Accepting request 1170044 from GNOME:Factory

OBS-URL: https://build.opensuse.org/request/show/1170044
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/flatpak?expand=0&rev=84

flatpak-1.15.6.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:8eb68189eb4850a34752feb29827cc2cc744c1981b8915e280ec1cf5bc387962
-size 1315036

flatpak-1.15.8.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:e89bcf42fd1eb0fadf14c8b5845bc31cb78a2624f3bdc9bcdd007cc75022e4d3
+size 1300484

flatpak.changes

@@ -1,3 +1,79 @@
+-------------------------------------------------------------------
+Tue Apr 23 13:23:52 UTC 2024 - Robert Frohl <rfrohl@suse.com>
+
+- disable parental controls for now by using '-Dmalcontent=disabled', to work around
+  issues with xdg-desktop-portal
+
+-------------------------------------------------------------------
+Fri Apr 19 08:05:28 UTC 2024 - Robert Frohl <rfrohl@suse.com>
+
+- Update to version 1.15.8:
+  + Security fixes:
+    - Don't allow an executable name to be misinterpreted as a
+      command-line option for bwrap(1). This prevents a sandbox
+      escape where a malicious or compromised app could ask
+      xdg-desktop-portal to generate a .desktop file with access to
+      files outside the sandbox. (CVE-2024-32462, boo#1223110).
+  + Other bug fixes:
+    - Pass the -export-dynamic linker option as
+      -Wl,-export-dynamic, fixing build failures with clang 18 and
+      lld 18.
+    - Fix a double-free when installation is cancelled.
+    - Fix installed-tests failure with "FUSERMOUNT: unbound
+      variable".
+- Changes from version 1.15.7:
+  + New features:
+    - Automatically remove obsolete driver versions and other
+      autopruned refs.
+    - --socket=inherit-wayland-socket.
+    - Automatically reload D-Bus session bus configuration after
+      installing or upgrading apps, to pick up any exported D-Bus
+      services.
+  + Bug fixes:
+    - Don't parse <developer><name/></developer> as the application
+      name.
+    - Don't refuse to start apps when there is no D-Bus system bus
+      available.
+    - Don't try to repeat migration of apps whose data was migrated
+      to a new name and then deleted.
+    - Improve handling of mixed locales on systems with
+      systemd-localed.
+    - Improve display of ellipsized columns in wide terminals.
+    - Make flatpak info -e look for extensions in all
+      installations.
+    - Fix warnings from newer GLib versions.
+    - Always set the container environment variable.
+    - Always let the app inherit redirected file descriptors.
+    - In flatpak ps, add xdg-desktop-portal-gnome to the list of
+      backends we'll use to learn which apps are running in the
+      background.
+    - Don't use WAYLAND_SOCKET unless given
+      --socket=inherit-wayland-socket.
+    - Use fusermount3 if compiled with FUSE 3, overridable with
+      -Dsystem_fusermount compile-time option.
+    - Avoid leaking a temporary variable from
+      /etc/profile.d/flatpak.sh into the shell environment.
+    - Improve async-signal safety.
+    - Fix various memory leaks.
+    - Avoid undefined behaviour of signed left-shift when storing
+      object IDs in a hash table.
+    - Detect the correct gtk-doc when cross-compiling.
+    - Detect the correct wayland-scanner when cross-compiling.
+    - Documentation improvements.
+    - Skip more tests when FUSE isn't available.
+    - Updated translations.
+- Add libglnx.patch: fix meson function detection.
+- Switch build system to meson:
+  + Add meson BuildRequires.
+  + Switch configure/make_build/make_install macros to
+    meson/meson_build/meson_install, preserving the configure
+    parameters as close as possible:
+    --disable-silent-rules => obsoleted
+    --with-system-bubblewrap => -Dsystem_bubblewrap=bwrap
+    --with-curl => -Dhttp_backend=curl
+- Add pkgconfig(malcontent-0) BuildRequires: enable malcontent
+  support.
+
 -------------------------------------------------------------------
 Tue Mar 19 08:06:34 UTC 2024 - Antonio Larrosa <alarrosa@suse.com>
 

flatpak.spec

@@ -35,7 +35,7 @@
 %define support_environment_generators 1
 %endif
 Name:           flatpak
-Version:        1.15.6
+Version:        1.15.8
 Release:        0
 Summary:        OSTree based application bundles management
 License:        LGPL-2.1-or-later
@@ -49,6 +49,8 @@ Source4:        update-user-flatpaks.timer
 Source5:        https://flathub.org/repo/flathub.flatpakrepo
 # PATCH-FEATURE-OPENSUSE polkit_rules_usability.patch -- Make the rules comply with openSUSE expectations
 Patch0:         polkit_rules_usability.patch
+# PATCH-FIX-UPSTREAM libglnx.patch https://gitlab.gnome.org/GNOME/libglnx/-/merge_requests/57
+Patch1:         libglnx.patch
 
 BuildRequires:  bison
 BuildRequires:  bubblewrap >= %{bubblewrap_version}
@@ -59,6 +61,7 @@ BuildRequires:  libcap-devel
 BuildRequires:  libgpg-error-devel
 BuildRequires:  libgpgme-devel >= 1.1.8
 BuildRequires:  libtool
+BuildRequires:  meson
 BuildRequires:  pkgconfig
 BuildRequires:  python3-pyparsing
 BuildRequires:  selinux-policy-devel
@@ -163,8 +166,8 @@ more information.
 Summary:        Add Flathub repository to system flatpak
 Group:          System/Packages
 Requires:       flatpak
-Requires(postun): flatpak
-Requires(postun): sed
+Requires(postun):flatpak
+Requires(postun):sed
 %if 0%{?suse_version} > 1600
 Supplements:    flatpak
 %endif
@@ -204,27 +207,25 @@ fi
 sed -i -e '1s,#!%{_bindir}/env python3,#!%{_bindir}/python3,' scripts/flatpak-*
 
 %build
-./autogen.sh
-%configure \
-	--disable-silent-rules \
-	--with-system-bubblewrap \
-	--with-curl \
-	--with-priv-mode=none \
-	--with-dbus-config-dir=%{_dbusconfigdir} \
-	--with-system-dbus-proxy=%{_bindir}/xdg-dbus-proxy \
+%meson \
+        -Dsystem_bubblewrap=%{_bindir}/bwrap \
+        -Dhttp_backend=curl \
+        -Ddbus_config_dir=%{_dbusconfigdir} \
+        -Dsystem_dbus_proxy=%{_bindir}/xdg-dbus-proxy \
 %if !%{support_environment_generators}
-	--enable-gdm-env-file \
+        -Dgdm_env_file=enabled \
 %endif
-	--enable-documentation \
-	--enable-gtk-doc \
-	--with-wayland-security-context=yes \
-        --with-selinux_module=yes \
-	%{nil}
-%make_build
+        -Dgtkdoc=enabled \
+        -Dwayland_security_context=enabled \
+        -Dselinux_module=enabled \
+        -Dtests=false \
+        -Dmalcontent=disabled \
+        %{nil}
+%meson_build
 %sysusers_generate_pre system-helper/flatpak.conf system-user-flatpak flatpak.conf
 
 %install
-%make_install
+%meson_install
 find %{buildroot} -type f -name "*.la" -delete -print
 mkdir -p %{buildroot}%{_sbindir}
 ln -s service %{buildroot}%{_sbindir}/rcflatpak-system-helper
@@ -331,7 +332,9 @@ fi;
 %{_mandir}/man1/%{name}*.1%{?ext_man}
 %{_mandir}/man5/flatpak-metadata.5%{?ext_man}
 %{_mandir}/man5/flatpak-flatpakref.5%{?ext_man}
+%{_mandir}/man5/flatpakref.5%{?ext_man}
 %{_mandir}/man5/flatpak-flatpakrepo.5%{?ext_man}
+%{_mandir}/man5/flatpakrepo.5%{?ext_man}
 %{_mandir}/man5/flatpak-installation.5%{?ext_man}
 %{_mandir}/man5/flatpak-remote.5%{?ext_man}
 %{_datadir}/%{name}/

libglnx.patch

@@ -0,0 +1,13 @@
+Index: flatpak-1.15.8/subprojects/libglnx/meson.build
+===================================================================
+--- flatpak-1.15.8.orig/subprojects/libglnx/meson.build
++++ flatpak-1.15.8/subprojects/libglnx/meson.build
+@@ -40,7 +40,7 @@ foreach check_function : check_functions
+     #include <linux/random.h>
+     #include <sys/mman.h>
+ 
+-    int func (void) {
++    void func (void) {
+       (void) ''' + check_function + ''';
+     }
+     ''',