xarchiveshash:cd02e2f0aebeb050a71c0484f37cb8ec

public inbox for gentoo-dev@lists.gentoo.org
 help / color / mirror / Atom feed

Search results ordered by [date|relevance]  view[summary|nested|Atom feed]
thread overview below | download:

* [gentoo-dev] News Item: OpenAFS no longer needs kernel option DEBUG_RODATA
@ 2016-07-20 17:13 99% NP-Hardass
  0 siblings, 0 replies; 1+ results
From: NP-Hardass @ 2016-07-20 17:13 UTC (permalink / raw
  To: gentoo-dev; +Cc: bircoph

[-- Attachment #1.1: Type: text/plain, Size: 1748 bytes --]

This is the first draft of a news item describing a packaging change for
OpenAFS so that we no longer require the DEBUG_RODATA be turned off.
Given the security implications of the previous setting of having
CONFIG_DEBUG_RODATA=n, we thought it prudent to ensure that OpenAFS
users get notice of the change in a manner that they are not likely to
miss (unlike a message in a phase that can be missed/hidden/squelched).

Title: OpenAFS no longer needs kernel option DEBUG_RODATA
Author: NP-Hardass <NP-Hardass@gentoo.org>
Author: Andrew Savchenko <bircoph@gentoo.org>
Content-Type: text/plain
Posted: 2016-07-23
Revision: 1
News-Item-Format: 1.0
Display-If-Installed: <=net-fs/openafs-kernel-1.6.18.2
Display-If-Keyword: amd64
Display-If-Keyword: ~amd64-linux
Display-If-Keyword: ~sparc
Display-If-Keyword: x86
Display-If-Keyword: ~x86-linux

As a result of bug #127084 [1], it was determined that OpenAFS's kernel
module required that the kernel's data structures be read-write
(CONFIG_DEBUG_RODATA=n).  Upon reviewing the latest version of OpenAFS
with Linux kernels 3.4-4.4, it has been determined that this condition
is no longer necessary to ensure that OpenAFS builds and loads into the
kernel.

Starting with net-fs/openafs-kernel-1.6.18.2, this condition is no longer
forced in the ebuild. Considering the security implications of having
CONFIG_DEBUG_RODATA turned off, it is highly advised that you adjust your
kernel config accordingly.  Please note that the default setting for
CONFIG_DEBUG_RODATA is "y" and unless you have another reason for keeping
it disabled, we highly recommend that you re-enable CONFIG_DEBUG_RODATA.

[1] https://bugs.gentoo.org/show_bug.cgi?id=127084

-- 
NP-Hardass

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 819 bytes --]

^ permalink raw reply	[relevance 99%]

Results 1-1 of 1 | reverse | options above

-- pct% links below jump to the message on this page, permalinks otherwise --
2016-07-20 17:13 99% [gentoo-dev] News Item: OpenAFS no longer needs kernel option DEBUG_RODATA NP-Hardass
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox