Accepting request 863379 from GNOME:Next

New try OBS-URL: https://build.opensuse.org/request/show/863379 OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/flatpak?expand=0&rev=129
2021-01-18 13:16:26 +00:00 · 2021-01-18 13:16:26 +00:00 · 8ee009d5e1
commit 8ee009d5e1
parent e2631e4ce2
5 changed files with 40 additions and 5 deletions
--- a/2
+++ b/2
@ -4,7 +4,7 @@
    <param name="url">https://github.com/flatpak/flatpak.git</param>
    <param name="scm">git</param>
    <param name="versionformat">@PARENT_TAG@</param>
-    <param name="revision">refs/tags/1.8.4</param>
+    <param name="revision">refs/tags/1.10.0</param>
  </service>
  <service name="recompress" mode="disabled">
    <param name="file">*.tar</param>
--- a/flatpak-1.10.0.tar.xz
+++ b/flatpak-1.10.0.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:89192f91c7f3a4bfffcf316c1eb2223f3f91f70420c9ead1faf7bada5176eae1
+size 1116548
--- a/flatpak-1.8.4.tar.xz
+++ b/flatpak-1.8.4.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:4dc2b67bfee64783f6aa0c2c92c12096d5f59c8dcf0e78b4aa53f387506a21bd
-size 1047020
--- a/flatpak.changes
+++ b/flatpak.changes
@ -1,3 +1,36 @@
+-------------------------------------------------------------------
+Fri Jan 15 16:06:24 UTC 2021 - Bjørn Lie <bjorn.lie@gmail.com>
+
+- Update to version 1.10.0:
+  + The major new feature in this series compared to 1.8 is the
+    support for the new repo format which should make updates
+    faster and download less data.
+  + The systemd generator snippets now call flatpak
+    --print-updated-env in place of a bunch of shell for better
+    login performance.
+  + The .profile snippets now disable GVfs when calling flatpak to
+    avoid spawning a gvfs daemon when logging in via ssh.
+  + Build fixes for GCC 11.
+  + Flatpak now finds the pulseaudio sockets better in uncommon
+    configurations.
+  + Sandboxes with network access it now also has access to the
+    systemd-resolved socket to do dns lookups.
+  + Flatpak supports unsetting env vars in the sandbox using
+    --unset-env, and --env=FOO= now sets FOO to the empty string
+    instead of unsetting it.
+  + Similarly the spawn portal has an option to unset an env var.
+  + The spawn portal now has an option to share the pid namespace
+    with the sub-sandbox.
+
+-------------------------------------------------------------------
+Fri Jan 15 16:02:40 UTC 2021 - Bjørn Lie <bjorn.lie@gmail.com>
+
+- Update to version 1.8.5 (CVE-2021-21261):
+  + This is a security update that fixes a sandbox escape where a
+    malicious application can execute code outside the sandbox by
+    controlling the environment of the "flatpak run" command when
+    spawning a sub-sandbox.
+
 -------------------------------------------------------------------
 Thu Jan  7 20:28:03 UTC 2021 - Bjørn Lie <bjorn.lie@gmail.com>

--- a/flatpak.spec
+++ b/flatpak.spec
@ -32,7 +32,7 @@

 %define libname libflatpak0
 Name:           flatpak
-Version:        1.8.4
+Version:        1.10.0
 Release:        0
 Summary:        OSTree based application bundles management
 License:        LGPL-2.1-or-later
@ -176,6 +176,7 @@ mv %{buildroot}/%{_datadir}/polkit-1/rules.d/{,60-}org.freedesktop.Flatpak.rules

 %if !%{support_environment_generators}
 rm -Rf %{buildroot}%{_systemd_user_env_generator_dir}
+rm -Rf %{buildroot}%{_systemd_system_env_generator_dir}
 %endif

 mkdir -p %{buildroot}%{_sysconfdir}/flatpak/remotes.d
@ -245,6 +246,7 @@ fi
 %if %{support_environment_generators}
 %dir %{_systemd_user_env_generator_dir}
 %{_systemd_user_env_generator_dir}/60-flatpak
+%{_systemd_system_env_generator_dir}/60-flatpak-system-only
 %else
 # Own dirs so we don't have to depend on gdm for building.
 %dir %{_datadir}/gdm/