We have several packages in Cauldron that are no longer maintained upstream and have become unusable. They need to be obsoleted before Mageia 9 is released. In case a dead-upstream package still seems usable, but has security issues, then it likely needs to be obsoleted, too.
Needs to get obsoleted: lightspark-mozilla-plugin-0.8.5-2.mga9. Mozilla compatible plugin for lightspark (this type of plugin is obsoleted since years in Firefox) Flashplayer is EOL since 2020 and blocked from execution since Jan 2021 Quote from the GitHub page: "Most browsers including Firefox and Chromium don't support flash any longer, so the plugins don't work on their latest versions." "Support matrix Web browser Windows Linux Pale Moon Yes Yes Firefox No No Chrome No No Chromium No No Waterfox No Yes Falcon No untested MyPal Yes N/A https://github.com/lightspark/lightspark/wiki/Getting-Lightspark-up-and-running-in-Web-Browser https://github.com/lightspark/lightspark/releases
Needs to get obsoleted: firefox-ext-mozvoikko-2.0.1-11.mga9 Finnish spell-checking extension for Mozilla applications Quote from GitHub page: "UNMAINTAINED Spell checker extension for legacy Mozilla products (older than Firefox 57 or Thunderbird 60)" It is a NPAPI plugin which is no longer supported in all major browsers.
Needs to get obsoleted: mozilla-plugin-aliedit-1.0.3.20-9.mga8 Aliedit extension for firefox It is a NPAPI plugin which is no longer supported in all major browsers. (Have look at the spec file history. It should have been removed in the past)
Please keep in mind that only packages the cannot work in Mageia 9, or that will interfere with upgrades from 8 to 9 should be obsoleted, which forcefully removes them from the user's installation during upgrade. Other packages that are no longer supported by Mageia should be removed from svn only, using the null package. https://svnweb.mageia.org/packages/cauldron/null/ The user's may have third party software that can still use those packages, or choose to use no longer supported packages, as I do with opera 12.16 from Mageia 4.
CC: (none) => davidwhodgins
(In reply to Marja Van Waes from comment #0) > We have several packages in Cauldron that are no longer maintained upstream > and have become unusable. They need to be obsoleted before Mageia 9 is > released. > In case a dead-upstream package still seems usable, but has security issues, > then it likely needs to be obsoleted, too. How can these be identified? Over time suggestions to obsolete packages pop up. Is it possible to search Bugzilla for this word in any comment? I never succeed with advanced searching.
CC: (none) => lewyssmith
lightspark actually doesn't need to be removed. It has an offline flash player executable that people can use if they have old swf files laying around. Yes the mozilla plugin doesn't work any more but it's not hurting anything. qca2 and the things built against it (kdelibs4, kdebase4-runtime, kde4-kactivities, qutim) probably all need to be dropped, as qca2 can't be rebuilt against botan. Two more candidates to be dropped, recently mentioned on IRC: <papoteur> I had a look to python-sparqlwrapper. This is a Python module. It doesn't seem to be required by anything. We have 1.8.2, the latest is 1.8.5 about 2 years ago. This ones don't build in cauldron. <papoteur> On https://github.com/RDFLib/sparqlwrapper, it seems to be the idea started 2 years ago to have 1.9 which drops support for Python 2. But the tag 1.9 isn't set for the moment. <papoteur> I think telldus-core is a good candidate for dropping: <papoteur> 1/ it doesn't build <papoteur> 2/ it is linked to specific hardware (IOT) <papoteur> 3/ there is no activity since 2 years, and not a lot since 2013.
CC: (none) => yves.brungard_mageia
Just to make sure it doesn't get forgotten, openssl 1.1.1 needs to removed: https://bugs.mageia.org/show_bug.cgi?id=30174#c2
CC: (none) => luigiwalser
(In reply to David Walser from comment #6) > > Two more candidates to be dropped, recently mentioned on IRC: > > <papoteur> I had a look to python-sparqlwrapper. This is a Python module. It > doesn't seem to be required by anything. We have 1.8.2, the latest is 1.8.5 > about 2 years ago. This ones don't build in cauldron. > <papoteur> On https://github.com/RDFLib/sparqlwrapper, it seems to be the > idea started 2 years ago to have 1.9 which drops support for Python 2. But > the tag 1.9 isn't set for the moment. In the mean time, 2.0.0 has been released. I have posted a new spec for it. > > <papoteur> I think telldus-core is a good candidate for dropping: > <papoteur> 1/ it doesn't build > <papoteur> 2/ it is linked to specific hardware (IOT) > <papoteur> 3/ there is no activity since 2 years, and not a lot since 2013. I have moved it in obsolete.
You can't just move something to obsolete in SVN while it's still in the repo. It needs to be removed from the repository as well.
pm-utils Last distribution standing is Mageia. No rpm or deb based disribution is shipping pm-utils anymore. As seen in bug 30080, bug 30180, bug 30179, bug ... pm-utils only causes problems. Last pm-utils release is from 2010. Most functions are now served by systemd/systemctl. Opensuse deprecated in 2015 https://lists.opensuse.org/archives/list/factory@lists.opensuse.org/message/GX3KAWFIQNXWJDGE2BUANJFK7ZMPPFO3/ Last Fedora with pm-utils was Fedora 22 (now we have Fedora 35) ..and many more deb and prm based distries...dropped support a decade ago...
Depends on: (none) => 30179
Keywords: (none) => TRACKER
Depends on: 30156 => (none)
python-vatnumber : no update since 2014, nothing claims it, doesn't build anymore python-speaklater-1.3-14.mga9 no update since 2012, required by python3-flask-babelex, doesn't build anymore python-anyjson ne construit plus no update since 2012, nothing claims it, doesn't build anymore python-flask-script referenced as deprecated https://github.com/smurfix/flask-script
Bug 30317 - wmebcam is useless Comes with no help, not apparent how to use.
Depends on: (none) => 30317CC: (none) => fri
Depends on: 30317 => (none)
fwupdate, https://bugs.mageia.org/show_bug.cgi?id=28878#c3 Bug 28878 - Conflict between fwupdate-efi and grub2-common
Depends on: (none) => 28878
I have two packages that will need to be obsoleted before Mga9 chirp - because upstream are unlikely to move to python-3 any time soon. cambozola - because it was packaged to support zoneminder which no longer needs it. Adding here as a reminder ;)
CC: (none) => zen25000
In the process of updating proj, I forecast some obsoleting to: zygrib
CC: (none) => eatdirt
qt-mobility
Possibly Sugar desktop https://bugs.mageia.org/show_bug.cgi?id=18706#c14
Depends on: (none) => 18706
Depends on: (none) => 30486
Depends on: (none) => 15760
acoustid-fingerprinter The last release is from 2012. http://acoustid.org/fingerprinter It doesn't build anymore, surely because of ffmpeg 5. Nothing claims it.
Depends on: (none) => 26780
vbindiff is broken since MGA6. vbindiff is unmaintained since over 5 years upstream and no code maintenance/bugfixing was done. bug 26780
gnucap? is redundant and old. Electronic cirquit simulator. We have a really old version from 2009 packaged - at least it need to be updated. Project seem alive, but not very active. http://gnucap.org/dokuwiki/doku.php/gnucap:projects list work is needed for interfacing several programs, and that page was last updated in 2016... To clean up number of packages we supply, I suggest to drop gnucap. (and if not, update it at least in cauldron, there is now a 2021 version) We package ngspice, which is well known, well developed, and used by i.e KiCad which we package. https://ngspice.sourceforge.io/ and have even verification tests/examples with KiCad https://ngspice.sourceforge.io/quality.html
(In reply to sturmvogel from comment #19) > vbindiff is broken since MGA6. vbindiff is unmaintained since over 5 years > upstream and no code maintenance/bugfixing was done. > > bug 26780 We now have a fix for 26780 so it should not be obsoleted as it is a useful CLI tool.
CC: (none) => bruno
Fritzing. We fail to package it and get no upstream help. Bug 18689
Depends on: (none) => 18689
Depends on: 26780 => (none)
Nextcloud server Bug 28511 We are not keeping up. Not even finished the upgrade path mga7 -> mga8 yet.
Depends on: (none) => 28511
Misunderstanding - behind the curtain there have been work on NC :)
Depends on: 28511 => (none)
(In reply to Morgan Leijström from comment #24) > Misunderstanding - behind the curtain there have been work on NC :) We still need to remember to drop it before Mageia 9 is branched.
Nextcloud should maybe be dropped from release repo. Then maybe reinstated in backport. Lets see how packaging, testing, and opinions progress in Bug 28511...
Yes that's how we handled it for Mageia 8.
Hi What about this issue?? https://bugs.mageia.org/show_bug.cgi?id=17706
CC: (none) => neoser10
(In reply to Mauricio Andrés Bustamante Viveros from comment #28) > Hi > > What about this issue?? > https://bugs.mageia.org/show_bug.cgi?id=17706 That's not about a package that needs to be dropped.
Bug 30938 : dhcp-4.4.3P1-1.mga9.src.rpm "dhcp is EOL upstream" This needs to be replaced in various places as DavidW details in this bug.
Depends on: (none) => 30938
Adding Banshee: https://bugs.mageia.org/show_bug.cgi?id=29613#c2 and Brasero: https://bugs.mageia.org/show_bug.cgi?id=30909#c5
Some more there were already bugs for... nrpe Bug 26957 perl-Net-IPv4Addr Bug 29281 qtwebkit/wkhtmltopdf Bug 29326 tmate Bug 29733
Depends on: (none) => 26957, 29281, 29326, 29733
quictls is an openssl fork that should not have been imported.
nbd was imported, but never has worked, and the maintainer is no longer with us.
Depends on: (none) => 30153
tmate Bug 29733 - tmate should probably be dropped due to inadequate upstream maintenance
(In reply to David Walser from comment #33) > quictls is an openssl fork that should not have been imported. Bug 31066.
Depends on: (none) => 31066
bug 31069 : python-flask-security "Note that this software is unmaintained upstream. Apparently it has been replaced by flask-security-too (which is also vulnerable to this issue, where it is known as CVE-2021-32618). So this package should be dropped or replaced in Cauldron as well"
(In reply to David Walser from comment #33) > quictls is an openssl fork that should not have been imported. Bug 31066. "quictls really should just be a patch set for OpenSSL that should be submitted upstream. This should be dropped before Mageia 9."
(In reply to Lewis Smith from comment #38) > (In reply to David Walser from comment #33) > > quictls is an openssl fork that should not have been imported. > Bug 31066. > "quictls really should just be a patch set for OpenSSL that should be > submitted upstream. This should be dropped before Mageia 9." I answered in the bug report, the idea is not to get the whole distribution built against it, just give a easy way for people requiring quic to use it by just rebuilding the required package against quictls instead of openssl. (both libraries may be installed and only the buildrequire should select wanted library)
CC: (none) => mageia
Also qt-fsarchiver and qt-fsarchiver-terminal. See bug 28791
Depends on: (none) => 28791
transcode, bug 31096. "Transcode was removed from SVN 4 months ago, but was never added to task-obsolete-tainted. I have now added it."
notification-daemon (Gnome) Bug 31103 from QA-discuss M/L: /usr/libexec/notification-daemon comes from an archived (deprecated and unmaintained) GNOME project, so probably should be dropped from Mageia.
vino (Gnome) Bug 31104 from QA-discuss M/L: For vino, upstream says: "Vino was the GNOME desktop sharing server. It is now archived and unmaintained - please use gnome-remote-desktop instead! " Thus it has to be obsoleted.
Depends on: (none) => 31118
gnome-shell-extension-topicons See bug 31118 and bug 29840 This is dead upstream. The author recommends switching to the appindicator extension, which we do have packaged for Mageia 9
To be checked with Akien, but: openmw does not build anymore, new version only accept libbullet compiled in double precision, that we do not provide currently. Moreover, it is the only remaining package forcing us to have double packaging of old versions of: openscreengraph34 lib64openthreads20 I think we could consider dropping those three! Cheers, Chris.
(In reply to Chris Denice from comment #45) > To be checked with Akien, but: > > openmw does not build anymore, new version only accept libbullet compiled in > double precision, that we do not provide currently. Moreover, it is the only > remaining package forcing us to have double packaging of old versions of: > > openscreengraph34 > lib64openthreads20 > > I think we could consider dropping those three! > I rebuilded libbullet with double precision to try to get openmw working. You may drop the two previously reported libraries as they seems useless now. I imported recastnavigation and openmw should be available soon in cauldron. The only downside is that we need a check wether the following packages still works with double precision in libbullet : godot godot-headless godot-runner godot-server openmw vdrift I don't know how to fix stuntrally and irrlamb, both fails at link time: https://github.com/stuntrally/stuntrally/issues/107 (they seems to use hardcoded float values where double should be used)
(In reply to Raphael Gertz from comment #46) > I don't know how to fix stuntrally and irrlamb, both fails at link time: > https://github.com/stuntrally/stuntrally/issues/107 > (they seems to use hardcoded float values where double should be used) It seems -DBT_USE_DOUBLE_PRECISION don't get passed correctly by cmake.
Hi, I updated stuntrally to version 2.6.2, irrlamb and vdrift are fixed for bullet double precision too. You may be able to drop these susmentioned packages: openscreengraph34 lib64openthreads20 Best regards
Well done Raphael!
zfs-fuse? https://bugs.mageia.org/show_bug.cgi?id=17245#c17
Another one to obsolete as per bug 3659 from 2012 invictus-firewall As per discussion on qa discuss ml it still causes problems if installed.
ogmrip is dead upstream and broken in other distros and in mga8 and cauldron despite trying to fix it https://bugs.mageia.org/show_bug.cgi?id=28683#c19
Depends on: (none) => 28683
Depends on: (none) => 31546
Added unarj (Bug 31546). Unfixed security issues and should be obsoleted by arj apparently.
Anki: can no longer be built, and the old version is not compatible with the sync service https://bugs.mageia.org/show_bug.cgi?id=30841#c3
Depends on: (none) => 30841
Fritzing now works on cauldron / mga9; do not drop.
Depends on: 18689 => (none)