Table of Contents
Advertisement
* systems with NUMA nodes which were not ordered contiguously caused numactl to return incorrect
and therefore invalid NUMA data. With this update, numactl shows correct and valid data for systems
with NUMA nodes which are discontiguous in addition to those which are contiguous.
* the "numactl" command possesses an '-H' short option that corresponds to the long option, '--
hardware', which is used to show the inventory of available nodes on the system. However, numactl
did not recognize the short '-H' option. With this update, numactl now recognizes the '-H' option, which
once again has the same affect as '--hardware'.
All users of numactl are advised to upgrade to these updated packages, which resolve these issues.
1.137. openCryptoki
1.137.1. RHBA-2009:1685: bug fix update
Note
This update has already been released (prior to the GA of this release) as errata
RHBA-2009:1685
Updated openCryptoki packages that resolve several issues are now available.
The openCryptoki package contains version 2.11 of the PKCS#11 API, implemented for IBM
Cryptocards. This package includes support for the IBM 4758 Cryptographic CoProcessor (with the
PKCS#11 firmware loaded), the IBM eServer Cryptographic Accelerator (FC 4960 on IBM eServer
System p), the IBM Crypto Express2 (FC 0863 or FC 0870 on IBM System z), the IBM CP Assist for
Cryptographic Function (FC 3863 on IBM System z).
These updated openCryptoki packages provide fixes for the following bugs:
* after initializing a hardware cryptographic token, attempting to unwrap an AES key failed and caused
openCryptoki to return a "CKR_TEMPLATE_INCOMPLETE" error code. With this update, AES key
unwrapping now succeeds as expected.
* the openCryptoki API enables programs to offload the computation of the message authentication
code (MAC) to the Central Processor Assist for Cryptographic Function (CPACF) of cryptographic
hardware. When using PKCS#11 for the acceleration of cryptographic instructions, openCryptoki
returned an error code of "411", indicating that the MAC was unable to be verified. With this update,
the MAC is now computed successfully after being offloaded to the CPACF.
* openCryptoki was not properly recognizing that secure-key crypto support was installed, and so the
"CCA" token was not being enabled for use.
All users of openCryptoki are advised to upgrade to these updated packages, which resolve these
issues.
1539
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=491689
1540
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=502241
1542
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=540471
1543
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=540474
1544
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=545379
(BZ#502241
1541
(BZ#540471
(BZ#545379
1540
)
1542
)
1544
)
openCryptoki
1539
(BZ#491689
1543
(BZ#540474
)
)
185
Advertisement
Table of Contents
Related Manuals for Red Hat ENTERPRISE LINUX 5.5 - TECHNICAL NOTES
Related Products for Red Hat ENTERPRISE LINUX 5.5 - TECHNICAL NOTES
- Red Hat APPLICATION SERVER - JONAS
- Red Hat APPLICATION STACK 1.1 RELEASE
- Red Hat APPLICATION STACK 1.2 RELEASE
- Red Hat APPLICATION STACK 1.3 RELEASE
- Red Hat APPLICATION STACK 1.4 RELEASE
- Red Hat APPLICATION STACK 2.0 RELEASE
- Red Hat APPLICATION STACK 2.1 RELEASE
- Red Hat APPLICATION STACK 2.2 RELEASE