7.8 Release Notes
Release Notes for Red Hat Enterprise Linux 7.8
Abstract
Preface
Red Hat Enterprise Linux (RHEL) minor releases are an aggregation of individual security, enhancement, and bug fix errata. The Red Hat Enterprise Linux 7 Release Notes document describes the major changes made to the Red Hat Enterprise Linux 7 operating system and its accompanying applications for this minor release, as well as known problems and a complete list of all currently available Technology Previews.
Chapter 1. Overview
Product life cycle
Red Hat Enterprise Linux 7 is now in the Maintenance Support phase of the product life cycle. Future minor releases will focus on retaining and improving stability and reliability rather than adding new features. See the Red Hat Enterprise Linux Life Cycle document for more details.
In-place upgrade
An in-place upgrade offers a way of upgrading a system to a new major release of Red Hat Enterprise Linux by replacing the existing operating system. For a list of currently supported upgrade pahts, see Supported in-place upgrade paths for Red Hat Enterprise Linux.
In-place upgrade from RHEL 7 to RHEL 8
With the release of RHEL 8.2, the supported in-place upgrade path is:
- From RHEL 7.8 to RHEL 8.2 on the 64-bit Intel, IBM POWER 8 (little endian), and IBM Z architectures
- From RHEL 7.6 to RHEL 8.2 on architectures that require kernel version 4.14: 64-bit ARM, IBM POWER 9 (little endian), or IBM Z (Structure A)
Instructions on how to perform an in-place upgrade from RHEL 7 to RHEL 8 using the Leapp
utility are provided by the document Upgrading from RHEL 7 to RHEL 8. Major differences between RHEL 7 and RHEL 8 are documented in Considerations in adopting RHEL 8. The Leapp
utility is available in the RHEL 7 Extras repository.
If you are using CentOS Linux 7 or Oracle Linux 7, you can convert your operating system to RHEL 7 using the convert2rhel
utility prior to upgrading to RHEL 8. For instructions, see How to convert from CentOS Linux or Oracle Linux to RHEL.
In-place upgrade from RHEL 6 to RHEL 7
The procedure of an in-place upgrade from RHEL 6 to RHEL 7 and the usage of the Preupgrade Assistant
and the Red Hat Upgrade Tool
is documented in the Upgrading from RHEL 6 to RHEL 7 guide. Significant differences between the two major releases are documented in the Migration Planning Guide. Note that the Preupgrade Assistant
and the Red Hat Upgrade Tool
are available in the RHEL 6 Extras repository.
If you are using CentOS Linux 6 or Oracle Linux 6, you can convert your operating system to RHEL 6 using the convert2rhel
utility prior to upgrading to RHEL 7. For instructions, see How to convert from CentOS Linux or Oracle Linux to RHEL.
Security
SCAP Security Guide now provides a profile compliant with the Australian Cyber Security Centre (ACSC) Essential Eight Maturity Model.
See Section 4.11, “Security” for more information.
Desktop
Workspace switcher in the GNOME Classic environment has been modified. The switcher is now located in the right part of the bottom bar, and it is designed as a horizontal strip of thumbnails. Switching between workspaces is possible by clicking on the required thumbnail. For details, see Section 4.5, “Desktop”.
Additional resources
- Capabilities and limits of Red Hat Enterprise Linux 7 as compared to other versions of the system are available in the Knowledgebase article Red Hat Enterprise Linux technology capabilities and limits.
- The Package Manifest document provides a package listing for RHEL 7.
- The Red Hat Insights service, which enables you to proactively identify, examine, and resolve known technical issues, is now available with all RHEL subscriptions. For instructions on how to install the Red Hat Insights client and register your system to the service, see the Red Hat Insights Get Started page.
Red Hat Customer Portal Labs is a set of tools in a section of the Customer Portal. The applications in Red Hat Customer Portal Labs can help you improve performance, quickly troubleshoot issues, identify security problems, and quickly deploy and configure complex applications. Some of the most popular applications are:
Chapter 2. Architectures
Red Hat Enterprise Linux 7 is available on the following architectures: [1]
The Red Hat Enterprise Linux 7 is distributed with the kernel version 3.10.0-1127, which provides support for the following architectures:
- 64-bit AMD
- 64-bit Intel
- IBM POWER7+ (big endian)
- IBM POWER8 (big endian)
- IBM POWER8 (little endian)
- IBM Z (kernel version 3.10)
The following architectures remain fully supported and continue to receive z-stream security and bug fix updates in accordance with the Red Hat Enterprise Linux Life Cycle:
- IBM POWER9 (little endian)
- IBM Z - Structure A (kernel version 4.14)
- 64-bit ARM
Chapter 3. Important Changes to External Kernel Parameters
This chapter provides system administrators with a summary of significant changes in the kernel shipped with Red Hat Enterprise Linux 7. These changes include added or updated proc
entries, sysctl
, and sysfs
default values, boot parameters, kernel configuration options, or any noticeable behavior changes.
New kernel parameters
- audit = [KNL]
This parameter enables the audit sub-system.
The value is either 1 = enabled or 0 = disabled. The default value is unset, which is not a new option, but it was previously undocumented.
Format: { "0" | "1" }
- audit_backlog_limit = [KNL]
This parameter sets the audit queue size limit.
The default value is 64.
Format: <int> (must be >=0)
- ipcmni_extend [KNL]
- This parameter extends the maximum number of unique System V IPC identifiers from 32 768 to 16 777 216.
- nospectre_v1 [X86,PPC]
This parameter disables mitigations for Spectre Variant 1 (bounds check bypass).
With this option data leaks are possible in the system.
- tsx = [X86]
This parameter controls Transactional Synchronization Extensions (TSX) feature in Intel processors that support TSX control.
The options are:
-
on
- Enable TSX on the system. Although there are mitigations for all known security vulnerabilities, TSX has been known to be an accelerator for several previous speculation-related CVEs, and so there may be unknown security risks associated with leaving it enabled. -
off
- Disable TSX on the system. Note that this option takes effect only on newer CPUs which are not vulnerable to Microarchitectural Data Sampling (MDS). In other words, they haveMSR_IA32_ARCH_CAPABILITIES.MDS_NO=1
and get the newIA32_TSX_CTRL
Model-specific register (MSR) through a microcode update. This new MSR allows for a reliable deactivation of the TSX functionality. auto
- Disable TSX ifX86_BUG_TAA
is present, otherwise enable TSX on the system.Not specifying this option is equivalent to
tsx=on
as Red Hat has implicitly made TSX enabled.For more details, see documentation of TAA - TSX Asynchronous Abort.
-
- tsx_async_abort = [X86,INTEL]
This parameter controls mitigation for the TSX Async Abort (TAA) vulnerability.
Similar to Micro-architectural Data Sampling (MDS), certain CPUs that support Transactional Synchronization Extensions (TSX) are vulnerable to an exploit against CPU internal buffers. The exploit can forward information to a disclosure gadget under certain conditions.
In vulnerable processors, the speculatively forwarded data can be used in a cache side channel attack, to access data to which the attacker does not have direct access.
The options are:
-
full
- Enable TAA mitigation on vulnerable CPUs if TSX is enabled. -
full,nosmt
- Enable TAA mitigation and disable Simultaneous Multi Threading (SMT) on vulnerable CPUs. If TSX is disabled, SMT is not disabled because CPU is not vulnerable to cross-thread TAA attacks. off
- Unconditionally disable TAA mitigation.On MDS-affected machines, the
tsx_async_abort=off
parameter can be prevented by an active MDS mitigation as both vulnerabilities are mitigated with the same mechanism. Therefore, to disable this mitigation, you need to specify themds=off
parameter as well.Not specifying this option is equivalent to
tsx_async_abort=full
. On CPUs which are MDS affected and deploy MDS mitigation, TAA mitigation is not required and does not provide any additional mitigation.For more details, see documentation of TAA - TSX Asynchronous Abort.
-
Updated kernel parameters
- mitigations = [X86,PPC,S390]
Controls optional mitigations for CPU vulnerabilities. This is a set of curated, arch-independent options, each of which is an aggregation of existing arch-specific options.
The options are:
off
- Disable all optional CPU mitigations. This improves system performance, but it may also expose users to several CPU vulnerabilities.Equivalent to:
-
nopti [X86,PPC]
-
nospectre_v1 [X86,PPC]
-
nobp=0 [S390]
-
nospectre_v2 [X86,PPC,S390]
-
spec_store_bypass_disable=off [X86,PPC]
-
l1tf=off [X86]
-
mds=off [X86]
-
tsx_async_abort=off [X86]
kvm.nx_huge_pages=off [X86]
Exceptions:
mitigations=off
does not have any effect on thekvm.nx_huge_pages
parameter ifkvm.nx_huge_pages=force
.
-
auto
(default) - Mitigate all CPU vulnerabilities, but leave Simultaneous multithreading (SMT) enabled, even if it is vulnerable. This is for users who do not want to be surprised by SMT getting disabled across kernel upgrades, or who have other ways of avoiding SMT-based attacks.Equivalent to:
- (default behavior)
auto,nosmt
- Mitigate all CPU vulnerabilities, disabling Simultaneous multithreading (SMT) if needed. This is for users who always want to be fully mitigated, even if it means losing SMT.Equivalent to:
-
l1tf=flush,nosmt [X86]
-
mds=full,nosmt [X86]
-
tsx_async_abort=full,nosmt [X86]
-
New /proc/sys/fs parameters
- negative-dentry-limit
The integer value of this parameter specifies a soft limit on the total number of negative dentries allowed in a system as a percentage of the total system memory available. The allowable range for this value is 0-100. A value of 0 means there is no limit. Each unit represents 0.1% of the total system memory. So 10% is the maximum that can be specified.
On an AMD64 or Intel 64 system with 32GB of memory, a 1% limit translates to about 1.7 million dentries or about 53 thousand dentries per GB of memory.
Chapter 4. New Features
This chapter documents new features and major enhancements introduced in Red Hat Enterprise Linux 7.
4.1. General Updates
Smart-card sharing is now supported on Windows guests with ActivClient drivers
This update adds support for smart-card sharing in virtual machines (VMs) that use a Windows guest OS and ActivClient drivers. This enables smart-card authentication for user logins using emulated or shared smart cards on these VMs.
(BZ#917867)
4.2. Authentication and Interoperability
The ipa-client-automount
utility now supports setting an NFS domain that differs from the IdM domain
This enhancement adds the --idmap-domain
option to the ipa-client-automount
utility. Previously, ipa-client-automount
assumed that the NFS domain is the same as the Identity Management (IdM) domain, but this is not always the case. As a result, you can now specify an NFS domain that is different from the IdM domain.
The ipa-client-automount
utility now behaves as follows:
-
If
--idmap-domain
option is not set,ipa-client-automount
uses the IdM domain as the NIS domain. -
If the domain passed to
--idmap-domain
is set toDNS
,ipa-client-automount
removes the value specified in theDomain
parameter in the/etc/idmapd.conf
file, and theidmapd
service auto-detects the domain. -
If the domain passed to
--idmap-domain
does not match the DNS domain,ipa-client-automount
sets the specified value in theDomain
parameter in the/etc/idmapd.conf
file.
samba rebased to version 4.10.4
The samba packages have been upgraded to upstream version 4.10.4, which provides a number of bug fixes and enhancements over the previous version:
- Samba 4.10 fully supports Python 3. Note that future Samba versions will not have any runtime support for Python 2.
- The JavaScript Object Notation (JSON) logging feature now logs the Windows event ID and logon type for authentication messages.
-
The new
vfs_glusterfs_fuse
file system in user space (FUSE) module improves the performance when Samba accesses a GlusterFS volume. To enable this module, addglusterfs_fuse
to thevfs_objects
parameter of the share in the/etc/samba/smb.conf
file. Note thatvfs_glusterfs_fuse
does not replace the existingvfs_glusterfs
module. - The server message block (SMB) client Python bindings are now deprecated and will be removed in a future Samba release. This only affects users who use the Samba Python bindings to write their own utilities.
Samba automatically updates its tdb
database files when the smbd
, nmbd
, or winbind
service starts. Back up the databases files before starting Samba. Note that Red Hat does not support downgrading tdb
database files.
For further information about notable changes, read the upstream release notes before updating: https://www.samba.org/samba/history/samba-4.10.0.html
4.3. Clustering
Default value of Pacemaker concurrent-fencing
cluster property now set to true
Pacemaker now defaults the concurrent-fencing
cluster property to true
. If multiple nodes need to be fenced at the same time and they use different configured fence devices, Pacemaker will execute the fencing simultaneously rather than serialized as before. This can greatly speed up recovery in a large cluster when multiple nodes must be fenced.
Pacemaker support for configuring resources to remain stopped on clean node shutdown
When a cluster node shuts down, Pacemaker’s default response is to stop all resources running on that node and recover them elsewhere. Some users prefer to have high availability only for failures, and to treat clean shutdowns as scheduled outages. To address this, Pacemaker now supports the shutdown-lock
and shutdown-lock-limit
cluster properties to specify that resources active on a node when it shuts down should remain stopped until the node next rejoins. Users can now use clean shutdowns as scheduled outages without any manual intervention. For information on configuring resources to remain stopped on a clean node shutdown, see Configuring Resources to Remain Stopped on Clean Node Shutdown.
4.4. Compiler and Tools
Optimized implementation of SHA-2 operations on IBM PowerPC systems
This update adds an assembly code implementation of SHA-2 operations on IBM PowerPC systems, which significantly improves performance.
(BZ#1498932)
OpenJDK now supports also secp256k1
Previously, Open Java Development Kit (OpenJDK) could use only curves from the NSS library. Consequently, OpenJDK provided only the secp256r1, secp384r1, and secp521r1 curves for elliptic curve cryptography (ECC). With this update, OpenJDK uses the internal ECC implementation and supports also the secp256k1 curve.
4.5. Desktop
Modified workspace switcher in GNOME Classic
Workspace switcher in the GNOME Classic environment has been modified. The switcher is now located in the right part of the bottom bar, and it is designed as a horizontal strip of thumbnails.
Switching between workspaces is possible by clicking on the required thumbnail. Alternatively, you can also use the kbd:[Ctrl + Alt + ↑] and kbd:[Ctrl + Alt + ↓] keyboard shortcuts to switch between workspaces. The content of the active workspace is shown in the left part of the bottom bar in form of the window list.
When you press the kbd:[Super] key within the particular workspace, you can see the window picker, which includes all windows that are open in this workspace. However, the window picker no longer displays the following elements that were available in the previous release of RHEL:
- dock (vertical bar on the left side of the screen)
- workspace switcher (vertical bar on the right side of the screen)
- search entry
For particular tasks that were previously achieved with the help of these elements, adopt the following approaches:
To launch applications, instead of using dock, you can:
- Use the Applications menu on the top bar
- Press the kdb:[Alt + F2] keys to make the Enter a Command screen appear, and write the name of the executable into this screen.
- To switch between workspaces, instead of using the vertical workspace switcher, use the horizontal workspace switcher in the right bottom bar.
- If you require the search entry or the vertical workspace switcher, use the GNOME Standard environment instead of GNOME Classic.
GNOME now warns against a root graphical login
With this update, GNOME now displays a warning notification if you log into a graphical session as the root user.
Logging into a graphical session as root causes serious and unexpected issues, is non-secure, and is against Unix principles.
(BZ#1539772)
4.6. Hardware Enablement
Aero adapters are now fully supported
The following Aero adapters, previously available as a Technology Preview, are now fully supported:
-
PCI ID 0x1000:0x00e2 and 0x1000:0x00e6, controlled by the
mpt3sas
driver -
PCI ID 0x1000:Ox10e5 and 0x1000:0x10e6, controlled by the
megaraid_sas
driver
(BZ#1660791, BZ#1660289)
4.7. Installation and Booting
RHEL 7.8 now supports blueprint customizations
With this enhancement, RHEL 7.8 now supports a set of image customizations within blueprints when using the CLI. To make use of these customizations, you must configure them in the blueprint and import (push) to Image Builder. As a result, you are able to add specifications for your system.
4.8. Kernel
Kernel version in RHEL 7.8
Red Hat Enterprise Linux 7.8 is distributed with the kernel version 3.10.0-1127.
FUSE file system can be used inside of a user namespace
RHEL 7 now enables users to mount the Filesystem in Userspace (FUSE) based filesystems inside of the user namespace. As a result, users are able to use the fuse-overlayfs
command inside of rootless containers that were created with Buildah or Podman utilities.
(BZ#1713642)
ipcmin_extend
increases the number of unique System V IPC identifiers
A new kernel command line parameter ipcmin_extend
increases the number of unique System V Interprocess Communication (IPC) identifiers from 32,768 to 16,777,216. As a result, users with applications that exceed 32,768 of unique System V IPC identifiers can add ipcmin_extend
to port the relevant applications to RHEL without a major redesign.
(BZ#1373519)
Intel® Omni-Path Architecture (OPA) Host Software
Intel® Omni-Path Architecture (OPA) host software is fully supported in Red Hat Enterprise Linux 7.8. Intel OPA provides Host Fabric Interface (HFI) hardware with initialization and setup for high performance data transfers (high bandwidth, high message rate, low latency) between compute and I/O nodes in a clustered environment.
4.9. Real-Time Kernel
kernel-rt source tree now matches the latest RHEL 7 tree
The kernel-rt sources have been upgraded to the latest Red Hat Enterprise Linux kernel source tree, which provides a number of bug fixes and enhancements over the previous version.
4.10. Red Hat Enterprise Linux System Roles
A new storage
role added to RHEL System Roles
The storage
role has been added to RHEL System Roles provided by the rhel-system-roles
package, which is available in the RHEL 7 Extras repository.
The storage
role can be used to manage local storage using Ansible. Currently, the storage
role supports the following types of tasks:
- Managing file systems on whole disks
- Managing LVM volume groups
- Managing logical volumes and their file systems
For more information, see the Knowledgebase article about RHEL System Roles.
4.11. Security
SCAP Security Guide
now provides OSPP 4.2.1 and NCP Profiles
The OSPP (Protection Profile for General Purpose Operating Systems) profile has been updated, and it now conforms to OSPP 4.2.1 baseline. The profile with the ospp42
ID has been merged to the OSPP profile. Administrators should switch systems using the ospp42
profile to ospp
because ospp42
is no longer a valid ID.
Additionally, the NCP (NIST National Checklist Program Security Guide) profile with the ncp
ID has been introduced. The NCP profile conforms to the OSPP 4.2.1 and implements configuration requirements of additional policies. In particular CNSSI 1253, NIST 800-171, NIST 800-53, USGCB, and OS SRG.
SCAP Security Guide now supports ACSC Essential Eight
The scap-security-guide
packages now provides the Australian Cyber Security Centre (ACSC) Essential Eight compliance profile and a corresponding Kickstart file. With this enhancement, users can install a system that conforms with this security baseline. Furthermore, you can use the OpenSCAP suite for checking security compliance and remediation using this specification of minimum security controls defined by ACSC.
SCAP Security Guide
now correctly disables services
With this update, the SCAP Security Guide
(SSG) profiles correctly disable and mask services that should not be started. This guarantees that disabled services are not inadvertently started as a dependency of another service. Before this change, the SSG profiles such as the U.S. Government Commercial Cloud Services (C2S) profile only disabled the service. As a result, services disabled by an SSG profile cannot be started unless you unmask them first.
SCAP Security Guide
rebased to version 0.1.46
The SCAP Security Guide
(SSG) packages have been upgraded to version 0.1.46, which provides enhancements and bug fixes over the previous version, most notably:
- SSG now provides content that follows guidelines conforming to the SCAP 1.3 standard. The 1.3 data streams are compatible with OpenSCAP and used by default.
Note that you can still use content suffixed with -1.2
if you require the use of SCAP 1.2 data streams, as this data moved to the "/usr/share/xml/scap/ssg/content/ssg-rhel7-ds-1.2.xml" path. The new 1.3 data stream is located in the usual path.
SCAP Security Guide now supports scanning RHEL 8 systems from RHEL 7
The scap-security-guide
package now contains SCAP content and Ansible playbooks for RHEL 8. This enables you to scan RHEL 8 systems and containers from a RHEL 7 environment.
selinux-policy
now allows tomcat
processes to connect to redis
database
This update of selinux-policy
packages introduces rules that allow the tomcat_t
domain to connect to ports labeled redis_port_t
when the tomcat_can_network_connect_db
SELinux boolean is enabled. You can now use this boolean to allow tomcat_t
to access several databases, which was not previously supported for redis
processes.
(BZ#1687497)
sysadm_u users can now log in to graphical sessions
Previously, Linux users mapped to the sysadm_u
SELinux user were unable to log in to graphical sessions. The SELinux policy has been updated to allow these users to use graphical sessions while conforming to DISA STIG requirements. If the xdm_sysadm_login
Boolean is enabled, the sysadm_u
user can now successfully log in to X Window System session from the GNOME Display Manager.
4.12. Servers and Services
An option for rsyslog
to preserve case of FROMHOST
for imudp
and imtcp
is available
This update to the rsyslog
service introduces the option to manage letter-case preservation of the FROMHOST
property for the imudp
and imtcp
modules. Setting the preservecase
value to on
means the FROMHOST
property is handled in a case sensitive manner. To avoid breaking existing configurations, the default values of preservecase
are on
for imtcp
and off
for imudp
.
(BZ#1309698)
4.13. Storage
Support for Data Integrity Field/Data Integrity Extension (DIF/DIX)
DIF/DIX is supported on configurations where the hardware vendor has qualified it and provides full support for the particular host bus adapter (HBA) and storage array configuration on RHEL.
DIF/DIX is not supported on the following configurations:
- It is not supported for use on the boot device.
- It is not supported on virtualized guests.
- Red Hat does not support using the Automatic Storage Management library (ASMLib) when DIF/DIX is enabled.
DIF/DIX is enabled or disabled at the storage device, which involves various layers up to (and including) the application. The method for activating the DIF on storage devices is device-dependent.
For further information on the DIF/DIX feature, see What is DIF/DIX.
(BZ#1649493)
NVMe/FC is now fully supported in Qlogic HBAs
The NVMe over Fibre Channel (NVMe/FC) transport type is now fully supported in Qlogic Fibre Channel (FC) host bus adapters (HBAs), which use the qla2xxx
driver.
NVMe/FC is an additional fabric transport type for the Nonvolatile Memory Express (NVMe) protocol, in addition to the Remote Direct Memory Access (RDMA) protocol that was previously introduced in Red Hat Enterprise Linux.
NVMe/FC provides a higher-performance, lower-latency I/O protocol over existing FC infrastructure. This is especially important with solid-state storage arrays, because it allows the performance benefits of NVMe storage to be passed through the fabric transport, rather than being encapsulated in a different protocol, SCSI.
Note that since Red Hat Enterprise Linux 7.6, NVMe/FC is also fully supported with Broadcom Emulex Fibre Channel 32Gbit adapters using the lpfc
driver.
(BZ#1642968)
4.14. Atomic Host and Containers
Red Hat Enterprise Linux Atomic Host is a secure, lightweight, and minimal-footprint operating system optimized to run Linux containers.
4.15. Red Hat Software Collections
Red Hat Software Collections is a Red Hat content set that provides a set of dynamic programming languages, database servers, and related packages that you can install and use on all supported releases of Red Hat Enterprise Linux 7 on AMD64 and Intel 64 architectures, the 64-bit ARM architecture, IBM Z, and IBM POWER, little endian. Certain components are available also for all supported releases of Red Hat Enterprise Linux 6 on AMD64 and Intel 64 architectures.
Red Hat Developer Toolset is designed for developers working on the Red Hat Enterprise Linux platform. It provides current versions of the GNU Compiler Collection, GNU Debugger, and other development, debugging, and performance monitoring tools. Red Hat Developer Toolset is included as a separate Software Collection.
Dynamic languages, database servers, and other tools distributed with Red Hat Software Collections do not replace the default system tools provided with Red Hat Enterprise Linux, nor are they used in preference to these tools. Red Hat Software Collections uses an alternative packaging mechanism based on the scl
utility to provide a parallel set of packages. This set enables optional use of alternative package versions on Red Hat Enterprise Linux. By using the scl
utility, users can choose which package version they want to run at any time.
Red Hat Software Collections has a shorter life cycle and support term than Red Hat Enterprise Linux. For more information, see the Red Hat Software Collections Product Life Cycle.
See the Red Hat Software Collections documentation for the components included in the set, system requirements, known problems, usage, and specifics of individual Software Collections.
See the Red Hat Developer Toolset documentation for more information about the components included in this Software Collection, installation, usage, known problems, and more.
Chapter 5. Device Drivers
This chapter provides a comprehensive listing of all device drivers that are new or have been updated in Red Hat Enterprise Linux 7.
5.1. New Drivers
Graphics Drivers and Miscellaneous Drivers
- halt poll cpuidle driver (cpuidle-haltpoll.ko.xz)
- Intel® Trace Hub controller driver (intel_th.ko.xz)
- Intel® Trace Hub ACPI controller driver (intel_th_acpi.ko.xz)
- Intel® Trace Hub Global Trace Hub driver (intel_th_gth.ko.xz)
- Intel® Trace Hub Memory Storage Unit driver (intel_th_msu.ko.xz)
- Intel® Trace Hub PCI controller driver (intel_th_pci.ko.xz)
- Intel® Trace Hub PTI/LPP output driver (intel_th_pti.ko.xz)
- Intel® Trace Hub Software Trace Hub driver (intel_th_sth.ko.xz)
- dummy_stm device (dummy_stm.ko.xz)
- stm_console driver (stm_console.ko.xz)
- System Trace Module device class (stm_core.ko.xz)
- stm_ftrace driver (stm_ftrace.ko.xz)
- stm_heartbeat driver (stm_heartbeat.ko.xz)
- Basic STM framing protocol driver (stm_p_basic.ko.xz)
- MIPI SyS-T STM framing protocol driver (stm_p_sys-t.ko.xz)
Network Drivers
- gVNIC Driver (gve.ko.xz): 1.0.0.
- Failover driver for Paravirtual drivers (net_failover.ko.xz)
5.2. Updated Drivers
Network Driver Updates
- Emulex OneConnect NIC Driver (be2net.ko.xz) has been updated to version 12.0.0.0r.
- Intel® Ethernet Connection XL710 Network Driver (i40e.ko.xz) has been updated to version 2.8.20-k.
- The Netronome Flow Processor (NFP) driver (nfp.ko.xz) has been updated to version 3.10.0-1122.el7.x86_64.
Storage Driver Updates
- QLogic FCoE Driver (bnx2fc.ko.xz) has been updated to version 2.12.10.
- Driver for HP Smart Array Controller version (hpsa.ko.xz) has been updated to version 3.4.20-170-RH4.
- Emulex LightPulse Fibre Channel SCSI driver (lpfc.ko.xz) has been updated to version 0:12.0.0.13.
- Broadcom MegaRAID SAS Driver (megaraid_sas.ko.xz) has been updated to version 07.710.50.00-rh1.
- LSI MPT Fusion SAS 3.0 Device Driver (mpt3sas.ko.xz) has been updated to version 31.100.01.00.
- QLogic QEDF 25/40/50/100Gb FCoE Driver (qedf.ko.xz) has been updated to version 8.37.25.20.
- QLogic FastLinQ 4xxxx iSCSI Module (qedi.ko.xz) has been updated to version 8.37.0.20.
- QLogic Fibre Channel HBA Driver (qla2xxx.ko.xz) has been updated to version 10.01.00.20.07.8-k.
Chapter 6. Notable Bug Fixes
This chapter describes bugs fixed in Red Hat Enterprise Linux 7 that have a significant impact on users.
6.1. Authentication and Interoperability
Directory Server rebased to version 1.3.10
The 389-ds-base packages have been upgraded to upstream version 1.3.10, which provides a number of bug fixes over the previous version.
Directory Server now correctly logs the search base if the server rejects a search operation
Previously, when Directory Server rejected a search operation because of a protocol error, the server logged base="(null)"
instead of the actual search base. With this update, Directory Server passes the correct internal variable to the log operation. As a result, the server correctly logs the search base in the mentioned scenario.
Directory Server improved the logging of the etime
value
Previously, if an operation started and completed at the border of a second and the operation took less than one second, Directory Server logged an incorrectly calculated etime
value. As a consequence, the logged value was too big. This updates fixes the problem. As a result, the calculated etime
value is now closer to the start and end time stamp.
Directory Server now logs the correct etime
value in the access log
Previously, Directory Server incorrectly formatted the etime
field in the /var/log/dirsrv/slapd-<instance_name>/access
log file. As a consequence, the time value in nanoseconds was 10 times lower than the actual value. This update fixes the problem. As a result, Directory Server now logs the correct nanosecond value in the etime
field.
The severity of a Directory Server log message has been changed
Previously, Directory Server incorrectly logged Event <event_name> should not occur in state <state_name>; going to sleep
messages as error
. This update changes the severity of this message to warning
.
Directory Server is RFC 4511-compliant when searching for the 1.1
and other attributes in one request
To retrieve only a list of matching distinguished names (DN), LDAP users can search for the 1.1
special attribute. According to RFC 4511, if an LDAP client searches for the 1.1.
special attribute in combination with other attributes in one search request, the server must ignore the 1.1
special attribute.
Previously, when a Directory Server user searched for the 1.1
special attribute and other attributes in the same search request, the server returned no attributes. This update fixes the problem. As a result, Directory Server is RFC 4511-compliant in the mentioned scenario.
Directory Server returns password policy controls in the correct order
Previously, if the password of a user expired, Directory Server returned password policy controls in a different order depending on whether grace logins were exhausted or not. Consequently, this sometimes caused problems in LDAP clients compliant with the RFC 4511 standard. This update fixes the problem, and as a result, Directory Server returns password policy controls in the correct order.
(BZ#1724914)
Directory Server now also applies limits for maximum concurrent cleanAllRUV
tasks received from extended operations
Directory Server supports up to 64 concurrent cleanAllRUV
tasks. Previously, Directory Server applied this limit only to manually created tasks and not to tasks the server received from extended operations. As a consequence, more than 64 concurrent cleanAllRUV
tasks could run at the same time and slow down the server. This update adds a counter to track the number of clean tasks and abort threads. As a result, only up to 64 concurrent cleanAllRUV
tasks can run at the same time.
Importing large LDIF files to Directory Server databases with many nested-subtrees is now significantly faster
Previously, if the Directory Server database contained many nested sub-trees, importing a large LDIF file using the ldif2db
and ldif2db.pl
utilities was slow. With this update, Directory Server adds the ancestorid
index after all entries. As a result, importing LDIF files to a database with many nested sub-trees is now significantly faster.
Directory Server now processes new operations only after a previous SASL bind fully initialized the connection
During a bind using the Simple Authentication and Security Layer (SASL) framework, Directory Server initializes a set of callback functions. Previously, if Directory Server received an additional operation on the same connection during a SASL bind, this operation could access and use the callback functions even if they were not fully initialized. Consequently, the Directory Server instance terminated unexpectedly. With this update, the server prevents operations from accessing and using the callback structure until the previous SASL bind is successfully initialized. As a result, Directory Server no longer crashes in this situation.
The cl-dump.pl
and cl-dump
utilities now remove temporary files after exporting the change log
Previously, the cl-dump.pl
and cl-dump
utilities in Directory Server created temporary LDIF files in the /var/lib/dirsrv/slapd-<instance_name>/changelogdb/
directory. After the change log was exported, the utilities renamed the temporary files to *.done
. As a consequence, if the temporary files were large, this could result in low free disk space. With this update, by default, cl-dump.pl
and cl-dump
now delete the temporary files at the end of the export. Additionally, the -l
option has been added to both utilities to manually preserve the temporary files. As a result, cl-dump.pl
and cl-dump
free the disk space after exporting the change log or user can optionally enforce the old behavior by using the -l
option.
IdM configures the Apache NSS module to use only TLS 1.2 when installing or updating an IdM server or replica
Previously, when an administrator installed an Identity Management (IdM) server or replica, the installer enabled the TLS 1.0, TLS 1.1, and TLS 1.2 protocols in the Apache web server’s network security service (NSS) module. This update provides the following changes:
- When you set up a new server or replica, IdM only enables the strong TLS 1.2 protocol.
- On existing IdM servers and replicas, this update disables the weak TLS 1.0 and TLS 1.1 protocols.
As a result, new and updated IdM servers and replicas use only the strong TLS 1.2 protocol in the Apache web server’s NSS module.
IdM now correctly updates the certificate record in the cn=CAcert,cn=ipa,cn=etc,<base_DN>
entry
Previously, after renewing the Identity Management (IdM) certificate authority (CA) certificate or modifying the CA certificate chain, IdM did not update the certificate record stored in the cn=CAcert,cn=ipa,cn=etc,<base_DN>
entry. As a consequence, installations of IdM clients on RHEL 6 failed. With this update, IdM now updates the certificate record in cn=CAcert,cn=ipa,cn=etc,<base_DN>
. As a result, installing IdM on RHEL 6 now succeeds after the administrator renews the CA certificate or updates the certificate chain on the IdM CA.
The ipa-replica-install
utility now verifies that the server specified in --server
provides all required roles
The ipa-replica-install
utility provides a --server
option to specify the Identity Management (IdM) server which the installer should use for the enrollment. Previously, ipa-replica-install
did not verify that the supplied server provided the certificate authority (CA) and key recovery authority (KRA) roles. As a consequence, the installer replicated domain data from the specified server and CA data from a different server that provided the CA and KRA roles. With this update, ipa-replica-install
verifies that the specified server provides all required roles. As a result, if the administrator uses the --server
option, ipa-replica-install
only replicates data from the specified server.
ipa sudorule-add-option
no longer shows a false error when options are added to an existing sudo rule
Previously, when a sudo rule already contained hosts, hostgroups, users, or usergroups, the ipa sudorule-add-option
command incorrectly processed the sudo rule content. Consequently, the ipa sudorule-add-option
command used with the sudooption
argument returned an error despite completing successfully. This bug has been fixed, and ipa sudorule-add-option
now displays an accurate output in the described scenario.
(BZ#1691939)
IdM no longer drops all custom attributes when moving an account from preserved to stage
Previously, IdM processed only some of the attributes defined in a preserved account. Consequently, when moving an account from preserved to stage, all the custom attributes were lost. With this update, IdM processes all the attributes defined in a preserved account and the described problem no longer occurs.
(BZ#1583950)
Sub-CA key replication no longer fails
Previously, a change to the credential cache (ccache) behaviour in the Kerberos library caused lightweight Certificate Authority (CA) key replication to fail. This update adapts the IdM lightweight CA key replication client code to the changed ccache behaviour. As a result, the lightweight CA key replication now works correctly.
Certificate System now records audit events if the system acts as a client to other subsystems or to the LDAP server
Previously, Certificate System did not contain audit events if the system acted as a client to other subsystems or to the LDAP server. As a consequence, the server did not record any events in this situation. This update adds the CLIENT_ACCESS_SESSION_ESTABLISH_FAILURE
, CLIENT_ACCESS_SESSION_ESTABLISH_SUCCESS
, and CLIENT_ACCESS_SESSION_TERMINATED
events to Certificate System. As a result, Certificate System records these events when acting as a client.
(BZ#1523330)
The python-kdcproxy
library no longer drops large Kerberos replies
Previously, if an Active Directory Kerberos Distribution Center (KDC) split large Kerberos replies into multiple TCP packets, the python-kdcproxy
library dropped these packages. This update fixes the problem. As a result, python-kdcproxy
processes large Kerberos replies correctly.
6.2. Compiler and Tools
Socket::inet_aton()
can now be used from multiple threads safely
Previously, the Socket::inet_aton()
function, used for resolving a domain name from multiple Perl threads, called the unsafe gethostbyname()
glibc
function. Consequently, an incorrect IPv4 address was occasionally returned, or the Perl interpreter terminated unexpectedly. With this update, the Socket::inet_aton()
implementation has been changed to use the thread-safe getaddrinfo()
glibc
function instead of gethostbyname()
. As a result, the inet_aton()
function from Perl Socket
module can be used from multiple threads safely.
sosreport
now generates HTML reports faster
Previously, when the sosreport
utility collected tens of thousands of files, generation of HTML report was very slow. This update provides changes to the text report code, improving the report structure and formatting. Additionally, support for reports in the JSON file format has been added. As a result, HTML reports are now generated without delay.
6.3. Desktop
32- and 64-bit fwupd packages can now be used together when installing or upgrading the system
Previously, the /usr/lib/systemd/system/fwupd.service
file in the fwupd packages was different for 32- and 64-bit architectures. Consequently, it was impossible to install both 32- and 64-bit fwupd packages or to upgrade a Red Hat Enterprise Linux 7.5 system with both 32- and 64-bit fwupd packages to a later version. This update fixes fwupd so that the /usr/lib/systemd/system/fwupd.service
file is same for both 32- and 64-bit architectures. As a result, installing both 32- and 64-bit fwupd packages, or upgrading a Red Hat Enterprise Linux 7.5 system with both 32- and 64-bit fwupd packages to a later version is now possible.
(BZ#1623466)
A memory leak in libteam
has been fixed
Previously, the libteam
library used an incorrect JSON API when a user queried the status of a network team. As a consequence, the teamdctl <team_device> state
command leaked memory. With this update, the library uses the correct API, and querying the status of a team no longer leaks memory.
6.4. Installation and Booting
The installation program correctly sets the connection type for Kickstart network team devices
Previously, the installation program used the TYPE="Team"
parameter instead of the DEVICETYPE="Team"
parameter to specify the connection type in the ifcfg
file that is created for Kickstart network team devices. As a consequence, any network team devices using network
service were not activated during the boot process. With this update, the installation program uses the DEVICETYPE
parameter to specify the connection type in the ifcfg
file. As a result, Kickstart network team devices are activated during the boot process even if the system is using network
service for network configuration, for example, the NetworkManager service is disabled.
(BZ#1680606)
The installation program correctly handles an exception when GTK is not installed
Previously, the installation program failed to handle an exception when the GTK GUI toolkit was not installed in the environment. As a consequence, the exception was not communicated to the user. With this update, the installation program correctly handles an exception when the GTK GUI toolkit is not installed, and the user is also notified of the exception.
(BZ#1712987)
6.5. Kernel
The IBM Z systems no longer become unresponsive when using certain BCC tools
Previously, due to a bug in the kernel, running dcsnoop
, runqlen
, and slabratetop
utilities from the bcc-tools
package caused the IBM Z systems to become unresponsive. This update fixes the problem and IBM Z systems no longer hang in the described scenario.
(BZ#1724027)
Virtual machines no longer enable unnecessary CPU vulnerability mitigation
Previously, the MDS_NO
CPU flags, which indicate that the CPU was not vulnerable to the Microarchitectural Data Sampling (MDS) vulnerability, were not exposed to guest operating systems when the virtual machine was using CPU host-passthrough. As a consequence, the guest operating system in some cases automatically enabled CPU vulnerability mitigation features that were not necessary for the host. This update ensures that the MDS_NO
flag is properly visible to the guest operating system when using CPU host-passthrough, which prevents the described problem from occurring.
(BZ#1708465, BZ#1677209)
Disabling logging in the nf-logger
framework has been fixed
Previously, when an admin used the sysctl
or echo
commands to turn off an assigned netfilter
logger, a NUL
-character was not added to the end of the NONE
string. Consequently, the strcmp()
function failed with a No such file or directory
error. This update fixes the problem. As a result, commands, such as sysctl net.netfilter.nf_log.2=NONE
work as expected and turn off logging.
(BZ#1770232)
Resuming from hibernation now works on the megaraid_sas
driver
Previously, when the megaraid_sas
driver resumed from hibernation, the Message Signaled Interrupts (MSIx) allocation did not work correctly. As a consequence, resuming from hibernation failed, and restarting the system was required. This bug has been fixed, and resuming from hibernation now works as expected.
(BZ#1807077)
Kdump no longer fails in the second kernel
Previously, the kdump initramfs
image could fail in the second kernel after a disk migration or installation of a new machine with a disk image. This update adds the kdumpctl rebuild
command for rebuilding the kdump initramfs
image. As a result, users can now rebuild initramfs
to ensure that kdump does not fail in the second kernel.
(BZ#1723492)
6.6. Real-Time Kernel
The latency for isolated CPU’s is now reduced by avoiding spurious ktimersoftd
activation
Previously, for a KVM-RT configured system, per-CPU ktimersoftd
kernel threads ran once every second even in absence of a timer. Consequently, an increased latency occurred on the isolated CPU’s. This update adds an optimization into the real-time kernel that does not wake the ktimersoftd
on every tick. As a result, ktimersoftd
is not raised on isolated CPU’s, which prevents the interference and reduces the latency.
6.7. Networking
The tc filter show
command now displays filters correctly when the handle is 0xffffffff
Previously, a bug in the TC flower code caused an undesired integer overflow. As a consequence, dumping a flower rule that used 0xffffffff
as a handle could result in an infinite loop. This update prevents the integer overflow on 64-bit architectures. As a result, tc filter show
no longer loops in this scenario, and filters are now shown correctly.
(BZ#1712737)
The kernel no longer crashes when attempting to apply an invalid TC rule
Previously, while attempting to replace a traffic control (TC) rule with a rule having an invalid goto chain
parameter, a kernel crash occurred. With this update, the kernel avoids a NULL dereference in the described scenario. As a result, the kernel no longer crashes, and an error message is logged instead.
(BZ#1712918)
The kernel now correctly updates PMTU when receiving ICMPv6 Packet Too Big
message
In certain situations, such as for link-local addresses, more than one route can match a source address. Previously, the kernel did not check the input interface when receiving Internet Control Message Protocol Version 6 (ICMPv6) packets. Therefore, the route lookup could return a destination that did not match the input interface. Consequently, when receiving an ICMPv6 Packet Too Big
message, the kernel could update the Path Maximum Transmission Unit (PMTU) for a different input interface. With this update, the kernel checks the input interface during the route lookup. As a result, the kernel now updates the correct destination based on the source address and PMTU works as expected in the described scenario.
(BZ#1722686)
MACsec no longer drops valid frames
Previously, if the cryptographic context for AES-GCM was not completely initialized, decryption of incoming frames failed. Consequently, MACsec dropped valid incoming frames, and increased the InPktsNotValid
counter. With this update, the initialization of the cryptographic context has been fixed. Now, decryption with AES-GCM succeeds, and MACsec no longer drops valid frames.
(BZ#1698551)
The kernel no longer crashes when goto chain
is used as a secondary TC control action
Previously, when the act gact
and act police
traffic control (TC) rules used an invalid goto chain
parameter as a secondary control action, the kernel terminated unexpectedly. With this update, the kernel avoids using goto chain
with a NULL dereference and no longer crashes in the described scenario. Instead, the kernel returns an -EINVAL
error message.
(BZ#1729033)
Kernel no longer allows adding duplicate rules with NLM_F_EXCL
set
Previously, the kernel never checked the rule content when a new policy routing rule was added. Consequently, the kernel could have added two rules that were exactly the same. This complicated the rule set which could cause problems when NetworkManager tried to cache the rules. With this update, the NLM_F_EXCL
flag has been added to the kernel. Now, when a rule is added and the flag is set, the kernel checks the rule content, and returns an EEXIST
error if the rule already exists. As a result, kernel no longer adds duplicate rules.
(BZ#1700691)
The ipset list
command reports consistent memory for hash
set types
When you add entries to a hash
set type, the ipset
utility must resize the in-memory representation to for new entries by allocating an additional memory block. Previously, ipset
set the total per-set allocated size to only the size of the new block instead of adding the value to the current in-memory size. As a consequence, the ip list
command reported an inconsistent memory size. With this update, ipset
correctly calculates the in-memory size. As a result, the ipset list
command now displays the correct in-memory size of the set, and the output matches the actual allocated memory for hash
set types.
firewalld
no longer attempts to create IPv6 rules if the IPv6 protocol is disabled
Previously, if the IPv6 protocol was disabled, the firewalld
service incorrectly attempted to create rules using the ip6tables
utility, even though ip6tables
should not be usable. As a consequence, when firewalld
initialized the firewall, the service logged error messages. This update fixes the problem, and firewalld
now only initializes IPv4 rules if IPv6 is disabled.
The --remove-rules
option of firewall-cmd
now removes only direct rules that match the specified criteria
Previously, the --remove-rules
option of the firewall-cmd
command did not check the rules to remove. As a consequence, the command removed all direct rules instead of a subset rule. This update fixes the problem. As a result, firewall-cmd
now removes only direct rules that match the specified criteria.
(BZ#1723610)
Deleting a firewalld
rich rule with forward-ports
works now as expected
Previously, the firewalld
service incorrectly handled the deletion of rules with the forward-ports
setting. As a consequence, deleting a rich rule with forward-ports
from the runtime configuration failed. This update fixes the problem. As a result, deleting a rich rule with forward-ports
works as expected.
Packets no longer drift to other zones and cause unexpected behavior
Previously, when setting up rules in one zone, the firewalld
daemon allowed the packets to be affected by multiple zones. This behavior violated the firewalld
zone concept, in which packets may only be part of a single zone. This update fixes the bug and firewalld
now prevents packets from being affected by multiple zones.
Warning: This change may affect the availability of some service if the user was knowingly or unknowingly relying on the zone drifting behavior.
6.8. Security
Accessibility of OpenSCAP
HTML reports has been improved
Previously, an Accessible Rich Internet Applications (ARIA) parameter was incorrectly defined in OpenSCAP
HTML reports. As a consequence, rule details in the reports were not accessible to users of screenreading software. With this update, the template for report generation has been changed. As a result, users with screen readers can now navigate through rule details and interact with links and buttons.
SELinux policy now allows sysadm_u
users to use semanage
with sudo
Previously, SELinux policy was missing rules to allow users with the sysadm_u
label to use the semanage
command with the sudo
command. As a consequence, sysadm_u
users could not configure SELinux on the system. This update adds the missing rules, and SELinux users labeled as sysadm_u
can now change SELinux configurations.
6.9. Servers and Services
Manual initialization of MariaDB using mysql_install_db
no longer fails
Prior to this update, the mysql_install_db
script for initializing the MariaDB database called the resolveip
binary from the /usr/libexec/
directory, while the binary was located in /usr/bin/
. Consequently, manual initialization of the database using mysql_install_db
failed. This update fixes mysql_install_db
to correctly locate resolveip
. As a result, manual initialization of MariaDB using mysql_install_db
no longer fails.
(BZ#1731062)
ReaR
updates
RHEL 7.8 introduces a number of updates to the Relax-and-Recover (ReaR
) utility.
The build directory handling has been changed. Previously, the build directory was kept in a temporary location in case ReaR
encountered a failure. With this update, the build directory is deleted by default in non-interactive runs to prevent consuming disk space.
The semantics of the KEEP_BUILD_DIR
configuration variable has been enhanced to include a new errors
value. You can set the KEEP_BUILD_DIR
variable to the following values:
-
errors
to preserve the build directory on errors for debugging (the previous behavior) -
y
(true
) to always preserve the build directory -
n
(false
) to never preserve the build directory
The default value is an empty string with the meaning of errors
when ReaR
is being executed interactively (in a terminal) and false
if ReaR
is being executed non-interactively. Note that KEEP_BUILD_DIR
is automatically set to true
in debug mode (-d
) and in debugscript mode (-D
); this behavior has not been changed.
Notable bug fixes include:
- Support for NetBackup 8.0 has been fixed.
-
ReaR
no longer aborts with a bash error similar toxrealloc: cannot allocate
on systems with a large number of users, groups, and users per group. -
The
bconsole
command now shows its prompt, which enables you to perform a restore operation when using the Bacula integration. -
ReaR
now correctly backs up files also in situations when thedocker
service is running but nodocker
root directory has been defined, or when it is impossible to determine the status of thedocker
service. - Recovery no longer fails when using thin pools or recovering a system in Migration Mode.
-
Extremely slow rebuild of
initramfs
during the recovery process with LVM has been fixed.
6.10. Storage
Concurrent SG_IO
requests in /dev/sg
no longer cause data corruption
Previously, the /dev/sg
device driver was missing synchronization of kernel data. Concurrent requests on the same file descriptor accessed the same data at the same time in the driver.
As a consequence, the ioctl
system call sometimes erroneously used the payload of an SG_IO
request for a different command that was sent at the same time as the correct one. This led to disk corruption in certain cases. Red Hat observed this bug in Red Hat Virtualization (RHV).
With this release, concurrency protection has been added in /dev/sg
, and the described problem no longer occurs.
(BZ#1710533)
When an image is split off from an active/active cluster mirror, the resulting logical volume is now properly activated
Previously, when you split off an image from an active/active cluster mirror, the resulting new logical volume appeared active but it had no active component. With this fix, the new logical volume is properly activated.
Chapter 7. Technology Previews
This chapter provides a list of all Technology Previews available in Red Hat Enterprise Linux 7.
For information on Red Hat scope of support for Technology Preview features, see Technology Preview Features Support Scope.
7.1. General Updates
The systemd-importd
VM and container image import and export service
Latest systemd
version now contains the systemd-importd
daemon that was not enabled in the earlier build, which caused the machinectl pull-*
commands to fail. Note that the systemd-importd
daemon is offered as a Technology Preview and should not be considered stable.
7.2. Authentication and Interoperability
Containerized Identity Management server available as Technology Preview
The rhel7/ipa-server
container image is available as a Technology Preview feature. Note that the rhel7/sssd container image is now fully supported.
For details, see Using Containerized Identity Management Services.
(BZ#1405325)
DNSSEC available as Technology Preview in IdM
Identity Management (IdM) servers with integrated DNS now support DNS Security Extensions (DNSSEC), a set of extensions to DNS that enhance security of the DNS protocol. DNS zones hosted on IdM servers can be automatically signed using DNSSEC. The cryptographic keys are automatically generated and rotated.
Users who decide to secure their DNS zones with DNSSEC are advised to read and follow these documents:
Note that IdM servers with integrated DNS use DNSSEC to validate DNS answers obtained from other DNS servers. This might affect the availability of DNS zones that are not configured in accordance with recommended naming practices described in the Red Hat Enterprise Linux Networking Guide.
Identity Management JSON-RPC API available as a Technology Preview
An API is available for Identity Management (IdM). To view the API, IdM also provides an API browser as Technology Preview.
In RHEL 7.3, the IdM API was enhanced to enable multiple versions of API commands. Previously, enhancements could change the behavior of a command in an incompatible way. Users are now able to continue using existing tools and scripts even if the IdM API changes. This enables:
- Administrators to use previous or later versions of IdM on the server than on the managing client.
- Developers to use a specific version of an IdM call, even if the IdM version changes on the server.
In all cases, the communication with the server is possible, regardless if one side uses, for example, a newer version that introduces new options for a feature.
For details on using the API, see the related Knowlegdebase article.
Setting up IdM as a hidden replica is now available as a Technology Preview
This enhancement enables administrators to set up an Identity Management (IdM) replica as a hidden replica. A hidden replica is an IdM server that has all services running and available. However, it is not advertised to other clients or masters because no SRV
records exist for the services in DNS, and LDAP server roles are not enabled. Therefore, clients cannot use service discovery to detect hidden replicas.
Hidden replicas are primarily designed for dedicated services that can otherwise disrupt clients. For example, a full backup of IdM requires to shut down all IdM services on the master or replica. Since no clients use a hidden replica, administrators can temporarily shut down the services on this host without affecting any clients. Other use cases include high-load operations on the IdM API or the LDAP server, such as a mass import or extensive queries.
To install a new hidden replica, use the ipa-replica-install --hidden-replica
command. To change the state of an existing replica, use the ipa server-state
command.
Use of AD and LDAP sudo
providers
The Active Directory (AD) provider is a back end used to connect to an AD server. Starting with RHEL 7.2, using the AD sudo
provider together with the LDAP provider is available as a Technology Preview. To enable the AD sudo
provider, add the sudo_provider=ad
setting in the [domain] section of the sssd.conf
file.
The Custodia secrets service provider is available as a Technology Preview
As a Technology Preview, you can use Custodia, a secrets service provider. Custodia stores or serves as a proxy for secrets, such as keys or passwords.
For details, see the upstream documentation at http://custodia.readthedocs.io.
Note that since Red Hat Enterprise Linux 7.6, Custodia has been deprecated.
7.3. Clustering
Heuristics in corosync-qdevice
available as a Technology Preview
Heuristics are a set of commands executed locally on startup, cluster membership change, successful connect to corosync-qnetd
, and, optionally, on a periodic basis. When all commands finish successfully on time (their return error code is zero), heuristics have passed; otherwise, they have failed. The heuristics result is sent to corosync-qnetd
where it is used in calculations to determine which partition should be quorate.
New fence-agents-heuristics-ping
fence agent
As a Technology Preview, Pacemaker now supports the fence_heuristics_ping
agent. This agent aims to open a class of experimental fence agents that do no actual fencing by themselves but instead exploit the behavior of fencing levels in a new way.
If the heuristics agent is configured on the same fencing level as the fence agent that does the actual fencing but is configured before that agent in sequence, fencing issues an off
action on the heuristics agent before it attempts to do so on the agent that does the fencing. If the heuristics agent gives a negative result for the off
action it is already clear that the fencing level is not going to succeed, causing Pacemaker fencing to skip the step of issuing the off
action on the agent that does the fencing. A heuristics agent can exploit this behavior to prevent the agent that does the actual fencing from fencing a node under certain conditions.
A user might want to use this agent, especially in a two-node cluster, when it would not make sense for a node to fence the peer if it can know beforehand that it would not be able to take over the services properly. For example, it might not make sense for a node to take over services if it has problems reaching the networking uplink, making the services unreachable to clients, a situation which a ping to a router might detect in that case.
(BZ#1476401)
The pcs tool now manages bundle resources in Pacemaker
As a Technology Preview starting with Red Hat Enterprise Linux 7.4, Pacemaker supports a special syntax for launching a Docker container with any infrastructure it requires: the bundle. After you have created a Pacemaker bundle, you can create a Pacemaker resource that the bundle encapsulates. For information on Pacemaker support for containers, see High Availability Add-On Reference.
There is one exception to this feature being Technology Preview: As of RHEL 7.4, Red Hat fully supports the usage of Pacemaker bundles for Red Hat Openstack Platform (RHOSP) deployments.
New LVM and LVM lock manager resource agents
As a Technology Preview, Red Hat Enterprise Linux 7.6 introduces two new resource agents: lvmlockd
and LVM-activate
.
The LVM-activate
agent provides a choice from multiple methods for LVM management throughout a cluster:
-
tagging: the same as tagging with the existing
lvm
resource agent -
clvmd: the same as clvmd with the existing
lvm
resource agent - system ID: a new option for using system ID for volume group failover (an alternative to tagging).
-
lvmlockd: a new option for using
lvmlockd
anddlm
for volume group sharing (an alternative toclvmd
).
The new lvmlockd
resource agent is used to start the lvmlockd
daemon when LVM-activate
is configured to use lvmlockd
.
For information on the lvmlockd and LVM-activate resource agent, see the PCS help screens for those agents. For information on setting up LVM for use with lvmlockd
, see the lvmlockd(8)
man page.
(BZ#1513957)
7.4. Desktop
Wayland
available as a Technology Preview
The Wayland
display server protocol is available in Red Hat Enterprise Linux as a Technology Preview with the dependent packages required to enable Wayland
support in GNOME, which supports fractional scaling. Wayland
uses the libinput
library as its input driver.
The following features are currently unavailable or do not work correctly:
- Multiple GPU support is not possible at this time.
-
The
NVIDIA
binary driver does not work underWayland
. -
The
xrandr
utility does not work underWayland
due to its different approach to handling, resolutions, rotations, and layout. -
Screen recording, remote desktop, and accessibility do not always work correctly under
Wayland
. - No clipboard manager is available.
-
It is currently impossible to restart
GNOME Shell
underWayland
. -
Wayland
ignores keyboard grabs issued by X11 applications, such as virtual machines viewers.
(BZ#1481411)
Fractional Scaling available as a Technology Preview
Starting with Red Hat Enterprise Linux 7.5, GNOME provides, as a Technology Preview, fractional scaling to address problems with monitors whose DPI lies in the middle between lo (scale 1) and hi (scale 2).
Due to technical limitations, fractional scaling is available only on Wayland.
7.5. File Systems
File system DAX is now available for ext4 and XFS as a Technology Preview
Starting with Red Hat Enterprise Linux 7.3, Direct Access (DAX) provides, as a Technology Preview, a means for an application to directly map persistent memory into its address space.
To use DAX, a system must have some form of persistent memory available, usually in the form of one or more Non-Volatile Dual In-line Memory Modules (NVDIMMs), and a file system that supports DAX must be created on the NVDIMM(s). Also, the file system must be mounted with the dax
mount option. Then, an mmap
of a file on the dax-mounted file system results in a direct mapping of storage into the application’s address space.
(BZ#1274459)
pNFS block layout is now available
As a Technology Preview, Red Hat Enterprise Linux clients can now mount pNFS shares with the block layout feature.
Note that Red Hat recommends using the pNFS SCSI layout instead, which is similar to block layout but easier to use.
(BZ#1111712)
OverlayFS
OverlayFS is a type of union file system. It allows the user to overlay one file system on top of another. Changes are recorded in the upper file system, while the lower file system remains unmodified. This allows multiple users to share a file-system image, such as a container or a DVD-ROM, where the base image is on read-only media. See the Linux kernel documentation for additional information.
OverlayFS remains a Technology Preview under most circumstances. As such, the kernel will log warnings when this technology is activated.
Full support is available for OverlayFS when used with Docker under the following restrictions:
- OverlayFS is only supported for use as a Docker graph driver. Its use can only be supported for container COW content, not for persistent storage. Any persistent storage must be placed on non-OverlayFS volumes to be supported. Only default Docker configuration can be used; that is, one level of overlay, one lowerdir, and both lower and upper levels are on the same file system.
- Only XFS is currently supported for use as a lower layer file system.
-
On Red Hat Enterprise Linux 7.3 and earlier, SELinux must be enabled and in enforcing mode on the physical machine, but must be disabled in the container when performing container separation, that is the
/etc/sysconfig/docker
file must not contain--selinux-enabled
. Starting with Red Hat Enterprise Linux 7.4, OverlayFS supports SELinux security labels, and you can enable SELinux support for containers by specifying--selinux-enabled
in/etc/sysconfig/docker
. - The OverlayFS kernel ABI and userspace behavior are not considered stable, and may see changes in future updates.
-
In order to make the yum and rpm utilities work properly inside the container, the user should be using the
yum-plugin-ovl
packages.
Note that OverlayFS provides a restricted set of the POSIX standards. Test your application thoroughly before deploying it with OverlayFS.
Note that XFS file systems must be created with the -n ftype=1
option enabled for use as an overlay. With the rootfs and any file systems created during system installation, set the --mkfsoptions=-n ftype=1
parameters in the Anaconda kickstart. When creating a new file system after the installation, run the # mkfs -t xfs -n ftype=1 /PATH/TO/DEVICE
command. To determine whether an existing file system is eligible for use as an overlay, run the # xfs_info /PATH/TO/DEVICE | grep ftype
command to see if the ftype=1
option is enabled.
There are also several known issues associated with OverlayFS in this release. For details, see Non-standard behavior
in the Linux kernel documentation.
(BZ#1206277)
Btrfs
file system
The B-Tree file system, Btrfs
, is available as a Technology Preview in Red Hat Enterprise Linux 7.
Red Hat Enterprise Linux 7.4 introduced the last planned update to this feature. Btrfs
has been deprecated, which means Red Hat will not be moving Btrfs
to a fully supported feature and it will be removed in a future major release of Red Hat Enterprise Linux.
(BZ#1477977)
7.6. Hardware Enablement
LSI Syncro CS HA-DAS adapters
Red Hat Enterprise Linux 7.1 included code in the megaraid_sas driver to enable LSI Syncro CS high-availability direct-attached storage (HA-DAS) adapters. While the megaraid_sas driver is fully supported for previously enabled adapters, the use of this driver for Syncro CS is available as a Technology Preview. Support for this adapter is provided directly by LSI, your system integrator, or system vendor. Users deploying Syncro CS on Red Hat Enterprise Linux 7.2 and later are encouraged to provide feedback to Red Hat and LSI.
(BZ#1062759)
tss2
enables TPM 2.0 for IBM Power LE
The tss2
package adds IBM implementation of a Trusted Computing Group Software Stack (TSS) 2.0 as a Technology Preview for the IBM Power LE architecture. This package enables users to interact with TPM 2.0 devices.
(BZ#1384452)
The ibmvnic
device driver available as a Technology Preview
Since Red Hat Enterprise Linux 7.3, the IBM Virtual Network Interface Controller (vNIC) driver for IBM POWER architectures, ibmvnic
, has been available as a Technology Preview. vNIC is a PowerVM virtual networking technology that delivers enterprise capabilities and simplifies network management. It is a high-performance, efficient technology that when combined with SR-IOV NIC provides bandwidth control Quality of Service (QoS) capabilities at the virtual NIC level. vNIC significantly reduces virtualization overhead, resulting in lower latencies and fewer server resources, including CPU and memory, required for network virtualization.
In Red Hat Enterprise Linux 7.6, the ibmvnic
driver was upgraded to version 1.0, which provides a number of bug fixes and enhancements over the previous version. Notable changes include:
- The code that previously requested error information has been removed because no error ID is provided by the Virtual Input-Output (VIOS) Server.
- Error reporting has been updated with the cause string. As a result, during a recovery, the driver classifies the string as a warning rather than an error.
- Error recovery on a login failure has been fixed.
- The failed state that occurred after a failover while migrating Logical Partitioning (LPAR) has been fixed.
- The driver can now handle all possible login response return values.
- A driver crash that happened during a failover or Link Power Management (LPM) if the Transmit and Receive (Tx/Rx) queues have changed has been fixed.
(BZ#1519746)
The igc
driver available as a Technology Preview
The Intel® 2.5G Ethernet Linux Driver (igc.ko.xz
) is available as a Technology Preview.
(BZ#1454918)
The ice
driver available as a Technology Preview
The Intel® Ethernet Connection E800 Series Linux Driver (ice.ko.xz
) is available as a Technology Preview.
(BZ#1454916)
7.7. Kernel
eBPF
system call for tracing
Red Hat Enterprise Linux 7.6 introduced the Extended Berkeley Packet Filter tool (eBPF) as a Technology Preview. This tool is enabled only for the tracing subsystem. For details, see the related Red Hat Knowledgebase article.
(BZ#1559615)
Heterogeneous memory management included as a Technology Preview
Red Hat Enterprise Linux 7 introduced the heterogeneous memory management (HMM) feature as a Technology Preview. This feature has been added to the kernel as a helper layer for devices that want to mirror a process address space into their own memory management unit (MMU). Thus a non-CPU device processor is able to read system memory using the unified system address space. To enable this feature, add experimental_hmm=enable
to the kernel command line.
(BZ#1230959)
kexec
as a Technology Preview
The kexec
system call has been provided as a Technology Preview. This system call enables loading and booting into another kernel from the currently running kernel, thus performing the function of the boot loader from within the kernel. Hardware initialization, which is normally done during a standard system boot, is not performed during a kexec
boot, which significantly reduces the time required for a reboot.
(BZ#1460849)
kexec fast reboot
as a Technology Preview
The kexec fast reboot
feature, which was introduced in Red Hat Enterprise Linux 7.5, continues to be available as a Technology Preview. kexec fast reboot
makes the reboot significantly faster. To use this feature, you must load the kexec kernel manually, and then reboot the operating system.
It is not possible to make kexec fast reboot
as the default reboot action. Special case is using kexec fast reboot
for Anaconda
. It still does not enable to make kexec fast reboot
default. However, when used with Anaconda
, the operating system can automatically use kexec fast reboot
after the installation is complete in case that user boots kernel with the anaconda option. To schedule a kexec reboot, use the inst.kexec
command on the kernel command line, or include a reboot --kexec
line in the Kickstart file.
(BZ#1464377)
perf cqm
has been replaced by resctrl
The Intel Cache Allocation Technology (CAT) was introduced in Red Hat Enterprise Linux 7.4 as a Technology Preview. However, the perf cqm
tool did not work correctly due to an incompatibility between perf infrastructure and Cache Quality of Service Monitoring (CQM) hardware support. Consequently, multiple problems occurred when using perf cqm
.
These problems included most notably:
-
perf cqm
did not support the group of tasks which is allocated usingresctrl
-
perf cqm
gave random and inaccurate data due to several problems with recycling -
perf cqm
did not provide enough support when running different kinds of events together (the different events are, for example, tasks, system-wide, and cgroup events) -
perf cqm
provided only partial support for cgroup events - The partial support for cgroup events did not work in cases with a hierarchy of cgroup events, or when monitoring a task in a cgroup and the cgroup together
-
Monitoring tasks for the lifetime caused
perf
overhead -
perf cqm
reported the aggregate cache occupancy or memory bandwidth over all sockets, while in most cloud and VMM-bases use cases the individual per-socket usage is needed
In Red Hat Enterprise Linux 7.5, perf cqm
was replaced by the approach based on the resctrl
file system, which addressed all of the aforementioned problems.
(BZ#1457533)
TC HW offloading available as a Technology Preview
Starting with Red Hat Enterprise Linux 7.6, Traffic Control (TC) Hardware offloading has been provided as a Technology Preview.
Hardware offloading enables that the selected functions of network traffic processing, such as shaping, scheduling, policing and dropping, are executed directly in the hardware instead of waiting for software processing, which improves the performance.
(BZ#1503123)
AMD xgbe
network driver available as a Technology Preview
Starting with Red Hat Enterprise Linux 7.6, the AMD xgbe
network driver has been provided as a Technology Preview.
(BZ#1589397)
Secure Memory Encryption is available only as a Technology Preview
Currently, Secure Memory Encryption (SME) is incompatible with kdump functionality, as the kdump kernel lacks the memory key to decrypt SME-encrypted memory. Red Hat found that with SME enabled, servers under testing might fail to perform some functions and therefore the feature is unfit for use in production. Consequently, SME is changing the support level from Supported to Technology Preview. Customers are encouraged to report any issues found while testing in pre-production to Red Hat or their system vendor.
(BZ#1726642)
criu
available as a Technology Preview
Red Hat Enterprise Linux 7.2 introduced the criu
tool as a Technology Preview. This tool implements Checkpoint/Restore in User-space (CRIU), which can be used to freeze a running application and store it as a collection of files. Later, the application can be restored from its frozen state.
Note that the criu
tool depends on Protocol Buffers
, a language-neutral, platform-neutral extensible mechanism for serializing structured data. The protobuf
and protobuf-c
packages, which provide this dependency, were also introduced in Red Hat Enterprise Linux 7.2 as a Technology Preview. In Red Hat Enterprise Linux 7.8, the criu
package provides support for Podman to do a container checkpoint and restore. The newly added functionality only works without SELinux support.
The mlx5_core
driver supports the Mellanox ConnectX-6 Dx network adapter as a Technology Preview
This enhancement adds the PCI IDs of the Mellanox ConnectX-6 Dx network adapter to the mlx5_core
driver. On hosts that use this adapter, RHEL loads the mlx5_core
driver automatically. Note that Red Hat provides this feature as an unsupported Technology Preview.
(BZ#1685900)
7.8. Networking
Cisco usNIC driver
Cisco Unified Communication Manager (UCM) servers have an optional feature to provide a Cisco proprietary User Space Network Interface Controller (usNIC), which allows performing Remote Direct Memory Access (RDMA)-like operations for user-space applications. The libusnic_verbs driver, which is available as a Technology Preview, makes it possible to use usNIC devices via standard InfiniBand RDMA programming based on the Verbs API.
(BZ#916384)
Cisco VIC kernel driver
The Cisco VIC Infiniband kernel driver, which is available as a Technology Preview, allows the use of Remote Directory Memory Access (RDMA)-like semantics on proprietary Cisco architectures.
(BZ#916382)
Trusted Network Connect
Trusted Network Connect, available as a Technology Preview, is used with existing network access control (NAC) solutions, such as TLS, 802.1X, or IPsec to integrate endpoint posture assessment; that is, collecting an endpoint’s system information (such as operating system configuration settings, installed packages, and others, termed as integrity measurements). Trusted Network Connect is used to verify these measurements against network access policies before allowing the endpoint to access the network.
(BZ#755087)
SR-IOV functionality in the qlcnic
driver
Support for Single-Root I/O virtualization (SR-IOV) has been added to the qlcnic driver as a Technology Preview. Support for this functionality will be provided directly by QLogic, and customers are encouraged to provide feedback to QLogic and Red Hat. Other functionality in the qlcnic
driver remains fully supported.
Note that the qlcnic
driver has been deprecated and is not available in RHEL 8.
(BZ#1259547)
The flower
classifier with off-loading support
flower
is a Traffic Control (TC) classifier intended to allow users to configure matching on well-known packet fields for various protocols. It is intended to make it easier to configure rules over the u32
classifier for complex filtering and classification tasks. flower
also supports the ability to off-load classification and action rules to underlying hardware if the hardware supports it. The flower
TC classifier is now provided as a Technology Preview.
(BZ#1393375)
7.9. Red Hat Enterprise Linux System Roles
The postfix
role of RHEL System Roles available as a Technology Preview
Red Hat Enterprise Linux System Roles provides a configuration interface for Red Hat Enterprise Linux subsystems, which makes system configuration easier through the inclusion of Ansible Roles. This interface enables managing system configurations across multiple versions of Red Hat Enterprise Linux, as well as adopting new major releases.
Since Red Hat Enterprise Linux 7.4, the rhel-system-roles
packages have been distributed through the Extras repository.
The postfix
role is available as a Technology Preview.
The following roles are fully supported:
-
kdump
-
network
-
selinux
-
storage
-
timesync
For more information, see the Knowledgebase article about RHEL System Roles.
(BZ#1439896)
rhel-system-roles-sap
available as a Technology Preview
The rhel-system-roles-sap
package provides Red Hat Enterprise Linux (RHEL) System Roles for SAP, which can be used to automate the configuration of a RHEL system to run SAP workloads. These roles greatly reduce the time to configure a system to run SAP workloads by automatically applying the optimal settings that are based on best practices outlined in relevant SAP Notes. Access is limited to RHEL for SAP Solutions offerings. Please contact Red Hat Customer Support if you need assistance with your subscription.
The following new roles in the rhel-system-roles-sap
package are available as a Technology Preview:
-
sap-preconfigure
-
sap-netweaver-preconfigure
-
sap-hana-preconfigure
For more information, see Red Hat Enterprise Linux System Roles for SAP.
Note: RHEL 7.8 for SAP Solutions is currently not scheduled to be validated for use with SAP HANA on Intel 64 architecture and IBM POWER8. Other SAP applications and database products, for example, SAP NetWeaver and SAP ASE, can use RHEL 7.8 features. Please consult SAP Notes 2369910 and 2235581 for the latest information about validated releases and SAP support.
(BZ#1660838)
7.10. Security
SECCOMP can be now enabled in libreswan
As a Technology Preview, the seccomp=enabled|tolerant|disabled
option has been added to the ipsec.conf
configuration file, which makes it possible to use the Secure Computing mode (SECCOMP). This improves the syscall security by whitelisting all the system calls that Libreswan is allowed to execute. For more information, see the ipsec.conf(5)
man page.
pk12util
can now import certificates with RSA-PSS
keys
The pk12util
tool now provides importing a certificate signed with the RSA-PSS
algorithm as a Technology Preview.
Note that if the corresponding private key is imported and has the PrivateKeyInfo.privateKeyAlgorithm
field that restricts the signing algorithm to RSA-PSS
, it is ignored when importing the key. See MZBZ#1413596 for more information.
Support for certificates signed with RSA-PSS
in certutil
has been improved
Support for certificates signed with the RSA-PSS
algorithm in the certutil
tool has been improved. Notable enhancements and fixes include:
-
The
--pss
option is now documented. -
The
PKCS#1 v1.5
algorithm is no longer used for self-signed signatures when a certificate is restricted to useRSA-PSS
. -
Empty
RSA-PSS
parameters in thesubjectPublicKeyInfo
field are no longer printed as invalid when listing certificates. -
The
--pss-sign
option for creating regular RSA certificates signed with theRSA-PSS
algorithm has been added.
Support for certificates signed with RSA-PSS
in certutil
is provided as a Technology Preview.
NSS
is now able to verify RSA-PSS
signatures on certificates
Since the RHEL 7.5 version of the nss package, the Network Security Services (NSS) libraries provide verifying RSA-PSS
signatures on certificates as a Technology Preview. Prior to this update, clients using NSS
as the SSL
backend were not able to establish a TLS
connection to a server that offered only certificates signed with the RSA-PSS
algorithm.
Note that the functionality has the following limitations:
-
The algorithm policy settings in the
/etc/pki/nss-legacy/rhel7.config
file do not apply to the hash algorithms used inRSA-PSS
signatures. -
RSA-PSS
parameters restrictions between certificate chains are ignored and only a single certificate is taken into account.
USBGuard
enables blocking USB devices while the screen is locked as a Technology Preview
With the USBGuard
framework, you can influence how an already running usbguard-daemon
instance handles newly inserted USB devices by setting the value of the InsertedDevicePolicy
runtime parameter. This functionality is provided as a Technology Preview, and the default choice is to apply the policy rules to figure out whether to authorize the device or not.
See the Blocking USB devices while the screen is locked Knowledgebase article.
(BZ#1480100)
7.11. Storage
Multi-queue I/O scheduling for SCSI
Red Hat Enterprise Linux 7 includes a new multiple-queue I/O scheduling mechanism for block devices known as blk-mq. The scsi-mq package allows the Small Computer System Interface (SCSI) subsystem to make use of this new queuing mechanism. This functionality is provided as a Technology Preview and is not enabled by default. To enable it, add scsi_mod.use_blk_mq=Y
to the kernel command line.
Also note that although blk-mq is intended to offer improved performance, particularly for low-latency devices, it is not guaranteed to always provide better performance. Notably, in some cases, enabling scsi-mq can result in significantly deteriorated performance, especially on systems with many CPUs.
(BZ#1109348)
Targetd plug-in from the libStorageMgmt API
Since Red Hat Enterprise Linux 7.1, storage array management with libStorageMgmt, a storage array independent API, has been fully supported. The provided API is stable, consistent, and allows developers to programmatically manage different storage arrays and utilize the hardware-accelerated features provided. System administrators can also use libStorageMgmt to manually configure storage and to automate storage management tasks with the included command-line interface.
The Targetd plug-in is not fully supported and remains a Technology Preview.
(BZ#1119909)
SCSI-MQ as a Technology Preview in the qla2xxx
and lpfc
drivers
The qla2xxx
driver updated in Red Hat Enterprise Linux 7.4 can enable the use of SCSI-MQ (multiqueue) with the ql2xmqsupport=1
module parameter. The default value is 0
(disabled).
The SCSI-MQ functionality is provided as a Technology Preview when used with the qla2xxx
or the lpfc
drivers.
Note that a recent performance testing at Red Hat with async IO over Fibre Channel adapters using SCSI-MQ has shown significant performance degradation under certain conditions.
(BZ#1414957)
7.12. System and Subscription Management
YUM 4
available as Technology Preview
YUM
version 4, a next generation of the YUM package manager, is available as a Technology Preview in the Red Hat Enterprise Linux 7 Extras repository.
YUM 4
is based on the DNF
technology and offers the following advantages over the standard YUM 3
used on RHEL 7:
- Increased performance
- Support for modular content
- Well-designed stable API for integration with tooling
To install YUM 4
, run the yum install nextgen-yum4
command.
Make sure to install the dnf-plugin-subscription-manager
package, which includes the subscription-manager
plug-in. This plug-in is required for accessing protected repositories provided by the Red Hat Customer Portal or Red Hat Satellite 6, and for automatic updates of the /etc/yum.repos.d/redhat.repo
file.
To manage packages, use the yum4
command and its particular options the same way as the yum
command.
For detailed information about differences between the new YUM 4
tool and YUM 3
, see Changes in DNF CLI compared to YUM.
For instructions on how to enable the Extras repository, see the Knowledgebase article How to subscribe to the Extras channel/repo.
(BZ#1461652)
7.13. Virtualization
USB 3.0 support for KVM guests
USB 3.0 host adapter (xHCI) emulation for KVM guests remains a Technology Preview in Red Hat Enterprise Linux 7.
(BZ#1103193)
Select Intel network adapters now support SR-IOV in RHEL guests on Hyper-V
As a Technology Preview, Red Hat Enterprise Linux guest operating systems running on a Hyper-V hypervisor can now use the single-root I/O virtualization (SR-IOV) feature for Intel network adapters supported by the ixgbevf
and i40evf
drivers. This feature is enabled when the following conditions are met:
- SR-IOV support is enabled for the network interface controller (NIC)
- SR-IOV support is enabled for the virtual NIC
- SR-IOV support is enabled for the virtual switch
- The virtual function (VF) from the NIC is attached to the virtual machine.
The feature is currently supported with Microsoft Windows Server 2019 and 2016.
(BZ#1348508)
No-IOMMU mode for VFIO drivers
As a Technology Preview, this update adds No-IOMMU mode for virtual function I/O (VFIO) drivers. The No-IOMMU mode provides the user with full user-space I/O (UIO) access to a direct memory access (DMA)-capable device without a I/O memory management unit (IOMMU). Note that in addition to not being supported, using this mode is not secure due to the lack of I/O management provided by IOMMU.
Azure M416v2 as a host for RHEL 7 guests
As a Technology Preview, the Azure M416v2 instance type can now be used as a host for virtual machines that use RHEL 7.6 and later as the guest operating systems.
(BZ#1661654)
virt-v2v
can convert Debian and Ubuntu guests
As a Technology Preview, the virt-v2v
utility can now convert Debian and Ubuntu guest virtual machines. Note that the following problems currently occur when performing this conversion:
-
virt-v2v
cannot change the default kernel in the GRUB2 configuration, and the kernel configured in the guest is not changed during the conversion, even if a more optimal version of the kernel is available on the guest. - After converting a Debian or Ubuntu VMware guest to KVM, the name of the guest’s network interface may change, and thus requires manual configuration.
GPU-based mediated devices now support the VNC console
As a Technology Preview, the Virtual Network Computing (VNC) console is now available for use with GPU-based mediated devices, such as the NVIDIA vGPU technology. As a result, it is now possible to use these mediated devices for real-time rendering of a virtual machine’s graphical output.
(BZ#1475770)
Open Virtual Machine Firmware
The Open Virtual Machine Firmware (OVMF) is available as a Technology Preview in Red Hat Enterprise Linux 7. OVMF is a UEFI secure boot environment for AMD64 and Intel 64 guests. However, OVMF is not bootable with virtualization components available in RHEL 7. Note that OVMF is fully supported in RHEL 8.
(BZ#653382)
Chapter 8. Known Issues
This chapter documents known problems in Red Hat Enterprise Linux 7.
8.1. Authentication and Interoperability
Potential risk when using the default value for ldap_id_use_start_tls
option
When using ldap://
without TLS for identity lookups, it can pose a risk for an attack vector. Particularly a man-in-the-middle (MITM) attack which could allow an attacker to impersonate a user by altering, for example, the UID or GID of an object returned in an LDAP search.
Currently, the SSSD configuration option to enforce TLS, ldap_id_use_start_tls
, defaults to false
. Ensure that your setup operates in a trusted environment and decide if it is safe to use unencrypted communication for id_provider = ldap
. Note id_provider = ad
and id_provider = ipa
are not affected as they use encrypted connections protected by SASL and GSSAPI.
If it is not safe to use unencrypted communication, enforce TLS by setting the ldap_id_use_start_tls
option to true
in the /etc/sssd/sssd.conf
file. The default behavior is planned to be changed in a future release of RHEL.
(JIRA:RHELPLAN-155168)
8.2. Compiler and Tools
GCC thread sanitizer included in RHEL no longer works
Due to incompatible changes in kernel memory mapping, the thread sanitizer included with the GNU C Compiler (GCC) compiler version in RHEL no longer works. Additionally, the thread sanitizer cannot be adapted to the incompatible memory layout. As a result, it is no longer possible to use the GCC thread sanitizer included with RHEL.
As a workaround, use the version of GCC included in Red Hat Developer Toolset to build code which uses the thread sanitizer.
(BZ#1569484)
8.3. Desktop
The radeon
driver fails to reset hardware correctly in the kexec context
When booting a kernel from the currently running kernel, such as when performing the kdump process, the radeon
kernel driver currently does not properly reset hardware. Instead, radeon
terminates unexpectedly, which causes the rest of the kdump service to fail.
To work around this bug, blacklist radeon
in kdump by adding the following line to the /etc/kdump.conf
file:
dracut_args --omit-drivers "radeon"
Afterwards, restart the machine and kdump.
Note that in this scenario, no graphics will be available during kdump, but kdump will complete successfully.
(BZ#1509444)
8.4. File Systems
System boot might fail due to persistent memory file systems
Systems with a large amount of persistent memory take a long time to boot. If the /etc/fstab
file configures persistent memory file systems, the system might time out waiting for the devices to become available. The boot process then fails and presents the user with an emergency prompt.
To work around the problem, increase the DefaultTimeoutStartSec
value in the /etc/systemd/system.conf
file. Use a sufficiently large value, such as 1200s
. As a result, the system boot no longer times out.
(BZ#1666535, BZ#1634341)
8.5. Installation and Booting
RHEL 7.7 and later installations add spectre_v2=retpoline
to Intel Cascade Lake systems
RHEL 7.7 and later installations add the spectre_v2=retpoline
kernel parameter to Intel Cascade Lake systems, and as a consequence, system performance is affected. To work around this problem and ensure the best performance, complete the following steps.
Remove the kernel boot parameter on Intel Cascade Lake systems:
# grubby --remove-args="spectre_v2=retpoline" --update-kernel=DEFAULT
Reboot the system:
# reboot
iSCSI installation failing with Emulex OneConnect card
After connecting an Emulex OneConnect card and configuring it for iSCSI boot, when you start the RHEL installation, the Anaconda installer returns an exception and the installation terminates unexpectedly.
To work around this problem, add the rd.iscsi.firmware
parameter to the boot command line post installation and you will be able to successfully boot into RHEL. However, note that the boot process with this workaround takes a little longer.
(BZ#1632274)
8.6. Kernel
The system boot sometimes fails on large systems
During the boot process, the udev
device manager sometimes generates too many rules on large systems. For example, the problem has manifested on a system with 32 TB of memory and 192 CPUs. As a consequence, the boot process becomes unresponsive or times out and switches to the emergency shell.
To work around the problem, increase the udev.children-max
value:
-
Add the
udev.children-max=1000
option to the kernel command line in the/etc/default/grub
file. You can experiment with different values ofudev.children-max
to see which value results in the fastest boot on your system. Limit the
udev.children-max
value for thekdump
kernel:Add the
udev.children-max
option to theKDUMP_COMMANDLINE_REMOVE
line in the/etc/sysconfig/kdump
file.If you do not specify the
kdump
option, the system might enter emergency mode after akdump
orfadump
capture on IBM POWER systems.Restart the
kdump
service:# systemctl restart kdump
As a result, the system boots successfully.
(BZ#1722855)
The mirror
segment type causes system deadlock in stacked configurations
The usage of the mirror
segment type and putting any logical volumes on top of it causes system deadlock in stacked configurations. To work around this problem, Red Hat recommends using RAID 1 logical volumes with segment type raid1
.
To convert mirror
devices to raid1
, see Converting a Mirrored LVM Device to a RAID1 Device.
(BZ#1772107)
The zlib
compression format may slow down a vmcore capture
The kdump
configuration file uses the lzo
compression format (makedumpfile -l
) by default. Modification of the configuration file to use the zlib
compression format (makedumpfile -c
) is likely to bring a better compression factor at the expense of slowing down the vmcore capture process. As a consequence, it may take kdump
approximately 4 times longer to capture a vmcore when zlib
is used as compared to lzo
. As a result, Red Hat recommends that you use the default lzo
for cases where speed is the main driving factor. However, if the target machine is low on available space, zlib
is a better option.
(BZ#1737111)
Intel network device that uses the ice
driver does not pass traffic when using bridge-over-VLAN topology
Ethernet devices do not transmit Internet Control Message Protocol (ICMP) echo request and reply traffic if all of the following conditions meet:
-
The Ethernet device uses the
ice
Intel driver. - The Ethernet device is a member of a bridge.
- The bridge uses VLAN tagging according to the 802.1Q protocol
As a consequence, Network Interface Controller (NIC) does not pass traffic for the described network topology. There is no workaround available to this problem.
(BZ#1787295)
8.7. Networking
Verification of signatures using the MD5 hash algorithm is disabled in Red Hat Enterprise Linux 7
It is impossible to connect to any Wi-Fi Protected Access (WPA) Enterprise Access Point (AP) that requires MD5 signed certificates. To work around this problem, copy the wpa_supplicant.service
file from the /usr/lib/systemd/system/
directory to the /etc/systemd/system/
directory and add the following line to the Service section of the file:
Environment=OPENSSL_ENABLE_MD5_VERIFY=1
Then run the systemctl daemon-reload
command as root to reload the service file.
Note that MD5 certificates are highly insecure and Red Hat does not recommend using them.
(BZ#1062656)
bind-utils
DNS lookup utilities support fewer search domains than glibc
The dig
, host
, and nslookup
DNS lookup utilities from the bind-utils
package support only up to 8 search domains, while the glibc
resolver in the system supports any number of search domains. As a consequence, the DNS lookup utilities may get different results than applications when a search in the /etc/resolv.conf
file contains more than 8 domains.
To work around this problem, use one of the following:
- Full names ending with a dot, or
-
Fewer than nine domains in the
resolv.conf
search clause.
Note that it is not recommended to use more than three domains.
8.8. Security
Auditd server does not start on remote logging servers using KRB5 peer authentication
The SELinux policy does not contain the auditd_tmp_t
file type for the temporary directories and files created by processes running under auditd_t
SELinux type. This prevents starting the auditd
service on a server when KRB5 peer authentication is used for remote logging.
To work around this problem, either set auditd_t
domain to permissive mode or build a custom SELinux policy that allows processes running under auditd_t
type to create and modify files and directories in the /var/tmp
directory. As a result, auditd
server using KRB5 peer authentication for remote logging can be started only after applying the described workaround.
Audit executable watches on symlinks do not work
File monitoring provided by the -w
option cannot directly track a path. It has to resolve the path to a device and an inode to make a comparison with the executed program. A watch monitoring an executable symlink monitors the device and an inode of the symlink itself instead of the program executed in memory, which is found from the resolution of the symlink. Even if the watch resolves the symlink to get the resulting executable program, the rule triggers on any multi-call binary called from a different symlink. This results in flooding logs with false positives. Consequently, Audit executable watches on symlinks do not work.
To work around the problem, set up a watch for the resolved path of the program executable, and filter the resulting log messages using the last component listed in the comm=
or proctitle=
fields.
(BZ#1421794)
8.9. Servers and Services
Upgrade to RHEL 7.8 fails when mariadb-test
or postgresql-docs
are installed on Workstation
The mariadb-test
and postgresql-docs
packages have been moved to the Workstation Optional repository. Consequently, if these packages are installed, it is impossible to update a system with a Workstation variant to RHEL 7.8. To work around this problem, uninstall mariadb-test
and postgresql-docs
prior to upgrading to RHEL 7.8.
(BZ#1749776)
FreeRADIUS silently truncates Tunnel-Passwords longer than 249 characters
If a Tunnel-Password is longer than 249 characters, the FreeRADIUS service silently truncates it. This may lead to unexpected password incompatibilities with other systems.
To work around the problem, choose a password that is 249 characters or fewer.
8.10. Storage
The system sometimes becomes unresponsive in low-memory situations with external MD metadata
The system might periodically become unresponsive if all of the following conditions occur:
- The Multiple Devices (MD) storage subsystem is configured to use external metadata arrays.
- The system reaches a low-memory situation.
- The MD user space performs an allocation that writes data back to the same device that MD is allocating for.
To work around the problem, ensure that the system has enough free memory. As a result, the system does not become unresponsive when MD performs the allocation.
(BZ#1703180)
8.11. Virtualization
Live migration of virtual machines between hosts with different physical address sizes does not work in some cases
Live migration of a virtual machine (VM) that uses a hot-plugged CPU currently fails in some cases if the hosts have different physical address sizes. To work around this problem, do not live migrate between such hosts while using a CPU hot-plug. Alternatively, do not hot-plug a CPU to a VM that has been migrated to a host with a different physical address size.
(BZ#1607311)
virt-clone
always shows a 100% progress bar when --nonsparse
is used
Currently, when the virt-clone
utility is used with the --nonparse
option, the progress bar displayed in the CLI always shows 100% completion of the process. As a consequence, the user cannot see the actual progress of cloning the virtual machine.
(BZ#1746771)
RHEL 7 virtual machines sometimes cannot boot on and migrate to Witherspoon hosts
RHEL 7 virtual machines (VMs) that use the pseries-rhel7.6.0-sxxm
machine type in some cases fail to boot on Power9 S922LC for HPC hosts (also known as Witherspoon) that use the DD2.3 CPU.
Attempting to boot such a VM instead generates the following error message:
qemu-kvm: Requested safe indirect branch capability level not supported by kvm
In addition, migrating VMs that use the pseries-rhel7.6.0-sxxm
machine type to Witherspoon hosts from other hosts fails.
kdump does not support setting nr_cpus to 2 or higher in Hyper-V virtual machines
When using RHEL 7.8 as a guest operating system on a Microsoft Hyper-V hypervisor, the kdump kernel in some cases becomes unresponsive when the nr_cpus
parameter is set to 2 or higher. To avoid this problem from occurring, do not change the default nr_cpus=1
parameter in the /etc/sysconfig/kdump
file of the guest.
Chapter 9. Deprecated Functionality
This chapter provides an overview of functionality that has been deprecated in all minor releases of Red Hat Enterprise Linux 7 up to Red Hat Enterprise Linux 7.
Deprecated functionality continues to be supported until the end of life of Red Hat Enterprise Linux 7. Deprecated functionality will likely not be supported in future major releases of this product and is not recommended for new deployments. For the most recent list of deprecated functionality within a particular major release, refer to the latest version of release documentation.
Deprecated hardware components are not recommended for new deployments on the current or future major releases. Hardware driver updates are limited to security and critical fixes only. Red Hat recommends replacing this hardware as soon as reasonably feasible.
A package can be deprecated and not recommended for further use. Under certain circumstances, a package can be removed from a product. Product documentation then identifies more recent packages that offer functionality similar, identical, or more advanced to the one deprecated, and provides further recommendations.
For details regarding differences between RHEL 7 and RHEL 8, see Considerations in adopting RHEL 8.
9.1. Deprecated Packages
The following packages are now deprecated. For information regarding replaced packages or availability in an unsupported RHEL 8 repository (if applicable), see Considerations in adopting RHEL 8.
- a2ps
- abrt-addon-upload-watch
- abrt-devel
- abrt-gui-devel
- abrt-retrace-client
- acpid-sysvinit
- advancecomp
- adwaita-icon-theme-devel
- adwaita-qt-common
- adwaita-qt4
- agg
- aic94xx-firmware
- akonadi
- akonadi-devel
- akonadi-mysql
- alacarte
- alsa-tools
- anaconda-widgets-devel
- ant-antunit
- ant-antunit-javadoc
- antlr-C++-doc
- antlr-python
- antlr-tool
- apache-commons-collections-javadoc
- apache-commons-collections-testframework
- apache-commons-configuration
- apache-commons-configuration-javadoc
- apache-commons-daemon
- apache-commons-daemon-javadoc
- apache-commons-daemon-jsvc
- apache-commons-dbcp
- apache-commons-dbcp-javadoc
- apache-commons-digester
- apache-commons-digester-javadoc
- apache-commons-jexl
- apache-commons-jexl-javadoc
- apache-commons-lang-javadoc
- apache-commons-pool
- apache-commons-pool-javadoc
- apache-commons-validator
- apache-commons-validator-javadoc
- apache-commons-vfs
- apache-commons-vfs-ant
- apache-commons-vfs-examples
- apache-commons-vfs-javadoc
- apache-rat
- apache-rat-core
- apache-rat-javadoc
- apache-rat-plugin
- apache-rat-tasks
- apr-util-nss
- args4j
- args4j-javadoc
- ark
- ark-libs
- asciidoc-latex
- at-spi
- at-spi-devel
- at-spi-python
- at-sysvinit
- atlas-static
- attica
- attica-devel
- audiocd-kio
- audiocd-kio-devel
- audiocd-kio-libs
- audiofile
- audiofile-devel
- audit-libs-python
- audit-libs-static
- authconfig
- authconfig-gtk
- authd
- autogen-libopts-devel
- automoc
- autotrace-devel
- avahi-dnsconfd
- avahi-glib-devel
- avahi-gobject-devel
- avahi-qt3
- avahi-qt3-devel
- avahi-qt4
- avahi-qt4-devel
- avahi-tools
- avahi-ui
- avahi-ui-devel
- avahi-ui-tools
- avalon-framework
- avalon-framework-javadoc
- avalon-logkit
- avalon-logkit-javadoc
- bacula-console-bat
- bacula-devel
- bacula-traymonitor
- baekmuk-ttf-batang-fonts
- baekmuk-ttf-dotum-fonts
- baekmuk-ttf-fonts-common
- baekmuk-ttf-fonts-ghostscript
- baekmuk-ttf-gulim-fonts
- baekmuk-ttf-hline-fonts
- base64coder
- base64coder-javadoc
- batik
- batik-demo
- batik-javadoc
- batik-rasterizer
- batik-slideshow
- batik-squiggle
- batik-svgpp
- batik-ttf2svg
- bcc-devel
- bcel
- bison-devel
- blas-static
- blas64-devel
- blas64-static
- bltk
- bluedevil
- bluedevil-autostart
- bmc-snmp-proxy
- bogofilter-bogoupgrade
- bridge-utils
- bsdcpio
- bsh-demo
- bsh-utils
- btrfs-progs
- btrfs-progs-devel
- buildnumber-maven-plugin
- buildnumber-maven-plugin-javadoc
- bwidget
- bzr
- bzr-doc
- cairo-tools
- cal10n
- caribou
- caribou-antler
- caribou-devel
- caribou-gtk2-module
- caribou-gtk3-module
- cdi-api-javadoc
- cdparanoia-static
- cdrskin
- ceph-common
- check-static
- cheese-libs-devel
- cifs-utils-devel
- cim-schema-docs
- cim-schema-docs
- cjkuni-ukai-fonts
- clutter-gst2-devel
- clutter-tests
- cmpi-bindings-pywbem
- cobertura
- cobertura-javadoc
- cockpit-machines-ovirt
- codehaus-parent
- codemodel
- codemodel-javadoc
- cogl-tests
- colord-extra-profiles
- colord-kde
- compat-cheese314
- compat-dapl
- compat-dapl-devel
- compat-dapl-static
- compat-dapl-utils
- compat-db
- compat-db-headers
- compat-db47
- compat-exiv2-023
- compat-gcc-44
- compat-gcc-44-c++
- compat-gcc-44-gfortran
- compat-glade315
- compat-glew
- compat-glibc
- compat-glibc-headers
- compat-gnome-desktop314
- compat-grilo02
- compat-libcap1
- compat-libcogl-pango12
- compat-libcogl12
- compat-libcolord1
- compat-libf2c-34
- compat-libgdata13
- compat-libgfortran-41
- compat-libgnome-bluetooth11
- compat-libgnome-desktop3-7
- compat-libgweather3
- compat-libical1
- compat-libmediaart0
- compat-libmpc
- compat-libpackagekit-glib2-16
- compat-libstdc++-33
- compat-libtiff3
- compat-libupower-glib1
- compat-libxcb
- compat-locales-sap-common
- compat-openldap
- compat-openmpi16
- compat-openmpi16-devel
- compat-opensm-libs
- compat-poppler022
- compat-poppler022-cpp
- compat-poppler022-glib
- compat-poppler022-qt
- compat-sap-c++-5
- compat-sap-c++-6
- compat-sap-c++-7
- conman
- console-setup
- coolkey
- coolkey-devel
- cpptest
- cpptest-devel
- cppunit
- cppunit-devel
- cppunit-doc
- cpuid
- cracklib-python
- crda-devel
- crit
- criu-devel
- crypto-utils
- cryptsetup-python
- cvs
- cvs-contrib
- cvs-doc
- cvs-inetd
- cvsps
- cyrus-imapd-devel
- dapl
- dapl-devel
- dapl-static
- dapl-utils
- dbus-doc
- dbus-python-devel
- dbus-tests
- dbusmenu-qt
- dbusmenu-qt-devel
- dbusmenu-qt-devel-docs
- debugmode
- dejagnu
- dejavu-lgc-sans-fonts
- dejavu-lgc-sans-mono-fonts
- dejavu-lgc-serif-fonts
- deltaiso
- dhcp-devel
- dialog-devel
- dleyna-connector-dbus-devel
- dleyna-core-devel
- dlm-devel
- dmraid
- dmraid-devel
- dmraid-events
- dmraid-events-logwatch
- docbook-simple
- docbook-slides
- docbook-style-dsssl
- docbook-utils
- docbook-utils-pdf
- docbook5-schemas
- docbook5-style-xsl
- docbook5-style-xsl-extensions
- docker-rhel-push-plugin
- dom4j
- dom4j-demo
- dom4j-javadoc
- dom4j-manual
- dovecot-pigeonhole
- dracut-fips
- dracut-fips-aesni
- dragon
- drm-utils
- drpmsync
- dtdinst
- e2fsprogs-static
- ecj
- edac-utils-devel
- efax
- efivar-devel
- egl-utils
- ekiga
- ElectricFence
- emacs-a2ps
- emacs-a2ps-el
- emacs-auctex
- emacs-auctex-doc
- emacs-git
- emacs-git-el
- emacs-gnuplot
- emacs-gnuplot-el
- emacs-php-mode
- empathy
- enchant-aspell
- enchant-voikko
- eog-devel
- epydoc
- espeak-devel
- evince-devel
- evince-dvi
- evolution-data-server-doc
- evolution-data-server-perl
- evolution-data-server-tests
- evolution-devel
- evolution-devel-docs
- evolution-tests
- expat-static
- expect-devel
- expectk
- farstream
- farstream-devel
- farstream-python
- farstream02-devel
- fedfs-utils-admin
- fedfs-utils-client
- fedfs-utils-common
- fedfs-utils-devel
- fedfs-utils-lib
- fedfs-utils-nsdbparams
- fedfs-utils-python
- fedfs-utils-server
- felix-bundlerepository
- felix-bundlerepository-javadoc
- felix-framework
- felix-framework-javadoc
- felix-osgi-obr
- felix-osgi-obr-javadoc
- felix-shell
- felix-shell-javadoc
- fence-sanlock
- festival
- festival-devel
- festival-docs
- festival-freebsoft-utils
- festival-lib
- festival-speechtools-devel
- festival-speechtools-libs
- festival-speechtools-utils
- festvox-awb-arctic-hts
- festvox-bdl-arctic-hts
- festvox-clb-arctic-hts
- festvox-jmk-arctic-hts
- festvox-kal-diphone
- festvox-ked-diphone
- festvox-rms-arctic-hts
- festvox-slt-arctic-hts
- file-static
- filebench
- filesystem-content
- finch
- finch-devel
- finger
- finger-server
- flatpak-devel
- flex-devel
- fltk-fluid
- fltk-static
- flute-javadoc
- folks
- folks-devel
- folks-tools
- fontforge-devel
- fontpackages-tools
- fonttools
- fop
- fop-javadoc
- fprintd-devel
- freeradius-python
- freetype-demos
- fros
- fros-gnome
- fros-recordmydesktop
- fwupd-devel
- fwupdate-devel
- gamin-python
- gavl-devel
- gcab
- gcc-gnat
- gcc-go
- gcc-objc
- gcc-objc++
- gcc-plugin-devel
- gconf-editor
- gd-progs
- gdk-pixbuf2-tests
- gdm-devel
- gdm-pam-extensions-devel
- gedit-devel
- gedit-plugin-bookmarks
- gedit-plugin-bracketcompletion
- gedit-plugin-charmap
- gedit-plugin-codecomment
- gedit-plugin-colorpicker
- gedit-plugin-colorschemer
- gedit-plugin-commander
- gedit-plugin-drawspaces
- gedit-plugin-findinfiles
- gedit-plugin-joinlines
- gedit-plugin-multiedit
- gedit-plugin-smartspaces
- gedit-plugin-synctex
- gedit-plugin-terminal
- gedit-plugin-textsize
- gedit-plugin-translate
- gedit-plugin-wordcompletion
- gedit-plugins
- gedit-plugins-data
- gegl-devel
- geoclue
- geoclue-devel
- geoclue-doc
- geoclue-gsmloc
- geoclue-gui
- GeoIP
- GeoIP-data
- GeoIP-devel
- GeoIP-update
- geronimo-jaspic-spec
- geronimo-jaspic-spec-javadoc
- geronimo-jaxrpc
- geronimo-jaxrpc-javadoc
- geronimo-jms
- geronimo-jta
- geronimo-jta-javadoc
- geronimo-osgi-support
- geronimo-osgi-support-javadoc
- geronimo-saaj
- geronimo-saaj-javadoc
- ghostscript-chinese
- ghostscript-chinese-zh_CN
- ghostscript-chinese-zh_TW
- ghostscript-cups
- ghostscript-devel
- ghostscript-gtk
- giflib-utils
- gimp-data-extras
- gimp-help
- gimp-help-ca
- gimp-help-da
- gimp-help-de
- gimp-help-el
- gimp-help-en_GB
- gimp-help-es
- gimp-help-fr
- gimp-help-it
- gimp-help-ja
- gimp-help-ko
- gimp-help-nl
- gimp-help-nn
- gimp-help-pt_BR
- gimp-help-ru
- gimp-help-sl
- gimp-help-sv
- gimp-help-zh_CN
- git-bzr
- git-cvs
- git-gnome-keyring
- git-hg
- git-p4
- gjs-tests
- glade
- glade3
- glade3-libgladeui
- glade3-libgladeui-devel
- glassfish-dtd-parser
- glassfish-dtd-parser-javadoc
- glassfish-jaxb-javadoc
- glassfish-jsp
- glassfish-jsp-javadoc
- glew
- glib-networking-tests
- gmp-static
- gnome-clocks
- gnome-common
- gnome-contacts
- gnome-desktop3-tests
- gnome-devel-docs
- gnome-dictionary
- gnome-doc-utils
- gnome-doc-utils-stylesheets
- gnome-documents
- gnome-documents-libs
- gnome-icon-theme
- gnome-icon-theme-devel
- gnome-icon-theme-extras
- gnome-icon-theme-legacy
- gnome-icon-theme-symbolic
- gnome-packagekit
- gnome-packagekit-common
- gnome-packagekit-installer
- gnome-packagekit-updater
- gnome-python2
- gnome-python2-bonobo
- gnome-python2-canvas
- gnome-python2-devel
- gnome-python2-gconf
- gnome-python2-gnome
- gnome-python2-gnomevfs
- gnome-settings-daemon-devel
- gnome-software-devel
- gnome-vfs2
- gnome-vfs2-devel
- gnome-vfs2-smb
- gnome-weather
- gnome-weather-tests
- gnote
- gnu-efi-utils
- gnu-getopt
- gnu-getopt-javadoc
- gnuplot-latex
- gnuplot-minimal
- gob2
- gom-devel
- google-noto-sans-korean-fonts
- google-noto-sans-simplified-chinese-fonts
- google-noto-sans-traditional-chinese-fonts
- gperftools
- gperftools-devel
- gperftools-libs
- gpm-static
- grantlee
- grantlee-apidocs
- grantlee-devel
- graphviz-graphs
- graphviz-guile
- graphviz-java
- graphviz-lua
- graphviz-ocaml
- graphviz-perl
- graphviz-php
- graphviz-python
- graphviz-ruby
- graphviz-tcl
- groff-doc
- groff-perl
- groff-x11
- groovy
- groovy-javadoc
- grub2
- grub2-ppc-modules
- grub2-ppc64-modules
- gsm-tools
- gsound-devel
- gssdp-utils
- gstreamer
- gstreamer-devel
- gstreamer-devel-docs
- gstreamer-plugins-bad-free
- gstreamer-plugins-bad-free-devel
- gstreamer-plugins-bad-free-devel-docs
- gstreamer-plugins-base
- gstreamer-plugins-base-devel
- gstreamer-plugins-base-devel-docs
- gstreamer-plugins-base-tools
- gstreamer-plugins-good
- gstreamer-plugins-good-devel-docs
- gstreamer-python
- gstreamer-python-devel
- gstreamer-tools
- gstreamer1-devel-docs
- gstreamer1-plugins-base-devel-docs
- gstreamer1-plugins-base-tools
- gstreamer1-plugins-ugly-free-devel
- gtk-vnc
- gtk-vnc-devel
- gtk-vnc-python
- gtk-vnc2-devel
- gtk3-devel-docs
- gtk3-immodules
- gtk3-tests
- gtkhtml3
- gtkhtml3-devel
- gtksourceview3-tests
- gucharmap
- gucharmap-devel
- gucharmap-libs
- gupnp-av-devel
- gupnp-av-docs
- gupnp-dlna-devel
- gupnp-dlna-docs
- gupnp-docs
- gupnp-igd-python
- gutenprint-devel
- gutenprint-extras
- gutenprint-foomatic
- gvfs-tests
- gvnc-devel
- gvnc-tools
- gvncpulse
- gvncpulse-devel
- gwenview
- gwenview-libs
- hamcrest
- hawkey-devel
- hesiod
- highcontrast-qt
- highcontrast-qt4
- highcontrast-qt5
- highlight-gui
- hispavoces-pal-diphone
- hispavoces-sfl-diphone
- hsakmt
- hsakmt-devel
- hspell-devel
- hsqldb
- hsqldb-demo
- hsqldb-javadoc
- hsqldb-manual
- htdig
- html2ps
- http-parser-devel
- httpunit
- httpunit-doc
- httpunit-javadoc
- i2c-tools-eepromer
- i2c-tools-python
- ibus-pygtk2
- ibus-qt
- ibus-qt-devel
- ibus-qt-docs
- ibus-rawcode
- ibus-table-devel
- ibutils
- ibutils-devel
- ibutils-libs
- icc-profiles-openicc
- icon-naming-utils
- im-chooser
- im-chooser-common
- ImageMagick
- ImageMagick-c++
- ImageMagick-c++-devel
- ImageMagick-devel
- ImageMagick-doc
- ImageMagick-perl
- imake
- imsettings
- imsettings-devel
- imsettings-gsettings
- imsettings-libs
- imsettings-qt
- imsettings-xim
- indent
- infinipath-psm
- infinipath-psm-devel
- iniparser
- iniparser-devel
- iok
- ipa-gothic-fonts
- ipa-mincho-fonts
- ipa-pgothic-fonts
- ipa-pmincho-fonts
- iperf3-devel
- iproute-doc
- ipset-devel
- ipsilon
- ipsilon-authform
- ipsilon-authgssapi
- ipsilon-authldap
- ipsilon-base
- ipsilon-client
- ipsilon-filesystem
- ipsilon-infosssd
- ipsilon-persona
- ipsilon-saml2
- ipsilon-saml2-base
- ipsilon-tools-ipa
- iputils-sysvinit
- iscsi-initiator-utils-devel
- isdn4k-utils
- isdn4k-utils-devel
- isdn4k-utils-doc
- isdn4k-utils-static
- isdn4k-utils-vboxgetty
- isomd5sum-devel
- isorelax
- istack-commons-javadoc
- ixpdimm_sw
- ixpdimm_sw-devel
- ixpdimm-cli
- ixpdimm-monitor
- jai-imageio-core
- jai-imageio-core-javadoc
- jakarta-commons-httpclient-demo
- jakarta-commons-httpclient-javadoc
- jakarta-commons-httpclient-manual
- jakarta-oro
- jakarta-taglibs-standard
- jakarta-taglibs-standard-javadoc
- jandex
- jandex-javadoc
- jansson-devel-doc
- jarjar
- jarjar-javadoc
- jarjar-maven-plugin
- jasper
- jasper-utils
- java-1.6.0-openjdk
- java-1.6.0-openjdk-demo
- java-1.6.0-openjdk-devel
- java-1.6.0-openjdk-javadoc
- java-1.6.0-openjdk-src
- java-1.7.0-openjdk
- java-1.7.0-openjdk-accessibility
- java-1.7.0-openjdk-demo
- java-1.7.0-openjdk-devel
- java-1.7.0-openjdk-headless
- java-1.7.0-openjdk-javadoc
- java-1.7.0-openjdk-src
- java-1.8.0-openjdk-accessibility-debug
- java-1.8.0-openjdk-debug
- java-1.8.0-openjdk-demo-debug
- java-1.8.0-openjdk-devel-debug
- java-1.8.0-openjdk-headless-debug
- java-1.8.0-openjdk-javadoc-debug
- java-1.8.0-openjdk-javadoc-zip-debug
- java-1.8.0-openjdk-src-debug
- java-11-openjdk-debug
- java-11-openjdk-demo-debug
- java-11-openjdk-devel-debug
- java-11-openjdk-headless-debug
- java-11-openjdk-javadoc-debug
- java-11-openjdk-javadoc-zip-debug
- java-11-openjdk-jmods-debug
- java-11-openjdk-src-debug
- javamail
- jaxen
- jboss-ejb-3.1-api
- jboss-ejb-3.1-api-javadoc
- jboss-el-2.2-api
- jboss-el-2.2-api-javadoc
- jboss-jaxrpc-1.1-api
- jboss-jaxrpc-1.1-api-javadoc
- jboss-servlet-2.5-api
- jboss-servlet-2.5-api-javadoc
- jboss-servlet-3.0-api
- jboss-servlet-3.0-api-javadoc
- jboss-specs-parent
- jboss-transaction-1.1-api
- jboss-transaction-1.1-api-javadoc
- jdom
- jettison
- jettison-javadoc
- jetty-annotations
- jetty-ant
- jetty-artifact-remote-resources
- jetty-assembly-descriptors
- jetty-build-support
- jetty-build-support-javadoc
- jetty-client
- jetty-continuation
- jetty-deploy
- jetty-distribution-remote-resources
- jetty-http
- jetty-io
- jetty-jaas
- jetty-jaspi
- jetty-javadoc
- jetty-jmx
- jetty-jndi
- jetty-jsp
- jetty-jspc-maven-plugin
- jetty-maven-plugin
- jetty-monitor
- jetty-parent
- jetty-plus
- jetty-project
- jetty-proxy
- jetty-rewrite
- jetty-runner
- jetty-security
- jetty-server
- jetty-servlet
- jetty-servlets
- jetty-start
- jetty-test-policy
- jetty-test-policy-javadoc
- jetty-toolchain
- jetty-util
- jetty-util-ajax
- jetty-version-maven-plugin
- jetty-version-maven-plugin-javadoc
- jetty-webapp
- jetty-websocket-api
- jetty-websocket-client
- jetty-websocket-common
- jetty-websocket-parent
- jetty-websocket-server
- jetty-websocket-servlet
- jetty-xml
- jing
- jing-javadoc
- jline-demo
- jna
- jna-contrib
- jna-javadoc
- joda-convert
- joda-convert-javadoc
- js
- js-devel
- jsch-demo
- json-glib-tests
- jsr-311
- jsr-311-javadoc
- juk
- junit
- junit-demo
- jvnet-parent
- k3b
- k3b-common
- k3b-devel
- k3b-libs
- kaccessible
- kaccessible-libs
- kactivities
- kactivities-devel
- kamera
- kate
- kate-devel
- kate-libs
- kate-part
- kcalc
- kcharselect
- kcm_colors
- kcm_touchpad
- kcm-gtk
- kcolorchooser
- kcoloredit
- kde-base-artwork
- kde-baseapps
- kde-baseapps-devel
- kde-baseapps-libs
- kde-filesystem
- kde-l10n
- kde-l10n-Arabic
- kde-l10n-Basque
- kde-l10n-Bosnian
- kde-l10n-British
- kde-l10n-Bulgarian
- kde-l10n-Catalan
- kde-l10n-Catalan-Valencian
- kde-l10n-Croatian
- kde-l10n-Czech
- kde-l10n-Danish
- kde-l10n-Dutch
- kde-l10n-Estonian
- kde-l10n-Farsi
- kde-l10n-Finnish
- kde-l10n-Galician
- kde-l10n-Greek
- kde-l10n-Hebrew
- kde-l10n-Hungarian
- kde-l10n-Icelandic
- kde-l10n-Interlingua
- kde-l10n-Irish
- kde-l10n-Kazakh
- kde-l10n-Khmer
- kde-l10n-Latvian
- kde-l10n-Lithuanian
- kde-l10n-LowSaxon
- kde-l10n-Norwegian
- kde-l10n-Norwegian-Nynorsk
- kde-l10n-Polish
- kde-l10n-Portuguese
- kde-l10n-Romanian
- kde-l10n-Serbian
- kde-l10n-Slovak
- kde-l10n-Slovenian
- kde-l10n-Swedish
- kde-l10n-Tajik
- kde-l10n-Thai
- kde-l10n-Turkish
- kde-l10n-Ukrainian
- kde-l10n-Uyghur
- kde-l10n-Vietnamese
- kde-l10n-Walloon
- kde-plasma-networkmanagement
- kde-plasma-networkmanagement-libreswan
- kde-plasma-networkmanagement-libs
- kde-plasma-networkmanagement-mobile
- kde-print-manager
- kde-runtime
- kde-runtime-devel
- kde-runtime-drkonqi
- kde-runtime-libs
- kde-settings
- kde-settings-ksplash
- kde-settings-minimal
- kde-settings-plasma
- kde-settings-pulseaudio
- kde-style-oxygen
- kde-style-phase
- kde-wallpapers
- kde-workspace
- kde-workspace-devel
- kde-workspace-ksplash-themes
- kde-workspace-libs
- kdeaccessibility
- kdeadmin
- kdeartwork
- kdeartwork-screensavers
- kdeartwork-sounds
- kdeartwork-wallpapers
- kdeclassic-cursor-theme
- kdegraphics
- kdegraphics-devel
- kdegraphics-libs
- kdegraphics-strigi-analyzer
- kdegraphics-thumbnailers
- kdelibs
- kdelibs-apidocs
- kdelibs-common
- kdelibs-devel
- kdelibs-ktexteditor
- kdemultimedia
- kdemultimedia-common
- kdemultimedia-devel
- kdemultimedia-libs
- kdenetwork
- kdenetwork-common
- kdenetwork-devel
- kdenetwork-fileshare-samba
- kdenetwork-kdnssd
- kdenetwork-kget
- kdenetwork-kget-libs
- kdenetwork-kopete
- kdenetwork-kopete-devel
- kdenetwork-kopete-libs
- kdenetwork-krdc
- kdenetwork-krdc-devel
- kdenetwork-krdc-libs
- kdenetwork-krfb
- kdenetwork-krfb-libs
- kdepim
- kdepim-devel
- kdepim-libs
- kdepim-runtime
- kdepim-runtime-libs
- kdepimlibs
- kdepimlibs-akonadi
- kdepimlibs-apidocs
- kdepimlibs-devel
- kdepimlibs-kxmlrpcclient
- kdeplasma-addons
- kdeplasma-addons-devel
- kdeplasma-addons-libs
- kdesdk
- kdesdk-cervisia
- kdesdk-common
- kdesdk-devel
- kdesdk-dolphin-plugins
- kdesdk-kapptemplate
- kdesdk-kapptemplate-template
- kdesdk-kcachegrind
- kdesdk-kioslave
- kdesdk-kmtrace
- kdesdk-kmtrace-devel
- kdesdk-kmtrace-libs
- kdesdk-kompare
- kdesdk-kompare-devel
- kdesdk-kompare-libs
- kdesdk-kpartloader
- kdesdk-kstartperf
- kdesdk-kuiviewer
- kdesdk-lokalize
- kdesdk-okteta
- kdesdk-okteta-devel
- kdesdk-okteta-libs
- kdesdk-poxml
- kdesdk-scripts
- kdesdk-strigi-analyzer
- kdesdk-thumbnailers
- kdesdk-umbrello
- kdeutils
- kdeutils-common
- kdeutils-minimal
- kdf
- kernel-rt-doc
- kernel-rt-trace
- kernel-rt-trace-devel
- kernel-rt-trace-kvm
- keytool-maven-plugin
- keytool-maven-plugin-javadoc
- kgamma
- kgpg
- kgreeter-plugins
- khotkeys
- khotkeys-libs
- kiconedit
- kinfocenter
- kio_sysinfo
- kmag
- kmenuedit
- kmix
- kmod-oracleasm
- kolourpaint
- kolourpaint-libs
- konkretcmpi
- konkretcmpi-devel
- konkretcmpi-python
- konsole
- konsole-part
- kross-interpreters
- kross-python
- kross-ruby
- kruler
- ksaneplugin
- kscreen
- ksnapshot
- ksshaskpass
- ksysguard
- ksysguard-libs
- ksysguardd
- ktimer
- kwallet
- kwin
- kwin-gles
- kwin-gles-libs
- kwin-libs
- kwrite
- kxml
- kxml-javadoc
- lapack64-devel
- lapack64-static
- lasso-devel
- latrace
- lcms2-utils
- ldns-doc
- ldns-python
- libabw-devel
- libabw-doc
- libabw-tools
- libappindicator
- libappindicator-devel
- libappindicator-docs
- libappstream-glib-builder
- libappstream-glib-builder-devel
- libart_lgpl
- libart_lgpl-devel
- libasan-static
- libavc1394-devel
- libbase-javadoc
- libblockdev-btrfs
- libblockdev-btrfs-devel
- libblockdev-crypto-devel
- libblockdev-devel
- libblockdev-dm-devel
- libblockdev-fs-devel
- libblockdev-kbd-devel
- libblockdev-loop-devel
- libblockdev-lvm-devel
- libblockdev-mdraid-devel
- libblockdev-mpath-devel
- libblockdev-nvdimm-devel
- libblockdev-part-devel
- libblockdev-swap-devel
- libblockdev-utils-devel
- libblockdev-vdo-devel
- libbluedevil
- libbluedevil-devel
- libbluray-devel
- libbonobo
- libbonobo-devel
- libbonoboui
- libbonoboui-devel
- libbytesize-devel
- libcacard-tools
- libcap-ng-python
- libcdr-devel
- libcdr-doc
- libcdr-tools
- libcgroup-devel
- libchamplain-demos
- libchewing
- libchewing-devel
- libchewing-python
- libcmis-devel
- libcmis-tools
- libcryptui
- libcryptui-devel
- libdb-devel-static
- libdb-java
- libdb-java-devel
- libdb-tcl
- libdb-tcl-devel
- libdbi
- libdbi-dbd-mysql
- libdbi-dbd-pgsql
- libdbi-dbd-sqlite
- libdbi-devel
- libdbi-drivers
- libdbusmenu-doc
- libdbusmenu-gtk2
- libdbusmenu-gtk2-devel
- libdbusmenu-gtk3-devel
- libdhash-devel
- libdmapsharing-devel
- libdmmp-devel
- libdmx-devel
- libdnet-progs
- libdnet-python
- libdnf-devel
- libdv-tools
- libdvdnav-devel
- libeasyfc-devel
- libeasyfc-gobject-devel
- libee
- libee-devel
- libee-utils
- libesmtp
- libesmtp-devel
- libestr-devel
- libetonyek-doc
- libetonyek-tools
- libevdev-utils
- libexif-doc
- libexttextcat-devel
- libexttextcat-tools
- libfastjson-devel
- libfdt
- libfonts-javadoc
- libformula-javadoc
- libfprint-devel
- libfreehand-devel
- libfreehand-doc
- libfreehand-tools
- libgcab1-devel
- libgccjit
- libgdither-devel
- libgee06
- libgee06-devel
- libgepub
- libgepub-devel
- libgfortran-static
- libgfortran4
- libgfortran5
- libgit2-devel
- libglade2
- libglade2-devel
- libGLEWmx
- libgnat
- libgnat-devel
- libgnat-static
- libgnome
- libgnome-devel
- libgnome-keyring-devel
- libgnomecanvas
- libgnomecanvas-devel
- libgnomeui
- libgnomeui-devel
- libgo
- libgo-devel
- libgo-static
- libgovirt-devel
- libgudev-devel
- libgxim
- libgxim-devel
- libgxps-tools
- libhangul-devel
- libhbaapi-devel
- libhif-devel
- libical-glib
- libical-glib-devel
- libical-glib-doc
- libid3tag
- libid3tag-devel
- libiec61883-utils
- libieee1284-python
- libimobiledevice-python
- libimobiledevice-utils
- libindicator
- libindicator-devel
- libindicator-gtk3-devel
- libindicator-tools
- libinvm-cim
- libinvm-cim-devel
- libinvm-cli
- libinvm-cli-devel
- libinvm-i18n
- libinvm-i18n-devel
- libiodbc
- libiodbc-devel
- libipa_hbac-devel
- libiptcdata-devel
- libiptcdata-python
- libitm-static
- libixpdimm-cim
- libixpdimm-core
- libjpeg-turbo-static
- libkcddb
- libkcddb-devel
- libkcompactdisc
- libkcompactdisc-devel
- libkdcraw
- libkdcraw-devel
- libkexiv2
- libkexiv2-devel
- libkipi
- libkipi-devel
- libkkc-devel
- libkkc-tools
- libksane
- libksane-devel
- libkscreen
- libkscreen-devel
- libkworkspace
- liblayout-javadoc
- libloader-javadoc
- liblognorm-devel
- liblouis-devel
- liblouis-doc
- liblouis-utils
- libmatchbox-devel
- libmbim-devel
- libmediaart-devel
- libmediaart-tests
- libmnl-static
- libmodman-devel
- libmodulemd-devel
- libmpc-devel
- libmsn
- libmsn-devel
- libmspub-devel
- libmspub-doc
- libmspub-tools
- libmtp-examples
- libmudflap
- libmudflap-devel
- libmudflap-static
- libmwaw-devel
- libmwaw-doc
- libmwaw-tools
- libmx
- libmx-devel
- libmx-docs
- libndp-devel
- libnetfilter_cthelper-devel
- libnetfilter_cttimeout-devel
- libnftnl-devel
- libnl
- libnl-devel
- libnm-gtk
- libnm-gtk-devel
- libntlm
- libntlm-devel
- libobjc
- libodfgen-doc
- libofa
- libofa-devel
- liboil
- liboil-devel
- libopenraw-pixbuf-loader
- liborcus-devel
- liborcus-doc
- liborcus-tools
- libosinfo-devel
- libosinfo-vala
- libotf-devel
- libpagemaker-devel
- libpagemaker-doc
- libpagemaker-tools
- libpinyin-devel
- libpinyin-tools
- libpipeline-devel
- libplist-python
- libpng-static
- libpng12-devel
- libproxy-kde
- libpst
- libpst-devel
- libpst-devel-doc
- libpst-doc
- libpst-python
- libpurple-perl
- libpurple-tcl
- libqmi-devel
- libquadmath-static
- LibRaw-static
- librelp-devel
- libreoffice
- libreoffice-bsh
- libreoffice-gdb-debug-support
- libreoffice-glade
- libreoffice-librelogo
- libreoffice-nlpsolver
- libreoffice-officebean
- libreoffice-officebean-common
- libreoffice-postgresql
- libreoffice-rhino
- libreofficekit-devel
- librepo-devel
- libreport-compat
- libreport-devel
- libreport-gtk-devel
- libreport-web-devel
- librepository-javadoc
- librevenge-doc
- librsvg2-tools
- libseccomp-devel
- libselinux-static
- libsemanage-devel
- libsemanage-static
- libserializer-javadoc
- libsexy
- libsexy-devel
- libsmbios-devel
- libsmi-devel
- libsndfile-utils
- libsolv-demo
- libsolv-devel
- libsolv-tools
- libspiro-devel
- libss-devel
- libssh2
- libsss_certmap-devel
- libsss_idmap-devel
- libsss_nss_idmap-devel
- libsss_simpleifp-devel
- libstaroffice-devel
- libstaroffice-doc
- libstaroffice-tools
- libstdc++-static
- libstoragemgmt-devel
- libstoragemgmt-targetd-plugin
- libtar-devel
- libteam-devel
- libtheora-devel-docs
- libtiff-static
- libtimezonemap-devel
- libtnc
- libtnc-devel
- libtranslit
- libtranslit-devel
- libtranslit-icu
- libtranslit-m17n
- libtsan-static
- libudisks2-devel
- libuninameslist-devel
- libunwind
- libunwind-devel
- libusal-devel
- libusb-static
- libusbmuxd-utils
- libuser-devel
- libvdpau-docs
- libverto-glib
- libverto-glib-devel
- libverto-libevent-devel
- libverto-tevent
- libverto-tevent-devel
- libvirt-cim
- libvirt-daemon-driver-lxc
- libvirt-daemon-lxc
- libvirt-gconfig-devel
- libvirt-glib-devel
- libvirt-gobject-devel
- libvirt-java
- libvirt-java-devel
- libvirt-java-javadoc
- libvirt-login-shell
- libvirt-snmp
- libvisio-doc
- libvisio-tools
- libvma-devel
- libvma-utils
- libvoikko-devel
- libvpx-utils
- libwebp-java
- libwebp-tools
- libwpd-tools
- libwpg-tools
- libwps-tools
- libwsman-devel
- libwvstreams
- libwvstreams-devel
- libwvstreams-static
- libxcb-doc
- libXevie
- libXevie-devel
- libXfont
- libXfont-devel
- libxml2-static
- libxslt-python
- libXvMC-devel
- libzapojit
- libzapojit-devel
- libzmf-devel
- libzmf-doc
- libzmf-tools
- lldpad-devel
- log4cxx
- log4cxx-devel
- log4j-manual
- lpsolve-devel
- lua-devel
- lua-static
- lvm2-cluster
- lvm2-python-libs
- lvm2-sysvinit
- lz4-static
- m17n-contrib
- m17n-contrib-extras
- m17n-db-devel
- m17n-db-extras
- m17n-lib-devel
- m17n-lib-tools
- m2crypto
- malaga-devel
- man-pages-cs
- man-pages-es
- man-pages-es-extra
- man-pages-fr
- man-pages-it
- man-pages-ja
- man-pages-ko
- man-pages-pl
- man-pages-ru
- man-pages-zh-CN
- mariadb-bench
- marisa-devel
- marisa-perl
- marisa-python
- marisa-ruby
- marisa-tools
- maven-changes-plugin
- maven-changes-plugin-javadoc
- maven-deploy-plugin
- maven-deploy-plugin-javadoc
- maven-doxia-module-fo
- maven-ear-plugin
- maven-ear-plugin-javadoc
- maven-ejb-plugin
- maven-ejb-plugin-javadoc
- maven-error-diagnostics
- maven-gpg-plugin
- maven-gpg-plugin-javadoc
- maven-istack-commons-plugin
- maven-jarsigner-plugin
- maven-jarsigner-plugin-javadoc
- maven-javadoc-plugin
- maven-javadoc-plugin-javadoc
- maven-jxr
- maven-jxr-javadoc
- maven-osgi
- maven-osgi-javadoc
- maven-plugin-jxr
- maven-project-info-reports-plugin
- maven-project-info-reports-plugin-javadoc
- maven-release
- maven-release-javadoc
- maven-release-manager
- maven-release-plugin
- maven-reporting-exec
- maven-repository-builder
- maven-repository-builder-javadoc
- maven-scm
- maven-scm-javadoc
- maven-scm-test
- maven-shared-jar
- maven-shared-jar-javadoc
- maven-site-plugin
- maven-site-plugin-javadoc
- maven-verifier-plugin
- maven-verifier-plugin-javadoc
- maven-wagon-provider-test
- maven-wagon-scm
- maven-war-plugin
- maven-war-plugin-javadoc
- mdds-devel
- meanwhile-devel
- meanwhile-doc
- memcached-devel
- memstomp
- mesa-demos
- mesa-libxatracker-devel
- mesa-private-llvm
- mesa-private-llvm-devel
- metacity-devel
- mgetty
- mgetty-sendfax
- mgetty-viewfax
- mgetty-voice
- migrationtools
- minizip
- minizip-devel
- mkbootdisk
- mobile-broadband-provider-info-devel
- mod_auth_kerb
- mod_auth_mellon-diagnostics
- mod_nss
- mod_revocator
- ModemManager-vala
- mono-icon-theme
- mozjs17
- mozjs17-devel
- mozjs24
- mozjs24-devel
- mpich-3.0-autoload
- mpich-3.0-doc
- mpich-3.2-autoload
- mpich-3.2-doc
- mpitests-compat-openmpi16
- msv-demo
- msv-msv
- msv-rngconv
- msv-xmlgen
- mvapich2-2.0-devel
- mvapich2-2.0-doc
- mvapich2-2.0-psm-devel
- mvapich2-2.2-devel
- mvapich2-2.2-doc
- mvapich2-2.2-psm-devel
- mvapich2-2.2-psm2-devel
- mvapich23-devel
- mvapich23-doc
- mvapich23-psm-devel
- mvapich23-psm2-devel
- nagios-plugins-bacula
- nasm
- nasm-doc
- nasm-rdoff
- ncurses-static
- nekohtml
- nekohtml-demo
- nekohtml-javadoc
- nepomuk-core
- nepomuk-core-devel
- nepomuk-core-libs
- nepomuk-widgets
- nepomuk-widgets-devel
- net-snmp-gui
- net-snmp-perl
- net-snmp-python
- net-snmp-sysvinit
- netsniff-ng
- NetworkManager-glib
- NetworkManager-glib-devel
- newt-static
- nfsometer
- nfstest
- nhn-nanum-brush-fonts
- nhn-nanum-fonts-common
- nhn-nanum-myeongjo-fonts
- nhn-nanum-pen-fonts
- nmap-frontend
- nss_compat_ossl
- nss_compat_ossl-devel
- nss-pem
- nss-pkcs11-devel
- ntp-doc
- ntp-perl
- nuvola-icon-theme
- nuxwdog
- nuxwdog-client-java
- nuxwdog-client-perl
- nuxwdog-devel
- objectweb-anttask
- objectweb-anttask-javadoc
- objectweb-asm
- ocaml-brlapi
- ocaml-calendar
- ocaml-calendar-devel
- ocaml-csv
- ocaml-csv-devel
- ocaml-curses
- ocaml-curses-devel
- ocaml-docs
- ocaml-emacs
- ocaml-fileutils
- ocaml-fileutils-devel
- ocaml-gettext
- ocaml-gettext-devel
- ocaml-libvirt
- ocaml-libvirt-devel
- ocaml-ocamlbuild-doc
- ocaml-source
- ocaml-x11
- ocaml-xml-light
- ocaml-xml-light-devel
- oci-register-machine
- okular
- okular-devel
- okular-libs
- okular-part
- opa-libopamgt-devel
- opal
- opal-devel
- open-vm-tools-devel
- open-vm-tools-test
- opencc-tools
- openchange-client
- openchange-devel
- openchange-devel-docs
- opencv-devel-docs
- opencv-python
- OpenEXR
- openhpi-devel
- openjade
- openjpeg-devel
- openjpeg-libs
- openldap-servers
- openldap-servers-sql
- openlmi
- openlmi-account
- openlmi-account-doc
- openlmi-fan
- openlmi-fan-doc
- openlmi-hardware
- openlmi-hardware-doc
- openlmi-indicationmanager-libs
- openlmi-indicationmanager-libs-devel
- openlmi-journald
- openlmi-journald-doc
- openlmi-logicalfile
- openlmi-logicalfile-doc
- openlmi-networking
- openlmi-networking-doc
- openlmi-pcp
- openlmi-powermanagement
- openlmi-powermanagement-doc
- openlmi-providers
- openlmi-providers-devel
- openlmi-python-base
- openlmi-python-providers
- openlmi-python-test
- openlmi-realmd
- openlmi-realmd-doc
- openlmi-service
- openlmi-service-doc
- openlmi-software
- openlmi-software-doc
- openlmi-storage
- openlmi-storage-doc
- openlmi-tools
- openlmi-tools-doc
- openobex
- openobex-apps
- openobex-devel
- openscap-containers
- openscap-engine-sce-devel
- openslp-devel
- openslp-server
- opensm-static
- opensp
- openssh-server-sysvinit
- openssl-static
- openssl098e
- openwsman-perl
- openwsman-ruby
- oprofile-devel
- oprofile-gui
- oprofile-jit
- optipng
- ORBit2
- ORBit2-devel
- orc-doc
- ortp
- ortp-devel
- oscilloscope
- oxygen-cursor-themes
- oxygen-gtk
- oxygen-gtk2
- oxygen-gtk3
- oxygen-icon-theme
- PackageKit-yum-plugin
- pakchois-devel
- pam_krb5
- pam_pkcs11
- pam_snapper
- pango-tests
- paps-devel
- passivetex
- pax
- pciutils-devel-static
- pcp-collector
- pcp-monitor
- pcre-tools
- pcre2-static
- pcre2-tools
- pentaho-libxml-javadoc
- pentaho-reporting-flow-engine-javadoc
- perl-AppConfig
- perl-Archive-Extract
- perl-B-Keywords
- perl-Browser-Open
- perl-Business-ISBN
- perl-Business-ISBN-Data
- perl-CGI-Session
- perl-Class-Load
- perl-Class-Load-XS
- perl-Class-Singleton
- perl-Config-Simple
- perl-Config-Tiny
- perl-Convert-ASN1
- perl-CPAN-Changes
- perl-CPANPLUS
- perl-CPANPLUS-Dist-Build
- perl-Crypt-CBC
- perl-Crypt-DES
- perl-Crypt-OpenSSL-Bignum
- perl-Crypt-OpenSSL-Random
- perl-Crypt-OpenSSL-RSA
- perl-Crypt-PasswdMD5
- perl-Crypt-SSLeay
- perl-CSS-Tiny
- perl-Data-Peek
- perl-DateTime
- perl-DateTime-Format-DateParse
- perl-DateTime-Locale
- perl-DateTime-TimeZone
- perl-DBD-Pg-tests
- perl-DBIx-Simple
- perl-Devel-Cover
- perl-Devel-Cycle
- perl-Devel-EnforceEncapsulation
- perl-Devel-Leak
- perl-Devel-Symdump
- perl-Digest-SHA1
- perl-Email-Address
- perl-FCGI
- perl-File-Find-Rule-Perl
- perl-File-Inplace
- perl-Font-AFM
- perl-Font-TTF
- perl-FreezeThaw
- perl-GD
- perl-GD-Barcode
- perl-Hook-LexWrap
- perl-HTML-Format
- perl-HTML-FormatText-WithLinks
- perl-HTML-FormatText-WithLinks-AndTables
- perl-HTML-Tree
- perl-HTTP-Daemon
- perl-Image-Base
- perl-Image-Info
- perl-Image-Xbm
- perl-Image-Xpm
- perl-Inline
- perl-Inline-Files
- perl-IO-CaptureOutput
- perl-IO-stringy
- perl-JSON-tests
- perl-LDAP
- perl-libxml-perl
- perl-List-MoreUtils
- perl-Locale-Maketext-Gettext
- perl-Locale-PO
- perl-Log-Message
- perl-Log-Message-Simple
- perl-Mail-DKIM
- perl-Mixin-Linewise
- perl-Module-Implementation
- perl-Module-Manifest
- perl-Module-Signature
- perl-Net-Daemon
- perl-Net-DNS-Nameserver
- perl-Net-DNS-Resolver-Programmable
- perl-Net-LibIDN
- perl-Net-Telnet
- perl-Newt
- perl-Object-Accessor
- perl-Object-Deadly
- perl-Package-Constants
- perl-Package-DeprecationManager
- perl-Package-Stash
- perl-Package-Stash-XS
- perl-PAR-Dist
- perl-Parallel-Iterator
- perl-Params-Validate
- perl-Parse-CPAN-Meta
- perl-Parse-RecDescent
- perl-Perl-Critic
- perl-Perl-Critic-More
- perl-Perl-MinimumVersion
- perl-Perl4-CoreLibs
- perl-PlRPC
- perl-Pod-Coverage
- perl-Pod-Coverage-TrustPod
- perl-Pod-Eventual
- perl-Pod-POM
- perl-Pod-Spell
- perl-PPI
- perl-PPI-HTML
- perl-PPIx-Regexp
- perl-PPIx-Utilities
- perl-Probe-Perl
- perl-Readonly-XS
- perl-SGMLSpm
- perl-Sort-Versions
- perl-String-Format
- perl-String-Similarity
- perl-Syntax-Highlight-Engine-Kate
- perl-Task-Weaken
- perl-Template-Toolkit
- perl-Term-UI
- perl-Test-ClassAPI
- perl-Test-CPAN-Meta
- perl-Test-DistManifest
- perl-Test-EOL
- perl-Test-HasVersion
- perl-Test-Inter
- perl-Test-Manifest
- perl-Test-Memory-Cycle
- perl-Test-MinimumVersion
- perl-Test-MockObject
- perl-Test-NoTabs
- perl-Test-Object
- perl-Test-Output
- perl-Test-Perl-Critic
- perl-Test-Perl-Critic-Policy
- perl-Test-Pod
- perl-Test-Pod-Coverage
- perl-Test-Portability-Files
- perl-Test-Script
- perl-Test-Spelling
- perl-Test-SubCalls
- perl-Test-Synopsis
- perl-Test-Tester
- perl-Test-Vars
- perl-Test-Without-Module
- perl-Text-CSV_XS
- perl-Text-Iconv
- perl-Tree-DAG_Node
- perl-Unicode-Map8
- perl-Unicode-String
- perl-UNIVERSAL-can
- perl-UNIVERSAL-isa
- perl-Version-Requirements
- perl-WWW-Curl
- perl-XML-Dumper
- perl-XML-Filter-BufferText
- perl-XML-Grove
- perl-XML-Handler-YAWriter
- perl-XML-LibXSLT
- perl-XML-SAX-Writer
- perl-XML-TreeBuilder
- perl-XML-Twig
- perl-XML-Writer
- perl-XML-XPathEngine
- perl-YAML-Tiny
- perltidy
- phonon
- phonon-backend-gstreamer
- phonon-devel
- php-pecl-memcache
- php-pspell
- pidgin-perl
- pinentry-qt
- pinentry-qt4
- pki-javadoc
- plasma-scriptengine-python
- plasma-scriptengine-ruby
- plexus-digest
- plexus-digest-javadoc
- plexus-mail-sender
- plexus-mail-sender-javadoc
- plexus-tools-pom
- plymouth-devel
- pm-utils
- pm-utils-devel
- pngcrush
- pngnq
- polkit-kde
- polkit-qt
- polkit-qt-devel
- polkit-qt-doc
- poppler-demos
- poppler-qt
- poppler-qt-devel
- popt-static
- postfix-sysvinit
- pothana2000-fonts
- powerpc-utils-python
- pprof
- pps-tools
- pptp-setup
- procps-ng-devel
- protobuf-emacs
- protobuf-emacs-el
- protobuf-java
- protobuf-javadoc
- protobuf-lite-devel
- protobuf-lite-static
- protobuf-python
- protobuf-static
- protobuf-vim
- psutils
- psutils-perl
- pth-devel
- ptlib
- ptlib-devel
- publican
- publican-common-db5-web
- publican-common-web
- publican-doc
- publican-redhat
- pulseaudio-esound-compat
- pulseaudio-module-gconf
- pulseaudio-module-zeroconf
- pulseaudio-qpaeq
- pygpgme
- pygtk2-libglade
- pykde4
- pykde4-akonadi
- pykde4-devel
- pyldb-devel
- pyliblzma
- PyOpenGL
- PyOpenGL-Tk
- pyOpenSSL-doc
- pyorbit
- pyorbit-devel
- PyPAM
- pyparsing-doc
- PyQt4
- PyQt4-devel
- pytalloc-devel
- python-appindicator
- python-beaker
- python-cffi-doc
- python-cherrypy
- python-criu
- python-debug
- python-deltarpm
- python-dtopt
- python-fpconst
- python-gpod
- python-gudev
- python-inotify-examples
- python-ipaddr
- python-IPy
- python-isodate
- python-isomd5sum
- python-kerberos
- python-kitchen
- python-kitchen-doc
- python-krbV
- python-libteam
- python-lxml-docs
- python-matplotlib
- python-matplotlib-doc
- python-matplotlib-qt4
- python-matplotlib-tk
- python-memcached
- python-mutagen
- python-paramiko
- python-paramiko-doc
- python-paste
- python-pillow-devel
- python-pillow-doc
- python-pillow-qt
- python-pillow-sane
- python-pillow-tk
- python-rados
- python-rbd
- python-reportlab-docs
- python-requests-kerberos
- python-rtslib-doc
- python-setproctitle
- python-slip-gtk
- python-smbc
- python-smbc-doc
- python-smbios
- python-sphinx-doc
- python-tempita
- python-tornado
- python-tornado-doc
- python-twisted-core
- python-twisted-core-doc
- python-twisted-web
- python-twisted-words
- python-urlgrabber
- python-volume_key
- python-webob
- python-webtest
- python-which
- python-zope-interface
- python2-caribou
- python2-futures
- python2-gexiv2
- python2-smartcols
- python2-solv
- python2-subprocess32
- qca-ossl
- qca2
- qca2-devel
- qdox
- qimageblitz
- qimageblitz-devel
- qimageblitz-examples
- qjson
- qjson-devel
- qpdf-devel
- qt
- qt-assistant
- qt-config
- qt-demos
- qt-devel
- qt-devel-private
- qt-doc
- qt-examples
- qt-mysql
- qt-odbc
- qt-postgresql
- qt-qdbusviewer
- qt-qvfb
- qt-settings
- qt-x11
- qt3
- qt3-config
- qt3-designer
- qt3-devel
- qt3-devel-docs
- qt3-MySQL
- qt3-ODBC
- qt3-PostgreSQL
- qt5-qt3d-doc
- qt5-qtbase-doc
- qt5-qtcanvas3d-doc
- qt5-qtconnectivity-doc
- qt5-qtdeclarative-doc
- qt5-qtenginio
- qt5-qtenginio-devel
- qt5-qtenginio-doc
- qt5-qtenginio-examples
- qt5-qtgraphicaleffects-doc
- qt5-qtimageformats-doc
- qt5-qtlocation-doc
- qt5-qtmultimedia-doc
- qt5-qtquickcontrols-doc
- qt5-qtquickcontrols2-doc
- qt5-qtscript-doc
- qt5-qtsensors-doc
- qt5-qtserialbus-devel
- qt5-qtserialbus-doc
- qt5-qtserialport-doc
- qt5-qtsvg-doc
- qt5-qttools-doc
- qt5-qtwayland-doc
- qt5-qtwebchannel-doc
- qt5-qtwebsockets-doc
- qt5-qtx11extras-doc
- qt5-qtxmlpatterns-doc
- quagga
- quagga-contrib
- quota-devel
- qv4l2
- rarian-devel
- rcs
- rdate
- rdist
- readline-static
- realmd-devel-docs
- Red_Hat_Enterprise_Linux-Release_Notes-7-as-IN
- Red_Hat_Enterprise_Linux-Release_Notes-7-bn-IN
- Red_Hat_Enterprise_Linux-Release_Notes-7-de-DE
- Red_Hat_Enterprise_Linux-Release_Notes-7-en-US
- Red_Hat_Enterprise_Linux-Release_Notes-7-es-ES
- Red_Hat_Enterprise_Linux-Release_Notes-7-fr-FR
- Red_Hat_Enterprise_Linux-Release_Notes-7-gu-IN
- Red_Hat_Enterprise_Linux-Release_Notes-7-hi-IN
- Red_Hat_Enterprise_Linux-Release_Notes-7-it-IT
- Red_Hat_Enterprise_Linux-Release_Notes-7-ja-JP
- Red_Hat_Enterprise_Linux-Release_Notes-7-kn-IN
- Red_Hat_Enterprise_Linux-Release_Notes-7-ko-KR
- Red_Hat_Enterprise_Linux-Release_Notes-7-ml-IN
- Red_Hat_Enterprise_Linux-Release_Notes-7-mr-IN
- Red_Hat_Enterprise_Linux-Release_Notes-7-or-IN
- Red_Hat_Enterprise_Linux-Release_Notes-7-pa-IN
- Red_Hat_Enterprise_Linux-Release_Notes-7-pt-BR
- Red_Hat_Enterprise_Linux-Release_Notes-7-ru-RU
- Red_Hat_Enterprise_Linux-Release_Notes-7-ta-IN
- Red_Hat_Enterprise_Linux-Release_Notes-7-te-IN
- Red_Hat_Enterprise_Linux-Release_Notes-7-zh-CN
- Red_Hat_Enterprise_Linux-Release_Notes-7-zh-TW
- redhat-access-plugin-ipa
- redhat-bookmarks
- redhat-lsb-supplemental
- redhat-lsb-trialuse
- redhat-upgrade-dracut
- redhat-upgrade-dracut-plymouth
- redhat-upgrade-tool
- redland-mysql
- redland-pgsql
- redland-virtuoso
- regexp
- relaxngcc
- rest-devel
- resteasy-base-jettison-provider
- resteasy-base-tjws
- rhdb-utils
- rhino
- rhino-demo
- rhino-javadoc
- rhino-manual
- rhythmbox-devel
- rngom
- rngom-javadoc
- rp-pppoe
- rrdtool-php
- rrdtool-python
- rsh
- rsh-server
- rsyslog-libdbi
- rsyslog-udpspoof
- rtcheck
- rtctl
- ruby-tcltk
- rubygem-net-http-persistent
- rubygem-net-http-persistent-doc
- rubygem-thor
- rubygem-thor-doc
- rusers
- rusers-server
- rwho
- sac-javadoc
- samba-dc
- samba-devel
- satyr-devel
- satyr-python
- saxon
- saxon-demo
- saxon-javadoc
- saxon-manual
- saxon-scripts
- sbc-devel
- sblim-cim-client2
- sblim-cim-client2-javadoc
- sblim-cim-client2-manual
- sblim-cmpi-base
- sblim-cmpi-base-devel
- sblim-cmpi-base-test
- sblim-cmpi-fsvol
- sblim-cmpi-fsvol-devel
- sblim-cmpi-fsvol-test
- sblim-cmpi-network
- sblim-cmpi-network-devel
- sblim-cmpi-network-test
- sblim-cmpi-nfsv3
- sblim-cmpi-nfsv3-test
- sblim-cmpi-nfsv4
- sblim-cmpi-nfsv4-test
- sblim-cmpi-params
- sblim-cmpi-params-test
- sblim-cmpi-sysfs
- sblim-cmpi-sysfs-test
- sblim-cmpi-syslog
- sblim-cmpi-syslog-test
- sblim-gather
- sblim-gather-devel
- sblim-gather-provider
- sblim-gather-test
- sblim-indication_helper
- sblim-indication_helper-devel
- sblim-smis-hba
- sblim-testsuite
- sblim-wbemcli
- scannotation
- scannotation-javadoc
- scpio
- screen
- SDL-static
- seahorse-nautilus
- seahorse-sharing
- sendmail-sysvinit
- setools-devel
- setools-gui
- setools-libs-tcl
- setuptool
- shared-desktop-ontologies
- shared-desktop-ontologies-devel
- shim-unsigned-ia32
- shim-unsigned-x64
- sisu
- sisu-parent
- slang-slsh
- slang-static
- smbios-utils
- smbios-utils-bin
- smbios-utils-python
- snakeyaml
- snakeyaml-javadoc
- snapper
- snapper-devel
- snapper-libs
- sntp
- SOAPpy
- soprano
- soprano-apidocs
- soprano-devel
- source-highlight-devel
- sox
- sox-devel
- speex-tools
- spice-xpi
- sqlite-tcl
- squid-migration-script
- squid-sysvinit
- sssd-libwbclient-devel
- sssd-polkit-rules
- stax2-api
- stax2-api-javadoc
- strigi
- strigi-devel
- strigi-libs
- strongimcv
- subversion-kde
- subversion-python
- subversion-ruby
- sudo-devel
- suitesparse-doc
- suitesparse-static
- supermin-helper
- svgpart
- svrcore
- svrcore-devel
- sweeper
- syslinux-devel
- syslinux-perl
- system-config-date
- system-config-date-docs
- system-config-firewall
- system-config-firewall-base
- system-config-firewall-tui
- system-config-keyboard
- system-config-keyboard-base
- system-config-language
- system-config-printer
- system-config-users-docs
- system-switch-java
- systemd-sysv
- t1lib
- t1lib-apps
- t1lib-devel
- t1lib-static
- t1utils
- taglib-doc
- talk
- talk-server
- tang-nagios
- targetd
- tcl-pgtcl
- tclx
- tclx-devel
- tcp_wrappers
- tcp_wrappers-devel
- tcp_wrappers-libs
- teamd-devel
- teckit-devel
- telepathy-farstream
- telepathy-farstream-devel
- telepathy-filesystem
- telepathy-gabble
- telepathy-glib
- telepathy-glib-devel
- telepathy-glib-vala
- telepathy-haze
- telepathy-logger
- telepathy-logger-devel
- telepathy-mission-control
- telepathy-mission-control-devel
- telepathy-salut
- tex-preview
- texinfo
- texlive-collection-documentation-base
- texlive-mh
- texlive-mh-doc
- texlive-misc
- texlive-thailatex
- texlive-thailatex-doc
- tix-doc
- tncfhh
- tncfhh-devel
- tncfhh-examples
- tncfhh-libs
- tncfhh-utils
- tog-pegasus-test
- tokyocabinet-devel-doc
- tomcat
- tomcat-admin-webapps
- tomcat-docs-webapp
- tomcat-el-2.2-api
- tomcat-javadoc
- tomcat-jsp-2.2-api
- tomcat-jsvc
- tomcat-lib
- tomcat-servlet-3.0-api
- tomcat-webapps
- totem-devel
- totem-pl-parser-devel
- tracker-devel
- tracker-docs
- tracker-needle
- tracker-preferences
- trang
- trousers-static
- txw2
- txw2-javadoc
- unique3
- unique3-devel
- unique3-docs
- uriparser
- uriparser-devel
- usbguard-devel
- usbredir-server
- ustr
- ustr-debug
- ustr-debug-static
- ustr-devel
- ustr-static
- uuid-c++
- uuid-c++-devel
- uuid-dce
- uuid-dce-devel
- uuid-perl
- uuid-php
- v4l-utils
- v4l-utils-devel-tools
- vala-doc
- valadoc
- valadoc-devel
- valgrind-openmpi
- velocity-demo
- velocity-javadoc
- velocity-manual
- vemana2000-fonts
- vigra
- vigra-devel
- virtuoso-opensource
- virtuoso-opensource-utils
- vlgothic-p-fonts
- vsftpd-sysvinit
- vte3
- vte3-devel
- wayland-doc
- webkitgtk3
- webkitgtk3-devel
- webkitgtk3-doc
- webkitgtk4-doc
- webrtc-audio-processing-devel
- weld-parent
- whois
- woodstox-core
- woodstox-core-javadoc
- wordnet
- wordnet-browser
- wordnet-devel
- wordnet-doc
- ws-commons-util
- ws-commons-util-javadoc
- ws-jaxme
- ws-jaxme-javadoc
- ws-jaxme-manual
- wsdl4j
- wsdl4j-javadoc
- wvdial
- x86info
- xchat-tcl
- xdg-desktop-portal-devel
- xerces-c
- xerces-c-devel
- xerces-c-doc
- xerces-j2-demo
- xerces-j2-javadoc
- xferstats
- xguest
- xhtml2fo-style-xsl
- xhtml2ps
- xisdnload
- xml-commons-apis-javadoc
- xml-commons-apis-manual
- xml-commons-apis12
- xml-commons-apis12-javadoc
- xml-commons-apis12-manual
- xml-commons-resolver-javadoc
- xmlgraphics-commons
- xmlgraphics-commons-javadoc
- xmlrpc-c-apps
- xmlrpc-client
- xmlrpc-common
- xmlrpc-javadoc
- xmlrpc-server
- xmlsec1-gcrypt-devel
- xmlsec1-nss-devel
- xmlto-tex
- xmlto-xhtml
- xmltoman
- xorg-x11-apps
- xorg-x11-drv-intel-devel
- xorg-x11-drv-keyboard
- xorg-x11-drv-mouse
- xorg-x11-drv-mouse-devel
- xorg-x11-drv-openchrome
- xorg-x11-drv-openchrome-devel
- xorg-x11-drv-synaptics
- xorg-x11-drv-synaptics-devel
- xorg-x11-drv-vmmouse
- xorg-x11-drv-void
- xorg-x11-server-source
- xorg-x11-xkb-extras
- xpp3
- xpp3-javadoc
- xpp3-minimal
- xsettings-kde
- xstream
- xstream-javadoc
- xulrunner
- xulrunner-devel
- xz-compat-libs
- yelp-xsl-devel
- yum-langpacks
- yum-NetworkManager-dispatcher
- yum-plugin-filter-data
- yum-plugin-fs-snapshot
- yum-plugin-keys
- yum-plugin-list-data
- yum-plugin-local
- yum-plugin-merge-conf
- yum-plugin-ovl
- yum-plugin-post-transaction-actions
- yum-plugin-pre-transaction-actions
- yum-plugin-protectbase
- yum-plugin-ps
- yum-plugin-rpm-warm-cache
- yum-plugin-show-leaves
- yum-plugin-upgrade-helper
- yum-plugin-verify
- yum-updateonboot
9.2. Deprecated Device Drivers
The following device drivers continue to be supported until the end of life of Red Hat Enterprise Linux 7 but will likely not be supported in future major releases of this product and are not recommended for new deployments.
- 3w-9xxx
- 3w-sas
- aic79xx
- aoe
- arcmsr
ata drivers:
- acard-ahci
- sata_mv
- sata_nv
- sata_promise
- sata_qstor
- sata_sil
- sata_sil24
- sata_sis
- sata_svw
- sata_sx4
- sata_uli
- sata_via
- sata_vsc
- bfa
- cxgb3
- cxgb3i
- e1000
- floppy
- hptiop
- initio
- isci
- iw_cxgb3
- mptbase
- mptctl
- mptsas
- mptscsih
- mptspi
- mtip32xx
- mvsas
- mvumi
OSD drivers:
- osd
- libosd
- osst
pata drivers:
- pata_acpi
- pata_ali
- pata_amd
- pata_arasan_cf
- pata_artop
- pata_atiixp
- pata_atp867x
- pata_cmd64x
- pata_cs5536
- pata_hpt366
- pata_hpt37x
- pata_hpt3x2n
- pata_hpt3x3
- pata_it8213
- pata_it821x
- pata_jmicron
- pata_marvell
- pata_netcell
- pata_ninja32
- pata_oldpiix
- pata_pdc2027x
- pata_pdc202xx_old
- pata_piccolo
- pata_rdc
- pata_sch
- pata_serverworks
- pata_sil680
- pata_sis
- pata_via
- pdc_adma
- pm80xx(pm8001)
- pmcraid
- qla3xxx
- qlcnic
- qlge
- stex
- sx8
- tulip
- ufshcd
wireless drivers:
- carl9170
- iwl4965
- iwl3945
- mwl8k
- rt73usb
- rt61pci
- rtl8187
- wil6210
9.3. Deprecated Adapters
The following adapters continue to be supported until the end of life of Red Hat Enterprise Linux 7 but will likely not be supported in future major releases of this product and are not recommended for new deployments. Other adapters from the mentioned drivers that are not listed here remain unchanged.
PCI IDs are in the format of vendor:device:subvendor:subdevice. If the subdevice or subvendor:subdevice entry is not listed, devices with any values of such missing entries have been deprecated.
To check the PCI IDs of the hardware on your system, run the lspci -nn
command.
The following adapters from the
aacraid
driver have been deprecated:- PERC 2/Si (Iguana/PERC2Si), PCI ID 0x1028:0x0001:0x1028:0x0001
- PERC 3/Di (Opal/PERC3Di), PCI ID 0x1028:0x0002:0x1028:0x0002
- PERC 3/Si (SlimFast/PERC3Si), PCI ID 0x1028:0x0003:0x1028:0x0003
- PERC 3/Di (Iguana FlipChip/PERC3DiF), PCI ID 0x1028:0x0004:0x1028:0x00d0
- PERC 3/Di (Viper/PERC3DiV), PCI ID 0x1028:0x0002:0x1028:0x00d1
- PERC 3/Di (Lexus/PERC3DiL), PCI ID 0x1028:0x0002:0x1028:0x00d9
- PERC 3/Di (Jaguar/PERC3DiJ), PCI ID 0x1028:0x000a:0x1028:0x0106
- PERC 3/Di (Dagger/PERC3DiD), PCI ID 0x1028:0x000a:0x1028:0x011b
- PERC 3/Di (Boxster/PERC3DiB), PCI ID 0x1028:0x000a:0x1028:0x0121
- catapult, PCI ID 0x9005:0x0283:0x9005:0x0283
- tomcat, PCI ID 0x9005:0x0284:0x9005:0x0284
- Adaptec 2120S (Crusader), PCI ID 0x9005:0x0285:0x9005:0x0286
- Adaptec 2200S (Vulcan), PCI ID 0x9005:0x0285:0x9005:0x0285
- Adaptec 2200S (Vulcan-2m), PCI ID 0x9005:0x0285:0x9005:0x0287
- Legend S220 (Legend Crusader), PCI ID 0x9005:0x0285:0x17aa:0x0286
- Legend S230 (Legend Vulcan), PCI ID 0x9005:0x0285:0x17aa:0x0287
- Adaptec 3230S (Harrier), PCI ID 0x9005:0x0285:0x9005:0x0288
- Adaptec 3240S (Tornado), PCI ID 0x9005:0x0285:0x9005:0x0289
- ASR-2020ZCR SCSI PCI-X ZCR (Skyhawk), PCI ID 0x9005:0x0285:0x9005:0x028a
- ASR-2025ZCR SCSI SO-DIMM PCI-X ZCR (Terminator), PCI ID 0x9005:0x0285:0x9005:0x028b
- ASR-2230S + ASR-2230SLP PCI-X (Lancer), PCI ID 0x9005:0x0286:0x9005:0x028c
- ASR-2130S (Lancer), PCI ID 0x9005:0x0286:0x9005:0x028d
- AAR-2820SA (Intruder), PCI ID 0x9005:0x0286:0x9005:0x029b
- AAR-2620SA (Intruder), PCI ID 0x9005:0x0286:0x9005:0x029c
- AAR-2420SA (Intruder), PCI ID 0x9005:0x0286:0x9005:0x029d
- ICP9024RO (Lancer), PCI ID 0x9005:0x0286:0x9005:0x029e
- ICP9014RO (Lancer), PCI ID 0x9005:0x0286:0x9005:0x029f
- ICP9047MA (Lancer), PCI ID 0x9005:0x0286:0x9005:0x02a0
- ICP9087MA (Lancer), PCI ID 0x9005:0x0286:0x9005:0x02a1
- ICP5445AU (Hurricane44), PCI ID 0x9005:0x0286:0x9005:0x02a3
- ICP9085LI (Marauder-X), PCI ID 0x9005:0x0285:0x9005:0x02a4
- ICP5085BR (Marauder-E), PCI ID 0x9005:0x0285:0x9005:0x02a5
- ICP9067MA (Intruder-6), PCI ID 0x9005:0x0286:0x9005:0x02a6
- Themisto Jupiter Platform, PCI ID 0x9005:0x0287:0x9005:0x0800
- Themisto Jupiter Platform, PCI ID 0x9005:0x0200:0x9005:0x0200
- Callisto Jupiter Platform, PCI ID 0x9005:0x0286:0x9005:0x0800
- ASR-2020SA SATA PCI-X ZCR (Skyhawk), PCI ID 0x9005:0x0285:0x9005:0x028e
- ASR-2025SA SATA SO-DIMM PCI-X ZCR (Terminator), PCI ID 0x9005:0x0285:0x9005:0x028f
- AAR-2410SA PCI SATA 4ch (Jaguar II), PCI ID 0x9005:0x0285:0x9005:0x0290
- CERC SATA RAID 2 PCI SATA 6ch (DellCorsair), PCI ID 0x9005:0x0285:0x9005:0x0291
- AAR-2810SA PCI SATA 8ch (Corsair-8), PCI ID 0x9005:0x0285:0x9005:0x0292
- AAR-21610SA PCI SATA 16ch (Corsair-16), PCI ID 0x9005:0x0285:0x9005:0x0293
- ESD SO-DIMM PCI-X SATA ZCR (Prowler), PCI ID 0x9005:0x0285:0x9005:0x0294
- AAR-2610SA PCI SATA 6ch, PCI ID 0x9005:0x0285:0x103C:0x3227
- ASR-2240S (SabreExpress), PCI ID 0x9005:0x0285:0x9005:0x0296
- ASR-4005, PCI ID 0x9005:0x0285:0x9005:0x0297
- IBM 8i (AvonPark), PCI ID 0x9005:0x0285:0x1014:0x02F2
- IBM 8i (AvonPark Lite), PCI ID 0x9005:0x0285:0x1014:0x0312
- IBM 8k/8k-l8 (Aurora), PCI ID 0x9005:0x0286:0x1014:0x9580
- IBM 8k/8k-l4 (Aurora Lite), PCI ID 0x9005:0x0286:0x1014:0x9540
- ASR-4000 (BlackBird), PCI ID 0x9005:0x0285:0x9005:0x0298
- ASR-4800SAS (Marauder-X), PCI ID 0x9005:0x0285:0x9005:0x0299
- ASR-4805SAS (Marauder-E), PCI ID 0x9005:0x0285:0x9005:0x029a
- ASR-3800 (Hurricane44), PCI ID 0x9005:0x0286:0x9005:0x02a2
- Perc 320/DC, PCI ID 0x9005:0x0285:0x1028:0x0287
- Adaptec 5400S (Mustang), PCI ID 0x1011:0x0046:0x9005:0x0365
- Adaptec 5400S (Mustang), PCI ID 0x1011:0x0046:0x9005:0x0364
- Dell PERC2/QC, PCI ID 0x1011:0x0046:0x9005:0x1364
- HP NetRAID-4M, PCI ID 0x1011:0x0046:0x103c:0x10c2
- Dell Catchall, PCI ID 0x9005:0x0285:0x1028
- Legend Catchall, PCI ID 0x9005:0x0285:0x17aa
- Adaptec Catch All, PCI ID 0x9005:0x0285
- Adaptec Rocket Catch All, PCI ID 0x9005:0x0286
- Adaptec NEMER/ARK Catch All, PCI ID 0x9005:0x0288
The following adapters from the
mpt2sas
driver have been deprecated:- SAS2004, PCI ID 0x1000:0x0070
- SAS2008, PCI ID 0x1000:0x0072
- SAS2108_1, PCI ID 0x1000:0x0074
- SAS2108_2, PCI ID 0x1000:0x0076
- SAS2108_3, PCI ID 0x1000:0x0077
- SAS2116_1, PCI ID 0x1000:0x0064
- SAS2116_2, PCI ID 0x1000:0x0065
- SSS6200, PCI ID 0x1000:0x007E
The following adapters from the
megaraid_sas
driver have been deprecated:- Dell PERC5, PCI ID 0x1028:0x0015
- SAS1078R, PCI ID 0x1000:0x0060
- SAS1078DE, PCI ID 0x1000:0x007C
- SAS1064R, PCI ID 0x1000:0x0411
- VERDE_ZCR, PCI ID 0x1000:0x0413
- SAS1078GEN2, PCI ID 0x1000:0x0078
- SAS0079GEN2, PCI ID 0x1000:0x0079
- SAS0073SKINNY, PCI ID 0x1000:0x0073
- SAS0071SKINNY, PCI ID 0x1000:0x0071
The following adapters from the
qla2xxx
driver have been deprecated:- ISP24xx, PCI ID 0x1077:0x2422
- ISP24xx, PCI ID 0x1077:0x2432
- ISP2422, PCI ID 0x1077:0x5422
- QLE220, PCI ID 0x1077:0x5432
- QLE81xx, PCI ID 0x1077:0x8001
- QLE10000, PCI ID 0x1077:0xF000
- QLE84xx, PCI ID 0x1077:0x8044
- QLE8000, PCI ID 0x1077:0x8432
- QLE82xx, PCI ID 0x1077:0x8021
The following adapters from the
qla4xxx
driver have been deprecated:- QLOGIC_ISP8022, PCI ID 0x1077:0x8022
- QLOGIC_ISP8324, PCI ID 0x1077:0x8032
- QLOGIC_ISP8042, PCI ID 0x1077:0x8042
The following adapters from the
be2iscsi
driver have been deprecated:BladeEngine 2 (BE2) Devices
- BladeEngine2 10Gb iSCSI Initiator (generic), PCI ID 0x19a2:0x212
- OneConnect OCe10101, OCm10101, OCe10102, OCm10102 BE2 adapter family, PCI ID 0x19a2:0x702
- OCe10100 BE2 adapter family, PCI ID 0x19a2:0x703
BladeEngine 3 (BE3) Devices
- OneConnect TOMCAT iSCSI, PCI ID 0x19a2:0x0712
- BladeEngine3 iSCSI, PCI ID 0x19a2:0x0222
The following Ethernet adapters controlled by the
be2net
driver have been deprecated:BladeEngine 2 (BE2) Devices
- OneConnect TIGERSHARK NIC, PCI ID 0x19a2:0x0700
- BladeEngine2 Network Adapter, PCI ID 0x19a2:0x0211
BladeEngine 3 (BE3) Devices
- OneConnect TOMCAT NIC, PCI ID 0x19a2:0x0710
- BladeEngine3 Network Adapter, PCI ID 0x19a2:0x0221
The following adapters from the
lpfc
driver have been deprecated:BladeEngine 2 (BE2) Devices
- OneConnect TIGERSHARK FCoE, PCI ID 0x19a2:0x0704
BladeEngine 3 (BE3) Devices
- OneConnect TOMCAT FCoE, PCI ID 0x19a2:0x0714
Fibre Channel (FC) Devices
- FIREFLY, PCI ID 0x10df:0x1ae5
- PROTEUS_VF, PCI ID 0x10df:0xe100
- BALIUS, PCI ID 0x10df:0xe131
- PROTEUS_PF, PCI ID 0x10df:0xe180
- RFLY, PCI ID 0x10df:0xf095
- PFLY, PCI ID 0x10df:0xf098
- LP101, PCI ID 0x10df:0xf0a1
- TFLY, PCI ID 0x10df:0xf0a5
- BSMB, PCI ID 0x10df:0xf0d1
- BMID, PCI ID 0x10df:0xf0d5
- ZSMB, PCI ID 0x10df:0xf0e1
- ZMID, PCI ID 0x10df:0xf0e5
- NEPTUNE, PCI ID 0x10df:0xf0f5
- NEPTUNE_SCSP, PCI ID 0x10df:0xf0f6
- NEPTUNE_DCSP, PCI ID 0x10df:0xf0f7
- FALCON, PCI ID 0x10df:0xf180
- SUPERFLY, PCI ID 0x10df:0xf700
- DRAGONFLY, PCI ID 0x10df:0xf800
- CENTAUR, PCI ID 0x10df:0xf900
- PEGASUS, PCI ID 0x10df:0xf980
- THOR, PCI ID 0x10df:0xfa00
- VIPER, PCI ID 0x10df:0xfb00
- LP10000S, PCI ID 0x10df:0xfc00
- LP11000S, PCI ID 0x10df:0xfc10
- LPE11000S, PCI ID 0x10df:0xfc20
- PROTEUS_S, PCI ID 0x10df:0xfc50
- HELIOS, PCI ID 0x10df:0xfd00
- HELIOS_SCSP, PCI ID 0x10df:0xfd11
- HELIOS_DCSP, PCI ID 0x10df:0xfd12
- ZEPHYR, PCI ID 0x10df:0xfe00
- HORNET, PCI ID 0x10df:0xfe05
- ZEPHYR_SCSP, PCI ID 0x10df:0xfe11
- ZEPHYR_DCSP, PCI ID 0x10df:0xfe12
Lancer FCoE CNA Devices
- OCe15104-FM, PCI ID 0x10df:0xe260
- OCe15102-FM, PCI ID 0x10df:0xe260
- OCm15108-F-P, PCI ID 0x10df:0xe260
9.4. Other Deprecated Functionality
Python 2 has been deprecated
In the next major release, RHEL 8, Python 3.6 is the default Python implementation, and only limited support for Python 2.7 is provided.
See the Conservative Python 3 Porting Guide for information on how to migrate large code bases to Python 3
.
LVM libraries and LVM Python bindings have been deprecated
The lvm2app
library and LVM Python bindings, which are provided by the lvm2-python-libs
package, have been deprecated.
Red Hat recommends the following solutions instead:
-
The LVM D-Bus API in combination with the
lvm2-dbusd
service. This requires using Python version 3. -
The LVM command-line utilities with JSON formatting. This formatting has been available since the
lvm2
package version 2.02.158. -
The
libblockdev
library for C and C++.
Mirrored mirror log has been deprecated in LVM
The mirrored mirror log feature of mirrored LVM volumes has been deprecated. A future major release of Red Hat Enterprise Linux will no longer support creating or activating LVM volumes with a mirrored mirror log.
The recommended replacements are:
- RAID1 LVM volumes. The main advantage of RAID1 volumes is their ability to work even in degraded mode and to recover after a transient failure. For information on converting mirrored volumes to RAID1, see the Converting a Mirrored LVM Device to a RAID1 Device section in the LVM Administration guide.
-
Disk mirror log. To convert a mirrored mirror log to disk mirror log, use the following command:
lvconvert --mirrorlog disk my_vg/my_lv
.
The clvmd daemon has been deprecated
The clvmd
daemon for managing shared storage devices has been deprecated. A future major release of Red Hat Enterprise linux will instead use the lvmlockd
daemon.
The lvmetad daemon has been deprecated
The lvmetad
daemon for caching metadata has been deprecated. In a future major release of Red Hat Enterprise Linux, LVM will always read metadata from disk.
Previously, autoactivation of logical volumes was indirectly tied to the use_lvmetad
setting in the lvm.conf
configuration file. The correct way to disable autoactivation continues to be setting auto_activation_volume_list=[]
(an empty list) in the lvm.conf
file.
The sap-hana-vmware
Tuned profile has been deprecated
The sap-hana-vmware
Tuned profile has been deprecated. For backward compatibility, this profile is still provided in the tuned-profiles-sap-hana
package, but the profile will be removed in future major release of Red Hat Enterprise Linux. The recommended replacement is the sap-hana
Tuned profile.
Deprecated packages related to Identity Management and security
The following packages have been deprecated and will not be included in a future major release of Red Hat Enterprise Linux:
Deprecated packages | Proposed replacement package or product |
---|---|
authconfig | authselect |
pam_pkcs11 | sssd [a] |
pam_krb5 | sssd |
openldap-servers | Depending on the use case, migrate to Identity Management included in Red Hat Enterprise Linux; or to Red Hat Directory Server. [b] |
mod_auth_kerb | mod_auth_gssapi |
python-kerberos python-krbV | python-gssapi |
python-requests-kerberos | python-requests-gssapi |
hesiod | No replacement available. |
mod_nss | mod_ssl |
mod_revocator | No replacement available. |
[a]
System Security Services Daemon (SSSD) contains enhanced smart card functionality.
[b]
Red Hat Directory Server requires a valid Directory Server subscription. For details, see also What is the support status of the LDAP-server shipped with Red Hat Enterprise Linux? in Red Hat Knowledgebase.
|
The Clevis HTTP pin has been deprecated
The Clevis HTTP pin has been deprecated and this feature will not be included in the next major version of Red Hat Enterprise Linux and will remain out of the distribution until a further notice.
crypto-utils
has been deprecated
The crypto-utils
packages have been deprecated, and they will not be available in a future major version of Red Hat Enterprise Linux. You can use tools provided by the openssl
, gnutls-utils
, and nss-tools
packages instead.
NSS
SEED ciphers have been deprecated
The Mozilla Network Security Services (NSS
) library will not support Transport Layer Security (TLS) cipher suites that use a SEED cipher in a future release. For deployments that rely on SEED ciphers, Red Hat recommends enabling support for other cipher suites. This way, you ensure smooth transitions when NSS will remove support for them.
Note that the SEED ciphers are already disabled by default in RHEL.
All-numeric user and group names in shadow-utils
have been deprecated
Creating user and group names consisting purely of numeric characters using the useradd
and groupadd
commands has been deprecated and will be removed from the system with the next major release. Such names can potentially confuse many tools that work with user and group names and user and group ids (which are numbers).
3DES is removed from the Python SSL default cipher list
The Triple Data Encryption Standard (3DES
) algorithm has been removed from the Python SSL default cipher list. This enables Python applications using SSL to be PCI DSS-compliant.
sssd-secrets has been deprecated
The sssd-secrets
component of the System Security Services Daemon
(SSSD) has been deprecated in Red Hat Enterprise Linux 7.6. This is because Custodia, a secrets service provider, available as a Technology Preview, is no longer actively developed. Use other Identity Management tools to store secrets, for example the Vaults.
Support for earlier IdM servers and for IdM replicas at domain level 0 will be limited
Red Hat does not plan to support using Identity Management (IdM) servers running Red Hat Enterprise Linux (RHEL) 7.3 and earlier with IdM clients of the next major release of RHEL. If you plan to introduce client systems running on the next major version of RHEL into a deployment that is currently managed by IdM servers running on RHEL 7.3 or earlier, be aware that you will need to upgrade the servers, moving them to RHEL 7.4 or later.
In the next major release of RHEL, only domain level 1 replicas will be supported. Before introducing IdM replicas running on the next major version of RHEL into an existing deployment, be aware that you will need to upgrade all IdM servers to RHEL 7.4 or later, and change the domain level to 1.
Consider planning the upgrade in advance if your deployment will be affected.
Bug-fix only support for the nss-pam-ldapd and NIS packages in the next major release of Red Hat Enterprise Linux
The nss-pam-ldapd packages and packages related to the NIS server will be released in the future major release of Red Hat Enterprise Linux but will receive a limited scope of support. Red Hat will accept bug reports but no new requests for enhancements. Customers are advised to migrate to the following replacement solutions:
Affected packages | Proposed replacement package or product |
---|---|
nss-pam-ldapd | sssd |
ypserv ypbind portmap yp-tools | Identity Management in Red Hat Enterprise Linux |
Use the Go Toolset instead of golang
The golang package, previously available in the Optional repository, will no longer receive updates in Red Hat Enterprise Linux 7. Developers are encouraged to use the Go Toolset instead.
mesa-private-llvm will be replaced with llvm-private
The mesa-private-llvm package, which contains the LLVM-based runtime support for Mesa, will be replaced in a future minor release of Red Hat Enterprise Linux 7 with the llvm-private package.
libdbi and libdbi-drivers have been deprecated
The libdbi and libdbi-drivers packages will not be included in the next Red Hat Enterprise Linux (RHEL) major release.
Ansible deprecated in the Extras repository
Ansible
and its dependencies will no longer be updated through the Extras repository. Instead, the Red Hat Ansible Engine product has been made available to Red Hat Enterprise Linux subscriptions and will provide access to the official Ansible Engine channel. Customers who have previously installed Ansible
and its dependencies from the Extras repository are advised to enable and update from the Ansible Engine channel, or uninstall the packages as future errata will not be provided from the Extras repository.
Ansible
was previously provided in Extras (for AMD64 and Intel 64 architectures, and IBM POWER, little endian) as a runtime dependency of, and limited in support to, the Red Hat Enterprise Linux (RHEL) System Roles. Ansible Engine is available today for AMD64 and Intel 64 architectures, with IBM POWER, little endian availability coming soon.
Note that Ansible
in the Extras repository was not a part of the Red Hat Enterprise Linux FIPS validation process.
The following packages have been deprecated from the Extras repository:
- ansible(-doc)
- libtomcrypt
- libtommath(-devel)
- python2-crypto
- python2-jmespath
- python-httplib2
- python-paramiko(-doc)
- python-passlib
- sshpass
For more information and guidance, see the Knowledgebase article at https://access.redhat.com/articles/3359651.
Note that Red Hat Enterprise Linux System Roles continue to be distributed though the Extras repository. Although Red Hat Enterprise Linux System Roles no longer depend on the ansible package, installing ansible from the Ansible Engine repository is still needed to run playbooks which use Red Hat Enterprise Linux System Roles.
signtool has been deprecated and moved to unsupported-tools
The signtool
tool from the nss packages, which uses insecure signature algorithms, has been deprecated. The signtool
executable has been moved to the /usr/lib64/nss/unsupported-tools/
or /usr/lib/nss/unsupported-tools/
directory, depending on the platform.
SSL 3.0 and RC4 are disabled by default in NSS
Support for the RC4 ciphers in the TLS protocols and the SSL 3.0 protocol is disabled by default in the NSS library. Applications that require RC4 ciphers or SSL 3.0 protocol for interoperability do not work in default system configuration.
It is possible to re-enable those algorithms by editing the /etc/pki/nss-legacy/nss-rhel7.config
file. To re-enable RC4, remove the :RC4
string from the disallow=
list. To re-enable SSL 3.0 change the TLS-VERSION-MIN=tls1.0
option to ssl3.0
.
TLS compression support has been removed from nss
To prevent security risks, such as the CRIME attack, support for TLS compression in the NSS
library has been removed for all TLS versions. This change preserves the API compatibility.
Public web CAs are no longer trusted for code signing by default
The Mozilla CA certificate trust list distributed with Red Hat Enterprise Linux 7.5 no longer trusts any public web CAs for code signing. As a consequence, any software that uses the related flags, such as NSS
or OpenSSL
, no longer trusts these CAs for code signing by default. The software continues to fully support code signing trust. Additionally, it is still possible to configure CA certificates as trusted for code signing using system configuration.
Sendmail has been deprecated
Sendmail
has been deprecated in Red Hat Enterprise Linux 7. Customers are advised to use Postfix
, which is configured as the default Mail Transfer Agent (MTA).
dmraid has been deprecated
Since Red Hat Enterprise Linux 7.5, the dmraid packages have been deprecated. It will stay available in Red Hat Enterprise Linux 7 releases but a future major release will no longer support legacy hybrid combined hardware and software RAID host bus adapter (HBA).
Automatic loading of DCCP modules through socket layer is now disabled by default
For security reasons, automatic loading of the Datagram Congestion Control Protocol (DCCP)
kernel modules through socket layer is now disabled by default. This ensures that userspace applications can not maliciously load any modules. All DCCP
related modules can still be loaded manually through the modprobe
program.
The /etc/modprobe.d/dccp-blacklist.conf
configuration file for blacklisting the DCCP
modules is included in the kernel package. Entries included there can be cleared by editing or removing this file to restore the previous behavior.
Note that any re-installation of the same kernel package or of a different version does not override manual changes. If the file is manually edited or removed, these changes persist across package installations.
rsyslog-libdbi has been deprecated
The rsyslog-libdbi sub-package, which contains one of the less used rsyslog
module, has been deprecated and will not be included in a future major release of Red Hat Enterprise Linux. Removing unused or rarely used modules helps users to conveniently find a database output to use.
The inputname option of the rsyslog imudp module has been deprecated
The inputname
option of the imudp
module for the rsyslog
service has been deprecated. Use the name
option instead.
SMBv1 is no longer installed with Microsoft Windows 10 and 2016 (updates 1709 and later)
Microsoft announced that the Server Message Block version 1 (SMBv1) protocol will no longer be installed with the latest versions of Microsoft Windows and Microsoft Windows Server. Microsoft also recommends users to disable SMBv1 on earlier versions of these products.
This update impacts Red Hat customers who operate their systems in a mixed Linux and Windows environment. Red Hat Enterprise Linux 7.1 and earlier support only the SMBv1 version of the protocol. Support for SMBv2 was introduced in Red Hat Enterprise Linux 7.2.
For details on how this change affects Red Hat customers, see SMBv1 no longer installed with latest Microsoft Windows 10 and 2016 update (version 1709) in Red Hat Knowledgebase.
The -ok option of the tc command has been deprecated
The -ok
option of the tc
command has been deprecated and this feature will not be included in the next major version of Red Hat Enterprise Linux.
FedFS has been deprecated
Federated File System (FedFS) has been deprecated because the upstream FedFS project is no longer being actively maintained. Red Hat recommends migrating FedFS installations to use autofs
, which provides more flexible functionality.
Btrfs has been deprecated
The Btrfs
file system has been in Technology Preview state since the initial release of Red Hat Enterprise Linux 6. Red Hat will not be moving Btrfs
to a fully supported feature and it will be removed in a future major release of Red Hat Enterprise Linux.
The Btrfs
file system did receive numerous updates from the upstream in Red Hat Enterprise Linux 7.4 and will remain available in the Red Hat Enterprise Linux 7 series. However, this is the last planned update to this feature.
tcp_wrappers deprecated
The tcp_wrappers package has been deprecated. tcp_wrappers provides a library and a small daemon program that can monitor and filter incoming requests for audit, cyrus-imap, dovecot, nfs-utils, openssh, openldap, proftpd, sendmail, stunnel, syslog-ng, vsftpd, and various other network services.
nautilus-open-terminal replaced with gnome-terminal-nautilus
Since Red Hat Enterprise Linux 7.3, the nautilus-open-terminal package has been deprecated and replaced with the gnome-terminal-nautilus package. This package provides a Nautilus extension that adds the Open in Terminal
option to the right-click context menu in Nautilus. nautilus-open-terminal is replaced by gnome-terminal-nautilus during the system upgrade.
sslwrap() removed from Python
The sslwrap()
function has been removed from Python 2.7. After the 466 Python Enhancement Proposal was implemented, using this function resulted in a segmentation fault. The removal is consistent with upstream.
Red Hat recommends using the ssl.SSLContext
class and the ssl.SSLContext.wrap_socket()
function instead. Most applications can simply use the ssl.create_default_context()
function, which creates a context with secure default settings. The default context uses the system’s default trust store, too.
Symbols from libraries linked as dependencies no longer resolved by ld
Previously, the ld
linker resolved any symbols present in any linked library, even if some libraries were linked only implicitly as dependencies of other libraries. This allowed developers to use symbols from the implicitly linked libraries in application code and omit explicitly specifying these libraries for linking.
For security reasons, ld
has been changed to not resolve references to symbols in libraries linked implicitly as dependencies.
As a result, linking with ld
fails when application code attempts to use symbols from libraries not declared for linking and linked only implicitly as dependencies. To use symbols from libraries linked as dependencies, developers must explicitly link against these libraries as well.
To restore the previous behavior of ld
, use the -copy-dt-needed-entries
command-line option. (BZ#1292230)
Windows guest virtual machine support limited
As of Red Hat Enterprise Linux 7, Windows guest virtual machines are supported only under specific subscription programs, such as Advanced Mission Critical (AMC).
libnetlink is deprecated
The libnetlink
library contained in the iproute-devel package has been deprecated. The user should use the libnl
and libmnl
libraries instead.
S3 and S4 power management states for KVM have been deprecated
Native KVM support for the S3 (suspend to RAM) and S4 (suspend to disk) power management states has been discontinued. This feature was previously available as a Technology Preview.
The Certificate Server plug-in udnPwdDirAuth is discontinued
The udnPwdDirAuth
authentication plug-in for the Red Hat Certificate Server was removed in Red Hat Enterprise Linux 7.3. Profiles using the plug-in are no longer supported. Certificates created with a profile using the udnPwdDirAuth
plug-in are still valid if they have been approved.
Red Hat Access plug-in for IdM is discontinued
The Red Hat Access plug-in for Identity Management (IdM) was removed in Red Hat Enterprise Linux 7.3. During the update, the redhat-access-plugin-ipa package is automatically uninstalled. Features previously provided by the plug-in, such as Knowledgebase access and support case engagement, are still available through the Red Hat Customer Portal. Red Hat recommends to explore alternatives, such as the redhat-support-tool
tool.
The Ipsilon identity provider service for federated single sign-on
The ipsilon packages were introduced as Technology Preview in Red Hat Enterprise Linux 7.2. Ipsilon links authentication providers and applications or utilities to allow for single sign-on (SSO).
Red Hat does not plan to upgrade Ipsilon from Technology Preview to a fully supported feature. The ipsilon packages will be removed from Red Hat Enterprise Linux in a future minor release.
Red Hat has released Red Hat Single Sign-On as a web SSO solution based on the Keycloak community project. Red Hat Single Sign-On provides greater capabilities than Ipsilon and is designated as the standard web SSO solution across the Red Hat product portfolio.
Several rsyslog options deprecated
The rsyslog
utility version in Red Hat Enterprise Linux 7.4 has deprecated a large number of options. These options no longer have any effect and cause a warning to be displayed.
-
The functionality previously provided by the options
-c
,-u
,-q
,-x
,-A
,-Q
,-4
, and-6
can be achieved using thersyslog
configuration. -
There is no replacement for the functionality previously provided by the options
-l
and-s
Deprecated symbols from the memkind library
The following symbols from the memkind
library have been deprecated:
-
memkind_finalize()
-
memkind_get_num_kind()
-
memkind_get_kind_by_partition()
-
memkind_get_kind_by_name()
-
memkind_partition_mmap()
-
memkind_get_size()
-
MEMKIND_ERROR_MEMALIGN
-
MEMKIND_ERROR_MALLCTL
-
MEMKIND_ERROR_GETCPU
-
MEMKIND_ERROR_PMTT
-
MEMKIND_ERROR_TIEDISTANCE
-
MEMKIND_ERROR_ALIGNMENT
-
MEMKIND_ERROR_MALLOCX
-
MEMKIND_ERROR_REPNAME
-
MEMKIND_ERROR_PTHREAD
-
MEMKIND_ERROR_BADPOLICY
-
MEMKIND_ERROR_REPPOLICY
Options of Sockets API Extensions for SCTP (RFC 6458) deprecated
The options SCTP_SNDRCV
, SCTP_EXTRCV
and SCTP_DEFAULT_SEND_PARAM
of Sockets API Extensions for the Stream Control Transmission Protocol have been deprecated per the RFC 6458 specification.
New options SCTP_SNDINFO
, SCTP_NXTINFO
, SCTP_NXTINFO
and SCTP_DEFAULT_SNDINFO
have been implemented as a replacement for the deprecated options.
Managing NetApp ONTAP using SSLv2 and SSLv3 is no longer supported by libstorageMgmt
The SSLv2 and SSLv3 connections to the NetApp ONTAP storage array are no longer supported by the libstorageMgmt
library. Users can contact NetApp support to enable the Transport Layer Security (TLS) protocol.
dconf-dbus-1 has been deprecated and dconf-editor is now delivered separately
With this update, the dconf-dbus-1
API has been removed. However, the dconf-dbus-1
library has been backported to preserve binary compatibility. Red Hat recommends using the GDBus
library instead of dconf-dbus-1
.
The dconf-error.h
file has been renamed to dconf-enums.h
. In addition, the dconf Editor is now delivered in the separate dconf-editor package.
FreeRADIUS no longer accepts Auth-Type := System
The FreeRADIUS
server no longer accepts the Auth-Type := System
option for the rlm_unix
authentication module. This option has been replaced by the use of the unix
module in the authorize
section of the configuration file.
The libcxgb3 library and the cxgb3 firmware package have been deprecated
The libcxgb3
library provided by the libibverbs package and the cxgb3 firmware package have been deprecated. They continue to be supported in Red Hat Enterprise Linux 7 but will likely not be supported in the next major releases of this product. This change corresponds with the deprecation of the cxgb3
, cxgb3i
, and iw_cxgb3
drivers listed above.
SFN4XXX adapters have been deprecated
Starting with Red Hat Enterprise Linux 7.4, SFN4XXX Solarflare network adapters have been deprecated. Previously, Solarflare had a single driver sfc
for all adapters. Recently, support of SFN4XXX was split from sfc
and moved into a new SFN4XXX-only driver, called sfc-falcon
. Both drivers continue to be supported at this time, but sfc-falcon
and SFN4XXX support is scheduled for removal in a future major release.
Software-initiated-only FCoE storage technologies have been deprecated
The software-initiated-only type of the Fibre Channel over Ethernet (FCoE) storage technology has been deprecated due to limited customer adoption. The software-initiated-only storage technology will remain supported for the life of Red Hat Enterprise Linux 7. The deprecation notice indicates the intention to remove software-initiated-based FCoE support in a future major release of Red Hat Enterprise Linux.
It is important to note that the hardware support and the associated user-space tools (such as drivers, libfc
, or libfcoe
) are unaffected by this deprecation notice.
For details regarding changes to FCoE support in RHEL 8, see Considerations in adopting RHEL 8.
Target mode in Software FCoE and Fibre Channel has been deprecated
Software FCoE:
The NIC Software FCoE target functionality has been deprecated and will remain supported for the life of Red Hat Enterprise Linux 7. The deprecation notice indicates the intention to remove the NIC Software FCoE target functionality support in a future major release of Red Hat Enterprise Linux. For more information regarding changes to FCoE support in RHEL 8, see Considerations in adopting RHEL 8.
Fibre Channel:
Target mode in Fibre Channel has been deprecated and will remain supported for the life of Red Hat Enterprise Linux 7. Target mode will be disabled for the
tcm_fc
andqla2xxx
drivers in a future major release of Red Hat Enterprise Linux.
Containers using the libvirt-lxc tooling have been deprecated
The following libvirt-lxc packages are deprecated since Red Hat Enterprise Linux 7.1:
- libvirt-daemon-driver-lxc
- libvirt-daemon-lxc
- libvirt-login-shell
Future development on the Linux containers framework is now based on the docker command-line interface. libvirt-lxc tooling may be removed in a future release of Red Hat Enterprise Linux (including Red Hat Enterprise Linux 7) and should not be relied upon for developing custom container management applications.
For more information, see the Red Hat KnowledgeBase article.
The Perl and shell scripts for Directory Server have been deprecated
The Perl and shell scripts, which are provided by the 389-ds-base package, have been deprecated. The scripts will be replaced by new utilities in the next major release of Red Hat Enterprise Linux.
libguestfs can no longer inspect ISO installer files
The libguestfs
library does no longer support inspecting ISO installer files, for example using the guestfish
or virt-inspector
utilities. Use the osinfo-detect
command for inspecting ISO files instead. This command can be obtained from the libosinfo package.
Creating internal snapshots of virtual machines has been deprecated
Due to their lack of optimization and stability, internal virtual machine snapshots are now deprecated. In their stead, external snapshots are recommended for use. For more information, including instructions for creating external snapshots, see the Virtualization Deployment and Admnistration Guide.
IVSHMEM has been deprecated
The inter-VM shared memory device (IVSHMEM) feature has been deprecated. Therefore, in a future major release of RHEL, if a virtual machine (VM) is configured to share memory between multiple virtual machines in the form of a PCI device that exposes memory to guests, the VM will fail to boot.
The gnome-shell-browser-plugin subpackage has been deprecated
Since the Firefox Extended Support Release (ESR 60), Firefox no longer supports the Netscape Plugin Application Programming Interface (NPAPI) that was used by the gnome-shell-browser-plugin subpackage. The subpackage, which provided the functionality to install GNOME Shell Extensions, has thus been deprecated. The installation of GNOME Shell Extensions is now handled directly in the gnome-software package.
The VDO read cache has been deprecated
The read cache functionality in Virtual Data Optimizer (VDO) has been deprecated. The read cache is disabled by default on new VDO volumes.
In the next major Red Hat Enterprise Linux release, the read cache functionality will be removed, and you will no longer be able to enable it using the --readCache
option of the vdo
utility.
cpuid has been deprecated
The cpuid
command has been deprecated. A future major release of Red Hat Enterprise Linux will no longer support using cpuid
to dump the information about CPUID instruction for each CPU. To obtain similar information, use the lscpu
command instead.
KDE has been deprecated
KDE Plasma Workspaces (KDE), which has been provided as an alternative to the default GNOME desktop environment has been deprecated. A future major release of Red Hat Enterprise Linux will no longer support using KDE instead of the default GNOME desktop environment.
Using virt-install with NFS locations is deprecated
With a future major version of Red Hat Enterprise Linux, the virt-install
utility will not be able to mount NFS locations. As a consequence, attempting to install a virtual machine using virt-install
with a NFS address as a value of the --location
option will fail. To work around this change, mount your NFS share prior to using virt-install
, or use a HTTP location.
The lwresd daemon has been deprecated
The lwresd
daemon, which is a part of the bind package, has been deprecated. A future major release of Red Hat Enterprise Linux will no longer support providing name lookup services to clients that use the BIND 9 lightweight resolver library with lwresd
.
The recommended replacements are:
-
The
systemd-resolved
daemon andnss-resolve
API, provided by the systemd package -
The
unbound
library API and daemon, provided by the unbound and unbound-libs packages -
The
getaddrinfo
and relatedglibc
library calls
The /etc/sysconfig/nfs file and legacy NFS service names have been deprecated
A future major Red Hat Enterprise Linux release will move the NFS configuration from the /etc/sysconfig/nfs
file to /etc/nfs.conf
.
Red Hat Enterprise Linux 7 currently supports both of these files. Red Hat recommends that you use the new /etc/nfs.conf
file to make NFS configuration in all versions of Red Hat Enterprise Linux compatible with automated configuration systems.
Additionally, the following NFS service aliases will be removed and replaced by their upstream names:
-
nfs.service
, replaced bynfs-server.service
-
nfs-secure.service
, replaced byrpc-gssd.service
-
rpcgssd.service
, replaced byrpc-gssd.service
-
nfs-idmap.service
, replaced bynfs-idmapd.service
-
rpcidmapd.service
, replaced bynfs-idmapd.service
-
nfs-lock.service
, replaced byrpc-statd.service
-
nfslock.service
, replaced byrpc-statd.service
The JSON export functionality has been removed from the nft
utility
Previously, the nft
utility provided an export feature, but the exported content could contain internal ruleset representation details, which was likely to change without further notice. For this reason, the deprecated export functionality has been removed from nft
starting with RHEL 7.7. Future versions of nft
, such as provided by RHEL 8, contain a high-level JSON API. However, this API not available in RHEL 7.7.
The openvswitch-2.0.0-7
package in the RHEL 7 Optional repository has been deprecated
RHEL 7.5 introduced the openvswitch-2.0.0-7.el7
package in the RHEL 7 Optional repository as a dependency of the NetworkManager-ovs
package. This dependency no longer exists and, as a result, openvswitch-2.0.0-7.el7
is now deprecated.
Note that Red Hat does not support packages in the RHEL 7 Optional repository and that openvswitch-2.0.0-7.el7
will not be updated in the future. For this reason, do not use this package in production environments.
Deprecated PHP extensions
The following PHP extensions have been deprecated:
- aspell
- mysql
- memcache
Deprecated Apache HTTP Server modules
The following modules of the Apache HTTP Server have been deprecated:
- mod_file_cache
- mod_nss
- mod_perl
Apache Tomcat has been deprecated
The Apache Tomcat server, a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies, has been deprecated. Red Hat recommends that users requiring a servlet container use the JBoss Web Server.
The DES algorithm is deprecated in IdM
Due to security reasons, the Data Encryption Standard (DES) algorithm is deprecated in Identity Management (IdM). The MIT Kerberos libraries provided by the krb5-libs
package do not support using the Data Encryption Standard (DES) in new deployments. Use DES only for compatibility reasons if your environment does not support any newer algorithm.
Red Hat also recommends to avoid using RC4 ciphers over Kerberos. While DES is deprecated, the Server Message Block (SMB) protocol still uses RC4. However, the SMB protocol can also use the secure AES algorithms.
For further details, see:
real(kind=16)
type support has been removed from libquadmath
library
real(kind=16)
type support has been removed from the libquadmath
library in the compat-libgfortran-41
package in order to preserve ABI compatibility.
Deprecated glibc features
The following features of the GNU C library provided by the glibc
packages have been deprecated:
-
the
librtkaio
library - Sun RPC and NIS interfaces
Deprecated features of the GDB debugger
The following features and capabilities of the GDB debugger have been deprecated:
-
debugging Java programs built with the
gcj
compiler -
HP-UX XDB compatibility mode and the
-xdb
option -
Sun version of the
stabs
format
Development headers and static libraries from valgrind-devel
have been deprecated
The valgrind-devel
sub-package includes development files for developing custom Valgrind tools. These files do not have a guaranteed API, have to be linked statically, are unsupported, and thus have been deprecated. Red Hat recommends to use the other development files and header files for valgrind-aware programs from the valgrind-devel
package such as valgrind.h
, callgrind.h
, drd.h
, helgrind.h
, and memcheck.h
, which are stable and well supported.
The nosegneg
libraries for 32-bit Xen have been deprecated
The glibc
i686 packages contain an alternative glibc
build, which avoids the use of the thread descriptor segment register with negative offsets (nosegneg
). This alternative build is only used in the 32-bit version of the Xen Project hypervisor without hardware virtualization support, as an optimization to reduce the cost of full paravirtualization. This alternative build is deprecated.
Ada, Go, and Objective C/C++ build capability in GCC has been deprecated
Capability for building code in the Ada (GNAT), GCC Go, and Objective C/C++ languages using the GCC compiler has been deprecated.
To build Go code, use the Go Toolset instead.
Deprecated Kickstart commands and options
The following Kickstart commands and options have been deprecated:
-
upgrade
-
btrfs
-
part btrfs
andpartition btrfs
-
part --fstype btrfs
andpartition --fstype btrfs
-
logvol --fstype btrfs
-
raid --fstype btrfs
-
unsupported_hardware
Where only specific options and values are listed, the base command and its other options are not deprecated.
The env
option in virt-who
has become deprecated
With this update, the virt-who
utility no longer uses the env
option for hypervisor detection. As a consequence, Red Hat discourages the use of env
in your virt-who
configurations, as the option will not have the intended effect.
AGP graphics card have been deprecatd
Graphics cards using the Accelerated Graphics Port (AGP) bus have been deprecated and are not supported in RHEL 8. AGP graphics cards are rarely used in 64-bit machines and the bus has been replaced by PCI-Express.
The copy_file_range()
call has been disabled on local file systems and in NFS
The copy_file_range()
system call on local file systems contains multiple issues that are difficult to fix. To avoid file corruptions, copy_file_range()
support on local file systems has been disabled in RHEL 7.8. If an application uses the call in this case, copy_file_range()
now returns an ENOSYS
error.
For the same reason, the server-side-copy feature has been disabled in the NFS server. However, the NFS client still supports copy_file_range()
when accessing a server that supports server-side-copy.
Appendix A. Component Versions
This appendix provides a list of key components and their versions in the Red Hat Enterprise Linux 7 release.
Component | Version |
---|---|
kernel | 3.10.0-1127 |
kernel-alt | 4.14.0-115 |
QLogic | 10.01.00.20.07.8-k |
QLogic | 5.04.00.00.07.02-k0 |
Emulex | 0:12.0.0.13 |
iSCSI initiator utils (iscsi-initiator-utils) | 6.2.0.874-17 |
DM-Multipath (device-mapper-multipath) | 0.4.9-131 |
LVM (lvm2) | 2.02.186-7 |
qemu-kvm[a] | 1.5.3-173 |
qemu-kvm-ma[b] | 2.12.0-33 |
[a]
The qemu-kvm packages provide KVM virtualization on AMD64 and Intel 64 systems.
[b]
The qemu-kvm-ma packages provide KVM virtualization on IBM POWER8, IBM POWER9, and IBM Z. Note that KVM virtualization on IBM POWER9 and IBM Z also requires using the kernel-alt packages.
|
Appendix B. List of tickets by component
Component | Tickets |
---|---|
| BZ#1740693, BZ#1662461, BZ#1732053, BZ#1749236, BZ#1639342, BZ#1723545, BZ#1724914, BZ#1739182, BZ#1749595, BZ#1756182, BZ#1685059 |
| BZ#1680606, BZ#1712987, BZ#1767612 |
| BZ#1410996, BZ#1439896, BZ#1660838 |
| |
| |
| |
| |
| BZ#1509444, BZ#1481411 |
| BZ#1461652 |
| BZ#1476401 |
| BZ#1666535, BZ#1274459, BZ#1111712, BZ#1206277, BZ#1477977 |
| BZ#1738785, BZ#1723610, BZ#1637675, BZ#1713823 |
| |
| BZ#1623466 |
| BZ#1720286, BZ#1539772, BZ#1481395 |
| BZ#1660791, BZ#1062759, BZ#1384452, BZ#1519746, BZ#1454918, BZ#1454916 |
| BZ#1405325 |
| BZ#1711172, BZ#1544470, BZ#1754494, BZ#1733209, BZ#1691939, BZ#1583950, BZ#1755223, BZ#1115294, BZ#1298286, BZ#1518939 |
| BZ#1498932, BZ#1746874 |
| |
| BZ#1801759, BZ#1713642, BZ#1373519, BZ#1808458, BZ#1724027, BZ#1708465, BZ#1722855, BZ#1772107, BZ#1737111, BZ#1770232, BZ#1787295, BZ#1807077, BZ#1559615, BZ#1230959, BZ#1460849, BZ#1464377, BZ#1457533, BZ#1503123, BZ#1589397, BZ#1726642 |
| BZ#1723492 |
| BZ#917867 |
| |
| |
| |
| BZ#1475770 |
| |
| |
| BZ#1731062 |
| BZ#1712737, BZ#1712918, BZ#1722686, BZ#1698551, BZ#1729033, BZ#1700691, BZ#1711520, BZ#1062656, BZ#916384, BZ#916382, BZ#755087, BZ#1259547, BZ#1393375 |
| |
| |
| BZ#653382 |
| |
| |
| |
| BZ#1523330 |
| BZ#1632274 |
| |
| |
| BZ#1513957 |
| BZ#1309698 |
| |
| |
| BZ#1687497, BZ#1727379, BZ#1651253, BZ#1752577 |
| BZ#1749776 |
| |
| |
| BZ#1649493, BZ#1642968, BZ#1710533, BZ#1703180, BZ#1109348, BZ#1119909, BZ#1414957 |
| |
| BZ#1569484 |
| BZ#1480100 |
| BZ#1607311, BZ#1746771, BZ#1751054, BZ#1773478, BZ#1103193, BZ#1348508, BZ#1299662, BZ#1661654 |
Appendix C. Revision History
0.1-2
Fri Apr 28 2023, Lucie Vařáková (lvarakova@redhat.com)
- Added a known issue (Authentication and Interoperability).
0.1-1
Tue Mar 02 2021, Lenka Špačková (lspackova@redhat.com)
- Updated a link to Upgrading from RHEL 6 to RHEL 7.
- Fixed CentOS Linux name.
0.1-0
Thu Jun 25 2020, Jaroslav Klech (jklech@redhat.com)
- Various improvements to Device Drivers chapter.
0.0-9
Thu Jun 18 2020, Lenka Špačková (lspackova@redhat.com)
- Added a known issue related to Audit (Security).
0.0-8
Thu May 28 2020, Lenka Špačková (lspackova@redhat.com)
-
Added the
qlcnic
andqlge
drivers to the list of deprecated drivers.
-
Added the
0.0-7
Tue May 05 2020, Lenka Špačková (lspackova@redhat.com)
- Added an enhancement related to GNOME.
0.0-6
Tue Apr 28 2020, Lenka Špačková (lspackova@redhat.com)
- Updated information about in-place upgrades in Overview.
0.0-5
Fri Apr 3 2020, Lenka Špačková (lspackova@redhat.com)
- Added a known issue (Networking).
- Added a bug fix (Authentication and Interoperability).
-
Added a deprecated functionality (
NSS
SEED ciphers).
0.0-4
Wed Apr 1 2020, Lenka Špačková (lspackova@redhat.com)
- Aero adapters are now fully supported (Hardware Enablement).
- Added a known issue (Servers and Services).
0.0-3
Tue Mar 31 2020, Lenka Špačková (lspackova@redhat.com)
- Release of the Red Hat Enterprise Linux 7.8 Release Notes.
0.0-2
Wed Feb 12 2020, Lenka Špačková (lspackova@redhat.com)
- Provided a complete kernel version to Architectures and New Features chapters.
- Various additions and updates to individual release note descriptions.
0.0-1
Mon Feb 03 2020, Lenka Špačková (lspackova@redhat.com)
- Added Important Changes to External Kernel Parameters.
- Added Device Drivers.
- Various additions and updates to individual release note descriptions.
0.0-0
Tue Oct 29 2019, Lenka Špačková (lspackova@redhat.com)
- Release of the Red Hat Enterprise Linux 7.8 Beta Release Notes.