2 New Features and Changes
Unless indicated otherwise, the following new features, major enhancements, bug fixes, and other changes that are introduced in this release of Oracle Linux 9 apply to both the x86_64 and 64-bit Arm (aarch64) platforms.
Installation
-
--allow-ssh
kickstart option enables password-based SSH root loginsThe
--allow-ssh
option is used with therootpw
command. With this option, the same functionality in graphical installations that enables root users to login by using SSH with a password is now available in kickstart installations.
Operating System and Software Management
-
The
modulesync
command replaces certain workflowsThis enhancement facilitates the installation of modular packages by ensuring the presence of modular metadata. Previously, the metadata is not included in the installation. Consequently, you would use the
dnf
command first to download the packages, and then thecreaterepo_c
command to redistribute those packages.The
modulesync
command streamlines the process by downloading the modular packages and at the same time creating a repository with modular metadata in a working directory. -
Boot loader menu hidden by default
The GRUB boot loader does not display the boot menu by default.
However, if a previous system boot fails, then the GRUB boot loader displays the boot menu at the next system boot.
To access the boot menu manually, do one of the following steps while the system is booting:
- Press Esc repeatedly.
- Press F8 repeatedly.
- Hold Shift.
To disable the default setting, use the following command:
sudo grub2-editenv - unset menu_auto_hide
Shells and Command Line Tools
-
The
xmlstarlet
package is available in a supported repositoryThe
xmlstarlet
package was previously available in theol9_developer_EPEL
repository, but is now available in the supportedol9_appstream
repository. This package contains utilities that are frequently used on the command line to perform common operations on XML files that other command line tools are unable to do easily by taking advantage of XPath syntax to properly locate, add or modify information within the file. -
libvpd
is rebased to version 2.2.9This version has the fix for database locking and an updated
libtool
utility version information. -
lsvpd
is updated to version 1.7.14In this updated version, the
lsvpd
utility prevents corruption of the database file when you run thevpdupdate
command. -
sysctl
introduces same syntax assystemd-sysctl
for handling argumentsThe
sysctl
utility can parse hyphens (-
) or globs (*
) that are in configuration lines. For more information about thesystemd-sysctl
syntax, see thesysctl.d(5)
manual page.
Infrastructure Services
-
chrony
uses DHCPv6 NTP serversYou can use specify DHCP options to indicate how the NetworkManager dispatcher script for
chrony
updates the Network time protocol (NTP) sources. The DHCP option 56 indicates that DHCPv6 is used while the DHCP option 42 specifies that DHCPv4 is used. With these options, the dispatcher script can be configured to use NTP servers that are provided by both DHCPv6 and DHCPv4. -
chrony
is updated to version 4.2The updated version includes the following changes and enhancements:
- The server interleaved mode is updated to be more reliable and to support multiple clients behind a single address translator that uses Network Address Translation (NAT).
- The Network Time Protocol Version 4 (NTPv4) extension field is available to improve
time synchronization stability and precision of estimated errors. This field extends the
capabilities of the NTPv4 protocol. You can enable the field by using the
extfield F323
option. This option is experimental. - NTP forwarding over the Precision Time Protocol (PTP) is available to enable full
hardware timestamping on network interface cards (NICs) that have timestamping limited
to PTP packets. You can enable NTP over PTP by using the
ptpport 319
option. This option is experimental.
-
unbound
is updated to version 1.16.2The updated versions includes bug fixes and the following enhancements:
- Recipients can verify the zone contents for data integrity and origin authenticity by using ZONEMD Zone Verification to ensure compliance with RFC 8976.
unbound
enables you to configure persistent TCP connections.- The SVCB and HTTPS types and handling according to the Service binding and parameter
specification through the DNS
draft-ietf-dnsop-svcb-https
document were added. - The default TLS ciphers from system cryptographic policies are used by
unbound
components. - The Special-Use Domain
home.arpa.
defined in RFC 8375 is available for non-unique use in residential home networks. - Selective enabling of
tcp-upstream
queries for stub or forward zones is supported. - The
aggressive-nsec
option is enabled by default. - Logic for the
ratelimit
function is updated and introducesratelimit-backoff
andip-ratelimit-backoff
for an optional more aggressive countermeasure when the limit is reached. - The new
rpz-signal-nxdomain-ra
option can be used to unset theRA
flag when a query is blocked by an Unbound response policy zone (RPZ) nxdomain reply. - Additional error information is provided through Extended DNS Errors (EDE) in accordance with RFC 8914.
-
The password encryption function is available in
whois
The
whois
package supports the/usr/bin/mkpasswd
binary, which enables you to encrypt a password with thecrypt
C library interface. -
frr
is updated to version 8.2.2The updated
frr
package includes the following changes and enhancements:-
Support for Ethernet VPN (EVPN) route type-5 gateway IP Overlay Index.
-
Support for Autonomous system border router (ASBR) summarization in the Open-shortest-path-first (OSPFv3) protocol.
-
Usage of stub and not-so-stubby-areas (NSSA) in OSPFv3 is enhanced.
-
Support for graceful restart capability in OSPFv2 and OSPFv3.
-
The link bandwidth in the border gateway protocol (BGP) is compliant with the IEEE 754 standard. To use the previous encoding method, run the
neighbor PEER disable-link-bw-encoding-ieee
command in the existing configuration. -
Support for the long-lived graceful restart capability in BGP.
-
Implementation of RFC 9003 on extended administrative shutdown communication as well as extended optional parameters length in BGP, based on RFC 9072.
-
Security
-
OpenSSH supports setting the minimum RSA key length
Using short RSA keys makes the system more vulnerable to attacks. This update enables you to set minimum RSA key lengths for OpenSSH servers and clients through the
RequiredRSASize
option in the/etc/ssh/sshd_config
file for OpenSSH servers or in the/etc/ssh/ssh_config
file for OpenSSH clients. -
crypto-policies
enforces OpenSSH 2048-bit RSA key length minimum by defaultConsequent to the support for setting minimum RSA key length in OpenSSH, the system-wide cryptographic policies enforce the 2048-bit minimum key length for RSA by default.
OpenSSH failing connections with an
Invalid key length
error message indicates that you need to use longer RSA keys.You can relax the default key length policy restriction, but at the expense of security. Ensure that you know the risks before performing any of the following methods:
-
Define a custom subpolicy by inserting the
min_rsa_size@openssh = 1024
parameter into the/etc/crypto-policies/policies/modules/RSA-OPENSSH-1024.pmod
file. -
Apply the custom subpolicy using the
update-crypto-policies --set DEFAULT:RSA-OPENSSH-1024
command.
-
-
OpenSSL option supports SHA-1 for signatures
By default, OpenSSL 3.0.0 does not support SHA-1 for signature creation and verification. SHA-1 key derivation functions (KDF) and hash-based message authentication codes (HMAC) are still supported. However, backwards compatibility with Oracle Linux 8 systems that still use SHA-1 for signatures can be achieved through the
rh-allow-sha1-signatures
configuration option. If enabled in thealg_section
ofopenssl.cnf
, this option enables the creation and verification of SHA-1 signatures.This option is automatically enabled if the LEGACY system-wide cryptographic policy is set, which might be needed if RPM packages with SHA-1 signatures are installed..
-
crypto-policies
supportssntrup761x25519-sha512@openssh.com
key exchange (KEX) methodThe post-quantum
sntrup761
algorithm is already available in the OpenSSH suite. This method provides better security against attacks from quantum computers. To enable this key exxchange method, create and apply a subpolicy, for example:sudo echo 'key_exchange = +SNTRUP' > /etc/crypto-policies/policies/modules/SNTRUP.pmod sudo update-crypto-policies --set DEFAULT:SNTRUP
-
Support RSA keys shorter than 1023 bits is removed in NSS
Updates of Network Security Services (NSS) libraries have dropped support of RSA keys of 128 bits in favor of 1023 bits. With this change, NSS no longer performs the following functions:
-
Generate RSA keys shorter than 1023 bits.
-
Sign or verify RSA signatures with RSA keys shorter than 1023 bits.
-
Encrypt or decrypt values with RSA key shorter than 1023 bits.
-
-
SCAP Security Guide is updated to 0.1.63
The SCAP Security Guide (SSG) provides new compliance rules for
sysctl
,grub2
,pam_pwquality
, and build time kernel configuration. New profiles that are specific for Oracle Linux 9 include the following:- ANSSI-BP-028 (enhanced, high, intermediary, and minimal)
- CUI
- E8
- HIPAA
- OSPP
- PCI-DSS
- Standard
- STIG
- STIG_GUI
-
keylime
package is availableKeylime is a tool for attestation of remote systems by using trusted platform module (TPM) technology. Keylime enables you to verify and continuously monitor the integrity of remote systems. Further, the tool enables you to specify encrypted payloads that Keylime delivers to the monitored machines. You can also use the tool to define automated actions that trigger whenever a system fails the integrity test.
-
Rsyslog error files can be set with maximum size option
The
action.errorfile.maxsize
option enables you to specify a maximum number of bytes of the error file for the Rsyslog log processing system. Beyond the maximum setting, Rsyslog cannot write any additional errors or other data in it. The option prevents oversized error files from rendering the host system unusable. -
opencryptoki
is updated to version 3.18.0This version includes the following improvements:
- Default to Federal Information Processing Standards (FIPS) compliant token data format (tokversion = 3.12).
- Enabled restricting usage of mechanisms and keys using a global policy.
- Enabled statistics counting of mechanism usage.
- The
ICA/EP11
tokens can uselibica
library version 4. - The
p11sak
tool allows setting different attributes for public and private keys. - The
C_GetMechanismList
does not returnCKR_BUFFER_TOO_SMALL
in the EP11 token.
In this version, data formats that use algorithms that are not approved by FIPS no longer work. Therefore, to use
openCryptoki
on Oracle Linux 9, you must migrate tokens that used the earlier token data format to use the new data format before enabling FIPS on the system. To migrate, use thepkcstok_migrate
utility, which is provided withopenCryptoki
.Note:
The
pkcstok_migrate
utility uses non-FIPS-approved algorithms during the migration. You must use this tool before enabling FIPS mode on the system. For additional information, see Migrating to FIPS compliance - pkcstok_migrate utility. -
fapolicyd
is updated to 1.1.3The updated
fapolicyd
software framework includes several enhancements including a change to use the OpenSSL library as the cryptographic engine for hash computation and a facility to allow rules to match the parent process ID (PPID) of a subject. A fix to thefagenrules --load
command is also included. -
SELinux policy confines additional services
With updated
selinux-policy
packages, SELinux confines the following services:-
ksm
-
nm-priv-helper
-
rhcd
-
stalld
-
systemd-network-generator
-
targetclid
-
wg-quick
-
-
SELinux supports the
self
keyword in type transitionsSELinux tooling supports type transition rules with the
self
keyword in the policy sources, which enables the SELinux policy for labeling of anonymous inodes. -
SELinux user-space packages is updated
User-space packages
libsepol
,libselinux
,libsemanage
,policycoreutils
,checkpolicy
, andmcstrans
include the following changes;-
The
-T
option in thesetfiles
,restorecon
, andfixfiles
tools supports and enables parallel relabeling.With this option, you can specify the number of process threads. Or, you can use
-T 0
for setting the maximum of available processor cores. -
The new
--checksum
option prints SHA-256 hashes of modules. -
New policy utilities are added to the
libsepol-utils
package.
-
-
SELinux automatic relabeling is now parallel by default
The
-T 0
option setting is included in the automatic relabeling script that is run by thefixfiles
command line. The-T 0
option ensures that thesetfiles
program uses the maximum of available processor cores for relabeling by default.To override this default setting, choose one of the following commands:
-
fixfiles -T 1 onboot
-
echo "-T 1" > /.autorelabel
-
Networking
-
firewalld
is updated to version 1.1.1This version provides multiple bug fixes and enhancements including the following:
-
Rich rules support NetFilter-log (NFLOG) target for user-space logging. No NFLOG-capable logging daemon exists in Oracle Linux. To collect the logs that you need, use the
tcpdump -i nflog
command. -
ingress-zones=HOST
andegress-zones={ANY, source based zone}
settings enable support for port forwarding in firewall policies. -
Support is added for the
afp
,http3
,jellyfin
,netbios-ns
,ws-discovery
, andws-discovery-client
services -
Tab-completion and sub-options in Z Shell for the
policy
option is supported.
-
-
NetworkManager displays warnings about unavailability of WEP support
The Wired Equivalent Privacy (WEP) security algorithm has been removed from
wpa_supplicant
packages. This enhancement updates NetworkManager to reflect these changes. Appropriate mechanisms are in place to indicate the absence of support for WEP, and attempts to connect to WEP protected network generates an error message.For secure encryption, use only wifi networks with Wi-Fi Protected Access 2 (WPA2) and WPA3 authentication.
Kernel and System Libraries
The following notable features, enhancements, and changes apply to the Red Hat Compatible Kernel (RHCK) that is shipped with Oracle Linux 9.
-
BPF is updated to the Linux kernel version 5.16
This updated version of the Berkeley Packet Filter (BPF) facility multiple bug fixes and enhancements such as the following:
-
Streamlined internal BPF program sections handling and
bpf_program__set_attach_target()
API function in thelibbpf
userspace library. The function sets the BPF based attach targets for BPF based programs. -
Support for the following parameters and funtionalities:
-
BTF_KIND_TAG
kind, which allows you to tag declarations, as well as theBTF_KIND_DECL_TAG
kind. -
bpf_get_branch_snapshot()
helper which enables the tracing program to capture the last branch records (LBR) from the hardware. -
Legacy
kprobe
in thelibbpf
userspace library that enableskprobe
trace events creation through the legacy interface. -
Capability through the
__sk_buff
helper function to access hardware timestamps through BPF specific structures with the . -
Batched interface for RX buffer allocation in
AF_XDP
buffer pool, with driver support fori40e
andice
. -
Legacy
uprobe
support inlibbpf
userspace library to complement recently merged legacykprobe
. -
bpf_trace_vprintk()
as a variadicprintk
helper. -
libbpf
opt-in that enforces stricter BPF program section name handling as part oflibbpf
1.0 effort. -
libbpf
for locating specialized maps, such asperf RB
and internally delete BTF type identifiers while creating them. -
bloomfilter
BPF map type to test if an element exists in a set. -
Kernel module function calls from BPF.
-
Typeless and weak
ksym
in light skeleton.
-
For a full list and descriptions of BPF features in the running kernel, use the
bpftool feature
command. -
-
The
tpm2-tools
package is updated to 5.2.1This version provides additional support for the following features and tools:
- Public-key output when a primary object is created by using the
tpm2_createprimary
andtpm2_create
tools. - The
tpm2_print
tool for printing public-key output formats. The tool decodes a Trusted Platform Module (TPM) data structure and prints enclosed elements. - The
tpm2_eventlog
tool for reading logs larger than 64 KB. - The
tpm2_sessionconfig
tool to support displaying and configuring session attributes.
For more information, see the
/usr/share/doc/tpm2-tools/Changelog.md
file. - Public-key output when a primary object is created by using the
High Availability and Clusters
-
pcs stonith update-scsi-devices
allows updates to multipath SCSI devices without restarting the clusterThe
pcs stonith update-scsi-devices
command can be used to update fencing on a cluster by using multipath devices without requiring a restart of other cluster resources running on the same node. For example:sudo pcs stonith update-scsi-devices <mpath-fence-dev> set <device-path> sudo pcs stonith update-scsi-devices <mpath-fence-dev> add <device-path> sudo pcs stonith update-scsi-devices <mpath-fence-dev> remove <device-path>...
-
Pacemaker clusters have UUIDs
The
pcs
command generates a UUID that you can use to uniquely identify the cluster when it is created. The UUID is displayed when you run thepcs cluster config [show]
command. You can add a UUID to an existing cluster or regenerate a UUID if one already exists by runningpcs cluster config uuid generate
. -
Pacemaker is updated to version 2.1.4
The updated version contains the following changes:
-
New value
stop_unexpected
can be assigned to themultiple-active
resource parameterThe
multiple-active
resource parameter determines recovery behavior when additional instances unexpectedly become active on a resource. By default, the parameter is set to execute a full restart of the resource, even if the resource is operating normally for the other originally configured instances.stop_unexpected
enables you to specify that only unexpected instances of a multiple active resource are stopped. However, you must verify that the service and its resource agent continue to function with these extra active instances without requiring to restart the resource. -
Pacemaker
allow-unhealthy-node
resource meta-attribute addedThe
allow-unhealthy-node
resource meta-attribute can be set totrue
to ensure that the resource is not forced off a node due to degraded node health. This feature allows the health agent to continue to run on an unhealthy node so that the cluster is able to automatically detect when the node becomes healthy again, before moving resources back to the node. -
Pacemaker includes Access Control Lists (ACLs) for system groups
In addition to the ACLs that were previously allows for individual users, Pacemaker includes ACLs for system groups to facilitate role-based access controls. The
pcs acl group
command can now be used to apply ACLs to system groups. For example, to create a read-only ACL for the pcs_ro_group system group:sudo pcs acl group create pcs_ro_group readonly
-
-
Samba is not installed with cluster packages
Samba packages are separated from packages for the Oracle Linux High Availability Add-on and are therefore not automatically installed. If you require these packages, you need to perform a manual installation.
Dynamic Programming Languages, Web and Database Servers
-
php:8.1
module stream is availableThe new version enables you to do the following:
- Use the Enumerations (
Enums
) feature to define a custom type from a selection of possible values. - Flag a property with the
readonly
modifier to lock the property from being modified after initialization. - Use fibers, full-stack, interruptible functions.
- Use the Enumerations (
-
Ruby 3.1.2 available as a new module stream
Ruby 3.1.2 is available in a new
ruby:3.1
module stream. This version of Ruby includes several enhancements and performance improvements over theruby:3.0
module stream, including:- An auto-complete feature and a documentation dialog included in the
Interactive Ruby
(IRB) utility. - New
debug
anderror_highlight
gems to provide improved performance, more functionality and more granular control. - Values in the hash literal data types and keyword arguments can now be omitted
- Parentheses can now be omitted in one-line pattern matching and the pin operator
(
^
) now accepts an expression in pattern matching. - YJIT, a new experimental in-process Just-in-Time (JIT) compiler, is now available on the AMD and Intel 64-bit architectures
- The Method Based Just-in-Time Compiler (MJIT) includes several performance improvements including an increase in the default maximum JIT cache value for large workloads like Rails.
- An auto-complete feature and a documentation dialog included in the
-
httpd
rebased to version 2.4.53Notable changes in the
mod_proxy
andmod_proxy_connect
modules include:mod_proxy
: The length limit of the name of the controller has been increasedmod_proxy
: You can now selectively configure timeouts for backend and frontendmod_proxy
: You can now disable TCP connections redirection by setting theSetEnv proxy-nohalfclose
parametermod_proxy
andmod_proxy_connect
: It is forbidden to change a status code after sending it to a client
In addition, a new
ldap
function has been added to the expression API, which can help prevent the LDAP injection vulnerability. -
The
LimitRequestBody
directive inhttpd
configuration is updated with a new default valueThe default value for the
LimitRequestBody
directive in the Apache HTTP Server has been changed from0
(unlimited) to 1 GiB to resolve a security issue. Systems that are already configured to use an explicit value for theLimitRequestBody
directive are unaffected by this change.On systems where the value of
LimitRequestBody
is not explicitly specified in anhttpd
configuration file, the default value of 1 GiB is applied when thehttpd
package is updated. If the total size of the HTTP request body exceeds this 1 GiB default limit, the413 Request Entity Too Large
error code is returned. If your server needs to serve larger files you must update your httpd configuration and set your limit in bytes. -
The
httpd-core
package is availableThis new package now contains the
httpd
binary file with all essential files. Thus, you can install only basichttpd
functionality of the Apache HTTP server as required, such as in the case of containers, without additional dependencies.The
httpd
package includessystemd
-related files, includingmod_systemd
,mod_brotli
, and documentation.Additionally, the
httpd
Module Magic Number (MMN) value is moved from thehttpd
package to the newhttpd-core
package. Therefore, to obtain thehttpd-mmn
value of the installedhttpd
binary, you would need to use theapxs
binary in thehttpd-devel
package as follows:sudo apxs -q HTTPD_MMN
20120211
-
pcre2
is updated to version 10.40The
pcre2
package provides the Perl Compatible Regular Expressions library v2.In this version, you can no longer use the
\K
escape sequence in lookaround assertions. Instead, you can use thePCRE2_EXTRA_ALLOW_LOOKAROUND_BSK
option. When this option is set,\K
is accepted only inside positive assertions but is ignored in negative assertions.
Compilers and Development Tools
-
The updated GCC compiler is now available
-
GCC Toolset 12 is available
To install the toolset, type:
sudo dnf install gcc-toolset-12
To run a tool from the toolset, type:
scl enable gcc-toolset-12 tool
To run a shell session where the tool versions from GCC Toolset 12 override system versions of these tools, type:
scl enable gcc-toolset-12 bash
The new GCC Toolset contains the following tools:
- Annobin 10.79
- Contains a new command line option for
annocheck
to avoid using thedebuginfod
service if no alternatives exist for finding debug information. Thedebuginfod
service can provide more debug information, but can also downgradeannocheck
's performance if thedebuginfod
server is unavailable. meson
andninja
are alternative tools for building Annobin sources, if desired.- Annocheck supports binaries built by the Rust 1.18 compiler.
In some circumstances, this version might cause compilation errors with messages similar to the following:
cc1: fatal error: inaccessible plugin file opt/rh/gcc-toolset-12/root/usr/lib/gcc/architecture-linux-gnu/12/plugin/gcc-annobin.so expanded from short plugin name gcc-annobin: No such file or directory
To work around this issue, create a symbolic link in the plugin directory as follows:
cd /opt/rh/gcc-toolset-12/root/usr/lib/gcc/architecture-linux-gnu/12/plugin sudo ln -s annobin.so gcc-annobin.so
For architecture, specify the architecture of the system you are using.
- Contains a new command line option for
binutils
2.38- All tools in this package can be set to display or warn about the presence of multibyte characters.
- The
readelf
andobjdump
tools now automatically follow any links to separatedebuginfo
files by default. To disable this behavior, choose one of the following commands:.readelf --debug-dump=no-follow-links
objdump --dwarf=no-follow-links
- GCC 12 supports
_FORTIFY_SOURCE
level 3When building applications with GCC 12 or later versions, you can use
-D_FORTIFY_SOURCE=3
in the compiler command line to improve coverage of source code fortification as well as security for the applications. This support is also available in all Clang with the__builtin_dynamic_object_size
built in. -
GDB 11.2
- Adds new support for Aarch64 MTE.
- Provides the
--qualified
option for-break-insert
and-dprintf-insert
that looks for an exact match of the user’s event location instead of searching in all scopes. - Provides the
--force-condition
option where any supplied condition can be defined even if the condition is currently invalid. - Provides the
-break-condition --force
option and has analogous behavior as in the preceding option. - Provides the
-file-list-exec-source-files
option that accepts optionalREGEXP
to limit output. -
The
.gdbinit
search path includes the config directory. - Supports
~/.config/gdb/gdbearlyinit
or~/.gdbearlyinit
. - Provides the
-eix
and-eiex
early initialization file options.
In the erminal user interface (TUI), support is available for mouse actions. Additionally, key combinations that do not act on the focused window are now passed to GDB.
This updated GDB also includes new and revised commands as well as updates to the Python API.
- Annobin 10.79
-
GDB supports Power 10 PLT instructions
This update enables users to step into shared library functions and inspect stack backtraces by using GDB version 10.2-10 and later.
-
Rust Toolset updated to version 1.62.1
- You can now use tuple, slice, and struct patterns as the left-hand side of
an assignment. For example, a tuple assignment can swap two variables:
Note that destructuring assignments with operators such as(a, b) = (b, a);
+=
are not allowed. - Inline assembly is available on x86_64 and aarch64 using the
core::arch::asm!
macro. - Enums can derive the
Default
trait with an explicitly annotated#[default]
variant. - An optimized
futex
-based implementation is used forMutex
,CondVar
, andRwLock
, to replace pthreads. - Custom exit codes from
main
, including user-defined types that use theTermination
trait, can be used. - Cargo supports more control over dependency features. The
dep:
prefix can refer to an optional dependency without exposing that as a feature, and a?
only enables a dependency feature if that dependency is enabled elsewhere, likepackage-name?/feature-name
. - A new
cargo add
sub-command for adding dependencies toCargo.toml
is available.
- You can now use tuple, slice, and struct patterns as the left-hand side of
an assignment. For example, a tuple assignment can swap two variables:
-
LLVM Toolset is updated to version 14.0.0
- On 64-bit x86, support for
AVX512-FP16
instructions has been added. - Support for the Armv9-A, Armv9.1-A and Armv9.2-A architectures has been added.
This version also includes the following changes in
clang
:if consteval
forC++2b
is now implemented.AVX512-FP16
instructions have been added for the x86_64 architecture.- The
-E -P
preprocessor output now always omits blank lines, matching GCC behavior. Previously, up to 8 consecutive blank lines could appear in the output. - Support
-Wdeclaration-after-statement
withC99
and later standards, and not just C89, matching GCC’s behavior. A notable use case is supporting style guides that forbid mixing declarations and code, but want to move to newer C standards.
For more information, see the LLVM Toolset and Clang upstream release notes.
- On 64-bit x86, support for
-
maven:3.8
module stream is updatedTo install, type:
sudo dnf module install maven:3.8