| RHE Linux 6.3 Technical NotesUpdated tog-pegasus packages that fix two bugs are now available for Red Hat Enterprise Linux 6. The tog-pegasus packages provide OpenPegasus Web-Based Enterprise Management (WBEM) services for Linux. WBEM enables management solutions that deliver increased control of enterprise resources. WBEM is a platform and resource independent Distributed Management Task Force (DMTF) standard that defines a common information model (CIM) and communication protocol for monitoring and controlling resources from diverse sources. Bug Fixes- BZ#796191
Previously, with the Single Chunk Memory Objects (SCMO) implementation, empty string values in embedded instances were converted to null values during the embedded CIMInstance to SCMOInstance conversion. This was due to the usage of the _setString() function that set the string size to 0 if the string was empty. This broke functionality of the existing providers. A backported upstream patch uses the _SetBinary() function instead which is already used while setting the string values on the normal SCMOInstance. - BZ#799040
Previously, the tog-pegasus packages did not provide a generic "cim-server", which could be required by packages that do not need a specific implementation of the CIM server as a dependency. With this update, the tog-pegasus packages provide a generic "cim-server" that can be required by such packages.
All users of tog-pegasus are advised to upgrade to these updated packages, which fix these bugs. Updated tomcat6 packages that fix a bug are now available for Red Hat Enterprise Linux 6. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Bug Fix - BZ#852868
When a web application used its own class loader when compiling JSP, a deadlock in Tomcat WebappClassLoader could occur. This update fixes the synchronization bug and external class loaders no longer interfere with WebappClassLoader.
Users of tomcat6 are advised to upgrade to these updated packages, which fix this bug. Updated tomcat6 packages that fix several bugs and provide an enhancement are now available for Red Hat Enterprise Linux 6. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Bug Fixes- BZ#697968
Previously, in certain cases, if "LANG=fr_FR" or "LANG=fr_FR.UTF-8" was set as an environment variable or in "/etc/sysconfig/tomcat6" on 64-bit PowerPC systems, Tomcat may have failed to start correctly. With this update, Tomcat works as expected when LANG is set to "fr_FR" or "fr_FR.UTF-8". - BZ#701759
The "/usr/sbin/tomcat6" wrapper script used a hard-coded path to the "catalina.out" file, which could have caused problems (such as logging init script output) if Tomcat was being run with a user other than "tomcat" and with CATALINA_BASE set to a directory other than the default. With this update, the wrapper script redirects output to ${CATALINA_BASE}/logs/catalina.out for all "start", "start-security", and "stop" actions. - BZ#748813
Using the URL class coupled with the setChunkedStreamingMode() function caused a null pointer exception error and HTTP response status code 405 was returned. A patch has been applied which adds a check for form data before processing. If the requested body length is zero, a null is returned without further processing. As a result, the error no longer occurs in the scenario described. - BZ#783567
Due to a regression, when a JavaServer Pages (JSP) tag that does not allow JSP Expression Language (EL) expression values (such as struts 2 tags) was used, and one of the attributes was passed a certain value (such as a backslash), the parser threw the following exception: According to TLD or attribute directive in tag file, attribute value does not accept any expressions JSP parsing utilizes the directive attribute "deferredSyntaxAllowedAsLiteral" which determines if deferred statements are treated as literals. The default is false. If true, the "#" sign will not be treated as an escape. This update applies an upstream patch and the problem no longer occurs.
Enhancement- BZ#782400
With this update, the tomcat6 dependency on redhat-lsb has been removed. Red Hat Enterprise Linux tomcat6 strives to have Linux Standards Base (LSB) compliant systemv init scripts. However, Java has been absent from the list of compliant binaries since 2011. Since Tomcat runs in the Java Virtual Machine (JVM), there is little that can be done in addition to the init script compliance. The redhat-lsb dependency can be removed with very little risk.
Users are advised to upgrade to these updated tomcat6 packages, which provide numerous bug fixes and enhancement. Updated trace-cmd packages that add one enhancement are now available for Red Hat Enterprise Linux 6. The trace-cmd packages contain a command line tool that interfaces with ftrace in the kernel. Enhancement- BZ#632061
This update adds support for the "-i" option that can be used to ignore events. By default, if an event is listed but cannot be found by the trace-cmd utility on the system, the utility exits. This option allows trace-cmd execution to continue even when an event is listed on the command line but cannot be found on the system.
All users of trace-cmd are advised to upgrade to these updated packages, which add this enhancement. An updated tsclient package that fixes one bug is now available for Red Hat Enterprise Linux 6. The tsclient utility is a GTK2 front end that makes it easy to use the Remote Desktop Protocol client (rdesktop) and vncviewer utilities. Bug Fix- BZ#734826
When opening an X Display Manager Control Protocol (XDMCP) connection using the tsclient utility, tsclient could terminate unexpectedly with a segmentation fault. A patch has been applied to address this issue, so that an XDMCP connection is now started correctly for the configured host.
All users of tsclient are advised to upgrade to this updated package, which fixes this bug. Updated tuned packages that fix two bugs and add two enhancements are now available for Red Hat Enterprise Linux 6. The tuned package contains a daemon that tunes system settings dynamically. It does so by monitoring the usage of several system components periodically. Bug Fixes- BZ#747210
When the diskdevstat or netdevstat tool was run with wrong command-line arguments, the tool returned a compilation error and exited. Both tools have been fixed to check the command-line arguments. With this update, a short usage help message is printed in the described scenario, describing the available options. - BZ#725497
When the tuned utility was running in a virtual guest, the disk-scheduler setting was not applied on virtual disks (vd*). Now, default configuration files that cover virtual disks have been updated and the disk-scheduler setting is now applied on the virtual disks in virtual guests.
Enhancements- BZ#740976
With this update, a new "virtual-host" profile has been added to the tuned package, providing fine-tuned profile for hypervisors managed by Red Hat Enterprise Virtualization Manager. - BZ#740977
With this update, a new "virtual-guest" profile for virtual systems has been added to the tuned package, providing fine-tuned profile for Red Hat Enterprise Linux 6 KVM virtual guests.
Users of tuned are advised to upgrade to these updated packages which fix these bugs and add these enhancements. A new tzdata package that updates Daylight Saving Time observations for several countries is now available. The tzdata packages contain data files with rules for various time zones around the world. This updated package adds the following time-zone changes to the zone info database:Bug Fix - BZ#871993, 871791, 871994, 871995
On October 24 2012, the Jordanian Cabinet rescinded a 2012-10-14 instruction to switch from daylight saving time (DST) to standard time on 2012-10-26. Instead, Jordan will remain on local DST (ITC +3) for the 2012-2013 Jordanian winter. Cuba, which was scheduled to move back to standard time on 2012-11-12, switched to standard time on 2012-11-04. - BZ#871993, 871791, 871994, 871995
In Brazil, the North Region state, Tocantins, will observe DST in 2012-2013. This is the first time Tocantins has observed DST since 2003. By contrast, Bahia, a Northeast Region state, will not observe DST in 2012-2013. Like Tocantins, Bahia stopped observing DST in 2003. Bahia re-introduced DST on October 16 2011. On October 17 2012, however, Bahia Governor, Jaques Wagner, announced DST would not be observed in 2012, citing public surveys showing most Bahia residents were opposed to it. - BZ#871993, 871791, 871994, 871995
Israel has new DST rules as of 2013. DST now starts at 02:00 on the Friday before the last Sunday in March. DST now ends at 02:00 on the first Sunday after October 1, unless this day is also the second day of (Rosh Hashanah). In this case, DST ends a day later, at 02:00 on the first Monday after October 2. The Palestinian territories, which were scheduled to move back to standard time on 2012-09-28, switched to standard time on 2012-09-21. Although Western Samoa has observed DST for two consecutive seasons (2010-2011 and 2011-2012), there is no official indication of DST continuing according to a set pattern for the foreseeable future. On 2012-09-04, the Samoan Ministry of Commerce, Industry, and Labour announced Samoa would observe DST from Sunday, 2012-09-30 until Sunday 2012-04-07.
All users, especially those in the locale affected by these time changes, and users interacting with people or systems in the affected locale, are advised to upgrade to this updated package, which includes these updates. Updated tzdata packages that add one enhancement are now available for Red Hat Enterprise Linux. The tzdata packages contain data files with rules for various time zones around the world. Enhancement - BZ#839271, BZ#839934, BZ#839937, BZ#839938
Daylight Saving Time will be interrupted during the holy month of Ramadan in Morocco (that is July 20 - August 19, 2012 in the Gregorian Calendar). This update incorporates the exception so that Daylight Saving Time is turned off and the time setting returned back to the standard time during Ramadan.
All users of tzdata are advised to upgrade to these updated packages, which add this enhancement. New tzdata packages that add one enhancement are now available for Red Hat Enterprise Linux 3, 4, 5, and 6. The tzdata packages contain data files with rules for time zones. Enhancement - BZ#894030, BZ#894044, BZ#894045, BZ#894046
On Nov 10, 2012, Libya changed to the time zone UTC+1. Therefore, starting from the year 2013 Libya will be switching to daylight saving time on the last Friday of March and back to the standard time on the last Friday of October. The time zone setting and the daylight saving time settings for the Africa/Tripoli time zone have been updated accordingly.
All users of tzdata are advised to upgrade to these updated packages, which add this enhancement. Updated tzdata packages that add two enhancements are now available for Red Hat Enterprise Linux. The tzdata packages contain data files with rules for various time zones around the world. Enhancements - BZ#857904, BZ#857905, BZ#857906, BZ#857907
Daylight saving time in Fiji will start at 2:00 a.m. on Sunday, 21st October 2012, and end at 3 am on Sunday, 20th January 2013. - BZ#857904, BZ#857905, BZ#857906, BZ#857907
Tokelau was listed in an incorrect time zone for as long as the Zoneinfo project was in existence. The actual zone was supposed to be GMT-11 hours before Tokelau was moved to the other side of the International Date Line at the end of year 2011. The local time in Tokelau is now GMT+13.
All users of tzdata are advised to upgrade to these updated packages, which add these enhancements. Updated udev packages that fix one bug are now available for Red Hat Enterprise Linux 6. The udev packages implement a dynamic device-directory, providing only the devices present on the system. This dynamic directory runs in user space, dynamically creates and removes devices, provides consistent naming, and a user-space API. Bug Fix- BZ#829703
Due to a bug in the binutils linker, the libudev library lost the ExecShield (GNU_RELRO) section, and was no longer protected by the Exec Shield security mechanism. This update provides a patch which ensures that the libudev library contains the ExecShield (GNU_RELRO) section again.
All users of udev are advised to upgrade to these updated packages, which fix this bug. Updated udev packages that fix multiple bugs are now available for Red Hat Enterprise Linux 6. The udev packages implement a dynamic device-directory, providing only the devices present on the system. This dynamic directory runs in user space, dynamically creates and removes devices, provides consistent naming, and a user-space API. The udev package replaces the devfs package and provides better hot plug functionality. Bug Fixes- BZ#784648
Previously, libudev's function udev_device_get_devnode() returned NULL if the function was called before the udevd daemon processed the uevent for the device node. With this update, the udev_device_get_devnode() function now returns the devnode provided by the kernel. - BZ#735410
Previously, the udev-post non-service script located in the /etc/init.d/ directory always returned a failure code on a status request. This bug has been fixed in this update so that the udev-post service now returns information on whether it has already been run. - BZ#628762
Previously, the udev(7) man page did not mention the "nowatch" option. With this update, the "nowatch" option is now properly documented in the udev(7) man page.
All users of udev are advised to upgrade to these updated packages, which fix these bugs. Updated unixODBC packages that fix one bug are now available for Red Hat Enterprise Linux 6. The unixODBC packages contain a framework that supports accessing databases through the ODBC protocol. Bug Fix - BZ#876488
When the isql utility was running in batch mode, which was activated by the "-b" command-line option, isql terminated unexpectedly with a segmentation fault upon receiving any SQL query. This bug has been fixed and isql no longer crashes in the described scenario.
All users of unixODBC are advised to upgrade to these updated packages, which fix this bug. An updated upstart package that fixes two bug and adds two enhancements is now available for Red Hat Enterprise Linux 6. The upstart package contains an event-based replacement for the /sbin/init daemon that starts tasks and services during boot, stops them during shut down, and supervises them while the system is running. Bug Fixes- BZ#771736
Previously, the PACKAGE_BUGREPORT variable pointed to a Ubuntu mailing list. The mailing list was therefore presented in multiple manual pages, which was unwanted. With this update, the value of the PACKAGE_BUGREPORT variable has been modified to "https://launchpad.net/upstart/+bugs", and users are now directed to that website rather than to the Ubuntu mailing list. - BZ#798551
Previous versions of upstart did not mount the proc and sys file systems. This was ensured by initscripts, which could, under certain circumstances, lead to race condition problems. With this update, upstart is used to mount the proc and sys file systems before launching anything else.
Enhancements- BZ#663594
Files with the ".conf" suffix located in the /etc/init/ directory are not considered as configuration files. As a consequence, such files are not protected during a package update and can be overwritten by new files. This update adds support for "override" files that contain user-specified settings. Now, it is possible to alter parameters provided by the aforementioned ".conf" files by creating a corresponding file with the ".override" suffix. - BZ#735427
Previously, the initctl scripts returned error messages that did not tell users how to run the particular command correctly to get the required output. This update adds a new stanza, "usage", that can be used to provide users with detailed information on how to run the particular command correctly if the input has been incorrect.
All users of upstart are advised to upgrade to this updated package, which fixes these bugs and adds these enhancements. Updated usbredir packages that fix a bug are now available for Red Hat Enterprise Linux 6. The usbredir packages provide a network protocol for sending USB device traffic over a network connection and a number of libraries to help implement support for this protocol. Bug Fix - BZ#858776
Due to a bug in the libusbredirhost library, handling of timeouts for bulk transfers did not work correctly. Consequently, traffic of USB ACM serial port devices, such as PSTN modems and SmartCard readers, could not be properly redirected. With this update, no timeout is set on the usb-host side for these devices and the traffic redirection works as expected.
Users who use USB redirection for Spice are advised to upgrade to these updated packages, which fix this bug. Updated util-linux-ng packages that fix a bug are now available for Red Hat Enterprise Linux 6. The util-linux-ng packages contain a set of low-level system utilities that are necessary for a Linux operating system to function. Bug Fix - BZ#864367
When the telnetd daemon was used to log in to a server, the login utility failed to update the /var/run/utmp file properly. Consequently, the line used for a previous session in /var/run/utmp was not reused, thus growing the file unnecessarily. A patch has been provided to address this issue and the login utility now always updates /var/run/utmp as expected.
Users of util-linux-ng are advised to upgrade to these updated packages, which fix this bug. Updated util-linux-ng packages that fix several bugs are now available for Red Hat Enterprise Linux 6. The util-linux-ng packages contain a set of low-level system utilities that are necessary for a Linux operating system to function. Bug Fixes- BZ#588419
The console login time-out value was set to 60 seconds. This could cause the login to time out during the name lookup process on systems with broken DNS (Domain Name Service). With this update, the timeout value has been prolonged to 180 seconds to allow the login process to complete name lookups under these circumstances. - BZ#740163
The "fdisk -l" and "sfdisk -l" commands returned confusing warnings for unpartitioned devices similar to the following: Disk /dev/mapper/[volume name] doesn't contain a valid partition table With this update, the commands ignore unpartitioned devices and the problem no longer occurs. - BZ#785142
Previously, after the installation of the uuidd package, the uuidd daemon was not enabled by default. With this update, the underlying code has been modified and the uuidd daemon is enabled after installation as expected and can be started by the init script after reboot. - BZ#797888
Previously, the script command did not work correctly if called from the csh shell in the /etc/csh.login file. The child processes created by the script inherited the SIGTERM ignore property from csh and could not be terminated with the signal. With this update, the script resets the SIGTERM setting so that the shell is started with the default SIGTERM behavior and its children accept signals as expected.
All users of util-linux-ng are advised to upgrade to these updated packages, which fix these bugs. Updated valgrind packages that fix one bug and add one enhancement are now available for Red Hat Enterprise Linux 6. The valgrind packages provide a programming utility for debugging memory, detecting memory leaks, and profiling. Bug Fix- BZ#757728
Prior to this update, the "memalign" and "posix_memalign" replacements could only handle alignments of 1 MB maximum. As a consequence, running qemu-kvm in valgrind could cause alignment errors. This update modifies the underlying code so that memalign and posix_memalign replacement can now handle alignments up to 4 MB.
Enhancement- BZ#739143
With this update, valgrind has been updated to provide complete support for IBM POWER7 Series and VPN-1 Power VSX hardware as well as support for Decimal Floating Point (DFP).
All users of valgrind are advised to upgrade to these updated packages, which fix this bug add this enhancement. Updated vim packages that fix multiple bugs are now available for Red Hat Enterprise Linux 6. Vim (Vi IMproved) is an updated and improved version of the vi editor. Bug Fixes- BZ#594997
Previously, when using the VimExplorer file manager with the locale set to Simplified Chinese (zh_CN), the netrw.vim script inserted an unwanted "e" character in front of file names. The underlying code has been modified so that file names are now displayed correctly, without unwanted characters. - BZ#634902
The spec file template that was used when new spec files were edited contained outdated information. With this update, the spec file template is updated to adhere to the latest spec file guidelines. - BZ#652610
When using the file explorer in a subdirectory of the root directory, the "vim .." command displayed only part of the root directory's content. A patch has been applied to address this issue, and the "vim .." command now lists the content of the root directory properly in the described scenario. - BZ#663753
Due to a typographic error in the filetype plug-in, the vim utility could display the httpd configuration files with incorrect syntax highlighting. This update corrects the errors in the filetype plug-in, and the httpd configuration files are now displayed with the correct syntax highlighting.
All users of vim are advised to upgrade to these updated packages, which fix these bugs. An updated vino package that fixes several security issues is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) associated with each description below. Vino is a Virtual Network Computing (VNC) server for GNOME. It allows remote users to connect to a running GNOME session using VNC. Security Fixes - CVE-2012-4429
It was found that Vino transmitted all clipboard activity on the system running Vino to all clients connected to port 5900, even those who had not authenticated. A remote attacker who is able to access port 5900 on a system running Vino could use this flaw to read clipboard data without authenticating. - CVE-2011-0904, CVE-2011-0905
Two out-of-bounds memory read flaws were found in the way Vino processed client framebuffer requests in certain encodings. An authenticated client could use these flaws to send a specially-crafted request to Vino, causing it to crash. - CVE-2011-1164
In certain circumstances, the vino-preferences dialog box incorrectly indicated that Vino was only accessible from the local network. This could confuse a user into believing connections from external networks are not allowed (even when they are allowed). With this update, vino-preferences no longer displays connectivity and reachable information. - CVE-2011-1165
There was no warning that Universal Plug and Play (UPnP) was used to open ports on a user's network router when the "Configure network automatically to accept connections" option was enabled (it is disabled by default) in the Vino preferences. This update changes the option's description to avoid the risk of a UPnP router configuration change without the user's consent.
All Vino users should upgrade to this updated package, which contains backported patches to resolve these issues. The GNOME session must be restarted (log out, then log back in) for this update to take effect. Updated vios-proxy packages that fix one bug are now available for Red Hat Enterprise Linux 6. The vios-proxy program suite creates a network tunnel between a server in the QEMU host and a client in a QEMU guest. The proxied server and client programs open normal TCP network ports on localhost and the vios-proxy tunnel connects them using QEMU virtioserial channels. Bug Fix- BZ#743723
Previously, the packages did not contain manual pages for the vios-proxy-host and vios-proxy-guest daemons. With this update, these manual pages are now available.
All users of vios-proxy are advised to upgrade to these updated packages, which fix this bug. An updated virtio-win package that fixes two bugs is now available for Red Hat Enterprise Linux 6. The virtio-win package provides paravirtualized network drivers for most Microsoft Windows operating systems. Paravirtualized drivers are virtualization-aware drivers used by fully virtualized guests running on Red Hat Enterprise Linux. Fully virtualized guests using the paravirtualized drivers gain significantly better I/O performance than fully virtualized guests running without the drivers. Bug Fixes - BZ#838523
A bug in the virtio serial driver could cause a Stop Error (also known as Blue Screen of Death, or BSoD) which occurred on a guest machine when transferring data from the host. This update fixes the bug in the driver so that the guest machine no longer crashes with Blue Screen of Death in this scenario. - BZ#838655
The QXL driver included in the previous version of the virtio-win package was not digitally signed. The QXL driver provided in this update in digitally signed.
All users of virtio-win are advised to upgrade to this updated package, which fixes these bugs. An updated virtio-win package that fixes multiple bugs and adds various enhancements is now available for Red Hat Enterprise Linux 6. The virtio-win package provides paravirtualized network drivers for most Microsoft Windows operating systems. Paravirtualized drivers are virtualization-aware drivers used by fully virtualized guests running on Red Hat Enterprise Linux. Fully virtualized guests using the paravirtualized drivers gain significantly better I/O performance than fully virtualized guests running without the drivers. Bug Fixes - BZ#492777
Previously, if a Microsoft Windows guest machine sent more tx fragments than 256 (the ring size), the NetKVM driver dropped packets. To prevent this problem, indirect ring support has been implemented in the NetKVM driver. - BZ#759361
Previously, user were not able to update the rx and tx parameters in Windows Registry by using the NetKVMConfig utility. Although the utility reported that the parameters had been changed, the change was not displayed in the Windows Device Manager. This was due to incorrect NetKVMConfig parameters changing handler, which has been fixed, so that NetKVMConfig now works as expected and users can update the rx and tx parameters. - BZ#753723
Previously, the block driver (viostor) did not provide support for obtaining serial numbers of virtio block devices from QEMU. The serial numbers were therefore not available on Windows guest machines. With this update, a serial number of a virtio block device is now retrieved from miniport during the find adapter phase. - BZ#752743
Prior to this update, the block driver (viostor) driver did not reject write requests to read-only volumes. Attempting to format a read-only volume caused the guest to stop with an EIO error. With this update, if the target volume has the read-only flag, the guest does not stop, and write requests are completed with an error. Attempting to format or write to a read-only volume are now rejected by the viostor driver. - BZ#751952
Previously, if the "Fix IP checksum on LSO" option in Microsoft Windows Device Manager was disabled, users were not able to transfer data from a guest machine to the host machine using the winscp utility. To prevent this problem, it is no longer possible to disable the "Fix IP checksum on LSO" option. - BZ#803950
A bug in the balloon driver could cause a stop error (also known as Blue Screen of Death, or BSoD) if a guest machine entered the S3 (suspend to RAM) or S4 (suspend to disk) state while performing memory balooning on it. The bug in the balloon driver has been fixed, and the stop error no longer occurs under these circumstances. - BZ#810694
Previously, incorrect flush requests handling could lead to a race condition in the block driver (viostor). Under heavy load, usually when using the "cache=writeback" option, the flush handler was executed asynchronously without proper synchronization with the rest of request processing logic. With this update, execution of the flush request is synchronized with the virtio Interrupt Service Routine (ISR), and the race condition no longer occurs in this scenario. - BZ#771390
The viostor utility did not check the size of an incoming buffer. Applications could send buffers larger than the maximum transfer size to the viostor driver directly by bypassing the file system stack. The buffer size is now reduced if it is bigger that the maximum transfer size. The viostor driver can now properly handle requests with buffers of any size.
Enhancements - BZ#677219
Previously, it was not possible to resize non-system disks online, without reboot. This update adds support for online resizing of VirtIO non-system disks. - BZ#713643
This update provides optimized offload RX IP checksum for the virtio_net driver. - BZ#808322
Offload parameters for the virtio-win network driver have been updated. Multiple parameters are now set to "enabled" by default. To edit parameters of an installed driver, open Microsoft Windows Device Manager, choose "Red Hat VirtIO Ethernet Adapter" from the "Network Adapters" list and click on the "Advanced" tab.
All users of virtio-win are advised to upgrade to this updated package, which fixes these bugs and adds these enhancements. Updated virt-manager packages that fix multiple bugs and add one enhancement are now available for Red Hat Enterprise Linux 6. The Virtual Machine Manager (virt-manager) is a graphical tool for administering Kernel-based Virtual Machines (KVM) using libvirt. Bug Fixes- BZ#741937, BZ#769192
Prior to this update, the virt-manager tool did not change all required XML elements when changing the disk bus of a guest from IDE to virtio, or vice versa. As a consequence, virt-manager could create invalid XML elements that libvirt accepted but then the guest failed to boot. This update modifies the underlying code to change all required XML elements and guests start now as expected. - BZ#742055
Prior to this update, the virt-manager tool could, under certain circumstances, receive an error from libvirt if virt-manager tried to read a domain's information while that domain was shutting down. As a consequence, the libvirt connection in the user interface (UI) was incorrectly closed. This update modifies the underlying code to expect errors in this case and not close the libvirt connection. - BZ#747490
Prior to this update, the glib integration did not work correctly. As a consequence, serial consoles of virtual machines could stall when transferring large amounts of data. This update modifies the underlying code to allow the transfer of larger amounts of data without stalling. - BZ#750225
Prior to this update, graphical scaling did not work for SPICE graphics in the virt-manager tool. This update modifies the underlying code to connect the UI scaling selection element to the spice back end. - BZ#803600
Prior to this update, the virt-manager tool could close with a segmentation fault if the user deleted several storage volumes in quick succession due to data locking when deleting the storage volume. This update modifies the virt-manager threads to allow deleting of storage volumes in quick succession. - BZ#811316
Prior to this update, the virt-manager tool could, did not correctly clean up certain internal state. As a consequence, closing and reopening a graphical window of a guest did not reopen the graphical console. This update modifies the underlying code to ensure that the graphical console connection is correctly reopened. - BZ#816279
Prior to this update, the virt-manager tool did not correctly using the graphics listen address attribute in the configuration of the virtual machine, and would always try to connect to the guest with an SSH tunnel. This could break graphical console connections if "listen=" was set to an explicit interface address. This update modifies the underlying code to ensure that virt-manager now correctly connects to these addresses.
Enhancement- BZ#716673
Prior to this update, the default disk image format for disk images used for newly created virtual machines was "raw" and could not be changed. This update adds the new "qcow2" option.
All users of virt-manager are advised to upgrade to these updated packages, which fix these bugs and add this enhancement. 5.350. virt-top and ocaml-libvirtUpdated virt-top and ocaml-libvirt packages that fix two bugs are now available. The virt-top utility displays statistics of virtualized domains and uses many of the same keys and command line options as the top utility. The ocaml-libvirt package provides OCaml (Objective CAML) bindings for libvirt, allowing users to write OCaml programs and scripts which control virtualization features. Bug Fix- BZ#737728
Output of the "virt-top -1" command (which displays physical CPU usage) did not contain all the needed information from libvirt in order to provide accurate accounting of physical CPU usage. With this update, the underlying source code has been modified to address this issue, and the "virt-top -1" output now displays accurate statistics.
All users of virt-top and ocaml-libvirt are advised to upgrade to these updated packages, which resolve these issues. Updated virt-v2v packages that fix a bug are now available for Red Hat Enterprise Linux 6. The virt-v2v packages provide a tool for converting virtual machines to use the KVM (Kernel-based Virtual Machine) hypervisor or Red Hat Enterprise Virtualization. The tool modifies both the virtual machine image and its associated libvirt metadata. Also, virt-v2v can configure a guest to use VirtIO drivers if possible. Bug Fix - BZ#872496
Previously, when the virt-v2v utility was used to convert a virtual machine (VM) from a foreign hypervisor (such as Xen or VMware) to Red Hat Enterprise Virtualization, it set the vm_snapshot_id identifier of all disks of that VM incorrectly. Consequently, various problems occurred while doing a large number of tasks on this VM from the side of Red Hat Enterprise Virtualization. With this update, a unique identifier is generated for each disk in the described scenario, thus preventing this bug.
Users of virt-v2v are advised to upgrade to these updated packages, which fix this bug. Updated virt-v2v packages that fix multiple bugs and add various enhancements are now available for Red Hat Enterprise Linux 6. The virt-v2v packages provide a tool for converting virtual machines to use the KVM ( Kernel-based Virtual Machine) hypervisor or Red Hat Enterprise Virtualization. The tool modifies both the virtual machine image and its associated libvirt metadata. Also, virt-v2v can configure a guest to use VirtIO drivers if possible. The virt-v2v packages have been upgraded to upstream version 0.8.7, which provides a number of bug fixes over the previous version. (BZ# 753732) Bug Fixes - BZ#737600
Previously, a converted Microsoft Windows XP guest could terminate unexpectedly on boot with a STOP error (also known as Blue Screen of Death, or BSoD). The error could be triggered if the guest was configured with a CPU or chipset driver that malfunctioned when the CPU or chipset was not present; this only occurred when converting Physical-to-Virtual, or P2V, machines. With this update, the registry keys related to certain services known to cause problems are deleted during the conversion process. The converted guest now boots as expected after the conversion process. - BZ#767262
When converting a Physical-to-Virtual (P2V) or a Virtual-to-Virtual (V2V) machine to run on Red Hat Enterprise Virtualization systems, virt-v2v failed with a write error when attempting to write to the target export storage domain. This happened if the target system did not use the standard UID and GID for ownership of the target Red Hat Enterprise Virtualization export storage domain. With this update, virt-v2v checks the local system for the UID of "vdsm" and the GID of "kvm". If present, the values are treated as the values required to write to the Red Hat Enterprise Virtualization export storage domain, and the conversion succeeds in the described scenario. - BZ#751293
When running the virt-v2v utility and the /var/lib/virt-v2v/ directory did not contain any files other than virt-v2v.db, the conversion failed with an error message similar to: /transfer0w34SV: umount: /sysroot/transfer0w34SV: not mounted at /usr/share/perl5/vendor_perl/Sys/VirtConvert/GuestfsHandle.pm line 193. at /usr/share/perl5/vendor_perl/Sys/VirtConvert/Config.pm line 262 The underlying source code has been modified to correctly handle situations when there is no software available locally for installation into a guest during conversion, and so ensures that the conversion succeeds. - BZ#737855
When converting a Xen HVM guest with references to /dev/xvdX devices in the fstab or GRUB device map file, the /dev/xvdX devices in these files were not updated. With this update, the virt-v2v and virt-p2v utilities now look in the Xen HVM guest configuration files during the conversion process for devices named /dev/xvdX as well as /dev/hdX. Both are treated as identical and either is converted to /dev/vdX. References to Xen paravirtualized block devices in fstab and device map of Xen HVM guest are now correctly updated during the conversion. - BZ#696779
Previously, the virt-v2v utility unconditionally marked all converted guests as a Server-type workload. This caused Desktop-type workload guests to be displayed incorrectly in Red Hat Enterprise Virtualization Manager. This update adds a new command-line option, --vmtype, which forces the conversion process to mark the newly created Red Hat Enterprise Virtualization virtual machine as either Desktop or Server. If --vmtype is omitted, virt-v2v attempts to determine the correct type. - BZ#787734
The new VMware Tools are split into multiple packages. Previously, when converting such a guest, the VMware Tools packages were not removed during the conversion process. This could cause warnings to be displayed in the converted guest or cause the guest to function incorrectly. The conversion process has been updated to recognize the new VMware Tools packages and remove them. The VMware Tools packages are now correctly removed during the conversion. - BZ#786115
When attempting to convert a guest which was accessed over an SSH connection and the target host had an SSH login banner configured, the conversion process could become unresponsive. With this update, SSH login banners are ignored and the conversion process completes as expected.
Enhancements - BZ#695406
Previously, the virt-v2v utility could be used to move a virtual machine from one environment to another, but not to move a workload from a physical server. With this update, users can move the server data over the network to a virtual environment by using the new virt-p2v tool. - BZ#768172
If the user used third-party kernel modules in a guest machine, and updated the kernel, the conversion could fail or the converted guest could fail to operate correctly. This was because the conversion process did not recognize third-party kernel modules. Users can now specify a "user-custom" capability for the guest operating system in the virt-v2v.conf file. All the dependencies of "user-custom" are installed during the conversion process.
All users of virt-v2v are advised to upgrade to these updated packages, which fix these bugs and add these enhancements. Updated virt-viewer packages that fix multiple bugs and add various enhancements are now available for Red Hat Enterprise Linux 6. Virtual Machine Viewer (virt-viewer) is a lightweight interface for interacting with the graphical display of a virtualized guest. Virtual Machine Viewer uses libvirt and is intended as a replacement for traditional VNC and SPICE clients. The virt-viewer packages have been upgraded to upstream version 0.5.2, which provides a number of enhancements over the previous version. Among these, this update adds support for a new client, known as remote-viewer, which obsoletes the need for the separately maintained spicec application. The remote-viewer utility provides a way for the Simple Protocol for Independent Computing Environments (SPICE) XPI plugin to connect to remote SPICE servers, which ensures a consistent user experience of the virt-viewer utility. (BZ# 784920) Bug Fixes - BZ#749759
The SPICE client cannot determine in advance whether a SPICE server requires a password for authentication. Thus, the SPICE client attempts to establish the connection and if it receives an authentication error, the client closes the connection, prompts the user for a password, and then reconnects to the SPICE server. Previously, the SPICE client was unable to perform the reconnection step when the connection to the server was using SSH tunneling. With this update, the SPICE client is allowed to request a new SSH tunnel connection to the SPICE server after obtaining the password from the user. Now, users are able to connect to password-protected SPICE servers when using an SSH tunnel. - BZ#784922
The virt-viewer utility has been modified to enable support for USB redirection introduced in the latest version of the spice-gtk packages. Users are now able to attach local USB devices to remote virtual machines using the SPICE protocol. - BZ#811191
Previously, the virt-viewer manual page did not describe the --attach, or -a, option. With this update, the virt-viewer manual page explains that libvirt can be used to directly attach virt-viewer to a local display instead of making a TCP/UNIX socket connection when using one of the aforementioned options. - BZ#749723
When running a guest while the user password is set, the virt-viewer application asks for authentication. However, due to incorrect signal handling, if the user canceled the dialog box, the following error message was returned: Unable to authenticate with remote desktop server at localhost:5900:Unable to collect credentials.Retry connection again? The underlying source code has been modified to ensure correct signal handling. Now, if virt-viewer receives a signal about a session being canceled, virt-viewer is disconnected and exits without error messages, as expected. - BZ#813375
Previously, the URI parsing code did not expect URIs containing square brackets, [ and ], around the host component. It was thus not possible to connect to a remote libvirt server whose URI address contained raw IPv6 addresses (for example qemu+ssh://root@[2001::xxxx:1]/system). With this update, the URI parsing has been fixed to take account of the IPv6 address syntax, so it is now possible to connect to remote libvirt servers using raw IPv6 addresses. - BZ#810544
On 32-bit Intel architectures, an arithmetic error caused inaccurate calculation of the desired window size. The error manifested itself as a one-pixel black bar appended to the bottom of the window in full-screen mode, thus causing the guest display to be unnecessarily scaled. The scaling code has been changed to round to the nearest integer instead of truncating, which avoids a reliance on precision of floating point calculations. On 32-bit Intel architectures, windows are resized such that scaling is not required if the guest display is small enough to fit on the host desktop. - BZ#819436
Due to a race condition, the following message could be displayed at the command line when closing the virt-viewer application: Segmentation fault (core dumped) The underlying source code has been modified to prevent the race condition from occurring, and virt-viewer now exits gracefully, without error messages. - BZ#816550
When reconnecting a guest with multiple monitors (for example after a restart), virt-viewer created new windows for the additional monitors, while the old windows still existed. This was because the GtkWindow object was not freed. This update modifies virt-viewer ensure that windows are closed when a display closes. - BZ#816280
With this update, the OK button label of the dialog box has been changed to Close.
All users of virt-viewer are advised to upgrade to these updated packages, which fix these bugs and add these enhancements. Updated virt-who packages that fix several bugs and add various enhancement are now available. The virt-who package provides an agent that collects information about virtual guests present in the system and reports them to the subscription manager. The virt-who package has been upgraded to upstream version 0.6, which provides a number of bug fixes and enhancements over the previous version. (BZ# 790000) Bug Fixes- BZ#746163
When the libvirtd daemon was stopped, the virt-who utility no longer received information about the state of the guest, and showed an inaccurate list of guest UUIDs. With this update, polling is used to check the connection to the libvirtd daemon, and the time for which the list of UUIDs is inaccurate was minimized. - BZ#813299
Prior to this update, the virt-who utility could not connect to the libvirt daemon due to a regression in the code that handles forking of the virt-who daemon. With this update, a connection is open to the libvirtd daemon after the fork of the virt-who daemon; thus, fixing this issue. - BZ#801657
This update includes a missing python-suds dependency into the virt-who specfile. The missing dependency was causing the virt-who daemon to fail to start. - BZ#806225
The virt-who daemon did not use double forking when it was started. Consequently, the daemon did not detach from the terminal correctly. With this update, virt-who uses double forking, and is able to correctly detach itself from the terminal. - BZ#815279
Previously, the virt-who utility could not handle all events that were being sent by the libvirtd daemon. If an unrecognized event was received, virt-who logged an IndexError in the logs, and returned a traceback error. With this update, virt-who handles all error events (even unknown), and no longer returns a traceback error.
Users are advised to upgrade to these updated virt-who packages, which resolve these issues and add these enhancement. An updated vsftpd package that fixes one bug is now available for Red Hat Enterprise Linux 6. The vsftpd package includes a Very Secure File Transfer Protocol (FTP) daemon, which is used to serve files over a network. Bug Fix - BZ#910371
The vsftpd daemon supports FTP clients that provide the set of commands "proxy ftp-command". These commands provide the ability to transfer data from one server to another through FTP client. Previously, the vsftpd version failed to establish data connections to another server opened with the "proxy get [file]" command and sent the data connection request to the client instead. With this update, the vsftpd version is able to establish data connections to another FTP server using the "proxy get [file]" command.
Users of vsftpd are advised to upgrade to this updated package, which fixes this bug. The vsftpd daemon must be restarted for this update to take effect. Updated vsftpd packages that fix multiple bugs are now available for Red Hat Enterprise Linux 6. The vsftpd package provides the VSFTP (Very Secure File Transfer Protocol) daemon. Bug Fixes- BZ#701300
Prior to this update, the configuration file specified the wrong default log file. As a consequence, the logrotate script could not find and consequently rotate the vsftpd log file which resulted in an unnecessarily large vsftpd log. This update specifies /var/log/xferlog as its default log file in /etc/vsftpd/vsftpd.conf, which enables log rotation on vsftpd log files. - BZ#708657
Prior to this update, the RLIMIT_AS value (100 MB) was insufficient. As a consequence, LDAP could not use vsftpd for authentication to the system. This update increases the initial RLIMIT_AS value to 200 MB, and vsftpd now can be used for LDAP authentication as expected. - BZ#717411
Prior to this update, vsftpd did not handle file transfer failures correctly if the ftp-data port was blocked on the File Transfer Protocol (FTP) client. As a consequence, vsftpd could become unresponsive. This update modifies the underlying code so that the vsftp daemon reports such failures to the FTP client and the data transfer is now terminated as expected. - BZ#745133
Prior to this update, the man page of the vsftpd.conf file contained incorrect default values for "max_per_ip" and "max_clients" options. This update introduces the correct default values for these two options. - BZ#752954
Prior to this update, the DNS reverse lookup feature could not be disabled. This update adds the "reverse_lookup_enable" parameter, which allows to enable or disable the DNS reverse lookup functionality. - BZ#765757
Prior to this update, vsftpd also listed the CHMOD command when the "chmod_enable" option was disabled. This update modifies the help file so that vsftpd no longer lists the CHMOD command when the command is disabled. - BZ#785061
Prior to this update, listing files could cause an overflow error if a directory contained files with a User or Group ID that was higher then the maximum value 2147483647 of the "signed int" data type. As a consequence, the FTP connection was terminated. This update modifies vsftpd to support UIDs and GIDs above the maximum value of the "unsigned int" data type. Directory content is now listed as expected in the scenario described. - BZ#785084
Prior to this update, the ls command did not support square brackets as wildcard characters in FTP connections. This update improves wildcard characters support in vsftpd and square brackets can now be used in regular expressions with the ls command. - BZ#785642
Prior to this update, the "listen()" function in vsftpd could, under certain circumstances, fail under heavy load. As a consequence, the socket became blocked. This update closes failed sockets and creates new a socket to cointinue listening.
All users of vsftpd are advised to upgrade to these updated packages, which fix these bugs. Updated wget packages that fix one bug are now available for Red Hat Enterprise Linux 6. The wget packages provide the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols. Wget provides various useful features, such as the ability to work in the background while the user is logged out, recursive retrieval of directories, file name wildcard matching or updating files in dependency on file timestamp comparison. Bug Fixes - BZ#754168
Prior to this update, the wget package contained a redundant URL to the wget upstream project. This update modifies the specification file to list the correct http://www.gnu.org/software/wget/. - BZ#814208
Prior to this update, the wget utility did not previously work as intended with the "-T, --timeout" option set when http server did not answer the SSL handshake. Wget source code has been patched, to ensure that wget aborts the connection when using --timeout option correctly. - BZ#714893
Prior to this update, the wget utility source code was lacking check of the HTTP response parsing function return value. In some cases, when HTTP response header was malformed (fuzzed), the parsing function returned error. Because the returned value was not checked, it then resulted in Segmentation Fault. This update adds check of the HTTP response parsing function return value in the wget source code. Now when HTTP response header is malformed (fuzzed) and the parsing function returns error, the following error message is thrown and wget retries the request. 2012-10-01 10:13:44 ERROR -1: Malformed status line.
All users of wget are advised to upgrade to these updated packages, which fix this bug. Updated wordnet packages that fix one bug are now available for Red Hat Enterprise Linux 6. WordNet provides a set of utilities and a lexical database to manage English words in sets of synonyms (synsets). Wordnet uses these synsets to generate a combination of dictionary and thesaurus and to support automatic text analysis. Bug Fix- BZ#658043
Prior to this update, WordNet encountered file conflicts when trying to install wordnet packages for 32-bit and 64-bit architectures on the same host. As a consequence, installing the second package failed. This update removes the conflicting auxiliary files from the packages. Now, WordNet is multi-architecture safe.
All users of wordnet are advised to upgrade to these updated packages, which fix this bug. Updated wpa_supplicant packages that fix one bug and add an enhancement are now available for Red Hat Enterprise Linux 6. The wpa_supplicant packages contain an 802.1X Supplicant with support for WEP, WPA, WPA2 (IEEE 802.11i / RSN), and various EAP authentication methods. It implements key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication/association of the WLAN driver. Bug Fix - BZ#855255
Previously, the supplicant would attempt to roam to slightly stronger access points, increasing the chance of a disconnection. This bug has been fixed and the supplicant now only attempts to roam to a stronger access point when the current signal is significantly degraded.
Enhancement - BZ#855273
Support for Opportunistic Key Caching (OKC), also known as Proactive Key Caching (PKC), has been added to WPA Supplicant to facilitate faster and less error-prone roaming between access points in the same network.
Users of wpa_supplicant are advised to upgrade to these updated packages, which fix this bug and add this enhancement. An updated wpa_supplicant package that fixes a bug is now available for Red Hat Enterprise Linux 6. The wpa_supplicant package contains a WPA (Wi-Fi Protected Access) Supplicant utility for Linux, BSD, and Windows with support for WPA and WPA2 (IEEE 802.11i/RSN). The supplicant is an IEEE 802.1X/WPA component that is used in client workstations. It implements key negotiation with a WPA Authenticator and it controls the roaming and IEEE 802.11 authentication and association of the WLAN driver. Bug Fix- BZ#752032
Due to an error in the wpa_supplicant code, Wi-Fi signal levels for some wireless devices reported by the Linux kernel's nl80211 API were not handled correctly. Consequently, the NetworkManager applet did not indicate the signal strength for unconnected networks. With this update, the code has been corrected and the NetworkManager applet now indicates signal strength for drivers using the nl80211 API as expected.
All users of wpa_supplicant are advised to upgrade to this updated package, which fixes this bug. Updated xfig packages that fix one bug are now available for Red Hat Enterprise Linux 6. The xfig packages contain the Xfig editor. Xfig is an open-source vector graphics editor, which allows you to create simple diagrams and figures. Bug Fix- BZ#806689
Security errata RHSA-2012:0095 changed the way ghostscript handles relative paths. Consequently, as Xfig relied on the original ghostscript behavior, it failed to open encapsulated postscript files and returned the execution stack ending with the following error: Current allocation mode is localLast OS error: 2GPL Ghostscript 8.70: Unrecoverable error, exit code 1EPS object read OK, but no preview bitmap found/generated Xfig was changed to use absolute paths when executing the ghostscript binary. With this update, Xfig opens encapsulated postscript files and includes them in other figures as expected.
Users are advised to upgrade to these updated xfig packages, which fix this bug. Updated xfsprogs packages that fix four bugs are now available for Red Hat Enterprise Linux 6. The xfsprogs packages contain a set of commands to use the XFS file system, including mkfs.xfs. Bug Fixes- BZ#730886
Prior to this update, certain file names could cause the xfs_metadump utility to become suspended when generating obfuscated names. This update modifies the underlying code so that xfs_metadump now works as expected. - BZ#738279
Prior to this update, the allocation group size (agsize) was computed incorrectly during mkfs for some filesystem sizes. As a consequence, creating file systems could fail if file system blocks within an allocation group (agblocks) were increased past the maximum. This update modifies the computing method so that agblocks are no longer increased past the maximum. - BZ#749434
Prior to this update, the xfs_quota utility failed with the error message "xfs_quota: cannot initialise path table: No such file or directory" if an invalid xfs entry was encountered in the mtab. This update modifies the xfs_quota utility so that the xfs_quota utility now runs as expected. - BZ#749435
Prior to this update, the xfs_quota utility reported that the project quota values were twice as high as expected. This update modifies the xfs_quota utility so that it now reports the correct values.
All users who use the XFS file system are advised to upgrade to these updated packages, which fix these bugs. An updated xinetd package that fixes one bug is now available for Red Hat Enterprise Linux 6. Xinetd is a secure replacement for inetd, the Internet services daemon. Xinetd provides access control for all services based on the address of the remote host and/or on time of access, and can prevent denial-of-access attacks. Xinetd provides extensive logging, has no limit on the number of server arguments, and allows users to bind specific services to specific IP addresses on a host machine. Each service has its own specific configuration file for Xinetd; the files are located in the /etc/xinetd.d directory. Bug Fix - BZ#841916
Due to incorrect handling of a file descriptor array in the service.c source file, some of the descriptors remained open when xinetd was under heavy load. Additionally, the system log was filled with a large number of messages that took up a lot of disk space over time. This bug has been fixed in the code, xinetd now handles the file descriptors correctly and no longer fills the system log.
All users of xinetd are advised to upgrade to this updated package, which fixes this bug. An updated xinetd package that fixes multiple bugs is now available for Red Hat Enterprise Linux 6. The xinetd daemon is a secure replacement for xinetd, the Internet services daemon. The xinetd daemon provides access control for all services based on the address of the remote host, on time of access, or both, and can prevent denial of service (DoS) attacks. Bug Fixes- BZ#694820
Under certain circumstances, the xinetd daemon could become unresponsive (for example, when trying to acquire an already acquired lock for writing to its log file) when an unexpected signal arrived. With this update, the daemon handles unexpected signals correctly and no longer hangs under these circumstances. - BZ#697783
Previously, a bug in the xinetd code could cause corruption of the time_t variable resulting in the following compiler warning: warning: dereferencing type-punned pointer will break strict-aliasing rules A patch has been applied to address this issue, so that the warning no longer occurs. - BZ#697788
Previously, the xinetd daemon ignored the "port" line of the service configuration file, and it was therefore impossible to bind certain RPC services to a specific port. The underlying source code has been modified to ensure that xinetd honors the "port" line, so that the port numbers are now handled appropriately. - BZ#711787
Incorrect use of the realloc() function could cause memory corruption. This resulted in the xinetd daemon terminating unexpectedly right after the start when a large number of services had been configured. The realloc() function has been removed, which ensures that memory corruption no longer occurs in this scenario, and the xinetd daemon starts successfully even when configuring a large number of services.
All users of xinetd are advised to upgrade to this updated package, which fixes these bugs. Updated xmlrpc-c packages that fix several bugs are now available for Red Hat Enterprise Linux 6. The xmlrpc-c packages provide a network protocol to allow a client program to make a simple RPC (remote procedure call) over the Internet. It converts an RPC into an XML document, sends it to a remote server using HTTP, and gets back the response in XML. Bug Fixes- BZ#653702
Prior to this update, the "xmlrpc-c-config client --libs" command returned unprocessed output, making it difficult to discern important information from it. This bug has been fixed and the output of the command is now properly pre-processed by the autoconf utility. - BZ#741641
A memory leak was discovered in the xmlrpc-c library by the valgrind utility. A patch has been provided to address this bug and the memory leak no longer occurs.
Users of xmlrpc-c are advised to upgrade to these updated packages, which fix these bugs. 5.362. xorg-x11-drv-ati and mesaUpdated xorg-x11-drv-ati and mesa packages that fix a bug and add an enhancement are now available for Red Hat Enterprise Linux 6. The xorg-x11-drv-ati packages provide a driver for ATI graphics cards for the X.Org implementation of the X Window System. The mesa packages provide hardware-accelerated drivers for many popular graphics chipsets, and Mesa, a 3D graphics application programming interface (API) compatible with the Open Graphics Library (OpenGL). Bug Fix- BZ#821873
Previously, Mesa did not recognize Intel HD Graphics chipsets integrated into Intel E3-family processors. Consequently, these chipsets provided limited display resolutions and their graphics performance was low. This update adds support for these chipsets. As a result, the chipsets are recognized by Mesa and perform as expected.
Enhancement- BZ#788166, BZ#788168
This update adds support for AMD FirePro M100 (alternatively referred to as AMD FirePro M2000), AMD Radeon HD 74xx Series, AMD Radeon HD 75xx Series, and AMD Radeon HD 76xx Series graphics cards, and the AMD FusionA integrated graphics processing unit.
All users of xorg-x11-drv-ati and Mesa are advised to upgrade to these updated packages, which fix this bug and add this enhancement. 5.363. xorg-x11-drv-intelUpdated xorg-x11-drv-intel packages that fix two bugs and add one enhancement are now available for Red Hat Enterprise Linux 6. The xorg-x11-drv-intel packages contain an Intel integrated graphics video driver for the X.Org implementation of the X Window System. Bug Fixes- BZ#692776
On Lenovo ThinkPad T500 laptops, the display could have stayed blank after opening the lid when it was used with an external display in mirror mode. Consequently, the following message appeared: Could not switch the monitor configurationCould not set the configuration for CRT63 With this update, the underlying source code has been modified so that the display turns on as expected when the lid is open. - BZ#711452
On Lenovo ThinkPad series laptops, the system did not always resume from the suspend state. This was dependent on monitor configuration and could occur under various circumstances, for example if the laptop was suspended docked with only external display enabled, and later resumed undocked with no external display. With this update, the system now resumes correctly regardless of the monitor configuration.
Enhancement- BZ#821521
In addition, this update adds accelerated rendering support for the Intel Core i5 and i7 processors.
All users of xorg-x11-drv-intel are advised to upgrade to these updated packages, which fix these bugs and add this enhancement. Updated xorg-x11-drv-mga packages that add an enhancement are now available for Red Hat Enterprise Linux 6. The xorg-x11-drv-mga packages provide a video driver for Matrox G-series chipsets for the X.Org implementation of the X Window System. Enhancement- BZ#657580
RandR 1.2 support for G200-based graphics chipsets has been added. It allows dynamic reconfiguration of display settings to match the currently plugged in monitor. This is particularly important on servers, as they often start with no monitor attached, having it attached later in runtime.
All users of xorg-x11-drv-mga are advised to upgrade to these updated packages, which add this enhancement. An updated xorg-x11-drv-qxl package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) associated with each description below. The xorg-x11-drv-qxl package provides an X11 video driver for the QEMU QXL video accelerator. This driver makes it possible to use Red Hat Enterprise Linux 6 as a guest operating system under the KVM kernel module and the QEMU multi-platform emulator, using the SPICE protocol. Security Fix - CVE-2013-0241
A flaw was found in the way the host's qemu-kvm qxl driver and the guest's X.Org qxl driver interacted when a SPICE connection terminated. A user able to initiate a SPICE connection to a guest could use this flaw to make the guest temporarily unavailable or, potentially (if the sysctl kernel.softlockup_panic variable was set to "1" in the guest), crash the guest.
All users of xorg-x11-drv-qxl are advised to upgrade to this updated package, which contains a backported patch to correct this issue. All running X.Org server instances using the qxl driver must be restarted for this update to take effect. 5.366. xorg-x11-drv-wacomUpdated xorg-x11-drv-wacom packages that fix multiple bugs and add various enhancements are now available for Red Hat Enterprise Linux 6. The xorg-x11-drv-wacom packages provide an X Window System input device driver that allows the X server to handle Wacom tablets with extended functionality. The xorg-x11-drv-wacom package has been upgraded to upstream version 0.13.0, which provides a number of bug fixes and enhancements over the previous version. (BZ# 752642) Bug Fixes- BZ#734256
Prior to this update, the xorg-x11-drv-wacom driver allowed users only to use a pointer-focusing model. As a consequence, a dual-monitor layout on certain hardware could lead to an offset between the pen position and the cursor position. This update modifies the mapping offset in screen mode to provide new multi-screen handling. - BZ#802385
Prior to this update, xorg-x11-drv-wacom driver could, under certain circumstances, encounter an "off by one" error in the array access of files and a null dereference. This update modifies the array indexing and checks for the right allocation before dereferencing.
Enhancements- BZ#801319
This update adds xorg-x11-drv-wacom to HPC Compute Node ( v. 6 ). Now, xorg-x11-drv-wacom is a dependency for the gnome-settings-daemon and the control-center. - BZ#818038
This update adds support for the Wacom Intuos4 Wireless device.
All users of xorg-x11-drv-wacom are advised to upgrade to these updated packages, which fix these bugs and add these enhancements. Updated xorg-x11-server packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) associated with each description below. X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Security Fixes - CVE-2011-4028
A flaw was found in the way the X.Org server handled lock files. A local user with access to the system console could use this flaw to determine the existence of a file in a directory not accessible to the user, via a symbolic link attack. - CVE-2011-4029
A race condition was found in the way the X.Org server managed temporary lock files. A local attacker could use this flaw to perform a symbolic link attack, allowing them to make an arbitrary file world readable, leading to the disclosure of sensitive information.
Red Hat would like to thank the researcher with the nickname vladz for reporting these issues. Bug Fixes- BZ#651934, BZ#722860
Prior to this update, the KDE Display Manager (KDM) could pass invalid 24bpp pixmap formats to the X server. As a consequence, the X server could unexpectedly abort. This update modifies the underlying code to pass the correct formats. - BZ#732467
Prior to this update, absolute input devices, like the stylus of a graphic tablet, could become unresponsive in the right-most or bottom-most screen if the X server was configured as a multi-screen setup through multiple "Device" sections in the xorg.conf file. This update changes the screen crossing behavior so that absolute devices are always mapped across all screens. - BZ#748704
Prior to this update, the misleading message "Session active, not inhibited, screen idle. If you see this test, your display server is broken and you should notify your distributor." could be displayed after resuming the system or re-enabling the display, and included a URL to an external web page. This update removes this message. - BZ#757792
Prior to this update, the erroneous input handling code of the Xephyr server disabled screens on a screen crossing event. The focus was only on the screen where the mouse was located and only this screen was updated when the Xephyr nested X server was configured in a multi-screen setup. This update removes this code and Xephyr now correctly updates screens in multi-screen setups. - BZ#805377
Prior to this update, raw events did not contain relative axis values. As a consequence, clients which relied on relative values for functioning did not behave as expected. This update sets the values to the original driver values instead of the already transformed values. Now, raw events contain relative axis values as expected.
All users of xorg-x11-server are advised to upgrade to these updated packages, which correct these issues. All running X.Org server instances must be restarted for this update to take effect. Updated xulrunner packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) associated with each description below. XULRunner provides the XUL Runtime environment for applications using the Gecko layout engine. Security Fix - CVE-2012-4193
A flaw was found in the way XULRunner handled security wrappers. A web page containing malicious content could possibly cause an application linked against XULRunner (such as Mozilla Firefox) to execute arbitrary code with the privileges of the user running the application.
For technical details regarding this flaw, refer to the Mozilla security advisories: Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges moz_bug_r_a4 as the original reporter. All XULRunner users should upgrade to these updated packages, which correct this issue. After installing the update, applications using XULRunner must be restarted for the changes to take effect. An updated yaboot package that fixes two bugs is now available for Red Hat Enterprise Linux 6. The yaboot package provides a boot loader for Open Firmware based PowerPC systems. It can be used to boot IBM eServer System p machines. Bug Fixes- BZ#711001
Prior to this update, the /etc/yaboot.conf parser failed during install when the quoted string was too long. This update modifies the code to significantly extend the size of quoted strings. Now, the /etc/yaboot.conf file parses as expected. - BZ#750199
Prior to this update, yaboot could only be build using the mock tool which creates a 32-bit PowerPC environment in chroot. This updated package supports building with rpmbuild.
All users of yaboot are advised to upgrade to this updated package, which fixes these bugs. Updated yum packages that fix several bugs and add two enhancements are now available for Red Hat Enterprise Linux 6. Yum is a command-line utility that allows the user to check for, and automatically download and install updated RPM packages. Bug Fixes- BZ#742363
The anacron scheduler starts the yum-cron utility with the default niceness value of 10. Consequently, Yum RPM transactions ran with a very low priority. Also, any updated service inherited this niceness value. This update adds the "reset_nice" configuration option, which allows Yum to reset the niceness value to 0 before running an RPM transaction. With this option set, Yum RPM transactions run and updated services are restarted with niceness value 0 as expected. - BZ#735234
When dependency resolving fails, yum performs RPMDB check to detect and report existing RPMDB problems. Previously, yum terminated unexpectedly if a PackageSackError exception was raised. The application now returns the message "Yum checks failed" when a PackageSackError is raised and the remaining RPMDB checks are skipped. - BZ#809392
The yum history rollback command could return a traceback if a history checksum was used for the rollback. This happened due to incorrect handling of keyword arguments in the _conv_pkg_state() function. The history checksum argument is now handled correctly. - BZ#711358
When yum was started in a directory that no longer existed, it terminated with a traceback. The yum utility now checks if the current working directory exists; if this is not the case, it changes to the root directory, and continues its execution as expected. - BZ#804120
If the "yum upgrade" command was run with the --sec-severity option arguments, the command execution could enter an infinite loop. The code has been fixed and the option works as expected. - BZ#770117
If user names and passwords for yum proxy server contained any of the characters "@", ":", or "%", they were not properly quoted in the proxy server URL and the values were misinterpreted by the HTTP client. As a result, yum failed to connect to the proxy server. This update adds proper quoting, and user names and passwords containing the characters are now resolved correctly. - BZ#809373
The Yum transactions in yum history were ordered according to their transaction time. However, this could be misleading. The transactions are now ordered according to their IDs. - BZ#769864
The "yum makecache" command could fail if one of the repositories had the "skip_if_unavailable=1" setting and was unavailable. Such repositories are now skipped as expected. - BZ#798215
The Yum utility could terminate unexpectedly with a traceback similar to the following: _init__.py:2000:downloadPkgs:UnicodeEncodeError: 'ascii' codec can't encode character This happened because Yum failed to handle localized error messages with UTF-8 characters generated during package downloads. UTF-8 characters in error messages are now handled correctly and localized error messages are displayed as expected. - BZ#735333
On failure, the "yum clean" command returned an incorrect error code and output containing messages that implied that yum performed the clean action successfully. The yum utility now returns only the error message and the correct error code. - BZ#817491
If the "yum provides" command was invoked with an empty-string argument, yum terminated with a traceback. The command now returns an error message and command usage information.
Enhancements- BZ#737826
Yum now prints "Verifying" messages after finishing updates, which inform the user that the respective packages were installed correctly. - BZ#690904
When run as a non-root user, yum cannot read local SSL certificate files and the download process can fail. The yum utility now checks if it can access repository certificate files. If the check fails, it returns more accurate messages containing the filename that failed the check and information that the repository was skipped.
Users of yum should upgrade to these updated packages, which fix these bugs and add these enhancements. Updated yum-utils packages that fix four bugs and add three enhancements are now available for Red Hat Enterprise Linux 6. The yum-utils packages provide a collection of utilities and examples for the Yum package manager. Bug Fixes- BZ#701096
Prior to this update, The reposync utility wrongly set the exit code "0" if a package was not downloaded. This update modifies the underlying code so that reposync now sets the exit code "1" if a package is either not correctly signed or fails to download. - BZ#711767
Prior to this update, the yumdownloader tool tried to download a package from all repositores that provided that particular package. As a result, after the first download a message was displayed that the file already existed. This update modifies the yumdownloader so that duplicated download attempts are now avoided. - BZ#737597
Prior to this update, the yum-debug-restore tool recognized only that the latest version of a package was installed. As a consequence, older kernel packages were not restored. This update adds support for "installonly" packages, so the whole set of installed kernel packages is restored. - BZ#782338
Prior to this update, the man page for the package-cleanup tool did not mention the changed semantics of the "--count" option. This update modifies the man page so that the "--count" option is now correctly documented.
Enhancements- BZ#684925
Prior to this update, yum could not list the dependencies and the already installed packages in the repositories that satisfy these dependencies. This update adds the "show-changed-rco" command to give a compact description of the changes to Requires, Conflicts, and Obsoletes data from installed or old files. - BZ#710579
Prior to this update, the repodiff tool only compared packages based on their name. This update adds the "--compare-arch" option to the repodiff tool to compare also the architecture. - BZ#769775
Prior to this update, the package-cleanup tool did not correctly handle kernel-PAE and kernel-xen packages. This update adds support for kernel-PAE and kernel-xen packages.
All users of yum-utils are advised to upgrade to these updated packages, which fix these bugs and add these enhancements. Updated zsh packages that fix one bug and add one enhancement are now available for Red Hat Enterprise Linux 6. The zsh shell is a command interpreter which can be used as an interactive login shell and as a shell script command processor. Zsh resembles the ksh shell (the Korn shell), but includes many enhancements. Zsh supports command line editing, built-in spelling correction, programmable command completion, shell functions (with autoloading), a history mechanism, and more. Bug Fix- BZ#657300
Prior to this update, the zsh shell attempted to execute mathematical expressions in the "-n" option when running in ksh mode. As a consequence, zsh emitted errors when running a syntax only check. This update modifies the source code so that mathematical expressions are now handled like any other command when using the "-n" option.
Enhancement- BZ#612685
Prior to this update, a script whose location was listed in "$PATH" could not be run with the zsh shell. With this update, users can call a script from "$PATH" with the "-o pathscript" option to search path when zsh is invoked directly.
All users are advised to upgrade to these updated packages, which fix this bug and add this enhancement. | Revision History |
|---|
| Revision 1-6.18 | Thu Feb 22 2013 | Eliška Slobodová | | Republished Technical Notes to include Extended Update Support advisories relevant to Red Hat Enterprise 6.3. |
| | Revision 1-1.17 | Wed Feb 13 2013 | Eliška Slobodová | | Updated a description in the kexec-tool erratum. | |
| | Revision 1-1.8 | Wed Jan 24 2013 | Tomáš Čapek | | Added an admonition to a kernel description. | |
| | Revision 1-1.7 | Wed Jun 20 2012 | Martin Prpič | | Release of the Red Hat Enterprise Linux 6.3 Technical Notes. | |
| | Revision 1-0 | Tue April 24 2012 | Martin Prpič | | Initial release of the Red Hat Enterprise Linux 6.3 Beta Technical Notes. | |
|
|
| |
