Accepting request 1169145 from GNOME:Next
- Don't allow an executable name to be misinterpreted as a
command-line option for bwrap(1). This prevents a sandbox
escape where a malicious or compromised app could ask
xdg-desktop-portal to generate a .desktop file with access to
files outside the sandbox. (CVE-2024-32462, boo#1223110).
- Pass the -export-dynamic linker option as
-Wl,-export-dynamic, fixing build failures with clang 18 and
lld 18.
- Fix a double-free when installation is cancelled.
- Fix installed-tests failure with "FUSERMOUNT: unbound
variable".
- Changes from version 1.15.7:
- Automatically remove obsolete driver versions and other
autopruned refs.
- --socket=inherit-wayland-socket.
- Automatically reload D-Bus session bus configuration after
installing or upgrading apps, to pick up any exported D-Bus
services.
- Don't parse <developer><name/></developer> as the application
name.
- Don't refuse to start apps when there is no D-Bus system bus
available.
- Don't try to repeat migration of apps whose data was migrated
to a new name and then deleted.
- Improve handling of mixed locales on systems with
systemd-localed.
- Improve display of ellipsized columns in wide terminals.
- Make flatpak info -e look for extensions in all
installations.
- Fix warnings from newer GLib versions.
OBS-URL: https://build.opensuse.org/request/show/1169145
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/flatpak?expand=0&rev=194
This commit is contained in:
Git OBS Bridge
102
flatpak.changes
102
flatpak.changes
@@ -3,48 +3,72 @@ Fri Apr 19 08:05:28 UTC 2024 - Robert Frohl <rfrohl@suse.com>
|
||||
|
||||
- Update to version 1.15.8:
|
||||
+ Security fixes:
|
||||
- Don't allow an executable name to be misinterpreted as a command-line
|
||||
option for bwrap(1). This prevents a sandbox escape where a malicious
|
||||
or compromised app could ask xdg-desktop-portal to generate a .desktop
|
||||
file with access to files outside the sandbox. (CVE-2024-32462, boo#1223110)
|
||||
- Don't allow an executable name to be misinterpreted as a
|
||||
command-line option for bwrap(1). This prevents a sandbox
|
||||
escape where a malicious or compromised app could ask
|
||||
xdg-desktop-portal to generate a .desktop file with access to
|
||||
files outside the sandbox. (CVE-2024-32462, boo#1223110).
|
||||
+ Other bug fixes:
|
||||
- Pass the -export-dynamic linker option as -Wl,-export-dynamic,
|
||||
fixing build failures with clang 18 and lld 18
|
||||
- Fix a double-free when installation is cancelled
|
||||
- Fix installed-tests failure with "FUSERMOUNT: unbound variable"
|
||||
- Translation updates: pt_BR, tr
|
||||
|
||||
- Update to version 1.15.7:
|
||||
- Pass the -export-dynamic linker option as
|
||||
-Wl,-export-dynamic, fixing build failures with clang 18 and
|
||||
lld 18.
|
||||
- Fix a double-free when installation is cancelled.
|
||||
- Fix installed-tests failure with "FUSERMOUNT: unbound
|
||||
variable".
|
||||
- Changes from version 1.15.7:
|
||||
+ New features:
|
||||
- Automatically remove obsolete driver versions and other autopruned refs
|
||||
- --socket=inherit-wayland-socket
|
||||
- Automatically reload D-Bus session bus configuration after installing
|
||||
or upgrading apps, to pick up any exported D-Bus services
|
||||
- Automatically remove obsolete driver versions and other
|
||||
autopruned refs.
|
||||
- --socket=inherit-wayland-socket.
|
||||
- Automatically reload D-Bus session bus configuration after
|
||||
installing or upgrading apps, to pick up any exported D-Bus
|
||||
services.
|
||||
+ Bug fixes:
|
||||
- Don't parse <developer><name/></developer> as the application name
|
||||
- Don't refuse to start apps when there is no D-Bus system bus available
|
||||
- Don't try to repeat migration of apps whose data was migrated to a new
|
||||
name and then deleted
|
||||
- Improve handling of mixed locales on systems with systemd-localed
|
||||
- Improve display of ellipsized columns in wide terminals
|
||||
- Make flatpak info -e look for extensions in all installations
|
||||
- Fix warnings from newer GLib versions
|
||||
- Always set the container environment variable
|
||||
- Always let the app inherit redirected file descriptors
|
||||
- In flatpak ps, add xdg-desktop-portal-gnome to the list of backends
|
||||
we'll use to learn which apps are running in the background
|
||||
- Don't use WAYLAND_SOCKET unless given --socket=inherit-wayland-socket
|
||||
- Use fusermount3 if compiled with FUSE 3, overridable with -Dsystem_fusermount compile-time option
|
||||
- Avoid leaking a temporary variable from /etc/profile.d/flatpak.sh into the shell environment
|
||||
- Improve async-signal safety
|
||||
- Fix various memory leaks
|
||||
- Avoid undefined behaviour of signed left-shift when storing object IDs in a hash table
|
||||
- Detect the correct gtk-doc when cross-compiling
|
||||
- Detect the correct wayland-scanner when cross-compiling
|
||||
- Documentation improvements
|
||||
- Skip more tests when FUSE isn't available
|
||||
- Translation updates
|
||||
- add libglnx.patch to fix meson function detection
|
||||
- Don't parse <developer><name/></developer> as the application
|
||||
name.
|
||||
- Don't refuse to start apps when there is no D-Bus system bus
|
||||
available.
|
||||
- Don't try to repeat migration of apps whose data was migrated
|
||||
to a new name and then deleted.
|
||||
- Improve handling of mixed locales on systems with
|
||||
systemd-localed.
|
||||
- Improve display of ellipsized columns in wide terminals.
|
||||
- Make flatpak info -e look for extensions in all
|
||||
installations.
|
||||
- Fix warnings from newer GLib versions.
|
||||
- Always set the container environment variable.
|
||||
- Always let the app inherit redirected file descriptors.
|
||||
- In flatpak ps, add xdg-desktop-portal-gnome to the list of
|
||||
backends we'll use to learn which apps are running in the
|
||||
background.
|
||||
- Don't use WAYLAND_SOCKET unless given
|
||||
--socket=inherit-wayland-socket.
|
||||
- Use fusermount3 if compiled with FUSE 3, overridable with
|
||||
-Dsystem_fusermount compile-time option.
|
||||
- Avoid leaking a temporary variable from
|
||||
/etc/profile.d/flatpak.sh into the shell environment.
|
||||
- Improve async-signal safety.
|
||||
- Fix various memory leaks.
|
||||
- Avoid undefined behaviour of signed left-shift when storing
|
||||
object IDs in a hash table.
|
||||
- Detect the correct gtk-doc when cross-compiling.
|
||||
- Detect the correct wayland-scanner when cross-compiling.
|
||||
- Documentation improvements.
|
||||
- Skip more tests when FUSE isn't available.
|
||||
- Updated translations.
|
||||
- Add libglnx.patch: fix meson function detection.
|
||||
- Switch build system to meson:
|
||||
+ Add meson BuildRequires.
|
||||
+ Switch configure/make_build/make_install macros to
|
||||
meson/meson_build/meson_install, preserving the configure
|
||||
parameters as close as possible:
|
||||
--disable-silent-rules => obsoleted
|
||||
--with-system-bubblewrap => -Dsystem_bubblewrap=bwrap
|
||||
--with-curl => -Dhttp_backend=curl
|
||||
- Add pkgconfig(malcontent-0) BuildRequires: enable malcontent
|
||||
support.
|
||||
- Enable test suite: call meson_test in check section.
|
||||
- Add socat BuildRequires: needed by the test suite.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Mar 19 08:06:34 UTC 2024 - Antonio Larrosa <alarrosa@suse.com>
|
||||
|
||||
12
flatpak.spec
12
flatpak.spec
@@ -54,7 +54,6 @@ Patch1: libglnx.patch
|
||||
|
||||
BuildRequires: bison
|
||||
BuildRequires: bubblewrap >= %{bubblewrap_version}
|
||||
BuildRequires: cmake
|
||||
BuildRequires: docbook-xsl-stylesheets
|
||||
BuildRequires: gtk-doc
|
||||
BuildRequires: intltool >= 0.35.0
|
||||
@@ -62,7 +61,6 @@ BuildRequires: libcap-devel
|
||||
BuildRequires: libgpg-error-devel
|
||||
BuildRequires: libgpgme-devel >= 1.1.8
|
||||
BuildRequires: libtool
|
||||
BuildRequires: malcontent-devel
|
||||
BuildRequires: meson
|
||||
BuildRequires: pkgconfig
|
||||
BuildRequires: python3-pyparsing
|
||||
@@ -90,6 +88,7 @@ BuildRequires: pkgconfig(libseccomp)
|
||||
BuildRequires: pkgconfig(libsystemd)
|
||||
BuildRequires: pkgconfig(libxml-2.0) >= 2.4
|
||||
BuildRequires: pkgconfig(libzstd) >= 0.8.1
|
||||
BuildRequires: pkgconfig(malcontent-0)
|
||||
BuildRequires: pkgconfig(ostree-1) >= %{ostree_version}
|
||||
BuildRequires: pkgconfig(polkit-gobject-1)
|
||||
BuildRequires: pkgconfig(systemd)
|
||||
@@ -169,8 +168,8 @@ more information.
|
||||
Summary: Add Flathub repository to system flatpak
|
||||
Group: System/Packages
|
||||
Requires: flatpak
|
||||
Requires(postun):flatpak
|
||||
Requires(postun):sed
|
||||
Requires(postun): flatpak
|
||||
Requires(postun): sed
|
||||
%if 0%{?suse_version} > 1600
|
||||
Supplements: flatpak
|
||||
%endif
|
||||
@@ -211,7 +210,7 @@ sed -i -e '1s,#!%{_bindir}/env python3,#!%{_bindir}/python3,' scripts/flatpak-*
|
||||
|
||||
%build
|
||||
%meson \
|
||||
-Dsystem_bubblewrap=bwrap \
|
||||
-Dsystem_bubblewrap=%{_bindir}/bwrap \
|
||||
-Dhttp_backend=curl \
|
||||
-Ddbus_config_dir=%{_dbusconfigdir} \
|
||||
-Dsystem_dbus_proxy=%{_bindir}/xdg-dbus-proxy \
|
||||
@@ -255,6 +254,9 @@ install -D -m 644 -t %{buildroot}%{_sysconfdir}/flatpak/remotes.d %{SOURCE5}
|
||||
|
||||
%find_lang %{name}
|
||||
|
||||
%check
|
||||
%meson_test
|
||||
|
||||
%pre -n system-user-flatpak -f system-user-flatpak.pre
|
||||
%post -n %{libname} -p /sbin/ldconfig
|
||||
%postun -n %{libname} -p /sbin/ldconfig
|
||||
|
||||
Reference in New Issue
Block a user