From 17c0d05a90915d9e4163429af643aa5c2558c506 Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: May 13 2019 04:51:25 +0000
Subject: import flatpak-1.0.6-3.el8_0


---

diff --git a/SOURCES/flatpak-1.0.6-CVE-2019-10063.patch b/SOURCES/flatpak-1.0.6-CVE-2019-10063.patch
new file mode 100644
index 0000000..a713027
--- /dev/null
+++ b/SOURCES/flatpak-1.0.6-CVE-2019-10063.patch
@@ -0,0 +1,29 @@
+From 77f076712949c13b9bcecc02d043cbd6de6e291e Mon Sep 17 00:00:00 2001
+From: Ryan Gonzalez <rymg19@gmail.com>
+Date: Mon, 25 Mar 2019 13:00:15 -0500
+Subject: [PATCH] run: Only compare the lowest 32 ioctl arg bits for TIOCSTI
+
+Closes #2782.
+
+Closes: #2783
+Approved by: alexlarsson
+---
+ common/flatpak-run.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/common/flatpak-run.c b/common/flatpak-run.c
+index 90b435fe..d1acd9f2 100644
+--- a/common/flatpak-run.c
++++ b/common/flatpak-run.c
+@@ -2147,7 +2147,7 @@ setup_seccomp (FlatpakBwrap   *bwrap,
+     {SCMP_SYS (clone), &SCMP_A0 (SCMP_CMP_MASKED_EQ, CLONE_NEWUSER, CLONE_NEWUSER)},
+ 
+     /* Don't allow faking input to the controlling tty (CVE-2017-5226) */
+-    {SCMP_SYS (ioctl), &SCMP_A1 (SCMP_CMP_EQ, (int) TIOCSTI)},
++    {SCMP_SYS (ioctl), &SCMP_A1 (SCMP_CMP_MASKED_EQ, 0xFFFFFFFFu, (int) TIOCSTI)},
+   };
+ 
+   struct
+-- 
+2.21.0
+
diff --git a/SPECS/flatpak.spec b/SPECS/flatpak.spec
index 5a65c75..c27fe2e 100644
--- a/SPECS/flatpak.spec
+++ b/SPECS/flatpak.spec
@@ -3,7 +3,7 @@
 
 Name:           flatpak
 Version:        1.0.6
-Release:        2%{?dist}
+Release:        3%{?dist}
 Summary:        Application deployment framework for desktop apps
 
 License:        LGPLv2+
@@ -13,6 +13,8 @@ Source0:        https://github.com/flatpak/flatpak/releases/download/%{version}/
 Patch0:         flatpak-1.0.4-oci-fixes.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=1675776
 Patch1:         flatpak-1.0.6-CVE-2019-5736.patch
+# https://bugzilla.redhat.com/show_bug.cgi?id=1700653
+Patch2:         flatpak-1.0.6-CVE-2019-10063.patch
 
 BuildRequires:  pkgconfig(appstream-glib)
 BuildRequires:  pkgconfig(gio-unix-2.0)
@@ -157,6 +159,9 @@ flatpak remote-list --system &> /dev/null || :
 
 
 %changelog
+* Mon Apr 29 2019 David King <dking@redhat.com> - 1.0.6-3
+- Fix IOCSTI sandbox bypass (#1700653)
+
 * Wed Feb 13 2019 David King <dking@redhat.com> - 1.0.6-2
 - Do not mount /proc in root sandbox (#1675776)