After reviewing the very large number of changes from 1.21.4 to 1.21.22 I don't think this appropriate for an LTS release:
https://launchpad.net/debian/+source/dpkg/+changelog Steve On Wed, Jun 5, 2024 at 8:32 PM Yi Zhao via lists.openembedded.org <[email protected]> wrote: > > ChangeLog: > https://salsa.debian.org/dpkg-team/dpkg/-/raw/1.21.x/debian/changelog > > * Add new dependency libmd > * Update SRC_URI > * Refresh patch > * Drop backport patch > > Signed-off-by: Yi Zhao <[email protected]> > --- > meta/recipes-devtools/dpkg/dpkg.inc | 4 +- > ...ive-Prevent-directory-traversal-for-.patch | 328 ------------------ > ...s-expect-D-to-be-set-when-running-in.patch | 14 +- > .../dpkg/{dpkg_1.21.4.bb => dpkg_1.21.22.bb} | 5 +- > 4 files changed, 11 insertions(+), 340 deletions(-) > delete mode 100644 > meta/recipes-devtools/dpkg/dpkg/0001-Dpkg-Source-Archive-Prevent-directory-traversal-for-.patch > rename meta/recipes-devtools/dpkg/{dpkg_1.21.4.bb => dpkg_1.21.22.bb} (86%) > > diff --git a/meta/recipes-devtools/dpkg/dpkg.inc > b/meta/recipes-devtools/dpkg/dpkg.inc > index 0d17a98b80..b3e8c05d62 100644 > --- a/meta/recipes-devtools/dpkg/dpkg.inc > +++ b/meta/recipes-devtools/dpkg/dpkg.inc > @@ -4,8 +4,8 @@ HOMEPAGE = "https://salsa.debian.org/dpkg-team/dpkg"; > DESCRIPTION = "The primary interface for the dpkg suite is the dselect > program. A more low-level and less user-friendly interface is available in > the form of the dpkg command." > SECTION = "base" > > -DEPENDS = "zlib bzip2 perl ncurses" > -DEPENDS:class-native = "bzip2-replacement-native zlib-native > virtual/update-alternatives-native gettext-native perl-native" > +DEPENDS = "zlib bzip2 perl ncurses libmd" > +DEPENDS:class-native = "bzip2-replacement-native zlib-native > virtual/update-alternatives-native gettext-native perl-native libmd-native" > RDEPENDS:${PN} = "${VIRTUAL-RUNTIME_update-alternatives} perl" > RDEPENDS:${PN}:class-native = "" > > diff --git > a/meta/recipes-devtools/dpkg/dpkg/0001-Dpkg-Source-Archive-Prevent-directory-traversal-for-.patch > > b/meta/recipes-devtools/dpkg/dpkg/0001-Dpkg-Source-Archive-Prevent-directory-traversal-for-.patch > deleted file mode 100644 > index d249d854fb..0000000000 > --- > a/meta/recipes-devtools/dpkg/dpkg/0001-Dpkg-Source-Archive-Prevent-directory-traversal-for-.patch > +++ /dev/null > @@ -1,328 +0,0 @@ > -From 6d8a6799639f8853a2af1f9036bc70fddbfdd2a2 Mon Sep 17 00:00:00 2001 > -From: Guillem Jover <[email protected]> > -Date: Tue, 3 May 2022 02:09:32 +0200 > -Subject: [PATCH] Dpkg::Source::Archive: Prevent directory traversal for > - in-place extracts > - > -For untrusted v2 and v3 source package formats that include a debian.tar > -archive, when we are extracting it, we do that as an in-place extraction, > -which can lead to directory traversal situations on specially crafted > -orig.tar and debian.tar tarballs. > - > -GNU tar replaces entries on the filesystem by the entries present on > -the tarball, but it will follow symlinks when the symlink pathname > -itself is not present as an actual directory on the tarball. > - > -This means we can create an orig.tar where there's a symlink pointing > -out of the source tree root directory, and then a debian.tar that > -contains an entry within that symlink as if it was a directory, without > -a directory entry for the symlink pathname itself, which will be > -extracted following the symlink outside the source tree root. > - > -This is currently noted as expected in GNU tar documentation. But even > -if there was a new extraction mode avoiding this problem we'd need such > -new version. Using perl's Archive::Tar would solve the problem, but > -switching to such different pure perl implementation, could cause > -compatibility or performance issues. > - > -What we do is when we are requested to perform an in-place extract, we > -instead still use a temporary directory, then walk that directory and > -remove any matching entry in the destination directory, replicating what > -GNU tar would do, but in addition avoiding the directory traversal issue > -for symlinks. Which should work with any tar implementation and be safe. > - > -Reported-by: Max Justicz <[email protected]> > -Stable-Candidates: 1.18.x 1.19.x 1.20.x > -Fixes: commit 0c0057a27fecccab77d2b3cffa9a7d172846f0b4 (1.14.17) > -Fixes: CVE-2022-1664 > - > -CVE: CVE-2022-1664 > -Upstream-Status: Backport [7a6c03cb34d4a09f35df2f10779cbf1b70a5200b] > - > -Signed-off-by: Sakib Sajal <[email protected]> > ---- > - scripts/Dpkg/Source/Archive.pm | 122 +++++++++++++++++++++++++------- > - scripts/t/Dpkg_Source_Archive.t | 110 +++++++++++++++++++++++++++- > - 2 files changed, 204 insertions(+), 28 deletions(-) > - > -diff --git a/scripts/Dpkg/Source/Archive.pm b/scripts/Dpkg/Source/Archive.pm > -index 33c181b20..2ddd04af8 100644 > ---- a/scripts/Dpkg/Source/Archive.pm > -+++ b/scripts/Dpkg/Source/Archive.pm > -@@ -21,9 +21,11 @@ use warnings; > - our $VERSION = '0.01'; > - > - use Carp; > -+use Errno qw(ENOENT); > - use File::Temp qw(tempdir); > - use File::Basename qw(basename); > - use File::Spec; > -+use File::Find; > - use Cwd; > - > - use Dpkg (); > -@@ -110,19 +112,13 @@ sub extract { > - my %spawn_opts = (wait_child => 1); > - > - # Prepare destination > -- my $tmp; > -- if ($opts{in_place}) { > -- $spawn_opts{chdir} = $dest; > -- $tmp = $dest; # So that fixperms call works > -- } else { > -- my $template = basename($self->get_filename()) . > '.tmp-extract.XXXXX'; > -- unless (-e $dest) { > -- # Kludge so that realpath works > -- mkdir($dest) or syserr(g_('cannot create directory %s'), $dest); > -- } > -- $tmp = tempdir($template, DIR => Cwd::realpath("$dest/.."), CLEANUP > => 1); > -- $spawn_opts{chdir} = $tmp; > -+ my $template = basename($self->get_filename()) . '.tmp-extract.XXXXX'; > -+ unless (-e $dest) { > -+ # Kludge so that realpath works > -+ mkdir($dest) or syserr(g_('cannot create directory %s'), $dest); > - } > -+ my $tmp = tempdir($template, DIR => Cwd::realpath("$dest/.."), CLEANUP > => 1); > -+ $spawn_opts{chdir} = $tmp; > - > - # Prepare stuff that handles the input of tar > - $self->ensure_open('r', delete_sig => [ 'PIPE' ]); > -@@ -145,22 +141,94 @@ sub extract { > - # have to be calculated using mount options and other madness. > - fixperms($tmp) unless $opts{no_fixperms}; > - > -- # Stop here if we extracted in-place as there's nothing to move around > -- return if $opts{in_place}; > -- > -- # Rename extracted directory > -- opendir(my $dir_dh, $tmp) or syserr(g_('cannot opendir %s'), $tmp); > -- my @entries = grep { $_ ne '.' && $_ ne '..' } readdir($dir_dh); > -- closedir($dir_dh); > -- my $done = 0; > -- erasedir($dest); > -- if (scalar(@entries) == 1 && ! -l "$tmp/$entries[0]" && -d _) { > -- rename("$tmp/$entries[0]", $dest) > -- or syserr(g_('unable to rename %s to %s'), > -- "$tmp/$entries[0]", $dest); > -+ # If we are extracting "in-place" do not remove the destination > directory. > -+ if ($opts{in_place}) { > -+ my $canon_basedir = Cwd::realpath($dest); > -+ # On Solaris /dev/null points to /devices/pseudo/mm@0:null. > -+ my $canon_devnull = Cwd::realpath('/dev/null'); > -+ my $check_symlink = sub { > -+ my $pathname = shift; > -+ my $canon_pathname = Cwd::realpath($pathname); > -+ if (not defined $canon_pathname) { > -+ return if $! == ENOENT; > -+ > -+ syserr(g_("pathname '%s' cannot be canonicalized"), > $pathname); > -+ } > -+ return if $canon_pathname eq $canon_devnull; > -+ return if $canon_pathname eq $canon_basedir; > -+ return if $canon_pathname =~ m{^\Q$canon_basedir/\E}; > -+ warning(g_("pathname '%s' points outside source root (to > '%s')"), > -+ $pathname, $canon_pathname); > -+ }; > -+ > -+ my $move_in_place = sub { > -+ my $relpath = File::Spec->abs2rel($File::Find::name, $tmp); > -+ my $destpath = File::Spec->catfile($dest, $relpath); > -+ > -+ my ($mode, $atime, $mtime); > -+ lstat $File::Find::name > -+ or syserr(g_('cannot get source pathname %s metadata'), > $File::Find::name); > -+ ((undef) x 2, $mode, (undef) x 5, $atime, $mtime) = lstat _; > -+ my $src_is_dir = -d _; > -+ > -+ my $dest_exists = 1; > -+ if (not lstat $destpath) { > -+ if ($! == ENOENT) { > -+ $dest_exists = 0; > -+ } else { > -+ syserr(g_('cannot get target pathname %s metadata'), > $destpath); > -+ } > -+ } > -+ my $dest_is_dir = -d _; > -+ if ($dest_exists) { > -+ if ($dest_is_dir && $src_is_dir) { > -+ # Refresh the destination directory attributes with the > -+ # ones from the tarball. > -+ chmod $mode, $destpath > -+ or syserr(g_('cannot change directory %s mode'), > $File::Find::name); > -+ utime $atime, $mtime, $destpath > -+ or syserr(g_('cannot change directory %s times'), > $File::Find::name); > -+ > -+ # We should do nothing, and just walk further tree. > -+ return; > -+ } elsif ($dest_is_dir) { > -+ rmdir $destpath > -+ or syserr(g_('cannot remove destination directory > %s'), $destpath); > -+ } else { > -+ $check_symlink->($destpath); > -+ unlink $destpath > -+ or syserr(g_('cannot remove destination file %s'), > $destpath); > -+ } > -+ } > -+ # If we are moving a directory, we do not need to walk it. > -+ if ($src_is_dir) { > -+ $File::Find::prune = 1; > -+ } > -+ rename $File::Find::name, $destpath > -+ or syserr(g_('cannot move %s to %s'), $File::Find::name, > $destpath); > -+ }; > -+ > -+ find({ > -+ wanted => $move_in_place, > -+ no_chdir => 1, > -+ dangling_symlinks => 0, > -+ }, $tmp); > - } else { > -- rename($tmp, $dest) > -- or syserr(g_('unable to rename %s to %s'), $tmp, $dest); > -+ # Rename extracted directory > -+ opendir(my $dir_dh, $tmp) or syserr(g_('cannot opendir %s'), $tmp); > -+ my @entries = grep { $_ ne '.' && $_ ne '..' } readdir($dir_dh); > -+ closedir($dir_dh); > -+ > -+ erasedir($dest); > -+ > -+ if (scalar(@entries) == 1 && ! -l "$tmp/$entries[0]" && -d _) { > -+ rename("$tmp/$entries[0]", $dest) > -+ or syserr(g_('unable to rename %s to %s'), > -+ "$tmp/$entries[0]", $dest); > -+ } else { > -+ rename($tmp, $dest) > -+ or syserr(g_('unable to rename %s to %s'), $tmp, $dest); > -+ } > - } > - erasedir($tmp); > - } > -diff --git a/scripts/t/Dpkg_Source_Archive.t > b/scripts/t/Dpkg_Source_Archive.t > -index 7b70da68e..504fbe1d4 100644 > ---- a/scripts/t/Dpkg_Source_Archive.t > -+++ b/scripts/t/Dpkg_Source_Archive.t > -@@ -16,12 +16,120 @@ > - use strict; > - use warnings; > - > --use Test::More tests => 1; > -+use Test::More tests => 4; > -+use Test::Dpkg qw(:paths); > -+ > -+use File::Spec; > -+use File::Path qw(make_path rmtree); > - > - BEGIN { > - use_ok('Dpkg::Source::Archive'); > - } > - > -+use Dpkg; > -+ > -+my $tmpdir = test_get_temp_path(); > -+ > -+rmtree($tmpdir); > -+ > -+sub test_touch > -+{ > -+ my ($name, $data) = @_; > -+ > -+ open my $fh, '>', $name > -+ or die "cannot touch file $name\n"; > -+ print { $fh } $data if $data; > -+ close $fh; > -+} > -+ > -+sub test_path_escape > -+{ > -+ my $name = shift; > -+ > -+ my $treedir = File::Spec->rel2abs("$tmpdir/$name-tree"); > -+ my $overdir = File::Spec->rel2abs("$tmpdir/$name-overlay"); > -+ my $outdir = "$tmpdir/$name-out"; > -+ my $expdir = "$tmpdir/$name-exp"; > -+ > -+ # This is the base directory, where we are going to be extracting stuff > -+ # into, which include traps. > -+ make_path("$treedir/subdir-a"); > -+ test_touch("$treedir/subdir-a/file-a"); > -+ test_touch("$treedir/subdir-a/file-pre-a"); > -+ make_path("$treedir/subdir-b"); > -+ test_touch("$treedir/subdir-b/file-b"); > -+ test_touch("$treedir/subdir-b/file-pre-b"); > -+ symlink File::Spec->abs2rel($outdir, $treedir), > "$treedir/symlink-escape"; > -+ symlink File::Spec->abs2rel("$outdir/nonexistent", $treedir), > "$treedir/symlink-nonexistent"; > -+ symlink "$treedir/file", "$treedir/symlink-within"; > -+ test_touch("$treedir/supposed-dir"); > -+ > -+ # This is the overlay directory, which we'll pack and extract over the > -+ # base directory. > -+ make_path($overdir); > -+ make_path("$overdir/subdir-a/aa"); > -+ test_touch("$overdir/subdir-a/aa/file-aa", 'aa'); > -+ test_touch("$overdir/subdir-a/file-a", 'a'); > -+ make_path("$overdir/subdir-b/bb"); > -+ test_touch("$overdir/subdir-b/bb/file-bb", 'bb'); > -+ test_touch("$overdir/subdir-b/file-b", 'b'); > -+ make_path("$overdir/symlink-escape"); > -+ test_touch("$overdir/symlink-escape/escaped-file", 'escaped'); > -+ test_touch("$overdir/symlink-nonexistent", 'nonexistent'); > -+ make_path("$overdir/symlink-within"); > -+ make_path("$overdir/supposed-dir"); > -+ test_touch("$overdir/supposed-dir/supposed-file", 'something'); > -+ > -+ # Generate overlay tar. > -+ system($Dpkg::PROGTAR, '-cf', "$overdir.tar", '-C', $overdir, qw( > -+ subdir-a subdir-b > -+ symlink-escape/escaped-file symlink-nonexistent symlink-within > -+ supposed-dir > -+ )) == 0 > -+ or die "cannot create overlay tar archive\n"; > -+ > -+ # This is the expected directory, which we'll be comparing against. > -+ make_path($expdir); > -+ system('cp', '-a', $overdir, $expdir) == 0 > -+ or die "cannot copy overlay hierarchy into expected directory\n"; > -+ > -+ # Store the expected and out reference directories into a tar to compare > -+ # its structure against the result reference. > -+ system($Dpkg::PROGTAR, '-cf', "$expdir.tar", '-C', $overdir, qw( > -+ subdir-a subdir-b > -+ symlink-escape/escaped-file symlink-nonexistent symlink-within > -+ supposed-dir > -+ ), '-C', $treedir, qw( > -+ subdir-a/file-pre-a > -+ subdir-b/file-pre-b > -+ )) == 0 > -+ or die "cannot create expected tar archive\n"; > -+ > -+ # This directory is supposed to remain empty, anything inside implies a > -+ # directory traversal. > -+ make_path($outdir); > -+ > -+ my $warnseen; > -+ local $SIG{__WARN__} = sub { $warnseen = $_[0] }; > -+ > -+ # Perform the extraction. > -+ my $tar = Dpkg::Source::Archive->new(filename => "$overdir.tar"); > -+ $tar->extract($treedir, in_place => 1); > -+ > -+ # Store the result into a tar to compare its structure against a > reference. > -+ system($Dpkg::PROGTAR, '-cf', "$treedir.tar", '-C', $treedir, '.'); > -+ > -+ # Check results > -+ ok(length $warnseen && $warnseen =~ m/points outside source root/, > -+ 'expected warning seen'); > -+ ok(system($Dpkg::PROGTAR, '--compare', '-f', "$expdir.tar", '-C', > $treedir) == 0, > -+ 'expected directory matches'); > -+ ok(! -e "$outdir/escaped-file", > -+ 'expected output directory is empty, directory traversal'); > -+} > -+ > -+test_path_escape('in-place'); > -+ > - # TODO: Add actual test cases. > - > - 1; > --- > -2.33.0 > - > diff --git > a/meta/recipes-devtools/dpkg/dpkg/0003-Our-pre-postinsts-expect-D-to-be-set-when-running-in.patch > > b/meta/recipes-devtools/dpkg/dpkg/0003-Our-pre-postinsts-expect-D-to-be-set-when-running-in.patch > index 75ae848264..5e52427caf 100644 > --- > a/meta/recipes-devtools/dpkg/dpkg/0003-Our-pre-postinsts-expect-D-to-be-set-when-running-in.patch > +++ > b/meta/recipes-devtools/dpkg/dpkg/0003-Our-pre-postinsts-expect-D-to-be-set-when-running-in.patch > @@ -1,4 +1,4 @@ > -From dd11ed66640f79143e42d778b58fdd5a61fb5836 Mon Sep 17 00:00:00 2001 > +From 115fed94be9c61d2a8de21e7d169b5872e9ebd09 Mon Sep 17 00:00:00 2001 > From: Alexander Kanavin <[email protected]> > Date: Wed, 26 Aug 2015 16:25:45 +0300 > Subject: [PATCH] Our pre/postinsts expect $D to be set when running in a > @@ -12,21 +12,21 @@ ALIMON 2016/05/26 > ALIMON 2017/02/21 > KKang 2019/02/20 > --- > - src/main/script.c | 54 +++-------------------------------------------- > - 1 file changed, 3 insertions(+), 51 deletions(-) > + src/main/script.c | 53 +++-------------------------------------------- > + 1 file changed, 3 insertions(+), 50 deletions(-) > > diff --git a/src/main/script.c b/src/main/script.c > -index abe65b6..0edb8f1 100644 > +index b4f369dfa..559a49cc5 100644 > --- a/src/main/script.c > +++ b/src/main/script.c > -@@ -96,58 +96,10 @@ setexecute(const char *path, struct stat *stab) > - static const char * > +@@ -97,58 +97,11 @@ static const char * > maintscript_pre_exec(struct command *cmd) > { > + const char *instdir = dpkg_fsys_get_dir(); > - const char *admindir = dpkg_db_get_dir(); > - const char *changedir; > - size_t instdirlen = strlen(instdir); > -- > + > - if (instdirlen > 0 && in_force(FORCE_SCRIPT_CHROOTLESS)) > - changedir = instdir; > - else > diff --git a/meta/recipes-devtools/dpkg/dpkg_1.21.4.bb > b/meta/recipes-devtools/dpkg/dpkg_1.21.22.bb > similarity index 86% > rename from meta/recipes-devtools/dpkg/dpkg_1.21.4.bb > rename to meta/recipes-devtools/dpkg/dpkg_1.21.22.bb > index 7ef6233ee4..04bcc93321 100644 > --- a/meta/recipes-devtools/dpkg/dpkg_1.21.4.bb > +++ b/meta/recipes-devtools/dpkg/dpkg_1.21.22.bb > @@ -1,7 +1,7 @@ > require dpkg.inc > LIC_FILES_CHKSUM = "file://COPYING;md5=751419260aa954499f7abaabaa882bbe" > > -SRC_URI = > "git://salsa.debian.org/dpkg-team/dpkg.git;protocol=https;branch=main \ > +SRC_URI = > "git://salsa.debian.org/dpkg-team/dpkg.git;protocol=https;branch=1.21.x \ > file://noman.patch \ > file://remove-tar-no-timestamp.patch \ > file://arch_pm.patch \ > @@ -14,11 +14,10 @@ SRC_URI = > "git://salsa.debian.org/dpkg-team/dpkg.git;protocol=https;branch=main > file://0001-dpkg-Support-muslx32-build.patch \ > file://pager.patch \ > file://0001-Add-support-for-riscv32-CPU.patch \ > - > file://0001-Dpkg-Source-Archive-Prevent-directory-traversal-for-.patch \ > " > > SRC_URI:append:class-native = " > file://0001-build.c-ignore-return-of-1-from-tar-cf.patch" > > -SRCREV = "5563bdb608b3413639b69f1c76567cb66ff1a961" > +SRCREV = "48482e4f16467e05a08aa3b3b8048e08f0024609" > > S = "${WORKDIR}/git" > -- > 2.25.1 > > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#200400): https://lists.openembedded.org/g/openembedded-core/message/200400 Mute This Topic: https://lists.openembedded.org/mt/106517331/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
