The waydroid package prior to version 1.5.4-2 (including aur/waydroid) creates Python byte-code files (.pyc) at runtime which were untracked by pacman. This issue has been fixed in 1.5.4-3, where byte-compiling these files is now done during the packaging process.

As a result, the upgrade may conflict with the unowned files created in previous versions. If you encounter errors like the following during the update:

error: failed to commit transaction (conflicting files)

waydroid: /usr/lib/waydroid/tools/__pycache__/__init__.cpython-313.pyc exists in filesystem

waydroid: /usr/lib/waydroid/tools/actions/__pycache__/__init__.cpython-313.pyc exists in filesystem

waydroid: /usr/lib/waydroid/tools/actions/__pycache__/app_manager.cpython-313.pyc exists in filesystem

You can safely overwrite these files by running the following command:

pacman -Syu --overwrite /usr/lib/waydroid/tools/\*__pycache__/\*

The dovecot 2.4 release branch has made breaking changes which result in it being incompatible with any <= 2.3 configuration file.

Thus, the dovecot service will no longer be able to start until the configuration file was migrated, requiring manual intervention.

For guidance on the 2.3-to-2.4 migration, please refer to the following upstream documentation: Upgrading Dovecot CE from 2.3 to 2.4

Furthermore, the dovecot 2.4 branch no longer supports their replication feature, it was removed.

For users relying on the replication feature or who are unable to perform the 2.4 migration right now, we provide alternative packages available in [extra]:

• dovecot23
• pigeonhole23
• dovecot23-fts-elastic
• dovecot23-fts-xapian

The dovecot 2.3 release branch is going to receive critical security fixes from upstream until stated otherwise.

We want to provide an update on the recent service outages affecting our infrastructure. The Arch Linux Project is currently experiencing an ongoing denial of service attack that primarily impacts our main webpage, the Arch User Repository (AUR), and the Forums.

We are aware of the problems that this creates for our end users and will continue to actively work with our hosting provider to mitigate the attack. We are also evaluating DDoS protection providers while carefully considering factors including cost, security, and ethical standards.

To improve the communication around this issue we will provide regular updates on our service status page going forward.

As a volunteer-driven project, we appreciate the community's patience as our DevOps team works to resolve these issues. Please bear with us and thank you for all the support you have shown so far.

Workarounds during service disruption

• In the case of downtime for archlinux.org:
  • Mirrors: The mirror list endpoint used in tools like reflector is hosted on this site. Please default to the mirrors listed in the pacman-mirrorlist package during an outage.
  • ISO: Our installation image is available on a lot of the mirrors, for example the DevOps administered geomirrors. Please always verify its integrity as described on the wiki and confirm it is signed by 0x3E80CA1A8B89F69CBA57D98A76A5EF9054449A5C (or other trusted keys that may be used in the future).
• In the case of downtime for aur.archlinux.org:
  • Packages: We maintain a mirror of AUR packages on GitHub. You can retrieve a package using: $ git clone --branch <package_name> --single-branch https://github.com/archlinux/aur.git <package_name>
• In the case of downtime for wiki.archlinux.org:
  • Docs: The arch-wiki-docs and arch-wiki-lite contain recent snapshots of the articles as hosted on the Arch Linux wiki.

Additional remarks

• Our services may send an initial connection reset due to the TCP SYN authentication performed by our hosting provider, but subsequent requests should work as expected.

• We are keeping technical details about the attack, its origin and our mitigation tactics internal while the attack is still ongoing.