diff options
author | bill-auger <mr.j.spam.me@gmail.com> | 2024-04-18 19:08:53 -0400 |
---|---|---|
committer | bill-auger <mr.j.spam.me@gmail.com> | 2024-04-18 23:00:25 -0400 |
commit | 0821998ee99212cfb7a118eb5e2d12976387f6a2 (patch) | |
tree | c42e741042337391b17fff8972ea59523948ebdc | |
parent | c049cb42c8aa66a81c642a06fb854feaae739e28 (diff) |
pacman: backport patch for broken `xfercommand` (arch MR#152)
-rw-r--r-- | libre/pacman/1001-arch-MR152.patch | 86 | ||||
-rw-r--r-- | libre/pacman/PKGBUILD | 6 |
2 files changed, 90 insertions, 2 deletions
diff --git a/libre/pacman/1001-arch-MR152.patch b/libre/pacman/1001-arch-MR152.patch new file mode 100644 index 000000000..bccfc4b55 --- /dev/null +++ b/libre/pacman/1001-arch-MR152.patch @@ -0,0 +1,86 @@ +From 9d99e9c77573560c4f833e7bf4974ac7bb588244 Mon Sep 17 00:00:00 2001 +From: Demi Obenour <demi@invisiblethingslab.com> +Date: Sun, 17 Mar 2024 16:05:55 +0000 +Subject: [PATCH 1/2] Fetch signature and database from the same URL + +Previously, the for loops on lines 1035 and 1037 would advance to the +next element in the server list, even if downloading the URL succeeded. +If there are no more servers in the list, `s` would be NULL, causing +a NULL pointer dereference on line 1046. If there were servers left +in the list, the signature would be downloaded from a wrong URL. + + +1. Fetching of database signatures is enabled. +2. There is only one enabled remote repository URL, or fetching from + all but the last one fails and fetching from the last one succeeds. +3. An XferCommand is used. + +Qubes OS Arch templates satisfy all of these conditions and trigger the bug. +--- + lib/libalpm/dload.c | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +diff --git a/lib/libalpm/dload.c b/lib/libalpm/dload.c +index 106390a01..8f6b9e4ea 100644 +--- a/lib/libalpm/dload.c ++++ b/lib/libalpm/dload.c +@@ -1032,13 +1032,18 @@ int _alpm_download(alpm_handle_t *handle, + } + } + } else { +- for(s = payload->cache_servers; s && ret == -1; s = s->next) { ++ for(s = payload->cache_servers; s; s = s->next) { + ret = payload_download_fetchcb(payload, s->data, localpath); ++ if (ret != -1) ++ goto download_signature; + } +- for(s = payload->servers; s && ret == -1; s = s->next) { ++ for(s = payload->servers; s; s = s->next) { + ret = payload_download_fetchcb(payload, s->data, localpath); ++ if (ret != -1) ++ goto download_signature; + } + ++download_signature: + if (ret != -1 && payload->download_signature) { + /* Download signature if requested */ + char *sig_fileurl; +-- +GitLab + + +From 43c9365cfe3bc95f0fb1227fd8a75fe420b2ab52 Mon Sep 17 00:00:00 2001 +From: Demi Obenour <demi@invisiblethingslab.com> +Date: Mon, 18 Mar 2024 04:57:26 +0000 +Subject: [PATCH 2/2] Use braces around goto statements + +No functional change. +--- + lib/libalpm/dload.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/lib/libalpm/dload.c b/lib/libalpm/dload.c +index 8f6b9e4ea..f2fa1a543 100644 +--- a/lib/libalpm/dload.c ++++ b/lib/libalpm/dload.c +@@ -1034,13 +1034,15 @@ int _alpm_download(alpm_handle_t *handle, + } else { + for(s = payload->cache_servers; s; s = s->next) { + ret = payload_download_fetchcb(payload, s->data, localpath); +- if (ret != -1) ++ if (ret != -1) { + goto download_signature; ++ } + } + for(s = payload->servers; s; s = s->next) { + ret = payload_download_fetchcb(payload, s->data, localpath); +- if (ret != -1) ++ if (ret != -1) { + goto download_signature; ++ } + } + + download_signature: +-- +GitLab + diff --git a/libre/pacman/PKGBUILD b/libre/pacman/PKGBUILD index 7405d8974..662737c80 100644 --- a/libre/pacman/PKGBUILD +++ b/libre/pacman/PKGBUILD @@ -33,7 +33,7 @@ pkgname=pacman pkgver=6.1.0 pkgrel=3 -pkgrel+=.parabola1 +pkgrel+=.parabola2 pkgdesc="A library-based package manager with dependency support" arch=('x86_64') arch+=('armv7h' 'i686') @@ -71,6 +71,7 @@ source=( ${source[*]/makepkg.conf/makepkg.conf.in} source+=(dummy.conf 9001-makepkg-Treat-pkgrel-more-similarly-to-pkgver.patch 9002-pacman-key-updatedb.patch) +source+=(1001-arch-MR152.patch) # parabola BR #3625 source_armv7h=(0001-Sychronize-filesystem.patch 0002-Revert-close-stdin-before-running-install-scripts.patch 0003-Revert-alpm_run_chroot-always-connect-parent2child-p.patch) @@ -90,9 +91,10 @@ sha256sums+=('82a696bc3254b3fa2ab2666d239445e1a431b5e7d0152690f4265b82112cc86f' '8be3b33a28c74630b74d1997795424a1c0af82c26625a428ec139480fb1115a1' # pacman.conf.i686 '5be276a68f7ec1d0497e26afba205a9feb14308b6fddc6cae3b32a0b6e9f9bbf' # pacman.conf.x86_64 'd8d68a71904d3e8015bf4454e1f2ae083c7b70624c5bb4b04331ee450d4285eb') # makepkg.conf.in -sha256sums+=('8fca32bf5ee85b67c93983d7e1c93734de5e715b3bb732f7e48b88da7844f94b' +sha256sums+=('8fca32bf5ee85b67c93983d7e1c93734de5e715b3bb732f7e48b88da7844f94b' # dummy.conf '9ccc7ef5bd27a68d8788f10c6e5b36495c5d9038d4eb160f9ea4dc9901b622d8' '39e4db3eed5dc522baffb7f853a7dbb7b417cc7a718599d768297adfbe99e263') +sha256sums+=('19f9500e685ad1472b430b428c76549d5ae5da958e0c5e6e155cdd477a39e357') sha256sums_armv7h=('8d70fb5094f58aad98b601bbc42be354c2014b9fe734a1ee0b1e14bb041cc9cc' '0e771370da68c855bfb4eaad4c2ae137883a474886a049b934dac2e775574cb9' '2f586f72c34150330389854575a21be1d3ef3637c4f94bec2e948c2717a5aecb') |