#################################################################### # # When you add an entry to the top of this file, add your name, the date, and # an explanation of why something is getting masked. Please be extremely # careful not to commit atoms that are not valid, as it can cause large-scale # breakage, especially if it ends up in the daily snapshot. # ## Example: ## ## # Dev E. Loper (28 Jun 2012) ## # Masking these versions until we can get the ## # v4l stuff to work properly again ## =media-video/mplayer-0.90_pre5 ## =media-video/mplayer-0.90_pre5-r1 # # - Best last rites (removal) practices - # Include the following info: # a) reason for masking # b) bug # for the removal (and yes you should have one) # c) date of removal (either the date or "in x days") # ## Example: ## ## # Dev E. Loper (23 May 2015) ## # Masked for removal in 30 days. Doesn't work ## # with new libfoo. Upstream dead, gtk-1, smells ## # funny. (bug #987654) ## app-misc/some-package #--- END OF EXAMPLES --- # Virgil Dupras (23 Aug 2018) # Vulnerable and can't be removed yet because of alpha. Bug #664346 (20 Aug 2018) # Requires >=dev-libs/openssl-1.1.0 >=net-misc/nextcloud-client-2.5.0_beta1 # Michael Orlitzky (16 Aug 2018) # Obsolete! Use net-analyzer/nagios-icinga-openvpn instead. # Will be removed in 30 days (bug 663774). net-analyzer/nagios-check_openvpn-simple # Sergey Popov (16 Aug 2018) # Upstream is dead, no consumers in tree # Masked for removal in 30 days dev-python/pyfire # Bernard Cafarelli (13 Aug 2018) # Beta release with new features, masked for testing =app-text/tesseract-4.0.0_beta* # Virgil Dupras (12 Aug 2018) # django-pipeline hasn't been maintained and has been broken for a while. # No revdep. Removal in 30 days. Bug #649838 dev-python/django-pipeline # Ulrich Müller (07 Aug 2018) # Fails to build with emacs-26.1. Last release in 2003, last commit # to upstream CVS in 2010. Masked for removal in 30 days. Bug #663030. app-emacs/cmail # Thomas Deutschmann (05 Aug 2018) # Deprecated. Using recent microcodes with this package either won't work # or crash your system. Please change your setup and make use of kernel's # early microcode loading feature, see https://wiki.gentoo.org/wiki/Microcode # for more details. Removal in 30 days. sys-apps/microcode-ctl # Mike Gilbert (04 Aug 2018) # Dev channel releases are only for people who are developers or want more # experimental features and accept a more unstable release. >=www-client/chromium-70 # Virgil Dupras (02 Aug 2018) # Django 1.8 is unsupported and insecure. These packages haven't been updated # to work with up-to-date django. Removal in 30 days. Bug #662632 (01 Aug 2018) # Multiprocessing versions of gemato. They are known to hang on some # users, so let's keep them masked until somebody figures out what's # wrong. Bug #647964. ~app-portage/gemato-14.0m ~app-portage/gemato-9999m # Joonas Niilola (31 Jul 2018) # Old and obsolete. Merged into one EFL package since 1.18 release. # Removal in ~30 days. Bug #662510 =dev-libs/efl-1.17.0-r1 media-libs/elementary media-plugins/emotion_generic_players media-plugins/evas_generic_loaders x11-themes/ethemes # Mart Raudsepp (16 Jul 2018) # Parallel-installable old versions with no remaining consumers # in main tree. Use applications ported to wxGTK:3.0 and # wxpython:3.0 instead. # Please keep this package.mask entry until at least 16th Oct 2018 # for extra notification of the unmerge need. Bug #661284 x11-libs/wxGTK:2.8 dev-python/wxpython:2.8 # Kent Fredric (10 Jul 2018) # Perl 5.28 Staging block =dev-lang/perl-5.28.0 =virtual/perl-Attribute-Handlers-1.10.0 =virtual/perl-B-Debug-1.260.0 =virtual/perl-CPAN-2.200.0 =virtual/perl-Carp-1.500.0 =virtual/perl-Compress-Raw-Zlib-2.76.0 =virtual/perl-Data-Dumper-2.170.0 =virtual/perl-Devel-PPPort-3.400.0 =virtual/perl-Digest-SHA-6.10.0 =virtual/perl-Encode-2.970.0 =virtual/perl-Exporter-5.730.0 =virtual/perl-ExtUtils-CBuilder-0.280.230 =virtual/perl-ExtUtils-Constant-0.250.0 =virtual/perl-ExtUtils-Install-2.140.0 =virtual/perl-ExtUtils-MakeMaker-7.340.0 =virtual/perl-ExtUtils-ParseXS-3.390.0 =virtual/perl-File-Path-2.150.0 =virtual/perl-File-Spec-3.740.0 =virtual/perl-Filter-Simple-0.950.0 =virtual/perl-Getopt-Long-2.500.0 =virtual/perl-I18N-LangTags-0.430.0 =virtual/perl-IO-Socket-IP-0.390.0 =virtual/perl-IO-1.390.0 =virtual/perl-IPC-Cmd-1.0.0 =virtual/perl-JSON-PP-2.970.10 =virtual/perl-Locale-Maketext-1.290.0 =virtual/perl-Math-BigInt-FastCalc-0.500.600 =virtual/perl-Math-BigInt-1.999.811 =virtual/perl-Math-BigRat-0.261.300 =virtual/perl-Net-Ping-2.620.0 =virtual/perl-Scalar-List-Utils-1.500.0 =virtual/perl-Socket-2.27.0 =virtual/perl-Storable-3.80.0 =virtual/perl-Test-Harness-3.420.0 =virtual/perl-Test-Simple-1.302.133 =virtual/perl-Test-1.310.0 =virtual/perl-Time-HiRes-1.975.900 =virtual/perl-Time-Piece-1.320.400 =virtual/perl-Unicode-Collate-1.250.0 =virtual/perl-Unicode-Normalize-1.260.0 =virtual/perl-XSLoader-0.300.0 =virtual/perl-bignum-0.490.0 =virtual/perl-if-0.60.800 =virtual/perl-libnet-3.110.0 =virtual/perl-podlators-4.100.0 =virtual/perl-threads-shared-1.580.0 =virtual/perl-threads-2.220.0 =virtual/perl-version-0.992.300 # Brian Dolbec (4 July 2018) # No longer needed, newer gpg-2 versions have simple cli options # for generating new keys and doing key maintenance. Removal in a month app-crypt/gkeys-gen # Thomas Deutschmann (23 Jun 2018) # Doesn't pass QA full boot test =sys-kernel/ck-sources-4.16.17 # Michał Górny (20 Jun 2018) # Multiple serious bugs. Upstream does not support Gentoo, and getting # any fixes applied is very difficult. Regularly fails to build. # Does not support modern EAPIs, Manifests, news items... Most severe # issues are tracked in bug #658278. Somebody really needs to step up # and start actively maintaining it. Otherwise -- removal in 90 days. sys-apps/paludis # Pacho Ramos (17 Jun 2018) # Dead since 2013, not compatible with latest profiles (#642568). Removal in # a month net-vpn/miredo # Mart Raudsepp (16 Jun 2018) # No upstream (website disappeared), no upstream plugin maintainer, # and pretty much a fringe format anyway. # Please keep this package.mask entry until at least 16th Sep 2018 for # extra notification of the deprecation and replacement. Bug #658194 media-plugins/gst-plugins-schroedinger # Brian Evans (14 Jun 2018) # Mask new php pre-releases for initial testing dev-lang/php:7.3 virtual/httpd-php:7.3 # Mike Pagano (30 May 2018) # Masking due to bad commit in the networking stack. =sys-kernel/gentoo-sources-4.14.46 =sys-kernel/gentoo-sources-4.9.104 =sys-kernel/gentoo-sources-4.4.134 =sys-kernel/vanilla-sources-4.14.46 =sys-kernel/vanilla-sources-4.9.104 =sys-kernel/vanilla-sources-4.4.134 # Kent Fredric (27 May 2018) # Subject to Man-in-the-middle security bypass vulnerability. # Retained in tree only for users who need older versions # for compatibility reasons. # Bug: #623942 (25 May 2018) # New package. Needs to interact with media-libs/mesa and # x11-drivers/nvidia-drivers. Work in progress. media-libs/libglvnd # Maciej Mrozowski (6 May 2018) # SoQt does not build yet >=media-libs/coin-4.0.0 >=media-libs/simage-1.7.1 # Aaron Bauman (30 Apr 2018) # Masked for testing =dev-libs/libressl-2.7* =dev-libs/libressl-2.8* # Alexis Ballier (21 Apr 2018) # Needs porting of revdeps # See: https://bugs.gentoo.org/653678 >=media-video/ffmpeg-4.0 # Brian Evans (20 Apr 2018) # Likely to break a lot of software # Masked for initial testing >=dev-db/mysql-connector-c++-8.0.0 # Jeroen Roovers (6 Apr 2018) # Requires >=dev-libs/icu-61.1 # https://bugs.gentoo.org/651698 =net-libs/nodejs-9.11* # Jeroen Roovers (6 Apr 2018) # Requires >=dev-libs/openssl-1.1.0 =net-libs/nodejs-10* # Lars Wendler (27 Mar 2018) # Breaks a couple of revdeps. See tracker bug at # https://bugs.gentoo.org/651698 >=dev-libs/icu-61.1 >=dev-libs/icu-layoutex-61.1 # Tony Vroon (24 Mar 2018) # This is a vulnerable version of Asterisk and should not be used except # to troubleshoot a purported memory leak in the 11.25.3 release. # Bug 629682. =net-misc/asterisk-11.25.1 # Aaron W. Swenson (22 Mar 2018) # EOL. No longer receives bug or security fixes. Recommended to update # to latest available. # Removal in 30 days (21 Apr 2018). Bug 634028. (20 Mar 2018) # Poorly tested version bump followed by a series of quick hacks # that do not make it any more working. Bug #651030. >=sys-devel/distcc-3.3 # Tim Harder (01 Mar 2018) # Masked for testing. >=dev-python/aiohttp-3 # Anthony G. Basile (25 Feb 2018) # Upstream has been dead since 2012. Migrate to uclibc-ng. # See https://wiki.gentoo.org/wiki/Project:Hardened_uClibc sys-libs/uclibc # Eray Aslan (08 Feb 2018) # Mask experimental software =mail-mta/postfix-3.4* # Eray Aslan (22 Jan 2018) # Vulnerable - see https://bugs.gentoo.org/630684 # Please migrate to cyrus-imapd-3.0 releases =net-mail/cyrus-imapd-2.5* # Patrice Clement (18 Jan 2018) # mpv >= 0.28.0 requires currently masked ffmpeg >= 4.0. >=media-video/mpv-0.28.0 # Thomas Beierlein (23 Dec 2017) # To adapt to changed version naming by upstream # (pcb-yyyymmdd to pcb-x.y.z) we move the ebuild to # pcb-0_pyyyymmdd and mask >=pcb-20000000. # Do not remove the mask until newer version gets stable >=sci-electronics/pcb-20000000 # James Le Cuirot (17 Dec 2017) # Java 9 is not yet fully supported on Gentoo. Packages cannot depend # on it so these virtuals are not yet required. If you wish to use # Java 9 now then install oracle-(jdk|jre)-bin:9 directly. virtual/jdk:9 virtual/jre:9 # Patrice Clement (12 Dec 2017) # Masked due to a hard dependency on an ancient versions of dev-libs/msgpack # (<0.6) that have been punted from the tree. net-misc/cocaine-core # Patrice Clement (28 Oct 2017) # Missing dependencies. >=dev-python/scrapy-1.4.0 # Andreas K. Hüttel (22 Oct 2017) # Broken with recent Perl (5.26) and not used by anything # in the Gentoo repository. Please uninstall. sys-devel/autoconf:2.59 sys-devel/autoconf:2.61 sys-devel/autoconf:2.62 sys-devel/autoconf:2.63 sys-devel/autoconf:2.65 sys-devel/autoconf:2.67 sys-devel/autoconf:2.68 # Andreas K. Hüttel (18 Oct 2017) # sys-devel/automake versions 1.4, 1.5, 1.6, 1.7, 1.8 # have known security vulnerabilities, are broken with # recent Perl (>=5.26.0), and are not used by anything in # the Gentoo repository. Please uninstall. sys-devel/automake:1.4 sys-devel/automake:1.5 sys-devel/automake:1.6 sys-devel/automake:1.7 sys-devel/automake:1.8 # Kent Fredric (11 Oct 2017) # This package should now be provided entirely by dev-lang/perl, # stable perl 5.24 provides Unicode-Collate-1.140.0 # testing perl 5.26 provides Unicode-Collate-1.190.0 # This should only be unmasked if you're locking to perl-5.24 and need # a newer version of virtual/perl-Unicode-Collate # If you're upgrading to perl-5.26, please do: # emerge -C perl-core/Unicode-Collate # See bug #634040 (01 Oct 2017) # Mask Atom betas for testing. app-editors/atom:beta # Patrice Clement (09 Sep 2017) # Python 3 port is almost complete with version 0.6.0. Users might run into # minor bumps here and there which is why the mask is still in place for the # time being. >=dev-java/javatoolkit-0.6.0 # Gilles Dartiguelongue (04 Sep 2017) # Incompatible changes in API in Enchant 2. Bug #629838. >=app-text/enchant-2 # Gilles Dartiguelongue (2 Sep 1017) # Gnome 3.26 package mask >=app-text/libgepub-0.5 # Anthony G. Basile (27 Aug 2017) # Upstream is no longer providing public patches sys-kernel/hardened-sources # Patrice Clement (23 Aug 2017) # Packages depending on this library need to be tested first before # it is unmasked. Possibly some slotting is still needed. # Package testing tracked in bug #611022. >=dev-libs/msgpack-1.4.2 # Sébastien Fabbro (19 Aug 2017) # ipython-6 is python-3 only and causes circular dependencies # Unset python_targets_python2_7 for ipykernel and ipyparallel if needed. >=dev-python/ipython-6 # Mats Lidell (17 Aug 2017) # Masked ede and all its dependencies due to security reasons. # bug #398241 <=app-xemacs/ede-1.03-r1 <=app-xemacs/semantic-1.21 <=app-xemacs/jde-1.52 <=app-xemacs/xslt-process-1.12 <=app-xemacs/xetla-1.02 <=app-xemacs/cogre-1.02 <=app-xemacs/ecb-1.22 <=app-xemacs/xemacs-packages-all-2010.07.29 # Kent Fredric (21 Jul 2017) # Masked due to serious regression that introduces widespread data # corruption when storing data in blobs. Masked, because any code # that is written to use this version is now dependent on this version # and older versions will corrupt your code instead. # However, any existing packages should not use this version. # See: https://github.com/perl5-dbi/DBD-mysql/issues/117 =dev-perl/DBD-mysql-4.42.0 # Nicolas Bock (17 Jul 2017) # Keep shotwell development series masked. >=media-gfx/shotwell-0.29 # Nicolas Bock (31 Oct 2017) # There are multiple unresolved upstream issues with >=jabref-bin-4.0 (#636036). # If you still would like to use this version, please report any issues to # upstream. >=app-text/jabref-bin-4.0 # Pacho Ramos (14 Jul 2017) # Randomly broken due to sys-devel/binutils-config bug (#584296). # Unmask when it is finally fixed, so people can build the package. dev-util/mutrace # Hans de Graaff (05 Jun 2017) # Bundles obsolete and vulnerable webkit version. # Upstream has stopped development and recommends using # headless mode in >=www-client/chromium-59. # Masked for removal in 90 days. Bug #589994. www-client/phantomjs dev-ruby/poltergeist # Michał Górny (22 May 2017) # for Maciej S. Szmigiero # Any version above 5.100.138 breaks b43 driver in various ways. # Also, b43 wiki page says to use 5.100.138. Bug #541080. >=sys-firmware/b43-firmware-6.30.163.46 # Michał Górny , Andreas K. Hüttel , # Matthias Maier (21 May 2017) # These old versions of toolchain packages (binutils, gcc, glibc) are no # longer officially supported and are not suitable for general use. Using # these packages can result in build failures (and possible breakage) for # many packages, and may leave your system vulnerable to known security # exploits. # If you still use one of these old toolchain packages, please upgrade (and # switch the compiler / the binutils) ASAP. If you need them for a specific # (isolated) use case, feel free to unmask them on your system. # (updated 27 Dec 2017 with gcc < 5.4) (20 May 2017) # Old versions of CUDA and their reverse dependencies. They do not # support GCC 5+, and are really old. # (updated 27 Dec 2017 with cuda < 8 because of gcc < 5 mask) (16 Feb 2017) # Old gstreamer 0.10 version, which is security vulnerable. # Use gstreamer:1.0 with media-plugins/gst-plugins-libav # instead (despite the name, it uses media-video/ffmpeg too). # Please keep this mask entry until gstreamer:0.10 is still # in tree or at least gets an affecting GLSA from bug 601354 # Bug #594878. media-plugins/gst-plugins-ffmpeg # Kent Fredric (04 Feb 2017) # Unsecure versions that have been only restored to tree # to resolve compatibility problems with mail-filter/amavisd-new # Use with caution due to these being removed for CVE-2016-1251 # Bug: #601144 # Bug: #604678 (06 Feb 2017) # Needs openssl-1.1 >=dev-libs/opencryptoki-3.6 # Jeroen Roovers (12 Jan 2017) # Use x11-drivers/nvidia-drivers[tools] instead. media-video/nvidia-settings # Michael Orlitzky (07 Jan 2017) # This package has some dangerous quality and security issues, but # people may still find it useful. It is masked to prevent accidental # use. See bugs 603346 and 604998 for more information. app-admin/amazon-ec2-init # Robin H. Johnson (05 Jan 2017) # Masking for testing =app-emulation/ganeti-2.16* =app-emulation/ganeti-2.17* # Michał Górny (17 Nov 2016) # New version masked for testing. It supports source-window buffer size # over 2G but it 'currently performs 3-5% slower and has 1-2% worse # compression'. >=dev-util/xdelta-3.1.0 # Tim Harder (03 Nov 2016) # Masked for testing =sys-fs/fuse-3* =net-fs/sshfs-3* # Denis Dupeyron (12 Sep 2016) # Masked for testing, see bug #588894. =x11-misc/light-locker-1.7.0-r1 # Lars Wendler (26 Aug 2016) # Masked while being tested and reverse deps aren't fully compatible =dev-libs/openssl-1.1* # James Le Cuirot (03 Apr 2016) # Masking Spring Framework for the time being as 3.2.4 is old, has # multiple vulnerabilities, and we're not likely to update it # soon. Hopefully we can revisit it when the Maven stuff works out. dev-java/spring-aop dev-java/spring-beans dev-java/spring-core dev-java/spring-expression dev-java/spring-instrument # Andreas K. Hüttel (03 Apr 2016) # Can exhaust all available memory depending on task # but is made available for experts who heed this warning # as newer versions produce different output. Contact # the proxied maintainer Matthew Brewer # for questions. <=media-gfx/slic3r-1.1.9999 # James Le Cuirot (07 Feb 2016) # Masked until 2.0 final arrives, which hopefully won't depend on # commons-dbcp:0 as that requires Java 6. Note that the 2.0 in the # tree should have actually been 2.0_beta1. There are no revdeps. dev-java/jcs # Andrey Grozin (04 Jan 2016) # Needs a bump and substantial ebuild rewrite =sci-mathematics/reduce-20110414-r1 # Michał Górny (30 Oct 2015) # Uses unsafe ioctls that could result in data corruption. Upstream # is working on replacing them in the wip/dedup-syscall branch. # Keep it masked until they are done. sys-fs/duperemove is # the suggested replacement for the meantime. sys-fs/bedup # Robin H. Johnson (04 Aug 2014) # Masked for testing, presently fails upstream testsuite: # FAIL:07:02:35 (00:00:00) db_dump/db_load(./TESTDIR.3/recd001.db:child killed: kill signal): expected 0, got 1 # FAIL:07:02:35 (00:00:00) Dump/load of ./TESTDIR.3/recd001.db failed. # FAIL:07:02:35 (00:00:00) db_verify_preop: expected 0, got 1 =sys-libs/db-6.1* =sys-libs/db-6.2* # Ulrich Müller (15 Jul 2014) # Permanently mask sys-libs/lib-compat and its reverse dependencies, # pending multiple security vulnerabilities and QA issues. # See bugs #515926 and #510960. sys-libs/lib-compat sys-libs/lib-compat-loki games-action/mutantstorm-demo games-action/phobiaii games-fps/rtcw games-fps/unreal games-strategy/heroes3 games-strategy/smac # Mikle Kolyada (27 Jun 2014) # Masked for proper testing. (Major updates in the code). ~dev-perl/PortageXS-0.2.12 # Matti Bickel (22 Apr 2014) # Masked slotted lua for testing # William Hubbs (07 Aug 2016) # Taking this mask since Mabi is retired # Rafael Martins (04 Dec 2016) # Adding Lua 5.3 to mask app-eselect/eselect-lua =dev-lang/lua-5.1.5-r100 =dev-lang/lua-5.1.5-r101 =dev-lang/lua-5.2.3 =dev-lang/lua-5.2.3-r1 =dev-lang/lua-5.2.3-r2 =dev-lang/lua-5.3.3 =dev-lang/lua-5.3.3-r1 # Samuli Suominen (06 Mar 2012) # Masked for testing since this is known to break nearly # every reverse dependency wrt bug 407091 >=dev-lang/lua-5.2.0 # Mike Gilbert (04 Mar 2014) # Dev channel releases are only for people who are developers or want more # experimental features and accept a more unstable release. www-plugins/chrome-binary-plugins:unstable # Justin Lecher (14 Oct 2013) # Seems to break all deps - API change? >=sci-libs/metis-5 # Michael Weber (17 Jul 2013) # Upstream next versions >=sys-boot/raspberrypi-firmware-1_pre # Richard Freeman (24 Mar 2013) # Contains known buffer overflows. Package generally works # but should not be fed untrusted input (eg from strangers). # Masked to ensure users are aware before they install. app-text/cuneiform # Diego E. Pettenò (03 Jan 2009) # These packages are not supposed to be merged directly, instead # please use sys-devel/crossdev to install them. dev-libs/cygwin dev-util/mingw-runtime dev-util/mingw64-runtime dev-util/w32api sys-libs/newlib dev-embedded/avr-libc # Chris Gianelloni (03 Mar 2008) # Masking due to security bug #194607 and security bug #204067 games-fps/doom3 games-fps/doom3-cdoom games-fps/doom3-chextrek games-fps/doom3-data games-fps/doom3-demo games-fps/doom3-ducttape games-fps/doom3-eventhorizon games-fps/doom3-hellcampaign games-fps/doom3-inhell games-fps/doom3-lms games-fps/doom3-mitm games-fps/doom3-roe games-fps/quake4-bin games-fps/quake4-data games-fps/quake4-demo # (01 Apr 2004) # The following packages contain a remotely-exploitable # security vulnerability and have been hard masked accordingly. # # Please see https://bugs.gentoo.org/show_bug.cgi?id=44351 for more info # games-fps/unreal-tournament-goty games-fps/unreal-tournament-strikeforce games-fps/unreal-tournament-bonuspacks games-fps/aaut