Red Hat Enterprise Release Linux 9.6

Following the new RHEL 10 branch, Red Hat has released the Red Hat Enterprise distribution. Linux 9.6. Ready-made installation images are available for registered users of the Red Hat Customer Portal (ISO images can also be used to evaluate functionality) CentOS Stream 9 and free RHEL developer builds). The release is designed for the x86_64, s390x (IBM System z), ppc64le, and Aarch64 (ARM64) architectures. In accordance with the distribution's 10-year support cycle, RHEL 9 will be supported until 2032.

The source code for RHEL 9.6 RPM packages is provided to the company's customers only through a closed section of the website, which is subject to a user agreement (EULA) prohibiting data redistribution, preventing the use of these packages for creating derivative distributions. The source code remains available in the repository. CentOS Stream, but it is not fully synchronized with RHEL and its package versions do not always match those of RHEL. Rocky Linux, Oracle and SUSE reproduce the source code of RHEL release rpm packages as part of the OpenELA project.

Key changes in RHEL 9.6:

• Updated developer packages: GCC 11.5, Node.js 22, mysql 8.4, PHP 8.3, GDB 14.2, Valgrind 3.24.0, SystemTap 5.2, elfutils 0.192, libabigail 2.6, GCC Toolset 14, LLVM Toolset 19.1.7, Rust Toolset 1.84.1, Go Toolset 1.23, Maven 3.9, Git 2.47.1.
• Updated versions of system packages: Rsyslog 8.2412.0, OpenSSL 3.2.2, NSS 3.101, nettle 3.10.1, OpenSCAP 1.3.12, Clevis 21, openCryptoki 3.24.0, libva 2.22.0, Buildah 1.39.0, Skopeo 1.18.0, Podman 5.4, NetworkManager 1.52.0, QEMU 9.1.0, libvirt 10.10.0,
• Updated server packages: Apache httpd 2.4.62, nginx 1.26, wpa_supplicant 2.11, xdp-tools 1.5.1, iproute2 6.11.0, PCP 6.3.2, Grafana 10.2.6, 389-ds-base 2.6.1, openldap 2.6.8.
• Added support for the Landlock module, which provides unprivileged programs with the ability to restrict the use of kernel objects. Linux, such as file hierarchies, network sockets, and ioctl. Unlike namespaces and system call filtering, the isolated environment is created by the kernel. Linux in the form of an additional layer on top of existing system access control mechanisms.
• Added support for the EROFS (Extendable Read-Only File System) file system, designed for use on partitions accessible in read-only mode.
• Added snapm (Snapshot Manager) utility for managing snapshots of the system state (for example, in case of problems after installing an update, you can roll back the system to the previous state).
• New users created through the Anaconda installer interface are granted administrator rights by default (a special setting is available to disable this behavior). The installer also offers a new interface for selecting the time zone. RDP protocol is used for remote access to the installer instead of VNC.
• The ld linker provides warnings if an application uses a stack that is located in an executable memory region.
• Added support for using TLS to encrypt service RPC traffic in the NFS network file system.
• Support for unified kernel images (UKI) generated within the distribution infrastructure and digitally signed by the distribution has been stabilized. A UKI image combines a handler for loading the kernel from UEFI (UEFI boot stub) and a kernel image in a single file. Linux and the initrd system environment loaded into memory. When loading the UKI image from UEFI, the integrity and authenticity of not only the kernel but also the initrd contents can be verified using a digital signature. Validation of the initrd content is important, as this environment is where the keys for decrypting the root file system are extracted.
• Added support for the Composefs file system.
• The CIFS (Common Internet File System) client has the ability to create special files in SMB partitions, such as symbolic links, Unix sockets, and named pipes.
• The capabilities of the toolkit for creating custom boot images (image builder) have been expanded. Support for creating disk images with their own partition layout and mounting options has been added. The ability to substitute Kickstart files when assembling iso images has appeared. For disk images, for systems such as AWS and KVM, the creation of a separate /boot partition has been removed.
• Added system roles for managing and configuring sudo, tracking file changes using the aide package, and managing systemd user unit files. The metric role now has the ability to use the Valkey DBMS instead of Redis.
• Provided the ability to use the OpenTelemetry framework to accumulate and send logs and telemetry data to analytics systems such as AWS CloudWatch.
• A new utility, keylime-policy, has been added to provide capabilities for managing Keylime policies used to authenticate and continuously monitor the integrity of external systems.
• Under SE protectionLinux The iio-sensor-proxy, power-profiles-daemon, switcheroo-control, and samba-bgqd services have been migrated. Support for running commands under SE protection has been added.Linux via QEMU Guest Agent.
• The implementation of the eBPF subsystem is synchronized with the kernel Linux 6.12 (previous release used the kernel eBPF implementation Linux 6.8). The TPM_TIS (Trusted Platform Module Integration Services) implementation is synchronized with kernel 6.7, and kdump is synchronized with kernel 6.10.
• The ice Ethernet driver has been updated to support the E825C network interface used in the Intel Granite Rapids-D platform.
• NetworkManager now supports the FEC (Forward Error Correction) mode. Support for automatically adding routes to DNS servers has been added using the "ipv4.routed-dns" and "ipv6.routed-dns" properties. Sending the host name via DHCP has been disabled by default (the ipv4.dhcp-send-hostname parameter is set to false). Support has been added for the "IPv4-only preferred" DHCPv6 option (RFC 8925), which indicates that the host can operate without IPv4 and only needs to be sent the IPv6 address if the network supports IPv6. The nmstate utility now supports configuring IPvLAN.
• Support provided virtual machines in systems with a realtime kernel.
• For host systems using ARM64 processors, support for migrating virtual machines between ARM64 hosts has been added, a virtualized TPM (Trusted Platform Module) interface has been added, and the virtio-iommu device has been implemented.
• The virt-install utility has been updated to support creating virtual machines that use AMD SEV-SNP (Secure Encrypted Virtualization — Secure Nested Paging) for memory encryption.
• Added the ability to use Intel TDX (Trust Domain Extension) technology to protect guest systems.
• Added support for migrating virtual machines that use virtiofs for directory sharing or virtual functions on Mellanox CX-7 network adapters.
• Added drivers for Intel XMM 7360 LTE Advanced (Intel IOSM — IPC over Shared Memory), Fibocom FM350GL (Mediatek t7xx), Fibocom L860GL (Intel IOSM) and Qualcomm modems.
• Added experimental support (Technology Preview) for encrypting DNS traffic using DNS-over-TLS (DoT).
• Continued provision of experimental (Technology Preview) support:
• kTLS (kernel-level TLS),
• asynchronous input/output interface io_uring,
• DAX (Direct Access) for ext4 and XFS,
• AMD SEV and SEV-ES in KVM hypervisor,
• systemd-resolved service,
• Sigstore mechanism for verifying containers using digital signatures,
• VPN WireGuard,
• PRP (Parallel Redundancy Protocol) and HSR (High-availability Seamless Redundancy) protocols,
• hardware acceleration of IPsec by moving packet encapsulation operations to the network card side,
• ACME certificate management protocol used in Let's Encrypt,
• SRv6 (Segment Routing over IPv6,
• package with graphic editor GIMP 2.99.8,
• MPTCP (Multipath TCP) settings via NetworkManager,
• DNSSEC in IdM,
• virtio-mem
• Socket API for TuneD,
• Soft-iWARP (Internet Wide-area RDMA Protocol),
• GNOME for ARM64 and IBM Z.

Source: opennet.ru