From bba5d625fbd08a8016a648c66655e3b2ef4dfee4 Mon Sep 17 00:00:00 2001 From: Dan Peebles Date: Mon, 18 Dec 2017 11:49:18 -0500 Subject: [PATCH] gnutar: 1.29 -> 1.30 --- .../archivers/gnutar/CVE-2016-6321.patch | 35 ------------------- pkgs/tools/archivers/gnutar/default.nix | 6 ++-- 2 files changed, 2 insertions(+), 39 deletions(-) delete mode 100644 pkgs/tools/archivers/gnutar/CVE-2016-6321.patch diff --git a/pkgs/tools/archivers/gnutar/CVE-2016-6321.patch b/pkgs/tools/archivers/gnutar/CVE-2016-6321.patch deleted file mode 100644 index c53d92891fc..00000000000 --- a/pkgs/tools/archivers/gnutar/CVE-2016-6321.patch +++ /dev/null @@ -1,35 +0,0 @@ -commit 7340f67b9860ea0531c1450e5aa261c50f67165d -Author: Paul Eggert -Date: Sat Oct 29 21:04:40 2016 -0700 - - When extracting, skip ".." members - - * NEWS: Document this. - * src/extract.c (extract_archive): Skip members whose names - contain "..". - -diff --git a/src/extract.c b/src/extract.c -index f982433..7904148 100644 ---- a/src/extract.c -+++ b/src/extract.c -@@ -1629,12 +1629,20 @@ extract_archive (void) - { - char typeflag; - tar_extractor_t fun; -+ bool skip_dotdot_name; - - fatal_exit_hook = extract_finish; - - set_next_block_after (current_header); - -+ skip_dotdot_name = (!absolute_names_option -+ && contains_dot_dot (current_stat_info.orig_file_name)); -+ if (skip_dotdot_name) -+ ERROR ((0, 0, _("%s: Member name contains '..'"), -+ quotearg_colon (current_stat_info.orig_file_name))); -+ - if (!current_stat_info.file_name[0] -+ || skip_dotdot_name - || (interactive_option - && !confirm ("extract", current_stat_info.file_name))) - { diff --git a/pkgs/tools/archivers/gnutar/default.nix b/pkgs/tools/archivers/gnutar/default.nix index 447ef1f623f..4677ee45afb 100644 --- a/pkgs/tools/archivers/gnutar/default.nix +++ b/pkgs/tools/archivers/gnutar/default.nix @@ -2,15 +2,13 @@ stdenv.mkDerivation rec { name = "gnutar-${version}"; - version = "1.29"; + version = "1.30"; src = fetchurl { url = "mirror://gnu/tar/tar-${version}.tar.xz"; - sha256 = "097hx7sbzp8qirl4m930lw84kn0wmxhmq7v1qpra3mrg0b8cyba0"; + sha256 = "1lyjyk8z8hdddsxw0ikchrsfg3i0x3fsh7l63a8jgaz1n7dr5gzi"; }; - patches = [ ./CVE-2016-6321.patch ]; - # avoid retaining reference to CF during stdenv bootstrap configureFlags = stdenv.lib.optionals stdenv.isDarwin [ "gt_cv_func_CFPreferencesCopyAppValue=no"