- Update to version 1.15.6:
+ In distributions that compile Flatpak to use a separate
bubblewrap (bwrap) executable, version 0.8.0 is now required.
+ Enabling the optional Wayland security context feature requires
libwayland-client, wayland-scanner >= 1.15 and
wayland-protocols >= 1.32.
+ Add --device=input, for access to evdev devices in /dev/input
+ Update bundled copy of bubblewrap to version 0.8.0, and rely on
its features:
+ Improve error message if seccomp is disabled in kernel config
+ Security hardening: set user namespace limit to 0, to prevent
creation of nested user namespaces in a more robust way
+ For subsandboxes started by flatpak-portal, inherit
environment variables from the flatpak run that started the
original instance rather than from flatpak-portal, fixing
behaviour of FLATPAK_GL_DRIVERS and similar features
+ Stop http transfers if a download in progress becomes very slow
+ Make it easier to configure extra languages, by picking them up
from AccountsService if configured there
+ Add new flatpak_transaction_add_rebase_and_uninstall() API,
allowing end-of-life apps to be replaced by their intended
replacement more reliably
+ Create a private Wayland socket with the "security context"
extension if available, allowing the compositor to identify
connections from sandboxed apps as belonging to the sandbox
+ Update libglnx to 2023-08-29
+ Use features of newer GLib versions if available
+ Turn off system-level crash reporting infrastructure during
some unit tests that involve intentional assertion failures
+ Add anchors to link to sections of flatpak-metadata
documentation
+ Bug fixes:
- Avoid warnings processing symbolic links with GLib >= 2.77.0,
and with GLib 2.76.0 (GLib 2.76.1 or later silences these
warnings)
- Bypass page cache for backend requests in revokefs, fixing
installation errors with libostree 2023.4
- Show AppStream metadata in flatpak remote-info as intended
- Don't let Flatpak apps inherit VK_DRIVER_FILES or
VK_ICD_FILENAMES from the host system, which would be wrong
for the sandbox
- Fix build failure with prereleases of libappstream 0.17.x
- Forward-compatibility with libappstream 1.0
- Fix installation with Meson if configured with
-Dauto_sideloading=true
- Fix a memory leak
- Fix compiler warnings
- Make the tests fail more comprehensibly if a required tool is
missing
- Clean up /var/tmp/flatpak-cache-* directories on boot
- Don't force GIO_USE_VFS=local for programs launched via
flatpak-spawn
- Clarify documentation for D-Bus name ownership
+ Internal changes:
- Split up large source files into smaller modules, reducing
internal circular dependencies
- Re-synchronize code backported from GLib with the version in
GLib
- Clarify documentation for D-Bus name ownership
- Make the flags used to apply "extra data" clearer
- Use glnx_opendirat() where possible
+ Updated translations.
- Add pkgconfig(wayland-client), pkgconfig(wayland-scanner) and
pkgconfig(wayland-protocols) BuildRequires and pass
with-wayland-security-context=yes to configure: Enable the
optional Wayland security context.
OBS-URL: https://build.opensuse.org/request/show/1126468
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/flatpak?expand=0&rev=187
+ Allow sub-sandboxes to own MPRIS names on the session bus.
for that.
info messages.
transaction when printing end-of-life messages.
in-use runtimes or runtime extensions.
and related commands.
+ Curl supported as default HTTP backend.
+ Uses Fuse 3.
is renamed.
SDK/debuginfo along with a ref.
+ defense in depth against arbitrary file deletion by
flatpak-system-helper when using very old libostree
(boo#1202639).
+ Updated translations.
- Replace pkgconfig(fuse) BuildRequires with pkgconfig(fuse3):
Follow upstreams port to fuse3.
- Add pkgconfig(libcurl) BuildRequires: enable the new HTTP
backend.
- Drop gtk-doc BuildRequires and no longer pass --enable-gtk-doc to
configure: no longer supported.
- Drop libtool BuildRequires: no need to bootstrap the tarball.
- Replace pkgconfig(appstream-glib) BuildRequires with
pkgconfig(appstream): match what configure checks for.
- Add pkgconfig(gdk-pixbuf-2.0): verified dependency that was
implicitly included by appstream-glib before.
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/flatpak?expand=0&rev=167
- Update to version 1.11.3.
* Bug fixes:
* Don't inherit an unusual $XDG_RUNTIME_DIR setting into the sandbox,
fixing a regression introduced when CVE-2021-21261 was fixed in
1.8.5 and 1.10.0
* Update the included copy of bubblewrap (flatpak-bwrap) to 0.5.0
* Better diagnostics when a --bind or other bind-mount fails
* Create non-directories with safer permissions
* Allow mounting an non-directory over an existing non-directory
* Silence kernel messages for our bind-mounts
* Improve ability to bind-mount directories on case-insensitive
filesystems
* Don't ask user which remote to download from if there is only
one option
* Internal changes:
* Improve test coverage
* Spelling fixes
* Translation updates: Brazilian Portuguese, Russian, Spanish, Ukrainian
OBS-URL: https://build.opensuse.org/request/show/914444
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/flatpak?expand=0&rev=144
- Update to version 1.11.2:
+ Bug fixes:
- Fix logic error when migrating AppStream XML
- Improve error-checking
- Fix various memory and file descriptor leaks, in particular
with flatpak-spawn --env=...
- Fix fd confusion in flatpak-spawn --env=... --forward-fd=...,
which caused "Steam Linux Runtime" containers to fail to start
- Avoid a crash when looking up summary for a ref without an arch
- Improve handling of refs belonging to more than one
architecture, e.g. for cross-compilation
- Don't abort uninstall if deploy metadata is missing
- Don't fail transaction if searching for dependencies fails
in one remote
- Fix test failure when running tests as root
- Improve error message for 'sudo flatpak run'
+ Internal changes:
- Improve printf format string validation
- Improve test coverage
- Reduce risk of accidentally hard-coding x86 in the tests
OBS-URL: https://build.opensuse.org/request/show/900724
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/flatpak?expand=0&rev=141
