pool/flatpak
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 947299 from home:AndreasStieger:branches:GNOME:Factory

Browse Source 
flatpak 1.12.4

OBS-URL: https://build.opensuse.org/request/show/947299
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/flatpak?expand=0&rev=154
This commit is contained in:
Bjørn Lie 2022-01-19 17:26:01 +00:00 committed by Git OBS Bridge
parent 029bd64d22
commit 2a18334196
4 changed files with 20 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
flatpak-1.12.3.tar.xz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:d715f23347d7eb859301c8f0c778a899bb7c9e26dac6ae2a2a4b9fc21cf77b69
size 1555340

3
flatpak-1.12.4.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:792e6265f7f6d71b2a087028472a048287bed2587e43d2eec2c31d360c16211c
size 1556548

19
flatpak.changes
View File

@ -1,3 +1,16 @@
-------------------------------------------------------------------
Tue Jan 18 20:52:06 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>
- Update to 1.12.4:
+ reverting non-backwards-compatible behaviour changes in the
solution previously chosen for CVE-2022-21682 (boo#1194611)
Fix will be in flatpak-builder 1.2.2.
+ Clarify documentation of --nofilesystem
+ Improve unit test coverage around --filesystem and
--nofilesystem
+ Restore compatibility with older appstream-glib versions,
fixing a regression in 1.12.3
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Jan 12 20:40:35 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de> Wed Jan 12 20:40:35 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>
@ -5,9 +18,9 @@ Wed Jan 12 20:40:35 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>
+ CVE-2021-43860: a malicious repository could have sent invalid + CVE-2021-43860: a malicious repository could have sent invalid
application metadata in a way that hides some of the app application metadata in a way that hides some of the app
permissions displayed during installation (boo#1194610) permissions displayed during installation (boo#1194610)
+ flatpak-builder could allow --mirror-screenshots-url commands + CVE-2022-21682: flatpak-builder could allow
to create directories outside of the build directory --mirror-screenshots-url commands to create directories outside
(boo#1194611) of the build directory (boo#1194611)
+ Extra-data downloading now properly handles compressed + Extra-data downloading now properly handles compressed
content-encodings which fixes checksum verification content-encodings which fixes checksum verification
+ Note: In some corner case server setups this may require the + Note: In some corner case server setups this may require the

2
flatpak.spec
View File

@ -30,7 +30,7 @@
%define support_environment_generators 1 %define support_environment_generators 1
%endif %endif
Name: flatpak Name: flatpak
Version: 1.12.3 Version: 1.12.4
Release: 0 Release: 0
Summary: OSTree based application bundles management Summary: OSTree based application bundles management
License: LGPL-2.1-or-later License: LGPL-2.1-or-later