Chapter 5. Compiler and Tools

tail --follow now works properly on files on Veritas Clustered file system (VXFS)

Veritas Clustered file system (VXFS) is a remote file system, and for remote file systems, tail cannot use inotify functionality for --follow mode. Veritas Clustered file system has now been added to the list of remote file systems, for which polling mode is used instead of inotify. tail --follow can now work properly even when used on files on VXFS.

The dd command now capable of showing transfer progress

The dd command, which is used for copying files by bytes, now provides the status=progress option for showing the progress of the transfer. This is especially useful for transfers of large files because it allows the user to estimate the time left and detect potential issues with the transfer.

Improved wait times in libcurl

The libcurl library used an unnecessarily long blocking delay for actions with no active file descriptors, even for short operations. This meant that some actions, such as resolving a host name using /etc/hosts, took an artificially long time to complete. The blocking code in libcurl has now been modified so that the initial delay is short, and gradually increases until an event occurs. Fast libcurl operations now complete more quickly.

The libcurl library now implements a non-blocking SSL handshake

Previously, the libcurl library did not implement a non-blocking SSL handshake, which negatively affected performance of applications based on the libcurl multi API. To solve this problem, the non-blocking SSL handshake has been implemented in libcurl, and the libcurl multi API now immediately returns the control back to the application whenever it cannot read or write data from or to the underlying network socket.

GDB on IBM Power Systems no longer fails when accessing the symbol table

Previously, GDB on 64-bit IBM Power Systems incorrectly deallocated an important variable that held the symbol table for the binary being debugged, which caused a segmentation fault when GDB tried to access that symbol table. To solve this issue, this specific variable has been made persistent, and GDB can now access the needed information later during the debugging session, without reading an invalid memory region.

nscd updated to automatically reload configuration data

This update of Name Server Caching Daemon (nscd) adds a system of inotify-based monitoring and stat-based backup monitoring for nscd configuration files, so that nscd now correctly detects changes to its configuration and reloads the data. This prevents nscd from returning stale data.

The dlopen library function no longer crashes on recursive calls

Previously, a defect in the library function dlopen could cause recursive calls to this function to crash or abort with a library assertion. Recursive calls are possible if a user-provided malloc implementation calls dlopen.
The implementation is now reentrant, and recursive calls no longer crash or abort with an assertion.

The operf tool now recognizes static huge page identifiers

Previously, when profiling performance of Java just-in-time (JIT) compiled code with static huge pages enabled, OProfile's operf command recorded a large number of event samples to anonymous memory (in anon_hugepage) instead of to the appropriate Java method. With this update, operf recognizes the static huge page identifiers and correctly maps samples to Java methods when using statically allocated huge pages.

rsync -X now works correctly

Previously, the rsync tool changed the file ownership after, not before, setting security attributes. As a consequence, the security attributes on the target were missing, and running the rsync -X command did not work correctly under certain circumstances. With this update, the order of the operations has been switched, and rsync now changes the ownerships before setting the security attributes. As a result, the security attributes are present as expected in the described situation.

Subversion executables now built with full RELRO data

The executables supplied with the subversion package are now built with fully read-only relocation data (RELRO), which provides protection against some types of memory corruption attacks. As a result, it will be harder to successfully exploit Subversion if future vulnerabilities are discovered.

The thread extension in TCL now works correctly

Previously, the threading support in the Tool Command Language (TCL) was not implemented optimally. If the fork() call was used together with thread extension enabled in the TCL interpreter, the process could become unresponsive. Because of that, the TCL interpreter and the TK application were previously shipped with the thread extension disabled. As a consequence, third-party applications depending on threaded TCL or TK did not work correctly. A patch has been implemented to fix this bug, and TCL and TK now have the thread extension enabled by default.

AES cipher suites can be explicitly enabled or disabled for TLS

With the updated curl packages, it is possible to explicitly enable or disable new Advanced Encryption Standard (AES) cipher suites to be used for the TLS protocol.

OpenJDK 7 now supports ECC

With this update, OpenJDK 7 supports Elliptic Curve Cryptography (ECC) and the associated ciphers for TLS connections. ECC is in most cases preferable to older cryptographic solutions for making secure network connections.

ABRT is now able to save a core_backtrace file instead of a whole coredump

ABRT can now be configured to generate a backtrace without writing a coredump file to the disk. This can save time when working with processes which have allocated large blocks of memory. This feature can be enabled by setting the CreateCoreBacktrace option to yes and the SaveFullCore option to no in the /etc/abrt/plugins/CCpp.conf file.

Security features added to the Python standard library

A number of security enhancements, which are described in the 466 Python Enhancent Proposal (http://legacy.python.org/dev/peps/pep-0466/), have been backported to the Python standard library. The security enhancements include, for example, new features in the ssl module, such as support for Server Name Indication (SNI) as well as support for new TLSv1.x protocols, new hash algorithms in the hashlib module, and much more.

New global settings for SSL/TLS certificate verification in the Python standard library

New options have been added that allow users to globally enable or disable SSL/TLS certificate verification in the HTTP clients (such as urllib, httplib, or xmlrpclib) of the Python standard library. The options are described in the 493 Python Enhancement Proposal (https://www.python.org/dev/peps/pep-0493/). The default value is to not verify certificates. For details, see https://access.redhat.com/articles/2039753.