From e0e14ba4ffa9436b6702f1f74f3b67e666440689 Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Jun 12 2018 14:39:28 +0000
Subject: import rh-maven35-plexus-archiver-3.4-4.1.el7


---

diff --git a/SOURCES/0001-fix-fail-when-trying-to-extract-outside-of-dest-dir.patch b/SOURCES/0001-fix-fail-when-trying-to-extract-outside-of-dest-dir.patch
new file mode 100644
index 0000000..d7277e9
Binary files /dev/null and b/SOURCES/0001-fix-fail-when-trying-to-extract-outside-of-dest-dir.patch differ
diff --git a/SPECS/plexus-archiver.spec b/SPECS/plexus-archiver.spec
index 719a046..c54f2ab 100644
--- a/SPECS/plexus-archiver.spec
+++ b/SPECS/plexus-archiver.spec
@@ -3,7 +3,7 @@
 
 Name:           %{?scl_prefix}plexus-archiver
 Version:        3.4
-Release:        2.2%{?dist}
+Release:        4.1%{?dist}
 Epoch:          0
 Summary:        Plexus Archiver Component
 License:        ASL 2.0
@@ -12,6 +12,8 @@ BuildArch:      noarch
 
 Source0:        https://github.com/codehaus-plexus/plexus-archiver/archive/plexus-archiver-%{version}.tar.gz
 
+Patch0:         0001-fix-fail-when-trying-to-extract-outside-of-dest-dir.patch
+
 BuildRequires:  %{?scl_prefix}maven-local
 BuildRequires:  %{?scl_prefix}mvn(com.google.code.findbugs:jsr305)
 BuildRequires:  %{?scl_prefix}mvn(commons-io:commons-io)
@@ -43,6 +45,7 @@ Javadoc for %{pkg_name}.
 
 %prep
 %setup -q -n %{pkg_name}-%{pkg_name}-%{version}
+%patch0 -p1
 %mvn_file :%{pkg_name} plexus/archiver
 
 %build
@@ -58,6 +61,10 @@ Javadoc for %{pkg_name}.
 %license LICENSE
 
 %changelog
+* Fri Jun  1 2018 Mikolaj Izdebski <mizdebsk@redhat.com> - 0:3.4-4.1
+- Fix arbitrary file write vulnerability
+- Resolves: CVE-2018-1002200
+
 * Thu Jun 22 2017 Michael Simacek <msimacek@redhat.com> - 0:3.4-2.2
 - Mass rebuild 2017-06-22