Novell is now a part of Micro Focus

SLES 8 for S/390 and zSeries (31-bit mode) Service Pack 3 (SP3)

Knowledgebase

(Last modified: 05NOV2003)


solutions SLES 8 for S/390 and zSeries (31-bit mode) Service Pack 3 (SP3) SuSE Linux Maintenance Web (ef83f958af36a92fda2298ec03e3c87b)

Applies to

Product(s): SuSE Linux Enterprise Server 8 for IBM S/390 and IBM zSeries

Package: SuSEfirewall2
aaa_base
at
autoyast2
autoyast2-installation
bind9
bind9-devel
bind9-utils
binutils
cpp
cron
cups-drivers
cups-drivers-stp
dante-devel
devs
dhcp-base
dhcp-client
dhcp-relay
dhcp-server
dhcp-tools
dhcpcd
drbd
evlog
evlog-devel
evms
freeswan
gcc
gcc-c\+\+
gcc-info
gdb
glibc
glibc-devel
glibc-i18ndata
glibc-info
glibc-locale
gnome-session
heartbeat
heartbeat-ldirectord
heartbeat-pils
heartbeat-stonith
hotplug
hwinfo
hwinfo-devel
inetd
inn
iproute2
iputils
k_deflt
kdelibs3
kdelibs3-cups
kdelibs3-devel
kernel-source
libaio
libaio-devel
libgcc
libpcap
libstdc\+\+
libstdc\+\+-devel
linux-iscsi
lkcdutils
mod_php4
mod_php4-core
mod_php4-devel
mod_php4-servlet
modutils
mozilla
mozilla-devel
mozilla-mail
net-tools
nfs-utils
openssl
openssl-devel
osasnmpd
pam
pam-devel
pam-modules
pam_krb5
parted
pciutils
pciutils-devel
perl
postgresql
ppp
ps
quota
raidtools
reiserfs
s390-tools
samba
samba-client
samba-vscan
scsi
shadow
sles-inst-zseries_en
strace
sysconfig
sysstat
sysvinit
tcpdump
timezone
ttcp
ucdsnmp
util-linux
x3270
xf86
xntp
xntp-doc
xscsi
yast2-bootloader
yast2-installation
yast2-mouse
yast2-network
yast2-online-update
yast2-printer
yast2-storage
yast2-users
ypserv
zebra
Release: 20031105
Obsoletes: none

Indications

Update system to Service Pack 3 level (SP3).
You can download the ISOs that contain the packages below from here:
http://psdb.suse.de/extra/s390/update/SuSE-SLES/8/SLES-8-SP3-s390-RC4-CD1.iso MD5SUM: 03ffc2a13f18089374ea8a23733e094c SLES-8-SP3-s390-RC4-CD1.iso
http://psdb.suse.de/extra/s390/update/SuSE-SLES/8/SLES-8-SP3-s390-RC4-CD2.iso MD5SUM: 4c7ecd93cbb765a82eeeafe18fc8b090 SLES-8-SP3-s390-RC4-CD2.iso
NOTE: the CD1 image has been superseded by the image referenced in article "Updated version of the SLES8 SP3 ISO image (31-bit mode)" (http://sdb.suse.de/en/psdb/html/defffed06e6e3f9af98235419f457bef.html).
N.B.: the second ISO image contains the source code packages and is required only if you need to recompile a package or want to take a look at the sources.
Release Notes for SLES 8 for S/390 and zSeries (31-bit mode) Service Pack 3 (SP3)
Overview
1. Supported Enhancements
1.1 SLES 8 S/390 & zSeries Enhancements
1.1.1 Standards 1.1.2 Platform 1.1.3 Availability 1.1.4 Servicability 1.1.5 Tools 1.1.6 Performance 1.1.7 Security 1.1.8 ASCII-Console 1.1.9 Crypto-Support on z990 1.1.10 gcc support for z990-hardware 1.1.11 IPv6 Support
1.2 Other enhancements
1.2.1 Kernel driver updates/fixes for new hardware support 1.2.2 Kernel performance and scalability improvements 1.2.3 Other new kernel features and optimizations 1.2.4 Updated RAS tools 1.2.5 New packages
1b. Unsupported Enhancements
2. Maintenance fixes
2.1 Bugfixes 2.2 Security fixes
3. Product News
1. Supported Enhancements
1.1 SLES 8 S/390 & zSeries Enhancements
The file "ChangeLog" in the toplevel of the CD contains a summary of all the changes that were made for these updated packages. This gives a brief highlevel view of the changes and should be sufficient in most cases.
You can of course always get the very detailed technical information about any package changes from the RPMs themselves by doing
rpm --changelog -qp <FILENAME>.rpm
where <FILENAME>.rpm is the name of the rpm.
1.1.1 Standards
The numbers in brackets refer to the OSDL CGL Requirement Definition dokument (osdl_cgl_requirements_definition_1_1.pdf).
1.1.1.1 Event Logging POSIX IEEE 1003.25 [1.3]
Provide event logging support that fully complies with the draft POSIX 1003.25 standard. This will allow structuring of kernel messages and thus easier detect and react on fault events.
1.1.1.2 POSIX Threads Standards Compliance [1.6]
Used NGPT to ease port applications using POSIX threads. (current version on the System is 2.0.1)
1.1.1.3 IPv6 RFCs [1.4.1]
1.1.1.4 IPSECv6 RFCs [1.4.2]
1.1.1.5 MIPv6 RFCs [1.4.3]
1.1.1.6 prepared for CC-EAL3 certification (s390 only)
1.1.1.7 prepared for DII COE certification
1.1.1.8 included IGMPv3 for IPv4 support
1.1.1.9 included MLDv2 for IPv6 support
1.1.2 Platform
1.1.2.1 updated kernel to 2.4.21 mainline kernel
moved all our patches to 2.4.21 Base included many bugfixes from 2.4.22 mainline kernel
1.1.2.2 Remote Boot Support [2.2]
Support remote booting across common LAN and WAN communication media. This is very usefull for diskless systems and/or rack mounted servers.
1.1.2.3 Boot Cycle Detection [2.3]
1.1.2.4 Diskless Systems [2.5]
1.1.2.5 update XFS to 1.3.
1.1.2.6 several improvements to ease 3rd party module creation
  • enabled MODVERSIONS for better module insertion/interface support
  • added release-independent fallback search path in modprobe
  • included detailed docs about building 3rd party kernel modules and about building custom kernels (see docu/howto/Kernel-Build-HOWTO.txt on this CD or install the kernel-source package and see /usr/share/doc/packages/kernel-source/README.SuSE)
1.1.2.7 SCSI subsystem now compiled as loadable module to simplify updates
1.1.3 Availability
1.1.3.1 Watchdog Timer Interface Requirements [3.2.1]
Support watchdog timers. These timers allow to perform a certain operation like a reboot in case a timeout occurs. A working system will reset these timers regularly where a hanging system could get rebooted by a watchdog timer action.
1.1.3.2 Application Heartbeat Monitor [3.3]
Allows to monitor applications for availability and proper functionality. A heartbeat signal generated periodically from the application shows that it is still alive. In case no further signal arrives a failover setup/script can be triggered.
1.1.3.3 RAID 1 Support [3.5.1]
Provide mirroring support to maintain duplicate sets of all data on separate disk drives.
1.1.3.4 Ethernet Link Aggregation [3.4.1]
1.1.4 Servicability
1.1.4.1 Kernel Dump Targets [4.2.1] (to device)
1.1.4.2 Remote Access to Event Log [4.6]
Allow to access the event log information from remote.
1.1.4.3 updated POSIX event logging to version 1.5.3 (evlog)
1.1.5 Tools & Scalability
1.1.5.1 User-Level (gdb) Debug Support for Threads [5.1]
Support debugging of multi-threaded programs via gdb.
1.1.5.2 support for optimized high resolution timers
1.1.5.3 extended NFS mount limit to 1024
1.1.6 Performance
1.1.6.1 RAID 0 Support [6.2]
Provide RAID 0 (striping) support to enhance performance for request-rate-intensitive or transfer-rate-intensitive environments.
1.1.6.2 Soft Real-Time Performance [6.1.1]
1.1.6.3 Low latency support [6.1.2]
1.1.6.4 Application Pre-Loading [6.3]
1.1.6.5 Concurrent Timers Scaling Behaviour and Report [6.4.1]
1.1.6.6 improved InterProcess Communication (IPC) scalability
1.1.6.7 support varyio for async I/O over rawio (25% performance win)
1.1.7 Security
1.1.7.1 LAuS was added to the Kernel
the Linux Audit System (LAuS) was added to the kernel. This is necessary for the CC-EAL3-Certification.
1.1.7.2 prepared for CC-EAL3 certification
1.1.7.3 prepared for DII COE certification
1.1.7.4 included all security fixes (see 2.2 below)
1.1.8 Applications and Tools
1.1.8.1 ASCII-Console
With this service pack support for the vt220 like ASCII-console on HMC is provided. This requires a micorcode update on the HMC side. On the linux side everything is prepared to use the ASCII-console, but it has to be activated. To activate the login you have to edit /etc/inittab and activate the entry for ttyS1
1.1.8.2 updated Mozilla to version 1.
1.1.8.3 added gedit package
1.1.8.4 added gnome-terminal
1.1.8.5 updated Bind (DNS) to version 9.2.2
1.1.8.6 updated Samba to version 2.2.8a
1.1.8.7 updated DHCPv6 to version v0.8
1.1.8.9 added IGMPv3 for IPv4 support
1.1.8.10 added MLDv2 for IPv6 support
1.1.8.11 added network traffic shaper (wondershaper)
1.1.8.12 updated EVMS to version 1.2.1
1.1.8.13 fixed landscape printing in CUPS
1.1.8.14 add support for '-O _netdev' into mount(8)
1.1.8.15 added IBM Java 1.4.1 as optional Java
1.1.9 Crypto-Support on z990
1.1.9.1
When exploiting IBM hardware cryptographic facilities on zSeries using the optional openssl 0.9.7 library users could experience a decrease in performance. IBM is aware of this problem and is currently working on a solution . Users should check the SUSE maintenance web for the availability of the fix.
With this service pack the new crypto hardware on the z990 is supported.
This service pack includes an update of the openssl package (version 0.9.7). The new package is not compatible with the old one (version 0.9.6), therefore the old one remains installed. Existing applications will still use the old version. To use the new version the application must be recompiled.
Applications using libica can make use of the new hardware when the old /usr/lib/libica (for 64-Bit /usr/lib64/libica) is replaced with /opt/libica-z990/lib/libica.so. On a 31-bit system you can do this with the following commands:
cd /usr/lib mv libica.so.0.0.0 libica.so.0.0.0.old cp -p /opt/libica-z990/lib/libica.so libica.so.0.0.0
On a 64-bit system you have to use the above commands and the following commands:
cd /usr/lib64 mv libica.so.0.0.0 libica.so.0.0.0.old cp -p /opt/libica-z990/lib64/libica.so libica.so.0.0.0
To activate openCryptoki 2.1.3 several configuration files have to be replaced.
First rename the original files:
mv /etc/pkcs11 /etc/pkcs11.old mv /usr/lib/pkcs11 /usr/lib/pkcs11.old mv /usr/sbin/pkcsslotd /usr/sbin/pkcsslotd.old
Now link the new files via softlink:
ln -s /opt/openCryptoki-z990/etc/pkcs11 /etc/pkcs11 ln -s /opt/openCryptoki-z990/lib/pkcs11 /usr/lib/pkcs11 ln -s /opt/openCryptoki-z990/sbin/pkcsslotd /usr/sbin/pkcsslotd
1.1.10 gcc support for z990-hardware
1.1.10.1
This service pack includes the gcc 3.3 which has support for the new instructions on the z990. The compiler is provided as is and is currently not supported. on the CD you will find the following RPMs (in suse/s390 or suse/s390x):
  • gcc33 - GCC Version 3.3, C Compiler and Backend for the other Compilers
  • gcc33-libs - GCC 3.3 Libraryies (libgcc, libstdc++, libobjc)
  • gcc33-c++ - C++ Compliler, needs C Compiler Backend and the GCC 3.3 Libs
  • gcc33-g77 - GNU Fortran 77 Compiler Frontend - needs C Compiler Backend
  • gcc33-objc - GNU Objective C Compiler Frontend - needs C Compiler Backend and Libs
To complile plain C using this GCC packages, you install
gcc33
To complile C++ packages, you install
gcc33-libs gcc33-c++
in addition and prepend it to your binary search path.
PATH="/opt/gcc33/bin:$PATH"
If you Compile directly from the Command Shell, without makefiles or scripts, tell the shell that she should look for the new binaries:
rehash
1.1.11 IPv6 Support
1.1.11.1
With this services pack IPv6 is supportet. But this is retrictet to certain network interfaces. IPv6 can be used on the following Interfaces:
CTC/ESCON (only in Mode 1) OSA-Express
for a full discription how IPv6 is supportet by the OSA-Express interface please have a look at the "Device Driver and Installation Commands" Manual. This can be downloaded as pdf-document from the following url:
http://www10.software.ibm.com/developerworks/opensource/linux390/june2003_technical.shtml
1.2 Other enhancements
1.2.1 Kernel driver updates/fixes for new hardware support
The following updates/changes were made:
  • enable IEEE FP emulation on 31-bit to allow to run on pre-G5 CPUs
  • add hangcheck-timer module which is needed for Oracle failover(#23123)
  • increase maximum number of kernel command line args (#18592)
  • enabled support for binfmt_misc, just in case.
  • Update IPv6 and IPsec4 implementation to USAGI code level.
SCSI/LVM/MD Fixes:
  • fixed unecessary splitting of last segments in merged scsi requests
  • fix LVM snapshot for multipathing
  • fix deadlock problem within the generic SCSI-code (#26569)
  • fix memory leaks in the generic SCSI code (#26489 / LTC2632)
  • LVM: prevent kmalloc deadlock with lvm_mp_private struct [#26330]
  • fix MD devices > 1 TB for 64 bit platforms
  • fix failover for md multipathing (#24586)
Networking fixes
  • Add fix for hashing exploits in Netfilter's IP conntrack module and the TCP syn-queue
  • fix null pointer check in net/ipv4/tcp_minisocks.c (#26625/LTC2702)
  • TCP NFS Server: Fix retry on short packages (#23155/LTC1787)
  • Fix an NFS ACL checking problem which prevented access: (#26760)
  • Prevent IP ID wraparound in extremely constructed situations
  • Change hash-algorithmen to track tcp-connextions in kernel. With the former algorithm denial of Service attacks were possible
S/390 specific fixes
  • Add support for mounting for reiserfs filesystems with nonstandard journal size(#26878)
  • fix S/390 IEEE exception instruction pointer access checking
  • fix blk-atomic and related patches for S390
  • s390x: fix SGA(mapped_base) for ld.so in 31-bit emulation
  • corrected sysinfo-call in s390 31-Bit emulation (#26830)
  • Disable DASD DIAG discipline on 64-bit because of z/VM issues(#26732)
  • inserted length check for message queues in 31-Bit emulation(#26693)
  • Add fix to handle BSG-Instruction correctly (#27066)
  • Installatio now supports OSA Express QDIO High Speed Token Ring adapter. (#22820)
  • The installation netsetup-script is now more robust with wrong input. (#21609)
  • Installation is possible when network does not support ICMP. (#25872)
Other fixes
  • Fix possible DoS-Attack through /dev/console (TIOCCONS)
  • Avoid race condition in submit_bh (#27237)
  • remove SMP-unsafe check in __remove_inode_page
Included IBM Code drops:
  • add IBM code drop 2003-07-25 for the June 2003 stream: Prob-ID: 3284 The check in xpram_int_format that determines if a number is in hexadecimal is broken. Prob-ID: 3287 spinlock was not released Prob-ID: 3317 osasnmpd has an open ioctl on /proc/qeth without incrementing qeth module usage counter Prob-ID: 3395 1. SNID is not supported on ctcs, the command code means something else. This leads to ctcs being detected as boxed. 2. The channel device layer cannot handle DEVSTAT_NOT_ACC. Prob-ID: 3398 The event information stored after a link incident contains a reporting chpid; this may or may not be the chpid with the link incident. Prob-ID: 3450 The incorrect comparison caused the wrong cache line to be selected for maximum size requests. Prob-ID: 3490 The kernel definition of the siginfo_t structure for s390x is 136 bytes long instead of the correct length of 128. The kernel will create a stack frame for rt signal that the unwind code can't process. Prob-ID: 3491 IPv6 gets some stray packets and looses track of dev->refcnt Prob-ID: 3344 stack overflow
  • add IBM code drop 2003-08-28 kernel for the June 2003 stream: Prob-ID: 3531 missing convention on spellings and formats Prob-ID: 4096 Each call to z90crypt_read requires additional entropy Prob-ID: 3611 CMS label is read from page, that had been freed before Prob-ID: 3620 While all FCP adapters configured in the zfcp map are always setup, only those successfully registered with the SCSI stack are shutdown as this was done in a SCSI stack callback into zfcp for each registered and to be unregistered SCSI host. In case of a failed registration of an adapter with the Linux SCSI stack (e.g. low on memory conditions) some adapters might never be shutdown. Prob-ID: 3615 error recovery is infinitely waiting for the completion of the 'nameserver open' action which was not issued at all because the nameserver port was already known to be inaccessible and thus had been marked as failed Prob-ID: 3617 recovery escalation regardless of the fact that it can't succeed in this particular case
  • add IBM code drop 2003-09-18 kernel for the June 2003 stream: Prob-ID: 3314 Oops in iucv code Prob-ID: 4347 Removing tape modules results in segmentation fault Prob-ID: 4342 ctc: loglevel parameter could not be set to maximum Prob-ID: 3847 dasd: erroneous message about failing dasd format Prob-ID: 4382 portname not needed message removed Prob-ID: 3344 reduce stack usage Prob-ID: 4347 tape: Missing check for invalid block size
  • The Kernel version has been changed from 2.4.19 to 2.4.21
1.2.2 Kernel performance and scalability improvements
  • enable write balancing support in MD multipathing
  • activate ELEVATOR_NOOP in dasd-driver which reduces system overhead spent in the elevator when using DASD and can improve performance up to 10% depending on the load profile. (Tracking ID #24242)
1.2.2.1 Include sys_epoll system call
A new very usefull system call epoll() was added. This is useful for application which have to listen on many things at once and where the select() call is way too inefficient.
Important note: The kernel implementation currently only supports edge-triggered and not level-triggered behaviour.
1.2.2.2 Efficient support for raw vector IO
Defines readv/writev methods for raw IO which coalesce the iovecs into a single IO operation. Without this patch the kernel uses repeated invocations of the device's read/write functions.
1.2.2.3 Raw IO optimization patch
Increases the blocksize used for raw IO. Improves CPU utilization by reducing the number of buffer heads needed for such operations.
1.2.2.4 Dynamic configuration/tuning of scheduler
Added sysctl_sched_yield_scale feature that allows choosing between optimization for scalability and interactiveness. By default it is switched off, so the behaviour is completely unchanged. For certain benchmarks, one wants to "echo 1 > /proc/sys/sched_yield_scale"
1.2.3 Other new kernel features and optimizations
The following smaller kernel features/optimizations were added:
  • add config variable CONFIG_UNITEDLINUX_KERNEL to allow to distinguish a UnitedLinux kernel from the vanilla kernel
  • add hidden network device functionality
  • make sigaction SA_NOCLDWAIT posix compliant
  • increase maximum number of kernel command line args
  • better wakeup algorithm for kinoded feature
  • fixed unecessary splitting of last segments in merged scsi requests
Filesystem specific Fixes:
  • fix multible JFS problems: (#26139, #19901, #22301, #26737, #23873)
  • fix reiserfs o_direct oops when writing to the end of the hole
  • fix reiserfs problem with j_wcount being 0
  • fix Reiserfs data logging: latency and transaction overflow fixes.
  • fix "Ext2/3: noatime ignored for newly created inodes" problem
  • Fix deadlock with ext3 md NFS (#25013)
  • fix ext3 scheduling storm and lockup
  • fix unicode and large file support in smbfs (#18472)
  • fix IPv6 SMP problem in txoptions handling (#25769)
  • fix NFS memory corruption problem (#23290)
  • fix SMP races in sunrpc code(from 2.4.20)
1.2.4 Updated RAS tools
The following RAS tools were updated to the latest versions:
  • Updated evlog to version 1.5.1
  • Updated heartbeat to version 1.0.2
1.2.5 New packages
The following packages were added or updated:
  • aaa_base
  • gdb
  • glibc
  • heartbeat
  • iproute2
  • net-tools
  • kernel
  • ppp
  • dhcp-client
  • scsirastools (NEW)
  • libinet6 (NEW)
2. Maintenance fixes
2.1 Bugfixes
Service Pack 3 contains all bugfixes released via the maintenance Web.
  • Updated aaa_base (bugfix/feature) [aaa_base]
    • if mount does not yet support -O no_netdev, fall back to call without.
    • pass scsi parameters from cmdline to scsi_mod.
    • increase the initial initrd image size to work with k_debug kernel.
    • fix mkinitrd to handle `-b /' correctly.
    • mkinitrd: fixed splash code
    • boot.localfs: don't mount filesystems marked as _netdev
    • prepare mkinitrd for 2.6 kernels
    • temporarily mount shm filesystem over /etc/lvmtab.d in the linuxrc script to have more space available for lvm commands.
    • add md to list of introduced modules.
    • remove the check for xntp before writeback to hwclock
    • Remove now-obsolete oem resize support.
    • update mkinitrd to correctly add the mod_sd module when any SCSI modules are listed in /etc/sysconfig/kernel in INITRD_MODULES.
    • mkinitrd: dhcp: allow servername in rootpath
    • add missing mount line in rc for /proc file system
    • mkinitrd: handle line continuation and quoting in /etc/modules.conf
  • Updated bind9 (bugfix/feature) [bind9] [bind9-devel] [bind9-utils]
    • update to version 9.2.2; maintenance/ bugfix release
    • add NAMED_ADD_CONF_FILES to /etc/sysconfig/named to handle additional configuration files get copied into the chroot jail
    • create named.conf.include if it does not exist
    • move root.hint to an extra source file, named.root
    • use /etc/named.d and /var/lib/named/master directory in the example configuration from the sample-config directory
    • add config: syslog-ng to sysconfig.syslog-named
    • add NAMED_ARGS to sysconfig.named
    • create /etc/rndc.key with 512bit sized key in %post
    • create /etc/rndc.key in the init script if it's missing
    • always include /etc/rndc.key in rndc-access.conf
    • add default /etc/named.d/rndc-access.conf (on install, not on update)
    • set owner of /etc/named.d and /etc/named.d/rndc-access.conf to root:
    • add SuSEconfig.named
    • add all included files to NAMED_CONF_INCLUDE_FILES of /etc/sysconfig/named while update if NAMED_CONF_INCLUDE_FILES is empty
    • add additional sysconfig meta data
    • unify init scripts; add one space at the end to all echos
    • fix try-restart part of init skript
    • set PATH to "/sbin:/usr/sbin:/bin:/usr/bin"
    • fix file section
    • create additional sub directories log, dyn and master in /var/named
    • add a non active logging example to named.conf
    • also create named user/group in utils preinstall
    • create named user/group in preinstall and install
    • set /etc/named.conf to root:named and 0640
    • add an example to additional info mail for dynamic updates
    • add more information to the README.{SuSE,UnitedLinux}
    • add sysconfig file for chroot jail; default is yes
    • add chroot features to init script for start and reload
    • add separate binaries to PreReq
    • add --localstatedir=/var to configure call
    • add and autocreate /etc/rndc.{conf,key}
    • move rndc binaries and man pages to utils package
    • set ownership of /var/named to root:
    • document new features in the README
    • fix init script to return correspondig message to checkproc return code
    • add additional info mail about ownership of /var/named if journal files are used
  • Updated cron (feature) [cron]
    • added laus patch for auditing support
  • Updated cups (bugfix) [cups] [cups-client] [cups-devel] [cups-drivers] [cups-drivers-stp] [cups-libs]
    • fixed landscape problem from different creators
  • Updated dante (security/bugfix/feature) [dante] [dante-devel] [dante-server]
    • fix error trying to socksify ssh
    • add libdsocks.a to devel file list
  • Updated evlog (security/bugfix/feature) [evlog] [evlog-devel] [evlog-snmp]
    • updated to 1.5.3
    • applied patch to SNMP subagent
    • fixed "rcevlog status" if snmp agent is not installed
    • suppress evlogmgr messages resulting from evlogd not running
    • tcp_rmtlog FIFO goes into /var/run, not /opt/evlog
    • include /var/log/evlog in file list
    • fixed bracketing messed up by Opteron patch
    • fixed conflict between evlog/evlog-snmp
    • added missing /usr/share/snmp/mibs/LINUX-EVENT-LOG-MIB.mib
    • merged patches to enable SNMP access to event log
    • fixed a few more hardcoded pathnames in various source files
  • Updated freeswan (bugfix/feature) [freeswan]
    • sample config: Make it working. conn %default should precede real configs.
    • ipsec look: Parse spd and sadb to produce diagnostic output
    • start KLIPS even without %defaultroute (hotplugging).
    • delete SA_IPIP as well, otherwise we leak them with USAGI kernel space.
    • configure kernel sources before compiling.
    • reenable libinet6 usage for SLES8.
    • rename the des_crypt.3 manpage to freeswan_des_crypt.3 to avoid conflict with the des_crypt.3 from the man-pages package
    • Ignore "compress" option in config file (and warn user).
    • added patch to support MS L2TP
    • remove uninstalled secrets.
    • fix for chown usage.
    • remove libinet6 from neededforbuild
    • added missing directories to filelist
    • remove .cvsignore files
  • gcc
    • update to bugfix release 3.2.2
    • this bugfix release fixes a couple of compile problems
    • fixed reload bug with match_dup.
    • fixed loop optimizer bug.
    • fixed RTX_UNCHANGING bug.
  • glibc
    • Add fix for xdr integer overflow
    • Add --mlock option for ld.so.
    • Added some ipv6 atm stuff to the linux kernelheaders.
    • Applied USAGI patches: usagi-include.diff: add NI_NUMERICSCOPE usagi-getnameinfo.diff: handle numeric scopes usagi-getaddrinfo.diff: handle v4mapped addresses, and handle some ipv6/ipv4 interaction issues.
    • Added usagi linux kernel header additions for /usr/include/linux.
  • heartbeat
    • Fixes to heartbeat's mlockall() strategy to reduce the chance of being hit by a page fault under load in timing critical sections.
    • Fix for IPC socket code which did not deal correctly with messages still to be read from a socket which has already indicated disconnect, the final message would not be read.
    • Fixed apphbd restart failure.
    • man page update for apphbd
    • Incorporated fix from Ram Pai of IBM EVMS group for message loss under high load.
    • Includes bugfix for send_arp and others.
    • Incorporated fix for apphbd realtime freeze
    • Fixes bug in apcmastersnmp module for copying outlet names
    • Fixes for CCM (STONITH will now tell if no device was configured)
    • wti_nps / apcmaster modules: fixes for telnet timing on fast machines.
    • Fix for local status updates getting delayed / lost.
    • Fix in IPaddr if used with LVS & hidden interfaces on loopback.
    • Corrected placement of apphbd pid file
    • Supports millisecond timeouts, includes startstop script
    • Fixed memory leak in heartbeat-ldirectord due to Perl socket() bug
    • ipfail socket now created correctly
    • Fix for ucast comm plugin (again)
  • inetd
    • prevent segfault on internal services when there are interfaces with no assigned address
  • kdelibs3
    • fix start of KDE with LANG=de_DE
    • fix kimgio eps reading
  • libaio
    • fix header to be includable with glibc
    • add missing "const" to libaio.h
  • Updated linux-iscsi (bugfix/feature) [linux-iscsi]
    • update to version 3.4.0.3
    • port patch to use internal syscall iface to 3.4.0.3.
    • add patch from NetApp
    • create an individual /etc/initiatorname.iscsi in %post
    • enhance init script
    • add missing dir to filelist
  • Updated lkcdutils (bugfix/feature) [lkcdutils] [lkcdutils-netdump-server]
    • update to CVS lkcdutils
    • fixed LKCD lkcd_netconfig
    • fixed netdump support
    • fix to display bitfields on BE archs
    • support for dynamic log_buf_len
    • fixed fillup to update DUMP_FLAGS to the new format
    • fix for detecting PAE in the dumps
    • fix for parsing dumps
    • add boot.lkcd script
  • mod_php4
    • add php3 to AddType and php3, php4 to DirectoryIndex
  • Updated modutils (feature) [modutils]
    • support new /lib/modules/'uname -r' structure
    • support new override path
  • openssl
    • fix command line parsing of the "rand" command
  • perl
    • fix memory leak in socket creation
    • restart stdio read/write when receiving EINTR
  • samba
    • update to version 2.2.8a
    • readd map to guest = Bad User to smb.conf
    • add mkntpwd
    • cleanup init scripts try-restart part
    • remove rc_reset from status part of nmb init script
    • ensure SuSEconfig -module samba is called after the package installation is not done with YaST
    • remove check for existence of sysconfig and smb.conf from smbfs init script
    • warn also in SuSEconfig.samba if SAMBA_SAM is not or wrong set; use classic as default if so
    • move tdbtools to the client package
    • add /usr/lib/samba/{classic,ldap}/ to the client package file list
    • add product suffix to README and smb.conf files of documentation
    • mark sym links from /var/lib/samba/bin/ as %ghost
    • use rc_exit, not exit at the end of the smbfs init script
    • remove check and Required-Start for nmb in smbfs init script, move nmb from Required-Start to X-UnitedLinux-Should-Start add section about smbfs and nmb service to README.SuSE
    • add ACL mapping fixes
    • integrate ACL fixes
  • scsi
    • fix problem with scsidev in link mode: links have pointed to whole disk device instead of partitions.
  • shadow
    • allow A-Z and . as characters for login names.
    • Fix seg.fault introduced through sanity check patch
    • added laus patch for pwdutils and shadow for auditing support
  • star
    • update to 1.4.2, which includes the fix from Oct 29.
    • names-with-spaces.diff fixes a bug with spaces in user/group names of ACL entries.
  • ucdsnmp
    • fix bug in snmptable that causes a segfault when using BULK requests
    • init script has to sleep before starting the agents, not after
  • Updated xntp (bugfix) [xntp] [xntp-doc]
    • fix bug in ntp-4.1.1-noroot.patch that made ntpd ignore an existing drift file instead of reading it.
  • Updated ypserv (bugfix/feature) [ypserv]
    • update to version 2.9.91
    • fix problems with svc_run
  • yast2-online-update
    • A patch of kind "YaST2" was preselected, even if it only had new versions for non-installed packages.
    • CD and NFS sources weren't unmounted after installation of updates.
  • yast2-users
    • allow A-Z and . as characters for login names
    • fixed strange characters in table uid field (curses install)
  • zebra
    • added kame-fix patch
    • upgrade to zebra-0.93b
    • added pam script
  • SuSEfirewall2
    • Change from Dec 30 was too restrictive.
    • fix log messages instead.
2.2 Security fixes
Service Pack 3 contains all security fixes released via the maintenance Web. Since GA security fixes were released for the following packages:
  • CVS
  • canna
  • cups
  • dhcp-relay
  • dhcp-server
  • ethereal
  • evlog
  • fam
  • fetchmail
  • file
  • freeradius
  • ghostscript-library
  • glibc
  • glibc-devel
  • KDE
  • KERNEL
  • libnetpbm
  • libpng
  • man
  • mod_php4
  • mutt
  • MySQL
  • netpbm
  • nfs-utils
  • openldap2
  • openssl
  • PHP4
  • postfix
  • postgresql-server
  • ppp
  • pptpd
  • qpopper
  • samba
  • sendmail
  • siga
  • snort
  • susehelp
  • SuSEfirewall2
  • tcpdump
  • unzip
  • VNC
  • w3m
  • w3m_ssl
  • webalizer
  • wget
  • xshared
3. Product News
Please visit http://www.suse.com for the latest product news.
Your SuSE Linux Enterprise Server Team

links to download packages

Download Source Packages

Download the source code of the patches for maintained products.


Disclaimer

The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.

Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.

© Micro Focus