Allan McRae pushed to branch master at Pacman / Pacman
Commits: eb5bf691 by Demi Obenour at 2024-03-19T11:44:38+10:00 Fetch signature and database from the same URL Previously, the for loops on lines 1035 and 1037 would advance to the next element in the server list, even if downloading the URL succeeded. If there are no more servers in the list, `s` would be NULL, causing a NULL pointer dereference on line 1046. If there were servers left in the list, the signature would be downloaded from a wrong URL. 1. Fetching of database signatures is enabled. 2. There is only one enabled remote repository URL, or fetching from all but the last one fails and fetching from the last one succeeds. 3. An XferCommand is used. Qubes OS Arch templates satisfy all of these conditions and trigger the bug. - - - - - 1 changed file: - lib/libalpm/dload.c View it on GitLab: https://gitlab.archlinux.org/pacman/pacman/-/commit/eb5bf6913835e7553433ef82bdf0a456528f9b50 -- View it on GitLab: https://gitlab.archlinux.org/pacman/pacman/-/commit/eb5bf6913835e7553433ef82bdf0a456528f9b50 You're receiving this email because of your account on gitlab.archlinux.org.
