Update to 6.4-20230520 and disable root environ/access to (hopefully) fix CVE-2023-29491

PKGBUILD

@@ -4,7 +4,7 @@
 
 _name=ncurses
 pkgname=lib32-${_name}
-pkgver=6.4
+pkgver=6.4_20230520
 pkgrel=1
 pkgdesc="System V Release 4.0 curses emulation library (32-bit)"
 arch=(x86_64)
@@ -13,15 +13,15 @@ license=(MIT)
 depends=(lib32-gcc-libs lib32-glibc $_name=$pkgver)
 provides=(libncurses++w.so libformw.so libmenuw.so libpanelw.so libncursesw.so)
 source=(
-  https://invisible-mirror.net/archives/$_name/$_name-$pkgver.tar.gz{,.asc}
+  https://invisible-mirror.net/archives/$_name/$_name-${pkgver/_/-}.tgz{,.asc}
   $_name-6.3-libs.patch
   $_name-6.3-pkgconfig.patch
 )
-sha512sums=('1c2efff87a82a57e57b0c60023c87bae93f6718114c8f9dc010d4c21119a2f7576d0225dab5f0a227c2cfc6fb6bdbd62728e407f35fce5bf351bb50cf9e0fd34'
+sha512sums=('bbb1dd33f4c701165b7612657a7577d3175b94c5815a89eaab3a8774510feb9322d284896dba8d3896f6dd89a8b98031829a76f7e3397aebb6cf2a71e989f93c'
             'SKIP'
             'adb02b838c40f1e58a1b31c26d5cd0f2a1c43f3b6d68e839981764c0f6c905a9eb51dd36ff018628fdeb20747cc7467727d57135408ab4848259384077a52b28'
             '2d2c0ec3c880e638ab4aa3dbff5e28e4cd233153e24816bd87e077f848aa3edd5114cd0f2a7f6e8869dd1861a2746e512886c18264ff1676927dcc320c5ef958')
-b2sums=('47fd9c2d27f44fa9942552881a471e5067465dbace40bf68b28998dded0556127a1d8662b96de4de4fd76c1c8b98bdae796036553ab4b05ca9f160839d841ba3'
+b2sums=('d5e88198140ab6471a36bef08685e17ac2e43b4e66b53abaa961d5f8912eb3eae3784db194436c2b3e5f2deaeefaaed93e0550bcab0456f1486fc35d0cdac440'
         'SKIP'
         '31bb10e82dd018a75e57252052650d9f0f5eb5e7e887118c2ea40032b11f59ec6aa4d9bae804c615cbecdf3382f3434e0c9e9e8440fdefe66a507be020b8965c'
         'fb6cf606cf3db7f6b306272696a63bce83d52cfa91e850f9a7bdb9d3d8455a26943529a9cf79731dddc7f763c27211a9afab9c4c31dbb6d12fd720eb390eb0a3')
@@ -29,10 +29,10 @@ validpgpkeys=('19882D92DDA4C400C22C0D56CC2AF4472167BE03')  # Thomas Dickey <dick
 
 prepare() {
   # do not link against test libraries
-  patch -Np1 -d $_name-$pkgver -i ../$_name-6.3-libs.patch
+  patch -Np1 -d $_name-${pkgver/_/-} -i ../$_name-6.3-libs.patch
   # do not leak build-time LDFLAGS into the pkgconfig files:
   # https://bugs.archlinux.org/task/68523
-  patch -Np1 -d $_name-$pkgver  -i ../$_name-6.3-pkgconfig.patch
+  patch -Np1 -d $_name-${pkgver/_/-}  -i ../$_name-6.3-pkgconfig.patch
   # NOTE: can't run autoreconf because the autotools setup is custom and ancient
 }
 
@@ -41,6 +41,9 @@ build() {
     --prefix=/usr
     --libdir=/usr/lib32
     --disable-db-install
+    --disable-root-access
+    --disable-root-environ
+    --disable-setuid-environ
     --enable-widec
     --enable-pc-files
     --mandir=/usr/share/man
@@ -61,15 +64,16 @@ build() {
   export CXX="g++ -m32"
   export PKG_CONFIG_LIBDIR='/usr/lib32/pkgconfig'
 
-  cd $_name-$pkgver
+  cd $_name-${pkgver/_/-}
   ./configure "${configure_options[@]}"
   make
 }
 
 package() {
-  make DESTDIR="$pkgdir" install -C $_name-$pkgver
+  local _pkgver=${pkgver/_*/}
+  make DESTDIR="$pkgdir" install -C $_name-${pkgver/_/-}
 
-  install -vDm 644 $_name-$pkgver/COPYING -t "$pkgdir/usr/share/licenses/$pkgname/"
+  install -vDm 644 $_name-${pkgver/_/-}/COPYING -t "$pkgdir/usr/share/licenses/$pkgname/"
 
   # fool packages looking to link to non-wide-character ncurses libraries
   for lib in ncurses ncurses++ form panel menu; do
@@ -84,8 +88,8 @@ package() {
   # tic and ticinfo functionality is built in by default
   # make sure that anything linking against it links against libncursesw.so instead
   for lib in tic tinfo; do
-    printf "INPUT(libncursesw.so.%s)\n" "${pkgver:0:1}" > "${pkgdir}/usr/lib32/lib$lib.so"
+    printf "INPUT(libncursesw.so.%s)\n" "${_pkgver:0:1}" > "${pkgdir}/usr/lib32/lib$lib.so"
-    ln -sv libncursesw.so.${pkgver:0:1} "$pkgdir/usr/lib32/lib$lib.so.${pkgver:0:1}"
+    ln -sv libncursesw.so.${pkgver:0:1} "$pkgdir/usr/lib32/lib$lib.so.${_pkgver:0:1}"
     ln -fsv ncursesw.pc "$pkgdir/usr/lib32/pkgconfig/$lib.pc"
   done