ProHoster > Blog > internet nhau > Kuburitswa kweRed Hat Enterprise Linux 8.7 kugovera

Kuburitswa kweRed Hat Enterprise Linux 8.7 kugovera

Red Hat yakaburitsa kuburitswa kweRed Hat Enterprise Linux 8.7. Kuiswa kwekuvaka kwakagadzirirwa iyo x86_64, s390x (IBM System z), ppc64le, uye Aarch64 architecture, asi inowanikwa kurodha pasi chete kune vakanyoreswa Red Hat Mutengi Portal vashandisi. Iwo masosi eRed Hat Enterprise Linux 8 rpm mapakeji anogoverwa kuburikidza neCentOS Git repository. Bazi re8.x rinochengetwa richifambirana nebazi reRHEL 9.x uye richatsigirwa kusvika 2029.

Kugadzirira kwekuburitswa kutsva kunoitwa zvinoenderana nekutenderera kwebudiriro, izvo zvinoreva kuumbwa kwekuburitswa mwedzi mitanhatu yega yega panguva yakatarwa. Kusvika 2024, bazi re8.x richange riri muchikamu chekutsigira chakazara, zvichireva kubatanidzwa kwekuvandudzwa kwebasa, mushure mezvo zvinozoenda padanho rekugadzirisa, umo zvinonyanya kukosha zvichachinja kune kugadzirisa kwebug uye chengetedzo, nekuvandudzwa kudiki kune chekuita nekutsigira. yakakosha hardware masisitimu.

Kuchinja kukuru:

  • The toolkit yekugadzira mifananidzo yesystem yakawedzerwa kuti ibatanidze tsigiro yekurodha mifananidzo muGCP (Google Cloud Platform), kuisa mufananidzo wacho wakananga muregistry yemidziyo, kugadzirisa saizi ye/boot partition, uye kugadzirisa ma parameter (Blueprint) panguva yekugadzirwa kwemifananidzo. (semuenzaniso, kuwedzera mapakeji uye kugadzira vashandisi).
  • Yakawedzera kugona kushandisa mutengi weClevis (clevis-luks-systemd) kuti avhure otomatiki dhisiki partitions akavharidzirwa neLUKS uye akaiswa padanho rekupedzisira, pasina chikonzero chekushandisa "systemctl gonesa clevis-luks-askpass.path" murairo.
  • Iyo itsva xmlstarlet package yakatsanangurwa, iyo inosanganisira zvishandiso zvekuparura, kushandura, kusimbisa, kuburitsa data uye kugadzirisa mafaera eXML.
  • Yakawedzera yekutanga (Tekinoroji Preview) kugona kutendesa vashandisi vachishandisa vekunze vanopa (IdP, identity provider) inotsigira OAuth 2.0 "Device Authorization Grant" protocol yekuwedzera kupa OAuth matokeni ekuwana kumidziyo pasina kushandisa browser.
  • Kugona kwemabasa ehurongwa kwakawedzerwa, semuenzaniso, basa retiweki rakawedzera tsigiro yekumisikidza mirau yekufambisa uye kushandisa nmstate API, basa rekutema matanda rakawedzera rutsigiro rwekusefa nekutaura nguva dzose (startmsg.regex, endmsg.regex), basa rekuchengetedza rakawedzera tsigiro yezvikamu izvo zvakagoverwa zvine simba nzvimbo yekuchengetera ("yakaonda kupa"), kugona kubata kuburikidza /etc/ssh/sshd_config kwawedzerwa kune sshd basa, kunze kwePostfix performance statistics yakawedzerwa kune basa remetrics, kugona kunyora pamusoro pekumisikidzwa kwekare kwaitwa kune firewall basa uye rutsigiro rwekuwedzera, kugadzirisa uye kudzima kwakapihwa masevhisi zvichienderana nenyika.
  • Updated server uye system mapakeji: chrony 4.2, unbound 1.16.2, opencryptoki 3.18.0, powerpc-utils 1.3.10, libva 2.13.0, PCP 5.3.7, Grafana 7.5.13, SystemTap 4.7, NetworkManager 1.40 samba 4.16.1 XNUMX.
  • Maumbirwo acho anosanganisira mavhezheni matsva evagadziri uye maturusi evagadziri: GCC Toolset 12, LLVM Toolset 14.0.6, Rust Toolset 1.62, Go Toolset 1.18, Ruby 3.1, java-17-openjdk (java-11-opejdk uye enderera mberi java-1.8.0 zvakare. to be supplied .3.8-openjdk), Maven 6.2, Mercurial 18, Node.js 6.2.7, Redis 3.19, Valgrind 12.1.0, Dyninst 0.187, elfutils XNUMX.
  • sysctl configuration processing yakarongedzerwa ne systemd directory parsing order - configuration mafaira mu/etc/sysctl.d iye zvino ave nepamusoro pepamusoro pane ari mu/run/sysctl.d.
  • Iyo ReaR (Relax-uye-Kudzoreredza) toolkit yakawedzera kugona kuita zvekupokana mirairo isati yatanga uye mushure mekupora.
  • Maraibhurari eNSS haachatsigiri makiyi eRSA madiki pane 1023 bits.
  • Iyo nguva inotora iptables-save utility kuchengetedza yakakura kwazvo iptables mutemo seti yakaderedzwa zvakanyanya.
  • Iyo nzira yekudzivirira kubva kuSSBD (spec_store_bypass_disable) uye STIBP (spectre_v2_user) kurwiswa kwabviswa kubva ku "seccomp" kuenda ku "prctl", iyo ine simba rakanaka pakuita kwemidziyo uye maapplication anoshandisa seccomp nzira yekudzora kupinda kune system mafoni.
  • Mutyairi weIntel E800 Ethernet adapters inotsigira iWARP neRoCE protocol.
  • Inosanganisirwa chinhu chinonzi nfsrahead chinogona kushandiswa kushandura NFS kuverenga-mberi marongero.
  • Mune maApache httpd marongero, kukosha kweLimitRequestBody parameter yakashandurwa kubva pa0 (hapana miganhu) kuenda ku1 GB.
  • Pakeji nyowani, gadzira-izvino, yawedzerwa, iyo inosanganisira yazvino vhezheni yekugadzira utility.
  • Yakawedzerwa rutsigiro rwekutarisa mashandiro pane masisitimu ane AMD Zen 2 uye Zen 3 processors kune libpfm uye papi.
  • SSSD (System Security Services Daemon) yakawedzera tsigiro ye caching SID zvikumbiro (semuenzaniso, GID/UID macheki) mu RAM, izvo zvakaita kuti kukurumidza kukopa mashandiro ehuwandu hwemafaira kuburikidza neSamba server. Tsigiro yekubatanidzwa neWindows Server 2022 inopihwa.
  • Mapakeji ane rutsigiro rweVulkan graphics API akawedzerwa 64-bit IBM POWER masisitimu (ppc64le).
  • Tsigiro yeiyo AMD Radeon RX 6[345]00 uye AMD Ryzen 5/7/9 6[689]00 GPUs yaitwa. Tsigiro yeIntel Alder Lake-S uye Alder Lake-P GPUs inogoneswa neyakagadzika, iyo yaimbove yakakosha kuseta parameter i915.alpha_support=1 kana i915.force_probe=*.
  • Tsigiro yekumisikidza cryptopolicies yakawedzerwa kune yewebhu koni, kugona kurodha nekuisa RHEL mumushini chaiwo wakapihwa, bhatani rawedzerwa kuisirwa kwakasiyana kwezvigamba zveLinux kernel, mishumo yekuongorora yakawedzerwa, uye sarudzo yakawedzerwa kuti itangezve mushure mekuiswa kwezvigadziriso kwapera.
  • Yakawedzera tsigiro yeiyo ap-cheki murairo kune mdevctl kugadzirisa kuendesa mberi kune crypto accelerators kumakina chaiwo.
  • Tsigiro yakazara yeVMware ESXi hypervisor uye SEV-ES (AMD Yakachengeteka Encrypted Virtualization-Encrypted State) ekuwedzera yaitwa. Yakawedzerwa rutsigiro rweAzure gore nharaunda nema processors akavakirwa paAmpere Altra architecture.
  • Iro rekushandisa rekutarisira midziyo yakasarudzika yakagadziridzwa, kusanganisira mapakeji akadai sePodman, Buildah, Skopeo, crun uye runc. Yakawedzerwa rutsigiro rweGitLab Runner mumidziyo ine runtime Podman. Kugadzirisa mudziyo network subsystem, iyo netavark utility uye Aardvark DNS server inopihwa.
  • Kudzora kuisirwa kwedziviriro kubva panjodzi muMMIO (Memory Mapped Input Output) mashandiro, iyo kernel boot parameter "mmio_stale_data" inoitwa, iyo inogona kutora kukosha "kwakazara" (kugonesa kuchenesa mabuffers kana uchienda kunzvimbo yemushandisi uye muVM), "full,nosmt" (se"full" + zvakare inodzima SMT/Hyper-Threads) uye "off" (dziviriro yakaremara).
  • Kuti udzore kubatanidzwa kwekudzivirirwa kubva kuRetbleed vulnerability, kernel boot parameter "retbleed" yakashandiswa, kuburikidza iyo iwe unogona kudzima kuchengetedzwa ("kudzima") kana kusarudza kusagadzikana kwekuvhara algorithm (auto, nosmt, ibpb, unret).
  • Iyo acpi_sleep kernel boot parameter ikozvino inotsigira sarudzo nyowani dzekudzora maitiro ekurara: s3_bios, s3_mode, s3_beep, s4_hwsig, s4_nohwsig, old_ordering, nonvs, sci_force_enable, uye nobl.
  • Yakawedzera madhiraivha matsva eMaxlinear Ethernet GPY (mxl-gpy), Realtek 802.11ax 8852A (rtw89_8852a), Realtek 802.11ax 8852AE (rtw89_8852ae), Modem Host Interface (MHI), AMDs Host Interface (MHI), AMDs Host Interface (MHI) DRM DisplayPort (drm_dp_helper), Intel® Software Defined Silicon (intel_sdsi), Intel PMT (pmt_*), AMD SPI Master Controller (spi-amd).
  • Yakawedzera rutsigiro rweBPF kernel subsystem.
  • Kuenderera mberi nekupa kuyedza (Tekinoroji Preview) rutsigiro rweAF_XDP, XDP hardware kuburitsa, Multipath TCP (MPTCP), MPLS (Multi-protocol Label Switching), DSA (data streaming accelerator), KTLS, dracut, kexec fast reboot, nispor, DAX mu ext4 uye xfs, systemd-yakagadziriswa, accel-config, igc, OverlayFS, Stratis, Software Guard Extensions (SGX), NVMe/TCP, DNSSEC, GNOME paARM64 uye IBM Z masisitimu, AMD SEV yeKVM, Intel vGPU, Toolbox.

Source: opennet.ru

Voeg