diff --git a/0001-Fix-use-after-free-in-xdg_get_app_info_from_pid.patch b/0001-Fix-use-after-free-in-xdg_get_app_info_from_pid.patch new file mode 100644 index 0000000..e9092a3 --- /dev/null +++ b/0001-Fix-use-after-free-in-xdg_get_app_info_from_pid.patch @@ -0,0 +1,25 @@ +From 8fbab8933fc4e0e87dbb263c9414dc349fc3cdb8 Mon Sep 17 00:00:00 2001 +From: Alexander Larsson +Date: Thu, 12 Mar 2020 15:01:26 +0100 +Subject: [PATCH] utils: Fix use-after-free in xdp_get_app_info_from_pid() + +This was freeing the value before returning it. + +This was noticed by jhenstridge in https://github.com/flatpak/xdg-desktop-portal/pull/443 +--- + src/xdp-utils.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/xdp-utils.c b/src/xdp-utils.c +index 2f5be5c..4f72df1 100644 +--- a/src/xdp-utils.c ++++ b/src/xdp-utils.c +@@ -618,7 +618,7 @@ xdp_get_app_info_from_pid (pid_t pid, + if (app_info == NULL) + app_info = xdp_app_info_new_host (); + +- return app_info; ++ return g_steal_pointer (&app_info); + } + + static XdpAppInfo * diff --git a/0002-add-AssumedAppArmorLabel-key-to-D-Bus-service-files.patch b/0002-add-AssumedAppArmorLabel-key-to-D-Bus-service-files.patch new file mode 100644 index 0000000..2847435 --- /dev/null +++ b/0002-add-AssumedAppArmorLabel-key-to-D-Bus-service-files.patch @@ -0,0 +1,32 @@ +From 2a3118ce4a9dc144237ebbfc0147fc535cd23c32 Mon Sep 17 00:00:00 2001 +From: James Henstridge +Date: Mon, 2 Mar 2020 16:40:22 +0100 +Subject: [PATCH] src, document-portal: add AssumedAppArmorLabel key to D-Bus + service files + +This allows sandboxed processes to activate the portal services if the +sandbox makes use of AppArmor D-Bus mediation rules that depend on the +service's security label. +--- + document-portal/org.freedesktop.portal.Documents.service.in | 1 + + src/org.freedesktop.portal.Desktop.service.in | 1 + + 2 files changed, 2 insertions(+) + +diff --git a/document-portal/org.freedesktop.portal.Documents.service.in b/document-portal/org.freedesktop.portal.Documents.service.in +index cf0c1ef..4d0881b 100644 +--- a/document-portal/org.freedesktop.portal.Documents.service.in ++++ b/document-portal/org.freedesktop.portal.Documents.service.in +@@ -2,3 +2,4 @@ + Name=org.freedesktop.portal.Documents + Exec=@libexecdir@/xdg-document-portal + SystemdService=xdg-document-portal.service ++AssumedAppArmorLabel=unconfined +diff --git a/src/org.freedesktop.portal.Desktop.service.in b/src/org.freedesktop.portal.Desktop.service.in +index e017386..2b31f32 100644 +--- a/src/org.freedesktop.portal.Desktop.service.in ++++ b/src/org.freedesktop.portal.Desktop.service.in +@@ -2,3 +2,4 @@ + Name=org.freedesktop.portal.Desktop + Exec=@libexecdir@/xdg-desktop-portal + SystemdService=xdg-desktop-portal.service ++AssumedAppArmorLabel=unconfined diff --git a/0003-Fix-criticals-if-no-default-handler-for-desired-type.patch b/0003-Fix-criticals-if-no-default-handler-for-desired-type.patch new file mode 100644 index 0000000..c978365 --- /dev/null +++ b/0003-Fix-criticals-if-no-default-handler-for-desired-type.patch @@ -0,0 +1,35 @@ +From f8a261b0a56d7eacab79a9086611ba4208fe3842 Mon Sep 17 00:00:00 2001 +From: Simon McVittie +Date: Sun, 22 Dec 2019 15:54:33 +0000 +Subject: [PATCH] open-uri: Fix criticals if no default handler for desired + type + +Signed-off-by: Simon McVittie +--- + src/open-uri.c | 12 ++++++++++-- + 1 file changed, 10 insertions(+), 2 deletions(-) + +diff --git a/src/open-uri.c b/src/open-uri.c +index c876ab6..f032894 100644 +--- a/src/open-uri.c ++++ b/src/open-uri.c +@@ -473,9 +473,17 @@ find_recommended_choices (const char *scheme, + int i; + + info = g_app_info_get_default_for_type (content_type, FALSE); +- *default_app = get_app_id (info); + +- g_debug ("Default handler %s for %s, %s", *default_app, scheme, content_type); ++ if (info != NULL) ++ { ++ *default_app = get_app_id (info); ++ g_debug ("Default handler %s for %s, %s", *default_app, scheme, content_type); ++ } ++ else ++ { ++ *default_app = NULL; ++ g_debug ("No default handler for %s, %s", scheme, content_type); ++ } + + infos = g_app_info_get_recommended_for_type (content_type); + /* Use fallbacks if we have no recommended application for this type */ diff --git a/xdg-desktop-portal.changes b/xdg-desktop-portal.changes index fafcd99..87134c1 100644 --- a/xdg-desktop-portal.changes +++ b/xdg-desktop-portal.changes @@ -1,3 +1,19 @@ +------------------------------------------------------------------- +Mon Apr 6 11:49:59 UTC 2020 - Antonio Larrosa + +- Add patch from upstream to fix a use-after-free case: + * 0001-Fix-use-after-free-in-xdg_get_app_info_from_pid.patch + +- Add patch from upstream to add AssumedAppArmorLabel key to D-Bus + service files to allow sandboxed processes to activate the portal + services if the sandbox makes use of AppArmor D-Bus mediation + rules that depend on the service's security label: + * 0002-add-AssumedAppArmorLabel-key-to-D-Bus-service-files.patch + +- Add patch from upstream to fix a null pointer usage when no + default handler is set for desired type: + * 0003-Fix-criticals-if-no-default-handler-for-desired-type.patch + ------------------------------------------------------------------- Fri Feb 21 13:17:51 UTC 2020 - Bjørn Lie diff --git a/xdg-desktop-portal.spec b/xdg-desktop-portal.spec index 762faf7..77131d4 100644 --- a/xdg-desktop-portal.spec +++ b/xdg-desktop-portal.spec @@ -26,6 +26,9 @@ URL: https://github.com/flatpak/xdg-desktop-portal Source0: %{url}/releases/download/%{version}/%{name}-%{version}.tar.xz # PATCH-FEATURE-UPSTREAM xdg-dp-port-pipewire-3-api.patch -- Port to use new pipewire-3.0 api Patch0: xdg-dp-port-pipewire-3-api.patch +Patch1: 0001-Fix-use-after-free-in-xdg_get_app_info_from_pid.patch +Patch2: 0002-add-AssumedAppArmorLabel-key-to-D-Bus-service-files.patch +Patch3: 0003-Fix-criticals-if-no-default-handler-for-desired-type.patch BuildRequires: libtool BuildRequires: pkgconfig