From 8ee009d5e1d63a1487eb54b1b803ccb41ce8ad1eab079511c7f04c1aa7a9bb00 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B8rn=20Lie?= Date: Mon, 18 Jan 2021 13:16:26 +0000 Subject: [PATCH] Accepting request 863379 from GNOME:Next New try OBS-URL: https://build.opensuse.org/request/show/863379 OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/flatpak?expand=0&rev=129 --- _service | 2 +- flatpak-1.10.0.tar.xz | 3 +++ flatpak-1.8.4.tar.xz | 3 --- flatpak.changes | 33 +++++++++++++++++++++++++++++++++ flatpak.spec | 4 +++- 5 files changed, 40 insertions(+), 5 deletions(-) create mode 100644 flatpak-1.10.0.tar.xz delete mode 100644 flatpak-1.8.4.tar.xz diff --git a/_service b/_service index 3d064c2..1913ac8 100644 --- a/_service +++ b/_service @@ -4,7 +4,7 @@ https://github.com/flatpak/flatpak.git git @PARENT_TAG@ - refs/tags/1.8.4 + refs/tags/1.10.0 *.tar diff --git a/flatpak-1.10.0.tar.xz b/flatpak-1.10.0.tar.xz new file mode 100644 index 0000000..96d9305 --- /dev/null +++ b/flatpak-1.10.0.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:89192f91c7f3a4bfffcf316c1eb2223f3f91f70420c9ead1faf7bada5176eae1 +size 1116548 diff --git a/flatpak-1.8.4.tar.xz b/flatpak-1.8.4.tar.xz deleted file mode 100644 index 96601f8..0000000 --- a/flatpak-1.8.4.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:4dc2b67bfee64783f6aa0c2c92c12096d5f59c8dcf0e78b4aa53f387506a21bd -size 1047020 diff --git a/flatpak.changes b/flatpak.changes index e534064..3b300bf 100644 --- a/flatpak.changes +++ b/flatpak.changes @@ -1,3 +1,36 @@ +------------------------------------------------------------------- +Fri Jan 15 16:06:24 UTC 2021 - Bjørn Lie + +- Update to version 1.10.0: + + The major new feature in this series compared to 1.8 is the + support for the new repo format which should make updates + faster and download less data. + + The systemd generator snippets now call flatpak + --print-updated-env in place of a bunch of shell for better + login performance. + + The .profile snippets now disable GVfs when calling flatpak to + avoid spawning a gvfs daemon when logging in via ssh. + + Build fixes for GCC 11. + + Flatpak now finds the pulseaudio sockets better in uncommon + configurations. + + Sandboxes with network access it now also has access to the + systemd-resolved socket to do dns lookups. + + Flatpak supports unsetting env vars in the sandbox using + --unset-env, and --env=FOO= now sets FOO to the empty string + instead of unsetting it. + + Similarly the spawn portal has an option to unset an env var. + + The spawn portal now has an option to share the pid namespace + with the sub-sandbox. + +------------------------------------------------------------------- +Fri Jan 15 16:02:40 UTC 2021 - Bjørn Lie + +- Update to version 1.8.5 (CVE-2021-21261): + + This is a security update that fixes a sandbox escape where a + malicious application can execute code outside the sandbox by + controlling the environment of the "flatpak run" command when + spawning a sub-sandbox. + ------------------------------------------------------------------- Thu Jan 7 20:28:03 UTC 2021 - Bjørn Lie diff --git a/flatpak.spec b/flatpak.spec index 138e195..dbaf395 100644 --- a/flatpak.spec +++ b/flatpak.spec @@ -32,7 +32,7 @@ %define libname libflatpak0 Name: flatpak -Version: 1.8.4 +Version: 1.10.0 Release: 0 Summary: OSTree based application bundles management License: LGPL-2.1-or-later @@ -176,6 +176,7 @@ mv %{buildroot}/%{_datadir}/polkit-1/rules.d/{,60-}org.freedesktop.Flatpak.rules %if !%{support_environment_generators} rm -Rf %{buildroot}%{_systemd_user_env_generator_dir} +rm -Rf %{buildroot}%{_systemd_system_env_generator_dir} %endif mkdir -p %{buildroot}%{_sysconfdir}/flatpak/remotes.d @@ -245,6 +246,7 @@ fi %if %{support_environment_generators} %dir %{_systemd_user_env_generator_dir} %{_systemd_user_env_generator_dir}/60-flatpak +%{_systemd_system_env_generator_dir}/60-flatpak-system-only %else # Own dirs so we don't have to depend on gdm for building. %dir %{_datadir}/gdm/