1 files changed, 51 insertions, 0 deletions
diff --git a/nixpkgs/pkgs/development/libraries/libtar/default.nix b/nixpkgs/pkgs/development/libraries/libtar/default.nix
new file mode 100644
index 000000000000..c6c89ecb4f08
--- /dev/null
+++ b/nixpkgs/pkgs/development/libraries/libtar/default.nix
@@ -0,0 +1,51 @@
+{ lib, stdenv, fetchgit, fetchpatch, autoreconfHook }:
+
+stdenv.mkDerivation rec {
+  version = "1.2.20";
+  pname = "libtar";
+
+  # Maintenance repo for libtar (Arch Linux uses this)
+  src = fetchgit {
+    url = "git://repo.or.cz/libtar.git";
+    rev = "refs/tags/v${version}";
+    sha256 = "1pjsqnqjaqgkzf1j8m6y5h76bwprffsjjj6gk8rh2fjsha14rqn9";
+  };
+
+  patches = let
+    fp =  name: sha256:
+      fetchpatch {
+        url = "https://sources.debian.net/data/main/libt/libtar/1.2.20-4/debian/patches/${name}.patch";
+        inherit sha256;
+      };
+    in [
+      (fetchpatch {
+        name = "no_static_buffers.patch";
+        url = "https://src.fedoraproject.org/rpms/libtar/raw/e25b692fc7ceaa387dafb865b472510754f51bd2/f/libtar-1.2.20-no-static-buffer.patch";
+        sha256 = "sha256-QcWOgdkNlALb+YDVneT1zCNAMf4d8IUm2kUUUy2VvJs=";
+      })
+      (fp "no_maxpathlen"             "11riv231wpbdb1cm4nbdwdsik97wny5sxcwdgknqbp61ibk572b7")
+      (fp "CVE-2013-4420"             "0d010190bqgr2ggy02qwxvjaymy9a22jmyfwdfh4086v876cbxpq")
+      (fp "th_get_size-unsigned-int"  "1ravbs5yrfac98mnkrzciw9hd2fxq4dc07xl3wx8y2pv1bzkwm41")
+      (fetchpatch {
+        name = "CVE-2021-33643_CVE-2021-33644.patch";
+        url = "https://src.fedoraproject.org/rpms/libtar/raw/e25b692fc7ceaa387dafb865b472510754f51bd2/f/libtar-1.2.20-CVE-2021-33643-CVE-2021-33644.patch";
+        sha256 = "sha256-HdjotTvKJNntkdcV+kR08Ht/MyNeB6qUT0qo67BBOVA=";
+      })
+      (fetchpatch {
+        name = "CVE-2021-33645_CVE-2021-33646_CVE-2021-33640.patch";
+        url = "https://src.fedoraproject.org/rpms/libtar/raw/e25b692fc7ceaa387dafb865b472510754f51bd2/f/libtar-1.2.20-CVE-2021-33645-CVE-2021-33646.patch";
+        sha256 = "sha256-p9DEFAL5Y+Ldy5c9Wj9h/BSg4TDxIxCjCQJD+wGQ7oI=";
+      })
+    ];
+
+  nativeBuildInputs = [ autoreconfHook ];
+  buildInputs = [ ];
+
+  meta = with lib; {
+    description = "C library for manipulating POSIX tar files";
+    homepage = "https://repo.or.cz/libtar";
+    license = licenses.bsd3;
+    platforms = with platforms; linux ++ darwin;
+    maintainers = [ maintainers.bjornfor ];
+  };
+}