path: root/profiles/hardened/package.mask

# Copyright 2007 Gentoo Foundation.
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/profiles/hardened/package.mask,v 1.23 2007/04/26 14:02:39 phreak Exp $

# This file is additional masking for the hardened profile

# Christian Heim <phreak@gentoo.org> (28 January 2007)
# Mask sys-devel/autoconf-2.61 due to bug #161566
=sys-devel/autoconf-2.61
# needs >=sys-devel/autoconf-2.60b
app-i18n/uim-svn
~sys-apps/coreutils-6.9
=net-dns/libidn-0.6.9-r1

# Mask off gcc-4 for all hardened arches until SSP is sorted out (i.e.
# backport for gcc-4.0 and 4.0/4.1 rigged for SSP support in the C
# library).  After that, may still need to be masked on x86 as some
# PIC assembler that worked pre-4 fails post-4, e.g. bug #104966).
# If you want to play with it, unmask in /etc/portage/package.unmask
# but be prepared to rebuild anything you build with gcc-4, later.
# 2006-01-11 kevquinn
=sys-devel/gcc-4*

# Mask off glibc-2.4 until the approach for SSP compatibilty is
# resolved in a way that doesn't break running systems, and we
# have a sensible upgrade path.  Advise having a static busybox
# around if you try it in a live system.
# 2006-03-13 kevquinn
=sys-libs/glibc-2.4*
# And 2.5...
# 2006-10-09 kevquinn
=sys-libs/glibc-2.5*

# needs >=sys-libs/glibc-2.4
>=app-arch/rar-3.7.0_beta1

# These packages do more harm than good w/ hardened.
# users must now the opensource xorg nv driver with nvidia cards.
# By placing Driver "nv" in xorg.conf
# 2006-06-29 solar
x11-drivers/nvidia-drivers
x11-drivers/nvidia-legacy-drivers
media-video/nvidia-settings

# Shouldn't be merging these SELinux packages on this profile
# but this keeps repoman happy since they require >=glibc-2.4
# 20061009 pebenito
>=sys-libs/libselinux-1.30.29
>=sys-libs/libsemanage-1.6.17
>=sys-apps/policycoreutils-1.30.30
>=sys-apps/checkpolicy-1.30.12
sec-policy/selinux-acpi
>=sec-policy/selinux-apache-20060101
>=sec-policy/selinux-arpwatch-20060101
>=sec-policy/selinux-asterisk-20060101
>=sec-policy/selinux-audio-entropyd-20060101
sec-policy/selinux-avahi
>=sec-policy/selinux-base-policy-20060101
>=sec-policy/selinux-bind-20060101
sec-policy/selinux-bluez
>=sec-policy/selinux-clamav-20060101
>=sec-policy/selinux-clockspeed-20060101
>=sec-policy/selinux-courier-imap-20060101
>=sec-policy/selinux-cyrus-sasl-20060101
>=sec-policy/selinux-daemontools-20060101
>=sec-policy/selinux-dante-20060101
sec-policy/selinux-dbus
sec-policy/selinux-desktop
>=sec-policy/selinux-dhcp-20060101
>=sec-policy/selinux-distcc-20060101
>=sec-policy/selinux-djbdns-20060101
>=sec-policy/selinux-ftpd-20060101
>=sec-policy/selinux-gnupg-20060101
>=sec-policy/selinux-gpm-20060101
sec-policy/selinux-hal
>=sec-policy/selinux-ipsec-tools-20060101
>=sec-policy/selinux-jabber-server-20060101
>=sec-policy/selinux-kerberos-20060101
>=sec-policy/selinux-logrotate-20060101
>=sec-policy/selinux-lvm-20060101
>=sec-policy/selinux-mdadm-20060101
>=sec-policy/selinux-mysql-20060101
>=sec-policy/selinux-nfs-20060101
>=sec-policy/selinux-ntop-20060101
>=sec-policy/selinux-ntp-20060101
>=sec-policy/selinux-openldap-20060101
>=sec-policy/selinux-openvpn-20060101
sec-policy/selinux-pcmcia
>=sec-policy/selinux-portmap-20060101
>=sec-policy/selinux-postfix-20060101
>=sec-policy/selinux-postgresql-20060101
>=sec-policy/selinux-privoxy-20060101
>=sec-policy/selinux-procmail-20060101
>=sec-policy/selinux-publicfile-20060101
>=sec-policy/selinux-qmail-20060101
>=sec-policy/selinux-samba-20060101
>=sec-policy/selinux-screen-20060101
>=sec-policy/selinux-snmpd-20060101
>=sec-policy/selinux-snort-20060101
>=sec-policy/selinux-spamassassin-20060101
>=sec-policy/selinux-squid-20060101
>=sec-policy/selinux-stunnel-20060101
>=sec-policy/selinux-sudo-20060101
>=sec-policy/selinux-tftpd-20060101
>=sec-policy/selinux-ucspi-tcp-20060101
>=sec-policy/selinux-wireshark-20060101