gentoo resync : 08.01.2021

5 files changed, 88 insertions, 17 deletions

diff --git a/metadata/news/2021-01-05-libressl-support-discontinued/2021-01-05-libressl-support-discontinued.en.txt b/metadata/news/2021-01-05-libressl-support-discontinued/2021-01-05-libressl-support-discontinued.en.txt
new file mode 100644
index 000000000000..713d1df9abe6
--- /dev/null
+++ b/metadata/news/2021-01-05-libressl-support-discontinued/2021-01-05-libressl-support-discontinued.en.txt
@@ -0,0 +1,71 @@
+Title: LibreSSL support discontinued
+Author: Michał Górny <mgorny@gentoo.org>
+Posted: 2021-01-05
+Revision: 1
+News-Item-Format: 2.0
+Display-If-Installed: dev-libs/libressl
+
+Starting 2021-02-01, Gentoo will discontinue supporting
+dev-libs/libressl as an alternative to dev-libs/openssl.  While it will
+still be possible for expert users to use LibreSSL on their systems,
+we are only going to provide support for OpenSSL-based systems.  Most
+importantly, we are no longer going to maintain downstream patches for
+LibreSSL support -- it will rely on either package upstreams merging
+such patches themselves, or LibreSSL upstream finally working towards
+better OpenSSL compatibility.
+
+On 2021-02-01, we will mask the relevant USE flags and packages.  If you
+wish to continue using LibreSSL, you will be able to undo these masks
+for the time being.  However, as packages drop patching for LibreSSL
+and the library is eventually removed from ::gentoo, it will become
+necessary to use the user-maintained LibreSSL overlay [1].  As long-term
+support for LibreSSL is not guaranteed, we recommend switching
+to OpenSSL instead.  More information on removal can be found
+on the relevant bug [2].
+
+To switch before the aforementioned date, remove 'libressl' from your
+USE flags and CURL_SSL targets.  Afterwards, it is recommended to
+prefetch all the necessary distfiles before proceeding with the system
+upgrade, in case wget(1) becomes broken in the process:
+
+    emerge --fetchonly dev-libs/openssl net-misc/wget
+    emerge --fetchonly --deep --changed-use @world
+
+A --changed-use @world upgrade should automatically cause LibreSSL
+to be replaced by OpenSSL, and all affected packages to be rebuilt:
+
+    emerge --deselect dev-libs/libressl
+    emerge --changed-use --deep @world
+
+
+LibreSSL has been forked off OpenSSL in 2014 to address a number of
+problems with the original package.  However, since then OpenSSL
+development gained speed and the original reasons for the fork no longer
+apply.  Furthermore, LibreSSL started to repeatedly fall behind
+and cause growing compatibility problems.  While initially these
+problems were related to packages using old/insecure OpenSSL APIs, today
+they are mostly related to LibreSSL missing newer OpenSSL APIs
+(yet declaring false compatibility with newer OpenSSL versions).
+
+With the little testing it gets, our developers and users had to put
+a significant effort into fixing upstream packages.  In some cases
+(e.g. Qt), upstream has explicitly refused to support LibreSSL, forcing
+us to maintain the patches forever.  This in turn means that
+security fixes, regular version bumps or end-user system upgrades are
+often delayed because of necessary LibreSSL patching.  What is even
+worse, major runtime issues managed to sneak in that broke production
+systems running LibreSSL in the past.
+
+To the best of our knowledge, the only benefit LibreSSL has over OpenSSL
+right now is the additional libtls library.  For this reason, we have
+packaged dev-libs/libretls which is a port of this library that links
+to OpenSSL.
+
+All these issues considered, we came to the conclusion that OpenSSL
+should remain the only supported production option for Gentoo systems.
+While the flexibility of Gentoo should make it possible to keep using
+LibreSSL going forward, the effort necessary to provide first-class
+official support for LibreSSL has proven to outweigh the benefit.
+
+[1] https://gitweb.gentoo.org/repo/proj/libressl.git/tree/README.md
+[2] https://bugs.gentoo.org/762847
diff --git a/metadata/news/Manifest b/metadata/news/Manifest
index 46214d5487e2..b9c011cfc30a 100644
--- a/metadata/news/Manifest
+++ b/metadata/news/Manifest
@@ -1,23 +1,23 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512
 
-MANIFEST Manifest.files.gz 10052 BLAKE2B 99d1a5eb6e8f52a0c03138f80d6ee3214b6fd76a9d85b04118722787d85ffaff446fda6c2cb93a42edc2c2ffeddb59180b86c80ad1652b7b5009e846c8db48ce SHA512 83a8845c703dd8944efcbf6eabc4222f2cb51ef3d1dda9eebbed2536bb5e1e7fa86988cf6e5ac01d1d9918874a8c3b24e2059cd904c57b2f056b8c0fdee7820d
-TIMESTAMP 2021-01-01T20:38:39Z
+MANIFEST Manifest.files.gz 10248 BLAKE2B 70b8b9cef9bbf0469dff0a3edb5705a982d1f0f6bce6528e5d659e4134770fe3c78fdc44245f64805b83f334a54766920f33c93c313a0b824845ac6345a34815 SHA512 62b5517f09d8e3743c8b5810ff997be14cbc7c3a7d14efefd433906fae2b2d90e396a8525177b530ebcf32147fae59a89ca91fd7e7ffc5e8f4444f220b091534
+TIMESTAMP 2021-01-08T11:08:39Z
 -----BEGIN PGP SIGNATURE-----
 
-iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAl/viE9fFIAAAAAALgAo
+iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAl/4PTdfFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
 RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY
-klAn7A/9F+LS8wW7Oiz4f9dopqiK+w2dqFefzBqlmvZFR2FXEM7CrCZhuIl8r50h
-DpliC6flFWCUUmTAhYNduMf7BySjb4aSqqg/cQvH9iV+9knY2Hg7xAgtC6P3bO23
-L5VfzZuObfkQnEs/6yoDuGJzexZNHAB1PzoiN1QQpgAiTM6PZvUwUsFvJz5HQSds
-F75R3u2/hrUEeWHuMSjYrGhRwDLRqsKOVUyw+dcV4nFgnCqSSAr83dLsLQy56kHz
-Bmb5UdgNtVwK96Q1ntS4wstUxYI1YLshsSBM5I/c1Tx/qiL5lOslhn4CsmoC79gU
-0/bHocsKNtLUTbfAexwmxXnXjoiV9Ivb/skvv+CKhtdCSdkYD92MXF1o04Jdw6sd
-RpUDlILm3kVlR84xQwnBeTLOKvAr5WrFqAnFOpFYYeCSSDIFhdMOHqgGxhaip3JE
-hpD7gLOoBIag/pKNzQ/u4dpjT7sf5QRRt1nee1NdPU7pmVbTUf/LxSASZ6SdLnon
-hcFdW6gHEzUpmlLbTGwxujldanMqJc/wfoZALWARxXT0l65lS77pNqRj0hMrPPqi
-ok7vPPxHIZvfFxMN6Yu84v/1ZVz5cGpY8Xg0XOoFQB1yueX3BjXYooGHSnY+8/Vx
-XWGhP/l0Nhh2B8JlwG4/SkjkD1ZrYkZz/uONq6A8PzW+GBFfhd4=
-=OCtm
+klBenQ/9FZyBNwMsuj0vGFPHhmFRPqp5D+seTywgpVilbgRMLeYeecUPhSkVhEg7
+/bTyihjGM9GmkXoRcPE2ggOSlWpVArhg1CvNhUEW3yDuP9HJ1GmwgIAL1t6fH45o
+6vmBDFcUMyPZL0IR9HKaWXTWJlLx4kkbMUJMiwl0cvZwWjudQwDAoBm52PdiZIxe
+fJW2EUHJjzHUX01E359/+WHlSf6T4J1NK10XShwwOIr5nHw955gT/VFBERuxUhPN
+ViSyG8ueKO47xHyYWg3NgM3DSj+Ib6Rj3QqavZS4ayfjqN/ihpTPcwyQVy7zRfdk
+fmeQFsWP+Ju3y8qqzzHhsTkpwhArAXrwgzYUEIxuUj58n/UnyWA+8LE5ldGQXWaI
+z80ae/kXTc6F+uI96767cvNfKahtB4Uq8BA05Zr8ObWB7uvJUSE2eTXND0sumUF+
+wAT4c41c7b3F9M6xvTVFvpnGkrvLU6lf5AGzkX4EB3FkyDQrqGzwCCdbh6/JmmfT
+jtXqB/oVQ4NZMf9xWfyQSM3G5Z2jNHzOHdYbLk3FPpV1LxuVDHbOH/SjA4a/MJOF
+BEWf/2BDsvwLC1f2fhRDra2d8dmgE9fSqGk0ChNhpc6tS5dKG0XqQLCZD0LUzOxO
+qMNfHHDpq+XxHRPZBgslINc8kz+9pgskIbx64b52r3DSvk5cFQ4=
+=KNVN
 -----END PGP SIGNATURE-----
diff --git a/metadata/news/Manifest.files.gz b/metadata/news/Manifest.files.gz
index 555674a756d4..0ea581801bb9 100644
--- a/metadata/news/Manifest.files.gz
+++ b/metadata/news/Manifest.files.gz
diff --git a/metadata/news/timestamp.chk b/metadata/news/timestamp.chk
index 3f0759c50d70..81201ed971ce 100644
--- a/metadata/news/timestamp.chk
+++ b/metadata/news/timestamp.chk
@@ -1 +1 @@
-Fri, 01 Jan 2021 20:38:36 +0000
+Fri, 08 Jan 2021 11:08:36 +0000
diff --git a/metadata/news/timestamp.commit b/metadata/news/timestamp.commit
index b97dba721917..1f85f9e7c5f2 100644
--- a/metadata/news/timestamp.commit
+++ b/metadata/news/timestamp.commit
@@ -1 +1 @@
-473b7ccfe355bb5572e3cecfd068c6121ed37b6f 1609463388 2021-01-01T01:09:48+00:00
+034ed5a1cd7f552e2cf130703f91b30681c47e7f 1609845379 2021-01-05T11:16:19+00:00