gentoo auto-resync : 04:01:2023 - 12:06:28

author: V3n3RiX <venerix@koprulu.sector> 2023-01-04 12:06:28 +0000
committer: V3n3RiX <venerix@koprulu.sector> 2023-01-04 12:06:28 +0000
commit: 4551b41523452c0d743a71cca34e4dca2ca7538c (patch)
tree: 2b9ae4a442d7c2810f92833363fd36db073888f0 /app-arch
parent: 27e5574c9ed56a2633e25f7fa8f591554266a1b4 (diff)
7 files changed, 388 insertions, 39 deletions
diff --git a/app-arch/Manifest.gz b/app-arch/Manifest.gz
index a39b9725b35e..87b9b6ef26dd 100644
--- a/app-arch/Manifest.gz
+++ b/app-arch/Manifest.gz
diff --git a/app-arch/dpkg/Manifest b/app-arch/dpkg/Manifest
index 9b9765fefbf4..f4241021dd52 100644
--- a/app-arch/dpkg/Manifest
+++ b/app-arch/dpkg/Manifest
@@ -2,13 +2,14 @@ AUX dpkg-1.18.12-flags.patch 416 BLAKE2B c7fe40b28793420afa0b895585cc14a675f9be6
 AUX dpkg-1.18.12-rsyncable.patch 1245 BLAKE2B e1488cc6a6807d38ec7218ae6651b0d919fbc3ee5e2837540f91cf80229e669a6fe24d6de1c4bd1c1debdc34a0c04a2bbc6a21eb964032f24526986678eb1b14 SHA512 743f4780b4c93e53924836fae96d59c2f1098dae6ef683b2b30146ab0345109718a507486f86ff96cda5b705aff858da563cdc0d40c965bf964cafe7105994ae
 AUX dpkg-1.20.12-m4-stdio.patch 710 BLAKE2B 8a414738ca9b12791483897f70003b9266d8c8192f6b05fa04aa6ff5d8b990bd68d0298edb917f34684e23acdd4d502b7e7678e84bd0a7433bc443ba87190235 SHA512 53a6f2ff2b7894a11f3778f5b1bb7c2bf4a4d58985e339bacee39d73ebf6871da250012415d07aa15a164d56ce11b261eb3323d485cdacef95806e38778e8ec2
 AUX dpkg-1.20.5-dpkg_buildpackage-test.patch 209 BLAKE2B d15000423abe8259e7bdd92e5ff2d38f8fd32622e8467259e791159df590f7d394647ba4efdd599b77d652f973cd07af09d64f29df920fb8015c995bce9b302a SHA512 046200d2a8c143a2b08e0c8113765c7a7a18846ce0b7a2dfd5a3f1167eacc70391415c6bcef21abe49e5d8225dbf08680fcdc405f0910e9c42071ad4cf8ae6d5
-AUX dpkg-1.21.15-buf-lengh.patch 1017 BLAKE2B 420c1c25a206b2ff1cee39cf29a7564a87487644d737ad06bd9c500e0a67874838a4e984718a97e0310e9fd5ab23817edcef02f9003ab0d2077a6c39f99a908e SHA512 ed0d960aec7cc7df3480c0ef40c3758b34d6918de6d766f7ec9df51d2435bb38fa567d3532167c448d6400560d7f85d837f41ccb94343d52fe7dc36b8587730a
+AUX dpkg-1.20.9-CVE-2022-1664.patch 12541 BLAKE2B 7eb1161c0bd78f32b8b00bce7d56f1dbf2deaea91e937d970111fc42649b0b26adf8d16ccf49902ea20e95f37d5d0b0c01690e0d9a610d225df0703f81a37ced SHA512 0b3392731cd080f6e6741c66a5c77694037f8bd712c808267fe30cf20e6645a89d2bcf3feeaf16de06d7c347717f75c182d773446b0d04901ece6f4be6c745d5
+AUX dpkg-1.21.15-buf-overflow.patch 1379 BLAKE2B c0fe54ce6a0a72bc8e8a1bfa7cc0508e832cdae0926b3f1606d72295e528937c3078f930587dc5e20b8f7f9719d86d3d5029501bf38ddf3b79a443f195da0a70 SHA512 eec0e21b154bf16cb988f12aa3e01c98cded91dadfcafde165fa1d126f36eea2c0baba541cf0c9a8cff9a9e0200e6f2268a8e408a324144f4315bbc80f66bf95
 DIST dpkg_1.20.12.tar.xz 5009108 BLAKE2B 47ecb53c331503c72081a4c472acd6e94a5b7fca2032358809aa8c546cfd6c1542c7cdfad2a5ceff0e40dc454a61974ec47233061b98cf99aabbb8e53621858c SHA512 ce20b1b00b972e6fa5d5cd6427003415a92a78742dc02a9055fee6f00db22b037c54560170e657d7b74c2ae542fff4b7eba46f642adf911dc2f3b90eebefc3ff
 DIST dpkg_1.20.9.tar.xz 4954428 BLAKE2B 4e04f7a90c8696971895081e18b220d9dee4bc5930428f131556ae71c673e61e18c363e279b566c2218da60a5aca421807c14cf518952502e707c7397769097b SHA512 904a4742f5f340dc65b2137364dce102a0b2eb42ccedb2a73f79c207362c699fbffaaf1379f1f6c8b8b0e490321af1d03c34b50ebe0c703f5ce8a7f75f17a839
 DIST dpkg_1.21.1.tar.xz 4986936 BLAKE2B f5b0f9fe7ac5fe7ba47191a9e467356e748418846ce0fc9f3c61d731e035eb096932848b15e6a85a15938d3bbd6fa069c786ab0e89c77119958fe632a91c309f SHA512 3f3f263e1300f3e4b55e84521847703dcfe465aa54829a69c31c174a2ad5e8b6a8a251da7c6020d31a38e9e6744113924a71e9579469e32289328e91a48db07f
 DIST dpkg_1.21.15.tar.xz 5350148 BLAKE2B f26611db365266ef9f43484c20d3150889238b34b156cac26f0ae8ae9572e7e4a9839e08a0073a25c886cd2891fc6d84afc97262ae6992267b47fa6e86c03a33 SHA512 eb31db63dd454048c3b7539b539720ed71239303ca679df92b934e971914d63dd771da09149054048e24dde1f5627ee24d43dbd8782ca1dc28c4a2bd3ed8f26a
 EBUILD dpkg-1.20.12-r1.ebuild 2094 BLAKE2B 223c1a0fb84047b8fa33bb86127b6a01c699035aadd8244ee5bcfcca555f39cf5e8364665bf557e39257eb86a1582bf9ae6a852cf4c574752b1a08dbd4e6bda7 SHA512 455b2a89f88cc46f14e705244165b5ab7d0f44f9a266c56fc1859b54492b856aabd4585fa9dbe52f5af1a7a61636052cc04d864dc18c6ca4b0338e998478f67d
-EBUILD dpkg-1.20.9.ebuild 1999 BLAKE2B 8c4eb6fde703797505d357ae6ba5f70ca15a514f60699a25eccc2896aad1daa10662da0f80ff1ef0ea6d94ca0381280f3c57f38df4340ac86098c65a91043313 SHA512 b50c6ac21dc86e8ca91d6cfd87855935c6aaa3ece8bc6cca6ebd53b46b7fa54e5b39b24edf8d81c6dac423c531b13379e17fda0d8946f4248b518a13c613eccd
+EBUILD dpkg-1.20.9-r1.ebuild 2039 BLAKE2B 581e7a5a5f1814a2571694eb46911bf5a903582f911a989885ce9dbbec6c1517748e741c87a9472258d701cf4ed1ff0c4d0e83fd44432d672b01bed88c0b6109 SHA512 930a798ff3f057fcb8603751d70ea1b5d6cea379290681bccbd70270aac0bcc69c187dcc302231f2fa7e5a461e4d70edacc1057a3147d9adfaca596ab52ad5f3
 EBUILD dpkg-1.21.1.ebuild 1990 BLAKE2B 3aff143bc3013658754a67e43ca6f9aacd43372cf32ac3821321c1ff454d30a08c62edafc9eafd6444de9c39d082f625fc73df86c89ef142ec5b7d8535ace1b4 SHA512 c47497584a0ab84311361eab048da24c23ba422478210f366e7f8a0f8223fb498e930fedaa0b72e4a0ef2062f67f338b681501c0eafa05d36be3759884f7579b
-EBUILD dpkg-1.21.15.ebuild 2047 BLAKE2B 61d3d462c3c8fcc68db2f14d9b3215accef578d3c4eeb1e2a7b55be634673f26a9487134b2d5f341a285661e8f666134d6b85aa28ad23b0167b842e3ba9125c6 SHA512 4eb2750a8fdf58ac2f803ad104c89b26f7248d49fc717af4e65cc010f75d74ddec598100ea35adeb55cb30b0e595053d7d382e72e97ea9351c93f2bac83167b5
+EBUILD dpkg-1.21.15-r2.ebuild 2355 BLAKE2B 2277406e12148a3e1498eb3d19b568249a5b785dbf0dca30fa4e1fcd96302600f78787cc51087c0c95a4c76fbf42af0650d60eefc72714125fd0b2025feb46a8 SHA512 bd7f987fd8c84c0531e8b6ca2d208bb99a64c1e54496cc17fd8573e1fffa3c88527eae32ae03be9391d22cf81347cbd08f58f4d3847d4c91221d0621ff5b8875
 MISC metadata.xml 433 BLAKE2B fe1e0ca0c96628891b711ca120d5c119f8effe66ce43198ebb2a16fce1cea23b7ab6ab88d807a71645298e2311bc3044dca4989fe83cf99e54a9e97f66835c69 SHA512 2882194685980d67acc10913c8863b55dc0a9215558db2e3cf33f0489d91e5477bf2ac0c0fc5b4a134f45593f6f5d3fde5e09493d20ca45224645b8c1c597fef
diff --git a/app-arch/dpkg/dpkg-1.20.9.ebuild b/app-arch/dpkg/dpkg-1.20.9-r1.ebuild
index e09448b39304..d765eabc986c 100644
--- a/app-arch/dpkg/dpkg-1.20.9.ebuild
+++ b/app-arch/dpkg/dpkg-1.20.9-r1.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2022 Gentoo Authors
+# Copyright 1999-2023 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=7
@@ -49,6 +49,7 @@ PATCHES=(
 	"${FILESDIR}"/${PN}-1.18.12-flags.patch
 	"${FILESDIR}"/${PN}-1.18.12-rsyncable.patch
 	"${FILESDIR}"/${PN}-1.20.5-dpkg_buildpackage-test.patch
+	"${FILESDIR}"/${P}-CVE-2022-1664.patch
 )
 
 src_prepare() {
diff --git a/app-arch/dpkg/dpkg-1.21.15.ebuild b/app-arch/dpkg/dpkg-1.21.15-r2.ebuild
index 02e4f4a95589..e4aff12c714a 100644
--- a/app-arch/dpkg/dpkg-1.21.15.ebuild
+++ b/app-arch/dpkg/dpkg-1.21.15-r2.ebuild
@@ -46,7 +46,7 @@ BDEPEND="
 
 PATCHES=(
 	"${FILESDIR}"/${PN}-1.18.12-flags.patch
-	"${FILESDIR}"/${PN}-1.21.15-buf-lengh.patch # sent upstream
+	"${FILESDIR}"/${P}-buf-overflow.patch
 )
 
 src_prepare() {
@@ -87,6 +87,18 @@ src_install() {
 	local DOCS=( debian/changelog THANKS TODO )
 	default
 
+	# https://bugs.gentoo.org/835520
+	mv -v "${ED}"/usr/share/zsh/{vendor-completions,site-functions} || die
+
+	# https://bugs.gentoo.org/840320
+	insinto /etc/dpkg/origins
+	newins - gentoo <<-_EOF_
+		Vendor: Gentoo
+		Vendor-URL: https://www.gentoo.org/
+		Bugs: https://bugs.gentoo.org/
+	_EOF_
+	dosym gentoo /etc/dpkg/origins/default
+
 	keepdir \
 		/usr/$(get_libdir)/db/methods/{mnt,floppy,disk} \
 		/var/lib/dpkg/{alternatives,info,parts,updates}
diff --git a/app-arch/dpkg/files/dpkg-1.20.9-CVE-2022-1664.patch b/app-arch/dpkg/files/dpkg-1.20.9-CVE-2022-1664.patch
new file mode 100644
index 000000000000..aa1570148de1
--- /dev/null
+++ b/app-arch/dpkg/files/dpkg-1.20.9-CVE-2022-1664.patch
@@ -0,0 +1,324 @@
+From 58814cacee39c4ce9e2cd0e3a3b9b57ad437eff5 Mon Sep 17 00:00:00 2001
+From: Guillem Jover <guillem@debian.org>
+Date: Tue, 3 May 2022 02:09:32 +0200
+Subject: Dpkg::Source::Archive: Prevent directory traversal for in-place
+ extracts
+
+For untrusted v2 and v3 source package formats that include a debian.tar
+archive, when we are extracting it, we do that as an in-place extraction,
+which can lead to directory traversal situations on specially crafted
+orig.tar and debian.tar tarballs.
+
+GNU tar replaces entries on the filesystem by the entries present on
+the tarball, but it will follow symlinks when the symlink pathname
+itself is not present as an actual directory on the tarball.
+
+This means we can create an orig.tar where there's a symlink pointing
+out of the source tree root directory, and then a debian.tar that
+contains an entry within that symlink as if it was a directory, without
+a directory entry for the symlink pathname itself, which will be
+extracted following the symlink outside the source tree root.
+
+This is currently noted as expected in GNU tar documentation. But even
+if there was a new extraction mode avoiding this problem we'd need such
+new version. Using perl's Archive::Tar would solve the problem, but
+switching to such different pure perl implementation, could cause
+compatibility or performance issues.
+
+What we do is when we are requested to perform an in-place extract, we
+instead still use a temporary directory, then walk that directory and
+remove any matching entry in the destination directory, replicating what
+GNU tar would do, but in addition avoiding the directory traversal issue
+for symlinks. Which should work with any tar implementation and be safe.
+
+Reported-by: Max Justicz <max@justi.cz>
+Stable-Candidates: 1.18.x 1.19.x 1.20.x
+Fixes: commit 0c0057a27fecccab77d2b3cffa9a7d172846f0b4 (1.14.17)
+Fixes: CVE-2022-1664
+(cherry picked from commit 7a6c03cb34d4a09f35df2f10779cbf1b70a5200b)
+---
+ scripts/Dpkg/Source/Archive.pm  | 122 +++++++++++++++++++++++++++++++---------
+ scripts/t/Dpkg_Source_Archive.t | 110 +++++++++++++++++++++++++++++++++++-
+ 2 files changed, 204 insertions(+), 28 deletions(-)
+
+diff --git a/scripts/Dpkg/Source/Archive.pm b/scripts/Dpkg/Source/Archive.pm
+index 33c181b20..2ddd04af8 100644
+--- a/scripts/Dpkg/Source/Archive.pm
++++ b/scripts/Dpkg/Source/Archive.pm
+@@ -21,9 +21,11 @@ use warnings;
+ our $VERSION = '0.01';
+ 
+ use Carp;
++use Errno qw(ENOENT);
+ use File::Temp qw(tempdir);
+ use File::Basename qw(basename);
+ use File::Spec;
++use File::Find;
+ use Cwd;
+ 
+ use Dpkg ();
+@@ -110,19 +112,13 @@ sub extract {
+     my %spawn_opts = (wait_child => 1);
+ 
+     # Prepare destination
+-    my $tmp;
+-    if ($opts{in_place}) {
+-        $spawn_opts{chdir} = $dest;
+-        $tmp = $dest; # So that fixperms call works
+-    } else {
+-        my $template = basename($self->get_filename()) .  '.tmp-extract.XXXXX';
+-        unless (-e $dest) {
+-            # Kludge so that realpath works
+-            mkdir($dest) or syserr(g_('cannot create directory %s'), $dest);
+-        }
+-        $tmp = tempdir($template, DIR => Cwd::realpath("$dest/.."), CLEANUP => 1);
+-        $spawn_opts{chdir} = $tmp;
++    my $template = basename($self->get_filename()) .  '.tmp-extract.XXXXX';
++    unless (-e $dest) {
++        # Kludge so that realpath works
++        mkdir($dest) or syserr(g_('cannot create directory %s'), $dest);
+     }
++    my $tmp = tempdir($template, DIR => Cwd::realpath("$dest/.."), CLEANUP => 1);
++    $spawn_opts{chdir} = $tmp;
+ 
+     # Prepare stuff that handles the input of tar
+     $self->ensure_open('r', delete_sig => [ 'PIPE' ]);
+@@ -145,22 +141,94 @@ sub extract {
+     # have to be calculated using mount options and other madness.
+     fixperms($tmp) unless $opts{no_fixperms};
+ 
+-    # Stop here if we extracted in-place as there's nothing to move around
+-    return if $opts{in_place};
+-
+-    # Rename extracted directory
+-    opendir(my $dir_dh, $tmp) or syserr(g_('cannot opendir %s'), $tmp);
+-    my @entries = grep { $_ ne '.' && $_ ne '..' } readdir($dir_dh);
+-    closedir($dir_dh);
+-    my $done = 0;
+-    erasedir($dest);
+-    if (scalar(@entries) == 1 && ! -l "$tmp/$entries[0]" && -d _) {
+-	rename("$tmp/$entries[0]", $dest)
+-	    or syserr(g_('unable to rename %s to %s'),
+-	              "$tmp/$entries[0]", $dest);
++    # If we are extracting "in-place" do not remove the destination directory.
++    if ($opts{in_place}) {
++        my $canon_basedir = Cwd::realpath($dest);
++        # On Solaris /dev/null points to /devices/pseudo/mm@0:null.
++        my $canon_devnull = Cwd::realpath('/dev/null');
++        my $check_symlink = sub {
++            my $pathname = shift;
++            my $canon_pathname = Cwd::realpath($pathname);
++            if (not defined $canon_pathname) {
++                return if $! == ENOENT;
++
++                syserr(g_("pathname '%s' cannot be canonicalized"), $pathname);
++            }
++            return if $canon_pathname eq $canon_devnull;
++            return if $canon_pathname eq $canon_basedir;
++            return if $canon_pathname =~ m{^\Q$canon_basedir/\E};
++            warning(g_("pathname '%s' points outside source root (to '%s')"),
++                    $pathname, $canon_pathname);
++        };
++
++        my $move_in_place = sub {
++            my $relpath = File::Spec->abs2rel($File::Find::name, $tmp);
++            my $destpath = File::Spec->catfile($dest, $relpath);
++
++            my ($mode, $atime, $mtime);
++            lstat $File::Find::name
++                or syserr(g_('cannot get source pathname %s metadata'), $File::Find::name);
++            ((undef) x 2, $mode, (undef) x 5, $atime, $mtime) = lstat _;
++            my $src_is_dir = -d _;
++
++            my $dest_exists = 1;
++            if (not lstat $destpath) {
++                if ($! == ENOENT) {
++                    $dest_exists = 0;
++                } else {
++                    syserr(g_('cannot get target pathname %s metadata'), $destpath);
++                }
++            }
++            my $dest_is_dir = -d _;
++            if ($dest_exists) {
++                if ($dest_is_dir && $src_is_dir) {
++                    # Refresh the destination directory attributes with the
++                    # ones from the tarball.
++                    chmod $mode, $destpath
++                        or syserr(g_('cannot change directory %s mode'), $File::Find::name);
++                    utime $atime, $mtime, $destpath
++                        or syserr(g_('cannot change directory %s times'), $File::Find::name);
++
++                    # We should do nothing, and just walk further tree.
++                    return;
++                } elsif ($dest_is_dir) {
++                    rmdir $destpath
++                        or syserr(g_('cannot remove destination directory %s'), $destpath);
++                } else {
++                    $check_symlink->($destpath);
++                    unlink $destpath
++                        or syserr(g_('cannot remove destination file %s'), $destpath);
++                }
++            }
++            # If we are moving a directory, we do not need to walk it.
++            if ($src_is_dir) {
++                $File::Find::prune = 1;
++            }
++            rename $File::Find::name, $destpath
++                or syserr(g_('cannot move %s to %s'), $File::Find::name, $destpath);
++        };
++
++        find({
++            wanted => $move_in_place,
++            no_chdir => 1,
++            dangling_symlinks => 0,
++        }, $tmp);
+     } else {
+-	rename($tmp, $dest)
+-	    or syserr(g_('unable to rename %s to %s'), $tmp, $dest);
++        # Rename extracted directory
++        opendir(my $dir_dh, $tmp) or syserr(g_('cannot opendir %s'), $tmp);
++        my @entries = grep { $_ ne '.' && $_ ne '..' } readdir($dir_dh);
++        closedir($dir_dh);
++
++        erasedir($dest);
++
++        if (scalar(@entries) == 1 && ! -l "$tmp/$entries[0]" && -d _) {
++            rename("$tmp/$entries[0]", $dest)
++                or syserr(g_('unable to rename %s to %s'),
++                          "$tmp/$entries[0]", $dest);
++        } else {
++            rename($tmp, $dest)
++                or syserr(g_('unable to rename %s to %s'), $tmp, $dest);
++        }
+     }
+     erasedir($tmp);
+ }
+diff --git a/scripts/t/Dpkg_Source_Archive.t b/scripts/t/Dpkg_Source_Archive.t
+index 7b70da68e..504fbe1d4 100644
+--- a/scripts/t/Dpkg_Source_Archive.t
++++ b/scripts/t/Dpkg_Source_Archive.t
+@@ -16,12 +16,120 @@
+ use strict;
+ use warnings;
+ 
+-use Test::More tests => 1;
++use Test::More tests => 4;
++use Test::Dpkg qw(:paths);
++
++use File::Spec;
++use File::Path qw(make_path rmtree);
+ 
+ BEGIN {
+     use_ok('Dpkg::Source::Archive');
+ }
+ 
++use Dpkg;
++
++my $tmpdir = test_get_temp_path();
++
++rmtree($tmpdir);
++
++sub test_touch
++{
++    my ($name, $data) = @_;
++
++    open my $fh, '>', $name
++        or die "cannot touch file $name\n";
++    print { $fh } $data if $data;
++    close $fh;
++}
++
++sub test_path_escape
++{
++    my $name = shift;
++
++    my $treedir = File::Spec->rel2abs("$tmpdir/$name-tree");
++    my $overdir = File::Spec->rel2abs("$tmpdir/$name-overlay");
++    my $outdir = "$tmpdir/$name-out";
++    my $expdir = "$tmpdir/$name-exp";
++
++    # This is the base directory, where we are going to be extracting stuff
++    # into, which include traps.
++    make_path("$treedir/subdir-a");
++    test_touch("$treedir/subdir-a/file-a");
++    test_touch("$treedir/subdir-a/file-pre-a");
++    make_path("$treedir/subdir-b");
++    test_touch("$treedir/subdir-b/file-b");
++    test_touch("$treedir/subdir-b/file-pre-b");
++    symlink File::Spec->abs2rel($outdir, $treedir), "$treedir/symlink-escape";
++    symlink File::Spec->abs2rel("$outdir/nonexistent", $treedir), "$treedir/symlink-nonexistent";
++    symlink "$treedir/file", "$treedir/symlink-within";
++    test_touch("$treedir/supposed-dir");
++
++    # This is the overlay directory, which we'll pack and extract over the
++    # base directory.
++    make_path($overdir);
++    make_path("$overdir/subdir-a/aa");
++    test_touch("$overdir/subdir-a/aa/file-aa", 'aa');
++    test_touch("$overdir/subdir-a/file-a", 'a');
++    make_path("$overdir/subdir-b/bb");
++    test_touch("$overdir/subdir-b/bb/file-bb", 'bb');
++    test_touch("$overdir/subdir-b/file-b", 'b');
++    make_path("$overdir/symlink-escape");
++    test_touch("$overdir/symlink-escape/escaped-file", 'escaped');
++    test_touch("$overdir/symlink-nonexistent", 'nonexistent');
++    make_path("$overdir/symlink-within");
++    make_path("$overdir/supposed-dir");
++    test_touch("$overdir/supposed-dir/supposed-file", 'something');
++
++    # Generate overlay tar.
++    system($Dpkg::PROGTAR, '-cf', "$overdir.tar", '-C', $overdir, qw(
++        subdir-a subdir-b
++        symlink-escape/escaped-file symlink-nonexistent symlink-within
++        supposed-dir
++        )) == 0
++        or die "cannot create overlay tar archive\n";
++
++   # This is the expected directory, which we'll be comparing against.
++    make_path($expdir);
++    system('cp', '-a', $overdir, $expdir) == 0
++        or die "cannot copy overlay hierarchy into expected directory\n";
++
++    # Store the expected and out reference directories into a tar to compare
++    # its structure against the result reference.
++    system($Dpkg::PROGTAR, '-cf', "$expdir.tar", '-C', $overdir, qw(
++        subdir-a subdir-b
++        symlink-escape/escaped-file symlink-nonexistent symlink-within
++        supposed-dir
++        ), '-C', $treedir, qw(
++        subdir-a/file-pre-a
++        subdir-b/file-pre-b
++        )) == 0
++        or die "cannot create expected tar archive\n";
++
++    # This directory is supposed to remain empty, anything inside implies a
++    # directory traversal.
++    make_path($outdir);
++
++    my $warnseen;
++    local $SIG{__WARN__} = sub { $warnseen = $_[0] };
++
++    # Perform the extraction.
++    my $tar = Dpkg::Source::Archive->new(filename => "$overdir.tar");
++    $tar->extract($treedir, in_place => 1);
++
++    # Store the result into a tar to compare its structure against a reference.
++    system($Dpkg::PROGTAR, '-cf', "$treedir.tar", '-C', $treedir, '.');
++
++    # Check results
++    ok(length $warnseen && $warnseen =~ m/points outside source root/,
++       'expected warning seen');
++    ok(system($Dpkg::PROGTAR, '--compare', '-f', "$expdir.tar", '-C', $treedir) == 0,
++       'expected directory matches');
++    ok(! -e "$outdir/escaped-file",
++       'expected output directory is empty, directory traversal');
++}
++
++test_path_escape('in-place');
++
+ # TODO: Add actual test cases.
+ 
+ 1;
+-- 
+cgit v1.2.3
+
diff --git a/app-arch/dpkg/files/dpkg-1.21.15-buf-lengh.patch b/app-arch/dpkg/files/dpkg-1.21.15-buf-lengh.patch
deleted file mode 100644
index 1ab28d1df5a0..000000000000
--- a/app-arch/dpkg/files/dpkg-1.21.15-buf-lengh.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From 7caf70b6cda200e1bad77c26e46e465a4ad76d71 Mon Sep 17 00:00:00 2001
-From: Georgy Yakovlev <gyakovlev@gentoo.org>
-Date: Mon, 2 Jan 2023 21:57:29 -0800
-Subject: [PATCH] dpkg-deb: increase buf lengh in movecontrolfiles
-
-In some cases limit of 200 is too short.
-For example, on gentoo we build in /var/tmp/portage (user configurable)
-
-the buf contents end up exactly 201 characters:
-e.g.: "mv /long/path /another/long/path && rmdir /yet/another/long/path"
-
-so we only catch it in testsuite and dpkg-deb tests fail sometimes.
-
-Signed-off-by: Georgy Yakovlev <gyakovlev@gentoo.org>
----
- src/deb/extract.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/deb/extract.c b/src/deb/extract.c
-index a098539..332c664 100644
---- a/src/deb/extract.c
-+++ b/src/deb/extract.c
-@@ -53,7 +53,7 @@
- static void
- movecontrolfiles(const char *dir, const char *thing)
- {
--  char buf[200];
-+  char buf[512];
-   pid_t pid;
- 
-   sprintf(buf, "mv %s/%s/* %s/ && rmdir %s/%s", dir, thing, dir, dir, thing);
--- 
-2.39.0
-
diff --git a/app-arch/dpkg/files/dpkg-1.21.15-buf-overflow.patch b/app-arch/dpkg/files/dpkg-1.21.15-buf-overflow.patch
new file mode 100644
index 000000000000..864d57b98a5c
--- /dev/null
+++ b/app-arch/dpkg/files/dpkg-1.21.15-buf-overflow.patch
@@ -0,0 +1,45 @@
+From 5356621172d669d8f62e7e746a6c7a11345aec4e Mon Sep 17 00:00:00 2001
+From: Guillem Jover <guillem@debian.org>
+Date: Tue, 3 Jan 2023 23:29:05 +0100
+Subject: dpkg-deb: Fix buffer overflow on long directory names with old deb
+ formats
+
+The handling for deb 0.x formats that relocates files around once
+extracted was using a buffer with a hardcoded size, not taking into
+account the length of the directory which would overflow it.
+
+Switch to use a dynamically allocated buffer to handle any destination
+directory length.
+
+Reported-by: Georgy Yakovlev <gyakovlev@gentoo.org>
+---
+ src/deb/extract.c | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/src/deb/extract.c b/src/deb/extract.c
+index a09853962..6466fa6f2 100644
+--- a/src/deb/extract.c
++++ b/src/deb/extract.c
+@@ -53,15 +53,16 @@
+ static void
+ movecontrolfiles(const char *dir, const char *thing)
+ {
+-  char buf[200];
++  char *cmd;
+   pid_t pid;
+ 
+-  sprintf(buf, "mv %s/%s/* %s/ && rmdir %s/%s", dir, thing, dir, dir, thing);
++  cmd = str_fmt("mv %s/%s/* %s/ && rmdir %s/%s", dir, thing, dir, dir, thing);
+   pid = subproc_fork();
+   if (pid == 0) {
+-    command_shell(buf, _("shell command to move files"));
++    command_shell(cmd, _("shell command to move files"));
+   }
+   subproc_reap(pid, _("shell command to move files"), 0);
++  free(cmd);
+ }
+ 
+ static void DPKG_ATTR_NORET
+-- 
+cgit v1.2.3
+
author	V3n3RiX <venerix@koprulu.sector>	2023-01-04 12:06:28 +0000
committer	V3n3RiX <venerix@koprulu.sector>	2023-01-04 12:06:28 +0000
commit	4551b41523452c0d743a71cca34e4dca2ca7538c (patch)
tree	2b9ae4a442d7c2810f92833363fd36db073888f0 /app-arch
parent	27e5574c9ed56a2633e25f7fa8f591554266a1b4 (diff)