Update to 1.10.5 (CVE-2021-41133)

Resolves: #2012862
This commit is contained in:
Debarshi Ray 2021-10-26 04:07:21 +02:00
parent f1aa71e084
commit f3899ab853
5 changed files with 40 additions and 39 deletions

1
.gitignore vendored
View File

@ -93,3 +93,4 @@
/flatpak-1.10.1.tar.xz /flatpak-1.10.1.tar.xz
/flatpak-1.10.2.tar.xz /flatpak-1.10.2.tar.xz
/flatpak-1.10.3.tar.xz /flatpak-1.10.3.tar.xz
/flatpak-1.10.5.tar.xz

View File

@ -0,0 +1,31 @@
From 24485224223b8ed41976ead5801cb04c4d961f93 Mon Sep 17 00:00:00 2001
From: Simon McVittie <smcv@collabora.com>
Date: Fri, 8 Oct 2021 19:00:13 +0100
Subject: [PATCH] Fix handling of syscalls only allowed by --devel
This was incorrectly looking at errno instead of -r.
Fixes: 0b38b0f0 "run: Handle unknown syscalls as intended"
Signed-off-by: Simon McVittie <smcv@collabora.com>
(cherry picked from commit 3fc8c672676ae016f8e7cc90481b2feecbad9861)
(cherry picked from commit 97e128c2c1520202486b5e165e1734cbb421568a)
---
common/flatpak-run.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/common/flatpak-run.c b/common/flatpak-run.c
index 6142daafa56d..4048476bf455 100644
--- a/common/flatpak-run.c
+++ b/common/flatpak-run.c
@@ -2992,7 +2992,7 @@ setup_seccomp (FlatpakBwrap *bwrap,
r = seccomp_rule_add (seccomp, SCMP_ACT_ERRNO (errnum), scall, 0);
/* See above for the meaning of EFAULT. */
- if (errno == EFAULT)
+ if (r == -EFAULT)
flatpak_debug2 ("Unable to block syscall %d: syscall not known to libseccomp?",
scall);
else if (r < 0)
--
2.31.1

View File

@ -1,34 +0,0 @@
From adbd286cef9a4c4bed76eb95337d5d6f5e42dd45 Mon Sep 17 00:00:00 2001
From: Kalev Lember <klember@redhat.com>
Date: Mon, 5 Apr 2021 10:40:26 +0200
Subject: [PATCH] OCI: Switch to pax format for tar archives
For reasons unknown, libarchive appears to generate broken gnutar format
tar archives when the archive contains files that are larger than 2 GB.
This commit switches to the pax format to work this around.
This should be a better default as it also removes 256 char filename
length limitation and matches what other libraries are doing, e.g.
Python 3.8 switched to the pax format by default as well.
See https://pagure.io/fedora-infrastructure/issue/9840
---
common/flatpak-oci-registry.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/common/flatpak-oci-registry.c b/common/flatpak-oci-registry.c
index 6aa68c27..2a7f3ba1 100644
--- a/common/flatpak-oci-registry.c
+++ b/common/flatpak-oci-registry.c
@@ -1476,7 +1476,7 @@ flatpak_oci_registry_write_layer (FlatpakOciRegistry *self,
}
a = archive_write_new ();
- if (archive_write_set_format_gnutar (a) != ARCHIVE_OK ||
+ if (archive_write_set_format_pax (a) != ARCHIVE_OK ||
archive_write_add_filter_none (a) != ARCHIVE_OK)
{
propagate_libarchive_error (error, a);
--
2.30.2

View File

@ -2,7 +2,7 @@
%global ostree_version 2020.8 %global ostree_version 2020.8
Name: flatpak Name: flatpak
Version: 1.10.3 Version: 1.10.5
Release: 1%{?dist} Release: 1%{?dist}
Summary: Application deployment framework for desktop apps Summary: Application deployment framework for desktop apps
@ -12,9 +12,8 @@ Source0: https://github.com/flatpak/flatpak/releases/download/%{version}/
# Add Fedora flatpak repositories # Add Fedora flatpak repositories
Source1: flatpak-add-fedora-repos.service Source1: flatpak-add-fedora-repos.service
# https://github.com/flatpak/flatpak/pull/4210 # https://github.com/flatpak/flatpak/pull/4473
# https://pagure.io/fedora-infrastructure/issue/9840 Patch0: 0001-Fix-handling-of-syscalls-only-allowed-by-devel.patch
Patch0: 0001-OCI-Switch-to-pax-format-for-tar-archives.patch
BuildRequires: pkgconfig(appstream-glib) BuildRequires: pkgconfig(appstream-glib)
BuildRequires: pkgconfig(dconf) BuildRequires: pkgconfig(dconf)
@ -268,6 +267,10 @@ fi
%changelog %changelog
* Tue Oct 26 2021 Debarshi Ray <rishi@fedoraproject.org> - 1.10.5-1
- Update to 1.10.5 (CVE-2021-41133)
Resolves: #2012862
* Wed Sep 22 2021 Debarshi Ray <rishi@fedoraproject.org> - 1.10.3-1 * Wed Sep 22 2021 Debarshi Ray <rishi@fedoraproject.org> - 1.10.3-1
- Update to 1.10.3 - Update to 1.10.3
Resolves: #2006554 Resolves: #2006554

View File

@ -1 +1 @@
SHA512 (flatpak-1.10.3.tar.xz) = ff51383d4ead0f39926125eec706e5a4d38a739874a9d499adf432cfa05685643cfa411f7a247c8512ec10af8440deda0be06f4cc0808e8ba80941b07e49b633 SHA512 (flatpak-1.10.5.tar.xz) = 8c2e365ce442a092c15178a8b39daecf21bfe162078c9a323e68d53194413f174e329812dd01d8da6bbfba3b0087aeb4d92a44067df3f6fa0253e33014d138ae