Update to 6.4-20230520 and disable root environ/access to (hopefully) fix CVE-2023-29491

ledoian
David Runge 2 years ago
parent bcfb914f73
commit 3c2606603a
No known key found for this signature in database
GPG Key ID: 139B09DA5BF0D338

@ -4,8 +4,8 @@
# Contributor: judd <jvinet@zeroflux.org> # Contributor: judd <jvinet@zeroflux.org>
pkgname=ncurses pkgname=ncurses
pkgver=6.4 pkgver=6.4_20230520
pkgrel=2 pkgrel=1
pkgdesc='System V Release 4.0 curses emulation library' pkgdesc='System V Release 4.0 curses emulation library'
arch=(x86_64) arch=(x86_64)
url='https://invisible-island.net/ncurses/ncurses.html' url='https://invisible-island.net/ncurses/ncurses.html'
@ -16,15 +16,15 @@ optdepends=('bash: for ncursesw6-config')
provides=(libncurses++w.so libformw.so libmenuw.so libpanelw.so libncursesw.so) provides=(libncurses++w.so libformw.so libmenuw.so libpanelw.so libncursesw.so)
replaces=(alacritty-terminfo) replaces=(alacritty-terminfo)
source=( source=(
https://invisible-mirror.net/archives/$pkgname/$pkgname-$pkgver.tar.gz{,.asc} https://invisible-mirror.net/archives/$pkgname/current/$pkgname-${pkgver/_/-}.tgz{,.asc}
$pkgname-6.3-libs.patch $pkgname-6.3-libs.patch
$pkgname-6.3-pkgconfig.patch $pkgname-6.3-pkgconfig.patch
) )
sha512sums=('1c2efff87a82a57e57b0c60023c87bae93f6718114c8f9dc010d4c21119a2f7576d0225dab5f0a227c2cfc6fb6bdbd62728e407f35fce5bf351bb50cf9e0fd34' sha512sums=('bbb1dd33f4c701165b7612657a7577d3175b94c5815a89eaab3a8774510feb9322d284896dba8d3896f6dd89a8b98031829a76f7e3397aebb6cf2a71e989f93c'
'SKIP' 'SKIP'
'adb02b838c40f1e58a1b31c26d5cd0f2a1c43f3b6d68e839981764c0f6c905a9eb51dd36ff018628fdeb20747cc7467727d57135408ab4848259384077a52b28' 'adb02b838c40f1e58a1b31c26d5cd0f2a1c43f3b6d68e839981764c0f6c905a9eb51dd36ff018628fdeb20747cc7467727d57135408ab4848259384077a52b28'
'2d2c0ec3c880e638ab4aa3dbff5e28e4cd233153e24816bd87e077f848aa3edd5114cd0f2a7f6e8869dd1861a2746e512886c18264ff1676927dcc320c5ef958') '2d2c0ec3c880e638ab4aa3dbff5e28e4cd233153e24816bd87e077f848aa3edd5114cd0f2a7f6e8869dd1861a2746e512886c18264ff1676927dcc320c5ef958')
b2sums=('47fd9c2d27f44fa9942552881a471e5067465dbace40bf68b28998dded0556127a1d8662b96de4de4fd76c1c8b98bdae796036553ab4b05ca9f160839d841ba3' b2sums=('d5e88198140ab6471a36bef08685e17ac2e43b4e66b53abaa961d5f8912eb3eae3784db194436c2b3e5f2deaeefaaed93e0550bcab0456f1486fc35d0cdac440'
'SKIP' 'SKIP'
'31bb10e82dd018a75e57252052650d9f0f5eb5e7e887118c2ea40032b11f59ec6aa4d9bae804c615cbecdf3382f3434e0c9e9e8440fdefe66a507be020b8965c' '31bb10e82dd018a75e57252052650d9f0f5eb5e7e887118c2ea40032b11f59ec6aa4d9bae804c615cbecdf3382f3434e0c9e9e8440fdefe66a507be020b8965c'
'fb6cf606cf3db7f6b306272696a63bce83d52cfa91e850f9a7bdb9d3d8455a26943529a9cf79731dddc7f763c27211a9afab9c4c31dbb6d12fd720eb390eb0a3') 'fb6cf606cf3db7f6b306272696a63bce83d52cfa91e850f9a7bdb9d3d8455a26943529a9cf79731dddc7f763c27211a9afab9c4c31dbb6d12fd720eb390eb0a3')
@ -32,16 +32,18 @@ validpgpkeys=('19882D92DDA4C400C22C0D56CC2AF4472167BE03') # Thomas Dickey <dick
prepare() { prepare() {
# do not link against test libraries # do not link against test libraries
patch -Np1 -d $pkgname-$pkgver -i ../$pkgname-6.3-libs.patch patch -Np1 -d $pkgname-${pkgver/_/-} -i ../$pkgname-6.3-libs.patch
# do not leak build-time LDFLAGS into the pkgconfig files: # do not leak build-time LDFLAGS into the pkgconfig files:
# https://bugs.archlinux.org/task/68523 # https://bugs.archlinux.org/task/68523
patch -Np1 -d $pkgname-$pkgver -i ../$pkgname-6.3-pkgconfig.patch patch -Np1 -d $pkgname-${pkgver/_/-} -i ../$pkgname-6.3-pkgconfig.patch
# NOTE: can't run autoreconf because the autotools setup is custom and ancient # NOTE: can't run autoreconf because the autotools setup is custom and ancient
} }
build() { build() {
local configure_options=( local configure_options=(
--prefix=/usr --prefix=/usr
--disable-root-access
--disable-root-environ
--disable-setuid-environ --disable-setuid-environ
--enable-widec --enable-widec
--enable-pc-files --enable-pc-files
@ -56,14 +58,16 @@ build() {
--without-ada --without-ada
) )
cd $pkgname-$pkgver cd $pkgname-${pkgver/_/-}
./configure "${configure_options[@]}" ./configure "${configure_options[@]}"
make make
} }
package() { package() {
make DESTDIR="$pkgdir" install -C $pkgname-$pkgver local _pkgver=${pkgver/_*/}
install -vDm 644 $pkgname-$pkgver/COPYING -t "$pkgdir/usr/share/licenses/$pkgname/"
make DESTDIR="$pkgdir" install -C $pkgname-${pkgver/_/-}
install -vDm 644 $pkgname-${pkgver/_/-}/COPYING -t "$pkgdir/usr/share/licenses/$pkgname/"
# fool packages looking to link to non-wide-character ncurses libraries # fool packages looking to link to non-wide-character ncurses libraries
for lib in ncurses ncurses++ form panel menu; do for lib in ncurses ncurses++ form panel menu; do
@ -78,8 +82,8 @@ package() {
# tic and ticinfo functionality is built in by default # tic and ticinfo functionality is built in by default
# make sure that anything linking against it links against libncursesw.so instead # make sure that anything linking against it links against libncursesw.so instead
for lib in tic tinfo; do for lib in tic tinfo; do
printf "INPUT(libncursesw.so.%s)\n" "${pkgver:0:1}" > "$pkgdir/usr/lib/lib${lib}.so" printf "INPUT(libncursesw.so.%s)\n" "${_pkgver:0:1}" > "$pkgdir/usr/lib/lib${lib}.so"
ln -sv libncursesw.so.${pkgver:0:1} "$pkgdir/usr/lib/lib${lib}.so.${pkgver:0:1}" ln -sv libncursesw.so.${pkgver:0:1} "$pkgdir/usr/lib/lib${lib}.so.${_pkgver:0:1}"
ln -sv ncursesw.pc "$pkgdir/usr/lib/pkgconfig/${lib}.pc" ln -sv ncursesw.pc "$pkgdir/usr/lib/pkgconfig/${lib}.pc"
done done
} }

Loading…
Cancel
Save