diff --git a/component/tar/buildout.cfg b/component/tar/buildout.cfg
index 9613b7077f1aeb712dc9f7e6ce2530c0066fd7e3..c43a7aa149b9129fdbd6fe47702b03f313846633 100644
--- a/component/tar/buildout.cfg
+++ b/component/tar/buildout.cfg
@@ -1,17 +1,13 @@
 [buildout]
 extends =
-  ../patch/buildout.cfg
+  ../xz-utils/buildout.cfg
 
 parts = tar
 
 [tar]
-patch-options = -p1
-patches =
-  ${:_profile_base_location_}/tar-drop.gets.patch#9352820566aa3534a04bd269c9f89f48
-
 recipe = slapos.recipe.cmmi
-url = http://ftp.gnu.org/gnu/tar/tar-1.26.tar.gz
-md5sum = 00d1e769c6af702c542cca54b728920d
+url = http://ftp.gnu.org/gnu/tar/tar-1.29.tar.xz
+md5sum = a1802fec550baaeecff6c381629653ef
 environment =
   FORCE_UNSAFE_CONFIGURE=1
-  PATH=${patch:location}/bin:%(PATH)s
+  PATH=${xz-utils:location}/bin:%(PATH)s
diff --git a/component/tar/tar-drop.gets.patch b/component/tar/tar-drop.gets.patch
deleted file mode 100644
index 1a4f4d8863671aaeff9e9496cab19a08f0b4c347..0000000000000000000000000000000000000000
--- a/component/tar/tar-drop.gets.patch
+++ /dev/null
@@ -1,14 +0,0 @@
-diff -ur tar-1.26.orig/gnu/stdio.in.h tar-1.26/gnu/stdio.in.h
---- tar-1.26.orig/gnu/stdio.in.h	2011-03-12 10:14:33.000000000 +0100
-+++ tar-1.26/gnu/stdio.in.h	2012-08-24 15:35:22.299190847 +0200
-@@ -164,7 +164,10 @@
-    so any use of gets warrants an unconditional warning.  Assume it is
-    always declared, since it is required by C89.  */
- #undef gets
-+#if defined(__GLIBC__) && !defined(__UCLIBC__) && !__GLIBC_PREREQ(2, 16)
- _GL_WARN_ON_USE (gets, "gets is a security hole - use fgets instead");
-+#endif
-+
- 
- #if @GNULIB_FOPEN@
- # if @REPLACE_FOPEN@