On Tue, 6 Jan 2015 17:47:10 -0600 William Hubbs wrote: > All, > > these packages have been masked in the tree for months - years with no > signs of fixes.
Some of them are binary packages or have no fixes upstream. If there are no alternatives in tree for a package, and it works fine (despite some bugs or issues), then let it be. If package is broken, doesn't compile and upstream is dead, this is a possible candidate for removal. > # Ulrich Müller <[email protected]> (15 Jul 2014) > # Permanently mask sys-libs/lib-compat and its reverse dependencies, > # pending multiple security vulnerabilities and QA issues. > # See bugs #515926 This is just QA. > games-fps/rtcw Works fine here. While there are possible security issues due to 510960, it is perfectly safe to be used in isolated environment (e.g. a local game in a separate container). > # Chris Gianelloni <[email protected]> (03 Mar 2008) > # Masking due to security bug #194607 and security bug #204067 > games-fps/doom3 > games-fps/doom3-cdoom > games-fps/doom3-chextrek > games-fps/doom3-data > games-fps/doom3-demo > games-fps/doom3-ducttape > games-fps/doom3-eventhorizon > games-fps/doom3-hellcampaign > games-fps/doom3-inhell > games-fps/doom3-lms > games-fps/doom3-mitm > games-fps/doom3-phantasm > games-fps/doom3-roe Only doom3 is vulnerable here, other pacakegs s are just deps. Both vulnerabilities are remote, so local users (e.g. if someone just wants to play original doom3 without multiplayer game) are perfectly safe. Yet this issue may be fixed: doom3 released source code under GPL-3: https://github.com/id-Software/DOOM-3 Maybe doom3 should be renamed to doom3-bin (if someone needs it for whatever reason), and doom3 should be readded as a GPL-3 version. Doom3 build from source works great for me. Security issues are just format string handlings and should be easy to fix with source code available, though considering how picky is games team for changing network code outside of upstream, I really doubt such patches have a chance to come to the tree. > # Tavis Ormandy <[email protected]> (21 Mar 2006) > # masked pending unresolved security issues #127167 > games-roguelike/slashem > > # Tavis Ormandy <[email protected]> (21 Mar 2006) > # masked pending unresolved security issues #125902 > games-roguelike/nethack > games-util/hearse Upstream doesn't consider these issues as bugs at all. This is a clash of incompatible permission policies by games team and nethack. Best regards, Andrew Savchenko
pgpLkk8l7IE8D.pgp
Description: PGP signature
