diff options
| -rwxr-xr-x | contrib/paclist.in | 2 | ||||
| -rw-r--r-- | lib/libalpm/dload.c | 3 | ||||
| -rw-r--r-- | lib/libalpm/util.c | 2 | ||||
| -rw-r--r-- | scripts/repo-add.sh.in | 19 | 
4 files changed, 17 insertions, 9 deletions
| diff --git a/contrib/paclist.in b/contrib/paclist.in index c766c2c5..8623049f 100755 --- a/contrib/paclist.in +++ b/contrib/paclist.in @@ -29,7 +29,7 @@ if ! type gettext &>/dev/null; then  	}  fi -if [[ -z $1 ]]; then +if [[ -z $1 || $1 = -@(h|-help) ]]; then  	printf '%s - List all packages installed from a given repo\n' "$myname"  	printf 'Usage:   %s <repo>\n' "$myname"  	printf 'Example: %s testing\n' "$myname" diff --git a/lib/libalpm/dload.c b/lib/libalpm/dload.c index 76bb00f9..bcbc8095 100644 --- a/lib/libalpm/dload.c +++ b/lib/libalpm/dload.c @@ -602,6 +602,9 @@ char SYMEXPORT *alpm_fetch_pkgurl(alpm_handle_t *handle, const char *url)  		payload.force = 1;  		payload.errors_ok = (handle->siglevel & ALPM_SIG_PACKAGE_OPTIONAL); +		/* set hard upper limit of 16KiB */ +		payload.max_size = 16 * 1024; +  		ret = _alpm_download(&payload, cachedir, &sig_final_file);  		if(ret == -1 && !payload.errors_ok) {  			_alpm_log(handle, ALPM_LOG_WARNING, diff --git a/lib/libalpm/util.c b/lib/libalpm/util.c index d85a5036..96e1ef66 100644 --- a/lib/libalpm/util.c +++ b/lib/libalpm/util.c @@ -1115,7 +1115,7 @@ cleanup:  	{  		int ret = b->ret;  		FREE(b->line); -		memset(b, 0, sizeof(b)); +		memset(b, 0, sizeof(struct archive_read_buffer));  		return ret;  	}  } diff --git a/scripts/repo-add.sh.in b/scripts/repo-add.sh.in index 8fa3b723..914675fd 100644 --- a/scripts/repo-add.sh.in +++ b/scripts/repo-add.sh.in @@ -245,7 +245,7 @@ db_write_entry() {  	local pkgfile="$1"  	local -a _groups _licenses _replaces _depends _conflicts _provides _optdepends  	local pkgname pkgver pkgdesc csize size url arch builddate packager \ -		md5sum sha256sum pgpsig +		md5sum sha256sum pgpsig pgpsigsize  	# read info from the zipped package  	local line var val @@ -284,6 +284,17 @@ db_write_entry() {  		fi  	fi +	# compute base64'd PGP signature +	if [[ -f "$pkgfile.sig" ]]; then +		pgpsigsize=$(@SIZECMD@ "$pkgfile.sig") +		if (( pgpsigsize > 16384 )); then +			error "$(gettext "Invalid package signature file '%s'.")" "$pkgfile.sig" +			return 1 +		fi +		msg2 "$(gettext "Adding package signature...")" +		pgpsig=$(openssl base64 -in "$pkgfile.sig" | tr -d '\n') +	fi +  	csize=$(@SIZECMD@ "$pkgfile")  	# compute checksums @@ -293,12 +304,6 @@ db_write_entry() {  	sha256sum="$(openssl dgst -sha256 "$pkgfile")"  	sha256sum="${sha256sum##* }" -	# compute base64'd PGP signature -	if [[ -f "$pkgfile.sig" ]]; then -		msg2 "$(gettext "Adding package signature...")" -		pgpsig=$(openssl base64 -in "$pkgfile.sig" | tr -d '\n') -	fi -  	# remove an existing entry if it exists, ignore failures  	db_remove_entry "$pkgname" | 
