From 8ee3b7b24e34c76ae5c360413fb0477f25ff27d3 Mon Sep 17 00:00:00 2001
From: Omar Vega Ramos <ovruni@gnu.org.pe>
Date: Sat, 5 Aug 2017 19:03:01 -0500
Subject: pacman-5.0.2-2.parabola1: enable full RELRO and BIND_NOW

---
 libre/pacman/0001-Sychronize-filesystem.patch       | 13 ++++++-------
 ...close-stdin-before-running-install-scripts.patch | 15 +++++++--------
 ...m_run_chroot-always-connect-parent2child-p.patch | 15 +++++++--------
 libre/pacman/PKGBUILD                               | 21 +++++++++++----------
 4 files changed, 31 insertions(+), 33 deletions(-)

(limited to 'libre/pacman')

diff --git a/libre/pacman/0001-Sychronize-filesystem.patch b/libre/pacman/0001-Sychronize-filesystem.patch
index 7c5f6fdcb..b2a55e1bf 100644
--- a/libre/pacman/0001-Sychronize-filesystem.patch
+++ b/libre/pacman/0001-Sychronize-filesystem.patch
@@ -1,20 +1,20 @@
-From 25b7d2243038723c95402c0e6e1bdaa38817c92f Mon Sep 17 00:00:00 2001
-From: Kevin Mihelich <kevin@archlinuxarm.org>
+From faad6b96560cc1c7c7e816299e56b3a1ea7098e0 Mon Sep 17 00:00:00 2001
+From: Kevin Mihelich 
 Date: Sat, 13 Sep 2014 18:58:16 -0600
-Subject: [PATCH 1/2] Sychronize filesystem
+Subject: [PATCH 1/3] Sychronize filesystem
 
 Since many problems arise from improper flushing of the filesystem,
 particularly package installations followed by a reboot very shorly after,
 this will perform a sync() after installations and removals to ensure a
 consistent filesystem state after package operations.
 
-Signed-off-by: Kevin Mihelich <kevin@archlinuxarm.org>
+Signed-off-by: Kevin Mihelich 
 ---
  lib/libalpm/trans.c | 3 +++
  1 file changed, 3 insertions(+)
 
 diff --git a/lib/libalpm/trans.c b/lib/libalpm/trans.c
-index 239d6a1..8a6260a 100644
+index 13984707..82835ee5 100644
 --- a/lib/libalpm/trans.c
 +++ b/lib/libalpm/trans.c
 @@ -230,6 +230,9 @@ int SYMEXPORT alpm_trans_commit(alpm_handle_t *handle, alpm_list_t **data)
@@ -28,5 +28,4 @@ index 239d6a1..8a6260a 100644
  }
  
 -- 
-2.7.0
-
+2.13.1
diff --git a/libre/pacman/0002-Revert-close-stdin-before-running-install-scripts.patch b/libre/pacman/0002-Revert-close-stdin-before-running-install-scripts.patch
index 7a926dc16..2e8a8f310 100644
--- a/libre/pacman/0002-Revert-close-stdin-before-running-install-scripts.patch
+++ b/libre/pacman/0002-Revert-close-stdin-before-running-install-scripts.patch
@@ -1,7 +1,7 @@
-From 4a773b741fd6aca6e6f7183e40d40a06e9c65ee3 Mon Sep 17 00:00:00 2001
-From: Kevin Mihelich <kevin@archlinuxarm.org>
+From 60baf4136355d00ce141b8dc4a90637eb0245245 Mon Sep 17 00:00:00 2001
+From: Kevin Mihelich 
 Date: Sat, 30 Jan 2016 17:19:03 -0700
-Subject: [PATCH 2/2] Revert "close stdin before running install scripts"
+Subject: [PATCH 2/3] Revert "close stdin before running install scripts"
 
 This reverts commit e374e6829cea3512f0b4a4069c5a6168f0f8d8a0.
 
@@ -10,16 +10,16 @@ prompting the user to flash a new kernel to a bare partition. Removing
 this feature will undoubtedly cause more problems than it intends to
 solve.
 
-Signed-off-by: Kevin Mihelich <kevin@archlinuxarm.org>
+Signed-off-by: Kevin Mihelich 
 ---
  lib/libalpm/util.c | 1 -
  1 file changed, 1 deletion(-)
 
 diff --git a/lib/libalpm/util.c b/lib/libalpm/util.c
-index 001c042..f2d43ee 100644
+index 1e554632..41cca4a7 100644
 --- a/lib/libalpm/util.c
 +++ b/lib/libalpm/util.c
-@@ -602,7 +602,6 @@ int _alpm_run_chroot(alpm_handle_t *handle, const char *cmd, char *const argv[],
+@@ -612,7 +612,6 @@ int _alpm_run_chroot(alpm_handle_t *handle, const char *cmd, char *const argv[],
  
  	if(pid == 0) {
  		/* this code runs for the child only (the actual chroot/exec) */
@@ -28,5 +28,4 @@ index 001c042..f2d43ee 100644
  		close(2);
  		while(dup2(child2parent_pipefd[1], 1) == -1 && errno == EINTR);
 -- 
-2.7.0
-
+2.13.1
diff --git a/libre/pacman/0003-Revert-alpm_run_chroot-always-connect-parent2child-p.patch b/libre/pacman/0003-Revert-alpm_run_chroot-always-connect-parent2child-p.patch
index b150746b9..0e5874a4c 100644
--- a/libre/pacman/0003-Revert-alpm_run_chroot-always-connect-parent2child-p.patch
+++ b/libre/pacman/0003-Revert-alpm_run_chroot-always-connect-parent2child-p.patch
@@ -1,5 +1,5 @@
-From 2c2a442ba21223de93b1927f8829dbf4ab4c495c Mon Sep 17 00:00:00 2001
-From: Kevin Mihelich <kevin@archlinuxarm.org>
+From 87612bf6ef06e5fa5d58716f9c18ccb52c27be6c Mon Sep 17 00:00:00 2001
+From: Kevin Mihelich 
 Date: Fri, 11 Mar 2016 20:11:24 -0700
 Subject: [PATCH 3/3] Revert "alpm_run_chroot: always connect parent2child
  pipe"
@@ -10,10 +10,10 @@ This reverts commit 1d6583a58da0904fb7feafd4a666391087955a7b.
  1 file changed, 7 insertions(+), 6 deletions(-)
 
 diff --git a/lib/libalpm/util.c b/lib/libalpm/util.c
-index 5e74462..f2d43ee 100644
+index 41cca4a7..aba0ee94 100644
 --- a/lib/libalpm/util.c
 +++ b/lib/libalpm/util.c
-@@ -586,7 +586,7 @@ int _alpm_run_chroot(alpm_handle_t *handle, const char *cmd, char *const argv[],
+@@ -596,7 +596,7 @@ int _alpm_run_chroot(alpm_handle_t *handle, const char *cmd, char *const argv[],
  		goto cleanup;
  	}
  
@@ -22,7 +22,7 @@ index 5e74462..f2d43ee 100644
  		_alpm_log(handle, ALPM_LOG_ERROR, _("could not create pipe (%s)\n"), strerror(errno));
  		retval = 1;
  		goto cleanup;
-@@ -606,9 +606,11 @@ int _alpm_run_chroot(alpm_handle_t *handle, const char *cmd, char *const argv[],
+@@ -616,9 +616,11 @@ int _alpm_run_chroot(alpm_handle_t *handle, const char *cmd, char *const argv[],
  		close(2);
  		while(dup2(child2parent_pipefd[1], 1) == -1 && errno == EINTR);
  		while(dup2(child2parent_pipefd[1], 2) == -1 && errno == EINTR);
@@ -37,7 +37,7 @@ index 5e74462..f2d43ee 100644
  		close(child2parent_pipefd[0]);
  		close(child2parent_pipefd[1]);
  		if(cwdfd >= 0) {
-@@ -643,16 +645,15 @@ int _alpm_run_chroot(alpm_handle_t *handle, const char *cmd, char *const argv[],
+@@ -653,16 +655,15 @@ int _alpm_run_chroot(alpm_handle_t *handle, const char *cmd, char *const argv[],
  		child2parent->events = POLLIN;
  		fcntl(child2parent->fd, F_SETFL, O_NONBLOCK);
  		close(child2parent_pipefd[1]);
@@ -56,5 +56,4 @@ index 5e74462..f2d43ee 100644
  
  #define STOP_POLLING(p) do { close(p->fd); p->fd = -1; } while(0)
 -- 
-2.7.1
-
+2.13.1
diff --git a/libre/pacman/PKGBUILD b/libre/pacman/PKGBUILD
index 8139b625c..74934a55a 100644
--- a/libre/pacman/PKGBUILD
+++ b/libre/pacman/PKGBUILD
@@ -2,15 +2,16 @@
 # $Id: PKGBUILD 268273 2016-05-18 05:54:54Z allan $
 # Maintainer (Arch): Dan McGee <dan@archlinux.org>
 # Maintainer (Arch): Dave Reisner <dreisner@archlinux.org>
+# Contributor (Hyperbola): André Silva <emulatorman@hyperbola.info>
+# Contributor (Hyperbola): Márcio Silva <coadde@hyperbola.info>
 # Maintainer: Luke Shumaker <lukeshu@sbcglobal.net>
-# Contributor: André Silva <emulatorman@parabola.nu>
-# Contributor: Márcio Silva <coadde@parabola.nu>
+# Contributor: Omar Vega Ramos <ovruni@gnu.org.pe>
 # Contributor: Nicolás Reynolds <fauno@kiwwwi.com.ar>
 # Contributor: Daniel Milewski <niitotantei@riseup.net>
 
 pkgname=pacman
 pkgver=5.0.2
-pkgrel=1.parabola1
+pkgrel=2.parabola1
 pkgdesc="A library-based package manager with dependency support"
 arch=('i686' 'x86_64' 'armv7h')
 url="http://www.archlinux.org/pacman/"
@@ -48,9 +49,9 @@ sha256sums=('dfd36086ad68564bcd977f4a1fafe51dd328acd4a95093ac4bf1249be9c41f0e'
             '0d174c7c47921cfbb35dacb9d099095e78f6f67bfaa86836a3e588552f14ed03'
             '1df848c5038a3f81ae4dc79a4072d340109b02f56292a5c4a20c59f735edd2b3'
             '1cc4af1cf8e2133d4520827cc7d3ffad731892595f8e699909002d2e40ad8df9'
-            '16d1d426fd1365470891c918c2a82147fb80be97a47bfa0d8c547edbcad9b05c'
-            'c33246b876f8ba574077471bd71ff0e698d5b41ef0f9f34685dd17d417c1f204'
-            '414d65dffedf912af05b09fe6a55cd5144a8f39a5a280c1ad85c019e66ef5c83'
+            '6064bbf5b453ec50b25291cf9268c56cac4bca3ad80d47f2d6b62c82254e5461'
+            'dbadad986353ff90a390614f393a09ea07498fcf00467481bc58fbc07ac2d003'
+            '4187d385e173127df8ed6d358291f0a0b0c2581742d8859ad6b276bb6d703e49'
             '416efd44f4d52345871877fd1cb1674dc6e5c063d51f9fe0d723ca51e004595e')
 
 prepare() {
@@ -84,20 +85,20 @@ build() {
       i686)
         mycarch="i686"
         mychost="i686-pc-linux-gnu"
-        myflags="-march=i686 -mtune=generic -O2 -pipe -fstack-protector-strong"
+        myflags="-march=i686 -mtune=generic -O2 -pipe -fstack-protector-strong  -fno-plt"
         ;;
       x86_64)
         mycarch="x86_64"
         mychost="x86_64-pc-linux-gnu"
-        myflags="-march=x86-64 -mtune=generic -O2 -pipe -fstack-protector-strong"
+        myflags="-march=x86-64 -mtune=generic -O2 -pipe -fstack-protector-strong  -fno-plt"
         ;;
       armv7h)
         mycarch="armv7h"
         mychost="armv7l-unknown-linux-gnueabihf"
-        myflags="-march=armv7-a -mfloat-abi=hard -mfpu=vfpv3-d16 -O2 -pipe -fstack-protector --param=ssp-buffer-size=4"
+        myflags="-march=armv7-a -mfloat-abi=hard -mfpu=vfpv3-d16 -O2 -pipe -fstack-protector-strong -fno-plt"
         ;;
     esac
-    myldflags="-Wl,-O1,--sort-common,--as-needed,-z,relro"
+    myldflags="-Wl,-O1,--sort-common,--as-needed,-z,relro,-z,now"
 
     # set things correctly in the default conf file
     sed < "$srcdir/makepkg.conf.in" > "$srcdir/makepkg.conf.$carch" \
-- 
cgit v1.2.3