Following the release of Red Hat Enterprise Linux 9.3 published update of previous thread Red Hat Enterprise Linux 8.9, which is maintained in parallel with the RHEL 9.x branch and will be supported at least until 2029. Installation assemblies are prepared for x86_64, s390x (IBM System z), ppc64le and Aarch64 architectures, but available For downloads only to registered Red Hat Customer Portal users (you can also use iso images CentOS Stream 9 and free builds RHEL for developers).
As in the case of the RHEL 9 branch, the sources of RHEL 8 rpm packages are no longer publicly distributed through Git repository CentOS, but remain available to the company’s clients through a closed section of the site, which has a user agreement (EULA) prohibiting data redistribution. The source code can be found in the CentOS Stream repository, but it is not completely synchronized with RHEL and the latest versions of packages do not always match the packages from RHEL. Rocky Linux, Oracle and SUSE have joined forces and now reproduce source texts of rpm packages for RHEL releases within the OpenELA project. AlmaLinux has switched to using the CentOS Stream repository and allows for minor differences in behavior (may differ at the individual patch level), but maintains binary compatibility at the ABI level.
The preparation of new releases of Red Hat Enterprise Linux 8.x is carried out in accordance with the development cycle, which implies the formation of releases every six months at a predetermined time. Until 2024, the 8.x branch will be at the full support stage, implying the inclusion of functional improvements, after which will pass into the maintenance phase, where priorities will shift toward bug fixes and security, with minor improvements to support critical hardware systems.
- The composition includes new versions of compilers and tools for developers: GCC Toolset 13, LLVM Toolset 16.0.6, Rust Toolset 1.71.1, Go Toolset 1.20.10, Node.js 20, Valgrind 3.21, SystemTap 4.9, elfutils 0.189, java-21 -openjdk (java-17-openjdk, java-11-openjdk and java-1.8.0-openjdk also continue to ship).
- Updated server and system packages: samba 4.18.4, 389-ds-base 126.96.36.199, OpenSCAP 1.3.8, Grafana 9.2.10, opencryptoki 3.21.0, iproute 6.2.0, libnftnl 1.2.2, makedumpfile 1.7.2, Podman 4.6.
- Support for booting in UEFI mode has been added to AMI images for AWS EC2 cloud environments.
- The “inst.wait_for_disks” parameter has been added to installation assemblies, which specifies the waiting time for the kickstart file to load or for drivers to be ready during the boot process.
- New options “–ipv4-dns-search” and “–ipv6-dns-search” have been added to the network command kickstart files to set the base domains for the “search” directive in /etc/resolv.conf, as well as the options ” –ipv4-ignore-auto-dns” and “–ipv6-ignore-auto-dns” to ignore receiving DNS settings via DHCP.
- To simplify debugging problems, the fapolicyd service has added the transmission of rule numbers for rejected calls to the fanotify API.
- ANSSI-BP-028 (French National Agency for the Security of Information Systems) security profiles have been updated to version 2.0.
- Support for FANOTIFY events has been added to the audit tools and the fields fan_type (event type), fan_info (related information), sub_trust and obj_trust (trust levels for the subject and object of the event) have been saved in the log.
- Postfix includes the ability to check DNS SRV records to determine the host and port of the mail server that will be used to transmit messages. The proposed feature can be used in infrastructures in which services with dynamically allocated network port numbers are used to deliver email messages.
- The vsftpd FTP server supports the use of the TLS 1.3 protocol.
- The cups-filters package adds an LF-to-CRLF driver that can be used to convert “\n” (line feed) characters to “\r\n” (carriage return and line feed) characters for printers that only support trailing file processing lines “\r\n”.
- The security of the default nftables service settings has been enhanced. The /etc/sysconfig/nftables/nat.nft ruleset includes a new do_masquerade chain that checks the level of randomization of source port numbers to reduce the risk of attack Port Shadows (CVE-2021-3773).
- NetworkManager has added support for the “no-aaaa” option in resolv.conf, which disables DNS queries for AAAA records (determining an IPv6 address from the host name). Support for configuring AWS Red Hat Enterprise Linux EC2 using IMDSv2 (Instance Metadata Service Version 2) tokens has been added to the nm-cloud-setup utility.
- To protect against Specter v2 attacks related to speculative execution of instructions, the AutoIBRS (Automatic Indirect Branch Restricted Speculation) mode has been added, supported in AMD CPUs starting with the EPYC 9004 Genoa family.
- The Intel QAT driver with support for Intel Quick Assist Technology 401xx/402xx devices has been moved from the Linux kernel 6.2.
- Added the ability to specify a UUID when creating a GFS2 file system (the “-U” command has been added to the mkfs.gfs2 utility).
- FUSE3 adds the ability to invalidate a directory entry without automatically unmounting the mount points associated with that entry.
- The capabilities for clusters and fault-tolerant systems have been expanded: Support for policy routing has been added to the cluster resource agents IPaddr2 and IPsrcaddr. Support for EFS (Amazon Elastic File System) has been added to the ocf:heartbeat:Filesystem agent. Support for the SNMPv3 protocol has been added to the alert_snmp.sh.sample agent.
- Changes have been added to Glibc with optimizations to improve performance on systems with Intel Xeon v5 CPUs.
- Full support for discrete Intel Arc A-Series graphics cards (Alchemist or DG2) is provided.
- Added a system role to manage and install systemd units. A system role has been added for installing, configuring, managing and running the PostgreSQL DBMS. A system role has been added for the keylime toolkit, which simplifies the configuration of the Keylime registrar and verifier, used to confirm authenticity and continuously monitor the integrity of the external system. Support for defining, changing and deleting ipsets has been added to the firewall system role. System roles for Podman, Kdump, Storage and Microsoft SQL Server have been expanded.
- Added support for key files used in NetworkManager to cloud-init.
- Podman adds support for containers compressed using the zstd algorithm. Added the ability to use Quadlets to automatically generate systemd services from container descriptions. Added podmansh shell, which can be used instead of /usr/bin/bash to start a user session in a container. Updated versions of Podman, Buildah, Skopeo, crun and runc.
- Added new kernel command line parameters: gather_data_sampling to control the mode of protection against GDS attacks (Gather Data Sampling or Downfall and rdrand to hide support for the RDRAND instruction.
- Expanded hardware support. Added drivers for Thunderbolt/USB4 network devices (thunderbolt_net) and Broadcom 802.11 wireless adapters (brcmfmac) supplied for ARM64 systems. Added drivers for Bluetooth devices MediaTek, Microsoft Azure Network Adapter IB (mana_ib), Linux USB Video Class driver (uvc), AMD SoundWire (soundwire-amd), DisplayPort Alternate Mode (typec_displayport), Virtio-mem (virtio_mem). Improved support for Intel processors based on Meteor Lake microarchitecture.
- Client support has been stabilized for the sigstore cryptographic verification components: Rekor (a log for storing metadata certified with digital signatures) and Fulcio (a system of certification authorities (root CAs) issuing short-lived certificates).
- Continued provision of experimental (Technology Preview) support for AF_XDP, XDP hardware offloading, Multipath TCP (MPTCP), MPLS (Multi-protocol Label Switching), DSA (data streaming accelerator), dracut, kexec fast reboot, nispor, DAX in ext4 and xfs, systemd-resolved, accel-config, igc, OverlayFS, Stratis, Software Guard Extensions (SGX), NVMe/TCP, DNSSEC, GNOME on ARM64 and IBM Z systems, AMD SEV for KVM, Intel vGPU, Toolbox.
Thanks for reading: