All,
Many packages have been masked in the tree for months - years with no
signs of fixes.
I am particularly concerned about packages with known security
vulnerabilities staying in the main tree masked. If people want to keep
using those packages, I don't want to stop them, but packages like this
should be in an overlay, not the main tree.
On 28 Jan, I will go through this list again, from oldest to newest,
first focusing on packages with known security issues. Any of these that
I find still in p.mask or with no fixes but still in the
main tree will be removed then.
# Patrick Lauer (24 Nov 2014)
# Missing deps, uninstallable
app-misc/email2trac
www-apps/trac-downloads
# Jauhien Piatlicki (5 Oct 2014)
# Masked because of bug 524390: privilege escalation
# until upstream fixes this security issue.
# Use at your own risk
(04 Sep 2014)
# Security mask, wrt bugs #488212, #498164, #500260,
# #507802 and #518718
(03 Sep 2014)
# Markos Chandras (02 Sep 2014)
# MSN service terminated.
# You can still use your MSN account in net-im/skype
# or switch to an open protocol instead
# Masked for removal in 30 days
net-im/amsn
x11-themes/amsn-skins
# Christian Faulhammer (02 Sep 2014)
# website not working anymore and will stay like this,
# tool is useless. See bug 504734
app-admin/hwreport
# Ulrich Müller (15 Jul 2014)
# Permanently mask sys-libs/lib-compat and its reverse dependencies,
# pending multiple security vulnerabilities and QA issues.
# See bugs #515926 and #510960.
sys-libs/lib-compat
sys-libs/lib-compat-loki
games-action/mutantstorm-demo
games-action/phobiaii
games-emulation/handy
games-fps/rtcw
games-fps/unreal
games-strategy/heroes3
games-strategy/heroes3-demo
games-strategy/smac
sys-block/afacli
# Mike Gilbert (13 Jun 2014)
# Masked due to security bug 499870.
# Please migrate to net-misc/libreswan.
# If you are a Gentoo developer, feel free to pick up maintenence of openswan
# and remove this mask after resolving the security issue.
net-misc/openswan
# Mike Gilbert (10 Jun 2014)
# Tom Wijsman (8 Jun 2014)
# Mask VLC ebuilds that are affected with security bug CVE-2013-6934:
#
# A vulnerability has been discovered in VLC Media Player, which can be
# exploited by malicious people to compromise a user's system.
#
# Some ebuilds also have other buffer and integer overflow security bugs like
# CVE-2013-1954, CVE-2013-3245, CVE-2013-4388 and CVE-2013-6283.
#
# Users should consider to upgrade VLC Media Player to at least version 2.1.2.
(6 Jun 2014)
# Tom Wijsman (6 Jun 2014)
# Mask gentoo-sources ebuilds that are affected with security bug CVE-2014-3153.
#
# Pinkie Pie discovered an issue in the futex subsystem that allows a
# local user to gain ring 0 control via the futex syscall. An
# unprivileged user could use this flaw to crash the kernel (resulting
# in denial of service) or for privilege escalation.
#
# https://bugs.gentoo.org/show_bug.cgi?id=CVE-2014-3153
=sys-kernel/gentoo-sources-3.2.58-r2
~sys-kernel/gentoo-sources-3.4.90
=sys-kernel/gentoo-sources-3.4.91
~sys-kernel/gentoo-sources-3.10.40
=sys-kernel/gentoo-sources-3.10.41
~sys-kernel/gentoo-sources-3.12.20
=sys-kernel/gentoo-sources-3.12.21
~sys-kernel/gentoo-sources-3.14.4
=sys-kernel/gentoo-sources-3.14.5
# Tom Wijsman (30 May 2014)
# CVE-2012-1721 - Remote Code Execution Vulnerability
#
# Vulnerable: IBM Java SE 5.0 SR12-FP5
# URL:http://www.securityfocus.com/bid/53959/
dev-java/ibm-jdk-bin:1.5
# Alexander Vershilov (02 Apr 2014)
# Multiple vulnerabilities, see #504724, #505860
(26 Mar 2014)
# Affected by multiple vulnerabilities, #445916, #471098 and #472280
(20 Mar 2014)
# Security mask of vulnerable versions, wrt bug #424167
(9 Jul 2013)
# Masked for security bug 450746, CVE-2012-6095
(30 Oct 2011)
# Masked for security bug #294253, use only at your own risk!
=media-libs/fmod-3*
games-puzzle/candycrisis
games-simulation/stoned-bin
games-sports/racer-bin
games-strategy/dark-oberon
games-strategy/savage-bin
# Chris Gianelloni (03 Mar 2008)
# Masking due to security bug #194607 and security bug #204067
games-fps/doom3
games-fps/doom3-cdoom
games-fps/doom3-chextrek
games-fps/doom3-data
games-fps/doom3-demo
games-fps/doom3-ducttape
games-fps/doom3-eventhorizon
games-fps/doom3-hellcampaign
games-fps/doom3-inhell
games-fps/doom3-lms
games-fps/doom3-mitm
games-fps/doom3-phantasm
games-fps/doom3-roe
games-fps/quake4-bin
games-fps/quake4-data
games-fps/quake4-demo
# Tavis Ormandy (21 Mar 2006)
# masked pending unresolved security issues #127167
games-roguelike/slashem
# Tavis Ormandy (21 Mar 2006)
# masked pending unresolved security issues #125902
games-roguelike/nethack
games-util/hearse
# (01 Apr 2004)
# The following packages contain a remotely-exploitable
# security vulnerability and have been hard masked accordingly.
#
# Please see http://bugs.gentoo.org/show_bug.cgi?id=44351 for more info
#
games-fps/unreal-tournament-goty
games-fps/unreal-tournament-strikeforce
games-fps/unreal-tournament-bo