From 786fbbc8dd54b7647587c47dfe9dd264a84fa11e Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Jun 12 2018 14:39:08 +0000 Subject: import rh-maven33-plexus-archiver-2.4.2-5.1.el7 --- diff --git a/SOURCES/0001-fix-fail-when-trying-to-extract-outside-of-dest-dir.patch b/SOURCES/0001-fix-fail-when-trying-to-extract-outside-of-dest-dir.patch new file mode 100644 index 0000000..a9ce718 Binary files /dev/null and b/SOURCES/0001-fix-fail-when-trying-to-extract-outside-of-dest-dir.patch differ diff --git a/SPECS/plexus-archiver.spec b/SPECS/plexus-archiver.spec index ac03a33..3914d04 100644 --- a/SPECS/plexus-archiver.spec +++ b/SPECS/plexus-archiver.spec @@ -34,13 +34,15 @@ Name: %{?scl_prefix}%{pkg_name} Version: 2.4.2 -Release: 4.12%{?dist} +Release: 5.1%{?dist} Epoch: 0 Summary: Plexus Archiver Component License: ASL 2.0 URL: http://plexus.codehaus.org/plexus-components/plexus-archiver/ Source0: https://github.com/sonatype/%{pkg_name}/archive/%{pkg_name}-%{version}.tar.gz +Patch0: 0001-fix-fail-when-trying-to-extract-outside-of-dest-dir.patch + BuildArch: noarch BuildRequires: %{?scl_prefix}maven-local @@ -68,6 +70,7 @@ Javadoc for %{pkg_name}. %prep %setup -q -n %{pkg_name}-%{pkg_name}-%{version} +%patch0 -p1 %{?scl:scl enable %{scl} - <<"EOF"} set -e -x %mvn_file :%{pkg_name} plexus/archiver @@ -94,6 +97,10 @@ set -e -x %doc LICENSE %changelog +* Fri Jun 1 2018 Mikolaj Izdebski - 0:2.4.2-5.1 +- Fix arbitrary file write vulnerability +- Resolves: CVE-2018-1002200 + * Mon Feb 08 2016 Michal Srb - 0:2.4.2-4.12 - Fix BR on maven-local & co.