ProHoster > Blog > internet news > Red Hat Enterprise Linux 8.8 distribution release

Red Hat Enterprise Linux 8.8 distribution release

Following the release of Red Hat Enterprise Linux 9.2, an update to the previous branch of Red Hat Enterprise Linux 8.8 has been published, which is accompanied in parallel with the RHEL 9.x branch and will be supported until at least 2029. Installation builds are prepared for the x86_64, s390x (IBM System z), ppc64le and Aarch64 architectures, but are available for download only to registered users of the Red Hat Customer Portal (CentOS Stream 9 iso images and free RHEL builds for developers can also be used). Red Hat Enterprise Linux 8 rpm packages are distributed through the CentOS Git repository.

Preparation of new releases is carried out in accordance with the development cycle, which implies the formation of releases every six months at a predetermined time. Until 2024, the 8.x branch will be in the full support phase, which includes the inclusion of functional improvements, after which it will move into the maintenance phase, in which the priorities will shift towards bug fixes and security, with minor improvements related to support for important hardware systems.

Key changes:

  • Updated server and system packages: nginx 1.22, Libreswan 4.9, OpenSCAP 1.3.7, Grafana 7.5.15, powertop rebased 2.15, tuned 2.20.0, NetworkManager 1.40.16, mod_security 2.9.6, samba 4.17.5.
  • New versions of compilers and developer tools included: GCC Toolset 12, LLVM Toolset 15.0.7, Rust Toolset 1.66, Go Toolset 1.19.4, Python 3.11, Node.js 18.14, PostgreSQL 15, Git 2.39.1, Valgrind 3.19, SystemTap 4.8, Apache Tomcat 9.
  • FIPS mode settings have been changed to comply with the FIPS 140-3 standard. Disabled 3DES, ECDH and FFDH, minimum HMAC key size limited to 112 bits, and RSA keys limited to 2048 bits, disabled SHA-224, SHA-384, SHA512-224, SHA512-256, SHA3-224 and SHA3 hashes in the DRBG pseudo-random number generator -384.
  • Updated SELinux policies to support systemd-socket-proxyd.
  • The yum package manager implements the offline-upgrade command to apply updates to the system offline. The essence of the offline update is that first, new packages are downloaded with the β€œyum offline-upgrade download” command, after which the β€œyum offline-upgrade reboot” command is executed to reboot the system into a minimal environment and install the available updates in it without interfering with worker processes. After the installation of updates is complete, the system reboots into a normal working environment. When downloading packages for offline updates, you can apply filters, for example, "--advisory", "--security", "--bugfix".
  • A new synce4l package has been added to use the SyncE (Synchronous Ethernet) frequency synchronization technology supported in some network cards and network switches, which can improve the communication efficiency in RAN (Radio Access Network) applications due to more accurate time synchronization.
  • A new configuration file /etc/fapolicyd/rpm-filter.conf has been added to the fapolicyd (File Access Policy Daemon) framework, which allows you to determine which programs can be run by a certain user and which cannot, to configure the list of files from the database for the RPM package manager that processes fapolicyd. For example, a new configuration file can be used to exclude individual applications installed through the RPM package manager from access policies.
  • In the kernel, when dumping information about a detected SYN flood into the log, information about the IP address that received the connection is provided to simplify determining the purpose of the flood on systems with handlers bound to different IP addresses.
  • Added a system role for the podman toolkit to manage Podman settings, containers, and systemd services that run Podman containers. Podman has added support for generating audit events, attaching pre-launch hooks (/usr/libexec/podman/pre-exec-hooks and /etc/containers/pre-exec-hooks), and using the Sigstore format to store digital signatures along with container images.
  • Updated container-tools for managing isolated containers, including packages such as Podman, Buildah, Skopeo, crun and runc.
  • A toolbox utility has been added that allows you to launch an additional isolated environment, which can be arranged arbitrarily using the usual DNF package manager. The developer just needs to execute the β€œtoolbox create” command, after which at any time he can enter the generated environment with the β€œtoolbox enter” command and install any packages using the yum utility.
  • Added support for vhd imaging used in Microsoft Azure for ARM64 architecture.
  • SSSD (System Security Services Daemon) added support for lowercase home directory names (using the "%h" substitution in the override_homedir attribute specified in /etc/sssd/sssd.conf). In addition, users are allowed to change the password stored in LDAP (enabled by setting the ldap_pwd_policy attribute in /etc/sssd/sssd.conf to shadow).
  • glibc implements a new sorting algorithm for DSO dynamic linking that uses a depth-first search (DFS) technique to address performance issues in handling looped dependencies. To select the DSO sort algorithm, the glibc.rtld.dynamic_sort=2 parameter is proposed, which can be assigned the value "1" to roll back to the old algorithm.
  • The rteval utility provides summary information about program downloads, threads, and the CPU involved in executing those threads.
  • Additional options have been added to the oslat utility for measuring latency.
  • Added new drivers for SoC Intel Elkhart Lake, Solarflare Siena, NVIDIA sn2201, AMD SEV, AMD TDX, ACPI Video, Intel GVT-g for KVM, HP iLO/iLO2.
  • Added experimental support for Intel Arc discrete graphics cards (DG2/Alchemist). To enable hardware acceleration on such video cards, specify the card's PCI ID during boot via the "i915.force_probe=pci-id" kernel parameter.
  • The inkscape package inkscape1 has been replaced with inkscape1, which uses Python 3. The version of Inkscape has been updated from 0.92 to 1.0.
  • Kiosk mode provides the ability to use the GNOME On-Screen Keyboard.
  • The libsoup library and the Evolution mail client have added support for authentication in Microsoft Exchange Server using the NTLMv2 protocol.
  • GNOME provides the ability to customize the context menu shown when you right-click on the desktop. The user can now add items to the menu to run arbitrary commands.
  • GNOME allows you to disable changing virtual desktops by swiping up or down with three fingers on the touchpad.
  • Continued to provide experimental (Technology Preview) support for AF_XDP, XDP hardware offloading, Multipath TCP (MPTCP), MPLS (Multi-protocol Label Switching), DSA (data streaming accelerator), KTLS, dracut, kexec fast reboot, nispor, DAX in ext4 and xfs, systemd-resolved, accel-config, igc, OverlayFS, Stratis, Software Guard Extensions (SGX), NVMe/TCP, DNSSEC, GNOME on ARM64 and IBM Z systems, AMD SEV for KVM, Intel vGPU, Toolbox.

Source: opennet.ru

Add a comment