admin 11/23/2021

Package Details: dropbox 121.4.4267-1

  • 10 - bitcoin fraud summary 01-dec-2020.pdf. This report is generated from a file or URL submitted to this webservice on December 4th 2020 11:58:48 (UTC) and action script Default browser analysis.
  • Za idejata, za upornosta, za istrajnosta, bravo Jovanka. Asterion 5 Bitola. December 24 at 3:18 PM.

Find out just how easy it is to make fast and secure file transfers to your friends, family, colleagues or another device with Dropbox as your file transfer app.

Package Actions

Dropbox download
  • View PKGBUILD / View Changes
Git Clone URL: https://aur.archlinux.org/dropbox.git (read-only, click to copy)
Package Base: dropbox
Description: A free service that lets you bring your photos, docs, and videos anywhere and share them easily.
Upstream URL: https://www.dropbox.com
Licenses: custom
Submitter: mtorromeo
Maintainer: mtorromeo
Last Packager: mtorromeo
Votes: 2347
Popularity: 5.77
First Submitted: 2009-01-22 14:21
Last Updated: 2021-05-04 19:04

Dependencies (14)

  • dbus(dbus-elogind, dbus-git, dbus-x11, dbus-nosystemd-minimal-git, dbus-selinux, dbus-nosystemd)
  • fontconfig(fontconfig-srb, fontconfig-infinality-ultimate, fontconfig-infinality, fontconfig-infinality-remix, fontconfig-ubuntu, fontconfig-git, fontconfig-minimal-git)
  • libxslt(libxslt-git)
  • gendesk(make)
  • libappindicator-gtk3(libappindicator-gtk3-ubuntu, libappindicator-bzr)(optional) – make tray icons themed under some desktop environments like KDE plasma
  • perl-file-mimeinfo(optional) – opening dropbox folder on some desktop environments
  • ufw-extras(optional) – ufw rules for dropbox
  • xdg-utils(mimi-git, sx-open, busking-git, xdg-utils-git, linopen, xdg-utils-terminal-true-git, xdg-utils-mimeo, xdg-utils-handlr, xdg-utils-slock, mimi-bachoseven-git, mimejs-git)(optional) – for 'Launch Dropbox Website' and file manager integration

Required by (21)

  • caja-dropbox(optional)
  • nitrotasks(optional)
  • ynab4(optional)
  • https://clientupdates.dropboxstatic.com/dbx-releng/client/dropbox-lnx.x86-121.4.4267.tar.gz(i686)
  • https://clientupdates.dropboxstatic.com/dbx-releng/client/dropbox-lnx.x86-121.4.4267.tar.gz.asc(i686)
  • https://clientupdates.dropboxstatic.com/dbx-releng/client/dropbox-lnx.x86_64-121.4.4267.tar.gz(x86_64)
  • https://clientupdates.dropboxstatic.com/dbx-releng/client/dropbox-lnx.x86_64-121.4.4267.tar.gz.asc(x86_64)

yan12125 commented on 2019-01-05 16:39

Run the following command in case you got errors during 'Verifying source file signatures with gpg...'

Alternatively, you can download Dropbox's public key from https://linux.dropbox.com/fedora/rpm-public-key.asc and import it with:

You can check whether keys are successfully imported or not using the output of gpg -k. You should find something like this:

yan12125 commented on 2018-08-01 11:41

If you can't run the [email protected] service normally, try to create a read-only directory ~/.dropbox-dist and run again.

yan12125 commented on 2017-11-06 15:13

Some useful places for issues about Dropbox itself (not the package):

  1. https://www.dropboxforum.com/t5/Desktop-client-builds/bd-p/101003016 Official Dropbox user feedback forum

  2. Arch Linux discussion places: https://bbs.archlinux.org/, #archlinux on freenode.net, https://lists.archlinux.org/listinfo/aur-general


StormEngineer commented on 2021-05-10 00:39

This is still an issue today: https://aur.archlinux.org/packages/dropbox/?O=20&PP=10#comment-754071

xavierbaez commented on 2021-05-03 21:08

I think this package needs to be upgraded to version


xavierbaez commented on 2021-05-03 20:44

My dropbox says it's not the latest versionI have package dropbox 120.4.4598-1Dropbox Linux version 96.4.172

ghen commented on 2021-05-03 14:22

The dropbox client is auto-updating in your homedir, see https://wiki.archlinux.org/title/Dropbox#Prevent_automatic_updates

hosibach commented on 2021-05-03 14:06

The pkgver 120.4.4598 and my dropbox version don't seem to be the same (my dropbox client says v121.4.4267). Maybe the PKGBUILD needs to be updated?

pedrorafael commented on 2021-04-23 13:58

pedrorafael commented on 2021-04-23 13:58

xuanruiqi commented on 2020-12-02 15:22

wooque commented on 2020-10-06 09:05

Same here, had to download and import key manually

pitlochry commented on 2020-10-06 08:51

I can confirm, that (using yay without sudo)

does not work. Only downloading directly from https://linux.dropbox.com/fedora/rpm-public-key.asc and adding with

works. Can the PKGBUILD be updated with this?

The directive lists all the trusted URIs (including the full path for browsers supporting it) where we could possibly load script code from. When a web browser supporting CSP sees a script tag, it checks the src attribute and matches it against the whitelist provided by the script-src directive of the CSP policy. If the script source is not included in the whitelist (maybe because of HTML injection), the browser will block the request.

The Dropbox CSP policy provides a strong mitigation against XSS and content injection attacks. But deploying a strong CSP policy at scale has a number of challenges. We hope that this four-part series sharing lessons we learnt provides value to the broader community. Today’s post discusses how to setup a report filtering pipeline to identify errors in the policy; in the second post, we will discuss how we deployed nonces and mitigated the ‘unsafe-inline’ in the policy above. In the third post, we will discuss our efforts to mitigate the risk from ‘unsafe-eval’, including open-sourcing patches we wrote. Finally, we will discuss how we reduced the risk of third-party integrations with privilege separation.

Identifying and enforcing a CSP header for a modern, complex web application is a difficult task. Thankfully, Content-Security Policy supports a trick to help you roll it out: report-only mode. The key trick behind report-only mode is allowing a website to test out policies and see their impact via violation reports sent to an endpoint of the policy author’s choosing. For example, you could just set a report-only policy of script-src ‘none’ to learn all the places you include scripts from.

Report-only mode holds great promise for deploying CSP: you keep iterating on the policy in report-only mode till you hit a point of no violation reports and then flip the switch to enforcement. This is often the recommended first step before turning on CSP in enforcement mode. Similarly, at a recent event I attended, the panel on adopting modern security mechanisms stressed how the CSP report-only mode can provide a useful crutch to deploying CSP, allowing you to evaluate possible policies before deploying them in enforcement mode.

Dropbox Download

This is true: CSP reporting is an irreplaceable tool for getting actionable feedback on deployed policies. At Dropbox, we deployed CSP in report-only mode for months before flipping the switch and going to 'block' mode. But, at scale, one of the first lessons of deploying CSP is the sheer noise in the reports that make the default report mechanism unusable.

We found the biggest source of noise to be browser extensions that insert scripts into the page and/or other programs that might modify the HTML of your page. Recall that CSP blocks any unknown content from running on your page, so content injected into the page will likely get blocked by the browser too. If we just log all the reports that reach us, the logs will contain these errors too. Since you don’t have any control over these extensions, the end goal of “no more violation reports” mentioned above is unreachable.

Given our experience deploying CSP at scale, we have over the last year fine-tuned a filtering mechanism to ignore common false-positive violation reports. Our reporting pipeline filters out these reports before logging them to our analytics backend. In the spirit of encouraging adoption of CSP, we are sharing these filtering techniques and hope that you find them useful. The list started off from Neil Matatall’s brilliant, detailed list that we strongly recommend reading too.

At first glance, filtering violation reports sounds weird. Why would you not want to know when ad-injectors and spammers are modifying your web application? But, recall that we are talking about the pre-rollout phase of CSP. At this stage, the focus is on making sure that the CSP content whitelist isn’t breaking the web application. Filtering out the noise lets you focus on places where CSP enforcement might be a breaking change and fix appropriately. Once you enable CSP enforcement, the browser will block all the loads in the filtered list anyhow.


The filtering is two fold: first, we filter based on the URI scheme of the blocked URIs.