1801 Varsity Drive
Raleigh, NC 27606-2072 USA
Phone: +1 919 754 3700
Phone: 888 733 4281
Fax: +1 919 754 3701
/etc/sysconfig/kernel, which would lead to an incorrect kernel being set as the default in future updates. This would cause boot failure. /etc/sysconfig/kernel now updates correctly.
grub.conf file, virt-v2v assumed it was an i686 guest. This resulted in a converted guest that did not boot. virt-v2v now assumes an AMD64 or Intel 64 default architecture instead of i686.
/etc/securetty file. Conversion without this file is now possible.
ControlSet001 was always the current control set, even if ControlSet001
had been marked as failed. The correct control set is now detected, and
the VirtIO block driver installed in the correct location.
auto. This made libvirt unable to start the guest. Disk type is now set explicitly based on source metadata or other detection methods.
0, even though conversion failed. The correct values are now returned.
/boot/grub/device.map with converted block device names in certain circumstances. device.map now updates as expected.
C:\Temp directory because it created a C:\temp directory without checking for file names that used alternative cases. virt-v2v now checks for case-sensitive file names before creating an appropriate temporary directory.
-oa flag.
ovf:disk-interface field when converting for Red Hat Enterprise Virtualization. However, this produced an ovf
file that was not intelligible to Red Hat Enterprise Virtualization
Manager. The disk-interface is now populated with correct enum values (IDE, SCSI, or VirtIO), allowing Red Hat Enterprise Virtualization Manager to understand the ovf file.
sparse or raw. This combination is not supported when importing into a data center that uses block storage (fibre channel or iSCSI). virt-v2v
can now convert storage format and allocation policy correctly.
Additionally, customers can specify a format and allocation policy
compatible with the target data center type by using the -of and -oa command line options.
Can't locate object method "can_handle" via package "Sys::VirtV2V::Converter::RedHat" at /usr/share/perl5/vendor_perl/Sys/VirtV2V/Converter.pm line 121.
/etc/virt-v2v.conf. If you see the following error message when attempting to convert a Windows XP guest:
virt-v2v: No app in config matches os='windows' name='virtio' major='5' minor='1' arch='i386'
/etc/virt-v2v.conf:
<app os='windows' major='5' minor='1' arch='i386' name='virtio'>
<path>/usr/share/virtio-win/drivers/i386/WinXP</path>
</app>
<app os='windows' major='5' minor='1' arch='x86_64' name='virtio'>
<path>/usr/share/virtio-win/drivers/amd64/WinXP</path>
</app>certmonger utility monitors
certificate expiration and can refresh certificates with the CAs
(Certifying Authorities) in networks that use public-key infrastructure
(PKI).
certmonger service failed to
contact a CA, the subprocess that submitted the request became defunct.
This occurred because the parent process did not read the subprocess
status. With this update, the parent process reads the subprocess status
and there is no defunct process after a CA contact failure.
ipa-getcert
command with privileges that were insufficient for the system bus to
allow it to communicate with the certmonger service. With this update,
certmonger suppresses the original error message if a user-friendly
message is available. The user can display both messages with the -v option.
ipa-getcert list
command did not return any output if certmonger was not tracking any
certificates. With this update, the command returns a message that the
certificate list is empty.
certmonger
daemon could not execute some of its helper processes. The updated
policy now allows certmonger to run these processes and the certmonger
libraries create temporary files in a location that certmonger can
access.
ipa-getcert request command with the -p
option. This occurred because certmonger failed to detect reading
errors in the file with the PIN and proceeded with an empty PIN value.
With this update, such reading errors are logged and certmonger
proceeded as if it had read an empty PIN value.
ipa-getcert command. As a consequence, the certmonger
daemon runs its ipa-submit helper. The helper contacts the IPA server.
Previously, if it received a fault message response from the server, it
terminated with a segmentation fault and created a core dump; the
installation failed. This happened because it attempted to dereference
an uninitialized pointer while processing the fault message. With this
update, the helper handles the fault message correctly and the
enrollment process completes successfully.
getcert
command with an invalid Extended Key Usage parameter caused a
segmentation fault. This happened because the command attempted to
dereference a NULL pointer while attempting to report that the parameter
value was not a valid OID (Object Identifier). With this update,
certmonger reports that the OID validation failed and prints a message
that the provided Extended Key Usage is invalid.
resubmit command works as expected.
getcert tool terminated unexpectedly with a segmentation fault if the user issued the getcert start-tracking
command with changed values of the parameters Extended Key Usage, DNS,
Email and Principal name. The command caused a buffer overflow in the getcert tool because the internal buffer in the getcert
command was too small to hold four new values. This update enlarges the
internal buffer of the command and the bug no longer occurs.
ipa-getcert and getcert
commands did not accept the location of a passphrase, which could
provide the encrypted keying material and allow monitoring of an
already-issued certificate or key pair. This update adds the -p and -P options to the getcert start-tracking command, which allows the user to pass the utility a PIN either in a file or directly.
ipa-getcert command. This update adds the --verbose option to the command.
mount error(5): Input/output error
bt: read error: kernel virtual address: ffffffffff600000 type: "gdb_readmem_callback"
bt: cannot resolve stack trace: #0 [c09f1ef4] ia32_sysenter_target at c08208ce
multipathd daemon a
command consisting only of spaces, the daemon terminated unexpectedly
with a segmentation fault. With this update, the daemon is able to
handle such commands and no longer crashes in this circumstance.
mpathconf
command, the process could have failed. This happened when the user ran
the command without any additional arguments due to a conflict of the
environment variable DISPLAY with the program variable DISPLAY. With this update, all variables are unset when the script is started and the DISPLAY program variable is renamed. The environment variable DISPLAY remains unchanged when the mpathconf is issued and the command works as expected.
path_checker function to determine the path state in such cases and the problem no longer occurs.
tgt_node_name value for iSCI devices. This occurred because multipath used the FC (Fibre Channel) path from the sysfs file system to obtain tgt_node_name
for iSCI devices. With this update, multipath first tries to acquire
the FC path. If it fails, it uses the iSCI target name for the device.
dev_loss_tmo to a value greater than 600 in multipath.conf without setting the fast_io_fail_tmo value, the multipathd daemon failed to apply the setting. With this update, the multipathd daemon sets dev_loss_tmo for values over 600 correctly, as long as fast_io_fail_tmo is also set in the /etc/multipath.conf file.
multipath.conf
file contained parameters with no value. This occurred because it was
trying to acquire the string length of an optional value before
verifying that a value was actually defined. With this update, multipathd first checks if the value exists and the bug is fixed.
multipathd
to fail all outstanding input/output. DM-Multipath now has a new
default configuration for EMC Symmetrix arrays that queues input/output
for up to 30 seconds if all paths are down and the problem no longer
occurs.
multipathd daemon consumed excessive memory when iSCI devices were unloaded and reloaded. This occurred because the daemon was caching unnecessary sysfs data, which caused memory leaks. With this update, multipathd no longer caches these data; it frees the data when the associated device is removed.
sysfs device file is removed and the sysdev path attribute is set to NULL. The sysfs device cache is indexed by the actual sysfs directory, and /sys/block/pathname is a symlink. Prior to this update, if the path was deleted, multipathd was not able to find the actual directory, which /sys/block/pathname pointed to, and searched the cache. With this update, multipathd verifies that sysdev has NULL value before updating it.
multipathd daemon did not always remove the path sysfs device from its cache. The daemon kept searching the cache for the device and created sysfs devices without the vecs lock held. Because of this, paths could have pointed to invalid sysfs devices and caused multipathd to crash. The multipathd daemon now always removes the sysfs device from cache when deleting a path and accesses the cache only with the vecs lock held.
log_checker_err option was added to the multipath.conf defaults section. By default, the option is set to always and a path checker error is logged continuously. If set to once, multipathd logs a path checker error once at logging level 2. Any later errors are logged at level 3 until the device is restored.
defaults section of the multipath.conf
man page implied that the settings defined in the section became
default and overrode the implied settings. Since the HWTABLE cannot be
overridden, the wording of the man page has been changed.
multipath.conf
file. With this update, multipath prints warning messages that inform
the user that the configuration files contains invalid or duplicate
options and the bug is fixed.
initramfs file system was not rebuilt when a new storage device was added to the system, the new device could have been assigned a user_friendly_names value that matched the user_friendly_names value already-assigned to another device. This device then stopped working correctly. The multipathd daemon now accepts a -B option, which makes the user_friendly_names bindings file read-only. When initramfs calls multipath with the -B option, devices without a binding to a user_friendly_names use their World Wide Identifier (WWID).
multipathd deamon printed add map messages whenever it received a change uevent. In order not to clutter logs, multipathd now only prints add map messages for the change uevents of the devices that are not yet monitored.
6 by default.
multipathd daemon could have terminated unexpectedly with a segmentation fault on a multipath device with the path_grouping_policy option set to the group_by_prio
value. This occurred when a device path came online after another
device path failed because the multipath daemon did not manage to remove
the restored path correctly. With this update multipath removes and
restores such paths correctly.
initramfs generator infrastructure based around udev. The initramfs is loaded together with the kernel at boot time and initializes the system, so it can read and boot from the root partition.
mkinitrd alone does not override an existing initramfs image. When this is attempted, the message stated that the --force parameter should be used, but mkinitrd only supported the short version -f of this parameter. --force was added to mkinitrd as the long version.
noiswmd or rd_NO_MDIMSM parameters specified.
/etc/multipath/bindings. multipath uses this file in initramfs
when creating devices during early boot, and in the root file system
during normal operation. These files were not synchronized during initramfs
creation, which resulted in naming conflicts that prevented new
multipath devices from being created after boot. To work around this,
the bindings for the devices in /etc/multipath/bindings must be included in the initramfs. This can be done by running dracut -f.
/etc/multipath directory to the initramfs.
ip=ibft parameter is specified on the kernel command line.
initramfs, if the host on which it was running had no multipath root device. multipath support is now added to the initramfs unconditionally.
initramfs did not exclude those volumes and kept them busy. The udev rules in the initramfs were updated to honor the DM_UDEV_DISABLE_OTHER_RULES_FLAG, which fixes this issue.
initramfs, which resulted in all
encrypted devices not being activated. The missing checksum files have
been replaced, and this issue no longer occurs. Note however that the dracut-fips must be installed at initramfs creation time.
initramfs with user_friendly_names set, if it did not find existing mappings in /etc/multipath/bindings, it created new mappings. These mappings could conflict with the user_friendly_names set in the normal filesystem's /etc/multipath/bindings file. dracut now starts the multipathd daemon with the new -B option so that multipath treats the initial bindings file as read-only.
USE_BIOSDEVNAME variable in the parse-biosdevname.sh
script was not initialized correctly, which caused an unexpected
operator error. This issue was discovered and corrected during
development, and did not occur in any production system in the field.
-l or --local parameter, or set the dracut base directory via the dracutbasedir environment variable, dracut wrote its log to /tmp/dracut.log,
which could possibly allow local users to overwrite arbitrary files
that were writable to the user running dracut, via a symlink attack. dracut now stores the logfile in $HOME/dracut.log, when in -l or --local mode, if /var/log/dracut.log is not writeable.
/var/log/dracut.log file was not created automatically, preventing dracut from writing its logs. dracut now creates its log files if they do not exist.
boot parameter did not work when
the machine was booted in FIPS mode, resulting in numerous mount errors,
failed FIPS integrity tests, and dracut refusing to continue. This issue has been corrected, and the boot parameter can now be used to specify a boot device, as expected.
/boot must reside on a non-encrypted, plain (no LVM or RAID) partition, which can be specified with boot=<boot partition> as a boot option on the kernel command line.
fips.sh script did not wait for
the boot drive to be created, which resulted in an error because the
file system type did not exist yet. This has been corrected, and the
script now waits for the boot drive to be identified.
fcoe=edd:nodcb or fcoe=edd:dcb is specified on the kernel command line. ifname= is not needed in this case.
rdinsmodpost=[module], which allows a user to specify a kernel module to be loaded after all device drivers are loaded automatically.
initramfs, adding support for FIPS-140.
Error: no partition information on disk [device]. Cowardly refusing to create a boot option.
libgnomevfs-WARNING **: Deprecated function. User modifications to the MIME database are no longer supported.
strstr() and memmem()
functions did not handle certain periodic patterns correctly and could
find a false positive match. This error has been fixed, and both
functions now work as expected.
sqrtl,
sometimes returned an incorrect result if the relative magnitude
difference between the high and low halves of the long double exceeded a
certain number. This occurred because one of the variables used in the
calculation was an unsigned integer. The integer is now signed and the
function works correctly.
futex(FUTEX_WAKE_OP) method did not default to futex(FUTEX_WAKE) when FUTEX_WAKE_OP was not supported by the kernel. This resulted in the method always failing on these systems. The code change in glibc pthread_cond_signal() that caused this issue has now been corrected.
%_enable_debug_packages
was either not set, or set to 0. This has been corrected so that debug
packages need not be set or enabled in order to build the glibc RPM.
strchr did not handle its second parameter correctly when %rdi was aligned to a 16-byte boundary and glibc
was enabled for multiple architectures on AMD64 or Intel 64 systems
with CPUs that supported Supplemental Streaming SIMD Extension (SSE)
4.2. The method would therefore output incorrect results. This has been
corrected, and strchr now gives the expected output.
hwcap 1 nosegneg was set in /etc/ld.so.conf.d/nosegneg.conf, causing the incorrect library to be used. This has been corrected so that the nosegneg libraries are loaded.
sysconf(_SC_*CACHE) method returned 0 for all caches on systems with Intel Xeon processors. This occurred because glibc used cpuid leaf 2 rather than cpuid leaf 4. This update uses cpuid leaf 4 where possible, resolving this issue.
strncmp method failed with a
segmentation fault when used with Supplemental Streaming SIMD Extension 4
(SSE4). Several checks have been implemented to prevent this.
memcpy(), strcasecmp(), strnlen(), strcasestr() and strncasestr().
memset operation.
=~
operators and the strings were thus matched as literal strings.
However, they should be matched as regular expressions. With this
update, the quotes were dropped and the strings are matched as regular
expressions as expected.
/dev/rtc device even if it did not exist. With this update, initscripts verifies if the /dev/rtc device exists before attempting to run the hwclock tool.
ifdown command could have failed
to stop an NIC (Network Interface Controller) with a warning that the
connection was unknown. This happened because, in some cases, the
function, which verifies whether the NIC is managed by NetworkManager,
returned an incorrect result. With this update, the function returns the
correct result and the ifdown command stops the NIC correctly.
/
directory, the system could have failed to remount the root directory
as a read-only file system on shutdown. This occurred because the script
attempted to remount the defined bind mount instead of the root
directory. With this update, the root directory is remounted
successfully.
tty.conf and serial.conf files have been modified to have the login shell stopped when changing to runlevels S and the problem no longer occurs.
tty.conf file contained a comment with a typographical mistake ("sepcified"). With this update, the word is spelled correctly ("specified").
0. With this update, this tag value is allowed.
/etc/sysconfig/clock file did not document where the user can configure whether the hwclock
tool should be using the local time or UTC (Coordinated Universal
Time). This update adds comments documenting the setting location into
the sysconfig.txt file.
/etc/ppp/ipv6-up and /etc/ppp/ip-up.ipv6to4 scripts used the incorrect alias ipv6_exec_ip and failed to bring up the routes. This update modifies the scripts so that they uses the ip command and the routes are now brought up as expected.
DEVICETYPE variable was calculated incorrectly. This happened because the calculation preserved the period (.) sign in the device name. This could have caused failure of the ifup-ib and ifdown-ib scripts. With this update, DEVICETYPE is resolved correctly.
kdump service is disabled in runlevel 1, the script freed the memory reserved for kdump. After the user changed from runlevel 1 to runlevel 3, which has kdump enabled, the system had set reserved memory size to 0 and kdump failed to start up. With this update, the kexec-disable job is no longer run in runlevel 1.
shmmax (maximum size of a shared memory segment) and shmall
(maximum size of the total shared memory) values. However, the values
vary depending on the system architecture. This update provides the
settings of these values for various architectures.
#) signs, which were forbidden in such names. With this update, interface names can contain hash (#) signs and the problem no longer occurs.
.) signs used by the sysctl device, which were delimiting the paths, and the period (.)
signs used by VLANs, which were delimiting IDs. This caused that all
sysctl calls to the VLAN interfaces failed. With this update, when
calling a sysctl device, initscripts substitutes the periods in its name
with forward slash (/) signs and the sysctl calls to a VLAN interface succeed.
MASTER in double quotes (for example, as "bond0"). With this update, the respective scripts have been adapted to parse the value definition correctly even if double-quoted.
ifdown command could have failed
to stop a bridge device with a warning that the connection was unknown.
This happened because the function, which verified whether the device is
managed by NetworkManager, returned an incorrect result. With this update, the function returns a correct result and the ifdown command stops the bridge device correctly.
eth
prefix followed by digits. If the user provided a name, which did not
follow these requirements, the interface could not be started or
stopped. With this update, the user can provide a custom name and the
interface can be operated correctly.
/etc/mdadm.conf
file existed and could have failed if mdadm was not installed. With
this update, the script first verifies if the mdadm tool is installed
and only then runs its binary.
brcm_iscsiuio usage message displayed in response to the brcm_iscsiuio --help command contained two unsupported options: --foreground and --pid. The man page omitted five supported options: --debug, --help, -h, -p and --version. The unsupported options have been removed from the usage message, and all supported options have been added to the brcm_iscsiuio man page.
iscsiadm usage message displayed in response to the iscsiadm --help command omitted 24 supported options. Additionally, the iscsiadm man page omitted one supported option (--host) and contained one unsupported option (--info). These errors have now been corrected.
--portal
argument when in "node" mode. This resulted in failure, because
iscsiadm expected the value returned during discovery as the value for --portal. iscsiadm now attempts to match a host name to the IP address returned during discovery, so this issue no longer occurs.
ipip_init() function in the ipip module, and in the ipgre_init() function in the ip_gre module, could be called before network namespaces setup is complete. If packets were received at the time the ipip or ip_gre module was still being loaded into the kernel, it could cause a denial of service. (CVE-2011-1767, CVE-2011-1768, Moderate)
mmap() call with the MAP_PRIVATE flag on /dev/zero
would create transparent hugepages and trigger a certain robustness
check. A local, unprivileged user could use this flaw to cause a denial
of service. (CVE-2011-2479, Moderate)
lost+found directory on a
file system with inodes of size greater than 128 bytes and reusing
inode 11 for a different file caused the extended attributes for inode
11 (which were set before a umount
operation) to not be saved after a file system remount. As a result, the
extended attributes were lost after the remount. With this update,
inodes store their extended attributes under all circumstances.
dinode's i_nlink value to assure inode operations such as link, unlink, or rename no longer cause the aforementioned problems.
cgroupfs file system due to the way security checks were applied to the new cgroupfs inodes during the mount
operation. With this update, the security checks applied during the
mount operation have been changed so that they always succeed, and the cgroupfs
file system can now be successfully mounted and used with the MLS
SELinux policy. This issue did not affect systems which used the default
targeted policy.
mpt2sas
driver could occur on an IBM system using a drive with SMART
(Self-Monitoring, Analysis and Reporting Technology) issues. This was
because the driver was sending an SEP request while the kernel was in
the interrupt context, causing
the driver to enter the sleep state. With this update, a fake event is
not executed from the interrupt context, assuring the SEP request is
properly issued.
queue_mapping value was not properly decremented because the VLAN devices called the physical devices via the ndo_select_queue method. This update removes the multiqueue functionality, resolving this issue.
netif_set_real_num_tx_queues() function which prevented an increment of the real number of TX queues (the real_num_tx_queues value). This update adds the missing code; thus, resolving this issue.
scan_dispatch_log function to ensure the dispatch log has been allocated.
__cache_alloc() function, the ac variable could be changed after cache_alloc_refill() and the following kmemleak_erase() function could receive an incorrect pointer, causing kernel panic. With this update, the ac variable is updated after the cache_alloc_refill() unconditionally.
isr_ack
variable), a virtual guest could become unresponsive when migrated
while being rebooted. With this update, the said variable is properly
initialized, and virtual guests no longer hang in the aforementioned
scenario.
intel_iommu=on boot option. With this update, the underlying source code of the intel-iommu
driver has been modified to resolve both of these problems. A forced
flush is now used to avoid the lazy use after free issue, and extra
checks have been added to avoid the erroneous reference removal.
mmap system call on the AMD64 architecture could return a pointer which appeared to be of value negative even though pointers are normally of unsigned values. This resulted in the success field being incorrect. This patch fixes the success field for all system calls on all architectures.
prot->obj_size pointer had to be adjusted in the proto_register function. Prior to this update, the adjustment was done only if the alloc_slab parameter of the proto_register function was not 0. When the alloc_slab parameter was 0, drivers performed allocations themselves using sk_alloc
and as the allocated memory was lower than needed, a memory corruption
could occur. With this update, the underlying source code has been
modified to address this issue, and a memory corruption no longer
occurs.
/proc/diskstats
file showed erroneous values. This occurred when the kernel merged two
I/O operations for adjacent sectors which were located on different disk
partitions. Two merge requests were submitted for the adjacent sectors,
the first request for the second partition and the second request for
the first partition, which was then merged to the first request. The
first submission of the merge request incremented the in_flight value for the second partition. However, at the completion of the merge request, the in_flight
value of a different partition (the first one) was decremented. This
resulted in the erroneous values displayed in the /proc/diskstats file.
With this update, the merging of two I/O operations which are located on
different disk partitions has been fixed and works as expected.
kprobe (a dynamic instrumentation system), and enhances the performance of SystemTap.
setup_arg_pages() in the Linux kernel. When making the size of the argument and environment area on the stack very large, it could trigger a BUG_ON(), resulting in a local denial of service. (CVE-2010-3858, Moderate)
bcm_release() and raw_release()
functions in the Linux kernel's Controller Area Network (CAN)
implementation. This could allow a local, unprivileged user to cause a
denial of service. (CVE-2011-1598, CVE-2011-1748, Moderate)
cifs_close()
function in the Linux kernel's Common Internet File System (CIFS)
implementation. A local, unprivileged user with write access to a CIFS
file system could use this flaw to cause a denial of service. (CVE-2011-1771, Moderate)
bna driver, specifically:
bna
driver control path state machine and firmware did not receive a
notification of the crash, and, as a result, were not shut down cleanly.
ixgbe
driver to use the kernel's generic routine to set and obtain the DCB
(Data Center Bridging) priority. Without this fix, applications could
not properly query the DCB priority.
%p format specifier (which is used to show the memory address value of a pointer).
bfa driver) has been upgraded to version 2.3.2.4. Additionally, this update provides the following two fixes:
release_firmware() function not being called after the request_firmware() function. Similarly, the firmware download interface has been fixed and now works as expected.
bfa
I/O control state machine and firmware did not receive a notification of
the crash, and, as a result, were not shut down cleanly.
0 to /proc/sys/fs/leases-enable
(ideally on boot, before the nfs server is started). This change
prevents NFSv4 delegations from being given out, restoring correctness
at the expense of some performance.
disk = [ 'file:/var/lib/xen/images/rhel6-guest.dsk,hda,w', ]
disk = [ 'tap:aio:/var/lib/xen/images/rhel6-guest.dsk,hda,w', ]
NMI watchdog disabled for cpu1: unable to create perf event: -2
JBD: Spotted dirty metadata buffer (dev = sda10, blocknr = 17635). There's a risk of filesystem corruption in case of system crash.
ACPI Error: Illegal I/O port address/length above 64K: 0x0000000000400020/4 (20090903/hwvalid-154) ACPI Exception: AE_LIMIT, Returned by Handler for [SystemIO] (20090903/evregion-424) ACPI Error (psparse-0537): Method parse/execution failed [\_GPE._L09] (Node ffff8800797cd298), AE_LIMIT ACPI Exception: AE_LIMIT, while evaluating GPE method [_L09] (20090903/evgpe-568)
Unable to handle kernel paging request for data at address 0x00000468 Oops: Kernel access of bad area, sig: 11 [#1]
NMI: IOCK error (debug interrupt?)
perf subsystem's trace command has been replaced with the script command. Users should now use the script command.
kexec fastboot mechanism allows booting a Linux kernel from the context of an already running kernel. The kexec-tools package provides the /sbin/kexec binary and ancillary utilities that form the user-space component of the kernel's kexec feature.
kdump crash recovery service allows users to specify a raw device
(that is, a raw disk or partition) as a target location for core dumps.
Previously, when a kernel crash occurred and a core dump was written to
such a raw device, kdump was unable to
retrieve it after a reboot. With this update, the corresponding init
script has been updated to search the configured raw device for the
presence of a core dump upon the service startup. Now, when the kdump service is started and a core dump is found on the raw device, the init script retrieves it and creates a proper vmcore file in a local file system.
kdump.conf(5) manual page did not provide a description of the blacklist directive. This update corrects this error, and the blacklist directive is now included in the “OPTIONS” section of the kdump.conf(5) manual page as expected.
kdump crash recovery service were presented to a user in the original English version. This update corrects this error, and the Kdump section of the firstboot application no longer contains untranslated strings.
/etc/modprobe.d/modprobe.conf file caused the utility to stop responding. With this update, this error no longer occurs, and mkdumprd now works as expected.
kdump service did not take into account the value of the path option in the /etc/kdump.conf configuration file, and always saved the vmcore file to the /var/crash/ directory. This update adapts the corresponding init script to ensure that kdump uses the directory specified in the configuration.
/usr/sbin/ directory.
kdump service to store core dumps over a network on a system that used channel bonding or bridging caused the mkdumprd utility to display the following error message on the service startup:
Netmask is missed!
kdump crash recovery service is unable to operate in Xen environment. With this update, an attempt to start kdump in such an environment fails with the “Kdump is not supported on this kernel” message.
/etc/kdump.conf configuration file contains the following line:
#core_collector cp --sparse=always
/bin/cp in the initial RAM disk (that is, by using the extra_bins directive) would cause the kdump crash recovery service to fail. This update corrects this error, and the above line is now followed by #extra_bins /bin/cp.
ml_IN language code), certain keyboard shortcuts on the Kdump screen did not work. This update corrects the Malayalam translation of the firstboot application, and all shortcuts can now be used as expected.
ml_IN language code), the first paragraph on the Kdump screen contained an incorrect string. This update adapts the Malayalam translation of the firstboot application, and the Kdump screen is now translated correctly.
kdump service on a system with a large amount of memory (that is, 1TB and more) caused kdump
to terminate unexpectedly with a segmentation fault. With this update,
the underlying source code has been adapted to address this issue, and kdump no longer crashes
kdump may have failed to resolve an IP address when storing a core dump to a remote server. This update corrects this error, and kdump no longer fails.
kdump
crash recovery service failed to start on IBM System x3850 X5 machines.
This update applies an upstream patch that extends the size of kcore ELF
headers. Now, kdump can be started on such machines as expected.
kdump service to store core dumps to a remote machine over the SSH protocol and changing the core collector to cp caused it to name core dump files vmcore.flat, even when the SCP (Secure Copy) protocol was used. This update corrects this error, and kdump now only uses the .flat file extension when the makedumpfile utility is used as the core collector.
kdump, the screen of the firstboot application incorrectly displayed the Enable kdump? check box as selected, but did not allow a user to change it. This error has been fixed, and the Enable kdump? check box is no longer displayed when the kdump service cannot be configured.
Insufficient memory to configure kdump!
kdump is not running before displaying this message.
initrd). This update adapts mkdumprd to use the /boot/ directory in this case. As a result, mounting the root partition as a read-only file system no longer renders mkdumprd unable to create an initial RAM disk.
kdump crash recovery service unable to recognize the disk drive. This update adapts the mkdumprd utility to ignore disk drive firmware revisions, and kdump now works as expected.
hpsa and cciss drivers, kdump is unable to save core dumps to certain HP Smart Array Controllers that use these drivers. This update ensures that the kdump service is disabled on such controllers.
crashkernel kernel parameter (such as crashkernel=4G-:256M) caused the firstboot application to terminate unexpectedly during the configuration of kdump. This update applies a patch to address this issue, and firstboot no longer crashes.
ru_RU language code) of the firstboot application, the first paragraph on the Kdump screen incorrectly contained the — string. This update corrects this error, and the Kdump section of the firstboot application is now translated correctly.
makedumpfile -V command caused the makedumpfile utility to terminate unexpectedly with a segmentation fault. This update applies an upstream patch that removes -V from the list of supported command line options, and running the above command no longer causes makedumpfile to crash.
kdump
service to store core dumps to a raw device caused it to display a
message similar to the following when a kernel crash occurred:
kill: cannot kill pid 887: No such process
kdump no longer display the above error message upon a kernel crash.
kdump service recovers the dump file at next startup. Previously, an attempt to use this configuration without the core_collector option specified in the configuration file caused kdump to fail to recover the core dump. With this update, the underlying source code has been adapted to use the makedumpfile utility by default, and kdump is now able to recover core dumps as expected.
kdump
crash recovery service, a dialog box appears and prompts a user to
reboot the system in order for the changes to take effect. Previously,
closing this dialog box by clicking the button had the same effect as clicking , and incorrectly initiated the system restart. This error no longer occurs, and clicking the button now only closes the dialog box as expected.
kdump service may have failed to create a core dump with the following error:
readmem: Can't read the dump memory(/proc/vmcore). Cannot allocate memory
kdump no longer fails to store the core dump.
tmpfs file system, rendering the kdump
service unable to start in a diskless environment. With this update,
the underlying source code has been adapted to allow the use of the tmpfs file system, so that kdump is now able to start on diskless nodes as expected.
-d option) set to 16 or 31 may have caused the utility to fail. This update applies a patch that addresses this issue, and makedumpfile now works as expected.
--override-resettable option. This allows system administrators to start the kdump service on otherwise unsupported devices, such as HP Smart Array Controllers that use the hpsa or cciss driver.
kdump crash recovery service was unable to find an LVM device identified by a universally unique identifier (UUID). Consequent to this, when a system crashed, kdump may have failed to write a core dump to such a device. This update fixes this error, and kdump now locates LVM devices according to their UUIDs as expected.
/etc/kdump.conf configuration file.
mkmountpoint and umount-all commands are considered incompatible. Mount points created with the mkmountpoint command become invalid after the umount-all command is used. This is now documented in the guestfish man page. Customers should note that it is possible to safely unmount devices that were mounted with mkmountpoint by using the umount command.
-net and vlan=... options in the qemu package are deprecated. To avoid relying on these deprecated options, libguestfs now uses the -netdev option instead.
vfs-type command could not determine the type of a file system newly created by guestfish. This occurred because the vfs-type command tried to read the type from a cache file (blkid.c)
that had not yet been updated. The cache file is now deleted between
file system creation and attempting to read the file system type,
resulting in updated file system information for vfs-type to read.
$HOME variable was not set, guestfish did not expand a path containing ~ (tilde) into a path to the user's home directory. Guestfish now examines the current user's passwd file for the location of the user's home directory so that a path containing ~ can be expanded correctly.
umask. This has been corrected, and guestfish commands that return integers now return them in the natural radix for that number.
get-e2uuid command retrieved file system UUIDs via tune2fs -l.
This failed on journaling block devices (JBDs) and other devices that
were not second, third or fourth extended file systems (ext2, ext3 or
ext4). get-e2uuid has been reimplemented so that it retrieves UUIDs via blkid instead of tune2fs -l, resolving this issue. However, since the get-e2uuid command has been deprecated, customers are advised to retrieve UUIDs with the vfs-uuid command instead.
virt-ls at the command line. The following has been added to the libguestfs documentation:
Libvirt guest names can contain arbitrary characters, some of which have meaning to the shell such as#and space. You may need to quote or escape these characters on the command line. See the shell manual pagesh(1)for details.
virt-list-filesystems at the command line. The following has been added to the libguestfs documentation:
Libvirt guest names can contain arbitrary characters, some of which have meaning to the shell such as#and space. You may need to quote or escape these characters on the command line. See the shell manual pagesh(1)for details.
checksum command contained a file descriptor that was not closed properly in an error path. If the checksum command resulted in an error, this would later prevent the file system from being unmounted with either umount or umount-all. The file descriptor is now closed properly on the error path, so an error in checksum no longer causes problems unmounting file systems.
/etc/fstab of a guest machine contained a reference to a floppy disk (/dev/fd0), both virt-inspector and virt-v2v printed the following harmless warning during inspection or conversion:
unknown filesystem /dev/fd0
/etc/fstab.
/etc/fstab of a guest machine contained a reference to a CD-ROM drive (/dev/hdc), both virt-inspector and virt-v2v printed the following harmless warning during inspection or conversion:
unknown filesystem /dev/hdc
/etc/fstab.
virt-filesystems command failed
when used against a guest which had a missing or corrupt file system
label. This command has been updated to handle guest file systems with
missing or corrupt file system labels.
/etc/fstab did not exist, the guestfish -i command failed with a "No such file or directory" error. In the event of missing devices, guestfish now completes, and reports that some file systems could not be mounted.
libguestfs: trace:)
is now added to the beginning of each line of the trace output so that
it can be easily distinguished and filtered out of logs with the grep command or similar.
virt-make-resize. This reference should have been to the virt-make-fs tool. The man page has been corrected.
set-trace
command was not prepared to handle all possible error conditions. This
resulted in a segmentation fault when attempting to handle several
conditions. The command now handles trace errors separately, so the
segmentation fault no longer occurs.
/etc/fstab of a guest machine contained a reference to a virtio disk (/dev/vda1), virt-inspector printed a warning and ignored the virtio disk. The warning has been suppressed, and virtio disks are now recognized by virt-inspector.
libvirt
library to upstream version 0.8.7, fix a number of bugs, and add
various enhancements and new features are now available for Red Hat
Enterprise Linux 6.
CHANGELOG file installed to /usr/share/doc/libvirt-0.8.7 when the updated package is installed.
virDomainSetMemory() setting, making it impossible to set a hard limit on guest memory consumption. New virDomainGetMemoryParameters and virDomainSetMemoryParameters methods have been introduced to allow users to fine-tune and enforce memory limits.
downtime setting is increased. However, libvirt was sending an incorrectly formatted request to increase the downtime setting of a guest. This update corrects the format of this request to assist in live migration completion.
virsh managedsave dom)
even if it failed to restore and start the domain using that file. This
caused data loss. The managed state file is now removed only if the
restore operation succeeds.
%post script (part of the libvirt-client package) started the libvirt-guests service even when the service was explicitly turned off. The libvirt-guests service is no longer started when explicitly turned off.
virsh vcpuinfo or setting up virtual CPU pinning on a host machine that used NUMA, virsh vcpuinfo showed the incorrect number of virtual CPUs. Virtual CPU pinning could also fail because libvirt reported an incorrect number of CPU sockets per NUMA node. Virtual CPUs are now counted correctly.
/var/lib/libvirt
directory to change when a system was upgraded. With this update,
correct permissions are assigned to the aforementioned directory.
<boot> element has been introduced, which can be used to specify the exact order of boot devices.
dnsmasq with the correct options so that these statically configured addresses are properly served to the guests.
virsh freecell command could be
run with an invalid (non-integer) argument without error, and the free
memory for node 0 would still be printed. The validity of the argument
is now checked, and an error message is now printed when an invalid
value is detected.
virsh detach-interface command was used on a domain with multiple NICs, but a particular MAC address was not specified with --mac, virsh detached the first interface without error. The --mac option is now required where a domain has multiple NICs, and an appropriate error message has been added.
virsh attach-disk, virsh set phy
as the driver value by default. Because this value is not supported
everywhere, the disk did not persist over domain shutdown, and could
prevent domain startup. This update corrects virsh behavior such that
the driver value is not set if it is not provided by the user.
setvcpus commands resulted in unknown errors. More useful error messages have been added to this command.
auth data caused unrelated data to be overwritten, which caused a crash in libvirt. The error has been corrected, and auth can now be set without issue.
forward-delay or stp-enable
parameters. The string is no longer freed prematurely, and in the event
of a problem with these parameters, users receive a specific error
message.
openssl x509 -in clientcert.pem -text). This command has been replaced with the following command, which gives more helpful, accurate output:
certtool -i --infile /etc/pki/libvirt/clientcert.pem
--all option has been added to the virsh freecell command to allow the command to iterate across all nodes instead of forcing users to run the command manually on each node. virsh freecell --all will list the free memory on all available nodes.
-redhat-disable-KSM flag.
virsh documentation has been updated to clarify usage of the cpu_shares parameter.
virsh documentation has been updated to remove references to the deprecated virt-mem command.
virsh documentation for the setvcpus, setmem, and setmaxmem sub-commands has been updated to correct and expand the information available for these sub-commands.
libvirtd. Access it with the man libvirtd command.
root or luci attempted to run the luci
init script, the service failed to start and a traceback was written to
standard error. With this update, the init script has been corrected to
terminate with exit code 4 in this case.
luci.log log file. This error has been fixed, and luci now correctly displays “Unknown fence device type” when an unknown or unsupported fence device is encountered.
luci.log log file:
DeprecationWarning: BaseException.message has been deprecated as of Python 2.6
cluster.conf
configuration file or shut down the clustering on the nodes. This
update corrects this error, and users are now allowed to completely
destroy a whole cluster by selecting all of its nodes and clicking the Delete button.
ricci daemon encountered an error, previous version of luci
did not present this error to a user and displayed a generic error
message instead. In order to make it easier to determine the cause of
such errors, this update adapts luci to display the error messages reported by ricci.
fence_scsi
from being unfenced at boot time. With this update, the underlying
source code has been adapted to provide this functionality, and users
are now allowed to configure unfencing from the user interface.
No nodes from this cluster could be contacted. The status of this cluster is unknown.
nodename parameter for the fence_scsi fence agent correctly. This update corrects this error, and the nodename parameter is now handled properly.
fence_egenera
fence agent correctly. With this update, the underlying source code has
been modified to address this issue, and the username for fence_egenera is now handled correctly.
luci.log log file. This error no longer occurs, and users are now allowed to configure such nodes as expected.
luci.log log file:
AttributeError: 'ClusterNode' object has no attribute 'getID'
OracleListener and OracleInstance resource agents has been added.
ricci daemon on an interface different from the one that is used for the cluster communication.
fence_cisco_ucs fence agent has been added.
fence_rhev fence agent has been added.
fence_brocade to the list of supported fence agents.
request failed: error reading the headers
PKCS#11 module interface used a wrong object type which caused it to return an object with an invalid CKA_CERTIFICATE_TYPE attribute. With this update, the softokn PKCS#11 module interface uses the correct object type.
IPv6 is enabled caused it to enter a loop in the test part of the rebuild. With this update, the selfserv
test tool has been modified to use a dual-stack IPv6 listening socket,
which can accept connections from both IPv4 and IPv6 clients.
certutil -H command was missing the -W option (which changes the password to a key database). With this update, the -W option has been added to the help page.
pk12util command) did not work for private keys placed in the /etc/pki/nssdb/ directory due to permission restrictions. This update addresses this issue, and the nss-sysinit module now enables the root user to import private key.
This Connection is Untrusted.
error even though the web page had a valid security certificate. With
this update, this issue has been fixed and visiting the specific web
site no longer returns SSL errors.
PKCS#8 encoded PEM (Privacy Enhanced Mail) RSA private key files could not be read by nss and resulted in an error when being imported. With this update, nss correctly handles the aforementioned files.
SECKEY_DestroyPublicKey(SECKEY_ImportDERPublicKey(…)) function.
pkcs11.txt file, it took the current umask (user mask) into an account. However, if run with restrictive umask settings, the pkcs11.txt file could be created with permissions that did not allow non-privileged users to read it. This could cause nss-sysinit to remain disabled even when it was intended to be enabled. With this update, the permissions of the pkcs11.txt file are changed at the end of the run of the setup-nsssysinit.sh script, fixing this issue.
%verify(not md5 size mtime) declarations have been added to the configuration files.
OpenLDAP command and using
the LDAPTLS_CACERTDIR variable to pass in an arbitrary directory
containing other directories caused the command to abort because
OpenLDAP tried to pass down the directory as a file. With this update,
specified files that are directories are properly rejected in the
aforementioned case.
PayPalEE.cert certificate expired on Oct 31, 2010, which caused the nss package to fail to build. This update prolongs this expiration date of this certificate, and the nss package no longer fails to build.
Error parsing *roff command from file /usr/share/man/man8/nslcd.8.gz
README.nss file. This update adds the file to the documentation.
crm_standby not available, check your installation
AttributeError: 'PackageKitYumBase' object has no attribute 'prerepoconf'
ERROR: pam_pkcs11.c:334: no suitable token available
ERROR: pam_pkcs11.c:445: open_pkcs11_login() failed: Login incorrect