2 New Features and Changes

Unless indicated otherwise, the following new features, major enhancements, bug fixes, and other changes that are introduced in this release of Oracle Linux 9 apply to both the x86_64 and 64-bit Arm (aarch64) platforms.

Installation and Boot

The following features, enhancements, and changes related to installation and boot are introduced in this release of Oracle Linux 9.

--allow-ssh Kickstart Option Enables Password-based SSH Root Logins

The --allow-ssh option is used with the rootpw command. With this option, the same functionality in graphical installations that enables root users to login by using SSH with a password is now available in kickstart installations.

Operating System and Software Management

The following features, enhancements, and changes related to the OS and software management are introduced in this Oracle Linux 9 release.

modulesync Command Replaces Certain Workflows

This enhancement facilitates the installation of modular packages by ensuring the presence of modular metadata. Previously, the metadata is not included in the installation. Consequently, you would use the dnf command first to download the packages, and then the createrepo_c command to redistribute those packages.

The modulesync command streamlines the process by downloading the modular packages and at the same time creating a repository with modular metadata in a working directory.

Boot Loader Menu Hidden by Default

The GRUB boot loader does not display the boot menu by default.

However, if a previous system boot fails, then the GRUB boot loader displays the boot menu at the next system boot.

To access the boot menu manually, do one of the following steps while the system is booting:

  • Press Esc repeatedly.
  • Press F8 repeatedly.
  • Hold Shift.

To disable the default setting, use the following command: 

sudo grub2-editenv - unset menu_auto_hide

Shells and Command Line Tools

The following features, enhancements, and changes related to shells and command line tools are introduced in this Oracle Linux 9 release.

xmlstarlet Package is Available in a Recognized Repository

The xmlstarlet package was previously available in the ol9_developer_EPEL repository, but is now available in the supported ol9_appstream repository. This package contains utilities that are frequently used on the command line to perform common operations on XML files that other command line tools are unable to do easily by taking advantage of XPath syntax to properly locate, add, or modify information within the file.

Updated Packages

  • libvpd Is Update to Version 2.2.9

    This version has the fix for database locking and an updated libtool utility version information.

  • lsvpd is Updated to Version 1.7.14

    In this updated version, the lsvpd utility prevents corruption of the database file when you run the vpdupdate command.

sysctl Introduces Same Syntax as systemd-sysctl for Handling Arguments

The sysctl utility can parse hyphens (-) or globs (*) that are in configuration lines. For more information about the systemd-sysctl syntax, see the sysctl.d(5) manual page.

Infrastructure Services

The following features, enhancements, and changes related to infrastructure services are introduced in this Oracle Linux 9 release.

chrony Uses DHCPv6 NTP Servers

You can use specify DHCP options to indicate how the NetworkManager dispatcher script for chrony updates the Network time protocol (NTP) sources. The DHCP option 56 indicates that DHCPv6 is used while the DHCP option 42 specifies that DHCPv4 is used. With these options, the dispatcher script can be configured to use NTP servers that are provided by both DHCPv6 and DHCPv4.

chrony Updated to Version 4.2

The updated version includes the following changes and enhancements:

  • The server interleaved mode is updated to be more reliable and to support multiple clients behind a single address translator that uses Network Address Translation (NAT).
  • The Network Time Protocol Version 4 (NTPv4) extension field is available to improve time synchronization stability and precision of estimated errors. This field extends the capabilities of the NTPv4 protocol. You can enable the field by using the extfield F323 option. This option is experimental.
  • NTP forwarding over the Precision Time Protocol (PTP) is available to enable full hardware timestamping on network interface cards (NICs) that have timestamping limited to PTP packets. You can enable NTP over PTP by using the ptpport 319 option. This option is experimental.

unbound Updated to Version 1.16.2

The updated versions includes bug fixes and the following enhancements:

  • Recipients can verify the zone contents for data integrity and origin authenticity by using ZONEMD Zone Verification to ensure compliance with RFC 8976.
  • unbound enables you to configure persistent TCP connections.
  • The SVCB and HTTPS types and handling according to the Service binding and parameter specification through the DNS draft-ietf-dnsop-svcb-https document were added.
  • The default TLS ciphers from system cryptographic policies are used by unbound components.
  • The Special-Use Domain home.arpa. defined in RFC 8375 is available for non-unique use in residential home networks.
  • Selective enabling of tcp-upstream queries for stub or forward zones is supported.
  • The aggressive-nsec option is enabled by default.
  • Logic for the ratelimit function is updated and introduces ratelimit-backoff and ip-ratelimit-backoff for an optional more aggressive countermeasure when the limit is reached.
  • The new rpz-signal-nxdomain-ra option can be used to unset the RA flag when a query is blocked by an Unbound response policy zone (RPZ) nxdomain reply.
  • Additional error information is provided through Extended DNS Errors (EDE) in accordance with RFC 8914.

Password Encryption Function Available in whois

The whois package supports the /usr/bin/mkpasswd binary, which enables you to encrypt a password with the crypt C library interface.

frr Updated to Version 8.2.2

The updated frr package includes the following changes and enhancements:

  • Support for Ethernet VPN (EVPN) route type-5 gateway IP Overlay Index.

  • Support for Autonomous system border router (ASBR) summarization in the Open-shortest-path-first (OSPFv3) protocol.

  • Usage of stub and not-so-stubby-areas (NSSA) in OSPFv3 is enhanced.

  • Support for graceful restart capability in OSPFv2 and OSPFv3.

  • The link bandwidth in the border gateway protocol (BGP) is compliant with the IEEE 754 standard. To use the previous encoding method, run the neighbor PEER disable-link-bw-encoding-ieee command in the existing configuration.

  • Support for the long-lived graceful restart capability in BGP.

  • Implementation of RFC 9003 on extended administrative shutdown communication as well as extended optional parameters length in BGP, based on RFC 9072.

Security

The following features, enhancements, and changes related to security are introduced in this Oracle Linux 9 release.

OpenSSH Supports Setting the Minimum RSA Key Length

Using short RSA keys makes the system more vulnerable to attacks. This update enables you to set minimum RSA key lengths for OpenSSH servers and clients through the RequiredRSASize option in the /etc/ssh/sshd_config file for OpenSSH servers or in the /etc/ssh/ssh_config file for OpenSSH clients.

crypto-policies Enforces OpenSSH 2048-bit RSA Key Length Minimum by Default

Consequent to the support for setting minimum RSA key length in OpenSSH, the system-wide cryptographic policies enforce the 2048-bit minimum key length for RSA by default.

OpenSSH failing connections with an Invalid key length error message indicates that you need to use longer RSA keys.

You can relax the default key length policy restriction, but at the expense of security. Ensure that you know the risks before performing any of the following methods:

  • Define a custom subpolicy by inserting the min_rsa_size@openssh = 1024 parameter into the /etc/crypto-policies/policies/modules/RSA-OPENSSH-1024.pmod file.

  • Apply the custom subpolicy using the update-crypto-policies --set DEFAULT:RSA-OPENSSH-1024 command.

OpenSSL Option Supports SHA-1 for Signatures

By default, OpenSSL 3.0.0 does not support SHA-1 for signature creation and verification. SHA-1 key derivation functions (KDF) and hash-based message authentication codes (HMAC) are still supported. However, backwards compatibility with Oracle Linux 8 systems that still use SHA-1 for signatures can be achieved through the rh-allow-sha1-signatures configuration option. If enabled in the alg_section of openssl.cnf, this option enables the creation and verification of SHA-1 signatures.

This option is automatically enabled if the LEGACY system-wide cryptographic policy is set, which might be needed if RPM packages with SHA-1 signatures are installed.

crypto-policies Supports sntrup761x25519-sha512@openssh.com Key Exchange (KEX) Method

The post-quantum sntrup761 algorithm is already available in the OpenSSH suite. This method provides better security against attacks from quantum computers. To enable this key exxchange method, create and apply a subpolicy, for example: 

sudo echo 'key_exchange = +SNTRUP' > /etc/crypto-policies/policies/modules/SNTRUP.pmod
sudo update-crypto-policies --set DEFAULT:SNTRUP

Support RSA Keys Shorter Than 1023 Bits Removed in NSS

Updates of Network Security Services (NSS) libraries have dropped support of RSA keys of 128 bits in favor of 1023 bits. With this change, NSS no longer performs the following functions:

  • Generate RSA keys shorter than 1023 bits.

  • Sign or verify RSA signatures with RSA keys shorter than 1023 bits.

  • Encrypt or decrypt values with RSA key shorter than 1023 bits.

SCAP Security Guide Updated to 0.1.63

The SCAP Security Guide (SSG) provides new compliance rules for sysctl, grub2, pam_pwquality, and build time kernel configuration. New profiles that are specific for Oracle Linux 9 include the following:

  • ANSSI-BP-028 (enhanced, high, intermediary, and minimal)
  • CUI
  • E8
  • HIPAA
  • OSPP
  • PCI-DSS
  • Standard
  • STIG
  • STIG_GUI

keylime Package Available

Keylime is a tool for attestation of remote systems by using trusted platform module (TPM) technology. Keylime enables you to verify and continuously monitor the integrity of remote systems. Further, the tool enables you to specify encrypted payloads that Keylime delivers to the monitored machines. You can also use the tool to define automated actions that trigger whenever a system fails the integrity test.

Rsyslog Error Files Can Be Set With Maximum Size Option

The action.errorfile.maxsize option enables you to specify a maximum number of bytes of the error file for the Rsyslog log processing system. Beyond the maximum setting, Rsyslog cannot write any additional errors or other data in it. The option prevents oversized error files from rendering the host system unusable.

opencryptoki Updated to Version 3.18.0

This version includes the following improvements:

  • Default to Federal Information Processing Standards (FIPS) compliant token data format (tokversion = 3.12).
  • Enabled restricting usage of mechanisms and keys using a global policy.
  • Enabled statistics counting of mechanism usage.
  • The ICA/EP11 tokens can use libica library version 4.
  • The p11sak tool allows setting different attributes for public and private keys.
  • The C_GetMechanismList does not return CKR_BUFFER_TOO_SMALL in the EP11 token.

In this version, data formats that use algorithms that are not approved by FIPS no longer work. Therefore, to use openCryptoki on Oracle Linux 9, you must migrate tokens that used the earlier token data format to use the new data format before enabling FIPS on the system. To migrate, use the pkcstok_migrate utility, which is provided with openCryptoki.

Note:

The pkcstok_migrate utility uses non-FIPS-approved algorithms during the migration. You must use this tool before enabling FIPS mode on the system. For additional information, see Migrating to FIPS compliance - pkcstok_migrate utility.

fapolicyd Updated to 1.1.3

The updated fapolicyd software framework includes several enhancements including a change to use the OpenSSL library as the cryptographic engine for hash computation and a facility to allow rules to match the parent process ID (PPID) of a subject. A fix to the fagenrules --load command is also included.

SELinux Policy Confines Additional Services

With updated selinux-policy packages, SELinux confines the following services:

  • ksm

  • nm-priv-helper

  • rhcd

  • stalld

  • systemd-network-generator

  • targetclid

  • wg-quick

SELinux Supports the self Keyword in Type Transitions

SELinux tooling supports type transition rules with the self keyword in the policy sources, which enables the SELinux policy for labeling of anonymous inodes.

SELinux User-space Packages Updated

User-space packages libsepol, libselinux, libsemanage, policycoreutils, checkpolicy, and mcstrans include the following changes;

  • The -T option in the setfiles, restorecon, and fixfiles tools supports and enables parallel relabeling.

    With this option, you can specify the number of process threads. Or, you can use -T 0 for setting the maximum of available processor cores.

  • The new --checksum option prints SHA-256 hashes of modules.

  • New policy utilities are added to the libsepol-utils package.

SELinux Automatic Relabeling Now Parallel by Default

The -T 0 option setting is included in the automatic relabeling script that is run by the fixfiles command line. The -T 0 option ensures that the setfiles program uses the maximum of available processor cores for relabeling by default.

To override this default setting, choose one of the following commands:

  • fixfiles -T 1 onboot
  • echo "-T 1" > /.autorelabel

Networking

The following features, enhancements, and changes related to networking are introduced in this Oracle Linux 9 release.

firewalld Updated to version 1.1.1

This version provides multiple bug fixes and enhancements including the following:

  • Rich rules support NetFilter-log (NFLOG) target for user-space logging. No NFLOG-capable logging daemon exists in Oracle Linux. To collect the logs that you need, use the tcpdump -i nflog command.

  • ingress-zones=HOST and egress-zones={ANY, source based zone} settings enable support for port forwarding in firewall policies.

  • Support is added for the afp, http3, jellyfin, netbios-ns, ws-discovery, and ws-discovery-client services

  • Tab-completion and sub-options in Z Shell for the policy option is supported.

NetworkManager Displays Warnings About Unavailability of WEP Support

The Wired Equivalent Privacy (WEP) security algorithm has been removed from wpa_supplicant packages. This enhancement updates NetworkManager to reflect these changes. Appropriate mechanisms are in place to indicate the absence of support for WEP, and attempts to connect to WEP protected network generates an error message.

For secure encryption, use only wifi networks with Wi-Fi Protected Access 2 (WPA2) and WPA3 authentication.

Kernel and System Libraries

The following notable features, enhancements, and changes apply to the Red Hat Compatible Kernel (RHCK) that's shipped with the current Oracle Linux 9 version.

BPF Updated to the Linux Kernel Version 5.16

This updated version of the Berkeley Packet Filter (BPF) facility multiple bug fixes and enhancements such as the following:

  • Streamlined internal BPF program sections handling and bpf_program__set_attach_target() API function in the libbpf userspace library. The function sets the BPF based attach targets for BPF based programs.

  • Support for the following parameters and funtionalities:

    • BTF_KIND_TAG kind, which allows you to tag declarations, as well as the BTF_KIND_DECL_TAG kind.

    • bpf_get_branch_snapshot() helper which enables the tracing program to capture the last branch records (LBR) from the hardware.

    • Legacy kprobe in the libbpf userspace library that enables kprobe trace events creation through the legacy interface.

    • Capability through the __sk_buff helper function to access hardware timestamps through BPF specific structures with the .

    • Batched interface for RX buffer allocation in AF_XDP buffer pool, with driver support for i40e and ice.

    • Legacy uprobe support in libbpf userspace library to complement recently merged legacy kprobe.

    • bpf_trace_vprintk() as a variadic printk helper.

    • libbpf opt-in that enforces stricter BPF program section name handling as part of libbpf 1.0 effort.

    • libbpf for locating specialized maps, such as perf RB and internally delete BTF type identifiers while creating them.

    • bloomfilter BPF map type to test if an element exists in a set.

    • Kernel module function calls from BPF.

    • Typeless and weak ksym in light skeleton.

For a full list and descriptions of BPF features in the running kernel, use the bpftool feature command.

tpm2-tools Package Updated to 5.2.1

This version provides additional support for the following features and tools:

  • Public-key output when a primary object is created by using the tpm2_createprimary and tpm2_create tools.
  • The tpm2_print tool for printing public-key output formats. The tool decodes a Trusted Platform Module (TPM) data structure and prints enclosed elements.
  • The tpm2_eventlog tool for reading logs larger than 64 KB.
  • The tpm2_sessionconfig tool to support displaying and configuring session attributes.

For more information, see the /usr/share/doc/tpm2-tools/Changelog.md file.

High Availability and Clusters

The following features, enhancements, and changes related to high availability are introduced in this Oracle Linux 9 release.

pcs stonith update-scsi-devices Accepts Updates to Multipath SCSI Devices Without Restarting the Cluster

The pcs stonith update-scsi-devices command can be used to update fencing on a cluster by using multipath devices without requiring a restart of other cluster resources running on the same node. For example: 

sudo pcs stonith update-scsi-devices <mpath-fence-dev> set <device-path>
sudo pcs stonith update-scsi-devices <mpath-fence-dev> add <device-path>
sudo pcs stonith update-scsi-devices <mpath-fence-dev> remove <device-path>...

Pacemaker Clusters Have UUIDs

The pcs command generates a UUID that you can use to uniquely identify the cluster when it is created. The UUID is displayed when you run the pcs cluster config [show] command. You can add a UUID to an existing cluster or regenerate a UUID if one already exists by running pcs cluster config uuid generate.

Pacemaker Updated to Version 2.1.4

The updated version contains the following changes:

  • New value stop_unexpected can be assigned to the multiple-active resource parameter

    The multiple-active resource parameter determines recovery behavior when additional instances unexpectedly become active on a resource. By default, the parameter is set to execute a full restart of the resource, even if the resource is operating normally for the other originally configured instances.

    stop_unexpected enables you to specify that only unexpected instances of a multiple active resource are stopped. However, you must verify that the service and its resource agent continue to function with these extra active instances without requiring to restart the resource.

  • Pacemaker allow-unhealthy-node resource meta-attribute added

    The allow-unhealthy-node resource meta-attribute can be set to true to ensure that the resource is not forced off a node due to degraded node health. This feature allows the health agent to continue to run on an unhealthy node so that the cluster is able to automatically detect when the node becomes healthy again, before moving resources back to the node.

  • Pacemaker includes Access Control Lists (ACLs) for system groups

    In addition to the ACLs that were previously allows for individual users, Pacemaker includes ACLs for system groups to facilitate role-based access controls. The pcs acl group command can now be used to apply ACLs to system groups. For example, to create a read-only ACL for the pcs_ro_group system group: 

    sudo pcs acl group create pcs_ro_group readonly

Samba Not Installed With Cluster Packages

Samba packages are separated from packages for the Oracle Linux High Availability Add-on and are therefore not automatically installed. If you require these packages, you need to perform a manual installation.

Dynamic Programming Languages, Web and Database Servers

The following features, enhancements, and changes related to programming languages, web servers, and database servers are introduced in this Oracle Linux 9 release.

nodejs:18 Module Stream

Node.js 18 provides numerous new features together with bug and security fixes over Node.js 16, including the following:

  • V8 engine is upgraded to version 10.1.

  • The npm package manager is upgraded to version 8.15.0.

  • Node.js provides a new experimental fetch API as well as an experimental node:test module that facilitates the creation of tests that report results in the Test Anything Protocol (TAP) format.

To install the nodejs:18 module stream, type: 

sudo dnf module install nodejs:18

php:8.1 Module Stream Available

The new version enables you to do the following:

  • Use the Enumerations (Enums) feature to define a custom type from a selection of possible values.
  • Flag a property with the readonly modifier to lock the property from being modified after initialization.
  • Use fibers, full-stack, interruptible functions.

Ruby 3.1.2 Available as a New Module Stream

Ruby 3.1.2 is available in a new ruby:3.1 module stream. This version of Ruby includes several enhancements and performance improvements over the ruby:3.0 module stream, including:

  • An auto-complete feature and a documentation dialog included in the Interactive Ruby (IRB) utility.
  • New debug and error_highlight gems to provide improved performance, more functionality and more granular control.
  • Values in the hash literal data types and keyword arguments can now be omitted
  • Parentheses can now be omitted in one-line pattern matching and the pin operator (^) now accepts an expression in pattern matching.
  • YJIT, a new experimental in-process Just-in-Time (JIT) compiler, is now available on the AMD and Intel 64-bit architectures
  • The Method Based Just-in-Time Compiler (MJIT) includes several performance improvements including an increase in the default maximum JIT cache value for large workloads like Rails.

httpd Updated to Version 2.4.53

Notable changes in the mod_proxy and mod_proxy_connect modules include:

  • mod_proxy: The length limit of the name of the controller has been increased
  • mod_proxy: You can now selectively configure timeouts for backend and frontend
  • mod_proxy: You can now disable TCP connections redirection by setting the SetEnv proxy-nohalfclose parameter
  • mod_proxy and mod_proxy_connect: It is forbidden to change a status code after sending it to a client

In addition, a new ldap function has been added to the expression API, which can help prevent the LDAP injection vulnerability.

LimitRequestBody Directive in httpd Configuration Updated With a New Default Value

The default value for the LimitRequestBody directive in the Apache HTTP Server has been changed from 0 (unlimited) to 1 GiB to resolve a security issue. Systems that are already configured to use an explicit value for the LimitRequestBody directive are unaffected by this change.

On systems where the value of LimitRequestBody is not explicitly specified in an httpd configuration file, the default value of 1 GiB is applied when the httpd package is updated. If the total size of the HTTP request body exceeds this 1 GiB default limit, the 413 Request Entity Too Large error code is returned. If your server needs to serve larger files you must update your httpd configuration and set your limit in bytes.

httpd-core Package is Available

This new package now contains the httpd binary file with all essential files. Thus, you can install only basic httpd functionality of the Apache HTTP server as required, such as in the case of containers, without additional dependencies.

The httpd package includes systemd-related files, including mod_systemd, mod_brotli, and documentation.

Additionally, the httpd Module Magic Number (MMN) value is moved from the httpd package to the new httpd-core package. Therefore, to obtain the httpd-mmn value of the installed httpd binary, you would need to use the apxs binary in the httpd-devel package as follows: 

sudo apxs -q  HTTPD_MMN
20120211

pcre2 Updated to Version 10.40

The pcre2 package provides the Perl Compatible Regular Expressions library v2.

In this version, you can no longer use the \K escape sequence in lookaround assertions. Instead, you can use the PCRE2_EXTRA_ALLOW_LOOKAROUND_BSK option. When this option is set, \K is accepted only inside positive assertions but is ignored in negative assertions.

Compilers and Development Tools

The following features, enhancements, and changes related to compilers and development tools are introduced in this Oracle Linux 9 release.

GCC Toolset 12 is Available

To install the toolset, type:

sudo dnf install gcc-toolset-12

To run a tool from the toolset, type:

scl enable gcc-toolset-12 tool

To run a shell session where the tool versions from GCC Toolset 12 override system versions of these tools, type:

scl enable gcc-toolset-12 bash

The new GCC Toolset contains the following tools:

  • Updated GCC compiler

  • Annobin 10.79
    • Contains a new command line option for annocheck to avoid using the debuginfod service if no alternatives exist for finding debug information. The debuginfod service can provide more debug information, but can also downgrade annocheck's performance if the debuginfod server is unavailable.
    • meson and ninja are alternative tools for building Annobin sources, if desired.
    • Annocheck supports binaries built by the Rust 1.18 compiler.

    In some circumstances, this version might cause compilation errors with messages similar to the following:

    cc1: fatal error: inaccessible plugin file
opt/rh/gcc-toolset-12/root/usr/lib/gcc/architecture-linux-gnu/12/plugin/gcc-annobin.so
expanded from short plugin name gcc-annobin: No such file or directory

    To work around this issue, create a symbolic link in the plugin directory as follows:

    cd /opt/rh/gcc-toolset-12/root/usr/lib/gcc/architecture-linux-gnu/12/plugin
sudo ln -s annobin.so gcc-annobin.so

    For architecture, specify the architecture of the system you are using.

  • binutils 2.38
    • All tools in this package can be set to display or warn about the presence of multibyte characters.
    • The readelf and objdump tools now automatically follow any links to separate debuginfo files by default. To disable this behavior, choose one of the following commands:. 
      readelf --debug-dump=no-follow-links
      objdump --dwarf=no-follow-links
  • GCC 12 supports _FORTIFY_SOURCE level 3

    When building applications with GCC 12 or later versions, you can use -D_FORTIFY_SOURCE=3 in the compiler command line to improve coverage of source code fortification as well as security for the applications. This support is also available in all Clang with the __builtin_dynamic_object_size built in.

  • GDB 11.2

    • Adds new support for Aarch64 MTE.
    • Provides the --qualified option for -break-insert and -dprintf-insert that looks for an exact match of the user’s event location instead of searching in all scopes.
    • Provides the --force-condition option where any supplied condition can be defined even if the condition is currently invalid.
    • Provides the -break-condition --force option and has analogous behavior as in the preceding option.
    • Provides the -file-list-exec-source-files option that accepts optional REGEXP to limit output.

    • The .gdbinit search path includes the config directory.

    • Supports $HOME/.config/gdb/gdbearlyinit or $HOME/.gdbearlyinit.
    • Provides the -eix and -eiex early initialization file options.

    In the erminal user interface (TUI), support is available for mouse actions. Additionally, key combinations that do not act on the focused window are now passed to GDB.

    This updated GDB also includes new and revised commands as well as updates to the Python API.

GDB Supports Power 10 PLT Instructions

This update enables users to step into shared library functions and inspect stack backtraces by using GDB version 10.2-10 and later.

Rust Toolset Updated to Version 1.62.1

  • You can now use tuple, slice, and struct patterns as the left-hand side of an assignment. For example, a tuple assignment can swap two variables: 
    (a, b) = (b, a);
    Note that destructuring assignments with operators such as += are not allowed.
  • Inline assembly is available on x86_64 and aarch64 using the core::arch::asm! macro.
  • Enums can derive the Default trait with an explicitly annotated #[default] variant.
  • An optimized futex-based implementation is used for Mutex, CondVar, and RwLock, to replace pthreads.
  • Custom exit codes from main, including user-defined types that use the Termination trait, can be used.
  • Cargo supports more control over dependency features. The dep: prefix can refer to an optional dependency without exposing that as a feature, and a ? only enables a dependency feature if that dependency is enabled elsewhere, like package-name?/feature-name.
  • A new cargo add subcommand for adding dependencies to Cargo.toml is available.

For more details, see consecutive upstream release announcements, including the following:

LLVM Toolset Updated to Version 14.0.0

  • On 64-bit x86, support for AVX512-FP16 instructions has been added.
  • Support for the Armv9-A, Armv9.1-A and Armv9.2-A architectures has been added.

This version also includes the following changes in clang:

  • if consteval for C++2b is now implemented.
  • AVX512-FP16 instructions have been added for the x86_64 architecture.
  • The -E -P preprocessor output now always omits blank lines, matching GCC behavior. Previously, up to 8 consecutive blank lines could appear in the output.
  • Support -Wdeclaration-after-statement with C99 and later standards, and not just C89, matching GCC’s behavior. A notable use case is supporting style guides that forbid mixing declarations and code, but want to move to newer C standards.

For more information, see the LLVM Toolset and Clang upstream release notes.

maven:3.8 Module Stream Updated

To install, type:

sudo dnf module install maven:3.8

Virtualization

The following features, enhancements, and changes related to virtualization are introduced in this Oracle Linux 9 release.

open-vm-tools Updated to 12.0.5

In this updated version of the open source implementation of VMware Tools, support has been added for the Salt Minion tool which is managed through guest OS variables.