Fix CVE-2019-10063

(cherry picked from commit dcad592b6f46f3763bedd82eb27eed02f4e6ac26)
2021-09-27 15:24:52 +08:00 · 2021-09-27 15:24:52 +08:00 · 0b4ba39eee
commit 0b4ba39eee
parent d939e05fb5
2 changed files with 31 additions and 1 deletions
--- a/CVE-2019-10063.patch
+++ b/CVE-2019-10063.patch
@ -0,0 +1,26 @@
+From a9107feeb4b8275b78965b36bf21b92d5724699e Mon Sep 17 00:00:00 2001
+From: Ryan Gonzalez <rymg19@gmail.com>
+Date: Mon, 25 Mar 2019 13:00:15 -0500
+Subject: [PATCH] run: Only compare the lowest 32 ioctl arg bits for TIOCSTI
+
+Closes #2782.
+
+Closes: #2783
+Approved by: alexlarsson
+---
+ common/flatpak-run.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/common/flatpak-run.c b/common/flatpak-run.c
+index 42e8bc05c6..b03c215bf2 100644
+--- a/common/flatpak-run.c
+++ b/common/flatpak-run.c
+@@ -2475,7 +2475,7 @@ setup_seccomp (FlatpakBwrap   *bwrap,
+     {SCMP_SYS (clone), &SCMP_A0 (SCMP_CMP_MASKED_EQ, CLONE_NEWUSER, CLONE_NEWUSER)},
+ 
+     /* Don't allow faking input to the controlling tty (CVE-2017-5226) */
+-    {SCMP_SYS (ioctl), &SCMP_A1 (SCMP_CMP_EQ, (int) TIOCSTI)},
+    {SCMP_SYS (ioctl), &SCMP_A1 (SCMP_CMP_MASKED_EQ, 0xFFFFFFFFu, (int) TIOCSTI)},
+   };
+ 
+   struct
--- a/flatpak.spec
+++ b/flatpak.spec
@ -1,6 +1,6 @@
 Name:           flatpak
 Version:        1.0.3
-Release:        5
+Release:        6
 Summary:        Application deployment framework for desktop apps
 License:        LGPLv2+
 URL:            http://flatpak.org/
@ -15,6 +15,7 @@ Patch0006:      CVE-2021-21381-1.patch
 Patch0007:      CVE-2021-21381-2.patch
 Patch0008:      CVE-2021-21381-3.patch
 Patch0009:      CVE-2019-8308.patch
+Patch0010:	CVE-2019-10063.patch

 BuildRequires:  pkgconfig(appstream-glib) pkgconfig(gio-unix-2.0) pkgconfig(gobject-introspection-1.0) >= 1.40.0 pkgconfig(json-glib-1.0) pkgconfig(libarchive) >= 2.8.0
 BuildRequires:  pkgconfig(libsoup-2.4) pkgconfig(libxml-2.0) >= 2.4 pkgconfig(ostree-1) >= 2018.7 pkgconfig(polkit-gobject-1) pkgconfig(libseccomp) pkgconfig(xau)
@ -109,6 +110,9 @@ flatpak remote-list --system &> /dev/null || :
 %{_mandir}/man5/flatpak-remote.5*

 %changelog
+* Mon Sep 27 2021 houyingchao <houyingchao@huawei.com> - 1.0.3-6
+- Fix CVE-2019-10063
+
 * Mon Apr 12 2021 wangyue <wangyue92@huawei.com> - 1.0.3-5
 - Fix CVE-2019-8308