A security flaw in the way lftp quoted scripts generated by mirror --script (which could cause unauthorized privilege escalation) is now fixed.

Using lftp with the option -c no longer causes lftp to hang.

lftp no longer corrupts files during a transfer when using sftp.

SystemTap now supports symbolic probing on x86, x86-64 and PowerPC architectures. This enables SystemTap scripts to place probes into user-space applications and shared libraries. As a result, SystemTap can now provide the same level of debugger probing on some user-space applications as kernel probing.

For example, if coreutils-debuginfo is installed, you can print a callgraph of the ls command using /usr/share/doc/systemtap-version/examples/general/callgraph.stp, as in:

stap para-callgraph.stp 'process("ls").function("*")' -c 'ls -l'

SystemTap's support for symbolic probes also extends to markers placed into the kernel of this release. To use these markers, load the kernel-trace kernel module in /etc/rc.local (using modprobe kernel-trace).

SystemTap also supports remote compilation services. This enables a single computer on the network to act as a debuginfo/compiler server for local SystemTap clients. The clients auto-locate the server using mDNS (avahi), and only need the systemtap-client and systemtap-runtime packages to work.

At present, this feature does not use security mechanisms like encryption. As such, it is advisable to use remote compilation services only within trusted networks. For more information, refer to man stap-server.

The kernel update for this release includes a kernel API extension that significantly improves shutdown of SystemTap scripts. This added kernel API extension eliminates unnecessary synchronization between individual probe removal operations. As a result, SystemTap scripts that have hundreds of kernel probes are processed much faster.

This is especially useful for administrators that use scripts with probes containing wildcards that capture numerous kernel events, such as probe syscall.* {}.

cman now uses the following firmware versions: APC AOS v3.5.7 and APC rpdu v3.5.6. This fixes a bug that prevented the APC 7901 from using simple network management protocol (SNMP) properly.

fence_drac, fence_ilo, fence_egenera, and fence_bladecenter agents now support ssh.

fence_xvmd key files can now be reloaded without restarting.

A single fence method can now support up to 8 fence devices.

rpm no longer generates unnecessary .rpmnew and .rpmsave files on multi-arch systems.

A bug in the rpmgiNext() function of rpm prevented proper error reporting. This update applies the proper semantics for error reporting, thereby ensuring that rpm returns the correct exit code in all instances.

dontLogTCPWrappersConnects — suppresses logging of connection attempts.

v1trapaddress — enables administrators to set an agent's IP address inside outgoing SNMP traps.

The snmpd daemon now functions properly on systems with more than 255 network interfaces. In addition, snmpd also reports an error now when it is configured to listen on any port higher than 65535.

A race condition that caused the snmpd daemon to leak file descriptors when reading from /proc is now fixed.

The snmpd daemon now correctly reports hrProcessorLoad object IDs (OID), even on multi-CPU hardware. Note, however, that it takes approximately one minute from daemon startup to calculate the value of the OID.

The net-snmp-devel package is now dependent on the lm_sensors-devel package.

By default, zlib compression is used for SSL and TLS connections. On IBM System z architectures with Central Processor Assist for Cryptographic Function (CPACF), compression became the main part of the CPU load, and total performance was determined by the speed of the compression (not the speed of the encryption). When compression is disabled, the total performance is much higher. In these updated packages, zlib compression for SSL and TLS connections can be disabled with the OPENSSL_NO_DEFAULT_ZLIB environment variable. For TLS connections over a slow network, it is better to leave compression on, so that the amount of data to be transferred is lower.

When using the openssl command with the s_client and s_server options, the default CA certificates file (/etc/pki/tls/certs/ca-bundle.crt), was not read. This resulted in certificates failing verification. In order for certificates to pass verification, the -CAfile /etc/pki/tls/certs/ca-bundle.crt option had to be used. In these updated packages, the default CA certificates file is read, and no longer needs to be specified with the -CAfile option.

Any yum commands would fail if the -c option was used to specify a configuration file residing on a web address (http). This bug is now fixed.

A checkSignal() function in yum called an incorrect exit function; as such, exiting yum would result in a traceback instead. With this release, yum now exits properly.

Improved stability on the Linux platform by fixing a race condition issue in sound output.

New support for custom filters and effects, native 3D transformation and animation, advanced audio processing, a new, more flexible text engine, and GPU hardware acceleration.

The squid init script always incorrectly returned an exit code of 0. This bug is now fixed, making squid compliant now with Linux Standard Base.

Using the refresh_stale_hit directive causes error message Clock going backwards to appear in the squid log file.

The squid installation process did not set up correct ownership of the /usr/local/squid directory. With this release, the user squid is now the default owner of /usr/local/squid.

Whenever squid attempts to use the function hash_lookup(), it could abort with signal 6.

Using squid_unix_group could cause squid to crash.