This is the first draft of a news item describing a packaging change for OpenAFS so that we no longer require the DEBUG_RODATA be turned off. Given the security implications of the previous setting of having CONFIG_DEBUG_RODATA=n, we thought it prudent to ensure that OpenAFS users get notice of the change in a manner that they are not likely to miss (unlike a message in a phase that can be missed/hidden/squelched).
Title: OpenAFS no longer needs kernel option DEBUG_RODATA Author: NP-Hardass <np-hard...@gentoo.org> Author: Andrew Savchenko <birc...@gentoo.org> Content-Type: text/plain Posted: 2016-07-23 Revision: 1 News-Item-Format: 1.0 Display-If-Installed: <=net-fs/openafs-kernel-1.6.18.2 Display-If-Keyword: amd64 Display-If-Keyword: ~amd64-linux Display-If-Keyword: ~sparc Display-If-Keyword: x86 Display-If-Keyword: ~x86-linux As a result of bug #127084 [1], it was determined that OpenAFS's kernel module required that the kernel's data structures be read-write (CONFIG_DEBUG_RODATA=n). Upon reviewing the latest version of OpenAFS with Linux kernels 3.4-4.4, it has been determined that this condition is no longer necessary to ensure that OpenAFS builds and loads into the kernel. Starting with net-fs/openafs-kernel-1.6.18.2, this condition is no longer forced in the ebuild. Considering the security implications of having CONFIG_DEBUG_RODATA turned off, it is highly advised that you adjust your kernel config accordingly. Please note that the default setting for CONFIG_DEBUG_RODATA is "y" and unless you have another reason for keeping it disabled, we highly recommend that you re-enable CONFIG_DEBUG_RODATA. [1] https://bugs.gentoo.org/show_bug.cgi?id=127084 -- NP-Hardass
signature.asc
Description: OpenPGP digital signature
