cherry-pick Bump debian control.tar size limit

source: https://github.com/openSUSE/libsolv
commit d85442d05de4f2c33e692f4815dbd06f46e3fdb8 (HEAD)
Author: Dan Nicholson <nicholson@endlessm.com>
Date:   Thu Jun 21 11:51:55 2018 -0500

    Bump debian control.tar size limit

    Increase the arbitrary control.tar limit from 1 MB to 16 MB. We came
    across an openjdk-7-jdk package that had a 2.4MB control.tar.gz and
    libsolv failed to parse it. dpkg doesn't actually apply a limit to these
    files.

Change-Id: I4afa5940de3b667c05939eea4e17a1fca7a7a7ad

diff --git a/libsolv-0.6.15/ext/repo_deb.c b/libsolv-0.6.15/ext/repo_deb.c
index 277e65a..6af7f10 100755 (executable)
--- a/libsolv-0.6.15/ext/repo_deb.c
+++ b/libsolv-0.6.15/ext/repo_deb.c
@@ -599,8 +599,11 @@ repo_add_deb(Repo *repo, const char *deb, int flags)
       fclose(fp);
       return 0;
     }
+  /* dpkg has no actual maximum size for the control.tar member, so this
+   * just keeps from allocating arbitrarily large amounts of memory.
+   */
   clen = atoi((char *)buf + 8 + 60 + vlen + 48);
-  if (clen <= 0 || clen >= 0x100000)
+  if (clen <= 0 || clen >= 0x1000000)
     {
       pool_error(pool, -1, "%s: control.tar has illegal size", deb);
       fclose(fp);