Red Hat Enterprise Linux AS 4 Release Notes Copyright © 2005 Red Hat, Inc. -------------------------------------------------------------------------- Introduction The following topics related to Red Hat Enterprise Linux 4 are covered in this document: o Introduction (this section) o Overview of this release o Installation-related notes o Package-specific notes o Packages added/removed/deprecated Overview of This Release The following list includes brief summaries of some of the more significant aspects of Red Hat Enterprise Linux 4: o Red Hat Enterprise Linux 4 includes an implementation of SELinux. SELinux represents a major shift in the way users, programs, and processes interact. By default, SELinux is installed and enabled in this release. Note During the installation you have the option of disabling SELinux, setting it to log warning messages only, or to use its targeted policy, which confines the following daemons only: o dhcpd o httpd o mysqld o named o nscd o ntpd o portmap o postgres o snmpd o squid o syslogd The targeted policy is active by default. Warning Red Hat Enterprise Linux 4 support for SELinux uses Extended Attributes on ext2/ext3 file systems. This means that, when a file is written to a default-mounted ext2/ext3 file system, an extended attribute will also be written. This will cause problems on systems that dual boot between Red Hat Enterprise Linux 4 and Red Hat Enterprise Linux 2.1. The Red Hat Enterprise Linux 2.1 kernels do not support extended attributes, and can crash when encountering them. For more information about SELinux, refer to the Red Hat SELinux Policy Guide, available online at: [1]http://www.redhat.com/docs/ o The mount command has been changed to do the following on NFS mounts: · TCP is now the default transport on NFS mounts. This means that a mount command that does not explicitly specify UDP as the desired protocol (for example, mount foo:/bar /mnt) now uses TCP to communicate with the server, instead of UDP. · Using the verbose (-v) option now causes RPC error messages to be written to standard output. o Red Hat Enterprise Linux 4 supports UTF-8 encoding by default for Chinese, Japanese, and Korean locales. o Red Hat Enterprise Linux 4 now uses IIIMF for input of Chinese, Japanese, and Korean by default. o Red Hat Enterprise Linux 4 supports 5 Indian (Indic) languages: Bengali, Gujarati, Hindi, Punjabi, and Tamil. In addition, the high-quality Lohit font family for the supported languages has been included. o Subversion 1.1 is now included in Red Hat Enterprise Linux; the Subversion version control system is designed to be a replacement for CVS and features truly atomic commits, versioning of files, directories and metadata, along with most current features of CVS. o Unlike earlier releases, Red Hat Enterprise Linux 4 kernel support for Intel® Extended Memory 64 Technology (hereafter referred to as "Intel® EM64T"), and AMD64 processors exist in a single "x86-64" kernel. There are no longer separate kernels for each processor type. o Red Hat Enterprise Linux 3 introduced the Native POSIX Thread Library (NPTL) — an implementation of POSIX threading support that greatly improved performance, scalability, semantic correctness, and standards compliance over the LinuxThreads implementation used previously. While most threaded applications were not impacted by the introduction of NPTL, applications that relied on those semantics of LinuxThreads that were contrary to the POSIX specification would not operate correctly. As noted at the time of NPTL's introduction, Red Hat recommended that such applications be updated so that they complied with POSIX (and could therefore use NPTL.) While support for LinuxThreads still exists for Red Hat Enterprise Linux 4, this statement serves as advance notice that Red Hat Enterprise Linux 5 will no longer include support for LinuxThreads. Therefore, applications that require LinuxThreads support must be updated before they will be able to work properly on a Red Hat Enterprise Linux 5 system. Note Several workarounds exist that permit applications requiring the use of LinuxThreads to continue operation under Red Hat Enterprise Linux 3 and 4. These workarounds include: o Using the LD_ASSUME_KERNEL environment variable to select LinuxThreads instead of NPTL at runtime o Using an explicit rpath to /lib/i686/ or /lib/ to select LinuxThreads instead of NPTL at runtime o Statically linking the application to use LinuxThreads instead of NPTL (strongly discouraged) In order to determine whether an application is using NPTL or LinuxThreads, add following two environment variables to the application's environment: LD_DEBUG=libs LD_DEBUG_OUTPUT=<filename> (Where <filename> is the name to be given to each debug output log file. More than one file can be generated if the program forks other processes; all debug output log filenames include the PID of process generating the file.) Then start the application and use it as you normally would. If no debug output log file was produced, the application is statically linked. The application will not be affected by the missing LinuxThreads DSO but, as with all statically linked applications, no guarantees for compatibility are given if the application dynamically loads any code (directly via dlopen() or indirectly via NSS.) If one or more debug output log files were produced, review each one for any references to libpthread — in particular, a line also containing the string "calling init". The grep utility can do this easily: grep "calling init.*libpthread" <filename>.* (Where <filename> refers to the name used in the LD_DEBUG_OUTPUT environment variable.) If the path preceding libpthread is /lib/tls/, the application is using NPTL, and no further action needs to be taken. Any other path means that LinuxThreads is being used, and the application must be updated and rebuilt to support NPTL. o Red Hat Enterprise Linux 4 now includes support for Advanced Configuration and Power Interface (ACPI), a power management specification commonly supported by most newer hardware. Due to differences in the order in which hardware is probed in system environments with and without ACPI support, the potential for device name changes exists. This means, for example, that a network interface card identified as eth1 under a prior version of Red Hat Enterprise Linux may now appear as eth0. Installation-Related Notes This section outlines those issues that are related to Anaconda (the Red Hat Enterprise Linux installation program) and installing Red Hat Enterprise Linux 4 in general. o If you are copying the contents of the Red Hat Enterprise Linux 4 CD-ROMs (in preparation for a network-based installation, for example) be sure you copy the CD-ROMs for the operating system only. Do not copy the Extras CD-ROM, or any of the layered product CD-ROMs, as this will overwrite files necessary for Anaconda's proper operation. These CD-ROMs must be installed after Red Hat Enterprise Linux has been installed. o During the Red Hat Enterprise Linux 4 installation, it can be challenging to identify individual storage devices in system configurations that include multiple storage adapters. This is particulary true for systems containing Fibre Channel adapters, because in many instances it is desirable to install Red Hat Enterprise Linux on local storage. The Red Hat Enterprise Linux 4 installation program addresses this issue by delaying the loading of the following modules until after all other SCSI devices have been loaded: o lpfc o qla2100 o qla2200 o qla2300 o qla2322 o qla6312 o qla6322 This results in any locally-attached SCSI device names starting with /dev/sda, /dev/sdb, and so on, with the FC-attached storage following. Package-Specific Notes The following sections contain information regarding packages that have undergone significant changes for Red Hat Enterprise Linux 4. For easier access, they are organized using the same groups used in Anaconda. Base This section contains information related to basic system components. openssh Red Hat Enterprise Linux 4 contains OpenSSH 3.9, which includes strict permission and ownership checks for the ~/.ssh/config file. These checks mean that ssh will exit if this file does not have appropriate ownership and permissions. Therefore, make sure that ~/.ssh/config is owned by the owner of ~/, and that its permissions are set to mode 600. Core This section contains the most elemental components of Red Hat Enterprise Linux, including the kernel. e2fsprogs The ext2online utility has been added for online growing of existing ext3 file systems. Note It is important to keep in mind that ext2online does not grow the underlying block device itself — there must be sufficient unused space already present on the device. The easiest way to ensure this is to use LVM volumes and to run lvresize or lvextend to extend the device. In addition, file systems must be specially prepared in order to be resized past a certain point. The preparation involves reserving a small amount of space into which on-disk tables can grow. For newly-created file systems, mke2fs reserves such space automatically; the space reserved is sufficient to grow the file system by a factor of 1000. The creation of this reserved space can be disabled by the following command: mke2fs -O ^resize_inode Future releases of Red Hat Enterprise Linux will allow the creation of this reserved space on existing file systems. glibc o The version of glibc provided with Red Hat Enterprise Linux 4 performs additional internal sanity checks to prevent and detect data corruption as early as possible. By default, should corruption be detected, a message similar to the following will be displayed on standard error (or logged via syslog if stderr is not open): *** glibc detected *** double free or corruption: 0x0937d008 *** By default, the program that generated this error will also be killed; however, this (and whether or not an error message is generated) can be controlled via the MALLOC_CHECK_ environment variable. The following settings are supported: o 0 — Do not generate an error message, and do not kill the program o 1 — Generate an error message, but do not kill the program o 2 — Do not generate an error message, but kill the program o 3 — Generate an error message and kill the program Note If MALLOC_CHECK_ is explicitly set a value other than 0, this causes glibc to perform more tests that are more extensive than the default, and may impact performance. Should you have a program from a third party ISV that triggers these corruption checks and displays a message, you should file a defect report with the application's vendor, since this indicates a serious bug. kernel This section contains notes relating to the Red Hat Enterprise Linux 4 kernel. o Although Red Hat Enterprise Linux 4 includes support for rawio, it is now a deprecated interface. If your application performs device access using this interface, Red Hat encourages you to modify your application to open the block device with the O_DIRECT flag. The rawio interface will exist for the life of Red Hat Enterprise Linux 4, but is a candidate for removal from future releases. Asynchronous I/O (AIO) on file systems is currently only supported in O_DIRECT, or non-buffered mode. Also note that the asynchronous poll interface is no longer present, and that AIO on pipes is no longer supported. o The sound subsystem is now based on ALSA; the OSS modules are no longer available. o System environments using the kernel's "hugepage" functionality should be aware that the name of the /proc/ entry controlling this feature changed between Red Hat Enterprise Linux 3 and Red Hat Enterprise Linux 4: o Red Hat Enterprise Linux 3 used /proc/sys/vm/hugetlb_pool and specified the desired size in megabytes o Red Hat Enterprise Linux 4 uses /proc/sys/vm/nr_hugepages and specifies the size by the desired number of pages (refer to /proc/meminfo for the size of hugepages on your system) o The initial release of Red Hat Enterprise Linux 4 does not support USB hard disk drives. However, other USB storage devices, such as flash media, CD-ROM and DVD-ROM devices are currently supported. o The kernel shipped with Red Hat Enterprise Linux 4 includes the new megaraid_mbox driver from LSI Logic, which replaces the megaraid driver. The megaraid_mbox driver has an improved design, is compatible with the 2.6 kernel, and includes support for the latest hardware. However, megaraid_mbox does not support some of the older hardware that was supported by the megaraid driver. Adapters with the following PCI vendor ID and device ID pairs are not supported by the megaraid_mbox driver: vendor, device 0x101E, 0x9010 0x101E, 0x9060 0x8086, 0x1960 The lspci -n command can be used to display the IDs for adapters installed in a particular machine. Products with these IDs are known by (but not limited to) the following model names: o Dell PERC (dual-channel fast/wide SCSI) RAID controller o Dell PERC2/SC (single-channel Ultra SCSI) RAID controller o Dell PERC2/DC (dual-channel Ultra SCSI) RAID controller o Dell CERC (four-channel ATA/100) RAID controller o MegaRAID 428 o MegaRAID 466 o MegaRAID Express 500 o HP NetRAID 3Si and 1M Both Dell and LSI Logic have indicated that they no longer support these models in the 2.6 kernel. As a result, these adapters are not supported in Red Hat Enterprise Linux 4. o The initial release of Red Hat Enterprise Linux 4 does not include iSCSI software initiator or target support. Support for iSCSI is being evaluated for addition in a future update to Red Hat Enterprise Linux 4. o The Emulex LightPulse Fibre Channel driver (lpfc) is currently undergoing public review for possible inclusion in the Linux 2.6 kernel. It is included in Red Hat Enterprise Linux 4 for testing purposes. Changes to the driver are expected. If there are problems with the driver or, if for some reason it is no longer on-track for inclusion in the Linux 2.6 kernel, the driver may be removed from the final Red Hat Enterprise Linux release. The lpfc driver currently has the following known issues: o The driver does not insulate the system from short-duration cable pulls, switch reboots, or device disappearances. Therefore, the system may prematurely determine that a device is non-existent and take it offline. In such cases, manual intervention will be required to reinstate the device with the system. o There is a known panic if Ctrl-C is pressed while the driver is being inserted with insmod. o There is a known panic if rmmod is executed while insmod is still executing. o New device insertion requires manual scanning in order for the SCSI subsystem to detect the new device. o In the past, the process of updating the kernel did not change the default kernel in the system's boot loader configuration. Red Hat Enterprise Linux 4 changes this behavior to set newly-installed kernels as the default. This behavior applies to all installation methods (including rpm -i). This behavior is controlled by two lines in the /etc/sysconfig/kernel file: o UPGRADEDEFAULT — Controls whether new kernels will be booted by default (default value: yes) o DEFAULTKERNEL — kernel RPMs whose names match this value will be booted by default (default value: depends on hardware configuration) o In order to eliminate the redundancy inherent in providing a separate package for the kernel source code when that source code already exists in the kernel's .src.rpm file, Red Hat Enterprise Linux 4 no longer includes the kernel-source package. Users that require access to the kernel sources can find them in the kernel .src.rpm file. To create an exploded source tree from this file, perform the following steps (note that <version> refers to the version specification for your currently-running kernel): 1. Obtain the kernel-<version>.src.rpm file from one of the following sources: o The SRPMS directory on the appropriate "SRPMS" CD iso image o The FTP site where you got the kernel package o By running the following command: up2date --get-source kernel 2. Install kernel-<version>.src.rpm (given the default RPM configuration, the files this package contains will be written to /usr/src/redhat/) 3. Change directory to /usr/src/redhat/SPECS/, and issue the following command: rpmbuild -bp --target=<arch> kernel.spec (Where <arch> is the desired target architecture.) On a default RPM configuration, the kernel tree will be located in /usr/src/redhat/BUILD/. 4. In resulting tree, the configurations for the specific kernels shipped in Red Hat Enterprise Linux 4 are in the /configs/ directory. For example, the i686 SMP configuration file is named /configs/kernel-<version>-i686-smp.config. Issue the following command to place the desired configuration file in the proper place for building: cp <desired-file> ./.config 5. Issue the following command: make oldconfig You can then proceed as usual. Note An exploded source tree is not required to build kernel modules against the currently in-use kernel. For example, to build the foo.ko module, create the following file (named Makefile) in the directory containing the foo.c file: obj-m := foo.o KDIR := /lib/modules/$(shell uname -r)/build PWD := $(shell pwd) default: $(MAKE) -C $(KDIR) SUBDIRS=$(PWD) modules Issue the make command to build the foo.ko module. sysklogd Under the default SELinux security configuration, this daemon is covered by the targeted policy. This increases security by specifically granting or denying access to system objects that that the daemon normally uses. However, because this has the potential to cause previously-working configurations to no longer function, you must understand how SELinux works in order to ensure that your configuration is both secure and functional. For more information about SELinux policy, refer to the Red Hat SELinux Policy Guide at [2]http://www.redhat.com/docs. DNS Name Server This section contains information related to the DNS name server. bind Under the default SELinux security configuration, this daemon is covered by the targeted policy. This increases security by specifically granting or denying access to system objects that that the daemon normally uses. However, because this has the potential to cause previously-working configurations to no longer function, you must understand how SELinux works in order to ensure that your configuration is both secure and functional. For more information about SELinux policy, refer to the Red Hat SELinux Policy Guide at [3]http://www.redhat.com/docs. Graphical Internet This section includes packages that help you access the Internet, including graphical email, Web browser, and chat clients. evolution o Red Hat Enterprise Linux 4 includes an updated version of the Evolution graphical email client. This version adds a number of new features, including: o Evolution now includes spam filters that can be trained to more accurately distinguish between spam and non-spam email. When you get spam, click on the Junk button. Check your Junk Mail folder periodically to see if anything is being filtered improperly. If you find an improperly-filtered email, mark it as Not Junk; in this way, the filter becomes more effective over time. o The Evolution Connector makes it possible to connect to Microsoft Exchange 2000 and 2003 servers. o The user interface has been modified so that each operation (email, calendaring, tasks, and contacts) is treated separately, replacing the previous server-centric model. o Evolution now includes enhanced support for encryption and cryptographic signatures, including the use of S/MIME. o The directory used by Evolution to store its settings has been hidden from end-users by renaming it from ~/evolution/ to ~/.evolution/. Graphics This section includes packages that help you manipulate and scan images. gimp o The gimp-perl package has been removed from Red Hat Enterprise Linux 4 because GIMP was updated to 2.0 and the Perl bindings were neither ready nor part of the main package anymore. Users of Perl scripts in GIMP should install the Gimp Perl module from [4]http://www.gimp.org/downloads/. Language Support This section includes information related to the support of various languages under Red Hat Enterprise Linux. UTF-8 Support for Chinese, Japanese, and Korean When upgrading a system from Red Hat Enterprise Linux 3 to Red Hat Enterprise Linux 4, system locale settings are preserved. Because Red Hat Enterprise Linux 4 supports Chinese, Japanese, and Korean in UTF-8 encoding by default, Red Hat recommends that you change to UTF-8 locale by editing the following file: /etc/sysconfig/i18n Modify the locale settings by making the following changes: o ja_JP.eucJP becomes ja_JP.UTF-8 o ko_KR.eucKR becomes ko_KR.UTF-8 o zh_CN.GB18030 becomes zh_CN.UTF-8 o zh_TW.Big5 becomes zh_TW.UTF-8 Users with locale settings in ~/.i18n should also update to use UTF-8 encoding by default. To convert a text file in native encoding (for example eucJP, eucKR, Big5, or GB18030) to UTF-8, you can use the iconv utility: iconv -f <native encoding> -t UTF-8 <filename> -o <newfilename> Refer to the iconv man page for more information. IIIMF The default Input Method (IM) for Chinese (Simplified and Traditional), Japanese, and Korean has been changed to IIIMF — the Internet/Intranet Input Method Framework. IIIMF is used by default for input of Indian languages also. IIIMF is supported natively through a GTK2 IM module, and also through XIM using the httx client. IIIMF supports the use of multiple Language Engines (LEs) at the same time; using the GNOME Input Method Language Engine Tool (GIMLET — an applet) it is possible to switch between LEs of different languages inside GTK2 applications. IIIMF currently defaults to using Ctrl-Space or Shift-Space for toggling the input method on and off (Emacs users can use Ctrl-@ instead of Ctrl-Space to set the mark). Depending on your choice of language support during installation, one or more IIIMF Language Engines may have been installed: o Indian languages — iiimf-le-unit o Japanese — iiimf-le-canna o Korean — iiimf-le-hangul o Simplified Chinese — iiimf-le-chinput o Traditional Chinese — iiimf-le-xcin For these languages IIIMF is installed and enabled by default. New users get the GIMLET applet (part of the iiimf-gnome-im-switcher package) automatically added to their GNOME panel, if the GNOME Desktop is installed and the default system language is one of the above. GIMLET is an applet for switching between the different LEs that are installed on your system. Using different Language Engines allows you to enter text in different languages. You can add GIMLET manually to your GNOME panel by right-clicking on the panel, selecting Add to panel... and choosing the InputMethod Switcher applet. If you are upgrading and have any legacy XIM input methods installed, Anaconda will automatically install appropriate Language Engines onto your system: o ami causes iiimf-le-hangul to be installed o kinput2 causes iiimf-le-canna to be installed o miniChinput causes iiimf-le-chinput to be installed o xcin causes iiimf-le-xcin to be installed For users that do not need IIIMF input all the time there is a LE called "Latin default" which does nothing for normal input. This can be used to temporarily disable another LE. The following are some keybindings particular to each of the Language Engines: iiimf-le-canna — Home (show the menu, including the utilities for Canna) iiimf-le-unit — F5 (switch between languages), F6 (switch to different input styles, if available) iiimf-le-xcin — Ctrl-Shift (switch to different input styles), Shift-punctuation (input wide punctuation marks), Cursor keys (change pages in candidate window) iiimf-le-chinput — Ctrl-Shift (switch to different input styles), < or > (change pages in candidate window) iiimf-le-hangul — F9 (convert Hangul to Chinese characters) Input Method Configuration Should you wish to switch between IIIMF and the legacy input method framework XIM, you can use the system-switch-im application. There is also the command-line tool im-switch for changing the user and system configuration. Red Hat Enterprise Linux 4 uses an alternatives-based system of files in /etc/X11/xinit/xinput.d/ and ~/.xinput.d/ to configure the input methods used for different locales. Users of locales for which input methods are not used by default (for example, en_US.UTF-8) that wish to input Asian text must execute the following commands from a shell prompt: mkdir -p ~/.xinput.d/ ln -s /etc/X11/xinit/xinput.d/iiimf ~/.xinput.d/en_US This overrides the system default and enables the use of IIIMF for American English. To configure the input method for an different locale, replace en_US with your locale name (without the charset suffix). To set the input method to be used for all locale use the word default instead of en_US. Users upgrading from Red Hat Enterprise Linux 3 should note that /etc/sysconfig/i18n and ~/.i18n can no longer be used for input method configuration; any custom configuration still needed should be moved as appropriate to /etc/X11/xinit/xinput.d/ or ~/.xinput.d/. After changing the input method configuration your changes will be reflected next time you start a X Window System session. Mail Server This section contains information related to the mail transport agents included with Red Hat Enterprise Linux. mailman Earlier mailman RPMs installed all files under the /var/mailman/ directory. Unfortunately, this did not conform to the Filesystem Hierarchy Standard (FHS) and also created security violations when SELinux was enabled. If you previously had mailman installed and had edited files in /var/mailman/ (such as mm_cfg.py) you must move those changes to their new location, as documented in the following file: /usr/share/doc/mailman-*/INSTALL.REDHAT sendmail o By default, the Sendmail mail transport agent (MTA) does not accept network connections from any host other than the local computer. If you want to configure Sendmail as a server for other clients, you must edit /etc/mail/sendmail.mc and change the DAEMON_OPTIONS line to also listen on network devices (or comment out this option entirely using the dnl comment delimiter). You must then regenerate /etc/mail/sendmail.cf by running the following command (as root): make -C /etc/mail Note that you must have the sendmail-cf package installed for this to work. Note Be aware that it is possible to inadvertently configure Sendmail to act as an open-relay SMTP server. For more information, refer to the Red Hat Enterprise Linux Reference Guide. MySQL Database MySQL, the multi-user and multi-threaded client/server database, has been updated from version 3.23.x (which shipped with Red Hat Enterprise Linux 3) to version 4.1.x. This new version of MySQL features improvements in speed, functionality, and usability, including: o subquery support o BTREE indexing for non-structured queries o Secure database replication over SSL connections o Unicode support via utf-8 and ucs-2 character sets Users should note that there may be compatibility issues when migrating applications or databases from version 3.23.x to 4.1.x of MySQL. A known issue is that the default timestamp format has changed. To address these various issues, the mysqlclient10 package is included to provide the 3.23.x client library (libmysqlclient.so.10) for binary compatibility with applications linked against this legacy library. Note While the mysqlclient10 package provides compatibility support with the MySQL 4.1.x server, it does not support the new password encryption method introduced in version 4.1. To enable compatibility with legacy MySQL 3.x-based clients, the old_passwords parameter is enabled by default in the /etc/my.cnf configuration file. If compatibility with old clients is not required, this parameter can be disabled to allow use of the improved password encryption method. mysql-server Under the default SELinux security configuration, this daemon is covered by the targeted policy. This increases security by specifically granting or denying access to system objects that that the daemon normally uses. However, because this has the potential to cause previously-working configurations to no longer function, you must understand how SELinux works in order to ensure that your configuration is both secure and functional. For more information about SELinux policy, refer to the Red Hat SELinux Policy Guide at [5]http://www.redhat.com/docs. Network Servers This section contains information related to various network-based servers. dhcp Under the default SELinux security configuration, this daemon is covered by the targeted policy. This increases security by specifically granting or denying access to system objects that that the daemon normally uses. However, because this has the potential to cause previously-working configurations to no longer function, you must understand how SELinux works in order to ensure that your configuration is both secure and functional. For more information about SELinux policy, refer to the Red Hat SELinux Policy Guide at [6]http://www.redhat.com/docs. Server Configuration Tools This section contains information related to various server configuration tools. system-config-lvm Red Hat Enterprise Linux 4 includes system-config-lvm, a graphical tool for configuring Logical Volume Manager (LVM). system-config-lvm allows users to create volume groups from physical disk drives and disk partitions on a local machine, creating flexible and extensible logical volumes that are treated as normal physical disk space by the system. system-config-lvm uses graphical representations of system disks and volumes, which assists users in visualizing storage use and providing an interface for addressing volume management tasks. For discussions about system-config-lvm and LVM in general, you can subscribe to the linux-lvm mailing list at the following URL: [7]https://www.redhat.com/mailman/listinfo/linux-lvm system-config-securitylevel The firewall constructed by the system-config-securitylevel configuration tool now allows CUPS and Multicast DNS (mDNS) browsing. Note that, at the present time, these services cannot be disabled by system-config-securitylevel. Web Server This section contains information related to software used as part of a Web server environment. httpd o Under the default SELinux security configuration, httpd is covered by the targeted policy. This increases security and Web server stability by specifically granting or denying httpd access to system objects. However, because this has the potential to cause previously-working configurations (such as those that use PHP) to no longer function, you must understand how SELinux works in order to ensure that your configuration is both secure and functional. For example, a Boolean can be set to give specific permission to httpd to read objects in ~/public_html/ as long as they are labeled with the security context httpd_sys_content_t. The Apache daemon cannot access objects (files, applications, devices, and other processes) that have a security context not specifically granted access by SELinux to httpd. By allowing Apache access to only what it needs to do its function, the system is protected from compromised or misconfigured httpd daemons. Because of the need for both standard Linux directory and file permissions as well as SELinux file context labels, adminstrators and users will need to know about relabeling files. Examples of relabeling include the following commands (one for recursively relabeling the contents of a directory, and one for relabeling a single file): chcon -R -h -t httpd_sys_content_t public_html chcon -t httpd_sys_content_t public_html/index.html A file or directory which is not labeled with a context on the list of Apache's allowable types will generate a 403 Forbidden error. You can configure Boolean values or selectively disable targeted policy coverage for just Apache (or any of the covered daemons) using system-config-securitylevel. Under the SELinux tab, within the Modify SELinux Policy area, you can modify the Boolean values for Apache. If you wish, you can select to Disable SELinux protection for httpd daemon, which disables the transition from unconfined_t (the default type that acts transparently like standard Linux security without SELinux) to the specific daemon type, i.e., httpd_t. Disabling this transition effectively turns off SELinux coverage for that daemon, returning it to standard Linux security only. For more information about Apache and SELinux policy, refer to the Red Hat SELinux Policy Guide at [8]http://www.redhat.com/docs. o By default, the httpd daemon is now started using the C locale, rather than using the configured system locale setting. This behavior can be changed by setting the HTTPD_LANG variable in the /etc/sysconfig/httpd file. php o The default /etc/php.ini configuration file has been changed to use the "production" defaults rather than "development" defaults; notable differences are: o display_errors is now Off o log_errors is now On o magic_quotes_gpc is now Off The package now uses the "apache2handler" SAPI for integration with Apache httpd 2.0 rather than the "apache2filter" SAPI. If upgrading from previous releases, the SetOutputFilter directives should be removed from the /etc/httpd/conf.d/php.conf file. o The following changes have been made to the packaging of PHP extension modules: o The gd, mbstring, and ncurses extensions have been moved to the php-gd, php-mbstring, and php-ncurses packages, respectively. Note that you will need to install these packages manually (if required) when upgrading from an earlier release. o The domxml, snmp, and xmlrpc extensions are now available in php-domxml, php-snmp, and php-xmlrpc packages, respectively. squid Under the default SELinux security configuration, this daemon is covered by the targeted policy. This increases security by specifically granting or denying access to system objects that that the daemon normally uses. However, because this has the potential to cause previously-working configurations to no longer function, you must understand how SELinux works in order to ensure that your configuration is both secure and functional. For more information about SELinux policy, refer to the Red Hat SELinux Policy Guide at [9]http://www.redhat.com/docs. X Window System This section contains information related to the X Window System implementation provided with Red Hat Enterprise Linux. xorg-x11 o Red Hat Enterprise Linux 4 includes the new xorg-x11-deprecated-libs package. This package contains X11-related libraries that are deprecated, and may be removed from future versions of Red Hat Enterprise Linux. By packaging deprecated libraries in this manner, binary compatibility with existing applications is maintained while allowing 3rd-party software providers time to transition their applications away from these libraries. Currently, this package contains the Xprint library (libXp). This library should not be used in new application development. Applications that currently use this library should begin migrating to the supported libgnomeprint/libgnomeprintui printing APIs. o There has been some confusion regarding font-related issues under the X Window System in recent versions of Red Hat Enterprise Linux (and versions of Red Hat Linux before it.) At the present time, there are two font subsystems, each with different characteristics: - The original (15+ year old) subsystem is referred to as the "core X font subsystem". Fonts rendered by this subsystem are not anti-aliased, are handled by the X server, and have names like: -misc-fixed-medium-r-normal--10-100-75-75-c-60-iso8859-1 The newer font subsystem is known as "fontconfig", and allows applications direct access to the font files. Fontconfig is often used along with the "Xft" library, which allows applications to render fontconfig fonts to the screen with antialiasing. Fontconfig uses more human-friendly names like: Luxi Sans-10 Over time, fontconfig/Xft will replace the core X font subsystem. At the present time, applications using the Qt 3 or GTK 2 toolkits (which would include KDE and GNOME applications) use the fontconfig and Xft font subsystem; most everything else uses the core X fonts. In the future, Red Hat Enterprise Linux may support only fontconfig/Xft in place of the XFS font server as the default local font access method. NOTE: An exception to the font subsystem usage outlined above is OpenOffice.org (which uses its own font rendering technology). If you wish to add new fonts to your Red Hat Enterprise Linux 4 system, you must be aware that the steps necessary depend on which font subsystem is to use the new fonts. For the core X font subsystem, you must: 1. Create the /usr/share/fonts/local/ directory (if it doesn't already exist): mkdir /usr/share/fonts/local/ 2. Copy the new font file into /usr/share/fonts/local/ 3. Update the font information by issuing the following commands (note that, due to formatting restrictions, the following commands may appear on more than one line; in use, each command should be entered on a single line): ttmkfdir -d /usr/share/fonts/local/ -o /usr/share/fonts/local/fonts.scale mkfontdir /usr/share/fonts/local/ 4. If you had to create /usr/share/fonts/local/, you must then add it to the X font server (xfs) path: chkfontpath --add /usr/share/fonts/local/ Adding new fonts to the fontconfig font subsystem is more straightforward; the new font file only needs to be copied into the /usr/share/fonts/ directory (individual users can modify their personal font configuration by copying the font file into the ~/.fonts/ directory). After the new font has been copied, use fc-cache to update the font information cache: fc-cache <directory> (Where <directory> would be either the /usr/share/fonts/ or ~/.fonts/ directories.) Individual users may also install fonts graphically, by browsing fonts:/// in Nautilus, and dragging the new font files there. NOTE: If the font filename ends with ".gz", it has been compressed with gzip, and must be decompressed (with the gunzip command) before the fontconfig font subsystem can use the font. o Due to the transition to the new font system based on fontconfig/Xft, GTK+ 1.2 applications are not affected by any changes made via the Font Preferences dialog. For these applications, a font can be configured by adding the following lines to the file ~/.gtkrc.mine: style "user-font" { fontset = "<font-specification>" } widget_class "*" style "user-font" (Where <font-specification> represents a font specification in the style used by traditional X applications, such as "-adobe-helvetica-medium-r-normal--*-120-*-*-*-*-*-*".) Miscellaneous Notes This section contains information related to packages that do not fit in any of the proceeding categories. compat-db C++ and TCL bindings are no longer contained in the compat-db package. Applications requiring these bindings must be ported to the currently-shipping DB library. lvm2 This section contains information related to the lvm2 package. o The full set of LVM2 commands is now installed in /usr/sbin/. In boot environments where /usr/ is not available, it is necessary to prefix each command with /sbin/lvm.static (/sbin/lvm.static vgchange -ay, for example). In environments where /usr/ is available, it is no longer necessary to prefix each command with lvm (/usr/sbin/lvm vgchange -ay becomes /usr/sbin/vgchange -ay, for example). o The new LVM2 commands (such as /usr/sbin/vgchange -ay and /sbin/lvm.static vgchange -ay) detect if you are running a 2.4 kernel, and transparently invoke the old LVM1 commands if appropriate. The LVM1 commands have been renamed to end with ".lvm1" (for example, /sbin/vgchange.lvm1 -ay). Note LVM1 commands work only with 2.4 kernels. It is not possible to use LVM1 commands while running a 2.6 kernel. Refer to /usr/share/doc/lvm2*/WHATS_NEW for more information on LVM2. net-snmp Under the default SELinux security configuration, this daemon is covered by the targeted policy. This increases security by specifically granting or denying access to system objects that that the daemon normally uses. However, because this has the potential to cause previously-working configurations to no longer function, you must understand how SELinux works in order to ensure that your configuration is both secure and functional. For more information about SELinux policy, refer to the Red Hat SELinux Policy Guide at [10]http://www.redhat.com/docs. nscd o The nscd name service cache daemon may now maintain a persistent cache across restarts or system reboots. Each database (user, group, and host, respectively) can be made selected to be persistent by setting the appropriate line in /etc/nscd.conf to "yes". Entries are not removed from the cache until they are proven to be no longer of interest. All entries whose time-to-live expires but are otherwise interesting are automatically reloaded, which helps in situations where the directory and name services become temporarily unavailable. o Under the default SELinux security configuration, this daemon is covered by the targeted policy. This increases security by specifically granting or denying access to system objects that that the daemon normally uses. However, because this has the potential to cause previously-working configurations to no longer function, you must understand how SELinux works in order to ensure that your configuration is both secure and functional. For more information about SELinux policy, refer to the Red Hat SELinux Policy Guide at [11]http://www.redhat.com/docs. ntp Under the default SELinux security configuration, this daemon is covered by the targeted policy. This increases security by specifically granting or denying access to system objects that that the daemon normally uses. However, because this has the potential to cause previously-working configurations to no longer function, you must understand how SELinux works in order to ensure that your configuration is both secure and functional. For more information about SELinux policy, refer to the Red Hat SELinux Policy Guide at [12]http://www.redhat.com/docs. portmap Under the default SELinux security configuration, this daemon is covered by the targeted policy. This increases security by specifically granting or denying access to system objects that that the daemon normally uses. However, because this has the potential to cause previously-working configurations to no longer function, you must understand how SELinux works in order to ensure that your configuration is both secure and functional. For more information about SELinux policy, refer to the Red Hat SELinux Policy Guide at [13]http://www.redhat.com/docs. udev Red Hat Enterprise Linux 4 has switched from a static /dev/ directory to one that is dynamically managed via udev. This allows device nodes to be created on demand as drivers are loaded. For more information on udev, refer to the udev(8) man page. Additional rules for udev should be placed in a separate file in the /etc/udev/rules.d/ directory. Additional permission rules for udev should be placed in a separate file in the /etc/udev/permissions.d/ directory. Systems upgraded to Red Hat Enterprise Linux 4 using Anaconda will automatically be reconfigured to use udev. However (although NOT recommended) it is possible to perform a "live" upgrade to udev using the following steps: 1. Ensure that you are running a 2.6 kernel 2. Ensure that /sys/ is mounted 3. Install the initscripts RPM supplied with Red Hat Enterprise Linux 4 4. Install the new udev RPM supplied with Red Hat Enterprise Linux 4 5. Execute /sbin/start_udev 6. Install the new mkinitrd RPM supplied with Red Hat Enterprise Linux 4 7. Perform one of the following steps: · Install the new kernel RPM supplied with Red Hat Enterprise Linux 4 OR: · Re-run mkinitrd for your existing kernel(s) Warning Improperly performing these steps can result in a system configuration that will not boot properly. Packages Added/Removed/Deprecated This section contains lists of packages that fit into the following categories: o Packages that have been added to Red Hat Enterprise Linux 4 o Packages that have been removed from Red Hat Enterprise Linux 4 o Packages that have been deprecated, and may be removed from a future release of Red Hat Enterprise Linux Packages Added The following packages have been added to Red Hat Enterprise Linux 4: o Canna-devel o Canna-libs (i386) o FreeWnn-devel o FreeWnn-libs (i386) o GConf2 (i386) o HelixPlayer o ImageMagick (i386) o ImageMagick-c++ (i386) o ImageMagick-c++ (x86_64) o ImageMagick-c++-devel o ImageMagick-devel o ImageMagick-perl o NetworkManager o NetworkManager-gnome o ORBit2 (i386) o Omni (i386) o PyQt o PyQt-devel o PyQt-examples o Pyrex o SDL (i386) o VFlib2 (i386) o VFlib2-VFjfm o VFlib2-conf-ja o VFlib2-devel o Xaw3d (i386) o Xaw3d-devel o alchemist (i386) o alchemist-devel o alsa-lib (i386) o alsa-lib (x86_64) o alsa-lib-devel o alsa-utils o amanda-devel o anaconda-product (noarch) o anacron o apel o apr (i386) o apr (x86_64) o apr-devel o apr-util o apr-util-devel o arpwatch o arts (i386) o aspell (i386) o aspell-ca o aspell-cs o aspell-cy o aspell-el o aspell-en o aspell-pl o at-spi (i386) o audiofile (i386) o audit o authd o automake16 o automake17 o beecrypt (i386) o beecrypt-devel o beecrypt-python o bind-chroot o bind-devel o bind-libs (i386) o bind-libs (x86_64) o bitstream-vera-fonts o blas (i386) o bluez-bluefw o bluez-hcidump o bluez-libs (i386) o bluez-libs (x86_64) o bluez-libs-devel o bluez-pin o bluez-utils o bluez-utils-cups o bogl (i386) o bogl-devel o boost (i386) o boost (x86_64) o boost-devel o bootparamd o bridge-utils-devel o busybox o bzip2-libs (i386) o cadaver o cdda2wav o cdparanoia-devel o cdparanoia-libs (i386) o cdrecord-devel o checkpolicy o compat-db (i386) o compat-gcc-32 o compat-gcc-32-c++ o compat-libgcc-296 o compat-libstdc++-296 o compat-libstdc++-33 (i386) o compat-libstdc++-33 (x86_64) o compat-openldap (i386) o compat-openldap (x86_64) o comps (x86_64) o crash o cryptsetup o cscope o curl (i386) o cyrus-imapd o cyrus-imapd-devel o cyrus-imapd-murder o cyrus-imapd-nntp o cyrus-imapd-utils o cyrus-sasl-gssapi (i386) o cyrus-sasl-md5 (i386) o cyrus-sasl-ntlm (i386) o cyrus-sasl-ntlm (x86_64) o cyrus-sasl-plain (i386) o cyrus-sasl-sql (i386) o cyrus-sasl-sql (x86_64) o dasher o db4-java o db4-tcl o dbus (i386) o dbus (x86_64) o dbus-devel o dbus-glib (i386) o dbus-glib (x86_64) o dbus-python o dbus-x11 o devhelp o devhelp-devel o device-mapper (i386) o device-mapper (x86_64) o dhcp-devel o dhcpv6 o dhcpv6_client o dia o distcache (i386) o dmalloc o dmraid o docbook-simple o docbook-slides o dovecot o doxygen-doxywizard o e2fsprogs (i386) o eel2 (i386) o elfutils (i386) o elfutils-libelf (i386) o elfutils-libelf-devel o emacs-common o emacs-nox o esound (i386) o evolution-connector o evolution-data-server (i386) o evolution-data-server (x86_64) o evolution-data-server-devel o evolution-devel o evolution-webcal o exim o exim-doc o exim-mon o exim-sa o expect-devel o expectk o finger-server o firefox o flac (i386) o flac (x86_64) o flac-devel o fonts-arabic o fonts-bengali o fonts-xorg-100dpi o fonts-xorg-75dpi o fonts-xorg-ISO8859-14-100dpi o fonts-xorg-ISO8859-14-75dpi o fonts-xorg-ISO8859-15-100dpi o fonts-xorg-ISO8859-15-75dpi o fonts-xorg-ISO8859-2-100dpi o fonts-xorg-ISO8859-2-75dpi o fonts-xorg-ISO8859-9-100dpi o fonts-xorg-ISO8859-9-75dpi o fonts-xorg-base o fonts-xorg-cyrillic o fonts-xorg-syriac o fonts-xorg-truetype o freeglut (i386) o freeglut (x86_64) o freeglut-devel o freeradius-mysql o freeradius-postgresql o freeradius-unixODBC o freetype-demos o freetype-utils o fribidi (i386) o fribidi (x86_64) o fribidi-devel o fsh o gail (i386) o gamin (i386) o gamin (x86_64) o gamin-devel o gd (i386) o gd-progs o gda-mysql o gda-odbc o gda-postgres o gdk-pixbuf (i386) o gedit-devel o gettext-devel o ghostscript (i386) o ghostscript-devel o ghostscript-gtk o gimp-devel o gimp-gap o gimp-help o gimp-print (i386) o gimp-print-devel o gmp (i386) o gnome-audio-extra o gnome-desktop (i386) o gnome-kerberos o gnome-keyring (i386) o gnome-keyring (x86_64) o gnome-keyring-devel o gnome-keyring-manager o gnome-mag (i386) o gnome-mag (x86_64) o gnome-mag-devel o gnome-netstatus o gnome-nettool o gnome-panel (i386) o gnome-panel-devel o gnome-pilot-conduits o gnome-pilot-devel o gnome-python2-applet o gnome-python2-gconf o gnome-python2-gnomeprint o gnome-python2-gnomevfs o gnome-python2-nautilus o gnome-speech (i386) o gnome-speech (x86_64) o gnome-speech-devel o gnome-spell (i386) o gnome-vfs2 (i386) o gnome-vfs2-smb o gnome-volume-manager o gnopernicus o gnumeric o gnumeric-devel o gnuplot-emacs o gnutls (i386) o gnutls (x86_64) o gnutls-devel o gok o gok-devel o gpdf o gphoto2 (i386) o gphoto2-devel o groff-gxditview o groff-perl o gsl (i386) o gsl (x86_64) o gsl-devel o gstreamer (i386) o gstreamer-devel o gstreamer-plugins-devel o gthumb o gtk+ (i386) o gtk-engines (i386) o gtk2-engines (i386) o gtkhtml2 (i386) o gtkhtml3 (i386) o gtkhtml3-devel o gtksourceview (i386) o gtksourceview (x86_64) o gtksourceview-devel o gtkspell (i386) o gtkspell (x86_64) o gtkspell-devel o guile (i386) o guile-devel o hal (i386) o hal (x86_64) o hal-cups-utils o hal-devel o hal-gnome o hesiod (i386) o hicolor-icon-theme o hpoj-devel o htdig-web o httpd-manual o httpd-suexec o icon-slicer o iiimf-csconv o iiimf-docs o iiimf-emacs o iiimf-gnome-im-switcher o iiimf-gtk o iiimf-le-canna o iiimf-le-chinput o iiimf-le-hangul o iiimf-le-sun-thai o iiimf-le-unit o iiimf-le-xcin o iiimf-libs o iiimf-libs-devel o iiimf-server o iiimf-x o imlib (i386) o inn-devel o iptables-devel o iptraf o iptstate o irb o isdn4k-utils-devel o isdn4k-utils-vboxgetty o joe o jpackage-utils o k3b o kdbg o kde-i18n-Bengali o kde-i18n-Bulgarian o kde-i18n-Hindi o kde-i18n-Punjabi o kde-i18n-Tamil o kdeaddons-atlantikdesigner o kdeaddons-xmms o kdeadmin o kdeartwork-icons o kdebase (i386) o kdegames-devel o kdelibs (i386) o kdemultimedia (i386) o kdemultimedia-devel o kdenetwork-nowlistening o kernel-devel o kernel-doc o kernel-smp-devel o kinput2 o krb5-auth-dialog o lapack (i386) o libIDL (i386) o libaio (i386) o libao (i386) o libart_lgpl (i386) o libavc1394 (i386) o libavc1394 (x86_64) o libavc1394-devel o libbonobo (i386) o libbonoboui (i386) o libc-client (i386) o libc-client (x86_64) o libc-client-devel o libcap (i386) o libcroco (i386) o libcroco (x86_64) o libcroco-devel o libdbi (i386) o libdbi-dbd-pgsql o libdbi-devel o libdv (i386) o libdv (x86_64) o libdv-devel o libdv-tools o libexif (i386) o libexif (x86_64) o libexif-devel o libf2c (i386) o libgail-gnome (i386) o libgal2 (i386) o libgal2-devel o libgcrypt (i386) o libgcrypt (x86_64) o libgcrypt-devel o libgda o libgda-devel o libghttp-devel o libglade2 (i386) o libgnat o libgnome (i386) o libgnomecanvas (i386) o libgnomecups (i386) o libgnomecups (x86_64) o libgnomecups-devel o libgnomedb o libgnomedb-devel o libgnomeprint22 (i386) o libgnomeprintui22 (i386) o libgnomeui (i386) o libgpg-error (i386) o libgpg-error (x86_64) o libgpg-error-devel o libgsf (i386) o libgsf-devel o libgtop2 (i386) o libgtop2-devel o libidn (i386) o libidn (x86_64) o libidn-devel o libieee1284 (i386) o libieee1284 (x86_64) o libieee1284-devel o libmng (i386) o libmng-static o libmusicbrainz (i386) o libmusicbrainz (x86_64) o libmusicbrainz-devel o libogg (i386) o libpcap (i386) o libpng10 (i386) o libpng10-devel o libraw1394 (i386) o libraw1394-devel o librsvg2 (i386) o libsane-hpoj o libselinux (i386) o libselinux (x86_64) o libselinux-devel o libsepol (i386) o libsepol (x86_64) o libsepol-devel o libsilc o libsilc-devel o libsilc-doc o libsoup (i386) o libsoup-devel o libtabe (i386) o libtabe-devel o libtheora (i386) o libtheora (x86_64) o libtheora-devel o libtool-libs (i386) o libungif (i386) o libungif-progs o libusb (i386) o libuser (i386) o libvorbis (i386) o libwmf (i386) o libwmf (x86_64) o libwmf-devel o libwnck (i386) o libwnck-devel o libwvstreams (i386) o libwvstreams-devel o libxklavier (i386) o libxklavier (x86_64) o libxklavier-devel o libxml2 (i386) o libxslt (i386) o libxslt-python o linuxwacom o linuxwacom-devel o lm_sensors (i386) o lm_sensors (x86_64) o lm_sensors-devel o lockdev (i386) o lrzsz o ltrace o lvm2 o lynx o mailman o mc o memtest86+ o mgetty-sendfax o mgetty-viewfax o mgetty-voice o mikmod (i386) o mikmod-devel o mod_auth_kerb o mod_dav_svn o mod_perl-devel o module-init-tools o mozilla-devel o mozilla-nspr-devel o mozilla-nss (i386) o mozilla-nss-devel o mtr-gtk o mtx o mysql (i386) o mysql-server o nabi o nasm o nasm-doc o nasm-rdoff o nautilus-cd-burner-devel o neon (i386) o neon (x86_64) o neon-devel o net-snmp-libs (i386) o net-snmp-libs (x86_64) o net-snmp-perl o netpbm (i386) o newt (i386) o nmap-frontend o nss_db (i386) o nss_db (x86_64) o numactl o octave (i386) o octave-devel o openh323 (i386) o openh323-devel o openjade (i386) o openjade-devel o openldap-servers-sql o openmotif (i386) o openoffice.org o openoffice.org-i18n o openoffice.org-libs o openssl-perl o openssl096b (i386) o pam_ccreds (i386) o pam_ccreds (x86_64) o pam_passwdqc (i386) o pam_passwdqc (x86_64) o pam_smb (i386) o parted-devel o pcmcia-cs o pcre (i386) o perl (i386) o perl-Bit-Vector o perl-Convert-ASN1 o perl-Crypt-SSLeay o perl-Cyrus o perl-Date-Calc o perl-LDAP o perl-Net-DNS o perl-XML-LibXML o perl-XML-LibXML-Common o perl-XML-NamespaceSupport o perl-XML-SAX o perl-suidperl o php-devel o php-domxml o php-gd o php-mbstring o php-ncurses o php-pear o php-snmp o php-xmlrpc o pilot-link (i386) o planner o pmake o policycoreutils o postfix-pflogsumm o postgresql o postgresql-contrib o postgresql-devel o postgresql-docs o postgresql-jdbc o postgresql-libs (i386) o postgresql-libs (x86_64) o postgresql-pl o postgresql-python o postgresql-server o postgresql-tcl o postgresql-test o pump-devel o pvm-gui o pwlib (i386) o pwlib-devel o pyorbit-devel o pyparted o python-docs o python-ldap o python-tools o qt (i386) o qt-ODBC o qt-PostgreSQL o qt-config o quagga-contrib o quagga-devel o readline (i386) o redhat-artwork (i386) o redhat-release (x86_64) o rhgb o rhythmbox o rpm-libs o ruby-docs o ruby-libs (i386) o ruby-tcltk o samba-common (i386) o samba-swat o sane-backends (i386) o scrollkeeper (i386) o selinux-doc o selinux-policy-targeted o selinux-policy-targeted-sources o sendmail-devel o sendmail-doc o setools o setools-gui o sg3_utils o shared-mime-info o skkdic o slang (i386) o sound-juicer o sox-devel o speex (i386) o speex (x86_64) o speex-devel o startup-notification (i386) o statserial o subversion o subversion-devel o subversion-perl o switchdesk o switchdesk-gui o synaptics o sysfsutils o sysfsutils-devel o system-config-boot o system-config-date o system-config-display o system-config-httpd o system-config-keyboard o system-config-kickstart o system-config-language o system-config-lvm o system-config-mouse o system-config-netboot o system-config-network o system-config-network-tui o system-config-nfs o system-config-packages o system-config-printer o system-config-printer-gui o system-config-rootpassword o system-config-samba o system-config-securitylevel o system-config-securitylevel-tui o system-config-services o system-config-soundcard o system-config-users o system-logviewer o system-switch-im o system-switch-mail o system-switch-mail-gnome o talk-server o tcl-devel o tcl-html o tclx-devel o tclx-doc o tcp_wrappers (i386) o tetex-doc o theora-tools o thunderbird o tix-devel o tix-doc o tk-devel o tn5250-devel o ttfonts-bn o ttfonts-gu o ttfonts-hi o ttfonts-pa o ttfonts-ta o udev o unixODBC (i386) o unixODBC-devel o unixODBC-kde (i386) o utempter (i386) o valgrind o valgrind-callgrind o vim-X11 o vino o vte (i386) o w3c-libwww (i386) o w3c-libwww-apps o w3c-libwww-devel o xcdroast o xdelta-devel o xemacs-common o xemacs-nox o xemacs-sumo o xemacs-sumo-el o xemacs-sumo-info o xisdnload o xmlsec1 (i386) o xmlsec1 (x86_64) o xmlsec1-devel o xmlsec1-openssl (i386) o xmlsec1-openssl (x86_64) o xmlsec1-openssl-devel o xmms-devel o xmms-flac o xmms-skins o xojpanel o xorg-x11 o xorg-x11-Mesa-libGL (i386) o xorg-x11-Mesa-libGL (x86_64) o xorg-x11-Mesa-libGLU (i386) o xorg-x11-Mesa-libGLU (x86_64) o xorg-x11-Xdmx o xorg-x11-Xnest o xorg-x11-Xvfb o xorg-x11-deprecated-libs (i386) o xorg-x11-deprecated-libs (x86_64) o xorg-x11-deprecated-libs-devel o xorg-x11-devel (i386) o xorg-x11-devel (x86_64) o xorg-x11-doc o xorg-x11-font-utils o xorg-x11-libs (i386) o xorg-x11-libs (x86_64) o xorg-x11-sdk o xorg-x11-tools o xorg-x11-twm o xorg-x11-xauth o xorg-x11-xdm o xorg-x11-xfs o xrestop o zisofs-tools o zsh-html Packages Removed The following packages have been removed from Red Hat Enterprise Linux 4: o FreeWnn-common o Wnn6-SDK o Wnn6-SDK-devel o XFree86 o XFree86-100dpi-fonts o XFree86-75dpi-fonts o XFree86-ISO8859-14-100dpi-fonts o XFree86-ISO8859-14-75dpi-fonts o XFree86-ISO8859-15-100dpi-fonts o XFree86-ISO8859-15-75dpi-fonts o XFree86-ISO8859-2-100dpi-fonts o XFree86-ISO8859-2-75dpi-fonts o XFree86-ISO8859-9-100dpi-fonts o XFree86-ISO8859-9-75dpi-fonts o XFree86-Mesa-libGL (i386) o XFree86-Mesa-libGL (x86_64) o XFree86-Mesa-libGLU o XFree86-Xnest o XFree86-Xvfb o XFree86-base-fonts o XFree86-cyrillic-fonts o XFree86-devel (i386) o XFree86-devel (x86_64) o XFree86-doc o XFree86-font-utils o XFree86-libs (i386) o XFree86-libs (x86_64) o XFree86-libs-data o XFree86-syriac-fonts o XFree86-tools o XFree86-truetype-fonts o XFree86-twm o XFree86-xauth o XFree86-xdm o XFree86-xfs o ami o anaconda-images o ant o ant-libs o aspell-en-ca o aspell-en-gb o aspell-pt_BR o bcel o bonobo-activation o bonobo-activation-devel o cipe o commons-beanutils o commons-collections o commons-digester o commons-logging o commons-modeler o compat-gcc o compat-gcc-c++ o compat-libstdc++ o compat-libstdc++-devel o compat-pwdb o compat-slang o crash o cup o dev o devlabel o dietlibc o dvdrecord o fam o fam-devel o fontilus o gcc-c++-ssa o gcc-g77-ssa o gcc-gnat o gcc-java-ssa o gcc-objc-ssa o gcc-ssa o gdk-pixbuf-gnome o gnome-libs o gnome-libs-devel o gnome-vfs2-extras o gtkam o gtkam-gimp o im-sdk o imap o itcl o jakarta-regexp o jfsutils o kde-i18n-Afrikaans o kde-i18n-Korean o kdoc o kernel-smp-unsupported o kernel-source o kernel-unsupported o kinput2-canna-wnn6 o libgcc-ssa o libgcj-ssa o libgcj-ssa-devel o libgnat o libmrproject o libmudflap o libmudflap-devel o libole2 o libole2-devel o libstdc++-ssa o libstdc++-ssa-devel o linc o linc-devel o losetup o lvm o magicdev o modutils o modutils-devel o mount o mozilla-psm o mrproject o mx4j o openoffice o openoffice-i18n o openoffice-libs o perl-CGI o perl-CPAN o perl-DB_File o perl-Net-DNS o printman o pspell o pspell-devel o python-optik o raidtools o rarpd o redhat-config-bind o redhat-config-date o redhat-config-httpd o redhat-config-keyboard o redhat-config-kickstart o redhat-config-language o redhat-config-mouse o redhat-config-netboot o redhat-config-network o redhat-config-network-tui o redhat-config-nfs o redhat-config-packages o redhat-config-printer o redhat-config-printer-gui o redhat-config-proc o redhat-config-rootpassword o redhat-config-samba o redhat-config-securitylevel o redhat-config-securitylevel-tui o redhat-config-services o redhat-config-soundcard o redhat-config-users o redhat-config-xfree86 o redhat-java-rpm-scripts o redhat-logviewer o redhat-switch-mail o redhat-switch-mail-gnome o rh-postgresql o rh-postgresql-contrib o rh-postgresql-devel o rh-postgresql-docs o rh-postgresql-jdbc o rh-postgresql-libs o rh-postgresql-python o rh-postgresql-tcl o samba (i386) o shapecfg o switchdesk o switchdesk-gnome o switchdesk-kde o xalan-j o xerces-j Packages Deprecated Red Hat seeks to preserve functionality across major releases, but reserves the right to change the specific implementation and packaging of components between major releases. The following packages are included in Red Hat Enterprise Linux 4, but may be removed from future releases. Developers and users are advised to migrate away from these packages. o 4Suite — Only used by system-config-* tools o FreeWnn — IIIMF is the recommended input method o FreeWnn-devel — IIIMF is the recommended input method o FreeWnn-libs — IIIMF is the recommended input method o alchemist — Only used by system-config-* tools o alchemist-devel — Only used by system-config-* tools o aumix — Redundant with other volume control tools o autoconf213 — Backwards compatibility dev tool o automake14 — Backwards compatibility dev tool o automake15 — Backwards compatibility dev tool o automake16 — Backwards compatibility dev tool o automake17 — Backwards compatibility dev tool o compat-db — Backwards compatibility library o compat-gcc-32 — Backwards compatibility library/tool o compat-gcc-32-c++ — Backwards compatibility library/tool o compat-glibc — Backwards compatibility library/tool o compat-libgcc-296 — Backwards compatibility library/tool o compat-libstdc++-296 — Backwards compatibility library/tool o compat-libstdc++-33 — Backwards compatibility library/tool o compat-openldap — Backwards compatibility library/tool o dbskkd-cdb — IIIMF is the recommended input method o dev86 — Required only for lilo o dietlibc — Only supported for installer use o eog — Integrated support in Nautilus o gftp — Integrated FTP in Firefox and Nautilus o gnome-libs — Replaced by libgnome o imlib — Replaced by gdk-pixbuf o imlib-devel — Replaced by gdk-pixbuf o kinput2 — IIIMF is the recommended input method o libghttp — Deprecated library o libghttp-devel — Deprecated library o mikmod — Deprecated sound format o mikmod-devel — Deprecated sound format o miniChinput — IIIMF is the recommended input method o mozilla — Replaced by Firefox/Thunderbird/Evolution o mozilla-chat — Replaced by Firefox/Thunderbird/Evolution o mozilla-devel — Replaced by Firefox/Thunderbird/Evolution o mozilla-dom-inspector — Replaced by Firefox/Thunderbird/Evolution o mozilla-js-debugger — Replaced by Firefox/Thunderbird/Evolution o mozilla-mail — Replaced by Firefox/Thunderbird/Evolution o mozilla-nspr — Replaced by Firefox/Thunderbird/Evolution o mozilla-nspr-devel — Replaced by Firefox/Thunderbird/Evolution o mozilla-nss — Replaced by Firefox/Thunderbird/Evolution o mozilla-nss-devel — Replaced by Firefox/Thunderbird/Evolution o nabi — IIIMF is the recommended input method o newt-perl — Only required by crypto-utils o openmotif21 — Backwards compatibility library o openssl096b — Backwards compatibility library o skkdic — IIIMF is the recommended input method o skkinput — IIIMF is the recommended input method o xcin — IIIMF is the recommended input method o xmms — Replaced by rhythmbox, Helix Player o xmms-devel — Replaced by rhythmbox, Helix Player o xmms-flac — Replaced by rhythmbox, Helix Player o xmms-skins — Replaced by rhythmbox, Helix Player ( x86-64 ) References Visible links 1. http://www.redhat.com/docs/ 2. http://www.redhat.com/docs 3. http://www.redhat.com/docs 4. http://www.gimp.org/downloads/ 5. http://www.redhat.com/docs 6. http://www.redhat.com/docs 7. https://www.redhat.com/mailman/listinfo/linux-lvm/ 8. http://www.redhat.com/docs 9. http://www.redhat.com/docs 10. http://www.redhat.com/docs 11. http://www.redhat.com/docs 12. http://www.redhat.com/docs 13. http://www.redhat.com/docs