Blame SOURCES/flatpak-1.0.9-fix-CVE-2021-21381.patch

804a12
From cb6fce9e4122ace2960c437def3b1a197bb49b3a Mon Sep 17 00:00:00 2001
804a12
From: Ryan Gonzalez <rymg19@gmail.com>
804a12
Date: Tue, 2 Mar 2021 13:20:07 -0600
804a12
Subject: [PATCH 1/3] Disallow @@ and @@u usage in desktop files
804a12
804a12
Fixes #4146.
804a12
---
804a12
 common/flatpak-dir.c | 2 ++
804a12
 1 file changed, 2 insertions(+)
804a12
804a12
diff --git a/common/flatpak-dir.c b/common/flatpak-dir.c
804a12
index e6e4d6fb3..7d3374dad 100644
804a12
--- a/common/flatpak-dir.c
804a12
+++ b/common/flatpak-dir.c
804a12
@@ -7139,6 +7139,8 @@ export_desktop_file (const char         *app,
804a12
                 g_string_append_printf (new_exec, " @@ %s @@", arg);
804a12
               else if (strcasecmp (arg, "%u") == 0)
804a12
                 g_string_append_printf (new_exec, " @@u %s @@", arg);
804a12
+              else if (strcmp (arg, "@@") == 0 || strcmp (arg, "@@u") == 0)
804a12
+                g_print (_("Skipping invalid Exec argument %s\n"), arg);
804a12
               else
804a12
                 g_string_append_printf (new_exec, " %s", arg);
804a12
             }
804a12
804a12
From 0bdcb88b2d0013aa435dc03950fb42cef2cbd359 Mon Sep 17 00:00:00 2001
804a12
From: Simon McVittie <smcv@collabora.com>
804a12
Date: Fri, 5 Mar 2021 13:49:36 +0000
804a12
Subject: [PATCH 2/3] dir: Reserve the whole @@ prefix
804a12
804a12
If we add new features analogous to file forwarding later, we might
804a12
find that we need a different magic token. Let's reserve the whole
804a12
@@* namespace so we can call it @@something-else.
804a12
804a12
Signed-off-by: Simon McVittie <smcv@collabora.com>
804a12
---
804a12
 common/flatpak-dir.c | 2 +-
804a12
 1 file changed, 1 insertion(+), 1 deletion(-)
804a12
804a12
diff --git a/common/flatpak-dir.c b/common/flatpak-dir.c
804a12
index 7d3374dad..facfab37a 100644
804a12
--- a/common/flatpak-dir.c
804a12
+++ b/common/flatpak-dir.c
804a12
@@ -7139,7 +7139,7 @@ export_desktop_file (const char         *app,
804a12
                 g_string_append_printf (new_exec, " @@ %s @@", arg);
804a12
               else if (strcasecmp (arg, "%u") == 0)
804a12
                 g_string_append_printf (new_exec, " @@u %s @@", arg);
804a12
-              else if (strcmp (arg, "@@") == 0 || strcmp (arg, "@@u") == 0)
804a12
+              else if (g_str_has_prefix (arg, "@@"))
804a12
                 g_print (_("Skipping invalid Exec argument %s\n"), arg);
804a12
               else
804a12
                 g_string_append_printf (new_exec, " %s", arg);
804a12
804a12
From 230f4c3521cd0dffa446ab9b70e958cdd9241bbe Mon Sep 17 00:00:00 2001
804a12
From: Simon McVittie <smcv@collabora.com>
804a12
Date: Fri, 5 Mar 2021 13:51:33 +0000
804a12
Subject: [PATCH 3/3] dir: Refuse to export .desktop files with suspicious uses
804a12
 of @@ tokens
804a12
804a12
This is either a malicious/compromised app trying to do an attack, or
804a12
a mistake that will break handling of %f, %u and so on. Either way,
804a12
if we refuse to export the .desktop file, resulting in installation
804a12
failing, then it makes the rejection more obvious than quietly
804a12
removing the magic tokens.
804a12
804a12
Signed-off-by: Simon McVittie <smcv@collabora.com>
804a12
---
804a12
 common/flatpak-dir.c | 6 +++++-
804a12
 1 file changed, 5 insertions(+), 1 deletion(-)
804a12
804a12
diff --git a/common/flatpak-dir.c b/common/flatpak-dir.c
804a12
index facfab37a..c5edf346f 100644
804a12
--- a/common/flatpak-dir.c
804a12
+++ b/common/flatpak-dir.c
804a12
@@ -7140,7 +7140,11 @@ export_desktop_file (const char         *app,
804a12
               else if (strcasecmp (arg, "%u") == 0)
804a12
                 g_string_append_printf (new_exec, " @@u %s @@", arg);
804a12
               else if (g_str_has_prefix (arg, "@@"))
804a12
-                g_print (_("Skipping invalid Exec argument %s\n"), arg);
804a12
+                {
804a12
+                  flatpak_fail_error (error, FLATPAK_ERROR_EXPORT_FAILED,
804a12
+                                     _("Invalid Exec argument %s"), arg);
804a12
+                  goto out;
804a12
+                }
804a12
               else
804a12
                 g_string_append_printf (new_exec, " %s", arg);
804a12
             }