- Update to version 1.11.3.
* Bug fixes:
* Don't inherit an unusual $XDG_RUNTIME_DIR setting into the sandbox,
fixing a regression introduced when CVE-2021-21261 was fixed in
1.8.5 and 1.10.0
* Update the included copy of bubblewrap (flatpak-bwrap) to 0.5.0
* Better diagnostics when a --bind or other bind-mount fails
* Create non-directories with safer permissions
* Allow mounting an non-directory over an existing non-directory
* Silence kernel messages for our bind-mounts
* Improve ability to bind-mount directories on case-insensitive
filesystems
* Don't ask user which remote to download from if there is only
one option
* Internal changes:
* Improve test coverage
* Spelling fixes
* Translation updates: Brazilian Portuguese, Russian, Spanish, Ukrainian
OBS-URL: https://build.opensuse.org/request/show/914444
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/flatpak?expand=0&rev=144
- Update to version 1.11.2:
+ Bug fixes:
- Fix logic error when migrating AppStream XML
- Improve error-checking
- Fix various memory and file descriptor leaks, in particular
with flatpak-spawn --env=...
- Fix fd confusion in flatpak-spawn --env=... --forward-fd=...,
which caused "Steam Linux Runtime" containers to fail to start
- Avoid a crash when looking up summary for a ref without an arch
- Improve handling of refs belonging to more than one
architecture, e.g. for cross-compilation
- Don't abort uninstall if deploy metadata is missing
- Don't fail transaction if searching for dependencies fails
in one remote
- Fix test failure when running tests as root
- Improve error message for 'sudo flatpak run'
+ Internal changes:
- Improve printf format string validation
- Improve test coverage
- Reduce risk of accidentally hard-coding x86 in the tests
OBS-URL: https://build.opensuse.org/request/show/900724
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/flatpak?expand=0&rev=141
- When SLE uses GNOME desktop environment, GNOME Software is
automatically started to provide key update features. During the
startup, it setups flatpak repository so that related features
can function properly. In a system environment of no flatpak
repository has ever been setup before, this triggers
"org.freedesktop.Flatpak.modify-repo" polkit action.
Therefore in systems which use a restrictive security policy
(eg. SLES) for the aforementioned policy action, a polkit
authentication dialog will pop up without any user interaction
for the first time login. This is not user friendly.
This submission creates /var/lib/flatpak/repo at package
installation to avoid such a confusing authentication pop-up, at
nearly 0 cost of security compromise (bsc#1171822).
OBS-URL: https://build.opensuse.org/request/show/807123
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/flatpak?expand=0&rev=107
- Change %_prefix/lib to %_libexecdir: Makefile installs the file
explicitly into libexecdir. Let's be ready in case this path is
going to change.
- Co-own /usr/lib/systemd/user-environment-generators. We don't
want to forcibly pull in systemd into the buildroot just to own
this directory.
- Update to version 1.6.0:
+ This is the first stable release in the 1.6 series, main
changes since 1.4 is the support for protected content and
improvements in the self-sandboxing support.
+ There is one change in the support for OCI remotes, we now only
support the use of labels, not annotations, as labels work with
more registries. This means pre-existing OCI flatpak registries
(like fedora) may need some changes.
+ New permissions --socket=cups for direct cups access.
+ Fix some leaks.
+ Fix reporting of progress with latest version of ostree.
+ New no-interaction flag for authenticators.
+ Support for auto-installing authenticators from a flatpak
remote.
+ Warn less about unset XDG_DATA_DIRS.
+ Don't poll for updates in the portal when on a metered
connection.
- Modernize spec with current macros.
OBS-URL: https://build.opensuse.org/request/show/760017
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/flatpak?expand=0&rev=91
- Update to verson 1.2.4
This release fixes CVE-2019-10063.
It has been discovered that the previous fix for CVE-2017-5226, which uses
seccomp to prevent sandboxed apps from using the (dangerous) TIOCSTI ioctl
was only incomplete on 64bit arches. This is now fixed.
+ seccomp: Only compare the low 32bit of the TIOCSTI ioctl args.
+ Support multiple nvidia cards on the machine
+ Fix support for systems where XDG_RUNTIME_DIR is /var/run which is a
symlink like gentoo.
+ Fix potential crash when updating apps.
+ flatpak list --arch now works correctly again.
+ Update translations
OBS-URL: https://build.opensuse.org/request/show/689356
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/flatpak?expand=0&rev=71
