Red Hat Enterprise Linux 6.10
Technical Notes for Red Hat Enterprise Linux 6.10
The Technical Notes provide information about notable bug fixes, Technology Previews, deprecated functionality, and other details in Red Hat Enterprise Linux 6.10. For high-level coverage of the improvements implemented in Red Hat Enterprise Linux 6.10 and a list of known problems in this release, refer to the Release Notes
Part I. Notable Bug Fixes
This part describes bugs fixed in Red Hat Enterprise Linux 6.10 that have a significant impact on users.
Chapter 2. General Updates
Users with any UID are now able to log in after the update to RHEL 7
Since Red Hat Enterprise Linux 7.3, the default value of the
configuration option of Dovecot changed from
in Red Hat Enterprise Linux 6 to
in Red Hat Enterprise Linux 7. Consequently, if a Red Hat Enterprise Linux 6 installation did not have
explicitly defined, the Dovecot configuration did not allow users with UID less than
to log in after the update to Red Hat Enterprise Linux 7. Note that only installations where
was not explicitly defined were affected. This problem has been addressed by the post-upgrade script, which now changes the
to the original value on the source system. As a result, users with any UID are able to log in after the update to Red Hat Enterprise Linux 7. (BZ#1388967
Multiple mount changes no longer cause performance drop for clients of the
Previously, when the
autofs program initiated multiple mount changes in a short period of time, services using the
GUnixMountMonitor object caused a high CPU load. This update makes it possible to skip accumulated file change events of the
/proc/mounts file that cannot be handled in real-time. As a result, the CPU load for the clients of
GUnixMountMonitor is lower. (BZ#1154183)
xfreerdp client now works correctly on systems with enabled FIPS mode
Previously, when the
xfreerdp client was used on systems with enabled FIPS mode, it exited unexpectedly due to usage of FIPS non-compliant encryption algorithms. This update ensures that
xfreerdp does not exit unexpectedly when it is used with FIPS mode enabled and that FIPS security encryption method is negotiated. As a result,
xfreerdp now works correctly with the RDP and TLS security protocols on systems with enabled FIPS mode.
However, an error now occurs if the Network Level Authentication (NLA) protocol is required, because its implementation requires FIPS non-compliant algorithms. (BZ#1347920
Chapter 5. Hardware Enablement
Hardware utility tools now correctly identify recently released hardware
Prior to this update, obsolete ID files caused that recently released hardware connected to a computer was reported as unknown. To fix this bug, PCI, USB, and vendor device identification files have been updated. As a result, hardware utility tools now correctly identify recently released hardware. (BZ#1489294)
Chapter 6. Installation and Booting
GRE network interfaces now start correctly
A change introduced in the previous release of Red Hat Enterprise Linux 6 introduced a bug which in some cases caused
to fail to correctly start Generic Routing Encapsulation (GRE) network interfaces. This update provides a fix to
that ensures GRE interfaces start as expected. (BZ#1436061
KSH no longer fails to process
The Korn Shell (*KSH*) is unable to process code where the word
local appears on the same line as an array definition. This previously caused
KSH to fail to source the
/etc/init.d/functions file. This update provides a workaround to the
KSH limitation, and the function file is now being sourced as expected.
may still be unable use some of the functions in
file. This update only allows KSH to not fail during the sourcing of
Kernel dumps are now reliably generated under high memory load
Previously, if a kernel panic occurred under high memory load, a deadlock in some cases occurred and a kernel dump was not generated. This update fixes the
vmalloc_sync_all() function to avoid waiting on a spinlock that may be never released. As a result, the kernel dump is collected correctly. (BZ#1146727)
Runqueues no longer ignore clock updates
Previously, runqueues on systems with overcommitment of CPUs were prone to ignoring clock updates for extended periods of time. As a consequence, the real-time runqueues were limited, which prevented critical tasks and their dependant tasks from running. This update ensures that the runqueues do not ignore clock updates for extended periods of time. As a result, critical tasks and their dependant tasks are able to run in such situations. (BZ#1212959)
dma_pin_iovec_pages() no longer causes the system out of memory
Previously, when the dma_pin_iovec_pages() function requested a large amount of memory but the request failed, it was unable to release the memory that was reserved. As a consequence, the system run out of memory. With this update, dma_pin_iovec_pages() now allocates the full amount of memory correctly and releases the memory when it is not needed. As a result, the described problem no longer occurs. (BZ#1459263)
cgroups deadlock has been fixed
In certain circumstances when using
cgroups, a system deadlock occurred due to a race condition. This update adds a work queue that fixes the race condition, which prevents the deadlock from happening. (BZ#1463754)
Audit of unsuccessful
execve() now works properly
Previously, the audit call in the Linux kernel used the arguments of its parent process when logging arguments of an unsuccessful
execve() system call. As a consequence, audit was able to use pointers to non-mapped addresses, and the process terminated with a segmentation fault. With this update, audit has been fixed to reinstate the check for the failed
execve(). As a result, processes no longer terminate erroneously after unsuccessful
vmcp now successfuly executes
Previously, the kernel memory allocation using the
GFP_DMA flag caused the
vmcp command to fail to execute the
cp command. This update removes the need to use
GFP_DMA and allows the
GFP_KERNEL flag to allocate the kernel memory instead. As a result,
vmcp succeeds to execute
ip6tables services now recognize the security table in the set_policy() function
Previously, when the security table was used, the
services failed to clear correctly the firewall ruleset during the shutdown. As a consequence, an error message was displayed when stopping these services. With this update, both
init scripts recognize but ignore the security table when clearing the firewall ruleset. As a result, the error message is no longer displayed in the described scenario. (BZ#1210563
skbs no longer cause the kernel to crash
Under a rare network condition, the TCP stack created and tried to transmit unusual
socket buffers (skbs). Previously, certain core kernel functions did not support such unusual
skbs. As a consequence, the
BUG() kernel message was displayed, and the kernel terminated unexpectedly. With this update, the relevant function is extended to support such kind of
skbs, and the kernel no longer crashes. (BZ#1274139)
dmesg log no longer displays 'hw csum failure' with inbound IPv6 traffic
Previously, when IPv6 fragments were received, the cxgb4 Network Interface Card (NIC) calculated wrong internet checksum. As a consequence, the kernel reported the 'hw csum failure' error message in the
dmesg system log when receiving a fragmented IPv6 packet. With this update, the hardware checksum calculation happens only when IPv4 fragments are received. If IPv6 fragments are received, the checksum calculation happens in software. As a result, when IPv6 fragments are received,
dmesg no longer displays the error message in the described scenario. (BZ#1427036)
SCTP now selects the right source address
Previously, when using a secondary IPv6 address, Stream Control Transmission Protocol (SCTP) selected the source address based on the best prefix matching with the destination address. As a consequence, in some cases, a packet was sent through an interface with the wrong IPv6 address. With this update, SCTP uses the address that already exists in the routing table for this specific route. As a result, SCTP uses the expected IPv6 address as the source address when secondary addresses are used on a host. (BZ#1445919)
Improved performance of SCTP
Previously, small data chunks caused the Stream Control Transmission Protocol (SCTP) to account the
receiver_window (rwnd) values incorrectly when recovering from a
zero-window situation. As a consequence, window updates were not sent to the peer, and an artificial growth of
rwnd could lead to packet drops. This update properly accounts such small data chunks and ignores the
rwnd pressure values when reopening a window. As a result, window updates are now sent, and the announced
rwnd reflects better the real state of the receive buffer. (BZ#1492220)
The virtio interface now transmits the Ethernet packets correctly
Previously, when a virtio Network Interface Card (NIC) received a short frame from the guest, the virtio interface stop transmitting any Ethernet packets. As a consequence, packets transmitted by the guest never appeared on the hypervisor virtual network (vnet) device. With this update, the kernel drops truncated packets, and the virtio interface transmits the packets correctly. (BZ#1535024)
SSH connections using libica
AES-GCM now work correctly
Previously, unmodified data could be tagged as modified when using decryption with the
AES-GCM cipher suite. As a consequence,
SSH connections could not be established when using
AES-GCM, and with some applications, data encrypted using
AES-GCM could not be decrypted. With this update, the tag is computed from the ciphertext when decrypting and from the plaintext when encrypting. As a result,
SSH connections using
AES-GCM are now successfully established, and it is possible to decrypt data encrypted with
Chapter 10. Servers and Services
Restored performance of 32-bit version of GMP
In a previous update of RHEL 6.9, a performance regression was accidentally introduced to the 32-bit version of the GNU Multiple Precision Arithmetic Library (GMP) for AMD and Intel architecture. As a consequence, the 32-bit version of the GMP suffered marginally decreased performance. A fix has been deployed and GMP peformance has been restored to previous values. (BZ#1430873)
Chapter 20. Deprecated Functionality
This chapter provides an overview of functionality that has been deprecated, or in some cases removed, in all minor releases up to Red Hat Enterprise Linux 6.10.
Deprecated functionality continues to be supported until the end of life of Red Hat Enterprise Linux 6. Deprecated functionality will likely not be supported in future major releases of this product and is not recommended for new deployments. For the most recent list of deprecated functionality within a particular major release, refer to the latest version of release documentation.
Deprecated hardware components are not recommended for new deployments on the current or future major releases. Hardware driver updates are limited to security and critical fixes only. Red Hat recommends replacing this hardware as soon as reasonably feasible.
A package can be deprecated and not recommended for further use. Under certain circumstances, a package can be removed from a product.Product documentation then identifies more recent packages that offer functionality similar, identical, or more advanced to the one deprecated, and provides further recommendations.
TLS compression support has been removed from nss
To prevent security risks, such as the CRIME attack, support for TLS compression in the
NSS library has been removed for all TLS versions. This change preserves the API compatibility.
Changes in public web CAs trust
In addition to the regular trust removals and additions that occur in updated versions of Mozilla's CA list, Mozilla has decided to stop maintaining a part of the CA trust list that the recent versions of Mozilla software no longer require.
All CAs that Mozilla had previously declared as trusted to issue code signing certificates, have had that trust attribute removed.
Because Red Hat provides Mozilla's CA trust list at the operating system level and is used by many applications, some environments might potentially use software that depends on the code signing trust attribute to be set for CAs.
To provide backwards compatibility for applications that require it, the ca-certificates package keeps the code signing trust attribute for several CAs, depending on the
If the default
ca-legacy configuration is active, and if a CA certificate continues to be trusted by Mozilla for issuing server authentication certificates, and that CA had been previously trusted by Mozilla for issuing code signing certificates, then the ca-certificates package configures that CA as still trusted for issuing code signing certificates.
If the system administrator uses the
ca-legacy disable command to disable the legacy compatibility configuration, then the unmodified Mozilla CA list will be used by the system, and none of the CA certificates provided by the ca-certificates package will be trusted for issuing code signing certificates.
Both ipt and xt actions deprecated from iproute
Due to various unresolved issues and design flaws, both ipt and xt actions have been dropped from the iproute in Red Hat Enterprise Linux 6.
- Deprecated device drivers
The following controllers from the
megaraid_sas driver have been deprecated:
Dell PERC5, PCI ID 0x15
SAS1078R, PCI ID 0x60
SAS1078DE, PCI ID 0x7C
SAS1064R, PCI ID 0x411
VERDE_ZCR, PCI ID 0x413
SAS1078GEN2, PCI ID 0x78
The following controllers from the
be2iscsi driver have been deprecated:
BE_DEVICE_ID1, PCI ID 0x212
OC_DEVICE_ID1, PCI ID 0x702
OC_DEVICE_ID2, PCI ID 0x703
Note that other controllers from the mentioned drivers that are not listed here remain unchanged.
Other Deprecated Components
fence_sanlock agent and
checkquorum.wdmd, introduced in Red Hat Enterprise Linux 6.4 as a Technology Preview and providing mechanisms to trigger the recovery of a node using a hardware watchdog device, are considered deprecated.
The openswan packages have been deprecated, and libreswan packages have been introduced as a direct replacement for openswan to provide the VPN endpoint solution. openswan is replaced by libreswan during the system upgrade.
Native KVM support for the S3 (suspend to RAM) and S4 (suspend to disk) power management states has been discontinued. This feature was previously available as a Technology Preview.
zerombr yes Kickstart command is deprecated
In some earlier versions of Red Hat Enterprise Linux, the
zerombr yes command was used to initialize any invalid partition tables during a Kickstart installation. This was inconsistent with the rest of the Kickstart commands due to requiring two words while all other commands require one. Starting with Red Hat Enterprise Linux 6.7, specifying only
zerombr in your Kickstart file is sufficient, and the old two-word form is deprecated.
- Btrfs file system
B-tree file system (Btrfs) is considered deprecated for Red Hat Enterprise Linux 6. Btrfs was previously provided as a Technology Preview, available on AMD64 and Intel 64 architectures.
- eCryptfs file system
eCryptfs file system, which was previously available as a Technology Preview, is considered deprecated for Red Hat Enterprise Linux 6.
Following the deprecation of Matahari packages in Red Hat Enterprise Linux 6.3, at which time the mingw packages were noted as deprecated, and the subsequent removal of Matahari packages from Red Hat Enterprise Linux 6.4, the mingw packages were removed from Red Hat Enterprise Linux 6.6 and later.
The mingw packages are no longer shipped in Red Hat Enterprise Linux 6 minor releases, nor will they receive security-related updates. Consequently, users are advised to uninstall any earlier releases of the mingw packages from their Red Hat Enterprise Linux 6 systems.
virtio-win component, BZ#1001981
The VirtIO SCSI driver is no longer supported on Microsoft Windows Server 2003 platform.
Prior to Red Hat Enterprise Linux 6.5 release, the Red Hat Enterprise Linux High Availability Add-On was considered fully supported on certain VMware ESXi/vCenter versions in combination with the fence_scsi fence agent. Due to limitations in these VMware platforms in the area of SCSI-3 persistent reservations, the
fencing agent is no longer supported on any version of the Red Hat Enterprise Linux High Availability Add-On in VMware virtual machines, except when using iSCSI-based storage. See the Virtualization Support Matrix for High Availability for full details on supported combinations: https://access.redhat.com/site/articles/29440
fence_scsi on an affected combination can contact Red Hat Global Support Services for assistance in evaluating alternative configurations or for additional information.
The Matahari agent framework (matahari-*) packages have been removed from Red Hat Enterprise Linux 6. Focus for remote systems management has shifted towards the use of the CIM infrastructure. This infrastructure relies on an already existing standard which provides a greater degree of interoperability for all users.
The following packages have been deprecated and are subjected to removal in a future release of Red Hat Enterprise Linux 6. These packages will not be updated in the Red Hat Enterprise Linux 6 repositories and customers who do not use the MRG-Messaging product are advised to uninstall them from their system.
Red Hat MRG-Messaging customers will continue to receive updated functionality as part of their regular updates to the product.
The libvirt-qpid is no longer part of the fence-virt package.
The openscap-perl subpackage has been removed from openscap.
Copyright © 2018 Red Hat, Inc.
This document is licensed by Red Hat under the Creative Commons Attribution-ShareAlike 3.0 Unported License
. If you distribute this document, or a modified version of it, you must provide attribution to Red Hat, Inc. and provide a link to the original. If the document is modified, all Red Hat trademarks must be removed.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
Node.js® is an official trademark of Joyent. Red Hat Software Collections is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
The OpenStack® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.
All other trademarks are the property of their respective owners.