• StarDreamer
      link
      fedilink
      English
      321 days ago

      libgdata here is specifically very messy. It was an official package since it was a required dependency for older versions of GNOME, then in GNOME 50 they dropped the dependency and so did Arch from their repos. But because pacman doesn’t remove dangling dependencies, you end up with libgdata still installed, until Arch Linux moves dropped packages into the AUR as an orphan, which happened in this case 5/31. This allowed it to be perfectly timed for the attackers to pick it up on 6/11. Now, you’d inadvertently update libgdata from an AUR source if you’re using an AUR helper.

      • @brokenwing@discuss.tchncs.de
        link
        fedilink
        English
        121 days ago

        Yes that seems to be the case. But on 12th of June, I did a yay update. But only librewolf-bin was updated. libgdata (0.18.1-5) was last updated on March 05 2026 for me.

        Also I did some digging around. Seems like any packages that were installed using a AUR helper (like yay in my case) would leave logs in the /var/log/pacman. You can see them like this,

        grep "package_name" /var/log/pacman

        For yay installed packages you can see they are getting installed from ~/.config/yay/package_name. But for my libgdata, it simply says [ALPM] installed libgdata (0.18.1-5).

        • Victoria
          link
          fedilink
          English
          121 days ago

          You can also check the build/install date of a package with pacman -Qi

        • StarDreamer
          link
          fedilink
          English
          120 days ago

          Sounds like you got lucky. libgdata was part of the second round of attacks and was quickly reverted. It’s likely you’re running the last official release.