[gentoo-dev] [PATCH v2] 2021-08-01-tcpd-disabled: Remove USE=tcpd from make.defaults

public inbox for gentoo-dev@lists.gentoo.org
 help / color / mirror / Atom feed

* [gentoo-dev] [PATCH v2] 2021-08-01-tcpd-disabled: Remove USE=tcpd from make.defaults
@ 2021-07-29 20:40 David Seifert
  2021-07-29 21:21 ` Alexey Sokolov
  0 siblings, 1 reply; 2+ messages in thread
From: David Seifert @ 2021-07-29 20:40 UTC (permalink / raw
  To: gentoo-dev; +Cc: David Seifert

Signed-off-by: David Seifert <soap@gentoo.org>
---
 .../2021-08-01-tcpd-disabled.en.txt           | 68 +++++++++++++++++++
 1 file changed, 68 insertions(+)
 create mode 100644 2021-08-01-tcpd-disabled/2021-08-01-tcpd-disabled.en.txt

diff --git a/2021-08-01-tcpd-disabled/2021-08-01-tcpd-disabled.en.txt b/2021-08-01-tcpd-disabled/2021-08-01-tcpd-disabled.en.txt
new file mode 100644
index 0000000..977be80
--- /dev/null
+++ b/2021-08-01-tcpd-disabled/2021-08-01-tcpd-disabled.en.txt
@@ -0,0 +1,68 @@
+Title: USE=tcpd no longer globally enabled
+Author: David Seifert <soap@gentoo.org>
+Posted: 2021-08-01
+Revision: 1
+News-Item-Format: 2.0
+Display-If-Profile: default/linux/*
+Display-If-Installed: net-analyzer/argus-clients[tcpd]
+Display-If-Installed: net-ftp/proftpd[tcpd]
+Display-If-Installed: app-admin/conserver[tcpd]
+Display-If-Installed: app-admin/prelude-manager[tcpd]
+Display-If-Installed: app-admin/qpage[tcpd]
+Display-If-Installed: app-admin/syslog-ng[tcpd]
+Display-If-Installed: app-backup/bacula[tcpd]
+Display-If-Installed: app-backup/bareos[tcpd]
+Display-If-Installed: app-misc/mosquitto[tcpd]
+Display-If-Installed: dev-libs/yaz[tcpd]
+Display-If-Installed: gnome-base/gdm[tcpd]
+Display-If-Installed: mail-mta/exim[tcpd]
+Display-If-Installed: mail-mta/sendmail[tcpd]
+Display-If-Installed: media-sound/pulseaudio[tcpd]
+Display-If-Installed: net-analyzer/argus[tcpd]
+Display-If-Installed: net-analyzer/net-snmp[tcpd]
+Display-If-Installed: net-analyzer/nrpe[tcpd]
+Display-If-Installed: net-analyzer/nsca[tcpd]
+Display-If-Installed: net-analyzer/rrdtool[tcpd]
+Display-If-Installed: net-fs/netatalk[tcpd]
+Display-If-Installed: net-fs/nfs-utils[tcpd]
+Display-If-Installed: net-ftp/atftp[tcpd]
+Display-If-Installed: net-ftp/tftp-hpa[tcpd]
+Display-If-Installed: net-ftp/vsftpd[tcpd]
+Display-If-Installed: net-irc/ngircd[tcpd]
+Display-If-Installed: net-mail/cyrus-imapd[tcpd]
+Display-If-Installed: net-mail/dovecot[tcpd]
+Display-If-Installed: net-mail/mailutils[tcpd]
+Display-If-Installed: net-mail/tpop3d[tcpd]
+Display-If-Installed: net-misc/apt-cacher-ng[tcpd]
+Display-If-Installed: net-misc/ser2net[tcpd]
+Display-If-Installed: net-misc/socat[tcpd]
+Display-If-Installed: net-misc/sslh[tcpd]
+Display-If-Installed: net-misc/stunnel[tcpd]
+Display-If-Installed: net-misc/usbip[tcpd]
+Display-If-Installed: net-nds/openldap[tcpd]
+Display-If-Installed: net-nds/rpcbind[tcpd]
+Display-If-Installed: net-nds/tac_plus[tcpd]
+Display-If-Installed: net-proxy/dante[tcpd]
+Display-If-Installed: net-vpn/ocserv[tcpd]
+Display-If-Installed: net-vpn/pptpd[tcpd]
+Display-If-Installed: sci-libs/dcmtk[tcpd]
+Display-If-Installed: sys-apps/linux-misc-apps[tcpd]
+Display-If-Installed: sys-apps/xinetd[tcpd]
+Display-If-Installed: sys-fs/quota[tcpd]
+Display-If-Installed: sys-power/nut[tcpd]
+
+On 2021-11-01, we will remove USE="tcpd" from the globally default
+enabled USE flags (bug #805077). USE="tcpd" usually enables
+sys-apps/tcp-wrappers for an ad hoc firewall based on /etc/hosts.allow
+and /etc/hosts.deny.
+
+The Base System project has come to the conclusion that 24 years after
+the last upstream release, tcp-wrappers is not suitable for a default
+configuration in 2021 anymore. Other distributions have completely
+removed support at this point. We strongly recommend you switch to more
+modern packet filters, such as BPF, nftables, or iptables. If you rely
+on tcp-wrappers, you can re-enable the flag, see
+
+  https://wiki.gentoo.org/wiki//etc/portage/package.use
+
+for package-specific ways to re-enable tcp-wrappers.
-- 
2.32.0



^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [gentoo-dev] [PATCH v2] 2021-08-01-tcpd-disabled: Remove USE=tcpd from make.defaults
  2021-07-29 20:40 [gentoo-dev] [PATCH v2] 2021-08-01-tcpd-disabled: Remove USE=tcpd from make.defaults David Seifert
@ 2021-07-29 21:21 ` Alexey Sokolov
  0 siblings, 0 replies; 2+ messages in thread
From: Alexey Sokolov @ 2021-07-29 21:21 UTC (permalink / raw
  To: gentoo-dev

29.07.2021 21:40, David Seifert пишет:
> Signed-off-by: David Seifert <soap@gentoo.org>
> ---
>  .../2021-08-01-tcpd-disabled.en.txt           | 68 +++++++++++++++++++
>  1 file changed, 68 insertions(+)
>  create mode 100644 2021-08-01-tcpd-disabled/2021-08-01-tcpd-disabled.en.txt
> 
> diff --git a/2021-08-01-tcpd-disabled/2021-08-01-tcpd-disabled.en.txt b/2021-08-01-tcpd-disabled/2021-08-01-tcpd-disabled.en.txt
> new file mode 100644
> index 0000000..977be80
> --- /dev/null
> +++ b/2021-08-01-tcpd-disabled/2021-08-01-tcpd-disabled.en.txt
> @@ -0,0 +1,68 @@
> +Title: USE=tcpd no longer globally enabled
> +Author: David Seifert <soap@gentoo.org>
> +Posted: 2021-08-01
> +Revision: 1
> +News-Item-Format: 2.0
> +Display-If-Profile: default/linux/*
> +Display-If-Installed: net-analyzer/argus-clients[tcpd]
> +Display-If-Installed: net-ftp/proftpd[tcpd]
> +Display-If-Installed: app-admin/conserver[tcpd]
> +Display-If-Installed: app-admin/prelude-manager[tcpd]
> +Display-If-Installed: app-admin/qpage[tcpd]
> +Display-If-Installed: app-admin/syslog-ng[tcpd]
> +Display-If-Installed: app-backup/bacula[tcpd]
> +Display-If-Installed: app-backup/bareos[tcpd]
> +Display-If-Installed: app-misc/mosquitto[tcpd]
> +Display-If-Installed: dev-libs/yaz[tcpd]
> +Display-If-Installed: gnome-base/gdm[tcpd]
> +Display-If-Installed: mail-mta/exim[tcpd]
> +Display-If-Installed: mail-mta/sendmail[tcpd]
> +Display-If-Installed: media-sound/pulseaudio[tcpd]
> +Display-If-Installed: net-analyzer/argus[tcpd]
> +Display-If-Installed: net-analyzer/net-snmp[tcpd]
> +Display-If-Installed: net-analyzer/nrpe[tcpd]
> +Display-If-Installed: net-analyzer/nsca[tcpd]
> +Display-If-Installed: net-analyzer/rrdtool[tcpd]
> +Display-If-Installed: net-fs/netatalk[tcpd]
> +Display-If-Installed: net-fs/nfs-utils[tcpd]
> +Display-If-Installed: net-ftp/atftp[tcpd]
> +Display-If-Installed: net-ftp/tftp-hpa[tcpd]
> +Display-If-Installed: net-ftp/vsftpd[tcpd]
> +Display-If-Installed: net-irc/ngircd[tcpd]
> +Display-If-Installed: net-mail/cyrus-imapd[tcpd]
> +Display-If-Installed: net-mail/dovecot[tcpd]
> +Display-If-Installed: net-mail/mailutils[tcpd]
> +Display-If-Installed: net-mail/tpop3d[tcpd]
> +Display-If-Installed: net-misc/apt-cacher-ng[tcpd]
> +Display-If-Installed: net-misc/ser2net[tcpd]
> +Display-If-Installed: net-misc/socat[tcpd]
> +Display-If-Installed: net-misc/sslh[tcpd]
> +Display-If-Installed: net-misc/stunnel[tcpd]
> +Display-If-Installed: net-misc/usbip[tcpd]
> +Display-If-Installed: net-nds/openldap[tcpd]
> +Display-If-Installed: net-nds/rpcbind[tcpd]
> +Display-If-Installed: net-nds/tac_plus[tcpd]
> +Display-If-Installed: net-proxy/dante[tcpd]
> +Display-If-Installed: net-vpn/ocserv[tcpd]
> +Display-If-Installed: net-vpn/pptpd[tcpd]
> +Display-If-Installed: sci-libs/dcmtk[tcpd]
> +Display-If-Installed: sys-apps/linux-misc-apps[tcpd]
> +Display-If-Installed: sys-apps/xinetd[tcpd]
> +Display-If-Installed: sys-fs/quota[tcpd]
> +Display-If-Installed: sys-power/nut[tcpd]
> +
> +On 2021-11-01, we will remove USE="tcpd" from the globally default
> +enabled USE flags (bug #805077). USE="tcpd" usually enables

Please make the bug a full bug URL; such short form can be very
surprising for someone not familiar with gentoo development

> +sys-apps/tcp-wrappers for an ad hoc firewall based on /etc/hosts.allow
> +and /etc/hosts.deny.
> +
> +The Base System project has come to the conclusion that 24 years after
> +the last upstream release, tcp-wrappers is not suitable for a default
> +configuration in 2021 anymore. Other distributions have completely
> +removed support at this point. We strongly recommend you switch to more
> +modern packet filters, such as BPF, nftables, or iptables. If you rely
> +on tcp-wrappers, you can re-enable the flag, see
> +
> +  https://wiki.gentoo.org/wiki//etc/portage/package.use
> +
> +for package-specific ways to re-enable tcp-wrappers.
> 


-- 
Best regards,
Alexey "DarthGandalf" Sokolov


^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2021-07-29 21:22 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-07-29 20:40 [gentoo-dev] [PATCH v2] 2021-08-01-tcpd-disabled: Remove USE=tcpd from make.defaults David Seifert
2021-07-29 21:21 ` Alexey Sokolov

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox