ProHoster > Блог > labaran intanet > Sakin OpenBSD 6.5

Sakin OpenBSD 6.5

Ya ga haske saki na kyauta, giciye-dandamali UNIX-kamar tsarin aiki BuɗeBD 6.5. Theo de Raadt ne ya kafa aikin OpenBSD a cikin 1995, bayan rikici tare da masu haɓaka NetBSD, sakamakon abin da aka hana Teo samun dama ga ma'ajiyar NetBSD CVS. Bayan wannan, Theo de Raadt da gungun mutane masu ra'ayi iri ɗaya sun ƙirƙiri sabon tsarin aiki na buɗewa bisa tushen bishiyar NetBSD, babban burinsu shine ɗaukar hoto (goyan bayan 13 dandamali na kayan masarufi), daidaitawa, aiki daidai, tsaro mai aiki da kayan aikin haɗin kai. Cikakken girman shigarwa Hoton ISO OpenBSD 6.5 tsarin tushe shine 407 MB.

Baya ga tsarin aiki da kansa, aikin OpenBSD sananne ne don abubuwan da aka gyara, waɗanda suka zama tartsatsi a cikin sauran tsarin kuma sun tabbatar da kansu a matsayin ɗayan mafi aminci da ingantaccen mafita. Tsakanin su: LibreSSL (cokali mai yatsa Bude SSL), BUDE, fakiti tace PF, routing daemons BudeBGPD da OpenOSPFD, uwar garken NTP Bude NTPD, uwar garken imel BudeSMTPD, Rubutun tashar Multixer (mai kama da allon GNU) tmux, damon gane tare da aiwatar da ka'idar IDENT, madadin BSDL zuwa kunshin GNU groff - mandoc, yarjejeniya don tsara tsarin jurewa kuskure CARP (Addireshin gama gari Redundancy Protocol), mara nauyi http uwar garken, fayil aiki tare mai amfani BudeRSYNC.

Daga cikin manyan canje-canje masu mahimmanci: an gabatar da sigar bgpd mai ɗaukuwa, wanda aka daidaita don aiki a cikin wasu OSes, an kawar da amfani da tushen gata na Xenocara da tcpdump, ana kunna mai haɗin LDD ta tsohuwa don amd64 da i386, tallafin MPLS ya kasance. An inganta sosai, kuma an ƙarfafa kariya daga cin zarafi tare da dabarun ja da baya.Oriented Programming (ROP), an ƙara buɗe uwar garken DNS mafi sauƙi mai maimaitawa, an haɗa na'urar gano ɗabi'a a cikin kwaya, kuma aiwatar da namu na rsync utility yana da. aka gabatar.

Main ingantawa:

  • Lokacin gina ginin gine-gine na amd64 da i386, mai haɗin LDD wanda aikin LLVM ya haɓaka ana amfani da shi ta tsohuwa. Don gine-ginen mips64, an ƙara tallafi don gini ta amfani da Clang;
  • Sabbin direbobi na pvclock don mai ƙididdige ƙididdiga na KVM da ixl don Intel Ethernet 700. An maye gurbin direban uaudio tare da sabon aiwatarwa tare da goyan bayan USB Audio 2.0.
  • Inganta aikin direbobin na'urar mara waya bwfm, iwn, iwm da athn. An ƙara goyan bayan saƙon RTM_80211INFO zuwa ma'auni mara waya don watsa cikakken bayanin yanayin mu'amala zuwa dhclient da umarnin hanya. Halin shiru lokacin haɗawa zuwa cibiyoyin sadarwar mara waya an canza - idan kuna da saitunan haɗin kai ta atomatik, OpenBSD baya haɗawa zuwa cibiyoyin sadarwar da ba a san su ba (domin dawo da halayen da suka gabata, zaku iya ƙara hanyar sadarwa mara komai a cikin jerin);
  • Tarin hanyar sadarwa yana gabatar da sabon bpe (Backbone Provider Edge) da mpip (MPLS IP Layer 2) direbobin na'urar karya. An ƙara goyan baya don daidaita madaidaicin wuraren kewayawa don mu'amalar MPLS. An kunna direban vlan don ketare sarrafa layi da fitarwa kai tsaye zuwa mahallin cibiyar sadarwar iyaye. Ƙara yanayin txprio zuwa ifconfig don sarrafa fifita fifiko a cikin kanun fakitin tunneled (an goyan bayan vlan, gre, gif da direbobin etherip);
  • A cikin aiwatar da tacewa bpf, ya zama mai yiwuwa a yi amfani da tsarin digo ba tare da ɗaukar fakiti ba. Ana amfani da wannan fasalin a tcpdump don tacewa a farkon matakin fakitin da na'urar ke karba;
  • Mai sakawa yana ba da tallafi rdsetroot don ƙara hoton diski zuwa kernel RAMDISK. An tabbatar da cire wasu abubuwan da aka cire na tsofaffi yayin aiwatar da sabunta tsarin;
  • Inganta kiran tsarin bayyana, wanda ke ba da keɓance hanyar shiga tsarin fayil. Sabuwar sigar tana ƙara gano matches dangane da kundin tsarin aiki na tsari na yanzu lokacin tantance hanyoyin dangi. An haramta amfani da ƙididdiga da samun dama ga ƙuntataccen abubuwan haɗin hanyar fayil. Don aikace-aikacen ospfd, ospf6d, rebound, getconf, kvm_mkdb, bdftopcf, Xserver, passwd, spamlogd, spamd, sensorsd, snmpd, htpasswd da kuma idan an bayyana, ana aiwatar da kariya ta amfani da buɗewa;
  • Clang ya inganta kayan aiki don toshe amfani da dabarun dawo da shirye-shirye (ROP), wanda ya rage yawan adadin na'urorin polymorphic da aka samu a cikin fayilolin aiwatarwa na i386 da amd64 gine-gine;
  • Clang ya inganta aiki da tsaro lokacin amfani
    tsarin kariya KIYAYE, da nufin rikitar da aiwatar da abubuwan da aka gina ta amfani da lamunin lamuni da dabarun shirye-shirye masu dogaro da dawowa. Don hanzarta aiki, ana sanya bayanai a cikin rajista maimakon tarawa a duk lokacin da zai yiwu, kuma ana amfani da cache na processor da inganci lokacin dawowa. Hakanan ana amfani da RETGUARD a madadin kariyar tari na gargajiya akan tsarin amd64 da arm64;

  • An inganta abubuwan amfani masu alaƙa da tarin hanyar sadarwa: An ƙara goyan bayan tace fakitin MPLS zuwa pcap-filter. An ƙara ikon daidaita abubuwan da suka fi dacewa da tuƙi zuwa ospfd, ospf6d da ripd. IN
    ripd ƙara tsarin tushen kariya jingina. Ƙara hanyoyin sff da sffdump zuwa ifconfig don samun bayanan bincike daga masu watsa gani;

  • An gabatar da sakin farko na sabon mai warwarewa rashin hankali, wanda ke aiwatar da tambayoyin DNS masu maimaitawa kuma yana karɓar haɗin kai kawai akan 127.0.0.1.
    An ƙera Unwind don amfani akan tsarin abokin ciniki, kamar kwamfyutocin tafi-da-gidanka, masu motsi tsakanin cibiyoyin sadarwa mara waya daban-daban. Idan ta gano toshe zirga-zirgar ababen hawa na DNS akan hanyar sadarwar gida, cirewa zuwa amfani da adireshin sabar DNS mai maimaitawa da aka canjawa wuri ta hanyar DHCP, amma yana ci gaba da ƙoƙari lokaci-lokaci don warware kansa kuma da zaran buƙatun kai tsaye sun fara wucewa, ya dawo zuwa samun dama ga kansa. Sabar DNS;

  • A cikin bgpd, an yi aiki don rage yawan ƙwaƙwalwar ajiya, an ƙara ƙa'idodin ingantawa mai sauƙi (haɗa ka'idodin tacewa waɗanda suka bambanta kawai a cikin saitin tacewa), an canza tsarin tsarin BGP MPLS VPN, an ƙara tallafi ga IPv6 BGP MPLS VPN. , kuma an aiwatar da aikin "as-override" don maye gurbin maƙwabcin AS zuwa AS na gida a cikin hanyoyi, ya kara da ikon daidaitawa tare da al'ummomi da dama a cikin ka'ida ɗaya, ƙara sababbin siffofi masu dacewa "*", "local-as" da "makwabci". -as", ingantacciyar aiki tare da manyan ƙa'idodi, ƙara sabbin umarni don aiki tare da ƙungiyoyin maƙwabta masu cin gashin kansu ("bgpctl maƙwabta rukuni", "bgpctl nuna ƙungiyar maƙwabta", "bgpctl nuna ƙungiyar maƙwabta"), ikon ƙara cibiyoyin sadarwa zuwa BGP VPN an ƙara tebur zuwa bgpctl. A karon farko, an shirya nau'in šaukuwa na OpenBGPD-portable, shirye don aiki akan tsarin banda OpenBSD;
  • Ƙara wani zaɓi kubsan don gano lamuran da ba a bayyana ba a cikin kernel na OpenBSD.
  • Mai amfani da tcpdump gaba ɗaya yana kawar da amfani da tushen gata;
  • Inganta aikin malloc a cikin aikace-aikacen zaren da yawa;
  • An ƙara sigar farko na shirin zuwa abun da ke ciki BudeRSYNC tare da aiwatar da kansa na kayan aiki tare da fayil ɗin rsync;
  • An sabunta sigar uwar garken saƙo na OpenSMTPD, wanda a cikinsa aka ƙara sabon ma'aunin kwatanta "daga rdns" zuwa smtpd.conf, wanda ke ba ku damar zaɓar zaman dangane da juyar da ƙudurin DNS (ƙayyade sunan mai masauki ta IP). Lokacin bincike a cikin tebur, an ƙara ikon yin amfani da maganganun yau da kullun;
  • An sabunta kunshin OpenSSH 8.0, ana iya samun cikakken bayyani na abubuwan ingantawa a nan;
  • An sabunta fakitin LibreSSL, ana iya samun cikakken bayyani na ingantawa a cikin sanarwar sakin 2.9.0 и 2.9.1;
  • Mandoc ya inganta fitowar HTML sosai, ingantaccen ma'anar tebur, kuma ya ƙara alamar "-O" don buɗe shafi tare da ma'anar ƙayyadaddun lokaci;
  • An faɗaɗa ƙarfin tarin tarin zane-zane na Xenocara: uwar garken X baya buƙatar shigarwa tare da tutar saiti don gudana. Direban radeonsi Mesa ya haɗa da goyan bayan haɓaka kayan masarufi don Tsibirin Kudancin (Radeon HD 7000) da Tsibirin Teku (Radeon HD 8000) GPUs;
  • Tashoshin C++ na gine-ginen da Clang ba su goyan bayan an haɗa su ta amfani da GCC daga tashoshin jiragen ruwa. Yawan tashoshin jiragen ruwa na gine-ginen AMD64 shine 10602, don aarch64 - 9654, don i386 - 10535. Daga cikin aikace-aikacen da ke cikin tashoshin jiragen ruwa, ana lura da waɗannan masu zuwa:
    • 16.2.1 alama
    • Audacity 2.3.1
    • Babban Shafi 3.10.2
    • Chromium 73.0.3683.86
    • FFmpeg 4.1.3
    • GCC 4.9.4 da 8.3.0
    • GNOME 3.30.2.1
    • Go 1.12.1
    • JDK 8u202 da 11.0.2+9-3
    • LLVM / Clang 7.0.1
    • FreeOffice 6.2.2.2
    • Lua 5.1.5, 5.2.4 da 5.3.5
    • MariaDB 10.0.38
    • Babban Shafi 5.18.1.0
    • Mozilla Firefox 66.0.2 da ESR 60.6.1
    • Mozilla Thunderbird 60.6.1
    • Node. Js 10.15.0
    • BudeLDAP 2.3.43 da 2.4.47
    • PHP 7.1.28, 7.2.17 da 7.3.4
    • Postfix 3.3.3 da 3.4.20190106
    • PostgreSQL 11.2
    • Python 2.7.16 da 3.6.8
    • R 3.5.3
    • Ruby 2.4.6, 2.5.5 da 2.6.2
    • Kishiya 1.33.0
    • Aika sakon 8.16.0.41
    • SQLite3 3.27.2
    • Meerkat 4.1.3
    • Tcl/Tk 8.5.19 da 8.6.8
    • TeX Live 2018
    • Vim 8.1.1048 da Neovim 0.3.4
    • Xfce 4.12
  • Abubuwan da aka haɗa na ɓangare na uku sun haɗa tare da OpenBSD 6.5:
    • Xenocara graphics stack dangane da X.Org uwar garken 1.19.7 tare da faci, freetype 2.9.1, fontconfig 2.12.4, Mesa 18.3.5, xterm 344, xkeyboard-config 2.20;
    • LLVM/Clang 7.0.1 (tare da faci)
    • GCC 4.2.1 (tare da faci) da 3.3.6 (tare da faci)
    • Perl 5.28.1 (tare da faci)
    • NSD 4.1.27
    • Zazzagewa 1.9.1
    • Zazzagewa 5.7
    • Binutils 2.17 (tare da faci)
    • Gdb 6.3 (tare da faci)
    • Laraba 10 ga Agusta, 2011
    • Shafin 2.2.6

source: budenet.ru

Add a comment