[SECURITY] Fedora 30 Update: xar-1.8.0.417.1-1.fc30

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2020-bbd24dd0cf 2020-02-03 01:02:24.438509 -------------------------------------------------------------------------------- Name : xar Product : Fedora 30 Version : 1.8.0.417.1 Release : 1.fc30 URL : https://opensource.apple.com/source/xar Summary : The eXtensible ARchiver Description : The XAR project aims to provide an easily extensible archive format. Important design decisions include an easily extensible XML table of contents for random access to archived files, storing the toc at the beginning of the archive to allow for efficient handling of streamed archives, the ability to handle files of arbitrarily large sizes, the ability to choose independent encodings for individual files in the archive, the ability to store checksums for individual files in both compressed and uncompressed form, and the ability to query the table of content's rich meta-data. -------------------------------------------------------------------------------- Update Information: - Use Apple upstream instead of non-fresh Github one - New upstream in 1.8 dev branch with 417.1 subversion - Close CVE-2018-17093 - Close CVE-2018-17094 - Close CVE-2017-11124 - Close CVE-2017-11125 - Close CVE-2010-3798 - Use license macro - Add OpenSSL To Configuration -------------------------------------------------------------------------------- ChangeLog: * Sat Jan 25 2020 Mosaab Alzoubi <moceap[AT]hotmail[DOT]com> - 1.8.0.417.1-1 - Use Apple upstream instead of non-fresh Github one - New upstream in 1.8 dev branch with 417.1 subversion - Close CVE-2018-17093 - Close CVE-2018-17094 - Close CVE-2017-11124 - Close CVE-2017-11125 - Close CVE-2010-3798 - Use license macro - Add OpenSSL To Configuration * Wed Jan 1 2020 Mosaab Alzoubi <moceap[AT]hotmail[DOT]com> - 1.6.1-1 - Update to 1.6.1 - Change upstream - Exclude CVE-2010-0055 patch, includes in upstream - Exclude norpath patch, using sed - Pass FTBFS state #1676224 - General clean of the spec - Use Fedora guide lines in Source URL * Sun Feb 3 2019 Fedora Release Engineering <releng(a)fedoraproject.org&gt; - 1.5.2-21 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild * Sat Jul 14 2018 Fedora Release Engineering <releng(a)fedoraproject.org&gt; - 1.5.2-20 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Fri Feb 9 2018 Fedora Release Engineering <releng(a)fedoraproject.org&gt; - 1.5.2-19 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #654486 - CVE-2010-3798 xar: arbitrary code execution via crafted xar archive [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=654486 [ 2 ] Bug #1470073 - CVE-2017-11124 CVE-2017-11125 xar: Multiple vulnerabilities [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1470073 [ 3 ] Bug #1629651 - CVE-2018-17093 CVE-2018-17094 xar: Two NULL pointer dereference issues [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1629651 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-bbd24dd0cf' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------