Accepting request 1169130 from home:rfrohl:branches:GNOME:Factory
Update to 1.15.8: as the CVE looks quite problematic I thought I would try and help to speed up the update. Please have a close look if this seems okay. Somewhat unsure about the meson options used. OBS-URL: https://build.opensuse.org/request/show/1169130 OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/flatpak?expand=0&rev=193
This commit is contained in:
parent
2fca7722ea
commit
1b5e00785c
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:8eb68189eb4850a34752feb29827cc2cc744c1981b8915e280ec1cf5bc387962
|
||||
size 1315036
|
3
flatpak-1.15.8.tar.xz
Normal file
3
flatpak-1.15.8.tar.xz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:e89bcf42fd1eb0fadf14c8b5845bc31cb78a2624f3bdc9bcdd007cc75022e4d3
|
||||
size 1300484
|
@ -1,3 +1,51 @@
|
||||
-------------------------------------------------------------------
|
||||
Fri Apr 19 08:05:28 UTC 2024 - Robert Frohl <rfrohl@suse.com>
|
||||
|
||||
- Update to version 1.15.8:
|
||||
+ Security fixes:
|
||||
- Don't allow an executable name to be misinterpreted as a command-line
|
||||
option for bwrap(1). This prevents a sandbox escape where a malicious
|
||||
or compromised app could ask xdg-desktop-portal to generate a .desktop
|
||||
file with access to files outside the sandbox. (CVE-2024-32462, boo#1223110)
|
||||
+ Other bug fixes:
|
||||
- Pass the -export-dynamic linker option as -Wl,-export-dynamic,
|
||||
fixing build failures with clang 18 and lld 18
|
||||
- Fix a double-free when installation is cancelled
|
||||
- Fix installed-tests failure with "FUSERMOUNT: unbound variable"
|
||||
- Translation updates: pt_BR, tr
|
||||
|
||||
- Update to version 1.15.7:
|
||||
+ New features:
|
||||
- Automatically remove obsolete driver versions and other autopruned refs
|
||||
- --socket=inherit-wayland-socket
|
||||
- Automatically reload D-Bus session bus configuration after installing
|
||||
or upgrading apps, to pick up any exported D-Bus services
|
||||
+ Bug fixes:
|
||||
- Don't parse <developer><name/></developer> as the application name
|
||||
- Don't refuse to start apps when there is no D-Bus system bus available
|
||||
- Don't try to repeat migration of apps whose data was migrated to a new
|
||||
name and then deleted
|
||||
- Improve handling of mixed locales on systems with systemd-localed
|
||||
- Improve display of ellipsized columns in wide terminals
|
||||
- Make flatpak info -e look for extensions in all installations
|
||||
- Fix warnings from newer GLib versions
|
||||
- Always set the container environment variable
|
||||
- Always let the app inherit redirected file descriptors
|
||||
- In flatpak ps, add xdg-desktop-portal-gnome to the list of backends
|
||||
we'll use to learn which apps are running in the background
|
||||
- Don't use WAYLAND_SOCKET unless given --socket=inherit-wayland-socket
|
||||
- Use fusermount3 if compiled with FUSE 3, overridable with -Dsystem_fusermount compile-time option
|
||||
- Avoid leaking a temporary variable from /etc/profile.d/flatpak.sh into the shell environment
|
||||
- Improve async-signal safety
|
||||
- Fix various memory leaks
|
||||
- Avoid undefined behaviour of signed left-shift when storing object IDs in a hash table
|
||||
- Detect the correct gtk-doc when cross-compiling
|
||||
- Detect the correct wayland-scanner when cross-compiling
|
||||
- Documentation improvements
|
||||
- Skip more tests when FUSE isn't available
|
||||
- Translation updates
|
||||
- add libglnx.patch to fix meson function detection
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Mar 19 08:06:34 UTC 2024 - Antonio Larrosa <alarrosa@suse.com>
|
||||
|
||||
|
36
flatpak.spec
36
flatpak.spec
@ -35,7 +35,7 @@
|
||||
%define support_environment_generators 1
|
||||
%endif
|
||||
Name: flatpak
|
||||
Version: 1.15.6
|
||||
Version: 1.15.8
|
||||
Release: 0
|
||||
Summary: OSTree based application bundles management
|
||||
License: LGPL-2.1-or-later
|
||||
@ -49,9 +49,12 @@ Source4: update-user-flatpaks.timer
|
||||
Source5: https://flathub.org/repo/flathub.flatpakrepo
|
||||
# PATCH-FEATURE-OPENSUSE polkit_rules_usability.patch -- Make the rules comply with openSUSE expectations
|
||||
Patch0: polkit_rules_usability.patch
|
||||
# PATCH-FIX-UPSTREAM libglnx.patch https://gitlab.gnome.org/GNOME/libglnx/-/merge_requests/57
|
||||
Patch1: libglnx.patch
|
||||
|
||||
BuildRequires: bison
|
||||
BuildRequires: bubblewrap >= %{bubblewrap_version}
|
||||
BuildRequires: cmake
|
||||
BuildRequires: docbook-xsl-stylesheets
|
||||
BuildRequires: gtk-doc
|
||||
BuildRequires: intltool >= 0.35.0
|
||||
@ -59,9 +62,12 @@ BuildRequires: libcap-devel
|
||||
BuildRequires: libgpg-error-devel
|
||||
BuildRequires: libgpgme-devel >= 1.1.8
|
||||
BuildRequires: libtool
|
||||
BuildRequires: malcontent-devel
|
||||
BuildRequires: meson
|
||||
BuildRequires: pkgconfig
|
||||
BuildRequires: python3-pyparsing
|
||||
BuildRequires: selinux-policy-devel
|
||||
BuildRequires: socat
|
||||
BuildRequires: systemd-rpm-macros
|
||||
BuildRequires: sysuser-tools
|
||||
BuildRequires: xdg-dbus-proxy >= %{xdg_dbus_proxy_version}
|
||||
@ -204,27 +210,23 @@ fi
|
||||
sed -i -e '1s,#!%{_bindir}/env python3,#!%{_bindir}/python3,' scripts/flatpak-*
|
||||
|
||||
%build
|
||||
./autogen.sh
|
||||
%configure \
|
||||
--disable-silent-rules \
|
||||
--with-system-bubblewrap \
|
||||
--with-curl \
|
||||
--with-priv-mode=none \
|
||||
--with-dbus-config-dir=%{_dbusconfigdir} \
|
||||
--with-system-dbus-proxy=%{_bindir}/xdg-dbus-proxy \
|
||||
%meson \
|
||||
-Dsystem_bubblewrap=bwrap \
|
||||
-Dhttp_backend=curl \
|
||||
-Ddbus_config_dir=%{_dbusconfigdir} \
|
||||
-Dsystem_dbus_proxy=%{_bindir}/xdg-dbus-proxy \
|
||||
%if !%{support_environment_generators}
|
||||
--enable-gdm-env-file \
|
||||
-Dgdm_env_file=enabled \
|
||||
%endif
|
||||
--enable-documentation \
|
||||
--enable-gtk-doc \
|
||||
--with-wayland-security-context=yes \
|
||||
--with-selinux_module=yes \
|
||||
-Dgtkdoc=enabled \
|
||||
-Dwayland_security_context=enabled \
|
||||
-Dselinux_module=enabled \
|
||||
%{nil}
|
||||
%make_build
|
||||
%meson_build
|
||||
%sysusers_generate_pre system-helper/flatpak.conf system-user-flatpak flatpak.conf
|
||||
|
||||
%install
|
||||
%make_install
|
||||
%meson_install
|
||||
find %{buildroot} -type f -name "*.la" -delete -print
|
||||
mkdir -p %{buildroot}%{_sbindir}
|
||||
ln -s service %{buildroot}%{_sbindir}/rcflatpak-system-helper
|
||||
@ -331,7 +333,9 @@ fi;
|
||||
%{_mandir}/man1/%{name}*.1%{?ext_man}
|
||||
%{_mandir}/man5/flatpak-metadata.5%{?ext_man}
|
||||
%{_mandir}/man5/flatpak-flatpakref.5%{?ext_man}
|
||||
%{_mandir}/man5/flatpakref.5%{?ext_man}
|
||||
%{_mandir}/man5/flatpak-flatpakrepo.5%{?ext_man}
|
||||
%{_mandir}/man5/flatpakrepo.5%{?ext_man}
|
||||
%{_mandir}/man5/flatpak-installation.5%{?ext_man}
|
||||
%{_mandir}/man5/flatpak-remote.5%{?ext_man}
|
||||
%{_datadir}/%{name}/
|
||||
|
13
libglnx.patch
Normal file
13
libglnx.patch
Normal file
@ -0,0 +1,13 @@
|
||||
Index: flatpak-1.15.8/subprojects/libglnx/meson.build
|
||||
===================================================================
|
||||
--- flatpak-1.15.8.orig/subprojects/libglnx/meson.build
|
||||
+++ flatpak-1.15.8/subprojects/libglnx/meson.build
|
||||
@@ -40,7 +40,7 @@ foreach check_function : check_functions
|
||||
#include <linux/random.h>
|
||||
#include <sys/mman.h>
|
||||
|
||||
- int func (void) {
|
||||
+ void func (void) {
|
||||
(void) ''' + check_function + ''';
|
||||
}
|
||||
''',
|
Loading…
Reference in New Issue
Block a user