Accepting request 1169130 from home:rfrohl:branches:GNOME:Factory

Update to 1.15.8: as the CVE looks quite problematic I thought I would try and
help to speed up the update. Please have a close look if this seems okay.

Somewhat unsure about the meson options used.

OBS-URL: https://build.opensuse.org/request/show/1169130
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/flatpak?expand=0&rev=193
This commit is contained in:
Dominique Leuenberger 2024-04-19 11:09:15 +00:00 committed by Git OBS Bridge
parent 2fca7722ea
commit 1b5e00785c
5 changed files with 87 additions and 22 deletions

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:8eb68189eb4850a34752feb29827cc2cc744c1981b8915e280ec1cf5bc387962
size 1315036

3
flatpak-1.15.8.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:e89bcf42fd1eb0fadf14c8b5845bc31cb78a2624f3bdc9bcdd007cc75022e4d3
size 1300484

View File

@ -1,3 +1,51 @@
-------------------------------------------------------------------
Fri Apr 19 08:05:28 UTC 2024 - Robert Frohl <rfrohl@suse.com>
- Update to version 1.15.8:
+ Security fixes:
- Don't allow an executable name to be misinterpreted as a command-line
option for bwrap(1). This prevents a sandbox escape where a malicious
or compromised app could ask xdg-desktop-portal to generate a .desktop
file with access to files outside the sandbox. (CVE-2024-32462, boo#1223110)
+ Other bug fixes:
- Pass the -export-dynamic linker option as -Wl,-export-dynamic,
fixing build failures with clang 18 and lld 18
- Fix a double-free when installation is cancelled
- Fix installed-tests failure with "FUSERMOUNT: unbound variable"
- Translation updates: pt_BR, tr
- Update to version 1.15.7:
+ New features:
- Automatically remove obsolete driver versions and other autopruned refs
- --socket=inherit-wayland-socket
- Automatically reload D-Bus session bus configuration after installing
or upgrading apps, to pick up any exported D-Bus services
+ Bug fixes:
- Don't parse <developer><name/></developer> as the application name
- Don't refuse to start apps when there is no D-Bus system bus available
- Don't try to repeat migration of apps whose data was migrated to a new
name and then deleted
- Improve handling of mixed locales on systems with systemd-localed
- Improve display of ellipsized columns in wide terminals
- Make flatpak info -e look for extensions in all installations
- Fix warnings from newer GLib versions
- Always set the container environment variable
- Always let the app inherit redirected file descriptors
- In flatpak ps, add xdg-desktop-portal-gnome to the list of backends
we'll use to learn which apps are running in the background
- Don't use WAYLAND_SOCKET unless given --socket=inherit-wayland-socket
- Use fusermount3 if compiled with FUSE 3, overridable with -Dsystem_fusermount compile-time option
- Avoid leaking a temporary variable from /etc/profile.d/flatpak.sh into the shell environment
- Improve async-signal safety
- Fix various memory leaks
- Avoid undefined behaviour of signed left-shift when storing object IDs in a hash table
- Detect the correct gtk-doc when cross-compiling
- Detect the correct wayland-scanner when cross-compiling
- Documentation improvements
- Skip more tests when FUSE isn't available
- Translation updates
- add libglnx.patch to fix meson function detection
-------------------------------------------------------------------
Tue Mar 19 08:06:34 UTC 2024 - Antonio Larrosa <alarrosa@suse.com>

View File

@ -35,7 +35,7 @@
%define support_environment_generators 1
%endif
Name: flatpak
Version: 1.15.6
Version: 1.15.8
Release: 0
Summary: OSTree based application bundles management
License: LGPL-2.1-or-later
@ -49,9 +49,12 @@ Source4: update-user-flatpaks.timer
Source5: https://flathub.org/repo/flathub.flatpakrepo
# PATCH-FEATURE-OPENSUSE polkit_rules_usability.patch -- Make the rules comply with openSUSE expectations
Patch0: polkit_rules_usability.patch
# PATCH-FIX-UPSTREAM libglnx.patch https://gitlab.gnome.org/GNOME/libglnx/-/merge_requests/57
Patch1: libglnx.patch
BuildRequires: bison
BuildRequires: bubblewrap >= %{bubblewrap_version}
BuildRequires: cmake
BuildRequires: docbook-xsl-stylesheets
BuildRequires: gtk-doc
BuildRequires: intltool >= 0.35.0
@ -59,9 +62,12 @@ BuildRequires: libcap-devel
BuildRequires: libgpg-error-devel
BuildRequires: libgpgme-devel >= 1.1.8
BuildRequires: libtool
BuildRequires: malcontent-devel
BuildRequires: meson
BuildRequires: pkgconfig
BuildRequires: python3-pyparsing
BuildRequires: selinux-policy-devel
BuildRequires: socat
BuildRequires: systemd-rpm-macros
BuildRequires: sysuser-tools
BuildRequires: xdg-dbus-proxy >= %{xdg_dbus_proxy_version}
@ -163,8 +169,8 @@ more information.
Summary: Add Flathub repository to system flatpak
Group: System/Packages
Requires: flatpak
Requires(postun): flatpak
Requires(postun): sed
Requires(postun):flatpak
Requires(postun):sed
%if 0%{?suse_version} > 1600
Supplements: flatpak
%endif
@ -204,27 +210,23 @@ fi
sed -i -e '1s,#!%{_bindir}/env python3,#!%{_bindir}/python3,' scripts/flatpak-*
%build
./autogen.sh
%configure \
--disable-silent-rules \
--with-system-bubblewrap \
--with-curl \
--with-priv-mode=none \
--with-dbus-config-dir=%{_dbusconfigdir} \
--with-system-dbus-proxy=%{_bindir}/xdg-dbus-proxy \
%meson \
-Dsystem_bubblewrap=bwrap \
-Dhttp_backend=curl \
-Ddbus_config_dir=%{_dbusconfigdir} \
-Dsystem_dbus_proxy=%{_bindir}/xdg-dbus-proxy \
%if !%{support_environment_generators}
--enable-gdm-env-file \
-Dgdm_env_file=enabled \
%endif
--enable-documentation \
--enable-gtk-doc \
--with-wayland-security-context=yes \
--with-selinux_module=yes \
-Dgtkdoc=enabled \
-Dwayland_security_context=enabled \
-Dselinux_module=enabled \
%{nil}
%make_build
%meson_build
%sysusers_generate_pre system-helper/flatpak.conf system-user-flatpak flatpak.conf
%install
%make_install
%meson_install
find %{buildroot} -type f -name "*.la" -delete -print
mkdir -p %{buildroot}%{_sbindir}
ln -s service %{buildroot}%{_sbindir}/rcflatpak-system-helper
@ -331,7 +333,9 @@ fi;
%{_mandir}/man1/%{name}*.1%{?ext_man}
%{_mandir}/man5/flatpak-metadata.5%{?ext_man}
%{_mandir}/man5/flatpak-flatpakref.5%{?ext_man}
%{_mandir}/man5/flatpakref.5%{?ext_man}
%{_mandir}/man5/flatpak-flatpakrepo.5%{?ext_man}
%{_mandir}/man5/flatpakrepo.5%{?ext_man}
%{_mandir}/man5/flatpak-installation.5%{?ext_man}
%{_mandir}/man5/flatpak-remote.5%{?ext_man}
%{_datadir}/%{name}/

13
libglnx.patch Normal file
View File

@ -0,0 +1,13 @@
Index: flatpak-1.15.8/subprojects/libglnx/meson.build
===================================================================
--- flatpak-1.15.8.orig/subprojects/libglnx/meson.build
+++ flatpak-1.15.8/subprojects/libglnx/meson.build
@@ -40,7 +40,7 @@ foreach check_function : check_functions
#include <linux/random.h>
#include <sys/mman.h>
- int func (void) {
+ void func (void) {
(void) ''' + check_function + ''';
}
''',