Edition 2
1801 Varsity Drive
Raleigh, NC 27606-2072 USA
Phone: +1 919 754 3700
Phone: 888 733 4281
Fax: +1 919 754 3701
/etc/modprobe.d/dist-nfsv41.conf file with the following line and reboot the system:
alias nfs-layouttype4-1 nfs_layout_nfsv41_files
-o minorversion=1 mount option is specified, and the server is pNFS-enabled, the pNFS client code is automatically enabled.
fsfreeze(8) man page.
O_DIRECT I/O. These applications may use the raw block device, or the XFS file system in O_DIRECT
mode. (XFS is the only file system that does not fall back to buffered
I/O when doing certain allocation operations.) Only applications
designed for use with O_DIRECT I/O and DIF/DIX hardware should enable this feature.
/etc/cluster.conf configuration file to be used by pacemaker, rgmanager must be disabled. The risk of not doing this is high; after a successful conversion, it would be possible to start rgmanager and pacemaker on the same host, managing the same resources.
<rm disabled="1"> flag in /etc/cluster.conf.
<rm disabled="1"> flag appears in /etc/cluster.conf during a reconfiguration.
be2net driver is considered a Technology Preview in Red Hat Enterprise Linux 6.
dcbtool(8) and targetadmin(8) man pages.
audit subsystem in the Linux 2.6 kernel. Within the audispd-plugins
subpackage is a utility that allows for the transmission of audit
events to a remote aggregating machine. This remote audit logging
application, audisp-remote, is considered a Technology Preview in Red Hat Enterprise Linux 6.
fence_ipmilan
agent. This new Technology Preview is used to force a kernel dump of a
host if the host is configured to do so. Note that this feature is not a
substitute for the off operation in a production cluster.
fsck) or replay journal entries, which is similar to booting after pulling the power cord.
anaconda component, BZ#676025Skip Boot Loader Configuration
during the installation process. Boot loader configuration will need to
be completed manually after installation. This problem does not affect
users running Anaconda in the graphical mode (graphical mode also
includes VNC connectivity mode).
anaconda componentanaconda component/boot volume on an encrypted volume.
anaconda componentsdc instead of sda).
kernel componentinstall system with basic video driver installation option. A future Red Hat Enterprise Linux 6.2.z Extended Update Support update will remove this requirement.
kernel component em1 is used instead of eth0
on new Dell machines). However, the previously used network interface
names are preserved on the system and the upgraded system will still use
the previously used interfaces. This is not the case for Yum upgrades.
anaconda component kdump default on feature currently depends on Anaconda to insert the crashkernel= parameter to the kernel parameter list in the boot loader's configuration file.
firstaidkit componentanaconda component, BZ#623261 clearpart --initlabel kickstart command. Adding the --all switch—as in clearpart --initlabel --all—ensures disks are cleared correctly.
squashfs-tools componentattempt to access beyond end of device loop0: rw=0, want=248626, limit=248624
sys.log. These
errors do not prevent installation and only occur during the initial
setup. The file system created by the installer will function correctly.
anaconda componentyaboot component, BZ#613929 anaconda componentsystem-config-kickstart componentdracut component /etc/fcoe/ using biosdevname (new style interface naming scheme) for all the available Ethernet interfaces for FCoE BFS. However, it does not add the ifname
kernel command line for the FCoE interface that stays offline after
discovering FCoE targets during installation. Because of this, during
subsequent reboots, the system tries to find the old style ethX
interface name in the /etc/fcoe directory, which does not match with the file created by Anaconda using biosdevname. Therefore, due to the missing FCoE configuration file, an FCoE interface is never created on the Ethernet interface.
ifname=<biosdevname_interface_name>:<mac_address>
subscription manager componentcpuspeed component, BZ#626893 /proc/cpuinfo or /sys/device/system/cpu/*/cpufreq.
This is due to the firmware manipulating the CPU frequency without
providing any notification to the operating system. To avoid this ensure
that the HP Power Regulator option in the BIOS is set to OS Control. An alternative available on more recent systems is to set Collaborative Power Control to Enabled.
releng component, BZ#644778 releng componentgrub component, BZ#695951BOOTX64 rather than bootx64 to boot the installer due to case sensitivity issues.
grub component, BZ#698708 parted componentPackageKit componentovirt-node component, BZ#747102 kernel componentlibvirtd
service, which enables IP forwarding. The service causes a driver reset
on both Ethernet ports which causes a loss of all paths to an OS disk.
Under this condition, the system cannot load firmware files from the OS
disk to initialize Ethernet ports, eventually never recovers paths to
the OS disk, and fails to boot from SAN. To work around this issue add
the bnx2x.disable_tpa=1 option to the kernel
command line of the GRUB menu, or do not install virtualization related
software and manually enable IP forwarding when needed.
kernel componentnosmep kernel command line option.
vdsm component/root/.ssh directory is
missing from a host when it is added to a Red Hat Enterprise
Virtualization Manager data center, the directory is created with a
wrong SELinux context, and SSH'ing into the host is denied. To work
around this issue, manually create the /root/.ssh directory with the correct SELinux context:
~]#mkdir /root/.ssh~]#chmod 0700 /root/.ssh~]#restorecon /root/.ssh
vdsm componentlibvirt component/etc/libvirt/qemu.conf file, set the relaxed_acs_check = 1 parameter, and restart libvirtd (service libvirtd restart). Note that this action will re-open possible security issues.
virtio-win component, BZ#615928 libvirt component, BZ#622649 service libvirt reload command to restore libvirt's additional iptables rules.
virtio-win component, BZ#612801 qemu-kvm component, BZ#720597qemu-kvm component, BZ#612788 virt-v2v component/etc/virt-v2v.conf and /var/lib/virt-v2v/virt-v2v.db.
The former now contains only local customizations, whereas the latter
contains generic configuration which is not intended to be customized.
Prior to Red Hat Enterprise Linux 6.2, virt-v2v's -f flag defaulted to /etc/virt-v2v.conf. In Red Hat Enterprise Linux 6.2, it now defaults to both /etc/virt-v2v.conf and /var/lib/virt-v2v/virt-v2v.db. Data from both of these files is required during conversion.
/etc/virt-v2v.conf will not be updated. If a user explicitly specifies -f /etc/virt-v2v.conf on the command line, the behavior will be identical to the one prior to update. If the user does not specify the -f command line option, the configuration will use both /etc/virt-v2v.conf and /var/lib/virt-v2v/virt-v2v.db, with the former taking precedence.
/etc/virt-v2v.conf. If the user explicitly specifies -f /etc/virt-v2v.conf on the command line, virt-v2v will not be able to enable virtio support for any guests.
-f command line option, as this defaults to using both configuration files. If the -f command line option is used, it must be specified twice: first for /etc/virt-v2v.conf and second for /var/lib/virt-v2v/virt-v2v.conf.
/etc/virt-v2v.conf
file must contain a combined configuration file. This can be copied
from a Red Hat Enterprise Linux 6.1 system, or created by copying all
configuration elements from /var/lib/virt-v2v/virt-v2v.db to /etc/virt-v2v.conf.
virt-v2v component, BZ#618091 virt-v2v component, BZ#678232 spice-client componentdevice-mapper-multipath componentqueue_without_daemon yes
default option queues I/O even though all iSCSI links have been
disconnected when the system is shut down, which causes LVM to become
unresponsive when scanning all block devices. As a result, the system
cannot be shut down. To work around this issue, add the following line
into the defaults section of /etc/multipath.conf:
queue_without_daemon no
initscripts component/boot partitions by setting the sixth value of a /boot entry in /etc/fstab to 0.
iscsi-initiator-utils component, BZ#739843 iscsiadm -m iface has never been executed. This is due to the iscsiadm -m discovery command not checking interface settings while the iscsiadm -m iface does. To work around this issue, run the iscsiadm -m iface command at least once after installing the iscsi-initiatio-utils package. Once the interface setting is updated, discoveries are performed with no errors.
vdsm componentkernel component, BZ#606260 lvm2 componentlvm2 component pvmove command cannot currently
be used to move mirror devices. However, it is possible to move mirror
devices by issuing a sequence of two commands. For mirror images, add a
new image on the destination PV and then remove the mirror image on the
source PV:
~]$lvconvert -m +1 <vg/lv> <new PV>~]$lvconvert -m -1 <vg/lv> <old PV>
~]$lvconvert --mirrorlog core <vg/lv>~]$lvconvert --mirrorlog disk <vg/lv> <new PV>
~]$lvconvert --mirrorlog mirrored <vg/lv> <new PV>~]$lvconvert --mirrorlog disk <vg/lv> <old PV>
lvm2 componentNetworkManager component/etc/dhclient.conf file or, if using per-interface DHCP options, the /etc/dhclient-<ifname>.conf file:
option rfc3442-classless-static-routes code 121 = array of unsigned integer 8; option ms-classless-static-routes code 249 = array of unsigned integer 8; also request rfc3442-classless-static-routes; also request ms-classless-static-routes;
iprutils componentiprconfig command fails.
iprconfig command results in a failure as well.
corosync component, BZ#722469luci component, BZ#615898 luci will not function with Red Hat Enterprise Linux 5 clusters unless each cluster node has ricci version 0.12.2-14
ipa-server-install command should add a record to the static hostname lookup table in /etc/hosts and enable further configuration of Identity Management integrated services. However, a record is not added to /etc/hosts
when an IP address is passed as an CLI option and not interactively.
Consequently, Identity Management installation fails because integrated
services that are being configured expect the Identity Management server
hostname to be resolvable. To work around this issue, complete one of
the following:
ipa-server-install without the --ip-address option and pass the IP address interactively.
/etc/hosts before
the installation is started. The record should contain the Identity
Management server IP address and its full hostname (the hosts(5) man page specifies the record format).
sssd component, BZ#750922libldb. This failure occurs when the SSSD cache contains internal entries whose distinguished name contains the \, character sequence. The most likely example of this is for an invalid memberUID entry to appear in an LDAP group of the form:
memberUID: user1,user2
memberUID is a multi-valued attribute and should not have multiple users in the same attribute.
(Wed Nov 2 15:18:21 2011) [sssd] [ldb] (0): A transaction is still active in ldb context [0xaa0460] on /var/lib/sss/db/cache_<DOMAIN>.ldb
/var/lib/sss/db/cache_<DOMAIN>.ldb file and restart SSSD.
/var/lib/sss/db/cache_<DOMAIN>.ldb file/var/lib/sss/db/cache_<DOMAIN>.ldb file purges the cache of all entries (including cached credentials).
sssd component, BZ#751314memberUID values, SSSD fails to sanitize the values properly. The memberUID value should only contain one username. As a result, SSSD creates incorrect users, using the broken memberUID values as their usernames. This, for example, causes problems during cache indexing.
6ComputeNode subscription.
sssd component, BZ#741264 [domain/DOMAINNAME] section of the /etc/sssd/sssd.conf file:
ldap_referrals = false
kernel componentbnx2i and bnx2fc Broadcom drivers in Red Hat Enterprise Linux 6.2, remain a Technology Preview until further notice.
kexec-tools componentUUID/LABEL resolving is not functional. Avoid using the UUID/LABEL syntax when dumping core to Btrfs file systems.
kexec-tools component, BZ#600575 kdump.conf.
trace-cmd componenttrace-cmd service does start on 64-bit PowerPC and IBM System z systems because the sys_enter and sys_exit events do not get enabled on the aforementioned systems.
trace-cmd componentreport, does not work on IBM System z systems. This is due to the fact that the CONFIG_FTRACE_SYSCALLS parameter is not set on IBM System z systems.
tuned componentintel_idle.max_cstate=0 parameter, or at run time by using the cpu_dma_latency pm_qos interface.
libfprint component~]$ lsusb -v -d 147e:2016 | grep bcdDevicekernel componentlpfc)
does support DH-CHAP authentication on Red Hat Enterprise Linux 5, from
version 5.4. Future Red Hat Enterprise Linux 6 releases may include
DH-CHAP authentication.
kernel componentmpt2sas driver is "Phase 5 firmware" (that is, with version number in the form 05.xx.xx.xx).
Note that following this recommendation is especially important on
complex SAS configurations involving multiple SAS expanders.
kernel componentqla4xxx device,
upgrading from Red Hat Enterprise Linux 6.1 to Red Hat Enterprise Linux
6.2 will cause the system to fail to boot up with the new kernel. There
are various ways to work around this issue:
qla4xxx device firmware to manage discovering and logging in to iSCSI targets.
qla4xxx device:
~]# echo "options qla4xxx ql4xdisablesysfsboot=1" >> /etc/modprobe.d/qla4xxx.conf~]# yum -y reinstall kernelqla4xxx device firmware to manage discovering and logging in to iSCSI targets.
qla4xxx device:
~]# echo "options qla4xxx ql4xdisablesysfsboot=1" >> /etc/modprobe.d/qla4xxx.confqla4xxx discovery and login process.
~]# yum install -y dracut-network iscsi-initiator-utils
~]# yum -y reinstall kerneliscsi_firmware kernel option into GRUB's configuration: /boot/grub/menu.lst (for LILO, the Linux Loader, modify the /etc/lilo.conf file).
qla4xxx discovery and login process.
~]# yum install -y dracut-network iscsi-initiator-utils
iscsi_firmware kernel option into GRUB's configuration: /boot/grub/menu.lst (for LILO, the Linux Loader, modify the /etc/lilo.conf file).
kernel component, BZ#679262/proc/kallsyms and /proc/modules show all zeros when accessed by a non-root user.
kernel componentkernel componentnomce kernel boot option, which disables machine check error reporting, or the mce=ignore_ce kernel boot option, which disables correctable machine check error reporting.
kernel component kernel: cciss0: <0x3230> at PCI 0000:1f:00.0 IRQ 71 using DAC … kernel: cciss1: <0x3230> at PCI 0000:02:00.0 IRQ 75 using DAC
pci=bfsort parameter to the kernel command line, and check again.
kernel componentbe2iscsi driver results in kernel panic. To work around this issue, disable CHAP on the iSCSI target.
kernel componenttg3 driver normally handles. As a result, some of the routines that operate on the VPD blocks may fail. For example, the nvram test fails when running the ethtool –t command on BCM5719 and BCM5720 Ethernet Controllers.
kernel componentethtool -t command on BCM5720 Ethernet controllers causes a loopback test failure because the tg3 driver does not wait long enough for a link.
kernel componenttg3 driver in Red Hat
Enterprise Linux 6.2 does not include support for Jumbo frames and TSO
(TCP Segmentation Offloading) on BCM5719 Ethernet controllers. As a
result, the following error message is returned when attempting to
configure, for example, Jumbo frames:
SIOCSIFMTU: Invalid argument
kernel componentlpfc_use_msi module parameter (in /sys/class/scsi_host/host#/lpfc_use_msi) being set to 2 by default, instead of the previous 0.
lpfc module parameter, lpfc_use_msi, to 0:
lpfc adapter may fail with mailbox errors. As a result, the lpfc adapter is not configured on the system. The following message appear in /var/log/messages:
lpfc 0000:04:08.0: 0:0:0443 Adapter failed to set maximum DMA length mbxStatus x0 lpfc 0000:04:08.0: 0:0446 Adapter failed to init (255), mbxCmd x9 CFG_RING, mbxStatus x0, ring 0 lpfc 0000:04:08.0: 0:1477 Failed to set up hba ACPI: PCI interrupt for device 0000:04:08.0 disabled
lpfc adapter is
operating, it may fail with mailbox errors, resulting in the inability
to access certain devices. The following message appear in /var/log/messages:
lpfc 0000:0d:00.0: 0:0310 Mailbox command x5 timeout Data: x0 x700 xffff81039ddd0a00 lpfc 0000:0d:00.0: 0:0345 Resetting board due to mailbox timeout lpfc 0000:0d:00.0: 0:(0):2530 Mailbox command x23 cannot issue Data: xd00 x2
lpfc adapter. The system BIOS logs the following messages:
Installing Emulex BIOS ...... Bringing the Link up, Please wait... Bringing the Link up, Please wait...
kernel componentnetxen_nic is 4.0.550. This includes the boot firmware which is flashed in option ROM on the adapter itself.
kernel componentkernel componentkernel component, BZ#683012 vmcore. As a result, the second kernel is not loaded, and the system becomes unresponsive.
kernel componentedac modules in a loop on certain HP systems may cause kernel panic.
kernel componentmultipathd
is started, I/O errors occur. To work around this issue, use one of the
following kernel command line parameters which are consumed by dracut:
rdloaddriver=scsi_dh_emc
rdloaddriver=scsi_dh_rdac
rdloaddriver=scsi_dh_emc,scsi_dh_rdac
scsi_dh module to load before multipath is started.
kernel componentvmcore
through the network using the Intel 82575EB ethernet device in a 32 bit
environment causes the networking driver to not function properly in
the kdump kernel, and prevent the vmcore from being captured.
kernel component, BZ#701857 kernel componentNMI: IOCK error (debug interrupt?)
hpsa module in a configuration file such as /etc/modules.d/blacklist.conf, and specifying the disk_timeout option so that saving the vmcore over the network is possible.
kernel component #!/bin/sh # Disable hyper-threading processor cores on suspend and hibernate, re-enable # on resume. # This file goes into /etc/pm/sleep.d/ case $1 in hibernate|suspend) echo 0 > /sys/devices/system/cpu/cpu1/online echo 0 > /sys/devices/system/cpu/cpu3/online ;; thaw|resume) echo 1 > /sys/devices/system/cpu/cpu1/online echo 1 > /sys/devices/system/cpu/cpu3/online ;; esac
kernel componentnmi_watchdog registers with the perf subsystem. Consequently, during boot, the perf
subsystem grabs control of the performance counter registers, blocking
OProfile from working. To resolve this, either boot with the nmi_watchdog=0 kernel parameter set, or run the following command to disable it at run time:
echo 0 > /proc/sys/kernel/nmi_watchdognmi-watchdog, use the following command
echo 1 > /proc/sys/kernel/nmi_watchdogkernel component, BZ#603911 BUG: NMI Watchdog detected LOCKUP and have either ftrace_modify_code or ipi_handler in the backtrace. To work around this issue, disable NMI watchdog by setting the nmi_watchdog=0 kernel parameter, or using the following command at run time:
echo 0 > /proc/sys/kernel/nmi_watchdogkernel componentvmcore
via NFS. To work around this issue, utilize other kdump facilities, for
example dumping to the local file system, or dumping over SSH.
kernel component, BZ#587909 kernel componentnmi_watchdog=2 or nmi_watchdog=lapic parameters. The parameter nmi_watchdog=1 is not supported.
kernel component pci=noioapicquirk,
is required when installing the 32-bit variant of Red Hat Enterprise
Linux 6 on HP xw9300 workstations. Note that the parameter change is not
required when installing the 64-bit variant.
PackageKit component~]# rpm --import <file_containing_the_public_key>gnome-power-manager component, BZ#748704Session active, not inhibited, screen idle. If you see this test, your display server is broken and you should notify your distributor. Please see http://blogs.gnome.org/hughsie/2009/08/17/gnome-power-manager-and-blanking-removal-of-bodges/ for more information.
acroread componentkernel component, BZ#681257 fprintd componentevolution componentanaconda componentxorg-x11-server component, BZ#623169 Test::Inter module provides a framework for writing interactive test scripts in Perl. It is inspired by the Test::More framework.
0x40
into a character in order to display a non-printing character but did
not do so when processing a multibyte character. As a result, the readelf utility did not display a multibyte character in the ELF
header correctly. The code has been corrected and readelf no longer
displays garbled characters when processing multibyte, or non-ASCII, characters.
binutils --build-id command. This update removes that patch.
ifunc(), whose value can be determined at load time, allows for architecture dependent optimization. Prior to this update, the OS/ABI preprocessor macro was erroneously set to UNIX - Linux instead of UNIX - System V in an ELF header by a dynamic executable which used ifunc(). This update applies a backported patch which corrects the code and the error no longer occurs.
strip command, which is run as part of the RPM build process, did not copy the EI_OSABI value in the ELF file header properly, it set the value to zero. Consequently, if the EI_OSABI field of the debug file had a value of 3 (ABI tag for GNU/Linux), in the stripped file it was erroneously set to 0 (UNIX - System V). This update corrects the problem and strip now leaves the field intact.
-ldl in the list compiler options caused unexpected behavior when compiling C++ code. If -ldl was not placed at the end of parameter list, the GNU C Compiler (GCC) failed with an error in the format:
libtest.a(some_object_file.o): undefined reference to `.dlerror'-mcmodel=small -mno-minimal-toc as options, GNU linker, (ld), erroneously decided that if a section did not make use of the TOC it could belong to any TOC
group. Consequently, when a local function call was made from one
section of code to another section in the same object file, due to the
two sections being assigned to different TOC groups, a failure occurred and an error message in the following format was logged.
libbackend.a(cse.o)(.text.unlikely+0x60): sibling call optimization to `.opd' does not allow automatic multiple TOCs; recompile with -mminimal-toc or -fno-optimize-sibling-calls, or make `.opd' extern-mcmodel=small -mno-minimal-toc. Therefore code should be recompiled by running these commands again after applying the update.
l setup_arch to determine the target architecture, the following error was displayed.
No line number known for setup_archmultipath -ll
command returned output indicating that no paths to the device were
available with confusing "failed faulty running" rows presenting the
missing paths. Multipath devices now reload tables with no device paths
correctly.
multipath.conf without setting the fast_io_fail_tmo value, the multipathd daemon did not notify the user that fast_io_fail_tmo was not set. Multipath now issues a warning that fast_io_fail_tmo is not set under such circumstances.
manual,
multipath could keep alternating from the failover pathgroup to the
primary pathgroup infinitely. This happened because multipath was
incorrectly failing back to the primary pathgroup whenever a path
priority changed. With this update, multipath no longer fails back to
the primary pathgroup when a path's priority changes under such
circumstances.
multipathd
did not abort the path check and terminated unexpectedly when trying to
access the multipath device information. The Multipath daemon now
aborts any path checks when the multipath device is removed and the
problem no longer occurs.
defaults multipaths devices sections of the multipath.conf man page has been improved to provide a better clarification.
rr_min_io_rq option has been added to the default, devices, and multipaths sections of the multipath.conf
file. This option defines the number of I/O requests to route to a path
before switching to the next path in the current path group. Note that
the rr_min_io option is no longer used.
/etc/multipath.conf for a multipath device are ignored. These access permissions are now set with the udev rules.
malloc()
function could enter a deadlock while creating an error message string.
As a result, the process could become unresponsive. With this update,
the process uses the mmap() function to allocate memory for the error message instead of the malloc() function. The malloc() deadlock therefore no longer occurs and the process with a corrupted heap now aborts gracefully.
strncmp() function, which compares characters of two strings, optimized for IBM POWER4 and POWER7
architectures could return incorrect data. This happened because the
function accessed the data past the zero byte (\0) of the string under
certain circumstances. With this update, the function has been modified
to access the string data only until the zero byte and returns correct
data.
crypt() function could cause a
memory leak if used with a more complex salt. The leak arose when the
underlying NSS library attempted to call the dlopen() function from
libnspr4.so with the RTLD_NOLOAD flag. With this update, the dlopen()
with the RTLD_NOLOAD flag has been fixed and the memory leak no longer
occurs.
nscd daemon logged the following error into the log file if SELinux was active:
rhel61 nscd: Can't send to audit system: USER_AVC avc: netlink poll: error 4#012: exe="?" sauid=28 hostname=? addr=? terminal=?This happened because glibc failed to preserve the respective capabilities on UID change in the AVC thread. With this update, the AVC thread preservers the respective capabilities after the
nscd startup.
nscd
daemon cached an error, which did not signalize that the problem was
only transient, and the request failed. With this update, the daemon
caches a value signalizing that the unavailability is temporary and
retries to obtain new data after a set time limit.
getpwuid()
function failed to resolve UIDs to user names when using the passwd
utility in the compat mode with a big netgroup. This occurred because
glibc was compiled without the -DUSE_BINDINGDIR=1 option. With this
update, glibc has been compiled correctly and getpwuid() function works as expected.
/etc/passwd.
This happened when the nss_compat mode was set as the mode was
primarily intended for use with NIS. With this update, getpwent returns
LDAP netgroup users even if the users have no NIS domain defined.
libresolv library is now compiled with the stack protector enabled.
setgroups function
after creating threads, glibc did not cross-thread signal and
supplementary group IDs were set only for the calling thread. With this
update, the cross-thread signaling in the function has been introduced
and supplementary group IDs are set on all involved threads as expected.
setlocale() function could fail.
This happened because parameter values were parsed in the set locale.
With this update, the parsing is locale-independent.
gethostbyname()
function terminated because of division by zero. This happened because
the getpagesize() function required the dl_pagesize field in the dynamic
linker's read-only state to be set. However, the field was not
initialized when a statically linked binary loaded the dynamic linker.
With this update, the getpagesize() function no longer requires a
non-zero value in the dl_pagesize field and falls back to querying the
value through the syscall() function if the field value is not set.
strlen() function for the AMD FX processors.
statvfs output received from kernel.
IP_MULTICAST_ALL socket option, which provides the ability to turn off IP Multicast multiplexing. This update adds the option to glibc.
expr: non-numeric argument
restorecon utility did not change MLS (multi-level security) levels unless the -F parameter was used. As a consequence, the /dev and /dev/pts filesystems were not correctly labelled after boot in systems with configured MLS policy. This bug has been fixed and the restorecon -F command is now used for /dev and /dev/pts by default.
crashkernel=128M, was specified to reserve crash dump memory, the kexec-disable upstart job unconditionally freed up the memory if the kdump mechanism was not enabled. This action could not be reverted until a reboot. With this update, kexec-disable job has been changed to not free reserved memory, unless the crashkernel parameter is set to auto, thus fixing this bug.
/etc/modprobe.d/bonding.conf file or the modprobe.conf file was used to set the bonding options, the bond0 interface never came up after a service restart because the arp_ip_target module was not restored. This bug has been fixed and arp_ip_target is now restored when configured in one of these files.
rc.sysinit script that allowed to properly set a hostname when more than one IP address was passed to the ipcalc utility. Even though it was difficult to emulate such a scenario, the rc.sysinit script has been fixed to prevent this bug, and ipcalc is now always passed only a single IP address.
ifdown and ifup utilities, the interface lost its IP address. With this update, the network scripts have been fixed to properly read the IPADDR0 parameter in interface configuration files, and now IP addresses of such interfaces are preserved in the described scenario.
/etc/init.d/network
script got into a loop and became unresponsive, trying to resolve MAC
addresses of the interfaces. As a result, the server was prevented from
completing its start-up sequence. With this update, /etc/init.d/network
has been fixed, MAC addresses of VLAN interfaces are now resolved
properly, and bonds between such interfaces now work as expected.
PREFIX option was specified for the ifcfg utility while the NETMASK option was undefined, the netmask was calculated without regard to the PREFIX value. With this update, the expand_config() function has been fixed to use the PREFIX properly, and the netmask is now calculated correctly in the described scenario.
rc.sysinit script has been fixed to run the /bin/plymouth command instead of /usr/bin/plymouth, thus fixing this bug. Additionally, other relevant scripts have been updated to properly work with the separated /usr/ directory.
/etc/init.d/halt script, no mount point set up with the word nfs
in its path could be unmounted at reboot or shut down. This bug has
been fixed and such mount points are now unmounted properly.
emergency parameter was appended to the kernel command line, the system failed to invoke the sulogin command. With this update, the rcS-emergency task, which is run before the rc.sysinit script if emergency is passed to the kernel, has been added, and sulogin is now properly invoked in the described scenario.
/etc/sysconfig/network-scripts/ifdown-eth script, the PID file name passed to the dhclient
utility during a shutdown procedure did not include the IP version
prefix. Consequently, leases for IPv6 addresses could not be released.
This bug has been fixed and the shut down procedure now works properly
both with the IPv4 and IPv6 clients.
ifup and ifdown
scripts explicitly ignored IPv6 configuration files that contained an
alias. With this update, clients properly utilize aliases on IPv6
devices in Red Hat Enterprise Linux.
syslog utility, and the error messages now appear in configured syslog channels.
sysctl utility could only be changed in the /etc/sysctl.conf file. With this update, several scripts have been updated to also recognize additional configuration files located in the /etc/sysctl.d/ directory.
ethtool command options. These options can be set via the ETHTOOL_OPTS parameter in configuration files located in the /etc/sysconfig/network-scripts/ directory and take effect after reboot.
/etc/ethers file, allowing to load these entries early in the system startup.
/var/log/ipaclient-install.log file did not provide enough information to determine the cause of the failure. With this update, the /var/log/ipaclient-install.log file contains improved debugging messages that make it easier to debug a possible installation failure.
ipa-replica-install command. With this update, after an installation of a replica with ipa-replica-install, the ipa service is enabled using the chkconfig utility so that the Identity Management services are started and available after a reboot.
bind service needs to be restarted when a new reverse zone is added over LDAP.
CURLOPT_GSSAPI_DELEGATION curl option. This option enables the credential delegation, thus fixing this bug.
memberOf attribute is rebuilt during installation, thus fixing this issue. Note that the 389 Directory Server (389-ds) may crash if it is restarted while this task is running. Wait for this task to complete before requesting a restart.
script stack space quota is exhausted
message and prevent a user from accessing the Web UI. This update split
the Web UI initialization to several smaller calls. Browsers no longer
report errors and the Web UI works as expected.
ipa-nis-manage command
disabled the NIS listener and also removed the netgroup compatibility
suffix. If NIS was disabled, the automatic creation of net groups was
disabled as well. Thus, creating a host group would fail to
automatically create a net group. With this update, disabling NIS has no
effect on the automatic creation of net groups when host groups are
created.
memberof LDAP attributes
pointing back to the permissions. Thus, a user could get an incorrect
list of permissions that were members of a DNS related privilege. With
this update, permission objects formatting has been fixed and the
missing memberof LDAP attributes in the
relevant DNS privileges are properly added. Users now get a valid list
of permissions (containing all the needed information) when displaying a
DNS related privilege.
migrate-ds command could contain a multi-valued RDN attribute. However, the migrate-ds
process picked only the first value of the RDN attribute and did not
respect the value that was present in the DN in the migrated LDAP
object. With this update, the value that is used in the original LDAP
object DN is used, rather than the first value of a multi-valued RDN. As
a result, LDAP objects with a multi-valued RDN attribute are migrated
without any errors.
ipa-client-install was run with the --password
option containing a bulk password for client enrollment, the password
could be printed to Identity Management client install log in a
plain-text format. This behavior has been fixed, and passwords are no
longer logged in the install log file.
/ipa/ui. This makes it look like no other web resources may be used. With this update, during the installation process, the --no-ui-redirect option can be used to disable the default Rewrite rule. This may also be commented out manually in the /etc/httpd/conf.d/ipa-rewrite.conf. As a result, the web server root can point to any specified place. However, /ipa must remain available to Identity Management.
automountkey-del command includes a --continue option which has no function and does not affect anything. With this update, the --continue has been hidden, and will be deprecated in the next major release.
ipa-getkeytab command failed with Bind errors. If 32-bit packages were used on a 64-bit system, the 32-bit cyrus-sasl-gssapi package was required. This update adds architecture-specific Requires to the RPM spec file, and retrieving of keytabs no longer fails.
cannot concatenate 'str' and 'NoneType' objects
auto.direct mount mounted on /-
was ignored because it was considered a duplicate. Consequently, direct
maps needed to be added manually. This update adds an exception for the
auto.direct map when importing so that its keys can be added, and
importing direct maps works as expected.
ipasudorunasgroup_group
attribute, making the output unclear. A proper label was added for
runAsGroup and the sudo option, which makes the output more
understandable.
ipa-replica-install did not ensure that the dbus service was running. Consequently, tracking certificates with certmonger returned an error and the installation failed. With this update, prior to starting certmonger, it is checked whether the dbus-daemon is running.
ipactl
use two different methods to determine whether Identity Management is
configured. If the Identity Management uninstallation was not complete, ipactl
may have claimed that the Identity Management server is not configured
while the Identity Management server installer refused to continue
because Identity Management was configured. With this update, a common
function that checks whether the Identity Management server is
configured has been added. During the uninstallation process of the
Identity Management server, checks are run that report left-over files
so that users can manually resolve these.
sudurole-add-option command did not display a summary after the option was added. With this update, a summary is printed in the form of Added option 'x' to Sudo Rule 'y'.
sudurole-remove-option command did not display a summary after the option was removed. With this update, a summary is printed in the form of Removed option 'x' to Sudo Rule 'y'.
--no-host-dns
option without a DNS resolvable host name caused the installation to
fail with DNS errors. This update moves the no-host-dns test so that it
is tested before any DNS lookups occur, and installations with the --no-host-dns option do not perform any DNS validation.
ipa-getkeytab and ipa-join
commands did not operate properly, and the client could not be enrolled
to the Identity Management server. As a result, client installations
failed every time. With this update, matching client A/PTR DNS records
are no longer a requirement for ipa-getkeytab and ipa-join, and client installations succeed even when the aforementioned records do not match.
automountmap or automountkey command returned the following error:
Map: ipa: ERROR: 'automountmapautomountmapname' is required
automountmap, is now returned.
krb5_store_password_if_offline parameter is set to True in the /etc/sssd/sssd.conf by default. Note that the --no-krb5-offline-passwords option of the ipa-client-install command may be used if storing passwords for offline use is not desired.
automountmap or automountkey command returned the following error:
Location: ipa: ERROR: 'automountlocationcn' is required
automountlocation, is now returned.
ipa-client-install command did not configure a hostname in the /etc/sysconfig/network file. Consequently, when the --hostname
value was passed to the client installer, that value was used during
enrollment. However, the system hostname did not match the name of the
machine. With this update, the /etc/sysconfig/network file is updated upon installation and /bin/hostname is executed with the hostname of the machine. The name used in the enrollment process now matches the hostname of the machine.
ipa user-mod --setattr)
may have returned a Not Found error. Renaming the actual users was
successful, but their user-private groups were not updated. With this
update, the 389-ds plugin has been modified so that the ipa_modrdn
plugin runs last. This plugin manages renaming of the Kerberos
principal name of the user. Renaming a user now also renames the
user-private group.
ipa-client-install command always ran /usr/sbin/authconfig to add the pam_krb5.so entry to PAM configuration files in the /etc/pam.d/
directory. However, this entry was not needed when an Identity
Management client is installed with SSSD support, which is the default
behavior. As a result, an unnecessary record was added to the PAM
configuration. With this update, /usr/sbin/authconfig is not run if the Identity Management client is configured with SSSD support.
ipa config-show command). This update adds Password Expiration Notification to the default list of attributes to shown by default when running the ipa config-show command.
--forwarder or --ip-address
options. Consequently, installation could eventually fail, for example
because of an invalid name server configuration. With this update, all
IP addresses passed to the ipa-server-install, ipa-replica-install and ipa-dns-install commands are checked for validity.
ipa-client-install command
detected that the client hostname was not resolvable, it tried to add a
DNS record to the Identity Management server. However, it did not expect
that the client could have been using an IPv6 machine, and the
installation process failed. This update adds a check to make sure that
the process for adding a DNS record to the Identity Management server
works for both IPv4 and IPv6, and the Identity Management client
installation works as expected.
undefined was created. With this update, the service name field is required to be filled in.
allow and deny are accepted as types:
ipa: ERROR: invalid 'type': must be one of (u'allow', u'deny')
deny are not allowed. With this update, the deny type was deprecated because SSSD determined that properly enforcing the deny type was extremely difficult and dependent on how other libraries present host information.
ipa-server-install command did not
update the system hostname when it was installed with a custom
hostname. It passed the hostname to services using their own
configurations. However, some services failed to function properly as
they did not expect an Identity Management server to use a custom
hostname and not a system hostname. With this update, the system
hostname is updated to the value passed via ipa-server-install's --hostname option. The system hostname is also set in the system network configuration in /etc/sysconfig/network so that it is properly set after a system reboot. Refer to Section 2.8, “Authentication” for a known limitation regarding Identity Management server installations with custom hostnames.
null.
This update adds better detection of whether the CA 389-ds instance has
been installed to identify the current stage of the installation, thus
fixing this issue.
ipa-nis-manage command did not return an exit status of 0
when successful. With this update, the underlying source code has been
modified to address this issue, and correct exit codes are returned.
has_password, that is set when the host has a password set. If has_password is True, a password has been set on the host. However, there is no way to see what that password is once it has been set.
enrolledBy on the host. Prior to this update, an administrator was able to change this value by using the ipa host-mod --setattr. This action should not be allowed. This update fixes this behavior and write permissions have been removed from the enrolledBy attribute.
nss_ldap is not able to use DNS discovery
ipa-client-install command did not configure /usr/sbin/ntpdate to use correct NTP servers in the /etc/ntp/step-tickers. Additionally, the ipa-client-install did not store the state of the ntpd service before installation. Consequently, when an Identity Management client is installed, ntpdate may have used incorrect servers to synchronize with. When the Identity Management client was uninstalled, the ntpd may have been set to an incorrect state. With this update ipa-client-install configures ntpdate to use the IPA NTP server for synchronization. When an IPA client is uninstalled, both ntpdate configuration and ntpd status are restored.
/etc/krb5.conf file contained values which were not present in the standard configuration file (specifically: ticket_lifetime, renew_lifetime, and forwardable in the [libdefaults] section, and the entire [appdefaults] section). This update removes these unnecessary values and sections.
ipa dnsrecord-del) to the command line application which guides the user through the process of removing the required entries.
ipactl output. With this update, the amount of information displayed in the ipactl output has been reduced. The previously reported data is not available in the 389-ds error log only.
ipa-client-install did not
successfully run on a client when a one-time password was set on a host
in the Identity Management Web UI. Consequently, clients could not be
enrolled using a one-time password if it was set in the Web UI. With
this update, the krbLastPwdChange value is no longer set in the host entry when setting a host one-time password, thus fixing this issue.
runAsGroup
value from a sudo rule, the command appeared to be successful, but the
group information data included in the output was not updated and did
not show the proper membership. This update fixes this bug, and data is
refreshed before being returned.
runasuser (via ipa sudorule-remove-runasuser) and, consequently, defining a group, the RunAs Group
value was not included in the output. This was because the label for
the returned data was mislabeled and was not appearing in the output.
With this update, the underlying source code has been modified to
address this issue, and adding a group to runasuser is properly displayed.
--externaluser option was specified for the sudorule-mod command. As a result, erroneous values were stored in the entry. With this update, the --externaluser option was removed from the sudorule-mod command. It is advisable to use the sudorule-add-user command instead.
SELINUX=disabled in /etc/selinux/config) and attempting to restart the ipa service caused the ipa service to fail to start. This update ignores the value returned by restorecon, and the ipa service now starts as expected whether SELinux is enabled or disabled.
runAsGroup in a sudo role as a user, the name of that user is returned as the name of a group that may also be used as the runAsGroup.
As a result, the sudo rule was erroneous and referred to a non-existent
group. This was because the search filter for determining the CN value
was too generic. This update adds a test which assures user names no
longer appear as runAsGroup values.
sudorule-mod's --runasexternaluser or --runasexternalgroup options. With this update, the aforementioned options have been deprecated. It is advisable to use the sudorule-add-runasuser or sudorule-runasgroup commands instead.
ipa-nis-manage
command did not display an error and did not exit the command. With
this update, passing an empty password causes an error to appear (No password supplied), and the command is exited with the status code 1.
ipa-nis-manage command has an option, -y,
to specify the Directory Manager password in a file. This option caused
the command to crash if the file did not exist. An exception handler
around the password reader has been added, and a proper error message is
displayed when the supplied password file is non-existent or is not
readable.
runasuser (via ipa sudorule-add-runasuser) and, consequently, defining a group, the RunAs Group
value was not included in the output. This was because the label for
the returned data was mislabeled and was not appearing in the output.
With this update, the underlying source code has been modified to
address this issue, and adding a group to runasuser is properly displayed.
ipa passwd
command. Prior to this update, the command did not require entering the
old password. Consequently, anyone with access to that user's shell
could change his Identity Management password without knowing the old
password. With this update, the old password is always required in order
to change a user's password. The only exception is the administrator
user.
bind service was restarted. With this update, an updated bind-dyndb-ldap
package added a zone refresh option that Identity Management uses to
refresh the zone list in DNS. The default setting is 30 seconds. As a
result, new DNS zones are not immediately available, but the bind service does not have to be restarted anymore.
--no-host-dns option of the ipa-server-install
command still checked that the forward and reverse DNS entries existed
and matched. Installation of an Identity Management server using a host
name that could not be resolved would then fail. This update removes any
DNS validation when the --no-host-dns option is used.
RA Subsystem to IPA RA.
ipa-client-install command always
checked the specified server whether it was a valid Identity Management
server. However, if the Identity Management server was configured to
restrict access for anonymous binds (via the nsslapd-allow-anonymous-access option), the check failed and the installation processes returned an error and ended. With this update, when the ipa-client-install
command detects that the chosen server does not allow anonymous binds,
it skips server verification, reports a warning, and lets the user join
the Identity Management server.
/etc/hosts)
for records which could interfere with its IP address or hostname, and
cause forward or reverse DNS queries to be resolved to different values
than expected. The installation process now always checks for any
conflicting records in the /etc/hosts file.
--ip-address
option caused the installed server to not function properly. With this
update, it is verified whether the provided IP address is a configured
interface on the system. Providing an IP address that is not associated
with a local network interface will return an error message.
zonemgr email address could cause an installation to fail with an unclear message. This update adds a validator which requires the zonemgr to contain ASCII characters only.
ipa-client-install command did not return an exit status of 0
when successful. With this update, the underlying source code has been
modified to address this issue, and correct exit codes are returned.
value #0 invalid per syntax: Invalid syntax.
ipa-server-install called kdb5_ldap_util
to populate the directory with realm information. In the process of
doing so, it passes the Kerberos master database password and the
Kerberos directory password as parameters. As a result, a user could
list all running processes during the IPA server installation and
discover the aforementioned passwords. With this update, kdb5_ldap_util's interactive mode is used to pass the passwords instead of passing them via CLI parameters.
--no-reverse option. This update fixes this behavior, and a reverse zone is not created unless specified.
ipa-client-install command
attempted to auto-discover the Identity Management server in its domain,
it did not use any timeout when a server was found and was being
checked. If the found server was unresponsive during the auto-discovery,
the ipa-client-install command got stuck and did not continue. This update adds a 30 second timeout to the ipa-client-install auto-discovery server check.
--no-sssd option of the ipa-client-install command did not properly back up and restore the existing /etc/sssd/sssd.conf file. With this update, the underlying source code has been modified to address this issue, and the --no-sssd option works as expected.
--hostname option to set a
value outside an Identity Management-managed DNS domain did not return
an error and did not add the host to DNS. The DNS updating utility, nsupdate, was modified to properly return an error when an update fails.
--force option. This was because the --force
option was able to re-install over an already installed system, causing
the original saved files to be lost. This behavior is no longer
permitted; the client must be first uninstalled and only then it can be
re-installed.
Cannot resolve network address for KDC
/etc/krb5.conf
file was used during enrollment to contact the Identity Management KDC.
The process was always relying on DNS auto-discovery to find the
correct KDC and not the values provided by the end-user. With this
update, enrollment works even if the domain does not match the realm.
No permission to join this host to the IPA domain.
--on-master lacked proper documentation. This update makes the option invisible and removes it from documentation entirely.
/etc/sysconfig/krb5kdc
file, were not formatted properly on multi-CPU systems. As a
consequence, the KDC could not use the intended number of CPUs and
reported an error when it was (re)started. With this update, the
aforementioned arguments are now properly formatted, fixing this issue.
ypcat
command's netgroup output did not show users in netgroup triples.
Consequently, NIS-based authorization did not work as expected, and
access was denied when it should have been allowed. This was caused by a
syntax error in the triple rule. This update fixes this error, and
users are now properly included in the netgroup triples.
Exception in thread "main" java.lang.Error: Probable fatal error:No fonts found.
be2net driver could allow an attacker on the local network to cause a denial of service.
ext4_ext_convert_to_initialized()
worked. A local, unprivileged user with access to mount and unmount
ext4 file systems could use this flaw to cause a denial of service.
[bnx2x_extract_max_cfg:1079(eth11)]Illegal configuration detected for Max BW - using 100 instead
A problem has been detected and windows has been shut down to prevent damage to your computer.
struct mmsghdr {
struct msghdr msg_hdr;
unsigned msg_len;
};
ssize_t sendmmsg(int socket, struct mmsghdr *datagrams, int vlen, int flags);
StrictHostKeyChecking=no
option when dumping to SSH targets, causing the target kdump server's
SSH host key not to be checked. This could make it easier for a
man-in-the-middle attacker on the local network to impersonate the kdump SSH target server and possibly gain access to sensitive information in the vmcore dumps.
(initrd)
files with world-readable permissions. A local user could possibly use
this flaw to gain access to sensitive information, such as the private
SSH key used to authenticate to a remote server when kdump was configured to dump to an SSH target.
/root/.ssh/ directory and the host's private SSH keys) in the resulting initrd. This could lead to an information leak when initrd files were previously created with world-readable permissions.
/etc/kdump.conf are included in the initrd. The default is the key generated when running the service kdump propagate command, /root/.ssh/kdump_id_rsa.
dump-capture kernel became unresponsive and the following error message was logged.
ACPI Error: A valid RSDP was not foundacpi_rsdp, has been added to the noefi kernel command. Now, if EFI is detected, a command is given to the second kernel, in the format, noefi acpi_rsdp=X, not to use EFI and simultaneously passes the address of RSDP to the second kernel. The second kernel now boots successfully on EFI machines.
core_collector in kdump.conf, when kdump was configured to dump kernel data to a secure location using SSH, it generated a complete vmcore, without removing free pages. With this update, the default core collector will be makedumpfile when kdump is configured to use SSH. As a result, the vmcore dump file is now compressed by default.
/etc/mdadm.conf configuration file. As a consequence, mkdumprd failed to create an initial RAM disk file system (initrd) for kdump crash recovery and the kdump service failed to start. With this update, mkdumprd has been modified so that it now parses the configuration file and builds initrd correctly. The kdump service now starts as expected.
initrd) for use in conjunction with the booting of a second kernel within the kdump framework for crash recovery. Prior to this update, mkdumprd
became unresponsive when the running kernel was not the same as the
target kernel. With this update the problem has been fixed and mkdumprd no longer hangs in the scenario described.
sed: /etc/cluster_iface: No such file or directoryYour running kernel is using more than 70% of the amount of space you reserved for kdump, you should consider increasing your crashkernel reservationNon-fatal <unknown> scriptlet failure in rpm packageerror reading information on service kdump: No such file or directorycp: cannot stat `/lib/firmware/*': No such file or directorykdump.conf, force_rebuild, has been added. When enabled, this option forces the kdump init script to rebuild initrd every time the system starts, thus ensuring kdump has enough storage space on each system start-up.
nr_cpus=1 rather than maxcpus=1 to save memory required by the second kernel. PowerPC platforms currently cannot handle this feature.
maxcpus=1 instead of nr_cpus=1 for older kernels (see the enhancement above).
kdump.conf debug_mem_level option.
ext4 file systems, and also to XFS file systems on data disks (but not the root disk) has been added.
For XFS, the XFS layer product needs to be installed. Layered products are those not included by default in the base Red Hat Enterprise Linux operating system.
Btrfs file systems has been added.
BusyBox's "findfs" utility does not yet support Btrfs, so UUID/LABEL resolving does not work. Avoid using UUID/LABEL syntax when dumping core to Btrfs file systems. Btrfs itself is still considered experimental; refer to Red Hat Technical Notes.
mount command. Consequently, when the command mount -t debugfs debug /sys/kernel/debug
was issued in the kdump service script, if the file system was already
mounted, the message returned was erroneously logged as an error
message. With this update, the logic in the kdump service script has
been improved and the kdump service script now functions as expected.
SPICE protocol.
--host-subject command line option are now ignored.
--version command line option for the spicec command has been added.
CKM_RSA_X_590
encrypting mechanism even though it reported support for this
mechanism. Consequently, if such middleware was used by libcacard
virtual smart cards, smart cards failed to emulate any RSA
authentication based operations, such as requesting a security pin or
retrieving user certificates. The library has been modified to handle CKM_RSA_X590 failures by falling back to use CKM_RSA_PKCS encryption. Virtual smart cards now work correctly with AET middleware.
Obsolete lines in the package spec file, updating spice-client forced an update of spice-server as well, and vice versa. With this update, all "Obsolete" lines have been removed from the spice-client.spec file, and updating spice-client no longer forces the update of spice-server.
SPICE client did not correctly
handle monitor setting routines when it was running on a client machine
with multiple monitors. As a consequence, the client entered an infinite
loop while trying to rearrange monitors, which eventually caused the
client to terminate unexpectedly. With this update, the code has been
modified to prevent the client from entering this loop, and the client
thus no longer crashes.
SPICE client failed to connect
to the SPICE server on the target host after a virtual machine had been
migrated to a remote machine. This happened when the migration of the
virtual machine took longer than the expiration time of the SPICE ticket
that was set on the target host. Without a valid password, the SPICE
server refused connection from the SPICE client and the SPICE session
had to be closed. To prevent this problem, support for spice
semi-seamless migration has been added. Other components such as spice-protocol, spice-server and qemu-kvm
have also been modified to support this feature. SPICE now allows the
SPICE client to connect to the SPICE server on the target host at the
very start of the virtual machine migration, just before the migrate
monitor command is given to the qemu-kvm
application. With a valid ticket on the target host, the SPICE ticket
on the destination no longer expires and the SPICE client now remains
open when the virtual machine migration is done.
SPICE client could attempt to free memory that has already been freed. Therefore, when the KDE
desktop screen of the client machine with the running SPICE client was
locked, the SPICE client terminated unexpectedly with a segmentation
fault after unlocking the screen. The code has been modified to free
memory correctly, and the SPICE client no longer crashes in the scenario
described.
SPICE client
sessions at the same time and the screen resolution on the client
machine was changed, the SPICE client could often enter an infinite loop
in the code. As a consequence, the X Windows
server consumed up to 100% of CPU and caused the client machine to be
unresponsive. With this update, the underlying code has been modified to
prevent the client from entering the loop, and the problem no longer
occurs.
--color-depth and --disable-effects client WAN options was inaccurate. With this update, the spicec --help command now clearly states that these WAN options have effect only if supported by the guest vdagent.
SPICE server
establishes secured connections, the SPICE client log contained
secure-connection messages that included the misleading string, connect_unsecure.
With this update, the function used to establish secure connections has
been renamed and secure-connection messages in the client log now
contain the connect_to_peer string.
SPICE client expected
an existence of the primary screen surface when it attempted to handle
the creation of non-primary screen surfaces. The primary surface did not
exist at the time, therefore the SPICE client terminated unexpectedly.
With this update, the SPICE client now ensures that the screen exists
before starting operations on it. The SPICE client no longer crashes in
the scenario described.
--smartcard-db client command line option was not handled properly. As a consequence, when running with this option, the SPICE client terminated with the following error message:
Error: unhandled exception: cmd line error
--smartcard-db option is now handled properly and the SPICE client works as expected using this option.
SPICE client with WAN options and the SPICE agent (vdagent)
was running on the guest, the client initiated handshaking. If the
vdagent did not support WAN options, it did not reply to the client and
connection thus failed with the vdagent timeout. Also with certain WAN options, such as --color-depth 16, the attempt to connect failed with the vdagent timeout even though no vdagent
was running on the guest. With this update, the SPICE client checks
capabilities of the vdagent. If vdagent does not support WAN options or
there is no vdagent running on the guest, the client continues with the message sequence initiation and connection is now successful.
SPICE client returned exit code 0 when running without the --host command line option, although the client correctly displayed the following error message:
spicec: missing --host
error code 14 in this scenario.
do_part_get_bootable()
API function parsed the output of parted with an assumption that the
partition layout on the guest image was well ordered. As a consequence,
the part-get-bootable
API would produce an incorrect result or even terminate with disks where
the partitions were not in the usual order or were missing. With this
update, the source code is modified so that libuguestfs can correctly handle disks with unordered partitions.
libguestfs protocol lost synchronization when using the upload command in the guestfish
command line tool before mounting any disks. Uploading files failed and
an error message was reported due to the library and the daemon sending
cancel messages in an incorrect order. With this update, if the daemon
detects cancellation, it sends the remaining data in its output buffer
instead of discarding it.
/etc/fstab file, the virt-inspector utility reported the unknown filesystem error message. The source code has been modified, and the utility now works correctly and no longer displays error messages.
guestfs_kill_subprocess() function and then closing the connection handle by calling guestfs_close()
could cause the libguestfs connection to become unresponsive. The
source code has been modified to close the connection correctly so that
the connections no longer hangs.
guestfish command line tool, the mapped devices created by luks-open
were not listed. With this update, /dev/mapper/ paths are added to
tab-completion and the devices are displayed when pressing the tab key.
qemu-img
command which contained an incorrect decimal point in the output. As a
result, an error message was reported. With this update, the source code
is modified so that the virt-make-fs tool invokes qemu-img correctly in all cases.
/etc/fstab
file contained file systems marked with LABEL. This update modifies the
source code so that the file systems are mounted correctly. As a
result, virt-v2v no longer fails.
Legacy BIOS Bootable flag in the GPT (GUID Partition Table) attribute field.
LUKS
(Linux Unified Key Setup) encrypted disks. As a result, loading of
shared libraries failed with an error message. An upstream patch has
been applied to address this issue and libguestfs now works correctly on
LUKS devices.
guestfish --remote run should not be used in a command substitution context.
guestfs_last_errno()
function was not exposed in the Perl bindings. As a consequence, it was
not directly possible to determine the precise cause of some failures.
To fix this problem, guestfs_last_errno() is now exposed in the Perl
bindings.
OSError: [Errno 2] No such file or directory
ERROR cannot send monitor command '{"execute":"query-balloon"}':
Connection reset by peer
Home directory. With this update, Python's paste tool now uses the -Es flag, and so avoids this behavior.
/var/lib/luci/data/luci.db can be fully backed up and restored.
cluster.conf file. The Run Exclusive option was enabled in luci
by default, without it being manually enabled, and services could
therefore become exclusive without users knowing about it. Now, luci is modified to correspond with the cluster.conf file: if the Run Exclusive option is not enabled, the checkbox is not checked.
fence_vmware fence agent.
pvmove
command could become unresponsive. With this update, the underlying
source code has been modified to address this issue, and the pvmove command no longer hangs.
lvresize
command, the size was rounded down to the stripe boundary. This could
pose a problem when shrinking the volume with a file system on it. Even
if a user determined the new size so that the file system did fit
entirely onto the volume, and resized the volume, the alignment done by
the lvresize command might have cut off a
part of the file system, causing it to become corrupted. This update
fixes the rounding for striped volumes so that a volume is never reduced
more than requested.
lvcreate --alloc anywhere
command did not guarantee placement of data on different physical
devices. With this update, the above command tries to allocate each
mirror image on a separate device first before placing it on a device
that is already used.
lvcreate command was used with large physical volumes while using %FREE, %VG, %PVS or %ORIGIN
for size definition, the resulting LV size was incorrectly calculated.
This was caused by an integer overflow while calculating the
percentages. This update provides a better way of calculating the sizes,
by using proper typecasting, so that the overflow no longer occurs.
/etc/lvm/lvm.conf). At the
early stage of the system start-up, when the early init script tries to
activate any existing VGs, the cluster infrastructure is still not
initialized (as well as the network interface) and therefore cluster
locking cannot be used and the system falls back to file-based locking
instead, causing several misleading error and warning messages to be
returned. With this update, these error and warning messages are
suppressed during the system start-up, and the system falls back to
usable locking mechanism silently.
vgimportclone script triggered a
code path in LVM that caused it to access already-released memory when a
duplicated PV was found. Consequently, the VG that contained such PV
was found to be inconsistent and the process ended up with a failure to
read the VG. This update fixes this failure by saving such problematic
strings to a temporary buffer, and thus avoiding improper memory access.
clvmd) was
crashing when attempting to create a high number of volume groups at
once. This was caused by the limit set by the number of available file
descriptors per process. While clvmd was creating pipes and the limit was reached under the pressure of high number of requests, clvmd did not return an error but continued to use uninitialized pipes instead, eventually causing it to crash. With this update, clvmd now returns an error message immediately if the pipe creation fails.
lvremove command could
cause a failure to remove a logical volume. This failure was caused by
processing an asynchronous udev event that kept the volume opened while
the lvremove command tried to remove it. These asynchronous events are triggered when the watch udev rule is applied (it is set for device-mapper/LVM2 devices when using the udisks package that installs /lib/udev/rules.d/80-udisks.rules).
watch rule set and is closed after a read-write open).
udevadm settle command in between.
lvconvert command, the Unable to create a snapshot of a locked|pvmove|mirrored LV error message has been changed to Unable to convert an LV into a snapshot of a locked|pvmove|mirrored LV. for clarity reasons.
/”)
caused LVM commands to fail while generating an archive of current
metadata. Because a hostname is a part of the temporary archive file
name, a file path that was ambiguous was created, which caused the whole
archive operation to fail. This update fixes this by replacing any
slash character (“/”) with a question mark character (“?”) in the hostname string and then is used to compose the temporary archive file name.
/dev were created and removed incorrectly, causing them to exist when the device had already been removed or vice versa.
verify_udev_operations option found in the activation section of the /etc/lvm/lvm.conf file.
--force option from the lvrename manpage.
vgsplit command is now able to split a volume group containing a mirror with mirrored logs.
lvm_vg_write call, making it possible to calculate all PV properties and query them without actually writing the PV label on the disk.