ProHoster > Ibhulogi > iindaba ze-intanethi > Ukukhutshwa kokusasazwa kweRed Hat Enterprise Linux 8.9

Ukukhutshwa kokusasazwa kweRed Hat Enterprise Linux 8.9

Emva kokukhululwa kweRed Hat Enterprise Linux I-9.3, uhlaziyo lwesebe langaphambili leRed Hat Enterprise, ipapashwe. Linux 8.9, egcinwa ihambelana nesebe le-RHEL 9.x kwaye iya kuxhaswa ubuncinane kude kube ngu-2029. Ulwakhiwo lokufakelwa lulungiselelwe uyilo lwe-x86_64, s390x (IBM System z), ppc64le kunye ne-Aarch64, kodwa lufumaneka ukuze lukhutshelwe kuphela kubasebenzisi ababhalisiweyo beRed Hat Customer Portal (imifanekiso ye-ISO ingasetyenziswa. CentOS Sakaza i-9 kunye nezakhiwo ze-RHEL zasimahla zabaphuhlisi).

Njengakwisebe le-RHEL 9, ikhowudi yomthombo yeepakethe ze-RHEL 8 RPM ayisasasazwa esidlangalaleni nge-Git repository. CentOS, kodwa zihlala zifikeleleka kubathengi benkampani ngecandelo elivaliweyo lewebhusayithi, eliphantsi kwesivumelwano somsebenzisi (i-EULA) esithintela ukusasazwa kwedatha kwakhona. Ikhowudi yomthombo inokufumaneka kwindawo yokugcina idatha. CentOS Isasazwa, kodwa ayihambelani ngokupheleleyo ne-RHEL kwaye ayisoloko ineenguqulelo zamva nje zeepakeji ezifanayo nezo zikwi-RHEL. Rocky Linux, i-Oracle kunye ne-SUSE zidibene kwaye ngoku ziphinda zivelise ikhowudi yomthombo weephakheji ze-RHEL release rpm njengenxalenye yeprojekthi ye-OpenELA. AlmaLinux itshintshelwe ekusebenziseni indawo yokugcina izinto CentOS Ukusasaza kuvumela umahluko omncinci kwindlela yokuziphatha (kunokwahluka kwinqanaba leepatches ngazinye), kodwa kugcina ukuhambelana kwebinary kwinqanaba le-ABI.

Ukulungiselela ukukhutshwa kweRed Hat Enterprise entsha Linux I-8.x ilandela umjikelo wophuhliso kunye nokukhutshwa rhoqo kwiinyanga ezintandathu ngamaxesha amiselweyo. Kude kube ngu-2024, isebe le-8.x liya kuxhaswa ngokupheleleyo, kuquka ukuphuculwa kokusebenza. Emva koko, liya kutshintshela kulondolozo, apho ingqwalasela iya kutshintshela ekulungisweni kweempazamo kunye nokhuseleko, kunye nophuculo oluncinci olunxulumene nenkxaso yeenkqubo ezibalulekileyo zehardware.

Utshintsho oluphambili:

  • Ukwakhiwa kubandakanya iinguqulelo ezintsha zabaqulunqi kunye nezixhobo zabaphuhlisi: GCC Toolset 13, LLVM Toolset 16.0.6, Rust Toolset 1.71.1, Go Toolset 1.20.10, Node.js 20, Valgrind 3.21, SystemTap 4.9 elfu0.189 java. I-21 -openjdk (i-java-17-openjdk, i-java-11-openjdk kunye ne-java-1.8.0-openjdk nayo iyaqhubeka nokuthunyelwa).
  • Iseva ehlaziyiweyo kunye neephakheji zenkqubo: samba 4.18.4, 389-ds-base 1.4.3.35, OpenSCAP 1.3.8, Grafana 9.2.10, opencryptoki 3.21.0, iproute 6.2.0, libnftnl 1.2.2, makedumpfile1.7.2, 4.6. IPodman XNUMX.
  • Inkxaso yokuqalisa kwimowudi ye-UEFI yongezwe kwimifanekiso ye-AMI ye-AWS EC2 yeemeko zelifu.
  • I-"inst.wait_for_disks" ipharamitha yongezwe kwiindibano zokuhlohla, ezichaza ixesha lokulinda lefayile yokukhaba ukuba ilayishe okanye ukuba abaqhubi balungele ngexesha lenkqubo yokuqalisa.
  • Kwiifayile ze-kickstart, ukhetho olutsha "--ipv4-dns-search" kunye "--ipv6-dns-search" longezwe kumyalelo wenethiwekhi ukuze kusekwe isiseko iidomeyini kwisikhokelo "sokukhangela" kwi /etc/resolv.conf, kunye neenketho ze-"--ipv4-ignore-auto-dns" kunye ne-"--ipv6-ignore-auto-dns" zokungahoyi ukubuyisa useto lwe-DNS nge-DHCP.
  • Ukwenza lula iingxaki debugging, inkonzo fapolicyd yongeze ugqithiso amanani umthetho iminxeba yaliwe ukuya fanotify API.
  • I-ANSI-BP-028 (i-Arhente yeSizwe yaseFransi yoKhuseleko lweeNkqubo zoLwazi) iiprofayili zokhuseleko zihlaziywe kwi-version 2.0.
  • Inkxaso yeziganeko ze-FANOTIFY zongezwa kwizixhobo zophicotho-zincwadi kunye nemimandla ye-fan_type (uhlobo lomcimbi), i-fan_info (ulwazi olunxulumeneyo), i-sub_trust kunye ne-obj_trust (amanqanaba okuthemba kwisifundo kunye nenjongo yesiganeko) zigcinwe kwilog.
  • I-Postfix ngoku inako ukujonga iirekhodi ze-DNS SRV ukuze ibone umphathi kunye nezibuko zeseva yeposi. umncedisi, eza kusetyenziselwa ukudlulisa imiyalezo. Olu phawu lucetywayo lungasetyenziswa kwiziseko zophuhliso ezisebenzisa iinkonzo ezineenombolo zezibuko zenethiwekhi ezabelwe ngokuguquguqukayo ukuhambisa imiyalezo ye-imeyile.
  • Umncedisi we FTP vsftpd uxhasa ukusetyenziswa kwe TLS 1.3 protocol.
  • Iphakheji yezihluzi zeekomityi yongeza i-LF-to-CRLF umqhubi enokusetyenziselwa ukuguqula "\n" (ifidi yomgca) abasebenzi ukuya kwi "\r\n" (ikhareji yokubuyisela kunye nomgca wokutya) abashicileli abaxhasa kuphela ifayile- isiphelo semigca yokuqhuba "\r\n".
  • Ukhuseleko lwemimiselo yenkonzo ye-nftables engagqibekanga yomeleziwe. I /etc/sysconfig/nftables/nat.nft ruleset iquka ikhonkco elitsha le-do_masquerade elijonga inqanaba le-randomization yamanani ezibuko lomthombo ukunciphisa umngcipheko wokuhlaselwa kwe-Port Shadows (CVE-2021-3773).
  • I-NetworkManager ngoku ixhasa ukhetho "olungekho-aaaa" kwi-resolv.conf, oluye lukhubaze imibuzo ye-DNS kwiirekhodi ze-AAAA (isisombululo sedilesi ye-IPv6 sisekelwe kwigama lomninimzi). Isixhobo se-nm-cloud-setup ngoku sixhasa uqwalaselo lwe-AWS Red Hat Enterprise. Linux I-EC2 isebenzisa iithokheni ze-IMDSv2 (Instance Metadata Service Version 2).
  • Ukukhusela uhlaselo lweSpecter v2 olunxulumene nokuphunyezwa okuqikelelwayo kwemiyalelo, imowudi ye-AutoIBRS (I-AutoIBRS (i-Automatic Indirect Branch Restricted Restricted) imowudi yongezwe, ixhaswa kwii-AMD CPUs eziqala nge-EPYC 9004 yentsapho yaseGenoa.
  • Ukusuka embindini Linux I-6.2 ifake umqhubi we-Intel QAT ngenkxaso yezixhobo ze-Intel Quick Assist Technology 401xx/402xx.
  • Kongezwe ukukwazi ukucacisa i-UUID xa kuyilwa inkqubo yefayile ye-GFS2 (umyalelo othi “-U” wongezwe kwinto eluncedo ye-mkfs.gfs2).
  • I-FUSE3 yongeza ukukwazi ukwenza kungasebenzi ungeno lolawulo ngaphandle kokuthoba ngokuzenzekelayo iindawo zokunyuka ezinxulumene nongeniso.
  • Izakhono zamaqela kunye neenkqubo zokunyamezela iimpazamo zandisiwe: Inkxaso yolawulo lomgaqo-nkqubo yongezwe kwii-arhente zezixhobo ze-cluster IPaddr2 kunye ne-IPsrcaddr. Inkxaso ye-EFS (i-Amazon Elastic File System) yongezwe kwi-ocf:heartbeat: Filesystem agent. Inkxaso ye-SNMPv3 protocol yongezwe kwi-alert_snmp.sh.sample agent.
  • Utshintsho longezwe kwi-Glibc ngokulungiswa kokuphucula ukusebenza kwiinkqubo ezine-Intel Xeon v5 CPUs.
  • Inkxaso epheleleyo yamakhadi emizobo ye-Intel Arc A-Series (i-Alchemist okanye i-DG2) inikezelwe.
  • Kongezwe indima yesistim yokulawula kunye nokufaka iiyunithi zesistim. Indima yenkqubo yongeziweyo yokufakela, ukuqwalasela, ukulawula nokusebenza kwe-PostgreSQL DBMS. Indima yenkqubo yongezwa kwi-keylime toolkit, eyenza lula ukucwangciswa kwe-Keylime registrar kunye ne-verifier, esetyenziselwa ukuqinisekisa ubunyani kunye nokubeka iliso ngokuqhubekayo ukunyaniseka kwenkqubo yangaphandle. Inkxaso yokuchaza, ukutshintsha kunye nokucima i-ipsets yongezwe kwindima yenkqubo yomlilo. Iindima zesistim yePodman, Kdump, Storage kunye neMicrosoft SQL Server zandisiwe.
  • Inkxaso eyongeziweyo yeefayile eziphambili ezisetyenziswe kwi-NetworkManager ukuya kwifu-init.
  • I-Podman yongeza inkxaso yezikhongozeli ezicinezelwe usebenzisa i-algorithm ye-zstd. Kongezwe amandla okusebenzisa iiQuadlets ukuvelisa ngokuzenzekelayo iinkonzo zenkqubo ukusuka kwiinkcazo zesikhongozeli. Iqokobhe le-podmansh elongeziweyo, elinokusetyenziswa endaweni ye/usr/bin/bash ukuqalisa iseshoni yomsebenzisi kwisikhongozeli. Iinguqulelo ezihlaziyiweyo zePodman, Buildah, Skopeo, crun and runc.
  • Kongezwe iparameters zomgca womyalelo wekernel entsha: gather_data_sampling ukulawula indlela yokhuseleko kuhlaselo lwe-GDS (Qokelela iSampulu yeDatha okanye Ukwehla kunye ne-rdrand ukufihla inkxaso yomyalelo weRDRAND.
  • Inkxaso yehardware eyandisiweyo. Kongezwe abaqhubi bezixhobo zenethiwekhi zeThunderbolt/USB4 (thunderbolt_net) kunye neeadaptha ezingenazingcingo zeBroadcom 802.11 (brcmfmac) ezibonelelweyo kwiinkqubo ze-ARM64. Kongezwe abaqhubi bezixhobo zeBluetooth zeMediaTek, iMicrosoft Azure Network Adapter IB (mana_ib), Linux Umqhubi weKlasi yeVidiyo ye-USB (uvc), i-AMD SoundWire (soundwire-amd), i-DisplayPort Alternate Mode (typec_displayport), i-Virtio-mem (virtio_mem). Inkxaso ephuculweyo yeeprosesa ze-Intel ezisekelwe kwi-microarchitecture yeMeteor Lake.
  • Inkxaso yomthengi iye yazinziswa kwi-sigstore i-cryptographic verification components: Rekor (i-log yokugcina imethadatha eqinisekisiweyo ngokusayinwa kwedijithali) kunye ne-Fulcio (inkqubo yamagunya okuqinisekisa (iingcambu ze-CAs) ezikhupha izatifikethi zexesha elifutshane).
  • Ukunikezelwa okuqhubekayo kovavanyo (I-Technology Preview) inkxaso ye-AF_XDP, i-XDP hardware offloading, i-Multipath TCP (MPTCP), i-MPLS (I-Multi-protocol Label Switching), i-DSA (i-data streaming accelerator), i-dracut, i-kexec fast reboot, i-nispor, i-DAX kwi-ext4 kunye i-xfs, i-systemd-isonjululwe, i-accel-config, igc, i-OverlayFS, i-Stratis, i-Software Guard Extensions (SGX), i-NVMe/TCP, i-DNSSEC, i-GNOME kwiinkqubo ze-ARM64 kunye ne-IBM Z, i-AMD SEV ye-KVM, i-Intel vGPU, i-Toolbox.

umthombo: opennet.ru

Thenga ukusingathwa okuthembekileyo kwiindawo ezinokhuseleko lweDDoS, iiseva zeVPS VDS 🔥 Thenga ukusingathwa kwewebhusayithi okuthembekileyo ngokhuseleko lwe-DDoS, iiseva zeVPS VDS | ProHoster