2013-09-22-minor-arches-1 m68k, s390, sh are dropping stable keywords 2013-09-22 Andreas K. Huettel dilfridge@gentoo.org \N {"Following discussion [1] and a vote by the Gentoo Council [2,3], m68k, s390, and sh will drop all stable keywords and become unstable/testing only arches. The main reason for this is that these arch teams visibly lack manpower, resulting in undesirable delays.","In a week, the ACCEPT_KEYWORDS variable in the respective profiles will be switched to automatically include ~arch packages. Systems running stable before will update to current unstable/testing then. Afterwards m68k, s390, and sh keywords on all ebuilds will be changed to ~m68k, ~s390, and ~sh.","No steps are required from users, however you should be aware of the upcoming changes."} {http://thread.gmane.org/gmane.linux.gentoo.project/2975/focus=2984,http://www.gentoo.org/proj/en/council/meeting-logs/20130917.txt,http://www.gentoo.org/proj/en/council/meeting-logs/20130917-summary.txt} 2013-04-10-baselayout-1-deprecation-final-warning baselayout-1.x deprecation final warning 2013-04-10 William Hubbs williamh@gentoo.org {\\" to switch to your new profile with corresponding number .","Progress with the restructuring will be tracked in bug #344861."} \N 2014-01-31-catalyst-head-changes Catalyst head changes 2014-01-31 Jorge Manuel B. S. Vicetto jmbsvicetto@gentoo.org {dev-util/catalyst} {"After a long period on \\"life support\\", the catalyst repository is going to have major changes introduced to master in the next few days. The work done in the rewrite branch[1] by Brian Dolbec, is finally going to be merged into master through the pending branch[2]. Anyone using catalyst to produce stages is advised to use the latest release (currently 2.0.16). If you need to track the stable 2.X branch, please use the catalyst 2.0.9999 ebuild. Anyone wanting to help with catalyst development and testing is encouraged to use the 9999 version and report issues to the catalyst team, pending the understanding that master may be broken during the next few months. Please report any issues to our bugzilla[3]. You can always find us in the #gentoo-releng irc channel of freenode. To be clear, these changes will only affect catalyst-9999 and the master branch of the repository. If you're not using either, this doesn't affect you."," [1] - http://git.overlays.gentoo.org/gitweb/?p=proj/catalyst.git;a=shortlog;h=refs/heads/rewrite-on-master [2] - http://git.overlays.gentoo.org/gitweb/?p=proj/catalyst.git;a=shortlog;h=refs/heads/pending [3] - https://bugs.gentoo.org/enter_bug.cgi?product=Gentoo%20Hosted%20Projects Component: Catalyst"} \N 2013-09-27-initramfs-required Separate /usr on Linux requires initramfs 2013-09-27 William Hubbs williamh@gentoo.org \N {"Linux systems which have / and /usr on separate file systems but do not use an initramfs will not be supported starting on 01-Nov-2013.","If you have / and /usr on separate file systems and you are not currently using an initramfs, you must set one up before this date. Otherwise, at some point on or after this date, upgrading packages will make your system unbootable.","For more information on setting up an initramfs, see this URL:",https://wiki.gentoo.org/wiki/Initramfs/HOWTO,"Due to many upstream changes, properly supporting Linux systems that have /usr missing at boot time has become increasingly difficult. Despite all our efforts, it already breaks in some exotic configurations, and this trend is likely to grow worse.","For more information on the upstream changes and why using an initramfs is the cleanest route forward, see the following URLs:","http://freedesktop.org/wiki/Software/systemd/separate-usr-is-broken https://blog.flameeyes.eu/2013/01/the-boot-process"} \N 2013-08-07-vanilla-sources-stablization-policy vanilla-sources stabilization policy 2013-08-07 Mike Pagano mpagano@gentoo.org {sys-kernel/vanilla-sources} {"The Gentoo Kernel Team will no longer be providing stable vanilla-sources kernels. All currently stabilized vanilla-sources versions will be dropped to ~arch. The Arch teams, via normal requests of the Kernel Team, will continue to stabilize gentoo-sources kernels upon request. This decision is based on the facts that upstream is now releasing approximately 1-2 vanilla-sources kernels a week. Arch teams, understandably, are unable to keep up with this rate of release. As most vanilla releases contain security fixes, the user who only runs stable vanilla-sources will consistently be behind and potentially at risk. For the latest \\"upstream kernel unpatched by Gentoo\\", we recommend users add 'sys-kernel/vanilla-sources' to their package.accept_keywords file. gentoo-sources will continue to be a tested and supported version for Gentoo users."," Note: This news item only applies to gentoo-sources and vanilla-sources. Other kernels currently maintained in portage have their own policies and procedures in place today."} \N 2014-11-11-kgcc64-sparc-removal sys-devel/kgcc64 removal on sparc 2014-11-11 Raúl Porcel armin76@gentoo.org \N {"sys-devel/kgcc64 is going to be removed from the sparc system package set since the normal sys-devel/gcc can, since version 4.4, build 64bit kernels.","Until now, you had to use CONFIG_CROSS_COMPILE=\\"sparc64-unknown-linux-gnu-\\" in your kernel config, but with sys-devel/kgcc64 going away, you need to remove that option from your kernel configuration. ",""} \N 2011-12-06-kde473-kdepim Stabilization of KDE 4.7.3 including KDEPIM 2011-12-06 Andreas K. Huettel dilfridge@gentoo.org {","If a machine is not migrated to a new valid profile before the deprecated profiles are removed, emerge will have very limited functionality until the migration is done."} \N 2009-10-02-xorg-server-1-6-libxcb-1.4 Migration to X.org Server 1.6 and libxcb 1.4 2009-10-02 Remi Cardona remi@gentoo.org {=sys-apps/portage-2.1.12} {"Beginning with sys-apps/portage-2.1.12, FEATURES=preserve-libs is enabled by default. Even though preserve-libs makes it unnecessary to use revdep-rebuild for most common updates, it is still a good practice to run `revdep-rebuild -ip` after updates, in order to check if there are any broken library dependencies that preserve-libs was not able to handle. For example, see http://bugs.gentoo.org/show_bug.cgi?id=459038.","If you would like to disable preserve-libs by default, then set FEATURES=\\"-preserve-libs\\" in make.conf. See the make.conf(5) man page or the following wiki page for more information:",http://wiki.gentoo.org/wiki/Preserve-libs} \N 2011-04-26-gnustep-new-layout GNUstep packages new layout 2011-04-26 Bernard Cafarelli voyageur@gentoo.org {=2.6.0.","This change means that you have to re-emerge all installed packages depending on GNUstep to move them to the new layout. You can use gnustep-base/gnustep-updater for this step"} \N 2011-04-27-glib-228 Upgrade to GLIB 2.28 2011-04-27 The Gentoo Freedesktop Maintainers freedesktop-bugs@gentoo.org {=sys-devel/gcc-4.8.3} {"Beginning with GCC 4.8.3, Stack Smashing Protection (SSP) will be enabled by default. The 4.8 series will enable -fstack-protector while 4.9 and later enable -fstack-protector-strong.","SSP is a security feature that attempts to mitigate stack-based buffer overflows by placing a canary value on the stack after the function return pointer and checking for that value before the function returns. If a buffer overflow occurs and the canary value is overwritten, the program aborts.","There is a small performance cost to these features. They can be disabled with -fno-stack-protector.","For more information these options, refer to the GCC Manual, or the following articles.","http://en.wikipedia.org/wiki/Buffer_overflow_protection http://en.wikipedia.org/wiki/Stack_buffer_overflow https://securityblog.redhat.com/tag/stack-protector http://www.outflux.net/blog/archives/2014/01/27/fstack-protector-strong"} \N 2015-06-08-udev-init-scripts-changes udev-init-scripts-29 important changes 2015-06-08 William Hubbs williamh@gentoo.org {<=sys-fs/udev-init-scripts-29} {"In udev-init-scripts-29 and newer, the udev service script has been split into udev, udev-settle and udev-trigger.","This means the settings in /etc/conf.d/udev have also been migrated to the appropriate /etc/conf.d files, so be careful when you update your configuration settings.","udev and udev-trigger will be added to your sysinit runlevel, but not udev-settle. udev-settle should not be added to a runlevel. Instead, if a service needs this, it should add \\"need udev-settle\\" to its dependencies. "} \N 2015-02-04-portage-sync-changes New portage plug-in sync system 2015-02-02 Brian Dolbec dolsen@gentoo.org {sys-apps/portage} {"There is a new plug-in sync system in >=sys-apps/portage-2.2.16. This system will allow third party modules to be easily installed. Look for a new layman plug-in sync module in layman's next release. Next is a brief look at the changes. See the url [1] listed below for detailed descriptions and usage.","Changes: /etc/portage/repos.conf/* New setting for all repository types (needed): auto-sync = yes/no, true/false # default if absent: yes/true"," New for git sync-type: (applies to clone only) sync-depth = n where n = {0,1,2,3,...} (optional, default = 1) 0 -- full history 1 -- shallow clone, only current state (default) 2,3,... number of history changes to download"," New sync-type modules: sync-type = svn # sync a subversion repository sync-type = websync # Perform an emerge-webrsync operation sync-type = laymanator # (if installed) runs a layman -s action"," New native portage postsync hooks /etc/portage/postsync.d/* Runs hooks once, only after all repos have been synced. /etc/portage/repo.postsync.d/* Runs each script with three arguments: repo name, sync-uri, location Each script is run at the completion of every repo synced.","Migration: Edit /etc/portage/repos.conf/*.conf files, add the auto-sync option to each repository definition. Edit sync-type option to one of the supported types {rsync, git, cvs, svn, websync, laymanator}. [some-repo] ... sync-type = rsync auto-sync = yes"," For an existing /etc/portage/repos.conf/layman.conf file: 1) change/add the sync-type sync-type = laymanator 2) Ensure you have the correct layman version installed with it's laymanator module also installed. Alternate method: Please see the wiki page url [1] for detailed instructions.","Primary control of all sync operations has been moved from emerge to emaint. \\"emerge --sync\\" now just calls the emaint sync module with the --auto option. The --auto option performs a sync on only those repositories with the auto-sync setting not set to 'no' or 'false'. If it is absent, then it will default to yes and \\"emerge --sync\\" will sync the repository.","NOTE: As a result of the default auto-sync = True/Yes setting, commands like \\"eix-sync\\", \\"esync -l\\", \\"emerge --sync && layman -S\\" will cause many repositories to be synced multiple times in a row. Please edit your configs or scripts to adjust for the new operation.","WARNING: Due to the above default. For any repos that you EXPLICITLY do not want to be synced. You MUST set \\"auto-sync = no\\"","The 'emaint sync' module operates similar to layman. It can sync single or multiple repos. See \\"emaint --help\\" or for more details and examples see the wiki page listed below [1].","Additional help and project API documentation can be found at:"} {https://wiki.gentoo.org/wiki/Project:Portage/Sync} 2009-04-06-x_server-1_5 Migration to X.org Server 1.5 2009-04-06 Remi Cardona remi@gentoo.org {= 217 or eudev >= 2.1 2014-11-07 Samuli Suominen ssuominen@gentoo.org {=sys-apps/portage-2.1.10.61} {"Beginning with sys-apps/portage-2.1.10.61, FEATURES=config-protect-if-modified is enabled by default. This causes the CONFIG_PROTECT behavior to be skipped for files that have not been modified since they were installed.","If you would like to disable this behavior by default, then set FEATURES=\\"-config-protect-if-modified\\" in make.conf. See the make.conf(5) man page for more information about this feature."} \N 2011-08-28-mesa-r600g Mesa r600 driver now defaults to gallium 2011-08-28 Chí-Thanh Christopher Nguyễn chithanh@gentoo.org {=app-eselect/eselect-php-0.7.1-r4 avoids AddHandler and is shipping"," SetHandler application/x-httpd-php ",instead.," Why this news entry?"," * Since Apache configuration lives below /etc, you need to run etc-update (or a substitute) to actually have related fixes applied. To get them into the running instance of Apache, you need to make it reload its configuration, e.g."," sudo /etc/init.d/apache2 reload"," * If you are currently relying on AddHandler to execute secret_database_stuff.php.inc, moving away from AddHandler could result in serving your database credentials in plain text. A command like"," find /var/www/ -name '*.php.*' \\\\ -o -name '*.php5.*' \\\\ -o -name '*.phtml.*'"," may help discovering PHP files that would no longer be executed."," Shipping automatic protection for this scenario is not trivial, but you could manually install protection based on this recipe:"," # a) Apache 2.2 / Apache 2.4 + mod_access_compat #Order Deny,Allow #Deny from all"," # b) Apache 2.4 + mod_authz_core #Require all denied"," # c) Apache 2.x + mod_rewrite #RewriteEngine on #RewriteRule .* - [R=404,L] "," * You may be using AddHandler or AddType in other places, including off-package files. Please have a look."," * app-eselect/eselect-php is not the only package affected. There is a dedicated tracker bug at [4]. As of the moment, affected packages include:"," app-eselect/eselect-php[apache2] net-nds/gosa-core www-apache/mod_fastcgi www-apache/mod_flvx www-apache/mod_python www-apache/mod_suphp www-apps/moinmoin www-apps/rt[-lighttpd]"," Thanks to Nico Suhl, Michael Orlitzky and Marc Schiffbauer."} {https://httpd.apache.org/docs/current/mod/mod_mime.html#addhandler,https://httpd.apache.org/docs/current/mod/mod_mime.html#addtype,https://httpd.apache.org/docs/current/mod/mod_mime.html#multipleext,https://bugs.gentoo.org/show_bug.cgi?id=544560} 2011-02-13-libgphoto2-2.4.10 Change on CAMERAS in libgphoto2-2.4.10 2011-02-13 Pacho Ramos pacho@gentoo.org {=dev-java/java-config-wrapper-0.16} {"For a long time the Java team required a 1.4 JDK to be installed in order for old java ebuilds to work. All these ebuilds are now gone from the main tree so the requirement to have a 1.4 JDK installed has been lifted.","In order to remove things left over by the generation 1 setup please run java-check-environment and follow the instructions.","If you want to remove 1.4 JDKs, you should use emerge --depclean. Depending on what you have installed you might not need a 1.4 JDK any more. To see if you still need a 1.4 JDK use:","emerge -av --depclean virtual/jdk:1.4","If you don't need virtual/jdk:1.4 any more then you can remove the individual JDKs. First get the list of installed JDKs with eselect and then remove those that are not needed any longer with depclean, for example:","eselect java-vm list emerge -av --depclean sun-jdk:1.4"} \N 2010-03-01-mythtv-upgrade MythTV 0.22 Upgrade Database Corruption 2010-03-01 Richard Freeman rich0@gentoo.org { Run `perl-cleaner --all` after upgrading to a new Perl version! <==","\\"Perl 5.12 is not binary compatible with prior releases of Perl. If you have built extensions (i.e. modules that include C code) using an earlier version of Perl, you will need to rebuild and reinstall those extensions.\\" [1]","In fact, in Gentoo you currently have to rebuild all Perl modules and all binaries linking libperl to get into a consistent state again.","perl-cleaner generates a list of broken packages and passes it to your package manager to reinstall them. After reinstalling the packages, perl-cleaner outputs a list of files the script could not deal with (like modules installed not via the package manager).","See `man perl-cleaner` for its options."} {http://search.cpan.org/dist/perl-5.12.2/INSTALL#Changes_and_Incompatibilities} 2010-10-27-hardened-gcc4-info Info about GCC on Hardened profiles 2010-10-27 Magnus Granberg zorry@gentoo.org {=app-shells/bash-completion-2.1-r90} {"Starting with app-shells/bash-completion-2.1-r90, the framework used to enable and manage completions in Gentoo is finally changing in order to properly follow upstream design. This has some important implications for our users.","Firstly, the install location for completions changes to follow upstream default. The completions enabled before the upgrade will continue to work but you may no longer be able to enable or disable completions installed prior to the upgrade. To solve this issue, the packages installing completions need to rebuilt. The following command can be used to automatically rebuild all the relevant packages:","$ find /usr/share/bash-completion -maxdepth 1 -type f \\\\ '!' -name 'bash_completion' -exec emerge -1v {} +","Secondly, the autoloading support introduced upstream removes the penalties involved with enabling a great number of completions. This allowed us to switch to an opt-out model where all completions installed after the upgrade are enabled by default. Specific completions can be disabled using 'eselect bashcomp disable ...'","The model change implies that all current selections done using 'eselect bashcomp' can not be properly migrated and will be disregarded when the relevant completion files are built against the new bash-completion version. After rebuilding all the packages providing completion files, you may want to remove the symlinks that were used to configure the previous framework using the following command:","$ find /etc/bash_completion.d -type l -delete","Thirdly, we have solved the issue causing bash-completion support to be enabled by default on login shells only. If you needed to explicitly source 'bash_completion' script in bashrc, you can safely remove that code now since system-wide bashrc takes care of loading it.","Lastly, we would like to explain that USE=bash-completion is being removed from packages for the completions will be installed unconditionally now. However, this will result in some implicit dependencies being removed. Most specifically, users wishing to use bash-completion will have to request app-shells/bash-completion explicitly, e.g.:","$ emerge -n app-shells/bash-completion"} \N 2015-03-28-true-multilib True multilib support on amd64 2015-03-28 Michał Górny mgorny@gentoo.org \N {"Starting on 2015-03-29, we are enabling true multilib support on amd64 and masking the old emul-linux-x86 package sets for removal. This change provides our users with the opportunity to build 32-bit libraries from source with all the flexibility given by ebuilds and the security of using mainline ebuilds, rather than relying on pre-packaged binary versions of them.","The switch to the new system is likely to require a specific action from the users of our multilib profiles. Since the new system collides with the old one, the Package Manager must be able to clearly satisfy all the dependencies using the new system in order to proceed. This may require unmerging packages installed from third-party repositories that have not been updated to support the new system.","In order to enable building necessary 32-bit libraries, users will be required to enable the abi_x86_32 USE flag on respective packages. This can be done using /etc/portage/package.use entries alike the following:"," sys-libs/zlib abi_x86_32","In most of the cases, Portage will be able to deliver correct suggestions for that when using the --autounmask feature. However, some users may prefer setting ABI_X86 globally to enable 32-bit libraries in all packages that support building them. This can be done using the following package.use entry:"," */* abi_x86_32","In case of issues, blockers especially, users are recommended to manually uninstall any emul-linux-x86 packages that may have been installed on their systems. This will aid the Package Manager in choosing the correct dependency resolution path. If using Portage, this can be done using the following command:"," $ emerge -C 'app-emulation/emul-linux-x86*'","Note: 32-bit applications may be temporarily broken after this step. Therefore, it should be followed by a @world upgrade immediately."} \N 2013-11-23-gnome-38 Upgrade to GNOME 3.8 2013-11-23 Pacho Ramos pacho@gentoo.org {=sys-power/upower-0.99.0'","However, all systemd users are recommended to stay with sys-power/upower.","A small tip for GNOME _and_ systemd users, only 3.12 and newer support 0.99, so if you see the package manager pulling in sys-power/upower-pm-utils while using old GNOME, like 2.32 or 3.10, you _can_ prevent it by adding a package.mask entry for >=sys-power/upower-0.99"} \N 2014-10-04-restructuring_of_mips_profiles Restructuring of mips profiles 2014-10-04 Anthony G. Basile blueness@gentoo.org {sys-libs/glibc} {"To accomodate the new multilib approach in Gentoo, the mips profiles will be changing on Oct 11, 2014. The new profile structure will be as follows:"," [1] default/linux/mips/13.0/o32 [2] default/linux/mips/13.0/n32 [3] default/linux/mips/13.0/n64 [4] default/linux/mips/13.0/multilib/o32 [5] default/linux/mips/13.0/multilib/n32 [6] default/linux/mips/13.0/multilib/n64 [7] default/linux/mips/13.0/mipsel/o32 [8] default/linux/mips/13.0/mipsel/n32 [9] default/linux/mips/13.0/mipsel/n64 [10] default/linux/mips/13.0/mipsel/multilib/o32 [11] default/linux/mips/13.0/mipsel/multilib/n32 [12] default/linux/mips/13.0/mipsel/multilib/n64 [13] hardened/linux/musl/mips [14] hardened/linux/musl/mips/mipsel [15] default/linux/uclibc/mips [16] hardened/linux/uclibc/mips [17] default/linux/uclibc/mips/mipsel [18] hardened/linux/uclibc/mips/mipsel","There are a few points to note about the change:","1) Only the glibc profiles (1-12) are affected. The embedded system profiles (13-18) will not change.","2) The glibc profiles will now explicitly state the ABIs. In the case of non-multilib systems (1-3, 7-9) the stated ABI will be the only ABI available, while in the case of multilib systems (4-6, 10-12) the stated ABI will be the default ABI, and the others will be available by setting ABI_MIPS in make.conf.","3) Profiles 1 and 7 are strictly 32-bit userland, but can run under either a 32-bit or 64-bit kernel. They will have CHOST = mips-unknown-linux-gnu and mipsel-unknown-linux-gnu, respectively. All the other glibc profiles (2-6, 8-12) are 64-bits userland and will have CHOST = mips64-unknown-linux-gnu or mips64el-unknown-linux-gnu.","4) Only users of profiles 1 and 7 need to change their profiles sym links using `eselect profile`. However, all users should be aware of the CHOST value on their system to ensure it remains unchanged after the profile updates. "} \N 2013-03-29-udev-upgrade Upgrading udev to version >=200 2013-03-29 Samuli Suominen ssuominen@gentoo.org { /dev/null","You can copy /lib/udev/rules.d/80-net-name-slot.rules to /etc/udev/rules.d and specify the attributes and in which order they will be used for naming. See upstream wiki[3] for detailed list of options.","You can prepare the system for the new names before booting for example by renaming /etc/init.d/net.* symlinks, editing /etc/conf.d/net, etc.","The feature can also be completely disabled using net.ifnames=0 on the kernel command line.","If you only have one interface card, you don't necessarily have much use for this feature as the name almost always stays at eth0, you can easily disable it using forementioned methods.","This feature can also replace the functionality of sys-apps/biosdevname, but you can still keep using it if you want.","In a normal new installation there are no files in /etc/udev/rules.d and if you haven't edited any files you have in there, you should most likely backup and delete them all if they don't belong to any packages.","The official wiki has a dedicated page for udev upgrade notes[4]."} {http://www.gentoo.org/doc/en/udev-guide.xml,http://www.kernel.org/doc/htmldocs/device-drivers/API-device-rename.html,http://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames,http://wiki.gentoo.org/wiki/Udev/upgrade} 2014-02-25-udev-upgrade Upgrade to >=sys-fs/udev-210 2014-02-25 Samuli Suominen ssuominen@gentoo.org {=sys-fs/udev-210 by the package manager. See the package's README at /usr/share/doc/udev-210/ for more optional kernel options.","The most reliable way of disabling the new network interface scheme is still the kernel parameter \\"net.ifnames=0\\" since overriding the 80-net-name-slot.rules in /etc/udev/rules.d/ no longer works since upstream renamed the file to /lib/udev/rules.d/80-net-setup-link.rules The actual configuration is at /lib/systemd/network/99-default.link, which you can override in /etc/systemd/network/ So, to clarify, you can override the new .rules file or the .link file in /etc but using the kernel parameter is the most consistent way.","Since both the systemd-udevd executable and the network configuration is stored at /lib/systemd, using a too wide INSTALL_MASK would be a mistake."} {https://wiki.gentoo.org/wiki/Udev/upgrade#udev_208_to_210,http://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames} 2013-02-10-new-13-profiles New 13.0 profiles and deprecation of 10.0 profiles 2013-02-10 Andreas K. Huettel dilfridge@gentoo.org \N {"We have generated a new set of profiles for Gentoo installation. These are now called 13.0 instead of 10.0. Everyone should upgrade as soon as possible (but please make sure sys-apps/portage is updated to current stable *before* you switch profile). This brings (nearly) no user-visible changes. Some new files have been added to the profile directories that make it possible for the developers to do more fine-grained use flag masking (see PMS-5 for the details), and this formally requires a new profile tree with EAPI=5."} \N 2015-07-28-mysql-packaging-changes MySQL packaging changes 2015-07-28 Brian Evans grknight@gentoo.org {virtual/mysql} {"The upcoming versions of MySQL packages will see a change with the introduction of a new virtual, libmysqlclient and USE flag adjustments.","The existing virtual/mysql will represent the server (mysqld) and tools (mysqldump, mysql, mysqladmin, etc) while virtual/libmysqlclient will represent the mysql client shared and static libraries, e.g. libmysqlclient.so.","Ebuilds that only link the libraries may not pull in the server packages with this change in the future. Because of this, you may have to add a virtual/mysql or one of the providers; i.e. dev-db/mysql, dev-db/mariadb, or dev-db/percona-server; to your world file if you require a server to be installed locally. This will be phased in slowly as other packages are updated.","As for the server packages themselves, the \\"minimal\\" USE is being replaced. The new USE flags are client-libs, server, and tools. The server and tools flags are on by default to signify the primary purpose of those builds.","The primary provider for libraries will be a new package dev-db/mysql-connector-c. Thorough testing did not turn up any issues, but packagers are permitted to block any provider of virtual/libmysqlclient that does not work correctly. Enabling the client-libs USE on a server package may be the necessary solution for the rare case of portage reporting a block on an incompatible provider."} \N 2010-02-21-mysql-upgrade MySQL 5.1 unmasking and upgrade procedures 2010-02-21 Robin H. Johnson robbat2@gentoo.org {= 6.4.2 changes defaults for IPv6 2014-07-17 William Hubbs williamh@gentoo.org {<=net-misc/dhcpcd-6.4.2} {"dhcpcd-6.4.2 and newer supports IPv6 stable private addresses when using IPv6 stateless address autoconfiguration (SLAAC) as described in RFC-7217 [1]. The configuration file shipped with dhcpcd activates this feature by default, because it means that a machine cannot be tracked across multiple networks since its address will no longer be based on the hardware address of the interface.","I received a report in testing that IPv6 connectivity was lost due to this change [2]. If you are concerned about losing IPv6 connectivity, temporarily comment out the line in dhcpcd.conf that says \\"slaac private\\" until you can adjust to the new configuration.","See the references below for why the upstream default is to use stable private instead of hardware-based addresses."} {http://tools.ietf.org/html/rfc7217,https://bugs.gentoo.org/show_bug.cgi?id=514198,http://tools.ietf.org/html/draft-ietf-6man-default-iids-00,http://mail-index.netbsd.org/tech-net/2014/06/04/msg004572.html} 2010-05-02-gnome-228 Upgrade to GNOME 2.28 2010-04-23 Pacho Ramos pacho@gentoo.org {=sys-devel/gcc-4.7.0} {"GCC 4.7 introduced the new experimental 2011 ISO C++ standard [1], along with its GNU variant. This new standard is not the default in gcc-4.7, 4.8 or 4.9, the default is still gnu++98, but it can be enabled by passing -std=c++11 or -std=gnu++11 to CXXFLAGS.","Users that wish to try C++11 should exercise caution because it is not ABI-compatible with C++98. Nor is C++11 code compiled with gcc-4.7 guaranteed to be ABI-compatible with C++11 compiled with 4.8, or vice versa [2]. Thus linking C++98 and C++11, or C++11 compiled with different versions of gcc, is likely to cause breakage. For packages which are self-contained or do not link against any libraries written in C++, there is no problem. However, switching to C++11 and then building packages which link against any of the numerous libraries in an incompatible ABI can lead to a broken system.","This is a precautionary news item and the typical user need not do anything. However, as C++11 gains in popularity and the number of packages using it increases, it is important that users understand these issues [3].","For an ABI compliance checker, and more information about C++ ABIs, see [4]. ",Ref.,"[1] http://www.stroustrup.com/C++11FAQ.html","[2] Upstream GCC does not support ABI-compatibility between gcc-4.x and 4.y for any x != y . See https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61758. Even having different versions of gcc installed simultaneously may lead to problems, especially if the older version of gcc is active. An example is https://bugs.gentoo.org/show_bug.cgi?id=513386. ","[3] Note that some packages like www-client/chromium and net-libs/webkit-gtk are already using C++11 features."} {http://ispras.linuxbase.org/index.php/ABI_compliance_checker} 2015-02-02-nfs-service-changes nfs service changes 2015-02-02 William Hubbs williamh@gentoo.org {<=net-fs/nfs-utils-1.3.1-r1} {"The upgrade to nfs-utils-1.3.1-r1 includes significant service changes both for OpenRC and systemd users.","OpenRC users:","The OpenRC service which handled mounting nfs file systems has been changed to only start the nfs client daemons and renamed to nfsclient. Because of this change, if you use OpenRC and mount nfs file systems, you need to perform the following steps:","Add nfsclient to the runlevel nfsmount was in before. For example, if nfsmount was in the default runlevel, run this command:","rc-update add nfsclient default","If you use a permanent network connection to the server, make sure netmount is in the same runlevel as nfsclient. If not, it is recommended that net-fs/autofs be set up to handle your network mounts.","Systemd users:","The nfs systemd units have been renamed. If you are exporting nfs mounts, you should enable the rpcbind and nfs-server services. If you are mounting nfs mounts systemd should automatically detect this and start the nfs-client service.","More Information:","The following wiki page has more information about nfs file systems:",http://wiki.gentoo.org/wiki/NFSv4} \N 2013-10-14-grub2-migration GRUB2 migration 2013-10-14 Mike Gilbert floppym@gentoo.org {> /etc/portage/package.accept_keywords echo \\"sys-devel/gettext -nls\\" >> /etc/portage/package.use emerge -1 gettext","6. Rebuild any packages that might be linking against libintl.so:"," USE=-nls emerge -uvDNq world","7. The previous step probably missed some executables, so find them all:"," for i in /bin/* /sbin/ /usr/bin/* /usr/sbin/* ; do readelf -d $i 2>&1 | grep -q libintl.so && echo $i done","You can identify what packages these belong to uing `equery b ` Rebuild those packages.","8. At this point you can remove /usr/lib/libintl.so*. To be safe, check that all your coreutils utilities (like mv, cp, ls, etc.) really aren't linking against libintl.so as described in the previous step and then mv that library out of the dynamic linker's search path.","9. While not strictly necessary, you can rebuild your entire system to make sure everything links nicely against the new libc.so: emerge -evq world "} \N 2014-03-12-profile-eapi-5 Profile EAPI 5 requirement 2014-03-02 Zero_Chaos zerochaos@gentoo.org { 9.) emerge --update --oneshot portage","Now that you have a modern copy of portage, you can go back to updating your system as usual. Please update your system at LEAST twice a year to avoid issues like this in the future.","Thanks for flying Gentoo."} \N 2015-05-01-shorewall-changes shorewall is now a single package 2015-05-01 Ian Delaney idella4@gentoo.org {net-firewall/shorewall-core,net-firewall/shorewall6,net-firewall/shorewall-lite,net-firewall/shorewall6-lite,net-firewall/shorewall-init} {"Starting with net-firewall/shorewall-4.6 we have re-integrated"," - net-firewall/shorewall-core - net-firewall/shorewall6 - net-firewall/shorewall-lite - net-firewall/shorewall6-lite - net-firewall/shorewall-init","into a new all-in-one net-firewall/shorewall ebuild (see bug 522278).","The new all-in-one ebuild makes maintenance a lot more easier because the package is proxy-maintained and finding someone who is willing to help you bumping 6 packages each time you provide an update was not easy in the past.","Because net-firewall/shorewall{-core,6,-lite,6-lite,init} is now integrated in net-firewall/shorewall, we have to hard mask these old ebuilds in the new monolithic ebuild to prevent file collisions.","Due to this block we cannot migrate to the new version without user interaction. Please remove the previous split ebuilds from your system if you want to upgrade:"," $ emerge --ask --unmerge 'net-firewall/shorewall-*' \\\\ 'net-firewall/shorewall6*'"," Please note: Since the second shorewall-4.6 ebuild is now stabilized and shorewall-4.5 is not compatible with the perl-5.20 (see bug 524558) we will start the removal process for shorewall-4.5 ebuilds within the next 30 days."} \N 2010-03-23-new-subprofiles New desktop subprofiles for GNOME and KDE 2010-03-23 Theo Chatzimichos tampakrap@gentoo.org \N {"There are two new subprofiles under desktop, one for GNOME and one for KDE. Users that have only one of those two DEs may choose the according subprofile. Users of other DEs or WMs may stick to the desktop profile.","Attention: KDE or GNOME specific USE flags have been stripped from the desktop profile. More specifically: GNOME subprofile contains: USE=\\"eds evo gnome gstreamer\\" KDE subprofile contains: USE=\\"kde\\"","(I'll commit the change on Friday, 26 Mar 2010)"} \N 2011-05-01-baselayout-update Baselayout update 2011-05-01 Christian Faulhammer fauli@gentoo.org {=mail-mta/postfix-2.9 are installed under /usr/libexec/postfix. Please do not forget to adjust your main.cf by running etc-update/dispatch-conf or similar and accepting the new daemon_directory setting. Otherwise, postfix will not be able to find the binaries it is looking for."} \N 2015-08-13-openssh-weak-keys OpenSSH 7.0 disables ssh-dss keys by default 2015-08-13 Mike Frysinger vapier@gentoo.org {net-misc/openssh} {"Starting with the 7.0 release of OpenSSH, support for ssh-dss keys has been disabled by default at runtime due to their inherit weakness. If you rely on these key types, you will have to take corrective action or risk being locked out.","Your best option is to generate new keys using strong algos such as rsa or ecdsa or ed25519. RSA keys will give you the greatest portability with other clients/servers while ed25519 will get you the best security with OpenSSH (but requires recent versions of client & server).","If you are stuck with DSA keys, you can re-enable support locally by updating your sshd_config and ~/.ssh/config files with lines like so: PubkeyAcceptedKeyTypes=+ssh-dss","Be aware though that eventually OpenSSH will drop support for DSA keys entirely, so this is only a stop gap solution.","More details can be found on OpenSSH's website: http://www.openssh.com/legacy.html"} \N 2015-08-26-ruby-19-removal Ruby 1.9 removal; Ruby 2.0/2.1 default 2015-08-26 Manuel Rüger mrueg@gentoo.org {dev-lang/ruby} {"Ruby MRI 1.9 has been retired by upstream in February 2015.[1] We remove Ruby MRI 1.9 support from the tree now. In parallel Ruby MRI 2.1 support will be activated in base profile's RUBY_TARGETS variable by default in conjunction with Ruby MRI 2.0.","If your currently eselected Ruby interpreter is ruby19, our recommendation is to change it to ruby20. At the moment Ruby MRI 2.0 delivers the best possible support of all Ruby interpreters in tree.","Check the current setting via:"," eselect ruby show","Change the current setting to Ruby MRI 2.0 via:"," eselect ruby set ruby20"} {https://www.ruby-lang.org/en/news/2015/02/23/support-for-ruby-1-9-3-has-ended/} 2015-09-09-libvirt-init-script-changes libvirt-1.2.19 init script changes 2015-09-09 Doug Goldstein cardoe@gentoo.org {=dev-db/mysql-5.5 pbxt >=dev-db/mariadb-5.5 pbxt >=dev-db/mysql-cluster-5.5 pbxt # overlay >=dev-db/mariadb-galera-5.5 pbxt # overlay >=dev-db/percona-server-5.5 pbxt # overlay >=dev-db/google-mysql-5.5 pbxt # overlay","All users who have data stored in PBXT-backed tables MUST convert the tables to another format BEFORE upgrading to MySQL/MariaDB 5.5, as the tables will become inaccessible otherwise.","We will continue to allow it to be built in the 5.0/5.1 series, to make the above data migration easy, but we strongly encourage all users to move their data out of the PBXT engine.","If you need to check for PBXT tables easily, look in your MySQL/MariaDB datadir for any files with a .xt extension.","1. https://lists.launchpad.net/pbxt-discuss/msg00134.html 2. http://www.bytebot.net/blog/archives/2012/05/25/mariadb-5-5-has-deprecated-pbxt 3. https://kb.askmonty.org/en/about-pbxt/ 4. https://bugs.gentoo.org/show_bug.cgi?id=471616#c1"} \N 2015-10-07-openrc-0-18-localmount-and-netmount-changes OpenRC-0.18 localmount and netmount changes 2015-10-07 William Hubbs williamh@gentoo.org {<=sys-apps/openrc-0.18} {"The behaviour of localmount and netmount is changing on Linux systems. In the past, these services always started successfully. However, now they will fail if a file system they attempt to mount cannot be mounted.","If you have file systems listed in fstab which should not be mounted at boot time, make sure to add noauto to the mount options. If you have file systems that you want to attempt to mount at boot time but failure should be allowed, add nofail to the mount options for these file systems in fstab."} \N 2015-10-22-gcc-5-new-c++11-abi GCC 5 Defaults to the New C++11 ABI 2015-10-22 Mike Frysinger vapier@gentoo.org {>=sys-devel/gcc-5} {"GCC 5 uses the new C++ ABI by default. When building new code, you might run into link time errors that include lines similar to: ...: undefined reference to '_ZNSt6chrono12steady_clock3nowEv@GLIBCXX_3.4.17'","Or you might see linkage failures with \\"std::__cxx11::string\\" in the output.","These are signs that you need to rebuild packages using the new C++ ABI. You can quickly do so by using revdep-rebuild (from gentoolkit) like so: # revdep-rebuild --library 'libstdc\\\\+\\\\+\\\\.so\\\\.6' -- --exclude gcc","For more details, feel free to peruse: https://developerblog.redhat.com/2015/02/05/gcc5-and-the-c11-abi/ https://blogs.gentoo.org/blueness/2015/03/10/the-c11-abi-incompatibility-problem-in-gentoo/"} \N 2015-10-21-future-support-of-hardened-sources-kernel Future Support of hardened-sources Kernel 2015-10-21 Anthony G. Basile blueness@gentoo.org {sys-kernel/hardened-sources} {"For many years, the Grsecurity team [1] has been supporting two versions of their security patches against the Linux kernel, a stable and a testing version, and Gentoo has made both of these available to our users through the hardened-sources package. However, on August 26 of this year, the team announced they would no longer be making the stable version publicly available, citing trademark infringement by a major embedded systems company as the reason. [2] The stable patches are now only available to sponsors of Grsecurity and can no longer be distributed in Gentoo. However, the team did assure us that they would continue to release and support the testing version as they have in the past.","What does this means for users of hardened-sources? Gentoo will continue to make the testing version available through our hardened-sources package but we will have to drop support for the 3.x series. In a few days, those ebuilds will be removed from the tree and you will be required to upgrade to a 4.x series kernel. Since the hardened-sources package only installs the kernel source tree, you can continue using a currently built 3.x series kernel but bear in mind that we cannot support you, nor will upstream. Also keep in mind that the 4.x series will not be as reliable as the 3.x series was, so reporting bugs promptly will be even more important. Gentoo will continue to work closely with upstream to stay on top of any problems, but be prepared for the occasional \\"bad\\" kernel. The more reporting we receive from our users, the better we will be able to decide which hardened-sources kernels to mark stable and which to drop.","Refs. [1] https://grsecurity.net [2] https://grsecurity.net/announce.php"} \N