Chapter 25. Compiler and Tools

Support of OpenMP 4.5 for libgomp in GCC

This update provides support for the new version of OpenMP in GCC to allow programs in the Developer Toolset to properly link and run. (BZ#1357060)

Better stack protection in GCC

Prior to this update, GCC stack protection did not work for functions that only contained variable-length arrays and no other (or only very small) arrays. Consequently, a buffer overflow error could occur undetected. This bug has been fixed and the compiler is now able to instrument even such functions. (BZ#1289022)

gdbserver now supports seamless debugging of processes from containers

Prior to this update, when GDB was executing inside a Super-Privileged Container (SPC) and attached to a process that was running in another container on Red Hat Enterprise Linux Atomic Host, GDB did not locate the binary images of the main executable or any shared libraries loaded by the process to be debugged.
As a consequence, GDB may have displayed error messages relating to files not being present, or being present but mismatched. Also, GDB may have seemed to attach correctly, but subsequent commands may have failed or displayed corrupted information.
In Red Hat Enterprise Linux 7.3, gdbserver has been extended for seamless support of debugging processes from containers. The Red Hat Enterprise Linux 7.3 version of gdbserver newly supports the qXfer:exec-file:read and vFile:setfs packets. However, the Red Hat Enterprise Linux 7.3 version of gdb cannot use these packets. The Red Hat Developer Toolset 4.1 (or higher) version of gdb is recommended for use with containers and with Red Hat Enterprise Linux 7.3 gdbserver. The Red Hat Developer Toolset version of gdbserver can be used as well.
Red Hat Enterprise Linux 7.3 gdb can now suggest using gdbserver when run with the -p parameter (or the attach command) and when, at the same time, it detects that the process being attached is from a container. Red Hat Enterprise Linux 7.3 gdb now also suggests the explicit use of the file command to specify the location of the process executable in the container being debugged. The file command does not need to be entered when the Red Hat Developer Toolset version of gdb is being used instead.
With this update, Red Hat Enterprise Linux 7.3 gdbserver provides seamless debugging of processes from containers together with Red Hat Developer Toolset 4.1 (or higher) gdb. Additionally, Red Hat Enterprise Linux 7.3 gdb guides the user through the debugging of processes from containers when Red Hat Developer Toolset gdb is not available. (BZ#1186918)

GDB no longer kills running processes with deleted executables

Prior to this update, GDB attempting to attach to a running process with a deleted executable would accidentally kill the process. This bug has been fixed, and GDB no longer erroneously kills processes with deleted executables. (BZ#1326476)

GDB now generates smaller core files and respects core-dump filtering

The gcore command, which provides GDB with its own core-dumping functionality, has been updated to more closely simulate the function of the Linux kernel core-dumping code, thus generating smaller core-dump files. GDB now also respects the /proc/PID/coredump_filter file, which controls what memory segments are written to core-dump files. (BZ#1265351)

Better error message for AArch64

For the AArch64 target, if a program declared a global variable as a type smaller than an integer, but then referred to it in another file as if it were an integer, the linker could generate a confusing error message. This update fixes the error message, clearly identifying the cause and suggesting a possible reason for the error to the user. (BZ#1300543)

Large and/or high-address programs now link and execute correctly on AArch64

Previously, incorrect code in the linker could result in incorrect branch stubs being generated. Consequently, programs that were very big or if the programmer coded parts of the program to exist at a very high address, failed to link. The bug has been fixed and the correct kind of branch stub is now selected. (BZ#1243559)

The opreport and opannote utilities now properly analyze archive data.

Previously, when using oparchive to store data, the associated samples were not included in the archive. In addition, the oprofile utilities selected data in the current working oprofile_data directory rather than in the archive. Consequently, the opreport and opannote utilities were unable to properly analyze data in an archive generated by oparchive. This update provides a fix for storing the profiling samples in the archive and selecting them for use with archives, and opreport and opannote now work as expected. (BZ#1264443)

Events with identical numerical unit masks are now handled by their names

The 5th-generation Core i3, i5, and i7 Intel processors have some events that have multiple unit masks with the same numerical value. As a consequence, some events' default unit masks were not found and selected. This update changes the events to use a name rather than a numerical value for the default unit mask, thus fixing this bug. (BZ#1272136)

New MACRO_INSTS_FUSED event identifier

Previously, the MACRO_INSTS identifier was used for two different events in the 1th-generation Core i3, i5, and i7 Intel processors. As a consequence, it was impossible to clearly select either event by using MACRO_INSTS. This update renames one of the events to MACRO_INSTS_FUSED, thus fixing this bug. (BZ#1335145)

Applications no longer crash upon multiple libpfm initializations

Previously, when the libpfm initialization code was called multiple times (for example, in the PAPI fmultiplex1 test), when run as root, the libpfm internal data structures became corrupted, causing an unexpected termination. This update ensures the counter of available events is properly reset and applications using libpfm running as root no longer crash when libpfm is reinitialized. (BZ#1276702)

Removal of purposeless warning message for physically non-existing nodes

Previously, when the numa_node_to_cpus() function was called on a node which did not have an entry in the sysfs directory, the libnuma library always printed a warning message about an invalid sysfs. Consequently, libnuma printed the confusing warning message also for physically non-existing nodes (for example, for non-contiguous node numbers) and this warning could not be overridden when the function was called using the dlsym interface. With this update, the mentioned warning message is printed just for NUMA nodes that were found during an initial scan but then did not appear in sysfs. As a result, users of libnuma no longer receive the warning message for non-contiguous node numbers. (BZ#1270734)

Selection of OpenJDK version family now remembered across updates

Prior to this update, when a user had multiple JDKs installed, yum update always updated to the newest JDK even if the user had previously selected some lower-prioritized JDK. This update introduces the --family switch for chkconfig, which makes sure that the selected JDK remains in the version family after system updates. (BZ#1296413)

RC4 is now disabled by default in OpenJDK 6 and OpenJDK 7

Earlier OpenJDK packages allowed the RC4 cryptographic algorithm to be used when making secure connections using Transport Layer Security (TLS). This algorithm is no longer secure, and it has been disabled in this release. To retain its use, it is necessary to revert to the earlier setting of the jdk.tls.disabledAlgorithms of SSLv3, DH keySize < 768. This can be done permanently in the <java.home>/jre/lib/security/java.security file or by adding the following line:
jdk.tls.disabledAlgorithms=SSLv3, DH keySize < 768
to a new text file and passing the location of that file to Java on the command line using the -Djava.security.properties=<path to file> argument. (BZ#1302385)

zsh no longer deadlocks on malloc() execution

Previously, if the zsh process received a signal during the execution of a memory allocation function and the signal handler attempted to allocate or free memory, zsh entered a deadlock and became unresponsive. With this update, signal handlers are no longer enabled while handling the global state of zsh or while using the heap memory allocator. This ensures that the described deadlock no longer occurs. (BZ#1267912)

SCSI device types described using multiple words are now handled correctly

Prior to this update, the rescan-scsi-bus.sh tool misinterpreted SCSI device types that were described using more than one word, for example, Medium Changer or Optical Device. Consequently, when the script was run on systems that had such device types attached, the script printed multiple misleading error messages. With this update, device types described with multiple words are handled correctly, and the proper device-type description is returned to the user without any errors. (BZ#1298739)

Sphinx builds HTML documentation in FIPS mode properly

Previously, the Python Sphinx generator failed to build documentation in the HTML format on systems with FIPS mode activated. With this update,the use of the md5() function has been fixed by setting the used_for_security parameter to false. As a result, Sphinx now builds HTML documentation as expected. (BZ#966954)

Perl interpreter no longer crashes after using the PerlIO locale pragma

When a thread was spawned after using the PerlIO locale pragma, the Perl interpreter terminated unexpectedly with a segmentation fault. An upstream patch has been applied, which fixes PerlIO::encoding object duplication. As a result, threads are correctly created after setting a file handle encoding. (BZ#1344749)

Line endings are now preserved in files uploaded with the Net::FTP Perl module in text mode

Previously, when uploading a file with the Net::FTP Perl module in text mode, ends of lines in the uploaded file were incorrectly transformed. This update corrects end-of-line normalization from local to Network Virtual Terminal (NVT) encoding when uploading data to an FTP server, and the described problem no longer occurs. (BZ#1263734)

Perl interpreter no longer crashes when using glob() with a threaded program

Previously, when calling the Perl glob() function after spawning a thread, the Perl interpreter terminated unexpectedly with a segmentation fault. An upstream patch has been applied to clone glob() interpreter-wide data, and using Perl glob() with a threaded program now works as expected. (BZ#1223045)

cgroup values can now be correctly displayed for threads under a parent process by using ps -o thcgr

Previously, the ps command displayed only the control group (cgroup) of the parent process. Consequently, cgroup values of the threads under a parent process were identical to the cgroup value of the parent process. This update introduces a new option, thcgr, to maintain compatibility with current cgroup listing. When the thcgr option is used, the correct individual cgroup values are displayed for threads under the parent process. (BZ#1284087)

pmap no longer reports incorrect totals

With the introduction of VmFlags in the kernel smaps interface, the pmap tool could no longer reliably process the content due to format differences of the VmFlags entry. As a consequence, pmap reported incorrect totals. The underlying source code has been patched, and pmap now works as expected. (BZ#1262864)

vmstat -d is now able to display devices with longer names

When a disk statistics report is required, only the first 15 characters of the device name were previously read from the /proc/diskstats file. Consequently, devices with names longer than 15 characters were not shown in the output of the vmstat -d command. With this update, the formatting string has been changed to read up to 31 characters, and devices with longer names are now correctly displayed by vmstat -d. (BZ#1169349)

A new perl-Perl4-CoreLibs subpackage contains previously removed files

The provides tag was incorrectly set for previously deprecated files that were no longer included in the perl package. To fix this bug, these files have been backported from the previous version of Perl and are now provided by a newly created perl-Perl4-CoreLibs subpackage. (BZ#1365991)

GSS-Proxy caches file descriptors less frequently

Previously, the mechglue layer of GSS-Proxy cached file descriptors for the lifetime of the process. As a consequence, daemons that often change the UID or GID, such as as autofs, could behave unexpectedly. A patch has been applied to close and reopen the connection to GSS-Proxy when an ID changes. As a result, GSS-Proxy caches file descriptors less frequently and daemons that change the UID or GID now work as expected. (BZ#1340259)

Fix to the PAPI_L1_TCM event computation

Previously, the PAPI presets for L1 total cache misses (PAPI_L1_TCM) was computed incorrectly on 4th-generation Core i3, i5, and i7 Intel processors. This update fixes the computation of the PAPI_L1_TCM event and programs using PAPI_L1_TCM on these processors now get more accurate measurements. (BZ#1277931)

More accurate PAPI_L1_DC* event on IBM Power7 and IBM Power8 platforms

Previously, the PAPI event presets for cache events incorrectly computed derived values for various IBM Power7 and Power8 processors. Consequently, the PAPI_L1_DCR, PAPI_L1_DCW, and PAPI_L1_DCA event values were incorrect. The preset computations have been fixed and the mentioned events are now more accurate. (BZ#1263666)

Improved Postfix expression parser

Previously, the Postfix expression parser used to calculate derived metrics from expressions in the papi_events.csv file did not perform proper error checking and incorrectly parsed some expressions. Consequently, the parser could potentially write outside the buffers being used to compute the value of a derived metric and cause stack smashing errors for some expressions. A fix has been provided for the parser to prevent it from overwriting memory with incorrect expressions. Now, the parser properly and robustly parses Postfix expressions in papi_events.csv and reports errors on improper expressions rather than overwriting random regions of memory. (BZ#1357587)

Undefined variable in the udp() function of the python-dns toolkit is now set

Previously, the python-dns toolkit used an undefined response_time variable in the finally section of the udp() function. As a consequence, an incorrect exception was displayed to the user. This bug has been fixed and the correct exception is returned. (BZ#1312770)

zsh parses unescaped exclamation marks correctly now

Previously, zsh parser state was insufficiently initialized. Consequently, zsh failed to parse unescaped exclamation marks in a text string. With this update, zsh properly initializes the parser state. As a result, zsh now parses unescaped exclamation marks correctly. (BZ#1338689)

zsh no longer hangs when receiving a signal while processing a job exit

Previously, signal handlers were enabled while processing a job exit in zsh. Consequently, if a signal was received while using the memory allocator and its handler attempted to allocate or free memory, the zsh process ended up in a deadlock and became unresponsive. With this update, signal handlers are no longer enabled while processing a job exit. Instead, signals are queued for delayed execution of the signal handlers. As a result, the deadlock no longer occurs and zsh no longer hangs. (BZ#1291782)

zsh handles the out of memory scenario gracefully now

The zsh shell allocates memory while printing the out of memory fatal error message. Previously, if the printing routine failed to allocate memory, it triggered an infinite recursion. Consequently, the zsh process terminated unexpectedly due to a stack overflow. With this update, the infinite recursion no longer appears in this scenario. As a result, after printing the fatal error message, zsh now terminates gracefully in case it runs out of memory. (BZ#1302229)

Syntax check in ksh compatibility mode now works as expected in zsh

Previously, while checking the syntax of a shell script in ksh compatibility mode, zsh incorrectly initialized the $HOME internal variable. Consequently, the zsh process terminated unexpectedly after it attempted to dereference a NULL pointer. With this update, the $HOME internal variable is properly initialized. As a result, the syntax check in ksh compatibility mode now works as expected in zsh. (BZ#1267251)

Parsing command substitutions no longer corrupts command history

Previously, commands having the $() command substitution construct were recorded incorrectly in the command history. This bug has been fixed and parsing command substitutions no longer corrupts command history. (BZ#1321303)

haproxy configuration files can now use host names longer than 32 characters correctly

Previously, when haproxy was configured to use peer host names, a bug caused host names longer than 32 characters to be truncated. As a consequence, the haproxy configuration files became invalid. This bug has now been fixed, and host names specified as peers can now safely exceed 32 characters. (BZ#1300392)

RPM verification failures no longer occur after installing psacct

When installing the psacct packages, the mode of the /var/account/pacct file was previously not set consistently with logrotate rules for psacct. As a consequence, the mode of /var/account/pacct stayed different from these rules after the installation and caused RPM verification failures. With this update, the mode of /var/account/pacct is set to 0600 during installation of psacct to align with logrotate ghost file rules. As a result, RPM verification failures no longer occur. (BZ#1249665)

The system is no longer rebooted unexpectedly due to SIGINT passed by sadc

Due to a race condition, the sadc command sometimes passed the SIGINT signal to the init process. As a consequence, the system could be unexpectedly rebooted. This update adds a verification that the SIGINT signal is not sent to the init process. As a result, the system is no longer rebooted unexpectedly. (BZ#1328490)

pidstat no longer outputs values above 100% for certain fields

Previously, the pidstat command could, under rare circumstances, run out of preallocated space for PIDs on systems with many short-lived processes. As a consequence, the pidstat output contained nonsensical values larger than 100%, in the %CPU, %user, and %sys fields. With this update, pidstat automatically reallocates space for PIDs, and outputs correct values for all fields. (BZ#1224882)

/usr/bin/nfsiostat provided by sysstat has been deprecated in favor of /sbin/nfsiostat provided by nfs-utils

Previously, two packages provided executables of the same name: the sysstat packages provided /usr/bin/nfsiostat and the nfs-utils packages provided /sbin/nfsiostat. As a consequence, it was not clear which binary was executed unless the full path was specified. The nfsiostat utility provided by sysstat has been deprecated in favor of the one provided by nfs-utils. In a transition period, the nfsiostat binary from the sysstat packages is renamed to nfsiostat-sysstat. (BZ#846699)

iostat can now print device names longer than 72 characters

Previously, device names longer than 72 characters were truncated in the iostat command output because the device name field was too short. The allocated space for device names has been increased to 128 characters, and iostat can now print longer device names in the output. (BZ#1267972)

Copying sparse files with trailing extents using cp no longer causes data corruption

When creating sparse files, the fallocate utility could allocate extents beyond EOF using FALLOC_FL_KEEP_SIZE. As a consequence, when there was a gap (hole) between the extents, and EOF was within that gap, the final hole was not reproduced, which caused silent data corruption in the copied file due to its size being too small. With this update, the cp command ensures that extents beyond the apparent file size are not processed, as such processing and allocating is not currently supported. As a result, silent data corruption in certain type of sparse files no longer occurs. (BZ#1284906)

NFS shares mounted by autofs no longer cause timeouts when listing local mounts using df

A bug in df could previously cause NFS shares mounted by autofs to be detected as local mounts. Attempts to list only local mounts using the -l option then timed out, because df was attempting to list these incorrectly detected shares. This bug has been fixed, and listing local mounts now works as expected. (BZ#1309247)

ksh now correctly displays login messages

When logging in to an interactive login shell, the contents of the /etc/profile script are executed in order to set up an initial environment. Messages which should have been displayed to the user upon logging in to the Korn shell (ksh) were suppressed due to an internal test to determine whether the shell is a login shell that relied upon the value of the PS1 environment variable having already been set before /etc/profile was executed. However, this environment variable is set in the Korn shell only after /etc/profile is executed, which led to messages never being displayed to ksh users. This update provides an alternative test that does not rely on the PS1 variable being set before /etc/profile execution, with the result that messages are properly displayed to users of the Korn shell upon login. (BZ#1321648)

New POSIX semaphore destruction semantics

Previously, the implementation of POSIX semaphores in glibc did not follow the current POSIX requirements for semaphores to be self-synchronizing. As a consequence, the sem_post() and sem_wait() functions could terminate unexpectedly or return the EINVAL error code because they accessed the semaphore after it has been destroyed. This update provides an implementation of the new POSIX semaphore destruction semantics which keeps track of waiters, avoiding premature destruction of the semaphore. The semaphores implemented by glibc are now self-synchronizing, thus fixing this bug. (BZ#1027348)

Disks are now cleanly unmounted after SELinux automatic re-label

Previously, after SELinux relabel, the rhel-autorelabel script started system reboot by running the systemctl --force reboot command. Consequently, certain steps required to cleanly unmount the rootfs image and deactivate the underlying Device Mapper (DM) device were skipped. To fix this bug, the rhel-autorelabel script has been modified to invoke the dracut-initframs-restore script before the reboot. As a result, disks are now cleanly unmounted in the described scenario. (BZ#1281821)

sosreport now correctly collects output of sources with non-ASCII characters

Prior to this update, the sosreport was not fully generated when the sosreport utility attempted to collect the output of a file or command whose name included non-ASCII characters. With this update, such files and commands are properly collected and reported in the utility. (BZ#1296813)

Configuring kdump to an NFS target destination is now possible in the Kernel Dump Configuration GUI

Previously, the input box for NFS target destination in the Kernel Dump Configuration GUI did not indicate that an export path needs to be entered. Consequently, users were not able to configure the kdump feature to a NFS target destination when using this GUI. With this update, the input box label has been changed to indicate that an export path is required, and users are able to configure kdump in the described situation. (BZ#1208191)

Correct warning message when configuring kdump to a NFS target with NFS shares unmounted

Prior to this update, users were warned with confusing error messages when trying to configure the kdump to a NFS target destination if NFS shares were not mounted. The system-config-kdump utility operated through the Kernel Dump Configuration GUI, did not indicate that the NFS export needs to be mounted before applying the kdump configuration. Instead, multiple confusing error messages were returned. With this update the warning message has been changed to indicate that the NFS export is currently not mounted and that it should already be mounted in the moment of kdump configuration. This warning message is less confusing and provides the user with proper information on how to successfully complete the kdump configuration. (BZ#1121590)

lparstat no longer fails due to long lines in /proc/interrupts

Prior to this update, if the SPU line in the /proc/interrupts file was longer than 512 characters, using the lparstat command failed. With this update, lparstat properly parses interrupt lines, and thus returns correct results in the described circumstances. (BZ#1366512)

lparstat default output mode now reports properly

Previously, when using the default output mode of the lparstat utility, lparstat incorrectly reported the value of certain parameters, for example physc, as 0.00. This problem has been fixed, and the affected values are now displayed properly. (BZ#1347083)

The Socket::getnameinfo module now works correctly with tainted values

Previously, the Perl Socket::getnameinfo module failed to process tainted values. This update applies a patch and as a result, the module now works correctly with tainted values. (BZ#1200167)

The python-sphinx module no longer fails to build documentation

Previously, the man-page writer module of the python-sphinx package missed the meta and inline node visitors. As a consequence, building documentation could fail. A patch has been provided to add the missing node visitors and as a result, documentation now builds successfully. (BZ#1291573)

Programs no longer run out of memory when repeatedly listing available polkit actions

Previously, the polkit client library did not correctly free memory when listing available actions, which could cause programs to run out of memory and terminate. With this update, the library frees the memory correctly, and programs no longer crash in this scenario. (BZ#1310738)

unzip now supports non-latin and non-unicode encodings

Previously, unzip did not support non-latin and non-unicode encodings, so files with incorrect names could be created. With this update, unzip supports these encodings using the -O and -I options. For more information, run the unzip -h command. (BZ#1276744)

zlib now decompresses RFC1951 compliant files correctly

Previously, due to a bug in zlib, RFC1951 compliant files were not correctly decompressed. With this update, the bug has been fixed, and zlib decompresses RFC1951 compliant files correctly. (BZ#1127330)

The glibc times() function now supports NULL for the buffer

Previously, the times() function in glibc did not allow users to set a NULL value for the buffer. As a consequence, the function could cause the application using it to terminate unexpectedly. This update applies a patch and as a result, you can set a NULL value for the buffer and the kernel system call returns the expected results. (BZ#1308728)

iconv no longer adds a redundant shift sequence

Previously, a bug in the character conversion routines used by iconv for the IBM930, IBM933, IBM935, IBM937, and IBM939 character sets could result in a redundant shift sequence being included in the output of the tool. The generated non-conforming output could result in an inability to read the output data. The character conversion routines have been fixed and no longer return a redundant shift sequence. (BZ#1293916)

Core C library (glibc) enhanced to increase malloc() scalability

A defect in the implementation of the malloc() function could result in unnecessary serialization of memory allocation requests across threads. This update fixes the bug and substantially increases the concurrent throughput of allocation requests for applications that frequently create and destroy threads. (BZ#1276753)

Dynamic linker no longer fails when an audit module provides alternate DSO

Previously, when an audit module provided an alternate DSO (dynamic shared object) path, the ld.so dynamic linker terminated unexpectedly with a segmentation fault. This update fixes the bug and the dynamic linker now keeps track of the original DSO path for future reference and no longer crashes in the described scenario. (BZ#1211100)

selinux-policy now allows hypervkvpd to getattr on all filesystem types

Previously, an SELinux denial occurred during the execution of the restorecon command after an IP injection on the virtual machine with the Data Exchange option enabled. The selinux-policy packages have been updated, and an IP injection now finishes correctly both in SELinux permissive and enforcing mode. (BZ#1349356)