summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rwxr-xr-xcontrib/paclist.in2
-rw-r--r--lib/libalpm/dload.c3
-rw-r--r--lib/libalpm/util.c2
-rw-r--r--scripts/repo-add.sh.in19
4 files changed, 17 insertions, 9 deletions
diff --git a/contrib/paclist.in b/contrib/paclist.in
index c766c2c5..8623049f 100755
--- a/contrib/paclist.in
+++ b/contrib/paclist.in
@@ -29,7 +29,7 @@ if ! type gettext &>/dev/null; then
}
fi
-if [[ -z $1 ]]; then
+if [[ -z $1 || $1 = -@(h|-help) ]]; then
printf '%s - List all packages installed from a given repo\n' "$myname"
printf 'Usage: %s <repo>\n' "$myname"
printf 'Example: %s testing\n' "$myname"
diff --git a/lib/libalpm/dload.c b/lib/libalpm/dload.c
index 76bb00f9..bcbc8095 100644
--- a/lib/libalpm/dload.c
+++ b/lib/libalpm/dload.c
@@ -602,6 +602,9 @@ char SYMEXPORT *alpm_fetch_pkgurl(alpm_handle_t *handle, const char *url)
payload.force = 1;
payload.errors_ok = (handle->siglevel & ALPM_SIG_PACKAGE_OPTIONAL);
+ /* set hard upper limit of 16KiB */
+ payload.max_size = 16 * 1024;
+
ret = _alpm_download(&payload, cachedir, &sig_final_file);
if(ret == -1 && !payload.errors_ok) {
_alpm_log(handle, ALPM_LOG_WARNING,
diff --git a/lib/libalpm/util.c b/lib/libalpm/util.c
index d85a5036..96e1ef66 100644
--- a/lib/libalpm/util.c
+++ b/lib/libalpm/util.c
@@ -1115,7 +1115,7 @@ cleanup:
{
int ret = b->ret;
FREE(b->line);
- memset(b, 0, sizeof(b));
+ memset(b, 0, sizeof(struct archive_read_buffer));
return ret;
}
}
diff --git a/scripts/repo-add.sh.in b/scripts/repo-add.sh.in
index 8fa3b723..914675fd 100644
--- a/scripts/repo-add.sh.in
+++ b/scripts/repo-add.sh.in
@@ -245,7 +245,7 @@ db_write_entry() {
local pkgfile="$1"
local -a _groups _licenses _replaces _depends _conflicts _provides _optdepends
local pkgname pkgver pkgdesc csize size url arch builddate packager \
- md5sum sha256sum pgpsig
+ md5sum sha256sum pgpsig pgpsigsize
# read info from the zipped package
local line var val
@@ -284,6 +284,17 @@ db_write_entry() {
fi
fi
+ # compute base64'd PGP signature
+ if [[ -f "$pkgfile.sig" ]]; then
+ pgpsigsize=$(@SIZECMD@ "$pkgfile.sig")
+ if (( pgpsigsize > 16384 )); then
+ error "$(gettext "Invalid package signature file '%s'.")" "$pkgfile.sig"
+ return 1
+ fi
+ msg2 "$(gettext "Adding package signature...")"
+ pgpsig=$(openssl base64 -in "$pkgfile.sig" | tr -d '\n')
+ fi
+
csize=$(@SIZECMD@ "$pkgfile")
# compute checksums
@@ -293,12 +304,6 @@ db_write_entry() {
sha256sum="$(openssl dgst -sha256 "$pkgfile")"
sha256sum="${sha256sum##* }"
- # compute base64'd PGP signature
- if [[ -f "$pkgfile.sig" ]]; then
- msg2 "$(gettext "Adding package signature...")"
- pgpsig=$(openssl base64 -in "$pkgfile.sig" | tr -d '\n')
- fi
-
# remove an existing entry if it exists, ignore failures
db_remove_entry "$pkgname"