Chapter 13. Servers and Services

Tomcat 6 starts as expected when the fr_FR language is configured

Previously, there was an incorrect entry in the Tomcat 6 LocalStrings_fr.properties file. As a consequence, Tomcat 6 showed and exception during the startup when the LANG variable in the /etc/tomcat6/tomcat6.conf file was set to fr_FR. This update fixes the entry and now Tomcat 6 starts without the exception. (BZ#1072484)

tomcat6 now provides noarch packages

Previous releases provided the tomcat6 packages as architecture-dependent. However, the Tomcat 6 servlet container is a Java application without any native components. Therefore, this release provides the packages as architecture-independent. (BZ#1155509)

The Tomcat 6 NIO connector does not leak memory anymore

Previously, a memory leak sometimes occurred when using the Tomcat 6 Non-blocking I/O (NIO) connector. This update ensures that Tomcat 6 removes processors from the RequestGroupInfo list and returns them to the recycledProcessors queue. As a result, the NIO connector no longer leaks memory. (BZ#1268352)

mod_nss now supports changing the SSL renegotiation buffer size

This update adds the NSSRenegBufferSize parameter to the mod_nss package. The parameter allows users to configure the amount of memory to be used for buffering a POST request when a per-location SSL renegotiation is required. Previously, mod_nss did not support this functionality, which caused such requests to fail with the following message recorded in Apache logging:
request body exceeds maximum size for SSL buffer, could not buffer message body to allow SSL renegotiation to proceed.
NSSRenegBufferSize accepts buffer size in bytes. The default value is 128K. Setting NSSRenegBufferSize to 0 disables the buffering. (BZ#1214366)

Documentation for tcp_wrappers no longer refers to unavailable binaries

The hosts_access(5) man page, which is a part of the tcp_wrappers package, previously referred to tcpdchk and tcpdmatch binaries which were not included in this package, causing confusion. References to tcpdchk have been removed from the man page, and a modified version of tcpdmatch has been added to the package, allowing you to test your configurations by following the provided instructions. (BZ#1084458)

openssh-clients no longer keeps exited sessions open

Previously, the implementation of openssh-clients did not adhere to RFC 4253, The Secure Shell (SSH) Transport Layer Protocol, as in some cases, a language tag was not sent for the SSH_MSG_DISCONNECT message. As a consequence, when connected to the server from a Red Hat Enterprise Linux 6 ssh-client and disconnected by closing the session, the server kept the session (TCP socket) open until it timed out. This bug has been fixed by adding correct parameters for the SSH_MSG_DISCONNECT message, which makes the server close the session as expected. (BZ#1222500)

Pegasus CIM server now disables SSLv3 and uses TLS1.0 or later by default

The Pegasus CIM server previously had no option to disable the SSLv3 protocol, which is now considered insecure. This update contains a backported upstream fix which changes the default behavior so that SSLv3 is disabled, TLS1.0 or later is used, and SSLv3 can be reenabled using the sslBackwardCompatibility option if necessary. (BZ#1238329)

vsftpd can now use wildcards in commands correctly

A regression in the vsftpd daemon previously caused commands which used wildcards such as * or ? to fail. This bug has been fixed and you can now use wildcards in commands such as ls with vsftpd again. (BZ#1315957)

Print jobs no longer disappear from cups queue for non-responsive printers

Previously, when a print job was submitted to a print queue which was trying to send jobs to a non-responsive printer, and then the queue was disabled and reenabled, the print job disappeared due to a bug in the cups service. An upstream fix was backported into cups, and jobs no longer disappear from queues when they are disabled and reenabled. (BZ#1293498)

The Dovecot IMAP server now returns the CP932 character in IMAP search results

A bug in the charset conversion algorithm caused IMAP searches not to return messages that contained the CP932 character. An upstream fix has been backported to fix this bug, and the IMAP search command na finds messages containing the CP932 character as expected. (BZ#1275233)

Applications no longer access database files on a NFS share ineffectively

Prior to this update, some applications performed poorly when performing operations on database files hosted on a NFS share. This was caused by the frequent invalidations of cache on the NFS client. This update introduces a new environment variable NDBM_LOCK, which prevents cache invalidation. As a result, the relevant applications no longer perform poorly in the described scenario. (BZ#668702)