Scientific Linx 3.0.3 for x86_64 is now on ftp.scientificlinux.org .
The release notes below have been shorted by removing errata rpm detail
lists. See the SL.releasenote for full details. I have included the
"vendor" release notes. Note that all of the "i386" rpms that were
missing g=from the 302 version are now included.
-Connie Sieh
-Troy Dawson
-Jaroslaw Polok
---------------------------------------------------------------------------
Scientific Linux Release 3.0.3 for x86_64
September 30, 2004
This is Scientific Linux.
Please read this entire document before installing.
This is based on the rebuilding of RPMS out of SRPMS's from Enterprise 3 AS
*including Update 3. Now including the i386 rpms missing from the 302 version.
Please send bug reports and suggestions to [log in to unmask]
--------------------------------------------------------------------------
Table of contents
DOWNLOAD INFO
ADDED compared to Enterprise 3
UPDATED compared to Enterprise 3
Installer modifications
Site Info
/contrib
/notsupported
SRPMS
MISC Notes
HARDWARE SPECIFIC ISSUES
SOFTWARE ISSUES/BUGS
INFO
HARDWARE REQUIREMENTS
ERRATA
_____________________________________________________________________________
DOWNLOAD INFO
_____________________________________________________________________________
* ftp://ftp.scientificlinux.org/linux/scientific/303/
rsync access available upon request.
-----------------------------------------------------------------------------
ADDED compared to 3
-----------------------------------------------------------------------------
From Cluster Suite
* clumanager-1.2.16-1.x86_64.rpm
ipvsadm-1.21-9.ipvs108.x86_64.rpm
piranha-0.7.6-1.x86_64.rpm
* redhat-config-cluster-1.0.2-2.noarch.rpm
*From Developer Suite
* eclipse-2.1.2-8.x86_64.rpm
*GFS
* GFS-6.0.0-10.x86_64.rpm
* GFS-devel-6.0.0-10.x86_64.rpm
* GFS-modules-6.0.0-10.x86_64.rpm
* GFS-modules-smp-6.0.0-10.x86_64.rpm
MISC
Added these rpms because they are important as RedHat removed them.
* anacron-2.3-29.x86_64.rpm from Fedora Core 1
*
* Vendor added this in Update 3.
gv-3.5.8-23.x86_64.rpm from Fedora Core 1
ncurses4-5.0-12.x86_64.rpm from Fedora Core 1
readline41-4.1-17.x86_64.rpm from Fedora Core 1
xcdroast-0.98a14-2.x86_64.rpm from Fedora Core 1
jpilot-0.99.6-1.x86_64.rpm from Fedora Core 1
cdda2wav-2.0-11.x86_64.rpm dependency of xcdroast
The vendor added the following rpms as part of Update 1
elfutils-libelf-devel-0.91-3.x86_64.rpm
jaf-20030319-1.x86_64.rpm
javamail-20031006-1.x86_64.rpm
junit-3.8.1-1.x86_64.rpm
mtx-1.2.18-1.x86_64.rpm
rh-postgresql-pl-7.3.6-1.x86_64.rpm
rh-postgresql-server-7.3.6-1.x86_64.rpm
rh-postgresql-test-7.3.6-1.x86_64.rpm
The vendor added the following rpms as part of Update 2
net-snmp-perl-5.0.9-2.30E.3.x86_64.rpm
imap-utils-2002d-8.x86_64.rpm
java-javadoc-1.5.33-1jpp_4rh.noarch.rpm
jpackage-utils-1.5.33-1jpp_4rh.noarch.rpm
laus-0.1-56RHEL3.x86_64.rpm
laus-devel-0.1-56RHEL3.x86_64.rpm
laus-libs-0.1-56RHEL3.x86_64.rpm
pam_passwdqc-0.7.5-1.x86_64.rpm
php-devel-4.3.2-11.ent.x86_64.rpm
rhgb-0.11.2-4.x86_64.rpm
sg3_utils-1.06-2.x86_64.rpm
* The vendor added the following rpms as part of Update 3
* anacron-2.3-25.1.x86_64.rpm
* qt-config-3.1.2-13.4.x86_64.rpm
* amtu-0.1-6RHEL.x86_64.rpm
* authd-1.4.1-1.rhel3.x86_64.rpm
* bind-libs-9.2.4-EL3_10.x86_64.rpm
* bootparamd-0.17-17.x86_64.rpm
* crash-3.8-3.x86_64.rpm
* diskdumputils-0.4.0-1.x86_64.rpm
* eal3-certification-0.7-1.noarch.rpm
* eal3-certification-doc-0.7-1.noarch.rpm
* libglade-0.17-11.x86_64.rpm
* ltrace-0.3.32-3.EL.x86_64.rpm
* nss_db-2.2-20.4.x86_64.rpm
* openoffice.org-style-gnome-1.1.0-16.9.EL.x86_64.rpm
* rpm-libs-4.2.3-10.x86_64.rpm
* gtkglarea-1.2.2-16.x86_64.rpm
* joe-2.9.8-5.x86_64.rpm
* lynx-2.8.5-11.x86_64.rpm
* nasm-0.98.35-3.x86_64.rpm
* perl-PDL-2.3.4-4.x86_64.rpm
* skkdic-20030211-1.noarch.rpm
* The vendor added the following rpms. We have had them in
* /notsupported/RPMS . So they are really just moving.
* And since so many things moved out of /notsupported/RPMS we
* decided to move everything that was in /notsupported/RPMS to
* the main tree.
*
See full release notes for details.
pine
Vendor removed because of license issues .
pine-4.58-2.x86_64.rpm
Yum -- From Duke University
* yum-2.0.7-7.SL.noarch.rpm
* yum-2.0.7-7 allows for the kernel-module-<package> naming convention
yum 2.0.7 contains minor bug fixes along with the feauture
of yum [action] package.somearch support added for
erase/remove, install, update and upgrade
* yum-conf-303-2.SL.noarch.rpm
* Removed nonsupported since these were merged with main rpm's
Changed main server to ftp.scientificlinux.org
Made it easier for users to change where their repository is.
For yum.cron you now only have to change the files
/etc/yum.d/yum.cron.primary and/or yum.cron.secondary
You can add multiple repository in either file, or leave either blank.
The servers in primary will be used in the order they are in the
file. The servers in secondary will be used randomly. So if you
are concerned about overloading your one server, leave the primary
blank, and list all your servers in secondary, where they will
be used randomly
Fixed the names on yum.conf as well.
now uses new feature "tolerant=1" for yum.cron
openafs
* openafs-1.2.11-15.9.SL.x86_64.rpm
* openafs-client-1.2.11-15.9.SL.x86_64.rpm
* openafs-compat-1.2.11-15.9.SL.x86_64.rpm
* openafs-devel-1.2.11-15.9.SL.x86_64.rpm
* openafs-kernel-source-1.2.11-15.9.SL.x86_64.rpm
* openafs-kpasswd-1.2.11-15.9.SL.x86_64.rpm
* openafs-krb5-1.2.11-15.9.SL.x86_64.rpm
* openafs-server-1.2.11-15.9.SL.x86_64.rpm
* kernel-module-openafs-2.4.21-20.EL-1.2.11-15.9.SL.x86_64.rpm
* kernel-module-openafs-2.4.21-20.ELsmp-1.2.11-15.9.SL.x86_64.rpm
openafs-firstboot-1.2.11-5.SL.noarch.rpm
The openafs-firstboot rpm enables "firstboot" to ask about
what AFS cell you want and if you want afs started at boot.
Note the name change for the kernel module. This change was
done to follow the fedora kernel-module naming convention
These are not installed by default.
Now these can be selected in the installer.
*SL_afs_no_dynroot-1.0-1.noarch.rpm
*
* This package removes the -dynroot option from the openafs config
* Restarting of afs is needed for this to take effect.
* This rpm does not restart afs
SL_desktop_tweeks-1.1-1.x86_64.rpm
This adds a terminal and mozilla icon to the kicker panel for
both KDE and GNOME. Installed by default for both KDE and GNOME.
SL_enable_serialconsole
This script makes all the changes necessary to send
console output to both the serial port and the screen. This
also creates a login prompt on the serial port and allows users
to login at this prompt.
Bug with the default serial number and dealing with a /boot
partition were fixed in version 3.1.
SL_enable_serialconsole-3.1-3.noarch.rpm
SL_inittab_change-1.0-4.x86_64.rpm
Changes /etc/inittab to require the root password for
single user mode. Not installed by default.
SL_no_colorls-1.0-1.x86_64.rpm
Turns off "color" of ls. Not installed by default.
SL_sendmail_accept-1.0-2.x86_64.rpm
Changes Sendmail config so that it allows incomming mail.
Not installed by default.
*SL_tweek_pagecache-1.0-1.noarch.rpm
* Modifies the /proc/sys/vm/pagecache settings. This has been shown
* Changes the values from "1 15 100" to "1 5 15"
* to make the kernel use less memory on desktop systems for buffer cache.
* Not installed by default.
Documentation
Documentation in /sites/example/build/documentation on how to
make new "sites" including scripts to create site iso images.
These are Update 2 versions
rhel-ig-x8664-multi-en-3-3.noarch.rpm
rhel-isa-en-3-3.noarch.rpm
rhel-rg-en-3-3.noarch.rpm
rhel-sag-en-3-3.noarch.rpm
rhel-sg-en-3-3.noarch.rpm
rhel-devtools-en-3-3.noarch.rpm
rhel-cs-en-3-3.noarch.rpm
apt-get
Scientific Linux is aptable. Yum and apt are installed by default.
Yum will do the auto update function by default.
apt-0.5.15cnc6-4.SL.x86_64.rpm
apt-devel-0.5.15cnc6-4.SL.x86_64.rpm
* apt-sourceslist-303-1.SL.x86_64.rpm
* apt-autoupdate-1-5.SL.noarch.rpm
* apt-firstboot-1-5.SL.noarch.rpm
* apt-scripts-1-5.SL.noarch.rpm
* synaptic-0.52-1.x86_64.rpm
Points to ftp.scientificlinux.org
Please change to your local mirror.
---------------------------------------------------------------------------
UPDATED compared to 3
----------------------------------------------------------------------------
KERNEL
Latest errata kernel .
Note the "unsupported" kernel rpms. These contain modules that
are not in the "default kernel rpms".
RedHat EULA required changes
anaconda-images
redhat-artwork
redhat-logos
anaconda-help
indexhtml
RedHat requires that the following rpms be changed as part of
their EULA (End User License Agreement)
dhcp
Fixes a problem with the drift file for ntp not being in the right
place.
dhcp-3.0pl2-6.16.x86_64.rpm From Fedora core 1
dhclient-3.0pl2-6.16.x86_64.rpm From Fedora core 1
*metacity
* metacity-2.4.55-7.1.x86_64.rpm
* Updated to a later version to fix bugs.
mozilla
Mozilla's default bookmarks all pointed to RedHat's web area's.
The default bookmarks were changed.
* mozilla-1.4.3-3.0.4.1.SL.x86_64.rpm
* mozilla-chat-1.4.3-3.0.4.1.SL.x86_64.rpm
* mozilla-devel-1.4.3-3.0.4.1.SL.x86_64.rpm
* mozilla-dom-inspector-1.4.3-3.0.4.1.SL.x86_64.rpm
* mozilla-js-debugger-1.4.3-3.0.4.1.SL.x86_64.rpm
* mozilla-mail-1.4.3-3.0.4.1.SL.x86_64.rpm
* mozilla-nspr-1.4.3-3.0.4.1.SL.x86_64.rpm
* mozilla-nspr-devel-1.4.3-3.0.4.1.SL.x86_64.rpm
* mozilla-nss-1.4.3-3.0.4.1.SL.x86_64.rpm
* mozilla-nss-devel-1.4.3-3.0.4.1.SL.x86_64.rpm
* mozilla-1.4.3-3.0.4.1.SL.i386.rpm
* mozilla-nspr-1.4.3-3.0.4.1.SL.i386.rpm
* mozilla-nss-1.4.3-3.0.4.1.SL.i386.rpm
Fixes to misc RPMS
Added "Requires" of coreutils so that it will install during the install
gstreamer-0.6.0-5f1.x86_64.rpm
gstreamer-tools-0.6.0-5f1.x86_64.rpm
Added "Requires" of tetex-afm so that it will be able to print after
install. It was missing fonts provided in tetex-afm.
a2ps-4.13b-28_SL.x86_64.rpm
----------------------------------------------------------------------------
Installer modifications
---------------------------------------------------------------------------
Included "generic" installer graphics
RedHat requires us as part of their "EULA" that we replace
the images in "anaconda-images" with our own.
anaconda-images
Anaconda (installer)
* anaconda-9.1.3-3.5.SL.x86_64.rpm
* anaconda-runtime-9.1.3-3.5.SL.x86_64.rpm
Fixes to support rpms that installer needs to be split between
/SL/RPMS/ and sites/<site>/Updates/
anaconda-help-9.1-3.SL.noarch.rpm
Fixed a bug that RedHat introduced in loader2/method.c which broke
specifying the install method on the command line.
Added code to support "site" customizations which include
Custom installer kernel(needs nptl)
Custom installer(anaconda) including graphics
Added RPMS
ability to select packages to install by default via "comps.xml"
Modified/replaced RPMS (ability to upgrade or downgrade version)
see /sites
Made a "Packages added to SL" group so that you could select
any of these added RPMS during the install
---------------------------------------------------------------------------
Site Info
---------------------------------------------------------------------------
/sites/example/
README Now just says to read docs in /sites/example/documentation
build/documentation/
README Describes files and directories in /sites/example/
README.steps Step by step of what is needed to make a new site
README.images Info on how to change the graphics used during the install
/sites/example/build/scripts/
transform.sh Script that does all the steps of
README.steps except the original copying
of the example tree over to the new site
make.site.from.release.sh Script that will take a Enterprise 3 tree
and make a site out of it. Tested with
cel3(CERN) and Fermi Linux . Called by
make.new.site.sh
make.new.site.sh Script that will take either a Enterprise 3 tree
or the example site and make a site out of it.
---------------------------------------------------------------------------
/contrib/
---------------------------------------------------------------------------
The packges in this section have been contributed by various people. They
are presented AS IS and there is no guarantee of them working. These packages
are NOT supported by us. They will only get security updates if the
contributor provides them. If you have questions about them then ask the
contributor.
There are some rules to follow to be able to contribute to this area. These
rules might adjust some.
1- Contract Troy Dawson <[log in to unmask]> with the rpm's that you wish to
contribute. If Troy doesn't personally know you, be prepared with some some
way to show him that you can be trusted. He is a nice guy but
he also is very concerned that this contrib section doesn't get abused.
2- The contributed rpm's must be able to go into a standard Scientific
Linux 3.0.1 release without any extra outside rpms. If extra rpm's are
required, they must be supplied. All extra rpm's supplied must meet the
same criteria as the main rpm's.
3- For each rpm, the source rpm (src.rpm) must be provided.
4- For each source rpm, you must provide where you got it.
5- Both rpm's and srpm's must be digitally signed.
6- Rpms must be freely distributable.
We understand this sounds like alot of work, but once you do it once, it
becomes much easier.
RPMS/
---------------------------------------------------------------------------
/notsupported/RPMS/
---------------------------------------------------------------------------
Moved over to main tree. Directory does not exist any more.
---------------------------------------------------------------------------
/../SRPMS/
---------------------------------------------------------------------------
/
Contains the SRPMS for what we added or changed.
/vendor/
/errata
SRPMS from vendor for errata.
/original
SRPMS from vendor for originally released Enterpise 3 .
/sites/<sites>/SRPMS
SRPMS for site
---------------------------------------------------------------------------
MISC NOTES
---------------------------------------------------------------------------
Upgrades from prior versions.
UPDATES are NOT supported for all versions of SL . This is NOT
something that we changed. Future releases may support upgrading
from SL 3.0.1 to future version of SL 3.0.x.
UPDATES will NOT work from anything except RedHat AS 2.1.
---------------------------------------------------------------------------
HARDWARE SPECIFIC ISSUES
---------------------------------------------------------------------------
"Nvidia/nforce3 chipset based motherboards NOT RECOMMENDED
There are problems in the provided kernel that make this
hardware platform NOT RECOMMENDED.
There is no provided driver for the Nvidia ethernet
interface. There is a driver from Nvidia that is closed
source. There is also a opensource driver. Either way you
need to add this ethernet driver after you have
installed from cdrom or add a supported ethernet card.
There are also issues with apic/acpi that can make the
system unstable or not boot.
---------------------------------------------------------------------------
SOFTWARE ISSUES/BUGS
---------------------------------------------------------------------------
32 BIT COMPATIBILITY MODE
Support for 32 bit compatibility mode is very limited at this time
and includes only basic compatibility for running statically compiled
32 bit binaries. (only 32bit glibc is provided).
Development support for 32 bit mode is NOT PROVIDED.
sgi_fam with tcpwrappers(/etc/hosts.deny)
Error messages /var/log/secure such as
Jan 22 12:33:33 systemname xinetd[25122]: FAIL: sgi_fam libwrap
from=<no address>
Jan 22 12:33:33 systemname xinetd[3819]: START: sgi_fam pid=25123
from=<no address>Jan 22 12:33:33 systemname xinetd[25123]: FAIL:
sgi_fam libwrap from=<no address>
Only solution so far is to change /etc/hosts.allow to allow sgi_fam
with
fam: ALL
This could be a security risk so you must decide.
redhat-config-packages
This rpm only installs packages via cdrom. It is not useful.
It does NOT work so do NOT try to use it. Use yum instead.
It is useful. It is only included here because rpms have dependencies
on it and I do not want to change those to remove the dependencies.
/usr/X11R6/lib
The "final link" to each of the libraries is missing.
Should be
libX11.so.6.2 <- libX11.so.6 <- libX11.so
But is
libX11.so.6.2 <- libX11.so.6
Solution is to install Xfree86-devel. This rpm will make the
missing links.
---------------------------------------------------------------------------
INFO
---------------------------------------------------------------------------
Web Site
http://www.scientificlinux.org
FTP
ftp://ftp.scientificlinux.org/linux/scientific/303/
Mailing Lists
[log in to unmask] Development of Scientific Linux
[log in to unmask] Users of Scientific Linux supporting
each other
[log in to unmask] Announcements concerning Scientific Linux
_____________________________________________________________________________
ERRATA included - rebuilt from SRPMS
/errata/SL/RPMS/
---------------------------------------------------------------------------
Updated (contains all of Update 1 and Update 2 and Update 3
compared to original 3 released on October 26, 2003.
See full SL.releasenote for details of errata RPMS.
Scientific Linux 3.0.3 Release Notes
----------------------------------------------------------------------
Introduction
The following topics are covered in this document:
o Changes to the Scientific Linux installation program
(Anaconda)
o General information
o Kernel-related information
o Changes to drivers and hardware support
o Changes to packages
Changes to the Scientific Linux Installation Program (Anaconda)
The following section includes information specific to the Scientific
Linux installation program, Anaconda.
Note
In order to upgrade an already-installed Scientific Linux 3.0.x system
to 3.0.3, you must use yum or apt to update those packages that
have changed. The use of Anaconda to upgrade to 3.0.3 is not supported.
Use Anaconda only to perform a fresh install of Scientific Linux 3.0.3.
General Information
This section contains general information not specific to any other
section of this document.
o The autofs package, which controls the operation of the automount
daemons running on Scientific Linux 3.0.x, has been updated to
version 4. This update provides full backward compatibility with
version 3. Additionally, it adds the following features:
o Browsable mounts (ghosting) -- Ghosting of map directories allows
you to see the directories in the autofs map without mounting
them. When they are accessed (such as when a directory listing is
requested) the map entry is mounted so that it is seen.
o Replicated Server support -- Replicated server functionality
allows the administrator to specify map entries that point to
multiple, replicated servers. The automount daemon attempts to
determine the best server to use for mounts by testing the
latency of an rpc_ping to each available server. Weights may also
be assigned to the servers, allowing for more administrator
control. Refer to the
/usr/share/doc/autofs-4.1.3/README.replicated-server file for
additional map format information.
o Executable maps -- A map can now be marked as executable. The
initscript that parses the auto.master map passes this as a
program map to the auto-mounter. A program map is called as a
script with the key as an argument. It may return no lines of
output if there is an error, or one or more lines containing a
map (with \ quoting line breaks). This feature is useful for
implementing /net functionality.
o Multi-mounts -- This feature allows the automount daemon to seek
multiple lookup methods in succession. For example, a lookup
could query NIS and file maps.
o Scientific Linux 3.0.2 is currently "in test" for
Evaluated Assurance Level (EAL) 3+/Controlled Access Protection
Profile (CAPP) on the following platforms:
o Scientific Linux 3.0.x on the x86 architecture
o Scientific Linux 3.0.x on the x86, AMD64
All the patches that were applied to the Scientific Linux 3.0.2
code base to achieve EAL3 certification have been mirrored in
the Scientific Linux 3.0.3 release.
For additional information regarding the auditing subsystem, refer to
the laus(7) man page.
Since its initial deployment in the Scientific Linux 3.0.2
kernel, the kernel for 3.0.3 contains additional modifications
that enable system-call auditing on additional architectures. When
auditing is not in use, these modifications are performance-neutral.
The kernel component provides access to the auditing facilities
through the character-special device /dev/audit. Through this device,
a user-space daemon (auditd) can enable or disable auditing and can
provide the kernel with the rulesets to be used to determine when a
system-call invocation must be logged. This device is also used by
auditd to retrieve audit records from the kernel for transfer to the
audit log. Refer to the audit(4) man page for information concerning
supported ioctl calls and /proc/ interfaces for managing and tuning
auditing behavior.
o The version of the httpd Web server included as part of
Scientific Linux 3.0.3 includes several significant changes:
o The mod_cgi module has been enhanced to correctly handle
concurrent output on stderr and stdout
o SSL environment variables defined by mod_ssl can be used directly
from mod_rewrite using the %{SSL:...} syntax. For example,
"%{SSL:SSL_CIPHER_USEKEYSIZE}" may expand to "128".
Similarly, SSL environment variables can be used directly from
mod_headers using the %{...}s syntax.
o The mod_ext_filter module is now included
o The minimal acceptable group id that will be used by suexec has
been lowered from 500 to 100. This allows the use of suexec with
users belonging to the "users" group.
Kernel-Related Information
This section contains information related to the Scientific Linux 3.0.3
kernel.
o AMD64 workstations with motherboards based on certain NVIDIA or VIA
chipsets (for example, the ASUS SK8N) have been known to hang when
attempting to access IDE or Serial ATA devices. This is a known issue
for which there is currently no vendor-supported fix. As a workaround,
append the "noapic" parameter to the boot command line.
o Hardware IRQ balancing is enabled for Lindenhurst (Intel(R) E7520 and
Intel(R) E7320) and Tumwater (Intel(R) E7525) based chipset platforms.
Therefore, software IRQ balancing is disabled for these platforms in
the Scientific Linux 3.0.3 kernel.
o The Scientific Linux 3.0.3 kernel includes a new security
feature known as Exec-shield. Exec-shield is a security-enhancing
modification to the Linux kernel that makes large parts of
specially-marked programs -- including their stack -- not executable.
This can reduce the potential damage of some security holes, such as
buffer overflow exploits.
Exec-shield can also randomize the virtual memory addresses at which
certain binaries are loaded. This randomized VM mapping makes it more
difficult for a malicious application to improperly access code or
data based on knowledge of the code or data's virtual address.
Exec-shield's behavior can be controlled via the proc file system. Two
files are used:
o /proc/sys/kernel/exec-shield
o /proc/sys/kernel/exec-shield-randomize
The /proc/sys/kernel/exec-shield file controls overall Exec-shield
functionality, and can be manipulated using the following command:
echo <value> > /proc/sys/kernel/exec-shield
Where <value> is one of the following:
o 0 -- Exec-shield (including randomized VM mapping) is disabled
for all binaries, marked or not
o 1 -- Exec-shield is enabled for all marked binaries
o 2 -- Exec-shield is enabled for all binaries, regardless of
marking (To be used for testing purposes ONLY)
The default value for /proc/sys/kernel/exec-shield is 1.
The /proc/sys/kernel/exec-shield-randomize file controls whether
Exec-shield randomizes VM mapping, and can be manipulated using the
following command:
echo <value> > /proc/sys/kernel/exec-shield-randomize
Where <value> is one of the following:
o 0 -- Randomized VM mapping is disabled
o 1 -- Randomized VM mapping is enabled
The default value for /proc/sys/kernel/exec-shield-randomize is 1.
It is also possible to configure Exec-shield by including one (or
both) of the following lines in the /etc/sysctl.conf file:
kernel.exec-shield=<value>
kernel.exec-shield-randomize=<value>
(Where <value> is as previously described.)
Exec-shield can also be disabled at a system level by means of a
kernel boot option. Appending the following parameter to the "kernel"
line(s) in the /etc/grub.conf file will disable Exec-shield:
exec-shield=0
Note
Exec-shield functionality is available only to binaries that have been
built (and marked) using the toolchain (compiler, assembler, linker)
available with Scientific Linux 3.0.3. Binaries that have
been built using a different version of the toolchain can still be
used, but since they will not be marked, they will not take advantage
of Exec-shield.
Application developers should keep in mind that, in the majority of
cases, GCC correctly marks its generated code as being capable of
using Exec-shield. In the few instances (usually caused by inline
assembler or other nonportable code) where GCC non-optimally (or, more
rarely, incorrectly) marks generated code, it is possible to pass GCC
options to obtain the desired result.
The options controlling binary marking at the assembler level are:
-Wa,--execstack
-Wa,--noexecstack
The options controlling binary marking at the linker level are:
-Wl,-z,execstack
-Wl,-z,noexecstack
It is also possible to exert more fine-grained control by explicitly
disabling Exec-shield for a specific binary at run time. This is done
using the setarch command:
setarch i386 <binary>
(Where <binary> represents the binary to be run.) The binary is then
run without Exec-shield functionality.
The proc file /proc/self/maps can be used to observe Exec-shield's
effects. By using cat to display the current process's VM mapping, you
can see Exec-shield at work. Similarly, you can use setarch in
conjunction with cat to see how normal VM mapping differs from
Exec-shield's mapping.
o Scientific Linux 3.0.3 includes a new security-related
feature -- kernel support for certain new Intel CPUs that include the
NX (No eXecute) capability. NX technology restricts execution of
program code, making it significantly more difficult for hackers to
insert malicious code into the system by means of a buffer overrun.
When specific pages are marked as nonexecutable, the CPU is prevented
from executing code in those pages. This can be used to mark areas of
memory such as the stack or the heap (typical places where buffers are
stored.)
Note
Scientific Linux 3.0.x (originally available 22-October-2003)
included NX support for the AMD64 platform.
Changes to Drivers and Hardware Support
This update includes bug fixes for a number of drivers. The more
significant driver updates are listed below. In some cases, the original
driver has been preserved under a different name, and is available as a
non-default alternative for organizations that wish to migrate their
driver configuration to the latest versions at a later time.
Note
The migration to the latest drivers should be completed before the next
Scientific Linux 3.0.x update is applied, because in most cases only one
older-revision driver will be preserved for each update.
These release notes also indicate which older-revision drivers have been
removed from this kernel update. These drivers have the base driver name
with the revision digits appended; for example, megaraid_2002.o. You must
remove these drivers from /etc/modules.conf before installing this kernel
update.
Keep in mind that the only definitive way to determine what drivers are
being used is to review the contents of /etc/modules.conf. Use of the
lsmod command is not a substitute for examining this file.
Adaptec RAID (aacraid driver)
o The aacraid driver has been updated from 1.1.2 to 1.1.5-2339
o The new driver is scsi/aacraid/aacraid.o
o The older driver has been preserved as
addon/aacraid_10102/aacraid_10102.o
LSI Logic RAID (megaraid driver)
Note
The megaraid2 driver includes support for a number of new host bus
adapters (certain PERC4 and Serial ATA products) that are not supported by
the megaraid driver. If your system contains these newer products
exclusively, the megaraid2 driver is loaded by default. If you have the
older products exclusively, the megaraid driver will continue to be the
default.
However, if you have a mix of old and new MegaRAID adapters, then the
driver that is selected depends on the order in which the adapters are
scanned. (Note that you cannot have both the megaraid and megaraid2
drivers loaded at the same time.) If the default driver on your system is
not the desired one, take one of the following actions:
o If you are installing the system, type the following command at the
boot prompt:
expert noprobe
Next, select the desired driver from the subsequent menu.
o If the system is already installed, edit /etc/modules.conf and change
the "alias scsi_hostadapter" lines referring to the megaraid or the
megaraid2 driver to the desired driver. Note that after making any
changes to /etc/modules.conf you must rebuild the initrd image; refer
to the mkinitrd man page for further details.
o The megaraid2 driver has been updated from v2.10.1.1 to v2.10.6-RH1
o The new driver is scsi/megaraid2.o
o The older driver has been preserved as
addon/megaraid_2101/megaraid2101.o
o The v2.00.9 driver has been removed
o The default driver remains the v1.18k driver (megaraid.o)
IBM ServeRAID (ips driver)
o The ips driver has been updated from 6.11.07 to 7.00.15
o The new driver is scsi/ips.o
o The older driver has been preserved as addon/ips_61107/ips_61107.o
o The ips 6.10.52 driver (ips_61052.o) has been removed
LSI Logic MPT Fusion (mpt* drivers)
o These drivers have been updated from 2.05.11.03 to 2.05.16
o The new drivers are located in message/fusion/
o The older drivers have been preserved in addon/fusion_20511
o The 2.05.05+ drivers (mpt*_20505.o) have been removed
Compaq SA53xx Controllers (cciss driver)
o The cciss driver has been updated from 2.4.50.RH1 to v2.4.52.RH1
QLogic Fibre Channel (qla2xxx driver)
o These drivers have been updated from 6.07.02-RH2 to 7.00.03-RH1
o The new drivers are located in addon/qla2200
o The older driver has been preserved in addon/qla2200_60702RH2
o The 6.06.00b11 drivers (qla2*00_60600b11.o) have been removed
Note
The QLA2100 adapter has been retired by QLogic. This adapter is no longer
supported by QLogic. Therefore, the driver is located in the
kernel-unsupported package.
Emulex Fibre Channel (lpfc driver)
o This driver has been added to the distribution. The version is 7.0.3
o The driver is located in addon/lpfc
Intel PRO/1000 (e1000 driver)
o This driver has been updated from 5.2.30.1-k1 to 5.2.52-k3
Intel PRO/100 (e100 driver)
o This driver has been updated from version 2.3.30-k1 to 2.3.43-k1
Broadcom Tigon3 (tg3 driver)
o This driver has been updated from v3.1 to v3.6RH
Changes to Packages
This section contains listings of packages that have been updated, added,
or removed from Scientific Linux 3.0.x as part of 3.0.3. Packages
that have been built for multiple architectures are listed with the target
architecture in parentheses.
Note
These package lists include packages from all variants of
Scientific Linux 3.0.x. Your system may not include every one of the packages
listed here.
The following packages have been updated from Scientific Linux 3.0.2:
o ImageMagick
o ImageMagick-c++
o ImageMagick-c++-devel
o ImageMagick-devel
o ImageMagick-perl
o MAKEDEV
o XFree86
o XFree86-100dpi-fonts
o XFree86-75dpi-fonts
o XFree86-ISO8859-14-100dpi-fonts
o XFree86-ISO8859-14-75dpi-fonts
o XFree86-ISO8859-15-100dpi-fonts
o XFree86-ISO8859-15-75dpi-fonts
o XFree86-ISO8859-2-100dpi-fonts
o XFree86-ISO8859-2-75dpi-fonts
o XFree86-ISO8859-9-100dpi-fonts
o XFree86-ISO8859-9-75dpi-fonts
o XFree86-Mesa-libGL (i386)
o XFree86-Mesa-libGL (x86_64)
o XFree86-Mesa-libGLU (i386)
o XFree86-Mesa-libGLU (x86_64)
o XFree86-Xnest
o XFree86-Xvfb
o XFree86-base-fonts
o XFree86-cyrillic-fonts
o XFree86-devel (i386)
o XFree86-devel (x86_64)
o XFree86-doc
o XFree86-font-utils
o XFree86-libs (i386)
o XFree86-libs (x86_64)
o XFree86-libs-data
o XFree86-sdk
o XFree86-syriac-fonts
o XFree86-tools
o XFree86-truetype-fonts
o XFree86-twm
o XFree86-xauth
o XFree86-xdm
o XFree86-xfs
o anaconda
o anaconda-runtime
o arpwatch
o at
o autofs
o bash
o bind
o bind-chroot
o bind-devel
o bind-utils
o bison
o cdda2wav
o cdrecord
o cdrecord-devel
o chkconfig
o comps
o control-center
o cpp
o cups
o cups-devel
o cups-libs (i386)
o cups-libs (x86_64)
o cvs
o dev
o dhclient
o dhcp
o dhcp-devel
o eclipse
o elfutils
o elfutils-devel
o elfutils-libelf
o elfutils-libelf-devel
o ethereal
o ethereal-gnome
o ethtool
o expect
o expect-devel
o expectk
o file-roller
o gcc
o gcc-c++
o gcc-g77
o gcc-gnat
o gcc-java
o gcc-objc
o gdb (i386)
o gdb (x86_64)
o glibc (i686)
o glibc (x86_64)
o glibc-common
o glibc-debug
o glibc-devel (i386)
o glibc-devel (x86_64)
o glibc-headers
o glibc-kernheaders
o glibc-profile
o glibc-utils
o gnome-panel
o grep
o grub
o gtk+
o gtk+-devel
o gtkhtml3
o gtkhtml3-devel
o httpd
o httpd-devel
o hwdata
o imap
o imap-devel
o imap-utils
o initscripts
o itcl
o jpackage-utils
o kdelibs
o kdelibs-devel
o kernel (ia32e)
o kernel (x86_64)
o kernel-doc
o kernel-smp
o kernel-smp-unsupported
o kernel-source
o kernel-unsupported (ia32e)
o kernel-unsupported (x86_64)
o kernel-utils
o krb5-devel
o krb5-libs (i386)
o krb5-libs (x86_64)
o krb5-server
o krb5-workstation
o laus (x86_64)
o laus-devel
o lha
o libcap
o libcap-devel
o libf2c
o libgcc (i386)
o libgcc (x86_64)
o libgcj (i386)
o libgcj (x86_64)
o libgcj-devel
o libgnat
o libgtop2
o libgtop2-devel
o libobjc (i386)
o libobjc (x86_64)
o libpcap
o libpng (i386)
o libpng (x86_64)
o libpng-devel
o libpng10
o libpng10-devel
o libstdc++ (i386)
o libstdc++ (x86_64)
o libstdc++-devel (i386)
o libstdc++-devel (x86_64)
o lvm
o mdadm
o metacity
o mkisofs
o mod_auth_pgsql
o mod_authz_ldap
o mod_ssl
o modutils
o modutils-devel
o ncompress
o net-snmp
o net-snmp-devel
o net-snmp-perl
o net-snmp-utils
o nfs-utils
o nptl-devel
o nscd
o nss_ldap (i386)
o nss_ldap (x86_64)
o ntp
o ntsysv
o openldap (i386)
o openldap (x86_64)
o openldap-clients
o openldap-devel
o openldap-servers
o openmotif
o openmotif-devel
o openoffice.org
o openoffice.org-i18n
o openoffice.org-libs
o openssl (i686)
o openssl (x86_64)
o openssl-devel
o openssl-perl
o pam (i386)
o pam (x86_64)
o pam-devel (i386)
o pam-devel (x86_64)
o parted
o parted-devel
o passwd
o perl
o perl-CGI
o perl-CPAN
o perl-DB_File
o perl-suidperl
o php
o php-devel
o php-imap
o php-ldap
o php-mysql
o php-odbc
o php-pgsql
o popt (i386)
o popt (x86_64)
o postfix
o ppp
o prelink
o procps
o pvm
o pvm-gui
o qt
o qt-MySQL
o qt-ODBC
o qt-PostgreSQL
o qt-designer
o qt-devel
o rdist
o readline
o readline-devel
o redhat-config-bind
o redhat-config-kickstart
o redhat-config-network
o redhat-config-network-tui
o redhat-config-proc
o redhat-config-securitylevel
o redhat-config-securitylevel-tui
o rh-postgresql
o rh-postgresql-contrib
o rh-postgresql-devel
o rh-postgresql-docs
o rh-postgresql-jdbc
o rh-postgresql-libs
o rh-postgresql-pl
o rh-postgresql-python
o rh-postgresql-server
o rh-postgresql-tcl
o rh-postgresql-test
o rhnlib
o rhpl
o rp-pppoe
o rpm
o rpm-build
o rpm-devel
o rpm-python
o rpmdb-redhat
o rsync
o rusers
o rusers-server
o samba (i386)
o samba (x86_64)
o samba-client
o samba-common
o samba-swat
o schedutils
o sendmail
o sendmail-cf
o sendmail-devel
o sendmail-doc
o shadow-utils
o squid
o squirrelmail
o strace
o sysklogd
o sysstat
o tcl (i386)
o tcl (x86_64)
o tcl-devel
o tcl-html
o tcllib
o tclx (i386)
o tclx (x86_64)
o tcpdump
o tix
o tk (i386)
o tk (x86_64)
o tk-devel
o tux
o unixODBC
o unixODBC-devel
o unixODBC-kde
o up2date
o up2date-gnome
o utempter
o vixie-cron
o xemacs
o xemacs-el
o xemacs-info
o xinetd
o xscreensaver
o ypserv
The following packages have been added to Scientific Linux 3.0.3:
o amtu
o anacron
o authd
o bash (i386)
o bind-libs
o bootparamd
o bridge-utils (i386)
o compat-db (i386)
o crash
o diskdumputils
o eal3-certification
o eal3-certification-doc
o elfutils-libelf (i386)
o evolution-connector
o laus-libs (i386)
o laus-libs (x86_64)
o libcap (i386)
o libcap-devel (i386)
o ltrace
o nss_db (i386)
o nss_db (x86_64)
o openmotif (i386)
o openssl096b (i386)
o qt-config
o readline (i386)
o strace (i386)
The following packages have been removed from Scientific Linux 3.0.3:
o crash
o java-javadoc
o laus (i386)
o mozilla (i386)
o mozilla-nspr (i386)
o mozilla-nss (i386)
( x86-64 )
|