| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: flatpak | Distribution: openSUSE Tumbleweed |
| Version: 1.15.10 | Vendor: openSUSE |
| Release: 4.1 | Build date: Tue Oct 15 13:54:41 2024 |
| Group: System/Packages | Build host: reproducible |
| Size: 4875511 | Source RPM: flatpak-1.15.10-4.1.src.rpm |
| Packager: https://bugs.opensuse.org | |
| Url: https://flatpak.github.io/ | |
| Summary: OSTree based application bundles management | |
flatpak is a system for building, distributing and running sandboxed desktop applications on Linux. See https://wiki.gnome.org/Projects/SandboxedApps for more information.
LGPL-2.1-or-later
* Tue Oct 15 2024 Dominique Leuenberger <dimstar@opensuse.org>
- Drop rcFOO symlinks (PED-266).
* Wed Oct 02 2024 Robert Frohl <rfrohl@suse.com>
- Explicitly BuildRequire selinux-policy-targeted to allow
selinux_relabel_* in scriptlets to work on other codestreams
* Wed Aug 14 2024 Bjørn Lie <bjorn.lie@gmail.com>
- Update to version 1.15.10:
+ Dependencies: In distributions that compile Flatpak to use a
separate bubblewrap (bwrap) executable, version 0.10.0 is
required. This version adds a new feature which is required by
the security fix in this release.
+ Security fixes: Don't follow symbolic links when mounting
persistent directories (--persist option). This prevents a
sandbox escape where a malicious or compromised app could edit
the symlink to point to a directory that the app should not
have been allowed to read or write. (CVE-2024-42472,
GHSA-7hgv-f2j8-xw87, bsc#1229157)
+ Documentation: Mark the 1.12.x and 1.10.x branches as
end-of-life
+ Other bug fixes: Fix several memory leaks
+ Internal changes:
- Record a log file when running build-time tests with
AddressSanitizer
- Add initial suppressions file for AddressSanitizer
* Thu Aug 08 2024 Imo Hester <vortex@z-ray.de>
- As per documentation from flatpak 1.0: add weak dep on
p11-kit-server for certificate transfer (boo#1188902)
* Fri Jun 14 2024 pgajdos@suse.com
- remove dependency on /usr/bin/python3 using
%python3_fix_shebang macro, [bsc#1212476]
* Tue Apr 23 2024 Robert Frohl <rfrohl@suse.com>
- disable parental controls for now by using '-Dmalcontent=disabled', to work around
issues with xdg-desktop-portal
* Fri Apr 19 2024 Robert Frohl <rfrohl@suse.com>
- Update to version 1.15.8:
+ Security fixes:
- Don't allow an executable name to be misinterpreted as a
command-line option for bwrap(1). This prevents a sandbox
escape where a malicious or compromised app could ask
xdg-desktop-portal to generate a .desktop file with access to
files outside the sandbox. (CVE-2024-32462, boo#1223110).
+ Other bug fixes:
- Pass the -export-dynamic linker option as
- Wl,-export-dynamic, fixing build failures with clang 18 and
lld 18.
- Fix a double-free when installation is cancelled.
- Fix installed-tests failure with "FUSERMOUNT: unbound
variable".
- Changes from version 1.15.7:
+ New features:
- Automatically remove obsolete driver versions and other
autopruned refs.
- --socket=inherit-wayland-socket.
- Automatically reload D-Bus session bus configuration after
installing or upgrading apps, to pick up any exported D-Bus
services.
+ Bug fixes:
- Don't parse <developer><name/></developer> as the application
name.
- Don't refuse to start apps when there is no D-Bus system bus
available.
- Don't try to repeat migration of apps whose data was migrated
to a new name and then deleted.
- Improve handling of mixed locales on systems with
systemd-localed.
- Improve display of ellipsized columns in wide terminals.
- Make flatpak info -e look for extensions in all
installations.
- Fix warnings from newer GLib versions.
- Always set the container environment variable.
- Always let the app inherit redirected file descriptors.
- In flatpak ps, add xdg-desktop-portal-gnome to the list of
backends we'll use to learn which apps are running in the
background.
- Don't use WAYLAND_SOCKET unless given
- -socket=inherit-wayland-socket.
- Use fusermount3 if compiled with FUSE 3, overridable with
- Dsystem_fusermount compile-time option.
- Avoid leaking a temporary variable from
/etc/profile.d/flatpak.sh into the shell environment.
- Improve async-signal safety.
- Fix various memory leaks.
- Avoid undefined behaviour of signed left-shift when storing
object IDs in a hash table.
- Detect the correct gtk-doc when cross-compiling.
- Detect the correct wayland-scanner when cross-compiling.
- Documentation improvements.
- Skip more tests when FUSE isn't available.
- Updated translations.
- Add libglnx.patch: fix meson function detection.
- Switch build system to meson:
+ Add meson BuildRequires.
+ Switch configure/make_build/make_install macros to
meson/meson_build/meson_install, preserving the configure
parameters as close as possible:
- -disable-silent-rules => obsoleted
- -with-system-bubblewrap => -Dsystem_bubblewrap=bwrap
- -with-curl => -Dhttp_backend=curl
- Add pkgconfig(malcontent-0) BuildRequires: enable malcontent
support.
* Tue Mar 19 2024 Antonio Larrosa <alarrosa@suse.com>
- Make flatpak-remote-flathub only supplement flatpak in TW
(bsc#1221662).
* Thu Mar 07 2024 Antonio Larrosa <alarrosa@suse.com>
- Add a flatpak-selinux subpackage that provides a SELinux policy
module (boo#1220591).
* Tue Nov 14 2023 Bjørn Lie <bjorn.lie@gmail.com>
- Update to version 1.15.6:
+ In distributions that compile Flatpak to use a separate
bubblewrap (bwrap) executable, version 0.8.0 is now required.
+ Enabling the optional Wayland security context feature requires
libwayland-client, wayland-scanner >= 1.15 and
wayland-protocols >= 1.32.
+ Add --device=input, for access to evdev devices in /dev/input
+ Update bundled copy of bubblewrap to version 0.8.0, and rely on
its features:
+ Improve error message if seccomp is disabled in kernel config
+ Security hardening: set user namespace limit to 0, to prevent
creation of nested user namespaces in a more robust way
+ For subsandboxes started by flatpak-portal, inherit
environment variables from the flatpak run that started the
original instance rather than from flatpak-portal, fixing
behaviour of FLATPAK_GL_DRIVERS and similar features
+ Stop http transfers if a download in progress becomes very slow
+ Make it easier to configure extra languages, by picking them up
from AccountsService if configured there
+ Add new flatpak_transaction_add_rebase_and_uninstall() API,
allowing end-of-life apps to be replaced by their intended
replacement more reliably
+ Create a private Wayland socket with the "security context"
extension if available, allowing the compositor to identify
connections from sandboxed apps as belonging to the sandbox
+ Update libglnx to 2023-08-29
+ Use features of newer GLib versions if available
+ Turn off system-level crash reporting infrastructure during
some unit tests that involve intentional assertion failures
+ Add anchors to link to sections of flatpak-metadata
documentation
+ Bug fixes:
- Avoid warnings processing symbolic links with GLib >= 2.77.0,
and with GLib 2.76.0 (GLib 2.76.1 or later silences these
warnings)
- Bypass page cache for backend requests in revokefs, fixing
installation errors with libostree 2023.4
- Show AppStream metadata in flatpak remote-info as intended
- Don't let Flatpak apps inherit VK_DRIVER_FILES or
VK_ICD_FILENAMES from the host system, which would be wrong
for the sandbox
- Fix build failure with prereleases of libappstream 0.17.x
- Forward-compatibility with libappstream 1.0
- Fix installation with Meson if configured with
- Dauto_sideloading=true
- Fix a memory leak
- Fix compiler warnings
- Make the tests fail more comprehensibly if a required tool is
missing
- Clean up /var/tmp/flatpak-cache-* directories on boot
- Don't force GIO_USE_VFS=local for programs launched via
flatpak-spawn
- Clarify documentation for D-Bus name ownership
+ Internal changes:
- Split up large source files into smaller modules, reducing
internal circular dependencies
- Re-synchronize code backported from GLib with the version in
GLib
- Clarify documentation for D-Bus name ownership
- Make the flags used to apply "extra data" clearer
- Use glnx_opendirat() where possible
+ Updated translations.
- Add pkgconfig(wayland-client), pkgconfig(wayland-scanner) and
pkgconfig(wayland-protocols) BuildRequires and pass
with-wayland-security-context=yes to configure: Enable the
optional Wayland security context.
* Wed Aug 02 2023 Luciano Santos <luc14n0@opensuse.org>
- Add update-user-flatpaks service and timer Systemd units - based
on update-system-flatpaks.{service,timer} - to help users keep
their user installed flatpaks up to date.
- Prefix /etc/flatpak/remotes.d/flathub.flatpakrepo with %config
macro to mark it as a configuration file.
* Fri Mar 17 2023 Bjørn Lie <bjorn.lie@gmail.com>
- Update to version 1.15.4 (CVE-2023-28101, CVE-2023-28100):
+ Escape special characters when displaying permissions and
metadata, preventing malicious apps from manipulating the
appearance of the permissions list using crafted metadata
(CVE-2023-28101, bsc#1209410).
+ If a Flatpak app is run on a Linux virtual console (tty1, tty2,
etc.), don't allow copy/paste via the TIOCLINUX ioctl
(CVE-2023-28100, bsc#1209411). Note that this is specific to virtual
consoles: Flatpak is not vulnerable to this if run from a
graphical terminal emulator such as xterm, gnome-terminal or
Konsole.
+ Document the path used for flatpak override.
+ Updated translations.
* Fri Mar 17 2023 Bjørn Lie <bjorn.lie@gmail.com>
- Update to version 1.15.3:
+ Build system: Building this version of Flatpak with Meson is
recommended. The source release flatpak-1.15.3.tar.xz no longer
contains Autotools-generated files, although this version can
still be built using Autotools after running ./autogen.sh.
Future versions are likely to remove the Autotools buildsystem.
+ Bug fixes:
- When splitting an upgrade into two steps (download without
installing, and then upgrade without allowing further
downloads) like GNOME Software does, if an app is marked EOL
and superseded by a replacement, don't remove the superseded
app in the first step, which would result in the replacement
incorrectly not being installed.
- Fix a crash when --socket=gpg-agent is used.
- Fix a crash when listing apps if one of them is broken or
misconfigured.
- If an app has invalid syntax in its overrides or metadata,
mention the filename in the error message.
- Unset $GDK_BACKEND for apps, ensuring GTK apps with
- -socket=fallback-x11 can work.
- Fix a deprecation warning when compiled with curl >= 7.85.
+ Updated translations.
+ Internal changes: Better diagnostic messages for why runtimes
are or are not considered unused.
- Changes from version 1.15.2:
+ Bug fixes:
- Never try to export a parent of reserved directories as a
- -filesystem, for example /run, which would prevent the app
from starting.
- Never try to export a --filesystem below /run/flatpak or
/run/host, which could similarly prevent the app from
starting.
- The above change also fixes apps not starting if a
- -filesystem is a symlink to the root directory.
- Show a warning when the --filesystem exists but cannot be
shared with the sandbox.
- Display the intended messages for flatpak repair.
- Exporting an app to an existing repository on a CIFS
filesystem now works as intended.
- Unset $GIO_EXTRA_MODULES for apps, avoiding misbehaviour in
some GLib apps when set to a path on the host.
- Unset $XKB_CONFIG_ROOT for apps, avoiding crashes in GTK and
Qt apps under Wayland when this variable is set to a path not
available in the sandbox.
- When using the fish shell, avoid duplicate XDG_DATA_DIRS
entries if the profile script is sourced more than once.
- Update included copy of bubblewrap to 0.7.0 for better error
messages.
- Install SELinux files correctly when building with Meson
+ Internal changes:
- Update included copy of libglnx
- flatpak -v now uses the INFO log level, and flatpak -vv uses
the DEBUG log level in the flatpak log domain. Previously,
the extra messages that were logged by flatpak -vv were in a
separate "flatpak2" log domain. G_MESSAGES_DEBUG=flatpak
previously had an effect similar to flatpak -v, and is now
more similar to flatpak -vv.
- Changes from version 1.15.1:
+ Dependencies: When building with Meson, gpgme 1.8.0 is now
required. Older versions can still be used by building with
Autotools.
+ Features: If an old temporary deploy directory was leaked by
versions before #5146, clean it up the next time the same app
is updated.
+ Bug fixes:
- If an app update is blocked by parental controls policies,
clean up the temporary deploy directory.
- Fix Autotools build with versions of gpgme that no longer
provide gpgme-config(1).
- Fix a possible parallel build failure with Meson.
- Fix a compiler warning on 32-bit architectures.
- When building with Autotools, be more consistent about
applying compiler warning flags.
- Unset $TEMP, $TEMPDIR and $TMP for apps, the same as $TMPDIR.
- Treat /efi the same as /boot/efi.
- Changes from version 1.15.0:
+ Build system:
- Flatpak can now be compiled using Meson instead of Autotools.
This requires Meson 0.53.0 or later, and Python 3.5 or later.
- The Autotools build system is likely to be removed during
either the 1.15.x or 1.17.x cycle.
+ New features:
- Allow the modify_ldt system call as part of
- -allow=multiarch. This increases attack surface, but is
required when running 16-bit executables in some versions of
Wine.
- Share gssproxy socket, which acts like a portal for Kerberos
authentication. This lets apps use Kerberos authentication
without needing a sandbox hole.
- Add a httpbackend variable to flatpak.pc, allowing dependent
projects like GNOME Software to detect whether they are
compatible with libflatpak.
+ Bug fixes:
- Terminate the flatpak-session-helper and flatpak-portal
services when the session ends, so that applications will not
inherit outdated Wayland and X11 socket addresses.
- When using fish shell, don't overwrite a previously-set
XDG_DATA_DIRS.
- Don't try to enable HTTP 2 if linked to a libcurl version
that doesn't support it.
- Stop systemd reporting the session-helper as failed when
terminated by a signal.
- Fix a warning when listing a document with no permissions.
- Fix compilation with GLib 2.66.x (as used in Debian 11).
- Fix compilation with GLib 2.58.x (as used in Debian 10).
- Make generated files more reproducible.
+ Internal changes:
- Update project logo in README.
- Update libglnx subproject.
+ Updated translations.
- Add libtool BuildRequires and pass autogen.sh, bootstrapping
build is now needed.
- Add gtk-doc and xmlto BuildRequires and pass enable-documentation
and enable-gtk-doc to configure, building documentation manually.
* Thu Mar 16 2023 Bjørn Lie <bjorn.lie@gmail.com>
- Update to version 1.14.4 (CVE-2023-28101, CVE-2023-28100):
+ Escape special characters when displaying permissions and
metadata, preventing malicious apps from manipulating the
appearance of the permissions list using crafted metadata
(CVE-2023-28101, boo#1209410).
+ If a Flatpak app is run on a Linux virtual console (tty1, tty2,
etc.), don't allow copy/paste via the TIOCLINUX ioctl
(CVE-2023-28100). Note that this is specific to virtual
consoles: Flatpak is not vulnerable to this if run from a
graphical terminal emulator such as xterm, gnome-terminal or
Konsole. (boo#1209411)
+ Updated translations.
* Mon Feb 27 2023 Bjørn Lie <bjorn.lie@gmail.com>
- Update to version 1.14.3:
+ When splitting an upgrade into two steps (download without
installing, and then upgrade without allowing further
downloads) like GNOME Software does, if an app is marked EOL
and superseded by a replacement, don't remove the superseded
app in the first step, which would result in the replacement
incorrectly not being installed.
+ Fix a crash when --socket=gpg-agent is used.
+ Fix a crash when listing apps if one of them is broken or
misconfigured.
+ If an app has invalid syntax in its overrides or metadata,
mention the filename in the error message.
+ Unset $GDK_BACKEND for apps, ensuring GTK apps with
- -socket=fallback-x11 can work.
+ Never try to export a parent of reserved directories as a
- -filesystem, for example /run, which would prevent the app
from starting.
+ Never try to export a --filesystem below /run/flatpak or
/run/host, which could similarly prevent the app from starting.
+ The above change also fixes apps not starting if a --filesystem
is a symlink to the root directory.
+ Show a warning when the --filesystem exists but cannot be
shared with the sandbox.
- Drop flatpak-fix-gpg-agent-double-free.patch: Fixed upstream.
* Thu Feb 23 2023 Alynx Zhou <alynx.zhou@suse.com>
- Add flatpak-fix-gpg-agent-double-free.patch: stdout stream of a
subprocess is owned by the subprocess, not the caller, so don't
use g_autoptr for it to prevent double free (bsc#1207434).
* Mon Feb 06 2023 Bjørn Lie <bjorn.lie@gmail.com>
- Update to version 1.14.2:
+ The INFO log level is now treated the same as the DEBUG log
level by flatpak -v, to make backports from 1.15.x simpler.
+ Bug fixes:
- Display the intended messages for flatpak repair.
- Exporting an app to an existing repository on a CIFS
filesystem now works as intended.
- Unset $GIO_EXTRA_MODULES for apps, avoiding misbehaviour in
some GLib apps when set to a path on the host.
- Unset $XKB_CONFIG_ROOT for apps, avoiding crashes in GTK and
Qt apps under Wayland when this variable is set to a path not
available in the sandbox.
- Unset $KRB5CCNAME for apps.
- When using the fish shell, avoid duplicate XDG_DATA_DIRS
entries if the profile script is sourced more than once.
- Package flatpak-remote-flathub sub-package as noarch.
* Wed Jan 11 2023 Antonio Larrosa <alarrosa@suse.com>
- Fix the "Requires" version of bubblewrap to be the same as
"BuildRequires" (>= 0.5.0).
- Use a macro to define the versions required of bubblewrap,
ostree and xdg_dbus_proxy to avoid having the same issue in
the future again.
* Fri Nov 18 2022 Bjørn Lie <bjorn.lie@gmail.com>
- Update to version 1.14.1:
+ New features: Add a httpbackend variable to flatpak.pc,
allowing dependent projects like GNOME Software to detect
whether they are compatible with libflatpak.
+ Bugs fixed:
- Terminate the flatpak-session-helper and flatpak-portal
services when the session ends, so that applications will not
inherit outdated Wayland and X11 socket addresses.
- When using fish shell, don't overwrite a previously-set
XDG_DATA_DIRS.
- Don't try to enable HTTP 2 if linked to a libcurl version
that doesn't support it.
- Stop systemd reporting the session-helper as failed when
terminated by a signal.
- Fix a warning when listing a document with no permissions.
- Fix compilation with GLib 2.66.x (as used in Debian 11).
- Fix compilation with GLib 2.58.x (as used in Debian 10).
- Fix a compiler warning on 32-bit architectures.
- If an app update is blocked by parental controls policies,
clean up the temporary deploy directory.
- Fix Autotools build with versions of gpgme that no longer
provide gpgme-config(1).
- When building with Autotools, be more consistent about
applying compiler warning flags.
- Unset $TEMP, $TEMPDIR and $TMP for apps, the same as $TMPDIR.
- Treat /efi the same as /boot/efi.
- Make generated files more reproducible.
+ Updated translations.
* Sun Nov 13 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Add and recommend a package flatpak-remote-flathub which adds
the Flathub repository (boo#1186315)
* Thu Sep 01 2022 Bjørn Lie <bjorn.lie@gmail.com>
- Drop pkgconfig(libsoup-2.4) BuildRequires: rely on the curl
backend. Following this, pass --with-curl to configure.
- Add pkgconfig(libxml-2.0) BuildRequires, exsisting dependency,
previously pulled in by libsoup.
* Tue Aug 30 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Update to version 1.14.0:
+ Improved support for sideloading.
+ Allow sub-sandboxes to own MPRIS names on the session bus.
+ Commands that accept "--user" will now also take "-u" as an alias
for that.
+ The CLI now properly informs the user of which apps are
(indirectly) using end-of-life runtime extensions in end-of-life
info messages.
+ The CLI now takes into account operations in the pending
transaction when printing end-of-life messages.
+ The uninstall command now asks for confirmation before removing
in-use runtimes or runtime extensions.
+ A "--socket=gpg-agent" option is now recognized by "flatpak run"
and related commands.
+ Curl supported as default HTTP backend.
+ Uses Fuse 3.
+ Implement support for rewriting dynamic launchers when an app
is renamed.
+ Add --include-sdk/debug options to install command to install
SDK/debuginfo along with a ref.
+ defense in depth against arbitrary file deletion by
flatpak-system-helper when using very old libostree
(boo#1202639).
+ Updated translations.
- Replace pkgconfig(fuse) BuildRequires with pkgconfig(fuse3):
Follow upstreams port to fuse3.
- Add pkgconfig(libcurl) BuildRequires: enable the new HTTP
backend.
- Drop gtk-doc BuildRequires and no longer pass --enable-gtk-doc to
configure: no longer supported.
- Drop libtool BuildRequires: no need to bootstrap the tarball.
- Replace pkgconfig(appstream-glib) BuildRequires with
pkgconfig(appstream): match what configure checks for.
- Add pkgconfig(gdk-pixbuf-2.0): verified dependency that was
implicitly included by appstream-glib before.
* Fri Jul 15 2022 Benjamin Greiner <code@bnavigator.de>
- variant-schema-compiler requires the Python module pyparsing
* Sun Jul 03 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Correct Supplements for flatpak-zsh-completion boo#1201113
- package LICENSE file in every package
- make flatpak-zsh-completion and system-user-flatpak noarch
- add update-system-flatpaks timer that updates installed flatpaks
daily if enabled
* Tue Mar 15 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Update to version 1.12.7:
+ allow networked access to X11 and PulseAudio services if that
is configured, and the application has network access
+ Absolute paths in WAYLAND_DISPLAY now work
+ Allow apps that were built with Flatpak 1.13.x to export
AppStream metadata in share/metainfo
+ Most commands now work if /var/lib/flatpak exists but
/var/lib/flatpak/repo does not, and will automatically populate
the repo directory if possible
+ Consistently pass relative subpaths to libostree, working
around a bug in libostree < 2021.6 when used with GLib >= 2.71
+ Fix some memory leaks in GVariant data processing
* Tue Feb 22 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Update to version 1.12.6:
+ Fix a bug that sometimes caused repo corruption in case
downloads are interrupted or canceled, necessitating a
"flatpak repair" to recover
+ More reliably detect the GTK theme
+ Fix history command unit test in some edge cases
+ Updated translations.
* Sun Feb 13 2022 Dirk Müller <dmueller@suse.com>
- drop apparently unused libdwarf buildrequires
* Fri Feb 11 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Update to version 1.12.5:
+ Detect and remove left-over data from
/var/lib/flatpak/appstream
+ Fix display bugs in flatpak history
+ Don't set up an unnecessary polkit agent for flatpak history
+ Don't propagate GStreamer-related environment variables into
sandbox
+ Updated translations.
* Tue Jan 18 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Update to 1.12.4:
+ reverting non-backwards-compatible behaviour changes in the
solution previously chosen for CVE-2022-21682 (boo#1194611)
Fix will be in flatpak-builder 1.2.2.
+ Clarify documentation of --nofilesystem
+ Improve unit test coverage around --filesystem and
- -nofilesystem
+ Restore compatibility with older appstream-glib versions,
fixing a regression in 1.12.3
* Wed Jan 12 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Update to 1.12.3:
+ CVE-2021-43860: a malicious repository could have sent invalid
application metadata in a way that hides some of the app
permissions displayed during installation (boo#1194610)
+ CVE-2022-21682: flatpak-builder could allow
- -mirror-screenshots-url commands to create directories outside
of the build directory (boo#1194611)
+ Extra-data downloading now properly handles compressed
content-encodings which fixes checksum verification
+ Note: In some corner case server setups this may require the
extra-data checksum to be changed
+ Avoid unnecessary policy-kit dialog due to auto-pinning when
installing runtimes
+ Better handling of updates of extensions that exist in multiple
repositories
+ Fixed (initial) installation apps with renamed ids
+ Fixed regression in updates from no-enumerate remotes
+ We now verify checksums of summary caches, to better handle
local file corruption
+ Improved cli output for non-terminal targets
+ Flatpak run --session-bus now works
+ Fix build with PyParsing >= 3.0.4
+ Fixed "Since" annotations on FlatpakTransaction signals
+ bash auto completion now doesn't complete on command name
aliases
+ Minor improvements to the search command
+ Minor improvements to the list command
+ Minor improvements to the repair command
+ Add more tests
+ Updated translations.
- Drop support-new-pyparsing.patch: Fixed upstream.
* Thu Dec 09 2021 Steve Kowalik <steven.kowalik@suse.com>
- Add patch support-new-pyparsing.patch:
* Support pyparsing >= 3.0.4.
* Wed Oct 13 2021 Andreas Stieger <andreas.stieger@gmx.de>
- Update to 1.12.2:
+ Install translations referenced by LANG, LANGUAGE or LC_ALL
+ Fix error handling for the syscalls that are blocked when not
using --devel
+ Improve diagnostic messages when seccomp rules cannot be
applied
+ Updated translations.
* Sat Oct 09 2021 Bjørn Lie <bjorn.lie@gmail.com>
- Update to version 1.12.1:
+ The security fix in the 1.12.0 release failed when used with
some older versions of libseccomp (that don't know about the
new syscalls).
* Fri Oct 08 2021 Bjørn Lie <bjorn.lie@gmail.com>
- Update to version 1.12.0:
+ This is the first stable release in the 1.12.x series. The
major changes in this series is the support for better control
of sub-sandboxes, as used by the steam flatpak.
+ In addition, this release fixes a security vulnerability in the
portal support. Some recently added syscalls were not blocked
by the seccomp rules which allowed the application to create
sub-sandboxes which can confuse the sandboxing verification
mechanisms of the portal. This has been fixed by extending the
seccomp rules (boo#1191507, CVE-2021-41133)
+ Some test fixes
+ Support for specifying the flatpak binary to use during exports
+ Install translations for all languages in the locale, not just
the ones in LC_MESSAGES.
+ Fix progress reporting in flatpak fsck
+ Handle cases where /var/tmp is a symlink
+ Expose /etc/gai.conf to the sandbox
+ Fix the parental control checks for root
+ Handle missing /etc/ld.so.cache (musl)
+ Updated translations
* Wed Aug 25 2021 andy great <andythe_great@pm.me>
- Update to version 1.11.3.
* Bug fixes:
* Don't inherit an unusual $XDG_RUNTIME_DIR setting into the sandbox,
fixing a regression introduced when CVE-2021-21261 was fixed in
1.8.5 and 1.10.0
* Update the included copy of bubblewrap (flatpak-bwrap) to 0.5.0
* Better diagnostics when a --bind or other bind-mount fails
* Create non-directories with safer permissions
* Allow mounting an non-directory over an existing non-directory
* Silence kernel messages for our bind-mounts
* Improve ability to bind-mount directories on case-insensitive
filesystems
* Don't ask user which remote to download from if there is only
one option
* Internal changes:
* Improve test coverage
* Spelling fixes
* Translation updates: Brazilian Portuguese, Russian, Spanish, Ukrainian
* Fri Jun 18 2021 Callum Farmer <gmbr3@opensuse.org>
- Add now working CONFIG parameter to sysusers generator
* Fri Jun 18 2021 Paolo Stivanin <info@paolostivanin.com>
- Update to version 1.11.2:
+ Bug fixes:
- Fix logic error when migrating AppStream XML
- Improve error-checking
- Fix various memory and file descriptor leaks, in particular
with flatpak-spawn --env=...
- Fix fd confusion in flatpak-spawn --env=... --forward-fd=...,
which caused "Steam Linux Runtime" containers to fail to start
- Avoid a crash when looking up summary for a ref without an arch
- Improve handling of refs belonging to more than one
architecture, e.g. for cross-compilation
- Don't abort uninstall if deploy metadata is missing
- Don't fail transaction if searching for dependencies fails
in one remote
- Fix test failure when running tests as root
- Improve error message for 'sudo flatpak run'
+ Internal changes:
- Improve printf format string validation
- Improve test coverage
- Reduce risk of accidentally hard-coding x86 in the tests
* Tue Apr 27 2021 Antonio Larrosa <alarrosa@suse.com>
- Update to version 1.11.1:
+ New features:
- All instances of the same app-ID share their /tmp directory
- All instances of the same app-ID share their $XDG_RUNTIME_DIR
- Instances of the same app-ID can optionally share their
/dev/shm directory (enabled by a new --allow flag,
- -allow=per-app-dev-shm)
- Allow a subsandbox to have a different /usr and/or /app.
- Steam will use this to launch games with its own container
runtime as /usr (the "Steam Linux Runtime" mechanism).
- enter: Improve support for TUI programs like gdb
- build-update-repo: Add a higher-performance reimplementation
of ostree prune specialized for archive-mode repositories
+ Bug fixes:
- Fix deploys of local remotes in system-helper
- Fix test failures on non-x86_64 systems
- Fix two intermittent test failures
- Make polkit queries non-interactive when operating in
non-interactive mode
- Use a local main-context when using libsoup in a thread
- create-usb: Skip copying extra-data flatpaks
- OCI: Switch to pax-format tar archives
- history: Handle transaction log entries with empty REF field
- portal: Fix flatpak-spawn --clear-env on OSs where flatpak
is not on the fallback PATH, such as NixOS
- Fix various issues detected by scan-build
+ Internal changes:
- Use GNU bison to build parse-datetime.y
- Add information about security support and security
vulnerability reporting (see SECURITY.md)
- Move all git submodules into subprojects/ directory
- Several sockets are now created in /run/flatpak in the
sandbox, with symbolic links in $XDG_RUNTIME_DIR
* Wed Mar 10 2021 Antonio Larrosa <alarrosa@suse.com>
- Update to version 1.10.2:
+ This is a security update which fixes a potential attack where
a flatpak application could use custom formated .desktop files
to gain access to files on the host system.
+ Fix memory leaks
+ Some test fixes
+ Documentation updates
+ G_BEGIN/END_DECLS added to library headders for c++ use
+ Fix for X11 cookies on OpenSUSE
+ Spawn portal better handles non-utf8 filenames
* Thu Jan 28 2021 Antonio Larrosa <alarrosa@suse.com>
- Flatpak only requires glib 2.44, not 2.60
- Update ostree version required to 2020.8
* Sun Jan 24 2021 Andreas Stieger <andreas.stieger@gmx.de>
- Update to version 1.10.1:
+ Fix flatpak build on systems with setuid bwrap
+ Fix some compiler warnings
+ Fix crash on updating apps with no deploy data
+ Updated translations.
- Remove deprecated texinfo packaging macros.
- Switch to upstream release tarball.
* Fri Jan 15 2021 Bjørn Lie <bjorn.lie@gmail.com>
- Update to version 1.10.0:
+ The major new feature in this series compared to 1.8 is the
support for the new repo format which should make updates
faster and download less data.
+ The systemd generator snippets now call flatpak
- -print-updated-env in place of a bunch of shell for better
login performance.
+ The .profile snippets now disable GVfs when calling flatpak to
avoid spawning a gvfs daemon when logging in via ssh.
+ Build fixes for GCC 11.
+ Flatpak now finds the pulseaudio sockets better in uncommon
configurations.
+ Sandboxes with network access it now also has access to the
systemd-resolved socket to do dns lookups.
+ Flatpak supports unsetting env vars in the sandbox using
- -unset-env, and --env=FOO= now sets FOO to the empty string
instead of unsetting it.
+ Similarly the spawn portal has an option to unset an env var.
+ The spawn portal now has an option to share the pid namespace
with the sub-sandbox.
* Fri Jan 15 2021 Bjørn Lie <bjorn.lie@gmail.com>
- Update to version 1.8.5 (CVE-2021-21261):
+ This is a security update that fixes a sandbox escape where a
malicious application can execute code outside the sandbox by
controlling the environment of the "flatpak run" command when
spawning a sub-sandbox (boo#1180996)
* Thu Jan 07 2021 Bjørn Lie <bjorn.lie@gmail.com>
- Update to version 1.8.4:
+ Fix support for ppc64.
/etc/flatpak /etc/flatpak/remotes.d /etc/profile.d/flatpak.csh /etc/profile.d/flatpak.sh /usr/bin/flatpak /usr/lib/systemd/system-environment-generators/60-flatpak-system-only /usr/lib/systemd/system/flatpak-system-helper.service /usr/lib/systemd/system/update-system-flatpaks.service /usr/lib/systemd/system/update-system-flatpaks.timer /usr/lib/systemd/user-environment-generators /usr/lib/systemd/user-environment-generators/60-flatpak /usr/lib/systemd/user/flatpak-oci-authenticator.service /usr/lib/systemd/user/flatpak-portal.service /usr/lib/systemd/user/flatpak-session-helper.service /usr/lib/systemd/user/update-user-flatpaks.service /usr/lib/systemd/user/update-user-flatpaks.timer /usr/lib/tmpfiles.d/flatpak.conf /usr/libexec/flatpak-oci-authenticator /usr/libexec/flatpak-portal /usr/libexec/flatpak-session-helper /usr/libexec/flatpak-system-helper /usr/libexec/flatpak-validate-icon /usr/libexec/revokefs-fuse /usr/share/bash-completion/completions/flatpak /usr/share/dbus-1 /usr/share/dbus-1/interfaces /usr/share/dbus-1/interfaces/org.freedesktop.Flatpak.Authenticator.xml /usr/share/dbus-1/interfaces/org.freedesktop.Flatpak.xml /usr/share/dbus-1/interfaces/org.freedesktop.portal.Flatpak.xml /usr/share/dbus-1/services /usr/share/dbus-1/services/org.flatpak.Authenticator.Oci.service /usr/share/dbus-1/services/org.freedesktop.Flatpak.service /usr/share/dbus-1/services/org.freedesktop.portal.Flatpak.service /usr/share/dbus-1/system-services/org.freedesktop.Flatpak.SystemHelper.service /usr/share/dbus-1/system.d/org.freedesktop.Flatpak.SystemHelper.conf /usr/share/fish /usr/share/fish/vendor_completions.d /usr/share/fish/vendor_completions.d/flatpak.fish /usr/share/fish/vendor_conf.d /usr/share/fish/vendor_conf.d/flatpak.fish /usr/share/flatpak /usr/share/flatpak/triggers /usr/share/flatpak/triggers/desktop-database.trigger /usr/share/flatpak/triggers/gtk-icon-cache.trigger /usr/share/flatpak/triggers/mime-database.trigger /usr/share/licenses/flatpak /usr/share/licenses/flatpak/COPYING /usr/share/locale/cs/LC_MESSAGES/flatpak.mo /usr/share/locale/da/LC_MESSAGES/flatpak.mo /usr/share/locale/de/LC_MESSAGES/flatpak.mo /usr/share/locale/en_GB/LC_MESSAGES/flatpak.mo /usr/share/locale/es/LC_MESSAGES/flatpak.mo /usr/share/locale/fr/LC_MESSAGES/flatpak.mo /usr/share/locale/gl/LC_MESSAGES/flatpak.mo /usr/share/locale/hi/LC_MESSAGES/flatpak.mo /usr/share/locale/hr/LC_MESSAGES/flatpak.mo /usr/share/locale/hu/LC_MESSAGES/flatpak.mo /usr/share/locale/id/LC_MESSAGES/flatpak.mo /usr/share/locale/ka/LC_MESSAGES/flatpak.mo /usr/share/locale/nl/LC_MESSAGES/flatpak.mo /usr/share/locale/oc/LC_MESSAGES/flatpak.mo /usr/share/locale/pl/LC_MESSAGES/flatpak.mo /usr/share/locale/pt/LC_MESSAGES/flatpak.mo /usr/share/locale/pt_BR/LC_MESSAGES/flatpak.mo /usr/share/locale/ro/LC_MESSAGES/flatpak.mo /usr/share/locale/ru/LC_MESSAGES/flatpak.mo /usr/share/locale/sk/LC_MESSAGES/flatpak.mo /usr/share/locale/sv/LC_MESSAGES/flatpak.mo /usr/share/locale/tr/LC_MESSAGES/flatpak.mo /usr/share/locale/uk/LC_MESSAGES/flatpak.mo /usr/share/locale/zh_CN/LC_MESSAGES/flatpak.mo /usr/share/locale/zh_TW/LC_MESSAGES/flatpak.mo /usr/share/man/man1/flatpak-build-bundle.1.gz /usr/share/man/man1/flatpak-build-commit-from.1.gz /usr/share/man/man1/flatpak-build-export.1.gz /usr/share/man/man1/flatpak-build-finish.1.gz /usr/share/man/man1/flatpak-build-import-bundle.1.gz /usr/share/man/man1/flatpak-build-init.1.gz /usr/share/man/man1/flatpak-build-sign.1.gz /usr/share/man/man1/flatpak-build-update-repo.1.gz /usr/share/man/man1/flatpak-build.1.gz /usr/share/man/man1/flatpak-config.1.gz /usr/share/man/man1/flatpak-create-usb.1.gz /usr/share/man/man1/flatpak-document-export.1.gz /usr/share/man/man1/flatpak-document-info.1.gz /usr/share/man/man1/flatpak-document-unexport.1.gz /usr/share/man/man1/flatpak-documents.1.gz /usr/share/man/man1/flatpak-enter.1.gz /usr/share/man/man1/flatpak-history.1.gz /usr/share/man/man1/flatpak-info.1.gz /usr/share/man/man1/flatpak-install.1.gz /usr/share/man/man1/flatpak-kill.1.gz /usr/share/man/man1/flatpak-list.1.gz /usr/share/man/man1/flatpak-make-current.1.gz /usr/share/man/man1/flatpak-mask.1.gz /usr/share/man/man1/flatpak-override.1.gz /usr/share/man/man1/flatpak-permission-remove.1.gz /usr/share/man/man1/flatpak-permission-reset.1.gz /usr/share/man/man1/flatpak-permission-set.1.gz /usr/share/man/man1/flatpak-permission-show.1.gz /usr/share/man/man1/flatpak-permissions.1.gz /usr/share/man/man1/flatpak-pin.1.gz /usr/share/man/man1/flatpak-ps.1.gz /usr/share/man/man1/flatpak-remote-add.1.gz /usr/share/man/man1/flatpak-remote-delete.1.gz /usr/share/man/man1/flatpak-remote-info.1.gz /usr/share/man/man1/flatpak-remote-ls.1.gz /usr/share/man/man1/flatpak-remote-modify.1.gz /usr/share/man/man1/flatpak-remotes.1.gz /usr/share/man/man1/flatpak-repair.1.gz /usr/share/man/man1/flatpak-repo.1.gz /usr/share/man/man1/flatpak-run.1.gz /usr/share/man/man1/flatpak-search.1.gz /usr/share/man/man1/flatpak-spawn.1.gz /usr/share/man/man1/flatpak-uninstall.1.gz /usr/share/man/man1/flatpak-update.1.gz /usr/share/man/man1/flatpak.1.gz /usr/share/man/man5/flatpak-flatpakref.5.gz /usr/share/man/man5/flatpak-flatpakrepo.5.gz /usr/share/man/man5/flatpak-installation.5.gz /usr/share/man/man5/flatpak-metadata.5.gz /usr/share/man/man5/flatpak-remote.5.gz /usr/share/man/man5/flatpakref.5.gz /usr/share/man/man5/flatpakrepo.5.gz /usr/share/polkit-1/actions/org.freedesktop.Flatpak.policy /usr/share/polkit-1/rules.d/60-org.freedesktop.Flatpak.rules /var/lib/flatpak
Generated by rpm2html 1.8.1
Fabrice Bellet, Wed Nov 13 00:41:02 2024