| Age | Commit message (Collapse) | Author | Files | Lines | |
|---|---|---|---|---|---|
| 2019-10-12 | run XferCommand via exec | Andrew Gregory | 1 | -1/+1 | |
| system() runs the provided command via a shell, which is subject to command injection. Even though pacman already provides a mechanism to sign and verify the databases containing the urls, certain distributions have yet to get their act together and start signing databases, leaving them vulnerable to MITM attacks. Replacing the system call with an almost equivalent exec call removes the possibility of a shell-injection attack for those users. Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> | |||||
| 2015-02-12 | sync200.py.in: remove unused substitution | Andrew Gregory | 1 | -0/+17 | |
| LIBCURL was never set in the Makefile so XferCommand was always being set in the test file. This removes the only substitution in our test files which will prevent the TESTS file from being rebuilt every time configure is run. Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org> | |||||
 |
index : pacman | |
| Main repository is at http://projects.archlinux.org/pacman.git/ | Florian Pritz |
| summaryrefslogtreecommitdiffstats |