March 2026 - Pacman-dev - lists.archlinux.org

[PATCH] conf: Fix off-by-one heap overrun in escape_chars()
by Chris Down 19 Mar '26

19 Mar '26

escape_chars() computes the post-escaping buffer size as len + pattern_chars, but unfortunately never accounts for the null terminator it unconditionally writes afterwards. That means that when pacman-conf applies --sysroot to an Include directive and that sysroot path contains a character that also happens to be a glob metacharacter, the null terminator is written one byte past the end of the allocation. Fix both the overflow guard and the malloc size so the terminator always falls within the allocated region. The off by one write is reliably caught by ASAN, so add a dedicated TAP test to prevent regressions. Fixes: 7016adcb7035 ("manually apply --sysroot to configuration") --- meson.build | 2 +- src/pacman/conf.c | 4 +-- test/util/meson.build | 9 +++++ test/util/pacman-conf-sysroot-escape.sh | 45 +++++++++++++++++++++++++ 4 files changed, 57 insertions(+), 3 deletions(-) create mode 100755 test/util/pacman-conf-sysroot-escape.sh diff --git a/meson.build b/meson.build index 8e2444d1..800f37e9 100644 --- a/meson.build +++ b/meson.build @@ -374,7 +374,7 @@ pacman_bin = executable( install : true, ) -executable( +pacman_conf_bin = executable( 'pacman-conf', pacman_conf_sources, include_directories : includes, diff --git a/src/pacman/conf.c b/src/pacman/conf.c index e391735a..fd419529 100644 --- a/src/pacman/conf.c +++ b/src/pacman/conf.c @@ -1132,8 +1132,8 @@ static char *escape_chars(const char *pattern, const char *escape) } /* allocate new string with overflow check */ - if(SIZE_MAX - len < pattern_chars - || !(escaped = malloc(len + pattern_chars))) { + if(SIZE_MAX - len <= pattern_chars + || !(escaped = malloc(len + pattern_chars + 1))) { errno = ENOMEM; return NULL; } diff --git a/test/util/meson.build b/test/util/meson.build index b4046298..71921296 100644 --- a/test/util/meson.build +++ b/test/util/meson.build @@ -5,3 +5,12 @@ test('vercmptest', args : [ join_paths(meson.current_source_dir(), 'vercmptest.sh') ]) + +test('pacman-conf-sysroot-escape', + BASH, + env : TEST_ENV, + protocol : 'tap', + args : [ + join_paths(meson.current_source_dir(), 'pacman-conf-sysroot-escape.sh') + ], + depends : [pacman_conf_bin]) diff --git a/test/util/pacman-conf-sysroot-escape.sh b/test/util/pacman-conf-sysroot-escape.sh new file mode 100755 index 00000000..473c369d --- /dev/null +++ b/test/util/pacman-conf-sysroot-escape.sh @@ -0,0 +1,45 @@ +#!/bin/bash +# +# pacman-conf-sysroot-escape - verify sysroot glob escaping under ASAN +# +# Copyright (c) 2026 Pacman Development Team <pacman-dev(a)lists.archlinux.org> +# +# This program is free software; you can redistribute it and/or modify it under +# the terms of the GNU General Public License as published by the Free Software +# Foundation; either version 2 of the License, or (at your option) any later +# version. +# +# This program is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS +# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more +# details. +# +# You should have received a copy of the GNU General Public License along with +# this program. If not, see <http://www.gnu.org/licenses/>. + +source "$(dirname "$0")"/../tap.sh || exit 1 + +bin=${1:-${PMTEST_UTIL_DIR}pacman-conf} + +if ! type -p "$bin" &>/dev/null; then + tap_bail "pacman-conf binary ($bin) could not be located" + exit 1 +fi + +tmpdir=$(mktemp -d) +trap 'rm -rf "$tmpdir"' EXIT + +sysroot="$tmpdir/sys[root" +mkdir -p "$sysroot/etc" "$sysroot/dev" +: > "$sysroot/dev/null" +printf '[options]\nInclude = /dev/null\n' > "$sysroot/etc/pacman.conf" + +tap_plan 2 + +output=$("$bin" --sysroot "$sysroot" --config /etc/pacman.conf RootDir 2>&1) +ret=$? + +tap_is_int "$ret" 0 "pacman-conf parses Include under metachar sysroot" +tap_is_str "$output" "$sysroot/" "pacman-conf preserves the escaped sysroot" + +tap_finish base-commit: a6f7467d8c7c4d7e9cc846884e74c0ab7215c48d -- 2.53.0

2 2

Interest in config option for TLS cert and key?
by nibo 17 Mar '26

17 Mar '26

Hello, I have an idea for a feature that I would like to write and eventually merge into pacman. I post in this mailing list to find out if there is an interest in it before I start coding. My goal is to have a custom repository that can only be used by me. First I tried to create an ssh host in ~/.ssh/config ... ``` Host Custom Hostname custom.org User root Port 1 IdentityFile /path/to/file ``` ... and then use it /etc/pacman.conf ... ``` [custom] Server = ssh://Custom:~/path/to/repo ``` ... but that doesn't work. But https URLs do work. So if I could specify a TLS certificate that is signed by a certificate authority certificate that I control I could use a regular https URL but still be the only one with the required TLS certificate to connect. From what I saw libalpm uses libcurl. libcurl has options like `CURLOPT_SSLCERT` and `CURLOPT_SSLKEY` that can be set with `curl_easy_setopt`. Those two options could be controlled through the pacman configuration file. Maybe there is a better solution already available without changing any code that I overlooked. Maybe you have a different solution to my goal. Maybe you are a maintainer and know that such a feature is not wanted. I'm interested in hearing all these thoughts. Best regards, nibo

5 5

Parallel signature checks
by Isaac Yeo 04 Mar '26

04 Mar '26

Hullo folks, Wonder if I could try implementing parallel package signature checks? On some old systems with large upgrades it'd spend over a minute just checking signatures. Would be a nice qol upgrade imo, is this worth taking a stab at? P.S. I'm new here, pardon if this has been asked before :) - Isaac

2 1