Packages

Since Linux 4.14, the in-tree kernel firmware was dropped[0][1], and Hyperbola uses linux-libre-lts-firmware from 4.9 which still supports that firmware.

However, I’d like to request upgrading to the new libre replacement of linux-firmware.git: linux-libre-firmware[2][3].

This version has no LTS releases (well, firmwares commonly don’t have LTS versions and the in-tree firmware was always the same in post-4.9 generations), but it has the same firmwares as Linux-libre-lts plus some others.

This is the list of firmware files in linux-libre-lts-firmware and its dependencies:

linux-libre-lts-firmware
---
/usr/lib/firmware/av7110/bootcode.bin
/usr/lib/firmware/dsp56k/bootstrap.bin
/usr/lib/firmware/keyspan_pda/keyspan_pda.fw
/usr/lib/firmware/keyspan_pda/xircom_pgs.fw

ath9k-htc-firmware
---
/usr/lib/firmware/htc_7010.fw
/usr/lib/firmware/htc_9271.fw

openfwwf
---
/usr/lib/firmware/b43-open/b0g0bsinitvals5.fw
/usr/lib/firmware/b43-open/b0g0initvals5.fw
/usr/lib/firmware/b43-open/ucode5.fw

And here are the firmware files of the new linux-libre-firmware:

linux-libre-firmware
---
/usr/lib/firmware/av7110/bootcode.bin
/usr/lib/firmware/b43-open/b0g0bsinitvals5.fw
/usr/lib/firmware/b43-open/b0g0initvals5.fw
/usr/lib/firmware/b43-open/ucode5.fw
/usr/lib/firmware/carl9170-1.fw
/usr/lib/firmware/cis/3CCFEM556.cis
/usr/lib/firmware/cis/3CXEM556.cis
/usr/lib/firmware/cis/COMpad2.cis
/usr/lib/firmware/cis/COMpad4.cis
/usr/lib/firmware/cis/DP83903.cis
/usr/lib/firmware/cis/LA-PCM.cis
/usr/lib/firmware/cis/MT5634ZLX.cis
/usr/lib/firmware/cis/NE2K.cis
/usr/lib/firmware/cis/PCMLM28.cis
/usr/lib/firmware/cis/PE-200.cis
/usr/lib/firmware/cis/PE520.cis
/usr/lib/firmware/cis/RS-COM-2P.cis
/usr/lib/firmware/cis/SW_555_SER.cis
/usr/lib/firmware/cis/SW_7xx_SER.cis
/usr/lib/firmware/cis/SW_8xx_SER.cis
/usr/lib/firmware/cis/tamarack.cis
/usr/lib/firmware/dsp56k/bootstrap.bin
/usr/lib/firmware/htc_7010.fw
/usr/lib/firmware/htc_9271.fw
/usr/lib/firmware/isci/isci_firmware.bin
/usr/lib/firmware/keyspan_pda/keyspan_pda.fw
/usr/lib/firmware/keyspan_pda/xircom_pgs.fw
/usr/lib/firmware/usbdux_firmware.bin
/usr/lib/firmware/usbduxfast_firmware.bin
/usr/lib/firmware/usbduxsigma_firmware.bin

It has openfwwf and ath9k-htc-firmware included, plus some others. If actual versions of Hyperbola don’t get the update at least consider it for future releases. You can get the new PKGBUILD[4] and its new build dependencies at Parabola’s abslibre.git libre tree[5]

The new dependencies are:

• sh-elf-gcc (which depends on sh-elf-binutils)

• sh-elf-newlib

• arm-linux-gnueabi-gcc (which depends on arm-linux-gnueabi-binutils)

• xtensa-unknown-elf-gcc (already at Hyperbola)

Sources:

[0] https://www.phoronix.com/scan.php?page=news_item&px=Linux-4.14-Migrates-Out-FW
[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b38923a068c10fc36ca8f596d650d095ce390b85
[2] https://jxself.org/firmware/
[3] https://jxself.org/git/?p=linux-libre-firmware.git
[4] https://git.parabola.nu/abslibre.git/tree/libre/linux-libre-firmware
[5] https://git.parabola.nu/abslibre.git/tree/libre

Updated Note:

Since Linux-libre-firmware contains a lot of independent firmware, tools and assembly projects, it should be built from its official tarball separately and create a group called kernel-firmware to follow the our packaging guidelines. Tools and assembly projects shouldn’t be included in kernel-firmware since those ones are firmware dependencies.

Please, replace avideo-lts with youtube-dl. avideo-lts haven’t seen any updates for almost a year and is probably abandoned. Also Stallman confirmed youtube-dl doesn’t execute any non-free JavaScript, so its inclusion doesn’t go against Social Contract.

Description:

• replace deprecated GNU Bazaar to Brezy for Canis Major

Additional info:

• bzr 2.7.0-2
• GNU Bazaar will be unmaintained (for now, there are only bug fixes)
• GNU Bazaar only supports Python 2.
• Python 2.7 is the end of the Python 2 line of development. [0]
• There never will be an official Python 2.8 release.
• Or use Tauthon (fork of Python 2.7) as dependency.

Note: It needs a provide: bazaar and brezy

Steps to reproduce:

• broken package

Description:

• replace deprecated Python 2 to Tauthon for Canis Major

Additional info:

• python 2.7.14-2.hyperbola1
• Python 2.7 is the end of the Python 2 line of development. [0]
• There never will be an official Python 2.8 release.

Steps to reproduce:

• Broken python2 packages.

What do you think ? Avideo is not updated anymore, can’t we use regular youtube-dl instead as RMS himself say :

“youtube-dl is okay to be in the Directory because it does not actually execute nonfree JS as we first suspected.”

Source : https://directory.fsf.org/wiki/Youtube-dl Also : https://github.com/fent/node-ytdl-core/issues/222

Description: Concurrent package ossp in version 1.3.2-15 has got dependencies to systemd, which is contradicting the whole distribution and the used INIT-system. Therefore my request to port this to OpenRC!

Additional info:
* package version(s) 1.3.2-15

Description: The package spamassassin has no further init-script for OpenRC and instead includes service-definitions for systemd

Additional info:
* package version(s) 3.4.1-7

Description: The package opendkim has no further init-script for OpenRC and instead includes service-definitions for systemd

Additional info:
* package version(s) 2.10.3-4

Description:

I used to be under the
impression that youtube-dl executes proprietary JavaScript, but I now
understand that it only *parses* the JavaScript to find the URL for some
videos. It doesn’t actually run the JavaScript, so it’s not a freedom
issue.

Youtube-dl only executes regular expressions [0][1][2]

you also remove the files that are just for testing [3][4][5][6][7]
and when compiling the program with libretools the test files are not placed[8]

I have consulted with other programmers and we have reached the same conclusion. Youtube-dl does not execute JS non-free, it only extracts the JS to read through python the URL‘s of some videos.[9][10]

The issues that I see with youtube-dl are rather in their form of development because it changes at every moment

Additional info:

- [0]: https://github.com/ytdl-org/youtube-dl/blob/master/youtube_dl/jsinterp.py#L12

- [1]: https://github.com/ytdl-org/youtube-dl/blob/master/youtube_dl/jsinterp.py#L132

- [2]: https://github.com/ytdl-org/youtube-dl/blob/master/youtube_dl/swfinterp.py#L391

- [3]: https://github.com/ytdl-org/youtube-dl/tree/master/test/swftests/

- [4]: https://github.com/ytdl-org/youtube-dl/blob/master/test/test_iqiyi_sdk_interpreter.py

- [5]: https://github.com/ytdl-org/youtube-dl/blob/master/test/test_jsinterp.py

- [6]: https://github.com/ytdl-org/youtube-dl/blob/master/test/test_swfinterp.py

- [7]: https://github.com/ytdl-org/youtube-dl/blob/master/test/test_youtube_signature.py

- [8]:

$ tree -d

.
├── bin
├── lib
│   └── python3.6
│       └── site-packages
│           ├── youtube_dl
│           │   ├── downloader
│           │   │   └── __pycache__
│           │   ├── extractor
│           │   │   └── __pycache__
│           │   ├── postprocessor
│           │   │   └── __pycache__
│           │   └── __pycache__
│           └── youtube_dl-2019.5.11-py3.6.egg-info
└── share
    ├── bash-completion
    │   └── completions
    ├── doc
    │   └── youtube_dl
    ├── fish
    │   └── completions
    ├── licenses
    │   └── youtube-dl
    ├── man
    │   └── man1
    └── zsh
        └── site-functions

26 directories

- [9]: https://directory.fsf.org/wiki/Youtube-dl - [10]: https://github.com/fent/node-ytdl-core/issues/222

Description:

Firejail developers since October 2018 have started building LTS versions of firejail[0], according to Packaging Guidelines we must use LTS versions of the packages if they are available.

Links:

[0]: https://github.com/netblue30/firejail/tree/LTSbase

https://github.com/loh-tar/wpa-cute/releases

I know there are plans to remove NetworkManager. I wondered if we could replace it in 0.4 with Wpa_Cute. seen in the above link.

I haven’t been able to compile it, but it has been updated as recent as 2018 december (stable)

or 2019 january. :)

WPA_GUI doesn’t seem to work well for me, it runs into weird errors when I start it. Long story short, I run into this issue with wpa_supplicant when i do it manually:

https://wiki.archlinux.org/index.php/Wpa_supplicant:

Password-related problems

wpa_supplicant may not work properly if directly passed via stdin particularly long or complex passphrases which include special characters. This may lead to errors such as failed 4-way WPA handshake, PSK may be wrong when launching wpa_supplicant.

In order to solve this try using here strings wpa_passphrase <MYSSID> «< “<passphrase>” or passing a file to the -c flag instead:

# wpa_supplicant -i <interface> -c /etc/wpa_supplicant/example.conf

In some instances it was found that storing the passphrase cleartext in the psk key of the wpa_supplicant.conf network block gave positive results (see [2]). However, this approach is rather insecure. Using wpa_cli to create this file instead of manually writing it gives the best results most of the time and therefore is the recommended way to proceed.
Problems with eduroam and other MSCHAPv2 connections

This is my issue with wpa_supplicant sadly... and I do not know how to workaround that without a GUI.

but Wpa_Supplicant_gui does not fix it either, it doesn’t even load properly on my other laptop.

It says it cannot get the status of wpa_supplicant when I load it.

This could be an issue if you get rid of NetworkManager for some users.

So yeah, please take a look at my request okay? Wait for 0.3 to be released to add this if possible. I know you guys are overworked, etc... and it doesn’t need to be done now anyhow. ;)

Remove “gnome-mplayer”, “gecko-mediaplayer” and “gmtk” are unsecured/abandonware packages(released in 2014)
“gecko-mediaplayer” uses deprecated/unsecured NPAPI[0] and XULRunner[1][2] apis

$ pacman -Si gnome-mplayer
Repository : community
Name : gnome-mplayer
Version : 1.0.9-4
Description : A simple MPlayer GUI.
Architecture : x86_64
URL : https://sites.google.com/site/kdekorte2/gnomemplayer Licenses : GPL Groups : None
Provides : None
Depends On : mplayer dbus-glib libnotify gmtk
Optional Deps : None
Conflicts With : None
Replaces : None
Download Size : 343.29 KiB
Installed Size : 1461.00 KiB
Packager : Balló György <ballogyor+arch@gmail.com>
Build Date : Sun 22 Jan 2017 04:45:38 PM -03
Validated By : MD5 Sum SHA-256 Sum Signature

$ pacman -Si gecko-mediaplayer
Repository : community
Name : gecko-mediaplayer
Version : 1.0.9-3
Description : Browser plugin that uses gnome-mplayer to play media in a web browser.
Architecture : x86_64
URL : https://sites.google.com/site/kdekorte2/gecko-mediaplayer Licenses : GPL Groups : None
Provides : None
Depends On : gnome-mplayer>=1.0.9 dbus-glib gmtk curl
Optional Deps : None
Conflicts With : None
Replaces : None
Download Size : 80.92 KiB
Installed Size : 598.00 KiB
Packager : Balló György <ballogyor+arch@gmail.com>
Build Date : Sun 22 Jan 2017 04:36:31 PM -03
Validated By : MD5 Sum SHA-256 Sum Signature

$ pacman -Si gmtk
Repository : community
Name : gmtk
Version : 1.0.9-3
Description : Common functions for gnome-mplayer and gecko-mediaplayer.
Architecture : x86_64
URL : https://sites.google.com/site/kdekorte2/gmtk Licenses : GPL Groups : None
Provides : None
Depends On : glib2 gtk3 dconf
Optional Deps : None
Conflicts With : None
Replaces : None
Download Size : 73.85 KiB
Installed Size : 246.00 KiB
Packager : Balló György <ballogyor+arch@gmail.com>
Build Date : Sun 22 Jan 2017 04:50:49 PM -03
Validated By : MD5 Sum SHA-256 Sum Signature

[0]:https://developer.mozilla.org/en-US/docs/Plugins/Roadmap [1]:https://hearsum.ca/blog/mozilla-will-stop-producing-automated-builds-of-xulrunner-after-the-410-cycle.html [2]:https://tracker.debian.org/pkg/xulrunner

Remove “libFreeWRLplugin.so”, uses deprecated/unsecure NPAPI[0] and XULRunner[1][2] apis

$ pacman -Si freewrl
Repository : community
Name : freewrl
Version : 1:2.3.3-1
Description : VRML viewer
Architecture : x86_64
URL : http://freewrl.sourceforge.net/ Licenses : GPL Groups : None
Provides : None
Depends On : java-runtime libxaw glew freeglut curl freetype2 imlib2 sox unzip imagemagick libxml2 ttf-bitstream-vera lesstif js185 glu openal

                freealut

Optional Deps : None
Conflicts With : None
Replaces : None
Download Size : 583.49 KiB
Installed Size : 2060.00 KiB
Packager : Sergej Pupykin <pupykin.s+arch@gmail.com>
Build Date : Mon 19 Dec 2016 10:31:49 AM -03
Validated By : MD5 Sum SHA-256 Sum Signature

$ sudo pacman -Ql freewrl
freewrl /usr/
freewrl /usr/bin/
freewrl /usr/bin/freewrl
freewrl /usr/bin/freewrl_msg
freewrl /usr/bin/freewrl_snd
freewrl /usr/include/
freewrl /usr/include/FreeWRLEAI/
freewrl /usr/include/FreeWRLEAI/EAIHeaders.h
freewrl /usr/include/FreeWRLEAI/EAI_C.h
freewrl /usr/include/FreeWRLEAI/GeneratedHeaders.h
freewrl /usr/include/FreeWRLEAI/X3DNode.h
freewrl /usr/include/libFreeWRL.h
freewrl /usr/lib/
freewrl /usr/lib/libFreeWRL.so
freewrl /usr/lib/libFreeWRL.so.2
freewrl /usr/lib/libFreeWRL.so.2.3.3
freewrl /usr/lib/libFreeWRLEAI.so
freewrl /usr/lib/libFreeWRLEAI.so.2
freewrl /usr/lib/libFreeWRLEAI.so.2.3.3
freewrl /usr/lib/mozilla/
freewrl /usr/lib/mozilla/plugins/
freewrl /usr/lib/mozilla/plugins/libFreeWRLplugin.so
freewrl /usr/lib/pkgconfig/
freewrl /usr/lib/pkgconfig/libFreeWRL.pc
freewrl /usr/lib/pkgconfig/libFreeWRLEAI.pc
freewrl /usr/share/
freewrl /usr/share/applications/
freewrl /usr/share/applications/freewrl.desktop
freewrl /usr/share/man/
freewrl /usr/share/man/man1/
freewrl /usr/share/man/man1/freewrl.1.gz
freewrl /usr/share/pixmaps/
freewrl /usr/share/pixmaps/freewrl.png

[0]:https://developer.mozilla.org/en-US/docs/Plugins/Roadmap [1]:https://hearsum.ca/blog/mozilla-will-stop-producing-automated-builds-of-xulrunner-after-the-410-cycle.html [2]:https://tracker.debian.org/pkg/xulrunner

Remove “xulrunner”[0][1] is unsecure/abandonware package

$ pacman -Si xulrunner
Repository : community
Name : xulrunner
Version : 41.0.2-10
Description : Mozilla Runtime Environment
Architecture : x86_64
URL : http://wiki.mozilla.org/XUL:Xul_Runner Licenses : MPL GPL LGPL Groups : None
Provides : None
Depends On : gtk2 mozilla-common nss>3.18 libxt hunspell startup-notification mime-types dbus-glib libpulse libevent libvpx icu python2
Optional Deps : None
Conflicts With : None
Replaces : xulrunner-oss
Download Size : 47.38 MiB
Installed Size : 171.99 MiB
Packager : Evangelos Foutras evangelos@foutrelis.com Build Date : Wed 26 Apr 2017 03:10:07 AM -03
Validated By : MD5 Sum SHA-256 Sum Signature

[0]:https://hearsum.ca/blog/mozilla-will-stop-producing-automated-builds-of-xulrunner-after-the-410-cycle.html [1]:https://tracker.debian.org/pkg/xulrunner

“npapi-sdk” (released in 2012) uses deprecated/unsecure NPAPI[0] api

$ pacman -Si npapi-sdk
Repository : extra
Name : npapi-sdk
Version : 0.27.2-1
Description : Netscape Plugin API (NPAPI)
Architecture : any
URL : https://bitbucket.org/mgorny/npapi-sdk Licenses : MPL
Groups : None
Provides : None
Depends On : None
Optional Deps : None
Conflicts With : None
Replaces : None
Download Size : 15.77 KiB
Installed Size : 67.00 KiB
Packager : Ionut Biru ibiru@archlinux.org Build Date : Thu 25 Apr 2013 01:47:15 PM -03
Validated By : MD5 Sum SHA-256 Sum Signature

[0]:https://developer.mozilla.org/en-US/docs/Plugins/Roadmap

“npapi-vlc” uses deprecated/unsecure NPAPI[0] api

$ pacman -Si npapi-vlc
Repository : community
Name : npapi-vlc
Version : 2.2.5-1
Description : The modern VLC Mozilla (NPAPI) plugin
Architecture : x86_64
URL : https://code.videolan.org/videolan/npapi-vlc Licenses : GPL Groups : None
Provides : None
Depends On : gtk2 vlc
Optional Deps : None
Conflicts With : None
Replaces : None
Download Size : 69.96 KiB
Installed Size : 287.00 KiB
Packager : Timothy Redaelli timothy.redaelli@gmail.com Build Date : Tue 14 Feb 2017 12:27:08 PM -03
Validated By : MD5 Sum SHA-256 Sum Signature

[0]:https://developer.mozilla.org/en-US/docs/Plugins/Roadmap

“nspluginwrapper” (released in 2011) uses deprecated/unsecure NPAPI[0] api

$ pacman -Si nspluginwrapper
Repository : multilib
Name : nspluginwrapper
Version : 1.4.4-3
Description : Cross-platform NPAPI compatible plugin viewer
Architecture : x86_64
URL : http://nspluginwrapper.davidben.net/ Licenses : GPL Groups : None
Provides : None
Depends On : curl libxt lib32-libxt gcc-libs lib32-gcc-libs gtk2 lib32-gtk2
Optional Deps : None
Conflicts With : None
Replaces : None
Download Size : 146.14 KiB
Installed Size : 475.00 KiB
Packager : Felix Yan felixonmars@gmail.com Build Date : Sat 12 Jul 2014 02:40:45 PM -03
Validated By : MD5 Sum SHA-256 Sum Signature

[0]:https://developer.mozilla.org/en-US/docs/Plugins/Roadmap

“x2goplugin” uses deprecated/unsecure NPAPI[0] api

$ pacman -Si x2goplugin
Repository : extra
Name : x2goplugin
Version : 4.1.0.0-1
Description : provides X2Go Client as QtBrowser-based Mozilla plugin
Architecture : x86_64
URL : http://www.x2go.org Licenses : GPL2
Groups : None
Provides : None
Depends On : qt4 libcups nxproxy libssh libxpm
Optional Deps : None
Conflicts With : None
Replaces : None
Download Size : 1250.54 KiB
Installed Size : 2761.00 KiB
Packager : Andreas Radke andyrtr@archlinux.org Build Date : Wed 22 Feb 2017 12:42:48 PM -03
Validated By : MD5 Sum SHA-256 Sum Signature

[0]:https://developer.mozilla.org/en-US/docs/Plugins/Roadmap

Remove “nsdejavu.so”, uses deprecated/unsecure NPAPI[0] api

$ sudo pacman -Si djview
Repository : community
Name : djview
Version : 4.10.6-1
Description : Portable DjVu viewer and browser plugin
Architecture : x86_64
URL : http://djvu.sourceforge.net/djview4.html Licenses : GPL Groups : None
Provides : djview4
Depends On : qt5-base djvulibre libxkbcommon-x11 libsm
Optional Deps : None
Conflicts With : djview4
Replaces : djview4
Download Size : 535.79 KiB
Installed Size : 1978.00 KiB
Packager : Gaetan Bisson bisson@archlinux.org Build Date : Wed 04 May 2016 08:53:23 PM -03
Validated By : MD5 Sum SHA-256 Sum Signature

$ sudo pacman -Ql djview
djview /usr/
djview /usr/bin/
djview /usr/bin/djview
djview /usr/bin/djview4
djview /usr/lib/
djview /usr/lib/mozilla/
djview /usr/lib/mozilla/plugins/
djview /usr/lib/mozilla/plugins/nsdejavu.so
djview /usr/share/
djview /usr/share/applications/
djview /usr/share/applications/djvulibre-djview4.desktop
djview /usr/share/djvu/
djview /usr/share/djvu/djview4/
djview /usr/share/djvu/djview4/djview_cs.qm
djview /usr/share/djvu/djview4/djview_de.qm
djview /usr/share/djvu/djview4/djview_es.qm
djview /usr/share/djvu/djview4/djview_fr.qm
djview /usr/share/djvu/djview4/djview_ru.qm
djview /usr/share/djvu/djview4/djview_uk.qm
djview /usr/share/djvu/djview4/djview_zh_cn.qm
djview /usr/share/djvu/djview4/djview_zh_tw.qm
djview /usr/share/icons/
djview /usr/share/icons/hicolor/
djview /usr/share/icons/hicolor/32×32/
djview /usr/share/icons/hicolor/32×32/mimetypes/
djview /usr/share/icons/hicolor/32×32/mimetypes/djvulibre-djview4.png
djview /usr/share/icons/hicolor/64×64/
djview /usr/share/icons/hicolor/64×64/mimetypes/
djview /usr/share/icons/hicolor/64×64/mimetypes/djvulibre-djview4.png
djview /usr/share/icons/hicolor/scalable/
djview /usr/share/icons/hicolor/scalable/mimetypes/
djview /usr/share/icons/hicolor/scalable/mimetypes/djvulibre-djview4.svgz
djview /usr/share/man/
djview /usr/share/man/man1/
djview /usr/share/man/man1/djview.1.gz
djview /usr/share/man/man1/nsdejavu.1.gz

[0]:https://developer.mozilla.org/en-US/docs/Plugins/Roadmap

Remove “IcedTeaPlugin.so”, it uses deprecated/unsecure NPAPI[0] apis

Note: this package contains “Java Web Start” and unsecured NPAPI plugin, it needs change package description and description on optional dependencies in “jre{7,8}-openjdk” packages.

$ pacman -Si icedtea-web
Repository : extra
Name : icedtea-web
Version : 1.6.2-2.hyperbola1
Description : Free web browser plugin to run applets written in Java and an implementation of Java Web Start, without nonfree firefox support
Architecture : x86_64
URL : http://icedtea.classpath.org/wiki/IcedTea-Web Licenses : GPL2
Groups : None
Provides : java-web-start
Depends On : java-runtime-openjdk desktop-file-utils
Optional Deps : rhino: for using proxy auto config files
Conflicts With : None
Replaces : icedtea-web-java7
Download Size : 1525.55 KiB
Installed Size : 2108.00 KiB
Packager : André Silva emulatorman@hyperbola.info Build Date : Fri 26 May 2017 06:13:18 AM -03
Validated By : MD5 Sum SHA-256 Sum Signature

$ pacman -Ql icedtea-web
icedtea-web /usr/
icedtea-web /usr/bin/
icedtea-web /usr/bin/itweb-settings
icedtea-web /usr/bin/javaws
icedtea-web /usr/bin/policyeditor
icedtea-web /usr/lib/
icedtea-web /usr/lib/mozilla/
icedtea-web /usr/lib/mozilla/plugins/
icedtea-web /usr/lib/mozilla/plugins/IcedTeaPlugin.so
icedtea-web /usr/share/
icedtea-web /usr/share/applications/
icedtea-web /usr/share/applications/itweb-settings.desktop
icedtea-web /usr/share/applications/javaws.desktop
icedtea-web /usr/share/icedtea-web/
icedtea-web /usr/share/icedtea-web/bin/
icedtea-web /usr/share/icedtea-web/bin/itweb-settings
icedtea-web /usr/share/icedtea-web/bin/javaws
icedtea-web /usr/share/icedtea-web/bin/policyeditor
icedtea-web /usr/share/icedtea-web/javaws_splash.png
icedtea-web /usr/share/icedtea-web/lib/
icedtea-web /usr/share/icedtea-web/lib/IcedTeaPlugin.so
icedtea-web /usr/share/icedtea-web/netx.jar
icedtea-web /usr/share/icedtea-web/plugin.jar
icedtea-web /usr/share/man/
icedtea-web /usr/share/man/man1/
icedtea-web /usr/share/man/man1/icedtea-web-plugin.1.gz
icedtea-web /usr/share/man/man1/icedtea-web.1.gz
icedtea-web /usr/share/man/man1/itweb-settings.1.gz
icedtea-web /usr/share/man/man1/javaws.1.gz
icedtea-web /usr/share/man/man1/policyeditor.1.gz
icedtea-web /usr/share/pixmaps/
icedtea-web /usr/share/pixmaps/javaws.png

[0]:https://developer.mozilla.org/en-US/docs/Plugins/Roadmap

Remove “cinepaint” package since it’s unmaintained and unsupportable. Also, it doesn’t contains any file format support in the latest version (previous version supported multiple file formats).

I suggest use Krita (or Gimp 2.10) to edit 16bit and 32bit file formats or convert with imagemagick/graphicsmagick.

$ pacman -Si cinepaint
Repository      : community
Name            : cinepaint
Version         : 1:1.0.4-5
Description     : Sophisticated graphics manipulation programm supporting > 8bit pictures
Architecture    : x86_64
URL             : http://www.cinepaint.org
Licenses        : LGPL  GPL  MIT
Groups          : None
Provides        : None
Depends On      : gtk2  openexr  lcms  libxpm  fltk  ftgl  libxxf86vm
Optional Deps   : python2: for python plug-ins
                  gutenprint: for print plug-ins
                  ghostscript: for pdf plug-ins
Conflicts With  : None
Replaces        : None
Download Size   : 3.75 MiB
Installed Size  : 13.91 MiB
Packager        : Christian Hesse <arch@eworm.de>
Build Date      : Thu 28 Apr 2016 05:17:05 AM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature

The developer team is discussing the removal of Midori from Debian repositories.

Jeremy Bicha says:

> The final stable release of Midori still uses the unmaintained WebKit1
> instead of webkit2gtk and therefore the browser suffers from numerous
> known security vulnerabilities. Midori now fails to build with vala
> 0.36 which is in Ubuntu 17.10 Alpha and will be in Debian unstable
> once it clears the Debian new queue.
> https://launchpad.net/bugs/1698483 .

See a complete discussion here.

w3m is an unmaintained and unsuportable software, the latest release was 0.5.3 (2011)[0][1][2][3]

$ pacman -Qi w3m
Name : w3m
Version : 0.5.3.git20170102-2
Description : Text-based Web browser, as well as pager
Architecture : x86_64
URL : http://w3m.sourceforge.net/ Licenses : custom
Groups : None
Provides : None
Depends On : openssl gc ncurses gpm
Optional Deps : imlib2: for graphics support [installed]
Required By : None
Optional For : None
Conflicts With : None
Replaces : None
Installed Size : 1784.00 KiB
Packager : Jan de Groot jgc@archlinux.org Build Date : Sat 04 Mar 2017 07:12:38 PM -03
Install Date : Tue 12 Sep 2017 03:43:25 AM -03
Install Reason : Explicitly installed
Install Script : No
Validated By : Signature

[0]:https://sourceforge.net/projects/w3m/files/w3m/ [1]:https://security.archlinux.org/package/w3m [2]:https://tracker.debian.org/pkg/w3m [3]:https://git.archlinux.org/svntogit/packages.git/tree/trunk/PKGBUILD?h=packages/w3m

pam_unix2 was removed from Debian Jessie because it’s buggy and unmaintained [0]

It’s included inside pam package and should be removed since it doesn’t comes from official source. Also the original upstream FTP directory (ftp://ftp.suse.com/people/kukuk/pam/pam_unix2) has disappeared.

[0]:https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628848

$ pacman -Si pam
Repository : core
Name : pam
Version : 1.3.0-1
Description : PAM (Pluggable Authentication Modules) library
Architecture : x86_64
URL : http://linux-pam.org Licenses : GPL2
Groups : None
Provides : None
Depends On : glibc cracklib libtirpc pambase
Optional Deps : None
Conflicts With : None
Replaces : None
Download Size : 609.71 KiB
Installed Size : 2980.00 KiB
Packager : Tobias Powalowski tpowa@archlinux.org Build Date : Thu 09 Jun 2016 02:44:03 PM -03
Validated By : MD5 Sum SHA-256 Sum Signature

$ pacman -Ql pam > pam_fileslist.txt

https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/

https://w1.fi/security/2017-1/

Arch just patched: https://www.archlinux.org/packages/core/i686/wpa_supplicant/