Removal of gpe-* (Was: [gentoo-dev] stepping out)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 12.10.2014 20:47, Angelo Arrifano wrote: > > packages: - * gpe-* We should probably talk about removal > of the gpe category. GPE made sense when Linux in cellphones was > still on its infancy. Nowadays I doubt anymore is using it > anymore. What is the current status on this matter? Is gpe-* still in development/use nowadays? There are several build failures on gpe-*: https://bugs.gentoo.org/buglist.cgi?quicksearch=gpe Plus repo.eapi.deprecated gpe-base/gpe-icons/gpe-icons-0.25.ebuild: 1 repo.eapi.deprecated gpe-base/libgpepimc/libgpepimc-0.9.ebuild: 1 which need to be converted otherwise to a more recent EAPI. Should I fill a bug requesting the removal of gpe-*? Cheers, Manuel -BEGIN PGP SIGNATURE- Version: GnuPG v2.0 iQJ8BAEBCgBmBQJUrDWaXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ4MDA1RERERkM0ODM2QkE4MEY3NzY0N0M1 OEZCQTM2QzhEOUQ2MzVDAAoJEFj7o2yNnWNcD/wP/2KHCSnnj2eJL7FlNs4dDIQ8 61sAlHDMqoZ//evl8wOlxk5aKU/+cgzWNw1NFGhcmY4vs1T/q5B4b1uNONY+zSfl 9aiAOWlZlg5+9WTSQ1V+DbgMmAi//LwDHFI1rcYquEXkq/OqXVkAGCyH3clbmDJ9 7ZNx94GeT6iXzMOz0D/jg2TmWSry7rFr77kBhZDZ1QJBei5tMuJR6AmVzYgmwFv0 F0/uWD3KYGnhEWUdymvX+exJFcAVUfXhcjXHDqTpKnAa8ciYAOI5vAovtq6uhXSj 7chyBT6ENlY35oaY2zOwq5ySpkh/ezAw6w/FwOX/xvCiXiNqrvz7obWC4AaJ4Cr7 Z/vm7gUQhNjF1eLgcDfHYk6J7aWadkP1Dckiv48+GKMVvliekGgzFOiYf8jMlwMi 9ue3MfJOKtcX0hOY7LhgcOLVFelIv2iIaUJO0XmK/XOmRvTb1Pno+OXTNaaOkh3P 2Qg6o5EEeLYJXHBaM1TgHnHhtNE2c//3QiJU64zGUtgHsxUSPOSCSg4ik9BtjXAl 4no9ml5EjRHVxOVuHUk3WCY+f/8cvLgaMLmcHdWyN/KZGK+uXmBrSfC1r9UtDvEp 3+srFwkjlXlpzipnyyhxCruSRTqLo9JTFhbkDcqoyhlkV1kzsgzRTlQSNItfmpRJ NTHS9JvGEfEIE1uOgwcm =zCM9 -END PGP SIGNATURE-
Re: Removal of gpe-* (Was: [gentoo-dev] stepping out)
El mar, 06-01-2015 a las 20:20 +0100, Manuel Rüger escribió: [...] > Should I fill a bug requesting the removal of gpe-*? > >From a "treecleaner" point of view, please do, to ensure we don't forget about this (also, if possible, pointing to the mail thread for future reference).
Re: Removal of gpe-* (Was: [gentoo-dev] stepping out)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 06.01.2015 20:48, Pacho Ramos wrote: > El mar, 06-01-2015 a las 20:20 +0100, Manuel Rüger escribió: [...] >> Should I fill a bug requesting the removal of gpe-*? >> > > From a "treecleaner" point of view, please do, to ensure we don't > forget about this (also, if possible, pointing to the mail thread > for future reference). > > I've filled https://bugs.gentoo.org/show_bug.cgi?id=535844 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0 iQJ8BAEBCgBmBQJUrFcNXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ4MDA1RERERkM0ODM2QkE4MEY3NzY0N0M1 OEZCQTM2QzhEOUQ2MzVDAAoJEFj7o2yNnWNcaaQQAId+nEW73T2pkCx+BkywSBqw caQgiJQSDVozXNpNWirxXggAxGYL9mmzgQ5mrEpr7g42rbVnsSG76gBQxCU5jSW0 zgRVcv80OtkuLD2X/+ipKGpiuchgK7zlNslgVMrAV5MUjY6ANt75K4wfp6txVFWO yP3qz2f/tP/OLJTs2kjyeBwDRDwLCnMYQJd1zb8K5OqqSuygLnt90bO8orGL4WQw FPwAuZDzELUBrouGx4mlvhUv4112pePXjfOBl6TMHxaqAm4Mjk5F9DppXAkzqak2 I5YFGtRzRCKWJIOMNfBAlTOK9Kqn+YKHQ47mB51kaQDfUKjT7PYgE2y4f7TyEJS2 Wi2XfAr1Ygh2eaA0snp2Ec7HTILjgiD6U+MF0jufQAWyzThaioV8NxL5mQwpliTZ VYDlZMXp/DijtrEU6krylRffXudbTLbg7XAw6rPLbsaOpQHjMyEJvHvWq7Fd14SQ rAGAWRZtPqizdG5HVndFjQtYSGvSQNscZ2JVddNFOcXL+q+kpC2RSBynQwPlrQUn mLNr6DgifBsSfOVkAowEuwj2wAZQ0ZvKhOvJREJaq2Q2XiVxO38n4VtX+pr0JqN1 Z+pNtfyc7X9Uunl6Gp19EZBt4Uwc/XdBUiuqNd1K6UyQKj1Spimgx5aJWr8FR1RE L4rHfEiCFA4rKw3KOpXR =/KbG -END PGP SIGNATURE-
[gentoo-dev] qa last rites -- long list
All, Many packages have been masked in the tree for months - years with no signs of fixes. I am particularly concerned about packages with known security vulnerabilities staying in the main tree masked. If people want to keep using those packages, I don't want to stop them, but packages like this should be in an overlay, not the main tree. On 28 Jan, I will go through this list again, from oldest to newest, first focusing on packages with known security issues. Any of these that I find still in p.mask or with no fixes but still in the main tree will be removed then. # Patrick Lauer (24 Nov 2014) # Missing deps, uninstallable app-misc/email2trac www-apps/trac-downloads # Jauhien Piatlicki (5 Oct 2014) # Masked because of bug 524390: privilege escalation # until upstream fixes this security issue. # Use at your own risk (04 Sep 2014) # Security mask, wrt bugs #488212, #498164, #500260, # #507802 and #518718 (03 Sep 2014) # Markos Chandras (02 Sep 2014) # MSN service terminated. # You can still use your MSN account in net-im/skype # or switch to an open protocol instead # Masked for removal in 30 days net-im/amsn x11-themes/amsn-skins # Christian Faulhammer (02 Sep 2014) # website not working anymore and will stay like this, # tool is useless. See bug 504734 app-admin/hwreport # Ulrich Müller (15 Jul 2014) # Permanently mask sys-libs/lib-compat and its reverse dependencies, # pending multiple security vulnerabilities and QA issues. # See bugs #515926 and #510960. sys-libs/lib-compat sys-libs/lib-compat-loki games-action/mutantstorm-demo games-action/phobiaii games-emulation/handy games-fps/rtcw games-fps/unreal games-strategy/heroes3 games-strategy/heroes3-demo games-strategy/smac sys-block/afacli # Mike Gilbert (13 Jun 2014) # Masked due to security bug 499870. # Please migrate to net-misc/libreswan. # If you are a Gentoo developer, feel free to pick up maintenence of openswan # and remove this mask after resolving the security issue. net-misc/openswan # Mike Gilbert (10 Jun 2014) # Tom Wijsman (8 Jun 2014) # Mask VLC ebuilds that are affected with security bug CVE-2013-6934: # # A vulnerability has been discovered in VLC Media Player, which can be # exploited by malicious people to compromise a user's system. # # Some ebuilds also have other buffer and integer overflow security bugs like # CVE-2013-1954, CVE-2013-3245, CVE-2013-4388 and CVE-2013-6283. # # Users should consider to upgrade VLC Media Player to at least version 2.1.2. (6 Jun 2014) # Tom Wijsman (6 Jun 2014) # Mask gentoo-sources ebuilds that are affected with security bug CVE-2014-3153. # # Pinkie Pie discovered an issue in the futex subsystem that allows a # local user to gain ring 0 control via the futex syscall. An # unprivileged user could use this flaw to crash the kernel (resulting # in denial of service) or for privilege escalation. # # https://bugs.gentoo.org/show_bug.cgi?id=CVE-2014-3153 =sys-kernel/gentoo-sources-3.2.58-r2 ~sys-kernel/gentoo-sources-3.4.90 =sys-kernel/gentoo-sources-3.4.91 ~sys-kernel/gentoo-sources-3.10.40 =sys-kernel/gentoo-sources-3.10.41 ~sys-kernel/gentoo-sources-3.12.20 =sys-kernel/gentoo-sources-3.12.21 ~sys-kernel/gentoo-sources-3.14.4 =sys-kernel/gentoo-sources-3.14.5 # Tom Wijsman (30 May 2014) # CVE-2012-1721 - Remote Code Execution Vulnerability # # Vulnerable: IBM Java SE 5.0 SR12-FP5 # URL:http://www.securityfocus.com/bid/53959/ dev-java/ibm-jdk-bin:1.5 # Alexander Vershilov (02 Apr 2014) # Multiple vulnerabilities, see #504724, #505860 (26 Mar 2014) # Affected by multiple vulnerabilities, #445916, #471098 and #472280 (20 Mar 2014) # Security mask of vulnerable versions, wrt bug #424167 (9 Jul 2013) # Masked for security bug 450746, CVE-2012-6095 (30 Oct 2011) # Masked for security bug #294253, use only at your own risk! =media-libs/fmod-3* games-puzzle/candycrisis games-simulation/stoned-bin games-sports/racer-bin games-strategy/dark-oberon games-strategy/savage-bin # Chris Gianelloni (03 Mar 2008) # Masking due to security bug #194607 and security bug #204067 games-fps/doom3 games-fps/doom3-cdoom games-fps/doom3-chextrek games-fps/doom3-data games-fps/doom3-demo games-fps/doom3-ducttape games-fps/doom3-eventhorizon games-fps/doom3-hellcampaign games-fps/doom3-inhell games-fps/doom3-lms games-fps/doom3-mitm games-fps/doom3-phantasm games-fps/doom3-roe games-fps/quake4-bin games-fps/quake4-data games-fps/quake4-demo # Tavis Ormandy (21 Mar 2006) # masked pending unresolved security issues #127167 games-roguelike/slashem # Tavis Ormandy (21 Mar 2006) # masked pending unresolved security issues #125902 games-roguelike/nethack games-util/hearse # (01 Apr 2004) # The following packages contain a remotely-exploitable # security vulnerability and have been hard masked accordingly. # # Please see http://bugs.gentoo.org/show_bug.cgi?id=44351 for more info # games-fps/unreal-tournament-goty games-fps/unreal-tournament-strikeforce games-fps/unreal-tournament-bo
[gentoo-dev] qa last rites multiple packages
All, these packages have been masked in the tree for months - years with no signs of fixes. I am particularly concerned about packages with known security vulnerabilities staying in the main tree masked. If people want to keep using those packages, I don't want to stop them, but packages like this should not be in the main tree. On 28 Jan, I will go through this list again, from oldest to newest, first focusing on packages with known security issues. Any of these that I find still in p.mask or with no activity on them but still in the main tree will be removed then. # Patrick Lauer (24 Nov 2014) # Missing deps, uninstallable app-misc/email2trac www-apps/trac-downloads # Jauhien Piatlicki (5 Oct 2014) # Masked because of bug 524390: privilege escalation # until upstream fixes this security issue. # Use at your own risk (04 Sep 2014) # Security mask, wrt bugs #488212, #498164, #500260, # #507802 and #518718 (03 Sep 2014) # Markos Chandras (02 Sep 2014) # MSN service terminated. # You can still use your MSN account in net-im/skype # or switch to an open protocol instead # Masked for removal in 30 days net-im/amsn x11-themes/amsn-skins # Christian Faulhammer (02 Sep 2014) # website not working anymore and will stay like this, # tool is useless. See bug 504734 app-admin/hwreport # Ulrich Müller (15 Jul 2014) # Permanently mask sys-libs/lib-compat and its reverse dependencies, # pending multiple security vulnerabilities and QA issues. # See bugs #515926 and #510960. sys-libs/lib-compat sys-libs/lib-compat-loki games-action/mutantstorm-demo games-action/phobiaii games-emulation/handy games-fps/rtcw games-fps/unreal games-strategy/heroes3 games-strategy/heroes3-demo games-strategy/smac sys-block/afacli # Mike Gilbert (13 Jun 2014) # Masked due to security bug 499870. # Please migrate to net-misc/libreswan. # If you are a Gentoo developer, feel free to pick up maintenence of openswan # and remove this mask after resolving the security issue. net-misc/openswan # Mike Gilbert (10 Jun 2014) # Tom Wijsman (8 Jun 2014) # Mask VLC ebuilds that are affected with security bug CVE-2013-6934: # # A vulnerability has been discovered in VLC Media Player, which can be # exploited by malicious people to compromise a user's system. # # Some ebuilds also have other buffer and integer overflow security bugs like # CVE-2013-1954, CVE-2013-3245, CVE-2013-4388 and CVE-2013-6283. # # Users should consider to upgrade VLC Media Player to at least version 2.1.2. (6 Jun 2014) # Tom Wijsman (6 Jun 2014) # Mask gentoo-sources ebuilds that are affected with security bug CVE-2014-3153. # # Pinkie Pie discovered an issue in the futex subsystem that allows a # local user to gain ring 0 control via the futex syscall. An # unprivileged user could use this flaw to crash the kernel (resulting # in denial of service) or for privilege escalation. # # https://bugs.gentoo.org/show_bug.cgi?id=CVE-2014-3153 =sys-kernel/gentoo-sources-3.2.58-r2 ~sys-kernel/gentoo-sources-3.4.90 =sys-kernel/gentoo-sources-3.4.91 ~sys-kernel/gentoo-sources-3.10.40 =sys-kernel/gentoo-sources-3.10.41 ~sys-kernel/gentoo-sources-3.12.20 =sys-kernel/gentoo-sources-3.12.21 ~sys-kernel/gentoo-sources-3.14.4 =sys-kernel/gentoo-sources-3.14.5 # Tom Wijsman (30 May 2014) # CVE-2012-1721 - Remote Code Execution Vulnerability # # Vulnerable: IBM Java SE 5.0 SR12-FP5 # URL:http://www.securityfocus.com/bid/53959/ dev-java/ibm-jdk-bin:1.5 # Alexander Vershilov (02 Apr 2014) # Multiple vulnerabilities, see #504724, #505860 (26 Mar 2014) # Affected by multiple vulnerabilities, #445916, #471098 and #472280 (20 Mar 2014) # Security mask of vulnerable versions, wrt bug #424167 (9 Jul 2013) # Masked for security bug 450746, CVE-2012-6095 (30 Oct 2011) # Masked for security bug #294253, use only at your own risk! =media-libs/fmod-3* games-puzzle/candycrisis games-simulation/stoned-bin games-sports/racer-bin games-strategy/dark-oberon games-strategy/savage-bin # Chris Gianelloni (03 Mar 2008) # Masking due to security bug #194607 and security bug #204067 games-fps/doom3 games-fps/doom3-cdoom games-fps/doom3-chextrek games-fps/doom3-data games-fps/doom3-demo games-fps/doom3-ducttape games-fps/doom3-eventhorizon games-fps/doom3-hellcampaign games-fps/doom3-inhell games-fps/doom3-lms games-fps/doom3-mitm games-fps/doom3-phantasm games-fps/doom3-roe games-fps/quake4-bin games-fps/quake4-data games-fps/quake4-demo # Tavis Ormandy (21 Mar 2006) # masked pending unresolved security issues #127167 games-roguelike/slashem # Tavis Ormandy (21 Mar 2006) # masked pending unresolved security issues #125902 games-roguelike/nethack games-util/hearse # (01 Apr 2004) # The following packages contain a remotely-exploitable # security vulnerability and have been hard masked accordingly. # # Please see http://bugs.gentoo.org/show_bug.cgi?id=44351 for more info # games-fps/unreal-tournament-goty games-fps/unreal-tournament-strikeforce games-fps/unreal-tournament-bo
[gentoo-dev] Nominate global USE-flag harfbuzz
$ grep :harfbuzz profiles/use*desc profiles/use.local.desc:dev-libs/efl:harfbuzz - Enable complex text shaping and layout support. profiles/use.local.desc:dev-qt/qtgui:harfbuzz - Use media-libs/harfbuzz for text shaping (experimental in Qt 5.3.x, default in Qt 5.4.0 and later). If enabled, it can still be disabled at runtime by setting QT_HARFBUZZ environment variable to "old". profiles/use.local.desc:media-libs/freetype:harfbuzz - Use media-libs/harfbuzz for auto-hinting OpenType fonts. WARNING: may trigger circular dependencies! profiles/use.local.desc:media-libs/libass:harfbuzz - Enables OpenType shaping via media-libs/harfbuzz. Or isn't 4 enough? //Peter
