From 90c88731bd036e5698b281fbc0a5f3aa4c9983ac Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Mon, 29 Jun 2020 11:38:31 +0100 Subject: gentoo resync : 29.06.2020 --- ...2020-06-23-upgrade-to-sys-libs_pam-1_4_0.en.txt | 28 ++++++++++++++++++ ...-06-24-xorg-server-dropping-default-suid.en.txt | 32 +++++++++++++++++++++ metadata/news/Manifest | 30 +++++++++---------- metadata/news/Manifest.files.gz | Bin 11672 -> 12044 bytes metadata/news/timestamp.chk | 2 +- metadata/news/timestamp.commit | 2 +- 6 files changed, 77 insertions(+), 17 deletions(-) create mode 100644 metadata/news/2020-06-23-upgrade-to-sys-libs_pam-1_4_0/2020-06-23-upgrade-to-sys-libs_pam-1_4_0.en.txt create mode 100644 metadata/news/2020-06-24-xorg-server-dropping-default-suid/2020-06-24-xorg-server-dropping-default-suid.en.txt (limited to 'metadata/news') diff --git a/metadata/news/2020-06-23-upgrade-to-sys-libs_pam-1_4_0/2020-06-23-upgrade-to-sys-libs_pam-1_4_0.en.txt b/metadata/news/2020-06-23-upgrade-to-sys-libs_pam-1_4_0/2020-06-23-upgrade-to-sys-libs_pam-1_4_0.en.txt new file mode 100644 index 000000000000..0c77c98637ba --- /dev/null +++ b/metadata/news/2020-06-23-upgrade-to-sys-libs_pam-1_4_0/2020-06-23-upgrade-to-sys-libs_pam-1_4_0.en.txt @@ -0,0 +1,28 @@ +Title: sys-libs/pam-1.4.0 upgrade +Author: Mikle Kolyada +Content-Type: text/plain +Posted: 2020-06-23 +Revision: 1 +News-Item-Format: 2.0 +Display-If-Installed: sys-libs/pam +Display-If-Installed: sys-auth/pambase + +Starting with the 1.4.0 release [1], we don't offer these modules anymore: + +* pam_tally and pam_tally2 have been deprecated and replaced + by the pam_faillock module +* pam_cracklib has been deprecated and replaced + by the pam_passwdqc module + +These changes affected our basic PAM stack configuration. + +You only need to take action if: +* you made manual changes to the PAM stack, or +* you use FEATURES="-config-protect-if-modified" option + +If this applies to you, please make sure to either run the etc-update or +dispatch-conf command in order to sync your configuration. + +Failure to do this may result in your system becoming inaccessible. + +[1] - https://github.com/linux-pam/linux-pam/releases/tag/v1.4.0 diff --git a/metadata/news/2020-06-24-xorg-server-dropping-default-suid/2020-06-24-xorg-server-dropping-default-suid.en.txt b/metadata/news/2020-06-24-xorg-server-dropping-default-suid/2020-06-24-xorg-server-dropping-default-suid.en.txt new file mode 100644 index 000000000000..b752bb720ede --- /dev/null +++ b/metadata/news/2020-06-24-xorg-server-dropping-default-suid/2020-06-24-xorg-server-dropping-default-suid.en.txt @@ -0,0 +1,32 @@ +Title: xorg-server dropping default suid +Author: Piotr Karbowski +Posted: 2020-06-24 +Revision: 3 +News-Item-Format: 2.0 +Display-If-Installed: x11-base/xorg-server + +Starting 2020-07-15, stable keyworded x11-base/xorg-server will default +to using the logind interface instead of suid by default. resulting in +better security by default through running the server as a regular user +instead of root. However, this will require our users to use a logind +provider such as elogind or systemd. The systemd users and those who are +not using systemd but use desktop profiles can stop reading here, as +they already have a logind provider enabled. + +Others, who have neither systemd or desktop profiles enabled will be +required to globally enable 'elogind' USE flag and update the system + +    # emerge --newuse @world + +Afterwards, one will need to re-login, so the PAM can assign a seat. One +can confirm that a seat has been assigned upon login by running: + +    $ loginctl user-status + +Users who do not wish to use logind interface or have rare hardware that +does not use KMS and because of that, require root privileges to +operate, can manually re-enable 'suid' and disable 'elogind' USE flags +in order to preserve the previous behavior. However, please note that +this is heavily discouraged to run X server as root due to security +reasons. The 'suid' USE flag will remain as optional opt-in for the need +of legacy hardware. diff --git a/metadata/news/Manifest b/metadata/news/Manifest index a99a17bc7963..1da6a51081bc 100644 --- a/metadata/news/Manifest +++ b/metadata/news/Manifest @@ -1,23 +1,23 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 -MANIFEST Manifest.files.gz 11672 BLAKE2B 2a35be1d629fabd14a3e177b2f8c68c778a09003e6c329a5c55208316e291790d15b24da03e1888b7f01b378235d12656c5b63ee2f46588e72d5e814db8ab127 SHA512 a03255c1377ed0aaf8780d946ad61d8fad5fd03d28d04083000f3f9a09319dd8bd58ecb7844d1b7bb009c6c1e511af9f6af0e20507cd177ffd401781440c86d6 -TIMESTAMP 2020-06-21T11:38:29Z +MANIFEST Manifest.files.gz 12044 BLAKE2B 547415c33cd1d5d0e90a80f7a59574b3586b17cced894eeab2dd80042c3bb6aca4b85cda93f72c8edb89d80a5480978ea22a242f346c7a98fad2a95a214b4874 SHA512 a55a6789e7d66503ccbe69d73f70534bb16956cbc073435959464fead34e7db53e6daf9c756eb92e635e27550f6e05cf0aab7bd9d83a005f5e26dc0513b3d06f +TIMESTAMP 2020-06-29T10:08:22Z -----BEGIN PGP SIGNATURE----- -iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAl7vRrVfFIAAAAAALgAo +iQKTBAEBCgB9FiEE4dartjv8+0ugL98c7FkO6skYklAFAl75vZdfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx RDZBQkI2M0JGQ0ZCNEJBMDJGREYxQ0VDNTkwRUVBQzkxODkyNTAACgkQ7FkO6skY -klABUhAAkSCPRTZ+J/2VwDvqYVFca4SvfdvhYXxflhPFFXHgJMUJStghhjmkwryi -QjfL0XbrOXtpQ6J+Y0ryZ3nOdGLOxBPFGMxV8Uno6/xLytUrzOp1nSWwdYnfIA4O -MXOr2kSD/tl46Mk9ADKX+E01fzwUhylM9GdIhb6Qw7oT4f8egNToDCmTWpvYZSYc -pIk6vixeFEWg4LmogcD0OptDZsQxCtYOFgk0qcsKncJvHmyk0A8ZVyPBFONpjH5q -jFzI5Q1uWPzSdFAW5SCzfgErwvf0KAteflosjREuuSEPh6q3m00/+YLIDC5A2b4N -ganiSSw4B8uSrh/0WgwMhsEa539wwj6Vb8I8/MlHJwy7XzcHYmWKz5/Kn0WpDR2K -tetmjV9cUvjKsESlakAl8ihl5vFQmTKnnr2h7rST+M6cIdj9GlKQt+gKVZ+8q7bz -XY/ISlv5WGSwGZg7C9/y23qUfNMmPRqNgJys+QWtzqdPmhYcWEqGBiZUr9bMBdWD -0mbHsPCsf7q0uS1zpVQ9M8XNV50G97sH3+Wovy9AcfForPjIvwNcAzDaIF1LWLSi -MkBKayA2pqprrmlZ4wWKk0HrRT+yL9W+xCmlxEunUAvtgWqMz+tAcaq6ee6AvmiW -FImpd4NmD+YjRzDRvSXVu6Z4M/6YCIx38lGP0GCIYrjja6QRMMI= -=gbnr +klBlFBAAgOpoolHKHFy6/NxmZ2dF4UPNRl94xW9/NFO5w2fS60r8FtxkjSAQgJhT +rvQWra9zFmi3cBn6nwk4TOlkkPEaYZ5ygPZe+6+UG12LVUxIOOIVQhIchuJnWgX8 +Sa9ipaKG0y8UyZVBrd4wtzCRJzAnNYo3ToE8N6qfuxsAxCEYyc1otnBWZm18diAV +s46SVjNTRHt18SLWqTpCOowqNR/LIazBjnVp6aOpl4JsPK1ZGRGP/DPN/67mcski +hmehn1mkagreTNP1DT4Cog3vY8LGFpaHVU3XE6ypeqil3ZW3L47ieTs9lu2JGu5d +WOVmawdbzNCM+cpLhNJWxtPZy7Clv/jUuWH0zWTvVX8zRKcqkhoZ2t7KtHaapE3N +7t2Qe8cthv2+XgasXUhvuXpWyuxgxBEABtqjaYRVUCTy1BmyCsTJIklRa1xtx0Sp +fHWh0fAcg7B3zlzOebbos/L2EhGCkdr07qrYzTOWYSksgUi1k63ARi8Y32/P5pTG +X9AfuPtupuhAPDnMOOEWidFD5UW96xdTJSdLugs79hX3TBFnZfZ0A3h4BwZZr8du +tjbWbMolLvjiFHf/4LroXiK9hTk3Gslr+VGMIooDayr0RCdU0Bx78XjMP+6Al7ol +75ZwOq/grS6KH8gT9MA1vPZO2uyRXxxR+iOiePwp55iyIbD324c= +=Kvbc -----END PGP SIGNATURE----- diff --git a/metadata/news/Manifest.files.gz b/metadata/news/Manifest.files.gz index 88e550e9d1a3..f9a7a023a0c3 100644 Binary files a/metadata/news/Manifest.files.gz and b/metadata/news/Manifest.files.gz differ diff --git a/metadata/news/timestamp.chk b/metadata/news/timestamp.chk index 03b6be48b1f2..3ac069bd3848 100644 --- a/metadata/news/timestamp.chk +++ b/metadata/news/timestamp.chk @@ -1 +1 @@ -Sun, 21 Jun 2020 11:38:26 +0000 +Mon, 29 Jun 2020 10:08:19 +0000 diff --git a/metadata/news/timestamp.commit b/metadata/news/timestamp.commit index 36535e35c7c4..2c7f65ce8584 100644 --- a/metadata/news/timestamp.commit +++ b/metadata/news/timestamp.commit @@ -1 +1 @@ -72de871e6fb59e1e7fb3af51bc6227ad32b0e019 1591572597 2020-06-07T23:29:57+00:00 +bbc0f609f2b84485d3ba5dfd17dbbd0fc1085b64 1593021675 2020-06-24T18:01:15+00:00 -- cgit v1.2.3