deleted file mode 100644
@@ -1,33 +0,0 @@
-From 3da78400eafcccb97e2f2fd4b227ea40d794ede8 Mon Sep 17 00:00:00 2001
-From: Sergey Poznyakoff <gray@gnu.org>
-Date: Sat, 11 Feb 2023 11:57:39 +0200
-Subject: [PATCH] Fix boundary checking in base-256 decoder
-
-* src/list.c (from_header): Base-256 encoding is at least 2 bytes
-long.
-
-Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
-Upstream: https://git.savannah.gnu.org/cgit/tar.git/commit/?id=3da78400eafcccb97e2f2fd4b227ea40d794ede8
----
- src/list.c | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/src/list.c b/src/list.c
-index 9fafc425..86bcfdd1 100644
---- a/src/list.c
-+++ b/src/list.c
-@@ -881,8 +881,9 @@ from_header (char const *where0, size_t digs, char const *type,
- where++;
- }
- }
-- else if (*where == '\200' /* positive base-256 */
-- || *where == '\377' /* negative base-256 */)
-+ else if (where <= lim - 2
-+ && (*where == '\200' /* positive base-256 */
-+ || *where == '\377' /* negative base-256 */))
- {
- /* Parse base-256 output. A nonnegative number N is
- represented as (256**DIGS)/2 + N; a negative number -N is
-2.39.2
-
@@ -1,4 +1,4 @@
# Locally calculated after checking signature
-sha256 63bebd26879c5e1eea4352f0d03c991f966aeb3ddeb3c7445c902568d5411d28 tar-1.34.tar.xz
-sha256 51337b19c71df92cd4f51c50efe4dc6ddc267d31fd54679be9e9bc2e6ce8132b tar-1.34.cpio.gz
-sha256 8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903 COPYING
+sha256 4d62ff37342ec7aed748535323930c7cf94acf71c3591882b26a7ea50f3edc16 tar-1.35.tar.xz
+sha256 c77a38fcf25b21fd8209d20d35638744344ded239cfc7df80138bf46d3c6b16d tar-1.35.cpio.gz
+sha256 3972dc9744f6499f0f9b2dbf76696f2ae7ad8af9b23dde66d6af86c9dfb36986 COPYING
@@ -4,20 +4,24 @@
#
################################################################################
-TAR_VERSION = 1.34
+TAR_VERSION = 1.35
TAR_SOURCE = tar-$(TAR_VERSION).tar.xz
TAR_SITE = $(BR2_GNU_MIRROR)/tar
-# busybox installs in /bin, so we need tar to install as well in /bin
-# so that we don't end up with two different tar
-TAR_CONF_OPTS = --exec-prefix=/
TAR_LICENSE = GPL-3.0+
TAR_LICENSE_FILES = COPYING
TAR_CPE_ID_VENDOR = gnu
TAR_DEPENDENCIES = $(TARGET_NLS_DEPENDENCIES)
TAR_CONF_ENV = LIBS=$(TARGET_NLS_LIBS)
-# 0002-Fix-boundary-checking-in-base-256-decoder.patch
-TAR_IGNORE_CVES += CVE-2022-48303
+# busybox installs in /bin, so we need tar to install as well in /bin
+# so that we don't end up with two different tar
+#
+# --disable-year2038: tells the configure script to not abort if the
+# system is not Y2038 compliant. tar will support year2038 if the
+# system is compliant even with this option passed
+TAR_CONF_OPTS = \
+ --exec-prefix=/ \
+ --disable-year2038
ifeq ($(BR2_PACKAGE_ACL),y)
TAR_DEPENDENCIES += acl