ProHoster > Блог > wararka internetka > Siideynta OpenBSD 6.7

Siideynta OpenBSD 6.7

Soo gudbiyey siideynta nidaamka qalliinka ee UNIX u eg oo iskutallaab ah oo bilaash ah FuranBBS 6.7. Mashruuca OpenBSD waxaa aasaasay Theo de Raadt 1995 ka dib khilaaf iyada oo la socota horumarinta NetBSD, taas oo keentay in Teo loo diido inuu galo kaydka NetBSD CVS. Taas ka dib, Theo de Raadt iyo koox isku mid ah ayaa abuuray nidaam cusub oo furan oo ku salaysan geedka NetBSD, kuwaas oo ahdaafta ugu muhiimsan ee la qaadi karo (taageeray 12 aaladaha aaladaha), jaangooyada, hawlgalka saxda ah, amniga firfircoon iyo aaladaha cryptographic isku dhafan. Cabbirka rakibaadda buuxa sawirka ISO Nidaamka saldhigga OpenBSD 6.7 waa 470 MB.

Marka lagu daro nidaamka qalliinka laftiisa, mashruuca OpenBSD wuxuu caan ku yahay qaybihiisa, kuwaas oo ku faafay nidaamyada kale waxayna isku caddeeyeen inay yihiin mid ka mid ah xalalka ugu amniga iyo tayada sarreeya. Iyaga ka mid ah: LibreSSL (fargeeto OpenSSL), OpenSSH, filter baakad PF, daemons-ka wadida FurBGPD iyo OpenOSPFD, NTP server FurNTPD, mail server FurSMTPD, text terminal multiplexer (la mid ah shaashadda GNU) tmux, daemon aqoonsan Iyadoo la fulinayo nidaamka aqoonsiga, beddelka BSDL ee xirmada guud ee GNU - mandoc, borotokoolka abaabulka nidaamyada u-dulqaadashada khaladaadka CARP http server, utility synchronization file FurRSYNC.

Main horumar:

  • Nidaamka faylka FFS2, kaas oo adeegsada 64-bit waqti iyo xannibaadaha qiyamka, ayaa si toos ah loogu oggolaaday rakibaadda cusub ee ku dhawaad ​​dhammaan dhismayaasha la taageeray halkii FFS (marka laga reebo landisk, luna88k, iyo sgi).
  • Hab cusub ayaa lagu daray si loo hubiyo saxnaanta wicitaanada nidaamka, taas oo sii adkeynaysa ka faa'iidaysiga dayacanka. Habka ayaa u ogolaanaya wicitaanada nidaamka in la fuliyo kaliya haddii laga soo galo meelaha xusuusta ee hore u diiwaangashan. Wicitaan cusub oo msyscall() ah ayaa la soo jeediyay si loo calaamadiyo meelaha xusuusta oo loo hawlgeliyo ilaalinta.
  • Tirada qaybaha lagu samayn karo hal saxan ayaa laga dhigay 7 ilaa 15.
  • Koodhka xulashada cron ayaa dib loo qoray si uu u taageero sifooyinka u eg sida "-ns" iyo dib u qeexida calamo isku mid ah. Goobta "ikhtiyaarada" ee crontab waxaa loo bedelay "calan". Waxaa lagu daray calan "-s" crontab si hal tusaale oo kaliya oo shaqo ah loo socodsiiyo markiiba. Lagu daray "~" hawlwadeen si uu u caddeeyo qiimaha wakhtiga random.
  • Maamulaha daaqada cwm waxa uu fuliyaa awooda lagu go'aamiyo cabbirka daaqada sida boqolkiiba inta uu le'eg yahay cabbirka daaqadda aasaasiga ah ee qaab-dhismeed foorarsan.
  • Qaab dhismeedka powerpc wuxuu u wareegay isticmaalka Clang si caadi ah wuxuuna awooday hirgalinta mplock-ka madax banaan qaabdhismeedka.
  • apmd waxa ay wanaajisay taageerada heeganka tooska ah iyo hibernation (-z/-Z) - daemon-ku hadda waxa uu ka jawaabayaa fariimaha beddelka batteriga ee uu soo diro darawalka la socodka awoodda. U gudubka hurdada waxay ku dhacdaa dib u dhac 60 ilbiriqsi ah, taas oo siinaysa isticmaaluhu wakhti uu ku xakameeyo.
  • Lagu darey $REQUEST_SCHEME doorsoomiyaha qaabeynta HTTP ee ku dhex dhisan si loo ilaaliyo borotokoolka asalka ah (http ama https) marka dib loo hagayo, iyo sidoo kale ikhtiyaarka "strip" si loogu ogolaado chroots badan gudaha /var/www ee adeegayaasha FastCGI.
  • Utility-ga ugu sarreeya hadda wuxuu taageeraa duubista iyadoo la adeegsanayo furayaasha 9 iyo 0.
  • Nidaam lagu xoreeyo boggaga xusuusta ee u kala horreeyaan ayaa la soo bandhigay, taas oo si weyn u kordhinaysa waxtarka si firfircoon u xoraynta tiro badan oo bogag ah.
  • Adeegga DNS ee aan xidhnayn wuxuu leeyahay hubinta DNSSEC oo si toos ah u shaqaynaysa.
  • Wicitaannada nidaamka waa laga xoreeyay xannibaadda caalamiga ah
    __ hurdo (2), __thwakeup (2), dhow (2), u dhow (2), dup (2), dup2 (2), dup3 (2), adhiga (2), fcntl (2), kqueue (2), tube (2), pipe2 (2) iyo nanosleep (2), iyo sidoo kale qaybta aasaasiga ah ee ioctl (2).

  • Taageerada qalabka oo la fidiyay. Darawal cusub oo iwx ah ayaa lagu soo daray Intel AX200 wireless chips, darawalka iwm wuxuu ku daray taageerada aaladaha Intel 9260 iyo 9560. Darawalka rge waxaa lagu daray Realtek 8125 PCI Express 2.5Gb. Darawallo badan oo cusub ayaa la soo jeediyay si ay u horumariyaan waxqabadka looxa arm64 iyo armv7, oo ay ku jiraan taageerada dheeraadka ah ee guddiga Raspberry Pi 4 iyo horumarinta taageerada Raspberry Pi 2 iyo 3.
  • Nidaam hoosaadka codka sndio waa la ballaariyay. Waxaa lagu daray sioctl_open API iyo sndioctl utility si loogu xakameeyo codka iyadoo loo marayo sndiod. /dev/mixer waa laga saaray dhammaan dekedihii waxa loo beddelay sndio halkii laga isticmaali lahaa isku-dhafka kernel-ka. Sndiod wuxuu bixiyaa isticmaalka hababka xakamaynta mugga hardware. Si kor loogu qaado amniga, isticmaaleha joogtada ah ee gelitaanka /dev/audio* iyo /dev/rmidi* waa mamnuuc.
  • Xirmada bilaa-waayirka ah waxay joojisaa isku xidhka shabakad kasta oo la heli karo oo Wi-Fi ah oo aan taageerin sirta, marka laga reebo adoo si cad u waca amarka "ifconfig join" Waxay xaqiijisaa in sawirka asalka ah ee shabakadaha la heli karo la bilaabo marka amarka "ifconfig scan" uu fuliyo isticmaalaha xididka. Kaydka natiijooyinka iskaanka waa la kordhiyey Waxaa lagu daray calanka "nwflag nomimo", oo lagu dejiyay ifconfig, kaas oo ka caawinaya in laga takhaluso luminta xirmooyinka qaabka 11n haddii qalabku leeyahay isku-xirayaasha anteenada aan xidhnayn. Taageero lagu daray qaabka iskaanka firfircoon ee darawalka bwfm. U beddelashada tooska ah ee shabakadaha wireless-ka oo la hagaajiyay iyadoo hoos loo dhigayo mudnaanta shabakadaha aan lagu xidhi karin.
  • Darawal cusub oo ppac ah ayaa ka soo muuqday isku xidhka shabkada, kaas oo ay ku jirto hirgalinta isku xidhka Xidhiidhka Galitaanka ee PPP. Bedelay habaynta npppd.conf si loo isticmaalo pppac halkii laga isticmaali lahaa tun. Marka baakidh-wareejintu ay naafada noqoto, jeeg ayaa lagu daray si loo hubiyo in ciwaanka loo socdo ee baakidhku uu la mid yahay ciwaanka is dhexgalka shabakada. Taageerada mobilada waa la saaray
  • Isticmaalayaasha aan xididka ahayn waa ka mamnuuc inay isticmaalaan ioctl si ay u beddelaan ciwaanka interneedka shabakadda oo ay u beddelaan cabbirrada interneedka pppoe.
  • sysupgrade waxay hubisaa in cusboonaysiinta firmware-ka (fw_update) la bilaabay ka hor inta aan dib loo kicin ka hor inta aan la cusboonaysiin.
  • Wicitaanka nidaamka daah-furka ayaa la hagaajiyay si loo bixiyo go'doomin gelitaanka nidaamka faylka. Tirada codsiyada nidaamka aasaasiga ah ee ilaalinta iyadoo la adeegsanayo daah-furka ayaa la kordhiyey oo laga dhigay 82. Oo ay ku jiraan vmstat, iostat iyo systat loo wareejiyay daah-furka.
  • Taageerada RSA-PSS waxaa lagu daray crypto(3).
  • Taageerada DoT (DNS ka badan TLS) ayaa lagu daray xalinta DNS-ka fur furka ah. Lagu daray amarka "unwindctl status memory".
  • Hirgelinta ipsec si weyn ayaa loo casriyeeyay. Taageero lagu daray oo si toos ah ugu dhaqaaqida taraafikada inta u dhaxaysa rdomains inta lagu jiro sirta iyo fur-furida si looga ilaaliyo weerarada kanaalka. Taageero lagu daray beddelka rdmain ee iked, oo lagu daray 'rdomain' ikhtiyaarka iked.conf
    Heerka caadiga ah ee iked iyo isakmpd waa IPSEC_LEVEL_REQUIRE, taas oo ka hortagaysa habaynta baakadaha aan qarsoodi ahayn ee u dhigma socodka. Curve25519, ecp256, ecp384, ecp521, modp3072 iyo modp4096 algorithms ayaa lagu daray goobaha kooxda Diffie-Hellman ee IKE SA. In iked, habka aqoonsiga asalka ah ayaa loo beddelay aqoonsiga saxeexa dhijitaalka ah (RFC 7427). Dejinta ESN ayaa lagu daray iked.conf. Lagu daray "-p" ikhtiyaar si loo doorto lambarka dekedda UDP ee aan caadiga ahayn.

  • Awoodaha Tmux terminal multiplexer waa la balaariyay waxaana lagu daray doorashooyin badan oo cusub.
  • Nooca server-ka boostada ee OpenSMTPD waa la cusboonaysiiyay. Shaandhooyinka ku dhex jira waxa ay hirgeliyaan erayga muhiimka ah ee "bypass" si ay uga boodaan socodsiinta xaaladaha la cayimay. Oggolow magaca isticmaalaha fadhiga smtpd ee hadda in loo isticmaalo shaandhada. Gudaha smtpd.conf, halbeegyada ayaa u oggolaanaya isticmaalka mail-ka iyo rctp-to.
  • Xirmada OpenSSH 8.2 waa la cusboonaysiiyay si loogu daro taageerada FIDO/U2F calaamadaha xaqiijinta laba-geesoodka ah. Waxaad arki kartaa dulmar faahfaahsan oo ku saabsan hagaajinta halkan.
  • La cusboonaysiiyay xirmada LibreSSL, kaas oo hirgelinta TLS 1.3 ee ku salaysan mishiin cusub oo dawladeed iyo nidaam hoosaadyo loogu shaqaynayo diiwaanada la dhamaystiray. Sida caadiga ah, kaliya qaybta macmiilka ee TLS 1.3 ayaa karti u leh hadda; qaybta server-ka ayaa la qorsheeyay in lagu hawlgeliyo si caadi ah siideynta mustaqbalka. Liiska isbedelada kale waxaa lagu arki karaa ogeysiisyada sii deynta 3.1.0 и 3.1.1.
  • Tirada dekedaha qaab dhismeedka AMD64 waxay ahayd 11268, loogu talagalay aarch64 - 10848, loogu talagalay i386 - 10715. Qaybaha soosaarayaasha dhinac saddexaad ee lagu daray OpenBSD 6.7 waa la cusboonaysiiyay:
    • Xirmooyinka sawirada Xenocara oo ku salaysan X.Org 7.7 oo leh xserver 1.20.8 + patches, nooca free 2.10.1, fontconfig 2.12.4, Mesa 19.2.8, xterm 351, xkeyboard-config 2.20;
    • LLVM/ Clang 8.0.1 (oo leh balastar)
    • GCC 4.2.1 (oo leh balastar) iyo 3.3.6 (lambarro leh)
    • Perl 5.30.2 (oo leh balastar)
    • NSD 4.2.4
    • Furan 1.10.0
    • Nacalada 5.7
    • Binutils 2.17 (oo leh balastar)
    • Gdb 6.3 (oo leh balastar)
    • Awk December 20, 2012
    • Baahinta 2.2.8

    Source: opennet.ru

Add a comment