Distribution-wide Changes

Vagrant 2.2 is new major release, that includes many features, improvements, and and bug fixes. Using qemu:///session instead of qemu:///system allows Vagrant to run unprivileged.

The default shell bash has been updated to version 5.0. This release fixes several outstanding bugs in bash 4.4 and introduces several new features. The most significant bug fixes are an overhaul of how nameref variables resolve and a number of potential out-of-bounds memory errors discovered via fuzzing.

This update for one of the alternative shells contains many new features and some backwards incompatible changes. See the documentation for details.

Fedora 30 adds two new desktop environments for users with a graphical interface: Pantheon and Deepin. See the Desktop section for details.

In the next Fedora version (31) package openldap-servers will no longer ship with support for back-bdb or back-hdb. Users should migrate data to use back-mdb instead, which is fully supported, developed, and encouraged as the replacement by OpenLDAP upstream.

Apache Jakarta ORO, Apache Jakarta Commons Regexp, Apache Jakarta Commons HttpClient, and Apache Avalon packages are intended to be eventually removed from Fedora, but are kept in Fedora for some additional, indeterminate time for various reasons including maintaining backwards compatibility. They are now considered deprecated and no new code should use them.

This package is obsolete software. sonatype-oss-parent packages are intended to be eventually removed from Fedora, but are kept in Fedora for some additional, indeterminate time due to relatively large number of packages still depending on Sonatype OSS Parent. They are now considered deprecated and no new code should use them.

The last upstream release of Apache Maven 2.x was in November 2009, more than 9 years ago. Upstream declares that this version of Maven has reached its end of life, is no longer supported and that security vulnerability reports will not be addressed. It is still packaged in Fedora, but is deprecated and will be removed in one of the next releases.

The POSIX standard mandates the presence of certain encryption and hashing functions (encrypt, encrypt_r, setkey, setkey_r, fcrypt) that rely on the DES encryption algorithm which today is widely considered insecure and insufficient for applications which require sane data encryption. Library headers have been changed so that it is not possible to compile code using those functions.

The version of the libxcrypt package included with Fedora 30 now ships the libcrypt.so.2 library that omits those legacy functions.

For backwards compatibility, the libxcrypt-compat package which contains libcrypt.so.1 is provided. If you are using a third-party application that links against those functions, or that is linked against glibc’s libcrypt, you may need to install the libxcrypt-compat package manually.

In addition, those legacy functions have been replaced by stub implementations which immediately return an error when invoked. This means that it is still possible to execute binaries compiled to use those functions, but they cannot actually use those unsafe encryption algorithms silently.

The MongoDB database has recently changed its license from AGPL to a custom license called the Server Side Public License v1 (SSPL). Upon reviewing the new license, Fedora Project has determined that the the SSPL is not a free software license. As Fedora’s licensing policies prohibit the project from distributing non-free software, MongoDB would be impossible to update to new upstream versions, and it is therefore being removed from Fedora.

The following packages are being removed:

Other packages will remain in Fedora but will be adapted to MongoDB removal: