ProHoster > Blog > internet nhau > OpenBSD 7.4 kuburitswa

OpenBSD 7.4 kuburitswa

Kuburitswa kwemahara UNIX-senge yekushandisa system OpenBSD 7.4 inoratidzwa. Iyo OpenBSD purojekiti yakavambwa naTheo de Raadt muna 1995 mushure mekunetsana nevagadziri veNetBSD, izvo zvakaita kuti Theo arambidzwe kuwana iyo NetBSD CVS repository. Mushure meizvi, Theo de Raadt neboka revanhu vane pfungwa dzakafanana vakagadzira itsva yakavhurika sisitimu yakavakirwa paNetBSD sosi yemuti, zvibodzwa zvikuru zvekusimudzira izvo zvaive zvekutakurika (13 hardware mapuratifomu anotsigirwa), kumira, kushanda kwakaringana, kuchengetedzwa kwakasimba. uye yakabatanidzwa cryptographic zvishandiso. Iyo yakazara yekuisa ISO mufananidzo weOpenBSD 7.4 base system ndeye 630 MB.

Pamusoro peiyo inoshanda sisitimu pachayo, iyo OpenBSD purojekiti inozivikanwa nezvikamu zvayo, izvo zvave kupararira mune mamwe masisitimu uye zvakaratidza ivo kuti ndeimwe yeakachengeteka uye yepamusoro-soro mhinduro. Pakati pazvo: LibreSSL (forogo yeOpenSSL), OpenSSH, PF packet filter, OpenBGPD uye OpenOSPFD madhimoni ekufambisa, OpenNTPD NTP server, OpenSMTPD mail server, text terminal multiplexer (analogous kuGNU screen) tmux, daemon yakazivikanwa ine IDENT protocol kushandiswa, BSDL imwe nzira. GNU groff package - mandoc, protocol yekuronga kukanganisa-kushivirira masisitimu CARP (Common Kero Redundancy Protocol), yakareruka http server, OpenRSYNC faira yekubatanidza utility.

Mabhindauko makuru:

  • Zvikamu zvekuvandudza microcode ye AMD processors zvakawedzerwa kune amd64 uye i386 zvivakwa. New microcode shanduro inoiswa otomatiki panguva yebhutsu. Chiteshi chinonzi "ports/sysutils/firmware/amd" chakagadzirirwa kugovera microcode binaries. Nyowani microcode yakaiswa uchishandisa yakajairwa fw_update utility. Yakafanana microcode yekuvandudza rutsigiro rweIntel processors yakaitwa muna 2018 uye yakaverengerwa mukuburitswa kweOpenBSD 6.3.
  • Iyo IBT (Indirect Branch Tracking, amd64) uye BTI (Branch Target Identification, arm64) nzira dzekudzivirira dzinogoneswa kernel nenzvimbo yemushandisi. Matanho aya akagadzirirwa kuvharidzira kutyorwa kweiyo yakajairika kuuraya kurongeka (kuyerera kuyerera) semhedzisiro yekushandisa maexploit anoshandura mapoinzi ebasa akachengetwa mundangariro (kudzivirira kwaitwa hakutenderi kodhi yakaipa kusvetukira pakati pebasa).
  • Pane masisitimu ane ArM64 architecture, pointer authentication inogoneswa kuchengetedza nzvimbo yemushandisi. Iyi tekinoroji inogonesa yakasarudzika ARM64 mirairo yekuonesa kero dzekudzoka uchishandisa siginecha yedhijitari yakachengetwa mumabhiti ekumusoro asina kushandiswa einongedzo pachayo.
  • Iyo clang system compiler marongero, pamwe neclang uye gcc kubva kumadoko, yakagadziridzwa kuti ishandise yambotaurwa nzira dzekudzivirira, ichisimbisa zvakanyanya kuchengetedzwa kwese musimboti maapplication uye akawanda ported applications kubva kune ekuita uchishandisa return-oriented programming (ROP) maitiro. Uchishandisa ROP, anorwisa haaedze kuisa kodhi yavo mundangariro, asi anoshandura aripo emuchina wekuraira chunks mumaraibhurari akaremerwa, achiguma neraibhurari kuraira (kazhinji kupera kweraibhurari mabasa). Iko kushandiswa kunoshanda nekugadzira ketani yemafoni kune akadaro mabhuraki ("magajeti") kuti awane basa rinodiwa.
  • A new system call, kqueue1, yawedzerwa. Inosiyana nekqueue pakuti inopfuudza mireza. Parizvino, kqueue1 inotsigira chete O_CLOEXEC (close-on-exec) mureza wekuvhara otomatiki zvinotsanangura faira mukuita kwemwana mushure mekufona exec().
  • Tsigiro yeiyo dt pseudo-mudziyo weiyo dynamic system uye application yekutsvaga yakaitwa kune amd64 uye i386 architecture. Iyo utrace system yekufona yakawedzerwa yekuisa mushandisi-anotsanangurwa mapindiro muiyo ktrace log.
  • Ported inogadzirisa kubva kuFreeBSD kugadzirisa maitiro asina kutsanangurwa paunenge uchishandisa MS-DOS faira masisitimu.
  • Iyo softdep gomo sarudzo inoshandiswa kunonoka kunyora metadata yakaunganidzwa yakadzimwa.
  • Zvirongwa zvakadzivirirwa neinovhenekera system kufona zvinotenderwa kuchengetedza core dumps kune yazvino dhairekitori rekushanda.
  • Iyo ARM64 yekuvakisa inokwirisa yakadzika idle state kugona inowanikwa muApple's M1/M2 machipi kuchengetedza simba uye kuita yekumira mode.
  • Yakawedzera workaround yekusagadzikana kweZenbleed mu AMD processors.
  • Tsigiro yemultiprocessor (SMP) masisitimu yakagadziridzwa. Iyo arprequest() basa, iri kuuya ARP pakiti yekugadzirisa kodhi, uye kuwanikwa kwemuvakidzani kuita muIPv6 stack yakavharwa.
  • Iyo pfsync packet sefa tafura yekuwiriranisa interface yakanyorwa patsva kuti ivandudze kukiya kubata uye kuenderana nebasa remangwana pakufananidza stack yetiweki.
  • Kushandiswa kwehurongwa hwe drm (Direct Rendering Manager) kwakabatana ne kernel. Linux 6.1.55 (в прошлом выпуске — 6.1.15). Улучшена работа на системах с процессорами Intel на базе микроархитектур Alder Lake и Raptor Lake.
  • Kuvandudzwa kwakaitwa kuVMM hypervisor. Rutsigiro rwemhando yemultiprocess yemidziyo yeblock nenetwork virtio rwaitwa muvmd. Rutsigiro rwevector I/O mu zero-copy mode rwawedzerwa kumudziyo weblock virtio. Kupinda kwesystem yevashanyi kuAMD processor p-state modes kwave kushoma. Kune varidzi michina chaiyo Inobvumidzwa kubvisa boot kernel kuburikidza nevmctl.
  • Yakawedzera musoro mutsva faira uchar.h ine char32_t uye char16_t marudzi, uye c32rtomb(), mbrtoc32(), c16rtomb(), uye mbrtoc16() mabasa anotsanangurwa muC11 standard.
  • Iyo malloc basa ikozvino ine "D" sarudzo yekuona kudonha kwendangariro uchishandisa ktrace ("MALLOC_OPTIONS=D ktrace -tu chirongwa") uye kdump ("kdump -u malloc ...").
  • Make utility akagadziridzwa kuti atsigire ${.VARIABLES} vhezheni kuti iratidze mazita emarudzi ese ari pachena epasi rose.
  • Iyo kdump yekushandisa ikozvino ine "-u" sarudzo yekusarudza utrace tracepoints neyakapihwa label.
  • Iyo openrsync yekushandisa yakagadziridzwa ne "--size-chete" uye "--ignore-nguva" sarudzo.
  • Cron uye crontab ikozvino inotsigira zvisingaverengeki zvigadziriso painotsanangura kukosha nhanho ine nhanho yakatarwa, kudzivirira panguva imwe chete zvikumbiro zvekushandisa kubva kumashini akasiyana ane akafanana cron mitemo. Semuenzaniso, kudoma "0~59/30" kana "~/30" mundima yemaminitsi kuchaita kuti murairo umhanye kaviri paawa panguva dzakateedzana dzakasarudzwa.
  • Iyo wsconsctl utility ikozvino inotsigira mabhatani emepu maviri- kana matatu-zvigunwe kudzvanya pa ClickPad.
  • Yakawedzera rutsigiro rwe Hardware nyowani uye yaisanganisira vatyairi vatsva.
  • Yakavandudzwa kuisirwa pane masisitimu ane armv7 uye arm64 processors.
  • Yakawedzera rutsigiro rwekurodha mafaera kubva kuEFI System Partition.
  • Iyo yekuisa ikozvino inotsigira yakagadziridzwa software RAID (softRAID). Iko kugona kuisa midzi yekuparadzanisa muSoftRAID kwakawedzerwa pane riscv64 uye arm64 system. SoftRAID yakawedzerwa kune ramdisk yeiyo powerpc64 architecture. Guided Disk Encryption rutsigiro rwakaitwa kune arm64.
  • Iyo malloc basa ikozvino inotarisa ese mabhuraki mune yakamirira ndangariro deallocation runyorwa kuti ione inonyora kune yakasunungurwa ndangariro nzvimbo.
  • Kumhanyisa murairo wekuvhara ikozvino kunoda kuwedzera mushandisi kuboka re "_shutdown", zvichibvumira kupatsanurwa kweropafadzo dzine chekuita nekuvhara uye kuverenga kwakananga kubva kudhisiki madivayiri.
  • Uchishandisa unveil system call, chigamba chinoshandiswa chinogumira pakuwana chete dhairekitori razvino, dhairekitori renguva pfupi, uye mafaera akanyorwa pamutsetse wekuraira.
  • Yakawedzerwa sysctl net.inet6.icmp6.nd6_queued kuratidza nhamba yemapakiti akamirira mhinduro yeND6 (yakafanana neARP).
  • Kana uchigadzira kero yeIPv6 pane network interface, chiziviso chinotumirwa kune vavakidzani ma router kuburikidza nekero yemulticast.
  • Yakawedzera tsigiro yekutanga yeTSO (TCP Segmentation Offload) uye LRO (TCP Yakakura Receive Offload) yechikamu chekugadzirisa uye kuunganidzwa kwepaketi padivi retiweki kadhi.
  • Iyo pfctl utility ikozvino inoremedza pf packet filter mitemo kubva kukernel nekukurumidza. Kugadziriswa kwe "chengeta mamiriro" uye "nat-to" zviito zvemhosho mameseji akadzoserwa kuburikidza neICMP kwave kugoneswa.
  • Yakaremara kuverenga kweIP, TCP uye UDP checksums ye loopback interfaces.
  • Yakawedzera rutsigiro rwekutanga VPN IPsec yakavakirwa panzira.
  • Rutsigiro rweFlowspec (RFC5575; parizvino zviziviso zvemutemo chete zvinotsigirwa) zvakawedzerwa kubgpd. Kuitwa kweASPA (Autonomous System Provider Authorization) kwakaunzwa mukuteerana negwaro-ietf-sidrops-aspa-verification-16 uye draft-ietf-sidrops-aspa-profile-16 tsanangudzo uye yakachinjirwa kushandisa matafura ekutarisa akazvimirira eAFI (Kero Mhuri Indicator).
  • Rpki-client performance yakagadziridzwa ne30-50%. Tsigiro ye gzip uye deflate compression yakawedzerwa.
  • Yakagadziridzwa LibreSSL uye OpenSSH mapakeji. Kuti uwane rumwe ruzivo nezve kuvandudzwa, ona wongororo yeLibreSSL 3.8.0, OpenSSH 9.4 uye OpenSSH 9.5.
  • Huwandu hwezviteshi zveiyo AMD64 architecture ikozvino 11845 (kubva pa11764), yearch64-11508 (kukwira kubva 11561), uye i386-10603 (kubva pa10572). Shanduro dzekushandisa mumachiteshi dzinosanganisira:
    • Asterisk 16.30.1, 18.19.0b, 20.4.0
    • Audacity 3.3.3
    • CMake 3.27.5
    • Chrome 117.0.5938.149
    • Emacs 29.1
    • ffmpeg 4.4.4
    • GCC 8.4.0 uye 11.2.0
    • GHC 9.2.7
    • GNOME 44
    • Enda 1.21.1
    • JDK 8u382, 11.0.20 uye 17.0.8
    • KDE Kunyorera 23.08.0
    • KDE Mapurani 5.110.0
    • Krita 5.1.5
    • LLVM/Clang 13.0.0 uye 16.0.6
    • LibreOffice 7.6.2.1
    • Lua 5.1.5, 5.2.4, 5.3.6 uye 5.4.6
    • MariaDB 10.9.6
    • Tsoko 6.12.0.199
    • Mozilla Firefox 118.0.1 uye ESR 115.3.1
    • Mozilla Thunderbird 115.3.1
    • Mutt 2.2.12 uye NeoMutt 20230517
    • Node.js 18.18.0
    • OpenLDAP 2.6.6
    • PHP 7.4.33, 8.0.30, 8.1.24 uye 8.2.11
    • Postfix 3.7.3
    • PostgreSQL 15.4
    • Python 2.7.18, 3.9.18, 3.10.13 uye 3.11.5
    • Qt 5.15.10 uye 6.5.2
    • R 4.2.3
    • Ruby 3.0.6, 3.1.4 uye 3.2.2
    • Ngura 1.72.1
    • SQLite 3.42.0
    • Shotcut 23.07.29
    • Sudo 1.9.14.2
    • Meerkat 6.0.12
    • Tcl/Tk 8.5.19 uye 8.6.13
    • TeX Kurarama 2022
    • Vim 9.0.1897 uye Neovim 0.9.1
    • Xfce 4.18
  • Yakagadziridzwa yechitatu-bato zvikamu zvinosanganisirwa neOpenBSD 7.3:
    • Xenocara graphics stack inobva pa X.Org 7.7 ine xserver 21.1.8 + zvigamba, freetype 2.13.0, fontconfig 2.14.2, Mesa 22.3.7, xterm 378, xkeyboard-config 2.20, fonttosfnt 1.2.2.
    • LLVM/Clang 13.0.0 (+ zvigamba)
    • GCC 4.2.1 (+ zvigamba) uye 3.3.6 (+ zvigamba)
    • Perl 5.36.1 (+ zvigamba)
    • NSD 4.7.0
    • Unbound 1.18
    • Vanamukoti 5.7
    • Binutils 2.17 (+ zvigamba)
    • Gdb 6.3 (+ chigamba)
    • Kukadzi 12.9.2023/XNUMX/XNUMX
    • Expat 2.5.0.

Source: opennet.ru

Tenga inovimbika yekutambira kwemasaiti ane DDoS dziviriro, VPS VDS maseva 🔥 Tenga webhusaiti yakavimbika ine dziviriro yeDDoS, maseva eVPS VDS | ProHoster