Re: [PR PATCH] [Updated] pacman: update to 6.0.0

[Oreo639 <Oreo639@users.noreply.github.com>]

[-- Attachment #1: Type: text/plain, Size: 1588 bytes --]

There is an updated pull request by Oreo639 against master on the void-packages repository

https://github.com/Oreo639/void-packages pacup
https://github.com/void-linux/void-packages/pull/31444

pacman: update to 6.0.0
<!-- Mark items with [x] where applicable -->

#### General
- [ ] This is a new package and it conforms to the [quality requirements](https://github.com/void-linux/void-packages/blob/master/Manual.md#quality-requirements)

#### Have the results of the proposed changes been tested?
- [x] I use the packages affected by the proposed changes on a regular basis and confirm this PR works for me
- [ ] I generally don't use the affected packages but briefly tested this PR

<!--
If GitHub CI cannot be used to validate the build result (for example, if the
build is likely to take several hours), make sure to
[skip CI](https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#continuous-integration).
When skipping CI, uncomment and fill out the following section.
Note: for builds that are likely to complete in less than 2 hours, it is not
acceptable to skip CI.
-->
<!-- 
#### Does it build and run successfully? 
(Please choose at least one native build and, if supported, at least one cross build. More are better.)
- [ ] I built this PR locally for my native architecture, (ARCH-LIBC)
- [ ] I built this PR locally for these architectures (if supported. mark crossbuilds):
  - [ ] aarch64-musl
  - [ ] armv7l
  - [ ] armv6l-musl
-->


A patch file from https://github.com/void-linux/void-packages/pull/31444.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-pacup-31444.patch --]
[-- Type: text/x-diff, Size: 4914 bytes --]

From f382bba5f9b847e062acf8d08a43763c4131d544 Mon Sep 17 00:00:00 2001
From: oreo639 <31916379+Oreo639@users.noreply.github.com>
Date: Thu, 22 Jul 2021 13:18:30 -0700
Subject: [PATCH] pacman: update to 6.0.0

---
 .../pacman-6.0.0-fix-404-download.patch       | 40 +++++++++++++++++
 ...man-6.0.0-fix-key-import-double-free.patch | 45 +++++++++++++++++++
 srcpkgs/pacman/template                       |  6 +--
 3 files changed, 88 insertions(+), 3 deletions(-)
 create mode 100644 srcpkgs/pacman/patches/pacman-6.0.0-fix-404-download.patch
 create mode 100644 srcpkgs/pacman/patches/pacman-6.0.0-fix-key-import-double-free.patch

diff --git a/srcpkgs/pacman/patches/pacman-6.0.0-fix-404-download.patch b/srcpkgs/pacman/patches/pacman-6.0.0-fix-404-download.patch
new file mode 100644
index 000000000000..041de91981ee
--- /dev/null
+++ b/srcpkgs/pacman/patches/pacman-6.0.0-fix-404-download.patch
@@ -0,0 +1,40 @@
+From 3401f9e142ac4c701cd98c52618cb13164f2146b Mon Sep 17 00:00:00 2001
+From: Allan McRae <allan@archlinux.org>
+Date: Wed, 2 Jun 2021 21:48:53 +1000
+Subject: [PATCH] libalpm: prevent download error pages ending up in package
+ files
+
+Some servers respond with error pages (e.g. 404.html) when a package is
+not present. These were getting written to packages before moving onto
+the next server. Reset the download progress on 400+ error conditions
+to avoid this.
+
+Signed-off-by: Allan McRae <allan@archlinux.org>
+---
+ lib/libalpm/dload.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/lib/libalpm/dload.c b/lib/libalpm/dload.c
+index 2d8b4d6d..3eea998b 100644
+--- a/lib/libalpm/dload.c
++++ b/lib/libalpm/dload.c
+@@ -510,6 +510,16 @@ static int curl_check_finished_download(CURLM *curlm, CURLMsg *msg,
+ 							payload->remote_name, hostname, payload->error_buffer);
+ 					server_soft_error(handle, payload->fileurl);
+ 				}
++
++				fflush(payload->localf);
++				if(fstat(fileno(payload->localf), &st) == 0 && st.st_size != payload->initial_size) {
++					/* an html error page was written to the file, reset it */
++					if(ftruncate(fileno(payload->localf), payload->initial_size)) {
++						RET_ERR(handle, ALPM_ERR_SYSTEM, -1);
++					}
++					fseek(payload->localf, payload->initial_size, SEEK_SET);
++				}
++
+ 				if(curl_retry_next_server(curlm, curl, payload) == 0) {
+ 					(*active_downloads_num)++;
+ 					return 2;
+-- 
+GitLab
+
diff --git a/srcpkgs/pacman/patches/pacman-6.0.0-fix-key-import-double-free.patch b/srcpkgs/pacman/patches/pacman-6.0.0-fix-key-import-double-free.patch
new file mode 100644
index 000000000000..13d289fcada5
--- /dev/null
+++ b/srcpkgs/pacman/patches/pacman-6.0.0-fix-key-import-double-free.patch
@@ -0,0 +1,45 @@
+From 542910d684191eb7f25ddc5d3d8fe3060028a267 Mon Sep 17 00:00:00 2001
+From: morganamilo <morganamilo@archlinux.org>
+Date: Thu, 3 Jun 2021 19:45:22 +0100
+Subject: [PATCH] libalpm: fix double free when importing key
+
+Comit 5151de30 tried to fix leaking memory when importing a key. However
+key_search_keyserver() writes to the key passed in, making the original
+uid and fingerprint unreachable, causing the new uid and fingerprint to
+double free.
+
+Fixes FS#71107
+
+Signed-off-by: Allan McRae <allan@archlinux.org>
+---
+ lib/libalpm/signing.c | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/lib/libalpm/signing.c b/lib/libalpm/signing.c
+index b1b50bc8..a7be3a1a 100644
+--- a/lib/libalpm/signing.c
++++ b/lib/libalpm/signing.c
+@@ -513,6 +513,10 @@ int _alpm_key_import(alpm_handle_t *handle, const char *uid, const char *fpr)
+ 				.key = &fetch_key
+ 			};
+ 	QUESTION(handle, &question);
++
++	free(fetch_key.uid);
++	free(fetch_key.fingerprint);
++
+ 	if(question.import) {
+ 		/* Try to import the key from a WKD first */
+ 		if(email_from_uid(uid, &email) == 0) {
+@@ -538,9 +542,6 @@ int _alpm_key_import(alpm_handle_t *handle, const char *uid, const char *fpr)
+ 		}
+ 	}
+ 	gpgme_key_unref(fetch_key.data);
+-	free(fetch_key.uid);
+-	free(fetch_key.fingerprint);
+-
+ 	return ret;
+ }
+ 
+-- 
+GitLab
+
diff --git a/srcpkgs/pacman/template b/srcpkgs/pacman/template
index b98560e10637..a2388935f6e5 100644
--- a/srcpkgs/pacman/template
+++ b/srcpkgs/pacman/template
@@ -1,7 +1,7 @@
 # Template file for 'pacman'
 pkgname=pacman
-version=5.2.2
-revision=3
+version=6.0.0
+revision=1
 make_dirs="/var/lib/pacman 0755 root root
  /usr/var/cache/pacman/pkg 0755 root root
  /usr/share/libalpm/hooks 0755 root root"
@@ -15,7 +15,7 @@ short_desc="Simple library-based package manager"
 maintainer="oreo639 <oreo6391@gmail.com>"
 license="GPL-2.0-or-later"
 homepage="https://www.archlinux.org/pacman/"
-distfiles="https://sources.archlinux.org/other/pacman/pacman-${version}.tar.gz"
+distfiles="https://sources.archlinux.org/other/pacman/pacman-${version}.tar.xz"
 checksum=bb201a9f2fb53c28d011f661d50028efce6eef2c1d2a36728bdd0130189349a0
 make_check=ci-skip