diff --git a/CVE-2024-32462.patch b/CVE-2024-32462.patch deleted file mode 100644 index 5d2e42e0f50376385501ec87571b859c73ed5a11..0000000000000000000000000000000000000000 --- a/CVE-2024-32462.patch +++ /dev/null @@ -1,75 +0,0 @@ -From bbab7ed1e672356d1a78b422462b210e8e875931 Mon Sep 17 00:00:00 2001 -From: Alexander Larsson -Date: Mon, 15 Apr 2024 16:10:36 +0200 -Subject: [PATCH] When starting non-static command using bwrap use "--" - -Origin: https://github.com/flatpak/flatpak/commit/bbab7ed1e672356d1a78b422462b210e8e875931 - -This ensures that the command is not taken to be a bwrap option. - -Resolves: CVE-2024-32462 -Resolves: GHSA-phv6-cpc2-2fgj -Signed-off-by: Alexander Larsson -[smcv: Fix DISABLE_SANDBOXED_TRIGGERS code path] -[smcv: Make flatpak_run_maybe_start_dbus_proxy() more obviously correct] -Signed-off-by: Simon McVittie ---- - app/flatpak-builtins-build.c | 3 ++- - common/flatpak-dir.c | 1 + - common/flatpak-run-dbus.c | 3 +++ - common/flatpak-run.c | 2 +- - 4 files changed, 7 insertions(+), 2 deletions(-) - -diff --git a/app/flatpak-builtins-build.c b/app/flatpak-builtins-build.c -index a606544980..585f8f43ba 100644 ---- a/app/flatpak-builtins-build.c -+++ b/app/flatpak-builtins-build.c -@@ -589,7 +589,8 @@ flatpak_builtin_build (int argc, char **argv, GCancellable *cancellable, GError - if (!flatpak_bwrap_bundle_args (bwrap, 1, -1, FALSE, error)) - return FALSE; - -- flatpak_bwrap_add_args (bwrap, command, NULL); -+ flatpak_bwrap_add_args (bwrap, "--", command, NULL); -+ - flatpak_bwrap_append_argsv (bwrap, - &argv[rest_argv_start + 2], - rest_argc - 2); -diff --git a/common/flatpak-dir.c b/common/flatpak-dir.c -index 3a788469a4..089fb80734 100644 ---- a/common/flatpak-dir.c -+++ b/common/flatpak-dir.c -@@ -7155,6 +7155,7 @@ flatpak_dir_run_triggers (FlatpakDir *self, - "--proc", "/proc", - "--dev", "/dev", - "--bind", basedir, basedir, -+ "--", - NULL); - #endif - flatpak_bwrap_add_args (bwrap, -diff --git a/common/flatpak-run-dbus.c b/common/flatpak-run-dbus.c -index 3074549bc9..bb64c15bf0 100644 ---- a/common/flatpak-run-dbus.c -+++ b/common/flatpak-run-dbus.c -@@ -104,6 +104,9 @@ add_bwrap_wrapper (FlatpakBwrap *bwrap, - if (!flatpak_bwrap_bundle_args (bwrap, 1, -1, FALSE, error)) - return FALSE; - -+ /* End of options: the next argument will be the executable name */ -+ flatpak_bwrap_add_arg (bwrap, "--"); -+ - return TRUE; - } - -diff --git a/common/flatpak-run.c b/common/flatpak-run.c -index bd68b4806f..29fe563f36 100644 ---- a/common/flatpak-run.c -+++ b/common/flatpak-run.c -@@ -3425,7 +3425,7 @@ flatpak_run_app (FlatpakDecomposed *app_ref, - if (!flatpak_bwrap_bundle_args (bwrap, 1, -1, FALSE, error)) - return FALSE; - -- flatpak_bwrap_add_arg (bwrap, command); -+ flatpak_bwrap_add_args (bwrap, "--", command, NULL); - - if (!add_rest_args (bwrap, app_id, - exports, (flags & FLATPAK_RUN_FLAG_FILE_FORWARDING) != 0, diff --git a/flatpak-1.15.10.tar.xz b/flatpak-1.15.10.tar.xz new file mode 100644 index 0000000000000000000000000000000000000000..fb4bdbc644a24d11585643cbeac5008b1fe17cc8 Binary files /dev/null and b/flatpak-1.15.10.tar.xz differ diff --git a/flatpak-1.15.6.tar.xz b/flatpak-1.15.6.tar.xz deleted file mode 100644 index 7a99935105394e04697c46b0f05257f08d81dcb8..0000000000000000000000000000000000000000 Binary files a/flatpak-1.15.6.tar.xz and /dev/null differ diff --git a/flatpak.spec b/flatpak.spec index aaa822833fff02965da086f90c687e05c74891d0..5f2ef9f095334b611566f0e13ec405403406c0c0 100644 --- a/flatpak.spec +++ b/flatpak.spec @@ -1,11 +1,10 @@ Name: flatpak -Version: 1.15.6 -Release: 2 +Version: 1.15.10 +Release: 1 Summary: Application deployment framework for desktop apps License: LGPLv2+ URL: http://flatpak.org/ Source0: https://github.com/flatpak/flatpak/releases/download/%{version}/%{name}-%{version}.tar.xz -Patch0: CVE-2024-32462.patch BuildRequires: pkgconfig(appstream-glib) pkgconfig(gio-unix-2.0) pkgconfig(gobject-introspection-1.0) >= 1.40.0 pkgconfig(json-glib-1.0) pkgconfig(libarchive) >= 2.8.0 BuildRequires: pkgconfig(libsoup-2.4) pkgconfig(libxml-2.0) >= 2.4 pkgconfig(ostree-1) >= 2020.8 pkgconfig(polkit-gobject-1) pkgconfig(libseccomp) pkgconfig(xau) @@ -148,6 +147,9 @@ fi %{_mandir}/man5/flatpak-remote.5* %changelog +* Thu Aug 16 2024 zhangxianting - 1.15.10-1 +- Upgrade version to 1.15.10 for fix CVE-2024-42472 + * Fri Apr 19 2024 wangkai <13474090681@163.com> - 1.15.6-2 - Fix CVE-2024-32462