Accepting request 1127339 from GNOME:Factory

- Update to version 1.15.6:
  + In distributions that compile Flatpak to use a separate
    bubblewrap (bwrap) executable, version 0.8.0 is now required.
  + Enabling the optional Wayland security context feature requires
    libwayland-client, wayland-scanner >= 1.15 and
    wayland-protocols >= 1.32.
  + Add --device=input, for access to evdev devices in /dev/input
  + Update bundled copy of bubblewrap to version 0.8.0, and rely on
    its features:
  + Improve error message if seccomp is disabled in kernel config
  + Security hardening: set user namespace limit to 0, to prevent
    creation of nested user namespaces in a more robust way
  + For subsandboxes started by flatpak-portal, inherit
    environment variables from the flatpak run that started the
    original instance rather than from flatpak-portal, fixing
    behaviour of FLATPAK_GL_DRIVERS and similar features
  + Stop http transfers if a download in progress becomes very slow
  + Make it easier to configure extra languages, by picking them up
    from AccountsService if configured there
  + Add new flatpak_transaction_add_rebase_and_uninstall() API,
    allowing end-of-life apps to be replaced by their intended
    replacement more reliably
  + Create a private Wayland socket with the "security context"
    extension if available, allowing the compositor to identify
    connections from sandboxed apps as belonging to the sandbox
  + Update libglnx to 2023-08-29
  + Use features of newer GLib versions if available
  + Turn off system-level crash reporting infrastructure during
    some unit tests that involve intentional assertion failures
  + Add anchors to link to sections of flatpak-metadata
    documentation
  + Bug fixes:
    - Avoid warnings processing symbolic links with GLib >= 2.77.0,
      and with GLib 2.76.0 (GLib 2.76.1 or later silences these
      warnings)
    - Bypass page cache for backend requests in revokefs, fixing
      installation errors with libostree 2023.4
    - Show AppStream metadata in flatpak remote-info as intended
    - Don't let Flatpak apps inherit VK_DRIVER_FILES or
      VK_ICD_FILENAMES from the host system, which would be wrong
      for the sandbox
    - Fix build failure with prereleases of libappstream 0.17.x
    - Forward-compatibility with libappstream 1.0
    - Fix installation with Meson if configured with
      -Dauto_sideloading=true
    - Fix a memory leak
    - Fix compiler warnings
    - Make the tests fail more comprehensibly if a required tool is
      missing
    - Clean up /var/tmp/flatpak-cache-* directories on boot
    - Don't force GIO_USE_VFS=local for programs launched via
      flatpak-spawn
    - Clarify documentation for D-Bus name ownership
   + Internal changes:
     - Split up large source files into smaller modules, reducing
       internal circular dependencies
     - Re-synchronize code backported from GLib with the version in
       GLib
     - Clarify documentation for D-Bus name ownership
     - Make the flags used to apply "extra data" clearer
     - Use glnx_opendirat() where possible
  + Updated translations.
- Add pkgconfig(wayland-client), pkgconfig(wayland-scanner) and
  pkgconfig(wayland-protocols) BuildRequires and pass
  with-wayland-security-context=yes to configure: Enable the
  optional Wayland security context. (forwarded request 1126468 from iznogood)

OBS-URL: https://build.opensuse.org/request/show/1127339
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/flatpak?expand=0&rev=81

flatpak-1.15.4.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:bef695d893d1e0239a68441d6b328edeb6d1e58a902c92f9278e94da914ab91f
-size 1271428

flatpak-1.15.6.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:8eb68189eb4850a34752feb29827cc2cc744c1981b8915e280ec1cf5bc387962
+size 1315036

flatpak.changes

@@ -1,3 +1,73 @@
+-------------------------------------------------------------------
+Tue Nov 14 19:34:15 UTC 2023 - Bjørn Lie <bjorn.lie@gmail.com>
+
+- Update to version 1.15.6:
+  + In distributions that compile Flatpak to use a separate
+    bubblewrap (bwrap) executable, version 0.8.0 is now required.
+  + Enabling the optional Wayland security context feature requires
+    libwayland-client, wayland-scanner >= 1.15 and
+    wayland-protocols >= 1.32.
+  + Add --device=input, for access to evdev devices in /dev/input
+  + Update bundled copy of bubblewrap to version 0.8.0, and rely on
+    its features:
+  + Improve error message if seccomp is disabled in kernel config
+  + Security hardening: set user namespace limit to 0, to prevent
+    creation of nested user namespaces in a more robust way
+  + For subsandboxes started by flatpak-portal, inherit
+    environment variables from the flatpak run that started the
+    original instance rather than from flatpak-portal, fixing
+    behaviour of FLATPAK_GL_DRIVERS and similar features
+  + Stop http transfers if a download in progress becomes very slow
+  + Make it easier to configure extra languages, by picking them up
+    from AccountsService if configured there
+  + Add new flatpak_transaction_add_rebase_and_uninstall() API,
+    allowing end-of-life apps to be replaced by their intended
+    replacement more reliably
+  + Create a private Wayland socket with the "security context"
+    extension if available, allowing the compositor to identify
+    connections from sandboxed apps as belonging to the sandbox
+  + Update libglnx to 2023-08-29
+  + Use features of newer GLib versions if available
+  + Turn off system-level crash reporting infrastructure during
+    some unit tests that involve intentional assertion failures
+  + Add anchors to link to sections of flatpak-metadata
+    documentation
+  + Bug fixes:
+    - Avoid warnings processing symbolic links with GLib >= 2.77.0,
+      and with GLib 2.76.0 (GLib 2.76.1 or later silences these
+      warnings)
+    - Bypass page cache for backend requests in revokefs, fixing
+      installation errors with libostree 2023.4
+    - Show AppStream metadata in flatpak remote-info as intended
+    - Don't let Flatpak apps inherit VK_DRIVER_FILES or
+      VK_ICD_FILENAMES from the host system, which would be wrong
+      for the sandbox
+    - Fix build failure with prereleases of libappstream 0.17.x
+    - Forward-compatibility with libappstream 1.0
+    - Fix installation with Meson if configured with
+      -Dauto_sideloading=true
+    - Fix a memory leak
+    - Fix compiler warnings
+    - Make the tests fail more comprehensibly if a required tool is
+      missing
+    - Clean up /var/tmp/flatpak-cache-* directories on boot
+    - Don't force GIO_USE_VFS=local for programs launched via
+      flatpak-spawn
+    - Clarify documentation for D-Bus name ownership
+   + Internal changes:
+     - Split up large source files into smaller modules, reducing
+       internal circular dependencies
+     - Re-synchronize code backported from GLib with the version in
+       GLib
+     - Clarify documentation for D-Bus name ownership
+     - Make the flags used to apply "extra data" clearer
+     - Use glnx_opendirat() where possible
+  + Updated translations.
+- Add pkgconfig(wayland-client), pkgconfig(wayland-scanner) and
+  pkgconfig(wayland-protocols) BuildRequires and pass
+  with-wayland-security-context=yes to configure: Enable the
+  optional Wayland security context.
+
 -------------------------------------------------------------------
 Wed Aug  2 20:23:29 UTC 2023 - Luciano Santos <luc14n0@opensuse.org>
 

flatpak.spec

@@ -17,7 +17,7 @@
 
 
 %define libname libflatpak0
-%define bubblewrap_version 0.5.0
+%define bubblewrap_version 0.8.0
 %define ostree_version 2020.8
 %define xdg_dbus_proxy_version 0.1.0
 
@@ -34,7 +34,7 @@
 %define support_environment_generators 1
 %endif
 Name:           flatpak
-Version:        1.15.4
+Version:        1.15.6
 Release:        0
 Summary:        OSTree based application bundles management
 License:        LGPL-2.1-or-later
@@ -85,6 +85,9 @@ BuildRequires:  pkgconfig(libzstd) >= 0.8.1
 BuildRequires:  pkgconfig(ostree-1) >= %{ostree_version}
 BuildRequires:  pkgconfig(polkit-gobject-1)
 BuildRequires:  pkgconfig(systemd)
+BuildRequires:  pkgconfig(wayland-client) >= 1.15
+BuildRequires:  pkgconfig(wayland-protocols) >= 1.32
+BuildRequires:  pkgconfig(wayland-scanner) >= 1.15
 BuildRequires:  pkgconfig(xau)
 Requires:       %{libname} = %{version}
 Requires:       bubblewrap >= %{bubblewrap_version}
@@ -195,6 +198,7 @@ sed -i -e '1s,#!%{_bindir}/env python3,#!%{_bindir}/python3,' scripts/flatpak-*
 %endif
 	--enable-documentation \
 	--enable-gtk-doc \
+	--with-wayland-security-context=yes \
 	%{nil}
 %make_build
 %sysusers_generate_pre system-helper/flatpak.conf system-user-flatpak flatpak.conf
@@ -252,6 +256,7 @@ if [ -e "%{_localstatedir}/lib/flatpak/repo" ] && [ -z "$(ls -A %{_localstatedir
 rm -r %{_localstatedir}/lib/flatpak/repo
 fi
 %{_bindir}/flatpak remotes 1> /dev/null
+%tmpfiles_create %{_tmpfilesdir}/flatpak.conf
 
 %postun
 %service_del_postun flatpak-system-helper.service
@@ -316,6 +321,7 @@ fi
 %{_userunitdir}/flatpak-oci-authenticator.service
 %{_datadir}/dbus-1/interfaces/org.freedesktop.Flatpak.Authenticator.xml
 %{_datadir}/dbus-1/services/org.flatpak.Authenticator.Oci.service
+%{_tmpfilesdir}/flatpak.conf
 
 %files -n system-user-flatpak
 %license COPYING