From e6b1b9469515e44715c413f223eb7485019c06ea Mon Sep 17 00:00:00 2001 From: Petr Bokoc Date: May 23 2019 09:54:23 +0000 Subject: A bunch of style and grammar fixes --- diff --git a/modules/release-notes/pages/desktop/Desktop.adoc b/modules/release-notes/pages/desktop/Desktop.adoc index 0b89f94..25e85e1 100644 --- a/modules/release-notes/pages/desktop/Desktop.adoc +++ b/modules/release-notes/pages/desktop/Desktop.adoc @@ -6,7 +6,8 @@ include::{partialsdir}/entities.adoc[] == GNOME 3.32 -The default Fedora desktop environment for installations with a graphical interface - **GNOME** - has been updated to version 3.32. Notable changes include: +The default Fedora desktop environment for installations with a graphical interface - **GNOME** - has been updated to version 3.32. +Notable changes include: * The interface has received a refreshed visual style, including the UI, icons, and the desktop itself * Core GNOME applications have removed the "application menu" and its contents have been moved into a primary menu located in the application window where appropriate @@ -34,6 +35,7 @@ For more information about Deepin, see the link:https://www.deepin.org/en/dde/[o Those interested in contributing to Deepin in Fedora are encouraged to contact the link:https://fedoraproject.org/wiki/SIGs/DeepinDE[Deepin Special Interest Group]. == Pantheon desktop + **Pantheon** is the desktop environment used by default on link:https://elementary.io/[elementaryOS]. It builds on GNOME technologies, but utilizes components that were written from scratch in vala, using the GTK+3 toolkit. In Fedora 30, Pantheon is provided by Fedora as an alternative desktop environment. @@ -45,7 +47,8 @@ To try out Pantheon, install the "Pantheon Desktop" package group, log out, and == LXQt 0.14.0 -Fedora 30 provides the **LXQt** lightweight Qt-based desktop environment version 0.14.0. Notable improvements in this release include: +Fedora 30 provides the **LXQt** lightweight Qt-based desktop environment version 0.14.0. +Notable improvements in this release include: * `pcmanfm-qt` now supports a split view. * The desktop can now show icons such as Computer, Network, the user's Home directory, and Trash. The Trash icon is interactive. diff --git a/modules/release-notes/pages/desktop/I18n.adoc b/modules/release-notes/pages/desktop/I18n.adoc index b69e1b7..6209013 100644 --- a/modules/release-notes/pages/desktop/I18n.adoc +++ b/modules/release-notes/pages/desktop/I18n.adoc @@ -7,15 +7,21 @@ include::{partialsdir}/entities.adoc[] [[sect-i18n-langpacks]] == Replace Comps Language Group With Langpacks -Language support groups in Comps file have been replaced by weak rich dependencies in the langpacks package. Previously users could get complete language support installed using the command `dnf group install -support` but now from this release, meta-langpacks packages are used to install language related packages. -Now langpacks packages also install the required fonts and input-methods for a given language, making the language comps groups redundant, and therefore the language support groups have been removed. Users can now get their language support if required by installing the appropriate meta-package `langpacks-`. +Language support groups in Comps file have been replaced by weak rich dependencies in the langpacks package. +Previously users could get complete language support installed using the command `dnf group install -support` but now from this release, meta-langpacks packages are used to install language related packages. -This does not affect kickstart based installations as `--addsupport` already installs `langpacks-` for the given additional languages. But any custom kickstart files that explicitly use a `-support` group under `%packages` need to be updated to use the corresponding `langpacks-` meta package instead. +Now langpacks packages also install the required fonts and input-methods for a given language, making the language comps groups redundant, and therefore the language support groups have been removed. +Users can now get their language support if required by installing the appropriate meta-package `langpacks-`. + +This does not affect kickstart based installations as `--addsupport` already installs `langpacks-` for the given additional languages. +However, any custom kickstart files that explicitly use a `-support` group under `%packages` need to be updated to use the corresponding `langpacks-` meta package instead. [[sect-i18n-pango]] == Pango package update 1.43.0 + Pango now supports Unicode 11 standard for international text handling. == Improved installation of localization packages + The installation process for localization packages has been improved. See the xref:sysadmin/Installation.adoc#install-l10n[Installation section] for details. diff --git a/modules/release-notes/pages/developers/Development_Erlang.adoc b/modules/release-notes/pages/developers/Development_Erlang.adoc index da9ede5..8816de7 100644 --- a/modules/release-notes/pages/developers/Development_Erlang.adoc +++ b/modules/release-notes/pages/developers/Development_Erlang.adoc @@ -6,7 +6,8 @@ include::{partialsdir}/entities.adoc[] == Erlang 21 -The default **Erlang** version in Fedora 30 is 21. Notable changes in this version include: +The default **Erlang** version in Fedora 30 is 21. +Notable changes in this version include: * The BEAM interpreter has been completely re-written. * The compiler is about 10-20% faster. diff --git a/modules/release-notes/pages/developers/Development_Go.adoc b/modules/release-notes/pages/developers/Development_Go.adoc index 91abfb2..a310897 100644 --- a/modules/release-notes/pages/developers/Development_Go.adoc +++ b/modules/release-notes/pages/developers/Development_Go.adoc @@ -6,7 +6,8 @@ include::{partialsdir}/entities.adoc[] == Golang 1.12 -Fedora 30 provides **Golang** version 1.12, up from version 1.11 in Fedora 29. Notable changes include: +Fedora 30 provides **Golang** version 1.12, up from version 1.11 in Fedora 29. +Notable changes include: === New features diff --git a/modules/release-notes/pages/developers/Development_Haskell.adoc b/modules/release-notes/pages/developers/Development_Haskell.adoc index 2567256..ab85032 100644 --- a/modules/release-notes/pages/developers/Development_Haskell.adoc +++ b/modules/release-notes/pages/developers/Development_Haskell.adoc @@ -6,15 +6,13 @@ include::{partialsdir}/entities.adoc[] == Haskell GHC 8.4 and Stackage LTS 12 -The Fedora Haskell packages have been updated to ghc-8.4.4 and -Stackage LTS 12 versions, with focus on performance, stability, -consolidation, and numerous cleanups throughout the compiler: +The Fedora Haskell packages have been updated to ghc-8.4.4 and Stackage LTS 12 versions, with focus on performance, stability, consolidation, and numerous cleanups throughout the compiler: -- Further refinement of TypeInType, including significant improvements in error messages. -- Improvements in code generation resulting in noticable performance improvements in some types of programs. -- Core library improvements, including phase 2 of the Semigroup/Monoid proposal. -- Many improvements to instance deriving. -- The resolution of nearly 300 other tickets for the 8.4.1 major release, and further bugfixes in the subsequent stable minor version releases. +* Further refinement of TypeInType, including significant improvements in error messages. +* Improvements in code generation resulting in noticable performance improvements in some types of programs. +* Core library improvements, including phase 2 of the Semigroup/Monoid proposal. +* Many improvements to instance deriving. +* The resolution of nearly 300 other tickets for the 8.4.1 major release, and further bugfixes in the subsequent stable minor version releases. For details, see upstream release announcements: diff --git a/modules/release-notes/pages/developers/Development_Python.adoc b/modules/release-notes/pages/developers/Development_Python.adoc index 75ad48d..d7bce5c 100644 --- a/modules/release-notes/pages/developers/Development_Python.adoc +++ b/modules/release-notes/pages/developers/Development_Python.adoc @@ -6,65 +6,44 @@ include::{partialsdir}/entities.adoc[] == Python 2 is deprecated in Fedora 30 -Many Python 2 modules were removed from the distribution: packages -that only provide Python 2 importable modules, if they are not used by -any other package (leaf packages). +Many Python 2 modules were removed from the distribution: packages that only provide Python 2 importable modules, if they are not used by any other package (leaf packages). -While this change should not affect regular users, it will affect -developers that use system-packaged Python modules. +While this change should not affect regular users, it will affect developers that use system-packaged Python modules. -If you are developing software that needs to run with Python 2, we -recommend using a virtual environment and installing dependencies from -the Python Package index (PyPI). See details at: +If you are developing software that needs to run with Python 2, we recommend using a virtual environment and installing dependencies from the Python Package index (`PyPI`). +See details at: https://developer.fedoraproject.org/tech/languages/python/python-installation.html -We also recommend using a virtual environment (venv) for Python 3, if -your software targets the wider Python ecosystem rather than Fedora -specifically. Using venv will decouple your development environment -from the system. +We also recommend using a virtual environment (`venv`) for Python 3, if your software targets the wider Python ecosystem rather than Fedora specifically. +Using `venv` will decouple your development environment from the system. -If you are developing for a Fedora package, please port to Python 3 as -soon as possible. Almost complete Python 2 removal is planned for the next -release. +If you are developing for a Fedora package, please port to Python 3 as soon as possible. +Almost complete Python 2 removal is planned for the next release. == Automatically generated dependencies for Python packages -The generator which generates Provides and Requires for Python RPM -packages based on the `setup.py` file has been enabled by default. This -makes the packaging of Python packages easier and more automatic by -reusing information provided by the upstream project, and should result -in fewer unecessary or missing dependencies in RPMs. +The generator which generates Provides and Requires for Python RPM packages based on the `setup.py` file has been enabled by default. +This makes the packaging of Python packages easier and more automatic by reusing information provided by the upstream project, and should result in fewer unecessary or missing dependencies in RPMs. == Python progressbar replaced with progressbar2 -The `progressbar` package has been updated to use the `progressbar2` fork, -which is newer and better maitained. +The `progressbar` package has been updated to use the `progressbar2` fork, which is newer and better maitained. == Nautilus extensions now use Python 3 -As part of the general move to Python 3, extensions for the file -browser and graphical shell Nautilus are now executed using Python 3, -and extensions compatible only with Python 2 are no longer supported. -Extensions packaged in the distribution have been updated for Python 3 -compatiblity. Users who have installed their own extensions should -check that they are compatible with Python 3 or remove them. +As part of the general move to Python 3, extensions for the file browser and graphical shell Nautilus are now executed using Python 3, and extensions compatible only with Python 2 are no longer supported. +Extensions packaged in the distribution have been updated for Python 3 compatiblity. +Users who have installed their own extensions should check that they are compatible with Python 3 or remove them. [[python-build-flags]] == Avoid Fedora-specific build flags in non-RPM Python extensions -When extension modules are built, the `distutils` module provides a -set of compilation and link flags to ensure that modules are compiled -in a way which is compatible with Python executable itself. When -building modules in Fedora, the same set of flags was used for modules -which are part of the distribution (i.e. part of an RPM package) and -for modules compiled by users *using* Fedora. Those flags included -custom GCC plugins and additional linker options to "harden" the code -and add `annobin` annotations, which is appropriate for the -distribution, but unexpected and unnecessary for user code. A distinct -and smaller set of flags is now provided for extension modules -compiled by users. +When extension modules are built, the `distutils` module provides a set of compilation and link flags to ensure that modules are compiled in a way which is compatible with Python executable itself. +When building modules in Fedora, the same set of flags was used for modules which are part of the distribution (i.e. part of an RPM package) and for modules compiled by users *using* Fedora. +Those flags included custom GCC plugins and additional linker options to "harden" the code and add `annobin` annotations, which is appropriate for the distribution, but unexpected and unnecessary for user code. +A distinct and smaller set of flags is now provided for extension modules compiled by users. -The build flags (`CFLAGS`, `CXXFLAGS` and `LDFLAGS`) saved in the Python's distutils module for building extension modules are switched from: +The build flags (`CFLAGS`, `CXXFLAGS` and `LDFLAGS`) saved in the Python's `distutils` module for building extension modules are switched from: * `%\{build_cflags}`, * `%\{build_cxxflags}` and @@ -80,7 +59,8 @@ This link:https://src.fedoraproject.org/rpms/redhat-rpm-config/blob/master/f/bui The `python3-devel` package will lose its runtime dependency on `redhat-rpm-config` (which was only required for annobin support and GCC spec files). -The change affects building extension modules by users, outside of the RPM environment. The Python standard library and Fedora's Python 3 RPM packages are still built with the "traditional" set of flags (`%\{build_cflags}` etc.), unless the package uses nonstandard methods to build the extensions. +The change affects building extension modules by users, outside of the RPM environment. +The Python standard library and Fedora's Python 3 RPM packages are still built with the "traditional" set of flags (`%\{build_cflags}` etc.), unless the package uses nonstandard methods to build the extensions. Only Python 3.7 and 3.6 will be changed. diff --git a/modules/release-notes/pages/developers/Development_Ruby.adoc b/modules/release-notes/pages/developers/Development_Ruby.adoc index d5d38af..96ff519 100644 --- a/modules/release-notes/pages/developers/Development_Ruby.adoc +++ b/modules/release-notes/pages/developers/Development_Ruby.adoc @@ -11,31 +11,46 @@ With this major update from Ruby 2.5 in Fedora 29 to Ruby 2.6 in Fedora 30, Fedo Notable changes include: -* An initial implementation of a Just-In-Time (JIT) compiler is now available. The JIT compiler aims to improve performance of any Ruby program execution. Unlike ordinary JIT compilers for other languages, Ruby’s JIT compiler does JIT compilation in a unique way, which prints C code to a disk and spawns common C compiler process to generate native code. +* An initial implementation of a Just-In-Time (JIT) compiler is now available. +The JIT compiler aims to improve performance of any Ruby program execution. +Unlike ordinary JIT compilers for other languages, Ruby’s JIT compiler does JIT compilation in a unique way, which prints C code to a disk and spawns common C compiler process to generate native code. + -The main purpose of this JIT release is to provide a chance to check if it works for your platform and to find out security risks before the 2.6 release. JIT compiler is supported when Ruby is built by GCC, Clang, or Microsoft VC++, which needs to be available on runtime. Otherwise you can’t use it for now. +The main purpose of this JIT release is to provide a chance to check if it works for your platform and to find out security risks before the 2.6 release. +JIT compiler is supported when Ruby is built by GCC, Clang, or Microsoft VC++, which needs to be available on runtime. Otherwise you can’t use it for now. + -As of Ruby 2.6.0 preview3, we achieved 1.7x faster performance than Ruby 2.5 on CPU-intensive non-trivial benchmark workload called Optcarrot. The performance on memory-intensive workload like Rails application are going to be improved as well. -* A new `RubyVM::AST` experimental module is now available. This module has a `parse` method which parses a given ruby code of string and returns AST (Abstract Syntax Tree) nodes, and a `parse_file` method which parses a given ruby code file and returns AST nodes. A `RubyVM::AST::Node` class is also introduced. You can get location information and children nodes from Node objects. This feature is experimental. Compatibility of the structure of AST nodes are not guaranteed. +As of Ruby 2.6.0 preview3, we achieved 1.7x faster performance than Ruby 2.5 on CPU-intensive non-trivial benchmark workload called Optcarrot. +The performance on memory-intensive workload like Rails application are going to be improved as well. +* A new `RubyVM::AST` experimental module is now available. +This module has a `parse` method which parses a given ruby code of string and returns AST (Abstract Syntax Tree) nodes, and a `parse_file` method which parses a given ruby code file and returns AST nodes. +A `RubyVM::AST::Node` class is also introduced. +You can get location information and children nodes from Node objects. This feature is experimental. +Compatibility of the structure of AST nodes are not guaranteed. * New features: ** Add a new alias `then` to `Kernel#yield_self`. ** Add `Random.bytes`. -** Add `Binding#source_location`. This method returns the source location of binding, a 2-element array of `__FILE__` and `__LINE__`. +** Add `Binding#source_location`. +This method returns the source location of binding, a 2-element array of `__FILE__` and `__LINE__`. ** Add `:exception` option to let `Kernel.#system` raise an error instead of returning false. ** `else` without `rescue` now causes a syntax error. [EXPERIMENTAL] ** Constant names may start with a non-ASCII capital letter. -** An endless range, `(1..)`, is introduced. It works as if it has no end. +** An endless range, `(1..)`, is introduced. +It works as if it has no end. The following performance improvements have been made: -* Sped up `Proc#call` because we don’t need to care about `$SAFE` any more. The `lc_fizzbuzz` benchmark shows a 40% speed improvement. -* Sped up `block.call` where block is passed block parameter. Ruby 2.6 improves the performance of passed block calling. There can observed 2.6x improvement with micro-benchmarks. -* Transient Heap (`theap`) has been introduced. `theap` is managed heap for short-living memory objects which are pointed by specific classes. For example, making small and short-living Hash object is twice as fast. With the `rdoc` benchmark, 6-7% performance improvement is observed. +* Sped up `Proc#call` because we don’t need to care about `$SAFE` any more. +The `lc_fizzbuzz` benchmark shows a 40% speed improvement. +* Sped up `block.call` where block is passed block parameter. +Ruby 2.6 improves the performance of passed block calling. There can observed 2.6x improvement with micro-benchmarks. +* Transient Heap (`theap`) has been introduced. `theap` is managed heap for short-living memory objects which are pointed by specific classes. +For example, making small and short-living Hash object is twice as fast. +With the `rdoc` benchmark, 6-7% performance improvement is observed. Other notable changes since version 2.5: * `$SAFE` is a process global state and we can set 0 again. -* Passing `safe_level` to `ERB.new` is deprecated. `trim_mode` and `eoutvar` arguments are now keyword arguments. +* Passing `safe_level` to `ERB.new` is deprecated. +`trim_mode` and `eoutvar` arguments are now keyword arguments. * Merged RubyGems 3.0.0.beta2. * Merge Bundler as default gem. diff --git a/modules/release-notes/pages/developers/Development_Web.adoc b/modules/release-notes/pages/developers/Development_Web.adoc index f870d77..79dc645 100644 --- a/modules/release-notes/pages/developers/Development_Web.adoc +++ b/modules/release-notes/pages/developers/Development_Web.adoc @@ -6,7 +6,6 @@ include::{partialsdir}/entities.adoc[] == PHP 7.3 The **PHP** stack has been updated to version 7.3 in Fedora 30. - Notable changes in this version include: * Flexible Heredoc and Nowdoc Syntax diff --git a/modules/release-notes/pages/sysadmin/Distribution.adoc b/modules/release-notes/pages/sysadmin/Distribution.adoc index d0d522c..9222f1f 100644 --- a/modules/release-notes/pages/sysadmin/Distribution.adoc +++ b/modules/release-notes/pages/sysadmin/Distribution.adoc @@ -6,73 +6,54 @@ include::{partialsdir}/entities.adoc[] == Inherited locale settings will be reset on login if necessary -When logging in over ssh or another mechanism, locale settings are -forwarded. If the destination does not support that is configured in -the source environment, various tools would generate warnings about -invalid locale settings. Now, locale is automatically reset to `C.UTF-8` -if such situation is detected. +When logging in over ssh or another mechanism, locale settings are forwarded. +If the destination does not support that is configured in the source environment, various tools would generate warnings about invalid locale settings. +Now, locale is automatically reset to `C.UTF-8` if such situation is detected. == Many obsolete RPM scriptlets have been removed -Plenty of installation scriplets in packages are not necessary -anymore. Their removal should make installation and upgrades of -packages a bit faster. +Plenty of installation scriplets in packages are not necessary anymore. +Their removal should make installation and upgrades of packages a bit faster. == Binaries provided by the distribution have optimized linking -The link flags used for Fedora packages have been updated to skip -libraries which are not used by the executable. This removes the -dependencies on those librararies from various packages, making +The link flags used for Fedora packages have been updated to skip libraries which are not used by the executable. +This removes the dependencies on those librararies from various packages, making their installation slightly more efficient. == Binaries provided by the distribution have additional hardening -The link flags used for Fedora packages have been updated to make the -array of function pointers which is used to implement dynamic linking -(the GOT) read-only at runtime. This makes it harder for exploit -writers to overwrite these function pointers and redirect execution. - +The link flags used for Fedora packages have been updated to make the array of function pointers which is used to implement dynamic linking (the GOT) read-only at runtime. +This makes it harder for exploit writers to overwrite these function pointers and redirect execution. == Changed build flags saved in Python's distutils module -The build flags (`CFLAGS`, `CXXFLAGS` and `LDFLAGS`) saved in the Python's distutils module for building extension modules have been changed in Fedora 30. See the xref:developers/Development_Python.adoc#python-build-flags[Python section] for details. +The build flags (`CFLAGS`, `CXXFLAGS` and `LDFLAGS`) saved in the Python's distutils module for building extension modules have been changed in Fedora 30. +See the xref:developers/Development_Python.adoc#python-build-flags[Python section] for details. == SWID tags for Fedora distribution and edition -The `fedora-release-common` and `fedora-release-$edition` packages -ship distribution-level SWID tags under -`/usr/lib/swidtag/fedoraproject.org/` that identify the Fedora -distribution, release, and edition. +The `fedora-release-common` and `fedora-release-$edition` packages ship distribution-level SWID tags under `/usr/lib/swidtag/fedoraproject.org/` that identify the Fedora distribution, release, and edition. -The `swidq` command from new package `swid-tools` can be used to list -the SWID tags (`swidq -a`) or show its content (`swidq -i -n Fedora`, -`swidq --xml -a 'org.fedoraproject.*'`). +The `swidq` command from new package `swid-tools` can be used to list the SWID tags (`swidq -a`) or show its content (`swidq -i -n Fedora`, `swidq --xml -a 'org.fedoraproject.*'`). == Updated software -Please note that this only lists a small subset of all upgraded -packages where there's a significant change. +Please note that this only lists a small subset of all upgraded packages where there's a significant change. === Vagrant 2.2 -Vagrant 2.2 is new major release, that includes many features, -improvements, and and bug fixes. Using qemu:///session instead of -qemu:///system allows Vagrant to run unprivileged. +Vagrant 2.2 is new major release, that includes many features, improvements, and and bug fixes. Using `qemu:///session` instead of `qemu:///system` allows Vagrant to run unprivileged. === Bash 5.0 -The default shell `bash` has been updated to version 5.0. This release -fixes several outstanding bugs in bash 4.4 and introduces several new -features. The most significant bug fixes are an overhaul of how -nameref variables resolve and a number of potential out-of-bounds -memory errors discovered via fuzzing. +The default shell `bash` has been updated to version 5.0. This release fixes several outstanding bugs in bash 4.4 and introduces several new features. + The most significant bug fixes are an overhaul of how `nameref` variables resolve and a number of potential out-of-bounds memory errors discovered via fuzzing. === Fish 3.0 -This update for one of the alternative shells contains many new -features and some backwards incompatible changes. See -https://fedoraproject.org/wiki/Changes/Fish_3.0#Upgrade.2Fcompatibility_impact[the documentation] -for details. +This update for one of the alternative shells contains many new features and some backwards incompatible changes. +See https://fedoraproject.org/wiki/Changes/Fish_3.0#Upgrade.2Fcompatibility_impact[the documentation] for details. === New desktop environments Fedora 30 adds two new desktop environments for users with a graphical interface: **Pantheon** and **Deepin**. See the xref:desktop/Desktop.adoc[Desktop section] for details. @@ -81,63 +62,39 @@ Fedora 30 adds two new desktop environments for users with a graphical interface === Deprecation of BerkleyDB support in OpenLDAP server -In the **next** Fedora version (31) package `openldap-servers` will no -longer ship with support for `back-bdb` or `back-hdb`. Users should -migrate data to use `back-mdb` instead, which is fully supported, -developed, and encouraged as the replacement by OpenLDAP upstream. +In the **next** Fedora version (31) package `openldap-servers` will no longer ship with support for `back-bdb` or `back-hdb`. +Users should migrate data to use `back-mdb` instead, which is fully supported, developed, and encouraged as the replacement by OpenLDAP upstream. === Deprecation of old Apache Java packages -Apache Jakarta ORO, -Apache Jakarta Commons Regexp, -Apache Jakarta Commons HttpClient, -and Apache Avalon packages -are intended to be eventually removed from Fedora, -but are kept in Fedora for some additional, indeterminate time for -various reasons including maintaining backwards compatibility. They are -now considered deprecated and no new code should use them. +**Apache Jakarta ORO**, **Apache Jakarta Commons Regexp**, **Apache Jakarta Commons HttpClient**, and **Apache Avalon** packages are intended to be eventually removed from Fedora, but are kept in Fedora for some additional, indeterminate time for various reasons including maintaining backwards compatibility. + They are now considered deprecated and no new code should use them. === Deprecation of Sonatype OSS Parent This package is obsolete software. -`sonatype-oss-parent` packages are intended to be eventually -removed from Fedora, but are kept in Fedora for some additional, -indeterminate time due to relatively large number of packages still -depending on Sonatype OSS Parent. They are now considered deprecated -and no new code should use them. +`sonatype-oss-parent` packages are intended to be eventually removed from Fedora, but are kept in Fedora for some additional, indeterminate time due to relatively large number of packages still +depending on Sonatype OSS Parent. +They are now considered deprecated and no new code should use them. === Deprecation of Apache Maven 2.x -The last upstream release of Apache Maven 2.x was in November 2009, -more than 9 years ago. Upstream declares that this version of Maven -has reached its end of life, is no longer supported and that security -vulnerability reports will not be addressed. It is still packaged -in Fedora, but is deprecated and will be removed in one of the next -releases. +The last upstream release of Apache Maven 2.x was in November 2009, more than 9 years ago. +Upstream declares that this version of Maven has reached its end of life, is no longer supported and that security vulnerability reports will not be addressed. +It is still packaged in Fedora, but is deprecated and will be removed in one of the next releases. +[[distribution-libcrypt]] === Removal of unsafe functions from `libcrypt` -The POSIX standard mandates the presence of certain encryption and -hashing functions (`encrypt`, `encrypt_r`, `setkey`, `setkey_r`, -`fcrypt`) that rely on the DES encryption algorithm which today is -widely considered insecure and insufficient for applications which -require sane data encryption. Library headers have been changed so -that it is not possible to compile code using those functions. - -The version of the `libxcrypt` package included with Fedora 30 now -ships the `libcrypt.so.2` library that omits those legacy functions. - -For backwards compatibility, the `libxcrypt-compat` package which -contains `libcrypt.so.1` is provided. If you are using a third-party -application that links against those functions, or that is linked -against glibc's libcrypt, you may need to install the -`libxcrypt-compat` package manually. - -In addition, those legacy functions have been replaced by stub -implementations which immediately return an error when invoked. This -means that it is still possible to execute binaries compiled to use -those functions, but they cannot actually use those unsafe encryption -algorithms silently. +The POSIX standard mandates the presence of certain encryption and hashing functions (`encrypt`, `encrypt_r`, `setkey`, `setkey_r`, `fcrypt`) that rely on the DES encryption algorithm which today is widely considered insecure and insufficient for applications which require sane data encryption. +Library headers have been changed so that it is not possible to compile code using those functions. + +The version of the `libxcrypt` package included with Fedora 30 now ships the `libcrypt.so.2` library that omits those legacy functions. + +For backwards compatibility, the `libxcrypt-compat` package which contains `libcrypt.so.1` is provided. +If you are using a third-party application that links against those functions, or that is linked against glibc's libcrypt, you may need to install the `libxcrypt-compat` package manually. + +In addition, those legacy functions have been replaced by stub implementations which immediately return an error when invoked. This means that it is still possible to execute binaries compiled to use those functions, but they cannot actually use those unsafe encryption algorithms silently. === MongoDB removal diff --git a/modules/release-notes/pages/sysadmin/Installation.adoc b/modules/release-notes/pages/sysadmin/Installation.adoc index 1008970..952b7c4 100644 --- a/modules/release-notes/pages/sysadmin/Installation.adoc +++ b/modules/release-notes/pages/sysadmin/Installation.adoc @@ -13,7 +13,8 @@ This section covers changes in the [application]*Anaconda* installer, including === Changes in the Graphical Interface * When setting up a root account, you can now lock it in the graphical interface. -* Time and date controls are used to set the System Clock on the current system. This is not allowed in live installations, so they are now hidden on live installs. +* Time and date controls are used to set the System Clock on the current system. +This is not allowed in live installations, so they are now hidden on live installs. [[sect-installation-anaconda-tui]] === Changes in the Text Mode Interface @@ -24,13 +25,16 @@ This section covers changes in the [application]*Anaconda* installer, including === Kickstart Changes * The `installclass` Kickstart command has been removed and replaced with the `inst.product=` and `inst.variant=` boot options. -* The `repo` and `url` commands now support new options: `--sslcert`, `--sslclientcert`, and `--sslclientkey`, for accessing repositories. See link:https://pykickstart.readthedocs.io/en/latest/kickstart-docs.html#repo[upstream documentation] for details. +* The `repo` and `url` commands now support new options: `--sslcert`, `--sslclientcert`, and `--sslclientkey`, for accessing repositories. +See link:https://pykickstart.readthedocs.io/en/latest/kickstart-docs.html#repo[upstream documentation] for details. [[sect-installation-anaconda-boot-options]] === Changes in Anaconda Boot Options -* New boot options: `inst.product=` and `inst.variant=`. See link:https://anaconda-installer.readthedocs.io/en/latest/boot-options.html#product-options[upstream documentation] for details. -* New boot option `inst.addrepo=` is now available to configure additional repositories. The option is functionally similar to `inst.repo=`. +* New boot options: `inst.product=` and `inst.variant=`. +See link:https://anaconda-installer.readthedocs.io/en/latest/boot-options.html#product-options[upstream documentation] for details. +* New boot option `inst.addrepo=` is now available to configure additional repositories. +The option is functionally similar to `inst.repo=`. * If you use the `zfcp.allow_lun_scan` option, the setting will now be preserved on the installed system. (link:https://bugzilla.redhat.com/show_bug.cgi?id=1561662[BZ#1561662]) [[sect-installation-anaconda-other]] @@ -43,24 +47,35 @@ The file is generated by Anaconda from the following sources: ** Product configuration: `/etc/anaconda/product.d/*.conf` ** Boot and command line options * Installclasses have been removed, and replaced with configuration files in `/etc/anaconda/product.d`. -* Support for the Storage module is significantly enhanced. The module is able to scan system storage and provide info about available devices. It is also able to set up, validate and apply a partitioning via DBus, however, Anaconda still uses its local storage object to do that. Storage-related code has been refactored and simplified. +* Support for the Storage module is significantly enhanced. +The module is able to scan system storage and provide info about available devices. +It is also able to set up, validate and apply a partitioning via DBus, however, Anaconda still uses its local storage object to do that. +Storage-related code has been refactored and simplified. * Live-installation-specific files and dependencies are now provided by the package `anaconda-live`. * The maximum size of the root partition on Fedora Workstation has been increased to 70 GiB. -* Fixed the Anaconda-generated `/etc/fstab` where swap space was mistakenly specified as `swap` instead of `none`. (link:https://bugzilla.redhat.com/show_bug.cgi?id=1258322[BZ#1258322]) -* Non-ASCII characters are now allowed in passphrases again. Anaconda will show a warning when using one. (link:https://bugzilla.redhat.com/show_bug.cgi?id=1619813[BZ#1619813]) -* Cryptsetup now uses LUKS2 by default. See the xref:sysadmin/Security.adoc[Security section] for details. (link:https://bugzilla.redhat.com/show_bug.cgi?id=1668013[BZ#1668013]) -* The installer will now show a warning when it detects an existing volume that should be reformatted, such as a separate `/var`. (link:https://bugzilla.redhat.com/show_bug.cgi?id=1575131[BZ#1575131]) -* Anaconda recreates the initrds by calling `new-kernel-pkg` or `dracut`. However, `dracut` doesn't invoke `zipl` on s390x, so we have to do it to fix the bootloader. (link:https://bugzilla.redhat.com/show_bug.cgi?id=1652727[BZ#1652727]) -* The storage checker will now report an error if the user tries to use LDL DASD disks for the installation on s390x. (link:https://bugzilla.redhat.com/show_bug.cgi?id=1635825[BZ#1635825]) -* Network configuration related functionality was moved almost completely to the Network module. The module now provides information about network devices supported by the installer, signal for network device configuration changes that can be handled by UI. Tasks related to network configuration initialization in installer and final configuration of the target system are also performed by the module now. +* Fixed the Anaconda-generated `/etc/fstab` where swap space was mistakenly specified as `swap` instead of `none`. +(link:https://bugzilla.redhat.com/show_bug.cgi?id=1258322[BZ#1258322]) +* Non-ASCII characters are now allowed in passphrases again. +Anaconda will show a warning when using one. +(link:https://bugzilla.redhat.com/show_bug.cgi?id=1619813[BZ#1619813]) +* Cryptsetup now uses LUKS2 by default. +See the xref:sysadmin/Security.adoc[Security section] for details. (link:https://bugzilla.redhat.com/show_bug.cgi?id=1668013[BZ#1668013]) +* The installer will now show a warning when it detects an existing volume that should be reformatted, such as a separate `/var`. +(link:https://bugzilla.redhat.com/show_bug.cgi?id=1575131[BZ#1575131]) +* Anaconda recreates the initrds by calling `new-kernel-pkg` or `dracut`. +However, `dracut` doesn't invoke `zipl` on s390x, so we have to do it to fix the bootloader. +(link:https://bugzilla.redhat.com/show_bug.cgi?id=1652727[BZ#1652727]) +* The storage checker will now report an error if the user tries to use LDL DASD disks for the installation on s390x. +(link:https://bugzilla.redhat.com/show_bug.cgi?id=1635825[BZ#1635825]) +* Network configuration related functionality was moved almost completely to the Network module. +The module now provides information about network devices supported by the installer, signal for network device configuration changes that can be handled by UI. +Tasks related to network configuration initialization in installer and final configuration of the target system are also performed by the module now. [[install-l10n]] == Improved installation of localization packages -In the past, installation of localization packages (l10n) to provide -fonts and translations for a language was done using comps -groups. This has been replaced by "rich dependencies" in individual -langpack packages. For example, installing `langpacks-ja` pulls in -some CJK fonts and two input method plugins, but only if the packages -for those input methods are installed. The new mechanism is more +In the past, installation of localization packages (l10n) to provide fonts and translations for a language was done using comps groups. +This has been replaced by "rich dependencies" in individual langpack packages. +For example, installing `langpacks-ja` pulls in some CJK fonts and two input method plugins, but only if the packages for those input methods are installed. +The new mechanism is more flexible and easier to maintain. diff --git a/modules/release-notes/pages/sysadmin/Security.adoc b/modules/release-notes/pages/sysadmin/Security.adoc index 17d42fb..77f055b 100644 --- a/modules/release-notes/pages/sysadmin/Security.adoc +++ b/modules/release-notes/pages/sysadmin/Security.adoc @@ -12,16 +12,14 @@ This change brings Fedora in line with other major distributions, and provides u == Cryptsetup metadata format changed to LUKS2 The default metadata encryption format for full disk encryption has been changed from LUKS1 to LUKS2. -LUKS2 is an evolution of the standard that enables new features such as the Argon2 kdf for keyslots (alongside currently used PBKDF2), improved support for automatic activation, support for wrapped key ciphers (the `paes` cipher), and experimental authenticated encryption. +LUKS2 is an evolution of the standard that enables new features such as the Argon2 KDF for keyslots (alongside currently used PBKDF2), improved support for automatic activation, support for wrapped key ciphers (the `paes` cipher), and experimental authenticated encryption. LUKS1 continues to be supported. -Note that older boot media (Fedora 27 and earlier) do not provide a version of cryptsetup that can unlock LUKS2-encrypted volumes. This means a Fedora 27 or earlier installation ISO can not be used to rescue a system with LUKS2 encryption. +Note that older boot media (Fedora 27 and earlier) do not provide a version of `cryptsetup` that can unlock LUKS2-encrypted volumes. +This means a Fedora 27 or earlier installation ISO can not be used to rescue a system with LUKS2 encryption. -== Changes to libcrypt.so.1 +== Changes to libcrypt -The version of the `libcrypt.so.1` library included with Fedora 30 for POSIX compatibility has entirely removed the functionality of the `encrypt`, `encrypt_r`, `setkey`, `setkey_r`, and `fcrypt` functions, while keeping fully binary compatibility with existing (third party) applications possibly still using those functions. If such an application attempts to call one of these functions, the corresponding function will indicate that it is not supported by the system in a POSIX-compliant way. - -For security reasons, the `encrypt{,r}` functions will also overwrite their data-block argument with random bits. - -All existing binary executables linked against glibc's `libcrypt` should work unmodified with this version of the `libcrypt.so.1` library supplied by the `libxcrypt-compat` package. +A number of unsafe legacy functions have been removed from `libcrypt`, and a compatibility package is now provided for applications that rely on these functions. +For details, see xref:sysadmin/Security.adoc#distribution-libcrypt[Distribution-wide Changes]. diff --git a/modules/release-notes/pages/sysadmin/System_Utilities.adoc b/modules/release-notes/pages/sysadmin/System_Utilities.adoc index fc4f71b..dc67479 100644 --- a/modules/release-notes/pages/sysadmin/System_Utilities.adoc +++ b/modules/release-notes/pages/sysadmin/System_Utilities.adoc @@ -6,14 +6,8 @@ include::{partialsdir}/entities.adoc[] == NFS server is configured with `/etc/nfs.conf` instead of `/etc/sysconfig/nfs` -Since the beginning `/etc/sysconfig/nfs` has been used to configure -the NFS server daemons by specifying extra command-line arguments with -which the daemon executable should be invoked. This mechanism has been -replaced by the configuration file `/etc/nfs.conf`. Each of the -services that compose the NFS server stack reads this file on its own -and uses the relevant parts and `/etc/sysconfig/nfs` is not read -anymore. +Since the beginning, `/etc/sysconfig/nfs` has been used to configure NFS server daemons by specifying extra command-line arguments with which the daemon executable should be invoked. +This mechanism has been replaced by the configuration file `/etc/nfs.conf`. +Each of the services that compose the NFS server stack reads this file on its own and uses the relevant parts, and `/etc/sysconfig/nfs` is not read anymore. -On upgrades, automatic conversion from `/etc/sysconfig/nfs` to -`/etc/nfs.conf` is performed by the `nfs-convert.service` systemd -service. +On upgrades, automatic conversion from `/etc/sysconfig/nfs` to `/etc/nfs.conf` is performed by the `nfs-convert.service` systemd service.