Age | Commit message (Collapse) | Author | Files | Lines |
|
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
When installing a remote package with "pacman -U <url>", pacman renames
the downloaded package file to match the name given in the
Content-Disposition header. However, pacman does not sanitize this name,
which may contain slashes, before calling rename(). A malicious server (or
a network MitM if downloading over HTTP) can send a content-disposition
header to make pacman place the file anywhere in the filesystem,
potentially leading to arbitrary root code execution. Notably, this
bypasses pacman's package signature checking.
For example, a malicious package-hosting server (or a network
man-in-the-middle, if downloading over HTTP) could serve the following
header:
Content-Disposition: filename=../../../../../../usr/share/libalpm/hooks/evil.hook
and pacman would move the downloaded file to
/usr/share/libalpm/hooks/evil.hook. This invocation of "pacman -U" would
later fail, unable to find the downloaded package in the cache directory,
but the hook file would remain in place. The commands in the malicious
hook would then be run (as root) the next time any package is installed.
Discovered-by: Adam Suhl <asuhl@mit.edu>
Signed-off-by: Allan McRae <allan@archlinux.org>
(cherry picked from commit d197d8ab82cf10650487518fb968067897a12775)
|
|
Signed-off-by: Andrew Gregory <andrew@archlinux.org>
|
|
Signed-off-by: Andrew Gregory <andrew@archlinux.org>
|
|
An empty siglevel does not do any signature verification which is
exactly what we want when compiled without gpg support. This is already
allowed in other parts of the codebase and required for the test suite
to pass when compiled without gpg support.
Fixes: FS#60880
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
(cherry picked from commit 61fe73804305a8bbb434cdc245944df5284f1964)
|
|
Mostly churn in string headers, but a few new or updated translations.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
If poll() is interrupted by a signal, alpm was closing the socket it
uses for listening to script/hook output. This would drop script output
at the least and kill the script at the worst.
Fixes FS#60396
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
(cherry picked from commit ac959bb9c6ce549047a954109ae825158855e386)
|
|
Front-ends or libraries may set signals to be ignored, which gets
inherited across fork and exec. This can cause scripts to malfunction
if they expect the signal. To make matters worse, scripts written in
bash can't reset signals that were ignored when bash was started.
Fixes FS#56756
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
(cherry picked from commit 9886566abb375043740167ce5066f1a186c71176)
|
|
Upon receiving SIGINT a flag is set to abort the (curl) download.
However, since it was never reset/initialized, if a front-end doesn't
actually exit on SIGINT, and later tries any operation that needs to
perform a new download, said download would always get aborted right
away due to the flag not having been reset.
(cherry picked from commit ffde85aadfe0e08fb710102d0a547335e9d1a200)
|
|
Variable dload_interrupted is used both to abort a download because
SIGINT was caught, and when a file limit is reached. But raising SIGINT
is only meant to happen in the first case.
Signed-off-by: Olivier Brunel <jjk@jjacky.com>
(cherry picked from commit d96d0ffe7c88d9521a9e6cdd65939e9a20733cdf)
|
|
Add a case for curl error 'Could not resolve host'.
An attempt to fix FS#48285.
Signed-off-by: Michael Straube <straubem@gmx.de>
Signed-off-by: Allan McRae <allan@archlinux.org>
(cherry picked from commit 9e960d9d5a735bbc7d418f2ad81d3f3e92d99968)
|
|
Due to a copy-paste error when initially implementing this, it actually
uses a duplicate function name, usually resulting in lint_pkgbuild
overwriting the function definition.
Then the PKGBUILD lint gets run twice, one time before the PKGBUILD is
even sourced -- to potentially surprising results, like erroring out on
a pre-existing shell definition that doesn't match our expectations.
Seen in the wild with lint_config triggering an error for
'declare -x arch="foo"'
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
(cherry picked from commit 2bec380e108536f5e5f728ef66223ed3fabf5ab1)
|
|
Fixes FS#60106
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
(cherry picked from commit 3318039e3b1530396b0e3ced49ea6fe5b6ea00c5)
|
|
Signed-off-by: morganamilo <morganamilo@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
(cherry picked from commit 62eef5bbdb025d9557a1609760b42d7fbac16ad2)
|
|
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
The biggest issue is directly supplying the data within the format
string which can result in misinterpreting formatter sequences if a
printed variable contains an "%" in it. This character is currently
permitted in the pkgver field, though not in the pkgname. Also
pacman/libalpm itself has much looser limitations and this can appear
anywhere at all if a package was created by some other program.
For the package "iambroke-1%s-1-any.pkg.tar.xz", installed in the build
environment, the result is:
-> Generating .BUILDINFO file...
awk: cmd. line:3: (FILENAME=- FNR=1085) fatal: not enough arguments to satisfy format string
`-1%s-1'
^ ran out for this one
Followed by a .BUILDINFO which contains an LC_ALL=C sorted list of
$pkgname-${epoch:+$epoch:}$pkgver-$pkgrel-$arch ending in:
installed = iambroke
Which is cut short, then fails to list the succeeding packages. The
package itself successfully builds.
It's also unnecessary to save the output of pacman -Qq in order to get the
information for pacman -Qi, since the latter will, just like the former,
return information for all installed packages if not given a package
name(s).
While I am at it, pipe this directly to awk rather than keeping a copy
in an unnecessary local variable. This is slightly more efficient in
addition to preventing the <<< herestring from re-interpreting the
content of "$pkginfos" in ways that don't really matter for our usage.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
The pacman --overwrite operation currently expects a path without
the root prefix specified. This is unexpected, particularly
given our conflict error message reports the path with the root
prefix included.
This patch allows libalpm to overwrite files with the root prefix
specified.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
This change was introduced to prevent entries like depends=('foo>').
However, it had the unintended side effect of causing a number of
working PKGBUILDs to fail to build. This happened when a PKGBUILD
defined one variable through calling a "complex" statement within the
PKGBUILD's package function (e.g. a function or evaluating in a
subshell), then used it to define the package metadata variable.
extract_function_variable() cannot execute the package function in order
to retrieve this information, so it performs a simple grep + eval instead
and in the process misses the contextual awareness of running within the
package function.
While not catching these "issues" can result in incorrect SRCINFO, the
resulting packages are fine. Stop aborting on the common case where the
pkgver of a dependency is dynamically set during the package function
until the large number of broken PKGBUILDs are fixed, and the
restrictions of the PKGBUILD format are documented.
"Fixes" FS#58776
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Add missing sha224 sums to makepkg.conf and it's man page.
Signed-off-by: Michael Straube <michael.straube@posteo.de>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Ini-style configuration formats are all over the place. So are we, for
that matter, as we switched how we treated middle-of-line comments in
commit 8a19c4a78251c5e34ecf508a65d943ca2dc833c7 -- namely, they're not
comments anymore. This is surprising to users, who report bugs because
it used to work, but what's more surprising is that the only
"documentation" for the type of comments users can be expected to use,
is by guessing from our example pacman.conf and maybe discovering
unreliable easter eggs.
Fixes FS#58809
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
The use of --sysroot in the real world has flagged some issues that need
addressing. Undeprecate --root for now.
This reverts commit a278356f75866f89232e3e6230bbf9fb2dc1893c.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
A blank file slipped into libmakepkg in commit 2c94118d.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
DW_AT_comp_dir is meant to contain the directory in which the compiler
was run
DW_AT_name contains the source file the compiler was told to use.
In the event that DW_AT_name is an absolute path, it is (obviously) not
meant to be computed relative to DW_AT_comp_dir. However, we did not
handle this correctly, and as a result tried to copy source files using
doubled-up filepaths.
The correct approach should be to use DW_AT_name on its own, in the
event that it is an absolute path.
See http://wiki.dwarfstd.org/index.php?title=Best_Practices.
This fixes debug package generation for many packages that use absolute
paths in their build systems... like CMake.
Reported-by: Jagannathan Tiruvallur Eachambadi <jagannathante@gmail.com>
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
This reverts commit 9e52a36794552b77ecf26f7f34b226d096978f1e.
The change to use declare for the split package metadata backup/restore
resulted in variables being declared at a local scope. When these variables
were unset (mostly noticed with debug packaging) this left the variable at
global scope defined. Revert back to the known good state.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
We do not distribute a ChangeLog prototype, so should not reference
it in the man page.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
In commit 9a4d61622066d5d30c649f1c958b26526a4ceddf debug packages were
merged into one exclusive pkgbase-debug, but the print_all_package_names
function did not get updated to match this logic.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Commit 9c8d7a80 broke the signing of debug packages by merging code up but
not changing the test condition.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
The filename in the license header did not match the actual filename
as in the other files. Hopefully this is not too nit-picky.
Signed-off-by: Michael Straube <straubem@gmx.de>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Assuming that everything is a string leads to code which is effectively:
a=
a+=('bar')
This creates an array with 2 elements instead of one. Using proper array
initialization fixes this.
https://lists.archlinux.org/pipermail/pacman-dev/2018-June/022591.html
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Signed-off-by: morganamilo <morganamilo@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
When comparing the $BUILDDIR to the $startdir, we used string equality
instead of testing whether they are the same location, and ended up
appending $pkgbase even though there's no reason to use it here.
In some cases, this could result in makepkg erroring when trying to
create $srcdir/$pkgdir, if a file with the same name as the $pkgbase
exists. This is expected behavior if a file "src" or "pkg" exists, but
decidedly less so for $pkgbase.
This could be fixed either by setting $startdir to an absolute path, or
by ensuring the test checks this directly; I've chosen to do both, since
the test should really be correctly checking the thing it actually cares
about, but since we ensure absolute paths are used everywhere else, this
might bite us elsewhere someday. It's also more consistent.
Fixes FS#58865
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
The format of pkgrel was much more retrictive than described in the
man page. Update the documentation to reflect this.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
It's especially dangerous in trap handlers since the return value of the
function becomes the return value of the last command before the trap,
not the last command in the current function. This applies to any
function executed in a trap handler, nested functions included.
In one case, install_packages failed (via return 14), which was inside a
conditional that then ran exit 14, which triggered the EXIT handler,
which called clean_up, which called remove_deps, which had !RMDEPS and
thus returned. The return value of remove_deps became the return value
of install_packages, triggering the ERR handler, which (due to another
problem) was still the user function handler, which then printed a
misleading error message and overrode the exit code with 4.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
In commit 8ff03868a37b1f9c447784ae2fd639a49e426399 PACMAN_OPTS was
turned into an array. Unfortunately, that array was generated by
treating the "--color never" option as one string, instead of an
array of two strings...
Fixes FS#58820
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
1. Without `-L`, curl doesn't follow redirects. This is different than
both the default behavior of pacman, and from the wget example. So add
`-L`.
2. It uses `-C -` to supposedly allow resuming partial downloads; but that
doesn't work if we use `> %o` to direct the output to the file.
Instead, use `-o %o` so that `-C -` actually works.
Signed-off-by: Luke Shumaker <lukeshu@parabola.nu>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
$restoretrap is empty if the trap was not set. This caused the trap
handler to remain and override later exit codes.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
We fail with an error, but then we also fail with:
==> ERROR: depends is not allowed to be empty.
/usr/share/makepkg/lint_pkgbuild/pkgname.sh: line 39: continue: only meaningful in a `for', `while', or `until' loop
During the refactor to provide enhanced pkgname=pkgver linting, this was
moved out of the ${pkgname[@]} loop to a distinct function, at which
time it should have been modified to return rather than continue.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
In commit d8717a6a9666ec80c8645d190d6f9c7ab73084ac the write permission
checks were refactored. Initially we intended to drop this chmod in the
process, but due to some confusion about whether it was needed, I ended
up submitting patches both to preserve and to remove it... but it's not
needed after all. We do it on the individual $srcdir/$pkgdir, later on.
Then, we used the wrong version, which causes unnecessary restrictions.
See FS#58790
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
pacman accepts these, and there is no good reason to be more restrictive
ourselves; we should follow the example of "depends" here.
Update the documentation to actually state that this is supported.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Simplifies the function a bit, but mostly, mkdir -p will never fail if
the directory exists, and therefore makepkg never checks to see if it is
actually writable. On the other hand, it's unnecessary to check if the
directory exists once we know mkdir -p succeeded...
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Reported-by: Rafael Ascensão <rafa.almas@gmail.com>
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
In commit d8591dd3418d55c5736022ef003891fc03b953e0 when teaching
--packagelist to print the full filepath for built arches only, I forgot
to update the helptext at the same time as I updated the manpage.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
pacman-conf returned All for any repo Usage query because it was
checking if any repo options were enabled rather than if all options
were enabled.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Also remove any translations that are less than 75% complete. These will
be readded once translation completion passes our minimum threshold.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Signed-off-by: Allan McRae <allan@archlinux.org>
|