diff options
| author |   Ulrich Müller <ulm@gentoo.org> | 2020-11-21 13:04:16 +0100 |
|---|---|---|
| committer | Ulrich Müller <ulm@gentoo.org> | 2020-11-21 13:04:16 +0100 |
| commit | 65423dc00cf49422061d3d6ee4ca2143bd3ca1b1 (patch) | |
| tree | 6e70cd81d500bd361d9060317fe9c4751f675023 /profiles/base | |
| parent | dev-lang/erlang: bump up to 23.1.4 (diff) | |
| download | gentoo-65423dc00cf49422061d3d6ee4ca2143bd3ca1b1.tar.gz gentoo-65423dc00cf49422061d3d6ee4ca2143bd3ca1b1.tar.bz2 gentoo-65423dc00cf49422061d3d6ee4ca2143bd3ca1b1.zip | |
profiles/base: Restore bundled-libjpeg-turbo USE mask for net-im/zoom.
The libturbojpeg.so bundled with >=zoom-5.3 has an empty DT_RPATH
(see output of "readelf -d" or "scanelf -r"). This is insecure
because the loader will search the working directory when it finds
an empty path.
Bug: https://bugs.gentoo.org/715106
Signed-off-by: Ulrich Müller <ulm@gentoo.org>
Diffstat (limited to 'profiles/base')
| -rw-r--r-- | profiles/base/package.use.mask | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/profiles/base/package.use.mask b/profiles/base/package.use.mask index 8c38a335cfca..333877fee6f2 100644 --- a/profiles/base/package.use.mask +++ b/profiles/base/package.use.mask @@ -116,6 +116,14 @@ dev-util/meson test # Requires dev-vcs/ghp-import that is masked for removal. www-apps/nikola ghpages +# Ulrich Müller <ulm@gentoo.org> (2020-04-08, 2020-11-21) +# Old versions of libjpeg-turbo have known security issues. +# The version included with >=zoom-5.3 has an empty DT_RPATH, +# which is insecure because the loader will search the working +# directory when it finds an empty path. +# Use the bundled lib on your own risk. Bug #715106. +net-im/zoom bundled-libjpeg-turbo + # Alfredo Tupone <tupone@gentoo.org> (2020-04-04) # Ada support is not yet ready for sys-deve/gcc sys-devel/gcc ada |