Red Hat Enterprise Linux 9.6 Release

Following the new RHEL 10 branch, Red Hat has published the release of the Red Hat Enterprise Linux 9.6 distribution. Ready-made installation images are available for registered users of the Red Hat Customer Portal (to evaluate the functionality, you can also use the CentOS Stream 9 iso images and free RHEL builds for developers). The release is formed for the x86_64, s390x (IBM System z), ppc64le and Aarch64 (ARM64) architectures. In accordance with the 10-year support cycle of the distribution, RHEL 9 will be supported until 2032.

The source code of RHEL 9.6 rpm packages is provided to the company's customers only through a closed section of the site, which has a user agreement (EULA) prohibiting the redistribution of data, which does not allow using these packages to create derivative distributions. The source code remains available in the CentOS Stream repository, but it is not fully synchronized with RHEL and the versions of the packages in it do not always match the packages from RHEL. Rocky Linux, Oracle and SUSE reproduce the source code of the rpm packages of RHEL releases as part of the OpenELA project.

Key changes in RHEL 9.6:

• Updated developer packages: GCC 11.5, Node.js 22, mysql 8.4, PHP 8.3, GDB 14.2, Valgrind 3.24.0, SystemTap 5.2, elfutils 0.192, libabigail 2.6, GCC Toolset 14, LLVM Toolset 19.1.7, Rust Toolset 1.84.1, Go Toolset 1.23, Maven 3.9, Git 2.47.1.
• Updated versions of system packages: Rsyslog 8.2412.0, OpenSSL 3.2.2, NSS 3.101, nettle 3.10.1, OpenSCAP 1.3.12, Clevis 21, openCryptoki 3.24.0, libva 2.22.0, Buildah 1.39.0, Skopeo 1.18.0, Podman 5.4, NetworkManager 1.52.0, QEMU 9.1.0, libvirt 10.10.0,
• Updated server packages: Apache httpd 2.4.62, nginx 1.26, wpa_supplicant 2.11, xdp-tools 1.5.1, iproute2 6.11.0, PCP 6.3.2, Grafana 10.2.6, 389-ds-base 2.6.1, openldap 2.6.8.
• Added support for the Landlock module, which provides unprivileged programs with the means to restrict their use of Linux kernel objects such as file hierarchies, network sockets, and ioctls. Unlike namespaces and system call filtering, the isolated environment is provided by the Linux kernel as an additional layer on top of the existing system access control mechanisms.
• Added support for the EROFS (Extendable Read-Only File System) file system, designed for use on partitions accessible in read-only mode.
• Added snapm (Snapshot Manager) utility for managing snapshots of the system state (for example, in case of problems after installing an update, you can roll back the system to the previous state).
• New users created through the Anaconda installer interface are granted administrator rights by default (a special setting is available to disable this behavior). The installer also offers a new interface for selecting the time zone. RDP protocol is used for remote access to the installer instead of VNC.
• The ld linker provides warnings if an application uses a stack that is located in an executable memory region.
• Added support for using TLS to encrypt service RPC traffic in the NFS network file system.
• Support for unified kernel images UKI (Unified Kernel Image) generated in the distribution infrastructure and certified by the distribution's digital signature has been stabilized. The UKI image combines in one file a handler for loading the kernel from UEFI (UEFI boot stub), a Linux kernel image, and the initrd system environment loaded into memory. When calling the UKI image from UEFI, it is possible to check the integrity and authenticity of not only the kernel but also the initrd contents by digital signature, the authenticity check of which is important, since in this environment the keys for decrypting the root FS are extracted.
• Added support for the Composefs file system.
• The CIFS (Common Internet File System) client has the ability to create special files in SMB partitions, such as symbolic links, Unix sockets, and named pipes.
• The capabilities of the toolkit for creating custom boot images (image builder) have been expanded. Support for creating disk images with their own partition layout and mounting options has been added. The ability to substitute Kickstart files when assembling iso images has appeared. For disk images, for systems such as AWS and KVM, the creation of a separate /boot partition has been removed.
• Added system roles for managing and configuring sudo, tracking file changes using the aide package, and managing systemd user unit files. The metric role now has the ability to use the Valkey DBMS instead of Redis.
• Provided the ability to use the OpenTelemetry framework to accumulate and send logs and telemetry data to analytics systems such as AWS CloudWatch.
• A new utility, keylime-policy, has been added to provide capabilities for managing Keylime policies used to authenticate and continuously monitor the integrity of external systems.
• The iio-sensor-proxy, power-profiles-daemon, switcheroo-control and samba-bgqd services have been transferred under SELinux protection. Support for executing commands under SELinux protection via QEMU Guest Agent has been added.
• The eBPF subsystem implementation is synchronized with Linux kernel 6.12 (the previous release used the eBPF implementation from Linux kernel 6.8). The TPM_TIS (Trusted Platform Module Integration Services) implementation is synchronized with kernel 6.7, and kdump is synchronized with kernel 6.10.
• The ice Ethernet driver has been updated to support the E825C network interface used in the Intel Granite Rapids-D platform.
• NetworkManager now supports the FEC (Forward Error Correction) mode. Support for automatically adding routes to DNS servers has been added using the "ipv4.routed-dns" and "ipv6.routed-dns" properties. Sending the host name via DHCP has been disabled by default (the ipv4.dhcp-send-hostname parameter is set to false). Support has been added for the "IPv4-only preferred" DHCPv6 option (RFC 8925), which indicates that the host can operate without IPv4 and only needs to be sent the IPv6 address if the network supports IPv6. The nmstate utility now supports configuring IPvLAN.
• Support provided virtual machines in systems with a realtime kernel.
• For host systems using ARM64 processors, support for migrating virtual machines between ARM64 hosts has been added, a virtualized TPM (Trusted Platform Module) interface has been added, and the virtio-iommu device has been implemented.
• The virt-install utility has been updated to support creating virtual machines that use AMD SEV-SNP (Secure Encrypted Virtualization — Secure Nested Paging) for memory encryption.
• Added the ability to use Intel TDX (Trust Domain Extension) technology to protect guest systems.
• Added support for migrating virtual machines that use virtiofs for directory sharing or virtual functions on Mellanox CX-7 network adapters.
• Added drivers for Intel XMM 7360 LTE Advanced (Intel IOSM — IPC over Shared Memory), Fibocom FM350GL (Mediatek t7xx), Fibocom L860GL (Intel IOSM) and Qualcomm modems.
• Added experimental support (Technology Preview) for encrypting DNS traffic using DNS-over-TLS (DoT).
• Continued provision of experimental (Technology Preview) support:
• kTLS (kernel-level TLS),
• asynchronous input/output interface io_uring,
• DAX (Direct Access) for ext4 and XFS,
• AMD SEV and SEV-ES in KVM hypervisor,
• systemd-resolved service,
• Sigstore mechanism for verifying containers using digital signatures,
• VPN wireguard,
• PRP (Parallel Redundancy Protocol) and HSR (High-availability Seamless Redundancy) protocols,
• hardware acceleration of IPsec by moving packet encapsulation operations to the network card side,
• ACME certificate management protocol used in Let's Encrypt,
• SRv6 (Segment Routing over IPv6,
• package with graphic editor GIMP 2.99.8,
• MPTCP (Multipath TCP) settings via NetworkManager,
• DNSSEC in IdM,
• virtio-mem
• Socket API for TuneD,
• Soft-iWARP (Internet Wide-area RDMA Protocol),
• GNOME for ARM64 and IBM Z.

Source: opennet.ru