A BETA of SL 3.0.4 for i386 is now available for testing from
ftp://ftp.scientificlinux.org/linux/scientific/30rolling/iso/
See SL.releasenote for more info. I have included a "brief" version here.
I have also attached the "Vendor releasenotes".
If you have any problems please let us know via
[log in to unmask]
-Connie Sieh
-Troy Dawson
--------------------------------------------------------------------------
This is based on the rebuilding of RPMS out of SRPMS's from Enterprise 3 AS
*including Update 4
-----------------------------------------------------------------------------
The vendor added the following rpms as part of Update 4
aspell-config-0.33.7.1-25.1.i386.rpm
iscsi-initiator-utils-3.6.2-4.i386.rpm
linuxwacom-0.6.4-7.i386.rpm
linuxwacom-devel-0.6.4-7.i386.rpm
mailman-2.1.5-23.i386.rpm
mikmod-devel-3.1.6-21.2.i386.rpm
net-snmp-libs-5.0.9-2.30E.12.i386.rpm
perl-Crypt-SSLeay-0.51-4.i386.rpm
vim-X11-6.3.029-1.30E.3.i386.rpm
KERNEL
Latest errata kernel 2.4.21-27.0.1 .
Note the "unsupported" kernel rpms are now installed by default.
These rpms contain kernel modules that are not in the
"default kernel rpms".
dhcp
The following updated rpms fixs the issue below.
dhcp-devel-3.0.1-10_EL3.i386.rpm
dhcp-3.0.1-10_EL3.i386.rpm
dhclient-3.0.1-10_EL3.i386.rpm
Fixes a problem with the drift file for ntp not being in the right
place.
dhcp-3.0pl2-6.16.i386.rpm From Fedora core 1
dhclient-3.0pl2-6.16.i386.rpm From Fedora core 1
*Updated (contains all of Update 1 and Update 2 and Update 3 and Update 4)
See full SL.releasenote for details
Scientific Linux 3.0.4 Release Notes
----------------------------------------------------------------------
Introduction
The following topics are covered in this document:
o General information
o Kernel-related information
o Changes to drivers and hardware support
General Information
This section contains general information not specific to any other
section of this document.
o We strongly recommends that you disable USB legacy support in
your BIOS. It has been discovered that, on some machines, failure to
do so can result in symptoms ranging from loss of keyboard or mouse to
crashes up to a day after boot.
o Additions to Kerberos for Scientific Linux 3.0.4 include:
o Client libraries will retransmit a request over TCP if that
request, when sent over UDP, elicited a KRB_ERR_RESPONSE_TOO_BIG
error from a KDC.
o Libraries now support RC4 cipher suites.
o Applications can now access keytab files using the "WRFILE:"
access method.
o Scientific Linux 3.0.4 now includes Mailman, an
electronic mail discussion and e-newsletter lists system. Mailman is
integrated with the Web, making it easy for users to manage their
accounts and for list owners to administer their lists. Mailman
supports built-in archiving, automatic bounce processing, content
filtering, digest delivery, spam filters, and more.
Kernel-Related Information
This section contains information related to the Scientific Linux 3.0.4
kernel.
o The assignment of device names in Scientific Linux is based on
two variables:
o PCI device ordering (which controls the order in which kernel
modules load)
o Kernel module load order (which controls device name assignment)
Therefore, hardware reconfiguration (which could change PCI device
ordering) and software changes (which could affect module load order)
can impact device name assignment. This could, for example, cause a
storage device originally named /dev/sda to become /dev/sdt.
One way of controlling device name assignment is to start the
Scientific Linux installation process by booting the installation
media with the "noprobe" boot-time option. You can then select the
modules required by your hardware in the desired order, thereby
controlling device name assignment. Subsequent reboots will maintain
the same module load order.
o The Open Sound System (OSS) AC97 plugin infrastructure has been
backported to the Scientific Linux 3.0.4 kernel. This
allows registering modules to modify the behavior of the OSS subsystem
depending on the AC97 CODEC(s) in use.
Note
Because the OSS subsystem is not supported in the hugemem kernel, the
AC97 plugin infrastructure is unavailable in the hugemem kernel.
o The release notes for Scientific Linux 3.0.3 contained
information related to Exec-Shield. This information was not entirely
accurate; the corrected information appears below.
The Scientific Linux 3.0.4 kernel includes a new security
feature known as Exec-Shield. Exec-Shield is a security-enhancing
modification to the Linux kernel that makes large parts of
specially-marked programs -- including their stack -- not executable.
This can reduce the potential damage of some security holes, such as
buffer overflow exploits.
Exec-Shield can also randomize the virtual memory addresses at which
certain binaries are loaded. This randomized VM mapping makes it more
difficult for a malicious application to improperly access code or
data based on knowledge of the code or data's virtual address.
Exec-Shield's behavior can be controlled via the proc file system. Two
files are used:
o /proc/sys/kernel/exec-shield
o /proc/sys/kernel/exec-shield-randomize
The /proc/sys/kernel/exec-shield file controls overall Exec-Shield
functionality, and can be manipulated using the following command:
echo <value> > /proc/sys/kernel/exec-shield
Where <value> is one of the following:
o 0 -- Exec-Shield (including randomized VM mapping) is disabled
for all binaries, marked or not
o 1 -- Exec-Shield is enabled for all marked binaries
The default value for /proc/sys/kernel/exec-shield is 1.
The /proc/sys/kernel/exec-shield-randomize file controls whether
Exec-Shield randomizes VM mapping, and can be manipulated using the
following command:
echo <value> > /proc/sys/kernel/exec-shield-randomize
Where <value> is one of the following:
o 0 -- Randomized VM mapping is disabled
o 1 -- Randomized VM mapping is enabled
The default value for /proc/sys/kernel/exec-shield-randomize is 1.
It is also possible to configure Exec-Shield by including one (or
both) of the following lines in the /etc/sysctl.conf file:
kernel.exec-shield=<value>
kernel.exec-shield-randomize=<value>
(Where <value> is as previously described.)
Exec-Shield can also be disabled at a system level by means of a
kernel boot option. Appending the following parameter to the "kernel"
line(s) in the /etc/grub.conf file will disable Exec-Shield:
exec-shield=0
Note
Exec-Shield functionality is available only to binaries that have been
built (and marked) using the toolchain (compiler, assembler, linker)
available with Scientific Linux 3.0.x. Binaries that have been
built using a different version of the toolchain can still be used,
but since they will not be marked, they will not take advantage of
Exec-Shield.
Application developers should keep in mind that, in the majority of
cases, GCC correctly marks its generated code as being capable of
using Exec-Shield. In the few instances (usually caused by inline
assembler or other nonportable code) where GCC non-optimally (or, more
rarely, incorrectly) marks generated code, it is possible to pass GCC
options to obtain the desired result.
The options controlling binary marking at the assembler level are:
-Wa,--execstack
-Wa,--noexecstack
The options controlling binary marking at the linker level are:
-Wl,-z,execstack
-Wl,-z,noexecstack
It is also possible to exert more fine-grained control by explicitly
disabling Exec-Shield for a specific binary at run time. This is done
using the setarch command:
setarch i386 <binary>
(Where <binary> represents the binary to be run.) The binary is then
run without Exec-Shield functionality.
The proc file /proc/self/maps can be used to observe Exec-Shield's
effects. By using cat to display the current process's VM mapping, you
can see Exec-Shield at work. Similarly, you can use setarch in
conjunction with cat to see how normal VM mapping differs from
Exec-Shield's mapping.
Changes to Drivers and Hardware Support
This update includes bug fixes for a number of drivers. The more
significant driver updates are listed below. In some cases, the original
driver has been preserved under a different name, and is available as a
non-default alternative for organizations that wish to migrate their
driver configuration to the latest versions at a later time.
Note
The migration to the latest drivers should be completed before the next
Scientific Linux update is applied, because in most cases only one
older-revision driver will be preserved for each update.
These release notes also indicate which older-revision drivers have been
removed from this kernel update. These drivers have the base driver name
with the revision digits appended; for example, megaraid_2002.o. You must
remove these drivers from /etc/modules.conf before installing this kernel
update.
Keep in mind that the only definitive way to determine what drivers are
being used is to review the contents of /etc/modules.conf. Use of the
lsmod command is not a substitute for examining this file.
Adaptec RAID (aacraid driver)
o The aacraid driver has been updated from 1.1.5-2339 to 1.1.5-2361
o The new driver is scsi/aacraid/aacraid.o
o An older driver has been preserved as
addon/aacraid_10102/aacraid_10102.o
LSI Logic RAID (megaraid driver)
o The megaraid2 driver has been updated from v2.10.6 to 2.10.8.2-RH1
o The new driver is scsi/megaraid2.o
o The older driver has been preserved as
addon/megaraid_2106/megaraid_2106.o
o The v2.10.1.1 driver has been removed
IBM ServeRAID (ips driver)
o The ips driver has been updated from 7.00.15 to 7.10.18
o The new driver is scsi/ips.o
o The older driver has been preserved as addon/ips_70015/ips_70015.o
o The ips version 6.11.07 driver has been removed
LSI Logic MPT Fusion (mpt* drivers)
o These drivers have been updated from 2.05.16 to 2.05.16.02
o The new drivers are located in message/fusion/
o The older drivers have been preserved in addon/fusion_20511/ and
addon/fusion_20505/
Compaq SA53xx Controllers (cciss driver)
o The cciss driver has undergone a minor update from v2.4.52.RH1 to
2.4.52.RH2
QLogic Fibre Channel (qla2xxx driver)
o These drivers have been updated from 7.00.03-RH1 to 7.01.01
o The new drivers are located in addon/qla2200/
o The older drivers have been preserved in addon/qla2200_70003RH1/
o The 6.07.02-RH2 drivers have been removed
Note
The Fabric Device Management Interface (FDMI) is disabled by default in
the 7.01.01 driver. It can be enabled by setting the "ql2xfdmienable"
module parameter to 1. However, note that some Fibre Channel switches
require updates to allow them to work with FDMI. Therefore, make sure you
contact your switch vendor before enabling FDMI.
The QLA2100 adapter has been retired by QLogic. This adapter is no longer
supported by QLogic. Therefore, the driver is located in the
kernel-unsupported package.
Emulex Fibre Channel (lpfc driver)
o The lpfc driver has been updated from 7.0.3. to 7.1.8
o The new driver is located in addon/lpfc/
o The older driver has been preserved in addon/lpfc_703/
Intel PRO/1000 (e1000 driver)
o The e1000 driver has been updated from 5.2.52-k1 to 5.3.19-k2
Intel PRO/100 (e100 driver)
o The e100 driver has been updated from 2.3.43-k1 to 3.0.27-k2
Broadcom Tigon3 (tg3 driver)
o The tg3 driver has been updated from v3.6RH to 3.10RH
PCnet32 and PCnetPCI (pcnet32 driver)
o The pcnet32 driver has been updated to v1.30c
iSCSI Software Initiator (iscsi_sfnet driver)
This iSCSI initiator driver and user-mode utilities have been added to
Scientific Linux 3.0.4. This software is based on the Cisco
SourceForge project at:
http://sourceforge.net/projects/linux-iscsi/
The code in this update is based on the 3.6.2 SourceForge release. (The
driver in this update identifies itself as 3.6.1, but this is identical to
the 3.6.2 driver.)
The iscsi-initiator-utils package contains the user-mode utilities.
The following information should be noted when using this version of the
iSCSI initiator:
o Only disk devices are supported. Other device types, such as tapes,
have not been tested. In particular, disk devices from Network
Appliance and EMC (Celerra) have been tested with the iSCSI initiator.
o Booting from iSCSI is not supported. There is also no support for
iSCSI in Anaconda.
o You must set up /etc/iscsi.conf before using iSCSI. Refer to
/usr/share/doc/iscsi-initiator-utils-3.6.2/README and the iscsi.conf,
iscsi-ls, and iscsid man pages for for information on how to set up
and use iSCSI.
o The DataDigest feature should not be enabled in iscsi.conf. This is
because the current driver may incorrectly report data digest errors
when there is a large amount of file system I/O.
o The SLP directory service is not supported.
|