BZ#667684

Previously, the tsclient utility did not provide a "Client Hostname" option. Users experienced the "No valid license available" error message from the terminal server after many successful connections. To solve this problem an option to enter client hostname information, "-n", has been added. Now, the user can enter client hostname information and it will be passed to the rdesktop client.

BZ#695480

Previously, remote "tuned" service starts could have led to a service unresponsiveness under certain circumstances. With this update, the handling of stdin, stdout, or stderr during the service creation has been fixed to resolve this problem.

BZ#707079

Previously, using NIC bonding could have led to an unexpected termination of "tuned". With this update, the network device type determination has been fixed by handling more error conditions so that the aforementioned bug no longer occurs.

BZ#632646

Previously, a udev rule used the modem-modeswitch callout on the Vodafone K3565-Z 3G modem. As a consequence, a medium in a virtual CD-ROM drive could not be ejected to activate the modem functionality. Now, the modem-modeswitch callout is no longer used for this device and a medium is automatically ejected instead, thus fixing this bug.

BZ#698540

The path_id utility did not create symbolic links for SAS (Serial Attached SCSI) devices without enclosures. Consequently, udev did not create a symbolic link in the /dev/disk/by-path/ directory and the device could not be accessed by this path. This bug has been fixed, udev now follows the naming scheme of its upstream version 171, and symbolic links for SAS devices are now created in the following format: sas-[sas_address]-[lun]". In this format, [sas_address] stands for the contents of the sas_address file of the device, located in the /sys subdirectory, and [lun] represents the logical unit number of the device.

BZ#714951

The path_id utility did not create symbolic links for iSCSI (Internet SCSI) devices. Consequently, udev did not create a symbolic link in the /dev/disk/by-path/ directory and the device could not be accessed by this path. This bug has been fixed, udev now follows the naming scheme of its upstream version 171, and symbolic links for iSCSI devices are now created in the following format: "ip-[address]:[port]-iscsi-[target]-[lun]". In this format, [lun] represents the logical unit number of the device.

BZ#701265

When udev renamed a network interface and encountered a naming conflict, it renamed the interface to "[initial name]-[desired name]". Sometimes, this name was not unique and the naming conflict persisted. This bug has been fixed, udev now uses the unique interface index for renaming, and temporary names for interfaces are now of the following format: "rename[ifindex]".

BZ#727500

Prior to this update, the libgudev1 package had no explicit package version requirement on the libudev library. As a consequence, it was possible to update libudev without updating libgudev1, which could lead to inconsistencies, if the ABI (application binary interface) changed in libudev. With this update, the libgudev1 spec file has been updated, and the package now requires libudev explicitly, thus fixing this bug.

BZ#726566

Previously, the result buffer to store the output of programs started with the IMPORT directive was too short in some cases. Consequently, the "ERR udevd-work: ressize 4096 too short" error messages were returned, and the system sometimes became non-operational. Now, the result buffer has been increased to 16kB, thus fixing this bug.

BZ#696651

Previously, when traversing the list of devices internal to udev, the libvirtd daemon terminated unexpectedly in the udev_enumerate_get_list_entry() function. This bug has been fixed and libvirtd no longer crashes in the described scenario.

BZ#731400

Previously, for Xen block devices, udev did not provide information acquired by the blkid utility, such as the filesystem label or UUID. Consequently, no symbolic links in the /dev/disk/{by-uuid,by-label,by-id} directories were created. With this update, these symbolic links are created for Xen block devices as expected, thus fixing this bug.

BZ#711254

The default I/O scheduler (CFQ) parameters for all disk types, except SATA disks, have been changed as follows:

slice_idle=0 quantum=32

BZ#738479

Prior to this update, the redundant udev watch rule interfered with the Logical Volume Manager (LVM) which could cause problems under certain workloads. This update removes this udev rule and udisks no longer interferes with LVM.

BZ#612693

Prior to this update, the unicap package did not provide the libucil, libunicap and libunicap-gtk virtual packages. As a result, it was not possible to install packages that depended on the libucil, libunicap and libunicap-gtk packages. This update fixes the declaration "--provides" so that the unicap package now provides the virtual packages.

BZ#635644

Prior to this update, the unicap utility did not check for the return value of the Advanced Linux Sound Architecture (ALSA) initialization. As a result, unicap terminated unexpectedly if the initialization of ALSA failed. This update adds the missing checks for the return value to handle the ALSA initialization failure gracefully.

BZ#635645

Prior to this update, the unicap utility did not check for the return value of the Theora encoder initialization. As a result, unicap terminated unexpectedly if the initialization of the Theora encoder failed. This update adds the missing checks for the return value to handle the Theora encoder initialization failure gracefully.

BZ#658059

Prior to this update, unicap-devel packages for both 32-bit and 64-bit architectures on a single system could not be installed because of conflicts between the packages. This update uses the documentation from the unicap source code archive instead of the documentation generated at build time. Now, unicap-devel packages can be installed as expected.

BZ#728473

Prior to this update, the unicap package was missing a dependency on libv4l2.so.0, although some libraries shipped with unicap were using libv4l2.so.0. This update adds the missing dependency.

BZ#725982

Previously, when running the "lsusb -t" command in a KVM guest, the lsusb utility terminated with a segmentation fault. The utility has been modified and now lists USB devices correctly.

BZ#730671

The FILES item in the lsusb(8) manual page displayed an incorrect path to the usb.ids file. This path has been changed to the correct /usr/share/hwdata/usb.ids path.

Security Fixes

CVE-2011-1675, CVE-2011-1677

Multiple flaws were found in the way the mount and umount commands performed mtab (mounted file systems table) file updates. A local, unprivileged user allowed to mount or unmount file systems could use these flaws to corrupt the mtab file and create a stale lock file, preventing other users from mounting and unmounting file systems.

BZ#675999

Due to a hard coded limit of 128 devices, an attempt to run the "blkid -c" command on more than 128 devices caused blkid to terminate unexpectedly. This update increases the maximum number of devices to 8192 so that blkid no longer crashes in this scenario.

BZ#679741

Previously, the "swapon -a" command did not detect device-mapper devices that were already in use. This update corrects the swapon utility to detect such devices as expected.

BZ#684203

Prior to this update, the presence of an invalid line in the /etc/fstab file could cause the umount utility to terminate unexpectedly with a segmentation fault. This update applies a patch that corrects this error so that umount now correctly reports invalid lines and no longer crashes.

BZ#696959

Previously, an attempt to use the wipefs utility on a partitioned device caused the utility to terminate unexpectedly with an error. This update adapts wipefs to only display a warning message in this situation.

BZ#712158

When providing information on interprocess communication (IPC) facilities, the ipcs utility could previously display a process owner as a negative number if the user's UID was too large. This update adapts the underlying source code to make sure the UID values are now displayed correctly.

BZ#712808

In the installation scriptlets, the uuidd package uses the chkconfig utility to enable and disable the uuidd service. Previously, this package did not depend on the chkconfig package, which could lead to errors during installation if chkconfig was not installed. This update adds chkconfig to the list of dependencies so that such errors no longer occur.

BZ#716995

The previous version of the /etc/udev/rules.d/60-raw.rules file contained a statement that both this file and raw devices are deprecated. This is no longer true and the Red Hat Enterprise Linux kernel supports this functionality. With this update, the aforementioned file no longer contains this incorrect statement.

BZ#723352

Previously, an attempt to use the cfdisk utility to read the default Red Hat Enterprise Linux 6 partition layout failed with an error. This update corrects this error and the cfdisk utility can now read the default partition layout as expected.

BZ#679831

The previous version of the tailf(1) manual page incorrectly stated that users can use the "--lines=NUMBER" command line option to limit the number of displayed lines. However, the tailf utility does not allow the use of the equals sign (=) between the option and its argument. This update corrects this error.

BZ#694648

The fstab(5) manual page has been updated to clarify that empty lines in the /etc/fstab configuration file are ignored.

BZ#692119

A new fstrim utility has been added to the package. This utility allows the root user to discard unused blocks on a mounted file system.

BZ#696731

The login utility has been updated to provide support for failed login attempts that are reported by PAM.

BZ#723638

The lsblk utility has been updated to provide additional information about the topology and status of block devices.

BZ#726092

The agetty utility has been updated to pass the hostname to the login utility.

BZ#708522

When building the valgrind package with macros to prevent application of any downstream patches, the rebuild process failed. This bug has been fixed and valgrind can now be properly rebuilt in the described scenario.

BZ#713956

Previously, the JIT (Just in Time Compiler) in some versions of the JDK (Java Development Kit) generated useless, but valid, instruction prefixes, which valgrind could not emulate. Consequently, Java applications running under valgrind sometimes terminated unexpectedly. With this update, valgrind has been changed to emulate instructions even with these useless prefixes, the JVM process now exits properly, and valgrind displays memory leak summary information in the described scenario.

BZ#717218

In a Coverity Scan analysis, a redundant check was discovered in one of the backported patches applied to the valgrind package. An upstream patch has been applied to address this issue and the redundant check is no longer performed.

BZ#694598

With this update, the valgrind package has been updated to provide support for 64-bit IBM POWER7 Series hardware.

BZ#703067

If the user pressed the X button on the "Customize configuration before install" dialog box, the box closed and the installation started instead of being canceled. With this update, pressing the new Cancel button in the dialog box removes the custom changes and displays the "New VM" wizard. The X button now correctly performs the cancel action.

BZ#729590

The virt-manager utility offered sound card models in the user interface (UI) that are not supported at the QEMU level. As a consequence, selecting one of these models prevented a guest from starting. Unsupported models are now hidden so that there is no option to generate a broken guest configuration.

BZ#699953

When performing tunneled migration using the virt-manager utility, the migration failed with an error message. With this update, the proper URI is now generated when performing peer-to-peer migration. As a result, tunneled migration now works as expected.

BZ#727766

The virt-manager utility offered to create the SCSI (Small Computer System Interface) and USB devices in the UI. These options are not supported at the QEMU level, therefore selecting one of these models prevented a guest from starting. Unsupported models are now hidden so that there is no option to generate a broken guest configuration.

BZ#732371

Previously, virt-manager did not properly escape reserved characters in domain names when listing them in the main list of virtual machines. If a virtual machine had any reserved XML characters in its name, the name was incorrectly displayed in the list of virtual machines. With this update, virt-manager properly escapes reserved characters in the names of virtual machines, which are correctly displayed as a result.

BZ#588505

When monitoring the disk I/O statistics in virt-manager, the utility used different scales on graphs for various machines. As a consequence, a graph for a virtual machine with low I/O activity displayed very similar information as a graph for a machine with high I/O activity. The virt-manager utility is now modified to show all visible graphs on the same scale, adjusted dynamically to the highest reported I/O value. Graphs can now be reliably compared across various virtual machines.

BZ#698096

Previously, virt-manager incorrectly compared USB devices of a running guest to the USB devices from its offline configuration file. A hot unplugged USB device did appear again after the guest had been rebooted. Now, comparisons work correctly for online and offline guests and hot unplug removes the USB device for all subsequent starts.

BZ#488141

The virt-manager utility now provides an option to set the iSCSI Qualified Name (IQN) value for an iSCSI pool.

BZ#680060

With this update, virt-manager now uses the Simple Protocol for Independent Computing Environments (SPICE) graphics for new guests by default. This allows for audio streaming and better graphics performance.

BZ#546440

Previously, only local guest virtual machines were allowed to be installed by specifying a URL tree. With this update, virt-manager can now provision also remote guests using a URL tree.

BZ#693872

The virt-manager utility now allows managing Linux Containers (LXC) guests. This includes basic life cycle management (start, stop, pause) and creation of application containers.

BZ#730208

Prior to this update, the terminal was not properly restored if the --csv flag was given. This update modifies the code so that the terminal is now restored in the correct mode.

BZ#665817

The CSV output of virt-top contains only the headers for the first virtual machine. This update adds a processcsv.py script to virt-top so that the CSV output can now be split up into multiple files, each file containing full headers.

BZ#680031

When a libvirt error happens early during virt-top start-up, an obscure error message can be printed. With this update, the manual page contains added instructions for debugging libvirt errors that can occur during program initialization.

BZ#680027

With this update, the domain memory information is now displayed in the CSV output mode.

Security Fix

CVE-2011-1773

Using virt-v2v to convert a guest that has a password-protected VNC console to a KVM guest removed that password protection from the converted guest: after conversion, a password was not required to access the converted guest's VNC console. Now, converted guests will require the same VNC console password as the original guest. Note that when converting a guest to run on Red Hat Enterprise Virtualization, virt-v2v will display a warning that VNC passwords are not supported.

Note

The Red Hat Enterprise Linux 6.2 perl-Sys-Virt update must also be installed to correct CVE-2011-1773.

BZ#665883

When converting a guest virtual machine (VM), whose name contained certain characters, virt-v2v would create a converted guest with a corrupted name. Now, virt-v2v will not corrupt guest names.

BZ#671094

There were numerous usability issues when running virt-v2v as a non-root user. This update makes it simpler to run virt-v2v as a non-root user.

BZ#673066

virt-v2v failed to convert a Microsoft Windows guest with Windows Recovery Console installed in a separate partition. Now, virt-v2v will successfully convert a guest with Windows Recovery Console installed in a separate partition by ignoring that partition.

BZ#694364

virt-v2v failed to convert a Red Hat Enterprise Linux guest which did not have the symlink "/boot/grub/menu.lst". With this update, virt-v2v can select a grub configuration file from several places.

BZ#694370

This update removes information about the usage of deprecated command line options in the virt-v2v man page.

BZ#696089

virt-v2v would fail to correctly change the allocation policy, (sparse or preallocated) when converting a guest with QCOW2 image format. The error message "Cannot import VM, The selected disk configuration is not supported" was displayed. With this update, allocation policy changes to a guest with QCOW2 storage will work correctly.

BZ#700759

The options "--network" and "--bridge" can not be used in conjunction when converting a guest, but no error message was displayed. With this update, virt-v2v will now display an error message if the mutually exclusive "--network" and "--bridge" command line options are both specified.

BZ#702007

virt-v2v failed to convert a multi-boot guest, and did not clean up temporary storage and mount points after failure. With this update, virt-v2v will prompt for which operating system to convert from a multi-boot guest, and will correctly clean up if the process fails.

BZ#707261

virt-v2v failed to correctly configure modprobe aliases when converting a VMware ESX guest with VMware Tools installed. With this update, modprobe aliases will be correctly configured.

BZ#727489

When converting a guest with preallocated raw storage using the libvirtxml input method, virt-v2v failed with the erroneous error message "size(X) < usage(Y)". This update removes this erroneous error.

BZ#708961

When converting a Red Hat Enterprise Linux guest, virt-v2v did not check that the Cirrus X driver was available before configuring it. With this update, virt-v2v will attempt to install the Cirrus X driver if it is required.

BZ#732421

VirtIO systems do not support the Windows Recovery Console on 32-bit Windows XP. The virt-v2v man page has been updated to note this. On Windows XP Professional x64 Edition, however, if Windows Recovery Console is re-installed after conversion, it will work as expected.

BZ#677870

Placing comments in the guest fstab file by means of the leading "#" symbol caused an "unknown filesystem" error after conversion of a guest. With this update comments can now be used and error messages will not be displayed.

BZ#680331

Running the virt-viewer utility with the "--verbose" or "-v" option did not display verbose information. With this update, additional data has been provided so that the command outputs detailed information.

BZ#730346

Previously, the virt-viewer utility failed to connect to remote displays when using SSH tunneling with the SSH server on a non-standard port number. An upstream patch has been applied to address this issue and virt-viewer now correctly displays remote quests.

BZ#730901

Previously, running the "virt-viewer --zoom" command with a zoom level specified did not work correctly. This update fixes the initial zoom level on a display, and the primary window zoom level is now propagated to secondary windows. As a result, the zoom option works as expected.

BZ#730911

Using a wildcard address (for example, 0.0.0.0) as a listen address for the graphic server could cause virt-viewer to fail to connect to remote virtual machines. If the user used the "virt-viewer --direct --connect" command with a remote IP address to connect a virtual machine, virt-viewer connected to the graphic server but was not able to connect to the virtual machine. The hostname is now used from the libvirt URI and virt-viewer can open remote virtual machines successfully.

BZ#731132

Due to an invalid implementation of the libvirt events API, the virt-viewer utility occasionally resulted in a deadlock. To avoid deadlock situations, ff callbacks are now invoked from a clean stack instead of being called directly from the remote callback.

BZ#739007

Previously, the window titles for virt-viewer instances did not contain the name of the displayed guest, nor did they contain the number of guest displays (for multihead setups). The source code has been modified so that the titles now contain both the name of the guest and the number of displays.

BZ#740724

Guests are normally configured with their VNC (Virtual Network Computing) server on a TCP socket, but can be also configured to use a UNIX domain socket instead. Prior to this update, virt-viewer was unable to connect to such a guest and terminated unexpectedly with a segmentation fault when attempting to open it. A patch has been applied to address the issue and the virt-viewer utility now opens guests successfully and no longer crashes.

BZ#744370

Due to certain broken key combinations, sending the Ctrl+Alt+F9 and Ctrl+Alt+F10 key combinations incorrectly opened the tty4 and tty5 text consoles in virt-viewer. This update fixes the broken key combinations and the text console no longer opens when sending the aforementioned key combinations.

BZ#744374

Previously, the window title was missing the guestname when waiting for a domain to start. To fix this problem, the initial window title is set to the "--wait" command line argument while waiting for a virtual machine to start. When the machine actually appears, the title is updated to the real name of the machine.

BZ#744377

With the SPICE (Simple Protocol for Independent Computing Environments) graphics, the virt-viewer windows did not display the "Press Ctrl+Alt to release pointer" information. With this update, VirtViewerDisplaySpice is connected to the grab signals in DisplaySpice, which ensures that the release sequence message is now displayed.

BZ#707524

On the 64-bit x86 architecture, if the user configured a CPU model for the virtual machine, the virt-what utility failed to detect that the guest was running inside a virtual machine. The order of tests has been rearranged, fixing the problem.

BZ#767108

The vsftpd daemon sets a value of the RLIMIT_AS variable during its initialization phase. With Red Hat Enterprise Linux 6.1, the RLIMIT_AS value (100 MB) became insufficient which restricted LDAP users from authentication to the system using vsftpd. With this update, the initial RLIMIT_AS value has been increased to 200 MB, and vsftpd now can be used for LDAP authentication as expected.

BZ#658774

Previously, setting a cursor color was not working properly in that a terminal (text) cursor was invisible in some applications which used vte. With this update, the bug has been fixed so that the cursor is now rendered properly and is visible as expected.

BZ#671289

Prior to this update, the /etc/profile.d/which2.csh file caused an alias for the "which" command to be created. As a result, the "which" command included in the "which" package was used instead of the built-in "which" command as included in the C shell (csh). The problem has been fixed in this update by removing the /etc/profile.d/which2.csh file so that the "which" command included in csh is now used as expected.

Security Fixes

CVE-2011-1590, CVE-2011-4102, CVE-2012-1595

Several flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark.

CVE-2011-1143, CVE-2011-1957, CVE-2011-1958, CVE-2011-1959, CVE-2011-2174, CVE-2011-2175, CVE-2011-2597, CVE-2011-2698, CVE-2012-0041, CVE-2012-0042, CVE-2012-0067, CVE-2012-0066

Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file.

BZ#746839

Prior to this update, Wireshark did not show traffic information for the Network File System (NFS) version 4.1 protocol. With this update, the NFS packet dissector is enhanced so that Wireshark correctly displays traffic for this protocol. Note that NFS version 4.1 is introduced as a Technology Preview for Red Hat Enterprise Linux 6.

BZ#713771

The libpciaccess package has been upgraded to upstream version 0.12.1.

BZ#713770

The libdrm package has been upgraded to upstream version 2.4.25.

BZ#717022

The xorg-x11-font-utils package has been upgraded to upstream version 7.2.

BZ#713846

The xorg-x11-util-macros package has been upgraded to upstream version 1.14.0.

BZ#713845

The xorg-x11-proto-devel package package has been upgraded to upstream version 7.6.

BZ#747965

The file permissions were set incorrectly for certain device nodes, such as the /dev/dri/controlD64 file. This problem could have been misused for DoS (Denial of Service) attacks against the current console users if the users were running X Windows. With this update, the file permissions are now set more strictly for these device nodes.

BZ#713777

The xorg-x11-drv-acecad package has been upgraded to upstream version 1.5.0.

BZ#713778

The xorg-x11-drv-aiptek package has been upgraded to upstream version 1.4.1.

BZ#713783

The xorg-x11-drv-elographics package has been upgraded to upstream version 1.3.0.

BZ#713788

The xorg-x11-drv-fpit package has been upgraded to upstream version 1.4.0.

BZ#713802

The xorg-x11-drv-hyperpen package has been upgraded to upstream version 1.4.1.

BZ#713786

The xorg-x11-drv-evdev package has been upgraded to upstream version 2.6.0.

BZ#713841

The xorg-x11-drv-vmmouse package has been upgraded to upstream version 12.7.0.

BZ#713809

The xorg-x11-drv-mouse package has been upgraded to upstream version 1.7.0.

BZ#713807

The xorg-x11-drv-keyboard package has been upgraded to upstream version 1.6.0.

BZ#713861

The xorg-x11-drv-synaptics package has been upgraded to upstream version 1.4.1.

BZ#713810

The xorg-x11-drv-mutouch package has been upgraded to upstream version 1.3.0.

BZ#713812

The xorg-x11-drv-penmount package has been upgraded to upstream version 1.5.0.

BZ#713779

The xorg-x11-drv-apm package has been upgraded to upstream version 1.2.3.

BZ#713867

The xorg-x11-drv-ast package has been upgraded to upstream version 0.91.10.

BZ#713780

The xorg-x11-drv-cirrus package has been upgraded to upstream version 1.3.2.

BZ#713781

The xorg-x11-drv-dummy package has been upgraded to upstream version 0.3.4.

BZ#713787

The xorg-x11-drv-fbdev package has been upgraded to upstream version 0.4.2.

BZ#713789

The xorg-x11-drv-geode package has been upgraded to upstream version 2.11.12.

BZ#713790

The xorg-x11-drv-glint package has been upgraded to upstream version 1.2.5.

BZ#713803

The xorg-x11-drv-i128 package has been upgraded to upstream version 1.3.4.

BZ#713805

The xorg-x11-drv-i740 package has been upgraded to upstream version 1.3.2.

BZ#713808

The xorg-x11-drv-mach64 package has been upgraded to upstream version 6.9.0.

BZ#713811

The xorg-x11-drv-neomagic package has been upgraded to upstream version 1.2.5.

BZ#713855

The xorg-x11-drv-nv package has been upgraded to upstream version 2.1.18.

BZ#713856

The xorg-x11-drv-openchrome package has been upgraded to upstream version 0.2.904.

BZ#713813

The xorg-x11-drv-r128 package has been upgraded to upstream version 6.8.1.

BZ#713814

The xorg-x11-drv-rendition package has been upgraded to upstream version 4.2.4.

BZ#713832

The xorg-x11-drv-s3virge package has been upgraded to upstream version 1.10.4.

BZ#713833

The xorg-x11-drv-savage package has been upgraded to upstream version 2.3.2.

BZ#713835

The xorg-x11-drv-siliconmotion package has been upgraded to upstream version 1.7.5.

BZ#713859

The xorg-x11-drv-sis package has been upgraded to upstream version 0.10.3.

BZ#713836

The xorg-x11-drv-sisusb package has been upgraded to upstream version 0.9.4.

BZ#713837

The xorg-x11-drv-tdfx package has been upgraded to upstream version 1.4.3.

BZ#713838

The xorg-x11-drv-trident package has been upgraded to upstream version 1.3.4.

BZ#713839

The xorg-x11-drv-v4l package has been upgraded to upstream version 0.2.0.

BZ#713840

The xorg-x11-drv-vesa package has been upgraded to upstream version 2.3.0.

BZ#713842

The xorg-x11-drv-vmware package has been upgraded to upstream version 11.0.3.

BZ#713844

The xorg-x11-drv-voodoo package has been upgraded to upstream version 1.2.4.

BZ#713860

The xorg-x11-drv-xgi package has been upgraded to upstream version 1.6.0.

BZ#704094

Due to a missing XGIPowerSaving() function call in the xgi video driver's source code, a server using XGI Z9-series graphics chipset was not able to recover from power-saving mode. With this update, the XGIPowerSaving() function call has been added and the server now recovers properly.

BZ#659782

Previously, a trailing comma was passed in the "thunderbird" command. As a result, Thunderbird was unable to open a compose window. With this update, the trailing comma has been stripped so that Thunderbird now works properly.

BZ#659786

Previously, there was a typo found in the xdg-utils source code. As a consequence, Thunderbird, after passing in an email address, created a compose window without the "To:" address. With this update, the typo has been fixed so that the "To:" address is now passed in correctly.

BZ#679154

xfs_quota is the xfsprogs utility for managing XFS file system quotas. When "xfs_quota" was run on an XFS file system which had user quotas enabled but no enabled group quotas, it generated "XFS_GETQUOTA: No such process" errors. That is, xfs_quota was asking for and attempting to report on quotas which were not there. This update corrects this behavior. xfs_quota no longer tries to report on quotas that are not present and, consequently, the error above no longer presents.

BZ#694706

xfs_repair is the xfsprogs utility for repairing XFS file systems. Previously, when "xfs_repair -n" (the "-n" switch puts xfs_repair into "report-only, do not modify" mode) was run on an XFS filesystem, a check for whether a particular called pointer -- agno -- was within the file system was not done. In some circumstances (for example, if the file system had corrupted directory entries) this could cause the utility to read uninitialized memory, resulting in a segfault. As of this update "xfs_mount" is specifically passed to affected functions and agno is checked to ensure it is inside the XFS file system. Consequently, the uninitialized memory reads and resultant segfaults no longer occur.

Bug Fix

BZ#841915

Due to incorrect handling of a file descriptor array in the service.c source file, some of the descriptors remained open when xinetd was under heavy load. Additionally, the system log was filled with a large number of messages that took up a lot of disk space over time. This bug has been fixed in the code, xinetd now handles the file descriptors correctly and no longer fills the system log.

BZ#706976

Previously, the configuration files of the xinetd utility were readable for all users. This update makes the permissions more restrictive and the configuration files are now readable only by root.

BZ#738662

Previously, the /etc/xinet.d/ directory was owned by both the filesystem and xinetd packages. This bug has been fixed, and the directory is now owned only by the filesystem package.

BZ#638612

Prior to this update, duplicate mapping for the backslash key caused the Indic Onscreen Keyboard (IOK) to exit with a segmentation fault when the Hindi Wx mapping was selected. This update modifies the mapping so that IOK no longer exits unexpectedly.

BZ#651774

With this update, the Unicode Rupee symbol is now included in the Indic keyboard layouts.

BZ#713863

This update upgrades the xkeyboard-config data files to upstream version 2.3.

BZ#588918

The ATI ES1000 graphics devices had limited Video RAM (VRAM) and were restricted to an 8-bit color depth for the text console. As a consequence, the graphical boot screen was unavailable on systems using these graphics devices. Such systems could become unresponsive afterward and had to be rebooted. With this update, the source code is modified and the installation with graphical user interface (GUI) can be successfully completed.

BZ#615550

Due to the driver being too verbose, error messages about failed write attempts could incorrectly appear when booting the system on i386 architectures. The messages could be safely ignored and the system eventually booted successfully. To avoid user confusion, these messages are removed with this update.

BZ#675297

This update adds support for the AMD FirePro M5950, AMD FirePro M8900, AMD FirePro V5900, and AMD FirePro V7900 graphics cards.

BZ#713622

This update provides the firmware files which are required by AMD Radeon HD 6000-series and AMD's Accelerated Processing Unit (APU) platforms.

BZ#699933

A black screen could appear when attempting to turn on a Lenovo ThinkPad T500 laptop after suspending it. As a consequence, the laptop could not recover from suspend. The source code has been modified so that Lenovo ThinkPad T500 laptops now recover from suspend successfully.

BZ#720702

Prior to this update, arithmetic rounding in the panel fitting algorithm did not work as expected. As a result, the screen was staggered in a diagonal way when scaling up the 1360x768 mode for the Intel Ironlake driver with Low-voltage differential signaling (LVDS) while the scaling mode was set to "None" or "Full aspect". This update modifies the rounding in the panel fitting algorithm so that the screen resolution can now be changed correctly.

BZ#684313

This update adds support for future Intel embedded graphics controllers and enables additional 3D features.

BZ#713388

Previously, the MGA driver rendered the image incorrectly on big-endian architectures, including PowerPC and 64-bit PowerPC. Consequently, the display showed altered colors. With this update, the colors are displayed correctly in the described scenario.

BZ#745080

Previously, the MGA driver caused a shift in the video screen. Consequently, the screen became corrupted and the windows were pushed around randomly. This update, modifies the code so that the MGA driver no longer causes problems for the video screen.

BZ#526104

This update adds support for ServerEngines Pilot III to the xorg-x11-drv-mga packages.

BZ#708500

Prior to this update, one process was used to scan for all defects. As a result, xorg-x11-drv-nouveau packages did not build without patches against its supporting components. This update scans defects in downstream patches separately. Now, the packages build as expected when not all downstream patches are present.

BZ#713768

This update adds the updated Xorg Nouveau driver for NVIDIA GeForce/Quadro hardware to the xorg-x11-drv-nouveau package.

BZ#794877

The QXL driver for Red Hat Enterprise Linux 6.2 did not contain the compatibility layer. As a consequence, updating a Red Hat Enterprise Linux 6 guest running on a Red Hat Enterprise Linux 5 host in the Red Hat Enterprise Virtualization 2.2 environment caused the SPICE client window to become black after the update, and therefore unusable. A patch has been applied to ensure proper compatibility and the driver now works correctly in the described scenario.

BZ#799524

The QXL driver for Red Hat Enterprise Linux 6.2 was not able to cache images on the client side. This led to visible and significant impact on user experience (users could have experienced delays when loading images contained in web presentations or slideshows). With this update, images can be optionally cached on the client side.

BZ#713769

With this update, the new X.Org server is now supported.

BZ#641759

Previously, the xsetwacom(1) manual page contained a typographical error. This update corrects the typographical error.

BZ#675672

Previously, calibration could be inaccurate when using TwinView while the orientation was set to "LeftOf". With this update, the source code is modified and calibration now works as expected.

BZ#711618

Prior to this update, the wacomcpl utility supported only a single wacomcplrc file in the user's home directory. All the user settings were restored from this file when logging in. When various users logged into multiple machines with a different setup, a user had to update the wacomcplrc file every time. With this update, wacomcpl is modified to support host-specific wacomcplrc files. If no file exists with a hostname suffix, wacomcpl finally tries to load the wacomcplrc file without the suffix.

BZ#711619

With this update, the eraser automatically updates to the same calibration setting as the stylus when calibrating or binding the stylus to a screen using wacomcpl.

BZ#759022

Previously, a bug in Xephyr's input handling code disabled screens on a screen crossing event. When the Xephyr nested X server was configured in a multi-screen setup, the focus was only on the screen where the mouse was located, and only this screen was updated. The aforementioned code has been removed and the Xephyr server now correctly updates screens in multi-screen setups.

BZ#783505

Previously, if the X server was configured as a multi-screen setup through multiple "Device" sections in the xorg.conf file, an absolute input device (for example a graphic tablet's stylus) got stuck in the right-most or bottom-most screen. This update changes the screen crossing behavior so that absolute devices are always mapped across all screens.

BZ#740581

Due to a problem in the gnome-screensaver application that caused screen resume failures, the X server was set to stop proxying the lid state in output connectivity. As a consequence, when using certain configurations, such as a dual head setup with span mode, the screen configuration was not changed to use only the external screen on the laptop lid close. With this update, the problem with gnome-screensaver has been resolved, and X server has been modified to inspect the lid state again. When the laptop lid is closed, the laptop display is disconnected and the screen configuration is changed to use only the external monitor. When the laptop lid is open, the screen configuration returns to the dual head setup using span mode.

BZ#693793

The /usr/bin/xvfb-run script incorrectly used the undefined tempfile variable instead of the mktemp command when creating a temporary directory for an X authorization file. The script was not able to create the directory and therefore failed to start Xvfb (X virtual framebuffer). The xvfb-run script now works as expected using mktemp.

BZ#734262

The X server did not respect screen limits properly. Therefore, the mouse cursor could be moved outside the visible areas of the screen. Screen limits are now respected by the X server, and the cursor can no longer leave the visible areas of the screen.

BZ#740190

The X server did not recognize the lid state correctly if a laptop with attached external display booted with the lid closed. Therefore, the Gnome Display Manager's login dialog did not appear on the external screen. With this update, the X server recognizes the lid as closed, and the login dialog now displays on the external screen in the scenario described.

BZ#664484

Under certain circumstances, a user's keyboard and key mappings could go out of sync if the mappings were modified with the xmodmap utility. With this update, the underlying code has been fixed, and modified key mappings can now be used as expected.

BZ#655212

The panning feature did not work correctly with X Resize, Rotate and Reflect Extension (RandR) when CRTC cursor confinement was enabled. As a consequence, users were not able to move the mouse pointer beyond the visible part of the screen although certain inaccessible regions were within the panning area. With this update, RandR has been modified to disable CRTC cursor confinement when panning is enabled. The panning feature now works as expected.

BZ#664927

When the XChangePointerControl() function was called by a driver after a device was removed from the system, the function tried to dereference the pointer to already freed memory. As a consequence, the X server terminated with a segmentation fault. The X server does not call this function anymore and crashes no longer in the situation described.

BZ#734969

Pointer events were not handled correctly when switching screens using the PointerKeys feature with multi-head ATI or NVIDIA graphics cards. This caused the X server to terminate unexpectedly. With this update, events handling has been modified and the X server no longer crashes under these circumstances.

BZ#657554

Previously, the xrandr options --scale and -- transform caused a segmentation fault, because these options required an --output field but the utility didn't validate the command line properly check for existing output. With this update, xrandr displays a message informing that the --scale and -- transform options also require the --output option.

BZ#740146

Previously, xrandr wrongly assumed that a gamma ramp value of zero was a failure. When VNC was enabled, xrandr returned a zero value. With this update, xrandr is modified to allow for a gamma ramp value of zero. Now xrandr no longer fails when running VNC.

Security Fix

CVE-2011-3026

A heap-based buffer overflow flaw was found in the way XULRunner handled PNG (Portable Network Graphics) images. A web page containing a malicious PNG image could cause an application linked against XULRunner (such as Firefox) to crash or, potentially, execute arbitrary code with the privileges of the user running the application.

BZ#638654

Previously, yaboot could not check whether an IP address is valid. As a consequence, yaboot netboot failed to operate in an environment where the gateway was not the same as the 'tftp' server, even though the 'tftp' server was on the same subnet. With this update, an IP address validity check has been added. Now,yaboot netbot operates as expected.

BZ#746340

Previously, yaboot discarded passed parameters to anaconda after the Client Architecture Support (CAS) was rebooted. This update upgrades the yaboot binary and modifies the source file. Now, the parameters are passed to the anaconda installer as expected.

BZ#699666

When using the passwd.adjunct file, the ypasswd client program did not recognize the salt used for hashing a new password and therefore chose DES as the default hash function. A new environment variable YP_PASSWD_HASH, which allows users to choose the hash algorithm, was added.

BZ#699675

Uninitialized memory could be accessed when running the "yppasswdd" command with the "-x" option to pass data to an external program. As a consequence, redundant characters were prefixed to the request string, which led to incorrect parsing of the request. This update fixes the memory initialization and the request can be now parsed successfully.

BZ#734494

Prior to this update, the root user could see old passwords of other users. This was caused by a change request being logged using syslog when running the "yppaswdd" command with the "-x" option to pass data to an external program. With this update, the old password hash and the new password hash are cleared in syslog and the root user can no longer view the old passwords of other users.

BZ#699667

Prior to this update, users were not able to change their passwords by running the "yppasswd" command if using the passwd.adjunct file, which prevents disclosing the encrypted passwords. With this update, users are now able to change their passwords.

BZ#661962

When uninstalling a package, the "yum remove" command may have previously reported success even when the package could not be removed due to an error in the %pre scriptlet. With this update, this error has been fixed, and when yum fails to remove a package, it no longer claims that it succeeded.

BZ#697885

When running the "yum -v repolist" command, the previous version of the yum utility may have incorrectly displayed a duplicate "Repo-baseurl" line for a repository with no mirrors. This update applies a patch that corrects this error, and the output of the "yum -v repolist" command no longer contains duplicate lines.

BZ#704600

Previously, an attempt to install a package that was larger than 4 GB on a 32-bit architecture caused yum to terminate unexpectedly with a traceback. With this update, the underlying source code has been adapted to work around this problem, and packages larger than 4 GB can now be installed as expected.

BZ#707358

Prior to this update, running a yum command with the "--installroot" command line option caused it to report the following warning:

Ignored option -c (probably due to merging -yc != -y -c)

This update adapts the underlying source code not to display this warning when the "--installroot" option is in use, resolving this issue.

BZ#727574

Under certain circumstances, an attempt to use the RepoStorage API may have failed with an AttributeError. With this update, this error has been fixed, and the RepoStorage API can now be used as expected.

BZ#727586

Previously, the repodiff utility used a stale metadata cache in subsequent runs. When two repodiff commands were executed in succession, the second run reused cached data from the first. This bug has been fixed and repodiff now properly validates the metadata if a connection cannot be established or the cached data are about to be reused.

BZ#728253

Prior to this update, when the "yum -q history addon-info last saved_tx" command was used to store transaction data in a file, an attempt to supply this file to the "yum load-transaction" command in order to repeat the transaction failed with an error, because the output contained extra lines. This update corrects the underlying source code to make sure the "yum -q history addon-info last saved_tx" command produces valid output, and adapts "yum load-transaction" to accept older version of the output as well.

BZ#733391

In very rare cases, the yum utility may have incorrectly kept using old updateinfo, pkgtags, and groups metadata. When this happened, users may have been unaware of available updates for up to 6 hours. This update applies a patch that prevents yum from using outdated metadata, resolving this issue.

BZ#662243

The "yum history" command has been adapted to store and display yumdb and rpmdb information, such as from which repository was a particular package installed.

BZ#728526

The "yum update" command can now be used to update a package to a specific version.

BZ#694401

The yum utility no longer asks the user to report a bug when the dependency solver (depsolve) encounters an error.

BZ#795455

The anacron scheduler starts the yum-cron utility with the "nice" value of 10. This caused Yum's RPM transactions to run at very low priority level. Also, any updated service inherited this "nice" value, which influenced the system behavior. This update adds the "reset_nice" configuration option, which allows Yum to reset the "nice" value to 0 before running an RPM transaction. With this option set, Yum's RPM transactions run at normal priority level so that updated services are restarted with normal priority as expected.

BZ#694188

When using the previous version of the yum-groups-manager utility, an attempt to use the "-c" (or "--config") command line option to specify an alternative configuration file failed, and the utility incorrectly used the default /etc/yum.conf file. This update adapts the underlying source code to correct this error, and yum-groups-manager now accepts alternative configuration files as expected.

BZ#699470

Prior to this update, when the yumdownloader utility failed to download a requested package, it incorrectly exited with a status of 0. With this update, yumdownloader exits with a non-zero status in these situations.

BZ#709043

Due to an error in the detection of the return value of an internal method, the previous version of the yum-builddep utility failed to exit with a non-zero exit status when it encountered an error. This update applies a patch that ensures the return value of the aforementioned method is correctly evaluated, and when an error is encountered, yum-builddep now exits with a non-zero status as expected.

BZ#713108

Previously, when a user executed the reposync utility with the "-r" (or "--repoid") command line option, the utility incorrectly used repositories that were enabled in the configuration. This update applies a patch to make sure these command line options work correctly.

BZ#734428

When using the priorities plug-in, running the "yum update" command may have incorrectly failed to offer some packages for update. This update corrects this error, and the priorities plug-in no longer prevents "yum update" from fully updating the system.

BZ#659740

Prior to this update, certain commands in the EXAMPLES sections of the repoquery(1), show-installed(1), yum-filter-data(1), yum-groups-manager(1), yum-list-data(1), and yum-verify(1) manual pages used incorrect glyphs for single quotes. Consequent to this, an attempt to copy such a command and run it on the command line failed with an error. This update ensures that all command examples now use typewriter straight single quotes as expected.

BZ#720967

Various typos in the yum-security(8) manual page have been corrected.

BZ#710469

Source repository patterns for Red Hat Network (RHN) have been added to the yumdownloader and yum-builddep utilities.

BZ#622781

When used to combine two Adler-32 checksums, the adler32_combine() function could have produced an incorrect result under certain circumstances. With this update, the underlying algorithm has been fixed, and the adler32_combine() function no longer returns incorrect checksums.

BZ#727288

This update sets RELRO flags by default, so that the zlib library is compiled with partial RELRO protection support.