ProHoster > Блог > wararka internetka > Siideynta koofiyadda cas ee Linux 9.3 qaybinta

Siideynta koofiyadda cas ee Linux 9.3 qaybinta

Koofiyada Cas ayaa daabacday sii deynta Koofiyadda Cas ee Linux 9.3 qaybinta (laanta cusub ayaa lagu dhawaaqay usbuucii hore, laakiin qoraalada sii deynta ayaa la dhajiyay shalay oo keliya, ka horna nooca beta ayaa ku sii jiray goobta). Cusboonaysiinta laantii hore ee RHEL 8.9 ayaa la filayaa Noofambar 15. Sawirro rakiban oo diyaarsan ayaa diyaar u ah isticmaaleyaasha ka diiwaangashan Xariirka Macmiilka ee Koofiyada Cas (waxaad sidoo kale isticmaali kartaa sawirada CentOS Stream 9 iso images iyo RHEL bilaash ah waxay u dhistaa horumariyeyaasha si ay u qiimeeyaan shaqeynta). Siideynta waxaa loogu talagalay x86_64, s390x (IBM System z), ppc64le iyo Aarch64 (ARM64).

Laanta RHEL 9 waxaa lagu horumarinayaa hannaan horumarineed oo furan waxayna isticmaashaa saldhigga xirmada ee CentOS Stream 9. CentOS Stream waxaa loo dhigayaa sidii mashruuc kor loogu qaadayo RHEL, taasoo u oggolaanaysa kaqeybgalayaasha saddexaad inay xakameeyaan diyaarinta xirmooyinka RHEL, soo jeediyaan isbeddelkooda iyo saamaynta go'aannada la gaaray. Sida waafaqsan wareegga taageerada 10-sano ee qaybinta, RHEL 9 waa la taageeri doonaa ilaa 2032.

RHEL 9.3 waxay ahayd siidayntii ugu horeysay ee xirmooyinkeeda rpm aan lagu dhejin kaydka dadweynaha git.centos.org waxaana la siiya macaamiisha shirkadda oo keliya iyada oo loo marayo qayb xiran oo ka mid ah goobta, kaas oo leh heshiis isticmaale (EULA) oo mamnuucaya dib u qaybinta xogta, taas oo aan ogolayn isticmaalka xirmooyinkan si loo abuuro qaybinta kala duwan. Ilaha ayaa ku sii jira kaydka CentOS Stream, laakiin si buuxda looguma wada xidhiidhin RHEL iyo noocyadii ugu dambeeyay ee xidhmooyinku had iyo jeer kuma ekaadaan baakooyinka RHEL. Rocky Linux, Oracle iyo SUSE ayaa isku biiray oo hadda dib u soo saaraya ilaha xirmooyinka rpm ee RHEL siideynta taas oo qayb ka ah mashruuca OpenELA.

Isbeddellada muhiimka ah ee RHEL 9.3:

  • Halabuurka waxaa ku jira noocyo cusub oo isku-dubarid iyo qalab loogu talagalay soo-saareyaasha: GCC Toolset 13, LLVM Toolset 16.0.6, Qalabka Rust 1.71.1, Go Toolset 1.20.10, GCC 11.4.1 (compuiler system), Redis 7, Node.js 20 , java-21-openjdk (java-17-openjdk, java-11-openjdk iyo java-1.8.0-openjdk sidoo kale wali waa rarida), Valgrind 3.21, SystemTap 4.9, elfutils 0.189, PCP 6.0.5na , Gra.fa. .
  • Xirmooyinka server-ka iyo nidaamka la cusbooneysiiyay: samba 4.18.6, iproute 6.2.0, Apache httpd 2.4.57 (+ mod_authnz_fcgi module ayaa lagu daray), SEtools 4.4.3, OpenSCAP 1.3.8, opencryptoki 3.21.0, opencryptoki 1.44, NetworkManager 1.4.0tools 6.2tools xd.p. .1.0.2, perf 2.4, dmpd 2.1.6, nvme-cli 389, Pacemaker 2.3.4, XNUMX-ds-base XNUMX.
  • Waxaa lagu daray amar "dib-u-boot" maareeyaha xirmada DNF si uu si toos ah dib u bilaabo ka dib cusboonaysiinta la dhammeeyo. Hababka soo socdaa waa la heli karaa: "Weligaa" (default) - iyada oo aan dib loo kicin, "goorta la bedelay" - dib u soo kabashada ka dib cusboonaysiin kasta (dnf cusboonaysiinta) iyo "goorta loo baahan yahay" - dib u bilow kaliya haddii isbeddelada rakibay ay u baahan yihiin (tusaale, ka dib marka la rakibo kernel update ah ama systemd). Si aad u damiso halkii aad dib u bilaabi lahayd, "-poweroff" meertada ayaa la bixiyaa.
  • Plugins cusub ayaa lagu daray DNF: "dnf caleemaha" si ay u muujiyaan dhammaan baakadaha la rakibay oo aan ku tiirsanaanta baakadaha kale; "show-leaves" si ay u muujiyaan xirmo la mid ah dhawaan la rakibay ama baakadaha aan hadda loo isticmaalin ku tiirsanaanta ka dib wax kala iibsiga.
  • Hirgelinta SCTP (Stream Control Transmission Protocol) iyo MPTCP (Multipath TCP) borotokoollada ayaa laga wareejiyay noocii ugu dambeeyay ee kernel Linux.
  • Qalabka ARM64 wuxuu bixiyaa taageero buuxda kamaradaha leh interface USB, adapters wireless (Wi-Fi) iyo Bluetooth.
  • Taageerada buuxda ee kaararka garaafyada Intel Arc A-Taxanaha gaarka ah (Alchemist ama DG2) ayaa la bixiyaa.
  • Hirgelinta nidaamka-hoosaadka eBPF waxa uu la mid yahay Linux 6.3 kernel.
  • Qalabka Stratis ee lagu daray maamulka kaydinta maxalliga ah, isagoo siinaya astaamo ay ka mid yihiin qoondaynta kaydinta firfircoon, sawir-qaadista, daacadnimada iyo lakabyada kaydinta.
  • systemd-udevd waa la bedelay si loogu ogolaado magacyada joogtada ah ee shabakada InfiniBand.
  • Postfix waxaa ka mid ah awoodda lagu hubinayo diiwaannada DNS SRV si loo go'aamiyo martigeliyaha iyo dekedda server-ka boostada ee loo isticmaali doono gudbinta fariimaha. Habka la soo jeediyay waxaa loo isticmaali karaa kaabayaasha kuwaas oo adeegyada leh nambarada dekedaha si firfircoon loo qoondeeyay loo isticmaalo gudbinta fariimaha iimaylka.
  • Xirmada koobabka-filters-ku waxay ku daraysaa darawal LF-to-CRLF kaas oo loo isticmaali karo in lagu beddelo "\n" (khadka feed) xarfaha "\r\n" soo afjaraya xariiqyada habaynta "\r\n".
  • FUSE3 waxay ku darsataa awooda lagu baabi'inayo gelitaanka hagaha iyada oo aan si toos ah loo furin dhibcaha buurta ee la xidhiidha gelitaankaas.
  • NetworkManager waxa uu ku daray taageerada "no-aaaa" ee resolv.conf, kaas oo curyaamiya weydiimaha DNS ee diiwaanada AAAA (go'aaminta ciwaanka IPv6 ee magaca martida loo yahay). Taageero lagu daray ikhtiyaarka "lacp_active" si loo xakameeyo habaynta LACPDU Waxa la hirgaliyay dib u bilaabida NetworkManager ka dib markii dib loo bilaabay adeega dbuska. Ogeysiinta ayaa hadda la soo bandhigayaa haddii qaabkii qaabeynta ifcfg ee hore loo isticmaalay boggaga isku xirka. Taageerada lagu daray guryaha soo socda: link.tx-queue-length, link.gro-max-size, link.gso-max-segments iyo link.gso-max-size.
  • Isku-xidhka isku-xidhka isku midka ah, NetworkManager wuxuu u oggolaanayaa isticmaalka goobaha joogtada ah iyo kuwa firfircoon (DHCP); tusaale ahaan, utility nmstate wuxuu dejin karaa ciwaanka taagan interface kaas oo taageerada DHCP ay karti u leedahay. nmstate waxa ay ogolaataa in lagu xidho isku xidhka isku xidhka ciwaanka MAC halkii laga isticmaali lahaa magaca interfiyuuga
  • Taageerada qalabka oo la fidiyay. Taageero lagu daray ARM64 NVIDIA Grace CPU. Darawalka Intel QAT ee taageera Intel Quick Assist Technology 6.2xx/401xx aaladaha ayaa laga raray Linux kernel 402.
  • Si looga gaashaanto weerarada Specter v2 ee laxidhiidha fulinta malo awaalka ah ee tilmaamaha, qaabka AutoIBRS (Automatic Laan Restricted Speculation) ayaa lagu daray, oo lagu taageeray CPU-yada AMD ee ka bilaabmaya qoyska EPYC 9004 Genoa.
  • Koonteenarada, waxaa suurtogal ah in loo isticmaalo chips-ka-fanka ah si loo kaydiyo furayaasha cryptographic (vTPM), oo lagu hirgeliyay habka caadiga ah ee TPM (Trusted Platform Module).
  • LVM waxay ku dartay taageerada qaybaha macquulka ah ee vmcore ee qashin qubka xudunta u ah ee uu dhaliyo nidaamka hoosaadka kdump.
  • Halbeegga "inst.wait_for_disks" ayaa lagu daray shirarkii rakibaadda, kaas oo qeexaya wakhtiga sugitaanka ee faylka kickstart si uu u soo shubo ama darawaladu diyaar u noqdaan inta lagu jiro habka bootinta.
  • Marka lagu rakibayo nidaamyada ARM, rakibayuhu wuxuu bixiyaa awood uu ku doorto nooca kernel-ka la rakibay (tusaale, oo leh 64 KB bogagga xusuusta). Xirmada s390utils-base waa laga saaray habka rakibida ugu yar oo kaliya s390utils-core ayaa hadhay.
  • Sawir-dhisaha RHEL wuxuu ku daray awoodda soo saarista faylasha OVA ee VMware VSphere.
  • Faylasha kickstart, xulashooyinka cusub "-ipv4-dns-search" iyo "-ipv6-dns-search" ayaa lagu daray amarka shabakada si loo dejiyo xayndaabka saldhigga ee dardaaranka "search" ee /etc/resolv.conf, iyo sidoo kale ikhtiyaarka "-ipv4-ignore-auto-dns" iyo "-ipv6-ignore-auto-dns" si loo iska indho-tiro soo-celinta DNS-ka ee DHCP.
  • Taageerada la wanaajiyay ee fidinta TLS EMS (Sirdoonka Sare ee La Dheereeyay, RFC 7627, ayaa looga baahan yahay si loo hubiyo u hoggaansanaanta shuruudaha FIPS-140-3 ee isku xirka ku saleysan TLS 1.2.
  • OpenSSH waxay bilowday inay joojiso algorithms-keeda hash-ka ku salaysan SHA-1 iyadoo u janjeerta SHA-2. server Furaha ku salaysan SHA-1 ee ka maqan sshd hadda waxay isticmaali doonaan oo keliya SHA-2 si ay u xaqiijiyaan furayaasha martida loo yahay, taasoo keeni karta in aan la jaanqaadi karin macaamiisha RHEL 8 iyo kuwa ka weyn.
  • OpenSSL waxay ku darsataa taageerada hagaajinta cabbirada ee Brainpool sugidda qaloocyada saqafka leh waxayna siisaa ka-hortagga weerarrada decryption ee RSA ee ku saleysan waqtiga hawlgallada iyadoo la adeegsanayo noocyada habka Bleichenbacher.
  • RPCSEC GSS Kerberos V5 waxay ku daraysaa taageerada camellia128-cts-cmac, camellia256-cts-cmac, aes128-cts-hmac-sha256-128 iyo aes256-cts-hmac-sha384-192 hababka sirta ah.
  • Taageerada dhacdooyinka FANOTIFY ayaa lagu daray agabka hanti dhawrka iyo goobaha fan_type (nooca dhacdada), fan_info (macluumaad la xidhiidha), sub_trust iyo obj_trust (heerarka aaminaadda mawduuca iyo shayga dhacdada) ayaa lagu kaydiyay diiwaanka. Si loo fududeeyo dhibaatooyinka qaladka, adeegga fapolicyd wuxuu ku daray gudbinta nambarada qaanuunka ee wicitaanada la diiday ee fanotify API.
  • Door nidaam ayaa lagu daray xirmada Toolkit-ka, kaas oo fududeynaya qaabeynta diiwaan-hayaha Keylime iyo xaqiijiyaha, loo isticmaalo xaqiijinta xaqiiqada iyo si joogto ah loola socdo daacadnimada nidaamka dibadda. Tusaale ahaan, waxaad xaqiijin kartaa aqoonsiga aaladaha Edge iyo IoT ee ku yaal meel aan la koontaroolin halkaasoo gelitaan aan la oggolayn ay suurtagal tahay. Siideynta cusub ee keylime 7.3 ayaa ku lug leh.
  • Waxaa lagu daray doorka nidaamka si loo maareeyo loona rakibo cutubyada habaysan. Door nidaam ayaa lagu daray rakibidda, habaynta, maaraynta iyo socodsiinta PostgreSQL DBMS. Taageerada qeexida, bedelida iyo tirtirida ipset-ka ayaa lagu daray doorka nidaamka dab-damiska.
  • SELinux waxay ku dartay ikhtiyaarka virt_qemu_ga_run_unconfined, kaas oo u oggolaanaya habka qemu-ga (Wakiilka Martida QEMU) inuu socodsiiyo amarada, sida mount, qaab aan la sugin ( domain-ka unconfined_t) ee asal ahaan ay xaddiday SELinux. Waxaa lagu daray siyaasadaha SELinux si loo ilaaliyo qaadka, systemd-store, boothd, fdo-warshadaynta-server, fdo-rendezvous-server, fdo-client-linuxapp iyo fdo-milkiilaha-kordhinta-server.
  • Taageero lagu daray qalabka wax-soo-saarka ee jiilka 4-aad ee Intel Xeon Scalable (Sapphire Rapids), kaas oo kuu oggolaanaya inaad ku isticmaasho moodalka SapphireRapids CPU ee mashiinnada farsamada gacanta oo aad isticmaasho awoodaha wax-ku-oolka ah ee horumarsan ee laga heli karo soo-saareyaashan.
  • Podman wuxuu ku daraa taageerada weelasha la cufan iyadoo la isticmaalayo algorithmamka zstd. Waxaa lagu daray awoodda isticmaalka Quadlets si ay si toos ah uga soo saarto adeegyo nidaamsan sharraxaadda weelka. Qolfoofka podmansh ee lagu daray, kaas oo loo isticmaali karo beddelka /usr/bin/bash si loo bilaabo fadhiga isticmaalaha weelka dhexdiisa. Noocyada la cusboonaysiiyay ee Podman, Buildah, Skopeo, crun iyo runc.
  • Lagu daray xulashooyinka khadka taliska kernel-ka cusub:
    • amd_pstate si loo xakameeyo hababka isticmaalka awoodda AMD CPUs;
    • arm64.nosve si aad u joojiso SVE
    • arm64.nosme si aad u joojiso SME (kordhinta Matrix Scalable);
    • gather_data_sampling si loo xakameeyo qaabka looga hortagayo weerarrada GDS (Ururinta Xogta ama Hoos u dhaca);
    • nospectre_bhb si loo joojiyo ilaalinta Specter-BHB;
    • trace_clock ee dejinta saacada dhacdada raadraaca
  • Awoodaha la balaariyay ee kutlada iyo nidaamyada u dulqaadashada cilladaha: Taageerada beddelka (guuldarrida) kooxaha qaybinta ee aan lahayn qaybo jireed ayaa lagu daray wakiilka LVM-firfircoon. Taageerada habaynta siyaasada ayaa lagu daray wakiilada khayraadka kooxda IPaddr2 iyo IPsrcaddr. Taageerada EFS (Nidaamka Faylka Elastic ee Amazon) ayaa lagu daray ocf:wadnaha:Wakiilka nidaamka faylka.
  • Sawirro weel cusub oo lagu daray oo leh FDO (Aaladda FIDO dusha saaran) dejinta: fdo-soo-saarka-server, fdo-milkiilaha-kordhinta-server, fdo-rendezvous-server iyo fdo-serviceinfo-api-server. Lagu daray sawirka weelka rhel9/squid cusub oo wata wakiilka Squid. Daabacaadda RHEL ee Edge waxay taageertaa noocyada muuqaalka cusub "minimal-ceriw", "edge-vsphere" (*.vmdk) iyo "edge-ami" (*.ami).
  • Taageerada bootinta qaabka UEFI ayaa lagu daray sawirada AMI ee jawiga daruuraha ee AWS EC2.
  • Si aad ula shaqeyso kaararka casriga ah iyo calaamadaha USB CCID (Aaladda Interface Card Chip Card) iyo ICCD (Integrated Circuit Card Device), siideynta cusub ee darawalka pcsc-lite-ccid 1.5.2 ayaa la isticmaalaa, kaas oo xalliya dhibaatooyinka Alcor Micro AU9560 kontaroolaha oo ku daraa taageerada akhristayaasha cusub kaararka smart
  • Xirmooyinka bilowga-dejinta iyo pmdk (Qalabka Horumarinta Xusuusta Joogtada ah) waa la joojiyay.
  • Taageero tijaabo ah oo lagu daray PRP (Parallel Redundancy Protocol) iyo HSR (helid-sare oo aan kala joogsi lahayn) borotokoollada.
  • Muuqaal tijaabo ah ayaa lagu daray dardargelinta qalabka IPsec iyadoo loo wareejinayo hawlaha xirmooyinka xirmooyinka dhinaca kaadhka shabakadda.
  • Taageero tijaabo ah oo lagu daray SRv6 (Qaybta Jidka IPV6).
  • Hirgelinta tijaabada ah ee kTLS (heer-kernel TLS) waxay la mid tahay kernel 6.3. Taageero lagu daray isticmaalka kTLS si loo dardargeliyo GnuTLS.
  • Taageero tijaabo ah oo lagu daray io_uring asynchronous I/O interface, oo caan ku ah taageeradeeda cod-bixinta I/O iyo awoodda lagu shaqeeyo ama la'aanteed. Iyada oo la adeegsanayo io_uring API, soo-saareyaasha kernel-ka ayaa isku dayay inay tirtiraan cilladaha interface-kii hore ee aio. Xagga waxqabadka, io_uring aad ayuu ugu dhow yahay SPDK wuxuuna si weyn uga horreeyaa libaio marka la shaqaynayo cod bixinta.
  • Taageerada tijaabada ah ee ACME (Automated Certificate Management Environment) borotokoolka maaraynta shahaado ee loo isticmaalo Aan sirin hay'adda shahaado ayaa lagu daray IdM (Maaraynta Aqoonsiga).
  • Podman waxa uu ku daray ikhtiyaar tijaabo ah si loo isticmaalo kaydinta kaydinta ku salaysan SQLite (halkii BoltDB).
  • Bixinta sii socota ee taageerada tijaabada (Aragti Farsamo)
    • VPN waardiyaha,
    • Intel SGX (Kordhinta Ilaalada Software),
    • Intel IDXD (Data Streaming Accelerator),
    • DAX (Gelitaanka tooska ah) ee ext4 iyo XFS,
    • AMD SEV iyo SEV-ES ee KVM hypervisor,
    • adeeg habaysan,
    • Habka Sigstore ee lagu xaqiijiyo weelasha iyadoo la adeegsanayo saxeexyada dhijitaalka ah,
    • xirmo wata tifaftiraha garaafyada GIMP 2.99.8,
    • Dejinta MPTCP (Multipath TCP) iyada oo loo sii marayo NetworkManager,
    • DNSSEC gudaha IDM,
    • virtio-mem
    • KVM hypervisor ee ARM64,
    • Ku rakibida NVMe ee kanaalka Fiber,
    • Socket API ee TuneD,
    • Soft-iWARP (Bartakoolka RDMA-ga ballaadhan ee internet-ka),
    • GNOME ee ARM64 iyo IBM Z.

    Source: opennet.ru

    Add a comment