6.5 Technical Notes

Bug Fixes

BZ#854668

If the /etc/abrt/abrt.conf file was modified so that the "DumpLocation" and "WatchCrashdumpArchiveDir" variables referred to the same directory, the ABRT utility tried to process the files in that directory as both archives and new problem directories, which led to unpredictable results. With this update, ABRT refuses to start if such misconfiguration is detected.

BZ#896090

While creating a case, the reporter-rhtsupport utility sent the operation system (OS) version value which RHT customer center server did not accept. Consequently, a new case failed to be created and an error message was returned. With this update, suffixes such as "Beta" in the OS version value are not stripped, RHT customer center server accepts the version value, and a case is created.

BZ#952773

Prior to this update, the abrt-watch-log and abrt-dump-oops utilities were creating too many new problem directories when a kernel error occurred periodically. As a consequence, the user was flooded with problem reports and the /var partition could overflow. To fix this bug, abrt-dump-oops has been changed to ignore all additional problems for a few minutes after it sees 5 or more of them. As a result, the user is not flooded with problem reports.

Enhancements

BZ#952704

The Red Hat Support tool required an API for querying crashes caught by ABRT. With this update, python API for ABRT has been provided and it is now possible to use python API to query bugs caught by ABRT.

BZ#961231

There is a high probability that users who do not use the graphical environment (headless systems) will miss the problems detected by the ABRT utility. When the user installs the abrt-console-notification packages, they now see a warning message in the console regarding new problems detected since the last login.

Bug Fixes

BZ#818233

Previously, anaconda did not recognize a DVD ISO image written to a USB drive as a source repository for installation because this device does not have partitions. Consequently, the ISO acted like a boot.iso and it was not possible to install packages included in it. With this update, anaconda has been modified to include devices with ISO 9660 formatting, and to configure any device as a source repository if this device contains the /repodata/repomd.xml file. As a result, anaconda now recognizes ISO on USB as expected.

BZ#845572

Prior to this update, the anaconda loader command created the /etc/sysconfig/network file by renaming a new temporary file, which did not trigger the NetworkManager's inotify mechanism. Consequently, a hostname set by the network --hostname kickstart option could be overridden by NetworkManager with hostname obtained though DHCP or DNS. With this update, loader has been modified to write new values directly into /etc/sysconfig/network. As a result, NetworkManager now accepts the hostname value specified in this file.

BZ#846336

Previously, anaconda did not attempt to use another loop device if the firstly selected one was already in use. Consequently, HDD ISO installation failed if loop devices were used in the kickstart %pre section. With this update, anaconda has been modified to use another loop device if the first one is already in use. As a result, HDD ISO installation works as expected.

BZ#847600

With this update, the list-harddrives command has been modified not to list the /dev/srX devices in its output.

BZ#851284

With this update, several typographical errors have been corrected in the About LVM dialog.

BZ#852523

When a different set of disks was used for the clearpart --drives and part --ondisk commands, a backtrace was returned. Consequently, installation did not finish successfully. With this update, only one set of disks is used with these commands. User must specify multiple disks with a single clearpart command, otherwise only the last clearpart --drives arguments is used.

BZ#859420

Prior to this update, when partitioning was incorrectly specified, the No free space error message was incorrectly shown instead of the appropriate No free slots dialog. With this update, the correct error message is displayed in case of incorrectly specified partitioning.

BZ#859569

Previously, anaconda in rescue mode unmounted the source ISO before searching for the .discinfo file. Consequently, the stage2 parameter was loaded twice, increasing the boot time. With this update, anaconda has been modified to skip the check for .discinfo in rescue mode. As a result, stage2 is only loaded once, as expected.

BZ#873281

Previously, when re-installing the system with already configured LVM raid1 volumes, anaconda terminated unexpectedly. This bug has been fixed, and anaconda no longer crashes in the aforementioned scenario.

BZ#875644

When a kickstart upgrade was performed on IBM System z architectures, anaconda shut down the system instead of rebooting even though the reboot command was present in the kickstart configuration. Consequently, a manual reboot was required. This update adds support for kickstart upgrades on System z, thus fixing this bug.

BZ#877852

Previously, when installing Red Hat Enterprise Linux 6 on a system with multiple disks and one or more of these disks contained the PPC PReP Boot partition, anaconda created an empty PPC PReP Boot partition on the selected installation disk, but stored necessary boot files in the already existing PPC PReP Boot. Consequently, the system failed to boot after the installation. With this update, anaconda has been modified to use the correct PPC PReP Boot for boot files, thus fixing this bug.

BZ#878907

The algorithm for calculating the swap size did not take into account the amount of space used for the installation. Consequently, even on small disks the installer created big swap space often leaving only insufficient amount of space for the rest of the system. This algorithm has been modified to register the amount of space used for the installation. As a result, smaller (10% of used disks' space) swap is created on machines with small disks leaving more space for the rest of the system.

BZ#880577

Previously, anaconda did not create partitions larger than 16TB on XFS filesystems. This bug has been fixed, and the official limit of 100TB is now used as accepted.

BZ#881005

Prior to this update, the autopart command did not function correctly with already defined prepboot partitions. Consequently, when using a kickstart file that contained the part command defining a prepboot partition followed by autopart, anaconda terminated unexpectedly with a segmentation fault. With this update, autopart has been modified to work correctly in the aforementioned configuration. As a result, the installation continues as expected.

BZ#882452

Previously, when configuring network devices within the anaconda GUI, devices using the FCoE network technology were automatically set not to be controlled by the NetworkManager. Consequently, NetworkManager disabled these devices, causing previously connected FCoE SAN disks to disappear from the GUI. This bug has been fixed, and editing network device configuration in the GUI no longer disconnects previously set FCoE devices.

BZ#886020

Previously, anaconda did not return a warning message when using a raw partition for the / mount point without creating a new file system. With this update, anaconda has been modified to display a warning message in such scenario.

BZ#888292

Under certain circumstances, when managing partitions with the anaconda GUI, an unexpected loss of window focus occurred. With this update, the parent window setting has been modified, thus fixing this bug.

BZ#893849

With this update, several typographic and translation errors have been corrected in the Japanese locale in anaconda.

BZ#894050

Previously, anaconda created the /etc/zipl.conf configuration file using a set of default kernel parameters regardless of whether a fresh install or upgrade was performed. Consequently, kernel parameters added to /etc/zipl.conf by users were lost when upgrading IBM System z systems with anaconda. This update adds support for boot loader upgrades for systems with System z architecture. As a result, kernel parameters added by users to /etc/zipl.conf are preserved in the aforementioned scenario.

BZ#895098

Prior to this update, when attempting to install conflicting packages with the anaconda GUI, a misleading warning message was displayed. With this update, this message has been modified to inform about the package conflict.

BZ#895982

Physical-extents size less than 32MB on top of an MD physical volume leads anaconda to problems with calculating the capacity of a volume group. To work around this problem, use a physical-extent size of at least 32MB or leave free space (with size equal to doubled size of the physical-extent) when allocating logical volumes.

BZ#901515

Before proceeding to the package installation phase, anaconda did not check if the core package group was available in selected repositories. If this group was not present, the installation terminated unexpectedly. With this update, anaconda has been modified to check for the presence of core. As a result, a warning message is displayed when core is not available, and installation no longer crashes.

BZ#903689

Previously, when configuring a VLAN network device, such as eth0.171, during the installation, the same configuration was incorrectly applied also for its parent device. Consequently, the VLAN parent device, such as eth0, was incorrectly configured during the installation. The bug has been fixed, and the VLAN device configuration is now applied correctly.

BZ#909463

Under certain circumstances, kernel command-line entries created by anaconda and passed to GRUB did not work correctly. Consequently, in multi-path configuration, the Boot File System (BFS) terminated unexpectedly when the last FCoE interface specified in kernel command was not on-line. With this update, the form of kernel command-line entries has been modified, and BFS no longer fails in the aforementioned scenario.

BZ#919409

Previously, the /etc/multipath/bindings file had incorrect SElinux context after installation. This bug has been fixed, and /etc/multipath/bindings is now installed with correct SElinux context.

BZ#921609

Prior to this update, the generated kickstart file did not contain correct network commands for VLAN interfaces. Consequently, these commands were not reusable during the installation. This bug has been fixed, and the generated kickstart now contains reusable network commands.

BZ#928144

By default, the AMD IOMMU driver is disabled in Red Hat Enterprise Linux 6 for stability reasons. However, when IOMMU is expected to be present for trusted boot, this driver is needed. With this update, anaconda has been modified to enable AMD IOMMU in the kernel boot parameters when the tboot package is installed. MD IOMMU is enabled when trusted boot is in use and AMD IOMMU specifications are present and enabled in the BIOS. To revert these settings, users may remove the "amd_iommu=on" kernel parameter if stability issues are encountered.

BZ#947704

Previously, it was not possible to blacklist the usb-storage module during the installation of Red Hat Enterprise Linux 6. This bug has been fixed, and usb-storage can now be blacklisted without complications.

BZ#949409

Under certain rare circumstances, the dasd_eckd_mod driver was not loaded during linuxrc.s390 installation and anaconda became unresponsive. With this update, a patch has been applied to prevent this problem.

BZ#971961

Previously, bond network devices were activated only in the early stage of installation. Consequently, bond devices configured by network commands in the stage2 file were not activated. This behavior has been changed and bond devices can now be activated also in later stages of installation.

BZ#994504

Previously, anaconda loaded certain required packages multiple times during installation. Consequently, the dependency solving took a long time, growing with number of disks and file systems. With this update, anaconda has been modified to use a more efficient way of selecting packages, thus reducing the time spent on dependency solving.

BZ#998486

With this update, anaconda no longer requires the fcoe-utils package for installation on the IBM System z architectures.

BZ#1003844

Prior to this update, anaconda limited swap size to 10 % of disk space even if --hibernation option was used in the kickstart file. With this update, anaconda has been modified to accept the --hibernation option, and swap size is no longer limited to 10% of disk space when this option is specified.

BZ#1004752

Due to an incorrect setting in the /etc/ssh/sshd_config.anaconda configuration file, the sshd daemon did not start during installation on IBM System z architectures in FIPS mode. Consequently, the installation was not successful. This bug has been fixed, and sshd now runs as expected during installation in FIPS mode.

BZ#1007641

Prior to this update, multipath devices were not listed during installation in VNC mode. This bug has been fixed, and these devices are now listed properly.

BZ#1007683

Devices directly formatted with a file system without any partitions are not supported in Red Hat Enterprise Linux 6. Previously, anaconda did not verify if devices meet this condition. Consequently, when attempting to create a new partition on such unsupported device, anaconda terminated unexpectedly. With this update, anaconda has been modified to check if the device is unpartitioned and to abort partitioning in such case, thus preventing the crash.

BZ#1007884

Previously, a bug in the zipl boot loader caused a runtime error in anaconda. Consequently, the IBM System z architectures with rootfs on iSCSI LUN failed to boot after ananaconda upgrade from Red Hat Enterprise Linux 6.4 to 6.5. This bug has been fixed, and the failed booting no longer occurs after system upgrade.

BZ#1008731

Due to an outdated FCoE detection for Broadcom adapters in anaconda, the system was unable to boot after OS after FCoE BFS installation on HP systems. With this update, anaconda has been modified to correctly detect FCoE on Broadcom adapters, and the boot problems no longer occur in the aforementioned scenario.

BZ#1008941

Under certain circumstances, after an upgrade from Red Hat Enterprise Linux 6.4 to 6.5, the IBM System z system did not boot from the correct storage device. This bug has been fixed, and System z systems now boot from the correct device after upgrade.

BZ#1009691

Certain adapters, such as 10GBaseT Twin Pond require longer time to link up. This time often exceeded the timeout limit of the fipvlan tool used by the installer. Consequently, adding FCoE targets in the GUI failed by timing out. With this update, the timeout limit of fipvlan has been raised. As a result, FCoE target is now added successfully regardless of adapter type. Nevertheless, to view the added device in the GUI, user has to go two screens back to the language selection and then forth.

BZ#1013176

Previously, the list of FCoE LUNs disappeared from the SAN Devices tab in anaconda after adding a second adapter during installation of the Specialized Storage BFS. This bug has been fixed, and the list is now displayed correctly during the installation.

BZ#1018703

Prior to this update, anaconda incorrectly extracted partition names for NVMe devices. Consequently, the boot loader installation failed on NVMe devices. This bug has been fixed, and NVMe devices are now installed successfully.

Enhancements

BZ#890095

This update adds more flexible support for disk references within the --driveorder option in the kickstart boot loader. It is now possible to specify disks that use the /dev/disk/by-*/ folders as arguments for --driveorder.

BZ#905227

This update adds the --ipv6gateway option to the kickstart network command, which allows to specify a default IPv6 gateway. Now, both IPv4 and IPv6 default gateways can be specified in network kickstart command using --gateway or --ipv6gateway respectively.

BZ#915666

With this update, a partition size check has been added to anaconda to ensure that the boot partition on x86 architectures is always less than 2TB, which is required by the GRUB boot loader.

BZ#917815

With this update, anaconda has been modified to allow the DDNS method in the installer. If a hostname is specified in the kickstart configuration of a network device that uses the DHCP protocol, this hostname is passed to the dhclient utility.

Bug Fixes

BZ#807315

Prior to this update, both the "mangle-hw-s" and "mangle-hw-d" options required the use of the "--arhln" option. However, even if the "--arhln" option was specified on the command line, the "arptables" command did not recognize it. As a consequence, it was not possible to use those two options successfully. These updated packages fix this bug and the "--arhln" option can now be used together with the mangle hardware options.

BZ#963209

When the "-x" command line option (exact values) was used along with the "-L" (List rules) option, the arptables utility did not list rules but issued an error message saying "-x" option is illegal with "-L". With this update, the arptables utility now uses the "-x" option when listing rules.

Security Fix

CVE-2012-0786, CVE-2012-0787

Multiple flaws were found in the way Augeas handled configuration files when updating them. An application using Augeas to update configuration files in a directory that is writable to by a different user (for example, an application running as root that is updating files in a directory owned by a non-root service user) could have been tricked into overwriting arbitrary files or leaking information via a symbolic link or mount point attack.

Bug Fixes

BZ#799885

Previously, when single quotes were used in an XML attribute, Augeas was unable to parse the file with the XML lens. An upstream patch has been provided ensuring that single quotes are handled as valid characters and parsing no longer fails.

BZ#855022

Prior to this update, Augeas was unable to set up the "require_ssl_reuse" option in the vsftpd.conf file. The updated patch fixes the vsftpd lens to properly recognize this option, thus fixing this bug.

BZ#799879

Previously, the XML lens did not support non-Unix line endings. Consequently, Augeas was unable to load any files containing such line endings. The XML lens has been fixed to handle files with CRLF line endings, thus fixing this bug.

BZ#826752

Previously, Augeas was unable to parse modprobe.conf files with spaces around "=" characters in option directives. The modprobe lens has been updated and parsing no longer fails.

Bug Fixes

BZ#859078

Under certain circumstances, the autofs utility did not respect all configured settings and used the UDP protocol to probe availability of network file systems. This can lead to some servers refusing the connection with the message:

Client x.x.x.x is violating the NFSv4 specification by sending a UDP/IP datagram to the NFSv4 server.

With this update, autofs has been modified to respect explicitly defined NFSv4 requests, thus fixing this bug.

BZ#886623

Due to changes made to the autofs utility, when probing server availability at mount time, mounts using the RDMA protocol are no longer recognized. With this update, autofs has been modified not to probe availability for mounts that use the RDMA protocol.

BZ#903944

Previously, the autofs utility ignored the --random-multimount-selection option. Consequently, this setting was not used when mounting local file systems even when it was given. This bug has been fixed and --random-multimount-selection now works as expected.

BZ#908020

Previously, when two nearly simultaneous mount requests appeared, NFS mounts mounted by the autofs utility sometimes terminated. This was caused by using invalid protoent structures to identify the protocol. With this update, autofs has been modified to use numeric protocol IDs, instead of protoent structures. As a result, attempts to mount NFS no longer fail in the described scenario.

BZ#971131

Prior to this update, the autofs master map parser did not recognize the SELinux context= option and returned a syntax error when the option was used. The master map parser has been updated to recognize SELinux context= that can now be used without complications.

BZ#974884

Previously, the autofs utility did not recognize the allowed limit of maximum opened files after it was increased by the system administrator. Consequently, the default limit was used regardless of the new configuration. With this update, autofs has been modified to check for changes of this limit and to apply them correctly.

BZ#996749

Previously, the libldap library was not initialized in a thread-safe manner. Consequently, when running automount, the ber_memalloc_x() function could have terminated unexpectedly with a segmentation fault. With this update, the initializaliton of libldap has been modified to be thread-safe and ber_memalloc_x() no longer crashes in the aforementioned scenario. (BZ#996749)

BZ#979929

When the automount daemon was checking host availability and one of the network interfaces was marked "DOWN", automount terminated with a segmentation fault. With this update, a check for this case has been added and the segmentation fault no longer occurs.

BZ#994296

When the automount daemon received a shutdown signal, executing the autofs reload command caused automount to stop running when multiple maps were being removed from the auto.master map. A patch has been added to fix this bug and automount no longer terminates in the described case.

BZ#994297

A change that removed a code for adding the current map entry caused wildcard indirect multi-mount map entries to fail to mount. A patch to fix wildcard multi-map regression has been added and map entries now mount successfully.

BZ#1002896

Due to an execution order race that occurred when creating an expire thread, the automount daemon became unresponsive. The code that handled the expire thread creation has been modified to prevent the aforementioned problem.

BZ#996749

Previously, no locking was performed around LDAP initialization calls. However, these functions are not thread-safe and race conditions could have occurred. With this update, the locking has been added and the risk of race condition is now reduced.

Enhancements

BZ#982103

The description of the TIMEOUT configuration option has been enhanced in the autofs man page. The description now explains the internal default configuration more clearly.

BZ#852327

The autofs utility has been updated to provide the ability to dump its mount maps in a simple <key, value> format in addition to the existing informational format.

Bug Fixes

BZ#631677

This update removes the empty batik-debuginfo package.

BZ#867701, BZ#995471

Previously, an attempt to use the rasterizer utility to convert an SVG image to the JPEG format caused an error to be returned. This update applies a patch to fix this bug and rasterizer now converts SVG images to the JPEG format correctly.

BZ#883464

Previously, the manifest.mf file included the keyword "version" instead of "bundle-version". Consequently, the Eclipse platform did not work correctly with Batik utilities. This bug has been fixed and Eclipse now works as expected.

BZ#979527, BZ#995471

Due to a bug in the underlying source code, an attempt to use the ttf2svg font converter failed with an exception. This update applies a patch to fix this bug and ttf2svg now works correctly.

BZ#995471

Previously, the batik packages contained many bugs, among others classpath errors and errors connected with a missing module for handling the JPEG format. Consequently, Batik utilities, such as raterizer, svgpp, and ttf2svg, failed with exceptions. With this update, the underlying source code has been modified to fix these bugs and the aforementioned utilities now work as expected.

Bug Fixes

BZ#908780

Previously, the bind-dyndb-ldap plug-in did not handle DNS zones without the "idnsUpdatePolicy" attribute properly, which led to a harmless, but misleading error message:

zone serial ([zone serial]) unchanged. zone may fail to transfer to slaves.

This message was logged after each zone reload or potentially after each change in the affected DNS zone. The bind-dyndb-ldap plug-in has been fixed, so that it no longer prints any error message if the "idnsUpdatePolicy" attribute is not defined in the DNS zone.

BZ#921167

Previously, the bind-dyndb-ldap plug-in processed update policies with the "zonesub" match-type incorrectly, which led to the BIND daemon terminating unexpectedly during the processing of the update-policy parameter. The bind-dyndb-ldap plug-in has been fixed to process update-policy with the "zonesub" match-type correctly, and so it no longer crashes in this scenario.

BZ#923113

The bind-dyndb-ldap plug-in processed settings too early, which led to the BIND daemon terminating unexpectedly with an assertion failure during startup or reload. The bind-dyndb-ldap plug-in has been fixed to process its options later, and so no longer crashes during startup or reload.

BZ#1010396

Prior to this update, the bind-dyndb-ldap plug-in with the default configuration did not establish enough connections to LDAP server for the pointer record (PTR) synchronization feature and, consequently, the PTR record synchronization failed. With this update, the default number of connections has been raised to four, and the PTR record synchronization now works as expected.

Bug Fix

BZ#1000386

Previously, the addslot() function returned the same "dev->index_in_slot" value for two or more interfaces. As a consequence, more than one network interfaces could be named "renameN". This update restores the logic used to obtain a port number that existed in biosdevname version 0.3.11 and, as a result, all interfaces are named as expected.

Bug Fix

BZ#820670

The Boost package did not contain the Boost.Math shared libraries, which include an inverse of trigonometric functions over complex numbers and gamma, beta and erf special functions, as specified in the Technical Report on C++ Library Extensions. This update adds the boost-math sub-package, which includes the symbols corresponding to the mentioned functions.

Security Fix

CVE-2013-1813

It was found that the mdev BusyBox utility could create certain directories within /dev with world-writable permissions. A local unprivileged user could use this flaw to manipulate portions of the /dev directory tree.

Bug Fixes

BZ#820097

Previously, due to a too eager string size optimization on the IBM System z architecture, the "wc" BusyBox command failed after processing standard input with the following error:

wc: : No such file or directory

This bug was fixed by disabling the string size optimization and the "wc" command works properly on IBM System z architectures.

BZ#859817

Prior to this update, the "mknod" command was unable to create device nodes with a major or minor number larger than 255. Consequently, the kdump utility failed to handle such a device. The underlying source code has been modified, and it is now possible to use the "mknod" command to create device nodes with a major or minor number larger than 255.

BZ#855832

If a network installation from an NFS server was selected, the "mount" command used the UDP protocol by default. If only TCP mounts were supported by the server, this led to a failure of the mount command. As a result, Anaconda could not continue with the installation. This bug is now fixed and NFS mount operations default to the TCP protocol.

Enhancement

BZ#544376

This update provides Shared System Certificate Authority storage, a system-wide trust storage for configuration data, required as an input for certificate trust decisions. This is a functionally compatible replacement for classic Certificate Authority configuration files and for the libnssckbi NSS trust module. This feature must be explicitly enabled by an administrator. Refer to the update-ca-trust man page in the ca-certificates package for a more detailed description of the feature.

Bug Fix

BZ#651651

Previously, under some configurations, the KDE startup menu did not show any Chinese characters in Chinese locales (both zh-CN and zh-TW), while Japanese and Korean did not have this problem. With this update, the KDE startup menu now displays Chinese characters in Chinese locales.

Bug Fixes

BZ#996233

Prior to this update, if one of the gfs2_tool, gfs2_quota, gfs2_grow, or gfs2_jadd commands was killed unexpectedly, a temporary GFS2 metadata mount point used by those tools could be left mounted. The mount point was also not registered in the /etc/mtab file, and so the "umount -a -t gfs2" command did not unmount it. This mount point could prevent systems from rebooting properly, and cause the kernel to panic in cases where it was manually unmounted after the normal GFS2 mount point. This update corrects the problem by creating an mtab entry for the temporary mount point, which unmounts it before exiting when signals are received.

BZ#893925

Previously, the cman utility did not work correctly if there was a brief network failure in a cluster running in two_node mode with no fence delay. Consequently, the two nodes killed each other when the connection was re-established. This update adds a 5-second delay to the “fenced” daemon for the node with the higher node ID and the described problem no longer occurs. Another option is to add a fence delay into the "cluster.conf" file, as documented in the Red Hat Knowledgebase (see https://access.redhat.com/site/solutions/54829).

BZ#982670

Prior to this update, the cman init script did not handle its lock file correctly when executing the "restart" command. Consequently, the node could be removed from the cluster by other members during the node reboot. The cman init script has been modified to handle the lock file correctly, and no fencing action is now taken by other nodes of the cluster.

BZ#889564

Previously, when the corosync utility detected a "process pause", an old, therefore invalid, control group ID was occasionally sent to the gfs_controld daemon. Consequently, gfs_controld became unresponsive. This update fixes gfs_controld to discard messages with old control group IDs, and gfs_controld no longer hangs in this scenario.

BZ#888857

Prior to this update, the "fenced" daemon and other related daemons occasionally closed a file descriptor that was still referenced by the corosync libraries during an attempt to stop the daemons. Consequently, the daemons did not terminate properly and shutting down the cluster utility failed. This bug has been fixed, the file descriptor now stays open and it is marked unused by the daemons, and the daemons terminate properly.

BZ#989647

Previously, the fsck.gfs2 utility did not handle a certain type of file system corruption properly. As a consequence, fsck.gfs2 terminated with an error message and did not repair the corruption. This update extends the abilities of fsck.gfs2 to handle file system corruption and the described problems no longer occur.

BZ#1007970

Previously, the "-K" option was unavailable in the mkfs.gfs2 utility. Consequently, mkfs.gfs2 returned the "invalid option" error message, and it was impossible to use this option to keep and not to discard unused blocks. With this update, mkfs.gfs2 handles the "-K" option properly.

BZ#896191

The cluster.conf(5) manual page contained incorrect information that the default syslog facility was "daemon". This update corrects this statement to "local4".

BZ#902920

Previously, the fsck.gfs2 utility did not correctly recognize cases when information about a directory in the Global File System 2 (GFS2) was misplaced. Also, fsck.gfs2 did not properly check consistency of the GFS2 directory hash table. As a consequence, fsck.gfs2 did not report problems with the file system and the files in the corrupted directories were unusable. With this update, fsck.gfs2 has been modified to do extensive sanity checking and it is now able to identify and fix the described problems among others.

BZ#963657

Prior to this update, nested Global File System 2 (GFS2) mount points were not taken into account when stopping the GFS2 resources. Consequently, the mount points were not being unmounted in the correct order and the gfs2 utility failed to stop. The gfs2 init script has been modified to unmount GFS2 mount points in the correct order and the stopping of gfs2 no longer fails in this scenario.

BZ#920358

Previously, the qdiskd daemon did not correctly handle newly rejoined nodes that had been rebooted uncleanly. Consequently, qdiskd removed such nodes after its initialization. With this update, qdiskd skips counting of the missed updates for nodes in the "S_NONE" state, and it no longer removes nodes in the described scenario.

BZ#888318

Previously, the qdiskd daemon did not issue a specific error message for cases when the token timeout was set incorrectly in the "cluster.conf" file. Consequently, qdiskd terminated with the "qdiskd: configuration failed" error message giving no details. This update adds a specific error message for the described cases.

BZ#886585

Previously, the gfs2_grow utility returned a zero exit status even in cases where no growth was possible, due to how little the device had grown. Consequently, automated scripts, used especially for testing of gfs2_grow, received an incorrect "0" return code. With this update, gfs2_grow has been modified to return a non-zero exit status when its operations fail.

BZ#871603

Previously, the help text for the "ccs_tool create" command contained incorrect parameters for the "addfence" subcommand, namely "user" instead of "login". Consequently, users could create an incorrect "cluster.conf" file. With this update, the help text has been corrected.

BZ#985796

Previously, when the fsck.gfs2 utility was repairing the superblock, it looked up the locking configuration fields from the "cluster.conf" file. Consequently, the "lockproto" and "locktable" fields could be set improperly when the superblock was repaired. With this update, the "lockproto" and "locktable" fields are now set to sensible default values and the user is now instructed to set the fields with the tunegfs2 utility at the end of the fsck.gfs2 run.

BZ#984085

Previously, the fsck.gfs2 utility did not properly handle cases when directory leaf blocks were duplicated. As a consequence, files in the corrupted directories were occasionally not found and fsck.gfs2 became unresponsive. With this update, fsck.gfs2 checks for duplicate blocks in all directories, identifies and fixes corruptions, and it no longer hangs in this scenario.

Bug Fixes

BZ#951470

Prior to this update, the modclusterd service made an improper CMAN API call when attempting to associate the local machine's address with a particular cluster node entry, but with no success. Consequently, modclusterd returned log messages every five seconds. In addition, when logging for CMAN was enabled, membership messages included, messages arising from the CMAN API misuse were emitted. Now, the CMAN API call is used properly, which corrects the aforementioned consequences.

BZ#908728

Previously, the modclusterd service terminated unexpectedly in IPv4-only environments when stopped due to accessing unitialized memory only used when IPv6 was available. With this update, modclusterd no longer crashes in IPv4-only environments.

BZ#888543

Previously, the SNMP (Simple Network Management Protocol) agent exposing the cluster status and shipped as cluster-snmp caused the SNMP server (snmpd) to terminate unexpectedly with a segmentation fault when this module was loaded, and the containing server was instructed to reload. This was caused by an improper disposal of the resources facilitated by this server, alarms in particular. Now, the module properly cleans up such resources when being unloaded, preventing the crash on reload.

Bug Fix

BZ#876315

The compat-openmpi packages previously did not ensure compatibility with earlier versions of the Open MPI shared libraries. Consequently, the users failed to run certain applications using Open MPI on Red Hat Enterprise Linux 6.3 and later if those applications were compiled against Open MPI versions used on Red Hat Enterprise Linux 6.2 and earlier. After this update, the compat-openmpi packages now maintain compatibility with earlier versions of Open MPI on Red Hat Enterprise Linux 6.

Bug Fix

BZ#891938

Previously, the length range of timezone strings was not sufficient to process all known timezone codes. As a consequence, the conmand daemon failed to start if the timezone name consisted of five or more characters. The maximum string length has been set to 32, and conmand now always starts as expected.

Bug Fixes

BZ#806038

In previous versions, coolkey always created a bogus e-gate smart card reader to avoid problems with Network Security Services (NSS) and the PC/SC Lite framework when no smart card reader was available. However, e-gate smart cards are no longer available for smart card authentication, and the NSS and pcsc-lite packages have been updated to handle a situation with no e-gate reader attached. Therefore, this bogus reader in coolkey became unnecessary and could cause problems to some applications under certain circumstances. This update modifies the respective code so that coolkey no longer creates a bogus e-gate smart card.

BZ#906537

With a previous version of coolkey, some signature operations, such as PKINIT, could fail on PIV endpoint cards that support both CAC and PIV interfaces. The underlying coolkey code has been modified so these PIV endpoint cards now works with coolkey as expected.

BZ#991515

The coolkey library registered only with the NSS DBM database, however, NSS now uses also the SQLite database format, which is preferred. This update modifies coolkey to register properly with both NSS databases.

Enhancement

BZ#951272

Support for tokens containing Elliptic Curve Cryptography (ECC) certificates has been added to the coolkey packages so the coolkey library now works with ECC provisioned cards.

Security Fixes

CVE-2013-0221, CVE-2013-0222, CVE-2013-0223

It was discovered that the sort, uniq, and join utilities did not properly restrict the use of the alloca() function. An attacker could use this flaw to crash those utilities by providing long input strings.

Bug Fixes

BZ#747592

Previously, due to incorrect propagation of signals from child processes, the return values of the "su" command were incorrect and core dump information was not shown in the parent process. With this update, signal propagation from child processes has been fixed and the return values of the "su" command corrected. As a result, core dump messages from child processes are no longer ignored and the "su" command returns correct exit values.

BZ#749679

Previously, the su command did not wait for the end of its child processes. As a consequence, the su utility might exit before the child process has finished. This bug has been fixed and now "su" waits for the child process to exit.

BZ#816708

Previously, when invoked with no user name argument, the "id -G" and "id --groups" commands printed the default group ID listed in the password database. Occasionally, this ID was incorrect or not effective, especially when it has been changed. After this update, the aforementioned commands print only effective and real IDs when no user is specified.

BZ#827199

The "tail -f" command uses inotify for tracking changes in files. For remote file systems [-/,] inotify is not available. In the case of unknown file systems, for example panasas, "tail -f" failed instead of falling back to polling. Now, the list of known file systems is updated and "tail -f" is modified to fall back into polling for unknown file systems. As result, "tail -f" now works correctly, even on unknown file systems, with only a warning about the unknown file system and a fall back to polling.

BZ#842040

Previously, the "df" command interpreted control characters in the output mount name. As a consequence, it could be inconvenient to read and problematic for scripts when there are control characters such as "\n" in the output. Problematic characters have been replaced by a question mark sign ("?"), and such output is no longer hard to read.

BZ#867984

Previously, a Red Hat specific patch for multibytes locales support in the core utilities was missing the handling of the "--output-delimiter" option of the "cut" command. As a consequence, the option was ignored if specified. Support for the "--output-delimiter" option has been implemented in coreutils and users can now use this option with multibyte locales.

BZ#889531

Previously, when an "su" session was terminated by a signal, it returned an incorrect exit status. This caused various issues, such as a ksh lockup, to occur. This update fixes the exit status handling and the aforementioned situation no longer occurs.

BZ#911206

Previously, the stat utility used the setpwent() and setgrent() functions. This caused NIS database download problems when the time stat utility was called, thus causing performance issues. After this update, the aforementioned system calls are no longer present in the stat utility source code. As a result, NIS database downloads are not necessary with every stat utility run.

BZ#956143

When parsing a file's content, in which the end of a field was specified using the obsolete key formats (+POS -POS), the sort utility determined the end of the field incorrectly, and therefore produced incorrect output. This update fixes the parsing logic to match the usage of the "-k" option when using these obsolete key formats. The sort utility now returns expected results in this situation.

BZ#960160

Previously, in some cases, the date utility could parse invalid input. This was due to a sign-extending of "other" bytes in the parsing mechanism. This caused unexpected results of some invalid input. The parsing mechanism has been fixed, and, the date utility now correctly recognizes invalid input where appropriate.

BZ#965654

Previously, the "dd" utility produced the transfer statistics output even if the "status=noxfer" was specified. To fix this bug, a new option, "status=none", has been implemented to suppress all informational output. As a result, unnecessary information produced by dd is no longer displayed with this option.

BZ#967623

The "su" utility has a "-p" option, which preserves some of the environmental variables. However, the su(1) manual page incorrectly stated that the whole environment was preserved. After this update, the manual page has been adjusted to list all the preserved environmental variables.

BZ#980061

When moving directories between two file systems, the "mv" utility failed to overwrite an empty directory, which was a violation of the POSIX standard. After this update, mv no longer fails to overwrite an empty destination directory and the POSIX standard rules are obeyed.

BZ#997537

Previously, the "pr" utility used a suboptimal code routine when the "-n" option was specified, and inconsistent padding with either zeros or spaces. As a consequence, pr terminated unexpectedly when the "-n" option was used with a value of 32 or higher. Moreover, the inconsistent padding was hard to parse by scripts. After this update, line numbers are consistently padded by spaces and the program has been improved to handle high values of the "-n" option correctly. As a result, the "pr" utility no longer terminates unexpectedly.

BZ#1006221

Previously, the "tail -f" command did not monitor dead symbolic links properly. As a result, "tail -f" ignored updates to the referent of a symbolic link after the symbolic link was killed. This bug has now been fixed and "tail -f" now notices when the dead symbolic link is revived and resumes tailing the contents of the referent.

Enhancements

BZ#836557

Before this update, a directory cycle induced by a bind mount was treated as a fatal error, for example a probable disk corruption. However, such cycles are relatively common and can be detected efficiently. The "du" command has been modified to display a descriptive warning and also to return the appropriate non-zero exit value. This allows bind mounts of various services to be handles correctly.

BZ#908980

In Red Hat Enterprise Linux 6, the "dd" command has a "conv" option, which supports various conversion types. This updates adds support for the "sparse" conversion option, used for sparse files. This feature is useful when copying block devices to files to minimize the actual amount of data occupied. In addition, it can be used for managing virtual machine images in different storage types, including iSCSI and NFS.

Bug Fixes

BZ#854216

When running corosync on a faulty network with the failed_to_recv configuration option set, corosync was very often terminated with a segmentation fault after a cluster node was marked as "failed to receive". This happened because an assert condition was met during a cluster node membership determination. To fix this problem, the underlying code has been modified to ignore the assert if it was triggered by nodes marked as "failed to receive". This is safe because a single node membership is always established in this situation.

BZ#877349

The corosync-notifyd service was not started right after installation because the default configuration of the corosync notifier did not exist. This fix adds the default configuration for this service in the /etc/sysconfig/corosync-notifyd file so that corosync-notifyd can now be started right after installation without any additional configuration.

BZ#880598

Due to a bug in the underlying code, the corosync API could read uninitialized memory, and thus return incorrect values when incrementing or decrementing value of certain objects in the configuration and statistics database. This update modifies the respective code to only read 16 bits of memory instead of 32 bits when returning the [u]int16 type values. The corosync API no longer read uninitialized memory and return correct values.

BZ#881729

Due to a rare race condition in the corosync logging system, corosync could terminate with a segmentation fault after an attempt to dereference a NULL pointer. A pthread mutex lock has been added to a respective formatting variable so that the race condition between log-formatting and log-printing functions is now avoided.

BZ#906432

Previously, corosync did not support IPv6 double colon notation and did not handle correctly closing braces when parsing the corosync.conf file. As a consequence, the totem service failed to start when using IPv6. If the configuration file contained additional closing braces, no error was displayed to inform users why was the configuration file not parsed successfully. This update fixes these parsing bugs so the totem service can now be successfully started, and an error message is displayed if the corosync.conf file contains additional closing braces.

BZ#907894

Due to multiple bugs in the corosync code, either duplicate or no messages were delivered to applications if the corosync service was terminated on multiple cluster nodes. This update applies a series of patches correcting these bugs so that corosync no longer loses or duplicates messages in this scenario.

BZ#915490

The corosync-fplay utility could terminate with a segmentation fault or result in unpredictable behavior if the corosync fdata file became corrupted. With this update, corosync-fplay has been modified to detect loops in code and properly validate fdata files. To avoid another cause of fdata corruption, corosync now also prohibits its child processes from logging. As a result of these changes, corosync no longer crashes or becomes unresponsive in this situation.

BZ#915769

If a service section in the corosync.conf file did not contain a service name, corosync either terminated with a segmentation fault or refused to start an unknown service. With this update, corosync now properly verifies the name key and if no service name is found, returns an error message and exits gracefully.

BZ#916227

The corosync service did not correctly handle a situation when it received an exit request (the SIGINT signal) before the service initialization was complete. As a consequence, corosync became unresponsive and ignored all signals, except for SIGKILL. This update adds a semaphore to ensure that corosync exits gracefully in this situation.

BZ#922671

When running applications that used the Corosync inter-process communication (IPC) library, some messages in the dispatch() function were lost or duplicated. With this update, corosync properly verifies return values of the dispatch_put() function, returns the correct remaining bytes in the IPC ring buffer, and ensures that the IPC client is correctly informed about the real number of messages in the ring buffer. Messages in the dispatch() function are no longer lost or duplicated.

BZ#924261

Sometimes, when an attempt to shut down the corosync service using the "corosync-cfgtool -H" command failed and returned the CS_ERR_TRY_AGAIN error code, subsequent shutdown attempts always failed with the CS_ERR_EXISTS error. The corosync-cfgtool utility has been modified to automatically retry the shutdown command, and the Corosync's Cfg library now allows processing of multiple subsequent shutdown calls. The "corosync-cfgtool -H" command now works as expected even on heavily loaded cluster nodes.

BZ#947936

If the uidgid section of the corosync.conf file contained a non-existing user or group, corosync did not display any error. The underlying code has been modified so that corosync now properly verifies values returned by the getpwnam_r system call, and displays an appropriate error message in this situation.

BZ#959184

If an IPC client exited in a specific time frame of the connection handshake, the corosync main process received the SIGPIPE signal and terminated. With this update, the SIGPIPE signal is now correctly handled by the sendto() function and the corosync main process no longer terminates in this situation.

BZ#959189

The corosync process could become unresponsive upon exit, by sending the SIGINT signal or using the corosync-cfgtool utility, if it had open a large number of confdb IPC connections. This update modifies the corosync code to ensure that all IPC connection to the configuration and statistics database are closed upon corosync exit so that corosync exits as expected.

Enhancements

BZ#949491

The corosync daemon now detects when the corosync main process was not scheduled for a long time and sends a relevant message to the system log.

BZ#956739

In order to improve process of problem detection, output of the corosync-blackbox command now contains time stamps of events. This feature is backward-compatible so that output (fdata) from old versions of corosync is processed correctly.

Bug Fixes

BZ#886225

Previously, some of the commands in the cpupowerutils packages were missing manual pages. Manual pages for the turbostat, x86_energy_perf_policy, cpufreq-bench, and cpufreq-bench_plot.sh commands have been added, thus fixing this bug.

BZ#886226

If a non-root user tried to run the cpufreq-bench utility, it terminated unexpectedly with a segmentation fault, and an ABRT notification appeared on the desktop. With this update, a warning message is displayed to the user instead, informing them that it is necessary to run the utility as root.

BZ#886227

Prior to this update, the x86_energy_perf_policy utility failed when it tried to open the /dev/cpu/*/msr/ directory. Consequently, a "permission denied" error message was returned. With this update, a new error message explains that the command needs root privileges and x86_energy_perf_policy cleanly exits.

BZ#886228

Previously, the interactive help for the x86_energy_perf_policy utility was short and confusing. The help text has been expanded to clarify the meaning of the command-line options.

BZ#914623

Due to the missing implementation for the "cpupower set -m" command, the error message is returned upon launching the command. Previously, this message wrongly implied that the sched-mc utility is not supported on the system. This update clarifies the message to clearly state that sched-mc is not yet implemented.

BZ#914787

Previously, running the "cpupower -v" or "cpupower --version" commands returned incorrect version information. This bug has been fixed and a selected component of cpupower now reports the correct version-release number.

Enhancement

BZ#852831

Intel turbostat v3.0 utility has been included in Red Hat Enterprise Linux. The utility is used to read current CPU core frequency and active C-states.

Enhancements

BZ#902141

Currently, dump files created by the makedumpfile utility using the snappy compression format are now readable by the crash utility. The snappy format is suitable for the crash dump mechanism that requires stable performance in any situation with enterprise application use.

BZ#902144

With this update, dump files created by the makedumpfile utility using the LZO compression format are now readable by the crash utility. The LZO compression format is fast and stable for randomized data.

BZ#1006622

This update adds support for compressed dump files created by the makedumpfile utility that were generated on systems with physical memory requiring more than 44 bits.

BZ#1017930

This update fixes faulty panic-task backtraces generated by the bt command in KVM guest dump files. The bt command now shows a trace when the guest operating system is panicking.

BZ#1019483

This update fixes the CPU number display on systems with 255 or more CPUs during the initialization, by the set command, the ps command, and by all commands that display the per-task header consisting of the task address, PID, CPU and command name. Without the patch, for CPU 255, the sys command displays "NO_PROC_ID", and the other commands show a "-" for the CPU number; for CPU numbers greater than 255, garbage values would be displayed in the CPU number field.

Bug Fix

BZ#890232

Due to a backported madvise/MADV_DONTDUMP change in the Red Hat Enterprise Linux 6 kernel, VDSO (Virtual Dynamically linked Shared Objects) and vsyscall pages were missing in the generated process core dump. With this update, VDSO and vsyscall pages are always contained in the generated process core dump.

Bug Fixes

BZ#877301

Previously, a time-stamp check did not pass if a file did not exist. As a consequence, an empty repository was incorrectly flagged as being up to date and the "createrepo --checkts" command performed no action on an empty repository. With this update, missing file is now considered as a failure, and not a pass. The "createrepo --checkts" command now properly creates a new repository when called on an empty repository.

BZ#892657

The --basedir, --retain-old-md, and --update-md-path options were reported only in the createrepo utility help message but not in the man page. This update amends the man page and the options are now properly documented in both the help message and the man page.

Bug Fixes

BZ#697485

Previously, the crond deamon did not drop data about user privileges before calling the popen() system function. Consequently, warnings about changing privileges were written to the /var/log/crond file when the function was invoked by the non-root user. With this update, crond has been modified to drop user privileges before calling popen(). As a result, warnings are no longer logged in this scenario.

BZ#706979

With this update, file permissions of cron configuration files have been changed to be readable only by the root user.

BZ#733697

Prior to this update, the definition of restart in the cron init file was incorrect. Consequently, a failure was incorrectly reported when restarting the crond daemon. The init file has been fixed and the redundant failure message is no longer displayed after crond restart.

BZ#738232

Cron jobs of users with home directories mounted on a Lightweight Directory Access Protocol (LDAP) server or Network File System (NFS) were often refused because jobs were marked as orphaned (typically due to a temporary NSS lookup failure, when NIS and LDAP servers were unreachable). With this update, a database of orphans is created, and cron jobs are performed as expected.

BZ#743473

With this update, obsolete comments have been removed from the /etc/cron.hourly/0anacron configuration file.

BZ#821046, BZ#995089

Due to a bug in cron's support for time zones, planned jobs were executed multiple times. Effects of this bug were visible only during the spring change of time. This bug has been fixed and jobs are now executed correctly during the time change.

BZ#887859

With this update, an incorrect example showing the anacron table setup has been fixed in the anacrontab man page.

BZ#919440

Previously, the crond daemon did not check for existing locks for daemon. Consequently, multiple instances of crond could run simultaneously. The locking mechanism has been updated and running multiple instances of cron at once is no longer possible.

BZ#985888

Prior to this update, the $LANG setting was not read by the crond daemon. Consequently, cron jobs were not run with the system-wide $LANG setting. This bug has been fixed and $LANG is now used by cron jobs as expected.

BZ#985893

Previously, the crond daemon used the putenv system call, which could have caused crond to terminate unexpectedly with a segmentation fault. With this update, putenv() has been replaced with the setenv() system call, thus preventing the segmentation fault.

BZ#990710

Prior to this update, the PATH variable could be set by cron or in crontable, but could not be changed by a PAM setting. With this update, PATH can be altered by PAM setting. As a result, PATH can now be inherited from the environment if the "-P" option is used.

BZ#1006869

Previously, an incorrect error code was returned when non-root user tried to restart the crond daemon. With this update, a correct code is returned in the described case.

Enhancements

BZ#829910

This update adds the RANDOM_DELAY variable that allows delaying job startups by random amount of minutes with upper limit specified by the variable. The random scaling factor is determined during the crond daemon startup so it remains constant for the whole run time of the daemon.

BZ#922829

With this update, the CRON_CORRECT_MAIL_HEADER environment variable in the /etc/crond/sysconfig configuration file has been updated. With this variable enabled, cron now sends emails with headers in RFC compliant format.

Bug Fix

BZ#671460

When a CVS client tried to establish a GSSAPI-authenticated connection to a DNS load-balanced cluster node, the authentication failed because each node had a unique host name. With this update, the GSSAPI CVS server has been modified to search for any Kerberos key that matches the "cvs" service and any host name. As a result, the CVS server can now authenticate clients using GSSAPI even if the server's host name does not match the domain name, and thus Kerberos principal host name part, common for all cluster nodes. CVS server administrators are advised to deploy two Kerberos principals to each node: a principal matching the node's host name and a principal matching the cluster's domain name.

Enhancement

BZ#684789

Previously, the CVS server did not pass the client address to the Pluggable Authentication Modules (PAM) system. As a consequence, it was not possible to distinguish clients by the network address with the PAM system and the system was not able to utilize the client address for authentication or authorization purposes. With this update, the client network address is passed to the PAM subsystem as a remote host item (PAM_RHOST). Also, the terminal item (PAM_TTY) is set to a dummy value "cvs" because some PAM modules cannot work with an unset value.

Bug Fixes

BZ#975676

Device Mapper Multipath (DM-Multipath) did not test pointers for NULL values before dereferencing them in the sysfs functions. Consequently, the multipathd daemon could terminate unexpectedly with a segmentation fault if a multipath device was resized while a path from the multipath device was being removed. With this update, DM-Multipath performs NULL pointer checks in sysfs functions and no longer crashes in the described scenario.

BZ#889429

Prior to this update, the multipathd daemon did not start listening to udev events (uevents) until all the multipath paths that were discovered on system startup had been configured. As a consequence, multipathd was unable to handle paths that were discovered in the meantime. This bug has been fixed and multipathd now handles all paths as expected in the described scenario.

BZ#889441

Due to incorrectly ordered udev rules for multipathd, link priority was not set for multipath paths when creating the multipath device using initramfs udev rules. Consequently, the /dev/disk/by-uuid/<uuid> symbolic links pointed to multipath paths instead of the multipath device. This could lead to boot problems under certain circumstances. With this update, the multipathd udev rules have been ordered correctly so that the aforementioned symbolic links point to the multipath device as expected.

BZ#902585, BZ#994277

Previously, DM-Multipath did not allocate enough space for the sysfs "state" attribute. Consequently, when a path was switched to the "transport-offline" state, a buffer overflow was triggered, resulting in an error message being logged into the system log. Also, DM-Multipath did not handle correctly paths in the "quiesce" state, which resulted in unnecessary failure of these paths. With this update, DM-Multipath allocates enough space to store all valid values of the sysfs "state" attribute. Paths in the "quiesce" state are now moved to the "pending" state, which prevents the paths from failing.

BZ#928831

Previously, DM-Multipath did not verify whether the kernel supported the "retain_attached_hw_handler" mpath target feature before setting it. Consequently, the multipath devices which had set "retain_attached_hw_handler" did not work on machines with an older kernel without this feature support. With this update, DM-Multipath checks that the kernel supports the "retain_attached_hw_handler" feature before setting it. The multipath devices now work as expected on systems with older kernels utilizing newer versions of DM-Multipath.

BZ#995251

In certain setups, the Redundant Disk Array Controller (RDAC) did not mark a path as down if the target controller reported an asymmetric access state of the target port to be "unavailable". As a consequence, the multipathd daemon repeatedly attempted to send I/O to an unusable path. This bug has been fixed, and multipathd no longer sends I/O to unusable paths in this case.

BZ#1011341

Previously, the kpartx utility did not take into account the actual sector size of the device when creating partitions for the MS-DOS partition table, assuming a fixed size of 512 bytes per sector. Therefore, kpartx created partitions that were 1/8 of the proper size if the device with a sector size of 4 KB used the MS-DOS partition table. With this update, kpartx verifies the device's sector size and calculates the proper partition size if the device uses the MS-DOS partition table.

BZ#892292

When displaying multipath topology for the specified multipath device, DM-Multipath unnecessarily obtained WWIDs for all the multipath paths for all the configured multipath devices. Consequently, the "multipath -l" command took an extensively longer time to complete than expected, especially on systems containing a large number of multipath devices. This behavior has been changed and when displaying topology of the specified multipath devices, the multipath command now acquires WWIDs only for paths belonging to these devices.

BZ#974129

DM-Multipath previously set the fast_io_fail_tmo configuration option before setting the dev_loss_tmo option. However, a new value of fast_io_fail_tmo is not allowed to be greater than or equal to the current value of dev_loss_tmo. Therefore, when increasing values of both options and sysfs failed to set fast_io_fail_tmo due to the aforementioned limitation, even dev_loss_tmo could not have been set to a new value. With this update, if a new value of fast_io_fail_tmo would be too high, DM-Multipath sets it to the highest valid value, that is, the current value of dev_loss_tmo minus one. When setting both, the fast_io_fail_tmo and dev_loss_tmo options, dev_loss_tmo is now increased first.

BZ#889987

When the detect_prio option was set, DM-Multipath did not verify whether a storage device supports asymmetric logical unit access (AULA) before setting up the AULA prioritizer on the device. Consequently, if the device did not support AULA, multipathd failed to detect AULA priority of the paths and emitted an error message to the system log. This bug has been fixed so that DM-Multipath now verifies whether a path can be set with AULA priority before setting up the AULA prioritizer on the storage device.

BZ#875199

Due to a NULL pointer dereference bug, multipathd could terminate with a segmentation fault when removing a failed path to a multipath device. This update adds a NULL pointer test to the code, preventing multipathd from a fail in this scenario.

BZ#904836

When creating partitions for the GUID Partition Table (GPT), the kpartx utility did not account for the actual sector size of the devices with the sector size other than 512 bytes. As a result, kpartx created partitions that did not match the actual device partitions. With this update, kpartx correctly calculates a size of the created partitions to matches the actual block size of the storage device.

BZ#918825

The kpartx utility did not properly release file descriptors allocated for loopback devices, causing file descriptor leaks. This update corrects the kpartx code, and kpartx no longer leaves file descriptors open after releasing loopback devices.

BZ#958091

When the multipath command failed to load a multipath device map with read/write permissions, the multipath device could have been incorrectly set with read-only access. This happened because the multipath command always retried reloading the map table with read-only permissions even though the failure was not caused by an EROFS error. With this update, multipath correctly reloads a multipath device with read-only permissions only if the first load attempt has failed with an EROFS error.

BZ#986767

Previously, DM-Multipath did not prevent creating a multipath device to a tapdev device, which cannot be a subject to multipath I/O due to an unexpected path format. Consequently, if a multipath device was created on top of a tapdev device, multipathd terminated with a segmentation fault on the tapdev device's removal from the system. With this update, tapdev devices are blacklisted by default and this problem can no longer occur.

Enhancements

BZ#947798

This update adds a new default keyword, "reload_readwrite", to the /etc/multipath.conf file. If set to "yes", multipathd listens to path change events, and if the path has read-write access to the target storage, multipathd reloads it. This allows a multipath device to automatically grant read-write permissions, as soon as all its paths have read-write access to the storage, instead of requiring manual intervention.

BZ#916667

The multipathd daemon now includes major and minor numbers of the target SCSI storage device along with the path's name to messages that are logged upon path's addition and removal. This allows for better association of the path with the particular multipath device.

BZ#920448

In order to keep naming consistency of multipath devices, DM-Multipath now sets the smallest available user-friendly name even when the /etc/multipath/bindings file has been edited manually. If the smallest user-friendly name cannot be determined, DM-Multipath retains previous behavior and sets the multipath device symbolic name to the next available largest name

BZ#924924

A new default parameter, "replace_wwid_whitespace", has been added to the /etc/multipath.conf file. If set to "yes", the scsi_id command in the default configuration section returns WWID with white space characters replaced by underscores for all applying SCSI devices.

Bug Fix

BZ#814790, BZ#960284, BZ#1006059, BZ#1019217

This enhancement update adds important thin provisioning tools (repair, rmap, and metadata_size) as well as caching tools (check, dump, restore, and repair) to the device-mapper-persistent-data packages in Red Hat Enterprise Linux 6.

Bug Fixes

BZ#996518

Previously, the dhcpd daemon or the dhclient utility terminated unexpectedly with a segmentation fault when starting on an InfiniBand network interface card (NIC) with an alias interface and a shared-network defined. Consequently, dhcpd and dhclient could not be used with an alias interface in a different subnet on InfiniBand NICs. A patch has been applied to address this problem, and neither dhcpd nor dhclient now crash in this scenario.

BZ#902966

Prior to this update, if some of the IPv6 addresses were not in the subnet range declared by subnet6 in the range6 statement, the DHCPv6 server incorrectly offered an address which was not from the client's subnet. The range6 statement parsing code has been fixed to check whether its addresses belong to the subnet, in which the range6 statement was declared. With this update, the DHCPv6 server now fails to start with an error message if the range6 statement is incorrect.

BZ#863936

Previously, the DHCPv4 relay agent (dhcrelay) terminated unexpectedly with a segmentation fault if dhcrelay received a packet over an interface without any IPv4 address assigned. With this update, dhcrelay checks whether the interface has an address assigned prior to further processing of the received packet, and the relay agent no longer crashes in this scenario.

BZ#952126

Previously, when a DHCPv6 request from a DHCPv6 client came from a random port number, the DHCPv6 server sent the reply back to the source port of the message instead of sending it to UDP port 546, which is standard for IPv6. Consequently, the client got the reply on the incorrect port. The reply handling in the DHCPv6 server code has been fixed, and the server now sends replies to UDP port 546.

BZ#978420

Previously, the dhcpd daemon managed memory allocations incorrectly when manipulating objects via the Object Management API (OMAPI). As a consequence, several memory leaks were identified in dhcpd. With this update, memory allocation management has been fixed, and dhcpd no longer leaks memory in this scenario.

BZ#658855

Prior to this update, when the dhclient utility obtained a lease containing the "next-server" option, dhclient did not expose the option to the dhclient-script environment. Consequently, NetworkManager was not able to use the "next-server" option from the dhclient's lease. This bug has been fixed, dhclient now correctly exposes the "next-server" option and NetworkManager can use the option from the dhclient's lease.

BZ#919221

Previously, the dhcpd server was not able to properly handle parsing of a zone definition which contained two or more key statements. As a consequence, dhcpd returned a misleading error message about an internal inconsistency. The zone statement parsing code has been fixed; the error message reported by dhcpd is now more precise in this scenario, saying that there is a multiple key definition for the zone.

BZ#1001742

Previously, when the dhclient utility was running under IPv6 using multiple interfaces, only the last started instance was configured, while others lost connection after the lease-time had expired. Consequently, the last started instance of dhclient received all the DHCPv6 packets, while the other instances failed to communicate with the server. With this update, dhclient is now bound to a specified interface, and multiple instances of dhclient communicate correctly.

Bug Fix

BZ#1010279

Because of a bug in dovecot's SSL parameters generator, installation of Red Hat Enterprise Linux 6 with FIPS mode enabled could become unresponsive when installing the dovecot package. This problem has been fixed and the installation now completes successfully in the described scenario.

Security Fix

CVE-2012-4453

It was discovered that dracut created initramfs images as world readable. A local user could possibly use this flaw to obtain sensitive information from these files, such as iSCSI authentication passwords, encrypted root file system crypttab passwords, or other information.

Bug Fixes

BZ#610462

Previously, the mkinitrd utility had no manual page accessible by users. This update adds the mkinitrd(8) manual page.

BZ#720684

Previously, the dracut utility did not call the "lvchange" command with the "--yes" option. Consequently, specification of the original logical volume name (rd_LVM_LV) was required when booting an LVM snapshot. With this update, dracut calls "lvchange" with the "--yes" option and booting LVM snapshots is now more intuitive.

BZ#857048

Prior to this update, the dracut utility copied symbolic links from the system to initramfs without following every redirection. As a consequence, initramfs could contain stale symbolic links, causing the system to boot incorrectly. This bug has been fixed; dracut now correctly copies symbolic link redirections, initramfs contains the same layout as the real system, and boot problems no longer occur in this scenario.

BZ#886194

The dracut utility did not take into account all parameters of the /etc/crypttab file when setting up crypto devices. Consequently, options and file names in /etc/crypttab had no effect in initramfs. With this update, dracut passes options and file names to the cryptsetup tool when setting up crypto devices, and options and files in /etc/cryppttab are now applied correctly.

BZ#910605

Previously, the dracut utility needed a network configuration on the kernel command line to boot with Internet Small Computer System Interface (iSCSI). Consequently, in cases where no network configuration was needed, it was not possible to boot with iSCSI. Now, dracut starts the iSCSI service regardless of the network configuration parameters on the kernel command line, and the problem described no longer occurs.

BZ#912299

Previously, the dracut utility used the grep tool without unsetting the "GREP_OPTIONS" environment variable. As a consequence, grep did not work correctly because of arbitrary options if the user had set GREP_OPTIONS while calling yum or running dracut. With this update, dracut now unsets GREP_OPTIONS and user settings of this variable no longer affect the correct operation of dracut.

BZ#916144

Prior to this update, the multipath configuration file was always included in the initramfs, even if the root device was not a multipath device. Consequently, the administrator had to update initramfs before rebooting when changing the multipath configuration. The dracut utility has been fixed to include the multipath configuration only if the root device is a multipath device. Additionally, the administrator can split the configuration for the root device which is used in initramfs. Currently, dracut recognizes:

• /etc/multipath-root.conf
• /etc/multipath-root/*
• /etc/xdrdevices-root.conf

These files will be used in initramfs as follows:

• /etc/multipath.conf
• /etc/multipath/*
• /etc/xdrdevices.conf

The administrator can make sure that only the specific multipath configuration for the root device is included in initramfs if he does not want the whole configuration to be copied.

BZ#947729

Previously, when using the Red Hat Enterprise Virtualization Hypervisor packaging of the kernel on a live image, the path to the kernel which needed to be verified during the initial boot did not work correctly. Consequently, the checksum test of the kernel in Federal Information Processing Standard (FIPS) mode failed, and the system did not boot. With this update, the dracut-fips module also looks for the kernel image in different paths and checks those paths with the checksum file in initramfs. As a result, booting an installation in FIPS mode now checks the correct kernel image and if the checksum is correct, the system continues to boot in FIPS mode.

BZ#960729

The dracut utility did not include the xhci-hcd kernel module in the initramfs image. Consequently, the kernel did not recognize USB 3.0 devices in an early boot stage and the root files ystem could not be mounted from a USB 3.0 disk. With this update, dracut now includes the xhci-hcd driver in initramfs, and the system is able to boot from USB 3.0 disks.

BZ#1011508

Previously, if the "biosdevname=1" parameter had not been specified on the kernel command line, the dracut utility disabled biosdevname network interface renaming on all machines. Consequently, on Dell machines, interfaces used in initramfs did not have automatic biosdevname names, even though biosdevname interface renaming was active later in the boot process. With this update, dracut only disables biosdevname if the parameter is set to "0". For non-Dell machines, biosdevname now renames interfaces only if "biosdevname=1" is specified on the kernel command line, and Dell machines have biosdevname named interfaces in initramfs.

BZ#1012316

Previously, the time necessary to activate Fibre Channel over Ethernet (FcoE) on a 10GBaseT Twin Pond adapter was too long. As a consequence, the fipvlan utility called by dracut timed out in the process of waiting for the link to come up, and the boot failed. With this update, fipvlan is called with a parameter to wait 30 seconds for the link to come up, and the problem no longer occurs.

BZ#1018377

Previously, when the dracut utility was running the ldd tool, ldd forwarded its output to the cat utility to use the SELinux permissions of cat to display the output. Consequently, if the ldd forwarded the output to cat, and cat forwarded the output further, and the pipe reader exited early, cat received an "EPIPE" signal and reported it to the standard error output. With this update, dracut redirects standard error of ldd calls to the /dev/null file, and the error message of cat is now hidden in this scenario.

Enhancements

BZ#851666

The dracut utility now supports bonding of network interfaces in initramfs. Bonding parameters can be specified on the kernel command line in the following format:

bond=<bondname>[:<bondslaves>:[:<options>]]

This sets up the <bondname> bonding device on top of <bondslaves>. For more information, run the "modinfo bonding" command.

BZ#1012626

The National Institute of Standards and Technology (NIST) now requires the FIPS module to be defined as a cryptosystem. Therefore, this update adds the /etc/system-fips file marker when the dracut-fips rpm package is installed. It provides a stable file location for FIPS product determination to be used by libraries and applications.

Bug Fixes

BZ#1029844

In FIPS mode, the self checking of binaries is only done if the /etc/system-fips file is present. Prior to this update, the dracut utility did not copy the /etc/system-fips file and some checksum files in the initial ram file system (initramfs). As a consequence, the self check of the tools needed to decrypt a partition was not done and the tools terminated unexpectedly. This bug has been fixed, dracut now copies all the needed files in the initramfs, and systems with encrypted disks can now boot successfully in FIPS mode.

BZ#1029846

When booting in FIPS mode on live ISO images, dracut searched for the checksum file of the kernel image in the wrong place. Consequently, the booting process failed. With this update, the path to the checksum file has been corrected, and live ISO images can now boot in FIPS mode as expected.

Bug Fixes

BZ#922847

Previously, the e2fsck utility was unable to detect inconsistencies related to overlapping interior or leaf nodes in the extent tree. As a consequence, some of ext4 extent tree corruptions were not detected or repaired by e2fsck but they were detected by the kernel at run time. With this update, e2fsck is able to detect and repair the described problems as expected.

BZ#994615

Previously, the e2fsck utility incorrectly detected uninitialized extents past end of file (EOF) as invalid. Consequently, e2fsck identified pre-allocated blocks past EOF as corrupt. This bug has been fixed and e2fsck now identifies uninitialized extents past EOF correctly.

BZ#873201

The resize2fs utility did not properly handle resizing of an ext4 file system to a smaller size. As a consequence, files containing many extents could become corrupted if they were moved during the resize process. With this update, resize2fs maintains a consistent extent tree when moving files containing many extents, and such files no longer become corrupted in the described scenario.

BZ#974975

Previously, the resize2fs utility did not correctly relocate inode and block bitmaps when resizing an ext4 file system to a smaller size. Consequently, some file systems became corrupted when the bitmaps were not moved within the new file system size. A patch has been provided to address this bug and resize2fs now maintains a consistent file system in the described scenario.

BZ#885083

Previously, the e2fsck utility failed to store information about file system errors correctly. Consequently, entries in the journal were sometimes not properly propagated to the file system superblock. This bug has been fixed and e2fsck now handles all file system errors as expected.

BZ#895679

Previously, the e2fsck utility did not clear the error log when processing an ext4 file system. Consequently, e2fsck stored detailed error information in the ext4 file system superblock and returned it periodically upon mounting. With this update, the error log is cleared when e2fsck completes and the redundant error messages are no longer returned.

BZ#927541

Prior to this update, the filefrag utility occasionally reported incorrect extent counts. A patch has been applied to address this problem and extents are now counted correctly.

Bug Fix

BZ#924892

Previously, when an invalid value was passed to the "efibootmgr -o" command, the command did not recognize the problem and passed the incorrect value to other functions. This could have lead to several complications such as commands becoming unresponsive. With this update, efibootmgr has been modified to test for invalid input. As a result, an error message is displayed in the aforementioned scenario.

Bug Fix

BZ#678225

The Lucida Typewriter and Lucida Console fonts were not usable with Emacs 23.1 in Red Hat Enterprise Linux 6. Consequently, the following error message was displayed in the Messages buffer: "set-face-attribute: Font not available". With this update, no error message is displayed in this scenario and the selected font can be used to display the buffer contents.

Bug Fixes

BZ#918540

When updating the environment-modules package, changes to the /usr/share/Modules/init/.modulespath config file were being silently replaced by upgrades. The file is now set marked as %config(noreplace) in the spec file, thus it is preserved between updates.

BZ#929007

The environment scripts of csh and tcsh used the "test" command without specifying the PATH variable. That could have possibly resulted in an unexpected behavior as a user binary called "test" could have been run instead. With this update, the "test" binary is called by its full path. Misbehavior caused by calling a random test binary is no longer possible.

BZ#953198

When updating the environment-modules package, changes to environment scripts in /etc/profile.d were not preserved. With this update, those scripts have been marked as configuration scripts, thus they are preserved between updates.

Bug Fixes

BZ#920826

The ESC utility did not start when the latest 17 series release of the XULRunner runtime environment was installed on the system. This update includes necessary changes to ensure that ESC works as expected with the latest version of XULRunner.

BZ#961582

The ESC utility can be started manually or automatically when a card is inserted. Previously, when ESC started automatically, the ~/.redhat/ directory was created and granted with the read, write and execute permissions. However, some files within this directory had the permissions to read and write only. This inconsistency has been fixed with this update and the permissions are now set properly in the described scenario.

BZ#981156

Due to a bug in the esc.desktop file, an error message has been logged in the /var/log/messages/ directory. This update applies a patch to fix this bug and the error message is no longer returned.

Security Fix

CVE-2013-4166

A flaw was found in the way Evolution selected GnuPG public keys when encrypting emails. This could result in emails being encrypted with public keys other than the one belonging to the intended recipient.

Bug Fix

BZ#665967

The Exchange Calendar could not fetch the "Free" and "Busy" information for meeting attendees when using Microsoft Exchange 2010 servers, and this information thus could not be displayed. This happened because Microsoft Exchange 2010 servers use more strict rules for "Free" and "Busy" information fetching. With this update, the respective code in the openchange packages has been modified so the "Free" and "Busy" information fetching now complies with the fetching rules on Microsoft Exchange 2010 servers. The "Free" and "Busy" information can now be displayed as expected in the Exchange Calendar.

Bug Fixes

BZ#854708

Due to an error leaving a device marked as in-use, attempts to map a block backstore that had been previously mapped would fail. With this update, mappings of block backstores are properly released, and remapping a block device now succeeds.

BZ#880542

Prior to this update, the kernel terminated unexpectedly when the fcoe-target daemon stopped. A patch has been provided to fix this bug, and the kernel now no longer crashes.

BZ#882121

Previously, the target reported support for sequence-level error recovery erroneously. Consequently, interrupting the connection between the FCoE target and a bnx2fc initiator could cause the initiator to erroneously perform sequence-level error recovery instead of exchange-level error, leading to a failure of all devices attached to the target. This bug has been fixed, and connections with a bnx2fc initiator may now be interrupted without disrupting other devices.

BZ#912210

Prior to this update, there was an error in the python-rtslib library. Consequently, when creating a pscsi (SCSI pass-through) storage object in the targetcli utility, the python-rtslib returned a traceback. The error in the library has been fixed, and pscsi storage objects are now created without errors.

BZ#999902

Since the fcoe-utils command-line interface is required by the fcoe-target-utils packages and is not supported on the s390x architecture, fcoe-target-utils will not work properly on s390x, and thus has been removed.

Bug Fix

BZ#903099

Due to a bug in the kernel, destroying an N_Port ID Virtualization (NPIV) port while using an ixbge adapter, the fcoe service init script could become unresponsive on shutdown. An init script patch has been applied to destroy the associated virtual ports first, and the fcoe service no longer hangs in the described scenario.

Enhancement

BZ#981062

The readme file has been updated with a note clarifying that the file system automounting feature is enabled in the default installation of Red Hat Enterprise Linux 6.

Bug Fix

BZ#902478

Previously, when using febootstrap-supermin-helper with the "-g" option, the command did not set the supplemental groups properly. As a consequence, some groups from the user running libguestfs leaked into the appliance build process. After this update, supplemental groups are set correctly.

Bug Fixes

BZ#872308

Previously, the fence agents documentation did not mention how to use the fence_ipmilan agent for fence device HP iLO 3. This update adds this information to the fence_ipmilan(8) manual page.

BZ#896603

Previously, the fence agent fence_cisco_ucs did not respect the "delay" attribute. This bug has now been fixed and fence_cisco_ucs waits the appropriate amount of time, as expected.

BZ#978325

Previously, the fence agent fence_cisco_ucs did not use a proper timeout during the login process, which could have an impact on a successful login. With this update, this timeout is set properly and can be customized by users through the standard configuration methods.

BZ#978326

Previously, the fence agent fence_cisco_ucs failed with a traceback error when the hostname could not be resolved to an IP address. With this update, fence_cisco_ucs exits with an appropriate error message.

BZ#978328

Previously, the fence agent fence_scsi did not provide the correct metadata for the pacemaker "unfence" operation. With this update, an "unfence" operation can be run only on local node.

BZ#912773, BZ#994186

Previously, the fence agent fence_scsi did not respect the "delay" attribute. This bug has been fixed and fence_scsi now waits the appropriate amount of time. As a result, nodes in a 2-node cluster can no longer fence each other.

BZ#959490

Previously, when using the fence_bladecenter agent with the "--ssh" option, the fence agent required also the "--password" or "--identity-file" options. However, this behavior was not documented. As a consequence, when using fence_bladecenter with the "--ssh" option only, fence_bladecenter failed with an error message which was too generic. This bug has been fixed and a more specific error message is now displayed if fence_bladecenter fails to connect.

BZ#887349

Previously, the fence_scsi(8) manual page did not mention the "unfence" operation which is required for fence_scsi to properly function in a cluster environment. With this update, a comment with information about "unfence" in cluster environment has been added to the fence_scsi(8) manual page.

BZ#902404

Previously, when fencing a Red Hat Enterprise Linux cluster node with the fence_soap_vmware fence agent, the agent terminated unexpectedly with a traceback if it was not possible to resolve a hostname of an IP address. With this update, a proper error message is displayed in the described scenario.

BZ#905478

Due to incorrect detection on newline characters during an SSH connection, the fence_drac5 agent could terminate the connection with a traceback when fencing a Red Hat Enterprise Linux cluster node. Only the first fencing action completed successfully but the status of the node was not checked correctly. Consequently, the fence agent failed to report successful fencing. When the "reboot" operation was called, the node was only powered off. With this update, the newline characters are correctly detected and the fencing works as expected.

BZ#981086

Previously, the description of the fence_ipmilan "lanplus" option in the fence_ipmilan(8) manual page was incomplete. This update improves the description of the "lanplus" option and includes information on its impact on security.

BZ#1014000

Previously, an insecure temporary directory was used by the VMware fence agent, which could be used by a local attacker to overwrite an arbitrary local file by the victim running fence agent. This update removes a dependency on the python-suds library, which is vulnerable to a symbolic link attack (CVE-2013-2217), and the VMware fence agent now uses mkdtemp to create a unique temporary directory.

Enhancements

BZ#870269

Previously, users of the HP Integrated Lights-Out (iLO) 4 fence device had to use the fence_ipmilan fence agent. This update adds support for the iLO fence device to the fence-agents packages.

BZ#886614

This update adds support for the firmware for APC power switches, version 5. This update also adds changes to the fence agent command line interface.

Bug Fixes

BZ#883588

The respective gzip files for the fence_virt(8) and fence_xvm(8) manual pages were previously created with executable permissions for everybody, which is incorrect. This has been fixed and these files are now properly created with 644 permissions.

BZ#903172

A bug in the fence_virt fencing agent could cause the agent to fail listing the virtual machines that could have been fenced by the fence_virtd daemon using the serial channel within a virtual interface. This happened when the virtual machine had been started or live-migrated after starting the fence_virtd daemon on the cluster node. The bug has been fixed and fence_virt now lists virtual machines as expected in this scenario.

Bug Fix

BZ#876018

The code handling the response to a two-button dialog prompted the user to click one of the buttons. After clicking the close button or pressing the Escape key, the response was ignored, and the post-installation process continued even after disagreeing to the end-user license agreement (EULA) in Red Hat Enterprise Linux 6. With this update, the code has been modified to close the dialog and stay on the underlying screen. As a result, clicking the close button or pressing the Escape key works as expected.

Bug Fixes

BZ#661770

The foomatic package could not be rebuilt due to the RPM package spec file having incorrect locations for Perl files. The installation locations have been fixed and the package can now be rebuilt.

BZ#726385

Under certain circumstances, the foomatic-rip CUPS filter could fail, causing print jobs to pass raw data to the printer without being correctly filtered. This was caused by a missing parameter to a logging function. This programming error has been corrected and foomatic-rip now behaves correctly in the described scenario.

Bug Fix

BZ#1003940

When the Pluggable Authentication Module (PAM) configuration includes the pam_fprintd module, PAM uses the glib2 functions where the dlclose() function is executed to unload the glib2 libraries. However, this method is not designed for multi-threaded applications. When a PAM operation was made, Directory Server on Red Hat Enterprise Linux 6 terminated unexpectedly during the shutdown phase because it attempted to unload the glib2 destructor, which had been previously unloaded by the fprintd service. This update applies a patch to fix this bug so that fprintd no longer unloads glib2 when pam_fprintd closes. As a result, the glib2 libraries are unloaded when Directory Server is closed and therefore the server shuts down gracefully.

Bug Fixes

BZ#616846, BZ#715605

Prior to this update, the ipmidetectd daemon did not fully validate input command-line parameters. Consequently, ipmidetectd terminated unexpectedly with a segmentation fault when parsing invalid command-line options. With this update, ipmidetectd validates command-line input properly, and therefore no longer crashes in this case.

BZ#818168

Previously, the bmc-watchdog daemon did not create the PID file and did not write the PID number into the file. As a consequence, tools depending on missing PID values did not work correctly. This bug has been fixed, the PID number is now stored in the created PID file and the described problems no longer occur.

Bug Fix

BZ#861113

Prior to this update, when the FTP client was used from a shell with elevated permissions (through the su or the sudo utility), it incorrectly assumed the UID from the original login, instead of the user initiating the client. Consequently, the local home directory was incorrect. With this update, the underlying code has been modified to correctly get the login credentials using the getpwuid(3) utility function call. Now, the local home directory is set according to the user running the client.

Bug Fixes

BZ#906234

Due to the small local buffer for read tokens, GCC (GNU Compiler Collection) could trigger stack smashing protector when reading digraphs in a program. The buffer has been enlarged, and thus the digraph tokens can be read without harming the memory.

BZ#921758

Previously, GCC could terminate unexpectedly when compiling C++ code that contained a structure with the "va_list" member field. The initialization of such a structure has been fixed, and GCC no longer crashes on such code.

BZ#959564

Prior to this update, the libgcc utility could terminate unexpectedly when unwinding the stack for a function annotated with "__attribute__((ms_abi))". This bug has been fixed by ignoring unwind data for unknown column numbers and libgcc no longer crashes.

BZ#967003

Previously, GCC could terminate unexpectedly when processing debug statements. This bug has been fixed by removing the value bound to the variable in such debug statements, and GCC no longer crashes in the described scenario.

Enhancement

BZ#908025

GCC now supports strings with curly braces and vertical bar inside inline assembler code. That is, '{', '}', and '|' can now be prefixed with the '%' sign; in that case they are not handled as dialect delimiters, but are passed directly to the assembler instead.

Bug Fixes

BZ#712959

Logging into the system with GNOME installed while having set KDE Display Manager (KDM) as the default display manager could sometimes cause the user-switch applet to abort. Consequently, switching the user was impossible unless the applet was reloaded. The underlying code has been modified to prevent interference of multiple queued loads of user information so the user-switch applet is now more resilient to crash in this scenario.

BZ#759174

GDM previously did not forward X Display Manager Control Protocol (XDMCP) indirect queries to the correct port of the appropriate machine. Consequently, the GDM host chooser did not work correctly and XDMCP connection could not be established. With this update, GDM now uses the correct port when redirecting XCDMCP queries and XDMCP connections can be established with the chosen remote host as expected.

BZ#785775, BZ#865832

Previously, GDM displayed login messages for an insufficiently short period of time so that some users were not able to read the messages. This update increases the duration of the time period for which is a message displayed at login time to a minimum of 3 seconds.

BZ#795920

GDM previously did not consult content of the "~/.dmrc" file before reading the cached copy of the drmc file in the "/var/cache/gdm/$USERNAME/" directory. This behavior could lead to incorrect or inconsistent users environment settings, such as the default graphical desktop session or language, in environments using network-mounted home directories. This happened because changes to "~/.dmrc" had no effect on machines to which the users logged in and out before modifying the "~/.dmrc" file. With this update, GDM reads "~/.dmrc" before "/var/cache/gdm/$USERNAME/dmrc" so that updates to the user's environment configuration can take effect.

BZ#818074

When the user switched to the already active session, GDM attempted to clean up temporary internal resources twice. This resulted in spurious error messages being logged in the system log. The underlying code has been fixed so that GDM now cleans up those resources correctly.

BZ#844004

When the PreSession shell script fails, the user is expected to be denied login to the system. GDM previously ignored PreSession failures so that the users were able to proceed with an unauthorized login to the system. This update corrects this behavior so that GDM now fails the login process upon the PreSession script failure.

BZ#861114

GDM adjusted the width of the login window in accordance with the length of the authentication message. If an authentication message was very long, the login window became unreasonably wide, resulting in text being displayed out of the visible screen. With this update, long authentication messages are automatically wrapped so the login window retains the expected size, and the message is displayed properly.

BZ#874202

When the user logged out of the system or switched runlevel, the gdm-smartcard-worker extension was terminated unexpectedly with a segmentation fault. This update modifies GDM to ensure that gdm-smartcard-worker is brought down gracefully.

BZ#874707

The GDM default greeter did not set the LANG environment variable in canonical form. Consequently, in mixed environment deployments, such as networks containing Mac OS X machines, the LANG encoding was not correctly recognized by non-Linux systems. This update ensures that GDM sets environment variables are in canonical form.

BZ#953552

The gdm-smartcard-worker extension terminated unexpectedly with a segmentation fault upon startup if the system was started without smart card support. The respective code in gdm-smartcard-worker has been modified so this GDM extension no longer crashes in this scenario.

BZ#977560

When using the smart card authentication method with the "disable_user_list=True" option set, entering an incorrect PIN disabled all further smart card logins until the user successfully logged in using a different authentication method. This update properly resets the dialog window in this situation and allows users to repeat smart card authentication attempts.

BZ#1006947

When booting to runlevel 5 on IBM S/390 systems, GDM emitted a warning messages about not being able to start the X server, which were harmless but could confuse the user. The underlying GDM code has been modified to no longer attempt to start the X server on IBM S/390 systems, and the messages are no longer logged to the system logs.

Bug Fix

BZ#620378

Documentation files were installed executable. As a consequence, testing tools failed due to that configuration. To fix this bug, executable bits were removed from documentation files and testing tools now work as expected in the described scenario.

Bug Fixes

BZ#893775

Due to a bug in a function that copies CID-keyed Type 2 fonts, document conversion attempts sometimes caused the ps2pdf utility to terminate unexpectedly with a segmentation fault. A patch has been provided to address this bug so that the function now copies fonts properly and ps2pdf no longer crashes when converting documents.

BZ#916162

Due to lack of support for the TPGDON option for JBIG2 encoded regions, some PDF files were not displayed correctly. A patch has been provided to add this support so that PDF files using the TPGDON option are now displayed correctly.

BZ#1006165

Previously, some PDF files with incomplete ASCII base-85 encoded images caused the ghostscript utility to terminate with the following error:

/syntaxerror in ID

The problem occurred when the image ended with "~" (tilde) instead of "~>" (tilde, right angle bracket) as defined in the PDF specification. Although this is an improper encoding, an upstream patch has been applied, and ghostscript now handles these PDF files without errors.

Security Fixes

CVE-2013-4332

Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in glibc's memory allocator functions (pvalloc, valloc, and memalign). If an application used such a function, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.

CVE-2013-0242

A flaw was found in the regular expression matching routines that process multibyte character input. If an application utilized the glibc regular expression matching mechanism, an attacker could provide specially-crafted input that, when processed, would cause the application to crash.

CVE-2013-1914

It was found that getaddrinfo() did not limit the amount of stack memory used during name resolution. An attacker able to make an application resolve an attacker-controlled hostname or IP address could possibly cause the application to exhaust all stack memory and crash.

Bug Fixes

BZ#1022022

Due to a defect in the initial release of the getaddrinfo() system call in Red Hat enterprise Linux 6.0, AF_INET and AF_INET6 queries resolved from the /etc/hosts file returned queried names as canonical names. This incorrect behavior is, however, still considered to be the expected behavior. As a result of a recent change in getaddrinfo(), AF_INET6 queries started resolving the canonical names correctly. However, this behavior was unexpected by applications that relied on queries resolved from the /etc/hosts file, and these applications could thus fail to operate properly. This update applies a fix ensuring that AF_INET6 queries resolved from /etc/hosts always return the queried name as canonical. Note that DNS lookups are resolved properly and always return the correct canonical names. A proper fix to AF_INET6 queries resolution from /etc/hosts may be applied in future releases; for now, due to a lack of standard, Red Hat suggests the first entry in the /etc/hosts file, that applies for the IP address being resolved, to be considered the canonical entry.

BZ#552960

The pthread_cond_wait() and pthread_cond_timedwait() functions for AMD64, Intel 64, and Intel P6 architectures contained several synchronizations bugs. Consequently, when a multi-threaded program used a priority-inherited mutex to synchronize access to a condition variable, some threads could enter a deadlock situation when they were woken up by the pthread_cond_signal() function or canceled. This update fixes these synchronization bugs and a thread deadlock can no longer occur in the described scenario.

BZ#834386

The C library security framework was unable to handle dynamically loaded character conversion routines when loaded at specific virtual addresses. This resulted in an unexpected termination with a segmentation fault when trying to use the dynamically loaded character conversion routine. This update enhances the C library security framework to handle dynamically loaded character conversion routines at any virtual memory address, and crashes no longer occur in the described scenario.

BZ#848748

Due to a defect in the standard C library, the library could allocate unbounded amounts of memory and eventually terminate unexpectedly when processing a corrupted NIS request. With this update, the standard C library has been fixed to limit the size of NIS records to the maximum of 16 MB, and the library no longer crashes in this situation. However, it is possible that some configurations with very large NIS maps may no longer work if those maps exceed the maximum of 16 MB.

BZ#851470

Previously, the ttyname() and ttyname_r() library calls returned an error if the proc (/proc/) file system was not mounted. As a result, certain applications could not properly run in a chroot environment. With this update, if the ttyname() and ttyname_r() calls cannot read the /proc/self/fd/ directory, they attempt to obtain the name of the respective terminal from the devices known to the system (the /dev and /dev/pts directories) rather than immediately return an error. Applications running in a chroot environment now work as expected.

BZ#862094

A defect in the standard C library resulted in an attempt to free memory that was not allocated with the malloc() function. Consequently, the dynamic loader could terminate unexpectedly when loading shared libraries that require the dynamic loader to search non-default directories. The dynamic loader has been modified to avoid calling the free() routine for memory that was not allocated using malloc() and no longer crashes in this situation.

BZ#863384

Due to a defect in the getaddrinfo() resolver system call, getaddrinfo() could, under certain conditions, return results that were not Fully Qualified Domain Names (FQDN) when FQDN results were requested. Applications using getaddrinfo() that expected FQDN results could fail to operate correctly. The resolver has been fixed to return FQDN results as expected when requesting an FQDN result and the AI_CANONNAME flag is set.

BZ#868808

The backtrace() function did not print call frames correctly on the AMD64 and Intel 64 architecture if the call stack contained a recursive function call. This update fixes this behavior so backtrace() now prints call frames as expected.

BZ#903754

Debug information previously contained the name "fedora" which could lead to confusion and the respective package could be mistaken for a Fedora-specific package. To avoid this confusion, the package build framework has been changed to ensure that the debug information no longer contains the name "fedora."

BZ#919562

A program that opened and used dynamic libraries which used thread-local storage variables may have terminated unexpectedly with a segmentation fault when it was being audited by a module that also used thread-local storage. This update modifies the dynamic linker to detect such a condition, and crashes no longer occur in the described scenario.

BZ#928318

When the /etc/resolv.conf file was missing on the system or did not contain any nameserver entries, getaddrinfo() failed instead of sending a DNS query to the local DNS server. This bug has been fixed and getaddrinfo() now queries the local DNS server in this situation.

BZ#929388

A previous fix to prevent logic errors in various mathematical functions, including exp(), exp2(), expf(), exp2f(), pow(), sin(), tan(), and rint(), created CPU performance regressions for certain inputs. The performance regressions have been analyzed and the core routines have been optimized to raise CPU performance to expected levels.

BZ#952422

Previously, multi-threaded applications using the QReadWriteLocks locking mechanism could experience performance issues under heavy load. This happened due to the ineffectively designed sysconf() function that was repeatedly called from the Qt library. This update improves the glibc implementation of sysconf() by caching the value of the _SC_NPROCESSORS_ONLN variable so the system no longer spends extensive amounts of time by parsing the /stat/proc file. Performance of the aforementioned applications, as well as applications repetitively requesting the value of _SC_NPROCESSORS_ONLN, should significantly improve.

BZ#966775

Improvements to the accuracy of the floating point functions in the math library, which were introduced by the RHBA-2013:0279 advisory, led to a performance decrease for those functions. With this update, the performance loss regressions have been analyzed and a fix has been applied that retains the current accuracy but reduces the performance penalty to acceptable levels.

BZ#966778

If user groups were maintained on an NIS server and queried over the NIS compat interface, queries for user groups containing a large number of users could return an incomplete list of users. This update fixes multiple bugs in the compat interface so that group queries in the described scenario now return correct results.

BZ#970090

Due to a defect in the name service cache daemon (nscd), cached DNS queries returned, under certain conditions, only IPv4 addresses even though the AF_UNSPEC address family was specified and both IPv4 and IPv6 results existed. The defect has been corrected and nscd now correctly returns both IPv4 and IPv6 results in this situation.

BZ#988931

Due to a defect in the dynamic loader, the loader attempted to write to a read-only page in memory while loading a prelinked dynamic application. This resulted in all prelinked applications being terminated unexpectedly during startup. The defect in the dynamic loader has been corrected and prelinked applications no longer crash in this situation.

Enhancements

BZ#629823

Previous versions of nscd did not cache netgroup queries. The lack of netgroup caching could result in less than optimal performance for users that relied on heavily on netgroup maps in their system configurations. With this update, support for netgroup query caching has been added to nscd. Systems that rely heavily on netgroup maps and use nscd for caching will now have their netgroup queries cached which should improve performance in most configurations.

BZ#663641

Previously, if users wanted to adjust the size of stacks created for new threads, they had to modify the program code. With this update, glibc adds a new GLIBC_PTHREAD_STACKSIZE environment variable allowing users to set the desired default thread stack size in bytes. The variable affects the threads created with the pthread_create() function and default attributes. The default thread stack size may be slightly larger than the requested size due to memory alignment and certain other factors.

BZ#886968

The dynamic loader now coordinates with GDB to provide an interface that is used to improve the performance of debugging applications with very large lists of loaded libraries.

BZ#905575

The glibc packages now provide four Static Defined Tracing (SDT) probes in the libm libraries for the pow() and exp() functions. The SDT probes can be used to detect whether the input to the functions causes the routines to execute the multi-precision slow paths. This information can be used to detect performance problems in applications calling the pow() and exp() functions.

BZ#916986

Support for the MAP_HUGETLB and MAP_STACK flags have been added for use with the mmap() function. Their support is dependant on kernel support and applications calling mmap() should always examine the result of the function to determine the result of the call.

BZ#929302

Performance of the sched_getcpu() function has been improved by calling the Virtual Dynamic Shared Object (VDSO) implementation of the getcpu() system call on the PowerPC architecture.

BZ#970776

The error string for the ESTALE error code has been updated to print "Stale file handle" instead of "Stale NFS file handle", which should prevent confusion over the meaning of the error. The error string has been translated to all supported languages.

Bug Fixes

BZ#998778

Previously, the "errno" value was not set correctly during an API failure. Consequently, applications using API could behave unpredictably. With this update, the value is set properly during API failures and the applications work as expected.

BZ#998832

Previously, the glusterfs-api library handled all signals that were sent to applications using glusterfs-api. As a consequence, glusterfs-api interpreted incorrectly all the the signals that were not used by this library. With this update, glusterfs-api no longer handles the signals that it does not use so that such signals are now interpreted properly.

BZ#1017014

Previously, the glfs_fini() function did not return NULL, even if the libgfapi library successfully cleaned up all resources. Consequently, an attempt to use the "qemu-img create" command, which used libgfapi, failed. The underlying source code has been modified so that the function returns NULL when the libgfapi cleanup is successful, and the command now works as expected.

Enhancement

BZ#916645

Native Support for GlusterFS in QEMU has been included to glusterfs packages. This support allows native access to GlusterFS volumes using the libgfapi library instead of through a locally mounted FUSE file system. This native approach offers considerable performance improvements.

Bug Fixes

BZ#905935

Previously, when using the virt-manager, virt-viewer, and spice-xpi applications, users were unable to enter the gnome-screensaver password after the screen saver had started. This occurred only when the virtual machine system used the Compiz composting window manager. After users had released the mouse cursor, then pressed a key to enter the password, the dialog window did not accept any input. This happened due to incorrect assignment of window focus to applications that did not drop their keyboard grab. With this update, window focus is now properly assigned to the correct place, and attempts to enter the gnome-screensaver password no longer fail in the described scenario.

BZ#947671

Prior to this update, the gnome-screensaver utility worked incorrectly when using an X server that does not support the fade-out function. Consequently, gnome-screensaver terminated unexpectedly when trying to fade out the monitor. This bug has been fixed and gnome-screensaver now detects a potential fade-out failure and recovers instead of crashing.

Bug Fix

BZ#972671

A DHCP server can be configured to use the Pre-Boot Execution Environment (PXE) to boot virtual machines using the gPXE utility. Previously, PXE boot failed when the next-server details had come from a different DHCP server. This update applies a patch to fix this bug and PXE boot now works as expected in the described scenario.

Bug Fixes

BZ#715295

For some regular expressions, the DFA analysis could insert up to double "positions" than there were leaves. Consequently, there were not enough room to insert all the positions and grep could terminate unexpectedly on certain regular expressions. To fix this problem, space allocation has been increased and grep works as expected in the described scenario.

BZ#797934

When a fixed string pattern was empty while the case-insensitive search was active, grep could terminate unexpectedly. With this update, the check for this case has been added to the code and grep works as expected in the described scenario.

BZ#826997

Previously, the code handling case-insensitive searches could alter a string's byte size while converting it to lower case. Consequently, grep could truncate certain output strings. To fix this bug, the grep code has been modified to correctly handle such cases when the byte size gets altered during the conversion to lower case. As a result, case-insensitive searches work correctly and grep no longer truncates its output.

Bug Fixes

BZ#851706

If the title of the GRUB menu entry exceeded the line length of 80 characters, the text showing the remaining time to a boot was inconsistent and thus appeared to be incorrect. The overflowing text was displayed on a new line and the whole text was moved one line down with every passing second. This update splits the text into two lines, and only the second line is rewritten as a boot countdown proceeds so that GRUB behaves correctly for long menu entries.

BZ#854652

When building a new version of grub packages, GRUB did not remove the grub.info file upon the "make clean" command. As a consequence, the grub.info file did not contain the latest changes after applying an update. To fix this problem, the GRUB Makefile has been modified so the grub.info file is now explicitly removed and generated with every package build.

BZ#911715

The GRUB code did not comply with the Unified Extensible Firmware Interface (UEFI) specification and did not disable an EFI platform's watchdog timer as is required by the specification. Consequently, the system was rebooted if the watchdog was not disabled within 5-minutes time frame, which is undesirable behavior. A patch has been applied that disables the EFI watchdog immediately after GRUB is initialized so that EFI systems are no longer restarted unexpectedly.

BZ#916016

When booting a system in QEMU KVM with Open Virtual Machine Firmware (OVMF) BIOS, GRUB was not able to recognize virtio block devices, and the booting process exited to the GRUB shell. This happened because GRUB did not correctly tested paths to EFI devices. The GRUB code now verifies EFI device paths against EFI PCI device paths, and recognizes disk devices as expected in this scenario.

BZ#918824

GRUB did not comply with the UEFI specification when handling the ExitBootServices() EFI function. If ExitBootServices() failed while retrieving a memory map, GRUB exited immediately instead of repeating the attempt. With this update, GRUB retries to obtain a memory map 5 times before exiting, and boot process continues on success.

BZ#922705

When building a 64-bit version of GRUB from a source package, it fails to link executable during the configure phase, unless a 32-bit version of the glibc-static package is installed. No error message was displayed upon GRUB failure in this situation. This has been fixed by setting the grub packages to depend directly on the /usr/lib/libc.a file, which can be provided in different environments. If the file is missing when building the grub packages, an appropriate error message is displayed.

BZ#928938

When installed on a multipath device, GRUB was unreadable and the system was unable to boot. This happened due to a bug in a regular expression used to match devices, and because the grub-install command could not resolve symbolic links to obtain device statistics. This update fixes these problems so that GRUB now boots as expected when installed on a multipath device.

BZ#1008305

When booting in UEFI mode, GRUB previously allocated memory for a pointer to a structure instead allocating memory for the structure. This rendered GRUB to be unable to finish and pass control to the kernel on specific hardware configurations. This update fixes this problem so GRUB now allocates memory for a structure as expected and successfully passes control to the kernel.

BZ#1017296

Previously, GRUB could not be installed on Non-Volatile Memory Express (NVMe) devices because it was unable to parse a device name during the installation process. This update adds a regular expression support for matching NVMe devices, and GRUB can now be successfully installed on these devices.

Enhancements

BZ#848628

GRUB now provides a new menu option "macappend". When "macappend" is used either in the grub.conf file or on the GRUB command line, the "BOOTIF=<MAC_address>" parameter is appended to the kernel command line. This allows specifying a network interface for Anaconda to use during a PXE boot.

Bug Fixes

BZ#991197

Previously, the grub.conf file was not properly updated after a kernel update with the tboot bootloader. This was due to a bug in the grubby tool which caused it to improperly interpret the grub.conf stanzas that had tboot in them. This update enables grubby to read the HYPERVISOR and HYPERVISOR_ARGS parameters from the /etc/sysconfig/kernel file in order for tboot to perform as intended.

BZ#999908

Prior to this update, yum and anaconda upgrades could have failed with a kernel panic on the AMD64 and Intel 64 architectures due to the RAM disk image not being found. This only happened when tboot was installed, and the kernel "%post" or "%posttrans" scripts were run. This update adds the initramfs disk image to the grub entry, and kernel panic failures no longer occur in the described scenario.

Bug Fixes

BZ#970594

When rendering the text in a combo box, the GTK+ cell renderer always rendered text that was rendered last time as the first item. Consequently, if the previously rendered text did not match any item in the name set, the first item in the "Categories" combo box in the Contacts view could have been rendered as empty, which affected accessibility and automated tests. This update ensures that the cell renderer is now properly updated and renders items for the current combo box call so the aforementioned problem no longer occurs.

BZ#979049

Due to a bug in the GtkTreeView interface, the expand arrows in a tree view in Evolution stopped functioning after clicking on an icon in the system tray. This update increases robustness of the tree expanding and collapsing code, which fixes this bug.

Bug Fix

BZ#903303

Previously, the setuid() and setgid() functions did not work properly. As a consequence, the HAProxy load balancer failed to drop supplementary groups correctly after attempting to drop root privileges. The behavior of the functions has been modified, and HAProxy now drops all supplementary groups as expected.

Enhancement

BZ#921064

With this update, support for TPROXY has been added to the haproxy packages. TPROXY simplifies management tasks of clients behind proxy firewalls. Also, transparent proxying makes the presence of the proxy invisible to the user.

Bug Fixes

BZ#639623

Previously, the hdparm utility did not assume that some disk information could be unavailable. As a consequence, hdparm could terminate unexpectedly with no useful output. With this update, proper checks for unsuccessful disk queries have been added, and hdparm now terminates with a more detailed error message.

BZ#735887

Prior to this update, the hdparm utility did not assume that some disk information could be unavailable when the user requested information about how much disk space a file occupied. Consequently, hdparm terminated unexpectedly with no useful output in such a scenario. With this update, proper checks for unsuccessful disk queries have been added. As a result, hdparm now terminates with an error message providing detailed information.

BZ#807056

Previously, the hdparm utility retrieved the hard drive identification data in a way that could cause errors. As a consequence, hdparm failed to obtain the data on some occasions and displayed an unhelpful error message. With this update, the respective system call has been replaced with one that is more appropriate and robust. As a result, the hard drive identification data is now successfully obtained and printed in the output.

BZ#862257

When the hdparm utility is unable to obtain the necessary geometry information about a hard drive, it attempts to download firmware. Previously, due to incorrect control statements, hdparm could terminate unexpectedly with a segmentation fault at such a download attempt. With this update, control statements checking for system call failures have been added. As a result, if hdparm cannot operate on a drive, it displays an error message and exits cleanly.

Bug Fixes

BZ#996152

Previously, the /etc/sysconfig/hsqldb file was not marked as "config(noreplace)". Consequently, reinstallation or update of the packages could overwrite changes to the configuration made by the user. With this update, the configuration file has been marked correctly, and modifications to the file are preserved during reinstallation or update.

BZ#962676

Prior to this update, the hsqldb database depended on java packages of version 1:1.6.0 or later, which are unavailable on some Red Hat Enterprise Linux 6 platforms. As a consequence, installing the hsqldb packages failed with an error message. With this update, java packages of version 0:1.5.0 or later are required, and the installation of hsqldb now proceeds correctly as expected.

Bug Fix

BZ#989142

Previously, certain information about the Red Hat Virtio Small Computer System Interface (SCSI) device was missing from the pci.ids database. Consequently, when using the lspci utility, the device name was not shown correctly and the numeric device ID was shown instead. With this update, the pci.ids database has been modified to provide correct information as expected.

Enhancements

BZ#982659

The PCI ID numbers have been updated for the Beta and the Final compose lists.

BZ#739838

With this update, the pci.ids database has been updated with information about AMD FirePro graphic cards.

BZ#948121

With this update, the pci.ids database has been updated with information about the Cisco VIC SR-IOV Virtual Function with the usNIC capability.

Bug Fixes

BZ#920032

Previously, the hypervkvpd service registered to two netlink multicast groups, one of which was used by the cgred service. When hypervkvpd received a netlink message, it was interpreted blindly as its own. As a consequence, hypervkvpd terminated unexpectedly with a segmentation fault. After this update, hypervkvpd now registers only to its own netlink multicast group and verifies the type of the incoming netlink message. Using hypervkvpd when the cgred service is running no longer leads to a segmentation fault.

BZ#962565

Prior to this update, the hypervkvpd init script did not check if Hyper-V driver modules were loaded into the kernel. If hypervkvpd was installed, it started automatically on system boot, even if the system was not running as a guest machine on a Hyper-V hypervisor. Verification has been added to the hypervkvpd init script to determine whether Hyper-V driver modules are loaded into the kernel. As a result, if the modules are not loaded into the kernel, hypervkvpd now does not start, but displays a message that proper driver modules are not loaded.

BZ#977861

Previously, hypervkvpd was not built with sufficiently secure compiler options, which could, consequently, make the compiled code vulnerable. The hypervkvpd daemon has been built with full read-only relocation (RELRO) and position-independent executable (PIE) flags. As a result, the compiled code is more secure and better guarded against possible buffer overflows.

BZ#983851

When using the Get-VMNetworkAdapter command to query a virtual machine network adapter, each subnet string has to be separated by a semicolon. Due to a bug in the IPv6 subnet enumeration code, the IPv6 addresses were not listed. A patch has been applied, and the IPv6 subnet enumeration now works as expected.

Bug Fix

BZ#965554

Previously, the Hangul engine for IBus did not function properly. If a preedit string was available, and the input focus was moved to another window, then the preedit string was committed. After that, when the input focus was moved back to the window, the X Input Method (XIM) could not handle the first key input. This update resolves this issue with a change in the code, and key press inputs after a focus change are no longer lost in the described scenario.

Bug Fixes

BZ#915659

A regular expression, which was used to match the name of the master bond device in the grep utility, was incorrect. Consequently, network scripts did not properly handle lines in interface configuration containing comments and the ifup-eth command failed to activate slave devices. This update provides an updated regular expression for grep and ifup-eth now works as expected in the described scenario.

BZ#919217 BZ#963944

In Red Hat Enterprise Linux 6.4, a master device was always started after its slaves while using Mode 6 bonding. As a consequence, bonded interfaces were unusable. This update ensures the master device is always set up before its slaves and Mode 6 bonding now works as expected.

BZ#984003

Previously, mounting of the /proc directory in the initrd script did not take into account options set in the /etc/fstab file. As a consequence, /proc was not mounted with the specified options. With this update, /proc is now re-mounted in the rc.sysinit script, which ensures it is mounted with the specified options.

BZ#877928

Previously, initscripts called the nmcli utility to stop the interface even if it was not managed by NetworkManager at the time. As a consequence, the interface was stopped, but the output of nmcli stated the action had failed. After this update, nmcli is no longer called when NetworkManager is not handling the interace, for example when it has failed, is disconnected, unamanaged or unavailable. As a result, the output from nmcli now matches the real result.

BZ#836233

If assigning an IP address through the Dynamic Host Configuration Protocol version 4 (DHCPv4) failed, initscript exited with an error. As a consequence, static IPv4 and IPv6 addresses were not set if DHCPv4 failed. The option IPV4_FAILURE_FATAL has been added to let the user decide whether the script should continue or exit when DHCPv4 fails. Additionally, if set to "no" and DHCPv6 is enabled in the configuration file, initscript tries to get an IPv6 address even if DHCPv4 fails.

BZ#843402

After sending the TERM signal, the killproc() function always waited $delay seconds before it checked the process again. This waiting was unnecessary and with this update killproc() checks multiple times during the waiting delay. As a result, killproc can continue almost immediately after a process ends.

BZ#864802

Previously, initscript did not follow the order of mounts specified by the administrator, because some mount types were prioritized. As a consequence, a subdirectory could be mounted before its parent directory. After this update, NFS, the Common Internet File System (CIFS), the Server Message Block (SBM) and other mount types are the last to be mounted. As a result, the mounts in the /etc/fstab file are processed in the right order.

BZ#814427

Previously, the securetty utility always tried to open the /etc/securetty file in read and write mode. As a consequence, on a read-only root filesystem, this led to failure and the file was not modified even if the TTY had already existed. With this update, securetty now checks whether the /etc/securetty file needs to me modified and exits if it does not. As a result, securetty now works correctly on a read-only root filesystem.

BZ#948824

Prior to this update, users were not informed when an Address Resolution Protocol (ARP) check was performed successfully. As a consequence, the users could be confused about the time needed to load the interface. With this update, a message is printed after every ARP check thus preventing confusion.

BZ#921476

Previously, initscripts documentation contained no information about the rule-* files. As a consequence, users did not know how to set routing rules for IPv6 addresses. This update adds documentation for the rule6-* files to the sysconfig.txt file.

BZ#905423

Previously, users were not aware of the /etc/init/*.conf files being overwritten after every update with the default values. A comment has been added to the /etc/init/*.conf files to inform users these files should not be modified and to use the *.override files instead.

Enhancements

BZ#815676

With this update, configuration options for Dynamic Host Configuration Protocol version 6 (DHCPv6) have been applied to the /etc/dhcp/dhclient6-<iface>.conf files. Options for both DHCPv4 and DHCPv6 in the /etc/dhcp/dhclient6-<iface>.conf are now applied.

Bug Fixes

BZ#746240, BZ#908149

Previously, the iotop utility terminated unexpectedly when it was run by a non-root user. This was because a recently-applied patch in CVE-2011-2494 made I/O statistics from the taskstats kernel subsystem accessible only to root users, and iotop did not anticipate that its "taskstats" call could fail when run by a non-root user. This update adds permission checks to iotop, and when the user does not have the necessary permissions, iotop exits with an explanation that root privileges are now required.

BZ#826875

Previously, the iotop utility did not handle platform strings correctly. Consequently, the iotop command could not show the I/O scheduling class and its priority ("PRIO") column on 64-bit PowerPC systems properly. With this update, the bug has been fixed so that the iotop command now shows the "PRIO" column on 64-bit PowerPC systems as expected.

BZ#849559

When an invalid locale was set, the iotop utility failed to start with the following traceback error:

locale.Error: unsupported locale setting

With this update, the underlying source code has been modified. As a result, when an invalid locale is set, the default locale is used instead and a warning about this change is returned.

Bug Fixes

BZ#904119

Previously, during migration, users were added to the default user group one by one. As a consequence, adding users to a large group was time consuming. With this update, users are now added in batches of 100, which provides a considerable performance boost over the previous method.

BZ#905626

Previously, the Identity Management client installer did not look for all available servers when it tried to enroll a client. Consequently, the enrollment "ipa-client-install" command failed to enroll a client if any of the Identity Management masters were unavailable during the enrollment. With this update, the client installer tries all servers, either auto-discovered from DNS or passed using the "--server" option on the command line, until it finds an available server, and ipa-client-install now works properly.

BZ#906846

Identity Management did not work correctly when migrating from an OpenLDAP server. As a consequence, attempts to retrieve the LDAP schema from the remote server failed. With this update, Identity Management also looks in the "cn=subschema" entry, and migrations from OpenLDAP servers no longer fail.

BZ#907881

Prior to this update, the Identity Management password lockout Directory Server plug-in processed password lockout incorrectly. Consequently, if Identity Management password policy was configured with the Lockout Time value set to 0, user accounts were permanently disabled even though the maximum number of user password failures had not been exceeded. The plug-in has been fixed to process the password lockout time correctly, and the user accounts lockout now works as expected.

BZ#915745

Previously, update files used when upgrading an Identity Management server to a later version did not contain the new Directory Server schema "ipaExternalMember" attribute type and the "ipaExternalGroup" object class. Consequently, neither command-line interface (CLI) commands using the schema elements nor web user interface (Web UI) as a whole worked correctly. This update adds the missing object class and attribute type to the Identity Management update files. The Directory Server schema is now updated during the Identity Management update process, and both CLI commands and the Web UI work properly.

BZ#916209

The Identity Management configuration parser was not able to parse the Kerberos client configuration file (/etc/krb5.conf) when it contained the "includedir" directive. Consequently, the Identity Management ipa-adtrust-install installer, which directly parses and updates Kerberos client configuration, terminated unexpectedly with a syntax error. With this update, the configuration parser processes "includedir" correctly, and ipa-adtrust-install no longer crashes in the described scenario.

BZ#924004

Previously, when the Identity Management client installer was downloading a Certification Authority (CA) certificate from Identity Management server using the LDAP protocol, it did occasionally not fallback to the HTTP protocol. Consequently, Identity Management client installation failed even though the certificate was accessible using the HTTP protocol. With this update, the Identity Management client installer can properly fallback between different protocols when downloading a CA certificate, and it is now able to complete the installation even when download via one protocol fails.

BZ#924009

The Identity Management client installer did not allow re-enrolling of an already enrolled client. Consequently, when a machine or a virtual machine with a configured Identity Management client was being removed or decommissioned without unenrolling the client first, all succeeding client enrollments failed until the client entry was removed from the Identity Management sever. This update adds a "--force-join" option to the Identity Management client installer, and the privileged administrator is now able to re-enroll an Identity Management client.

BZ#924542

Previously, Identity Management Host Based Access Control (HBAC) rules API allowed administrators to specify a "Source Host" component of HBAC rules even though this component had been deprecated. Consequently, unexpected behavior could occur when using the "Source Host" component in HBAC rules. This bug has been fixed; "Source Host" components are now not allowed in HBAC rules, and unexpected behavior of the rules for administrators no longer occurs.

BZ#948928

Under certain circumstances, the Identity Management upgrade process double encoded the Certification Authority (CA) certificate stored in Directory Server. Consequently, some Identity Management clients failed to decode the CA certificate and installing a client failed. With this update, CA certificates are now properly encoded; client installation CA certificate is correctly retrieved from Identity Management server and the installation proceeds as expected.

BZ#950014

In some cases, the Identity Management installation and upgrade process did not update the user and user role membership information in correct order. As a consequence, user roles were occasionally not correctly applied, and users could fail to proceed with privileged actions even though they had been authorized for them (for example, enrollment of an an Identity Management client). Now, the membership information is applied in correct order, and users' privileged actions no longer fail because of incomplete membership information.

BZ#952241

Previously, when an Identity Management public-key infrastructure (PKI) server certificate (auditSigningCert) was being renewed, incorrect trust argument was assigned to the renewed certificate and the server was unable to use it. The certificate renewal procedure has been updated to assign correct trust arguments to the renewed certificates, and Identity Management PKI certificate renewal now works as expected.

BZ#967870

Identity Management server with Active Directory integration support configured replies differently in NetLogon queries compared to Active Directory. The following discrepancies were present in NetLogon behavior:

• No response to NetLogon query when querying over TCP based LDAP
• No response when DnsDomain was not present in the query
• No return of a LDAP_RES_SEARCH_RESULT to sender when query did not match; NetLogon became unresponsive.

As a consequence, these discrepancies could cause errors in utilities which had sent the NetLogon queries. The NetLogon query responder has been fixed, and the above mentioned issues in NetLogon replies no longer occur.

BZ#970541

Identity Management server did not work efficiently in case of entries with many members, such as a large user group. Consequently, Identity Management CLI or Web UI management commands operating with such entries (for example, adding new users, listing groups, or updating them) could last more than 30 seconds. Several improvements have been implemented in the Identity Management server, namely:

• Web UI interface now avoids membership information when it is not required (for example, in group listing)
• Entry membership manipulating commands (for example, adding users to a group) now avoid unnecessary manipulation with membership information
• Missing substring indices for membership attributes have been added.

With these implementations, the performance of Identity Management CLI and Web UI management commands has been significantly improved, especially when dealing with large user groups.

BZ#975431

Previously, the /var/lib/ipa/pki-ca/publish/ directory, where Identity Management public-key infrastructure (PKI) publishes Certificate Revocation List (CRL) exports, contained incorrect ownership and permissions information after the ipa-server package had been reinstalled or upgraded. Consequently, PKI was not able to update CRL in the directory until the ownership and permissions of the directory were manually amended. The Identity Management installer and upgrade script have been fixed to handle the ownership and permissions of the directory correctly, and CRL exports are now updated properly in the described scenario.

BZ#976716

Prior to this update, the Identity Management XML-RPC interface occasionally did not return the correct "Content-Type" header in its replies. Consequently, programs or scripts processing the XML-RPC response could fail to process the response with a validation error. The XML-RPC responder has been fixed to return the correct "Content-Type" header, and programs and scripts are now able to call the Identity Management XML-RPC interface even with strict validation enabled.

BZ#980409

Previously, the Identity Management Active Directory integration did not expect different procedure for populating KERB_VALIDATION_INFO section of MS-PAC extension for a Kerberos ticket done in Microsoft Windows Server 2012, as compared to Microsoft Windows Server 2008. As a consequence, such Kerberos tickets were not accepted due to an incompatibility and could not be used to authenticate or create a Trust with the Microsoft Windows Server 2012. The KERB_VALIDATION_INFO verification has been refactored to filter out unexpected values before further processing, and the Identity Management Active Directory Trust creation no longer fails with Microsoft Windows Server 2012.

BZ#1011044

Previously, the ipa-client-install installation script did not properly detect whether the client had already been installed on the machine or not. As a consequence, the client uninstall script could refuse to restore the machine when it did not recognize the client as installed. Also, the client installation could succeed even on an installed Identity Management client or server machine. This, however, could disrupt the configuration files or Identity management client or server function. With this update, ipa-client-install has been fixed to detect installation properly, and the issues described above no longer occur.

Enhancements

BZ#955698

This update introduces the "userClass" attribute for Identity Management server host entries. Previously, host entries did not contain a free-form attribute usable for host provisioning systems to tag or set a class for a new host, which could then be used by other functions of Identity Management, for example, by the Automatic Membership Assignment module. Administrators and provisioning systems are now able to use the new "userClass" host entry attribute.

BZ#986211

This update adds the "GECOS" field for user entries to Identity Management Web UI. "GECOS" is an important user field as it equals the user's common name presented to the systems, and it should be editable both through CLI and Web UI interfaces. Now, the user's "GECOS" field can be displayed and changed in Identity Management Web UI.

Bug Fixes

BZ#826027

In a previous ipmitool update, the new options "-R" and "-N" were added to adjust the retransmission rate of outgoing IPMI requests over LAN and lanplus interfaces. Implementation of these options set a wrong default value of the retransmission timeout, and an outgoing request timed out prematurely. In addition, in some corner cases, ipmitool could terminate unexpectedly with a segmentation fault when the timeout occurred. This update fixes the default timeout value, so ipmitool without the "-N" option retransmits outgoing IPMI requests as in previous versions, and crashes no longer occur in the described scenario.

BZ#903251

Previously, enabling the "ipmi" and "link" keys in user access information using the ipmitool utility did not work properly. Consequently, the values of these settings were not taken into account. A patch has been provided that ensures the values of these settings are read and processed as expected.

BZ#923192

In cases of congested network or slow-responding Baseboard Management Controller (BMC), the reply operation timeout triggered the protocol command retry action. Consequently, the ipmitool utility could incorrectly process a LAN session protocol command with the reply from a previous protocol command. This update fixes handling of expected replies for each command alone, and cleans up expected replies between commands. Now, the retried reply of the first command is correctly ignored while the later command, which is currently pending, is properly processed in the described scenario.

Bug Fixes

BZ#1011148

While monitoring IP neighbor cache with the ip monitor neigh command, the cache experienced the layer 2 network miss. Consequently, ip monitor neigh command could not decode the miss event generated by the kernel. To fix this bug, code for neighbor cache events for entry deletion and entry miss have been back-ported from upstream and ip monitor neigh now recognizes cache miss event and format it properly with a miss keyword on the output.

BZ#950400

Previously, Red Hat Enterprise Linux 6 was missing a functionality to set up IPv6 token-only network configuration. As a consequence, the user had fewer networking options. The IPv6 token feature has been implemented in both kernel (BZ#876634) and a userspace interface to iproute. Users can now setup IPv6 token-only networking, optionaly receiving network prefixes later.

BZ#908155

Red Hat Enterprise Linux 6.5 shipped with VXLAN (Virtual Extended LAN), a VLAN-like layer 3 encapsulation technique support in the kernel, so a userspace interface was required for users and applications to utilize the VXLAN feature. With this update, the ip utility recognizes and supports the 'vxlan' devices.

BZ#838482

When larger rto_min (the minimum TCP Retransmission TimeOut to use when communicating with a certain destination) was set, the ip route show command did not return correct values. A patch has been provided to fix this bug and ip route show now handles rto_min as expected.

BZ#974694

Prior to this update, the manual page for the lnstat utility was referring wrongly to non-existent directory, the iproute-doc instead of iproute-<package version> directory. The incorrect documentation could confuse the user. To fix this bug, the file-system path has been corrected.

BZ#977845

Previously, there was an inconsistency between the lnstat utility's interval option behavior and its documentation. Consequently, lnstat exited after a number of seconds instead of refreshing the view, making the interval option useless. The interval option behavior has been changed to refresh the data every N seconds, thus fixing the bug.

BZ#985526

Previously, the ip utility was mishandling netlink communication, which could cause hangs under certain circumstances. Consequently, listing network devices with the ip link show command hung in a SELinux restricted mode. With this update, the ip utility checks for the result of the rtnl_send() function before waiting for a reply, avoiding an indefinite hang. As a result, it is now possible to list network devices in a SELinux restricted environment.

BZ#950122

Prior to this update, the tc utility documentation lacked description of the batch option. To fix this bug, the tc manual pages have been updated including the description of the batch option.

Enhancements

BZ#885977

Previously, the bridge module sysfs system did not provide the ability to inspect the non-configuration IP multicast Internet Group Management Protocol (IGMP) snooping data. Without this functionality, users could not fully analyze their multicast traffic. With this update, users are able to list detected multicast router ports, groups with active subscribers and the associated interfaces.

BZ#929313

Distributed Overlay Virtual Ethernet (DOVE) tunnels allow for building of Virtual Extensible Local Area Network (VXLAN), which represents a scalable solution for ISO OSI layer 2 networks used in cloud centers. The bridge tool is part of the iproute packages and can be used, for example, to manage forwarding database on WLAN devices on Linux platform.

BZ#851371

If the tc utility is instrumented from a pipe, there is no way how to recognize when a subcommand has been completed. A new OK option has been added to the tc utility. Now, tc in the batch mode accepts commands in standard input (the tc -OK -force -batch command) and returns OK on a new line on standard output for each successfully completed tc subcommand.

Bug Fixes

BZ#924362

A previous version of iptables added the "alternatives" functionality support for the /lib/xtables/ or /lib64/xtables/ directory. However, iptables failed to replace the directory with the alternatives slave symbolic link when upgrading iptables with the "yum upgrade" command and the directory contained custom plug-in files. Consequently, some iptables modules became unavailable. This problem has been fixed by modifying the iptables spec file so that the /lib/xtables/ or /lib64/xtables/ directory is no longer managed by "alternatives".

BZ#983198

The iptables-save command previously supported only the "--modprobe=" option to specify the path to the modprobe executable. However, the iptables-save(8) man page incorrectly stated that this action could have been performed using an unsupported option, "-M", which could lead to confusion. The iptables-save command has been modified to support the "-M" option for specifying the path to modprobe, and corrects the iptables-save(8) man page, which now correctly mentions both the "-M" and "--modprobe=" option.

BZ#1007632

Due to a bug in the iptables init script, the system could become unresponsive during shutdown when using the network-based root device and the default filter for INPUT or OUTPUT policy was DROP. This problem has been fixed by setting the default chain policy to ACCEPT before flushing the iptables rules and deleting the iptables chains.

Enhancements

BZ#845435

The iptables utility has been modified to support a new option, "--queue-bypass", which allows bypassing an NFQUEUE rule if the specified queue is not used.

BZ#928812

A new iptables service option,"reload", has been added to enable a refresh of the firewall rules without unloading netfilter kernel modules and a possible drop of connections.

Bug Fixes

BZ#951720

Previously, irqbalance warned about MSI interrupts, and that IRQs would not be properly classified due to the use of a kernel version older than kernel-2.6.32-279. This update blocks users from using irqbalance with an older version of the kernel, without features required for processing MSI interrupts, and warning messages are no longer received.

BZ#975524

Due to recent changes in the irqbalance packages, the /var/run/irqbalance.pid file was not created upon start of the irqbalance service, causing irqbalance to become non-compliant with the Linux Standard Base (LSB) specification. This update provides a patch fixing this problem so the irqbalance packages are LSB compliant again.

BZ#991363

A bug in the irqbalance code caused the irqbalance daemon to terminate with a segmentation fault when a CPU was hot plugged or hot unplugged. This update fixes a corrupted IRQ rebalance list and the irqbalance daemon no longer crashes in this scenario.

Bug Fixes

BZ#884427

Previously, database errors could occur if multiple node records in different formats were created for the same iSCSI target portal. Consequently, depending on the file system dependent return order of the readdir syscall, an error occasionally occurred causing an update operation to fail. To fix this bug, multiple node records in different formats have been prevented from existing simultaneously and detected at record creation time. Duplicate node entries no longer exist in the iSCSI database, and updates to records do not result in database errors.

BZ#983553

Prior to this update, a single unreachable target could previously block rescans of others. Consequently, the iscsiadm utility could halt in the D state and the rest of the targets could remain unscanned. To fix this bug, iscsiadm has been made terminable and all the targets have been updated. Now, functioning sessions will be rescanned properly without long delays.

BZ#1001705

When VDMS (Virtual Desktop Server Manager) attempted to add a new record to the iSCSI database, it failed with the following error:

iscsiadm: Error while adding record: no available memory.

Consequently, due to this error, the host became non-operational when connecting to storage. An upstream patch has been applied and the /var/lib/iscsi file is now successfully attached.

Enhancements

BZ#831003

For the bnx2i hardware and potentially other offloading solutions (complementary network technologies for delivering data originally targeted for cellular networks), the iscsistart tool for passing along the VLAN tag from iBFT (iSCSI Boot Firmware Table) to iface_rec (iscsi iface record name) has been implemented to this package.

BZ#917600

With this update, support for managing Flash nodes from the open-iscsi utility has been added to this package.

Bug Fix

BZ#976897

Previously, int[] objects allocated by instances of the com.sun.imageio.plugins.jpeg.JPEGImageWriter class were consuming extensive amounts of memory, which was consequently not released. With this update, the underlying stream processing logic has been modified to ensure correct releasing of such memory, and extensive memory consumption no longer occurs.

Bug Fixes

BZ#825824

Attempting to compile a SystemTap script using the jstack tapset could have failed with an error similar to the following:

error: the frame size of 272 bytes is larger than 256 bytes

This update corrects the jstack tapset and resolves this problem.

BZ#871771

Because of incorrect KDC list concatenation logic, the sun.security.krb5.Config.getKDCList method returned incorrect KDC lists when the dns_lookup_kdc property in the krb5.conf file was set to true. The concatenation logic has been fixed with this release and correct KDC lists are now returned.

BZ#997633

The java-1.7.0-openjdk RPM package contained incorrect specification of the libnss3 dependency and installed its x86_64 version on i686 systems. Because of the missing dependency, launching the java command with the -Dcom.sun.management.jmxremote parameter on 32bit JVMs terminated unexpectedly. The dependency specification has been corrected with this update. As a result, the correct version of the libnss3 package is installed and the java command no longer terminates when launched with the -Dcom.sun.management.jmxremote parameter.

Enhancements

BZ#831734, BZ#905128

The NSS security provider is now the default security provider in OpenJDK 7. This brings a significant performance improvement over the previous releases.

BZ#916288

The java-1.7.0-openjdk RPM package now provides the java dependency. As a result, it is no longer necessary to have the java-1.6.0-openjdk package installed alongside java-1.7.0-openjdk for the java dependency to be available.

Bug Fix

BZ#886237

The Konqueror browser enabled Java support by default. Because Java is one of the common targets for browser-based malware attacks, Java is now disabled by default in Konqueror.

To enable Java in Konqueror, navigate to Settings -> Configure Konqueror -> Java & JavaScript (which sets the path to Java), and select the "Enable Java globally" check box.

Security Fixes

CVE-2014-3673, CVE-2014-3687, Important

A flaw was found in the way the Linux kernel's SCTP implementation handled malformed or duplicate Address Configuration Change Chunks (ASCONF). A remote attacker could use either of these flaws to crash the system.

CVE-2014-3688, Important

A flaw was found in the way the Linux kernel's SCTP implementation handled the association's output queue. A remote attacker could send specially crafted packets that would cause the system to use an excessive amount of memory, leading to a denial of service.

CVE-2014-5045, Moderate

A flaw was found in the way the Linux kernel's VFS subsystem handled reference counting when performing unmount operations on symbolic links. A local, unprivileged user could use this flaw to exhaust all available memory on the system or, potentially, trigger a use-after-free error, resulting in a system crash or privilege escalation.

CVE-2014-4608, Low

An integer overflow flaw was found in the way the lzo1x_decompress_safe() function of the Linux kernel's LZO implementation processed Literal Runs. A local attacker could, in extremely rare cases, use this flaw to crash the system or, potentially, escalate their privileges on the system.

Bug Fixes

BZ#1108360

Before this update, under certain conditons, the kernel timer could cause the Intelligent Platform Management Interface (IPMI) driver to become unresponsive, resulting in high CPU load. With this update, a patch has been applied, and the IPMI driver no longer hangs.

BZ#1109270, BZ#1109712

Previously, when error recovery was restarted, the Orthonormal Basis Functions (OBF) timer in the KCS driver was not reset, which led to an immediate timeout. As a consequence, these timing issues caused caused ipmi to become unresponsive. In addition, numerous error messages were filling up the /var/log/messages file and causing high CPU usage. With this update, patches have been applied to fix this bug, and ipmi no longer hangs in the described situation.

BZ#1135993

Due to certain kernel changes, the TCP Small Queues (TSQ) process did not handle Nagle's algorithm properly when a TCP session became throttled. The underlying source code has been patched, and Nagle's algorithm now works correctly in TSQ.

BZ#1140976

Before this update, due to a bug in the error-handling path, corrupted metadata block could be used as a valid block. With this update, the error handling path is fixed and more checks are added to verify the metadata block. Now, when a corrupted metadata block is encountered, it is properly marked as corrupted and handled accordingly.

BZ#1154087, BZ#1158321

Previously, log forces with relatively little free stack available occurred deep in the call chain. As a consequence, a stack overflew in the (XFS) file system and the system could terminate unexpectedly. To fix this bug, moving log forces to a work queue relieves the stack pressure and avoids the system crash.

BZ#1158324

Before this update, TCP transmit interrupts could not be set lower than the default of 8 buffered tx frames, which under certain conditions led to TCP transmit delays occurring on ixgbe adapters. With this update, code change removes the restriction of minimum 8 buffered frames and now allows minimum of 1 frame a transmit to occur. And as a result, transmit delays are now minimized.

BZ#1165984

Previously, a coding error in Ethernet 100 driver update caused improper initialization for certain Physical Layers (PHYs) and return of RX errors. With this update, the coding error has been fixed, and the device driver works properly.

BZ#1158327

Before this update, the frame buffer (offb) driver did not support setting of the color palette registers on the QEMU standard VGA adapter, which caused incorrect color displaying. The offb driver has been updated for the QEMU standard VGA adapter, fixing the color issues.

BZ#1142569

Before this update, several race conditions occurred between PCI error recovery callbacks and potential calls of the ifup and ifdown commands in the tg3 driver. When triggered, these race conditions could cause unexpected kernel termination. This bug has been fixed, and the kernel no longer crashes.

BZ#1158889, BZ#1162748

Due to hardware bug conditions during Top Segmentation Offload (TSO) fragment processing, there was a page allocation failure in kernel and packets were not transmitted. With this update, more generic Generic Segmentation Offload (GSO) is used as a fallback when TSO fragment processing fails, and packets are now successfully transmitted.

BZ#1163397

Previously, the kernel became unresponsive when using a zombie PID and cgroup. To fix this bug, a patch has been applied, and the kernel no longer hangs.

BZ#1165000

Previously, under certain error conditions gfs2_converter introduced incorrect values for the on-disk inode's di_goal_meta field. As a consequence, gfs2_converter returned the EBADSLT error on such inodes and did not allow creation of the new files in directories or new blocks in regular files. The fix allows gfs2_converter to set a sensible goal value if a corrupt one is encountered and proceed with normal operations. With this update, gfs2_converter implicitly fixes any corrupt goal values, and thus no longer disrupts normal operations.

BZ#1169403

Previously, certain error conditions led to messages being sent to system logs. These messages could become lost instead of being logged, or repeated messages were not suppressed. In extreme cases, the resulting logging volume could cause system lockups or other problems. The relevant test has been reversed to fix this bug, and frequent messages are now suppressed and infrequent messages logged as expected.

Enhancement

BZ#1167209

This update adds fixes from Emulex and Oracle Enterprise Management (OEM) qualifications including latest fixes for Skyhawk hardware to the Emulex be2iscsi driver.

Security Fixes

CVE-2014-5077, Important

A NULL pointer dereference flaw was found in the way the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation handled simultaneous connections between the same hosts. A remote attacker could use this flaw to crash the system.

Bug Fixes

BZ#1110839

Due to a bug in the kernel signal handling, the decimal floating point (DFP) operations could have been executed with an incorrect rounding mode. As a consequence, DFP calculations could return incorrect or corrupted results. This update fixes this problem by replacing a simple bit mask that was previously used to verify validity of some values in the floating point control register. The bit mask is replaced by a trial load of the floating point control register.

BZ#1140163

Previously, when freeing a large number of huge pages (several TB), the kernel could experience soft lockup events. This could possibly result in performance problems. The memory management code has been modified to increase a chance of a context switch in this situation, which prevents occurrence of soft lockup events.

BZ#1122102

A bug in the nouveau driver could prevent the main display of a Lenovo ThinkPad W530 laptop from being initialized after the system was resumed from suspend. This happened if the laptop had an external screen that was detached while the system was suspended. This problem has been fixed by backporting an upstream patch related to the DisplayPort interface.

BZ#1139807

Due to race conditions in the IP Virtual server (IPVS) code, the kernel could trigger a general protection fault when running the IPVS connection synchronization daemon. With this update, the race conditions in the IPVS code have been addressed, and the kernel no longer crashes when running the IPVS daemon.

BZ#1139345

The kernel could sometimes panic due to a possible division by zero in the kernel scheduler. This bug has been fixed by defining a new div64_ul() division function and correcting the affected calculation in the proc_sched_show_task() function.

BZ#1125980

Removing the rtsc_pci_ms kernel module on some Lenovo ThinkPad series laptops could result in a kernel panic. This update resolves this problem by correcting a bug in the base drivers function, platform_uevent().

BZ#1125994

A bug in the Linux Netpoll API could result in a kernel oops if the system had the netconsole service configured over a bonding device. With this update, incorrect flag usage in the netpoll_poll_dev() function has been fixed and the kernel no longer crashes due to this bug.

BZ#1127580

The kernel did not handle exceptions caused by an invalid floating point control (FPC) register, resulting in a kernel oops. This problem has been fixed by placing the label to handle these exceptions to the correct place in the code.

BZ#1138301

Previously, certain network device drivers did not accept ethtool commands right after they were mounted. As a consequence, the current setting of the specified device driver was not applied and an error message was returned. The ETHTOOL_DELAY variable has been added, which makes sure the ethtool utility waits for some time before it tries to apply the options settings, thus fixing the bug.

BZ#1130630

A rare race between the file system unmount code and the file system notification code could lead to a kernel panic. With this update, a series of patches has been applied to the kernel to prevent this problem.

BZ#1131137

A bug in the bio layer could prevent user space programs from writing data to disk when the system run under heavy RAM memory fragmentation conditions. This problem has been fixed by modifying a respective function in the bio layer to refuse to add a new memory page only if the page would start a new memory segment and the maximum number of memory segments has already been reached.

BZ#1135713

Due to a bug in the ext3 code, the fdatasync() system call did not force the inode size change to be written to the disk if it was the only metadata change in the file. This could result in the wrong inode size and possible data loss if the system terminated unexpectedly. The code handling inode updates has been fixed and fdatasync() now writes data to the disk as expected in this situation.

BZ#1134258

Previously, the openvswitch driver did not handle frames that contained multiple VLAN headers correctly, which could result in a kernel panic. This update fixes the problem and ensures that openvswitch process such frames correctly.

BZ#1134696

Later Intel CPUs added a new "Condition Changed" bit to the MSR_CORE_PERF_GLOBAL_STATUS register. Previously, the kernel falsely assumed that this bit indicates a performance interrupt, which prevented other NMI handlers from running and executing. To fix this problem, a patch has been applied to the kernel to ignore this bit in the perf code, enabling other NMI handlers to run.

BZ#1135393

After the VLAN devices over the virtio_net driver were allowed to use the TCP Segmentation Offload (TSO) feature, the segmentation of packets was moved from virtual machines to the host. However, some devices cannot handle TSO using the 8021q module, and are breaking the packets, which resulted in very low throughput (less than 1 Mbps) and transmission of broken packets over the wire. Until this problem is properly fixed, a patch that allows using of the TSO feature has been reverted; the segmentation is now performed again on virtual machines as and the network throughput is normal.

BZ#1141165

Due to a race condition in the IP Virtual server (IPVS) code, the kernel could trigger a panic when processing packets from the same connection on different CPUs. This update adds missing spin locks to the code that hashes and unhashes connections from the connection table, and ensures that all packets from the same connection are processed by a single CPU.

BZ#1129994

Previously, small block random I/O operations on IBM Power 8 machines using Emulex 16 Gb Fibre Channel (FC) Host Bus Adapter (HBA) could become unresponsive due to a bug in the lpfc driver. To fix this problem, a memory barrier has been added to the lpfc code to ensure that a valid bit is read before the CQE payload.

BZ#1126681

Running the "bridge link show" command on a system with configured bridge devices could trigger a kernel panic. This happened because all RTNL message types were not properly unregistered from the bridge module registers. This update ensures that both RTNL message types are correctly unregistered and the kernel panic no longer occurs in this situation.

BZ#1114406

Previously, the NFS server did not handle correctly situations when multiple NFS clients were appending data to a file using write delegations, and the data might become corrupted. This update fixes this bug by adjusting a NFS cache validity check in the relevant NFS code, and the file accessed in this scenario now contains valid data.

BZ#1131977

Previously, the IPv4 routing code allowed the IPv4 garbage collector to run in parallel on multiple CPUs with the exact configuration. This could greatly decrease performance of the system, and eventually result in soft lockups after the system reached certain load. To resolve this problem and improve performance of the garbage collector, the collector has been moved to the work queue where it is run asynchronously.

Enhancements

BZ#1133834

A new "nordirplus" option has been implemented for the exportfs utility for NFSv3. This option allows the user to disable READDIRPLUS requests for the given NFSv3 export, and thus prevent unwanted disk access in certain scenarios.

Security Fixes

CVE-2014-0205, Important

A flaw was found in the way the Linux kernel's futex subsystem handled reference counting when requeuing futexes during futex_wait(). A local, unprivileged user could use this flaw to zero out the reference counter of an inode or an mm struct that backs up the memory area of the futex, which could lead to a use-after-free flaw, resulting in a system crash or, potentially, privilege escalation.

CVE-2014-3535, Important

A NULL pointer dereference flaw was found in the way the Linux kernel's networking implementation handled logging while processing certain invalid packets coming in via a VxLAN interface. A remote attacker could use this flaw to crash the system by sending a specially crafted packet to such an interface.

CVE-2014-3917, Moderate

An out-of-bounds memory access flaw was found in the Linux kernel's system call auditing implementation. On a system with existing audit rules defined, a local, unprivileged user could use this flaw to leak kernel memory to user space or, potentially, crash the system.

CVE-2014-4667, Moderate

An integer underflow flaw was found in the way the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation processed certain COOKIE_ECHO packets. By sending a specially crafted SCTP packet, a remote attacker could use this flaw to prevent legitimate connections to a particular SCTP server socket to be made.

Bug Fixes

BZ#1089359

Previously, NFSv4 allowed an NFSv4 client to resume an expired or lost file lock. This could result in file corruption if the file was modified in the meantime. This problem has been resolved by a series of patches ensuring that an NFSv4 client no longer attempts to recover expired or lost file locks.

BZ#1090613

A false positive bug in the NFSv4 code could result in a situation where an NFS4ERR_BAD_STATEID error was being resent in an infinite loop instead of a bad state ID being recovered. To fix this problem, a series of patches has been applied to the NFSv4 code. The NFS client no longer retries an I/O operation that resulted in a bad state ID error if the nfs4_select_rw_stateid() function returns an -EIO error.

BZ#1120651

A previous change to the Open vSwitch kernel module introduced a use-after-free problem that resulted in a kernel panic on systems that use this module. This update ensures that the affected object is freed on the correct place in the code, thus avoiding the problem.

BZ#1118782

Previously, the Huge Translation Lookaside Buffer (HugeTLB) unconditionally allowed access to huge pages. However, huge pages may be unsupported in some environments, such as a KVM guest on the PowerPC architecture when not backed by huge pages, and an attempt to use a base page as a huge page in memory would result in a kernel oops. This update ensures that HugeTLB denies access to huge pages if the huge pages are not supported on the system.

BZ#1096397

NFSv4 incorrectly handled a situation when an NFS client received an NFS4ERR_ADMIN_REVOKED error after sending a CLOSE operation. As a consequence, the client kept sending the same CLOSE operation indefinitely although it was receiving NFS4ERR_ADMIN_REVOKED errors. A patch has been applied to the NFSv4 code to ensure that the NFS client sends the particular CLOSE operation only once in this situation.

BZ#1099607

NFS previously called the drop_nlink() function after removing a file to directly decrease a link count on the related inode. Consequently, NFS did not revalidate an inode cache, and could thus use a stale file handle, resulting in an ESTALE error. A patch has been applied to ensure that NFS validates the inode cache correctly after removing a file.

BZ#1117582

A previous change to the SCSI code fixed a race condition that could occur when removing a SCSI device. However, that change caused performance degradation because it used a certain function from the block layer code that was returning different values compared with later versions of the kernel. This update alters the SCSI code to properly utilize the values returned by the block layer code.

BZ#1102794

Previously, when using a bridge interface configured on top of a bonding interface, the bonding driver was not aware of IP addresses assigned to the bridge. Consequently, with ARP monitoring enabled, the ARP monitor could not target the IP address of the bridge when probing the same subnet. The bridge was thus always reported as being down and could not be reached. With this update, the bonding driver has been made aware of IP addresses assigned to a bridge configured on top of a bonding interface, and the ARP monitor can now probe the bridge as expected. Note that the problem still occurs if the arp_validate option is used. Therefore, do not use this option in this case until this issue is fully resolved.

BZ#1113824

The automatic route cache rebuilding feature could incorrectly compute the length of a route hash chain if the cache contained multiple entries with the same key but a different TOS, mark, or OIF bit. Consequently, the feature could reach the rebuild limit and disable the routing cache on the system. This problem is fixed by using a helper function that avoids counting such duplicate routes.

BZ#1121541

Due to a race condition that allowed a RAID array to be written to while it was being stopped, the md driver could enter a deadlock situation. The deadlock prevented buffers from being written out to the disk, and all I/O operations to the device became unresponsive. With this update, the md driver has been modified so this deadlock is now avoided.

BZ#1112226

When booting a guest in the Hyper-V environment and enough of Programmable Interval Timer (PIT) interrupts were lost or not injected into the guest on time, the kernel panicked and the guest failed to boot. This problem has been fixed by bypassing the relevant PIT check when the guest is running under the Hyper-V environment.

Security Fixes

CVE-2014-2851, Important

A use-after-free flaw was found in the way the ping_init_sock() function of the Linux kernel handled the group_info reference counter. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system.

CVE-2014-6647, Moderate

A NULL pointer dereference flaw was found in the way the futex_wait_requeue_pi() function of the Linux kernel's futex subsystem handled the requeuing of certain Priority Inheritance (PI) futexes. A local, unprivileged user could us this flaw to crash the system.

CVE-2014-7339, Moderate

A NULL pointer dereference flaw was found in the rds_ib_laddr_check() function in the Linux kernel's implementation of Reliable Datagram Sockets (RDS). A local, unprivileged user could use this flaw to crash the system.

CVE-2014-2672, Moderate

It was found that a remote attacker could use a race condition flaw in the ath_tx_aggr_sleep() function to crash the system by creating large network traffic on the system's Atheros 9k wireless network adapter.

CVE-2014-2678, Moderate

A NULL pointer dereference flaw was found in the rds_iw_laddr_check() function in the Linux kernel's implementation of Reliable Datagram Sockets (RDS). A local, unprivileged user could use this flaw to crash the system.

CVE-2014-2706, Moderate

A race condition flaw was found in the way the Linux kernel's mac80211 subsystem implementation handled synchronization between TX and STA wake-up code paths. A remote attacker could use this flaw to crash the system.

CVE-2014-3144, CVE-2014-3145, Moderate

An out-of-bounds memory access flaw was found in the Netlink Attribute extension of the Berkeley Packet Filter (BPF) interpreter functionality in the Linux kernel's networking implementation. A local, unprivileged user could use this flaw to crash the system or leak kernel memory to user space via a specially crafted socket filter.

Bug Fixes

BZ#1107503

Due to a bug in the mount option parser, prefix paths on a CIFS DFS share could be prepended with a double backslash ('\\'), resulting in an incorrect "No such file" error in certain environments. The mount option parser has been fixed and prefix paths now starts with a single backslash as expected.

BZ#1110170, BZ#1110169, BZ#1110168, BZ#1109885, BZ#1109883

Several concurrency problems, that could result in data corruption, were found in the implementation of CTR and CBC modes of operation for AES, DES, and DES3 algorithms on IBM S/390 systems. Specifically, a working page was not protected against concurrency invocation in CTR mode. The fallback solution for not getting a working page in CTR mode did not handle iv values correctly. The CBC mode used did not properly save and restore the key and iv values in some concurrency situations. All these problems have been addressed in the code and the concurrent use of the aforementioned algorithms no longer cause data corruption.

BZ#1090749

In cluster environment, the multicast traffic from the guest to a host could be sometimes unreliable. An attempt to resolve this problem was made with the RHSA-2013-1645 advisory, however, that attempt introduced a regression. This update reverts patches for this problem provided by RHSA-2013-1645 and introduces a new fix of the problem. The problem has been resolved by flooding the network with multicast packets if the multicast querier is disabled and no other querier has been detected.

BZ#1106472

The bridge MDB RTNL handlers were incorrectly removed after deleting a bridge from the system with more then one bridge configured. This led to various problems, such as that the multicast IGMP snooping data from the remaining bridges were not displayed. This update ensures that the bridge handlers are removed only after the bridge module is unloaded, and the multicast IGMP snooping data now displays correctly in the described situation.

BZ#1100574

Due to a bug in the nouveau kernel module, the wrong display output could be modified in certain multi-display configurations. Consequently, on Lenovo Thinkpad T420 and W530 laptops with an external display connected, this could result in the LVDS panel "bleeding" to white during startup, and the display controller might become non-functional until after a reboot. Changes to the display configuration could also trigger the bug under various circumstances. With this update, the nouveau kernel module has been corrected and the said configurations now work as expected.

BZ#1103821

When guest supports Supervisor Mode Execution Protection (SMEP), KVM sets the appropriate permissions bits on the guest page table entries (sptes) to emulate SMEP enforced access. Previously, KVM was incorrectly verifying whether the "smep" bit was set in the host cr4 register instead of the guest cr4 register. Consequently, if the host supported SMEP, it was enforced even though it was not requested, which could render the guest system unbootable. This update corrects the said "smep" bit check and the guest system boot as expected in this scenario.

BZ#1096059

Previously, if a hrtimer interrupt was delayed, all future pending hrtimer events that were queued on the same processor were also delayed until the initial hrtimer event was handled. This could cause all hrtimer processing to stop for a significant period of time. To prevent this problem, the kernel has been modified to handle all expired hrtimer events when handling the initially delayed hrtimer event.

BZ#1099725

Previously, hardware could execute commands send by drivers in FIFO order instead of tagged order. Commands thus could be executed out of sequence, which could result in large latencies and degradation of throughput. With this update, the ATA subsystem tags each command sent to the hardware, ensuring that the hardware executes commands in tagged order. Performance on controllers supporting tagged commands can now increase by 30-50%.

BZ#1107931

Due to a bug in the GRE tunneling code, it was impossible to create a GRE tunnel with a custom name. This update corrects behavior of the ip_tunnel_find() function, allowing users to create GRE tunnels with custom names.

BZ#1110658

The qla2xxx driver has been upgraded to version 8.05.00.03.06.5-k2, which provides a number of bug fixes over the previous version in order to correct various timeout problems with the mailbox command.

BZ#1093984

The kernel previously did not reset the kernel ring buffer if the trace clock was changed during tracing. However, the new clock source could be inconsistent with the previous clock source, and the result trace record thus could contain incomparable time stamps. To ensure that the trace record contains only comparable time stamps, the ring buffer is now reset whenever the trace clock changes.

BZ#1103972

Previously, KVM did not accept PCI domain (segment) number for host PCI devices, making it impossible to assign a PCI device that was a part of a non-zero PCI segment to a virtual machine. To resolve this problem, KVM has been extended to accept PCI domain number in addition to slot, device, and function numbers.

Enhancement

BZ#1094403

Users can now set ToS, TTL, and priority values in IPv4 on per-packet basis.

Security Fixes

CVE-2014-3153, Important

A flaw was found in the way the Linux kernel's futex subsystem handled the requeuing of certain Priority Inheritance (PI) futexes. A local, unprivileged user could use this flaw to escalate their privileges on the system.

CVE-2014-1737, Important

A flaw was found in the way the Linux kernel's floppy driver handled user space provided data in certain error code paths while processing FDRAWCMD IOCTL commands. A local user with write access to /dev/fdX could use this flaw to free (using the kfree() function) arbitrary kernel memory.

CVE-2014-1738, Low

It was found that the Linux kernel's floppy driver leaked internal kernel memory addresses to user space during the processing of the FDRAWCMD IOCTL command. A local user with write access to /dev/fdX could use this flaw to obtain information about the kernel heap arrangement.

Note

A local user with write access to /dev/fdX could use these two flaws (CVE-2014-1737 in combination with CVE-2014-1738) to escalate their privileges on the system.

CVE-2014-0203, Moderate

It was discovered that the proc_ns_follow_link() function did not properly return the LAST_BIND value in the last pathname component as is expected for procfs symbolic links, which could lead to excessive freeing of memory and consequent slab corruption. A local, unprivileged user could use this flaw to crash the system.

CVE-2014-2039, Moderate

A flaw was found in the way the Linux kernel handled exceptions when user-space applications attempted to use the linkage stack. On IBM S/390 systems, a local, unprivileged user could use this flaw to crash the system.

CVE-2013-6378, Low

An invalid pointer dereference flaw was found in the Marvell 8xxx Libertas WLAN (libertas) driver in the Linux kernel. A local user able to write to a file that is provided by the libertas driver and located on the debug file system (debugfs) could use this flaw to crash the system. Note: The debugfs file system must be mounted locally to exploit this issue. It is not mounted by default.

CVE-2014-1874, Low

A denial of service flaw was discovered in the way the Linux kernel's SELinux implementation handled files with an empty SELinux security context. A local user who has the CAP_MAC_ADMIN capability could use this flaw to crash the system.

Bug Fixes

BZ#1086839

Due to a ndlp list corruption bug in the lpfc driver, systems with Emulex LPe16002B-M6 PCIe 2-port 16Gb Fibre Channel Adapters could trigger a kernel panic during I/O operations. A series of patches has been backported to address this problem so the kernel no longer panics during I/O operations on the aforementioned systems.

BZ#1096214

A previous change enabled receive acceleration for VLAN interfaces configured on a bridge interface. However, this change allowed VLAN-tagged packets to bypass the bridge and be delivered directly to the VLAN interfaces. This update ensures that the traffic is correctly processed by a bridge before it is passed to any VLAN interfaces configured on that bridge.

BZ#1090750

A previous change that introduced global clock updates caused guest machines to boot slowly when the host Time Stamp Counter (TSC) was marked as unstable. The slow down increased with the number of vCPUs allocated. To resolve this problem, a patch has been applied to limit the rate of the global clock updates.

BZ#1094287

Due to a bug in the ixgbevf driver, the stripped VLAN information from incoming packets on the ixgbevf interface could be lost, and such packets thus did not reach a related VLAN interface. This problem has been fixed by adding the packet's VLAN information to the Socket Buffer (skb) before passing it to the network stack. As a result, the ixgbevf driver now passes the VLAN-tagged packets to the appropriate VLAN interface.

BZ#1089915

A race condition between completion and timeout handling in the block device code could sometimes trigger a BUG_ON() assertion, resulting in a kernel panic. This update resolves this problem by relocating a relevant function call and the BUG_ON() assertion in the code.

BZ#1088779

Systems that use NFS file systems could become unresponsive or trigger a kernel oops due to a use-after-free bug in the duplicate reply cache (DRC) code in the nfsd daemon. This problem has been resolved by modifying nfsd to unhash DRC entries before attempting to use them and to prefer to allocate a new DRC entry from the slab instead of reusing an expired entry from the list.

BZ#1092002

When an attempt to create a file on the GFS2 file system failed due to a file system quota violation, the relevant VFS inode was not completely uninitialized. This could result in a list corruption error. This update resolves this problem by correctly uninitializing the VFS inode in this situation.

BZ#1069630

Previously, automount could become unresponsive when trying to reconnect to mounts with the direct or offset mount types at system startup. This happened because the device ioctl code did not handle the situation when the relevant caller did not yet own the mount. Also, the umount() command sometimes failed to unmount an NFS file system with the stale root. Both problems have been addressed in the virtual file system code, and automount is now able to mount direct or offset mounts using a new lookup function, kern_path_mountpoint(). The umount() command now handles mount points without their revalidation, which allows the command to unmount NFS file systems with the stale root.

BZ#1091424

The kernel did not handle environmental and power warning (EPOW) interrupts correctly. This prevented successful usage of the "virsh shutdown" command to shut down guests on IBM POWER8 systems. This update ensures that the kernel handles EPOW events correctly and also prints informative descriptions for the respective EPOW events. The detailed information about each encountered EPOW can be found in the Real-Time Abstraction Service (RTAS) error log.

BZ#1081915

Due to a race condition in the cgroup code, the kernel task scheduler could trigger a kernel panic when it was moving an exiting task between cgroups. A patch has been applied to avoid this kernel panic by replacing several improperly used function calls in the cgroup code.

BZ#1081909

An incorrectly placed function call in the cgroup code prevented the notify_on_release functionality from working properly. This functionality is used to remove empty cgroup directories, however due to this bug, some empty cgroup directories were remaining on the system. This update ensures that the notify_on_release functionality is always correctly triggered by correctly ordering operations in the cgroup_task_migrate() function.

BZ#1081914

Due to a race condition in the cgroup code, the kernel task scheduler could trigger a use-after-free bug when it was moving an exiting task between cgroups, which resulted in a kernel panic. This update avoids the kernel panic by introducing a new function, cpu_cgroup_exit(). This function ensures that the kernel does not release a cgroup that is not empty yet.

BZ#1079869

Due to a bug in the hrtimers subsystem, the clock_was_set() function called an inter-processor interrupt (IPI) from soft IRQ context and waited for its completion, which could result in a deadlock situation. A patch has been applied to fix this problem by moving the clock_was_set() function call to the working context. Also during the resume process, the hrtimers_resume() function reprogrammed kernel timers only for the current CPU because it assumed that all other CPUs are offline. However, this assumption was incorrect in certain scenarios, such as when resuming a Xen guest with some non-boot CPUs being only stopped with IRQs disabled. As a consequence, kernel timers were not corrected on other than the boot CPU even though those CPUs were online. To resolve this problem, hrtimers_resume() has been modified to trigger an early soft IRQ to correctly reprogram kernel timers on all CPUs that are online.

BZ#1080104

Due to a previous change that altered the format of the txselect parameter, the InfiniBand qib driver was unable to support HP branded QLogic QDR InfiniBand cards in HP Blade servers. To resolve this problem, the driver's parsing routine, setup_txselect(), has been modified to handle multi-value strings.

BZ#1075653

A previous change to the virtual file system (VFS) code included the reduction of the PATH_MAX variable by 32 bytes. However, this change was not propagated to the do_getname() function, which had a negative impact on interactions between the getname() and do_getname() functions. This update modifies do_getname() accordingly and this function now works as expected.

BZ#1082622

Previously, in certain environments, such as an HP BladeSystem Enclosure with several Blade servers, the kdump kernel could experience a kernel panic or become unresponsive during boot due to lack of available interrupt vectors. As a consequence, kdump failed to capture a core dump. To increase a number of available interrupt vectors, the kdump kernel can boot up with more CPUs. However, the kdump kernel always tries to boot up with the bootstrap processor (BSP), which can cause the kernel to fail to bring up more than one CPU under certain circumstances. This update introduces a new kernel parameter, disable_cpu_acipid, which allows the kdump kernel to disable BSP during boot and then to successfully boot up with multiple processors. This resolves the problem of lack of available interrupt vectors for systems with a high number of devices and ensures that kdump can now successfully capture a core dump on these systems.

BZ#1091826

A previous patch to the kernel scheduler fixed a kernel panic caused by a divide-by-zero bug in the init_numa_sched_groups_power() function. However, that patch introduced a regression on systems with standard Non-Uniform Memory Access (NUMA) topology so that cpu_power in all but one NUMA domains was set to twice the expected value. This resulted in incorrect task scheduling and some processors being left idle even though there were enough queued tasks to handle, which had a negative impact on system performance. This update ensures that cpu_power on systems with standard NUMA topology is set to expected values by adding an estimate to cpu_power for every uncounted CPU.Task scheduling now works as expected on these systems without performance issues related to the said bug.

BZ#1092870

The RTM_NEWLINK messages can contain information about every virtual function (VF) for the given network interface (NIC) and can become very large if this information is not filtered. Previously, the kernel netlink interface allowed the getifaddr() function to process RTM_NEWLINK messages with unfiltered content. Under certain circumstances, the kernel netlink interface would omit data for the given group of NICs, causing getifaddr() to loop indefinitely being unable to return information about the affected NICs. This update resolves this problem by supplying only the RTM_NEWLINK messages with filtered content.

BZ#1063508

The ext4_releasepage() function previously emitted an unnecessary warning message when it was passed a page with the PageChecked flag set. To avoid irrelevant warnings in the kernel log, this update removes the related WARN_ON() from the ext4 code.

BZ#1070296

Microsoft Windows 7 KVM guests could become unresponsive during reboot because KVM did not manage to inject an Non-Maskable Interrupt (NMI) to the guest when handling page faults. To resolve this problem, a series of patches has been applied to the KVM code, ensuring that KVM handles page faults during the reboot of the guest machine as expected.

BZ#1096711

The turbostat utility produced error messages when used on systems with the fourth generation of Intel Core Processors. To fix this problem, the kernel has been updated to provide the C-state residency information for the C8, C9, and C10 C-states.

Security Fixes

CVE-2014-2523, Important

A flaw was found in the way the Linux kernel's netfilter connection tracking implementation for Datagram Congestion Control Protocol (DCCP) packets used the skb_header_pointer() function. A remote attacker could use this flaw to send a specially crafted DCCP packet to crash the system or, potentially, escalate their privileges on the system.

CVE-2014-6383, Moderate

A flaw was found in the way the Linux kernel's Adaptec RAID controller (aacraid) checked permissions of compat IOCTLs. A local attacker could use this flaw to bypass intended security restrictions.

CVE-2014-0077, Moderate

A flaw was found in the way the handle_rx() function handled large network packets when mergeable buffers were disabled. A privileged guest user could use this flaw to crash the host or corrupt QEMU process memory on the host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process.

Bug Fixes

BZ#1078007

Due to recent changes in the Linux memory management, the kernel did not properly handle per-CPU LRU page vectors when hot unplugging CPUs. As a consequence, the page vector of the relevant offline CPU kept memory pages for memory accounting. This prevented the libvirtd daemon from removing the relevant memory cgroup directory upon system shutdown, rendering libvirtd unresponsive. To resolve this problem, the Linux memory management now properly flushes memory pages of offline CPUs from the relevant page vectors.

BZ#1063201

Recent changes in the d_splice_alias() function introduced a bug that allowed d_splice_alias() to return a dentry from a different directory than was the directory being looked up. As a consequence in cluster environment, a kernel panic could be triggered when a directory was being removed while a concurrent cross-directory operation was performed on this directory on another cluster node. This update avoids the kernel panic in this situation by correcting the search logic in the d_splice_alias() function so that the function can no longer return a dentry from an incorrect directory.

BZ#1086095

A system could enter a deadlock situation when the Real-Time (RT) scheduler was moving RT tasks between CPUs and the wakeup_kswapd() function was called on multiple CPUs, resulting in a kernel panic. This problem has been fixed by removing a problematic memory allocation and therefore calling the wakeup_kswapd() function from a deadlock-safe context.

BZ#1086007

Previously some device mapper kernel modules, such as dm-thin, dm-space-map-metadata, and dm-bufio, contained various bugs that had adverse effects on their proper functioning. This update backports several upstream patches that resolve these problems, including a fix for the metadata resizing feature of device mapper thin provisioning (thinp) and fixes for read-only mode for dm-thin and dm-bufio. As a result, the aforementioned kernel modules now contain the latest upstream changes and work as expected.

BZ#1066535

A previous change in the TCP code that extended the "proto" struct with a new function, release_cb(), broke integrity of the kernel Application Binary Interface (kABI). If the core stack called a newly introduced pointer to this function for a module that was compiled against older kernel headers, the call resulted in out-of-bounds access and a subsequent kernel panic. To avoid this problem, the core stack has been modified to recognize a newly introduced slab flag, RHEL_EXTENDED_PROTO. This allows the core stack to safely access the release_cb pointer only for modules that support it.

BZ#1083350

The Completely Fair Scheduler (CFS) did not verify whether the CFS period timer is running while throttling tasks on the CFS run queue. Therefore under certain circumstances, the CFS run queue became stuck because the CFS period timer was inactive and could not be restarted. To fix this problem, the CFS now restarts the CFS period timer inside the throttling function if it is inactive.

BZ#1073562

A previous change removed the ZONE_RECLAIM_LOCKED flag from Linux memory management code in order to fix a NUMA node allocation problem in the memory zone reclaim logic. However, the flag removal allowed concurrent page reclaiming within one memory zone, which, under heavy system load, resulted in unwanted spin lock contention and subsequent performance problems (systems became slow or unresponsive). This update resolves this problem by preventing reclaim threads from scanning a memory zone if the zone does not satisfy scanning requirements. Systems under heavy load no longer suffer from CPU overloading but sustain their expected performance.

BZ#1073564

The restart logic for the memory reclaiming with compaction was previously applied on the level of LRU page vectors. This could, however, cause significant latency in memory allocation because memory compaction does not require only memory pages of a certain cgroup but a whole memory zone. This performance issue has been fixed by moving the restart logic to the zone level and restarting the memory reclaim for all memory cgroups in a zone when the compaction requires more free pages from the zone.

BZ#1074855

Previously, the for_each_isci_host() macro was incorrectly defined so it accessed an out-of-range element for a 2-element array. This macro was also wrongly optimized by GCC 4.8 so that it was executed too many times on platforms with two SCU controllers. As a consequence, the system triggered a kernel panic when entering the S3 state, or a kernel oops when removing the isci module. This update corrects the aforementioned macro and the described problems no longer occur.

BZ#1083175

A bug in the vmxnet3 driver allowed potential race conditions to be triggered when the driver was used with the netconsole module. The race conditions allowed the driver's internal NAPI poll routine to run concurrently with the netpoll controller routine, which resulted in data corruption and a subsequent kernel panic. To fix this problem, the vmxnet3 driver has been modified to call the appropriate interrupt handler to schedule NAPI poll requests properly.

BZ#1081908

The kernel task scheduler could trigger a race condition while migrating tasks over CPU cgroups. The race could result in accessing a task that pointed to an incorrect parent task group, causing the system to behave unpredictably, for example to appear being unresponsive. This problem has been resolved by ensuring that the correct task group information is properly stored during the task's migration.

BZ#1076056

A previously backported patch to the XFS code added an unconditional call to the xlog_cil_empty() function. If the XFS file system was mounted with the unsupported nodelaylog option, that call resulted in access to an uninitialized spin lock and a consequent kernel panic. To avoid this problem, the nodelaylog option has been disabled; the option is still accepted but has no longer any effect. (The nodelaylog mount option was originally intended only as a testing option upstream, and has since been removed.)

BZ#1076242

The SCTP sctp_connectx() ABI did not work properly for 64-bit kernels compiled with 32-bit emulation. As a consequence, applications utilizing the sctp_connectx() function did not run in this case. To fix this problem, a new ABI has been implemented; the COMPAT ABI enables to copy and transform user data from a COMPAT-specific structure to a SCTP-specific structure. Applications that require sctp_connectx() now work without any problems on a system with a 64-bit kernel compiled with 32-bit emulation.

BZ#1085660

A bug in the qla2xxx driver caused the kernel to crash. This update resolves this problem by fixing an incorrect condition in the "for" statement in the qla2x00_alloc_iocbs() function.

BZ#1079870

The code responsible for creating and binding of packet sockets was not optimized and therefore applications that utilized the socket() and bind() system calls did not perform as expected. A patch has been applied to the packet socket code so that latency for socket creating and binding is now significantly lower in certain cases.

BZ#1077874

Previously, the vmw_pwscsi driver could attempt to complete a command to the SCSI mid-layer after reporting a successful abort of the command. This led to a double completion bug and a subsequent kernel panic. This update ensures that the pvscsi_abort() function returns SUCCESS only after the abort is completed, preventing the driver from invalid attempts to complete the command.

BZ#1085658

Due to a bug in the mlx4_en module, a data structure related to time stamping could be accessed before being initialized. As a consequence, loading mlx4_en could result in a kernel crash. This problem has been fixed by moving the initiation of the time stamp mechanism to the correct place in the code.

BZ#1078011

Due to a previous change that was refactoring the Generic Routing Encapsulation (GRE) tunneling code, the ip_gre module did not work properly. As a consequence, GRE interfaces dropped every packet that had the Explicit Congestion Notification (ECN) bit set and did not have the ECN-Capable Transport (ECT) bit set. This update reintroduces the ipgre_ecn_decapsulate() function that is now used instead of the IP_ECN_decapsulate() function that was not properly implemented. The ip_gre module now works correctly and GRE devices process all packets as expected.

BZ#1078641

A bug in the megaraid_sas driver could cause the driver to read the hardware status values incorrectly. As a consequence, the RAID card was disabled during the system boot and the system could fail to boot. With this update, the megaraid_sas driver has been corrected to enable the RAID card on system boot as expected.

BZ#1081907

A bug in the Completely Fair Scheduler (CFS) could, under certain circumstances, trigger a race condition while moving a forking task between cgroups. This race could lead to a free-after-use error and a subsequent kernel panic when a child task was accessed while it was pointing to a stale cgroup of its parent task. A patch has been applied to the CFS to ensure that a child task always points to the valid parent's task group.

BZ#1078874

The Red Hat GFS2 file system previously limited a number of ACL entries per inode to 25. However, this number was insufficient in some cases, causing the setfacl command to fail. This update increases this limit to maximum of 300 ACL entries for the 4 KB block size. If the block size is smaller, this value is adjusted accordingly.

BZ#1085358

Previous patches to the CIFS code introduced a regression that prevented users from mounting a CIFS share using the NetBIOS over TCP service on the port 139. This problem has been fixed by masking off the top byte in the get_rfc1002_length() function.

BZ#1079872

Previously, user space packet capturing libraries, such as libcap, had a limited possibility to determine which Berkeley Packet Filter (BPF) extensions are supported by the current kernel. This limitation had a negative effect on VLAN packet filtering that is performed by the tcpdump utility and tcpdump sometimes was not able to capture filtered packets correctly. Therefore, this update introduces a new option, SO_BPF_EXTENSIONS, which can be specified as an argument of the getsockopt() function. This option enables packet capturing tools to obtain information about which BPF extensions are supported by the current kernel. As a result, the tcpdump utility can now capture packets properly.

BZ#1080600

The isci driver previously triggered an erroneous BUG_ON() assertion in case of a hard reset timeout in the sci_apc_agent_link_up() function. If a SATA device was unable to restore the link in time after the reset, the isci port had to return to the "awaiting link-up" state. However in such a case, the port may not have been in the "resetting" state, causing a kernel panic. This problem has been fixed by removing that incorrect BUG_ON() assertion.

BZ#1078798

Previously, when removing an IPv6 address from an interface, unreachable routes related to that address were not removed from the IPv6 routing table. This happened because the IPv6 code used inappropriate function when searching for the routes. To avoid this problem, the IPv6 code has been modified to use the ip6_route_lookup() function instead of rt6_lookup() in this situation. All related routes are now properly deleted from the routing tables when an IPv6 address is removed.

BZ#1075651

If the BIOS returned a negative value for the critical trip point for the given thermal zone during a system boot, the whole thermal zone was invalidated and an ACPI error was printed. However, the thermal zone may still have been needed for cooling. With this update, the ACPI thermal management has been modified to only disable the relevant critical trip point in this situation.

BZ#1075554

When allocating kernel memory, the SCSI device handlers called the sizeof() function with a structure name as its argument. However, the modified files were using an incorrect structure name, which resulted in an insufficient amount of memory being allocated and subsequent memory corruption. This update modifies the relevant sizeof() function calls to rather use a pointer to the structure instead of the structure name so that the memory is now always allocated correctly.

BZ#1069848

A previous change that modified the linkat() system call introduced a mount point reference leak and a subsequent memory leak in case that a file system link operation returned the ESTALE error code. These problems have been fixed by properly freeing the old mount point reference in such a case.

BZ#1086490

The dm-bufio driver did not call the blk_unplug() function to flush plugged I/O requests. Therefore, the requests submitted by dm-bufio were delayed by 3 ms, which could cause performance degradation. With this update, dm-bufio calls blk_unplug() as expected, avoiding any related performance issues.

Security Fixes

CVE-2014-0055, Important

A flaw was found in the way the get_rx_bufs() function in the vhost_net implementation in the Linux kernel handled error conditions reported by the vhost_get_vq_desc() function. A privileged guest user could use this flaw to crash the host.

CVE-2014-0101, Important

A flaw was found in the way the Linux kernel processed an authenticated COOKIE_ECHO chunk during the initialization of an SCTP connection. A remote attacker could use this flaw to crash the system by initiating a specially crafted SCTP handshake in order to trigger a NULL pointer dereference on the system.

CVE-2014-0069, Moderate

A flaw was found in the way the Linux kernel's CIFS implementation handled uncached write operations with specially crafted iovec structures. An unprivileged local user with access to a CIFS share could use this flaw to crash the system, leak kernel memory, or, potentially, escalate their privileges on the system. Note: the default cache settings for CIFS mounts on Red Hat Enterprise Linux 6 prohibit a successful exploitation of this issue.

CVE-2013-1860, Low

A heap-based buffer overflow flaw was found in the Linux kernel's cdc-wdm driver, used for USB CDC WCM device management. An attacker with physical access to a system could use this flaw to cause a denial of service or, potentially, escalate their privileges.

Bug Fixes

BZ#1063507

A previous change in the Advanced Programmable Interrupt Controller (APIC) code caused a regression on certain Intel CPUs using a Multiprocessor (MP) table. An attempt to read from the local APIC (LAPIC) could be performed before the LAPIC was mapped, resulting in a kernel crash during a system boot. A patch has been applied to fix this problem by mapping the LAPIC as soon as possible when parsing the MP table.

BZ#1067775

When removing an inode from a name space on an XFS file system, the file system could enter a deadlock situation and become unresponsive. This happened because the removal operation incorrectly used the AGF and AGI locks in the opposite order than was required by the ordering constraint, which led to a possible deadlock between the file removal and inode allocation and freeing operations. With this update, the inode's reference count is dropped before removing the inode entry with the first transaction of the removal operation. This ensures that the AGI and AGF locks are locked in the correct order, preventing any further deadlocks in this scenario.

BZ#1064913

Previously, the GFS2 kernel module leaked memory in the gfs2_bufdata slab cache and allowed a use-after-free race condition to be triggered in the gfs2_remove_from_journal() function. As a consequence after unmounting the GFS2 file system, the GFS2 slab cache could still contain some objects, which subsequently could, under certain circumstances, result in a kernel panic. A series of patches has been applied to the GFS2 kernel module, ensuring that all objects are freed from the slab cache properly and the kernel panic is avoided.

BZ#1054072

Due to the locking mechanism that the kernel used while handling Out of Memory (OOM) situations in memory control groups (cgroups), the OOM killer did not work as intended in case that many processes triggered an OOM. As a consequence, the entire system could become or appear to be unresponsive. A series of patches has been applied to improve this locking mechanism so that the OOM killer now works as expected in memory cgroups under heavy OOM load.

BZ#1055364

Previously, certain SELinux functions did not correctly handle the TCP synchronize-acknowledgment (SYN-ACK) packets when processing IPv4 labeled traffic over an INET socket. The initial SYN-ACK packets were labeled incorrectly by SELinux, and as a result, the access control decision was made using the server socket's label instead of the new connection's label. In addition, SELinux was not properly inspecting outbound labeled IPsec traffic, which led to similar problems with incorrect access control decisions. A series of patches that addresses these problems has been applied to SELinux. The initial SYN-ACK packets are now labeled correctly and SELinux processes all SYN-ACK packets as expected.

BZ#1063199

In Red Hat Enterprise Linux 6.5, the TCP Segmentation Offload (TSO) feature is automatically disabled if the corresponding network device does not report any CSUM flag in the list of its features. Previously, VLAN devices that were configured over bonding devices did not propagate its NETIF_F_NO_CSUM flag as expected, and their feature lists thus did not contain any CSUM flags. As a consequence, the TSO feature was disabled for these VLAN devices, which led to poor bandwidth performance. With this update, the bonding driver propagates the aforementioned flag correctly so that network traffic now flows through VLAN devices over bonding without any performance problems.

BZ#1064464

Due to a bug in the Infiniband driver, the ip and ifconfig utilities reported the link status of the IP over Infiniband (IPoIB) interfaces incorrectly (as "RUNNING" in case of "ifconfig", and as "UP" in case of "ip") even if no cable was connected to the respective network card. The problem has been corrected by calling the respective netif_carrier_off() function on the right place in the code. The link status of the IPoIB interfaces is now reported correctly in the described situation.

BZ#1058418

When performing read operations on an XFS file system, failed buffer readahead can leave the buffer in the cache memory marked with an error. This could lead to incorrect detection of stale errors during completion of an I/O operation because most callers do not zero out the b_error field of the buffer on a subsequent read. To avoid this problem and ensure correct I/O error detection, the b_error field of the used buffer is now zeroed out before submitting an I/O operation on a file.

BZ#1062113

Previously, when hot adding memory to the system, the memory management subsystem always performed unconditional page-block scans for all memory sections being set online. The total duration of the hot add operation depends on both, the size of memory that the system already has and the size of memory that is being added. Therefore, the hot add operation took an excessive amount of time to complete if a large amount of memory was added or if the target node already had a considerable amount of memory. This update optimizes the code so that page-block scans are performed only when necessary, which greatly reduces the duration of the hot add operation.

BZ#1059991

Due to a bug in the SELinux socket receive hook, network traffic was not dropped upon receiving a peer:recv access control denial on some configurations. A broken labeled networking check in the SELinux socket receive hook has been corrected, and network traffic is now properly dropped in the described case.

BZ#1060491

When transferring a large amount of data over the peer-to-peer (PPP) link, a rare race condition between the throttle() and unthrottle() functions in the tty driver could be triggered. As a consequence, the tty driver became unresponsive, remaining in the throttled state, which resulted in the traffic being stalled. Also, if the PPP link was heavily loaded, another race condition in the tty driver could has been triggered. This race allowed an unsafe update of the available buffer space, which could also result in the stalled traffic. A series of patches addressing both race conditions has been applied to the tty driver; if the first race is triggered, the driver loops and forces re-evaluation of the respective test condition, which ensures uninterrupted traffic flow in the described situation. The second race is now completely avoided due to a well-placed read lock, and the update of the available buffer space proceeds correctly.

BZ#1058420

Previously, the e752x_edac module incorrectly handled the pci_dev usage count, which could reach zero and deallocate a PCI device structure. As a consequence, a kernel panic could occur when the module was loaded multiple times on some systems. This update fixes the usage count that is triggered by loading and unloading the module repeatedly, and a kernel panic no longer occurs.

BZ#1057165

When a page table is upgraded, a new top level of the page table is added for the virtual address space, which results in a new Address Space Control Element (ASCE). However, the Translation Lookaside Buffer (TLB) of the virtual address space was not previously flushed on page table upgrade. As a consequence, the TLB contained entries associated with the old ASCE, which led to unexpected program failures and random data corruption. To correct this problem, the TLB entries associated with the old ASCE are now flushed as expected upon page table upgrade.

BZ#1064115

When a network interface is running in promiscuous (PROMISC) mode, the interface may receive and process VLAN-tagged frames even though no VLAN is attached to the interface. However, the enic driver did not handle processing of the packets with the VLAN-tagged frames in PROMISC mode correctly if the frames had no VLAN group assigned, which led to various problems. To handle the VLAN-tagged frames without a VLAN group properly, the frames have to be processed by the VLAN code, and the enic driver thus no longer verifies whether the packet's VLAN group field is empty.

BZ#1057164

A previous change in the Linux memory management on IBM System z removed the handler for the Address Space Control Element (ASCE) type of exception. As a consequence, the kernel was unable to handle ASCE exceptions, which led to a kernel panic. Such an exception was triggered, for example, if the kernel attempted to access user memory with an address that was larger than the current page table limit from a user-space program. This problem has been fixed by calling the standard page fault handler, do_dat_exception, if an ASCE exception is raised.

BZ#1063271

Due to several bugs in the network console logging, a race condition between the network console send operation and the driver's IRQ handler could occur, or the network console could access invalid memory content. As a consequence, the respective driver, such as vmxnet3, triggered a BUG_ON() assertion and the system terminated unexpectedly. A patch addressing these bugs has been applied so that driver's IRQs are disabled before processing the send operation and the network console now accesses the RCU-protected (read-copy update) data properly. Systems using the network console logging no longer crashes due to the aforementioned conditions.

Security Fixes

CVE-2013-6381, Important

A buffer overflow flaw was found in the way the qeth_snmp_command() function in the Linux kernel's QETH network device driver implementation handled SNMP IOCTL requests with an out-of-bounds length. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system.

CVE-2013-2929, Low

A flaw was found in the way the get_dumpable() function return value was interpreted in the ptrace subsystem of the Linux kernel. When 'fs.suid_dumpable' was set to 2, a local, unprivileged local user could use this flaw to bypass intended ptrace restrictions and obtain potentially sensitive information.

CVE-2013-7263, CVE-2013-7265, Low

It was found that certain protocol handlers in the Linux kernel's networking implementation could set the addr_len value without initializing the associated data structure. A local, unprivileged user could use this flaw to leak kernel stack memory to user space using the recvmsg, recvfrom, and recvmmsg system calls.

Bug Fixes

BZ#1051393

Due to a bug in the NFS code, the state manager and the DELEGRETURN operation could enter a deadlock if an asynchronous session error was received while DELEGRETURN was being processed by the state manager. The state manager became unable to process the failing DELEGRETURN operation because it was waiting for an asynchronous RPC task to complete, which could not have been completed because the DELEGRETURN operation was cycling indefinitely with session errors. A series of patches has been applied to ensure that the asynchronous error handler waits for recovery when a session error is received and the deadlock no longer occurs.

BZ#1049590

The IPv4 and IPv6 code contained several issues related to the conntrack fragmentation handling that prevented fragmented packages from being properly reassembled. This update applies a series of patches and ensures that MTU discovery is handled properly, and fragments are correctly matched and packets reassembled.

BZ#1046043

Inefficient usage of Big Kernel Locks (BKLs) in the ptrace() system call could lead to BKL contention on certain systems that widely utilize ptrace(), such as User-mode Linux (UML) systems, resulting in degraded performance on these systems. This update removes the relevant BKLs from the ptrace() system call, thus resolving any related performance issues.

BZ#1046041

When utilizing SCTP over the bonding device in Red Hat Enterprise Linux 6.5, SCTP assumed offload capabilities on virtual devices where it was not guaranteed that underlying physical devices are equipped with these capabilities. As a consequence, checksums of the outgoing packets became corrupted and a network connection could not be properly established. A patch has been applied to ensure that checksums of the packages to the devices without SCTP checksum capabilities are properly calculated in software fallback. SCTP connections over the bonding devices can now be established as expected in Red Hat Enterprise Linux 6.5.

BZ#1044566

The context of the user's process could not be previously saved on PowerPC platforms if the VSX Machine State Register (MSR) bit was set but the user did not provide enough space to save the VSX state. This update allows to clear the VSX MSR bit in such a situation, indicating that there is no valid VSX state in the user context.

BZ#1043779

After a statically defined gateway became unreachable and its corresponding neighbor entry entered a FAILED state, the gateway stayed in the FAILED state even after it became reachable again. As a consequence, traffic was not routed through that gateway. This update enables probing such a gateway automatically so that the traffic can be routed through this gateway again once it becomes reachable.

BZ#1040826

Due to several bugs in the IPv6 code, a soft lockup could occur when the number of cached IPv6 destination entries reached the garbage collector treshold on a high-traffic router. A series of patches has been applied to address this problem. These patches ensure that the route probing is performed asynchronously to prevent a dead lock with garbage collection. Also, the garbage collector is now run asynchronously, preventing CPUs that concurrently requested the garbage collector from waiting until all other CPUs finish the garbage collection. As a result, soft lockups no longer occur in the described situation.

BZ#1035347

A previous change to the md driver disabled the TRIM operation for RAID5 volumes in order to prevent a possible kernel oops. However, if a MD RAID volume was reshaped to a different RAID level, this could result in TRIM being disabled on the resulting volume, as the RAID4 personality is used for certain reshapes. A patch has been applied that corrects this problem by setting the stacking limits before changing a RAID level, and thus ensuring the correct discard (TRIM) granularity for the RAID array.

BZ#1051395

NFS previously allowed a race between "silly rename" operations and the rmdir() function to occur when removing a directory right after an unlinked file in the directory was closed. As a result, rmdir() could fail with an EBUSY error. This update applies a patch ensuring that NFS waits for any asynchronous operations to complete before performing the rmdir() operation.

BZ#1051394

Due to a bug in the EDAC driver, the driver failed to decode and report errors on AMD family 16h processors correctly. This update incorporates a missing case statement to the code so that the EDAC driver now handles errors as expected.

BZ#1045094

A deadlock between the state manager, kswapd daemon, and the sys_open() function could occur when the state manager was recovering from an expired state and recovery OPEN operations were being processed. To fix this problem, NFS has been modified to ignore all errors from the LAYOUTRETURN operation (a pNFS operation) except for "NFS4ERR_DELAY" in this situation.

BZ#1040498

The bnx2x driver handled unsupported TLVs received from a Virtual Function (VF) using the VF-PF channel incorrectly; when a driver of the VF sent a known but unsupported TLV command to the Physical Function, the driver of the PF did not reply. As a consequence, the VF-PF channel was left in an unstable state and the VF eventually timed out. A patch has been applied to correct the VF-PF locking scheme so that unsupported TLVs are properly handled and responded to by the PF side. Also, unsupported TLVs could previously render a mutex used to lock the VF-PF operations. The mutex then stopped protecting critical sections of the code, which could result in error messages being generated when the PF received additional TLVs from the VF. A patch has been applied that corrects the VF-PF channel locking scheme, and unsupported TLVs thus can no longer break the VF-PF lock.

BZ#1040497

A bug in the statistics flow in the bnx2x driver caused the card's DMA Engine (DMAE) to be accessed without taking a necessary lock. As a consequence, previously queued DMAE commands could be overwritten and the Virtual Functions then could timeout on requests to their respective Physical Functions. The likelihood of triggering the bug was higher with more SR-IOV Virtual Functions configured. Overwriting of the DMAE commands could also result in other problems even without using SR-IOV. This update ensures that all flows utilizing DMAE will use the same API and the proper locking scheme is kept by all these flows.

BZ#1035339

When starting or waking up a system that utilized an AHCI controller with empty ports, and the EM transmit bit was busy, the AHCI driver incorrectly released the related error handler before initiation of the sleep operation. As a consequence, the error handler could be acquired by a different port of the AHCI controller and the Serial General Purpose Input/Output (SGPIO) signal could eventually blink the rebuild pattern on an empty port. This update implements cross-port error handler exclusion to the generic ATA driver and the AHCI driver has been modified to use the msleep() function in this particular case. The error handler is no longer released upon the sleep operation and the SGPIO signal can no longer indicate the disk's rebuild on the empty controller's slot.

BZ#1032389

Previous changes to the igb driver caused the ethtool utility to determine and display some capabilities of the Ethernet devices incorrectly. This update fixes the igb driver so that the actual link capabilities are now determined properly, and ethtool displays values as accurate as possible in dependency on the data available to the driver.

Security Fixes

CVE-2013-4470, Important

A flaw was found in the way the Linux kernel's TCP/IP protocol suite implementation handled sending of certain UDP packets over sockets that used the UDP_CORK option when the UDP Fragmentation Offload (UFO) feature was enabled on the output device. A local, unprivileged user could use this flaw to cause a denial of service or, potentially, escalate their privileges on the system.

CVE-2013-6367, Important

A divide-by-zero flaw was found in the apic_get_tmcct() function in KVM's Local Advanced Programmable Interrupt Controller (LAPIC) implementation. A privileged guest user could use this flaw to crash the host.

CVE-2013-6368, Important

A memory corruption flaw was discovered in the way KVM handled virtual APIC accesses that crossed a page boundary. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system.

CVE-2013-2141, Low

An information leak flaw in the Linux kernel could allow a local, unprivileged user to leak kernel memory to user space.

Bug Fixes

BZ#1027343

Due to a regression bug in the mlx4 driver, Mellanox mlx4 adapters could become unresponsive on heavy load along with IOMMU allocation errors being logged to the systems logs. A patch has been applied to the mlx4 driver so that the driver now calculates the last memory page fragment when allocating memory in the Rx path.

BZ#1028278

A bug in the RSXX DMA handling code allowed DISCARD operations to call the pci_unmap_page() function, which triggered a race condition on the PowerPC architecture when DISCARD, READ, and WRITE operations were issued simultaneously. However, DISCARD operations are always assigned a DMA address of 0 because they are never mapped. Therefore, this race could result in freeing memory that was mapped for another operation and a subsequent EEH event. A patch has been applied, preventing the DISCARD operations from calling pci_unmap_page(), and thus avoiding the aforementioned race condition.

BZ#1029330

Due to a missing part of the bcma driver, the brcmsmac kernel module did not have a list of internal aliases that was needed by the kernel to properly handle the related udev events. Consequently, when the bcma driver scanned for the devices at boot time, these udev events were ignored and the kernel did not load the brcmsmac module automatically. A patch that provides missing aliases has been applied so that the udev requests of the brcmsmac module are now handled as expected and the kernel loads the brcmsmac module automatically on boot.

BZ#1029997

A bug in the mlx4 driver could trigger a race between the "blue flame" feature's traffic flow and the stamping mechanism in the Tx ring flow when processing Work Queue Elements (WQEs) in the Tx ring. Consequently, the related queue pair (QP) of the mlx4 Ethernet card entered an error state and the traffic on the related Tx ring was blocked. A patch has been applied to the mlx4 driver so that the driver does not stamp the last completed WQE in the Tx ring, and thus avoids the aforementioned race.

BZ#1030171

A previous change in the NFSv4 code resulted in breaking the sync NFSv4 mount option. A patch has been applied that restores functionality of the sync mount option.

BZ#1030713

Due to a bug in the Emulex lpfc driver, the driver could not allocate a SCSI buffer properly, which resulted in severe performance degradation of lpfc adapters on 64-bit PowerPC systems. A patch addressing this problem has been applied so that lpfc allocates the SCSI buffer correctly and lpfc adapters now work as expected on 64-bit PowerPC systems.

BZ#1032162

When performing I/O operations on a heavily-fragmented GFS2 file system, significant performance degradation could occur. This was caused by the allocation strategy that GFS2 used to search for an ideal contiguous chunk of free blocks in all the available resource groups (rgrp). A series of patches has been applied that improves performance of GFS2 file systems in case of heavy fragmentation. GFS2 now allocates the biggest extent found in the rgrp if it fulfills the minimum requirements. GFS2 has also reduced the amount of bitmap searching in case of multi-block reservations by keeping track of the smallest extent for which the multi-block reservation would fail in the given rgrp. This improves GFS2 performance by avoiding unnecessary rgrp free block searches that would fail. Additionally, this patch series fixes a bug in the GFS2 block allocation code where a multi-block reservation was not properly removed from the rgrp's reservation tree when it was disqualified, which eventually triggered a BUG_ON() macro due to an incorrect count of reserved blocks.

BZ#1032167

An earlier patch to the kernel added the dynamic queue depth throttling functionality to the QLogic's qla2xxx driver that allowed the driver to adjust queue depth for attached SCSI devices. However, the kernel might have crashed when having this functionality enabled in certain environments, such as on systems with EMC PowerPath Multipathing installed that were under heavy I/O load. To resolve this problem, the dynamic queue depth throttling functionality has been removed from the qla2xxx driver.

BZ#1032168

Previously, devices using the ixgbevf driver that were assigned to a virtual machine could not adjust their Jumbo MTU value automatically if the Physical Function (PF) interface was down; when the PF device was brought up, the MTU value on the related Virtual Function (VF) device was set incorrectly. This was caused by the way the communication channel between PF and VF interfaces was set up and the first negotiation attempt between PF and VF was made. To fix this problem, structural changes to the ixgbevf driver have been made so that the kernel can now negotiate the correct API between PF and VF successfully and the MTU value is now set correctly on the VF interface in this situation.

BZ#1032170

A bug in the ixgbe driver caused that IPv6 hardware filtering tables were not correctly rewritten upon interface reset when using a bridge device over the PF interface in an SR-IOV environment. As a result, the IPv6 traffic between VFs was interrupted. An upstream patch has been backported to modify the ixgbe driver so that the update of the Multimedia Terminal Adapter (MTA) table is now unconditional, avoiding possible inconsistencies in the MTA table upon PF's reset. The IPv6 traffic between VFs proceeds as expected in this scenario.

BZ#1032247

When using Haswell HDMI audio controllers with an unaligned DMA buffer size, these audio controllers could become locked up until the next reboot for certain audio stream configurations. A patch has been applied to the Intel's High Definition Audio (HDA) driver that enforces the DMA buffer alignment setting for the Haswell HDMI audio controllers. These audio controllers now work as expected.

BZ#1032249

As a result of a recent fix preventing a deadlock upon an attempt to cover an active XFS log, the behavior of the xfs_log_need_covered() function has changed. However, xfs_log_need_covered() is also called to ensure that the XFS log tail is correctly updated as a part of the XFS journal sync operation. As a consequence, when shutting down an XFS file system, the sync operation failed and some files might have been lost. A patch has been applied to ensure that the tail of the XFS log is updated by logging a dummy record to the XFS journal. The sync operation completes successfully and files are properly written to the disk in this situation.

BZ#1032250

A chunk of a patch was left out when backporting a batch of patches that fixed an infinite loop problem in the LOCK operation with zero state ID during NFSv4 state ID recovery. As a consequence, the system could become unresponsive on numerous occasions. The missing chunk of the patch has been added, resolving this hang issue.

BZ#1032260

When performing buffered WRITE operations from multiple processes to a single file, the NFS code previously always verified whether the lock owner information is identical for the file being accessed even though no file locks were involved. This led to performance degradation because forked child processes had to synchronize dirty data written to a disk by the parent process before writing to a file. Also, when coalescing requests into a single READ or WRITE RPC call, NFS refused the request if the lock owner information did not match for the given file even though no file locks were involved. This also caused performance degradation. A series of patches has been applied that relax relevant test conditions so that lock owner compatibility is no longer verified in the described cases, which resolves these performance issues.

BZ#1032395

Due to a bug in the mlx4 driver, Mellanox Ethernet cards were brought down unexpectedly while adjusting their Tx or Rx ring. A patch has been applied so that the mlx4 driver now properly verifies the state of the Ethernet card when the coalescing of the Tx or Rx ring is being set, which resolves this problem.

BZ#1032423

When the system was under memory stress, a double-free bug in the tg3 driver could have been triggered, resulting in a NIC being brought down unexpectedly followed by a kernel panic. A patch has been applied that restructures the respective code so that the affected ring buffer is freed correctly.

BZ#1032424

The RPC client always retransmitted zero-copy of the page data if it timed out before the first RPC transmission completed. However, such a retransmission could cause data corruption if using the O_DIRECT buffer and the first RPC call completed while the respective TCP socket still held a reference to the pages. To prevent the data corruption, retransmission of the RPC call is, in this situation, performed using the sendmsg() function. The sendmsg() function retransmits an authentic reproduction of the first RPC transmission because the TCP socket holds the full copy of the page data.

BZ#1032688

When creating an XFS file system, an attempt to cover an active XFS log could, under certain circumstances, result in a deadlock between the xfssyncd and xfsbufd daemons. Consequently, several kernel threads became unresponsive and the XFS file system could not have been successfully created, leading to a kernel oops. A patch has been applied to prevent this situation by forcing the active XFS log onto a disk.