Portage has 2.90 current version 2.92 was released 2016-03-06 Reproducible: Always Steps to Reproduce: 1. emerge -av net-p2p/transmission Actual Results: [ebuild N ] net-libs/libnatpmp-20150609 USE="-static-libs" [ebuild N ] sys-apps/lsb-release-1.4-r3 [ebuild N ] net-libs/miniupnpc-1.9.20151008 USE="ipv6 -static-libs" [ebuild N ] net-p2p/transmission-2.90-r1 USE="-ayatana gtk -libressl -lightweight qt4 -qt5 -systemd -xfs" Expected Results: [ebuild N ] net-libs/libnatpmp-20150609 USE="-static-libs" [ebuild N ] sys-apps/lsb-release-1.4-r3 [ebuild N ] net-libs/miniupnpc-1.9.20151008 USE="ipv6 -static-libs" [ebuild N ] net-p2p/transmission-2.92 USE="-ayatana gtk -libressl -lightweight qt4 -qt5 -systemd -xfs"
The 2.90 OSX client is compromised, front page (https://www.transmissionbt.com/) states... Read Immediately!!!! Everyone running 2.90 on OS X should immediately upgrade to and run 2.92, as they may have downloaded a malware-infected file. This new version will make sure that the “OSX.KeRanger.A” ransomware (more information available here) is correctly removed from your computer. Users of 2.91 should also immediately upgrade to and run 2.92. Even though 2.91 was never infected, it did not automatically remove the malware-infected file. More info in... https://forum.transmissionbt.com/viewtopic.php?f=4&t=17834
(In reply to Neil from comment #1) I have been following that saga over the weekend. As far as I can tell, only the Mac binary package was affected. The source tarball used by Gentoo was not tampered with.
