From 2a1833419614fdf5d675e3f2c3d68492c5dafe31093be105a77374fbb0f84f21 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bj=C3=B8rn=20Lie?= <bjorn.lie@gmail.com>
Date: Wed, 19 Jan 2022 17:26:01 +0000
Subject: [PATCH] Accepting request 947299 from
 home:AndreasStieger:branches:GNOME:Factory

flatpak 1.12.4

OBS-URL: https://build.opensuse.org/request/show/947299
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/flatpak?expand=0&rev=154
---
 flatpak-1.12.3.tar.xz |  3 ---
 flatpak-1.12.4.tar.xz |  3 +++
 flatpak.changes       | 19 ++++++++++++++++---
 flatpak.spec          |  2 +-
 4 files changed, 20 insertions(+), 7 deletions(-)
 delete mode 100644 flatpak-1.12.3.tar.xz
 create mode 100644 flatpak-1.12.4.tar.xz

diff --git a/flatpak-1.12.3.tar.xz b/flatpak-1.12.3.tar.xz
deleted file mode 100644
index bacfe9c..0000000
--- a/flatpak-1.12.3.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:d715f23347d7eb859301c8f0c778a899bb7c9e26dac6ae2a2a4b9fc21cf77b69
-size 1555340
diff --git a/flatpak-1.12.4.tar.xz b/flatpak-1.12.4.tar.xz
new file mode 100644
index 0000000..c756724
--- /dev/null
+++ b/flatpak-1.12.4.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:792e6265f7f6d71b2a087028472a048287bed2587e43d2eec2c31d360c16211c
+size 1556548
diff --git a/flatpak.changes b/flatpak.changes
index 4a77f93..b9521ab 100644
--- a/flatpak.changes
+++ b/flatpak.changes
@@ -1,3 +1,16 @@
+-------------------------------------------------------------------
+Tue Jan 18 20:52:06 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- Update to 1.12.4:
+  + reverting non-backwards-compatible behaviour changes in the
+    solution previously chosen for CVE-2022-21682 (boo#1194611)
+    Fix will be in flatpak-builder 1.2.2.
+  + Clarify documentation of --nofilesystem
+  + Improve unit test coverage around --filesystem and
+    --nofilesystem
+  + Restore compatibility with older appstream-glib versions,
+    fixing a regression in 1.12.3
+
 -------------------------------------------------------------------
 Wed Jan 12 20:40:35 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>
 
@@ -5,9 +18,9 @@ Wed Jan 12 20:40:35 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>
   + CVE-2021-43860: a malicious repository could have sent invalid
     application metadata in a way that hides some of the app
     permissions displayed during installation (boo#1194610)
-  + flatpak-builder could allow --mirror-screenshots-url commands
-    to create directories outside of the build directory
-    (boo#1194611)
+  + CVE-2022-21682: flatpak-builder could allow
+    --mirror-screenshots-url commands to create directories outside
+    of the build directory (boo#1194611)
   + Extra-data downloading now properly handles compressed
     content-encodings which fixes checksum verification 
   + Note: In some corner case server setups this may require the
diff --git a/flatpak.spec b/flatpak.spec
index 0dbd0c5..a215770 100644
--- a/flatpak.spec
+++ b/flatpak.spec
@@ -30,7 +30,7 @@
 %define support_environment_generators 1
 %endif
 Name:           flatpak
-Version:        1.12.3
+Version:        1.12.4
 Release:        0
 Summary:        OSTree based application bundles management
 License:        LGPL-2.1-or-later