Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

flatpak-devel-1.15.10-3.1 RPM for s390x

From OpenSuSE Ports Tumbleweed for s390x

Name: flatpak-devel Distribution: openSUSE:Factory:zSystems
Version: 1.15.10 Vendor: openSUSE
Release: 3.1 Build date: Wed Oct 2 17:16:49 2024
Group: Development/Languages/C and C++ Build host: reproducible
Size: 1977903 Source RPM: flatpak-1.15.10-3.1.src.rpm
Packager: https://bugs.opensuse.org
Url: https://flatpak.github.io/
Summary: Development files for the flatpak library
flatpak is a system for building, distributing and running sandboxed desktop
applications on Linux. See https://wiki.gnome.org/Projects/SandboxedApps for
more information.

Provides

Requires

License

LGPL-2.1-or-later

Changelog

* Wed Oct 02 2024 Robert Frohl <rfrohl@suse.com>
  - Explicitly BuildRequire selinux-policy-targeted to allow
    selinux_relabel_* in scriptlets to work on other codestreams
* Wed Aug 14 2024 Bjørn Lie <bjorn.lie@gmail.com>
  - Update to version 1.15.10:
    + Dependencies: In distributions that compile Flatpak to use a
      separate bubblewrap (bwrap) executable, version 0.10.0 is
      required. This version adds a new feature which is required by
      the security fix in this release.
    + Security fixes: Don't follow symbolic links when mounting
      persistent directories (--persist option). This prevents a
      sandbox escape where a malicious or compromised app could edit
      the symlink to point to a directory that the app should not
      have been allowed to read or write. (CVE-2024-42472,
      GHSA-7hgv-f2j8-xw87, bsc#1229157)
    + Documentation: Mark the 1.12.x and 1.10.x branches as
      end-of-life
    + Other bug fixes: Fix several memory leaks
    + Internal changes:
    - Record a log file when running build-time tests with
      AddressSanitizer
    - Add initial suppressions file for AddressSanitizer
* Thu Aug 08 2024 Imo Hester <vortex@z-ray.de>
  - As per documentation from flatpak 1.0: add weak dep on
    p11-kit-server for certificate transfer (boo#1188902)
* Fri Jun 14 2024 pgajdos@suse.com
  - remove dependency on /usr/bin/python3 using
    %python3_fix_shebang macro, [bsc#1212476]
* Tue Apr 23 2024 Robert Frohl <rfrohl@suse.com>
  - disable parental controls for now by using '-Dmalcontent=disabled', to work around
    issues with xdg-desktop-portal
* Fri Apr 19 2024 Robert Frohl <rfrohl@suse.com>
  - Update to version 1.15.8:
    + Security fixes:
    - Don't allow an executable name to be misinterpreted as a
      command-line option for bwrap(1). This prevents a sandbox
      escape where a malicious or compromised app could ask
      xdg-desktop-portal to generate a .desktop file with access to
      files outside the sandbox. (CVE-2024-32462, boo#1223110).
    + Other bug fixes:
    - Pass the -export-dynamic linker option as
    - Wl,-export-dynamic, fixing build failures with clang 18 and
      lld 18.
    - Fix a double-free when installation is cancelled.
    - Fix installed-tests failure with "FUSERMOUNT: unbound
      variable".
  - Changes from version 1.15.7:
    + New features:
    - Automatically remove obsolete driver versions and other
      autopruned refs.
    - --socket=inherit-wayland-socket.
    - Automatically reload D-Bus session bus configuration after
      installing or upgrading apps, to pick up any exported D-Bus
      services.
    + Bug fixes:
    - Don't parse <developer><name/></developer> as the application
      name.
    - Don't refuse to start apps when there is no D-Bus system bus
      available.
    - Don't try to repeat migration of apps whose data was migrated
      to a new name and then deleted.
    - Improve handling of mixed locales on systems with
      systemd-localed.
    - Improve display of ellipsized columns in wide terminals.
    - Make flatpak info -e look for extensions in all
      installations.
    - Fix warnings from newer GLib versions.
    - Always set the container environment variable.
    - Always let the app inherit redirected file descriptors.
    - In flatpak ps, add xdg-desktop-portal-gnome to the list of
      backends we'll use to learn which apps are running in the
      background.
    - Don't use WAYLAND_SOCKET unless given
    - -socket=inherit-wayland-socket.
    - Use fusermount3 if compiled with FUSE 3, overridable with
    - Dsystem_fusermount compile-time option.
    - Avoid leaking a temporary variable from
      /etc/profile.d/flatpak.sh into the shell environment.
    - Improve async-signal safety.
    - Fix various memory leaks.
    - Avoid undefined behaviour of signed left-shift when storing
      object IDs in a hash table.
    - Detect the correct gtk-doc when cross-compiling.
    - Detect the correct wayland-scanner when cross-compiling.
    - Documentation improvements.
    - Skip more tests when FUSE isn't available.
    - Updated translations.
  - Add libglnx.patch: fix meson function detection.
  - Switch build system to meson:
    + Add meson BuildRequires.
    + Switch configure/make_build/make_install macros to
      meson/meson_build/meson_install, preserving the configure
      parameters as close as possible:
    - -disable-silent-rules => obsoleted
    - -with-system-bubblewrap => -Dsystem_bubblewrap=bwrap
    - -with-curl => -Dhttp_backend=curl
  - Add pkgconfig(malcontent-0) BuildRequires: enable malcontent
    support.
* Tue Mar 19 2024 Antonio Larrosa <alarrosa@suse.com>
  - Make flatpak-remote-flathub only supplement flatpak in TW
    (bsc#1221662).
* Thu Mar 07 2024 Antonio Larrosa <alarrosa@suse.com>
  - Add a flatpak-selinux subpackage that provides a SELinux policy
    module (boo#1220591).
* Tue Nov 14 2023 Bjørn Lie <bjorn.lie@gmail.com>
  - Update to version 1.15.6:
    + In distributions that compile Flatpak to use a separate
      bubblewrap (bwrap) executable, version 0.8.0 is now required.
    + Enabling the optional Wayland security context feature requires
      libwayland-client, wayland-scanner >= 1.15 and
      wayland-protocols >= 1.32.
    + Add --device=input, for access to evdev devices in /dev/input
    + Update bundled copy of bubblewrap to version 0.8.0, and rely on
      its features:
    + Improve error message if seccomp is disabled in kernel config
    + Security hardening: set user namespace limit to 0, to prevent
      creation of nested user namespaces in a more robust way
    + For subsandboxes started by flatpak-portal, inherit
      environment variables from the flatpak run that started the
      original instance rather than from flatpak-portal, fixing
      behaviour of FLATPAK_GL_DRIVERS and similar features
    + Stop http transfers if a download in progress becomes very slow
    + Make it easier to configure extra languages, by picking them up
      from AccountsService if configured there
    + Add new flatpak_transaction_add_rebase_and_uninstall() API,
      allowing end-of-life apps to be replaced by their intended
      replacement more reliably
    + Create a private Wayland socket with the "security context"
      extension if available, allowing the compositor to identify
      connections from sandboxed apps as belonging to the sandbox
    + Update libglnx to 2023-08-29
    + Use features of newer GLib versions if available
    + Turn off system-level crash reporting infrastructure during
      some unit tests that involve intentional assertion failures
    + Add anchors to link to sections of flatpak-metadata
      documentation
    + Bug fixes:
    - Avoid warnings processing symbolic links with GLib >= 2.77.0,
      and with GLib 2.76.0 (GLib 2.76.1 or later silences these
      warnings)
    - Bypass page cache for backend requests in revokefs, fixing
      installation errors with libostree 2023.4
    - Show AppStream metadata in flatpak remote-info as intended
    - Don't let Flatpak apps inherit VK_DRIVER_FILES or
      VK_ICD_FILENAMES from the host system, which would be wrong
      for the sandbox
    - Fix build failure with prereleases of libappstream 0.17.x
    - Forward-compatibility with libappstream 1.0
    - Fix installation with Meson if configured with
    - Dauto_sideloading=true
    - Fix a memory leak
    - Fix compiler warnings
    - Make the tests fail more comprehensibly if a required tool is
      missing
    - Clean up /var/tmp/flatpak-cache-* directories on boot
    - Don't force GIO_USE_VFS=local for programs launched via
      flatpak-spawn
    - Clarify documentation for D-Bus name ownership
    + Internal changes:
    - Split up large source files into smaller modules, reducing
      internal circular dependencies
    - Re-synchronize code backported from GLib with the version in
      GLib
    - Clarify documentation for D-Bus name ownership
    - Make the flags used to apply "extra data" clearer
    - Use glnx_opendirat() where possible
    + Updated translations.
  - Add pkgconfig(wayland-client), pkgconfig(wayland-scanner) and
    pkgconfig(wayland-protocols) BuildRequires and pass
    with-wayland-security-context=yes to configure: Enable the
    optional Wayland security context.
* Wed Aug 02 2023 Luciano Santos <luc14n0@opensuse.org>
  - Add update-user-flatpaks service and timer Systemd units - based
    on update-system-flatpaks.{service,timer} - to help users keep
    their user installed flatpaks up to date.
  - Prefix /etc/flatpak/remotes.d/flathub.flatpakrepo with %config
    macro to mark it as a configuration file.
* Fri Mar 17 2023 Bjørn Lie <bjorn.lie@gmail.com>
  - Update to version 1.15.4 (CVE-2023-28101, CVE-2023-28100):
    + Escape special characters when displaying permissions and
      metadata, preventing malicious apps from manipulating the
      appearance of the permissions list using crafted metadata
      (CVE-2023-28101, bsc#1209410).
    + If a Flatpak app is run on a Linux virtual console (tty1, tty2,
      etc.), don't allow copy/paste via the TIOCLINUX ioctl
      (CVE-2023-28100, bsc#1209411). Note that this is specific to virtual
      consoles: Flatpak is not vulnerable to this if run from a
      graphical terminal emulator such as xterm, gnome-terminal or
      Konsole.
    + Document the path used for flatpak override.
    + Updated translations.
* Fri Mar 17 2023 Bjørn Lie <bjorn.lie@gmail.com>
  - Update to version 1.15.3:
    + Build system: Building this version of Flatpak with Meson is
      recommended. The source release flatpak-1.15.3.tar.xz no longer
      contains Autotools-generated files, although this version can
      still be built using Autotools after running ./autogen.sh.
      Future versions are likely to remove the Autotools buildsystem.
    + Bug fixes:
    - When splitting an upgrade into two steps (download without
      installing, and then upgrade without allowing further
      downloads) like GNOME Software does, if an app is marked EOL
      and superseded by a replacement, don't remove the superseded
      app in the first step, which would result in the replacement
      incorrectly not being installed.
    - Fix a crash when --socket=gpg-agent is used.
    - Fix a crash when listing apps if one of them is broken or
      misconfigured.
    - If an app has invalid syntax in its overrides or metadata,
      mention the filename in the error message.
    - Unset $GDK_BACKEND for apps, ensuring GTK apps with
    - -socket=fallback-x11 can work.
    - Fix a deprecation warning when compiled with curl >= 7.85.
    + Updated translations.
    + Internal changes: Better diagnostic messages for why runtimes
      are or are not considered unused.
  - Changes from version 1.15.2:
    + Bug fixes:
    - Never try to export a parent of reserved directories as a
    - -filesystem, for example /run, which would prevent the app
      from starting.
    - Never try to export a --filesystem below /run/flatpak or
      /run/host, which could similarly prevent the app from
      starting.
    - The above change also fixes apps not starting if a
    - -filesystem is a symlink to the root directory.
    - Show a warning when the --filesystem exists but cannot be
      shared with the sandbox.
    - Display the intended messages for flatpak repair.
    - Exporting an app to an existing repository on a CIFS
      filesystem now works as intended.
    - Unset $GIO_EXTRA_MODULES for apps, avoiding misbehaviour in
      some GLib apps when set to a path on the host.
    - Unset $XKB_CONFIG_ROOT for apps, avoiding crashes in GTK and
      Qt apps under Wayland when this variable is set to a path not
      available in the sandbox.
    - When using the fish shell, avoid duplicate XDG_DATA_DIRS
      entries if the profile script is sourced more than once.
    - Update included copy of bubblewrap to 0.7.0 for better error
      messages.
    - Install SELinux files correctly when building with Meson
    + Internal changes:
    - Update included copy of libglnx
    - flatpak -v now uses the INFO log level, and flatpak -vv uses
      the DEBUG log level in the flatpak log domain. Previously,
      the extra messages that were logged by flatpak -vv were in a
      separate "flatpak2" log domain. G_MESSAGES_DEBUG=flatpak
      previously had an effect similar to flatpak -v, and is now
      more similar to flatpak -vv.
  - Changes from version 1.15.1:
    + Dependencies: When building with Meson, gpgme 1.8.0 is now
      required. Older versions can still be used by building with
      Autotools.
    + Features: If an old temporary deploy directory was leaked by
      versions before #5146, clean it up the next time the same app
      is updated.
    + Bug fixes:
    - If an app update is blocked by parental controls policies,
      clean up the temporary deploy directory.
    - Fix Autotools build with versions of gpgme that no longer
      provide gpgme-config(1).
    - Fix a possible parallel build failure with Meson.
    - Fix a compiler warning on 32-bit architectures.
    - When building with Autotools, be more consistent about
      applying compiler warning flags.
    - Unset $TEMP, $TEMPDIR and $TMP for apps, the same as $TMPDIR.
    - Treat /efi the same as /boot/efi.
  - Changes from version 1.15.0:
    + Build system:
    - Flatpak can now be compiled using Meson instead of Autotools.
      This requires Meson 0.53.0 or later, and Python 3.5 or later.
    - The Autotools build system is likely to be removed during
      either the 1.15.x or 1.17.x cycle.
    + New features:
    - Allow the modify_ldt system call as part of
    - -allow=multiarch. This increases attack surface, but is
      required when running 16-bit executables in some versions of
      Wine.
    - Share gssproxy socket, which acts like a portal for Kerberos
      authentication. This lets apps use Kerberos authentication
      without needing a sandbox hole.
    - Add a httpbackend variable to flatpak.pc, allowing dependent
      projects like GNOME Software to detect whether they are
      compatible with libflatpak.
    + Bug fixes:
    - Terminate the flatpak-session-helper and flatpak-portal
      services when the session ends, so that applications will not
      inherit outdated Wayland and X11 socket addresses.
    - When using fish shell, don't overwrite a previously-set
      XDG_DATA_DIRS.
    - Don't try to enable HTTP 2 if linked to a libcurl version
      that doesn't support it.
    - Stop systemd reporting the session-helper as failed when
      terminated by a signal.
    - Fix a warning when listing a document with no permissions.
    - Fix compilation with GLib 2.66.x (as used in Debian 11).
    - Fix compilation with GLib 2.58.x (as used in Debian 10).
    - Make generated files more reproducible.
    + Internal changes:
    - Update project logo in README.
    - Update libglnx subproject.
    + Updated translations.
  - Add libtool BuildRequires and pass autogen.sh, bootstrapping
    build is now needed.
  - Add gtk-doc and xmlto BuildRequires and pass enable-documentation
    and enable-gtk-doc to configure, building documentation manually.
* Thu Mar 16 2023 Bjørn Lie <bjorn.lie@gmail.com>
  - Update to version 1.14.4 (CVE-2023-28101, CVE-2023-28100):
    + Escape special characters when displaying permissions and
      metadata, preventing malicious apps from manipulating the
      appearance of the permissions list using crafted metadata
      (CVE-2023-28101, boo#1209410).
    + If a Flatpak app is run on a Linux virtual console (tty1, tty2,
      etc.), don't allow copy/paste via the TIOCLINUX ioctl
      (CVE-2023-28100). Note that this is specific to virtual
      consoles: Flatpak is not vulnerable to this if run from a
      graphical terminal emulator such as xterm, gnome-terminal or
      Konsole. (boo#1209411)
    + Updated translations.
* Mon Feb 27 2023 Bjørn Lie <bjorn.lie@gmail.com>
  - Update to version 1.14.3:
    + When splitting an upgrade into two steps (download without
      installing, and then upgrade without allowing further
      downloads) like GNOME Software does, if an app is marked EOL
      and superseded by a replacement, don't remove the superseded
      app in the first step, which would result in the replacement
      incorrectly not being installed.
    + Fix a crash when --socket=gpg-agent is used.
    + Fix a crash when listing apps if one of them is broken or
      misconfigured.
    + If an app has invalid syntax in its overrides or metadata,
      mention the filename in the error message.
    + Unset $GDK_BACKEND for apps, ensuring GTK apps with
    - -socket=fallback-x11 can work.
    + Never try to export a parent of reserved directories as a
    - -filesystem, for example /run, which would prevent the app
      from starting.
    + Never try to export a --filesystem below /run/flatpak or
      /run/host, which could similarly prevent the app from starting.
    + The above change also fixes apps not starting if a --filesystem
      is a symlink to the root directory.
    + Show a warning when the --filesystem exists but cannot be
      shared with the sandbox.
  - Drop flatpak-fix-gpg-agent-double-free.patch: Fixed upstream.
* Thu Feb 23 2023 Alynx Zhou <alynx.zhou@suse.com>
  - Add flatpak-fix-gpg-agent-double-free.patch: stdout stream of a
    subprocess is owned by the subprocess, not the caller, so don't
    use g_autoptr for it to prevent double free (bsc#1207434).
* Mon Feb 06 2023 Bjørn Lie <bjorn.lie@gmail.com>
  - Update to version 1.14.2:
    + The INFO log level is now treated the same as the DEBUG log
      level by flatpak -v, to make backports from 1.15.x simpler.
    + Bug fixes:
    - Display the intended messages for flatpak repair.
    - Exporting an app to an existing repository on a CIFS
      filesystem now works as intended.
    - Unset $GIO_EXTRA_MODULES for apps, avoiding misbehaviour in
      some GLib apps when set to a path on the host.
    - Unset $XKB_CONFIG_ROOT for apps, avoiding crashes in GTK and
      Qt apps under Wayland when this variable is set to a path not
      available in the sandbox.
    - Unset $KRB5CCNAME for apps.
    - When using the fish shell, avoid duplicate XDG_DATA_DIRS
      entries if the profile script is sourced more than once.
  - Package flatpak-remote-flathub sub-package as noarch.
* Wed Jan 11 2023 Antonio Larrosa <alarrosa@suse.com>
  - Fix the "Requires" version of bubblewrap to be the same as
    "BuildRequires" (>= 0.5.0).
  - Use a macro to define the versions required of bubblewrap,
    ostree and xdg_dbus_proxy to avoid having the same issue in
    the future again.
* Fri Nov 18 2022 Bjørn Lie <bjorn.lie@gmail.com>
  - Update to version 1.14.1:
    + New features: Add a httpbackend variable to flatpak.pc,
      allowing dependent projects like GNOME Software to detect
      whether they are compatible with libflatpak.
    + Bugs fixed:
    - Terminate the flatpak-session-helper and flatpak-portal
      services when the session ends, so that applications will not
      inherit outdated Wayland and X11 socket addresses.
    - When using fish shell, don't overwrite a previously-set
      XDG_DATA_DIRS.
    - Don't try to enable HTTP 2 if linked to a libcurl version
      that doesn't support it.
    - Stop systemd reporting the session-helper as failed when
      terminated by a signal.
    - Fix a warning when listing a document with no permissions.
    - Fix compilation with GLib 2.66.x (as used in Debian 11).
    - Fix compilation with GLib 2.58.x (as used in Debian 10).
    - Fix a compiler warning on 32-bit architectures.
    - If an app update is blocked by parental controls policies,
      clean up the temporary deploy directory.
    - Fix Autotools build with versions of gpgme that no longer
      provide gpgme-config(1).
    - When building with Autotools, be more consistent about
      applying compiler warning flags.
    - Unset $TEMP, $TEMPDIR and $TMP for apps, the same as $TMPDIR.
    - Treat /efi the same as /boot/efi.
    - Make generated files more reproducible.
    + Updated translations.
* Sun Nov 13 2022 Andreas Stieger <andreas.stieger@gmx.de>
  - Add and recommend a package flatpak-remote-flathub which adds
    the Flathub repository (boo#1186315)
* Thu Sep 01 2022 Bjørn Lie <bjorn.lie@gmail.com>
  - Drop pkgconfig(libsoup-2.4) BuildRequires: rely on the curl
    backend. Following this, pass --with-curl to configure.
  - Add pkgconfig(libxml-2.0) BuildRequires, exsisting dependency,
    previously pulled in by libsoup.
* Tue Aug 30 2022 Andreas Stieger <andreas.stieger@gmx.de>
  - Update to version 1.14.0:
    + Improved support for sideloading.
    + Allow sub-sandboxes to own MPRIS names on the session bus.
    + Commands that accept "--user" will now also take "-u" as an alias
      for that.
    + The CLI now properly informs the user of which apps are
      (indirectly) using end-of-life runtime extensions in end-of-life
      info messages.
    + The CLI now takes into account operations in the pending
      transaction when printing end-of-life messages.
    + The uninstall command now asks for confirmation before removing
      in-use runtimes or runtime extensions.
    + A "--socket=gpg-agent" option is now recognized by "flatpak run"
      and related commands.
    + Curl supported as default HTTP backend.
    + Uses Fuse 3.
    + Implement support for rewriting dynamic launchers when an app
      is renamed.
    + Add --include-sdk/debug options to install command to install
      SDK/debuginfo along with a ref.
    + defense in depth against arbitrary file deletion by
      flatpak-system-helper when using very old libostree
      (boo#1202639).
    + Updated translations.
  - Replace pkgconfig(fuse) BuildRequires with pkgconfig(fuse3):
    Follow upstreams port to fuse3.
  - Add pkgconfig(libcurl) BuildRequires: enable the new HTTP
    backend.
  - Drop gtk-doc BuildRequires and no longer pass --enable-gtk-doc to
    configure: no longer supported.
  - Drop libtool BuildRequires: no need to bootstrap the tarball.
  - Replace pkgconfig(appstream-glib) BuildRequires with
    pkgconfig(appstream): match what configure checks for.
  - Add pkgconfig(gdk-pixbuf-2.0): verified dependency that was
    implicitly included by appstream-glib before.
* Fri Jul 15 2022 Benjamin Greiner <code@bnavigator.de>
  - variant-schema-compiler requires the Python module pyparsing
* Sun Jul 03 2022 Andreas Stieger <andreas.stieger@gmx.de>
  - Correct Supplements for flatpak-zsh-completion boo#1201113
  - package LICENSE file in every package
  - make flatpak-zsh-completion and system-user-flatpak noarch
  - add update-system-flatpaks timer that updates installed flatpaks
    daily if enabled
* Tue Mar 15 2022 Andreas Stieger <andreas.stieger@gmx.de>
  - Update to version 1.12.7:
    + allow networked access to X11 and PulseAudio services if that
      is configured, and the application has network access
    + Absolute paths in WAYLAND_DISPLAY now work
    + Allow apps that were built with Flatpak 1.13.x to export
      AppStream metadata in share/metainfo
    + Most commands now work if /var/lib/flatpak exists but
      /var/lib/flatpak/repo does not, and will automatically populate
      the repo directory if possible
    + Consistently pass relative subpaths to libostree, working
      around a bug in libostree < 2021.6 when used with GLib >= 2.71
    + Fix some memory leaks in GVariant data processing
* Tue Feb 22 2022 Andreas Stieger <andreas.stieger@gmx.de>
  - Update to version 1.12.6:
    + Fix a bug that sometimes caused repo corruption in case
      downloads are interrupted or canceled, necessitating a
      "flatpak repair" to recover
    + More reliably detect the GTK theme
    + Fix history command unit test in some edge cases
    + Updated translations.
* Sun Feb 13 2022 Dirk Müller <dmueller@suse.com>
  - drop apparently unused libdwarf buildrequires
* Fri Feb 11 2022 Andreas Stieger <andreas.stieger@gmx.de>
  - Update to version 1.12.5:
    + Detect and remove left-over data from
      /var/lib/flatpak/appstream
    + Fix display bugs in flatpak history
    + Don't set up an unnecessary polkit agent for flatpak history
    + Don't propagate GStreamer-related environment variables into
      sandbox
    + Updated translations.
* Tue Jan 18 2022 Andreas Stieger <andreas.stieger@gmx.de>
  - Update to 1.12.4:
    + reverting non-backwards-compatible behaviour changes in the
      solution previously chosen for CVE-2022-21682 (boo#1194611)
      Fix will be in flatpak-builder 1.2.2.
    + Clarify documentation of --nofilesystem
    + Improve unit test coverage around --filesystem and
    - -nofilesystem
    + Restore compatibility with older appstream-glib versions,
      fixing a regression in 1.12.3
* Wed Jan 12 2022 Andreas Stieger <andreas.stieger@gmx.de>
  - Update to 1.12.3:
    + CVE-2021-43860: a malicious repository could have sent invalid
      application metadata in a way that hides some of the app
      permissions displayed during installation (boo#1194610)
    + CVE-2022-21682: flatpak-builder could allow
    - -mirror-screenshots-url commands to create directories outside
      of the build directory (boo#1194611)
    + Extra-data downloading now properly handles compressed
      content-encodings which fixes checksum verification
    + Note: In some corner case server setups this may require the
      extra-data checksum to be changed
    + Avoid unnecessary policy-kit dialog due to auto-pinning when
      installing runtimes
    + Better handling of updates of extensions that exist in multiple
      repositories
    + Fixed (initial) installation apps with renamed ids
    + Fixed regression in updates from no-enumerate remotes
    + We now verify checksums of summary caches, to better handle
      local file corruption
    + Improved cli output for non-terminal targets
    + Flatpak run --session-bus now works
    + Fix build with PyParsing >= 3.0.4
    + Fixed "Since" annotations on FlatpakTransaction signals
    + bash auto completion now doesn't complete on command name
      aliases
    + Minor improvements to the search command
    + Minor improvements to the list command
    + Minor improvements to the repair command
    + Add more tests
    + Updated translations.
  - Drop support-new-pyparsing.patch: Fixed upstream.
* Thu Dec 09 2021 Steve Kowalik <steven.kowalik@suse.com>
  - Add patch support-new-pyparsing.patch:
    * Support pyparsing >= 3.0.4.
* Wed Oct 13 2021 Andreas Stieger <andreas.stieger@gmx.de>
  - Update to 1.12.2:
    + Install translations referenced by LANG, LANGUAGE or LC_ALL
    + Fix error handling for the syscalls that are blocked when not
      using --devel
    + Improve diagnostic messages when seccomp rules cannot be
      applied
    + Updated translations.
* Sat Oct 09 2021 Bjørn Lie <bjorn.lie@gmail.com>
  - Update to version 1.12.1:
    + The security fix in the 1.12.0 release failed when used with
      some older versions of libseccomp (that don't know about the
      new syscalls).
* Fri Oct 08 2021 Bjørn Lie <bjorn.lie@gmail.com>
  - Update to version 1.12.0:
    + This is the first stable release in the 1.12.x series. The
      major changes in this series is the support for better control
      of sub-sandboxes, as used by the steam flatpak.
    + In addition, this release fixes a security vulnerability in the
      portal support. Some recently added syscalls were not blocked
      by the seccomp rules which allowed the application to create
      sub-sandboxes which can confuse the sandboxing verification
      mechanisms of the portal. This has been fixed by extending the
      seccomp rules (boo#1191507, CVE-2021-41133)
    + Some test fixes
    + Support for specifying the flatpak binary to use during exports
    + Install translations for all languages in the locale, not just
      the ones in LC_MESSAGES.
    + Fix progress reporting in flatpak fsck
    + Handle cases where /var/tmp is a symlink
    + Expose /etc/gai.conf to the sandbox
    + Fix the parental control checks for root
    + Handle missing /etc/ld.so.cache (musl)
    + Updated translations
* Wed Aug 25 2021 andy great <andythe_great@pm.me>
  - Update to version 1.11.3.
    * Bug fixes:
    * Don't inherit an unusual $XDG_RUNTIME_DIR setting into the sandbox,
      fixing a regression introduced when CVE-2021-21261 was fixed in
      1.8.5 and 1.10.0
    * Update the included copy of bubblewrap (flatpak-bwrap) to 0.5.0
    * Better diagnostics when a --bind or other bind-mount fails
    * Create non-directories with safer permissions
    * Allow mounting an non-directory over an existing non-directory
    * Silence kernel messages for our bind-mounts
    * Improve ability to bind-mount directories on case-insensitive
      filesystems
    * Don't ask user which remote to download from if there is only
      one option
    * Internal changes:
    * Improve test coverage
    * Spelling fixes
    * Translation updates: Brazilian Portuguese, Russian, Spanish, Ukrainian
* Fri Jun 18 2021 Callum Farmer <gmbr3@opensuse.org>
  - Add now working CONFIG parameter to sysusers generator
* Fri Jun 18 2021 Paolo Stivanin <info@paolostivanin.com>
  - Update to version 1.11.2:
    + Bug fixes:
    - Fix logic error when migrating AppStream XML
    - Improve error-checking
    - Fix various memory and file descriptor leaks, in particular
      with flatpak-spawn --env=...
    - Fix fd confusion in flatpak-spawn --env=... --forward-fd=...,
      which caused "Steam Linux Runtime" containers to fail to start
    - Avoid a crash when looking up summary for a ref without an arch
    - Improve handling of refs belonging to more than one
      architecture, e.g. for cross-compilation
    - Don't abort uninstall if deploy metadata is missing
    - Don't fail transaction if searching for dependencies fails
      in one remote
    - Fix test failure when running tests as root
    - Improve error message for 'sudo flatpak run'
    + Internal changes:
    - Improve printf format string validation
    - Improve test coverage
    - Reduce risk of accidentally hard-coding x86 in the tests
* Tue Apr 27 2021 Antonio Larrosa <alarrosa@suse.com>
  - Update to version 1.11.1:
    + New features:
    - All instances of the same app-ID share their /tmp directory
    - All instances of the same app-ID share their $XDG_RUNTIME_DIR
    - Instances of the same app-ID can optionally share their
      /dev/shm directory (enabled by a new --allow flag,
    - -allow=per-app-dev-shm)
    - Allow a subsandbox to have a different /usr and/or /app.
    - Steam will use this to launch games with its own container
      runtime as /usr (the "Steam Linux Runtime" mechanism).
    - enter: Improve support for TUI programs like gdb
    - build-update-repo: Add a higher-performance reimplementation
      of ostree prune specialized for archive-mode repositories
    + Bug fixes:
    - Fix deploys of local remotes in system-helper
    - Fix test failures on non-x86_64 systems
    - Fix two intermittent test failures
    - Make polkit queries non-interactive when operating in
      non-interactive mode
    - Use a local main-context when using libsoup in a thread
    - create-usb: Skip copying extra-data flatpaks
    - OCI: Switch to pax-format tar archives
    - history: Handle transaction log entries with empty REF field
    - portal: Fix flatpak-spawn --clear-env on OSs where flatpak
      is not on the fallback PATH, such as NixOS
    - Fix various issues detected by scan-build
    + Internal changes:
    - Use GNU bison to build parse-datetime.y
    - Add information about security support and security
      vulnerability reporting (see SECURITY.md)
    - Move all git submodules into subprojects/ directory
    - Several sockets are now created in /run/flatpak in the
      sandbox, with symbolic links in $XDG_RUNTIME_DIR
* Wed Mar 10 2021 Antonio Larrosa <alarrosa@suse.com>
  -  Update to version 1.10.2:
    + This is a security update which fixes a potential attack where
      a flatpak application could use custom formated .desktop files
      to gain access to files on the host system.
    + Fix memory leaks
    + Some test fixes
    + Documentation updates
    + G_BEGIN/END_DECLS added to library headders for c++ use
    + Fix for X11 cookies on OpenSUSE
    + Spawn portal better handles non-utf8 filenames
* Thu Jan 28 2021 Antonio Larrosa <alarrosa@suse.com>
  - Flatpak only requires glib 2.44, not 2.60
  - Update ostree version required to 2020.8
* Sun Jan 24 2021 Andreas Stieger <andreas.stieger@gmx.de>
  - Update to version 1.10.1:
    + Fix flatpak build on systems with setuid bwrap
    + Fix some compiler warnings
    + Fix crash on updating apps with no deploy data
    + Updated translations.
  - Remove deprecated texinfo packaging macros.
  - Switch to upstream release tarball.
* Fri Jan 15 2021 Bjørn Lie <bjorn.lie@gmail.com>
  - Update to version 1.10.0:
    + The major new feature in this series compared to 1.8 is the
      support for the new repo format which should make updates
      faster and download less data.
    + The systemd generator snippets now call flatpak
    - -print-updated-env in place of a bunch of shell for better
      login performance.
    + The .profile snippets now disable GVfs when calling flatpak to
      avoid spawning a gvfs daemon when logging in via ssh.
    + Build fixes for GCC 11.
    + Flatpak now finds the pulseaudio sockets better in uncommon
      configurations.
    + Sandboxes with network access it now also has access to the
      systemd-resolved socket to do dns lookups.
    + Flatpak supports unsetting env vars in the sandbox using
    - -unset-env, and --env=FOO= now sets FOO to the empty string
      instead of unsetting it.
    + Similarly the spawn portal has an option to unset an env var.
    + The spawn portal now has an option to share the pid namespace
      with the sub-sandbox.
* Fri Jan 15 2021 Bjørn Lie <bjorn.lie@gmail.com>
  - Update to version 1.8.5 (CVE-2021-21261):
    + This is a security update that fixes a sandbox escape where a
      malicious application can execute code outside the sandbox by
      controlling the environment of the "flatpak run" command when
      spawning a sub-sandbox (boo#1180996)
* Thu Jan 07 2021 Bjørn Lie <bjorn.lie@gmail.com>
  - Update to version 1.8.4:
    + Fix support for ppc64.

Files

/usr/bin/flatpak-bisect
/usr/bin/flatpak-coredumpctl
/usr/include/flatpak
/usr/include/flatpak/flatpak-bundle-ref.h
/usr/include/flatpak/flatpak-enum-types.h
/usr/include/flatpak/flatpak-error.h
/usr/include/flatpak/flatpak-installation.h
/usr/include/flatpak/flatpak-installed-ref.h
/usr/include/flatpak/flatpak-instance.h
/usr/include/flatpak/flatpak-portal-error.h
/usr/include/flatpak/flatpak-ref.h
/usr/include/flatpak/flatpak-related-ref.h
/usr/include/flatpak/flatpak-remote-ref.h
/usr/include/flatpak/flatpak-remote.h
/usr/include/flatpak/flatpak-transaction.h
/usr/include/flatpak/flatpak-version-macros.h
/usr/include/flatpak/flatpak.h
/usr/lib64/libflatpak.so
/usr/lib64/pkgconfig/flatpak.pc
/usr/share/doc/flatpak
/usr/share/doc/flatpak/docbook.css
/usr/share/doc/flatpak/flatpak-docs.html
/usr/share/gir-1.0/Flatpak-1.0.gir
/usr/share/gtk-doc/html/flatpak
/usr/share/gtk-doc/html/flatpak/FlatpakBundleRef.html
/usr/share/gtk-doc/html/flatpak/FlatpakInstallation.html
/usr/share/gtk-doc/html/flatpak/FlatpakInstalledRef.html
/usr/share/gtk-doc/html/flatpak/FlatpakInstance.html
/usr/share/gtk-doc/html/flatpak/FlatpakRef.html
/usr/share/gtk-doc/html/flatpak/FlatpakRelatedRef.html
/usr/share/gtk-doc/html/flatpak/FlatpakRemote.html
/usr/share/gtk-doc/html/flatpak/FlatpakRemoteRef.html
/usr/share/gtk-doc/html/flatpak/FlatpakTransaction.html
/usr/share/gtk-doc/html/flatpak/FlatpakTransactionOperation.html
/usr/share/gtk-doc/html/flatpak/FlatpakTransactionProgress.html
/usr/share/gtk-doc/html/flatpak/annotation-glossary.html
/usr/share/gtk-doc/html/flatpak/ch01.html
/usr/share/gtk-doc/html/flatpak/ch02.html
/usr/share/gtk-doc/html/flatpak/flatpak-Error-codes.html
/usr/share/gtk-doc/html/flatpak/flatpak-Version-information.html
/usr/share/gtk-doc/html/flatpak/flatpak.devhelp2
/usr/share/gtk-doc/html/flatpak/full-api-index.html
/usr/share/gtk-doc/html/flatpak/gdbus-org.freedesktop.Flatpak.Authenticator.html
/usr/share/gtk-doc/html/flatpak/gdbus-org.freedesktop.Flatpak.AuthenticatorRequest.html
/usr/share/gtk-doc/html/flatpak/gdbus-org.freedesktop.Flatpak.Development.html
/usr/share/gtk-doc/html/flatpak/gdbus-org.freedesktop.Flatpak.SessionHelper.html
/usr/share/gtk-doc/html/flatpak/gdbus-org.freedesktop.Flatpak.SystemHelper.html
/usr/share/gtk-doc/html/flatpak/gdbus-org.freedesktop.impl.portal.PermissionStore.html
/usr/share/gtk-doc/html/flatpak/gdbus-org.freedesktop.portal.Documents.html
/usr/share/gtk-doc/html/flatpak/gdbus-org.freedesktop.portal.Flatpak.UpdateMonitor.html
/usr/share/gtk-doc/html/flatpak/gdbus-org.freedesktop.portal.Flatpak.html
/usr/share/gtk-doc/html/flatpak/home.png
/usr/share/gtk-doc/html/flatpak/index.html
/usr/share/gtk-doc/html/flatpak/left-insensitive.png
/usr/share/gtk-doc/html/flatpak/left.png
/usr/share/gtk-doc/html/flatpak/object-tree.html
/usr/share/gtk-doc/html/flatpak/right-insensitive.png
/usr/share/gtk-doc/html/flatpak/right.png
/usr/share/gtk-doc/html/flatpak/style.css
/usr/share/gtk-doc/html/flatpak/up-insensitive.png
/usr/share/gtk-doc/html/flatpak/up.png
/usr/share/licenses/flatpak-devel
/usr/share/licenses/flatpak-devel/COPYING


Generated by rpm2html 1.8.1

Fabrice Bellet, Thu Oct 17 02:58:46 2024