path: root/profiles/package.mask

####################################################################
#
# When you add an entry to the top of this file, add your name, the date, and
# an explanation of why something is getting masked. Please be extremely
# careful not to commit atoms that are not valid, as it can cause large-scale
# breakage, especially if it ends up in the daily snapshot.
#
## Example:
##
## # Dev E. Loper <developer@gentoo.org> (28 Jun 2012)
## # Masking  these versions until we can get the
## # v4l stuff to work properly again
## =media-video/mplayer-0.90_pre5
## =media-video/mplayer-0.90_pre5-r1
#
# - Best last rites (removal) practices -
# Include the following info:
# a) reason for masking
# b) bug # for the removal (and yes you should have one)
# c) date of removal (either the date or "in x days")
#
## Example:
##
## # Dev E. Loper <developer@gentoo.org> (23 May 2015)
## # Masked for removal in 30 days.  Doesn't work
## # with new libfoo. Upstream dead, gtk-1, smells
## # funny. (bug #987654)
## app-misc/some-package

#--- END OF EXAMPLES ---

# Andreas Sturmlechner <asturm@gentoo.org> (10 May 2018)
# Depends on dead Qt4, dead upstream.
# Masked for removal in 30 days. Bug #640258
dev-util/valkyrie

# Andreas Sturmlechner <asturm@gentoo.org> (10 May 2018)
# Depends on dead Qt4, severely outdated, no one does the bump.
# Masked for removal in 30 days. Bugs #489190, #648666
media-gfx/ipe

# Andreas Sturmlechner <asturm@gentoo.org> (8 May 2018)
# Breaking consumers by internal header cleanup and removal of deprecated
# qt5_use_modules from Qt5CoreMacros.cmake. File bugs with fixes upstream
# and against the qt-5.11 tracker (bug #653646).
~dev-qt/assistant-5.11.0_rc
~dev-qt/designer-5.11.0_rc
~dev-qt/linguist-5.11.0_rc
~dev-qt/linguist-tools-5.11.0_rc
~dev-qt/pixeltool-5.11.0_rc
~dev-qt/qdbus-5.11.0_rc
~dev-qt/qdbusviewer-5.11.0_rc
~dev-qt/qdoc-5.11.0_rc
~dev-qt/qt3d-5.11.0_rc
~dev-qt/qtbluetooth-5.11.0_rc
~dev-qt/qtcharts-5.11.0_rc
~dev-qt/qtconcurrent-5.11.0_rc
~dev-qt/qtcore-5.11.0_rc
~dev-qt/qtdatavis3d-5.11.0_rc
~dev-qt/qtdbus-5.11.0_rc
~dev-qt/qtdeclarative-5.11.0_rc
~dev-qt/qtdiag-5.11.0_rc
~dev-qt/qtgraphicaleffects-5.11.0_rc
~dev-qt/qtgui-5.11.0_rc
~dev-qt/qthelp-5.11.0_rc
~dev-qt/qtimageformats-5.11.0_rc
~dev-qt/qtlocation-5.11.0_rc
~dev-qt/qtmultimedia-5.11.0_rc
~dev-qt/qtnetworkauth-5.11.0_rc
~dev-qt/qtnetwork-5.11.0_rc
~dev-qt/qtopengl-5.11.0_rc
~dev-qt/qtpaths-5.11.0_rc
~dev-qt/qtplugininfo-5.11.0_rc
~dev-qt/qtpositioning-5.11.0_rc
~dev-qt/qtprintsupport-5.11.0_rc
~dev-qt/qtquickcontrols2-5.11.0_rc
~dev-qt/qtquickcontrols-5.11.0_rc
~dev-qt/qtscript-5.11.0_rc
~dev-qt/qtscxml-5.11.0_rc
~dev-qt/qtsensors-5.11.0_rc
~dev-qt/qtserialbus-5.11.0_rc
~dev-qt/qtserialport-5.11.0_rc
~dev-qt/qtspeech-5.11.0_rc
~dev-qt/qtsql-5.11.0_rc
~dev-qt/qtsvg-5.11.0_rc
~dev-qt/qttest-5.11.0_rc
~dev-qt/qttranslations-5.11.0_rc
~dev-qt/qtvirtualkeyboard-5.11.0_rc
~dev-qt/qtwayland-5.11.0_rc
~dev-qt/qtwebchannel-5.11.0_rc
~dev-qt/qtwebengine-5.11.0_rc
~dev-qt/qtwebsockets-5.11.0_rc
~dev-qt/qtwebview-5.11.0_rc
~dev-qt/qtwidgets-5.11.0_rc
~dev-qt/qtx11extras-5.11.0_rc
~dev-qt/qtxmlpatterns-5.11.0_rc
~dev-qt/qtxml-5.11.0_rc

# Hans de Graaff <graaff@gentoo.org> (7 May 2018)
# Old slots that are ruby23-only and no longer maintained
# upstream, and that do not have packages depend on them.
# Migrate to newer slot of the same package.
dev-ruby/askismet:0
dev-ruby/arel:5.0
dev-ruby/autoprefixer-rails:6
dev-ruby/blankslate:2
dev-ruby/http:0.6
dev-ruby/jquery-ui-rails:4
dev-ruby/net-ssh:3
dev-ruby/sanitize:0
dev-ruby/twitter:5

# Maciej Mrozowski <reavertm@gentoo.org> (6 May 2018)
# SoQt does not build yet
>=media-libs/coin-4.0.0
>=media-libs/simage-1.7.1

# Mikle Kolyada <zlogene@gentoo.org> (4 May 2018)
# Upstream is dead, no maintainer, no longer updated.
# Masked for removal in 30 days
games-misc/fortune-mod-gentoo-ru

# Mike Gilbert <floppym@gentoo.org> (30 Apr 2018)
# Dev channel releases are only for people who are developers or want more
# experimental features and accept a more unstable release.
>=www-client/chromium-68

# Aaron Bauman <bman@gentoo.org> (30 Apr 2018)
# Masked for testing
=dev-libs/libressl-2.7*

# Mikle Kolyada <zlogene@gentoo.org> (27 Apr 2018)
# Upstream is dead, the site with the sources is down.
# There's no chance to get the sources (fetch restricted)
# Removal in 30 days (bug #642866)
app-emulation/armv8-fast-model

# Hans de Graaff <graaff@gentoo.org> (27 Apr 2018)
# No longer supported upstream. Use ruby23 instead.
# Masked for removal in 30 days. Bug #642258.
dev-lang/ruby:2.2
virtual/ruby
dev-ruby/tzinfo:0

# Andreas Sturmlechner <asturm@gentoo.org> (26 Apr 2018)
# Package version depends on Qt-5.10 that was/is/will not be in tree.
>=sci-misc/mendeleydesktop-1.18

# Michał Górny <mgorny@gentoo.org> (26 Apr 2018)
# Apparently redundant to built-in Python features.  Homepage gone
# without trace.  Last release in 2003.  No reverse dependencies.
# Removal in 30 days.  Bug #537720.
dev-python/iconvcodec

# Michał Górny <mgorny@gentoo.org> (26 Apr 2018)
# Does not work with any of the unmasked django versions.  Unmaintained.
# No reverse dependencies.  Removal in 30 days.  Bug #527176.
dev-python/django-evolution

# Michał Górny <mgorny@gentoo.org> (26 Apr 2018)
# Produces a lot of Pango warnings, then segfaults.  Unmaintained.
# No reverse dependencies.  Removal in 30 days.  Bug #526668.
dev-python/kiwi

# Michał Górny <mgorny@gentoo.org> (26 Apr 2018)
# Obsolete package used during some past GSoC development
# and unmaintained since.  All of its users have retired already.
# No reverse dependencies.  The ebuild runs test suite of CPython
# instead of its own.  Removal in 30 days.  Bug #526552.
dev-python/tdaemon

# Andreas Sturmlechner <asturm@gentoo.org> (26 Apr 2018)
# Depends on dead Qt4, no more revdeps. Masked for removal in 30 days.
dev-libs/qjson

# Michał Górny <mgorny@gentoo.org> (22 Apr 2018)
# Unmaintained buggy package with unresearched segfaults.  No support
# for Python 3.  No reverse dependencies.
# Removal in 30 days.  Bug #454680.
dev-python/simpleparse

# Matt Turner <mattst88@gentoo.org> (21 Apr 2018)
# Awful, unmaintained, unused. Removal in 30 days. Bug #651300.
x11-libs/xpyb

# Matt Turner <mattst88@gentoo.org> (21 Apr 2018)
# Protocol headers and client library for the long dead Xprint extension.
# Removal in 30 days. Bug #649076.
x11-proto/printproto
x11-libs/libXp

# Alexis Ballier <aballier@gentoo.org> (21 Apr 2018)
# Needs porting of revdeps
# See: https://bugs.gentoo.org/653678
>=media-video/ffmpeg-4.0

# Brian Evans <grknight@gentoo.org> (20 Apr 2018)
# Likely to break a lot of software
# Masked for initial testing
>=dev-db/mysql-connector-c++-8.0.0

# Lars Wendler <polynomial-c@gentoo.org> (18 Apr 2018)
# Breaks consumers most likely because of the following change:
#   * Add const to several classes and members
# See tracker bug #653464
>=app-text/poppler-0.64.0

# Jason Zaman <perfinion@gentoo.org> (08 Apr 2018)
# Dead upstream, for an old version of Xfce
# Masked for removal in 30 days.
xfce-extra/xfce-theme-manager

# Rick Farina <zerochaos@gentoo.org> (04 Apr 2018)
# Violates PMS and does not work with stable portage.
# Masked for removal in 60 days, lift mask if bug #650126 is fixed
sys-fs/aufs3
sys-fs/aufs4

# Michał Górny (03 Apr 2018)
# Starting with sys-apps/sandbox-2.13+, unloading is possible via
# disabling (SANDBOX_ON=0) + wiping LD_PRELOAD. This renders the tool
# obsolete. Removal in 30 days.
app-portage/unsandbox

# Matthias Maier <tamiko@gentoo.org> (3 Apr 2018)
# Remove old Intel C/C++/Fortran compiler ebuilds. These packages require
# to acquire a non-commercial license by Intel and download "Intel Parallel
# Studio" in ancient versions (3+ years old). Current versions (as of 2018)
# can be found in the ::science overlay.
#
# Corresponding eclass/intel-sdp eclass slated for removal as well.
#
# Masked for removal in 30 days.
<dev-lang/icc-18
<dev-lang/ifc-18
dev-lang/idb
<dev-libs/intel-common-18
<sci-libs/ipp-18
sci-chemistry/cyana

# Jeroen Roovers <jer@gentoo.org> (6 Apr 2018)
# Requires >=dev-libs/icu-61.1
# https://bugs.gentoo.org/651698
=net-libs/nodejs-9.11*

# Jeroen Roovers <jer@gentoo.org> (6 Apr 2018)
# Requires >=dev-libs/openssl-1.1.0
=net-libs/nodejs-10*

# Mart Raudsepp <leio@gentoo.org> (30 Mar 2018)
# GStreamer mp3 decoder plugin based on libmad is removed with gstreamer-1.12.
# media-plugins/gst-plugins-mpg123 is the suggested replacement.
# Masked for removal in 30 days. Bug 631128
media-plugins/gst-plugins-mad:1.0

# Lars Wendler <polynomial-c@gentoo.org> (27 Mar 2018)
# Breaks a couple of revdeps. See tracker bug at
# https://bugs.gentoo.org/651698
=dev-libs/icu-61.1
=dev-libs/icu-layoutex-61.1

# Tony Vroon <chainsaw@gentoo.org> (24 Mar 2018)
# This is a vulnerable version of Asterisk and should not be used except
# to troubleshoot a purported memory leak in the 11.25.3 release.
# Bug 629682.
=net-misc/asterisk-11.25.1

# Aaron W. Swenson <titanofold@gentoo.org> (22 Mar 2018)
# EOL. No longer receives bug or security fixes. Recommended to update
# to latest available.
# Removal in 30 days (21 Apr 2018). Bug 634028.
<dev-db/postgresql-9.3

# Michał Górny <mgorny@gentoo.org> (20 Mar 2018)
# Poorly tested version bump followed by a series of quick hacks
# that do not make it any more working. Bug #651030.
>=sys-devel/distcc-3.3

# Georgy Yakovlev <ya@sysdump.net> (13 Mar 2018)
# 1.x version is no longer maintained by upstream
# 2.x is in the tree and is better in almost every way
# Removal in 90 days. Bug #650464
=net-dns/dnscrypt-proxy-1.9.5-r1

# Sebastian Pipping <sping@gentoo.org> (11 Mar 2018)
# Breaks XFCE, 1.19.6 was fine (in that regard). Bug #650228
>=x11-base/xorg-server-1.19.7

# Tim Harder <radhermit@gentoo.org> (01 Mar 2018)
# Masked for testing.
>=dev-python/aiohttp-3

# Anthony G. Basile <blueness@gentoo.org> (25 Feb 2018)
# Upstream has been dead since 2012.  Migrate to uclibc-ng.
# See https://wiki.gentoo.org/wiki/Project:Hardened_uClibc
sys-libs/uclibc

# Mart Raudsepp <leio@gentoo.org> (23 Feb 2018)
# Old net-libs/webkit-gtk SLOTs have hundreds of known security issues.
# Use the security safe net-libs webkit-gtk SLOT=4 instead via
# libraries and applications ported to gtk3 and webkit2gtk API.
# Please keep this package.mask entry until at least 25th May 2018 for
# extra notification of the security vulnerabilities. Bug #577068.
net-libs/webkit-gtk:2
net-libs/webkit-gtk:3

# Eray Aslan <eras@gentoo.org> (08 Feb 2018)
# Mask experimental software
=mail-mta/postfix-3.4*

# Thomas Deutschmann <whissi@gentoo.org> (07 Feb 2018)
# Intel recommends to pull these versions because they could
# cause higher than expected reboots and other unpredictable
# system behavior. Bug #646646
=sys-firmware/intel-microcode-20171117_p20171215
=sys-firmware/intel-microcode-20171117_p20171215-r1
=sys-firmware/intel-microcode-20180108
=sys-firmware/intel-microcode-20180108-r1

# Patrice Clement <monsieurp@gentoo.org> (26 Jan 2018)
# Has different symbols. Known to cause issues with i3bar/swaybar.
media-fonts/fontawesome:0/5

# Eray Aslan <eras@gentoo.org> (22 Jan 2018)
# Vulnerable - see https://bugs.gentoo.org/630684
# Please migrate to cyrus-imapd-3.0 releases
=net-mail/cyrus-imapd-2.5*

# Patrice Clement <monsieurp@gentoo.org> (18 Jan 2018)
# mpv >= 0.28.0 requires currently masked ffmpeg >= 4.0.
>=media-video/mpv-0.28.0

# Richard Freeman <rich0@gentoo.org> (09 Jan 2018)
# Bug 644048 - temp QA mask until it can get sorted out
# Lars Wendler <polynomial-c@gentoo.org> (26 Feb 2018)
# See also tracker bug: https://bugs.gentoo.org/648864
~sys-apps/attr-2.4.48

# Lars Wendler <polynomial-c@gentoo.org> (10 Jan 2018)
# Mask followup bugfixes for =sys-apps/attr-2.4.48 as well until proper
# testing has been conducted.
=sys-apps/acl-2.2.52-r2

# Matthias Maier <tamiko@gentoo.org> (26 Dec 2017)
# gcc depends on mpfr and this version changes soname. Spare users with
# FEATURES=-preserve-libs from completely frying their system.
>=dev-libs/mpfr-4.0.0

# Thomas Beierlein <tomjbe@gentoo.org> (23 Dec 2017)
# To adapt to changed version naming by upstream
# (pcb-yyyymmdd to pcb-x.y.z) we move the ebuild to
# pcb-0_pyyyymmdd and mask >=pcb-20000000.
# Do not remove the mask until newer version gets stable
>=sci-electronics/pcb-20000000

# Andreas Sturmlechner <asturm@gentoo.org> (21 Dec 2017)
# Masked for testing
=dev-libs/libical-3.0.1

# James Le Cuirot <chewi@gentoo.org> (17 Dec 2017)
# Java 9 is not yet fully supported on Gentoo. Packages cannot depend
# on it so these virtuals are not yet required. If you wish to use
# Java 9 now then install oracle-(jdk|jre)-bin:9 directly.
virtual/jdk:9
virtual/jre:9

# Patrice Clement <monsieurp@gentoo.org> (12 Dec 2017)
# Masked due to a hard dependency on an ancient versions of dev-libs/msgpack
# (<0.6) that have been punted from the tree.
net-misc/cocaine-core

# Andreas Sturmlechner <asturm@gentoo.org> (03 Dec 2017)
# Depends on dead Qt4, upstream porting inquiry pending. Bug #631788
games-kids/crayon-physics

# Michał Górny <mgorny@gentoo.org> (25 Nov 2017)
# Testing branch GTK+3 release. Changes API, breaks xfce-base/xfdesktop.
# Masked until the latter sees a new release.
>=dev-python/thunarx-python-0.4.0
>=xfce-base/thunar-1.7
>=xfce-extra/thunar-archive-plugin-0.4.0
>=xfce-extra/thunar-media-tags-plugin-0.3.0
>=xfce-extra/thunar-shares-plugin-0.3.0

# Andreas Sturmlechner <asturm@gentoo.org> (16 Nov 2017)
# Depends on dead Qt4. Last-rites on hold for chance of Qt5-port. Bug #620702
<media-gfx/freecad-0.18

# Patrice Clement <monsieurp@gentoo.org> (28 Oct 2017)
# Missing dependencies.
>=dev-python/scrapy-1.4.0

# Andreas K. Hüttel <dilfridge@gentoo.org> (22 Oct 2017)
# Broken with recent Perl (5.26) and not used by anything
# in the Gentoo repository. Please uninstall.
sys-devel/autoconf:2.59
sys-devel/autoconf:2.61
sys-devel/autoconf:2.62
sys-devel/autoconf:2.63
sys-devel/autoconf:2.65
sys-devel/autoconf:2.67
sys-devel/autoconf:2.68

# Andreas K. Hüttel <dilfridge@gentoo.org> (18 Oct 2017)
# sys-devel/automake versions 1.4, 1.5, 1.6, 1.7, 1.8
# have known security vulnerabilities, are broken with
# recent Perl (>=5.26.0), and are not used by anything in
# the Gentoo repository. Please uninstall.
sys-devel/automake:1.4
sys-devel/automake:1.5
sys-devel/automake:1.6
sys-devel/automake:1.7
sys-devel/automake:1.8

# Kent Fredric <kentnl@gentoo.org> (11 Oct 2017)
# This package should now be provided entirely by dev-lang/perl,
# stable perl 5.24 provides Unicode-Collate-1.140.0
# testing perl 5.26 provides Unicode-Collate-1.190.0
# This should only be unmasked if you're locking to perl-5.24 and need
# a newer version of virtual/perl-Unicode-Collate
# If you're upgrading to perl-5.26, please do:
#   emerge -C perl-core/Unicode-Collate
# See bug #634040
<perl-core/Unicode-Collate-1.190.0-r99

# Patrice Clement <monsieurp@gentoo.org> (01 Oct 2017)
# Mask Atom betas for testing.
app-editors/atom:beta

# Patrice Clement <monsieurp@gentoo.org> (09 Sep 2017)
# Python 3 port is almost complete with version 0.6.0. Users might run into
# minor bumps here and there which is why the mask is still in place for the
# time being.
>=dev-java/javatoolkit-0.6.0

# Gilles Dartiguelongue <eva@gentoo.org> (04 Sep 2017)
# Incompatible changes in API in Enchant 2. Bug #629838.
>=app-text/enchant-2

# Gilles Dartiguelongue <eva@gentoo.org> (2 Sep 1017)
# Gnome 3.26 package mask
>=app-text/libgepub-0.5

# Anthony G. Basile <blueness@gentoo.org> (27 Aug 2017)
# Upstream is no longer providing public patches
sys-kernel/hardened-sources

# Patrice Clement <monsieurp@gentoo.org> (23 Aug 2017)
# Packages depending on this library need to be tested first before
# it is unmasked. Possibly some slotting is still needed.
# Package testing tracked in bug #611022.
>=dev-libs/msgpack-1.4.2

# Sébastien Fabbro <bicatali@gentoo.org> (19 Aug 2017)
# ipython-6 is python-3 only and causes circular dependencies
# Unset python_targets_python2_7 for ipykernel and ipyparallel if needed.
>=dev-python/ipython-6

# Mats Lidell <matsl@gentoo.org> (17 Aug 2017)
# Masked ede and all its dependencies due to security reasons.
# bug #398241
app-xemacs/ede
app-xemacs/semantic
app-xemacs/jde
app-xemacs/xslt-process
app-xemacs/xetla
app-xemacs/cogre
app-xemacs/ecb
app-xemacs/xemacs-packages-all

# Kent Fredric <kentnl@gentoo.org> (21 Jul 2017)
# Masked due to serious regression that introduces widespread data
# corruption when storing data in blobs. Masked, because any code
# that is written to use this version is now dependent on this version
# and older versions will corrupt your code instead.
# However, any existing packages should not use this version.
# See: https://github.com/perl5-dbi/DBD-mysql/issues/117
=dev-perl/DBD-mysql-4.42.0

# Ian Stakenvicius <axs@gentoo.org> (19 Jul 2017)
# Mask spidermonkey:52 as it is a self-rolled release, no official
# release has been rolled.  Is only committed to support development
# versions of gjs.  Will unmask when gnome-3.26 is ready for testing
# or when upstream releases an official tarball.
dev-lang/spidermonkey:52
# Lars Wendler <polynomial-c@gentoo.org> (09 May 2018)
# Depends on masked spidermonkey:52.
# Please remove both masks together.
>=sys-auth/polkit-0.114

# Nicolas Bock <nicolasbock@gentoo.org> (17 Jul 2017)
# Keep shotwell development series masked.
>=media-gfx/shotwell-0.29

# Nicolas Bock <nicolasbock@gentoo.org> (31 Oct 2017)
# There are multiple unresolved upstream issues with >=jabref-bin-4.0 (#636036).
# If you still would like to use this version, please report any issues to
# upstream.
>=app-text/jabref-bin-4.0

# Pacho Ramos <pacho@gentoo.org> (14 Jul 2017)
# Randomly broken due to sys-devel/binutils-config bug (#584296).
# Unmask when it is finally fixed, so people can build the package.
dev-util/mutrace

# Hans de Graaff <graaff@gentoo.org> (05 Jun 2017)
# Bundles obsolete and vulnerable webkit version.
# Upstream has stopped development and recommends using
# headless mode in >=www-client/chromium-59.
# Masked for removal in 90 days. Bug #589994.
www-client/phantomjs
dev-ruby/poltergeist

# Thomas Deutschmann <whissi@gentoo.org> (24 May 2017)
# Broken runscript/changed behavior causing lvm2 to fail
# on boot. Bug #617578
>=sys-fs/lvm2-2.02.171

# Michał Górny <mgorny@gentoo.org> (22 May 2017)
# for Maciej S. Szmigiero <mail@maciej.szmigiero.name>
# Any version above 5.100.138 breaks b43 driver in various ways.
# Also, b43 wiki page says to use 5.100.138. Bug #541080.
>=sys-firmware/b43-firmware-6.30.163.46

# Michał Górny <mgorny@gentoo.org>, Andreas K. Hüttel <dilfridge@gentoo.org>,
# Matthias Maier <tamiko@gentoo.org> (21 May 2017)
# These old versions of toolchain packages (binutils, gcc, glibc) are no
# longer officially supported and are not suitable for general use. Using
# these packages can result in build failures (and possible breakage) for
# many packages, and may leave your system vulnerable to known security
# exploits.
# If you still use one of these old toolchain packages, please upgrade (and
# switch the compiler / the binutils) ASAP. If you need them for a specific
# (isolated) use case, feel free to unmask them on your system.
# (updated 27 Dec 2017 with gcc < 5.4)
<sys-devel/gcc-5.4
<sys-libs/glibc-2.25-r9
<sys-devel/binutils-2.29.1-r1

# Michał Górny <mgorny@gentoo.org> (20 May 2017)
# Old versions of CUDA and their reverse dependencies. They do not
# support GCC 5+, and are really old.
# (updated 27 Dec 2017 with cuda < 8 because of gcc < 5 mask)
<dev-python/pycuda-2016
<dev-util/nvidia-cuda-sdk-8
<dev-util/nvidia-cuda-toolkit-8
net-wireless/cpyrit-cuda

# Bernard Cafarelli <voyageur@gentoo.org> (8 May 2017)
# Coordinated conversion to wxGTK:3.0-gtk3
# Drop mask after migration of existing wxGTK:3.0 users
=net-ftp/filezilla-3.31.0-r300
=net-ftp/filezilla-3.33.0-r300
=dev-util/codeblocks-17.12-r300

# Mart Raudsepp <leio@gentoo.org> (16 Feb 2017)
# Old gstreamer 0.10 version, which is security vulnerable.
# Use gstreamer:1.0 with media-plugins/gst-plugins-libav
# instead (despite the name, it uses media-video/ffmpeg too).
# Please keep this mask entry until gstreamer:0.10 is still
# in tree or at least gets an affecting GLSA from bug 601354
# Bug #594878.
media-plugins/gst-plugins-ffmpeg

# Kent Fredric <kentnl@gentoo.org> (04 Feb 2017)
# Unsecure versions that have been only restored to tree
# to resolve compatibility problems with mail-filter/amavisd-new
# Use with caution due to these being removed for CVE-2016-1251
# Bug: #601144
# Bug: #604678
<dev-perl/DBD-mysql-4.41.0

# Alon Bar-Lev <alonbl@gentoo.org> (06 Feb 2017)
# Needs openssl-1.1
>=dev-libs/opencryptoki-3.6

# Bernard Cafarelli <voyageur@gentoo.org> (30 Jan 2017)
# Alpha release with new features, masked for testing
=app-text/tesseract-4.00.00_alpha*

# Jeroen Roovers <jer@gentoo.org> (12 Jan 2017)
# Use x11-drivers/nvidia-drivers[tools] instead.
media-video/nvidia-settings

# Michael Orlitzky <mjo@gentoo.org> (07 Jan 2017)
# This package has some dangerous quality and security issues, but
# people may still find it useful. It is masked to prevent accidental
# use. See bugs 603346 and 604998 for more information.
app-admin/amazon-ec2-init

# Robin H. Johnson <robbat2@gentoo.org> (05 Jan 2017)
# Masking for testing
=app-emulation/ganeti-2.16*
=app-emulation/ganeti-2.17*

# Michał Górny <mgorny@gentoo.org> (17 Nov 2016)
# New version masked for testing. It supports source-window buffer size
# over 2G but it 'currently performs 3-5% slower and has 1-2% worse
# compression'.
>=dev-util/xdelta-3.1.0

# Tim Harder <radhermit@gentoo.org> (03 Nov 2016)
# Masked for testing
=sys-fs/fuse-3*
=net-fs/sshfs-3*

# Denis Dupeyron <calchan@gentoo.org> (12 Sep 2016)
# Masked for testing, see bug #588894.
=x11-misc/light-locker-1.7.0-r1

# Lars Wendler <polynomial-c@gentoo.org> (26 Aug 2016)
# Masked while being tested and reverse deps aren't fully compatible
=dev-libs/openssl-1.1*

# James Le Cuirot <chewi@gentoo.org> (03 Apr 2016)
# Masking Spring Framework for the time being as 3.2.4 is old, has
# multiple vulnerabilities, and we're not likely to update it
# soon. Hopefully we can revisit it when the Maven stuff works out.
dev-java/spring-aop
dev-java/spring-beans
dev-java/spring-core
dev-java/spring-expression
dev-java/spring-instrument

# Andreas K. Hüttel <dilfridge@gentoo.org> (03 Apr 2016)
# Can exhaust all available memory depending on task
# but is made available for experts who heed this warning
# as newer versions produce different output. Contact
# the proxied maintainer Matthew Brewer <tomboy64@sina.cn>
# for questions.
<=media-gfx/slic3r-1.1.9999

# James Le Cuirot <chewi@gentoo.org> (07 Feb 2016)
# Masked until 2.0 final arrives, which hopefully won't depend on
# commons-dbcp:0 as that requires Java 6. Note that the 2.0 in the
# tree should have actually been 2.0_beta1. There are no revdeps.
dev-java/jcs

# Andrey Grozin <grozin@gentoo.org> (04 Jan 2016)
# Needs a bump and substantial ebuild rewrite
=sci-mathematics/reduce-20110414-r1

# Michał Górny <mgorny@gentoo.org> (30 Oct 2015)
# Uses unsafe ioctls that could result in data corruption. Upstream
# is working on replacing them in the wip/dedup-syscall branch.
# Keep it masked until they are done. sys-fs/duperemove is
# the suggested replacement for the meantime.
sys-fs/bedup

# Lars Wendler <polynomial-c@gentoo.org> (20 Aug 2015)
# Releases are not from original upstream but from a fork.
# Masked as requested by vapier.
~net-misc/iputils-20160308
~net-misc/iputils-20161105

# Justin Lecher <jlec@gentoo.org> (28 Feb 2015)
# Unfixed security problems
# No upstream support anymore
# CVE-2015-{0219,0220,0221,0222,5145}
# CVE-2016-{9013,9014},CVE-2017-{7233,7234}
# #536586
# #554864
=dev-python/django-1.4*
=dev-python/django-1.5*
=dev-python/django-1.6*
=dev-python/django-1.7*
=dev-python/django-1.9*

# Robin H. Johnson <robbat2@gentoo.org> (04 Aug 2014)
# Masked for testing, presently fails upstream testsuite:
# FAIL:07:02:35 (00:00:00) db_dump/db_load(./TESTDIR.3/recd001.db:child killed: kill signal): expected 0, got 1
# FAIL:07:02:35 (00:00:00) Dump/load of ./TESTDIR.3/recd001.db failed.
# FAIL:07:02:35 (00:00:00) db_verify_preop: expected 0, got 1
=sys-libs/db-6.1*
=sys-libs/db-6.2*

# Ulrich Müller <ulm@gentoo.org> (15 Jul 2014)
# Permanently mask sys-libs/lib-compat and its reverse dependencies,
# pending multiple security vulnerabilities and QA issues.
# See bugs #515926 and #510960.
sys-libs/lib-compat
sys-libs/lib-compat-loki
games-action/mutantstorm-demo
games-action/phobiaii
games-fps/rtcw
games-fps/unreal
games-strategy/heroes3
games-strategy/heroes3-demo
games-strategy/smac

# Mikle Kolyada <zlogene@gentoo.org> (27 Jun 2014)
# Masked for proper testing. (Major updates in the code).
~dev-perl/PortageXS-0.2.12

# Matti Bickel <mabi@gentoo.org> (22 Apr 2014)
# Masked slotted lua for testing
# William Hubbs <williamh@gentoo.org> (07 Aug 2016)
# Taking this mask since Mabi is retired
# Rafael Martins <rafaelmartins@gentoo.org> (04 Dec 2016)
# Adding Lua 5.3 to mask
app-eselect/eselect-lua
=dev-lang/lua-5.1.5-r100
=dev-lang/lua-5.1.5-r101
=dev-lang/lua-5.2.3
=dev-lang/lua-5.2.3-r1
=dev-lang/lua-5.2.3-r2
=dev-lang/lua-5.3.3
=dev-lang/lua-5.3.3-r1

# Samuli Suominen <ssuominen@gentoo.org> (06 Mar 2012)
# Masked for testing since this is known to break nearly
# every reverse dependency wrt bug 407091
>=dev-lang/lua-5.2.0

# Mike Gilbert <floppym@gentoo.org> (04 Mar 2014)
# Dev channel releases are only for people who are developers or want more
# experimental features and accept a more unstable release.
www-plugins/chrome-binary-plugins:unstable

# Justin Lecher <jlec@gentoo.org> (14 Oct 2013)
# Seems to break all deps - API change?
>=sci-libs/metis-5

# Michael Weber <xmw@gentoo.org> (17 Jul 2013)
# Upstream next versions
>=sys-boot/raspberrypi-firmware-1_pre

# Richard Freeman <rich0@gentoo.org> (24 Mar 2013)
# Contains known buffer overflows.  Package generally works
# but should not be fed untrusted input (eg from strangers).
# Masked to ensure users are aware before they install.
app-text/cuneiform

# Diego E. Pettenò <flameeyes@gentoo.org> (03 Jan 2009)
# These packages are not supposed to be merged directly, instead
# please use sys-devel/crossdev to install them.
dev-libs/cygwin
dev-util/mingw-runtime
dev-util/mingw64-runtime
dev-util/w32api
sys-libs/newlib
dev-embedded/avr-libc

# Chris Gianelloni <wolf31o2@gentoo.org> (03 Mar 2008)
# Masking due to security bug #194607 and security bug #204067
games-fps/doom3
games-fps/doom3-cdoom
games-fps/doom3-chextrek
games-fps/doom3-data
games-fps/doom3-demo
games-fps/doom3-ducttape
games-fps/doom3-eventhorizon
games-fps/doom3-hellcampaign
games-fps/doom3-inhell
games-fps/doom3-lms
games-fps/doom3-mitm
games-fps/doom3-roe
games-fps/quake4-bin
games-fps/quake4-data
games-fps/quake4-demo

# <klieber@gentoo.org> (01 Apr 2004)
# The following packages contain a remotely-exploitable
# security vulnerability and have been hard masked accordingly.
#
# Please see https://bugs.gentoo.org/show_bug.cgi?id=44351 for more info
#
games-fps/unreal-tournament-goty
games-fps/unreal-tournament-strikeforce
games-fps/unreal-tournament-bonuspacks
games-fps/aaut