gnome-base/nautilus: fix CVE-2019-11461

Bug: https://bugs.gentoo.org/692784
Package-Manager: Portage-2.3.62, Repoman-2.3.12
Signed-off-by: Mart Raudsepp <leio@gentoo.org>

1 files changed, 30 insertions, 0 deletions

diff --git a/gnome-base/nautilus/files/3.30.5-CVE-2019-11461.patch b/gnome-base/nautilus/files/3.30.5-CVE-2019-11461.patch
new file mode 100644
index 000000000000..6c2d061123fa
--- /dev/null
+++ b/gnome-base/nautilus/files/3.30.5-CVE-2019-11461.patch
@@ -0,0 +1,30 @@
+From 83949ed5800ec99953f5ee8d2bf8b90a69daa850 Mon Sep 17 00:00:00 2001
+From: Michael Catanzaro <mcatanzaro@igalia.com>
+Date: Sat, 13 Apr 2019 13:57:36 -0500
+Subject: [PATCH] thumbnailer: fix incomplete TIOCSTI filtering
+
+Fixes #112
+
+See also: https://github.com/flatpak/flatpak/issues/2782
+---
+ libgnome-desktop/gnome-desktop-thumbnail-script.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+leio: Adjusted to apply to nautilus copy
+
+diff --git a/libgnome-desktop/gnome-desktop-thumbnail-script.c b/libgnome-desktop/gnome-desktop-thumbnail-script.c
+index 9468b51c..3b3d1ea9 100644
+--- a/src/gnome-desktop/gnome-desktop-thumbnail-script.c
++++ b/src/gnome-desktop/gnome-desktop-thumbnail-script.c
+@@ -343,7 +343,7 @@ setup_seccomp (GPtrArray  *argv_array,
+     {SCMP_SYS (clone), &SCMP_A0 (SCMP_CMP_MASKED_EQ, CLONE_NEWUSER, CLONE_NEWUSER)},
+ 
+     /* Don't allow faking input to the controlling tty (CVE-2017-5226) */
+-    {SCMP_SYS (ioctl), &SCMP_A1(SCMP_CMP_EQ, (int)TIOCSTI)},
++    {SCMP_SYS (ioctl), &SCMP_A1(SCMP_CMP_MASKED_EQ, 0xFFFFFFFFu, (int)TIOCSTI)},
+   };
+ 
+   struct
+-- 
+2.20.1
+