
  • perl-Pod-Eventual
  • perl-Pod-POM
  • perl-Pod-Spell
  • perl-PPI
  • perl-PPI-HTML
  • perl-PPIx-Regexp
  • perl-PPIx-Utilities
  • perl-Probe-Perl
  • perl-Readonly-XS
  • perl-SGMLSpm
  • perl-Sort-Versions
  • perl-String-Format
  • perl-String-Similarity
  • perl-Syntax-Highlight-Engine-Kate
  • perl-Task-Weaken
  • perl-Template-Toolkit
  • perl-Term-UI
  • perl-Test-ClassAPI
  • perl-Test-CPAN-Meta
  • perl-Test-DistManifest
  • perl-Test-EOL
  • perl-Test-HasVersion
  • perl-Test-Inter
  • perl-Test-Manifest
  • perl-Test-Memory-Cycle
  • perl-Test-MinimumVersion
  • perl-Test-MockObject
  • perl-Test-NoTabs
  • perl-Test-Object
  • perl-Test-Output
  • perl-Test-Perl-Critic
  • perl-Test-Perl-Critic-Policy
  • perl-Test-Pod
  • perl-Test-Pod-Coverage
  • perl-Test-Portability-Files
  • perl-Test-Script
  • perl-Test-Spelling
  • perl-Test-SubCalls
  • perl-Test-Synopsis
  • perl-Test-Tester
  • perl-Test-Vars
  • perl-Test-Without-Module
  • perl-Text-CSV_XS
  • perl-Text-Iconv
  • perl-Tree-DAG_Node
  • perl-Unicode-Map8
  • perl-Unicode-String
  • perl-UNIVERSAL-can
  • perl-UNIVERSAL-isa
  • perl-Version-Requirements
  • perl-WWW-Curl
  • perl-XML-Dumper
  • perl-XML-Filter-BufferText
  • perl-XML-Grove
  • perl-XML-Handler-YAWriter
  • perl-XML-LibXSLT
  • perl-XML-SAX-Writer
  • perl-XML-TreeBuilder
  • perl-XML-Twig
  • perl-XML-Writer
  • perl-XML-XPathEngine
  • perl-YAML-Tiny
  • perltidy
  • phonon
  • phonon-backend-gstreamer
  • phonon-devel
  • php-pecl-memcache
  • php-pspell
  • pidgin-perl
  • pinentry-qt
  • pinentry-qt4
  • pki-javadoc
  • plasma-scriptengine-python
  • plasma-scriptengine-ruby
  • plexus-digest
  • plexus-digest-javadoc
  • plexus-mail-sender
  • plexus-mail-sender-javadoc
  • plexus-tools-pom
  • plymouth-devel
  • pm-utils
  • pm-utils-devel
  • pngcrush
  • pngnq
  • polkit-kde
  • polkit-qt
  • polkit-qt-devel
  • polkit-qt-doc
  • poppler-demos
  • poppler-qt
  • poppler-qt-devel
  • popt-static
  • postfix-sysvinit
  • pothana2000-fonts
  • powerpc-utils-python
  • pprof
  • pps-tools
  • pptp-setup
  • procps-ng-devel
  • protobuf-emacs
  • protobuf-emacs-el
  • protobuf-java
  • protobuf-javadoc
  • protobuf-lite-devel
  • protobuf-lite-static
  • protobuf-python
  • protobuf-static
  • protobuf-vim
  • psutils
  • psutils-perl
  • pth-devel
  • ptlib
  • ptlib-devel
  • publican
  • publican-common-db5-web
  • publican-common-web
  • publican-doc
  • publican-redhat
  • pulseaudio-esound-compat
  • pulseaudio-module-gconf
  • pulseaudio-module-zeroconf
  • pulseaudio-qpaeq
  • pygpgme
  • pygtk2-libglade
  • pykde4
  • pykde4-akonadi
  • pykde4-devel
  • pyldb-devel
  • pyliblzma
  • PyOpenGL
  • PyOpenGL-Tk
  • pyOpenSSL-doc
  • pyorbit
  • pyorbit-devel
  • PyPAM
  • pyparsing-doc
  • PyQt4
  • PyQt4-devel
  • pytalloc-devel
  • python-appindicator
  • python-beaker
  • python-cffi-doc
  • python-cherrypy
  • python-criu
  • python-debug
  • python-deltarpm
  • python-dtopt
  • python-fpconst
  • python-gpod
  • python-gudev
  • python-inotify-examples
  • python-ipaddr
  • python-IPy
  • python-isodate
  • python-isomd5sum
  • python-kerberos
  • python-kitchen
  • python-kitchen-doc
  • python-krbV
  • python-libteam
  • python-lxml-docs
  • python-matplotlib
  • python-matplotlib-doc
  • python-matplotlib-qt4
  • python-matplotlib-tk
  • python-memcached
  • python-mutagen
  • python-paramiko
  • python-paramiko-doc
  • python-paste
  • python-pillow-devel
  • python-pillow-doc
  • python-pillow-qt
  • python-pillow-sane
  • python-pillow-tk
  • python-rados
  • python-rbd
  • python-reportlab-docs
  • python-requests-kerberos
  • python-rtslib-doc
  • python-setproctitle
  • python-slip-gtk
  • python-smbc
  • python-smbc-doc
  • python-smbios
  • python-sphinx-doc
  • python-tempita
  • python-tornado
  • python-tornado-doc
  • python-twisted-core
  • python-twisted-core-doc
  • python-twisted-web
  • python-twisted-words
  • python-urlgrabber
  • python-volume_key
  • python-webob
  • python-webtest
  • python-which
  • python-zope-interface
  • python2-caribou
  • python2-futures
  • python2-gexiv2
  • python2-smartcols
  • python2-solv
  • python2-subprocess32
  • qca-ossl
  • qca2
  • qca2-devel
  • qdox
  • qimageblitz
  • qimageblitz-devel
  • qimageblitz-examples
  • qjson
  • qjson-devel
  • qpdf-devel
  • qt
  • qt-assistant
  • qt-config
  • qt-demos
  • qt-devel
  • qt-devel-private
  • qt-doc
  • qt-examples
  • qt-mysql
  • qt-odbc
  • qt-postgresql
  • qt-qdbusviewer
  • qt-qvfb
  • qt-settings
  • qt-x11
  • qt3
  • qt3-config
  • qt3-designer
  • qt3-devel
  • qt3-devel-docs
  • qt3-MySQL
  • qt3-ODBC
  • qt3-PostgreSQL
  • qt5-qt3d-doc
  • qt5-qtbase-doc
  • qt5-qtcanvas3d-doc
  • qt5-qtconnectivity-doc
  • qt5-qtdeclarative-doc
  • qt5-qtenginio
  • qt5-qtenginio-devel
  • qt5-qtenginio-doc
  • qt5-qtenginio-examples
  • qt5-qtgraphicaleffects-doc
  • qt5-qtimageformats-doc
  • qt5-qtlocation-doc
  • qt5-qtmultimedia-doc
  • qt5-qtquickcontrols-doc
  • qt5-qtquickcontrols2-doc
  • qt5-qtscript-doc
  • qt5-qtsensors-doc
  • qt5-qtserialbus-devel
  • qt5-qtserialbus-doc
  • qt5-qtserialport-doc
  • qt5-qtsvg-doc
  • qt5-qttools-doc
  • qt5-qtwayland-doc
  • qt5-qtwebchannel-doc
  • qt5-qtwebsockets-doc
  • qt5-qtx11extras-doc
  • qt5-qtxmlpatterns-doc
  • quagga
  • quagga-contrib
  • quota-devel
  • qv4l2
  • rarian-devel
  • rcs
  • rdate
  • rdist
  • readline-static
  • realmd-devel-docs
  • Red_Hat_Enterprise_Linux-Release_Notes-7-as-IN
  • Red_Hat_Enterprise_Linux-Release_Notes-7-bn-IN
  • Red_Hat_Enterprise_Linux-Release_Notes-7-de-DE
  • Red_Hat_Enterprise_Linux-Release_Notes-7-en-US
  • Red_Hat_Enterprise_Linux-Release_Notes-7-es-ES
  • Red_Hat_Enterprise_Linux-Release_Notes-7-fr-FR
  • Red_Hat_Enterprise_Linux-Release_Notes-7-gu-IN
  • Red_Hat_Enterprise_Linux-Release_Notes-7-hi-IN
  • Red_Hat_Enterprise_Linux-Release_Notes-7-it-IT
  • Red_Hat_Enterprise_Linux-Release_Notes-7-ja-JP
  • Red_Hat_Enterprise_Linux-Release_Notes-7-kn-IN
  • Red_Hat_Enterprise_Linux-Release_Notes-7-ko-KR
  • Red_Hat_Enterprise_Linux-Release_Notes-7-ml-IN
  • Red_Hat_Enterprise_Linux-Release_Notes-7-mr-IN
  • Red_Hat_Enterprise_Linux-Release_Notes-7-or-IN
  • Red_Hat_Enterprise_Linux-Release_Notes-7-pa-IN
  • Red_Hat_Enterprise_Linux-Release_Notes-7-pt-BR
  • Red_Hat_Enterprise_Linux-Release_Notes-7-ru-RU
  • Red_Hat_Enterprise_Linux-Release_Notes-7-ta-IN
  • Red_Hat_Enterprise_Linux-Release_Notes-7-te-IN
  • Red_Hat_Enterprise_Linux-Release_Notes-7-zh-CN
  • Red_Hat_Enterprise_Linux-Release_Notes-7-zh-TW
  • redhat-access-plugin-ipa
  • redhat-bookmarks
  • redhat-lsb-supplemental
  • redhat-lsb-trialuse
  • redhat-upgrade-dracut
  • redhat-upgrade-dracut-plymouth
  • redhat-upgrade-tool
  • redland-mysql
  • redland-pgsql
  • redland-virtuoso
  • regexp
  • relaxngcc
  • rest-devel
  • resteasy-base-jettison-provider
  • resteasy-base-tjws
  • rhdb-utils
  • rhino
  • rhino-demo
  • rhino-javadoc
  • rhino-manual
  • rhythmbox-devel
  • rngom
  • rngom-javadoc
  • rp-pppoe
  • rrdtool-php
  • rrdtool-python
  • rsh
  • rsh-server
  • rsyslog-libdbi
  • rsyslog-udpspoof
  • rtcheck
  • rtctl
  • ruby-tcltk
  • rubygem-net-http-persistent
  • rubygem-net-http-persistent-doc
  • rubygem-thor
  • rubygem-thor-doc
  • rusers
  • rusers-server
  • rwho
  • sac-javadoc
  • samba-dc
  • samba-devel
  • satyr-devel
  • satyr-python
  • saxon
  • saxon-demo
  • saxon-javadoc
  • saxon-manual
  • saxon-scripts
  • sbc-devel
  • sblim-cim-client2
  • sblim-cim-client2-javadoc
  • sblim-cim-client2-manual
  • sblim-cmpi-base
  • sblim-cmpi-base-devel
  • sblim-cmpi-base-test
  • sblim-cmpi-fsvol
  • sblim-cmpi-fsvol-devel
  • sblim-cmpi-fsvol-test
  • sblim-cmpi-network
  • sblim-cmpi-network-devel
  • sblim-cmpi-network-test
  • sblim-cmpi-nfsv3
  • sblim-cmpi-nfsv3-test
  • sblim-cmpi-nfsv4
  • sblim-cmpi-nfsv4-test
  • sblim-cmpi-params
  • sblim-cmpi-params-test
  • sblim-cmpi-sysfs
  • sblim-cmpi-sysfs-test
  • sblim-cmpi-syslog
  • sblim-cmpi-syslog-test
  • sblim-gather
  • sblim-gather-devel
  • sblim-gather-provider
  • sblim-gather-test
  • sblim-indication_helper
  • sblim-indication_helper-devel
  • sblim-smis-hba
  • sblim-testsuite
  • sblim-wbemcli
  • scannotation
  • scannotation-javadoc
  • scpio
  • screen
  • SDL-static
  • seahorse-nautilus
  • seahorse-sharing
  • sendmail-sysvinit
  • setools-devel
  • setools-gui
  • setools-libs-tcl
  • setuptool
  • shared-desktop-ontologies
  • shared-desktop-ontologies-devel
  • shim-unsigned-ia32
  • shim-unsigned-x64
  • sisu
  • sisu-parent
  • slang-slsh
  • slang-static
  • smbios-utils
  • smbios-utils-bin
  • smbios-utils-python
  • snakeyaml
  • snakeyaml-javadoc
  • snapper
  • snapper-devel
  • snapper-libs
  • sntp
  • SOAPpy
  • soprano
  • soprano-apidocs
  • soprano-devel
  • source-highlight-devel
  • sox
  • sox-devel
  • speex-tools
  • spice-xpi
  • sqlite-tcl
  • squid-migration-script
  • squid-sysvinit
  • sssd-libwbclient-devel
  • sssd-polkit-rules
  • stax2-api
  • stax2-api-javadoc
  • strigi
  • strigi-devel
  • strigi-libs
  • strongimcv
  • subversion-kde
  • subversion-python
  • subversion-ruby
  • sudo-devel
  • suitesparse-doc
  • suitesparse-static
  • supermin-helper
  • svgpart
  • svrcore
  • svrcore-devel
  • sweeper
  • syslinux-devel
  • syslinux-perl
  • system-config-date
  • system-config-date-docs
  • system-config-firewall
  • system-config-firewall-base
  • system-config-firewall-tui
  • system-config-keyboard
  • system-config-keyboard-base
  • system-config-language
  • system-config-printer
  • system-config-users-docs
  • system-switch-java
  • systemd-sysv
  • t1lib
  • t1lib-apps
  • t1lib-devel
  • t1lib-static
  • t1utils
  • taglib-doc
  • talk
  • talk-server
  • tang-nagios
  • targetd
  • tcl-pgtcl
  • tclx
  • tclx-devel
  • tcp_wrappers
  • tcp_wrappers-devel
  • tcp_wrappers-libs
  • teamd-devel
  • teckit-devel
  • telepathy-farstream
  • telepathy-farstream-devel
  • telepathy-filesystem
  • telepathy-gabble
  • telepathy-glib
  • telepathy-glib-devel
  • telepathy-glib-vala
  • telepathy-haze
  • telepathy-logger
  • telepathy-logger-devel
  • telepathy-mission-control
  • telepathy-mission-control-devel
  • telepathy-salut
  • tex-preview
  • texinfo
  • texlive-collection-documentation-base
  • texlive-mh
  • texlive-mh-doc
  • texlive-misc
  • texlive-thailatex
  • texlive-thailatex-doc
  • tix-doc
  • tncfhh
  • tncfhh-devel
  • tncfhh-examples
  • tncfhh-libs
  • tncfhh-utils
  • tog-pegasus-test
  • tokyocabinet-devel-doc
  • tomcat
  • tomcat-admin-webapps
  • tomcat-docs-webapp
  • tomcat-el-2.2-api
  • tomcat-javadoc
  • tomcat-jsp-2.2-api
  • tomcat-jsvc
  • tomcat-lib
  • tomcat-servlet-3.0-api
  • tomcat-webapps
  • totem-devel
  • totem-pl-parser-devel
  • tracker-devel
  • tracker-docs
  • tracker-needle
  • tracker-preferences
  • trang
  • trousers-static
  • txw2
  • txw2-javadoc
  • unique3
  • unique3-devel
  • unique3-docs
  • uriparser
  • uriparser-devel
  • usbguard-devel
  • usbredir-server
  • ustr
  • ustr-debug
  • ustr-debug-static
  • ustr-devel
  • ustr-static
  • uuid-c++
  • uuid-c++-devel
  • uuid-dce
  • uuid-dce-devel
  • uuid-perl
  • uuid-php
  • v4l-utils
  • v4l-utils-devel-tools
  • vala-doc
  • valadoc
  • valadoc-devel
  • valgrind-openmpi
  • velocity-demo
  • velocity-javadoc
  • velocity-manual
  • vemana2000-fonts
  • vigra
  • vigra-devel
  • virtuoso-opensource
  • virtuoso-opensource-utils
  • vlgothic-p-fonts
  • vsftpd-sysvinit
  • vte3
  • vte3-devel
  • wayland-doc
  • webkitgtk3
  • webkitgtk3-devel
  • webkitgtk3-doc
  • webkitgtk4-doc
  • webrtc-audio-processing-devel
  • weld-parent
  • whois
  • woodstox-core
  • woodstox-core-javadoc
  • wordnet
  • wordnet-browser
  • wordnet-devel
  • wordnet-doc
  • ws-commons-util
  • ws-commons-util-javadoc
  • ws-jaxme
  • ws-jaxme-javadoc
  • ws-jaxme-manual
  • wsdl4j
  • wsdl4j-javadoc
  • wvdial
  • x86info
  • xchat-tcl
  • xdg-desktop-portal-devel
  • xerces-c
  • xerces-c-devel
  • xerces-c-doc
  • xerces-j2-demo
  • xerces-j2-javadoc
  • xferstats
  • xguest
  • xhtml2fo-style-xsl
  • xhtml2ps
  • xisdnload
  • xml-commons-apis-javadoc
  • xml-commons-apis-manual
  • xml-commons-apis12
  • xml-commons-apis12-javadoc
  • xml-commons-apis12-manual
  • xml-commons-resolver-javadoc
  • xmlgraphics-commons
  • xmlgraphics-commons-javadoc
  • xmlrpc-c-apps
  • xmlrpc-client
  • xmlrpc-common
  • xmlrpc-javadoc
  • xmlrpc-server
  • xmlsec1-gcrypt-devel
  • xmlsec1-nss-devel
  • xmlto-tex
  • xmlto-xhtml
  • xmltoman
  • xorg-x11-apps
  • xorg-x11-drv-intel-devel
  • xorg-x11-drv-keyboard
  • xorg-x11-drv-mouse
  • xorg-x11-drv-mouse-devel
  • xorg-x11-drv-openchrome
  • xorg-x11-drv-openchrome-devel
  • xorg-x11-drv-synaptics
  • xorg-x11-drv-synaptics-devel
  • xorg-x11-drv-vmmouse
  • xorg-x11-drv-void
  • xorg-x11-server-source
  • xorg-x11-xkb-extras
  • xpp3
  • xpp3-javadoc
  • xpp3-minimal
  • xsettings-kde
  • xstream
  • xstream-javadoc
  • xulrunner
  • xulrunner-devel
  • xz-compat-libs
  • yelp-xsl-devel
  • yum-langpacks
  • yum-NetworkManager-dispatcher
  • yum-plugin-filter-data
  • yum-plugin-fs-snapshot
  • yum-plugin-keys
  • yum-plugin-list-data
  • yum-plugin-local
  • yum-plugin-merge-conf
  • yum-plugin-ovl
  • yum-plugin-post-transaction-actions
  • yum-plugin-pre-transaction-actions
  • yum-plugin-protectbase
  • yum-plugin-ps
  • yum-plugin-rpm-warm-cache
  • yum-plugin-show-leaves
  • yum-plugin-upgrade-helper
  • yum-plugin-verify
  • yum-updateonboot

9.2. Deprecated Device Drivers

The following device drivers continue to be supported until the end of life of Red Hat Enterprise Linux 7 but will likely not be supported in future major releases of this product and are not recommended for new deployments.

  • 3w-9xxx
  • 3w-sas
  • aic79xx
  • aoe
  • arcmsr
  • ata drivers:

    • acard-ahci
    • sata_mv
    • sata_nv
    • sata_promise
    • sata_qstor
    • sata_sil
    • sata_sil24
    • sata_sis
    • sata_svw
    • sata_sx4
    • sata_uli
    • sata_via
    • sata_vsc
  • bfa
  • cxgb3
  • cxgb3i
  • e1000
  • floppy
  • hptiop
  • initio
  • isci
  • iw_cxgb3
  • mptbase
  • mptctl
  • mptsas
  • mptscsih
  • mptspi
  • mtip32xx
  • mvsas
  • mvumi
  • OSD drivers:

    • osd
    • libosd
  • osst
  • pata drivers:

    • pata_acpi
    • pata_ali
    • pata_amd
    • pata_arasan_cf
    • pata_artop
    • pata_atiixp
    • pata_atp867x
    • pata_cmd64x
    • pata_cs5536
    • pata_hpt366
    • pata_hpt37x
    • pata_hpt3x2n
    • pata_hpt3x3
    • pata_it8213
    • pata_it821x
    • pata_jmicron
    • pata_marvell
    • pata_netcell
    • pata_ninja32
    • pata_oldpiix
    • pata_pdc2027x
    • pata_pdc202xx_old
    • pata_piccolo
    • pata_rdc
    • pata_sch
    • pata_serverworks
    • pata_sil680
    • pata_sis
    • pata_via
    • pdc_adma
  • pm80xx(pm8001)
  • pmcraid
  • qla3xxx
  • qlcnic
  • qlge
  • stex
  • sx8
  • tulip
  • ufshcd
  • wireless drivers:

    • carl9170
    • iwl4965
    • iwl3945
    • mwl8k
    • rt73usb
    • rt61pci
    • rtl8187
    • wil6210

9.3. Deprecated Adapters

The following adapters continue to be supported until the end of life of Red Hat Enterprise Linux 7 but will likely not be supported in future major releases of this product and are not recommended for new deployments. Other adapters from the mentioned drivers that are not listed here remain unchanged.

PCI IDs are in the format of vendor:device:subvendor:subdevice. If the subdevice or subvendor:subdevice entry is not listed, devices with any values of such missing entries have been deprecated.

To check the PCI IDs of the hardware on your system, run the lspci -nn command.

  • The following adapters from the aacraid driver have been deprecated:

    • PERC 2/Si (Iguana/PERC2Si), PCI ID 0x1028:0x0001:0x1028:0x0001
    • PERC 3/Di (Opal/PERC3Di), PCI ID 0x1028:0x0002:0x1028:0x0002
    • PERC 3/Si (SlimFast/PERC3Si), PCI ID 0x1028:0x0003:0x1028:0x0003
    • PERC 3/Di (Iguana FlipChip/PERC3DiF), PCI ID 0x1028:0x0004:0x1028:0x00d0
    • PERC 3/Di (Viper/PERC3DiV), PCI ID 0x1028:0x0002:0x1028:0x00d1
    • PERC 3/Di (Lexus/PERC3DiL), PCI ID 0x1028:0x0002:0x1028:0x00d9
    • PERC 3/Di (Jaguar/PERC3DiJ), PCI ID 0x1028:0x000a:0x1028:0x0106
    • PERC 3/Di (Dagger/PERC3DiD), PCI ID 0x1028:0x000a:0x1028:0x011b
    • PERC 3/Di (Boxster/PERC3DiB), PCI ID 0x1028:0x000a:0x1028:0x0121
    • catapult, PCI ID 0x9005:0x0283:0x9005:0x0283
    • tomcat, PCI ID 0x9005:0x0284:0x9005:0x0284
    • Adaptec 2120S (Crusader), PCI ID 0x9005:0x0285:0x9005:0x0286
    • Adaptec 2200S (Vulcan), PCI ID 0x9005:0x0285:0x9005:0x0285
    • Adaptec 2200S (Vulcan-2m), PCI ID 0x9005:0x0285:0x9005:0x0287
    • Legend S220 (Legend Crusader), PCI ID 0x9005:0x0285:0x17aa:0x0286
    • Legend S230 (Legend Vulcan), PCI ID 0x9005:0x0285:0x17aa:0x0287
    • Adaptec 3230S (Harrier), PCI ID 0x9005:0x0285:0x9005:0x0288
    • Adaptec 3240S (Tornado), PCI ID 0x9005:0x0285:0x9005:0x0289
    • ASR-2020ZCR SCSI PCI-X ZCR (Skyhawk), PCI ID 0x9005:0x0285:0x9005:0x028a
    • ASR-2025ZCR SCSI SO-DIMM PCI-X ZCR (Terminator), PCI ID 0x9005:0x0285:0x9005:0x028b
    • ASR-2230S + ASR-2230SLP PCI-X (Lancer), PCI ID 0x9005:0x0286:0x9005:0x028c
    • ASR-2130S (Lancer), PCI ID 0x9005:0x0286:0x9005:0x028d
    • AAR-2820SA (Intruder), PCI ID 0x9005:0x0286:0x9005:0x029b
    • AAR-2620SA (Intruder), PCI ID 0x9005:0x0286:0x9005:0x029c
    • AAR-2420SA (Intruder), PCI ID 0x9005:0x0286:0x9005:0x029d
    • ICP9024RO (Lancer), PCI ID 0x9005:0x0286:0x9005:0x029e
    • ICP9014RO (Lancer), PCI ID 0x9005:0x0286:0x9005:0x029f
    • ICP9047MA (Lancer), PCI ID 0x9005:0x0286:0x9005:0x02a0
    • ICP9087MA (Lancer), PCI ID 0x9005:0x0286:0x9005:0x02a1
    • ICP5445AU (Hurricane44), PCI ID 0x9005:0x0286:0x9005:0x02a3
    • ICP9085LI (Marauder-X), PCI ID 0x9005:0x0285:0x9005:0x02a4
    • ICP5085BR (Marauder-E), PCI ID 0x9005:0x0285:0x9005:0x02a5
    • ICP9067MA (Intruder-6), PCI ID 0x9005:0x0286:0x9005:0x02a6
    • Themisto Jupiter Platform, PCI ID 0x9005:0x0287:0x9005:0x0800
    • Themisto Jupiter Platform, PCI ID 0x9005:0x0200:0x9005:0x0200
    • Callisto Jupiter Platform, PCI ID 0x9005:0x0286:0x9005:0x0800
    • ASR-2020SA SATA PCI-X ZCR (Skyhawk), PCI ID 0x9005:0x0285:0x9005:0x028e
    • ASR-2025SA SATA SO-DIMM PCI-X ZCR (Terminator), PCI ID 0x9005:0x0285:0x9005:0x028f
    • AAR-2410SA PCI SATA 4ch (Jaguar II), PCI ID 0x9005:0x0285:0x9005:0x0290
    • CERC SATA RAID 2 PCI SATA 6ch (DellCorsair), PCI ID 0x9005:0x0285:0x9005:0x0291
    • AAR-2810SA PCI SATA 8ch (Corsair-8), PCI ID 0x9005:0x0285:0x9005:0x0292
    • AAR-21610SA PCI SATA 16ch (Corsair-16), PCI ID 0x9005:0x0285:0x9005:0x0293
    • ESD SO-DIMM PCI-X SATA ZCR (Prowler), PCI ID 0x9005:0x0285:0x9005:0x0294
    • AAR-2610SA PCI SATA 6ch, PCI ID 0x9005:0x0285:0x103C:0x3227
    • ASR-2240S (SabreExpress), PCI ID 0x9005:0x0285:0x9005:0x0296
    • ASR-4005, PCI ID 0x9005:0x0285:0x9005:0x0297
    • IBM 8i (AvonPark), PCI ID 0x9005:0x0285:0x1014:0x02F2
    • IBM 8i (AvonPark Lite), PCI ID 0x9005:0x0285:0x1014:0x0312
    • IBM 8k/8k-l8 (Aurora), PCI ID 0x9005:0x0286:0x1014:0x9580
    • IBM 8k/8k-l4 (Aurora Lite), PCI ID 0x9005:0x0286:0x1014:0x9540
    • ASR-4000 (BlackBird), PCI ID 0x9005:0x0285:0x9005:0x0298
    • ASR-4800SAS (Marauder-X), PCI ID 0x9005:0x0285:0x9005:0x0299
    • ASR-4805SAS (Marauder-E), PCI ID 0x9005:0x0285:0x9005:0x029a
    • ASR-3800 (Hurricane44), PCI ID 0x9005:0x0286:0x9005:0x02a2
    • Perc 320/DC, PCI ID 0x9005:0x0285:0x1028:0x0287
    • Adaptec 5400S (Mustang), PCI ID 0x1011:0x0046:0x9005:0x0365
    • Adaptec 5400S (Mustang), PCI ID 0x1011:0x0046:0x9005:0x0364
    • Dell PERC2/QC, PCI ID 0x1011:0x0046:0x9005:0x1364
    • HP NetRAID-4M, PCI ID 0x1011:0x0046:0x103c:0x10c2
    • Dell Catchall, PCI ID 0x9005:0x0285:0x1028
    • Legend Catchall, PCI ID 0x9005:0x0285:0x17aa
    • Adaptec Catch All, PCI ID 0x9005:0x0285
    • Adaptec Rocket Catch All, PCI ID 0x9005:0x0286
    • Adaptec NEMER/ARK Catch All, PCI ID 0x9005:0x0288
  • The following adapters from the mpt2sas driver have been deprecated:

    • SAS2004, PCI ID 0x1000:0x0070
    • SAS2008, PCI ID 0x1000:0x0072
    • SAS2108_1, PCI ID 0x1000:0x0074
    • SAS2108_2, PCI ID 0x1000:0x0076
    • SAS2108_3, PCI ID 0x1000:0x0077
    • SAS2116_1, PCI ID 0x1000:0x0064
    • SAS2116_2, PCI ID 0x1000:0x0065
    • SSS6200, PCI ID 0x1000:0x007E
  • The following adapters from the megaraid_sas driver have been deprecated:

    • Dell PERC5, PCI ID 0x1028:0x0015
    • SAS1078R, PCI ID 0x1000:0x0060
    • SAS1078DE, PCI ID 0x1000:0x007C
    • SAS1064R, PCI ID 0x1000:0x0411
    • VERDE_ZCR, PCI ID 0x1000:0x0413
    • SAS1078GEN2, PCI ID 0x1000:0x0078
    • SAS0079GEN2, PCI ID 0x1000:0x0079
    • SAS0073SKINNY, PCI ID 0x1000:0x0073
    • SAS0071SKINNY, PCI ID 0x1000:0x0071
  • The following adapters from the qla2xxx driver have been deprecated:

    • ISP24xx, PCI ID 0x1077:0x2422
    • ISP24xx, PCI ID 0x1077:0x2432
    • ISP2422, PCI ID 0x1077:0x5422
    • QLE220, PCI ID 0x1077:0x5432
    • QLE81xx, PCI ID 0x1077:0x8001
    • QLE10000, PCI ID 0x1077:0xF000
    • QLE84xx, PCI ID 0x1077:0x8044
    • QLE8000, PCI ID 0x1077:0x8432
    • QLE82xx, PCI ID 0x1077:0x8021
  • The following adapters from the qla4xxx driver have been deprecated:

    • QLOGIC_ISP8022, PCI ID 0x1077:0x8022
    • QLOGIC_ISP8324, PCI ID 0x1077:0x8032
    • QLOGIC_ISP8042, PCI ID 0x1077:0x8042
  • The following adapters from the be2iscsi driver have been deprecated:

    • BladeEngine 2 (BE2) Devices

      • BladeEngine2 10Gb iSCSI Initiator (generic), PCI ID 0x19a2:0x212
      • OneConnect OCe10101, OCm10101, OCe10102, OCm10102 BE2 adapter family, PCI ID 0x19a2:0x702
      • OCe10100 BE2 adapter family, PCI ID 0x19a2:0x703
    • BladeEngine 3 (BE3) Devices

      • OneConnect TOMCAT iSCSI, PCI ID 0x19a2:0x0712
      • BladeEngine3 iSCSI, PCI ID 0x19a2:0x0222
  • The following Ethernet adapters controlled by the be2net driver have been deprecated:

    • BladeEngine 2 (BE2) Devices

      • OneConnect TIGERSHARK NIC, PCI ID 0x19a2:0x0700
      • BladeEngine2 Network Adapter, PCI ID 0x19a2:0x0211
    • BladeEngine 3 (BE3) Devices

      • OneConnect TOMCAT NIC, PCI ID 0x19a2:0x0710
      • BladeEngine3 Network Adapter, PCI ID 0x19a2:0x0221
  • The following adapters from the lpfc driver have been deprecated:

    • BladeEngine 2 (BE2) Devices

      • OneConnect TIGERSHARK FCoE, PCI ID 0x19a2:0x0704
    • BladeEngine 3 (BE3) Devices

      • OneConnect TOMCAT FCoE, PCI ID 0x19a2:0x0714
    • Fibre Channel (FC) Devices

      • FIREFLY, PCI ID 0x10df:0x1ae5
      • PROTEUS_VF, PCI ID 0x10df:0xe100
      • BALIUS, PCI ID 0x10df:0xe131
      • PROTEUS_PF, PCI ID 0x10df:0xe180
      • RFLY, PCI ID 0x10df:0xf095
      • PFLY, PCI ID 0x10df:0xf098
      • LP101, PCI ID 0x10df:0xf0a1
      • TFLY, PCI ID 0x10df:0xf0a5
      • BSMB, PCI ID 0x10df:0xf0d1
      • BMID, PCI ID 0x10df:0xf0d5
      • ZSMB, PCI ID 0x10df:0xf0e1
      • ZMID, PCI ID 0x10df:0xf0e5
      • NEPTUNE, PCI ID 0x10df:0xf0f5
      • NEPTUNE_SCSP, PCI ID 0x10df:0xf0f6
      • NEPTUNE_DCSP, PCI ID 0x10df:0xf0f7
      • FALCON, PCI ID 0x10df:0xf180
      • SUPERFLY, PCI ID 0x10df:0xf700
      • DRAGONFLY, PCI ID 0x10df:0xf800
      • CENTAUR, PCI ID 0x10df:0xf900
      • PEGASUS, PCI ID 0x10df:0xf980
      • THOR, PCI ID 0x10df:0xfa00
      • VIPER, PCI ID 0x10df:0xfb00
      • LP10000S, PCI ID 0x10df:0xfc00
      • LP11000S, PCI ID 0x10df:0xfc10
      • LPE11000S, PCI ID 0x10df:0xfc20
      • PROTEUS_S, PCI ID 0x10df:0xfc50
      • HELIOS, PCI ID 0x10df:0xfd00
      • HELIOS_SCSP, PCI ID 0x10df:0xfd11
      • HELIOS_DCSP, PCI ID 0x10df:0xfd12
      • ZEPHYR, PCI ID 0x10df:0xfe00
      • HORNET, PCI ID 0x10df:0xfe05
      • ZEPHYR_SCSP, PCI ID 0x10df:0xfe11
      • ZEPHYR_DCSP, PCI ID 0x10df:0xfe12
    • Lancer FCoE CNA Devices

      • OCe15104-FM, PCI ID 0x10df:0xe260
      • OCe15102-FM, PCI ID 0x10df:0xe260
      • OCm15108-F-P, PCI ID 0x10df:0xe260

9.4. Other Deprecated Functionality

Python 2 has been deprecated

In the next major release, RHEL 8, Python 3.6 is the default Python implementation, and only limited support for Python 2.7 is provided.

See the Conservative Python 3 Porting Guide for information on how to migrate large code bases to Python 3.

LVM libraries and LVM Python bindings have been deprecated

The lvm2app library and LVM Python bindings, which are provided by the lvm2-python-libs package, have been deprecated.

Red Hat recommends the following solutions instead:

  • The LVM D-Bus API in combination with the lvm2-dbusd service. This requires using Python version 3.
  • The LVM command-line utilities with JSON formatting. This formatting has been available since the lvm2 package version 2.02.158.
  • The libblockdev library for C and C++.
Mirrored mirror log has been deprecated in LVM

The mirrored mirror log feature of mirrored LVM volumes has been deprecated. A future major release of Red Hat Enterprise Linux will no longer support creating or activating LVM volumes with a mirrored mirror log.

The recommended replacements are:

  • RAID1 LVM volumes. The main advantage of RAID1 volumes is their ability to work even in degraded mode and to recover after a transient failure. For information on converting mirrored volumes to RAID1, see the Converting a Mirrored LVM Device to a RAID1 Device section in the LVM Administration guide.
  • Disk mirror log. To convert a mirrored mirror log to disk mirror log, use the following command: lvconvert --mirrorlog disk my_vg/my_lv.
The clvmd daemon has been deprecated

The clvmd daemon for managing shared storage devices has been deprecated. A future major release of Red Hat Enterprise linux will instead use the lvmlockd daemon.

The lvmetad daemon has been deprecated

The lvmetad daemon for caching metadata has been deprecated. In a future major release of Red Hat Enterprise Linux, LVM will always read metadata from disk.

Previously, autoactivation of logical volumes was indirectly tied to the use_lvmetad setting in the lvm.conf configuration file. The correct way to disable autoactivation continues to be setting auto_activation_volume_list=[] (an empty list) in the lvm.conf file.

The sap-hana-vmware Tuned profile has been deprecated

The sap-hana-vmware Tuned profile has been deprecated. For backward compatibility, this profile is still provided in the tuned-profiles-sap-hana package, but the profile will be removed in future major release of Red Hat Enterprise Linux. The recommended replacement is the sap-hanaTuned profile.

The following packages have been deprecated and will not be included in a future major release of Red Hat Enterprise Linux:

Deprecated packagesProposed replacement package or product

authconfig

authselect

pam_pkcs11

sssd [a]

pam_krb5

sssd

openldap-servers

Depending on the use case, migrate to Identity Management included in Red Hat Enterprise Linux; or to Red Hat Directory Server. [b]

mod_auth_kerb

mod_auth_gssapi

python-kerberos

python-krbV

python-gssapi

python-requests-kerberos

python-requests-gssapi

hesiod

No replacement available.

mod_nss

mod_ssl

mod_revocator

No replacement available.

[a] System Security Services Daemon (SSSD) contains enhanced smart card functionality.
[b] Red Hat Directory Server requires a valid Directory Server subscription. For details, see also What is the support status of the LDAP-server shipped with Red Hat Enterprise Linux? in Red Hat Knowledgebase.
The Clevis HTTP pin has been deprecated

The Clevis HTTP pin has been deprecated and this feature will not be included in the next major version of Red Hat Enterprise Linux and will remain out of the distribution until a further notice.

crypto-utils has been deprecated

The crypto-utils packages have been deprecated, and they will not be available in a future major version of Red Hat Enterprise Linux. You can use tools provided by the openssl, gnutls-utils, and nss-tools packages instead.

NSS SEED ciphers have been deprecated

The Mozilla Network Security Services (NSS) library will not support Transport Layer Security (TLS) cipher suites that use a SEED cipher in a future release. For deployments that rely on SEED ciphers, Red Hat recommends enabling support for other cipher suites. This way, you ensure smooth transitions when NSS will remove support for them.

Note that the SEED ciphers are already disabled by default in RHEL.

All-numeric user and group names in shadow-utils have been deprecated

Creating user and group names consisting purely of numeric characters using the useradd and groupadd commands has been deprecated and will be removed from the system with the next major release. Such names can potentially confuse many tools that work with user and group names and user and group ids (which are numbers).

3DES is removed from the Python SSL default cipher list

The Triple Data Encryption Standard (3DES) algorithm has been removed from the Python SSL default cipher list. This enables Python applications using SSL to be PCI DSS-compliant.

sssd-secrets has been deprecated

The sssd-secrets component of the System Security Services Daemon (SSSD) has been deprecated in Red Hat Enterprise Linux 7.6. This is because Custodia, a secrets service provider, available as a Technology Preview, is no longer actively developed. Use other Identity Management tools to store secrets, for example the Vaults.

Support for earlier IdM servers and for IdM replicas at domain level 0 will be limited

Red Hat does not plan to support using Identity Management (IdM) servers running Red Hat Enterprise Linux (RHEL) 7.3 and earlier with IdM clients of the next major release of RHEL. If you plan to introduce client systems running on the next major version of RHEL into a deployment that is currently managed by IdM servers running on RHEL 7.3 or earlier, be aware that you will need to upgrade the servers, moving them to RHEL 7.4 or later.

In the next major release of RHEL, only domain level 1 replicas will be supported. Before introducing IdM replicas running on the next major version of RHEL into an existing deployment, be aware that you will need to upgrade all IdM servers to RHEL 7.4 or later, and change the domain level to 1.

Consider planning the upgrade in advance if your deployment will be affected.

Bug-fix only support for the nss-pam-ldapd and NIS packages in the next major release of Red Hat Enterprise Linux

The nss-pam-ldapd packages and packages related to the NIS server will be released in the future major release of Red Hat Enterprise Linux but will receive a limited scope of support. Red Hat will accept bug reports but no new requests for enhancements. Customers are advised to migrate to the following replacement solutions:

Affected packagesProposed replacement package or product

nss-pam-ldapd

sssd

ypserv

ypbind

portmap

yp-tools

Identity Management in Red Hat Enterprise Linux

Use the Go Toolset instead of golang

The golang package, previously available in the Optional repository, will no longer receive updates in Red Hat Enterprise Linux 7. Developers are encouraged to use the Go Toolset instead.

mesa-private-llvm will be replaced with llvm-private

The mesa-private-llvm package, which contains the LLVM-based runtime support for Mesa, will be replaced in a future minor release of Red Hat Enterprise Linux 7 with the llvm-private package.

libdbi and libdbi-drivers have been deprecated

The libdbi and libdbi-drivers packages will not be included in the next Red Hat Enterprise Linux (RHEL) major release.

Ansible deprecated in the Extras repository

Ansible and its dependencies will no longer be updated through the Extras repository. Instead, the Red Hat Ansible Engine product has been made available to Red Hat Enterprise Linux subscriptions and will provide access to the official Ansible Engine channel. Customers who have previously installed Ansible and its dependencies from the Extras repository are advised to enable and update from the Ansible Engine channel, or uninstall the packages as future errata will not be provided from the Extras repository.

Ansible was previously provided in Extras (for AMD64 and Intel 64 architectures, and IBM POWER, little endian) as a runtime dependency of, and limited in support to, the Red Hat Enterprise Linux (RHEL) System Roles. Ansible Engine is available today for AMD64 and Intel 64 architectures, with IBM POWER, little endian availability coming soon.

Note that Ansible in the Extras repository was not a part of the Red Hat Enterprise Linux FIPS validation process.

The following packages have been deprecated from the Extras repository:

  • ansible(-doc)
  • libtomcrypt
  • libtommath(-devel)
  • python2-crypto
  • python2-jmespath
  • python-httplib2
  • python-paramiko(-doc)
  • python-passlib
  • sshpass

For more information and guidance, see the Knowledgebase article at https://access.redhat.com/articles/3359651.

Note that Red Hat Enterprise Linux System Roles continue to be distributed though the Extras repository. Although Red Hat Enterprise Linux System Roles no longer depend on the ansible package, installing ansible from the Ansible Engine repository is still needed to run playbooks which use Red Hat Enterprise Linux System Roles.

signtool has been deprecated and moved to unsupported-tools

The signtool tool from the nss packages, which uses insecure signature algorithms, has been deprecated. The signtool executable has been moved to the /usr/lib64/nss/unsupported-tools/ or /usr/lib/nss/unsupported-tools/ directory, depending on the platform.

SSL 3.0 and RC4 are disabled by default in NSS

Support for the RC4 ciphers in the TLS protocols and the SSL 3.0 protocol is disabled by default in the NSS library. Applications that require RC4 ciphers or SSL 3.0 protocol for interoperability do not work in default system configuration.

It is possible to re-enable those algorithms by editing the /etc/pki/nss-legacy/nss-rhel7.config file. To re-enable RC4, remove the :RC4 string from the disallow= list. To re-enable SSL 3.0 change the TLS-VERSION-MIN=tls1.0 option to ssl3.0.

TLS compression support has been removed from nss

To prevent security risks, such as the CRIME attack, support for TLS compression in the NSS library has been removed for all TLS versions. This change preserves the API compatibility.

Public web CAs are no longer trusted for code signing by default

The Mozilla CA certificate trust list distributed with Red Hat Enterprise Linux 7.5 no longer trusts any public web CAs for code signing. As a consequence, any software that uses the related flags, such as NSS or OpenSSL, no longer trusts these CAs for code signing by default. The software continues to fully support code signing trust. Additionally, it is still possible to configure CA certificates as trusted for code signing using system configuration.

Sendmail has been deprecated

Sendmail has been deprecated in Red Hat Enterprise Linux 7. Customers are advised to use Postfix, which is configured as the default Mail Transfer Agent (MTA).

dmraid has been deprecated

Since Red Hat Enterprise Linux 7.5, the dmraid packages have been deprecated. It will stay available in Red Hat Enterprise Linux 7 releases but a future major release will no longer support legacy hybrid combined hardware and software RAID host bus adapter (HBA).

Automatic loading of DCCP modules through socket layer is now disabled by default

For security reasons, automatic loading of the Datagram Congestion Control Protocol (DCCP) kernel modules through socket layer is now disabled by default. This ensures that userspace applications can not maliciously load any modules. All DCCP related modules can still be loaded manually through the modprobe program.

The /etc/modprobe.d/dccp-blacklist.conf configuration file for blacklisting the DCCP modules is included in the kernel package. Entries included there can be cleared by editing or removing this file to restore the previous behavior.

Note that any re-installation of the same kernel package or of a different version does not override manual changes. If the file is manually edited or removed, these changes persist across package installations.

rsyslog-libdbi has been deprecated

The rsyslog-libdbi sub-package, which contains one of the less used rsyslog module, has been deprecated and will not be included in a future major release of Red Hat Enterprise Linux. Removing unused or rarely used modules helps users to conveniently find a database output to use.

The inputname option of the rsyslog imudp module has been deprecated

The inputname option of the imudp module for the rsyslog service has been deprecated. Use the name option instead.

SMBv1 is no longer installed with Microsoft Windows 10 and 2016 (updates 1709 and later)

Microsoft announced that the Server Message Block version 1 (SMBv1) protocol will no longer be installed with the latest versions of Microsoft Windows and Microsoft Windows Server. Microsoft also recommends users to disable SMBv1 on earlier versions of these products.

This update impacts Red Hat customers who operate their systems in a mixed Linux and Windows environment. Red Hat Enterprise Linux 7.1 and earlier support only the SMBv1 version of the protocol. Support for SMBv2 was introduced in Red Hat Enterprise Linux 7.2.

For details on how this change affects Red Hat customers, see SMBv1 no longer installed with latest Microsoft Windows 10 and 2016 update (version 1709) in Red Hat Knowledgebase.

The -ok option of the tc command has been deprecated

The -ok option of the tc command has been deprecated and this feature will not be included in the next major version of Red Hat Enterprise Linux.

FedFS has been deprecated

Federated File System (FedFS) has been deprecated because the upstream FedFS project is no longer being actively maintained. Red Hat recommends migrating FedFS installations to use autofs, which provides more flexible functionality.

Btrfs has been deprecated

The Btrfs file system has been in Technology Preview state since the initial release of Red Hat Enterprise Linux 6. Red Hat will not be moving Btrfs to a fully supported feature and it will be removed in a future major release of Red Hat Enterprise Linux.

The Btrfs file system did receive numerous updates from the upstream in Red Hat Enterprise Linux 7.4 and will remain available in the Red Hat Enterprise Linux 7 series. However, this is the last planned update to this feature.

tcp_wrappers deprecated

The tcp_wrappers package has been deprecated. tcp_wrappers provides a library and a small daemon program that can monitor and filter incoming requests for audit, cyrus-imap, dovecot, nfs-utils, openssh, openldap, proftpd, sendmail, stunnel, syslog-ng, vsftpd, and various other network services.

nautilus-open-terminal replaced with gnome-terminal-nautilus

Since Red Hat Enterprise Linux 7.3, the nautilus-open-terminal package has been deprecated and replaced with the gnome-terminal-nautilus package. This package provides a Nautilus extension that adds the Open in Terminal option to the right-click context menu in Nautilus. nautilus-open-terminal is replaced by gnome-terminal-nautilus during the system upgrade.

sslwrap() removed from Python

The sslwrap() function has been removed from Python 2.7. After the 466 Python Enhancement Proposal was implemented, using this function resulted in a segmentation fault. The removal is consistent with upstream.

Red Hat recommends using the ssl.SSLContext class and the ssl.SSLContext.wrap_socket() function instead. Most applications can simply use the ssl.create_default_context() function, which creates a context with secure default settings. The default context uses the system’s default trust store, too.

Symbols from libraries linked as dependencies no longer resolved by ld

Previously, the ld linker resolved any symbols present in any linked library, even if some libraries were linked only implicitly as dependencies of other libraries. This allowed developers to use symbols from the implicitly linked libraries in application code and omit explicitly specifying these libraries for linking.

For security reasons, ld has been changed to not resolve references to symbols in libraries linked implicitly as dependencies.

As a result, linking with ld fails when application code attempts to use symbols from libraries not declared for linking and linked only implicitly as dependencies. To use symbols from libraries linked as dependencies, developers must explicitly link against these libraries as well.

To restore the previous behavior of ld, use the -copy-dt-needed-entries command-line option. (BZ#1292230)

Windows guest virtual machine support limited

As of Red Hat Enterprise Linux 7, Windows guest virtual machines are supported only under specific subscription programs, such as Advanced Mission Critical (AMC).

The libnetlink library contained in the iproute-devel package has been deprecated. The user should use the libnl and libmnl libraries instead.

S3 and S4 power management states for KVM have been deprecated

Native KVM support for the S3 (suspend to RAM) and S4 (suspend to disk) power management states has been discontinued. This feature was previously available as a Technology Preview.

The Certificate Server plug-in udnPwdDirAuth is discontinued

The udnPwdDirAuth authentication plug-in for the Red Hat Certificate Server was removed in Red Hat Enterprise Linux 7.3. Profiles using the plug-in are no longer supported. Certificates created with a profile using the udnPwdDirAuth plug-in are still valid if they have been approved.

Red Hat Access plug-in for IdM is discontinued

The Red Hat Access plug-in for Identity Management (IdM) was removed in Red Hat Enterprise Linux 7.3. During the update, the redhat-access-plugin-ipa package is automatically uninstalled. Features previously provided by the plug-in, such as Knowledgebase access and support case engagement, are still available through the Red Hat Customer Portal. Red Hat recommends to explore alternatives, such as the redhat-support-tool tool.

The Ipsilon identity provider service for federated single sign-on

The ipsilon packages were introduced as Technology Preview in Red Hat Enterprise Linux 7.2. Ipsilon links authentication providers and applications or utilities to allow for single sign-on (SSO).

Red Hat does not plan to upgrade Ipsilon from Technology Preview to a fully supported feature. The ipsilon packages will be removed from Red Hat Enterprise Linux in a future minor release.

Red Hat has released Red Hat Single Sign-On as a web SSO solution based on the Keycloak community project. Red Hat Single Sign-On provides greater capabilities than Ipsilon and is designated as the standard web SSO solution across the Red Hat product portfolio.

Several rsyslog options deprecated

The rsyslog utility version in Red Hat Enterprise Linux 7.4 has deprecated a large number of options. These options no longer have any effect and cause a warning to be displayed.

  • The functionality previously provided by the options -c, -u, -q, -x, -A, -Q, -4, and -6 can be achieved using the rsyslog configuration.
  • There is no replacement for the functionality previously provided by the options -l and -s
Deprecated symbols from the memkind library

The following symbols from the memkind library have been deprecated:

  • memkind_finalize()
  • memkind_get_num_kind()
  • memkind_get_kind_by_partition()
  • memkind_get_kind_by_name()
  • memkind_partition_mmap()
  • memkind_get_size()
  • MEMKIND_ERROR_MEMALIGN
  • MEMKIND_ERROR_MALLCTL
  • MEMKIND_ERROR_GETCPU
  • MEMKIND_ERROR_PMTT
  • MEMKIND_ERROR_TIEDISTANCE
  • MEMKIND_ERROR_ALIGNMENT
  • MEMKIND_ERROR_MALLOCX
  • MEMKIND_ERROR_REPNAME
  • MEMKIND_ERROR_PTHREAD
  • MEMKIND_ERROR_BADPOLICY
  • MEMKIND_ERROR_REPPOLICY
Options of Sockets API Extensions for SCTP (RFC 6458) deprecated

The options SCTP_SNDRCV, SCTP_EXTRCV and SCTP_DEFAULT_SEND_PARAM of Sockets API Extensions for the Stream Control Transmission Protocol have been deprecated per the RFC 6458 specification.

New options SCTP_SNDINFO, SCTP_NXTINFO, SCTP_NXTINFO and SCTP_DEFAULT_SNDINFO have been implemented as a replacement for the deprecated options.

Managing NetApp ONTAP using SSLv2 and SSLv3 is no longer supported by libstorageMgmt

The SSLv2 and SSLv3 connections to the NetApp ONTAP storage array are no longer supported by the libstorageMgmt library. Users can contact NetApp support to enable the Transport Layer Security (TLS) protocol.

dconf-dbus-1 has been deprecated and dconf-editor is now delivered separately

With this update, the dconf-dbus-1 API has been removed. However, the dconf-dbus-1 library has been backported to preserve binary compatibility. Red Hat recommends using the GDBus library instead of dconf-dbus-1.

The dconf-error.h file has been renamed to dconf-enums.h. In addition, the dconf Editor is now delivered in the separate dconf-editor package.

FreeRADIUS no longer accepts Auth-Type := System

The FreeRADIUS server no longer accepts the Auth-Type := System option for the rlm_unix authentication module. This option has been replaced by the use of the unix module in the authorize section of the configuration file.

The libcxgb3 library and the cxgb3 firmware package have been deprecated

The libcxgb3 library provided by the libibverbs package and the cxgb3 firmware package have been deprecated. They continue to be supported in Red Hat Enterprise Linux 7 but will likely not be supported in the next major releases of this product. This change corresponds with the deprecation of the cxgb3, cxgb3i, and iw_cxgb3 drivers listed above.

SFN4XXX adapters have been deprecated

Starting with Red Hat Enterprise Linux 7.4, SFN4XXX Solarflare network adapters have been deprecated. Previously, Solarflare had a single driver sfc for all adapters. Recently, support of SFN4XXX was split from sfc and moved into a new SFN4XXX-only driver, called sfc-falcon. Both drivers continue to be supported at this time, but sfc-falcon and SFN4XXX support is scheduled for removal in a future major release.

Software-initiated-only FCoE storage technologies have been deprecated

The software-initiated-only type of the Fibre Channel over Ethernet (FCoE) storage technology has been deprecated due to limited customer adoption. The software-initiated-only storage technology will remain supported for the life of Red Hat Enterprise Linux 7. The deprecation notice indicates the intention to remove software-initiated-based FCoE support in a future major release of Red Hat Enterprise Linux.

It is important to note that the hardware support and the associated user-space tools (such as drivers, libfc, or libfcoe) are unaffected by this deprecation notice.

For details regarding changes to FCoE support in RHEL 8, see Considerations in adopting RHEL 8.

Target mode in Software FCoE and Fibre Channel has been deprecated
  • Software FCoE:

    The NIC Software FCoE target functionality has been deprecated and will remain supported for the life of Red Hat Enterprise Linux 7. The deprecation notice indicates the intention to remove the NIC Software FCoE target functionality support in a future major release of Red Hat Enterprise Linux. For more information regarding changes to FCoE support in RHEL 8, see Considerations in adopting RHEL 8.

  • Fibre Channel:

    Target mode in Fibre Channel has been deprecated and will remain supported for the life of Red Hat Enterprise Linux 7. Target mode will be disabled for the tcm_fc and qla2xxx drivers in a future major release of Red Hat Enterprise Linux.

Containers using the libvirt-lxc tooling have been deprecated

The following libvirt-lxc packages are deprecated since Red Hat Enterprise Linux 7.1:

  • libvirt-daemon-driver-lxc
  • libvirt-daemon-lxc
  • libvirt-login-shell

Future development on the Linux containers framework is now based on the docker command-line interface. libvirt-lxc tooling may be removed in a future release of Red Hat Enterprise Linux (including Red Hat Enterprise Linux 7) and should not be relied upon for developing custom container management applications.

For more information, see the Red Hat KnowledgeBase article.

The Perl and shell scripts for Directory Server have been deprecated

The Perl and shell scripts, which are provided by the 389-ds-base package, have been deprecated. The scripts will be replaced by new utilities in the next major release of Red Hat Enterprise Linux.

libguestfs can no longer inspect ISO installer files

The libguestfs library does no longer support inspecting ISO installer files, for example using the guestfish or virt-inspector utilities. Use the osinfo-detect command for inspecting ISO files instead. This command can be obtained from the libosinfo package.

Creating internal snapshots of virtual machines has been deprecated

Due to their lack of optimization and stability, internal virtual machine snapshots are now deprecated. In their stead, external snapshots are recommended for use. For more information, including instructions for creating external snapshots, see the Virtualization Deployment and Admnistration Guide.

IVSHMEM has been deprecated

The inter-VM shared memory device (IVSHMEM) feature has been deprecated. Therefore, in a future major release of RHEL, if a virtual machine (VM) is configured to share memory between multiple virtual machines in the form of a PCI device that exposes memory to guests, the VM will fail to boot.

The gnome-shell-browser-plugin subpackage has been deprecated

Since the Firefox Extended Support Release (ESR 60), Firefox no longer supports the Netscape Plugin Application Programming Interface (NPAPI) that was used by the gnome-shell-browser-plugin subpackage. The subpackage, which provided the functionality to install GNOME Shell Extensions, has thus been deprecated. The installation of GNOME Shell Extensions is now handled directly in the gnome-software package.

The VDO read cache has been deprecated

The read cache functionality in Virtual Data Optimizer (VDO) has been deprecated. The read cache is disabled by default on new VDO volumes.

In the next major Red Hat Enterprise Linux release, the read cache functionality will be removed, and you will no longer be able to enable it using the --readCache option of the vdo utility.

cpuid has been deprecated

The cpuid command has been deprecated. A future major release of Red Hat Enterprise Linux will no longer support using cpuid to dump the information about CPUID instruction for each CPU. To obtain similar information, use the lscpu command instead.

KDE has been deprecated

KDE Plasma Workspaces (KDE), which has been provided as an alternative to the default GNOME desktop environment has been deprecated. A future major release of Red Hat Enterprise Linux will no longer support using KDE instead of the default GNOME desktop environment.

Using virt-install with NFS locations is deprecated

With a future major version of Red Hat Enterprise Linux, the virt-install utility will not be able to mount NFS locations. As a consequence, attempting to install a virtual machine using virt-install with a NFS address as a value of the --location option will fail. To work around this change, mount your NFS share prior to using virt-install, or use a HTTP location.

The lwresd daemon has been deprecated

The lwresd daemon, which is a part of the bind package, has been deprecated. A future major release of Red Hat Enterprise Linux will no longer support providing name lookup services to clients that use the BIND 9 lightweight resolver library with lwresd.

The recommended replacements are:

  • The systemd-resolved daemon and nss-resolve API, provided by the systemd package
  • The unbound library API and daemon, provided by the unbound and unbound-libs packages
  • The getaddrinfo and related glibc library calls
The /etc/sysconfig/nfs file and legacy NFS service names have been deprecated

A future major Red Hat Enterprise Linux release will move the NFS configuration from the /etc/sysconfig/nfs file to /etc/nfs.conf.

Red Hat Enterprise Linux 7 currently supports both of these files. Red Hat recommends that you use the new /etc/nfs.conf file to make NFS configuration in all versions of Red Hat Enterprise Linux compatible with automated configuration systems.

Additionally, the following NFS service aliases will be removed and replaced by their upstream names:

  • nfs.service, replaced by nfs-server.service
  • nfs-secure.service, replaced by rpc-gssd.service
  • rpcgssd.service, replaced by rpc-gssd.service
  • nfs-idmap.service, replaced by nfs-idmapd.service
  • rpcidmapd.service, replaced by nfs-idmapd.service
  • nfs-lock.service, replaced by rpc-statd.service
  • nfslock.service, replaced by rpc-statd.service
The JSON export functionality has been removed from the nft utility

Previously, the nft utility provided an export feature, but the exported content could contain internal ruleset representation details, which was likely to change without further notice. For this reason, the deprecated export functionality has been removed from nft starting with RHEL 7.7. Future versions of nft, such as provided by RHEL 8, contain a high-level JSON API. However, this API not available in RHEL 7.7.

The openvswitch-2.0.0-7 package in the RHEL 7 Optional repository has been deprecated

RHEL 7.5 introduced the openvswitch-2.0.0-7.el7 package in the RHEL 7 Optional repository as a dependency of the NetworkManager-ovs package. This dependency no longer exists and, as a result, openvswitch-2.0.0-7.el7 is now deprecated.

Note that Red Hat does not support packages in the RHEL 7 Optional repository and that openvswitch-2.0.0-7.el7 will not be updated in the future. For this reason, do not use this package in production environments.

Deprecated PHP extensions

The following PHP extensions have been deprecated:

  • aspell
  • mysql
  • memcache
Deprecated Apache HTTP Server modules

The following modules of the Apache HTTP Server have been deprecated:

  • mod_file_cache
  • mod_nss
  • mod_perl
Apache Tomcat has been deprecated

The Apache Tomcat server, a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies, has been deprecated. Red Hat recommends that users requiring a servlet container use the JBoss Web Server.

The DES algorithm is deprecated in IdM

Due to security reasons, the Data Encryption Standard (DES) algorithm is deprecated in Identity Management (IdM). The MIT Kerberos libraries provided by the krb5-libs package do not support using the Data Encryption Standard (DES) in new deployments. Use DES only for compatibility reasons if your environment does not support any newer algorithm.

Red Hat also recommends to avoid using RC4 ciphers over Kerberos. While DES is deprecated, the Server Message Block (SMB) protocol still uses RC4. However, the SMB protocol can also use the secure AES algorithms.

For further details, see:

real(kind=16) type support has been removed from libquadmath library

real(kind=16) type support has been removed from the libquadmath library in the compat-libgfortran-41 package in order to preserve ABI compatibility.

Deprecated glibc features

The following features of the GNU C library provided by the glibc packages have been deprecated:

  • the librtkaio library
  • Sun RPC and NIS interfaces
Deprecated features of the GDB debugger

The following features and capabilities of the GDB debugger have been deprecated:

  • debugging Java programs built with the gcj compiler
  • HP-UX XDB compatibility mode and the -xdb option
  • Sun version of the stabs format
Development headers and static libraries from valgrind-devel have been deprecated

The valgrind-devel sub-package includes development files for developing custom Valgrind tools. These files do not have a guaranteed API, have to be linked statically, are unsupported, and thus have been deprecated. Red Hat recommends to use the other development files and header files for valgrind-aware programs from the valgrind-devel package such as valgrind.h, callgrind.h, drd.h, helgrind.h, and memcheck.h, which are stable and well supported.

The nosegneg libraries for 32-bit Xen have been deprecated

The glibc i686 packages contain an alternative glibc build, which avoids the use of the thread descriptor segment register with negative offsets (nosegneg). This alternative build is only used in the 32-bit version of the Xen Project hypervisor without hardware virtualization support, as an optimization to reduce the cost of full paravirtualization. This alternative build is deprecated.

Ada, Go, and Objective C/C++ build capability in GCC has been deprecated

Capability for building code in the Ada (GNAT), GCC Go, and Objective C/C++ languages using the GCC compiler has been deprecated.

To build Go code, use the Go Toolset instead.

Deprecated Kickstart commands and options

The following Kickstart commands and options have been deprecated:

  • upgrade
  • btrfs
  • part btrfs and partition btrfs
  • part --fstype btrfs and partition --fstype btrfs
  • logvol --fstype btrfs
  • raid --fstype btrfs
  • unsupported_hardware

Where only specific options and values are listed, the base command and its other options are not deprecated.

The env option in virt-who has become deprecated

With this update, the virt-who utility no longer uses the env option for hypervisor detection. As a consequence, Red Hat discourages the use of env in your virt-who configurations, as the option will not have the intended effect.

AGP graphics card have been deprecatd

Graphics cards using the Accelerated Graphics Port (AGP) bus have been deprecated and are not supported in RHEL 8. AGP graphics cards are rarely used in 64-bit machines and the bus has been replaced by PCI-Express.

The copy_file_range() call has been disabled on local file systems and in NFS

The copy_file_range() system call on local file systems contains multiple issues that are difficult to fix. To avoid file corruptions, copy_file_range() support on local file systems has been disabled in RHEL 7.8. If an application uses the call in this case, copy_file_range() now returns an ENOSYS error.

For the same reason, the server-side-copy feature has been disabled in the NFS server. However, the NFS client still supports copy_file_range() when accessing a server that supports server-side-copy.

Appendix A. Component Versions

This appendix provides a list of key components and their versions in the Red Hat Enterprise Linux 7 release.

Table A.1. Component Versions
ComponentVersion

kernel

3.10.0-1127

kernel-alt

4.14.0-115

QLogic qla2xxx driver

10.01.00.20.07.8-k

QLogic qla4xxx driver

5.04.00.00.07.02-k0

Emulex lpfc driver

0:12.0.0.13

iSCSI initiator utils (iscsi-initiator-utils)

6.2.0.874-17

DM-Multipath (device-mapper-multipath)

0.4.9-131

LVM (lvm2)

2.02.186-7

qemu-kvm[a]

1.5.3-173

qemu-kvm-ma[b]

2.12.0-33

[a] The qemu-kvm packages provide KVM virtualization on AMD64 and Intel 64 systems.
[b] The qemu-kvm-ma packages provide KVM virtualization on IBM POWER8, IBM POWER9, and IBM Z. Note that KVM virtualization on IBM POWER9 and IBM Z also requires using the kernel-alt packages.

Appendix B. List of tickets by component

ComponentTickets

389-ds-base

BZ#1740693, BZ#1662461, BZ#1732053, BZ#1749236, BZ#1639342, BZ#1723545, BZ#1724914, BZ#1739182, BZ#1749595, BZ#1756182, BZ#1685059

anaconda

BZ#1680606, BZ#1712987, BZ#1767612

ansible

BZ#1410996, BZ#1439896, BZ#1660838

bind

BZ#1758317

corosync

BZ#1413573

criu

BZ#1400230

custodia

BZ#1403214

desktop

BZ#1509444, BZ#1481411

dnf

BZ#1461652

fence-agents

BZ#1476401

filesystems

BZ#1666535, BZ#1274459, BZ#1111712, BZ#1206277, BZ#1477977

firewalld

BZ#1738785, BZ#1723610, BZ#1637675, BZ#1713823

freeradius

BZ#1463673

fwupd

BZ#1623466

gnome-shell

BZ#1720286, BZ#1539772, BZ#1481395

hardware-enablement

BZ#1660791, BZ#1062759, BZ#1384452, BZ#1519746, BZ#1454918, BZ#1454916

identity-management

BZ#1405325

ipa

BZ#1711172, BZ#1544470, BZ#1754494, BZ#1733209, BZ#1691939, BZ#1583950, BZ#1755223, BZ#1115294, BZ#1298286, BZ#1518939

java-1.8.0-openjdk

BZ#1498932, BZ#1746874

kernel-rt

BZ#1708718, BZ#1550584

kernel

BZ#1801759, BZ#1713642, BZ#1373519, BZ#1808458, BZ#1724027, BZ#1708465, BZ#1722855, BZ#1772107, BZ#1737111, BZ#1770232, BZ#1787295, BZ#1807077, BZ#1559615, BZ#1230959, BZ#1460849, BZ#1464377, BZ#1457533, BZ#1503123, BZ#1589397, BZ#1726642

kexec-tools

BZ#1723492

libcacard

BZ#917867

libguestfs

BZ#1387213

libreswan

BZ#1375750

libteam

BZ#1704451

libvirt

BZ#1475770

lorax-composer

BZ#1718473

lvm2

BZ#1642162

mariadb

BZ#1731062

networking

BZ#1712737, BZ#1712918, BZ#1722686, BZ#1698551, BZ#1729033, BZ#1700691, BZ#1711520, BZ#1062656, BZ#916384, BZ#916382, BZ#755087, BZ#1259547, BZ#1393375

nss

BZ#1431210, BZ#1425514, BZ#1432142

openscap

BZ#1767826

ovmf

BZ#653382

pacemaker

BZ#1710422, BZ#1781820

pcs

BZ#1433016

perl-Socket

BZ#1693293

pki-core

BZ#1523330

python-blivet

BZ#1632274

python-kdcproxy

BZ#1746107

rear

BZ#1693608

resource-agents

BZ#1513957

rsyslog

BZ#1309698

samba

BZ#1724991

scap-security-guide

BZ#1691336, BZ#1755192, BZ#1791583, BZ#1726698, BZ#1777862

selinux-policy

BZ#1687497, BZ#1727379, BZ#1651253, BZ#1752577

services

BZ#1749776

sos

BZ#1704957

sssd

BZ#1068725

storage

BZ#1649493, BZ#1642968, BZ#1710533, BZ#1703180, BZ#1109348, BZ#1119909, BZ#1414957

systemd

BZ#1284974

tools

BZ#1569484

usbguard

BZ#1480100

virtualization

BZ#1607311, BZ#1746771, BZ#1751054, BZ#1773478, BZ#1103193, BZ#1348508, BZ#1299662, BZ#1661654

Appendix C. Revision History

0.1-2

Fri Apr 28 2023, Lucie Vařáková (lvarakova@redhat.com)

  • Added a known issue (Authentication and Interoperability).
0.1-1

Tue Mar 02 2021, Lenka Špačková (lspackova@redhat.com)

0.1-0

Thu Jun 25 2020, Jaroslav Klech (jklech@redhat.com)

  • Various improvements to Device Drivers chapter.
0.0-9

Thu Jun 18 2020, Lenka Špačková (lspackova@redhat.com)

  • Added a known issue related to Audit (Security).
0.0-8

Thu May 28 2020, Lenka Špačková (lspackova@redhat.com)

  • Added the qlcnic and qlge drivers to the list of deprecated drivers.
0.0-7

Tue May 05 2020, Lenka Špačková (lspackova@redhat.com)

  • Added an enhancement related to GNOME.
0.0-6

Tue Apr 28 2020, Lenka Špačková (lspackova@redhat.com)

  • Updated information about in-place upgrades in Overview.
0.0-5

Fri Apr 3 2020, Lenka Špačková (lspackova@redhat.com)

  • Added a known issue (Networking).
  • Added a bug fix (Authentication and Interoperability).
  • Added a deprecated functionality (NSS SEED ciphers).
0.0-4

Wed Apr 1 2020, Lenka Špačková (lspackova@redhat.com)

  • Aero adapters are now fully supported (Hardware Enablement).
  • Added a known issue (Servers and Services).
0.0-3

Tue Mar 31 2020, Lenka Špačková (lspackova@redhat.com)

  • Release of the Red Hat Enterprise Linux 7.8 Release Notes.
0.0-2

Wed Feb 12 2020, Lenka Špačková (lspackova@redhat.com)

  • Provided a complete kernel version to Architectures and New Features chapters.
  • Various additions and updates to individual release note descriptions.
0.0-1

Mon Feb 03 2020, Lenka Špačková (lspackova@redhat.com)

  • Added Important Changes to External Kernel Parameters.
  • Added Device Drivers.
  • Various additions and updates to individual release note descriptions.
0.0-0

Tue Oct 29 2019, Lenka Špačková (lspackova@redhat.com)

  • Release of the Red Hat Enterprise Linux 7.8 Beta Release Notes.

Legal Notice

Copyright © 2024 Red Hat, Inc.
The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, the Red Hat logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
Node.js® is an official trademark of Joyent. Red Hat is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
The OpenStack® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.
All other trademarks are the property of their respective owners.
Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.