mirror/flatpak
1
0
Fork 0
mirror of https://github.com/flatpak/flatpak.git synced 2026-03-09 18:50:10 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
5daba75daf666a31ea3609338177342b4f462ffa
flatpak/common
History
Ryan Gonzalez 5daba75daf Fix metadata file contents after null terminators being ignored 
In particular, if a null terminator is placed inside the metadata file,
Flatpak will only compare the text *before* it to the value of
xa.metadata, but the full file will be parsed when permissions are set
at runtime. This means that any app can include a null terminator in its
permissions metadata, and Flatpak will only show the user the
permissions *preceding* the terminator during install, but the
permissions *after* the terminator are applied at runtime.

Fixes GHSA-qpjc-vq3c-572j / CVE-2021-43860

Signed-off-by: Ryan Gonzalez <ryan.gonzalez@collabora.com>
(cherry picked from commit c9c3a667c09a846c0b230cf1cc8ed330028aa03c)
2022-01-12 11:52:15 +01:00
..
flatpak-appdata-private.h
flatpak-appdata: Add support for extracting app content ratings
2019-10-03 10:42:04 +02:00
flatpak-appdata.c
appdata: Fix leak of id string.
2019-12-19 16:52:58 +01:00
flatpak-auth-private.h
authenticator: Fix sandboxed authenticators
2019-12-19 10:33:21 +01:00
flatpak-auth.c
By default, always try to auth to OCI remotes
2020-05-04 16:32:22 +02:00
flatpak-bundle-ref.c
decompose: Use FlatpakDecomposed for bundles
2020-11-10 14:32:13 +01:00
flatpak-bundle-ref.h
Add G_BEGIN_DECLS/G_END_DECLS to public headers
2021-02-12 15:58:09 +01:00
flatpak-bwrap-private.h
run: Create a shared XDG_RUNTIME_DIR for each app-ID
2021-04-16 09:13:18 +02:00
flatpak-bwrap.c
run: Create a shared XDG_RUNTIME_DIR for each app-ID
2021-04-16 09:13:18 +02:00
flatpak-chain-input-stream-private.h
Don't use deprecated g_type_class_add_private API
2019-09-19 16:53:11 +00:00
flatpak-chain-input-stream.c
Don't use deprecated g_type_class_add_private API
2019-09-19 16:53:11 +00:00
flatpak-common-types-private.h
Add an option to share the pid namespace with the parent flatpak
2021-01-12 09:55:23 +01:00
flatpak-context-private.h
context: Factor out functions to parse an environment block
2021-05-25 11:11:03 +02:00
flatpak-context.c
context: Factor out functions to parse an environment block
2021-05-25 11:11:03 +02:00
flatpak-dir-private.h
Change how automatic pinning is implemented
2022-01-11 11:51:02 +01:00
flatpak-dir.c
Fix metadata file contents after null terminators being ignored
2022-01-12 11:52:15 +01:00
flatpak-enum-types.c.template
Fix build with GCC 11
2021-01-11 11:05:57 +01:00
flatpak-enum-types.h.template
Merge lib/* into common
2018-05-24 11:59:52 +00:00
flatpak-error.c
Run uncrustify
2019-02-25 18:12:30 +00:00
flatpak-error.h
common: Tweak error code docs
2021-02-09 09:36:59 +01:00
flatpak-exports-private.h
tests: Exercise failure to export a broken autofs
2021-08-02 08:37:25 +02:00
flatpak-exports.c
Handle /var/tmp mounts when it is a symlink
2021-09-23 09:57:33 +02:00
flatpak-installation-private.h
Export (private) flatpak_installation_get_dir()
2019-10-02 14:57:11 +02:00
flatpak-installation.c
Change how automatic pinning is implemented
2022-01-11 11:51:02 +01:00
flatpak-installation.h
flatpak-installation: Fix some typos in documentation comments
2021-06-14 15:30:59 +01:00
flatpak-installed-ref-private.h
installation: Use the FlatpakDecomposed APIs to create FlatpakRef:s
2020-11-05 10:43:10 +01:00
flatpak-installed-ref.c
flatpak-installed-ref: Add annotation to content rating table
2020-12-14 11:25:16 +01:00
flatpak-installed-ref.h
Add G_BEGIN_DECLS/G_END_DECLS to public headers
2021-02-12 15:58:09 +01:00
flatpak-instance-private.h
run: Create a shared XDG_RUNTIME_DIR for each app-ID
2021-04-16 09:13:18 +02:00
flatpak-instance.c
run: Create a shared XDG_RUNTIME_DIR for each app-ID
2021-04-16 09:13:18 +02:00
flatpak-instance.h
Add G_BEGIN_DECLS/G_END_DECLS to public headers
2021-02-12 15:58:09 +01:00
flatpak-json-oci-private.h
oci: Add helpers to parse OCI delta index and manifest
2020-06-05 09:35:30 +02:00
flatpak-json-oci.c
OCI: Also look for the docker media type when looking manifests
2020-06-11 15:57:39 +02:00
flatpak-json-private.h
Cache the downloaded registry index in compressed form
2018-08-09 12:49:36 +00:00
flatpak-json.c
common: Don't shadow parameter variables
2020-03-16 09:29:31 +01:00
flatpak-oci-registry-private.h
oci: Handle io.github.containers.DeltaUrl in index
2020-06-05 09:35:30 +02:00
flatpak-oci-registry.c
oci-registry: Fix error reporting
2021-04-16 14:49:15 +02:00
flatpak-parental-controls-private.h
dir: Support filtering app installs/upgrades by user’s OARS settings
2019-10-03 10:42:04 +02:00
flatpak-parental-controls.c
parental-controls: fix read of uninitialized variable
2019-11-08 00:30:44 +09:00
flatpak-portal-error.c
common: Move flatpak-portal-error.[ch] back to common code
2018-04-26 07:41:17 +00:00
flatpak-portal-error.h
doc: Document FlatpakPortalError
2019-12-01 14:04:59 -05:00
flatpak-progress-private.h
FlatpakProgress: Clean up APIs for handling extra data
2020-03-27 17:23:13 +01:00
flatpak-progress.c
common: Fix several memory leaks
2021-05-04 10:23:13 +02:00
flatpak-prune-private.h
Add (and use) custom, high-perfomance prune implementation
2021-04-26 10:30:14 +02:00
flatpak-prune.c
Add (and use) custom, high-perfomance prune implementation
2021-04-26 10:30:14 +02:00
flatpak-ref-utils-private.h
decomposed: Add flatpak_decomposed_id_is_subref_of()
2020-11-16 11:23:10 +01:00
flatpak-ref-utils.c
ref-utils: Remove dead store
2021-04-19 09:09:04 +02:00
flatpak-ref.c
common: Update FlatpakRef docs with respect to uniqueness
2021-02-09 09:34:47 +01:00
flatpak-ref.h
Add G_BEGIN_DECLS/G_END_DECLS to public headers
2021-02-12 15:58:09 +01:00
flatpak-related-ref-private.h
Drop more collection_id use
2020-03-23 17:58:04 +01:00
flatpak-related-ref.c
Pedantic typo fix
2022-01-04 11:43:51 +00:00
flatpak-related-ref.h
Add G_BEGIN_DECLS/G_END_DECLS to public headers
2021-02-12 15:58:09 +01:00
flatpak-remote-private.h
lib: Only support FLATPAK_REMOTE_TYPE_STATIC remote types
2020-03-25 08:52:28 +01:00
flatpak-remote-ref-private.h
installation: Use the FlatpakDecomposed APIs to create FlatpakRef:s
2020-11-05 10:43:10 +01:00
flatpak-remote-ref.c
installation: Use the FlatpakDecomposed APIs to create FlatpakRef:s
2020-11-05 10:43:10 +01:00
flatpak-remote-ref.h
Add G_BEGIN_DECLS/G_END_DECLS to public headers
2021-02-12 15:58:09 +01:00
flatpak-remote.c
More fully reset remote in unit tests
2020-07-21 08:59:22 +02:00
flatpak-remote.h
Add G_BEGIN_DECLS/G_END_DECLS to public headers
2021-02-12 15:58:09 +01:00
flatpak-run-private.h
run: Share /tmp between all instances of an app-ID
2021-04-15 18:00:47 +02:00
flatpak-run.c
run: Document shortcomings of PulseAudio server string parsing
2022-01-04 10:44:37 -08:00
flatpak-syscalls-private.h
common: Add a list of recently-added Linux syscalls
2021-10-08 12:53:20 +02:00
flatpak-transaction-private.h
Transaction: Ensure we download the subsummary for the arch of added refs
2021-05-19 09:49:30 +02:00
flatpak-transaction.c
Fix metadata file contents after null terminators being ignored
2022-01-12 11:52:15 +01:00
flatpak-transaction.h
Add G_BEGIN_DECLS/G_END_DECLS to public headers
2021-02-12 15:58:09 +01:00
flatpak-utils-base-private.h
common: Add a backport of G_DBUS_METHOD_INVOCATION_HANDLED
2020-12-09 08:34:19 +01:00
flatpak-utils-base.c
utils: Document that flatpak_canonicalize_filename() does not do I/O
2021-08-02 08:37:25 +02:00
flatpak-utils-http-private.h
http-utils: Stop exporting an internal error quark
2020-08-10 15:20:59 +02:00
flatpak-utils-http.c
Re-enable HTTP compression
2022-01-11 11:51:02 +01:00
flatpak-utils-private.h
Retrieve user languages for all locale categories
2021-09-17 09:23:52 +02:00
flatpak-utils.c
Fix metadata file contents after null terminators being ignored
2022-01-12 11:52:15 +01:00
flatpak-version-macros.h.in
doc: Fix a duplicate section
2019-12-02 07:45:51 -05:00
flatpak-zstd-decompressor-private.h
Add FlatpakZstdDecompressor converter (and libzstd dep)
2020-06-05 09:35:30 +02:00
flatpak-zstd-decompressor.c
oci: Make libzstd optional (and disable OCI deltas if not there)
2020-06-05 09:35:30 +02:00
flatpak.c
Merge lib/* into common
2018-05-24 11:59:52 +00:00
flatpak.h
Make FlatpakInstance api public
2018-10-08 08:36:23 +00:00
Makefile.am.inc
common: Add a list of recently-added Linux syscalls
2021-10-08 12:53:20 +02:00
test-lib.c
Avoid shadowing local variables
2020-09-15 08:58:49 +02:00
valgrind-private.h
Fix misspellings
2019-04-08 12:50:42 +00:00