import flatpak-1.6.2-6.el8_3
This commit is contained in:
parent
0ce8876ed1
commit
46db632dfe
86
SOURCES/flatpak-1.6.2-fix-CVE-2021-21381.patch
Normal file
86
SOURCES/flatpak-1.6.2-fix-CVE-2021-21381.patch
Normal file
@ -0,0 +1,86 @@
|
|||||||
|
From cb6fce9e4122ace2960c437def3b1a197bb49b3a Mon Sep 17 00:00:00 2001
|
||||||
|
From: Ryan Gonzalez <rymg19@gmail.com>
|
||||||
|
Date: Tue, 2 Mar 2021 13:20:07 -0600
|
||||||
|
Subject: [PATCH 1/3] Disallow @@ and @@u usage in desktop files
|
||||||
|
|
||||||
|
Fixes #4146.
|
||||||
|
---
|
||||||
|
common/flatpak-dir.c | 2 ++
|
||||||
|
1 file changed, 2 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/common/flatpak-dir.c b/common/flatpak-dir.c
|
||||||
|
index e6e4d6fb3..7d3374dad 100644
|
||||||
|
--- a/common/flatpak-dir.c
|
||||||
|
+++ b/common/flatpak-dir.c
|
||||||
|
@@ -7139,6 +7139,8 @@ export_desktop_file (const char *app,
|
||||||
|
g_string_append_printf (new_exec, " @@ %s @@", arg);
|
||||||
|
else if (strcasecmp (arg, "%u") == 0)
|
||||||
|
g_string_append_printf (new_exec, " @@u %s @@", arg);
|
||||||
|
+ else if (strcmp (arg, "@@") == 0 || strcmp (arg, "@@u") == 0)
|
||||||
|
+ g_print (_("Skipping invalid Exec argument %s\n"), arg);
|
||||||
|
else
|
||||||
|
g_string_append_printf (new_exec, " %s", arg);
|
||||||
|
}
|
||||||
|
|
||||||
|
From 0bdcb88b2d0013aa435dc03950fb42cef2cbd359 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Simon McVittie <smcv@collabora.com>
|
||||||
|
Date: Fri, 5 Mar 2021 13:49:36 +0000
|
||||||
|
Subject: [PATCH 2/3] dir: Reserve the whole @@ prefix
|
||||||
|
|
||||||
|
If we add new features analogous to file forwarding later, we might
|
||||||
|
find that we need a different magic token. Let's reserve the whole
|
||||||
|
@@* namespace so we can call it @@something-else.
|
||||||
|
|
||||||
|
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
||||||
|
---
|
||||||
|
common/flatpak-dir.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/common/flatpak-dir.c b/common/flatpak-dir.c
|
||||||
|
index 7d3374dad..facfab37a 100644
|
||||||
|
--- a/common/flatpak-dir.c
|
||||||
|
+++ b/common/flatpak-dir.c
|
||||||
|
@@ -7139,7 +7139,7 @@ export_desktop_file (const char *app,
|
||||||
|
g_string_append_printf (new_exec, " @@ %s @@", arg);
|
||||||
|
else if (strcasecmp (arg, "%u") == 0)
|
||||||
|
g_string_append_printf (new_exec, " @@u %s @@", arg);
|
||||||
|
- else if (strcmp (arg, "@@") == 0 || strcmp (arg, "@@u") == 0)
|
||||||
|
+ else if (g_str_has_prefix (arg, "@@"))
|
||||||
|
g_print (_("Skipping invalid Exec argument %s\n"), arg);
|
||||||
|
else
|
||||||
|
g_string_append_printf (new_exec, " %s", arg);
|
||||||
|
|
||||||
|
From 230f4c3521cd0dffa446ab9b70e958cdd9241bbe Mon Sep 17 00:00:00 2001
|
||||||
|
From: Simon McVittie <smcv@collabora.com>
|
||||||
|
Date: Fri, 5 Mar 2021 13:51:33 +0000
|
||||||
|
Subject: [PATCH 3/3] dir: Refuse to export .desktop files with suspicious uses
|
||||||
|
of @@ tokens
|
||||||
|
|
||||||
|
This is either a malicious/compromised app trying to do an attack, or
|
||||||
|
a mistake that will break handling of %f, %u and so on. Either way,
|
||||||
|
if we refuse to export the .desktop file, resulting in installation
|
||||||
|
failing, then it makes the rejection more obvious than quietly
|
||||||
|
removing the magic tokens.
|
||||||
|
|
||||||
|
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
||||||
|
---
|
||||||
|
common/flatpak-dir.c | 6 +++++-
|
||||||
|
1 file changed, 5 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/common/flatpak-dir.c b/common/flatpak-dir.c
|
||||||
|
index facfab37a..c5edf346f 100644
|
||||||
|
--- a/common/flatpak-dir.c
|
||||||
|
+++ b/common/flatpak-dir.c
|
||||||
|
@@ -7140,7 +7140,11 @@ export_desktop_file (const char *app,
|
||||||
|
else if (strcasecmp (arg, "%u") == 0)
|
||||||
|
g_string_append_printf (new_exec, " @@u %s @@", arg);
|
||||||
|
else if (g_str_has_prefix (arg, "@@"))
|
||||||
|
- g_print (_("Skipping invalid Exec argument %s\n"), arg);
|
||||||
|
+ {
|
||||||
|
+ flatpak_fail_error (error, FLATPAK_ERROR_EXPORT_FAILED,
|
||||||
|
+ _("Invalid Exec argument %s"), arg);
|
||||||
|
+ goto out;
|
||||||
|
+ }
|
||||||
|
else
|
||||||
|
g_string_append_printf (new_exec, " %s", arg);
|
||||||
|
}
|
@ -3,7 +3,7 @@
|
|||||||
|
|
||||||
Name: flatpak
|
Name: flatpak
|
||||||
Version: 1.6.2
|
Version: 1.6.2
|
||||||
Release: 5%{?dist}
|
Release: 6%{?dist}
|
||||||
Summary: Application deployment framework for desktop apps
|
Summary: Application deployment framework for desktop apps
|
||||||
|
|
||||||
License: LGPLv2+
|
License: LGPLv2+
|
||||||
@ -18,6 +18,8 @@ Patch1: flatpak-1.6.2-oci-fixes2.patch
|
|||||||
Patch2: 3845.patch
|
Patch2: 3845.patch
|
||||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1918774
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1918774
|
||||||
Patch3: flatpak-1.6.2-fix-CVE-2021-21261.patch
|
Patch3: flatpak-1.6.2-fix-CVE-2021-21261.patch
|
||||||
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1938062
|
||||||
|
Patch4: flatpak-1.6.2-fix-CVE-2021-21381.patch
|
||||||
|
|
||||||
BuildRequires: pkgconfig(appstream-glib)
|
BuildRequires: pkgconfig(appstream-glib)
|
||||||
BuildRequires: pkgconfig(dconf)
|
BuildRequires: pkgconfig(dconf)
|
||||||
@ -246,6 +248,9 @@ fi
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Mar 22 2021 David King <dking@redhat.com> - 1.6.2-6
|
||||||
|
- Fix CVE-2021-21381 (#1938062)
|
||||||
|
|
||||||
* Tue Jan 26 2021 David King <dking@redhat.com> - 1.6.2-5
|
* Tue Jan 26 2021 David King <dking@redhat.com> - 1.6.2-5
|
||||||
- Fix CVE-2021-21261 (#1918774)
|
- Fix CVE-2021-21261 (#1918774)
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user