commit: 29772084068486a60f4f8c3470869309b5c4d906 Author: Sam James <sam <AT> gentoo <DOT> org> AuthorDate: Thu Jun 29 10:44:50 2023 +0000 Commit: Sam James <sam <AT> gentoo <DOT> org> CommitDate: Thu Jun 29 10:45:04 2023 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=29772084
profiles/base: mask net-libs/gnutls[sslv2,sslv3], dev-libs/openssl[sslv2,sslv3] Horribly insecure old protocols. Don't allow them to be enabled accidentally by stale configs in make.conf, i.e. make users opt in very explicitly by unmasking if they do need it. Signed-off-by: Sam James <sam <AT> gentoo.org> profiles/base/package.use.mask | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/profiles/base/package.use.mask b/profiles/base/package.use.mask index b525117a3c16..56b900574092 100644 --- a/profiles/base/package.use.mask +++ b/profiles/base/package.use.mask @@ -6,6 +6,11 @@ # This file is only for generic masks. For arch-specific masks (i.e. # mask everywhere, unmask on arch/*) use arch/base. +# Sam James <[email protected]> (2023-06-29) +# Insecure old versions of the SSL/TLS protocol. +net-libs/gnutls sslv2 sslv3 +dev-libs/openssl sslv2 sslv3 + # Sam James <[email protected]> (2023-06-29) # Needs <dev-libs/openssl-3 which is EOL beyond September 2023. net-misc/curl sslv3
