| RHE Linux 6.2 Technical NotesChapter 4. Package UpdatesThe Red Hat Enterprise Linux 6 Technical Notes compilations for Red Hat Enterprise Linux 6.0, 6.1 and 6.2 have been republished. Each compilation still lists all advisories comprising their respective GA release, including all Fastrack advisories. To more accurately represent the advisories released between minor updates of Red Hat Enterprise Linux, however, some advisories released asynchronously between minor releases have been relocated. Previously, these asynchronously released advisories were published in the Technical Notes for the most recent Red Hat Enterprise Linux minor upate. Asynchronous advisories released after the release of Red Enterprise Linux 6.1 and before the release of Red Hat Enterprise Linux 6.2 were published in the Red Hat Enterprise Linux 6.2 Technical Notes, for example. Most of these asynchronous advisories were concerned with, or even specific to, the then extant Red Hat Enterprise Linux release, however. With these republished Technical Notes, such advisories are now incorporated into the Technical Notes for the Red Hat Enterprise Linux release they are associated with. Future Red Hat Enterprise Linux Technical Notes will follow this pattern. On first publication a Red Hat Enterprise Linux X.y Technical Notes compilation will include the advisories comprising that release along with the Fastrack advisories for the release. Upon the GA of the succeeding Red Hat Enterprise Linux release, the Red Hat Enterprise Linux X.y Technical Notes compilation will be republished to include associated asynchronous advisories released since Red Hat Enterprise Linux X.y GA up until the GA of the successive release. Updated 389-ds-base packages that fix several bugs and add various enhancements are now available for Red Hat Enterprise Linux 6. The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration. Bug Fixes- BZ#720458
If a server sent a response to an unbind request and the client simply closed the connection, Directory Server 8.2 logged "Netscape Portable Runtime error -5961 (TCP connection reset by peer.)". - BZ#752155
An incorrect SELinux context caused AVC errors in /var/log/audit/audit.log. - BZ#697663, BZ#700665, BZ#711533, BZ#711241, BZ#726136, BZ#700215
A number of memory leaks and performance errors were fixed. - BZ#711266
The DS could not restart after a new object class was created which used the entryUSN attribute. - BZ#712167
The ns-slapd process segfaulted if suffix referrals were enabled. - BZ#711513
A high volume of TCP traffic could cause the slapd process to quit responding to clients. - BZ#714298
Attempting to delete a VLV index caused the server to hang. - BZ#720051
Connections to the DS by an RSA authentication server using simple paged results by default would timeout. - BZ#735217
Running a simple paged search against a subtree with a host-based ACI would hang the server. - BZ#733443
If the target attribute list for an ACI had syntax errors and more than five attributes, the server crashed. - BZ#734267
It was not possible to set account lockout policies after upgrading from RHDS 8.1. - BZ#720452
Adding an entry with an RDN containing a % caused the server to crash. - BZ#709868
Only FIPS-supported ciphers can be used if the server is running in FIPS mode. - BZ#711265
It is possible to disable SSLv3 and only allow TLS. - BZ#713317, BZ#713318
If the changelog was encrypted and the certificate became corrupt, the server crashed. - BZ#733434
If the passwordisglobalpolicy attribute was enabled on a chained server, a secure connection to the master failed. - BZ#714310
If a chained database was replicated, the server could segfault. - BZ#694571
Editing a replication agreement to use SASL/GSS-API failed with GSS-API errors. - BZ#742611
In replication, a msgid may not be sent to the right thread, which caused "Bad parameter to an LDAP routine" errors. This causes failures to propagate up and halt replication. - BZ#701057
Password changes were replicated among masters replication, but not to consumers. - BZ#717066
If an entry was modified on RHDS and the corresponding entry was deleted on the Windows side, the sync operation attempts to use the wrong entry. - BZ#734831
Some changes were not properly synced over to RHDS from Windows. - BZ#726273
RHDS entries were not synced over to Windows if the user's CN had a comma. - BZ#718351
Intensive update loads on master servers could break the cache on the consumer, causing it to crash. - BZ#699458
Syncing a multi-valued attribute could delete all the other instances of that attribute when a new value was added. - BZ#729817
If a synced user subtree on Windows was deleted and then a user password was changed on the RHDS, the DS would crash.
Enhancements- BZ#742382
The nsslapd-idlistscanlimit configuration attribute can be set dynamically, instead of requiring a restart. - BZ#742661
Separate resource limits can be set for paged searches, independent of resource limits for regular searches. - BZ#720459
The sudo schema has been updated. - BZ#739959
A new configuration attribute sets a different list of replicated attributes for a total update versus an incremental update. - BZ#733440
A new configuration option allows the server to be started with an expired certificate. - BZ#720461
New TLS/SSL error messages have been added to the replication error log level.
Users are advised to upgrade to these updated 389-ds-base packages, which resolve these issues and add these enhancements. Updated 389-ds-base packages that fix multiple bugs are now available for Red Hat Enterprise Linux 6. The 389-ds-base packages provide 389 Directory Server, which is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration. Bug Fixes- BZ#758682
When the LDAP server was under a heavy load, and the network was congested, client connections could experience problems. If there was a connection problem while the server was sending Simple Paged Result (SPR) search results to the client, the LDAP server called a cleanup routine incorrectly. This led to a memory leak and the server terminated unexpectedly. With this update, the underlying code has been modified to ensure that cleanup tasks are run correctly and memory leaks no longer occur. The LDAP server no longer crashes in this scenario. - BZ#758683
Previously, certain operations with the Change Sequence Number (CSN) were not very effective in 389 Directory Server. Therefore, performing a large number of the modrdn operations during Directory Server content replications led to poor performance, and the ns-slapd daemon consumed up to 100% CPU under these circumstances. With this update, the underlying code has been modified to use these CSN operations efficiently so that replications in Directory Server now work as expected in this scenario. - BZ#758688
Previously, allocated memory was not correctly released in the underlying code for the SASL GSSAPI authentication method, when checking the Simple Authentication and Security Layer (SASL) identity mappings. This problem could cause memory leaks when processing SASL bind requests, which eventually caused the LDAP server to terminate unexpectedly with a segmentation fault. This update adds function calls that are needed to free allocated memory correctly. Memory leaks no longer occur and the LDAP server no longer crashes in this scenario. - BZ#771631
Previously, 389 Directory Server used the Netscape Portable Runtime (NSPR) implementation of the read/write locking mechanism. This implementation allowed deadlocks to occur if 389 Directory Server was under a heavy load, which caused the server to become unresponsive. With this update, 389 Directory Server now uses the POSIX implementation of the locking mechanism, and deadlocks no longer occur under a heavy load. - BZ#771632
Under a heavy load in replicated environments, 389 Directory Server did not handle the Entry USN index correctly. Consequently, the index could become out of sync with the main database and search operations on USN entries returned incorrect results. This update modifies the Entry USN plug-in and 389 Directory Server now handles the Entry USN index as expected.
All users of 389-ds-base are advised to upgrade to these updated packages, which fix these bugs. Updated abrt and libreport packages that fix several bugs and add various enhancements are now available for Red Hat Enterprise Linux 6. The abrt packages contain the Automatic Bug Reporting Tool (ABRT) version 2. In comparison with ABRT version 1, this version provides more flexible configuration, which covers a variety of customer use cases that the previous version was unable to cover. It also moves a lot of data processing from the daemon to separate tools that run without root privileges, which makes the daemon less error prone and the whole processing more secure. Note: This update obsoletes the former report tool and replaces the report library to unify the reporting process in all Red Hat applications (Anaconda, setroubleshoot, ABRT). The most interesting feature for end-users is the problem solution searching: when ABRT is configured to report to the Red Hat Customer Portal, it tries to search Red Hat problem databases (such as Knowledge Base or Bugzilla) for possible solutions and refers the user to these resources if the solution is found. Bug Fixes- BZ#610603
The abrt-gui application used to list plug-ins multiple times if they were configured in the configuration file. This is now fixed. - BZ#627621
In the previous version of ABRT, a daemon restart was required for any changes in the configuration to take effect. In the new version, most of the options in the configuration file no longer require a restart. - BZ#653872
Support for retrace server has been added. Refer to https://fedorahosted.org/abrt/wiki/AbrtRetraceServer for more information about this new feature. - BZ#671354
By default, ABRT stores all problem information in the /var/spool/abrt/ directory. Previously, this path was hard coded and could not be changed in the configuration. With this update, this path can be changed in the /etc/abrt/abrt.conf configuration file. - BZ#671359
The previous documentation failed to cover some customer use cases. This error has been fixed, and all of these use cases are now covered in the Red Hat Enterprise Linux 6 Deployment Guide. - BZ#673173
In ABRT version 1, it was not possible to use wildcards to specify that some action should happen for any user. ABRT version 2 adds support for this functionality. - BZ#695416
The lacking information about configuring a proxy has been added to the Red Hat Enterprise Linux 6 Deployment Guide. - BZ#707950
Previously, a bug in ABRT version 1 was preventing a local Python build to finish. This is now fixed. - BZ#725660
The previous report tool and report library have been obsoleted by abrt and libreport. Users can notice the change in the problem reporting user interface of Anaconda, setroubleshoot, and ABRT.
All users of ABRT are advised to upgrade to these updated packages, which provide numerous bug fixes and enhancements. Updated acl packages that fix two bugs are now available for Red Hat Enterprise Linux 6. Access Control Lists (ACLs) are used to define finer-grained discretionary access rights for files and directories. The acl packages contain the getfacl and setfacl utilities needed for manipulating access control lists. Bug Fixes- BZ#674883
Prior to this update, the setfacl.1 man page was not intelligible in that it did not state that removing a non-existent ACL entry is not considered to be an error. With this update, the setfacl.1 man page has been updated so that its content is now intelligible and exactly specifies the aforementioned behavior with regard to removing a non-existent ACL entry. - BZ#702638
Prior to this update, the package specification did not reflect a change of the upstream project web page address. This update corrects the respective address in the package specification.
All users of Access Control Lists should upgrade to these updated packages, which fix these bugs. Updated acl packages that add two enhancements are now available for Red Hat Enterprise Linux 6. Access Control Lists (ACLs) are used to define finer-grained discretionary access rights for files and directories. The acl packages contain the getfacl and setfacl utilities needed for manipulating access control lists. Enhancements- BZ#720318
Prior to this update, the ACL library did not provide any function to check for extended ACLs of a file without following symbolic links. The only available function, acl_extended_file(), used to cause unnecessary mounts of autofs. This update introduces a new function, acl_extended_file_nofollow(), that checks for extended ACLs of a file without following symbolic links. - BZ#723998
Previously, the ACL library was linked without support for RELRO (read-only relocations) flags. With this update, the library is now linked with partial RELRO support.
Users of acl are advised to upgrade to these updated packages, which add these enhancements. Updated aide packages that fix one bug are now available for Red Hat Enterprise Linux 6. Advanced Intrusion Detection Environment (AIDE) is a program that creates a database of files on a system, and then uses that database to ensure file integrity and detect system intrusions. Bug Fix- BZ#811936
Previously, the aide utility incorrectly initialized the gcrypt library. This consequently prevented aide to initialize its database if the system was running in FIPS-compliant mode. The initialization routine has been corrected, and along with an extension to the libgcrypt's API introduced in the RHEA-2012:0486 advisory, aide now initializes its database as expected if run in a FIPS-compliant way.
All users of aide are advised to upgrade to these updated packages, which fix this bug. Updated alsa-lib packages that fix one bug are now available for Red Hat Enterprise Linux 6. The alsa-lib packages contain libraries for the Advanced Linux Sound Architecture (ALSA). Bug Fix- BZ#704772
Prior to this update, the alsa output plugin for the Audacious Audio Player did not work correctly. As a result, Audacious could under certain circumstances fail to generate any sound and display error messages. With this update, alsa-lib is modified so that Audacious can now generate sound as expected.
All alsa-lib users are advised to upgrade to these updated packages, which fix this bug. An updated anaconda package that fixes several bugs and adds various enhancements is now available for Red Hat Enterprise Linux 6. The anaconda package contains portions of the Anaconda installation program that can be run by the user for reconfiguration and advanced installation options. Bug Fixes- BZ#641861
Issues with "interactive" mode partitioning are fixed. - BZ#731274
The network command is parsed correctly. - BZ#689996
The /boot partition on EFI systems is handled correctly. - BZ#705274
Files that are necessary for libreport and SSL installation mode have been added. - BZ#676404
Symbolic links to LVM commands have been added to the rescue image. - BZ#730650
The /sbin/cio_ignore command is added to initrd.img for IBM System z. - BZ#689029
Support for dracut-style "rdloaddriver=" and "rdblacklist=" parameters is added. - BZ#679108
Support for static addresses in "ipv6=" is added. - BZ#706099
A testing framework for stub commands is added. - BZ#699745
Driver disks support multiple kernel versions and are also built for Red Hat Enterprise Linux 6.0 and 6.1. - BZ#668570
Network connection is brought up before saving a bug report. - BZ#715130
Errors in .treeinfo are detected. - BZ#698282
The xhost authentication is changed when performing live installation. - BZ#664981, BZ#726804
Debugging improvements in loader and package installation code have been made. - BZ#679810
The dialog box focus and initialization have been corrected. - BZ#701220
The iSCSI Login button is disabled when no nodes are selected. - BZ#695362
When a mount point is set to /boot, the file system type is no longer changed. - BZ#728280, BZ#725777, BZ#723194, BZ#723344, BZ#694800, BZ#621175
EDD handling improvements have been made, including Xen and CCISS. - BZ#698429
Extended partitions are handled correctly. - BZ#681803
Handling of "network --device=bootif" is corrected. - BZ#750764
Centering of the Anaconda window when an external display is present is corrected. - BZ#605938
Encrypted device lines written to kickstart files are corrected. - BZ#618535
zFCP multipath devices can be added in the user interface as expected. - BZ#732380
iSCSI discovery that returns no devices is handled correctly. - BZ#704593
Systems with more than 2147483647 kB of memory are handled properly. - BZ#712487
The header image is hidden on all but 800x600 displays. - BZ#690058
The "noprobe" parameter for driver disks is honored. - BZ#713991
The "linksleep=" boot parameter is honored. - BZ#699640
Installation sources (including NFS ISO storages) are mounted correctly. - BZ#679397
Processes in the anaconda process group are killed when the system is shut down. - BZ#693271
Partitioning alignment is corrected. - BZ#616641
Progress indicator improvements for device discovery and command line mode have been made. - BZ#691817, BZ#690748
Kickstart network failures and device name collisions are handled properly. - BZ#691910
The "crashkernel=" parameter in a kickstart file is handled properly. - BZ#712195
Support for the "ext4migrate" parameter has been removed. - BZ#706675
The language and keyboard selection screens are now skipped in stage2 when possible. - BZ#614504
Device capacity values are sorted as numbers, not characters. - BZ#695740
Swap partitions are handled correctly. - BZ#676118
The "--target" option is used in kickstart files for iSCSI devices. - BZ#701371, BZ#696876, BZ#674241, BZ#734374, BZ#729716
Various multipath and raid storage bugs are fixed. - BZ#679073
Anaconda verifies that devices specified with "part" can be partitioned.
Enhancements- BZ#659790
Vendor-provided tools on driver disks are now allowed. - BZ#694198
The initrd.img file is compressed with LZMA. - BZ#696696
The "noverifyssl" boot parameter is added. - BZ#697419
The tboot package is configured when it is installed. - BZ#709653
Multipath device can now be specified using WWID.
Users of anaconda should upgrade to this updated package, which fixes these bugs and adds these enhancements. An updated apr package that fixes one bug is now available for Red Hat Enterprise Linux 6. The Apache Portable Runtime (APR) is a portability library used by the Apache HTTP Server and other projects. It provides a free library of C data structures and routines. Bug Fix- BZ#830265
Previously, a bug in the handling of IPv6 sockets was present in the apr_mcast_hops() function. This bug could have prevented applications from successfully using multicast with IPv6 sockets. With this update, this bug has been fixed so that the applications now operate correctly.
All APR users are advised to install this newly released package, which fixes this bug. An updated at package that fixes one bug is now available for Red Hat Enterprise Linux 6. The "at" package provides the at and "batch" commands, which are used to read commands from standard input or from a specified file. The "at" command allows you to specify that a command will be run at a particular time. The "batch" command will execute commands when the system load levels drop to a particular level. Both commands use the /bin/sh. Bug Fix- BZ#783190
Due to an error in the time-parsing routine, the "at" command incorrectly calculated the year when a job was scheduled by using days on input. For example: "at now + 10 days". This update fixes erroneous grammar so that "at" now schedules jobs correctly.
All users of at are advised to upgrade to this updated package, which fixes this bug. Updated atlas packages that add various enhancements are now available for Red Hat Enterprise Linux 6. The ATLAS (Automatically Tuned Linear Algebra Software) project is a research effort focusing on applying empirical techniques providing portable performance. The atlas packages provide C and Fortran77 interfaces to a portably efficient BLAS (Basic Linear Algebra Subprograms) implementation and routines from LAPACK (Linear Algebra PACKage). The atlas packages have been upgraded to upstream version 3.8.4, which adds a number of enhancements over the previous version. The atlas package now contains subpackages optimized for Linux on IBM System z architectures. (BZ# 694459) All users of atlas are advised to upgrade to these updated packages, which add these enhancements. Updated attr packages that fix multiple bugs are now available for Red Hat Enterprise Linux 6. The attr packages provide extended attributes, which can be used to store system objects like capabilities of executables and access control lists, as well as user objects. Bug Fixes- BZ#651119
Prior to this update, the setfattr utility could not restore the original values of the attributes when the "getfattr -e text" or "getfattr --encoding=text" command was used to dump attributes with embedded null characters. This update fixes the encoding of these values in getfattr to prevent information loss. - BZ#665049
Prior to this update, the getfattr utility followed symbolic links to directories even if the "-h" or "--no-dereference" option was specified. Additionally, the description in the getfattr(1) man page that related to this functionality was misleading. This update fixes getfattr with the "-h" option so that it no longer follows the symbolic links and the related content of the getfattr(1) man page is now correct. - BZ#665050
Prior to this update, the getfattr utility did not return a non-zero exit code when an attribute specified in the "getfattr" command did not exist. This update fixes getfattr so that it now returns a non-zero exit code when an attribute does not exist. - BZ#674870
Prior to this update, supported methods for encoding values of the extended attributes were not properly described in the setfattr(1) man page. This update adds the appropriate descriptions of the encoding methods to the setfattr(1) man page. - BZ#702639
Prior to this update, the project web page address as stated in the package specification did not reflect the change of the upstream project web page address. This update corrects the project web page address in the package specification. - BZ#727307
Prior to this update, the attr library was built without support for read-only relocations (RELRO) flags. With this update, the library is now built with partial RELRO support.
All users of attr are advised to upgrade to these updated packages, which fix these bugs. Updated audit packages that fix various bugs and add several enhancements are now available for Red Hat Enterprise Linux 6. The audit packages contain the user space utilities for storing and searching the audit records which have been generated by the audit subsystem in the Linux 2.6 kernel. The audit package has been upgraded to upstream version 2.1.3, which provides a number of bug fixes and enhancements over the previous version. (BZ# 731723) Bug Fixes- BZ#715279
Previously, the audit daemon was logging messages even when configured to ignore "disk full" and "disk error" actions. With this update, audit now does nothing if it is set to ignore these actions, and no messages are logged in the described scenario. - BZ#715315
Previously, the Audit remote logging client received a "disk error" event instead of "disk full" event from a server when the server's disk space ran out. This bug has been fixed and the logging client now returns the correct event in the described scenario. - BZ#748124
Prior to this update, the audit system was identifying the accept4() system call as the now deprecated paccept() system call. Now, the code has been fixed and audit uses the correct identifier for the accept4() system call. - BZ#709345
Previously, the "auditctl -l" command returned 0 even if it failed because of dropped capabilities. This bug has been fixed and a non-zero value is now returned if the operation is not permitted. - BZ#728475
When Kerberos support was disabled, some configuration options in the audisp-remote.conf file related to Kerberos 5 generated warning messages about GSSAPI support during boot. With this update, the options are now commented out in the described scenario and the messages are no longer returned. - BZ#700005
On i386 and IBM System z architectures, the "autrace -r /bin/ls" command returned error messages even though all relevant rules were added correctly. This bug has been fixed and no error messages about sending add rule data requests are now returned in the described scenario.
All audit users are advised to upgrade to these updated packages, which fix these bugs and add these enhancements. Updated augeas packages that fix multiple bugs and add various enhancements are now available for Red Hat Enterprise Linux 6. Augeas is a configuration editing tool. Augeas parses configuration files in their native formats and transforms them into a tree. Configuration changes are made by manipulating this tree and saving it back into native config files. The augeas packages have been upgraded to upstream version 0.9.0, which provides a number of bug fixes and enhancements over the previous version. (BZ# 691483) Bug Fix- BZ#693539
Previously, due to a bug in the source code, parsing invalid files failed silently without any error message. With this update, error messages are provided to inform users about the problem.
All users of Augeas are advised to upgrade to these updated packages, which fix these bugs and add these enhancements. An updated autofs package that fixes several bugs and adds various enhancements is now available for Red Hat Enterprise Linux 6. The autofs utility controls the operation of the automount daemon. The automount daemon automatically mounts file systems when you use them, and unmounts them when they are not busy. Bug Fixes - BZ#704935
The autofs utility did not reset the map entry status on a reload request. As a result, newly added map entries that had previously recorded a mount failure failed to work. With this update, autofs resets the map entry status on a reload request and map entries are mounted as expected. - BZ#704939
The autofs utility could have terminated with a segmentation fault when attempting certain mounts. This occurred due to a race condition between mount handling threads for mounts that had previously recorded a mount failure. The automount cache map entry is now verified to be valid. - BZ#704940
The automount(8) man page referred to a non-existent man page. This was caused by a typographical error in the code. With this update, the man page reference has been corrected and the man page is displayed as expected. - BZ#704929
Due to a deadlock, autofs could stop responding when attempting to mount map entries that were nested within maps. With this update, the underlying code has been changed and, where possible, nested map entries mount correctly. - BZ#704933
Prior to this update, automount could terminate unexpectedly with a pthreads error. This occurred because attempts to acquire the master map lock occasionally failed as the lock was held by another thread. With this update, the underlying code has been adapted to wait for a short time before failing. - BZ#704928, BZ#704927
When retrieving paged results from an LDAP (Lightweight Directory Access Protocol) server, autofs handled certain cases incorrectly, which caused the query to not obtain all results. This update adds the code that handles these additional cases. - BZ#704937
Prior to this update, if a key entry of an automount map began with an asterisk (*) sign, the daemon failed with a segmentation fault because the sign was not matched correctly. With this update, such asterisk signs are handled correctly. - BZ#704228
When using GSSAPI authentication, the fact that an incorrect authentication host name was being used caused the connection to fail. This update now gets the correct host name for the connection. - BZ#692816
automount was not performing sufficient sanity checks of server names in its configuration. This update corrects the configuration entry parsing. - BZ#700136
Error reporting for invalid mount locations was unclear. This update improves the error reporting. - BZ#703332
When an automount map key is present in a file map and is also present in an included map source, if the file map entry was removed and a lookup performed before a re-load was issued, the map lookup would have failed. This update corrects the logic used to determine if the lookup needs to continue into included maps. - BZ#718927
When reloading maps that include a combination of direct and indirect maps, it was possible for automount to deadlock due to incorrect lock ordering. - BZ#
There was inadvertent use of a small amount of GPLv3-licensed code from Samba in autofs. While this was permissible, it would have entailed explicitly relicensing autofs from "GPLv2 or later" to "GPLv3", which is not intended for autofs at this time. Therefore, the Samba-derived code has been replaced in order to maintain the "GPLv2 or later" licensing status of autofs.
Enhancements - BZ#704416
This update adds the "--dumpmaps" option to the automount command, which allows you to dump the maps from their source as seen by the automount daemon. - BZ#704932
This update adds simple Base64 encoding for LDAP and thus allows hashing of the password entries in the /etc/autofs_ldap_auth.conf configuration file.
All autofs users are advised to upgrade to this updated package, which provides numerous bug fixes and enhancements. An updated autofs package that fixes one bug is now available for Red Hat Enterprise Linux 6. The autofs utility controls the operation of the automount daemon. The automount daemon automatically mounts file systems when you use them, and unmounts them when they are not busy. Bug Fix- BZ#787122
A function to check validity of a mount location was meant to check only for a small subset of map location errors. A recent improvement modification in error reporting inverted a logic test in this validating function. Consequently, the scope of the test was widened, which caused automount to report false positive failures. With this update, the faulty logic test has been corrected and false positive failures no longer occur.
All users of autofs are advised to upgrade to this updated package, which fixes this bug. Updated autotrace packages that fix one bug are now available for Red Hat Enterprise Linux 6. AutoTrace is a program for converting bitmaps to vector graphics. Supported input formats include BMP, TGA, PNM, PPM, and any format supported by ImageMagick, whereas output can be produced in PostScript, SVG, xfig, SWF, and others. Bug Fix - BZ#658057
When installing autotrace-devel multilib RPM packages from the optional repository, file conflicts between these packages appeared, causing the installation transaction to abort. This problem has been fixed and the installation transaction now proceeds without conflicts.
All users of autotrace are advised to upgrade to these updated packages, which resolve this issue. Updated bacula packages that fix multiple bugs are now available for Red Hat Enterprise Linux 6. Bacula is a set of programs that allow you to manage the backup, recovery, and verification of computer data across a network of different computers. Bug Fixes- BZ#651776
Prior to this update, the bacula packages were not distributed with the applybaculadate file. As a result, the logwatch cron script failed. The problem has been fixed by including the applybaculadate file in the bacula packages so that the logwatch cron script now works as expected. - BZ#651780
Prior to this update, the make_catalog_backup.pl script created a MySQL configuration file, which had the file permissions set to world-writeable and world-readable so that MySQL did not accept the configuration file with these permissions and the MySQL database login configuration was not used. As a result, it was not possible to complete a MySQL database dump. With this update, the configuration file is now created with correct permissions, and the MySQL database login configuration is used by MySQL so that it is now possible to complete the MySQL database dump as expected. - BZ#651786
Prior to this update, there was no option to change Bacula's runtime user. As a consequence, Bacula was always run under the root user. The problem has been fixed by adding support for the bacula-dir, bacula-fd, and bacula-sd files in the /etc/sysconfig/ directory; these files can be used for specifying a non-root user and group with the DIR_USER, FD_USER, SD_USER, and DIR_GROUP, FD_GROUP and SD_GROUP options, respectively. With this update, Bacula can be run under the specified user. - BZ#651787
Prior to this update, when creating a symbolic link to the "bscan" utility, the new link was erroneously named "dbcheck". As a result, the already existing "dbcheck" symbolic link was overwritten by the erroneous one. Thus the "dbcheck" command ran the "bscan" utility so that it was not possible to execute the "bscan" utility with the "bscan" command. The problem has been fixed in this update so that the "dbcheck" and "bscan" utilities now work as expected. - BZ#657297
Prior to this update, Bacula's default configuration missed a required option. As a result, the Bacula tray monitor component terminated unexpectedly. The problem has been fixed by adding the "Address" option to the "Director" section in the Bacula tray monitor configuration file so that the Bacula tray monitor now works as expected with the default configuration file. Note that this bug fix does not alter any existing Bacula tray monitor configuration file. As a consequence, the Bacula tray monitor can terminate unexpectedly if the existing Bacula tray monitor configuration is incorrect. - BZ#689400
Prior to this update, the backup size was computed incorrectly under certain circumstances. As a consequence, the reported size of the incremental backup could have been wrong. The problem has been fixed by correcting the backup size computation process so that the size of the incremental backup is now reported correctly. - BZ#712794
Prior to this update, the shadow-utils package was not listed among the package dependencies for Bacula. As a result, the bacula user and bacula group were not created when the shadow-utils package was not present on the system, and a warning message was displayed during the bacula packages installation. This bug has been fixed by adding shadow-utils to the package dependencies. - BZ#712804
Prior to this update, the chkconfig package, which contains the "alternatives" utility, was not listed among the package dependencies for Bacula. As a result, the bacula-dir and bacula-sd services were not configured, the "alternatives" utility was not found, and Bacula's symbolic links were not created. These problems have been fixed by adding chkconfig to the package dependencies.
All users of Bacula are advised to upgrade to these updated packages, which fix these bugs. Updated bash packages that fix one bug are now available for Red Hat Enterprise Linux 6. The GNU Bourne Again shell (Bash) is a shell and command language interpreter compatible with the Bourne shell (sh). Bash is the default shell for Red Hat Enterprise Linux. Bug Fix- BZ#814271
When a SIGCHLD signal was received in job control mode and a handler for the signal was installed, Bash called the trap handler within the signal handler itself. This was unsafe and could cause Bash to enter a deadlock or to terminate unexpectedly with a segmentation fault due to memory corruption. With this update, the trap handler is now called outside of the signal handler, and Bash no longer enters a deadlock, neither crashes in this scenario.
All users of bash are advised to upgrade to these updated packages, which fix this bug. An updated bfa-firmware package that fixes several bugs and adds various enhancements is now available for Red Hat Enterprise Linux 6. The bfa-firmware package contains the Brocade Fibre Channel Host Bus Adapter (HBA) Firmware to run Brocade Fibre Channel and CNA adapters. This package also supports the Brocade BNA network adapter. The bfa-firmware package has been upgraded to upstream version 3.0.0.0, which provides a number of bug fixes and enhancements over the previous version. (BZ# 735142) All users of Brocade Fibre Channel and CNA adapters are advised to upgrade to this updated package, which fixes several bugs and adds various enhancements. Updated bind packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) associated with each description below. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fixes - CVE-2012-1667
A flaw was found in the way BIND handled zero length resource data records. A malicious owner of a DNS domain could use this flaw to create specially-crafted DNS resource records that would cause a recursive resolver or secondary server to crash or, possibly, disclose portions of its memory. - CVE-2012-1033
A flaw was found in the way BIND handled the updating of cached name server (NS) resource records. A malicious owner of a DNS domain could use this flaw to keep the domain resolvable by the BIND server even after the delegation was removed from the parent DNS zone. With this update, BIND limits the time-to-live of the replacement record to that of the time-to-live of the record being replaced.
Users of bind are advised to upgrade to these updated packages, which correct these issues. After installing the update, the BIND daemon (named) will be restarted automatically. Updated bind packages that fix several bugs are now available for Red Hat Enterprise Linux 6. BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses; a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating properly. Bug Fixes- BZ#699951
Prior to this update, the code in libdns which sends DNS requests was not robust enough and suffered from a race condition. If a race condition occurred, the "named" name service daemon logged an error message in the format "zone xxx.xxx.xxx.in-addr.arpa/IN: refresh: failure trying master xxx.xxx.xxx.xxx#53 (source xxx.xxx.xxx.xxx#0): operation canceled" even when zone refresh was successful. This update improves the code to prevent a race condition in libdns and the error no longer occurs in the scenario described. - BZ#700097
A command or script traditionally gives a non-zero exit status to indicate an error. Prior to this update, the nsupdate utility incorrectly returned the exit status "0" (zero) when the target DNS zone did not exist. Consequently, the nsupdate command returned "success" even though the update failed. This update corrects this error and nsupdate now returns the exit status "2" in the scenario described. - BZ#725577
Prior to this update, named did not unload the bind-dyndb-ldap plugin in the correct places in the code. Consequently, named sometimes terminated unexpectedly during reload or stop when the bind-dyndb-ldap plugin was used. This update corrects the code, the plug-in is now unloaded in the correct places, and named no longer crashes in the scenario described. - BZ#693982
A non-writable working directory is a long time feature on all Red Hat systems. Previously, named wrote "the working directory is not writable" as an error to the system log. This update changes the code so that named now writes this information only into the debug log. - BZ#717468
The named initscript lacked the "configtest" option that was available in earlier releases. Consequently, users of the bind initscript could not use the "service named configtest" command. This update adds the option and users can now test their DNS configurations for correct syntax using the "service named configtest" command.
All users of bind are advised to upgrade to these updated packages, which fix these bugs. Updated bind packages that fix two bugs are now available for Red Hat Enterprise Linux 6. BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses; a resolver library (routines for applications to use when interfacing with the DNS server); and tools for verifying that the DNS server is operating properly. Bug Fixes- BZ#758669
Prior to this update, errors arising on automatic updates of DNSSEC trust anchors were handled incorrectly. Consequently, the named daemon could become unresponsive on shutdown. With this update, the error handling has been improved and named exits on shutdown gracefully. - BZ#758670
Prior to this update, a race condition could occur on validation of DNSSEC-signed NXDOMAIN responses and the named daemon could terminate unexpectedly. With this update, the underlying code has been fixed and the race condition no longer occurs.
All users of bind are advised to upgrade to these updated packages, which fix these bugs. Updated bind packages that fix one bug are now available for Red Hat Enterprise Linux 6. BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses; a resolver library (routines for applications to use when interfacing with the DNS server); and tools for verifying that the DNS server is operating properly. Bug Fix- BZ#769366
The multi-threaded named daemon uses the atomic operations feature to speed-up an access to shared data. This feature did not work correctly on the 32-bit and 64-bit PowerPC architectures. Therefore, the named daemon sometimes became unresponsive on these architectures. This update disables the atomic operations feature on the 32-bit and 64-bit PowerPC architectures, which ensures that the named daemon is now more stable, reliable and no longer hangs.
All users of bind are advised to upgrade to these updated packages, which fix this bug. An updated bind-dyndb-ldap package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link(s) associated with each description below. The dynamic LDAP back end is a plug-in for BIND that provides back-end capabilities to LDAP databases. It features support for dynamic updates and internal caching that help to reduce the load on LDAP servers. Security Fix - CVE-2012-2134
A flaw was found in the way bind-dyndb-ldap handled LDAP query errors. If a remote attacker were able to send DNS queries to a named server that is configured to use bind-dyndb-ldap, they could trigger such an error with a DNS query leveraging bind-dyndb-ldap's insufficient escaping of the LDAP base DN (distinguished name). This would result in an invalid LDAP query that named would retry in a loop, preventing it from responding to other DNS queries. With this update, bind-dyndb-ldap only attempts to retry one time when an LDAP search returns an unexpected error.
Red Hat would like to thank Ronald van Zantvoort for reporting this issue. All bind-dyndb-ldap users should upgrade to this updated package, which contains a backported patch to correct this issue. For the update to take effect, the named service must be restarted. An updated bind-dyndb-ldap package that fixes several bugs is now available for Red Hat Enterprise Linux 6. The dynamic LDAP (Lightweight Directory Access Protocol) back end is a plug-in for BIND that provides an LDAP database back-end capabilities. It features support for dynamic updates and internal caching to lift the load off of the LDAP server. Bug Fixes- BZ#742368
Previously, the bind-dyndb-ldap plug-in could faile to honor the selected authentication method because it did not call the ldap_bind() function on reconnection. Consequently, the plug-in connected to the LDAP server anonymously. With this update, the ldap_bind() function is executed on reconnection and the plug-in uses the correct authentication method in the described scenario. - BZ#707255
The bind-dyndb-ldap plug-in failed to load new zones from the LDAP server runtime. This update adds the zone_refresh parameter to the plug-in which controls how often the zone check is performed. - BZ#745045
The bind-dyndb-ldap plug-in could fail to connect to the LDAP server. This happened when the LDAP server was using localhost and FreeIPA installation was using a name different from the machine hostname. This update adds to the plug-in the ldap_hostname option, which can be used to set the correct LDAP server hostname. - BZ#727856
The "named" process could have remained unresponsive due to a race condition in the bind-dyndb-ldap plug-in. With this update, the race condition has been resolved and the problem no longer occurs.
All users of bind-dyndb-ldap are advised to upgrade to this updated package, which fixes these bugs. An updated binutils package that fixes several bugs and adds various enhancements is now available for Red Hat Enterprise Linux 6. binutils is a collection of binary utilities, including ar (for creating, modifying and extracting from archives), as (a family of GNU assemblers), gprof (for displaying call graph profile data), ld (the GNU linker), nm (for listing symbols from object files), objcopy (for copying and translating object files), objdump (for displaying information from object files), ranlib (for generating an index for the contents of an archive), readelf (for displaying detailed information about binary files), size (for listing the section sizes of an object or archive file), strings (for listing printable strings from files), strip (for discarding symbols), and addr2line (for converting addresses to file and line). Bug Fixes - BZ#664640
Prior to this update, the readelf utility added 0x40 into a character in order to display a non-printing character but did not do so when processing a multibyte character. As a result, the readelf utility did not display a multibyte character in the ELF header correctly. The code has been corrected and readelf no longer displays garbled characters when processing multibyte, or non- ASCII, characters. - BZ#674925
An unneeded patch to bineutils caused a large link time degradation when using the binutils --build-id command. This update removes that patch. - BZ#689829
An Operating System ( OS) Application Binary Interface ( ABI) describes the low-level interface between a program and the operating system ( OS/ABI). The indirect meta-function, ifunc(), whose value can be determined at load time, allows for architecture dependent optimization. Prior to this update, the OS/ABI preprocessor macro was erroneously set to UNIX - Linux instead of UNIX - System V in an ELF header by a dynamic executable which used ifunc(). This update applies a backported patch which corrects the code and the error no longer occurs. - BZ#698005
Prior to this update, the binutils' strip command, which is run as part of the RPM build process, did not copy the EI_OSABI value in the ELF file header properly, it set the value to zero. Consequently, if the EI_OSABI field of the debug file had a value of 3 ( ABI tag for GNU/Linux), in the stripped file it was erroneously set to 0 ( UNIX - System V). This update corrects the problem and strip now leaves the field intact. - BZ#701586
On 64-bit PowerPC platforms, the position of -ldl in the list compiler options caused unexpected behavior when compiling C++ code. If -ldl was not placed at the end of parameter list, the GNU C Compiler ( GCC) failed with an error in the format: libtest.a(some_object_file.o): undefined reference to `.dlerror' With this update, the code has been corrected and the GCC compiler functions as expected. - BZ#707387
When compiling C source code using the GNU C Compiler ( GCC), a Table Of Contents ( TOC), is created for every executable file. Prior to this update, compiling C++ code using GCC for 64-bit PowerPC, using -mcmodel=small -mno-minimal-toc as options, GNU linker, ( ld), erroneously decided that if a section did not make use of the TOC it could belong to any TOC group. Consequently, when a local function call was made from one section of code to another section in the same object file, due to the two sections being assigned to different TOC groups, a failure occurred and an error message in the following format was logged. libbackend.a(cse.o)(.text.unlikely+0x60): sibling call optimization to `.opd' does not allow automatic multiple TOCs; recompile with -mminimal-toc or -fno-optimize-sibling-calls, or make `.opd' extern This update applies an upstream patch to improve the partitioning of sections of code, which make local function calls, into multiple TOC groups. As a result the error no longer occurs in the scenario described. It is necessary to relink executables and shared libraries containing objects which were compiled with -mcmodel=small -mno-minimal-toc. Therefore code should be recompiled by running these commands again after applying the update. - BZ#714824
Prior to this update, after compiling a kernel from source code with debugging information, some debug information was missing. Consequently, when using the GNU Project's debugger ( GDB) utility, if a user issued the command l setup_arch to determine the target architecture, the following error was displayed. No line number known for setup_arch This update corrects the code and the GDB utility now correctly displays the architecture for which the code was compiled. - BZ#721079
Compilers used for producing code optimized for 64-bit PowerPC platforms use the default Red Hat Enterprise Linux system linker, ld, provided with the operating system to produce executables and libraries. Some object code generated by the IBM XL compiler caused ld to terminate unexpectedly with a segmentation fault. Consequently, users were not able to produce optimized executables or libraries. With this update, a backported patch has been applied to correct the problem and ld no longer crashes in the scenario described. - BZ#733122
When linking FORTRAN programs with the IBM XL compiler and the default Red Hat Enterprise Linux 6.1 system linker, ld sometimes terminated unexpectedly with a segmentation fault. This updates applies an upstream patch to correct the problem and ld no longer crashes in the scenario described. - BZ#747695
The assembler, as, when generating a memory reference to a local symbol plus or minus an offset, did not include the constant offset when generating 32-bit x86 code. Consequently, when the local symbol being referenced was defined before the instruction using the symbol with an offset, an error would occur. This update corrects the code and the problem no longer occurs.
Enhancements - BZ#696368
With this update, backported patches have been included to support new AMD processors. - BZ#696494
Certain Intel processors support a new RdRand instruction to generate a true random number in a short time. This update includes support for this new instruction.
Users of binutils are advised to upgrade to this updated package, which fixes these bugs and adds these enhancements. An updated biosdevname package that fixes several bugs and adds various enhancements are now available for Red Hat Enterprise Linux 6. The biosdevname package contains an optional convention for naming network interfaces; it assigns names to network interfaces based on their physical location. The package is disabled by default, except for a limited set of Dell PowerEdge, C Series and Precision Workstation systems. The biosdevname package has been upgraded to upstream version 0.3.11, which provides a number of bug fixes and enhancements over the previous version. (BZ# 696203) Bug Fixes- BZ#700248
When NPAR (NIC Partitioning) is enabled, the partition number should be appended as a suffix to the interface name. Previously, biosdevname did not add partition numbers to interface names, for example, instead of naming an interface "em3_1", the interface was named "em3". Consequently, partitioned network interfaces were missing the suffix necessary to describe the partition. Now, biosdevname correctly recognizes the VPD (Vital Product Data) suffix and full interface names are created correctly. - BZ#700251
When biosdevname ran in a guest environment, it suggested names to new network interfaces as if it was in a host environment. Consequently, affected network interfaces were incorrectly renamed. Now, biosdevname no longer suggests names in the described scenario. - BZ#729591
When biosdevname was reading VPD information to retrieve NPAR-related data, the read operations failed or became unresponsive on certain RAID controllers. Additionally, biosdevname sometimes attempted to read beyond the VPD boundary in the sysfs VPD file, which also resulted in a hang. This bug has been fixed and biosdevname now performs the read operation correctly in the described scenarios. - BZ#739592
Previously, the "--smbios" and "--nopirq" command-line parameters were missing in the biosdevname binary. Consequently, consistent network device naming could not be enabled because biosdevname exited without suggesting a name. This update adds support for these parameters and enables the device naming. - BZ#740532
Previously, NICs (Network Interface Cards) on biosdevname-compatible machines were given traditional "eth*" names instead of "em*" or "p*p*" names. This bug has been fixed and biosdevname now provides correct names for the NICs.
Enhancements- BZ#696252
With this update, "--smbios" and "--nopirq" command-line parameters have been added to biosdevname. - BZ#736442
The biosdevname man page has been updated to explain the functionality of the "--smbios" and "--nopirq" command-line parameters.
Users of biosdevname are advised to upgrade to this updated package, which fixes these bugs and adds these enhancements. Updated blktrace packages that fix one bug and add one enhancement are now available for Red Hat Enterprise Linux 6. The blktrace packages contain a number of utilities to record the I/O trace information for the kernel to user space, and utilities to analyze and view the trace information. Bug Fix- BZ#705128
Prior to this update, the blkparse code contained a misprint. As a result, blkparse used the wrong variable when printing the PC Writes Completed. This update modifies the code so that blkparse now prints the correct value for PC Writes Completed.
Enhancement- BZ#736399
This update adds FLUSH/FUA support to blktrace.
All blktrace users are advised to upgrade to these updated packages, which fix this bug and add this enhancement. An updated bltk package that fixes two bugs is now available for Red Hat Enterprise Linux 6. The bltk (Battery Life Tool Kit) package includes binaries and scripts to test battery life. Bug Fixes- BZ#618308
Prior to this update, the bltk tree was corrupted. As a result, the bltk_report script failed. This update modifies the settings of the bltk root path. Now, the report script works as expected. - BZ#679028
Prior to this update, bltk could be installed without requiring the gnuplot binary. As a result, the bltk_plot script exited with an error message when the gnuplot package was not installed and the charts were shown from measured data. This update requires the gnuplot package for its installation. Now, the bltk_plot script no longer exits with an error.
All bltk users are advised to upgrade to this updated package, which fixes these bugs. An updated cachefilesd package that fixes two bugs is now available for Red Hat Enterprise Linux 6. The cachefilesd package manages a kernel module that attempts to improve the performance of selected file systems by using local disk space to cache data read over the network. Bug Fixes- BZ#660347
Prior to this update, cachefilesd used the wrong log level for cull info messages. As a result, the /var/log/messages file could become overloaded. This update reduces the messages to the debug level. Now, /var/log/messages no longer becomes overloaded. - BZ#723890
Prior to this update, cachefilesd depended on a specific version of the SELinux policy package. As a result, only the nominated version was allowed. This update permits the nominated version and any later versions. Now, the SELinux policy dependency works as expected.
All users of cachefilesd are advised to upgrade to this updated package, which fixes these bugs. An updated certmonger package that fixes multiple bugs is now available for Red Hat Enterprise Linux 6. The certmonger service monitors certificates as the date at which they become invalid approaches, optionally attempting to re-enroll with a supported certificate authority (CA) to keep the services which use the certificates running without incident. Bug Fixes- BZ#692766
Previously, the certmonger service could access a Network Security Services (NSS) database without a password, despite being configured to use a password to access that database. This behavior was not recognized as an error. This update correctly diagnoses this inconsistency as an error. - BZ#694184
Previously, if the certmonger service could not generate a key pair in an NSS database because it did not have the password that was required for accessing the database, the certmonger service did not recover when it was subsequently given the correct password. This update handles this case correctly. - BZ#697058
Previously, the certmonger service did not correctly diagnose a missing token if the name of the token to use was specified when the service was instructed to generate a key pair for storage in an NSS database. This update corrects this error. - BZ#712500
Previously, the certmonger service encountered an assertion failure if the D-Bus message bus service was not already running when certmonger was started. This update modifies the certmonger service so that no more assertion problems occur in such a situation. - BZ#721392
Previously, when the getcert command needed to report an error message which it received from the certmonger service, it exited unexpectedly due to a logic error. This update corrects the logic so that the error message is correctly reported. - BZ#727863
Previously, the certmonger service was not fully compatible with newer versions of the xmlrpc-c and libcurl packages. As a result, credentials could not be delegated when using GSSAPI authentication with a CA that was accessed via XML-RPC. This update includes the necessary changes to continue to be able to delegate credentials when using GSSAPI authentication with a CA that is accessed using XML-RPC, such as IPA. - BZ#699059, BZ#739903
Previously, when the getcert request command was given a location for key or certificate storage using a relative path, and the location did not exist, the error was only reported after multiple warnings during which the command attempted to convert the relative path to an absolute path. This update suppresses these warnings. - BZ#741262
Previously, an incorrect error message was displayed if the getcert resubmit command was invoked with the -i flag to specify which request should be resubmitted to a CA but no request that matched the provided value was present. This update displays the correct error message. - BZ#742348
Due to a logic error, attempts to save a newly-obtained certificate to an NSS database could fail intermittently. This update corrects the error.
Enhancements- BZ#698772
Previously, the getcert list command only printed information about every certificate and enrollment request being managed by certmonger, and there was no way to narrow down the results. This update includes an updated version of the command which can narrow the result set if the invoking user provides information about the location of the certificate or key in which the user is interested - BZ#750617
This update now includes an HTTP "Referer:" header value when submitting requests to CAs which are accessed using XML-RPC, as is expected to be required by future releases of the IPA CA
All users of the certmonger service are advised to upgrade to this updated package, which fixes these bugs and adds these enhancements. Updated chkconfig packages that fix two bugs are now available for Red Hat Enterprise Linux 6. The basic system utility chkconfig updates and queries runlevel information for system services. Bug Fixes- BZ#797847
When installing multiple Linux Standard Base (LSB) services which only had LSB headers, the stop priority of the related LSB init scripts could have been miscalculated and set to "-1". With this update, the LSB init script ordering mechanism has been fixed, and the stop priority of the LSB init scripts is now set correctly. - BZ#797846
When an LSB init script requiring the "$local_fs" facility was installed with the "install_initd" command, the installation of the script could fail under certain circumstances. With this update, the underlying code has been modified to ignore this requirement because the "$local_fs" facility is always implicitly provided. LSB init scripts with requirements on "$local_fs" are now installed correctly.
All users of chkconfig are advised to upgrade to these updated packages, which fix these bugs. An updated cifs-utils package that fixes two bugs is now available for Red Hat Enterprise Linux 6. The cifs-utils package contains utilities for mounting and managing CIFS shares. Bug Fixes- BZ#676439
Prior to this update, mount.cifs dropped the CAP_DAC_READ_SEARCH flag together with most of the other capability flags before it performed a mount. As a result, mounting onto a directory without execute permissions failed if mount.cifs was installed as a setuid program and the user mount was configured in the /etc/fstab file. This update reinstates the CAP_DAC_READ_SEARCH flag before calling mount. Now, mounting no longer fails. - BZ#719363
Prior to this update, several mount options were missing from the mount.cifs(8) man page. With this update, the man page documents all mount options.
All users of cifs-utils are advised to upgrade to this updated cifs-utils package, which fixes these bugs. Updated cjkuni-fonts packages that fix one bug are now available for Red Hat Enterprise Linux 6. CJK Unifonts are Unicode TrueType fonts derived from original fonts made available by Arphic Technology under the Arphic Public License and extended by the CJK Unifonts project. Bug Fix- BZ#682650
Prior to this update, when viewing the U+4190 CJK character with the AR PL UMing font and the font size 10, this character was not displayed properly. This bug has been corrected in this update so that the character is now correctly displayed as expected.
All users of cjkuni-fonts are advised to upgrade to these updated packages, which fix this bug. |
| |
