| blob | 0aab9e7b0db7d2d5d5424addb282a39b61f860c3 |
1 {
2 lib,
3 stdenv,
4 fetchgit,
5 fetchpatch,
6 autoreconfHook,
7 }:
9 stdenv.mkDerivation rec {
10 version = "1.2.20";
11 pname = "libtar";
13 # Maintenance repo for libtar (Arch Linux uses this)
14 src = fetchgit {
15 url = "git://repo.or.cz/libtar.git";
16 tag = "v${version}";
17 sha256 = "1pjsqnqjaqgkzf1j8m6y5h76bwprffsjjj6gk8rh2fjsha14rqn9";
18 };
20 patches =
21 let
22 fp =
23 name: sha256:
24 fetchpatch {
25 url = "https://sources.debian.net/data/main/libt/libtar/1.2.20-4/debian/patches/${name}.patch";
26 inherit sha256;
27 };
28 in
29 [
30 (fetchpatch {
31 name = "no_static_buffers.patch";
32 url = "https://src.fedoraproject.org/rpms/libtar/raw/e25b692fc7ceaa387dafb865b472510754f51bd2/f/libtar-1.2.20-no-static-buffer.patch";
33 sha256 = "sha256-QcWOgdkNlALb+YDVneT1zCNAMf4d8IUm2kUUUy2VvJs=";
34 })
35 (fp "no_maxpathlen" "11riv231wpbdb1cm4nbdwdsik97wny5sxcwdgknqbp61ibk572b7")
36 (fp "CVE-2013-4420" "0d010190bqgr2ggy02qwxvjaymy9a22jmyfwdfh4086v876cbxpq")
37 (fp "th_get_size-unsigned-int" "1ravbs5yrfac98mnkrzciw9hd2fxq4dc07xl3wx8y2pv1bzkwm41")
38 (fetchpatch {
39 name = "CVE-2021-33643_CVE-2021-33644.patch";
40 url = "https://src.fedoraproject.org/rpms/libtar/raw/e25b692fc7ceaa387dafb865b472510754f51bd2/f/libtar-1.2.20-CVE-2021-33643-CVE-2021-33644.patch";
41 sha256 = "sha256-HdjotTvKJNntkdcV+kR08Ht/MyNeB6qUT0qo67BBOVA=";
42 })
43 (fetchpatch {
44 name = "CVE-2021-33645_CVE-2021-33646_CVE-2021-33640.patch";
45 url = "https://src.fedoraproject.org/rpms/libtar/raw/e25b692fc7ceaa387dafb865b472510754f51bd2/f/libtar-1.2.20-CVE-2021-33645-CVE-2021-33646.patch";
46 sha256 = "sha256-p9DEFAL5Y+Ldy5c9Wj9h/BSg4TDxIxCjCQJD+wGQ7oI=";
47 })
48 ];
50 nativeBuildInputs = [ autoreconfHook ];
52 meta = with lib; {
53 description = "C library for manipulating POSIX tar files";
54 mainProgram = "libtar";
55 homepage = "https://repo.or.cz/libtar";
56 license = licenses.bsd3;
57 platforms = with platforms; linux ++ darwin;
58 maintainers = [ maintainers.bjornfor ];
59 };
60 }