diff --git a/pkgs/tools/archivers/gnutar/CVE-2016-6321.patch b/pkgs/tools/archivers/gnutar/CVE-2016-6321.patch deleted file mode 100644 index c53d92891fc4..000000000000 --- a/pkgs/tools/archivers/gnutar/CVE-2016-6321.patch +++ /dev/null @@ -1,35 +0,0 @@ -commit 7340f67b9860ea0531c1450e5aa261c50f67165d -Author: Paul Eggert -Date: Sat Oct 29 21:04:40 2016 -0700 - - When extracting, skip ".." members - - * NEWS: Document this. - * src/extract.c (extract_archive): Skip members whose names - contain "..". - -diff --git a/src/extract.c b/src/extract.c -index f982433..7904148 100644 ---- a/src/extract.c -+++ b/src/extract.c -@@ -1629,12 +1629,20 @@ extract_archive (void) - { - char typeflag; - tar_extractor_t fun; -+ bool skip_dotdot_name; - - fatal_exit_hook = extract_finish; - - set_next_block_after (current_header); - -+ skip_dotdot_name = (!absolute_names_option -+ && contains_dot_dot (current_stat_info.orig_file_name)); -+ if (skip_dotdot_name) -+ ERROR ((0, 0, _("%s: Member name contains '..'"), -+ quotearg_colon (current_stat_info.orig_file_name))); -+ - if (!current_stat_info.file_name[0] -+ || skip_dotdot_name - || (interactive_option - && !confirm ("extract", current_stat_info.file_name))) - { diff --git a/pkgs/tools/archivers/gnutar/default.nix b/pkgs/tools/archivers/gnutar/default.nix index 447ef1f623fc..4677ee45afb2 100644 --- a/pkgs/tools/archivers/gnutar/default.nix +++ b/pkgs/tools/archivers/gnutar/default.nix @@ -2,15 +2,13 @@ stdenv.mkDerivation rec { name = "gnutar-${version}"; - version = "1.29"; + version = "1.30"; src = fetchurl { url = "mirror://gnu/tar/tar-${version}.tar.xz"; - sha256 = "097hx7sbzp8qirl4m930lw84kn0wmxhmq7v1qpra3mrg0b8cyba0"; + sha256 = "1lyjyk8z8hdddsxw0ikchrsfg3i0x3fsh7l63a8jgaz1n7dr5gzi"; }; - patches = [ ./CVE-2016-6321.patch ]; - # avoid retaining reference to CF during stdenv bootstrap configureFlags = stdenv.lib.optionals stdenv.isDarwin [ "gt_cv_func_CFPreferencesCopyAppValue=no"