[pacman-dev] [PATCH] makepkg: restrict pkgname and pkgver to ascii

Andrew Gregory andrew.gregory.8 at gmail.com
Mon Jun 3 07:32:35 UTC 2019 

pkgname and pkgver are used as directory names within database files.
libarchive does not provide a reliable locale-independent method for
reading archive file names, causing errors when archive paths include
non-ascii characters.

This is a first step toward dealing with FS#49342, by hopefully reducing
the number of packages with non-ascii data in the wild before updating
libalpm to reject them outright.

See https://github.com/libarchive/libarchive/wiki/Filenames
and https://github.com/libarchive/libarchive/issues/587

Signed-off-by: Andrew Gregory <andrew.gregory.8 at gmail.com>
---
 scripts/libmakepkg/lint_pkgbuild/pkgname.sh.in | 4 ++++
 scripts/libmakepkg/lint_pkgbuild/pkgver.sh.in  | 5 +++++
 2 files changed, 9 insertions(+)

diff --git a/scripts/libmakepkg/lint_pkgbuild/pkgname.sh.in b/scripts/libmakepkg/lint_pkgbuild/pkgname.sh.in
index 84666a29..51a25d2c 100644
--- a/scripts/libmakepkg/lint_pkgbuild/pkgname.sh.in
+++ b/scripts/libmakepkg/lint_pkgbuild/pkgname.sh.in
@@ -45,6 +45,10 @@ lint_one_pkgname() {
 		error "$(gettext "%s is not allowed to start with a dot.")" "$type"
 		ret=1
 	fi
+	if [[ $name = *[![:ascii:]]* ]]; then
+		error "$(gettext "%s may only contain ascii characters.")" "$type"
+		return 1
+	fi
 	if [[ $name = *[^[:alnum:]+_. at -]* ]]; then
 		error "$(gettext "%s contains invalid characters: '%s'")" \
 				"$type" "${name//[[:alnum:]+_. at -]}"
diff --git a/scripts/libmakepkg/lint_pkgbuild/pkgver.sh.in b/scripts/libmakepkg/lint_pkgbuild/pkgver.sh.in
index 8d5d04f1..b0f45027 100644
--- a/scripts/libmakepkg/lint_pkgbuild/pkgver.sh.in
+++ b/scripts/libmakepkg/lint_pkgbuild/pkgver.sh.in
@@ -41,6 +41,11 @@ check_pkgver() {
 		error "$(gettext "%s is not allowed to contain colons, forward slashes, hyphens or whitespace.")" "pkgver${type:+ in $type}"
 		return 1
 	fi
+
+	if [[ $ver = *[![:ascii:]]* ]]; then
+		error "$(gettext "%s may only contain ascii characters.")" "pkgver${type:+ in $type}"
+		return 1
+	fi
 }
 
 lint_pkgver() {
-- 
2.21.0

More information about the pacman-dev mailing list