From 251d17ccc470be68a19b948e138c32be0b138903 Mon Sep 17 00:00:00 2001
From: han_hui_hui <hanhuihui5@huawei.com>
Date: Tue, 28 Sep 2021 16:51:15 +0800
Subject: [PATCH] add cve-10063.patch and chang .spec

---
 CVE-2019-10063.patch | 29 +++++++++++++++++++++++++++++
 flatpak.spec         |  6 +++++-
 2 files changed, 34 insertions(+), 1 deletion(-)
 create mode 100644 CVE-2019-10063.patch

diff --git a/CVE-2019-10063.patch b/CVE-2019-10063.patch
new file mode 100644
index 0000000..f483ca3
--- /dev/null
+++ b/CVE-2019-10063.patch
@@ -0,0 +1,29 @@
+From a9107feeb4b8275b78965b36bf21b92d5724699e Mon Sep 17 00:00:00 2001
+From: Ryan Gonzalez <rymg19@gmail.com>
+Date: Mon, 25 Mar 2019 13:00:15 -0500
+Subject: [PATCH] run: Only compare the lowest 32 ioctl arg bits for TIOCSTI
+
+Closes #2782.
+
+Closes: #2783
+Approved by: alexlarsson
+
+Conflict:NA
+Reference:https://github.com/flatpak/flatpak/commit/a9107feeb4b8275b78965b36bf21b92d5724699e
+---
+ common/flatpak-run.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/common/flatpak-run.c b/common/flatpak-run.c
+index 42e8bc05c6..b03c215bf2 100644
+--- a/common/flatpak-run.c
++++ b/common/flatpak-run.c
+@@ -2475,7 +2475,7 @@ setup_seccomp (FlatpakBwrap   *bwrap,
+     {SCMP_SYS (clone), &SCMP_A0 (SCMP_CMP_MASKED_EQ, CLONE_NEWUSER, CLONE_NEWUSER)},
+ 
+     /* Don't allow faking input to the controlling tty (CVE-2017-5226) */
+-    {SCMP_SYS (ioctl), &SCMP_A1 (SCMP_CMP_EQ, (int) TIOCSTI)},
++    {SCMP_SYS (ioctl), &SCMP_A1 (SCMP_CMP_MASKED_EQ, 0xFFFFFFFFu, (int) TIOCSTI)},
+   };
+ 
+   struct
diff --git a/flatpak.spec b/flatpak.spec
index 2c2b75b..dfbf543 100644
--- a/flatpak.spec
+++ b/flatpak.spec
@@ -1,6 +1,6 @@
 Name:           flatpak
 Version:        1.10.2
-Release:        1
+Release:        2
 Summary:        Application deployment framework for desktop apps
 License:        LGPLv2+
 URL:            http://flatpak.org/
@@ -9,6 +9,7 @@ Patch0000:      modify-automake-version.patch
 Patch0002:      CVE-2021-21261-2.patch
 Patch0004:      CVE-2021-21261-4.patch
 Patch0005:	0001-OCI-Switch-to-pax-format-for-tar-archives.patch
+Patch0006:	CVE-2019-10063.patch
 
 BuildRequires:  pkgconfig(appstream-glib) pkgconfig(gio-unix-2.0) pkgconfig(gobject-introspection-1.0) >= 1.40.0 pkgconfig(json-glib-1.0) pkgconfig(libarchive) >= 2.8.0
 BuildRequires:  pkgconfig(libsoup-2.4) pkgconfig(libxml-2.0) >= 2.4 pkgconfig(ostree-1) >= 2020.8 pkgconfig(polkit-gobject-1) pkgconfig(libseccomp) pkgconfig(xau)
@@ -114,6 +115,9 @@ flatpak remote-list --system &> /dev/null || :
 %{_mandir}/man5/flatpak-remote.5*
 
 %changelog
+* Tue Sep 28 2021 hanhuihui <hanhuihui5@huawei.com> - 1.10.2-2
+- Fix CVE-2019-10063
+
 * Tue Jun 29 2021 weijin deng <weijin.deng@turbolinux.com.cn> - 1.10.2-1
 - Upgrade to 1.10.2
 - Delete patches that existed in this version 1.10.2, delete sed option
-- 
Gitee