commit bba5d625fbd08a8016a648c66655e3b2ef4dfee4 · tjh.dev/nixpkgs

tjh.dev / nixpkgs

Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)

fork atom

gnutar: 1.29 -> 1.30

Dan Peebles 8 years ago bba5d625 b29c78df

+2 -39

2 changed files

expand all

unified split

pkgs

tools

archivers

gnutar

CVE-2016-6321.patch

default.nix

-35

pkgs/tools/archivers/gnutar/CVE-2016-6321.patch

··· 1 - commit 7340f67b9860ea0531c1450e5aa261c50f67165d 2 - Author: Paul Eggert <eggert@Penguin.CS.UCLA.EDU> 3 - Date: Sat Oct 29 21:04:40 2016 -0700 4 - 5 - When extracting, skip ".." members 6 - 7 - * NEWS: Document this. 8 - * src/extract.c (extract_archive): Skip members whose names 9 - contain "..". 10 - 11 - diff --git a/src/extract.c b/src/extract.c 12 - index f982433..7904148 100644 13 - --- a/src/extract.c 14 - +++ b/src/extract.c 15 - @@ -1629,12 +1629,20 @@ extract_archive (void) 16 - { 17 - char typeflag; 18 - tar_extractor_t fun; 19 - + bool skip_dotdot_name; 20 - 21 - fatal_exit_hook = extract_finish; 22 - 23 - set_next_block_after (current_header); 24 - 25 - + skip_dotdot_name = (!absolute_names_option 26 - + && contains_dot_dot (current_stat_info.orig_file_name)); 27 - + if (skip_dotdot_name) 28 - + ERROR ((0, 0, _("%s: Member name contains '..'"), 29 - + quotearg_colon (current_stat_info.orig_file_name))); 30 - + 31 - if (!current_stat_info.file_name[0] 32 - + || skip_dotdot_name 33 - || (interactive_option 34 - && !confirm ("extract", current_stat_info.file_name))) 35 - {

···

+2 -4

pkgs/tools/archivers/gnutar/default.nix

··· 2 3 stdenv.mkDerivation rec { 4 name = "gnutar-${version}"; 5 - version = "1.29"; 6 7 src = fetchurl { 8 url = "mirror://gnu/tar/tar-${version}.tar.xz"; 9 - sha256 = "097hx7sbzp8qirl4m930lw84kn0wmxhmq7v1qpra3mrg0b8cyba0"; 10 }; 11 - 12 - patches = [ ./CVE-2016-6321.patch ]; 13 14 # avoid retaining reference to CF during stdenv bootstrap 15 configureFlags = stdenv.lib.optionals stdenv.isDarwin [

··· 2 3 stdenv.mkDerivation rec { 4 name = "gnutar-${version}"; 5 + version = "1.30"; 6 7 src = fetchurl { 8 url = "mirror://gnu/tar/tar-${version}.tar.xz"; 9 + sha256 = "1lyjyk8z8hdddsxw0ikchrsfg3i0x3fsh7l63a8jgaz1n7dr5gzi"; 10 }; 11 12 # avoid retaining reference to CF during stdenv bootstrap 13 configureFlags = stdenv.lib.optionals stdenv.isDarwin [