Merge branch 'maint'

2024-08-13 17:03:46 -04:00 · 2011-12-07 10:00:20 -06:00 · 2011-12-07 10:00:20 -06:00 · a3a75e0a41
commit a3a75e0a41
parent 1038e66964 6a1d3948a6
4 changed files with 17 additions and 9 deletions
--- a/contrib/paclist.in
+++ b/contrib/paclist.in
@ -29,7 +29,7 @@ if ! type gettext &>/dev/null; then
 	}
 fi

-if [[ -z $1 ]]; then
+if [[ -z $1 || $1 = -@(h|-help) ]]; then
 	printf '%s - List all packages installed from a given repo\n' "$myname"
 	printf 'Usage:   %s <repo>\n' "$myname"
 	printf 'Example: %s testing\n' "$myname"
--- a/lib/libalpm/dload.c
+++ b/lib/libalpm/dload.c
@ -602,6 +602,9 @@ char SYMEXPORT *alpm_fetch_pkgurl(alpm_handle_t *handle, const char *url)
 		payload.force = 1;
 		payload.errors_ok = (handle->siglevel & ALPM_SIG_PACKAGE_OPTIONAL);

+		/* set hard upper limit of 16KiB */
+		payload.max_size = 16 * 1024;
+
 		ret = _alpm_download(&payload, cachedir, &sig_final_file);
 		if(ret == -1 && !payload.errors_ok) {
 			_alpm_log(handle, ALPM_LOG_WARNING,
--- a/lib/libalpm/util.c
+++ b/lib/libalpm/util.c
@ -1115,7 +1115,7 @@ cleanup:
 	{
 		int ret = b->ret;
 		FREE(b->line);
-		memset(b, 0, sizeof(b));
+		memset(b, 0, sizeof(struct archive_read_buffer));
 		return ret;
 	}
 }
--- a/scripts/repo-add.sh.in
+++ b/scripts/repo-add.sh.in
@ -245,7 +245,7 @@ db_write_entry() {
 	local pkgfile="$1"
 	local -a _groups _licenses _replaces _depends _conflicts _provides _optdepends
 	local pkgname pkgver pkgdesc csize size url arch builddate packager \
-		md5sum sha256sum pgpsig
+		md5sum sha256sum pgpsig pgpsigsize

 	# read info from the zipped package
 	local line var val
@ -284,6 +284,17 @@ db_write_entry() {
 		fi
 	fi

+	# compute base64'd PGP signature
+	if [[ -f "$pkgfile.sig" ]]; then
+		pgpsigsize=$(@SIZECMD@ "$pkgfile.sig")
+		if (( pgpsigsize > 16384 )); then
+			error "$(gettext "Invalid package signature file '%s'.")" "$pkgfile.sig"
+			return 1
+		fi
+		msg2 "$(gettext "Adding package signature...")"
+		pgpsig=$(openssl base64 -in "$pkgfile.sig" | tr -d '\n')
+	fi
+
 	csize=$(@SIZECMD@ "$pkgfile")

 	# compute checksums
@ -293,12 +304,6 @@ db_write_entry() {
 	sha256sum="$(openssl dgst -sha256 "$pkgfile")"
 	sha256sum="${sha256sum##* }"

-	# compute base64'd PGP signature
-	if [[ -f "$pkgfile.sig" ]]; then
-		msg2 "$(gettext "Adding package signature...")"
-		pgpsig=$(openssl base64 -in "$pkgfile.sig" | tr -d '\n')
-	fi
-
 	# remove an existing entry if it exists, ignore failures
 	db_remove_entry "$pkgname"