510962 – sys-libs/lib-compat-loki multiple vulnerabilities

Bug 510962 - sys-libs/lib-compat-loki multiple vulnerabilities

Summary: sys-libs/lib-compat-loki multiple vulnerabilities

Status:	RESOLVED WONTFIX

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal major (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	B1? [ebuild]
Keywords:

Depends on:
Blocks:

Reported:	2014-05-21 16:58 UTC by Ulrich Müller
Modified:	2019-12-09 07:25 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Ulrich Müller gentoo-dev

2014-05-21 16:58:56 UTC

sys-libs/lib-compat-loki ships glibc version 2.2.5 from 2002, so it can be expected to suffer from many of these vulnerabilities:
<https://bugs.gentoo.org/buglist.cgi?email1=security%40gentoo.org&emailassigned_to1=1&emailtype1=substring&list_id=2354642&query_format=advanced&resolution=---&resolution=FIXED&short_desc=sys-libs%2Fglibc&short_desc_type=allwordssubstr>

Comment 1 Aaron Bauman (RETIRED) gentoo-dev

2017-01-22 11:33:58 UTC

CC'ing tree cleaners.

* These packages depend on sys-libs/lib-compat-loki:
games-strategy/heroes3-1.3.1a-r2 (!ppc ? sys-libs/lib-compat-loki)
games-strategy/heroes3-demo-1.3.1a (>=sys-libs/lib-compat-loki-0.2)
games-strategy/smac-6.0a (!ppc ? sys-libs/lib-compat-loki)

Comment 2 Pacho Ramos gentoo-dev

2017-06-14 13:59:42 UTC

We are CCed here, but I am not sure if we want to keep all this in the tree (even hardmasked) or not:
# Ulrich Müller <ulm@gentoo.org> (15 Jul 2014)
# Permanently mask sys-libs/lib-compat and its reverse dependencies,
# pending multiple security vulnerabilities and QA issues.
# See bugs #515926 and #510960.
sys-libs/lib-compat
sys-libs/lib-compat-loki
games-action/mutantstorm-demo
games-action/phobiaii
games-fps/rtcw
games-fps/unreal
games-strategy/heroes3
games-strategy/heroes3-demo
games-strategy/smac

Can maintainers please give a hint? :/

Comment 3 James Le Cuirot gentoo-dev

2017-06-14 14:18:38 UTC

(In reply to Pacho Ramos from comment #2)
> We are CCed here, but I am not sure if we want to keep all this in the tree
> (even hardmasked) or not:
> # Ulrich Müller <ulm@gentoo.org> (15 Jul 2014)
> # Permanently mask sys-libs/lib-compat and its reverse dependencies,
> # pending multiple security vulnerabilities and QA issues.
> # See bugs #515926 and #510960
>
> Can maintainers please give a hint? :/

When it comes to games, I hope that we can just keep them hard masked to allow the user to make their own judgement. At some point I will double check whether this really is required for Unreal and friends. RTCW should really be replaced with iortcw, built from source. I don't know about the others.

Comment 4 Pacho Ramos gentoo-dev

2017-06-14 14:34:08 UTC

OK, then CC us back if you want to clean something ;)

See you!

Comment 5 Arfrever Frehtes Taifersar Arahesis 2019-12-09 03:58:22 UTC

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=010852d13e7f1c59bc11ab2e3efe806dfacebaf4

commit 010852d13e7f1c59bc11ab2e3efe806dfacebaf4
Author:     Aaron Bauman <bman@gentoo.org>
AuthorDate: 2019-12-08 21:13:32 +0000
Commit:     Aaron Bauman <bman@gentoo.org>
CommitDate: 2019-12-08 21:13:32 +0000

    games-*/*: drop last-rited pkgs
    
    Bug: https://bugs.gentoo.org/515926
    Bug: https://bugs.gentoo.org/510960
    
    Signed-off-by: Aaron Bauman <bman@gentoo.org>

 sys-libs/lib-compat-loki/Manifest                  |   1 -
 .../lib-compat-loki/lib-compat-loki-0.2-r1.ebuild  |  39 ----
 sys-libs/lib-compat-loki/metadata.xml              |   8 -

Comment 6 Ulrich Müller gentoo-dev

2019-12-09 07:25:53 UTC

Package removed.