rpms/flatpak
7
0
Fork 1
Code Issues Pull Requests Releases Activity

import flatpak-1.10.5-1.el9

Browse Source
This commit is contained in:
CentOS Sources 2021-12-07 12:58:21 -05:00 committed by Stepan Oksanichenko
parent b4c89c2c63
commit 312b97f4c8
6 changed files with 45 additions and 169 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.flatpak.metadata
View File

@ -1 +1 @@
1cd25f8577ba55d1370652e9bd24e8a2d254143a SOURCES/flatpak-1.10.2.tar.xz d4d771e7bfa4ab275845cf7259f9b25784ccc095 SOURCES/flatpak-1.10.5.tar.xz

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/flatpak-1.10.2.tar.xz SOURCES/flatpak-1.10.5.tar.xz

31
SOURCES/0001-Fix-handling-of-syscalls-only-allowed-by-devel.patch Normal file
View File

@ -0,0 +1,31 @@
From 24485224223b8ed41976ead5801cb04c4d961f93 Mon Sep 17 00:00:00 2001
From: Simon McVittie <smcv@collabora.com>
Date: Fri, 8 Oct 2021 19:00:13 +0100
Subject: [PATCH] Fix handling of syscalls only allowed by --devel
This was incorrectly looking at errno instead of -r.
Fixes: 0b38b0f0 "run: Handle unknown syscalls as intended"
Signed-off-by: Simon McVittie <smcv@collabora.com>
(cherry picked from commit 3fc8c672676ae016f8e7cc90481b2feecbad9861)
(cherry picked from commit 97e128c2c1520202486b5e165e1734cbb421568a)
---
common/flatpak-run.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/common/flatpak-run.c b/common/flatpak-run.c
index 6142daafa56d..4048476bf455 100644
--- a/common/flatpak-run.c
+++ b/common/flatpak-run.c
@@ -2992,7 +2992,7 @@ setup_seccomp (FlatpakBwrap *bwrap,
r = seccomp_rule_add (seccomp, SCMP_ACT_ERRNO (errnum), scall, 0);
/* See above for the meaning of EFAULT. */
- if (errno == EFAULT)
+ if (r == -EFAULT)
flatpak_debug2 ("Unable to block syscall %d: syscall not known to libseccomp?",
scall);
else if (r < 0)
--
2.31.1

34
SOURCES/0001-OCI-Switch-to-pax-format-for-tar-archives.patch
View File

@ -1,34 +0,0 @@
From adbd286cef9a4c4bed76eb95337d5d6f5e42dd45 Mon Sep 17 00:00:00 2001
From: Kalev Lember <klember@redhat.com>
Date: Mon, 5 Apr 2021 10:40:26 +0200
Subject: [PATCH] OCI: Switch to pax format for tar archives
For reasons unknown, libarchive appears to generate broken gnutar format
tar archives when the archive contains files that are larger than 2 GB.
This commit switches to the pax format to work this around.
This should be a better default as it also removes 256 char filename
length limitation and matches what other libraries are doing, e.g.
Python 3.8 switched to the pax format by default as well.
See https://pagure.io/fedora-infrastructure/issue/9840
---
common/flatpak-oci-registry.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/common/flatpak-oci-registry.c b/common/flatpak-oci-registry.c
index 6aa68c27..2a7f3ba1 100644
--- a/common/flatpak-oci-registry.c
+++ b/common/flatpak-oci-registry.c
@@ -1476,7 +1476,7 @@ flatpak_oci_registry_write_layer (FlatpakOciRegistry *self,
}
a = archive_write_new ();
- if (archive_write_set_format_gnutar (a) != ARCHIVE_OK ||
+ if (archive_write_set_format_pax (a) != ARCHIVE_OK ||
archive_write_add_filter_none (a) != ARCHIVE_OK)
{
propagate_libarchive_error (error, a);
--
2.30.2

126
SOURCES/flatpak-1.10.2-system-helper-fix.patch
View File

@ -1,126 +0,0 @@
From 49e8bfcea516e96eb950109d0fa45811a352a517 Mon Sep 17 00:00:00 2001
From: Alexander Larsson <alexl@redhat.com>
Date: Wed, 17 Mar 2021 17:12:32 +0100
Subject: [PATCH] system-helper: Fix deploys of local remotes
For updates in remotes with a local (file:) uri we just do a deploy
with a LOCAL_PULL flag set and an empty arg_repo_path. However, our
arg_repo_path checking at some point seemed to stop properly handling
the case where it is empty. I got it to report "No such file" wich
broke the tests.
---
system-helper/flatpak-system-helper.c | 89 ++++++++++++++-------------
1 file changed, 46 insertions(+), 43 deletions(-)
diff --git a/system-helper/flatpak-system-helper.c b/system-helper/flatpak-system-helper.c
index b202c94105..adcfe61a86 100644
--- a/system-helper/flatpak-system-helper.c
+++ b/system-helper/flatpak-system-helper.c
@@ -410,61 +410,64 @@ handle_deploy (FlatpakSystemHelper *object,
return G_DBUS_METHOD_INVOCATION_HANDLED;
}
- src_dir = g_path_get_dirname (arg_repo_path);
- ongoing_pull = take_ongoing_pull_by_dir (src_dir);
- if (ongoing_pull != NULL)
+ if ((arg_flags & ~FLATPAK_HELPER_DEPLOY_FLAGS_ALL) != 0)
{
- g_autoptr(GError) local_error = NULL;
- uid_t uid;
+ g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR, G_DBUS_ERROR_INVALID_ARGS,
+ "Unsupported flags enabled: 0x%x", (arg_flags & ~FLATPAK_HELPER_DEPLOY_FLAGS_ALL));
+ return G_DBUS_METHOD_INVOCATION_HANDLED;
+ }
- /* Ensure that pull's uid is same as the caller's uid */
- if (!get_connection_uid (invocation, &uid, &local_error))
+ if (strlen (arg_repo_path) > 0)
+ {
+ if (!g_file_query_exists (repo_file, NULL))
{
- g_dbus_method_invocation_return_gerror (invocation, local_error);
+ g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR, G_DBUS_ERROR_INVALID_ARGS,
+ "Path does not exist");
return G_DBUS_METHOD_INVOCATION_HANDLED;
}
- else
+
+ src_dir = g_path_get_dirname (arg_repo_path);
+ ongoing_pull = take_ongoing_pull_by_dir (src_dir);
+ if (ongoing_pull != NULL)
{
- if (ongoing_pull->uid != uid)
+ g_autoptr(GError) local_error = NULL;
+ uid_t uid;
+
+ /* Ensure that pull's uid is same as the caller's uid */
+ if (!get_connection_uid (invocation, &uid, &local_error))
{
- g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR, G_DBUS_ERROR_FAILED,
- "Ongoing pull's uid(%d) does not match with peer uid(%d)",
- ongoing_pull->uid, uid);
+ g_dbus_method_invocation_return_gerror (invocation, local_error);
return G_DBUS_METHOD_INVOCATION_HANDLED;
}
- }
-
- terminate_revokefs_backend (ongoing_pull);
-
- if (!flatpak_canonicalize_permissions (AT_FDCWD,
- arg_repo_path,
- getuid() == 0 ? 0 : -1,
- getuid() == 0 ? 0 : -1,
- &local_error))
- {
- g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR, G_DBUS_ERROR_FAILED,
- "Failed to canonicalize permissions of repo %s: %s",
- arg_repo_path, local_error->message);
- return G_DBUS_METHOD_INVOCATION_HANDLED;
- }
+ else
+ {
+ if (ongoing_pull->uid != uid)
+ {
+ g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR, G_DBUS_ERROR_FAILED,
+ "Ongoing pull's uid(%d) does not match with peer uid(%d)",
+ ongoing_pull->uid, uid);
+ return G_DBUS_METHOD_INVOCATION_HANDLED;
+ }
+ }
- /* At this point, the cache-dir's repo is owned by root. Hence, any failure
- * from here on, should always cleanup the cache-dir and not preserve it to be re-used. */
- ongoing_pull->preserve_pull = FALSE;
- }
+ terminate_revokefs_backend (ongoing_pull);
- if ((arg_flags & ~FLATPAK_HELPER_DEPLOY_FLAGS_ALL) != 0)
- {
- g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR, G_DBUS_ERROR_INVALID_ARGS,
- "Unsupported flags enabled: 0x%x", (arg_flags & ~FLATPAK_HELPER_DEPLOY_FLAGS_ALL));
- return G_DBUS_METHOD_INVOCATION_HANDLED;
- }
+ if (!flatpak_canonicalize_permissions (AT_FDCWD,
+ arg_repo_path,
+ getuid() == 0 ? 0 : -1,
+ getuid() == 0 ? 0 : -1,
+ &local_error))
+ {
+ g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR, G_DBUS_ERROR_FAILED,
+ "Failed to canonicalize permissions of repo %s: %s",
+ arg_repo_path, local_error->message);
+ return G_DBUS_METHOD_INVOCATION_HANDLED;
+ }
- if (!g_file_query_exists (repo_file, NULL))
- {
- g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR, G_DBUS_ERROR_INVALID_ARGS,
- "Path does not exist");
- return G_DBUS_METHOD_INVOCATION_HANDLED;
+ /* At this point, the cache-dir's repo is owned by root. Hence, any failure
+ * from here on, should always cleanup the cache-dir and not preserve it to be re-used. */
+ ongoing_pull->preserve_pull = FALSE;
+ }
}
ref = flatpak_decomposed_new_from_ref (arg_ref, &error);

19
SPECS/flatpak.spec
View File

@ -2,8 +2,8 @@
%global ostree_version 2020.8 %global ostree_version 2020.8
Name: flatpak Name: flatpak
Version: 1.10.2 Version: 1.10.5
Release: 6%{?dist} Release: 1%{?dist}
Summary: Application deployment framework for desktop apps Summary: Application deployment framework for desktop apps
License: LGPLv2+ License: LGPLv2+
@ -12,11 +12,8 @@ Source0: https://github.com/flatpak/flatpak/releases/download/%{version}/
# Add Fedora flatpak repositories # Add Fedora flatpak repositories
Source1: flatpak-add-fedora-repos.service Source1: flatpak-add-fedora-repos.service
# https://github.com/flatpak/flatpak/pull/4210 # https://github.com/flatpak/flatpak/pull/4473
# https://pagure.io/fedora-infrastructure/issue/9840 Patch0: 0001-Fix-handling-of-syscalls-only-allowed-by-devel.patch
Patch0: 0001-OCI-Switch-to-pax-format-for-tar-archives.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1982304
Patch1: flatpak-1.10.2-system-helper-fix.patch
BuildRequires: pkgconfig(appstream-glib) BuildRequires: pkgconfig(appstream-glib)
BuildRequires: pkgconfig(dconf) BuildRequires: pkgconfig(dconf)
@ -270,6 +267,14 @@ fi
%changelog %changelog
* Tue Oct 26 2021 Debarshi Ray <rishi@fedoraproject.org> - 1.10.5-1
- Update to 1.10.5 (CVE-2021-41133)
Resolves: #2012862
* Wed Sep 22 2021 Debarshi Ray <rishi@fedoraproject.org> - 1.10.3-1
- Update to 1.10.3
Resolves: #2006554
* Sat Aug 28 2021 Debarshi Ray <rishi@fedoraproject.org> - 1.10.2-6 * Sat Aug 28 2021 Debarshi Ray <rishi@fedoraproject.org> - 1.10.2-6
- Fix local deploys using system helper - Fix local deploys using system helper
Resolves: #1982304 Resolves: #1982304