ProHoster > Блог > izindaba ze-inthanethi > Ukukhishwa kwe-OpenBSD 7.7

Ukukhishwa kwe-OpenBSD 7.7

Ukukhishwa kwesistimu yokusebenza yamahhala efana ne-UNIX i-OpenBSD 7.7 kwethulwa. Iphrojekthi ye-OpenBSD yasungulwa ngu-Theo de Raadt ngo-1995 ngemva kokungqubuzana nabathuthukisi be-NetBSD, okubangele ukuthi u-Theo anqatshelwe ukufinyelela endaweni yokugcina ye-NetBSD CVS. Ngemuva kwalokhu, u-Theo de Raadt kanye neqembu labantu abanomqondo ofanayo bakha uhlelo olusha lokusebenza oluvulekile olusekelwe esihlahleni somthombo we-NetBSD, izinhloso eziyinhloko zokuthuthuka okwakuwukuphatheka (izingxenyekazi ze-hardware eziyi-13 zisekelwa), ukumisa, ukusebenza okulungile, ukuphepha okuqinile. kanye namathuluzi ahlanganisiwe we-cryptographic. Isithombe esigcwele sokufakwa kwe-ISO sesistimu eyisisekelo ye-OpenBSD 7.7 ngu-746 MB.

Ngaphezu kwesistimu yokusebenza ngokwayo, iphrojekthi ye-OpenBSD yaziwa ngezingxenye zayo, eziye zanda kakhulu kwezinye izinhlelo futhi ziye zazibonakalisa njengenye yezixazululo eziphephile nezisezingeni eliphezulu. Phakathi kwazo: I-LibreSSL (imfoloko ye-OpenSSL), i-OpenSSH, isihlungi sephakethe le-PF, i-OpenBGPD ne-OpenOSPFD amadaemoni omzila, iseva ye-OpenNTPD NTP, iseva yeposi ye-OpenSMTPD, i-text terminal multiplexer (efana nesikrini se-GNU) tmux, i-daemon ekhonjiwe esebenzisa iphrothokholi ye-IDENT, enye indlela ye-BSDL Iphakheji ye-GNU groff - i-mandoc, iphrothokholi yokuhlela amasistimu abekezelela amaphutha i-CARP (Iphrothokholi Yekheli Elivamile Elibomvu), iseva engasindi ye-http, insiza yokuvumelanisa ifayela ye-OpenRSYNC.

Izinguquko eziyinhloko:

  • Ukuqaliswa kohlaka lwe-drm (Direct Rendering Manager) luvunyelaniswa ne-Linux kernel 6.12.21 (ekukhishweni kwangaphambilini - 6.6.52). Umshayeli we-inteldrm usebenzisa usekelo lwe-GPU esetshenziswa kuma-Intel processors asekelwe ku-Arrow Lake microarchitecture. Umshayeli we-amdgpu ubuyekeziwe ukuze asekele i-Ryzen AI 300 (Strix Point, Strix Halo, Krackan Point) kanye ne-Radeon RX 9070 (Navi 48) GPUs.
  • Imbobo yokwakheka kwe-ARM64 isebenzisa usekelo lwesethi yemiyalo yeVector ye-SVE ​​(Scalable Vector Extension). Kumasistimu anama-chips e-Apple M1 ARM, izifunda zokusetshenziswa kwamandla ziyasethwa. Endleleni yokwenziwa kwemephu yekhasi lememori ebonakalayo (i-pmmap), ukusebenza kokugudluzwa kwebhafa ebheke eceleni kokuhumusha (i-TLB) kuthuthukisiwe, okusheshise ukuqaliswa kokuhlolwa kokuhlanganisa i-kernel cishe ngo-5%. Kuzingxenyekazi zekhompuyutha ezisekela i-QARMA3 cipher, Ikhodi Yesikhombi Sokuqinisekisa (i-PAC) inikwe amandla ukuze kuvikelwe isikhala somsebenzisi.
  • Kuzinhlelo ze-x86_64, ukusekelwa kwendlela ye-AMD SEV (Secure Encrypted Virtualization), esetshenziswa ezinhlelweni ze-virtualization zokuvikela, kusetshenziswe ezinhlelweni zezivakashi ezisebenzisa i-QEMU. imishini ebonakalayo Kusukela ekuphazamisekeni yi-hypervisor noma umphathi wesistimu yokusingatha. Umyalo wokulayisha i-firmware ku-chip ungeziwe kumshayeli we-PSP osetshenziselwa ukumisa nokuqalisa izinhlelo zezivakashi nge-AMD SEV evuliwe.
  • Kuzinhlelo ze-x86_64, ikhono lokwaba izindawo zememori ezinkulu kuno-4 GB we-DMA lengeziwe.
  • Ukusekelwa okuthuthukisiwe kwe-RISC-V, Sparc64, HPPA, i386 ne-Powerpc64 yezakhiwo.
  • Ukuphathwa okuthuthukisiwe kwezimo zokuphuma kwenkumbulo (OOM).
  • Indlela yokulandelela i-ptrace ithuthukisiwe ukuze ivumele ukusetha izindawo zokunqamuka kuzinqubo ezinemicu eminingi kusilungisi sephutha se-gdb. Kungezwe imiyalo yokufunda nokubhala indawo lapho inqubo egadiwe ilondoloza isimo sokucubungula lapho kusetshenziswa imiyalelo ye-XSAVE.
  • Ukusekelwa kokwakhiwa kwemigqa eminingi kwengezwe emibhalweni ye-BT (BPFtrace noma Ukulandela Iziphazamisi) esetshenziswa ohlelweni lokulandelela i-btrace. Amaphrofayili engeziwe kanye nokuqamba isikhawu sesikhathi (hz, us, ms, s) kwengezwe kunsizakalo ye-btrace.
  • Kwengezwe ipharamitha ye-sysctl kern.audio.kbdcontrol, uma isethwe ku-0, okhiye bokulawula ivolumu ye-multimedia kukhibhodi bazophathwa njengokhiye abajwayelekile.
  • Ukuphathwa kokuphahlazeka okuthuthukisiwe nokuhlola okunwetshiwe lapho ushintshela kumamodi okulala nawokulinda.
  • Isetshenzwe kabusha ikhodi ukuze kumiswe izinqubo lapho isignali yamukelwe, okuxazulule izinkinga ngokumisa izinqubo ezinezintambo eziningi ezivele kumaphakheji afana ne-golang ne-mpv.
  • Ukusekelwa okuthuthukisiwe kwezinhlelo ze-multiprocessor (SMP). Izibali zesikhathi ze-TCP nezokukhiphayo manje sezinikwe amandla ukuze zisebenze ngokuhambisana, futhi izingcingo zesistimu ze-send() ne-recv() manje sezilungiselelwe ukusebenzisa ukukhiya okwabiwe. Imicu eminingi yabasebenzisi manje ingasebenza kumasokhethi ahlukene ngokuhambisana, futhi okukhiphayo kwe-TCP akusavimbeli ukucutshungulwa kwephakethe le-IP.

    Amakholi esistimu avuliwe, i-openat, i-ptsignal, i-psignal ne-prsignal, kanye ne-kern.timeout_stats, kern.allowkmem, kern.video.record, net.inet.gre.allow, net.inet.gre.wccp, kern.global_ptrace, kern.wxabort, i-kernmactss ikhululiwe. ukukhiya. Izishayeli ze-psp, wsmouse kanye ne-wstpad, kanye nesakhiwo se-video_filtops, kudluliselwe esigabeni se-mp-safe.

  • I-VMM hypervisor isebenzise amandla okusebenzisa i-acpipci ukunamathisela amabhasi e-PCI.
  • Kunikezwe amandla okuchaza enye inqubomgomo yokusebenza (perfpolicy) ezosetshenziswa uma isistimu isebenza ngamandla ebhethri.
  • Umyalo we-sysctl manje unenketho ethi "-f file" yokulayisha zonke izilungiselelo efayelini ngesikhathi esisodwa. Kumibhalo ye-rc, inketho entsha isetshenziselwa ukulayisha i-sysctl.conf iyonke, esikhundleni sokuyihlukanisa ngomugqa.
  • Umyalo we-pkg_add usebenzisa ucingo oluya ku-ldconfig uma uhlu lwemitapo yolwazi eyabelwe lushintshile ngenxa yokufakwa kwamaphakheji amasha.
  • Kwengezwe usekelo lwehadiwe entsha. Ukusekelwa okuthuthukisiwe kwe-MediaTek ne-Qualcomm Snapdragon SoCs (kuhlanganise ne-X Elite). Ukusekelwa okuthuthukisiwe kwe-Samsung Galaxy Book4 Edge, ThinkPad T14 Gen 5, Vivobook, ThinkPad X1 Nano Gen 2, ThinkPad X13, kanye nama-Chromebook ahlukahlukene. Kwengezwe umshayeli weqhwa we-Intel E810 Ethernet 1Gb/10Gb/25Gb/50Gb/100Gb kanye nomshayeli we-ixv we-Intel Ethernet 82598EB, 82559 kanye ne-X540 imisebenzi ebonakalayo. Umsebenzi wokuhambisa imisebenzi yenethiwekhi ohlangothini lwekhadi lenethiwekhi uqhubekile.
  • I-Sysupgrade inemodi yokubuyekeza amasistimu ungaxhunyiwe ku-inthanethi kusetshenziswa amaphakheji agcinwe ohlelweni lwamafayela wendawo.
  • Insiza ye-fw_update ibuyekeziwe ukuze ivumele ukulanda (hhayi ukufaka) i-firmware njengomsebenzisi ojwayelekile ngaphandle kwamalungelo ezimpande. Kwengezwe ifulegi elithi "-l" ukuze kufakwe uhlu lwabashayeli namafayela.
  • Inqubo ye-sshd-auth inokuvikelwa ekuxhashazweni kobungozi okunikwe amandla, ngokusekelwe ekuxhumeni kabusha okungahleliwe kwefayela elisebenzisekayo ekuqaliseni kwesistimu ngayinye (ukuxhuma kabusha). Ikhodi ehlanganisiwe yenza ukulungisa okusebenzayo kungabikezeleki, okwenza kube nzima kakhulu ukudala ukuxhashazwa okusebenzisa amasu okuhlela agxile ekubuyiseleni.
  • Inqubo ekhweziwe ihlukaniswe kusetshenziswa ikholi yesistimu yokuvula.
  • Isitaki senethiwekhi sisebenzisa usekelo lwamasokhethi e-AF_FRAME kanye nomndeni wephrothokholi ye-IFT_ETHER, okuvumela izinhlelo zokusebenza ukuthi zithumele futhi zamukele ozimele be-Ethernet. Indlela entsha ye-hashing isetshenziswe kumaphakethe aphumayo e-UDP ne-TCP, ethuthukise ukusatshalaliswa kwethrafikhi kuyo yonke imigqa futhi ngokuphawulekayo (~20%) yasheshisa ukuthunyelwa kwe-UDP ye-IPv4/IPv6 kanye ne-TCP ye-IPv6. Idivayisi ye-tun ine-TUNSCAP ioctl esetshenzisiwe futhi ukusebenzisana phakathi kwe-kernel nesikhala somsebenzisi kuthuthukisiwe. Inqolobane yomzila ehlukile yokugeleza ngakunye isetshenzisiwe. Umshayeli we-vio unemodi ye-multiqueue enikwe amandla.
  • Insiza ye-pfctl ivumela ukuxhumana kwenethiwekhi kanye nolayini ukuthi balungiselelwe ngokuphuma okungaphezulu kwe-4Gbit.
  • Ku-iked, ukuqaliswa kwephrothokholi ye-IKEv2 ye-IPsec, inketho ethi "natt" yengeziwe ukuze kuphoqelelwe ukusetshenziswa kwe-nat-t.
  • I-Relayd, inqubo yangemuva yokuqondisa kabusha nokulinganisa izicelo, manje isekela uhlangothi lwamakhasimende Izitifiketi ze-TLS.
  • Ithuluzi lokulinganisa ukusebenza kwenethiwekhi i-tcpbench yengeze ukwesekwa kwe-TLS.
  • I-bgpd isebenzisa usekelo lwe-RFC 8654 (Umlayezo Onwetshiwe we-BGP), i-RFC 8538 (Umlayezo Wesaziso se-BGP), inketho "yokwenqaba njengokusethiwe" inikwe amandla ngokuzenzakalelayo, futhi i-Adj-RIB-Out caching inikeziwe.
  • I-LibreSSL 4.1.0 ingeza ukusekelwa kokuhlolwa kwezakhiwo ze-loongarch64, inikezela ngokusetshenziswa okusha komhlanganisi we-SHA-1, SHA-256, kanye ne-SHA-512 algorithms yezakhiwo ze-amd64 (kusetshenziswa i-SHA-NI isiyalo), ukuqaliswa okusha komhlanganisi we-SHA-256 (ukusebenzisa isandiso se-ASHA-512), ukusetshenziswa kwe-sim64 ye-sim5 Ukuqaliswa kwe-MD64 ye-amd768, kunikeza ukugcinwa kunqolobane kohlu lwezitifiketi ezihoxisiwe (ama-CRL), futhi kuthuthwe ukuqaliswa kwe-ML-KEM 1024 kanye no-XNUMX kusuka ku-BoringSSL.
  • I-OpenSSH ibuyekeziwe. Uhlu lwezinguquko lungatholakala esimemezelweni se-OpenSSH 10 (ukusekelwa kwesiginesha yedijithali ye-DSA kususiwe, imisebenzi yokuqinisekisa ihlukaniswe yaba inqubo ehlukile ye-sshd-auth, kanye ne-algorithm yokushintshanisa kokhiye oyi-hybrid “mlkem768x25519-sha256” isetshenziswa ngokuzenzakalelayo).
  • Inombolo yamachweba okwakhiwa kwe-AMD64 yayiyi-12593 (yayingu-12312), ye-aarch64 - 12446 (yayiyi-12148), ye-i386 - 10429 (yayingu-10534). Phakathi kwezinguqulo zezinhlelo zokusebenza kumachweba:
    • Inkanyezi 16.30.1, 18.26.1, 20.13.0 kanye no-22.3.0
    • I-Audacity 3.7.3
    • I-CMake 3.31.6
    • I-Chromium 135.0.7049.52
    • I-Emacs 30.1
    • FFmpeg 6.1.2
    • I-GCC 8.4.0 kanye ne-11.2.0
    • I-GNOME 47
    • Iya ku-1.24.1
    • JDK 8u442, 11.0.26, 17.0.14 kanye 21.0.6
    • Amagiya e-KDE 24.12.3
    • I-KDE Frameworks 6.12.0
    • I-KDE Plasma 6.3.3
    • I-Krita 5.2.9
    • LLVM/Clang 13.0.0, 16.0.6, 18.1.8, 19.1.7
    • LibreOffice 25.2.1.2
    • Lua 5.1.5, 5.2.4, 5.3.6, 5.4.7
    • UMariaDB 11.4.5
    • IMono 6.12.0.199
    • I-Mozilla Firefox 137.0 kanye ne-ESR 128.9.0
    • IMozilla Thunderbird 128.9.0
    • I-Mutt 2.2.14 kanye ne-NeoMutt 20250113
    • I-Node.js 22.14.0
    • I-OpenLDAP 2.6.9
    • I-PHP 8.2.28, 8.3.19 kanye ne-8.4.5
    • I-Postfix 3.10.1
    • I-PostgreSQL 17.4
    • I-Python 2.7.18 kanye ne-3.12.9
    • Qt 5.15.16 (+ iziqephu ezivela kuphrojekthi ye-KDE) kanye 6.8.2
    • I-Ruby 3.2.8, 3.3.7, 3.4.2
    • Ukugqwala 1.86.0
    • I-SQLite 3.49.1
    • I-Shotcut 25.01.25
    • I-Sudo 1.9.16p1
    • I-Meerkat 7.0.7
    • Tcl/Tk 8.5.19 kanye 8.6.16
    • I-Vim 9.1.1265 kanye ne-Neovim 0.10.4
    • I-Xfce 4.20.0
  • Izingxenye ezibuyekeziwe zezinkampani zangaphandle ezifakwe ne-OpenBSD 7.7:
    • Isitaki sezithombe ze-Xenocara esisekelwe ku-X.Org 7.7 ene-xserver 21.1.16 + amapeshi, i-freetype 2.13.3, fontconfig 2.15.0, Mesa 23.3.6, xterm 395, xkeyboard-config 2.20, fonttosfnt 1.2.4.
    • I-LLVM/Clang 16.0.6 (+ iziqephu)
    • I-GCC 4.2.1 (+ iziqephu) kanye no-3.3.6 (+ iziqephu)
    • I-Perl 5.40.1 (+ iziqephu)
    • I-NSD 4.9.1
    • Ukukhulula 1.22.0
    • Abahlengikazi 6.4
    • I-Binutils 2.17 (+ iziqephu)
    • I-Gdb 6.3 (+ iziqephu)
    • Awk 20250116/XNUMX/XNUMX
    • Expat 2.7.1
    • zlib 1.3.1 (+ iziqephu)

Source: opennet.ru

Engeza amazwana