From 2a794a0c161e00d48848622b39390b1a097bbf4b Mon Sep 17 00:00:00 2001 From: Dan Goodliffe Date: Sat, 30 Apr 2016 16:06:29 +0100 Subject: Add atomspec column to DB and test data --- gentoobrowse-api/db/schema.sql | 1 + gentoobrowse-api/unittests/data.sql | 2 +- gentoobrowse-api/unittests/fixtures/masksets.dat | 276 +++++++++++------------ 3 files changed, 140 insertions(+), 139 deletions(-) diff --git a/gentoobrowse-api/db/schema.sql b/gentoobrowse-api/db/schema.sql index cb9f716..a02d876 100644 --- a/gentoobrowse-api/db/schema.sql +++ b/gentoobrowse-api/db/schema.sql @@ -382,6 +382,7 @@ CREATE TABLE masksets ( email text NOT NULL, dateadded date NOT NULL, message text NOT NULL, + atomspec text[] NOT NULL, n smallint NOT NULL ); ALTER TABLE masksets OWNER TO gentoo; diff --git a/gentoobrowse-api/unittests/data.sql b/gentoobrowse-api/unittests/data.sql index 3299b02..d1c792d 100644 --- a/gentoobrowse-api/unittests/data.sql +++ b/gentoobrowse-api/unittests/data.sql @@ -13,7 +13,7 @@ COPY gentoobrowse.repos (repoid, name, path) FROM '$SCRIPTDIR/fixtures/repos.dat COPY gentoobrowse.ebuilds (ebuildid, packageid, version, versioninst, slot, license, firstseen, moddate, repoid) FROM '$SCRIPTDIR/fixtures/ebuilds.dat'; COPY gentoobrowse.ebuild_archs (ebuildid, arch) FROM '$SCRIPTDIR/fixtures/ebuild_archs.dat'; COPY gentoobrowse.ebuild_deps (ebuildid, packageid, versionspec, flags, op, slot) FROM '$SCRIPTDIR/fixtures/ebuild_deps.dat'; -COPY gentoobrowse.masksets (setno, person, email, dateadded, message, n) FROM '$SCRIPTDIR/fixtures/masksets.dat'; +COPY gentoobrowse.masksets (setno, person, email, dateadded, message, n, atomspec) FROM '$SCRIPTDIR/fixtures/masksets.dat'; COPY gentoobrowse.ebuild_masks (setno, ebuildid) FROM '$SCRIPTDIR/fixtures/ebuild_masks.dat'; COPY gentoobrowse.ebuild_rdeps (ebuildid, packageid, versionspec, flags, op, slot) FROM '$SCRIPTDIR/fixtures/ebuild_rdeps.dat'; COPY gentoobrowse.ebuild_uses (ebuildid, use) FROM '$SCRIPTDIR/fixtures/ebuild_uses.dat'; diff --git a/gentoobrowse-api/unittests/fixtures/masksets.dat b/gentoobrowse-api/unittests/fixtures/masksets.dat index 11187dc..d73443e 100644 --- a/gentoobrowse-api/unittests/fixtures/masksets.dat +++ b/gentoobrowse-api/unittests/fixtures/masksets.dat @@ -1,138 +1,138 @@ -3 Robin H. Johnson robbat2@gentoo.org 2006-02-11 zlib interaction is badly broken. See bug #124733. 1 -4 Tavis Ormandy taviso@gentoo.org 2006-03-21 masked pending unresolved security issues #125902 1 -5 Tavis Ormandy taviso@gentoo.org 2006-03-21 masked pending unresolved security issues #127167 2 -6 MATSUU Takuto matsuu@gentoo.org 2007-04-05 to be tested, seems unstable 1 -7 Chris Gianelloni wolf31o2@gentoo.org 2008-03-03 Masking due to security bug #194607 and security bug #204067 1 -8 Diego E. Pettenò flameeyes@gentoo.org 2009-01-03 These packages are not supposed to be merged directly, instead please use sys-devel/crossdev to install them. 1 -9 Tiziano Müller dev-zero@gentoo.org 2009-04-08 pre-releases 1 -10 Diego E. Pettenò flameeyes@gentoo.org 2009-08-08 on behalf of QA Team Mass-masking of live ebuilds; we cannot guarantee working state of live ebuilds, nor the availability of the server hosting them. As per QA team policy, all these need to be kept masked by default, if available in the tree. 1 -11 Diego E. Pettenò flameeyes@gmail.com 2009-10-09 Untested yet; documented only in Russian, help is appreciated. 1 -12 Peter Alfredsen loki_val@gentoo.org 2009-10-21 Masked because this needs a patch to be applied to portage to not install the kitchensink and everything else into /usr/src/debug with FEATURES=installsources 1 -54 Samuli Suominen ssuominen@gentoo.org 2014-03-03 gnome-extra/polkit-gnome is the "GTK+ polkit agent" and has no extra dependencies that installing lxde-base/lxpolkit would solve, thus the only motivation for creation of lxpolkit was to drop the word 'gnome' from the package's name. The packages are near identical by the outlook, determined by the used GTK+ theme. Raise yourself above the word 'gnome' and install the de facto GTK+ agent: emerge -C lxpolkit emerge -1 polkit-gnome Removal will happen at later date, but since there is no hurry, give it until rest of the year. 1 -55 Mike Gilbert floppym@gentoo.org 2014-03-04 Dev channel releases are only for people who are developers or want more experimental features and accept a more unstable release. 1 -103 Ole Markus With olemarkus@gentoo.org 2015-06-12 Masking PHP 7 pre-release versions 1 -13 Robert Piasek dagger@gentoo.org 2010-02-23 Masking libmapi as it depends on masked samba4 1 -14 Mike Frysinger vapier@gentoo.org 2010-03-07 Very old packages that people should have upgraded away from long ago. Courtesy mask ... time to upgrade. Added uninstallable #470712 1 -36 Pacho Ramos pacho@gentoo.org 2013-06-15 Upstream stalled, improper rendering (#470818), use app-editors/efte instead. 1 -37 Chí-Thanh Christopher Nguyễn chithanh@gentoo.org 2013-06-25 Mask new ptlib/opal for breakage, tracked in bug #474742 Lars Wendler (29 Apr 2014) Adjusted mask so newer versions get covered as well. 1 -38 Julian Ospald hasufell@gentoo.org 2013-06-26 Depends on masked dev-lang/lua-5.2 1 -56 Lars Wendler polynomial-c@gentoo.org 2014-03-14 Masked for security reasons. Do NOT remove this mask or the affected packages without speaking to bonsaikitten first! You have been warned! 1 -57 Sergey Popov pinkbyte@gentoo.org 2014-03-20 Security mask of vulnerable versions, wrt bug #424167 1 -58 Chí-Thanh Christopher Nguyễn chithanh@gentoo.org 2014-03-26 Affected by multiple vulnerabilities, #445916, #471098 and #472280 1 -59 Alexander Vershilov qnikst@gentoo.org 2014-04-02 Multiple vulnerabilities, see #504724, #505860 1 -60 Gilles Dartiguelongue eva@gentoo.org 2014-04-06 Old release, never stable, not working anymore See bug #327837, #382667, #492474 1 -61 Matti Bickel mabi@gentoo.org 2014-04-22 Masked slotted lua for testing 1 -62 Tom Wijsman TomWij@gentoo.org 2014-05-03 Needs to be further tested and revised by both Java and Ruby herds. 1 -63 Tom Wijsman TomWij@gentoo.org 2014-05-30 CVE-2012-1721 - Remote Code Execution Vulnerability Vulnerable: IBM Java SE 5.0 SR12-FP5 URL: http://www.securityfocus.com/bid/53959/ 1 -64 Markos Chandras hwoarang@gentoo.org 2014-05-30 Mask beta release 2 -65 Hans de Graaff graaff@gentoo.org 2014-06-01 Mask new rubinius version for testing. Current versions have some issues that should be solved in the forthcoming rubinius 2.3 release. 1 -66 Tom Wijsman TomWij@gentoo.org 2014-06-06 Mask gentoo-sources ebuilds that are affected with security bug CVE-2014-3153. Pinkie Pie discovered an issue in the futex subsystem that allows a local user to gain ring 0 control via the futex syscall. An unprivileged user could use this flaw to crash the kernel (resulting in denial of service) or for privilege escalation. https://bugs.gentoo.org/show_bug.cgi?id=CVE-2014-3153 Expires (6 Jun 2016) 1 -67 Robin H. Johnson robbat2@gentoo.org 2014-06-21 Needs work, but infra needs it for new VM boxes 1 -68 Mikle Kolyada zlogene@gentoo.org 2014-06-27 Masked for proper testing. (Major updates in the code). 1 -69 Ulrich Müller ulm@gentoo.org 2014-07-15 Permanently mask sys-libs/lib-compat and its reverse dependencies, pending multiple security vulnerabilities and QA issues. See bugs #515926 and #510960. 1 -70 Yixun Lan dlan@gentoo.org 2014-07-17 Masked for proper testing. (Major updates in the code). 1 -71 Robin H. Johnson robbat2@gentoo.org 2014-08-04 Masked for testing, presently fails upstream testsuite: FAIL:07:02:35 (00:00:00) db_dump/db_load(./TESTDIR.3/recd001.db:child killed: kill signal): expected 0, got 1 FAIL:07:02:35 (00:00:00) Dump/load of ./TESTDIR.3/recd001.db failed. FAIL:07:02:35 (00:00:00) db_verify_preop: expected 0, got 1 1 -73 Sergey Popov pinkbyte@gentoo.org 2014-08-28 Security mask, wrt bug #519650 If your application is broken due to this mask, please file a separate bug report 1 -74 Christian Faulhammer fauli@gentoo.org 2014-09-02 website not working anymore and will stay like this, tool is useless. See bug 504734 1 -76 Michał Górny mgorny@gentoo.org 2014-09-15 Causes undefined references few layers down (in mediastreamer), someone needs to investigate. 1 -77 Mike Pagano mpagano@gentoo.org 2014-10-16 A regression in kernels 3.17.0 lead to file system corruption for affected systems. This has been fixed in >= 3.17.1 Expires (16 Oct 2016) See Bug #525548. 1 -79 Markos Chandras hwoarang@gentoo.org 2014-11-18 Mask latest development version for testing 1 -80 Patrick Lauer patrick@gentoo.org 2014-11-24 Missing deps, uninstallable 1 -81 Richard Yao ryao@gentoo.org 2014-11-29 Depends on media-libs/lcms:0, which has unspecified security vulnerabilities. Masked until mscms.dll.so that links to media-libs/lcms:2 is backported from a newer wine, bug #526806. 1 -84 Sergey Popov pinkbyte@gentoo.org 2014-12-09 Security mask, wrt bug #529728 1 -85 Jeroen Roovers jer@gentoo.org 2014-12-12 The 96 and 173 branches are no longer supported and remain vulnerable to CVE-2014-8298 (bug #532342). You may be able to mitigate the vulnerability by disabling GLX indirect rendering protocol support on the X server. 1 -86 Aaron W. Swenson titanofold@gentoo.org 2014-12-28 Split ebuilds are no longer maintained. Migrate to the unified ebuilds invoking the following, substituting SLOT for the desired slot and optionally enabling the server and/or docs USE flags: emerge dev-db/postgresql:SLOT No further action is required. 1 -87 Tony Vroon chainsaw@gentoo.org 2015-01-05 Asterisk 13 is an LTS release but has not seen sufficient releases to be considered ready for production usage. You are welcome to have a go but please be careful. 1 -88 Anthony G. Basile blueness@gentoo.org 2015-01-09 p.mask the -9999 version 1 -90 Sergei Trofimovich slyfox@gentoo.org 2015-01-29 Mask live ebuild 1 -91 Eray Aslan eras@gentoo.org 2015-02-03 Mask experimental software 1 -92 Michał Górny mgorny@gentoo.org 2015-02-11 Potentially destructive to @world, bug #539746. 1 -96 Michał Górny mgorny@gentoo.org 2015-03-28 on behalf of gx86-multilib project Removed lastrited emul-linux-x86. The mask is kept post-removal per Arfrever's request so that the PM warns about masked packages being installed. 1 -98 Patrick Lauer patrick@gentoo.org 2015-04-10 Breaks pretty much all consumers, like samba Mask until it's more usable 1 -99 Ryan Hill rhill@gentoo.org 2015-04-28 Moving to /lib/gentoo/functions.sh broke the eclass by changing output it relies on. See bug #504118, 547586, and 547962. 1 -72 Samuli Suominen ssuominen@gentoo.org 2014-08-23 Some compile problems with media-libs/openexr >= 2.2.0 See https://bugs.gentoo.org/520240 for more information 1 -104 Patrick Lauer patrick@gentoo.org 2015-06-14 Has race condition / failure modes that make systems unusable See #551724 and duplicates 1 -41 Michael Weber xmw@gentoo.org 2013-07-17 Upstream next versions 1 -42 Chris Reffett creffett@gentoo.org 2013-07-20 Uses vulnerable versions of bzip2, but these versions are necessary to reconstruct older archives. Use at your own risk. 1 -43 Julian Ospald hasufell@gentoo.org 2013-07-21 Mask all unfetchable versions and those with tons of random bugs and segfaults (all). Don't ask for a version bump unless there is a working release. 1 -44 Sergey Popov pinkbyte@gentoo.org 2013-09-18 Mask development releases of botan: - causes many API breakages - do not compile in some USE-flag combinations - requires at least gcc 4.7(and possibly even 4.8 for some features) 1 -45 Tom Wijsman TomWij@gentoo.org 2013-09-18 Temporarily masked due to QA issue during attempts to unbundle dependencies; we need to check the jar contents to check for differences, especially the stax dependency seems to be problematic in this regard but we'll check all of them to ensure that unbundling doesn't hurt some missed functionality. Bug #471942 tracks the progress of these unbundling efforts. 2 -46 Agostino Sarubbo ago@gentoo.org 2013-09-23 Masked because of vulnerable versions DO NOT REMOVE OLDER VERSIONS temporarily disabled as it also breaks s390 keywording 1 -47 Diego Elio Pettenò flameeyes@gentoo.org 2013-10-13 Requires a NPN support in mod_ssl (www-server/apache) to work. See #471512 for more details. 1 -48 Justin Lecher jlec@gentoo.org 2013-10-14 Seems to break all deps - API change? 1 -51 Tony Vroon chainsaw@gentoo.org 2014-01-13 Asterisk 12 is a short term "standard" release containing significant architectural changes. This is not for your production kit quite yet. 1 -93 Justin Lecher jlec@gentoo.org 2015-02-28 Unfixed security problems No upstream support anymore CVE-2015-{0219,0220,0221,0222,5145} #536586 #554864 1 -52 Mike Gilbert floppym@gentoo.org 2014-01-19 To prevent accidental switching of release channels (bug 498306), google-chrome has been split into 3 packages: www-client/google-chrome www-client/google-chrome-beta www-client/google-chrome-unstable The stable channel remains as www-client/google-chrome, but has been switched to SLOT="0". Please unmerge your currently installed version and remerge one of the new packages. 1 -53 Tim Harder radhermit@gentoo.org 2014-02-04 Mask development releases 1 -107 Patrick Lauer patrick@gentoo.org 2015-07-01 Wrong version #553670 1 -114 Sergey Popov pinkbyte@gentoo.org 2015-07-13 Mask new version of Boost - it's known to cause breakages 1 -118 Ian Stakenvicius axs@gentoo.org 2015-07-16 Mask thunerbird-24.x as it is no longer supported, but it remains in the tree for now in case there is a need for it for upgrading old user profiles, etc. 1 -119 Ben de Groot yngwin@gentoo.org 2015-07-20 Version bump is a WIP, see bug #524242 It works (except USE=vamp) but is not up to Gentoo standards yet 1 -120 Ian Delaney idella4@gentoo.org 2015-07-21 The revbump has versions of lua which are also masked. Masked until those slotted versions are unmasked 1 -121 Davide Pesavento pesa@gentoo.org 2015-07-23 Standalone version of qtwebkit from the 2.3 upstream branch. Needs revdep testing. Bug #388207. 1 -132 Sebastian Pipping sping@gentoo.org 2015-08-08 Upcoming, too young to go into testing unmasked 1 -2 \N klieber@gentoo.org 2004-04-01 The following packages contain a remotely-exploitable security vulnerability and have been hard masked accordingly. Please see https://bugs.gentoo.org/show_bug.cgi?id=44351 for more info 1 -19 Ryan Hill dirtyepic@gentoo.org 2011-03-30 Work in progress https://bugs.gentoo.org/show_bug.cgi?id=354423 1 -20 Ryan Hill dirtyepic@gentoo.org 2011-03-30 Masked indefinitely (until 0.40 is released). https://bugs.gentoo.org/354423 2 -39 Tom Wijsman TomWij@gentoo.org 2013-06-30 Sun JDK and JRE contain critical vulnerabilities and receive no further updates; masking to make users aware of this, users that still need this package and have no alternative can unmask at their own risk. See bug #473830. This is continued by Oracle Corporation, which has acquired Sun Microsystems in early 2010; as per https://en.wikipedia.gentoo.org/wiki/Sun_acquisition_by_Oracle Users are suggested to upgrade to one of the newer Oracle packages like dev-java/oracle-jdk-bin or dev-java/oracle-jre-bin or choose another alternative we provide; eg. the IBM JDK/JRE or the open source IcedTea. Most of these packages provide a jce USE flag for those whom need the Java Cryptographic Extension Unlimited Strength Policy USE flag; whether that works depends from VM to VM, it seems to work for most except for the IBM VMs. 1 -146 Lars Wendler polynomial-c@gentoo.org 2015-08-20 Masked for testing 1 -164 Andreas K. Huettel dilfridge@gentoo.org 2015-09-19 Masked for security reasons, bugs 516044, 552644 Keeping it in the tree for now for users who cannot upgrade (commercial product, separate licenses for major versions) 1 -161 Lars Wendler polynomial-c@gentoo.org 2015-09-09 Masked for testing 1 -191 Mike Pagano mpagano@gentoo.org 2015-10-02 A regression in kernel 4.1.9 could lead to a system lockup. This has been fixed in gentoo-sources-4.1.9-r1 and the hope is that this patch will make it to 4.1.10 Expires (2 Oct 2017) 1 -195 Hans de Graaff graaff@gentoo.org 2015-10-11 Ruby 1.9 is no longer maintained upstream since January 2015, bug 536852. Masked for removal in 30 days. 1 -197 Pawel Hajdan, Jr. phajdan.jr@gentoo.org 2015-10-16 Dev channel releases are only for people who are developers or want more experimental features and accept a more unstable release. 1 -222 Justin Lecher jlec@gentoo.org 2015-11-10 Vulnerable package CVE-2014-{1932,1933} Bug: 507982 3 -224 Brian Evans grknight@gentoo.org 2015-11-11 Mask latest xdebug{,-client} beta versions Upstream keeps changing the tarballs causing Manifest errors. wrt bug 565234 2 -203 Justin Lecher jlec@gentoo.org 2015-10-23 Breaking changes #563540 1 -225 Justin Lecher jlec@gentoo.org 2015-11-12 deprecated version of the plugin. sci-chemistry/pymol includes the newer version 1 -204 Ian Delaney idella4@gentoo.org 2015-10-27 fails to build dev-lisp/sbcl-1.2.16 #563812 mgorny: dev-lisp/uiop as version-bound revdep 1 -209 Michał Górny mgorny@gentoo.org 2015-10-30 Uses unsafe ioctls that could result in data corruption. Upstream is working on replacing them in the wip/dedup-syscall branch. Keep it masked until they are done. sys-fs/duperemove is the suggested replacement for the meantime. 1 -211 Brian Evans grknight@gentoo.org 2015-11-06 Mask new versions of dev-php/pecl-yaml that only work with PHP-7+ 1 -212 Patrice Clement monsieurp@gentoo.org 2015-11-07 Duplicate package since it already exists as virtual/perl-Parse-CPAN-meta. Masked for removal in 30 days. 1 -214 Pacho Ramos pacho@gentoo.org 2015-11-09 Dead for years, see bug #248489. Removal in a month. 1 -215 Pacho Ramos pacho@gentoo.org 2015-11-09 Obsolete for a long time, see bug #231578. Removal in a month. 2 -216 Pacho Ramos pacho@gentoo.org 2015-11-09 Upstream dead, buggy, there are many other bittorrent clients in the tree. See bug #210520. Removal in a month. 3 -217 Pacho Ramos pacho@gentoo.org 2015-11-09 Nobody willing to maintain/bump it. Use qemu instead Removal in a month. Bug #200003 4 -218 Pacho Ramos pacho@gentoo.org 2015-11-09 Not properly installed, dead for ages, upstream ask people to use Zed Attack Proxy Project instead Removal in a month. Bug #185919 5 -220 Lars Wendler polynomial-c@gentoo.org 2015-11-10 Masked apache-2.4.17 due to broken REDIRECT_URL behavior. See Gentoo bug #565348 for more details. 1 -221 Justin Lecher jlec@gentoo.org 2015-11-10 Compatibility virtual for transition from dev-python/imaging to dev-python/pillow obsolete now #508266 2 -226 Patrice Clement monsieurp@gentoo.org 2015-11-12 Upstream is somewhat alive but has made compiling POI difficult to compile and package. Further, POI is affected by a bunch of CVEs. It has solely two deps that we are masking as well since both projects are not very trendy and/or alive. Masked for removal in 30 days. See bug #402757. 2 -227 Patrice Clement monsieurp@gentoo.org 2015-11-12 Upstream dead + ebuild was never stabilised. Masked for removal in 30 days. See bug #276095. 3 -223 Michał Górny mgorny@gentoo.org 2015-11-11 Cleaned up Python versions masked for testing: - python-config-X.Y compatibility removed, - python[23] choice is now stored in config file rather than symlink, - eselect-python reworked to reuse python-exec and wrap all execs, - ABIFLAGS reintroduced for 3.3+. Resulting API/ABI change can break reverse dependencies, especially if upstream hardcodes paths or library names. 1 -229 Michael Palimaka kensington@gentoo.org 2015-11-18 Ebuilds unfinished work-in-progress. Dead upstream. Masked for removal in 30 days. Bug #550234. 1 -198 Mike Frysinger vapier@gentoo.org 2015-10-18 apache-2.4.17 includes support for http2 now. 1 -230 Patrice Clement monsieurp@gentoo.org 2015-11-21 Upstream dead + superseded by app-text/tidy-html5. Masked for removal in 30 days. See bug #564884. Not yet. 1 -231 Michael Sterrett mr_bones_@gentoo.org 2015-11-22 Upstream is gone and doesn't build on modern systems. Masked for removal on 20151222 1 -205 Chí-Thanh Christopher Nguyễn chithanh@gentoo.org 2015-10-29 Mask until it is decided how to address xorg-server file collisions #564358 1 -241 Ian Delaney idella4@gentoo.org 2015-12-06 Masked due to support of the hypervisor dropped in arch x86 rdep packages use.masked for xen under arch 1 -242 Anthony G. Basile blueness@gentoo.org 2015-12-06 Masked until we deal with SSLv3, bug #567554 2 -232 Andreas K. Huettel dilfridge@gentoo.org 2015-11-22 txt2html got accidentally packaged twice, as TextToHTML and as txt2html. Masking the version with nonstandard PN for removal in 30 days. 2 -233 Sergey Popov pinkbyte@gentoo.org 2015-11-25 Dead upstream, security issues, see bug #557856 Removal in a month 1 -234 Michael Sterrett mr_bones_@gentoo.org 2015-12-01 No release since 2005; upstream is gone; doesn't build on modern systems. Masked for removal on 20151231 1 -235 Brian Evans grknight@gentoo.org 2015-12-02 PHP 5.4 is End Of Life and will not receive any further updates Please migrate to 5.5 or, preferably 5.6. 1 -236 Brian Evans grknight@gentoo.org 2015-12-02 Zend Opcache was integrated into PHP versions 5.5 and later Masked for removal in 30 days 2 -237 Brian Evans grknight@gentoo.org 2015-12-02 All current targets are masked. New version only works on PHP7. 3 -238 Patrice Clement monsieurp@gentoo.org 2015-12-03 Broken and outdated. Let's see off these 3 packages. Masked for removal in 30 days. See bug #567326. 1 -239 Robin H. Johnson robbat2@gentoo.org 2015-12-04 Much early testing needed 1 -240 Patrice Clement monsieurp@gentoo.org 2015-12-05 Upstream dead: no update since 2007. Masked for removal in 30 days. See bug #567580. 1 -243 Patrice Clement monsieurp@gentoo.org 2015-12-06 We maintain old versions which were never stabilised and are too far behind for a trivial version bump. Masked for removal in 30 days. See bug #161440. 3 -244 Mike Gilbert floppym@gentoo.org 2015-12-06 Masked for testing. 4 -245 Michael Orlitzky mjo@gentoo.org 2015-12-06 Masked for testing of the new apache2/php7 support. 5 -246 Ian Delaney idella4@gentoo.org 2015-12-07 "The drizzle project is long dead, it should be removed, along with dev-php/pecl-drizzle", note by grknight in Bug #501060 Masked for removal in 30 days. 1 +3 Robin H. Johnson robbat2@gentoo.org 2006-02-11 zlib interaction is badly broken. See bug #124733. 1 {} +4 Tavis Ormandy taviso@gentoo.org 2006-03-21 masked pending unresolved security issues #125902 1 {} +5 Tavis Ormandy taviso@gentoo.org 2006-03-21 masked pending unresolved security issues #127167 2 {} +6 MATSUU Takuto matsuu@gentoo.org 2007-04-05 to be tested, seems unstable 1 {} +7 Chris Gianelloni wolf31o2@gentoo.org 2008-03-03 Masking due to security bug #194607 and security bug #204067 1 {} +8 Diego E. Pettenò flameeyes@gentoo.org 2009-01-03 These packages are not supposed to be merged directly, instead please use sys-devel/crossdev to install them. 1 {} +9 Tiziano Müller dev-zero@gentoo.org 2009-04-08 pre-releases 1 {} +10 Diego E. Pettenò flameeyes@gentoo.org 2009-08-08 on behalf of QA Team Mass-masking of live ebuilds; we cannot guarantee working state of live ebuilds, nor the availability of the server hosting them. As per QA team policy, all these need to be kept masked by default, if available in the tree. 1 {} +11 Diego E. Pettenò flameeyes@gmail.com 2009-10-09 Untested yet; documented only in Russian, help is appreciated. 1 {} +12 Peter Alfredsen loki_val@gentoo.org 2009-10-21 Masked because this needs a patch to be applied to portage to not install the kitchensink and everything else into /usr/src/debug with FEATURES=installsources 1 {} +54 Samuli Suominen ssuominen@gentoo.org 2014-03-03 gnome-extra/polkit-gnome is the "GTK+ polkit agent" and has no extra dependencies that installing lxde-base/lxpolkit would solve, thus the only motivation for creation of lxpolkit was to drop the word 'gnome' from the package's name. The packages are near identical by the outlook, determined by the used GTK+ theme. Raise yourself above the word 'gnome' and install the de facto GTK+ agent: emerge -C lxpolkit emerge -1 polkit-gnome Removal will happen at later date, but since there is no hurry, give it until rest of the year. 1 {} +55 Mike Gilbert floppym@gentoo.org 2014-03-04 Dev channel releases are only for people who are developers or want more experimental features and accept a more unstable release. 1 {} +103 Ole Markus With olemarkus@gentoo.org 2015-06-12 Masking PHP 7 pre-release versions 1 {} +13 Robert Piasek dagger@gentoo.org 2010-02-23 Masking libmapi as it depends on masked samba4 1 {} +14 Mike Frysinger vapier@gentoo.org 2010-03-07 Very old packages that people should have upgraded away from long ago. Courtesy mask ... time to upgrade. Added uninstallable #470712 1 {} +36 Pacho Ramos pacho@gentoo.org 2013-06-15 Upstream stalled, improper rendering (#470818), use app-editors/efte instead. 1 {} +37 Chí-Thanh Christopher Nguyễn chithanh@gentoo.org 2013-06-25 Mask new ptlib/opal for breakage, tracked in bug #474742 Lars Wendler (29 Apr 2014) Adjusted mask so newer versions get covered as well. 1 {} +38 Julian Ospald hasufell@gentoo.org 2013-06-26 Depends on masked dev-lang/lua-5.2 1 {} +56 Lars Wendler polynomial-c@gentoo.org 2014-03-14 Masked for security reasons. Do NOT remove this mask or the affected packages without speaking to bonsaikitten first! You have been warned! 1 {} +57 Sergey Popov pinkbyte@gentoo.org 2014-03-20 Security mask of vulnerable versions, wrt bug #424167 1 {} +58 Chí-Thanh Christopher Nguyễn chithanh@gentoo.org 2014-03-26 Affected by multiple vulnerabilities, #445916, #471098 and #472280 1 {} +59 Alexander Vershilov qnikst@gentoo.org 2014-04-02 Multiple vulnerabilities, see #504724, #505860 1 {} +60 Gilles Dartiguelongue eva@gentoo.org 2014-04-06 Old release, never stable, not working anymore See bug #327837, #382667, #492474 1 {} +61 Matti Bickel mabi@gentoo.org 2014-04-22 Masked slotted lua for testing 1 {} +62 Tom Wijsman TomWij@gentoo.org 2014-05-03 Needs to be further tested and revised by both Java and Ruby herds. 1 {} +63 Tom Wijsman TomWij@gentoo.org 2014-05-30 CVE-2012-1721 - Remote Code Execution Vulnerability Vulnerable: IBM Java SE 5.0 SR12-FP5 URL: http://www.securityfocus.com/bid/53959/ 1 {} +64 Markos Chandras hwoarang@gentoo.org 2014-05-30 Mask beta release 2 {} +65 Hans de Graaff graaff@gentoo.org 2014-06-01 Mask new rubinius version for testing. Current versions have some issues that should be solved in the forthcoming rubinius 2.3 release. 1 {} +66 Tom Wijsman TomWij@gentoo.org 2014-06-06 Mask gentoo-sources ebuilds that are affected with security bug CVE-2014-3153. Pinkie Pie discovered an issue in the futex subsystem that allows a local user to gain ring 0 control via the futex syscall. An unprivileged user could use this flaw to crash the kernel (resulting in denial of service) or for privilege escalation. https://bugs.gentoo.org/show_bug.cgi?id=CVE-2014-3153 Expires (6 Jun 2016) 1 {} +67 Robin H. Johnson robbat2@gentoo.org 2014-06-21 Needs work, but infra needs it for new VM boxes 1 {} +68 Mikle Kolyada zlogene@gentoo.org 2014-06-27 Masked for proper testing. (Major updates in the code). 1 {} +69 Ulrich Müller ulm@gentoo.org 2014-07-15 Permanently mask sys-libs/lib-compat and its reverse dependencies, pending multiple security vulnerabilities and QA issues. See bugs #515926 and #510960. 1 {} +70 Yixun Lan dlan@gentoo.org 2014-07-17 Masked for proper testing. (Major updates in the code). 1 {} +71 Robin H. Johnson robbat2@gentoo.org 2014-08-04 Masked for testing, presently fails upstream testsuite: FAIL:07:02:35 (00:00:00) db_dump/db_load(./TESTDIR.3/recd001.db:child killed: kill signal): expected 0, got 1 FAIL:07:02:35 (00:00:00) Dump/load of ./TESTDIR.3/recd001.db failed. FAIL:07:02:35 (00:00:00) db_verify_preop: expected 0, got 1 1 {} +73 Sergey Popov pinkbyte@gentoo.org 2014-08-28 Security mask, wrt bug #519650 If your application is broken due to this mask, please file a separate bug report 1 {} +74 Christian Faulhammer fauli@gentoo.org 2014-09-02 website not working anymore and will stay like this, tool is useless. See bug 504734 1 {} +76 Michał Górny mgorny@gentoo.org 2014-09-15 Causes undefined references few layers down (in mediastreamer), someone needs to investigate. 1 {} +77 Mike Pagano mpagano@gentoo.org 2014-10-16 A regression in kernels 3.17.0 lead to file system corruption for affected systems. This has been fixed in >= 3.17.1 Expires (16 Oct 2016) See Bug #525548. 1 {} +79 Markos Chandras hwoarang@gentoo.org 2014-11-18 Mask latest development version for testing 1 {} +80 Patrick Lauer patrick@gentoo.org 2014-11-24 Missing deps, uninstallable 1 {} +81 Richard Yao ryao@gentoo.org 2014-11-29 Depends on media-libs/lcms:0, which has unspecified security vulnerabilities. Masked until mscms.dll.so that links to media-libs/lcms:2 is backported from a newer wine, bug #526806. 1 {} +84 Sergey Popov pinkbyte@gentoo.org 2014-12-09 Security mask, wrt bug #529728 1 {} +85 Jeroen Roovers jer@gentoo.org 2014-12-12 The 96 and 173 branches are no longer supported and remain vulnerable to CVE-2014-8298 (bug #532342). You may be able to mitigate the vulnerability by disabling GLX indirect rendering protocol support on the X server. 1 {} +86 Aaron W. Swenson titanofold@gentoo.org 2014-12-28 Split ebuilds are no longer maintained. Migrate to the unified ebuilds invoking the following, substituting SLOT for the desired slot and optionally enabling the server and/or docs USE flags: emerge dev-db/postgresql:SLOT No further action is required. 1 {} +87 Tony Vroon chainsaw@gentoo.org 2015-01-05 Asterisk 13 is an LTS release but has not seen sufficient releases to be considered ready for production usage. You are welcome to have a go but please be careful. 1 {} +88 Anthony G. Basile blueness@gentoo.org 2015-01-09 p.mask the -9999 version 1 {} +90 Sergei Trofimovich slyfox@gentoo.org 2015-01-29 Mask live ebuild 1 {} +91 Eray Aslan eras@gentoo.org 2015-02-03 Mask experimental software 1 {} +92 Michał Górny mgorny@gentoo.org 2015-02-11 Potentially destructive to @world, bug #539746. 1 {} +96 Michał Górny mgorny@gentoo.org 2015-03-28 on behalf of gx86-multilib project Removed lastrited emul-linux-x86. The mask is kept post-removal per Arfrever's request so that the PM warns about masked packages being installed. 1 {} +98 Patrick Lauer patrick@gentoo.org 2015-04-10 Breaks pretty much all consumers, like samba Mask until it's more usable 1 {} +99 Ryan Hill rhill@gentoo.org 2015-04-28 Moving to /lib/gentoo/functions.sh broke the eclass by changing output it relies on. See bug #504118, 547586, and 547962. 1 {} +72 Samuli Suominen ssuominen@gentoo.org 2014-08-23 Some compile problems with media-libs/openexr >= 2.2.0 See https://bugs.gentoo.org/520240 for more information 1 {} +104 Patrick Lauer patrick@gentoo.org 2015-06-14 Has race condition / failure modes that make systems unusable See #551724 and duplicates 1 {} +41 Michael Weber xmw@gentoo.org 2013-07-17 Upstream next versions 1 {} +42 Chris Reffett creffett@gentoo.org 2013-07-20 Uses vulnerable versions of bzip2, but these versions are necessary to reconstruct older archives. Use at your own risk. 1 {} +43 Julian Ospald hasufell@gentoo.org 2013-07-21 Mask all unfetchable versions and those with tons of random bugs and segfaults (all). Don't ask for a version bump unless there is a working release. 1 {} +44 Sergey Popov pinkbyte@gentoo.org 2013-09-18 Mask development releases of botan: - causes many API breakages - do not compile in some USE-flag combinations - requires at least gcc 4.7(and possibly even 4.8 for some features) 1 {} +45 Tom Wijsman TomWij@gentoo.org 2013-09-18 Temporarily masked due to QA issue during attempts to unbundle dependencies; we need to check the jar contents to check for differences, especially the stax dependency seems to be problematic in this regard but we'll check all of them to ensure that unbundling doesn't hurt some missed functionality. Bug #471942 tracks the progress of these unbundling efforts. 2 {} +46 Agostino Sarubbo ago@gentoo.org 2013-09-23 Masked because of vulnerable versions DO NOT REMOVE OLDER VERSIONS temporarily disabled as it also breaks s390 keywording 1 {} +47 Diego Elio Pettenò flameeyes@gentoo.org 2013-10-13 Requires a NPN support in mod_ssl (www-server/apache) to work. See #471512 for more details. 1 {} +48 Justin Lecher jlec@gentoo.org 2013-10-14 Seems to break all deps - API change? 1 {} +51 Tony Vroon chainsaw@gentoo.org 2014-01-13 Asterisk 12 is a short term "standard" release containing significant architectural changes. This is not for your production kit quite yet. 1 {} +93 Justin Lecher jlec@gentoo.org 2015-02-28 Unfixed security problems No upstream support anymore CVE-2015-{0219,0220,0221,0222,5145} #536586 #554864 1 {} +52 Mike Gilbert floppym@gentoo.org 2014-01-19 To prevent accidental switching of release channels (bug 498306), google-chrome has been split into 3 packages: www-client/google-chrome www-client/google-chrome-beta www-client/google-chrome-unstable The stable channel remains as www-client/google-chrome, but has been switched to SLOT="0". Please unmerge your currently installed version and remerge one of the new packages. 1 {} +53 Tim Harder radhermit@gentoo.org 2014-02-04 Mask development releases 1 {} +107 Patrick Lauer patrick@gentoo.org 2015-07-01 Wrong version #553670 1 {} +114 Sergey Popov pinkbyte@gentoo.org 2015-07-13 Mask new version of Boost - it's known to cause breakages 1 {} +118 Ian Stakenvicius axs@gentoo.org 2015-07-16 Mask thunerbird-24.x as it is no longer supported, but it remains in the tree for now in case there is a need for it for upgrading old user profiles, etc. 1 {} +119 Ben de Groot yngwin@gentoo.org 2015-07-20 Version bump is a WIP, see bug #524242 It works (except USE=vamp) but is not up to Gentoo standards yet 1 {} +120 Ian Delaney idella4@gentoo.org 2015-07-21 The revbump has versions of lua which are also masked. Masked until those slotted versions are unmasked 1 {} +121 Davide Pesavento pesa@gentoo.org 2015-07-23 Standalone version of qtwebkit from the 2.3 upstream branch. Needs revdep testing. Bug #388207. 1 {} +132 Sebastian Pipping sping@gentoo.org 2015-08-08 Upcoming, too young to go into testing unmasked 1 {} +2 \N klieber@gentoo.org 2004-04-01 The following packages contain a remotely-exploitable security vulnerability and have been hard masked accordingly. Please see https://bugs.gentoo.org/show_bug.cgi?id=44351 for more info 1 {} +19 Ryan Hill dirtyepic@gentoo.org 2011-03-30 Work in progress https://bugs.gentoo.org/show_bug.cgi?id=354423 1 {} +20 Ryan Hill dirtyepic@gentoo.org 2011-03-30 Masked indefinitely (until 0.40 is released). https://bugs.gentoo.org/354423 2 {} +39 Tom Wijsman TomWij@gentoo.org 2013-06-30 Sun JDK and JRE contain critical vulnerabilities and receive no further updates; masking to make users aware of this, users that still need this package and have no alternative can unmask at their own risk. See bug #473830. This is continued by Oracle Corporation, which has acquired Sun Microsystems in early 2010; as per https://en.wikipedia.gentoo.org/wiki/Sun_acquisition_by_Oracle Users are suggested to upgrade to one of the newer Oracle packages like dev-java/oracle-jdk-bin or dev-java/oracle-jre-bin or choose another alternative we provide; eg. the IBM JDK/JRE or the open source IcedTea. Most of these packages provide a jce USE flag for those whom need the Java Cryptographic Extension Unlimited Strength Policy USE flag; whether that works depends from VM to VM, it seems to work for most except for the IBM VMs. 1 {} +146 Lars Wendler polynomial-c@gentoo.org 2015-08-20 Masked for testing 1 {} +164 Andreas K. Huettel dilfridge@gentoo.org 2015-09-19 Masked for security reasons, bugs 516044, 552644 Keeping it in the tree for now for users who cannot upgrade (commercial product, separate licenses for major versions) 1 {} +161 Lars Wendler polynomial-c@gentoo.org 2015-09-09 Masked for testing 1 {} +191 Mike Pagano mpagano@gentoo.org 2015-10-02 A regression in kernel 4.1.9 could lead to a system lockup. This has been fixed in gentoo-sources-4.1.9-r1 and the hope is that this patch will make it to 4.1.10 Expires (2 Oct 2017) 1 {} +195 Hans de Graaff graaff@gentoo.org 2015-10-11 Ruby 1.9 is no longer maintained upstream since January 2015, bug 536852. Masked for removal in 30 days. 1 {} +197 Pawel Hajdan, Jr. phajdan.jr@gentoo.org 2015-10-16 Dev channel releases are only for people who are developers or want more experimental features and accept a more unstable release. 1 {} +222 Justin Lecher jlec@gentoo.org 2015-11-10 Vulnerable package CVE-2014-{1932,1933} Bug: 507982 3 {} +224 Brian Evans grknight@gentoo.org 2015-11-11 Mask latest xdebug{,-client} beta versions Upstream keeps changing the tarballs causing Manifest errors. wrt bug 565234 2 {} +203 Justin Lecher jlec@gentoo.org 2015-10-23 Breaking changes #563540 1 {} +225 Justin Lecher jlec@gentoo.org 2015-11-12 deprecated version of the plugin. sci-chemistry/pymol includes the newer version 1 {} +204 Ian Delaney idella4@gentoo.org 2015-10-27 fails to build dev-lisp/sbcl-1.2.16 #563812 mgorny: dev-lisp/uiop as version-bound revdep 1 {} +209 Michał Górny mgorny@gentoo.org 2015-10-30 Uses unsafe ioctls that could result in data corruption. Upstream is working on replacing them in the wip/dedup-syscall branch. Keep it masked until they are done. sys-fs/duperemove is the suggested replacement for the meantime. 1 {} +211 Brian Evans grknight@gentoo.org 2015-11-06 Mask new versions of dev-php/pecl-yaml that only work with PHP-7+ 1 {} +212 Patrice Clement monsieurp@gentoo.org 2015-11-07 Duplicate package since it already exists as virtual/perl-Parse-CPAN-meta. Masked for removal in 30 days. 1 {} +214 Pacho Ramos pacho@gentoo.org 2015-11-09 Dead for years, see bug #248489. Removal in a month. 1 {} +215 Pacho Ramos pacho@gentoo.org 2015-11-09 Obsolete for a long time, see bug #231578. Removal in a month. 2 {} +216 Pacho Ramos pacho@gentoo.org 2015-11-09 Upstream dead, buggy, there are many other bittorrent clients in the tree. See bug #210520. Removal in a month. 3 {} +217 Pacho Ramos pacho@gentoo.org 2015-11-09 Nobody willing to maintain/bump it. Use qemu instead Removal in a month. Bug #200003 4 {} +218 Pacho Ramos pacho@gentoo.org 2015-11-09 Not properly installed, dead for ages, upstream ask people to use Zed Attack Proxy Project instead Removal in a month. Bug #185919 5 {} +220 Lars Wendler polynomial-c@gentoo.org 2015-11-10 Masked apache-2.4.17 due to broken REDIRECT_URL behavior. See Gentoo bug #565348 for more details. 1 {} +221 Justin Lecher jlec@gentoo.org 2015-11-10 Compatibility virtual for transition from dev-python/imaging to dev-python/pillow obsolete now #508266 2 {} +226 Patrice Clement monsieurp@gentoo.org 2015-11-12 Upstream is somewhat alive but has made compiling POI difficult to compile and package. Further, POI is affected by a bunch of CVEs. It has solely two deps that we are masking as well since both projects are not very trendy and/or alive. Masked for removal in 30 days. See bug #402757. 2 {} +227 Patrice Clement monsieurp@gentoo.org 2015-11-12 Upstream dead + ebuild was never stabilised. Masked for removal in 30 days. See bug #276095. 3 {} +223 Michał Górny mgorny@gentoo.org 2015-11-11 Cleaned up Python versions masked for testing: - python-config-X.Y compatibility removed, - python[23] choice is now stored in config file rather than symlink, - eselect-python reworked to reuse python-exec and wrap all execs, - ABIFLAGS reintroduced for 3.3+. Resulting API/ABI change can break reverse dependencies, especially if upstream hardcodes paths or library names. 1 {} +229 Michael Palimaka kensington@gentoo.org 2015-11-18 Ebuilds unfinished work-in-progress. Dead upstream. Masked for removal in 30 days. Bug #550234. 1 {} +198 Mike Frysinger vapier@gentoo.org 2015-10-18 apache-2.4.17 includes support for http2 now. 1 {} +230 Patrice Clement monsieurp@gentoo.org 2015-11-21 Upstream dead + superseded by app-text/tidy-html5. Masked for removal in 30 days. See bug #564884. Not yet. 1 {} +231 Michael Sterrett mr_bones_@gentoo.org 2015-11-22 Upstream is gone and doesn't build on modern systems. Masked for removal on 20151222 1 {} +205 Chí-Thanh Christopher Nguyễn chithanh@gentoo.org 2015-10-29 Mask until it is decided how to address xorg-server file collisions #564358 1 {} +241 Ian Delaney idella4@gentoo.org 2015-12-06 Masked due to support of the hypervisor dropped in arch x86 rdep packages use.masked for xen under arch 1 {} +242 Anthony G. Basile blueness@gentoo.org 2015-12-06 Masked until we deal with SSLv3, bug #567554 2 {} +232 Andreas K. Huettel dilfridge@gentoo.org 2015-11-22 txt2html got accidentally packaged twice, as TextToHTML and as txt2html. Masking the version with nonstandard PN for removal in 30 days. 2 {} +233 Sergey Popov pinkbyte@gentoo.org 2015-11-25 Dead upstream, security issues, see bug #557856 Removal in a month 1 {} +234 Michael Sterrett mr_bones_@gentoo.org 2015-12-01 No release since 2005; upstream is gone; doesn't build on modern systems. Masked for removal on 20151231 1 {} +235 Brian Evans grknight@gentoo.org 2015-12-02 PHP 5.4 is End Of Life and will not receive any further updates Please migrate to 5.5 or, preferably 5.6. 1 {} +236 Brian Evans grknight@gentoo.org 2015-12-02 Zend Opcache was integrated into PHP versions 5.5 and later Masked for removal in 30 days 2 {} +237 Brian Evans grknight@gentoo.org 2015-12-02 All current targets are masked. New version only works on PHP7. 3 {} +238 Patrice Clement monsieurp@gentoo.org 2015-12-03 Broken and outdated. Let's see off these 3 packages. Masked for removal in 30 days. See bug #567326. 1 {} +239 Robin H. Johnson robbat2@gentoo.org 2015-12-04 Much early testing needed 1 {} +240 Patrice Clement monsieurp@gentoo.org 2015-12-05 Upstream dead: no update since 2007. Masked for removal in 30 days. See bug #567580. 1 {} +243 Patrice Clement monsieurp@gentoo.org 2015-12-06 We maintain old versions which were never stabilised and are too far behind for a trivial version bump. Masked for removal in 30 days. See bug #161440. 3 {} +244 Mike Gilbert floppym@gentoo.org 2015-12-06 Masked for testing. 4 {} +245 Michael Orlitzky mjo@gentoo.org 2015-12-06 Masked for testing of the new apache2/php7 support. 5 {} +246 Ian Delaney idella4@gentoo.org 2015-12-07 "The drizzle project is long dead, it should be removed, along with dev-php/pecl-drizzle", note by grknight in Bug #501060 Masked for removal in 30 days. 1 {} -- cgit v1.2.3