From d95a0b07065a6cde65cfb94e5581024696883610 Mon Sep 17 00:00:00 2001
From: Alessio Sergi <al3hex@gmail.com>
Date: Sat, 29 Oct 2016 21:13:23 +0200
Subject: [PATCH] tar: add patch for CVE-2016-6321

---
 .../tar-1.29-extract-pathname-bypass.patch    | 27 +++++++++++++++++++
 srcpkgs/tar/template                          |  2 +-
 2 files changed, 28 insertions(+), 1 deletion(-)
 create mode 100644 srcpkgs/tar/patches/tar-1.29-extract-pathname-bypass.patch

diff --git a/srcpkgs/tar/patches/tar-1.29-extract-pathname-bypass.patch b/srcpkgs/tar/patches/tar-1.29-extract-pathname-bypass.patch
new file mode 100644
index 0000000000..cf0c3725b9
--- /dev/null
+++ b/srcpkgs/tar/patches/tar-1.29-extract-pathname-bypass.patch
@@ -0,0 +1,27 @@
+--- lib/paxnames.c.orig	2016-04-06 00:04:47.314860045 +0300
++++ lib/paxnames.c	2016-04-06 02:08:44.962297881 +0300
+@@ -18,6 +18,7 @@
+ #include <system.h>
+ #include <hash.h>
+ #include <paxlib.h>
++#include <quotearg.h>
+ 
+ 
+ /* Hash tables of strings.  */
+@@ -114,7 +115,15 @@
+       for (p = file_name + prefix_len; *p; )
+ 	{
+           if (p[0] == '.' && p[1] == '.' && (ISSLASH (p[2]) || !p[2]))
+-	    prefix_len = p + 2 - file_name;
++            {
++	      static char const *const diagnostic[] =
++	      {
++		N_("%s: Member name contains '..'"),
++		N_("%s: Hard link target contains '..'")
++	      };
++	      ERROR ((0, 0, _(diagnostic[link_target]),
++	              quotearg_colon (file_name)));
++	    }
+ 
+ 	  do
+ 	    {
diff --git a/srcpkgs/tar/template b/srcpkgs/tar/template
index 31fddbb329..19d4c414ed 100644
--- a/srcpkgs/tar/template
+++ b/srcpkgs/tar/template
@@ -1,7 +1,7 @@
 # Template build file for 'tar'.
 pkgname=tar
 version=1.29
-revision=1
+revision=2
 bootstrap=yes
 build_style=gnu-configure
 configure_args="gl_cv_struct_dirent_d_ino=yes"