diff options
| -rwxr-xr-x | contrib/paclist.in | 2 | ||||
| -rw-r--r-- | lib/libalpm/dload.c | 3 | ||||
| -rw-r--r-- | lib/libalpm/util.c | 2 | ||||
| -rw-r--r-- | scripts/repo-add.sh.in | 19 |
4 files changed, 17 insertions, 9 deletions
diff --git a/contrib/paclist.in b/contrib/paclist.in index c766c2c5..8623049f 100755 --- a/contrib/paclist.in +++ b/contrib/paclist.in @@ -29,7 +29,7 @@ if ! type gettext &>/dev/null; then } fi -if [[ -z $1 ]]; then +if [[ -z $1 || $1 = -@(h|-help) ]]; then printf '%s - List all packages installed from a given repo\n' "$myname" printf 'Usage: %s <repo>\n' "$myname" printf 'Example: %s testing\n' "$myname" diff --git a/lib/libalpm/dload.c b/lib/libalpm/dload.c index 76bb00f9..bcbc8095 100644 --- a/lib/libalpm/dload.c +++ b/lib/libalpm/dload.c @@ -602,6 +602,9 @@ char SYMEXPORT *alpm_fetch_pkgurl(alpm_handle_t *handle, const char *url) payload.force = 1; payload.errors_ok = (handle->siglevel & ALPM_SIG_PACKAGE_OPTIONAL); + /* set hard upper limit of 16KiB */ + payload.max_size = 16 * 1024; + ret = _alpm_download(&payload, cachedir, &sig_final_file); if(ret == -1 && !payload.errors_ok) { _alpm_log(handle, ALPM_LOG_WARNING, diff --git a/lib/libalpm/util.c b/lib/libalpm/util.c index d85a5036..96e1ef66 100644 --- a/lib/libalpm/util.c +++ b/lib/libalpm/util.c @@ -1115,7 +1115,7 @@ cleanup: { int ret = b->ret; FREE(b->line); - memset(b, 0, sizeof(b)); + memset(b, 0, sizeof(struct archive_read_buffer)); return ret; } } diff --git a/scripts/repo-add.sh.in b/scripts/repo-add.sh.in index 8fa3b723..914675fd 100644 --- a/scripts/repo-add.sh.in +++ b/scripts/repo-add.sh.in @@ -245,7 +245,7 @@ db_write_entry() { local pkgfile="$1" local -a _groups _licenses _replaces _depends _conflicts _provides _optdepends local pkgname pkgver pkgdesc csize size url arch builddate packager \ - md5sum sha256sum pgpsig + md5sum sha256sum pgpsig pgpsigsize # read info from the zipped package local line var val @@ -284,6 +284,17 @@ db_write_entry() { fi fi + # compute base64'd PGP signature + if [[ -f "$pkgfile.sig" ]]; then + pgpsigsize=$(@SIZECMD@ "$pkgfile.sig") + if (( pgpsigsize > 16384 )); then + error "$(gettext "Invalid package signature file '%s'.")" "$pkgfile.sig" + return 1 + fi + msg2 "$(gettext "Adding package signature...")" + pgpsig=$(openssl base64 -in "$pkgfile.sig" | tr -d '\n') + fi + csize=$(@SIZECMD@ "$pkgfile") # compute checksums @@ -293,12 +304,6 @@ db_write_entry() { sha256sum="$(openssl dgst -sha256 "$pkgfile")" sha256sum="${sha256sum##* }" - # compute base64'd PGP signature - if [[ -f "$pkgfile.sig" ]]; then - msg2 "$(gettext "Adding package signature...")" - pgpsig=$(openssl base64 -in "$pkgfile.sig" | tr -d '\n') - fi - # remove an existing entry if it exists, ignore failures db_remove_entry "$pkgname" |