| 1 |
commit: 192df982389eb4606a3d7051b52c082b52455fbd |
| 2 |
Author: Ulrich Müller <ulm <AT> gentoo <DOT> org> |
| 3 |
AuthorDate: Thu Dec 31 18:20:48 2020 +0000 |
| 4 |
Commit: Ulrich Müller <ulm <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Thu Dec 31 18:20:48 2020 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/data/gentoo-news.git/commit/?id=192df982 |
| 7 |
|
| 8 |
Remove old news items up to 2015. |
| 9 |
|
| 10 |
Signed-off-by: Ulrich Müller <ulm <AT> gentoo.org> |
| 11 |
|
| 12 |
.../2015-02-02-nfs-service-changes.en.txt | 39 -------- |
| 13 |
.../2015-02-04-portage-sync-changes.en.txt | 77 ---------------- |
| 14 |
.../2015-04-06-apache-addhandler-addtype.en.txt | 100 --------------------- |
| 15 |
.../2015-05-01-shorewall-changes.en.txt | 43 --------- |
| 16 |
.../2015-06-08-udev-init-scripts-changes.en.txt | 20 ----- |
| 17 |
.../2015-08-11-nepomuk-removal.en.txt | 24 ----- |
| 18 |
.../2015-08-26-ruby-19-removal.en.txt | 26 ------ |
| 19 |
.../2015-09-09-libvirt-init-script-changes.en.txt | 24 ----- |
| 20 |
...nrc-0-18-localmount-and-netmount-changes.en.txt | 17 ---- |
| 21 |
...uture-support-of-hardened-sources-kernel.en.txt | 62 ------------- |
| 22 |
...015-12-16-python-abiflags-rebuild-needed.en.txt | 53 ----------- |
| 23 |
11 files changed, 485 deletions(-) |
| 24 |
|
| 25 |
diff --git a/2015-02-02-nfs-service-changes/2015-02-02-nfs-service-changes.en.txt b/2015-02-02-nfs-service-changes/2015-02-02-nfs-service-changes.en.txt |
| 26 |
deleted file mode 100644 |
| 27 |
index 7e1b2be..0000000 |
| 28 |
--- a/2015-02-02-nfs-service-changes/2015-02-02-nfs-service-changes.en.txt |
| 29 |
+++ /dev/null |
| 30 |
@@ -1,39 +0,0 @@ |
| 31 |
-Title: nfs service changes |
| 32 |
-Author: William Hubbs <williamh@g.o> |
| 33 |
-Content-Type: text/plain |
| 34 |
-Posted: 2015-02-02 |
| 35 |
-Revision: 1 |
| 36 |
-News-Item-Format: 1.0 |
| 37 |
-Display-If-Installed: <=net-fs/nfs-utils-1.3.1-r1 |
| 38 |
- |
| 39 |
-The upgrade to nfs-utils-1.3.1-r1 includes significant service changes |
| 40 |
-both for OpenRC and systemd users. |
| 41 |
- |
| 42 |
-OpenRC users: |
| 43 |
- |
| 44 |
-The OpenRC service which handled mounting nfs file systems has been |
| 45 |
-changed to only start the nfs client daemons and renamed to nfsclient. |
| 46 |
-Because of this change, if you use OpenRC and mount nfs file systems, |
| 47 |
-you need to perform the following steps: |
| 48 |
- |
| 49 |
-Add nfsclient to the runlevel nfsmount was in before. For example, if |
| 50 |
-nfsmount was in the default runlevel, run this command: |
| 51 |
- |
| 52 |
-rc-update add nfsclient default |
| 53 |
- |
| 54 |
-If you use a permanent network connection to the server, make sure |
| 55 |
-netmount is in the same runlevel as nfsclient. If not, it is recommended |
| 56 |
-that net-fs/autofs be set up to handle your network mounts. |
| 57 |
- |
| 58 |
-Systemd users: |
| 59 |
- |
| 60 |
-The nfs systemd units have been renamed. If you are exporting nfs |
| 61 |
-mounts, you should enable the rpcbind and nfs-server services. If you |
| 62 |
-are mounting nfs mounts systemd should automatically detect this and |
| 63 |
-start the nfs-client service. |
| 64 |
- |
| 65 |
-More Information: |
| 66 |
- |
| 67 |
-The following wiki page has more information about nfs file systems: |
| 68 |
- |
| 69 |
-http://wiki.gentoo.org/wiki/NFSv4 |
| 70 |
|
| 71 |
diff --git a/2015-02-04-portage-sync-changes/2015-02-04-portage-sync-changes.en.txt b/2015-02-04-portage-sync-changes/2015-02-04-portage-sync-changes.en.txt |
| 72 |
deleted file mode 100644 |
| 73 |
index aeff021..0000000 |
| 74 |
--- a/2015-02-04-portage-sync-changes/2015-02-04-portage-sync-changes.en.txt |
| 75 |
+++ /dev/null |
| 76 |
@@ -1,77 +0,0 @@ |
| 77 |
-Title: New portage plug-in sync system |
| 78 |
-Author: Brian Dolbec <dolsen@g.o> |
| 79 |
-Content-Type: text/plain |
| 80 |
-Posted: 2015-02-02 |
| 81 |
-Revision: 1 |
| 82 |
-News-Item-Format: 1.0 |
| 83 |
-Display-If-Installed: <sys-apps/portage-2.3.62 |
| 84 |
- |
| 85 |
-There is a new plug-in sync system in >=sys-apps/portage-2.2.16. |
| 86 |
-This system will allow third party modules to be easily installed. Look |
| 87 |
-for a new layman plug-in sync module in layman's next release. Next is |
| 88 |
-a brief look at the changes. See the url [1] listed below for detailed |
| 89 |
-descriptions and usage. |
| 90 |
- |
| 91 |
-Changes: /etc/portage/repos.conf/* |
| 92 |
- New setting for all repository types (needed): |
| 93 |
- auto-sync = yes/no, true/false # default if absent: yes/true |
| 94 |
- |
| 95 |
- New for git sync-type: (applies to clone only) |
| 96 |
- sync-depth = n where n = {0,1,2,3,...} (optional, default = 1) |
| 97 |
- 0 -- full history |
| 98 |
- 1 -- shallow clone, only current state (default) |
| 99 |
- 2,3,... number of history changes to download |
| 100 |
- |
| 101 |
- New sync-type modules: |
| 102 |
- sync-type = svn # sync a subversion repository |
| 103 |
- sync-type = websync # Perform an emerge-webrsync operation |
| 104 |
- sync-type = laymanator # (if installed) runs a layman -s action |
| 105 |
- |
| 106 |
- New native portage postsync hooks |
| 107 |
- /etc/portage/postsync.d/* |
| 108 |
- Runs hooks once, only after all repos have been synced. |
| 109 |
- /etc/portage/repo.postsync.d/* |
| 110 |
- Runs each script with three arguments: |
| 111 |
- repo name, sync-uri, location |
| 112 |
- Each script is run at the completion of every repo synced. |
| 113 |
- |
| 114 |
-Migration: |
| 115 |
- Edit /etc/portage/repos.conf/*.conf files, add the auto-sync option |
| 116 |
- to each repository definition. Edit sync-type option to one of the |
| 117 |
- supported types {rsync, git, cvs, svn, websync, laymanator}. |
| 118 |
- [some-repo] |
| 119 |
- ... |
| 120 |
- sync-type = rsync |
| 121 |
- auto-sync = yes |
| 122 |
- |
| 123 |
- For an existing /etc/portage/repos.conf/layman.conf file: |
| 124 |
- 1) change/add the sync-type |
| 125 |
- sync-type = laymanator |
| 126 |
- 2) Ensure you have the correct layman version installed with |
| 127 |
- it's laymanator module also installed. |
| 128 |
- Alternate method: |
| 129 |
- Please see the wiki page url [1] for detailed instructions. |
| 130 |
- |
| 131 |
-Primary control of all sync operations has been moved from emerge to |
| 132 |
-emaint. "emerge --sync" now just calls the emaint sync module with the |
| 133 |
---auto option. The --auto option performs a sync on only those |
| 134 |
-repositories with the auto-sync setting not set to 'no' or 'false'. If |
| 135 |
-it is absent, then it will default to yes and "emerge --sync" will sync |
| 136 |
-the repository. |
| 137 |
- |
| 138 |
-NOTE: As a result of the default auto-sync = True/Yes setting, commands |
| 139 |
- like "eix-sync", "esync -l", "emerge --sync && layman -S" will cause |
| 140 |
- many repositories to be synced multiple times in a row. Please edit |
| 141 |
- your configs or scripts to adjust for the new operation. |
| 142 |
- |
| 143 |
-WARNING: |
| 144 |
- Due to the above default. For any repos that you EXPLICITLY do not |
| 145 |
- want to be synced. You MUST set "auto-sync = no" |
| 146 |
- |
| 147 |
-The 'emaint sync' module operates similar to layman. It can sync |
| 148 |
-single or multiple repos. See "emaint --help" or for more details and |
| 149 |
-examples see the wiki page listed below [1]. |
| 150 |
- |
| 151 |
-Additional help and project API documentation can be found at: |
| 152 |
- |
| 153 |
-[1] https://wiki.gentoo.org/wiki/Project:Portage/Sync |
| 154 |
|
| 155 |
diff --git a/2015-04-06-apache-addhandler-addtype/2015-04-06-apache-addhandler-addtype.en.txt b/2015-04-06-apache-addhandler-addtype/2015-04-06-apache-addhandler-addtype.en.txt |
| 156 |
deleted file mode 100644 |
| 157 |
index f90d091..0000000 |
| 158 |
--- a/2015-04-06-apache-addhandler-addtype/2015-04-06-apache-addhandler-addtype.en.txt |
| 159 |
+++ /dev/null |
| 160 |
@@ -1,100 +0,0 @@ |
| 161 |
-Title: Apache AddHandler/AddType exploit protection |
| 162 |
-Author: Sebastian Pipping <sping@g.o> |
| 163 |
-Content-Type: text/plain |
| 164 |
-Posted: 2015-04-06 |
| 165 |
-Revision: 2 |
| 166 |
-News-Item-Format: 1.0 |
| 167 |
-Display-If-Installed: www-servers/apache |
| 168 |
- |
| 169 |
-Apache's directives AddHandler [1] and AddType [2] can be used |
| 170 |
-to map certain file name extensions (e.g. .php) to a handler |
| 171 |
-(e.g. application/x-httpd-php). While a line like |
| 172 |
- |
| 173 |
- AddHandler application/x-httpd-php .php .php5 .phtml |
| 174 |
- ^^^^^^^ |
| 175 |
-matches index.php, it also matches index.php.png. |
| 176 |
-With |
| 177 |
- |
| 178 |
- AddType application/x-httpd-php .php .php5 .phtml |
| 179 |
- ^^^^ |
| 180 |
-index.php.png is not executed, but index.php.disabled still is. |
| 181 |
- |
| 182 |
- |
| 183 |
-Apache's notes on multiple file extensions [3] document |
| 184 |
-a multi-language website as a context where that behavior |
| 185 |
-may be helpful. Unfortunately, it can also be a security threat. |
| 186 |
- |
| 187 |
-Combined with (not just PHP) applications that support |
| 188 |
-file upload, the AddHandler/AddType directive can get you into |
| 189 |
-remote code execution situations. |
| 190 |
- |
| 191 |
-That is why >=app-eselect/eselect-php-0.7.1-r4 avoids AddHandler |
| 192 |
-and is shipping |
| 193 |
- |
| 194 |
- <FilesMatch "\.(php|php5|phtml)$"> |
| 195 |
- SetHandler application/x-httpd-php |
| 196 |
- </FilesMatch> |
| 197 |
- |
| 198 |
-instead. |
| 199 |
- |
| 200 |
- |
| 201 |
-Why this news entry? |
| 202 |
- |
| 203 |
- * Since Apache configuration lives below /etc, |
| 204 |
- you need to run etc-update (or a substitute) |
| 205 |
- to actually have related fixes applied. |
| 206 |
- To get them into the running instance of Apache, |
| 207 |
- you need to make it reload its configuration, e.g. |
| 208 |
- |
| 209 |
- sudo /etc/init.d/apache2 reload |
| 210 |
- |
| 211 |
- * If you are currently relying on AddHandler to execute |
| 212 |
- secret_database_stuff.php.inc, moving away from AddHandler |
| 213 |
- could result in serving your database credentials in plain |
| 214 |
- text. A command like |
| 215 |
- |
| 216 |
- find /var/www/ -name '*.php.*' \ |
| 217 |
- -o -name '*.php5.*' \ |
| 218 |
- -o -name '*.phtml.*' |
| 219 |
- |
| 220 |
- may help discovering PHP files that would no longer be executed. |
| 221 |
- |
| 222 |
- Shipping automatic protection for this scenario is not trivial, |
| 223 |
- but you could manually install protection based on this recipe: |
| 224 |
- |
| 225 |
- <FilesMatch "\.(php|php5|phtml|phps)\."> |
| 226 |
- # a) Apache 2.2 / Apache 2.4 + mod_access_compat |
| 227 |
- #Order Deny,Allow |
| 228 |
- #Deny from all |
| 229 |
- |
| 230 |
- # b) Apache 2.4 + mod_authz_core |
| 231 |
- #Require all denied |
| 232 |
- |
| 233 |
- # c) Apache 2.x + mod_rewrite |
| 234 |
- #RewriteEngine on |
| 235 |
- #RewriteRule .* - [R=404,L] |
| 236 |
- </FilesMatch> |
| 237 |
- |
| 238 |
- * You may be using AddHandler or AddType in other places, |
| 239 |
- including off-package files. Please have a look. |
| 240 |
- |
| 241 |
- * app-eselect/eselect-php is not the only package affected. |
| 242 |
- There is a dedicated tracker bug at [4]. |
| 243 |
- As of the moment, affected packages include: |
| 244 |
- |
| 245 |
- app-eselect/eselect-php[apache2] |
| 246 |
- net-nds/gosa-core |
| 247 |
- www-apache/mod_fastcgi |
| 248 |
- www-apache/mod_flvx |
| 249 |
- www-apache/mod_python |
| 250 |
- www-apache/mod_suphp |
| 251 |
- www-apps/moinmoin |
| 252 |
- www-apps/rt[-lighttpd] |
| 253 |
- |
| 254 |
- |
| 255 |
-Thanks to Nico Suhl, Michael Orlitzky and Marc Schiffbauer. |
| 256 |
- |
| 257 |
-[1] https://httpd.apache.org/docs/current/mod/mod_mime.html#addhandler |
| 258 |
-[2] https://httpd.apache.org/docs/current/mod/mod_mime.html#addtype |
| 259 |
-[3] https://httpd.apache.org/docs/current/mod/mod_mime.html#multipleext |
| 260 |
-[4] https://bugs.gentoo.org/show_bug.cgi?id=544560 |
| 261 |
|
| 262 |
diff --git a/2015-05-01-shorewall-changes/2015-05-01-shorewall-changes.en.txt b/2015-05-01-shorewall-changes/2015-05-01-shorewall-changes.en.txt |
| 263 |
deleted file mode 100644 |
| 264 |
index 08d1cdb..0000000 |
| 265 |
--- a/2015-05-01-shorewall-changes/2015-05-01-shorewall-changes.en.txt |
| 266 |
+++ /dev/null |
| 267 |
@@ -1,43 +0,0 @@ |
| 268 |
-Title: shorewall is now a single package |
| 269 |
-Author: Ian Delaney <idella4@g.o> |
| 270 |
-Content-Type: text/plain |
| 271 |
-Posted: 2015-05-01 |
| 272 |
-Revision: 1 |
| 273 |
-News-Item-Format: 1.0 |
| 274 |
-Display-If-Installed: net-firewall/shorewall-core |
| 275 |
-Display-If-Installed: net-firewall/shorewall6 |
| 276 |
-Display-If-Installed: net-firewall/shorewall-lite |
| 277 |
-Display-If-Installed: net-firewall/shorewall6-lite |
| 278 |
-Display-If-Installed: net-firewall/shorewall-init |
| 279 |
- |
| 280 |
-Starting with net-firewall/shorewall-4.6 we have re-integrated |
| 281 |
- |
| 282 |
- - net-firewall/shorewall-core |
| 283 |
- - net-firewall/shorewall6 |
| 284 |
- - net-firewall/shorewall-lite |
| 285 |
- - net-firewall/shorewall6-lite |
| 286 |
- - net-firewall/shorewall-init |
| 287 |
- |
| 288 |
-into a new all-in-one net-firewall/shorewall ebuild (see bug 522278). |
| 289 |
- |
| 290 |
-The new all-in-one ebuild makes maintenance a lot more easier because the |
| 291 |
-package is proxy-maintained and finding someone who is willing to help |
| 292 |
-you bumping 6 packages each time you provide an update was not easy in |
| 293 |
-the past. |
| 294 |
- |
| 295 |
-Because net-firewall/shorewall{-core,6,-lite,6-lite,init} is now |
| 296 |
-integrated in net-firewall/shorewall, we have to hard mask these old |
| 297 |
-ebuilds in the new monolithic ebuild to prevent file collisions. |
| 298 |
- |
| 299 |
-Due to this block we cannot migrate to the new version without user |
| 300 |
-interaction. Please remove the previous split ebuilds from your system if |
| 301 |
-you want to upgrade: |
| 302 |
- |
| 303 |
- $ emerge --ask --unmerge 'net-firewall/shorewall-*' \ |
| 304 |
- 'net-firewall/shorewall6*' |
| 305 |
- |
| 306 |
- |
| 307 |
-Please note: |
| 308 |
-Since the second shorewall-4.6 ebuild is now stabilized and shorewall-4.5 |
| 309 |
-is not compatible with the perl-5.20 (see bug 524558) we will start the |
| 310 |
-removal process for shorewall-4.5 ebuilds within the next 30 days. |
| 311 |
|
| 312 |
diff --git a/2015-06-08-udev-init-scripts-changes/2015-06-08-udev-init-scripts-changes.en.txt b/2015-06-08-udev-init-scripts-changes/2015-06-08-udev-init-scripts-changes.en.txt |
| 313 |
deleted file mode 100644 |
| 314 |
index 5ab36d7..0000000 |
| 315 |
--- a/2015-06-08-udev-init-scripts-changes/2015-06-08-udev-init-scripts-changes.en.txt |
| 316 |
+++ /dev/null |
| 317 |
@@ -1,20 +0,0 @@ |
| 318 |
-Title: udev-init-scripts-29 important changes |
| 319 |
-Author: William Hubbs <williamh@g.o> |
| 320 |
-Content-Type: text/plain |
| 321 |
-Posted: 2015-06-08 |
| 322 |
-Revision: 2 |
| 323 |
-News-Item-Format: 1.0 |
| 324 |
-Display-If-Installed: <=sys-fs/udev-init-scripts-29 |
| 325 |
- |
| 326 |
-In udev-init-scripts-29 and newer, the udev service script has been |
| 327 |
-split into udev, udev-settle and udev-trigger. |
| 328 |
- |
| 329 |
-This means the settings in /etc/conf.d/udev have also been migrated |
| 330 |
-to the appropriate /etc/conf.d files, so be careful when you update your |
| 331 |
-configuration settings. |
| 332 |
- |
| 333 |
-udev and udev-trigger will be added to your sysinit runlevel, but not |
| 334 |
-udev-settle. udev-settle should not be added to a runlevel. Instead, if |
| 335 |
-a service needs this, it should add "need udev-settle" to its |
| 336 |
-dependencies. |
| 337 |
- |
| 338 |
|
| 339 |
diff --git a/2015-08-11-nepomuk-removal/2015-08-11-nepomuk-removal.en.txt b/2015-08-11-nepomuk-removal/2015-08-11-nepomuk-removal.en.txt |
| 340 |
deleted file mode 100644 |
| 341 |
index 488c980..0000000 |
| 342 |
--- a/2015-08-11-nepomuk-removal/2015-08-11-nepomuk-removal.en.txt |
| 343 |
+++ /dev/null |
| 344 |
@@ -1,24 +0,0 @@ |
| 345 |
-Title: Nepomuk removal |
| 346 |
-Author: Johannes Huber <johu@g.o> |
| 347 |
-Content-Type: text/plain |
| 348 |
-Posted: 2015-08-11 |
| 349 |
-Revision: 1 |
| 350 |
-News-Item-Format: 1.0 |
| 351 |
-Display-If-Installed: dev-db/virtuoso-server |
| 352 |
- |
| 353 |
-With KDE SC 4.13.0 release the default semantic desktop search engine |
| 354 |
-switched from Nepomuk to Baloo.[1] This change was honoured in Gentoo |
| 355 |
-by changing the semantic-desktop use flag to cover the new engine and |
| 356 |
-moving the old to nepomuk use flag. |
| 357 |
- |
| 358 |
-The underlaying storage backend for Nepomuk aka Virtuoso DB has a lot |
| 359 |
-of unsolved upstream issues[2], therefore we will remove it. This means |
| 360 |
-packages with build options on the old stack will drop them. Other |
| 361 |
-packages which hard requiring it will be removed. |
| 362 |
- |
| 363 |
-If you are still using Nepomuk you can switch to Baloo by globally |
| 364 |
-enable semantic-desktop and disabling nepomuk use flag in |
| 365 |
-/etc/portage/make.conf or using one of the kde desktop profiles. |
| 366 |
- |
| 367 |
-[1] https://www.kde.org/announcements/4.13/ |
| 368 |
-[2] https://bugs.gentoo.org/buglist.cgi?quicksearch=virtuoso |
| 369 |
|
| 370 |
diff --git a/2015-08-26-ruby-19-removal/2015-08-26-ruby-19-removal.en.txt b/2015-08-26-ruby-19-removal/2015-08-26-ruby-19-removal.en.txt |
| 371 |
deleted file mode 100644 |
| 372 |
index 97c2465..0000000 |
| 373 |
--- a/2015-08-26-ruby-19-removal/2015-08-26-ruby-19-removal.en.txt |
| 374 |
+++ /dev/null |
| 375 |
@@ -1,26 +0,0 @@ |
| 376 |
-Title: Ruby 1.9 removal; Ruby 2.0/2.1 default |
| 377 |
-Author: Manuel Rüger <mrueg@g.o> |
| 378 |
-Content-Type: text/plain |
| 379 |
-Posted: 2015-08-26 |
| 380 |
-Revision: 2 |
| 381 |
-News-Item-Format: 1.0 |
| 382 |
-Display-If-Installed: <dev-lang/ruby-2.0 |
| 383 |
- |
| 384 |
-Ruby MRI 1.9 has been retired by upstream in February 2015.[1] |
| 385 |
-We remove Ruby MRI 1.9 support from the tree now. In parallel Ruby MRI 2.1 |
| 386 |
-support will be activated in base profile's RUBY_TARGETS variable by default |
| 387 |
-in conjunction with Ruby MRI 2.0. |
| 388 |
- |
| 389 |
-If your currently eselected Ruby interpreter is ruby19, our recommendation is |
| 390 |
-to change it to ruby20. At the moment Ruby MRI 2.0 delivers the best possible |
| 391 |
-support of all Ruby interpreters in tree. |
| 392 |
- |
| 393 |
-Check the current setting via: |
| 394 |
- |
| 395 |
- eselect ruby show |
| 396 |
- |
| 397 |
-Change the current setting to Ruby MRI 2.0 via: |
| 398 |
- |
| 399 |
- eselect ruby set ruby20 |
| 400 |
- |
| 401 |
-[1] https://www.ruby-lang.org/en/news/2015/02/23/support-for-ruby-1-9-3-has-ended/ |
| 402 |
|
| 403 |
diff --git a/2015-09-09-libvirt-init-script-changes/2015-09-09-libvirt-init-script-changes.en.txt b/2015-09-09-libvirt-init-script-changes/2015-09-09-libvirt-init-script-changes.en.txt |
| 404 |
deleted file mode 100644 |
| 405 |
index 83ed083..0000000 |
| 406 |
--- a/2015-09-09-libvirt-init-script-changes/2015-09-09-libvirt-init-script-changes.en.txt |
| 407 |
+++ /dev/null |
| 408 |
@@ -1,24 +0,0 @@ |
| 409 |
-Title: libvirt-1.2.19 init script changes |
| 410 |
-Author: Doug Goldstein <cardoe@g.o> |
| 411 |
-Content-Type: text/plain |
| 412 |
-Posted: 2015-09-09 |
| 413 |
-Revision: 1 |
| 414 |
-News-Item-Format: 1.0 |
| 415 |
-Display-If-Installed: <app-emulation/libvirt-1.2.19 |
| 416 |
- |
| 417 |
-OpenRC Users: |
| 418 |
- |
| 419 |
-In libvirt-1.2.19 and newer, the libvirtd init script has been split into |
| 420 |
-libvirtd and libvirt-guests. |
| 421 |
- |
| 422 |
-The purpose of this change is to separate the management of the libvirtd |
| 423 |
-daemon from the libvirt domains/guests. This means that a number of settings |
| 424 |
-from /etc/conf.d/libvirtd have been moved to /etc/conf.d/libvirt-guests. These |
| 425 |
-settings have not been auto-migrated and you are advised to review |
| 426 |
-/etc/conf.d/libvirt-guests to ensure the behaviors are as you expect. |
| 427 |
- |
| 428 |
-You must add libvirt-guests to the same runlevel where you run libvirtd |
| 429 |
-currently. Otherwise your domains/guests will not be gracefully shutdown and |
| 430 |
-could result in data loss. To do this run the following commands: |
| 431 |
- $ rc-update add libvirt-guests |
| 432 |
- $ service libvirt-guests start |
| 433 |
|
| 434 |
diff --git a/2015-10-07-openrc-0-18-localmount-and-netmount-changes/2015-10-07-openrc-0-18-localmount-and-netmount-changes.en.txt b/2015-10-07-openrc-0-18-localmount-and-netmount-changes/2015-10-07-openrc-0-18-localmount-and-netmount-changes.en.txt |
| 435 |
deleted file mode 100644 |
| 436 |
index 7b2b688..0000000 |
| 437 |
--- a/2015-10-07-openrc-0-18-localmount-and-netmount-changes/2015-10-07-openrc-0-18-localmount-and-netmount-changes.en.txt |
| 438 |
+++ /dev/null |
| 439 |
@@ -1,17 +0,0 @@ |
| 440 |
-Title: OpenRC-0.18 localmount and netmount changes |
| 441 |
-Author: William Hubbs <williamh@g.o> |
| 442 |
-Content-Type: text/plain |
| 443 |
-Posted: 2015-10-07 |
| 444 |
-Revision: 1 |
| 445 |
-News-Item-Format: 1.0 |
| 446 |
-Display-If-Installed: <=sys-apps/openrc-0.18 |
| 447 |
- |
| 448 |
-The behaviour of localmount and netmount is changing on Linux systems. |
| 449 |
-In the past, these services always started successfully. However, now they |
| 450 |
-will fail if a file system they attempt to mount cannot be mounted. |
| 451 |
- |
| 452 |
-If you have file systems listed in fstab which should not be mounted at |
| 453 |
-boot time, make sure to add noauto to the mount options. If you have |
| 454 |
-file systems that you want to attempt to mount at boot time but failure |
| 455 |
-should be allowed, add nofail to the mount options for these file |
| 456 |
-systems in fstab. |
| 457 |
|
| 458 |
diff --git a/2015-10-21-future-support-of-hardened-sources-kernel/2015-10-21-future-support-of-hardened-sources-kernel.en.txt b/2015-10-21-future-support-of-hardened-sources-kernel/2015-10-21-future-support-of-hardened-sources-kernel.en.txt |
| 459 |
deleted file mode 100644 |
| 460 |
index 3d5c76c..0000000 |
| 461 |
--- a/2015-10-21-future-support-of-hardened-sources-kernel/2015-10-21-future-support-of-hardened-sources-kernel.en.txt |
| 462 |
+++ /dev/null |
| 463 |
@@ -1,62 +0,0 @@ |
| 464 |
-Title: Future Support of hardened-sources Kernel |
| 465 |
-Author: Anthony G. Basile <blueness@g.o> |
| 466 |
-Content-Type: text/plain |
| 467 |
-Posted: 2015-10-21 |
| 468 |
-Revision: 3 |
| 469 |
-News-Item-Format: 1.0 |
| 470 |
-Display-If-Installed: sys-kernel/hardened-sources |
| 471 |
-Display-If-Profile: hardened/linux/amd64 |
| 472 |
-Display-If-Profile: hardened/linux/amd64/no-multilib |
| 473 |
-Display-If-Profile: hardened/linux/amd64/no-multilib/selinux |
| 474 |
-Display-If-Profile: hardened/linux/amd64/selinux |
| 475 |
-Display-If-Profile: hardened/linux/amd64/x32 |
| 476 |
-Display-If-Profile: hardened/linux/arm/armv6j |
| 477 |
-Display-If-Profile: hardened/linux/arm/armv7a |
| 478 |
-Display-If-Profile: hardened/linux/ia64 |
| 479 |
-Display-If-Profile: hardened/linux/musl/amd64 |
| 480 |
-Display-If-Profile: hardened/linux/musl/amd64/x32 |
| 481 |
-Display-If-Profile: hardened/linux/musl/arm/armv7a |
| 482 |
-Display-If-Profile: hardened/linux/musl/mips |
| 483 |
-Display-If-Profile: hardened/linux/musl/mips/mipsel |
| 484 |
-Display-If-Profile: hardened/linux/musl/ppc |
| 485 |
-Display-If-Profile: hardened/linux/musl/x86 |
| 486 |
-Display-If-Profile: hardened/linux/powerpc/ppc32 |
| 487 |
-Display-If-Profile: hardened/linux/powerpc/ppc64/32bit-userland |
| 488 |
-Display-If-Profile: hardened/linux/powerpc/ppc64/64bit-userland |
| 489 |
-Display-If-Profile: hardened/linux/uclibc/amd64 |
| 490 |
-Display-If-Profile: hardened/linux/uclibc/arm/armv7a |
| 491 |
-Display-If-Profile: hardened/linux/uclibc/mips |
| 492 |
-Display-If-Profile: hardened/linux/uclibc/mips/mipsel |
| 493 |
-Display-If-Profile: hardened/linux/uclibc/ppc |
| 494 |
-Display-If-Profile: hardened/linux/uclibc/x86 |
| 495 |
-Display-If-Profile: hardened/linux/x86 |
| 496 |
-Display-If-Profile: hardened/linux/x86/selinux |
| 497 |
- |
| 498 |
-For many years, the Grsecurity team [1] has been supporting two versions of |
| 499 |
-their security patches against the Linux kernel, a stable and a testing |
| 500 |
-version, and Gentoo has made both of these available to our users through the |
| 501 |
-hardened-sources package. However, on August 26 of this year, the team |
| 502 |
-announced they would no longer be making the stable version publicly |
| 503 |
-available, citing trademark infringement by a major embedded systems company |
| 504 |
-as the reason. [2] The stable patches are now only available to sponsors of |
| 505 |
-Grsecurity and can no longer be distributed in Gentoo. However, the team did |
| 506 |
-assure us that they would continue to release and support the testing version |
| 507 |
-as they have in the past. |
| 508 |
- |
| 509 |
-What does this means for users of hardened-sources? Gentoo will continue to |
| 510 |
-make the testing version available through our hardened-sources package but we |
| 511 |
-will have to drop support for the 3.x series. In a few days, those ebuilds |
| 512 |
-will be removed from the tree and you will be required to upgrade to a 4.x |
| 513 |
-series kernel. Since the hardened-sources package only installs the kernel |
| 514 |
-source tree, you can continue using a currently built 3.x series kernel but |
| 515 |
-bear in mind that we cannot support you, nor will upstream. Also keep in mind |
| 516 |
-that the 4.x series will not be as reliable as the 3.x series was, so |
| 517 |
-reporting bugs promptly will be even more important. Gentoo will continue to |
| 518 |
-work closely with upstream to stay on top of any problems, but be prepared for |
| 519 |
-the occasional "bad" kernel. The more reporting we receive from our users, |
| 520 |
-the better we will be able to decide which hardened-sources kernels to mark |
| 521 |
-stable and which to drop. |
| 522 |
- |
| 523 |
-Refs. |
| 524 |
-[1] https://grsecurity.net |
| 525 |
-[2] https://grsecurity.net/announce.php |
| 526 |
|
| 527 |
diff --git a/2015-12-16-python-abiflags-rebuild-needed/2015-12-16-python-abiflags-rebuild-needed.en.txt b/2015-12-16-python-abiflags-rebuild-needed/2015-12-16-python-abiflags-rebuild-needed.en.txt |
| 528 |
deleted file mode 100644 |
| 529 |
index 7fa3ade..0000000 |
| 530 |
--- a/2015-12-16-python-abiflags-rebuild-needed/2015-12-16-python-abiflags-rebuild-needed.en.txt |
| 531 |
+++ /dev/null |
| 532 |
@@ -1,53 +0,0 @@ |
| 533 |
-Title: Python ABIFLAGS rebuild needed |
| 534 |
-Author: Mike Gilbert <floppym@g.o> |
| 535 |
-Content-Type: text/plain |
| 536 |
-Posted: 2015-12-16 |
| 537 |
-Revision: 5 |
| 538 |
-News-Item-Format: 1.0 |
| 539 |
-Display-If-Installed: =dev-lang/python-3.3.5-r4 |
| 540 |
-Display-If-Installed: =dev-lang/python-3.3.5-r5 |
| 541 |
-Display-If-Installed: =dev-lang/python-3.3.5-r6 |
| 542 |
-Display-If-Installed: =dev-lang/python-3.3.5-r7 |
| 543 |
-Display-If-Installed: =dev-lang/python-3.3.5-r8 |
| 544 |
-Display-If-Installed: =dev-lang/python-3.3.5-r9 |
| 545 |
-Display-If-Installed: ~dev-lang/python-3.3.6 |
| 546 |
-Display-If-Installed: =dev-lang/python-3.4.3-r4 |
| 547 |
-Display-If-Installed: =dev-lang/python-3.4.3-r5 |
| 548 |
-Display-If-Installed: =dev-lang/python-3.4.3-r6 |
| 549 |
-Display-If-Installed: =dev-lang/python-3.4.3-r7 |
| 550 |
-Display-If-Installed: =dev-lang/python-3.4.3-r8 |
| 551 |
-Display-If-Installed: =dev-lang/python-3.4.3-r9 |
| 552 |
-Display-If-Installed: ~dev-lang/python-3.4.4 |
| 553 |
-Display-If-Installed: ~dev-lang/python-3.4.5 |
| 554 |
-Display-If-Installed: =dev-lang/python-3.5.0-r3 |
| 555 |
-Display-If-Installed: =dev-lang/python-3.5.0-r4 |
| 556 |
-Display-If-Installed: =dev-lang/python-3.5.0-r5 |
| 557 |
-Display-If-Installed: =dev-lang/python-3.5.0-r6 |
| 558 |
-Display-If-Installed: =dev-lang/python-3.5.0-r7 |
| 559 |
-Display-If-Installed: =dev-lang/python-3.5.0-r8 |
| 560 |
-Display-If-Installed: =dev-lang/python-3.5.0-r9 |
| 561 |
-Display-If-Installed: ~dev-lang/python-3.5.1 |
| 562 |
-Display-If-Installed: ~dev-lang/python-3.5.2 |
| 563 |
- |
| 564 |
-For several years, Gentoo has been patching python3 in a way that is |
| 565 |
-incompatible with PEP 3149 [1]. Gentoo has been enabling the PyMalloc feature, |
| 566 |
-but our python packages have not carried the appropriate ABI flag. |
| 567 |
- |
| 568 |
-We have removed this patch from the most recent dev-lang/python ebuilds at |
| 569 |
-the time of this writing. One result of this is that any packages which |
| 570 |
-install python extension modules must be rebuilt. |
| 571 |
- |
| 572 |
-You may experience build failures in related packages until this rebuild has |
| 573 |
-been completed. |
| 574 |
- |
| 575 |
-You can rebuild affected packages using the following commands. |
| 576 |
- |
| 577 |
-emerge -1v $(find /usr/lib*/python3* -name '*cpython-3[3-5].so') |
| 578 |
-emerge -1v /usr/include/python3.{3,4,5} |
| 579 |
- |
| 580 |
-It is possible that these commands will do nothing (or display a syntax error) |
| 581 |
-if all affected packages have already been rebuilt, causing the relevent files |
| 582 |
-to no longer exist. |
| 583 |
- |
| 584 |
-References: |
| 585 |
-[1] https://www.python.org/dev/peps/pep-3149/ |
Archives