summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2019-03-01Sanitize file name received from Content-Disposition headerAndrew Gregory1-1/+2
When installing a remote package with "pacman -U <url>", pacman renames the downloaded package file to match the name given in the Content-Disposition header. However, pacman does not sanitize this name, which may contain slashes, before calling rename(). A malicious server (or a network MitM if downloading over HTTP) can send a content-disposition header to make pacman place the file anywhere in the filesystem, potentially leading to arbitrary root code execution. Notably, this bypasses pacman's package signature checking. For example, a malicious package-hosting server (or a network man-in-the-middle, if downloading over HTTP) could serve the following header: Content-Disposition: filename=../../../../../../usr/share/libalpm/hooks/evil.hook and pacman would move the downloaded file to /usr/share/libalpm/hooks/evil.hook. This invocation of "pacman -U" would later fail, unable to find the downloaded package in the cache directory, but the hook file would remain in place. The commands in the malicious hook would then be run (as root) the next time any package is installed. Discovered-by: Adam Suhl <asuhl@mit.edu> Signed-off-by: Allan McRae <allan@archlinux.org> (cherry picked from commit d197d8ab82cf10650487518fb968067897a12775)
2018-12-25Release v5.1.2v5.1.2Andrew Gregory1-2/+2
Signed-off-by: Andrew Gregory <andrew@archlinux.org>
2018-12-25update NEWS for v5.1.2Andrew Gregory2-0/+16
Signed-off-by: Andrew Gregory <andrew@archlinux.org>
2018-12-23always allow explicit empty siglevel for sync dbsAndrew Gregory1-1/+1
An empty siglevel does not do any signature verification which is exactly what we want when compiled without gpg support. This is already allowed in other parts of the codebase and required for the test suite to pass when compiled without gpg support. Fixes: FS#60880 Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org> (cherry picked from commit 61fe73804305a8bbb434cdc245944df5284f1964)
2018-12-12Pull updated translations from TransifexAllan McRae95-5376/+5422
Mostly churn in string headers, but a few new or updated translations. Signed-off-by: Allan McRae <allan@archlinux.org>
2018-11-19handle EINTR while polling scripts/hooksAndrew Gregory3-1/+25
If poll() is interrupted by a signal, alpm was closing the socket it uses for listening to script/hook output. This would drop script output at the least and kill the script at the worst. Fixes FS#60396 Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org> (cherry picked from commit ac959bb9c6ce549047a954109ae825158855e386)
2018-11-19reset signal handlers before running scripts/hooksAndrew Gregory3-0/+32
Front-ends or libraries may set signals to be ignored, which gets inherited across fork and exec. This can cause scripts to malfunction if they expect the signal. To make matters worse, scripts written in bash can't reset signals that were ignored when bash was started. Fixes FS#56756 Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org> (cherry picked from commit 9886566abb375043740167ce5066f1a186c71176)
2018-11-19alpm: Fix SIGINT handling re: aborting downloadOlivier Brunel1-0/+1
Upon receiving SIGINT a flag is set to abort the (curl) download. However, since it was never reset/initialized, if a front-end doesn't actually exit on SIGINT, and later tries any operation that needs to perform a new download, said download would always get aborted right away due to the flag not having been reset. (cherry picked from commit ffde85aadfe0e08fb710102d0a547335e9d1a200)
2018-11-19alpm: Do not raise SIGINT when filesize goes over limitOlivier Brunel1-1/+1
Variable dload_interrupted is used both to abort a download because SIGINT was caught, and when a file limit is reached. But raising SIGINT is only meant to happen in the first case. Signed-off-by: Olivier Brunel <jjk@jjacky.com> (cherry picked from commit d96d0ffe7c88d9521a9e6cdd65939e9a20733cdf)
2018-11-19libalpm/dload.c: add case for CURLE_COULDNT_RESOLVE_HOSTMichael Straube1-0/+7
Add a case for curl error 'Could not resolve host'. An attempt to fix FS#48285. Signed-off-by: Michael Straube <straubem@gmx.de> Signed-off-by: Allan McRae <allan@archlinux.org> (cherry picked from commit 9e960d9d5a735bbc7d418f2ad81d3f3e92d99968)
2018-11-19libmakepkg/lint_config: fix lint_variable actually running the PKGBUILD lintEli Schwartz1-2/+2
Due to a copy-paste error when initially implementing this, it actually uses a duplicate function name, usually resulting in lint_pkgbuild overwriting the function definition. Then the PKGBUILD lint gets run twice, one time before the PKGBUILD is even sourced -- to potentially surprising results, like erroring out on a pre-existing shell definition that doesn't match our expectations. Seen in the wild with lint_config triggering an error for 'declare -x arch="foo"' Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org> (cherry picked from commit 2bec380e108536f5e5f728ef66223ed3fabf5ab1)
2018-11-19pacman: check versioned optdepends in -Qi operationEli Schwartz1-1/+1
Fixes FS#60106 Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org> (cherry picked from commit 3318039e3b1530396b0e3ced49ea6fe5b6ea00c5)
2018-11-19pacman-conf: add missing DisableDownloadTimeoutmorganamilo1-0/+3
Signed-off-by: morganamilo <morganamilo@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org> (cherry picked from commit 62eef5bbdb025d9557a1609760b42d7fbac16ad2)
2018-07-27Release v5.1.1v5.1.1Allan McRae3-2/+22
Signed-off-by: Allan McRae <allan@archlinux.org>
2018-07-27makepkg: optimize and fix BUILDINFO generation's use of awkEli Schwartz1-6/+4
The biggest issue is directly supplying the data within the format string which can result in misinterpreting formatter sequences if a printed variable contains an "%" in it. This character is currently permitted in the pkgver field, though not in the pkgname. Also pacman/libalpm itself has much looser limitations and this can appear anywhere at all if a package was created by some other program. For the package "iambroke-1%s-1-any.pkg.tar.xz", installed in the build environment, the result is: -> Generating .BUILDINFO file... awk: cmd. line:3: (FILENAME=- FNR=1085) fatal: not enough arguments to satisfy format string `-1%s-1' ^ ran out for this one Followed by a .BUILDINFO which contains an LC_ALL=C sorted list of $pkgname-${epoch:+$epoch:}$pkgver-$pkgrel-$arch ending in: installed = iambroke Which is cut short, then fails to list the succeeding packages. The package itself successfully builds. It's also unnecessary to save the output of pacman -Qq in order to get the information for pacman -Qi, since the latter will, just like the former, return information for all installed packages if not given a package name(s). While I am at it, pipe this directly to awk rather than keeping a copy in an unnecessary local variable. This is slightly more efficient in addition to preventing the <<< herestring from re-interpreting the content of "$pkginfos" in ways that don't really matter for our usage. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2018-07-27alpm-hooks.5: include more information on hook filesJouke Witteveen1-2/+6
Signed-off-by: Allan McRae <allan@archlinux.org>
2018-07-27Pull updated translations from TransifexAllan McRae88-6836/+6884
Signed-off-by: Allan McRae <allan@archlinux.org>
2018-07-27Handle root prefix in overwrite operationsAllan McRae1-4/+5
The pacman --overwrite operation currently expects a path without the root prefix specified. This is unexpected, particularly given our conflict error message reports the path with the root prefix included. This patch allows libalpm to overwrite files with the root prefix specified. Signed-off-by: Allan McRae <allan@archlinux.org>
2018-07-27makepkg: reduce strictness of pkgver in depends lintingEli Schwartz1-1/+2
This change was introduced to prevent entries like depends=('foo>'). However, it had the unintended side effect of causing a number of working PKGBUILDs to fail to build. This happened when a PKGBUILD defined one variable through calling a "complex" statement within the PKGBUILD's package function (e.g. a function or evaluating in a subshell), then used it to define the package metadata variable. extract_function_variable() cannot execute the package function in order to retrieve this information, so it performs a simple grep + eval instead and in the process misses the contextual awareness of running within the package function. While not catching these "issues" can result in incorrect SRCINFO, the resulting packages are fine. Stop aborting on the common case where the pkgver of a dependency is dynamically set during the package function until the large number of broken PKGBUILDs are fixed, and the restrictions of the PKGBUILD format are documented. "Fixes" FS#58776 Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2018-07-27makepkg.conf: add missing sha224 sumsMichael Straube2-2/+2
Add missing sha224 sums to makepkg.conf and it's man page. Signed-off-by: Michael Straube <michael.straube@posteo.de> Signed-off-by: Allan McRae <allan@archlinux.org>
2018-07-25doc: declare what type of comments we support in pacman.confEli Schwartz1-0/+3
Ini-style configuration formats are all over the place. So are we, for that matter, as we switched how we treated middle-of-line comments in commit 8a19c4a78251c5e34ecf508a65d943ca2dc833c7 -- namely, they're not comments anymore. This is surprising to users, who report bugs because it used to work, but what's more surprising is that the only "documentation" for the type of comments users can be expected to use, is by guessing from our example pacman.conf and maybe discovering unreliable easter eggs. Fixes FS#58809 Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2018-07-25Revert "Deprecate --root in favour of --sysroot"Allan McRae2-2/+11
The use of --sysroot in the real world has flagged some issues that need addressing. Undeprecate --root for now. This reverts commit a278356f75866f89232e3e6230bbf9fb2dc1893c. Signed-off-by: Allan McRae <allan@archlinux.org>
2018-07-19libmakepkg: remove accidentally added fileAllan McRae1-0/+0
A blank file slipped into libmakepkg in commit 2c94118d. Signed-off-by: Allan McRae <allan@archlinux.org>
2018-07-19libmakepkg/tidy: fix debug sources not being properly detected sometimesEli Schwartz1-1/+1
DW_AT_comp_dir is meant to contain the directory in which the compiler was run DW_AT_name contains the source file the compiler was told to use. In the event that DW_AT_name is an absolute path, it is (obviously) not meant to be computed relative to DW_AT_comp_dir. However, we did not handle this correctly, and as a result tried to copy source files using doubled-up filepaths. The correct approach should be to use DW_AT_name on its own, in the event that it is an absolute path. See http://wiki.dwarfstd.org/index.php?title=Best_Practices. This fixes debug package generation for many packages that use absolute paths in their build systems... like CMake. Reported-by: Jagannathan Tiruvallur Eachambadi <jagannathante@gmail.com> Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2018-07-19Revert "makepkg: use the `declare` builtin when backing up variables to eval"Allan McRae1-4/+16
This reverts commit 9e52a36794552b77ecf26f7f34b226d096978f1e. The change to use declare for the split package metadata backup/restore resulted in variables being declared at a local scope. When these variables were unset (mostly noticed with debug packaging) this left the variable at global scope defined. Revert back to the known good state. Signed-off-by: Allan McRae <allan@archlinux.org>
2018-06-19PKGBUILD(5): Remove reference to ChangeLog prototype inclusionAllan McRae1-3/+3
We do not distribute a ChangeLog prototype, so should not reference it in the man page. Signed-off-by: Allan McRae <allan@archlinux.org>
2018-06-18makepkg: don't print per-pkgname debug packagesEli Schwartz1-3/+4
In commit 9a4d61622066d5d30c649f1c958b26526a4ceddf debug packages were merged into one exclusive pkgbase-debug, but the print_all_package_names function did not get updated to match this logic. Signed-off-by: Allan McRae <allan@archlinux.org>
2018-06-18Fix signing of debug packagesAllan McRae1-1/+1
Commit 9c8d7a80 broke the signing of debug packages by merging code up but not changing the test condition. Signed-off-by: Allan McRae <allan@archlinux.org>
2018-06-18libalpm/dload.c: fix filename in license headerMichael Straube1-1/+1
The filename in the license header did not match the actual filename as in the other files. Hopefully this is not too nit-picky. Signed-off-by: Michael Straube <straubem@gmx.de> Signed-off-by: Allan McRae <allan@archlinux.org>
2018-06-18makepkg: fix initialization when extracting arraysDave Reisner1-1/+5
Assuming that everything is a string leads to code which is effectively: a= a+=('bar') This creates an array with 2 elements instead of one. Using proper array initialization fixes this. https://lists.archlinux.org/pipermail/pacman-dev/2018-June/022591.html Signed-off-by: Allan McRae <allan@archlinux.org>
2018-06-18Add missing sha224 sums in man page and lintingmorganamilo2-2/+3
Signed-off-by: morganamilo <morganamilo@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2018-06-18makepkg: fix erroneous $BUILDDIR when $startdir is not an absolute pathEli Schwartz1-2/+2
When comparing the $BUILDDIR to the $startdir, we used string equality instead of testing whether they are the same location, and ended up appending $pkgbase even though there's no reason to use it here. In some cases, this could result in makepkg erroring when trying to create $srcdir/$pkgdir, if a file with the same name as the $pkgbase exists. This is expected behavior if a file "src" or "pkg" exists, but decidedly less so for $pkgbase. This could be fixed either by setting $startdir to an absolute path, or by ensuring the test checks this directly; I've chosen to do both, since the test should really be correctly checking the thing it actually cares about, but since we ensure absolute paths are used everywhere else, this might bite us elsewhere someday. It's also more consistent. Fixes FS#58865 Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2018-06-18PKGBUILD.5: document restriction on pkgrelAllan McRae1-2/+4
The format of pkgrel was much more retrictive than described in the man page. Update the documentation to reflect this. Signed-off-by: Allan McRae <allan@archlinux.org>
2018-06-18makepkg: Don't use parameterless returnJan Alexander Steffens (heftig)1-7/+7
It's especially dangerous in trap handlers since the return value of the function becomes the return value of the last command before the trap, not the last command in the current function. This applies to any function executed in a trap handler, nested functions included. In one case, install_packages failed (via return 14), which was inside a conditional that then ran exit 14, which triggered the EXIT handler, which called clean_up, which called remove_deps, which had !RMDEPS and thus returned. The return value of remove_deps became the return value of install_packages, triggering the ERR handler, which (due to another problem) was still the user function handler, which then printed a misleading error message and overrode the exit code with 4. Signed-off-by: Allan McRae <allan@archlinux.org>
2018-06-18makepkg: fix the --nocolor option being broken when passed to pacman -UEli Schwartz1-1/+1
In commit 8ff03868a37b1f9c447784ae2fd639a49e426399 PACMAN_OPTS was turned into an array. Unfortunately, that array was generated by treating the "--color never" option as one string, instead of an array of two strings... Fixes FS#58820 Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2018-06-18pacman.conf: Fixup the XferCommand example for curlLuke Shumaker1-1/+1
1. Without `-L`, curl doesn't follow redirects. This is different than both the default behavior of pacman, and from the wget example. So add `-L`. 2. It uses `-C -` to supposedly allow resuming partial downloads; but that doesn't work if we use `> %o` to direct the output to the file. Instead, use `-o %o` so that `-C -` actually works. Signed-off-by: Luke Shumaker <lukeshu@parabola.nu> Signed-off-by: Allan McRae <allan@archlinux.org>
2018-06-18makepkg: Clear ERR trap before trying to restore itJan Alexander Steffens (heftig)1-0/+1
$restoretrap is empty if the trap was not set. This caused the trap handler to remain and override later exit codes. Signed-off-by: Allan McRae <allan@archlinux.org>
2018-06-18libmakepkg/lint_pkgbuild: squelch syntax error when a pkgname is emptyEli Schwartz1-2/+1
We fail with an error, but then we also fail with: ==> ERROR: depends is not allowed to be empty. /usr/share/makepkg/lint_pkgbuild/pkgname.sh: line 39: continue: only meaningful in a `for', `while', or `until' loop During the refactor to provide enhanced pkgname=pkgver linting, this was moved out of the ${pkgname[@]} loop to a distinct function, at which time it should have been modified to return rather than continue. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2018-06-18makepkg: do not chmod $BUILDDIR itself after checking for its existenceEli Schwartz1-1/+0
In commit d8717a6a9666ec80c8645d190d6f9c7ab73084ac the write permission checks were refactored. Initially we intended to drop this chmod in the process, but due to some confusion about whether it was needed, I ended up submitting patches both to preserve and to remove it... but it's not needed after all. We do it on the individual $srcdir/$pkgdir, later on. Then, we used the wrong version, which causes unnecessary restrictions. See FS#58790 Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2018-06-18libmakepkg/lint_pkgbuild: permit versioned optdependsEli Schwartz2-7/+16
pacman accepts these, and there is no good reason to be more restrictive ourselves; we should follow the example of "depends" here. Update the documentation to actually state that this is supported. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2018-06-18libmakepkg: when checking for write permissions, handle pre-existing dirsEli Schwartz1-5/+5
Simplifies the function a bit, but mostly, mkdir -p will never fail if the directory exists, and therefore makepkg never checks to see if it is actually writable. On the other hand, it's unnecessary to check if the directory exists once we know mkdir -p succeeded... Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2018-06-18makepkg: remove unused variable forgotten when moving to parseoptsEli Schwartz1-1/+1
Reported-by: Rafael Ascensão <rafa.almas@gmail.com> Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2018-06-18makepkg: update help text to describe --packagelist's new behaviorEli Schwartz1-1/+1
In commit d8591dd3418d55c5736022ef003891fc03b953e0 when teaching --packagelist to print the full filepath for built arches only, I forgot to update the helptext at the same time as I updated the manpage. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2018-06-04pacman-conf: fix detection of repo usageAllan McRae1-2/+2
pacman-conf returned All for any repo Usage query because it was checking if any repo options were enabled rather than if all options were enabled. Signed-off-by: Allan McRae <allan@archlinux.org>
2018-05-28Apparently we live in the future!Allan McRae1-1/+1
Signed-off-by: Allan McRae <allan@archlinux.org>
2018-05-28Release v.5.1.0v5.1.0Allan McRae3-6/+7
Signed-off-by: Allan McRae <allan@archlinux.org>
2018-05-28Pull updated translations from TransifexAllan McRae94-35516/+1547
Also remove any translations that are less than 75% complete. These will be readded once translation completion passes our minimum threshold. Signed-off-by: Allan McRae <allan@archlinux.org>
2018-05-28Translations need to be 75% completed to be includedAllan McRae1-1/+1
Signed-off-by: Allan McRae <allan@archlinux.org>
2018-05-28Update README for pacman-5.1Allan McRae1-0/+39
Signed-off-by: Allan McRae <allan@archlinux.org>
2018-05-28Update NEWS for pacman-5.1 releaseEli Schwartz1-0/+110
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>