ahill/flatpak
1
0
Fork 0
mirror of https://github.com/flatpak/flatpak.git synced 2026-01-26 22:22:22 +00:00
Code Issues Packages Projects Releases Wiki Activity
flatpak/app
History
Simon McVittie 1ce18b44df build: Convert environment into a sequence of bwrap arguments 
This means we can systematically pass the environment variables
through bwrap(1), even if it is setuid and thus is filtering out
security-sensitive environment variables. bwrap itself ends up being
run with an empty environment instead.

This fixes a regression when CVE-2021-21261 was fixed: before the
CVE fixes, LD_LIBRARY_PATH would have been passed through like this
and appeared in the `flatpak build` shell, but during the CVE fixes,
the special case that protected LD_LIBRARY_PATH was removed in favour
of the more general flatpak_bwrap_envp_to_args(). That reasoning only
works if we use flatpak_bwrap_envp_to_args(), consistently, everywhere
that we run the potentially-setuid bwrap.

Fixes: 6d1773d2 "run: Convert all environment variables into bwrap arguments"
Resolves: https://github.com/flatpak/flatpak/issues/4080
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980323
Signed-off-by: Simon McVittie <smcv@collabora.com>
(cherry picked from commit 9a61d2c44f0a58cebcb9b2787ae88db07ca68bb0)
2021-02-09 13:43:53 +01:00
..
flatpak-builtins-build-bundle.c
build-bundle: Reorder options
2019-01-03 22:22:48 +00:00
flatpak-builtins-build-commit-from.c
build-commit-from: Fix the collection-ref binding
2019-02-01 16:48:09 +00:00
flatpak-builtins-build-export.c
build-export: Allow sandboxing on icon validator to be disabled
2019-01-31 14:02:24 +00:00
flatpak-builtins-build-finish.c
build-finish: Validate --require-version argument
2019-01-11 18:32:44 +00:00
flatpak-builtins-build-import-bundle.c
build-import-bundle: Improve error handling
2018-10-17 17:54:03 -04:00
flatpak-builtins-build-init.c
build-init: use the sdk branch from the sdk ref when checking extensions
2019-02-04 09:51:54 +00:00
flatpak-builtins-build-sign.c
common: Rename all private headers to *-private.h
2018-05-24 11:59:52 +00:00
flatpak-builtins-build-update-repo.c
build-update-repo: Add --static-delta-jobs option
2018-12-12 16:15:16 +00:00
flatpak-builtins-build.c
build: Convert environment into a sequence of bwrap arguments
2021-02-09 13:43:53 +01:00
flatpak-builtins-config.c
config: Make --list and --get work on empty repos
2019-01-14 11:10:17 +00:00
flatpak-builtins-create-usb.c
Consistently use Unicode ellipsis
2018-12-21 08:07:25 +00:00
flatpak-builtins-document-export.c
common: Rename all generated files to *-dbus-generated.[ch]
2018-05-24 11:59:52 +00:00
flatpak-builtins-document-info.c
common: Rename all generated files to *-dbus-generated.[ch]
2018-05-24 11:59:52 +00:00
flatpak-builtins-document-list.c
table printer: Redo column handling
2019-01-14 13:35:56 +00:00
flatpak-builtins-document-unexport.c
common: Rename all generated files to *-dbus-generated.[ch]
2018-05-24 11:59:52 +00:00
flatpak-builtins-enter.c
Consistently use Unicode ellipsis
2018-12-21 08:07:25 +00:00
flatpak-builtins-history.c
table printer: Redo column handling
2019-01-14 13:35:56 +00:00
flatpak-builtins-info.c
info, remote-info: Use print_wrapped
2019-01-21 09:01:22 +00:00
flatpak-builtins-install.c
install: Don't fail completion on empty repos
2019-01-14 11:10:17 +00:00
flatpak-builtins-kill.c
Add a kill command
2018-10-10 06:28:28 +00:00
flatpak-builtins-list.c
Fix flatpak-list --arch
2019-03-26 11:01:56 +01:00
flatpak-builtins-make-current.c
make-current: Don't fail completion on empty repos
2019-01-14 11:10:17 +00:00
flatpak-builtins-override.c
override: Don't fail completion on empty repos
2019-01-14 11:10:17 +00:00
flatpak-builtins-permission-list.c
Fix a thinko in the permission commands
2018-09-25 12:17:16 +00:00
flatpak-builtins-permission-remove.c
Fix a thinko in the permission commands
2018-09-25 12:17:16 +00:00
flatpak-builtins-permission-reset.c
Export a reset-permission utility
2018-11-14 17:15:42 +00:00
flatpak-builtins-permission-show.c
Fix a thinko in the permission commands
2018-09-25 12:17:16 +00:00
flatpak-builtins-ps.c
table printer: Redo column handling
2019-01-14 13:35:56 +00:00
flatpak-builtins-remote-add.c
app: Support DeployCollectionID in flatpakrepo
2019-01-15 23:43:43 +00:00
flatpak-builtins-remote-delete.c
remote-delete: Avoid a "remote not found" error when deleting an -origin remote
2019-01-21 22:02:35 +00:00
flatpak-builtins-remote-info.c
info, remote-info: Use print_wrapped
2019-01-21 09:01:22 +00:00
flatpak-builtins-remote-list.c
table printer: Redo column handling
2019-01-14 13:35:56 +00:00
flatpak-builtins-remote-ls.c
table printer: Redo column handling
2019-01-14 13:35:56 +00:00
flatpak-builtins-remote-modify.c
Split a file
2018-09-26 09:02:42 +00:00
flatpak-builtins-repair.c
repair: Only warn about non-existing remotes for normal refs.
2019-01-18 15:02:56 +00:00
flatpak-builtins-repo.c
Remove no longer needed #define directives
2019-01-15 20:02:17 +00:00
flatpak-builtins-run.c
run: Don't fail completion on empty repos
2019-01-14 11:10:17 +00:00
flatpak-builtins-search.c
table printer: Redo column handling
2019-01-14 13:35:56 +00:00
flatpak-builtins-uninstall.c
uninstall: Deal with empty installations
2019-01-16 00:30:52 +00:00
flatpak-builtins-update.c
Make the Nothing to do. string translatable
2019-01-31 15:19:29 +01:00
flatpak-builtins-utils.c
Handle versions of appstream-glib prior to 0.5.15
2019-01-29 10:19:28 +00:00
flatpak-builtins-utils.h
Move flatpak_dir_load_appstream_store
2019-01-14 15:06:41 +00:00
flatpak-builtins.h
Add some internal docs
2019-01-08 00:11:41 +00:00
flatpak-cli-transaction.c
Fix missing translatable string
2019-02-25 22:12:19 +00:00
flatpak-cli-transaction.h
Drop flatpak_cli_transaction_was_aborted
2019-01-11 11:42:13 +00:00
flatpak-complete.c
Turn off completion debug
2019-01-21 22:16:34 +00:00
flatpak-complete.h
completion: Add an api to complete columns
2019-01-11 14:00:59 +00:00
flatpak-main.c
Don't register polkit agent if we cannot connect to system bus
2019-09-19 09:48:54 +00:00
flatpak-polkit-agent-text-listener.c
polkit: Ignore deprecations
2019-01-11 22:34:24 +00:00
flatpak-polkit-agent-text-listener.h
Add our own polkit listener implementation
2018-12-06 15:01:14 +00:00
flatpak-quiet-transaction.c
Add FlatpakQuietTransaction
2019-01-11 11:42:13 +00:00
flatpak-quiet-transaction.h
Add FlatpakQuietTransaction
2019-01-11 11:42:13 +00:00
flatpak-table-printer.c
table printer: Redo column handling
2019-01-14 13:35:56 +00:00
flatpak-table-printer.h
table printer: Redo column handling
2019-01-14 13:35:56 +00:00
Makefile.am.inc
build-export: Use the icon validator
2019-01-17 07:27:31 +00:00
parse-datetime.h
Run uncrustify
2018-07-08 10:05:37 +00:00
parse-datetime.y
Import parse_timestamp() from ostree
2018-04-04 15:08:49 +00:00