diff options
Diffstat (limited to 'libre')
-rw-r--r-- | libre/pacman/PKGBUILD | 32 | ||||
-rw-r--r-- | libre/pacman/ensure-matching-database-and-package-version.patch | 60 | ||||
-rw-r--r-- | libre/pacman/makepkg-pkgrel-4.patch | 81 | ||||
-rw-r--r-- | libre/pacman/makepkg-pkgrel-5.patch | 81 | ||||
-rw-r--r-- | libre/pacman/makepkg.conf | 5 | ||||
-rw-r--r-- | libre/pacman/pacman.conf.armv7h | 1 | ||||
-rw-r--r-- | libre/pacman/pacman.conf.i686 | 1 | ||||
-rw-r--r-- | libre/pacman/pacman.conf.x86_64 | 1 |
8 files changed, 101 insertions, 161 deletions
diff --git a/libre/pacman/PKGBUILD b/libre/pacman/PKGBUILD index bd17d02bc..c1649ca8c 100644 --- a/libre/pacman/PKGBUILD +++ b/libre/pacman/PKGBUILD @@ -1,5 +1,5 @@ # vim: set ts=2 sw=2 et: -# $Id: PKGBUILD 248253 2015-10-02 11:48:18Z foutrelis $ +# $Id: PKGBUILD 258691 2016-01-30 00:40:01Z allan $ # Maintainer (Arch): Dan McGee <dan@archlinux.org> # Maintainer (Arch): Dave Reisner <dreisner@archlinux.org> # Maintainer: André Silva <emulatorman@parabola.nu> @@ -9,16 +9,16 @@ # Contributor: Daniel Milewski <niitotantei@riseup.net> pkgname=pacman -pkgver=4.2.1 -pkgrel=4.parabola1 +pkgver=5.0.0 +pkgrel=1.parabola1 pkgdesc="A library-based package manager with dependency support" arch=('i686' 'x86_64' 'armv7h') url="http://www.archlinux.org/pacman/" license=('GPL') groups=('base' 'base-devel') -depends=('bash' 'glibc' 'libarchive>=3.1.2' 'curl>=7.39.0' +depends=('bash' 'glibc' 'libarchive' 'curl' 'gpgme' 'pacman-mirrorlist' 'archlinux-keyring' - 'parabola-keyring' 'ca-certificates-cacert') + 'parabola-keyring') if [ "${CARCH}" = "armv7h" ]; then depends+=('archlinuxarm-keyring') fi @@ -31,31 +31,27 @@ replaces=("$pkgname-contrib" "$pkgname-parabola" 'cacert-dot-org') backup=('etc/pacman.conf' 'etc/makepkg.conf') options=('strip' 'debug') source=(https://sources.archlinux.org/other/pacman/$pkgname-$pkgver.tar.gz{,.sig} - ensure-matching-database-and-package-version.patch $pkgname.conf.{i686,x86_64,armv7h} makepkg.conf $pkgname-keyring.service $pkgname-keyring.timer - makepkg-pkgrel-4.patch) -md5sums=('2a596fc8f723e99660c0869a74afcf47' + makepkg-pkgrel-5.patch) +md5sums=('9ecf8a5b659c0e02232c945ab198e6e1' 'SKIP' - 'e8f72afe6f417d11bd36ada042744fe4' - '9c1454e48b2216b23f931e04d6dab1ee' - '7279d086428df483fd60c33f7c88cf3e' - '9c1454e48b2216b23f931e04d6dab1ee' - 'ce525a9af50f1d9b824806d2e5a4f0c8' + 'cbae23ebbdedb242b4229b1fa3788a2a' + '125d48252a2ac58092cc489ab6719375' + 'cbae23ebbdedb242b4229b1fa3788a2a' + '19c91127e409cf24246de252be44eaa9' '11a5fac02651041e44d65d66c3538030' '7fb448e0d2b5b22da5ddc0040378efb0' - '0ee98dc38ff80ba127772f5104e18e46') + 'da78f246ac281ed949cf97d48f86d994') validpgpkeys=('6645B0A8C7005E78DB1D7864F99FFE0FEAE999BD') # Allan McRae <allan@archlinux.org> prepare() { cd "$pkgname-$pkgver" - patch -p1 -i $srcdir/ensure-matching-database-and-package-version.patch - # treat pkgrel more similarly to pkgver - patch -p1 -i "$srcdir/makepkg-pkgrel-4.patch" + patch -p1 -i "$srcdir/makepkg-pkgrel-5.patch" } build() { @@ -65,7 +61,7 @@ build() { --localstatedir=/var --enable-doc \ --with-scriptlet-shell=/usr/bin/bash \ --with-ldconfig=/usr/bin/ldconfig - make + make V=1 make -C contrib } diff --git a/libre/pacman/ensure-matching-database-and-package-version.patch b/libre/pacman/ensure-matching-database-and-package-version.patch deleted file mode 100644 index 4d9170f8b..000000000 --- a/libre/pacman/ensure-matching-database-and-package-version.patch +++ /dev/null @@ -1,60 +0,0 @@ -From deac9731884a83ad91eab9f27b288f406f56c87b Mon Sep 17 00:00:00 2001 -From: Levente Polyak <anthraxx@archlinux.org> -Date: Sat, 18 Jul 2015 17:58:23 +0200 -Subject: [PATCH] ensure matching database and package version - -While loading each package ensure that the internal version matches the -expected database version to avoid the possibility to circumvent the -version check. -This issue can be used by an attacker to trick the software into -installing an older version. The behavior can be exploited by a -man-in-the-middle attack through specially crafted database tarball -containing a higher version, yet actually delivering an older and -vulnerable version, which was previously shipped. - -Signed-off-by: Levente Polyak <anthraxx@archlinux.org> -Signed-off-by: Remi Gacogne <rgacogne@archlinux.org> -Signed-off-by: Allan McRae <allan@archlinux.org> ---- - lib/libalpm/sync.c | 18 ++++++++++++++++++ - 1 file changed, 18 insertions(+) - -diff --git a/lib/libalpm/sync.c b/lib/libalpm/sync.c -index 888ae15..e843b07 100644 ---- a/lib/libalpm/sync.c -+++ b/lib/libalpm/sync.c -@@ -1212,6 +1212,7 @@ static int load_packages(alpm_handle_t *handle, alpm_list_t **data, - EVENT(handle, &event); - - for(i = handle->trans->add; i; i = i->next, current++) { -+ int error = 0; - alpm_pkg_t *spkg = i->data; - char *filepath; - int percent = (int)(((double)current_bytes / total_bytes) * 100); -@@ -1232,6 +1233,23 @@ static int load_packages(alpm_handle_t *handle, alpm_list_t **data, - spkg->name); - alpm_pkg_t *pkgfile =_alpm_pkg_load_internal(handle, filepath, 1); - if(!pkgfile) { -+ _alpm_log(handle, ALPM_LOG_DEBUG, "failed to load pkgfile internal\n"); -+ error = 1; -+ } else { -+ if(strcmp(spkg->name, pkgfile->name) != 0) { -+ _alpm_log(handle, ALPM_LOG_DEBUG, -+ "internal package name mismatch, expected: '%s', actual: '%s'\n", -+ spkg->name, pkgfile->name); -+ error = 1; -+ } -+ if(strcmp(spkg->version, pkgfile->version) != 0) { -+ _alpm_log(handle, ALPM_LOG_DEBUG, -+ "internal package version mismatch, expected: '%s', actual: '%s'\n", -+ spkg->version, pkgfile->version); -+ error = 1; -+ } -+ } -+ if(error != 0) { - errors++; - *data = alpm_list_add(*data, strdup(spkg->filename)); - free(filepath); --- -2.4.6 - diff --git a/libre/pacman/makepkg-pkgrel-4.patch b/libre/pacman/makepkg-pkgrel-4.patch deleted file mode 100644 index aeeb17859..000000000 --- a/libre/pacman/makepkg-pkgrel-4.patch +++ /dev/null @@ -1,81 +0,0 @@ -From 6357edfc61e293170a4c922fbdcfa260963d7268 Mon Sep 17 00:00:00 2001 -From: Luke Shumaker <lukeshu@sbcglobal.net> -Date: Sun, 31 Aug 2014 17:10:32 -0400 -Subject: [PATCH] makepkg: treat pkgrel more similarly to pkgver - -This is perfectly fine with libalpm; it was only makepkg that was more -strict with pkgrel than pkgver. - -Further, the former error message about invalid pkgrel formats claimed that -pkgrel was a "decimal", which would mean that `1.1 == 1.10`. This was not -the case; alpm parsed pkgrel as a version, not a decimal. In that light, -enforcing /[0-9]+(\.([0-9]+)?/ on a version spec seems silly. ---- - doc/PKGBUILD.5.txt | 4 ++-- - scripts/makepkg.sh.in | 4 ++-- - test/util/vercmptest.sh | 18 ++++++++++++++++++ - 3 files changed, 22 insertions(+), 4 deletions(-) - -diff -Nur pacman-4.2.0.orig/doc/PKGBUILD.5.txt pacman-4.2.0/doc/PKGBUILD.5.txt ---- pacman-4.2.0.orig/doc/PKGBUILD.5.txt 2014-10-13 22:44:20.000000000 -0200 -+++ pacman-4.2.0/doc/PKGBUILD.5.txt 2014-12-29 21:54:08.717826697 -0200 -@@ -48,7 +48,7 @@ - - *pkgver*:: - The version of the software as released from the author (e.g., '2.7.1'). -- The variable is not allowed to contain colons or hyphens. -+ The variable is not allowed to contain colons, hyphens or whitespace. - + - The `pkgver` variable can be automatically updated by providing a `pkgver()` - function in the PKGBUILD that outputs the new package version. -@@ -62,7 +62,7 @@ - allows package maintainers to make updates to the package's configure - flags, for example. This is typically set to '1' for each new upstream - software release and incremented for intermediate PKGBUILD updates. The -- variable is not allowed to contain hyphens. -+ variable is not allowed to contain colons, hyphens or whitespace. - - *pkgdesc*:: - This should be a brief description of the package and its functionality. -diff -Nur pacman-4.2.0.orig/scripts/makepkg.sh.in pacman-4.2.0/scripts/makepkg.sh.in ---- pacman-4.2.0.orig/scripts/makepkg.sh.in 2014-12-29 21:53:44.674296011 -0200 -+++ pacman-4.2.0/scripts/makepkg.sh.in 2014-12-29 22:00:21.607534761 -0200 -@@ -2576,8 +2576,8 @@ - return 1 - fi - -- if [[ $pkgrel != +([0-9])?(.+([0-9])) ]]; then -- error "$(gettext "%s must be a decimal, not %s.")" "pkgrel" "$pkgrel" -+ if [[ $pkgrel = *[[:space:]:-]* ]]; then -+ error "$(gettext "%s is not allowed to contain colons, hyphens or whitespace.")" "pkgrel" "$pkgrel" - return 1 - fi - } -diff -Nur pacman-4.2.0.orig/test/util/vercmptest.sh pacman-4.2.0/test/util/vercmptest.sh ---- pacman-4.2.0.orig/test/util/vercmptest.sh 2014-01-06 02:40:08.000000000 -0200 -+++ pacman-4.2.0/test/util/vercmptest.sh 2014-12-29 21:54:08.717826697 -0200 -@@ -142,6 +142,24 @@ - runtest 1:1.0 1.1 1 - runtest 1:1.1 1.1 1 - -+# complex pkgrel values -+runtest 1-1.5.0 1-1.5.0 0 -+runtest 1-1.5.1 1-1.5.0 1 -+runtest 1-1.5.1 1-1.5 1 -+runtest 1-1.5b 1-1.5 -1 -+runtest 1-1.5b 1-1.5.1 -1 -+runtest 1-1.0a 1-1.0alpha -1 -+runtest 1-1.0alpha 1-1.0b -1 -+runtest 1-1.0b 1-1.0beta -1 -+runtest 1-1.0beta 1-1.0rc -1 -+runtest 1-1.0rc 1-1.0 -1 -+runtest 1-1.5.a 1-1.5 1 -+runtest 1-1.5.b 1-1.5.a 1 -+runtest 1-1.5.1 1-1.5.b 1 -+runtest 1-2 1-2.par1 1 -+runtest 1-2 1-2.par1 1 -+runtest 1-3 1-2.par1 -1 -+ - #END TESTS - - if [[ $failure -eq 0 ]]; then diff --git a/libre/pacman/makepkg-pkgrel-5.patch b/libre/pacman/makepkg-pkgrel-5.patch new file mode 100644 index 000000000..82da38d3f --- /dev/null +++ b/libre/pacman/makepkg-pkgrel-5.patch @@ -0,0 +1,81 @@ +From 6357edfc61e293170a4c922fbdcfa260963d7268 Mon Sep 17 00:00:00 2001 +From: Luke Shumaker <lukeshu@sbcglobal.net> +Date: Sun, 31 Aug 2014 17:10:32 -0400 +Subject: [PATCH] makepkg: treat pkgrel more similarly to pkgver + +This is perfectly fine with libalpm; it was only makepkg that was more +strict with pkgrel than pkgver. + +Further, the former error message about invalid pkgrel formats claimed that +pkgrel was a "decimal", which would mean that `1.1 == 1.10`. This was not +the case; alpm parsed pkgrel as a version, not a decimal. In that light, +enforcing /[0-9]+(\.([0-9]+)?/ on a version spec seems silly. +--- + doc/PKGBUILD.5.txt | 4 ++-- + scripts/libmakepkg/lint_pkgbuild/pkgrel.sh.in | 4 ++-- + test/util/vercmptest.sh | 18 ++++++++++++++++++ + 3 files changed, 22 insertions(+), 4 deletions(-) + +diff -Nur pacman-5.0.0.orig/doc/PKGBUILD.5.txt pacman-5.0.0/doc/PKGBUILD.5.txt +--- pacman-5.0.0.orig/doc/PKGBUILD.5.txt 2016-01-28 20:50:49.000000000 -0300 ++++ pacman-5.0.0/doc/PKGBUILD.5.txt 2016-02-01 10:11:47.825919218 -0300 +@@ -48,7 +48,7 @@ + + *pkgver*:: + The version of the software as released from the author (e.g., '2.7.1'). +- The variable is not allowed to contain colons or hyphens. ++ The variable is not allowed to contain colons, hyphens or whitespace. + + + The `pkgver` variable can be automatically updated by providing a `pkgver()` + function in the PKGBUILD that outputs the new package version. +@@ -62,7 +62,7 @@ + allows package maintainers to make updates to the package's configure + flags, for example. This is typically set to '1' for each new upstream + software release and incremented for intermediate PKGBUILD updates. The +- variable is not allowed to contain hyphens. ++ variable is not allowed to contain colons, hyphens or whitespace. + + *epoch*:: + Used to force the package to be seen as newer than any previous versions +diff -Nur pacman-5.0.0.orig/scripts/libmakepkg/lint_pkgbuild/pkgrel.sh.in pacman-5.0.0/scripts/libmakepkg/lint_pkgbuild/pkgrel.sh.in +--- pacman-5.0.0.orig/scripts/libmakepkg/lint_pkgbuild/pkgrel.sh.in 2016-01-04 00:27:45.000000000 -0300 ++++ pacman-5.0.0/scripts/libmakepkg/lint_pkgbuild/pkgrel.sh.in 2016-02-01 10:31:09.102801369 -0300 +@@ -35,8 +35,8 @@ + return 1 + fi + +- if [[ $pkgrel != +([0-9])?(.+([0-9])) ]]; then +- error "$(gettext "%s must be a decimal, not %s.")" "pkgrel" "$pkgrel" ++ if [[ $pkgrel = *[[:space:]:-]* ]]; then ++ error "$(gettext "%s is not allowed to contain colons, hyphens or whitespace.")" "pkgrel" "$pkgrel" + return 1 + fi + } +diff -Nur pacman-5.0.0.orig/test/util/vercmptest.sh pacman-5.0.0/test/util/vercmptest.sh +--- pacman-5.0.0.orig/test/util/vercmptest.sh 2016-01-04 00:27:45.000000000 -0300 ++++ pacman-5.0.0/test/util/vercmptest.sh 2016-02-01 10:36:29.503809606 -0300 +@@ -113,6 +113,24 @@ + tap_runtest 1:1.0 1.1 1 + tap_runtest 1:1.1 1.1 1 + ++# complex pkgrel values ++tap_runtest 1-1.5.0 1-1.5.0 0 ++tap_runtest 1-1.5.1 1-1.5.0 1 ++tap_runtest 1-1.5.1 1-1.5 1 ++tap_runtest 1-1.5b 1-1.5 -1 ++tap_runtest 1-1.5b 1-1.5.1 -1 ++tap_runtest 1-1.0a 1-1.0alpha -1 ++tap_runtest 1-1.0alpha 1-1.0b -1 ++tap_runtest 1-1.0b 1-1.0beta -1 ++tap_runtest 1-1.0beta 1-1.0rc -1 ++tap_runtest 1-1.0rc 1-1.0 -1 ++tap_runtest 1-1.5.a 1-1.5 1 ++tap_runtest 1-1.5.b 1-1.5.a 1 ++tap_runtest 1-1.5.1 1-1.5.b 1 ++tap_runtest 1-2 1-2.par1 1 ++tap_runtest 1-2 1-2.par1 1 ++tap_runtest 1-3 1-2.par1 -1 ++ + tap_finish + + # vim: set noet: diff --git a/libre/pacman/makepkg.conf b/libre/pacman/makepkg.conf index f997615e6..a2250206e 100644 --- a/libre/pacman/makepkg.conf +++ b/libre/pacman/makepkg.conf @@ -73,7 +73,7 @@ BUILDENV=(!distcc color !ccache check !sign) # These are default values for the options=() settings ######################################################################### # -# Default: OPTIONS=(strip docs !libtool !staticlibs emptydirs zipman purge !upx !debug) +# Default: OPTIONS=(strip docs !libtool !staticlibs emptydirs zipman purge !optipng !upx !debug) # A negated option will do the opposite of the comments below. # #-- strip: Strip symbols from binaries/libraries @@ -84,9 +84,10 @@ BUILDENV=(!distcc color !ccache check !sign) #-- zipman: Compress manual (man and info) pages in MAN_DIRS with gzip #-- purge: Remove files specified by PURGE_TARGETS #-- upx: Compress binary executable files using UPX +#-- optipng: Optimize PNG images with optipng #-- debug: Add debugging flags as specified in DEBUG_* variables # -OPTIONS=(strip docs !libtool !staticlibs emptydirs zipman purge !upx !debug) +OPTIONS=(strip docs !libtool !staticlibs emptydirs zipman purge !optipng !upx !debug) #-- File integrity checks to use. Valid: md5, sha1, sha256, sha384, sha512 INTEGRITY_CHECK=(md5) diff --git a/libre/pacman/pacman.conf.armv7h b/libre/pacman/pacman.conf.armv7h index d0c45c131..5672efc43 100644 --- a/libre/pacman/pacman.conf.armv7h +++ b/libre/pacman/pacman.conf.armv7h @@ -14,6 +14,7 @@ #CacheDir = /var/cache/pacman/pkg/ #LogFile = /var/log/pacman.log #GPGDir = /etc/pacman.d/gnupg/ +#HookDir = /etc/pacman.d/hooks/ HoldPkg = pacman glibc #XferCommand = /usr/bin/curl -C - -f %u > %o #XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u diff --git a/libre/pacman/pacman.conf.i686 b/libre/pacman/pacman.conf.i686 index d0c45c131..5672efc43 100644 --- a/libre/pacman/pacman.conf.i686 +++ b/libre/pacman/pacman.conf.i686 @@ -14,6 +14,7 @@ #CacheDir = /var/cache/pacman/pkg/ #LogFile = /var/log/pacman.log #GPGDir = /etc/pacman.d/gnupg/ +#HookDir = /etc/pacman.d/hooks/ HoldPkg = pacman glibc #XferCommand = /usr/bin/curl -C - -f %u > %o #XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u diff --git a/libre/pacman/pacman.conf.x86_64 b/libre/pacman/pacman.conf.x86_64 index 07cc0a86c..371a64a68 100644 --- a/libre/pacman/pacman.conf.x86_64 +++ b/libre/pacman/pacman.conf.x86_64 @@ -14,6 +14,7 @@ #CacheDir = /var/cache/pacman/pkg/ #LogFile = /var/log/pacman.log #GPGDir = /etc/pacman.d/gnupg/ +#HookDir = /etc/pacman.d/hooks/ HoldPkg = pacman glibc #XferCommand = /usr/bin/curl -C - -f %u > %o #XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u |