I-ProHoster > Блог > izindaba ze-inthanethi > Ukukhishwa kwe-OpenBSD 6.7

Ukukhishwa kwe-OpenBSD 6.7

Kuthunyelwe ngu- ukukhululwa kwesistimu yokusebenza efana ne-cross-platform ye-UNIX I-OpenBSD 6.7. Iphrojekthi ye-OpenBSD yasungulwa nguTheo de Raadt ngo-1995 ngemuva kwalokho ukungqubuzana nabathuthukisi be-NetBSD, ngenxa yalokho u-Teo enqatshelwe ukufinyelela inqolobane ye-NetBSD CVS. Ngemuva kwalokhu, u-Theo de Raadt kanye neqembu labantu abanomqondo ofanayo badala uhlelo olusha oluvulekile olusekelwe esihlahleni somthombo we-NetBSD, izinhloso eziyinhloko okwakuwukuphatheka (isekelwe ngu 12 izingxenyekazi zehadiwe), ukumisa, ukusebenza okulungile, ukuphepha okusebenzayo kanye namathuluzi ahlanganisiwe we-cryptographic. Usayizi wokufaka ogcwele Isithombe se-ISO I-OpenBSD 6.7 base system ingu-470 MB.

Ngaphezu kwesistimu yokusebenza ngokwayo, iphrojekthi ye-OpenBSD yaziwa ngezingxenye zayo, eziye zanda kakhulu kwezinye izinhlelo futhi ziye zazibonakalisa njengenye yezixazululo eziphephile nezisezingeni eliphezulu. Phakathi kwazo: Mahhala (imfoloko I-OpenSSL), I-OpenSSH, isihlungi sephakethe PF, amademoni ahambisa umzila I-OpenBGPD ne-OpenOSPFD, iseva ye-NTP I-OpenNTPD, iseva yemeyili I-OpenSMTPD, i-terminal multiplexer yombhalo (efana nesikrini se-GNU) I-tmux, daemon ikhonjiwe ngokuqaliswa kwephrothokholi ye-IDENT, enye indlela ye-BSDL kuphakheji ye-GNU groff - mandoc, umthetho olandelwayo wokuhlela izinhlelo ezibekezelela amaphutha i-CARP (I-Common Address Redundancy Protocol), engasindi iseva ye-http, insiza yokuvumelanisa ifayela I-OpenRSYNC.

main ukuthuthukiswa:

  • Isistimu yefayela ye-FFS2, esebenzisa isikhathi esingu-64-bit namanani ebhulokhi, inikwa amandla ngokuzenzakalela ekufakweni okusha cishe kwazo zonke izakhiwo ezisekelwayo esikhundleni se-FFS (ngaphandle kwe-landisk, luna88k, ne-sgi).
  • Indlela entsha yengeziwe ukuhlola ukufaneleka kwezingcingo zesistimu, okwenza kube nzima nakakhulu ukuxhashazwa kobungozi. Indlela ivumela amakholi wesistimu ukuthi enziwe kuphela uma efinyelelwa ezindaweni zememori ezibhaliswe ngaphambilini. Ucingo olusha lwesistimu lwe-msyscall() luphakanyiswe ukumaka izindawo zememori futhi luvule ukuvikela.
  • Inani lama-partitions angadalwa kudiski eyodwa linyusiwe lisuka ku-7 laya ku-15.
  • Ikhodi yokuhlaziya yenketho ye-cron ibhalwe kabusha ukuze kusekelwe izici ezifana ne-getopt ezifana ne-"-ns" nokuphinda kucaciswe amafulegi afanayo. Inkambu "yezinketho" ku-crontab iqanjwe kabusha ukuze ithi "amafulegi". Kwengezwe ifulegi elithi "-s" ku-crontab ukuze isenzakalo esisodwa kuphela somsebenzi siqhutshwe ngesikhathi. Kwengezwe u-opharetha "~" ukuze ucacise inani lesikhathi elingahleliwe.
  • Umphathi wewindi le-cwm usebenzisa ikhono lokunquma usayizi wewindi njengephesenti likasayizi wewindi eliyinhloko esakhiweni esinamathayela.
  • I-powerpc Architecture isishintshele ekusebenziseni i-Clang ngokuzenzakalelayo futhi yanika amandla ukuqaliswa okuzimele kwe-mplock kwe-architecture.
  • I-apmd ithuthukise ukusekelwa kokulinda okuzenzakalelayo kanye nokulala (-z/-Z) - i-daemon manje iphendula emilayezweni yokushintsha ukushajwa kwebhethri ethunyelwe umshayeli oqapha amandla. Ukushintshela kokulala kwenzeka ngokubambezeleka kwamasekhondi angu-60, okunikeza umsebenzisi isikhathi sokulawula.
  • Kwengezwe okuguquguqukayo kokucushwa kwe-$REQUEST_SCHEME kuseva ye-HTTP eyakhelwe ngaphakathi ukuze kulondolozwe iphrothokholi yoqobo (http noma i-https) lapho iqondiswa kabusha, kanye nenketho "yokuhlubula" yokuvumela ama-chroots amaningi ku-/var/www kumaseva e-FastCGI.
  • Isisetshenziswa esiphezulu manje sisekela ukuskrola usebenzisa okhiye abangu-9 no-0.
  • Kwethulwa indlela yokukhulula amakhasi enkumbulo ngokulandelana okuphambene, okwandisa kakhulu ukusebenza kahle kokukhulula inani elikhulu lamakhasi.
  • Iseva ye-DNS engaboshiwe inokuhlola kwe-DNSSEC okunikwe amandla ngokuzenzakalela.
  • Amakholi esistimu akhululiwe ekuvinjweni komhlaba jikelele
    __thrsleep(2), __thrwakeup(2), vala(2), closefrom(2), dup(2), dup2(2), dup3(2), Flock(2), fcntl(2), kqueue(2), ipayipi(2), ipayipi2(2) ne-nanosleep(2), kanye nengxenye eyisisekelo ye-ioctl(2).

  • Ukwesekwa kwezingxenyekazi zekhompuyutha okunwetshiwe. Umshayeli omusha we-iwx wengeziwe wama-chips angenantambo e-Intel AX200, futhi umshayeli we-iwm wengeze usekelo lwamadivayisi we-Intel 9260 nangu-9560. Umshayeli we-rge wengezwe ku-Realtek 8125 PCI Express 2.5Gb. Abashayeli abaningi abasha baye bahlongozwa ukuthuthukisa ukusebenza kumabhodi we-arm64 kanye ne-arv7, okuhlanganisa ukwesekwa okwengeziwe kwebhodi le-Raspberry Pi 4 kanye nokusekelwa okuthuthukisiwe kwe-Raspberry Pi 2 kanye ne-3.
  • Isistimu engaphansi yomsindo we-sndio inwetshiwe. Kwengezwe i-sioctl_open API kanye nensiza ye-sndioctl yokulawula umsindo nge-sndiod. /dev/mixer isusiwe futhi zonke izimbobo zishintshelwe ku-sndio esikhundleni se-kernel mixer interface. I-Sndiod inikeza ukusetshenziswa kwezindlela zokulawula ivolumu yehadiwe. Ukuze kuthuthukiswe ukuvikeleka, ukufinyelela komsebenzisi okuvamile ku-/dev/audio* kanye /dev/rmidi* akuvunyelwe.
  • Isitaki esingenantambo siyayeka ukuxhuma kunoma iyiphi inethiwekhi ye-Wi-Fi etholakalayo engakusekeli ukubethela, ngaphandle kokubiza ngokusobala umyalo othi "ifconfig join". Iqinisekisa ukuthi ukuskena kwangemuva kwamanethiwekhi atholakalayo kuyaqalwa uma umyalo othi "ifconfig scan" ukhishwa umsebenzisi wempande. Inqolobane yemiphumela yokuskena inyusiwe. Kwengezwe ifulegi elithi “nwflag nomimo”, elisethwe nge-ifconfig, esiza ekukhipheni ukulahleka kwephakethe ngemodi ye-11n uma idivayisi inezixhumi ze-antenna ezingaxhumekile. Usekelo olungeziwe lwemodi yokuskena esebenzayo yomshayeli we-bwfm. Ukushintsha okuzenzakalelayo okuthuthukisiwe phakathi kwamanethiwekhi angenawaya ngokwehlisa okubalulekile kumanethiwekhi angaxhumekile kuwo.
  • Umshayeli omusha we-pppac uvele kusitaki senethiwekhi, okuhlanganisa ukuqaliswa kwe-PPP Access Concentrator interface. Kushintshwe izilungiselelo ze-npppd.conf ukuze kusetshenziswe i-pppac esikhundleni se-tun. Uma ukuqondisa kabusha iphakethe kuvaliwe, kuye kwafakwa isheke ukuze kubhekwe ukuthi ikheli lendawo elisephaketheni liyahambisana yini nekheli lenethiwekhi. Usekelo lwe-Mobileip lususiwe.
  • Abasebenzisi okungezona izimpande banqatshelwe ukusebenzisa i-ioctl ukushintsha ikheli lenethiwekhi nokushintsha amapharamitha we-pppoe interfaces.
  • i-sysupgrade iqinisekisa ukuthi izibuyekezo ze-firmware (fw_update) ziyaqalwa ngaphambi kokuqalisa kabusha ngaphambi kokuthuthukiswa.
  • Ikholi yesistimu yokuvezwa ithuthukisiwe ukuze inikeze ukuhlukaniswa kokufinyelela kwefayela. Inani lezicelo ezisuka kusistimu yesisekelo lapho ukuvikela kusetshenziswa i-unveil likhushulwe lafinyelela ku-82. Kubandakanya i-vmstat, iostat ne-systat edluliselwe ukuze kuvulwe.
  • Ukusekelwa kwe-RSA-PSS kwengezwe ku-crypto(3).
  • Usekelo lwe-DoT (DNS phezu kwe-TLS) lwengezwe kusixazululi se-DNS sokukhulula. Kwengezwe umyalo othi "unwindctl status memory".
  • Ukuqaliswa kwe-ipsec kwenziwe kwesimanje kakhulu. Kungezwe usekelo lokuhamba ngokuzenzakalelayo kwethrafikhi phakathi kwesizinda phakathi kwe-rdomain ngesikhathi sokubethela kanye nokukhishwa kwemfihlo ukuze kuvikelwe ekuhlaselweni kwesiteshi eseceleni. Kwengezwe usekelo lokushintsha isizinda sibe i-iked, futhi kwengezwe inketho ethi 'rdomain' ku-iked.conf
    Izinga elizenzakalelayo le-iked ne-isakmpd lithi IPSEC_LEVEL_REQUIRE, elivimbela ukucutshungulwa kwamaphakethe angabetheliwe ahambisana nokugeleza. I-curve25519, ecp256, ecp384, ecp521, modp3072 kanye ne-modp4096 algorithms yengezwe kuzilungiselelo zeqembu le-Diffie-Hellman le-IKE SA. Ku-iked, indlela yokuqinisekisa ezenzakalelayo iguqulelwe ekuqinisekiseni isiginesha yedijithali (RFC 7427). Kwengezwe izilungiselelo ze-ESN ku-iked.conf. Kwengezwe inketho ethi "-p" ukuze ukhethe inombolo yembobo engajwayelekile ye-UDP.

  • Amandla we-tmux terminal multiplexer anwetshiwe futhi izinketho eziningi ezintsha zengeziwe.
  • Inguqulo yeseva yemeyili ye-OpenSMTPD ibuyekeziwe. Izihlungi ezakhelwe ngaphakathi zisebenzisa igama elingukhiye elithi “bypass” ukuze weqe ukucubungula ngaphansi kwezimo ezithile. Ivumela igama lomsebenzisi leseshini yamanje ye-smtpd ukuthi isetshenziswe kuzihlungi. Ku-smtpd.conf, amapharamitha avumela ukusetshenziswa kwe-mail-from kanye ne-rctp-to.
  • Iphakheji ye-OpenSSH 8.2 ibuyekeziwe ukuze ifake ukusekelwa kwamathokheni okuqinisekisa izici ezimbili ze-FIDO/U2F. Ungabona ukubuka konke okuningiliziwe kokuthuthukiswa lapha.
  • Kubuyekeziwe iphakethe le-LibreSSL, lapho ukuqaliswa kwe-TLS 1.3 okusekelwe emshinini omusha wesimo esilinganiselwe kanye nesistimu engaphansi yokusebenza ngamarekhodi sekuqediwe. Ngokuzenzakalelayo, ingxenye yeklayenti kuphela ye-TLS 1.3 enikwe amandla okwamanje; ingxenye yeseva ihlelelwe ukuthi yenziwe isebenze ngokuzenzakalela ekukhishweni okuzayo. Uhlu lwezinye izinguquko lungabonakala ezimemezelweni zokukhishwa 3.1.0 и 3.1.1.
  • Inani lamachweba okwakhiwa kwe-AMD64 lalingu-11268, le-aarch64 - 10848, le-i386 - 10715. Izingxenye ezivela konjiniyela bezinkampani zangaphandle ezifakwe ku-OpenBSD 6.7 zibuyekeziwe:
    • Isitaki sezithombe ze-Xenocara esisekelwe ku-X.Org 7.7 ene-xserver 1.20.8 + amapeshi, i-freetype 2.10.1, fontconfig 2.12.4, Mesa 19.2.8, xterm 351, xkeyboard-config 2.20;
    • I-LLVM/Clang 8.0.1 (eneziqephu)
    • I-GCC 4.2.1 (eneziqephu) kanye no-3.3.6 (eneziqephu)
    • I-Perl 5.30.2 (eneziqephu)
    • I-NSD 4.2.4
    • Ukukhulula 1.10.0
    • Abahlengikazi 5.7
    • I-Binutils 2.17 (eneziqephu)
    • I-Gdb 6.3 (eneziqephu)
    • NgoDisemba 20, 2012
    • Expat 2.2.8

    Source: opennet.ru

Engeza amazwana