libmakepkg: remove pkglist linting

The ability to build only selected packages from a split package was removed from makepkg, so this lint is no longer needed. Signed-off-by: Allan McRae <allan@archlinux.org>
libalpm: fix -U when pkg exists but not sig
2025-08-02 14:26:44 +10:00 · 2025-06-21 23:39:57 +10:00 · 2025-05-30 14:48:14 +01:00 · 2025-05-26 16:13:06 +10:00 · 2025-05-26 16:13:06 +10:00 · 2025-05-26 16:13:06 +10:00
474 changed files with 82124 additions and 66506 deletions
--- a/.editorconfig
+++ b/.editorconfig
@ -1,5 +1,5 @@
 # EditorConfig configuration for pacman
-# http://EditorConfig.org
+# https://editorconfig.org

 # Top-most EditorConfig file
 root = true
@ -16,5 +16,9 @@ indent_style = tab
 [{NEWS,HACKING}]
 indent_style = space

+[meson.build]
+indent_style = space
+indent_size = 2
+
 [*.py]
 indent_style = space
--- a/.gitignore
+++ b/.gitignore
@ -1,24 +1,3 @@
 *~
 *.o
-ABOUT-NLS
-aclocal.m4
-autom4te.cache
-config.h
-config.h.in
-config.log
-config.status
-config.status.lineno
-configure
-configure.lineno
-cov-int
-cscope.in.out
-cscope.out
-cscope.po.out
-intl
-libtool
-Makefile
-Makefile.in
 pacman-*.tar.gz
-root
-stamp-h1
-tags
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -0,0 +1,132 @@
+variables:
+  MAKEFLAGS: "-j10"
+  VERBOSE: 1
+
+default:
+  after_script:
+    - build-aux/print-failed-test-output build/meson-logs/testlog.json
+
+.arch-test:
+  image: archlinux:base-devel
+  before_script:
+    - >
+      pacman -Syu --needed --noconfirm
+      git
+      gpgme libarchive curl
+      python
+      fakeroot fakechroot
+      meson
+  artifacts:
+      when: always
+      paths:
+        - build/meson-logs/meson-log.txt
+
+arch:
+  extends: .arch-test
+  script:
+    - meson setup build
+    - ninja -C build
+    - fakechroot meson test -C build
+
+arch-debug:
+  extends: .arch-test
+  script:
+    - meson setup --buildtype=debug --werror build
+    - ninja -C build
+    - fakechroot meson test -C build
+
+arch-docs:
+  extends: .arch-test
+  script:
+    - pacman -Syu --needed --noconfirm asciidoc
+    - meson setup -Ddoc=enabled build
+    - ninja -C build
+
+arch-clang:
+  extends: .arch-test
+  script:
+    - pacman -Syu --needed --noconfirm clang
+    - CC=clang meson setup build
+    - ninja -C build
+    - fakechroot meson test -C build
+
+#arch-valgrind:
+#  extends: .arch-test
+#  script:
+#    - pacman -Syu --needed --noconfirm valgrind
+#    - pacman -U --noconfirm https://geo.mirror.pkgbuild.com/core-debug/os/x86_64/glibc-debug-$(pacman -S --print-format %v glibc)-x86_64.pkg.tar.zst
+#    - meson setup build
+#    - ninja -C build
+#    - PACTEST_VALGRIND=1 fakechroot meson test -C build
+
+arch-nettle:
+  extends: .arch-test
+  script:
+    - meson setup -Dcrypto=nettle --buildtype=debug build
+    - ninja -C build
+    - fakechroot meson test -C build
+
+arch-no-gpg:
+  extends: .arch-test
+  script:
+    - meson setup -Dgpgme=disabled --buildtype=debug build
+    - ninja -C build
+    - fakechroot meson test -C build
+
+arch-no-curl:
+  extends: .arch-test
+  script:
+    - meson setup -Dcurl=disabled --buildtype=debug build
+    - ninja -C build
+    - fakechroot meson test -C build
+
+arch-no-nls:
+  extends: .arch-test
+  script:
+    - meson setup -Di18n=false --buildtype=debug build
+    - ninja -C build
+    - fakechroot meson test -C build
+
+debian:
+  image: debian:bookworm
+  before_script:
+    - apt update
+    - >
+      apt -y install --no-install-recommends
+      git pkg-config meson gcc libtool
+      libgpgme-dev libarchive-dev libcurl4-openssl-dev libssl-dev curl
+      gettext python3 python3-setuptools dash gawk ca-certificates
+      fakeroot fakechroot
+  script:
+    - meson setup --buildtype=debug build
+    - ninja -C build
+    - fakechroot meson test -C build
+
+fedora:
+  image: fedora
+  before_script:
+    - >
+      dnf -y install
+      git findutils patch sed
+      meson gcc libtool bsdtar
+      gpgme-devel libarchive-devel libcurl-devel openssl-devel gettext-devel
+      asciidoc python3 dash gawk
+      fakeroot fakechroot
+      perl-Module-Load-Conditional
+  script:
+    - meson setup --buildtype=debug build
+    - ninja -C build
+    - fakechroot meson test -C build
+
+pages:
+  extends: .arch-test
+  script:
+    - pacman -Syu --needed --noconfirm asciidoc
+    - meson setup -Ddoc=enabled build
+    - ninja -C build html
+  artifacts:
+    paths:
+      - build/doc
+  publish: build/doc
+  rules:
+    - if: $CI_COMMIT_BRANCH == "release/6.1.x"
--- a/.mailmap
+++ b/.mailmap
@ -12,7 +12,7 @@ Daenyth Blank <Daenyth+arch@gmail.com> <Daenyth+git@gmail.com>
 Dave Reisner <dreisner@archlinux.org> <d@falconindy.com>
 甘露(Gan Lu) <rhythm.gan@gmail.com>
 Giovanni Scafora <giovanni@archlinux.org> <linuxmania@gmail.com>
-Jan Steffens <jan.steffens@gmail.com>
+Jan Alexander Steffens (heftig) <heftig@archlinux.org> <jan.steffens@gmail.com>
 Jaroslaw Swierczynski <swiergot@gmail.com> <swiergot@juvepoland.com>
 Jonathan Conder <j@skurvy.no-ip.org> <jonno.conder@gmail.com>
 Juan Pablo González Tognarelli <lord_jotape@yahoo.com.ar>
@ -20,6 +20,7 @@ Juan Pablo González Tognarelli <lord_jotape@yahoo.com.ar> <jotapesan@gmail.com>
 Manuel Tortosa <manutortosa@chakra-project.org> <manutortosa@gmail.com>
 Marc - A. Dahlhaus <mad@wol.de>
 Matthias Gorissen <matthias@archlinux.de> <siquame@web.de>
+morganamilo <morganamilo@archlinux.org> <morganamilo@gmail.com>
 Laszlo Papp <djszapi@archlinux.us> <djszapi2@gmail.com>
 Nagy Gabor <ngaba@bibl.u-szeged.hu> <ngaba@petra.hos.u-szeged.hu>
 Nagy Gabor <ngaba@bibl.u-szeged.hu> <ngaba at bibl.u-szeged.hu>
--- a/.tx/config
+++ b/.tx/config
@ -1,17 +1,17 @@
 [main]
 host = https://www.transifex.com

-[archlinux-pacman.libalpm-pot]
+[o:toofishes:p:archlinux-pacman:r:libalpm-pot]
 file_filter = lib/libalpm/po/<lang>.po
 source_file = lib/libalpm/po/libalpm.pot
 source_lang = en

-[archlinux-pacman.pacman-pot]
+[o:toofishes:p:archlinux-pacman:r:pacman-pot]
 file_filter = src/pacman/po/<lang>.po
 source_file = src/pacman/po/pacman.pot
 source_lang = en

-[archlinux-pacman.pacman-scripts-pot]
+[o:toofishes:p:archlinux-pacman:r:pacman-scripts-pot]
 file_filter = scripts/po/<lang>.po
 source_file = scripts/po/pacman-scripts.pot
 source_lang = en
--- a/.ycm_extra_conf.py
+++ b/.ycm_extra_conf.py
@ -1,250 +0,0 @@
-#!/usr/bin/env python
-
-# SPDX-License-Identifier: Unlicense
-#
-# Based on the template file provided by the 'YCM-Generator' project authored by
-# Reuben D'Netto.
-# Jiahui Xie has re-reformatted and expanded the original script in accordance
-# to the requirements of the PEP 8 style guide and 'systemd' project,
-# respectively.
-#
-# The original license is preserved as it is.
-#
-#
-# This is free and unencumbered software released into the public domain.
-#
-# Anyone is free to copy, modify, publish, use, compile, sell, or
-# distribute this software, either in source code form or as a compiled
-# binary, for any purpose, commercial or non-commercial, and by any
-# means.
-#
-# In jurisdictions that recognize copyright laws, the author or authors
-# of this software dedicate any and all copyright interest in the
-# software to the public domain. We make this dedication for the benefit
-# of the public at large and to the detriment of our heirs and
-# successors. We intend this dedication to be an overt act of
-# relinquishment in perpetuity of all present and future rights to this
-# software under copyright law.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
-# IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
-# OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
-# ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
-# OTHER DEALINGS IN THE SOFTWARE.
-#
-# For more information, please refer to <http://unlicense.org/>
-
-"""
-YouCompleteMe configuration file tailored to support the 'meson' build system
-used by the 'systemd' project.
-"""
-
-import glob
-import os
-import ycm_core
-
-
-SOURCE_EXTENSIONS = (".C", ".cpp", ".cxx", ".cc", ".c", ".m", ".mm")
-HEADER_EXTENSIONS = (".H", ".h", ".hxx", ".hpp", ".hh")
-
-
-def DirectoryOfThisScript():
-    """
-    Return the absolute path of the parent directory containing this
-    script.
-    """
-    return os.path.dirname(os.path.abspath(__file__))
-
-
-def GuessBuildDirectory():
-    """
-    Guess the build directory using the following heuristics:
-
-    1. Returns the current directory of this script plus 'build'
-    subdirectory in absolute path if this subdirectory exists.
-
-    2. Otherwise, probes whether there exists any directory
-    containing '.ninja_log' file two levels above the current directory;
-    returns this single directory only if there is one candidate.
-    """
-    result = os.path.join(DirectoryOfThisScript(), "build")
-
-    if os.path.exists(result):
-        return result
-
-    result = glob.glob(os.path.join(DirectoryOfThisScript(),
-                                    "..", "..", "*", ".ninja_log"))
-
-    if not result:
-        return ""
-
-    if 1 != len(result):
-        return ""
-
-    return os.path.split(result[0])[0]
-
-
-def TraverseByDepth(root, include_extensions):
-    """
-    Return a set of child directories of the 'root' containing file
-    extensions specified in 'include_extensions'.
-
-    NOTE:
-        1. The 'root' directory itself is excluded from the result set.
-        2. No subdirectories would be excluded if 'include_extensions' is left
-           to 'None'.
-        3. Each entry in 'include_extensions' must begin with string '.'.
-    """
-    is_root = True
-    result = set()
-    # Perform a depth first top down traverse of the given directory tree.
-    for root_dir, subdirs, file_list in os.walk(root):
-        if not is_root:
-            # print("Relative Root: ", root_dir)
-            # print(subdirs)
-            if include_extensions:
-                get_ext = os.path.splitext
-                subdir_extensions = {
-                    get_ext(f)[-1] for f in file_list if get_ext(f)[-1]
-                }
-                if subdir_extensions & include_extensions:
-                    result.add(root_dir)
-            else:
-                result.add(root_dir)
-        else:
-            is_root = False
-
-    return result
-
-
-_project_src_dir = os.path.join(DirectoryOfThisScript(), "src")
-_include_dirs_set = TraverseByDepth(_project_src_dir, frozenset({".h"}))
-flags = [
-    "-x",
-    "c"
-    # The following flags are partially redundant due to the existence of
-    # 'compile_commands.json'.
-    #    '-Wall',
-    #    '-Wextra',
-    #    '-Wfloat-equal',
-    #    '-Wpointer-arith',
-    #    '-Wshadow',
-    #    '-std=gnu99',
-]
-
-for include_dir in _include_dirs_set:
-    flags.append("-I" + include_dir)
-
-# Set this to the absolute path to the folder (NOT the file!) containing the
-# compile_commands.json file to use that instead of 'flags'. See here for
-# more details: http://clang.llvm.org/docs/JSONCompilationDatabase.html
-#
-# You can get CMake to generate this file for you by adding:
-#   set( CMAKE_EXPORT_COMPILE_COMMANDS 1 )
-# to your CMakeLists.txt file.
-#
-# Most projects will NOT need to set this to anything; you can just change the
-# 'flags' list of compilation flags. Notice that YCM itself uses that approach.
-compilation_database_folder = GuessBuildDirectory()
-
-if os.path.exists(compilation_database_folder):
-    database = ycm_core.CompilationDatabase(compilation_database_folder)
-else:
-    database = None
-
-
-def MakeRelativePathsInFlagsAbsolute(flags, working_directory):
-    """
-    Iterate through 'flags' and replace the relative paths prefixed by
-    '-isystem', '-I', '-iquote', '--sysroot=' with absolute paths
-    start with 'working_directory'.
-    """
-    if not working_directory:
-        return list(flags)
-    new_flags = []
-    make_next_absolute = False
-    path_flags = ["-isystem", "-I", "-iquote", "--sysroot="]
-    for flag in flags:
-        new_flag = flag
-
-        if make_next_absolute:
-            make_next_absolute = False
-            if not flag.startswith("/"):
-                new_flag = os.path.join(working_directory, flag)
-
-        for path_flag in path_flags:
-            if flag == path_flag:
-                make_next_absolute = True
-                break
-
-            if flag.startswith(path_flag):
-                path = flag[len(path_flag):]
-                new_flag = path_flag + os.path.join(working_directory, path)
-                break
-
-        if new_flag:
-            new_flags.append(new_flag)
-    return new_flags
-
-
-def IsHeaderFile(filename):
-    """
-    Check whether 'filename' is considered as a header file.
-    """
-    extension = os.path.splitext(filename)[1]
-    return extension in HEADER_EXTENSIONS
-
-
-def GetCompilationInfoForFile(filename):
-    """
-    Helper function to look up compilation info of 'filename' in the 'database'.
-    """
-    # The compilation_commands.json file generated by CMake does not have
-    # entries for header files. So we do our best by asking the db for flags for
-    # a corresponding source file, if any. If one exists, the flags for that
-    # file should be good enough.
-    if not database:
-        return None
-
-    if IsHeaderFile(filename):
-        basename = os.path.splitext(filename)[0]
-        for extension in SOURCE_EXTENSIONS:
-            replacement_file = basename + extension
-            if os.path.exists(replacement_file):
-                compilation_info = \
-                    database.GetCompilationInfoForFile(replacement_file)
-                if compilation_info.compiler_flags_:
-                    return compilation_info
-        return None
-    return database.GetCompilationInfoForFile(filename)
-
-
-def FlagsForFile(filename, **kwargs):
-    """
-    Callback function to be invoked by YouCompleteMe in order to get the
-    information necessary to compile 'filename'.
-
-    It returns a dictionary with a single element 'flags'. This element is a
-    list of compiler flags to pass to libclang for the file 'filename'.
-    """
-    if database:
-        # Bear in mind that compilation_info.compiler_flags_ does NOT return a
-        # python list, but a "list-like" StringVec object
-        compilation_info = GetCompilationInfoForFile(filename)
-        if not compilation_info:
-            return None
-
-        final_flags = MakeRelativePathsInFlagsAbsolute(
-            compilation_info.compiler_flags_,
-            compilation_info.compiler_working_dir_)
-
-    else:
-        relative_to = DirectoryOfThisScript()
-        final_flags = MakeRelativePathsInFlagsAbsolute(flags, relative_to)
-
-    return {
-        "flags": final_flags,
-        "do_cache": True
-    }
--- a/13
+++ b/13
@ -176,16 +176,3 @@ For pacman:
 -------------------------------------------

 Never directly include config.h. This will always be added via Makefiles.
-
-GDB and Valgrind Usage
-~~~~~~~~~~~~~~~~~~~~~~
-
-When using GDB or valgrind on pacman, you will want to run it on the actual
-binary rather than the shell script wrapper produced by libtool. The actual
-binary lives at `src/pacman/.libs/lt-pacman`, and will exist after running
-`./src/pacman/pacman` at least once.
-
-For example, to run valgrind:
-
-    ./src/pacman/pacman
-    valgrind --leak-check=full -- src/pacman/.libs/lt-pacman -Syu
--- a/370
+++ b/370
@ -1,370 +0,0 @@
-Installation Instructions
-*************************
-
-Copyright (C) 1994-1996, 1999-2002, 2004-2013 Free Software Foundation,
-Inc.
-
-   Copying and distribution of this file, with or without modification,
-are permitted in any medium without royalty provided the copyright
-notice and this notice are preserved.  This file is offered as-is,
-without warranty of any kind.
-
-Basic Installation
-==================
-
-   Briefly, the shell commands `./configure; make; make install' should
-configure, build, and install this package.  The following
-more-detailed instructions are generic; see the `README' file for
-instructions specific to this package.  Some packages provide this
-`INSTALL' file but do not implement all of the features documented
-below.  The lack of an optional feature in a given package is not
-necessarily a bug.  More recommendations for GNU packages can be found
-in *note Makefile Conventions: (standards)Makefile Conventions.
-
-   The `configure' shell script attempts to guess correct values for
-various system-dependent variables used during compilation.  It uses
-those values to create a `Makefile' in each directory of the package.
-It may also create one or more `.h' files containing system-dependent
-definitions.  Finally, it creates a shell script `config.status' that
-you can run in the future to recreate the current configuration, and a
-file `config.log' containing compiler output (useful mainly for
-debugging `configure').
-
-   It can also use an optional file (typically called `config.cache'
-and enabled with `--cache-file=config.cache' or simply `-C') that saves
-the results of its tests to speed up reconfiguring.  Caching is
-disabled by default to prevent problems with accidental use of stale
-cache files.
-
-   If you need to do unusual things to compile the package, please try
-to figure out how `configure' could check whether to do them, and mail
-diffs or instructions to the address given in the `README' so they can
-be considered for the next release.  If you are using the cache, and at
-some point `config.cache' contains results you don't want to keep, you
-may remove or edit it.
-
-   The file `configure.ac' (or `configure.in') is used to create
-`configure' by a program called `autoconf'.  You need `configure.ac' if
-you want to change it or regenerate `configure' using a newer version
-of `autoconf'.
-
-   The simplest way to compile this package is:
-
-  1. `cd' to the directory containing the package's source code and type
-     `./configure' to configure the package for your system.
-
-     Running `configure' might take a while.  While running, it prints
-     some messages telling which features it is checking for.
-
-  2. Type `make' to compile the package.
-
-  3. Optionally, type `make check' to run any self-tests that come with
-     the package, generally using the just-built uninstalled binaries.
-
-  4. Type `make install' to install the programs and any data files and
-     documentation.  When installing into a prefix owned by root, it is
-     recommended that the package be configured and built as a regular
-     user, and only the `make install' phase executed with root
-     privileges.
-
-  5. Optionally, type `make installcheck' to repeat any self-tests, but
-     this time using the binaries in their final installed location.
-     This target does not install anything.  Running this target as a
-     regular user, particularly if the prior `make install' required
-     root privileges, verifies that the installation completed
-     correctly.
-
-  6. You can remove the program binaries and object files from the
-     source code directory by typing `make clean'.  To also remove the
-     files that `configure' created (so you can compile the package for
-     a different kind of computer), type `make distclean'.  There is
-     also a `make maintainer-clean' target, but that is intended mainly
-     for the package's developers.  If you use it, you may have to get
-     all sorts of other programs in order to regenerate files that came
-     with the distribution.
-
-  7. Often, you can also type `make uninstall' to remove the installed
-     files again.  In practice, not all packages have tested that
-     uninstallation works correctly, even though it is required by the
-     GNU Coding Standards.
-
-  8. Some packages, particularly those that use Automake, provide `make
-     distcheck', which can by used by developers to test that all other
-     targets like `make install' and `make uninstall' work correctly.
-     This target is generally not run by end users.
-
-Compilers and Options
-=====================
-
-   Some systems require unusual options for compilation or linking that
-the `configure' script does not know about.  Run `./configure --help'
-for details on some of the pertinent environment variables.
-
-   You can give `configure' initial values for configuration parameters
-by setting variables in the command line or in the environment.  Here
-is an example:
-
-     ./configure CC=c99 CFLAGS=-g LIBS=-lposix
-
-   *Note Defining Variables::, for more details.
-
-Compiling For Multiple Architectures
-====================================
-
-   You can compile the package for more than one kind of computer at the
-same time, by placing the object files for each architecture in their
-own directory.  To do this, you can use GNU `make'.  `cd' to the
-directory where you want the object files and executables to go and run
-the `configure' script.  `configure' automatically checks for the
-source code in the directory that `configure' is in and in `..'.  This
-is known as a "VPATH" build.
-
-   With a non-GNU `make', it is safer to compile the package for one
-architecture at a time in the source code directory.  After you have
-installed the package for one architecture, use `make distclean' before
-reconfiguring for another architecture.
-
-   On MacOS X 10.5 and later systems, you can create libraries and
-executables that work on multiple system types--known as "fat" or
-"universal" binaries--by specifying multiple `-arch' options to the
-compiler but only a single `-arch' option to the preprocessor.  Like
-this:
-
-     ./configure CC="gcc -arch i386 -arch x86_64 -arch ppc -arch ppc64" \
-                 CXX="g++ -arch i386 -arch x86_64 -arch ppc -arch ppc64" \
-                 CPP="gcc -E" CXXCPP="g++ -E"
-
-   This is not guaranteed to produce working output in all cases, you
-may have to build one architecture at a time and combine the results
-using the `lipo' tool if you have problems.
-
-Installation Names
-==================
-
-   By default, `make install' installs the package's commands under
-`/usr/local/bin', include files under `/usr/local/include', etc.  You
-can specify an installation prefix other than `/usr/local' by giving
-`configure' the option `--prefix=PREFIX', where PREFIX must be an
-absolute file name.
-
-   You can specify separate installation prefixes for
-architecture-specific files and architecture-independent files.  If you
-pass the option `--exec-prefix=PREFIX' to `configure', the package uses
-PREFIX as the prefix for installing programs and libraries.
-Documentation and other data files still use the regular prefix.
-
-   In addition, if you use an unusual directory layout you can give
-options like `--bindir=DIR' to specify different values for particular
-kinds of files.  Run `configure --help' for a list of the directories
-you can set and what kinds of files go in them.  In general, the
-default for these options is expressed in terms of `${prefix}', so that
-specifying just `--prefix' will affect all of the other directory
-specifications that were not explicitly provided.
-
-   The most portable way to affect installation locations is to pass the
-correct locations to `configure'; however, many packages provide one or
-both of the following shortcuts of passing variable assignments to the
-`make install' command line to change installation locations without
-having to reconfigure or recompile.
-
-   The first method involves providing an override variable for each
-affected directory.  For example, `make install
-prefix=/alternate/directory' will choose an alternate location for all
-directory configuration variables that were expressed in terms of
-`${prefix}'.  Any directories that were specified during `configure',
-but not in terms of `${prefix}', must each be overridden at install
-time for the entire installation to be relocated.  The approach of
-makefile variable overrides for each directory variable is required by
-the GNU Coding Standards, and ideally causes no recompilation.
-However, some platforms have known limitations with the semantics of
-shared libraries that end up requiring recompilation when using this
-method, particularly noticeable in packages that use GNU Libtool.
-
-   The second method involves providing the `DESTDIR' variable.  For
-example, `make install DESTDIR=/alternate/directory' will prepend
-`/alternate/directory' before all installation names.  The approach of
-`DESTDIR' overrides is not required by the GNU Coding Standards, and
-does not work on platforms that have drive letters.  On the other hand,
-it does better at avoiding recompilation issues, and works well even
-when some directory options were not specified in terms of `${prefix}'
-at `configure' time.
-
-Optional Features
-=================
-
-   If the package supports it, you can cause programs to be installed
-with an extra prefix or suffix on their names by giving `configure' the
-option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'.
-
-   Some packages pay attention to `--enable-FEATURE' options to
-`configure', where FEATURE indicates an optional part of the package.
-They may also pay attention to `--with-PACKAGE' options, where PACKAGE
-is something like `gnu-as' or `x' (for the X Window System).  The
-`README' should mention any `--enable-' and `--with-' options that the
-package recognizes.
-
-   For packages that use the X Window System, `configure' can usually
-find the X include and library files automatically, but if it doesn't,
-you can use the `configure' options `--x-includes=DIR' and
-`--x-libraries=DIR' to specify their locations.
-
-   Some packages offer the ability to configure how verbose the
-execution of `make' will be.  For these packages, running `./configure
--enable-silent-rules' sets the default to minimal output, which can be
-overridden with `make V=1'; while running `./configure
--disable-silent-rules' sets the default to verbose, which can be
-overridden with `make V=0'.
-
-Particular systems
-==================
-
-   On HP-UX, the default C compiler is not ANSI C compatible.  If GNU
-CC is not installed, it is recommended to use the following options in
-order to use an ANSI C compiler:
-
-     ./configure CC="cc -Ae -D_XOPEN_SOURCE=500"
-
-and if that doesn't work, install pre-built binaries of GCC for HP-UX.
-
-   HP-UX `make' updates targets which have the same time stamps as
-their prerequisites, which makes it generally unusable when shipped
-generated files such as `configure' are involved.  Use GNU `make'
-instead.
-
-   On OSF/1 a.k.a. Tru64, some versions of the default C compiler cannot
-parse its `<wchar.h>' header file.  The option `-nodtk' can be used as
-a workaround.  If GNU CC is not installed, it is therefore recommended
-to try
-
-     ./configure CC="cc"
-
-and if that doesn't work, try
-
-     ./configure CC="cc -nodtk"
-
-   On Solaris, don't put `/usr/ucb' early in your `PATH'.  This
-directory contains several dysfunctional programs; working variants of
-these programs are available in `/usr/bin'.  So, if you need `/usr/ucb'
-in your `PATH', put it _after_ `/usr/bin'.
-
-   On Haiku, software installed for all users goes in `/boot/common',
-not `/usr/local'.  It is recommended to use the following options:
-
-     ./configure --prefix=/boot/common
-
-Specifying the System Type
-==========================
-
-   There may be some features `configure' cannot figure out
-automatically, but needs to determine by the type of machine the package
-will run on.  Usually, assuming the package is built to be run on the
-_same_ architectures, `configure' can figure that out, but if it prints
-a message saying it cannot guess the machine type, give it the
-`--build=TYPE' option.  TYPE can either be a short name for the system
-type, such as `sun4', or a canonical name which has the form:
-
-     CPU-COMPANY-SYSTEM
-
-where SYSTEM can have one of these forms:
-
-     OS
-     KERNEL-OS
-
-   See the file `config.sub' for the possible values of each field.  If
-`config.sub' isn't included in this package, then this package doesn't
-need to know the machine type.
-
-   If you are _building_ compiler tools for cross-compiling, you should
-use the option `--target=TYPE' to select the type of system they will
-produce code for.
-
-   If you want to _use_ a cross compiler, that generates code for a
-platform different from the build platform, you should specify the
-"host" platform (i.e., that on which the generated programs will
-eventually be run) with `--host=TYPE'.
-
-Sharing Defaults
-================
-
-   If you want to set default values for `configure' scripts to share,
-you can create a site shell script called `config.site' that gives
-default values for variables like `CC', `cache_file', and `prefix'.
-`configure' looks for `PREFIX/share/config.site' if it exists, then
-`PREFIX/etc/config.site' if it exists.  Or, you can set the
-`CONFIG_SITE' environment variable to the location of the site script.
-A warning: not all `configure' scripts look for a site script.
-
-Defining Variables
-==================
-
-   Variables not defined in a site shell script can be set in the
-environment passed to `configure'.  However, some packages may run
-configure again during the build, and the customized values of these
-variables may be lost.  In order to avoid this problem, you should set
-them in the `configure' command line, using `VAR=value'.  For example:
-
-     ./configure CC=/usr/local2/bin/gcc
-
-causes the specified `gcc' to be used as the C compiler (unless it is
-overridden in the site shell script).
-
-Unfortunately, this technique does not work for `CONFIG_SHELL' due to
-an Autoconf limitation.  Until the limitation is lifted, you can use
-this workaround:
-
-     CONFIG_SHELL=/bin/bash ./configure CONFIG_SHELL=/bin/bash
-
-`configure' Invocation
-======================
-
-   `configure' recognizes the following options to control how it
-operates.
-
-`--help'
-`-h'
-     Print a summary of all of the options to `configure', and exit.
-
-`--help=short'
-`--help=recursive'
-     Print a summary of the options unique to this package's
-     `configure', and exit.  The `short' variant lists options used
-     only in the top level, while the `recursive' variant lists options
-     also present in any nested packages.
-
-`--version'
-`-V'
-     Print the version of Autoconf used to generate the `configure'
-     script, and exit.
-
-`--cache-file=FILE'
-     Enable the cache: use and save the results of the tests in FILE,
-     traditionally `config.cache'.  FILE defaults to `/dev/null' to
-     disable caching.
-
-`--config-cache'
-`-C'
-     Alias for `--cache-file=config.cache'.
-
-`--quiet'
-`--silent'
-`-q'
-     Do not print messages saying which checks are being made.  To
-     suppress all normal output, redirect it to `/dev/null' (any error
-     messages will still be shown).
-
-`--srcdir=DIR'
-     Look for the package's source code in directory DIR.  Usually
-     `configure' can determine that directory automatically.
-
-`--prefix=DIR'
-     Use DIR as the installation prefix.  *note Installation Names::
-     for more details, including other options available for fine-tuning
-     the installation locations.
-
-`--no-create'
-`-n'
-     Run the configure checks, but stop before creating any output
-     files.
-
-`configure' also accepts some other, not widely useful, options.  Run
-`configure --help' for more details.
--- a/Makefile.am
+++ b/Makefile.am
@ -1,78 +0,0 @@
-SUBDIRS = lib/libalpm src/util src/pacman scripts etc test/pacman test/util test/scripts
-if WANT_DOC
-SUBDIRS += doc
-endif
-
-DIST_SUBDIRS = $(SUBDIRS) src/common
-
-ACLOCAL_AMFLAGS = -I m4 --install
-AM_MAKEFLAGS = --no-print-directory
-
-# Make sure we test and build manpages when doing distcheck
-DISTCHECK_CONFIGURE_FLAGS = --enable-doc --disable-git-version \
-		bashcompdir='$${prefix}/share/bash-completion/completions'
-
-# Some files automatically included, so they aren't specified below:
-#   AUTHORS, COPYING, NEWS, README
-EXTRA_DIST = HACKING test/tap.sh
-
-# Sample makepkg prototype files
-pkgdatadir = ${datadir}/${PACKAGE}
-dist_pkgdata_DATA = \
-	proto/PKGBUILD.proto \
-	proto/PKGBUILD-split.proto \
-	proto/PKGBUILD-vcs.proto \
-	proto/proto.install
-
-$(top_srcdir)/test/pacman/tests/TESTS: $(wildcard test/pacman/tests/*.py)
-	@printf "TESTS += %s\n" $^ | LC_ALL=C sort -u > "$@"
-
-TESTS =  test/scripts/parseopts_test.sh \
-				 test/scripts/human_to_size_test.sh \
-				 test/scripts/makepkg-template_test.sh \
-				 test/scripts/pacman-db-upgrade-v9.py \
-				 test/util/vercmptest.sh
-include $(top_srcdir)/test/pacman/tests/TESTS
-
-TEST_SUITE_LOG = test/test-suite.log
-TEST_EXTENSIONS = .py
-AM_TESTS_ENVIRONMENT = \
-	PMTEST_UTIL_DIR=$(top_builddir)/src/util/; export PMTEST_UTIL_DIR; \
-	PMTEST_SCRIPT_DIR=$(top_builddir)/scripts/; export PMTEST_SCRIPT_DIR; \
-	PMTEST_SCRIPTLIB_DIR=$(top_srcdir)/scripts/library/; export PMTEST_SCRIPTLIB_DIR; \
-	PMTEST_LIBMAKEPKG_DIR=$(top_builddir)/scripts/libmakepkg/; export PMTEST_LIBMAKEPKG_DIR;
-LOG_DRIVER = env AM_TAP_AWK='$(AWK)' $(SHELL) \
-								 $(top_srcdir)/build-aux/tap-driver.sh
-PY_LOG_DRIVER = env AM_TAP_AWK='$(AWK)' $(SHELL) \
-								 $(top_srcdir)/build-aux/tap-driver.sh
-PY_LOG_COMPILER = $(PYTHON) $(top_srcdir)/test/pacman/pactest.py
-AM_PY_LOG_FLAGS = \
-		--scriptlet-shell $(SCRIPTLET_SHELL) \
-		--ldconfig $(LDCONFIG) \
-		--bindir $(top_builddir)/src/pacman \
-		--bindir $(top_builddir)/scripts
-if !HAVE_LIBGPGME
-AM_PY_LOG_FLAGS += --without-gpg
-endif
-if !HAVE_LIBCURL
-AM_PY_LOG_FLAGS += --without-curl
-endif
-
-# create the pacman DB, cache, makepkg-template and system hook directories upon install
-install-data-local:
-	for dir in "$(DESTDIR)$(localstatedir)/lib/pacman" "$(DESTDIR)$(localstatedir)/cache/pacman/pkg" \
-	           "$(DESTDIR)$(datarootdir)/makepkg-template" "$(DESTDIR)$(datarootdir)/libalpm/hooks"; do \
-	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
-	done
-
-update-po:
-	$(MAKE) -C lib/libalpm/po update-po
-	$(MAKE) -C scripts/po update-po
-	$(MAKE) -C src/pacman/po update-po
-
-update-copyright:
-	for file in $(shell sh -c 'git grep -l "Copyright .* Pacman Development" | grep -v "\.po"'); do \
-	  sed -i -e "/Copyright (/s/-$(OLD)/-$(NEW)/" -e "/Copyright (/s/ $(OLD)/ $(OLD)-$(NEW)/" "$$file"; \
-	done
-
-.PHONY: update-po update-copyright
--- a/310
+++ b/310
@ -1,5 +1,299 @@
 VERSION         DESCRIPTION
 -----------------------------------------------------------------------------
+7.0.0         - Add DownloadUser configuration option used to drop-privileges
+                when downloading files.
+              - Download files to a temporary directory owned by DownloadUser
+              - On Linux systems, ensure the download process does not write
+                outside the download directory
+              - Add DisableSandbox option and --disable-sandbox flag to
+                disable the download write restrictions on Linux systems
+              - Ensure database and signature are downloaded from the same
+                location. Fixes the use of XferCommand.
+              - Use snprintf instead of sprintf
+              - Fix issue preventing use of _FORITIFY_SOURCE=3 when compiling
+              - Fix read-after-free issue when parsing config files
+              - Fix searching for files in an non-NULL by empty filelist
+              - Prevent buffer overflow with long scriptlet shell path
+              - repo-add:
+                - Fix issue with missing argument in parsepots for -k/--key
+                - Handle lack of newline at the end of .PKGINFO
+                - create empty databases when requested
+              - makepkg:
+                - Remove GITFLAGS support - this required multiple breaking
+                  changes to git source handling in order to fully support.
+                - Prevent MAKEFLAGS and CHOST from being disabled with
+                  options=(!buildenv)
+                - Fix unstable git checksumming, and dependence on user
+                  config
+                - Make "not a clone of" source errors visible with a new
+                  return code
+                - Document makepkg.conf.d dropin configuration
+                - Drop sudo permissions after use
+                - Prevent PKGBUILDs overriding BUILDENV
+                - only copy source files once when creating a debug package
+              - pacman-key:
+                - Fix permissions check for non-root operations
+6.1.0         - Add cache server support
+              - Improvements to --sysroot option - NOTE: targets to -U are no
+                longer interpreted relative to sysroot
+              - Add more format specifiers for --print operations
+              - Add extended data field for arbitrary package data
+              - Do not run hooks with --dbonly
+              - Provide more details when encountering file conflicts or
+                corrupt packages
+              - Improved WKD support (FS#73703, FS#73534)
+              - Improved handling of malformed download headers (FS#73704)
+              - Use openssl interfaces for calculating sha256 and md5 sums
+              - Fix multi download bar chomps
+              - makepkg:
+                - Replace libdepends and libprovides with autodeps
+                - Support configuration via makepkg.conf.d drop-ins
+                - Add GITFLAGS environment variable to customize checkouts
+                - Add -D option to change directory before building
+                - Implement verify() function for custom source verificaton
+                - Add checksum support for git/mercurial/bzr sources
+                - Improved stripping and debug package support
+                - Configurable LTO support
+                - Add source signing PGP keys to package if available
+                - Store "pkgtype" in xdata
+                - Remove md5sum from mtree files
+                - Document MAKEPKG_LIBRARY
+              - repo-add:
+                - Do not include package signature details in the repo. Add
+                  the --include-sigs to revert to old behaviour.
+                - Do not add md5sum to the repo database
+6.0.1         - Prevent download error pages ending up in package files
+                (FS#71083)
+              - Give -U downloads a random .part file name if needed
+                (FS#71464)
+              - Fix downloading signatures with redirecting URLs (FS#71148)
+              - Fix double free when importing PGP keys (FS#71107)
+              - Ensure signature files are named after original file
+                following redirects (FS#71274)
+              - Order downloads by size - largest to smallest (FS#70172)
+              - Fix reproducibility of man pages (FS#71154)
+              - makepkg:
+                - Fix stripping debug symbols with binutils 2.37 (FS#71722)
+                - Export PYTHONHASHSEED for reproducible python packages
+              - pacman-key:
+                - Quieten trust db checks.
+6.0.0         - internal downloader can retrieve files in parallel (FS#20056)
+              - an additional progress bar is added to track total download
+                progress.  This replaces the previous TotalDownload option.
+              - fix download rates becoming negative
+              - skip mirror servers with too many errors (FS#29293)
+              - package signatures are always retrieved even if signature is
+                embedded in repo database or package is in cache (FS#33992)
+              - detached package signatures found in CacheDir can be used to
+                verify packages if signature is not in the database. Also
+                verify packages checksums from repo db when using detached
+                signatures.
+              - add support for multiple 'Architecture' values
+              - -Qkk now validates file checksums in addition to date/size
+              - colored upgrade summary now dulls version numbers for contrast
+              - libalpm frontends can now supply context to callbacks (FS#12721)
+              - support xattr when extracting packages
+              - allow setting --noprogressbar in pacman.conf
+              - fix output alignment for CJK translated text (FS#59229)
+              - fix reading targets from stdin when using --sysroot (FS#68630)
+              - fix deleting signatures for existing databases with -Sc
+              - check for and forbid duplicate download filenames (FS#67850)
+              - -Fx now reports error for invalid regex
+              - remove support for the autotools build system
+              - meson: properly compile internal symbols as hidden
+              - meson: make -uninstalled.pc correct
+              - fix build errors on systems like FreeBSD
+              - makepkg:
+                - add link time optimization support to makepkg
+                - add support for sources using the fossil VCS
+                - allow specifying alternative authentication commands when
+                  running pacman as root (FS#32621)
+                - support zstd decompression for sources
+                - strip: fix removing file attributes such as xattr
+                - switch to CRC as default integrity checksum
+                - record $startdir for reproducible builds
+                - record name of build orchestration tool for reproducible builds
+                - fix signing of source packages
+                - add optional argument support to parseopts
+                - reduce dependency on file for detecting ELF files
+                - remove dependency on GNU sed
+                - avoid trailing whitespace in --printsrcinfo output
+                - libprovides: don't provide both versioned and unversioned
+                  sonames
+                - don't double-layer distcc on ccache
+                - fix detection of source file names for debug packages with
+                  gcc 11
+                - strip: silence warnings emitted by readelf while detecting
+                  source filenames
+                - fix use of spaces in source file renaming (FS#70254)
+              - pacman-key:
+                - --refresh-keys queries WKD before keyserver
+                - be less noisy when populating the keyring (FS#64142)
+                - warn about time taken for master key generation
+              - repo-add:
+                - support the same compression methods as makepkg
+              - zsh completion: add pacman-conf support
+              - various documentation updates
+              - after a decade and a half of promising libalpm.3 documentation
+                "once we get around to doing good Doxygen documentation", it
+                has happened!
+5.2.2         - fix pacman test suite under python 3.8
+              - only prompt to import new keys once in a transaction
+              - fix handling of fully downloaded .part files
+              - increase maximum database size (FS#65197)
+              - fix segfault in alpm_option_set_assumeinstalled
+              - change config parsing warnings to errors to match actual
+                behavior
+              - fix key extraction for signatures with two-octet sub-packet
+                headers
+              - fix documentation typos (FS#67000)
+              - change master signing key to RSA4096
+              - improve error message when building without autoconf-archive
+              - pacman-conf:
+                - allow querying ILoveCandy individually
+                - fix querying NoExtract individually
+              - makepkg:
+                - fix seccmp-related error while stripping binaries (FS#65100)
+                - fix extraction of file:// sources (FS#64648)
+                - allow $pkgname in install and changelog file names (FS#64932)
+                - sort libprovides for reproducibility
+                - strip: don't re-add the same debug source multiple times
+                - error on empty refspecs in git sources
+                - correctly handle missing download clients
+                - fix splitting multi-line error messages across stdout and
+                  stderr
+                - handle GPGKEY with spaces (FS#66949)
+                - do not accept public-only keys for signing
+              - repo-add:
+                - handle GPGKEY with spaces (FS#66949)
+                - do not accept public-only keys for signing
+5.2.1         - fix segfault on importing PGP keys for -U operations
+              - fix distribution of meson files
+              - fix inode command for darwin/bsd
+              - distribute all documentation files
+              - update bash/zsh completion for -F changes, remove --force
+              - makepkg:
+                - fix calculation of package sizes in presence of hardlinks
+                - do not warn about PACKAGER format if not set
+                - only run --clean when a package is built
+              - repo-add:
+                - fix compression of databases with zstd (FS#64213)
+5.2.0         - completely remove delta support (CVE-2019-18183)
+              - add support to pacman and pacman-key for downloading PGP
+                signing keys using the WKD protocol (FS#63171)
+              - completely remove the --force option
+              - renovate and simplify the UI for -F (FS#47949)
+              - hooks: rename type File to Path, for accuracy
+              - add the meson build system as an alternative to autotools, and
+                distribute it in autotools dist tarballs
+              - switch from system() to exec() when using alternative download
+                agents for XferCommand; this prevents a potential source of
+                shell injection (CVE-2019-18182)
+              - ignore .hook suffix when sorting libalpm hooks
+              - update the minimum requirement of bash to 4.4
+              - scripts: pass on options such as set -x to child processes
+              - show group and installed status during -Fs
+              - user-visible log when validity check fails due to access
+              - port pactest to python3
+              - process --needed before group selection when resolving the
+                dependencies to prompt for (FS#22870)
+              - don't error when a group exists but all packages are ignored
+              - bash completion now completes when it should, and doesn't
+                complete when it shouldn't (FS#59965)
+              - improve error message when gpg support is missing (FS#60880)
+              - don't emit confusing errors when a package is simultaneously
+                replaced and upgraded (FS#50875, FS#55534)
+              - better warning message when skipping duplicate targets
+                (FS#49377)
+              - libalpm: parse {check, make}depends when reading database
+                (FS#60347)
+              - add [ignored] to -Qu output for packages in repos that are not
+                Usage = Upgrade (FS#59854)
+              - prevent 301 redirect loop from hanging libalpm
+              - use standard, consistent units in the download progress
+                (FS#59201)
+              - fix segfault when Usage is specified without a value
+              - include timezones in pacman.log
+              - bash-completion: use POSIX character classes for portability
+              - correctly report a download failure for 404s
+              - fix handling of signals during SIGSEGV
+              - fix buffer overread in pacman/callback
+              - fix crash when downloading files with a Content-Disposition
+                that has no directory component
+              - pacman-conf, testpkg are now properly localized
+              - when -F returns zero results, set a failing exit code
+              - improve wording for the error message when a package cannot be
+                removed due to dependencies
+              - fix segfaults and other incorrect behavior when using -Qip if
+                pacman was compiled without GPGME support
+              - makepkg:
+                - implement extendable source/signature verification routines
+                  within libmakepkg (FS#49076)
+                - if pacman is in use, wait until it is available before
+                  continuing (FS#28840)
+                - add support for lzip, lz4 and zst compressed packages
+                  (FS#56676, FS#59081)
+                - add new checksum algorithm, b2sum
+                - various improvements to PKGBUILD linting
+                - when signing packages, report package filename on failure
+                - fix pkgver() function not aborting on errors
+                - remove checksum algorithm whirlpoolsum as it has not worked
+                  for a long time
+                - reject PKGBUILDs with both split and non-split package
+                  functions
+                - send status messages to stderr rather than stdout (FS#17173)
+                - ensure debug buildflags are unset when they are supposed to be
+                - buildenv and executable detection, definitions for the
+                  PKGBUILD schema, and makepkg.conf loading are now part of
+                  libmakepkg
+                - fix broken check for the fakeroot binary
+                - improve the error message for invalid dependency versioning
+                - add routine for linting $SOURCE_DATE_EPOCH
+                - fix the error code when no PKGBUILD exists
+                - use --unneeded when removing build deps to allow runtime-only
+                  deps to work well with makepkg -sir (FS#32723)
+                - compute package sizes correctly across different filesystems
+                - use shared clones for git sources to save space when building
+                - fix reporting of invalid archive extensions
+                - correctly handle hg sources with updates on a non-default
+                  branch
+                - install pkg-config file for libmakepkg's library directory
+                - propagate error codes when package failed to sign correctly
+                - be compatible with file 5.37's application/gzip MIME type
+                - forbid non-ASCII pkgname and pkgver (FS#49342)
+                - fix exiting on failure without ensuring dependencies are
+                  prompted for removal (FS#63000)
+                - quiet superfluous warnings for missing debug source files for
+                  artificial symbols
+                - add routine for linting $PACKAGER to check that it has a
+                  valid name and email address, and document the desired format
+                  in makepkg.conf(5)
+                - add rust support for *FLAGS and debug-prefix-map
+                - correctly handle a system file command with seccomp enabled
+                  (FS#58626)
+                - try to more thoroughly clean up logpipe during unusual exit
+                  states such as CTRL-C
+                - when installing packages with -sir, be more robust against
+                  conflicting makedepends by always uninstalling them first
+                - fix exit code when removing deps fails
+                - reproducible builds: suppress filesystem-specific archive
+                  metadata from built packages as they are not needed
+              - pacman-key:
+                - just accept one file to verify, and enforce detached sigs
+                  (FS#52022)
+                - after recent GnuPG updates, ensure the Web of Trust is still
+                  used
+                - clean keys during import to reduce size consumed by unusable
+                  signatures
+              - repo-add:
+                - add support for zst compressed databases
+                - print the name of the database when extracting
+                - do not infinitely loop on malformed arguments with embedded
+                  globs
+                - add option to prevent downgrading (FS#17752)
+              - various documentation updates
+5.1.3         - Sanitize file name received from Content-Disposition header
+                during -U (CVE-2019-9686)
 5.1.2         - pacman-conf: add missing DisableDownloadTimeout support
              - Include version when checking optdepend install status
                during -Qi (FS#60106)
@ -324,8 +618,8 @@ VERSION         DESCRIPTION
                - remove --asroot and enforce fakeroot usage
                - all PKGBUILDs require a package() function
                - PKGBUILDs can no longer be read from stdin
-                - enable make style environmental overrides
-                - Read CARCH environmental variable (FS#35030)
+                - enable make-style environment variable overrides
+                - Read CARCH environment variable (FS#35030)
                - makedepends and checkdepends are installed together (FS#31557)
                - added support for sha224 checksums (FS#36776)
                - remove warning when license is not specified in PKGBUILD
@ -355,7 +649,7 @@ VERSION         DESCRIPTION
                file overwrites from malicious databases
              - makepkg:
                - restrict package name from starting with a dot
-                - fix BZR source revision support (FS#35281)
+                - fix Bazaar source revision support (FS#35281)
                - Use LOGDEST for log pipe
                - fix distcc disabling (FS#35741)
                - correct stat usage on BSD/Darwin (FS#35469)
@ -371,7 +665,7 @@ VERSION         DESCRIPTION
                FS#34716, FS#35097)
              - makepkg:
                - improve SVN VCS PKGBUILD handling (FS#34675, FS#34636)
-                - allow "lp:" URLs for BZR sources (FS#34650)
+                - allow "lp:" URLs for Bazaar sources (FS#34650)
                - prevent pkgver() capturing stderr (FS#34974)
                - fix attempt to remove package twice on failure (FS#34672)
              - contrib:
@ -422,7 +716,7 @@ VERSION         DESCRIPTION
                - pkgrel must be in decimal format
                - PKGBUILDs without package() functions are deprecated
                - support specifying CPPFLAGS in makepkg.conf
-                - support PACKAGER environmental variable
+                - support PACKAGER environment variable
                - allow source renaming to work on signature files
                - configurable compression options (FS#27430)
                - allow multiple packages to be build when using
@ -436,7 +730,7 @@ VERSION         DESCRIPTION
                - add LOGDEST configuration option
                - install makedepends with --repackage
              - repo-add:
-                - honor TMPDIR environmental variable
+                - honor TMPDIR environment variable
                - add makedepends/checkdepends information to database
              - pacman-key:
                - fix importing keys with quotes in file name (FS#28445)
@ -1044,7 +1338,7 @@ VERSION         DESCRIPTION
                - add source package creation option
              - rankmirrors- allow reading from stdin (FS#8043)
              - and many other updates: 198 bugs/FRs closed since 3.0.0 release
-              - switch to GIT for source code management
+              - switch to Git for source code management
 3.0.6         - config files updated to reflect current -> core change
              - fix symlink overwriting issue (FS#7484)
              - fix config parsing with tr_TR locale (FS#7235)
@ -1196,7 +1490,7 @@ VERSION         DESCRIPTION
                - Cleanup db_loadpkgs(), add list_add_sorted()
              - Fixed a memory leak in db_find_conflicts()
 2.8.3         - Fixed a little makepkg bug with bash 3.0
-              - Fixed resolvedeps to always prefer literals over provisios
+              - Fixed resolvedeps to always prefer literals over providers
              - Added --config option to specify an alternate config file
              - Added "Include" directive to include repositories from
                config files (inspired by Michael Baehr's patch)
--- a/259
+++ b/259
@ -6,7 +6,7 @@ Package Management) library. This document, while not exhaustive, also
 indicates some limitations (on purpose, or sometimes due to its poor design) of
 the library at the present time.

-There is one special file,"alpm.h", which is the public interface that
+There is one special file, "alpm.h", which is the public interface that
 should be distributed and installed on systems with the library. Only
 structures, data and functions declared within this file are made available to
 the frontend. Lots of structures are of an opaque type and their fields are
@ -52,13 +52,11 @@ library is initialized.
 * logcb: The callback function for "log" operations.
 * dlcb: The callback function for download progress of each package.
 * fetchcb: Callback for custom download function.
-* totaldlcb: The callback function for overall download progress.
 * eventcb: Callback for transaction messages.
 * questioncb: Callback for selecting amongst choices.
 * progresscb: Callback to handle display of transaction progress.
 * gpgdir: Directory where GnuPG files are stored.
 * arch: Allowed package architecture.
-* deltaratio: Download deltas if possible; a ratio value.
 * checkspace: Check disk space before installing.
 * default_siglevel: Default signature verification level.
 * local_file_siglevel: Signature verification level for local file upgrades.
@ -196,8 +194,8 @@ remove.c and sync.c).

 The frontend is using a configuration file, usually "/etc/pacman.conf".  Some
 of these options are only useful for the frontend only (mainly the ones used to
-control the output like totaldownload, or the behavior with cleanmethod and
-syncfirst).  The rest is used to configure the library.
+control the output like verbosepkglist, or the behavior with cleanmethod).
+The rest is used to configure the library.


 [UPGRADE/REMOVE/SYNC]
@ -241,7 +239,7 @@ API CHANGES BETWEEN 3.1 AND 3.2
 - alpm_checkdbconflicts()
 - alpm_sync_newversion()
 - alpm_deptest()
- error codes :
+- error codes:
    PM_ERR_DLT_INVALID, PM_ERR_LIBARCHIVE, PM_ERR_LIBDOWNLOAD and
    PM_ERR_EXTERNAL_DOWNLOAD
 - flags:
@ -354,7 +352,7 @@ API CHANGES BETWEEN 3.4 AND 3.5
     - alpm_db_get_pkg() for normal targets
     - alpm_find_dbs_satisfier() for versioned provisions
     - alpm_find_grp_pkgs() for groups
- alpm_deptest() is replaced by the more flexibile alpm_find_satisfier()
+- alpm_deptest() is replaced by the more flexible alpm_find_satisfier()
 - size_t used for alpm_list_t sizes
  - return type for alpm_list_count()
  - parameter type in alpm_list_msort() and alpm_list_nth()
@ -364,11 +362,11 @@ API CHANGES BETWEEN 3.4 AND 3.5
 - alpm_find_grp_pkgs()
 - alpm_trans_get_flags()
 - error codes:
-   PM_ERR_DISK_SPACE, PM_ERR_WRITE
- flags
-   PM_TRANS_FLAG_NODEPVERSION, PM_TRANS_EVT_DISKSPACE_START,
-   PM_TRANS_EVT_DISKSPACE_DONE, PM_TRANS_CONV_SELECT_PROVIDER,
-   PM_TRANS_PROGRESS_DISKSPACE_START, PM_TRANS_PROGRESS_INTEGRITY_START
+    PM_ERR_DISK_SPACE, PM_ERR_WRITE
+- flags:
+    PM_TRANS_FLAG_NODEPVERSION, PM_TRANS_EVT_DISKSPACE_START,
+    PM_TRANS_EVT_DISKSPACE_DONE, PM_TRANS_CONV_SELECT_PROVIDER,
+    PM_TRANS_PROGRESS_DISKSPACE_START, PM_TRANS_PROGRESS_INTEGRITY_START


 API CHANGES BETWEEN 3.5 AND 4.0
@ -421,7 +419,7 @@ API CHANGES BETWEEN 3.5 AND 4.0
  - alpm_release
  - alpm_remove_pkg
  - alpm_sync_sysupgrade
- several structs are no longer opaque
+- several structs are no longer opaque:
  - alpm_conflict_t
  - alpm_delta_t
  - alpm_depend_t
@ -433,19 +431,33 @@ API CHANGES BETWEEN 3.5 AND 4.0

 [ADDED]
 - option functions:
-    alpm_{get,set}_eventcb(), alpm_option_{get,set}_convcb(),
-	alpm_option_{get,set}_progresscb()
+  - alpm_{get,set}_eventcb()
+  - alpm_option_{get,set}_convcb()
+  - alpm_option_{get,set}_progresscb()
 - package signing functions:
-    alpm_option_get_default_siglevel(), alpm_option_set_default_siglevel(),
-    alpm_option_get_gpgdir(), alpm_option_set_gpgdir(), alpm_db_get_siglevel(),
-    alpm_siglist_cleanup(), alpm_db_check_pgp_signature(), alpm_pkg_check_pgp_signature(),
-    alpm_pkg_get_origin(), alpm_pkg_get_sha256sum(), alpm_pkg_get_base64_sig()
+  - alpm_option_get_default_siglevel()
+  - alpm_option_set_default_siglevel()
+  - alpm_option_get_gpgdir()
+  - alpm_option_set_gpgdir()
+  - alpm_db_get_siglevel()
+  - alpm_siglist_cleanup()
+  - alpm_db_check_pgp_signature()
+  - alpm_pkg_check_pgp_signature()
+  - alpm_pkg_get_origin()
+  - alpm_pkg_get_sha256sum()
+  - alpm_pkg_get_base64_sig()
 - list functions:
-    alpm_list_to_array(), alpm_list_previous()
+  - alpm_list_to_array()
+  - alpm_list_previous()
 - structs:
-    alpm_backup_t, alpm_file_t, alpm_filelist_t
+  - alpm_backup_t
+  - alpm_file_t
+  - alpm_filelist_t
 - enums:
-    alpm_siglevel_t, alpm_sigstatus_t, alpm_sigvalidity_t, alpm_pkgfrom_t
+  - alpm_siglevel_t
+  - alpm_sigstatus_t
+  - alpm_sigvalidity_t
+  - alpm_pkgfrom_t
 - error codes:
    ALPM_ERR_DB_INVALID, ALPM_ERR_DB_INVALID_SIG, ALPM_ERR_GPGME,
    ALPM_ERR_PKG_INVALID_CHECKSUM, ALPM_ERR_PKG_INVALID_SIG, ALPM_ERR_SIG_INVALID,
@ -472,10 +484,10 @@ API CHANGES BETWEEN 4.0 AND 4.1
  - alpm_db_unregister_all -> alpm_unregister_all_syncdbs
  - alpm_db_readgroup -> alpm_db_get_group
  - alpm_db_set_pkgreason -> alpm_pkg_set_reason (handle parameter removed)
- alpm_time_t typedef used for all times
+- alpm_time_t typedef used for all times:
  - members of alpm_pgpkey_t
  - return types of alpm_pkg_get_builddate and alpm_pkg_get_installdate
- delta options now use required ratio rather than on/off
+- delta options now use required ratio rather than on/off:
  - alpm_option_get_usedelta -> alpm_option_get_deltaratio
  - alpm_option_set_usedelta -> alpm_option_set_deltaratio

@ -492,21 +504,21 @@ API CHANGES BETWEEN 4.0 AND 4.1
  - alpm_db_usage_t
  - alpm_db_set_usage()
  - alpm_db_get_usage()
- wrapper functions for reading mtree files
+- wrapper functions for reading mtree files:
  - alpm_pkg_mtree_open()
  - alpm_pkg_mtree_next()
  - alpm_pkg_mtree_close()
- utility functions
+- utility functions:
  - alpm_pkg_find()
  - alpm_pkg_compute_optionalfor()
  - alpm_filelist_contains()
- types
+- types:
  - alpm_time_t
  - alpm_errno_t
- flags
-   ALPM_EVENT_OPTDEP_REQUIRED, ALPM_EVENT_DATABASE_MISSING,
-   ALPM_EVENT_KEYRING_START, ALPM_EVENT_KEYRING_DONE, ALPM_EVENT_KEY_DOWNLOAD_START,
-   ALPM_EVENT_KEY_DOWNLOAD_DONE, ALPM_PROGRESS_KEYRING_START
+- flags:
+    ALPM_EVENT_OPTDEP_REQUIRED, ALPM_EVENT_DATABASE_MISSING,
+    ALPM_EVENT_KEYRING_START, ALPM_EVENT_KEYRING_DONE, ALPM_EVENT_KEY_DOWNLOAD_START,
+    ALPM_EVENT_KEY_DOWNLOAD_DONE, ALPM_PROGRESS_KEYRING_START


 API CHANGES BETWEEN 4.1 AND 4.2
@ -515,49 +527,49 @@ API CHANGES BETWEEN 4.1 AND 4.2
 [CHANGED]
 - alpm_filelist_t - removed member resolved_path
 - alpm_filelist_contains - now returns alpm_file_t
- event callback
-   - alpm_event_t renamed to alpm_event_type_t
-   - alpm_event_t union added
-   - alpm_event_cb now takes only an alpm_event_t parameter
-   - alpm_event_any_t, alpm_package_operation_t, alpm_event_package_operation_t,
-     alpm_event_optdep_removal_t, alpm_event_delta_patch_t, alpm_event_scriptlet_info_t,
-     alpm_event_database_missing_t, alpm_event_pkgdownload_t, alpm_event_pacnew_created_t,
-     alpm_event_pacsave_created_t, alpm_event_pacorig_created_t added
-   - ALPM_EVENT_*_START -> ALPM_EVENT_PACKAGE_OPERATION_START
-   - ALPM_EVENT_*_DONE -> ALPM_EVENT_PACKAGE_OPERATION_DONE
- question callback
-   - alpm_question_t renamed to alpm_question_type_t
-   - alpm_question_t union added
-   - alpm_cb_question now takes only an alpm_question_t parameter
-   - alpm_question_any_t, alpm_question_install_ignorepkg_t, alpm_question_replace_t
-     alpm_question_conflict_t, alpm_question_corrupted_t, alpm_question_remove_pkgs_t,
-     alpm_question_select_provider_t, alpm_question_import_key_t added
+- event callback:
+  - alpm_event_t renamed to alpm_event_type_t
+  - alpm_event_t union added
+  - alpm_event_cb now takes only an alpm_event_t parameter
+  - alpm_event_any_t, alpm_package_operation_t, alpm_event_package_operation_t,
+    alpm_event_optdep_removal_t, alpm_event_delta_patch_t, alpm_event_scriptlet_info_t,
+    alpm_event_database_missing_t, alpm_event_pkgdownload_t, alpm_event_pacnew_created_t,
+    alpm_event_pacsave_created_t, alpm_event_pacorig_created_t added
+  - ALPM_EVENT_*_START -> ALPM_EVENT_PACKAGE_OPERATION_START
+  - ALPM_EVENT_*_DONE -> ALPM_EVENT_PACKAGE_OPERATION_DONE
+- question callback:
+  - alpm_question_t renamed to alpm_question_type_t
+  - alpm_question_t union added
+  - alpm_cb_question now takes only an alpm_question_t parameter
+  - alpm_question_any_t, alpm_question_install_ignorepkg_t, alpm_question_replace_t
+    alpm_question_conflict_t, alpm_question_corrupted_t, alpm_question_remove_pkgs_t,
+    alpm_question_select_provider_t, alpm_question_import_key_t added

 [ADDED]
- memory management
+- memory management:
  - alpm_fileconflict_free()
  - alpm_depmissing_free()
  - alpm_conflict_free()
  - alpm_dep_free()
- database usage
+- database usage:
  - alpm_db_usage_t
  - alpm_db_set_usage()
  - alpm_db_get_usage()
- assume installed
+- assume installed:
  - alpm_option_get_assumeinstalled()
  - alpm_option_add_assumeinstalled()
  - alpm_option_set_assumeinstalled()
  - alpm_option_remove_assumeinstalled()
- using noupgrade/noextract
+- using noupgrade/noextract:
  - alpm_option_match_noupgrade()
  - alpm_option_match_noextract()
- utility functions
+- utility functions:
  - alpm_dep_from_string()
  - alpm_pkg_should_ignore()
  - alpm_decode_signature()
  - alpm_extract_keyid()
- flags
-  - ALPM_EVENT_RETRIEVE_DONE, ALPM_EVENT_RETRIEVE_FAILED, ALPM_EVENT_PKGDOWNLOAD_START,
+- flags:
+    ALPM_EVENT_RETRIEVE_DONE, ALPM_EVENT_RETRIEVE_FAILED, ALPM_EVENT_PKGDOWNLOAD_START,
    ALPM_EVENT_PKGDOWNLOAD_DONE, ALPM_EVENT_PKGDOWNLOAD_FAILED, ALPM_EVENT_OPTDEP_REMOVAL,
    ALPM_EVENT_PACNEW_CREATED, ALPM_EVENT_PACSVAE_CREATED, ALPM_EVENT_PACORIG_CREATED

@ -567,13 +579,13 @@ API CHANGES BETWEEN 4.2 AND 5.0

 [REMOVED]
 - alpm_siglevel_t - removed members ALPM_SIG_PACKAGE_SET, ALPM_SIG_PACKAGE_TRUST_SET
- removed .pacorig generation
+- removed .pacorig generation:
  - ALPM_EVENT_PACORIG_CREATED
  - alpm_event_pacorig_created_t
  - alpm_event_t.pacorig_created

 [ADDED]
- hook support
+- hook support:
  - alpm_option_get_hookdirs()
  - alpm_option_set_hookdirs()
  - alpm_option_add_hookdir()
@ -583,14 +595,14 @@ API CHANGES BETWEEN 4.2 AND 5.0
  - ALPM_EVENT_HOOK_START, ALPM_EVENT_HOOK_DONE
  - ALPM_EVENT_HOOK_RUN_START, ALPM_EVENT_HOOK_RUN_DONE
  - ALPM_ERR_TRANS_HOOK_FAILED
- different database extension support
+- different database extension support:
  - alpm_option_get_dbext()
  - alpm_option_set_dbext()
- pkgbase accessor
+- pkgbase accessor:
  - alpm_pkg_get_base()
- transaction events
+- transaction events:
  - ALPM_EVENT_TRANSACTION_START, ALPM_EVENT_TRANSACTION_DONE
- database unlocking
+- database unlocking:
  - alpm_unlock()


@ -600,7 +612,7 @@ API CHANGES BETWEEN 5.0 AND 5.1
 [CHANGED]
 - alpm_errno_t - added member ALPM_ERR_OK
 - alpm_siglevel_t - value of ALPM_SIG_USE_DEFAULT changed
- functions using bitfields return/pass an int instead of an enum
+- functions using bitfields return/pass an int instead of an enum:
  - alpm_option_get_default_siglevel()
  - alpm_option_set_default_siglevel()
  - alpm_option_get_remote_file_siglevel()
@ -617,17 +629,130 @@ API CHANGES BETWEEN 5.0 AND 5.1
  - alpm_option_set_local_file_siglevel()

 [ADDED]
- overwrite support
+- overwrite support:
  - alpm_option_get_overwrite_files()
  - alpm_option_set_overwrite_files()
  - alpm_option_add_overwrite_file()
  - alpm_option_remove_overwrite_file()
- download timeout control
+- download timeout control:
  - alpm_option_set_disable_dl_timeout()
- access make/checkdepends info
+- access make/checkdepends info:
  - alpm_pkg_get_checkdepends()
  - alpm_pkg_get_makedepends()
- check pacman capabilities
+- check pacman capabilities:
  - alpm_capabilities()
- duplicate and add to list
+- duplicate and add to list:
  - alpm_list_append_strdup()
+
+
+API CHANGES BETWEEN 5.1 AND 5.2
+===============================
+
+[REMOVED]
+- package delta support:
+  - alpm_delta_t
+  - alpm_event_delta_patch_t
+  - alpm_event_t union - removed alpm_event_delta_patch_t
+  - ALPM_EVENT_DELTA_INTEGRITY_START, ALPM_EVENT_DELTA_INTEGRITY_DONE,
+    ALPM_EVENT_DELTA_PATCHES_START, ALPM_EVENT_DELTA_PATCHES_DONE,
+    ALPM_EVENT_DELTA_PATCH_START, ALPM_EVENT_DELTA_PATCH_DONE,
+    ALPM_EVENT_DELTA_PATCH_FAILED
+  - ALPM_ERR_DLT_INVALID, ALPM_ERR_DLT_PATCHFAILED
+  - alpm_option_get_deltaratio()
+  - alpm_option_set_deltaratio()
+  - alpm_pkg_get_deltas()
+  - alpm_pkg_unused_deltas()
+- alpm_transflag_t - removed member ALPM_TRANS_FLAG_FORCE
+
+[CHANGED]
+- alpm_errno_t - added member ALPM_ERR_MISSING_CAPABILITY_SIGNATURES
+- alpm_sync_newversion() replaced with alpm_sync_get_new_version() which
+  does not filter on any ALPM_DB_USAGE_*.
+
+
+API CHANGES BETWEEN 5.2 AND 6.0
+===============================
+
+[REMOVED]
+- ALPM_EVENT_PKGDOWNLOAD_START, ALPM_EVENT_PKGDOWNLOAD_DONE, ALPM_EVENT_PKGDOWNLOAD_FAILED
+- ALPM_ERR_PKG_REPO_NOT_FOUND
+- old TotalDownload implementation:
+  - alpm_cb_totaldl
+  - alpm_option_get_totaldlcb()
+  - alpm_option_set_totaldlcb()
+
+[CHANGED]
+- alpm_db_update() now accepts a list of databases rather than a single database.
+- alpm_fetch_pkgurl() accepts a list of packages to download.
+- alpm_db_search() now has an additional parameter and returns success status
+- ALPM_EVENT_RETRIEVE_* -> ALPM_EVENT_DB_RETRIEVE_* and ALPM_EVENT_PKG_RETRIEVE_*
+- alpm_cb_download pass event and data
+- multi architecture support:
+  - alpm_option_get_arch() -> alpm_option_get_architectures()
+  - alpm_option_set_arch() -> alpm_option_set_architectures()
+- alpm_db_get_servers() copies parameter data
+
+[ADDED]
+- parallel download support:
+  - alpm_option_set_parallel_downloads()
+  - alpm_option_get_parallel_downloads()
+- file download events:
+  - alpm_download_event_type_t
+  - alpm_download_event_init_t
+  - alpm_download_event_progress_t
+  - alpm_download_event_completed_t
+- download misc:
+  - ALPM_DOWNLOAD_RETRY
+  - alpm_download_event_retry_t
+  - alpm_event_pkg_retrieve_t
+- multiarchitecture support:
+  - alpm_option_add_architecture()
+  - alpm_option_remove_architecture()
+- misc:
+  - alpm_pkg_get_sig()
+- callbacks add front-end provided context
+
+
+API CHANGES BETWEEN 6.0 AND 6.1
+===============================
+
+[REMOVED]
+- alpm_trans_t
+
+[CHANGED]
+- alpm_conflict_t - full package added as member, removing package name and name
+  hash members
+- alpm_question_import_key_t - holds key uid and fingerprint rather than alpm_pgpkey_t
+- alpm_pkgreason_t - added ALPM_PKG_REASON_UNKNOWN
+- alpm_transflag_t - added ALPM_TRANS_FLAG_NOHOOKS
+
+[ADDED]
+- extensible package data type:
+  - alpm_pkg_xdata_t
+  - alpm_pkg_get_xdata()
+- accessor functions:
+  - alpm_db_get_handle()
+  - alpm_pkg_get_handle()
+- cache server support:
+  - alpm_db_get_cache_servers()
+  - alpm_db_set_cache_servers()
+  - alpm_db_add_cache_server()
+
+
+API CHANGES BETWEEN 6.1 AND 7.0
+===============================
+
+[ADDED]
+- sandbox functions:
+  - alpm_option_get_sandboxuser()
+  - alpm_option_set_sandboxuser()
+  - alpm_option_set_disable_sandbox()
+  - alpm_sandbox_setup_child()
+
+
+API CHANGES BETWEEN 7.0 AND 7.1
+===============================
+
+[CHANGED]
+- error codes:
+    PM_ERR_TRANS_COMMITING renamed to PM_ERR_TRANS_COMMITTING
--- a/25
+++ b/25
@ -1,23 +1,34 @@
 The following checklist should be used for making a pacman release.

- Ensure "make distcheck" succeeds
+- Ensure "ninja dist" succeeds
 - Call a freeze to development.
 - Send translation updates to Transifex at least two weeks before a major
  release (see below).  At this stage, strings can only be changed for a
  major issue.
 - Update NEWS and README files
 - Pull translation updates from Transifex
- Update version in configure.ac as described in file
+- Update version in meson.build as described in file
 - Update doc/index.asciidoc
 - Create a signed git tag (git tag -s vX.Y.Z -m "commit message")
- Create and sign release tarballs (generate with "make distcheck")
- Update pacman website
+- Create and sign release tarballs (generate with "ninja dist")
+- Create release on gitlab project page
+- Upload release tarball and signature to gitlab ("glab release upload ...")
+- Create branch release/?.?.x (with ?.? replaced by major version number)
+- Update .gitlab-ci.yml to point the website pages run at release branch

 Transifex updates are handled using the transifex client. The basic process is:
- Pull updates from transifex ("tx pull -a -f --minimum-perc 75")
- Update po files ("make update-po")
- Fix all translation errors found
+- Pull updates from transifex ("tx pull -f --minimum-perc 75")
+- Update po files ("./build-aux/update-po")
+- Fix all translation errors found (e.g. using "mint-check-translations")
 - Add any new locales to the relevant LINGUAS file
 - Optional: Make any manual changes needed (e.g. fixing spacing in a string)
  and update po files again
 - Push updated po files to transifex ("tx push -s -t --skip")
+
+Point releases:
+- all bugs fixes slated for the release branch must first land on master
+  (unless no longer relevant)
+- following the initial post-release period when the release and master
+  branches may be kept in sync, commits are backported to the release branch
+  using "git cherry-pick -x"
+- translation updates should be pulled onto the release branch only
--- a/2
+++ b/2
@ -3,7 +3,7 @@ currently. Our translations are currently maintained in Transifex; please read
 doc/translation-help.txt for more details.

 Below is a list of past translators before we switched to Transifex; more can
-be found by looking in the GIT history.
+be found by looking in the Git history.

 If your language is not already in the various po/ subdirectories and you wish
 it was, set up a team in Transifex for your language and we will be happy to
--- a/autogen.sh
+++ b/autogen.sh
@ -1,6 +0,0 @@
-#!/bin/sh -x
-
-autoreconf -i
-patch -d build-aux -Np0 -i ltmain-asneeded.patch
-
-exit 0
--- a/build-aux/cat-test-file
+++ b/build-aux/cat-test-file
@ -0,0 +1,11 @@
+#!/usr/bin/python3
+
+import sys
+
+for path in sys.argv[1:]:
+    print('# -----------------------------------')
+    print('# ' + path + ':')
+    print('# -----------------------------------')
+    with open(path, 'r') as f:
+        for line in f:
+            print('# ' + line, end='')
--- a/build-aux/edit-script.sh.in
+++ b/build-aux/edit-script.sh.in
@ -4,13 +4,14 @@ input=$1
 output=$2
 mode=$3

-"@SED@" \
+sed \
  -e "s|@rootdir[@]|@ROOTDIR@|g" \
  -e "s|@localedir[@]|@LOCALEDIR@|g" \
  -e "s|@sysconfdir[@]|@sysconfdir@|g" \
  -e "s|@localstatedir[@]|@localstatedir@|g" \
  -e "s|@libmakepkgdir[@]|@LIBMAKEPKGDIR@|g" \
  -e "s|@pkgdatadir[@]|@PKGDATADIR@|g" \
+  -e "s|@keyringdir[@]|@KEYRINGDIR@|g" \
  -e "s|@prefix[@]|@PREFIX@|g" \
  -e "1s|#!/bin/bash|#!@BASH@|g" \
  -e "s|@PACKAGE_VERSION[@]|@PACKAGE_VERSION@|g" \
@ -19,13 +20,8 @@ mode=$3
  -e "s|@TEMPLATE_DIR[@]|@TEMPLATE_DIR@|g" \
  -e "s|@DEBUGSUFFIX[@]|@DEBUGSUFFIX@|g" \
  -e "s|@INODECMD[@]|@INODECMD@|g" \
-  -e "s|@OWNERCMD[@]|@OWNERCMD@|g" \
-  -e "s|@MODECMD[@]|@MODECMD@|g" \
-  -e "s|@SEDINPLACEFLAGS[@]|@SEDINPLACEFLAGS@|g" \
-  -e "s|@SEDPATH[@]|@SEDPATH@|g" \
-  -e "s|@DUFLAGS[@]|@DUFLAGS@|g" \
-  -e "s|@DUPATH[@]|@DUPATH@|g" \
-  -e "s|@configure_input[@]|Generated from ${input##*/}; do not edit by hand.|g" \
+  -e "s|@FILECMD[@]|@FILECMD@|g" \
+  -e "s|@BSDTAR_NO_READ_SPARSE[@]|@BSDTAR_NO_READ_SPARSE@|g" \
  "$input" >"$output"

 if [[ $mode ]]; then
--- a/build-aux/ltmain-asneeded.patch
+++ b/build-aux/ltmain-asneeded.patch
@ -1,33 +0,0 @@
--- ltmain.sh.orig	2013-06-26 14:31:53.472627840 +1000
-+++ ltmain.sh	2013-06-26 14:30:56.137038936 +1000
-@@ -5800,6 +5800,14 @@
- 	arg=$func_stripname_result
- 	;;
- 
-+      -Wl,*--as-needed*)
-+	deplibs="$deplibs $wl--as-needed"
-+	;;
-+
-+      -Wl,*--no-as-needed*)
-+	deplibs="$deplibs $wl--no-as-needed"
-+	;;
-+
-       -Wl,*)
- 	func_stripname '-Wl,' '' "$arg"
- 	args=$func_stripname_result
-@@ -6160,6 +6168,15 @@
- 	lib=
- 	found=no
- 	case $deplib in
-+	-Wl,--as-needed|-Wl,--no-as-needed)
-+	  if test "$linkmode,$pass" = "prog,link"; then
-+	    compile_deplibs="$deplib $compile_deplibs"
-+	    finalize_deplibs="$deplib $finalize_deplibs"
-+	  else
-+	    deplibs="$deplib $deplibs"
-+	  fi
-+	  continue
-+	  ;;
- 	-mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe \
-         |-threads|-fopenmp|-openmp|-mp|-xopenmp|-omp|-qsmp=*)
- 	  if test "$linkmode,$pass" = "prog,link"; then
--- a/build-aux/meson-install-script.sh
+++ b/build-aux/meson-install-script.sh
@ -1,6 +0,0 @@
-#!/bin/sh
-
-built_script=$1
-dest_path=$2
-
-install -Dm755 "$built_script" "$DESTDIR/$dest_path"
--- a/build-aux/meson-make-symlink.sh
+++ b/build-aux/meson-make-symlink.sh
@ -5,8 +5,6 @@ set -eu
 # and we need to create the target directory...

 mkdir -vp "$(dirname "${DESTDIR:-}$2")"
-if [ "$(dirname $1)" = . ]; then
-        ln -vfs -T "$1" "${DESTDIR:-}$2"
-else
-        ln -vfs -T --relative "${DESTDIR:-}$1" "${DESTDIR:-}$2"
-fi
+
+rm -f "${DESTDIR:-}$2"
+ln -vs "$1" "${DESTDIR:-}$2"
--- a/build-aux/print-failed-test-output
+++ b/build-aux/print-failed-test-output
@ -0,0 +1,17 @@
+#!/usr/bin/python
+
+import json
+import sys
+
+def print_result(result):
+    print('==================================================================')
+    print(result['name'])
+    print(' '.join(result['command']))
+    print('==================================================================')
+    print(result['stdout'])
+
+with open(sys.argv[1], 'r') as f:
+    for line in f:
+        result = json.loads(line)
+        if result['result'] == 'FAIL':
+            print_result(result)
--- a/build-aux/script-wrapper.sh.in
+++ b/build-aux/script-wrapper.sh.in
@ -3,4 +3,4 @@
 # This script serves as a trampoline for running scripts which depend on
 # libmakepkg with the libmakepkg within the build tree.

-LIBRARY=@BUILDDIR@/libmakepkg exec @BASH@ -$- @REAL_PROGPATH@ "$@"
+MAKEPKG_LIBRARY=@BUILDDIR@/libmakepkg exec @BASH@ -$- @REAL_PROGPATH@ "$@"
--- a/build-aux/tap-driver.py
+++ b/build-aux/tap-driver.py
@ -1,296 +0,0 @@
-#!/usr/bin/env python3
-# Adapted from tappy copyright (c) 2016, Matt Layman
-# MIT license
-# https://github.com/python-tap/tappy
-
-import io
-import re
-import subprocess
-import sys
-
-
-class Directive(object):
-    """A representation of a result line directive."""
-
-    skip_pattern = re.compile(
-        r"""^SKIP\S*
-            (?P<whitespace>\s*) # Optional whitespace.
-            (?P<reason>.*)      # Slurp up the rest.""",
-        re.IGNORECASE | re.VERBOSE)
-    todo_pattern = re.compile(
-        r"""^TODO\b             # The directive name
-            (?P<whitespace>\s*) # Immediately following must be whitespace.
-            (?P<reason>.*)      # Slurp up the rest.""",
-        re.IGNORECASE | re.VERBOSE)
-
-    def __init__(self, text):
-        """Initialize the directive by parsing the text.
-        The text is assumed to be everything after a '#\s*' on a result line.
-        """
-        self._text = text
-        self._skip = False
-        self._todo = False
-        self._reason = None
-
-        match = self.skip_pattern.match(text)
-        if match:
-            self._skip = True
-            self._reason = match.group('reason')
-
-        match = self.todo_pattern.match(text)
-        if match:
-            if match.group('whitespace'):
-                self._todo = True
-            else:
-                # Catch the case where the directive has no descriptive text.
-                if match.group('reason') == '':
-                    self._todo = True
-            self._reason = match.group('reason')
-
-    @property
-    def text(self):
-        """Get the entire text."""
-        return self._text
-
-    @property
-    def skip(self):
-        """Check if the directive is a SKIP type."""
-        return self._skip
-
-    @property
-    def todo(self):
-        """Check if the directive is a TODO type."""
-        return self._todo
-
-    @property
-    def reason(self):
-        """Get the reason for the directive."""
-        return self._reason
-
-
-class Parser(object):
-    """A parser for TAP files and lines."""
-
-    # ok and not ok share most of the same characteristics.
-    result_base = r"""
-        \s*                    # Optional whitespace.
-        (?P<number>\d*)        # Optional test number.
-        \s*                    # Optional whitespace.
-        (?P<description>[^#]*) # Optional description before #.
-        \#?                    # Optional directive marker.
-        \s*                    # Optional whitespace.
-        (?P<directive>.*)      # Optional directive text.
-    """
-    ok = re.compile(r'^ok' + result_base, re.VERBOSE)
-    not_ok = re.compile(r'^not\ ok' + result_base, re.VERBOSE)
-    plan = re.compile(r"""
-        ^1..(?P<expected>\d+) # Match the plan details.
-        [^#]*                 # Consume any non-hash character to confirm only
-                              # directives appear with the plan details.
-        \#?                   # Optional directive marker.
-        \s*                   # Optional whitespace.
-        (?P<directive>.*)     # Optional directive text.
-    """, re.VERBOSE)
-    diagnostic = re.compile(r'^#')
-    bail = re.compile(r"""
-        ^Bail\ out!
-        \s*            # Optional whitespace.
-        (?P<reason>.*) # Optional reason.
-    """, re.VERBOSE)
-    version = re.compile(r'^TAP version (?P<version>\d+)$')
-
-    TAP_MINIMUM_DECLARED_VERSION = 13
-
-    def parse(self, fh):
-        """Generate tap.line.Line objects, given a file-like object `fh`.
-        `fh` may be any object that implements both the iterator and
-        context management protocol (i.e. it can be used in both a
-        "with" statement and a "for...in" statement.)
-        Trailing whitespace and newline characters will be automatically
-        stripped from the input lines.
-        """
-        with fh:
-            for line in fh:
-                yield self.parse_line(line.rstrip())
-
-    def parse_line(self, text):
-        """Parse a line into whatever TAP category it belongs."""
-        match = self.ok.match(text)
-        if match:
-            return self._parse_result(True, match)
-
-        match = self.not_ok.match(text)
-        if match:
-            return self._parse_result(False, match)
-
-        if self.diagnostic.match(text):
-            return ('diagnostic', text)
-
-        match = self.plan.match(text)
-        if match:
-            return self._parse_plan(match)
-
-        match = self.bail.match(text)
-        if match:
-            return ('bail', match.group('reason'))
-
-        match = self.version.match(text)
-        if match:
-            return self._parse_version(match)
-
-        return ('unknown',)
-
-    def _parse_plan(self, match):
-        """Parse a matching plan line."""
-        expected_tests = int(match.group('expected'))
-        directive = Directive(match.group('directive'))
-
-        # Only SKIP directives are allowed in the plan.
-        if directive.text and not directive.skip:
-            return ('unknown',)
-
-        return ('plan', expected_tests, directive)
-
-    def _parse_result(self, ok, match):
-        """Parse a matching result line into a result instance."""
-        return ('result', ok, match.group('number'),
-            match.group('description').strip(),
-            Directive(match.group('directive')))
-
-    def _parse_version(self, match):
-        version = int(match.group('version'))
-        if version < self.TAP_MINIMUM_DECLARED_VERSION:
-            raise ValueError('It is an error to explicitly specify '
-                             'any version lower than 13.')
-        return ('version', version)
-
-
-class Rules(object):
-
-    def __init__(self):
-        self._lines_seen = {'plan': [], 'test': 0, 'failed': 0, 'version': []}
-        self._errors = []
-
-    def check(self, final_line_count):
-        """Check the status of all provided data and update the suite."""
-        if self._lines_seen['version']:
-            self._process_version_lines()
-        self._process_plan_lines(final_line_count)
-
-    def check_errors(self):
-        if self._lines_seen['failed'] > 0:
-            self._add_error('Tests failed.')
-        if self._errors:
-            for error in self._errors:
-                print(error)
-            return 1
-        return 0
-
-    def _process_version_lines(self):
-        """Process version line rules."""
-        if len(self._lines_seen['version']) > 1:
-            self._add_error('Multiple version lines appeared.')
-        elif self._lines_seen['version'][0] != 1:
-            self._add_error('The version must be on the first line.')
-
-    def _process_plan_lines(self, final_line_count):
-        """Process plan line rules."""
-        if not self._lines_seen['plan']:
-            self._add_error('Missing a plan.')
-            return
-
-        if len(self._lines_seen['plan']) > 1:
-            self._add_error('Only one plan line is permitted per file.')
-            return
-
-        expected_tests, at_line = self._lines_seen['plan'][0]
-        if not self._plan_on_valid_line(at_line, final_line_count):
-            self._add_error(
-                'A plan must appear at the beginning or end of the file.')
-            return
-
-        if expected_tests != self._lines_seen['test']:
-            self._add_error(
-                'Expected {expected_count} tests '
-                'but only {seen_count} ran.'.format(
-                    expected_count=expected_tests,
-                    seen_count=self._lines_seen['test']))
-
-    def _plan_on_valid_line(self, at_line, final_line_count):
-        """Check if a plan is on a valid line."""
-        # Put the common cases first.
-        if at_line == 1 or at_line == final_line_count:
-            return True
-
-        # The plan may only appear on line 2 if the version is at line 1.
-        after_version = (
-            self._lines_seen['version'] and
-            self._lines_seen['version'][0] == 1 and
-            at_line == 2)
-        if after_version:
-            return True
-
-        return False
-
-    def handle_bail(self, reason):
-        """Handle a bail line."""
-        self._add_error('Bailed: {reason}').format(reason=reason)
-
-    def handle_skipping_plan(self):
-        """Handle a plan that contains a SKIP directive."""
-        sys.exit(77)
-
-    def saw_plan(self, expected_tests, at_line):
-        """Record when a plan line was seen."""
-        self._lines_seen['plan'].append((expected_tests, at_line))
-
-    def saw_test(self, ok):
-        """Record when a test line was seen."""
-        self._lines_seen['test'] += 1
-        if not ok:
-            self._lines_seen['failed'] += 1
-
-    def saw_version_at(self, line_counter):
-        """Record when a version line was seen."""
-        self._lines_seen['version'].append(line_counter)
-
-    def _add_error(self, message):
-        self._errors += [message]
-
-
-if __name__ == '__main__':
-    parser = Parser()
-    rules = Rules()
-
-    try:
-        out = subprocess.check_output(sys.argv[1:], universal_newlines=True)
-    except subprocess.CalledProcessError as e:
-        sys.stdout.write(e.output)
-        raise e
-
-    line_generator = parser.parse(io.StringIO(out))
-    line_counter = 0
-    for line in line_generator:
-        line_counter += 1
-
-        if line[0] == 'unknown':
-            continue
-
-        if line[0] == 'result':
-            rules.saw_test(line[1])
-            print('{okay} {num} {description} {directive}'.format(
-                okay=('' if line[1] else 'not ') + 'ok', num=line[2],
-                description=line[3], directive=line[4].text))
-        elif line[0] == 'plan':
-            if line[2].skip:
-                rules.handle_skipping_plan()
-            rules.saw_plan(line[1], line_counter)
-        elif line[0] == 'bail':
-            rules.handle_bail(line[1])
-        elif line[0] == 'version':
-            rules.saw_version_at(line_counter)
-        elif line[0] == 'diagnostic':
-            print(line[1])
-
-    rules.check(line_counter)
-    sys.exit(rules.check_errors())
--- a/build-aux/update-copyright
+++ b/build-aux/update-copyright
@ -0,0 +1,8 @@
+#! /bin/sh
+
+OLD=$1
+NEW=$2
+
+for file in $(git grep -l "Copyright .* Pacman Development" | grep -v "\.po"); do \
+	sed -i -e "/Copyright (/s/-${OLD}/-${NEW}/" -e "/Copyright (/s/ ${OLD}/ ${OLD}-${NEW}/" "$file"
+done
--- a/build-aux/update-po
+++ b/build-aux/update-po
@ -1,7 +1,7 @@
 #!/bin/bash

 find_build_directory() {
-  local build_dirs=(*/.ninja_log)
+  local build_dirs=(*/build.ninja)

  if [[ ! -e ${build_dirs[0]} ]]; then
    echo "error: No build directory found. Have you run 'meson build' yet?" >&2
--- a/configure.ac
+++ b/configure.ac
@ -1,599 +0,0 @@
-#                                               -*- Autoconf -*-
-# Process this file with autoconf to produce a configure script.
-# Minimum version of autoconf required
-AC_PREREQ(2.64)
-
-# UPDATING VERSION NUMBERS FOR RELEASES
-#
-# libalpm:
-# current
-#   The most recent interface number that this library implements.
-# revision
-#   The implementation number of the current interface.
-# age
-#   The difference between the newest and oldest interfaces that this library
-#   implements. In other words, the library implements all the interface
-#   numbers in the range from number current - age to current.
-#
-# 1. Start with version information of `0:0:0' for each libtool library.
-# 2. Update the version information only immediately before a public release of
-#    your software. More frequent updates are unnecessary, and only guarantee
-#    that the current interface number gets larger faster.
-# 3. If the library source code has changed at all since the last update, then
-#    increment revision (`c:r:a' becomes `c:r+1:a').
-# 4. If any interfaces have been added, removed, or changed since the last
-#    update, increment current, and set revision to 0.
-# 5. If any interfaces have been added since the last public release, then
-#    increment age.
-# 6. If any interfaces have been removed since the last public release, then
-#    set age to 0.
-#
-# pacman:
-#   Extreme huge major changes:
-#     pacman_version_major += 1
-#     pacman_version_minor = 0
-#     pacman_version_micro = 0
-#
-#   Real releases:
-#     pacman_version_minor += 1
-#     pacman_version_micro = 0
-#
-#   Bugfix releases:
-#     pacman_version_micro += 1
-
-m4_define([lib_current], [11])
-m4_define([lib_revision], [1])
-m4_define([lib_age], [0])
-
-m4_define([pacman_version_major], [5])
-m4_define([pacman_version_minor], [1])
-m4_define([pacman_version_micro], [1])
-m4_define([pacman_version],
-          [pacman_version_major.pacman_version_minor.pacman_version_micro])
-
-# Autoconf initialization
-AC_INIT([pacman], [pacman_version], [pacman-dev@archlinux.org])
-AC_CONFIG_SRCDIR([config.h.in])
-AC_CONFIG_HEADERS([config.h])
-AC_CONFIG_MACRO_DIR([m4])
-AC_CONFIG_AUX_DIR([build-aux])
-AC_REQUIRE_AUX_FILE([tap-driver.sh])
-
-AC_CANONICAL_HOST
-AM_INIT_AUTOMAKE([1.11 foreign])
-AM_SILENT_RULES([yes])
-
-LT_INIT
-LIB_VERSION=`expr lib_current - lib_age`.lib_age.lib_revision
-LIB_VERSION_INFO="lib_current:lib_revision:lib_age"
-
-# Respect empty CFLAGS during compiler tests
-if test "x$CFLAGS" = "x"; then
-  CFLAGS=""
-fi
-
-# Set substitution values for version stuff in Makefiles and anywhere else,
-# and put LIB_VERSION in config.h
-AC_SUBST(LIB_VERSION)
-AC_SUBST(LIB_VERSION_INFO)
-AC_DEFINE_UNQUOTED([LIB_VERSION], ["$LIB_VERSION"], [libalpm version number])
-
-# Help line for root directory
-AC_ARG_WITH(root-dir,
-	AS_HELP_STRING([--with-root-dir=path], [set the location of the root operating directory]),
-	[ROOTDIR=$withval], [ROOTDIR=/])
-
-# Help line for package extension
-AC_ARG_WITH(pkg-ext,
-	AS_HELP_STRING([--with-pkg-ext=ext], [set the file extension used by packages]),
-	[PKGEXT=$withval], [PKGEXT=.pkg.tar.gz])
-
-# Help line for source package directory
-AC_ARG_WITH(src-ext,
-	AS_HELP_STRING([--with-src-ext=ext], [set the file extension used by source packages]),
-	[SRCEXT=$withval], [SRCEXT=.src.tar.gz])
-
-# Help line for buildscript filename
-AC_ARG_WITH(buildscript,
-	AS_HELP_STRING([--with-buildscript=name], [set the build script name used by makepkg]),
-	[BUILDSCRIPT=$withval], [BUILDSCRIPT=PKGBUILD])
-
-# Help line for buildscript filename
-AC_ARG_WITH(makepkg-template-dir,
-	AS_HELP_STRING([--with-makepkg-template-dir=name], [set the template dir used by makepkg-template]),
-	[TEMPLATE_DIR=$withval], [TEMPLATE_DIR=${datarootdir}/makepkg-template])
-
-# Help line for debug package suffix
-AC_ARG_WITH(debug-suffix,
-	AS_HELP_STRING([--with-debug-suffix=name], [set the suffix for split debugging symbol packages used by makepkg]),
-	[DEBUGSUFFIX=$withval], [DEBUGSUFFIX=debug])
-
-# Help line for changing shell used to run install scriptlets
-AC_ARG_WITH(scriptlet-shell,
-	AS_HELP_STRING([--with-scriptlet-shell=shell],
-		[set the full path to the shell used to run install scriptlets]),
-	[SCRIPTLET_SHELL=$withval], [SCRIPTLET_SHELL=/bin/sh])
-
-# Help line for ldconfig path
-AC_ARG_WITH(ldconfig,
-	AS_HELP_STRING([--with-ldconfig=path],
-		[set the full path to ldconfig]),
-	[LDCONFIG=$withval], [LDCONFIG=/sbin/ldconfig])
-
-# Help line for selecting a crypto library
-AC_ARG_WITH(crypto,
-	AS_HELP_STRING([--with-crypto={openssl|nettle}],
-		[select crypto implementation @<:@default=openssl@:>@]),
-	[with_crypto=$withval], [with_crypto=openssl])
-
-# Help line for using gpgme
-AC_ARG_WITH(gpgme,
-	AS_HELP_STRING([--with-gpgme], [use GPGME for PGP signature verification]),
-	[], [with_gpgme=check])
-
-# Help line for using libcurl
-AC_ARG_WITH(libcurl,
-	AS_HELP_STRING([--with-libcurl], [use libcurl for the internal downloader]),
-	[], [with_libcurl=check])
-
-# Help line for documentation
-AC_ARG_ENABLE(doc,
-	AS_HELP_STRING([--disable-doc], [prevent make from looking at doc/ dir]),
-	[wantdoc=$enableval], [wantdoc=yes])
-
-# Help line for doxygen
-AC_ARG_ENABLE(doxygen,
-	AS_HELP_STRING([--enable-doxygen], [build your own API docs via Doxygen]),
-	[wantdoxygen=$enableval], [wantdoxygen=no])
-
-# Help line for debug
-AC_ARG_ENABLE(debug,
-	AS_HELP_STRING([--enable-debug], [enable debugging support]),
-	[debug=$enableval], [debug=no])
-
-# Help line for compiler warning flags
-AC_ARG_ENABLE(warningflags,
-	AS_HELP_STRING([--enable-warningflags], [enable extra compiler warning flags]),
-	[warningflags=$enableval], [warningflags=no])
-
-# Help line for using git version in pacman version string
-AC_ARG_ENABLE(git-version,
-	AS_HELP_STRING([--enable-git-version],
-		[enable use of git version in version string if available]),
-	[wantgitver=$enableval], [wantgitver=no])
-
-# Enable large file support if available (must be enabled before
-# testing compilation against gpgme).
-AC_SYS_LARGEFILE
-
-# Record large file flags in pkgconfig file
-if test "$enable_largefile" != no; then
-	if test "$ac_cv_sys_file_offset_bits" != 'no'; then
-		LFS_CFLAGS="-D_FILE_OFFSET_BITS=$ac_cv_sys_file_offset_bits"
-	fi
-fi
-AC_SUBST(LFS_CFLAGS)
-
-
-# Checks for programs.
-AC_PROG_AWK
-AC_PROG_CC_C99
-AC_PROG_INSTALL
-AC_CHECK_PROGS([PYTHON], [python3 python], [false])
-AC_PATH_PROGS([BASH_SHELL], [bash bash4], [false])
-
-# check for perl 5.10.1 (needed by makepkg-template)
-AC_PATH_PROG([PERL],[perl])
-AC_DEFUN([AX_PROG_PERL_VERSION],
-	[AC_CACHE_CHECK([for Perl version $1 or later], [ax_cv_prog_perl_version],
-		[AS_IF(["$PERL" -e 'require v$1;' >/dev/null 2>&1],
-			[ax_cv_prog_perl_version=yes],
-			[ax_cv_prog_perl_version=no])])
-	AS_IF([test x"$ax_cv_prog_perl_version" = xyes], [$2], [$3])])
-AX_PROG_PERL_VERSION([5.10.1], [], [AC_MSG_ERROR([perl is too old])])
-
-AS_IF([test "x$BASH_SHELL" = "xfalse"],
-	AC_MSG_WARN([*** bash >= 4.4.0 is required for pacman scripts]),
-	[bash_version_major=`$BASH_SHELL -c 'echo "${BASH_VERSINFO[[0]]}"'`
-	bash_version_minor=`$BASH_SHELL -c 'echo "${BASH_VERSINFO[[1]]}"'`
-	ok=yes
-	if test "$bash_version_major" -lt 4; then
-		ok=no
-	fi
-	if test "$bash_version_major" -eq 4 && test "$bash_version_minor" -lt 4; then
-		ok=no
-	fi
-	if test "$ok" = "no"; then
-		AC_MSG_ERROR([*** bash >= 4.4.0 is required for pacman scripts])
-	fi
-	unset bash_version_major bash_version_minor ok])
-
-# find installed gettext
-AM_GNU_GETTEXT([external], [need-ngettext])
-AM_GNU_GETTEXT_VERSION(0.13.1)
-
-AC_CHECK_LIB([m], [fabs], ,
-	AC_MSG_ERROR([libm is needed to compile pacman!]))
-
-PKG_CHECK_VAR(bashcompdir, [bash-completion], [completionsdir], ,
-	bashcompdir="${datarootdir}/bash-completion/completions")
-
-# Check for libarchive
-PKG_CHECK_MODULES(LIBARCHIVE, [libarchive >= 3.0.0], ,
-	AC_MSG_ERROR([*** libarchive >= 3.0.0 is needed to compile pacman!]))
-
-# Check for OpenSSL
-have_openssl=no
-have_nettle=no
-if test "x$with_crypto" = "xnettle"; then
-	AC_SUBST(pc_crypto, [nettle])
-	PKG_CHECK_MODULES(NETTLE, [nettle],
-		[AC_DEFINE(HAVE_LIBNETTLE, 1, [Define whether to use nettle]) have_nettle=yes], have_nettle=no)
-	if test "x$have_nettle" = xno -a "x$with_crypto" = xnettle; then
-		AC_MSG_ERROR([*** nettle support requested but libraries not found])
-	fi
-else if test "x$with_crypto" = "xopenssl"; then
-	AC_SUBST(pc_crypto, [libcrypto])
-	PKG_CHECK_MODULES(LIBSSL, [libcrypto],
-		[AC_DEFINE(HAVE_LIBSSL, 1, [Define if libcrypto is available]) have_openssl=yes], have_openssl=no)
-	if test "x$have_openssl" = xno; then
-		AC_MSG_ERROR([*** openssl support requested but libraries not found])
-	fi
-else
-	AC_MSG_ERROR([*** unknown crypto support library requested - $with_crypto])
-fi
-fi
-AM_CONDITIONAL(HAVE_LIBSSL, [test "$have_openssl" = "yes"])
-AM_CONDITIONAL(HAVE_LIBNETTLE, [test "$have_nettle" = "yes"])
-
-# Check for libcurl
-have_libcurl=no
-if test "x$with_libcurl" != "xno"; then
-	PKG_CHECK_MODULES(LIBCURL, [libcurl >= 7.32.0],
-		[AC_DEFINE(HAVE_LIBCURL, 1, [Define if libcurl is available]) have_libcurl=yes], have_libcurl=no)
-	if test "x$have_libcurl" = xno -a "x$with_libcurl" = xyes; then
-		AC_MSG_ERROR([*** libcurl >= 7.32.0 is required for internal downloader support])
-	fi
-fi
-AM_CONDITIONAL(HAVE_LIBCURL, [test "$have_libcurl" = "yes"])
-# used to generate libalpm.pc
-if test "x$have_libcurl" = xyes; then
-	AC_SUBST(pc_libcurl, [libcurl])
-fi
-
-# Check for gpgme
-AC_MSG_CHECKING(whether to link with libgpgme)
-AS_IF([test "x$with_gpgme" != "xno"],
-	[AC_MSG_RESULT([yes])],
-	[AC_MSG_RESULT([no])])
-
-have_gpgme=no
-AS_IF([test "x$with_gpgme" != "xno"],
-	[AM_PATH_GPGME([1.3.0],
-		[LIBS_save="$LIBS"
-		CPPFLAGS_save="$CPPFLAGS"
-		CFLAGS_save="$CFLAGS"
-
-		LIBS="$LIBS $GPGME_LIBS"
-		CPPFLAGS="$CPPFLAGS $GPGME_CPPFLAGS"
-		CFLAGS="$CFLAGS $GPGME_CFLAGS"
-
-		AC_MSG_CHECKING([for sane gpgme])
-		AC_LINK_IFELSE(
-			[AC_LANG_PROGRAM(
-				[[#include <gpgme.h>]],
-				[[return gpgme_check_version("1.3.0");]])],
-			[AC_MSG_RESULT([yes])
-			have_gpgme=yes
-			AC_DEFINE([HAVE_LIBGPGME], [1], [Define if gpgme should be used to provide GPG signature support.])],
-			[AC_MSG_RESULT([no])
-			have_gpgme=no
-			unset GPGME_LIBS
-			unset GPGME_CFLAGS]
-			AS_IF([test "x$with_gpgme" = "xyes"],
-				[AC_MSG_FAILURE([*** gpgme >= 1.3.0 is needed for GPG signature support])])
-			)
-
-		LIBS="$LIBS_save"
-		CPPFLAGS="$CPPFLAGS_save"
-		CFLAGS="$CFLAGS_save"
-		unset CPPFLAGS_save
-		unset CFLAGS_save],)])
-
-AS_IF([test "x$have_gpgme" = xno -a "x$with_gpgme" = xyes],
-	[AC_MSG_FAILURE([--with-gpgme was given, but gpgme was not found])])
-AM_CONDITIONAL([HAVE_LIBGPGME], [test "x$have_gpgme" = "xyes"])
-
-# Checks for header files.
-AC_CHECK_HEADERS([fcntl.h float.h glob.h langinfo.h libintl.h limits.h \
-                  locale.h mntent.h netinet/in.h netinet/tcp.h \
-                  stddef.h string.h sys/ioctl.h \
-                  sys/mnttab.h sys/mount.h \
-                  sys/param.h sys/statvfs.h sys/time.h sys/types.h \
-                  sys/ucred.h syslog.h termios.h wchar.h])
-
-# Checks for typedefs, structures, and compiler characteristics.
-AC_C_INLINE
-AC_TYPE_INT64_T
-AC_TYPE_MODE_T
-AC_TYPE_OFF_T
-AC_TYPE_PID_T
-AC_TYPE_SIZE_T
-AC_TYPE_SSIZE_T
-AC_STRUCT_TM
-AC_TYPE_UID_T
-AC_STRUCT_DIRENT_D_TYPE
-PATH_MAX_DEFINED
-
-# Checks for library functions.
-AC_FUNC_FORK
-AC_FUNC_GETMNTENT
-AC_FUNC_LSTAT_FOLLOWS_SLASHED_SYMLINK
-AC_CHECK_FUNCS([dup2 getcwd getmntinfo gettimeofday memmove memset \
-                mkdir realpath regcomp rmdir setenv setlocale strcasecmp \
-                strchr strcspn strdup strerror strndup strnlen strrchr \
-                strsep strstr strtol swprintf tcflush wcwidth uname])
-AC_CHECK_MEMBERS([struct stat.st_blksize],,,[[#include <sys/stat.h>]])
-
-# For the diskspace code
-FS_STATS_TYPE
-AC_CHECK_MEMBERS([struct statvfs.f_flag],,,[[#include <sys/statvfs.h>]])
-AC_CHECK_MEMBERS([struct statfs.f_flags],,,[[#include <sys/param.h>
-                  #include <sys/mount.h>]])
-
-# Check if we can use symbol visibility support in GCC
-GCC_VISIBILITY_CC
-
-# Host-dependant definitions
-DEFAULT_DUFLAGS=" -sk --apparent-size"
-DEFAULT_SEDINPLACEFLAGS=" --follow-symlinks -i"
-INODECMD="stat -c '%i %n'"
-OWNERCMD="stat -c '%u:%g'"
-MODECMD="stat -c '%a'"
-STRIP_BINARIES="--strip-all"
-STRIP_SHARED="--strip-unneeded"
-STRIP_STATIC="--strip-debug"
-case "${host_os}" in
-	*bsd*)
-		INODECMD="stat -f '%i %N'"
-		OWNERCMD="stat -f '%u:%g'"
-		MODECMD="stat -f '%Lp'"
-		DEFAULT_SEDINPLACEFLAGS=" -i \"\""
-		DEFAULT_DUFLAGS=" -sk"
-		;;
-	darwin*)
-		host_os_darwin=yes
-		INODECMD="/usr/bin/stat -f '%i %N'"
-		OWNERCMD="/usr/bin/stat -f '%u:%g'"
-		MODECMD="/usr/bin/stat -f '%Lp'"
-		DEFAULT_SEDINPLACEFLAGS=" -i ''"
-		DEFAULT_DUFLAGS=" -sk"
-		STRIP_BINARIES=""
-		STRIP_SHARED="-S"
-		STRIP_STATIC="-S"
-		;;
-esac
-AM_CONDITIONAL([DARWIN], test "x$host_os_darwin" = "xyes")
-AC_PATH_PROGS([DUPATH], [du], [du], [/usr/bin$PATH_SEPARATOR/bin] )
-AC_PATH_PROGS([SEDPATH], [sed], [sed], [/usr/bin$PATH_SEPARATOR/bin] )
-AC_SUBST(INODECMD)
-AC_SUBST(OWNERCMD)
-AC_SUBST(MODECMD)
-AC_SUBST(STRIP_BINARIES)
-AC_SUBST(STRIP_SHARED)
-AC_SUBST(STRIP_STATIC)
-
-# Flags for du
-if test "${DUFLAGS+set}" != "set"; then
-    DUFLAGS="${DEFAULT_DUFLAGS}"
-fi
-AC_ARG_VAR(DUFLAGS, [flags for du, overriding the default])
-
-# Flags for sed in place
-if test "${SEDINPLACEFLAGS+set}" != "set"; then
-    SEDINPLACEFLAGS="${DEFAULT_SEDINPLACEFLAGS}"
-fi
-AC_ARG_VAR(SEDINPLACEFLAGS, [flags for sed, overriding the default])
-
-# Variables plugged into makepkg.conf
-CARCH="${host%%-*}"
-CHOST="${host}"
-AC_SUBST(CARCH)
-AC_SUBST(CHOST)
-
-# Check for documentation support and status
-AC_CHECK_PROGS([ASCIIDOC], [asciidoc])
-AC_MSG_CHECKING([for building documentation])
-if test "x$wantdoc" = "xyes" ; then
-	if test $ASCIIDOC ; then
-		AC_MSG_RESULT([yes, enabled by configure])
-	else
-		asciidoc="(warning : asciidoc not installed)"
-		AC_MSG_RESULT([yes $asciidoc])
-	fi
-	wantdoc=yes
-else
-	AC_MSG_RESULT([no, disabled by configure])
-	wantdoc=no
-fi
-AM_CONDITIONAL(WANT_DOC, test "x$wantdoc" = "xyes")
-
-# Check for doxygen support and status
-AC_CHECK_PROGS([DOXYGEN], [doxygen])
-AC_MSG_CHECKING([for doxygen])
-if test "x$wantdoxygen" = "xyes" ; then
-	if test $DOXYGEN ; then
-		AC_MSG_RESULT([yes])
-		usedoxygen=yes
-	else
-		AC_MSG_RESULT([no, doxygen missing])
-		usedoxygen=no
-	fi
-else
-	AC_MSG_RESULT([no, disabled by configure])
-	usedoxygen=no
-fi
-AM_CONDITIONAL(USE_DOXYGEN, test "x$usedoxygen" = "xyes")
-
-# Enable or disable debug code
-AC_MSG_CHECKING(for debug mode request)
-if test "x$debug" = "xyes" ; then
-	AC_MSG_RESULT(yes)
-	AC_DEFINE([PACMAN_DEBUG], , [Enable debug code])
-	# Check for -fstack-protector availability
-	GCC_STACK_PROTECT_LIB
-	GCC_STACK_PROTECT_CC
-	GCC_STACK_CLASH_PROTECTION
-	GCC_FORTIFY_SOURCE_CC
-	WARNING_CFLAGS="-g -Wall -Werror"
-else
-	AC_MSG_RESULT(no)
-	WARNING_CFLAGS="-Wall"
-fi
-
-# Enable or disable compiler warning flags
-AC_MSG_CHECKING(for excessive compiler warning flags)
-if test "x$warningflags" = "xyes" ; then
-	AC_MSG_RESULT(yes)
-	CFLAGS_ADD([-Wcast-align], [WARNING_CFLAGS])
-	CFLAGS_ADD([-Wclobbered], [WARNING_CFLAGS])
-	CFLAGS_ADD([-Wempty-body], [WARNING_CFLAGS])
-	CFLAGS_ADD([-Wfloat-equal], [WARNING_CFLAGS])
-	CFLAGS_ADD([-Wformat-nonliteral], [WARNING_CFLAGS])
-	CFLAGS_ADD([-Wformat-security], [WARNING_CFLAGS])
-	CFLAGS_ADD([-Wignored-qualifiers], [WARNING_CFLAGS])
-	CFLAGS_ADD([-Wimplicit-fallthrough], [WARNING_CFLAGS])
-	CFLAGS_ADD([-Winit-self], [WARNING_CFLAGS])
-	CFLAGS_ADD([-Wlogical-op], [WARNING_CFLAGS])
-	CFLAGS_ADD([-Wmissing-declarations], [WARNING_CFLAGS])
-	CFLAGS_ADD([-Wmissing-field-initializers], [WARNING_CFLAGS])
-	CFLAGS_ADD([-Wmissing-parameter-type], [WARNING_CFLAGS])
-	CFLAGS_ADD([-Wmissing-prototypes], [WARNING_CFLAGS])
-	CFLAGS_ADD([-Wold-style-declaration], [WARNING_CFLAGS])
-	CFLAGS_ADD([-Woverride-init], [WARNING_CFLAGS])
-	CFLAGS_ADD([-Wpointer-arith], [WARNING_CFLAGS])
-	CFLAGS_ADD([-Wredundant-decls], [WARNING_CFLAGS])
-	CFLAGS_ADD([-Wshadow], [WARNING_CFLAGS])
-	CFLAGS_ADD([-Wsign-compare], [WARNING_CFLAGS])
-	CFLAGS_ADD([-Wstrict-aliasing], [WARNING_CFLAGS])
-	CFLAGS_ADD([-Wstrict-overflow=5], [WARNING_CFLAGS])
-	CFLAGS_ADD([-Wstrict-prototypes], [WARNING_CFLAGS])
-	CFLAGS_ADD([-Wtype-limits], [WARNING_CFLAGS])
-	CFLAGS_ADD([-Wuninitialized], [WARNING_CFLAGS])
-	CFLAGS_ADD([-Wunused-but-set-parameter], [WARNING_CFLAGS])
-	CFLAGS_ADD([-Wunused-parameter], [WARNING_CFLAGS])
-	CFLAGS_ADD([-Wwrite-strings], [WARNING_CFLAGS])
-else
-	AC_MSG_RESULT(no)
-fi
-
-# Enable or disable use of git version in pacman version string
-AC_MSG_CHECKING(whether to use git version if available)
-if test "x$wantgitver" = "xyes" ; then
-	AC_CHECK_PROGS([GIT], [git])
-	AC_CHECK_FILE([.git/], hasgitdir=yes)
-	usegitver=$ac_cv_file__git_
-	if test $GIT -a "x$hasgitdir" = "xyes"; then
-		AC_DEFINE([USE_GIT_VERSION], , [Use GIT version in version string])
-	fi
-else
-	AC_MSG_RESULT([no, disabled by configure])
-	usegitver=no
-fi
-AM_CONDITIONAL(USE_GIT_VERSION, test "x$usegitver" = "xyes")
-
-# Set root directory
-AC_SUBST(ROOTDIR)
-AC_DEFINE_UNQUOTED([ROOTDIR], "$ROOTDIR", [The location of the root operating directory])
-# Set package file extension
-AC_SUBST(PKGEXT)
-AC_DEFINE_UNQUOTED([PKGEXT], "$PKGEXT", [The file extension used by pacman packages])
-# Set source package file extension
-AC_SUBST(SRCEXT)
-AC_DEFINE_UNQUOTED([SRCEXT], "$SRCEXT", [The file extension used by pacman source packages])
-# Set makepkg build script name
-AC_SUBST(BUILDSCRIPT)
-AC_DEFINE_UNQUOTED([BUILDSCRIPT], "$BUILDSCRIPT", [The build script name used by makepkg])
-# Set makepkg-template template directory
-AC_SUBST(TEMPLATE_DIR)
-AC_DEFINE_UNQUOTED([TEMPLATE_DIR], "$TEMPLATE_DIR", [The template directory used by makepkg-teplate])
-# Set makepkg split debugging symbol package suffix
-AC_SUBST(DEBUGSUFFIX)
-AC_DEFINE_UNQUOTED([DEBUGSUFFIX], "$DEBUGSUFFIX", [The suffix for debugging symbol packages used by makepkg])
-# Set shell used by install scriptlets
-AC_SUBST(SCRIPTLET_SHELL)
-AC_DEFINE_UNQUOTED([SCRIPTLET_SHELL], "$SCRIPTLET_SHELL", [The full path of the shell used to run install scriptlets])
-# Set ldconfig path
-AC_SUBST(LDCONFIG)
-AC_DEFINE_UNQUOTED([LDCONFIG], "$LDCONFIG", [The full path to ldconfig])
-
-
-# Configuration files
-AC_CONFIG_FILES([
-lib/libalpm/Makefile
-lib/libalpm/po/Makefile.in
-lib/libalpm/libalpm.pc
-src/common/Makefile
-src/pacman/Makefile
-src/pacman/po/Makefile.in
-src/util/Makefile
-scripts/Makefile
-scripts/po/Makefile.in
-doc/Makefile
-etc/Makefile
-test/pacman/Makefile
-test/pacman/tests/Makefile
-test/scripts/Makefile
-test/util/Makefile
-Makefile
-])
-AC_OUTPUT
-
-echo "
-${PACKAGE_NAME}:
-
-  Build information:
-    source code location   : ${srcdir}
-    prefix                 : ${prefix}
-    sysconfdir             : $(eval echo ${sysconfdir})
-       conf file           : $(eval echo ${sysconfdir})/pacman.conf
-    localstatedir          : $(eval echo ${localstatedir})
-       database dir        : $(eval echo ${localstatedir})/lib/pacman/
-       cache dir           : $(eval echo ${localstatedir})/cache/pacman/pkg/
-
-    compiler               : ${CC}
-    preprocessor flags     : ${CPPFLAGS}
-    compiler flags         : ${WARNING_CFLAGS} ${CFLAGS}
-    library flags          : ${LIBS} ${LIBSSL_LIBS} ${NETTLE_LIBS} ${LIBARCHIVE_LIBS} ${LIBCURL_LIBS} ${GPGME_LIBS}
-    linker flags           : ${LDFLAGS}
-
-    Architecture           : ${CARCH}
-    Host Type              : ${CHOST}
-    File inode command     : ${INODECMD}
-    File owner command     : ${OWNERCMD}
-    File mode command      : ${MODECMD}
-    In-place sed command   : ${SEDPATH} ${SEDINPLACEFLAGS}
-
-    libalpm version        : ${LIB_VERSION}
-    libalpm version info   : ${LIB_VERSION_INFO}
-    pacman version         : ${PACKAGE_VERSION}
-    using git version      : ${usegitver}
-
-  Directory and file information:
-    root working directory : ${ROOTDIR}
-    package extension      : ${PKGEXT}
-    source pkg extension   : ${SRCEXT}
-    build script name      : ${BUILDSCRIPT}
-    template directory     : ${TEMPLATE_DIR}
-
-  Compilation options:
-    Use libcurl            : ${have_libcurl}
-    Use GPGME              : ${have_gpgme}
-    Use OpenSSL            : ${have_openssl}
-    Use nettle             : ${have_nettle}
-    Run make in doc/ dir   : ${wantdoc} ${asciidoc}
-    Doxygen support        : ${usedoxygen}
-    debug support          : ${debug}
-    extra warning flags    : ${warningflags}
-    use git version        : ${wantgitver}
-"
--- a/doc/BUILDINFO.5.asciidoc
+++ b/doc/BUILDINFO.5.asciidoc
@ -1,6 +1,3 @@
-/////
-vim:set ts=4 sw=4 syntax=asciidoc noet spell spelllang=en_us:
-/////
 BUILDINFO(5)
 ============

@ -14,14 +11,14 @@ Synopsis
 This manual page describes the format of a BUILDINFO file found in the root of
 a package created by makepkg. The file contains a description of the package's
 build environment. The information is formatted in key-value pairs separated by
-a '=', one value per line. Arrays are represented multiple keys with the same
-value.
+a '=', one value per line. Arrays are represented as multiple key-value pairs
+having the same key.


 Description
 -----------

-This is a description of the contents of version '1' of the
+This is a description of the contents of version '2' of the
 BUILDINFO file format.

 *format*::
@ -53,6 +50,18 @@ BUILDINFO file format.
 *builddir*::
 	The directory where the package was built.

+*startdir*::
+	The directory from which makepkg was executed.
+
+*buildtool*::
+	The name of the tool ecosystem used to set up the build environment. Used
+	for defining a spec for reproducible builds, e.g. the source of the
+	linkman:makepkg.conf[5] used.
+
+*buildtoolver*::
+	The full version of the 'buildtool', for example:
+	"$pkgver-$pkgrel-$pkgarch".
+
 *buildenv (array)*::
 	The build environment specified in makepkg.conf.

--- a/doc/Doxyfile.in
+++ b/doc/Doxyfile.in
@ -1,4 +1,4 @@
-# Doxyfile 1.8.2
+# Doxyfile 1.9.3

 #---------------------------------------------------------------------------
 # Project related configuration options
@ -10,6 +10,7 @@ PROJECT_BRIEF          = "Arch Linux Package Manager Library"
 PROJECT_LOGO           =
 OUTPUT_DIRECTORY       = @OUTPUT_DIRECTORY@
 CREATE_SUBDIRS         = NO
+ALLOW_UNICODE_NAMES    = NO
 OUTPUT_LANGUAGE        = English
 BRIEF_MEMBER_DESC      = YES
 REPEAT_BRIEF           = YES
@ -31,41 +32,47 @@ STRIP_FROM_PATH        =
 STRIP_FROM_INC_PATH    =
 SHORT_NAMES            = NO
 JAVADOC_AUTOBRIEF      = YES
+JAVADOC_BANNER         = NO
 QT_AUTOBRIEF           = NO
 MULTILINE_CPP_IS_BRIEF = NO
+PYTHON_DOCSTRING       = YES
 INHERIT_DOCS           = YES
 SEPARATE_MEMBER_PAGES  = NO
 TAB_SIZE               = 4
 ALIASES                =
-TCL_SUBST              =
 OPTIMIZE_OUTPUT_FOR_C  = YES
 OPTIMIZE_OUTPUT_JAVA   = NO
 OPTIMIZE_FOR_FORTRAN   = NO
 OPTIMIZE_OUTPUT_VHDL   = NO
+OPTIMIZE_OUTPUT_SLICE  = NO
 EXTENSION_MAPPING      =
 MARKDOWN_SUPPORT       = YES
+TOC_INCLUDE_HEADINGS   = 5
 AUTOLINK_SUPPORT       = YES
 BUILTIN_STL_SUPPORT    = NO
 CPP_CLI_SUPPORT        = NO
 SIP_SUPPORT            = NO
 IDL_PROPERTY_SUPPORT   = YES
 DISTRIBUTE_GROUP_DOC   = NO
+GROUP_NESTED_COMPOUNDS = NO
 SUBGROUPING            = YES
 INLINE_GROUPED_CLASSES = NO
-INLINE_SIMPLE_STRUCTS  = NO
-TYPEDEF_HIDES_STRUCT   = NO
-SYMBOL_CACHE_SIZE      = 0
+INLINE_SIMPLE_STRUCTS  = YES
+TYPEDEF_HIDES_STRUCT   = YES
 LOOKUP_CACHE_SIZE      = 0
+NUM_PROC_THREADS       = 1
 #---------------------------------------------------------------------------
 # Build related configuration options
 #---------------------------------------------------------------------------
 EXTRACT_ALL            = NO
 EXTRACT_PRIVATE        = NO
+EXTRACT_PRIV_VIRTUAL   = NO
 EXTRACT_PACKAGE        = NO
 EXTRACT_STATIC         = NO
 EXTRACT_LOCAL_CLASSES  = YES
 EXTRACT_LOCAL_METHODS  = NO
 EXTRACT_ANON_NSPACES   = NO
+RESOLVE_UNNAMED_PARAMS = YES
 HIDE_UNDOC_MEMBERS     = NO
 HIDE_UNDOC_CLASSES     = NO
 HIDE_FRIEND_COMPOUNDS  = NO
@ -73,7 +80,10 @@ HIDE_IN_BODY_DOCS      = YES
 INTERNAL_DOCS          = NO
 CASE_SENSE_NAMES       = YES
 HIDE_SCOPE_NAMES       = NO
+HIDE_COMPOUND_REFERENCE= NO
+SHOW_HEADERFILE        = YES
 SHOW_INCLUDE_FILES     = YES
+SHOW_GROUPED_MEMB_INC  = NO
 FORCE_LOCAL_INCLUDES   = NO
 INLINE_INFO            = YES
 SORT_MEMBER_DOCS       = YES
@ -95,26 +105,30 @@ FILE_VERSION_FILTER    =
 LAYOUT_FILE            =
 CITE_BIB_FILES         =
 #---------------------------------------------------------------------------
-# configuration options related to warning and progress messages
+# Configuration options related to warning and progress messages
 #---------------------------------------------------------------------------
 QUIET                  = NO
 WARNINGS               = YES
 WARN_IF_UNDOCUMENTED   = YES
 WARN_IF_DOC_ERROR      = YES
+WARN_IF_INCOMPLETE_DOC = YES
 WARN_NO_PARAMDOC       = NO
+WARN_AS_ERROR          = NO
 WARN_FORMAT            = "$file:$line: $text"
 WARN_LOGFILE           =
 #---------------------------------------------------------------------------
-# configuration options related to the input files
+# Configuration options related to the input files
 #---------------------------------------------------------------------------
-INPUT                  = ../lib/libalpm/
+INPUT                  = @INPUT_DIRECTORY@/../lib/libalpm/alpm.h \
+                         @INPUT_DIRECTORY@/../lib/libalpm/alpm_list.h
 INPUT_ENCODING         = UTF-8
 FILE_PATTERNS          =
 RECURSIVE              = NO
 EXCLUDE                =
 EXCLUDE_SYMLINKS       = NO
 EXCLUDE_PATTERNS       =
-EXCLUDE_SYMBOLS        =
+EXCLUDE_SYMBOLS        = _alpm_* \
+                         __alpm_*
 EXAMPLE_PATH           =
 EXAMPLE_PATTERNS       = *
 EXAMPLE_RECURSIVE      = NO
@ -123,8 +137,9 @@ INPUT_FILTER           =
 FILTER_PATTERNS        =
 FILTER_SOURCE_FILES    = NO
 FILTER_SOURCE_PATTERNS =
+USE_MDFILE_AS_MAINPAGE =
 #---------------------------------------------------------------------------
-# configuration options related to source browsing
+# Configuration options related to source browsing
 #---------------------------------------------------------------------------
 SOURCE_BROWSER         = NO
 INLINE_SOURCES         = NO
@ -132,16 +147,16 @@ STRIP_CODE_COMMENTS    = NO
 REFERENCED_BY_RELATION = YES
 REFERENCES_RELATION    = YES
 REFERENCES_LINK_SOURCE = YES
+SOURCE_TOOLTIPS        = YES
 USE_HTAGS              = NO
 VERBATIM_HEADERS       = YES
 #---------------------------------------------------------------------------
-# configuration options related to the alphabetical class index
+# Configuration options related to the alphabetical class index
 #---------------------------------------------------------------------------
 ALPHABETICAL_INDEX     = NO
-COLS_IN_ALPHA_INDEX    = 5
 IGNORE_PREFIX          =
 #---------------------------------------------------------------------------
-# configuration options related to the HTML output
+# Configuration options related to the HTML output
 #---------------------------------------------------------------------------
 GENERATE_HTML          = NO
 HTML_OUTPUT            = html
@ -154,11 +169,12 @@ HTML_EXTRA_FILES       =
 HTML_COLORSTYLE_HUE    = 220
 HTML_COLORSTYLE_SAT    = 100
 HTML_COLORSTYLE_GAMMA  = 80
-HTML_TIMESTAMP         = YES
+HTML_DYNAMIC_MENUS     = YES
 HTML_DYNAMIC_SECTIONS  = NO
 HTML_INDEX_NUM_ENTRIES = 100
 GENERATE_DOCSET        = NO
 DOCSET_FEEDNAME        = "Doxygen generated docs"
+DOCSET_FEEDURL         =
 DOCSET_BUNDLE_ID       = org.doxygen.Project
 DOCSET_PUBLISHER_ID    = org.doxygen.Publisher
 DOCSET_PUBLISHER_NAME  = Publisher
@ -181,36 +197,50 @@ GENERATE_ECLIPSEHELP   = NO
 ECLIPSE_DOC_ID         = org.doxygen.Project
 DISABLE_INDEX          = NO
 GENERATE_TREEVIEW      = NO
+FULL_SIDEBAR           = NO
 ENUM_VALUES_PER_LINE   = 4
 TREEVIEW_WIDTH         = 250
 EXT_LINKS_IN_WINDOW    = NO
+OBFUSCATE_EMAILS       = YES
+HTML_FORMULA_FORMAT    = png
 FORMULA_FONTSIZE       = 10
-FORMULA_TRANSPARENT    = YES
+FORMULA_MACROFILE      =
 USE_MATHJAX            = NO
+MATHJAX_VERSION        = MathJax_2
+MATHJAX_FORMAT         = HTML-CSS
 MATHJAX_RELPATH        = http://www.mathjax.org/mathjax
 MATHJAX_EXTENSIONS     =
+MATHJAX_CODEFILE       =
 SEARCHENGINE           = NO
 SERVER_BASED_SEARCH    = NO
+EXTERNAL_SEARCH        = NO
+SEARCHENGINE_URL       =
+SEARCHDATA_FILE        = searchdata.xml
+EXTERNAL_SEARCH_ID     =
+EXTRA_SEARCH_MAPPINGS  =
 #---------------------------------------------------------------------------
-# configuration options related to the LaTeX output
+# Configuration options related to the LaTeX output
 #---------------------------------------------------------------------------
 GENERATE_LATEX         = NO
 LATEX_OUTPUT           = latex
 LATEX_CMD_NAME         = latex
 MAKEINDEX_CMD_NAME     = makeindex
+LATEX_MAKEINDEX_CMD    = makeindex
 COMPACT_LATEX          = NO
 PAPER_TYPE             = letter
 EXTRA_PACKAGES         =
 LATEX_HEADER           =
 LATEX_FOOTER           =
+LATEX_EXTRA_STYLESHEET =
+LATEX_EXTRA_FILES      =
 PDF_HYPERLINKS         = NO
 USE_PDFLATEX           = NO
 LATEX_BATCHMODE        = NO
 LATEX_HIDE_INDICES     = NO
-LATEX_SOURCE_CODE      = NO
 LATEX_BIB_STYLE        = plain
+LATEX_EMOJI_DIRECTORY  =
 #---------------------------------------------------------------------------
-# configuration options related to the RTF output
+# Configuration options related to the RTF output
 #---------------------------------------------------------------------------
 GENERATE_RTF           = NO
 RTF_OUTPUT             = rtf
@ -219,26 +249,31 @@ RTF_HYPERLINKS         = NO
 RTF_STYLESHEET_FILE    =
 RTF_EXTENSIONS_FILE    =
 #---------------------------------------------------------------------------
-# configuration options related to the man page output
+# Configuration options related to the man page output
 #---------------------------------------------------------------------------
 GENERATE_MAN           = YES
 MAN_OUTPUT             = .
 MAN_EXTENSION          = .3
+MAN_SUBDIR             =
 MAN_LINKS              = NO
 #---------------------------------------------------------------------------
-# configuration options related to the XML output
+# Configuration options related to the XML output
 #---------------------------------------------------------------------------
 GENERATE_XML           = NO
 XML_OUTPUT             = xml
-XML_SCHEMA             =
-XML_DTD                =
 XML_PROGRAMLISTING     = YES
+XML_NS_MEMB_FILE_SCOPE = NO
 #---------------------------------------------------------------------------
-# configuration options for the AutoGen Definitions output
+# Configuration options related to the DOCBOOK output
+#---------------------------------------------------------------------------
+GENERATE_DOCBOOK       = NO
+DOCBOOK_OUTPUT         = docbook
+#---------------------------------------------------------------------------
+# Configuration options for the AutoGen Definitions output
 #---------------------------------------------------------------------------
 GENERATE_AUTOGEN_DEF   = NO
 #---------------------------------------------------------------------------
-# configuration options related to the Perl module output
+# Configuration options related to the Perl module output
 #---------------------------------------------------------------------------
 GENERATE_PERLMOD       = NO
 PERLMOD_LATEX          = NO
@ -254,7 +289,6 @@ SEARCH_INCLUDES        = YES
 INCLUDE_PATH           = ../..
 INCLUDE_FILE_PATTERNS  = *.h
 PREDEFINED             = HAVE_CONFIG_H= \
-                         SYMHIDDEN= \
                         SYMEXPORT= \
                         HAVE_LIBARCHIVE \
                         HAVE_LIBCURL \
@ -262,29 +296,28 @@ PREDEFINED             = HAVE_CONFIG_H= \
 EXPAND_AS_DEFINED      =
 SKIP_FUNCTION_MACROS   = YES
 #---------------------------------------------------------------------------
-# Configuration::additions related to external references
+# Configuration options related to external references
 #---------------------------------------------------------------------------
 TAGFILES               =
 GENERATE_TAGFILE       =
 ALLEXTERNALS           = NO
 EXTERNAL_GROUPS        = YES
-PERL_PATH              = /usr/bin/perl
+EXTERNAL_PAGES         = YES
 #---------------------------------------------------------------------------
 # Configuration options related to the dot tool
 #---------------------------------------------------------------------------
-CLASS_DIAGRAMS         = NO
-MSCGEN_PATH            =
+DIA_PATH               =
 HIDE_UNDOC_RELATIONS   = YES
 HAVE_DOT               = YES
 DOT_NUM_THREADS        = 0
-DOT_FONTNAME           = Helvetica
-DOT_FONTSIZE           = 10
 DOT_FONTPATH           =
 CLASS_GRAPH            = YES
 COLLABORATION_GRAPH    = YES
 GROUP_GRAPHS           = YES
 UML_LOOK               = NO
 UML_LIMIT_NUM_FIELDS   = 10
+DOT_UML_DETAILS        = NO
+DOT_WRAP_THRESHOLD     = 17
 TEMPLATE_RELATIONS     = NO
 INCLUDE_GRAPH          = YES
 INCLUDED_BY_GRAPH      = YES
@ -292,14 +325,18 @@ CALL_GRAPH             = NO
 CALLER_GRAPH           = NO
 GRAPHICAL_HIERARCHY    = YES
 DIRECTORY_GRAPH        = YES
+DIR_GRAPH_MAX_DEPTH    = 1
 DOT_IMAGE_FORMAT       = png
 INTERACTIVE_SVG        = NO
 DOT_PATH               =
 DOTFILE_DIRS           =
 MSCFILE_DIRS           =
+DIAFILE_DIRS           =
+PLANTUML_JAR_PATH      =
+PLANTUML_CFG_FILE      =
+PLANTUML_INCLUDE_PATH  =
 DOT_GRAPH_MAX_NODES    = 50
 MAX_DOT_GRAPH_DEPTH    = 3
-DOT_TRANSPARENT        = NO
 DOT_MULTI_TARGETS      = NO
 GENERATE_LEGEND        = YES
 DOT_CLEANUP            = YES
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@ -1,160 +0,0 @@
-# We have to do some funny stuff here with the manpages. In order to ensure
-# a dist tarball doesn't get put out there without manpages, we keep those
-# files listed in EXTRA_DIST no matter what. However, we only add them to
-# man_MANS if --enable-asciidoc and/or --enable-doxygen are used.
-
-MANPAGES = \
-	alpm-hooks.5 \
-	pacman.8 \
-	makepkg.8 \
-	makepkg-template.1 \
-	repo-add.8 \
-	vercmp.8 \
-	pkgdelta.8 \
-	pacman-key.8 \
-	PKGBUILD.5 \
-	makepkg.conf.5 \
-	pacman.conf.5 \
-	libalpm.3 \
-	BUILDINFO.5 \
-	pacman-conf.8
-
-DOXYGEN_MANS = $(wildcard man3/*.3)
-
-HTML_MANPAGES = $(addsuffix .html,$(MANPAGES))
-
-HTML_OTHER = \
-	index.html \
-	submitting-patches.html \
-	translation-help.html \
-	HACKING.html
-
-HTML_DOCS = \
-	$(HTML_MANPAGES) \
-	$(HTML_OTHER)
-
-EXTRA_DIST = \
-	asciidoc.conf \
-	asciidoc-override.css \
-	alpm-hooks.5.asciidoc \
-	pacman.8.asciidoc \
-	makepkg.8.asciidoc \
-	makepkg-template.1.asciidoc \
-	repo-add.8.asciidoc \
-	vercmp.8.asciidoc \
-	pkgdelta.8.asciidoc \
-	pacman-key.8.asciidoc \
-	PKGBUILD.5.asciidoc \
-	PKGBUILD-example.txt \
-	makepkg.conf.5.asciidoc \
-	pacman.conf.5.asciidoc \
-	BUILDINFO.5.asciidoc \
-	libalpm.3.asciidoc \
-	footer.asciidoc \
-	index.asciidoc \
-	submitting-patches.asciidoc \
-	translation-help.asciidoc \
-	$(MANPAGES) \
-	$(DOXYGEN_MANS)
-
-# Files that should be removed, but which Automake does not know.
-MOSTLYCLEANFILES = *.xml $(MANPAGES) $(HTML_DOCS) repo-remove.8 website.tar.gz
-
-# Ensure manpages are fresh when building a dist tarball
-dist-hook:
-	$(MAKE) $(AM_MAKEFLAGS) clean
-	$(MAKE) $(AM_MAKEFLAGS) all
-
-if USE_GIT_VERSION
-GIT_VERSION := $(shell sh -c 'git describe --abbrev=4 --dirty | sed s/^v//')
-REAL_PACKAGE_VERSION = $(GIT_VERSION)
-else
-REAL_PACKAGE_VERSION = $(PACKAGE_VERSION)
-endif
-
-man_MANS =
-dist_man_MANS = $(MANPAGES)
-
-if USE_DOXYGEN
-man_MANS += $(DOXYGEN_MANS)
-
-all-local: doxygen.in
-
-Doxyfile: Doxyfile.in
-	sed 's,@OUTPUT_DIRECTORY@,./,' Doxyfile.in >Doxyfile
-
-doxygen.in: Doxyfile
-	$(DOXYGEN) $(srcdir)/Doxyfile
-endif
-
-man: $(MANPAGES)
-html: $(HTML_DOCS)
-
-website: website.tar.gz
-
-.PHONY: html website
-
-website.tar.gz: html
-	$(AM_V_GEN)bsdtar czf $@ $(HTML_DOCS) \
-		asciidoc-override.css \
-		-C /etc/asciidoc/stylesheets/ \
-		asciidoc.css \
-		-C /etc/asciidoc/javascripts/ \
-		asciidoc.js \
-		-C /etc/asciidoc/ \
-		images
-
-pkgdatadir = ${datadir}/${PACKAGE}
-
-ASCIIDOC_OPTS = \
-	-f $(srcdir)/asciidoc.conf \
-	-a pacman_version="$(REAL_PACKAGE_VERSION)" \
-	-a pacman_date="`date +%Y-%m-%d`" \
-	-a pkgdatadir=$(pkgdatadir) \
-	-a localstatedir=$(localstatedir) \
-	-a sysconfdir=$(sysconfdir) \
-	-a datarootdir=$(datarootdir) \
-	-a rootdir=$(ROOTDIR)
-
-A2X_OPTS = \
-	--no-xmllint \
-	-d manpage \
-	-f manpage \
-	--xsltproc-opts='-param man.endnotes.list.enabled 0 -param man.endnotes.are.numbered 0'
-
-# Generate manpages
-%: %.asciidoc asciidoc.conf footer.asciidoc Makefile.am
-	$(AM_V_GEN)a2x $(A2X_OPTS) --asciidoc-opts="$(ASCIIDOC_OPTS) --out-file=./$@.xml" $(srcdir)/$@.asciidoc
-
-# Generate HTML pages
-%.html: %.asciidoc asciidoc.conf footer.asciidoc Makefile.am
-	$(AM_V_GEN)asciidoc $(ASCIIDOC_OPTS) -o - $*.asciidoc | \
-		sed -e 's/\r$$//' > $@
-
-HACKING.html: ../HACKING
-	$(AM_V_GEN)asciidoc $(ASCIIDOC_OPTS) -o - ../HACKING | \
-		sed -e 's/\r$$//' > $@
-
-# Customizations for certain HTML docs
-%.html: ASCIIDOC_OPTS += -a linkcss -a toc -a icons -a max-width=960px -a stylesheet=asciidoc-override.css
-%.8.html: ASCIIDOC_OPTS += -d manpage
-%.5.html: ASCIIDOC_OPTS += -d manpage
-%.3.html: ASCIIDOC_OPTS += -d manpage
-
-# Custom dependency rules
-PKGBUILD.5 PKGBUILD.5.html: PKGBUILD.5.asciidoc PKGBUILD-example.txt
-
-# Manpages as symlinks
-repo-remove.8: repo-add.8
-	$(RM) repo-remove.8
-	$(LN_S) repo-add.8 repo-remove.8
-
-install-data-hook:
-	cd $(DESTDIR)$(mandir)/man8 && \
-		$(RM) repo-remove.8 && \
-		( $(LN_S) repo-add.8 repo-remove.8 || \
-		ln repo-add.8 repo-remove.8 || \
-		cp repo-add.8 repo-remove.8 )
-
-uninstall-hook:
-	$(RM) $(DESTDIR)$(mandir)/man8/repo-remove.8
--- a/doc/PKGBUILD-example.txt
+++ b/doc/PKGBUILD-example.txt
@ -12,8 +12,8 @@ depends=('glibc')
 makedepends=('ed')
 optdepends=('ed: for "patch -e" functionality')
 source=("ftp://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.xz"{,.sig})
-md5sums=('e9ae5393426d3ad783a300a338c09b72'
-         'SKIP')
+sha256sums=('9124ba46db0abd873d0995c2ca880e81252676bb6c03e0a37dfc5f608a9b0ceb'
+            'SKIP')

 build() {
 	cd "$srcdir/$pkgname-$pkgver"
--- a/doc/PKGBUILD.5.asciidoc
+++ b/doc/PKGBUILD.5.asciidoc
@ -3,7 +3,7 @@ PKGBUILD(5)

 Name
 ----
-PKGBUILD - Arch Linux package build description file
+PKGBUILD - Package build description file


 Synopsis
@ -84,14 +84,7 @@ systems (see below).

 *license (array)*::
 	This field specifies the license(s) that apply to the package.
-	Commonly used licenses can be found in '/usr/share/licenses/common'. If you
-	see the package's license there, simply reference it in the license
-	field (e.g., `license=('GPL')`). If the package provides a license not
-	available in '/usr/share/licenses/common', then you should include it
-	in the package itself and set `license=('custom')` or
-	`license=('custom:LicenseName')`. The license should be placed in
-	'$pkgdir/usr/share/licenses/$pkgname/' when building the package. If
-	multiple licenses are applicable, list all of them:
+	If multiple licenses are applicable, list all of them:
 	`license=('GPL' 'FDL')`.

 *install*::
@ -118,7 +111,7 @@ systems (see below).
 +
 Additional architecture-specific sources can be added by appending an
 underscore and the architecture name e.g., 'source_x86_64=()'. There must be a
-corresponding integrity array with checksums, e.g. 'md5sums_x86_64=()'.
+corresponding integrity array with checksums, e.g. 'cksums_x86_64=()'.
 +
 It is also possible to change the name of the downloaded file, which is helpful
 with weird URLs and for handling multiple source files with the same
@ -146,17 +139,19 @@ contain whitespace characters.
 	listed here will not be extracted with the rest of the source files. This
 	is useful for packages that use compressed data directly.

-*md5sums (array)*::
-	This array contains an MD5 hash for every source file specified in the
+*cksums (array)*::
+	This array contains CRC checksums for every source file specified in the
 	source array (in the same order). makepkg will use this to verify source
 	file integrity during subsequent builds. If 'SKIP' is put in the array
 	in place of a normal hash, the integrity check for that source file will
-	be skipped. To easily generate md5sums, run ``makepkg -g >> PKGBUILD''.
-	If desired, move the md5sums line to an appropriate location.
+	be skipped. To easily generate cksums, run ``makepkg -g >> PKGBUILD''.
+	If desired, move the cksums line to an appropriate location.  Note that
+	checksums generated by "makepkg -g" should be verified using checksum
+	values provided by the software developer.

-*sha1sums, sha224sums, sha256sums, sha384sums, sha512sums, b2sums (arrays)*::
+*md5sums, sha1sums, sha224sums, sha256sums, sha384sums, sha512sums, b2sums (arrays)*::
 	Alternative integrity checks that makepkg supports; these all behave
-	similar to the md5sums option described above. To enable use and generation
+	similar to the cksums option described above. To enable use and generation
 	of these checksums, be sure to set up the `INTEGRITY_CHECK` option in
 	linkman:makepkg.conf[5].

@ -185,11 +180,6 @@ contain whitespace characters.
 	than or equal to), `<=` (less than or equal to), `=` (equal to), `>`
 	(greater than), or `<` (less than).
 +
-If the dependency name appears to be a library (ends with .so), makepkg will
-try to find a binary that depends on the library in the built package and
-append the version needed by the binary. Appending the version yourself
-disables automatic detection.
-+
 Additional architecture-specific depends can be added by appending an
 underscore and the architecture name e.g., 'depends_x86_64=()'.

@ -243,10 +233,6 @@ example, dcron can provide 'cron=2.0' to satisfy the 'cron>=2.0' dependency of
 other packages. Provisions involving the `>` and `<` operators are invalid as
 only specific versions of a package may be provided.
 +
-If the provision name appears to be a library (ends with .so), makepkg will
-try to find the library in the built package and append the correct
-version. Appending the version yourself disables automatic detection.
-+
 Additional architecture-specific provides can be added by appending an
 underscore and the architecture name e.g., 'provides_x86_64=()'.

@ -296,23 +282,23 @@ underscore and the architecture name e.g., 'replaces_x86_64=()'.
 		Compress man and info pages with gzip.

 	*ccache*;;
-		Allow the use of ccache during build. More useful in its negative
+		Allow the use of ccache during `build()`. More useful in its negative
 		form `!ccache` with select packages that have problems building
 		with ccache.

 	*distcc*;;
-		Allow the use of distcc during build. More useful in its negative
+		Allow the use of distcc during `build()`. More useful in its negative
 		form `!distcc` with select packages that have problems building
 		with distcc.

 	*buildflags*;;
 		Allow the use of user-specific buildflags (CPPFLAGS, CFLAGS, CXXFLAGS,
-		LDFLAGS) during build as specified in linkman:makepkg.conf[5]. More
+		LDFLAGS) during `build()` as specified in linkman:makepkg.conf[5]. More
 		useful in its negative form `!buildflags` with select packages that
 		have problems building with custom buildflags.

 	*makeflags*;;
-		Allow the use of user-specific makeflags during build as specified
+		Allow the use of user-specific makeflags during `build()` as specified
 		in linkman:makepkg.conf[5]. More useful in its negative form
 		`!makeflags` with select packages that have problems building with
 		custom makeflags such as `-j2` (or higher).
@ -323,6 +309,19 @@ underscore and the architecture name e.g., 'replaces_x86_64=()'.
 		When used in combination with the `strip' option, a separate package
 		containing the debug symbols is created.

+	*lto*;;
+		Enable building packages using link time optimization. Adds '-flto'
+		to both CFLAGS and CXXFLAGS.
+
+*xdata (array)*::
+	This array allows you to add additional metadata to the package.
+	This data is neither used by pacman nor by makepkg;
+	It has purely informational purpose, or may be interpreted by third-party tools.
+
+All entries in that array must have the form 'key=value', where
+'key' is an arbitrary non-empty string and 'value' must not contain an equal sign.
+Furthermore, the key ``pkgtype'' is reserved for the makepkg program.
+

 Packaging Functions
 -------------------
@ -332,12 +331,27 @@ PKGBUILD must contain a `package()` function which installs all the package's
 files into the packaging directory, with optional `prepare()`, `build()`, and
 `check()` functions being used to create those files from source.

+This is directly sourced and executed by makepkg, so anything that Bash or the
+system has available is available for use here. Be sure any exotic commands
+used are covered by the `makedepends` array.
+
+If you create any variables of your own in any of these functions, it is
+recommended to use the Bash `local` keyword to scope the variable to inside the
+function.
+
 *package() Function*::
 	The `package()` function is used to install files into the directory that
 	will become the root directory of the built package and is run after all
 	the optional functions listed below. The packaging stage is run using
 	fakeroot to ensure correct file permissions in the resulting package.
 	All other functions will be run as the user calling makepkg.
+	This function is run inside `$srcdir`.
+
+*verify() Function*::
+	An optional `verify()` function can be specified to implement arbitrary
+	source authentication. The function should return a non-zero exit code when
+	verification fails. This function is run before sources are extracted.
+	This function is run inside `$startdir`.

 *prepare() Function*::
 	An optional `prepare()` function can be specified in which operations to
@ -345,23 +359,19 @@ files into the packaging directory, with optional `prepare()`, `build()`, and
 	function is run after the source extraction and before the `build()`
 	function. The `prepare()` function is skipped when source extraction
 	is skipped.
+	This function is run inside `$srcdir`.

 *build() Function*::
-	The optional `build()` function is use to compile and/or adjust the source
-	files in preparation to be installed by the `package()` function. This is
-	directly sourced and executed by makepkg, so anything that Bash or the
-	system has available is available for use here. Be sure any exotic
-	commands used are covered by the `makedepends` array.
-+
-If you create any variables of your own in the `build()` function, it is
-recommended to use the Bash `local` keyword to scope the variable to inside
-the `build()` function.
+	The optional `build()` function is used to compile and/or adjust the source
+	files in preparation to be installed by the `package()` function.
+	This function is run inside `$srcdir`.

 *check() Function*::
 	An optional `check()` function can be specified in which a package's
 	test-suite may be run. This function is run between the `build()` and
 	`package()` functions. Be sure any exotic commands used are covered by the
 	`checkdepends` array.
+	This function is run inside `$srcdir`.

 All of the above variables such as `$pkgname` and `$pkgver` are available for
 use in the packaging functions. In addition, makepkg defines the following
@ -371,7 +381,6 @@ variables:
 	This contains the directory where makepkg extracts, or copies, all source
 	files.
 +
-All of the packaging functions defined above are run starting inside `$srcdir`

 *pkgdir*::
 	This contains the directory where makepkg bundles the installed package.
@ -465,11 +474,16 @@ reference with all of the available functions defined.
 Using VCS Sources[[VCS]]
 ------------------------
 Building a developmental version of a package using sources from a version
-control system (VCS) is enabled by specifying the source in the form
-`source=('directory::url#fragment?query')`. Currently makepkg supports the
-Bazaar, Git, Subversion, and Mercurial version control systems. For other
-version control systems, manual cloning of upstream repositories must be done
-in the `prepare()` function.
+control system (VCS) is enabled by specifying the source in the form:
+
+	source=('directory::url#fragment?query')
+
+Currently makepkg supports the Bazaar, Git, Subversion, Fossil and Mercurial
+version control systems. For other version control systems, manual cloning of
+upstream repositories must be done in the `prepare()` function.
+
+Some <<VCS,VCS Sources>> like Git support pinning the checkout by a checksum of
+its content using deterministic export functionality like ``git archive''.

 The source URL is divided into four components:

@ -487,13 +501,16 @@ The source URL is divided into four components:

 *fragment*::
 	(optional) Allows specifying a revision number or branch for makepkg to checkout
-	from the VCS. For example, to checkout a given revision, the source line would
-	have the format `source=(url#revision=123)`. The available fragments depends on
-	the VCS being used:
+	from the VCS. A fragment has the form `type=value`, for example to checkout a
+	given revision the source line would be `source=(url#revision=123)`. The
+	available types depends on the VCS being used:

 	*bzr*;;
 		revision (see `'bzr help revisionspec'` for details)

+	*fossil*;;
+		branch, commit, tag
+
 	*git*;;
 		branch, commit, tag

@ -512,8 +529,7 @@ The source URL is divided into four components:
 Example
 -------
 The following is an example PKGBUILD for the 'patch' package. For more
-examples, look through the build files of your distribution's packages. For
-those using Arch Linux, consult the Arch Build System (ABS) tree.
+examples, look through the build files of your distribution's packages.

 [source,sh]
 -------------------------------
--- a/doc/alpm-hooks.5.asciidoc
+++ b/doc/alpm-hooks.5.asciidoc
@ -12,7 +12,7 @@ SYNOPSIS
 --------
 [Trigger] (Required, Repeatable)
 Operation = Install|Upgrade|Remove (Required, Repeatable)
-Type = File|Package (Required)
+Type = Path|Package (Required)
 Target = <Path|PkgName> (Required, Repeatable)

 [Action] (Required)
@ -49,19 +49,20 @@ defined the hook will run if the transaction matches *any* of the triggers.
 	Select the type of operation to match targets against.  May be specified
 	multiple times.  Installations are considered an upgrade if the package or
 	file is already present on the system regardless of whether the new package
-	version is actually greater than the currently installed version.  For File
+	version is actually greater than the currently installed version.  For Path
 	triggers, this is true even if the file changes ownership from one package
 	to another.  Required.

-*Type =* File|Package::
+*Type =* Path|Package::
 	Select whether targets are matched against transaction packages or files.
-	See CAVEATS for special notes regarding File triggers.  Required.
+	See CAVEATS for special notes regarding Path triggers. 'File' is a deprecated
+	alias for 'Path' and will be removed in a future release.  Required.

 *Target =* <path|package>::
-	The file path or package name to match against the active transaction.
-	File paths refer to the files in the package archive; the installation root
+	The path or package name to match against the active transaction.
+	Paths refer to the files in the package archive; the installation root
 	should *not* be included in the path.  Shell-style glob patterns are
-	allowed. It is possible to invert matches by prepending a file with an
+	allowed. It is possible to invert matches by prepending a target with an
 	exclamation mark. May be specified multiple times. Required.

 ACTIONS
@ -119,7 +120,7 @@ Exec = /usr/bin/sync
 CAVEATS
 -------

-There are situations when file triggers may act in unexpected ways.  Hooks are
+There are situations when path triggers may act in unexpected ways.  Hooks are
 triggered using the file list of the installed, upgraded, or removed package.
 When installing or upgrading a file that is extracted with a '.pacnew'
 extension, the original file name is used in triggering the hook.  When
--- a/doc/asciidoc.conf
+++ b/doc/asciidoc.conf
@ -1,5 +1,5 @@
 ## linkman: macro
-# Inspired by/borrowed from the GIT source tree at Documentation/asciidoc.conf
+# Inspired by/borrowed from the Git source tree at Documentation/asciidoc.conf
 #
 # Usage: linkman:command[manpage-section]
 #
@ -50,7 +50,7 @@ ifdef::backend-docbook[]
 template::[header-declarations]
 <refentry>
 <refentryinfo>
-<date>{pacman_date}</date>
+<date>{localdate}</date>
 </refentryinfo>
 <refmeta>
 <refentrytitle>{mantitle}</refentrytitle>
--- a/doc/footer.asciidoc
+++ b/doc/footer.asciidoc
@ -1,13 +1,15 @@

-See the pacman website at https://www.archlinux.org/pacman/[] for current
+See the pacman website at https://archlinux.org/pacman/[] for current
 information on pacman and its related tools.


 Bugs
 ----
 Bugs? You must be kidding; there are no bugs in this software. But if we
-happen to be wrong, send us an email with as much detail as possible to
-mailto:pacman-dev@archlinux.org[].
+happen to be wrong, please report them to the issue tracker at
+link:https://gitlab.archlinux.org/pacman/pacman/-/issues[] with specific
+information such as your command-line, the nature of the bug, and even
+the package database if it helps.


 Authors
@ -17,16 +19,18 @@ Current maintainers:

 * Allan McRae <allan@archlinux.org>
 * Andrew Gregory <andrew.gregory.8@gmail.com>
-* Dan McGee <dan@archlinux.org>
-* Dave Reisner <dreisner@archlinux.org>
+* Morgan Adamiec <morganamilo@archlinux.org>

 Past major contributors:

 * Judd Vinet <jvinet@zeroflux.org>
 * Aurelien Foret <aurelien@archlinux.org>
 * Aaron Griffin <aaron@archlinux.org>
+* Dan McGee <dan@archlinux.org>
 * Xavier Chantry <shiningxc@gmail.com>
 * Nagy Gabor <ngaba@bibl.u-szeged.hu>
+* Dave Reisner <dreisner@archlinux.org>
+* Eli Schwartz <eschwartz@archlinux.org>

 For additional contributors, use `git shortlog -s` on the pacman.git
 repository.
--- a/doc/index.asciidoc
+++ b/doc/index.asciidoc
@ -34,6 +34,8 @@ makepkg/repo-add/pacman toolchain via GnuPG and GPGME.
 Version 5.0 added support for pre/post-transaction hooks and sync database file
 list operations.

+Version 6.0 added support for parallel downloads.
+
 Documentation
 -------------

@ -51,19 +53,19 @@ configuration files dealing with pacman.
 * linkman:makepkg.conf[5]
 * linkman:pacman[8]
 * linkman:pacman-key[8]
+* linkman:pacman-conf[8]
 * linkman:pacman.conf[5]
-* linkman:pkgdelta[8]
 * linkman:repo-add[8]
 * linkman:vercmp[8]

 Changelog
 ~~~~~~~~~
 For a good idea of what is going on in pacman development, take a look at the
-link:https://git.archlinux.org/pacman.git/[Git summary page] for the
+link:https://gitlab.archlinux.org/pacman/pacman[Git summary page] for the
 project.

 See the most recent
-link:https://git.archlinux.org/pacman.git/tree/NEWS[NEWS]
+link:https://gitlab.archlinux.org/pacman/pacman/-/blob/master/NEWS[NEWS]
 file for a not-as-frequently-updated list of changes. However, this should
 contain the biggest changes in a format more concise than the commit log.

@ -77,6 +79,14 @@ Releases
 [frame="topbot",grid="none",options="header,autowidth"]
 !======
 !Version !Date
+!7.0.0  !2024-07-14
+!6.1.0  !2024-03-04
+!6.0.1  !2021-09-04
+!6.0.0  !2021-05-20
+!6.0.0alpha1 !2020-12-04
+!5.2.1  !2019-11-01
+!5.2.0  !2019-10-21
+!5.1.3  !2019-03-01
 !5.1.2  !2018-12-25
 !5.1.1  !2018-07-27
 !5.1.0  !2018-05-28
@ -103,6 +113,11 @@ Releases
 !3.4.3 !2011-01-22
 !3.4.2 !2010-12-29
 !3.4.1 !2010-09-03
+!======
+|
+[frame="topbot",grid="none",options="header,autowidth"]
+!======
+!Version !Date
 !3.4.0 !2010-06-16
 !3.3.3 !2009-11-10
 !3.3.2 !2009-10-05
@ -112,11 +127,6 @@ Releases
 !3.2.1 !2008-08-26
 !3.2.0 !2008-07-30
 !3.1.4 !2008-04-01
-!======
-|
-[frame="topbot",grid="none",options="header,autowidth"]
-!======
-!Version !Date
 !3.1.3 !2008-03-06
 !3.1.2 !2008-02-20
 !3.1.1 !2008-01-20
@ -142,16 +152,16 @@ Releases
 !2.9 !2004-09-18
 !2.8.4 !2004-08-23
 !2.8.3 !2004-08-04
-!2.8.2 !2004-07-22
-!2.8.1 !2004-07-17
-!2.8 !2004-07-03
-!2.7.9 !2004-04-30
-!2.7.8 !2004-04-29
 !======
 |
 [frame="topbot",grid="none",options="header,autowidth"]
 !======
 !Version !Date
+!2.8.2 !2004-07-22
+!2.8.1 !2004-07-17
+!2.8 !2004-07-03
+!2.7.9 !2004-04-30
+!2.7.8 !2004-04-29
 !2.7.7 !2004-04-15
 !2.7.6 !2004-04-04
 !2.7.5 !2004-03-02
@ -185,16 +195,18 @@ Releases

 |======

-Source code for all releases is available at
+Source code for releases since moving to gitlab is available at
+link:https://gitlab.archlinux.org/pacman/pacman/-/releases[].
+Source code for historical releases is available at
 link:https://sources.archlinux.org/other/pacman/[]. To install, download the newest
 available source tarball, unpack it in a directory, and run the three magic
 commands:

-	$ ./configure
-	$ make
-	# make install
+	$ meson build
+	$ ninja -C build
+	# ninja -C build install

-You may wish to read the options presented by `./configure --help` in order to
+You may wish to read the options presented by `meson` in order to
 set appropriate paths and build options that are correct for your system.

 Development
@ -215,12 +227,11 @@ these trees).

 The current development tree can be fetched with the following command:

-	git clone git://git.archlinux.org/pacman.git pacman
+	git clone https://gitlab.archlinux.org/pacman/pacman.git

 which will fetch the full development history into a directory named pacman.
 You can browse the source as well using
-link:https://git.archlinux.org/pacman.git/[cgit]. HTTP/HTTPS URLs are also
-available for cloning purposes; these URLs are listed at the above page.
+link:https://gitlab.archlinux.org/pacman/pacman/[gitlab].

 If you are interested in hacking on pacman, it is highly recommended you join
 the mailing list mentioned above, as well as take a quick glance at our
@ -232,34 +243,16 @@ you speak a foreign language, you can help by either creating or updating a
 translation file for your native language. Instructions can be found in
 link:translation-help.html[translation-help].

-Other Utilities
-~~~~~~~~~~~~~~~
-Although the package manager itself is quite simple, many scripts have been
-developed that help automate building and installing packages. These are used
-extensively in link:https://www.archlinux.org/[Arch Linux]. Most of these utilities
-are available in the Arch Linux projects
-link:https://git.archlinux.org/[code browser].
-
-Utilities available:
-
-* link:https://git.archlinux.org/dbscripts.git/[dbscripts] - scripts used by Arch Linux to manage the main package repositories
-* link:https://git.archlinux.org/devtools.git/[devtools] - tools to assist in packaging and dependency checking
-* link:https://git.archlinux.org/namcap.git/[namcap] - a package analysis utility written in python
-
 Bugs
 ----
-If you find bugs (which is quite likely), please email them to the pacman-dev
-mailing last at mailto:pacman-dev@archlinux.org[] with specific information
-such as your command-line, the nature of the bug, and even the package database
-if it helps.
-
-You can also post a bug to the Arch Linux bug tracker
-link:https://bugs.archlinux.org/index.php?project=3[Flyspray]. Be sure to file
-bugs under the Pacman project.
+If you find bugs (which is quite likely), please report them to the issue
+tracker at link:https://gitlab.archlinux.org/pacman/pacman/-/issues[] with
+specific information such as your command-line, the nature of the bug, and even
+the package database if it helps.

 Copyright
 ---------
-pacman is Copyright (C) 2006-2018 Pacman Development Team
-<pacman-dev@archlinux.org> and Copyright (C) 2002-2006 Judd Vinet
+pacman is Copyright (C) 2006-2025 Pacman Development Team
+<pacman-dev@lists.archlinux.org> and Copyright (C) 2002-2006 Judd Vinet
 <jvinet@zeroflux.org> and is licensed through the GNU General Public License,
 version 2 or later.
--- a/doc/libalpm.3.asciidoc
+++ b/doc/libalpm.3.asciidoc
@ -1,37 +0,0 @@
-libalpm(3)
-==========
-
-Name
----
-libalpm - Arch Linux Package Management (ALPM) library
-
-
-Synopsis
--------
-For ease of access, the libalpm manual has been split up into several sections.
-
-*TODO:* Yes, this man page needs a lot of work. Once we get around to doing
-good Doxygen documentation, it will improve. We promise.
-
-*alpm_databases*:: Database Functions
-*alpm_interface*:: Interface Functions
-*alpm_list*::      List Functions
-*alpm_log*::       Logging Functions
-*alpm_misc*::      Miscellaneous Functions
-*alpm_packages*::  Package Functions
-*alpm_sync*::      Sync Functions
-*alpm_trans*::     Transaction Functions
-
-
-Configuration
-------------
-See linkman:pacman.conf[5] for more details on configuring libalpm using the
-'pacman.conf' file.
-
-
-See Also
--------
-linkman:alpm-hooks[5], linkman:makepkg[8], linkman:pacman[8],
-linkman:pacman.conf[5]
-
-include::footer.asciidoc[]
--- a/doc/makepkg-template.1.asciidoc
+++ b/doc/makepkg-template.1.asciidoc
@ -85,7 +85,7 @@ Example PKGBUILD
 	license=('PerlArtistic' 'GPL')
 	depends=('perl')
 	source=("http://search.cpan.org/CPAN/authors/id/S/SH/SHERZODR/Config-Simple-${pkgver}.tar.gz")
-	md5sums=('f014aec54f0a1e2e880d317180fce502')
+	sha256sums=('dd9995706f0f9384a15ccffe116c3b6e22f42ba2e58d8f24ed03c4a0e386edb4')
 	_distname="Config-Simple"

 	# template start; name=perl-module; version=1.0;
--- a/doc/makepkg.8.asciidoc
+++ b/doc/makepkg.8.asciidoc
@ -75,7 +75,7 @@ Options
 	For each source file in the source array of PKGBUILD, download the file
 	if required and generate integrity checks. The integrity checks generated
 	are determined by the checks present in the PKGBUILD, falling back to the
-	value of the INTEGRITY_CHECK array in makepkg.conf(5) if these are absent
+	value of the INTEGRITY_CHECK array in makepkg.conf(5) if these are absent.
 	This output can be redirected into your PKGBUILD for source validation
 	using "`makepkg -g >> PKGBUILD`".

@ -144,7 +144,11 @@ Options
 	Display version information.

 *-C, \--cleanbuild*::
-	Remove the $srcdir before building the package.
+	Clean build artifacts from previous runs of makepkg in the current
+	directory by removing $srcdir before building the package.
+
+*-D* <dir>, *\--dir* <dir> ::
+	Change to directory <dir> before reading the PKGBUILD or doing anything else.
 	
 *\--allsource*::
 	Do not actually build the package, but build a source-only tarball that
@ -168,6 +172,9 @@ Options
 *\--noprepare*::
 	Do not run the prepare() function in the PKGBUILD.

+*\--noverify*::
+	Do not run the verify() function in the PKGBUILD.
+
 *\--sign*::
 	Sign the resulting package with gpg, overriding the setting in
 	linkman:makepkg.conf[5].
@ -227,6 +234,9 @@ before building.

 Environment Variables
 ---------------------
+**MAKEPKG_LIBRARY**="/path/to/directory"::
+	Use an alternative libmakepkg path instead of the {libmakepkgdir} default.
+
 **PACMAN**::
 	The command that will be used to check for missing dependencies and to
 	install and remove packages. Pacman's '-Qq', '-Rns', '-S', '-T', and '-U'
@ -237,6 +247,11 @@ Environment Variables
 	Use an alternate config file instead of the +{sysconfdir}/makepkg.conf+
 	default.

+**MAKEPKG_GIT_CONFIG=**"/path/to/file"::
+	Use an alternate config file for Git instead of the
+	+{sysconfdir}/makepkg.d/gitconfig+ default. makepkg always prevents Git
+	from loading any other config files.
+
 **PKGDEST=**"/path/to/directory"::
 	Directory where the resulting packages will be stored. Overrides the
 	corresponding value defined in linkman:makepkg.conf[5].
@ -274,11 +289,25 @@ Environment Variables

 **GPGKEY=**"keyid"::
 	Specify a key to use when signing packages, overriding the GPGKEY setting
-	in linkman:makepkg.conf[5]
+	in linkman:makepkg.conf[5].

 **SOURCE_DATE_EPOCH=**"<date>"::
 	Used for link:https://reproducible-builds.org/docs/[Reproducible Builds].

+**BUILDTOOL=**"<name>"::
+	The name of a tool ecosystem used to set up the build environment. Used for
+	defining a spec for reproducible builds, e.g. the linkman:makepkg.conf[5]
+	used.
+
+**BUILDTOOLVER=**"<version>"::
+	The version of the '$BUILDTOOL' used.
+
+**MAKEPKG_LINT_PKGBUILD=**0::
+	Setting to 0 disables PKGBUILD linting within makepkg. Useful on systems
+	with slow bash subshell operations, or on PKGBUILDs with extreme amounts of
+	package splitting.
+
+
 Configuration
 -------------
 See linkman:makepkg.conf[5] for more details on configuring makepkg using the
@ -299,7 +328,7 @@ On exit, makepkg will return one of the following error codes.
 	Error in configuration file.

 3::
-	User specified an invalid option
+	User specified an invalid option.

 4::
 	Error in user-supplied function in PKGBUILD.
@ -340,7 +369,11 @@ On exit, makepkg will return one of the following error codes.
 	Programs necessary to run makepkg are missing.

 16::
-	Specified GPG key does not exist.
+	Specified GPG key does not exist or failed to sign package.
+
+17::
+	The local repository is not a clone of the source repository
+	specified in PKGBUILD.

 See Also
 --------
--- a/doc/makepkg.conf.5.asciidoc
+++ b/doc/makepkg.conf.5.asciidoc
@ -23,6 +23,9 @@ NOTE: This does not guarantee that all package Makefiles will use your exported
 variables. Some of them are non-standard.

 The system-wide configuration file is found in {sysconfdir}/makepkg.conf.
+Specific additions (e.g. build flags for additional languages) can be placed
+in {sysconfdir}/makepkg.conf.d/*.conf.
+
 Individual options can be overridden (or added to) on a per-user basis in
 $XDG_CONFIG_HOME/pacman/makepkg.conf or ~/.makepkg.conf, with the former
 taking priority.
@ -59,6 +62,11 @@ Options
 	A string such as ``i686-pc-linux-gnu''; do not touch this unless you know what
 	you are doing. This can be commented out by most users if desired.

+**NPROC=**""::
+	Sets the number of processors to use for parallel jobs in makepkg.
+	Note: this does not affect parallelization of tasks during ``build()`` and
+	related functions.
+
 **CPPFLAGS=**"cppflags"::
 	Flags used for the C preprocessor; see CFLAGS for more information.

@ -77,6 +85,11 @@ Options
 	usage resembling ``-Wl,--hash-style=gnu''. Read ld(1) for more details on
 	available linker flags.

+**LTOFLAGS=**"ltoflags"::
+	Additional compiler and linker flags appended to `CFLAGS`, `CXXFLAGS`
+	and `LDFLAGS` when building with link time optimization. If empty,
+	``-flto'' is used.
+
 **MAKEFLAGS=**"makeflags"::
 	This is often used to set the number of jobs used; for example, `-j2`.
 	Other flags that make accepts can also be passed.
@ -117,7 +130,7 @@ Options

 	*sign*;;
 		Generate a PGP signature file using GnuPG. This will execute 'gpg
-		\--detach-sign \--use-agent' on the built package to generate a detached
+		\--detach-sign' on the built package to generate a detached
 		signature file, using the GPG agent, if it is available. The signature
 		file will be the entire file name of the package with a ``.sig''
 		extension.
@ -138,7 +151,7 @@ Options
 	Specify a key to use for GPG signing instead of the default key in the
 	keyring. Can be overridden with makepkg's '\--key' option.

-**OPTIONS=(**!strip docs libtool staticlibs emptydirs !zipman !purge !debug**)**::
+**OPTIONS=(**!strip docs libtool staticlibs emptydirs ...**)**::
 	This array contains options that affect default packaging. They are
 	equivalent to options that can be placed in the PKGBUILD; the defaults are
 	shown here. All options should always be left in the array; to enable or
@ -180,10 +193,20 @@ Options
 		DEBUG_CXXFLAGS to their counterpart buildflags. Creates a separate
 		package containing the debug symbols when used with `strip'.

+	*lto*;;
+		Enable building packages using link time optimization. Adds the
+		flags specified in LTOFLAGS to CFLAGS, CXXFLAGS and LDFLAGS (or
+		``-flto'' if LTOFLAGS is empty).
+
+	*autodeps*;;
+		Enable the automatic addition of libraries to the depends and
+		provides arrays. Search library directories are controlled by
+		the LIB_DIRS variable defined below.
+
 **INTEGRITY_CHECK=(**check1 ...**)**::
 	File integrity checks to use. Multiple checks may be specified; this
 	affects both generation and checking. The current valid options are:
-	`md5`, `sha1`, `sha224`, `sha256`, `sha384`, `sha512`, and `b2`.
+	`ck`, `md5`, `sha1`, `sha224`, `sha256`, `sha384`, `sha512`, and `b2`.

 **STRIP_BINARIES=**"--strip-all"::
 	Options to be used when stripping binaries. See linkman:strip[1]
@ -210,6 +233,12 @@ Options
 	that are located in opt/, you may need to add the directory to this
 	array. *NOTE:* Do not add the leading slash to the directory name.

+**LIB_DIRS=(**lib:usr/lib ...**)**::
+	If `autodeps` is specified in the `OPTIONS` array, this variable will
+	instruct makepkg where to look to find libraries to add to the `provides`
+	array. The format is "prefix:path", where provides will be added for
+	libraries found in "path" with the specified prefix added.
+
 **PURGE_TARGETS=(**usr/{,share}/info/dir .podlist *.pod...**)**::
 	If `purge` is specified in the `OPTIONS` array, this variable will
 	instruct makepkg which files to remove from the package. This is
@ -244,6 +273,7 @@ Options

 **PACKAGER=**"John Doe <john@example.com>"::
 	This value is used when querying a package to see who was the builder.
+	The given format is required for PGP key lookup through WKD.
 	It is recommended to change this to your name and email address.

 **COMPRESSGZ=**"(gzip -c -f -n)"::
@ -258,11 +288,21 @@ Options
 	Sets the command and options used when compressing compiled or source
 	packages in the named format.

-**PKGEXT=**".pkg.tar.gz", **SRCEXT=**".src.tar.gz"::
+**PKGEXT=**"{pkgext}", **SRCEXT=**"{srcext}"::
 	Sets the compression used when making compiled or source packages.
-	Valid suffixes are `.tar`, `.tar.gz`, `.tar.bz2`, `.tar.xz`, `.tar.zst`,
-	`.tar.lzo`, `.tar.lrz`, `.tar.lz4`, `.tar.lz` and `.tar.Z`.
-	Do not touch these unless you know what you are doing.
+	Valid suffixes are `.pkg` or `.src` (for PKGEXT and SRCEXT respectively)
+	followed by one of `.tar.gz`, `.tar.bz2`, `.tar.xz`, `.tar.zst`, `.tar.lzo`,
+	`.tar.lrz`, `.tar.lz4`, `.tar.lz` and `.tar.Z`, or simply `.tar` to
+	disable compression entirely.
+
+**PACMAN_AUTH=()**::
+	Specify a command prefix for running pacman as root. If unset, makepkg will
+	check for the presence of sudo(8) and su(1) in turn, and try the first one
+	it finds.
+	+
+	If present, `%c` will be replaced with the shell-quoted form of the command
+	to run. Otherwise, the command to run is appended to the auth command.
+


 See Also
--- a/doc/meson.build
+++ b/doc/meson.build
@ -5,12 +5,12 @@ manpages = [
  { 'name': 'makepkg-template.1' },
  { 'name': 'repo-add.8' },
  { 'name': 'vercmp.8' },
-  { 'name': 'pkgdelta.8' },
+  { 'name': 'testpkg.8' },
  { 'name': 'pacman-key.8' },
+  { 'name': 'pacman-db-upgrade.8' },
  { 'name': 'PKGBUILD.5', 'extra_depends' : [ 'PKGBUILD-example.txt' ] },
  { 'name': 'makepkg.conf.5' },
  { 'name': 'pacman.conf.5' },
-  { 'name': 'libalpm.3' },
  { 'name': 'BUILDINFO.5' },
  { 'name': 'pacman-conf.8' },
 ]
@ -27,12 +27,15 @@ asciidoc_conf = join_paths(meson.current_source_dir(), 'asciidoc.conf')
 asciidoc_opts = [
 '-f', asciidoc_conf,
 '-a', 'pacman_version="@0@"'.format(PACKAGE_VERSION),
- '-a', 'pacman_date=@0@'.format(run_command('date', '+%Y-%m-%d').stdout().strip()),
+ '-a', 'srcext=@0@'.format(get_option('src-ext')),
+ '-a', 'pkgext=@0@'.format(get_option('pkg-ext')),
 '-a', 'pkgdatadir=@0@'.format(PKGDATADIR),
+ '-a', 'keyringdir=@0@'.format(KEYRINGDIR),
 '-a', 'localstatedir=@0@'.format(LOCALSTATEDIR),
 '-a', 'sysconfdir=@0@'.format(SYSCONFDIR),
 '-a', 'datarootdir=@0@'.format(DATAROOTDIR),
 '-a', 'rootdir=@0@'.format(ROOTDIR),
+ '-a', 'libmakepkgdir=@0@'.format(LIBMAKEPKGDIR),
 ]

 html_targets = []
@ -128,9 +131,14 @@ meson.add_install_script(MESON_MAKE_SYMLINK,
                         'repo-add.8',
                         join_paths(MANDIR, 'man8/repo-remove.8'))

+meson.add_install_script(MESON_MAKE_SYMLINK,
+                         'alpm-hooks.5',
+                         join_paths(MANDIR, 'man5/pacman-hooks.5'))
+
 doxygen = find_program('doxygen', required : get_option('doxygen'))
 if doxygen.found() and not get_option('doxygen').disabled()
  doxyconf = configuration_data()
+  doxyconf.set('INPUT_DIRECTORY', meson.current_source_dir())
  doxyconf.set('OUTPUT_DIRECTORY', meson.current_build_dir())
  doxyfile = configure_file(
    input : 'Doxyfile.in',
--- a/doc/pacman-conf.8.asciidoc
+++ b/doc/pacman-conf.8.asciidoc
@ -34,7 +34,7 @@ Options
 *-R, \--rootdir* <path>::
 	Specify an alternate installation root (default is `/`).

-*-r, \--repo* <remote>::
+*-r, \--repo* <repository>::
 	Query options for a specific repository.

 *-v, \--verbose*::
--- a/doc/pacman-db-upgrade.8.asciidoc
+++ b/doc/pacman-db-upgrade.8.asciidoc
@ -0,0 +1,36 @@
+pacman-db-upgrade(8)
+====================
+
+Name
+----
+pacman-db-upgrade - upgrade the local pacman database to a newer format
+
+Synopsis
+--------
+'pacman-db-upgrade' [options]
+
+Description
+-----------
+'pacman-db-upgrade' is a script that upgrades the local database used
+by linkman:pacman[8] to a newer format.
+
+Options
+--------------
+*-h, \--help*::
+Show the built-in help message and exit.
+*-V, \--version*::
+Show version information and exit.
+*-d, \--dbpath* <path>::
+Set an alternate database location.
+*-r, \--root* <path>::
+Set an alternate installation root.
+*\--config* <path>::
+Set an alternate configuration file.
+*\--nocolor*::
+Remove color from output.
+
+See Also
+--------
+linkman:pacman[8]
+
+include::footer.asciidoc[]
--- a/doc/pacman-key.8.asciidoc
+++ b/doc/pacman-key.8.asciidoc
@ -86,7 +86,7 @@ Operations

 *\--populate*::
 	Reload the default keys from the (optionally provided) keyrings in
-	+{pkgdatadir}/keyrings+. For more information, see
+	+{keyringdir}+. For more information, see
 	<<PK,Providing a Keyring for Import>> below.

 *-u, \--updatedb*::
@ -129,7 +129,7 @@ A distribution or other repository provided may want to provide a set of
 PGP keys used in the signing of its packages and repository databases that can
 be readily imported into the pacman keyring. This is achieved by providing a
 PGP keyring file `foo.gpg` that contains the keys for the foo keyring in the
-directory +{pkgdatadir}/keyrings+.
+directory +{keyringdir}+.

 Optionally, the file `foo-trusted` can be provided containing a list of trusted
 key IDs for that keyring. This is a file in a format compatible with 'gpg
--- a/doc/pacman.8.asciidoc
+++ b/doc/pacman.8.asciidoc
@ -141,7 +141,7 @@ Options
 	guest system. See '\--sysroot' instead.

 *-v, \--verbose*::
-	Output paths such as as the Root, Conf File, DB Path, Cache Dirs, etc.
+	Output paths such as the Root, Conf File, DB Path, Cache Dirs, etc.

 *\--arch* <arch>::
 	Specify an alternate architecture.
@ -151,7 +151,8 @@ Options
 	+{localstatedir}/cache/pacman/pkg+). Multiple cache directories can be
 	specified, and they are tried in the order they are passed to pacman.
 	*NOTE*: This is an absolute path, and the root path is not automatically
-	prepended.
+	prepended. If DownloadUser is set in linkman:pacman.conf[5], then the
+	specified user must have permission to access the cache directory.

 *\--color* <when>::
 	Specify when to enable coloring. Valid options are 'always', 'never', or
@ -195,12 +196,15 @@ Options
 	Disable defaults for low speed limit and timeout on downloads. Use this
 	if you have issues downloading files with proxy and/or security gateway.

-*\--sysroot* <dir>::
-	Specify an alternative system root.  Pacman will chroot and chdir into the
-	system root prior to running. This allows mounted guest systems to be
-	properly operated on. Any other paths given will be interpreted as relative
-	to the system root. Requires root privileges.
+*\--sysroot* <dir>:: Specify an alternative system root.  This path will be
+	prepended to all other configuration directories and any repository servers
+	beginning with `file://`.  Any paths or URLs passed as targets will not be
+	modified.  This allows mounted guest systems to be properly operated on.

+*\--disable-sandbox*::
+	Disable the default sandbox applied to the process downloading files on Linux
+	systems. Useful if experiencing landlock related failures while downloading
+	files when running a Linux kernel that does not support this feature.

 Transaction Options (apply to '-S', '-R' and '-U')
 --------------------------------------------------
@ -212,7 +216,7 @@ Transaction Options (apply to '-S', '-R' and '-U')

 *\--assume-installed* <package=version>::
 	Add a virtual package "package" with version "version" to the transaction
-	to satisfy dependencies. This allows to disable specific dependency checks
+	to satisfy dependencies. This allows disabling the specific dependency checks
 	without affecting all dependency checks. To disable all dependency
 	checking, see the '\--nodeps' option.

@ -235,12 +239,22 @@ Transaction Options (apply to '-S', '-R' and '-U')

 *\--print-format* <format>::
 	Specify a printf-like format to control the output of the '\--print'
-	operation. The possible attributes are: "%n" for pkgname, "%v" for pkgver,
-	"%l" for location, "%r" for repository, and "%s" for size. Implies '\--print'.
+	operation. The possible attributes are: "%a" for arch, "%b" for
+	builddate, "%d" for description, "%e" for pkgbase, "%f" for filename,
+	"%g" for base64 encoded PGP signature, "%h" for sha256sum, "%m" for
+	md5sum, "%n" for pkgname, "%p" for packager, "%v" for pkgver, "%l" for
+	location, "%r" for repository, "%s" for size, "%C" for checkdepends,
+	"%D" for depends, "%G" for groups, "%H" for conflicts, "%L" for
+	licenses, "%M" for makedepends, "%O" for optional depends, "%P" for
+	provides and "%R" for replaces.
+	Implies '\--print'.


 Upgrade Options (apply to '-S' and '-U')[[UO]]
 ----------------------------------------------
+*-w, \--downloadonly*::
+	Retrieve all packages from the server, but do not install/upgrade anything.
+
 *\--asdeps*::
 	Install packages non-explicitly; in other words, fake their install reason
 	to be installed as a dependency. This is useful for makepkg and other
@ -445,15 +459,12 @@ can be useful when the user switches from a testing repository to a stable one.
 Additional targets can also be specified manually, so that '-Su foo' will do a
 system upgrade and install/upgrade the "foo" package in the same operation.

-*-w, \--downloadonly*::
-	Retrieve all packages from the server, but do not install/upgrade anything.
-
 *-y, \--refresh*::
-	Download a fresh copy of the master package database from the server(s)
-	defined in linkman:pacman.conf[5]. This should typically be used each time
-	you use	'\--sysupgrade' or '-u'. Passing two '\--refresh' or '-y' flags
-	will force a refresh of all package databases, even if they appear to be
-	up-to-date.
+	Download a fresh copy of the master package databases '(repo.db)' from the
+	server(s) defined in linkman:pacman.conf[5]. This should typically be used
+	each time you use '\--sysupgrade' or '-u'. Passing two '\--refresh' or '-y'
+	flags will force a refresh of all package databases, even if they appear to
+	be up-to-date.


 Database Options (apply to '-D')[[QO]]
@ -464,7 +475,7 @@ Database Options (apply to '-D')[[QO]]

 *\--asexplicit* <package>::
 	Mark a package as explicitly installed; in other words, set their install
-	reason to be explicitly installed. This is useful it you want to keep a
+	reason to be explicitly installed. This is useful if you want to keep a
 	package installed even when it was initially installed as a dependency
 	of another package.

@ -482,20 +493,14 @@ Database Options (apply to '-D')[[QO]]
 File Options (apply to '-F')[[FO]]
 ----------------------------------
 *-y, --refresh*::
-	Download fresh package databases from the server. Use twice to force a
-	refresh even if databases are up to date.
+	Download fresh package file databases '(repo.files)' from the server.
+	Use twice to force a refresh even if databases are up to date.

 *-l, \--list*::
 	List the files owned by the queried package.

-*-s, \--search*::
-	Search package file names for matching strings.
-
 *-x, --regex*::
-	Treat arguments to '--search' as regular expressions.
-
-*-o, \--owns*::
-	Search for packages that own a particular file.
+	Interpret each query as a regular expression.

 *-q, \--quiet*::
 	Show less information for certain file operations. This is useful when
@ -503,9 +508,9 @@ File Options (apply to '-F')[[FO]]
 	'--machinereadable' instead.

 *--machinereadable*::
-	Use a machine readable output format for '--list', '--search' and
-	'--owns'. The format is 'repository\0pkgname\0pkgver\0path\n' with '\0'
-	being the NULL character and '\n' a linefeed.
+	Print each match in a machine readable output format. The format is
+	'repository\0pkgname\0pkgver\0path\n' with '\0' being the NULL character
+	and '\n' a linefeed.

 Handling Config Files[[HCF]]
 ----------------------------
--- a/doc/pacman.conf.5.asciidoc
+++ b/doc/pacman.conf.5.asciidoc
@ -113,15 +113,15 @@ Options
 	general configuration options. Wildcards in the specified paths will get
 	expanded based on linkman:glob[7] rules.

-*Architecture =* auto | i686 | x86_64 | ...::
-	If set, pacman will only allow installation of packages of the given
-	architecture (e.g. 'i686', 'x86_64', etc). The special value 'auto' will
+*Architecture =* auto &| i686 &| x86_64 | ...::
+	If set, pacman will only allow installation of packages with the given
+	architectures (e.g. 'i686', 'x86_64', etc). The special value 'auto' will
 	use the system architecture, provided via ``uname -m''. If unset, no
 	architecture checks are made. *NOTE*: Packages with the special
 	architecture 'any' can always be installed, as they are meant to be
 	architecture independent.

-*XferCommand =* /path/to/command %u::
+*XferCommand =* /path/to/command %u [%o]::
 	If set, an external program will be used to download all remote files.
 	All instances of `%u` will be replaced with the download URL. If present,
 	instances of `%o` will be replaced with the local filename, plus a
@ -186,20 +186,9 @@ Options
 *Color*::
 	Automatically enable colors only when pacman's output is on a tty.

-*UseDelta* [= ratio]::
-	Download delta files instead of complete packages if possible. Requires
-	the `xdelta3` program to be installed. If a ratio is specified (e.g.,
-	`0.5`), then it is used as a cutoff for determining whether to use deltas.
-	Allowed values are between `0.0` and `2.0`; sensible values are between
-	`0.2` and `0.9`.  Using a value above `1.0` is not recommended.  The
-	default is `0.7` if left unspecified.
-
-*TotalDownload*::
-	When downloading, display the amount downloaded, download rate, ETA,
-	and completed percentage of the entire download list rather
-	than the percent of each individual download target. The progress
-	bar is still based solely on the current file download.
-	This option won't work if XferCommand is used.
+*NoProgressBar*::
+	Disables progress bars. This is useful for terminals which do
+	not support escape characters.

 *CheckSpace*::
 	Performs an approximate check for adequate available disk space before
@ -213,6 +202,19 @@ Options
 	Disable defaults for low speed limit and timeout on downloads. Use this
 	if you have issues downloading files with proxy and/or security gateway.

+*ParallelDownloads =* ...::
+	Specifies number of concurrent download streams. The value needs to be a
+	positive integer. If this config option is not set then only one download
+	stream is used (i.e. downloads happen sequentially).
+
+*DownloadUser =* username::
+	Specifies the user to switch to for downloading files. If this config
+	option is not set then the downloads are done as the user running pacman.
+
+*DisableSandbox*::
+	Disable the default sandbox applied to the process downloading files on Linux
+	systems. Useful if experiencing landlock related failures while downloading
+	files when running a Linux kernel that does not support this feature.

 Repository Sections
 -------------------
@ -233,7 +235,7 @@ contain a file that lists the servers for that repository.
 # use this server first
 Server = ftp://ftp.archlinux.org/$repo/os/$arch
 # next use servers as defined in the mirrorlist below
-Include = {sysconfdir}/pacman.d/mirrorlist
+Include = /etc/pacman.d/mirrorlist
 --------

 The order of repositories in the configuration files matters; repositories
@ -246,6 +248,12 @@ number.
 	general configuration options. Wildcards in the specified paths will get
 	expanded based on linkman:glob[7] rules.

+*CacheServer =* url::
+	A full URL to a location where the packages, and signatures (if
+	available) for this repository can be found.  Cache servers will be tried
+	before any non-cache servers, will not be removed from the server pool for
+	404 download errors, and will not be used for database files.
+
 *Server =* url::
 	A full URL to a location where the database, packages, and signatures (if
 	available) for this repository can be found.
@ -253,8 +261,8 @@ number.
 During parsing, pacman will define the `$repo` variable to the name of the
 current section. This is often utilized in files specified using the 'Include'
 directive so all repositories can use the same mirrorfile. pacman also defines
-the `$arch` variable to the value of `Architecture`, so the same mirrorfile can
-even be used for different architectures.
+the `$arch` variable to the first (or only) value of the `Architecture` option,
+so the same mirrorfile can even be used for different architectures.

 *SigLevel =* ...::
 	Set the signature verification level for this repository. For more
--- a/doc/pkgdelta.8.asciidoc
+++ b/doc/pkgdelta.8.asciidoc
@ -1,53 +0,0 @@
-pkgdelta(8)
-=========
-
-Name
----
-pkgdelta - package delta generation utility
-
-
-Synopsis
--------
-'pkgdelta' [options] <package1> <package2>
-
-
-Description
-----------
-'pkgdelta' is used to create package delta files between two versions of the
-same package. These files are essentially binary patches. linkman:pacman[8] can
-download deltas instead of full package upgrades, and use them with the
-previous versions of packages (in the package cache) to synthesize the upgraded
-version of the packages. This likely reduces download sizes for upgrades
-significantly.
-
-'pkgdelta' requires linkman:xdelta3[1] to do its job.
-
-
-Options
-------
-*--max-delta-size <ratio>*::
-	Only create delta files if the delta is smaller than ratio * package_size.
-	Possible values: 0.0 to 2.0.
-	Recommended values: 0.2 to 0.9.
-	Default value: 0.7
-
-*--min-pkg-size <size>*::
-	Minimal size of the package file in bytes to be considered for delta creation.
-	Default value: 1048576 bytes = 1 MiB. This may be any absolute size in bytes or
-	a human-readable value such as `4MiB` or `3.5MB`.
-
-*-q, \--quiet*::
-	Be quiet. Do not output anything but warnings and errors.
-
-
-Examples
--------
-
-  $ pkgdelta libreoffice-3.3.2-1-x86_64.pkg.tar.xz libreoffice-3.3.2-2-x86_64.pkg.tar.xz
-
-
-See Also
--------
-linkman:pacman[8], linkman:xdelta3[1]
-
-include::footer.asciidoc[]
--- a/doc/repo-add.8.asciidoc
+++ b/doc/repo-add.8.asciidoc
@ -8,32 +8,31 @@ repo-add - package database maintenance utility

 Synopsis
 --------
-'repo-add' [options] <path-to-db> <package|delta> [<package|delta> ...]
+'repo-add' [options] <path-to-db> <package> [<package> ...]

-'repo-remove' [options] <path-to-db> <packagename|delta> [<packagename|delta> ...]
+'repo-remove' [options] <path-to-db> <packagename> [<packagename> ...]


 Description
 -----------
 'repo-add' and 'repo-remove' are two scripts to help build a package database for
 packages built with linkman:makepkg[8] and installed with linkman:pacman[8].
-They also handle package deltas produced by linkman:pkgdelta[8].

-'repo-add' will update a package database by reading a built package or package
-delta file. Multiple packages and/or deltas to add can be specified on the
-command line.
+'repo-add' will update a package database by reading a built package file.
+Multiple packages to add can be specified on the command line.

 If a matching ``.sig'' file is found alongside a package file, the signature
 will automatically be embedded into the database.

-'repo-remove' will update a package database by removing the package name or
-delta specified on the command line. Multiple packages and/or delta to remove
-can be specified on the command line.
+'repo-remove' will update a package database by removing the package name
+specified on the command line. Multiple packages to remove can be specified
+on the command line.

 A package database is a tar file, optionally compressed. Valid extensions are
-``.db'' followed by an archive extension of ``.tar'', ``.tar.gz'', ``.tar.bz2'',
-``.tar.xz'', or ``.tar.Z''. The file does not need to exist, but all parent
-directories must exist.
+``.db'' followed by an archive extension of ``.tar'', ``.tar.bz2'',
+``.tar.gz'', ``.tar.lrz'', ``.tar.lz'', ``.tar.lz4'', ``.tar.lzo'',
+``.tar.xz'', ``.tar.zst'' or ``.tar.Z''. The file does not need to exist, but
+all parent directories must exist.


 Common Options
@ -44,13 +43,13 @@ Common Options

 *-s, \--sign*::
 	Generate a PGP signature file using GnuPG. This will execute `gpg
-	--detach-sign --use-agent` on the generated database to generate a detached
+	--detach-sign` on the generated database to generate a detached
 	signature file, using the GPG agent if it is available. The signature file
 	will be the entire filename of the database with a ``.sig'' extension.

 *-k, \--key* <key>::
 	Specify a key to use when signing packages. Can also be specified using
-	the GPGKEY environmental variable. If not specified in either location, the
+	the GPGKEY environment variable. If not specified in either location, the
 	default key from the keyring will be used.

 *-v, \--verify*::
@ -61,21 +60,23 @@ Common Options
 *\--nocolor*::
 	Remove color from 'repo-add' and 'repo-remove' output.

+*-R, \--remove*::
+	Remove old package files from the disk when updating or removing their
+	entry in the database.
+
+*-w, \--wait-for-lock*::
+	Wait for the lock file to be acquired. If unset, command will fail with
+	exit code 2 if acquiring the lock fails. If set, it will retry to acquire
+	lock until success.

 repo-add Options
 ----------------
-*-d, \--delta*::
-	Automatically generate and add a delta file between the old entry and the
-	new one, if the old package file is found next to the new one.
-
 *-n, \--new*::
 	Only add packages that are not already in the database.  Warnings will be
 	printed upon detection of existing packages, but they will not be re-added.

-*-R, \--remove*::
-	Remove old package files from the disk when updating their entry in the
-	database.
-
+*\--include-sigs*::
+	Include package PGP signatures in the repository database (if available)

 Example
 -------
@ -89,6 +90,6 @@ db.tar* extension), there is currently no additional benefit for the larger down

 See Also
 --------
-linkman:makepkg[8], linkman:pacman[8], linkman:pkgdelta[8]
+linkman:makepkg[8], linkman:pacman[8]

 include::footer.asciidoc[]
--- a/doc/submitting-patches.asciidoc
+++ b/doc/submitting-patches.asciidoc
@ -11,16 +11,31 @@ NOTE: Some of this is paraphrased from the kernel documentation's

 Getting the most recent source
 ------------------------------
-Patches need to be submitted in GIT format and are best if they are against the
+Patches need to be submitted in Git format and are best if they are against the
 latest version of the code. There are several helpful tutorials for getting
-started with GIT if you have not worked with it before.
+started with Git if you have not worked with it before.

 * https://www.kernel.org/pub/software/scm/git/docs/gittutorial.html
 * https://wiki.archlinux.org/index.php/Super_Quick_Git_Guide

 The pacman code can be fetched using the following command:

-	git clone git://git.archlinux.org/pacman.git
+	git clone https://gitlab.archlinux.org/pacman/pacman.git
+
+
+Before making large changes
+---------------------------
+
+--
+* Discuss your idea
+
+There is nothing worse that spending time making a change only for it to be
+rejected immediately.  Ensure ideas are discussed beforehand to avoid
+disappointment.  Appropriate locations for discussion are the issue tracker
+on gitlab, or the pacman-dev mailing list.  Transient discussion channels
+such as IRC are not appropriate.
+
+--


 Creating your patch
@ -43,36 +58,18 @@ It helps if you describe the overview and goals of the patch in the git commit
 log.  This allows others to see what you intended so as to compare it to what
 was actually done, and allows better feedback.

-* Use `git format-patch` to create patches.
-
-Your commit message will be shown above the patch by default when you will use
-`git format-patch`, including the signoff line.  Sets of multiple patches that
-need extra explanation beyond the commit messages may include additional notes
-in a cover letter.  Individual patches may include additional notes between the
-"---" following the commit message and the beginning of the diff.
-
 --

 Submitting your patch
 ---------------------

 --
-* Send the patch to the pacman-dev mailing list
+* Submit patches with a gitlab merge request

-The mailing list is the primary queue for review and acceptance.  Here you
-will get feedback, and let the reviewers know the details of your patch.
+The pacman gitlab instance is the primary queue for review and acceptance.
+Here you will get feedback, and let the reviewers know the details of your
+patch.

-* No MIME, no links, no compression, no attachments.  Just plain text.
-
-Patches should be contained in the actual body of the email.  There are many
-reasons for this.  First, it makes them easier to read with any mail reader,
-it allows easier review "at a glance", and most importantly, it allows people
-to comment on exact lines of the patch in reply emails.
-
-`git send-email` allows you to send Git-formatted patches in plain text easily
-and is the preferred method for submission to the mailing list.  Mail clients,
-including Gmail's web interface, have a tendency to break patches by wrapping
-lines and/or adjusting whitespace and should be avoided.

 --

@ -95,7 +92,6 @@ When you do get feedback, it usually merits a response, whether this be a
 resubmission of the patch with corrections or a follow-up email asking for
 clarifications. When neither of these occurs, don't expect your patch to get
 further review. The all-volunteer staff don't have time to fix up patches that
-aren't their own.  When resubmitting patches, update the subject line to reflect
-the version number ('[PATCHv2]'), and send it as a reply to the original thread.
+aren't their own.

 --
--- a/doc/testpkg.8.asciidoc
+++ b/doc/testpkg.8.asciidoc
@ -0,0 +1,20 @@
+testpkg(8)
+==========
+
+Name
+----
+testpkg - test a pacman package for validity
+
+Synopsis
+--------
+'testpkg' <package file>
+
+Description
+-----------
+'testpkg' is a script used to make sure that a pacman package is valid.
+
+See Also
+--------
+linkman:pacman[8]
+
+include::footer.asciidoc[]
--- a/doc/translation-help.asciidoc
+++ b/doc/translation-help.asciidoc
@ -4,10 +4,10 @@ Pacman - Translating
 This document is here to guide you in helping translate pacman messages,
 libalpm messages, and the manual pages for the entire pacman package.

-We are currently using https://www.transifex.com/[Transifex] as the translation
+We are currently using https://app.transifex.com/[Transifex] as the translation
 platform for pacman and libalpm. You will need to sign up for an account there
 and then register with a translation team on the
-https://www.transifex.com/projects/p/archlinux-pacman/[pacman project page].
+https://explore.transifex.com/toofishes/archlinux-pacman/[pacman project page].

 NOTE: This may be old information due to our switch to Transifex, but the
 gettext website is a very useful guide to read before embarking on translation
@ -31,7 +31,7 @@ either be hand-edited, or modified with a tool such as poedit, gtranslator or
 kbabel. Using a translation tool tends to make the job easier.

 Please read up on Transifex usage using the
-https://docs.transifex.com/[Transifex Help] if you are not familiar.
+https://help.transifex.com/[Transifex Help] if you are not familiar.

 Transifex provides a command-line client to help with translations.  Here is
 an example set of commands if you have a source code checkout and are not
@ -55,20 +55,20 @@ Pre-release Updates
 ~~~~~~~~~~~~~~~~~~~

 A week or two before each release, the codebase will go into a string freeze
-and an email will be sent to the mailto:pacman-dev@archlinux.org[pacman-dev]
-mailing list asking for translations. This email will have a prefix of
-*[translation]* for anyone looking to set up an email filter.
+and an email will be sent to the mailto:pacman-dev@lists.archlinux.org[pacman-dev]
+mailing list asking for translations. An announcement in Transifex is also made,
+which reaches everyone that is member of the translation team.

 At this time, the latest `.po` language files will be made available at the
-Transifex project page.  Each language will have two files available (back-end
-and front-end). Translators interested in helping are encouraged to use the
+Transifex project page.  Each language will have three files available (libalpm,
+pacman and pacman-scripts). Translators interested in helping are encouraged to use the
 features of Transifex to let others know they are currently translating their
 language.

-Once a translator has completed the translation (*OR* realizes they do not have
+Once a translator has completed the translation offline (*OR* realizes they do not have
 time to finish), please upload your progress back to the Transifex site.

-NOTE: Please upload your translations as soon as possible- this will give other
+NOTE: Please upload your translations as soon as possible - this will give other
 speakers of your language time to review your translations and update them as
 necessary.

@ -78,23 +78,27 @@ Incremental Updates
 If you have more advanced needs you will have to get a copy of the pacman
 repository.

-	git clone git://git.archlinux.org/pacman.git pacman
+	git clone https://gitlab.archlinux.org/pacman/pacman.git

-Next, you will need to run `./autogen.sh` and `./configure` in the base
-directory to generate the correct Makefiles. At this point, all necessary
-make targets will be generated and we can begin updating the translation
-files.
+Next, you will need to configure the build environment. From the base directory,
+run:

-We need to first update the main message catalog file. Navigate into either the
-`lib/libalpm/po` or `po` directory depending on which translation you wish to
-work on first, and execute the following command.  If you are working in the
-`po/` tree, replace 'libalpm.pot' with 'pacman.pot':
+	meson setup . build

-	make libalpm.pot-update
+If any required dependencies are missing, please install. After that,
+update the template translation (.pot) files to the latest state of
+the source code by running:
 	
-Next, update your specific language's translation file:
+	meson compile -C build pacman-scripts-pot pacman-pot libalpm-pot
 	
-	make <po file>-update
+We need to first update the main message catalog file. Navigate into either
+the `lib/libalpm/po`, `scripts/po` or `src/pacman/po` directory depending
+on which translation you wish to work on first, and execute the following
+command to update your specific language's translation file
+(replace `lang_code` with your language code e.g. 'pt_BR', and `pot_file`
+with `libalpm.pot`, `pacman.pot` or `pacman-scripts.pot`):
+
+	msgmerge --update --previous <lang_code>.po  <pot_filename>.pot

 At this point, you can do the translation. To submit your changes, either email
 the new `.po` file to the mailing-list with *[translation]* in the subject, or
@ -103,7 +107,7 @@ submit a Git-formatted patch (please do not include any `.pot` file changes).
 As a shortcut, all translation files (including `.pot` files) can be updated
 with the following command:

-	make update-po
+	./build-aux/update-po

 Adding a New Language
 ~~~~~~~~~~~~~~~~~~~~~
@ -112,10 +116,10 @@ Making a new language is not too hard, but be sure to follow all the steps.
 You will have to do the following steps in both the `lib/libalpm/po/` and `po/`
 directories, substituting where appropriate. First, edit the `LINGUAS` file and
 add your new language code at the bottom. Next, run the following command,
-substituting 'libalpm.pot' or 'pacman.pot' for potfile depending on which
+substituting `libalpm.pot` or `pacman.pot` for potfile depending on which
 directory you are currently working in:

-	msginit -l <lang code> -o <lang code>.po -i <potfile>
+	msginit -l <lang_code> -o <lang_code>.po -i <potfile>

 You can then also add your language code to the end of the `LINGUAS` file
 located in each po directory.
@ -137,11 +141,13 @@ following two translations are equivalent:
 	msgstr ""
 	"This is a test translation"

-If you want to test the translation (for example, the front-end one):
+If you want to test the translation (copy the .po file you want to test,
+you may ignore the rest), replacing `<lang_code>` accordingly:

-	rm *.gmo stamp-po
-	make
-	cp <lang code>.gmo /usr/share/locale/<lang code>/LC_MESSAGES/pacman.mo
+	meson compile -C build pacman-scripts-gmo pacman-gmo libalpm-gmo
+	cp ./build/lib/libalpm/po/<lang_code>/LC_MESSAGES/libalpm.mo    /usr/share/locale/<lang_code>/LC_MESSAGES/libalpm.mo
+	cp ./build/scripts/po/<lang_code>/LC_MESSAGES/pacman-scripts.mo /usr/share/locale/<lang_code>/LC_MESSAGES/pacman-scripts.mo
+	cp ./build/src/pacman/po/<lang_code>/LC_MESSAGES/pacman.mo      /usr/share/locale/<lang_code>/LC_MESSAGES/pacman.mo


 Translating Manpages
@ -150,4 +156,4 @@ There are currently no efforts underway to include translated manual pages in
 the pacman codebase. However, this is not to say translations are unwelcome. If
 someone has experience with i18n man pages and how to best include them with our
 source, please contact the pacman-dev mailing list at
-mailto:pacman-dev@archlinux.org[].
+mailto:pacman-dev@lists.archlinux.org[].
--- a/etc/Makefile.am
+++ b/etc/Makefile.am
@ -1,27 +0,0 @@
-dist_sysconf_DATA = makepkg.conf pacman.conf
-EXTRA_DIST = makepkg.conf.in pacman.conf.in
-
-# Files that should be removed, but which Automake does not know.
-MOSTLYCLEANFILES = $(dist_sysconf_DATA)
-
-SED_PROCESS = \
-	$(AM_V_GEN)$(MKDIR_P) $(dir $@) && \
-	$(SED) \
-	-e 's|@sysconfdir[@]|$(sysconfdir)|g' \
-	-e 's|@localstatedir[@]|$(localstatedir)|g' \
-	-e 's|@prefix[@]|$(prefix)|g' \
-	-e 's|@PACKAGE_VERSION[@]|$(PACKAGE_VERSION)|g' \
-	-e 's|@PACKAGE_NAME[@]|$(PACKAGE_NAME)|g' \
-	-e 's|@PKGEXT[@]|$(PKGEXT)|g' \
-	-e 's|@SRCEXT[@]|$(SRCEXT)|g' \
-	-e 's|@STRIP_BINARIES[@]|$(STRIP_BINARIES)|g' \
-	-e 's|@STRIP_SHARED[@]|$(STRIP_SHARED)|g' \
-	-e 's|@STRIP_STATIC[@]|$(STRIP_STATIC)|g' \
-	-e 's|@CARCH[@]|$(CARCH)|g' \
-	-e 's|@CHOST[@]|$(CHOST)|g' \
-	-e 's|@ARCHSWITCH[@]|$(ARCHSWITCH)|g' \
-	-e 's|@ROOTDIR[@]|$(ROOTDIR)|g' \
-	< $< > $@
-
-%.conf: %.conf.in Makefile
-	$(SED_PROCESS)
--- a/etc/makepkg.conf.d/fortran.conf.in
+++ b/etc/makepkg.conf.d/fortran.conf.in
@ -0,0 +1,18 @@
+#!/hint/bash
+#
+# @sysconfdir@/makepkg.conf.d/fortran.conf
+#
+
+#########################################################################
+# FORTRAN LANGUAGE SUPPORT
+#########################################################################
+
+# Flags used for the Fortran compiler, similar in spirit to CFLAGS. Read
+# linkman:gfortran[1] for more details on the available flags.
+#FFLAGS="-O2 -pipe"
+#FCFLAGS="$FFLAGS"
+
+# Additional compiler flags appended to `FFLAGS` and `FCFLAGS` for use in debugging. Usually
+# this would include: ``-g''. Read linkman:gfortran[1] for more details on the wide
+# variety of compiler flags available.
+#DEBUG_FFLAGS="-g"
--- a/etc/makepkg.conf.d/rust.conf.in
+++ b/etc/makepkg.conf.d/rust.conf.in
@ -0,0 +1,17 @@
+#!/hint/bash
+#
+# @sysconfdir@/makepkg.conf.d/rust.conf
+#
+
+#########################################################################
+# RUST LANGUAGE SUPPORT
+#########################################################################
+
+# Flags used for the Rust compiler, similar in spirit to CFLAGS. Read
+# linkman:rustc[1] for more details on the available flags.
+#RUSTFLAGS="-C opt-level=3"
+
+# Additional compiler flags appended to `RUSTFLAGS` for use in debugging.
+# Usually this would include: ``-C debuginfo=2''. Read linkman:rustc[1] for
+# more details on the available flags.
+#DEBUG_RUSTFLAGS="-C debuginfo=2"
--- a/etc/makepkg.conf.in
+++ b/etc/makepkg.conf.in
@ -9,10 +9,10 @@
 #
 #-- The download utilities that makepkg should use to acquire sources
 #  Format: 'protocol::agent'
-DLAGENTS=('file::/usr/bin/curl -gqC - -o %o %u'
-          'ftp::/usr/bin/curl -gqfC - --ftp-pasv --retry 3 --retry-delay 3 -o %o %u'
-          'http::/usr/bin/curl -gqb "" -fLC - --retry 3 --retry-delay 3 -o %o %u'
-          'https::/usr/bin/curl -gqb "" -fLC - --retry 3 --retry-delay 3 -o %o %u'
+DLAGENTS=('file::/usr/bin/curl -qgC - -o %o %u'
+          'ftp::/usr/bin/curl -qgfC - --ftp-pasv --retry 3 --retry-delay 3 -o %o %u'
+          'http::/usr/bin/curl -qgb "" -fLC - --retry 3 --retry-delay 3 -o %o %u'
+          'https::/usr/bin/curl -qgb "" -fLC - --retry 3 --retry-delay 3 -o %o %u'
          'rsync::/usr/bin/rsync --no-motd -z %u %o'
          'scp::/usr/bin/scp -C %u %o')

@ -23,7 +23,8 @@ DLAGENTS=('file::/usr/bin/curl -gqC - -o %o %u'

 #-- The package required by makepkg to download VCS sources
 #  Format: 'protocol::package'
-VCSCLIENTS=('bzr::bzr'
+VCSCLIENTS=('bzr::breezy'
+            'fossil::fossil'
            'git::git'
            'hg::mercurial'
            'svn::subversion')
@ -35,11 +36,14 @@ VCSCLIENTS=('bzr::bzr'
 CARCH="@CARCH@"
 CHOST="@CHOST@"

+#NPROC=2
+
 #-- Compiler and Linker Flags
 #CPPFLAGS=""
 #CFLAGS="-O2 -pipe"
 #CXXFLAGS="-O2 -pipe"
 #LDFLAGS=""
+#LTOFLAGS="-flto"
 #-- Make Flags: change this for DistCC/SMP systems
 #MAKEFLAGS="-j2"
 #-- Debugging flags
@ -50,7 +54,7 @@ CHOST="@CHOST@"
 # BUILD ENVIRONMENT
 #########################################################################
 #
-# Defaults: BUILDENV=(!distcc !color !ccache check !sign)
+# Makepkg defaults: BUILDENV=(!distcc !color !ccache check !sign)
 #  A negated environment option will do the opposite of the comments below.
 #
 #-- distcc:   Use the Distributed C/C++/ObjC compiler
@ -73,7 +77,8 @@ BUILDENV=(!distcc color !ccache check !sign)
 #   These are default values for the options=() settings
 #########################################################################
 #
-# Default: OPTIONS=(!strip docs libtool staticlibs emptydirs !zipman !purge !debug)
+# Makepkg defaults:
+# OPTIONS=(!strip docs libtool staticlibs emptydirs !zipman !purge !debug !lto !autodeps)
 #  A negated option will do the opposite of the comments below.
 #
 #-- strip:      Strip symbols from binaries/libraries
@ -84,11 +89,13 @@ BUILDENV=(!distcc color !ccache check !sign)
 #-- zipman:     Compress manual (man and info) pages in MAN_DIRS with gzip
 #-- purge:      Remove files specified by PURGE_TARGETS
 #-- debug:      Add debugging flags as specified in DEBUG_* variables
+#-- lto:        Add compile flags for building with link time optimization
+#-- autodeps:   Automatically add depends/provides
 #
-OPTIONS=(strip docs libtool staticlibs emptydirs zipman purge !debug)
+OPTIONS=(strip docs libtool staticlibs emptydirs zipman purge !debug !lto !autodeps)

-#-- File integrity checks to use. Valid: md5, sha1, sha224, sha256, sha384, sha512, b2
-INTEGRITY_CHECK=(md5)
+#-- File integrity checks to use. Valid: ck, md5, sha1, sha224, sha256, sha384, sha512, b2
+INTEGRITY_CHECK=(ck)
 #-- Options to be used when stripping binaries. See `man strip' for details.
 STRIP_BINARIES="@STRIP_BINARIES@"
 #-- Options to be used when stripping shared libraries. See `man strip' for details.
@ -103,6 +110,8 @@ DOC_DIRS=(usr/{,local/}{,share/}{doc,gtk-doc} opt/*/{doc,gtk-doc})
 PURGE_TARGETS=(usr/{,share}/info/dir .packlist *.pod)
 #-- Directory to store source code in for debug packages
 DBGSRCDIR="/usr/src/debug"
+#-- Prefix and directories for library autodeps
+LIB_DIRS=('lib:usr/lib' 'lib32:usr/lib32')

 #########################################################################
 # PACKAGE OUTPUT
@ -141,8 +150,12 @@ COMPRESSLZ=(lzip -c -f)
 # EXTENSION DEFAULTS
 #########################################################################
 #
-# WARNING: Do NOT modify these variables unless you know what you are
-#          doing.
-#
 PKGEXT='@PKGEXT@'
 SRCEXT='@SRCEXT@'
+
+#########################################################################
+# OTHER
+#########################################################################
+#
+#-- Command used to run pacman as root, instead of trying sudo and su
+PACMAN_AUTH=()
--- a/etc/pacman.conf.in
+++ b/etc/pacman.conf.in
@ -19,7 +19,6 @@ HoldPkg     = pacman glibc
 #XferCommand = /usr/bin/curl -L -C - -f -o %o %u
 #XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
 #CleanMethod = KeepInstalled
-#UseDelta    = 0.7
 Architecture = auto

 # Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup
@ -32,9 +31,12 @@ Architecture = auto
 # Misc options
 #UseSyslog
 #Color
-#TotalDownload
+#NoProgressBar
 CheckSpace
 #VerbosePkgLists
+ParallelDownloads = 5
+#DownloadUser = alpm
+#DisableSandbox

 # PGP signature checking
 #SigLevel = Optional
@ -74,4 +76,4 @@ CheckSpace
 # tips on creating your own repositories.
 #[custom]
 #SigLevel = Optional TrustAll
-#Server = file:///home/custompkgs
+#Server = file:///home/packages
--- a/lib/libalpm/Makefile.am
+++ b/lib/libalpm/Makefile.am
@ -1,77 +0,0 @@
-AUTOMAKE_OPTIONS = gnu
-
-SUBDIRS = po
-
-lib_LTLIBRARIES = libalpm.la
-include_HEADERS = alpm_list.h alpm.h
-
-AM_CPPFLAGS = \
-	-imacros $(top_builddir)/config.h \
-	-DSYSHOOKDIR=\"@datarootdir@/libalpm/hooks/\" \
-	-DLOCALEDIR=\"@localedir@\"
-
-AM_CFLAGS = -pedantic -D_GNU_SOURCE $(WARNING_CFLAGS)
-
-if ENABLE_VISIBILITY_CC
-if DARWIN
-AM_CFLAGS += -fvisibility=hidden
-else
-AM_CFLAGS += -fvisibility=internal
-endif
-endif
-
-pkgconfigdir = $(libdir)/pkgconfig
-pkgconfig_DATA = libalpm.pc
-
-libalpm_la_SOURCES = \
-	add.h add.c \
-	alpm.h alpm.c \
-	alpm_list.h alpm_list.c \
-	backup.h backup.c \
-	base64.h base64.c \
-	be_local.c \
-	be_package.c \
-	be_sync.c \
-	conflict.h conflict.c \
-	db.h db.c \
-	delta.h delta.c \
-	deps.h deps.c \
-	diskspace.h diskspace.c \
-	dload.h dload.c \
-	error.c \
-	filelist.h filelist.c \
-	graph.h graph.c \
-	group.h group.c \
-	handle.h handle.c \
-	hook.h hook.c \
-	ini.h ini.c \
-	libarchive-compat.h \
-	log.h log.c \
-	package.h package.c \
-	pkghash.h pkghash.c \
-	rawstr.c \
-	remove.h remove.c \
-	signing.c signing.h \
-	sync.h sync.c \
-	trans.h trans.c \
-	util.h util.c \
-	util-common.h util-common.c \
-	version.c
-
-libalpm_la_LDFLAGS = -no-undefined -version-info $(LIB_VERSION_INFO)
-
-libalpm_la_CFLAGS = \
-	$(AM_CFLAGS) \
-	$(GPGME_CFLAGS) \
-	$(LIBARCHIVE_CFLAGS) \
-	$(LIBCURL_CFLAGS) \
-	$(LIBSSL_CFLAGS) \
-	$(NETTLE_CFLAGS)
-
-libalpm_la_LIBADD = \
-	$(LTLIBINTL) \
-	$(GPGME_LIBS) \
-	$(LIBARCHIVE_LIBS) \
-	$(LIBCURL_LIBS) \
-	$(LIBSSL_LIBS) \
-	$(NETTLE_LIBS)
--- a/lib/libalpm/add.c
+++ b/lib/libalpm/add.c
@ -1,7 +1,7 @@
 /*
 *  add.c
 *
- *  Copyright (c) 2006-2018 Pacman Development Team <pacman-dev@archlinux.org>
+ *  Copyright (c) 2006-2025 Pacman Development Team <pacman-dev@lists.archlinux.org>
 *  Copyright (c) 2002-2006 by Judd Vinet <jvinet@zeroflux.org>
 *
 *  This program is free software; you can redistribute it and/or modify
@ -47,7 +47,6 @@
 #include "remove.h"
 #include "handle.h"

-/** Add a package to the transaction. */
 int SYMEXPORT alpm_add_pkg(alpm_handle_t *handle, alpm_pkg_t *pkg)
 {
 	const char *pkgname, *pkgver;
@ -120,6 +119,7 @@ static int perform_extraction(alpm_handle_t *handle, struct archive *archive,
 	                          ARCHIVE_EXTRACT_PERM |
 	                          ARCHIVE_EXTRACT_TIME |
 	                          ARCHIVE_EXTRACT_UNLINK |
+	                          ARCHIVE_EXTRACT_XATTR |
 	                          ARCHIVE_EXTRACT_SECURE_SYMLINKS;

 	archive_entry_set_pathname(entry, filename);
@ -262,7 +262,7 @@ static int extract_single_file(alpm_handle_t *handle, struct archive *archive,
 					"filesystem: %o  package: %o\n"), filename, lsbuf.st_mode & mask,
 					entrymode & mask);
 			alpm_logaction(handle, ALPM_CALLER_PREFIX,
-					"warning: directory permissions differ on %s\n"
+					"warning: directory permissions differ on %s, "
 					"filesystem: %o  package: %o\n", filename, lsbuf.st_mode & mask,
 					entrymode & mask);
 		}
@ -277,7 +277,7 @@ static int extract_single_file(alpm_handle_t *handle, struct archive *archive,
 					"filesystem: %u:%u  package: %u:%u\n"), filename,
 					lsbuf.st_uid, lsbuf.st_gid, entryuid, entrygid);
 			alpm_logaction(handle, ALPM_CALLER_PREFIX,
-					"warning: directory ownership differs on %s\n"
+					"warning: directory ownership differs on %s, "
 					"filesystem: %u:%u  package: %u:%u\n", filename,
 					lsbuf.st_uid, lsbuf.st_gid, entryuid, entrygid);
 		}
@ -415,7 +415,7 @@ static int extract_single_file(alpm_handle_t *handle, struct archive *archive,
 static int commit_single_pkg(alpm_handle_t *handle, alpm_pkg_t *newpkg,
 		size_t pkg_current, size_t pkg_count)
 {
-	int i, ret = 0, errors = 0;
+	int ret = 0, errors = 0;
 	int is_upgrade = 0;
 	alpm_pkg_t *oldpkg = NULL;
 	alpm_db_t *db = handle->db_local;
@ -484,8 +484,7 @@ static int commit_single_pkg(alpm_handle_t *handle, alpm_pkg_t *newpkg,
 		/* set up fake remove transaction */
 		if(_alpm_remove_single_package(handle, oldpkg, newpkg, 0, 0) == -1) {
 			handle->pm_errno = ALPM_ERR_TRANS_ABORT;
-			ret = -1;
-			goto cleanup;
+			return -1;
 		}
 	}

@ -496,15 +495,13 @@ static int commit_single_pkg(alpm_handle_t *handle, alpm_pkg_t *newpkg,
 				"error: could not create database entry %s-%s\n",
 				newpkg->name, newpkg->version);
 		handle->pm_errno = ALPM_ERR_DB_WRITE;
-		ret = -1;
-		goto cleanup;
+		return -1;
 	}

 	fd = _alpm_open_archive(db->handle, pkgfile, &buf,
 			&archive, ALPM_ERR_PKG_OPEN);
 	if(fd < 0) {
-		ret = -1;
-		goto cleanup;
+		return -1;
 	}

 	/* save the cwd so we can restore it later */
@ -522,8 +519,7 @@ static int commit_single_pkg(alpm_handle_t *handle, alpm_pkg_t *newpkg,
 			close(cwdfd);
 		}
 		close(fd);
-		ret = -1;
-		goto cleanup;
+		return -1;
 	}

 	if(trans->flags & ALPM_TRANS_FLAG_DBONLY) {
@ -542,7 +538,7 @@ static int commit_single_pkg(alpm_handle_t *handle, alpm_pkg_t *newpkg,
 		/* call PROGRESS once with 0 percent, as we sort-of skip that here */
 		PROGRESS(handle, progress, newpkg->name, 0, pkg_count, pkg_current);

-		for(i = 0; archive_read_next_header(archive, &entry) == ARCHIVE_OK; i++) {
+		while(archive_read_next_header(archive, &entry) == ARCHIVE_OK) {
 			int percent;

 			if(newpkg->size != 0) {
@ -607,8 +603,7 @@ static int commit_single_pkg(alpm_handle_t *handle, alpm_pkg_t *newpkg,
 				"error: could not update database entry %s-%s\n",
 				newpkg->name, newpkg->version);
 		handle->pm_errno = ALPM_ERR_DB_WRITE;
-		ret = -1;
-		goto cleanup;
+		return -1;
 	}

 	if(_alpm_db_add_pkgincache(db, newpkg) == -1) {
@ -654,7 +649,6 @@ static int commit_single_pkg(alpm_handle_t *handle, alpm_pkg_t *newpkg,
 	event.type = ALPM_EVENT_PACKAGE_OPERATION_DONE;
 	EVENT(handle, &event);

-cleanup:
 	return ret;
 }

--- a/lib/libalpm/add.h
+++ b/lib/libalpm/add.h
@ -1,7 +1,7 @@
 /*
 *  add.h
 *
- *  Copyright (c) 2006-2018 Pacman Development Team <pacman-dev@archlinux.org>
+ *  Copyright (c) 2006-2025 Pacman Development Team <pacman-dev@lists.archlinux.org>
 *  Copyright (c) 2002-2006 by Judd Vinet <jvinet@zeroflux.org>
 *
 *  This program is free software; you can redistribute it and/or modify
--- a/lib/libalpm/alpm.c
+++ b/lib/libalpm/alpm.c
@ -1,7 +1,7 @@
 /*
 *  alpm.c
 *
- *  Copyright (c) 2006-2018 Pacman Development Team <pacman-dev@archlinux.org>
+ *  Copyright (c) 2006-2025 Pacman Development Team <pacman-dev@lists.archlinux.org>
 *  Copyright (c) 2002-2006 by Judd Vinet <jvinet@zeroflux.org>
 *  Copyright (c) 2005 by Aurelien Foret <orelien@chez.com>
 *  Copyright (c) 2005 by Christian Hamar <krics@linuxforum.hu>
@ -25,6 +25,9 @@
 #include <curl/curl.h>
 #endif

+#include <errno.h>
+#include <pwd.h>
+
 /* libalpm */
 #include "alpm.h"
 #include "alpm_list.h"
@ -32,26 +35,14 @@
 #include "log.h"
 #include "util.h"

-/** \addtogroup alpm_interface Interface Functions
- * @brief Functions to initialize and release libalpm
- * @{
- */
-
-/** Initializes the library.
- * Creates handle, connects to database and creates lockfile.
- * This must be called before any other functions are called.
- * @param root the root path for all filesystem operations
- * @param dbpath the absolute path to the libalpm database
- * @param err an optional variable to hold any error return codes
- * @return a context handle on success, NULL on error, err will be set if provided
- */
 alpm_handle_t SYMEXPORT *alpm_initialize(const char *root, const char *dbpath,
 		alpm_errno_t *err)
 {
 	alpm_errno_t myerr;
 	const char *lf = "db.lck";
 	char *hookdir;
-	size_t lockfilelen;
+	size_t hookdirlen, lockfilelen;
+	struct passwd const *pw = NULL;
 	alpm_handle_t *myhandle = _alpm_handle_new();

 	if(myhandle == NULL) {
@ -67,8 +58,9 @@ alpm_handle_t SYMEXPORT *alpm_initialize(const char *root, const char *dbpath,
 	/* to concatenate myhandle->root (ends with a slash) with SYSHOOKDIR (starts
 	 * with a slash) correctly, we skip SYSHOOKDIR[0]; the regular +1 therefore
 	 * disappears from the allocation */
-	MALLOC(hookdir, strlen(myhandle->root) + strlen(SYSHOOKDIR), goto nomem);
-	sprintf(hookdir, "%s%s", myhandle->root, SYSHOOKDIR + 1);
+	hookdirlen = strlen(myhandle->root) + strlen(SYSHOOKDIR);
+	MALLOC(hookdir, hookdirlen, goto nomem);
+	snprintf(hookdir, hookdirlen, "%s%s", myhandle->root, &SYSHOOKDIR[1]);
 	myhandle->hookdirs = alpm_list_add(NULL, hookdir);

 	/* set default database extension */
@ -83,6 +75,17 @@ alpm_handle_t SYMEXPORT *alpm_initialize(const char *root, const char *dbpath,
 		goto cleanup;
 	}

+#ifdef HAVE_LIBCURL
+	curl_global_init(CURL_GLOBAL_ALL);
+	myhandle->curlm = curl_multi_init();
+#endif
+
+	myhandle->parallel_downloads = 1;
+
+	/* set default sandboxuser */
+	ASSERT((pw = getpwuid(0)) != NULL, myerr = errno; goto cleanup);
+	STRDUP(myhandle->sandboxuser, pw->pw_name, goto nomem);
+	
 #ifdef ENABLE_NLS
 	bindtextdomain("libalpm", LOCALEDIR);
 #endif
@ -99,59 +102,23 @@ cleanup:
 	return NULL;
 }

-/** Release the library.
- * Disconnects from the database, removes handle and lockfile
- * This should be the last alpm call you make.
- * After this returns, handle should be considered invalid and cannot be reused
- * in any way.
- * @param myhandle the context handle
- * @return 0 on success, -1 on error
- */
+/* check current state and free all resources including storage locks */
 int SYMEXPORT alpm_release(alpm_handle_t *myhandle)
 {
-	int ret = 0;
-	alpm_db_t *db;
-
 	CHECK_HANDLE(myhandle, return -1);
-
-	/* close local database */
-	db = myhandle->db_local;
-	if(db) {
-		db->ops->unregister(db);
-		myhandle->db_local = NULL;
-	}
-
-	if(alpm_unregister_all_syncdbs(myhandle) == -1) {
-		ret = -1;
-	}
+	ASSERT(myhandle->trans == NULL, RET_ERR(myhandle, ALPM_ERR_TRANS_NOT_NULL, -1));

 	_alpm_handle_unlock(myhandle);
 	_alpm_handle_free(myhandle);

-#ifdef HAVE_LIBCURL
-	curl_global_cleanup();
-#endif
-
-	return ret;
+	return 0;
 }

-/** @} */
-
-/** @defgroup alpm_misc Miscellaneous Functions
- * @brief Various libalpm functions
- */
-
-/** Get the version of library.
- * @return the library version, e.g. "6.0.4"
- * */
 const char SYMEXPORT *alpm_version(void)
 {
 	return LIB_VERSION;
 }

-/** Get the capabilities of the library.
- * @return a bitmask of the capabilities
- * */
 int SYMEXPORT alpm_capabilities(void)
 {
 	return 0
--- a/lib/libalpm/alpm.h
+++ b/lib/libalpm/alpm.h
--- a/lib/libalpm/alpm_list.c
+++ b/lib/libalpm/alpm_list.c
@ -1,7 +1,7 @@
 /*
 *  alpm_list.c
 *
- *  Copyright (c) 2006-2018 Pacman Development Team <pacman-dev@archlinux.org>
+ *  Copyright (c) 2006-2025 Pacman Development Team <pacman-dev@lists.archlinux.org>
 *  Copyright (c) 2002-2006 by Judd Vinet <jvinet@zeroflux.org>
 *
 *  This program is free software; you can redistribute it and/or modify
@ -30,25 +30,9 @@

 /* check exported library symbols with: nm -C -D <lib> */
 #define SYMEXPORT __attribute__((visibility("default")))
-#define SYMHIDDEN __attribute__((visibility("internal")))
-
-/**
- * @addtogroup alpm_list List Functions
- * @brief Functions to manipulate alpm_list_t lists.
- *
- * These functions are designed to create, destroy, and modify lists of
- * type alpm_list_t. This is an internal list type used by libalpm that is
- * publicly exposed for use by frontends if desired.
- *
- * @{ */

 /* Allocation */

-/**
- * @brief Free a list, but not the contained data.
- *
- * @param list the list to free
- */
 void SYMEXPORT alpm_list_free(alpm_list_t *list)
 {
 	alpm_list_t *it = list;
@ -60,12 +44,6 @@ void SYMEXPORT alpm_list_free(alpm_list_t *list)
 	}
 }

-/**
- * @brief Free the internal data of a list structure.
- *
- * @param list the list to free
- * @param fn   a free function for the internal data
- */
 void SYMEXPORT alpm_list_free_inner(alpm_list_t *list, alpm_list_fn_free fn)
 {
 	alpm_list_t *it = list;
@ -83,28 +61,12 @@ void SYMEXPORT alpm_list_free_inner(alpm_list_t *list, alpm_list_fn_free fn)

 /* Mutators */

-/**
- * @brief Add a new item to the end of the list.
- *
- * @param list the list to add to
- * @param data the new item to be added to the list
- *
- * @return the resultant list
- */
 alpm_list_t SYMEXPORT *alpm_list_add(alpm_list_t *list, void *data)
 {
 	alpm_list_append(&list, data);
 	return list;
 }

-/**
- * @brief Add a new item to the end of the list.
- *
- * @param list the list to add to
- * @param data the new item to be added to the list
- *
- * @return the newly added item
- */
 alpm_list_t SYMEXPORT *alpm_list_append(alpm_list_t **list, void *data)
 {
 	alpm_list_t *ptr;
@ -131,14 +93,6 @@ alpm_list_t SYMEXPORT *alpm_list_append(alpm_list_t **list, void *data)
 	return ptr;
 }

-/**
- * @brief Duplicate and append a string to a list.
- *
- * @param list the list to append to
- * @param data the string to duplicate and append
- *
- * @return the newly added item
- */
 alpm_list_t SYMEXPORT *alpm_list_append_strdup(alpm_list_t **list, const char *data)
 {
 	alpm_list_t *ret;
@ -151,15 +105,6 @@ alpm_list_t SYMEXPORT *alpm_list_append_strdup(alpm_list_t **list, const char *d
 	}
 }

-/**
- * @brief Add items to a list in sorted order.
- *
- * @param list the list to add to
- * @param data the new item to be added to the list
- * @param fn   the comparison function to use to determine order
- *
- * @return the resultant list
- */
 alpm_list_t SYMEXPORT *alpm_list_add_sorted(alpm_list_t *list, void *data, alpm_list_fn_cmp fn)
 {
 	if(!fn || !list) {
@ -202,17 +147,6 @@ alpm_list_t SYMEXPORT *alpm_list_add_sorted(alpm_list_t *list, void *data, alpm_
 	}
 }

-/**
- * @brief Join two lists.
- * The two lists must be independent. Do not free the original lists after
- * calling this function, as this is not a copy operation. The list pointers
- * passed in should be considered invalid after calling this function.
- *
- * @param first  the first list
- * @param second the second list
- *
- * @return the resultant joined list
- */
 alpm_list_t SYMEXPORT *alpm_list_join(alpm_list_t *first, alpm_list_t *second)
 {
 	alpm_list_t *tmp;
@ -235,15 +169,6 @@ alpm_list_t SYMEXPORT *alpm_list_join(alpm_list_t *first, alpm_list_t *second)
 	return first;
 }

-/**
- * @brief Merge the two sorted sublists into one sorted list.
- *
- * @param left  the first list
- * @param right the second list
- * @param fn    comparison function for determining merge order
- *
- * @return the resultant list
- */
 alpm_list_t SYMEXPORT *alpm_list_mmerge(alpm_list_t *left, alpm_list_t *right,
 		alpm_list_fn_cmp fn)
 {
@ -305,15 +230,6 @@ alpm_list_t SYMEXPORT *alpm_list_mmerge(alpm_list_t *left, alpm_list_t *right,
 	return newlist;
 }

-/**
- * @brief Sort a list of size `n` using mergesort algorithm.
- *
- * @param list the list to sort
- * @param n    the size of the list
- * @param fn   the comparison function for determining order
- *
- * @return the resultant list
- */
 alpm_list_t SYMEXPORT *alpm_list_msort(alpm_list_t *list, size_t n,
 		alpm_list_fn_cmp fn)
 {
@ -339,15 +255,6 @@ alpm_list_t SYMEXPORT *alpm_list_msort(alpm_list_t *list, size_t n,
 	return list;
 }

-/**
- * @brief Remove an item from the list.
- * item is not freed; this is the responsibility of the caller.
- *
- * @param haystack the list to remove the item from
- * @param item the item to remove from the list
- *
- * @return the resultant list
- */
 alpm_list_t SYMEXPORT *alpm_list_remove_item(alpm_list_t *haystack,
 		alpm_list_t *item)
 {
@ -385,17 +292,6 @@ alpm_list_t SYMEXPORT *alpm_list_remove_item(alpm_list_t *haystack,
 	return haystack;
 }

-
-/**
- * @brief Remove an item from the list.
- *
- * @param haystack the list to remove the item from
- * @param needle   the data member of the item we're removing
- * @param fn       the comparison function for searching
- * @param data     output parameter containing data of the removed item
- *
- * @return the resultant list
- */
 alpm_list_t SYMEXPORT *alpm_list_remove(alpm_list_t *haystack,
 		const void *needle, alpm_list_fn_cmp fn, void **data)
 {
@ -430,15 +326,6 @@ alpm_list_t SYMEXPORT *alpm_list_remove(alpm_list_t *haystack,
 	return haystack;
 }

-/**
- * @brief Remove a string from a list.
- *
- * @param haystack the list to remove the item from
- * @param needle   the data member of the item we're removing
- * @param data     output parameter containing data of the removed item
- *
- * @return the resultant list
- */
 alpm_list_t SYMEXPORT *alpm_list_remove_str(alpm_list_t *haystack,
 		const char *needle, char **data)
 {
@ -446,15 +333,6 @@ alpm_list_t SYMEXPORT *alpm_list_remove_str(alpm_list_t *haystack,
 			(alpm_list_fn_cmp)strcmp, (void **)data);
 }

-/**
- * @brief Create a new list without any duplicates.
- *
- * This does NOT copy data members.
- *
- * @param list the list to copy
- *
- * @return a new list containing non-duplicate items
- */
 alpm_list_t SYMEXPORT *alpm_list_remove_dupes(const alpm_list_t *list)
 {
 	const alpm_list_t *lp = list;
@ -471,13 +349,6 @@ alpm_list_t SYMEXPORT *alpm_list_remove_dupes(const alpm_list_t *list)
 	return newlist;
 }

-/**
- * @brief Copy a string list, including data.
- *
- * @param list the list to copy
- *
- * @return a copy of the original list
- */
 alpm_list_t SYMEXPORT *alpm_list_strdup(const alpm_list_t *list)
 {
 	const alpm_list_t *lp = list;
@ -492,13 +363,6 @@ alpm_list_t SYMEXPORT *alpm_list_strdup(const alpm_list_t *list)
 	return newlist;
 }

-/**
- * @brief Copy a list, without copying data.
- *
- * @param list the list to copy
- *
- * @return a copy of the original list
- */
 alpm_list_t SYMEXPORT *alpm_list_copy(const alpm_list_t *list)
 {
 	const alpm_list_t *lp = list;
@ -513,16 +377,6 @@ alpm_list_t SYMEXPORT *alpm_list_copy(const alpm_list_t *list)
 	return newlist;
 }

-/**
- * @brief Copy a list and copy the data.
- * Note that the data elements to be copied should not contain pointers
- * and should also be of constant size.
- *
- * @param list the list to copy
- * @param size the size of each data element
- *
- * @return a copy of the original list, data copied as well
- */
 alpm_list_t SYMEXPORT *alpm_list_copy_data(const alpm_list_t *list,
 		size_t size)
 {
@ -546,13 +400,6 @@ alpm_list_t SYMEXPORT *alpm_list_copy_data(const alpm_list_t *list,
 	return newlist;
 }

-/**
- * @brief Create a new list in reverse order.
- *
- * @param list the list to copy
- *
- * @return a new list in reverse order
- */
 alpm_list_t SYMEXPORT *alpm_list_reverse(alpm_list_t *list)
 {
 	const alpm_list_t *lp;
@ -570,6 +417,7 @@ alpm_list_t SYMEXPORT *alpm_list_reverse(alpm_list_t *list)
 	while(lp) {
 		if(alpm_list_append(&newlist, lp->data) == NULL) {
 			alpm_list_free(newlist);
+			list->prev = backup;
 			return NULL;
 		}
 		lp = lp->prev;
@ -580,14 +428,6 @@ alpm_list_t SYMEXPORT *alpm_list_reverse(alpm_list_t *list)

 /* Accessors */

-/**
- * @brief Return nth element from list (starting from 0).
- *
- * @param list the list
- * @param n    the index of the item to find (n < alpm_list_count(list) IS needed)
- *
- * @return an alpm_list_t node for index `n`
- */
 alpm_list_t SYMEXPORT *alpm_list_nth(const alpm_list_t *list, size_t n)
 {
 	const alpm_list_t *i = list;
@ -597,13 +437,6 @@ alpm_list_t SYMEXPORT *alpm_list_nth(const alpm_list_t *list, size_t n)
 	return (alpm_list_t *)i;
 }

-/**
- * @brief Get the next element of a list.
- *
- * @param node the list node
- *
- * @return the next element, or NULL when no more elements exist
- */
 inline alpm_list_t SYMEXPORT *alpm_list_next(const alpm_list_t *node)
 {
 	if(node) {
@ -613,13 +446,6 @@ inline alpm_list_t SYMEXPORT *alpm_list_next(const alpm_list_t *node)
 	}
 }

-/**
- * @brief Get the previous element of a list.
- *
- * @param list the list head
- *
- * @return the previous element, or NULL when no previous element exist
- */
 inline alpm_list_t SYMEXPORT *alpm_list_previous(const alpm_list_t *list)
 {
 	if(list && list->prev->next) {
@ -629,13 +455,6 @@ inline alpm_list_t SYMEXPORT *alpm_list_previous(const alpm_list_t *list)
 	}
 }

-/**
- * @brief Get the last item in the list.
- *
- * @param list the list
- *
- * @return the last element in the list
- */
 alpm_list_t SYMEXPORT *alpm_list_last(const alpm_list_t *list)
 {
 	if(list) {
@ -647,13 +466,6 @@ alpm_list_t SYMEXPORT *alpm_list_last(const alpm_list_t *list)

 /* Misc */

-/**
- * @brief Get the number of items in a list.
- *
- * @param list the list
- *
- * @return the number of list items
- */
 size_t SYMEXPORT alpm_list_count(const alpm_list_t *list)
 {
 	size_t i = 0;
@ -665,15 +477,6 @@ size_t SYMEXPORT alpm_list_count(const alpm_list_t *list)
 	return i;
 }

-/**
- * @brief Find an item in a list.
- *
- * @param needle   the item to search
- * @param haystack the list
- * @param fn       the comparison function for searching (!= NULL)
- *
- * @return `needle` if found, NULL otherwise
- */
 void SYMEXPORT *alpm_list_find(const alpm_list_t *haystack, const void *needle,
 		alpm_list_fn_cmp fn)
 {
@ -693,30 +496,12 @@ static int ptr_cmp(const void *p, const void *q)
 	return (p != q);
 }

-/**
- * @brief Find an item in a list.
- *
- * Search for the item whose data matches that of the `needle`.
- *
- * @param needle   the data to search for (== comparison)
- * @param haystack the list
- *
- * @return `needle` if found, NULL otherwise
- */
 void SYMEXPORT *alpm_list_find_ptr(const alpm_list_t *haystack,
 		const void *needle)
 {
 	return alpm_list_find(haystack, needle, ptr_cmp);
 }

-/**
- * @brief Find a string in a list.
- *
- * @param needle   the string to search for
- * @param haystack the list
- *
- * @return `needle` if found, NULL otherwise
- */
 char SYMEXPORT *alpm_list_find_str(const alpm_list_t *haystack,
 		const char *needle)
 {
@ -724,20 +509,63 @@ char SYMEXPORT *alpm_list_find_str(const alpm_list_t *haystack,
 			(alpm_list_fn_cmp)strcmp);
 }

-/**
- * @brief Find the differences between list `left` and list `right`
- *
- * The two lists must be sorted. Items only in list `left` are added to the
- * `onlyleft` list. Items only in list `right` are added to the `onlyright`
- * list.
- *
- * @param left      the first list
- * @param right     the second list
- * @param fn        the comparison function
- * @param onlyleft  pointer to the first result list
- * @param onlyright pointer to the second result list
- *
- */
+int SYMEXPORT alpm_list_cmp_unsorted(const alpm_list_t *left,
+		const alpm_list_t *right, alpm_list_fn_cmp fn)
+{
+	const alpm_list_t *l = left;
+	const alpm_list_t *r = right;
+	int *matched;
+
+	/* short circuiting length comparison */
+	while(l && r) {
+		l = l->next;
+		r = r->next;
+	}
+	if(l || r) {
+		return 0;
+	}
+
+	/* faster comparison for if the lists happen to be in the same order */
+	while(left && fn(left->data, right->data) == 0) {
+		left = left->next;
+		right = right->next;
+	}
+	if(!left) {
+		return 1;
+	}
+
+	matched = calloc(alpm_list_count(right), sizeof(int));
+	if(matched == NULL) {
+		return -1;
+	}
+
+	for(l = left; l; l = l->next) {
+		int found = 0;
+		int n = 0;
+
+		for(r = right; r; r = r->next, n++) {
+			/* make sure we don't match the same value twice */
+			if(matched[n]) {
+				continue;
+			}
+			if(fn(l->data, r->data) == 0) {
+				found = 1;
+				matched[n] = 1;
+				break;
+			}
+
+		}
+
+		if(!found) {
+			free(matched);
+			return 0;
+		}
+	}
+
+	free(matched);
+	return 1;
+}
+
 void SYMEXPORT alpm_list_diff_sorted(const alpm_list_t *left,
 		const alpm_list_t *right, alpm_list_fn_cmp fn,
 		alpm_list_t **onlyleft, alpm_list_t **onlyright)
@ -782,15 +610,6 @@ void SYMEXPORT alpm_list_diff_sorted(const alpm_list_t *left,
 }


-/**
- * @brief Find the items in list `lhs` that are not present in list `rhs`.
- *
- * @param lhs the first list
- * @param rhs the second list
- * @param fn  the comparison function
- *
- * @return a list containing all items in `lhs` not present in `rhs`
- */
 alpm_list_t SYMEXPORT *alpm_list_diff(const alpm_list_t *lhs,
 		const alpm_list_t *rhs, alpm_list_fn_cmp fn)
 {
@ -809,17 +628,6 @@ alpm_list_t SYMEXPORT *alpm_list_diff(const alpm_list_t *lhs,
 	return ret;
 }

-/**
- * @brief Copy a list and data into a standard C array of fixed length.
- * Note that the data elements are shallow copied so any contained pointers
- * will point to the original data.
- *
- * @param list the list to copy
- * @param n    the size of the list
- * @param size the size of each data element
- *
- * @return an array version of the original list, data copied as well
- */
 void SYMEXPORT *alpm_list_to_array(const alpm_list_t *list, size_t n,
 		size_t size)
 {
@ -840,5 +648,3 @@ void SYMEXPORT *alpm_list_to_array(const alpm_list_t *list, size_t n,
 	}
 	return array;
 }
-
-/** @} */
--- a/lib/libalpm/alpm_list.h
+++ b/lib/libalpm/alpm_list.h
@ -1,7 +1,7 @@
 /*
 *  alpm_list.h
 *
- *  Copyright (c) 2006-2018 Pacman Development Team <pacman-dev@archlinux.org>
+ *  Copyright (c) 2006-2025 Pacman Development Team <pacman-dev@lists.archlinux.org>
 *  Copyright (c) 2002-2006 by Judd Vinet <jvinet@zeroflux.org>
 *
 *  This program is free software; you can redistribute it and/or modify
@ -17,6 +17,8 @@
 *  You should have received a copy of the GNU General Public License
 *  along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
+
+
 #ifndef ALPM_LIST_H
 #define ALPM_LIST_H

@ -31,63 +33,362 @@ extern "C" {
 #endif

 /**
- * @brief Linked list type used by libalpm.
+ * @ingroup libalpm
+ * @addtogroup libalpm_list libalpm_list(3)
+ * @brief Functions to manipulate alpm_list_t lists.
+ *
+ * These functions are designed to create, destroy, and modify lists of
+ * type alpm_list_t. This is an internal list type used by libalpm that is
+ * publicly exposed for use by frontends if desired.
 *
 * It is exposed so front ends can use it to prevent the need to reimplement
 * lists of their own; however, it is not required that the front end uses
 * it.
+ * @{
 */
-typedef struct __alpm_list_t {
+
+/** A doubly linked list */
+typedef struct _alpm_list_t {
 	/** data held by the list node */
 	void *data;
 	/** pointer to the previous node */
-	struct __alpm_list_t *prev;
+	struct _alpm_list_t *prev;
 	/** pointer to the next node */
-	struct __alpm_list_t *next;
+	struct _alpm_list_t *next;
 } alpm_list_t;

+/** Frees a list and its contents */
 #define FREELIST(p) do { alpm_list_free_inner(p, free); alpm_list_free(p); p = NULL; } while(0)

-typedef void (*alpm_list_fn_free)(void *); /* item deallocation callback */
-typedef int (*alpm_list_fn_cmp)(const void *, const void *); /* item comparison callback */
+/** item deallocation callback.
+ * @param item the item to free
+ */
+typedef void (*alpm_list_fn_free)(void * item);
+
+/** item comparison callback */
+typedef int (*alpm_list_fn_cmp)(const void *, const void *);

 /* allocation */
+
+/** Free a list, but not the contained data.
+ *
+ * @param list the list to free
+ */
 void alpm_list_free(alpm_list_t *list);
+
+/** Free the internal data of a list structure but not the list itself.
+ *
+ * @param list the list to free
+ * @param fn a free function for the internal data
+ */
 void alpm_list_free_inner(alpm_list_t *list, alpm_list_fn_free fn);

 /* item mutators */
+
+/** Add a new item to the end of the list.
+ *
+ * @param list the list to add to
+ * @param data the new item to be added to the list
+ *
+ * @return the resultant list
+ */
 alpm_list_t *alpm_list_add(alpm_list_t *list, void *data);
+
+/**
+ * @brief Add a new item to the end of the list.
+ *
+ * @param list the list to add to
+ * @param data the new item to be added to the list
+ *
+ * @return the newly added item
+ */
 alpm_list_t *alpm_list_append(alpm_list_t **list, void *data);
+
+/**
+ * @brief Duplicate and append a string to a list.
+ *
+ * @param list the list to append to
+ * @param data the string to duplicate and append
+ *
+ * @return the newly added item
+ */
 alpm_list_t *alpm_list_append_strdup(alpm_list_t **list, const char *data);
+
+/**
+ * @brief Add items to a list in sorted order.
+ *
+ * @param list the list to add to
+ * @param data the new item to be added to the list
+ * @param fn   the comparison function to use to determine order
+ *
+ * @return the resultant list
+ */
 alpm_list_t *alpm_list_add_sorted(alpm_list_t *list, void *data, alpm_list_fn_cmp fn);
+
+/**
+ * @brief Join two lists.
+ * The two lists must be independent. Do not free the original lists after
+ * calling this function, as this is not a copy operation. The list pointers
+ * passed in should be considered invalid after calling this function.
+ *
+ * @param first  the first list
+ * @param second the second list
+ *
+ * @return the resultant joined list
+ */
 alpm_list_t *alpm_list_join(alpm_list_t *first, alpm_list_t *second);
+
+/**
+ * @brief Merge the two sorted sublists into one sorted list.
+ *
+ * @param left  the first list
+ * @param right the second list
+ * @param fn    comparison function for determining merge order
+ *
+ * @return the resultant list
+ */
 alpm_list_t *alpm_list_mmerge(alpm_list_t *left, alpm_list_t *right, alpm_list_fn_cmp fn);
+
+/**
+ * @brief Sort a list of size `n` using mergesort algorithm.
+ *
+ * @param list the list to sort
+ * @param n    the size of the list
+ * @param fn   the comparison function for determining order
+ *
+ * @return the resultant list
+ */
 alpm_list_t *alpm_list_msort(alpm_list_t *list, size_t n, alpm_list_fn_cmp fn);
+
+/**
+ * @brief Remove an item from the list.
+ * item is not freed; this is the responsibility of the caller.
+ *
+ * @param haystack the list to remove the item from
+ * @param item the item to remove from the list
+ *
+ * @return the resultant list
+ */
 alpm_list_t *alpm_list_remove_item(alpm_list_t *haystack, alpm_list_t *item);
+
+/**
+ * @brief Remove an item from the list.
+ *
+ * @param haystack the list to remove the item from
+ * @param needle   the data member of the item we're removing
+ * @param fn       the comparison function for searching
+ * @param data     output parameter containing data of the removed item
+ *
+ * @return the resultant list
+ */
 alpm_list_t *alpm_list_remove(alpm_list_t *haystack, const void *needle, alpm_list_fn_cmp fn, void **data);
+
+/**
+ * @brief Remove a string from a list.
+ *
+ * @param haystack the list to remove the item from
+ * @param needle   the data member of the item we're removing
+ * @param data     output parameter containing data of the removed item
+ *
+ * @return the resultant list
+ */
 alpm_list_t *alpm_list_remove_str(alpm_list_t *haystack, const char *needle, char **data);
+
+/**
+ * @brief Create a new list without any duplicates.
+ *
+ * This does NOT copy data members.
+ *
+ * @param list the list to copy
+ *
+ * @return a new list containing non-duplicate items
+ */
 alpm_list_t *alpm_list_remove_dupes(const alpm_list_t *list);
+
+/**
+ * @brief Copy a string list, including data.
+ *
+ * @param list the list to copy
+ *
+ * @return a copy of the original list
+ */
 alpm_list_t *alpm_list_strdup(const alpm_list_t *list);
+
+/**
+ * @brief Copy a list, without copying data.
+ *
+ * @param list the list to copy
+ *
+ * @return a copy of the original list
+ */
 alpm_list_t *alpm_list_copy(const alpm_list_t *list);
+
+/**
+ * @brief Copy a list and copy the data.
+ * Note that the data elements to be copied should not contain pointers
+ * and should also be of constant size.
+ *
+ * @param list the list to copy
+ * @param size the size of each data element
+ *
+ * @return a copy of the original list, data copied as well
+ */
 alpm_list_t *alpm_list_copy_data(const alpm_list_t *list, size_t size);
+
+/**
+ * @brief Create a new list in reverse order.
+ *
+ * @param list the list to copy
+ *
+ * @return a new list in reverse order
+ */
 alpm_list_t *alpm_list_reverse(alpm_list_t *list);

 /* item accessors */
+
+
+/**
+ * @brief Return nth element from list (starting from 0).
+ *
+ * @param list the list
+ * @param n    the index of the item to find (n < alpm_list_count(list) IS needed)
+ *
+ * @return an alpm_list_t node for index `n`
+ */
 alpm_list_t *alpm_list_nth(const alpm_list_t *list, size_t n);
+
+/**
+ * @brief Get the next element of a list.
+ *
+ * @param list the list node
+ *
+ * @return the next element, or NULL when no more elements exist
+ */
 alpm_list_t *alpm_list_next(const alpm_list_t *list);
+
+/**
+ * @brief Get the previous element of a list.
+ *
+ * @param list the list head
+ *
+ * @return the previous element, or NULL when no previous element exist
+ */
 alpm_list_t *alpm_list_previous(const alpm_list_t *list);
+
+/**
+ * @brief Get the last item in the list.
+ *
+ * @param list the list
+ *
+ * @return the last element in the list
+ */
 alpm_list_t *alpm_list_last(const alpm_list_t *list);

 /* misc */
+
+/**
+ * @brief Get the number of items in a list.
+ *
+ * @param list the list
+ *
+ * @return the number of list items
+ */
 size_t alpm_list_count(const alpm_list_t *list);
+
+/**
+ * @brief Find an item in a list.
+ *
+ * @param needle   the item to search
+ * @param haystack the list
+ * @param fn       the comparison function for searching (!= NULL)
+ *
+ * @return `needle` if found, NULL otherwise
+ */
 void *alpm_list_find(const alpm_list_t *haystack, const void *needle, alpm_list_fn_cmp fn);
+
+/**
+ * @brief Find an item in a list.
+ *
+ * Search for the item whose data matches that of the `needle`.
+ *
+ * @param needle   the data to search for (== comparison)
+ * @param haystack the list
+ *
+ * @return `needle` if found, NULL otherwise
+ */
 void *alpm_list_find_ptr(const alpm_list_t *haystack, const void *needle);
+
+/**
+ * @brief Find a string in a list.
+ *
+ * @param needle   the string to search for
+ * @param haystack the list
+ *
+ * @return `needle` if found, NULL otherwise
+ */
 char *alpm_list_find_str(const alpm_list_t *haystack, const char *needle);
-alpm_list_t *alpm_list_diff(const alpm_list_t *lhs, const alpm_list_t *rhs, alpm_list_fn_cmp fn);
+
+
+/**
+ * @brief Check if two lists contain the same data, ignoring order.
+ *
+ * Lists are considered equal if they both contain the same data regardless
+ * of order.
+ *
+ * @param left      the first list
+ * @param right     the second list
+ * @param fn        the comparison function
+ *
+ * @return 1 if the lists are equal, 0 if not equal, -1 on error.
+ */
+int alpm_list_cmp_unsorted(const alpm_list_t *left,
+		const alpm_list_t *right, alpm_list_fn_cmp fn);
+
+/**
+ * @brief Find the differences between list `left` and list `right`
+ *
+ * The two lists must be sorted. Items only in list `left` are added to the
+ * `onlyleft` list. Items only in list `right` are added to the `onlyright`
+ * list.
+ *
+ * @param left      the first list
+ * @param right     the second list
+ * @param fn        the comparison function
+ * @param onlyleft  pointer to the first result list
+ * @param onlyright pointer to the second result list
+ *
+ */
 void alpm_list_diff_sorted(const alpm_list_t *left, const alpm_list_t *right,
 		alpm_list_fn_cmp fn, alpm_list_t **onlyleft, alpm_list_t **onlyright);
+
+/**
+ * @brief Find the items in list `lhs` that are not present in list `rhs`.
+ *
+ * @param lhs the first list
+ * @param rhs the second list
+ * @param fn  the comparison function
+ *
+ * @return a list containing all items in `lhs` not present in `rhs`
+ */
+
+alpm_list_t *alpm_list_diff(const alpm_list_t *lhs, const alpm_list_t *rhs, alpm_list_fn_cmp fn);
+
+/**
+ * @brief Copy a list and data into a standard C array of fixed length.
+ * Note that the data elements are shallow copied so any contained pointers
+ * will point to the original data.
+ *
+ * @param list the list to copy
+ * @param n    the size of the list
+ * @param size the size of each data element
+ *
+ * @return an array version of the original list, data copied as well
+ */
 void *alpm_list_to_array(const alpm_list_t *list, size_t n, size_t size);

+/* End of alpm_list */
+/** @} */
+
 #ifdef __cplusplus
 }
 #endif
--- a/lib/libalpm/backup.c
+++ b/lib/libalpm/backup.c
@ -1,7 +1,7 @@
 /*
 *  backup.c
 *
- *  Copyright (c) 2006-2018 Pacman Development Team <pacman-dev@archlinux.org>
+ *  Copyright (c) 2006-2025 Pacman Development Team <pacman-dev@lists.archlinux.org>
 *  Copyright (c) 2005 by Judd Vinet <jvinet@zeroflux.org>
 *  Copyright (c) 2005 by Aurelien Foret <orelien@chez.com>
 *  Copyright (c) 2005 by Christian Hamar <krics@linuxforum.hu>
--- a/lib/libalpm/backup.h
+++ b/lib/libalpm/backup.h
@ -1,7 +1,7 @@
 /*
 *  backup.h
 *
- *  Copyright (c) 2006-2018 Pacman Development Team <pacman-dev@archlinux.org>
+ *  Copyright (c) 2006-2025 Pacman Development Team <pacman-dev@lists.archlinux.org>
 *  Copyright (c) 2002-2006 by Judd Vinet <jvinet@zeroflux.org>
 *
 *  This program is free software; you can redistribute it and/or modify
--- a/lib/libalpm/be_local.c
+++ b/lib/libalpm/be_local.c
@ -1,7 +1,7 @@
 /*
 *  be_local.c : backend for the local database
 *
- *  Copyright (c) 2006-2018 Pacman Development Team <pacman-dev@archlinux.org>
+ *  Copyright (c) 2006-2025 Pacman Development Team <pacman-dev@lists.archlinux.org>
 *  Copyright (c) 2002-2006 by Judd Vinet <jvinet@zeroflux.org>
 *
 *  This program is free software; you can redistribute it and/or modify
@ -195,6 +195,12 @@ static alpm_list_t *_cache_get_backup(alpm_pkg_t *pkg)
 	return pkg->backup;
 }

+static alpm_list_t *_cache_get_xdata(alpm_pkg_t *pkg)
+{
+	LAZY_LOAD(INFRQ_DESC);
+	return pkg->xdata;
+}
+
 /**
 * Open a package changelog for reading. Similar to fopen in functionality,
 * except that the returned 'file stream' is from the database.
@ -244,7 +250,6 @@ static int _cache_changelog_close(const alpm_pkg_t UNUSED *pkg, void *fp)
 */
 static struct archive *_cache_mtree_open(alpm_pkg_t *pkg)
 {
-	int r;
 	struct archive *mtree;

 	alpm_db_t *db = alpm_pkg_get_db(pkg);
@ -256,19 +261,17 @@ static struct archive *_cache_mtree_open(alpm_pkg_t *pkg)
 	}

 	if((mtree = archive_read_new()) == NULL) {
-		pkg->handle->pm_errno = ALPM_ERR_LIBARCHIVE;
-		goto error;
+		GOTO_ERR(pkg->handle, ALPM_ERR_LIBARCHIVE, error);
 	}

 	_alpm_archive_read_support_filter_all(mtree);
 	archive_read_support_format_mtree(mtree);

-	if((r = _alpm_archive_read_open_file(mtree, mtfile, ALPM_BUFFER_SIZE))) {
+	if(_alpm_archive_read_open_file(mtree, mtfile, ALPM_BUFFER_SIZE)) {
 		_alpm_log(pkg->handle, ALPM_LOG_ERROR, _("error while reading file %s: %s\n"),
 					mtfile, archive_error_string(mtree));
-		pkg->handle->pm_errno = ALPM_ERR_LIBARCHIVE;
 		_alpm_archive_read_free(mtree);
-		goto error;
+		GOTO_ERR(pkg->handle, ALPM_ERR_LIBARCHIVE, error);
 	}

 	free(mtfile);
@ -284,12 +287,26 @@ error:
 * @param pkg the package that the mtree file is being read from
 * @param archive the archive structure reading from the mtree file
 * @param entry an archive_entry to store the entry header information
- * @return 0 if end of archive is reached, non-zero otherwise.
+ * @return 0 on success, 1 if end of archive is reached, -1 otherwise.
 */
 static int _cache_mtree_next(const alpm_pkg_t UNUSED *pkg,
 		struct archive *mtree, struct archive_entry **entry)
 {
-	return archive_read_next_header(mtree, entry);
+	int ret;
+	ret = archive_read_next_header(mtree, entry);
+
+	switch(ret) {
+		case ARCHIVE_OK:
+			return 0;
+			break;
+		case ARCHIVE_EOF:
+			return 1;
+			break;
+		default:
+			break;
+	}
+
+	return -1;
 }

 /**
@ -314,7 +331,7 @@ static int _cache_force_load(alpm_pkg_t *pkg)
 * lazy accessor methods that handle any backend loading and caching
 * logic.
 */
-static struct pkg_operations local_pkg_ops = {
+static const struct pkg_operations local_pkg_ops = {
 	.get_base = _cache_get_base,
 	.get_desc = _cache_get_desc,
 	.get_url = _cache_get_url,
@ -337,6 +354,7 @@ static struct pkg_operations local_pkg_ops = {
 	.get_replaces = _cache_get_replaces,
 	.get_files = _cache_get_files,
 	.get_backup = _cache_get_backup,
+	.get_xdata = _cache_get_xdata,

 	.changelog_open = _cache_changelog_open,
 	.changelog_read = _cache_changelog_read,
@ -612,6 +630,10 @@ static int local_db_populate(alpm_db_t *db)
 			continue;
 		}

+		/* treat local metadata errors as warning-only,
+		 * they are already installed and otherwise they can't be operated on */
+		_alpm_pkg_check_meta(pkg);
+
 		/* add to the collection */
 		_alpm_log(db->handle, ALPM_LOG_FUNCTION, "adding '%s' to package cache for db '%s'\n",
 				pkg->name, db->treename);
@ -632,6 +654,17 @@ static int local_db_populate(alpm_db_t *db)
 	return 0;
 }

+static alpm_pkgreason_t _read_pkgreason(alpm_handle_t *handle, const char *pkgname, const char *line) {
+	if(strcmp(line, "0") == 0) {
+		return ALPM_PKG_REASON_EXPLICIT;
+	} else if(strcmp(line, "1") == 0) {
+		return ALPM_PKG_REASON_DEPEND;
+	} else {
+		_alpm_log(handle, ALPM_LOG_ERROR, _("unknown install reason for package %s: %s\n"), pkgname, line);
+		return ALPM_PKG_REASON_UNKNOWN;
+	}
+}
+
 /* Note: the return value must be freed by the caller */
 char *_alpm_local_db_pkgpath(alpm_db_t *db, alpm_pkg_t *info,
 		const char *filename)
@ -644,7 +677,7 @@ char *_alpm_local_db_pkgpath(alpm_db_t *db, alpm_pkg_t *info,
 	len = strlen(dbpath) + strlen(info->name) + strlen(info->version) + 3;
 	len += filename ? strlen(filename) : 0;
 	MALLOC(pkgpath, len, RET_ERR(db->handle, ALPM_ERR_MEMORY, NULL));
-	sprintf(pkgpath, "%s%s-%s/%s", dbpath, info->name, info->version,
+	snprintf(pkgpath, len, "%s%s-%s/%s", dbpath, info->name, info->version,
 			filename ? filename : "");
 	return pkgpath;
 }
@ -680,7 +713,7 @@ char *_alpm_local_db_pkgpath(alpm_db_t *db, alpm_pkg_t *info,
 static int local_db_read(alpm_pkg_t *info, int inforeq)
 {
 	FILE *fp = NULL;
-	char line[1024];
+	char line[1024] = {0};
 	alpm_db_t *db = info->origin_data.db;

 	/* bitmask logic here:
@ -703,9 +736,6 @@ static int local_db_read(alpm_pkg_t *info, int inforeq)
 			"loading package data for %s : level=0x%x\n",
 			info->name, inforeq);

-	/* clear out 'line', to be certain - and to make valgrind happy */
-	memset(line, 0, sizeof(line));
-
 	/* DESC */
 	if(inforeq & INFRQ_DESC && !(info->infolevel & INFRQ_DESC)) {
 		char *path = _alpm_local_db_pkgpath(db, info, "desc");
@ -757,7 +787,7 @@ static int local_db_read(alpm_pkg_t *info, int inforeq)
 				READ_AND_STORE(info->packager);
 			} else if(strcmp(line, "%REASON%") == 0) {
 				READ_NEXT();
-				info->reason = (alpm_pkgreason_t)atoi(line);
+				info->reason = _read_pkgreason(db->handle, info->name, line);
 			} else if(strcmp(line, "%VALIDATION%") == 0) {
 				alpm_list_t *i, *v = NULL;
 				READ_AND_STORE_ALL(v);
@ -795,6 +825,23 @@ static int local_db_read(alpm_pkg_t *info, int inforeq)
 				READ_AND_SPLITDEP(info->conflicts);
 			} else if(strcmp(line, "%PROVIDES%") == 0) {
 				READ_AND_SPLITDEP(info->provides);
+			} else if(strcmp(line, "%XDATA%") == 0) {
+				alpm_list_t *i, *lines = NULL;
+				READ_AND_STORE_ALL(lines);
+				for(i = lines; i; i = i->next) {
+					alpm_pkg_xdata_t *pd = _alpm_pkg_parse_xdata(i->data);
+					if(pd == NULL || !alpm_list_append(&info->xdata, pd)) {
+						_alpm_pkg_xdata_free(pd);
+						FREELIST(lines);
+						goto error;
+					}
+				}
+				FREELIST(lines);
+			} else {
+				_alpm_log(db->handle, ALPM_LOG_WARNING, _("%s: unknown key '%s' in local database\n"), info->name, line);
+				alpm_list_t *lines = NULL;
+				READ_AND_STORE_ALL(lines);
+				FREELIST(lines);
 			}
 		}
 		fclose(fp);
@ -832,12 +879,7 @@ static int local_db_read(alpm_pkg_t *info, int inforeq)
 				}
 				/* attempt to hand back any memory we don't need */
 				if(files_count > 0) {
-					alpm_file_t *newfiles;
-
-					newfiles = realloc(files, sizeof(alpm_file_t) * files_count);
-					if(newfiles != NULL) {
-						files = newfiles;
-					}
+					REALLOC(files, sizeof(alpm_file_t) * files_count, (void)0);
 				} else {
 					FREE(files);
 				}
@ -1036,6 +1078,15 @@ int _alpm_local_db_write(alpm_db_t *db, alpm_pkg_t *info, int inforeq)
 		write_deps(fp, "%CONFLICTS%", info->conflicts);
 		write_deps(fp, "%PROVIDES%", info->provides);

+		if(info->xdata) {
+			fputs("%XDATA%\n", fp);
+			for(lp = info->xdata; lp; lp = lp->next) {
+				alpm_pkg_xdata_t *pd = lp->data;
+				fprintf(fp, "%s=%s\n", pd->name, pd->value);
+			}
+			fputc('\n', fp);
+		}
+
 		fclose(fp);
 		fp = NULL;
 	}
@ -1113,7 +1164,7 @@ int _alpm_local_db_remove(alpm_db_t *db, alpm_pkg_t *info)
 				/* file path is too long to remove, hmm. */
 				ret = -1;
 			} else {
-				sprintf(name, "%s/%s", pkgpath, dp->d_name);
+				snprintf(name, PATH_MAX, "%s/%s", pkgpath, dp->d_name);
 				if(unlink(name)) {
 					ret = -1;
 				}
@ -1154,7 +1205,7 @@ int SYMEXPORT alpm_pkg_set_reason(alpm_pkg_t *pkg, alpm_pkgreason_t reason)
 	return 0;
 }

-struct db_operations local_db_ops = {
+static const struct db_operations local_db_ops = {
 	.validate         = local_db_validate,
 	.populate         = local_db_populate,
 	.unregister       = _alpm_db_unregister,
--- a/lib/libalpm/be_package.c
+++ b/lib/libalpm/be_package.c
@ -1,7 +1,7 @@
 /*
 *  be_package.c : backend for packages
 *
- *  Copyright (c) 2006-2018 Pacman Development Team <pacman-dev@archlinux.org>
+ *  Copyright (c) 2006-2025 Pacman Development Team <pacman-dev@lists.archlinux.org>
 *  Copyright (c) 2002-2006 by Judd Vinet <jvinet@zeroflux.org>
 *
 *  This program is free software; you can redistribute it and/or modify
@ -134,11 +134,10 @@ static int _package_changelog_close(const alpm_pkg_t UNUSED *pkg, void *fp)
 }

 /** Package file operations struct accessor. We implement this as a method
- * rather than a static struct as in be_files because we want to reuse the
- * majority of the default_pkg_ops struct and add only a few operations of
- * our own on top.
+ * because we want to reuse the majority of the default_pkg_ops struct and
+ * add only a few operations of our own on top.
 */
-static struct pkg_operations *get_file_pkg_ops(void)
+static const struct pkg_operations *get_file_pkg_ops(void)
 {
 	static struct pkg_operations file_pkg_ops;
 	static int file_pkg_ops_initialized = 0;
@ -164,9 +163,8 @@ static int parse_descfile(alpm_handle_t *handle, struct archive *a, alpm_pkg_t *
 	char *ptr = NULL;
 	char *key = NULL;
 	int ret, linenum = 0;
-	struct archive_read_buffer buf;
+	struct archive_read_buffer buf = {0};

-	memset(&buf, 0, sizeof(buf));
 	/* 512K for a line length seems reasonable */
 	buf.max_line_size = 512 * 1024;

@ -202,11 +200,15 @@ static int parse_descfile(alpm_handle_t *handle, struct archive *a, alpm_pkg_t *
 			} else if(strcmp(key, "pkgdesc") == 0) {
 				STRDUP(newpkg->desc, ptr, return -1);
 			} else if(strcmp(key, "group") == 0) {
-				newpkg->groups = alpm_list_add(newpkg->groups, strdup(ptr));
+				char *tmp = NULL;
+				STRDUP(tmp, ptr, return -1);
+				newpkg->groups = alpm_list_add(newpkg->groups, tmp);
 			} else if(strcmp(key, "url") == 0) {
 				STRDUP(newpkg->url, ptr, return -1);
 			} else if(strcmp(key, "license") == 0) {
-				newpkg->licenses = alpm_list_add(newpkg->licenses, strdup(ptr));
+				char *tmp = NULL;
+				STRDUP(tmp, ptr, return -1);
+				newpkg->licenses = alpm_list_add(newpkg->licenses, tmp);
 			} else if(strcmp(key, "builddate") == 0) {
 				newpkg->builddate = _alpm_parsedate(ptr);
 			} else if(strcmp(key, "packager") == 0) {
@ -242,13 +244,17 @@ static int parse_descfile(alpm_handle_t *handle, struct archive *a, alpm_pkg_t *
 				CALLOC(backup, 1, sizeof(alpm_backup_t), return -1);
 				STRDUP(backup->name, ptr, FREE(backup); return -1);
 				newpkg->backup = alpm_list_add(newpkg->backup, backup);
-			} else if(strcmp(key, "force") == 0) {
-				/* deprecated, skip it */
-			} else if(strcmp(key, "makepkgopt") == 0) {
-				/* not used atm */
+			} else if(strcmp(key, "xdata") == 0) {
+				alpm_pkg_xdata_t *pd = _alpm_pkg_parse_xdata(ptr);
+				if(pd == NULL || !alpm_list_append(&newpkg->xdata, pd)) {
+					_alpm_pkg_xdata_free(pd);
+					return -1;
+				}
 			} else {
+				const char *pkgname = newpkg->name ? newpkg->name : "error";
+				_alpm_log(handle, ALPM_LOG_WARNING, _("%s: unknown key '%s' in package description\n"), pkgname, key);
 				_alpm_log(handle, ALPM_LOG_DEBUG, "%s: unknown key '%s' in description file line %d\n",
-									newpkg->name ? newpkg->name : "error", key, linenum);
+									pkgname, key, linenum);
 			}
 		}
 	}
@ -308,7 +314,7 @@ int _alpm_pkg_validate_internal(alpm_handle_t *handle,
 		}
 	}

-	if(syncpkg && !has_sig) {
+	if(syncpkg && (!has_sig || !syncpkg->base64_sig)) {
 		if(syncpkg->md5sum && !syncpkg->sha256sum) {
 			_alpm_log(handle, ALPM_LOG_DEBUG, "md5sum: %s\n", syncpkg->md5sum);
 			_alpm_log(handle, ALPM_LOG_DEBUG, "checking md5sum for %s\n", pkgfile);
@ -448,18 +454,15 @@ static int build_filelist_from_mtree(alpm_handle_t *handle, alpm_pkg_t *pkg, str
 	char *mtree_data = NULL;
 	struct archive *mtree;
 	struct archive_entry *mtree_entry = NULL;
-	alpm_filelist_t filelist;
+	alpm_filelist_t filelist = {0};

 	_alpm_log(handle, ALPM_LOG_DEBUG,
 			"found mtree for package %s, getting file list\n", pkg->filename);

-	memset(&filelist, 0, sizeof(alpm_filelist_t));
-
 	/* create a new archive to parse the mtree and load it from archive into memory */
 	/* TODO: split this into a function */
 	if((mtree = archive_read_new()) == NULL) {
-		handle->pm_errno = ALPM_ERR_LIBARCHIVE;
-		goto error;
+		GOTO_ERR(handle, ALPM_ERR_LIBARCHIVE, error);
 	}

 	_alpm_archive_read_support_filter_all(mtree);
@ -478,8 +481,7 @@ static int build_filelist_from_mtree(alpm_handle_t *handle, alpm_pkg_t *pkg, str
 		if(size < 0) {
 			_alpm_log(handle, ALPM_LOG_DEBUG, _("error while reading package %s: %s\n"),
 					pkg->filename, archive_error_string(archive));
-			handle->pm_errno = ALPM_ERR_LIBARCHIVE;
-			goto error;
+			GOTO_ERR(handle, ALPM_ERR_LIBARCHIVE, error);
 		}
 		if(size == 0) {
 			break;
@ -492,8 +494,7 @@ static int build_filelist_from_mtree(alpm_handle_t *handle, alpm_pkg_t *pkg, str
 		_alpm_log(handle, ALPM_LOG_DEBUG,
 				_("error while reading mtree of package %s: %s\n"),
 				pkg->filename, archive_error_string(mtree));
-		handle->pm_errno = ALPM_ERR_LIBARCHIVE;
-		goto error;
+		GOTO_ERR(handle, ALPM_ERR_LIBARCHIVE, error);
 	}

 	while((ret = archive_read_next_header(mtree, &mtree_entry)) == ARCHIVE_OK) {
@ -516,8 +517,7 @@ static int build_filelist_from_mtree(alpm_handle_t *handle, alpm_pkg_t *pkg, str
 	if(ret != ARCHIVE_EOF && ret != ARCHIVE_OK) { /* An error occurred */
 		_alpm_log(handle, ALPM_LOG_DEBUG, _("error while reading mtree of package %s: %s\n"),
 				pkg->filename, archive_error_string(mtree));
-		handle->pm_errno = ALPM_ERR_LIBARCHIVE;
-		goto error;
+		GOTO_ERR(handle, ALPM_ERR_LIBARCHIVE, error);
 	}

 	/* throw away any files we loaded directly from the archive */
@ -582,11 +582,9 @@ alpm_pkg_t *_alpm_pkg_load_internal(alpm_handle_t *handle,

 	newpkg = _alpm_pkg_new();
 	if(newpkg == NULL) {
-		handle->pm_errno = ALPM_ERR_MEMORY;
-		goto error;
+		GOTO_ERR(handle, ALPM_ERR_MEMORY, error);
 	}
-	STRDUP(newpkg->filename, pkgfile,
-			handle->pm_errno = ALPM_ERR_MEMORY; goto error);
+	STRDUP(newpkg->filename, pkgfile, GOTO_ERR(handle, ALPM_ERR_MEMORY, error));
 	newpkg->size = st.st_size;

 	_alpm_log(handle, ALPM_LOG_DEBUG, "starting package load for %s\n", pkgfile);
@ -636,8 +634,7 @@ alpm_pkg_t *_alpm_pkg_load_internal(alpm_handle_t *handle,
 		if(archive_read_data_skip(archive)) {
 			_alpm_log(handle, ALPM_LOG_ERROR, _("error while reading package %s: %s\n"),
 					pkgfile, archive_error_string(archive));
-			handle->pm_errno = ALPM_ERR_LIBARCHIVE;
-			goto error;
+			GOTO_ERR(handle, ALPM_ERR_LIBARCHIVE, error);
 		}

 		/* if we are not doing a full read, see if we have all we need */
@ -649,8 +646,7 @@ alpm_pkg_t *_alpm_pkg_load_internal(alpm_handle_t *handle,
 	if(ret != ARCHIVE_EOF && ret != ARCHIVE_OK) { /* An error occurred */
 		_alpm_log(handle, ALPM_LOG_ERROR, _("error while reading package %s: %s\n"),
 				pkgfile, archive_error_string(archive));
-		handle->pm_errno = ALPM_ERR_LIBARCHIVE;
-		goto error;
+		GOTO_ERR(handle, ALPM_ERR_LIBARCHIVE, error);
 	}

 	if(!config) {
@ -658,12 +654,9 @@ alpm_pkg_t *_alpm_pkg_load_internal(alpm_handle_t *handle,
 		goto pkg_invalid;
 	}

-	_alpm_archive_read_free(archive);
-	close(fd);
-
 	/* internal fields for package struct */
 	newpkg->origin = ALPM_PKG_FROM_FILE;
-	newpkg->origin_data.file = strdup(pkgfile);
+	STRDUP(newpkg->origin_data.file, pkgfile, goto error);
 	newpkg->ops = get_file_pkg_ops();
 	newpkg->handle = handle;
 	newpkg->infolevel = INFRQ_BASE | INFRQ_DESC | INFRQ_SCRIPTLET;
@ -672,8 +665,7 @@ alpm_pkg_t *_alpm_pkg_load_internal(alpm_handle_t *handle,
 	if(full) {
 		if(newpkg->files.files) {
 			/* attempt to hand back any memory we don't need */
-			newpkg->files.files = realloc(newpkg->files.files,
-					sizeof(alpm_file_t) * newpkg->files.count);
+			REALLOC(newpkg->files.files, sizeof(alpm_file_t) * newpkg->files.count, (void)0);
 			/* "checking for conflicts" requires a sorted list, ensure that here */
 			_alpm_log(handle, ALPM_LOG_DEBUG,
 					"sorting package filelist for %s\n", pkgfile);
@ -683,6 +675,12 @@ alpm_pkg_t *_alpm_pkg_load_internal(alpm_handle_t *handle,
 		newpkg->infolevel |= INFRQ_FILES;
 	}

+	if(_alpm_pkg_check_meta(newpkg) != 0) {
+		goto pkg_invalid;
+	}
+
+	_alpm_archive_read_free(archive);
+	close(fd);
 	return newpkg;

 pkg_invalid:
@ -690,9 +688,7 @@ pkg_invalid:
 error:
 	_alpm_pkg_free(newpkg);
 	_alpm_archive_read_free(archive);
-	if(fd >= 0) {
-		close(fd);
-	}
+	close(fd);

 	return NULL;
 }
@ -731,6 +727,7 @@ int SYMEXPORT alpm_pkg_load(alpm_handle_t *handle, const char *filename, int ful
 {
 	int validation = 0;
 	char *sigpath;
+	alpm_pkg_t *pkg_temp;

 	CHECK_HANDLE(handle, return -1);
 	ASSERT(pkg != NULL, RET_ERR(handle, ALPM_ERR_WRONG_ARGS, -1));
@ -755,9 +752,11 @@ int SYMEXPORT alpm_pkg_load(alpm_handle_t *handle, const char *filename, int ful
 				for(k = keys; k; k = k->next) {
 					char *key = k->data;
 					if(_alpm_key_in_keychain(handle, key) == 0) {
-						if(_alpm_key_import(handle, key) == -1) {
+						pkg_temp = _alpm_pkg_load_internal(handle, filename, full);
+						if(_alpm_key_import(handle, NULL, key) == -1) {
 							fail = 1;
 						}
+						_alpm_pkg_free(pkg_temp);
 					}
 				}
 				FREELIST(keys);
--- a/lib/libalpm/be_sync.c
+++ b/lib/libalpm/be_sync.c
@ -1,7 +1,7 @@
 /*
 *  be_sync.c : backend for sync databases
 *
- *  Copyright (c) 2006-2018 Pacman Development Team <pacman-dev@archlinux.org>
+ *  Copyright (c) 2006-2025 Pacman Development Team <pacman-dev@lists.archlinux.org>
 *  Copyright (c) 2002-2006 by Judd Vinet <jvinet@zeroflux.org>
 *
 *  This program is free software; you can redistribute it and/or modify
@ -37,7 +37,6 @@
 #include "alpm_list.h"
 #include "package.h"
 #include "handle.h"
-#include "delta.h"
 #include "deps.h"
 #include "dload.h"
 #include "filelist.h"
@ -49,7 +48,7 @@ static char *get_sync_dir(alpm_handle_t *handle)
 	struct stat buf;

 	MALLOC(syncpath, len, RET_ERR(handle, ALPM_ERR_MEMORY, NULL));
-	sprintf(syncpath, "%s%s", handle->dbpath, "sync/");
+	snprintf(syncpath, len, "%s%s", handle->dbpath, "sync/");

 	if(stat(syncpath, &buf) != 0) {
 		_alpm_log(handle, ALPM_LOG_DEBUG, "database dir '%s' does not exist, creating it\n",
@ -137,178 +136,105 @@ valid:
 	return 0;
 }

-/** Update a package database
- *
- * An update of the package database \a db will be attempted. Unless
- * \a force is true, the update will only be performed if the remote
- * database was modified since the last update.
- *
- * This operation requires a database lock, and will return an applicable error
- * if the lock could not be obtained.
- *
- * Example:
- * @code
- * alpm_list_t *syncs = alpm_get_syncdbs();
- * for(i = syncs; i; i = alpm_list_next(i)) {
- *     alpm_db_t *db = alpm_list_getdata(i);
- *     result = alpm_db_update(0, db);
- *
- *     if(result < 0) {
- *	       printf("Unable to update database: %s\n", alpm_strerrorlast());
- *     } else if(result == 1) {
- *         printf("Database already up to date\n");
- *     } else {
- *         printf("Database updated\n");
- *     }
- * }
- * @endcode
- *
- * @ingroup alpm_databases
- * @note After a successful update, the \link alpm_db_get_pkgcache()
- * package cache \endlink will be invalidated
- * @param force if true, then forces the update, otherwise update only in case
- * the database isn't up to date
- * @param db pointer to the package database to update
- * @return 0 on success, -1 on error (pm_errno is set accordingly), 1 if up to
- * to date
- */
-int SYMEXPORT alpm_db_update(int force, alpm_db_t *db)
-{
+int SYMEXPORT alpm_db_update(alpm_handle_t *handle, alpm_list_t *dbs, int force) {
 	char *syncpath;
-	const char *dbext;
+	char *temporary_syncpath;
+	const char *dbext = handle->dbext;
 	alpm_list_t *i;
-	int updated = 0;
 	int ret = -1;
 	mode_t oldmask;
-	alpm_handle_t *handle;
-	int siglevel;
+	alpm_list_t *payloads = NULL;
+	alpm_event_t event;

 	/* Sanity checks */
-	ASSERT(db != NULL, return -1);
-	handle = db->handle;
+	CHECK_HANDLE(handle, return -1);
+	ASSERT(dbs != NULL, return -1);
 	handle->pm_errno = ALPM_ERR_OK;
-	ASSERT(db != handle->db_local, RET_ERR(handle, ALPM_ERR_WRONG_ARGS, -1));
-	ASSERT(db->servers != NULL, RET_ERR(handle, ALPM_ERR_SERVER_NONE, -1));
-
-	if(!(db->usage & ALPM_DB_USAGE_SYNC)) {
-		return 0;
-	}

 	syncpath = get_sync_dir(handle);
-	if(!syncpath) {
-		return -1;
-	}
-
-	/* force update of invalid databases to fix potential mismatched database/signature */
-	if(db->status & DB_STATUS_INVALID) {
-		force = 1;
-	}
+	ASSERT(syncpath != NULL, return -1);
+	temporary_syncpath = _alpm_temporary_download_dir_setup(syncpath, handle->sandboxuser);
+	ASSERT(temporary_syncpath != NULL, FREE(syncpath); return -1);

 	/* make sure we have a sane umask */
 	oldmask = umask(0022);

-	siglevel = alpm_db_get_siglevel(db);
-
 	/* attempt to grab a lock */
 	if(_alpm_handle_lock(handle)) {
-		free(syncpath);
-		umask(oldmask);
-		RET_ERR(handle, ALPM_ERR_HANDLE_LOCK, -1);
+		GOTO_ERR(handle, ALPM_ERR_HANDLE_LOCK, cleanup);
 	}

-	dbext = db->handle->dbext;
-
-	for(i = db->servers; i; i = i->next) {
-		const char *server = i->data, *final_db_url = NULL;
-		struct dload_payload payload;
+	for(i = dbs; i; i = i->next) {
+		alpm_db_t *db = i->data;
+		int dbforce = force;
+		struct dload_payload *payload = NULL;
 		size_t len;
-		int sig_ret = 0;
+		int siglevel;

-		memset(&payload, 0, sizeof(struct dload_payload));
+		if(!(db->usage & ALPM_DB_USAGE_SYNC)) {
+			continue;
+		}

-		/* set hard upper limit of 25MiB */
-		payload.max_size = 25 * 1024 * 1024;
+		ASSERT(db != handle->db_local, GOTO_ERR(handle, ALPM_ERR_WRONG_ARGS, cleanup));
+		ASSERT(db->servers != NULL, GOTO_ERR(handle, ALPM_ERR_SERVER_NONE, cleanup));

+		/* force update of invalid databases to fix potential mismatched database/signature */
+		if(db->status & DB_STATUS_INVALID) {
+			dbforce = 1;
+		}
+
+		siglevel = alpm_db_get_siglevel(db);
+
+		CALLOC(payload, 1, sizeof(*payload), GOTO_ERR(handle, ALPM_ERR_MEMORY, cleanup));
+		payload->servers = db->servers;
 		/* print server + filename into a buffer */
-		len = strlen(server) + strlen(db->treename) + strlen(dbext) + 2;
-		MALLOC(payload.fileurl, len,
-			{
-				free(syncpath);
-				umask(oldmask);
-				RET_ERR(handle, ALPM_ERR_MEMORY, -1);
-			}
-		);
-		snprintf(payload.fileurl, len, "%s/%s%s", server, db->treename, dbext);
-		payload.handle = handle;
-		payload.force = force;
-		payload.unlink_on_fail = 1;
+		len = strlen(db->treename) + strlen(dbext) + 1;
+		MALLOC(payload->filepath, len,
+			FREE(payload); GOTO_ERR(handle, ALPM_ERR_MEMORY, cleanup));
+		snprintf(payload->filepath, len, "%s%s", db->treename, dbext);

-		ret = _alpm_download(&payload, syncpath, NULL, &final_db_url);
-		_alpm_dload_payload_reset(&payload);
-		updated = (updated || ret == 0);
-
-		if(ret != -1 && updated && (siglevel & ALPM_SIG_DATABASE)) {
-			/* an existing sig file is no good at this point */
-			char *sigpath = _alpm_sigpath(handle, _alpm_db_path(db));
-			if(!sigpath) {
-				ret = -1;
-				break;
-			}
-			unlink(sigpath);
-			free(sigpath);
-
-
-			/* check if the final URL from internal downloader looks reasonable */
-			if(final_db_url != NULL) {
-				if(strlen(final_db_url) < 3
-						|| strcmp(final_db_url + strlen(final_db_url) - strlen(dbext),
-								dbext) != 0) {
-					final_db_url = NULL;
-				}
-			}
-
-			/* if we downloaded a DB, we want the .sig from the same server */
-			if(final_db_url != NULL) {
-				/* print final_db_url into a buffer (leave space for .sig) */
-				len = strlen(final_db_url) + 5;
-			} else {
-				/* print server + filename into a buffer (leave space for separator and .sig) */
-				len = strlen(server) + strlen(db->treename) + strlen(dbext) + 6;
-			}
-
-			MALLOC(payload.fileurl, len,
-				{
-					free(syncpath);
-					umask(oldmask);
-					RET_ERR(handle, ALPM_ERR_MEMORY, -1);
-				}
-			);
-
-			if(final_db_url != NULL) {
-				snprintf(payload.fileurl, len, "%s.sig", final_db_url);
-			} else {
-				snprintf(payload.fileurl, len, "%s/%s%s.sig", server, db->treename, dbext);
-			}
-
-			payload.handle = handle;
-			payload.force = 1;
-			payload.errors_ok = (siglevel & ALPM_SIG_DATABASE_OPTIONAL);
-
-			/* set hard upper limit of 16KiB */
-			payload.max_size = 16 * 1024;
-
-			sig_ret = _alpm_download(&payload, syncpath, NULL, NULL);
-			/* errors_ok suppresses error messages, but not the return code */
-			sig_ret = payload.errors_ok ? 0 : sig_ret;
-			_alpm_dload_payload_reset(&payload);
+		STRDUP(payload->remote_name, payload->filepath,
+			_alpm_dload_payload_reset(payload); FREE(payload);
+			GOTO_ERR(handle, ALPM_ERR_MEMORY, cleanup));
+		payload->destfile_name = _alpm_get_fullpath(temporary_syncpath, payload->remote_name, "");
+		payload->tempfile_name = _alpm_get_fullpath(temporary_syncpath, payload->remote_name, ".part");
+		if(!payload->destfile_name || !payload->tempfile_name) {
+			_alpm_dload_payload_reset(payload);
+			FREE(payload);
+			GOTO_ERR(handle, ALPM_ERR_MEMORY, cleanup);
 		}

-		if(ret != -1 && sig_ret != -1) {
-			break;
-		}
+		payload->handle = handle;
+		payload->force = dbforce;
+		payload->unlink_on_fail = 1;
+		payload->download_signature = (siglevel & ALPM_SIG_DATABASE);
+		payload->signature_optional = (siglevel & ALPM_SIG_DATABASE_OPTIONAL);
+		/* set hard upper limit of 128 MiB */
+		payload->max_size = 128 * 1024 * 1024;
+		payloads = alpm_list_add(payloads, payload);
+	}
+	if(payloads == NULL) {
+		ret = 0;
+		goto cleanup;
 	}

-	if(updated) {
+	event.type = ALPM_EVENT_DB_RETRIEVE_START;
+	EVENT(handle, &event);
+	ret = _alpm_download(handle, payloads, syncpath, temporary_syncpath);
+	if(ret < 0) {
+		event.type = ALPM_EVENT_DB_RETRIEVE_FAILED;
+		EVENT(handle, &event);
+		goto cleanup;
+	}
+	event.type = ALPM_EVENT_DB_RETRIEVE_DONE;
+	EVENT(handle, &event);
+
+	for(i = dbs; i; i = i->next) {
+		alpm_db_t *db = i->data;
+		if(!(db->usage & ALPM_DB_USAGE_SYNC)) {
+			continue;
+		}
+
 		/* Cache needs to be rebuilt */
 		_alpm_db_free_pkgcache(db);

@ -319,22 +245,31 @@ int SYMEXPORT alpm_db_update(int force, alpm_db_t *db)
 		db->status &= ~DB_STATUS_MISSING;

 		/* if the download failed skip validation to preserve the download error */
-		if(ret != -1 && sync_db_validate(db) != 0) {
+		if(sync_db_validate(db) != 0) {
+			_alpm_log(handle, ALPM_LOG_DEBUG, "failed to validate db: %s\n",
+					db->treename);
 			/* pm_errno should be set */
 			ret = -1;
 		}
 	}

+cleanup:
+	_alpm_handle_unlock(handle);
+
 	if(ret == -1) {
 		/* pm_errno was set by the download code */
-		_alpm_log(handle, ALPM_LOG_DEBUG, "failed to sync db: %s\n",
+		_alpm_log(handle, ALPM_LOG_DEBUG, "failed to sync dbs: %s\n",
 				alpm_strerror(handle->pm_errno));
 	} else {
 		handle->pm_errno = ALPM_ERR_OK;
 	}

-	_alpm_handle_unlock(handle);
-	free(syncpath);
+	if(payloads) {
+		alpm_list_free_inner(payloads, (alpm_list_fn_free)_alpm_dload_payload_reset);
+		FREELIST(payloads);
+	}
+	FREE(temporary_syncpath);
+	FREE(syncpath);
 	umask(oldmask);
 	return ret;
 }
@ -366,6 +301,22 @@ static int _sync_get_validation(alpm_pkg_t *pkg)
 	return pkg->validation;
 }

+/** Package sync operations struct accessor. We implement this as a method
+ * because we want to reuse the majority of the default_pkg_ops struct and
+ * add only a few operations of our own on top.
+ */
+static const struct pkg_operations *get_sync_pkg_ops(void)
+{
+	static struct pkg_operations sync_pkg_ops;
+	static int sync_pkg_ops_initialized = 0;
+	if(!sync_pkg_ops_initialized) {
+		sync_pkg_ops = default_pkg_ops;
+		sync_pkg_ops.get_validation = _sync_get_validation;
+		sync_pkg_ops_initialized = 1;
+	}
+	return &sync_pkg_ops;
+}
+
 static alpm_pkg_t *load_pkg_for_entry(alpm_db_t *db, const char *entryname,
 		const char **entry_filename, alpm_pkg_t *likely_pkg)
 {
@ -406,10 +357,14 @@ static alpm_pkg_t *load_pkg_for_entry(alpm_db_t *db, const char *entryname,

 		pkg->origin = ALPM_PKG_FROM_SYNCDB;
 		pkg->origin_data.db = db;
-		pkg->ops = &default_pkg_ops;
-		pkg->ops->get_validation = _sync_get_validation;
+		pkg->ops = get_sync_pkg_ops();
 		pkg->handle = db->handle;

+		if(_alpm_pkg_check_meta(pkg) != 0) {
+			_alpm_pkg_free(pkg);
+			RET_ERR(db->handle, ALPM_ERR_PKG_INVALID, NULL);
+		}
+
 		/* add to the collection */
 		_alpm_log(db->handle, ALPM_LOG_FUNCTION, "adding '%s' to package cache for db '%s'\n",
 				pkg->name, db->treename);
@ -427,9 +382,8 @@ static alpm_pkg_t *load_pkg_for_entry(alpm_db_t *db, const char *entryname,

 /* This function doesn't work as well as one might think, as size of database
 * entries varies considerably. Adding signatures nearly doubles the size of a
- * single entry; deltas also can make for large variations in size. These
- * current values are heavily influenced by Arch Linux; databases with no
- * deltas and a single signature per package. */
+ * single entry. These  current values are heavily influenced by Arch Linux;
+ * databases with a single signature per package. */
 static size_t estimate_package_count(struct stat *st, struct archive *archive)
 {
 	int per_package;
@ -503,15 +457,14 @@ static int sync_db_populate(alpm_db_t *db)

 	db->pkgcache = _alpm_pkghash_create(est_count);
 	if(db->pkgcache == NULL) {
-		db->handle->pm_errno = ALPM_ERR_MEMORY;
 		ret = -1;
-		goto cleanup;
+		GOTO_ERR(db->handle, ALPM_ERR_MEMORY, cleanup);
 	}

 	while((archive_ret = archive_read_next_header(archive, &entry)) == ARCHIVE_OK) {
 		mode_t mode = archive_entry_mode(entry);
 		if(!S_ISDIR(mode)) {
-			/* we have desc, depends or deltas - parse it */
+			/* we have desc or depends - parse it */
 			if(sync_db_read(db, archive, entry, &pkg) != 0) {
 				_alpm_log(db->handle, ALPM_LOG_ERROR,
 						_("could not parse package description file '%s' from db '%s'\n"),
@ -520,13 +473,20 @@ static int sync_db_populate(alpm_db_t *db)
 			}
 		}
 	}
+	/* the db file was successfully read, but contained errors */
+	if(ret == -1) {
+		db->status &= ~DB_STATUS_VALID;
+		db->status |= DB_STATUS_INVALID;
+		_alpm_db_free_pkgcache(db);
+		GOTO_ERR(db->handle, ALPM_ERR_DB_INVALID, cleanup);
+	}
+	/* reading the db file failed */
 	if(archive_ret != ARCHIVE_EOF) {
 		_alpm_log(db->handle, ALPM_LOG_ERROR, _("could not read db '%s' (%s)\n"),
 				db->treename, archive_error_string(archive));
 		_alpm_db_free_pkgcache(db);
-		db->handle->pm_errno = ALPM_ERR_LIBARCHIVE;
 		ret = -1;
-		goto cleanup;
+		GOTO_ERR(db->handle, ALPM_ERR_LIBARCHIVE, cleanup);
 	}

 	count = alpm_list_count(db->pkgcache->list);
@ -603,7 +563,7 @@ static int sync_db_read(alpm_db_t *db, struct archive *archive,
 {
 	const char *entryname, *filename;
 	alpm_pkg_t *pkg;
-	struct archive_read_buffer buf;
+	struct archive_read_buffer buf = {0};

 	entryname = archive_entry_pathname(entry);
 	if(entryname == NULL) {
@ -615,7 +575,6 @@ static int sync_db_read(alpm_db_t *db, struct archive *archive,
 	_alpm_log(db->handle, ALPM_LOG_FUNCTION, "loading package data from archive entry %s\n",
 			entryname);

-	memset(&buf, 0, sizeof(buf));
 	/* 512K for a line length seems reasonable */
 	buf.max_line_size = 512 * 1024;

@ -637,8 +596,7 @@ static int sync_db_read(alpm_db_t *db, struct archive *archive,
 	}

 	if(strcmp(filename, "desc") == 0 || strcmp(filename, "depends") == 0
-			|| strcmp(filename, "files") == 0
-			|| (strcmp(filename, "deltas") == 0 && db->handle->deltaratio > 0.0) ) {
+			|| strcmp(filename, "files") == 0) {
 		int ret;
 		while((ret = _alpm_archive_fgets(archive, &buf)) == ARCHIVE_OK) {
 			char *line = buf.line;
@ -707,14 +665,6 @@ static int sync_db_read(alpm_db_t *db, struct archive *archive,
 				READ_AND_SPLITDEP(pkg->conflicts);
 			} else if(strcmp(line, "%PROVIDES%") == 0) {
 				READ_AND_SPLITDEP(pkg->provides);
-			} else if(strcmp(line, "%DELTAS%") == 0) {
-				/* Different than the rest because of the _alpm_delta_parse call. */
-				while(1) {
-					READ_NEXT();
-					if(strlen(line) == 0) break;
-					pkg->deltas = alpm_list_add(pkg->deltas,
-							_alpm_delta_parse(db->handle, line));
-				}
 			} else if(strcmp(line, "%FILES%") == 0) {
 				/* TODO: this could lazy load if there is future demand */
 				size_t files_count = 0, files_size = 0;
@ -738,21 +688,36 @@ static int sync_db_read(alpm_db_t *db, struct archive *archive,
 				}
 				/* attempt to hand back any memory we don't need */
 				if(files_count > 0) {
-					files = realloc(files, sizeof(alpm_file_t) * files_count);
+					REALLOC(files, sizeof(alpm_file_t) * files_count, (void)0);
 				} else {
 					FREE(files);
 				}
 				pkg->files.count = files_count;
 				pkg->files.files = files;
 				_alpm_filelist_sort(&pkg->files);
+			} else if(strcmp(line, "%DATA%") == 0) {
+				alpm_list_t *i, *lines = NULL;
+				READ_AND_STORE_ALL(lines);
+				for(i = lines; i; i = i->next) {
+					alpm_pkg_xdata_t *pd = _alpm_pkg_parse_xdata(i->data);
+					if(pd == NULL || !alpm_list_append(&pkg->xdata, pd)) {
+						_alpm_pkg_xdata_free(pd);
+						FREELIST(lines);
+						goto error;
+					}
+				}
+				FREELIST(lines);
+			} else {
+				_alpm_log(db->handle, ALPM_LOG_WARNING, _("%s: unknown key '%s' in sync database\n"), pkg->name, line);
+				alpm_list_t *lines = NULL;
+				READ_AND_STORE_ALL(lines);
+				FREELIST(lines);
 			}
 		}
 		if(ret != ARCHIVE_EOF) {
 			goto error;
 		}
 		*likely_pkg = pkg;
-	} else if(strcmp(filename, "deltas") == 0) {
-		/* skip reading delta files if UseDelta is unset */
 	} else {
 		/* unknown database file */
 		_alpm_log(db->handle, ALPM_LOG_DEBUG, "unknown database file: %s\n", filename);
--- a/lib/libalpm/conflict.c
+++ b/lib/libalpm/conflict.c
@ -1,7 +1,7 @@
 /*
 *  conflict.c
 *
- *  Copyright (c) 2006-2018 Pacman Development Team <pacman-dev@archlinux.org>
+ *  Copyright (c) 2006-2025 Pacman Development Team <pacman-dev@lists.archlinux.org>
 *  Copyright (c) 2002-2006 by Judd Vinet <jvinet@zeroflux.org>
 *  Copyright (c) 2005 by Aurelien Foret <orelien@chez.com>
 *  Copyright (c) 2006 by David Kimpe <dnaku@frugalware.org>
@ -50,10 +50,8 @@ static alpm_conflict_t *conflict_new(alpm_pkg_t *pkg1, alpm_pkg_t *pkg2,

 	CALLOC(conflict, 1, sizeof(alpm_conflict_t), return NULL);

-	conflict->package1_hash = pkg1->name_hash;
-	conflict->package2_hash = pkg2->name_hash;
-	STRDUP(conflict->package1, pkg1->name, goto error);
-	STRDUP(conflict->package2, pkg2->name, goto error);
+	ASSERT(_alpm_pkg_dup(pkg1, &conflict->package1) == 0, goto error);
+	ASSERT(_alpm_pkg_dup(pkg2, &conflict->package2) == 0, goto error);
 	conflict->reason = reason;

 	return conflict;
@ -63,14 +61,12 @@ error:
 	return NULL;
 }

-/**
- * @brief Free a conflict and its members.
- */
 void SYMEXPORT alpm_conflict_free(alpm_conflict_t *conflict)
 {
 	ASSERT(conflict != NULL, return);
-	FREE(conflict->package2);
-	FREE(conflict->package1);
+	_alpm_pkg_free(conflict->package1);
+	_alpm_pkg_free(conflict->package2);
+
 	FREE(conflict);
 }

@ -82,10 +78,8 @@ alpm_conflict_t *_alpm_conflict_dup(const alpm_conflict_t *conflict)
 	alpm_conflict_t *newconflict;
 	CALLOC(newconflict, 1, sizeof(alpm_conflict_t), return NULL);

-	newconflict->package1_hash = conflict->package1_hash;
-	newconflict->package2_hash = conflict->package2_hash;
-	STRDUP(newconflict->package1, conflict->package1, goto error);
-	STRDUP(newconflict->package2, conflict->package2, goto error);
+	ASSERT(_alpm_pkg_dup(conflict->package1, &newconflict->package1) == 0, goto error);
+	ASSERT(_alpm_pkg_dup(conflict->package2, &newconflict->package2) == 0, goto error);
 	newconflict->reason = conflict->reason;

 	return newconflict;
@ -108,10 +102,10 @@ static int conflict_isin(alpm_conflict_t *needle, alpm_list_t *haystack)
 	alpm_list_t *i;
 	for(i = haystack; i; i = i->next) {
 		alpm_conflict_t *conflict = i->data;
-		if(needle->package1_hash == conflict->package1_hash
-				&& needle->package2_hash == conflict->package2_hash
-				&& strcmp(needle->package1, conflict->package1) == 0
-				&& strcmp(needle->package2, conflict->package2) == 0) {
+		if(needle->package1->name_hash == conflict->package1->name_hash
+				&& needle->package2->name_hash == conflict->package2->name_hash
+				&& strcmp(needle->package1->name, conflict->package1->name) == 0
+				&& strcmp(needle->package2->name, conflict->package2->name) == 0) {
 			return 1;
 		}
 	}
@ -243,14 +237,6 @@ alpm_list_t *_alpm_outerconflicts(alpm_db_t *db, alpm_list_t *packages)
 	return baddeps;
 }

-/**
- * @brief Check the package conflicts in a database
- *
- * @param handle the context handle
- * @param pkglist the list of packages to check
- *
- * @return an alpm_list_t of alpm_conflict_t
- */
 alpm_list_t SYMEXPORT *alpm_checkconflicts(alpm_handle_t *handle,
 		alpm_list_t *pkglist)
 {
@ -300,9 +286,6 @@ error:
 	RET_ERR(handle, ALPM_ERR_MEMORY, conflicts);
 }

-/**
- * @brief Frees a conflict and its members.
- */
 void SYMEXPORT alpm_fileconflict_free(alpm_fileconflict_t *conflict)
 {
 	ASSERT(conflict != NULL, return);
@ -629,8 +612,9 @@ alpm_list_t *_alpm_db_find_fileconflicts(alpm_handle_t *handle,
 			/* check if all files of the dir belong to the installed pkg */
 			if(!resolved_conflict && S_ISDIR(lsbuf.st_mode)) {
 				alpm_list_t *owners;
-				char *dir = malloc(strlen(relative_path) + 2);
-				sprintf(dir, "%s/", relative_path);
+				size_t dir_len = strlen(relative_path) + 2;
+				char *dir = malloc(dir_len);
+				snprintf(dir, dir_len, "%s/", relative_path);

 				owners = alpm_db_find_file_owners(handle->db_local, dir);
 				if(owners) {
--- a/lib/libalpm/conflict.h
+++ b/lib/libalpm/conflict.h
@ -1,7 +1,7 @@
 /*
 *  conflict.h
 *
- *  Copyright (c) 2006-2018 Pacman Development Team <pacman-dev@archlinux.org>
+ *  Copyright (c) 2006-2025 Pacman Development Team <pacman-dev@lists.archlinux.org>
 *  Copyright (c) 2002-2006 by Judd Vinet <jvinet@zeroflux.org>
 *
 *  This program is free software; you can redistribute it and/or modify
--- a/lib/libalpm/db.c
+++ b/lib/libalpm/db.c
@ -1,7 +1,7 @@
 /*
 *  db.c
 *
- *  Copyright (c) 2006-2018 Pacman Development Team <pacman-dev@archlinux.org>
+ *  Copyright (c) 2006-2025 Pacman Development Team <pacman-dev@lists.archlinux.org>
 *  Copyright (c) 2002-2006 by Judd Vinet <jvinet@zeroflux.org>
 *  Copyright (c) 2005 by Aurelien Foret <orelien@chez.com>
 *  Copyright (c) 2005 by Christian Hamar <krics@linuxforum.hu>
@ -37,12 +37,6 @@
 #include "package.h"
 #include "group.h"

-/** \addtogroup alpm_databases Database Functions
- * @brief Functions to query and manipulate the database of libalpm
- * @{
- */
-
-/** Register a sync database of packages. */
 alpm_db_t SYMEXPORT *alpm_register_syncdb(alpm_handle_t *handle,
 		const char *treename, int siglevel)
 {
@ -81,7 +75,6 @@ void _alpm_db_unregister(alpm_db_t *db)
 	_alpm_db_free(db);
 }

-/** Unregister all package databases. */
 int SYMEXPORT alpm_unregister_all_syncdbs(alpm_handle_t *handle)
 {
 	alpm_list_t *i;
@ -102,7 +95,6 @@ int SYMEXPORT alpm_unregister_all_syncdbs(alpm_handle_t *handle)
 	return 0;
 }

-/** Unregister a package database. */
 int SYMEXPORT alpm_db_unregister(alpm_db_t *db)
 {
 	int found = 0;
@ -139,19 +131,43 @@ int SYMEXPORT alpm_db_unregister(alpm_db_t *db)
 	return 0;
 }

-/** Get the serverlist of a database. */
+alpm_list_t SYMEXPORT *alpm_db_get_cache_servers(const alpm_db_t *db)
+{
+	ASSERT(db != NULL, return NULL);
+	return db->cache_servers;
+}
+
+int SYMEXPORT alpm_db_set_cache_servers(alpm_db_t *db, alpm_list_t *cache_servers)
+{
+	alpm_list_t *i;
+	ASSERT(db != NULL, return -1);
+	FREELIST(db->cache_servers);
+	for(i = cache_servers; i; i = i->next) {
+		char *url = i->data;
+		if(alpm_db_add_cache_server(db, url) != 0) {
+			return -1;
+		}
+	}
+	return 0;
+}
+
 alpm_list_t SYMEXPORT *alpm_db_get_servers(const alpm_db_t *db)
 {
 	ASSERT(db != NULL, return NULL);
 	return db->servers;
 }

-/** Set the serverlist of a database. */
 int SYMEXPORT alpm_db_set_servers(alpm_db_t *db, alpm_list_t *servers)
 {
+	alpm_list_t *i;
 	ASSERT(db != NULL, return -1);
 	FREELIST(db->servers);
-	db->servers = servers;
+	for(i = servers; i; i = i->next) {
+		char *url = i->data;
+		if(alpm_db_add_server(db, url) != 0) {
+			return -1;
+		}
+	}
 	return 0;
 }

@ -168,11 +184,25 @@ static char *sanitize_url(const char *url)
 	return newurl;
 }

-/** Add a download server to a database.
- * @param db database pointer
- * @param url url of the server
- * @return 0 on success, -1 on error (pm_errno is set accordingly)
- */
+int SYMEXPORT alpm_db_add_cache_server(alpm_db_t *db, const char *url)
+{
+	char *newurl;
+
+	/* Sanity checks */
+	ASSERT(db != NULL, return -1);
+	db->handle->pm_errno = ALPM_ERR_OK;
+	ASSERT(url != NULL && strlen(url) != 0, RET_ERR(db->handle, ALPM_ERR_WRONG_ARGS, -1));
+
+	newurl = sanitize_url(url);
+	ASSERT(newurl != NULL, RET_ERR(db->handle, ALPM_ERR_MEMORY, -1));
+
+	db->cache_servers = alpm_list_add(db->cache_servers, newurl);
+	_alpm_log(db->handle, ALPM_LOG_DEBUG, "adding new cache server URL to database '%s': %s\n",
+			db->treename, newurl);
+
+	return 0;
+}
+
 int SYMEXPORT alpm_db_add_server(alpm_db_t *db, const char *url)
 {
 	char *newurl;
@ -183,9 +213,8 @@ int SYMEXPORT alpm_db_add_server(alpm_db_t *db, const char *url)
 	ASSERT(url != NULL && strlen(url) != 0, RET_ERR(db->handle, ALPM_ERR_WRONG_ARGS, -1));

 	newurl = sanitize_url(url);
-	if(!newurl) {
-		return -1;
-	}
+	ASSERT(newurl != NULL, RET_ERR(db->handle, ALPM_ERR_MEMORY, -1));
+
 	db->servers = alpm_list_add(db->servers, newurl);
 	_alpm_log(db->handle, ALPM_LOG_DEBUG, "adding new server URL to database '%s': %s\n",
 			db->treename, newurl);
@ -193,12 +222,32 @@ int SYMEXPORT alpm_db_add_server(alpm_db_t *db, const char *url)
 	return 0;
 }

-/** Remove a download server from a database.
- * @param db database pointer
- * @param url url of the server
- * @return 0 on success, 1 on server not present,
- * -1 on error (pm_errno is set accordingly)
- */
+int SYMEXPORT alpm_db_remove_cache_server(alpm_db_t *db, const char *url)
+{
+	char *newurl, *vdata = NULL;
+	int ret = 1;
+
+	/* Sanity checks */
+	ASSERT(db != NULL, return -1);
+	db->handle->pm_errno = ALPM_ERR_OK;
+	ASSERT(url != NULL && strlen(url) != 0, RET_ERR(db->handle, ALPM_ERR_WRONG_ARGS, -1));
+
+	newurl = sanitize_url(url);
+	ASSERT(newurl != NULL, RET_ERR(db->handle, ALPM_ERR_MEMORY, -1));
+
+	db->cache_servers = alpm_list_remove_str(db->cache_servers, newurl, &vdata);
+
+	if(vdata) {
+		_alpm_log(db->handle, ALPM_LOG_DEBUG, "removed cache server URL from database '%s': %s\n",
+				db->treename, newurl);
+		free(vdata);
+		ret = 0;
+	}
+
+	free(newurl);
+	return ret;
+}
+
 int SYMEXPORT alpm_db_remove_server(alpm_db_t *db, const char *url)
 {
 	char *newurl, *vdata = NULL;
@ -210,9 +259,7 @@ int SYMEXPORT alpm_db_remove_server(alpm_db_t *db, const char *url)
 	ASSERT(url != NULL && strlen(url) != 0, RET_ERR(db->handle, ALPM_ERR_WRONG_ARGS, -1));

 	newurl = sanitize_url(url);
-	if(!newurl) {
-		return -1;
-	}
+	ASSERT(newurl != NULL, RET_ERR(db->handle, ALPM_ERR_MEMORY, -1));

 	db->servers = alpm_list_remove_str(db->servers, newurl, &vdata);

@ -227,14 +274,18 @@ int SYMEXPORT alpm_db_remove_server(alpm_db_t *db, const char *url)
 	return ret;
 }

-/** Get the name of a package database. */
+alpm_handle_t SYMEXPORT *alpm_db_get_handle(alpm_db_t *db)
+{
+	ASSERT(db != NULL, return NULL);
+	return db->handle;
+}
+
 const char SYMEXPORT *alpm_db_get_name(const alpm_db_t *db)
 {
 	ASSERT(db != NULL, return NULL);
 	return db->treename;
 }

-/** Get the signature verification level for a database. */
 int SYMEXPORT alpm_db_get_siglevel(alpm_db_t *db)
 {
 	ASSERT(db != NULL, return -1);
@ -245,7 +296,6 @@ int SYMEXPORT alpm_db_get_siglevel(alpm_db_t *db)
 	}
 }

-/** Check the validity of a database. */
 int SYMEXPORT alpm_db_get_valid(alpm_db_t *db)
 {
 	ASSERT(db != NULL, return -1);
@ -253,7 +303,6 @@ int SYMEXPORT alpm_db_get_valid(alpm_db_t *db)
 	return db->ops->validate(db);
 }

-/** Get a package entry from a package database. */
 alpm_pkg_t SYMEXPORT *alpm_db_get_pkg(alpm_db_t *db, const char *name)
 {
 	alpm_pkg_t *pkg;
@ -269,7 +318,6 @@ alpm_pkg_t SYMEXPORT *alpm_db_get_pkg(alpm_db_t *db, const char *name)
 	return pkg;
 }

-/** Get the package cache of a package database. */
 alpm_list_t SYMEXPORT *alpm_db_get_pkgcache(alpm_db_t *db)
 {
 	ASSERT(db != NULL, return NULL);
@ -277,7 +325,6 @@ alpm_list_t SYMEXPORT *alpm_db_get_pkgcache(alpm_db_t *db)
 	return _alpm_db_get_pkgcache(db);
 }

-/** Get a group entry from a package database. */
 alpm_group_t SYMEXPORT *alpm_db_get_group(alpm_db_t *db, const char *name)
 {
 	ASSERT(db != NULL, return NULL);
@ -288,7 +335,6 @@ alpm_group_t SYMEXPORT *alpm_db_get_group(alpm_db_t *db, const char *name)
 	return _alpm_db_get_groupfromcache(db, name);
 }

-/** Get the group cache of a package database. */
 alpm_list_t SYMEXPORT *alpm_db_get_groupcache(alpm_db_t *db)
 {
 	ASSERT(db != NULL, return NULL);
@ -297,16 +343,16 @@ alpm_list_t SYMEXPORT *alpm_db_get_groupcache(alpm_db_t *db)
 	return _alpm_db_get_groupcache(db);
 }

-/** Searches a database. */
-alpm_list_t SYMEXPORT *alpm_db_search(alpm_db_t *db, const alpm_list_t *needles)
+int SYMEXPORT alpm_db_search(alpm_db_t *db, const alpm_list_t *needles,
+		alpm_list_t **ret)
 {
-	ASSERT(db != NULL, return NULL);
+	ASSERT(db != NULL && ret != NULL && *ret == NULL,
+			RET_ERR(db->handle, ALPM_ERR_WRONG_ARGS, -1));
 	db->handle->pm_errno = ALPM_ERR_OK;

-	return _alpm_db_search(db, needles);
+	return _alpm_db_search(db, needles, ret);
 }

-/** Sets the usage bitmask for a repo */
 int SYMEXPORT alpm_db_set_usage(alpm_db_t *db, int usage)
 {
 	ASSERT(db != NULL, return -1);
@ -314,7 +360,6 @@ int SYMEXPORT alpm_db_set_usage(alpm_db_t *db, int usage)
 	return 0;
 }

-/** Gets the usage bitmask for a repo */
 int SYMEXPORT alpm_db_get_usage(alpm_db_t *db, int *usage)
 {
 	ASSERT(db != NULL, return -1);
@ -323,9 +368,6 @@ int SYMEXPORT alpm_db_get_usage(alpm_db_t *db, int *usage)
 	return 0;
 }

-
-/** @} */
-
 alpm_db_t *_alpm_db_new(const char *treename, int is_local)
 {
 	alpm_db_t *db;
@ -348,6 +390,7 @@ void _alpm_db_free(alpm_db_t *db)
 	/* cleanup pkgcache */
 	_alpm_db_free_pkgcache(db);
 	/* cleanup server list */
+	FREELIST(db->cache_servers);
 	FREELIST(db->servers);
 	FREE(db->_path);
 	FREE(db->treename);
@ -374,14 +417,14 @@ const char *_alpm_db_path(alpm_db_t *db)
 		if(db->status & DB_STATUS_LOCAL) {
 			pathsize = strlen(dbpath) + strlen(db->treename) + 2;
 			CALLOC(db->_path, 1, pathsize, RET_ERR(db->handle, ALPM_ERR_MEMORY, NULL));
-			sprintf(db->_path, "%s%s/", dbpath, db->treename);
+			snprintf(db->_path, pathsize, "%s%s/", dbpath, db->treename);
 		} else {
 			const char *dbext = db->handle->dbext;

 			pathsize = strlen(dbpath) + 5 + strlen(db->treename) + strlen(dbext) + 1;
 			CALLOC(db->_path, 1, pathsize, RET_ERR(db->handle, ALPM_ERR_MEMORY, NULL));
 			/* all sync DBs now reside in the sync/ subdir of the dbpath */
-			sprintf(db->_path, "%ssync/%s%s", dbpath, db->treename, dbext);
+			snprintf(db->_path, pathsize, "%ssync/%s%s", dbpath, db->treename, dbext);
 		}
 		_alpm_log(db->handle, ALPM_LOG_DEBUG, "database path for tree %s set to %s\n",
 				db->treename, db->_path);
@ -396,13 +439,13 @@ int _alpm_db_cmp(const void *d1, const void *d2)
 	return strcmp(db1->treename, db2->treename);
 }

-alpm_list_t *_alpm_db_search(alpm_db_t *db, const alpm_list_t *needles)
+int _alpm_db_search(alpm_db_t *db, const alpm_list_t *needles,
+		alpm_list_t **ret)
 {
 	const alpm_list_t *i, *j, *k;
-	alpm_list_t *ret = NULL;

 	if(!(db->usage & ALPM_DB_USAGE_SEARCH)) {
-		return NULL;
+		return 0;
 	}

 	/* copy the pkgcache- we will free the list var after each needle */
@ -415,12 +458,15 @@ alpm_list_t *_alpm_db_search(alpm_db_t *db, const alpm_list_t *needles)
 		if(i->data == NULL) {
 			continue;
 		}
-		ret = NULL;
+		*ret = NULL;
 		targ = i->data;
 		_alpm_log(db->handle, ALPM_LOG_DEBUG, "searching for target '%s'\n", targ);

 		if(regcomp(&reg, targ, REG_EXTENDED | REG_NOSUB | REG_ICASE | REG_NEWLINE) != 0) {
-			RET_ERR(db->handle, ALPM_ERR_INVALID_REGEX, NULL);
+			db->handle->pm_errno = ALPM_ERR_INVALID_REGEX;
+			alpm_list_free(list);
+			alpm_list_free(*ret);
+			return -1;
 		}

 		for(j = list; j; j = j->next) {
@ -463,18 +509,18 @@ alpm_list_t *_alpm_db_search(alpm_db_t *db, const alpm_list_t *needles)
 				_alpm_log(db->handle, ALPM_LOG_DEBUG,
 						"search target '%s' matched '%s' on package '%s'\n",
 						targ, matched, name);
-				ret = alpm_list_add(ret, pkg);
+				*ret = alpm_list_add(*ret, pkg);
 			}
 		}

 		/* Free the existing search list, and use the returned list for the
 		 * next needle. This allows for AND-based package searching. */
 		alpm_list_free(list);
-		list = ret;
+		list = *ret;
 		regfree(&reg);
 	}

-	return ret;
+	return 0;
 }

 /* Returns a new package cache from db.
@ -517,18 +563,17 @@ static void free_groupcache(alpm_db_t *db)

 void _alpm_db_free_pkgcache(alpm_db_t *db)
 {
-	if(db == NULL || !(db->status & DB_STATUS_PKGCACHE)) {
+	if(db == NULL || db->pkgcache == NULL) {
 		return;
 	}

 	_alpm_log(db->handle, ALPM_LOG_DEBUG,
 			"freeing package cache for repository '%s'\n", db->treename);

-	if(db->pkgcache) {
-		alpm_list_free_inner(db->pkgcache->list,
-				(alpm_list_fn_free)_alpm_pkg_free);
-		_alpm_pkghash_free(db->pkgcache);
-	}
+	alpm_list_free_inner(db->pkgcache->list,
+			(alpm_list_fn_free)_alpm_pkg_free);
+	_alpm_pkghash_free(db->pkgcache);
+	db->pkgcache = NULL;
 	db->status &= ~DB_STATUS_PKGCACHE;

 	free_groupcache(db);
--- a/lib/libalpm/db.h
+++ b/lib/libalpm/db.h
@ -1,7 +1,7 @@
 /*
 *  db.h
 *
- *  Copyright (c) 2006-2018 Pacman Development Team <pacman-dev@archlinux.org>
+ *  Copyright (c) 2006-2025 Pacman Development Team <pacman-dev@lists.archlinux.org>
 *  Copyright (c) 2002-2006 by Judd Vinet <jvinet@zeroflux.org>
 *  Copyright (c) 2005 by Aurelien Foret <orelien@chez.com>
 *  Copyright (c) 2006 by Miklos Vajna <vmiklos@frugalware.org>
@ -62,15 +62,16 @@ struct db_operations {
 };

 /* Database */
-struct __alpm_db_t {
+struct _alpm_db_t {
 	alpm_handle_t *handle;
 	char *treename;
 	/* do not access directly, use _alpm_db_path(db) for lazy access */
 	char *_path;
 	alpm_pkghash_t *pkgcache;
 	alpm_list_t *grpcache;
+	alpm_list_t *cache_servers;
 	alpm_list_t *servers;
-	struct db_operations *ops;
+	const struct db_operations *ops;

 	/* bitfields for validity, local, loaded caches, etc. */
 	/* From _alpm_dbstatus_t */
@ -87,7 +88,8 @@ alpm_db_t *_alpm_db_new(const char *treename, int is_local);
 void _alpm_db_free(alpm_db_t *db);
 const char *_alpm_db_path(alpm_db_t *db);
 int _alpm_db_cmp(const void *d1, const void *d2);
-alpm_list_t *_alpm_db_search(alpm_db_t *db, const alpm_list_t *needles);
+int _alpm_db_search(alpm_db_t *db, const alpm_list_t *needles,
+		alpm_list_t **ret);
 alpm_db_t *_alpm_db_register_local(alpm_handle_t *handle);
 alpm_db_t *_alpm_db_register_sync(alpm_handle_t *handle, const char *treename,
 		int level);
--- a/lib/libalpm/delta.c
+++ b/lib/libalpm/delta.c
@ -1,361 +0,0 @@
-/*
- *  delta.c
- *
- *  Copyright (c) 2006-2018 Pacman Development Team <pacman-dev@archlinux.org>
- *  Copyright (c) 2007-2006 by Judd Vinet <jvinet@zeroflux.org>
- *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 2 of the License, or
- *  (at your option) any later version.
- *
- *  This program is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License
- *  along with this program.  If not, see <http://www.gnu.org/licenses/>.
- */
-
-#include <stdlib.h>
-#include <string.h>
-#include <stdint.h> /* intmax_t */
-#include <limits.h>
-#include <sys/types.h>
-#include <regex.h>
-
-/* libalpm */
-#include "delta.h"
-#include "alpm_list.h"
-#include "util.h"
-#include "log.h"
-#include "graph.h"
-
-static alpm_list_t *graph_init(alpm_list_t *deltas, int reverse)
-{
-	alpm_list_t *i, *j;
-	alpm_list_t *vertices = NULL;
-	/* create the vertices */
-	for(i = deltas; i; i = i->next) {
-		alpm_graph_t *v = _alpm_graph_new();
-		if(!v) {
-			alpm_list_free(vertices);
-			return NULL;
-		}
-		alpm_delta_t *vdelta = i->data;
-		vdelta->download_size = vdelta->delta_size;
-		v->weight = LONG_MAX;
-		v->data = vdelta;
-		vertices = alpm_list_add(vertices, v);
-	}
-
-	/* compute the edges */
-	for(i = vertices; i; i = i->next) {
-		alpm_graph_t *v_i = i->data;
-		alpm_delta_t *d_i = v_i->data;
-		/* loop a second time so we make all possible comparisons */
-		for(j = vertices; j; j = j->next) {
-			alpm_graph_t *v_j = j->data;
-			alpm_delta_t *d_j = v_j->data;
-			/* We want to create a delta tree like the following:
-			 *          1_to_2
-			 *            |
-			 * 1_to_3   2_to_3
-			 *   \        /
-			 *     3_to_4
-			 * If J 'from' is equal to I 'to', then J is a child of I.
-			 * */
-			if((!reverse && strcmp(d_j->from, d_i->to) == 0) ||
-					(reverse && strcmp(d_j->to, d_i->from) == 0)) {
-				v_i->children = alpm_list_add(v_i->children, v_j);
-			}
-		}
-		v_i->iterator = v_i->children;
-	}
-	return vertices;
-}
-
-static void graph_init_size(alpm_handle_t *handle, alpm_list_t *vertices)
-{
-	alpm_list_t *i;
-
-	for(i = vertices; i; i = i->next) {
-		char *fpath, *md5sum;
-		alpm_graph_t *v = i->data;
-		alpm_delta_t *vdelta = v->data;
-
-		/* determine whether the delta file already exists */
-		fpath = _alpm_filecache_find(handle, vdelta->delta);
-		if(fpath) {
-			md5sum = alpm_compute_md5sum(fpath);
-			if(md5sum && strcmp(md5sum, vdelta->delta_md5) == 0) {
-				vdelta->download_size = 0;
-			}
-			FREE(md5sum);
-			FREE(fpath);
-		} else {
-			char *fnamepart;
-			CALLOC(fnamepart, strlen(vdelta->delta) + 6, sizeof(char), return);
-			sprintf(fnamepart, "%s.part", vdelta->delta);
-			fpath = _alpm_filecache_find(handle, fnamepart);
-			if(fpath) {
-				struct stat st;
-				if(stat(fpath, &st) == 0) {
-					vdelta->download_size = vdelta->delta_size - st.st_size;
-					vdelta->download_size = vdelta->download_size < 0 ? 0 : vdelta->download_size;
-				}
-				FREE(fpath);
-			}
-			FREE(fnamepart);
-		}
-
-		/* determine whether a base 'from' file exists */
-		fpath = _alpm_filecache_find(handle, vdelta->from);
-		if(fpath) {
-			v->weight = vdelta->download_size;
-		}
-		FREE(fpath);
-	}
-}
-
-
-static void dijkstra(alpm_list_t *vertices)
-{
-	alpm_list_t *i;
-	alpm_graph_t *v;
-	while(1) {
-		v = NULL;
-		/* find the smallest vertice not visited yet */
-		for(i = vertices; i; i = i->next) {
-			alpm_graph_t *v_i = i->data;
-
-			if(v_i->state == ALPM_GRAPH_STATE_PROCESSING) {
-				continue;
-			}
-
-			if(v == NULL || v_i->weight < v->weight) {
-				v = v_i;
-			}
-		}
-		if(v == NULL || v->weight == LONG_MAX) {
-			break;
-		}
-
-		v->state = ALPM_GRAPH_STATE_PROCESSING;
-
-		v->iterator = v->children;
-		while(v->iterator) {
-			alpm_graph_t *v_c = v->iterator->data;
-			alpm_delta_t *d_c = v_c->data;
-			if(v_c->weight > v->weight + d_c->download_size) {
-				v_c->weight = v->weight + d_c->download_size;
-				v_c->parent = v;
-			}
-
-			v->iterator = (v->iterator)->next;
-
-		}
-	}
-}
-
-static off_t shortest_path(alpm_list_t *vertices, const char *to, alpm_list_t **path)
-{
-	alpm_list_t *i;
-	alpm_graph_t *v = NULL;
-	off_t bestsize = 0;
-	alpm_list_t *rpath = NULL;
-
-	for(i = vertices; i; i = i->next) {
-		alpm_graph_t *v_i = i->data;
-		alpm_delta_t *d_i = v_i->data;
-
-		if(strcmp(d_i->to, to) == 0) {
-			if(v == NULL || v_i->weight < v->weight) {
-				v = v_i;
-				bestsize = v->weight;
-			}
-		}
-	}
-
-	while(v != NULL) {
-		alpm_delta_t *vdelta = v->data;
-		rpath = alpm_list_add(rpath, vdelta);
-		v = v->parent;
-	}
-	*path = alpm_list_reverse(rpath);
-	alpm_list_free(rpath);
-
-	return bestsize;
-}
-
-/** Calculates the shortest path from one version to another.
- * The shortest path is defined as the path with the smallest combined
- * size, not the length of the path.
- * @param handle the context handle
- * @param deltas the list of alpm_delta_t * objects that a file has
- * @param to the file to start the search at
- * @param path the pointer to a list location where alpm_delta_t * objects that
- * have the smallest size are placed. NULL is set if there is no path
- * possible with the files available.
- * @return the size of the path stored, or LONG_MAX if path is unfindable
- */
-off_t _alpm_shortest_delta_path(alpm_handle_t *handle, alpm_list_t *deltas,
-		const char *to, alpm_list_t **path)
-{
-	alpm_list_t *bestpath = NULL;
-	alpm_list_t *vertices;
-	off_t bestsize = LONG_MAX;
-
-	if(deltas == NULL) {
-		*path = NULL;
-		return bestsize;
-	}
-
-	_alpm_log(handle, ALPM_LOG_DEBUG, "started delta shortest-path search for '%s'\n", to);
-
-	vertices = graph_init(deltas, 0);
-	graph_init_size(handle, vertices);
-	dijkstra(vertices);
-	bestsize = shortest_path(vertices, to, &bestpath);
-
-	_alpm_log(handle, ALPM_LOG_DEBUG, "delta shortest-path search complete : '%jd'\n", (intmax_t)bestsize);
-
-	alpm_list_free_inner(vertices, _alpm_graph_free);
-	alpm_list_free(vertices);
-
-	*path = bestpath;
-	return bestsize;
-}
-
-static alpm_list_t *find_unused(alpm_list_t *deltas, const char *to, off_t quota)
-{
-	alpm_list_t *unused = NULL;
-	alpm_list_t *vertices;
-	alpm_list_t *i;
-	vertices = graph_init(deltas, 1);
-
-	for(i = vertices; i; i = i->next) {
-		alpm_graph_t *v = i->data;
-		alpm_delta_t *vdelta = v->data;
-		if(strcmp(vdelta->to, to) == 0) {
-			v->weight = vdelta->download_size;
-		}
-	}
-	dijkstra(vertices);
-	for(i = vertices; i; i = i->next) {
-		alpm_graph_t *v = i->data;
-		alpm_delta_t *vdelta = v->data;
-		if(v->weight > quota) {
-			unused = alpm_list_add(unused, vdelta->delta);
-		}
-	}
-	alpm_list_free_inner(vertices, _alpm_graph_free);
-	alpm_list_free(vertices);
-	return unused;
-}
-
-/** \addtogroup alpm_deltas Delta Functions
- * @brief Functions to manipulate libalpm deltas
- * @{
- */
-
-alpm_list_t SYMEXPORT *alpm_pkg_unused_deltas(alpm_pkg_t *pkg)
-{
-	ASSERT(pkg != NULL, return NULL);
-	return find_unused(pkg->deltas, pkg->filename,
-			pkg->size * pkg->handle->deltaratio);
-}
-
-/** @} */
-
-#define NUM_MATCHES 6
-
-/** Parses the string representation of a alpm_delta_t object.
- * This function assumes that the string is in the correct format.
- * This format is as follows:
- * $deltafile $deltamd5 $deltasize $oldfile $newfile
- * @param handle the context handle
- * @param line the string to parse
- * @return A pointer to the new alpm_delta_t object
- */
-alpm_delta_t *_alpm_delta_parse(alpm_handle_t *handle, const char *line)
-{
-	alpm_delta_t *delta;
-	size_t len;
-	regmatch_t pmatch[NUM_MATCHES];
-	char filesize[32];
-
-	/* this is so we only have to compile the pattern once */
-	if(!handle->delta_regex_compiled) {
-		/* $deltafile $deltamd5 $deltasize $oldfile $newfile*/
-		regcomp(&handle->delta_regex,
-				"^([^[:space:]]+) ([[:xdigit:]]{32}) ([[:digit:]]+)"
-				" ([^[:space:]]+) ([^[:space:]]+)$",
-				REG_EXTENDED | REG_NEWLINE);
-		handle->delta_regex_compiled = 1;
-	}
-
-	if(regexec(&handle->delta_regex, line, NUM_MATCHES, pmatch, 0) != 0) {
-		/* delta line is invalid, return NULL */
-		return NULL;
-	}
-
-	CALLOC(delta, 1, sizeof(alpm_delta_t), return NULL);
-
-	/* start at index 1 -- match 0 is the entire match */
-	len = pmatch[1].rm_eo - pmatch[1].rm_so;
-	STRNDUP(delta->delta, &line[pmatch[1].rm_so], len, goto error);
-
-	len = pmatch[2].rm_eo - pmatch[2].rm_so;
-	STRNDUP(delta->delta_md5, &line[pmatch[2].rm_so], len, goto error);
-
-	len = pmatch[3].rm_eo - pmatch[3].rm_so;
-	if(len < sizeof(filesize)) {
-		strncpy(filesize, &line[pmatch[3].rm_so], len);
-		filesize[len] = '\0';
-		delta->delta_size = _alpm_strtoofft(filesize);
-	}
-
-	len = pmatch[4].rm_eo - pmatch[4].rm_so;
-	STRNDUP(delta->from, &line[pmatch[4].rm_so], len, goto error);
-
-	len = pmatch[5].rm_eo - pmatch[5].rm_so;
-	STRNDUP(delta->to, &line[pmatch[5].rm_so], len, goto error);
-
-	return delta;
-
-error:
-	_alpm_delta_free(delta);
-	return NULL;
-}
-
-#undef NUM_MATCHES
-
-void _alpm_delta_free(alpm_delta_t *delta)
-{
-	ASSERT(delta != NULL, return);
-	FREE(delta->delta);
-	FREE(delta->delta_md5);
-	FREE(delta->from);
-	FREE(delta->to);
-	FREE(delta);
-}
-
-alpm_delta_t *_alpm_delta_dup(const alpm_delta_t *delta)
-{
-	alpm_delta_t *newdelta;
-	CALLOC(newdelta, 1, sizeof(alpm_delta_t), return NULL);
-	STRDUP(newdelta->delta, delta->delta, goto error);
-	STRDUP(newdelta->delta_md5, delta->delta_md5, goto error);
-	STRDUP(newdelta->from, delta->from, goto error);
-	STRDUP(newdelta->to, delta->to, goto error);
-	newdelta->delta_size = delta->delta_size;
-	newdelta->download_size = delta->download_size;
-
-	return newdelta;
-
-error:
-	_alpm_delta_free(newdelta);
-	return NULL;
-}
--- a/lib/libalpm/deps.c
+++ b/lib/libalpm/deps.c
@ -1,7 +1,7 @@
 /*
 *  deps.c
 *
- *  Copyright (c) 2006-2018 Pacman Development Team <pacman-dev@archlinux.org>
+ *  Copyright (c) 2006-2025 Pacman Development Team <pacman-dev@lists.archlinux.org>
 *  Copyright (c) 2002-2006 by Judd Vinet <jvinet@zeroflux.org>
 *  Copyright (c) 2005 by Aurelien Foret <orelien@chez.com>
 *  Copyright (c) 2005, 2006 by Miklos Vajna <vmiklos@frugalware.org>
@ -181,13 +181,13 @@ static void _alpm_warn_dep_cycle(alpm_handle_t *handle, alpm_list_t *targets,
 	} else {
 		alpm_pkg_t *ancestorpkg = ancestor->data;
 		alpm_pkg_t *childpkg = vertex->data;
-		_alpm_log(handle, ALPM_LOG_WARNING, _("dependency cycle detected:\n"));
+		_alpm_log(handle, ALPM_LOG_DEBUG, _("dependency cycle detected:\n"));
 		if(reverse) {
-			_alpm_log(handle, ALPM_LOG_WARNING,
+			_alpm_log(handle, ALPM_LOG_DEBUG,
 					_("%s will be removed after its %s dependency\n"),
 					ancestorpkg->name, childpkg->name);
 		} else {
-			_alpm_log(handle, ALPM_LOG_WARNING,
+			_alpm_log(handle, ALPM_LOG_DEBUG,
 					_("%s will be installed before its %s dependency\n"),
 					ancestorpkg->name, childpkg->name);
 		}
@ -286,12 +286,6 @@ static int no_dep_version(alpm_handle_t *handle)
 	return (handle->trans->flags & ALPM_TRANS_FLAG_NODEPVERSION);
 }

-/** Find a package satisfying a specified dependency.
- * The dependency can include versions with depmod operators.
- * @param pkgs an alpm_list_t* of alpm_pkg_t where the satisfier will be searched
- * @param depstring package or provision name, versioned or not
- * @return a alpm_pkg_t* satisfying depstring
- */
 alpm_pkg_t SYMEXPORT *alpm_find_satisfier(alpm_list_t *pkgs, const char *depstring)
 {
 	alpm_depend_t *dep = alpm_dep_from_string(depstring);
@ -303,15 +297,6 @@ alpm_pkg_t SYMEXPORT *alpm_find_satisfier(alpm_list_t *pkgs, const char *depstri
 	return pkg;
 }

-/** Checks dependencies and returns missing ones in a list.
- * Dependencies can include versions with depmod operators.
- * @param handle the context handle
- * @param pkglist the list of local packages
- * @param remove an alpm_list_t* of packages to be removed
- * @param upgrade an alpm_list_t* of packages to be upgraded (remove-then-upgrade)
- * @param reversedeps handles the backward dependencies
- * @return an alpm_list_t* of alpm_depmissing_t pointers.
- */
 alpm_list_t SYMEXPORT *alpm_checkdeps(alpm_handle_t *handle,
 		alpm_list_t *pkglist, alpm_list_t *rem, alpm_list_t *upgrade,
 		int reversedeps)
@ -571,7 +556,7 @@ static void _alpm_select_depends(alpm_list_t **from, alpm_list_t **to,
 	for(i = *from; i; i = next) {
 		alpm_pkg_t *deppkg = i->data;
 		next = i->next;
-		if((explicit || alpm_pkg_get_reason(deppkg) != ALPM_PKG_REASON_EXPLICIT)
+		if((explicit || alpm_pkg_get_reason(deppkg) == ALPM_PKG_REASON_DEPEND)
 				&& _alpm_pkg_depends_on(pkg, deppkg)) {
 			*to = alpm_list_add(*to, deppkg);
 			*from = alpm_list_remove_item(*from, i);
@ -643,10 +628,9 @@ int _alpm_recursedeps(alpm_db_t *db, alpm_list_t **targs, int include_explicit)
 * @param dep is the dependency to search for
 * @param dbs are the databases to search
 * @param excluding are the packages to exclude from the search
- * @param prompt if true, will cause an unresolvable dependency to issue an
- *        interactive prompt asking whether the package should be removed from
- *        the transaction or the transaction aborted; if false, simply returns
- *        an error code without prompting
+ * @param prompt if true, ask an alpm_question_install_ignorepkg_t to decide
+ *        if ignored packages should be installed; if false, skip ignored
+ *        packages.
 * @return the resolved package
 **/
 static alpm_pkg_t *resolvedep(alpm_handle_t *handle, alpm_depend_t *dep,
@ -699,7 +683,8 @@ static alpm_pkg_t *resolvedep(alpm_handle_t *handle, alpm_depend_t *dep,
 		for(j = _alpm_db_get_pkgcache(db); j; j = j->next) {
 			alpm_pkg_t *pkg = j->data;
 			if((pkg->name_hash != dep->name_hash || strcmp(pkg->name, dep->name) != 0)
-					&& _alpm_depcmp(pkg, dep) && !alpm_pkg_find(excluding, pkg->name)) {
+					&& _alpm_depcmp_provides(dep, alpm_pkg_get_provides(pkg))
+					&& !alpm_pkg_find(excluding, pkg->name)) {
 				if(alpm_pkg_should_ignore(handle, pkg)) {
 					alpm_question_install_ignorepkg_t question = {
 						.type = ALPM_QUESTION_INSTALL_IGNOREPKG,
@ -719,20 +704,19 @@ static alpm_pkg_t *resolvedep(alpm_handle_t *handle, alpm_depend_t *dep,
 				}
 				_alpm_log(handle, ALPM_LOG_DEBUG, "provider found (%s provides %s)\n",
 						pkg->name, dep->name);
+
+				/* provide is already installed so return early instead of prompting later */
+				if(_alpm_db_get_pkgfromcache(handle->db_local, pkg->name)) {
+					alpm_list_free(providers);
+					return pkg;
+				}
+
 				providers = alpm_list_add(providers, pkg);
 				/* keep looking for other providers in the all dbs */
 			}
 		}
 	}

-	/* first check if one provider is already installed locally */
-	for(i = providers; i; i = i->next) {
-		alpm_pkg_t *pkg = i->data;
-		if(_alpm_db_get_pkgfromcache(handle->db_local, pkg->name)) {
-			alpm_list_free(providers);
-			return pkg;
-		}
-	}
 	count = alpm_list_count(providers);
 	if(count >= 1) {
 		alpm_question_select_provider_t question = {
@ -764,15 +748,6 @@ static alpm_pkg_t *resolvedep(alpm_handle_t *handle, alpm_depend_t *dep,
 	return NULL;
 }

-/** Find a package satisfying a specified dependency.
- * First look for a literal, going through each db one by one. Then look for
- * providers. The first satisfier found is returned.
- * The dependency can include versions with depmod operators.
- * @param handle the context handle
- * @param dbs an alpm_list_t* of alpm_db_t where the satisfier will be searched
- * @param depstring package or provision name, versioned or not
- * @return a alpm_pkg_t* satisfying depstring
- */
 alpm_pkg_t SYMEXPORT *alpm_find_dbs_satisfier(alpm_handle_t *handle,
 		alpm_list_t *dbs, const char *depstring)
 {
@ -887,11 +862,6 @@ int _alpm_resolvedeps(alpm_handle_t *handle, alpm_list_t *localpkgs,
 	return ret;
 }

-/** Reverse of splitdep; make a dep string from a alpm_depend_t struct.
- * The string must be freed!
- * @param dep the depend to turn into a string
- * @return a string-formatted dependency with operator if necessary
- */
 char SYMEXPORT *alpm_dep_compute_string(const alpm_depend_t *dep)
 {
 	const char *name, *opr, *ver, *desc_delim, *desc;
--- a/lib/libalpm/deps.h
+++ b/lib/libalpm/deps.h
@ -1,7 +1,7 @@
 /*
 *  deps.h
 *
- *  Copyright (c) 2006-2018 Pacman Development Team <pacman-dev@archlinux.org>
+ *  Copyright (c) 2006-2025 Pacman Development Team <pacman-dev@lists.archlinux.org>
 *  Copyright (c) 2002-2006 by Judd Vinet <jvinet@zeroflux.org>
 *  Copyright (c) 2005 by Aurelien Foret <orelien@chez.com>
 *  Copyright (c) 2006 by Miklos Vajna <vmiklos@frugalware.org>
--- a/lib/libalpm/diskspace.c
+++ b/lib/libalpm/diskspace.c
@ -1,7 +1,7 @@
 /*
 *  diskspace.c
 *
- *  Copyright (c) 2010-2018 Pacman Development Team <pacman-dev@archlinux.org>
+ *  Copyright (c) 2010-2025 Pacman Development Team <pacman-dev@lists.archlinux.org>
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
@ -111,6 +111,10 @@ static alpm_list_t *mount_point_list(alpm_handle_t *handle)
 	}

 	while((mnt = getmntent(fp))) {
+		if(mnt->mnt_dir == NULL) {
+			continue;
+		}
+
 		CALLOC(mp, 1, sizeof(alpm_mountpoint_t), RET_ERR(handle, ALPM_ERR_MEMORY, NULL));
 		STRDUP(mp->mount_dir, mnt->mnt_dir, free(mp); RET_ERR(handle, ALPM_ERR_MEMORY, NULL));
 		mp->mount_dir_len = strlen(mp->mount_dir);
@ -134,6 +138,10 @@ static alpm_list_t *mount_point_list(alpm_handle_t *handle)
 	}

 	while((ret = getmntent(fp, &mnt)) == 0) {
+		if(mnt->mnt_mountp == NULL) {
+			continue;
+		}
+
 		CALLOC(mp, 1, sizeof(alpm_mountpoint_t), RET_ERR(handle, ALPM_ERR_MEMORY, NULL));
 		STRDUP(mp->mount_dir, mnt->mnt_mountp,  free(mp); RET_ERR(handle, ALPM_ERR_MEMORY, NULL));
 		mp->mount_dir_len = strlen(mp->mount_dir);
@ -161,6 +169,10 @@ static alpm_list_t *mount_point_list(alpm_handle_t *handle)
 	}

 	for(; entries-- > 0; fsp++) {
+		if(fsp->f_mntonname == NULL) {
+			continue;
+		}
+
 		CALLOC(mp, 1, sizeof(alpm_mountpoint_t), RET_ERR(handle, ALPM_ERR_MEMORY, NULL));
 		STRDUP(mp->mount_dir, fsp->f_mntonname, free(mp); RET_ERR(handle, ALPM_ERR_MEMORY, NULL));
 		mp->mount_dir_len = strlen(mp->mount_dir);
@ -359,7 +371,7 @@ static int check_mountpoint(alpm_handle_t *handle, alpm_mountpoint_t *mp)
 }

 int _alpm_check_downloadspace(alpm_handle_t *handle, const char *cachedir,
-		size_t num_files, off_t *file_sizes)
+		size_t num_files, const off_t *file_sizes)
 {
 	alpm_list_t *mount_points;
 	alpm_mountpoint_t *cachedir_mp;
--- a/lib/libalpm/diskspace.h
+++ b/lib/libalpm/diskspace.h
@ -1,7 +1,7 @@
 /*
 *  diskspace.h
 *
- *  Copyright (c) 2010-2018 Pacman Development Team <pacman-dev@archlinux.org>
+ *  Copyright (c) 2010-2025 Pacman Development Team <pacman-dev@lists.archlinux.org>
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
@ -43,7 +43,7 @@ enum mount_fsinfo {
 	MOUNT_FSINFO_FAIL,
 };

-typedef struct __alpm_mountpoint_t {
+typedef struct _alpm_mountpoint_t {
 	/* mount point information */
 	char *mount_dir;
 	size_t mount_dir_len;
@ -58,6 +58,6 @@ typedef struct __alpm_mountpoint_t {

 int _alpm_check_diskspace(alpm_handle_t *handle);
 int _alpm_check_downloadspace(alpm_handle_t *handle, const char *cachedir,
-		size_t num_files, off_t *file_sizes);
+		size_t num_files, const off_t *file_sizes);

 #endif /* ALPM_DISKSPACE_H */
--- a/lib/libalpm/dload.c
+++ b/lib/libalpm/dload.c
--- a/lib/libalpm/dload.h
+++ b/lib/libalpm/dload.h
@ -1,7 +1,7 @@
 /*
 *  dload.h
 *
- *  Copyright (c) 2006-2018 Pacman Development Team <pacman-dev@archlinux.org>
+ *  Copyright (c) 2006-2025 Pacman Development Team <pacman-dev@lists.archlinux.org>
 *  Copyright (c) 2002-2006 by Judd Vinet <jvinet@zeroflux.org>
 *
 *  This program is free software; you can redistribute it and/or modify
@ -26,13 +26,24 @@
 struct dload_payload {
 	alpm_handle_t *handle;
 	const char *tempfile_openmode;
+	/* name of the remote file */
 	char *remote_name;
+	/* temporary file name, to which the payload is downloaded */
 	char *tempfile_name;
+	/* name to which the downloaded file will be renamed */
 	char *destfile_name;
-	char *content_disp_name;
+	/* client has to provide either
+	 *  1) fileurl - full URL to the file
+	 *  2) pair of (servers, filepath), in this case ALPM iterates over the
+	 *     server list and tries to download "$server/$filepath"
+	 */
 	char *fileurl;
+	char *filepath; /* download URL path */
+	alpm_list_t *cache_servers;
 	alpm_list_t *servers;
 	long respcode;
+	/* the mtime of the existing version of this file, if there is one */
+	long mtime_existing_file;
 	off_t initial_size;
 	off_t max_size;
 	off_t prevprogress;
@ -40,17 +51,22 @@ struct dload_payload {
 	int allow_resume;
 	int errors_ok;
 	int unlink_on_fail;
-	int trust_remote_name;
-	int cb_initialized;
+	int download_signature; /* specifies if an accompanion *.sig file need to be downloaded*/
+	int signature_optional; /* *.sig file is optional */
 #ifdef HAVE_LIBCURL
-	CURLcode curlerr;       /* last error produced by curl */
+	CURL *curl;
+	char error_buffer[CURL_ERROR_SIZE];
+	int signature; /* specifies if this payload is for a signature file */
+	int request_errors_ok; /* per-request errors-ok */
 #endif
+	FILE *localf; /* temp download file */
 };

 void _alpm_dload_payload_reset(struct dload_payload *payload);
-void _alpm_dload_payload_reset_for_retry(struct dload_payload *payload);

-int _alpm_download(struct dload_payload *payload, const char *localpath,
-		char **final_file, const char **final_url);
+int _alpm_download(alpm_handle_t *handle,
+		alpm_list_t *payloads /* struct dload_payload */,
+		const char *localpath,
+		const char *temporary_localpath);

 #endif /* ALPM_DLOAD_H */
--- a/lib/libalpm/error.c
+++ b/lib/libalpm/error.c
@ -1,7 +1,7 @@
 /*
 *  error.c
 *
- *  Copyright (c) 2006-2018 Pacman Development Team <pacman-dev@archlinux.org>
+ *  Copyright (c) 2006-2025 Pacman Development Team <pacman-dev@lists.archlinux.org>
 *  Copyright (c) 2002-2006 by Judd Vinet <jvinet@zeroflux.org>
 *
 *  This program is free software; you can redistribute it and/or modify
@ -90,6 +90,8 @@ const char SYMEXPORT *alpm_strerror(alpm_errno_t err)
 			return _("transaction not initialized");
 		case ALPM_ERR_TRANS_DUP_TARGET:
 			return _("duplicate target");
+		case ALPM_ERR_TRANS_DUP_FILENAME:
+			return _("duplicate filename");
 		case ALPM_ERR_TRANS_NOT_INITIALIZED:
 			return _("transaction not initialized");
 		case ALPM_ERR_TRANS_NOT_PREPARED:
@ -123,18 +125,11 @@ const char SYMEXPORT *alpm_strerror(alpm_errno_t err)
 			return _("package filename is not valid");
 		case ALPM_ERR_PKG_INVALID_ARCH:
 			return _("package architecture is not valid");
-		case ALPM_ERR_PKG_REPO_NOT_FOUND:
-			return _("could not find repository for target");
 		/* Signatures */
 		case ALPM_ERR_SIG_MISSING:
 			return _("missing PGP signature");
 		case ALPM_ERR_SIG_INVALID:
 			return _("invalid PGP signature");
-		/* Deltas */
-		case ALPM_ERR_DLT_INVALID:
-			return _("invalid or corrupted delta");
-		case ALPM_ERR_DLT_PATCHFAILED:
-			return _("delta patch failed");
 		/* Dependencies */
 		case ALPM_ERR_UNSATISFIED_DEPS:
 			return _("could not satisfy dependencies");
@ -142,7 +137,7 @@ const char SYMEXPORT *alpm_strerror(alpm_errno_t err)
 			return _("conflicting dependencies");
 		case ALPM_ERR_FILE_CONFLICTS:
 			return _("conflicting files");
-		/* Miscellaenous */
+		/* Miscellaneous */
 		case ALPM_ERR_RETRIEVE:
 			return _("failed to retrieve some files");
 		case ALPM_ERR_INVALID_REGEX:
--- a/lib/libalpm/filelist.c
+++ b/lib/libalpm/filelist.c
@ -1,7 +1,7 @@
 /*
 *  filelist.c
 *
- *  Copyright (c) 2012-2018 Pacman Development Team <pacman-dev@archlinux.org>
+ *  Copyright (c) 2012-2025 Pacman Development Team <pacman-dev@lists.archlinux.org>
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
@ -118,12 +118,12 @@ static int _alpm_files_cmp(const void *f1, const void *f2)
 	return strcmp(file1->name, file2->name);
 }

-alpm_file_t SYMEXPORT *alpm_filelist_contains(alpm_filelist_t *filelist,
+alpm_file_t SYMEXPORT *alpm_filelist_contains(const alpm_filelist_t *filelist,
 		const char *path)
 {
 	alpm_file_t key;

-	if(!filelist) {
+	if(!filelist || filelist->count == 0) {
 		return NULL;
 	}

--- a/lib/libalpm/filelist.h
+++ b/lib/libalpm/filelist.h
@ -1,7 +1,7 @@
 /*
 *  filelist.h
 *
- *  Copyright (c) 2012-2018 Pacman Development Team <pacman-dev@archlinux.org>
+ *  Copyright (c) 2012-2025 Pacman Development Team <pacman-dev@lists.archlinux.org>
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
--- a/lib/libalpm/graph.c
+++ b/lib/libalpm/graph.c
@ -1,7 +1,7 @@
 /*
 *  graph.c - helpful graph structure and setup/teardown methods
 *
- *  Copyright (c) 2007-2018 Pacman Development Team <pacman-dev@archlinux.org>
+ *  Copyright (c) 2007-2025 Pacman Development Team <pacman-dev@lists.archlinux.org>
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
--- a/lib/libalpm/graph.h
+++ b/lib/libalpm/graph.h
@ -1,7 +1,7 @@
 /*
 *  graph.h - helpful graph structure and setup/teardown methods
 *
- *  Copyright (c) 2007-2018 Pacman Development Team <pacman-dev@archlinux.org>
+ *  Copyright (c) 2007-2025 Pacman Development Team <pacman-dev@lists.archlinux.org>
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
@ -23,19 +23,19 @@

 #include "alpm_list.h"

-enum __alpm_graph_vertex_state {
+enum _alpm_graph_vertex_state {
 	ALPM_GRAPH_STATE_UNPROCESSED,
 	ALPM_GRAPH_STATE_PROCESSING,
 	ALPM_GRAPH_STATE_PROCESSED
 };

-typedef struct __alpm_graph_t {
+typedef struct _alpm_graph_t {
 	void *data;
-	struct __alpm_graph_t *parent; /* where did we come from? */
+	struct _alpm_graph_t *parent; /* where did we come from? */
 	alpm_list_t *children;
 	alpm_list_t *iterator; /* used for DFS without recursion */
 	off_t weight; /* weight of the node */
-	enum __alpm_graph_vertex_state state;
+	enum _alpm_graph_vertex_state state;
 } alpm_graph_t;

 alpm_graph_t *_alpm_graph_new(void);
--- a/lib/libalpm/group.c
+++ b/lib/libalpm/group.c
@ -1,7 +1,7 @@
 /*
 *  group.c
 *
- *  Copyright (c) 2006-2018 Pacman Development Team <pacman-dev@archlinux.org>
+ *  Copyright (c) 2006-2025 Pacman Development Team <pacman-dev@lists.archlinux.org>
 *  Copyright (c) 2002-2006 by Judd Vinet <jvinet@zeroflux.org>
 *
 *  This program is free software; you can redistribute it and/or modify
--- a/lib/libalpm/group.h
+++ b/lib/libalpm/group.h
@ -1,7 +1,7 @@
 /*
 *  group.h
 *
- *  Copyright (c) 2006-2018 Pacman Development Team <pacman-dev@archlinux.org>
+ *  Copyright (c) 2006-2025 Pacman Development Team <pacman-dev@lists.archlinux.org>
 *  Copyright (c) 2002-2006 by Judd Vinet <jvinet@zeroflux.org>
 *
 *  This program is free software; you can redistribute it and/or modify
--- a/lib/libalpm/handle.c
+++ b/lib/libalpm/handle.c
@ -1,7 +1,7 @@
 /*
 *  handle.c
 *
- *  Copyright (c) 2006-2018 Pacman Development Team <pacman-dev@archlinux.org>
+ *  Copyright (c) 2006-2025 Pacman Development Team <pacman-dev@lists.archlinux.org>
 *  Copyright (c) 2002-2006 by Judd Vinet <jvinet@zeroflux.org>
 *  Copyright (c) 2005 by Aurelien Foret <orelien@chez.com>
 *  Copyright (c) 2005, 2006 by Miklos Vajna <vmiklos@frugalware.org>
@ -34,7 +34,6 @@
 #include "alpm_list.h"
 #include "util.h"
 #include "log.h"
-#include "delta.h"
 #include "trans.h"
 #include "alpm.h"
 #include "deps.h"
@ -44,18 +43,33 @@ alpm_handle_t *_alpm_handle_new(void)
 	alpm_handle_t *handle;

 	CALLOC(handle, 1, sizeof(alpm_handle_t), return NULL);
-	handle->deltaratio = 0.0;
 	handle->lockfd = -1;

 	return handle;
 }

+/* free all in-memory resources */
 void _alpm_handle_free(alpm_handle_t *handle)
 {
+	alpm_list_t *i;
+	alpm_db_t *db;
+
 	if(handle == NULL) {
 		return;
 	}

+	/* close local database */
+	if((db = handle->db_local)) {
+		db->ops->unregister(db);
+	}
+
+	/* unregister all sync dbs */
+	for(i = handle->dbs_sync; i; i = i->next) {
+		db = i->data;
+		db->ops->unregister(db);
+	}
+	alpm_list_free(handle->dbs_sync);
+
 	/* close logfile */
 	if(handle->logstream) {
 		fclose(handle->logstream);
@ -66,16 +80,15 @@ void _alpm_handle_free(alpm_handle_t *handle)
 		closelog();
 	}

-#ifdef HAVE_LIBCURL
-	/* release curl handle */
-	curl_easy_cleanup(handle->curl);
-#endif
-
 #ifdef HAVE_LIBGPGME
 	FREELIST(handle->known_keys);
 #endif

-	regfree(&handle->delta_regex);
+#ifdef HAVE_LIBCURL
+	curl_multi_cleanup(handle->curlm);
+	curl_global_cleanup();
+	FREELIST(handle->server_errors);
+#endif

 	/* free memory */
 	_alpm_trans_free(handle->trans);
@ -86,8 +99,9 @@ void _alpm_handle_free(alpm_handle_t *handle)
 	FREELIST(handle->hookdirs);
 	FREE(handle->logfile);
 	FREE(handle->lockfile);
-	FREE(handle->arch);
+	FREELIST(handle->architectures);
 	FREE(handle->gpgdir);
+	FREE(handle->sandboxuser);
 	FREELIST(handle->noupgrade);
 	FREELIST(handle->noextract);
 	FREELIST(handle->ignorepkg);
@ -109,7 +123,7 @@ int _alpm_handle_lock(alpm_handle_t *handle)
 	ASSERT(handle->lockfd < 0, return 0);

 	/* create the dir of the lockfile first */
-	dir = strdup(handle->lockfile);
+	STRDUP(dir, handle->lockfile, return -1);
 	ptr = strrchr(dir, '/');
 	if(ptr) {
 		*ptr = '\0';
@ -127,12 +141,6 @@ int _alpm_handle_lock(alpm_handle_t *handle)
 	return (handle->lockfd >= 0 ? 0 : -1);
 }

-/** Remove the database lock file
- * @param handle the context handle
- * @return 0 on success, -1 on error
- *
- * @note Safe to call from inside signal handlers.
- */
 int SYMEXPORT alpm_unlock(alpm_handle_t *handle)
 {
 	ASSERT(handle != NULL, return -1);
@ -177,22 +185,34 @@ alpm_cb_log SYMEXPORT alpm_option_get_logcb(alpm_handle_t *handle)
 	return handle->logcb;
 }

+void SYMEXPORT *alpm_option_get_logcb_ctx(alpm_handle_t *handle)
+{
+	CHECK_HANDLE(handle, return NULL);
+	return handle->logcb_ctx;
+}
+
 alpm_cb_download SYMEXPORT alpm_option_get_dlcb(alpm_handle_t *handle)
 {
 	CHECK_HANDLE(handle, return NULL);
 	return handle->dlcb;
 }

+void SYMEXPORT *alpm_option_get_dlcb_ctx(alpm_handle_t *handle)
+{
+	CHECK_HANDLE(handle, return NULL);
+	return handle->dlcb_ctx;
+}
+
 alpm_cb_fetch SYMEXPORT alpm_option_get_fetchcb(alpm_handle_t *handle)
 {
 	CHECK_HANDLE(handle, return NULL);
 	return handle->fetchcb;
 }

-alpm_cb_totaldl SYMEXPORT alpm_option_get_totaldlcb(alpm_handle_t *handle)
+void SYMEXPORT *alpm_option_get_fetchcb_ctx(alpm_handle_t *handle)
 {
 	CHECK_HANDLE(handle, return NULL);
-	return handle->totaldlcb;
+	return handle->fetchcb_ctx;
 }

 alpm_cb_event SYMEXPORT alpm_option_get_eventcb(alpm_handle_t *handle)
@ -201,18 +221,36 @@ alpm_cb_event SYMEXPORT alpm_option_get_eventcb(alpm_handle_t *handle)
 	return handle->eventcb;
 }

+void SYMEXPORT *alpm_option_get_eventcb_ctx(alpm_handle_t *handle)
+{
+	CHECK_HANDLE(handle, return NULL);
+	return handle->eventcb_ctx;
+}
+
 alpm_cb_question SYMEXPORT alpm_option_get_questioncb(alpm_handle_t *handle)
 {
 	CHECK_HANDLE(handle, return NULL);
 	return handle->questioncb;
 }

+void SYMEXPORT *alpm_option_get_questioncb_ctx(alpm_handle_t *handle)
+{
+	CHECK_HANDLE(handle, return NULL);
+	return handle->questioncb_ctx;
+}
+
 alpm_cb_progress SYMEXPORT alpm_option_get_progresscb(alpm_handle_t *handle)
 {
 	CHECK_HANDLE(handle, return NULL);
 	return handle->progresscb;
 }

+void SYMEXPORT *alpm_option_get_progresscb_ctx(alpm_handle_t *handle)
+{
+	CHECK_HANDLE(handle, return NULL);
+	return handle->progresscb_ctx;
+}
+
 const char SYMEXPORT *alpm_option_get_root(alpm_handle_t *handle)
 {
 	CHECK_HANDLE(handle, return NULL);
@ -255,6 +293,12 @@ const char SYMEXPORT *alpm_option_get_gpgdir(alpm_handle_t *handle)
 	return handle->gpgdir;
 }

+const char SYMEXPORT *alpm_option_get_sandboxuser(alpm_handle_t *handle)
+{
+	CHECK_HANDLE(handle, return NULL);
+	return handle->sandboxuser;
+}
+
 int SYMEXPORT alpm_option_get_usesyslog(alpm_handle_t *handle)
 {
 	CHECK_HANDLE(handle, return -1);
@ -297,16 +341,10 @@ alpm_list_t SYMEXPORT *alpm_option_get_assumeinstalled(alpm_handle_t *handle)
 	return handle->assumeinstalled;
 }

-const char SYMEXPORT *alpm_option_get_arch(alpm_handle_t *handle)
+alpm_list_t SYMEXPORT *alpm_option_get_architectures(alpm_handle_t *handle)
 {
 	CHECK_HANDLE(handle, return NULL);
-	return handle->arch;
-}
-
-double SYMEXPORT alpm_option_get_deltaratio(alpm_handle_t *handle)
-{
-	CHECK_HANDLE(handle, return -1);
-	return handle->deltaratio;
+	return handle->architectures;
 }

 int SYMEXPORT alpm_option_get_checkspace(alpm_handle_t *handle)
@ -321,52 +359,57 @@ const char SYMEXPORT *alpm_option_get_dbext(alpm_handle_t *handle)
 	return handle->dbext;
 }

-int SYMEXPORT alpm_option_set_logcb(alpm_handle_t *handle, alpm_cb_log cb)
+int SYMEXPORT alpm_option_get_parallel_downloads(alpm_handle_t *handle)
+{
+	CHECK_HANDLE(handle, return -1);
+	return handle->parallel_downloads;
+}
+
+int SYMEXPORT alpm_option_set_logcb(alpm_handle_t *handle, alpm_cb_log cb, void *ctx)
 {
 	CHECK_HANDLE(handle, return -1);
 	handle->logcb = cb;
+	handle->logcb_ctx = ctx;
 	return 0;
 }

-int SYMEXPORT alpm_option_set_dlcb(alpm_handle_t *handle, alpm_cb_download cb)
+int SYMEXPORT alpm_option_set_dlcb(alpm_handle_t *handle, alpm_cb_download cb, void *ctx)
 {
 	CHECK_HANDLE(handle, return -1);
 	handle->dlcb = cb;
+	handle->dlcb_ctx = ctx;
 	return 0;
 }

-int SYMEXPORT alpm_option_set_fetchcb(alpm_handle_t *handle, alpm_cb_fetch cb)
+int SYMEXPORT alpm_option_set_fetchcb(alpm_handle_t *handle, alpm_cb_fetch cb, void *ctx)
 {
 	CHECK_HANDLE(handle, return -1);
 	handle->fetchcb = cb;
+	handle->fetchcb_ctx = ctx;
 	return 0;
 }

-int SYMEXPORT alpm_option_set_totaldlcb(alpm_handle_t *handle, alpm_cb_totaldl cb)
-{
-	CHECK_HANDLE(handle, return -1);
-	handle->totaldlcb = cb;
-	return 0;
-}
-
-int SYMEXPORT alpm_option_set_eventcb(alpm_handle_t *handle, alpm_cb_event cb)
+int SYMEXPORT alpm_option_set_eventcb(alpm_handle_t *handle, alpm_cb_event cb, void *ctx)
 {
 	CHECK_HANDLE(handle, return -1);
 	handle->eventcb = cb;
+	handle->eventcb_ctx = ctx;
 	return 0;
 }

-int SYMEXPORT alpm_option_set_questioncb(alpm_handle_t *handle, alpm_cb_question cb)
+int SYMEXPORT alpm_option_set_questioncb(alpm_handle_t *handle, alpm_cb_question cb, void *ctx)
 {
 	CHECK_HANDLE(handle, return -1);
 	handle->questioncb = cb;
+	handle->questioncb_ctx = ctx;
 	return 0;
 }

-int SYMEXPORT alpm_option_set_progresscb(alpm_handle_t *handle, alpm_cb_progress cb)
+int SYMEXPORT alpm_option_set_progresscb(alpm_handle_t *handle, alpm_cb_progress cb, void *ctx)
 {
 	CHECK_HANDLE(handle, return -1);
 	handle->progresscb = cb;
+	handle->progresscb_ctx = ctx;
 	return 0;
 }

@ -559,6 +602,19 @@ int SYMEXPORT alpm_option_set_gpgdir(alpm_handle_t *handle, const char *gpgdir)
 	return 0;
 }

+int SYMEXPORT alpm_option_set_sandboxuser(alpm_handle_t *handle, const char *sandboxuser)
+{
+	CHECK_HANDLE(handle, return -1);
+	if(handle->sandboxuser) {
+		FREE(handle->sandboxuser);
+	}
+
+	STRDUP(handle->sandboxuser, sandboxuser, RET_ERR(handle, ALPM_ERR_MEMORY, -1));
+
+	_alpm_log(handle, ALPM_LOG_DEBUG, "option 'sandboxuser' = %s\n", handle->sandboxuser);
+	return 0;
+}
+
 int SYMEXPORT alpm_option_set_usesyslog(alpm_handle_t *handle, int usesyslog)
 {
 	CHECK_HANDLE(handle, return -1);
@ -700,6 +756,7 @@ int SYMEXPORT alpm_option_set_assumeinstalled(alpm_handle_t *handle, alpm_list_t
 	if(handle->assumeinstalled) {
 		alpm_list_free_inner(handle->assumeinstalled, (alpm_list_fn_free)alpm_dep_free);
 		alpm_list_free(handle->assumeinstalled);
+		handle->assumeinstalled = NULL;
 	}
 	while(deps) {
 		if(alpm_option_add_assumeinstalled(handle, deps->data) != 0) {
@ -747,21 +804,29 @@ int SYMEXPORT alpm_option_remove_assumeinstalled(alpm_handle_t *handle, const al
 	return 0;
 }

-int SYMEXPORT alpm_option_set_arch(alpm_handle_t *handle, const char *arch)
+int SYMEXPORT alpm_option_add_architecture(alpm_handle_t *handle, const char *arch)
 {
-	CHECK_HANDLE(handle, return -1);
-	if(handle->arch) FREE(handle->arch);
-	STRDUP(handle->arch, arch, RET_ERR(handle, ALPM_ERR_MEMORY, -1));
+	handle->architectures = alpm_list_add(handle->architectures, strdup(arch));
 	return 0;
 }

-int SYMEXPORT alpm_option_set_deltaratio(alpm_handle_t *handle, double ratio)
+int SYMEXPORT alpm_option_set_architectures(alpm_handle_t *handle, alpm_list_t *arches)
 {
 	CHECK_HANDLE(handle, return -1);
-	if(ratio < 0.0 || ratio > 2.0) {
-		RET_ERR(handle, ALPM_ERR_WRONG_ARGS, -1);
+	if(handle->architectures) FREELIST(handle->architectures);
+	handle->architectures = alpm_list_strdup(arches);
+	return 0;
+}
+
+int SYMEXPORT alpm_option_remove_architecture(alpm_handle_t *handle, const char *arch)
+{
+	char *vdata = NULL;
+	CHECK_HANDLE(handle, return -1);
+	handle->architectures = alpm_list_remove_str(handle->architectures, arch, &vdata);
+	if(vdata != NULL) {
+		FREE(vdata);
+		return 1;
 	}
-	handle->deltaratio = ratio;
 	return 0;
 }

@ -870,14 +935,39 @@ int SYMEXPORT alpm_option_get_remote_file_siglevel(alpm_handle_t *handle)
 	}
 }

+int SYMEXPORT alpm_option_get_disable_dl_timeout(alpm_handle_t *handle)
+{
+	CHECK_HANDLE(handle, return -1);
+	return handle->disable_dl_timeout;
+}
+
 int SYMEXPORT alpm_option_set_disable_dl_timeout(alpm_handle_t *handle,
 		unsigned short disable_dl_timeout)
 {
 	CHECK_HANDLE(handle, return -1);
-#ifdef HAVE_LIBCURL
 	handle->disable_dl_timeout = disable_dl_timeout;
-#else
-	(void)disable_dl_timeout; /* silence unused variable warnings */
-#endif
+	return 0;
+}
+
+int SYMEXPORT alpm_option_set_parallel_downloads(alpm_handle_t *handle,
+		unsigned int num_streams)
+{
+	CHECK_HANDLE(handle, return -1);
+	ASSERT(num_streams >= 1, RET_ERR(handle, ALPM_ERR_WRONG_ARGS, -1));
+	handle->parallel_downloads = num_streams;
+	return 0;
+}
+
+int SYMEXPORT alpm_option_get_disable_sandbox(alpm_handle_t *handle)
+{
+	CHECK_HANDLE(handle, return -1);
+	return handle->disable_sandbox;
+}
+
+int SYMEXPORT alpm_option_set_disable_sandbox(alpm_handle_t *handle,
+		unsigned short disable_sandbox)
+{
+	CHECK_HANDLE(handle, return -1);
+	handle->disable_sandbox = disable_sandbox;
 	return 0;
 }
--- a/lib/libalpm/handle.h
+++ b/lib/libalpm/handle.h
@ -1,7 +1,7 @@
 /*
 *  handle.h
 *
- *  Copyright (c) 2006-2018 Pacman Development Team <pacman-dev@archlinux.org>
+ *  Copyright (c) 2006-2025 Pacman Development Team <pacman-dev@lists.archlinux.org>
 *  Copyright (c) 2002-2006 by Judd Vinet <jvinet@zeroflux.org>
 *
 *  This program is free software; you can redistribute it and/or modify
@ -26,6 +26,7 @@

 #include "alpm_list.h"
 #include "alpm.h"
+#include "trans.h"

 #ifdef HAVE_LIBCURL
 #include <curl/curl.h>
@ -34,23 +35,23 @@
 #define EVENT(h, e) \
 do { \
 	if((h)->eventcb) { \
-		(h)->eventcb((alpm_event_t *) (e)); \
+		(h)->eventcb((h)->eventcb_ctx, (alpm_event_t *) (e)); \
 	} \
 } while(0)
 #define QUESTION(h, q) \
 do { \
 	if((h)->questioncb) { \
-		(h)->questioncb((alpm_question_t *) (q)); \
+		(h)->questioncb((h)->questioncb_ctx, (alpm_question_t *) (q)); \
 	} \
 } while(0)
 #define PROGRESS(h, e, p, per, n, r) \
 do { \
 	if((h)->progresscb) { \
-		(h)->progresscb(e, p, per, n, r); \
+		(h)->progresscb((h)->progresscb_ctx, e, p, per, n, r); \
 	} \
 } while(0)

-struct __alpm_handle_t {
+struct _alpm_handle_t {
 	/* internal usage */
 	alpm_db_t *db_local;    /* local db pointer */
 	alpm_list_t *dbs_sync;  /* List of (alpm_db_t *) */
@ -59,22 +60,31 @@ struct __alpm_handle_t {

 #ifdef HAVE_LIBCURL
 	/* libcurl handle */
-	CURL *curl;             /* reusable curl_easy handle */
-	unsigned short disable_dl_timeout;
+	CURLM *curlm;
+	alpm_list_t *server_errors;
 #endif

+	unsigned short disable_dl_timeout;
+	unsigned short disable_sandbox;
+	unsigned int parallel_downloads; /* number of download streams */
+
 #ifdef HAVE_LIBGPGME
 	alpm_list_t *known_keys;  /* keys verified to be in our keychain */
 #endif

 	/* callback functions */
 	alpm_cb_log logcb;          /* Log callback function */
+	void *logcb_ctx;
 	alpm_cb_download dlcb;      /* Download callback function */
-	alpm_cb_totaldl totaldlcb;  /* Total download callback function */
+	void *dlcb_ctx;
 	alpm_cb_fetch fetchcb;      /* Download file callback function */
+	void *fetchcb_ctx;
 	alpm_cb_event eventcb;
+	void *eventcb_ctx;
 	alpm_cb_question questioncb;
+	void *questioncb_ctx;
 	alpm_cb_progress progresscb;
+	void *progresscb_ctx;

 	/* filesystem paths */
 	char *root;              /* Root path, default '/' */
@ -82,6 +92,7 @@ struct __alpm_handle_t {
 	char *logfile;           /* Name of the log file */
 	char *lockfile;          /* Name of the lock file */
 	char *gpgdir;            /* Directory where GnuPG files are stored */
+	char *sandboxuser;       /* User to switch to for sensitive operations */
 	alpm_list_t *cachedirs;  /* Paths to pacman cache directories */
 	alpm_list_t *hookdirs;   /* Paths to hook directories */
 	alpm_list_t *overwrite_files; /* Paths that may be overwritten */
@ -94,8 +105,7 @@ struct __alpm_handle_t {
 	alpm_list_t *assumeinstalled;   /* List of virtual packages used to satisfy dependencies */

 	/* options */
-	char *arch;              /* Architecture of packages we should allow */
-	double deltaratio;       /* Download deltas if possible; a ratio value */
+	alpm_list_t *architectures; /* Architectures of packages we should allow */
 	int usesyslog;           /* Use syslog instead of logfile? */ /* TODO move to frontend */
 	int checkspace;          /* Check disk space before installing */
 	char *dbext;             /* Sync DB extension */
@ -110,10 +120,6 @@ struct __alpm_handle_t {

 	/* lock file descriptor */
 	int lockfd;
-
-	/* for delta parsing efficiency */
-	int delta_regex_compiled;
-	regex_t delta_regex;
 };

 alpm_handle_t *_alpm_handle_new(void);
--- a/lib/libalpm/hook.c
+++ b/lib/libalpm/hook.c
@ -1,7 +1,7 @@
 /*
 *  hook.c
 *
- *  Copyright (c) 2015-2018 Pacman Development Team <pacman-dev@archlinux.org>
+ *  Copyright (c) 2015-2025 Pacman Development Team <pacman-dev@lists.archlinux.org>
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
@ -17,7 +17,6 @@
 *  along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */

-#include <ctype.h>
 #include <dirent.h>
 #include <errno.h>
 #include <limits.h>
@ -38,7 +37,7 @@ enum _alpm_hook_op_t {

 enum _alpm_trigger_type_t {
 	ALPM_HOOK_TYPE_PACKAGE = 1,
-	ALPM_HOOK_TYPE_FILE,
+	ALPM_HOOK_TYPE_PATH,
 };

 struct _alpm_trigger_t {
@ -71,23 +70,12 @@ static void _alpm_trigger_free(struct _alpm_trigger_t *trigger)
 	}
 }

-static void _alpm_wordsplit_free(char **ws)
-{
-	if(ws) {
-		char **c;
-		for(c = ws; *c; c++) {
-			free(*c);
-		}
-		free(ws);
-	}
-}
-
 static void _alpm_hook_free(struct _alpm_hook_t *hook)
 {
 	if(hook) {
 		free(hook->name);
 		free(hook->desc);
-		_alpm_wordsplit_free(hook->cmd);
+		wordsplit_free(hook->cmd);
 		alpm_list_free_inner(hook->triggers, (alpm_list_fn_free) _alpm_trigger_free);
 		alpm_list_free(hook->triggers);
 		alpm_list_free(hook->matches);
@ -158,107 +146,6 @@ static int _alpm_hook_validate(alpm_handle_t *handle,
 	return ret;
 }

-static char **_alpm_wordsplit(char *str)
-{
-	char *c = str, *end;
-	char **out = NULL, **outsave;
-	size_t count = 0;
-
-	if(str == NULL) {
-		errno = EINVAL;
-		return NULL;
-	}
-
-	for(c = str; isspace(*c); c++);
-	while(*c) {
-		size_t wordlen = 0;
-
-		/* extend our array */
-		outsave = out;
-		if((out = realloc(out, (count + 1) * sizeof(char*))) == NULL) {
-			out = outsave;
-			goto error;
-		}
-
-		/* calculate word length and check for unbalanced quotes */
-		for(end = c; *end && !isspace(*end); end++) {
-			if(*end == '\'' || *end == '"') {
-				char quote = *end;
-				while(*(++end) && *end != quote) {
-					if(*end == '\\' && *(end + 1) == quote) {
-						end++;
-					}
-					wordlen++;
-				}
-				if(*end != quote) {
-					errno = EINVAL;
-					goto error;
-				}
-			} else {
-				if(*end == '\\' && (end[1] == '\'' || end[1] == '"')) {
-					end++; /* skip the '\\' */
-				}
-				wordlen++;
-			}
-		}
-
-		if(wordlen == (size_t) (end - c)) {
-			/* no internal quotes or escapes, copy it the easy way */
-			if((out[count++] = strndup(c, wordlen)) == NULL) {
-				goto error;
-			}
-		} else {
-			/* manually copy to remove quotes and escapes */
-			char *dest = out[count++] = malloc(wordlen + 1);
-			if(dest == NULL) { goto error; }
-			while(c < end) {
-				if(*c == '\'' || *c == '"') {
-					char quote = *c;
-					/* we know there must be a matching end quote,
-					 * no need to check for '\0' */
-					for(c++; *c != quote; c++) {
-						if(*c == '\\' && *(c + 1) == quote) {
-							c++;
-						}
-						*(dest++) = *c;
-					}
-					c++;
-				} else {
-					if(*c == '\\' && (c[1] == '\'' || c[1] == '"')) {
-						c++; /* skip the '\\' */
-					}
-					*(dest++) = *(c++);
-				}
-			}
-			*dest = '\0';
-		}
-
-		if(*end == '\0') {
-			break;
-		} else {
-			for(c = end + 1; isspace(*c); c++);
-		}
-	}
-
-	outsave = out;
-	if((out = realloc(out, (count + 1) * sizeof(char*))) == NULL) {
-		out = outsave;
-		goto error;
-	}
-
-	out[count++] = NULL;
-
-	return out;
-
-error:
-	/* can't use wordsplit_free here because NULL has not been appended */
-	while(count) {
-		free(out[--count]);
-	}
-	free(out);
-	return NULL;
-}
-
 static int _alpm_hook_parse_cb(const char *file, int line,
 		const char *section, char *key, char *value, void *data)
 {
@ -303,7 +190,11 @@ static int _alpm_hook_parse_cb(const char *file, int line,
 			if(strcmp(value, "Package") == 0) {
 				t->type = ALPM_HOOK_TYPE_PACKAGE;
 			} else if(strcmp(value, "File") == 0) {
-				t->type = ALPM_HOOK_TYPE_FILE;
+				_alpm_log(handle, ALPM_LOG_DEBUG,
+						"File targets are deprecated, use Path instead\n");
+				t->type = ALPM_HOOK_TYPE_PATH;
+			} else if(strcmp(value, "Path") == 0) {
+				t->type = ALPM_HOOK_TYPE_PATH;
 			} else {
 				error(_("hook %s line %d: invalid value %s\n"), file, line, value);
 			}
@ -343,9 +234,9 @@ static int _alpm_hook_parse_cb(const char *file, int line,
 		} else if(strcmp(key, "Exec") == 0) {
 			if(hook->cmd != NULL) {
 				warning(_("hook %s line %d: overwriting previous definition of %s\n"), file, line, "Exec");
-				_alpm_wordsplit_free(hook->cmd);
+				wordsplit_free(hook->cmd);
 			}
-			if((hook->cmd = _alpm_wordsplit(value)) == NULL) {
+			if((hook->cmd = wordsplit(value)) == NULL) {
 				if(errno == EINVAL) {
 					error(_("hook %s line %d: invalid value %s\n"), file, line, value);
 				} else {
--- a/lib/libalpm/hook.h
+++ b/lib/libalpm/hook.h
@ -1,7 +1,7 @@
 /*
 *  hook.h
 *
- *  Copyright (c) 2015-2018 Pacman Development Team <pacman-dev@archlinux.org>
+ *  Copyright (c) 2015-2025 Pacman Development Team <pacman-dev@lists.archlinux.org>
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
--- a/lib/libalpm/ini.c
+++ b/lib/libalpm/ini.c
@ -1 +0,0 @@
-../../src/common/ini.c
--- a/lib/libalpm/ini.h
+++ b/lib/libalpm/ini.h
@ -1 +0,0 @@
-../../src/common/ini.h
--- a/lib/libalpm/libalpm.pc.in
+++ b/lib/libalpm/libalpm.pc.in
@ -1,13 +0,0 @@
-prefix=@prefix@
-exec_prefix=@exec_prefix@
-libdir=@libdir@
-includedir=@includedir@
-
-Name: libalpm
-Description: Arch Linux package management library
-URL: http://www.archlinux.org/pacman/
-Version: @LIB_VERSION@
-Requires.private: libarchive @pc_crypto@ @pc_libcurl@
-Cflags: -I${includedir} @LFS_CFLAGS@
-Libs: -L${libdir} -lalpm
-Libs.private: @LIBS@ @GPGME_LIBS@
--- a/lib/libalpm/libarchive-compat.h
+++ b/lib/libalpm/libarchive-compat.h
@ -4,7 +4,7 @@
 /*
 * libarchive-compat.h
 *
- *  Copyright (c) 2013-2018 Pacman Development Team <pacman-dev@archlinux.org>
+ *  Copyright (c) 2013-2025 Pacman Development Team <pacman-dev@lists.archlinux.org>
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
@ -24,48 +24,28 @@

 static inline int _alpm_archive_read_free(struct archive *archive)
 {
-#if ARCHIVE_VERSION_NUMBER >= 3000000
 	return archive_read_free(archive);
-#else
-	return archive_read_finish(archive);
-#endif
 }

 static inline int64_t _alpm_archive_compressed_ftell(struct archive *archive)
 {
-#if ARCHIVE_VERSION_NUMBER >= 3000000
 	return archive_filter_bytes(archive, -1);
-#else
-	return archive_position_compressed(archive);
-#endif
 }

 static inline int _alpm_archive_read_open_file(struct archive *archive,
 		const char *filename, size_t block_size)
 {
-#if ARCHIVE_VERSION_NUMBER >= 3000000
 	return archive_read_open_filename(archive, filename, block_size);
-#else
-	return archive_read_open_file(archive, filename, block_size);
-#endif
 }

 static inline int _alpm_archive_filter_code(struct archive *archive)
 {
-#if ARCHIVE_VERSION_NUMBER >= 3000000
 	return archive_filter_code(archive, 0);
-#else
-	return archive_compression(archive);
-#endif
 }

 static inline int _alpm_archive_read_support_filter_all(struct archive *archive)
 {
-#if ARCHIVE_VERSION_NUMBER >= 3000000
 	return archive_read_support_filter_all(archive);
-#else
-	return archive_read_support_compression_all(archive);
-#endif
 }

 #endif /* LIBARCHIVE_COMPAT_H */
--- a/lib/libalpm/log.c
+++ b/lib/libalpm/log.c
@ -1,7 +1,7 @@
 /*
 *  log.c
 *
- *  Copyright (c) 2006-2018 Pacman Development Team <pacman-dev@archlinux.org>
+ *  Copyright (c) 2006-2025 Pacman Development Team <pacman-dev@lists.archlinux.org>
 *  Copyright (c) 2002-2006 by Judd Vinet <jvinet@zeroflux.org>
 *
 *  This program is free software; you can redistribute it and/or modify
@ -22,6 +22,7 @@
 #include <stdarg.h>
 #include <errno.h>
 #include <syslog.h>
+#include <time.h>

 /* libalpm */
 #include "log.h"
@ -29,28 +30,18 @@
 #include "util.h"
 #include "alpm.h"

-/** \addtogroup alpm_log Logging Functions
- * @brief Functions to log using libalpm
- * @{
- */
-
 static int _alpm_log_leader(FILE *f, const char *prefix)
 {
 	time_t t = time(NULL);
 	struct tm *tm = localtime(&t);
+	int length = 32;
+	char timestamp[length];

 	/* Use ISO-8601 date format */
-	return fprintf(f, "[%04d-%02d-%02d %02d:%02d] [%s] ",
-			tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday,
-			tm->tm_hour, tm->tm_min, prefix);
+	strftime(timestamp,length,"%FT%T%z", tm);
+	return fprintf(f, "[%s] [%s] ", timestamp, prefix);
 }

-/** A printf-like function for logging.
- * @param handle the context handle
- * @param prefix caller-specific prefix for the log
- * @param fmt output format
- * @return 0 on success, -1 on error (pm_errno is set accordingly)
- */
 int SYMEXPORT alpm_logaction(alpm_handle_t *handle, const char *prefix,
 		const char *fmt, ...)
 {
@ -107,8 +98,6 @@ int SYMEXPORT alpm_logaction(alpm_handle_t *handle, const char *prefix,
 	return ret;
 }

-/** @} */
-
 void _alpm_log(alpm_handle_t *handle, alpm_loglevel_t flag, const char *fmt, ...)
 {
 	va_list args;
@ -118,6 +107,6 @@ void _alpm_log(alpm_handle_t *handle, alpm_loglevel_t flag, const char *fmt, ...
 	}

 	va_start(args, fmt);
-	handle->logcb(flag, fmt, args);
+	handle->logcb(handle->logcb_ctx, flag, fmt, args);
 	va_end(args);
 }
--- a/lib/libalpm/log.h
+++ b/lib/libalpm/log.h
@ -1,7 +1,7 @@
 /*
 *  log.h
 *
- *  Copyright (c) 2006-2018 Pacman Development Team <pacman-dev@archlinux.org>
+ *  Copyright (c) 2006-2025 Pacman Development Team <pacman-dev@lists.archlinux.org>
 *  Copyright (c) 2002-2006 by Judd Vinet <jvinet@zeroflux.org>
 *
 *  This program is free software; you can redistribute it and/or modify
--- a/lib/libalpm/meson.build
+++ b/lib/libalpm/meson.build
@ -9,7 +9,6 @@ libalpm_sources = files('''
  be_sync.c
  conflict.h conflict.c
  db.h db.c
-  delta.h delta.c
  deps.h deps.c
  diskspace.h diskspace.c
  dload.h dload.c
@ -25,6 +24,9 @@ libalpm_sources = files('''
  pkghash.h pkghash.c
  rawstr.c
  remove.h remove.c
+  sandbox.h sandbox.c
+  sandbox_fs.h sandbox_fs.c
+  sandbox_syscalls.h sandbox_syscalls.c
  signing.c signing.h
  sync.h sync.c
  trans.h trans.c
--- a/lib/libalpm/package.c
+++ b/lib/libalpm/package.c
@ -1,7 +1,7 @@
 /*
 *  package.c
 *
- *  Copyright (c) 2006-2018 Pacman Development Team <pacman-dev@archlinux.org>
+ *  Copyright (c) 2006-2025 Pacman Development Team <pacman-dev@lists.archlinux.org>
 *  Copyright (c) 2002-2006 by Judd Vinet <jvinet@zeroflux.org>
 *  Copyright (c) 2005 by Aurelien Foret <orelien@chez.com>
 *  Copyright (c) 2005, 2006 by Christian Hamar <krics@linuxforum.hu>
@ -21,6 +21,7 @@
 *  along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */

+#include <limits.h>
 #include <stdlib.h>
 #include <string.h>
 #include <sys/types.h>
@ -31,16 +32,9 @@
 #include "log.h"
 #include "util.h"
 #include "db.h"
-#include "delta.h"
 #include "handle.h"
 #include "deps.h"

-/** \addtogroup alpm_packages Package Functions
- * @brief Functions to manipulate libalpm packages
- * @{
- */
-
-/** Free a package. */
 int SYMEXPORT alpm_pkg_free(alpm_pkg_t *pkg)
 {
 	ASSERT(pkg != NULL, return -1);
@ -53,7 +47,6 @@ int SYMEXPORT alpm_pkg_free(alpm_pkg_t *pkg)
 	return 0;
 }

-/** Check the integrity (with md5) of a package from the sync cache. */
 int SYMEXPORT alpm_pkg_checkmd5sum(alpm_pkg_t *pkg)
 {
 	char *fpath;
@ -106,6 +99,7 @@ static alpm_list_t *_pkg_get_provides(alpm_pkg_t *pkg)   { return pkg->provides;
 static alpm_list_t *_pkg_get_replaces(alpm_pkg_t *pkg)   { return pkg->replaces; }
 static alpm_filelist_t *_pkg_get_files(alpm_pkg_t *pkg)  { return &(pkg->files); }
 static alpm_list_t *_pkg_get_backup(alpm_pkg_t *pkg)     { return pkg->backup; }
+static alpm_list_t *_pkg_get_xdata(alpm_pkg_t *pkg)      { return pkg->xdata; }

 static void *_pkg_changelog_open(alpm_pkg_t UNUSED *pkg)
 {
@ -146,7 +140,7 @@ static int _pkg_force_load(alpm_pkg_t UNUSED *pkg) { return 0; }
 /** The standard package operations struct. Get fields directly from the
 * struct itself with no abstraction layer or any type of lazy loading.
 */
-struct pkg_operations default_pkg_ops = {
+const struct pkg_operations default_pkg_ops = {
 	.get_base        = _pkg_get_base,
 	.get_desc        = _pkg_get_desc,
 	.get_url         = _pkg_get_url,
@ -170,6 +164,7 @@ struct pkg_operations default_pkg_ops = {
 	.get_replaces    = _pkg_get_replaces,
 	.get_files       = _pkg_get_files,
 	.get_backup      = _pkg_get_backup,
+	.get_xdata       = _pkg_get_xdata,

 	.changelog_open  = _pkg_changelog_open,
 	.changelog_read  = _pkg_changelog_read,
@ -199,6 +194,12 @@ const char SYMEXPORT *alpm_pkg_get_base(alpm_pkg_t *pkg)
 	return pkg->ops->get_base(pkg);
 }

+alpm_handle_t SYMEXPORT *alpm_pkg_get_handle(alpm_pkg_t *pkg)
+{
+	ASSERT(pkg != NULL, return NULL);
+	return pkg->handle;
+}
+
 const char SYMEXPORT *alpm_pkg_get_name(alpm_pkg_t *pkg)
 {
 	ASSERT(pkg != NULL, return NULL);
@ -276,6 +277,44 @@ const char SYMEXPORT *alpm_pkg_get_base64_sig(alpm_pkg_t *pkg)
 	return pkg->base64_sig;
 }

+int SYMEXPORT alpm_pkg_get_sig(alpm_pkg_t *pkg, unsigned char **sig, size_t *sig_len)
+{
+	ASSERT(pkg != NULL, return -1);
+
+	if(pkg->base64_sig) {
+		int ret = alpm_decode_signature(pkg->base64_sig, sig, sig_len);
+		if(ret != 0) {
+			RET_ERR(pkg->handle, ALPM_ERR_SIG_INVALID, -1);
+		}
+		return 0;
+	} else {
+		char *pkgpath = NULL, *sigpath = NULL;
+		alpm_errno_t err;
+		int ret = -1;
+
+		pkgpath = _alpm_filecache_find(pkg->handle, pkg->filename);
+		if(!pkgpath) {
+			GOTO_ERR(pkg->handle, ALPM_ERR_PKG_NOT_FOUND, cleanup);
+		}
+		sigpath = _alpm_sigpath(pkg->handle, pkgpath);
+		if(!sigpath || _alpm_access(pkg->handle, NULL, sigpath, R_OK)) {
+			GOTO_ERR(pkg->handle, ALPM_ERR_SIG_MISSING, cleanup);
+		}
+		err = _alpm_read_file(sigpath, sig, sig_len);
+		if(err == ALPM_ERR_OK) {
+			_alpm_log(pkg->handle, ALPM_LOG_DEBUG, "found detached signature %s with size %ld\n",
+				sigpath, *sig_len);
+		} else {
+			GOTO_ERR(pkg->handle, err, cleanup);
+		}
+		ret = 0;
+cleanup:
+		FREE(pkgpath);
+		FREE(sigpath);
+		return ret;
+	}
+}
+
 const char SYMEXPORT *alpm_pkg_get_arch(alpm_pkg_t *pkg)
 {
 	ASSERT(pkg != NULL, return NULL);
@ -374,13 +413,6 @@ alpm_list_t SYMEXPORT *alpm_pkg_get_replaces(alpm_pkg_t *pkg)
 	return pkg->ops->get_replaces(pkg);
 }

-alpm_list_t SYMEXPORT *alpm_pkg_get_deltas(alpm_pkg_t *pkg)
-{
-	ASSERT(pkg != NULL, return NULL);
-	pkg->handle->pm_errno = ALPM_ERR_OK;
-	return pkg->deltas;
-}
-
 alpm_filelist_t SYMEXPORT *alpm_pkg_get_files(alpm_pkg_t *pkg)
 {
 	ASSERT(pkg != NULL, return NULL);
@ -405,7 +437,6 @@ alpm_db_t SYMEXPORT *alpm_pkg_get_db(alpm_pkg_t *pkg)
 	return pkg->origin_data.db;
 }

-/** Open a package changelog for reading. */
 void SYMEXPORT *alpm_pkg_changelog_open(alpm_pkg_t *pkg)
 {
 	ASSERT(pkg != NULL, return NULL);
@ -413,7 +444,6 @@ void SYMEXPORT *alpm_pkg_changelog_open(alpm_pkg_t *pkg)
 	return pkg->ops->changelog_open(pkg);
 }

-/** Read data from an open changelog 'file stream'. */
 size_t SYMEXPORT alpm_pkg_changelog_read(void *ptr, size_t size,
 		const alpm_pkg_t *pkg, void *fp)
 {
@ -422,7 +452,6 @@ size_t SYMEXPORT alpm_pkg_changelog_read(void *ptr, size_t size,
 	return pkg->ops->changelog_read(ptr, size, pkg, fp);
 }

-/** Close a package changelog for reading. */
 int SYMEXPORT alpm_pkg_changelog_close(const alpm_pkg_t *pkg, void *fp)
 {
 	ASSERT(pkg != NULL, return -1);
@ -430,7 +459,6 @@ int SYMEXPORT alpm_pkg_changelog_close(const alpm_pkg_t *pkg, void *fp)
 	return pkg->ops->changelog_close(pkg, fp);
 }

-/** Open a package mtree file for reading. */
 struct archive SYMEXPORT *alpm_pkg_mtree_open(alpm_pkg_t * pkg)
 {
 	ASSERT(pkg != NULL, return NULL);
@ -438,7 +466,6 @@ struct archive SYMEXPORT *alpm_pkg_mtree_open(alpm_pkg_t * pkg)
 	return pkg->ops->mtree_open(pkg);
 }

-/** Read entry from an open mtree file. */
 int SYMEXPORT alpm_pkg_mtree_next(const alpm_pkg_t * pkg, struct archive *archive,
 	struct archive_entry **entry)
 {
@ -447,7 +474,6 @@ int SYMEXPORT alpm_pkg_mtree_next(const alpm_pkg_t * pkg, struct archive *archiv
 	return pkg->ops->mtree_next(pkg, archive, entry);
 }

-/** Close a package mtree file for reading. */
 int SYMEXPORT alpm_pkg_mtree_close(const alpm_pkg_t * pkg, struct archive *archive)
 {
 	ASSERT(pkg != NULL, return -1);
@ -462,6 +488,13 @@ int SYMEXPORT alpm_pkg_has_scriptlet(alpm_pkg_t *pkg)
 	return pkg->ops->has_scriptlet(pkg);
 }

+alpm_list_t SYMEXPORT *alpm_pkg_get_xdata(alpm_pkg_t *pkg)
+{
+	ASSERT(pkg != NULL, return NULL);
+	pkg->handle->pm_errno = ALPM_ERR_OK;
+	return pkg->ops->get_xdata(pkg);
+}
+
 static void find_requiredby(alpm_pkg_t *pkg, alpm_db_t *db, alpm_list_t **reqs,
 		int optional)
 {
@ -518,21 +551,16 @@ static alpm_list_t *compute_requiredby(alpm_pkg_t *pkg, int optional)
 	return reqs;
 }

-/** Compute the packages requiring a given package. */
 alpm_list_t SYMEXPORT *alpm_pkg_compute_requiredby(alpm_pkg_t *pkg)
 {
 	return compute_requiredby(pkg, 0);
 }

-/** Compute the packages optionally requiring a given package. */
 alpm_list_t SYMEXPORT *alpm_pkg_compute_optionalfor(alpm_pkg_t *pkg)
 {
 	return compute_requiredby(pkg, 1);
 }

-
-/** @} */
-
 alpm_file_t *_alpm_file_copy(alpm_file_t *dest,
 		const alpm_file_t *src)
 {
@ -620,9 +648,6 @@ int _alpm_pkg_dup(alpm_pkg_t *pkg, alpm_pkg_t **new_ptr)
 	newpkg->optdepends = list_depdup(pkg->optdepends);
 	newpkg->conflicts  = list_depdup(pkg->conflicts);
 	newpkg->provides   = list_depdup(pkg->provides);
-	for(i = pkg->deltas; i; i = i->next) {
-		newpkg->deltas = alpm_list_add(newpkg->deltas, _alpm_delta_dup(i->data));
-	}

 	if(pkg->files.count) {
 		size_t filenum;
@ -662,6 +687,30 @@ static void free_deplist(alpm_list_t *deps)
 	alpm_list_free(deps);
 }

+alpm_pkg_xdata_t *_alpm_pkg_parse_xdata(const char *string)
+{
+	alpm_pkg_xdata_t *pd;
+	const char *sep;
+	if(string == NULL || (sep = strchr(string, '=')) == NULL) {
+		return NULL;
+	}
+
+	CALLOC(pd, 1, sizeof(alpm_pkg_xdata_t), return NULL);
+	STRNDUP(pd->name, string, sep - string, FREE(pd); return NULL);
+	STRDUP(pd->value, sep + 1, FREE(pd->name); FREE(pd); return NULL);
+
+	return pd;
+}
+
+void _alpm_pkg_xdata_free(alpm_pkg_xdata_t *pd)
+{
+	if(pd) {
+		free(pd->name);
+		free(pd->value);
+		free(pd);
+	}
+}
+
 void _alpm_pkg_free(alpm_pkg_t *pkg)
 {
 	if(pkg == NULL) {
@ -692,13 +741,14 @@ void _alpm_pkg_free(alpm_pkg_t *pkg)
 	}
 	alpm_list_free_inner(pkg->backup, (alpm_list_fn_free)_alpm_backup_free);
 	alpm_list_free(pkg->backup);
+	alpm_list_free_inner(pkg->xdata, (alpm_list_fn_free)_alpm_pkg_xdata_free);
+	alpm_list_free(pkg->xdata);
 	free_deplist(pkg->depends);
 	free_deplist(pkg->optdepends);
+	free_deplist(pkg->checkdepends);
+	free_deplist(pkg->makedepends);
 	free_deplist(pkg->conflicts);
 	free_deplist(pkg->provides);
-	alpm_list_free_inner(pkg->deltas, (alpm_list_fn_free)_alpm_delta_free);
-	alpm_list_free(pkg->deltas);
-	alpm_list_free(pkg->delta_path);
 	alpm_list_free(pkg->removes);
 	_alpm_pkg_free(pkg->oldpkg);

@ -776,16 +826,6 @@ alpm_pkg_t SYMEXPORT *alpm_pkg_find(alpm_list_t *haystack, const char *needle)
 	return NULL;
 }

-/** Test if a package should be ignored.
- *
- * Checks if the package is ignored via IgnorePkg, or if the package is
- * in a group ignored via IgnoreGroup.
- *
- * @param handle the context handle
- * @param pkg the package to test
- *
- * @return 1 if the package should be ignored, 0 otherwise
- */
 int SYMEXPORT alpm_pkg_should_ignore(alpm_handle_t *handle, alpm_pkg_t *pkg)
 {
 	alpm_list_t *groups = NULL;
@ -805,3 +845,58 @@ int SYMEXPORT alpm_pkg_should_ignore(alpm_handle_t *handle, alpm_pkg_t *pkg)

 	return 0;
 }
+
+/* check that package metadata meets our requirements */
+int _alpm_pkg_check_meta(alpm_pkg_t *pkg)
+{
+	char *c;
+	int error_found = 0;
+
+#define EPKGMETA(error) do { \
+	error_found = -1; \
+	_alpm_log(pkg->handle, ALPM_LOG_ERROR, error, pkg->name, pkg->version); \
+} while(0)
+
+	/* sanity check */
+	if(pkg->handle == NULL) {
+		return -1;
+	}
+
+	/* immediate bail if package doesn't have name or version */
+	if(pkg->name == NULL || pkg->name[0] == '\0'
+			|| pkg->version == NULL || pkg->version[0] == '\0') {
+		_alpm_log(pkg->handle, ALPM_LOG_ERROR,
+				_("invalid package metadata (name or version missing)"));
+		return -1;
+	}
+
+	if(pkg->name[0] == '-' || pkg->name[0] == '.') {
+		EPKGMETA(_("invalid metadata for package %s-%s "
+					"(package name cannot start with '.' or '-')\n"));
+	}
+	if(_alpm_fnmatch(pkg->name, "[![:alnum:]+_.@-]") == 0) {
+		EPKGMETA(_("invalid metadata for package %s-%s "
+					"(package name contains invalid characters)\n"));
+	}
+
+	/* multiple '-' in pkgver can cause local db entries for different packages
+	 * to overlap (e.g. foo-1=2-3 and foo=1-2-3 both give foo-1-2-3) */
+	if((c = strchr(pkg->version, '-')) && (strchr(c + 1, '-'))) {
+		EPKGMETA(_("invalid metadata for package %s-%s "
+					"(package version contains invalid characters)\n"));
+	}
+	if(strchr(pkg->version, '/')) {
+		EPKGMETA(_("invalid metadata for package %s-%s "
+					"(package version contains invalid characters)\n"));
+	}
+
+	/* local db entry is <pkgname>-<pkgver> */
+	if(strlen(pkg->name) + strlen(pkg->version) + 1 > NAME_MAX) {
+		EPKGMETA(_("invalid metadata for package %s-%s "
+					"(package name and version too long)\n"));
+	}
+
+#undef EPKGMETA
+
+	return error_found;
+}
--- a/lib/libalpm/package.h
+++ b/lib/libalpm/package.h
@ -1,7 +1,7 @@
 /*
 *  package.h
 *
- *  Copyright (c) 2006-2018 Pacman Development Team <pacman-dev@archlinux.org>
+ *  Copyright (c) 2006-2025 Pacman Development Team <pacman-dev@lists.archlinux.org>
 *  Copyright (c) 2002-2006 by Judd Vinet <jvinet@zeroflux.org>
 *  Copyright (c) 2005 by Aurelien Foret <orelien@chez.com>
 *  Copyright (c) 2006 by David Kimpe <dnaku@frugalware.org>
@ -67,6 +67,8 @@ struct pkg_operations {
 	alpm_filelist_t *(*get_files) (alpm_pkg_t *);
 	alpm_list_t *(*get_backup) (alpm_pkg_t *);

+	alpm_list_t *(*get_xdata) (alpm_pkg_t *);
+
 	void *(*changelog_open) (alpm_pkg_t *);
 	size_t (*changelog_read) (void *, size_t, const alpm_pkg_t *, void *);
 	int (*changelog_close) (const alpm_pkg_t *, void *);
@ -83,9 +85,9 @@ struct pkg_operations {
 * The actual definition is in package.c so it can have access to the
 * default accessor functions which are defined there.
 */
-extern struct pkg_operations default_pkg_ops;
+extern const struct pkg_operations default_pkg_ops;

-struct __alpm_pkg_t {
+struct _alpm_pkg_t {
 	unsigned long name_hash;
 	char *filename;
 	char *base;
@ -118,12 +120,10 @@ struct __alpm_pkg_t {
 	alpm_list_t *makedepends;
 	alpm_list_t *conflicts;
 	alpm_list_t *provides;
-	alpm_list_t *deltas;
-	alpm_list_t *delta_path;
 	alpm_list_t *removes; /* in transaction targets only */
 	alpm_pkg_t *oldpkg; /* in transaction targets only */

-	struct pkg_operations *ops;
+	const struct pkg_operations *ops;

 	alpm_filelist_t files;

@ -138,6 +138,8 @@ struct __alpm_pkg_t {
 	alpm_pkgreason_t reason;
 	int scriptlet;

+	alpm_list_t *xdata;
+
 	/* Bitfield from alpm_dbinfrq_t */
 	int infolevel;
 	/* Bitfield from alpm_pkgvalidation_t */
@ -160,4 +162,9 @@ alpm_pkg_t *_alpm_pkg_load_internal(alpm_handle_t *handle,
 int _alpm_pkg_cmp(const void *p1, const void *p2);
 int _alpm_pkg_compare_versions(alpm_pkg_t *local_pkg, alpm_pkg_t *pkg);

+alpm_pkg_xdata_t *_alpm_pkg_parse_xdata(const char *string);
+void _alpm_pkg_xdata_free(alpm_pkg_xdata_t *pd);
+
+int _alpm_pkg_check_meta(alpm_pkg_t *pkg);
+
 #endif /* ALPM_PACKAGE_H */
--- a/lib/libalpm/pkghash.c
+++ b/lib/libalpm/pkghash.c
@ -1,7 +1,7 @@
 /*
 *  pkghash.c
 *
- *  Copyright (c) 2011-2018 Pacman Development Team <pacman-dev@archlinux.org>
+ *  Copyright (c) 2011-2025 Pacman Development Team <pacman-dev@lists.archlinux.org>
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
--- a/lib/libalpm/pkghash.h
+++ b/lib/libalpm/pkghash.h
@ -1,7 +1,7 @@
 /*
 *  pkghash.h
 *
- *  Copyright (c) 2011-2018 Pacman Development Team <pacman-dev@archlinux.org>
+ *  Copyright (c) 2011-2025 Pacman Development Team <pacman-dev@lists.archlinux.org>
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
@ -32,7 +32,7 @@
 * A combination of a hash table and a list, allowing for fast look-up
 * by package name but also iteration over the packages.
 */
-struct __alpm_pkghash_t {
+struct _alpm_pkghash_t {
 	/** data held by the hash table */
 	alpm_list_t **hash_table;
 	/** head node of the hash table data in normal list format */
@ -45,7 +45,7 @@ struct __alpm_pkghash_t {
 	unsigned int limit;
 };

-typedef struct __alpm_pkghash_t alpm_pkghash_t;
+typedef struct _alpm_pkghash_t alpm_pkghash_t;

 alpm_pkghash_t *_alpm_pkghash_create(unsigned int size);

--- a/lib/libalpm/po/LINGUAS
+++ b/lib/libalpm/po/LINGUAS
@ -1,6 +1,7 @@
 # Set of available languages.
 ar
 ast
+az_AZ
 bg
 br
 ca
@ -17,6 +18,7 @@ eu_ES
 fi
 fr
 gl
+hi
 hr
 hu
 id
--- a/Show more
+++ b/Show more