ProHoster > Блог > wararka internetka > Siideynta OpenBSD 7.4

Siideynta OpenBSD 7.4

Siidaynta nidaamka hawlgalka ee UNIX u eg ee bilaashka ah ee OpenBSD 7.4 ayaa la soo bandhigay. Mashruuca OpenBSD waxaa aasaasay Theo de Raadt 1995 ka dib markii ay isku dhaceen horumarinta NetBSD, taas oo keentay in Theo loo diido inuu galo kaydka NetBSD CVS. Taas ka dib, Theo de Raadt iyo koox isku mid ah ayaa abuuray nidaam cusub oo furan oo ku salaysan geedka isha NetBSD, ujeedooyinka horumarinta ee ugu muhiimsan kuwaas oo ahaa la qaadi karo (13 qalab oo qalab ah ayaa la taageerayaa), jaangooynta, hawlgalka saxda ah, amniga firfircoon. iyo qalab isku dhafan oo qarsoodi ah. Sawirka buuxa ee rakibaadda ISO ee nidaamka saldhigga OpenBSD 7.4 waa 630 MB.

Marka lagu daro nidaamka qalliinka laftiisa, mashruuca OpenBSD wuxuu caan ku yahay qaybihiisa, kuwaas oo ku faafay nidaamyada kale waxayna isku caddeeyeen inay yihiin mid ka mid ah xalalka ugu amniga iyo tayada sarreeya. Waxaa ka mid ah: LibreSSL (fargeeto OpenSSL), OpenSSH, filtarrada xirmada PF, OpenBGPD iyo OpenOSPFD daemons routing, OpenNTPD NTP server, OpenSMTPD mail server, text terminal multiplexer (oo la mid ah shaashadda GNU) tmux, daemon la aqoonsan yahay oo leh hirgelinta borotokoolka aqoonsiga, beddelka BSDL GNU groff pack - mandoc, borotokoolka habaynta nidaamyada u-dulqaadashada khaladaadka CARP (Cinwaanka Caadiga ah ee Caymiska), server-ka fudud ee http, utility synchronization file OpenRSYNC.

Horumarka ugu weyn:

  • Qaab-dhismeedka amd64 iyo i386, qaybaha lagu cusboonaysiinayo microcode ee soo-saareyaasha AMD ayaa lagu daray. Noocyo cusub oo microcode ayaa si toos ah loo rakibay marka la soo dejiyo. Dekadda "dekedaha / sysutils / firmware / amd" ayaa loo diyaariyey qaybinta faylalka binary oo leh microcode. Rakibaadda microcode cusub waxaa lagu fuliyaa iyadoo la isticmaalayo heerka fw_update utility. Taageerada cusboonaysiinta microcode ee la midka ah ee soo-saareyaasha Intel ayaa la hirgeliyay 2018 waxaana lagu bixiyay OpenBSD 6.3.
  • Kernel-ka iyo booska isticmaalaha, IBT (Raadinta Laanta tooska ah, amd64) iyo BTI (Aqoonsiga Bartilmaameedka Laanta, arm64) hababka ilaalinta ayaa awood u siinaya inay xannibaan xadgudubyada socodka socodka ee ka yimaada isticmaalka faa'iidooyinka wax ka beddelaya tilmaamayaasha shaqada ee lagu kaydiyay xusuusta (ilaalinta la hirgeliyay ma ogola kood xaasidnimo inuu u boodo bartamaha shaqada).
  • Nidaamyada arm64, Xaqiijinta Tilmaamaha waa la dajiyay si loo ilaaliyo booska isticmaalaha. Tiknoolajiyadu waxay kuu ogolaaneysaa inaad isticmaasho tilmaamo gaar ah oo ARM64 si aad u xaqiijiso ciwaanada soo celinta adoo isticmaalaya saxiixyada dhijitaalka ah ee lagu kaydiyay qaybaha sare ee aan la isticmaalin ee tilmaame laftiisa.
  • Hababka habaynta nidaamka qabiilka, iyo sidoo kale qabiilka iyo gcc ee dekedaha, ayaa loo bedelay in la isticmaalo hababka ilaalinta ee kor ku xusan, taas oo si weyn u xoojisay ilaalinta dhammaan codsiyada saldhigga ah iyo inta badan codsiyada ka yimaada dekedaha si looga faa'iidaysto iyada oo la adeegsanayo soo noqoshada-oriented. hababka barnaamijyada Markaad isticmaalayso farsamada ROP, weeraryahanku iskuma dayo inuu koodka geliyo xusuusta, laakiin wuxuu ku shaqeeyaa qaybo ka mid ah tilmaamaha mashiinka ee horeyba looga heli jiray maktabadaha raran, isagoo ku dhameynaya tilmaamaha soo celinta kontoroolka (sida caadiga ah, kuwani waa dhamaadka hawlaha maktabadda) . Shaqada ka faa'iidaysigu waxay hoos ugu dhacdaa dhisidda silsilad wicitaanno ah oo la mid ah blocks ("qalab") si loo helo shaqeynta la rabo.
  • Waxaa lagu daray nidaam cusub oo wac kqueue1, kaas oo ka duwan kqueue marka la marayo calanka. Waqtigan xaadirka ah, kqueue1 kaliya waxay taageertaa calanka O_CLOEXEC (ku dhow-on-exec) si ay si toos ah ugu xidho sharraxayaasha faylalka habsocodka ilmaha ka dib markay wacdo exec().
  • Dhismaha amd64 iyo i386, taageerada qalabka been abuurka ah ee dt ayaa la hirgeliyay si loo abaabulo raadinta firfircoon ee nidaamka iyo codsiyada. Wicitaanka nidaamka utrace ayaa lagu daray si loo geliyo gelinta isticmaalayaasha galka ktrace.
  • Hagaajinta ayaa laga soo wareejiyay FreeBSD si wax looga qabto dabeecadaha aan la qeexin marka la isticmaalayo nidaamyada faylka MS-DOS.
  • Xulashada buurta softdep ee loo isticmaalo qorista xogta badan ee la kooxaysan waa la joojiyay.
  • Barnaamijyada lagu ilaaliyo wicitaanka nidaamka daah-furka ayaa loo oggol yahay inay kaydiyaan qashinka asaasiga ah tusaha shaqada ee hadda.
  • Nashqada ARM64 waxay isticmaashaa awooda lagu galo dawlado shaqo la'aan qoto dheer, oo laga heli karo Apple M1/M2 chips, si loo badbaadiyo awooda loona hirgaliyo qaabka heeganka.
  • Waxaa lagu daray ilaalinta ka-hortagga dayacanka Zenbleed ee soo-saareyaasha AMD.
  • Taageerada la wanaajiyay ee nidaamyada multiprocessor (SMP). Shaqada arprequest() , koodhka habaynta xidhmooyinka ARP ee soo galaya, iyo hirgelinta ogaanshaha deris ee xidhmada IPv6 waa laga xoreeyay xannibaadda.
  • Isku xirka miiska isku xirka pfsync baakadda shaandhada ayaa dib loo qoray si loo hagaajiyo maaraynta qufullada iyo waafaqid shaqada mustaqbalka ee isbarbardhigga xirmooyinka shabakadda.
  • Hirgelinta qaab-dhismeedka drm (Maareeyaha Tooska ah ee Soo-bandhigidda) waxaa la jaan qaadayaa kernel-ka. Linux 6.1.55 (sii-deyntii hore: 6.1.15) Waxqabad wanaagsan oo ku saabsan nidaamyada leh processor-rada Intel oo ku salaysan naqshadaha yaryar ee Alder Lake iyo Raptor Lake.
  • Horumar ayaa lagu sameeyay VMM hypervisor. Taageerada qaabka badan ee loo adeegsado aaladaha block iyo network virtio ayaa lagu hirgeliyay vmd. Taageerada vector I/O ee qaabka eber-nuqulka ah ayaa lagu daray qalabka block virtio. Helitaanka nidaamka martida ee hababka p-state processor-ka AMD waa la xaddiday. Milkiilayaasha mashiinno dalwaddeed Waxaa loo oggol yahay in lagu beddelo kernel boot iyada oo loo marayo vmctl.
  • Waxaa lagu daray fayl madax cusub uchar.h oo wata noocyada char32_t iyo char16_t, iyo hawlaha c32rtomb(), mbrtoc32(), c16rtomb() iyo mbrtoc16() lagu qeexay heerka C11.
  • Ikhtiyaarka "D" ee lagu daray shaqada malloc si loo ogaado qulqulka xusuusta iyadoo la isticmaalayo ktrace ("MALLOC_OPTIONS=D ktrace -tu program") iyo kdump ("kdump -u malloc...").
  • Samaynta utility ayaa ku dartay taageerada doorsoomaha ${.VARIABLES} si loo muujiyo magacyada dhammaan doorsoomayaasha caalamiga ah.
  • Waxaa lagu daray "-u" ikhtiyaar si loo kdump utility si loo doorto dhibcaha raadraaca iyadoo lagu calaamadiyay sumadda.
  • Lagu daray "--size-only" iyo "--ignore-times" fursadaha utility openrsync.
  • Taageerada bakhtiyaanasiibka random ayaa lagu daray cron iyo crontab marka la qeexayo kala duwanaanta qiyamka leh tallaabo la bixiyay, taas oo kuu ogolaaneysa inaad ka fogaato codsiyada isku mar ah ee kheyraadka mashiinnada kala duwan ee leh xeerar isku mid ah cron. Tusaale ahaan, ku qeexida "0 ~ 59/30" ama "~/30" goobta daqidadu waxay keenaysaa in amarku socdo laba jeer saacadiiba wakhtiyo aan kala sooc lahayn oo isdaba joog ah.
  • Utility wsconsctl wuxuu ku daray awooda khariidad ee badhamada si loogu cadaadiyo laba ama saddex farood oo gujis ah.
  • Taageero lagu daray qalab cusub oo lagu daray darawallo cusub.
  • Ku rakibida nidaamyada leh armv7 iyo arm64 soo-saareyaal.
  • Taageero lagu daray soo dejinta faylalka Qaybta Nidaamka EFI.
  • Rakibahu waxa uu hagaajiyay taageerada software RAID (softraid). Waxaa lagu daray awoodda lagu meeleeyo qaybta xididka softraid ee nidaamka riscv64 iyo arm64. Softraid ayaa lagu daray ramdisk ee dhismaha powerpc64 Xagga arm64, taageerada Encryption Disk-ga la hagayo ayaa la hirgeliyay.
  • Shaqada malloc ayaa lagu daray si loo hubiyo dhammaan baloogyada ku jira liiska meelaynta xusuusta ee dib loo dhigay si loo ogaado xaaladaha qorista ee aagga xusuusta ee xorta ah.
  • Amarka xirida hadda wuxuu u baahan yahay isticmaaluhu in lagu daro "_shutdown" kooxda, taasoo u oggolaanaysa maamulka inuu xiro oo si toos ah uga akhriyo aaladaha diskooga si loo kala saaro.
  • Isticmaalka wicitaanka nidaamka daah-furka, utility balastarku wuxuu ku xaddidan yahay gelitaanka tusaha hadda jira oo keliya, tusaha ka kooban faylal ku-meel-gaar ah, iyo faylasha ku taxan khadka taliska.
  • Waxaa lagu daray sysctl net.inet6.icmp6.nd6_queued si loo muujiyo tirada baakadaha sugaya jawaabta ND6 (oo la mid ah ARP).
  • Marka aad dejinayso ciwaanka IPv6 ee isku xidhka shabakada, ogaysiis ayaa loo diraa jiheeyayaasha dariska ah iyada oo la isticmaalayo ciwaan badan.
  • Waxaa lagu daray taageerada bilowga ah ee TSO (TCP Segmentation Offload) iyo LRO (TCP Large Receive Offload) ee habaynta qaybta iyo isu geynta baakidhyada dhinaca NIC.
  • Rarista xeerarka shaandhada PF-ga ee kernel-ka iyadoo la adeegsanayo utility pfctl waa la dedejiyay. Hawl qabad ee "keep state" iyo "nat-to" ee fariimaha khaladka ah ee lagu soo celiyay ICMP.
  • Xisaabinta naafada ee jeegaga IP, TCP iyo UDP ee isku xidhka dib-u-celinta
  • Taageerada bilowga ah ee lagu daray VPN IPsec oo ku salaysan wadada.
  • Taageerada Flowspec ayaa lagu daray bgpd (RFC5575, hadda kaliya sharciyada socodka xayeysiinta ayaa la taageeray). Dhaqangelinta ASPA (Ogolaanshaha Bixiyaha Madaxa-bannaan) ayaa la keenay si waafaqsan qabyo-qoraalka-ietf-sirops-aspa-verification-16 iyo qoraal-ietf-sirops-aspa-profile-16 tafatirka, waxaana loo beddelay isticmaalka AFI (Cinwaanka). Qoyska) Tusiyaha miisaska eegida madax banaan).
  • Waxqabadka rpki-macmiilka ayaa lagu kordhiyey 30-50%. Taageero lagu daray gzip iyo isku-buufinta.
  • La cusboonaysiiyay xirmooyinka LibreSSL iyo OpenSSH. Si aad u hesho dulmar faahfaahsan oo ku saabsan hagaajinta, eeg faallooyinka LibreSSL 3.8.0, OpenSSH 9.4 iyo OpenSSH 9.5.
  • Tirada dekedaha ee naqshadaha AMD64 waxay ahaayeen 11845 (laga bilaabo 11764), aarch64 - 11508 (laga bilaabo 11561), i386 - 10603 (laga bilaabo 10572). Waxaa ka mid ah noocyada codsiga ee dekedaha:
    • Xiddigga 16.30.1, 18.19.0b, 20.4.0
    • Audacity 3.3.3
    • Samee 3.27.5
    • Chromium 117.0.5938.149
    • Emacs 29.1
    • FFmpeg 4.4.4
    • GCC 8.4.0 iyo 11.2.0
    • GHC 9.2.7
    • GNOME 44
    • Tag 1.21.1
    • JDK 8u382, 11.0.20 iyo 17.0.8
    • Codsiyada KDE 23.08.0
    • Qaab-dhismeedka KDE 5.110.0
    • Krita 5.1.5
    • LLVM/ Clang 13.0.0 iyo 16.0.6
    • LibreOffice 7.6.2.1
    • Lua 5.1.5, 5.2.4, 5.3.6 iyo 5.4.6
    • MariaDB 10.9.6
    • Daanyeer 6.12.0.199
    • Mozilla Firefox 118.0.1 iyo ESR 115.3.1
    • Mozilla Thunderbird 115.3.1
    • Mutt 2.2.12 iyo NeoMutt 20230517
    • Node. 18.18.0
    • FurLDAP 2.6.6
    • PHP 7.4.33, 8.0.30, 8.1.24 iyo 8.2.11
    • Dib u hagaajinta 3.7.3
    • PostgreSQL 15.4
    • Python 2.7.18, 3.9.18, 3.10.13 iyo 3.11.5
    • Qt 5.15.10 iyo 6.5.2
    • R 4.2.3
    • Ruby 3.0.6, 3.1.4 iyo 3.2.2
    • Miridhku 1.72.1
    • SQLite 3.42.0
    • Shotcut 23.07.29
    • Sudo 1.9.14.2
    • Meerkat 6.0.12
    • Tcl/Tk 8.5.19 iyo 8.6.13
    • TeX Live 2022
    • Vim 9.0.1897 iyo Neovim 0.9.1
    • Xfce 4.18
  • Qaybaha saddexaad ee la cusboonaysiiyay oo ay ku jiraan OpenBSD 7.3:
    • Xirmooyinka sawirada Xenocara oo ku salaysan X.Org 7.7 oo leh xserver 21.1.8 + patches, freetype 2.13.0, fontconfig 2.14.2, Mesa 22.3.7, xterm 378, xkeyboard-config 2.20, fonttosfnt 1.2.2.
    • LLVM/ Clang 13.0.0 (+ balastar)
    • GCC 4.2.1 (+ balastar) iyo 3.3.6 (+ balastar)
    • Perl 5.36.1 (+ balastar)
    • NSD 4.7.0
    • Furan 1.18
    • Nacalada 5.7
    • Binutils 2.17 (+ balastar)
    • Gdb 6.3 (+ balastar)
    • Awk 12.9.2023/XNUMX/XNUMX
    • Bixinta 2.5.0.

Source: opennet.ru

U soo iibso martigelin lagu kalsoonaan karo oo loogu talagalay bogagga leh ilaalinta DDoS, VPS VDS servers 🔥 Iibso martigelin degel oo lagu kalsoonaan karo oo leh ilaalinta DDoS, VPS VDS servers | ProHoster