#################################################################### # # When you add an entry to the top of this file, add your name, the date, and # an explanation of why something is getting masked. Please be extremely # careful not to commit atoms that are not valid, as it can cause large-scale # breakage, especially if it ends up in the daily snapshot. # ## Example: ## ## # Dev E. Loper (28 Jun 2012) ## # Masking these versions until we can get the ## # v4l stuff to work properly again ## =media-video/mplayer-0.90_pre5 ## =media-video/mplayer-0.90_pre5-r1 # # - Best last rites (removal) practices - # Include the following info: # a) reason for masking # b) bug # for the removal (and yes you should have one) # c) date of removal (either the date or "in x days") # ## Example: ## ## # Dev E. Loper (23 May 2015) ## # Masked for removal in 30 days. Doesn't work ## # with new libfoo. Upstream dead, gtk-1, smells ## # funny. (bug #987654) ## app-misc/some-package #--- END OF EXAMPLES --- # Michał Górny (16 Mar 2019) # ProDy was added in 2015 and not bumped since (with upstream making # frequent releases). The primary maintainer abandoned it. The Gentoo # version requires Python 2, while it depends on IPython which dropped # support for Python 2. # # pymol-plugins-dynamics is its only revdep, added and abandoned # by the primary maintainer about the same time as ProDy. Last bumped # in 2017, making it behind upstream. # # Removal in 30 days. Bug #672410. sci-chemistry/prody sci-chemistry/pymol-plugins-dynamics # Michał Górny (16 Mar 2019) # Major browsers stopped supporting NPAPI plugins a while ago. # Furthermore, modern browsers carry built-in multimedia support, # rendering media plugins redundant. Last release in 2014. # Removal in 30 days. Bug #671854. www-plugins/mozplugger # Michał Górny (15 Mar 2019) # Package added in 2014 and not updated since. The current Gentoo # version used to violate multilib-strict (#627944), now it does not # build at all. # Removal in 30 days. Bug #638500. dev-util/igprof # Michał Górny (15 Mar 2019) # The current release is from 2005, upstream is gone. Last patch # added in 2010, since then the package is completely unmaintained. # Very bad ebuild quality, blocking strictening of Portage behavior. # Removal in 30 days. Bug #587306. sys-boot/quik # Michał Górny (15 Mar 2019) # Upstream website disappeared, and along with it remote index needed # for the program to work. No maintainer; package last touched in 2012. # Removal in 30 days. Bug #673600. app-text/rfcutil # Michał Górny (15 Mar 2019) # Unmaintained in Gentoo, obsoleted upstream. Tests fail (#632706). # Upstream suggests switching to Kubernetes. # Removal in 30 days. Bug #676728. app-admin/fleet # Michał Górny (15 Mar 2019) # Unmaintained in Gentoo, abandoned upstream. Last commit in 2012. # Fails to build, in multiple ways (#638842, #672190, #672196). # One of the two remaining unconditional revdeps of dev-libs/dietlibc. # Many alternatives exist, starting with net-analyzer/dsniff. # Removal in 30 days. Bug #678520. net-analyzer/dietsniff # Michał Górny (15 Mar 2019) # Last reverse dependency of dev-libs/libgcrypt-1.5* (#656378). Current # version is outdated, maintainer is MIA and the new versions are # in distro-unfriendly AppImage format (#661740). # Removal in 30 days. Bug #677486. dev-util/staruml-bin =dev-libs/libgcrypt-1.5* # Michał Górny (15 Mar 2019) # pyliblzma installs an old 'lzma' module that is incompatible with # the 'lzma' built-in in Python 3. As a result, programs written # to conditionally import the latter when available (assuming it will # have Python 3 API) are broken by its presence. The suggested # replacement is dev-python/backports-lzma that is backported # from Python 3. # # Yum is the only reverse dependency of pyliblzma left (#643312). Its # last release is from 2011, and the current Gentoo snapshot is # from 2017. Upstream git hosting / gitweb is broken and makes it # impossible to fetch current sources. Fedora is apparently replacing # it with DNF. # # Removal in 30 days. Bug #643308. app-arch/createrepo dev-python/pyliblzma sys-apps/yum # Michał Górny (13 Mar 2019) # Obscure package with multiple bugs open. Blocks removal # of dev-libs/dietlibc (#498256) and dev-libs/beecrypt (#666599). # Unresolved segfaults (#641112) or build failures (#650578), depending # on the GCC version/profile. # Removal in 30 days. Bug #680264. sys-cluster/util-vserver # Michał Górny (13 Mar 2019) # Unresolved vulnerability (CVE-2018-14663). The maintainer is inactive # for over a year. # Removal in 30 days. Bug #670214. net-dns/dnsdist # Michał Górny (13 Mar 2019) # Contains vulnerability (CVE-2016-2049) that has not been resolved # for almost 3 years. No reverse dependencies. # Removal in 30 days. Bug #572882. dev-php/php-openid # Michał Górny (13 Mar 2019) # The eselect module is obsolete, now that dev-lang/gnat-gpl is the only # implementation in Gentoo. It is unmaintained and has unresolved QA # issues. # Removal in 30 days. Bug #362753. app-eselect/eselect-gnat # Michał Górny (13 Mar 2019) # An ancient netcat clone that has been declared obsolete upstream, # yet keeps confusing Gentoo users into thinking it's better than # the original. Recommended alternatives are net-analyzer/netcat, # net-analyzer/openbsd-netcat, net-misc/socat... # Removal in 30 days. Bug #573814. net-analyzer/netcat6 # Michał Górny (13 Mar 2019) # An obscure GNU audio file library with no reverse dependencies. Last # release in 2015 (and we are one release behind). Fails to build. # Removal in 30 days. Bug #545818. media-libs/ccaudio2 # Michał Górny (13 Mar 2019) # Library part of the gobby editor that has been removed in 2016. # It has no maintainer, no revdeps and suffers from GID collision # (#537488). # Removal in 30 days. Bug #680216. net-libs/libinfinity # Michał Górny (13 Mar 2019) # Ancient asynchronous DNS library. The current Gentoo version is # from 2006, and lacks support for IPv6, NSS, /etc/hosts. There were # some new upstream activity in 2014-2016 but there is probably # no reason to bump it, now that it has no reverse dependencies anymore. # It had no Gentoo maintainer since 2004, when metadata.xml was added. # A good alternative is net-dns/c-ares. # Removal in 30 days. Bug #513238. net-libs/adns # Michał Górny (13 Mar 2019) # Ancient event-loop library with no reverse dependencies. The current # version has been released in 2003, and has no maintainer since # at least 2006 (when metadata.xml was added). Upstream released 1.0.1 # at some point but there's probably no use in bumping it. Blocks # removal of net-libs/adns. Alternatives includes dev-libs/glib, # dev-libs/libevent, dev-libs/libev and many more. # Removal in 30 days. Bug #680212. dev-libs/liboop # Michał Górny (13 Mar 2019) # Both packages duplicate each other (#511032) and share the same bugs. # They are both unmaintained, apparently fail to build (#541894) # and have a bump pending for over 3 years (#557284). # Removal in 30 days. Bug #680208. net-misc/rancid net-misc/rancid-git # Hans de Graaff (12 Mar 2019) # Mask unused obsolete slot for removal in 30 days. dev-ruby/trollop:0 # Virgil Dupras (10 Mar 2019) # Merged in pytest, no revdep. Removal in 30 days. Bug #668746 dev-python/pytest-capturelog # Michał Górny (09 Mar 2019) # According to bug #678914, our version is over 5 years old. It has # open bugs (#671742, #671990) and is non-trivial to bump due to being # merged into schily-tools (#672060). It lacks dedicated maintainer # interested in doing that. app-arch/tar (GPL) and app-arch/libarchive # (BSD) are good replacements for modern uses. # Removal in 30 days. Bug #679030. app-arch/star # Michael Palimaka (07 Mar 2019) # Fails to build with ffmpeg-4 (bug #673352). Dead upstream. # Masked for removal in 30 days. media-sound/karlyriceditor # Matt Turner (06 Mar 2019) # Does not build with glibc >= 2.25 (stabilized a year ago). Unmaintained by # maintainer-by-proxy: Bugs #628734 and #641176 # Removal in 30 days sys-fs/cryptmount # Georgy Yakovlev (06 Mar 2019) # Mask rust 1.33.0 & co because it breaks firefox simd # https://bugzilla.mozilla.org/show_bug.cgi?id=1521249 # https://bugs.gentoo.org/679656 >=dev-lang/rust-1.33.0 >=dev-lang/rust-bin-1.33.0 >=virtual/rust-1.33.0 >=virtual/cargo-1.33.0 # Mikle Kolyada (04 Mar 2019) # Mask Squid-4.x for testing =net-proxy/squid-4* # Matt Turner (02 Mar 2019) # Old, unused drivers. # Masked for removal in 30 days. Bug #679256 x11-drivers/xf86-input-elographics x11-drivers/xf86-video-newport x11-drivers/xf86-video-tdfx x11-drivers/xf86-video-voodoo # Matt Turner (02 Mar 2019) # No reverse dependencies. No releases in 13 years. # Masked for removal in 30 days. Bug #679256 x11-libs/libxkbui # Andreas Sturmlechner (02 Mar 2019) # Completely broken. Masked for removal in 30 days. # Bugs 630924, 639310, 640728, 644654, 654892, 655096, 670822 media-video/dcpomatic media-libs/libasdcp-cth media-libs/libdcp media-libs/libsub # Eray Aslan (01 Mar 2019) # Mask experimental software =mail-mta/postfix-3.5* # Andreas K. Huettel (23 Feb 2019) # Fails to build with glibc-2.28, bug 669206. # Removal in 30 days. app-arch/freeze # Michał Górny (13 Feb 2019) # Release candidate, masked for testing. =sys-devel/llvm-common-8.0.0_rc* =sys-devel/llvm-8.0.0_rc* =sys-devel/llvmgold-8 =dev-python/lit-8.0.0_rc* =dev-ml/llvm-ocaml-8.0.0_rc* =sys-devel/lld-8.0.0_rc* =sys-devel/clang-common-8.0.0_rc* =sys-devel/clang-8.0.0_rc* =dev-python/clang-python-8.0.0_rc* =dev-util/lldb-8.0.0_rc* =sys-libs/compiler-rt-8.0.0_rc* =sys-libs/compiler-rt-sanitizers-8.0.0_rc* =sys-libs/llvm-libunwind-8.0.0_rc* =sys-libs/libcxxabi-8.0.0_rc* =sys-libs/libcxx-8.0.0_rc* =sys-libs/libomp-8.0.0_rc* =sys-devel/clang-runtime-8.0.0_rc* # Miroslav Šulc (10 Feb 2019) # Depends on >=virtual/{jdk,jre}-11 which is masked =www-servers/tomcat-9.0.16 # Jeroen Roovers (31 Jan 2019) # Depends on =dev-libs/openssl-1.1.1* # bug #670574 =net-libs/nodejs-11* # Dennis Lamm (29 Jan 2019) # Depends on >=app-text/enchant-2.0.0 which is masked =gnome-extra/gtkhtml-4.10.0-r1 # Dennis Lamm (28 Jan 2019) # Depends on >=app-text/enchant-2.0.0 which is masked >=app-text/gtkspell-3.0.10 # Dennis Lamm (28 Jan 2019) # Depends on >=app-text/enchant-2.1.3 which is masked >=app-text/gspell-1.8.1 # Miroslav Šulc (23 Jan 2019) # Depends on >=virtual/{jdk,jre}-11 which is masked =dev-java/ant-eclipse-ecj-4.10 =dev-java/eclipse-ecj-4.10 =www-servers/tomcat-9.0.14 # Craig Andrews (1 Jan 2019) # Requires dev-libs/openssl-1.1.1, Bug 674148 dev-libs/gost-engine # Lars Wendler (28 Dec 2018) # Masked while being tested and reverse deps aren't fully compatible =dev-libs/openssl-1.1.1* # Hanno Boeck =app-crypt/osslsigncode-2.0 # Thomas Deutschmann (10 Dec 2018) # Requires >=dev-lang/lua-5.2 which is masked >=app-admin/lsyncd-2.2.3 # Andreas Sturmlechner (25 Nov 2018) # Masked per security vulnerability CVE-2018-14345, bug #661510 # Keeping it masked while users have unsolved issues with >0.15.0. (07 Nov 2018) # on behalf of Mozilla Project # Mask old/vuln thunderbird for removal by 2019, # see security bug 670102 (05 Nov 2018) # Causes a dependency loop in the OpenRC script. Bug #651998 =sys-fs/cryptsetup-2.0.5-r1 # Aaron W. Swenson (25 Oct 2018) # Fails to build against up to date OpenSSL library (Bug 663966). No longer # supported upstream. Use dev-db/pgadmin4. # Masked for removal on 2018-11-24, bug #669650. dev-db/pgadmin3 # Lars Wendler (22 Oct 2018) # Breaks dev-libs/gobject-introspection and its consumers # See #669278 =xfce-base/xfconf-4.13.6 # Thomas Deutschmann (12 Oct 2018) # EOL and has known vulnerabilities. Please move to # Firefox 60 or newer if you can. (07 Oct 2018) # Masked for more testing especially of reverse-deps. >=dev-games/ogre-1.11.2 # Thomas Deutschmann (06 Oct 2018) # Outdated and vulnerable snapshot; libav-12.3 is the better # version for now =media-video/libav-13_pre20171219 # Michał Górny (24 Sep 2018) # Apparently breaks sys-devel/gcc. Bug #666954. =dev-util/debugedit-4.14.2 # Andreas K. Hüttel (11 Sep 2018) # Mask transition ebuilds that were needed only for (13 Aug 2018) # Beta release with new features, masked for testing =app-text/tesseract-4.0.0_beta* # Michał Górny (01 Aug 2018) # Multiprocessing versions of gemato. They are known to hang on some # users, so let's keep them masked until somebody figures out what's # wrong. Bug #647964. ~app-portage/gemato-14.0m ~app-portage/gemato-9999m # Kent Fredric (27 May 2018) # Subject to Man-in-the-middle security bypass vulnerability. # Retained in tree only for users who need older versions # for compatibility reasons. # Bug: #623942 (25 May 2018) # New package. Needs to interact with media-libs/mesa and # x11-drivers/nvidia-drivers. Work in progress. media-libs/libglvnd # Aaron Bauman (30 Apr 2018) # Masked for testing. Will implement more of the 1.1 API # Which will require patch updates across the tree =dev-libs/libressl-2.9* # Brian Evans (20 Apr 2018) # Likely to break a lot of software # Masked for initial testing >=dev-db/mysql-connector-c++-8.0.0 # Eray Aslan (22 Jan 2018) # Vulnerable - see https://bugs.gentoo.org/630684 # Please migrate to cyrus-imapd-3.0 releases =net-mail/cyrus-imapd-2.5* # James Le Cuirot (17 Dec 2017) # Java 9+ is not yet fully supported on Gentoo. Packages cannot depend # on it so these virtuals are not yet required. If you wish to use # Java 9+ then install oracle-(jdk|jre)-bin or openjdk(-bin) directly. virtual/jdk:11 virtual/jre:11 # Andreas K. Hüttel (18 Oct 2017) # sys-devel/automake versions 1.4, 1.5, 1.6, 1.7, 1.8 # have known security vulnerabilities, are broken with # recent Perl (>=5.26.0), and are not used by anything in # the Gentoo repository. Please uninstall. sys-devel/automake:1.4 sys-devel/automake:1.5 sys-devel/automake:1.6 sys-devel/automake:1.7 sys-devel/automake:1.8 # Kent Fredric (11 Oct 2017) # This package should now be provided entirely by dev-lang/perl, # stable perl 5.24 provides Unicode-Collate-1.140.0 # testing perl 5.26 provides Unicode-Collate-1.190.0 # This should only be unmasked if you're locking to perl-5.24 and need # a newer version of virtual/perl-Unicode-Collate # If you're upgrading to perl-5.26, please do: # emerge -C perl-core/Unicode-Collate # See bug #634040 (09 Sep 2017) # Python 3 port is almost complete with version 0.6.0. Users might run into # minor bumps here and there which is why the mask is still in place for the # time being. >=dev-java/javatoolkit-0.6.0 # Gilles Dartiguelongue (04 Sep 2017) # Incompatible changes in API in Enchant 2. Bug #629838. >=app-text/enchant-2 # Sébastien Fabbro (19 Aug 2017) # ipython-6 is python-3 only and causes circular dependencies # Unset python_targets_python2_7 for ipykernel and ipyparallel if needed. >=dev-python/ipython-6 # Kent Fredric (21 Jul 2017) # Masked due to serious regression that introduces widespread data # corruption when storing data in blobs. Masked, because any code # that is written to use this version is now dependent on this version # and older versions will corrupt your code instead. # However, any existing packages should not use this version. # See: https://github.com/perl5-dbi/DBD-mysql/issues/117 =dev-perl/DBD-mysql-4.42.0 # Nicolas Bock (17 Jul 2017) # Keep shotwell development series masked. >=media-gfx/shotwell-0.29 # Nicolas Bock (31 Oct 2017) # There are multiple unresolved upstream issues with >=jabref-bin-4.0 (#636036). # If you still would like to use this version, please report any issues to # upstream. >=app-text/jabref-bin-4.0 # Hans de Graaff (05 Jun 2017) # Bundles obsolete and vulnerable webkit version. # Upstream has stopped development and recommends using # headless mode in >=www-client/chromium-59. # Masked for removal in 90 days. Bug #589994. www-client/phantomjs dev-ruby/poltergeist # Michał Górny (22 May 2017) # for Maciej S. Szmigiero # Any version above 5.100.138 breaks b43 driver in various ways. # Also, b43 wiki page says to use 5.100.138. Bug #541080. >=sys-firmware/b43-firmware-6.30.163.46 # Michał Górny , Andreas K. Hüttel , # Matthias Maier (21 May 2017 and later updates) # These old versions of toolchain packages (binutils, gcc, glibc) are no # longer officially supported and are not suitable for general use. Using # these packages can result in build failures (and possible breakage) for # many packages, and may leave your system vulnerable to known security # exploits. # If you still use one of these old toolchain packages, please upgrade (and # switch the compiler / the binutils) ASAP. If you need them for a specific # (isolated) use case, feel free to unmask them on your system. (20 May 2017) # Old versions of CUDA and their reverse dependencies. They do not # support GCC 5+, and are really old. # (updated 27 Dec 2017 with cuda < 8 because of gcc < 5 mask) (16 Feb 2017) # Old gstreamer 0.10 version, which is security vulnerable. # Use gstreamer:1.0 with media-plugins/gst-plugins-libav # instead (despite the name, it uses media-video/ffmpeg too). # Please keep this mask entry until gstreamer:0.10 is still # in tree or at least gets an affecting GLSA from bug 601354 # Bug #594878. media-plugins/gst-plugins-ffmpeg # Kent Fredric (04 Feb 2017) # Unsecure versions that have been only restored to tree # to resolve compatibility problems with mail-filter/amavisd-new # Use with caution due to these being removed for CVE-2016-1251 # Bug: #601144 # Bug: #604678 (07 Jan 2017) # This package has some dangerous quality and security issues, but # people may still find it useful. It is masked to prevent accidental # use. See bugs 603346 and 604998 for more information. app-admin/amazon-ec2-init # Robin H. Johnson (05 Jan 2017) # Masking for testing =app-emulation/ganeti-2.16* =app-emulation/ganeti-2.17* # Michał Górny (17 Nov 2016) # New version masked for testing. It supports source-window buffer size # over 2G but it 'currently performs 3-5% slower and has 1-2% worse # compression'. >=dev-util/xdelta-3.1.0 # Tim Harder (03 Nov 2016) # Masked for testing =sys-fs/fuse-3* =net-fs/sshfs-3* # Denis Dupeyron (12 Sep 2016) # Masked for testing, see bug #588894. =x11-misc/light-locker-1.7.0-r1 # Andreas K. Hüttel (03 Apr 2016) # Can exhaust all available memory depending on task # but is made available for experts who heed this warning # as newer versions produce different output. Contact # the proxied maintainer Matthew Brewer # for questions. <=media-gfx/slic3r-1.1.9999 # Robin H. Johnson (04 Aug 2014) # Masked for testing, presently fails upstream testsuite: # FAIL:07:02:35 (00:00:00) db_dump/db_load(./TESTDIR.3/recd001.db:child killed: kill signal): expected 0, got 1 # FAIL:07:02:35 (00:00:00) Dump/load of ./TESTDIR.3/recd001.db failed. # FAIL:07:02:35 (00:00:00) db_verify_preop: expected 0, got 1 # Lars Wendler (25 Jan 2019) # Also masked because of mostly incompatible license (AGPL-3) =sys-libs/db-6.1* =sys-libs/db-6.2* =sys-libs/db-18.1* # Ulrich Müller (15 Jul 2014) # Permanently mask sys-libs/lib-compat and its reverse dependencies, # pending multiple security vulnerabilities and QA issues. # See bugs #515926 and #510960. sys-libs/lib-compat sys-libs/lib-compat-loki games-action/mutantstorm-demo games-action/phobiaii games-fps/rtcw games-fps/unreal games-strategy/heroes3 games-strategy/smac # Mikle Kolyada (27 Jun 2014) # Masked for proper testing. (Major updates in the code). ~dev-perl/PortageXS-0.2.12 # Matti Bickel (22 Apr 2014) # Masked slotted lua for testing # William Hubbs (07 Aug 2016) # Taking this mask since Mabi is retired # Rafael Martins (04 Dec 2016) # Adding Lua 5.3 to mask app-eselect/eselect-lua =dev-lang/lua-5.1.5-r100 =dev-lang/lua-5.1.5-r101 =dev-lang/lua-5.1.5-r102 =dev-lang/lua-5.2.3 =dev-lang/lua-5.2.3-r1 =dev-lang/lua-5.2.3-r2 =dev-lang/lua-5.2.3-r3 =dev-lang/lua-5.3.3 =dev-lang/lua-5.3.3-r1 =dev-lang/lua-5.3.3-r2 # Samuli Suominen (06 Mar 2012) # Masked for testing since this is known to break nearly # every reverse dependency wrt bug 407091 >=dev-lang/lua-5.2.0 # Mike Gilbert (04 Mar 2014) # Dev channel releases are only for people who are developers or want more # experimental features and accept a more unstable release. www-plugins/chrome-binary-plugins:unstable # Michael Weber (17 Jul 2013) # Upstream next versions # Michał Górny (15 Mar 2019) # No single unmasked version since. Removal in 30 days. Bug #671238. >=sys-boot/raspberrypi-firmware-1_pre # Diego E. Pettenò (03 Jan 2009) # These packages are not supposed to be merged directly, instead # please use sys-devel/crossdev to install them. dev-libs/cygwin dev-util/mingw-runtime dev-util/mingw64-runtime dev-util/w32api sys-libs/newlib dev-embedded/avr-libc # Chris Gianelloni (03 Mar 2008) # Masking due to security bug #194607 and security bug #204067 games-fps/doom3 games-fps/doom3-cdoom games-fps/doom3-chextrek games-fps/doom3-data games-fps/doom3-demo games-fps/doom3-ducttape games-fps/doom3-eventhorizon games-fps/doom3-hellcampaign games-fps/doom3-inhell games-fps/doom3-lms games-fps/doom3-mitm games-fps/doom3-roe games-fps/quake4-bin games-fps/quake4-data games-fps/quake4-demo # (01 Apr 2004) # The following packages contain a remotely-exploitable # security vulnerability and have been hard masked accordingly. # # Please see https://bugs.gentoo.org/show_bug.cgi?id=44351 for more info # games-fps/unreal-tournament-goty games-fps/unreal-tournament-strikeforce games-fps/unreal-tournament-bonuspacks games-fps/aaut