I-ProHoster > Блог > izindaba ze-inthanethi > Ukukhishwa kwe-FreeBSD 13.1

Ukukhishwa kwe-FreeBSD 13.1

Ngemuva konyaka wokuthuthuka, iFreeBSD 13.1 yakhululwa. Izithombe zokufaka ziyatholakala ku-amd64, i386, powerpc, powerpc64, powerpc64le, powerpcspe, armv6, armv7, aarch64 kanye ne-riscv64 architectures. Ukwengeza, imihlangano ilungiselelwe izinhlelo ze-virtualization (QCOW2, VHD, VMDK, eluhlaza) kanye nezindawo zamafu i-Amazon EC2, i-Google Compute Engine kanye ne-Vagrant.

Enguqulweni entsha:

  • Umshayeli we-iwlwifi uphakanyiselwe amakhadi angenantambo e-Intel asekelwa ama-chips amasha nezinga le-802.11ac. Umshayeli usekelwe kumshayeli we-Linux kanye nekhodi evela ku-net80211 Linux subsystem, esebenza ku-FreeBSD isebenzisa isendlalelo se-linuxkpi.
  • Ukuqaliswa kwesistimu yefayela le-ZFS kubuyekeziwe ukuze kukhishwe i-OpenZFS 2.1 ngokusekelwa kobuchwepheshe be-dRAID (Distributed Spare RAID) kanye nokuthuthukiswa kokusebenza okubalulekile.
  • I-rc script zfkeys entsha yengeziwe, ongahlela ngayo ukukhishwa kwemfihlo okuzenzakalelayo kokuhlukaniswa kwe-ZFS okubethelwe esigabeni sokuqala.
  • Isitaki senethiwekhi siguqule ukuziphatha kwamakheli e-IPv4 ngenombolo enguziro elandelanayo (xxx0), engasetshenziswa manje njengomsingathi futhi engasakazwa ngokuzenzakalela. Ukuziphatha okudala kungabuyiswa kusetshenziswa i-sysctl net.inet.ip.broadcast_lowest.
  • Okwezakhiwo ezingamabhithi angu-64, ukwakha isistimu eyisisekelo kusetshenziswa imodi ye-PIE (Position Independent Executable) kunikwe amandla ngokuzenzakalela. Ukuze ukhubaze, kunikezwa isilungiselelo esithi WITHOUT_PIE.
  • Kwengezwe ikhono lokushayela i-chroot ngenqubo engafanele nesethi yefulegi le-NO_NEW_PRIVS. Imodi inikwe amandla kusetshenziswa i-sysctl security.bsd.unprivileged_chroot. Inketho ka-"-n" yengezwe kusisetshenziswa se-chroot, esetha ifulegi le-NO_NEW_PRIVS lenqubo ngaphambi kokulihlukanisa.
  • Imodi yokuhlela ngokuzenzakalelayo kwezingxenye zediski yengezwe kusifaki se-bsdinstall, esikuvumela ukuthi uxhume imibhalo yokuhlukanisa esebenza ngaphandle kokungenelela komsebenzisi kumagama ediski ahlukene. Isici esihlongozwayo senza kube lula ukudalwa kwemidiya yokufaka esebenza ngokuzenzakalelayo yamasistimu nemishini ebonakalayo enamadiski ahlukene.
  • Usekelo lokuqalisa oluthuthukisiwe kumasistimu e-UEFI. I-bootloader inika amandla ukucushwa okuzenzakalelayo kwepharamitha ye-copy_staging kuye ngamakhono ekernel elayishiwe.
  • Umsebenzi wenziwe ukuze kuthuthukiswe ukusebenza kwe-bootloader, i-nvme, i-rtsold, ukuqalisa i-pseudo-random generator inombolo kanye nokulinganisa isikhathi, okuholele ekuncishisweni kwesikhathi sokuqalisa.
  • Ukwesekwa okwengeziwe kwe-NFS ngesiteshi sokuxhumana esibethelwe esisekelwe ku-TLS 1.3. Ukuqaliswa okusha kusebenzisa isitaki se-TLS esinikezwe i-kernel ukunika amandla ukusheshisa kwehadiwe. Yakha izinqubo ze-rpc.tlsclntd kanye ne-rpc.tlsservd ngeklayenti le-NFS-over-TLS nokusebenzisa iseva, enikwe amandla ngokuzenzakalela kuzakhiwo ze-amd64 ne-arm64.
  • Ku-NFSv4.1 kanye ne-4.2, inketho yokukhweza i-nconnect isetshenzisiwe, enquma inani loxhumo lwe-TCP olusungulwe neseva. Uxhumano lokuqala lusetshenziselwa imilayezo emincane ye-RPC, kanti okunye kusetshenziselwa ukulinganisa ithrafikhi nedatha edlulisiwe.
  • Kuseva ye-NFS, i-sysctl vfs.nfsd.srvmaxio yengeziwe, okukuvumela ukuthi uguqule usayizi webhulokhi we-I/O omkhulu (okuzenzakalelayo ngu-128Kb).
  • Ukusekelwa kwehadiwe okuthuthukisiwe. Usekelo lwesilawuli se-Intel I225 Ethernet sengeziwe kumshayeli we-igc. Usekelo oluthuthukisiwe lwamasistimu e-Big-endian. Kwengezwe umshayeli we-mgb wamadivayisi e-Microchip LAN7430 PCIe Gigabit Ethernet Ethernet isilawuli
  • Umshayeli weqhwa osetshenziselwa izilawuli ze-Intel E800 Ethernet ubuyekezelwe enguqulweni engu-1.34.2-k, manje ehlanganisa ukusekelwa kokubonisa imicimbi ye-firmware kulogi yesistimu kanye nokuqaliswa kokuqala kwezandiso zephrothokholi ye-DCB (Data center bridging).
  • Izithombe ze-Amazon EC2 zinikwe amandla ngokuzenzakalelayo ukuthi ziqalise usebenzisa i-UEFI esikhundleni se-BIOS.
  • I-hyve hypervisor ibuyekeze izingxenye zokulingisa amadrayivu e-NVMe ukuze isekele ukucaciswa kwe-NVMe 1.4. Kuxazululwe izinkinga nge-NVMe iovec phakathi ne-I/O ejulile.
  • Ilabhulali ye-CAM iguqulelwe ukuze isebenzise ikholi ye-realpath lapho icubungula amagama edivayisi, okuvumela izixhumanisi ezingokomfanekiso eziya kumadivayisi ukuthi zisetshenziswe kuzinsiza ze-camcontrol ne-smartctl. I-camcontrol ixazulula izinkinga ngokulanda i-firmware kumadivayisi.
  • Insiza ye-svnlite iyekile ukwakha kusistimu yesisekelo.
  • Izinguqulo ze-Linux ezingeziwe zezinsiza zokubala amasheke (md5sum, sha1sum, njll.) asetshenziswa ngokubiza izinsiza ezikhona ze-BSD (md5, sha1, njll.) ngenketho ethi “-r”.
  • Ukwesekwa kwabaphathi be-NCQ kungeziwe ensizeni ye-mpsutil futhi ulwazi mayelana ne-adaptha lubonisiwe.
  • Ku-/etc/defaults/rc.conf, ngokuzenzakalelayo, inketho ethi “-i” inikwa amandla uma kubizwa izinqubo ze-rtsol ne-rtsold, ezinesibopho sokuthumela imilayezo ye-ICMPv6 RS (I-Router Solicitation). Le nketho ikhubaza ukubambezeleka okungahleliwe ngaphambi kokuthumela umlayezo.
  • Ngezakhiwo ze-riscv64 kanye ne-riscv64sf, ukwakhiwa kwemitapo yolwazi nge-ASAN (i-sanitizer yekheli), i-UBSAN (I-Undefined Behavior Sanitizer), i-OpenMP kanye ne-OFED (I-Open Fabrics Enterprise Distribution) inikwe amandla.
  • Izinkinga ekutholeni izindlela zokusheshisa ihadiwe yokusebenza kwe-cryptographic esekelwe yi-ARMv7 kanye ne-ARM64 processors sezixazululiwe, okuye kwasheshisa kakhulu ukusebenza kwe-aes-256-gcm kanye ne-sha256 algorithms ezinhlelweni ze-ARM.
  • Ngokwakhiwa kwe-powerpc, iphakheji eyinhloko ihlanganisa isilungisi sephutha se-LLDB, esithuthukiswe iphrojekthi ye-LLVM.
  • Umtapo wezincwadi we-OpenSSL ubuyekezwe waba yinguqulo engu-1.1.1o futhi wanwetshwa ngokulungiselelwa kokuhlanganisa kwe-powerpc, powerpc64 kanye ne-powerpc64le architectures.
  • Iseva ye-SSH kanye neklayenti kubuyekezwe ku-OpenSSH 8.8p1 ngokusekelwa kwamasiginesha edijithali ye-rsa-sha kukhutshaziwe futhi kusekelwe ukuqinisekiswa kwezinto ezimbili kusetshenziswa amadivayisi asekelwe kuphrothokholi ye-FIDO/U2F. Ukuze uhlanganyele namadivayisi e-FIDO/U2F, izinhlobo ezintsha zokhiye ze-“ecdsa-sk” kanye ne-“ed25519-sk” zengezwe, ezisebenzisa i-ECDSA kanye ne-Ed25519 yesiginesha ye-algorithm yedijithali, kuhlanganiswe ne-SHA-256 hash.
  • Izinguqulo ezibuyekeziwe zezinhlelo zokusebenza zezinkampani zangaphandle ezifakwe kusistimu yesisekelo: awk 20210215 (namapeshi akhubaza ukusetshenziswa kwezindawo kububanzi futhi athuthukise ukuhambisana ne-gawk ne-mawk), zlib 1.2.12, libarchive 3.6.0.

Source: opennet.ru

Engeza amazwana