All,
Many packages have been masked in the tree for months - years with no
signs of fixes.
I am particularly concerned about packages with known security
vulnerabilities staying in the main tree masked. If people want to keep
using those packages, I don't want to stop them, but packages like this
should be in an overlay, not the main tree.
On 28 Jan, I will go through this list again, from oldest to newest,
first focusing on packages with known security issues. Any of these that
I find still in p.mask or with no fixes but still in the
main tree will be removed then.
# Patrick Lauer patr...@gentoo.org (24 Nov 2014)
# Missing deps, uninstallable
app-misc/email2trac
www-apps/trac-downloads
# Jauhien Piatlicki jauh...@gentoo.org (5 Oct 2014)
# Masked because of bug 524390: privilege escalation
# until upstream fixes this security issue.
# Use at your own risk
x11-misc/sddm-0.10.0
# Sergey Popov pinkb...@gentoo.org (04 Sep 2014)
# Security mask, wrt bugs #488212, #498164, #500260,
# #507802 and #518718
virtual/mysql-5.5
dev-db/mysql-5.5.39
dev-db/mariadb-5.5.39
# Chí-Thanh Christopher Nguyễn chith...@gentoo.org (03 Sep 2014)
# Markos Chandras hwoar...@gentoo.org (02 Sep 2014)
# MSN service terminated.
# You can still use your MSN account in net-im/skype
# or switch to an open protocol instead
# Masked for removal in 30 days
net-im/amsn
x11-themes/amsn-skins
# Christian Faulhammer fa...@gentoo.org (02 Sep 2014)
# website not working anymore and will stay like this,
# tool is useless. See bug 504734
app-admin/hwreport
# Ulrich Müller u...@gentoo.org (15 Jul 2014)
# Permanently mask sys-libs/lib-compat and its reverse dependencies,
# pending multiple security vulnerabilities and QA issues.
# See bugs #515926 and #510960.
sys-libs/lib-compat
sys-libs/lib-compat-loki
games-action/mutantstorm-demo
games-action/phobiaii
games-emulation/handy
games-fps/rtcw
games-fps/unreal
games-strategy/heroes3
games-strategy/heroes3-demo
games-strategy/smac
sys-block/afacli
# Mike Gilbert flop...@gentoo.org (13 Jun 2014)
# Masked due to security bug 499870.
# Please migrate to net-misc/libreswan.
# If you are a Gentoo developer, feel free to pick up maintenence of openswan
# and remove this mask after resolving the security issue.
net-misc/openswan
# Mike Gilbert flop...@gentoo.org (10 Jun 2014)
# Tom Wijsman tom...@gentoo.org (8 Jun 2014)
# Mask VLC ebuilds that are affected with security bug CVE-2013-6934:
#
# A vulnerability has been discovered in VLC Media Player, which can be
# exploited by malicious people to compromise a user's system.
#
# Some ebuilds also have other buffer and integer overflow security bugs like
# CVE-2013-1954, CVE-2013-3245, CVE-2013-4388 and CVE-2013-6283.
#
# Users should consider to upgrade VLC Media Player to at least version 2.1.2.
media-video/vlc-2.1.2
# Tom Wijsman tom...@gentoo.org (6 Jun 2014)
# Tom Wijsman tom...@gentoo.org (6 Jun 2014)
# Mask gentoo-sources ebuilds that are affected with security bug CVE-2014-3153.
#
# Pinkie Pie discovered an issue in the futex subsystem that allows a
# local user to gain ring 0 control via the futex syscall. An
# unprivileged user could use this flaw to crash the kernel (resulting
# in denial of service) or for privilege escalation.
#
# https://bugs.gentoo.org/show_bug.cgi?id=CVE-2014-3153
=sys-kernel/gentoo-sources-3.2.58-r2
~sys-kernel/gentoo-sources-3.4.90
=sys-kernel/gentoo-sources-3.4.91
~sys-kernel/gentoo-sources-3.10.40
=sys-kernel/gentoo-sources-3.10.41
~sys-kernel/gentoo-sources-3.12.20
=sys-kernel/gentoo-sources-3.12.21
~sys-kernel/gentoo-sources-3.14.4
=sys-kernel/gentoo-sources-3.14.5
# Tom Wijsman tom...@gentoo.org (30 May 2014)
# CVE-2012-1721 - Remote Code Execution Vulnerability
#
# Vulnerable: IBM Java SE 5.0 SR12-FP5
# URL:http://www.securityfocus.com/bid/53959/
dev-java/ibm-jdk-bin:1.5
# Alexander Vershilov qni...@gentoo.org (02 Apr 2014)
# Multiple vulnerabilities, see #504724, #505860
sys-kernel/openvz-sources-2.6.32.85.17
# Chí-Thanh Christopher Nguyễn chith...@gentoo.org (26 Mar 2014)
# Affected by multiple vulnerabilities, #445916, #471098 and #472280
media-libs/mesa-9.1.4
# Sergey Popov pinkb...@gentoo.org (20 Mar 2014)
# Security mask of vulnerable versions, wrt bug #424167
net-nds/openldap-2.4.35
# Michael Weber x...@gentoo.org (9 Jul 2013)
# Masked for security bug 450746, CVE-2012-6095
net-ftp/proftpd-1.3.4c
# Samuli Suominen ssuomi...@gentoo.org (30 Oct 2011)
# Masked for security bug #294253, use only at your own risk!
=media-libs/fmod-3*
games-puzzle/candycrisis
games-simulation/stoned-bin
games-sports/racer-bin
games-strategy/dark-oberon
games-strategy/savage-bin
# Chris Gianelloni wolf3...@gentoo.org (03 Mar 2008)
# Masking due to security bug #194607 and security bug #204067
games-fps/doom3
games-fps/doom3-cdoom
games-fps/doom3-chextrek
games-fps/doom3-data
games-fps/doom3-demo
games-fps/doom3-ducttape
games-fps/doom3-eventhorizon
games-fps/doom3-hellcampaign
games-fps/doom3-inhell