FS#58777 - [acetoneiso2] Updates Tab shows Adds, developer has no control over the old domain

Attached to Project: Community Packages
Opened by Carsten (xabbu) - Tuesday, 29 May 2018, 13:55 GMT
Last edited by Antonio Rojas (arojas) - Friday, 31 August 2018, 10:09 GMT
Task Type Bug Report
Category Upstream Bugs
Status Closed
Assigned To Laurent Carlier (lordheavy)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Description: The application opens a URL to display updates. Unfortunately the domain is not longer owned by the developer. It now shows adds, sometimes with audio auto playing. Often the audio of the adds start right after staring this application. The URL is http://www.acetoneteam.org/clients.html.

Domain Whois can be found here https://whois.icann.org/en/lookup?name=acetoneteam.org

It seems at least since 2018-02-19 has the developer has no control over this domain.

Additional info: It happens with version 2.3-9

Steps to reproduce: Open the application, select the Updates Tab in the main Window.

This task depends upon

Closed by  Antonio Rojas (arojas)
Friday, 31 August 2018, 10:09 GMT
Reason for closing:  Fixed
Additional comments about closing:  acetoneiso2 2.3-10
Comment by Carsten (xabbu) - Tuesday, 29 May 2018, 19:33 GMT
Just noticed the Bug was already fixed in 2.3-8 with a patch that removed Webkit support.

But the patch was dropped at the rebuild against Qt5. The Webkit support was added added again, which makes the Updates tab show adds and play often audio adds due to the transferred domain.
Comment by Philip Müller (philm) - Tuesday, 29 May 2018, 20:09 GMT
Well, it was partly fixed. If you click on 'make a donation' you also land on the not existing homepage. There is a newer AUR package available: https://aur.archlinux.org/packages/acetoneiso-qt5/. Since the application won't be maintained anymore, it would be best to simply remove it from the repos and people, who want to still use it, may use the given AUR package.
Comment by Philip Müller (philm) - Tuesday, 29 May 2018, 20:10 GMT
See also bug-report from back 2013: https://sourceforge.net/p/acetoneiso/bugs/9/
Comment by Jonathon (jonathon) - Wednesday, 30 May 2018, 20:52 GMT
There's some suggestion/noise [1] that this application may have been used as a vector for a cryptocurrency miner trojan. Iff this is the case, this issue is rather more severe than at first glance.

[1] https://forum.manjaro.org/t/cryptocurrency-ads-in-acetoneiso2-from-repo/48419
Comment by Philip Müller (philm) - Thursday, 31 May 2018, 05:08 GMT
Well, the application itself is clean as its last release is from 2013. Only problem is the non existing homepage which gets forwarded to other homepages. Those may load cryptocurrency miner trojans via flash or other engines. But this can happen to any application, which links to a non maintained homepage.
Comment by lukpod (lukpod) - Saturday, 11 August 2018, 12:54 GMT
https://bazaar.launchpad.net/~andrikos/acetoneiso/acetoneiso/view/head:/debian/patches/remove_defunct_homepage

Loading...