[pacman-dev] [GIT] The official pacman repository branch, master, updated. v5.1.1-233-g808a4f15

Allan McRae allan at archlinux.org
Sat Oct 12 14:27:47 UTC 2019 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The official pacman repository".

The branch, master has been updated
       via  808a4f15ce82d2ed7eeb06de73d0f313620558ee (commit)
       via  a82b0028e431dbd8bb3512c3193b52985da82ec2 (commit)
       via  a2c4ad46751e4dcb85a739437d9331bf9282d9be (commit)
      from  a897599fa54813ea2a225271eacd9fb6e1a6762e (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 808a4f15ce82d2ed7eeb06de73d0f313620558ee
Author: Andrew Gregory <andrew.gregory.8 at gmail.com>
Date:   Sun Jun 9 09:56:36 2019 -0700

    run XferCommand via exec
    
    system() runs the provided command via a shell, which is subject to
    command injection.  Even though pacman already provides a mechanism to
    sign and verify the databases containing the urls, certain distributions
    have yet to get their act together and start signing databases, leaving
    them vulnerable to MITM attacks.  Replacing the system call with an
    almost equivalent exec call removes the possibility of a shell-injection
    attack for those users.
    
    Signed-off-by: Andrew Gregory <andrew.gregory.8 at gmail.com>

commit a82b0028e431dbd8bb3512c3193b52985da82ec2
Author: Andrew Gregory <andrew.gregory.8 at gmail.com>
Date:   Fri Oct 11 20:11:51 2019 -0700

    add arg_to_string helper
    
    Converts an argc/argv pair to a string for presentation to the user.
    
    Signed-off-by: Andrew Gregory <andrew.gregory.8 at gmail.com>

commit a2c4ad46751e4dcb85a739437d9331bf9282d9be
Author: Andrew Gregory <andrew.gregory.8 at gmail.com>
Date:   Sun Jun 9 09:54:02 2019 -0700

    move wordsplit into common for sharing
    
    Signed-off-by: Andrew Gregory <andrew.gregory.8 at gmail.com>

-----------------------------------------------------------------------

Summary of changes:
 lib/libalpm/hook.c                  | 119 +--------------------------------
 src/common/util-common.c            | 112 +++++++++++++++++++++++++++++++
 src/common/util-common.h            |   3 +
 src/pacman/conf.c                   | 130 +++++++++++++++++++++++++++++++-----
 src/pacman/conf.h                   |   2 +
 src/pacman/pacman.c                 |  26 ++------
 src/pacman/util.c                   |  23 +++++++
 src/pacman/util.h                   |   1 +
 test/pacman/tests/sync200.py        |   2 +-
 test/pacman/tests/xfercommand001.py |   2 +-
 10 files changed, 264 insertions(+), 156 deletions(-)


hooks/post-receive
-- 
The official pacman repository

More information about the pacman-dev mailing list