fedora-docs / release-notes

Clone
Source Code
GIT

#59 Add #26 'aarch64 SBC disk images'
Merged 6 years ago by sclark. Opened 6 years ago by sclark.
fedora-docs/ sclark/release-notes iss26  into  f27

file modified
+8 
@@ -3,3 +3,11 @@ 
 

  

  [[sect-development-go]]
 

  == Go
 

+ 

+ 

+ [#go-upgraded-to-1.9]
 

+ === Golang 1.9
 

+ 

+ Fedora 27 brings Golang 1.9, which includes performance improvements, bug fixes, and new features. Most notably, support for type aliasing, parallel compilation, and direct bit manipulation has been added. For a complete list of changes, see upstream change notes at link:https://tip.golang.org/doc/go1.9[https://tip.golang.org/doc/go1.9].
 

+ 

+ With this release, support for the ppc64 architecture has been left out from the Fedora Golang packages due to the fact that the ppc64 port of 'GC' is not feature-complete.

file modified
+6 
@@ -10,3 +10,9 @@ 
 

  Java 8 remains the default JDK for this release. The inclusion of Java 9 / OpenJDK 9 will allow developers to develop and test their applications for the next version of Java in parallel while everyone can continue using the stable Java 8 for daily use.
 

  

  More information about the new features of OpenJDK 9 is available from http://openjdk.java.net/projects/jdk9/[the OpenJDK website].
 

+ 

+ [[sect-java-decouple]]
 

+ === System Java Setting Decoupled from Java Command Setting
 

+ In earlier versions of Fedora, Java applications installed from RPMs were run in the JVM that was found using the `PATH` environment variable. From this release, Java applications will be run using the default system JVM, which will be OpenJDK 8 in Fedora 27, without refering to `PATH`. Users will still be able to override the default by using the `JAVA_HOME` environment variable.
 

+ 

+ More detail about this revised configuration can be found on the https://fedoraproject.org/wiki/Changes/Decouple_system_java_setting_from_java_command_setting[change page].

file modified
+10 
@@ -7,3 +7,13 @@ 
 

  [[sect-development-tools-debuginfo]]
 

  === Debuginfo Package Improvements
 

  To observe what a program is doing, Fedora provides additional meta-data about code that is installed and runs on your system. These can be used together with tracers, profilers and debuggers to better understand what is running on your system (or to understand crashes or failures better). Previously, these debug info meta-data packages were fairly large, containing lots of information about multiple sub-packages together. With Fedora 27, these debug info meta-data packages have been split up into smaller sub-packages, making it possible to install just the debuginfo for one specific sub-package or library. The source files needed for debuggers (but not necessarily for tracers and profilers) have been separated out into their own debugsource package and it is now possible to install multiple, different versions or architectures of the debug info packages at the same time. For example, when trying to introspect a program installed in a container or virtual machine that is a different version of the package installed on the host, or when both a 32 bit and 64 bit version of a library is available.
 

+ 

+ [[sect-development-tools-bodhi]]
 

+ === Bodhi Now Handles Non-RPM Artifacts
 

+ Bodhi, the https://bodhi.fedoraproject.org/[Fedora Updates System], can now handle more than just RPM files. If it can be tagged in https://koji.fedoraproject.org/koji/[Koji], it should be accepted by Bodhi. The release of Bodhi 3.0.0 enables:
 

+ 

+ * Support for updating non-RPM artifacts, like modules.
 

+ * Support for complex package dependencies, which enables Fedora to start packaging Rust packages and allows Fedora to do a better job expressing valid ranges of supported dependency versions for existing packages.
 

+ * Support, via https://pagure.io/pungi[Pungi], for generating OSTrees that are more consistent with Fedora’s release day OSTrees.
 

+ 

+ More information about this update to Bodhi can be found in the https://bodhi.fedoraproject.org/docs/release_notes.html[Bodhi 3.0.0 release notes] and the related https://fedoraproject.org/wiki/Changes/BodhiNonRPMArtifacts[Fedora change page].

file modified
+30 
@@ -17,3 +17,33 @@ 
 

  [[sect-security-krb5-appl]]
 

  === krb5-appl Packages Removed
 

  The `krb5-appl-clients` and `krb5-appl-servers` packages are considered to be obsolete and have been removed from Fedora. These packages provided Kerberos-aware telnet, ftp, rcp, rsh, and rlogin clients and servers. Users should to move to more modern security tools, such as openssh.
 

+ 

+ 

+ [#sect-defauilt-ciopher-in-openvpn-changed-to-256-bit-aes-gcm]
 

+ === Default cipher in OpenVPN changed to 256-bit AES-GCM
 

+ 

+ OpenVPN configurations utilizing the newer `openvpn-server@.service` unit file now use a stronger cipher for the VPN tunnel by default. The default is changed from the Blowfish algorithm using 128-bit keys to the newer AES-GCM algorithm with 256-bit keys.
 

+ 

+ To ensure backwards compatibility, this new default also enables clients still using the not recommended Blowfish algorithm to connect by utilizing the `--ncp-ciphers` feature being available in OpenVPN{nbsp}2.4.
 

+ 

+ To facilitate an easy migration path away from Blowfish for clients not supporting AES-GCM, these clients can now add or change the `--cipher` option in the client configuration to either `AES-256-CBC` or `AES-128-CBC` without needing to do any other server changes.
 

+ 

+ 

+ [#sect-openshh-server-now-follows-system-wide-crypto-policies]
 

+ === OpenSSH Server now follows system-wide crypto policies
 

+ 

+ Fedora defines system-wide crypto policies, which are followed by cryptographic libraries and tools, including OpenSSH clients. This allows administrators to use different system-wide security levels. With this update, OpenSSH Server adheres to these system-wide crypto policies, too.
 

+ 

+ This modification is implemented using a script, which places configuration generated according to currently defined crypto policies into the OpenSSH Server's configuration file. The script is executed by systemd when the `sshd` service is started. It is, therefore, necessary to restart the `sshd` service for changes to crypto-policy configuration to take effect.
 

+ 

+ 

+ [#sect-ssh-1-support-removed-from-openssh]
 

+ === SSH-1 support removed from OpenSSH
 

+ 

+ The SSH-1 protocol is obsolete and no longer considered secure. As such, it is not supported by the default OpenSSH client binaries packaged for Fedora. This changes removes support for the SHH-1 protocol altogether by removing the *openssh-clients-ssh1* subpackage.
 

+ 

+ 

+ [#sect-libcurl-switches-to-using-openssl]
 

+ === libcurl switches to using OpenSSL
 

+ 

+ The *libcurl* library now uses OpenSSL for TLS and crypto (instead of NSS). TLS certificates and keys stored in the NSS database need to be exported to files for *libcurl* to be able to load them. See link:http://pki.fedoraproject.org/wiki/NSS_Database[http://pki.fedoraproject.org/wiki/NSS_Database] for instructions on how to work with the NSS database.

Release note for Issue #26 'aarch64 SBC disk images'.

@pbrobinson or @pwhalen - please would you review the draft release note text in this PR and let me know if anything needs to be added or changed?

rebased onto 80e65ea
6 years ago

Pull-Request has been merged by sclark
6 years ago
Metadata
No Tags
Changes Summary 4
+8 -0
file changed
en-US/developers/Development_Go.adoc
+6 -0
file changed
en-US/developers/Development_Java.adoc
+10 -0
file changed
en-US/developers/Development_Tools.adoc
+30 -0
file changed
en-US/sysadmin/Security.adoc
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.