Accepting request 1109804 from GNOME:Next

Pushing GNOME 45.rc packages

OBS-URL: https://build.opensuse.org/request/show/1109804
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/flatpak?expand=0&rev=185

flatpak-1.15.4.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:bef695d893d1e0239a68441d6b328edeb6d1e58a902c92f9278e94da914ab91f
+size 1271428

flatpak.changes

@@ -1,3 +1,147 @@
+-------------------------------------------------------------------
+Wed Aug  2 20:23:29 UTC 2023 - Luciano Santos <luc14n0@opensuse.org>
+
+- Add update-user-flatpaks service and timer Systemd units - based
+  on update-system-flatpaks.{service,timer} - to help users keep
+  their user installed flatpaks up to date.
+- Prefix /etc/flatpak/remotes.d/flathub.flatpakrepo with %config
+  macro to mark it as a configuration file.
+
+-------------------------------------------------------------------
+Fri Mar 17 16:20:57 UTC 2023 - Bjørn Lie <bjorn.lie@gmail.com>
+
+- Update to version 1.15.4 (CVE-2023-28101, CVE-2023-28100):
+  + Escape special characters when displaying permissions and
+    metadata, preventing malicious apps from manipulating the
+    appearance of the permissions list using crafted metadata
+    (CVE-2023-28101).
+  + If a Flatpak app is run on a Linux virtual console (tty1, tty2,
+    etc.), don't allow copy/paste via the TIOCLINUX ioctl
+    (CVE-2023-28100). Note that this is specific to virtual
+    consoles: Flatpak is not vulnerable to this if run from a
+    graphical terminal emulator such as xterm, gnome-terminal or
+    Konsole.
+  + Document the path used for flatpak override.
+  + Updated translations.
+
+-------------------------------------------------------------------
+Fri Mar 17 10:06:34 UTC 2023 - Bjørn Lie <bjorn.lie@gmail.com>
+
+- Update to version 1.15.3:
+  + Build system: Building this version of Flatpak with Meson is
+    recommended. The source release flatpak-1.15.3.tar.xz no longer
+    contains Autotools-generated files, although this version can
+    still be built using Autotools after running ./autogen.sh.
+    Future versions are likely to remove the Autotools buildsystem.
+  + Bug fixes:
+    - When splitting an upgrade into two steps (download without
+      installing, and then upgrade without allowing further
+      downloads) like GNOME Software does, if an app is marked EOL
+      and superseded by a replacement, don't remove the superseded
+      app in the first step, which would result in the replacement
+      incorrectly not being installed.
+    - Fix a crash when --socket=gpg-agent is used.
+    - Fix a crash when listing apps if one of them is broken or
+      misconfigured.
+    - If an app has invalid syntax in its overrides or metadata,
+      mention the filename in the error message.
+    - Unset $GDK_BACKEND for apps, ensuring GTK apps with
+      --socket=fallback-x11 can work.
+    - Fix a deprecation warning when compiled with curl >= 7.85.
+  + Updated translations.
+  + Internal changes: Better diagnostic messages for why runtimes
+    are or are not considered unused.
+- Changes from version 1.15.2:
+  + Bug fixes:
+    - Never try to export a parent of reserved directories as a
+      --filesystem, for example /run, which would prevent the app
+      from starting.
+    - Never try to export a --filesystem below /run/flatpak or
+      /run/host, which could similarly prevent the app from
+      starting.
+    - The above change also fixes apps not starting if a
+      --filesystem is a symlink to the root directory.
+    - Show a warning when the --filesystem exists but cannot be
+      shared with the sandbox.
+    - Display the intended messages for flatpak repair.
+    - Exporting an app to an existing repository on a CIFS
+      filesystem now works as intended.
+    - Unset $GIO_EXTRA_MODULES for apps, avoiding misbehaviour in
+      some GLib apps when set to a path on the host.
+    - Unset $XKB_CONFIG_ROOT for apps, avoiding crashes in GTK and
+      Qt apps under Wayland when this variable is set to a path not
+      available in the sandbox.
+    - When using the fish shell, avoid duplicate XDG_DATA_DIRS
+      entries if the profile script is sourced more than once.
+    - Update included copy of bubblewrap to 0.7.0 for better error
+      messages.
+    - Install SELinux files correctly when building with Meson
+  + Internal changes:
+    - Update included copy of libglnx
+    - flatpak -v now uses the INFO log level, and flatpak -vv uses
+      the DEBUG log level in the flatpak log domain. Previously,
+      the extra messages that were logged by flatpak -vv were in a
+      separate "flatpak2" log domain. G_MESSAGES_DEBUG=flatpak
+      previously had an effect similar to flatpak -v, and is now
+      more similar to flatpak -vv.
+- Changes from version 1.15.1:
+  + Dependencies: When building with Meson, gpgme 1.8.0 is now
+    required. Older versions can still be used by building with
+    Autotools.
+  + Features: If an old temporary deploy directory was leaked by
+    versions before #5146, clean it up the next time the same app
+    is updated.
+  + Bug fixes:
+    - If an app update is blocked by parental controls policies,
+      clean up the temporary deploy directory.
+    - Fix Autotools build with versions of gpgme that no longer
+      provide gpgme-config(1).
+    - Fix a possible parallel build failure with Meson.
+    - Fix a compiler warning on 32-bit architectures.
+    - When building with Autotools, be more consistent about
+      applying compiler warning flags.
+    - Unset $TEMP, $TEMPDIR and $TMP for apps, the same as $TMPDIR.
+    - Treat /efi the same as /boot/efi.
+- Changes from version 1.15.0:
+  + Build system:
+    - Flatpak can now be compiled using Meson instead of Autotools.
+      This requires Meson 0.53.0 or later, and Python 3.5 or later.
+    - The Autotools build system is likely to be removed during
+      either the 1.15.x or 1.17.x cycle.
+  + New features:
+    - Allow the modify_ldt system call as part of
+      --allow=multiarch. This increases attack surface, but is
+      required when running 16-bit executables in some versions of
+      Wine.
+    - Share gssproxy socket, which acts like a portal for Kerberos
+      authentication. This lets apps use Kerberos authentication
+      without needing a sandbox hole.
+    - Add a httpbackend variable to flatpak.pc, allowing dependent
+      projects like GNOME Software to detect whether they are
+      compatible with libflatpak.
+  + Bug fixes:
+    - Terminate the flatpak-session-helper and flatpak-portal
+      services when the session ends, so that applications will not
+      inherit outdated Wayland and X11 socket addresses.
+    - When using fish shell, don't overwrite a previously-set
+      XDG_DATA_DIRS.
+    - Don't try to enable HTTP 2 if linked to a libcurl version
+      that doesn't support it.
+    - Stop systemd reporting the session-helper as failed when
+      terminated by a signal.
+    - Fix a warning when listing a document with no permissions.
+    - Fix compilation with GLib 2.66.x (as used in Debian 11).
+    - Fix compilation with GLib 2.58.x (as used in Debian 10).
+    - Make generated files more reproducible.
+  + Internal changes:
+    - Update project logo in README.
+    - Update libglnx subproject.
+  + Updated translations.
+- Add libtool BuildRequires and pass autogen.sh, bootstrapping
+  build is now needed.
+- Add gtk-doc and xmlto BuildRequires and pass enable-documentation
+  and enable-gtk-doc to configure, building documentation manually.
+
 -------------------------------------------------------------------
 Thu Mar 16 16:15:42 UTC 2023 - Bjørn Lie <bjorn.lie@gmail.com>
 

flatpak.spec

@@ -34,7 +34,7 @@
 %define support_environment_generators 1
 %endif
 Name:           flatpak
-Version:        1.14.4
+Version:        1.15.4
 Release:        0
 Summary:        OSTree based application bundles management
 License:        LGPL-2.1-or-later
@@ -43,22 +43,27 @@ URL:            https://flatpak.github.io/
 Source0:        https://github.com/flatpak/flatpak/releases/download/%{version}/%{name}-%{version}.tar.xz
 Source1:        update-system-flatpaks.service
 Source2:        update-system-flatpaks.timer
-Source3:        https://flathub.org/repo/flathub.flatpakrepo
+Source3:        update-user-flatpaks.service
+Source4:        update-user-flatpaks.timer
+Source5:        https://flathub.org/repo/flathub.flatpakrepo
 # PATCH-FEATURE-OPENSUSE polkit_rules_usability.patch -- Make the rules comply with openSUSE expectations
 Patch0:         polkit_rules_usability.patch
 
 BuildRequires:  bison
 BuildRequires:  bubblewrap >= %{bubblewrap_version}
 BuildRequires:  docbook-xsl-stylesheets
+BuildRequires:  gtk-doc
 BuildRequires:  intltool >= 0.35.0
 BuildRequires:  libcap-devel
 BuildRequires:  libgpg-error-devel
 BuildRequires:  libgpgme-devel >= 1.1.8
+BuildRequires:  libtool
 BuildRequires:  pkgconfig
 BuildRequires:  python3-pyparsing
 BuildRequires:  systemd-rpm-macros
 BuildRequires:  sysuser-tools
 BuildRequires:  xdg-dbus-proxy >= %{xdg_dbus_proxy_version}
+BuildRequires:  xmlto
 BuildRequires:  xsltproc
 BuildRequires:  pkgconfig(appstream) >= 0.12.0
 BuildRequires:  pkgconfig(dconf) >= 0.26
@@ -177,6 +182,7 @@ fi
 sed -i -e '1s,#!%{_bindir}/env python3,#!%{_bindir}/python3,' scripts/flatpak-*
 
 %build
+./autogen.sh
 %configure \
 	--disable-silent-rules \
 	--with-system-bubblewrap \
@@ -187,6 +193,8 @@ sed -i -e '1s,#!%{_bindir}/env python3,#!%{_bindir}/python3,' scripts/flatpak-*
 %if !%{support_environment_generators}
 	--enable-gdm-env-file \
 %endif
+	--enable-documentation \
+	--enable-gtk-doc \
 	%{nil}
 %make_build
 %sysusers_generate_pre system-helper/flatpak.conf system-user-flatpak flatpak.conf
@@ -208,12 +216,16 @@ rm -Rf %{buildroot}%{_systemd_user_env_generator_dir}
 rm -Rf %{buildroot}%{_systemd_system_env_generator_dir}
 %endif
 
-install -D -m 644 %{SOURCE1} %{buildroot}%{_unitdir}/update-system-flatpaks.service
-install -D -m 644 %{SOURCE2} %{buildroot}%{_unitdir}/update-system-flatpaks.timer
+# System update Systemd service and timer units
+install -D -m 644 -t %{buildroot}%{_unitdir} %{SOURCE1}
+install -D -m 644 -t %{buildroot}%{_unitdir} %{SOURCE2}
 
-mkdir -p %{buildroot}%{_sysconfdir}/flatpak/remotes.d
-# Flathub
-install -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/flatpak/remotes.d
+# User update Systemd service and timer units
+install -D -m 644 -t %{buildroot}%{_userunitdir} %{SOURCE3}
+install -D -m 644 -t %{buildroot}%{_userunitdir} %{SOURCE4}
+
+# Flathub remote repository
+install -D -m 644 -t %{buildroot}%{_sysconfdir}/flatpak/remotes.d %{SOURCE5}
 
 %find_lang %{name}
 
@@ -284,8 +296,8 @@ fi
 %dir %{_sysconfdir}/flatpak
 %dir %{_sysconfdir}/flatpak/remotes.d
 %{_unitdir}/flatpak-system-helper.service
-%{_unitdir}/update-system-flatpaks.service
-%{_unitdir}/update-system-flatpaks.timer
+%{_unitdir}/update-system-flatpaks.{service,timer}
+%{_userunitdir}/update-user-flatpaks.{service,timer}
 %{_sbindir}/rcflatpak-system-helper
 %{_userunitdir}/flatpak-session-helper.service
 %{_userunitdir}/flatpak-portal.service
@@ -325,6 +337,9 @@ fi
 %files devel
 %license COPYING
 %doc %{_datadir}/gtk-doc/html/flatpak
+%dir %{_datadir}/doc/flatpak
+%doc %{_datadir}/doc/flatpak/docbook.css
+%doc %{_datadir}/doc/flatpak/flatpak-docs.html
 %{_bindir}/flatpak-bisect
 %{_bindir}/flatpak-coredumpctl
 %{_libdir}/pkgconfig/flatpak.pc
@@ -333,6 +348,6 @@ fi
 %{_datadir}/gir-1.0/Flatpak-1.0.gir
 
 %files remote-flathub
-%{_sysconfdir}/flatpak/remotes.d/flathub.flatpakrepo
+%config %{_sysconfdir}/flatpak/remotes.d/flathub.flatpakrepo
 
 %changelog

update-user-flatpaks.service

@@ -0,0 +1,12 @@
+[Unit]
+Description=Update user Flatpaks
+Documentation=man:flatpak-update(1)
+After=network-online.target
+Wants=network-online.target
+
+[Service]
+Type=oneshot
+ExecStart=/usr/bin/flatpak --user update -y --noninteractive
+
+[Install]
+WantedBy=default.target

update-user-flatpaks.timer

@@ -0,0 +1,10 @@
+[Unit]
+Description=Update user Flatpaks daily
+Documentation=man:flatpak-update(1)
+
+[Timer]
+OnCalendar=daily
+Persistent=true
+
+[Install]
+WantedBy=timers.target