From 1045f6590d9a8ccf352054ab6f0d29f350de8c72 Mon Sep 17 00:00:00 2001
From: Jonathan Wright <jonathan@almalinux.org>
Date: Tue, 7 May 2024 09:20:57 -0500
Subject: [PATCH] Fixes CVE-2024-32462

---
 flatpak.spec | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/flatpak.spec b/flatpak.spec
index 841a1a0..3db264b 100644
--- a/flatpak.spec
+++ b/flatpak.spec
@@ -3,7 +3,7 @@
 
 Name:           flatpak
 Version:        1.12.8
-Release:        1%{?dist}
+Release:        1%{?dist}.alma.1
 Summary:        Application deployment framework for desktop apps
 
 License:        LGPLv2+
@@ -17,6 +17,9 @@ Source1:        flatpak-add-fedora-repos.service
 
 # https://bugzilla.redhat.com/show_bug.cgi?id=1935508
 Patch0:         flatpak-dir-Use-SHA256-not-SHA1-to-name-the-cache-for-a-filt.patch
+# https://github.com/flatpak/flatpak/security/advisories/GHSA-phv6-cpc2-2fgj
+# https://github.com/flatpak/flatpak/commit/81abe2a37d363f5099c3d0bdcd0caad6efc5bf97
+Patch1:         flatpak-cve-2024-32462.patch
 
 BuildRequires:  pkgconfig(appstream-glib)
 BuildRequires:  pkgconfig(dconf)
@@ -276,6 +279,9 @@ fi
 
 
 %changelog
+* Tue Apr 30 2024 Jonathan Wright <jonathan@almalinux.org> - 1.12.8-1.alma.1
+- Fix CVE-2024-32462
+
 * Tue Jul 11 2023 Debarshi Ray <rishi@fedoraproject.org> - 1.12.8-1
 - Update to 1.12.8 (CVE-2023-28100, CVE-2023-28101)
 Resolves: #2180312, #2221792