ProHoster > Блог > wararka internetka > FreeBSD 13.1 sii deynta

FreeBSD 13.1 sii deynta

Hal sano oo horumarineed ka dib, FreeBSD 13.1 waa la sii daayay. Sawirada rakibaadda waxaa loo heli karaa amd64, i386, powerpc, powerpc64, powerpc64le, powerpcspe, armv6, armv7, aarch64 iyo riscv64 architectures. Intaa waxaa dheer, shirarka waxaa loo diyaariyey nidaamyada wax-ku-oolka ah (QCOW2, VHD, VMDK, cayriin) iyo deegaanka daruuraha Amazon EC2, Google Compute Engine iyo Vagrant.

Nooca cusub:

  • Darawal iwlwifi ah ayaa loo soo jeediyay kaadhadhka bilaa-waayirka Intel oo taageero u ah chips cusub iyo heerka 802.11ac. Darawalku waxa uu ku salaysan yahay darawalka Linux iyo koodka net80211 Linux subsystem, kaas oo ku shaqeeya FreeBSD isticmaalaya lakabka linuxkpi.
  • Hirgelinta nidaamka faylka ZFS ayaa la cusboonaysiiyay siidaynta OpenZFS 2.1 iyadoo la taageerayo tignoolajiyada dRAID (Distributed Spare RAID) iyo hagaajinta waxqabadka muhiimka ah.
  • Qoraal cusub oo rc zfskeys ah ayaa lagu daray, kaas oo aad ku abaabuli karto si toos ah furista qaybaha ZFS ee sir ah marxaladda boot.
  • Xirmada shabakadu waxay bedeshay habdhaqanka ciwaannada IPv4 ee leh nambarka raadraaca eber (x.x.x.0), kaas oo hadda loo isticmaali karo martigeliyaha oo aan si caadi ah loo baahin. Dhaqankii hore waxaa lagu soo celin karaa iyadoo la isticmaalayo sysctl net.inet.ip.broadcast_lowest.
  • Qaab dhismeedka 64-bit, dhisidda nidaamka saldhigga iyadoo la adeegsanayo PIE (Position Independent Executable) hab waa la dajiyay. Si loo joojiyo, WITHOUT_PIE dejinta waa la bixiyay.
  • Waxaa lagu daray awoodda loogu yeero chroot habka aan mudnaanta lahayn ee leh calanka NO_NEW_PRIVS. Habka waxaa la dajiyay iyadoo la isticmaalayo sysctl security.bsd.unprivileged_chroot. Xulashada "-n" ayaa lagu daray utility chroot, kaas oo dejinaya calanka NO_NEW_PRIVS nidaamka ka hor inta aan la go'doomin.
  • Hab loogu talagalay tafatirka tooska ah ee qaybaha diskka ayaa lagu daray rakibaha bsdinstall, taasoo kuu oggolaanaysa inaad ku xidho qoraallada qaybinta ee shaqeeya iyada oo aan la adeegsan isticmaale magacyo kala duwan. Qaabka la soo jeediyay ayaa fududeynaya abuurista warbaahinta rakibaadda si toos ah si toos ah u shaqeynaya nidaamyada iyo mashiinnada farsamada leh ee disksyada kala duwan.
  • Taageerada kabaha la hagaajiyay ee nidaamyada UEFI. Bootloader-ku waxa uu awood u si toos ah u habayn kara cabbirka koobiga_staging iyada oo ku xidhan awoodaha kernel-ka raran yahay.
  • Shaqada ayaa la qabtay si kor loogu qaado waxqabadka bootloader, nvme, rtsold, bilawga abuuraha nambarka random-ka ee been-abuurka ah iyo qiyaasida saacada, taasoo keentay hoos u dhaca wakhtiga bootloader.
  • Taageero lagu daray NFS kanaalka isgaarsiineed sir ah oo ku saleysan TLS 1.3. Hirgelinta cusub waxay isticmaashaa kernel-ka ay bixiso TLS si ay awood ugu yeelato dardargelinta qalabka. Waxay ku dhistaa hababka rpc.tlsclntd iyo rpc.tlsservd macmiilka NFS-over-TLS iyo hirgelinta serfer, oo si caadi ah u suurtageliyay amd64 iyo arm64 naqshadaha.
  • NFSv4.1 iyo 4.2, xulashada nconnect mount ayaa la hirgeliyay, taas oo go'aamisa tirada isku xirka TCP ee la sameeyay serverka. Xidhiidhka ugu horreeya waxaa loo isticmaalaa farriimaha yaryar ee RPC, inta soo hartayna waxaa loo isticmaalaa in lagu dheellitiro taraafikada iyo xogta la gudbiyo.
  • Adeegga NFS, sysctl vfs.nfsd.srvmaxio ayaa lagu daray, kaas oo kuu ogolaanaya inaad beddesho cabbirka I/O ee ugu sarreeya (128Kb ugu sarreeya).
  • Taageerada qalabka oo la hagaajiyay. Taageerada kontoroolka Intel I225 Ethernet ayaa lagu daray darawalka igc. Taageerada la hagaajiyay ee nidaamyada Big-endian. Dareewalka mgb ee aaladaha Microchip LAN7430 PCIe Gigabit Ethernet kontaroolaha
  • Darawalka barafka ee loo isticmaalo kontaroolayaasha Intel E800 Ethernet ayaa loo cusboonaysiiyay nooca 1.34.2-k, kaas oo hadda ku jira taageerada ka tarjumaysa dhacdooyinka firmware-ka ee diiwaanka nidaamka iyo hirgelinta bilowga ah ee DCB (isku xidhka xarunta xogta) kordhinta borotokoolka ayaa lagu daray.
  • Sawirada Amazon EC2 si caadi ah ayaa loogu awood si ay u adeegsadaan UEFI halkii BIOS.
  • Bhyve hypervisor ayaa cusbooneysiiyay qaybaha loogu talagalay ku dayashada darawalada NVMe si ay u taageeraan qeexitaanka NVMe 1.4. Arrimo lagu xalliyay NVMe iovec inta lagu jiro I/O degdega ah.
  • Maktabadda CAM waxa loo beddelay in loo isticmaalo wicitaanka dariiqa dhabta ah marka la samaynayo magacyada aaladaha, taas oo u oggolaanaysa isku xidhka calaamadaha aaladaha in loogu isticmaalo camcontrol iyo utility smartctl. camcontrol wuxuu xalliyaa mashaakilaadka soo dejinta firmware-ga aaladaha.
  • Utility svnlite ayaa joojisay dhismaha nidaamka saldhigga.
  • Noocyo Linux ah oo lagu daray yutiilitida xisaabinta jeegaga (md5sum, sha1sum, iwm.) kuwaas oo lagu hirgeliyay in la wacayo adeegyada BSD ee jira (md5, sha1, iwm.) oo wata ikhtiyaarka “-r”.
  • Taageerada maamulka NCQ ayaa lagu daray utility mpsutil iyo macluumaadka ku saabsan adaabta ayaa la soo bandhigay.
  • Gudaha /etc/defaults/rc.conf, asal ahaan, ikhtiyaarka "-i" waa la furayaa marka la wacayo hababka rtsol iyo rtsold, kuwaas oo mas'uul ka ah dirida ICMPv6 RS (Router Solicitation) fariimaha. Doorashadani waxay curyaamisaa daahitaanka random ka hor inta aanad fariin dirin.
  • Riscv64 iyo riscv64sf architectures, dhisida maktabado leh ASAN (cinwaan nadiifiyaha), UBSAN (Nadiifiye Dhaqan aan la qeexin), OpenMP iyo OFED (Open Fabrics Enterprise Distribution) waa la dajiyay.
  • Dhibaatooyinka go'aaminta hababka dardargelinta hardware ee hawlgallada cryptographic ee ay taageerayaan ARMv7 iyo ARM64 soo-saareyaasha ayaa la xalliyay, taas oo si weyn u dardargelisay hawlgalka aes-256-gcm iyo sha256 algorithms ee nidaamyada ARM.
  • Qaab dhismeedka powerpc, xirmada ugu weyn waxaa ku jira LLDB debugger, oo uu sameeyay mashruuca LLVM.
  • Maktabada OpenSSL waxa la cusboonaysiiyay nooca 1.1.1o waxaana lagu balaadhiyey habaynta isku dhafka ee powerpc, powerpc64 iyo powerpc64le architectures.
  • Seferka SSH iyo macmiilka ayaa loo cusboonaysiiyay OpenSSH 8.8p1 iyadoo la taageerayo saxeexyada dhijitaalka ah ee rsa-sha waa naafo iyo taageerada xaqiijinta laba-geesood iyadoo la isticmaalayo aaladaha ku salaysan nidaamka FIDO/U2F. Si loola falgalo aaladaha FIDO/U2F, noocyada furaha cusub ee “ecdsa-sk” iyo “ed25519-sk” ayaa lagu daray, kuwaas oo adeegsada ECDSA iyo Ed25519 saxeexa dhijitaalka ah ee algorithms, oo lagu daray SHA-256 hash.
  • Noocyada la cusboonaysiiyay ee codsiyada qolo saddexaad ee lagu daray nidaamka aasaasiga ah: awk 20210215 (oo leh balastar curyaaminaya isticmaalka aagagga ee kala duwanaanta iyo hagaajinta la jaanqaadka gawk iyo mawk), zlib 1.2.12, libarchive 3.6.0.

Source: opennet.ru

Add a comment