The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, JBoss, MetaMatrix, Fedora, the Infinity Logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
All other trademarks are the property of their respective owners.
The Release Notes provide high-level coverage of the improvements and additions that have been implemented in Red Hat Enterprise Linux 6.5. For detailed documentation on all changes to Red Hat Enterprise Linux for the 6.5 update, refer to the Technical Notes.
Red Hat Enterprise Linux minor releases are an aggregation of individual enhancement, security and bug fix errata. The Red Hat Enterprise Linux 6.5 Release Notes documents the major changes made to the Red Hat Enterprise Linux 6 operating system and its accompanying applications for this minor release. Detailed notes on changes (that is, bugs fixed, enhancements added, and known issues found) in this minor release are available in the Technical Notes. The Technical Notes document also contains a complete list of all currently available Technology Previews along with packages that provide them.
Important
The online Red Hat Enterprise Linux 6.5 Release Notes, which are located online here, are to be considered the definitive, up-to-date version. Customers with questions about the release are advised to consult the online Release and Technical Notes for their version of Red Hat Enterprise Linux.
The kernel shipped in Red Hat Enterprise Linux 6.5 includes several hundred bug fixes for, and enhancements to the Linux kernel. For details concerning important bugs fixed and enhancements added to the kernel for this release, refer to the kernel section of the Red Hat Enterprise Linux 6.5 Technical Notes.
Support for PMC-Sierra Cards and Controllers
The pm8001/pm80xx driver adds support for PMC-Sierra Adaptec Series 6H and 7H SAS/SATA HBA cards as well as PMC Sierra 8081, 8088, and 8089 chip based SAS/SATA controllers.
Configurable Timeout for Unresponsive Devices
In certain storage configurations (for example, configurations with many LUNs), the SCSI error handling code can spend a large amount of time issuing commands such as TEST UNIT READY to unresponsive storage devices. A new sysfs parameter, eh_timeout, has been added to the SCSI device object, which allows configuration of the timeout value for TEST UNIT READY and REQUEST SENSE commands used by the SCSI error handling code. This decreases the amount of time spent checking these unresponsive devices. The default value of eh_timeout is 10 seconds, which was the timeout value used prior to adding this functionality.
Configuration of Maximum Time for Error Recovery
A new sysfs parameter eh_deadline has been added to the SCSI host object, which enables configuring the maximum amount of time that the SCSI error handling will attempt to perform error recovery, before giving up and resetting the entire host bus adapter (HBA). The value of this parameter is specified in seconds, and the default is zero, which disables the time limit and allows all of the error recovery to take place. In addition to using sysfs, a default value can be set for all SCSI HBAs using the eh_deadline kernel parameter.
Lenovo X220 Touchscreen Support
Red Hat Enterprise Linux 6.5 now supports Lenovo X220 touchscreen.
Chapter 2. Networking
Precision Time Protocol
An implementation of the Precision Time Protocol (PTP) according to IEEE standard 1588-2008 for Linux was introduced as a Technology Preview in Red Hat Enterprise Linux 6.4. The PTP infrastructure, both kernel and user space, is now fully supported in Red Hat Enterprise Linux 6.5. Network driver time stamping support now also includes the following drivers: bnx2x, tg3, e1000e, igb, ixgbe, and sfc.
Analyzing the Non-Configuration IP Multicast IGMP Snooping Data
Previously, the bridge module sysfs virtual file system did not provide the ability to inspect the non-configuration IP multicast Internet Group Management Protocol (IGMP) snooping data. Without this functionality, users could not fully analyze their multicast traffic. In Red Hat Enterprise Linux 6.5, users are able to list detected multicast router ports, groups with active subscribers and the associated interfaces.
PPPoE Connections Support in NetworkManager
NetworkManager has been enhanced to support the creation and management of point-to-point protocol over Ethernet (PPPoE) based connections; for example, connections used for DSL, ISDN, and VPN connectivity.
Network Namespace Support for OpenStack
Network namespaces (netns) is a lightweight container-based virtualization technology. A virtual network stack can be associated with a process group. Each namespace has its own loopback device and process space. Virtual or real devices can be added to each network namespace, and the user can assign IP addresses to these devices and use them as a network node.
SCTP Support to Change the Cryptography Hash Function
In Red Hat Enterprise Linux 6.5, users can change the cryptography hash function from MD5 to SHA1 for Stream Control Transmission Protocol (SCTP) connections.
M3UA Measurement Counters for SCTP
Message Transfer Part Level 3 User Adaptation Layer (M3UA) is a protocol defined by the IETF standard for transporting MTP Level 3 user part signaling messages over IP using Stream Control Transmission Protocol (SCTP) instead of using traditional telecommunications networks (ISDN and PSTN).
Managing DOVE Tunnels Using iproute
Distributed Overlay Virtual Ethernet (DOVE) tunnels allow for building of Virtual Extensible Local Area Network (VXLAN), which represents a scalable solution for ISO OSI layer 2 networks used in cloud centers. The bridge tool is part of the iproute package and can be used, for example, to manage a forwarding database on VXLAN devices on Linux platform.
Chapter 3. Security
Changes Related to FIPS 140-2 Certification
In Red Hat Enterprise Linux 6.5, integrity verification is performed when the dracut-fips package is present, regardless of whether the kernel operates in FIPS mode or not. For detailed information on how to make Red Hat Enterprise Linux 6.5 FIPS 140-2 compliant, consult the following Knowledge Base Solution:
This update adds the following ciphers needed for transparent encryption and authentication support in GlusterFS:
CMAC (Cipher-based MAC)
XTS (XEX Tweakable Block Cipher with Ciphertext Stealing)
GCM (Galois/Counter Mode)
Smartcard Support in OpenSSH
OpenSSH now complies with the PKCS #11 standard, which enables OpenSSH to use smartcards for authentication.
ECDSA Support in OpenSSL
Elliptic Curve Digital Signature Algorithm (ECDSA) is a variant of the Digital Signature Algorithm (DSA) which uses Elliptic Curve Cryptography (ECC). Note that only the nistp256 and nistp384 curves are supported.
ECDHE Support in OpenSSL
Ephemeral Elliptic Curve Diffie-Hellman (ECDHE) is supported, which allows for Perfect Forward Secrecy with much lower computational requirements.
Support of TLS 1.1 and 1.2 in OpenSSL and NSS
OpenSSL and NSS now support the latest versions of the Transport Layer Security (TLS) protocol, which increases security of network connections and enables full interoperability with other TLS protocol implementations. The TLS protocol allows client-server applications to communicate across a network in a way designed to prevent eavesdropping and tampering.
OpenSSH Support of HMAC-SHA2 Algorithm
In Red Hat Enterprise Linux 6.5, the SHA-2 cryptographic hash function can now be used in producing a hash message authentication code (MAC), which enables data integrity and verification in OpenSSH.
prefix Macro in OpenSSL
The openssl spec file now uses the prefix macro, which allows for rebuilding of the openssl packages in order to relocate them.
NSA Suite B Cryptography Support
Suite B is a set of cryptographic algorithms specified by the NSA as part of its Cryptographic Modernization Program. It serves as an interoperable cryptographic base for both unclassified information and most classified information. It includes:
Advanced Encryption Standard (AES) with key sizes of 128 and 256 bits. For traffic flow, AES should be used with either Counter Mode (CTR) for low bandwidth traffic or Galois/Counter Mode (GCM) of operation for high bandwidth traffic and symmetric encryption.
Elliptic Curve Digital Signature Algorithm (ECDSA) digital signatures.
Secure Hash Algorithm 2 (SHA-256 and SHA-384) message digest.
Shared System Certificates
NSS, GnuTLS, OpenSSL and Java have been enlisted to share a default source for retrieving system certificate anchors and blacklist information to enable a system-wide trust store of static data that is used by crypto toolkits as input for certificate trust decisions. System-level administration of certificates helps ease of use and is required by local system environments and corporate deployments.
Automatic Synchronization of Local Users Centrally in Identity Management
Automatic Synchronization of Local Users Centrally in Identity Management in Red Hat Enterprise Linux 6.5 makes managing local users centrally easier.
ECC Support in NSS
Network Security Services's (NSS) own internal cryptographic module in Red Hat Enterprise Linux 6.5 now supports the National Institute of Standards and Technology (NIST) Suite B set of recommended algorithms for Elliptic curve cryptography (ECC).
Certificate Support in OpenSSH
Red Hat Enterprise Linux 6.5 supports certificate authentication of users and hosts using a new OpenSSH certificate format. Certificates contain a public key, identity information and validity constraints, and are signed with a standard SSH public key using the ssh-keygen utility. Note that in ssh-keygen shipped with Red Hat Enterprise Linux 6, the -Z option is used for specifying the principals. For more information on this functionality, refer to the /usr/share/doc/openssh-*/PROTOCOL.certkeys file.
Chapter 4. Subscription Management
Red Hat Support Tool
Red Hat Enterprise Linux 6.5 includes a new package, redhat-support-tool, which provides the Red Hat Support Tool. This tool facilitates console-based access to Red Hat's subscriber services and gives Red Hat subscribers more venues for accessing both the content and services available to them as Red Hat customers. Further, it enables our customers to integrate and automate their helpdesk services with our subscription services. The capabilities of this package include:
Knowledge Base article and solution viewing from the console (formatted as man pages).
Viewing, creating, modifying, and commenting on customer cases from the console.
Full proxy support (that is, FTP and HTTP proxies).
Easy listing and downloading of attachments to customer cases from the console.
Knowledge Base searching on query terms, log messages, and other parameters, and viewing search results in a selectable list.
Easy uploading of log files, text files, and other sources to the Shadowman automatic problem determination engine for diagnosis.
Various other support-related commands.
For more information about the Red Hat Support Tool, refer to the installed documentation in the /usr/share/doc/redhat-support-tool-version/ directory or the following Knowledge Base article: https://access.redhat.com/site/articles/445443.
Updates of subscription-manager list
Among the list of available subscription, the output of the subscription-manager list --available command now contains a new field, Provides. This field shows the names of the products that the system is eligible for. In addition, a new field, Suggested, has been added to facilitate compliance and provide parity with the graphical user interface (GUI).
Virtualization updates in Red Hat Enterprise Linux 6.5 include a number of bug fixes in areas such as live migration, error reporting, hardware and software compatibility. In addition, performance and general stability improvements have been implemented. For the most significant of these changes, see the sections below.
5.1. KVM
Improved Support For the VMDK Image File Format
Red Hat Enterprise Linux 6.5 includes a number of improvements to read-only support for Virtual Machine Disk, or VMDK, image file formats, including its subformats, as created by many VMware products.
Windows Guest Agent Fully Supported
The Windows guest agent is now fully supported and delivered with its own installer in the Supplementary channel together with virtio-win drivers.
Support for the VHDX Image File Format
Red Hat Enterprise Linux 6.5 includes read-only support for Hyper-V virtual hard disk, or VHDX, image formats, as created by Microsoft Hyper-V.
Native Support for GlusterFS in QEMU
Native Support for GlusterFS in QEMU allows native access to GlusterFS volumes using the libgfapi library instead of through a locally mounted FUSE file system. This native approach offers considerable performance improvements.
Support for Dumping Metadata of Virtual Disks
Third-party applications running on the host are now able to read the guest image contents without knowing the details of the QCOW2 image format. This can be used together with the Linux device mapper to access QCOW2 images as Linux block devices.
CPU Hot Plugging for Linux Guests
CPU hot plugging and hot unplugging are supported with the help of the QEMU guest agent on Linux guests; CPUs can be enabled or disabled while the guest is running, thus mimicking the hot plug or hot unplug feature.
Application-Aware freeze and thaw on Microsoft Windows with VSS Support on qemu-ga-win
VSS (Volume Shadow Copy Service) is a Microsoft Windows API that allows, among other things, the notification of applications for proper, consistent freeze and thaw operations. With this feature, snapshots taken while the virtual machine is running are consistent through the whole stack (from the block layer to the guest applications) and can be used for backup purposes. For more information, see the Virtualization Administration Guide
Application-Aware freeze and thaw on Linux Using qemu-ga Hooks
Similar to the Windows VSS version, application-consistent snapshots can be created with the use of scripts that attach to the QEMU guest agent running on the guest. These scripts can notify applications which would flush their data to the disk during a freeze or thaw operation, thus allowing consistent snapshots to be taken.
Conversion of VMware OVF and Citrix Xen Guests to KVM Guests
The virt-v2v conversion tool has been upgraded to an upstream version to support conversion of VMware Open Virtualization Format (OVF) and Citrix Xen guest conversion to KVM.
Increased KVM Memory Scalability
KVM virtual memory scalability in a single guest has been increased to 4TB.
Support of Volume Control from within Microsoft Windows Guests
Users can now fully control the volume level on Microsoft Windows XP guests using the AC'97 codec.
Opening Connections from a File
It is now possible to set up a remote-viewer session from a configuration file associated with a registered MIME type, for example, from the Red Hat Enterprise Virtualization Manager portal. A simple browser link can be used without the need for a browser-specific plug-in or multi-process communication.
5.2. Microsoft Hyper-V
Microsoft Hyper-V Para-Virtualized Drivers
To enhance Red Hat Enterprise Linux support on Microsoft Hyper-V, Synthetic Video Frame Buffer Driver has been added to Red Hat Enterprise Linux 6.5. In addition, the signaling protocol between the host and the guest has been updated. For more information, see Virtualization Administration Guide
5.3. VMware
VMware Platform Drivers Updates
The VMware network para-virtualized driver has been updated to the latest upstream version.
Chapter 6. Storage
Full Support of fsfreeze
The fsfreeze tool is fully supported in Red Hat Enterprise Linux 6.5. The fsfreeze command halts access to a file system on a disk. fsfreeze is designed to be used with hardware RAID devices, assisting in the creation of volume snapshots. For more details on the fsfreeze utility, refer to the fsfreeze(8) man page.
pNFS File Layout Hardening
pNFS allows traditional NFS systems to scale out in traditional NAS environments, by allowing the compute clients to read and write data directly and in parallel, to and from the physical storage devices. The NFS server is used only to control meta-data and coordinate access, allowing predictably scalable access to very large sets from many clients. Bug fixes to pNFS are being delivered in this release.
Support of Red Hat Storage in FUSE
FUSE (Filesystem in User Space) is a framework that enables development of file systems purely in the user space without requiring modifications to the kernel. Red Hat Enterprise Linux 6.5 delivers performance enhancements for user space file systems that use FUSE, for example, GlusterFS (Red Hat Storage).
LVM Thin Provisioning and Snapshots
Logical Volume Manager has been updated to include thin provisioning, which allows users to optimize their storage capacity investment by matching their capacity to their actual storage usage needs. Users are now able to create thinly-provisioned volumes from a shared storage pool. Blocks in the pool are only allocated when the volume is written, and blocks are returned to the pool when data on the volume is discarded. In addition, snapshots, or point-in-time copies, provide access to the data on a volume as it existed at a particular time in the past. This is done by preserving data before it is over-written.
Multipath I/O Updates
Scalability and ease-of-use of Device Mapper Multipath have been improved. These improvements include in particular:
responsiveness of utilities,
multipath device automatic naming,
more robust multipath target detection.
Performance Improvements in GFS2
Red Hat Enterprise Linux 6.5 introduces the Orlov block allocator that provides better locality for files which are truly related to each other and likely to be accessed together. In addition, when resource groups are highly contended, a different group is used to maximize performance.
TRIM Support in mdadm
The mdadm tool now supports the TRIM commands for RAID0, RAID1, RAID10 and RAID5.
Chapter 7. Clustering
pcs Fully Supported
The pcs package, previously included as a Technology Preview, is now fully supported in combination with Red Hat Open Stack deployments. This package provides a command-line tool for configuring and managing the corosync and pacemaker utilities.
pacemaker Fully Supported
Pacemaker, a scalable high-availability cluster resource manager, which was previously included as a Technology Preview, is now fully supported in combination with Red Hat Open Stack deployments.
Chapter 8. Hardware Enablement
Support of Future Intel SOC Processors
Device support is enabled in the operating system for future Intel System-on-Chip (SOC) processors. These include Dual Atom processors, memory controller, SATA, Universal Asynchronous Receiver/Transmitter, System Management Bus (SMBUS), USB and Intel Legacy Block (ILB - lpc, timers, SMBUS (i2c_801 module)).
Support of 12Gbps LSI SAS Devices
The mpt3sas driver adds support for 12Gbps SAS devices from LSI in Red Hat Enterprise Linux.
Support of Dynamic Hardware Partitioning and System Board Slot Recognition
The dynamic hardware partitioning and system board slot recognition features alert high-level system middleware or applications for reconfiguration and allow users to grow the system to support additional workloads without reboot.
Support for future Intel 2D and 3D Graphics
Support for future Intel 2D and 3D graphics has been added to allow systems using future Intel processors to be certified through the Red Hat Hardware Certification program.
Frequency Sensitivity Feedback Monitor
Frequency sensitivity feedback monitor provides the operating system with better information so that it can make better frequency change decisions while saving power.
ECC Memory Support
The Error-correcting code (ECC) memory has been enabled for a future generation of AMD processors. This feature provides the ability to check for performance and errors by accessing ECC memory related counters and status bits.
Support for AMD Systems with More Than 1TB Memory
The kernel now supports memory configurations with more than 1TB of RAM on AMD systems.
Chapter 9. Industry Standards and Certification
FIPS 140 Revalidations
Federal Information Processing Standards (FIPS) publications 140 is a U.S. government security standard that specifies the security requirements that must be satisfied by a cryptographic module utilized within a security system protecting sensitive, but unclassified information. The standard provides four increasing, qualitative levels of security: Level 1, Level 2, Level 3, and Level 4. These levels are intended to cover the wide range of potential applications and environments in which cryptographic modules may be employed. The security requirements cover areas related to the secure design and implementation of a cryptographic module. These areas include cryptographic module specification, cryptographic module ports and interfaces; roles, services, and authentication; finite state model; physical security; operational environment; cryptographic key management; electromagnetic interference/electromagnetic compatibility (EMI/EMC); self-tests; design assurance; and mitigation of other attacks.
Red Hat Enterprise Linux 6.5 supports NSA Suite B cryptography enhancements and certifications. These cryptographic algorithms provide highly secure networking communication. NSA SUITE B is required for government agencies under NIST 800 - 131. Components of NSA Suite B cryptography include the following:
Advanced Encryption Standard (AES) encryption GCM mode of operation
Elliptic Curve Diffie–Hellman (ECDH)
Secure Hash Algorithm 2 (SHA-256)
The following targets are in the process of validation:
NSS FIPS-140 Level 1
Suite B Elliptic Curve Cryptography (ECC)
OpenSSH (Client and Server)
Openswan
dm-crypt
OpenSSL
Kernel Crypto
AES-GCM, AES-CTS, AES-CTR ciphers
Chapter 10. Desktop and Graphics
Graphics Updates and New Hardware Support
Graphics updates in Red Hat Enterprise Linux 6.5 include the following:
Support for future Intel and AMD devices
Spice improvements
Improved multi monitor support and touch screen support
Updated gdm
Updates to the gdm application include fixes of password expiration messages, mutli-seat support and local interoperability problems.
Upgraded Evolution
The Evolution application has been upgraded to the latest upstream version to improve interoperability with Microsoft Exchange. This includes the new Exchange Web Service (EWS), improved meeting support and improved folder support.
Rebased LibreOffice
In Red Hat Enterprise Linux 6.5 release, LibreOffice has been upgraded to upstream version 4.0.4.
Support for AMD GPUs
Support for the latest AMD graphics processor units (GPUs) has been added to Red Hat Enterprise Linux 6.5
Alias Support in NetworkManager
Alias support has been added to NetworkManager. However, users are strongly recommended to use the multiple or secondary IP feature instead.
Chapter 11. Performance and Scalability
KSM Enhancements
Kernel Shared Memory (KSM) has been enhanced to consider non-uniform memory access (NUMA) when coalescing pages, which improves performance of the applications on the system. Also, additional page types have been included to increase the density of applications available for Red Hat OpenShift.
tuned updates
tuned profiles have been refined to provide optimum performance for particular scenarios.
Chapter 12. Compiler and Tools
Automatic Bug Reporting Tool (ABRT), Change in the Default Set of Reporters
Running the abrt-cli --report DIR command now shows the following choice of reporters:
How would you like to report the problem?
1) New Red Hat Support case
2) Existing Red Hat Support case
3) Save to tar archive
Component Versions
This appendix is a list of components and their versions in the Red Hat Enterprise Linux 6.5 release.
Component
Version
Kernel
2.6.32-421
QLogic qla2xxx driver
8.04.00.08.06.4-k
QLogic ql2xxx firmware
ql23xx-firmware-3.03.27-3.1
ql2100-firmware-1.19.38-3.1
ql2200-firmware-2.02.08-3.1
ql2400-firmware-7.00.01-1
ql2500-firmware-7.00.01-1
Emulex lpfc driver
8.3.7.21.1p
iSCSI initiator utils
iscsi-initiator-utils-6.2.0.873-9
DM-Multipath
device-mapper-multipath-0.4.9-71
LVM
lvm2-22.02.100-4
Table A.1. Component Versions
Revision History
Revision History
Revision 1.0-7
Thu Nov 21 2013
EliškaSlobodová
Release of the Red Hat Enterprise Linux 6.5 Release Notes.
Revision 1.0-3
Thu Oct 3 2013
EliškaSlobodová
Release of the Red Hat Enterprise Linux 6.5 Beta Release Notes.