Portage emits this DeprecationWarning during gpkg extraction: /usr/lib/python3.13/site-packages/portage/gpkg.py:675: DeprecationWarning: Python 3.14 will, by default, filter extracted tar archives and reject files or modify their metadata. Use the filter argument to control this behavior. It looks like we should probably use filter="fully_trusted" and it's been backported to python 3.8.17: https://docs.python.org/3.8/library/tarfile.html#tarfile-extraction-filter
It looks like overriding the default extraction_filter is probably convenient: https://docs.python.org/3.8/library/tarfile.html#tarfile.TarFile.extraction_filter
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/proj/portage.git/commit/?id=f620a0769a509966295954c2b0c76e46e8fb4289 commit f620a0769a509966295954c2b0c76e46e8fb4289 Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2024-06-02 21:53:04 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2024-06-09 17:53:31 +0000 tar_safe_extract: Use tarfile.fully_trusted_filter This suppresses a DeprecationWarning triggered because the tarfile.data_filter will become the new default in python3.14. The fully_trusted filter should be suitable here because tar_safe_extract already performs security validation on tar members prior to extraction. Bug: https://bugs.gentoo.org/933433 Signed-off-by: Zac Medico <zmedico@gentoo.org> lib/portage/gpkg.py | 9 +++++++++ 1 file changed, 9 insertions(+)
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=02d0e00a1ba811b39140d10e17488f7fc3916534 commit 02d0e00a1ba811b39140d10e17488f7fc3916534 Author: Sam James <sam@gentoo.org> AuthorDate: 2024-09-11 01:30:10 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2024-09-11 01:30:30 +0000 sys-apps/portage: add 3.0.66 Closes: https://bugs.gentoo.org/435066 Closes: https://bugs.gentoo.org/907061 Closes: https://bugs.gentoo.org/910560 Closes: https://bugs.gentoo.org/933433 Closes: https://bugs.gentoo.org/934220 Closes: https://bugs.gentoo.org/934514 Closes: https://bugs.gentoo.org/934784 Closes: https://bugs.gentoo.org/935830 Closes: https://bugs.gentoo.org/936273 Closes: https://bugs.gentoo.org/937384 Closes: https://bugs.gentoo.org/937485 Closes: https://bugs.gentoo.org/937740 Closes: https://bugs.gentoo.org/937888 Closes: https://bugs.gentoo.org/937891 Closes: https://bugs.gentoo.org/938127 Closes: https://bugs.gentoo.org/933499 Signed-off-by: Sam James <sam@gentoo.org> sys-apps/portage/Manifest | 1 + sys-apps/portage/portage-3.0.66.ebuild | 227 +++++++++++++++++++++++++++++++++ 2 files changed, 228 insertions(+)