diff --git a/pkgs/tools/archivers/gnutar/CVE-2016-6321.patch b/pkgs/tools/archivers/gnutar/CVE-2016-6321.patch new file mode 100644 index 000000000000..c53d92891fc4 --- /dev/null +++ b/pkgs/tools/archivers/gnutar/CVE-2016-6321.patch @@ -0,0 +1,35 @@ +commit 7340f67b9860ea0531c1450e5aa261c50f67165d +Author: Paul Eggert +Date: Sat Oct 29 21:04:40 2016 -0700 + + When extracting, skip ".." members + + * NEWS: Document this. + * src/extract.c (extract_archive): Skip members whose names + contain "..". + +diff --git a/src/extract.c b/src/extract.c +index f982433..7904148 100644 +--- a/src/extract.c ++++ b/src/extract.c +@@ -1629,12 +1629,20 @@ extract_archive (void) + { + char typeflag; + tar_extractor_t fun; ++ bool skip_dotdot_name; + + fatal_exit_hook = extract_finish; + + set_next_block_after (current_header); + ++ skip_dotdot_name = (!absolute_names_option ++ && contains_dot_dot (current_stat_info.orig_file_name)); ++ if (skip_dotdot_name) ++ ERROR ((0, 0, _("%s: Member name contains '..'"), ++ quotearg_colon (current_stat_info.orig_file_name))); ++ + if (!current_stat_info.file_name[0] ++ || skip_dotdot_name + || (interactive_option + && !confirm ("extract", current_stat_info.file_name))) + { diff --git a/pkgs/tools/archivers/gnutar/default.nix b/pkgs/tools/archivers/gnutar/default.nix index 16660fea3e72..80c84236b8db 100644 --- a/pkgs/tools/archivers/gnutar/default.nix +++ b/pkgs/tools/archivers/gnutar/default.nix @@ -9,7 +9,7 @@ stdenv.mkDerivation rec { sha256 = "097hx7sbzp8qirl4m930lw84kn0wmxhmq7v1qpra3mrg0b8cyba0"; }; - patches = [ ]; # FIXME: remove on another stdenv rebuild + patches = [ ./CVE-2016-6321.patch ]; # FIXME: remove on another stdenv rebuild # avoid retaining reference to CF during stdenv bootstrap configureFlags = stdenv.lib.optionals stdenv.isDarwin [