- Update to version 1.16.2:
+ Enhancements:
- Documentation improvements
- Support the reinstall option on bundle installations
- Enable the VA-API extension for Intel Xe GPUs
- Documentation improvements
- Add cancellation support for curl downloads
+ Bug fixes:
- Provide an empty /run/host/font-dirs.xml during flatpak build
- Fix various issues with flatpak mask and flatpak pin by
reloading the repo configuration after changes done via the
system helper
- Fix an issue where the home directory would accidentally be
accessible when a bad version of glib is in use, the app has
access to a standard XDG directory, and that directory is not
available on the system
- flatpak-kill will no longer send SIGKILL to all processes in
the current process group
- Various bug fixes for the OCI support
- Fix various memory leaks
- Fix various crashes
+ Updated translations.
- Drop cd80e843435df5ce70d9a2b6710098135ceb9085.patch: Fixed
upstream. (forwarded request 1323545 from iznogood)
OBS-URL: https://build.opensuse.org/request/show/1323660
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/flatpak?expand=0&rev=97
- Update to version 1.16.2:
+ Enhancements:
- Documentation improvements
- Support the reinstall option on bundle installations
- Enable the VA-API extension for Intel Xe GPUs
- Documentation improvements
- Add cancellation support for curl downloads
+ Bug fixes:
- Provide an empty /run/host/font-dirs.xml during flatpak build
- Fix various issues with flatpak mask and flatpak pin by
reloading the repo configuration after changes done via the
system helper
- Fix an issue where the home directory would accidentally be
accessible when a bad version of glib is in use, the app has
access to a standard XDG directory, and that directory is not
available on the system
- flatpak-kill will no longer send SIGKILL to all processes in
the current process group
- Various bug fixes for the OCI support
- Fix various memory leaks
- Fix various crashes
+ Updated translations.
- Drop cd80e843435df5ce70d9a2b6710098135ceb9085.patch: Fixed
upstream.
OBS-URL: https://build.opensuse.org/request/show/1323545
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/flatpak?expand=0&rev=223
- Update to version 1.16.1:
+ Bug fixes:
- Fix intermittent flatpak-portal crashes by avoiding
unnecessary multi-threading
- Don't show a confusing confirmation prompt when flatpak
remove --unused removes autoprune-unless extensions that are
no longer needed, such as older Nvidia drivers
- Don't propagate $PYTHONPYCACHEPREFIX from host into sandbox
- Don't propagate $WAYLAND_DISPLAY, $WAYLAND_SOCKET from host
into sandbox if access to the Wayland socket has been denied
- When discovering the AT-SPI bus, treat $AT_SPI_BUS_ADDRESS as
higher-priority than GetAddress(), more closely matching the
behaviour of AT-SPI itself
- Fix a memory leak when installing extra-data
- Don't show fatal transaction errors twice
- Fix the build with -Ddefault_library=static
- Fix incorrect error reporting
- When using FLATPAK_TTY_PROGRESS, terminate OSC escape
sequence with standard ST sequence instead of xterm-specific
BEL
- Include all options in shell completion for flatpak search
+ Enhancements:
- When using parental controls, allow a child account to update
existing apps by default, to ensure that security and bugfix
updates can be installed. This can be overridden by setting
polkit policy rules for the new
org.freedesktop.Flatpak.override-parental-controls-update
action if necessary
- Make systemd scopes easier to match to Flatpak app instances,
by using the instance ID instead of the top-level process ID
OBS-URL: https://build.opensuse.org/request/show/1276603
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/flatpak?expand=0&rev=216
- Added p11-kit-server to fix boo#1221557
After OBS Studio flatpak updating to KDE Runtime 6.6 it was revealed that it no longer could verify SSL certificates. The root cause turned out to be a missing p11-kit-server which on most distributions is installed as recommended along side flatpak (see Fedora).
With this little addition I hope to fix random SSL errors for KDE Runtime 6.6 and newer also for openSUSE Tumbleweed.
As a side note Leap is affected as well by this. Might be worth back porting this patch?
- As per documentation from flatpak 1.0: add weak dep on
p11-kit-server for certificate transfer (boo#1188902) (forwarded request 1192619 from dimstar)
OBS-URL: https://build.opensuse.org/request/show/1192622
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/flatpak?expand=0&rev=87
- Added p11-kit-server to fix boo#1221557
After OBS Studio flatpak updating to KDE Runtime 6.6 it was revealed that it no longer could verify SSL certificates. The root cause turned out to be a missing p11-kit-server which on most distributions is installed as recommended along side flatpak (see Fedora).
With this little addition I hope to fix random SSL errors for KDE Runtime 6.6 and newer also for openSUSE Tumbleweed.
As a side note Leap is affected as well by this. Might be worth back porting this patch?
- As per documentation from flatpak 1.0: add weak dep on
p11-kit-server for certificate transfer (boo#1188902)
OBS-URL: https://build.opensuse.org/request/show/1192619
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/flatpak?expand=0&rev=202
- Don't allow an executable name to be misinterpreted as a
command-line option for bwrap(1). This prevents a sandbox
escape where a malicious or compromised app could ask
xdg-desktop-portal to generate a .desktop file with access to
files outside the sandbox. (CVE-2024-32462, boo#1223110).
- Pass the -export-dynamic linker option as
-Wl,-export-dynamic, fixing build failures with clang 18 and
lld 18.
- Fix a double-free when installation is cancelled.
- Fix installed-tests failure with "FUSERMOUNT: unbound
variable".
- Changes from version 1.15.7:
- Automatically remove obsolete driver versions and other
autopruned refs.
- --socket=inherit-wayland-socket.
- Automatically reload D-Bus session bus configuration after
installing or upgrading apps, to pick up any exported D-Bus
services.
- Don't parse <developer><name/></developer> as the application
name.
- Don't refuse to start apps when there is no D-Bus system bus
available.
- Don't try to repeat migration of apps whose data was migrated
to a new name and then deleted.
- Improve handling of mixed locales on systems with
systemd-localed.
- Improve display of ellipsized columns in wide terminals.
- Make flatpak info -e look for extensions in all
installations.
- Fix warnings from newer GLib versions.
OBS-URL: https://build.opensuse.org/request/show/1169145
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/flatpak?expand=0&rev=194
- Update to version 1.15.6:
+ In distributions that compile Flatpak to use a separate
bubblewrap (bwrap) executable, version 0.8.0 is now required.
+ Enabling the optional Wayland security context feature requires
libwayland-client, wayland-scanner >= 1.15 and
wayland-protocols >= 1.32.
+ Add --device=input, for access to evdev devices in /dev/input
+ Update bundled copy of bubblewrap to version 0.8.0, and rely on
its features:
+ Improve error message if seccomp is disabled in kernel config
+ Security hardening: set user namespace limit to 0, to prevent
creation of nested user namespaces in a more robust way
+ For subsandboxes started by flatpak-portal, inherit
environment variables from the flatpak run that started the
original instance rather than from flatpak-portal, fixing
behaviour of FLATPAK_GL_DRIVERS and similar features
+ Stop http transfers if a download in progress becomes very slow
+ Make it easier to configure extra languages, by picking them up
from AccountsService if configured there
+ Add new flatpak_transaction_add_rebase_and_uninstall() API,
allowing end-of-life apps to be replaced by their intended
replacement more reliably
+ Create a private Wayland socket with the "security context"
extension if available, allowing the compositor to identify
connections from sandboxed apps as belonging to the sandbox
+ Update libglnx to 2023-08-29
+ Use features of newer GLib versions if available
+ Turn off system-level crash reporting infrastructure during
some unit tests that involve intentional assertion failures
+ Add anchors to link to sections of flatpak-metadata
documentation
+ Bug fixes:
- Avoid warnings processing symbolic links with GLib >= 2.77.0,
and with GLib 2.76.0 (GLib 2.76.1 or later silences these
warnings)
- Bypass page cache for backend requests in revokefs, fixing
installation errors with libostree 2023.4
- Show AppStream metadata in flatpak remote-info as intended
- Don't let Flatpak apps inherit VK_DRIVER_FILES or
VK_ICD_FILENAMES from the host system, which would be wrong
for the sandbox
- Fix build failure with prereleases of libappstream 0.17.x
- Forward-compatibility with libappstream 1.0
- Fix installation with Meson if configured with
-Dauto_sideloading=true
- Fix a memory leak
- Fix compiler warnings
- Make the tests fail more comprehensibly if a required tool is
missing
- Clean up /var/tmp/flatpak-cache-* directories on boot
- Don't force GIO_USE_VFS=local for programs launched via
flatpak-spawn
- Clarify documentation for D-Bus name ownership
+ Internal changes:
- Split up large source files into smaller modules, reducing
internal circular dependencies
- Re-synchronize code backported from GLib with the version in
GLib
- Clarify documentation for D-Bus name ownership
- Make the flags used to apply "extra data" clearer
- Use glnx_opendirat() where possible
+ Updated translations.
- Add pkgconfig(wayland-client), pkgconfig(wayland-scanner) and
pkgconfig(wayland-protocols) BuildRequires and pass
with-wayland-security-context=yes to configure: Enable the
optional Wayland security context. (forwarded request 1126468 from iznogood)
OBS-URL: https://build.opensuse.org/request/show/1127339
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/flatpak?expand=0&rev=81
- Update to version 1.15.6:
+ In distributions that compile Flatpak to use a separate
bubblewrap (bwrap) executable, version 0.8.0 is now required.
+ Enabling the optional Wayland security context feature requires
libwayland-client, wayland-scanner >= 1.15 and
wayland-protocols >= 1.32.
+ Add --device=input, for access to evdev devices in /dev/input
+ Update bundled copy of bubblewrap to version 0.8.0, and rely on
its features:
+ Improve error message if seccomp is disabled in kernel config
+ Security hardening: set user namespace limit to 0, to prevent
creation of nested user namespaces in a more robust way
+ For subsandboxes started by flatpak-portal, inherit
environment variables from the flatpak run that started the
original instance rather than from flatpak-portal, fixing
behaviour of FLATPAK_GL_DRIVERS and similar features
+ Stop http transfers if a download in progress becomes very slow
+ Make it easier to configure extra languages, by picking them up
from AccountsService if configured there
+ Add new flatpak_transaction_add_rebase_and_uninstall() API,
allowing end-of-life apps to be replaced by their intended
replacement more reliably
+ Create a private Wayland socket with the "security context"
extension if available, allowing the compositor to identify
connections from sandboxed apps as belonging to the sandbox
+ Update libglnx to 2023-08-29
+ Use features of newer GLib versions if available
+ Turn off system-level crash reporting infrastructure during
some unit tests that involve intentional assertion failures
+ Add anchors to link to sections of flatpak-metadata
documentation
+ Bug fixes:
- Avoid warnings processing symbolic links with GLib >= 2.77.0,
and with GLib 2.76.0 (GLib 2.76.1 or later silences these
warnings)
- Bypass page cache for backend requests in revokefs, fixing
installation errors with libostree 2023.4
- Show AppStream metadata in flatpak remote-info as intended
- Don't let Flatpak apps inherit VK_DRIVER_FILES or
VK_ICD_FILENAMES from the host system, which would be wrong
for the sandbox
- Fix build failure with prereleases of libappstream 0.17.x
- Forward-compatibility with libappstream 1.0
- Fix installation with Meson if configured with
-Dauto_sideloading=true
- Fix a memory leak
- Fix compiler warnings
- Make the tests fail more comprehensibly if a required tool is
missing
- Clean up /var/tmp/flatpak-cache-* directories on boot
- Don't force GIO_USE_VFS=local for programs launched via
flatpak-spawn
- Clarify documentation for D-Bus name ownership
+ Internal changes:
- Split up large source files into smaller modules, reducing
internal circular dependencies
- Re-synchronize code backported from GLib with the version in
GLib
- Clarify documentation for D-Bus name ownership
- Make the flags used to apply "extra data" clearer
- Use glnx_opendirat() where possible
+ Updated translations.
- Add pkgconfig(wayland-client), pkgconfig(wayland-scanner) and
pkgconfig(wayland-protocols) BuildRequires and pass
with-wayland-security-context=yes to configure: Enable the
optional Wayland security context.
OBS-URL: https://build.opensuse.org/request/show/1126468
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/flatpak?expand=0&rev=187
