Scientific Linux 4.0 Release Notes --------------------------------------------------------------------------- Introduction The following topics related to Scientific Linux 4.0 are covered in this document: o Introduction (this section) o Overview of this release o Installation-related notes o Package-specific notes o Packages added/removed/deprecated Overview of This Release The following list includes brief summaries of some of the more significant aspects of Scientific Linux 4.0: o Scientific Linux 4.0 includes an implementation of SELinux. SELinux represents a major shift in the way users, programs, and processes interact. By default, SELinux is installed and enabled in this release. Note During the installation you have the option of disabling SELinux, setting it to log warning messages only, or to use its targeted policy, which confines the following daemons only: o dhcpd o httpd o mysqld o named o nscd o ntpd o portmap o postgres o snmpd o squid o syslogd The targeted policy is active by default. Warning Scientific Linux 4.0 support for SELinux uses Extended Attributes on ext2/ext3 file systems. This means that, when a file is written to a default-mounted ext2/ext3 file system, an extended attribute will also be written. This will cause problems on systems that dual boot between Scientific Linux 4.x and much older linux distributions. The older kernels do not support extended attributes, and can crash when encountering them. Scientific Linux 3.0.x's kernel does support these extended attributes. o The mount command has been changed to do the following on NFS mounts: . TCP is now the default transport on NFS mounts. This means that a mount command that does not explicitly specify UDP as the desired protocol (for example, mount foo:/bar /mnt) now uses TCP to communicate with the server, instead of UDP. . Using the verbose (-v) option now causes RPC error messages to be written to standard output. o Scientific Linux 4.0 supports UTF-8 encoding by default for Chinese, Japanese, and Korean locales. o Scientific Linux 4.0 now uses IIIMF for input of Chinese, Japanese, and Korean by default. o Scientific Linux 4.0 supports 5 Indian (Indic) languages: Bengali, Gujarati, Hindi, Punjabi, and Tamil. In addition, the high-quality Lohit font family for the supported languages has been included. o Subversion 1.1 is now included in Scientific Linux; the Subversion version control system is designed to be a replacement for CVS and features truly atomic commits, versioning of files, directories and metadata, along with most current features of CVS. o Scientific Linux 3.0.x introduced the Native POSIX Thread Library (NPTL) -- an implementation of POSIX threading support that greatly improved performance, scalability, semantic correctness, and standards compliance over the LinuxThreads implementation used previously. While most threaded applications were not impacted by the introduction of NPTL, applications that relied on those semantics of LinuxThreads that were contrary to the POSIX specification would not operate correctly. As noted at the time of NPTL's introduction, we recommended that such applications be updated so that they complied with POSIX (and could therefore use NPTL.) While support for LinuxThreads still exists for Scientific Linux 4.x, this statement serves as advance notice that Scientific Linux 5.x will no longer include support for LinuxThreads. Therefore, applications that require LinuxThreads support must be updated before they will be able to work properly on a Scientific Linux 5.x system. Note Several workarounds exist that permit applications requiring the use of LinuxThreads to continue operation under Scientific Linux 3.0.x and 4.x. These workarounds include: o Using the LD_ASSUME_KERNEL environment variable to select LinuxThreads instead of NPTL at runtime o Using an explicit rpath to /lib/i686/ or /lib/ to select LinuxThreads instead of NPTL at runtime o Statically linking the application to use LinuxThreads instead of NPTL (strongly discouraged) In order to determine whether an application is using NPTL or LinuxThreads, add following two environment variables to the application's environment: LD_DEBUG=libs LD_DEBUG_OUTPUT= (Where is the name to be given to each debug output log file. More than one file can be generated if the program forks other processes; all debug output log filenames include the PID of process generating the file.) Then start the application and use it as you normally would. If no debug output log file was produced, the application is statically linked. The application will not be affected by the missing LinuxThreads DSO but, as with all statically linked applications, no guarantees for compatibility are given if the application dynamically loads any code (directly via dlopen() or indirectly via NSS.) If one or more debug output log files were produced, review each one for any references to libpthread -- in particular, a line also containing the string "calling init". The grep utility can do this easily: grep "calling init.*libpthread" .* (Where refers to the name used in the LD_DEBUG_OUTPUT environment variable.) If the path preceding libpthread is /lib/tls/, the application is using NPTL, and no further action needs to be taken. Any other path means that LinuxThreads is being used, and the application must be updated and rebuilt to support NPTL. o Scientific Linux 4.0 now includes support for Advanced Configuration and Power Interface (ACPI), a power management specification commonly supported by most newer hardware. Due to differences in the order in which hardware is probed in system environments with and without ACPI support, the potential for device name changes exists. This means, for example, that a network interface card identified as eth1 under a prior version of Scientific Linux may now appear as eth0. Installation-Related Notes This section outlines those issues that are related to Anaconda (the Scientific Linux installation program) and installing Scientific Linux 4.x in general. o During the Scientific Linux 4.0 installation, it can be challenging to identify individual storage devices in system configurations that include multiple storage adapters. This is particulary true for systems containing Fibre Channel adapters, because in many instances it is desirable to install Scientific Linux on local storage. The Scientific Linux 4.x installation program addresses this issue by delaying the loading of the following modules until after all other SCSI devices have been loaded: o lpfc o qla2100 o qla2200 o qla2300 o qla2322 o qla6312 o qla6322 This results in any locally-attached SCSI device names starting with /dev/sda, /dev/sdb, and so on, with the FC-attached storage following. Package-Specific Notes The following sections contain information regarding packages that have undergone significant changes for Scientific Linux 4.0. For easier access, they are organized using the same groups used in Anaconda. Base This section contains information related to basic system components. openssh Scientific Linux 4.0 contains OpenSSH 3.9, which includes strict permission and ownership checks for the ~/.ssh/config file. These checks mean that ssh will exit if this file does not have appropriate ownership and permissions. Therefore, make sure that ~/.ssh/config is owned by the owner of ~/, and that its permissions are set to mode 600. Core This section contains the most elemental components of Scientific Linux, including the kernel. e2fsprogs The ext2online utility has been added for online growing of existing ext3 file systems. Note It is important to keep in mind that ext2online does not grow the underlying block device itself -- there must be sufficient unused space already present on the device. The easiest way to ensure this is to use LVM volumes and to run lvresize or lvextend to extend the device. In addition, file systems must be specially prepared in order to be resized past a certain point. The preparation involves reserving a small amount of space into which on-disk tables can grow. For newly-created file systems, mke2fs reserves such space automatically; the space reserved is sufficient to grow the file system by a factor of 1000. The creation of this reserved space can be disabled by the following command: mke2fs -O ^resize_inode Future releases of Scientific Linux will allow the creation of this reserved space on existing file systems. glibc o The version of glibc provided with Scientific Linux 4.0 performs additional internal sanity checks to prevent and detect data corruption as early as possible. By default, should corruption be detected, a message similar to the following will be displayed on standard error (or logged via syslog if stderr is not open): *** glibc detected *** double free or corruption: 0x0937d008 *** By default, the program that generated this error will also be killed; however, this (and whether or not an error message is generated) can be controlled via the MALLOC_CHECK_ environment variable. The following settings are supported: o 0 -- Do not generate an error message, and do not kill the program o 1 -- Generate an error message, but do not kill the program o 2 -- Do not generate an error message, but kill the program o 3 -- Generate an error message and kill the program Note If MALLOC_CHECK_ is explicitly set a value other than 0, this causes glibc to perform more tests that are more extensive than the default, and may impact performance. Should you have a program from a third party ISV that triggers these corruption checks and displays a message, you should file a defect report with the application's vendor, since this indicates a serious bug. kernel This section contains notes relating to the Scientific Linux 4.0 kernel. o Scientific Linux 4.0 includes a kernel known as the hugemem kernel. This kernel supports a 4GB per-process user space (versus 3GB for the other kernels), and a 4GB direct kernel space. Using this kernel allows Scientific Linux to run on systems with up to 64GB of main memory. The hugemem kernel is required in order to use all the memory in system configurations containing more than 16GB of memory. The hugemem kernel can also benefit configurations running with less memory (if running an application that could benefit from the larger per-process user space, for example.) Note To provide a 4GB address space for both kernel and user space, the kernel must maintain two separate virtual memory address mappings. This introduces overhead when transferring from user to kernel space; for example, in the case of system calls and interrupts. The impact of this overhead on overall performance is highly application dependent. To install the hugemem kernel, enter the following command while logged in as root: rpm -ivh (Where is the name of the hugemem kernel RPM file -- kernel-hugemem-2.6.9-1.648_EL.i686.rpm, for example.) After the installation is complete, reboot your system, making sure to select the newly-installed hugemem kernel. After testing your system for proper operation while running the hugemem kernel, you should modify the /boot/grub/grub.conf file so that the hugemem kernel is booted by default. o Although Scientific Linux 4.0 includes support for rawio, it is now a deprecated interface. If your application performs device access using this interface, we encourages you to modify your application to open the block device with the O_DIRECT flag. The rawio interface will exist for the life of Scientific Linux 4.x, but is a candidate for removal from future releases. Asynchronous I/O (AIO) on file systems is currently only supported in O_DIRECT, or non-buffered mode. Also note that the asynchronous poll interface is no longer present, and that AIO on pipes is no longer supported. o The sound subsystem is now based on ALSA; the OSS modules are no longer available. o System environments using the kernel's "hugepage" functionality should be aware that the name of the /proc/ entry controlling this feature changed between Scientific Linux 3.0.x and Scientific Linux 4.x: o Scientific Linux 3.0.x used /proc/sys/vm/hugetlb_pool and specified the desired size in megabytes o Scientific Linux 4.x uses /proc/sys/vm/nr_hugepages and specifies the size by the desired number of pages (refer to /proc/meminfo for the size of hugepages on your system) o The kernel shipped with Scientific Linux 4.0 now includes support for Enhanced Disk Device (EDD) polling, which queries for bootable disk device information directly from the disk controller BIOS and stores it as an entry in the /sys filesystem. Two significant kernel command-line options related to EDD have also been added: o edd=skipmbr -- disables BIOS calls that read disk data while still enabling calls that request information from the disk controller. This option can be used when the system BIOS reports more disks than are actually present in the system, causing a 15-30 second delay in loading the kernel. o edd=off -- disables all EDD-releated calls to disk controller BIOS. o The initial release of Scientific Linux 4.0 does not support USB hard disk drives. However, other USB storage devices, such as flash media, CD-ROM and DVD-ROM devices are currently supported. o The kernel shipped with Scientific Linux 4.0 includes the new megaraid_mbox driver from LSI Logic, which replaces the megaraid driver. The megaraid_mbox driver has an improved design, is compatible with the 2.6 kernel, and includes support for the latest hardware. However, megaraid_mbox does not support some of the older hardware that was supported by the megaraid driver. Adapters with the following PCI vendor ID and device ID pairs are not supported by the megaraid_mbox driver: vendor, device 0x101E, 0x9010 0x101E, 0x9060 0x8086, 0x1960 The lspci -n command can be used to display the IDs for adapters installed in a particular machine. Products with these IDs are known by (but not limited to) the following model names: o Dell PERC (dual-channel fast/wide SCSI) RAID controller o Dell PERC2/SC (single-channel Ultra SCSI) RAID controller o Dell PERC2/DC (dual-channel Ultra SCSI) RAID controller o Dell CERC (four-channel ATA/100) RAID controller o MegaRAID 428 o MegaRAID 466 o MegaRAID Express 500 o HP NetRAID 3Si and 1M Both Dell and LSI Logic have indicated that they no longer support these models in the 2.6 kernel. As a result, these adapters are not supported in Scientific Linux 4.0. o The initial release of Scientific Linux 4.0 does not include iSCSI software initiator or target support. Support for iSCSI is being evaluated for addition in a future update to Scientific Linux 4.x. o The Emulex LightPulse Fibre Channel driver (lpfc) is currently undergoing public review for possible inclusion in the Linux 2.6 kernel. It is included in Scientific Linux 4.0 for testing purposes. Changes to the driver are expected. If there are problems with the driver or, if for some reason it is no longer on-track for inclusion in the Linux 2.6 kernel, the driver may be removed from the final Scientific Linux release. The lpfc driver currently has the following known issues: o The driver does not insulate the system from short-duration cable pulls, switch reboots, or device disappearances. Therefore, the system may prematurely determine that a device is non-existent and take it offline. In such cases, manual intervention will be required to reinstate the device with the system. o There is a known panic if Ctrl-C is pressed while the driver is being inserted with insmod. o There is a known panic if rmmod is executed while insmod is still executing. o New device insertion requires manual scanning in order for the SCSI subsystem to detect the new device. o In the past, the process of updating the kernel did not change the default kernel in the system's boot loader configuration. Scientific Linux 4.0 changes this behavior to set newly-installed kernels as the default. This behavior applies to all installation methods (including rpm -i). This behavior is controlled by two lines in the /etc/sysconfig/kernel file: o UPGRADEDEFAULT -- Controls whether new kernels will be booted by default (default value: yes) o DEFAULTKERNEL -- kernel RPMs whose names match this value will be booted by default (default value: depends on hardware configuration) o In order to eliminate the redundancy inherent in providing a separate package for the kernel source code when that source code already exists in the kernel's .src.rpm file, Scientific Linux 4.x no longer includes the kernel-source package. Users that require access to the kernel sources can find them in the kernel .src.rpm file. To create an exploded source tree from this file, perform the following steps (note that refers to the version specification for your currently-running kernel): 1. Obtain the kernel-.src.rpm file from one of the following sources: o The SRPMS directory on the appropriate "SRPMS" CD iso image o The FTP site where you got the kernel package 2. Install kernel-.src.rpm (given the default RPM configuration, the files this package contains will be written to /usr/src/redhat/) 3. Change directory to /usr/src/redhat/SPECS/, and issue the following command: rpmbuild -bp --target= kernel.spec (Where is the desired target architecture.) On a default RPM configuration, the kernel tree will be located in /usr/src/redhat/BUILD/. 4. In resulting tree, the configurations for the specific kernels shipped in Scientific Linux 4.x are in the /configs/ directory. For example, the i686 SMP configuration file is named /configs/kernel--i686-smp.config. Issue the following command to place the desired configuration file in the proper place for building: cp ./.config 5. Issue the following command: make oldconfig You can then proceed as usual. Note An exploded source tree is not required to build kernel modules against the currently in-use kernel. For example, to build the foo.ko module, create the following file (named Makefile) in the directory containing the foo.c file: obj-m := foo.o KDIR := /lib/modules/$(shell uname -r)/build PWD := $(shell pwd) default: $(MAKE) -C $(KDIR) SUBDIRS=$(PWD) modules Issue the make command to build the foo.ko module. sysklogd Under the default SELinux security configuration, this daemon is covered by the targeted policy. This increases security by specifically granting or denying access to system objects that that the daemon normally uses. However, because this has the potential to cause previously-working configurations to no longer function, you must understand how SELinux works in order to ensure that your configuration is both secure and functional. DNS Name Server This section contains information related to the DNS name server. bind Under the default SELinux security configuration, this daemon is covered by the targeted policy. This increases security by specifically granting or denying access to system objects that that the daemon normally uses. However, because this has the potential to cause previously-working configurations to no longer function, you must understand how SELinux works in order to ensure that your configuration is both secure and functional. Development Tools This section contains information related to core development tools. memprof Due to issues interoperating with recent versions of the C library and toolchain, the memprof memory profiling and leak detection tool is no longer included in Scientific Linux 4.0. The memcheck and massif plugins to valgrind (which is newly included in Scientific Linux 4.0) provide similar functionality to memprof. Graphical Internet This section includes packages that help you access the Internet, including graphical email, Web browser, and chat clients. evolution o Scientific Linux 4.0 includes an updated version of the Evolution graphical email client. This version adds a number of new features, including: o Evolution now includes spam filters that can be trained to more accurately distinguish between spam and non-spam email. When you get spam, click on the Junk button. Check your Junk Mail folder periodically to see if anything is being filtered improperly. If you find an improperly-filtered email, mark it as Not Junk; in this way, the filter becomes more effective over time. o The Evolution Connector makes it possible to connect to Microsoft Exchange 2000 and 2003 servers. o The user interface has been modified so that each operation (email, calendaring, tasks, and contacts) is treated separately, replacing the previous server-centric model. o Evolution now includes enhanced support for encryption and cryptographic signatures, including the use of S/MIME. o The directory used by Evolution to store its settings has been hidden from end-users by renaming it from ~/evolution/ to ~/.evolution/. Graphics This section includes packages that help you manipulate and scan images. gimp o The gimp-perl package has been removed from Scientific Linux 4.0 because GIMP was updated to 2.0 and the Perl bindings were neither ready nor part of the main package anymore. Users of Perl scripts in GIMP should install the Gimp Perl module from [4]http://www.gimp.org/downloads/. Language Support This section includes information related to the support of various languages under Scientific Linux. UTF-8 Support for Chinese, Japanese, and Korean When upgrading a system from Scientific Linux 3.0.x to Scientific Linux 4.0, system locale settings are preserved. Because Scientific Linux 4.0 supports Chinese, Japanese, and Korean in UTF-8 encoding by default, we recommends that you change to UTF-8 locale by editing the following file: /etc/sysconfig/i18n Modify the locale settings by making the following changes: o ja_JP.eucJP becomes ja_JP.UTF-8 o ko_KR.eucKR becomes ko_KR.UTF-8 o zh_CN.GB18030 becomes zh_CN.UTF-8 o zh_TW.Big5 becomes zh_TW.UTF-8 Users with locale settings in ~/.i18n should also update to use UTF-8 encoding by default. To convert a text file in native encoding (for example eucJP, eucKR, Big5, or GB18030) to UTF-8, you can use the iconv utility: iconv -f -t UTF-8 -o Refer to the iconv man page for more information. IIIMF The default Input Method (IM) for Chinese (Simplified and Traditional), Japanese, and Korean has been changed to IIIMF -- the Internet/Intranet Input Method Framework. IIIMF is used by default for input of Indian languages also. IIIMF is supported natively through a GTK2 IM module, and also through XIM using the httx client. IIIMF supports the use of multiple Language Engines (LEs) at the same time; using the GNOME Input Method Language Engine Tool (GIMLET -- an applet) it is possible to switch between LEs of different languages inside GTK2 applications. IIIMF currently defaults to using Ctrl-Space or Shift-Space for toggling the input method on and off (Emacs users can use Ctrl-@ instead of Ctrl-Space to set the mark). Depending on your choice of language support during installation, one or more IIIMF Language Engines may have been installed: o Indian languages -- iiimf-le-unit o Japanese -- iiimf-le-canna o Korean -- iiimf-le-hangul o Simplified Chinese -- iiimf-le-chinput o Traditional Chinese -- iiimf-le-xcin For these languages IIIMF is installed and enabled by default. New users get the GIMLET applet (part of the iiimf-gnome-im-switcher package) automatically added to their GNOME panel, if the GNOME Desktop is installed and the default system language is one of the above. GIMLET is an applet for switching between the different LEs that are installed on your system. Using different Language Engines allows you to enter text in different languages. You can add GIMLET manually to your GNOME panel by right-clicking on the panel, selecting Add to panel... and choosing the InputMethod Switcher applet. If you are upgrading and have any legacy XIM input methods installed, Anaconda will automatically install appropriate Language Engines onto your system: o ami causes iiimf-le-hangul to be installed o kinput2 causes iiimf-le-canna to be installed o miniChinput causes iiimf-le-chinput to be installed o xcin causes iiimf-le-xcin to be installed For users that do not need IIIMF input all the time there is a LE called "Latin default" which does nothing for normal input. This can be used to temporarily disable another LE. The following are some keybindings particular to each of the Language Engines: iiimf-le-canna -- Home (show the menu, including the utilities for Canna) iiimf-le-unit -- F5 (switch between languages), F6 (switch to different input styles, if available) iiimf-le-xcin -- Ctrl-Shift (switch to different input styles), Shift-punctuation (input wide punctuation marks), Cursor keys (change pages in candidate window) iiimf-le-chinput -- Ctrl-Shift (switch to different input styles), < or > (change pages in candidate window) iiimf-le-hangul -- F9 (convert Hangul to Chinese characters) Input Method Configuration Should you wish to switch between IIIMF and the legacy input method framework XIM, you can use the system-switch-im application. There is also the command-line tool im-switch for changing the user and system configuration. Scientific Linux 4.0 uses an alternatives-based system of files in /etc/X11/xinit/xinput.d/ and ~/.xinput.d/ to configure the input methods used for different locales. Users of locales for which input methods are not used by default (for example, en_US.UTF-8) that wish to input Asian text must execute the following commands from a shell prompt: mkdir -p ~/.xinput.d/ ln -s /etc/X11/xinit/xinput.d/iiimf ~/.xinput.d/en_US This overrides the system default and enables the use of IIIMF for American English. To configure the input method for an different locale, replace en_US with your locale name (without the charset suffix). To set the input method to be used for all locale use the word default instead of en_US. Users upgrading from Scientific Linux 3.0.x should note that /etc/sysconfig/i18n and ~/.i18n can no longer be used for input method configuration; any custom configuration still needed should be moved as appropriate to /etc/X11/xinit/xinput.d/ or ~/.xinput.d/. After changing the input method configuration your changes will be reflected next time you start a X Window System session. Mail Server This section contains information related to the mail transport agents included with Scientific Linux 4.0. mailman Earlier mailman RPMs installed all files under the /var/mailman/ directory. Unfortunately, this did not conform to the Filesystem Hierarchy Standard (FHS) and also created security violations when SELinux was enabled. If you previously had mailman installed and had edited files in /var/mailman/ (such as mm_cfg.py) you must move those changes to their new location, as documented in the following file: /usr/share/doc/mailman-*/INSTALL.REDHAT sendmail o By default, the Sendmail mail transport agent (MTA) does not accept network connections from any host other than the local computer. If you want to configure Sendmail as a server for other clients, you must edit /etc/mail/sendmail.mc and change the DAEMON_OPTIONS line to also listen on network devices (or comment out this option entirely using the dnl comment delimiter). You must then regenerate /etc/mail/sendmail.cf by running the following command (as root): make -C /etc/mail Note that you must have the sendmail-cf package installed for this to work. Note Be aware that it is possible to inadvertently configure Sendmail to act as an open-relay SMTP server. MySQL Database MySQL, the multi-user and multi-threaded client/server database, has been updated from version 3.23.x (which shipped with Scientific Linux 3.0.x) to version 4.1.x. This new version of MySQL features improvements in speed, functionality, and usability, including: o subquery support o BTREE indexing for non-structured queries o Secure database replication over SSL connections o Unicode support via utf-8 and ucs-2 character sets Users should note that there may be compatibility issues when migrating applications or databases from version 3.23.x to 4.1.x of MySQL. A known issue is that the default timestamp format has changed. To address these various issues, the mysqlclient10 package is included to provide the 3.23.x client library (libmysqlclient.so.10) for binary compatibility with applications linked against this legacy library. Note While the mysqlclient10 package provides compatibility support with the MySQL 4.1.x server, it does not support the new password encryption method introduced in version 4.1. To enable compatibility with legacy MySQL 3.x-based clients, the old_passwords parameter is enabled by default in the /etc/my.cnf configuration file. If compatibility with old clients is not required, this parameter can be disabled to allow use of the improved password encryption method. mysql-server Under the default SELinux security configuration, this daemon is covered by the targeted policy. This increases security by specifically granting or denying access to system objects that that the daemon normally uses. However, because this has the potential to cause previously-working configurations to no longer function, you must understand how SELinux works in order to ensure that your configuration is both secure and functional. Network Servers This section contains information related to various network-based servers. dhcp Under the default SELinux security configuration, this daemon is covered by the targeted policy. This increases security by specifically granting or denying access to system objects that that the daemon normally uses. However, because this has the potential to cause previously-working configurations to no longer function, you must understand how SELinux works in order to ensure that your configuration is both secure and functional. Server Configuration Tools This section contains information related to various server configuration tools. system-config-lvm Scientific Linux 4.0 includes system-config-lvm, a graphical tool for configuring Logical Volume Manager (LVM). system-config-lvm allows users to create volume groups from physical disk drives and disk partitions on a local machine, creating flexible and extensible logical volumes that are treated as normal physical disk space by the system. system-config-lvm uses graphical representations of system disks and volumes, which assists users in visualizing storage use and providing an interface for addressing volume management tasks. system-config-securitylevel The firewall constructed by the system-config-securitylevel configuration tool now allows CUPS and Multicast DNS (mDNS) browsing. Note that, at the present time, these services cannot be disabled by system-config-securitylevel. Web Server This section contains information related to software used as part of a Web server environment. httpd o Under the default SELinux security configuration, httpd is covered by the targeted policy. This increases security and Web server stability by specifically granting or denying httpd access to system objects. However, because this has the potential to cause previously-working configurations (such as those that use PHP) to no longer function, you must understand how SELinux works in order to ensure that your configuration is both secure and functional. For example, a Boolean can be set to give specific permission to httpd to read objects in ~/public_html/ as long as they are labeled with the security context httpd_sys_content_t. The Apache daemon cannot access objects (files, applications, devices, and other processes) that have a security context not specifically granted access by SELinux to httpd. By allowing Apache access to only what it needs to do its function, the system is protected from compromised or misconfigured httpd daemons. Because of the need for both standard Linux directory and file permissions as well as SELinux file context labels, adminstrators and users will need to know about relabeling files. Examples of relabeling include the following commands (one for recursively relabeling the contents of a directory, and one for relabeling a single file): chcon -R -h -t httpd_sys_content_t public_html chcon -t httpd_sys_content_t public_html/index.html A file or directory which is not labeled with a context on the list of Apache's allowable types will generate a 403 Forbidden error. You can configure Boolean values or selectively disable targeted policy coverage for just Apache (or any of the covered daemons) using system-config-securitylevel. Under the SELinux tab, within the Modify SELinux Policy area, you can modify the Boolean values for Apache. If you wish, you can select to Disable SELinux protection for httpd daemon, which disables the transition from unconfined_t (the default type that acts transparently like standard Linux security without SELinux) to the specific daemon type, i.e., httpd_t. Disabling this transition effectively turns off SELinux coverage for that daemon, returning it to standard Linux security only. o By default, the httpd daemon is now started using the C locale, rather than using the configured system locale setting. This behavior can be changed by setting the HTTPD_LANG variable in the /etc/sysconfig/httpd file. php o The default /etc/php.ini configuration file has been changed to use the "production" defaults rather than "development" defaults; notable differences are: o display_errors is now Off o log_errors is now On o magic_quotes_gpc is now Off The package now uses the "apache2handler" SAPI for integration with Apache httpd 2.0 rather than the "apache2filter" SAPI. If upgrading from previous releases, the SetOutputFilter directives should be removed from the /etc/httpd/conf.d/php.conf file. o The following changes have been made to the packaging of PHP extension modules: o The gd, mbstring, and ncurses extensions have been moved to the php-gd, php-mbstring, and php-ncurses packages, respectively. Note that you will need to install these packages manually (if required) when upgrading from an earlier release. o The domxml, snmp, and xmlrpc extensions are now available in php-domxml, php-snmp, and php-xmlrpc packages, respectively. squid Under the default SELinux security configuration, this daemon is covered by the targeted policy. This increases security by specifically granting or denying access to system objects that that the daemon normally uses. However, because this has the potential to cause previously-working configurations to no longer function, you must understand how SELinux works in order to ensure that your configuration is both secure and functional. X Window System This section contains information related to the X Window System implementation provided with Scientific Linux 4.0. xorg-x11 o Scientific Linux 4.0 includes the new xorg-x11-deprecated-libs package. This package contains X11-related libraries that are deprecated, and may be removed from future versions of Scientific Linux. By packaging deprecated libraries in this manner, binary compatibility with existing applications is maintained while allowing 3rd-party software providers time to transition their applications away from these libraries. Currently, this package contains the Xprint library (libXp). This library should not be used in new application development. Applications that currently use this library should begin migrating to the supported libgnomeprint/libgnomeprintui printing APIs. o There has been some confusion regarding font-related issues under the X Window System. At the present time, there are two font subsystems, each with different characteristics: - The original (15+ year old) subsystem is referred to as the "core X font subsystem". Fonts rendered by this subsystem are not anti-aliased, are handled by the X server, and have names like: -misc-fixed-medium-r-normal--10-100-75-75-c-60-iso8859-1 The newer font subsystem is known as "fontconfig", and allows applications direct access to the font files. Fontconfig is often used along with the "Xft" library, which allows applications to render fontconfig fonts to the screen with antialiasing. Fontconfig uses more human-friendly names like: Luxi Sans-10 Over time, fontconfig/Xft will replace the core X font subsystem. At the present time, applications using the Qt 3 or GTK 2 toolkits (which would include KDE and GNOME applications) use the fontconfig and Xft font subsystem; most everything else uses the core X fonts. In the future, Scientific Linux may support only fontconfig/Xft in place of the XFS font server as the default local font access method. NOTE: An exception to the font subsystem usage outlined above is OpenOffice.org (which uses its own font rendering technology). If you wish to add new fonts to your Scientific Linux 4.x system, you must be aware that the steps necessary depend on which font subsystem is to use the new fonts. For the core X font subsystem, you must: 1. Create the /usr/share/fonts/local/ directory (if it doesn't already exist): mkdir /usr/share/fonts/local/ 2. Copy the new font file into /usr/share/fonts/local/ 3. Update the font information by issuing the following commands (note that, due to formatting restrictions, the following commands may appear on more than one line; in use, each command should be entered on a single line): ttmkfdir -d /usr/share/fonts/local/ -o /usr/share/fonts/local/fonts.scale mkfontdir /usr/share/fonts/local/ 4. If you had to create /usr/share/fonts/local/, you must then add it to the X font server (xfs) path: chkfontpath --add /usr/share/fonts/local/ Adding new fonts to the fontconfig font subsystem is more straightforward; the new font file only needs to be copied into the /usr/share/fonts/ directory (individual users can modify their personal font configuration by copying the font file into the ~/.fonts/ directory). After the new font has been copied, use fc-cache to update the font information cache: fc-cache (Where would be either the /usr/share/fonts/ or ~/.fonts/ directories.) Individual users may also install fonts graphically, by browsing fonts:/// in Nautilus, and dragging the new font files there. NOTE: If the font filename ends with ".gz", it has been compressed with gzip, and must be decompressed (with the gunzip command) before the fontconfig font subsystem can use the font. o Due to the transition to the new font system based on fontconfig/Xft, GTK+ 1.2 applications are not affected by any changes made via the Font Preferences dialog. For these applications, a font can be configured by adding the following lines to the file ~/.gtkrc.mine: style "user-font" { fontset = "" } widget_class "*" style "user-font" (Where represents a font specification in the style used by traditional X applications, such as "-adobe-helvetica-medium-r-normal--*-120-*-*-*-*-*-*".) Miscellaneous Notes This section contains information related to packages that do not fit in any of the proceeding categories. compat-db C++ and TCL bindings are no longer contained in the compat-db package. Applications requiring these bindings must be ported to the currently-shipping DB library. lvm2 This section contains information related to the lvm2 package. o The full set of LVM2 commands is now installed in /usr/sbin/. In boot environments where /usr/ is not available, it is necessary to prefix each command with /sbin/lvm.static (/sbin/lvm.static vgchange -ay, for example). In environments where /usr/ is available, it is no longer necessary to prefix each command with lvm (/usr/sbin/lvm vgchange -ay becomes /usr/sbin/vgchange -ay, for example). o The new LVM2 commands (such as /usr/sbin/vgchange -ay and /sbin/lvm.static vgchange -ay) detect if you are running a 2.4 kernel, and transparently invoke the old LVM1 commands if appropriate. The LVM1 commands have been renamed to end with ".lvm1" (for example, /sbin/vgchange.lvm1 -ay). Note LVM1 commands work only with 2.4 kernels. It is not possible to use LVM1 commands while running a 2.6 kernel. Refer to /usr/share/doc/lvm2*/WHATS_NEW for more information on LVM2. net-snmp Under the default SELinux security configuration, this daemon is covered by the targeted policy. This increases security by specifically granting or denying access to system objects that that the daemon normally uses. However, because this has the potential to cause previously-working configurations to no longer function, you must understand how SELinux works in order to ensure that your configuration is both secure and functional. nscd o The nscd name service cache daemon may now maintain a persistent cache across restarts or system reboots. Each database (user, group, and host, respectively) can be made selected to be persistent by setting the appropriate line in /etc/nscd.conf to "yes". Entries are not removed from the cache until they are proven to be no longer of interest. All entries whose time-to-live expires but are otherwise interesting are automatically reloaded, which helps in situations where the directory and name services become temporarily unavailable. o Under the default SELinux security configuration, this daemon is covered by the targeted policy. This increases security by specifically granting or denying access to system objects that that the daemon normally uses. However, because this has the potential to cause previously-working configurations to no longer function, you must understand how SELinux works in order to ensure that your configuration is both secure and functional. ntp Under the default SELinux security configuration, this daemon is covered by the targeted policy. This increases security by specifically granting or denying access to system objects that that the daemon normally uses. However, because this has the potential to cause previously-working configurations to no longer function, you must understand how SELinux works in order to ensure that your configuration is both secure and functional. portmap Under the default SELinux security configuration, this daemon is covered by the targeted policy. This increases security by specifically granting or denying access to system objects that that the daemon normally uses. However, because this has the potential to cause previously-working configurations to no longer function, you must understand how SELinux works in order to ensure that your configuration is both secure and functional. udev Scientific Linux 4.0 has switched from a static /dev/ directory to one that is dynamically managed via udev. This allows device nodes to be created on demand as drivers are loaded. For more information on udev, refer to the udev(8) man page. Additional rules for udev should be placed in a separate file in the /etc/udev/rules.d/ directory. Additional permission rules for udev should be placed in a separate file in the /etc/udev/permissions.d/ directory. Systems upgraded to Scientific Linux 4.0 using Anaconda will automatically be reconfigured to use udev. However (although NOT recommended) it is possible to perform a "live" upgrade to udev using the following steps: 1. Ensure that you are running a 2.6 kernel 2. Ensure that /sys/ is mounted 3. Install the initscripts RPM supplied with Scientific Linux 4.0 4. Install the new udev RPM supplied with Scientific Linux 4.0 5. Execute /sbin/start_udev 6. Install the new mkinitrd RPM supplied with Scientific Linux 4.0 7. Perform one of the following steps: . Install the new kernel RPM supplied with Scientific Linux 4.0 OR: . Re-run mkinitrd for your existing kernel(s) Warning Improperly performing these steps can result in a system configuration that will not boot properly. Packages Added/Removed/Deprecated This section contains lists of packages that fit into the following categories: o Packages that have been added to Scientific Linux 4.0 o Packages that have been removed from Scientific Linux 4.0 o Packages that have been deprecated, and may be removed from a future release of Scientific Linux Packages Added The following packages have been added to Scientific Linux 4.0: o Canna-devel o FreeWnn-devel o HelixPlayer o ImageMagick-c++ o ImageMagick-c++-devel o ImageMagick-devel o ImageMagick-perl o NetworkManager o NetworkManager-gnome o PyQt o PyQt-devel o PyQt-examples o Pyrex o VFlib2-VFjfm o VFlib2-conf-ja o VFlib2-devel o Xaw3d-devel o alchemist-devel o alsa-lib o alsa-lib-devel o alsa-utils o amanda-devel o anaconda-product (noarch) o anacron o apel o apr o apr-devel o apr-util o apr-util-devel o arpwatch o aspell-ca o aspell-cs o aspell-cy o aspell-el o aspell-en o aspell-pl o audit o authd o automake16 o automake17 o beecrypt-devel o beecrypt-python o bind-chroot o bind-devel o bind-libs o bitstream-vera-fonts o bluez-bluefw o bluez-hcidump o bluez-libs o bluez-libs-devel o bluez-pin o bluez-utils o bluez-utils-cups o bogl-devel o boost o boost-devel o bootparamd o bridge-utils-devel o busybox o cadaver o cdda2wav o cdparanoia-devel o cdrecord-devel o checkpolicy o compat-gcc-32 o compat-gcc-32-c++ o compat-libgcc-296 o compat-libstdc++-296 o compat-libstdc++-33 o compat-openldap o cryptsetup o cscope o cyrus-imapd o cyrus-imapd-devel o cyrus-imapd-murder o cyrus-imapd-nntp o cyrus-imapd-utils o cyrus-sasl-ntlm o cyrus-sasl-sql o dasher o db4-java o db4-tcl o dbus o dbus-devel o dbus-glib o dbus-python o dbus-x11 o devhelp o devhelp-devel o device-mapper o dhcp-devel o dhcpv6 o dhcpv6_client o dia o dmalloc o dmraid o docbook-simple o docbook-slides o dovecot o doxygen-doxywizard o elfutils-libelf-devel o emacs-common o emacs-nox o evolution-connector o evolution-data-server o evolution-data-server-devel o evolution-devel o evolution-webcal o exim o exim-doc o exim-mon o exim-sa o expect-devel o expectk o finger-server o firefox o flac o flac-devel o fonts-arabic o fonts-bengali o fonts-xorg-100dpi o fonts-xorg-75dpi o fonts-xorg-ISO8859-14-100dpi o fonts-xorg-ISO8859-14-75dpi o fonts-xorg-ISO8859-15-100dpi o fonts-xorg-ISO8859-15-75dpi o fonts-xorg-ISO8859-2-100dpi o fonts-xorg-ISO8859-2-75dpi o fonts-xorg-ISO8859-9-100dpi o fonts-xorg-ISO8859-9-75dpi o fonts-xorg-base o fonts-xorg-cyrillic o fonts-xorg-syriac o fonts-xorg-truetype o freeglut o freeglut-devel o freeradius-mysql o freeradius-postgresql o freeradius-unixODBC o freetype-demos o freetype-utils o fribidi o fribidi-devel o fsh o gamin o gamin-devel o gd-progs o gda-mysql o gda-odbc o gda-postgres o gedit-devel o gettext-devel o ghostscript-devel o ghostscript-gtk o gimp-devel o gimp-gap o gimp-help o gimp-print-devel o gnome-audio-extra o gnome-kerberos o gnome-keyring o gnome-keyring-devel o gnome-keyring-manager o gnome-mag o gnome-mag-devel o gnome-netstatus o gnome-nettool o gnome-panel-devel o gnome-pilot-conduits o gnome-pilot-devel o gnome-python2-applet o gnome-python2-gconf o gnome-python2-gnomeprint o gnome-python2-gnomevfs o gnome-python2-nautilus o gnome-speech o gnome-speech-devel o gnome-vfs2-smb o gnome-volume-manager o gnopernicus o gnumeric o gnumeric-devel o gnuplot-emacs o gnutls o gnutls-devel o gok o gok-devel o gpdf o gphoto2-devel o groff-gxditview o groff-perl o gsl o gsl-devel o gstreamer-devel o gstreamer-plugins-devel o gthumb o gtkhtml3-devel o gtksourceview o gtksourceview-devel o gtkspell o gtkspell-devel o guile-devel o hal o hal-cups-utils o hal-devel o hal-gnome o hicolor-icon-theme o howl o howl-devel o howl-libs o hpoj-devel o htdig-web o httpd-manual o httpd-suexec o icon-slicer o iiimf-csconv o iiimf-docs o iiimf-emacs o iiimf-gnome-im-switcher o iiimf-gtk o iiimf-le-canna o iiimf-le-chinput o iiimf-le-hangul o iiimf-le-sun-thai o iiimf-le-unit o iiimf-le-xcin o iiimf-libs o iiimf-libs-devel o iiimf-server o iiimf-x o inn-devel o iptables-devel o iptraf o iptstate o irb o isdn4k-utils-devel o isdn4k-utils-vboxgetty o joe o jpackage-utils o k3b o kdbg o kde-i18n-Bengali o kde-i18n-Bulgarian o kde-i18n-Hindi o kde-i18n-Punjabi o kde-i18n-Tamil o kdeaddons-atlantikdesigner o kdeaddons-xmms o kdeadmin o kdeartwork-icons o kdegames-devel o kdemultimedia-devel o kdenetwork-nowlistening o kernel-doc o kinput2 o krb5-auth-dialog o libavc1394 o libavc1394-devel o libc-client o libc-client-devel o libcroco o libcroco-devel o libdbi-dbd-pgsql o libdbi-devel o libdv o libdv-devel o libdv-tools o libexif o libexif-devel o libgal2-devel o libgcrypt o libgcrypt-devel o libgda o libgda-devel o libghttp-devel o libgnomecups o libgnomecups-devel o libgnomedb o libgnomedb-devel o libgpg-error o libgpg-error-devel o libgsf-devel o libgtop2-devel o libidn o libidn-devel o libieee1284 o libieee1284-devel o libmng-static o libmusicbrainz o libmusicbrainz-devel o libpng10-devel o libraw1394-devel o libsane-hpoj o libselinux o libselinux-devel o libsepol o libsepol-devel o libsilc o libsilc-devel o libsilc-doc o libsoup-devel o libtabe-devel o libtheora o libtheora-devel o libungif-progs o libwmf o libwmf-devel o libwnck-devel o libwvstreams-devel o libxklavier o libxklavier-devel o libxml-devel o libxslt-python o linuxwacom o linuxwacom-devel o lm_sensors-devel o lrzsz o lvm2 o lynx o mailman o mc o memtest86+ o mgetty-sendfax o mgetty-viewfax o mgetty-voice o mikmod-devel o mod_auth_kerb o mod_dav_svn o mod_perl-devel o module-init-tools o mozilla-devel o mozilla-nspr-devel o mozilla-nss-devel o mtr-gtk o mtx o mysql-server o nabi o nasm o nasm-doc o nasm-rdoff o nautilus-cd-burner-devel o neon o neon-devel o net-snmp-libs o net-snmp-perl o nmap-frontend o nss_db o numactl o octave-devel o openh323-devel o openjade-devel o openldap-servers-sql o openoffice.org o openoffice.org-i18n o openoffice.org-kde o openoffice.org-libs o openssl-perl o pam_ccreds o pam_passwdqc o parted-devel o pcmcia-cs o perl-Bit-Vector o perl-Convert-ASN1 o perl-Crypt-SSLeay o perl-Cyrus o perl-Date-Calc o perl-LDAP o perl-Net-DNS o perl-XML-LibXML o perl-XML-LibXML-Common o perl-XML-NamespaceSupport o perl-XML-SAX o perl-suidperl o php-devel o php-domxml o php-gd o php-mbstring o php-ncurses o php-pear o php-snmp o php-xmlrpc o planner o pmake o policycoreutils o postfix-pflogsumm o postgresql o postgresql-contrib o postgresql-devel o postgresql-docs o postgresql-jdbc o postgresql-libs o postgresql-pl o postgresql-python o postgresql-server o postgresql-tcl o postgresql-test o pump-devel o pvm-gui o pwlib-devel o pyorbit-devel o pyparted o python-docs o python-ldap o python-tools o qt-ODBC o qt-PostgreSQL o qt-config o quagga-contrib o quagga-devel o rhgb o rhythmbox o rpm-libs o ruby-docs o ruby-tcltk o samba-swat o selinux-doc o selinux-policy-targeted o selinux-policy-targeted-sources o sendmail-devel o sendmail-doc o setools o setools-gui o sg3_utils o shared-mime-info o skkdic o sound-juicer o sox-devel o speex o speex-devel o statserial o subversion o subversion-devel o subversion-perl o switchdesk o switchdesk-gui o synaptics o sysfsutils o sysfsutils-devel o system-config-boot o system-config-date o system-config-display o system-config-httpd o system-config-keyboard o system-config-kickstart o system-config-language o system-config-lvm o system-config-mouse o system-config-netboot o system-config-network o system-config-network-tui o system-config-nfs o system-config-packages o system-config-printer o system-config-printer-gui o system-config-rootpassword o system-config-samba o system-config-securitylevel o system-config-securitylevel-tui o system-config-services o system-config-soundcard o system-config-users o system-logviewer o system-switch-im o system-switch-mail o system-switch-mail-gnome o talk-server o tcl-devel o tcl-html o tclx-devel o tclx-doc o tetex-doc o theora-tools o thunderbird o tix-devel o tix-doc o tk-devel o tn5250-devel o ttfonts-bn o ttfonts-gu o ttfonts-hi o ttfonts-pa o ttfonts-ta o udev o unixODBC-devel o valgrind o valgrind-callgrind o vim-X11 o vino o w3c-libwww-apps o w3c-libwww-devel o xcdroast o xdelta-devel o xemacs-common o xemacs-nox o xemacs-sumo o xemacs-sumo-el o xemacs-sumo-info o xisdnload o xmlsec1 o xmlsec1-devel o xmlsec1-openssl o xmlsec1-openssl-devel o xmms-devel o xmms-flac o xmms-skins o xojpanel o xorg-x11 o xorg-x11-Mesa-libGL o xorg-x11-Mesa-libGLU o xorg-x11-Xdmx o xorg-x11-Xnest o xorg-x11-Xvfb o xorg-x11-deprecated-libs o xorg-x11-deprecated-libs-devel o xorg-x11-devel o xorg-x11-doc o xorg-x11-font-utils o xorg-x11-libs o xorg-x11-sdk o xorg-x11-tools o xorg-x11-twm o xorg-x11-xauth o xorg-x11-xdm o xorg-x11-xfs o xrestop o zisofs-tools o zsh-html Packages Removed The following packages have been removed from Scientific Linux 4.0: o FreeWnn-common o Wnn6-SDK o Wnn6-SDK-devel o XFree86 o XFree86-100dpi-fonts o XFree86-75dpi-fonts o XFree86-ISO8859-14-100dpi-fonts o XFree86-ISO8859-14-75dpi-fonts o XFree86-ISO8859-15-100dpi-fonts o XFree86-ISO8859-15-75dpi-fonts o XFree86-ISO8859-2-100dpi-fonts o XFree86-ISO8859-2-75dpi-fonts o XFree86-ISO8859-9-100dpi-fonts o XFree86-ISO8859-9-75dpi-fonts o XFree86-Mesa-libGL o XFree86-Mesa-libGLU o XFree86-Xnest o XFree86-Xvfb o XFree86-base-fonts o XFree86-cyrillic-fonts o XFree86-devel o XFree86-doc o XFree86-font-utils o XFree86-libs o XFree86-libs-data o XFree86-syriac-fonts o XFree86-tools o XFree86-truetype-fonts o XFree86-twm o XFree86-xauth o XFree86-xdm o XFree86-xfs o ami o anaconda-images o ant o ant-libs o aspell-en-ca o aspell-en-gb o aspell-pt_BR o bcel o bonobo-activation o bonobo-activation-devel o cipe o commons-beanutils o commons-collections o commons-digester o commons-logging o commons-modeler o compat-gcc o compat-gcc-c++ o compat-glibc o compat-libstdc++ o compat-libstdc++-devel o compat-pwdb o compat-slang o cup o dev o devlabel o dvdrecord o fam o fam-devel o fontilus o gcc-c++-ssa o gcc-g77-ssa o gcc-java-ssa o gcc-objc-ssa o gcc-ssa o gdk-pixbuf-gnome o gnome-libs o gnome-libs-devel o gnome-vfs2-extras o gtkam o gtkam-gimp o im-sdk o imap o itcl o jakarta-regexp o jfsutils o kde-i18n-Afrikaans o kde-i18n-Korean o kdoc o kernel-source o kinput2-canna-wnn6 o libgcc-ssa o libgcj-ssa o libgcj-ssa-devel o libmrproject o libmudflap o libmudflap-devel o libole2 o libole2-devel o libstdc++-ssa o libstdc++-ssa-devel o linc o linc-devel o losetup o lvm o magicdev o modutils o modutils-devel o mount o mozilla-psm o mrproject o mx4j o openoffice o openoffice-i18n o openoffice-libs o perl-CGI o perl-CPAN o perl-DB_File o perl-Net-DNS o printman o pspell o pspell-devel o python-optik o raidtools o rarpd o redhat-config-bind o redhat-config-date o redhat-config-httpd o redhat-config-keyboard o redhat-config-kickstart o redhat-config-language o redhat-config-mouse o redhat-config-netboot o redhat-config-network o redhat-config-network-tui o redhat-config-nfs o redhat-config-packages o redhat-config-printer o redhat-config-printer-gui o redhat-config-proc o redhat-config-rootpassword o redhat-config-samba o redhat-config-securitylevel o redhat-config-securitylevel-tui o redhat-config-services o redhat-config-soundcard o redhat-config-users o redhat-config-xfree86 o redhat-java-rpm-scripts o redhat-logviewer o redhat-switch-mail o redhat-switch-mail-gnome o rh-postgresql o rh-postgresql-contrib o rh-postgresql-devel o rh-postgresql-docs o rh-postgresql-jdbc o rh-postgresql-libs o rh-postgresql-python o rh-postgresql-tcl o shapecfg o switchdesk o switchdesk-gnome o switchdesk-kde o xalan-j o xerces-j Packages Deprecated We seek to preserve functionality across major releases, but reserves the right to change the specific implementation and packaging of components between major releases. The following packages are included in Scientific Linux 4.0, but may be removed from future releases. Developers and users are advised to migrate away from these packages. o 4Suite -- Only used by system-config-* tools o FreeWnn -- IIIMF is the recommended input method o FreeWnn-devel -- IIIMF is the recommended input method o FreeWnn-libs -- IIIMF is the recommended input method o alchemist -- Only used by system-config-* tools o alchemist-devel -- Only used by system-config-* tools o aumix -- Redundant with other volume control tools o autoconf213 -- Backwards compatibility dev tool o automake14 -- Backwards compatibility dev tool o automake15 -- Backwards compatibility dev tool o automake16 -- Backwards compatibility dev tool o automake17 -- Backwards compatibility dev tool o compat-db -- Backwards compatibility library o compat-gcc-32 -- Backwards compatibility library/tool o compat-gcc-32-c++ -- Backwards compatibility library/tool o compat-glibc -- Backwards compatibility library/tool o compat-libgcc-296 -- Backwards compatibility library/tool o compat-libstdc++-296 -- Backwards compatibility library/tool o compat-libstdc++-33 -- Backwards compatibility library/tool o compat-openldap -- Backwards compatibility library/tool o dbskkd-cdb -- IIIMF is the recommended input method o dev86 -- Required only for lilo o dietlibc -- Only supported for installer use o eog -- Integrated support in Nautilus o gftp -- Integrated FTP in Firefox and Nautilus o gnome-libs -- Replaced by libgnome o imlib -- Replaced by gdk-pixbuf o imlib-devel -- Replaced by gdk-pixbuf o kinput2 -- IIIMF is the recommended input method o libghttp -- Deprecated library o libghttp-devel -- Deprecated library o lilo -- Replaced by grub o mikmod -- Deprecated sound format o mikmod-devel -- Deprecated sound format o miniChinput -- IIIMF is the recommended input method o mozilla -- Replaced by Firefox/Thunderbird/Evolution o mozilla-chat -- Replaced by Firefox/Thunderbird/Evolution o mozilla-devel -- Replaced by Firefox/Thunderbird/Evolution o mozilla-dom-inspector -- Replaced by Firefox/Thunderbird/Evolution o mozilla-js-debugger -- Replaced by Firefox/Thunderbird/Evolution o mozilla-mail -- Replaced by Firefox/Thunderbird/Evolution o mozilla-nspr -- Replaced by Firefox/Thunderbird/Evolution o mozilla-nspr-devel -- Replaced by Firefox/Thunderbird/Evolution o mozilla-nss -- Replaced by Firefox/Thunderbird/Evolution o mozilla-nss-devel -- Replaced by Firefox/Thunderbird/Evolution o nabi -- IIIMF is the recommended input method o newt-perl -- Only required by crypto-utils o openmotif21 -- Backwards compatibility library o openssl096b -- Backwards compatibility library o skkdic -- IIIMF is the recommended input method o skkinput -- IIIMF is the recommended input method o xcin -- IIIMF is the recommended input method o xmms -- Replaced by rhythmbox, Helix Player o xmms-devel -- Replaced by rhythmbox, Helix Player o xmms-flac -- Replaced by rhythmbox, Helix Player o xmms-skins -- Replaced by rhythmbox, Helix Player ( x86 )