path: root/profiles/package.mask

####################################################################
#
# When you add an entry to the top of this file, add your name, the date, and
# an explanation of why something is getting masked. Please be extremely
# careful not to commit atoms that are not valid, as it can cause large-scale
# breakage, especially if it ends up in the daily snapshot.
#
## Example:
##
## # Dev E. Loper <developer@gentoo.org> (28 Jun 2012)
## # Masking  these versions until we can get the
## # v4l stuff to work properly again
## =media-video/mplayer-0.90_pre5
## =media-video/mplayer-0.90_pre5-r1
#
# - Best last rites (removal) practices -
# Include the following info:
# a) reason for masking
# b) bug # for the removal (and yes you should have one)
# c) date of removal (either the date or "in x days")
#
## Example:
##
## # Dev E. Loper <developer@gentoo.org> (23 May 2015)
## # Masked for removal in 30 days.  Doesn't work
## # with new libfoo. Upstream dead, gtk-1, smells
## # funny. (bug #987654)
## app-misc/some-package

#--- END OF EXAMPLES ---

# Michael Palimaka <kensington@gentoo.org> (30 Sep 2017)
# Blocks cleanup of dead and vulnerable qtwebkit4.
# Depends on dead qt4. Dead upstream.
# Masked for removal in 30 days. Bug #624244.
sci-chemistry/mongochem

# Michael Palimaka <kensington@gentoo.org> (29 Sep 2017)
# Various regressions compared to previous release.
# Masked pending more information from upstream.
>=x11-misc/albert-0.13.0

# Michael Palimaka <kensington@gentoo.org> (26 Sep 2017)
# Requires dead Qt 4. Dead upstream.
# Masked for removal in 30 days.
kde-misc/konstruktor

# Michael Palimaka <kensington@gentoo.org> (26 Sep 2017)
# Requires dead Qt 4. Dead upstream.
# Masked for removal in 30 days.
kde-misc/kookie

# Andreas Sturmlechner <asturm@gentoo.org> (26 Sep 2017)
# Requires dead Qt 4. Dead upstream. Use media-sound/cantata
# instead, which originally started as a QtMPC fork but is
# much more advanced. Masked for removal in 30 days.
media-sound/qtmpc

# Andreas K. Huettel <dilfridge@gentoo.org> (23 Sep 2017)
# Broken on Perl 5.26 (bug 623096), no fix in sight. No consumers.
# Removal in 30 days.
dev-perl/rpm-build-perl

# Hans de Graaff <graaff@gentoo.org> (23 Sep 2017) Mask old
# unmaintained slots for removal in 30 days. Upgrade to the newer
# slots.
dev-ruby/capybara:0
dev-ruby/xpath:0

# Bernard Cafarelli <voyageur@gentoo.org> (20 Sep 2017)
# Requires qt 5.8, not yet in tree. Bug #631570
>=media-video/orion-1.6.0

# Michael Palimaka <kensington@gentoo.org> (21 Sep 2017)
# Requires dead Qt 4. Dead upstream.
# Masked for removal in 30 days.
media-libs/herqq

# Patrice Clement <monsieurp@gentoo.org> (20 Sep 2017)
# Upstream has been dead for years.
# Masked for removal in 30 days.
dev-java/db4o-jdk5
dev-java/db4o-jdk11
dev-java/db4o-jdk12

# Andrey Grozin <grozin@gentoo.org> (19 Sep 2017)
# This package was a stopgap to bump dev-python/spyder to 3.*
# Now >=dev-python/rope-0.10.7 supports python3, use it instead
# Masked for removal in 30 days.
dev-python/rope_py3k

# Pawel Hajdan, Jr. <phajdan.jr@gentoo.org> (18 Sep 2017)
# Dev channel releases are only for people who are developers or want more
# experimental features and accept a more unstable release.
>=www-client/chromium-63

# Kent Fredric <kentnl@gentoo.org> (18 Sep 2017)
# Dead upstream, requires Module::Install. May be kept
# if somebody can make an argument for it. Bug #631334
# Masked for removal in 30 days.
dev-perl/PerlIO-via-symlink

# Andreas Sturmlechner <asturm@gentoo.org> (16 Sep 2017)
# Unfortunately broken esp. with USE=python. Bugs #623780, #631064
=sci-geosciences/qgis-2.18.12-r100

# Michael Palimaka <kensington@gentoo.org> (11 Sep 2017)
# Requires dead Qt 4. Dead upstream. Fails to build with new x11-libs/qscintilla.
# Masked for removal in 30 days. Bug #628224.
app-editors/qwriter

# Michael Palimaka <kensington@gentoo.org> (11 Sep 2017)
# Requires dead Qt 4. Dead upstream. Fails to build with new x11-libs/qscintilla.
# Masked for removal in 30 days. Bug #628228.
dev-util/kscope

# Michael Palimaka <kensington@gentoo.org> (11 Sep 2017)
# Requires dead Qt 4. Dead upstream. Fails to build with new x11-libs/qscintilla.
# Masked for removal in 30 days. Bug #628230.
dev-util/monkeystudio

# Michael Palimaka <kensington@gentoo.org> (11 Sep 2017)
# Requires dead Qt 4. Dead upstream. Fails to build with new x11-libs/qscintilla.
# Masked for removal in 30 days. Bug #628234.
dev-util/universalindentgui

# Andreas Sturmlechner <asturm@gentoo.org> (10 Sep 2017)
# Requires dead Qt 4. Dead upstream. Does not work.
# Use net-misc/dropbox or kde-apps/dolphin-plugins instead.
# Masked for removal in 30 days.
kde-misc/kfilebox

# Andreas Sturmlechner <asturm@gentoo.org> (10 Sep 2017)
# Requires dead Qt 4. Dead upstream. Unmaintained.
# Use media-video/kmplayer or kde-apps/dragon instead.
# Masked for removal in 30 days.
media-video/kplayer

# Michael Palimaka <kensington@gentoo.org> (10 Sep 2017)
# Requires dead Qt 4. Dead upstream. Build failures.
# Bug #622548, #623574. Masked for removal in 30 days.
net-libs/qmf

# Michael Palimaka <kensington@gentoo.org> (10 Sep 2017)
# Requires dead Qt 4. Dead upstream. Use Qt 5 instead.
# Depends on vulnerable gstreamer:0.10.
# Masked for removal in 30 days.
dev-qt/qt-mobility

# Michael Palimaka <kensington@gentoo.org> (09 Sep 2017)
# Requires dead Qt 4. Dead upstream.
# Masked for removal in 30 days.
app-text/kding

# Michael Palimaka <kensington@gentoo.org> (09 Sep 2017)
# Requires dead Qt 4. Dead upstream. Unmaintained.
# Masked for removal in 30 days.
sys-process/procexp

# Michael Palimaka <kensington@gentoo.org> (09 Sep 2017)
# Requires dead Qt 4. Dead upstream. Unmaintained.
# Masked for removal in 30 days.
x11-apps/python-whiteboard

# Patrice Clement <monsieurp@gentoo.org> (09 Sep 2017)
# Python 3 port is almost complete with version 0.6.0. Users might run into
# minor bumps here and there which is why the mask is still in place for the
# time being.
>=dev-java/javatoolkit-0.6.0

# Alon Bar-Lev <alonbl@gentoo.org> (08 Sep 2017)
# Complex build system, hard to maintain, no dependencies in tree, upstream
# does not cooperate (Bug#630420).
# Removal in 30 days.
dev-libs/cryptlib

# Alon Bar-Lev <alonbl@gentoo.org> (08 Sep 2017)
# Upstream no longer maintain (Bug#628908).
# Removal in 30 days.
sys-auth/pam_pkcs11

# Austin English <wizardedit@gentoo.org> (05 Sep 2017)
# Download has been broken for nearly a year, no alternative found
# Bug: https://bugs.gentoo.org/599390
# Removal in 30 days
games-rpg/nwmouse
games-rpg/nwmovies
games-rpg/nwn
games-rpg/nwn-cep
games-rpg/nwn-data
games-rpg/nwn-penultima
games-rpg/nwn-penultimarerolled
games-rpg/nwn-shadowlordsdreamcatcherdemon

# Kent Fredric <kentnl@gentoo.org> (05 Sep 2017)
# Broken since Perl 5.16 circa 2012, no longer maintained upstream
# Bug: https://bugs.gentoo.org/623900
# Bug: https://rt.cpan.org/Public/Bug/Display.html?id=85991
# Removal in 30 days
dev-perl/XML-AutoWriter

# Gilles Dartiguelongue <eva@gentoo.org> (04 Sep 2017)
# Incompatible changes in API in Enchant 2. Bug #629838.
>=app-text/enchant-2

# Lars Wendler <polynomial-c@gentoo.org> (03 Sep 2017)
# Masked because a new object API was introduced which breaks consumers:
# https://cgit.freedesktop.org/poppler/poppler/commit/poppler/Object.h?id=9773c1534668d84b8267c3e5c9d612076fa231a5
# See also our tracker bug: https://bugs.gentoo.org/629836
>=app-text/poppler-0.58.0

# Michael Palimaka <kensington@gentoo.org> (03 Sep 2017)
# Dead upstream. Use media-libs/phonon instead.
# Masked for removal in 30 days. Bug #629144.
dev-qt/qtphonon

# Gilles Dartiguelongue <eva@gentoo.org> (2 Sep 1017)
# Gnome 3.26 package mask
>=app-text/libgepub-0.5

# Aaron Bauman <bman@gentoo.org> (1 Sep 2017)
# vulnerable per bug #513818 and dead upstream
# net-analyzer/ntopng is available
net-analyzer/ntop

# James Le Cuirot <chewi@gentoo.org> (29 Aug 2017)
# The FOSS-friendly oracle-javamail has rendered other implementations
# and the virtual obsolete. Removal in 30 days. See bug #553186.
dev-java/gnu-classpath-inetlib
dev-java/gnu-javamail
dev-java/javax-mail
dev-java/sun-javamail
java-virtuals/javamail

# James Le Cuirot <chewi@gentoo.org> (29 Aug 2017)
# Old and holding up the removal of Java 7. Still alive upstream but
# new versions have proven too tricky to package under our current
# infrastructure. It may return one day. Removal in 30 days.
app-benchmarks/jmeter

# Jonas Stein <jstein@gentoo.org> (29 Aug 2017)
# SRC_URI and HOMEPAGE are dead and the ebuild is in a very bad 
# state. 
# Removal in 30 days. #629112.
app-text/adiff

# Michał Górny <mgorny@gentoo.org> (29 Aug 2017)
# The new snapshot introduces more issues than it fixes, even after
# reverting one of the most breaking commits. Downgrade to 4.13.0
# is suggested, I will probably add a new revision with some specific
# patches if necessary.
=xfce-base/xfwm4-4.13.0_p20170825

# Michał Górny <mgorny@gentoo.org> (28 Aug 2017)
# Alike xfce4-mixer, relies on gstreamer:0.10 (gstreamer:1.0 removed
# mixer wrappers). Last commit upstream in 2014. PulseAudio users
# can switch to xfce-extra/xfce4-pulseaudio-plugin
# or xfce-extra/xfce4-volumed-pulse.
# Removal in 30 days. Bug #629212.
xfce-extra/xfce4-volumed

# Anthony G. Basile <blueness@gentoo.org> (27 Aug 2017)
# Upstream is no longer providing public patches
sys-kernel/hardened-sources

# Mikle Kolyada <zlogene@gentoo.org> (26 Aug 2017)
# Masked for removal in 30 days.
# No major keywords,  old EAPI, no maintainer.
# Use sys-apps/less instead.
sys-apps/more

# Patrice Clement <monsieurp@gentoo.org> (23 Aug 2017)
# Packages depending on this library need to be tested first before
# it is unmasked. Possibly some slotting is still needed.
# Package testing tracked in bug #611022.
>=dev-libs/msgpack-1.4.2

# Michał Górny <mgorny@gentoo.org> (21 Aug 2017)
# xfce4-mixer is discontinued upstream and no longer considered part
# of the DE since 4.12. It requires vulnerable gstreamer:0.10, and no
# longer builds with the development versions of core Xfce4 components.
# The suggested replacement is xfce-extra/xfce4-pulseaudio-plugin.
# Removal in 30 days. Bug #628424.
xfce-extra/xfce4-mixer

# Hanno Boeck <hanno@gentoo.org> (21 Aug 2017)
# Open security bugs, no upstream, bug 628432
# Alternatives: app-arch/libarchive, app-arch/unar
app-arch/unrar-gpl

# Michał Górny <mgorny@gentoo.org> (20 Aug 2017)
# Pre-release of a new incompatible version that breaks the only reverse
# dependency in Gentoo. Masked until 2.0.0 proper is released, or
# dev-cpp/libjson-rpc-cpp is fixed, whichever happens first.
>=dev-cpp/catch-2

# Sébastien Fabbro <bicatali@gentoo.org> (19 Aug 2017)
# ipython-6 is python-3 only and causes circular dependencies
# Unset python_targets_python2_7 for ipykernel and ipyparallel if needed.
>=dev-python/ipython-6

# Michael Orlitzky <mjo@gentoo.org> (18 Aug 2017)
# Last version from 2011, and has a vulnerable init script
# (bug 603382). The proxy-maintainer is unknown to bugzilla,
# and the previous maintainer jmbsvicetto is OK with masking.
<net-misc/vde-2.3.2-r4

# Mats Lidell <matsl@gentoo.org> (17 Aug 2017)
# Masked ede and all its dependencies due to security reasons. 
# bug #398241
app-xemacs/ede
app-xemacs/semantic
app-xemacs/jde
app-xemacs/xslt-process
app-xemacs/xetla
app-xemacs/cogre
app-xemacs/ecb
app-xemacs/xemacs-packages-all

# Lars Wendler <polynomial-c@gentoo.org> (06 Aug 2017)
# Masked for security reasons:
# https://bugs.gentoo.org/600214
<app-emulation/virtualbox-5.0.40
<app-emulation/virtualbox-additions-5.0.40
<app-emulation/virtualbox-bin-5.0.40
<app-emulation/virtualbox-extpack-oracle-5.0.40
<app-emulation/virtualbox-guest-additions-5.0.40
<app-emulation/virtualbox-modules-5.0.40
<x11-drivers/xf86-video-virtualbox-5.0.40


# Bernard Cafarelli <voyageur@gentoo.org> (04 Aug 2017)
# Temporary mask as current net-ftp/filezilla does not compile
# with it, bug #626292
=dev-libs/libfilezilla-0.10.0

# Alexey Shvetsov <alexxy@gentoo.org> (26 Jul 2017)
# Its pre release so better to mask it
=media-gfx/freecad-0.17_pre*

# Kent Fredric <kentnl@gentoo.org> (21 Jul 2017)
# Masked due to serious regression that introduces widespread data
# corruption when storing data in blobs. Masked, because any code
# that is written to use this version is now dependent on this version
# and older versions will corrupt your code instead.
# However, any existing packages should not use this version.
# See: https://github.com/perl5-dbi/DBD-mysql/issues/117
=dev-perl/DBD-mysql-4.42.0

# Brian Evans <grknight@gentoo.org> (21 Jul 2017)
# Mask initial beta of PHP 7.2 for further testing
>=dev-lang/php-7.2.0_beta1
=virtual/httpd-php-7.2

# Mikhail Pukhlikov <cynede@gentoo.org> (20 Jul 2017)
# Old mono/dotnet packages (used on GNOME2 stack)
# also some deprecated forks used for monodevelop
# awhile they are very unstable they will live in dotnet overlay
gnome-extra/docky
dev-dotnet/gnome-desktop-sharp
dev-dotnet/gtksourceview-sharp
dev-dotnet/rsvg-sharp
dev-dotnet/vte-sharp
dev-dotnet/wnck-sharp
dev-dotnet/xdt-for-monodevelop
dev-dotnet/nuget
dev-dotnet/referenceassemblies-pcl

# Ian Stakenvicius <axs@gentoo.org> (19 Jul 2017)
# Mask spidermonkey:52 as it is a self-rolled release, no official
# release has been rolled.  Is only committed to support development
# versions of gjs.  Will unmask when gnome-3.26 is ready for testing
# or when upstream releases an official tarball.
dev-lang/spidermonkey:52

# Nicolas Bock <nicolasbock@gentoo.org> (17 Jul 2017)
# Keep shotwell development series masked.
>=media-gfx/shotwell-0.27

# Pacho Ramos <pacho@gentoo.org> (14 Jul 2017)
# Doesn't work with >=openvpn-2.3, bug 470696
# Fix is work in progress, see above bug. dilfridge@g.o
net-vpn/kvpnc

# Pacho Ramos <pacho@gentoo.org> (14 Jul 2017)
# Doesn't compile, upstream dead, removal in 2 months (#584296).
dev-util/mutrace

# Pacho Ramos <pacho@gentoo.org> (14 Jul 2017)
# Multiple unresolved bugs (#600680), need major version bumps and a
# maintainer, removal in 2 months.
dev-libs/libRocket
games-fps/warsow

# Pacho Ramos <pacho@gentoo.org> (14 Jul 2017)
# Dead for ages, relies on dead libs (#622010), you can move to moserial, cutecom or
# minicom. Removal in 2 months.
net-dialup/gtkterm

# Pacho Ramos <pacho@gentoo.org> (14 Jul 2017)
# Doesn't build (#623562). Removal in 2 months.
media-plugins/vdr-skinnopacity

# Lars Wendler <polynomial-c@gentoo.org> (07 Jul 2017)
# Masked until >=net-fs/samba-4.7 is in the tree and 
# unmasked. (bug #624106)
# See also https://bugzilla.samba.org/show_bug.cgi?id=12859
>=sys-libs/ldb-1.1.30
>=net-fs/samba-4.7.0_rc1

# Matthias Schwarzott <zzam@gentoo.org> (03 Jul 2017)
# The snapshots got a wrong version number assigned.
# They are from before version 2.0.0. Masking them to force
# an update to version 2.0.0 as soon as it is added to the tree.
=media-plugins/vdr-xineliboutput-2.0.0_p20130821
=media-plugins/vdr-xineliboutput-2.0.0_p20150220

# Thomas Deutschmann <whissi@gentoo.org> (28 Jun 2017)
# New strip feature which is enabled by default causes genkernel
# to create unbootable kernel/initramfs images. Bug #622716
=sys-kernel/genkernel-3.5.1.0

# Thomas Deutschmann <whissi@gentoo.org> (17 Jun 2017)
# Unmaintained in Gentoo repository; Multiple vulnerabilities
# People using VMware in Gentoo should switch to Gentoo's VMware overlay
# Bugs 619398, 621910, 616958, 536364, 614666, 612804 ...
app-emulation/vmware-workstation
app-emulation/vmware-player
app-emulation/vmware-modules
app-emulation/vmware-tools

# Raymond Jennings <shentino@gmail.com> (11 Jun 2017)
# Upstream announced EOL effective July 2017.
# Depends on qt4 which is being deprecated.
# Possible alternative is skypeforlinux,
# which uses the same account information but has different features.
# See bug #620722 and bug #608174.
dev-python/skype4py
media-sound/skype-call-recorder
net-im/skype
net-im/skypetab-ng

# Hans de Graaff <graaff@gentoo.org> (05 Jun 2017)
# Bundles obsolete and vulnerable webkit version.
# Upstream has stopped development and recommends using
# headless mode in >=www-client/chromium-59.
# Masked for removal in 90 days. Bug #589994.
www-client/phantomjs
dev-ruby/poltergeist

# Andreas K. Hüttel <dilfridge@gentoo.org> (5 June 2017)
# Masked for initial testing.
=dev-lang/perl-5.26.0
=dev-lang/perl-5.26.1
=virtual/perl-Archive-Tar-2.240.0
=virtual/perl-B-Debug-1.240.0
=virtual/perl-CPAN-2.180.0
=virtual/perl-CPAN-Meta-2.150.10
=virtual/perl-Carp-1.420.0
=virtual/perl-Compress-Raw-Bzip2-2.74.0
=virtual/perl-Compress-Raw-Zlib-2.74.0
=virtual/perl-DB_File-1.840.0
=virtual/perl-Data-Dumper-2.167.0
=virtual/perl-Devel-PPPort-3.350.0
=virtual/perl-Digest-MD5-2.550.0
=virtual/perl-Digest-SHA-5.960.0
=virtual/perl-Encode-2.880.0
=virtual/perl-ExtUtils-MakeMaker-7.240.0
=virtual/perl-ExtUtils-ParseXS-3.340.0
=virtual/perl-File-Spec-3.670.0
=virtual/perl-Filter-Simple-0.930.0
=virtual/perl-Getopt-Long-2.490.0
=virtual/perl-HTTP-Tiny-0.70.0
=virtual/perl-I18N-LangTags-0.420.0
=virtual/perl-IO-1.380.0
=virtual/perl-IO-Compress-2.74.0
=virtual/perl-IO-Socket-IP-0.380.0
=virtual/perl-IPC-Cmd-0.960.0
=virtual/perl-JSON-PP-2.274.0.200_rc
=virtual/perl-Locale-Maketext-1.280.0
=virtual/perl-Math-BigInt-1.999.806-r1
=virtual/perl-Math-BigInt-FastCalc-0.500.500
=virtual/perl-Math-BigRat-0.261.100
=virtual/perl-Math-Complex-1.590.100
=virtual/perl-Module-Load-Conditional-0.680.0
=virtual/perl-Module-Metadata-1.0.33
=virtual/perl-Net-Ping-2.550.0
=virtual/perl-Parse-CPAN-Meta-2.150.10
=virtual/perl-Perl-OSType-1.10.0
=virtual/perl-Pod-Simple-3.350.0
=virtual/perl-Safe-2.400.0
=virtual/perl-Scalar-List-Utils-1.460.200_rc
=virtual/perl-Storable-2.620.0
=virtual/perl-Sys-Syslog-0.350.0
=virtual/perl-Term-ANSIColor-4.60.0
=virtual/perl-Term-ReadLine-1.160.0
=virtual/perl-Test-1.300.0
=virtual/perl-Test-Harness-3.380.0
=virtual/perl-Test-Simple-1.302.73
=virtual/perl-Thread-Queue-3.120.0
=virtual/perl-Thread-Semaphore-2.130.0
=virtual/perl-Time-Local-1.250.0
=virtual/perl-XSLoader-0.270.0
=virtual/perl-bignum-0.470.0
=virtual/perl-libnet-3.100.0
=virtual/perl-parent-0.236.0
=virtual/perl-podlators-4.90.0
=virtual/perl-threads-2.150.0
=virtual/perl-threads-shared-1.560.0
=virtual/perl-version-0.991.700
#
# The following masks are technically not part of the Perl 5.26 block,
# but with the unmasking of Perl 5.26 they become obsolete and can be
# removed:
#
>=perl-core/ExtUtils-MakeMaker-7.180.0
>=dev-perl/Net-Twitter-4.10.420
>=perl-core/Math-BigInt-1.999.726
>=dev-perl/Math-BigInt-GMP-1.600.0
=perl-core/Test-Simple-1.302.96
=virtual/perl-Test-Simple-1.302.96
dev-perl/Test2-Suite
>=dev-perl/Data-Validate-Domain-0.120.0
dev-perl/Test2-Plugin-NoWarnings
dev-perl/Params-ValidationCompiler
dev-perl/Sub-Info
dev-perl/Term-Table
>=dev-perl/DateTime-Locale-1.60.0
>=dev-perl/DateTime-TimeZone-2.20.0
>=dev-perl/DateTime-1.370.0
>=dev-perl/DateTime-Format-Strptime-1.710.0
>=dev-perl/Log-Dispatch-2.590.0
>=dev-perl/App-pwhich-1.150.0

# Thomas Deutschmann <whissi@gentoo.org> (24 May 2017)
# Broken runscript/changed behavior causing lvm2 to fail
# on boot. Bug #617578
>=sys-fs/lvm2-2.02.171

# Michał Górny <mgorny@gentoo.org> (22 May 2017)
# for Maciej S. Szmigiero <mail@maciej.szmigiero.name>
# Any version above 5.100.138 breaks b43 driver in various ways.
# Also, b43 wiki page says to use 5.100.138. Bug #541080.
>=sys-firmware/b43-firmware-6.30.163.46

# Michał Górny <mgorny@gentoo.org>, Andreas K. Hüttel <dilfridge@gentoo.org>,
# Matthias Maier <tamiko@gentoo.org> (21 May 2017)
# These old versions of toolchain packages (binutils, gcc, glibc) are no
# longer officially supported and are not suitable for general use. Using
# these packages can result in build failures (and possible breakage) for
# many packages, and may leave your system vulnerable to known security
# exploits.
# If you still use one of these old toolchain packages, please upgrade (and
# switch the compiler / the binutils) ASAP. If you need them for a specific
# (isolated) use case, feel free to unmask them on your system.
<sys-devel/gcc-4.9
<sys-libs/glibc-2.23-r4
<sys-devel/binutils-2.28.1

# Michał Górny <mgorny@gentoo.org> (20 May 2017)
# Old versions of CUDA and their reverse dependencies. They do not
# support GCC 4.9+, and are really old.
<dev-python/pycuda-2016
<dev-util/nvidia-cuda-sdk-7
<dev-util/nvidia-cuda-toolkit-7
net-wireless/cpyrit-cuda

# Maciej Mrozowski <reavertm@gentoo.org> (18 May 2017)
# Experimental, most consumers does not support it yet
>=dev-games/openscenegraph-3.5.5
>=dev-games/openscenegraph-qt-3.5.5

# Bernard Cafarelli <voyageur@gentoo.org> (8 May 2017)
# Coordinated conversion to wxGTK:3.0-gtk3
# Drop mask after migration of existing wxGTK:3.0 users
# and wxGTK-3.0.3 bump in tree
>=net-ftp/filezilla-3.25.2-r1

# Zac Medico <zmedico@gentoo.org> (01 May 2017)
# Possible API incompatibilities, bug #617174.
# http://aiohttp.readthedocs.io/en/latest/migration.html
>=dev-python/aiohttp-2
>=dev-python/yarl-0.10

# Rick Farina <zerochaos@gentoo.org> (17 Apr 2017)
# Masking old versions because upstream changed versioning
# Please keep this mask for 1 year to ease upgrades for users
=app-crypt/hashcat-3.10-r1
=app-crypt/hashcat-3.30
=app-crypt/hashcat-3.40

# Lars Wendler <polynomial-c@gentoo.org> (24 Mar 2017)
# Masked until Mozilla and Chrome agreed how to handle
# Symantec trust issues properly (bug #613714)
=app-misc/ca-certificates-20161130.3.30-r1

# Eray Aslan <eras@gentoo.org> (01 Mar 2017)
# Mask experimental software
=mail-mta/postfix-3.3*

# Davide Pesavento <pesa@gentoo.org> (25 Feb 2017)
# Library name changed in 2.10, breaking many consumers.
# Needs full revdep testing.
>=dev-python/qscintilla-python-2.10
>=x11-libs/qscintilla-2.10

# Mart Raudsepp <leio@gentoo.org> (16 Feb 2017)
# Old gstreamer 0.10 version, which is security vulnerable.
# Use gstreamer:1.0 with media-plugins/gst-plugins-libav
# instead (despite the name, it uses media-video/ffmpeg too).
# Please keep this mask entry until gstreamer:0.10 is still
# in tree or at least gets an affecting GLSA from bug 601354
# Bug #594878.
media-plugins/gst-plugins-ffmpeg

# Kent Fredric <kentnl@gentoo.org> (04 Feb 2017)
# Unsecure versions that have been only restored to tree
# to resolve compatibility problems with mail-filter/amavisd-new
# Use with caution due to these being removed for CVE-2016-1251
# Bug: #601144
# Bug: #604678
<dev-perl/DBD-mysql-4.41.0

# Alon Bar-Lev <alonbl@gentoo.org> (06 Feb 2017)
# Needs openssl-1.1
>=dev-libs/opencryptoki-3.6

# Bernard Cafarelli <voyageur@gentoo.org> (30 Jan 2017)
# Alpha release with new features, masked for testing
=app-text/tesseract-4.00.00_alpha*

# Michał Górny <mgorny@gentoo.org> (26 Jan 2017)
# Pre-release, masked for testing. Major changes since 2.0.4,
# including dropped support for BlueZ 4.
=net-wireless/blueman-2.1_alpha*

# Yixun Lan <dlan@gentoo.org> (16 Jan 2017)
# Masked, Vulnerable due to RGW Denial of Service (bug #598206)
# We mask it instead of removing them, due user may need them while
# upgrade from old versions (<0.94.x)
<sys-cluster/ceph-10.2.3-r1

# Jeroen Roovers <jer@gentoo.org> (12 Jan 2017)
# Use x11-drivers/nvidia-drivers[tools] instead.
media-video/nvidia-settings

# Michael Orlitzky <mjo@gentoo.org> (07 Jan 2017)
# This package has some dangerous quality and security issues, but
# people may still find it useful. It is masked to prevent accidental
# use. See bugs 603346 and 604998 for more information.
app-admin/amazon-ec2-init

# Mart Raudsepp <leio@gentoo.org> (07 Jan 2017)
# No releases of this API version since March 2001, abandoned
# in favour of glib:2 for 14 years; bug 604966.
# Removed at 2017-02-08, mask kept for longer display to users.
dev-libs/glib:1

# Mart Raudsepp <leio@gentoo.org> (06 Jan 2017)
# No releases of this API version since April 2001, abandoned
# in favour of gtk+:2 for 14 years; bug 604862.
# Removed at 2017-02-08, mask kept for longer display to users.
x11-libs/gtk+:1

# Robin H. Johnson <robbat2@gentoo.org> (05 Jan 2017)
# Masking for testing
=app-emulation/ganeti-2.16*
=app-emulation/ganeti-2.17*

# Markos Chandras <hwoarang@gentoo.org> (10 Dec 2016)
# Reverse dependencies need testing, wrt bug #580760
>=net-libs/libtorrent-rasterbar-1.1.1

# Robin H. Johnson <robbat2@gentoo.org> (18 Nov 2016)
# Depends on slotted lua, 
# odd revisions are slotted lua, 
# even revisions are unslotted lua
=dev-db/redis-3.2.5-r1
=dev-db/redis-3.2.5-r5
=dev-db/redis-3.2.6-r1
=dev-db/redis-3.2.6-r5
=dev-db/redis-3.2.8-r1
=dev-db/redis-3.2.8-r3

# Ian Stakenvicius (17 Nov 2016)
# Does not honour LD_LIBRARY_PATH set in the environment, causing
# all mozilla packages to fail in src_install() when xpcshell is
# called in ${WORKDIR}, #580726
# Segfaults when creating directories #578582
=sys-apps/sandbox-2.11*

# Michał Górny <mgorny@gentoo.org> (17 Nov 2016)
# New version masked for testing. It supports source-window buffer size
# over 2G but it 'currently performs 3-5% slower and has 1-2% worse
# compression'.
>=dev-util/xdelta-3.1.0

# Tim Harder <radhermit@gentoo.org> (03 Nov 2016)
# Masked for testing
=sys-fs/fuse-3.0.0*

# Denis Dupeyron <calchan@gentoo.org> (12 Sep 2016)
# Masked for testing, see bug #588894.
=x11-misc/light-locker-1.7.0-r1

# Lars Wendler <polynomial-c@gentoo.org> (26 Aug 2016)
# Masked while being tested and reverse deps aren't fully compatible
=dev-libs/openssl-1.1*

# Michał Górny <mgorny@gentoo.org> (18 Jul 2016)
# Pre-release of a complete rewrite, provided for early testing. Not all
# functionality is provided yet. Use --pretend to make sure correct
# files will be removed.
>=app-admin/eclean-kernel-1.99

# Chris Reffett <creffett@gentoo.org> (25 May 2016)
# The webkit-gtk:4 backend for Xiphos has known text display issues.
# Use at your own risk.
=app-text/xiphos-4.0.4-r1

# James Le Cuirot <chewi@gentoo.org> (03 Apr 2016)
# Masking Spring Framework for the time being as 3.2.4 is old, has
# multiple vulnerabilities, and we're not likely to update it
# soon. Hopefully we can revisit it when the Maven stuff works out.
dev-java/spring-aop
dev-java/spring-beans
dev-java/spring-core
dev-java/spring-expression
dev-java/spring-instrument

# Andreas K. Hüttel <dilfridge@gentoo.org> (03 Apr 2016)
# Can exhaust all available memory depending on task
# but is made available for experts who heed this warning
# as newer versions produce different output. Contact
# the proxied maintainer Matthew Brewer <tomboy64@sina.cn>
# for questions.
<=media-gfx/slic3r-1.1.9999

# José María Alonso <nimiux@gentoo.org> (24 Mar 2016)
# Fails to build dev-lisp/sbcl-1.3.3 #563812
=dev-lisp/asdf-3.1.7
=dev-lisp/uiop-3.1.7

# James Le Cuirot <chewi@gentoo.org> (07 Feb 2016)
# Masked until 2.0 final arrives, which hopefully won't depend on
# commons-dbcp:0 as that requires Java 6. Note that the 2.0 in the
# tree should have actually been 2.0_beta1. There are no revdeps.
dev-java/jcs

# Andrey Grozin <grozin@gentoo.org> (04 Jan 2016)
# Needs a bump and substantial ebuild rewrite
=sci-mathematics/reduce-20110414-r1

# Michał Górny <mgorny@gentoo.org> (30 Oct 2015)
# Uses unsafe ioctls that could result in data corruption. Upstream
# is working on replacing them in the wip/dedup-syscall branch.
# Keep it masked until they are done. sys-fs/duperemove is
# the suggested replacement for the meantime.
sys-fs/bedup

# Ian Delaney <idella4@gentoo.org> (27 Oct 2015)
# fails to build dev-lisp/sbcl-1.2.16 #563812
# mgorny: dev-lisp/uiop as version-bound revdep
=dev-lisp/asdf-3.1.6
=dev-lisp/uiop-3.1.6

# Mike Pagano <mpagano@gentoo.org> (2 Oct 2015)
# A regression in kernel 4.1.9 could lead to a system
# lockup.  This has been fixed in gentoo-sources-4.1.9-r1
# and the hope is that this patch will make it to 4.1.10
# Expires (2 Oct 2017)
=sys-kernel/vanilla-sources-4.1.9
=sys-kernel/gentoo-sources-4.1.9

# Lars Wendler <polynomial-c@gentoo.org> (20 Aug 2015)
# Releases are not from original upstream but from a fork.
# Masked as requested by vapier.
~net-misc/iputils-20160308
~net-misc/iputils-20161105

# Sebastian Pipping <sping@gentoo.org> (8 Aug 2015)
# Upcoming, too young to go into testing unmasked
dev-libs/iniparser:4

# Davide Pesavento <pesa@gentoo.org> (23 Jul 2015)
# Standalone version of qtwebkit from the 2.3 upstream branch.
# Needs revdep testing. Bug #388207.
=dev-qt/qtwebkit-4.10*

# Justin Lecher <jlec@gentoo.org> (28 Feb 2015)
# Unfixed security problems
# No upstream support anymore
# CVE-2015-{0219,0220,0221,0222,5145}
# CVE-2016-{9013,9014},CVE-2017-{7233,7234}
# #536586
# #554864
=dev-python/django-1.4*
=dev-python/django-1.5*
=dev-python/django-1.6*
=dev-python/django-1.7*
=dev-python/django-1.9*

# Jeroen Roovers <jer@gentoo.org> (12 Dec 2014)
# The 96 and 173 branches are no longer supported and remain vulnerable to
# CVE-2014-8298 (bug #532342). You may be able to mitigate the vulnerability by
# disabling GLX indirect rendering protocol support on the X server.
<x11-drivers/nvidia-drivers-304

# Robin H. Johnson <robbat2@gentoo.org> (04 Aug 2014)
# Masked for testing, presently fails upstream testsuite:
# FAIL:07:02:35 (00:00:00) db_dump/db_load(./TESTDIR.3/recd001.db:child killed: kill signal): expected 0, got 1
# FAIL:07:02:35 (00:00:00) Dump/load of ./TESTDIR.3/recd001.db failed.
# FAIL:07:02:35 (00:00:00) db_verify_preop: expected 0, got 1
=sys-libs/db-6.1*
=sys-libs/db-6.2*

# Ulrich Müller <ulm@gentoo.org> (15 Jul 2014)
# Permanently mask sys-libs/lib-compat and its reverse dependencies,
# pending multiple security vulnerabilities and QA issues.
# See bugs #515926 and #510960.
sys-libs/lib-compat
sys-libs/lib-compat-loki
games-action/mutantstorm-demo
games-action/phobiaii
games-fps/rtcw
games-fps/unreal
games-strategy/heroes3
games-strategy/heroes3-demo
games-strategy/smac

# Mikle Kolyada <zlogene@gentoo.org> (27 Jun 2014)
# Masked for proper testing. (Major updates in the code).
~dev-perl/PortageXS-0.2.12

# Hans de Graaff <graaff@gentoo.org> (1 Jun 2014)
# Mask new rubinius version for testing. This needs more work
# to fully integrate it in our Gentoo ruby handling. Volunteers
# welcome.
=dev-lang/rubinius-3*

# Matti Bickel <mabi@gentoo.org> (22 Apr 2014)
# Masked slotted lua for testing
# William Hubbs <williamh@gentoo.org> (07 Aug 2016)
# Taking this mask since Mabi is retired
# Rafael Martins <rafaelmartins@gentoo.org> (04 Dec 2016)
# Adding Lua 5.3 to mask
app-eselect/eselect-lua
=dev-lang/lua-5.1.5-r2
=dev-lang/lua-5.1.5-r100
=dev-lang/lua-5.1.5-r101
=dev-lang/lua-5.2.3
=dev-lang/lua-5.2.3-r1
=dev-lang/lua-5.2.3-r2
=dev-lang/lua-5.3.3
=dev-lang/lua-5.3.3-r1

# Mike Gilbert <floppym@gentoo.org> (04 Mar 2014)
# Dev channel releases are only for people who are developers or want more
# experimental features and accept a more unstable release.
www-plugins/chrome-binary-plugins:unstable

# Justin Lecher <jlec@gentoo.org> (14 Oct 2013)
# Seems to break all deps - API change?
>=sci-libs/metis-5

# Sergey Popov <pinkbyte@gentoo.org> (18 Sep 2013)
# Mask development releases of botan:
# - causes many API breakages
# - do not compile in some USE-flag combinations
# - requires at least gcc 4.7(and possibly even 4.8 for some features)
>=dev-libs/botan-1.11.0

# Michael Weber <xmw@gentoo.org> (17 Jul 2013)
# Upstream next versions
>=sys-boot/raspberrypi-firmware-1_pre

# Richard Freeman <rich0@gentoo.org> (24 Mar 2013)
# Contains known buffer overflows.  Package generally works
# but should not be fed untrusted input (eg from strangers).
# Masked to ensure users are aware before they install.
app-text/cuneiform

# Samuli Suominen <ssuominen@gentoo.org> (06 Mar 2012)
# Masked for testing since this is known to break nearly
# every reverse dependency wrt bug 407091
>=dev-lang/lua-5.2.0

# Samuli Suominen <ssuominen@gentoo.org> (30 Oct 2011)
# Masked for security bug #294253, use only at your own risk!
=media-libs/fmod-3*

# Diego E. Pettenò <flameeyes@gentoo.org> (03 Jan 2009)
# These packages are not supposed to be merged directly, instead
# please use sys-devel/crossdev to install them.
dev-libs/cygwin
dev-util/mingw-runtime
dev-util/mingw64-runtime
dev-util/w32api
sys-libs/newlib
dev-embedded/avr-libc

# Chris Gianelloni <wolf31o2@gentoo.org> (03 Mar 2008)
# Masking due to security bug #194607 and security bug #204067
games-fps/doom3
games-fps/doom3-cdoom
games-fps/doom3-chextrek
games-fps/doom3-data
games-fps/doom3-demo
games-fps/doom3-ducttape
games-fps/doom3-eventhorizon
games-fps/doom3-hellcampaign
games-fps/doom3-inhell
games-fps/doom3-lms
games-fps/doom3-mitm
games-fps/doom3-roe
games-fps/quake4-bin
games-fps/quake4-data
games-fps/quake4-demo

# <klieber@gentoo.org> (01 Apr 2004)
# The following packages contain a remotely-exploitable
# security vulnerability and have been hard masked accordingly.
#
# Please see https://bugs.gentoo.org/show_bug.cgi?id=44351 for more info
#
games-fps/unreal-tournament-goty
games-fps/unreal-tournament-strikeforce
games-fps/unreal-tournament-bonuspacks
games-fps/aaut