1 |
commit: 192df982389eb4606a3d7051b52c082b52455fbd |
2 |
Author: Ulrich Müller <ulm <AT> gentoo <DOT> org> |
3 |
AuthorDate: Thu Dec 31 18:20:48 2020 +0000 |
4 |
Commit: Ulrich Müller <ulm <AT> gentoo <DOT> org> |
5 |
CommitDate: Thu Dec 31 18:20:48 2020 +0000 |
6 |
URL: https://gitweb.gentoo.org/data/gentoo-news.git/commit/?id=192df982 |
7 |
|
8 |
Remove old news items up to 2015. |
9 |
|
10 |
Signed-off-by: Ulrich Müller <ulm <AT> gentoo.org> |
11 |
|
12 |
.../2015-02-02-nfs-service-changes.en.txt | 39 -------- |
13 |
.../2015-02-04-portage-sync-changes.en.txt | 77 ---------------- |
14 |
.../2015-04-06-apache-addhandler-addtype.en.txt | 100 --------------------- |
15 |
.../2015-05-01-shorewall-changes.en.txt | 43 --------- |
16 |
.../2015-06-08-udev-init-scripts-changes.en.txt | 20 ----- |
17 |
.../2015-08-11-nepomuk-removal.en.txt | 24 ----- |
18 |
.../2015-08-26-ruby-19-removal.en.txt | 26 ------ |
19 |
.../2015-09-09-libvirt-init-script-changes.en.txt | 24 ----- |
20 |
...nrc-0-18-localmount-and-netmount-changes.en.txt | 17 ---- |
21 |
...uture-support-of-hardened-sources-kernel.en.txt | 62 ------------- |
22 |
...015-12-16-python-abiflags-rebuild-needed.en.txt | 53 ----------- |
23 |
11 files changed, 485 deletions(-) |
24 |
|
25 |
diff --git a/2015-02-02-nfs-service-changes/2015-02-02-nfs-service-changes.en.txt b/2015-02-02-nfs-service-changes/2015-02-02-nfs-service-changes.en.txt |
26 |
deleted file mode 100644 |
27 |
index 7e1b2be..0000000 |
28 |
--- a/2015-02-02-nfs-service-changes/2015-02-02-nfs-service-changes.en.txt |
29 |
+++ /dev/null |
30 |
@@ -1,39 +0,0 @@ |
31 |
-Title: nfs service changes |
32 |
-Author: William Hubbs <williamh@g.o> |
33 |
-Content-Type: text/plain |
34 |
-Posted: 2015-02-02 |
35 |
-Revision: 1 |
36 |
-News-Item-Format: 1.0 |
37 |
-Display-If-Installed: <=net-fs/nfs-utils-1.3.1-r1 |
38 |
- |
39 |
-The upgrade to nfs-utils-1.3.1-r1 includes significant service changes |
40 |
-both for OpenRC and systemd users. |
41 |
- |
42 |
-OpenRC users: |
43 |
- |
44 |
-The OpenRC service which handled mounting nfs file systems has been |
45 |
-changed to only start the nfs client daemons and renamed to nfsclient. |
46 |
-Because of this change, if you use OpenRC and mount nfs file systems, |
47 |
-you need to perform the following steps: |
48 |
- |
49 |
-Add nfsclient to the runlevel nfsmount was in before. For example, if |
50 |
-nfsmount was in the default runlevel, run this command: |
51 |
- |
52 |
-rc-update add nfsclient default |
53 |
- |
54 |
-If you use a permanent network connection to the server, make sure |
55 |
-netmount is in the same runlevel as nfsclient. If not, it is recommended |
56 |
-that net-fs/autofs be set up to handle your network mounts. |
57 |
- |
58 |
-Systemd users: |
59 |
- |
60 |
-The nfs systemd units have been renamed. If you are exporting nfs |
61 |
-mounts, you should enable the rpcbind and nfs-server services. If you |
62 |
-are mounting nfs mounts systemd should automatically detect this and |
63 |
-start the nfs-client service. |
64 |
- |
65 |
-More Information: |
66 |
- |
67 |
-The following wiki page has more information about nfs file systems: |
68 |
- |
69 |
-http://wiki.gentoo.org/wiki/NFSv4 |
70 |
|
71 |
diff --git a/2015-02-04-portage-sync-changes/2015-02-04-portage-sync-changes.en.txt b/2015-02-04-portage-sync-changes/2015-02-04-portage-sync-changes.en.txt |
72 |
deleted file mode 100644 |
73 |
index aeff021..0000000 |
74 |
--- a/2015-02-04-portage-sync-changes/2015-02-04-portage-sync-changes.en.txt |
75 |
+++ /dev/null |
76 |
@@ -1,77 +0,0 @@ |
77 |
-Title: New portage plug-in sync system |
78 |
-Author: Brian Dolbec <dolsen@g.o> |
79 |
-Content-Type: text/plain |
80 |
-Posted: 2015-02-02 |
81 |
-Revision: 1 |
82 |
-News-Item-Format: 1.0 |
83 |
-Display-If-Installed: <sys-apps/portage-2.3.62 |
84 |
- |
85 |
-There is a new plug-in sync system in >=sys-apps/portage-2.2.16. |
86 |
-This system will allow third party modules to be easily installed. Look |
87 |
-for a new layman plug-in sync module in layman's next release. Next is |
88 |
-a brief look at the changes. See the url [1] listed below for detailed |
89 |
-descriptions and usage. |
90 |
- |
91 |
-Changes: /etc/portage/repos.conf/* |
92 |
- New setting for all repository types (needed): |
93 |
- auto-sync = yes/no, true/false # default if absent: yes/true |
94 |
- |
95 |
- New for git sync-type: (applies to clone only) |
96 |
- sync-depth = n where n = {0,1,2,3,...} (optional, default = 1) |
97 |
- 0 -- full history |
98 |
- 1 -- shallow clone, only current state (default) |
99 |
- 2,3,... number of history changes to download |
100 |
- |
101 |
- New sync-type modules: |
102 |
- sync-type = svn # sync a subversion repository |
103 |
- sync-type = websync # Perform an emerge-webrsync operation |
104 |
- sync-type = laymanator # (if installed) runs a layman -s action |
105 |
- |
106 |
- New native portage postsync hooks |
107 |
- /etc/portage/postsync.d/* |
108 |
- Runs hooks once, only after all repos have been synced. |
109 |
- /etc/portage/repo.postsync.d/* |
110 |
- Runs each script with three arguments: |
111 |
- repo name, sync-uri, location |
112 |
- Each script is run at the completion of every repo synced. |
113 |
- |
114 |
-Migration: |
115 |
- Edit /etc/portage/repos.conf/*.conf files, add the auto-sync option |
116 |
- to each repository definition. Edit sync-type option to one of the |
117 |
- supported types {rsync, git, cvs, svn, websync, laymanator}. |
118 |
- [some-repo] |
119 |
- ... |
120 |
- sync-type = rsync |
121 |
- auto-sync = yes |
122 |
- |
123 |
- For an existing /etc/portage/repos.conf/layman.conf file: |
124 |
- 1) change/add the sync-type |
125 |
- sync-type = laymanator |
126 |
- 2) Ensure you have the correct layman version installed with |
127 |
- it's laymanator module also installed. |
128 |
- Alternate method: |
129 |
- Please see the wiki page url [1] for detailed instructions. |
130 |
- |
131 |
-Primary control of all sync operations has been moved from emerge to |
132 |
-emaint. "emerge --sync" now just calls the emaint sync module with the |
133 |
---auto option. The --auto option performs a sync on only those |
134 |
-repositories with the auto-sync setting not set to 'no' or 'false'. If |
135 |
-it is absent, then it will default to yes and "emerge --sync" will sync |
136 |
-the repository. |
137 |
- |
138 |
-NOTE: As a result of the default auto-sync = True/Yes setting, commands |
139 |
- like "eix-sync", "esync -l", "emerge --sync && layman -S" will cause |
140 |
- many repositories to be synced multiple times in a row. Please edit |
141 |
- your configs or scripts to adjust for the new operation. |
142 |
- |
143 |
-WARNING: |
144 |
- Due to the above default. For any repos that you EXPLICITLY do not |
145 |
- want to be synced. You MUST set "auto-sync = no" |
146 |
- |
147 |
-The 'emaint sync' module operates similar to layman. It can sync |
148 |
-single or multiple repos. See "emaint --help" or for more details and |
149 |
-examples see the wiki page listed below [1]. |
150 |
- |
151 |
-Additional help and project API documentation can be found at: |
152 |
- |
153 |
-[1] https://wiki.gentoo.org/wiki/Project:Portage/Sync |
154 |
|
155 |
diff --git a/2015-04-06-apache-addhandler-addtype/2015-04-06-apache-addhandler-addtype.en.txt b/2015-04-06-apache-addhandler-addtype/2015-04-06-apache-addhandler-addtype.en.txt |
156 |
deleted file mode 100644 |
157 |
index f90d091..0000000 |
158 |
--- a/2015-04-06-apache-addhandler-addtype/2015-04-06-apache-addhandler-addtype.en.txt |
159 |
+++ /dev/null |
160 |
@@ -1,100 +0,0 @@ |
161 |
-Title: Apache AddHandler/AddType exploit protection |
162 |
-Author: Sebastian Pipping <sping@g.o> |
163 |
-Content-Type: text/plain |
164 |
-Posted: 2015-04-06 |
165 |
-Revision: 2 |
166 |
-News-Item-Format: 1.0 |
167 |
-Display-If-Installed: www-servers/apache |
168 |
- |
169 |
-Apache's directives AddHandler [1] and AddType [2] can be used |
170 |
-to map certain file name extensions (e.g. .php) to a handler |
171 |
-(e.g. application/x-httpd-php). While a line like |
172 |
- |
173 |
- AddHandler application/x-httpd-php .php .php5 .phtml |
174 |
- ^^^^^^^ |
175 |
-matches index.php, it also matches index.php.png. |
176 |
-With |
177 |
- |
178 |
- AddType application/x-httpd-php .php .php5 .phtml |
179 |
- ^^^^ |
180 |
-index.php.png is not executed, but index.php.disabled still is. |
181 |
- |
182 |
- |
183 |
-Apache's notes on multiple file extensions [3] document |
184 |
-a multi-language website as a context where that behavior |
185 |
-may be helpful. Unfortunately, it can also be a security threat. |
186 |
- |
187 |
-Combined with (not just PHP) applications that support |
188 |
-file upload, the AddHandler/AddType directive can get you into |
189 |
-remote code execution situations. |
190 |
- |
191 |
-That is why >=app-eselect/eselect-php-0.7.1-r4 avoids AddHandler |
192 |
-and is shipping |
193 |
- |
194 |
- <FilesMatch "\.(php|php5|phtml)$"> |
195 |
- SetHandler application/x-httpd-php |
196 |
- </FilesMatch> |
197 |
- |
198 |
-instead. |
199 |
- |
200 |
- |
201 |
-Why this news entry? |
202 |
- |
203 |
- * Since Apache configuration lives below /etc, |
204 |
- you need to run etc-update (or a substitute) |
205 |
- to actually have related fixes applied. |
206 |
- To get them into the running instance of Apache, |
207 |
- you need to make it reload its configuration, e.g. |
208 |
- |
209 |
- sudo /etc/init.d/apache2 reload |
210 |
- |
211 |
- * If you are currently relying on AddHandler to execute |
212 |
- secret_database_stuff.php.inc, moving away from AddHandler |
213 |
- could result in serving your database credentials in plain |
214 |
- text. A command like |
215 |
- |
216 |
- find /var/www/ -name '*.php.*' \ |
217 |
- -o -name '*.php5.*' \ |
218 |
- -o -name '*.phtml.*' |
219 |
- |
220 |
- may help discovering PHP files that would no longer be executed. |
221 |
- |
222 |
- Shipping automatic protection for this scenario is not trivial, |
223 |
- but you could manually install protection based on this recipe: |
224 |
- |
225 |
- <FilesMatch "\.(php|php5|phtml|phps)\."> |
226 |
- # a) Apache 2.2 / Apache 2.4 + mod_access_compat |
227 |
- #Order Deny,Allow |
228 |
- #Deny from all |
229 |
- |
230 |
- # b) Apache 2.4 + mod_authz_core |
231 |
- #Require all denied |
232 |
- |
233 |
- # c) Apache 2.x + mod_rewrite |
234 |
- #RewriteEngine on |
235 |
- #RewriteRule .* - [R=404,L] |
236 |
- </FilesMatch> |
237 |
- |
238 |
- * You may be using AddHandler or AddType in other places, |
239 |
- including off-package files. Please have a look. |
240 |
- |
241 |
- * app-eselect/eselect-php is not the only package affected. |
242 |
- There is a dedicated tracker bug at [4]. |
243 |
- As of the moment, affected packages include: |
244 |
- |
245 |
- app-eselect/eselect-php[apache2] |
246 |
- net-nds/gosa-core |
247 |
- www-apache/mod_fastcgi |
248 |
- www-apache/mod_flvx |
249 |
- www-apache/mod_python |
250 |
- www-apache/mod_suphp |
251 |
- www-apps/moinmoin |
252 |
- www-apps/rt[-lighttpd] |
253 |
- |
254 |
- |
255 |
-Thanks to Nico Suhl, Michael Orlitzky and Marc Schiffbauer. |
256 |
- |
257 |
-[1] https://httpd.apache.org/docs/current/mod/mod_mime.html#addhandler |
258 |
-[2] https://httpd.apache.org/docs/current/mod/mod_mime.html#addtype |
259 |
-[3] https://httpd.apache.org/docs/current/mod/mod_mime.html#multipleext |
260 |
-[4] https://bugs.gentoo.org/show_bug.cgi?id=544560 |
261 |
|
262 |
diff --git a/2015-05-01-shorewall-changes/2015-05-01-shorewall-changes.en.txt b/2015-05-01-shorewall-changes/2015-05-01-shorewall-changes.en.txt |
263 |
deleted file mode 100644 |
264 |
index 08d1cdb..0000000 |
265 |
--- a/2015-05-01-shorewall-changes/2015-05-01-shorewall-changes.en.txt |
266 |
+++ /dev/null |
267 |
@@ -1,43 +0,0 @@ |
268 |
-Title: shorewall is now a single package |
269 |
-Author: Ian Delaney <idella4@g.o> |
270 |
-Content-Type: text/plain |
271 |
-Posted: 2015-05-01 |
272 |
-Revision: 1 |
273 |
-News-Item-Format: 1.0 |
274 |
-Display-If-Installed: net-firewall/shorewall-core |
275 |
-Display-If-Installed: net-firewall/shorewall6 |
276 |
-Display-If-Installed: net-firewall/shorewall-lite |
277 |
-Display-If-Installed: net-firewall/shorewall6-lite |
278 |
-Display-If-Installed: net-firewall/shorewall-init |
279 |
- |
280 |
-Starting with net-firewall/shorewall-4.6 we have re-integrated |
281 |
- |
282 |
- - net-firewall/shorewall-core |
283 |
- - net-firewall/shorewall6 |
284 |
- - net-firewall/shorewall-lite |
285 |
- - net-firewall/shorewall6-lite |
286 |
- - net-firewall/shorewall-init |
287 |
- |
288 |
-into a new all-in-one net-firewall/shorewall ebuild (see bug 522278). |
289 |
- |
290 |
-The new all-in-one ebuild makes maintenance a lot more easier because the |
291 |
-package is proxy-maintained and finding someone who is willing to help |
292 |
-you bumping 6 packages each time you provide an update was not easy in |
293 |
-the past. |
294 |
- |
295 |
-Because net-firewall/shorewall{-core,6,-lite,6-lite,init} is now |
296 |
-integrated in net-firewall/shorewall, we have to hard mask these old |
297 |
-ebuilds in the new monolithic ebuild to prevent file collisions. |
298 |
- |
299 |
-Due to this block we cannot migrate to the new version without user |
300 |
-interaction. Please remove the previous split ebuilds from your system if |
301 |
-you want to upgrade: |
302 |
- |
303 |
- $ emerge --ask --unmerge 'net-firewall/shorewall-*' \ |
304 |
- 'net-firewall/shorewall6*' |
305 |
- |
306 |
- |
307 |
-Please note: |
308 |
-Since the second shorewall-4.6 ebuild is now stabilized and shorewall-4.5 |
309 |
-is not compatible with the perl-5.20 (see bug 524558) we will start the |
310 |
-removal process for shorewall-4.5 ebuilds within the next 30 days. |
311 |
|
312 |
diff --git a/2015-06-08-udev-init-scripts-changes/2015-06-08-udev-init-scripts-changes.en.txt b/2015-06-08-udev-init-scripts-changes/2015-06-08-udev-init-scripts-changes.en.txt |
313 |
deleted file mode 100644 |
314 |
index 5ab36d7..0000000 |
315 |
--- a/2015-06-08-udev-init-scripts-changes/2015-06-08-udev-init-scripts-changes.en.txt |
316 |
+++ /dev/null |
317 |
@@ -1,20 +0,0 @@ |
318 |
-Title: udev-init-scripts-29 important changes |
319 |
-Author: William Hubbs <williamh@g.o> |
320 |
-Content-Type: text/plain |
321 |
-Posted: 2015-06-08 |
322 |
-Revision: 2 |
323 |
-News-Item-Format: 1.0 |
324 |
-Display-If-Installed: <=sys-fs/udev-init-scripts-29 |
325 |
- |
326 |
-In udev-init-scripts-29 and newer, the udev service script has been |
327 |
-split into udev, udev-settle and udev-trigger. |
328 |
- |
329 |
-This means the settings in /etc/conf.d/udev have also been migrated |
330 |
-to the appropriate /etc/conf.d files, so be careful when you update your |
331 |
-configuration settings. |
332 |
- |
333 |
-udev and udev-trigger will be added to your sysinit runlevel, but not |
334 |
-udev-settle. udev-settle should not be added to a runlevel. Instead, if |
335 |
-a service needs this, it should add "need udev-settle" to its |
336 |
-dependencies. |
337 |
- |
338 |
|
339 |
diff --git a/2015-08-11-nepomuk-removal/2015-08-11-nepomuk-removal.en.txt b/2015-08-11-nepomuk-removal/2015-08-11-nepomuk-removal.en.txt |
340 |
deleted file mode 100644 |
341 |
index 488c980..0000000 |
342 |
--- a/2015-08-11-nepomuk-removal/2015-08-11-nepomuk-removal.en.txt |
343 |
+++ /dev/null |
344 |
@@ -1,24 +0,0 @@ |
345 |
-Title: Nepomuk removal |
346 |
-Author: Johannes Huber <johu@g.o> |
347 |
-Content-Type: text/plain |
348 |
-Posted: 2015-08-11 |
349 |
-Revision: 1 |
350 |
-News-Item-Format: 1.0 |
351 |
-Display-If-Installed: dev-db/virtuoso-server |
352 |
- |
353 |
-With KDE SC 4.13.0 release the default semantic desktop search engine |
354 |
-switched from Nepomuk to Baloo.[1] This change was honoured in Gentoo |
355 |
-by changing the semantic-desktop use flag to cover the new engine and |
356 |
-moving the old to nepomuk use flag. |
357 |
- |
358 |
-The underlaying storage backend for Nepomuk aka Virtuoso DB has a lot |
359 |
-of unsolved upstream issues[2], therefore we will remove it. This means |
360 |
-packages with build options on the old stack will drop them. Other |
361 |
-packages which hard requiring it will be removed. |
362 |
- |
363 |
-If you are still using Nepomuk you can switch to Baloo by globally |
364 |
-enable semantic-desktop and disabling nepomuk use flag in |
365 |
-/etc/portage/make.conf or using one of the kde desktop profiles. |
366 |
- |
367 |
-[1] https://www.kde.org/announcements/4.13/ |
368 |
-[2] https://bugs.gentoo.org/buglist.cgi?quicksearch=virtuoso |
369 |
|
370 |
diff --git a/2015-08-26-ruby-19-removal/2015-08-26-ruby-19-removal.en.txt b/2015-08-26-ruby-19-removal/2015-08-26-ruby-19-removal.en.txt |
371 |
deleted file mode 100644 |
372 |
index 97c2465..0000000 |
373 |
--- a/2015-08-26-ruby-19-removal/2015-08-26-ruby-19-removal.en.txt |
374 |
+++ /dev/null |
375 |
@@ -1,26 +0,0 @@ |
376 |
-Title: Ruby 1.9 removal; Ruby 2.0/2.1 default |
377 |
-Author: Manuel Rüger <mrueg@g.o> |
378 |
-Content-Type: text/plain |
379 |
-Posted: 2015-08-26 |
380 |
-Revision: 2 |
381 |
-News-Item-Format: 1.0 |
382 |
-Display-If-Installed: <dev-lang/ruby-2.0 |
383 |
- |
384 |
-Ruby MRI 1.9 has been retired by upstream in February 2015.[1] |
385 |
-We remove Ruby MRI 1.9 support from the tree now. In parallel Ruby MRI 2.1 |
386 |
-support will be activated in base profile's RUBY_TARGETS variable by default |
387 |
-in conjunction with Ruby MRI 2.0. |
388 |
- |
389 |
-If your currently eselected Ruby interpreter is ruby19, our recommendation is |
390 |
-to change it to ruby20. At the moment Ruby MRI 2.0 delivers the best possible |
391 |
-support of all Ruby interpreters in tree. |
392 |
- |
393 |
-Check the current setting via: |
394 |
- |
395 |
- eselect ruby show |
396 |
- |
397 |
-Change the current setting to Ruby MRI 2.0 via: |
398 |
- |
399 |
- eselect ruby set ruby20 |
400 |
- |
401 |
-[1] https://www.ruby-lang.org/en/news/2015/02/23/support-for-ruby-1-9-3-has-ended/ |
402 |
|
403 |
diff --git a/2015-09-09-libvirt-init-script-changes/2015-09-09-libvirt-init-script-changes.en.txt b/2015-09-09-libvirt-init-script-changes/2015-09-09-libvirt-init-script-changes.en.txt |
404 |
deleted file mode 100644 |
405 |
index 83ed083..0000000 |
406 |
--- a/2015-09-09-libvirt-init-script-changes/2015-09-09-libvirt-init-script-changes.en.txt |
407 |
+++ /dev/null |
408 |
@@ -1,24 +0,0 @@ |
409 |
-Title: libvirt-1.2.19 init script changes |
410 |
-Author: Doug Goldstein <cardoe@g.o> |
411 |
-Content-Type: text/plain |
412 |
-Posted: 2015-09-09 |
413 |
-Revision: 1 |
414 |
-News-Item-Format: 1.0 |
415 |
-Display-If-Installed: <app-emulation/libvirt-1.2.19 |
416 |
- |
417 |
-OpenRC Users: |
418 |
- |
419 |
-In libvirt-1.2.19 and newer, the libvirtd init script has been split into |
420 |
-libvirtd and libvirt-guests. |
421 |
- |
422 |
-The purpose of this change is to separate the management of the libvirtd |
423 |
-daemon from the libvirt domains/guests. This means that a number of settings |
424 |
-from /etc/conf.d/libvirtd have been moved to /etc/conf.d/libvirt-guests. These |
425 |
-settings have not been auto-migrated and you are advised to review |
426 |
-/etc/conf.d/libvirt-guests to ensure the behaviors are as you expect. |
427 |
- |
428 |
-You must add libvirt-guests to the same runlevel where you run libvirtd |
429 |
-currently. Otherwise your domains/guests will not be gracefully shutdown and |
430 |
-could result in data loss. To do this run the following commands: |
431 |
- $ rc-update add libvirt-guests |
432 |
- $ service libvirt-guests start |
433 |
|
434 |
diff --git a/2015-10-07-openrc-0-18-localmount-and-netmount-changes/2015-10-07-openrc-0-18-localmount-and-netmount-changes.en.txt b/2015-10-07-openrc-0-18-localmount-and-netmount-changes/2015-10-07-openrc-0-18-localmount-and-netmount-changes.en.txt |
435 |
deleted file mode 100644 |
436 |
index 7b2b688..0000000 |
437 |
--- a/2015-10-07-openrc-0-18-localmount-and-netmount-changes/2015-10-07-openrc-0-18-localmount-and-netmount-changes.en.txt |
438 |
+++ /dev/null |
439 |
@@ -1,17 +0,0 @@ |
440 |
-Title: OpenRC-0.18 localmount and netmount changes |
441 |
-Author: William Hubbs <williamh@g.o> |
442 |
-Content-Type: text/plain |
443 |
-Posted: 2015-10-07 |
444 |
-Revision: 1 |
445 |
-News-Item-Format: 1.0 |
446 |
-Display-If-Installed: <=sys-apps/openrc-0.18 |
447 |
- |
448 |
-The behaviour of localmount and netmount is changing on Linux systems. |
449 |
-In the past, these services always started successfully. However, now they |
450 |
-will fail if a file system they attempt to mount cannot be mounted. |
451 |
- |
452 |
-If you have file systems listed in fstab which should not be mounted at |
453 |
-boot time, make sure to add noauto to the mount options. If you have |
454 |
-file systems that you want to attempt to mount at boot time but failure |
455 |
-should be allowed, add nofail to the mount options for these file |
456 |
-systems in fstab. |
457 |
|
458 |
diff --git a/2015-10-21-future-support-of-hardened-sources-kernel/2015-10-21-future-support-of-hardened-sources-kernel.en.txt b/2015-10-21-future-support-of-hardened-sources-kernel/2015-10-21-future-support-of-hardened-sources-kernel.en.txt |
459 |
deleted file mode 100644 |
460 |
index 3d5c76c..0000000 |
461 |
--- a/2015-10-21-future-support-of-hardened-sources-kernel/2015-10-21-future-support-of-hardened-sources-kernel.en.txt |
462 |
+++ /dev/null |
463 |
@@ -1,62 +0,0 @@ |
464 |
-Title: Future Support of hardened-sources Kernel |
465 |
-Author: Anthony G. Basile <blueness@g.o> |
466 |
-Content-Type: text/plain |
467 |
-Posted: 2015-10-21 |
468 |
-Revision: 3 |
469 |
-News-Item-Format: 1.0 |
470 |
-Display-If-Installed: sys-kernel/hardened-sources |
471 |
-Display-If-Profile: hardened/linux/amd64 |
472 |
-Display-If-Profile: hardened/linux/amd64/no-multilib |
473 |
-Display-If-Profile: hardened/linux/amd64/no-multilib/selinux |
474 |
-Display-If-Profile: hardened/linux/amd64/selinux |
475 |
-Display-If-Profile: hardened/linux/amd64/x32 |
476 |
-Display-If-Profile: hardened/linux/arm/armv6j |
477 |
-Display-If-Profile: hardened/linux/arm/armv7a |
478 |
-Display-If-Profile: hardened/linux/ia64 |
479 |
-Display-If-Profile: hardened/linux/musl/amd64 |
480 |
-Display-If-Profile: hardened/linux/musl/amd64/x32 |
481 |
-Display-If-Profile: hardened/linux/musl/arm/armv7a |
482 |
-Display-If-Profile: hardened/linux/musl/mips |
483 |
-Display-If-Profile: hardened/linux/musl/mips/mipsel |
484 |
-Display-If-Profile: hardened/linux/musl/ppc |
485 |
-Display-If-Profile: hardened/linux/musl/x86 |
486 |
-Display-If-Profile: hardened/linux/powerpc/ppc32 |
487 |
-Display-If-Profile: hardened/linux/powerpc/ppc64/32bit-userland |
488 |
-Display-If-Profile: hardened/linux/powerpc/ppc64/64bit-userland |
489 |
-Display-If-Profile: hardened/linux/uclibc/amd64 |
490 |
-Display-If-Profile: hardened/linux/uclibc/arm/armv7a |
491 |
-Display-If-Profile: hardened/linux/uclibc/mips |
492 |
-Display-If-Profile: hardened/linux/uclibc/mips/mipsel |
493 |
-Display-If-Profile: hardened/linux/uclibc/ppc |
494 |
-Display-If-Profile: hardened/linux/uclibc/x86 |
495 |
-Display-If-Profile: hardened/linux/x86 |
496 |
-Display-If-Profile: hardened/linux/x86/selinux |
497 |
- |
498 |
-For many years, the Grsecurity team [1] has been supporting two versions of |
499 |
-their security patches against the Linux kernel, a stable and a testing |
500 |
-version, and Gentoo has made both of these available to our users through the |
501 |
-hardened-sources package. However, on August 26 of this year, the team |
502 |
-announced they would no longer be making the stable version publicly |
503 |
-available, citing trademark infringement by a major embedded systems company |
504 |
-as the reason. [2] The stable patches are now only available to sponsors of |
505 |
-Grsecurity and can no longer be distributed in Gentoo. However, the team did |
506 |
-assure us that they would continue to release and support the testing version |
507 |
-as they have in the past. |
508 |
- |
509 |
-What does this means for users of hardened-sources? Gentoo will continue to |
510 |
-make the testing version available through our hardened-sources package but we |
511 |
-will have to drop support for the 3.x series. In a few days, those ebuilds |
512 |
-will be removed from the tree and you will be required to upgrade to a 4.x |
513 |
-series kernel. Since the hardened-sources package only installs the kernel |
514 |
-source tree, you can continue using a currently built 3.x series kernel but |
515 |
-bear in mind that we cannot support you, nor will upstream. Also keep in mind |
516 |
-that the 4.x series will not be as reliable as the 3.x series was, so |
517 |
-reporting bugs promptly will be even more important. Gentoo will continue to |
518 |
-work closely with upstream to stay on top of any problems, but be prepared for |
519 |
-the occasional "bad" kernel. The more reporting we receive from our users, |
520 |
-the better we will be able to decide which hardened-sources kernels to mark |
521 |
-stable and which to drop. |
522 |
- |
523 |
-Refs. |
524 |
-[1] https://grsecurity.net |
525 |
-[2] https://grsecurity.net/announce.php |
526 |
|
527 |
diff --git a/2015-12-16-python-abiflags-rebuild-needed/2015-12-16-python-abiflags-rebuild-needed.en.txt b/2015-12-16-python-abiflags-rebuild-needed/2015-12-16-python-abiflags-rebuild-needed.en.txt |
528 |
deleted file mode 100644 |
529 |
index 7fa3ade..0000000 |
530 |
--- a/2015-12-16-python-abiflags-rebuild-needed/2015-12-16-python-abiflags-rebuild-needed.en.txt |
531 |
+++ /dev/null |
532 |
@@ -1,53 +0,0 @@ |
533 |
-Title: Python ABIFLAGS rebuild needed |
534 |
-Author: Mike Gilbert <floppym@g.o> |
535 |
-Content-Type: text/plain |
536 |
-Posted: 2015-12-16 |
537 |
-Revision: 5 |
538 |
-News-Item-Format: 1.0 |
539 |
-Display-If-Installed: =dev-lang/python-3.3.5-r4 |
540 |
-Display-If-Installed: =dev-lang/python-3.3.5-r5 |
541 |
-Display-If-Installed: =dev-lang/python-3.3.5-r6 |
542 |
-Display-If-Installed: =dev-lang/python-3.3.5-r7 |
543 |
-Display-If-Installed: =dev-lang/python-3.3.5-r8 |
544 |
-Display-If-Installed: =dev-lang/python-3.3.5-r9 |
545 |
-Display-If-Installed: ~dev-lang/python-3.3.6 |
546 |
-Display-If-Installed: =dev-lang/python-3.4.3-r4 |
547 |
-Display-If-Installed: =dev-lang/python-3.4.3-r5 |
548 |
-Display-If-Installed: =dev-lang/python-3.4.3-r6 |
549 |
-Display-If-Installed: =dev-lang/python-3.4.3-r7 |
550 |
-Display-If-Installed: =dev-lang/python-3.4.3-r8 |
551 |
-Display-If-Installed: =dev-lang/python-3.4.3-r9 |
552 |
-Display-If-Installed: ~dev-lang/python-3.4.4 |
553 |
-Display-If-Installed: ~dev-lang/python-3.4.5 |
554 |
-Display-If-Installed: =dev-lang/python-3.5.0-r3 |
555 |
-Display-If-Installed: =dev-lang/python-3.5.0-r4 |
556 |
-Display-If-Installed: =dev-lang/python-3.5.0-r5 |
557 |
-Display-If-Installed: =dev-lang/python-3.5.0-r6 |
558 |
-Display-If-Installed: =dev-lang/python-3.5.0-r7 |
559 |
-Display-If-Installed: =dev-lang/python-3.5.0-r8 |
560 |
-Display-If-Installed: =dev-lang/python-3.5.0-r9 |
561 |
-Display-If-Installed: ~dev-lang/python-3.5.1 |
562 |
-Display-If-Installed: ~dev-lang/python-3.5.2 |
563 |
- |
564 |
-For several years, Gentoo has been patching python3 in a way that is |
565 |
-incompatible with PEP 3149 [1]. Gentoo has been enabling the PyMalloc feature, |
566 |
-but our python packages have not carried the appropriate ABI flag. |
567 |
- |
568 |
-We have removed this patch from the most recent dev-lang/python ebuilds at |
569 |
-the time of this writing. One result of this is that any packages which |
570 |
-install python extension modules must be rebuilt. |
571 |
- |
572 |
-You may experience build failures in related packages until this rebuild has |
573 |
-been completed. |
574 |
- |
575 |
-You can rebuild affected packages using the following commands. |
576 |
- |
577 |
-emerge -1v $(find /usr/lib*/python3* -name '*cpython-3[3-5].so') |
578 |
-emerge -1v /usr/include/python3.{3,4,5} |
579 |
- |
580 |
-It is possible that these commands will do nothing (or display a syntax error) |
581 |
-if all affected packages have already been rebuilt, causing the relevent files |
582 |
-to no longer exist. |
583 |
- |
584 |
-References: |
585 |
-[1] https://www.python.org/dev/peps/pep-3149/ |