- Added p11-kit-server to fix boo#1221557
After OBS Studio flatpak updating to KDE Runtime 6.6 it was revealed that it no longer could verify SSL certificates. The root cause turned out to be a missing p11-kit-server which on most distributions is installed as recommended along side flatpak (see Fedora).
With this little addition I hope to fix random SSL errors for KDE Runtime 6.6 and newer also for openSUSE Tumbleweed.
As a side note Leap is affected as well by this. Might be worth back porting this patch?
- As per documentation from flatpak 1.0: add weak dep on
p11-kit-server for certificate transfer (boo#1188902) (forwarded request 1192619 from dimstar)
OBS-URL: https://build.opensuse.org/request/show/1192622
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/flatpak?expand=0&rev=87
After OBS Studio flatpak updating to KDE Runtime 6.6 it was revealed that it no longer could verify SSL certificates. The root cause turned out to be a missing p11-kit-server which on most distributions is installed as recommended along side flatpak (see Fedora).
With this little addition I hope to fix random SSL errors for KDE Runtime 6.6 and newer also for openSUSE Tumbleweed.
As a side note Leap is affected as well by this. Might be worth back porting this patch?
- As per documentation from flatpak 1.0: add weak dep on
p11-kit-server for certificate transfer (boo#1188902)
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/flatpak?expand=0&rev=202
- Don't allow an executable name to be misinterpreted as a
command-line option for bwrap(1). This prevents a sandbox
escape where a malicious or compromised app could ask
xdg-desktop-portal to generate a .desktop file with access to
files outside the sandbox. (CVE-2024-32462, boo#1223110).
- Pass the -export-dynamic linker option as
-Wl,-export-dynamic, fixing build failures with clang 18 and
lld 18.
- Fix a double-free when installation is cancelled.
- Fix installed-tests failure with "FUSERMOUNT: unbound
variable".
- Changes from version 1.15.7:
- Automatically remove obsolete driver versions and other
autopruned refs.
- --socket=inherit-wayland-socket.
- Automatically reload D-Bus session bus configuration after
installing or upgrading apps, to pick up any exported D-Bus
services.
- Don't parse <developer><name/></developer> as the application
name.
- Don't refuse to start apps when there is no D-Bus system bus
available.
- Don't try to repeat migration of apps whose data was migrated
to a new name and then deleted.
- Improve handling of mixed locales on systems with
systemd-localed.
- Improve display of ellipsized columns in wide terminals.
- Make flatpak info -e look for extensions in all
installations.
- Fix warnings from newer GLib versions.
OBS-URL: https://build.opensuse.org/request/show/1169145
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/flatpak?expand=0&rev=194
- Update to version 1.15.6:
+ In distributions that compile Flatpak to use a separate
bubblewrap (bwrap) executable, version 0.8.0 is now required.
+ Enabling the optional Wayland security context feature requires
libwayland-client, wayland-scanner >= 1.15 and
wayland-protocols >= 1.32.
+ Add --device=input, for access to evdev devices in /dev/input
+ Update bundled copy of bubblewrap to version 0.8.0, and rely on
its features:
+ Improve error message if seccomp is disabled in kernel config
+ Security hardening: set user namespace limit to 0, to prevent
creation of nested user namespaces in a more robust way
+ For subsandboxes started by flatpak-portal, inherit
environment variables from the flatpak run that started the
original instance rather than from flatpak-portal, fixing
behaviour of FLATPAK_GL_DRIVERS and similar features
+ Stop http transfers if a download in progress becomes very slow
+ Make it easier to configure extra languages, by picking them up
from AccountsService if configured there
+ Add new flatpak_transaction_add_rebase_and_uninstall() API,
allowing end-of-life apps to be replaced by their intended
replacement more reliably
+ Create a private Wayland socket with the "security context"
extension if available, allowing the compositor to identify
connections from sandboxed apps as belonging to the sandbox
+ Update libglnx to 2023-08-29
+ Use features of newer GLib versions if available
+ Turn off system-level crash reporting infrastructure during
some unit tests that involve intentional assertion failures
+ Add anchors to link to sections of flatpak-metadata
documentation
+ Bug fixes:
- Avoid warnings processing symbolic links with GLib >= 2.77.0,
and with GLib 2.76.0 (GLib 2.76.1 or later silences these
warnings)
- Bypass page cache for backend requests in revokefs, fixing
installation errors with libostree 2023.4
- Show AppStream metadata in flatpak remote-info as intended
- Don't let Flatpak apps inherit VK_DRIVER_FILES or
VK_ICD_FILENAMES from the host system, which would be wrong
for the sandbox
- Fix build failure with prereleases of libappstream 0.17.x
- Forward-compatibility with libappstream 1.0
- Fix installation with Meson if configured with
-Dauto_sideloading=true
- Fix a memory leak
- Fix compiler warnings
- Make the tests fail more comprehensibly if a required tool is
missing
- Clean up /var/tmp/flatpak-cache-* directories on boot
- Don't force GIO_USE_VFS=local for programs launched via
flatpak-spawn
- Clarify documentation for D-Bus name ownership
+ Internal changes:
- Split up large source files into smaller modules, reducing
internal circular dependencies
- Re-synchronize code backported from GLib with the version in
GLib
- Clarify documentation for D-Bus name ownership
- Make the flags used to apply "extra data" clearer
- Use glnx_opendirat() where possible
+ Updated translations.
- Add pkgconfig(wayland-client), pkgconfig(wayland-scanner) and
pkgconfig(wayland-protocols) BuildRequires and pass
with-wayland-security-context=yes to configure: Enable the
optional Wayland security context. (forwarded request 1126468 from iznogood)
OBS-URL: https://build.opensuse.org/request/show/1127339
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/flatpak?expand=0&rev=81
- Update to version 1.15.6:
+ In distributions that compile Flatpak to use a separate
bubblewrap (bwrap) executable, version 0.8.0 is now required.
+ Enabling the optional Wayland security context feature requires
libwayland-client, wayland-scanner >= 1.15 and
wayland-protocols >= 1.32.
+ Add --device=input, for access to evdev devices in /dev/input
+ Update bundled copy of bubblewrap to version 0.8.0, and rely on
its features:
+ Improve error message if seccomp is disabled in kernel config
+ Security hardening: set user namespace limit to 0, to prevent
creation of nested user namespaces in a more robust way
+ For subsandboxes started by flatpak-portal, inherit
environment variables from the flatpak run that started the
original instance rather than from flatpak-portal, fixing
behaviour of FLATPAK_GL_DRIVERS and similar features
+ Stop http transfers if a download in progress becomes very slow
+ Make it easier to configure extra languages, by picking them up
from AccountsService if configured there
+ Add new flatpak_transaction_add_rebase_and_uninstall() API,
allowing end-of-life apps to be replaced by their intended
replacement more reliably
+ Create a private Wayland socket with the "security context"
extension if available, allowing the compositor to identify
connections from sandboxed apps as belonging to the sandbox
+ Update libglnx to 2023-08-29
+ Use features of newer GLib versions if available
+ Turn off system-level crash reporting infrastructure during
some unit tests that involve intentional assertion failures
+ Add anchors to link to sections of flatpak-metadata
documentation
+ Bug fixes:
- Avoid warnings processing symbolic links with GLib >= 2.77.0,
and with GLib 2.76.0 (GLib 2.76.1 or later silences these
warnings)
- Bypass page cache for backend requests in revokefs, fixing
installation errors with libostree 2023.4
- Show AppStream metadata in flatpak remote-info as intended
- Don't let Flatpak apps inherit VK_DRIVER_FILES or
VK_ICD_FILENAMES from the host system, which would be wrong
for the sandbox
- Fix build failure with prereleases of libappstream 0.17.x
- Forward-compatibility with libappstream 1.0
- Fix installation with Meson if configured with
-Dauto_sideloading=true
- Fix a memory leak
- Fix compiler warnings
- Make the tests fail more comprehensibly if a required tool is
missing
- Clean up /var/tmp/flatpak-cache-* directories on boot
- Don't force GIO_USE_VFS=local for programs launched via
flatpak-spawn
- Clarify documentation for D-Bus name ownership
+ Internal changes:
- Split up large source files into smaller modules, reducing
internal circular dependencies
- Re-synchronize code backported from GLib with the version in
GLib
- Clarify documentation for D-Bus name ownership
- Make the flags used to apply "extra data" clearer
- Use glnx_opendirat() where possible
+ Updated translations.
- Add pkgconfig(wayland-client), pkgconfig(wayland-scanner) and
pkgconfig(wayland-protocols) BuildRequires and pass
with-wayland-security-context=yes to configure: Enable the
optional Wayland security context.
OBS-URL: https://build.opensuse.org/request/show/1126468
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/flatpak?expand=0&rev=187
+ Allow sub-sandboxes to own MPRIS names on the session bus.
for that.
info messages.
transaction when printing end-of-life messages.
in-use runtimes or runtime extensions.
and related commands.
+ Curl supported as default HTTP backend.
+ Uses Fuse 3.
is renamed.
SDK/debuginfo along with a ref.
+ defense in depth against arbitrary file deletion by
flatpak-system-helper when using very old libostree
(boo#1202639).
+ Updated translations.
- Replace pkgconfig(fuse) BuildRequires with pkgconfig(fuse3):
Follow upstreams port to fuse3.
- Add pkgconfig(libcurl) BuildRequires: enable the new HTTP
backend.
- Drop gtk-doc BuildRequires and no longer pass --enable-gtk-doc to
configure: no longer supported.
- Drop libtool BuildRequires: no need to bootstrap the tarball.
- Replace pkgconfig(appstream-glib) BuildRequires with
pkgconfig(appstream): match what configure checks for.
- Add pkgconfig(gdk-pixbuf-2.0): verified dependency that was
implicitly included by appstream-glib before.
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/flatpak?expand=0&rev=167
- Update to version 1.11.3.
* Bug fixes:
* Don't inherit an unusual $XDG_RUNTIME_DIR setting into the sandbox,
fixing a regression introduced when CVE-2021-21261 was fixed in
1.8.5 and 1.10.0
* Update the included copy of bubblewrap (flatpak-bwrap) to 0.5.0
* Better diagnostics when a --bind or other bind-mount fails
* Create non-directories with safer permissions
* Allow mounting an non-directory over an existing non-directory
* Silence kernel messages for our bind-mounts
* Improve ability to bind-mount directories on case-insensitive
filesystems
* Don't ask user which remote to download from if there is only
one option
* Internal changes:
* Improve test coverage
* Spelling fixes
* Translation updates: Brazilian Portuguese, Russian, Spanish, Ukrainian
OBS-URL: https://build.opensuse.org/request/show/914444
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/flatpak?expand=0&rev=144
- Update to version 1.11.2:
+ Bug fixes:
- Fix logic error when migrating AppStream XML
- Improve error-checking
- Fix various memory and file descriptor leaks, in particular
with flatpak-spawn --env=...
- Fix fd confusion in flatpak-spawn --env=... --forward-fd=...,
which caused "Steam Linux Runtime" containers to fail to start
- Avoid a crash when looking up summary for a ref without an arch
- Improve handling of refs belonging to more than one
architecture, e.g. for cross-compilation
- Don't abort uninstall if deploy metadata is missing
- Don't fail transaction if searching for dependencies fails
in one remote
- Fix test failure when running tests as root
- Improve error message for 'sudo flatpak run'
+ Internal changes:
- Improve printf format string validation
- Improve test coverage
- Reduce risk of accidentally hard-coding x86 in the tests
OBS-URL: https://build.opensuse.org/request/show/900724
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/flatpak?expand=0&rev=141
- When SLE uses GNOME desktop environment, GNOME Software is
automatically started to provide key update features. During the
startup, it setups flatpak repository so that related features
can function properly. In a system environment of no flatpak
repository has ever been setup before, this triggers
"org.freedesktop.Flatpak.modify-repo" polkit action.
Therefore in systems which use a restrictive security policy
(eg. SLES) for the aforementioned policy action, a polkit
authentication dialog will pop up without any user interaction
for the first time login. This is not user friendly.
This submission creates /var/lib/flatpak/repo at package
installation to avoid such a confusing authentication pop-up, at
nearly 0 cost of security compromise (bsc#1171822).
OBS-URL: https://build.opensuse.org/request/show/807123
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/flatpak?expand=0&rev=107
- Change %_prefix/lib to %_libexecdir: Makefile installs the file
explicitly into libexecdir. Let's be ready in case this path is
going to change.
- Co-own /usr/lib/systemd/user-environment-generators. We don't
want to forcibly pull in systemd into the buildroot just to own
this directory.
- Update to version 1.6.0:
+ This is the first stable release in the 1.6 series, main
changes since 1.4 is the support for protected content and
improvements in the self-sandboxing support.
+ There is one change in the support for OCI remotes, we now only
support the use of labels, not annotations, as labels work with
more registries. This means pre-existing OCI flatpak registries
(like fedora) may need some changes.
+ New permissions --socket=cups for direct cups access.
+ Fix some leaks.
+ Fix reporting of progress with latest version of ostree.
+ New no-interaction flag for authenticators.
+ Support for auto-installing authenticators from a flatpak
remote.
+ Warn less about unset XDG_DATA_DIRS.
+ Don't poll for updates in the portal when on a metered
connection.
- Modernize spec with current macros.
OBS-URL: https://build.opensuse.org/request/show/760017
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/flatpak?expand=0&rev=91
- Update to verson 1.2.4 (CVE-2019-10063):
+ It has been discovered that the previous fix for CVE-2017-5226,
which uses seccomp to prevent sandboxed apps from using the
(dangerous) TIOCSTI ioctl was only incomplete on 64bit arches.
This is now fixed.
+ seccomp: Only compare the low 32bit of the TIOCSTI ioctl args.
+ Support multiple nvidia cards on the machine
+ Fix support for systems where XDG_RUNTIME_DIR is /var/run which
is a symlink like gentoo.
+ Fix potential crash when updating apps.
+ flatpak list --arch now works correctly again.
+ Updated translations.
OBS-URL: https://build.opensuse.org/request/show/689362
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/flatpak?expand=0&rev=28
- Update to verson 1.2.4
This release fixes CVE-2019-10063.
It has been discovered that the previous fix for CVE-2017-5226, which uses
seccomp to prevent sandboxed apps from using the (dangerous) TIOCSTI ioctl
was only incomplete on 64bit arches. This is now fixed.
+ seccomp: Only compare the low 32bit of the TIOCSTI ioctl args.
+ Support multiple nvidia cards on the machine
+ Fix support for systems where XDG_RUNTIME_DIR is /var/run which is a
symlink like gentoo.
+ Fix potential crash when updating apps.
+ flatpak list --arch now works correctly again.
+ Update translations
OBS-URL: https://build.opensuse.org/request/show/689356
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/flatpak?expand=0&rev=71
- Update to version 1.2.0:
+ Ensure DeployCollectionID works in flatpakrepo files in all
cases.
+ Don't error out with empty installations in uninstall.
+ Add helper that validates icon files during export.
+ Don't allow root to modify the (non-root) per-user flatpak
installation, as this risks causing problems later.
+ Remove some incorrect warnings from flatpak repair.
+ Allow multiple name segments after prefix when exporting files.
+ Allow specification of ellipsization in --colums options.
+ Handle dates as well as timestamps in appdata
+ Fixed a bug where flatpak remote-delete removed too many refs.
+ Now we use raw terminal mode during a transaction to a avoid
problems with input during the operation causing problems with
escape sequences.
+ Generate a fontconfig directory remapping snippet as will be
needed for newer versions of fontconfig.
+ Support --extra-collection-id in build-commit-from to bind the
commit to multiple collection ids. This is work in progress in
ostree.
- Add pkgconfig(dconf) BuildRequires: New dependency.
+ This release fixes an issue that lets system-wide installed
+ The permissions of the files created by the apply_extra script
is canonicalized and the script itself is run without any
capabilities.
+ Better matching of existing remotes when the local and remote
configuration differs wrt collection ids.
+ New flatpakrepo DeployCollectionID replaces CollectionID, doing
the same thing. It is recommended to use this instead because
OBS-URL: https://build.opensuse.org/request/show/672437
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/flatpak?expand=0&rev=67
- Update to version 1.0.6:
* This release fixes an issue that lets system-wide installed
applications create setuid root files inside their app dir
(somewhere in /var/lib/flatpak/app). Setuid support is disabled
inside flatpaks, so such files are only a risk if the user runs
them manually outside flatpak. Installing a flatpak system-wide
needs root access, so this isn't a privilege elevation for
non-root users.
* The permissions of the files created by the apply_extra script is
canonicalized and the script itself is run without any capabilities.
* Better matching of existing remotes when the local and remote configuration
differs wrt collection ids.
* New flatpakrepo DeployCollectionID replaces CollectionID, doing the
same thing. It is recommended to use this instead because older versions
of flatpak has bugs in the support of collection ids, and this key
will only be respected in versions where it works.
* The X11 socket is now mounted read-only.
- Mark flatpak.sh as %config and move the systemhelper dbus config
file under /usr
- Remove the flatpak-rpmlintrc file that is no longer needed.
- Make polkit_rules_usability.patch effective by adding a 60- prefix
to the rules file. This will cause it to be executed before the (forwarded request 657831 from alarrosa)
OBS-URL: https://build.opensuse.org/request/show/659047
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/flatpak?expand=0&rev=25
- Update to version 1.0.6:
* This release fixes an issue that lets system-wide installed
applications create setuid root files inside their app dir
(somewhere in /var/lib/flatpak/app). Setuid support is disabled
inside flatpaks, so such files are only a risk if the user runs
them manually outside flatpak. Installing a flatpak system-wide
needs root access, so this isn't a privilege elevation for
non-root users.
* The permissions of the files created by the apply_extra script is
canonicalized and the script itself is run without any capabilities.
* Better matching of existing remotes when the local and remote configuration
differs wrt collection ids.
* New flatpakrepo DeployCollectionID replaces CollectionID, doing the
same thing. It is recommended to use this instead because older versions
of flatpak has bugs in the support of collection ids, and this key
will only be respected in versions where it works.
* The X11 socket is now mounted read-only.
- Mark flatpak.sh as %config and move the systemhelper dbus config
file under /usr
- Remove the flatpak-rpmlintrc file that is no longer needed.
- Make polkit_rules_usability.patch effective by adding a 60- prefix
to the rules file. This will cause it to be executed before the
OBS-URL: https://build.opensuse.org/request/show/657831
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/flatpak?expand=0&rev=65
- Update to version 1.0.5:
+ Make the /etc -> /usr/etc bind-mounts read-only.
+ Make various app-specific configuration files read-only.
+ flatpak is more picky about remote names to avoid problems with
storing weird names in the ostree config.
+ A segfault in libflatpak handling of bundles was fixed.
+ Updated translations
+ Fixed a regression in flatpak run that caused problems running
user-installed apps when the system installation was broken.
+ Implicity grant MPRIS2 permissions
- Changes from version 1.0.4:
+ Flatpak 0.99.1 removed the inheritance of permissions from the
runtime due to concerns with dynamic app permissions. Due to
popular requests, this version re-introduces such inheritance,
but does it instead at build time. This solved the issues with
dynamic permissions while still allowing runtimes to have
default permissions. Apps can disable this by passing
--no-inherit-permissions to build-finish.
+ The sandbox now always includes a /etc/timezone file, following
the (old) debian standard for this. This is needed, because the
more modern way of exposing the timezone name by having
/etc/localtime be a symlink into /usr/share/zoneinfo doesn't
work when exposing the host timezone.
+ All apps now have automatic permissions to own their own app id
as a subname of org.mpris.MediaPlayer2.
+ We now properly re-load remote state in FlatpakTransaction if
the metadata was updated for the remote.
+ The signature of the FlatpakTransaction::operation-done signal
was wrong in the header and has now been corrected to the
signature that is actually emitted.
OBS-URL: https://build.opensuse.org/request/show/649033
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/flatpak?expand=0&rev=62
- Add rpmlintrc to ignore files being installed under /etc not
marked as %config (since they're not).
- Don't run "flatpak remote-list --system" on %post anymore since
it's not needed nowadays. Also let /var/lib/flatpak be created on
demand since writing to /var should be avoided for transactional
updates (boo#1111385, fate#325524).
- Update to version 1.0.3:
+ run: You can now use --system to run an app that otherwise
would run the user version.
+ New permission --allow=canbus that filters out access to AF_CAN
sockets.
+ lib: New install flags FLATPAK_INSTALL_FLAGS_NO_TRIGGERS and
new function flatpak_installation_run_triggers()
+ lib: Better error reporting, including some new error values
that replace the generic FAILED.
+ uninstall --unused: Improve handling of which .Locale
extensions are used
+ run: Make flatpak run on systems where $XDG_RUNTIME_DIR
contains a symlink beneath /var (commonly /var/run -> /run).
+ Don't export any desktop/dbus/mimetype files in subdirectories.
+ build-init: We now record the base ref (if used) in the
metadata. Nothing uses this atm, but it can be used by tools.
+ We now respect the upstream ostree.deploy-collection-id instead
of the flatpak-specific xa.collection-id metadata key to decide
whether to switch to collection ids for a remote. This is
useful, because if you use the new one, only new clients (that
support it better) will use it.
+ create-usb: Fix assertion failure in some error cases
OBS-URL: https://build.opensuse.org/request/show/643193
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/flatpak?expand=0&rev=23
- Add rpmlintrc to ignore files being installed under /etc not
marked as %config (since they're not).
- Don't run "flatpak remote-list --system" on %post anymore since
it's not needed nowadays. Also let /var/lib/flatpak be created on
demand since writing to /var should be avoided for transactional
updates (boo#1111385, fate#325524).
- Update to version 1.0.3:
+ run: You can now use --system to run an app that otherwise
would run the user version.
+ New permission --allow=canbus that filters out access to AF_CAN
sockets.
+ lib: New install flags FLATPAK_INSTALL_FLAGS_NO_TRIGGERS and
new function flatpak_installation_run_triggers()
+ lib: Better error reporting, including some new error values
that replace the generic FAILED.
+ uninstall --unused: Improve handling of which .Locale
extensions are used
+ run: Make flatpak run on systems where $XDG_RUNTIME_DIR
contains a symlink beneath /var (commonly /var/run -> /run).
+ Don't export any desktop/dbus/mimetype files in subdirectories.
+ build-init: We now record the base ref (if used) in the
metadata. Nothing uses this atm, but it can be used by tools.
+ We now respect the upstream ostree.deploy-collection-id instead
of the flatpak-specific xa.collection-id metadata key to decide
whether to switch to collection ids for a remote. This is
useful, because if you use the new one, only new clients (that
support it better) will use it.
+ create-usb: Fix assertion failure in some error cases
OBS-URL: https://build.opensuse.org/request/show/643183
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/flatpak?expand=0&rev=59
- polkit_rules_usability.patch: Improve usability by allowing members of the
group 'wheel' to bypass polkit authentication checks when locally logged in
(bnc#984817). This adds a few polkit actions to the rules that are not
covered by upstream, because they are set to 'yes' for active users by
default. On SUSE we require 'auth_admin' for regular users, however.
OBS-URL: https://build.opensuse.org/request/show/624834
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/flatpak?expand=0&rev=53
- Update to version 0.11.7:
* Fix regression in installing .flatpak bundles
- Changes in version 0.11.6:
* Further work on the export filename regression, now also fixes the
same issue as in 0.11.5 but in flatpak build-finish.
* Fix segfault when installing from .flatpakref in gnome-software
* Build yacc parser from source.
* Don't tab-complete Sources/Locale/Debug extension by default.
* Fix tests on debian.
- Changes in version 0.11.5:
* Fix a regression which caused installation of epiphany and
other apps that export multiple .service files to fail.
* Fix appstream updates in p2p mode.
* Don't distribute generated gdbus code with tarball.
* Add documentation for the flatpak portal
- Changes in version 0.11.4:
* flatpak remove is now an alias for flatpak uninstall.
* flatpak uninstall now picks system or user automatically if not specified
* New appstream branch format which is more efficient to distribute, the
old is still generated for backwards compat.
* Appstream data now contains compatible arches (for applications
that doesn't exist for the primary arch). For example, an
i386-only app is now listed in the x86-64 appstream.
* The flatpak version is included in the user agent when downloading.
* The Flatpak-Ref http header is set to the currently installing ref when
downloading.
* New argument --timestamp in build-commit-from.
* When updating many apps we now only prune the local repo when all
updates are done, making multi-app updates faster.
* flatpak build now always allows multiarch use.
* flatpak build now mounts app extensions during build.
* flatpak build-init now supports --extension to add extension points earlier
than build-finish. Also build-finish now supports --remove-extension.
* New flatpak portal allows applications to sandbox themselves and restart a
newer version of themselves.
* New flatpak run options: --no-a11y-bus, --no-documents-portal.
* Initial support for end-of-life:ing applications.
* New option X-Flatpak-RunOptions in exported desktop/files allow you to specify
no-a11y-bus and no-documents-portal.
* Support for tagged extension points, which is useful if you want to use
the same extension id (but maybe different versions) multiple times in an app.
* We now export .service files for names that the app is allowed to own on
the session bus.
* libflatpak got new methods for listing remotes by type.
* libflatpak now has support in FlatpakRemoteRef for getting remote metadata
such as end-of-life, download size, metadata etc.
* There was some internal restructuring on how installs/updates are done
which should improve performance and maintainability.
- Changes in version 0.11.3:
* Fix "open with" and flatpak run --file-forwarding crash
* Fix build with glibc 2.27
- Changes in version 0.11.2:
* Remove fuse dependency, since we don't ship document portal anymore
* Fix various issues with /home being a symlink to /var/home (atomic)
* Allow downgrades when using collection ids
* Search on all supported architectures
- Changes in version 0.11.1:
* Remove document portal and permission store
* Add --socket=fallback-x11 permission
* Fix dbus proxy vulnerability in authentication phase
* Allow personality syscall in devel mode
* commit-from: Migrate static deltas with commit
* Add "network" storage type for installations
* Add flatpak info --show-permissions
* Add flatpak info --file-access
* search: Update appstream (if stale) before searching
* Make libflatpak work when /var/lib/flatpak is empty
* build-bundle: Add --from-commit option
* Allow appstream ids that don't end in .desktop
* Make permission handling ignore unknown permissions for forwards
compatibility
* Removed incorrect error message in update --appdata when there
was no updates
* Fix handling of abort in the duplicate remote prompt
* Fix division by zero in progress calculation
* Fix flatpak remote-info --show-metadata
* Fixed crash when installing some flatpak bundle files
* Fix installation of telegram
* remote-ls -u only considers app from the origin remote
* Fix assertion error in extra-data progress reporting
* Report nicer errors when trying to downgrade as non-root
* pulseaudio: Try to find pulseaudio socket better
* Fixed some warnings reported by coverity
* Cleaned up code by splitting up some large source files (forwarded request 610043 from stawidy)
OBS-URL: https://build.opensuse.org/request/show/610102
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/flatpak?expand=0&rev=18
- Update to version 0.11.7:
* Fix regression in installing .flatpak bundles
- Changes in version 0.11.6:
* Further work on the export filename regression, now also fixes the
same issue as in 0.11.5 but in flatpak build-finish.
* Fix segfault when installing from .flatpakref in gnome-software
* Build yacc parser from source.
* Don't tab-complete Sources/Locale/Debug extension by default.
* Fix tests on debian.
- Changes in version 0.11.5:
* Fix a regression which caused installation of epiphany and
other apps that export multiple .service files to fail.
* Fix appstream updates in p2p mode.
* Don't distribute generated gdbus code with tarball.
* Add documentation for the flatpak portal
- Changes in version 0.11.4:
* flatpak remove is now an alias for flatpak uninstall.
* flatpak uninstall now picks system or user automatically if not specified
* New appstream branch format which is more efficient to distribute, the
old is still generated for backwards compat.
* Appstream data now contains compatible arches (for applications
that doesn't exist for the primary arch). For example, an
i386-only app is now listed in the x86-64 appstream.
* The flatpak version is included in the user agent when downloading.
* The Flatpak-Ref http header is set to the currently installing ref when
downloading.
* New argument --timestamp in build-commit-from.
* When updating many apps we now only prune the local repo when all
updates are done, making multi-app updates faster.
* flatpak build now always allows multiarch use.
* flatpak build now mounts app extensions during build.
* flatpak build-init now supports --extension to add extension points earlier
than build-finish. Also build-finish now supports --remove-extension.
* New flatpak portal allows applications to sandbox themselves and restart a
newer version of themselves.
* New flatpak run options: --no-a11y-bus, --no-documents-portal.
* Initial support for end-of-life:ing applications.
* New option X-Flatpak-RunOptions in exported desktop/files allow you to specify
no-a11y-bus and no-documents-portal.
* Support for tagged extension points, which is useful if you want to use
the same extension id (but maybe different versions) multiple times in an app.
* We now export .service files for names that the app is allowed to own on
the session bus.
* libflatpak got new methods for listing remotes by type.
* libflatpak now has support in FlatpakRemoteRef for getting remote metadata
such as end-of-life, download size, metadata etc.
* There was some internal restructuring on how installs/updates are done
which should improve performance and maintainability.
- Changes in version 0.11.3:
* Fix "open with" and flatpak run --file-forwarding crash
* Fix build with glibc 2.27
- Changes in version 0.11.2:
* Remove fuse dependency, since we don't ship document portal anymore
* Fix various issues with /home being a symlink to /var/home (atomic)
* Allow downgrades when using collection ids
* Search on all supported architectures
- Changes in version 0.11.1:
* Remove document portal and permission store
* Add --socket=fallback-x11 permission
* Fix dbus proxy vulnerability in authentication phase
* Allow personality syscall in devel mode
* commit-from: Migrate static deltas with commit
* Add "network" storage type for installations
* Add flatpak info --show-permissions
* Add flatpak info --file-access
* search: Update appstream (if stale) before searching
* Make libflatpak work when /var/lib/flatpak is empty
* build-bundle: Add --from-commit option
* Allow appstream ids that don't end in .desktop
* Make permission handling ignore unknown permissions for forwards
compatibility
* Removed incorrect error message in update --appdata when there
was no updates
* Fix handling of abort in the duplicate remote prompt
* Fix division by zero in progress calculation
* Fix flatpak remote-info --show-metadata
* Fixed crash when installing some flatpak bundle files
* Fix installation of telegram
* remote-ls -u only considers app from the origin remote
* Fix assertion error in extra-data progress reporting
* Report nicer errors when trying to downgrade as non-root
* pulseaudio: Try to find pulseaudio socket better
* Fixed some warnings reported by coverity
* Cleaned up code by splitting up some large source files
OBS-URL: https://build.opensuse.org/request/show/610043
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/flatpak?expand=0&rev=49
- Update to version 0.10.0:
+ Added the flatpak config option which can set the language
settings.
+ Fix issue where sometimes ld.so.conf were not generated.
+ /dev/mali0 is added to --device=dri.
+ Work around ostree static delta issues in some cases.
- Changes from version 0.9.99:
+ Requires ostree 2017.12 for important pull stability fix.
+ New libflatpak API: flatpak_dir_cleanup_undeployed_refs,
flatpak_installation_prune_local_repo,
flatpak_installation_remove_local_ref_sync,
flatpak_installation_cleanup_local_refs_sync.
+ build: FLATPAK_ID and FLATPAK_ARCH are now set in the
environment when building.
+ update: Don't fail the entire update if some remote fails to
update its metadata.
+ run: /.flatpak-info now lists exact commits and extensions in
use.
+ run: We now use a per-app ld.so.cache file whenn running. This
should speed things up, and allows ldconfig to report the
correct results.
+ The verbose mode was changed into two levels, use -vv to show
the more detailed info, which currently only contains the full
bubblewrap argument lists.
+ run: Some common problematic host environment variables are now
unset in the sandbox (PYTHONPATH, PERLLIB, PERL5LIB and
XCURSOR_PATH).
+ run: Fixed failure when a higher prio extensions depended on a
lower prio one.
+ run: The extension ld path order is now: app extensions, app, (forwarded request 539882 from dimstar)
OBS-URL: https://build.opensuse.org/request/show/544201
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/flatpak?expand=0&rev=12
- Update to version 0.10.0:
+ Added the flatpak config option which can set the language
settings.
+ Fix issue where sometimes ld.so.conf were not generated.
+ /dev/mali0 is added to --device=dri.
+ Work around ostree static delta issues in some cases.
- Changes from version 0.9.99:
+ Requires ostree 2017.12 for important pull stability fix.
+ New libflatpak API: flatpak_dir_cleanup_undeployed_refs,
flatpak_installation_prune_local_repo,
flatpak_installation_remove_local_ref_sync,
flatpak_installation_cleanup_local_refs_sync.
+ build: FLATPAK_ID and FLATPAK_ARCH are now set in the
environment when building.
+ update: Don't fail the entire update if some remote fails to
update its metadata.
+ run: /.flatpak-info now lists exact commits and extensions in
use.
+ run: We now use a per-app ld.so.cache file whenn running. This
should speed things up, and allows ldconfig to report the
correct results.
+ The verbose mode was changed into two levels, use -vv to show
the more detailed info, which currently only contains the full
bubblewrap argument lists.
+ run: Some common problematic host environment variables are now
unset in the sandbox (PYTHONPATH, PERLLIB, PERL5LIB and
XCURSOR_PATH).
+ run: Fixed failure when a higher prio extensions depended on a
lower prio one.
+ run: The extension ld path order is now: app extensions, app,
OBS-URL: https://build.opensuse.org/request/show/539882
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/flatpak?expand=0&rev=32
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
