The following topics are covered in this document:
Changes to the CentOS installation program (Anaconda)
General information
Changes to drivers and hardware support
Changes to packages
The following section includes information specific to the CentOS installation program, Anaconda.
In order to upgrade an already-installed CentOS 3 system to Update 2, you must use yum to update those packages that have changed. The use of Anaconda to upgrade to Update 2 is not supported.
Use Anaconda only to perform a fresh install of CentOS 3 Update 2.
If you are copying the contents of the CentOS 3 Update 2 CD-ROMs (in preparation for a network-based installation, for example) be sure you copy the CD-ROMs for the operating system only. Do not copy the Extras CD-ROM, or any of the layered product CD-ROMs, as this will overwrite files necessary for Anaconda's proper operation.
These CD-ROMs must be installed after CentOS has been installed.
This section contains general information not specific to any other section of this document.
For information regarding various system configuration limits, refer to:
CentOS 3 Update 2 adds a graphical boot option back-ported from Fedora Core. It is disabled by default; to enable, add the rhgb option to the boot command line, and ensure that the GRAPHICAL line in /etc/sysconfig/init reads:
GRAPHICAL=yes
To speed login when NIS is used, it is now possible to request the use of the netid.byname map instead of the groups.byname map for providing group-related information to NIS clients. This map is traditionally not used for this purpose, but in most configurations contains the necessary information, and is generated by default on recent Linux and Solaris™ NIS servers.
To enable this feature, find the following line in /etc/default/nss:
# NETID_AUTHORITATIVE=TRUE
Next, use a text editor to remove the leading '#' character, saving your changes when done.
No cross-checks of the netid.byname map are done by either the NIS server or client. Therefore, the responsibility of ensuring that netid.byname contains appropriate information rests with the system administrator.
It is also possible to improve NIS performance by using the services.byservicename map. If this map exists and has been built properly, its use can be enabled by the following setting in /etc/default/nss:
SERVICES_AUTHORITATIVE=TRUE
The services.byservicename map must contain both names of services and aliases as keys, both without protocol specified and with protocol. Recently-updated CentOS and Solaris NIS servers provide properly-built services.byservicename maps.
The CentOS 3 Update 2 Extras CD-ROM includes the fonts-monotype package. This optional package contains the Albany™, Cumberland™, and Thorndale™ fonts by Agfa Monotype. These fonts provide a core set of document fonts with metrics close to those of core fonts included with other common operating systems.
CentOS 3 Update 2 features LAuS, the Linux Auditing System. This system is composed of kernel-resident and user-space components that facilitate highly-configurable and robust logging of system call use. This document provides an overview of how the auditing system is put together and basic information on how to get it running. Pointers to relevant documentation are also provided that should help in making the best use of this new capability.
LauS consist of two types of components:
The kernel component
The User-space components
The default kernel provided with CentOS 3 Update 2 contains modifications that enable system-call auditing. When auditing is not in use, these modifications are performance-neutral. The kernel component provides access to the auditing facilities through a character-special device — /dev/audit. Through this device, a user-space daemon (auditd) can enable or disable auditing and can provide the kernel with the rulesets it is to use to determine when an invocation of a system call must be logged. This device is also used by auditd to retrieve audit records from the kernel for transfer to the audit log. Refer to the audit(4) man page for information about supported ioctl() calls and /proc/ interfaces for managing and tuning auditing behavior.
There are a number of programs provided that transfer audit records from the kernel to the audit log and manipulate the resulting data. These programs and their documentation are found in the laus package.
Auditing is performed for a process if that process registers itself with the kernel as auditable. This registration is propagated to any process started from a registered process. Modifications were made to PAM to assure the auditing of all user sessions when kernel auditing is enabled.
The audit daemon can be run as a service and configured with chkconfig. The audit daemon reads a number of files from /etc/audit/ at startup.
The contents of /etc/audit/audit.conf specify how and where to write audit records and what to do if the logs overrun available disk space. The contents of /etc/audit/filesets.conf and /etc/audit/filters.conf specify the rulesets the kernel uses to determine if a system call is auditable. The audit daemon can also be run with the -r option to instruct auditd to reload the rulesets and communicate any changes to the kernel. Refer to the auditd(8), audit-filters(5), audit-conf(5), and audit-filesets(5) man pages for more information.
This program enables an auditing context for itself and execs the program specified on its command line. This can be used to enable auditing on processes that are not generally part of a user session. Refer to the aurun(8) man page for more information.
This program writes the contents of the audit log to standard output. There are also options for specifying the level of detail required. Refer to the aucat(1) man page for more information.
This program writes audit log records matching specified patterns to standard output. Refer to the augrep(1) man page for more information.
The Pluggable Authentication Modules package has been modified to log authentication activity. Failed and successful authentications are logged to the audit log. PAM marks for auditing all sessions which are started from successful authentication and generates an audit record when the session is terminated.
This update includes bug fixes for a number of drivers. The more significant driver updates are listed below. In some cases, the original driver has been preserved under a different name, and is available as a non-default alternative for organizations that wish to migrate their driver configuration to the latest versions at a later time.
The migration to the latest drivers should be completed before the next CentOS update is applied, because in most cases only one older-revision driver will be preserved for each update.
These release notes also indicate which older-revision drivers have been removed from this kernel update. These drivers have the base driver name with the revision digits appended; for example, megaraid_2002.o. You must remove these drivers from /etc/modules.conf before installing this kernel update.
Keep in mind that the only definitive way to determine what drivers are being used is to review the contents of /etc/modules.conf. Use of the lsmod command is not a substitute for examining this file.
IBM ServeRAID (ips driver)
The ips driver has been updated from 6.10.52 to 6.11.07
The new driver is scsi/ips.o
The older driver has been preserved as addon/ips_61052/ips_61052.o
The 6.00.26 driver (ips_60026.o) has been removed
LSI Logic RAID (megaraid driver)
The megaraid2 driver has been updated from v2.00.9 to v2.10.1.1
The new driver is scsi/megaraid2.o
The older driver has been preserved as addon/megaraid_2009/megaraid_2009.o
The default driver remains the v1.18k driver (megaraid.o)
LSI Logic MPT Fusion (mpt* drivers)
These drivers have been updated from 2.05.05+ to 2.05.11.03
The new drivers are located in message/fusion/
The older drivers have been preserved in addon/fusion_20505/
Compaq SA53xx Controllers (cciss driver)
The cciss driver has been updated from 2.4.47.RH1 to 2.4.50.RH1
QLogic Fibre Channel (qla2xxx driver)
These drivers have been updated from 6.06.00b11 to 6.07.02-RH2
The new drivers are located in addon/qla2200/
The older driver have been preserved in addon/qla2200_60600b11/
Note that the QLA2100 adapter has been retired by QLogic. This adapter is no longer supported by QLogic. Therefore, the driver is located in the kernel-unsupported package.
Intel PRO/1000 (e1000 driver)
This driver has been updated from 5.2.20-k1 to 5.2.30.1-k1
Broadcom Tigon3 (tg3 driver)
This driver has been updated from v2.3 to v2.7
Network Bonding (bonding driver)
This driver has been updated from 2.2.14 to 2.4.1
Serial ATA (libata driver)
This driver has been updated to version 1.01
This section contains listings of packages that have been updated or added from CentOS 3 as part of Update 2.
These package lists include packages from all variants of CentOS 3. Your system may not include every one of the packages listed here.
The following packages have been updated from the original release of CentOS 3:
anaconda
anaconda-images
anaconda-runtime
ant
ant-devel
ant-libs
arptables_jf
arpwatch
at
binutils
clumanager
compat-gcc
compat-gcc-c++
compat-gcc-g77
compat-gcc-objc
compat-glibc
compat-libstdc++
compat-libstdc++-devel
comps
cpp
cvs
cyrus-sasl
cyrus-sasl-devel
cyrus-sasl-gssapi
cyrus-sasl-md5
cyrus-sasl-plain
dev
devlabel
distcache
distcache-devel
elfutils
elfutils-devel
elfutils-libelf
elilo
ethereal
ethereal-gnome
firstboot
fontconfig
fontconfig-devel
freeradius
freeradius-mysql
freeradius-postgresql
freeradius-unixODBC
gaim
gcc
gcc-c++
gcc-c++-ssa
gcc-g77
gcc-g77-ssa
gcc-gnat
gcc-java
gcc-java-ssa
gcc-objc
gcc-objc-ssa
gcc-ssa
GConf2
GConf2-devel
gdb
gdk-pixbuf
gdk-pixbuf-devel
gdk-pixbuf-gnome
gdm
glibc
glibc-common
glibc-debug
glibc-devel
glibc-headers
glibc-profile
glibc-utils
gnome-mime-data
gnome-panel
gnupg
hotplug
httpd
httpd-devel
hwdata
initscripts
iproute
ipsec-tools
iptables
iptables-ipv6
kbd
kdegames
kdegames-devel
kdepim
kdepim-devel
kernel
kernel-doc
kernel-source
kernel-unsupported
kernel-utils
kinput2-canna-wnn6
krb5-devel
krb5-libs
krb5-server
krb5-workstation
kudzu
kudzu-devel
lftp
libf2c
libgcc
libgcc-ssa
libgcj
libgcj-devel
libgcj-ssa
libgcj-ssa-devel
libgnat
libmudflap
libmudflap-devel
libobjc
libpcap
libstdc++
libstdc++-devel
libstdc++-ssa
libstdc++-ssa-devel
libxml2
libxml2-devel
libxml2-python
MAKEDEV
mdadm
modutils
modutils-devel
mod_python
mod_ssl
mozilla
mozilla-chat
mozilla-devel
mozilla-dom-inspector
mozilla-js-debugger
mozilla-mail
mozilla-nspr
mozilla-nspr-devel
mozilla-nss
mozilla-nss-devel
mutt
net-snmp
net-snmp-devel
net-snmp-perl
net-snmp-utils
netdump
netdump-server
netpbm
netpbm-devel
netpbm-progs
nfs-utils
nptl-devel
nscd
nss_ldap
openssh
openssh-askpass
openssh-askpass-gnome
openssh-clients
openssh-server
openssl
openssl-devel
openssl-perl
openssl096b
oprofile
oprofile-devel
pam
pam-devel
pam_krb5
popt
postfix
pwlib
pwlib-devel
quagga
quagga-contrib
quagga-devel
rdist
redhat-config-cluster
redhat-config-kickstart
redhat-config-network
redhat-config-network-tui
redhat-config-packages
redhat-config-printer
redhat-config-printer-gui
redhat-config-xfree86
redhat-rpm-config
rh-postgresql
rh-postgresql-contrib
rh-postgresql-devel
rh-postgresql-docs
rh-postgresql-jdbc
rh-postgresql-libs
rh-postgresql-pl
rh-postgresql-python
rh-postgresql-server
rh-postgresql-tcl
rh-postgresql-test
rhdb-admin
rhdb-docs
rhdb-explain
rhpl
rpm
rpm-build
rpm-devel
rpm-python
rpmdb-redhat
rsync
samba
samba-client
samba-common
samba-swat
sendmail
sendmail-cf
sendmail-devel
sendmail-doc
shadow-utils
slocate
strace
struts
sysklogd
sysstat
SysVinit
tcpdump
unixODBC
unixODBC-devel
unixODBC-kde
up2date
up2date-gnome
vsftpd
xemacs
xemacs-el
xemacs-info
XFree86
XFree86-100dpi-fonts
XFree86-75dpi-fonts
XFree86-base-fonts
XFree86-cyrillic-fonts
XFree86-devel
XFree86-doc
XFree86-font-utils
XFree86-ISO8859-14-100dpi-fonts
XFree86-ISO8859-14-75dpi-fonts
XFree86-ISO8859-15-100dpi-fonts
XFree86-ISO8859-15-75dpi-fonts
XFree86-ISO8859-2-100dpi-fonts
XFree86-ISO8859-2-75dpi-fonts
XFree86-ISO8859-9-100dpi-fonts
XFree86-ISO8859-9-75dpi-fonts
XFree86-libs
XFree86-libs-data
XFree86-Mesa-libGL
XFree86-Mesa-libGLU
XFree86-sdk
XFree86-syriac-fonts
XFree86-tools
XFree86-truetype-fonts
XFree86-twm
XFree86-xauth
XFree86-xdm
XFree86-xfs
XFree86-Xnest
XFree86-Xvfb
ypbind
ypserv
The following packages have been added to CentOS 3 Update 2:
commons-dbcp
commons-dbcp-devel
commons-pool
commons-pool-devel
eclipse
elfutils-libelf-devel
gnu-efi
jaf
jaf-devel
java-javadoc
javamail
javamail-devel
jpackage-utils
junit
junit-devel
laus
laus-devel
libunwind
mtx
mysql-jdbc
rh-cs-de
rh-cs-es
rh-cs-fr
rh-cs-it
rh-cs-ja
rh-cs-ko
rh-cs-pt_br
rh-cs-zh_cn
rh-cs-zh_tw
rhdb-cc
rhgb
sg3_utils
struts-webapps
The following packages have been removed from CentOS 3 Update 2:
mod_jk2
mod_webapp
mozilla-psm
( ia64 )