ProHoster > Blog > internet news > Red Hat Enterprise Beta Release Linux 10 and the release of RHEL 9.5

Red Hat Enterprise Beta Release Linux 10 and the release of RHEL 9.5

Red Hat has released a beta version of its Red Hat Enterprise distribution. Linux 10 and the release of Red Hat Enterprise Linux 9.5. Ready-made installation images are prepared for registered users of the Red Hat Customer Portal (ISO images can also be used to evaluate the functionality) CentOS Stream 10 and CentOS Stream 9.5, as well as free RHEL developer builds. Repositories with RHEL 10 binary packages are publicly available. Releases are available for the x86_64, s390x (IBM System z), ppc64le, and Aarch64 (ARM64) architectures. RHEL 10 is expected to be released in the first half of next year.

The RHEL 10 branch uses the package base as a basis CentOS Stream 10, positioned as an upstream project for RHEL, allows third-party contributors to control RHEL package development, propose changes, and influence decisions. Under the distribution's 13-year support cycle, RHEL 10 will be supported until 2035, plus three years of extended paid support. Updates for RHEL 9 will continue to be released until the end of May 2032, and for RHEL 8, until 2029.

The source code for the RHEL 10 RPM packages is available for free download. RHEL 9.5 packages are not hosted in a public git repository.centos.org and are provided to the company's clients only through a closed section of the website, which is subject to a user agreement (EULA) prohibiting data redistribution, preventing the use of these packages for creating derivative distributions. The RHEL 9.5 source code remains available in the repository. CentOS Stream, but it is not completely synchronized with RHEL and does not always have the latest versions of packages that match those in RHEL. Rocky Linux, Oracle and SUSE reproduce the source code of RHEL release rpm packages as part of the OpenELA project.

Key changes in RHEL 10:

  • When creating new users through the Anaconda installer interface, these users are granted administrator rights by default (a special setting is available to disable this behavior). The installer also offers a new interface for selecting the time zone. RDP protocol is used for remote access to the installer instead of VNC.
  • Added support for quantum-resistant encryption algorithms. These algorithms are available in OpenSSL, OpenSSH, and system cryptographic policies (crypto-policies). OpenSSL now supports creating files with certificates and keys in PKCS #12 format that comply with FIPS requirements. Instead of the openssl-pkcs11 engine, the pkcs11-provider is used, allowing you to use hardware keys in apache httpd, libssh, bind, and other applications that use OpenSSL. Access rights to SSH host keys have been changed from 0640 to 0600 (access only to the owner). GnuTLS now supports certificate compression using zlib, brotli, and zstd.
  • In addition to GnuPG, the Sequoia command-line toolkit (sq and sqv utilities) is included with an implementation of the OpenPGP standard (RFC-4880) in Rust.
  • The DNF package manager disables loading metadata with lists of files included in packages (filelist) by default. Such data is rarely used, but is large and slows down the work. The rpm-sequoia library is used to work with PGP in DNF and RPM.
  • Updated versions of developer packages: GCC 14.2, LLVM 18.1.8, Python 3.12, Ruby 3.3, OpenJDK 21, Rust 1.79.0, Go 1.22, Node.js 22, Perl 5.40, PHP 8.3, Git 2.45, Subversion 1.14, SystemTap 5.1, Valgrind 3.23.0.
  • Updated server packages: OpenSSH 9.8, nginx 1.26, Apache HTTPD 2.4.62, Varnish Cache 7.4, Squid 6.10, MariaDB 10.11, MySQL 8.4, PostgreSQL 16, PCP 6.3.0, Grafana 10.2.6, libreswan 4.15, Pacemaker 2.1.8, 389-ds-base 3.0.4, Podman 5.0.
  • System packages updated: kernel Linux 6.11, glibc 2.39, binutils 2.41, NSS 3.101, gnutls 3.8.7, polkit 125.
  • New packages tuned-ppd (instead of power-profiles-daemon), libcpuid and dnsconfd (background process for DNS caching) have been added. Due to the transfer of the Redis DBMS code base to a proprietary license, the Valkey fork has been proposed instead of Redis. Kea DHCP is used instead of the ISC DHCP server. The zlib-ng-compat package is used instead of zlib.
  • By default, predictive name selection mode is enabled for network interfaces (net.ifnames=1). NetworkManager for IPv4 has a duplicate detection mechanism enabled. IP addresses DAD (Duplicate Address Detection) to prevent the same IP address from being assigned to different systems on the local network.
  • Disk images (such as system images for AWS and KVM) no longer use a separate /boot partition.
  • Added experimental support for the Composefs file system, implemented as an add-on to the OverlayFS and EROFS file systems, and optimized for efficient joint storage of the contents of several mounted disk images.
  • Provided experimental (Technology Preview) support for AMD SEV, SEV-SNP and SEV-ES in the KVM hypervisor.
  • User-space SE toolkitLinux (libsepol, libselinux, libsemanage, policycoreutils, checkpolicy, mcstrans) have been updated to version 3.7, which implements the "audit2allow -C" parameter for output in CIL (Common Intermediate Language) format. Support for the Wayland protocol has been added to the sandbox utility.
  • The Keylime component has added support for identifying devices via IDevID (Initial Device Identity) and IAK (Initial Attestation Key), and the TLS 1.3 protocol is enabled by default.
  • The web console offers a new file manager (cockpit-files package), which allows you to manage files and directories.
    Red Hat Enterprise Beta Release Linux 10 and the release of RHEL 9.5
  • The CUPS print server has mDNS and broadcast modes disabled by default, which are involved in recently discovered remotely exploitable vulnerabilities.
  • glibc includes variants of the memcpy and memmove functions optimized for AMD Zen 3 and Zen 4 processors.
  • The transition to delivering Firefox and Thunderbird in Flatpak packages has been completed.
  • The GNOME Classic session now features an overview mode for viewing open windows, which was previously only available in the standard GNOME session.
  • A large number of new drivers have been added, including drivers for the QAT (QuickAssist Technology) accelerator built into Intel processors, which offers tools for accelerating calculations used in compression and encryption.
  • The following packages have been discontinued: sendmail (it is recommended to switch to postfix), redis, dhcp, dhcp-client, mod_security (moved to EPEL), spamassassin (moved to EPEL), xsane, runc.
  • The squashfs and wget packages, as well as the utmp and utmpx interfaces in glibc, have been deprecated.

Key changes in RHEL 9.5:

  • Updated developer packages: GCC 11.5, Node.js 22, GCC Toolset 14, LLVM Toolset 18.1.8, Rust Toolset 1.79.0, Go Toolset 1.22, OpenJDK 17, GDB 14.2, Valgrind 3.23.0, SystemTap 5.1, elfutils 0.191, libabigail 2.5.
  • Updated versions of system packages: OpenSSL 3.2.2, NSS 3.101, clevis 20, ipa 4.12.0, Podman 5.0.
  • Updated server packages: Apache HTTPD 2.4.62, BIND 9.18, PCP 6.2.2, Grafana 10.2.6, libreswan 4.15, PostgreSQL 16, samba 4.20.2.
  • Added a new system role for managing and configuring sudo. Snapshot role now supports snapshot management in an LVM pool. Expanded capabilities for postfix, podman, ssh, network, nbde_client, journald, logging, and storage roles.
  • Under SE protectionLinux The nbdkit and bootupd services have been migrated. Support for running commands under SE protection has been added.Linux via QEMU Guest Agent.
  • Added support for live migration of virtual machines with NVIDIA vGPUs passed through.
  • For the web console, a cockpit-files package with a file manager implementation is proposed.
  • IPsec connectivity support has been added to NetworkManager. VPN using IPv6 addresses.
  • Simultaneous use of firewalld and nftables services is allowed.
  • Added support for the Composefs file system.
  • When building CPython in GCC, the "-O3" optimization mode is enabled, which has improved Python performance by about 4%.
  • For Glibc, the "GLIBC_TUNABLES=glibc.cpu.prefer_map_32bit_exec=1" mode is implemented, which enables the placement of dynamic objects in the address space not randomly, but closely to each other, which allows for increased performance in some configurations at the cost of reduced ASLR protection. glibc includes versions of the memcpy and memmove functions optimized for AMD Zen 3 and Zen 4 processors.
  • The implementation of the eBPF subsystem is synchronized with the kernel Linux 6.8 (previous release used the kernel eBPF implementation Linux 6.6).
  • The tmpfs file system, commonly used for the /tmp partition, now supports disk quotas.
  • OpenSSL has added experimental client-side support for the QUIC protocol.
  • Added experimental support for offload mode to move UDP packet encapsulation operations to IPsec to the network card side.
  • Added experimental support for HSM (Hardware Security Module).
  • Added experimental capability to use LMDB database in Directory Server.
  • An experimental ipa-migrate command has been added to Identity Management to migrate data to another IdM server.
  • Continued provision of experimental (Technology Preview) support:
    • VPN WireGuard,
    • kTLS (kernel-level TLS),
    • asynchronous input/output interface io_uring,
    • DAX (Direct Access) for ext4 and XFS,
    • AMD SEV and SEV-ES in KVM hypervisor,
    • systemd-resolved service,
    • Sigstore mechanism for verifying containers using digital signatures,
    • PRP (Parallel Redundancy Protocol) and HSR (High-availability Seamless Redundancy) protocols,
    • hardware acceleration of IPsec by moving packet encapsulation operations to the network card side,
    • ACME certificate management protocol used in Let's Encrypt,
    • SRv6 (Segment Routing over IPv6,
    • package with graphic editor GIMP 2.99.8,
    • MPTCP (Multipath TCP) settings via NetworkManager,
    • DNSSEC in IdM,
    • virtio-mem
    • Socket API for TuneD,
    • Soft-iWARP (Internet Wide-area RDMA Protocol),
    • GNOME for ARM64 and IBM Z.
  • The libgcrypt and pam_ssh_agent_auth packages have been deprecated.
  • X.org Server and related components have been removed from the distribution (this was not mentioned in the test release notes, but was planned). The ability to run X11 applications in a Wayland session is provided by the XWayland DDX server.
  • The PulseAudio sound server has been replaced by the PipeWire package. The TigerVNC, Totem, power-profiles-daemon, gedit, gtkmm, WebKitGTK, Evolution, Festival, Eye of GNOME, Cheese, Tweaks and Qt5 packages have been removed (only Qt 6 remains).

    Source: opennet.ru
Buy reliable hosting for sites with DDoS protection, VPS VDS servers 🔥 Buy reliable website hosting with DDoS protection, VPS VDS servers | ProHoster