5 changed files with 26 additions and 159 deletions
--- a/flatpak-1.15.8.tar.xz
+++ b/flatpak-1.15.8.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:e89bcf42fd1eb0fadf14c8b5845bc31cb78a2624f3bdc9bcdd007cc75022e4d3
+size 1300484
--- a/flatpak-1.16.0.tar.xz
+++ b/flatpak-1.16.0.tar.xz
--- a/flatpak.changes
+++ b/flatpak.changes
@ -1,150 +1,3 @@
-------------------------------------------------------------------
-Thu Jan  9 17:41:58 UTC 2025 - Bjørn Lie <bjorn.lie@gmail.com>
-
- Update to version 1.16.0:
-  + Bug fixes:
-    - Update libglnx to 2024-12-06:
-      . Fix an assertion failure if creating a parent directory
-        encounters a dangling symlink.
-      . Fix a Meson warning.
-      . Don't emit terminal progress indicator escape sequences by
-        default. They are interpreted as notifications by some
-        terminal emulators.
-    - Fix introspection annotations in libflatpak.
-  + Enhancements:
-    - Add the FLATPAK_TTY_PROGRESS environment variable, which
-      re-enables the terminal progress indicator escape sequences
-      added in 1.15.91.
-    - Document the FLATPAK_FANCY_OUTPUT environment variable, which
-      allows disabling the fancy formatting when outputting to a
-      terminal.
-
-------------------------------------------------------------------
-Fri Dec 20 17:52:37 UTC 2024 - Bjørn Lie <bjorn.lie@gmail.com>
-
- Update to version 1.15.91 (unstable):
-  + Enhancements:
-    - Add the FLATPAK_DATA_DIR environment variable, which allows
-      overriding at runtime the data directory location that
-      Flatpak uses to search for configuration files such as
-      remotes. This is useful for running tests, and for when
-      installing using Flatpak in a chroot.
-    - Add a FLATPAK_DOWNLOAD_TMPDIR variable. This allows using
-      download directories other than /var/tmp.
-    - Emit progress escape sequence. This can be used by terminal
-      emulators to detect and display progress of Flatpak
-      operations on their graphical user interfaces.
-  + Bug fixes:
-    - Install missing test data. This should fix "as-installed"
-      tests via ginsttest-runner, used for example in Debian's
-      autopkgtest framework.
-    - Unify and improve how the Wayland socket is passed to the
-      sandboxed app. This should fix a regression that is triggered
-      by compositors that both implement the security-context-v1
-      protocol, and sets the WAYLAND_DISPLAY environment variable
-      when launching Flatpak apps.
-    - Fix the plural form of a translatable string.
-
-------------------------------------------------------------------
-Thu Nov 28 21:57:18 UTC 2024 - Bjørn Lie <bjorn.lie@gmail.com>
-
- Update to version 1.15.12:
-  + Return to using the process ID of the Flatpak app in the cgroup
-    name. Using the instance ID in 1.15.11 caused crashes when
-    installing apps, extensions or runtimes that use the "extra
-    data" mechanism, which does not set up an instance ID.
- Changes from version 1.15.11:
-  + Dependencies:
-    - In distributions that compile Flatpak to use a separate
-      xdg-dbus-proxy executable, version 0.1.6 is recommended (but
-      not required).
-    - The minimum xdg-dbus-proxy continues to be 0.1.0.
-  + Enhancements:
-    - Allow applications like WebKit to connect the AT-SPI
-      accessibility tree of processes in a sub-sandbox with the
-      tree in the main process.
-      . New sandboxing parameter flatpak run --a11y-own-name, which
-        is like --own-name but for the accessibility bus.
-      . flatpak-portal API v7: add new sandbox-a11y-own-names
-        option, which accepts names matching ${FLATPAK_ID}.*
-      . Apps may call the org.a11y.atspi.Socket.Embedded method on
-        names matching ${FLATPAK_ID}.Sandboxed.* by default
-      . flatpak run -vv $app_id shows all applicable sandboxing
-        parameters and their source, including overrides, as debug
-        messages
-    - Introduce USB device listing
-      . Apps can list which USB devices they want to access ahead
-        of time by using the --usb parameter. Check the manpages
-        for the more information about the accepted syntax.
-      . Denying access to USB devices is also possible with the
-        --no-usb parameter. The syntax is equal to --usb.
-      . Both options merely store metadata, and aren't used by
-        Flatpak itself. This metadata is intended to be used by the
-        (as of now, still in progress) USB portal to decide which
-        devices the app can enumerate and request access.
-    - Add support for KDE search completion
-    - Use the instance id of the Flatpak app as part of the cgroup
-      name. This better matches the naming conventions for cgroup.
-  + Bug fixes:
-    - Update libglnx to 2024-08-23
-    - fix build in environments that use -Werror=return-type, such
-      as openSUSE Tumbleweed
-    - add a fallback definition for G_PID_FORMAT with older GLib
-    - avoid warnings for g_steal_fd() with newer GLib
-    - improve compatibility of g_closefrom() backport with newer
-      GLib
-    - Update meson wrap file for xdg-dbus-proxy to version 0.1.6:
-    - compatibility with D-Bus implementations that pipeline the
-      authentication handshake, such as sd-bus and zbus
-    - compatibility with D-Bus implementations that use
-      non-consecutive serial numbers, such as godbus and zbus
-    - broadcast signals can be allowed without having to add TALK
-      permission
-    - fix memory leaks
-  + Internal changes:
-    - Better const-correctness
-    - Fix a shellcheck warning in the tests
- Drop libglnx.patch: Fixed upstream.
-
-------------------------------------------------------------------
-Tue Oct 15 11:54:41 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>
-
- Drop rcFOO symlinks (PED-266).
-
-------------------------------------------------------------------
-Wed Oct  2 15:16:49 UTC 2024 - Robert Frohl <rfrohl@suse.com>
-
- Explicitly BuildRequire selinux-policy-targeted to allow
-  selinux_relabel_* in scriptlets to work on other codestreams
-
-------------------------------------------------------------------
-Wed Aug 14 16:07:15 UTC 2024 - Bjørn Lie <bjorn.lie@gmail.com>
-
- Update to version 1.15.10:
-  + Dependencies: In distributions that compile Flatpak to use a
-    separate bubblewrap (bwrap) executable, version 0.10.0 is
-    required. This version adds a new feature which is required by
-    the security fix in this release.
-  + Security fixes: Don't follow symbolic links when mounting
-    persistent directories (--persist option). This prevents a
-    sandbox escape where a malicious or compromised app could edit
-    the symlink to point to a directory that the app should not
-    have been allowed to read or write. (CVE-2024-42472,
-    GHSA-7hgv-f2j8-xw87, bsc#1229157)
-  + Documentation: Mark the 1.12.x and 1.10.x branches as
-    end-of-life
-  + Other bug fixes: Fix several memory leaks
-  + Internal changes:
-    - Record a log file when running build-time tests with
-      AddressSanitizer
-    - Add initial suppressions file for AddressSanitizer
-
-------------------------------------------------------------------
-Thu Aug  8 12:33:34 UTC 2024 - Imo Hester <vortex@z-ray.de>
-
- As per documentation from flatpak 1.0: add weak dep on
-  p11-kit-server for certificate transfer (boo#1188902)
-
 -------------------------------------------------------------------
 Fri Jun 14 13:51:38 UTC 2024 - pgajdos@suse.com

--- a/flatpak.spec
+++ b/flatpak.spec
@ -1,7 +1,7 @@
 #
 # spec file for package flatpak
 #
-# Copyright (c) 2025 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -18,7 +18,7 @@

 %global selinuxtype targeted
 %define libname libflatpak0
-%define bubblewrap_version 0.10.0
+%define bubblewrap_version 0.8.0
 %define ostree_version 2020.8
 %define xdg_dbus_proxy_version 0.1.0

@ -35,7 +35,7 @@
 %define support_environment_generators 1
 %endif
 Name:           flatpak
-Version:        1.16.0
+Version:        1.15.8
 Release:        0
 Summary:        OSTree based application bundles management
 License:        LGPL-2.1-or-later
@ -49,6 +49,8 @@ Source4:        update-user-flatpaks.timer
 Source5:        https://flathub.org/repo/flathub.flatpakrepo
 # PATCH-FEATURE-OPENSUSE polkit_rules_usability.patch -- Make the rules comply with openSUSE expectations
 Patch0:         polkit_rules_usability.patch
+# PATCH-FIX-UPSTREAM libglnx.patch https://gitlab.gnome.org/GNOME/libglnx/-/merge_requests/57
+Patch1:         libglnx.patch

 BuildRequires:  bison
 BuildRequires:  bubblewrap >= %{bubblewrap_version}
@ -62,7 +64,6 @@ BuildRequires:  libtool
 BuildRequires:  meson
 BuildRequires:  pkgconfig
 BuildRequires:  python3-pyparsing
-BuildRequires:  selinux-policy-%{selinuxtype}
 BuildRequires:  selinux-policy-devel
 BuildRequires:  systemd-rpm-macros
 BuildRequires:  sysuser-tools
@ -100,8 +101,6 @@ Requires:       xdg-dbus-proxy >= %{xdg_dbus_proxy_version}
 Requires:       xdg-desktop-portal >= 0.10
 Requires:       (flatpak-selinux = %{version} if selinux-policy-%{selinuxtype})
 Requires:       user(flatpak)
-# as per documentation from flatpak 1.0: add weak dep on p11-kit-server for certificate transfer
-Recommends:     p11-kit-server
 # Remove after openSUSE Leap 42 is out of scope
 Provides:       xdg-app = %{version}
 Obsoletes:      xdg-app < %{version}
@ -167,8 +166,8 @@ more information.
 Summary:        Add Flathub repository to system flatpak
 Group:          System/Packages
 Requires:       flatpak
-Requires(postun): flatpak
-Requires(postun): sed
+Requires(postun):flatpak
+Requires(postun):sed
 %if 0%{?suse_version} > 1600
 Supplements:    flatpak
 %endif
@ -230,6 +229,8 @@ sed -i -e '1s,#!%{_bindir}/env python3,#!%{_bindir}/python3,' scripts/flatpak-*
 %install
 %meson_install
 find %{buildroot} -type f -name "*.la" -delete -print
+mkdir -p %{buildroot}%{_sbindir}
+ln -s service %{buildroot}%{_sbindir}/rcflatpak-system-helper
 # add a 60- prefix to the rules file, otherwise it is not effective, because
 # /etc/polkit-1/rules.d/90-default-privs.rules is executed first and if no
 # polkit-default-privs rule grants access then an explicit reject is the
@ -340,12 +341,12 @@ fi;
 %{_mandir}/man5/flatpak-remote.5%{?ext_man}
 %{_datadir}/%{name}/
 %config %{_sysconfdir}/profile.d/flatpak.sh
-%config %{_sysconfdir}/profile.d/flatpak.csh
 %dir %{_sysconfdir}/flatpak
 %dir %{_sysconfdir}/flatpak/remotes.d
 %{_unitdir}/flatpak-system-helper.service
 %{_unitdir}/update-system-flatpaks.{service,timer}
 %{_userunitdir}/update-user-flatpaks.{service,timer}
+%{_sbindir}/rcflatpak-system-helper
 %{_userunitdir}/flatpak-session-helper.service
 %{_userunitdir}/flatpak-portal.service
 %ghost %dir %{_localstatedir}/lib/flatpak
--- a/libglnx.patch
+++ b/libglnx.patch
@ -0,0 +1,13 @@
+Index: flatpak-1.15.8/subprojects/libglnx/meson.build
+===================================================================
+--- flatpak-1.15.8.orig/subprojects/libglnx/meson.build
+++ flatpak-1.15.8/subprojects/libglnx/meson.build
+@@ -40,7 +40,7 @@ foreach check_function : check_functions
+     #include <linux/random.h>
+     #include <sys/mman.h>
+ 
+-    int func (void) {
+    void func (void) {
+       (void) ''' + check_function + ''';
+     }
+     ''',