From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 7CCAC158009 for ; Thu, 29 Jun 2023 10:45:35 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id B252AE07B2; Thu, 29 Jun 2023 10:45:34 +0000 (UTC) Received: from smtp.gentoo.org (dev.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 9D581E07B2 for ; Thu, 29 Jun 2023 10:45:34 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id DE72B335D60 for ; Thu, 29 Jun 2023 10:45:33 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 7863C8DC for ; Thu, 29 Jun 2023 10:45:32 +0000 (UTC) From: "Sam James" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Sam James" Message-ID: <1688035504.29772084068486a60f4f8c3470869309b5c4d906.sam@gentoo> Subject: [gentoo-commits] repo/gentoo:master commit in: profiles/base/ X-VCS-Repository: repo/gentoo X-VCS-Files: profiles/base/package.use.mask X-VCS-Directories: profiles/base/ X-VCS-Committer: sam X-VCS-Committer-Name: Sam James X-VCS-Revision: 29772084068486a60f4f8c3470869309b5c4d906 X-VCS-Branch: master Date: Thu, 29 Jun 2023 10:45:32 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: 0960c381-0cc7-48db-9ab9-d8e681b03814 X-Archives-Hash: a61d71d76fe98ff56a69bd2f80ff9490 commit: 29772084068486a60f4f8c3470869309b5c4d906 Author: Sam James gentoo org> AuthorDate: Thu Jun 29 10:44:50 2023 +0000 Commit: Sam James gentoo org> CommitDate: Thu Jun 29 10:45:04 2023 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=29772084 profiles/base: mask net-libs/gnutls[sslv2,sslv3], dev-libs/openssl[sslv2,sslv3] Horribly insecure old protocols. Don't allow them to be enabled accidentally by stale configs in make.conf, i.e. make users opt in very explicitly by unmasking if they do need it. Signed-off-by: Sam James gentoo.org> profiles/base/package.use.mask | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/profiles/base/package.use.mask b/profiles/base/package.use.mask index b525117a3c16..56b900574092 100644 --- a/profiles/base/package.use.mask +++ b/profiles/base/package.use.mask @@ -6,6 +6,11 @@ # This file is only for generic masks. For arch-specific masks (i.e. # mask everywhere, unmask on arch/*) use arch/base. +# Sam James (2023-06-29) +# Insecure old versions of the SSL/TLS protocol. +net-libs/gnutls sslv2 sslv3 +dev-libs/openssl sslv2 sslv3 + # Sam James (2023-06-29) # Needs