flatpak/SOURCES/flatpak-1.0.6-CVE-2019-10063.patch

From 77f076712949c13b9bcecc02d043cbd6de6e291e Mon Sep 17 00:00:00 2001
From: Ryan Gonzalez <rymg19@gmail.com>
Date: Mon, 25 Mar 2019 13:00:15 -0500
Subject: [PATCH] run: Only compare the lowest 32 ioctl arg bits for TIOCSTI

Closes #2782.

Closes: #2783
Approved by: alexlarsson
---
 common/flatpak-run.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/common/flatpak-run.c b/common/flatpak-run.c
index 90b435fe..d1acd9f2 100644
--- a/common/flatpak-run.c
+++ b/common/flatpak-run.c
@@ -2147,7 +2147,7 @@ setup_seccomp (FlatpakBwrap   *bwrap,
     {SCMP_SYS (clone), &SCMP_A0 (SCMP_CMP_MASKED_EQ, CLONE_NEWUSER, CLONE_NEWUSER)},
 
     /* Don't allow faking input to the controlling tty (CVE-2017-5226) */
-    {SCMP_SYS (ioctl), &SCMP_A1 (SCMP_CMP_EQ, (int) TIOCSTI)},
+    {SCMP_SYS (ioctl), &SCMP_A1 (SCMP_CMP_MASKED_EQ, 0xFFFFFFFFu, (int) TIOCSTI)},
   };
 
   struct
-- 
2.21.0
import flatpak-1.0.6-4.el8 2019-08-06 19:25:30 +00:00			`From 77f076712949c13b9bcecc02d043cbd6de6e291e Mon Sep 17 00:00:00 2001`
			`From: Ryan Gonzalez <rymg19@gmail.com>`
			`Date: Mon, 25 Mar 2019 13:00:15 -0500`
			`Subject: [PATCH] run: Only compare the lowest 32 ioctl arg bits for TIOCSTI`

			`Closes #2782.`

			`Closes: #2783`
			`Approved by: alexlarsson`
			`---`
			`common/flatpak-run.c \| 2 +-`
			`1 file changed, 1 insertion(+), 1 deletion(-)`

			`diff --git a/common/flatpak-run.c b/common/flatpak-run.c`
			`index 90b435fe..d1acd9f2 100644`
			`--- a/common/flatpak-run.c`
			`+++ b/common/flatpak-run.c`
			`@@ -2147,7 +2147,7 @@ setup_seccomp (FlatpakBwrap *bwrap,`
			`{SCMP_SYS (clone), &SCMP_A0 (SCMP_CMP_MASKED_EQ, CLONE_NEWUSER, CLONE_NEWUSER)},`

			`/* Don't allow faking input to the controlling tty (CVE-2017-5226) */`
			`- {SCMP_SYS (ioctl), &SCMP_A1 (SCMP_CMP_EQ, (int) TIOCSTI)},`
			`+ {SCMP_SYS (ioctl), &SCMP_A1 (SCMP_CMP_MASKED_EQ, 0xFFFFFFFFu, (int) TIOCSTI)},`
			`};`

			`struct`
			`--`
			`2.21.0`