1.x is not anymore maintained. The last release is from 2009. see also: https://github.com/mm2/Little-CMS/issues/29#issuecomment-40654981
Should we mask these, too? ./app-emulation/crossover-bin/crossover-bin-13.1.0.ebuild: lcms? ( media-libs/lcms:0 ) ./app-emulation/crossover-bin/crossover-bin-12.2.0-r1.ebuild: lcms? ( media-libs/lcms:0 ) ./app-emulation/crossover-bin/crossover-bin-13.1.2.ebuild: lcms? ( media-libs/lcms:0 ) ./app-emulation/crossover-bin/crossover-bin-13.0.1.ebuild: lcms? ( media-libs/lcms:0 ) ./app-emulation/crossover-bin/crossover-bin-12.2.2.ebuild: lcms? ( media-libs/lcms:0 ) ./app-emulation/crossover-bin/crossover-bin-12.5.0.ebuild: lcms? ( media-libs/lcms:0 ) ./app-emulation/crossover-bin/crossover-bin-12.5.1.ebuild: lcms? ( media-libs/lcms:0 ) ./app-emulation/crossover-bin/crossover-bin-12.2.1-r1.ebuild: lcms? ( media-libs/lcms:0 ) ./app-emulation/crossover-bin/crossover-bin-13.1.3.ebuild: lcms? ( media-libs/lcms:0 ) ./app-emulation/crossover-bin/crossover-bin-12.1.2-r1.ebuild: lcms? ( media-libs/lcms:0 ) ./app-emulation/crossover-bin/crossover-bin-13.2.0.ebuild: lcms? ( media-libs/lcms:0 ) ./app-emulation/crossover-bin/crossover-bin-13.0.0.ebuild: lcms? ( media-libs/lcms:0 ) ./app-emulation/wine/wine-1.4.1.ebuild: lcms? ( media-libs/lcms:0= ) ./app-emulation/wine/wine-1.2.3.ebuild: lcms? ( media-libs/lcms:0= ) ./app-emulation/wine/wine-1.3.28.ebuild: lcms? ( media-libs/lcms:0= ) ./app-emulation/wine/wine-1.6.1.ebuild: lcms? ( media-libs/lcms:0= ) ./gnome-extra/gnome-color-manager/gnome-color-manager-2.32.0.ebuild: media-libs/lcms:0 ./www-client/netsurf/netsurf-2.9.ebuild: media-libs/lcms:0 ./www-client/netsurf/netsurf-3.0-r1.ebuild: media-libs/lcms:0 ./www-client/netsurf/netsurf-3.0.ebuild: media-libs/lcms:0 ./media-gfx/rawstudio/rawstudio-2.0-r1.ebuild: media-libs/lcms:0 ./media-gfx/dcraw/dcraw-9.20.ebuild: lcms? ( media-libs/lcms:0 ) ./media-gfx/dcraw/dcraw-9.21.ebuild: lcms? ( media-libs/lcms:0 ) ./media-gfx/dcraw/dcraw-9.17.ebuild: lcms? ( media-libs/lcms:0 ) ./media-gfx/dcraw/dcraw-9.19.ebuild: lcms? ( media-libs/lcms:0 ) ./media-gfx/dcraw/dcraw-9.22.ebuild: lcms? ( media-libs/lcms:0 ) ./media-gfx/splashutils/splashutils-1.5.4.4-r1.ebuild: media-libs/lcms:0[static-libs] ./media-gfx/splashutils/splashutils-1.5.4.4-r2.ebuild: media-libs/lcms:0[static-libs] ./media-gfx/splashutils/splashutils-1.5.4.4-r4.ebuild: media-libs/lcms:0[static-libs] ./media-gfx/splashutils/splashutils-1.5.4.4-r3.ebuild: media-libs/lcms:0[static-libs] ./media-gfx/ufraw/ufraw-0.19.2.ebuild: media-libs/lcms:0 ./media-gfx/mate-image-viewer/mate-image-viewer-1.6.2.ebuild: lcms? ( media-libs/lcms:0 ) ./media-gfx/gqview/gqview-2.1.5.ebuild: lcms? ( media-libs/lcms:0 ) ./media-gfx/photoprint/photoprint-0.4.2_pre2.ebuild: media-libs/lcms:0 ./sys-apps/tuxonice-userui/tuxonice-userui-1.1-r2.ebuild: media-libs/lcms:0[static-libs] ./dev-python/pillow/pillow-2.5.3.ebuild: lcms? ( media-libs/lcms:0= ) ./dev-python/pillow/pillow-2.3.1.ebuild: lcms? ( media-libs/lcms:0= ) ./dev-python/pillow/pillow-2.4.0.ebuild: lcms? ( media-libs/lcms:0= ) ./dev-python/imaging/imaging-1.1.7-r4.ebuild: lcms? ( media-libs/lcms:0 ) ./dev-python/imaging/imaging-1.1.7-r1.ebuild: lcms? ( media-libs/lcms:0 ) ./dev-python/imaging/imaging-1.1.7-r2.ebuild: lcms? ( media-libs/lcms:0 )
I have identified the following packages currently in tree with exclusive dependencies on lcms:0 (usually depending on use flag): app-emulation/crossover-bin dev-python/imaging dev-python/pillow media-gfx/dcraw media-gfx/entangle media-gfx/exact-image media-gfx/f-spot media-gfx/geeqie media-gfx/gqview media-gfx/mate-image-viewer media-gfx/photoprint media-gfx/rawstudio media-gfx/splashutils media-libs/devil media-libs/sk1libs sci-libs/libecwj2 sys-apps/tuxonice-userui www-client/netsurf Packages with old or specific versions depending on lcms:0 <app-emulation/wine-1.6.2 <gnome-extra/gnome-color-manager-3.10.1 <media-gfx/eog-3.10.2 <media-gfx/gimp-2.8.8 <media-gfx/ufraw-0.20 =media-gfx/xsane-0.999 With optional dependency on lcms:0 media-libs/oyranos Also needs update: app-emulation/emul-linux-x86-baselibs
So, gentlemen, let's do this properly: convert the bug here to a tracker and file a bug per affected package.
Template bug text: ============== media-libs/lcms:0 is unmaintained, has seen no releases since 2009, and (according to upstream) is affected by unspecified serious security issues. Please * either upgrade your package to use media-libs/lcms:2, * or hard-disable an optional dependency on media-libs/lcms:0, * or mask your package for removal. Thank you! ==============
individual bug reports filed. Excluding media-libs/oyranos After all individual bugs are resolved app-emulation/emul-linux-x86-baselibs has to be fixed as well. Omitting a bugreport for the moment.
+ 07 Mar 2015; Andreas K. Huettel <dilfridge@gentoo.org> + -crossover-bin-12.1.2-r2.ebuild, -crossover-bin-12.2.0-r2.ebuild, + -crossover-bin-12.2.1-r2.ebuild, -crossover-bin-12.2.2-r1.ebuild: + Drop old versions, see bug 526806 +
eek wrong bug
Masked for removal
Future mask message (corrected): # Andreas K. Huettel <dilfridge@gentoo.org> # media-libs/lcms:0 has serious security issues, is unmaintained # and will be removed in 30 days, see bug 526642 # With it we remove its last reverse dependencies, # media-libs/sk1libs media-gfx/uniconvw sci-libs/libecwj2, # see bug 526838 media-libs/lcms:0 media-gfx/uniconvw media-libs/sk1libs sci-libs/libecwj2
Masked for removal 27 May 2015; Matthias Maier <tamiko@gentoo.org> package.mask: mask lcms:0 for removal, bug #526642
Aaaand lcms:0 is gone. :)