Accepting request 1126468 from GNOME:Next

- Update to version 1.15.6: + In distributions that compile Flatpak to use a separate bubblewrap (bwrap) executable, version 0.8.0 is now required. + Enabling the optional Wayland security context feature requires libwayland-client, wayland-scanner >= 1.15 and wayland-protocols >= 1.32. + Add --device=input, for access to evdev devices in /dev/input + Update bundled copy of bubblewrap to version 0.8.0, and rely on its features: + Improve error message if seccomp is disabled in kernel config + Security hardening: set user namespace limit to 0, to prevent creation of nested user namespaces in a more robust way + For subsandboxes started by flatpak-portal, inherit environment variables from the flatpak run that started the original instance rather than from flatpak-portal, fixing behaviour of FLATPAK_GL_DRIVERS and similar features + Stop http transfers if a download in progress becomes very slow + Make it easier to configure extra languages, by picking them up from AccountsService if configured there + Add new flatpak_transaction_add_rebase_and_uninstall() API, allowing end-of-life apps to be replaced by their intended replacement more reliably + Create a private Wayland socket with the "security context" extension if available, allowing the compositor to identify connections from sandboxed apps as belonging to the sandbox + Update libglnx to 2023-08-29 + Use features of newer GLib versions if available + Turn off system-level crash reporting infrastructure during some unit tests that involve intentional assertion failures + Add anchors to link to sections of flatpak-metadata documentation + Bug fixes: - Avoid warnings processing symbolic links with GLib >= 2.77.0, and with GLib 2.76.0 (GLib 2.76.1 or later silences these warnings) - Bypass page cache for backend requests in revokefs, fixing installation errors with libostree 2023.4 - Show AppStream metadata in flatpak remote-info as intended - Don't let Flatpak apps inherit VK_DRIVER_FILES or VK_ICD_FILENAMES from the host system, which would be wrong for the sandbox - Fix build failure with prereleases of libappstream 0.17.x - Forward-compatibility with libappstream 1.0 - Fix installation with Meson if configured with -Dauto_sideloading=true - Fix a memory leak - Fix compiler warnings - Make the tests fail more comprehensibly if a required tool is missing - Clean up /var/tmp/flatpak-cache-* directories on boot - Don't force GIO_USE_VFS=local for programs launched via flatpak-spawn - Clarify documentation for D-Bus name ownership + Internal changes: - Split up large source files into smaller modules, reducing internal circular dependencies - Re-synchronize code backported from GLib with the version in GLib - Clarify documentation for D-Bus name ownership - Make the flags used to apply "extra data" clearer - Use glnx_opendirat() where possible + Updated translations. - Add pkgconfig(wayland-client), pkgconfig(wayland-scanner) and pkgconfig(wayland-protocols) BuildRequires and pass with-wayland-security-context=yes to configure: Enable the optional Wayland security context. OBS-URL: https://build.opensuse.org/request/show/1126468 OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/flatpak?expand=0&rev=187
2023-11-17 15:47:01 +00:00 · 2023-11-17 15:47:01 +00:00 · ec0fcb47a3
commit ec0fcb47a3
parent 0914090f30
4 changed files with 81 additions and 5 deletions
--- a/flatpak-1.15.4.tar.xz
+++ b/flatpak-1.15.4.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:bef695d893d1e0239a68441d6b328edeb6d1e58a902c92f9278e94da914ab91f
-size 1271428
--- a/flatpak-1.15.6.tar.xz
+++ b/flatpak-1.15.6.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:8eb68189eb4850a34752feb29827cc2cc744c1981b8915e280ec1cf5bc387962
+size 1315036
--- a/flatpak.changes
+++ b/flatpak.changes
@ -1,3 +1,73 @@
+-------------------------------------------------------------------
+Tue Nov 14 19:34:15 UTC 2023 - Bjørn Lie <bjorn.lie@gmail.com>
+
+- Update to version 1.15.6:
+  + In distributions that compile Flatpak to use a separate
+    bubblewrap (bwrap) executable, version 0.8.0 is now required.
+  + Enabling the optional Wayland security context feature requires
+    libwayland-client, wayland-scanner >= 1.15 and
+    wayland-protocols >= 1.32.
+  + Add --device=input, for access to evdev devices in /dev/input
+  + Update bundled copy of bubblewrap to version 0.8.0, and rely on
+    its features:
+  + Improve error message if seccomp is disabled in kernel config
+  + Security hardening: set user namespace limit to 0, to prevent
+    creation of nested user namespaces in a more robust way
+  + For subsandboxes started by flatpak-portal, inherit
+    environment variables from the flatpak run that started the
+    original instance rather than from flatpak-portal, fixing
+    behaviour of FLATPAK_GL_DRIVERS and similar features
+  + Stop http transfers if a download in progress becomes very slow
+  + Make it easier to configure extra languages, by picking them up
+    from AccountsService if configured there
+  + Add new flatpak_transaction_add_rebase_and_uninstall() API,
+    allowing end-of-life apps to be replaced by their intended
+    replacement more reliably
+  + Create a private Wayland socket with the "security context"
+    extension if available, allowing the compositor to identify
+    connections from sandboxed apps as belonging to the sandbox
+  + Update libglnx to 2023-08-29
+  + Use features of newer GLib versions if available
+  + Turn off system-level crash reporting infrastructure during
+    some unit tests that involve intentional assertion failures
+  + Add anchors to link to sections of flatpak-metadata
+    documentation
+  + Bug fixes:
+    - Avoid warnings processing symbolic links with GLib >= 2.77.0,
+      and with GLib 2.76.0 (GLib 2.76.1 or later silences these
+      warnings)
+    - Bypass page cache for backend requests in revokefs, fixing
+      installation errors with libostree 2023.4
+    - Show AppStream metadata in flatpak remote-info as intended
+    - Don't let Flatpak apps inherit VK_DRIVER_FILES or
+      VK_ICD_FILENAMES from the host system, which would be wrong
+      for the sandbox
+    - Fix build failure with prereleases of libappstream 0.17.x
+    - Forward-compatibility with libappstream 1.0
+    - Fix installation with Meson if configured with
+      -Dauto_sideloading=true
+    - Fix a memory leak
+    - Fix compiler warnings
+    - Make the tests fail more comprehensibly if a required tool is
+      missing
+    - Clean up /var/tmp/flatpak-cache-* directories on boot
+    - Don't force GIO_USE_VFS=local for programs launched via
+      flatpak-spawn
+    - Clarify documentation for D-Bus name ownership
+   + Internal changes:
+     - Split up large source files into smaller modules, reducing
+       internal circular dependencies
+     - Re-synchronize code backported from GLib with the version in
+       GLib
+     - Clarify documentation for D-Bus name ownership
+     - Make the flags used to apply "extra data" clearer
+     - Use glnx_opendirat() where possible
+  + Updated translations.
+- Add pkgconfig(wayland-client), pkgconfig(wayland-scanner) and
+  pkgconfig(wayland-protocols) BuildRequires and pass
+  with-wayland-security-context=yes to configure: Enable the
+  optional Wayland security context.
+
 -------------------------------------------------------------------
 Wed Aug  2 20:23:29 UTC 2023 - Luciano Santos <luc14n0@opensuse.org>

--- a/flatpak.spec
+++ b/flatpak.spec
@ -17,7 +17,7 @@


 %define libname libflatpak0
-%define bubblewrap_version 0.5.0
+%define bubblewrap_version 0.8.0
 %define ostree_version 2020.8
 %define xdg_dbus_proxy_version 0.1.0

@ -34,7 +34,7 @@
 %define support_environment_generators 1
 %endif
 Name:           flatpak
-Version:        1.15.4
+Version:        1.15.6
 Release:        0
 Summary:        OSTree based application bundles management
 License:        LGPL-2.1-or-later
@ -85,6 +85,9 @@ BuildRequires:  pkgconfig(libzstd) >= 0.8.1
 BuildRequires:  pkgconfig(ostree-1) >= %{ostree_version}
 BuildRequires:  pkgconfig(polkit-gobject-1)
 BuildRequires:  pkgconfig(systemd)
+BuildRequires:  pkgconfig(wayland-client) >= 1.15
+BuildRequires:  pkgconfig(wayland-protocols) >= 1.32
+BuildRequires:  pkgconfig(wayland-scanner) >= 1.15
 BuildRequires:  pkgconfig(xau)
 Requires:       %{libname} = %{version}
 Requires:       bubblewrap >= %{bubblewrap_version}
@ -195,6 +198,7 @@ sed -i -e '1s,#!%{_bindir}/env python3,#!%{_bindir}/python3,' scripts/flatpak-*
 %endif
 	--enable-documentation \
 	--enable-gtk-doc \
+	--with-wayland-security-context=yes \
 	%{nil}
 %make_build
 %sysusers_generate_pre system-helper/flatpak.conf system-user-flatpak flatpak.conf
@ -252,6 +256,7 @@ if [ -e "%{_localstatedir}/lib/flatpak/repo" ] && [ -z "$(ls -A %{_localstatedir
 rm -r %{_localstatedir}/lib/flatpak/repo
 fi
 %{_bindir}/flatpak remotes 1> /dev/null
+%tmpfiles_create %{_tmpfilesdir}/flatpak.conf

 %postun
 %service_del_postun flatpak-system-helper.service
@ -316,6 +321,7 @@ fi
 %{_userunitdir}/flatpak-oci-authenticator.service
 %{_datadir}/dbus-1/interfaces/org.freedesktop.Flatpak.Authenticator.xml
 %{_datadir}/dbus-1/services/org.flatpak.Authenticator.Oci.service
+%{_tmpfilesdir}/flatpak.conf

 %files -n system-user-flatpak
 %license COPYING