Manualshelf

Installation guide

ManualsBrandsRed Hat ManualsOtherAPPLICATION STACK 1.2 RELEASE
11121314151617181920
Release Notes
18
qlvnictools
qperf
rds-tools (future)
srptools
tvflash
Net-SNMP Re-Base
Net-SNMP has been re-based to upstream version 5.3.2.2. This update adds Stream Control
Transmission Protocol (SCTP) support (as per RFC 3873, http://www.ietf.org/rfc/rfc3873.txt) and
introduces two new configuration options (to be used in /etc/snmpd.conf):
dontLogTCPWrappersConnects — suppresses logging of connection attempts.
v1trapaddress — enables administrators to set an agent's IP address inside outgoing SNMP
traps.
This update also features several bug fixes from upstream, including:
The snmpd daemon now functions properly on systems with more than 255 network interfaces.
In addition, snmpd also reports an error now when it is configured to listen on any port higher
than 65535.
A race condition that caused the snmpd daemon to leak file descriptors when reading from /
proc is now fixed.
The snmpd daemon now correctly reports hrProcessorLoad object IDs (OID), even on multi-
CPU hardware. Note, however, that it takes approximately one minute from daemon startup to
calculate the value of the OID.
The net-snmp-devel package is now dependent on the lm_sensors-devel package.
OpenSSL Re-Base for FIPS Certification
The openssl packages upgrade the OpenSSL library to a newer upstream version, which
is currently undergoing the Federal Information Processing Standards validation process
(FIPS-140-2). The FIPS mode is disabled by default, to ensure that the OpenSSL library maintains
feature parity and ABI compatibility with the previous releases of the openssl packages in Red
Hat Enterprise Linux 5.
This update also applies the following upstream fixes:
By default, zlib compression is used for SSL and TLS connections. On IBM System z
architectures with Central Processor Assist for Cryptographic Function (CPACF), compression
became the main part of the CPU load, and total performance was determined by the speed
of the compression (not the speed of the encryption). When compression is disabled, the total
performance is much higher. In these updated packages, zlib compression for SSL and TLS
connections can be disabled with the OPENSSL_NO_DEFAULT_ZLIB environment variable. For
TLS connections over a slow network, it is better to leave compression on, so that the amount of
data to be transferred is lower.
When using the openssl command with the s_client and s_server options, the default
CA certificates file (/etc/pki/tls/certs/ca-bundle.crt), was not read. This resulted in