!18 [sync] PR-17: Fix CVE-2019-8308

From: @openeuler-sync-bot
Reviewed-by: @wangxiao65,@small_leek
Signed-off-by: @small_leek

CVE-2019-8308.patch

@@ -0,0 +1,67 @@
+From f2af3137e3e5bdd54cad646046da82218aec3fa7 Mon Sep 17 00:00:00 2001
+From: Alexander Larsson <alexl@redhat.com>
+Date: Sun, 10 Feb 2019 18:23:44 +0100
+Subject: [PATCH] Don't expose /proc when running apply_extra
+
+As shown by CVE-2019-5736, it is sometimes possible for the sandbox
+app to access outside files using /proc/self/exe. This is not
+typically an issue for flatpak as the sandbox runs as the user which
+has no permissions to e.g. modify the host files.
+
+However, when installing apps using extra-data into the system repo
+we *do* actually run a sandbox as root. So, in this case we disable mounting
+/proc in the sandbox, which will neuter attacks like this.
+
+---
+ common/flatpak-common-types-private.h | 1 +
+ common/flatpak-dir.c                  | 2 +-
+ common/flatpak-run.c                  | 6 +++++-
+ 3 files changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/common/flatpak-common-types-private.h b/common/flatpak-common-types-private.h
+index e361777..b8f76b9 100644
+--- a/common/flatpak-common-types-private.h
++++ b/common/flatpak-common-types-private.h
+@@ -45,6 +45,7 @@ typedef enum {
+   FLATPAK_RUN_FLAG_NO_DOCUMENTS_PORTAL = (1 << 15),
+   FLATPAK_RUN_FLAG_BLUETOOTH          = (1 << 16),
+   FLATPAK_RUN_FLAG_CANBUS            = (1 << 17),
++  FLATPAK_RUN_FLAG_NO_PROC            = (1 << 19),
+ } FlatpakRunFlags;
+ 
+ typedef struct FlatpakDir          FlatpakDir;
+diff --git a/common/flatpak-dir.c b/common/flatpak-dir.c
+index 236de4b..56bca24 100644
+--- a/common/flatpak-dir.c
++++ b/common/flatpak-dir.c
+@@ -6511,7 +6511,7 @@ apply_extra_data (FlatpakDir   *self,
+                           NULL);
+ 
+   if (!flatpak_run_setup_base_argv (bwrap, runtime_files, NULL, runtime_ref_parts[2],
+-                                    FLATPAK_RUN_FLAG_NO_SESSION_HELPER,
++                                    FLATPAK_RUN_FLAG_NO_SESSION_HELPER | FLATPAK_RUN_FLAG_NO_PROC,
+                                     error))
+     return FALSE;
+ 
+diff --git a/common/flatpak-run.c b/common/flatpak-run.c
+index cd6672e..c5fe6dc 100644
+--- a/common/flatpak-run.c
++++ b/common/flatpak-run.c
+@@ -2357,9 +2357,13 @@ flatpak_run_setup_base_argv (FlatpakBwrap   *bwrap,
+     "# Disable user pkcs11 config, because the host modules don't work in the runtime\n"
+     "user-config: none\n";
+ 
++  if ((flags & FLATPAK_RUN_FLAG_NO_PROC) == 0)
++    flatpak_bwrap_add_args (bwrap,
++                            "--proc", "/proc",
++                            NULL);
++
+   flatpak_bwrap_add_args (bwrap,
+                           "--unshare-pid",
+-                          "--proc", "/proc",
+                           "--dir", "/tmp",
+                           "--dir", "/var/tmp",
+                           "--dir", "/run/host",
+-- 
+2.30.0
+

flatpak.spec

@@ -1,6 +1,6 @@
 Name:           flatpak
 Version:        1.0.3
-Release:        4
+Release:        5
 Summary:        Application deployment framework for desktop apps
 License:        LGPLv2+
 URL:            http://flatpak.org/
@@ -14,6 +14,7 @@ Patch0005:      CVE-2021-21261-5.patch
 Patch0006:      CVE-2021-21381-1.patch
 Patch0007:      CVE-2021-21381-2.patch
 Patch0008:      CVE-2021-21381-3.patch
+Patch0009:      CVE-2019-8308.patch
 
 BuildRequires:  pkgconfig(appstream-glib) pkgconfig(gio-unix-2.0) pkgconfig(gobject-introspection-1.0) >= 1.40.0 pkgconfig(json-glib-1.0) pkgconfig(libarchive) >= 2.8.0
 BuildRequires:  pkgconfig(libsoup-2.4) pkgconfig(libxml-2.0) >= 2.4 pkgconfig(ostree-1) >= 2018.7 pkgconfig(polkit-gobject-1) pkgconfig(libseccomp) pkgconfig(xau)
@@ -108,6 +109,9 @@ flatpak remote-list --system &> /dev/null || :
 %{_mandir}/man5/flatpak-remote.5*
 
 %changelog
+* Mon Apr 12 2021 wangyue <wangyue92@huawei.com> - 1.0.3-5
+- Fix CVE-2019-8308
+
 * Wed Mar 24 2021 wangxiao <wangxiao65@huawei.com> - 1.0.3-4
 - Fix CVE-2021-21381