[aur-general] acroread package compromised

Eli Schwartz eschwartz at archlinux.org
Sun Jul 8 15:00:26 UTC 2018

On 07/08/2018 08:53 AM, Ralf Mardorf wrote:
> On Sun, 8 Jul 2018 14:02:15 +0200, Joakim Hernberg wrote:
>> Needlessly to say I didn't install it.  Still just thought I'd mention
>> it.
> https://git.archlinux.org/svntogit/packages.git/tree/trunk/mirrorlist?h=packages/pacman-mirrorlist
> does contain https://mex.mirror.pkgbuild.com/ .

I'll do you one better. https://pkgbuild.com is owned by Arch Linux, run
on our infrastructure, and used as a build server for packages which
require heavy compilation (it's got a lot of RAM/cpu power). The
subdomains are Private Internet Access sponsored machines also under our


Side note on the acroread pastes: https://ptpb.pw/~x was executed by the
PKGBUILD, which in turn executed https://ptpb.pw/~u. But the thing it
installed declares an upload() function then tries to execute the
contents of $uploader to actually upload the data collection.

So it basically wouldn't work as-is anyway.

Eli Schwartz
Bug Wrangler and Trusted User

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/aur-general/attachments/20180708/f65154bb/attachment.asc>

More information about the aur-general mailing list