ProHoster > Блог > wararka internetka > Siideynta koofiyadda cas ee Linux 8.8 qaybinta

Siideynta koofiyadda cas ee Linux 8.8 qaybinta

Ka dib markii la sii daayay koofiyadda Cas ee Linux 9.2, cusboonaysiinta laantii hore ee Koofiyada Cas Linux 8.8 ayaa la daabacay, kaas oo la socda laanta RHEL 9.x waxaana la taageeri doonaa ilaa ugu yaraan 2029. Dhismayaasha rakibaadda waxaa loo diyaariyey x86_64, s390x (IBM System z), ppc64le iyo Aarch64 naqshadaha, laakiin waxay diyaar u yihiin soo dejinta kaliya isticmaaleyaasha ka diiwaangashan Xariirka Macmiilka ee Koofiyada Cas (CentOS Stream 9 iso images iyo RHEL bilaash ah waxay u dhistaa horumariyeyaasha sidoo kale waa la heli karaa). loo isticmaalo). Xirmooyinka Koofiyada Cas ee Linux 8 rpm waxaa loo qaybiyaa kaydka CentOS Git.

Diyaarinta sii deynta cusub waxaa lagu fuliyaa si waafaqsan wareegga horumarinta, taas oo macnaheedu yahay samaynta sii deynta lixdii biloodba mar wakhti go'an. Ilaa 2024, laanta 8.x waxay ku jiri doontaa marxaladda taageerada buuxda, taas oo ay ku jirto ku darida hagaajinta shaqada, ka dib waxay u gudbi doontaa marxaladda dayactirka, taas oo mudnaanta ay u wareegi doonto hagaajinta cayayaanka iyo amniga, oo leh horumarin yar oo la xidhiidha. si ay u taageeraan nidaamyada qalabka muhiimka ah.

Isbeddellada muhiimka ah:

  • Seerarka la cusboonaysiiyay iyo xidhmooyinka nidaamka: nginx 1.22, Libreswan 4.9, OpenSCAP 1.3.7, Grafana 7.5.15, powertop rebased 2.15, tuned 2.20.0, NetworkManager 1.40.16, mod_security 2.9.6, samba 4.17.5.
  • Noocyada cusub ee isku-dubaridayaasha iyo agabka horumariya waxa ka mid ahaa: GCC Toolset 12, LLVM Toolset 15.0.7, Rust Toolset 1.66, Go Toolset 1.19.4, Python 3.11, Node.js 18.14, PostgreSQL 15, Git 2.39.1. Valgri. , Apache Tomcat 3.19.
  • Hababka FIPS waa la bedelay si ay ugu hoggaansamaan heerka FIPS 140-3. Naafada 3DES, ECDH iyo FFDH, cabbirka ugu yar ee HMAC ku xaddidan yahay 112 bits, iyo furayaasha RSA oo ku xaddidan 2048 bits, naafada SHA-224, SHA-384, SHA512-224, SHA512-256, SHA3-224 iyo SHARBG dhaliye tiro been abuur- random -3.
  • Siyaasadaha SELinux ee la cusboonaysiiyay si loo taageero systemd-socket-proxyd.
  • Maamulaha xirmada yum waxa uu fuliyaa amarka cusboonaysiinta khadka tooska ah si loogu dabaqo cusboonaysiinta nidaamka offline. Nuxurka cusboonaysiinta khadka tooska ah ayaa ah in marka hore, baakado cusub lagu soo dejiyo amarka "yum offline-upgrade download", ka dib amarka "yum offline-upgrade reboot" ayaa la fuliyay si dib loogu bilaabo nidaamka jawiga ugu yar oo lagu rakibo kuwa la heli karo. cusboonaysiinta dhexdeeda iyada oo aan la faragelin hababka shaqaalaha. Ka dib markii rakibidda cusbooneysiinta la dhammeeyo, nidaamku wuxuu dib u bilaabaa jawi shaqo oo caadi ah. Markaad soo dejisanayso baakadaha cusboonaysiinta khadka tooska ah, waxaad codsan kartaa filtarrada, tusaale ahaan, "--advisory", "--security", "--bugfix".
  • Xirmado cusub oo synce4l ah ayaa lagu daray si loo isticmaalo tignoolajiyada isku-xidhka soo noqnoqda ee SyncE (Synchronous Ethernet) ee lagu taageerayo kaararka shabakada qaarkood iyo furayaasha shabakadaha, taas oo wanaajin karta hufnaanta isgaadhsiinta ee codsiyada RAN (Radio Access Network) iyadoo ay ugu wacan tahay wada shaqaynta wakhtiga saxda ah.
  • Faylka qaabeynta cusub /etc/fapolicyd/rpm-filter.conf ayaa lagu daray qaab-dhismeedka fapolicyd (Fayl Galitaanka Siyaasadda Daemon), kaas oo kuu ogolaanaya inaad go'aamiso barnaamijyada uu maamuli karo isticmaale gaar ah oo aan awoodin, si loo habeeyo liiska faylalka kaydka xogta ee maareeyaha xirmada RPM ee ka shaqeeya qaabaynta. Tusaale ahaan, faylka qaabeynta cusub ayaa loo isticmaali karaa in laga saaro codsiyada gaarka ah ee lagu rakibay maareeyaha xirmada RPM siyaasadaha gelitaanka
  • Kernel-ka, marka macluumaadka ku saabsan daadka SYN ee la ogaaday lagu shubayo diiwaanka, macluumaadka ku saabsan cinwaanka IP-ga ee aqbalay xiriirka ayaa la bixiyaa si loo fududeeyo go'aaminta bartilmaameedka daadadka ee nidaamyada leh maamulayaasha ku xiran nidaamyo kala duwan. Cinwaanada IP-ga.
  • Waxaa lagu daray doorka nidaamka qalabka podman si uu u maareeyo goobaha Podman, weelasha, iyo adeegyada habaysan ee maamula weelasha Podman. Podman waxa uu ku daray taageerada soo saarista dhacdooyinka hantidhawrka, ku xidhida xidhmooyinka hor-u-dhaca ah (/usr/libexec/podman/pre-exec-hooks iyo /etc/containers/pre-exec-hooks),iyo adeegsiga qaabka Sigstore si loo kaydiyo saxeexyada dhijitaalka ah sawiro weel leh.
  • Qalabka weelka ee la cusboonaysiiyay ee lagu maareeyo weelasha go'doonsan, oo ay ku jiraan baakadaha sida Podman, Buildah, Skopeo, crun iyo runc.
  • Qalabka sanduuqa ayaa lagu daray kaas oo kuu ogolaanaya inaad bilowdo deegaan dheeraad ah oo go'doonsan, kaas oo loo habayn karo si aan loo baahnayn iyadoo la adeegsanayo maareeyaha xirmada DNF ee caadiga ah. Horumariyuhu wuxuu u baahan yahay oo kaliya inuu fuliyo amarka "qalabka abuur", ka dib markii wakhti kasta uu geli karo deegaanka la soo saaray amarka "qalabka geli" oo ku rakibo baakado kasta isagoo isticmaalaya yum utility.
  • Taageerada lagu daray sawirka vhd ee lagu isticmaalo Microsoft Azure ee dhismaha ARM64.
  • SSSD (System Security Services Daemon) waxay ku dartay taageerada magacyada buug-yaraha guriga (iyadoo la isticmaalayo "%h" beddelka sifada override_homedir ee lagu qeexay /etc/sssd/sssd.conf). Intaa waxaa dheer, isticmaalayaasha waxaa loo oggol yahay inay beddelaan erayga sirta ah ee ku kaydsan LDAP (waxaa karti u leh dejinta sifada ldap_pwd_policy ee hooska gudaha /etc/sssd/sssd.conf).
  • glibc waxay fulisaa algorithm-soocidda cusub ee isku xidhka firfircoon ee DSO kaas oo adeegsada farsamo raadinta qoto-dheer (DFS) si wax looga qabto arrimaha waxqabadka ee maaraynta ku tiirsanaanta. Si aad u dooratid nooca Algorithm ee DSO, glibc.rtld.dynamic_sort=2 parameter ayaa la soo jeediyay, kaas oo loo qoondayn karo qiimaha "1" si loogu celiyo algorithmyadii hore.
  • Utility rteval wuxuu bixiyaa macluumaad kooban oo ku saabsan soo dejinta barnaamijka, threads, iyo CPU ku lug leh fulinta mawduucyadaas.
  • Ikhtiyaar dheeraad ah ayaa lagu daray utility oslat si loo cabbiro daahitaanka.
  • Waxaa lagu daray darawallo cusub oo loogu talagalay SoC Intel Elkhart Lake, Solarflare Siena, NVIDIA sn2201, AMD SEV, AMD TDX, ACPI Video, Intel GVT-g ee KVM, HP iLO/iLO2.
  • Taageero tijaabo ah oo lagu daray kaararka garaafyada Intel Arc ee kala duwan (DG2/Alchemist). Si aad awood ugu yeelatid dardargelinta qalabka kaararka fiidiyoowga ah, cadee kaarka aqoonsiga PCI inta lagu jiro bootinta adoo isticmaalaya "i915.force_probe=pci-id" kernel parameter.
  • Xirmada inkscape inkscape1 waxaa lagu bedelay inkscape1, kaas oo adeegsada Python 3. Nooca Inkscape ayaa laga cusboonaysiiyay 0.92 ilaa 1.0.
  • Habka Kiosk wuxuu bixiyaa awooda lagu isticmaalo GNOME Kiiboodhka Shaashadda.
  • Maktabada libsoupka iyo macmiilka Evolution mail waxa ay ku dareen taageerada xaqiijinta ee Microsoft Exchange Server iyaga oo isticmaalaya borotokoolka NTLMv2.
  • GNOME waxay ku siinaysaa awood aad ku habayn karto liiska macnaha guud ee muuqda marka aad midigta gujiso desktop-ka. Isticmaaluhu hadda waxa uu ku dari karaa shayada menu-ka si uu u sameeyo amaro aan sabab lahayn.
  • GNOME waxay kuu ogolaaneysaa inaad curyaamiso isbeddelka desktop-yada dalwaddu adigoo kor ama hoos ugu dhaqaaqaya saddex farood oo ku yaal taabasho.
  • Sii wad bixinta taageerada tijaabada ah (Tijaabada Tiknoolajiyada) ee AF_XDP, XDP hardware ka saarida, Multipath TCP (MPTCP), MPLS (Beddelka Summada Hab-maamuuska badan), DSA (dardariyaha qulqulka xogta), KTLS, dracut, kexec reboot degdeg ah, nispor, DAX gudaha ext4 iyo xfs, systemd-xalin, accel-config, igc, OverlayFS, Stratis, Software Extensions (SGX), NVMe/TCP, DNSSEC, GNOME on ARM64 iyo IBM Z nidaamyada, AMD SEV ee KVM, Intel vGPU, Toolbox.

Source: opennet.ru

Add a comment