logo

overlay

My own overlay for experimentations, use with caution, no support is provided git clone https://anongit.hacktivis.me/git/overlay.git/

package.mask (5142B)

    

  1. # Haelwenn (lanodan) Monnier <contact@hacktivis.me> (2025-11-20)
  2. # prebuilt
  3. www-plugins/pdfjs
  5. # Haelwenn (lanodan) Monnier <contact@hacktivis.me> (2025-10-17)
  6. # Unmaintained, several known security issues (double-free, OOB read, …)
  7. # CVE-2017-16516 CVE-2022-24795 CVE-2023-33460
  8. # https://github.com/lloyd/yajl/issues/219
  9. dev-libs/yajl
  11. # Haelwenn (lanodan) Monnier <contact@hacktivis.me> (2025-06-11)
  12. # Non-Free
  13. # https://bugzilla.redhat.com/show_bug.cgi?id=449037
  14. # https://spot.livejournal.com/303000.html?nojs=1
  15. # https://raw.githubusercontent.com/kholtman/afio/21f0408cb3df40e5de3d3fa2698eb6626c57df02/afio_license_issues_v5.txt
  16. app-arch/afio
  18. # Haelwenn (lanodan) Monnier <contact@hacktivis.me> (2025-05-04)
  19. # Avoid forcing libxcrypt in
  20. >=virtual/libcrypt-2
  22. # Haelwenn (lanodan) Monnier <contact@hacktivis.me> (2025-01-29)
  23. # Let's try to reduce the amount of machines contaminated by boost
  24. dev-libs/boost
  26. # Haelwenn (lanodan) Monnier <contact@hacktivis.me> (2024-12-26)
  27. # Last release (14.4.2) in 2015, known CVEs since
  28. # Including 2 heap buffer overflows triggerable from a file:
  29. # CVE-2021-23159, CVE-2021-40426
  30. <media-sound/sox-14.3
  32. # Haelwenn (lanodan) Monnier <contact@hacktivis.me> (2024-06-04)
  33. # Last release (0.8.0) in 2009 with several known bugs
  34. # leading Gentoo to maintain a patchset.
  35. #
  36. # Also no releases since CVE-2016-8859 <https://www.openwall.com/lists/oss-security/2016/10/19/1>
  37. # > Multiple integer overflows in the TRE library and musl libc allow attackers
  38. # > to cause memory corruption via a large number of (1) states or (2) tags,
  39. # > which triggers an out-of-bounds write.
  40. dev-libs/tre
  42. # Haelwenn (lanodan) Monnier <contact@hacktivis.me> (2024-05-23)
  43. # Dropped by Debian maintainers who did the port from NetBSD to Linux
  44. # in favor of bmake
  45. # No gentoo maintainers either
  46. dev-build/pmake
  48. # Haelwenn (lanodan) Monnier <contact@hacktivis.me> (2024-05-06)
  49. # No trust in an allocator with such a broken buildsystem configuration.
  50. # https://queer.hacktivis.me/notice/AhcQTrlYbAHhVftkKu
  51. sys-libs/talloc
  53. # Haelwenn (lanodan) Monnier <contact@hacktivis.me> (2024-04-12)
  54. # No.
  55. app-admin/sudo
  57. # Haelwenn (lanodan) Monnier <contact@hacktivis.me> (2024-02-29)
  58. # Screw language-specific package managers, none of them do proper reviews
  59. # Only exceptions so far are the ones where packaging in gentoo is
  60. # either insane or incomplete such as:
  61. # - npm and others using npmjs.org
  62. # - dev-elixir/hex
  63. dev-python/pip
  64. dev-lua/luarocks
  65. dev-ml/opam
  66. dev-scheme/akku
  67. dev-util/conan
  69. # Haelwenn (lanodan) Monnier <contact@hacktivis.me> (2024-02-14)
  70. # Qt release pace for a chromium fork, effectively a forever:
  71. #   Has security bugs don't use
  72. dev-qt/qtwebengine
  74. # Haelwenn (lanodan) Monnier <contact@hacktivis.me> (2024-01-30)
  75. # Non-uniform small-keyspace crackable passwords by default
  76. # See https://www.openwall.com/lists/oss-security/2012/01/17/5
  77. app-admin/pwgen
  79. # Haelwenn (lanodan) Monnier <contact@hacktivis.me> (2024-01-18)
  80. # Nobody should use imake anymore, X moved off from it in 2005.
  81. # https://lists.x.org/archives/xorg-announce/2024-January/003440.html
  82. x11-misc/imake
  84. # Haelwenn (lanodan) Monnier <contact@hacktivis.me> (2023-08-08)
  85. # https://www.roguelazer.com/blog/surprising-behavior-in-gnu-tar/
  86. app-arch/tar
  88. # Haelwenn (lanodan) Monnier <contact@hacktivis.me> (2023-07-25)
  89. # Dead upstream, known vulnerabilities (CVE-2021-42260)
  90. # Author switched to tinyxml2
  91. dev-libs/tinyxml
  93. # Haelwenn (lanodan) Monnier - 2023-07-09
  94. # Binaries
  95. dev-lang/go-bootstrap
  97. # Haelwenn (lanodan) Monnier <contact@hacktivis.me> 2023-02-03
  98. # No bootstrapping, would need a way to bootstrap dev-lang/fpc
  99. dev-lang/nim
  101. # Haelwenn (lanodan) Monnier <contact@hacktivis.me> 2023-01-30
  102. # No bootstrapping, you're supposed to download the blobs from npmjs.org
  103. # which isn't trustworthy
  104. # https://github.com/microsoft/TypeScript-go
  105. # which will eventually merge in typescript proper should be checked
  106. dev-lang/typescript
  108. # Haelwenn (lanodan) Monnier <contact@hacktivis.me> 2018-12-27
  109. # Bloated, quite insecure (too much trust in other apps, more than paging)
  110. # alternative can be sys-apps/most, see virtual/pager for others
  111. sys-apps/less
  113. # https://www.audacityteam.org/about/desktop-privacy-notice/
  114. # TL;DR: Audacity is now a Surveillance application
  115. media-sound/audacity
  117. # Haelwenn (lanodan) Monnier - 2022-02-05
  118. # Unmaintained, last update in 2016, 2021 is because Arthur Zamarin of gentoo
  119. # made a small fork with few patches on top.
  120. # Also: https://zaitcev.livejournal.com/263602.html - PyPI is not trustworthy
  121. dev-python/nose
  123. # Haelwenn (lanodan) Monnier - 2022-06-02
  124. # Unmaintained, last tarball in 2010, last git update in 2015
  125. # Contains data like IANA which should be kept up-to-date regularly
  126. sys-apps/miscfiles
  128. # Haelwenn (lanodan) Monnier - 2022-07-11
  129. # Dead upsteam, last updated in 2003
  130. # Known security bugs, effectively vague fork by distros
  131. media-libs/id3lib
  133. # Haelwenn (lanodan) Monnier - 2022-07-11
  134. # Dead upsteam, last release in 2016
  135. media-sound/easytag
  137. # Haelwenn (lanodan) Monnier - 2022-08-30
  138. # Open-Core
  139. # https://github.com/danmar/cppcheck/commit/8f386e15fdedff37486c683d933ccc9a1e307388
  140. dev-util/cppcheck