From 4d98b1045c39ee562c5b436a63f532350403a591 Mon Sep 17 00:00:00 2001
From: Debarshi Ray <debarshir@gnome.org>
Date: Wed, 2 Feb 2022 03:13:05 +0100
Subject: [PATCH] Update to 1.10.7 (CVE-2021-43860)

Resolves: #2041973
---
 .gitignore                                    |  1 +
 ...ng-of-syscalls-only-allowed-by-devel.patch | 31 -------------------
 flatpak.spec                                  |  9 +++---
 sources                                       |  2 +-
 4 files changed, 7 insertions(+), 36 deletions(-)
 delete mode 100644 0001-Fix-handling-of-syscalls-only-allowed-by-devel.patch

diff --git a/.gitignore b/.gitignore
index 434b06b..b995c0e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -94,3 +94,4 @@
 /flatpak-1.10.2.tar.xz
 /flatpak-1.10.3.tar.xz
 /flatpak-1.10.5.tar.xz
+/flatpak-1.10.7.tar.xz
diff --git a/0001-Fix-handling-of-syscalls-only-allowed-by-devel.patch b/0001-Fix-handling-of-syscalls-only-allowed-by-devel.patch
deleted file mode 100644
index cf7f463..0000000
--- a/0001-Fix-handling-of-syscalls-only-allowed-by-devel.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From 24485224223b8ed41976ead5801cb04c4d961f93 Mon Sep 17 00:00:00 2001
-From: Simon McVittie <smcv@collabora.com>
-Date: Fri, 8 Oct 2021 19:00:13 +0100
-Subject: [PATCH] Fix handling of syscalls only allowed by --devel
-
-This was incorrectly looking at errno instead of -r.
-
-Fixes: 0b38b0f0 "run: Handle unknown syscalls as intended"
-Signed-off-by: Simon McVittie <smcv@collabora.com>
-(cherry picked from commit 3fc8c672676ae016f8e7cc90481b2feecbad9861)
-(cherry picked from commit 97e128c2c1520202486b5e165e1734cbb421568a)
----
- common/flatpak-run.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/common/flatpak-run.c b/common/flatpak-run.c
-index 6142daafa56d..4048476bf455 100644
---- a/common/flatpak-run.c
-+++ b/common/flatpak-run.c
-@@ -2992,7 +2992,7 @@ setup_seccomp (FlatpakBwrap   *bwrap,
-             r = seccomp_rule_add (seccomp, SCMP_ACT_ERRNO (errnum), scall, 0);
- 
-           /* See above for the meaning of EFAULT. */
--          if (errno == EFAULT)
-+          if (r == -EFAULT)
-             flatpak_debug2 ("Unable to block syscall %d: syscall not known to libseccomp?",
-                             scall);
-           else if (r < 0)
--- 
-2.31.1
-
diff --git a/flatpak.spec b/flatpak.spec
index fc032ac..fe420f5 100644
--- a/flatpak.spec
+++ b/flatpak.spec
@@ -2,7 +2,7 @@
 %global ostree_version 2020.8
 
 Name:           flatpak
-Version:        1.10.5
+Version:        1.10.7
 Release:        1%{?dist}
 Summary:        Application deployment framework for desktop apps
 
@@ -12,9 +12,6 @@ Source0:        https://github.com/flatpak/flatpak/releases/download/%{version}/
 # Add Fedora flatpak repositories
 Source1:        flatpak-add-fedora-repos.service
 
-# https://github.com/flatpak/flatpak/pull/4473
-Patch0:         0001-Fix-handling-of-syscalls-only-allowed-by-devel.patch
-
 BuildRequires:  pkgconfig(appstream-glib)
 BuildRequires:  pkgconfig(dconf)
 BuildRequires:  pkgconfig(fuse)
@@ -267,6 +264,10 @@ fi
 
 
 %changelog
+* Wed Feb 02 2022 Debarshi Ray <rishi@fedoraproject.org> - 1.10.7-1
+- Update to 1.10.7 (CVE-2021-43860)
+Resolves: #2041973
+
 * Tue Oct 26 2021 Debarshi Ray <rishi@fedoraproject.org> - 1.10.5-1
 - Update to 1.10.5 (CVE-2021-41133)
 Resolves: #2012862
diff --git a/sources b/sources
index 5ec1917..34413ed 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (flatpak-1.10.5.tar.xz) = 8c2e365ce442a092c15178a8b39daecf21bfe162078c9a323e68d53194413f174e329812dd01d8da6bbfba3b0087aeb4d92a44067df3f6fa0253e33014d138ae
+SHA512 (flatpak-1.10.7.tar.xz) = a25e9492b21542082e074c8805fd0d723a2e50f88da414a46981460a58111750ccf1c23ea2137b3f1a22638e473911f6c1c88d22f2cba641e1c2cbad53e402ed