diff --git a/flatpak-1.15.6.tar.xz b/flatpak-1.15.6.tar.xz deleted file mode 100644 index 60128a2..0000000 --- a/flatpak-1.15.6.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:8eb68189eb4850a34752feb29827cc2cc744c1981b8915e280ec1cf5bc387962 -size 1315036 diff --git a/flatpak-1.15.8.tar.xz b/flatpak-1.15.8.tar.xz new file mode 100644 index 0000000..c15e6ff --- /dev/null +++ b/flatpak-1.15.8.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:e89bcf42fd1eb0fadf14c8b5845bc31cb78a2624f3bdc9bcdd007cc75022e4d3 +size 1300484 diff --git a/flatpak.changes b/flatpak.changes index 02260d3..c8b7682 100644 --- a/flatpak.changes +++ b/flatpak.changes @@ -1,3 +1,79 @@ +------------------------------------------------------------------- +Tue Apr 23 13:23:52 UTC 2024 - Robert Frohl + +- disable parental controls for now by using '-Dmalcontent=disabled', to work around + issues with xdg-desktop-portal + +------------------------------------------------------------------- +Fri Apr 19 08:05:28 UTC 2024 - Robert Frohl + +- Update to version 1.15.8: + + Security fixes: + - Don't allow an executable name to be misinterpreted as a + command-line option for bwrap(1). This prevents a sandbox + escape where a malicious or compromised app could ask + xdg-desktop-portal to generate a .desktop file with access to + files outside the sandbox. (CVE-2024-32462, boo#1223110). + + Other bug fixes: + - Pass the -export-dynamic linker option as + -Wl,-export-dynamic, fixing build failures with clang 18 and + lld 18. + - Fix a double-free when installation is cancelled. + - Fix installed-tests failure with "FUSERMOUNT: unbound + variable". +- Changes from version 1.15.7: + + New features: + - Automatically remove obsolete driver versions and other + autopruned refs. + - --socket=inherit-wayland-socket. + - Automatically reload D-Bus session bus configuration after + installing or upgrading apps, to pick up any exported D-Bus + services. + + Bug fixes: + - Don't parse as the application + name. + - Don't refuse to start apps when there is no D-Bus system bus + available. + - Don't try to repeat migration of apps whose data was migrated + to a new name and then deleted. + - Improve handling of mixed locales on systems with + systemd-localed. + - Improve display of ellipsized columns in wide terminals. + - Make flatpak info -e look for extensions in all + installations. + - Fix warnings from newer GLib versions. + - Always set the container environment variable. + - Always let the app inherit redirected file descriptors. + - In flatpak ps, add xdg-desktop-portal-gnome to the list of + backends we'll use to learn which apps are running in the + background. + - Don't use WAYLAND_SOCKET unless given + --socket=inherit-wayland-socket. + - Use fusermount3 if compiled with FUSE 3, overridable with + -Dsystem_fusermount compile-time option. + - Avoid leaking a temporary variable from + /etc/profile.d/flatpak.sh into the shell environment. + - Improve async-signal safety. + - Fix various memory leaks. + - Avoid undefined behaviour of signed left-shift when storing + object IDs in a hash table. + - Detect the correct gtk-doc when cross-compiling. + - Detect the correct wayland-scanner when cross-compiling. + - Documentation improvements. + - Skip more tests when FUSE isn't available. + - Updated translations. +- Add libglnx.patch: fix meson function detection. +- Switch build system to meson: + + Add meson BuildRequires. + + Switch configure/make_build/make_install macros to + meson/meson_build/meson_install, preserving the configure + parameters as close as possible: + --disable-silent-rules => obsoleted + --with-system-bubblewrap => -Dsystem_bubblewrap=bwrap + --with-curl => -Dhttp_backend=curl +- Add pkgconfig(malcontent-0) BuildRequires: enable malcontent + support. + ------------------------------------------------------------------- Tue Mar 19 08:06:34 UTC 2024 - Antonio Larrosa diff --git a/flatpak.spec b/flatpak.spec index 2f6343e..265b3ee 100644 --- a/flatpak.spec +++ b/flatpak.spec @@ -35,7 +35,7 @@ %define support_environment_generators 1 %endif Name: flatpak -Version: 1.15.6 +Version: 1.15.8 Release: 0 Summary: OSTree based application bundles management License: LGPL-2.1-or-later @@ -49,6 +49,8 @@ Source4: update-user-flatpaks.timer Source5: https://flathub.org/repo/flathub.flatpakrepo # PATCH-FEATURE-OPENSUSE polkit_rules_usability.patch -- Make the rules comply with openSUSE expectations Patch0: polkit_rules_usability.patch +# PATCH-FIX-UPSTREAM libglnx.patch https://gitlab.gnome.org/GNOME/libglnx/-/merge_requests/57 +Patch1: libglnx.patch BuildRequires: bison BuildRequires: bubblewrap >= %{bubblewrap_version} @@ -59,6 +61,7 @@ BuildRequires: libcap-devel BuildRequires: libgpg-error-devel BuildRequires: libgpgme-devel >= 1.1.8 BuildRequires: libtool +BuildRequires: meson BuildRequires: pkgconfig BuildRequires: python3-pyparsing BuildRequires: selinux-policy-devel @@ -163,8 +166,8 @@ more information. Summary: Add Flathub repository to system flatpak Group: System/Packages Requires: flatpak -Requires(postun): flatpak -Requires(postun): sed +Requires(postun):flatpak +Requires(postun):sed %if 0%{?suse_version} > 1600 Supplements: flatpak %endif @@ -204,27 +207,25 @@ fi sed -i -e '1s,#!%{_bindir}/env python3,#!%{_bindir}/python3,' scripts/flatpak-* %build -./autogen.sh -%configure \ - --disable-silent-rules \ - --with-system-bubblewrap \ - --with-curl \ - --with-priv-mode=none \ - --with-dbus-config-dir=%{_dbusconfigdir} \ - --with-system-dbus-proxy=%{_bindir}/xdg-dbus-proxy \ +%meson \ + -Dsystem_bubblewrap=%{_bindir}/bwrap \ + -Dhttp_backend=curl \ + -Ddbus_config_dir=%{_dbusconfigdir} \ + -Dsystem_dbus_proxy=%{_bindir}/xdg-dbus-proxy \ %if !%{support_environment_generators} - --enable-gdm-env-file \ + -Dgdm_env_file=enabled \ %endif - --enable-documentation \ - --enable-gtk-doc \ - --with-wayland-security-context=yes \ - --with-selinux_module=yes \ - %{nil} -%make_build + -Dgtkdoc=enabled \ + -Dwayland_security_context=enabled \ + -Dselinux_module=enabled \ + -Dtests=false \ + -Dmalcontent=disabled \ + %{nil} +%meson_build %sysusers_generate_pre system-helper/flatpak.conf system-user-flatpak flatpak.conf %install -%make_install +%meson_install find %{buildroot} -type f -name "*.la" -delete -print mkdir -p %{buildroot}%{_sbindir} ln -s service %{buildroot}%{_sbindir}/rcflatpak-system-helper @@ -331,7 +332,9 @@ fi; %{_mandir}/man1/%{name}*.1%{?ext_man} %{_mandir}/man5/flatpak-metadata.5%{?ext_man} %{_mandir}/man5/flatpak-flatpakref.5%{?ext_man} +%{_mandir}/man5/flatpakref.5%{?ext_man} %{_mandir}/man5/flatpak-flatpakrepo.5%{?ext_man} +%{_mandir}/man5/flatpakrepo.5%{?ext_man} %{_mandir}/man5/flatpak-installation.5%{?ext_man} %{_mandir}/man5/flatpak-remote.5%{?ext_man} %{_datadir}/%{name}/ diff --git a/libglnx.patch b/libglnx.patch new file mode 100644 index 0000000..f8bff37 --- /dev/null +++ b/libglnx.patch @@ -0,0 +1,13 @@ +Index: flatpak-1.15.8/subprojects/libglnx/meson.build +=================================================================== +--- flatpak-1.15.8.orig/subprojects/libglnx/meson.build ++++ flatpak-1.15.8/subprojects/libglnx/meson.build +@@ -40,7 +40,7 @@ foreach check_function : check_functions + #include + #include + +- int func (void) { ++ void func (void) { + (void) ''' + check_function + '''; + } + ''',