gnutar: 1.29 -> 1.30

pkgs/tools/archivers/gnutar/CVE-2016-6321.patch

@@ -1,35 +0,0 @@
-commit 7340f67b9860ea0531c1450e5aa261c50f67165d
-Author: Paul Eggert <eggert@Penguin.CS.UCLA.EDU>
-Date:   Sat Oct 29 21:04:40 2016 -0700
-
-    When extracting, skip ".." members
-    
-    * NEWS: Document this.
-    * src/extract.c (extract_archive): Skip members whose names
-    contain "..".
-
-diff --git a/src/extract.c b/src/extract.c
-index f982433..7904148 100644
---- a/src/extract.c
-+++ b/src/extract.c
-@@ -1629,12 +1629,20 @@ extract_archive (void)
- {
-   char typeflag;
-   tar_extractor_t fun;
-+  bool skip_dotdot_name;
- 
-   fatal_exit_hook = extract_finish;
- 
-   set_next_block_after (current_header);
- 
-+  skip_dotdot_name = (!absolute_names_option
-+		      && contains_dot_dot (current_stat_info.orig_file_name));
-+  if (skip_dotdot_name)
-+    ERROR ((0, 0, _("%s: Member name contains '..'"),
-+	    quotearg_colon (current_stat_info.orig_file_name)));
-+
-   if (!current_stat_info.file_name[0]
-+      || skip_dotdot_name
-       || (interactive_option
- 	  && !confirm ("extract", current_stat_info.file_name)))
-     {

pkgs/tools/archivers/gnutar/default.nix

@@ -2,15 +2,13 @@
 
 stdenv.mkDerivation rec {
   name = "gnutar-${version}";
-  version = "1.29";
+  version = "1.30";
 
   src = fetchurl {
     url = "mirror://gnu/tar/tar-${version}.tar.xz";
-    sha256 = "097hx7sbzp8qirl4m930lw84kn0wmxhmq7v1qpra3mrg0b8cyba0";
+    sha256 = "1lyjyk8z8hdddsxw0ikchrsfg3i0x3fsh7l63a8jgaz1n7dr5gzi";
   };
 
-  patches = [ ./CVE-2016-6321.patch ];
-
   # avoid retaining reference to CF during stdenv bootstrap
   configureFlags = stdenv.lib.optionals stdenv.isDarwin [
     "gt_cv_func_CFPreferencesCopyAppValue=no"