Package Todo Lists

Todo lists are used by the developers when a rebuild of a set of packages is needed. This is common when a library has a version bump, during a toolchain rebuild, or a general cleanup of packages in the repositories. The progress can be tracked here, and completed todo lists can be browsed as well.

Name Creation Date Creator Description Package Count Incomplete Count Status
golang 1.12.8 security rebuild 2019-08-15 Morten Linderud Go has fixed 3 CVEs in relation to the recent HTTP/2 DoS attacks. The list reflects all packages utilizing the `net/http` library and needs to be rebuilt with the current go release. Relevant commits: https://github.com/golang/go/commit/7139b45d1410ded14e1e131151fd8dfc435ede6c https://github.com/golang/go/commit/3226f2d492963d361af9dfc6714ef141ba606713 88 2 Incomplete
Use HTTPS instead of HTTP in URLs 2019-08-05 Filipe Laíns The packages listed contain URLs using HTTP when HTTPS is available. Please update them to use HTTPS. It is possible that some of the flagged URLs are false positives, please check them before making any changes! There's no need to release a new revision of the package, simply commit the changes to trunk. You can find a list of the target URLs here[1]. It contains the maintainer(s) as well as the faulty URLs for each package, so please check it to make sure you got everything. Thank you! [1] https://pkgbuild.com/~ffy00/http-check/all-http-checked-maintainer.txt 456 343 Incomplete
libnm-glib removal 2019-07-29 Jan Alexander Steffens NetworkManager 1.20 is going to be released soon-ish (RC in [testing]) and will drop the deprecated libnm-glib library. Sogrep does not report any links, but we have some dependencies remaining. Please determine which actions we need to take. 4 1 Incomplete
Remove python2-pandas dependency 2019-07-29 Andrzej Giniewicz Starting with Pandas 0.25, Python 2 is no longer supported. To keep repository clean, please remove python2-pandas from any dependencies (hard, optional, check, make). 6 2 Incomplete
Fix 'ttf-font' default font setup 2019-07-11 Jan Alexander Steffens The 'ttf-font' provides is meant to install a package that provides a base font set. For this purpose, the fonts must: 1. be outline fonts (not necessarily TrueType), 2. cover at least Latin1, and 3. have at least three families, one each an alias of: - sans-serif - serif - monospace as determined by fontconfig. Please verify that your packages obey these rules and fix them if necessary. - Some families are covered by upstream config in fontconfig. These include: - Bitstream Vera (60-latin.conf) - DejaVu (60-latin.conf) - Luxi (60-latin.conf) - Free (69-unifont.conf) - Nimbus / URW (30-metric-aliases.conf) - TeX Gyre (30-metric-aliases.conf) - Liberation (30-metric-aliases.conf) - CrOS core (not Caladea or Carlito; 30-metric-aliases.conf) - Old Microsoft fonts (60-latin.conf) - Postscript fonts (60-latin.conf) If your package ships superfluous alias config, you should remove it. - If your package already ships alias config but does not enable it by default, install the symlinks from conf.d to conf.avail required to do so. - If your package has no fontconfig config, take a look at the config in the gnu-free-fonts package as a guideline of how it needs to look. - If your package cannot satisfy the rules, remove the 'ttf-font' provides. Please also take this opportunity to move font files from generic dirs like /usr/share/fonts/TTF to per-package dirs like /usr/share/fonts/$pkgname . This interacts better with fontconfig's cache, which has to rescan an entire dir whenever its contents change. 8 1 Incomplete
Replace legacy python2-sphinx usage with python-sphinx 2019-04-11 Daniel M. Capella Sphinx >=2.0.0 only supports Python 3. Note, there is no need to rip it out: python2-sphinx usage can mostly be replaced with python-sphinx usage which will produce the very same docs even for python2 libraries. 54 44 Incomplete
Phasing out gconf and libglade 2019-03-27 Balló György GConf was used in GNOME 2 as the settings storage daemon. It's deprecated since 2010 in favor of GSettings, and does not receive any fixes since 2013. Libglade is deprecated in favor of GtkBuilder since 2009, and does not receive any fixes since then. After a half year of the proposals[1][2], we try to get rid from these packages. This list contains all applications that depend on these libraries. If the package can be built without these libraries, do so. Otherwise, contact with upstream for a solution, or remove the package. Updated packages can go straight to extra/community. [1] https://lists.archlinux.org/pipermail/arch-dev-public/2018-September/029373.html [2] https://lists.archlinux.org/pipermail/arch-dev-public/2018-September/029378.html 29 4 Incomplete
Die python2, die! 2019-02-16 Allan McRae Python 2 reaches End of Life on 2020-01-01. We currently have >950 python2 modules in the repos. A lot of these are not used by any other package in the repositories. These can be removed. Note the packages in this list have not taken makedepends/checkdepends requirements into account. Check the package page to look for these before removing. 370 175 Incomplete
openmpi 4.0.0 recheck/rebuild (MPI-1 symbols removal) 2019-02-14 Levente Polyak OpenMPI prototypes for several MPI-1 symbols that were deleted in the MPI-3.0 specification (which was published in 2012) and marked deprecated since 2.0 are no longer available in OpenMPI 4.0. This has happened without soname bumps and openmpi 4.0 is already in [extra] so please push possible changes straight to the repos. Please check and possibly rebuild your packages, backporting upstream fixes or small patches may be needed. Exmaple: MPI_Type_extent has been superseded by MPI_Type_get_extent https://www.open-mpi.org/doc/v4.0/man3/MPI_Type_extent.3.php 15 2 Incomplete
.pyc files in another python version 2019-01-30 Felix Yan The packages either need a simple rebuild or some more fixes to include pyc files of the correct python version: Python 3.6 .pyc that we don't have already: community/cordova 8.1.2-1 usr/lib/node_modules/cordova/node_modules/jasmine-core/images/__pycache__/__init__.cpython-36.pyc community/gloobus-preview 0.4.5.335-3 usr/share/gloobus/__pycache__/gloobus-sushi.cpython-36.pyc community/ibus-libpinyin 1.10.0-1 usr/share/ibus-libpinyin/setup/__pycache__/config.cpython-36.pyc usr/share/ibus-libpinyin/setup/__pycache__/dicttreeview.cpython-36.pyc ... community/phonegap 8.2.2-2 usr/lib/node_modules/phonegap/node_modules/jasmine-core/images/__pycache__/__init__.cpython-36.pyc community/python-invoke 1.2.0-1 usr/lib/python3.7/site-packages/invoke/completion/__pycache__/__init__.cpython-36.pyc usr/lib/python3.7/site-packages/invoke/completion/__pycache__/complete.cpython-36.pyc community/python2-invoke 1.2.0-1 usr/lib/python2.7/site-packages/invoke/completion/__pycache__/__init__.cpython-36.pyc usr/lib/python2.7/site-packages/invoke/completion/__pycache__/complete.cpython-36.pyc community/python2-pygame 1.9.4-1 usr/lib/python2.7/site-packages/pygame/examples/__pycache__/__init__.cpython-36.pyc usr/lib/python2.7/site-packages/pygame/examples/__pycache__/testsprite.cpython-36.pyc ... community/vim-jedi 0.9.0-1 usr/share/vim/vimfiles/pythonx/__pycache__/jedi_vim.cpython-36.pyc Python 2 package contains Python 3.7 .pyc: community/python2-cram 0.7-3 usr/lib/python2.7/site-packages/cram/__pycache__/__init__.cpython-37.pyc usr/lib/python2.7/site-packages/cram/__pycache__/_cli.cpython-37.pyc .... community/python2-execnet 1.5.0-2 usr/lib/python2.7/site-packages/execnet/__pycache__/gateway_base.cpython-37.pyc community/python2-zope-schema 4.9.3-1 usr/lib/python2.7/site-packages/zope/__pycache__/__init__.cpython-37.pyc usr/lib/python2.7/site-packages/zope/schema/__pycache__/__init__.cpython-37.pyc 11 2 Incomplete
D-Bus policy in /usr/share/dbus-1/system.d instead of /etc/dbus-1/system.d 2019-01-12 Bruno Pagani The former is the default one for packaging, the second should be left empty for user overriding. Some packages allow to change that by using e.g. --with-dbuspolicydir, but if no such option is available, just move the files manually in package(). No need to go through [staging]. 60 8 Incomplete
Missing build depends in python packages 2019-01-01 Eli Schwartz Many packages which use the setup_requires keyword can download their dependencies from PyPI during the build stage; this should never be happening as dependencies should be properly specified in makedepends. Common things to look for: - requirement for pbr. - requirement for setuptools_scm. makedepends can be switched from python-setuptools to python-setuptools-scm - requirement for pytest-runner. In this case, python-pytest-runner must be specified in makedepends, not checkdepends Packages were discovered due to archlinux32 or reproducible builds failures when building without network connectivity. 24 3 Incomplete
Switch to systemd-sysusers 2017-12-15 Bruno Pagani We are fully embracing the use of systemd-sysusers to create system users and groups required by packages. The filesystem package has been switched to this, now is the turn of every other package having not yet switched. You mostly need to provide an accurate sysusers.d file (see https://www.freedesktop.org/software/systemd/man/sysusers.d.html) and have you package install it under /usr/lib/sysusers.d/<pkgname>.conf. You can also (thanks @heftig) do a one liner (in most cases) from the install() function like this (replacing <sysusers.d content> with the actual content): echo '<sysusers.d content>' | install -Dm644 /dev/stdin "$pkgdir"/usr/lib/sysusers.d/$pkgname.conf You can see several examples in the unbound, couchdb or stubby packages. Once done, you might even be able to remove the .install file (we have hook to run systemd-sysusers). Don’t hesitate to ask me if you’re unsure. ;) Some cases might be tricky. Generated on orion.archlinux.org with: grep --files-with-matches useradd /srv/svntogit/repos/*/*/trunk/* grep --files-with-matches groupadd /srv/svntogit/repos/*/*/trunk/* There might be false detections, just mark as done then. P.S.: I initially started by opening issues for some packages while providing the correct sysusers file, so if your package is concerned just look at your assigned issues. 87 3 Incomplete
Remove js185 from the repos 2017-07-10 Jelle van der Waa js185 is the legacy version of the JavaScript interpreter, it has numerous security issues therefore packages should update to js or js38 where possible. 4 1 Incomplete
Rebuild for KDE Applications 19.08 2019-08-20 Felix Yan There are incompatible changes in cantor, libkgapi and kcontacts. Please fix and rebuild the packages into testing repos. 9 0 Complete
Electron 6 2019-08-01 Nicola Squartini This should be an easy transition. Check your packages and push to [community-staging]. 6 0 Complete
scons/python2-scons split 2019-07-26 David Runge Scons is now python3 based, whereas the split package python2-scons remains as a compatibility package (for now). Please test, whether your dependant package can be built with scons. If it can only be built with python2-scons (note, that the executable name has changed to `scons2`), please report a bug upstream and use the python2 version of the build tool, until the package was fixed (upstream or in packaging). All rebuilt/fixed packages go to staging/community-staging. 17 0 Complete
botan 2.11 rebuild 2019-07-20 Antonio Rojas Packages go to [staging] 5 0 Complete
gpsd 3.19 rebuild 2019-07-19 Antonio Rojas Packages go to [staging] 6 0 Complete
Nodejs 12 rebuild 2019-07-09 Felix Yan This todo includes binary packages that currently don't build with the new nodejs. 2 0 Complete
x265 3.1 2019-06-27 Maxime Gauduin Same soname bump as usual, I'll probably have time to rebuild everything. 7 0 Complete
Qt 5.13 rebuild 2019-06-19 Antonio Rojas The following packages fail to build with Qt 5.13. Please fix them and push the rebuilt packages to [staging] 6 0 Complete
gdal 3.0.0 and proj 6.1.0 rebuild 2019-06-16 Jaroslav Lichtblau libgdal.so.20 -> .26 libproj.so.13 -> .15 Packages to [staging] 13 0 Complete
libnftnl 1.1.3 + iptables 1.8.3 rebuild 2019-06-10 Bartłomiej Piotrowski Packages go to [staging]/[community-staging]. 10 0 Complete
libgit2 0.28.2 2019-06-08 David Runge libgit2 0.28.2 is now in [staging]. No complications are expected with the dependants, but you never know... ;-) Rebuilds/updates go to [staging]/[community-staging] as usual. 10 0 Complete
java-openjfx 11.0.3.u1 and java8-openjfx 8.u202 2019-06-03 Maxime Gauduin It's been requested several times that we update our java-openjfx package, and Guillaume has been MIA for a while so let's have at it. All packages go to staging, packages depending on jdk8 (all of them, that is) should use the newly created java8-openjfx instead. 5 0 Complete
Perl 5.30 rebuild failures 2019-05-26 Florian Pritz The packages in this list failed to build during the perl 5.30 rebuild with non-trivial failures. Build logs are available here: https://rebuilds.foutrelis.com/ If you have a fixed PKGBUILD that can be built against [staging], commit it to svn and retry the build via the rebuild website. If you push it manually, we'd have to manually update the website. Notes for packages: - perl-json-any: potential fix in https://github.com/karenetheridge/JSON-Any/pull/2 - subversion: https://bugs.archlinux.org/task/62513 6 0 Complete
GCC 9 rebuild 2019-05-23 Antonio Rojas libgo.so.13 -> 14 3 0 Complete
libdc1394 2.2.6 rebuild 2019-05-22 Antonio Rojas Packages go to [staging] 4 0 Complete
cfitsio 3.47 rebuild 2019-05-22 Antonio Rojas Packages go to [staging] as usual 12 0 Complete
Electron 5 2019-04-25 Nicola Squartini Packages with native modules need to be rebuilt. Push to [community-staging]. I also added a new package electron4 in [community-staging] for those package that cannot depend on 5 for the reason in [1] (e.g. atom). [1]: https://electronjs.org/blog/nodejs-native-addons-and-electron-5 10 0 Complete
botan 2.10 2019-04-14 Alexander Rødseth New .so version of the Botan crypto library. Rebuilds go to staging, please. 5 0 Complete
opencv 4.1 rebuild 2019-04-08 Antonio Rojas Packages go to [staging] 11 0 Complete
x264 157 rebuild 2019-03-27 Maxime Gauduin libx264.so=155-64 -> libx264.so=157-64 The usual stuff, I'll probably have time to rebuild everything. 12 0 Complete
LLVM 8 2019-03-26 Evangelos Foutras libLLVM-7.0.so -> libLLVM-8.0.so libclang*.so.7 -> libclang*.so.8 As always, some breakage is expected. 33 0 Complete
wxgtk 3.1 rebuild 2019-03-25 Antonio Rojas wxgtk just invented the concept of "development version ready for production" [1] - updating should bring some improvements such as better high dpi support. Packages go to [staging] [1] https://wxwidgets.org/news/2018/12/wxwidgets-3.1.2-released/ [CANCELLED] Not such a good idea after all, not everything is ready yet. 0 0 Complete
Electron 4 2019-03-19 Nicola Squartini After a long wait, here comes Electron 4! Packages with native modules need a rebuild. If your package doesn't work with Electron 4 and there is no easy patch, please let me know and I will build a temporary electron3 package. Push to [community-staging]. 9 0 Complete
netcdf 4.6.3 + hdf5 1.10.5 2019-03-16 Bruno Pagani libnetcdf.so.13 → libnetcdf.so.15 In a patch-level release, yes. They try to concurrence hdf5. hdf5 still affected by FS#60567, even if for once they managed to not break ABI in a patch level release (well after that was pointed during rc stage) Since 80% of the list is common, let’s do only one rebuild. Packages go in [staging] as usual. 25 0 Complete
double-conversion 3.1.3 2019-03-08 Antonio Rojas packages go to [staging] 5 0 Complete
protobuf 3.7.0 rebuild 2019-03-03 Lukas Fleischer Please rebuild affected packages and move them to [staging]/[community-staging]. 31 0 Complete
projectm 3.x rebuilds 2019-02-24 Ike Devolder This is a major update of projectm, there are some packages which optionally depend on projectm, those should be rebuilt projectm 3.x is already in community-testing 4 0 Complete
libnfs 4.0 verification 2019-02-24 Ike Devolder libnfs 4.0 did come with a soname bump libnfs 4.x is already in community-testing 5 0 Complete
Fluidsynth > 2.0.0 2019-02-16 David Runge Fluidsynth has changed its API slightly with its 2.0.0 release. Most applications have been patched and should be able to rebuild (to my knowledge). Candidates go to staging. In the (unlikely) case the upstream project has not been patched to deal with the minor API changes yet, consider dropping support for it, or getting in touch with upstream about it. 16 0 Complete
qscintilla 2.11.1 rebuild 2019-02-10 Antonio Rojas Packages go to [community-staging] 4 0 Complete
PyQtWebEngine split 2019-02-10 Antonio Rojas Starting from PyQt 5.12, PyQtWebEngine is in a separate python{,2}-pyqtwebengine package. This split package is now in [testing]. Check if your application depends on it after updating PyQt to 5.12. If it doesn't, remove it from the list (do not just mark it as done). If it does, add the dependency and push the rebuilt package to [testing]. 5 0 Complete
libvpx 1.8.0 2019-02-05 Maxime Gauduin usr/lib/libvpx.so.5 => usr/lib/libvpx.so.6 Please push to staging & cie. 15 0 Complete
x265 3.0 2019-01-26 Maxime Gauduin The usual soname bump, will handle all packages. 7 0 Complete
Golang staticlibs + security rebuild 2019-01-24 Eli Schwartz Go 1.11.5 has been released and in order to take advantage of the updated runtime, all packages that makedepend on go or go-pie must be rebuilt. This is due to the statically built nature of the language. Of particular importance is CVE-2019-6486, which this release of Go will fix. All packages currently in the rebuild list import the vulnerable code and must be rebuilt for security purposes. This TODO may be updated later to include all packages that could benefit from a rebuild without a specific security issue associated. If there are any questions, ask me or Foxboron for details. 52 0 Complete
Use https in the url field 2019-01-24 Filipe Laíns The packages in this TODO list aren't using https in the 'url' field but it is avaliable. Details can be found here: https://pkgbuild.com/~ffy00/url-http-check/all-url-checked-maintainer.txt 1676 0 Complete
http-parser 2.9 rebuild 2018-12-28 Bruno Pagani libhttp_parser.so=2.8-64 | libhttp_parser.so=2.9-64 6 0 Complete