rpms/flatpak
7
0
Fork 1
Code Issues Pull Requests Releases Activity

Update to 1.10.7 (CVE-2021-43860)

Browse Source 
Resolves: #2041973
This commit is contained in:
Debarshi Ray 2022-02-02 03:13:05 +01:00
parent 726330eff1
commit 4d98b1045c
4 changed files with 7 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -94,3 +94,4 @@
/flatpak-1.10.2.tar.xz
/flatpak-1.10.3.tar.xz
/flatpak-1.10.5.tar.xz
/flatpak-1.10.7.tar.xz

31
0001-Fix-handling-of-syscalls-only-allowed-by-devel.patch
View File

@ -1,31 +0,0 @@
From 24485224223b8ed41976ead5801cb04c4d961f93 Mon Sep 17 00:00:00 2001
From: Simon McVittie <smcv@collabora.com>
Date: Fri, 8 Oct 2021 19:00:13 +0100
Subject: [PATCH] Fix handling of syscalls only allowed by --devel
This was incorrectly looking at errno instead of -r.
Fixes: 0b38b0f0 "run: Handle unknown syscalls as intended"
Signed-off-by: Simon McVittie <smcv@collabora.com>
(cherry picked from commit 3fc8c672676ae016f8e7cc90481b2feecbad9861)
(cherry picked from commit 97e128c2c1520202486b5e165e1734cbb421568a)
---
common/flatpak-run.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/common/flatpak-run.c b/common/flatpak-run.c
index 6142daafa56d..4048476bf455 100644
--- a/common/flatpak-run.c
+++ b/common/flatpak-run.c
@@ -2992,7 +2992,7 @@ setup_seccomp (FlatpakBwrap *bwrap,
r = seccomp_rule_add (seccomp, SCMP_ACT_ERRNO (errnum), scall, 0);
/* See above for the meaning of EFAULT. */
- if (errno == EFAULT)
+ if (r == -EFAULT)
flatpak_debug2 ("Unable to block syscall %d: syscall not known to libseccomp?",
scall);
else if (r < 0)
--
2.31.1

9
flatpak.spec
View File

@ -2,7 +2,7 @@
%global ostree_version 2020.8
Name: flatpak
Version: 1.10.5
Version: 1.10.7
Release: 1%{?dist}
Summary: Application deployment framework for desktop apps
@ -12,9 +12,6 @@ Source0: https://github.com/flatpak/flatpak/releases/download/%{version}/
# Add Fedora flatpak repositories
Source1: flatpak-add-fedora-repos.service
# https://github.com/flatpak/flatpak/pull/4473
Patch0: 0001-Fix-handling-of-syscalls-only-allowed-by-devel.patch
BuildRequires: pkgconfig(appstream-glib)
BuildRequires: pkgconfig(dconf)
BuildRequires: pkgconfig(fuse)
@ -267,6 +264,10 @@ fi
%changelog
* Wed Feb 02 2022 Debarshi Ray <rishi@fedoraproject.org> - 1.10.7-1
- Update to 1.10.7 (CVE-2021-43860)
Resolves: #2041973
* Tue Oct 26 2021 Debarshi Ray <rishi@fedoraproject.org> - 1.10.5-1
- Update to 1.10.5 (CVE-2021-41133)
Resolves: #2012862

2
sources
View File

@ -1 +1 @@
SHA512 (flatpak-1.10.5.tar.xz) = 8c2e365ce442a092c15178a8b39daecf21bfe162078c9a323e68d53194413f174e329812dd01d8da6bbfba3b0087aeb4d92a44067df3f6fa0253e33014d138ae
SHA512 (flatpak-1.10.7.tar.xz) = a25e9492b21542082e074c8805fd0d723a2e50f88da414a46981460a58111750ccf1c23ea2137b3f1a22638e473911f6c1c88d22f2cba641e1c2cbad53e402ed