[pacman-dev] [GIT] The official pacman repository branch, master, updated. v5.1.1-233-g808a4f15
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The official pacman repository". The branch, master has been updated via 808a4f15ce82d2ed7eeb06de73d0f313620558ee (commit) via a82b0028e431dbd8bb3512c3193b52985da82ec2 (commit) via a2c4ad46751e4dcb85a739437d9331bf9282d9be (commit) from a897599fa54813ea2a225271eacd9fb6e1a6762e (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 808a4f15ce82d2ed7eeb06de73d0f313620558ee Author: Andrew Gregory <andrew.gregory.8@gmail.com> Date: Sun Jun 9 09:56:36 2019 -0700 run XferCommand via exec system() runs the provided command via a shell, which is subject to command injection. Even though pacman already provides a mechanism to sign and verify the databases containing the urls, certain distributions have yet to get their act together and start signing databases, leaving them vulnerable to MITM attacks. Replacing the system call with an almost equivalent exec call removes the possibility of a shell-injection attack for those users. Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> commit a82b0028e431dbd8bb3512c3193b52985da82ec2 Author: Andrew Gregory <andrew.gregory.8@gmail.com> Date: Fri Oct 11 20:11:51 2019 -0700 add arg_to_string helper Converts an argc/argv pair to a string for presentation to the user. Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> commit a2c4ad46751e4dcb85a739437d9331bf9282d9be Author: Andrew Gregory <andrew.gregory.8@gmail.com> Date: Sun Jun 9 09:54:02 2019 -0700 move wordsplit into common for sharing Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> ----------------------------------------------------------------------- Summary of changes: lib/libalpm/hook.c | 119 +-------------------------------- src/common/util-common.c | 112 +++++++++++++++++++++++++++++++ src/common/util-common.h | 3 + src/pacman/conf.c | 130 +++++++++++++++++++++++++++++++----- src/pacman/conf.h | 2 + src/pacman/pacman.c | 26 ++------ src/pacman/util.c | 23 +++++++ src/pacman/util.h | 1 + test/pacman/tests/sync200.py | 2 +- test/pacman/tests/xfercommand001.py | 2 +- 10 files changed, 264 insertions(+), 156 deletions(-) hooks/post-receive -- The official pacman repository
participants (1)
-
Allan McRae