7.7 Release Notes

Red Hat Enterprise Linux 7.7 Beta

Release Notes for Red Hat Enterprise Linux 7.7 Beta

Red Hat Customer Content Services

Abstract

The Release Notes provide high-level coverage of the improvements and additions that have been implemented in Red Hat Enterprise Linux 7.7 Beta and document known problems in this release, as well as notable bug fixes, Technology Previews, deprecated functionality, and other details.
This version of the document is provided only as a preview. It is under development and is subject to substantial change. Consider the included information incomplete and use it with caution.

Preface

Red Hat Enterprise Linux (RHEL) minor releases are an aggregation of individual security, enhancement, and bug fix errata. The Red Hat Enterprise Linux 7.7 Beta Release Notes document describes the major changes made to the Red Hat Enterprise Linux 7 operating system and its accompanying applications for this minor release, as well as known problems and a complete list of all currently available Technology Previews.

Capabilities and limits of Red Hat Enterprise Linux 7 as compared to other versions of the system are available in the Red Hat Knowledgebase article available at https://access.redhat.com/articles/rhel-limits.

Packages distributed with this release are listed in Red Hat Enterprise Linux 7 Package Manifest. Migration from Red Hat Enterprise Linux 6 is documented in the Migration Planning Guide.

For information regarding the Red Hat Enterprise Linux life cycle, refer to https://access.redhat.com/support/policy/updates/errata/.

Chapter 1. Overview

Additional resources

  • Capabilities and limits of Red Hat Enterprise Linux 7 as compared to other versions of the system are available in the Knowledgebase article Red Hat Enterprise Linux technology capabilities and limits.
  • Information regarding the Red Hat Enterprise Linux life cycle is provided in the Red Hat Enterprise Linux Life Cycle document.
  • The Package Manifest document provides a package listing for RHEL 7.
  • The Red Hat Insights service, which enables you to proactively identify, examine, and resolve known technical issues, is now available with all RHEL subscriptions. For instructions on how to install the Red Hat Insights client and register your system to the service, see the Red Hat Insights Get Started page.

In-place upgrade

An in-place upgrade offers a way of upgrading a system to a new major release of Red Hat Enterprise Linux by replacing the existing operating system.

Red Hat Customer Portal Labs

Red Hat Customer Portal Labs is a set of tools in a section of the Customer Portal available at https://access.redhat.com/labs/. The applications in Red Hat Customer Portal Labs can help you improve performance, quickly troubleshoot issues, identify security problems, and quickly deploy and configure complex applications. Some of the most popular applications are:

Chapter 2. Architectures

Red Hat Enterprise Linux 7 is available on the following architectures: [1]

  • 64-bit AMD
  • 64-bit Intel
  • IBM POWER7+ (big endian)
  • IBM POWER8 (big endian) [2]
  • IBM POWER8 (little endian) [3]
  • IBM POWER9 (little endian) [4][5]
  • IBM Z [4][6]
  • 64-bit ARM [4]

The Red Hat Enterprise Linux 7.7 Beta updates are available only for these architectures:

  • 64-bit AMD
  • 64-bit Intel
  • IBM POWER7+ (big endian)
  • IBM POWER8 (big endian)
  • IBM POWER8 (little endian)
  • IBM Z (kernel version 3.10)

The following architectures remain fully supported and continue to receive z-stream security and bug fix updates in accordance with the Red Hat Enterprise Linux Life Cycle:

  • IBM POWER9 (little endian)
  • IBM Z - Structure A (kernel version 4.14)
  • 64-bit ARM


[1] Note that the Red Hat Enterprise Linux 7 installation is supported only on 64-bit hardware. Red Hat Enterprise Linux 7 is able to run 32-bit operating systems, including previous versions of Red Hat Enterprise Linux, as virtual machines.
[2] Red Hat Enterprise Linux 7 POWER8 (big endian) are currently supported as KVM guests on Red Hat Enterprise Linux 7 POWER8 systems that run the KVM hypervisor, and on PowerVM.
[3] Red Hat Enterprise Linux 7 POWER8 (little endian) is currently supported as a KVM guest on Red Hat Enterprise Linux 7 POWER8 systems that run the KVM hypervisor, and on PowerVM. In addition, Red Hat Enterprise Linux 7 POWER8 (little endian) guests are supported on Red Hat Enterprise Linux 7 POWER9 systems that run the KVM hypervisor in POWER8-compatibility mode on version 4.14 kernel using the kernel-alt package.
[4] This architecture is supported with the kernel version 4.14, provided by the kernel-alt packages. For details, see the Red Hat Enterprise Linux 7.5 Release Notes.
[5] Red Hat Enterprise Linux 7 POWER9 (little endian) is currently supported as a KVM guest on Red Hat Enterprise Linux 7 POWER9 systems that run the KVM hypervisor on version 4.14 kernel using the kernel-alt package, and on PowerVM.
[6] Red Hat Enterprise Linux 7 for IBM Z (both the 3.10 kernel version and the 4.14 kernel version) is currently supported as a KVM guest on Red Hat Enterprise Linux 7 for IBM Z hosts that run the KVM hypervisor on version 4.14 kernel using the kernel-alt package.

Chapter 3. New Features

This chapter documents new features and major enhancements introduced in Red Hat Enterprise Linux 7.7 Beta.

3.1. Authentication and Interoperability

SSSD now fully supports sudo rules stored in AD

The System Security Services Daemon (SSSD) now fully supports sudo rules stored in Active Directory (AD). This feature was first introduced in Red Hat Enterprise Linux 7.0 as a Technology Preview. Note that the administrator must update the AD schema to support sudo rules.

(BZ#1664447)

ca-certificates rebased to 2.22

The ca-certificates packages have been upgraded to upstream version 2.22, which contains a CA trust list from the Mozilla Firefox 60 browser.

(BZ#1619444)

IdM now provides a utility to promote a CA to a CRL generation master

With this enhancement, administrators can promote an existing Identity Management (IdM) certificate authority (CA) to a certificate revocation list (CRL) generation master or remove this feature from a CA. Previously, multiple manual steps were required to configure an IdM CA as CRL generation master, and the procedure was error-prone. As a result, administrators can now use the ipa-crlgen-manage enable and ipa-crlgen-manage disable commands to enable and disable CRL generation on an IdM CA.

(BZ#1690037)

A command to detect and remove orphaned automember rules has been added to IdM

Automember rules in Identity Management (IdM) can refer to a hostgroup or a group that has been deleted. Previously, the ipa automember-rebuild command failed unexpectedly and it was difficult to diagnose the reason of the failure. This enhancement adds ipa automember-find-orphans to IdM to IdM to identify and remove such orphaned automember rules.

(BZ#1390757)

IdM now supports IP addresses in the SAN extension of certificates

In certain situations, administrators need to issue certificates with an IP address in the Subject Alternative Name (SAN) extension. This update adds this feature. As a result, administrators can set an IP address in the SAN extension if the address is managed in the IdM DNS service and associated with the subject host or service principal.

(BZ#1586268)

IdM now supports renewing expired system certificates when the server is offline

With this enhancement, administrators can renew expired system certificates when Identity Management (IdM) is offline. When a system certificate expires, IdM fails to start. The new 'ipa-cert-fix' command replaces the workaround to manually set the date back to proceed with the renewal process. As a result, the downtime and support costs reduce in the mentioned scenario.

(BZ#1690191)

pki-core rebased to version 10.5.16

The pki-core packages have been upgraded to upstream version 10.5.16, which provides a number of bug fixes and enhancements over the previous version.

(BZ#1633422)

The samba packages have been to version 4.9.1

The samba packages have been upgraded to upstream version 4.9.1, which provides a number of bug fixes and enhancements over the previous version. The most notable changes include:

  • The Clustered Trivial Database (CTDB) configuration has been changed completely. Administrators must now specify parameters for the ctdb service and corresponding utilities in the /etc/ctdb/ctdb.conf file in a format similar to the Samba configuration. For further details, see the ctdb.conf(5) man page. Use the /usr/share/doc/ctdb/examples/config_migrate.sh script to migrate the current configuration.
  • The default values of the following parameters in the /etc/samba/smb.conf file have been changed as follows:

    • map readonly: no
    • store dos attributes: yes
    • ea support: yes
    • full_audit:success: Not set
    • full_audit:failure: Not set
  • The net ads setspn command has been added for managing Windows Service Principal Names (SPN) on Active Directory (AD). This command provides the same basic functionality as the setspn.exe utility on Windows. For example, administrators can use it to add, delete, and list Windows SPNs stored in an AD computer object.
  • The net ads keytab add command no longer attempts to convert the service class passed to the command into a Windows SPN, which is then added to the AD computer object. By default, the command now only updates the keytab file. The new net ads add_update_ads command has been added to preserve the previous behavior. However, administrators should use the new net ads setspn add command instead.

Samba automatically updates its tdb database files when the "smbd", "nmbd", or "winbind" daemon starts. Back up the databases files before starting Samba. Note that Red Hat does not support downgrading tdb database files.

For further information about notable changes, read the upstream release notes before updating: https://www.samba.org/samba/history/samba-4.9.0.html

(BZ#1649434)

3.2. Clustering

Improved status display of fencing actions

The output of the pcs status command now shows failed and pending fence actions.

(BZ#1461964)

3.3. Compiler and Tools

New packages: python3

New python3 packages are available in RHEL 7, which provide the Python 3.6 interpreter, as well as the pip and setuptools utilities. Previously, Python 3 versions were available only as a part of Red Hat Software Collections.

When installing, invoking, or otherwise interacting with Python 3, always specify the major version of Python. For example, to install Python 3, use the yum install python3 command. All Python-related commands should also include the version, for example, pip3.

Note that Python 3 is the default Python implementation in RHEL 8, so it is advisable to migrate your Python 2 code to Python 3. For more information on how to migrate large code bases to Python 3, see The Conservative Python 3 Porting Guide.

(BZ#1597718)

Geolite Databases have been replaced by Geolite2 Databases

With this update, Geolite Databases have been replaced by Geolite2 Databases. Geolite Databases were provided by the GeoIP package. This package together with the legacy database is no longer supported in the upstream.

Geolite2 Databases are provided by multiple packages. The libmaxminddb package includes the library and the mmdblookup command line tool, which enables manual searching of addresses. The geoipupdate binary from the legacy GeoIP package is now provided by the geoipupdate package, and is capable of downloading both legacy databases and the new Geolite2 databases.

(BZ#1643472, BZ#1643470, BZ#1643464)

New packages: compat-sap-c++-8

The compat-sap-c++-8 packages contain the libstdc library named compat-sap-c++-8.so, which is a runtime compatibility library needed for SAP applications. The compat-sap-c++8 packages are based on GCC 8.

(BZ#1669683)

elfutils rebased to version 0.176

The elfutils packages have been upgraded to upstream version 0.176. Notable changes include:

  • Various bugs related to multiple CVEs have been fixed.
  • The libdw library has been extended with the dwelf_elf_begin() function which is a variant of elf_begin() that handles compressed files.
  • The eu-readelf tool now recognizes and prints out GNU Property notes and GNU Build Attribute ELF Notes with the --notes or -n options.
  • A new --reloc-debug-sections-only option has been added to the eu-strip tool to resolve all trivial relocations between debug sections in place without any other stripping. This functionality is relevant only for ET_REL files in certain circumstances.
  • A new function dwarf_next_lines has been added to the libdw library. This function reads .debug_line data without CU.
  • The dwarf_begin_elf function from the libdw library now accepts ELF files containing only .debug_line or .debug_frame sections.

(BZ#1676504)

gcc-libraries rebased to version 8.3.1

The gcc-libraries packages have been updated to upstream version 8.3.1 which brings a number of bug fixes.

(BZ#1551629)

Date formatting updates for the Japanese Reiwa era

The GNU C Library now provides correct Japanese era name formatting for the Reiwa era starting on May 1st, 2019. The time handling API data has been updated, including the data used by the strftime and strptime functions. All APIs will correctly print the Reiwa era including when strftime is used along with one of the era conversion specifiers such as %EC, %EY, or %Ey.

(BZ#1555189)

SystemTap rebased to version 4.0

The SystemTap instrumentation tool has been upgraded to upstream version 4.0. Notable improvements include:

  • The extended Berkeley Packet Filter (eBPF) backend has been improved, especially strings and functions. To use this backend, start SystemTap with the --runtime=bpf option.
  • A new export network service for use with the Prometheus monitoring system has been added.
  • The system call probing implementation has been improved to use the kernel tracepoints if necessary.

(BZ#1669605)

Valgrind rebased to version 3.14

The Valgrind packages have been upgraded to upstream version 3.14, which provides a number of bug fixes and enhancements over the previous version:

  • Valgrind can now process most of the integer and string vector instructions of the IBM Z architecture z13 processor.
  • An option --keep-debuginfo=no|yes has been added to retain debugging information for unloaded code. This allows saved stack traces to include file and line information in more cases. For more information and known limitations, see the Valgrind user manual.
  • The Helgrind tool can now be configured to compute full history stack traces as deltas with the new --delta-stracktrace=yes|no option. As a result, keeping full Helgrind history with the --history-level=full option can be up to 25% faster when --delta-stracktrace=yes is added.
  • False positive rate in the Memcheck tool has been reduced on the AMD64 and 64-bit ARM architectures. Notably, you can use the --expensive-definedness-checks=no|auto|yes option to control analysis for the expensive definedness checks without loss of precision.

(BZ#1519410)

Performance Co-Pilot rebased to version 4.3.2

The Performance Co-Pilot (PCP) has been updated to upstream version 4.3.2. Notable improvements include:

  • The pcp-dstat tool now includes historical analysis and Comma-separated Values (CSV) format output.
  • The log utilities can use metric labels and help text records.
  • The pmdaperfevent tool now reports the correct CPU numbers at the lower Simultaneous Multi Threading (SMT) levels.
  • The pmdapostgresql tool now supports Postgres series 10.x.
  • The pmdaredis tool now supports Redis series 5.x.
  • The pmdabcc tool has been enhanced with dynamic process filtering and per-process syscalls, ucalls, and ustat.
  • The pmdammv tool now exports metric labels, and the format version is increased to 3.
  • The pmdagfs2 tool supports additional glock and glock holder metrics.
  • Several fixes have been made to the SELinux policy.
  • The pmcd utility now supports PMDA suspend and resume (fencing) without configuration changes.
  • Pressure-stall information metrics are now reported.
  • Additional VDO metrics are now reported.
  • The pcp-atop tool now reports statistics for pressure stall information, infiniband, perf_event, and NVIDIA GPUs.
  • The pmlogger and pmie tools can now use systemd timers as an alternative to cron jobs.

(BZ#1647308, BZ#1641161)

ptp4l now supports team interfaces in active-backup mode

With this update, support for team interfaces in active-backup mode has been added into the PTP Boundary/Ordinary Clock (ptp4l).

(BZ#1650672)

linuxptp rebased to version 2.0

The linuxptp packages have been upgraded to upstream version 2.0, which provides a number of bug fixes and enhancements over the previous version.

The most notable features are as follows:

  • Support for unicast messaging has been added
  • Support for telecom G.8275.1 and G.8275.2 profiles has been added
  • Support for the NetSync Monitor (NSM) protocol has been added
  • Implementation of transparent clock (TC) has been added

(BZ#1623919)

The DateTime::TimeZone Perl module is now aware of recent time zone updates

The Olson time zone database has been updated to version 2018i. Previously, applications written in the Perl language that use the DateTime::TimeZone module mishandled time zones that changed their specifications since version 2017b due to the outdated database.

(BZ#1537984)

The trace-cmd packages have been updated to version 2.7

The updated packages provide the latest bug fixes and upstream features. As a result, the Red Hat Enterprise Linux users can now use an up-to-date trace-cmd command.

(BZ#1655111)

vim rebased to version 7.4.629

The vim packages have been upgraded to upstream version 7.4.629, which is in RHEL 6. This version provides a number of bug fixes and enhancements over the previous version.

Notable enhancements include the breakindent feature. For more information about the feature, see :help breakindent in Vim.

(BZ#1563419)

3.4. Desktop

cups-filters updated

The cups-filters packages, distributed in version 1.0.35, have been updated to provide the following enhancements:

  • The cups-browsed daemon, which provides the functionality removed from CUPS since the version 1.5, has been rebased to version 1.13.4, excluding the support for CUPS temporary queues.
  • A new backend, implicitclass, has been introduced to support high availability and load balancing.

(BZ#1485502)

3.5. File Systems

Improved quota reports

The quota tool in non-verbose mode now distinguishes between a file system with no limits and a file system with limits but with no used resources. Previously, none was printed for both use cases, which was confusing.

(BZ#1601109)

3.6. Installation and Booting

The graphical installation program now detects if SMT is enabled

Previously, the RHEL 7 graphical installation program did not detect if Simultaneous Multithreading (SMT) was enabled on a system. With this update, the installation program now detects if SMT is enabled on a system. If it is enabled, a warning message is displayed in the Status bar, which is located at the bottom of the Installation Summary window.

(BZ#1678353)

New --g-libs option for the find-debuginfo.sh script

This update introduces the new --g-libs option for the find-debuginfo.sh script. This new option is an alternative to previous -g option, which instructed the script to remove only debugging symbols from both binary and library files. The new --g-libs option works the same way as -g, but only for library files. The binary files are stripped completely.

(BZ#1663264)

The Image Builder rebased to version 19.7.33 and fully supported

The Image Builder, provided by the lorax-composer package in the RHEL 7 Extras Channel, has been upgraded to version 19.7.33.

Notable changes in this version include:

  • The Image Builder, previously available as Technology Preview, is now fully supported.
  • Cloud images can be built for Amazon Web Services, VMware vSphere, and OpenStack.
  • A Red Hat Content Delivery Network (CDN) repository mirror is no longer needed.
  • You can now set a host name and create users.
  • Boot loader parameters can be set, such as disabling Simultaneous Multi-Threading (SMT) with the nosmt=force option. This is only possible from composer-cli tool on command line.
  • The web console UI can now edit external repositories ("sources").
  • The Image Builder can now run with SElinux in enforcing mode.

To access the Image Builder functionality, use a command-line interface in the composer-cli utility, or a graphical user interface in the RHEL 7 web console from the cockpit-composer package.

(BZ#1713880, BZ#1656105, BZ#1654795, BZ#1689314, BZ#1688335)

3.7. Kernel

Spectre V2 mitigation default changed from IBRS to Retpoline in new installations of RHEL 7.7

The default mitigation for the Spectre V2 vulnerability (CVE-2017-5715) for systems with the 6th Generation Intel Core Processors and its close derivatives [1] has changed from Indirect Branch Restricted Speculation (IBRS) to Retpoline in new installations of RHEL 7.7. Red Hat has implemented this change as a result of Intel’s recommendations to align with the defaults used in the Linux community and to restore lost performance. However, note that using Retpoline in some cases may not fully mitigate Spectre V2. Intel’s Retpoline document [2] describes any cases of exposure. This document also states that the risk of an attack is low.

For installations of RHEL 7.6 and prior, IBRS is still the default mitigation. New installations of RHEL 7.7 and later versions will have "spectre_v2=retpoline" added to the kernel command line. No change will be made for upgrades to RHEL 7.7 from earlier versions of RHEL 7.

Note that users can select which spectre_v2 mitigation will be used. To select Retpoline: a) Add the "spectre_v2=retpoline" flag to the kernel command line, and reboot. b) Alternatively, issue the following command at runtime: "echo 1 > /sys/kernel/debug/x86/retp_enabled"

To select IBRS: a) Remove the "spectre_v2=retpoline" flag from the kernel command line, and reboot. b) Alternatively, issue the following command at runtime: "echo 1 > /sys/kernel/debug/x86/ibrs_enabled"

If one or more kernel modules were not built with Retpoline support, the /sys/devices/system/cpu/vulnerabilities/spectre_v2 file will indicate vulnerability and the /var/log/messages file will identify the offending modules. See link:https://access.redhat.com/solutions/3399691 [How to determine which modules are responsible for spectre_v2 returning "Vulnerable: Retpoline with unsafe module(s)"?] for further information.

[1] "6th generation Intel Core Processors and its close derivatives" are what the Intel’s Retpoline document refers to as "Skylake-generation".

[2] link:https://software.intel.com/security-software-guidance/api-app/sites/default/files/Retpoline-A-Branch-Target-Injection-Mitigation.pdf [Retpoline: A Branch Target Injection Mitigation - White Paper]

(BZ#1653428, BZ#1659626)

PMTU discovery and route redirection is now supported with VXLAN and GENEVE tunnels

Previously, the kernel in Red Hat Enterprise Linux (RHEL) did not handle Internet Control Message Protocol (ICMP) and ICMPv6 messages for Virtual Extensible LAN (VXLAN) and Generic Network Virtualization Encapsulation (GENEVE) tunnels. As a consequence, Path MTU (PMTU) discovery and route redirection was not supported with VXLAN and GENEVE tunnels. With this update, the kernel handles ICMP "Destination Unreachable" and "Redirect Message", as well as ICMPv6 "Packet Too Big" and "Destination Unreachable" error messages by adjusting the PMTU and modifying forwarding information. As a result, PMTU discovery and route redirection are now supported with VXLAN and GENEVE tunnels.

(BZ#1511372)

The IMA and EVM features are now supported on all architectures

The Integrity Measurement Architecture (IMA) and Extended Verification Module (EVM) are now fully supported on all available architectures. In RHEL 7.6, they were supported only on the AMD64 and Intel 64 architecture.

IMA and EVM enable the kernel to check the integrity of files at runtime using labels attached to extended attributes. You can use IMA and EVM to monitor if files have been accidentally or maliciously altered.

The ima-evm-utils package provides userspace utilities to interface between user applications and the kernel features.

(BZ#1636601)

3.8. Real-Time Kernel

kernel-rt source tree now matches the latest RHEL 7 tree

The kernel-rt sources have been upgraded to be based on the latest Red Hat Enterprise Linux kernel source tree, which provides a number of bug fixes and enhancements over the previous version.

(BZ#1642619)

The RHEL 7 kernel-rt timer wheel has been updated to a non-cascading timer wheel

The current timer wheel has been switched to a non-cascading wheel which improves the timer subsystem and reduces the overheads on many operations. With the backport of the non-cascading timer wheel, kernel-rt is very close to the upstream kernel in enabling the backport of future improvements.

(BZ#1593361)

3.9. Networking

rpz-drop now prevents BIND for repetitive resolving of unreachable domain

Berkeley Internet Name Domain (BIND) version 9.10 introduces the rpz-drop policy, which enables to mitigate DNS amplification attacks. Previously, if an attacker generated a lot of queries for an irresolvable domain, BIND was constantly trying to resolve such queries, which caused considerable load on CPU. With rpz-drop, BIND does not process the queries when the target domain is unreachable. This behavior significantly saves CPU capacity.

(BZ#1325789)

bind rebased to version 9.11

The bind packages have been upgraded to upstream version 9.11, which provides a number of bug fixes and enhancements over the previous version:

New features:

  • A new method of provisioning secondary servers called Catalog Zones has been added.
  • Domain Name System Cookies can now be sent by the named service and the dig utility.
  • The Response Rate Limiting feature can now help with mitigation of DNS amplification attacks.
  • Performance of response-policy zone (RPZ) has been improved.
  • A new zone file format called map has been added. Zone data stored in this format can be mapped directly into memory, which enables zones to load significantly faster.
  • A new tool called delv (domain entity lookup and validation) has been added, with dig-like semantics for looking up DNS data and performing internal DNS Security Extensions (DNSSEC) validation.
  • A new mdig command is now available. This command is a version of the`dig` command that sends multiple pipelined queries and then waits for responses, instead of sending one query and waiting for the response before sending the next query.
  • A new prefetch option, which improves the recursive resolver performance, has been added.
  • A new in-view zone option, which allows zone data to be shared between views, has been added. When this option is used, multiple views can serve the same zones authoritatively without storing multiple copies in memory.
  • A new max-zone-ttl option, which enforces maximum TTLs for zones, has been added. When a zone containing a higher TTL is loaded, the load fails. Dynamic DNS (DDNS) updates with higher TTLs are accepted but the TTL is truncated.
  • New quotas have been added to limit queries that are sent by recursive resolvers to authoritative servers experiencing denial-of-service attacks.
  • The nslookup utility now looks up both IPv6 and IPv4 addresses by default.
  • The named service now checks whether other name server processes are running before starting up.
  • When loading a signed zone, named now checks whether a Resource Record Signature’s (RSIG) inception time is in the future, and if so, it regenerates the RRSIG immediately.
  • Zone transfers now use smaller message sizes to improve message compression, which reduces network usage.

Feature changes:

  • The version 3 XML schema for the statistics channel, including new statistics and a flattened XML tree for faster parsing, is provided by the HTTP interface. The legacy version 2 XML schema is still the default format.

(BZ#1640561)

ipset rebased to version 7.1

The ipset packages have been upgraded to upstream version 7.1, which provides a number of bug fixes and enhancements over the previous version:

  • The ipset protocol version 7 introduces the IPSET_CMD_GET_BYNAME and IPSET_CMD_GET_BYINDEX operations. Additionally, the user space component can now detect the exact compatibility level that the kernel component supports.
  • A significant number of bugs have been fixed, such as memory leaks and use-after-free bugs.

(BZ#1649080)

NetworkManager now supports VLAN filtering on bridge interfaces

With this enhancement, administrators can configure virtual LAN (VLAN) filtering on bridge interfaces in the corresponding NetworkManager connection profiles. This enables administrators to define VLANs directly on bridge ports.

(BZ#1652910)

NetworkManager now supports configuring policy routing rules

Previously, users must set up policy routing rules outside of NetworkManager, for example by using the dispatcher script provided by the NetworkManager-dispatcher-routing-rules package. With this update, users can now configure rules as part of a connection profile. As a result, NetworkManager adds the rules when the profile is activated and removes the rules when the profile is deactivated.

(BZ#1652653)

3.10. Security

The nss packages are updated for Firefox 60 ESR

The Network Security Services (NSS) code and Certificate Authority (CA) list have been updated to meet the recommendations as published with the latest Mozilla Firefox Extended Support Release (ESR). The updated CA list improves compatibility with the certificates that are used in the Internet Public Key Infrastructure (PKI).

(BZ#1619443)

SCAP Security Guide supports Universal Base Image

SCAP Security Guide security policies have been enhanced to support Universal Base Image (UBI) containers and UBI images, including ubi-minimal images. This enables configuration compliance scanning of UBI containers and images using the atomic scan command. UBI containers and images can be scanned against any profile shipped in SCAP Security Guide. Only the rules that are relevant to secure configuration of UBI are evaluated, which prevents false positives and produces relevant results. The rules that are not applicable to UBI images and containers are skipped automatically.

(BZ#1695213)

scap-security-guide rebased to version 0.1.43

The scap-security-guide packages have been upgraded to upstream version 0.1.43, which provides a number of bug fixes and enhancements over the previous version, most notably:

  • Minimum supported Ansible version changed to 2.5
  • New RHEL7 profile: VPP - Protection Profile for Virtualization v. 1.0 for Red Hat Enterprise Linux Hypervisor (RHELH)

(BZ#1684545)

tangd_port_t allows changes of the default port for Tang

This update introduces the tangd_port_t SELinux type that allows the tangd service run as confined with SELinux enforcing mode. That change helps to simplify configuring a Tang server to listen on a user-defined port and it also preserves the security level provided by SELinux in enforcing mode.

(BZ#1650909)

shadow-utils rebased to version 4.6

The shadow-utils packages have been upgraded to upstream version 4.6, which provides a number of bug fixes and enhancements over the previous version, most notably the newuidmap and newgidmap commands for manipulating the UID and GID namespace mapping.

(BZ#1498628)

3.11. Servers and Services

chrony rebased to version 3.4

The chrony packages have been upgraded to upstream version 3.4, which provides a number of bug fixes and enhancements over the previous version, notably:

  • The support for hardware time stamping has received improvements.
  • The range of supported polling intervals has been extended.
  • Burst and filter options have been added to NTP sources.
  • A pid file has been moved to prevent the chronyd -q command from breaking the system service.
  • An compatibility with NTPv1 clients has been fixed.

(BZ#1636117)

GNU enscript now supports ISO-8859-15 encoding

With this update, support for ISO-8859-15 encoding has been added into the GNU enscript program.

(BZ#1573876)

ghostscript rebased to version 9.25

The ghostscript packages have been upgraded to upstream version 9.25, which provides a number of bug fixes and enhancements over the previous version.

(BZ#1636115)

tuned rebased to version 2.11

The tuned packages have been upgraded to upstream version 2.11, which provides a number of bug fixes and enhancements over the previous version, notably:

  • Support for boot loader specification (BLS) has been added. (BZ#1576435)
  • The mssql profile has been updated. (BZ#1660178)
  • The virtual-host profile has been updated. (BZ#1569375)
  • A range feature for CPU exclusion has been added. (BZ#1533908)
  • Profile configuration now automatically reloads when the tuned service detects the hang-up signal (SIGHUP). (BZ#1631744)

For full list of changes see the upstream git log: https://github.com/redhat-performance/tuned/commits/v2.11.0

(BZ#1643654)

3.12. Storage

Support for Data Integrity Field/Data Integrity Extension (DIF/DIX)

DIF/DIX is fully supported, provided that the hardware vendor has qualified it and provides full support for the particular HBA and storage array configuration on RHEL. DIF/DIX is not supported on other configurations. It is not supported for use on the boot device, and it is not supported on virtualized guests. Red Hat does not support using ASMLib when DIF/DIX is enabled. DIF/DIX is enabled/disabled at the storage device, which involves various layers up to (and including) the application. The method for activating the DIF on storage devices is device-dependent.

For further information on the DIF/DIX feature, see What is DIF/DIX.

(BZ#1649493)

NVMe/FC is now fully supported with the qla2xxx driver

As of RHEL 7.7, the NVMe over Fibre Channel (NVMe/FC) transport type is now fully supported with Qlogic adapters using the qla2xxx driver.

NVMe/FC is an additional fabric transport type for the Nonvolatile Memory Express (NVMe) protocol, in addition to the Remote Direct Memory Access (RDMA) protocol that was previously introduced in Red Hat Enterprise Linux.

NVMe/FC provides a higher-performance, lower-latency I/O protocol over existing Fibre Channel infrastructure. This is especially important with solid-state storage arrays, because it allows the performance benefits of NVMe storage to be passed through the fabric transport, rather than being encapsulated in a different protocol, SCSI.

Note that since Red Hat Enterprise Linux 7.6, NVMe/FC is fully supported with Broadcom Emulex Fibre Channel 32Gbit adapters using the lpfc driver.

(BZ#1707805)

New scan_lvs configuration setting

A new lvm.conf configuration file setting, scan_lvs, has been added and set to 0 by default. The new default behavior stops LVM from looking for PVs that may exist on top of LVs; that is, it will not scan active LVs for more PVs. The default setting also prevents LVM from creating PVs on top of LVs.

Layering PVs on top of LVs can occur by way of VM images placed on top of LVs, in which case it is not safe for the host to access the PVs. Avoiding this unsafe access is the primary reason for the new default behavior. Also, in environments with many active LVs, the amount of device scanning done by LVM can be significantly decreased.

The previous behavior can be restored by changing this setting to 1.

(BZ#1674563)

3.13. System and Subscription Management

The web console rebased to version 191

The web console, provided by the cockpit packages, has been upgraded to version 191, which provides a number of new features and bug fixes.

With this update, support for the Internet Explorer browser has been removed from the RHEL 7 web console. Attempting to open the web console in Internet Explorer now displays an error screen with a list of recommended browsers that can be used instead.

(BZ#1712833)

3.14. Virtualization

virt-v2v can now convert SUSE Linux VMs

You can now use the virt-v2v utility to convert virtual machines (VMs) that use SUSE Linux Enterprise Server (SLES) and SUSE Linux Enterprise Desktop (SLED) guest operating systems (OSs) from non-KVM hypervisors to KVM.

Note that the conversion is only supported for SLES or SLED guest OSs version 11 Service Pack 4 or later. In addition, SLES 11 and SLED 11 VMs that use X graphics need to be re-adjusted after the conversion for the graphics to work properly. To do so, use the sax2 distribution tool in the guest OS after the migration is finished.

(BZ#1463620)

virt-v2v can now use vmx configuration files to convert VMware guests

The virt-v2v utility now includes the vmx input mode, which enables the user to convert a guest virtual machine from a VMware vmx configuration file. Note that to do this, you also need access to the corresponding VMware storage, for example by mounting the storage using NFS. It is also possible to access the storage using SSH, by adding the -it ssh parameter.

(BZ#1441197)

virt-v2v converts VMWare guests faster and more reliably

The virt-v2v utility can now use the VMWare Virtual Disk Development Kit (VDDK) to convert a VMWare guest virtual machine to a KVM guest. This enables virt-v2v to connect directly to the VMWare ESXi hypervisor, which improves the speed and reliability of the conversion.

Note that this conversion import method requires the external nbdkit utility and its VDDK plug-in.

(BZ#1477912)

virt-v2v can convert UEFI guests for RHV

Using the virt-v2v utility, it is now possible to convert virtual machines that use the UEFI firmware to run in Red Hat Virtualization (RHV).

(BZ#1509931)

virt-v2v removes VMware Tools more reliably

This update makes it more likely that the virt-v2v utility automatically attempts to remove VMware Tools software from a VMware virtual machine that virt-v2v is converting to KVM. Notably, virt-v2v now attempts to remove VMWare Tools in the following scenarios:

  • When converting Windows virtual machines.
  • When VMMware Tools were installed on a Linux virtual machine from a tarball.
  • When WMware Tools were installed as open-vm-tools.

(BZ#1481930)

3.15. Atomic Host and Containers

Red Hat Enterprise Linux Atomic Host is a secure, lightweight, and minimal-footprint operating system optimized to run Linux containers. See the Atomic Host and Containers Release Notes for the latest new features, known issues, and Technology Previews.

3.16. Red Hat Software Collections

Red Hat Software Collections is a Red Hat content set that provides a set of dynamic programming languages, database servers, and related packages that you can install and use on all supported releases of Red Hat Enterprise Linux 7 on AMD64 and Intel 64 architectures, the 64-bit ARM architecture, IBM Z, and IBM POWER, little endian. Certain components are available also for all supported releases of Red Hat Enterprise Linux 6 on AMD64 and Intel 64 architectures.

Red Hat Developer Toolset is designed for developers working on the Red Hat Enterprise Linux platform. It provides current versions of the GNU Compiler Collection, GNU Debugger, and other development, debugging, and performance monitoring tools. Red Hat Developer Toolset is included as a separate Software Collection.

Dynamic languages, database servers, and other tools distributed with Red Hat Software Collections do not replace the default system tools provided with Red Hat Enterprise Linux, nor are they used in preference to these tools. Red Hat Software Collections uses an alternative packaging mechanism based on the scl utility to provide a parallel set of packages. This set enables optional use of alternative package versions on Red Hat Enterprise Linux. By using the scl utility, users can choose which package version they want to run at any time.

Important

Red Hat Software Collections has a shorter life cycle and support term than Red Hat Enterprise Linux. For more information, see the Red Hat Software Collections Product Life Cycle.

See the Red Hat Software Collections documentation for the components included in the set, system requirements, known problems, usage, and specifics of individual Software Collections.

See the Red Hat Developer Toolset documentation for more information about the components included in this Software Collection, installation, usage, known problems, and more.

Chapter 4. Notable Bug Fixes

This chapter describes bugs fixed in Red Hat Enterprise Linux 7.7 Beta that have a significant impact on users.

4.1. Authentication and Interoperability

`krb5' memory caches are now thread-safe

Previously, the memory caches of the Kerberos V5 login program (krb5) were not completely thread-safe. As a consequence, multi-threaded access terminated unexpectedly in some cases. With this update, the memory caches are cleaned up to be more thread-safe. As a result, no more crashes occur.

(BZ#1605756)

krb5 configurations prohibited by FIPS-140-2 can now work again

Previously, Red Hat Enterprise Linux 7.6 build of the Kerberos V5 (krb5) system increased compliance with FIPS-140-2. As a consequence, certain previously permitted configurations that were prohibited by FIPS-140-2 stopped working. With this update, the changes have been reverted, because krb5 only requires to work in FIPS mode, not be FIPS-compliant. As a result, configurations prohibited by FIPS-140-2 can now work again.

Note that Red Hat Enterprise Linux 8 does not support these configurations at the moment.

(BZ#1645711)

SSSD uses the AD LDAP server to retrieve POSIX attributes for initgroup lookups

The SSSD service uses the Active Directory (AD) global catalog (GC) for initgroup lookups, but the POSIX attributes, such as the user home directory or shell, are not replicated to the GC set by default. Consequently, when SSSD requests the POSIX attributes during SSSD lookups, SSSD incorrectly considers the attributes to be removed from the server, because they are not present in the GC, and removes them from the SSSD cache as well. With this update, initgroup lookups now switch between LDAP and GC connection as appropriate, because the AD LDAP server contains the POSIX attributes even without schema modification. As a result, POSIX attributes, such as shell or home directory, are no longer overwritten or missing.

(BZ#1194345)

Changing the shell with ypchsh no longer results in an overwritten password when NIS uses passwd.adjunct

Previously, when the NIS server was set up to support the passwd.adjunct map and the user changed the shell on a NIS client by using the ypchsh command, the yppasswdd daemon overwrote the user’s password hash inside passwd.adjunct with the ##username string. Consequently, the affected user was unable to log in due to a corrupted password hash. This bug has been fixed, and yppasswdd no longer overwrites the user’s password hash while updating the user’s shell information. As a result, the user can successfully log in the new shell after running ypchsh.

(BZ#1624295)

4.2. Compiler and Tools

GDB breakpoint default source file works for symbolic links

Previously, the GDB debugger could not locate the symbol table information for the default source file, if the file was a symbolic link. As a consequence, users could not set breakpoints by omitting the source file name and using the default, such as break 63. This bug has been fixed and users can now use default source files with breakpoints for files behind symbolic links.

(BZ#1639077)

The DNS stub resolver in glibc no longer rejects valid host names, such as hostname-.example.com

The DNS stub resolver in glibc rejected certain valid host names, such as hostname-.example.com, and accepted some invalid names. As a consequence, some host names on the Internet could not be resolved. To fix the problem, the DNS name validation functions, such as res hnok, have been adjusted to match user expectations and specifications more closely. As a result, host names of the form hostname-.example.com can now be resolved successfully if they exist in DNS.

(BZ#1039304)

iconv no longer hangs when converting from certain IBM character sets

Previously, the glibc converters for the IBM930, IBM933, IBM935, IBM937, and IBM393 character sets returned an error and failed to advance to the next input character when they encountered invalid redundant shift sequences. As a consequence, converting from these character sets using the iconv tool with the -c option to discard these characters made the tool unresponsive, because it could not progress beyond the first occurence of a redundant shift sequence. The converters have been modified to accept these sequences and continue correctly. As a result, the conversions mentioned above are now possible.

(BZ#1427734)

iconv can convert between the IBM273 and ISO-8859-1 character sets

Previously, the glibc implementation of the IBM273 character set was not equivalent to the ISO-8859-1 character set. It did not have a representation for the Unicode character MACRON, instead it used the corresponding byte to represent the OVERLINE Unicode character, which has the same visual representation as a MACRON. As a consequence, using the iconv tool provided by glibc to convert IBM273 text containing an OVERLINE character to ISO-8859-1 or ISO-8859-1 text containing a MACRON character to IBM273 resulted in an error during conversion. To fix this bug, the IBM273 character set was made equivalent to the ISO-8859-1 character set by replacing its OVERLINE representation with MACRON. As a result, both character sets now use the MACRON Unicode character, are equivalent, and conversion from one to the other does not lead to an error.

(BZ#1591268)

getifaddrs calls can no longer unexpectedly terminate applications

Previously, the network interface list produced by the getifaddrs function in the glibc library could lack interface names if the interfaces changed in the kernel at the same time. As a consequence, applications using getifaddrs could terminate unexpectedly in such situation. This has been fixed and getifaddrs now makes sure the list is identical to kernel state. As a result, the unexpected termination mentioned above cannot happen.

(BZ#1472832)

Makefiles containing explicit targets before implicit work again

Previously, mixing implicit (pattern) and explicit targets in Makefiles was deprecated. After update to version 3.82, the make build tool returned errors for mixed targets. As a consequence, legacy Makefiles containing mixed targets cound not be used. With this update, make can correctly parse situations where an explicit target is listed before an implicit target. However, implicit targets before explicit targets still result in an error. As a result, certain legacy Makefiles can now be used again without modification.

Note that mixing explicit and implicit targets in Makefiles is deprecated and should not be added to new Makefiles.

(BZ#1582545)

PCP reports all process details on large systems

Previously, the Performance Co-Pilot (PCP) toolkit failed to report certain process details on very large systems in some cases. The code reading the process details files was changed so that it can read data of arbitrary length, instead of only the first 1024 bytes. As a result, the described PCP error can no longer happen.

(BZ#1600262)

strip no longer crashes with certain executable files

Previously, the strip tool contained untrue assumptions about executable file structure. As a consequence, attempting to strip certain executable files could unexpectedly terminate strip. The assumptions about structure have been changed such that this problem can no longer happen and strip works correctly.

(BZ#1644632)

Optimized CPU consumption by libdb

A previous update to the libdb database caused an excessive CPU consumption in the trickle thread. With this update, the CPU usage has been optimized.

(BZ#1608749)

fixfiles no longer incorrectly fails

Previously, the fixfiles script failed if the /etc/selinux/fixfiles_exclude_dirs file contained at least one entry and the /etc/selinux/targeted/contexts/files/file_contexts.local file was not present. With this update, the requirement for existence of /etc/selinux/targeted/contexts/files/file_contexts.local has been removed, and fixfiles now works correctly in the described scenario.

(BZ#1647714)

4.3. Desktop

SystemTap Dyninst backend no longer needs the dyninst-devel package

Previously, the SystemTap Dyninst backend used by the stap --dyninst command did not work when the dyninst-devel package was not installed. As a consequence, SystemTap terminated unexpectedly in this situation, and users had to manually install dyninst-devel and run the ldconfig tool as a workaround. This bug has been fixed and SystemTap Dyninst backend can be used without the mentioned workaround.

(BZ#1498558)

X.org server no longer crashes during fast user switching

Previously, the X.Org X11 qxl video driver did not emulate the leaving virtual terminal event on shutdown. Consequently, the X.Org display server terminated unexpectedly during fast user switching, and the current user session was terminated when switching a user. With this update, qxl has been fixed, and the X.org server no longer crashes during fast user switching.

(BZ#1640918)

4.4. File Systems

Setting disk quota limits over a network works again for users occupying more than 4 GB of space on the network file system

Previously, the setquota utility was unable to handle an occupied space greater than 4 GB when communicating with an NFS server due to an incorrect format of the used disk size. Consequently, when setting disk quota limits for a user exceeding 4 GB of used space on a NFS-mounted file system, setquota failed to perform the operation. This update corrects the conversion of the used disk size to an RPC protocol format, and the described problem no longer occurs.

(BZ#1697605)

4.5. Installation and Booting

NVDIMM commands are added to kickstart script file anaconda-ks.cfg after installation

The installer creates a kickstart script equivalent to the configuration used for installation of the system. This script is stored in the file /root/anaconda-ks.cfg. Previously, when the interactive graphical user interface was used for installation, the nvdimm commands used for configuring Non-Volatile Dual In-line Memory (NVDIMM) devices were not added to this file. This bug has been fixed and the kickstart file now contains the nvdimm commands as expected.

(BZ#1620109)

The graphical installation program no longer permits an invalid passphrase

Previously, when installing RHEL 7 using the graphical installation program, it was possible to leave the passphrase field in the Partitioning Disk Encryption Passphrase dialog box empty, click the Save Passphrase button, and finish your partitioning tasks. As a consequence, partitioning was misconfigured and you had to cancel the disk encryption process or enter a valid passphrase. With this update, the Save Passphrase button is available only when you enter a valid and non-empty passphrase.

(BZ#1489713)

Using the version or inst.version kernel boot parameters no longer stops the installation program

Previously, booting the installation program from the kernel command line using the version or inst.version boot parameters printed the version, for example anaconda 30.25.6, and stopped the installation program.

With this update, the version and inst.version parameters are ignored when the installation program is booted from the kernel command line, and as a result, the installation program is not stopped.

(BZ#1637112)

The RHEL 7.7 graphical installation now displays supported NVDIMM device sector sizes

Previously, when configuring NVDIMM devices using the graphical user interface (GUI), it was possible to enter an unsupported sector size. No warning message was displayed, and as a consequence, a reconfiguration error occurred. With this update, the sector size dialog box contains a drop-down list that displays only the supported sector sizes of 512 and 4096.

(BZ#1614049)

Cancelling a job initiated from cockpit-composer no longer fails

Image build process did not support cancelling an image build. As a consequence, cancelling a job initiated from cockpit-composer GUI using composer-cli compose cancel resulted in a hung compose API server, causing newly queued job builds to not start, and remain in waiting state. To fix the problem, a feature to cancel the Image build process was implemented. As a result, cancelling a job initiated from cockpit-composer no longer fails.

(BZ#1659129)

The rpm command now supports the --setcaps and --restore options

This update introduces the --setcaps and --restore options for the rpm command.

The --setcaps option sets capabilities of files in a required package. The syntax is as follows:

rpm --setcaps _PACKAGE_NAME_

The --restore option restores owner, group, permissions, and capabilities of files in a required package. The syntax is as follows:

rpm --restore _PACKAGE_NAME_

(BZ#1550745)

GRUB 2 regexp command is no longer missing

Previously, the module providing the regexp command for the Grand Unified Bootloader version 2 (GRUB2) was missing in the GRUB2 EFI binary. As a consequence, on UEFI systems with Secure Boot enabled, using regexp failed with the error: can’t find command `regexp` message. With this update, the module providing regexp is included in the GRUB2 EFI binary and works in the described situation.

(BZ#1630678)

4.6. Kernel

Netfilter now supports zero-length CIDR values in certain IP set types

Previously, the kernel rejected a zero-length Classless Inter-domain Routing (CIDR) network mask value in the first and the last parameter in hash:net,port,net and hash:net6,port,net6 IP set types. As a consequence, Netfilter could not match a port against all network destinations. With this update, zero-length CIDR values are allowed in the first and the last parameter of the mentioned IP set types. As a result, administrators can create firewall rules that match a port that is valid for all destinations.

(BZ#1680426)

The intel_pstate driver loads on the Intel Skylake-X systems with HWP disabled

Previously, with the Intel Skylake-X systems, it was impossible to load the intel_pstate driver if Hardware P-States (HWP) were disabled. As a consequence, the kernel defaulted to loading the acpi_cpufreq driver. This update fixes the problem and intel_pstate now loads correctly in the described scenario.

In the event that the user wants to use acpi_cpufreq (not recommended), the solution is to append the intel_pstate=disable parameter to the kernel command line.

(BZ#1698453)

Data corruption no longer occurs on RAID 10 reshape on top of VDO

Previously, RAID 10 reshape (with both LVM and "mdadm") on top of VDO corrupted data. With this fix, the data corruption no longer occurs. However, Stacking RAID 10 (or other RAID types) on top of VDO does not take advantage of the deduplication and compression capabilities of VDO and is not recommended.

(BZ#1528466)

write-behind in RAID1 no longer triggers a kernel panic

Previously, the write-behind mode in the Redundant Array of Independent Disks Mode 1 (RAID1) virtualization technology used the upper layer bio structures. The structures were freed immediately after the bio structures written to bottom layer disks came back. As a consequence, a kernel panic was triggered and the write-behind function could not be used. This update fixes the problem and write-behind can now be used without triggering a kernel panic in the described scenario.

(BZ#1632575)

The kernel now supports destination MAC addresses in bitmap:ipmac, hash:ipmac, and hash:mac IP set types

Previously, the kernel implementation of the bitmap:ipmac, hash:ipmac, and hash:mac IP set types only allowed matching on the source MAC address, while destination MAC addresses could be specified, but were not matched against set entries. As a consequence, administrators could create iptables rules that used a destination MAC address in one of these IP set types, but packets matching the given specification were not actually classified. With this update, the kernel compares the destination MAC address and returns a match if the specified classification corresponds to the destination MAC address of a packet. As a result, rules that match packets against the destination MAC address now work correctly.

(BZ#1607252)

The kdump kernel is now able to boot after a CPU hot add or hot remove operation

When running Red Hat Enterprise Linux 7 on the little-endian variant of IBM Power Systems with kdump enabled, the kdump crash kernel failed to boot if triggered by the kexec system call after a CPU hot add or hot remove operation. This update fixes the bug by utilizing the CPU online and offline events. As a result, kdump kernel manages to boot in the described scenario.

(BZ#1549355)

4.7. Networking

The ipset service can now load sets which depends on other sets

Τhe ipset service saves IP sets (lists of IP addresses) in separate files. In Red Hat Enterprise Linux (RHEL) 7.6, when starting the service, each set was loaded sequentially ignoring dependencies between them. As a consequence, the service failed to load IP sets with dependencies on other sets. With this update, the ipset service creates first all the sets included in the saved configuration, and then adds their entries. As a result, IP sets with dependencies on other sets can now be loaded.

(BZ#1646666)

Error logging in the ipset service has been improved

Previously, the ipset service did not report configuration errors with a meaningful severity in the systemd logs. The severity level for invalid configuration entries was only informational, and the service did not report errors for an unusable configuration. As a consequence, it was difficult for administrators to identify and troubleshoot issues in the ipset service’s configuration. With this update, ipset reports configuration issues as warnings in systemd logs and, if the service fails to start, it logs an entry with the error severity including further details. As a result, it is now easier to troubleshoot issues in the configuration of the ipset service.

(BZ#1649877)

The ipset service now ignores invalid configuration entries during startup

The ipset service stores configurations as sets in separate files. Previously, when the service started, it restored the configuration from all sets in a single operation, without filtering invalid entries that can be inserted by manually editing a set. As a consequence, if a single configuration entry was invalid, the service did not restore further unrelated sets. The problem has been fixed. As a result, the ipset service detects and removes invalid configuration entries during the restore operation, and ignores invalid configuration entries.

(BZ#1650297)

firewalld rebased to version 0.6.3

The firewalld packages have been upgraded to upstream version 0.6.3, which provides a number of bug fixes over the previous version:

  • The firewalld service now only modifies ifcfg files for permanent configuration changes.
  • Untranslated strings in the firewall-config utility have been fixed, which caused that rich rules could not be modified in the UI.
  • The set-log-denied parameter now works correctly when used in combination with the icmp-block-inversion parameter.
  • The firewall-cmd utility now correctly checks the return value of the ipset command.
  • IP forwarding is no longer enabled when using port forwarding and the toaddr parameter is not specified.
  • The shell auto-complete feature no longer constantly asks for authentication.

(BZ#1637204)

4.8. Security

NSS now processes X.509 certificates for use with IPsec correctly

Previously, the NSS library did not properly process X.509 certificates for use with IPsec. As a consequence, if X.509 certificates had non-empty Extended Key Usage (EKU) attributes that did not contain serverAuth and clientAuth attributes, the Libreswan IPsec implementation incorrectly rejected validation of the certificates. With this update, the IPsec profiles in NSS have been fixed, and Libreswan can now accept the described certificates.

(BZ#1212132)

scap-security-guide now correctly skips rules that are not applicable to containers and container images

SCAP Security Guide content can be used to scan containers and container images now. Rules that are not applicable to containers and container images have been marked with a specific CPE identifier. As a result, the evaluation of these rules is skipped automatically, and the result not applicable is reported when scanning containers and container images.

(BZ#1630739)

SCAP Security Guide now correctly checks the dconf configuration

Prior to this update, OVAL (Open Vulnerability and Assessment Language) checks used in the SCAP Security Guide project did not check the dconf binary database. With this update, SCAP Security Guide ensures that the dconf binary database is up-to-date, and the dconf configuration is now checked correctly.

(BZ#1631378)

SELinux now allow gssd_t processes to access kernel keyrings of other processes

Previously, an allow rule for the gssd_t type was missing in the SELinux policy. As a consequence, SELinux in enforcing mode occasionally prevented processes running as gssd_t from accessing kernel keyrings of other processes and could block for example sec=krb5 mounts. The rule has been added to the policy, and processes running as gssd_t are now able to access keyrings of other processes.

(BZ#1487350)

SELinux no longer blocks snapperd from managing all non-security directories

Prior to this update, an allow rule for the snapper daemon (snapperd) was missing in the SELinux policy. Consequently, snapper was not able to create a configuration file on a btrfs volume for a new snapshot with SELinux in enforcing mode. With this update, the missing rule has been added, and SELinux now allows snapperd to manage all non-security directories.

(BZ#1619306)

sudo I/O logging function now works also for SELinux-confined users

Prior to this update of the SELinux policy, rules that allow user domains to use generic pseudoterminal interfaces were missing. As a consequence, the I/O logging function of the sudo utility did not work for SELinux-confined users. The missing rules have been added to the policy, and the I/O logging function no longer fails in the described scenario.

(BZ#1564470)

sudo configured using LDAP now handles sudoRunAsGroup correctly

Previously, the sudo tool configured using LDAP did not correctly handle the case when the sudoRunAsGroup attribute was defined and the sudoRunAsUser attribute was not. As a consequence, the root user was used as the target user. With this update, the handling of sudoRunAsGroup has been fixed to match the behavior documented in the sudoers.ldap(5) man page, and sudo now works properly in the described scenario.

(BZ#1618702)

4.9. Servers and Services

chronyd no longer fails to synchronize with NTP servers after reboot

Previously, when an interface was controlled by network scripts and NetworkManager was enabled at the same time, the chrony NetworkManager dispatcher script switched NTP sources to the offline state on boot. As a consequence, chronyd was prevented from synchronizing the system clock. With this update, the chrony dispatcher script ignores events that are not related to interfaces coming up or down. As a result, chronyd now synchronizes with NTP servers as expected under the described circumstances.

(BZ#1600882)

CUPS no longer denies access if SSSD running on the same server is configured with ignore_group_members = true

When System Security Services Daemon (SSSD) uses the ignore_group_members = true setting in the /etc/sssd/sssd.conf file, the getgrnam() function returns the group structure without group members of groups retrieved by SSSD. This is expected behavior. Previously, CUPS used only getgrnam() to verify if a user is a member of a group. As a consequence, if SSSD was configured with the mentioned setting on a CUPS server that used groups to allow access to the server for members of a group, CUPS denied access to users in these groups. With this update, CUPS now additionally uses the getgrouplist() function, which returns group members even if SSSD is configured with ignore_group_members = true. As a result, CUPS correctly determines access based on group memberships in the mentioned scenario.

(BZ#1570480)

Running dbus-daemon no longer fails to activate a system service

With the rebase of the D-Bus message bus daemon (dbus-daemon) to version 1.10.24, locations of several dbus tools were migrated. The dbus-send executable was moved from the /bin directory to the /usr/bin directory; the dbus-daemon-launch-helper executable was moved from the libdir `directory to the `libexecdir directory. Consequently, if a scriptlet in a package called the dbus-send command to send a message to D-Bus, and triggered a service activation, the activation could fail. With this update, the bug has been fixed by creating compatibility symlinks between the old and new locations of dbus-daemon-launch-helper. As a result, any running instance of dbus-daemon can now call the system bus and activate a system service.

(BZ#1568856)

Teaming in the rescue system works correctly again

Updates provided by the advisory RHBA-2019:0498 fixed several problems in ReaR, affecting complex network configurations. However, in case of teaming, this update introduced another problem. If the team had multiple member interfaces, the team device was not configured correctly in the rescue system. As a consequence, after applying an update provided by RHBA-2019:0498, a work around was needed to preserve the previous behavior. This update fixes the bug in ReaR, and teaming in the rescue system now works correctly.

(BZ#1685166)

Virtual machines now work correctly on RHEL 7 nodes in RHOSP 10

Previously, upgrading a Red Hat Enterprise Linux 7 (RHEL 7) node in Red Hat OpenStack Plaform 10 (RHOSP 10) to a later minor version sometimes caused virtual machines (VMs) hosted on that node to become unable to start. This update fixes how the tuned service configures parameters of the kvm-intel module, which prevents the described problem from occurring.

(BZ#1649408)

4.10. Storage

LVM no longer causes data corruption in the first 128kB of allocatable space of a physical volume

Previously, a bug in the I/O layer of LVM might have caused data corruption in rare cases. The bug could manifest only when the following conditions were true at the same time:

  • A physical volume (PV) was created with a non-default alignment. The default is 1MB.
  • An LVM command was modifying metadata at the tail end of the metadata region of the PV.
  • A user or a file system was modifying the same bytes (racing).

No cases of the data corruption have been reported.

With this update, the problem has been fixed, and LVM can no longer cause data corruption under these conditions.

(BZ#1643651)

System boot is no longer delayed by ndctl

Previously, a udev rule installed by the ndctl package sometimes delayed the system boot process for several minutes on systems with Non-Volatile Dual In-line Memory Module (NVDIMM) devices. In such cases, systemd displayed a message similar to the following:

INFO: task systemd-udevd:1554 blocked for more than 120 seconds.
...
nvdimm_bus_check_dimm_count+0x31/0xa0 [libnvdimm]
...

With this update, ndctl no longer installs the udev rule. As a result, ndctl does not delay the system boot.

(BZ#1635441)

Chapter 5. Technology Previews

This chapter provides a list of all Technology Previews available in Red Hat Enterprise Linux 7.7 Beta.

For information on Red Hat scope of support for Technology Preview features, see Technology Preview Features Support Scope.

5.1. General Updates

The systemd-importd VM and container image import and export service

Latest systemd version now contains the systemd-importd daemon that was not enabled in the earlier build, which caused the machinectl pull-* commands to fail. Note that the systemd-importd daemon is offered as a Technology Preview and should not be considered stable.

(BZ#1284974)

5.2. Authentication and Interoperability

Containerized Identity Management server available as Technology Preview

The rhel7/ipa-server container image is available as a Technology Preview feature. Note that the rhel7/sssd container image is now fully supported.

For details, see Using Containerized Identity Management Services.

(BZ#1405325)

Setting up IdM as a hidden replica is now available as a Technology Preview

This enhancement enables administrators to set up an Identity Management (IdM) replica as a hidden replica. A hidden replica is an IdM server that has all services running and available. However, it is not advertised to other clients or masters because no SRV records exist for the services in DNS, and LDAP server roles are not enabled. Therefore, clients cannot use service discovery to detect hidden replicas.

Hidden replicas are primarily designed for dedicated services that can otherwise disrupt clients. For example, a full backup of IdM requires to shut down all IdM services on the master or replica. Since no clients use a hidden replica, administrators can temporarily shut down the services on this host without affecting any clients. Other use cases include high-load operations on the IdM API or the LDAP server, such as a mass import or extensive queries.

To install a new hidden replica, use the ipa-replica-install --hidden-replica command. To change the state of an existing replica, use the ipa server-state command.

(BZ#1518939)

DNSSEC available as Technology Preview in IdM

Identity Management (IdM) servers with integrated DNS now support DNS Security Extensions (DNSSEC), a set of extensions to DNS that enhance security of the DNS protocol. DNS zones hosted on IdM servers can be automatically signed using DNSSEC. The cryptographic keys are automatically generated and rotated.

Users who decide to secure their DNS zones with DNSSEC are advised to read and follow these documents:

Note that IdM servers with integrated DNS use DNSSEC to validate DNS answers obtained from other DNS servers. This might affect the availability of DNS zones that are not configured in accordance with recommended naming practices described in the Red Hat Enterprise Linux Networking Guide.

(BZ#1115294)

Identity Management JSON-RPC API available as Technology Preview

An API is available for Identity Management (IdM). To view the API, IdM also provides an API browser as Technology Preview.

In Red Hat Enterprise Linux 7.3, the IdM API was enhanced to enable multiple versions of API commands. Previously, enhancements could change the behavior of a command in an incompatible way. Users are now able to continue using existing tools and scripts even if the IdM API changes. This enables:

  • Administrators to use previous or later versions of IdM on the server than on the managing client.
  • Developers to use a specific version of an IdM call, even if the IdM version changes on the server.

In all cases, the communication with the server is possible, regardless if one side uses, for example, a newer version that introduces new options for a feature.

For details on using the API, see the related Knowlegdebase article.

(BZ#1298286)

Use of AD and LDAP sudo providers

The Active Directory (AD) provider is a back end used to connect to an AD server. Starting with Red Hat Enterprise Linux 7.2, using the AD sudo provider together with the LDAP provider is available as a Technology Preview. To enable the AD sudo provider, add the sudo_provider=ad setting in the [domain] section of the sssd.conf file.

(BZ#1068725)

The Custodia secrets service provider is available as a Technology Preview

As a Technology Preview, you can use Custodia, a secrets service provider. Custodia stores or serves as a proxy for secrets, such as keys or passwords.

For details, see the upstream documentation at http://custodia.readthedocs.io.

Note that since Red Hat Enterprise Linux 7.6, Custodia has been deprecated.

(BZ#1403214)

5.3. Clustering

Heuristics in corosync-qdevice available as a Technology Preview

Heuristics are a set of commands executed locally on startup, cluster membership change, successful connect to corosync-qnetd, and, optionally, on a periodic basis. When all commands finish successfully on time (their return error code is zero), heuristics have passed; otherwise, they have failed. The heuristics result is sent to corosync-qnetd where it is used in calculations to determine which partition should be quorate.

(BZ#1413573)

New fence-agents-heuristics-ping fence agent

As a Technology Preview, Pacemaker now supports the fence_heuristics_ping agent. This agent aims to open a class of experimental fence agents that do no actual fencing by themselves but instead exploit the behavior of fencing levels in a new way.

If the heuristics agent is configured on the same fencing level as the fence agent that does the actual fencing but is configured before that agent in sequence, fencing issues an off action on the heuristics agent before it attempts to do so on the agent that does the fencing. If the heuristics agent gives a negative result for the off action it is already clear that the fencing level is not going to succeed, causing Pacemaker fencing to skip the step of issuing the off action on the agent that does the fencing. A heuristics agent can exploit this behavior to prevent the agent that does the actual fencing from fencing a node under certain conditions.

A user might want to use this agent, especially in a two-node cluster, when it would not make sense for a node to fence the peer if it can know beforehand that it would not be able to take over the services properly. For example, it might not make sense for a node to take over services if it has problems reaching the networking uplink, making the services unreachable to clients, a situation which a ping to a router might detect in that case.

(BZ#1476401)

The pcs tool now manages bundle resources in Pacemaker

As a Technology Preview starting with Red Hat Enterprise Linux 7.4, Pacemaker supports a special syntax for launching a Docker container with any infrastructure it requires: the bundle. After you have created a Pacemaker bundle, you can create a Pacemaker resource that the bundle encapsulates. For information on Pacemaker support for containers, see https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html-single/high_availability_add-on_reference/.

There is one exception to this feature being Technology Preview: As of RHEL 7.4, Red Hat fully supports the usage of Pacemaker bundles for Red Hat Openstack Platform (RHOSP) deployments.

(BZ#1433016)

New LVM and LVM lock manager resource agents

As a Technology Preview, Red Hat Enterprise Linux 7.6 introduces two new resource agents: lvmlockd and LVM-activate.

The LVM-activate agent provides a choice from multiple methods for LVM management throughout a cluster:

  • tagging: the same as tagging with the existing lvm resource agent
  • clvmd: the same as clvmd with the existing lvm resource agent
  • system ID: a new option for using system ID for volume group failover (an alternative to tagging).
  • lvmlockd: a new option for using lvmlockd and dlm for volume group sharing (an alternative to clvmd).

The new lvmlockd resource agent is used to start the lvmlockd daemon when LVM-activate is configured to use lvmlockd.

For information on the lvmlockd and LVM-activate resource agent, see the PCS help screens for those agents. For information on setting up LVM for use with lvmlockd, see the lvmlockd(8) man page.

(BZ#1513957)

5.4. Desktop

Wayland available as a Technology Preview

The Wayland display server protocol is available in Red Hat Enterprise Linux as a Technology Preview with the dependent packages required to enable Wayland support in GNOME, which supports fractional scaling. Wayland uses the libinput library as its input driver.

The following features are currently unavailable or do not work correctly:

  • Multiple GPU support is not possible at this time.
  • The NVIDIA binary driver does not work under Wayland.
  • The xrandr utility does not work under Wayland due to its different approach to handling, resolutions, rotations, and layout.
  • Screen recording, remote desktop, and accessibility do not always work correctly under Wayland.
  • No clipboard manager is available.
  • It is currently impossible to restart GNOME Shell under Wayland.
  • Wayland ignores keyboard grabs issued by X11 applications, such as virtual machines viewers.

(BZ#1481411)

Fractional Scaling available as a Technology Preview

Starting with Red Hat Enterprise Linux 7.5, GNOME provides, as a Technology Preview, fractional scaling to address problems with monitors whose DPI lies in the middle between lo (scale 1) and hi (scale 2).

Due to technical limitations, fractional scaling is available only on Wayland.

(BZ#1481395)

5.5. File Systems

File system DAX is now available for ext4 and XFS as a Technology Preview

Starting with Red Hat Enterprise Linux 7.3, Direct Access (DAX) provides, as a Technology Preview, a means for an application to directly map persistent memory into its address space.

To use DAX, a system must have some form of persistent memory available, usually in the form of one or more Non-Volatile Dual In-line Memory Modules (NVDIMMs), and a file system that supports DAX must be created on the NVDIMM(s). Also, the file system must be mounted with the dax mount option. Then, an mmap of a file on the dax-mounted file system results in a direct mapping of storage into the application’s address space.

(BZ#1274459)

pNFS block layout is now available

As a Technology Preview, Red Hat Enterprise Linux clients can now mount pNFS shares with the block layout feature.

Note that Red Hat recommends using the pNFS SCSI layout instead, which is similar to block layout but easier to use.

(BZ#1111712)

OverlayFS

OverlayFS is a type of union file system. It allows the user to overlay one file system on top of another. Changes are recorded in the upper file system, while the lower file system remains unmodified. This allows multiple users to share a file-system image, such as a container or a DVD-ROM, where the base image is on read-only media. See the Linux kernel documentation for additional information.

OverlayFS remains a Technology Preview under most circumstances. As such, the kernel will log warnings when this technology is activated.

Full support is available for OverlayFS when used with Docker under the following restrictions:

  • OverlayFS is only supported for use as a Docker graph driver. Its use can only be supported for container COW content, not for persistent storage. Any persistent storage must be placed on non-OverlayFS volumes to be supported. Only default Docker configuration can be used; that is, one level of overlay, one lowerdir, and both lower and upper levels are on the same file system.
  • Only XFS is currently supported for use as a lower layer file system.
  • On Red Hat Enterprise Linux 7.3 and earlier, SELinux must be enabled and in enforcing mode on the physical machine, but must be disabled in the container when performing container separation, that is the /etc/sysconfig/docker file must not contain --selinux-enabled. Starting with Red Hat Enterprise Linux 7.4, OverlayFS supports SELinux security labels, and you can enable SELinux support for containers by specifying --selinux-enabled in /etc/sysconfig/docker.
  • The OverlayFS kernel ABI and userspace behavior are not considered stable, and may see changes in future updates.
  • In order to make the yum and rpm utilities work properly inside the container, the user should be using the yum-plugin-ovl packages.

Note that OverlayFS provides a restricted set of the POSIX standards. Test your application thoroughly before deploying it with OverlayFS.

Note that XFS file systems must be created with the -n ftype=1 option enabled for use as an overlay. With the rootfs and any file systems created during system installation, set the --mkfsoptions=-n ftype=1 parameters in the Anaconda kickstart. When creating a new file system after the installation, run the # mkfs -t xfs -n ftype=1 /PATH/TO/DEVICE command. To determine whether an existing file system is eligible for use as an overlay, run the # xfs_info /PATH/TO/DEVICE | grep ftype command to see if the ftype=1 option is enabled.

There are also several known issues associated with OverlayFS in this release. For details, see Non-standard behavior in the Linux kernel documentation.

(BZ#1206277)

Btrfs file system

The B-Tree file system, Btrfs, is available as a Technology Preview in Red Hat Enterprise Linux 7.

Red Hat Enterprise Linux 7.4 introduced the last planned update to this feature. Btrfs has been deprecated, which means Red Hat will not be moving Btrfs to a fully supported feature and it will be removed in a future major release of Red Hat Enterprise Linux.

(BZ#1477977)

5.6. Hardware Enablement

LSI Syncro CS HA-DAS adapters

Red Hat Enterprise Linux 7.1 included code in the megaraid_sas driver to enable LSI Syncro CS high-availability direct-attached storage (HA-DAS) adapters. While the megaraid_sas driver is fully supported for previously enabled adapters, the use of this driver for Syncro CS is available as a Technology Preview. Support for this adapter is provided directly by LSI, your system integrator, or system vendor. Users deploying Syncro CS on Red Hat Enterprise Linux 7.2 and later are encouraged to provide feedback to Red Hat and LSI.

(BZ#1062759)

tss2 enables TPM 2.0 for IBM Power LE

The tss2 package adds IBM implementation of a Trusted Computing Group Software Stack (TSS) 2.0 as a Technology Preview for the IBM Power LE architecture. This package enables users to interact with TPM 2.0 devices.

(BZ#1384452)

The ibmvnic device driver available as a Technology Preview

Since Red Hat Enterprise Linux 7.3, the IBM Virtual Network Interface Controller (vNIC) driver for IBM POWER architectures, ibmvnic, has been available as a Technology Preview. vNIC is a PowerVM virtual networking technology that delivers enterprise capabilities and simplifies network management. It is a high-performance, efficient technology that when combined with SR-IOV NIC provides bandwidth control Quality of Service (QoS) capabilities at the virtual NIC level. vNIC significantly reduces virtualization overhead, resulting in lower latencies and fewer server resources, including CPU and memory, required for network virtualization.

In Red Hat Enterprise Linux 7.6, the ibmvnic driver was upgraded to version 1.0, which provides a number of bug fixes and enhancements over the previous version. Notable changes include:

  • The code that previously requested error information has been removed because no error ID is provided by the Virtual Input-Output (VIOS) Server.
  • Error reporting has been updated with the cause string. As a result, during a recovery, the driver classifies the string as a warning rather than an error.
  • Error recovery on a login failure has been fixed.
  • The failed state that occurred after a failover while migrating Logical Partitioning (LPAR) has been fixed.
  • The driver can now handle all possible login response return values.
  • A driver crash that happened during a failover or Link Power Management (LPM) if the Transmit and Receive (Tx/Rx) queues have changed has been fixed.

(BZ#1519746)

Aero adapters available as a Technology Preview

The following Aero adapters are available as a Technology Preview:

  • PCI ID 0x1000:0x00e2 and 0x1000:0x00e6, controlled by the mpt3sas driver
  • PCI ID 0x1000:Ox10e5 and 0x1000:0x10e6, controlled by the megaraid_sas driver

(BZ#1660791, BZ#1660289)

5.7. Kernel

eBPF system call for tracing

Red Hat Enterprise Linux 7.6 introduces the Extended Berkeley Packet Filter tool (eBPF) as a Technology Preview. This tool is enabled only for the tracing subsystem. For details, see the related Red Hat Knowledgebase article.

(BZ#1559615)

Heterogeneous memory management included as a Technology Preview

Red Hat Enterprise Linux 7.3 introduced the heterogeneous memory management (HMM) feature as a Technology Preview. This feature has been added to the kernel as a helper layer for devices that want to mirror a process address space into their own memory management unit (MMU). Thus a non-CPU device processor is able to read system memory using the unified system address space. To enable this feature, add experimental_hmm=enable to the kernel command line.

(BZ#1230959)

kexec as a Technology Preview

The kexec system call has been provided as a Technology Preview. This system call enables loading and booting into another kernel from the currently running kernel, thus performing the function of the boot loader from within the kernel. Hardware initialization, which is normally done during a standard system boot, is not performed during a kexec boot, which significantly reduces the time required for a reboot.

(BZ#1460849)

kexec fast reboot as a Technology Preview

The kexec fast reboot feature, which was introduced in Red Hat Enterprise Linux 7.5, continues to be available as a Technology Preview. kexec fast reboot makes the reboot significantly faster. To use this feature, you must load the kexec kernel manually, and then reboot the operating system.

It is not possible to make kexec fast reboot as the default reboot action. Special case is using kexec fast reboot for Anaconda. It still does not enable to make kexec fast reboot default. However, when used with Anaconda, the operating system can automatically use `kexec fast reboot after the installation is complete in case that user boots kernel with the anaconda option. To schedule a kexec reboot, use the inst.kexec command on the kernel command line, or include a reboot --kexec line in the Kickstart file.

(BZ#1464377)

perf cqm has been replaced by resctrl

The Intel Cache Allocation Technology (CAT) was introduced in Red Hat Enterprise Linux 7.4 as a Technology Preview. However, the perf cqm tool did not work correctly due to an incompatibility between perf infrastructure and Cache Quality of Service Monitoring (CQM) hardware support. Consequently, multiple problems occurred when using perf cqm.

These problems included most notably:

  • perf cqm did not support the group of tasks which is allocated using resctrl
  • perf cqm gave random and inaccurate data due to several problems with recycling
  • perf cqm did not provide enough support when running different kinds of events together (the different events are, for example, tasks, system-wide, and cgroup events)
  • perf cqm provided only partial support for cgroup events
  • The partial support for cgroup events did not work in cases with a hierarchy of cgroup events, or when monitoring a task in a cgroup and the cgroup together
  • Monitoring tasks for the lifetime caused perf overhead
  • perf cqm reported the aggregate cache occupancy or memory bandwidth over all sockets, while in most cloud and VMM-bases use cases the individual per-socket usage is needed

In Red Hat Enterprise Linux 7.5, perf cqm was replaced by the approach based on the resctrl file system, which addressed all of the aforementioned problems.

(BZ#1457533)

TC HW offloading available as a Technology Preview

Starting with Red Hat Enterprise Linux 7.6, Traffic Control (TC) Hardware offloading has been provided as a Technology Preview.

Hardware offloading enables that the selected functions of network traffic processing, such as shaping, scheduling, policing and dropping, are executed directly in the hardware instead of waiting for software processing, which improves the performance.

(BZ#1503123)

AMD xgbe network driver available as a Technology Preview

Starting with Red Hat Enterprise Linux 7.6, the AMD xgbe network driver has been provided as a Technology Preview.

(BZ#1589397)

criu rebased to version 3.5

Red Hat Enterprise Linux 7.2 introduced the criu tool as a Technology Preview. This tool implements Checkpoint/Restore in User-space (CRIU), which can be used to freeze a running application and store it as a collection of files. Later, the application can be restored from its frozen state.

Note that the criu tool depends on Protocol Buffers, a language-neutral, platform-neutral extensible mechanism for serializing structured data. The protobuf and protobuf-c packages, which provide this dependency, were also introduced in Red Hat Enterprise Linux 7.2 as a Technology Preview.

In Red Hat Enterprise Linux 7.7, the criu packages were upgraded to the latest upstream version, which provides support for Podman to do a container checkpoint and restore. The newly added functionality only works without SELinux support.

(BZ#1400230)

5.8. Networking

Cisco usNIC driver

Cisco Unified Communication Manager (UCM) servers have an optional feature to provide a Cisco proprietary User Space Network Interface Controller (usNIC), which allows performing Remote Direct Memory Access (RDMA)-like operations for user-space applications. The libusnic_verbs driver, which is available as a Technology Preview, makes it possible to use usNIC devices via standard InfiniBand RDMA programming based on the Verbs API.

(BZ#916384)

Cisco VIC kernel driver

The Cisco VIC Infiniband kernel driver, which is available as a Technology Preview, allows the use of Remote Directory Memory Access (RDMA)-like semantics on proprietary Cisco architectures.

(BZ#916382)

Trusted Network Connect

Trusted Network Connect, available as a Technology Preview, is used with existing network access control (NAC) solutions, such as TLS, 802.1X, or IPsec to integrate endpoint posture assessment; that is, collecting an endpoint’s system information (such as operating system configuration settings, installed packages, and others, termed as integrity measurements). Trusted Network Connect is used to verify these measurements against network access policies before allowing the endpoint to access the network.

(BZ#755087)

SR-IOV functionality in the qlcnic driver

Support for Single-Root I/O virtualization (SR-IOV) has been added to the qlcnic driver as a Technology Preview. Support for this functionality will be provided directly by QLogic, and customers are encouraged to provide feedback to QLogic and Red Hat. Other functionality in the qlcnic driver remains fully supported.

(BZ#1259547)

The flower classifier with off-loading support

flower is a Traffic Control (TC) classifier intended to allow users to configure matching on well-known packet fields for various protocols. It is intended to make it easier to configure rules over the u32 classifier for complex filtering and classification tasks. flower also supports the ability to off-load classification and action rules to underlying hardware if the hardware supports it. The flower TC classifier is now provided as a Technology Preview.

(BZ#1393375)

5.9. Red Hat Enterprise Linux System Roles Powered by Ansible

The postfix role of Red Hat Enterprise Linux System Roles as a Technology Preview

Red Hat Enterprise Linux System Roles provides a configuration interface for Red Hat Enterprise Linux subsystems, which makes system configuration easier through the inclusion of Ansible Roles. This interface enables managing system configurations across multiple versions of Red Hat Enterprise Linux, as well as adopting new major releases.

Since Red Hat Enterprise Linux 7.4, the Red Hat Enterprise Linux System Roles packages have been distributed through the Extras channel. For details regarding Red Hat Enterprise Linux System Roles, see https://access.redhat.com/articles/3050101.

Red Hat Enterprise Linux System Roles currently consists of five roles:

  • selinux
  • kdump
  • network
  • timesync
  • postfix

The postfix role has been available as a Technology Preview since Red Hat Enterprise Linux 7.4.

The remaining roles have been fully supported since Red Hat Enterprise Linux 7.6.

(BZ#1439896)

5.10. Security

SECCOMP can be now enabled in libreswan

As a Technology Preview, the seccomp=enabled|tolerant|disabled option has been added to the ipsec.conf configuration file, which makes it possible to use the Secure Computing mode (SECCOMP). This improves the syscall security by whitelisting all the system calls that Libreswan is allowed to execute. For more information, see the ipsec.conf(5) man page.

(BZ#1375750)

pk12util can now import certificates signed with RSA-PSS

The pk12util tool now provides importing a certificate signed with the RSA-PSS algorithm as a Technology Preview.

Note that if the corresponding private key is imported and has the PrivateKeyInfo.privateKeyAlgorithm field that restricts the signing algorithm to RSA-PSS, it is ignored when importing the key to a browser. See https://bugzilla.mozilla.org/show_bug.cgi?id=1413596 for more information.

(BZ#1431210)

Support for certificates signed with RSA-PSS in certutil has been improved

Support for certificates signed with the RSA-PSS algorithm in the certutil tool has been improved. Notable enhancements and fixes include:

  • The --pss option is now documented.
  • The PKCS#1 v1.5 algorithm is no longer used for self-signed signatures when a certificate is restricted to use RSA-PSS.
  • Empty RSA-PSS parameters in the subjectPublicKeyInfo field are no longer printed as invalid when listing certificates.
  • The --pss-sign option for creating regular RSA certificates signed with the RSA-PSS algorithm has been added.

Support for certificates signed with RSA-PSS in certutil is provided as a Technology Preview.

(BZ#1425514)

NSS is now able to verify RSA-PSS signatures on certificates

Since the RHEL 7.5 version of the nss package, the Network Security Services (NSS) libraries provide verifying RSA-PSS signatures on certificates as a Technology Preview. Prior to this update, clients using NSS as the SSL backend were not able to establish a TLS connection to a server that offered only certificates signed with the RSA-PSS algorithm.

Note that the functionality has the following limitations:

  • The algorithm policy settings in the /etc/pki/nss-legacy/rhel7.config file do not apply to the hash algorithms used in RSA-PSS signatures.
  • RSA-PSS parameters restrictions between certificate chains are ignored and only a single certificate is taken into account.

(BZ#1432142)

USBGuard enables blocking USB devices while the screen is locked as a Technology Preview

With the USBGuard framework, you can influence how an already running usbguard-daemon instance handles newly inserted USB devices by setting the value of the "InsertedDevicePolicy" runtime parameter. This functionality is provided as a Technology Preview, and the default choice is to apply the policy rules to figure out whether to authorize the device or not.

See the Blocking USB devices while the screen is locked Knowledgebase article.

(BZ#1480100)

5.11. Storage

Multi-queue I/O scheduling for SCSI

Red Hat Enterprise Linux 7 includes a new multiple-queue I/O scheduling mechanism for block devices known as blk-mq. The scsi-mq package allows the Small Computer System Interface (SCSI) subsystem to make use of this new queuing mechanism. This functionality is provided as a Technology Preview and is not enabled by default. To enable it, add scsi_mod.use_blk_mq=Y to the kernel command line.

Also note that although blk-mq is intended to offer improved performance, particularly for low-latency devices, it is not guaranteed to always provide better performance. Notably, in some cases, enabling scsi-mq can result in significantly deteriorated performance, especially on systems with many CPUs.

(BZ#1109348)

Targetd plug-in from the libStorageMgmt API

Since Red Hat Enterprise Linux 7.1, storage array management with libStorageMgmt, a storage array independent API, has been fully supported. The provided API is stable, consistent, and allows developers to programmatically manage different storage arrays and utilize the hardware-accelerated features provided. System administrators can also use libStorageMgmt to manually configure storage and to automate storage management tasks with the included command-line interface.

The Targetd plug-in is not fully supported and remains a Technology Preview.

(BZ#1119909)

SCSI-MQ as a Technology Preview in the qla2xxx and lpfc drivers

The qla2xxx driver updated in Red Hat Enterprise Linux 7.4 can enable the use of SCSI-MQ (multiqueue) with the ql2xmqsupport=1 module parameter. The default value is 0 (disabled).

The SCSI-MQ functionality is provided as a Technology Preview when used with the qla2xxx or the lpfc drivers.

Note that a recent performance testing at Red Hat with async IO over Fibre Channel adapters using SCSI-MQ has shown significant performance degradation under certain conditions.

(BZ#1414957)

5.12. System and Subscription Management

YUM 4 available as Technology Preview

YUM version 4, a next generation of the YUM package manager, is available as a Technology Preview in the Red Hat Enterprise Linux 7 Extras channel.

YUM 4 is based on the DNF technology and offers the following advantages over the standard YUM 3 used on RHEL 7:

  • Increased performance
  • Support for modular content
  • Well-designed stable API for integration with tooling

To install YUM 4, run the yum install nextgen-yum4 command.

Make sure to install the dnf-plugin-subscription-manager package, which includes the subscription-manager plug-in. This plug-in is required for accessing protected repositories provided by the Red Hat Customer Portal or Red Hat Satellite 6, and for automatic updates of the /etc/yum.repos.d/redhat.repo file.

To manage packages, use the yum4 command and its particular options the same way as the yum command.

For detailed information about differences between the new YUM 4 tool and YUM 3, see Changes in DNF CLI compared to YUM.

(BZ#1461652)

5.13. Virtualization

USB 3.0 support for KVM guests

USB 3.0 host adapter (xHCI) emulation for KVM guests remains a Technology Preview in Red Hat Enterprise Linux 7.

(BZ#1103193)

Select Intel network adapters now support SR-IOV as a guest on Hyper-V

In this update for Red Hat Enterprise Linux guest virtual machines running on Hyper-V, a new PCI passthrough driver adds the ability to use the single-root I/O virtualization (SR-IOV) feature for Intel network adapters supported by the ixgbevf driver. This ability is enabled when the following conditions are met:

  • SR-IOV support is enabled for the network interface controller (NIC)
  • SR-IOV support is enabled for the virtual NIC
  • SR-IOV support is enabled for the virtual switch

The virtual function (VF) from the NIC is attached to the virtual machine.

The feature is currently supported with Microsoft Windows Server 2016.

(BZ#1348508)

No-IOMMU mode for VFIO drivers

As a Technology Preview, this update adds No-IOMMU mode for virtual function I/O (VFIO) drivers. The No-IOMMU mode provides the user with full user-space I/O (UIO) access to a direct memory access (DMA)-capable device without a I/O memory management unit (IOMMU). Note that in addition to not being supported, using this mode is not secure due to the lack of I/O management provided by IOMMU.

(BZ#1299662)

virt-v2v can convert Debian and Ubuntu guests

As a Technology Preview, the virt-v2v utility can now convert Debian and Ubuntu guest virtual machines. Note that the following problems currently occur when performing this conversion:

  • virt-v2v cannot change the default kernel in the GRUB2 configuration, and the kernel configured in the guest is not changed during the conversion, even if a more optimal version of the kernel is available on the guest.
  • After converting a Debian or Ubuntu VMware guest to KVM, the name of the guest’s network interface may change, and thus requires manual configuration.

(BZ#1387213)

GPU-based mediated devices now support the VNC console

As a Technology Preview, the Virtual Network Computing (VNC) console is now available for use with GPU-based mediated devices, such as the NVIDIA vGPU technology. As a result, it is now possible to use these mediated devices for real-time rendering of a virtual machine’s graphical output.

(BZ#1475770)

Open Virtual Machine Firmware

The Open Virtual Machine Firmware (OVMF) is available as a Technology Preview in Red Hat Enterprise Linux 7. OVMF is a UEFI secure boot environment for AMD64 and Intel 64 guests.

(BZ#653382)

Chapter 6. Known Issues

This chapter documents known problems in Red Hat Enterprise Linux 7.7 Beta.

6.1. General Updates

GCC thread sanitizer included in RHEL no longer works

Due to incompatible changes in kernel memory mapping, the thread sanitizer included with the GNU C Compiler (GCC) compiler version in RHEL no longer works. Additionally, the thread sanitizer cannot be adapted to the incompatible memory layout. As a result, it is no longer possible to use the GCC thread sanitizer included with RHEL.

As a workaround, use the version of GCC included in Red Hat Developer Toolset to build code which uses the thread sanitizer.

(BZ#1569484)

Context variables in SystemTap not always accessible

Generation of debug information in the GCC compiler has some limitations. As a consequence, when analyzing the resulting executable files with the SystemTap tool, context variables listed in the form $foo are often inaccessible. To work around this limitation, add the -P option to the $HOME/.systemtap/rc file. This causes SystemTap to always select prologue-searching heuristics. As a result, some of the context variables can become accessible.

(BZ#1714480)

6.2. Compiler and Tools

ksh with the KEYBD trap mishandles multibyte characters

The Korn Shell (KSH) is unable to correctly handle multibyte characters when the KEYBD trap is enabled. Consequently, when the user enters, for example, Japanese characters, ksh displays an incorrect string. To work around this problem, disable the KEYBD trap in the /etc/kshrc file by commenting out the following line:

trap keybd_trap KEYBD

For more details, see a related Knowledgebase solution.

(BZ#1503922)

6.3. Desktop

Gnome Documents cannot display some documents when installed without LibreOffice

Gnome Documents uses libraries provided by the LibreOffice suite for rendering certain types of documents, such as OpenDocument Text or Open Office XML formats. However, the required libreoffice-filters libraries are missing from the dependency list of the gnome-documents package. Therefore, if you install Gnome Documents on a system that does not have LibreOffice, these document types cannot be rendered.

To work around this problem, install the libreoffice-filters package manually, even if you do not plan to use LibreOffice itself.

(BZ#1695699)

GNOME Software cannot install packages from unsigned repositories

GNOME Software cannot install packages from repositories that have the following setting in the *.repo file:

gpgcheck=0

If you attempt to install a package from such repository, GNOME software fails with a generic error. Currently, there is no workaround available.

(BZ#1591270)

Nautilus does not hide icons in the GNOME Classic Session

The GNOME Tweak Tool to show or hide icons in the gnome session, where the icons are hidden by default, is ignored in the GNOME Classic Session. As a result, it is not possible to hide icons in the GNOME Classic Session even though the GNOME Tweak Tool displays this option.

(BZ#1474852)

6.4. Installation and Booting

Red Hat Enterprise Linux 7 Beta releases can not boot with UEFI Secure Boot enabled

Beta releases of Red Hat Enterprise Linux 7 use a kernel signing key which is not recognized by UEFI firmware, which means it is not normally possible to boot with Secure Boot enabled. However, you can install the system with Secure Boot disabled, manually import the key into your system’s firmware, and then enable the setting. The procedure below explains the process.

Note that this only applies to Beta releases of Red Hat Enterprise Linux. The kernel signing keys used in final releases are recognized by most UEFI firmware, making the procedure unnecessary.

  1. In the system’s firmware setup, turn off UEFI Secure Boot, but leave UEFI boot mode enabled. Then install Red Hat Enterprise Linux 7.4 Beta. Caution: Do not switch to legacy BIOS mode to turn off UEFI secure boot - you can not switch UEFI mode back on and still boot the system if you first install in legacy mode.
  2. Install the kernel-doc package if it is not already installed.

    # yum install kernel-doc

    The package provides a certificate file that contains the Red Hat CA public Beta key in the file /usr/share/doc/kernel-keys/<kernel-ver>/kernel-signing-ca.cer, where <kernel-ver> is the kernel version string without the platform architecture suffix, for example, 3.10.0-686.el7.

  3. Manually request enrollment of the public key to the Machine Owner Key (MOK) list on the system using the mokutil utility. Run the following commands as root:

    # kr=$(uname -r)
    # mokutil --import /usr/share/doc/kernel-keys/${kr%.$(uname -p)}/kernel-signing-ca.cer

    You will be asked to supply a password for the enrollment request.

  4. On the next boot of the system, you will be prompted on the system console to complete the enrollment of the MOK request. You will need to respond to the prompts and supply the password that you provided to mokutil in the previous step.
  5. When you complete the MOK enrollment, the system will be reset and will reboot. You can re-enable UEFI Secure Boot on that reboot, or on any subsequent reboot of the system.

(BZ#1456652)

6.5. Kernel

RHEL 7 virtual machines sometimes fail to boot on ESXi 5.5

When running Red Hat Enterprise Linux 7 guests with 12 GB RAM or above on a VMware ESXi 5.5 hypervisor, certain components currently initialize with incorrect memory type range register (MTRR) values or incorrectly reconfigure MTRR values across boots. This sometimes causes the guest kernel to panic or the guest to become unresponsive during boot.

To work around this problem, add the disable_mtrr_trim option to the guest’s kernel command line, which enables the guest to continue booting when MTRRs are configured incorrectly. Note that with this option, the guest prints WARNING: BIOS bug messages during boot, which you can safely ignore.

(BZ#1429792)

The i40iw module does not load automatically on boot

Some i40e NICs do not support iWarp and the i40iw module does not fully support suspend and resume operations. Consequently, the i40iw module is not automatically loaded by default to ensure suspend and resume operations work properly. To work around this problem, edit the /lib/udev/rules.d/90-rdma-hw-modules.rules file to enable automated load of i40iw.

Also note that if there is another RDMA device installed with an i40e device on the same machine, the non-i40e RDMA device triggers the rdma service, which loads all enabled RDMA stack modules, including the i40iw module.

(BZ#1622413)

The non-interleaved persistent memory configurations cannot use storage

Previously, systems with persistent memory aligned to 64 MB boundaries, prevented creating of namespaces. As a consequence, the non-interleaved persistent memory configurations in some cases were not able to use storage. To work around this problem, use the interleaved mode for the persistent memory. As a result, most of the storage is available for use, however, with limited fault isolation.

(BZ#1691868)

radeon fails to reset hardware correctly

The radeon kernel driver currently does not reset hardware in the kexec context correctly. Instead, radeon terminates unexpectedly, which causes the rest of the kdump service to fail.

To work around this bug, blacklist radeon in kdump by adding the following line to the /etc/kdump.conf file:

dracut_args --omit-drivers "radeon"

Afterwards, restart the machine and kdump.

Note that in this scenario, no graphics will be available during kdump, but kdump will complete successfully.

(BZ#1509444)

The kdumpctl service fails to load crash kernel if KASLR is enabled

An inappropriate setting of the kptr_restrict kernel tunable causes that contents of the /proc/kcore file are generated as all zeros. As a consequence, the kdumpctl service is not able to access /proc/kcore and to load the crash kernel if Kernel Address Space Layout Randomization (KASLR) is enabled. To work around this problem, keep kptr_restrict set to 1. As a result, kdumpctl is able to load the crash kernel in the described scenario.

For details, refer to the /usr/share/doc/kexec-tools/kexec-kdump-howto.txt file.

(BZ#1600148)

6.6. Networking

Verification of signatures using the MD5 hash algorithm is disabled in Red Hat Enterprise Linux 7

It is impossible to connect to any Wi-Fi Protected Access (WPA) Enterprise Access Point (AP) that requires MD5 signed certificates. To work around this problem, copy the wpa_supplicant.service file from the /usr/lib/systemd/system/ directory to the /etc/systemd/system/ directory and add the following line to the Service section of the file:

Environment=OPENSSL_ENABLE_MD5_VERIFY=1

Then run the systemctl daemon-reload command as root to reload the service file.

Important

Note that MD5 certificates are highly insecure and Red Hat does not recommend using them.

(BZ#1062656)

Booting from a network device fails when the network driver is restarted

Currently, if the boot device is mounted over the network when using iSCSI or Fibre Channel over Ethernet (FCoE), Red Hat Enterprise Linux (RHEL) fails to boot when the underlying network interface driver is restarted.

For example, RHEL restarts the bnx2x network driver when the libvirt service starts its first virtual network and enables IP forwarding. To work around the problem in this specific example, enable IPv4 forwarding earlier in the boot sequence:

# echo 'net.ipv4.ip_forward = 1' > /etc/sysctl.d/90-forwarding.conf
# dracut -f

Note that this workaround works only in the mentioned scenario.

(BZ#1574536)

freeradius might fail when upgrading from RHEL 7.3

A new configuration property, correct_escapes, in the /etc/raddb/radiusd.conf file was introduced in the freeradius version distributed since RHEL 7.4. When an administrator sets correct_escapes to true, the new regular expression syntax for backslash escaping is expected. If correct_escapes is set to false, the old syntax is expected where backslashes are also escaped. For backward compatibility reasons, false is the default value.

When upgrading, configuration files in the /etc/raddb/ directory are overwritten unless modified by the administrator, so the value of correct_escapes might not always correspond to which type of syntax is used in all the configuration files. As a consequence, authentication with freeradius might fail.

To prevent the problem from occurring, after upgrading from freeradius version 3.0.4 (distributed with RHEL 7.3) and earlier, make sure all configuration files in the /etc/raddb/ directory use the new escaping syntax (no double backslash characters can be found) and that the value of correct_escapes in /etc/raddb/radiusd.conf is set to true.

For more information and examples, see the solution Authentication with Freeradius fails since upgrade to version >= 3.0.5.

(BZ#1489758)

RHEL 7 shows the status of an 802.3ad bond as "Churned" after a switch was unavailable for an extended period of time

Currently, when you configure an 802.3ad network bond and the switch is down for an extended period of time, Red Hat Enterprise Linux properly shows the status of the bond as "Churned", even after the connection returns to a working state. However, this is the intended behavior, as the "Churned" status aims to tell the administrator that a significant link outage occurred. To clear this status, restart the network bond or reboot the host.

(BZ#1708807)

Using client-identifier leads to IP address conflict

If the client-identifier option is used, certain network switches ignore the ciaddr field of a dynamic host configuration protocol (DHCP) request. Consequently, the same IP address is assigned to multiple clients, which leads to an IP address conflict. To work around the problem, include the following line in the dhclient.conf file:

send dhcp-client-identifier = "";

As a result, the IP address conflict does not occur under the described circumstances.

(BZ#1193799)

6.7. Security

Libreswan does not work properly with seccomp=enabled on all configurations

The set of allowed syscalls in the Libreswan SECCOMP support implementation is currently not complete. Consequently, when SECCOMP is enabled in the ipsec.conf file, the syscall filtering rejects even syscalls needed for the proper functioning of the pluto daemon; the daemon is killed, and the ipsec service is restarted.

To work around this problem, set the seccomp= option back to the disabled state. SECCOMP support must remain disabled to run ipsec properly.

(BZ#1544463)

OpenSCAP inadvertently accesses remote file systems

The OpenSCAP scanner cannot correctly detect whether the scanned file system is a mounted remote file system or a local file system, and the detection part contains also other bugs. Consequently, the scanner reads mounted remote file systems even if an evaluated rule applies to a local file-system only, and it might generate unwanted traffic on remote file systems.

To work around this problem, unmount remote file systems before scanning. Another option is to exclude affected rules from the evaluated profile by providing a tailoring file.

(BZ#1694962)

6.8. Servers and Services

mysql-connector-java does not work with MySQL 8.0

The mysql-connector-java database connector provided in RHEL 7 does not work with the MySQL 8.0 database server. To work around this problem, use the rh-mariadb103-mariadb-java-client database connector from Red Hat Software Collections.

(BZ#1646363)

Harmless error messages occur when a Tuned profile is loaded

The /usr/lib/sysctl.d/00-system.conf file sets certain sysctl settings, such as net.bridge.bridge-nf-call-ip6tables, net.bridge.bridge-nf-call-iptables, or net.bridge.bridge-nf-call-arptables, which are unavailable on some systems. The Tuned daemon treats this as a configuration error. Consequently, the /var/log/tuned/tuned.log file includes multiple error messages, similar to the following:

Failed to set sysctl parameter 'net.bridge.bridge-nf-call-ip6tables' to '0', the parameter does not exist

Such error messages are harmless, so you can safely ignore them. However, to eliminate the errors, you can override the /usr/lib/sysctl.d/00-system.conf file. To do so, make sure the 00-system.conf file exists in any of the following directories: /run/sysctl.d, /etc/sysctl.d, /usr/local/lib/sysctl.d, and that the file does not contain the above mentioned settings.

(BZ#1714595)

The php-mysqlnd database connector does not work with MySQL 8.0

The default character set has been changed to utf8mb4 in MySQL 8.0 but this character set is unsupported by the php-mysqlnd database connector. Consequently, php-mysqlnd fails to connect in the default configuration. To work around this problem, specify a known character set as a parameter of the MySQL server configuration. For example, modify the /etc/opt/rh/rh-mysql80/my.cnf.d/mysql-server.cnf file to read:

[mysqld]
character-set-server=utf8

(BZ#1646158)

6.9. Storage

The system halts unexpectedly when using scsi-mq with software FCoE

The host system halts unexpectedly when it is configured to use both multiqueue scheduling (scsi-mq) and software Fibre Channel over Ethernet (FCoE) at the same time.

To work around the problem, disable scsi-mq when using software FCoE. As a result, the system no longer crashes.

(BZ#1712664)

6.10. Virtualization

Virtual machines sometimes enable unnecessary CPU vulnerability mitigation

Currently, the MDS_NO CPU flags, which indicate that the CPU is not vulnerable to the Microarchitectural Data Sampling (MDS) vulnerability, are not exposed to guest operating systems. As a consequence, the guest operating system in some cases automatically enables CPU vulnerability mitigation features that are not necessary for the current host.

If the host CPU is known not to be vulnerable to MDS and the virtual machine is not going to be migrated to hosts vulnerable to MDS, MDS vulnerability mitigation can be disabled in Linux guests by using the "mds=off" kernel command-line option. Note, however, that this option disables all MDS mitigations on the guest. Therefore, it should be used with care and should never be used if the host CPU is vulnerable to MDS.

(BZ#1708465)

Modifying a RHEL 8 virtual image on a RHEL 7 host sometimes fails

On RHEL 7 hosts, using virtual image manipulation utilities such as guestfish, virt-sysprep, or virt-customize in some cases fails if the utility targets a virtual image that is using a RHEL 8 file system. This is because RHEL 7 is not fully compatible with certain file-system features in RHEL 8.

To work around the problem, you can disable the problematic features when creating the guest file systems using the mkfs utility:

  • For XFS file systems, use the "-m reflink=0" option.
  • For ext4 file systems, use the "-O ^metadata_csum" option.

Alternatively, use a RHEL 8 host instead of a RHEL 7 one, where the affected utilities will work as expected.

(BZ#1667478)

SMT works only on AMD EPYC CPU models

Currently, only the AMD EPYC CPU models support the simultaneous multithreading (SMT) feature. As a consequence, manually enabling the topoext feature when configuring a virtual machine (VM) with a different CPU model causes the VM not to detect the vCPU topology correctly, and the vCPU does not perform as configured. To work around this problem, do not enable topoext manually and do not use the threads vCPU option on AMD hosts unless the host is using the AMD EPYC model

(BZ#1615682)

Chapter 7. Deprecated Functionality

This chapter provides an overview of functionality that has been deprecated in all minor releases of Red Hat Enterprise Linux 7 up to Red Hat Enterprise Linux 7.7 Beta.

Deprecated functionality continues to be supported until the end of life of Red Hat Enterprise Linux 7. Deprecated functionality will likely not be supported in future major releases of this product and is not recommended for new deployments. For the most recent list of deprecated functionality within a particular major release, refer to the latest version of release documentation.

Deprecated hardware components are not recommended for new deployments on the current or future major releases. Hardware driver updates are limited to security and critical fixes only. Red Hat recommends replacing this hardware as soon as reasonably feasible.

A package can be deprecated and not recommended for further use. Under certain circumstances, a package can be removed from a product. Product documentation then identifies more recent packages that offer functionality similar, identical, or more advanced to the one deprecated, and provides further recommendations.

For details regarding differences between RHEL 7 and RHEL 8, see Considerations in adopting RHEL 8.

7.1. Deprecated Packages

The following packages are now deprecated. For details regarding their replacements (if applicable) or availability in an unsupported RHEL 8 repository, see Considerations in adopting RHEL 8.

  • 389-ds-base
  • a2ps
  • AAVMF
  • abrt-addon-python
  • abrt-addon-upload-watch
  • abrt-devel
  • abrt-gui-devel
  • abrt-python
  • abrt-python-doc
  • abrt-retrace-client
  • acpid-sysvinit
  • adcli
  • advancecomp
  • adwaita-icon-theme-devel
  • adwaita-qt-common
  • adwaita-qt4
  • adwaita-qt5
  • agg
  • aic94xx-firmware
  • akonadi
  • akonadi-devel
  • akonadi-mysql
  • alacarte
  • alsa-tools
  • alsa-utils
  • anaconda-widgets-devel
  • ant-antunit
  • ant-antunit-javadoc
  • antlr-C++-doc
  • antlr-python
  • antlr-tool
  • apache-commons-collections-testframework-javadoc
  • apache-commons-configuration
  • apache-commons-configuration-javadoc
  • apache-commons-daemon
  • apache-commons-daemon-javadoc
  • apache-commons-daemon-jsvc
  • apache-commons-dbcp
  • apache-commons-dbcp-javadoc
  • apache-commons-digester
  • apache-commons-digester-javadoc
  • apache-commons-jexl
  • apache-commons-jexl-javadoc
  • apache-commons-pool
  • apache-commons-pool-javadoc
  • apache-commons-validator
  • apache-commons-validator-javadoc
  • apache-commons-vfs
  • apache-commons-vfs-ant
  • apache-commons-vfs-examples
  • apache-commons-vfs-javadoc
  • apache-rat
  • apache-rat-core
  • apache-rat-javadoc
  • apache-rat-plugin
  • apache-rat-tasks
  • apr-util
  • apr-util-nss
  • aqute-bndlib-javadoc
  • args4j
  • args4j-javadoc
  • ark
  • ark-libs
  • arptables
  • asciidoc-latex
  • at-spi
  • at-spi-devel
  • at-spi-python
  • at-sysvinit
  • atlas-static
  • attica
  • attica-devel
  • audiocd-kio
  • audiocd-kio-devel
  • audiocd-kio-libs
  • audiofile
  • audiofile-devel
  • audit-libs-python
  • audit-libs-static
  • authconfig
  • authconfig-gtk
  • authd
  • autogen-libopts-devel
  • automoc
  • autotrace-devel
  • avahi-dnsconfd
  • avahi-glib-devel
  • avahi-gobject-devel
  • avahi-qt3
  • avahi-qt3-devel
  • avahi-qt4
  • avahi-qt4-devel
  • avahi-tools
  • avahi-ui
  • avahi-ui-devel
  • avahi-ui-tools
  • avalon-framework
  • avalon-framework-javadoc
  • avalon-logkit
  • avalon-logkit-javadoc
  • bacula-console-bat
  • bacula-devel
  • bacula-director
  • bacula-traymonitor
  • baekmuk-ttf-batang-fonts
  • baekmuk-ttf-dotum-fonts
  • baekmuk-ttf-fonts-common
  • baekmuk-ttf-fonts-ghostscript
  • baekmuk-ttf-gulim-fonts
  • baekmuk-ttf-hline-fonts
  • base64coder
  • base64coder-javadoc
  • batik
  • batik-demo
  • batik-javadoc
  • batik-rasterizer
  • batik-slideshow
  • batik-squiggle
  • batik-svgpp
  • batik-ttf2svg
  • bcc-devel
  • bcel
  • bind-libs-lite
  • bind-lite-devel
  • bison-devel
  • blas-static
  • blas64-devel
  • blas64-static
  • bltk
  • bluedevil
  • bluedevil-autostart
  • bmc-snmp-proxy
  • bogofilter-bogoupgrade
  • boost-devel
  • boost-mpich-python
  • boost-openmpi-python
  • boost-python
  • bridge-utils
  • brltty-at-spi
  • bsdcpio
  • bsh-demo
  • bsh-utils
  • btrfs-progs
  • btrfs-progs-devel
  • buildnumber-maven-plugin
  • buildnumber-maven-plugin-javadoc
  • bwidget
  • bzr
  • bzr-doc
  • cairo-tools
  • cal10n
  • caribou
  • caribou-antler
  • caribou-devel
  • caribou-gtk2-module
  • caribou-gtk3-module
  • cdi-api-javadoc
  • cdparanoia-static
  • cdrskin
  • ceph-common
  • check-static
  • cheese-libs-devel
  • cifs-utils-devel
  • cim-schema-docs
  • cjkuni-ukai-fonts
  • cjkuni-uming-fonts
  • clutter-gst2-devel
  • clutter-tests
  • cmpi-bindings-pywbem
  • cobertura
  • cobertura-javadoc
  • cockpit-machines-ovirt
  • codehaus-parent
  • codemodel
  • codemodel-javadoc
  • cogl-tests
  • colord-extra-profiles
  • colord-kde
  • compat-cheese314
  • compat-dapl
  • compat-dapl-devel
  • compat-dapl-static
  • compat-dapl-utils
  • compat-db
  • compat-db-headers
  • compat-db47
  • compat-exiv2-023
  • compat-gcc-44
  • compat-gcc-44-c++
  • compat-gcc-44-gfortran
  • compat-glade315
  • compat-glew
  • compat-glibc
  • compat-glibc-headers
  • compat-gnome-desktop314
  • compat-grilo02
  • compat-libcap1
  • compat-libcogl-pango12
  • compat-libcogl12
  • compat-libcolord1
  • compat-libf2c-34
  • compat-libgdata13
  • compat-libgfortran-41
  • compat-libgnome-bluetooth11
  • compat-libgnome-desktop3-7
  • compat-libgweather3
  • compat-libical1
  • compat-libmediaart0
  • compat-libmpc
  • compat-libpackagekit-glib2-16
  • compat-libstdc++-33
  • compat-libtiff3
  • compat-libupower-glib1
  • compat-libxcb
  • compat-locales-sap-common
  • compat-openldap
  • compat-openmpi16
  • compat-openmpi16-devel
  • compat-opensm-libs
  • compat-poppler022
  • compat-poppler022-cpp
  • compat-poppler022-glib
  • compat-poppler022-qt
  • compat-sap-c++-5
  • compat-sap-c++-6
  • compat-sap-c++-7
  • conman
  • console-setup
  • control-center
  • control-center-filesystem
  • coolkey
  • coolkey-devel
  • coreutils
  • cpptest
  • cpptest-devel
  • cppunit
  • cppunit-devel
  • cppunit-doc
  • cpuid
  • cracklib-python
  • crda-devel
  • createrepo
  • crit
  • criu-devel
  • crypto-utils
  • cryptsetup-python
  • cvs
  • cvs-contrib
  • cvs-doc
  • cvs-inetd
  • cvsps
  • cyrus-imapd-devel
  • Cython
  • dapl
  • dapl-devel
  • dapl-static
  • dapl-utils
  • dbus
  • dbus-doc
  • dbus-python
  • dbus-python-devel
  • dbus-tests
  • dbusmenu-qt
  • dbusmenu-qt-devel
  • dbusmenu-qt-devel-docs
  • debugmode
  • dejagnu
  • dejavu-lgc-sans-fonts
  • dejavu-lgc-sans-mono-fonts
  • dejavu-lgc-serif-fonts
  • deltaiso
  • deltarpm
  • dhclient
  • dhcp
  • dhcp-devel
  • dialog-devel
  • dleyna-connector-dbus-devel
  • dleyna-core-devel
  • dlm-devel
  • dmraid
  • dmraid-devel
  • dmraid-events
  • dmraid-events-logwatch
  • dnssec-trigger
  • docbook-simple
  • docbook-slides
  • docbook-style-dsssl
  • docbook-utils
  • docbook-utils-pdf
  • docbook5-schemas
  • docbook5-style-xsl
  • docbook5-style-xsl-extensions
  • docker-rhel-push-plugin
  • dom4j
  • dom4j-demo
  • dom4j-javadoc
  • dom4j-manual
  • dovecot-pigeonhole
  • dracut
  • dracut-fips
  • dracut-fips-aesni
  • dragon
  • drm-utils
  • drpmsync
  • dstat
  • dtdinst
  • e2fsprogs-static
  • easymock2
  • easymock2-javadoc
  • ebtables
  • ecj
  • edac-utils
  • edac-utils-devel
  • efax
  • efivar-devel
  • egl-utils
  • ekiga
  • ElectricFence
  • emacs-a2ps
  • emacs-a2ps-el
  • emacs-auctex
  • emacs-auctex-doc
  • emacs-common
  • emacs-el
  • emacs-git
  • emacs-git-el
  • emacs-gnuplot
  • emacs-gnuplot-el
  • emacs-libidn
  • emacs-mercurial
  • emacs-mercurial-el
  • emacs-php-mode
  • empathy
  • enchant-aspell
  • enchant-voikko
  • eog-devel
  • epydoc
  • espeak
  • espeak-devel
  • evince-devel
  • evince-dvi
  • evolution-data-server-doc
  • evolution-data-server-perl
  • evolution-data-server-tests
  • evolution-devel
  • evolution-devel-docs
  • evolution-tests
  • expat-static
  • expect-devel
  • expectk
  • farstream
  • farstream-devel
  • farstream-python
  • farstream02-devel
  • fedfs-utils-admin
  • fedfs-utils-client
  • fedfs-utils-common
  • fedfs-utils-devel
  • fedfs-utils-lib
  • fedfs-utils-nsdbparams
  • fedfs-utils-python
  • fedfs-utils-server
  • felix-bundlerepository
  • felix-bundlerepository-javadoc
  • felix-framework
  • felix-framework-javadoc
  • felix-osgi-obr
  • felix-osgi-obr-javadoc
  • felix-shell
  • felix-shell-javadoc
  • fence-sanlock
  • festival
  • festival-devel
  • festival-docs
  • festival-freebsoft-utils
  • festival-lib
  • festival-speechtools-devel
  • festival-speechtools-libs
  • festival-speechtools-utils
  • festvox-awb-arctic-hts
  • festvox-bdl-arctic-hts
  • festvox-clb-arctic-hts
  • festvox-jmk-arctic-hts
  • festvox-kal-diphone
  • festvox-ked-diphone
  • festvox-rms-arctic-hts
  • festvox-slt-arctic-hts
  • file-static
  • filebench
  • filesystem-content
  • finch
  • finch-devel
  • finger
  • finger-server
  • flatpak-devel
  • fltk-fluid
  • fltk-static
  • flute-javadoc
  • folks
  • folks-devel
  • folks-tools
  • fontforge-devel
  • fontpackages-tools
  • fonttools
  • foomatic-filters
  • fop
  • fop-javadoc
  • fprintd-devel
  • freeradius-python
  • freerdp
  • freerdp-devel
  • freerdp-libs
  • freerdp-plugins
  • freetype-demos
  • fros
  • fros-gnome
  • fros-recordmydesktop
  • fuse
  • fwupd-devel
  • fwupdate-devel
  • gamin-python
  • gavl-devel
  • gcab
  • gcc-gnat
  • gcc-go
  • gcc-objc
  • gcc-objc++
  • gcc-plugin-devel
  • gconf-editor
  • gd-progs
  • gdb
  • gdbm
  • gdk-pixbuf2
  • gdk-pixbuf2-devel
  • gdk-pixbuf2-tests
  • gdm
  • gdm-devel
  • gdm-pam-extensions-devel
  • gedit-devel
  • gedit-plugin-bookmarks
  • gedit-plugin-bracketcompletion
  • gedit-plugin-charmap
  • gedit-plugin-codecomment
  • gedit-plugin-colorpicker
  • gedit-plugin-colorschemer
  • gedit-plugin-commander
  • gedit-plugin-drawspaces
  • gedit-plugin-findinfiles
  • gedit-plugin-joinlines
  • gedit-plugin-multiedit
  • gedit-plugin-smartspaces
  • gedit-plugin-synctex
  • gedit-plugin-terminal
  • gedit-plugin-textsize
  • gedit-plugin-translate
  • gedit-plugin-wordcompletion
  • gedit-plugins
  • gedit-plugins-data
  • gegl-devel
  • geoclue
  • geoclue-devel
  • geoclue-doc
  • geoclue-gsmloc
  • geoclue-gui
  • GeoIP
  • GeoIP-data
  • GeoIP-devel
  • GeoIP-update
  • geronimo-jaspic-spec
  • geronimo-jaspic-spec-javadoc
  • geronimo-jaxrpc
  • geronimo-jaxrpc-javadoc
  • geronimo-jms
  • geronimo-jta
  • geronimo-jta-javadoc
  • geronimo-osgi-support
  • geronimo-osgi-support-javadoc
  • geronimo-saaj
  • geronimo-saaj-javadoc
  • ghostscript
  • ghostscript-chinese
  • ghostscript-chinese-zh_CN
  • ghostscript-chinese-zh_TW
  • ghostscript-cups
  • ghostscript-devel
  • ghostscript-fonts
  • ghostscript-gtk
  • giflib-utils
  • gimp-data-extras
  • gimp-help
  • gimp-help-ca
  • gimp-help-da
  • gimp-help-de
  • gimp-help-el
  • gimp-help-en_GB
  • gimp-help-es
  • gimp-help-fr
  • gimp-help-it
  • gimp-help-ja
  • gimp-help-ko
  • gimp-help-nl
  • gimp-help-nn
  • gimp-help-pt_BR
  • gimp-help-ru
  • gimp-help-sl
  • gimp-help-sv
  • gimp-help-zh_CN
  • git
  • git-bzr
  • git-cvs
  • git-gnome-keyring
  • git-hg
  • git-p4
  • gjs-tests
  • glade
  • glade3
  • glade3-libgladeui
  • glade3-libgladeui-devel
  • glassfish-dtd-parser
  • glassfish-dtd-parser-javadoc
  • glassfish-el-api-javadoc
  • glassfish-fastinfoset
  • glassfish-jaxb
  • glassfish-jaxb-api
  • glassfish-jaxb-javadoc
  • glassfish-jsp
  • glassfish-jsp-javadoc
  • glew
  • glib-networking-tests
  • glibc
  • glibc-common
  • glibc-devel
  • glibc-headers
  • glibc-static
  • gmp
  • gmp-static
  • gnome-backgrounds
  • gnome-clocks
  • gnome-common
  • gnome-contacts
  • gnome-desktop3-tests
  • gnome-devel-docs
  • gnome-dictionary
  • gnome-doc-utils
  • gnome-doc-utils-stylesheets
  • gnome-documents
  • gnome-documents-libs
  • gnome-icon-theme
  • gnome-icon-theme-devel
  • gnome-icon-theme-extras
  • gnome-icon-theme-legacy
  • gnome-icon-theme-symbolic
  • gnome-packagekit
  • gnome-packagekit-common
  • gnome-packagekit-installer
  • gnome-packagekit-updater
  • gnome-python2
  • gnome-python2-bonobo
  • gnome-python2-canvas
  • gnome-python2-devel
  • gnome-python2-gconf
  • gnome-python2-gnome
  • gnome-python2-gnomevfs
  • gnome-session
  • gnome-session-custom-session
  • gnome-settings-daemon-devel
  • gnome-software-devel
  • gnome-system-log
  • gnome-tweak-tool
  • gnome-vfs2
  • gnome-vfs2-devel
  • gnome-vfs2-smb
  • gnome-weather
  • gnome-weather-tests
  • gnote
  • gnu-efi-utils
  • gnu-getopt
  • gnu-getopt-javadoc
  • gnuplot-latex
  • gnuplot-minimal
  • gob2
  • golang
  • gom-devel
  • google-noto-sans-cjk-fonts
  • google-noto-sans-japanese-fonts
  • google-noto-sans-korean-fonts
  • google-noto-sans-simplified-chinese-fonts
  • google-noto-sans-traditional-chinese-fonts
  • gperftools
  • gperftools-devel
  • gperftools-libs
  • gpm-static
  • grantlee
  • grantlee-apidocs
  • grantlee-devel
  • graphviz-graphs
  • graphviz-guile
  • graphviz-java
  • graphviz-lua
  • graphviz-ocaml
  • graphviz-perl
  • graphviz-php
  • graphviz-python
  • graphviz-ruby
  • graphviz-tcl
  • groff-doc
  • groff-perl
  • groff-x11
  • groovy
  • groovy-javadoc
  • grub2
  • grub2-common
  • grub2-ppc-modules
  • grub2-ppc64-modules
  • grub2-tools
  • gsm-tools
  • gsound-devel
  • gssdp-utils
  • gstreamer
  • gstreamer-devel
  • gstreamer-devel-docs
  • gstreamer-plugins-bad-free
  • gstreamer-plugins-bad-free-devel
  • gstreamer-plugins-bad-free-devel-docs
  • gstreamer-plugins-base
  • gstreamer-plugins-base-devel
  • gstreamer-plugins-base-devel-docs
  • gstreamer-plugins-base-tools
  • gstreamer-plugins-good
  • gstreamer-plugins-good-devel-docs
  • gstreamer-python
  • gstreamer-python-devel
  • gstreamer-tools
  • gstreamer1-devel-docs
  • gstreamer1-plugins-bad-free-gtk
  • gstreamer1-plugins-base-devel-docs
  • gstreamer1-plugins-base-tools
  • gstreamer1-plugins-ugly-free-devel
  • gtk-vnc
  • gtk-vnc-devel
  • gtk-vnc-python
  • gtk-vnc2-devel
  • gtk3-devel-docs
  • gtk3-immodules
  • gtk3-tests
  • gtkhtml3
  • gtkhtml3-devel
  • gtksourceview3-tests
  • guava
  • guava-javadoc
  • gucharmap
  • gucharmap-devel
  • gucharmap-libs
  • gupnp-av-devel
  • gupnp-av-docs
  • gupnp-dlna-devel
  • gupnp-dlna-docs
  • gupnp-docs
  • gupnp-igd-python
  • gutenprint
  • gutenprint-devel
  • gutenprint-extras
  • gutenprint-foomatic
  • gvfs-tests
  • gvnc-devel
  • gvnc-tools
  • gvncpulse
  • gvncpulse-devel
  • gwenview
  • gwenview-libs
  • hamcrest
  • hawkey
  • hawkey-devel
  • highcontrast-qt
  • highcontrast-qt4
  • highcontrast-qt5
  • highlight-gui
  • hispavoces-pal-diphone
  • hispavoces-sfl-diphone
  • hmaccalc
  • hpijs
  • hsakmt
  • hsakmt-devel
  • hspell-devel
  • hsqldb
  • hsqldb-demo
  • hsqldb-javadoc
  • hsqldb-manual
  • htdig
  • html2ps
  • http-parser-devel
  • httpunit
  • httpunit-doc
  • httpunit-javadoc
  • i2c-tools
  • i2c-tools-eepromer
  • i2c-tools-python
  • ibus-chewing
  • ibus-pygtk2
  • ibus-qt
  • ibus-qt-devel
  • ibus-qt-docs
  • ibus-rawcode
  • ibus-table-devel
  • ibutils
  • ibutils-devel
  • ibutils-libs
  • icc-profiles-openicc
  • icon-naming-utils
  • im-chooser
  • im-chooser-common
  • ImageMagick
  • ImageMagick-c++
  • ImageMagick-c++-devel
  • ImageMagick-devel
  • ImageMagick-doc
  • ImageMagick-perl
  • imsettings
  • imsettings-devel
  • imsettings-gsettings
  • imsettings-libs
  • imsettings-qt
  • imsettings-xim
  • indent
  • infiniband-diags
  • infiniband-diags-devel
  • infiniband-diags-devel-static
  • infinipath-psm
  • infinipath-psm-devel
  • iniparser
  • iniparser-devel
  • initscripts
  • iok
  • ipa-gothic-fonts
  • ipa-mincho-fonts
  • ipa-pgothic-fonts
  • ipa-pmincho-fonts
  • iperf3-devel
  • iproute
  • iproute-doc
  • ipset-devel
  • ipsilon
  • ipsilon-authform
  • ipsilon-authgssapi
  • ipsilon-authldap
  • ipsilon-base
  • ipsilon-client
  • ipsilon-filesystem
  • ipsilon-infosssd
  • ipsilon-persona
  • ipsilon-saml2
  • ipsilon-saml2-base
  • ipsilon-tools-ipa
  • iptables
  • iputils-sysvinit
  • iscsi-initiator-utils-devel
  • isdn4k-utils
  • isdn4k-utils-devel
  • isdn4k-utils-doc
  • isdn4k-utils-static
  • isdn4k-utils-vboxgetty
  • isomd5sum-devel
  • isorelax
  • istack-commons
  • istack-commons-javadoc
  • ivtv-firmware
  • iwl7260-firmware
  • iwl7265-firmware
  • ixpdimm_sw
  • ixpdimm_sw-devel
  • ixpdimm-cli
  • ixpdimm-monitor
  • jackson
  • jackson-javadoc
  • jai-imageio-core
  • jai-imageio-core-javadoc
  • jakarta-oro
  • jakarta-taglibs-standard
  • jakarta-taglibs-standard-javadoc
  • jandex
  • jandex-javadoc
  • jansson-devel-doc
  • jarjar
  • jarjar-javadoc
  • jarjar-maven-plugin
  • jasper
  • jasper-utils
  • java-1.6.0-openjdk
  • java-1.6.0-openjdk-demo
  • java-1.6.0-openjdk-devel
  • java-1.6.0-openjdk-javadoc
  • java-1.6.0-openjdk-src
  • java-1.7.0-openjdk
  • java-1.7.0-openjdk-accessibility
  • java-1.7.0-openjdk-demo
  • java-1.7.0-openjdk-devel
  • java-1.7.0-openjdk-headless
  • java-1.7.0-openjdk-javadoc
  • java-1.7.0-openjdk-src
  • java-1.8.0-openjdk-accessibility-debug
  • java-1.8.0-openjdk-debug
  • java-1.8.0-openjdk-demo-debug
  • java-1.8.0-openjdk-devel-debug
  • java-1.8.0-openjdk-headless-debug
  • java-1.8.0-openjdk-javadoc-debug
  • java-1.8.0-openjdk-javadoc-zip-debug
  • java-1.8.0-openjdk-src-debug
  • java-11-openjdk-debug
  • java-11-openjdk-demo-debug
  • java-11-openjdk-devel-debug
  • java-11-openjdk-headless-debug
  • java-11-openjdk-javadoc-debug
  • java-11-openjdk-javadoc-zip-debug
  • java-11-openjdk-jmods-debug
  • java-11-openjdk-src-debug
  • javamail
  • javapackages-tools
  • jaxen
  • jboss-annotations-1.1-api
  • jboss-annotations-1.1-api-javadoc
  • jboss-ejb-3.1-api
  • jboss-ejb-3.1-api-javadoc
  • jboss-el-2.2-api
  • jboss-el-2.2-api-javadoc
  • jboss-interceptors-1.1-api
  • jboss-interceptors-1.1-api-javadoc
  • jboss-jaxrpc-1.1-api
  • jboss-jaxrpc-1.1-api-javadoc
  • jboss-servlet-2.5-api
  • jboss-servlet-2.5-api-javadoc
  • jboss-servlet-3.0-api
  • jboss-servlet-3.0-api-javadoc
  • jboss-specs-parent
  • jboss-transaction-1.1-api
  • jboss-transaction-1.1-api-javadoc
  • jdom
  • jettison
  • jettison-javadoc
  • jetty-annotations
  • jetty-ant
  • jetty-artifact-remote-resources
  • jetty-assembly-descriptors
  • jetty-build-support
  • jetty-build-support-javadoc
  • jetty-client
  • jetty-continuation
  • jetty-deploy
  • jetty-distribution-remote-resources
  • jetty-http
  • jetty-io
  • jetty-jaas
  • jetty-jaspi
  • jetty-javadoc
  • jetty-jmx
  • jetty-jndi
  • jetty-jsp
  • jetty-jspc-maven-plugin
  • jetty-maven-plugin
  • jetty-monitor
  • jetty-parent
  • jetty-plus
  • jetty-project
  • jetty-proxy
  • jetty-rewrite
  • jetty-runner
  • jetty-security
  • jetty-server
  • jetty-servlet
  • jetty-servlets
  • jetty-start
  • jetty-test-policy
  • jetty-test-policy-javadoc
  • jetty-toolchain
  • jetty-util
  • jetty-util-ajax
  • jetty-version-maven-plugin
  • jetty-version-maven-plugin-javadoc
  • jetty-webapp
  • jetty-websocket-api
  • jetty-websocket-client
  • jetty-websocket-common
  • jetty-websocket-parent
  • jetty-websocket-server
  • jetty-websocket-servlet
  • jetty-xml
  • jing
  • jing-javadoc
  • jline-demo
  • jna
  • jna-contrib
  • jna-javadoc
  • joda-convert
  • joda-convert-javadoc
  • joda-time
  • joda-time-javadoc
  • js
  • js-devel
  • jsch-demo
  • json-glib-tests
  • jsr-311
  • jsr-311-javadoc
  • juk
  • junit
  • junit-demo
  • jvnet-parent
  • k3b
  • k3b-common
  • k3b-devel
  • k3b-libs
  • kaccessible
  • kaccessible-libs
  • kactivities
  • kactivities-devel
  • kamera
  • kate
  • kate-devel
  • kate-libs
  • kate-part
  • kcalc
  • kcharselect
  • kcm_colors
  • kcm_touchpad
  • kcm-gtk
  • kcolorchooser
  • kcoloredit
  • kde-base-artwork
  • kde-baseapps
  • kde-baseapps-devel
  • kde-baseapps-libs
  • kde-filesystem
  • kde-l10n
  • kde-l10n-Arabic
  • kde-l10n-Basque
  • kde-l10n-Bosnian
  • kde-l10n-British
  • kde-l10n-Bulgarian
  • kde-l10n-Catalan
  • kde-l10n-Catalan-Valencian
  • kde-l10n-Croatian
  • kde-l10n-Czech
  • kde-l10n-Danish
  • kde-l10n-Dutch
  • kde-l10n-Estonian
  • kde-l10n-Farsi
  • kde-l10n-Finnish
  • kde-l10n-Galician
  • kde-l10n-Greek
  • kde-l10n-Hebrew
  • kde-l10n-Hungarian
  • kde-l10n-Icelandic
  • kde-l10n-Interlingua
  • kde-l10n-Irish
  • kde-l10n-Kazakh
  • kde-l10n-Khmer
  • kde-l10n-Latvian
  • kde-l10n-Lithuanian
  • kde-l10n-LowSaxon
  • kde-l10n-Norwegian
  • kde-l10n-Norwegian-Nynorsk
  • kde-l10n-Polish
  • kde-l10n-Portuguese
  • kde-l10n-Romanian
  • kde-l10n-Serbian
  • kde-l10n-Slovak
  • kde-l10n-Slovenian
  • kde-l10n-Swedish
  • kde-l10n-Tajik
  • kde-l10n-Thai
  • kde-l10n-Turkish
  • kde-l10n-Ukrainian
  • kde-l10n-Uyghur
  • kde-l10n-Vietnamese
  • kde-l10n-Walloon
  • kde-plasma-networkmanagement
  • kde-plasma-networkmanagement-libreswan
  • kde-plasma-networkmanagement-libs
  • kde-plasma-networkmanagement-mobile
  • kde-print-manager
  • kde-runtime
  • kde-runtime-devel
  • kde-runtime-drkonqi
  • kde-runtime-libs
  • kde-settings
  • kde-settings-ksplash
  • kde-settings-minimal
  • kde-settings-plasma
  • kde-settings-pulseaudio
  • kde-style-oxygen
  • kde-style-phase
  • kde-wallpapers
  • kde-workspace
  • kde-workspace-devel
  • kde-workspace-ksplash-themes
  • kde-workspace-libs
  • kdeaccessibility
  • kdeadmin
  • kdeartwork
  • kdeartwork-screensavers
  • kdeartwork-sounds
  • kdeartwork-wallpapers
  • kdeclassic-cursor-theme
  • kdegraphics
  • kdegraphics-devel
  • kdegraphics-libs
  • kdegraphics-strigi-analyzer
  • kdegraphics-thumbnailers
  • kdelibs
  • kdelibs-apidocs
  • kdelibs-common
  • kdelibs-devel
  • kdelibs-ktexteditor
  • kdemultimedia
  • kdemultimedia-common
  • kdemultimedia-devel
  • kdemultimedia-libs
  • kdenetwork
  • kdenetwork-common
  • kdenetwork-devel
  • kdenetwork-fileshare-samba
  • kdenetwork-kdnssd
  • kdenetwork-kget
  • kdenetwork-kget-libs
  • kdenetwork-kopete
  • kdenetwork-kopete-devel
  • kdenetwork-kopete-libs
  • kdenetwork-krdc
  • kdenetwork-krdc-devel
  • kdenetwork-krdc-libs
  • kdenetwork-krfb
  • kdenetwork-krfb-libs
  • kdepim
  • kdepim-devel
  • kdepim-libs
  • kdepim-runtime
  • kdepim-runtime-libs
  • kdepimlibs
  • kdepimlibs-akonadi
  • kdepimlibs-apidocs
  • kdepimlibs-devel
  • kdepimlibs-kxmlrpcclient
  • kdeplasma-addons
  • kdeplasma-addons-devel
  • kdeplasma-addons-libs
  • kdesdk
  • kdesdk-cervisia
  • kdesdk-common
  • kdesdk-devel
  • kdesdk-dolphin-plugins
  • kdesdk-kapptemplate
  • kdesdk-kapptemplate-template
  • kdesdk-kcachegrind
  • kdesdk-kioslave
  • kdesdk-kmtrace
  • kdesdk-kmtrace-devel
  • kdesdk-kmtrace-libs
  • kdesdk-kompare
  • kdesdk-kompare-devel
  • kdesdk-kompare-libs
  • kdesdk-kpartloader
  • kdesdk-kstartperf
  • kdesdk-kuiviewer
  • kdesdk-lokalize
  • kdesdk-okteta
  • kdesdk-okteta-devel
  • kdesdk-okteta-libs
  • kdesdk-poxml
  • kdesdk-scripts
  • kdesdk-strigi-analyzer
  • kdesdk-thumbnailers
  • kdesdk-umbrello
  • kdeutils
  • kdeutils-common
  • kdeutils-minimal
  • kdf
  • kernel
  • kernel-debug
  • kernel-rt
  • kernel-rt-debug
  • kernel-rt-doc
  • kernel-rt-trace
  • kernel-rt-trace-devel
  • kernel-rt-trace-kvm
  • kernel-tools
  • kexec-tools
  • kexec-tools-anaconda-addon
  • kexec-tools-eppic
  • keytool-maven-plugin
  • keytool-maven-plugin-javadoc
  • kgamma
  • kgpg
  • kgreeter-plugins
  • khotkeys
  • khotkeys-libs
  • kiconedit
  • kinfocenter
  • kio_sysinfo
  • kmag
  • kmenuedit
  • kmix
  • kmod-oracleasm
  • kolourpaint
  • kolourpaint-libs
  • konkretcmpi
  • konkretcmpi-devel
  • konkretcmpi-python
  • konsole
  • konsole-part
  • kross-interpreters
  • kross-python
  • kross-ruby
  • kruler
  • ksaneplugin
  • kscreen
  • ksnapshot
  • ksshaskpass
  • ksysguard
  • ksysguard-libs
  • ksysguardd
  • ktimer
  • kwallet
  • kwin
  • kwin-gles
  • kwin-gles-libs
  • kwin-libs
  • kwrite
  • kxml
  • kxml-javadoc
  • langtable-python
  • lapack64-devel
  • lapack64-static
  • lasso-devel
  • lasso-python
  • latrace
  • lcms2-utils
  • ldns
  • ldns-doc
  • ldns-python
  • libabw-devel
  • libabw-doc
  • libabw-tools
  • libappindicator
  • libappindicator-devel
  • libappindicator-docs
  • libappstream-glib-builder
  • libappstream-glib-builder-devel
  • libart_lgpl
  • libart_lgpl-devel
  • libasan-static
  • libavc1394-devel
  • libbase-javadoc
  • libblockdev-btrfs
  • libblockdev-btrfs-devel
  • libblockdev-crypto-devel
  • libblockdev-devel
  • libblockdev-dm-devel
  • libblockdev-fs-devel
  • libblockdev-kbd-devel
  • libblockdev-loop-devel
  • libblockdev-lvm-devel
  • libblockdev-mdraid-devel
  • libblockdev-mpath-devel
  • libblockdev-nvdimm-devel
  • libblockdev-part-devel
  • libblockdev-swap-devel
  • libblockdev-utils-devel
  • libblockdev-vdo-devel
  • libbluedevil
  • libbluedevil-devel
  • libbluray-devel
  • libbonobo
  • libbonobo-devel
  • libbonoboui
  • libbonoboui-devel
  • libbytesize-devel
  • libcacard-tools
  • libcap-ng-python
  • libcdr-devel
  • libcdr-doc
  • libcdr-tools
  • libcgroup-devel
  • libchamplain-demos
  • libchewing
  • libchewing-devel
  • libchewing-python
  • libcmis-devel
  • libcmis-tools
  • libcryptui
  • libcryptui-devel
  • libdb-devel-static
  • libdb-java
  • libdb-java-devel
  • libdb-tcl
  • libdb-tcl-devel
  • libdbi
  • libdbi-dbd-mysql
  • libdbi-dbd-pgsql
  • libdbi-dbd-sqlite
  • libdbi-devel
  • libdbi-drivers
  • libdbusmenu-gtk2
  • libdbusmenu-gtk2-devel
  • libdbusmenu-gtk3-devel
  • libdhash-devel
  • libdmapsharing-devel
  • libdmmp-devel
  • libdmx-devel
  • libdnet-progs
  • libdnet-python
  • libdnf-devel
  • libdv-tools
  • libdvdnav-devel
  • libeasyfc-devel
  • libeasyfc-gobject-devel
  • libee
  • libee-devel
  • libee-utils
  • libesmtp
  • libesmtp-devel
  • libestr-devel
  • libetonyek-doc
  • libetonyek-tools
  • libevdev-utils
  • libexif-doc
  • libexttextcat-devel
  • libexttextcat-tools
  • libfastjson-devel
  • libfdt
  • libfonts-javadoc
  • libformula-javadoc
  • libfprint-devel
  • libfreehand-devel
  • libfreehand-doc
  • libfreehand-tools
  • libgcab1-devel
  • libgccjit
  • libgdither-devel
  • libgee06
  • libgee06-devel
  • libgepub
  • libgepub-devel
  • libgfortran-static
  • libgfortran4
  • libgfortran5
  • libgit2-devel
  • libglade2
  • libglade2-devel
  • libGLEWmx
  • libgnat
  • libgnat-devel
  • libgnat-static
  • libgnome
  • libgnome-devel
  • libgnome-keyring
  • libgnome-keyring-devel
  • libgnomecanvas
  • libgnomecanvas-devel
  • libgnomeui
  • libgnomeui-devel
  • libgo
  • libgo-devel
  • libgo-static
  • libgovirt-devel
  • libgudev-devel
  • libgudev1
  • libgudev1-devel
  • libgxim
  • libgxim-devel
  • libgxps-tools
  • libhangul-devel
  • libhbaapi-devel
  • libhif
  • libhif-devel
  • libibmad
  • libibmad-devel
  • libibmad-static
  • libical-glib
  • libical-glib-devel
  • libical-glib-doc
  • libid3tag
  • libid3tag-devel
  • libidn
  • libiec61883-utils
  • libieee1284-python
  • libimobiledevice-python
  • libimobiledevice-utils
  • libindicator
  • libindicator-devel
  • libindicator-gtk3-devel
  • libindicator-tools
  • libinput
  • libinvm-cim
  • libinvm-cim-devel
  • libinvm-cli
  • libinvm-cli-devel
  • libinvm-i18n
  • libinvm-i18n-devel
  • libiodbc
  • libiodbc-devel
  • libipa_hbac-devel
  • libiptcdata-devel
  • libiptcdata-python
  • libitm-static
  • libixpdimm-cim
  • libixpdimm-core
  • libjpeg-turbo-static
  • libkcddb
  • libkcddb-devel
  • libkcompactdisc
  • libkcompactdisc-devel
  • libkdcraw
  • libkdcraw-devel
  • libkexiv2
  • libkexiv2-devel
  • libkipi
  • libkipi-devel
  • libkkc-devel
  • libkkc-tools
  • libksane
  • libksane-devel
  • libkscreen
  • libkscreen-devel
  • libkworkspace
  • liblayout-javadoc
  • libloader-javadoc
  • liblognorm-devel
  • liblouis-devel
  • liblouis-doc
  • liblouis-python
  • liblouis-utils
  • libmatchbox-devel
  • libmbim-devel
  • libmediaart-devel
  • libmediaart-tests
  • libmemcached
  • libmnl-static
  • libmodman-devel
  • libmodulemd
  • libmodulemd-devel
  • libmpc-devel
  • libmsn
  • libmsn-devel
  • libmspub-devel
  • libmspub-doc
  • libmspub-tools
  • libmtp-examples
  • libmudflap
  • libmudflap-devel
  • libmudflap-static
  • libmusicbrainz
  • libmusicbrainz-devel
  • libmwaw-devel
  • libmwaw-doc
  • libmwaw-tools
  • libmx
  • libmx-devel
  • libmx-docs
  • libndp-devel
  • libnetfilter_cthelper-devel
  • libnetfilter_cttimeout-devel
  • libnftnl-devel
  • libnice
  • libnl
  • libnl-devel
  • libnm-gtk
  • libnm-gtk-devel
  • libntlm
  • libntlm-devel
  • libobjc
  • libodfgen-doc
  • libofa
  • libofa-devel
  • liboil
  • liboil-devel
  • libopenraw-pixbuf-loader
  • liborcus-devel
  • liborcus-doc
  • liborcus-tools
  • libosinfo-devel
  • libosinfo-vala
  • libotf-devel
  • libpagemaker-devel
  • libpagemaker-doc
  • libpagemaker-tools
  • libpeas-loader-python
  • libpfm-python
  • libpinyin-devel
  • libpinyin-tools
  • libpipeline-devel
  • libplist-python
  • libpng-static
  • libpng12-devel
  • libproxy-kde
  • libproxy-mozjs
  • libproxy-python
  • libproxy-webkitgtk3
  • libpst
  • libpst-devel
  • libpst-devel-doc
  • libpst-doc
  • libpst-python
  • libpurple-perl
  • libpurple-tcl
  • libqmi-devel
  • libquadmath-static
  • librabbitmq-examples
  • librados2-devel
  • LibRaw-static
  • librbd1-devel
  • librelp-devel
  • libreoffice
  • libreoffice-bsh
  • libreoffice-gdb-debug-support
  • libreoffice-glade
  • libreoffice-librelogo
  • libreoffice-nlpsolver
  • libreoffice-officebean
  • libreoffice-officebean-common
  • libreoffice-postgresql
  • libreoffice-rhino
  • libreofficekit-devel
  • librepo-devel
  • libreport-compat
  • libreport-devel
  • libreport-gtk-devel
  • libreport-python
  • libreport-web-devel
  • librepository-javadoc
  • librevenge-doc
  • librsvg2-tools
  • libseccomp-devel
  • libselinux-python
  • libselinux-static
  • libsemanage-devel
  • libsemanage-python
  • libsemanage-static
  • libserializer-javadoc
  • libsexy
  • libsexy-devel
  • libsmbios-devel
  • libsmi-devel
  • libsndfile-utils
  • libsolv-demo
  • libsolv-devel
  • libsolv-tools
  • libspiro-devel
  • libss-devel
  • libssh2
  • libsss_certmap-devel
  • libsss_idmap-devel
  • libsss_nss_idmap-devel
  • libsss_simpleifp-devel
  • libstaroffice-devel
  • libstaroffice-doc
  • libstaroffice-tools
  • libstdc++-static
  • libstoragemgmt-devel
  • libstoragemgmt-python
  • libstoragemgmt-python-clibs
  • libstoragemgmt-targetd-plugin
  • libtar-devel
  • libteam-devel
  • libtheora-devel-docs
  • libtiff-static
  • libtimezonemap-devel
  • libtnc
  • libtnc-devel
  • libtranslit
  • libtranslit-devel
  • libtranslit-icu
  • libtranslit-m17n
  • libtsan-static
  • libudisks2-devel
  • libuninameslist-devel
  • libunwind
  • libunwind-devel
  • libusal-devel
  • libusb-static
  • libusbmuxd-utils
  • libuser-devel
  • libuser-python
  • libvdpau-docs
  • libverto-glib
  • libverto-glib-devel
  • libverto-libevent-devel
  • libverto-tevent
  • libverto-tevent-devel
  • libvirt-cim
  • libvirt-daemon-driver-lxc
  • libvirt-daemon-lxc
  • libvirt-gconfig-devel
  • libvirt-glib-devel
  • libvirt-gobject-devel
  • libvirt-java
  • libvirt-java-devel
  • libvirt-java-javadoc
  • libvirt-login-shell
  • libvirt-python
  • libvirt-snmp
  • libvisio-doc
  • libvisio-tools
  • libvma-devel
  • libvma-utils
  • libvoikko-devel
  • libvpx-utils
  • libwebp-java
  • libwebp-tools
  • libwpd-tools
  • libwpg-tools
  • libwps-tools
  • libwsman-devel
  • libwvstreams
  • libwvstreams-devel
  • libwvstreams-static
  • libX11
  • libxcb-doc
  • libXevie
  • libXevie-devel
  • libXfont
  • libXfont-devel
  • libxml2-python
  • libxml2-static
  • libxslt-python
  • libXvMC-devel
  • libzapojit
  • libzapojit-devel
  • libzmf-devel
  • libzmf-doc
  • libzmf-tools
  • linux-firmware
  • lldpad-devel
  • llvm-private
  • llvm-private-devel
  • log4cxx
  • log4cxx-devel
  • log4j
  • log4j-javadoc
  • log4j-manual
  • lohit-oriya-fonts
  • lohit-punjabi-fonts
  • lpsolve-devel
  • lua
  • lua-devel
  • lua-static
  • lvm2-cluster
  • lvm2-python-boom
  • lvm2-python-libs
  • lvm2-sysvinit
  • lz4
  • lz4-static
  • m17n-contrib
  • m17n-contrib-extras
  • m17n-db-devel
  • m17n-db-extras
  • m17n-lib-devel
  • m17n-lib-tools
  • m2crypto
  • make
  • malaga-devel
  • man-pages-cs
  • man-pages-es
  • man-pages-es-extra
  • man-pages-fr
  • man-pages-it
  • man-pages-ja
  • man-pages-ko
  • man-pages-pl
  • man-pages-ru
  • man-pages-zh-CN
  • mariadb-bench
  • mariadb-devel
  • mariadb-libs
  • mariadb-server
  • marisa-devel
  • marisa-perl
  • marisa-python
  • marisa-ruby
  • marisa-tools
  • maven
  • maven-changes-plugin
  • maven-changes-plugin-javadoc
  • maven-deploy-plugin
  • maven-deploy-plugin-javadoc
  • maven-downloader
  • maven-downloader-javadoc
  • maven-doxia-module-fo
  • maven-doxia-tools
  • maven-doxia-tools-javadoc
  • maven-ear-plugin
  • maven-ear-plugin-javadoc
  • maven-ejb-plugin
  • maven-ejb-plugin-javadoc
  • maven-error-diagnostics
  • maven-gpg-plugin
  • maven-gpg-plugin-javadoc
  • maven-istack-commons-plugin
  • maven-jarsigner-plugin
  • maven-jarsigner-plugin-javadoc
  • maven-javadoc-plugin
  • maven-javadoc-plugin-javadoc
  • maven-jxr
  • maven-jxr-javadoc
  • maven-local
  • maven-osgi
  • maven-osgi-javadoc
  • maven-plugin-jxr
  • maven-project-info-reports-plugin
  • maven-project-info-reports-plugin-javadoc
  • maven-release
  • maven-release-javadoc
  • maven-release-manager
  • maven-release-plugin
  • maven-reporting-exec
  • maven-repository-builder
  • maven-repository-builder-javadoc
  • maven-scm
  • maven-scm-javadoc
  • maven-scm-test
  • maven-shared-jar
  • maven-shared-jar-javadoc
  • maven-site-plugin
  • maven-site-plugin-javadoc
  • maven-verifier-plugin
  • maven-verifier-plugin-javadoc
  • maven-wagon
  • maven-wagon-provider-test
  • maven-wagon-scm
  • maven-war-plugin
  • maven-war-plugin-javadoc
  • mdds-devel
  • meanwhile-devel
  • meanwhile-doc
  • memcached-devel
  • memstomp
  • mercurial
  • mesa-demos
  • mesa-libxatracker-devel
  • mesa-private-llvm
  • mesa-private-llvm-devel
  • metacity-devel
  • mgetty
  • mgetty-sendfax
  • mgetty-viewfax
  • mgetty-voice
  • migrationtools
  • minizip
  • minizip-devel
  • mkbootdisk
  • mobile-broadband-provider-info-devel
  • mod_auth_kerb
  • mod_auth_mellon-diagnostics
  • mod_nss
  • mod_revocator
  • mod_wsgi
  • ModemManager-vala
  • mono-icon-theme
  • mozjs17
  • mozjs17-devel
  • mozjs24
  • mozjs24-devel
  • mpich-3.0
  • mpich-3.0-autoload
  • mpich-3.0-devel
  • mpich-3.0-doc
  • mpich-3.2
  • mpich-3.2-autoload
  • mpich-3.2-devel
  • mpich-3.2-doc
  • mpitests-compat-openmpi16
  • mpitests-mpich
  • mpitests-mpich32
  • mpitests-mvapich2
  • mpitests-mvapich2-psm
  • mpitests-mvapich222
  • mpitests-mvapich222-psm
  • mpitests-mvapich222-psm2
  • mpitests-mvapich23
  • mpitests-mvapich23-psm
  • mpitests-mvapich23-psm2
  • mpitests-openmpi
  • mpitests-openmpi3
  • msv-demo
  • msv-msv
  • msv-rngconv
  • msv-xmlgen
  • mvapich2-2.0
  • mvapich2-2.0-devel
  • mvapich2-2.0-doc
  • mvapich2-2.0-psm
  • mvapich2-2.0-psm-devel
  • mvapich2-2.2
  • mvapich2-2.2-devel
  • mvapich2-2.2-doc
  • mvapich2-2.2-psm
  • mvapich2-2.2-psm-devel
  • mvapich2-2.2-psm2
  • mvapich2-2.2-psm2-devel
  • mvapich23
  • mvapich23-devel
  • mvapich23-doc
  • mvapich23-psm
  • mvapich23-psm-devel
  • mvapich23-psm2
  • mvapich23-psm2-devel
  • mysql-connector-java
  • mysql-connector-odbc
  • MySQL-python
  • nagios-plugins-bacula
  • nasm
  • nasm-doc
  • nasm-rdoff
  • nbdkit-plugin-python2
  • ncurses-libs
  • ncurses-static
  • nekohtml
  • nekohtml-demo
  • nekohtml-javadoc
  • nepomuk-core
  • nepomuk-core-devel
  • nepomuk-core-libs
  • nepomuk-widgets
  • nepomuk-widgets-devel
  • net-snmp-gui
  • net-snmp-perl
  • net-snmp-python
  • net-snmp-sysvinit
  • netsniff-ng
  • NetworkManager-glib
  • NetworkManager-glib-devel
  • newt-python
  • newt-static
  • nextgen-yum4
  • nfsometer
  • nfstest
  • nhn-nanum-brush-fonts
  • nhn-nanum-fonts-common
  • nhn-nanum-gothic-fonts
  • nhn-nanum-myeongjo-fonts
  • nhn-nanum-pen-fonts
  • nmap-frontend
  • nss_compat_ossl
  • nss_compat_ossl-devel
  • nss-pem
  • nss-pkcs11-devel
  • ntp
  • ntp-doc
  • ntp-perl
  • ntpdate
  • numpy
  • numpy-f2py
  • nuvola-icon-theme
  • nuxwdog
  • nuxwdog-client-java
  • nuxwdog-client-perl
  • nuxwdog-devel
  • objectweb-anttask
  • objectweb-anttask-javadoc
  • objectweb-asm
  • objectweb-asm4
  • objectweb-asm4-javadoc
  • ocaml-brlapi
  • ocaml-calendar
  • ocaml-calendar-devel
  • ocaml-csv
  • ocaml-csv-devel
  • ocaml-curses
  • ocaml-curses-devel
  • ocaml-docs
  • ocaml-emacs
  • ocaml-fileutils
  • ocaml-fileutils-devel
  • ocaml-gettext
  • ocaml-gettext-devel
  • ocaml-libvirt
  • ocaml-libvirt-devel
  • ocaml-ocamlbuild-doc
  • ocaml-source
  • ocaml-x11
  • ocaml-xml-light
  • ocaml-xml-light-devel
  • oci-register-machine
  • okular
  • okular-devel
  • okular-libs
  • okular-part
  • opa-libopamgt-devel
  • opal
  • opal-devel
  • open-vm-tools-devel
  • open-vm-tools-test
  • opencc-tools
  • openchange-client
  • openchange-devel
  • openchange-devel-docs
  • opencv
  • opencv-devel-docs
  • opencv-python
  • OpenEXR
  • openhpi-devel
  • OpenIPMI
  • OpenIPMI-python
  • openjade
  • openjpeg
  • openjpeg-devel
  • openjpeg-libs
  • openldap-servers
  • openldap-servers-sql
  • openlmi
  • openlmi-account
  • openlmi-account-doc
  • openlmi-fan
  • openlmi-fan-doc
  • openlmi-hardware
  • openlmi-hardware-doc
  • openlmi-indicationmanager-libs
  • openlmi-indicationmanager-libs-devel
  • openlmi-journald
  • openlmi-journald-doc
  • openlmi-logicalfile
  • openlmi-logicalfile-doc
  • openlmi-networking
  • openlmi-networking-doc
  • openlmi-pcp
  • openlmi-powermanagement
  • openlmi-powermanagement-doc
  • openlmi-providers
  • openlmi-providers-devel
  • openlmi-python-base
  • openlmi-python-providers
  • openlmi-python-test
  • openlmi-realmd
  • openlmi-realmd-doc
  • openlmi-service
  • openlmi-service-doc
  • openlmi-software
  • openlmi-software-doc
  • openlmi-storage
  • openlmi-storage-doc
  • openlmi-tools
  • openlmi-tools-doc
  • openmpi
  • openmpi-devel
  • openmpi3
  • openmpi3-devel
  • openobex
  • openobex-apps
  • openobex-devel
  • openscap
  • openscap-containers
  • openscap-engine-sce-devel
  • openscap-extra-probes
  • openscap-python
  • openslp-devel
  • openslp-server
  • opensm-static
  • opensp
  • openssh-server-sysvinit
  • openssl-static
  • openssl098e
  • openwsman-perl
  • openwsman-python
  • openwsman-ruby
  • oprofile
  • oprofile-devel
  • oprofile-gui
  • oprofile-jit
  • optipng
  • ORBit2
  • ORBit2-devel
  • orc-doc
  • ortp
  • ortp-devel
  • oscilloscope
  • ostree
  • ostree-fuse
  • OVMF
  • oxygen-cursor-themes
  • oxygen-gtk
  • oxygen-gtk2
  • oxygen-gtk3
  • oxygen-icon-theme
  • p11-kit-doc
  • pacemaker-cli
  • PackageKit
  • PackageKit-yum
  • PackageKit-yum-plugin
  • pakchois-devel
  • pam_krb5
  • pam_pkcs11
  • pam_snapper
  • pango-tests
  • papi
  • paps-devel
  • passivetex
  • pax
  • pciutils-devel-static
  • pcp-collector
  • pcp-monitor
  • pcp-pmda-kvm
  • pcre
  • pcre-tools
  • pcre2-static
  • pcre2-tools
  • pentaho-libxml-javadoc
  • pentaho-reporting-flow-engine-javadoc
  • perl
  • perl-AppConfig
  • perl-Archive-Extract
  • perl-B-Keywords
  • perl-Browser-Open
  • perl-Business-ISBN
  • perl-Business-ISBN-Data
  • perl-CGI-Session
  • perl-Class-Load
  • perl-Class-Load-XS
  • perl-Class-Singleton
  • perl-Config-Simple
  • perl-Config-Tiny
  • perl-Convert-ASN1
  • perl-core
  • perl-CPAN-Changes
  • perl-CPANPLUS
  • perl-CPANPLUS-Dist-Build
  • perl-Crypt-CBC
  • perl-Crypt-DES
  • perl-Crypt-OpenSSL-Bignum
  • perl-Crypt-OpenSSL-Random
  • perl-Crypt-OpenSSL-RSA
  • perl-Crypt-PasswdMD5
  • perl-Crypt-SSLeay
  • perl-CSS-Tiny
  • perl-Data-Peek
  • perl-DateTime
  • perl-DateTime-Format-DateParse
  • perl-DateTime-Locale
  • perl-DateTime-TimeZone
  • perl-DBD-Pg-tests
  • perl-DBIx-Simple
  • perl-Devel-Cover
  • perl-Devel-Cycle
  • perl-Devel-EnforceEncapsulation
  • perl-Devel-Leak
  • perl-Devel-Symdump
  • perl-Digest-SHA1
  • perl-Email-Address
  • perl-FCGI
  • perl-File-Find-Rule-Perl
  • perl-File-Inplace
  • perl-Font-AFM
  • perl-Font-TTF
  • perl-FreezeThaw
  • perl-GD
  • perl-GD-Barcode
  • perl-gettext
  • perl-Hook-LexWrap
  • perl-HTML-Format
  • perl-HTML-FormatText-WithLinks
  • perl-HTML-FormatText-WithLinks-AndTables
  • perl-HTML-Tree
  • perl-HTTP-Daemon
  • perl-Image-Base
  • perl-Image-Info
  • perl-Image-Xbm
  • perl-Image-Xpm
  • perl-Inline
  • perl-Inline-Files
  • perl-IO-CaptureOutput
  • perl-IO-stringy
  • perl-JSON-tests
  • perl-LDAP
  • perl-libintl
  • perl-libxml-perl
  • perl-List-MoreUtils
  • perl-Locale-Maketext-Gettext
  • perl-Locale-PO
  • perl-Log-Message
  • perl-Log-Message-Simple
  • perl-Mail-DKIM
  • perl-Mixin-Linewise
  • perl-Module-Implementation
  • perl-Module-Manifest
  • perl-Module-Signature
  • perl-Net-Daemon
  • perl-Net-DNS-Nameserver
  • perl-Net-DNS-Resolver-Programmable
  • perl-Net-LibIDN
  • perl-Net-Telnet
  • perl-Newt
  • perl-Object-Accessor
  • perl-Object-Deadly
  • perl-Package-Constants
  • perl-Package-DeprecationManager
  • perl-Package-Stash
  • perl-Package-Stash-XS
  • perl-PAR-Dist
  • perl-Parallel-Iterator
  • perl-Params-Validate
  • perl-Parse-CPAN-Meta
  • perl-Parse-RecDescent
  • perl-Perl-Critic
  • perl-Perl-Critic-More
  • perl-Perl-MinimumVersion
  • perl-Perl4-CoreLibs
  • perl-PlRPC
  • perl-Pod-Coverage
  • perl-Pod-Coverage-TrustPod
  • perl-Pod-Eventual
  • perl-Pod-POM
  • perl-Pod-Spell
  • perl-PPI
  • perl-PPI-HTML
  • perl-PPIx-Regexp
  • perl-PPIx-Utilities
  • perl-Probe-Perl
  • perl-Readonly-XS
  • perl-SGMLSpm
  • perl-Sort-Versions
  • perl-String-Format
  • perl-String-Similarity
  • perl-Syntax-Highlight-Engine-Kate
  • perl-Task-Weaken
  • perl-Template-Toolkit
  • perl-Term-UI
  • perl-Test-ClassAPI
  • perl-Test-CPAN-Meta
  • perl-Test-DistManifest
  • perl-Test-EOL
  • perl-Test-HasVersion
  • perl-Test-Inter
  • perl-Test-Manifest
  • perl-Test-Memory-Cycle
  • perl-Test-MinimumVersion
  • perl-Test-MockObject
  • perl-Test-NoTabs
  • perl-Test-Object
  • perl-Test-Output
  • perl-Test-Perl-Critic
  • perl-Test-Perl-Critic-Policy
  • perl-Test-Pod
  • perl-Test-Pod-Coverage
  • perl-Test-Portability-Files
  • perl-Test-Script
  • perl-Test-Spelling
  • perl-Test-SubCalls
  • perl-Test-Synopsis
  • perl-Test-Tester
  • perl-Test-Vars
  • perl-Test-Without-Module
  • perl-Text-CSV_XS
  • perl-Text-Iconv
  • perl-Tree-DAG_Node
  • perl-Unicode-Map8
  • perl-Unicode-String
  • perl-UNIVERSAL-can
  • perl-UNIVERSAL-isa
  • perl-Version-Requirements
  • perl-WWW-Curl
  • perl-XML-Dumper
  • perl-XML-Filter-BufferText
  • perl-XML-Grove
  • perl-XML-Handler-YAWriter
  • perl-XML-LibXSLT
  • perl-XML-SAX-Writer
  • perl-XML-TreeBuilder
  • perl-XML-Twig
  • perl-XML-Writer
  • perl-XML-XPathEngine
  • perl-YAML-Tiny
  • perltidy
  • pexpect
  • phonon
  • phonon-backend-gstreamer
  • phonon-devel
  • php-common
  • php-mysql
  • php-pecl-memcache
  • php-pspell
  • pidgin-perl
  • pinentry-qt
  • pinentry-qt4
  • pkgconfig
  • pki-base
  • pki-javadoc
  • plasma-scriptengine-python
  • plasma-scriptengine-ruby
  • plexus-cdc
  • plexus-cdc-javadoc
  • plexus-digest
  • plexus-digest-javadoc
  • plexus-interactivity
  • plexus-mail-sender
  • plexus-mail-sender-javadoc
  • plexus-tools-pom
  • plymouth-devel
  • pm-utils
  • pm-utils-devel
  • pngcrush
  • pngnq
  • policycoreutils-gui
  • policycoreutils-python
  • polkit
  • polkit-kde
  • polkit-qt
  • polkit-qt-devel
  • polkit-qt-doc
  • poppler-demos
  • poppler-qt
  • poppler-qt-devel
  • popt-static
  • postfix
  • postfix-sysvinit
  • postgresql-devel
  • postgresql-libs
  • postgresql-plpython
  • pothana2000-fonts
  • powerpc-utils-python
  • pprof
  • pps-tools
  • pptp-setup
  • prelink
  • procps-ng-devel
  • protobuf-emacs
  • protobuf-emacs-el
  • protobuf-java
  • protobuf-javadoc
  • protobuf-lite-devel
  • protobuf-lite-static
  • protobuf-python
  • protobuf-static
  • protobuf-vim
  • psutils
  • psutils-perl
  • pth
  • pth-devel
  • ptlib
  • ptlib-devel
  • publican
  • publican-common-db5-web
  • publican-common-web
  • publican-doc
  • publican-redhat
  • pulseaudio-esound-compat
  • pulseaudio-gdm-hooks
  • pulseaudio-module-gconf
  • pulseaudio-module-zeroconf
  • pulseaudio-qpaeq
  • pycairo
  • pycairo-devel
  • pygpgme
  • PyGreSQL
  • pygtk2-libglade
  • pykde4
  • pykde4-akonadi
  • pykde4-devel
  • pyldb
  • pyldb-devel
  • pyliblzma
  • PyOpenGL
  • PyOpenGL-Tk
  • pyOpenSSL
  • pyOpenSSL-doc
  • pyorbit
  • pyorbit-devel
  • PyPAM
  • pyparsing
  • pyparsing-doc
  • pyparted
  • PyQt4
  • PyQt4-devel
  • pyserial
  • pytalloc
  • pytalloc-devel
  • pytest
  • python
  • python-appindicator
  • python-augeas
  • python-azure-sdk
  • python-babel
  • python-backports
  • python-backports-ssl_match_hostname
  • python-bcc
  • python-beaker
  • python-blivet
  • python-boto3
  • python-brlapi
  • python-cffi
  • python-cffi-doc
  • python-chardet
  • python-cherrypy
  • python-clufter
  • python-configobj
  • python-configshell
  • python-coverage
  • python-cpio
  • python-criu
  • python-cups
  • python-custodia
  • python-custodia-ipa
  • python-dateutil
  • python-debug
  • python-decorator
  • python-deltarpm
  • python-devel
  • python-dmidecode
  • python-dns
  • python-docs
  • python-docutils
  • python-dtopt
  • python-enum34
  • python-ethtool
  • python-firewall
  • python-flask
  • python-fpconst
  • python-gevent
  • python-gobject
  • python-gobject-base
  • python-gpod
  • python-greenlet
  • python-greenlet-devel
  • python-gssapi
  • python-gudev
  • python-hivex
  • python-httplib2
  • python-hwdata
  • python-idna
  • python-iniparse
  • python-inotify
  • python-inotify-examples
  • python-ipaddr
  • python-ipaddress
  • python-IPy
  • python-isodate
  • python-isomd5sum
  • python-itsdangerous
  • python-javapackages
  • python-jinja2
  • python-jsonpatch
  • python-jsonpointer
  • python-jwcrypto
  • python-jwt
  • python-kdcproxy
  • python-kerberos
  • python-kitchen
  • python-kitchen-doc
  • python-kmod
  • python-krbV
  • python-ldap
  • python-libguestfs
  • python-libipa_hbac
  • python-librepo
  • python-libs
  • python-libsss_nss_idmap
  • python-libteam
  • python-linux-procfs
  • python-lxml
  • python-lxml-docs
  • python-magic
  • python-mako
  • python-markupsafe
  • python-matplotlib
  • python-matplotlib-doc
  • python-matplotlib-qt4
  • python-matplotlib-tk
  • python-meh
  • python-meh-gui
  • python-memcached
  • python-mutagen
  • python-netaddr
  • python-netifaces
  • python-nose
  • python-nss
  • python-ntplib
  • python-paramiko
  • python-paramiko-doc
  • python-paste
  • python-pcp
  • python-perf
  • python-pillow
  • python-pillow-devel
  • python-pillow-doc
  • python-pillow-qt
  • python-pillow-sane
  • python-pillow-tk
  • python-ply
  • python-prettytable
  • python-psycopg2
  • python-psycopg2-debug
  • python-pwquality
  • python-py
  • python-pycparser
  • python-pycurl
  • python-pygments
  • python-pytoml
  • python-pyudev
  • python-qrcode
  • python-qrcode-core
  • python-rados
  • python-rbd
  • python-reportlab
  • python-reportlab-docs
  • python-requests
  • python-rhsm
  • python-rhsm-certificates
  • python-rtslib
  • python-rtslib-doc
  • python-s3transfer
  • python-schedutils
  • python-setproctitle
  • python-setuptools
  • python-six
  • python-slip
  • python-slip-dbus
  • python-slip-gtk
  • python-smbc
  • python-smbc-doc
  • python-smbios
  • python-sphinx
  • python-sphinx-doc
  • python-sqlalchemy
  • python-sss
  • python-sss-murmur
  • python-sssdconfig
  • python-suds
  • python-syspurpose
  • python-tdb
  • python-tempita
  • python-test
  • python-tevent
  • python-tools
  • python-tornado
  • python-tornado-doc
  • python-twisted-core
  • python-twisted-core-doc
  • python-twisted-web
  • python-twisted-words
  • python-urlgrabber
  • python-urllib3
  • python-urwid
  • python-virtualenv
  • python-volume_key
  • python-webob
  • python-webtest
  • python-werkzeug
  • python-which
  • python-yubico
  • python-zope-interface
  • python2-blockdev
  • python2-bytesize
  • python2-caribou
  • python2-cryptography
  • python2-dnf
  • python2-dnf-plugin-versionlock
  • python2-dnf-plugins-core
  • python2-futures
  • python2-gexiv2
  • python2-hawkey
  • python2-ipaclient
  • python2-ipalib
  • python2-ipaserver
  • python2-jmespath
  • python2-keycloak-httpd-client-install
  • python2-libcomps
  • python2-libdnf
  • python2-oauthlib
  • python2-pyasn1
  • python2-pyasn1-modules
  • python2-pyatspi
  • python2-requests-oauthlib
  • python2-smartcols
  • python2-solv
  • python2-subprocess32
  • pytz
  • pyusb
  • pywbem
  • pyxattr
  • PyYAML
  • qca-ossl
  • qca2
  • qca2-devel
  • qdox
  • qemu-img-ma
  • qemu-img-rhev
  • qemu-kvm
  • qemu-kvm-common-ma
  • qemu-kvm-common-rhev
  • qemu-kvm-ma
  • qemu-kvm-rhev
  • qemu-kvm-tools
  • qemu-kvm-tools-ma
  • qemu-kvm-tools-rhev
  • qimageblitz
  • qimageblitz-devel
  • qimageblitz-examples
  • qjson
  • qjson-devel
  • qpdf-devel
  • qt
  • qt-assistant
  • qt-config
  • qt-demos
  • qt-devel
  • qt-devel-private
  • qt-doc
  • qt-examples
  • qt-mysql
  • qt-odbc
  • qt-postgresql
  • qt-qdbusviewer
  • qt-qvfb
  • qt-settings
  • qt-x11
  • qt3
  • qt3-config
  • qt3-designer
  • qt3-devel
  • qt3-devel-docs
  • qt3-MySQL
  • qt3-ODBC
  • qt3-PostgreSQL
  • qt5-qt3d-doc
  • qt5-qtbase-doc
  • qt5-qtcanvas3d-doc
  • qt5-qtconnectivity-doc
  • qt5-qtdeclarative-doc
  • qt5-qtenginio
  • qt5-qtenginio-devel
  • qt5-qtenginio-doc
  • qt5-qtenginio-examples
  • qt5-qtgraphicaleffects-doc
  • qt5-qtimageformats-doc
  • qt5-qtlocation-doc
  • qt5-qtmultimedia-doc
  • qt5-qtquickcontrols-doc
  • qt5-qtquickcontrols2-doc
  • qt5-qtscript-doc
  • qt5-qtsensors-doc
  • qt5-qtserialbus-devel
  • qt5-qtserialbus-doc
  • qt5-qtserialport-doc
  • qt5-qtsvg-doc
  • qt5-qttools-doc
  • qt5-qtwayland-doc
  • qt5-qtwebchannel-doc
  • qt5-qtwebsockets-doc
  • qt5-qtx11extras-doc
  • qt5-qtxmlpatterns-doc
  • quagga
  • quagga-contrib
  • quota
  • quota-devel
  • qv4l2
  • rarian-devel
  • rcs
  • rdate
  • rdist
  • readline-static
  • realmd-devel-docs
  • Red_Hat_Enterprise_Linux-Release_Notes-7-as-IN
  • Red_Hat_Enterprise_Linux-Release_Notes-7-bn-IN
  • Red_Hat_Enterprise_Linux-Release_Notes-7-de-DE
  • Red_Hat_Enterprise_Linux-Release_Notes-7-en-US
  • Red_Hat_Enterprise_Linux-Release_Notes-7-es-ES
  • Red_Hat_Enterprise_Linux-Release_Notes-7-fr-FR
  • Red_Hat_Enterprise_Linux-Release_Notes-7-gu-IN
  • Red_Hat_Enterprise_Linux-Release_Notes-7-hi-IN
  • Red_Hat_Enterprise_Linux-Release_Notes-7-it-IT
  • Red_Hat_Enterprise_Linux-Release_Notes-7-ja-JP
  • Red_Hat_Enterprise_Linux-Release_Notes-7-kn-IN
  • Red_Hat_Enterprise_Linux-Release_Notes-7-ko-KR
  • Red_Hat_Enterprise_Linux-Release_Notes-7-ml-IN
  • Red_Hat_Enterprise_Linux-Release_Notes-7-mr-IN
  • Red_Hat_Enterprise_Linux-Release_Notes-7-or-IN
  • Red_Hat_Enterprise_Linux-Release_Notes-7-pa-IN
  • Red_Hat_Enterprise_Linux-Release_Notes-7-pt-BR
  • Red_Hat_Enterprise_Linux-Release_Notes-7-ru-RU
  • Red_Hat_Enterprise_Linux-Release_Notes-7-ta-IN
  • Red_Hat_Enterprise_Linux-Release_Notes-7-te-IN
  • Red_Hat_Enterprise_Linux-Release_Notes-7-zh-CN
  • Red_Hat_Enterprise_Linux-Release_Notes-7-zh-TW
  • redhat-access-plugin-ipa
  • redhat-bookmarks
  • redhat-logos
  • redhat-lsb-supplemental
  • redhat-lsb-trialuse
  • redhat-release-client
  • redhat-release-computenode
  • redhat-release-server
  • redhat-release-workstation
  • redhat-rpm-config
  • redhat-upgrade-dracut
  • redhat-upgrade-dracut-plymouth
  • redhat-upgrade-tool
  • redland-mysql
  • redland-pgsql
  • redland-virtuoso
  • regexp
  • relaxngcc
  • rest-devel
  • resteasy-base
  • resteasy-base-atom-provider
  • resteasy-base-client
  • resteasy-base-jackson-provider
  • resteasy-base-javadoc
  • resteasy-base-jaxb-provider
  • resteasy-base-jaxrs
  • resteasy-base-jaxrs-all
  • resteasy-base-jaxrs-api
  • resteasy-base-jettison-provider
  • resteasy-base-providers-pom
  • resteasy-base-resteasy-pom
  • resteasy-base-tjws
  • rh-dotnet21-dotnet
  • rhdb-utils
  • rhino
  • rhino-demo
  • rhino-javadoc
  • rhino-manual
  • rhythmbox-devel
  • rngom
  • rngom-javadoc
  • rp-pppoe
  • rpm-python
  • rrdtool-php
  • rrdtool-python
  • rsh
  • rsh-server
  • rsync
  • rsyslog-libdbi
  • rsyslog-udpspoof
  • rtcheck
  • rtctl
  • ruby-tcltk
  • rubygem-net-http-persistent
  • rubygem-net-http-persistent-doc
  • rubygem-thor
  • rubygem-thor-doc
  • rusers
  • rusers-server
  • rwho
  • sac-javadoc
  • samba-dc
  • samba-devel
  • samba-python
  • samba-python-test
  • samyak-oriya-fonts
  • sane-backends
  • satyr-devel
  • satyr-python
  • saxon
  • saxon-demo
  • saxon-javadoc
  • saxon-manual
  • saxon-scripts
  • sbc-devel
  • sblim-cim-client2
  • sblim-cim-client2-javadoc
  • sblim-cim-client2-manual
  • sblim-cmpi-base
  • sblim-cmpi-base-devel
  • sblim-cmpi-base-test
  • sblim-cmpi-fsvol
  • sblim-cmpi-fsvol-devel
  • sblim-cmpi-fsvol-test
  • sblim-cmpi-network
  • sblim-cmpi-network-devel
  • sblim-cmpi-network-test
  • sblim-cmpi-nfsv3
  • sblim-cmpi-nfsv3-test
  • sblim-cmpi-nfsv4
  • sblim-cmpi-nfsv4-test
  • sblim-cmpi-params
  • sblim-cmpi-params-test
  • sblim-cmpi-sysfs
  • sblim-cmpi-sysfs-test
  • sblim-cmpi-syslog
  • sblim-cmpi-syslog-test
  • sblim-gather
  • sblim-gather-devel
  • sblim-gather-provider
  • sblim-gather-test
  • sblim-indication_helper
  • sblim-indication_helper-devel
  • sblim-smis-hba
  • sblim-testsuite
  • sblim-wbemcli
  • scannotation
  • scannotation-javadoc
  • scipy
  • scons
  • scpio
  • screen
  • SDL-static
  • seahorse-nautilus
  • seahorse-sharing
  • selinux-policy-devel
  • sendmail-devel
  • sendmail-sysvinit
  • setools-devel
  • setools-gui
  • setools-libs
  • setools-libs-tcl
  • setuptool
  • shared-desktop-ontologies
  • shared-desktop-ontologies-devel
  • shim-unsigned-ia32
  • shim-unsigned-x64
  • shotwell
  • sip
  • sip-devel
  • sip-macros
  • sisu
  • sisu-bean
  • sisu-bean-binders
  • sisu-bean-containers
  • sisu-bean-converters
  • sisu-bean-inject
  • sisu-bean-locators
  • sisu-bean-reflect
  • sisu-bean-scanners
  • sisu-containers
  • sisu-inject-bean
  • sisu-inject-plexus
  • sisu-maven-plugin
  • sisu-maven-plugin-javadoc
  • sisu-osgi-registry
  • sisu-parent
  • sisu-plexus-binders
  • sisu-plexus-converters
  • sisu-plexus-lifecycles
  • sisu-plexus-locators
  • sisu-plexus-metadata
  • sisu-plexus-scanners
  • sisu-plexus-shim
  • sisu-registries
  • sisu-spi-registry
  • slang-slsh
  • slang-static
  • slf4j
  • smbios-utils
  • smbios-utils-bin
  • smbios-utils-python
  • snakeyaml
  • snakeyaml-javadoc
  • snapper
  • snapper-devel
  • snapper-libs
  • sntp
  • SOAPpy
  • soprano
  • soprano-apidocs
  • soprano-devel
  • source-highlight-devel
  • sox
  • sox-devel
  • speech-dispatcher
  • speech-dispatcher-python
  • speex
  • speex-devel
  • speex-tools
  • spice-gtk3
  • spice-xpi
  • sqlite-tcl
  • squid-migration-script
  • squid-sysvinit
  • sssd-common
  • sssd-libwbclient-devel
  • sssd-polkit-rules
  • stax2-api
  • stax2-api-javadoc
  • strace
  • strace32
  • strigi
  • strigi-devel
  • strigi-libs
  • strongimcv
  • subscription-manager-gui
  • subscription-manager-rhsm
  • subversion-kde
  • subversion-python
  • subversion-ruby
  • sudo-devel
  • suitesparse-doc
  • suitesparse-static
  • supermin
  • supermin-helper
  • supermin5
  • supermin5-devel
  • svgpart
  • svrcore
  • svrcore-devel
  • sweeper
  • syslinux
  • syslinux-devel
  • syslinux-extlinux
  • syslinux-perl
  • system-config-date
  • system-config-date-docs
  • system-config-firewall
  • system-config-firewall-base
  • system-config-firewall-tui
  • system-config-kdump
  • system-config-keyboard
  • system-config-keyboard-base
  • system-config-language
  • system-config-printer
  • system-config-users
  • system-config-users-docs
  • system-switch-java
  • systemd
  • systemd-journal-gateway
  • systemd-libs
  • systemd-networkd
  • systemd-python
  • systemd-resolved
  • systemd-sysv
  • systemtap-runtime-python2
  • sysvinit-tools
  • t1lib
  • t1lib-apps
  • t1lib-devel
  • t1lib-static
  • t1utils
  • taglib-doc
  • talk
  • talk-server
  • tang-nagios
  • targetd
  • tcl
  • tcl-pgtcl
  • tclx
  • tclx-devel
  • tcp_wrappers
  • tcp_wrappers-devel
  • tcp_wrappers-libs
  • teamd-devel
  • teckit-devel
  • telepathy-farstream
  • telepathy-farstream-devel
  • telepathy-filesystem
  • telepathy-gabble
  • telepathy-glib
  • telepathy-glib-devel
  • telepathy-glib-vala
  • telepathy-haze
  • telepathy-logger
  • telepathy-logger-devel
  • telepathy-mission-control
  • telepathy-mission-control-devel
  • telepathy-salut
  • tex-preview
  • texinfo
  • texlive-adjustbox
  • texlive-adjustbox-doc
  • texlive-ae
  • texlive-ae-doc
  • texlive-algorithms
  • texlive-algorithms-doc
  • texlive-amscls
  • texlive-amscls-doc
  • texlive-amsfonts
  • texlive-amsfonts-doc
  • texlive-amsmath
  • texlive-amsmath-doc
  • texlive-anysize
  • texlive-anysize-doc
  • texlive-appendix
  • texlive-appendix-doc
  • texlive-arabxetex
  • texlive-arabxetex-doc
  • texlive-arphic
  • texlive-arphic-doc
  • texlive-attachfile
  • texlive-attachfile-doc
  • texlive-babel
  • texlive-babel-doc
  • texlive-babelbib
  • texlive-babelbib-doc
  • texlive-beamer
  • texlive-beamer-doc
  • texlive-bera
  • texlive-bera-doc
  • texlive-beton
  • texlive-beton-doc
  • texlive-bibtex-bin
  • texlive-bibtex-doc
  • texlive-bibtopic
  • texlive-bibtopic-doc
  • texlive-bidi
  • texlive-bidi-doc
  • texlive-bigfoot
  • texlive-bigfoot-doc
  • texlive-booktabs
  • texlive-booktabs-doc
  • texlive-breakurl
  • texlive-breakurl-doc
  • texlive-caption
  • texlive-caption-doc
  • texlive-carlisle
  • texlive-carlisle-doc
  • texlive-changebar
  • texlive-changebar-doc
  • texlive-changepage
  • texlive-changepage-doc
  • texlive-charter
  • texlive-charter-doc
  • texlive-chngcntr
  • texlive-chngcntr-doc
  • texlive-cite
  • texlive-cite-doc
  • texlive-cjk
  • texlive-cjk-doc
  • texlive-cm
  • texlive-cm-doc
  • texlive-cm-lgc
  • texlive-cm-lgc-doc
  • texlive-cm-super
  • texlive-cm-super-doc
  • texlive-cmap
  • texlive-cmap-doc
  • texlive-cns
  • texlive-cns-doc
  • texlive-collectbox
  • texlive-collectbox-doc
  • texlive-collection-documentation-base
  • texlive-colortbl
  • texlive-colortbl-doc
  • texlive-crop
  • texlive-crop-doc
  • texlive-csquotes
  • texlive-csquotes-doc
  • texlive-ctable
  • texlive-ctable-doc
  • texlive-currfile
  • texlive-currfile-doc
  • texlive-datetime
  • texlive-datetime-doc
  • texlive-dvipdfm
  • texlive-dvipdfm-bin
  • texlive-dvipdfm-doc
  • texlive-dvipdfmx
  • texlive-dvipdfmx-bin
  • texlive-dvipdfmx-def
  • texlive-dvipdfmx-doc
  • texlive-dvipng
  • texlive-dvipng-bin
  • texlive-dvipng-doc
  • texlive-dvips
  • texlive-dvips-bin
  • texlive-dvips-doc
  • texlive-ec
  • texlive-ec-doc
  • texlive-eepic
  • texlive-eepic-doc
  • texlive-enctex
  • texlive-enctex-doc
  • texlive-enumitem
  • texlive-enumitem-doc
  • texlive-epsf
  • texlive-epsf-doc
  • texlive-epstopdf
  • texlive-epstopdf-bin
  • texlive-epstopdf-doc
  • texlive-eso-pic
  • texlive-eso-pic-doc
  • texlive-etex
  • texlive-etex-doc
  • texlive-etex-pkg
  • texlive-etex-pkg-doc
  • texlive-etoolbox
  • texlive-etoolbox-doc
  • texlive-euenc
  • texlive-euenc-doc
  • texlive-euler
  • texlive-euler-doc
  • texlive-euro
  • texlive-euro-doc
  • texlive-eurosym
  • texlive-eurosym-doc
  • texlive-extsizes
  • texlive-extsizes-doc
  • texlive-fancybox
  • texlive-fancybox-doc
  • texlive-fancyhdr
  • texlive-fancyhdr-doc
  • texlive-fancyref
  • texlive-fancyref-doc
  • texlive-fancyvrb
  • texlive-fancyvrb-doc
  • texlive-filecontents
  • texlive-filecontents-doc
  • texlive-filehook
  • texlive-filehook-doc
  • texlive-fix2col
  • texlive-fix2col-doc
  • texlive-fixlatvian
  • texlive-fixlatvian-doc
  • texlive-float
  • texlive-float-doc
  • texlive-fmtcount
  • texlive-fmtcount-doc
  • texlive-fncychap
  • texlive-fncychap-doc
  • texlive-fontbook
  • texlive-fontbook-doc
  • texlive-fontspec
  • texlive-fontspec-doc
  • texlive-fontware
  • texlive-fontware-bin
  • texlive-fontwrap
  • texlive-fontwrap-doc
  • texlive-footmisc
  • texlive-footmisc-doc
  • texlive-fp
  • texlive-fp-doc
  • texlive-fpl
  • texlive-fpl-doc
  • texlive-framed
  • texlive-framed-doc
  • texlive-geometry
  • texlive-geometry-doc
  • texlive-graphics
  • texlive-graphics-doc
  • texlive-gsftopk
  • texlive-gsftopk-bin
  • texlive-hyperref
  • texlive-hyperref-doc
  • texlive-hyph-utf8
  • texlive-hyph-utf8-doc
  • texlive-hyphenat
  • texlive-hyphenat-doc
  • texlive-ifetex
  • texlive-ifetex-doc
  • texlive-ifluatex
  • texlive-ifluatex-doc
  • texlive-ifmtarg
  • texlive-ifmtarg-doc
  • texlive-ifoddpage
  • texlive-ifoddpage-doc
  • texlive-iftex
  • texlive-iftex-doc
  • texlive-ifxetex
  • texlive-ifxetex-doc
  • texlive-index
  • texlive-index-doc
  • texlive-jadetex
  • texlive-jadetex-bin
  • texlive-jadetex-doc
  • texlive-jknapltx
  • texlive-jknapltx-doc
  • texlive-kastrup
  • texlive-kastrup-doc
  • texlive-kerkis
  • texlive-kerkis-doc
  • texlive-kpathsea
  • texlive-kpathsea-bin
  • texlive-kpathsea-doc
  • texlive-kpathsea-lib
  • texlive-kpathsea-lib-devel
  • texlive-l3experimental
  • texlive-l3experimental-doc
  • texlive-l3kernel
  • texlive-l3kernel-doc
  • texlive-l3packages
  • texlive-l3packages-doc
  • texlive-lastpage
  • texlive-lastpage-doc
  • texlive-latex
  • texlive-latex-bin
  • texlive-latex-bin-bin
  • texlive-latex-doc
  • texlive-latex-fonts
  • texlive-latex-fonts-doc
  • texlive-lettrine
  • texlive-lettrine-doc
  • texlive-listings
  • texlive-listings-doc
  • texlive-lm
  • texlive-lm-doc
  • texlive-lm-math
  • texlive-lm-math-doc
  • texlive-lua-alt-getopt
  • texlive-lua-alt-getopt-doc
  • texlive-lualatex-math
  • texlive-lualatex-math-doc
  • texlive-luaotfload
  • texlive-luaotfload-bin
  • texlive-luaotfload-doc
  • texlive-luatex
  • texlive-luatex-bin
  • texlive-luatex-doc
  • texlive-luatexbase
  • texlive-luatexbase-doc
  • texlive-makecmds
  • texlive-makecmds-doc
  • texlive-makeindex
  • texlive-makeindex-bin
  • texlive-makeindex-doc
  • texlive-marginnote
  • texlive-marginnote-doc
  • texlive-marvosym
  • texlive-marvosym-doc
  • texlive-mathpazo
  • texlive-mathpazo-doc
  • texlive-mathspec
  • texlive-mathspec-doc
  • texlive-mdwtools
  • texlive-mdwtools-doc
  • texlive-memoir
  • texlive-memoir-doc
  • texlive-metafont
  • texlive-metafont-bin
  • texlive-metalogo
  • texlive-metalogo-doc
  • texlive-metapost
  • texlive-metapost-bin
  • texlive-metapost-doc
  • texlive-metapost-examples-doc
  • texlive-mflogo
  • texlive-mflogo-doc
  • texlive-mfnfss
  • texlive-mfnfss-doc
  • texlive-mfware
  • texlive-mfware-bin
  • texlive-mh
  • texlive-mh-doc
  • texlive-microtype
  • texlive-microtype-doc
  • texlive-misc
  • texlive-mnsymbol
  • texlive-mnsymbol-doc
  • texlive-mparhack
  • texlive-mparhack-doc
  • texlive-mptopdf
  • texlive-mptopdf-bin
  • texlive-ms
  • texlive-ms-doc
  • texlive-multido
  • texlive-multido-doc
  • texlive-multirow
  • texlive-multirow-doc
  • texlive-natbib
  • texlive-natbib-doc
  • texlive-ncctools
  • texlive-ncctools-doc
  • texlive-ntgclass
  • texlive-ntgclass-doc
  • texlive-oberdiek
  • texlive-oberdiek-doc
  • texlive-overpic
  • texlive-overpic-doc
  • texlive-paralist
  • texlive-paralist-doc
  • texlive-parallel
  • texlive-parallel-doc
  • texlive-parskip
  • texlive-parskip-doc
  • texlive-pdfpages
  • texlive-pdfpages-doc
  • texlive-pdftex
  • texlive-pdftex-bin
  • texlive-pdftex-def
  • texlive-pdftex-doc
  • texlive-pgf
  • texlive-pgf-doc
  • texlive-philokalia
  • texlive-philokalia-doc
  • texlive-placeins
  • texlive-placeins-doc
  • texlive-polyglossia
  • texlive-polyglossia-doc
  • texlive-powerdot
  • texlive-powerdot-doc
  • texlive-preprint
  • texlive-preprint-doc
  • texlive-psfrag
  • texlive-psfrag-doc
  • texlive-psnfss
  • texlive-psnfss-doc
  • texlive-pspicture
  • texlive-pspicture-doc
  • texlive-pst-3d
  • texlive-pst-3d-doc
  • texlive-pst-blur
  • texlive-pst-blur-doc
  • texlive-pst-coil
  • texlive-pst-coil-doc
  • texlive-pst-eps
  • texlive-pst-eps-doc
  • texlive-pst-fill
  • texlive-pst-fill-doc
  • texlive-pst-grad
  • texlive-pst-grad-doc
  • texlive-pst-math
  • texlive-pst-math-doc
  • texlive-pst-node
  • texlive-pst-node-doc
  • texlive-pst-plot
  • texlive-pst-plot-doc
  • texlive-pst-slpe
  • texlive-pst-slpe-doc
  • texlive-pst-text
  • texlive-pst-text-doc
  • texlive-pst-tree
  • texlive-pst-tree-doc
  • texlive-pstricks
  • texlive-pstricks-add
  • texlive-pstricks-add-doc
  • texlive-pstricks-doc
  • texlive-ptext
  • texlive-ptext-doc
  • texlive-pxfonts
  • texlive-pxfonts-doc
  • texlive-qstest
  • texlive-qstest-doc
  • texlive-rcs
  • texlive-rcs-doc
  • texlive-realscripts
  • texlive-realscripts-doc
  • texlive-rotating
  • texlive-rotating-doc
  • texlive-rsfs
  • texlive-rsfs-doc
  • texlive-sansmath
  • texlive-sansmath-doc
  • texlive-sauerj
  • texlive-sauerj-doc
  • texlive-section
  • texlive-section-doc
  • texlive-sectsty
  • texlive-sectsty-doc
  • texlive-seminar
  • texlive-seminar-doc
  • texlive-sepnum
  • texlive-sepnum-doc
  • texlive-setspace
  • texlive-setspace-doc
  • texlive-showexpl
  • texlive-showexpl-doc
  • texlive-soul
  • texlive-soul-doc
  • texlive-stmaryrd
  • texlive-stmaryrd-doc
  • texlive-subfig
  • texlive-subfig-doc
  • texlive-subfigure
  • texlive-subfigure-doc
  • texlive-svn-prov
  • texlive-svn-prov-doc
  • texlive-t2
  • texlive-t2-doc
  • texlive-tetex
  • texlive-tetex-bin
  • texlive-tetex-doc
  • texlive-tex
  • texlive-tex-bin
  • texlive-tex-gyre
  • texlive-tex-gyre-doc
  • texlive-tex-gyre-math
  • texlive-tex-gyre-math-doc
  • texlive-tex4ht
  • texlive-tex4ht-bin
  • texlive-tex4ht-doc
  • texlive-texconfig
  • texlive-texconfig-bin
  • texlive-texlive.infra
  • texlive-texlive.infra-bin
  • texlive-texlive.infra-doc
  • texlive-textcase
  • texlive-textcase-doc
  • texlive-textpos
  • texlive-textpos-doc
  • texlive-thailatex
  • texlive-thailatex-doc
  • texlive-threeparttable
  • texlive-threeparttable-doc
  • texlive-thumbpdf
  • texlive-thumbpdf-bin
  • texlive-thumbpdf-doc
  • texlive-tipa
  • texlive-tipa-doc
  • texlive-titlesec
  • texlive-titlesec-doc
  • texlive-titling
  • texlive-titling-doc
  • texlive-tocloft
  • texlive-tocloft-doc
  • texlive-tools
  • texlive-tools-doc
  • texlive-txfonts
  • texlive-txfonts-doc
  • texlive-type1cm
  • texlive-type1cm-doc
  • texlive-typehtml
  • texlive-typehtml-doc
  • texlive-ucharclasses
  • texlive-ucharclasses-doc
  • texlive-ucs
  • texlive-ucs-doc
  • texlive-uhc
  • texlive-uhc-doc
  • texlive-ulem
  • texlive-ulem-doc
  • texlive-underscore
  • texlive-underscore-doc
  • texlive-unicode-math
  • texlive-unicode-math-doc
  • texlive-unisugar
  • texlive-unisugar-doc
  • texlive-url
  • texlive-url-doc
  • texlive-utopia
  • texlive-utopia-doc
  • texlive-varwidth
  • texlive-varwidth-doc
  • texlive-wadalab
  • texlive-wadalab-doc
  • texlive-was
  • texlive-was-doc
  • texlive-wasy
  • texlive-wasy-doc
  • texlive-wasysym
  • texlive-wasysym-doc
  • texlive-wrapfig
  • texlive-wrapfig-doc
  • texlive-xcolor
  • texlive-xcolor-doc
  • texlive-xdvi
  • texlive-xdvi-bin
  • texlive-xecjk
  • texlive-xecjk-doc
  • texlive-xecolor
  • texlive-xecolor-doc
  • texlive-xecyr
  • texlive-xecyr-doc
  • texlive-xeindex
  • texlive-xeindex-doc
  • texlive-xepersian
  • texlive-xepersian-doc
  • texlive-xesearch
  • texlive-xesearch-doc
  • texlive-xetex
  • texlive-xetex-bin
  • texlive-xetex-def
  • texlive-xetex-doc
  • texlive-xetex-itrans
  • texlive-xetex-itrans-doc
  • texlive-xetex-pstricks
  • texlive-xetex-pstricks-doc
  • texlive-xetex-tibetan
  • texlive-xetex-tibetan-doc
  • texlive-xetexfontinfo
  • texlive-xetexfontinfo-doc
  • texlive-xifthen
  • texlive-xifthen-doc
  • texlive-xkeyval
  • texlive-xkeyval-doc
  • texlive-xltxtra
  • texlive-xltxtra-doc
  • texlive-xmltex
  • texlive-xmltex-bin
  • texlive-xmltex-doc
  • texlive-xstring
  • texlive-xstring-doc
  • texlive-xtab
  • texlive-xtab-doc
  • texlive-xunicode
  • texlive-xunicode-doc
  • tix-doc
  • tkinter
  • tncfhh
  • tncfhh-devel
  • tncfhh-examples
  • tncfhh-libs
  • tncfhh-utils
  • tog-pegasus-test
  • tokyocabinet-devel-doc
  • tomcat
  • tomcat-admin-webapps
  • tomcat-docs-webapp
  • tomcat-el-2.2-api
  • tomcat-javadoc
  • tomcat-jsp-2.2-api
  • tomcat-jsvc
  • tomcat-lib
  • tomcat-servlet-3.0-api
  • tomcat-webapps
  • totem-devel
  • totem-pl-parser-devel
  • tracker
  • tracker-devel
  • tracker-docs
  • tracker-needle
  • tracker-preferences
  • trang
  • trousers
  • trousers-static
  • txw2
  • txw2-javadoc
  • unbound-python
  • unique3
  • unique3-devel
  • unique3-docs
  • uriparser
  • uriparser-devel
  • urw-fonts
  • usbguard-devel
  • usbredir-server
  • ustr
  • ustr-debug
  • ustr-debug-static
  • ustr-devel
  • ustr-static
  • util-linux
  • uuid-c++
  • uuid-c++-devel
  • uuid-dce
  • uuid-dce-devel
  • uuid-perl
  • uuid-php
  • v4l-utils
  • v4l-utils-devel-tools
  • vala-doc
  • valadoc
  • valadoc-devel
  • valgrind-openmpi
  • vemana2000-fonts
  • vigra
  • vigra-devel
  • virtuoso-opensource
  • virtuoso-opensource-utils
  • vlgothic-fonts
  • vlgothic-p-fonts
  • vsftpd-sysvinit
  • vte3
  • vte3-devel
  • vulkan
  • vulkan-devel
  • vulkan-filesystem
  • wayland-doc
  • webkitgtk3
  • webkitgtk3-devel
  • webkitgtk3-doc
  • webkitgtk4
  • webkitgtk4-devel
  • webkitgtk4-doc
  • webkitgtk4-jsc
  • webkitgtk4-jsc-devel
  • webkitgtk4-plugin-process-gtk2
  • webrtc-audio-processing-devel
  • weld-parent
  • whois
  • wireshark
  • wireshark-gnome
  • woodstox-core
  • woodstox-core-javadoc
  • wordnet
  • wordnet-browser
  • wordnet-devel
  • wordnet-doc
  • wqy-zenhei-fonts
  • ws-commons-util
  • ws-commons-util-javadoc
  • ws-jaxme
  • ws-jaxme-javadoc
  • ws-jaxme-manual
  • wsdl4j
  • wsdl4j-javadoc
  • wvdial
  • x86info
  • xchat
  • xchat-tcl
  • xdg-desktop-portal-devel
  • xerces-c
  • xerces-c-devel
  • xerces-c-doc
  • xferstats
  • xguest
  • xhtml2fo-style-xsl
  • xhtml2ps
  • xisdnload
  • xml-commons-apis12
  • xml-commons-apis12-javadoc
  • xml-commons-apis12-manual
  • xmlgraphics-commons
  • xmlgraphics-commons-javadoc
  • xmlrpc-c-apps
  • xmlrpc-client
  • xmlrpc-common
  • xmlrpc-javadoc
  • xmlrpc-server
  • xmlsec1-gcrypt-devel
  • xmlsec1-nss-devel
  • xmlto-tex
  • xmlto-xhtml
  • xmltoman
  • xmvn
  • xorg-x11-apps
  • xorg-x11-drv-intel-devel
  • xorg-x11-drv-keyboard
  • xorg-x11-drv-mouse
  • xorg-x11-drv-mouse-devel
  • xorg-x11-drv-openchrome
  • xorg-x11-drv-openchrome-devel
  • xorg-x11-drv-synaptics
  • xorg-x11-drv-synaptics-devel
  • xorg-x11-drv-vmmouse
  • xorg-x11-drv-void
  • xorg-x11-drv-wacom
  • xorg-x11-server-source
  • xorg-x11-xkb-extras
  • xpp3
  • xpp3-javadoc
  • xpp3-minimal
  • xsettings-kde
  • xstream
  • xstream-javadoc
  • xterm
  • xulrunner
  • xulrunner-devel
  • xz-compat-libs
  • yelp-xsl-devel
  • yum-cron
  • yum-langpacks
  • yum-metadata-parser
  • yum-NetworkManager-dispatcher
  • yum-plugin-aliases
  • yum-plugin-auto-update-debug-info
  • yum-plugin-changelog
  • yum-plugin-copr
  • yum-plugin-fastestmirror
  • yum-plugin-filter-data
  • yum-plugin-fs-snapshot
  • yum-plugin-keys
  • yum-plugin-list-data
  • yum-plugin-local
  • yum-plugin-merge-conf
  • yum-plugin-ovl
  • yum-plugin-post-transaction-actions
  • yum-plugin-pre-transaction-actions
  • yum-plugin-priorities
  • yum-plugin-protectbase
  • yum-plugin-ps
  • yum-plugin-remove-with-leaves
  • yum-plugin-rpm-warm-cache
  • yum-plugin-show-leaves
  • yum-plugin-tmprepo
  • yum-plugin-tsflags
  • yum-plugin-upgrade-helper
  • yum-plugin-verify
  • yum-plugin-versionlock
  • yum-rhn-plugin
  • yum-updateonboot
  • yum-utils

7.2. Deprecated Device Drivers

The following device drivers continue to be supported until the end of life of Red Hat Enterprise Linux 7 but will likely not be supported in future major releases of this product and are not recommended for new deployments.

  • 3w-9xxx
  • 3w-sas
  • aic79xx
  • aoe
  • arcmsr
  • ata drivers:

    • acard-ahci
    • sata_mv
    • sata_nv
    • sata_promise
    • sata_qstor
    • sata_sil
    • sata_sil24
    • sata_sis
    • sata_svw
    • sata_sx4
    • sata_uli
    • sata_via
    • sata_vsc
  • bfa
  • cxgb3
  • cxgb3i
  • e1000
  • floppy
  • hptiop
  • initio
  • isci
  • iw_cxgb3
  • mptbase
  • mptctl
  • mptsas
  • mptscsih
  • mptspi
  • mtip32xx
  • mvsas
  • mvumi
  • OSD drivers:

    • osd
    • libosd
  • osst
  • pata drivers:

    • pata_acpi
    • pata_ali
    • pata_amd
    • pata_arasan_cf
    • pata_artop
    • pata_atiixp
    • pata_atp867x
    • pata_cmd64x
    • pata_cs5536
    • pata_hpt366
    • pata_hpt37x
    • pata_hpt3x2n
    • pata_hpt3x3
    • pata_it8213
    • pata_it821x
    • pata_jmicron
    • pata_marvell
    • pata_netcell
    • pata_ninja32
    • pata_oldpiix
    • pata_pdc2027x
    • pata_pdc202xx_old
    • pata_piccolo
    • pata_rdc
    • pata_sch
    • pata_serverworks
    • pata_sil680
    • pata_sis
    • pata_via
    • pdc_adma
  • pm80xx(pm8001)
  • pmcraid
  • qla3xxx
  • stex
  • sx8
  • tulip
  • ufshcd
  • wireless drivers:

    • carl9170
    • iwl4965
    • iwl3945
    • mwl8k
    • rt73usb
    • rt61pci
    • rtl8187
    • wil6210

7.3. Deprecated Adapters

The following adapters continue to be supported until the end of life of Red Hat Enterprise Linux 7 but will likely not be supported in future major releases of this product and are not recommended for new deployments. Other adapters from the mentioned drivers that are not listed here remain unchanged.

PCI IDs are in the format of vendor:device:subvendor:subdevice. If the subdevice or subvendor:subdevice entry is not listed, devices with any values of such missing entries have been deprecated.

To check the PCI IDs of the hardware on your system, run the lspci -nn command.

  • The following adapters from the aacraid driver have been deprecated:

    • PERC 2/Si (Iguana/PERC2Si), PCI ID 0x1028:0x0001:0x1028:0x0001
    • PERC 3/Di (Opal/PERC3Di), PCI ID 0x1028:0x0002:0x1028:0x0002
    • PERC 3/Si (SlimFast/PERC3Si), PCI ID 0x1028:0x0003:0x1028:0x0003
    • PERC 3/Di (Iguana FlipChip/PERC3DiF), PCI ID 0x1028:0x0004:0x1028:0x00d0
    • PERC 3/Di (Viper/PERC3DiV), PCI ID 0x1028:0x0002:0x1028:0x00d1
    • PERC 3/Di (Lexus/PERC3DiL), PCI ID 0x1028:0x0002:0x1028:0x00d9
    • PERC 3/Di (Jaguar/PERC3DiJ), PCI ID 0x1028:0x000a:0x1028:0x0106
    • PERC 3/Di (Dagger/PERC3DiD), PCI ID 0x1028:0x000a:0x1028:0x011b
    • PERC 3/Di (Boxster/PERC3DiB), PCI ID 0x1028:0x000a:0x1028:0x0121
    • catapult, PCI ID 0x9005:0x0283:0x9005:0x0283
    • tomcat, PCI ID 0x9005:0x0284:0x9005:0x0284
    • Adaptec 2120S (Crusader), PCI ID 0x9005:0x0285:0x9005:0x0286
    • Adaptec 2200S (Vulcan), PCI ID 0x9005:0x0285:0x9005:0x0285
    • Adaptec 2200S (Vulcan-2m), PCI ID 0x9005:0x0285:0x9005:0x0287
    • Legend S220 (Legend Crusader), PCI ID 0x9005:0x0285:0x17aa:0x0286
    • Legend S230 (Legend Vulcan), PCI ID 0x9005:0x0285:0x17aa:0x0287
    • Adaptec 3230S (Harrier), PCI ID 0x9005:0x0285:0x9005:0x0288
    • Adaptec 3240S (Tornado), PCI ID 0x9005:0x0285:0x9005:0x0289
    • ASR-2020ZCR SCSI PCI-X ZCR (Skyhawk), PCI ID 0x9005:0x0285:0x9005:0x028a
    • ASR-2025ZCR SCSI SO-DIMM PCI-X ZCR (Terminator), PCI ID 0x9005:0x0285:0x9005:0x028b
    • ASR-2230S + ASR-2230SLP PCI-X (Lancer), PCI ID 0x9005:0x0286:0x9005:0x028c
    • ASR-2130S (Lancer), PCI ID 0x9005:0x0286:0x9005:0x028d
    • AAR-2820SA (Intruder), PCI ID 0x9005:0x0286:0x9005:0x029b
    • AAR-2620SA (Intruder), PCI ID 0x9005:0x0286:0x9005:0x029c
    • AAR-2420SA (Intruder), PCI ID 0x9005:0x0286:0x9005:0x029d
    • ICP9024RO (Lancer), PCI ID 0x9005:0x0286:0x9005:0x029e
    • ICP9014RO (Lancer), PCI ID 0x9005:0x0286:0x9005:0x029f
    • ICP9047MA (Lancer), PCI ID 0x9005:0x0286:0x9005:0x02a0
    • ICP9087MA (Lancer), PCI ID 0x9005:0x0286:0x9005:0x02a1
    • ICP5445AU (Hurricane44), PCI ID 0x9005:0x0286:0x9005:0x02a3
    • ICP9085LI (Marauder-X), PCI ID 0x9005:0x0285:0x9005:0x02a4
    • ICP5085BR (Marauder-E), PCI ID 0x9005:0x0285:0x9005:0x02a5
    • ICP9067MA (Intruder-6), PCI ID 0x9005:0x0286:0x9005:0x02a6
    • Themisto Jupiter Platform, PCI ID 0x9005:0x0287:0x9005:0x0800
    • Themisto Jupiter Platform, PCI ID 0x9005:0x0200:0x9005:0x0200
    • Callisto Jupiter Platform, PCI ID 0x9005:0x0286:0x9005:0x0800
    • ASR-2020SA SATA PCI-X ZCR (Skyhawk), PCI ID 0x9005:0x0285:0x9005:0x028e
    • ASR-2025SA SATA SO-DIMM PCI-X ZCR (Terminator), PCI ID 0x9005:0x0285:0x9005:0x028f
    • AAR-2410SA PCI SATA 4ch (Jaguar II), PCI ID 0x9005:0x0285:0x9005:0x0290
    • CERC SATA RAID 2 PCI SATA 6ch (DellCorsair), PCI ID 0x9005:0x0285:0x9005:0x0291
    • AAR-2810SA PCI SATA 8ch (Corsair-8), PCI ID 0x9005:0x0285:0x9005:0x0292
    • AAR-21610SA PCI SATA 16ch (Corsair-16), PCI ID 0x9005:0x0285:0x9005:0x0293
    • ESD SO-DIMM PCI-X SATA ZCR (Prowler), PCI ID 0x9005:0x0285:0x9005:0x0294
    • AAR-2610SA PCI SATA 6ch, PCI ID 0x9005:0x0285:0x103C:0x3227
    • ASR-2240S (SabreExpress), PCI ID 0x9005:0x0285:0x9005:0x0296
    • ASR-4005, PCI ID 0x9005:0x0285:0x9005:0x0297
    • IBM 8i (AvonPark), PCI ID 0x9005:0x0285:0x1014:0x02F2
    • IBM 8i (AvonPark Lite), PCI ID 0x9005:0x0285:0x1014:0x0312
    • IBM 8k/8k-l8 (Aurora), PCI ID 0x9005:0x0286:0x1014:0x9580
    • IBM 8k/8k-l4 (Aurora Lite), PCI ID 0x9005:0x0286:0x1014:0x9540
    • ASR-4000 (BlackBird), PCI ID 0x9005:0x0285:0x9005:0x0298
    • ASR-4800SAS (Marauder-X), PCI ID 0x9005:0x0285:0x9005:0x0299
    • ASR-4805SAS (Marauder-E), PCI ID 0x9005:0x0285:0x9005:0x029a
    • ASR-3800 (Hurricane44), PCI ID 0x9005:0x0286:0x9005:0x02a2
    • Perc 320/DC, PCI ID 0x9005:0x0285:0x1028:0x0287
    • Adaptec 5400S (Mustang), PCI ID 0x1011:0x0046:0x9005:0x0365
    • Adaptec 5400S (Mustang), PCI ID 0x1011:0x0046:0x9005:0x0364
    • Dell PERC2/QC, PCI ID 0x1011:0x0046:0x9005:0x1364
    • HP NetRAID-4M, PCI ID 0x1011:0x0046:0x103c:0x10c2
    • Dell Catchall, PCI ID 0x9005:0x0285:0x1028
    • Legend Catchall, PCI ID 0x9005:0x0285:0x17aa
    • Adaptec Catch All, PCI ID 0x9005:0x0285
    • Adaptec Rocket Catch All, PCI ID 0x9005:0x0286
    • Adaptec NEMER/ARK Catch All, PCI ID 0x9005:0x0288
  • The following adapters from the mpt2sas driver have been deprecated:

    • SAS2004, PCI ID 0x1000:0x0070
    • SAS2008, PCI ID 0x1000:0x0072
    • SAS2108_1, PCI ID 0x1000:0x0074
    • SAS2108_2, PCI ID 0x1000:0x0076
    • SAS2108_3, PCI ID 0x1000:0x0077
    • SAS2116_1, PCI ID 0x1000:0x0064
    • SAS2116_2, PCI ID 0x1000:0x0065
    • SSS6200, PCI ID 0x1000:0x007E
  • The following adapters from the megaraid_sas driver have been deprecated:

    • Dell PERC5, PCI ID 0x1028:0x15
    • SAS1078R, PCI ID 0x1000:0x60
    • SAS1078DE, PCI ID 0x1000:0x7C
    • SAS1064R, PCI ID 0x1000:0x411
    • VERDE_ZCR, PCI ID 0x1000:0x413
    • SAS1078GEN2, PCI ID 0x1000:0x78
    • SAS0079GEN2, PCI ID 0x1000:0x79
    • SAS0073SKINNY, PCI ID 0x1000:0x73
    • SAS0071SKINNY, PCI ID 0x1000:0x71
  • The following adapters from the qla2xxx driver have been deprecated:

    • ISP24xx, PCI ID 0x1077:0x2422
    • ISP24xx, PCI ID 0x1077:0x2432
    • ISP2422, PCI ID 0x1077:0x5422
    • QLE220, PCI ID 0x1077:0x5432
    • QLE81xx, PCI ID 0x1077:0x8001
    • QLE10000, PCI ID 0x1077:0xF000
    • QLE84xx, PCI ID 0x1077:0x8044
    • QLE8000, PCI ID 0x1077:0x8432
    • QLE82xx, PCI ID 0x1077:0x8021
  • The following adapters from the qla4xxx driver have been deprecated:

    • QLOGIC_ISP8022, PCI ID 0x1077:0x8022
    • QLOGIC_ISP8324, PCI ID 0x1077:0x8032
    • QLOGIC_ISP8042, PCI ID 0x1077:0x8042
  • The following adapters from the be2iscsi driver have been deprecated:

    • BladeEngine 2 (BE2) Devices

      • BladeEngine2 10Gb iSCSI Initiator (generic), PCI ID 0x19a2:0x212
      • OneConnect OCe10101, OCm10101, OCe10102, OCm10102 BE2 adapter family, PCI ID 0x19a2:0x702
      • OCe10100 BE2 adapter family, PCI ID 0x19a2:0x703
    • BladeEngine 3 (BE3) Devices

      • OneConnect TOMCAT iSCSI, PCI ID 0x19a2:0x0712
      • BladeEngine3 iSCSI, PCI ID 0x19a2:0x0222
  • The following Ethernet adapters controlled by the be2net driver have been deprecated:

    • BladeEngine 2 (BE2) Devices

      • OneConnect TIGERSHARK NIC, PCI ID 0x19a2:0x0700
      • BladeEngine2 Network Adapter, PCI ID 0x19a2:0x0211
    • BladeEngine 3 (BE3) Devices

      • OneConnect TOMCAT NIC, PCI ID 0x19a2:0x0710
      • BladeEngine3 Network Adapter, PCI ID 0x19a2:0x0221
  • The following adapters from the lpfc driver have been deprecated:

    • BladeEngine 2 (BE2) Devices

      • OneConnect TIGERSHARK FCoE, PCI ID 0x19a2:0x0704
    • BladeEngine 3 (BE3) Devices

      • OneConnect TOMCAT FCoE, PCI ID 0x19a2:0x0714
    • Fibre Channel (FC) Devices

      • FIREFLY, PCI ID 0x10df:0x1ae5
      • PROTEUS_VF, PCI ID 0x10df:0xe100
      • BALIUS, PCI ID 0x10df:0xe131
      • PROTEUS_PF, PCI ID 0x10df:0xe180
      • RFLY, PCI ID 0x10df:0xf095
      • PFLY, PCI ID 0x10df:0xf098
      • LP101, PCI ID 0x10df:0xf0a1
      • TFLY, PCI ID 0x10df:0xf0a5
      • BSMB, PCI ID 0x10df:0xf0d1
      • BMID, PCI ID 0x10df:0xf0d5
      • ZSMB, PCI ID 0x10df:0xf0e1
      • ZMID, PCI ID 0x10df:0xf0e5
      • NEPTUNE, PCI ID 0x10df:0xf0f5
      • NEPTUNE_SCSP, PCI ID 0x10df:0xf0f6
      • NEPTUNE_DCSP, PCI ID 0x10df:0xf0f7
      • FALCON, PCI ID 0x10df:0xf180
      • SUPERFLY, PCI ID 0x10df:0xf700
      • DRAGONFLY, PCI ID 0x10df:0xf800
      • CENTAUR, PCI ID 0x10df:0xf900
      • PEGASUS, PCI ID 0x10df:0xf980
      • THOR, PCI ID 0x10df:0xfa00
      • VIPER, PCI ID 0x10df:0xfb00
      • LP10000S, PCI ID 0x10df:0xfc00
      • LP11000S, PCI ID 0x10df:0xfc10
      • LPE11000S, PCI ID 0x10df:0xfc20
      • PROTEUS_S, PCI ID 0x10df:0xfc50
      • HELIOS, PCI ID 0x10df:0xfd00
      • HELIOS_SCSP, PCI ID 0x10df:0xfd11
      • HELIOS_DCSP, PCI ID 0x10df:0xfd12
      • ZEPHYR, PCI ID 0x10df:0xfe00
      • HORNET, PCI ID 0x10df:0xfe05
      • ZEPHYR_SCSP, PCI ID 0x10df:0xfe11
      • ZEPHYR_DCSP, PCI ID 0x10df:0xfe12
    • Lancer FCoE CNA Devices

      • OCe15104-FM, PCI ID 0x10df:0xe260
      • OCe15102-FM, PCI ID 0x10df:0xe260
      • OCm15108-F-P, PCI ID 0x10df:0xe260

7.4. Other Deprecated Functionality

Python 2 has been deprecated

Python 2 will be replaced with Python 3 in the next Red Hat Enterprise Linux (RHEL) major release.

See the Conservative Python 3 Porting Guide for information on how to migrate large code bases to Python 3.

LVM libraries and LVM Python bindings have been deprecated

The lvm2app library and LVM Python bindings, which are provided by the lvm2-python-libs package, have been deprecated.

Red Hat recommends the following solutions instead:

  • The LVM D-Bus API in combination with the lvm2-dbusd service. This requires using Python version 3.
  • The LVM command-line utilities with JSON formatting. This formatting has been available since the lvm2 package version 2.02.158.
  • The libblockdev library for C and C++.

Mirrored mirror log has been deprecated in LVM

The mirrored mirror log feature of mirrored LVM volumes has been deprecated. A future major release of Red Hat Enterprise Linux will no longer support creating or activating LVM volumes with a mirrored mirror log.

The recommended replacements are:

  • RAID1 LVM volumes. The main advantage of RAID1 volumes is their ability to work even in degraded mode and to recover after a transient failure. For information on converting mirrored volumes to RAID1, see the Converting a Mirrored LVM Device to a RAID1 Device section in the LVM Administration guide.
  • Disk mirror log. To convert a mirrored mirror log to disk mirror log, use the following command: lvconvert --mirrorlog disk my_vg/my_lv.

The clvmd daemon has been deprecated

The clvmd daemon for managing shared storage devices has been deprecated. A future major release of Red Hat Enterprise linux will instead use the lvmlockd daemon.

The lvmetad daemon has been deprecated

The lvmetad daemon for caching metadata has been deprecated. In a future major release of Red Hat Enterprise Linux, LVM will always read metadata from disk.

Previously, autoactivation of logical volumes was indirectly tied to the use_lvmetad setting in the lvm.conf configuration file. The correct way to disable autoactivation continues to be setting auto_activation_volume_list=[] (an empty list) in the lvm.conf file.

The following packages have been deprecated and will not be included in a future major release of Red Hat Enterprise Linux:

Deprecated packagesProposed replacement package or product

authconfig

authselect

pam_pkcs11

sssd [a]

pam_krb5

sssd [b]

openldap-servers

Depending on the use case, migrate to Identity Management included in Red Hat Enterprise Linux; or to Red Hat Directory Server. [c]

mod_auth_kerb

mod_auth_gssapi

python-kerberos

python-krbV

python-gssapi

python-requests-kerberos

python-requests-gssapi

hesiod

No replacement available.

mod_nss

mod_ssl

mod_revocator

No replacement available.

[a] System Security Services Daemon (SSSD) contains enhanced smart card functionality.
[b] For details on migrating from pam_krb5 to sssd, see Migrating from pam_krb5 to sssd in the upstream SSSD documentation.
[c] Red Hat Directory Server requires a valid Directory Server subscription. For details, see also What is the support status of the LDAP-server shipped with Red Hat Enterprise Linux? in Red Hat Knowledgebase.

The Clevis HTTP pin has been deprecated

The Clevis HTTP pin has been deprecated and this feature will not be included in the next major version of Red Hat Enterprise Linux and will remain out of the distribution until a further notice.

crypto-utils has been deprecated

The crypto-utils packages have been deprecated, and they will not be available in a future major version of Red Hat Enterprise Linux. You can use tools provided by the openssl, gnutls-utils, and nss-tools packages instead.

All-numeric user and group names in shadow-utils has been deprecated

Creating user and group names consisting purely of numeric characters using the useradd and groupadd commands has been deprecated and will be removed from the system with the next major release. Such names can potentially confuse many tools that work with user and group names and user and group ids (which are numbers).

3DES is removed from the Python SSL default cipher list

The Triple Data Encryption Standard (3DES) algorithm has been removed from the Python SSL default cipher list. This enables Python applications using SSL to be PCI DSS-compliant.

sssd-secrets has been deprecated

The sssd-secrets component of the System Security Services Daemon (SSSD) has been deprecated in Red Hat Enterprise Linux 7.6. This is because Custodia, a secrets service provider, available as a Technology Preview, is no longer actively developed. Use other Identity Management tools to store secrets, for example the Vaults.

Support for earlier IdM servers and for IdM replicas at domain level 0 will be limited

Red Hat does not plan to support using Identity Management (IdM) servers running Red Hat Enterprise Linux (RHEL) 7.3 and earlier with IdM clients of the next major release of RHEL. If you plan to introduce client systems running on the next major version of RHEL into a deployment that is currently managed by IdM servers running on RHEL 7.3 or earlier, be aware that you will need to upgrade the servers, moving them to RHEL 7.4 or later.

In the next major release of RHEL, only domain level 1 replicas will be supported. Before introducing IdM replicas running on the next major version of RHEL into an existing deployment, be aware that you will need to upgrade all IdM servers to RHEL 7.4 or later, and change the domain level to 1.

Consider planning the upgrade in advance if your deployment will be affected.

Bug-fix only support for the nss-pam-ldapd and NIS packages in the next major release of Red Hat Enterprise Linux

The nss-pam-ldapd packages and packages related to the NIS server will be released in the future major release of Red Hat Enterprise Linux but will receive a limited scope of support. Red Hat will accept bug reports but no new requests for enhancements. Customers are advised to migrate to the following replacement solutions:

Affected packagesProposed replacement package or product

nss-pam-ldapd

sssd

ypserv

ypbind

portmap

yp-tools

Identity Management in Red Hat Enterprise Linux

Use the Go Toolset instead of golang

The golang package, previously available in the Optional channel, will no longer receive updates in Red Hat Enterprise Linux 7. Developers are encouraged to use the Go Toolset instead, which is available through the Red Hat Developer program.

mesa-private-llvm will be replaced with llvm-private

The mesa-private-llvm package, which contains the LLVM-based runtime support for Mesa, will be replaced in a future minor release of Red Hat Enterprise Linux 7 with the llvm-private package.

libdbi and libdbi-drivers have been deprecated

The libdbi and libdbi-drivers packages will not be included in the next Red Hat Enterprise Linux (RHEL) major release.

Ansible deprecated in the Extras channel

Ansible and its dependencies will no longer be updated through the Extras channel. Instead, the Red Hat Ansible Engine product has been made available to Red Hat Enterprise Linux subscriptions and will provide access to the official Ansible Engine channel. Customers who have previously installed Ansible and its dependencies from the Extras channel are advised to enable and update from the Ansible Engine channel, or uninstall the packages as future errata will not be provided from the Extras channel.

Ansible was previously provided in Extras (for AMD64 and Intel 64 architectures, and IBM POWER, little endian) as a runtime dependency of, and limited in support to, the Red Hat Enterprise Linux (RHEL) System Roles. Ansible Engine is available today for AMD64 and Intel 64 architectures, with IBM POWER, little endian availability coming soon.

Note that Ansible in the Extras channel was not a part of the Red Hat Enterprise Linux FIPS validation process.

The following packages have been deprecated from the Extras channel:

  • ansible(-doc)
  • libtomcrypt
  • libtommath(-devel)
  • python2-crypto
  • python2-jmespath
  • python-httplib2
  • python-paramiko(-doc)
  • python-passlib
  • sshpass

For more information and guidance, see the Knowledgebase article at https://access.redhat.com/articles/3359651.

Note that Red Hat Enterprise Linux System Roles continue to be distributed though the Extras channel. Although Red Hat Enterprise Linux System Roles no longer depend on the ansible package, installing ansible from the Ansible Engine repository is still needed to run playbooks which use Red Hat Enterprise Linux System Roles.

signtool has been deprecated and moved to unsupported-tools

The signtool tool from the nss packages, which uses insecure signature algorithms, has been deprecated. The signtool executable has been moved to the /usr/lib64/nss/unsupported-tools/ or /usr/lib/nss/unsupported-tools/ directory, depending on the platform.

TLS compression support has been removed from nss

To prevent security risks, such as the CRIME attack, support for TLS compression in the NSS library has been removed for all TLS versions. This change preserves the API compatibility.

Public web CAs are no longer trusted for code signing by default

The Mozilla CA certificate trust list distributed with Red Hat Enterprise Linux 7.5 no longer trusts any public web CAs for code signing. As a consequence, any software that uses the related flags, such as NSS or OpenSSL, no longer trusts these CAs for code signing by default. The software continues to fully support code signing trust. Additionally, it is still possible to configure CA certificates as trusted for code signing using system configuration.

Sendmail has been deprecated

Sendmail has been deprecated in Red Hat Enterprise Linux 7. Customers are advised to use Postfix, which is configured as the default Mail Transfer Agent (MTA).

dmraid has been deprecated

Since Red Hat Enterprise Linux 7.5, the dmraid packages have been deprecated. It will stay available in Red Hat Enterprise Linux 7 releases but a future major release will no longer support legacy hybrid combined hardware and software RAID host bus adapter (HBA).

Automatic loading of DCCP modules through socket layer is now disabled by default

For security reasons, automatic loading of the Datagram Congestion Control Protocol (DCCP) kernel modules through socket layer is now disabled by default. This ensures that userspace applications can not maliciously load any modules. All DCCP related modules can still be loaded manually through the modprobe program.

The /etc/modprobe.d/dccp-blacklist.conf configuration file for blacklisting the DCCP modules is included in the kernel package. Entries included there can be cleared by editing or removing this file to restore the previous behavior.

Note that any re-installation of the same kernel package or of a different version does not override manual changes. If the file is manually edited or removed, these changes persist across package installations.

rsyslog-libdbi has been deprecated

The rsyslog-libdbi sub-package, which contains one of the less used rsyslog module, has been deprecated and will not be included in a future major release of Red Hat Enterprise Linux. Removing unused or rarely used modules helps users to conveniently find a database output to use.

The inputname option of the rsyslog imudp module has been deprecated

The inputname option of the imudp module for the rsyslog service has been deprecated. Use the name option instead.

SMBv1 is no longer installed with Microsoft Windows 10 and 2016 (updates 1709 and later)

Microsoft announced that the Server Message Block version 1 (SMBv1) protocol will no longer be installed with the latest versions of Microsoft Windows and Microsoft Windows Server. Microsoft also recommends users to disable SMBv1 on earlier versions of these products.

This update impacts Red Hat customers who operate their systems in a mixed Linux and Windows environment. Red Hat Enterprise Linux 7.1 and earlier support only the SMBv1 version of the protocol. Support for SMBv2 was introduced in Red Hat Enterprise Linux 7.2.

For details on how this change affects Red Hat customers, see SMBv1 no longer installed with latest Microsoft Windows 10 and 2016 update (version 1709) in Red Hat Knowledgebase.

The -ok option of the tc command has been deprecated

The -ok option of the tc command has been deprecated and this feature will not be included in the next major version of Red Hat Enterprise Linux.

FedFS has been deprecated

Federated File System (FedFS) has been deprecated because the upstream FedFS project is no longer being actively maintained. Red Hat recommends migrating FedFS installations to use autofs, which provides more flexible functionality.

Btrfs has been deprecated

The Btrfs file system has been in Technology Preview state since the initial release of Red Hat Enterprise Linux 6. Red Hat will not be moving Btrfs to a fully supported feature and it will be removed in a future major release of Red Hat Enterprise Linux.

The Btrfs file system did receive numerous updates from the upstream in Red Hat Enterprise Linux 7.4 and will remain available in the Red Hat Enterprise Linux 7 series. However, this is the last planned update to this feature.

tcp_wrappers deprecated

The tcp_wrappers package has been deprecated. tcp_wrappers provides a library and a small daemon program that can monitor and filter incoming requests for audit, cyrus-imap, dovecot, nfs-utils, openssh, openldap, proftpd, sendmail, stunnel, syslog-ng, vsftpd, and various other network services.

nautilus-open-terminal replaced with gnome-terminal-nautilus

Since Red Hat Enterprise Linux 7.3, the nautilus-open-terminal package has been deprecated and replaced with the gnome-terminal-nautilus package. This package provides a Nautilus extension that adds the Open in Terminal option to the right-click context menu in Nautilus. nautilus-open-terminal is replaced by gnome-terminal-nautilus during the system upgrade.

sslwrap() removed from Python

The sslwrap() function has been removed from Python 2.7. After the 466 Python Enhancement Proposal was implemented, using this function resulted in a segmentation fault. The removal is consistent with upstream.

Red Hat recommends using the ssl.SSLContext class and the ssl.SSLContext.wrap_socket() function instead. Most applications can simply use the ssl.create_default_context() function, which creates a context with secure default settings. The default context uses the system’s default trust store, too.

Symbols from libraries linked as dependencies no longer resolved by ld

Previously, the ld linker resolved any symbols present in any linked library, even if some libraries were linked only implicitly as dependencies of other libraries. This allowed developers to use symbols from the implicitly linked libraries in application code and omit explicitly specifying these libraries for linking.

For security reasons, ld has been changed to not resolve references to symbols in libraries linked implicitly as dependencies.

As a result, linking with ld fails when application code attempts to use symbols from libraries not declared for linking and linked only implicitly as dependencies. To use symbols from libraries linked as dependencies, developers must explicitly link against these libraries as well.

To restore the previous behavior of ld, use the -copy-dt-needed-entries command-line option. (BZ#1292230)

Windows guest virtual machine support limited

As of Red Hat Enterprise Linux 7, Windows guest virtual machines are supported only under specific subscription programs, such as Advanced Mission Critical (AMC).

The libnetlink library contained in the iproute-devel package has been deprecated. The user should use the libnl and libmnl libraries instead.

S3 and S4 power management states for KVM have been deprecated

Native KVM support for the S3 (suspend to RAM) and S4 (suspend to disk) power management states has been discontinued. This feature was previously available as a Technology Preview.

The Certificate Server plug-in udnPwdDirAuth is discontinued

The udnPwdDirAuth authentication plug-in for the Red Hat Certificate Server was removed in Red Hat Enterprise Linux 7.3. Profiles using the plug-in are no longer supported. Certificates created with a profile using the udnPwdDirAuth plug-in are still valid if they have been approved.

Red Hat Access plug-in for IdM is discontinued

The Red Hat Access plug-in for Identity Management (IdM) was removed in Red Hat Enterprise Linux 7.3. During the update, the redhat-access-plugin-ipa package is automatically uninstalled. Features previously provided by the plug-in, such as Knowledgebase access and support case engagement, are still available through the Red Hat Customer Portal. Red Hat recommends to explore alternatives, such as the redhat-support-tool tool.

The Ipsilon identity provider service for federated single sign-on

The ipsilon packages were introduced as Technology Preview in Red Hat Enterprise Linux 7.2. Ipsilon links authentication providers and applications or utilities to allow for single sign-on (SSO).

Red Hat does not plan to upgrade Ipsilon from Technology Preview to a fully supported feature. The ipsilon packages will be removed from Red Hat Enterprise Linux in a future minor release.

Red Hat has released Red Hat Single Sign-On as a web SSO solution based on the Keycloak community project. Red Hat Single Sign-On provides greater capabilities than Ipsilon and is designated as the standard web SSO solution across the Red Hat product portfolio.

Several rsyslog options deprecated

The rsyslog utility version in Red Hat Enterprise Linux 7.4 has deprecated a large number of options. These options no longer have any effect and cause a warning to be displayed.

  • The functionality previously provided by the options -c, -u, -q, -x, -A, -Q, -4, and -6 can be achieved using the rsyslog configuration.
  • There is no replacement for the functionality previously provided by the options -l and -s

Deprecated symbols from the memkind library

The following symbols from the memkind library have been deprecated:

  • memkind_finalize()
  • memkind_get_num_kind()
  • memkind_get_kind_by_partition()
  • memkind_get_kind_by_name()
  • memkind_partition_mmap()
  • memkind_get_size()
  • MEMKIND_ERROR_MEMALIGN
  • MEMKIND_ERROR_MALLCTL
  • MEMKIND_ERROR_GETCPU
  • MEMKIND_ERROR_PMTT
  • MEMKIND_ERROR_TIEDISTANCE
  • MEMKIND_ERROR_ALIGNMENT
  • MEMKIND_ERROR_MALLOCX
  • MEMKIND_ERROR_REPNAME
  • MEMKIND_ERROR_PTHREAD
  • MEMKIND_ERROR_BADPOLICY
  • MEMKIND_ERROR_REPPOLICY

Options of Sockets API Extensions for SCTP (RFC 6458) deprecated

The options SCTP_SNDRCV, SCTP_EXTRCV and SCTP_DEFAULT_SEND_PARAM of Sockets API Extensions for the Stream Control Transmission Protocol have been deprecated per the RFC 6458 specification.

New options SCTP_SNDINFO, SCTP_NXTINFO, SCTP_NXTINFO and SCTP_DEFAULT_SNDINFO have been implemented as a replacement for the deprecated options.

Managing NetApp ONTAP using SSLv2 and SSLv3 is no longer supported by libstorageMgmt

The SSLv2 and SSLv3 connections to the NetApp ONTAP storage array are no longer supported by the libstorageMgmt library. Users can contact NetApp support to enable the Transport Layer Security (TLS) protocol.

dconf-dbus-1 has been deprecated and dconf-editor is now delivered separately

With this update, the dconf-dbus-1 API has been removed. However, the dconf-dbus-1 library has been backported to preserve binary compatibility. Red Hat recommends using the GDBus library instead of dconf-dbus-1.

The dconf-error.h file has been renamed to dconf-enums.h. In addition, the dconf Editor is now delivered in the separate dconf-editor package.

FreeRADIUS no longer accepts Auth-Type := System

The FreeRADIUS server no longer accepts the Auth-Type := System option for the rlm_unix authentication module. This option has been replaced by the use of the unix module in the authorize section of the configuration file.

The libcxgb3 library and the cxgb3 firmware package have been deprecated

The libcxgb3 library provided by the libibverbs package and the cxgb3 firmware package have been deprecated. They continue to be supported in Red Hat Enterprise Linux 7 but will likely not be supported in the next major releases of this product. This change corresponds with the deprecation of the cxgb3, cxgb3i, and iw_cxgb3 drivers listed above.

SFN4XXX adapters have been deprecated

Starting with Red Hat Enterprise Linux 7.4, SFN4XXX Solarflare network adapters have been deprecated. Previously, Solarflare had a single driver sfc for all adapters. Recently, support of SFN4XXX was split from sfc and moved into a new SFN4XXX-only driver, called sfc-falcon. Both drivers continue to be supported at this time, but sfc-falcon and SFN4XXX support is scheduled for removal in a future major release.

Software-initiated-only FCoE storage technologies have been deprecated

The software-initiated-only type of the Fibre Channel over Ethernet (FCoE) storage technology has been deprecated due to limited customer adoption. The software-initiated-only storage technology will remain supported for the life of Red Hat Enterprise Linux 7. The deprecation notice indicates the intention to remove software-initiated-based FCoE support in a future major release of Red Hat Enterprise Linux.

It is important to note that the hardware support and the associated user-space tools (such as drivers, libfc, or libfcoe) are unaffected by this deprecation notice.

For details regarding changes to FCoE support in RHEL 8, see Considerations in adopting RHEL 8.

Target mode in Software FCoE and Fibre Channel has been deprecated

  • Software FCoE:

    The NIC Software FCoE target functionality has been deprecated and will remain supported for the life of Red Hat Enterprise Linux 7. The deprecation notice indicates the intention to remove the NIC Software FCoE target functionality support in a future major release of Red Hat Enterprise Linux. For more information regarding changes to FCoE support in RHEL 8, see Considerations in adopting RHEL 8.

  • Fibre Channel:

    Target mode in Fibre Channel has been deprecated and will remain supported for the life of Red Hat Enterprise Linux 7. Target mode will be disabled for the tcm_fc and qla2xxx drivers in a future major release of Red Hat Enterprise Linux.

Containers using the libvirt-lxc tooling have been deprecated

The following libvirt-lxc packages are deprecated since Red Hat Enterprise Linux 7.1:

  • libvirt-daemon-driver-lxc
  • libvirt-daemon-lxc
  • libvirt-login-shell

Future development on the Linux containers framework is now based on the docker command-line interface. libvirt-lxc tooling may be removed in a future release of Red Hat Enterprise Linux (including Red Hat Enterprise Linux 7) and should not be relied upon for developing custom container management applications.

For more information, see the Red Hat KnowledgeBase article.

The Perl and shell scripts for Directory Server have been deprecated

The Perl and shell scripts, which are provided by the 389-ds-base package, have been deprecated. The scripts will be replaced by new utilities in the next major release of Red Hat Enterprise Linux.

The Shell Scripts and Perl Scripts sections in the Red Hat Directory Server Command, Configuration, and File Reference have been updated. The descriptions of affected scripts contain now a note that they are deprecated.

libguestfs can no longer inspect ISO installer files

The libguestfs library does no longer support inspecting ISO installer files, for example using the guestfish or virt-inspector utilities. Use the osinfo-detect command for inspecting ISO files instead. This command can be obtained from the libosinfo package.

Creating internal snapshots of virtual machines has been deprecated

Due to their lack of optimization and stability, internal virtual machine snapshots are now deprecated. In their stead, external snapshots are recommended for use. For more information, including instructions for creating external snapshots, see the Virtualization Deployment and Admnistration Guide.

IVSHMEM has been deprecated

The inter-VM shared memory device (IVSHMEM) feature has been deprecated. Therefore, in a future major release of RHEL, if a virtual machine (VM) is configured to share memory between multiple virtual machines in the form of a PCI device that exposes memory to guests, the VM will fail to boot.

The gnome-shell-browser-plugin subpackage has been deprecated

Since the Firefox Extended Support Release (ESR 60), Firefox no longer supports the Netscape Plugin Application Programming Interface (NPAPI) that was used by the gnome-shell-browser-plugin subpackage. The subpackage, which provided the functionality to install GNOME Shell Extensions, has thus been deprecated. The installation of GNOME Shell Extensions is now handled directly in the gnome-software package.

The VDO read cache has been deprecated

The read cache functionality in Virtual Data Optimizer (VDO) has been deprecated. The read cache is disabled by default on new VDO volumes.

In the next major Red Hat Enterprise Linux release, the read cache functionality will be removed, and you will no longer be able to enable it using the --readCache option of the vdo utility.

cpuid has been deprecated

The cpuid command has been deprecated. A future major release of Red Hat Enterprise Linux will no longer support using cpuid to dump the information about CPUID instruction for each CPU. To obtain similar information, use the lscpu command instead.

KDE has been deprecated

KDE Plasma Workspaces (KDE), which has been provided as an alternative to the default GNOME desktop environment has been deprecated. A future major release of Red Hat Enterprise Linux will no longer support using KDE instead of the default GNOME desktop environment.

Using virt-install with NFS locations is deprecated

With a future major version of Red Hat Enterprise Linux, the virt-install utility will not be able to mount NFS locations. As a consequence, attempting to install a virtual machine using virt-install with a NFS address as a value of the --location option will fail. To work around this change, mount your NFS share prior to using virt-install, or use a HTTP location.

The lwresd daemon has been deprecated

The lwresd daemon, which is a part of the bind package, has been deprecated. A future major release of Red Hat Enterprise Linux will no longer support providing name lookup services to clients that use the BIND 9 lightweight resolver library with lwresd.

The recommended replacements are:

  • The systemd-resolved daemon and nss-resolve API, provided by the systemd package
  • The unbound library API and daemon, provided by the unbound and unbound-libs packages
  • The getaddrinfo and related glibc library calls

The /etc/sysconfig/nfs file and legacy NFS service names have been deprecated

A future major Red Hat Enterprise Linux release will move the NFS configuration from the /etc/sysconfig/nfs file to /etc/nfs.conf.

Red Hat Enterprise Linux 7 currently supports both of these files. Red Hat recommends that you use the new /etc/nfs.conf file to make NFS configuration in all versions of Red Hat Enterprise Linux compatible with automated configuration systems.

Additionally, the following NFS service aliases will be removed and replaced by their upstream names:

  • nfs.service, replaced by nfs-server.service
  • nfs-secure.service, replaced by rpc-gssd.service
  • rpcgssd.service, replaced by rpc-gssd.service
  • nfs-idmap.service, replaced by nfs-idmapd.service
  • rpcidmapd.service, replaced by nfs-idmapd.service
  • nfs-lock.service, replaced by rpc-statd.service
  • nfslock.service, replaced by rpc-statd.service

The JSON export functionality has been removed from the nft utility

Previously, the nft utility provided an export feature, but the exported content could contain internal ruleset representation details, which was likely to change without further notice. For this reason, the deprecated export functionality has been removed from nft starting with RHEL 7.7. Future versions of nft, such as provided by RHEL 8, contain a high-level JSON API. However, this API not available in RHEL 7.7.

The openvswitch-2.0.0-7 package in the RHEL 7 Optional channel has been deprecated

RHEL 7.5 introduced the openvswitch-2.0.0-7.el7 package in the RHEL 7 Optional channel as a dependency of the NetworkManager-ovs package. This dependency no longer exists and, as a result, openvswitch-2.0.0-7.el7 is now deprecated.

Note that Red Hat does not support packages in the RHEL 7 Optional channel and that openvswitch-2.0.0-7.el7 will not be updated in the future. For this reason, do not use this package in production environments.

Deprecated PHP extensions

The following PHP extensions have been deprecated:

  • aspell
  • mysql
  • memcache

Deprecated Apache HTTP Server modules

The following modules of the Apache HTTP Server have been deprecated:

  • mod_file_cache
  • mod_nss
  • mod_perl

Apache Tomcat has been deprecated

The Apache Tomcat server, a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies, has been deprecated. Red Hat recommends that users requiring a servlet container use the JBoss Web Server.

The DES algorithm is deprecated in IdM

Due to security reasons, the Data Encryption Standard (DES) algorithm is deprecated in Identity Management (IdM). The MIT Kerberos libraries provided by the krb5-libs package do not support using the Data Encryption Standard (DES) in new deployments. Use DES only for compatibility reasons if your environment does not support any newer algorithm.

Red Hat also recommends to avoid using RC4 ciphers over Kerberos. While DES is deprecated, the Server Message Block (SMB) protocol still uses RC4. However, the SMB protocol can also use the secure AES algorithms.

For further details, see:

Appendix A. Component Versions

This appendix provides a list of key components and their versions in the Red Hat Enterprise Linux 7.7 Beta release.

Table A.1. Component Versions

ComponentVersion

kernel

3.10.0-1049

kernel-alt

4.14.0-115

QLogic qla2xxx driver

10.00.00.12.07.7-k

QLogic qla4xxx driver

5.04.00.00.07.02-k0

Emulex lpfc driver

0:12.0.0.10

iSCSI initiator utils (iscsi-initiator-utils)

6.2.0.874-11

DM-Multipath (device-mapper-multipath)

0.4.9-127

LVM (lvm2)

2.02.185-1

qemu-kvm[a]

1.5.3-160

qemu-kvm-ma[b]

2.12.0-18

[a] The qemu-kvm packages provide KVM virtualization on AMD64 and Intel 64 systems.
[b] The qemu-kvm-ma packages provide KVM virtualization on IBM POWER8, IBM POWER9, and IBM Z. Note that KVM virtualization on IBM POWER9 and IBM Z also requires using the kernel-alt packages.

Appendix B. List of tickets by component

ComponentTickets

NetworkManager

BZ#1652910, BZ#1652653

anaconda

BZ#1678353, BZ#1620109, BZ#1489713, BZ#1637112, BZ#1614049, BZ#1456652

ansible

BZ#1439896

bind

BZ#1325789, BZ#1640561

binutils

BZ#1644632

ca-certificates

BZ#1619444

chrony

BZ#1636117, BZ#1600882

compat-libgfortran-41

BZ#1628391

compat-sap-c++-8

BZ#1669683

corosync

BZ#1413573

criu

BZ#1400230

cups-filters

BZ#1485502

cups

BZ#1570480

custodia

BZ#1403214

dbus

BZ#1568856

desktop

BZ#1481411

dhcp

BZ#1193799

dnf

BZ#1461652

dyninst

BZ#1498558

elfutils

BZ#1676504

enscript

BZ#1573876

fence-agents

BZ#1476401

filesystems

BZ#1274459, BZ#1111712, BZ#1206277, BZ#1477977

firewalld

BZ#1637204

gcc-libraries

BZ#1551629

gdb

BZ#1639077

ghostscript

BZ#1636115

glibc

BZ#1555189, BZ#1039304, BZ#1427734, BZ#1591268, BZ#1472832

gnome-documents

BZ#1695699

gnome-shell

BZ#1481395

gnome-software

BZ#1591270

gnome-tweak-tool

BZ#1474852

grub2

BZ#1630678

hardware-enablement

BZ#1062759, BZ#1384452, BZ#1519746, BZ#1660791

identity-management

BZ#1664447, BZ#1405325

image-builder

BZ#1713880

ipa

BZ#1690037, BZ#1390757, BZ#1586268, BZ#1690191, BZ#1518939, BZ#1115294, BZ#1298286

ipset

BZ#1646666, BZ#1649080, BZ#1649877, BZ#1650297

kernel-rt

BZ#1642619, BZ#1593361

kernel

BZ#1653428, BZ#1511372, BZ#1680426, BZ#1636601, BZ#1698453, BZ#1528466, BZ#1632575, BZ#1429792, BZ#1607252, BZ#1559615, BZ#1230959, BZ#1460849, BZ#1464377, BZ#1457533, BZ#1503123, BZ#1589397, BZ#1622413, BZ#1691868, BZ#1549355, BZ#1509444

kexec-tools

BZ#1600148

krb5

BZ#1605756, BZ#1645711

ksh

BZ#1503922

libdb

BZ#1608749

libguestfs

BZ#1463620, BZ#1441197, BZ#1387213, BZ#1477912, BZ#1509931, BZ#1481930

libreswan

BZ#1375750, BZ#1544463

libvirt

BZ#1475770

linuxptp

BZ#1650672, BZ#1623919

lorax

BZ#1659129

lvm2

BZ#1674563, BZ#1643651

make

BZ#1582545

mysql-connector-java

BZ#1646363

ndctl

BZ#1635441

networking

BZ#916384, BZ#916382, BZ#755087, BZ#1259547, BZ#1393375, BZ#1062656, BZ#1574536, BZ#1489758, BZ#1708807

nss

BZ#1619443, BZ#1212132, BZ#1431210, BZ#1425514, BZ#1432142, BZ#1552854

openscap

BZ#1694962

ovmf

BZ#653382

pacemaker

BZ#1461964

pcp

BZ#1647308, BZ#1600262

pcs

BZ#1433016

perl-DateTime-TimeZone

BZ#1537984

php

BZ#1646158

pki-core

BZ#1633422

policycoreutils

BZ#1647714

python3

BZ#1597718

qemu-kvm-rhev

BZ#1615682

quota

BZ#1601109, BZ#1697605

rear

BZ#1685166

resource-agents

BZ#1513957

rpm

BZ#1663264, BZ#1550745

samba

BZ#1649434

scap-security-guide

BZ#1695213, BZ#1684545, BZ#1630739, BZ#1631378

selinux-policy

BZ#1487350, BZ#1619306, BZ#1564470, BZ#1650909

shadow-utils

BZ#1498628

sssd

BZ#1194345, BZ#1068725

storage

BZ#1649493, BZ#1707805, BZ#1109348, BZ#1119909, BZ#1414957, BZ#1712664

sudo

BZ#1618702

system-management

BZ#1712833

systemd

BZ#1284974

systemtap

BZ#1669605

tools

BZ#1643472

trace-cmd

BZ#1655111

tuned

BZ#1643654, BZ#1649408, BZ#1714595

usbguard

BZ#1480100

valgrind

BZ#1519410

vim

BZ#1563419

virtualization

BZ#1103193, BZ#1348508, BZ#1299662, BZ#1708465, BZ#1667478

xorg-x11-drv-qxl

BZ#1640918

ypserv

BZ#1624295

other

BZ#1569484, BZ#1714480

Appendix C. Revision History

0.0-0

Wed Jun 05 2019, Lenka Špačková (lspackova@redhat.com)

  • Release of the Red Hat Enterprise Linux 7.7 Beta Release Notes.

Legal Notice

Copyright © 2019 Red Hat, Inc.
The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, the Red Hat logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
Node.js® is an official trademark of Joyent. Red Hat is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
The OpenStack® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.
All other trademarks are the property of their respective owners.