Sync from SUSE:SLFO:Main flatpak revision f0512d3cfa0624058043426c72ebed30

2024-10-23 11:53:50 +02:00 · 2024-10-23 11:53:50 +02:00 · ac14c8d56c
commit ac14c8d56c
parent bf0d02d9ec
7 changed files with 42 additions and 466 deletions
--- a/flatpak-1.14.10.tar.xz
+++ b/flatpak-1.14.10.tar.xz
--- a/flatpak-1.15.10.tar.xz
+++ b/flatpak-1.15.10.tar.xz
--- a/flatpak.changes
+++ b/flatpak.changes
@ -5,340 +5,21 @@ Wed Oct  2 15:16:49 UTC 2024 - Robert Frohl <rfrohl@suse.com>
  selinux_relabel_* in scriptlets to work on other codestreams
 -------------------------------------------------------------------
-Wed Aug 14 16:07:15 UTC 2024 - Bjørn Lie <bjorn.lie@gmail.com>
+Wed Aug 16 21:07:12 UTC 2024 - Cliff Zhao <qzhao@suse.com>
- Update to version 1.15.10:
+- Update to version 1.14.10
-  + Dependencies: In distributions that compile Flatpak to use a
+* Dependencies: In distributions that compile Flatpak to use a
-    separate bubblewrap (bwrap) executable, version 0.10.0 is
+  separate bubblewrap (bwrap) executable, either version 0.10.0,
-    required. This version adds a new feature which is required by
+  version 0.6.x ≥ 0.6.3, or a version with a backport of the
-    the security fix in this release.
+  --bind-fd option is required. These versions add a new feature
-  + Security fixes: Don't follow symbolic links when mounting
+  which is required by the security fix in this release.
 * Security fixes: Don't follow symbolic links when mounting
  persistent directories (--persist option). This prevents a
  sandbox escape where a malicious or compromised app could edit
-    the symlink to point to a directory that the app should not
+  the symlink to point to a directory that the app should not have
-    have been allowed to read or write. (CVE-2024-42472,
+  been allowed to read or write. (CVE-2024-42472, GHSA-7hgv-f2j8-xw87)
-    GHSA-7hgv-f2j8-xw87, bsc#1229157)
+* Documentation: Mark the 1.12.x and 1.10.x branches as end-of-life (#5352)
-  + Documentation: Mark the 1.12.x and 1.10.x branches as
+  (bsc#1229157, CVE-2024-42472)
    end-of-life
  + Other bug fixes: Fix several memory leaks
  + Internal changes:
    - Record a log file when running build-time tests with
      AddressSanitizer
    - Add initial suppressions file for AddressSanitizer
 -------------------------------------------------------------------
 Thu Aug  8 12:33:34 UTC 2024 - Imo Hester <vortex@z-ray.de>
 - As per documentation from flatpak 1.0: add weak dep on
  p11-kit-server for certificate transfer (boo#1188902)
 -------------------------------------------------------------------
 Fri Jun 14 13:51:38 UTC 2024 - pgajdos@suse.com
 - remove dependency on /usr/bin/python3 using
  %python3_fix_shebang macro, [bsc#1212476]
 -------------------------------------------------------------------
 Tue Apr 23 13:23:52 UTC 2024 - Robert Frohl <rfrohl@suse.com>
 - disable parental controls for now by using '-Dmalcontent=disabled', to work around
  issues with xdg-desktop-portal
 -------------------------------------------------------------------
 Fri Apr 19 08:05:28 UTC 2024 - Robert Frohl <rfrohl@suse.com>
 - Update to version 1.15.8:
  + Security fixes:
    - Don't allow an executable name to be misinterpreted as a
      command-line option for bwrap(1). This prevents a sandbox
      escape where a malicious or compromised app could ask
      xdg-desktop-portal to generate a .desktop file with access to
      files outside the sandbox. (CVE-2024-32462, boo#1223110).
  + Other bug fixes:
    - Pass the -export-dynamic linker option as
      -Wl,-export-dynamic, fixing build failures with clang 18 and
      lld 18.
    - Fix a double-free when installation is cancelled.
    - Fix installed-tests failure with "FUSERMOUNT: unbound
      variable".
 - Changes from version 1.15.7:
  + New features:
    - Automatically remove obsolete driver versions and other
      autopruned refs.
    - --socket=inherit-wayland-socket.
    - Automatically reload D-Bus session bus configuration after
      installing or upgrading apps, to pick up any exported D-Bus
      services.
  + Bug fixes:
    - Don't parse <developer><name/></developer> as the application
      name.
    - Don't refuse to start apps when there is no D-Bus system bus
      available.
    - Don't try to repeat migration of apps whose data was migrated
      to a new name and then deleted.
    - Improve handling of mixed locales on systems with
      systemd-localed.
    - Improve display of ellipsized columns in wide terminals.
    - Make flatpak info -e look for extensions in all
      installations.
    - Fix warnings from newer GLib versions.
    - Always set the container environment variable.
    - Always let the app inherit redirected file descriptors.
    - In flatpak ps, add xdg-desktop-portal-gnome to the list of
      backends we'll use to learn which apps are running in the
      background.
    - Don't use WAYLAND_SOCKET unless given
      --socket=inherit-wayland-socket.
    - Use fusermount3 if compiled with FUSE 3, overridable with
      -Dsystem_fusermount compile-time option.
    - Avoid leaking a temporary variable from
      /etc/profile.d/flatpak.sh into the shell environment.
    - Improve async-signal safety.
    - Fix various memory leaks.
    - Avoid undefined behaviour of signed left-shift when storing
      object IDs in a hash table.
    - Detect the correct gtk-doc when cross-compiling.
    - Detect the correct wayland-scanner when cross-compiling.
    - Documentation improvements.
    - Skip more tests when FUSE isn't available.
    - Updated translations.
 - Add libglnx.patch: fix meson function detection.
 - Switch build system to meson:
  + Add meson BuildRequires.
  + Switch configure/make_build/make_install macros to
    meson/meson_build/meson_install, preserving the configure
    parameters as close as possible:
    --disable-silent-rules => obsoleted
    --with-system-bubblewrap => -Dsystem_bubblewrap=bwrap
    --with-curl => -Dhttp_backend=curl
 - Add pkgconfig(malcontent-0) BuildRequires: enable malcontent
  support.
 -------------------------------------------------------------------
 Tue Mar 19 08:06:34 UTC 2024 - Antonio Larrosa <alarrosa@suse.com>
 - Make flatpak-remote-flathub only supplement flatpak in TW
  (bsc#1221662).
 -------------------------------------------------------------------
 Thu Mar  7 11:21:12 UTC 2024 - Antonio Larrosa <alarrosa@suse.com>
 - Add a flatpak-selinux subpackage that provides a SELinux policy
  module (boo#1220591).
 -------------------------------------------------------------------
 Tue Nov 14 19:34:15 UTC 2023 - Bjørn Lie <bjorn.lie@gmail.com>
 - Update to version 1.15.6:
  + In distributions that compile Flatpak to use a separate
    bubblewrap (bwrap) executable, version 0.8.0 is now required.
  + Enabling the optional Wayland security context feature requires
    libwayland-client, wayland-scanner >= 1.15 and
    wayland-protocols >= 1.32.
  + Add --device=input, for access to evdev devices in /dev/input
  + Update bundled copy of bubblewrap to version 0.8.0, and rely on
    its features:
  + Improve error message if seccomp is disabled in kernel config
  + Security hardening: set user namespace limit to 0, to prevent
    creation of nested user namespaces in a more robust way
  + For subsandboxes started by flatpak-portal, inherit
    environment variables from the flatpak run that started the
    original instance rather than from flatpak-portal, fixing
    behaviour of FLATPAK_GL_DRIVERS and similar features
  + Stop http transfers if a download in progress becomes very slow
  + Make it easier to configure extra languages, by picking them up
    from AccountsService if configured there
  + Add new flatpak_transaction_add_rebase_and_uninstall() API,
    allowing end-of-life apps to be replaced by their intended
    replacement more reliably
  + Create a private Wayland socket with the "security context"
    extension if available, allowing the compositor to identify
    connections from sandboxed apps as belonging to the sandbox
  + Update libglnx to 2023-08-29
  + Use features of newer GLib versions if available
  + Turn off system-level crash reporting infrastructure during
    some unit tests that involve intentional assertion failures
  + Add anchors to link to sections of flatpak-metadata
    documentation
  + Bug fixes:
    - Avoid warnings processing symbolic links with GLib >= 2.77.0,
      and with GLib 2.76.0 (GLib 2.76.1 or later silences these
      warnings)
    - Bypass page cache for backend requests in revokefs, fixing
      installation errors with libostree 2023.4
    - Show AppStream metadata in flatpak remote-info as intended
    - Don't let Flatpak apps inherit VK_DRIVER_FILES or
      VK_ICD_FILENAMES from the host system, which would be wrong
      for the sandbox
    - Fix build failure with prereleases of libappstream 0.17.x
    - Forward-compatibility with libappstream 1.0
    - Fix installation with Meson if configured with
      -Dauto_sideloading=true
    - Fix a memory leak
    - Fix compiler warnings
    - Make the tests fail more comprehensibly if a required tool is
      missing
    - Clean up /var/tmp/flatpak-cache-* directories on boot
    - Don't force GIO_USE_VFS=local for programs launched via
      flatpak-spawn
    - Clarify documentation for D-Bus name ownership
   + Internal changes:
     - Split up large source files into smaller modules, reducing
       internal circular dependencies
     - Re-synchronize code backported from GLib with the version in
       GLib
     - Clarify documentation for D-Bus name ownership
     - Make the flags used to apply "extra data" clearer
     - Use glnx_opendirat() where possible
  + Updated translations.
 - Add pkgconfig(wayland-client), pkgconfig(wayland-scanner) and
  pkgconfig(wayland-protocols) BuildRequires and pass
  with-wayland-security-context=yes to configure: Enable the
  optional Wayland security context.
 -------------------------------------------------------------------
 Wed Aug  2 20:23:29 UTC 2023 - Luciano Santos <luc14n0@opensuse.org>
 - Add update-user-flatpaks service and timer Systemd units - based
  on update-system-flatpaks.{service,timer} - to help users keep
  their user installed flatpaks up to date.
 - Prefix /etc/flatpak/remotes.d/flathub.flatpakrepo with %config
  macro to mark it as a configuration file.
 -------------------------------------------------------------------
 Fri Mar 17 16:20:57 UTC 2023 - Bjørn Lie <bjorn.lie@gmail.com>
 - Update to version 1.15.4 (CVE-2023-28101, CVE-2023-28100):
  + Escape special characters when displaying permissions and
    metadata, preventing malicious apps from manipulating the
    appearance of the permissions list using crafted metadata
    (CVE-2023-28101, bsc#1209410).
  + If a Flatpak app is run on a Linux virtual console (tty1, tty2,
    etc.), don't allow copy/paste via the TIOCLINUX ioctl
    (CVE-2023-28100, bsc#1209411). Note that this is specific to virtual
    consoles: Flatpak is not vulnerable to this if run from a
    graphical terminal emulator such as xterm, gnome-terminal or
    Konsole.
  + Document the path used for flatpak override.
  + Updated translations.
 -------------------------------------------------------------------
 Fri Mar 17 10:06:34 UTC 2023 - Bjørn Lie <bjorn.lie@gmail.com>
 - Update to version 1.15.3:
  + Build system: Building this version of Flatpak with Meson is
    recommended. The source release flatpak-1.15.3.tar.xz no longer
    contains Autotools-generated files, although this version can
    still be built using Autotools after running ./autogen.sh.
    Future versions are likely to remove the Autotools buildsystem.
  + Bug fixes:
    - When splitting an upgrade into two steps (download without
      installing, and then upgrade without allowing further
      downloads) like GNOME Software does, if an app is marked EOL
      and superseded by a replacement, don't remove the superseded
      app in the first step, which would result in the replacement
      incorrectly not being installed.
    - Fix a crash when --socket=gpg-agent is used.
    - Fix a crash when listing apps if one of them is broken or
      misconfigured.
    - If an app has invalid syntax in its overrides or metadata,
      mention the filename in the error message.
    - Unset $GDK_BACKEND for apps, ensuring GTK apps with
      --socket=fallback-x11 can work.
    - Fix a deprecation warning when compiled with curl >= 7.85.
  + Updated translations.
  + Internal changes: Better diagnostic messages for why runtimes
    are or are not considered unused.
 - Changes from version 1.15.2:
  + Bug fixes:
    - Never try to export a parent of reserved directories as a
      --filesystem, for example /run, which would prevent the app
      from starting.
    - Never try to export a --filesystem below /run/flatpak or
      /run/host, which could similarly prevent the app from
      starting.
    - The above change also fixes apps not starting if a
      --filesystem is a symlink to the root directory.
    - Show a warning when the --filesystem exists but cannot be
      shared with the sandbox.
    - Display the intended messages for flatpak repair.
    - Exporting an app to an existing repository on a CIFS
      filesystem now works as intended.
    - Unset $GIO_EXTRA_MODULES for apps, avoiding misbehaviour in
      some GLib apps when set to a path on the host.
    - Unset $XKB_CONFIG_ROOT for apps, avoiding crashes in GTK and
      Qt apps under Wayland when this variable is set to a path not
      available in the sandbox.
    - When using the fish shell, avoid duplicate XDG_DATA_DIRS
      entries if the profile script is sourced more than once.
    - Update included copy of bubblewrap to 0.7.0 for better error
      messages.
    - Install SELinux files correctly when building with Meson
  + Internal changes:
    - Update included copy of libglnx
    - flatpak -v now uses the INFO log level, and flatpak -vv uses
      the DEBUG log level in the flatpak log domain. Previously,
      the extra messages that were logged by flatpak -vv were in a
      separate "flatpak2" log domain. G_MESSAGES_DEBUG=flatpak
      previously had an effect similar to flatpak -v, and is now
      more similar to flatpak -vv.
 - Changes from version 1.15.1:
  + Dependencies: When building with Meson, gpgme 1.8.0 is now
    required. Older versions can still be used by building with
    Autotools.
  + Features: If an old temporary deploy directory was leaked by
    versions before #5146, clean it up the next time the same app
    is updated.
  + Bug fixes:
    - If an app update is blocked by parental controls policies,
      clean up the temporary deploy directory.
    - Fix Autotools build with versions of gpgme that no longer
      provide gpgme-config(1).
    - Fix a possible parallel build failure with Meson.
    - Fix a compiler warning on 32-bit architectures.
    - When building with Autotools, be more consistent about
      applying compiler warning flags.
    - Unset $TEMP, $TEMPDIR and $TMP for apps, the same as $TMPDIR.
    - Treat /efi the same as /boot/efi.
 - Changes from version 1.15.0:
  + Build system:
    - Flatpak can now be compiled using Meson instead of Autotools.
      This requires Meson 0.53.0 or later, and Python 3.5 or later.
    - The Autotools build system is likely to be removed during
      either the 1.15.x or 1.17.x cycle.
  + New features:
    - Allow the modify_ldt system call as part of
      --allow=multiarch. This increases attack surface, but is
      required when running 16-bit executables in some versions of
      Wine.
    - Share gssproxy socket, which acts like a portal for Kerberos
      authentication. This lets apps use Kerberos authentication
      without needing a sandbox hole.
    - Add a httpbackend variable to flatpak.pc, allowing dependent
      projects like GNOME Software to detect whether they are
      compatible with libflatpak.
  + Bug fixes:
    - Terminate the flatpak-session-helper and flatpak-portal
      services when the session ends, so that applications will not
      inherit outdated Wayland and X11 socket addresses.
    - When using fish shell, don't overwrite a previously-set
      XDG_DATA_DIRS.
    - Don't try to enable HTTP 2 if linked to a libcurl version
      that doesn't support it.
    - Stop systemd reporting the session-helper as failed when
      terminated by a signal.
    - Fix a warning when listing a document with no permissions.
    - Fix compilation with GLib 2.66.x (as used in Debian 11).
    - Fix compilation with GLib 2.58.x (as used in Debian 10).
    - Make generated files more reproducible.
  + Internal changes:
    - Update project logo in README.
    - Update libglnx subproject.
  + Updated translations.
 - Add libtool BuildRequires and pass autogen.sh, bootstrapping
  build is now needed.
 - Add gtk-doc and xmlto BuildRequires and pass enable-documentation
  and enable-gtk-doc to configure, building documentation manually.
 -------------------------------------------------------------------
 Thu Mar 16 16:15:42 UTC 2023 - Bjørn Lie <bjorn.lie@gmail.com>
--- a/flatpak.spec
+++ b/flatpak.spec
@ -1,7 +1,7 @@
 #
 # spec file for package flatpak
 #
-# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -15,10 +15,9 @@
 # Please submit bugfixes or comments via https://bugs.opensuse.org/
 #
 %global selinuxtype targeted
 %define libname libflatpak0
-%define bubblewrap_version 0.10.0
+%define bubblewrap_version 0.5.0
 %define ostree_version 2020.8
 %define xdg_dbus_proxy_version 0.1.0
@ -35,7 +34,7 @@
 %define support_environment_generators 1
 %endif
 Name:           flatpak
-Version:        1.15.10
+Version:        1.14.10
 Release:        0
 Summary:        OSTree based application bundles management
 License:        LGPL-2.1-or-later
@ -44,32 +43,22 @@ URL:            https://flatpak.github.io/
 Source0:        https://github.com/flatpak/flatpak/releases/download/%{version}/%{name}-%{version}.tar.xz
 Source1:        update-system-flatpaks.service
 Source2:        update-system-flatpaks.timer
-Source3:        update-user-flatpaks.service
+Source3:        https://flathub.org/repo/flathub.flatpakrepo
 Source4:        update-user-flatpaks.timer
 Source5:        https://flathub.org/repo/flathub.flatpakrepo
 # PATCH-FEATURE-OPENSUSE polkit_rules_usability.patch -- Make the rules comply with openSUSE expectations
 Patch0:         polkit_rules_usability.patch
 # PATCH-FIX-UPSTREAM libglnx.patch https://gitlab.gnome.org/GNOME/libglnx/-/merge_requests/57
 Patch1:         libglnx.patch
 BuildRequires:  bison
 BuildRequires:  bubblewrap >= %{bubblewrap_version}
 BuildRequires:  docbook-xsl-stylesheets
 BuildRequires:  gtk-doc
 BuildRequires:  intltool >= 0.35.0
 BuildRequires:  libcap-devel
 BuildRequires:  libgpg-error-devel
 BuildRequires:  libgpgme-devel >= 1.1.8
 BuildRequires:  libtool
 BuildRequires:  meson
 BuildRequires:  pkgconfig
 BuildRequires:  python3-pyparsing
 BuildRequires:  selinux-policy-%{selinuxtype}
 BuildRequires:  selinux-policy-devel
 BuildRequires:  systemd-rpm-macros
 BuildRequires:  sysuser-tools
 BuildRequires:  xdg-dbus-proxy >= %{xdg_dbus_proxy_version}
 BuildRequires:  xmlto
 BuildRequires:  xsltproc
 BuildRequires:  pkgconfig(appstream) >= 0.12.0
 BuildRequires:  pkgconfig(dconf) >= 0.26
@ -91,19 +80,13 @@ BuildRequires:  pkgconfig(libzstd) >= 0.8.1
 BuildRequires:  pkgconfig(ostree-1) >= %{ostree_version}
 BuildRequires:  pkgconfig(polkit-gobject-1)
 BuildRequires:  pkgconfig(systemd)
 BuildRequires:  pkgconfig(wayland-client) >= 1.15
 BuildRequires:  pkgconfig(wayland-protocols) >= 1.32
 BuildRequires:  pkgconfig(wayland-scanner) >= 1.15
 BuildRequires:  pkgconfig(xau)
 Requires:       %{libname} = %{version}
 Requires:       bubblewrap >= %{bubblewrap_version}
 Requires:       ostree >= %{ostree_version}
 Requires:       xdg-dbus-proxy >= %{xdg_dbus_proxy_version}
 Requires:       xdg-desktop-portal >= 0.10
 Requires:       (flatpak-selinux = %{version} if selinux-policy-%{selinuxtype})
 Requires:       user(flatpak)
 # as per documentation from flatpak 1.0: add weak dep on p11-kit-server for certificate transfer
 Recommends:     p11-kit-server
 # Remove after openSUSE Leap 42 is out of scope
 Provides:       xdg-app = %{version}
 Obsoletes:      xdg-app < %{version}
@ -171,29 +154,13 @@ Group:          System/Packages
 Requires:       flatpak
 Requires(postun):flatpak
 Requires(postun):sed
 %if 0%{?suse_version} > 1600
 Supplements:    flatpak
 %endif
 BuildArch:      noarch
 %description remote-flathub
 Flathub is a widely used repository for Flatpak applications. This package
 adds the Flathub repository to the list of system flatpak remotes.
 %package selinux
 Summary:        SELinux policy module for flatpak
 Group:          System Environment/Base
 Requires:       flatpak
 BuildArch:      noarch
 %{?selinux_requires}
 %description selinux
 flatpak is a system for building, distributing and running sandboxed desktop
 applications on Linux. See https://wiki.gnome.org/Projects/SandboxedApps for
 more information.
 This package provides the SELinux policy module for flatpak.
 %postun remote-flathub
 # upon uninstall
 if [ $1 == 0 ]; then
@ -205,32 +172,28 @@ fi
 %lang_package
 %python3_fix_shebang
 %prep
 %autosetup -p1
 sed -i -e '1s,#!%{_bindir}/env python3,#!%{_bindir}/python3,' scripts/flatpak-*
 %build
-%meson \
+%configure \
-        -Dsystem_bubblewrap=%{_bindir}/bwrap \
+	--disable-silent-rules \
-        -Dhttp_backend=curl \
+	--with-system-bubblewrap \
-        -Ddbus_config_dir=%{_dbusconfigdir} \
+	--with-curl \
-        -Dsystem_dbus_proxy=%{_bindir}/xdg-dbus-proxy \
+	--with-priv-mode=none \
 	--with-dbus-config-dir=%{_dbusconfigdir} \
 	--with-system-dbus-proxy=%{_bindir}/xdg-dbus-proxy \
 %if !%{support_environment_generators}
-        -Dgdm_env_file=enabled \
+	--enable-gdm-env-file \
 %endif
-        -Dgtkdoc=enabled \
+        --docdir=%{_docdir}/%{name} \
        -Dwayland_security_context=enabled \
        -Dselinux_module=enabled \
        -Dtests=false \
        -Dmalcontent=disabled \
 	%{nil}
-%meson_build
+%make_build
 %sysusers_generate_pre system-helper/flatpak.conf system-user-flatpak flatpak.conf
 %install
-%meson_install
+%make_install
 find %{buildroot} -type f -name "*.la" -delete -print
 mkdir -p %{buildroot}%{_sbindir}
 ln -s service %{buildroot}%{_sbindir}/rcflatpak-system-helper
@ -246,16 +209,12 @@ rm -Rf %{buildroot}%{_systemd_user_env_generator_dir}
 rm -Rf %{buildroot}%{_systemd_system_env_generator_dir}
 %endif
-# System update Systemd service and timer units
+install -D -m 644 %{SOURCE1} %{buildroot}%{_unitdir}/update-system-flatpaks.service
-install -D -m 644 -t %{buildroot}%{_unitdir} %{SOURCE1}
+install -D -m 644 %{SOURCE2} %{buildroot}%{_unitdir}/update-system-flatpaks.timer
 install -D -m 644 -t %{buildroot}%{_unitdir} %{SOURCE2}
-# User update Systemd service and timer units
+mkdir -p %{buildroot}%{_sysconfdir}/flatpak/remotes.d
-install -D -m 644 -t %{buildroot}%{_userunitdir} %{SOURCE3}
+# Flathub
-install -D -m 644 -t %{buildroot}%{_userunitdir} %{SOURCE4}
+install -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/flatpak/remotes.d
 # Flathub remote repository
 install -D -m 644 -t %{buildroot}%{_sysconfdir}/flatpak/remotes.d %{SOURCE5}
 %find_lang %{name}
@ -282,34 +241,16 @@ if [ -e "%{_localstatedir}/lib/flatpak/repo" ] && [ -z "$(ls -A %{_localstatedir
 rm -r %{_localstatedir}/lib/flatpak/repo
 fi
 %{_bindir}/flatpak remotes 1> /dev/null
 %tmpfiles_create %{_tmpfilesdir}/flatpak.conf
 %postun
 %service_del_postun flatpak-system-helper.service
 %service_del_postun update-system-flatpaks.service
 %service_del_postun update-system-flatpaks.timer
 %pre selinux
 %selinux_relabel_pre -s %{selinuxtype}
 %post selinux
 %selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/packages/flatpak.pp.bz2
 %preun selinux
 %selinux_relabel_pre -s %{selinuxtype}
 %postun selinux
 if [ $1 -eq 0 ]; then
    %selinux_modules_uninstall -s %{selinuxtype} flatpak
    %selinux_relabel_post -s %{selinuxtype}
 fi;
 %posttrans selinux
 %selinux_relabel_post -s %{selinuxtype}
 %files -f %{name}.lang
 %license COPYING
 %{_bindir}/flatpak
 %{_exec_prefix}/lib/tmpfiles.d/flatpak.conf
 %{_libexecdir}/flatpak-portal
 %{_libexecdir}/flatpak-session-helper
 %{_libexecdir}/flatpak-system-helper
@ -337,19 +278,16 @@ fi;
 %{_mandir}/man1/%{name}*.1%{?ext_man}
 %{_mandir}/man5/flatpak-metadata.5%{?ext_man}
 %{_mandir}/man5/flatpak-flatpakref.5%{?ext_man}
 %{_mandir}/man5/flatpakref.5%{?ext_man}
 %{_mandir}/man5/flatpak-flatpakrepo.5%{?ext_man}
 %{_mandir}/man5/flatpakrepo.5%{?ext_man}
 %{_mandir}/man5/flatpak-installation.5%{?ext_man}
 %{_mandir}/man5/flatpak-remote.5%{?ext_man}
 %{_datadir}/%{name}/
 %config %{_sysconfdir}/profile.d/flatpak.sh
 %config %{_sysconfdir}/profile.d/flatpak.csh
 %dir %{_sysconfdir}/flatpak
 %dir %{_sysconfdir}/flatpak/remotes.d
 %{_unitdir}/flatpak-system-helper.service
-%{_unitdir}/update-system-flatpaks.{service,timer}
+%{_unitdir}/update-system-flatpaks.service
-%{_userunitdir}/update-user-flatpaks.{service,timer}
+%{_unitdir}/update-system-flatpaks.timer
 %{_sbindir}/rcflatpak-system-helper
 %{_userunitdir}/flatpak-session-helper.service
 %{_userunitdir}/flatpak-portal.service
@ -368,7 +306,6 @@ fi;
 %{_userunitdir}/flatpak-oci-authenticator.service
 %{_datadir}/dbus-1/interfaces/org.freedesktop.Flatpak.Authenticator.xml
 %{_datadir}/dbus-1/services/org.flatpak.Authenticator.Oci.service
 %{_tmpfilesdir}/flatpak.conf
 %files -n system-user-flatpak
 %license COPYING
@ -390,9 +327,6 @@ fi;
 %files devel
 %license COPYING
 %doc %{_datadir}/gtk-doc/html/flatpak
 %dir %{_datadir}/doc/flatpak
 %doc %{_datadir}/doc/flatpak/docbook.css
 %doc %{_datadir}/doc/flatpak/flatpak-docs.html
 %{_bindir}/flatpak-bisect
 %{_bindir}/flatpak-coredumpctl
 %{_libdir}/pkgconfig/flatpak.pc
@ -401,10 +335,6 @@ fi;
 %{_datadir}/gir-1.0/Flatpak-1.0.gir
 %files remote-flathub
-%config %{_sysconfdir}/flatpak/remotes.d/flathub.flatpakrepo
+%{_sysconfdir}/flatpak/remotes.d/flathub.flatpakrepo
 %files selinux
 %{_datadir}/selinux/devel/include/contrib/flatpak.if
 %{_datadir}/selinux/packages/flatpak.pp.bz2
 %changelog
--- a/libglnx.patch
+++ b/libglnx.patch
@ -1,13 +0,0 @@
 Index: flatpak-1.15.8/subprojects/libglnx/meson.build
 ===================================================================
 --- flatpak-1.15.8.orig/subprojects/libglnx/meson.build
 +++ flatpak-1.15.8/subprojects/libglnx/meson.build
@@ -40,7 +40,7 @@ foreach check_function : check_functions
     #include <linux/random.h>
     #include <sys/mman.h>
 -    int func (void) {
 +    void func (void) {
       (void) ''' + check_function + ''';
     }
     ''',
--- a/update-user-flatpaks.service
+++ b/update-user-flatpaks.service
@ -1,12 +0,0 @@
 [Unit]
 Description=Update user Flatpaks
 Documentation=man:flatpak-update(1)
 After=network-online.target
 Wants=network-online.target
 [Service]
 Type=oneshot
 ExecStart=/usr/bin/flatpak --user update -y --noninteractive
 [Install]
 WantedBy=default.target
--- a/update-user-flatpaks.timer
+++ b/update-user-flatpaks.timer
@ -1,10 +0,0 @@
 [Unit]
 Description=Update user Flatpaks daily
 Documentation=man:flatpak-update(1)
 [Timer]
 OnCalendar=daily
 Persistent=true
 [Install]
 WantedBy=timers.target