sys-cluster/ceph: fix "RGW Denial of Service" security bug

reasons for why p.mask them instead of removing:

ceph has kind of picky upgrade path for new versions.
for example, users want an online upgrade to 10.x while they are still using
old version (<0.94.x), need to upgrade to 0.94.x/9.x first, then upgrade 10.x

http://docs.ceph.com/docs/master/release-notes/
search: Upgrading from Firefly

Closes: https://github.com/gentoo/gentoo/pull/3394

Gentoo-Bug: 598206

Signed-off-by: Yixun Lan <dlan@gentoo.org>

diff --git a/profiles/package.mask b/profiles/package.mask
index cb176eb7eef79780fe6cc296046b1a39148fa758..944e75c266acdbdb0b72657130b39a7aa7446c97 100644 (file)
--- a/profiles/package.mask
+++ b/profiles/package.mask
@@ -30,6 +30,12 @@
 
 #--- END OF EXAMPLES ---
 
+# Yixun Lan <dlan@gentoo.org> (16 Jan 2017)
+# Masked, Vulnerable due to RGW Denial of Service (bug #598206)
+# We mask it instead of removing them, due user may need them while
+# upgrade from old versions (<0.94.x)
+<sys-cluster/ceph-10.2.3-r1
+
 # Patrice Clement <monsieurp@gentoo.org> (15 Jan 2017)
 # Upstream dead a while ago. Sources are nowhere to be found.
 # Masked for removal in 30 days.