The following topics related to Red Hat Enterprise Linux 4 are covered in this document:
Introduction (this section)
Overview of this release
Installation-related notes
Package-specific notes
Packages added/removed/deprecated
The following list includes brief summaries of some of the more significant aspects of Red Hat Enterprise Linux 4:
Red Hat Enterprise Linux 4 includes an implementation of SELinux. SELinux represents a major shift in the way users, programs, and processes interact. By default, SELinux is installed and enabled in this release.
During the installation you have the option of disabling SELinux, setting it to log warning messages only, or to use its targeted policy, which confines the following daemons only:
dhcpd
httpd
mysqld
named
nscd
ntpd
portmap
postgres
snmpd
squid
syslogd
The targeted policy is active by default.
Red Hat Enterprise Linux 4 support for SELinux uses Extended Attributes on ext2/ext3 file systems. This means that, when a file is written to a default-mounted ext2/ext3 file system, an extended attribute will also be written.
This will cause problems on systems that dual boot between Red Hat Enterprise Linux 4 and Red Hat Enterprise Linux 2.1. The Red Hat Enterprise Linux 2.1 kernels do not support extended attributes, and can crash when encountering them.
For more information about SELinux, refer to the Red Hat SELinux Policy Guide, available online at:
The mount command has been changed to do the following on NFS mounts:
· TCP is now the default transport on NFS mounts. This means that a mount command that does not explicitly specify UDP as the desired protocol (for example, mount foo:/bar /mnt) now uses TCP to communicate with the server, instead of UDP.
· Using the verbose (-v) option now causes RPC error messages to be written to standard output.
Red Hat Enterprise Linux 4 supports UTF-8 encoding by default for Chinese, Japanese, and Korean locales.
Red Hat Enterprise Linux 4 now uses IIIMF for input of Chinese, Japanese, and Korean by default.
Red Hat Enterprise Linux 4 supports 5 Indian (Indic) languages: Bengali, Gujarati, Hindi, Punjabi, and Tamil. In addition, the high-quality Lohit font family for the supported languages has been included.
Subversion 1.1 is now included in Red Hat Enterprise Linux; the Subversion version control system is designed to be a replacement for CVS and features truly atomic commits, versioning of files, directories and metadata, along with most current features of CVS.
Unlike earlier releases, Red Hat Enterprise Linux 4 kernel support for Intel® Extended Memory 64 Technology (hereafter referred to as "Intel® EM64T"), and AMD64 processors exist in a single "x86-64" kernel. There are no longer separate kernels for each processor type.
Red Hat Enterprise Linux 3 introduced the Native POSIX Thread Library (NPTL) — an implementation of POSIX threading support that greatly improved performance, scalability, semantic correctness, and standards compliance over the LinuxThreads implementation used previously.
While most threaded applications were not impacted by the introduction of NPTL, applications that relied on those semantics of LinuxThreads that were contrary to the POSIX specification would not operate correctly. As noted at the time of NPTL's introduction, Red Hat recommended that such applications be updated so that they complied with POSIX (and could therefore use NPTL.)
While support for LinuxThreads still exists for Red Hat Enterprise Linux 4, this statement serves as advance notice that Red Hat Enterprise Linux 5 will no longer include support for LinuxThreads. Therefore, applications that require LinuxThreads support must be updated before they will be able to work properly on a Red Hat Enterprise Linux 5 system.
Several workarounds exist that permit applications requiring the use of LinuxThreads to continue operation under Red Hat Enterprise Linux 3 and 4. These workarounds include:
Using the LD_ASSUME_KERNEL
environment
variable to select LinuxThreads instead of NPTL at
runtime
Using an explicit rpath to /lib/i686/
or /lib/
to select LinuxThreads instead of
NPTL at runtime
Statically linking the application to use LinuxThreads instead of NPTL (strongly discouraged)
In order to determine whether an application is using NPTL or LinuxThreads, add following two environment variables to the application's environment:
LD_DEBUG=libs
LD_DEBUG_OUTPUT=
<filename>
(Where
is the name to be given to each debug output log file. More than
one file can be generated if the program forks other processes; all
debug output log filenames include the PID of process generating the
file.)<filename>
Then start the application and use it as you normally would.
If no debug output log file was produced, the application is statically linked. The application will not be affected by the missing LinuxThreads DSO but, as with all statically linked applications, no guarantees for compatibility are given if the application dynamically loads any code (directly via dlopen() or indirectly via NSS.)
If one or more debug output log files were produced, review each
one for any references to libpthread — in
particular, a line also containing the string
"calling init
". The
grep utility can do this easily:
grep "calling init.*libpthread"
<filename>
.*
(Where
<filename>
refers to the name used in the LD_DEBUG_OUTPUT
environment variable.)
If the path preceding libpthread is
/lib/tls/
, the application is using NPTL, and
no further action needs to be taken. Any other path means that
LinuxThreads is being used, and the application must be updated and
rebuilt to support NPTL.
Red Hat Enterprise Linux 4 now includes support for Advanced Configuration and Power Interface (ACPI), a power management specification commonly supported by most newer hardware.
Due to differences in the order in which hardware is probed in system environments with and without ACPI support, the potential for device name changes exists. This means, for example, that a network interface card identified as eth1 under a prior version of Red Hat Enterprise Linux may now appear as eth0.
This section outlines those issues that are related to Anaconda (the Red Hat Enterprise Linux installation program) and installing Red Hat Enterprise Linux 4 in general.
If you are copying the contents of the Red Hat Enterprise Linux 4 CD-ROMs (in preparation for a network-based installation, for example) be sure you copy the CD-ROMs for the operating system only. Do not copy the Extras CD-ROM, or any of the layered product CD-ROMs, as this will overwrite files necessary for Anaconda's proper operation.
These CD-ROMs must be installed after Red Hat Enterprise Linux has been installed.
During the Red Hat Enterprise Linux 4 installation, it can be challenging to identify individual storage devices in system configurations that include multiple storage adapters. This is particulary true for systems containing Fibre Channel adapters, because in many instances it is desirable to install Red Hat Enterprise Linux on local storage.
The Red Hat Enterprise Linux 4 installation program addresses this issue by delaying the loading of the following modules until after all other SCSI devices have been loaded:
lpfc
qla2100
qla2200
qla2300
qla2322
qla6312
qla6322
This results in
any locally-attached SCSI device names starting with
/dev/sda
, /dev/sdb
, and so
on, with the FC-attached storage following.
The following sections contain information regarding packages that have undergone significant changes for Red Hat Enterprise Linux 4. For easier access, they are organized using the same groups used in Anaconda.
This section contains information related to basic system components.
Red Hat Enterprise Linux 4 contains OpenSSH 3.9, which includes strict
permission and ownership checks for the
~/.ssh/config
file. These checks mean that
ssh will exit if this file does not have
appropriate ownership and permissions.
Therefore, make sure that ~/.ssh/config
is
owned by the owner of ~/
, and that its
permissions are set to mode 600.
This section contains the most elemental components of Red Hat Enterprise Linux, including the kernel.
The ext2online
utility has been added for
online growing of existing ext3 file systems.
It is important to keep in mind that
ext2online
does not grow the underlying block
device itself — there must be sufficient unused space already
present on the device. The easiest way to ensure this is to use LVM
volumes and to run lvresize
or
lvextend
to extend the device.
In addition, file systems must be specially prepared in order to
be resized past a certain point. The preparation involves reserving a
small amount of space into which on-disk tables can grow. For
newly-created file systems, mke2fs
reserves such
space automatically; the space reserved is sufficient to grow the file
system by a factor of 1000. The creation of this reserved space can
be disabled by the following command:
mke2fs -O ^resize_inode
Future releases of Red Hat Enterprise Linux will allow the creation of this reserved space on existing file systems.
The version of glibc
provided with
Red Hat Enterprise Linux 4 performs additional internal sanity checks to
prevent and detect data corruption as early as possible. By
default, should corruption be detected, a message similar to the
following will be displayed on standard error (or logged via
syslog if stderr is not open):
*** glibc detected *** double free or
corruption: 0x0937d008 ***
By default, the program that generated this error will also be
killed; however, this (and whether or not an error message is
generated) can be controlled via the MALLOC_CHECK_
environment variable. The following settings are
supported:
0 — Do not generate an error message, and do not kill the program
1 — Generate an error message, but do not kill the program
2 — Do not generate an error message, but kill the program
3 — Generate an error message and kill the program
If MALLOC_CHECK_ is explicitly set a value other than 0,
this causes glibc
to perform more tests
that are more extensive than the default, and may impact
performance.
Should you have a program from a third party ISV that triggers these corruption checks and displays a message, you should file a defect report with the application's vendor, since this indicates a serious bug.
This section contains notes relating to the Red Hat Enterprise Linux 4 kernel.
Although Red Hat Enterprise Linux 4 includes support for rawio, it is now a deprecated interface. If your application performs device access using this interface, Red Hat encourages you to modify your application to open the block device with the O_DIRECT flag. The rawio interface will exist for the life of Red Hat Enterprise Linux 4, but is a candidate for removal from future releases.
Asynchronous I/O (AIO) on file systems is currently only supported in O_DIRECT, or non-buffered mode. Also note that the asynchronous poll interface is no longer present, and that AIO on pipes is no longer supported.
The sound subsystem is now based on ALSA; the OSS modules are no longer available.
System environments using the kernel's "hugepage"
functionality should be aware that the name of the
/proc/
entry controlling this feature changed
between Red Hat Enterprise Linux 3 and Red Hat Enterprise Linux 4:
Red Hat Enterprise Linux 3 used
/proc/sys/vm/hugetlb_pool
and specified
the desired size in megabytes
Red Hat Enterprise Linux 4 uses
/proc/sys/vm/nr_hugepages
and specifies
the size by the desired number of pages (refer to
/proc/meminfo
for the size of hugepages
on your system)
The initial release of Red Hat Enterprise Linux 4 does not support USB hard disk drives. However, other USB storage devices, such as flash media, CD-ROM and DVD-ROM devices are currently supported.
The kernel shipped with Red Hat Enterprise Linux 4 includes the new megaraid_mbox driver from LSI Logic, which replaces the megaraid driver. The megaraid_mbox driver has an improved design, is compatible with the 2.6 kernel, and includes support for the latest hardware. However, megaraid_mbox does not support some of the older hardware that was supported by the megaraid driver.
Adapters with the following PCI vendor ID and device ID pairs are not supported by the megaraid_mbox driver:
vendor, device
0x101E, 0x9010
0x101E, 0x9060
0x8086, 0x1960
The lspci -n command can be used to display the IDs for adapters installed in a particular machine. Products with these IDs are known by (but not limited to) the following model names:
Dell PERC (dual-channel fast/wide SCSI) RAID controller
Dell PERC2/SC (single-channel Ultra SCSI) RAID controller
Dell PERC2/DC (dual-channel Ultra SCSI) RAID controller
Dell CERC (four-channel ATA/100) RAID controller
MegaRAID 428
MegaRAID 466
MegaRAID Express 500
HP NetRAID 3Si and 1M
Both Dell and LSI Logic have indicated that they no longer support these models in the 2.6 kernel. As a result, these adapters are not supported in Red Hat Enterprise Linux 4.
The initial release of Red Hat Enterprise Linux 4 does not include iSCSI software initiator or target support. Support for iSCSI is being evaluated for addition in a future update to Red Hat Enterprise Linux 4.
The Emulex LightPulse Fibre Channel driver
(lpfc
) is currently undergoing public review
for possible inclusion in the Linux 2.6 kernel. It is included in
Red Hat Enterprise Linux 4 for testing purposes. Changes to the driver are
expected. If there are problems with the driver or, if for some
reason it is no longer on-track for inclusion in the Linux 2.6
kernel, the driver may be removed from the final Red Hat Enterprise Linux
release.
The lpfc
driver currently has the
following known issues:
The driver does not insulate the system from short-duration cable pulls, switch reboots, or device disappearances. Therefore, the system may prematurely determine that a device is non-existent and take it offline. In such cases, manual intervention will be required to reinstate the device with the system.
There is a known panic if Ctrl-C is pressed while the driver is being inserted with insmod.
There is a known panic if rmmod is executed while insmod is still executing.
New device insertion requires manual scanning in order for the SCSI subsystem to detect the new device.
In the past, the process of updating the kernel did not change the default kernel in the system's boot loader configuration.
Red Hat Enterprise Linux 4 changes this behavior to set newly-installed kernels as the default. This behavior applies to all installation methods (including rpm -i).
This behavior is controlled by two lines in the
/etc/sysconfig/kernel
file:
UPGRADEDEFAULT — Controls whether new kernels will be booted by default (default value: yes)
DEFAULTKERNEL — kernel RPMs whose names match this value will be booted by default (default value: depends on hardware configuration)
In order to eliminate the redundancy inherent in providing a
separate package for the kernel source code when that source code
already exists in the kernel's .src.rpm
file,
Red Hat Enterprise Linux 4 no longer includes the
kernel-source
package. Users that require
access to the kernel sources can find them in the
kernel
.src.rpm
file.
To create an exploded source tree from this file, perform the
following steps (note that
refers to the version specification for your currently-running
kernel):<version>
Obtain the
kernel-
file from one of the following sources:<version>
.src.rpm
The SRPMS
directory on the
appropriate "SRPMS" CD iso image
The FTP site where you got the kernel package
By running the following command:
up2date --get-source kernel
Install
kernel-
(given the default RPM configuration, the files this package
contains will be written to
<version>
.src.rpm/usr/src/redhat/
)
Change directory to
/usr/src/redhat/SPECS/
, and issue the
following command:
rpmbuild -bp
--target=<arch>
kernel.spec
(Where
<arch>
is
the desired target architecture.)
On a default RPM configuration, the kernel tree will be
located in /usr/src/redhat/BUILD/
.
In resulting tree, the configurations for the specific
kernels shipped in Red Hat Enterprise Linux 4 are in the
/configs/
directory. For example, the
i686 SMP configuration file is named
/configs/kernel-
.
Issue the following command to place the desired configuration
file in the proper place for building:<version>
-i686-smp.config
cp
<desired-file>
./.config
Issue the following command:
make oldconfig
You can then proceed as usual.
An exploded source tree is not required to build kernel modules against the currently in-use kernel.
For example, to build the foo.ko
module, create the following file (named
Makefile
) in the directory containing the
foo.c
file:
obj-m := foo.o
KDIR := /lib/modules/$(shell uname -r)/build
PWD := $(shell pwd)
default:
$(MAKE) -C $(KDIR) SUBDIRS=$(PWD) modules
Issue the make command to build the
foo.ko
module.
Under the default SELinux security configuration, this daemon is covered by the targeted policy. This increases security by specifically granting or denying access to system objects that that the daemon normally uses. However, because this has the potential to cause previously-working configurations to no longer function, you must understand how SELinux works in order to ensure that your configuration is both secure and functional.
For more information about SELinux policy, refer to the Red Hat SELinux Policy Guide at http://www.redhat.com/docs.
This section contains information related to the DNS name server.
Under the default SELinux security configuration, this daemon is covered by the targeted policy. This increases security by specifically granting or denying access to system objects that that the daemon normally uses. However, because this has the potential to cause previously-working configurations to no longer function, you must understand how SELinux works in order to ensure that your configuration is both secure and functional.
For more information about SELinux policy, refer to the Red Hat SELinux Policy Guide at http://www.redhat.com/docs.
This section includes packages that help you access the Internet, including graphical email, Web browser, and chat clients.
Red Hat Enterprise Linux 4 includes an updated version of the Evolution graphical email client. This version adds a number of new features, including:
Evolution now includes spam filters that can be trained to more accurately distinguish between spam and non-spam email. When you get spam, click on the
button. Check your Junk Mail folder periodically to see if anything is being filtered improperly. If you find an improperly-filtered email, mark it as ; in this way, the filter becomes more effective over time.The Evolution Connector makes it possible to connect to Microsoft Exchange 2000 and 2003 servers.
The user interface has been modified so that each operation (email, calendaring, tasks, and contacts) is treated separately, replacing the previous server-centric model.
Evolution now includes enhanced support for encryption and cryptographic signatures, including the use of S/MIME.
The directory used by Evolution to store its settings has
been hidden from end-users by renaming it from
~/evolution/
to
~/.evolution/
.
This section includes packages that help you manipulate and scan images.
The gimp-perl
package has been removed
from Red Hat Enterprise Linux 4 because GIMP was updated to 2.0 and the
Perl bindings were neither ready nor part of the main package
anymore.
Users of Perl scripts in GIMP should install the Gimp Perl module from http://www.gimp.org/downloads/.
This section includes information related to the support of various languages under Red Hat Enterprise Linux.
When upgrading a system from Red Hat Enterprise Linux 3 to Red Hat Enterprise Linux 4, system locale settings are preserved. Because Red Hat Enterprise Linux 4 supports Chinese, Japanese, and Korean in UTF-8 encoding by default, Red Hat recommends that you change to UTF-8 locale by editing the following file:
/etc/sysconfig/i18n
Modify the locale settings by making the following changes:
ja_JP.eucJP becomes ja_JP.UTF-8
ko_KR.eucKR becomes ko_KR.UTF-8
zh_CN.GB18030 becomes zh_CN.UTF-8
zh_TW.Big5 becomes zh_TW.UTF-8
Users with locale settings in ~/.i18n
should
also update to use UTF-8 encoding by default.
To convert a text file in native encoding (for example eucJP, eucKR, Big5, or GB18030) to UTF-8, you can use the iconv utility:
iconv -f <native encoding>
-t UTF-8 <filename>
-o <newfilename>
Refer to the iconv man page for more information.
The default Input Method (IM) for Chinese (Simplified and Traditional), Japanese, and Korean has been changed to IIIMF — the Internet/Intranet Input Method Framework. IIIMF is used by default for input of Indian languages also. IIIMF is supported natively through a GTK2 IM module, and also through XIM using the httx client. IIIMF supports the use of multiple Language Engines (LEs) at the same time; using the GNOME Input Method Language Engine Tool (GIMLET — an applet) it is possible to switch between LEs of different languages inside GTK2 applications.
IIIMF currently defaults to using Ctrl-Space or Shift-Space for toggling the input method on and off (Emacs users can use Ctrl-@ instead of Ctrl-Space to set the mark).
Depending on your choice of language support during installation, one or more IIIMF Language Engines may have been installed:
Indian languages —
iiimf-le-unit
Japanese — iiimf-le-canna
Korean — iiimf-le-hangul
Simplified Chinese —
iiimf-le-chinput
Traditional Chinese —
iiimf-le-xcin
For these languages IIIMF is installed and enabled by default.
New users get the GIMLET applet (part of the
iiimf-gnome-im-switcher
package) automatically
added to their GNOME panel, if the GNOME Desktop is installed and the
default system language is one of the above.
GIMLET is an applet for switching between the different LEs that are installed on your system. Using different Language Engines allows you to enter text in different languages. You can add GIMLET manually to your GNOME panel by right-clicking on the panel, selecting
and choosing the applet.If you are upgrading and have any legacy XIM input methods installed, Anaconda will automatically install appropriate Language Engines onto your system:
ami
causes
iiimf-le-hangul
to be installed
kinput2
causes
iiimf-le-canna
to be installed
miniChinput
causes
iiimf-le-chinput
to be installed
xcin
causes
iiimf-le-xcin
to be installed
For users that do not need IIIMF input all the time there is a LE called "Latin default" which does nothing for normal input. This can be used to temporarily disable another LE.
The following are some keybindings particular to each of the Language Engines:
iiimf-le-canna
— Home
(show the menu, including the utilities for Canna)
iiimf-le-unit
— F5
(switch between languages), F6 (switch to different
input styles, if available)
iiimf-le-xcin
—
Ctrl-Shift
(switch to different input styles),
Shift-punctuation
(input wide punctuation marks), Cursor keys (change
pages in candidate window)
iiimf-le-chinput
—
Ctrl-Shift
(switch to different input styles), < or
> (change pages in candidate window)
iiimf-le-hangul
— F9
(convert Hangul to Chinese characters)
Should you wish to switch between IIIMF and the legacy input method framework XIM, you can use the system-switch-im application. There is also the command-line tool im-switch for changing the user and system configuration.
Red Hat Enterprise Linux 4 uses an alternatives-based system of files in
/etc/X11/xinit/xinput.d/
and
~/.xinput.d/
to configure the input methods used
for different locales. Users of locales for which input methods are
not used by default (for example, en_US.UTF-8) that wish to input
Asian text must execute the following commands from a shell
prompt:
mkdir -p ~/.xinput.d/
ln -s /etc/X11/xinit/xinput.d/iiimf ~/.xinput.d/en_US
This overrides the system default and enables the use of IIIMF for American English. To configure the input method for an different locale, replace en_US with your locale name (without the charset suffix). To set the input method to be used for all locale use the word default instead of en_US.
Users upgrading from Red Hat Enterprise Linux 3 should note that
/etc/sysconfig/i18n
and
~/.i18n
can no longer be used for input method
configuration; any custom configuration still needed should be moved
as appropriate to /etc/X11/xinit/xinput.d/
or
~/.xinput.d/
.
After changing the input method configuration your changes will be reflected next time you start a X Window System session.
This section contains information related to the mail transport agents included with Red Hat Enterprise Linux.
Earlier mailman
RPMs installed all files
under the /var/mailman/
directory.
Unfortunately, this did not conform to the Filesystem Hierarchy
Standard (FHS) and also created security violations when SELinux was
enabled.
If you previously had mailman
installed and
had edited files in /var/mailman/
(such as
mm_cfg.py
) you must move those changes to their
new location, as documented in the following file:
/usr/share/doc/mailman-*/INSTALL.REDHAT
By default, the Sendmail mail transport agent (MTA) does not
accept network connections from any host other than the local
computer. If you want to configure Sendmail as a server for other
clients, you must edit /etc/mail/sendmail.mc
and change the DAEMON_OPTIONS
line to also
listen on network devices (or comment out this option entirely using
the dnl comment delimiter). You must then
regenerate /etc/mail/sendmail.cf
by running the
following command (as root):
make -C /etc/mail
Note that you must have the sendmail-cf
package installed for this to work.
Be aware that it is possible to inadvertently configure Sendmail to act as an open-relay SMTP server. For more information, refer to the Red Hat Enterprise Linux Reference Guide.
MySQL, the multi-user and multi-threaded client/server database, has been updated from version 3.23.x (which shipped with Red Hat Enterprise Linux 3) to version 4.1.x. This new version of MySQL features improvements in speed, functionality, and usability, including:
subquery support
BTREE indexing for non-structured queries
Secure database replication over SSL connections
Unicode support via utf-8 and ucs-2 character sets
Users should note that there may be compatibility issues when
migrating applications or databases from version 3.23.x to 4.1.x of
MySQL. A known issue is that the default timestamp format has
changed. To address these various issues, the
mysqlclient10
package is included to provide the
3.23.x client library (libmysqlclient.so.10
) for
binary compatibility with applications linked against this legacy
library.
While the mysqlclient10
package provides
compatibility support with the MySQL 4.1.x server, it does not support
the new password encryption method introduced in version 4.1. To
enable compatibility with legacy MySQL 3.x-based clients, the
old_passwords
parameter is enabled by default
in the /etc/my.cnf configuration file. If compatibility with old
clients is not required, this parameter can be disabled to allow use
of the improved password encryption method.
Under the default SELinux security configuration, this daemon is covered by the targeted policy. This increases security by specifically granting or denying access to system objects that that the daemon normally uses. However, because this has the potential to cause previously-working configurations to no longer function, you must understand how SELinux works in order to ensure that your configuration is both secure and functional.
For more information about SELinux policy, refer to the Red Hat SELinux Policy Guide at http://www.redhat.com/docs.
This section contains information related to various network-based servers.
Under the default SELinux security configuration, this daemon is covered by the targeted policy. This increases security by specifically granting or denying access to system objects that that the daemon normally uses. However, because this has the potential to cause previously-working configurations to no longer function, you must understand how SELinux works in order to ensure that your configuration is both secure and functional.
For more information about SELinux policy, refer to the Red Hat SELinux Policy Guide at http://www.redhat.com/docs.
This section contains information related to various server configuration tools.
Red Hat Enterprise Linux 4 includes system-config-lvm, a graphical tool for configuring Logical Volume Manager (LVM). system-config-lvm allows users to create volume groups from physical disk drives and disk partitions on a local machine, creating flexible and extensible logical volumes that are treated as normal physical disk space by the system.
system-config-lvm uses graphical representations of system disks and volumes, which assists users in visualizing storage use and providing an interface for addressing volume management tasks.
For discussions about system-config-lvm and LVM in general, you can subscribe to the linux-lvm mailing list at the following URL:
This section contains information related to software used as part of a Web server environment.
Under the default SELinux security configuration, httpd is covered by the targeted policy. This increases security and Web server stability by specifically granting or denying httpd access to system objects. However, because this has the potential to cause previously-working configurations (such as those that use PHP) to no longer function, you must understand how SELinux works in order to ensure that your configuration is both secure and functional.
For example, a Boolean can be set to give specific permission
to httpd to read objects in
~/public_html/
as long as they are labeled
with the security context
httpd_sys_content_t
. The Apache
daemon cannot access objects (files, applications, devices, and
other processes) that have a security context not specifically
granted access by SELinux to httpd.
By allowing Apache access to only what it needs to do its function, the system is protected from compromised or misconfigured httpd daemons.
Because of the need for both standard Linux directory and file permissions as well as SELinux file context labels, adminstrators and users will need to know about relabeling files. Examples of relabeling include the following commands (one for recursively relabeling the contents of a directory, and one for relabeling a single file):
chcon -R -h -t httpd_sys_content_t public_html
chcon -t httpd_sys_content_t public_html/index.html
A file or directory which is not labeled with a context on the
list of Apache's allowable types will generate a
403 Forbidden
error.
You can configure Boolean values or selectively disable
targeted policy coverage for just Apache (or any of the covered
daemons) using
system-config-securitylevel. Under the
SELinux tab, within the Modify SELinux
Policy area, you can modify the Boolean values for
. If you wish, you can select to
, which disables the transition from
unconfined_t
(the default type
that acts transparently like standard Linux security without
SELinux) to the specific daemon type, i.e.,
httpd_t
. Disabling this
transition effectively turns off SELinux coverage for that daemon,
returning it to standard Linux security only.
For more information about Apache and SELinux policy, refer to the Red Hat SELinux Policy Guide at http://www.redhat.com/docs.
By default, the httpd daemon is now started using the C
locale, rather than using the configured system locale setting.
This behavior can be changed by setting the
HTTPD_LANG
variable in the
/etc/sysconfig/httpd
file.
The default /etc/php.ini
configuration
file has been changed to use the "production" defaults rather than
"development" defaults; notable differences are:
display_errors
is now Off
log_errors
is now On
magic_quotes_gpc
is now Off
The package now uses the "apache2handler" SAPI for integration
with Apache httpd 2.0 rather than the "apache2filter" SAPI. If
upgrading from previous releases, the
SetOutputFilter
directives should be removed from
the /etc/httpd/conf.d/php.conf
file.
The following changes have been made to the packaging of PHP extension modules:
The gd, mbstring, and ncurses extensions have been moved
to the php-gd
,
php-mbstring
, and
php-ncurses
packages, respectively. Note
that you will need to install these packages manually (if
required) when upgrading from an earlier release.
The domxml, snmp, and xmlrpc extensions are now available
in php-domxml
,
php-snmp
, and
php-xmlrpc
packages, respectively.
Under the default SELinux security configuration, this daemon is covered by the targeted policy. This increases security by specifically granting or denying access to system objects that that the daemon normally uses. However, because this has the potential to cause previously-working configurations to no longer function, you must understand how SELinux works in order to ensure that your configuration is both secure and functional.
For more information about SELinux policy, refer to the Red Hat SELinux Policy Guide at http://www.redhat.com/docs.
This section contains information related to the X Window System implementation provided with Red Hat Enterprise Linux.
Red Hat Enterprise Linux 4 includes the new
xorg-x11-deprecated-libs
package. This
package contains X11-related libraries that are deprecated, and
may be removed from future versions of Red Hat Enterprise Linux. By packaging
deprecated libraries in this manner, binary compatibility with
existing applications is maintained while allowing 3rd-party
software providers time to transition their applications away from
these libraries.
Currently, this package contains the Xprint library
(libXp
). This library should not be used in
new application development. Applications that currently use this
library should begin migrating to the supported
libgnomeprint/libgnomeprintui printing APIs.
There has been some confusion regarding font-related issues under the X Window System in recent versions of Red Hat Enterprise Linux (and versions of Red Hat Linux before it.) At the present time, there are two font subsystems, each with different characteristics:
- The original (15+ year old) subsystem is referred to as the "core X font subsystem". Fonts rendered by this subsystem are not anti-aliased, are handled by the X server, and have names like:
-misc-fixed-medium-r-normal--10-100-75-75-c-60-iso8859-1
The newer font subsystem is known as "fontconfig", and allows applications direct access to the font files. Fontconfig is often used along with the "Xft" library, which allows applications to render fontconfig fonts to the screen with antialiasing. Fontconfig uses more human-friendly names like:
Luxi Sans-10
Over time, fontconfig/Xft will replace the core X font subsystem. At the present time, applications using the Qt 3 or GTK 2 toolkits (which would include KDE and GNOME applications) use the fontconfig and Xft font subsystem; most everything else uses the core X fonts.
In the future, Red Hat Enterprise Linux may support only fontconfig/Xft in place of the XFS font server as the default local font access method.
NOTE: An exception to the font subsystem usage outlined above is OpenOffice.org (which uses its own font rendering technology).
If you wish to add new fonts to your Red Hat Enterprise Linux 4 system, you must be aware that the steps necessary depend on which font subsystem is to use the new fonts. For the core X font subsystem, you must:
1. Create the /usr/share/fonts/local/
directory (if it doesn't already exist):
mkdir /usr/share/fonts/local/
2. Copy the new font file into
/usr/share/fonts/local/
3. Update the font information by issuing the following commands (note that, due to formatting restrictions, the following commands may appear on more than one line; in use, each command should be entered on a single line):
ttmkfdir -d /usr/share/fonts/local/ -o /usr/share/fonts/local/fonts.scale
mkfontdir /usr/share/fonts/local/
4. If you had to create
/usr/share/fonts/local/
, you must then add it
to the X font server (xfs) path:
chkfontpath --add /usr/share/fonts/local/
Adding new fonts to the fontconfig font subsystem is more
straightforward; the new font file only needs to be copied into
the /usr/share/fonts/
directory (individual
users can modify their personal font configuration by copying the
font file into the ~/.fonts/
directory).
After the new font has been copied, use fc-cache to update the font information cache:
fc-cache
<directory>
(Where
<directory>
would be either the /usr/share/fonts/
or
~/.fonts/
directories.)
Individual users may also install fonts graphically, by browsing fonts:/// in Nautilus, and dragging the new font files there.
NOTE: If the font filename ends with
".gz
", it has been compressed with
gzip, and must be decompressed (with the
gunzip command) before the fontconfig font
subsystem can use the font.
Due to the transition to the new font system based on
fontconfig/Xft, GTK+ 1.2 applications are not affected by any
changes made via the Font Preferences dialog.
For these applications, a font can be configured by adding the
following lines to the file
~/.gtkrc.mine
:
style "user-font" {
fontset =
"<font-specification>
"
}
widget_class "*" style "user-font"
(Where
<font-specification>
represents a font specification in the style used by traditional X
applications, such as
"-adobe-helvetica-medium-r-normal--*-120-*-*-*-*-*-*
".)
This section contains information related to packages that do not fit in any of the proceeding categories.
C++ and TCL bindings are no longer contained in the
compat-db
package. Applications requiring these
bindings must be ported to the currently-shipping DB library.
This section contains information related to the
lvm2
package.
The full set of LVM2 commands is now installed in
/usr/sbin/
. In boot environments where
/usr/
is not available, it is necessary to
prefix each command with /sbin/lvm.static
(/sbin/lvm.static vgchange -ay, for
example).
In environments where /usr/
is available,
it is no longer necessary to prefix each command with
lvm (/usr/sbin/lvm vgchange
-ay becomes /usr/sbin/vgchange -ay,
for example).
The new LVM2 commands (such as /usr/sbin/vgchange -ay and /sbin/lvm.static vgchange -ay) detect if you are running a 2.4 kernel, and transparently invoke the old LVM1 commands if appropriate. The LVM1 commands have been renamed to end with ".lvm1" (for example, /sbin/vgchange.lvm1 -ay).
LVM1 commands work only with 2.4 kernels. It is not possible to use LVM1 commands while running a 2.6 kernel.
Refer to /usr/share/doc/lvm2*/WHATS_NEW
for
more information on LVM2.
Under the default SELinux security configuration, this daemon is covered by the targeted policy. This increases security by specifically granting or denying access to system objects that that the daemon normally uses. However, because this has the potential to cause previously-working configurations to no longer function, you must understand how SELinux works in order to ensure that your configuration is both secure and functional.
For more information about SELinux policy, refer to the Red Hat SELinux Policy Guide at http://www.redhat.com/docs.
The nscd name service cache daemon may now maintain a
persistent cache across restarts or system reboots. Each database
(user, group, and host, respectively) can be made selected to be
persistent by setting the appropriate line in
/etc/nscd.conf
to "yes". Entries are not
removed from the cache until they are proven to be no longer of
interest. All entries whose time-to-live expires but are otherwise
interesting are automatically reloaded, which helps in situations
where the directory and name services become temporarily
unavailable.
Under the default SELinux security configuration, this daemon is covered by the targeted policy. This increases security by specifically granting or denying access to system objects that that the daemon normally uses. However, because this has the potential to cause previously-working configurations to no longer function, you must understand how SELinux works in order to ensure that your configuration is both secure and functional.
For more information about SELinux policy, refer to the Red Hat SELinux Policy Guide at http://www.redhat.com/docs.
Under the default SELinux security configuration, this daemon is covered by the targeted policy. This increases security by specifically granting or denying access to system objects that that the daemon normally uses. However, because this has the potential to cause previously-working configurations to no longer function, you must understand how SELinux works in order to ensure that your configuration is both secure and functional.
For more information about SELinux policy, refer to the Red Hat SELinux Policy Guide at http://www.redhat.com/docs.
Under the default SELinux security configuration, this daemon is covered by the targeted policy. This increases security by specifically granting or denying access to system objects that that the daemon normally uses. However, because this has the potential to cause previously-working configurations to no longer function, you must understand how SELinux works in order to ensure that your configuration is both secure and functional.
For more information about SELinux policy, refer to the Red Hat SELinux Policy Guide at http://www.redhat.com/docs.
Red Hat Enterprise Linux 4 has switched from a static
/dev/
directory to one that is dynamically
managed via udev
. This allows device nodes to be
created on demand as drivers are loaded.
For more information on udev
, refer to the
udev(8) man page.
Additional rules for udev
should be placed in
a separate file in the /etc/udev/rules.d/
directory.
Additional permission rules for udev
should
be placed in a separate file in the
/etc/udev/permissions.d/
directory.
Systems upgraded to Red Hat Enterprise Linux 4 using Anaconda will
automatically be reconfigured to use udev
.
However (although NOT recommended) it is possible
to perform a "live" upgrade to udev
using the
following steps:
Ensure that you are running a 2.6 kernel
Ensure that /sys/
is mounted
Install the initscripts
RPM supplied with
Red Hat Enterprise Linux 4
Install the new udev
RPM supplied with
Red Hat Enterprise Linux 4
Execute /sbin/start_udev
Install the new mkinitrd
RPM supplied
with Red Hat Enterprise Linux 4
Perform one of the following steps:
· Install the new kernel
RPM
supplied with Red Hat Enterprise Linux 4
OR:
· Re-run mkinitrd for your existing kernel(s)
Improperly performing these steps can result in a system configuration that will not boot properly.
This section contains lists of packages that fit into the following categories:
Packages that have been added to Red Hat Enterprise Linux 4
Packages that have been removed from Red Hat Enterprise Linux 4
Packages that have been deprecated, and may be removed from a future release of Red Hat Enterprise Linux
The following packages have been added to Red Hat Enterprise Linux 4:
Canna-devel
Canna-libs (i386)
FreeWnn-devel
FreeWnn-libs (i386)
GConf2 (i386)
HelixPlayer
ImageMagick (i386)
ImageMagick-c++ (i386)
ImageMagick-c++ (x86_64)
ImageMagick-c++-devel
ImageMagick-devel
ImageMagick-perl
NetworkManager
NetworkManager-gnome
ORBit2 (i386)
Omni (i386)
PyQt
PyQt-devel
PyQt-examples
Pyrex
SDL (i386)
VFlib2 (i386)
VFlib2-VFjfm
VFlib2-conf-ja
VFlib2-devel
Xaw3d (i386)
Xaw3d-devel
alchemist (i386)
alchemist-devel
alsa-lib (i386)
alsa-lib (x86_64)
alsa-lib-devel
alsa-utils
amanda-devel
anaconda-product (noarch)
anacron
apel
apr (i386)
apr (x86_64)
apr-devel
apr-util
apr-util-devel
arpwatch
arts (i386)
aspell (i386)
aspell-ca
aspell-cs
aspell-cy
aspell-el
aspell-en
aspell-pl
at-spi (i386)
audiofile (i386)
audit
authd
automake16
automake17
beecrypt (i386)
beecrypt-devel
beecrypt-python
bind-chroot
bind-devel
bind-libs (i386)
bind-libs (x86_64)
bitstream-vera-fonts
blas (i386)
bluez-bluefw
bluez-hcidump
bluez-libs (i386)
bluez-libs (x86_64)
bluez-libs-devel
bluez-pin
bluez-utils
bluez-utils-cups
bogl (i386)
bogl-devel
boost (i386)
boost (x86_64)
boost-devel
bootparamd
bridge-utils-devel
busybox
bzip2-libs (i386)
cadaver
cdda2wav
cdparanoia-devel
cdparanoia-libs (i386)
cdrecord-devel
checkpolicy
compat-db (i386)
compat-gcc-32
compat-gcc-32-c++
compat-libgcc-296
compat-libstdc++-296
compat-libstdc++-33 (i386)
compat-libstdc++-33 (x86_64)
compat-openldap (i386)
compat-openldap (x86_64)
comps (x86_64)
crash
cryptsetup
cscope
curl (i386)
cyrus-imapd
cyrus-imapd-devel
cyrus-imapd-murder
cyrus-imapd-nntp
cyrus-imapd-utils
cyrus-sasl-gssapi (i386)
cyrus-sasl-md5 (i386)
cyrus-sasl-ntlm (i386)
cyrus-sasl-ntlm (x86_64)
cyrus-sasl-plain (i386)
cyrus-sasl-sql (i386)
cyrus-sasl-sql (x86_64)
dasher
db4-java
db4-tcl
dbus (i386)
dbus (x86_64)
dbus-devel
dbus-glib (i386)
dbus-glib (x86_64)
dbus-python
dbus-x11
devhelp
devhelp-devel
device-mapper (i386)
device-mapper (x86_64)
dhcp-devel
dhcpv6
dhcpv6_client
dia
distcache (i386)
dmalloc
dmraid
docbook-simple
docbook-slides
dovecot
doxygen-doxywizard
e2fsprogs (i386)
eel2 (i386)
elfutils (i386)
elfutils-libelf (i386)
elfutils-libelf-devel
emacs-common
emacs-nox
esound (i386)
evolution-connector
evolution-data-server (i386)
evolution-data-server (x86_64)
evolution-data-server-devel
evolution-devel
evolution-webcal
exim
exim-doc
exim-mon
exim-sa
expect-devel
expectk
finger-server
firefox
flac (i386)
flac (x86_64)
flac-devel
fonts-arabic
fonts-bengali
fonts-xorg-100dpi
fonts-xorg-75dpi
fonts-xorg-ISO8859-14-100dpi
fonts-xorg-ISO8859-14-75dpi
fonts-xorg-ISO8859-15-100dpi
fonts-xorg-ISO8859-15-75dpi
fonts-xorg-ISO8859-2-100dpi
fonts-xorg-ISO8859-2-75dpi
fonts-xorg-ISO8859-9-100dpi
fonts-xorg-ISO8859-9-75dpi
fonts-xorg-base
fonts-xorg-cyrillic
fonts-xorg-syriac
fonts-xorg-truetype
freeglut (i386)
freeglut (x86_64)
freeglut-devel
freeradius-mysql
freeradius-postgresql
freeradius-unixODBC
freetype-demos
freetype-utils
fribidi (i386)
fribidi (x86_64)
fribidi-devel
fsh
gail (i386)
gamin (i386)
gamin (x86_64)
gamin-devel
gd (i386)
gd-progs
gda-mysql
gda-odbc
gda-postgres
gdk-pixbuf (i386)
gedit-devel
gettext-devel
ghostscript (i386)
ghostscript-devel
ghostscript-gtk
gimp-devel
gimp-gap
gimp-help
gimp-print (i386)
gimp-print-devel
gmp (i386)
gnome-audio-extra
gnome-desktop (i386)
gnome-kerberos
gnome-keyring (i386)
gnome-keyring (x86_64)
gnome-keyring-devel
gnome-keyring-manager
gnome-mag (i386)
gnome-mag (x86_64)
gnome-mag-devel
gnome-netstatus
gnome-nettool
gnome-panel (i386)
gnome-panel-devel
gnome-pilot-conduits
gnome-pilot-devel
gnome-python2-applet
gnome-python2-gconf
gnome-python2-gnomeprint
gnome-python2-gnomevfs
gnome-python2-nautilus
gnome-speech (i386)
gnome-speech (x86_64)
gnome-speech-devel
gnome-spell (i386)
gnome-vfs2 (i386)
gnome-vfs2-smb
gnome-volume-manager
gnopernicus
gnumeric
gnumeric-devel
gnuplot-emacs
gnutls (i386)
gnutls (x86_64)
gnutls-devel
gok
gok-devel
gpdf
gphoto2 (i386)
gphoto2-devel
groff-gxditview
groff-perl
gsl (i386)
gsl (x86_64)
gsl-devel
gstreamer (i386)
gstreamer-devel
gstreamer-plugins-devel
gthumb
gtk+ (i386)
gtk-engines (i386)
gtk2-engines (i386)
gtkhtml2 (i386)
gtkhtml3 (i386)
gtkhtml3-devel
gtksourceview (i386)
gtksourceview (x86_64)
gtksourceview-devel
gtkspell (i386)
gtkspell (x86_64)
gtkspell-devel
guile (i386)
guile-devel
hal (i386)
hal (x86_64)
hal-cups-utils
hal-devel
hal-gnome
hesiod (i386)
hicolor-icon-theme
hpoj-devel
htdig-web
httpd-manual
httpd-suexec
icon-slicer
iiimf-csconv
iiimf-docs
iiimf-emacs
iiimf-gnome-im-switcher
iiimf-gtk
iiimf-le-canna
iiimf-le-chinput
iiimf-le-hangul
iiimf-le-sun-thai
iiimf-le-unit
iiimf-le-xcin
iiimf-libs
iiimf-libs-devel
iiimf-server
iiimf-x
imlib (i386)
inn-devel
iptables-devel
iptraf
iptstate
irb
isdn4k-utils-devel
isdn4k-utils-vboxgetty
joe
jpackage-utils
k3b
kdbg
kde-i18n-Bengali
kde-i18n-Bulgarian
kde-i18n-Hindi
kde-i18n-Punjabi
kde-i18n-Tamil
kdeaddons-atlantikdesigner
kdeaddons-xmms
kdeadmin
kdeartwork-icons
kdebase (i386)
kdegames-devel
kdelibs (i386)
kdemultimedia (i386)
kdemultimedia-devel
kdenetwork-nowlistening
kernel-devel
kernel-doc
kernel-smp-devel
kinput2
krb5-auth-dialog
lapack (i386)
libIDL (i386)
libaio (i386)
libao (i386)
libart_lgpl (i386)
libavc1394 (i386)
libavc1394 (x86_64)
libavc1394-devel
libbonobo (i386)
libbonoboui (i386)
libc-client (i386)
libc-client (x86_64)
libc-client-devel
libcap (i386)
libcroco (i386)
libcroco (x86_64)
libcroco-devel
libdbi (i386)
libdbi-dbd-pgsql
libdbi-devel
libdv (i386)
libdv (x86_64)
libdv-devel
libdv-tools
libexif (i386)
libexif (x86_64)
libexif-devel
libf2c (i386)
libgail-gnome (i386)
libgal2 (i386)
libgal2-devel
libgcrypt (i386)
libgcrypt (x86_64)
libgcrypt-devel
libgda
libgda-devel
libghttp-devel
libglade2 (i386)
libgnat
libgnome (i386)
libgnomecanvas (i386)
libgnomecups (i386)
libgnomecups (x86_64)
libgnomecups-devel
libgnomedb
libgnomedb-devel
libgnomeprint22 (i386)
libgnomeprintui22 (i386)
libgnomeui (i386)
libgpg-error (i386)
libgpg-error (x86_64)
libgpg-error-devel
libgsf (i386)
libgsf-devel
libgtop2 (i386)
libgtop2-devel
libidn (i386)
libidn (x86_64)
libidn-devel
libieee1284 (i386)
libieee1284 (x86_64)
libieee1284-devel
libmng (i386)
libmng-static
libmusicbrainz (i386)
libmusicbrainz (x86_64)
libmusicbrainz-devel
libogg (i386)
libpcap (i386)
libpng10 (i386)
libpng10-devel
libraw1394 (i386)
libraw1394-devel
librsvg2 (i386)
libsane-hpoj
libselinux (i386)
libselinux (x86_64)
libselinux-devel
libsepol (i386)
libsepol (x86_64)
libsepol-devel
libsilc
libsilc-devel
libsilc-doc
libsoup (i386)
libsoup-devel
libtabe (i386)
libtabe-devel
libtheora (i386)
libtheora (x86_64)
libtheora-devel
libtool-libs (i386)
libungif (i386)
libungif-progs
libusb (i386)
libuser (i386)
libvorbis (i386)
libwmf (i386)
libwmf (x86_64)
libwmf-devel
libwnck (i386)
libwnck-devel
libwvstreams (i386)
libwvstreams-devel
libxklavier (i386)
libxklavier (x86_64)
libxklavier-devel
libxml2 (i386)
libxslt (i386)
libxslt-python
linuxwacom
linuxwacom-devel
lm_sensors (i386)
lm_sensors (x86_64)
lm_sensors-devel
lockdev (i386)
lrzsz
ltrace
lvm2
lynx
mailman
mc
memtest86+
mgetty-sendfax
mgetty-viewfax
mgetty-voice
mikmod (i386)
mikmod-devel
mod_auth_kerb
mod_dav_svn
mod_perl-devel
module-init-tools
mozilla-devel
mozilla-nspr-devel
mozilla-nss (i386)
mozilla-nss-devel
mtr-gtk
mtx
mysql (i386)
mysql-server
nabi
nasm
nasm-doc
nasm-rdoff
nautilus-cd-burner-devel
neon (i386)
neon (x86_64)
neon-devel
net-snmp-libs (i386)
net-snmp-libs (x86_64)
net-snmp-perl
netpbm (i386)
newt (i386)
nmap-frontend
nss_db (i386)
nss_db (x86_64)
numactl
octave (i386)
octave-devel
openh323 (i386)
openh323-devel
openjade (i386)
openjade-devel
openldap-servers-sql
openmotif (i386)
openoffice.org
openoffice.org-i18n
openoffice.org-libs
openssl-perl
openssl096b (i386)
pam_ccreds (i386)
pam_ccreds (x86_64)
pam_passwdqc (i386)
pam_passwdqc (x86_64)
pam_smb (i386)
parted-devel
pcmcia-cs
pcre (i386)
perl (i386)
perl-Bit-Vector
perl-Convert-ASN1
perl-Crypt-SSLeay
perl-Cyrus
perl-Date-Calc
perl-LDAP
perl-Net-DNS
perl-XML-LibXML
perl-XML-LibXML-Common
perl-XML-NamespaceSupport
perl-XML-SAX
perl-suidperl
php-devel
php-domxml
php-gd
php-mbstring
php-ncurses
php-pear
php-snmp
php-xmlrpc
pilot-link (i386)
planner
pmake
policycoreutils
postfix-pflogsumm
postgresql
postgresql-contrib
postgresql-devel
postgresql-docs
postgresql-jdbc
postgresql-libs (i386)
postgresql-libs (x86_64)
postgresql-pl
postgresql-python
postgresql-server
postgresql-tcl
postgresql-test
pump-devel
pvm-gui
pwlib (i386)
pwlib-devel
pyorbit-devel
pyparted
python-docs
python-ldap
python-tools
qt (i386)
qt-ODBC
qt-PostgreSQL
qt-config
quagga-contrib
quagga-devel
readline (i386)
redhat-artwork (i386)
redhat-release (x86_64)
rhgb
rhythmbox
rpm-libs
ruby-docs
ruby-libs (i386)
ruby-tcltk
samba-common (i386)
samba-swat
sane-backends (i386)
scrollkeeper (i386)
selinux-doc
selinux-policy-targeted
selinux-policy-targeted-sources
sendmail-devel
sendmail-doc
setools
setools-gui
sg3_utils
shared-mime-info
skkdic
slang (i386)
sound-juicer
sox-devel
speex (i386)
speex (x86_64)
speex-devel
startup-notification (i386)
statserial
subversion
subversion-devel
subversion-perl
switchdesk
switchdesk-gui
synaptics
sysfsutils
sysfsutils-devel
system-config-boot
system-config-date
system-config-display
system-config-httpd
system-config-keyboard
system-config-kickstart
system-config-language
system-config-lvm
system-config-mouse
system-config-netboot
system-config-network
system-config-network-tui
system-config-nfs
system-config-packages
system-config-printer
system-config-printer-gui
system-config-rootpassword
system-config-samba
system-config-securitylevel
system-config-securitylevel-tui
system-config-services
system-config-soundcard
system-config-users
system-logviewer
system-switch-im
system-switch-mail
system-switch-mail-gnome
talk-server
tcl-devel
tcl-html
tclx-devel
tclx-doc
tcp_wrappers (i386)
tetex-doc
theora-tools
thunderbird
tix-devel
tix-doc
tk-devel
tn5250-devel
ttfonts-bn
ttfonts-gu
ttfonts-hi
ttfonts-pa
ttfonts-ta
udev
unixODBC (i386)
unixODBC-devel
unixODBC-kde (i386)
utempter (i386)
valgrind
valgrind-callgrind
vim-X11
vino
vte (i386)
w3c-libwww (i386)
w3c-libwww-apps
w3c-libwww-devel
xcdroast
xdelta-devel
xemacs-common
xemacs-nox
xemacs-sumo
xemacs-sumo-el
xemacs-sumo-info
xisdnload
xmlsec1 (i386)
xmlsec1 (x86_64)
xmlsec1-devel
xmlsec1-openssl (i386)
xmlsec1-openssl (x86_64)
xmlsec1-openssl-devel
xmms-devel
xmms-flac
xmms-skins
xojpanel
xorg-x11
xorg-x11-Mesa-libGL (i386)
xorg-x11-Mesa-libGL (x86_64)
xorg-x11-Mesa-libGLU (i386)
xorg-x11-Mesa-libGLU (x86_64)
xorg-x11-Xdmx
xorg-x11-Xnest
xorg-x11-Xvfb
xorg-x11-deprecated-libs (i386)
xorg-x11-deprecated-libs (x86_64)
xorg-x11-deprecated-libs-devel
xorg-x11-devel (i386)
xorg-x11-devel (x86_64)
xorg-x11-doc
xorg-x11-font-utils
xorg-x11-libs (i386)
xorg-x11-libs (x86_64)
xorg-x11-sdk
xorg-x11-tools
xorg-x11-twm
xorg-x11-xauth
xorg-x11-xdm
xorg-x11-xfs
xrestop
zisofs-tools
zsh-html
The following packages have been removed from Red Hat Enterprise Linux 4:
FreeWnn-common
Wnn6-SDK
Wnn6-SDK-devel
XFree86
XFree86-100dpi-fonts
XFree86-75dpi-fonts
XFree86-ISO8859-14-100dpi-fonts
XFree86-ISO8859-14-75dpi-fonts
XFree86-ISO8859-15-100dpi-fonts
XFree86-ISO8859-15-75dpi-fonts
XFree86-ISO8859-2-100dpi-fonts
XFree86-ISO8859-2-75dpi-fonts
XFree86-ISO8859-9-100dpi-fonts
XFree86-ISO8859-9-75dpi-fonts
XFree86-Mesa-libGL (i386)
XFree86-Mesa-libGL (x86_64)
XFree86-Mesa-libGLU
XFree86-Xnest
XFree86-Xvfb
XFree86-base-fonts
XFree86-cyrillic-fonts
XFree86-devel (i386)
XFree86-devel (x86_64)
XFree86-doc
XFree86-font-utils
XFree86-libs (i386)
XFree86-libs (x86_64)
XFree86-libs-data
XFree86-syriac-fonts
XFree86-tools
XFree86-truetype-fonts
XFree86-twm
XFree86-xauth
XFree86-xdm
XFree86-xfs
ami
anaconda-images
ant
ant-libs
aspell-en-ca
aspell-en-gb
aspell-pt_BR
bcel
bonobo-activation
bonobo-activation-devel
cipe
commons-beanutils
commons-collections
commons-digester
commons-logging
commons-modeler
compat-gcc
compat-gcc-c++
compat-libstdc++
compat-libstdc++-devel
compat-pwdb
compat-slang
crash
cup
dev
devlabel
dietlibc
dvdrecord
fam
fam-devel
fontilus
gcc-c++-ssa
gcc-g77-ssa
gcc-gnat
gcc-java-ssa
gcc-objc-ssa
gcc-ssa
gdk-pixbuf-gnome
gnome-libs
gnome-libs-devel
gnome-vfs2-extras
gtkam
gtkam-gimp
im-sdk
imap
itcl
jakarta-regexp
jfsutils
kde-i18n-Afrikaans
kde-i18n-Korean
kdoc
kernel-smp-unsupported
kernel-source
kernel-unsupported
kinput2-canna-wnn6
libgcc-ssa
libgcj-ssa
libgcj-ssa-devel
libgnat
libmrproject
libmudflap
libmudflap-devel
libole2
libole2-devel
libstdc++-ssa
libstdc++-ssa-devel
linc
linc-devel
losetup
lvm
magicdev
modutils
modutils-devel
mount
mozilla-psm
mrproject
mx4j
openoffice
openoffice-i18n
openoffice-libs
perl-CGI
perl-CPAN
perl-DB_File
perl-Net-DNS
printman
pspell
pspell-devel
python-optik
raidtools
rarpd
redhat-config-bind
redhat-config-date
redhat-config-httpd
redhat-config-keyboard
redhat-config-kickstart
redhat-config-language
redhat-config-mouse
redhat-config-netboot
redhat-config-network
redhat-config-network-tui
redhat-config-nfs
redhat-config-packages
redhat-config-printer
redhat-config-printer-gui
redhat-config-proc
redhat-config-rootpassword
redhat-config-samba
redhat-config-securitylevel
redhat-config-securitylevel-tui
redhat-config-services
redhat-config-soundcard
redhat-config-users
redhat-config-xfree86
redhat-java-rpm-scripts
redhat-logviewer
redhat-switch-mail
redhat-switch-mail-gnome
rh-postgresql
rh-postgresql-contrib
rh-postgresql-devel
rh-postgresql-docs
rh-postgresql-jdbc
rh-postgresql-libs
rh-postgresql-python
rh-postgresql-tcl
samba (i386)
shapecfg
switchdesk
switchdesk-gnome
switchdesk-kde
xalan-j
xerces-j
Red Hat seeks to preserve functionality across major releases, but reserves the right to change the specific implementation and packaging of components between major releases.
The following packages are included in Red Hat Enterprise Linux 4, but may be removed from future releases. Developers and users are advised to migrate away from these packages.
4Suite — Only used by system-config-* tools
FreeWnn — IIIMF is the recommended input method
FreeWnn-devel — IIIMF is the recommended input method
FreeWnn-libs — IIIMF is the recommended input method
alchemist — Only used by system-config-* tools
alchemist-devel — Only used by system-config-* tools
aumix — Redundant with other volume control tools
autoconf213 — Backwards compatibility dev tool
automake14 — Backwards compatibility dev tool
automake15 — Backwards compatibility dev tool
automake16 — Backwards compatibility dev tool
automake17 — Backwards compatibility dev tool
compat-db — Backwards compatibility library
compat-gcc-32 — Backwards compatibility library/tool
compat-gcc-32-c++ — Backwards compatibility library/tool
compat-glibc — Backwards compatibility library/tool
compat-libgcc-296 — Backwards compatibility library/tool
compat-libstdc++-296 — Backwards compatibility library/tool
compat-libstdc++-33 — Backwards compatibility library/tool
compat-openldap — Backwards compatibility library/tool
dbskkd-cdb — IIIMF is the recommended input method
dev86 — Required only for lilo
dietlibc — Only supported for installer use
eog — Integrated support in Nautilus
gftp — Integrated FTP in Firefox and Nautilus
gnome-libs — Replaced by libgnome
imlib — Replaced by gdk-pixbuf
imlib-devel — Replaced by gdk-pixbuf
kinput2 — IIIMF is the recommended input method
libghttp — Deprecated library
libghttp-devel — Deprecated library
mikmod — Deprecated sound format
mikmod-devel — Deprecated sound format
miniChinput — IIIMF is the recommended input method
mozilla — Replaced by Firefox/Thunderbird/Evolution
mozilla-chat — Replaced by Firefox/Thunderbird/Evolution
mozilla-devel — Replaced by Firefox/Thunderbird/Evolution
mozilla-dom-inspector — Replaced by Firefox/Thunderbird/Evolution
mozilla-js-debugger — Replaced by Firefox/Thunderbird/Evolution
mozilla-mail — Replaced by Firefox/Thunderbird/Evolution
mozilla-nspr — Replaced by Firefox/Thunderbird/Evolution
mozilla-nspr-devel — Replaced by Firefox/Thunderbird/Evolution
mozilla-nss — Replaced by Firefox/Thunderbird/Evolution
mozilla-nss-devel — Replaced by Firefox/Thunderbird/Evolution
nabi — IIIMF is the recommended input method
newt-perl — Only required by crypto-utils
openmotif21 — Backwards compatibility library
openssl096b — Backwards compatibility library
skkdic — IIIMF is the recommended input method
skkinput — IIIMF is the recommended input method
xcin — IIIMF is the recommended input method
xmms — Replaced by rhythmbox, Helix Player
xmms-devel — Replaced by rhythmbox, Helix Player
xmms-flac — Replaced by rhythmbox, Helix Player
xmms-skins — Replaced by rhythmbox, Helix Player
( x86-64 )