dpkg: updated to 1.18.24

dpkg 1.18.24:
* Add missing symbols to the libdpkg map file.
* Fix dpkg-shlibdeps to preserve the Dpkg::Shlibs::find_library() order
  when scanning symbols/shlibs files. This was causing generation of bogus
  dependencies when multiple packages provide the same SONAME on different
  directories. Regression introduced in dpkg 1.18.17.
* Make dpkg-maintscript-helper print all unowned files from a directory
  when printing the error message, to ease debugging those problems after
  the fact.
  Based on a patch by Bastien ROUCARI?<88>S <roucaries.bastien@gmail.com>.
* Add duplicate prevention code for debian/files to dpkg-genbuildinfo, so
  that successive runs with different versions and equivalent build types
  do not generate multiple .buildinfo entries to be uploaded, which is
  similar to what dpkg-gencontrol is doing for .deb files.
* Fix conffile takeover handling during unpack in dpkg on --root or
  on diversions.
* Fix digest inference for shared conffiles, causing bogus takeover
  unpack errors. Regression introduced in dpkg 1.16.9.
* Improve tar entry metadata parsing in dpkg:
  - Do not parse device numbers for non block nor char tar entry objects.
  - Make the existing octal parser more robust, by checking for the
    expected format of leading zeros or spaces, followed by any ASCII
    octal characters (0-7), followed by zero or more space or NULs.
  - Add support for base-256 encoded numeric fields, to support large
    values, for UID/GID, device number, size and even signed timestamps.
    This is necessary not only to be able to store larger values, but to
    cover packages that can already be generated by dpkg-deb, given that
    it uses the system GNU tar when building.
* Architecture support:
  - Add support for ARM64 ILP32.
* Perl modules:
  - Remove obsolete hardening-wrapper support from Dpkg::Vendor::Ubuntu.
  - Bump $Dpkg::Deps::VERSION to match the one documented in CHANGES.
  - Ignore by default debian/files.new and debian/files for all source
    formats in Dpkg::Source::Package, because these are generated files
    with well known pathnames, part of the public interface, and with
    dpkg-genbuildinfo always injecting .buildinfo entries into
    debian/files, this meant this could disrupt previous workflows based
    on not cleaning the source tree.
* Documentation:
  - Many spelling fixes.
  - Do not include mispellings in changelogs, as that makes detecting them
    more difficult.
* Build system:
  - Use libexec variable for auxiliary internal programs, and set it to
    /usr/lib on Debian and derivatives.
  - Check that the detected tar is a GNU tar.
  - Check that the detected patch is a GNU patch, so that we get a directory
    traversal resistant patch implementation. This fixes CVE-2017-8283 by
    delegating those checks to patch(1), so that we trap blank-indented
    diff hunks trying to escape from the source tree.
* Test suite:
  - Add a test case for blank-indented patches which were the cause for
    CVE-2017-8283.
  - Handle files with non-zero sizes in c-tarextract libdpkg test code.

3 files changed, 40 insertions, 41 deletions

diff --git a/misc/dpkg/Makefile b/misc/dpkg/Makefile
index 3e30a385d60..e653ce91b58 100644
--- a/misc/dpkg/Makefile
+++ b/misc/dpkg/Makefile
@@ -1,8 +1,7 @@
-# $NetBSD: Makefile,v 1.43 2017/08/01 14:59:02 wiz Exp $
+# $NetBSD: Makefile,v 1.44 2017/12/07 12:35:41 adam Exp $
 
-DISTNAME=	dpkg_1.18.23
+DISTNAME=	dpkg_1.18.24
 PKGNAME=	${DISTNAME:S/_/-/}
-PKGREVISION=	1
 CATEGORIES=	misc
 MASTER_SITES=	${MASTER_SITE_DEBIAN:=pool/main/d/dpkg/}
 EXTRACT_SUFX=	.tar.xz
@@ -12,6 +11,7 @@ HOMEPAGE=	https://wiki.debian.org/Teams/Dpkg
 COMMENT=	Package maintenance system for Debian
 LICENSE=	gnu-gpl-v2
 
+DEPENDS+=		patch-[0-9]*:../../devel/patch
 BUILD_DEPENDS+=		po4a-[0-9]*:../../textproc/po4a
 # TEST_DEPENDS
 BUILD_DEPENDS+=		p5-IO-String-[0-9]*:../../devel/p5-IO-String
@@ -20,20 +20,19 @@ WRKSRC=		${WRKDIR}/${PKGNAME_NOREV}
 BUILD_DEFS+=	VARBASE
 
 USE_PKGLOCALEDIR=	yes
-GNU_CONFIGURE=		yes
 USE_LANGUAGES=		c c++
 USE_TOOLS+=		gmake msgfmt perl:run gtar:run pod2man
+GNU_CONFIGURE=		yes
+CONFIGURE_ARGS+=	--with-admindir=${VARBASE}/db/dpkg
+CONFIGURE_ARGS+=	--sysconfdir=${PREFIX}/share/dpkg
+CONFIGURE_ARGS.Darwin+=	--enable-linker-optimizations=no
+CONFIGURE_ENV+=		PATCH=${PREFIX}/bin/gpatch
+CONFIGURE_ENV+=		TAR=${TOOLS_PLATFORM.gtar:Q}
 TEST_TARGET=		check
 INCOMPAT_CURSES+=	NetBSD-[0-5].*-*
 
 REPLACE_PERL=		scripts/*.pl
 
-CONFIGURE_ARGS+=	--with-admindir=${VARBASE}/db/dpkg
-CONFIGURE_ARGS+=	--sysconfdir=${PREFIX}/share/dpkg
-CONFIGURE_ARGS+=	TAR=${TOOLS_PLATFORM.gtar}
-
-CONFIGURE_ARGS.Darwin+=	--enable-linker-optimizations=no
-
 .include "../../archivers/bzip2/buildlink3.mk"
 .include "../../archivers/xz/buildlink3.mk"
 .include "../../converters/libiconv/buildlink3.mk"
diff --git a/misc/dpkg/PLIST b/misc/dpkg/PLIST
index 0b1aa27c869..3e6aff86666 100644
--- a/misc/dpkg/PLIST
+++ b/misc/dpkg/PLIST
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.11 2017/03/09 11:52:26 wiz Exp $
+@comment $NetBSD: PLIST,v 1.12 2017/12/07 12:35:41 adam Exp $
 bin/dpkg
 bin/dpkg-architecture
 bin/dpkg-buildflags
@@ -68,31 +68,6 @@ include/dpkg/trigdeferred.h
 include/dpkg/triglib.h
 include/dpkg/varbuf.h
 include/dpkg/version.h
-lib/dpkg/methods/disk/desc.cdrom
-lib/dpkg/methods/disk/desc.harddisk
-lib/dpkg/methods/disk/desc.mounted
-lib/dpkg/methods/disk/desc.nfs
-lib/dpkg/methods/disk/install
-lib/dpkg/methods/disk/names
-lib/dpkg/methods/disk/setup
-lib/dpkg/methods/disk/update
-lib/dpkg/methods/floppy/desc.floppy
-lib/dpkg/methods/floppy/install
-lib/dpkg/methods/floppy/names
-lib/dpkg/methods/floppy/setup
-lib/dpkg/methods/floppy/update
-lib/dpkg/methods/ftp/desc.ftp
-lib/dpkg/methods/ftp/install
-lib/dpkg/methods/ftp/names
-lib/dpkg/methods/ftp/setup
-lib/dpkg/methods/ftp/update
-lib/dpkg/methods/multicd/desc.multi_cd
-lib/dpkg/methods/multicd/desc.multi_mount
-lib/dpkg/methods/multicd/desc.multi_nfs
-lib/dpkg/methods/multicd/install
-lib/dpkg/methods/multicd/names
-lib/dpkg/methods/multicd/setup
-lib/dpkg/methods/multicd/update
 lib/libdpkg.la
 ${PERL5_SUB_INSTALLVENDORLIB}/Dpkg.pm
 ${PERL5_SUB_INSTALLVENDORLIB}/Dpkg/Arch.pm
@@ -161,6 +136,31 @@ ${PERL5_SUB_INSTALLVENDORLIB}/Dpkg/Vendor/Ubuntu.pm
 ${PERL5_SUB_INSTALLVENDORLIB}/Dpkg/Version.pm
 ${PERL5_SUB_INSTALLVENDORLIB}/Dselect/Ftp.pm
 lib/pkgconfig/libdpkg.pc
+libexec/dpkg/methods/disk/desc.cdrom
+libexec/dpkg/methods/disk/desc.harddisk
+libexec/dpkg/methods/disk/desc.mounted
+libexec/dpkg/methods/disk/desc.nfs
+libexec/dpkg/methods/disk/install
+libexec/dpkg/methods/disk/names
+libexec/dpkg/methods/disk/setup
+libexec/dpkg/methods/disk/update
+libexec/dpkg/methods/floppy/desc.floppy
+libexec/dpkg/methods/floppy/install
+libexec/dpkg/methods/floppy/names
+libexec/dpkg/methods/floppy/setup
+libexec/dpkg/methods/floppy/update
+libexec/dpkg/methods/ftp/desc.ftp
+libexec/dpkg/methods/ftp/install
+libexec/dpkg/methods/ftp/names
+libexec/dpkg/methods/ftp/setup
+libexec/dpkg/methods/ftp/update
+libexec/dpkg/methods/multicd/desc.multi_cd
+libexec/dpkg/methods/multicd/desc.multi_mount
+libexec/dpkg/methods/multicd/desc.multi_nfs
+libexec/dpkg/methods/multicd/install
+libexec/dpkg/methods/multicd/names
+libexec/dpkg/methods/multicd/setup
+libexec/dpkg/methods/multicd/update
 man/de/man1/dpkg-architecture.1
 man/de/man1/dpkg-buildflags.1
 man/de/man1/dpkg-buildpackage.1
diff --git a/misc/dpkg/distinfo b/misc/dpkg/distinfo
index 5bca155661d..8228c24d566 100644
--- a/misc/dpkg/distinfo
+++ b/misc/dpkg/distinfo
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.12 2017/03/06 22:47:04 wiz Exp $
+$NetBSD: distinfo,v 1.13 2017/12/07 12:35:41 adam Exp $
 
-SHA1 (dpkg_1.18.23.tar.xz) = a090c0003d27bd467b9d4e683f2fa634f88d9486
-RMD160 (dpkg_1.18.23.tar.xz) = 84ee173c6efa0437f9faccefea59f82edaea821e
-SHA512 (dpkg_1.18.23.tar.xz) = 4f9bed1fb0558fa6b003601b7be8d67eb592140b7f9ac4cf0bccb394e14b42a822cdc692c8c6e27ad2929719fe78659f21c128cb17618733d344fd3489f42be7
-Size (dpkg_1.18.23.tar.xz) = 4516252 bytes
+SHA1 (dpkg_1.18.24.tar.xz) = 155fe5c91728bdf82756674d5aa85e4ff2e3eac6
+RMD160 (dpkg_1.18.24.tar.xz) = 0fe5e443ed2f25ecc401c16855f2e920152b963e
+SHA512 (dpkg_1.18.24.tar.xz) = 74df36a49a1b6b2243db14bd7ee0b69e50c2f0e79fc87e86e9b3cba2261fb717e421f7190a3ba54b4680a2f83855e5857dcb2625aa56847133258567392f1d42
+Size (dpkg_1.18.24.tar.xz) = 4530444 bytes