ProHoster > Blog > labaran intanet > Sakin rarraba Red Hat Enterprise Linux 8.8

Sakin rarraba Red Hat Enterprise Linux 8.8

Bayan fitowar kamfanin Red Hat Enterprise, kamfanin ya fara sayar da hannun jarinsa. Linux An buga 9.2, wani sabuntawa ga reshen Red Hat Enterprise na baya. Linux 8.8, wanda ake kula da shi a layi ɗaya da reshen RHEL 9.x kuma za a tallafa masa har zuwa aƙalla 2029. An shirya gina shigarwa don gine-ginen x86_64, s390x (IBM System z), ppc64le da Aarch64, amma ana samun su don saukewa ne kawai ga masu amfani da aka yi wa rijista na Red Hat Customer Portal (ana iya amfani da hotunan ISO). CentOS Watsa shirye-shirye na 9 da gina RHEL kyauta ga masu haɓakawa). Tushen fakitin RPM na Red Hat Enterprise Linux Ana rarraba 8 ta hanyar ma'ajiyar Git CentOS.

Sabbin sakewa ana shirya su bisa ga tsarin ci gaba, tare da fitar da ke faruwa rabin shekara a lokutan da aka kayyade. Har zuwa 2024, reshe na 8.x zai kasance cikin cikakken tallafi, gami da inganta aikin. Bayan haka, zai canza zuwa kiyayewa, inda za a mayar da hankali ga gyare-gyaren kwari da tsaro, tare da ƙananan haɓakawa masu alaƙa da tallafi don mahimman tsarin hardware.

Canje-canje masu mahimmanci:

  • Sabbin sabar da fakitin tsarin: nginx 1.22, Libreswan 4.9, OpenSCAP 1.3.7, Grafana 7.5.15, powertop rebased 2.15, kunna 2.20.0, NetworkManager 1.40.16, mod_security 2.9.6, samba 4.17.5.
  • Sakin ya haɗa da sababbin nau'ikan masu tarawa da kayan haɓakawa: GCC Toolset 12, LLVM Toolset 15.0.7, Rust Toolset 1.66, Go Toolset 1.19.4, Python 3.11, Node.js 18.14, PostgreSQL 15, Git 2.39nd System39.1p. Tomcat 9.
  • An canza saitunan yanayin FIPS don dacewa da daidaitattun FIPS 140-3. 3DES, ECDH, da FFDH an kashe su, mafi ƙarancin girman maɓalli na HMAC an iyakance shi zuwa raƙuman 112, kuma mafi ƙarancin girman maɓalli na RSA yana iyakance zuwa rago 2048, da SHA-224, SHA-384, SHA512-224, SHA512-256, SHA3-2324G da za a iya lalatawa a cikin DSS. pseudorandom lamba janareta.
  • Manufofin SELinux an sabunta shi don tallafawa tsarin systemd-socket-proxyd.
  • Manajan fakitin yum yana aiwatar da umarnin haɓakawa a layi don amfani da sabuntawa ga tsarin layi layi. Sabuntawar kan layi ya haɗa da fara zazzage sabbin fakiti ta amfani da umarnin "yum offline-upgrade download," sannan kuma "yum offline-upgrade reboot" don sake kunna tsarin zuwa ƙaramin mahalli da shigar da sabuntawar da ke akwai ba tare da tsangwama ga sauran ayyukan aiki ba. Bayan an gama shigarwa na sabuntawa, tsarin zai sake yin aiki zuwa yanayin aiki na yau da kullun. Lokacin zazzage fakitin don sabunta layi, zaku iya amfani da masu tacewa, kamar "--shawara," "--security," da "--bugfix."
  • An ƙara sabon fakitin sync4l don amfani da fasahar daidaita mitar SyncE (Synchronous Ethernet), ana goyan bayan wasu katunan cibiyar sadarwa da masu sauya hanyar sadarwa, wanda ke inganta ingancin musayar bayanai a aikace-aikacen RAN (Radio Access Network) ta hanyar aiki tare da ingantaccen lokaci.
  • Tsarin fapolicyd (Fayil Access Policy Daemon), wanda ke ba ku damar tantance waɗanne shirye-shiryen wani takamaiman mai amfani zai iya aiwatarwa, an sabunta shi tare da sabon fayil ɗin sanyi, /etc/fapolicyd/rpm-filter.conf. Ana amfani da wannan fayil ɗin don saita jerin fayiloli daga bayanan mai sarrafa fakitin RPM waɗanda ke aiwatarwa. Misali, ana iya amfani da sabon fayil ɗin sanyi don keɓance takamaiman aikace-aikacen da aka shigar ta mai sarrafa fakitin RPM daga manufofin samun dama.
  • A cikin kernel, lokacin da ake zubar da bayanai game da ambaliyar SYN da aka gano a cikin rajistan, ana bayar da bayanai game da adireshin IP wanda ya karɓi haɗin don sauƙaƙe tantance maƙasudin ambaliyar akan tsarin da masu sarrafa ke da alaƙa da wasu. Adireshin IP.
  • An ƙara wani matsayi na tsarin don kayan aikin podman, yana ba da damar sarrafa saitunan Podman, kwantena, da sabis na tsarin da ke tafiyar da kwantena na Podman. Podman yanzu yana goyan bayan samar da abubuwan dubawa, yana ba da damar pre-exec hooks (/usr/libexec/podman/pre-exec-hooks da /etc/containers/pre-exec-hooks), da kuma amfani da tsarin Sigstore don adana sa hannun dijital tare da hotunan kwantena.
  • An sabunta kayan aikin kwantena don sarrafa keɓaɓɓen kwantena, gami da fakiti kamar Podman, Buildah, Skopeo, crun, da runc.
  • An ƙara kayan aikin akwatin kayan aiki, yana ba ku damar ƙaddamar da ƙarin keɓaɓɓen yanayi wanda za'a iya daidaita shi ta amfani da daidaitaccen mai sarrafa fakitin DNF. Masu haɓakawa kawai suna aiwatar da umarnin “akwatin kayan aiki”, bayan haka za su iya shigar da mahallin da aka ƙirƙira a kowane lokaci ta amfani da umarnin “akwatin shigar” kuma su sanya kowane fakiti ta amfani da yum utility.
  • Ƙara goyon baya don ƙirƙirar hotuna a tsarin vhd da aka yi amfani da shi a cikin Microsoft Azure don gine-ginen ARM64.
  • SSSD (System Security Services Daemon) yanzu yana goyan bayan canza sunayen adireshi na gida zuwa ƙananan haruffa (ta amfani da maye gurbin "%h" a cikin sifa ta override_homedir da aka ƙayyade a /etc/sssd/sssd.conf). Bugu da ƙari, masu amfani yanzu za su iya canza kalmomin shiga da aka adana a cikin LDAP (ta hanyar saita sifa ldap_pwd_policy a /etc/sssd/sssd.conf zuwa "shadow").
  • Glibc yana aiwatar da sabon tsayayyen rarrabuwa algorithm (DSO), wanda ke amfani da bincike na farko-zurfin (DFS) don magance matsalolin aiki yayin sarrafa abubuwan dogaro na keke. Don zaɓar rarrabuwar DSO algorithm, akwai siga glibc.rtld.dynamic_sort=2. Ana iya saita wannan siga zuwa "1" don komawa zuwa tsohuwar algorithm.
  • Mai amfani na rteval yana ba da taƙaitaccen nuni na lodin shirin, zaren, da CPUs da ake amfani da su don aiwatar da waɗannan zaren.
  • An sabunta kayan aikin oslat tare da ƙarin zaɓuɓɓuka don auna jinkiri.
  • An ƙara sabbin direbobi don SoC Intel Elkhart Lake, Solarflare Siena, NVIDIA sn2201, AMD SEV, AMD TDX, ACPI Video, Intel GVT-g don KVM, HP iLO/iLO2.
  • An ƙara goyan bayan gwaji don katunan zane-zane na Intel Arc (DG2/Alchemist). Don ba da damar haɓaka kayan aiki akan waɗannan katunan, ƙididdige ID na katin PCI yayin taya ta hanyar siginar kernel "i915.force_probe=pci-id."
  • Kunshin inkscape1 an maye gurbinsa da inkscape1, wanda ke amfani da Python 3. An sabunta sigar Inkscape daga 0.92 zuwa 1.0.
  • Yanayin Kiosk yanzu yana ba da ikon amfani da maɓallin allo na GNOME.
  • Laburaren libsoup da abokin ciniki na imel ɗin Juyin Hali yanzu suna goyan bayan tabbaci a cikin Microsoft Exchange Server ta amfani da ka'idar NTLMv2.
  • GNOME yanzu yana ba da ikon tsara menu na mahallin da aka nuna lokacin da kake danna dama akan tebur. Masu amfani yanzu suna iya ƙara abubuwa zuwa menu don ƙaddamar da umarni na al'ada.
  • GNOME yana ba da damar kashe canjin Kwamfutocin tebur na kama-da-wane ta hanyar matsawa sama ko ƙasa da yatsu uku a kan madannin taɓawa.
  • Ci gaba da samar da goyan bayan gwaji (Tsarin Fasaha) don AF_XDP, saukar da kayan aikin XDP, Multipath TCP (MPTCP), MPLS (Tsarin Lakabin Lakabin Multi-Protocol), DSA (Mai saurin watsa bayanai), KTLS, dracut, kexec sake yi da sauri, nispor, DAX in ext4 da xfs, systemd-resolved, accel-config, igc, OverlayFS, Stratis, Software Guard Extensions (SGX), NVMe/TCP, DNSSEC, GNOME akan tsarin ARM64 da IBM Z, AMD SEV don KVM, Intel vGPU, Akwatin Kayan aiki.

source: budenet.ru

Sayi amintaccen masauki don shafuka tare da kariyar DDoS, sabar VPS VDS 🔥 Sayi ingantaccen masaukin yanar gizo tare da kariyar DDoS, sabar VPS VDS | ProHoster