ProHoster > Блог > labaran intanet > Sakin rarrabawar Red Hat Enterprise Linux 8.7

Sakin rarrabawar Red Hat Enterprise Linux 8.7

Red Hat ya wallafa sakin Red Hat Enterprise Linux 8.7. An shirya ginin shigarwa don x86_64, s390x (IBM System z), ppc64le, da gine-ginen Aarch64, amma ana samunsu don saukewa kawai ga masu amfani da Portal Abokin Ciniki na Red Hat. Ana rarraba tushen fakitin Linux 8rpm na Red Hat Enterprise ta wurin ajiyar CentOS Git. Ana kiyaye reshen 8.x a layi daya tare da reshen RHEL 9.x kuma za a tallafawa har sai aƙalla 2029.

Ana yin shirye-shiryen sabbin abubuwan sakewa daidai da tsarin ci gaba, wanda ke nuna samuwar sakewa kowane watanni shida a ƙayyadadden lokaci. Har zuwa 2024, reshe na 8.x zai kasance a cikin cikakken goyon baya, yana nuna ƙaddamar da haɓaka aikin aiki, bayan haka zai matsa zuwa mataki na kulawa, wanda abubuwan da suka fi dacewa za su canza zuwa gyare-gyaren kwari da tsaro, tare da ƙananan ci gaba da suka danganci tallafi. m hardware tsarin.

Canje-canje masu mahimmanci:

  • An faɗaɗa kayan aiki don shirya hotunan tsarin don haɗawa da tallafi don loda hotuna zuwa GCP (Google Cloud Platform), sanya hoton kai tsaye a cikin rajistar akwati, daidaita girman ɓangaren ɓangaren boot, da daidaita sigogi (Blueprint) yayin ƙirƙirar hoto. (misali, ƙara fakiti da ƙirƙirar masu amfani).
  • An ƙara ikon yin amfani da abokin ciniki na Clevis (clevis-luks-systemd) don buɗe ɓoyayyen ɓoyayyen diski ta atomatik tare da LUKS kuma an saka shi a ƙarshen taya, ba tare da buƙatar amfani da umarnin "systemctl kunna clevis-luks-askpass.path".
  • An gabatar da sabon fakitin xmlstarlet, wanda ya haɗa da abubuwan amfani don tantancewa, canzawa, ingantawa, cire bayanai da gyara fayilolin XML.
  • An ƙara ikon farko (Tsarin Fasaha) don tantance masu amfani ta amfani da masu samar da waje (IdP, mai ba da shaida) waɗanda ke goyan bayan tsawaita yarjejeniya ta OAuth 2.0 “Gyaran Izinin Na'ura” don samar da alamun samun damar OAuth zuwa na'urori ba tare da amfani da mai bincike ba.
  • An faɗaɗa ƙarfin ayyukan tsarin, alal misali, aikin cibiyar sadarwa ya ƙara goyon baya don kafa ƙa'idodin kewayawa da kuma amfani da API nmstate, aikin shiga ya ƙara goyon baya don tacewa ta hanyar maganganu na yau da kullum (startmsg.regex, endmsg.regex), Matsayin ajiya ya ƙara tallafi don sassan da aka keɓe sararin ajiya mai ƙarfi ("bakin ciki na samarwa"), ikon sarrafa ta / sauransu / ssh / sshd_config an ƙara zuwa matsayin sshd, an ƙara fitar da kididdigar aikin Postfix zuwa ga Matsayin ma'auni, ikon sake rubuta saitin da ya gabata an aiwatar da shi zuwa aikin Tacewar zaɓi da tallafi don ƙarawa, sabuntawa da gogewa an ba da sabis ɗin dangane da jihar.
  • Sabuntawar uwar garken da fakitin tsarin: chrony 4.2, unbound 1.16.2, opencryptoki 3.18.0, powerpc-utils 1.3.10, libva 2.13.0, PCP 5.3.7, Grafana 7.5.13, SystemTap 4.7, NetworkManager 1.40 sa 4.16.1.
  • Tsarin ya haɗa da sababbin nau'ikan masu tarawa da kayan aiki don masu haɓakawa: GCC Toolset 12, LLVM Toolset 14.0.6, Rust Toolset 1.62, Go Toolset 1.18, Ruby 3.1, java-17-openjdk (java-11-openjdk da ci gaba da java-1.8.0 za a kawo .3.8-openjdk), Maven 6.2, Mercurial 18, Node.js 6.2.7, Redis 3.19, Valgrind 12.1.0, Dyninst 0.187, elfutils XNUMX.
  • sysctl tsarin daidaitawa an daidaita shi tare da tsarin daidaita tsarin kundin adireshi - fayilolin sanyi a /etc/sysctl.d yanzu suna da fifiko mafi girma fiye da waɗanda ke cikin /run/sysctl.d.
  • Kayan aikin ReaR (Relax-and-Recover) ya kara da ikon aiwatar da umarni na sabani kafin da bayan murmurewa.
  • Laburaren NSS ba sa goyan bayan maɓallan RSA ƙasa da 1023.
  • Lokacin da ake ɗauka don iptables-ajiye mai amfani don adana manyan ƙa'idodin ƙa'idodin iptables ya ragu sosai.
  • Yanayin kariya daga SSBD (spec_store_bypass_disable) da STIBP (spectre_v2_user) harin an motsa shi daga "seccomp" zuwa "prctl", wanda ke da tasiri mai kyau akan aikin kwantena da aikace-aikacen da ke amfani da tsarin seccomp don hana damar yin amfani da kiran tsarin.
  • Direba don masu adaftar Ethernet E800 na Intel yana goyan bayan ka'idojin iWARP da RoCE.
  • An haɗa da wani mai amfani da ake kira nfsrahead wanda za'a iya amfani dashi don canza saitunan karantawa na NFS.
  • A cikin saitunan Apache httpd, an canza ƙimar ma'aunin LimitRequestBody daga 0 (babu iyaka) zuwa 1 GB.
  • An ƙara sabon fakitin, mai-sabon, wanda ya haɗa da sabon sigar kayan amfani.
  • Ƙara tallafi don saka idanu akan tsarin aiki tare da AMD Zen 2 da na'urori masu sarrafawa na Zen 3 zuwa libpfm da papi.
  • SSSD (System Security Services Daemon) ya ƙara goyon baya don caching buƙatun SID (misali, GID/UID cak) a cikin RAM, wanda ya ba da damar hanzarta kwafin ayyuka don babban adadin fayiloli ta uwar garken Samba. An ba da tallafi don haɗawa tare da Windows Server 2022.
  • An ƙara fakiti tare da goyan bayan API ɗin Vulkan graphics don tsarin 64-bit IBM POWER (ppc64le).
  • An aiwatar da goyan bayan sabon AMD Radeon RX 6[345]00 da AMD Ryzen 5/7/9 6[689]00 GPUs. An kunna goyan bayan Intel Alder Lake-S da Alder Lake-P GPUs ta tsohuwa, wanda a baya ya zama dole a saita siga i915.alpha_support=1 ko i915.force_probe=*.
  • An ƙara goyon bayan kafa tsarin cryptopolicies zuwa na'ura mai kwakwalwa na yanar gizo, an ba da damar saukewa da shigar da RHEL a cikin na'ura mai mahimmanci, an ƙara maballin don shigarwa daban-daban na faci na Linux kernel, an fadada rahotannin bincike, kuma an ƙara wani zaɓi don sake yi bayan an gama shigar da sabuntawa.
  • Ƙara goyon baya ga umarnin ap-check zuwa mdevctl don saita isar da isar da isar da saƙon crypto zuwa injunan kama-da-wane.
  • Cikakken goyan baya ga VMware ESXi hypervisor da SEV-ES (AMD Secure Encrypted Virtualization-Encrypted State) an aiwatar da kari. Ƙara goyon baya ga mahallin girgije na Azure tare da masu sarrafawa dangane da gine-ginen Ampere Altra.
  • An sabunta kayan aikin kayan aiki don sarrafa keɓaɓɓen kwantena, gami da fakiti kamar Podman, Buildah, Skopeo, crun da runc. Ƙara goyon baya ga GitLab Runner a cikin kwantena tare da lokacin aiki Podman. Don saita tsarin cibiyar sadarwar kwantena, ana samar da kayan aikin netavark da uwar garken DNS na Aardvark.
  • Don sarrafa hada da kariya daga raunin da ya faru a cikin tsarin MMIO (Memory Mapped Input Output), ana aiwatar da siginar taya na kernel "mmio_stale_data", wanda zai iya ɗaukar ƙimar "cikakku" (ba da damar tsaftace abubuwan buffers yayin motsawa zuwa sararin mai amfani a cikin VM), "cikakken, nosmt" (kamar "cikakken" + bugu da ƙari yana hana SMT/Hyper-Threads) da "kashe" (kare kariya).
  • Don sarrafa hada da kariya daga raunin Retbleed, an aiwatar da sigar taya ta kernel "retbleed", ta inda zaku iya kashe kariyar ("kashe") ko zaɓi algorithm toshe rauni (auto, nosmt, ibpb, unret).
  • Sigar boot na acpi_sleep kernel yanzu yana goyan bayan sabbin zaɓuɓɓuka don sarrafa yanayin bacci: s3_bios, s3_mode, s3_beep, s4_hwsig, s4_nohwsig, old_ordering, nonvs, sci_force_enable, da nobl.
  • An ƙara sabbin direbobi don Maxlinear Ethernet GPY (mxl-gpy), Realtek 802.11ax 8852A (rtw89_8852a), Realtek 802.11ax 8852AE (rtw89_8852ae), Modem Mai watsa shiri Interface (MHI), AMD PassThru DMA (ptsthru DMA) DRM DisplayPort (drm_dp_helper), Intel® Software Defined Silicon (intel_sdsi), Intel PMT (pmt_*), AMD SPI Master Controller (spi-amd).
  • Fadada tallafi don tsarin kernel na eBPF.
  • Ci gaba da samar da goyan bayan gwaji (Tsarin Fasaha) don AF_XDP, saukar da kayan aikin XDP, Multipath TCP (MPTCP), MPLS (Tsarin Lakabin Lakabin Multi-Protocol), DSA (Mai saurin watsa bayanai), KTLS, dracut, kexec sake yi da sauri, nispor, DAX in ext4 da xfs, systemd-resolved, accel-config, igc, OverlayFS, Stratis, Software Guard Extensions (SGX), NVMe/TCP, DNSSEC, GNOME akan tsarin ARM64 da IBM Z, AMD SEV don KVM, Intel vGPU, Akwatin Kayan aiki.

source: budenet.ru

Add a comment