diff options
| author |   Sam James <sam@gentoo.org> | 2024-12-24 20:36:52 +0000 |
|---|---|---|
| committer | Sam James <sam@gentoo.org> | 2024-12-24 20:37:00 +0000 |
| commit | c463c5b2265bcd2dce63a5f79e67e27cf162b72e (patch) | |
| tree | a55f72f11792600ac75428acbf87e01131c9c039 /app-arch | |
| parent | app-arch/dpkg: drop 1.21.19, 1.21.19-r1, 1.22.0 (diff) | |
| download | gentoo-c463c5b2265bcd2dce63a5f79e67e27cf162b72e.tar.gz gentoo-c463c5b2265bcd2dce63a5f79e67e27cf162b72e.tar.bz2 gentoo-c463c5b2265bcd2dce63a5f79e67e27cf162b72e.zip | |
app-arch/dpkg: drop 1.20.9-r1, 1.20.12-r1, 1.21.1, 1.21.15-r2
Signed-off-by: Sam James <sam@gentoo.org>
Diffstat (limited to 'app-arch')
| -rw-r--r-- | app-arch/dpkg/Manifest | 3 | ||||
| -rw-r--r-- | app-arch/dpkg/dpkg-1.20.12-r1.ebuild | 101 | ||||
| -rw-r--r-- | app-arch/dpkg/dpkg-1.20.9-r1.ebuild | 97 | ||||
| -rw-r--r-- | app-arch/dpkg/dpkg-1.21.1.ebuild | 96 | ||||
| -rw-r--r-- | app-arch/dpkg/dpkg-1.21.15-r2.ebuild | 112 | ||||
| -rw-r--r-- | app-arch/dpkg/files/dpkg-1.18.12-rsyncable.patch | 28 | ||||
| -rw-r--r-- | app-arch/dpkg/files/dpkg-1.20.12-m4-stdio.patch | 25 | ||||
| -rw-r--r-- | app-arch/dpkg/files/dpkg-1.20.5-dpkg_buildpackage-test.patch | 10 | ||||
| -rw-r--r-- | app-arch/dpkg/files/dpkg-1.20.9-CVE-2022-1664.patch | 324 | ||||
| -rw-r--r-- | app-arch/dpkg/metadata.xml | 1 |
10 files changed, 0 insertions, 797 deletions
diff --git a/app-arch/dpkg/Manifest b/app-arch/dpkg/Manifest index 879690364d1c..42d6427c79ae 100644 --- a/app-arch/dpkg/Manifest +++ b/app-arch/dpkg/Manifest @@ -1,5 +1,2 @@ -DIST dpkg_1.20.12.tar.xz 5009108 BLAKE2B 47ecb53c331503c72081a4c472acd6e94a5b7fca2032358809aa8c546cfd6c1542c7cdfad2a5ceff0e40dc454a61974ec47233061b98cf99aabbb8e53621858c SHA512 ce20b1b00b972e6fa5d5cd6427003415a92a78742dc02a9055fee6f00db22b037c54560170e657d7b74c2ae542fff4b7eba46f642adf911dc2f3b90eebefc3ff -DIST dpkg_1.20.9.tar.xz 4954428 BLAKE2B 4e04f7a90c8696971895081e18b220d9dee4bc5930428f131556ae71c673e61e18c363e279b566c2218da60a5aca421807c14cf518952502e707c7397769097b SHA512 904a4742f5f340dc65b2137364dce102a0b2eb42ccedb2a73f79c207362c699fbffaaf1379f1f6c8b8b0e490321af1d03c34b50ebe0c703f5ce8a7f75f17a839 -DIST dpkg_1.21.1.tar.xz 4986936 BLAKE2B f5b0f9fe7ac5fe7ba47191a9e467356e748418846ce0fc9f3c61d731e035eb096932848b15e6a85a15938d3bbd6fa069c786ab0e89c77119958fe632a91c309f SHA512 3f3f263e1300f3e4b55e84521847703dcfe465aa54829a69c31c174a2ad5e8b6a8a251da7c6020d31a38e9e6744113924a71e9579469e32289328e91a48db07f DIST dpkg_1.21.15.tar.xz 5350148 BLAKE2B f26611db365266ef9f43484c20d3150889238b34b156cac26f0ae8ae9572e7e4a9839e08a0073a25c886cd2891fc6d84afc97262ae6992267b47fa6e86c03a33 SHA512 eb31db63dd454048c3b7539b539720ed71239303ca679df92b934e971914d63dd771da09149054048e24dde1f5627ee24d43dbd8782ca1dc28c4a2bd3ed8f26a DIST dpkg_1.22.11.tar.xz 5697040 BLAKE2B 7bd7f90a8ae98ac7401bc2b8e7b0d2cc002a57bfdc5521d9049a995130011a3042ac6d24d6ecd5410e1db2c2e936eae5085a2af5fb11b0a73fd66bae33b33956 SHA512 8caeb52625e34109bbc3abf1b62792053f989e560b541ec9de85f3fe563f8bcb06db102dbae83058aba16e6f4729260e15e1c7a470762a261bec5460358c0fe9 diff --git a/app-arch/dpkg/dpkg-1.20.12-r1.ebuild b/app-arch/dpkg/dpkg-1.20.12-r1.ebuild deleted file mode 100644 index 1df3d1e13082..000000000000 --- a/app-arch/dpkg/dpkg-1.20.12-r1.ebuild +++ /dev/null @@ -1,101 +0,0 @@ -# Copyright 1999-2024 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 -inherit autotools toolchain-funcs - -DESCRIPTION="Package maintenance system for Debian" -HOMEPAGE="https://packages.qa.debian.org/dpkg" -SRC_URI="mirror://debian/pool/main/d/${PN}/${P/-/_}.tar.xz" - -LICENSE="GPL-2+" -SLOT="0" -KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~m68k ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux" -IUSE="+bzip2 libmd +lzma nls selinux static-libs test +update-alternatives +zlib" -RESTRICT="!test? ( test )" - -RDEPEND=" - >=app-arch/tar-1.34-r1 - >=dev-lang/perl-5.14.2:= - sys-libs/ncurses:=[unicode(+)] - bzip2? ( app-arch/bzip2 ) - libmd? ( app-crypt/libmd ) - lzma? ( app-arch/xz-utils ) - nls? ( virtual/libintl ) - selinux? ( sys-libs/libselinux ) - zlib? ( >=sys-libs/zlib-1.1.4 ) -" -DEPEND=" - ${RDEPEND} - app-arch/xz-utils - virtual/pkgconfig - test? ( - dev-perl/IO-String - dev-perl/Test-Pod - virtual/perl-Test-Harness - ) -" -BDEPEND=" - app-alternatives/lex - nls? ( - app-text/po4a - >=sys-devel/gettext-0.18.2 - ) -" -RDEPEND+=" selinux? ( sec-policy/selinux-dpkg )" - -DOCS=( - ChangeLog - THANKS - TODO -) -PATCHES=( - "${FILESDIR}"/${PN}-1.18.12-flags.patch - "${FILESDIR}"/${PN}-1.18.12-rsyncable.patch - "${FILESDIR}"/${PN}-1.20.5-dpkg_buildpackage-test.patch - "${FILESDIR}"/${PN}-1.20.12-m4-stdio.patch -) - -src_prepare() { - default - - sed -i -e 's|\<ar\>|${AR}|g' t-func/deb-format.at t-func/testsuite || die - - eautoreconf -} - -src_configure() { - tc-export AR CC - - econf \ - $(use_enable nls) \ - $(use_enable update-alternatives) \ - $(use_with bzip2 libbz2) \ - $(use_with libmd) \ - $(use_with lzma liblzma) \ - $(use_with selinux libselinux) \ - $(use_with zlib libz) \ - --enable-unicode \ - --disable-compiler-warnings \ - --disable-dselect \ - --disable-start-stop-daemon \ - --localstatedir="${EPREFIX}"/var -} - -src_compile() { - emake AR="$(tc-getAR)" -} - -src_install() { - default - - keepdir \ - /usr/$(get_libdir)/db/methods/{mnt,floppy,disk} \ - /var/lib/dpkg/{alternatives,info,parts,updates} - - find "${ED}" -name '*.la' -delete || die - - if ! use static-libs; then - find "${ED}" -name '*.a' -delete || die - fi -} diff --git a/app-arch/dpkg/dpkg-1.20.9-r1.ebuild b/app-arch/dpkg/dpkg-1.20.9-r1.ebuild deleted file mode 100644 index 4f0d747fb464..000000000000 --- a/app-arch/dpkg/dpkg-1.20.9-r1.ebuild +++ /dev/null @@ -1,97 +0,0 @@ -# Copyright 1999-2024 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 -inherit autotools toolchain-funcs - -DESCRIPTION="Package maintenance system for Debian" -HOMEPAGE="https://packages.qa.debian.org/dpkg" -SRC_URI="mirror://debian/pool/main/d/${PN}/${P/-/_}.tar.xz" - -LICENSE="GPL-2+" -SLOT="0" -KEYWORDS="~alpha amd64 arm arm64 hppa ~m68k ppc ppc64 ~s390 sparc x86 ~amd64-linux ~x86-linux" -IUSE="+bzip2 libmd +lzma nls selinux static-libs test unicode +update-alternatives +zlib" -RESTRICT="!test? ( test )" - -RDEPEND=" - >=dev-lang/perl-5.14.2:= - bzip2? ( app-arch/bzip2 ) - libmd? ( app-crypt/libmd ) - lzma? ( app-arch/xz-utils ) - nls? ( virtual/libintl ) - selinux? ( sys-libs/libselinux ) - zlib? ( >=sys-libs/zlib-1.1.4 ) -" -DEPEND=" - ${RDEPEND} - app-arch/xz-utils - virtual/pkgconfig - test? ( - dev-perl/IO-String - dev-perl/Test-Pod - virtual/perl-Test-Harness - ) -" -BDEPEND=" - app-alternatives/lex - nls? ( - app-text/po4a - >=sys-devel/gettext-0.18.2 - ) -" -DOCS=( - ChangeLog - THANKS - TODO -) -PATCHES=( - "${FILESDIR}"/${PN}-1.18.12-flags.patch - "${FILESDIR}"/${PN}-1.18.12-rsyncable.patch - "${FILESDIR}"/${PN}-1.20.5-dpkg_buildpackage-test.patch - "${FILESDIR}"/${P}-CVE-2022-1664.patch -) - -src_prepare() { - default - - sed -i -e 's|\<ar\>|${AR}|g' t-func/deb-format.at t-func/testsuite || die - - eautoreconf -} - -src_configure() { - tc-export AR CC - - econf \ - $(use_enable nls) \ - $(use_enable unicode) \ - $(use_enable update-alternatives) \ - $(use_with bzip2 libbz2) \ - $(use_with libmd) \ - $(use_with lzma liblzma) \ - $(use_with selinux libselinux) \ - $(use_with zlib libz) \ - --disable-compiler-warnings \ - --disable-dselect \ - --disable-start-stop-daemon \ - --localstatedir="${EPREFIX}"/var -} - -src_compile() { - emake AR="$(tc-getAR)" -} - -src_install() { - default - - keepdir \ - /usr/$(get_libdir)/db/methods/{mnt,floppy,disk} \ - /var/lib/dpkg/{alternatives,info,parts,updates} - - find "${ED}" -name '*.la' -delete || die - - if ! use static-libs; then - find "${ED}" -name '*.a' -delete || die - fi -} diff --git a/app-arch/dpkg/dpkg-1.21.1.ebuild b/app-arch/dpkg/dpkg-1.21.1.ebuild deleted file mode 100644 index a4c03baacd66..000000000000 --- a/app-arch/dpkg/dpkg-1.21.1.ebuild +++ /dev/null @@ -1,96 +0,0 @@ -# Copyright 1999-2024 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 -inherit autotools toolchain-funcs - -DESCRIPTION="Package maintenance system for Debian" -HOMEPAGE="https://packages.qa.debian.org/dpkg" -SRC_URI="mirror://debian/pool/main/d/${PN}/${P/-/_}.tar.xz" - -LICENSE="GPL-2+" -SLOT="0" -KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~m68k ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux" -IUSE="+bzip2 libmd +lzma nls selinux static-libs test unicode +update-alternatives +zlib" -RESTRICT="!test? ( test )" - -RDEPEND=" - >=app-arch/gzip-1.7 - >=dev-lang/perl-5.14.2:= - bzip2? ( app-arch/bzip2 ) - libmd? ( app-crypt/libmd ) - lzma? ( app-arch/xz-utils ) - nls? ( virtual/libintl ) - selinux? ( sys-libs/libselinux ) - zlib? ( >=sys-libs/zlib-1.1.4 ) -" -DEPEND=" - ${RDEPEND} - app-arch/xz-utils - virtual/pkgconfig - test? ( - dev-perl/IO-String - dev-perl/Test-Pod - virtual/perl-Test-Harness - ) -" -BDEPEND=" - app-alternatives/lex - nls? ( - app-text/po4a - >=sys-devel/gettext-0.18.2 - ) -" -DOCS=( - ChangeLog - THANKS - TODO -) -PATCHES=( - "${FILESDIR}"/${PN}-1.18.12-flags.patch - "${FILESDIR}"/${PN}-1.20.5-dpkg_buildpackage-test.patch -) - -src_prepare() { - default - - sed -i -e 's|\<ar\>|${AR}|g' t-func/deb-format.at t-func/testsuite || die - - eautoreconf -} - -src_configure() { - tc-export AR CC - - econf \ - $(use_enable nls) \ - $(use_enable unicode) \ - $(use_enable update-alternatives) \ - $(use_with bzip2 libbz2) \ - $(use_with libmd) \ - $(use_with lzma liblzma) \ - $(use_with selinux libselinux) \ - $(use_with zlib libz) \ - --disable-compiler-warnings \ - --disable-dselect \ - --disable-start-stop-daemon \ - --localstatedir="${EPREFIX}"/var -} - -src_compile() { - emake AR="$(tc-getAR)" -} - -src_install() { - default - - keepdir \ - /usr/$(get_libdir)/db/methods/{mnt,floppy,disk} \ - /var/lib/dpkg/{alternatives,info,parts,updates} - - find "${ED}" -name '*.la' -delete || die - - if ! use static-libs; then - find "${ED}" -name '*.a' -delete || die - fi -} diff --git a/app-arch/dpkg/dpkg-1.21.15-r2.ebuild b/app-arch/dpkg/dpkg-1.21.15-r2.ebuild deleted file mode 100644 index 29fbc7b06dea..000000000000 --- a/app-arch/dpkg/dpkg-1.21.15-r2.ebuild +++ /dev/null @@ -1,112 +0,0 @@ -# Copyright 1999-2024 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 -inherit autotools toolchain-funcs - -DESCRIPTION="Package maintenance system for Debian" -HOMEPAGE="https://packages.qa.debian.org/dpkg" -SRC_URI="mirror://debian/pool/main/d/${PN}/${P/-/_}.tar.xz" - -LICENSE="GPL-2+" -SLOT="0" -KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~m68k ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux" -IUSE="+bzip2 +lzma nls selinux static-libs test +update-alternatives +zlib" -RESTRICT="!test? ( test )" - -RDEPEND=" - >=app-arch/gzip-1.7 - >=app-arch/tar-1.34-r1 - app-crypt/libmd - >=dev-lang/perl-5.14.2:= - sys-libs/ncurses:=[unicode(+)] - bzip2? ( app-arch/bzip2 ) - lzma? ( app-arch/xz-utils ) - nls? ( virtual/libintl ) - selinux? ( sys-libs/libselinux ) - zlib? ( >=sys-libs/zlib-1.1.4 ) -" -DEPEND=" - ${RDEPEND} - app-arch/xz-utils - virtual/pkgconfig - test? ( - dev-perl/IO-String - dev-perl/Test-Pod - virtual/perl-Test-Harness - ) -" -BDEPEND=" - app-alternatives/lex - nls? ( - app-text/po4a - >=sys-devel/gettext-0.18.2 - ) -" -RDEPEND+=" selinux? ( sec-policy/selinux-dpkg )" - -PATCHES=( - "${FILESDIR}"/${PN}-1.18.12-flags.patch - "${FILESDIR}"/${P}-buf-overflow.patch -) - -src_prepare() { - default - - sed -i -e 's|\<ar\>|${AR}|g' src/at/deb-format.at src/at/testsuite || die - - eautoreconf -} - -src_configure() { - tc-export AR CC - - local myconf=( - --disable-compiler-warnings - --disable-devel-docs - --disable-dselect - --disable-start-stop-daemon - --enable-unicode - --localstatedir="${EPREFIX}"/var - $(use_enable nls) - $(use_enable update-alternatives) - $(use_with bzip2 libbz2) - $(use_with lzma liblzma) - $(use_with selinux libselinux) - $(use_with zlib libz) - - ) - - econf "${myconf[@]}" -} - -src_compile() { - emake AR="$(tc-getAR)" -} - -src_install() { - local DOCS=( debian/changelog THANKS TODO ) - default - - # https://bugs.gentoo.org/835520 - mv -v "${ED}"/usr/share/zsh/{vendor-completions,site-functions} || die - - # https://bugs.gentoo.org/840320 - insinto /etc/dpkg/origins - newins - gentoo <<-_EOF_ - Vendor: Gentoo - Vendor-URL: https://www.gentoo.org/ - Bugs: https://bugs.gentoo.org/ - _EOF_ - dosym gentoo /etc/dpkg/origins/default - - keepdir \ - /usr/$(get_libdir)/db/methods/{mnt,floppy,disk} \ - /var/lib/dpkg/{alternatives,info,parts,updates} - - find "${ED}" -name '*.la' -delete || die - - if ! use static-libs; then - find "${ED}" -name '*.a' -delete || die - fi -} diff --git a/app-arch/dpkg/files/dpkg-1.18.12-rsyncable.patch b/app-arch/dpkg/files/dpkg-1.18.12-rsyncable.patch deleted file mode 100644 index 69802da67092..000000000000 --- a/app-arch/dpkg/files/dpkg-1.18.12-rsyncable.patch +++ /dev/null @@ -1,28 +0,0 @@ ---- a/scripts/Dpkg/Compression.pm -+++ b/scripts/Dpkg/Compression.pm -@@ -81,20 +81,12 @@ - }; - - # --# XXX: The gzip package in Debian at some point acquired a Debian-specific --# --rsyncable option via a vendor patch. Which is not present in most of the --# major distributions, dpkg downstream systems, nor gzip upstream, who have --# stated they will most probably not accept it because people should be using --# pigz instead. -+# If gzip supports --rsyncable (version >=1.7 or the Debian patched variant), -+# we use it. Sadly a non-compliant gzip will not complain about the argument -+# when it does not understand it, so we can only print out the usage and infer -+# --rsyncable support from that. - # --# This option should have never been accepted in dpkg, ever. But removing it --# now would probably cause demands for tarring and feathering. In addition --# we cannot use the Dpkg::Vendor logic because that would cause circular --# module dependencies. The whole affair is pretty disgusting really. --# --# Check the perl Config to discern Debian and hopefully derivatives too. --# --if ($Config{cf_by} eq 'Debian Project') { -+if (system("gzip --help 2>&1 | grep -q -- --rsyncable") == 0) { - push @{$COMP->{gzip}->{comp_prog}}, '--rsyncable'; - } - diff --git a/app-arch/dpkg/files/dpkg-1.20.12-m4-stdio.patch b/app-arch/dpkg/files/dpkg-1.20.12-m4-stdio.patch deleted file mode 100644 index 5124c54b43ed..000000000000 --- a/app-arch/dpkg/files/dpkg-1.20.12-m4-stdio.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 9a1c670b66818fc0044eaa9a95a13da553bebcd3 Mon Sep 17 00:00:00 2001 -From: Georgy Yakovlev <gyakovlev@gentoo.org> -Date: Mon, 21 Nov 2022 23:09:59 -0800 -Subject: [PATCH] m4/dpkg-funcs.m4: include stdio.h in __progname conftest - -Bug: https://bugs.gentoo.org/869884 ---- - m4/dpkg-funcs.m4 | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/m4/dpkg-funcs.m4 b/m4/dpkg-funcs.m4 -index 74acf22..0720ac3 100644 ---- a/m4/dpkg-funcs.m4 -+++ b/m4/dpkg-funcs.m4 -@@ -142,6 +142,7 @@ AC_DEFUN([DPKG_CHECK_PROGNAME], [ - AC_MSG_CHECKING([for __progname]) - AC_LINK_IFELSE([ - AC_LANG_PROGRAM( -+ [[#include <stdio.h>]], - [[extern char *__progname;]], - [[printf("%s", __progname);]]) - ], [ --- -2.38.1 - diff --git a/app-arch/dpkg/files/dpkg-1.20.5-dpkg_buildpackage-test.patch b/app-arch/dpkg/files/dpkg-1.20.5-dpkg_buildpackage-test.patch deleted file mode 100644 index 9f1494dc290c..000000000000 --- a/app-arch/dpkg/files/dpkg-1.20.5-dpkg_buildpackage-test.patch +++ /dev/null @@ -1,10 +0,0 @@ ---- a/scripts/Makefile.am -+++ b/scripts/Makefile.am -@@ -264,7 +264,6 @@ - t/Dpkg_Dist_Files.t \ - t/dpkg_realpath.t \ - t/dpkg_source.t \ -- t/dpkg_buildpackage.t \ - t/merge_changelogs.t \ - t/mk.t \ - $(nil) diff --git a/app-arch/dpkg/files/dpkg-1.20.9-CVE-2022-1664.patch b/app-arch/dpkg/files/dpkg-1.20.9-CVE-2022-1664.patch deleted file mode 100644 index aa1570148de1..000000000000 --- a/app-arch/dpkg/files/dpkg-1.20.9-CVE-2022-1664.patch +++ /dev/null @@ -1,324 +0,0 @@ -From 58814cacee39c4ce9e2cd0e3a3b9b57ad437eff5 Mon Sep 17 00:00:00 2001 -From: Guillem Jover <guillem@debian.org> -Date: Tue, 3 May 2022 02:09:32 +0200 -Subject: Dpkg::Source::Archive: Prevent directory traversal for in-place - extracts - -For untrusted v2 and v3 source package formats that include a debian.tar -archive, when we are extracting it, we do that as an in-place extraction, -which can lead to directory traversal situations on specially crafted -orig.tar and debian.tar tarballs. - -GNU tar replaces entries on the filesystem by the entries present on -the tarball, but it will follow symlinks when the symlink pathname -itself is not present as an actual directory on the tarball. - -This means we can create an orig.tar where there's a symlink pointing -out of the source tree root directory, and then a debian.tar that -contains an entry within that symlink as if it was a directory, without -a directory entry for the symlink pathname itself, which will be -extracted following the symlink outside the source tree root. - -This is currently noted as expected in GNU tar documentation. But even -if there was a new extraction mode avoiding this problem we'd need such -new version. Using perl's Archive::Tar would solve the problem, but -switching to such different pure perl implementation, could cause -compatibility or performance issues. - -What we do is when we are requested to perform an in-place extract, we -instead still use a temporary directory, then walk that directory and -remove any matching entry in the destination directory, replicating what -GNU tar would do, but in addition avoiding the directory traversal issue -for symlinks. Which should work with any tar implementation and be safe. - -Reported-by: Max Justicz <max@justi.cz> -Stable-Candidates: 1.18.x 1.19.x 1.20.x -Fixes: commit 0c0057a27fecccab77d2b3cffa9a7d172846f0b4 (1.14.17) -Fixes: CVE-2022-1664 -(cherry picked from commit 7a6c03cb34d4a09f35df2f10779cbf1b70a5200b) ---- - scripts/Dpkg/Source/Archive.pm | 122 +++++++++++++++++++++++++++++++--------- - scripts/t/Dpkg_Source_Archive.t | 110 +++++++++++++++++++++++++++++++++++- - 2 files changed, 204 insertions(+), 28 deletions(-) - -diff --git a/scripts/Dpkg/Source/Archive.pm b/scripts/Dpkg/Source/Archive.pm -index 33c181b20..2ddd04af8 100644 ---- a/scripts/Dpkg/Source/Archive.pm -+++ b/scripts/Dpkg/Source/Archive.pm -@@ -21,9 +21,11 @@ use warnings; - our $VERSION = '0.01'; - - use Carp; -+use Errno qw(ENOENT); - use File::Temp qw(tempdir); - use File::Basename qw(basename); - use File::Spec; -+use File::Find; - use Cwd; - - use Dpkg (); -@@ -110,19 +112,13 @@ sub extract { - my %spawn_opts = (wait_child => 1); - - # Prepare destination -- my $tmp; -- if ($opts{in_place}) { -- $spawn_opts{chdir} = $dest; -- $tmp = $dest; # So that fixperms call works -- } else { -- my $template = basename($self->get_filename()) . '.tmp-extract.XXXXX'; -- unless (-e $dest) { -- # Kludge so that realpath works -- mkdir($dest) or syserr(g_('cannot create directory %s'), $dest); -- } -- $tmp = tempdir($template, DIR => Cwd::realpath("$dest/.."), CLEANUP => 1); -- $spawn_opts{chdir} = $tmp; -+ my $template = basename($self->get_filename()) . '.tmp-extract.XXXXX'; -+ unless (-e $dest) { -+ # Kludge so that realpath works -+ mkdir($dest) or syserr(g_('cannot create directory %s'), $dest); - } -+ my $tmp = tempdir($template, DIR => Cwd::realpath("$dest/.."), CLEANUP => 1); -+ $spawn_opts{chdir} = $tmp; - - # Prepare stuff that handles the input of tar - $self->ensure_open('r', delete_sig => [ 'PIPE' ]); -@@ -145,22 +141,94 @@ sub extract { - # have to be calculated using mount options and other madness. - fixperms($tmp) unless $opts{no_fixperms}; - -- # Stop here if we extracted in-place as there's nothing to move around -- return if $opts{in_place}; -- -- # Rename extracted directory -- opendir(my $dir_dh, $tmp) or syserr(g_('cannot opendir %s'), $tmp); -- my @entries = grep { $_ ne '.' && $_ ne '..' } readdir($dir_dh); -- closedir($dir_dh); -- my $done = 0; -- erasedir($dest); -- if (scalar(@entries) == 1 && ! -l "$tmp/$entries[0]" && -d _) { -- rename("$tmp/$entries[0]", $dest) -- or syserr(g_('unable to rename %s to %s'), -- "$tmp/$entries[0]", $dest); -+ # If we are extracting "in-place" do not remove the destination directory. -+ if ($opts{in_place}) { -+ my $canon_basedir = Cwd::realpath($dest); -+ # On Solaris /dev/null points to /devices/pseudo/mm@0:null. -+ my $canon_devnull = Cwd::realpath('/dev/null'); -+ my $check_symlink = sub { -+ my $pathname = shift; -+ my $canon_pathname = Cwd::realpath($pathname); -+ if (not defined $canon_pathname) { -+ return if $! == ENOENT; -+ -+ syserr(g_("pathname '%s' cannot be canonicalized"), $pathname); -+ } -+ return if $canon_pathname eq $canon_devnull; -+ return if $canon_pathname eq $canon_basedir; -+ return if $canon_pathname =~ m{^\Q$canon_basedir/\E}; -+ warning(g_("pathname '%s' points outside source root (to '%s')"), -+ $pathname, $canon_pathname); -+ }; -+ -+ my $move_in_place = sub { -+ my $relpath = File::Spec->abs2rel($File::Find::name, $tmp); -+ my $destpath = File::Spec->catfile($dest, $relpath); -+ -+ my ($mode, $atime, $mtime); -+ lstat $File::Find::name -+ or syserr(g_('cannot get source pathname %s metadata'), $File::Find::name); -+ ((undef) x 2, $mode, (undef) x 5, $atime, $mtime) = lstat _; -+ my $src_is_dir = -d _; -+ -+ my $dest_exists = 1; -+ if (not lstat $destpath) { -+ if ($! == ENOENT) { -+ $dest_exists = 0; -+ } else { -+ syserr(g_('cannot get target pathname %s metadata'), $destpath); -+ } -+ } -+ my $dest_is_dir = -d _; -+ if ($dest_exists) { -+ if ($dest_is_dir && $src_is_dir) { -+ # Refresh the destination directory attributes with the -+ # ones from the tarball. -+ chmod $mode, $destpath -+ or syserr(g_('cannot change directory %s mode'), $File::Find::name); -+ utime $atime, $mtime, $destpath -+ or syserr(g_('cannot change directory %s times'), $File::Find::name); -+ -+ # We should do nothing, and just walk further tree. -+ return; -+ } elsif ($dest_is_dir) { -+ rmdir $destpath -+ or syserr(g_('cannot remove destination directory %s'), $destpath); -+ } else { -+ $check_symlink->($destpath); -+ unlink $destpath -+ or syserr(g_('cannot remove destination file %s'), $destpath); -+ } -+ } -+ # If we are moving a directory, we do not need to walk it. -+ if ($src_is_dir) { -+ $File::Find::prune = 1; -+ } -+ rename $File::Find::name, $destpath -+ or syserr(g_('cannot move %s to %s'), $File::Find::name, $destpath); -+ }; -+ -+ find({ -+ wanted => $move_in_place, -+ no_chdir => 1, -+ dangling_symlinks => 0, -+ }, $tmp); - } else { -- rename($tmp, $dest) -- or syserr(g_('unable to rename %s to %s'), $tmp, $dest); -+ # Rename extracted directory -+ opendir(my $dir_dh, $tmp) or syserr(g_('cannot opendir %s'), $tmp); -+ my @entries = grep { $_ ne '.' && $_ ne '..' } readdir($dir_dh); -+ closedir($dir_dh); -+ -+ erasedir($dest); -+ -+ if (scalar(@entries) == 1 && ! -l "$tmp/$entries[0]" && -d _) { -+ rename("$tmp/$entries[0]", $dest) -+ or syserr(g_('unable to rename %s to %s'), -+ "$tmp/$entries[0]", $dest); -+ } else { -+ rename($tmp, $dest) -+ or syserr(g_('unable to rename %s to %s'), $tmp, $dest); -+ } - } - erasedir($tmp); - } -diff --git a/scripts/t/Dpkg_Source_Archive.t b/scripts/t/Dpkg_Source_Archive.t -index 7b70da68e..504fbe1d4 100644 ---- a/scripts/t/Dpkg_Source_Archive.t -+++ b/scripts/t/Dpkg_Source_Archive.t -@@ -16,12 +16,120 @@ - use strict; - use warnings; - --use Test::More tests => 1; -+use Test::More tests => 4; -+use Test::Dpkg qw(:paths); -+ -+use File::Spec; -+use File::Path qw(make_path rmtree); - - BEGIN { - use_ok('Dpkg::Source::Archive'); - } - -+use Dpkg; -+ -+my $tmpdir = test_get_temp_path(); -+ -+rmtree($tmpdir); -+ -+sub test_touch -+{ -+ my ($name, $data) = @_; -+ -+ open my $fh, '>', $name -+ or die "cannot touch file $name\n"; -+ print { $fh } $data if $data; -+ close $fh; -+} -+ -+sub test_path_escape -+{ -+ my $name = shift; -+ -+ my $treedir = File::Spec->rel2abs("$tmpdir/$name-tree"); -+ my $overdir = File::Spec->rel2abs("$tmpdir/$name-overlay"); -+ my $outdir = "$tmpdir/$name-out"; -+ my $expdir = "$tmpdir/$name-exp"; -+ -+ # This is the base directory, where we are going to be extracting stuff -+ # into, which include traps. -+ make_path("$treedir/subdir-a"); -+ test_touch("$treedir/subdir-a/file-a"); -+ test_touch("$treedir/subdir-a/file-pre-a"); -+ make_path("$treedir/subdir-b"); -+ test_touch("$treedir/subdir-b/file-b"); -+ test_touch("$treedir/subdir-b/file-pre-b"); -+ symlink File::Spec->abs2rel($outdir, $treedir), "$treedir/symlink-escape"; -+ symlink File::Spec->abs2rel("$outdir/nonexistent", $treedir), "$treedir/symlink-nonexistent"; -+ symlink "$treedir/file", "$treedir/symlink-within"; -+ test_touch("$treedir/supposed-dir"); -+ -+ # This is the overlay directory, which we'll pack and extract over the -+ # base directory. -+ make_path($overdir); -+ make_path("$overdir/subdir-a/aa"); -+ test_touch("$overdir/subdir-a/aa/file-aa", 'aa'); -+ test_touch("$overdir/subdir-a/file-a", 'a'); -+ make_path("$overdir/subdir-b/bb"); -+ test_touch("$overdir/subdir-b/bb/file-bb", 'bb'); -+ test_touch("$overdir/subdir-b/file-b", 'b'); -+ make_path("$overdir/symlink-escape"); -+ test_touch("$overdir/symlink-escape/escaped-file", 'escaped'); -+ test_touch("$overdir/symlink-nonexistent", 'nonexistent'); -+ make_path("$overdir/symlink-within"); -+ make_path("$overdir/supposed-dir"); -+ test_touch("$overdir/supposed-dir/supposed-file", 'something'); -+ -+ # Generate overlay tar. -+ system($Dpkg::PROGTAR, '-cf', "$overdir.tar", '-C', $overdir, qw( -+ subdir-a subdir-b -+ symlink-escape/escaped-file symlink-nonexistent symlink-within -+ supposed-dir -+ )) == 0 -+ or die "cannot create overlay tar archive\n"; -+ -+ # This is the expected directory, which we'll be comparing against. -+ make_path($expdir); -+ system('cp', '-a', $overdir, $expdir) == 0 -+ or die "cannot copy overlay hierarchy into expected directory\n"; -+ -+ # Store the expected and out reference directories into a tar to compare -+ # its structure against the result reference. -+ system($Dpkg::PROGTAR, '-cf', "$expdir.tar", '-C', $overdir, qw( -+ subdir-a subdir-b -+ symlink-escape/escaped-file symlink-nonexistent symlink-within -+ supposed-dir -+ ), '-C', $treedir, qw( -+ subdir-a/file-pre-a -+ subdir-b/file-pre-b -+ )) == 0 -+ or die "cannot create expected tar archive\n"; -+ -+ # This directory is supposed to remain empty, anything inside implies a -+ # directory traversal. -+ make_path($outdir); -+ -+ my $warnseen; -+ local $SIG{__WARN__} = sub { $warnseen = $_[0] }; -+ -+ # Perform the extraction. -+ my $tar = Dpkg::Source::Archive->new(filename => "$overdir.tar"); -+ $tar->extract($treedir, in_place => 1); -+ -+ # Store the result into a tar to compare its structure against a reference. -+ system($Dpkg::PROGTAR, '-cf', "$treedir.tar", '-C', $treedir, '.'); -+ -+ # Check results -+ ok(length $warnseen && $warnseen =~ m/points outside source root/, -+ 'expected warning seen'); -+ ok(system($Dpkg::PROGTAR, '--compare', '-f', "$expdir.tar", '-C', $treedir) == 0, -+ 'expected directory matches'); -+ ok(! -e "$outdir/escaped-file", -+ 'expected output directory is empty, directory traversal'); -+} -+ -+test_path_escape('in-place'); -+ - # TODO: Add actual test cases. - - 1; --- -cgit v1.2.3 - diff --git a/app-arch/dpkg/metadata.xml b/app-arch/dpkg/metadata.xml index 9511a3ee6146..b33cda089f2a 100644 --- a/app-arch/dpkg/metadata.xml +++ b/app-arch/dpkg/metadata.xml @@ -3,7 +3,6 @@ <pkgmetadata> <!-- maintainer-needed --> <use> - <flag name="libmd">Use <pkg>app-crypt/libmd</pkg> library for message digest functions</flag> <flag name="update-alternatives">Install update-alternatives</flag> </use> </pkgmetadata> |