## Package Todo Lists

Todo lists are used by the developers when a rebuild of a set of packages is needed. This is common when a library has a version bump, during a toolchain rebuild, or a general cleanup of packages in the repositories. The progress can be tracked here, and completed todo lists can be browsed as well.

Name Creation Date Creator Description Package Count Incomplete Count Status
x265 3.2 2019-10-13 Maxime Gauduin New x265, new rebuild, will handle everything as usual. 7 7 Incomplete
base group removal 2019-10-06 Robin Broda The base group has been replaced by a base metapackage. Packages currently in the base group should drop the group. This does not require a rebuild, as it doesn't cause any issues. 50 22 Incomplete
golang 1.13.1 security rebuild 2019-10-04 Eli Schwartz Go 1.13.1 has been released and in order to take advantage of the updated runtime, all packages that makedepend on go or go-pie must be rebuilt. This is due to the statically built nature of the language. This release of Go in particular contains one change from 1.13, fixing CVE-2019-16276. The rebuild list reflects all packages utilizing the net/http or net/textproto library (and therefore importing the vulnerable code) which must be rebuilt for security purposes. For more details see: https://github.com/golang/go/compare/go1.13...go1.13.1 https://github.com/golang/go/commit/5a6ab1ec3e678640befebeb3318b746a64ad986c https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16276 68 21 Incomplete
Fix unquoted variables which break building the package in certain scenarios 2019-09-20 Robin Broda These packages have unquoted variables to paths which can contain spaces, this will lead to word-splitting during variable expansion and break the building of these packages. This is a packaging bug, fixes do not require a rebuild and can simply go to trunk. 549 375 Incomplete
Packaging qtwebengine dictionaries 2019-09-08 Eli Schwartz As discussed in https://lists.archlinux.org/pipermail/arch-dev-public/2019-August/029648.html and https://lists.archlinux.org/pipermail/arch-dev-public/2019-September/029666.html, we would like to begin packaging qtwebengine dictionaries matching each hunspell dictionary in the repos. Each of the packages in this list provides one or more .dic files. In order to build qtwebengine dictionaries: - add a makedepends on qt5-webengine - run qwebengine_convert_dict foo.dic foo.bdic for each .dic in the source tree - package each .bdic file in /usr/share/qt/qtwebengine_dictionaries/ - for each .dic symlink installed (if any), install the corresponding .bdic symlink 34 3 Incomplete
Replace legacy python2-sphinx usage with python-sphinx 2019-04-11 Daniel M. Capella Sphinx >=2.0.0 only supports Python 3. Note, there is no need to rip it out: python2-sphinx usage can mostly be replaced with python-sphinx usage which will produce the very same docs even for python2 libraries. 54 44 Incomplete
Phasing out gconf and libglade 2019-03-27 Balló György GConf was used in GNOME 2 as the settings storage daemon. It's deprecated since 2010 in favor of GSettings, and does not receive any fixes since 2013. Libglade is deprecated in favor of GtkBuilder since 2009, and does not receive any fixes since then. After a half year of the proposals[1][2], we try to get rid from these packages. This list contains all applications that depend on these libraries. If the package can be built without these libraries, do so. Otherwise, contact with upstream for a solution, or remove the package. Updated packages can go straight to extra/community. [1] https://lists.archlinux.org/pipermail/arch-dev-public/2018-September/029373.html [2] https://lists.archlinux.org/pipermail/arch-dev-public/2018-September/029378.html 29 4 Incomplete
Die python2, die! 2019-02-16 Allan McRae Python 2 reaches End of Life on 2020-01-01. We currently have >950 python2 modules in the repos. A lot of these are not used by any other package in the repositories. These can be removed. Note the packages in this list have not taken makedepends/checkdepends requirements into account. Check the package page to look for these before removing. 370 142 Incomplete
D-Bus policy in /usr/share/dbus-1/system.d instead of /etc/dbus-1/system.d 2019-01-12 Bruno Pagani The former is the default one for packaging, the second should be left empty for user overriding. Some packages allow to change that by using e.g. --with-dbuspolicydir, but if no such option is available, just move the files manually in package(). No need to go through [staging]. 60 7 Incomplete
Switch to systemd-sysusers 2017-12-15 Bruno Pagani We are fully embracing the use of systemd-sysusers to create system users and groups required by packages. The filesystem package has been switched to this, now is the turn of every other package having not yet switched. You mostly need to provide an accurate sysusers.d file (see https://www.freedesktop.org/software/systemd/man/sysusers.d.html) and have you package install it under /usr/lib/sysusers.d/<pkgname>.conf. You can also (thanks @heftig) do a one liner (in most cases) from the install() function like this (replacing <sysusers.d content> with the actual content): echo '<sysusers.d content>' | install -Dm644 /dev/stdin "$pkgdir"/usr/lib/sysusers.d/$pkgname.conf You can see several examples in the unbound, couchdb or stubby packages. Once done, you might even be able to remove the .install file (we have hook to run systemd-sysusers). Don’t hesitate to ask me if you’re unsure. ;) Some cases might be tricky. Generated on orion.archlinux.org with: grep --files-with-matches useradd /srv/svntogit/repos/*/*/trunk/* grep --files-with-matches groupadd /srv/svntogit/repos/*/*/trunk/* There might be false detections, just mark as done then. P.S.: I initially started by opening issues for some packages while providing the correct sysusers file, so if your package is concerned just look at your assigned issues. 87 2 Incomplete
Remove js185 from the repos 2017-07-10 Jelle van der Waa js185 is the legacy version of the JavaScript interpreter, it has numerous security issues therefore packages should update to js or js38 where possible. 4 1 Incomplete
LLVM 9 2019-10-04 Evangelos Foutras libLLVM-8.so -> libLLVM-9.so libclang*.so.8 -> libclang*.so.9 liblld*.so.8 -> liblld*.so.9 I'll add an llvm8 package if needed. 38 0 Complete
protobuf 3.10 rebuild 2019-10-03 Lukas Fleischer Please rebuild affected packages and move them to [staging]/[community-staging]. 36 0 Complete
jedi 0.15 update 2019-09-20 Sven-Hendrik Haase jedi has tons of breaking changes every update. Probably things are broken now in [testing]. Please test your packages and approve them if they are happy against jedi 0.15. 6 0 Complete
boost 1.71 remaining rebuilds 2019-09-20 Levente Polyak Please check https://rebuilds.foutrelis.com/?all for current build logs and put fixed versions into [staging]. I assume mapnik will need a side-installable legacy boost 1.69 2 0 Complete
jsoncpp 1.9.1 soname bump (plus add soname depends on libjsoncpp.so) 2019-09-13 Levente Polyak Please rebuild into [staging] Please also add a depends on libjsoncpp.so to avoid breakage upgrades 9 0 Complete
GNOME 3.34 bumps 2019-09-13 Jan Alexander Steffens GNOME 3.34 is in [staging] and bumped a few libraries: libgnome-desktop-3.so.18 libebook-1.2.so.20 libebook-contacts-1.2.so.3 libecal-2.0.so.1 libedata-book-1.2.so.26 libedata-cal-2.0.so.1 35 0 Complete
libcli 1.10.0 soname bump 2019-09-12 Levente Polyak Please rebuild the following packages against [staging] Please also add libcli.so as a soname dependency :) 1 0 Complete
glslang 7.12.3352-1 ABI rebuild 2019-09-11 Levente Polyak Looks like there was an ABI breakage in glslang 7.12.3352-1 with no soname handling on their side. Please rebuild the following packages Related to: https://bugs.archlinux.org/task/63720 3 0 Complete
MathJax 3 2019-09-04 Antonio Rojas In the unlikely case that your application supports mathjax 3 already, just mark it as done. Otherwise, change the dependency to mathjax2 and adjust the mathjax path to /usr/share/mathjax2 in the PKGBUILD Packages go to [staging] 6 0 Complete
fmt 6.0.0 rebuild 2019-08-26 Maxime Gauduin Upstream fmt just pushed a new version, time to rebuild! libfmt.so.5 -> libfmt.so.6 6 0 Complete
Rebuild for KDE Applications 19.08 2019-08-20 Felix Yan There are incompatible changes in cantor, libkgapi and kcontacts. Please fix and rebuild the packages into testing repos. 9 0 Complete
golang 1.12.8 security rebuild 2019-08-15 Morten Linderud Go has fixed 3 CVEs in relation to the recent HTTP/2 DoS attacks. The list reflects all packages utilizing the net/http library and needs to be rebuilt with the current go release. Relevant commits: https://github.com/golang/go/commit/7139b45d1410ded14e1e131151fd8dfc435ede6c https://github.com/golang/go/commit/3226f2d492963d361af9dfc6714ef141ba606713 88 0 Complete
Use HTTPS instead of HTTP in URLs 2019-08-05 Filipe Laíns The packages listed contain URLs using HTTP when HTTPS is available. Please update them to use HTTPS. It is possible that some of the flagged URLs are false positives, please check them before making any changes! There's no need to release a new revision of the package, simply commit the changes to trunk. You can find a list of the target URLs here[1]. It contains the maintainer(s) as well as the faulty URLs for each package, so please check it to make sure you got everything. Thank you! [1] https://pkgbuild.com/~ffy00/http-check/all-http-checked-maintainer.txt 456 0 Complete
Electron 6 2019-08-01 Nicola Squartini This should be an easy transition. Check your packages and push to [community-staging]. 6 0 Complete
libnm-glib removal 2019-07-29 Jan Alexander Steffens NetworkManager 1.20 is going to be released soon-ish (RC in [testing]) and will drop the deprecated libnm-glib library. Sogrep does not report any links, but we have some dependencies remaining. Please determine which actions we need to take. 4 0 Complete
Remove python2-pandas dependency 2019-07-29 Andrzej Giniewicz Starting with Pandas 0.25, Python 2 is no longer supported. To keep repository clean, please remove python2-pandas from any dependencies (hard, optional, check, make). 4 0 Complete
scons/python2-scons split 2019-07-26 David Runge Scons is now python3 based, whereas the split package python2-scons remains as a compatibility package (for now). Please test, whether your dependant package can be built with scons. If it can only be built with python2-scons (note, that the executable name has changed to scons2), please report a bug upstream and use the python2 version of the build tool, until the package was fixed (upstream or in packaging). All rebuilt/fixed packages go to staging/community-staging. 17 0 Complete
botan 2.11 rebuild 2019-07-20 Antonio Rojas Packages go to [staging] 5 0 Complete
gpsd 3.19 rebuild 2019-07-19 Antonio Rojas Packages go to [staging] 6 0 Complete
Fix 'ttf-font' default font setup 2019-07-11 Jan Alexander Steffens The 'ttf-font' provides is meant to install a package that provides a base font set. For this purpose, the fonts must: 1. be outline fonts (not necessarily TrueType), 2. cover at least Latin1, and 3. have at least three families, one each an alias of: - sans-serif - serif - monospace as determined by fontconfig. Please verify that your packages obey these rules and fix them if necessary. - Some families are covered by upstream config in fontconfig. These include: - Bitstream Vera (60-latin.conf) - DejaVu (60-latin.conf) - Luxi (60-latin.conf) - Free (69-unifont.conf) - Nimbus / URW (30-metric-aliases.conf) - TeX Gyre (30-metric-aliases.conf) - Liberation (30-metric-aliases.conf) - CrOS core (not Caladea or Carlito; 30-metric-aliases.conf) - Old Microsoft fonts (60-latin.conf) - Postscript fonts (60-latin.conf) If your package ships superfluous alias config, you should remove it. - If your package already ships alias config but does not enable it by default, install the symlinks from conf.d to conf.avail required to do so. - If your package has no fontconfig config, take a look at the config in the gnu-free-fonts package as a guideline of how it needs to look. - If your package cannot satisfy the rules, remove the 'ttf-font' provides. Please also take this opportunity to move font files from generic dirs like /usr/share/fonts/TTF to per-package dirs like /usr/share/fonts/\$pkgname . This interacts better with fontconfig's cache, which has to rescan an entire dir whenever its contents change. 8 0 Complete
Nodejs 12 rebuild 2019-07-09 Felix Yan This todo includes binary packages that currently don't build with the new nodejs. 2 0 Complete
x265 3.1 2019-06-27 Maxime Gauduin Same soname bump as usual, I'll probably have time to rebuild everything. 7 0 Complete
Qt 5.13 rebuild 2019-06-19 Antonio Rojas The following packages fail to build with Qt 5.13. Please fix them and push the rebuilt packages to [staging] 6 0 Complete
gdal 3.0.0 and proj 6.1.0 rebuild 2019-06-16 Jaroslav Lichtblau libgdal.so.20 -> .26 libproj.so.13 -> .15 Packages to [staging] 13 0 Complete
libnftnl 1.1.3 + iptables 1.8.3 rebuild 2019-06-10 Bartłomiej Piotrowski Packages go to [staging]/[community-staging]. 10 0 Complete
libgit2 0.28.2 2019-06-08 David Runge libgit2 0.28.2 is now in [staging]. No complications are expected with the dependants, but you never know... ;-) Rebuilds/updates go to [staging]/[community-staging] as usual. 10 0 Complete
java-openjfx 11.0.3.u1 and java8-openjfx 8.u202 2019-06-03 Maxime Gauduin It's been requested several times that we update our java-openjfx package, and Guillaume has been MIA for a while so let's have at it. All packages go to staging, packages depending on jdk8 (all of them, that is) should use the newly created java8-openjfx instead. 5 0 Complete
Perl 5.30 rebuild failures 2019-05-26 Florian Pritz The packages in this list failed to build during the perl 5.30 rebuild with non-trivial failures. Build logs are available here: https://rebuilds.foutrelis.com/ If you have a fixed PKGBUILD that can be built against [staging], commit it to svn and retry the build via the rebuild website. If you push it manually, we'd have to manually update the website. Notes for packages: - perl-json-any: potential fix in https://github.com/karenetheridge/JSON-Any/pull/2 - subversion: https://bugs.archlinux.org/task/62513 6 0 Complete
GCC 9 rebuild 2019-05-23 Antonio Rojas libgo.so.13 -> 14 3 0 Complete
libdc1394 2.2.6 rebuild 2019-05-22 Antonio Rojas Packages go to [staging] 4 0 Complete
cfitsio 3.47 rebuild 2019-05-22 Antonio Rojas Packages go to [staging] as usual 12 0 Complete
Electron 5 2019-04-25 Nicola Squartini Packages with native modules need to be rebuilt. Push to [community-staging]. I also added a new package electron4 in [community-staging] for those package that cannot depend on 5 for the reason in [1] (e.g. atom). [1]: https://electronjs.org/blog/nodejs-native-addons-and-electron-5 10 0 Complete
botan 2.10 2019-04-14 Alexander Rødseth New .so version of the Botan crypto library. Rebuilds go to staging, please. 5 0 Complete
opencv 4.1 rebuild 2019-04-08 Antonio Rojas Packages go to [staging] 11 0 Complete
x264 157 rebuild 2019-03-27 Maxime Gauduin libx264.so=155-64 -> libx264.so=157-64 The usual stuff, I'll probably have time to rebuild everything. 12 0 Complete
LLVM 8 2019-03-26 Evangelos Foutras libLLVM-7.0.so -> libLLVM-8.0.so libclang*.so.7 -> libclang*.so.8 As always, some breakage is expected. 33 0 Complete
wxgtk 3.1 rebuild 2019-03-25 Antonio Rojas wxgtk just invented the concept of "development version ready for production" [1] - updating should bring some improvements such as better high dpi support. Packages go to [staging] [1] https://wxwidgets.org/news/2018/12/wxwidgets-3.1.2-released/ [CANCELLED] Not such a good idea after all, not everything is ready yet. 0 0 Complete
Electron 4 2019-03-19 Nicola Squartini After a long wait, here comes Electron 4! Packages with native modules need a rebuild. If your package doesn't work with Electron 4 and there is no easy patch, please let me know and I will build a temporary electron3 package. Push to [community-staging]. 9 0 Complete
netcdf 4.6.3 + hdf5 1.10.5 2019-03-16 Bruno Pagani libnetcdf.so.13 → libnetcdf.so.15 In a patch-level release, yes. They try to concurrence hdf5. hdf5 still affected by FS#60567, even if for once they managed to not break ABI in a patch level release (well after that was pointed during rc stage) Since 80% of the list is common, let’s do only one rebuild. Packages go in [staging] as usual. 25 0 Complete