ProHoster > Блог > labaran intanet > Sakin OpenBSD 6.7

Sakin OpenBSD 6.7

Ƙaddamar da saki na kyauta na giciye-dandamali na UNIX-kamar tsarin aiki BuɗeBD 6.7. Theo de Raadt ne ya kafa aikin OpenBSD a cikin 1995 bayan rikici tare da masu haɓaka NetBSD, sakamakon abin da aka hana Teo samun dama ga ma'ajiyar NetBSD CVS. Bayan wannan, Theo de Raadt da gungun mutane masu ra'ayi iri ɗaya sun ƙirƙiri sabon tsarin aiki na buɗewa bisa tushen bishiyar NetBSD, babban burinsu shine ɗaukar hoto (goyan bayan 12 dandamali na kayan masarufi), daidaitawa, aiki daidai, tsaro mai aiki da kayan aikin haɗin kai. Cikakken girman shigarwa Hoton ISO OpenBSD 6.7 tsarin tushe shine 470 MB.

Baya ga tsarin aiki da kansa, aikin OpenBSD sananne ne don abubuwan da aka gyara, waɗanda suka zama tartsatsi a cikin sauran tsarin kuma sun tabbatar da kansu a matsayin ɗayan mafi aminci da ingantaccen mafita. Tsakanin su: LibreSSL (cokali mai yatsa Bude SSL), BUDE, fakiti tace PF, routing daemons BudeBGPD da OpenOSPFD, uwar garken NTP Bude NTPD, uwar garken imel BudeSMTPD, Rubutun tashar Multixer (mai kama da allon GNU) tmux, damon gane tare da aiwatar da ka'idar IDENT, madadin BSDL zuwa kunshin GNU groff - mandoc, yarjejeniya don tsara tsarin jurewa kuskure CARP (Addireshin gama gari Redundancy Protocol), mara nauyi http uwar garken, fayil aiki tare mai amfani BudeRSYNC.

Main ingantawa:

  • Tsarin fayil na FFS2, wanda ke amfani da lokacin 64-bit da toshe dabi'u, ana kunna ta ta tsohuwa a cikin sabbin kayan aiki don kusan duk gine-ginen da aka goyan baya maimakon FFS (sai landisk, luna88k, da sgi).
  • An ƙara wata sabuwar hanya don bincika ingancin kiran tsarin, wanda ke daɗa dagula amfani da rashin lahani. Hanyar tana ba da damar aiwatar da kiran tsarin kawai idan an isa gare su daga wuraren ƙwaƙwalwar ajiya da aka yi rajista a baya. An gabatar da sabon tsarin kiran tsarin msyscall() don yiwa wuraren ƙwaƙwalwar ajiya alama da kunna kariya.
  • An ƙara adadin sassan da za a iya ƙirƙira akan faifai ɗaya daga 7 zuwa 15.
  • An sake rubuta lambar tantance zaɓin cron don tallafawa fasali kamar su "-ns" da sake bayyana tutoci iri ɗaya. Filin "zaɓi" a cikin crontab an sake masa suna zuwa "tutoci". Ƙara alamar "-s" zuwa crontab domin misali ɗaya kawai na aiki zai iya gudana a lokaci guda. Ƙara "~" afareta don ƙayyade ƙimar lokacin bazuwar.
  • Manajan taga na cwm yana aiwatar da ikon tantance girman taga a matsayin kaso na girman girman taga na farko a cikin shimfidar tiled.
  • Gine-ginen powerpc ya canza zuwa amfani da Clang ta tsohuwa kuma ya ba da damar aiwatar da mplock mai zaman kansa na gine-gine.
  • apmd ya inganta tallafi don jiran aiki ta atomatik da kwanciyar hankali (-z/-Z) - daemon yanzu yana amsa saƙonnin canjin baturi wanda direban sa ido na wutar lantarki ya aika. Canji zuwa barci yana faruwa tare da jinkiri na 60 seconds, wanda ke ba mai amfani lokaci don ɗaukar iko.
  • Ƙara $REQUEST_SCHEME madaidaicin daidaitawa zuwa uwar garken HTTP da aka gina don adana ainihin yarjejeniya (http ko https) lokacin da ake turawa, da kuma zaɓin "tsiri" don ba da damar chroots da yawa a / var/www don sabar FastCGI.
  • Babban mai amfani yanzu yana goyan bayan gungurawa ta amfani da maɓallan 9 da 0.
  • An gabatar da wani tsari don 'yantar da shafukan ƙwaƙwalwar ajiya a juzu'in tsari, wanda ke ƙara haɓaka ingantaccen yantar da adadi mai yawa na rayayye.
  • Sabar uwar garken DNS da ba a ɗaure ba tana da rajistan DNSSEC ta tsohuwa.
  • An 'yantar da kiran tsarin daga toshewar duniya
    __ barci (2), __thrwakeup (2), kusa (2), kusa (2), dup (2), dup2 (2), dup3 (2), garke (2), fcntl (2), kqueue (2), pipe (2), pipe2 (2) da nanosleep (2), da kuma ainihin ɓangaren ioctl (2).

  • Fadada tallafin kayan masarufi. An ƙara sabon direban iwx don kwakwalwan kwamfuta mara waya ta Intel AX200, kuma direban iwm ya ƙara tallafi ga na'urorin Intel 9260 da 9560. An ƙara direban rge don Realtek 8125 PCI Express 2.5Gb. An ba da shawarar sabbin direbobi da yawa don haɓaka aiki akan allunan arm64 da armv7, gami da ƙarin tallafi ga hukumar Rasberi Pi 4 da ingantaccen tallafi don Rasberi Pi 2 da 3.
  • An fadada tsarin tsarin sauti na sndio. Ƙara sioctl_open API da sndioctl mai amfani don sarrafa sauti ta sndiod. /dev/mixer an cire kuma an canza duk tashar jiragen ruwa zuwa sndio maimakon mahaɗin mahaɗin kernel. Sndiod yana ba da amfani da hanyoyin sarrafa ƙarar kayan aiki. Don haɓaka tsaro, an hana samun damar mai amfani na yau da kullun zuwa /dev/audio* da /dev/rmidi*.
  • Tarin mara waya ta dakatar da haɗawa zuwa kowace hanyar sadarwar Wi-Fi da ke da alaƙa da ba ta goyan bayan ɓoyewa, sai dai ta kiran “ifconfig join” a sarari. Yana tabbatar da cewa an fara duba bayanan da ke akwai na cibiyoyin sadarwa lokacin da tushen mai amfani ya aiwatar da umarnin "ifconfig scan". An ƙara ma'ajiyar sakamakon binciken. Ƙara alamar "nwflag nomimo", saita ta hanyar ifconfig, wanda ke taimakawa wajen kawar da asarar fakiti a yanayin 11n idan na'urar tana da masu haɗin eriya marasa haɗin gwiwa. Ƙara tallafi don yanayin dubawa mai aiki don direban bwfm. Inganta canjin atomatik tsakanin cibiyoyin sadarwa mara waya ta hanyar rage fifiko ga cibiyoyin sadarwar da ba za a iya haɗa su ba.
  • Wani sabon direban ppac ya bayyana a cikin tarin cibiyar sadarwa, wanda ya haɗa da aiwatar da haɗin kai na PPP Access Concentrator. Canza saitunan npppd.conf don amfani da pppac maimakon tun. Lokacin da aka kashe jujjuya fakiti, an ƙara cak don bincika ko adireshin wurin da aka nufa a cikin fakitin ya dace da adireshin cibiyar sadarwa. An cire tallafin wayar hannu.
  • An hana masu amfani da ba tushen tushen yin amfani da ioctl don canza adireshin mu'amalar cibiyar sadarwa da canza sigogin musaya na pppoe.
  • sysupgrade yana tabbatar da cewa an fara sabuntawar firmware (fw_update) kafin sake kunnawa kafin haɓakawa.
  • An inganta kiran tsarin buɗewa don samar da keɓewar hanyar shiga tsarin fayil. Adadin aikace-aikacen daga tsarin tushe wanda aka aiwatar da kariya ta amfani da buɗewa an ƙara zuwa 82. Ciki har da vmstat, iostat da systat canjawa wuri zuwa buɗewa.
  • An ƙara tallafin RSA-PSS zuwa crypto(3).
  • An ƙara tallafin DoT (DNS akan TLS) zuwa mai warwarewar DNS mai warwarewa. Ƙara umarnin "unwindctl status memory".
  • An sabunta aiwatar da ipsec sosai. Ƙara goyon baya don matsar da zirga-zirga ta atomatik tsakanin rdomains yayin ɓoyewa da ɓoyewa don kare kai daga hare-haren tashoshi. Ƙara tallafi don canza rdomain zuwa iked, da ƙara zaɓin 'rdomain' zuwa iked.conf
    Matsakaicin matakin na iked da isakmpd shine IPSEC_LEVEL_REQUIRE, wanda ke hana sarrafa fakitin da ba a rufa-rufa ba daidai da kwararar. An ƙara curve25519, ecp256, ecp384, ecp521, modp3072 da modp4096 algorithms zuwa saitunan ƙungiyar Diffie-Hellman don IKE SA. Idan aka yi la'akari, an canza hanyar tantancewa ta tsoho zuwa ingantaccen sa hannu na dijital (RFC 7427). Ƙara saitunan ESN zuwa iked.conf. Ƙara wani zaɓi na "-p" don zaɓar lambar tashar tashar UDP mara daidaito.

  • An faɗaɗa ƙarfin tmux m multiplexer kuma an ƙara sabbin zaɓuɓɓuka da yawa.
  • An sabunta sigar uwar garken saƙon OpenSMTPD. Ginshikan tacewa suna aiwatar da kalmar “bypass” don tsallake aiki ƙarƙashin ƙayyadaddun yanayi. Yana ba da damar amfani da sunan mai amfani na zaman smtpd na yanzu a cikin masu tacewa. A cikin smtpd.conf, sigogi suna ba da damar amfani da wasiku-daga da rctp-zuwa.
  • An sabunta fakitin OpenSSH 8.2 don haɗa da goyan baya ga alamun tabbatar da abubuwa biyu na FIDO/U2F. Kuna iya ganin cikakken bayyani na ingantawa a nan.
  • An sabunta kunshin LibreSSL, wanda aka kammala aiwatar da TLS 1.3 bisa sabon na'ura mai iyaka da tsarin tsarin aiki tare da bayanan. Ta hanyar tsoho, ɓangaren abokin ciniki na TLS 1.3 ne kawai aka kunna don yanzu; ɓangaren uwar garken an shirya kunna shi ta tsohuwa a cikin sakin gaba. Ana iya ganin jerin wasu canje-canje a cikin sanarwar sakin 3.1.0 и 3.1.1.
  • Adadin tashar jiragen ruwa don gine-ginen AMD64 shine 11268, don aarch64 - 10848, don i386 - 10715. Abubuwan haɓaka daga masu haɓaka ɓangare na uku waɗanda aka haɗa a cikin OpenBSD 6.7 an sabunta su:
    • Xenocara graphics stack dangane da X.Org 7.7 tare da xserver 1.20.8 + faci, freetype 2.10.1, fontconfig 2.12.4, Mesa 19.2.8, xterm 351, xkeyboard-config 2.20;
    • LLVM/Clang 8.0.1 (tare da faci)
    • GCC 4.2.1 (tare da faci) da 3.3.6 (tare da faci)
    • Perl 5.30.2 (tare da faci)
    • NSD 4.2.4
    • Zazzagewa 1.10.0
    • Zazzagewa 5.7
    • Binutils 2.17 (tare da faci)
    • Gdb 6.3 (tare da faci)
    • Laraba 20 Disamba, 2012
    • Shafin 2.2.8

    source: budenet.ru

Add a comment