reinit the tree, so we can have metadata

1 files changed, 849 insertions, 0 deletions

diff --git a/profiles/package.mask b/profiles/package.mask
new file mode 100644
index 000000000000..8e46d08ee12f
--- /dev/null
+++ b/profiles/package.mask
@@ -0,0 +1,849 @@
+####################################################################
+#
+# When you add an entry to the top of this file, add your name, the date, and
+# an explanation of why something is getting masked. Please be extremely
+# careful not to commit atoms that are not valid, as it can cause large-scale
+# breakage, especially if it ends up in the daily snapshot.
+#
+## Example:
+##
+## # Dev E. Loper <developer@gentoo.org> (28 Jun 2012)
+## # Masking  these versions until we can get the
+## # v4l stuff to work properly again
+## =media-video/mplayer-0.90_pre5
+## =media-video/mplayer-0.90_pre5-r1
+#
+# - Best last rites (removal) practices -
+# Include the following info:
+# a) reason for masking
+# b) bug # for the removal (and yes you should have one)
+# c) date of removal (either the date or "in x days")
+#
+## Example:
+##
+## # Dev E. Loper <developer@gentoo.org> (23 May 2015)
+## # Masked for removal in 30 days.  Doesn't work
+## # with new libfoo. Upstream dead, gtk-1, smells
+## # funny. (bug #987654)
+## app-misc/some-package
+
+#--- END OF EXAMPLES ---
+
+# Aaron Bauman <bman@gentoo.org> (8 October 2017)
+# severely vulnerable and unmaintained sources.
+# Masked for removal in 30 days. Bug #627924
+sys-kernel/tuxonice-sources
+
+# Michał Górny <mgorny@gentoo.org> (05 Oct 2017)
+# (on behalf of QA)
+# Rogue version bumps that reintroduce QA violations that were fixed
+# in #598527 and #598529, breaking the current verison
+# of app-portage/eix as a result, #633424. Do not reintroduce without
+# prior review from QA.
+=app-shells/push-3.0
+=app-shells/quoter-4.0
+
+# Andreas Sturmlechner <asturm@gentoo.org> (04 Oct 2017)
+# Unmaintained KCM for a kcmshell that does not exist anymore.
+# Depends on dead Qt4. Masked for removal in 30 days. Bug #629236
+x11-libs/compizconfig-backend-kconfig4
+
+# Patrice Clement <elvis@magic.io> (01 Oct 2017)
+# Mask Atom betas for testing.
+app-editors/atom:beta
+
+# Michael Palimaka <kensington@gentoo.org> (01 Oct 2017)
+# Fails to build (bug #622632). Requires dead and vulnerable qtwebkit4
+# (bug #620710). Masked for removal in 30 days.
+media-sound/lastfm-desktop
+
+# Michael Palimaka <kensington@gentoo.org> (30 Sep 2017)
+# Depends on dead qt4. Dead upstream.
+# Masked for removal in 30 days.
+net-misc/dnetstats
+
+# Michael Palimaka <kensington@gentoo.org> (30 Sep 2017)
+# Depends on dead qt4. Dead upstream.
+# Masked for removal in 30 days.
+app-office/qcharselect
+
+# Michael Palimaka <kensington@gentoo.org> (30 Sep 2017)
+# Blocks cleanup of dead and vulnerable qtwebkit4.
+# Depends on dead qt4. Dead upstream.
+# Masked for removal in 30 days. Bug #624244.
+sci-chemistry/mongochem
+
+# Michael Palimaka <kensington@gentoo.org> (29 Sep 2017)
+# Various regressions compared to previous release.
+# Masked pending more information from upstream.
+>=x11-misc/albert-0.13.0
+
+# Michael Palimaka <kensington@gentoo.org> (26 Sep 2017)
+# Requires dead Qt 4. Dead upstream.
+# Masked for removal in 30 days.
+kde-misc/konstruktor
+
+# Michael Palimaka <kensington@gentoo.org> (26 Sep 2017)
+# Requires dead Qt 4. Dead upstream.
+# Masked for removal in 30 days.
+kde-misc/kookie
+
+# Andreas Sturmlechner <asturm@gentoo.org> (26 Sep 2017)
+# Requires dead Qt 4. Dead upstream. Use media-sound/cantata
+# instead, which originally started as a QtMPC fork but is
+# much more advanced. Masked for removal in 30 days.
+media-sound/qtmpc
+
+# Andreas K. Huettel <dilfridge@gentoo.org> (23 Sep 2017)
+# Broken on Perl 5.26 (bug 623096), no fix in sight. No consumers.
+# Removal in 30 days.
+dev-perl/rpm-build-perl
+
+# Hans de Graaff <graaff@gentoo.org> (23 Sep 2017) Mask old
+# unmaintained slots for removal in 30 days. Upgrade to the newer
+# slots.
+dev-ruby/capybara:0
+dev-ruby/xpath:0
+
+# Bernard Cafarelli <voyageur@gentoo.org> (20 Sep 2017)
+# Requires qt 5.8, not yet in tree. Bug #631570
+>=media-video/orion-1.6.0
+
+# Michael Palimaka <kensington@gentoo.org> (21 Sep 2017)
+# Requires dead Qt 4. Dead upstream.
+# Masked for removal in 30 days.
+media-libs/herqq
+
+# Patrice Clement <monsieurp@gentoo.org> (20 Sep 2017)
+# Upstream has been dead for years.
+# Masked for removal in 30 days.
+dev-java/db4o-jdk5
+dev-java/db4o-jdk11
+dev-java/db4o-jdk12
+
+# Andrey Grozin <grozin@gentoo.org> (19 Sep 2017)
+# This package was a stopgap to bump dev-python/spyder to 3.*
+# Now >=dev-python/rope-0.10.7 supports python3, use it instead
+# Masked for removal in 30 days.
+dev-python/rope_py3k
+
+# Pawel Hajdan, Jr. <phajdan.jr@gentoo.org> (18 Sep 2017)
+# Dev channel releases are only for people who are developers or want more
+# experimental features and accept a more unstable release.
+>=www-client/chromium-63
+
+# Kent Fredric <kentnl@gentoo.org> (18 Sep 2017)
+# Dead upstream, requires Module::Install. May be kept
+# if somebody can make an argument for it. Bug #631334
+# Masked for removal in 30 days.
+dev-perl/PerlIO-via-symlink
+
+# Andreas Sturmlechner <asturm@gentoo.org> (16 Sep 2017)
+# Unfortunately broken esp. with USE=python. Bugs #623780, #631064
+=sci-geosciences/qgis-2.18.12-r100
+
+# Michael Palimaka <kensington@gentoo.org> (11 Sep 2017)
+# Requires dead Qt 4. Dead upstream. Fails to build with new x11-libs/qscintilla.
+# Masked for removal in 30 days. Bug #628224.
+app-editors/qwriter
+
+# Michael Palimaka <kensington@gentoo.org> (11 Sep 2017)
+# Requires dead Qt 4. Dead upstream. Fails to build with new x11-libs/qscintilla.
+# Masked for removal in 30 days. Bug #628228.
+dev-util/kscope
+
+# Michael Palimaka <kensington@gentoo.org> (11 Sep 2017)
+# Requires dead Qt 4. Dead upstream. Fails to build with new x11-libs/qscintilla.
+# Masked for removal in 30 days. Bug #628230.
+dev-util/monkeystudio
+
+# Michael Palimaka <kensington@gentoo.org> (11 Sep 2017)
+# Requires dead Qt 4. Dead upstream. Fails to build with new x11-libs/qscintilla.
+# Masked for removal in 30 days. Bug #628234.
+dev-util/universalindentgui
+
+# Andreas Sturmlechner <asturm@gentoo.org> (10 Sep 2017)
+# Requires dead Qt 4. Dead upstream. Does not work.
+# Use net-misc/dropbox or kde-apps/dolphin-plugins instead.
+# Masked for removal in 30 days.
+kde-misc/kfilebox
+
+# Andreas Sturmlechner <asturm@gentoo.org> (10 Sep 2017)
+# Requires dead Qt 4. Dead upstream. Unmaintained.
+# Use media-video/kmplayer or kde-apps/dragon instead.
+# Masked for removal in 30 days.
+media-video/kplayer
+
+# Michael Palimaka <kensington@gentoo.org> (10 Sep 2017)
+# Requires dead Qt 4. Dead upstream. Build failures.
+# Bug #622548, #623574. Masked for removal in 30 days.
+net-libs/qmf
+
+# Michael Palimaka <kensington@gentoo.org> (10 Sep 2017)
+# Requires dead Qt 4. Dead upstream. Use Qt 5 instead.
+# Depends on vulnerable gstreamer:0.10.
+# Masked for removal in 30 days.
+dev-qt/qt-mobility
+
+# Michael Palimaka <kensington@gentoo.org> (09 Sep 2017)
+# Requires dead Qt 4. Dead upstream.
+# Masked for removal in 30 days.
+app-text/kding
+
+# Michael Palimaka <kensington@gentoo.org> (09 Sep 2017)
+# Requires dead Qt 4. Dead upstream. Unmaintained.
+# Masked for removal in 30 days.
+sys-process/procexp
+
+# Michael Palimaka <kensington@gentoo.org> (09 Sep 2017)
+# Requires dead Qt 4. Dead upstream. Unmaintained.
+# Masked for removal in 30 days.
+x11-apps/python-whiteboard
+
+# Patrice Clement <monsieurp@gentoo.org> (09 Sep 2017)
+# Python 3 port is almost complete with version 0.6.0. Users might run into
+# minor bumps here and there which is why the mask is still in place for the
+# time being.
+>=dev-java/javatoolkit-0.6.0
+
+# Austin English <wizardedit@gentoo.org> (05 Sep 2017)
+# Download has been broken for nearly a year, no alternative found
+# Bug: https://bugs.gentoo.org/599390
+# Removal in 30 days
+games-rpg/nwmouse
+games-rpg/nwmovies
+games-rpg/nwn
+games-rpg/nwn-cep
+games-rpg/nwn-data
+games-rpg/nwn-penultima
+games-rpg/nwn-penultimarerolled
+games-rpg/nwn-shadowlordsdreamcatcherdemon
+
+# Gilles Dartiguelongue <eva@gentoo.org> (04 Sep 2017)
+# Incompatible changes in API in Enchant 2. Bug #629838.
+>=app-text/enchant-2
+
+# Lars Wendler <polynomial-c@gentoo.org> (03 Sep 2017)
+# Masked because a new object API was introduced which breaks consumers:
+# https://cgit.freedesktop.org/poppler/poppler/commit/poppler/Object.h?id=9773c1534668d84b8267c3e5c9d612076fa231a5
+# See also our tracker bug: https://bugs.gentoo.org/629836
+>=app-text/poppler-0.58.0
+
+# Gilles Dartiguelongue <eva@gentoo.org> (2 Sep 1017)
+# Gnome 3.26 package mask
+>=app-text/libgepub-0.5
+
+# Aaron Bauman <bman@gentoo.org> (1 Sep 2017)
+# vulnerable per bug #513818 and dead upstream
+# net-analyzer/ntopng is available
+net-analyzer/ntop
+
+# Anthony G. Basile <blueness@gentoo.org> (27 Aug 2017)
+# Upstream is no longer providing public patches
+sys-kernel/hardened-sources
+
+# Patrice Clement <monsieurp@gentoo.org> (23 Aug 2017)
+# Packages depending on this library need to be tested first before
+# it is unmasked. Possibly some slotting is still needed.
+# Package testing tracked in bug #611022.
+>=dev-libs/msgpack-1.4.2
+
+# Hanno Boeck <hanno@gentoo.org> (21 Aug 2017)
+# Open security bugs, no upstream, bug 628432
+# Alternatives: app-arch/libarchive, app-arch/unar
+app-arch/unrar-gpl
+
+# Michał Górny <mgorny@gentoo.org> (20 Aug 2017)
+# Pre-release of a new incompatible version that breaks the only reverse
+# dependency in Gentoo. Masked until 2.0.0 proper is released, or
+# dev-cpp/libjson-rpc-cpp is fixed, whichever happens first.
+>=dev-cpp/catch-2
+
+# Sébastien Fabbro <bicatali@gentoo.org> (19 Aug 2017)
+# ipython-6 is python-3 only and causes circular dependencies
+# Unset python_targets_python2_7 for ipykernel and ipyparallel if needed.
+>=dev-python/ipython-6
+
+# Michael Orlitzky <mjo@gentoo.org> (18 Aug 2017)
+# Last version from 2011, and has a vulnerable init script
+# (bug 603382). The proxy-maintainer is unknown to bugzilla,
+# and the previous maintainer jmbsvicetto is OK with masking.
+<net-misc/vde-2.3.2-r4
+
+# Mats Lidell <matsl@gentoo.org> (17 Aug 2017)
+# Masked ede and all its dependencies due to security reasons. 
+# bug #398241
+app-xemacs/ede
+app-xemacs/semantic
+app-xemacs/jde
+app-xemacs/xslt-process
+app-xemacs/xetla
+app-xemacs/cogre
+app-xemacs/ecb
+app-xemacs/xemacs-packages-all
+
+# Lars Wendler <polynomial-c@gentoo.org> (06 Aug 2017)
+# Masked for security reasons:
+# https://bugs.gentoo.org/600214
+<app-emulation/virtualbox-5.0.40
+<app-emulation/virtualbox-additions-5.0.40
+<app-emulation/virtualbox-bin-5.0.40
+<app-emulation/virtualbox-extpack-oracle-5.0.40
+<app-emulation/virtualbox-guest-additions-5.0.40
+<app-emulation/virtualbox-modules-5.0.40
+<x11-drivers/xf86-video-virtualbox-5.0.40
+
+
+# Bernard Cafarelli <voyageur@gentoo.org> (04 Aug 2017)
+# Temporary mask as current net-ftp/filezilla does not compile
+# with it, bug #626292
+=dev-libs/libfilezilla-0.10.0
+
+# Alexey Shvetsov <alexxy@gentoo.org> (26 Jul 2017)
+# Its pre release so better to mask it
+=media-gfx/freecad-0.17_pre*
+
+# Kent Fredric <kentnl@gentoo.org> (21 Jul 2017)
+# Masked due to serious regression that introduces widespread data
+# corruption when storing data in blobs. Masked, because any code
+# that is written to use this version is now dependent on this version
+# and older versions will corrupt your code instead.
+# However, any existing packages should not use this version.
+# See: https://github.com/perl5-dbi/DBD-mysql/issues/117
+=dev-perl/DBD-mysql-4.42.0
+
+# Brian Evans <grknight@gentoo.org> (21 Jul 2017)
+# Mask initial beta of PHP 7.2 for further testing
+>=dev-lang/php-7.2.0_beta1
+=virtual/httpd-php-7.2
+
+# Mikhail Pukhlikov <cynede@gentoo.org> (20 Jul 2017)
+# Old mono/dotnet packages (used on GNOME2 stack)
+# also some deprecated forks used for monodevelop
+# awhile they are very unstable they will live in dotnet overlay
+gnome-extra/docky
+dev-dotnet/gnome-desktop-sharp
+dev-dotnet/gtksourceview-sharp
+dev-dotnet/rsvg-sharp
+dev-dotnet/vte-sharp
+dev-dotnet/wnck-sharp
+dev-dotnet/xdt-for-monodevelop
+dev-dotnet/nuget
+dev-dotnet/referenceassemblies-pcl
+
+# Ian Stakenvicius <axs@gentoo.org> (19 Jul 2017)
+# Mask spidermonkey:52 as it is a self-rolled release, no official
+# release has been rolled.  Is only committed to support development
+# versions of gjs.  Will unmask when gnome-3.26 is ready for testing
+# or when upstream releases an official tarball.
+dev-lang/spidermonkey:52
+
+# Nicolas Bock <nicolasbock@gentoo.org> (17 Jul 2017)
+# Keep shotwell development series masked.
+>=media-gfx/shotwell-0.27
+
+# Pacho Ramos <pacho@gentoo.org> (14 Jul 2017)
+# Doesn't work with >=openvpn-2.3, bug 470696
+# Fix is work in progress, see above bug. dilfridge@g.o
+net-vpn/kvpnc
+
+# Pacho Ramos <pacho@gentoo.org> (14 Jul 2017)
+# Randomly broken due to sys-devel/binutils-config bug (#584296).
+# Unmask when it is finally fixed, so people can build the package.
+dev-util/mutrace
+
+# Matthias Schwarzott <zzam@gentoo.org> (03 Jul 2017)
+# The snapshots got a wrong version number assigned.
+# They are from before version 2.0.0. Masking them to force
+# an update to version 2.0.0 as soon as it is added to the tree.
+=media-plugins/vdr-xineliboutput-2.0.0_p20130821
+=media-plugins/vdr-xineliboutput-2.0.0_p20150220
+
+# Thomas Deutschmann <whissi@gentoo.org> (28 Jun 2017)
+# New strip feature which is enabled by default causes genkernel
+# to create unbootable kernel/initramfs images. Bug #622716
+=sys-kernel/genkernel-3.5.1.0
+
+# Thomas Deutschmann <whissi@gentoo.org> (17 Jun 2017)
+# Unmaintained in Gentoo repository; Multiple vulnerabilities
+# People using VMware in Gentoo should switch to Gentoo's VMware overlay
+# Bugs 619398, 621910, 616958, 536364, 614666, 612804 ...
+app-emulation/vmware-workstation
+app-emulation/vmware-player
+app-emulation/vmware-modules
+app-emulation/vmware-tools
+
+# Raymond Jennings <shentino@gmail.com> (11 Jun 2017)
+# Upstream announced EOL effective July 2017.
+# Depends on qt4 which is being deprecated.
+# Possible alternative is skypeforlinux,
+# which uses the same account information but has different features.
+# See bug #620722 and bug #608174.
+dev-python/skype4py
+media-sound/skype-call-recorder
+net-im/skype
+net-im/skypetab-ng
+
+# Hans de Graaff <graaff@gentoo.org> (05 Jun 2017)
+# Bundles obsolete and vulnerable webkit version.
+# Upstream has stopped development and recommends using
+# headless mode in >=www-client/chromium-59.
+# Masked for removal in 90 days. Bug #589994.
+www-client/phantomjs
+dev-ruby/poltergeist
+
+# Andreas K. Hüttel <dilfridge@gentoo.org> (5 June 2017)
+# Masked for initial testing.
+=dev-lang/perl-5.26.0
+=dev-lang/perl-5.26.1
+=virtual/perl-Archive-Tar-2.240.0
+=virtual/perl-B-Debug-1.240.0
+=virtual/perl-CPAN-2.180.0
+=virtual/perl-CPAN-Meta-2.150.10
+=virtual/perl-Carp-1.420.0
+=virtual/perl-Compress-Raw-Bzip2-2.74.0
+=virtual/perl-Compress-Raw-Zlib-2.74.0
+=virtual/perl-DB_File-1.840.0
+=virtual/perl-Data-Dumper-2.167.0
+=virtual/perl-Devel-PPPort-3.350.0
+=virtual/perl-Digest-MD5-2.550.0
+=virtual/perl-Digest-SHA-5.960.0
+=virtual/perl-Encode-2.880.0
+=virtual/perl-ExtUtils-MakeMaker-7.240.0
+=virtual/perl-ExtUtils-ParseXS-3.340.0
+=virtual/perl-File-Spec-3.670.0
+=virtual/perl-Filter-Simple-0.930.0
+=virtual/perl-Getopt-Long-2.490.0
+=virtual/perl-HTTP-Tiny-0.70.0
+=virtual/perl-I18N-LangTags-0.420.0
+=virtual/perl-IO-1.380.0
+=virtual/perl-IO-Compress-2.74.0
+=virtual/perl-IO-Socket-IP-0.380.0
+=virtual/perl-IPC-Cmd-0.960.0
+=virtual/perl-JSON-PP-2.274.0.200_rc
+=virtual/perl-Locale-Maketext-1.280.0
+=virtual/perl-Math-BigInt-1.999.806-r1
+=virtual/perl-Math-BigInt-FastCalc-0.500.500
+=virtual/perl-Math-BigRat-0.261.100
+=virtual/perl-Math-Complex-1.590.100
+=virtual/perl-Module-Load-Conditional-0.680.0
+=virtual/perl-Module-Metadata-1.0.33
+=virtual/perl-Net-Ping-2.550.0
+=virtual/perl-Parse-CPAN-Meta-2.150.10
+=virtual/perl-Perl-OSType-1.10.0
+=virtual/perl-Pod-Simple-3.350.0
+=virtual/perl-Safe-2.400.0
+=virtual/perl-Scalar-List-Utils-1.460.200_rc
+=virtual/perl-Storable-2.620.0
+=virtual/perl-Sys-Syslog-0.350.0
+=virtual/perl-Term-ANSIColor-4.60.0
+=virtual/perl-Term-ReadLine-1.160.0
+=virtual/perl-Test-1.300.0
+=virtual/perl-Test-Harness-3.380.0
+=virtual/perl-Test-Simple-1.302.73
+=virtual/perl-Thread-Queue-3.120.0
+=virtual/perl-Thread-Semaphore-2.130.0
+=virtual/perl-Time-Local-1.250.0
+=virtual/perl-XSLoader-0.270.0
+=virtual/perl-bignum-0.470.0
+=virtual/perl-libnet-3.100.0
+=virtual/perl-parent-0.236.0
+=virtual/perl-podlators-4.90.0
+=virtual/perl-threads-2.150.0
+=virtual/perl-threads-shared-1.560.0
+=virtual/perl-version-0.991.700
+#
+# The following masks are technically not part of the Perl 5.26 block,
+# but with the unmasking of Perl 5.26 they become obsolete and can be
+# removed:
+#
+>=perl-core/ExtUtils-MakeMaker-7.180.0
+>=dev-perl/Net-Twitter-4.10.420
+>=perl-core/Math-BigInt-1.999.726
+>=dev-perl/Math-BigInt-GMP-1.600.0
+=perl-core/Test-Simple-1.302.96
+=virtual/perl-Test-Simple-1.302.96
+dev-perl/Test2-Suite
+>=dev-perl/Data-Validate-Domain-0.120.0
+dev-perl/Test2-Plugin-NoWarnings
+dev-perl/Params-ValidationCompiler
+dev-perl/Sub-Info
+dev-perl/Term-Table
+>=dev-perl/DateTime-Locale-1.60.0
+>=dev-perl/DateTime-TimeZone-2.20.0
+>=dev-perl/DateTime-1.370.0
+>=dev-perl/DateTime-Format-Strptime-1.710.0
+>=dev-perl/Log-Dispatch-2.590.0
+>=dev-perl/App-pwhich-1.150.0
+
+# Thomas Deutschmann <whissi@gentoo.org> (24 May 2017)
+# Broken runscript/changed behavior causing lvm2 to fail
+# on boot. Bug #617578
+>=sys-fs/lvm2-2.02.171
+
+# Michał Górny <mgorny@gentoo.org> (22 May 2017)
+# for Maciej S. Szmigiero <mail@maciej.szmigiero.name>
+# Any version above 5.100.138 breaks b43 driver in various ways.
+# Also, b43 wiki page says to use 5.100.138. Bug #541080.
+>=sys-firmware/b43-firmware-6.30.163.46
+
+# Michał Górny <mgorny@gentoo.org>, Andreas K. Hüttel <dilfridge@gentoo.org>,
+# Matthias Maier <tamiko@gentoo.org> (21 May 2017)
+# These old versions of toolchain packages (binutils, gcc, glibc) are no
+# longer officially supported and are not suitable for general use. Using
+# these packages can result in build failures (and possible breakage) for
+# many packages, and may leave your system vulnerable to known security
+# exploits.
+# If you still use one of these old toolchain packages, please upgrade (and
+# switch the compiler / the binutils) ASAP. If you need them for a specific
+# (isolated) use case, feel free to unmask them on your system.
+<sys-devel/gcc-4.9
+<sys-libs/glibc-2.23-r4
+<sys-devel/binutils-2.28.1
+
+# Michał Górny <mgorny@gentoo.org> (20 May 2017)
+# Old versions of CUDA and their reverse dependencies. They do not
+# support GCC 4.9+, and are really old.
+<dev-python/pycuda-2016
+<dev-util/nvidia-cuda-sdk-7
+<dev-util/nvidia-cuda-toolkit-7
+net-wireless/cpyrit-cuda
+
+# Maciej Mrozowski <reavertm@gentoo.org> (18 May 2017)
+# Experimental, most consumers does not support it yet
+>=dev-games/openscenegraph-3.5.5
+>=dev-games/openscenegraph-qt-3.5.5
+
+# Bernard Cafarelli <voyageur@gentoo.org> (8 May 2017)
+# Coordinated conversion to wxGTK:3.0-gtk3
+# Drop mask after migration of existing wxGTK:3.0 users
+# and wxGTK-3.0.3 bump in tree
+>=net-ftp/filezilla-3.25.2-r1
+
+# Zac Medico <zmedico@gentoo.org> (01 May 2017)
+# Possible API incompatibilities, bug #617174.
+# http://aiohttp.readthedocs.io/en/latest/migration.html
+>=dev-python/aiohttp-2
+>=dev-python/yarl-0.10
+
+# Rick Farina <zerochaos@gentoo.org> (17 Apr 2017)
+# Masking old versions because upstream changed versioning
+# Please keep this mask for 1 year to ease upgrades for users
+=app-crypt/hashcat-3.10-r1
+=app-crypt/hashcat-3.30
+=app-crypt/hashcat-3.40
+
+# Lars Wendler <polynomial-c@gentoo.org> (24 Mar 2017)
+# Masked until Mozilla and Chrome agreed how to handle
+# Symantec trust issues properly (bug #613714)
+=app-misc/ca-certificates-20161130.3.30-r1
+
+# Eray Aslan <eras@gentoo.org> (01 Mar 2017)
+# Mask experimental software
+=mail-mta/postfix-3.3*
+
+# Davide Pesavento <pesa@gentoo.org> (25 Feb 2017)
+# Library name changed in 2.10, breaking many consumers.
+# Needs full revdep testing.
+>=dev-python/qscintilla-python-2.10
+>=x11-libs/qscintilla-2.10
+=app-editors/juffed-0.10_p20160323
+
+# Mart Raudsepp <leio@gentoo.org> (16 Feb 2017)
+# Old gstreamer 0.10 version, which is security vulnerable.
+# Use gstreamer:1.0 with media-plugins/gst-plugins-libav
+# instead (despite the name, it uses media-video/ffmpeg too).
+# Please keep this mask entry until gstreamer:0.10 is still
+# in tree or at least gets an affecting GLSA from bug 601354
+# Bug #594878.
+media-plugins/gst-plugins-ffmpeg
+
+# Kent Fredric <kentnl@gentoo.org> (04 Feb 2017)
+# Unsecure versions that have been only restored to tree
+# to resolve compatibility problems with mail-filter/amavisd-new
+# Use with caution due to these being removed for CVE-2016-1251
+# Bug: #601144
+# Bug: #604678
+<dev-perl/DBD-mysql-4.41.0
+
+# Alon Bar-Lev <alonbl@gentoo.org> (06 Feb 2017)
+# Needs openssl-1.1
+>=dev-libs/opencryptoki-3.6
+
+# Bernard Cafarelli <voyageur@gentoo.org> (30 Jan 2017)
+# Alpha release with new features, masked for testing
+=app-text/tesseract-4.00.00_alpha*
+
+# Michał Górny <mgorny@gentoo.org> (26 Jan 2017)
+# Pre-release, masked for testing. Major changes since 2.0.4,
+# including dropped support for BlueZ 4.
+=net-wireless/blueman-2.1_alpha*
+
+# Yixun Lan <dlan@gentoo.org> (16 Jan 2017)
+# Masked, Vulnerable due to RGW Denial of Service (bug #598206)
+# We mask it instead of removing them, due user may need them while
+# upgrade from old versions (<0.94.x)
+<sys-cluster/ceph-10.2.3-r1
+
+# Jeroen Roovers <jer@gentoo.org> (12 Jan 2017)
+# Use x11-drivers/nvidia-drivers[tools] instead.
+media-video/nvidia-settings
+
+# Michael Orlitzky <mjo@gentoo.org> (07 Jan 2017)
+# This package has some dangerous quality and security issues, but
+# people may still find it useful. It is masked to prevent accidental
+# use. See bugs 603346 and 604998 for more information.
+app-admin/amazon-ec2-init
+
+# Mart Raudsepp <leio@gentoo.org> (07 Jan 2017)
+# No releases of this API version since March 2001, abandoned
+# in favour of glib:2 for 14 years; bug 604966.
+# Removed at 2017-02-08, mask kept for longer display to users.
+dev-libs/glib:1
+
+# Mart Raudsepp <leio@gentoo.org> (06 Jan 2017)
+# No releases of this API version since April 2001, abandoned
+# in favour of gtk+:2 for 14 years; bug 604862.
+# Removed at 2017-02-08, mask kept for longer display to users.
+x11-libs/gtk+:1
+
+# Robin H. Johnson <robbat2@gentoo.org> (05 Jan 2017)
+# Masking for testing
+=app-emulation/ganeti-2.16*
+=app-emulation/ganeti-2.17*
+
+# Markos Chandras <hwoarang@gentoo.org> (10 Dec 2016)
+# Reverse dependencies need testing, wrt bug #580760
+>=net-libs/libtorrent-rasterbar-1.1.1
+
+# Michał Górny <mgorny@gentoo.org> (17 Nov 2016)
+# New version masked for testing. It supports source-window buffer size
+# over 2G but it 'currently performs 3-5% slower and has 1-2% worse
+# compression'.
+>=dev-util/xdelta-3.1.0
+
+# Tim Harder <radhermit@gentoo.org> (03 Nov 2016)
+# Masked for testing
+=sys-fs/fuse-3.0.0*
+
+# Denis Dupeyron <calchan@gentoo.org> (12 Sep 2016)
+# Masked for testing, see bug #588894.
+=x11-misc/light-locker-1.7.0-r1
+
+# Lars Wendler <polynomial-c@gentoo.org> (26 Aug 2016)
+# Masked while being tested and reverse deps aren't fully compatible
+=dev-libs/openssl-1.1*
+
+# Michał Górny <mgorny@gentoo.org> (18 Jul 2016)
+# Pre-release of a complete rewrite, provided for early testing. Not all
+# functionality is provided yet. Use --pretend to make sure correct
+# files will be removed.
+>=app-admin/eclean-kernel-1.99
+
+# Chris Reffett <creffett@gentoo.org> (25 May 2016)
+# The webkit-gtk:4 backend for Xiphos has known text display issues.
+# Use at your own risk.
+=app-text/xiphos-4.0.4-r1
+
+# James Le Cuirot <chewi@gentoo.org> (03 Apr 2016)
+# Masking Spring Framework for the time being as 3.2.4 is old, has
+# multiple vulnerabilities, and we're not likely to update it
+# soon. Hopefully we can revisit it when the Maven stuff works out.
+dev-java/spring-aop
+dev-java/spring-beans
+dev-java/spring-core
+dev-java/spring-expression
+dev-java/spring-instrument
+
+# Andreas K. Hüttel <dilfridge@gentoo.org> (03 Apr 2016)
+# Can exhaust all available memory depending on task
+# but is made available for experts who heed this warning
+# as newer versions produce different output. Contact
+# the proxied maintainer Matthew Brewer <tomboy64@sina.cn>
+# for questions.
+<=media-gfx/slic3r-1.1.9999
+
+# José María Alonso <nimiux@gentoo.org> (24 Mar 2016)
+# Fails to build dev-lisp/sbcl-1.3.3 #563812
+=dev-lisp/asdf-3.1.7
+=dev-lisp/uiop-3.1.7
+
+# James Le Cuirot <chewi@gentoo.org> (07 Feb 2016)
+# Masked until 2.0 final arrives, which hopefully won't depend on
+# commons-dbcp:0 as that requires Java 6. Note that the 2.0 in the
+# tree should have actually been 2.0_beta1. There are no revdeps.
+dev-java/jcs
+
+# Andrey Grozin <grozin@gentoo.org> (04 Jan 2016)
+# Needs a bump and substantial ebuild rewrite
+=sci-mathematics/reduce-20110414-r1
+
+# Michał Górny <mgorny@gentoo.org> (30 Oct 2015)
+# Uses unsafe ioctls that could result in data corruption. Upstream
+# is working on replacing them in the wip/dedup-syscall branch.
+# Keep it masked until they are done. sys-fs/duperemove is
+# the suggested replacement for the meantime.
+sys-fs/bedup
+
+# Ian Delaney <idella4@gentoo.org> (27 Oct 2015)
+# fails to build dev-lisp/sbcl-1.2.16 #563812
+# mgorny: dev-lisp/uiop as version-bound revdep
+=dev-lisp/asdf-3.1.6
+=dev-lisp/uiop-3.1.6
+
+# Mike Pagano <mpagano@gentoo.org> (2 Oct 2015)
+# A regression in kernel 4.1.9 could lead to a system
+# lockup.  This has been fixed in gentoo-sources-4.1.9-r1
+# and the hope is that this patch will make it to 4.1.10
+# Expires (2 Oct 2017)
+=sys-kernel/vanilla-sources-4.1.9
+=sys-kernel/gentoo-sources-4.1.9
+
+# Lars Wendler <polynomial-c@gentoo.org> (20 Aug 2015)
+# Releases are not from original upstream but from a fork.
+# Masked as requested by vapier.
+~net-misc/iputils-20160308
+~net-misc/iputils-20161105
+
+# Sebastian Pipping <sping@gentoo.org> (8 Aug 2015)
+# Upcoming, too young to go into testing unmasked
+dev-libs/iniparser:4
+
+# Davide Pesavento <pesa@gentoo.org> (23 Jul 2015)
+# Standalone version of qtwebkit from the 2.3 upstream branch.
+# Needs revdep testing. Bug #388207.
+=dev-qt/qtwebkit-4.10*
+
+# Justin Lecher <jlec@gentoo.org> (28 Feb 2015)
+# Unfixed security problems
+# No upstream support anymore
+# CVE-2015-{0219,0220,0221,0222,5145}
+# CVE-2016-{9013,9014},CVE-2017-{7233,7234}
+# #536586
+# #554864
+=dev-python/django-1.4*
+=dev-python/django-1.5*
+=dev-python/django-1.6*
+=dev-python/django-1.7*
+=dev-python/django-1.9*
+
+# Jeroen Roovers <jer@gentoo.org> (12 Dec 2014)
+# The 96 and 173 branches are no longer supported and remain vulnerable to
+# CVE-2014-8298 (bug #532342). You may be able to mitigate the vulnerability by
+# disabling GLX indirect rendering protocol support on the X server.
+<x11-drivers/nvidia-drivers-304
+
+# Robin H. Johnson <robbat2@gentoo.org> (04 Aug 2014)
+# Masked for testing, presently fails upstream testsuite:
+# FAIL:07:02:35 (00:00:00) db_dump/db_load(./TESTDIR.3/recd001.db:child killed: kill signal): expected 0, got 1
+# FAIL:07:02:35 (00:00:00) Dump/load of ./TESTDIR.3/recd001.db failed.
+# FAIL:07:02:35 (00:00:00) db_verify_preop: expected 0, got 1
+=sys-libs/db-6.1*
+=sys-libs/db-6.2*
+
+# Ulrich Müller <ulm@gentoo.org> (15 Jul 2014)
+# Permanently mask sys-libs/lib-compat and its reverse dependencies,
+# pending multiple security vulnerabilities and QA issues.
+# See bugs #515926 and #510960.
+sys-libs/lib-compat
+sys-libs/lib-compat-loki
+games-action/mutantstorm-demo
+games-action/phobiaii
+games-fps/rtcw
+games-fps/unreal
+games-strategy/heroes3
+games-strategy/heroes3-demo
+games-strategy/smac
+
+# Mikle Kolyada <zlogene@gentoo.org> (27 Jun 2014)
+# Masked for proper testing. (Major updates in the code).
+~dev-perl/PortageXS-0.2.12
+
+# Hans de Graaff <graaff@gentoo.org> (1 Jun 2014)
+# Mask new rubinius version for testing. This needs more work
+# to fully integrate it in our Gentoo ruby handling. Volunteers
+# welcome.
+=dev-lang/rubinius-3*
+
+# Matti Bickel <mabi@gentoo.org> (22 Apr 2014)
+# Masked slotted lua for testing
+# William Hubbs <williamh@gentoo.org> (07 Aug 2016)
+# Taking this mask since Mabi is retired
+# Rafael Martins <rafaelmartins@gentoo.org> (04 Dec 2016)
+# Adding Lua 5.3 to mask
+app-eselect/eselect-lua
+=dev-lang/lua-5.1.5-r2
+=dev-lang/lua-5.1.5-r100
+=dev-lang/lua-5.1.5-r101
+=dev-lang/lua-5.2.3
+=dev-lang/lua-5.2.3-r1
+=dev-lang/lua-5.2.3-r2
+=dev-lang/lua-5.3.3
+=dev-lang/lua-5.3.3-r1
+
+# Mike Gilbert <floppym@gentoo.org> (04 Mar 2014)
+# Dev channel releases are only for people who are developers or want more
+# experimental features and accept a more unstable release.
+www-plugins/chrome-binary-plugins:unstable
+
+# Justin Lecher <jlec@gentoo.org> (14 Oct 2013)
+# Seems to break all deps - API change?
+>=sci-libs/metis-5
+
+# Michael Weber <xmw@gentoo.org> (17 Jul 2013)
+# Upstream next versions
+>=sys-boot/raspberrypi-firmware-1_pre
+
+# Richard Freeman <rich0@gentoo.org> (24 Mar 2013)
+# Contains known buffer overflows.  Package generally works
+# but should not be fed untrusted input (eg from strangers).
+# Masked to ensure users are aware before they install.
+app-text/cuneiform
+
+# Samuli Suominen <ssuominen@gentoo.org> (06 Mar 2012)
+# Masked for testing since this is known to break nearly
+# every reverse dependency wrt bug 407091
+>=dev-lang/lua-5.2.0
+
+# Samuli Suominen <ssuominen@gentoo.org> (30 Oct 2011)
+# Masked for security bug #294253, use only at your own risk!
+=media-libs/fmod-3*
+
+# Diego E. Pettenò <flameeyes@gentoo.org> (03 Jan 2009)
+# These packages are not supposed to be merged directly, instead
+# please use sys-devel/crossdev to install them.
+dev-libs/cygwin
+dev-util/mingw-runtime
+dev-util/mingw64-runtime
+dev-util/w32api
+sys-libs/newlib
+dev-embedded/avr-libc
+
+# Chris Gianelloni <wolf31o2@gentoo.org> (03 Mar 2008)
+# Masking due to security bug #194607 and security bug #204067
+games-fps/doom3
+games-fps/doom3-cdoom
+games-fps/doom3-chextrek
+games-fps/doom3-data
+games-fps/doom3-demo
+games-fps/doom3-ducttape
+games-fps/doom3-eventhorizon
+games-fps/doom3-hellcampaign
+games-fps/doom3-inhell
+games-fps/doom3-lms
+games-fps/doom3-mitm
+games-fps/doom3-roe
+games-fps/quake4-bin
+games-fps/quake4-data
+games-fps/quake4-demo
+
+# <klieber@gentoo.org> (01 Apr 2004)
+# The following packages contain a remotely-exploitable
+# security vulnerability and have been hard masked accordingly.
+#
+# Please see https://bugs.gentoo.org/show_bug.cgi?id=44351 for more info
+#
+games-fps/unreal-tournament-goty
+games-fps/unreal-tournament-strikeforce
+games-fps/unreal-tournament-bonuspacks
+games-fps/aaut