Chapter 25. Compiler and Tools
Support of OpenMP 4.5 for libgomp
in GCC
This update provides support for the new version of OpenMP in GCC to allow programs in the Developer Toolset to properly link and run. (BZ#1357060)
Better stack protection in GCC
Prior to this update, GCC stack protection did not work for functions that only contained variable-length arrays and no other (or only very small) arrays. Consequently, a buffer overflow error could occur undetected. This bug has been fixed and the compiler is now able to instrument even such functions. (BZ#1289022)
gdbserver
now supports seamless debugging of processes from containers
Prior to this update, when
GDB
was executing inside a Super-Privileged Container (SPC) and attached to a process that was running in another container on Red Hat Enterprise Linux Atomic Host, GDB
did not locate the binary images of the main executable or any shared libraries loaded by the process to be debugged.
As a consequence,
GDB
may have displayed error messages relating to files not being present, or being present but mismatched. Also, GDB
may have seemed to attach correctly, but subsequent commands may have failed or displayed corrupted information.
In Red Hat Enterprise Linux 7.3,
gdbserver
has been extended for seamless support of debugging processes from containers. The Red Hat Enterprise Linux 7.3 version of gdbserver
newly supports the qXfer:exec-file:read
and vFile:setfs
packets. However, the Red Hat Enterprise Linux 7.3 version of gdb
cannot use these packets. The Red Hat Developer Toolset 4.1 (or higher) version of gdb
is recommended for use with containers and with Red Hat Enterprise Linux 7.3 gdbserver
. The Red Hat Developer Toolset version of gdbserver
can be used as well.
Red Hat Enterprise Linux 7.3
gdb
can now suggest using gdbserver
when run with the -p
parameter (or the attach
command) and when, at the same time, it detects that the process being attached is from a container. Red Hat Enterprise Linux 7.3 gdb
now also suggests the explicit use of the file
command to specify the location of the process executable in the container being debugged. The file
command does not need to be entered when the Red Hat Developer Toolset version of gdb
is being used instead.
With this update, Red Hat Enterprise Linux 7.3
gdbserver
provides seamless debugging of processes from containers together with Red Hat Developer Toolset 4.1 (or higher) gdb
. Additionally, Red Hat Enterprise Linux 7.3 gdb
guides the user through the debugging of processes from containers when Red Hat Developer Toolset gdb
is not available. (BZ#1186918)
GDB
no longer kills running processes with deleted executables
Prior to this update,
GDB
attempting to attach to a running process with a deleted executable would accidentally kill the process. This bug has been fixed, and GDB
no longer erroneously kills processes with deleted executables. (BZ#1326476)
GDB
now generates smaller core files and respects core-dump filtering
The
gcore
command, which provides GDB
with its own core-dumping functionality, has been updated to more closely simulate the function of the Linux kernel core-dumping code, thus generating smaller core-dump files. GDB
now also respects the /proc/PID/coredump_filter
file, which controls what memory segments are written to core-dump files. (BZ#1265351)
Better error message for AArch64
For the
AArch64
target, if a program declared a global variable as a type smaller than an integer, but then referred to it in another file as if it were an integer, the linker could generate a confusing error message. This update fixes the error message, clearly identifying the cause and suggesting a possible reason for the error to the user. (BZ#1300543)
Large and/or high-address programs now link and execute correctly on AArch64
Previously, incorrect code in the linker could result in incorrect branch stubs being generated. Consequently, programs that were very big or if the programmer coded parts of the program to exist at a very high address, failed to link. The bug has been fixed and the correct kind of branch stub is now selected. (BZ#1243559)
The opreport
and opannote
utilities now properly analyze archive data.
Previously, when using
oparchive
to store data, the associated samples were not included in the archive. In addition, the oprofile
utilities selected data in the current working oprofile_data
directory rather than in the archive. Consequently, the opreport
and opannote
utilities were unable to properly analyze data in an archive generated by oparchive
. This update provides a fix for storing the profiling samples in the archive and selecting them for use with archives, and opreport
and opannote
now work as expected. (BZ#1264443)
Events with identical numerical unit masks are now handled by their names
The 5th-generation Core i3, i5, and i7 Intel processors have some events that have multiple unit masks with the same numerical value. As a consequence, some events' default unit masks were not found and selected. This update changes the events to use a name rather than a numerical value for the default unit mask, thus fixing this bug. (BZ#1272136)
New MACRO_INSTS_FUSED
event identifier
Previously, the
MACRO_INSTS
identifier was used for two different events in the 1th-generation Core i3, i5, and i7 Intel processors. As a consequence, it was impossible to clearly select either event by using MACRO_INSTS
. This update renames one of the events to MACRO_INSTS_FUSED
, thus fixing this bug. (BZ#1335145)
Applications no longer crash upon multiple libpfm
initializations
Previously, when the
libpfm
initialization code was called multiple times (for example, in the PAPI fmultiplex1
test), when run as root, the libpfm
internal data structures became corrupted, causing an unexpected termination. This update ensures the counter of available events is properly reset and applications using libpfm
running as root no longer crash when libpfm
is reinitialized. (BZ#1276702)
Removal of purposeless warning message for physically non-existing nodes
Previously, when the numa_node_to_cpus() function was called on a node which did not have an entry in the sysfs directory, the libnuma library always printed a warning message about an invalid sysfs. Consequently, libnuma printed the confusing warning message also for physically non-existing nodes (for example, for non-contiguous node numbers) and this warning could not be overridden when the function was called using the dlsym interface. With this update, the mentioned warning message is printed just for NUMA nodes that were found during an initial scan but then did not appear in sysfs. As a result, users of libnuma no longer receive the warning message for non-contiguous node numbers. (BZ#1270734)
Selection of OpenJDK version family now remembered across updates
Prior to this update, when a user had multiple JDKs installed,
yum update
always updated to the newest JDK even if the user had previously selected some lower-prioritized JDK. This update introduces the --family
switch for chkconfig
, which makes sure that the selected JDK remains in the version family
after system updates. (BZ#1296413)
RC4 is now disabled by default in OpenJDK 6 and OpenJDK 7
Earlier OpenJDK packages allowed the RC4 cryptographic algorithm to be used when making secure connections using Transport Layer Security (TLS). This algorithm is no longer secure, and it has been disabled in this release. To retain its use, it is necessary to revert to the earlier setting of the
jdk.tls.disabledAlgorithms
of SSLv3, DH keySize < 768
. This can be done permanently in the <java.home>/jre/lib/security/java.security
file or by adding the following line:
jdk.tls.disabledAlgorithms=SSLv3, DH keySize < 768
to a new text file and passing the location of that file to Java on the command line using the
-Djava.security.properties=<path to file>
argument. (BZ#1302385)
zsh
no longer deadlocks on malloc()
execution
Previously, if the
zsh
process received a signal during the execution of a memory allocation function and the signal handler attempted to allocate or free memory, zsh
entered a deadlock and became unresponsive. With this update, signal handlers are no longer enabled while handling the global state of zsh
or while using the heap memory allocator. This ensures that the described deadlock no longer occurs. (BZ#1267912)
SCSI device types described using multiple words are now handled correctly
Prior to this update, the
rescan-scsi-bus.sh
tool misinterpreted SCSI device types that were described using more than one word, for example, Medium Changer
or Optical Device
. Consequently, when the script was run on systems that had such device types attached, the script printed multiple misleading error messages. With this update, device types described with multiple words are handled correctly, and the proper device-type description is returned to the user without any errors. (BZ#1298739)
Sphinx builds HTML documentation in FIPS mode properly
Previously, the Python Sphinx generator failed to build documentation in the HTML format on systems with FIPS mode activated. With this update,the use of the md5() function has been fixed by setting the
used_for_security
parameter to false
. As a result, Sphinx now builds HTML documentation as expected. (BZ#966954)
Perl interpreter no longer crashes after using the PerlIO locale pragma
When a thread was spawned after using the PerlIO locale pragma, the Perl interpreter terminated unexpectedly with a segmentation fault. An upstream patch has been applied, which fixes PerlIO::encoding object duplication. As a result, threads are correctly created after setting a file handle encoding. (BZ#1344749)
Line endings are now preserved in files uploaded with the Net::FTP Perl module in text mode
Previously, when uploading a file with the Net::FTP Perl module in text mode, ends of lines in the uploaded file were incorrectly transformed. This update corrects end-of-line normalization from local to Network Virtual Terminal (NVT) encoding when uploading data to an FTP server, and the described problem no longer occurs. (BZ#1263734)
Perl interpreter no longer crashes when using glob() with a threaded program
Previously, when calling the Perl glob() function after spawning a thread, the Perl interpreter terminated unexpectedly with a segmentation fault. An upstream patch has been applied to clone glob() interpreter-wide data, and using Perl glob() with a threaded program now works as expected. (BZ#1223045)
cgroup
values can now be correctly displayed for threads under a parent process by using ps -o thcgr
Previously, the
ps
command displayed only the control group (cgroup
) of the parent process. Consequently, cgroup
values of the threads under a parent process were identical to the cgroup
value of the parent process. This update introduces a new option, thcgr
, to maintain compatibility with current cgroup
listing. When the thcgr
option is used, the correct individual cgroup
values are displayed for threads under the parent process. (BZ#1284087)
pmap
no longer reports incorrect totals
With the introduction of
VmFlags
in the kernel smaps
interface, the pmap
tool could no longer reliably process the content due to format differences of the VmFlags
entry. As a consequence, pmap
reported incorrect totals. The underlying source code has been patched, and pmap
now works as expected. (BZ#1262864)
vmstat -d
is now able to display devices with longer names
When a disk statistics report is required, only the first 15 characters of the device name were previously read from the
/proc/diskstats
file. Consequently, devices with names longer than 15 characters were not shown in the output of the vmstat -d
command. With this update, the formatting string has been changed to read up to 31 characters, and devices with longer names are now correctly displayed by vmstat -d
. (BZ#1169349)
A new perl-Perl4-CoreLibs subpackage contains previously removed files
The
provides
tag was incorrectly set for previously deprecated files that were no longer included in the perl package. To fix this bug, these files have been backported from the previous version of Perl and are now provided by a newly created perl-Perl4-CoreLibs subpackage. (BZ#1365991)
GSS-Proxy caches file descriptors less frequently
Previously, the
mechglue
layer of GSS-Proxy cached file descriptors for the lifetime of the process. As a consequence, daemons that often change the UID or GID, such as as autofs
, could behave unexpectedly. A patch has been applied to close and reopen the connection to GSS-Proxy when an ID changes. As a result, GSS-Proxy caches file descriptors less frequently and daemons that change the UID or GID now work as expected. (BZ#1340259)
Fix to the PAPI_L1_TCM
event computation
Previously, the PAPI presets for L1 total cache misses (PAPI_L1_TCM) was computed incorrectly on 4th-generation Core i3, i5, and i7 Intel processors. This update fixes the computation of the
PAPI_L1_TCM
event and programs using PAPI_L1_TCM
on these processors now get more accurate measurements. (BZ#1277931)
More accurate PAPI_L1_DC*
event on IBM Power7 and IBM Power8 platforms
Previously, the PAPI event presets for cache events incorrectly computed derived values for various IBM Power7 and Power8 processors. Consequently, the
PAPI_L1_DCR
, PAPI_L1_DCW
, and PAPI_L1_DCA
event values were incorrect. The preset computations have been fixed and the mentioned events are now more accurate. (BZ#1263666)
Improved Postfix
expression parser
Previously, the
Postfix
expression parser used to calculate derived metrics from expressions in the papi_events.csv
file did not perform proper error checking and incorrectly parsed some expressions. Consequently, the parser could potentially write outside the buffers being used to compute the value of a derived metric and cause stack smashing errors for some expressions. A fix has been provided for the parser to prevent it from overwriting memory with incorrect expressions. Now, the parser properly and robustly parses Postfix
expressions in papi_events.csv
and reports errors on improper expressions rather than overwriting random regions of memory. (BZ#1357587)
Undefined variable in the udp()
function of the python-dns toolkit is now set
Previously, the python-dns toolkit used an undefined
response_time
variable in the finally
section of the udp()
function. As a consequence, an incorrect exception was displayed to the user. This bug has been fixed and the correct exception is returned. (BZ#1312770)
zsh
parses unescaped exclamation marks correctly now
Previously,
zsh
parser state was insufficiently initialized. Consequently, zsh
failed to parse unescaped exclamation marks in a text string. With this update, zsh
properly initializes the parser state. As a result, zsh
now parses unescaped exclamation marks correctly. (BZ#1338689)
zsh
no longer hangs when receiving a signal while processing a job exit
Previously, signal handlers were enabled while processing a job exit in
zsh
. Consequently, if a signal was received while using the memory allocator and its handler attempted to allocate or free memory, the zsh
process ended up in a deadlock and became unresponsive. With this update, signal handlers are no longer enabled while processing a job exit. Instead, signals are queued for delayed execution of the signal handlers. As a result, the deadlock no longer occurs and zsh
no longer hangs. (BZ#1291782)
zsh
handles the out of memory
scenario gracefully now
The
zsh
shell allocates memory while printing the out of memory
fatal error message. Previously, if the printing routine failed to allocate memory, it triggered an infinite recursion. Consequently, the zsh
process terminated unexpectedly due to a stack overflow. With this update, the infinite recursion no longer appears in this scenario. As a result, after printing the fatal error message, zsh
now terminates gracefully in case it runs out of memory. (BZ#1302229)
Syntax check in ksh
compatibility mode now works as expected in zsh
Previously, while checking the syntax of a shell script in
ksh
compatibility mode, zsh
incorrectly initialized the $HOME
internal variable. Consequently, the zsh
process terminated unexpectedly after it attempted to dereference a NULL
pointer. With this update, the $HOME internal variable is properly initialized. As a result, the syntax check in ksh
compatibility mode now works as expected in zsh
. (BZ#1267251)
Parsing command substitutions no longer corrupts command history
Previously, commands having the
$()
command substitution construct were recorded incorrectly in the command history. This bug has been fixed and parsing command substitutions no longer corrupts command history. (BZ#1321303)
haproxy
configuration files can now use host names longer than 32 characters correctly
Previously, when
haproxy
was configured to use peer host names, a bug caused host names longer than 32 characters to be truncated. As a consequence, the haproxy
configuration files became invalid. This bug has now been fixed, and host names specified as peers can now safely exceed 32 characters. (BZ#1300392)
RPM verification failures no longer occur after installing psacct
When installing the psacct packages, the mode of the
/var/account/pacct
file was previously not set consistently with logrotate
rules for psacct
. As a consequence, the mode of /var/account/pacct
stayed different from these rules after the installation and caused RPM verification failures. With this update, the mode of /var/account/pacct
is set to 0600 during installation of psacct to align with logrotate
ghost file rules. As a result, RPM verification failures no longer occur. (BZ#1249665)
The system is no longer rebooted unexpectedly due to SIGINT passed by sadc
Due to a race condition, the
sadc
command sometimes passed the SIGINT signal to the init process. As a consequence, the system could be unexpectedly rebooted. This update adds a verification that the SIGINT signal is not sent to the init process. As a result, the system is no longer rebooted unexpectedly. (BZ#1328490)
pidstat
no longer outputs values above 100% for certain fields
Previously, the
pidstat
command could, under rare circumstances, run out of preallocated space for PIDs on systems with many short-lived processes. As a consequence, the pidstat
output contained nonsensical values larger than 100%, in the %CPU
, %user
, and %sys
fields. With this update, pidstat
automatically reallocates space for PIDs, and outputs correct values for all fields. (BZ#1224882)
/usr/bin/nfsiostat
provided by sysstat has been deprecated in favor of /sbin/nfsiostat
provided by nfs-utils
Previously, two packages provided executables of the same name: the sysstat packages provided
/usr/bin/nfsiostat
and the nfs-utils packages provided /sbin/nfsiostat
. As a consequence, it was not clear which binary was executed unless the full path was specified. The nfsiostat
utility provided by sysstat has been deprecated in favor of the one provided by nfs-utils. In a transition period, the nfsiostat
binary from the sysstat packages is renamed to nfsiostat-sysstat
. (BZ#846699)
iostat
can now print device names longer than 72 characters
Previously, device names longer than 72 characters were truncated in the
iostat
command output because the device name field was too short. The allocated space for device names has been increased to 128 characters, and iostat
can now print longer device names in the output. (BZ#1267972)
Copying sparse files with trailing extents using cp
no longer causes data corruption
When creating sparse files, the
fallocate
utility could allocate extents beyond EOF using FALLOC_FL_KEEP_SIZE
. As a consequence, when there was a gap (hole) between the extents, and EOF was within that gap, the final hole was not reproduced, which caused silent data corruption in the copied file due to its size being too small. With this update, the cp
command ensures that extents beyond the apparent file size are not processed, as such processing and allocating is not currently supported. As a result, silent data corruption in certain type of sparse files no longer occurs. (BZ#1284906)
NFS
shares mounted by autofs
no longer cause timeouts when listing local mounts using df
A bug in
df
could previously cause NFS
shares mounted by autofs
to be detected as local mounts. Attempts to list only local mounts using the -l
option then timed out, because df
was attempting to list these incorrectly detected shares. This bug has been fixed, and listing local mounts now works as expected. (BZ#1309247)
ksh
now correctly displays login messages
When logging in to an interactive login shell, the contents of the
/etc/profile
script are executed in order to set up an initial environment. Messages which should have been displayed to the user upon logging in to the Korn shell (ksh) were suppressed due to an internal test to determine whether the shell is a login shell that relied upon the value of the PS1
environment variable having already been set before /etc/profile
was executed. However, this environment variable is set in the Korn shell only after /etc/profile
is executed, which led to messages never being displayed to ksh
users. This update provides an alternative test that does not rely on the PS1
variable being set before /etc/profile
execution, with the result that messages are properly displayed to users of the Korn shell upon login. (BZ#1321648)
New POSIX semaphore destruction semantics
Previously, the implementation of POSIX semaphores in
glibc
did not follow the current POSIX requirements for semaphores to be self-synchronizing. As a consequence, the sem_post()
and sem_wait()
functions could terminate unexpectedly or return the EINVAL error code because they accessed the semaphore after it has been destroyed. This update provides an implementation of the new POSIX semaphore destruction semantics which keeps track of waiters, avoiding premature destruction of the semaphore. The semaphores implemented by glibc
are now self-synchronizing, thus fixing this bug. (BZ#1027348)
Disks are now cleanly unmounted after SELinux automatic re-label
Previously, after SELinux relabel, the
rhel-autorelabel
script started system reboot by running the systemctl --force reboot
command. Consequently, certain steps required to cleanly unmount the rootfs
image and deactivate the underlying Device Mapper (DM) device were skipped. To fix this bug, the rhel-autorelabel
script has been modified to invoke the dracut-initframs-restore
script before the reboot. As a result, disks are now cleanly unmounted in the described scenario. (BZ#1281821)
sosreport
now correctly collects output of sources with non-ASCII characters
Prior to this update, the sosreport was not fully generated when the
sosreport
utility attempted to collect the output of a file or command whose name included non-ASCII characters. With this update, such files and commands are properly collected and reported in the utility. (BZ#1296813)
Configuring kdump
to an NFS target destination is now possible in the Kernel Dump Configuration GUI
Previously, the input box for NFS target destination in the Kernel Dump Configuration GUI did not indicate that an export path needs to be entered. Consequently, users were not able to configure the
kdump
feature to a NFS target destination when using this GUI. With this update, the input box label has been changed to indicate that an export path is required, and users are able to configure kdump
in the described situation. (BZ#1208191)
Correct warning message when configuring kdump to a NFS target with NFS shares unmounted
Prior to this update, users were warned with confusing error messages when trying to configure the kdump to a NFS target destination if NFS shares were not mounted. The
system-config-kdump
utility operated through the Kernel Dump Configuration GUI, did not indicate that the NFS export needs to be mounted before applying the kdump configuration. Instead, multiple confusing error messages were returned. With this update the warning message has been changed to indicate that the NFS export is currently not mounted and that it should already be mounted in the moment of kdump configuration. This warning message is less confusing and provides the user with proper information on how to successfully complete the kdump configuration. (BZ#1121590)
lparstat
no longer fails due to long lines in /proc/interrupts
Prior to this update, if the SPU line in the
/proc/interrupts
file was longer than 512 characters, using the lparstat
command failed. With this update, lparstat
properly parses interrupt lines, and thus returns correct results in the described circumstances. (BZ#1366512)
lparstat
default output mode now reports properly
Previously, when using the default output mode of the
lparstat
utility, lparstat
incorrectly reported the value of certain parameters, for example physc
, as 0.00
. This problem has been fixed, and the affected values are now displayed properly. (BZ#1347083)
The Socket::getnameinfo
module now works correctly with tainted values
Previously, the Perl
Socket::getnameinfo
module failed to process tainted values. This update applies a patch and as a result, the module now works correctly with tainted values. (BZ#1200167)
The python-sphinx module no longer fails to build documentation
Previously, the man-page writer module of the python-sphinx package missed the
meta
and inline
node visitors. As a consequence, building documentation could fail. A patch has been provided to add the missing node visitors and as a result, documentation now builds successfully. (BZ#1291573)
Programs no longer run out of memory when repeatedly listing available polkit
actions
Previously, the
polkit
client library did not correctly free memory when listing available actions, which could cause programs to run out of memory and terminate. With this update, the library frees the memory correctly, and programs no longer crash in this scenario. (BZ#1310738)
unzip
now supports non-latin and non-unicode encodings
Previously,
unzip
did not support non-latin and non-unicode encodings, so files with incorrect names could be created. With this update, unzip
supports these encodings using the -O
and -I
options. For more information, run the unzip -h
command. (BZ#1276744)
zlib
now decompresses RFC1951 compliant files correctly
Previously, due to a bug in
zlib
, RFC1951 compliant files were not correctly decompressed. With this update, the bug has been fixed, and zlib
decompresses RFC1951 compliant files correctly. (BZ#1127330)
The glibc times()
function now supports NULL
for the buffer
Previously, the
times()
function in glibc did not allow users to set a NULL
value for the buffer. As a consequence, the function could cause the application using it to terminate unexpectedly. This update applies a patch and as a result, you can set a NULL
value for the buffer and the kernel system call returns the expected results. (BZ#1308728)
iconv
no longer adds a redundant shift sequence
Previously, a bug in the character conversion routines used by
iconv
for the IBM930, IBM933, IBM935, IBM937, and IBM939 character sets could result in a redundant shift sequence being included in the output of the tool. The generated non-conforming output could result in an inability to read the output data. The character conversion routines have been fixed and no longer return a redundant shift sequence. (BZ#1293916)
Core C library (glibc) enhanced to increase malloc()
scalability
A defect in the implementation of the
malloc()
function could result in unnecessary serialization of memory allocation requests across threads. This update fixes the bug and substantially increases the concurrent throughput of allocation requests for applications that frequently create and destroy threads. (BZ#1276753)
Dynamic linker no longer fails when an audit module provides alternate DSO
Previously, when an audit module provided an alternate DSO (dynamic shared object) path, the
ld.so
dynamic linker terminated unexpectedly with a segmentation fault. This update fixes the bug and the dynamic linker now keeps track of the original DSO path for future reference and no longer crashes in the described scenario. (BZ#1211100)
selinux-policy now allows hypervkvpd to getattr
on all filesystem types
Previously, an SELinux denial occurred during the execution of the
restorecon
command after an IP injection on the virtual machine with the Data Exchange
option enabled. The selinux-policy packages have been updated, and an IP injection now finishes correctly both in SELinux permissive and enforcing mode. (BZ#1349356)