| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: flatpak-devel | Distribution: openSUSE:Factory:zSystems |
| Version: 1.15.6 | Vendor: openSUSE |
| Release: 1.2 | Build date: Mon Dec 25 20:11:41 2023 |
| Group: Development/Languages/C and C++ | Build host: s390zl24 |
| Size: 1965909 | Source RPM: flatpak-1.15.6-1.2.src.rpm |
| Packager: https://bugs.opensuse.org | |
| Url: https://flatpak.github.io/ | |
| Summary: Development files for the flatpak library | |
flatpak is a system for building, distributing and running sandboxed desktop applications on Linux. See https://wiki.gnome.org/Projects/SandboxedApps for more information.
LGPL-2.1-or-later
* Tue Nov 14 2023 Bjørn Lie <bjorn.lie@gmail.com>
- Update to version 1.15.6:
+ In distributions that compile Flatpak to use a separate
bubblewrap (bwrap) executable, version 0.8.0 is now required.
+ Enabling the optional Wayland security context feature requires
libwayland-client, wayland-scanner >= 1.15 and
wayland-protocols >= 1.32.
+ Add --device=input, for access to evdev devices in /dev/input
+ Update bundled copy of bubblewrap to version 0.8.0, and rely on
its features:
+ Improve error message if seccomp is disabled in kernel config
+ Security hardening: set user namespace limit to 0, to prevent
creation of nested user namespaces in a more robust way
+ For subsandboxes started by flatpak-portal, inherit
environment variables from the flatpak run that started the
original instance rather than from flatpak-portal, fixing
behaviour of FLATPAK_GL_DRIVERS and similar features
+ Stop http transfers if a download in progress becomes very slow
+ Make it easier to configure extra languages, by picking them up
from AccountsService if configured there
+ Add new flatpak_transaction_add_rebase_and_uninstall() API,
allowing end-of-life apps to be replaced by their intended
replacement more reliably
+ Create a private Wayland socket with the "security context"
extension if available, allowing the compositor to identify
connections from sandboxed apps as belonging to the sandbox
+ Update libglnx to 2023-08-29
+ Use features of newer GLib versions if available
+ Turn off system-level crash reporting infrastructure during
some unit tests that involve intentional assertion failures
+ Add anchors to link to sections of flatpak-metadata
documentation
+ Bug fixes:
- Avoid warnings processing symbolic links with GLib >= 2.77.0,
and with GLib 2.76.0 (GLib 2.76.1 or later silences these
warnings)
- Bypass page cache for backend requests in revokefs, fixing
installation errors with libostree 2023.4
- Show AppStream metadata in flatpak remote-info as intended
- Don't let Flatpak apps inherit VK_DRIVER_FILES or
VK_ICD_FILENAMES from the host system, which would be wrong
for the sandbox
- Fix build failure with prereleases of libappstream 0.17.x
- Forward-compatibility with libappstream 1.0
- Fix installation with Meson if configured with
- Dauto_sideloading=true
- Fix a memory leak
- Fix compiler warnings
- Make the tests fail more comprehensibly if a required tool is
missing
- Clean up /var/tmp/flatpak-cache-* directories on boot
- Don't force GIO_USE_VFS=local for programs launched via
flatpak-spawn
- Clarify documentation for D-Bus name ownership
+ Internal changes:
- Split up large source files into smaller modules, reducing
internal circular dependencies
- Re-synchronize code backported from GLib with the version in
GLib
- Clarify documentation for D-Bus name ownership
- Make the flags used to apply "extra data" clearer
- Use glnx_opendirat() where possible
+ Updated translations.
- Add pkgconfig(wayland-client), pkgconfig(wayland-scanner) and
pkgconfig(wayland-protocols) BuildRequires and pass
with-wayland-security-context=yes to configure: Enable the
optional Wayland security context.
* Wed Aug 02 2023 Luciano Santos <luc14n0@opensuse.org>
- Add update-user-flatpaks service and timer Systemd units - based
on update-system-flatpaks.{service,timer} - to help users keep
their user installed flatpaks up to date.
- Prefix /etc/flatpak/remotes.d/flathub.flatpakrepo with %config
macro to mark it as a configuration file.
* Fri Mar 17 2023 Bjørn Lie <bjorn.lie@gmail.com>
- Update to version 1.15.4 (CVE-2023-28101, CVE-2023-28100):
+ Escape special characters when displaying permissions and
metadata, preventing malicious apps from manipulating the
appearance of the permissions list using crafted metadata
(CVE-2023-28101).
+ If a Flatpak app is run on a Linux virtual console (tty1, tty2,
etc.), don't allow copy/paste via the TIOCLINUX ioctl
(CVE-2023-28100). Note that this is specific to virtual
consoles: Flatpak is not vulnerable to this if run from a
graphical terminal emulator such as xterm, gnome-terminal or
Konsole.
+ Document the path used for flatpak override.
+ Updated translations.
* Fri Mar 17 2023 Bjørn Lie <bjorn.lie@gmail.com>
- Update to version 1.15.3:
+ Build system: Building this version of Flatpak with Meson is
recommended. The source release flatpak-1.15.3.tar.xz no longer
contains Autotools-generated files, although this version can
still be built using Autotools after running ./autogen.sh.
Future versions are likely to remove the Autotools buildsystem.
+ Bug fixes:
- When splitting an upgrade into two steps (download without
installing, and then upgrade without allowing further
downloads) like GNOME Software does, if an app is marked EOL
and superseded by a replacement, don't remove the superseded
app in the first step, which would result in the replacement
incorrectly not being installed.
- Fix a crash when --socket=gpg-agent is used.
- Fix a crash when listing apps if one of them is broken or
misconfigured.
- If an app has invalid syntax in its overrides or metadata,
mention the filename in the error message.
- Unset $GDK_BACKEND for apps, ensuring GTK apps with
- -socket=fallback-x11 can work.
- Fix a deprecation warning when compiled with curl >= 7.85.
+ Updated translations.
+ Internal changes: Better diagnostic messages for why runtimes
are or are not considered unused.
- Changes from version 1.15.2:
+ Bug fixes:
- Never try to export a parent of reserved directories as a
- -filesystem, for example /run, which would prevent the app
from starting.
- Never try to export a --filesystem below /run/flatpak or
/run/host, which could similarly prevent the app from
starting.
- The above change also fixes apps not starting if a
- -filesystem is a symlink to the root directory.
- Show a warning when the --filesystem exists but cannot be
shared with the sandbox.
- Display the intended messages for flatpak repair.
- Exporting an app to an existing repository on a CIFS
filesystem now works as intended.
- Unset $GIO_EXTRA_MODULES for apps, avoiding misbehaviour in
some GLib apps when set to a path on the host.
- Unset $XKB_CONFIG_ROOT for apps, avoiding crashes in GTK and
Qt apps under Wayland when this variable is set to a path not
available in the sandbox.
- When using the fish shell, avoid duplicate XDG_DATA_DIRS
entries if the profile script is sourced more than once.
- Update included copy of bubblewrap to 0.7.0 for better error
messages.
- Install SELinux files correctly when building with Meson
+ Internal changes:
- Update included copy of libglnx
- flatpak -v now uses the INFO log level, and flatpak -vv uses
the DEBUG log level in the flatpak log domain. Previously,
the extra messages that were logged by flatpak -vv were in a
separate "flatpak2" log domain. G_MESSAGES_DEBUG=flatpak
previously had an effect similar to flatpak -v, and is now
more similar to flatpak -vv.
- Changes from version 1.15.1:
+ Dependencies: When building with Meson, gpgme 1.8.0 is now
required. Older versions can still be used by building with
Autotools.
+ Features: If an old temporary deploy directory was leaked by
versions before #5146, clean it up the next time the same app
is updated.
+ Bug fixes:
- If an app update is blocked by parental controls policies,
clean up the temporary deploy directory.
- Fix Autotools build with versions of gpgme that no longer
provide gpgme-config(1).
- Fix a possible parallel build failure with Meson.
- Fix a compiler warning on 32-bit architectures.
- When building with Autotools, be more consistent about
applying compiler warning flags.
- Unset $TEMP, $TEMPDIR and $TMP for apps, the same as $TMPDIR.
- Treat /efi the same as /boot/efi.
- Changes from version 1.15.0:
+ Build system:
- Flatpak can now be compiled using Meson instead of Autotools.
This requires Meson 0.53.0 or later, and Python 3.5 or later.
- The Autotools build system is likely to be removed during
either the 1.15.x or 1.17.x cycle.
+ New features:
- Allow the modify_ldt system call as part of
- -allow=multiarch. This increases attack surface, but is
required when running 16-bit executables in some versions of
Wine.
- Share gssproxy socket, which acts like a portal for Kerberos
authentication. This lets apps use Kerberos authentication
without needing a sandbox hole.
- Add a httpbackend variable to flatpak.pc, allowing dependent
projects like GNOME Software to detect whether they are
compatible with libflatpak.
+ Bug fixes:
- Terminate the flatpak-session-helper and flatpak-portal
services when the session ends, so that applications will not
inherit outdated Wayland and X11 socket addresses.
- When using fish shell, don't overwrite a previously-set
XDG_DATA_DIRS.
- Don't try to enable HTTP 2 if linked to a libcurl version
that doesn't support it.
- Stop systemd reporting the session-helper as failed when
terminated by a signal.
- Fix a warning when listing a document with no permissions.
- Fix compilation with GLib 2.66.x (as used in Debian 11).
- Fix compilation with GLib 2.58.x (as used in Debian 10).
- Make generated files more reproducible.
+ Internal changes:
- Update project logo in README.
- Update libglnx subproject.
+ Updated translations.
- Add libtool BuildRequires and pass autogen.sh, bootstrapping
build is now needed.
- Add gtk-doc and xmlto BuildRequires and pass enable-documentation
and enable-gtk-doc to configure, building documentation manually.
* Thu Mar 16 2023 Bjørn Lie <bjorn.lie@gmail.com>
- Update to version 1.14.4 (CVE-2023-28101, CVE-2023-28100):
+ Escape special characters when displaying permissions and
metadata, preventing malicious apps from manipulating the
appearance of the permissions list using crafted metadata
(CVE-2023-28101, boo#1209410).
+ If a Flatpak app is run on a Linux virtual console (tty1, tty2,
etc.), don't allow copy/paste via the TIOCLINUX ioctl
(CVE-2023-28100). Note that this is specific to virtual
consoles: Flatpak is not vulnerable to this if run from a
graphical terminal emulator such as xterm, gnome-terminal or
Konsole. (boo#1209411)
+ Updated translations.
* Mon Feb 27 2023 Bjørn Lie <bjorn.lie@gmail.com>
- Update to version 1.14.3:
+ When splitting an upgrade into two steps (download without
installing, and then upgrade without allowing further
downloads) like GNOME Software does, if an app is marked EOL
and superseded by a replacement, don't remove the superseded
app in the first step, which would result in the replacement
incorrectly not being installed.
+ Fix a crash when --socket=gpg-agent is used.
+ Fix a crash when listing apps if one of them is broken or
misconfigured.
+ If an app has invalid syntax in its overrides or metadata,
mention the filename in the error message.
+ Unset $GDK_BACKEND for apps, ensuring GTK apps with
- -socket=fallback-x11 can work.
+ Never try to export a parent of reserved directories as a
- -filesystem, for example /run, which would prevent the app
from starting.
+ Never try to export a --filesystem below /run/flatpak or
/run/host, which could similarly prevent the app from starting.
+ The above change also fixes apps not starting if a --filesystem
is a symlink to the root directory.
+ Show a warning when the --filesystem exists but cannot be
shared with the sandbox.
- Drop flatpak-fix-gpg-agent-double-free.patch: Fixed upstream.
* Thu Feb 23 2023 Alynx Zhou <alynx.zhou@suse.com>
- Add flatpak-fix-gpg-agent-double-free.patch: stdout stream of a
subprocess is owned by the subprocess, not the caller, so don't
use g_autoptr for it to prevent double free (bsc#1207434).
* Mon Feb 06 2023 Bjørn Lie <bjorn.lie@gmail.com>
- Update to version 1.14.2:
+ The INFO log level is now treated the same as the DEBUG log
level by flatpak -v, to make backports from 1.15.x simpler.
+ Bug fixes:
- Display the intended messages for flatpak repair.
- Exporting an app to an existing repository on a CIFS
filesystem now works as intended.
- Unset $GIO_EXTRA_MODULES for apps, avoiding misbehaviour in
some GLib apps when set to a path on the host.
- Unset $XKB_CONFIG_ROOT for apps, avoiding crashes in GTK and
Qt apps under Wayland when this variable is set to a path not
available in the sandbox.
- Unset $KRB5CCNAME for apps.
- When using the fish shell, avoid duplicate XDG_DATA_DIRS
entries if the profile script is sourced more than once.
- Package flatpak-remote-flathub sub-package as noarch.
* Wed Jan 11 2023 Antonio Larrosa <alarrosa@suse.com>
- Fix the "Requires" version of bubblewrap to be the same as
"BuildRequires" (>= 0.5.0).
- Use a macro to define the versions required of bubblewrap,
ostree and xdg_dbus_proxy to avoid having the same issue in
the future again.
* Fri Nov 18 2022 Bjørn Lie <bjorn.lie@gmail.com>
- Update to version 1.14.1:
+ New features: Add a httpbackend variable to flatpak.pc,
allowing dependent projects like GNOME Software to detect
whether they are compatible with libflatpak.
+ Bugs fixed:
- Terminate the flatpak-session-helper and flatpak-portal
services when the session ends, so that applications will not
inherit outdated Wayland and X11 socket addresses.
- When using fish shell, don't overwrite a previously-set
XDG_DATA_DIRS.
- Don't try to enable HTTP 2 if linked to a libcurl version
that doesn't support it.
- Stop systemd reporting the session-helper as failed when
terminated by a signal.
- Fix a warning when listing a document with no permissions.
- Fix compilation with GLib 2.66.x (as used in Debian 11).
- Fix compilation with GLib 2.58.x (as used in Debian 10).
- Fix a compiler warning on 32-bit architectures.
- If an app update is blocked by parental controls policies,
clean up the temporary deploy directory.
- Fix Autotools build with versions of gpgme that no longer
provide gpgme-config(1).
- When building with Autotools, be more consistent about
applying compiler warning flags.
- Unset $TEMP, $TEMPDIR and $TMP for apps, the same as $TMPDIR.
- Treat /efi the same as /boot/efi.
- Make generated files more reproducible.
+ Updated translations.
* Sun Nov 13 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Add and recommend a package flatpak-remote-flathub which adds
the Flathub repository (boo#1186315)
* Thu Sep 01 2022 Bjørn Lie <bjorn.lie@gmail.com>
- Drop pkgconfig(libsoup-2.4) BuildRequires: rely on the curl
backend. Following this, pass --with-curl to configure.
- Add pkgconfig(libxml-2.0) BuildRequires, exsisting dependency,
previously pulled in by libsoup.
* Tue Aug 30 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Update to version 1.14.0:
+ Improved support for sideloading.
+ Allow sub-sandboxes to own MPRIS names on the session bus.
+ Commands that accept "--user" will now also take "-u" as an alias
for that.
+ The CLI now properly informs the user of which apps are
(indirectly) using end-of-life runtime extensions in end-of-life
info messages.
+ The CLI now takes into account operations in the pending
transaction when printing end-of-life messages.
+ The uninstall command now asks for confirmation before removing
in-use runtimes or runtime extensions.
+ A "--socket=gpg-agent" option is now recognized by "flatpak run"
and related commands.
+ Curl supported as default HTTP backend.
+ Uses Fuse 3.
+ Implement support for rewriting dynamic launchers when an app
is renamed.
+ Add --include-sdk/debug options to install command to install
SDK/debuginfo along with a ref.
+ defense in depth against arbitrary file deletion by
flatpak-system-helper when using very old libostree
(boo#1202639).
+ Updated translations.
- Replace pkgconfig(fuse) BuildRequires with pkgconfig(fuse3):
Follow upstreams port to fuse3.
- Add pkgconfig(libcurl) BuildRequires: enable the new HTTP
backend.
- Drop gtk-doc BuildRequires and no longer pass --enable-gtk-doc to
configure: no longer supported.
- Drop libtool BuildRequires: no need to bootstrap the tarball.
- Replace pkgconfig(appstream-glib) BuildRequires with
pkgconfig(appstream): match what configure checks for.
- Add pkgconfig(gdk-pixbuf-2.0): verified dependency that was
implicitly included by appstream-glib before.
* Fri Jul 15 2022 Benjamin Greiner <code@bnavigator.de>
- variant-schema-compiler requires the Python module pyparsing
* Sun Jul 03 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Correct Supplements for flatpak-zsh-completion boo#1201113
- package LICENSE file in every package
- make flatpak-zsh-completion and system-user-flatpak noarch
- add update-system-flatpaks timer that updates installed flatpaks
daily if enabled
* Tue Mar 15 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Update to version 1.12.7:
+ allow networked access to X11 and PulseAudio services if that
is configured, and the application has network access
+ Absolute paths in WAYLAND_DISPLAY now work
+ Allow apps that were built with Flatpak 1.13.x to export
AppStream metadata in share/metainfo
+ Most commands now work if /var/lib/flatpak exists but
/var/lib/flatpak/repo does not, and will automatically populate
the repo directory if possible
+ Consistently pass relative subpaths to libostree, working
around a bug in libostree < 2021.6 when used with GLib >= 2.71
+ Fix some memory leaks in GVariant data processing
* Tue Feb 22 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Update to version 1.12.6:
+ Fix a bug that sometimes caused repo corruption in case
downloads are interrupted or canceled, necessitating a
"flatpak repair" to recover
+ More reliably detect the GTK theme
+ Fix history command unit test in some edge cases
+ Updated translations.
* Sun Feb 13 2022 Dirk Müller <dmueller@suse.com>
- drop apparently unused libdwarf buildrequires
* Fri Feb 11 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Update to version 1.12.5:
+ Detect and remove left-over data from
/var/lib/flatpak/appstream
+ Fix display bugs in flatpak history
+ Don't set up an unnecessary polkit agent for flatpak history
+ Don't propagate GStreamer-related environment variables into
sandbox
+ Updated translations.
* Tue Jan 18 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Update to 1.12.4:
+ reverting non-backwards-compatible behaviour changes in the
solution previously chosen for CVE-2022-21682 (boo#1194611)
Fix will be in flatpak-builder 1.2.2.
+ Clarify documentation of --nofilesystem
+ Improve unit test coverage around --filesystem and
- -nofilesystem
+ Restore compatibility with older appstream-glib versions,
fixing a regression in 1.12.3
* Wed Jan 12 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Update to 1.12.3:
+ CVE-2021-43860: a malicious repository could have sent invalid
application metadata in a way that hides some of the app
permissions displayed during installation (boo#1194610)
+ CVE-2022-21682: flatpak-builder could allow
- -mirror-screenshots-url commands to create directories outside
of the build directory (boo#1194611)
+ Extra-data downloading now properly handles compressed
content-encodings which fixes checksum verification
+ Note: In some corner case server setups this may require the
extra-data checksum to be changed
+ Avoid unnecessary policy-kit dialog due to auto-pinning when
installing runtimes
+ Better handling of updates of extensions that exist in multiple
repositories
+ Fixed (initial) installation apps with renamed ids
+ Fixed regression in updates from no-enumerate remotes
+ We now verify checksums of summary caches, to better handle
local file corruption
+ Improved cli output for non-terminal targets
+ Flatpak run --session-bus now works
+ Fix build with PyParsing >= 3.0.4
+ Fixed "Since" annotations on FlatpakTransaction signals
+ bash auto completion now doesn't complete on command name
aliases
+ Minor improvements to the search command
+ Minor improvements to the list command
+ Minor improvements to the repair command
+ Add more tests
+ Updated translations.
- Drop support-new-pyparsing.patch: Fixed upstream.
* Thu Dec 09 2021 Steve Kowalik <steven.kowalik@suse.com>
- Add patch support-new-pyparsing.patch:
* Support pyparsing >= 3.0.4.
* Wed Oct 13 2021 Andreas Stieger <andreas.stieger@gmx.de>
- Update to 1.12.2:
+ Install translations referenced by LANG, LANGUAGE or LC_ALL
+ Fix error handling for the syscalls that are blocked when not
using --devel
+ Improve diagnostic messages when seccomp rules cannot be
applied
+ Updated translations.
* Sat Oct 09 2021 Bjørn Lie <bjorn.lie@gmail.com>
- Update to version 1.12.1:
+ The security fix in the 1.12.0 release failed when used with
some older versions of libseccomp (that don't know about the
new syscalls).
* Fri Oct 08 2021 Bjørn Lie <bjorn.lie@gmail.com>
- Update to version 1.12.0:
+ This is the first stable release in the 1.12.x series. The
major changes in this series is the support for better control
of sub-sandboxes, as used by the steam flatpak.
+ In addition, this release fixes a security vulnerability in the
portal support. Some recently added syscalls were not blocked
by the seccomp rules which allowed the application to create
sub-sandboxes which can confuse the sandboxing verification
mechanisms of the portal. This has been fixed by extending the
seccomp rules (boo#1191507, CVE-2021-41133)
+ Some test fixes
+ Support for specifying the flatpak binary to use during exports
+ Install translations for all languages in the locale, not just
the ones in LC_MESSAGES.
+ Fix progress reporting in flatpak fsck
+ Handle cases where /var/tmp is a symlink
+ Expose /etc/gai.conf to the sandbox
+ Fix the parental control checks for root
+ Handle missing /etc/ld.so.cache (musl)
+ Updated translations
* Wed Aug 25 2021 andy great <andythe_great@pm.me>
- Update to version 1.11.3.
* Bug fixes:
* Don't inherit an unusual $XDG_RUNTIME_DIR setting into the sandbox,
fixing a regression introduced when CVE-2021-21261 was fixed in
1.8.5 and 1.10.0
* Update the included copy of bubblewrap (flatpak-bwrap) to 0.5.0
* Better diagnostics when a --bind or other bind-mount fails
* Create non-directories with safer permissions
* Allow mounting an non-directory over an existing non-directory
* Silence kernel messages for our bind-mounts
* Improve ability to bind-mount directories on case-insensitive
filesystems
* Don't ask user which remote to download from if there is only
one option
* Internal changes:
* Improve test coverage
* Spelling fixes
* Translation updates: Brazilian Portuguese, Russian, Spanish, Ukrainian
* Fri Jun 18 2021 Callum Farmer <gmbr3@opensuse.org>
- Add now working CONFIG parameter to sysusers generator
* Fri Jun 18 2021 Paolo Stivanin <info@paolostivanin.com>
- Update to version 1.11.2:
+ Bug fixes:
- Fix logic error when migrating AppStream XML
- Improve error-checking
- Fix various memory and file descriptor leaks, in particular
with flatpak-spawn --env=...
- Fix fd confusion in flatpak-spawn --env=... --forward-fd=...,
which caused "Steam Linux Runtime" containers to fail to start
- Avoid a crash when looking up summary for a ref without an arch
- Improve handling of refs belonging to more than one
architecture, e.g. for cross-compilation
- Don't abort uninstall if deploy metadata is missing
- Don't fail transaction if searching for dependencies fails
in one remote
- Fix test failure when running tests as root
- Improve error message for 'sudo flatpak run'
+ Internal changes:
- Improve printf format string validation
- Improve test coverage
- Reduce risk of accidentally hard-coding x86 in the tests
* Tue Apr 27 2021 Antonio Larrosa <alarrosa@suse.com>
- Update to version 1.11.1:
+ New features:
- All instances of the same app-ID share their /tmp directory
- All instances of the same app-ID share their $XDG_RUNTIME_DIR
- Instances of the same app-ID can optionally share their
/dev/shm directory (enabled by a new --allow flag,
- -allow=per-app-dev-shm)
- Allow a subsandbox to have a different /usr and/or /app.
- Steam will use this to launch games with its own container
runtime as /usr (the "Steam Linux Runtime" mechanism).
- enter: Improve support for TUI programs like gdb
- build-update-repo: Add a higher-performance reimplementation
of ostree prune specialized for archive-mode repositories
+ Bug fixes:
- Fix deploys of local remotes in system-helper
- Fix test failures on non-x86_64 systems
- Fix two intermittent test failures
- Make polkit queries non-interactive when operating in
non-interactive mode
- Use a local main-context when using libsoup in a thread
- create-usb: Skip copying extra-data flatpaks
- OCI: Switch to pax-format tar archives
- history: Handle transaction log entries with empty REF field
- portal: Fix flatpak-spawn --clear-env on OSs where flatpak
is not on the fallback PATH, such as NixOS
- Fix various issues detected by scan-build
+ Internal changes:
- Use GNU bison to build parse-datetime.y
- Add information about security support and security
vulnerability reporting (see SECURITY.md)
- Move all git submodules into subprojects/ directory
- Several sockets are now created in /run/flatpak in the
sandbox, with symbolic links in $XDG_RUNTIME_DIR
* Wed Mar 10 2021 Antonio Larrosa <alarrosa@suse.com>
- Update to version 1.10.2:
+ This is a security update which fixes a potential attack where
a flatpak application could use custom formated .desktop files
to gain access to files on the host system.
+ Fix memory leaks
+ Some test fixes
+ Documentation updates
+ G_BEGIN/END_DECLS added to library headders for c++ use
+ Fix for X11 cookies on OpenSUSE
+ Spawn portal better handles non-utf8 filenames
* Thu Jan 28 2021 Antonio Larrosa <alarrosa@suse.com>
- Flatpak only requires glib 2.44, not 2.60
- Update ostree version required to 2020.8
* Sun Jan 24 2021 Andreas Stieger <andreas.stieger@gmx.de>
- Update to version 1.10.1:
+ Fix flatpak build on systems with setuid bwrap
+ Fix some compiler warnings
+ Fix crash on updating apps with no deploy data
+ Updated translations.
- Remove deprecated texinfo packaging macros.
- Switch to upstream release tarball.
* Fri Jan 15 2021 Bjørn Lie <bjorn.lie@gmail.com>
- Update to version 1.10.0:
+ The major new feature in this series compared to 1.8 is the
support for the new repo format which should make updates
faster and download less data.
+ The systemd generator snippets now call flatpak
- -print-updated-env in place of a bunch of shell for better
login performance.
+ The .profile snippets now disable GVfs when calling flatpak to
avoid spawning a gvfs daemon when logging in via ssh.
+ Build fixes for GCC 11.
+ Flatpak now finds the pulseaudio sockets better in uncommon
configurations.
+ Sandboxes with network access it now also has access to the
systemd-resolved socket to do dns lookups.
+ Flatpak supports unsetting env vars in the sandbox using
- -unset-env, and --env=FOO= now sets FOO to the empty string
instead of unsetting it.
+ Similarly the spawn portal has an option to unset an env var.
+ The spawn portal now has an option to share the pid namespace
with the sub-sandbox.
* Fri Jan 15 2021 Bjørn Lie <bjorn.lie@gmail.com>
- Update to version 1.8.5 (CVE-2021-21261):
+ This is a security update that fixes a sandbox escape where a
malicious application can execute code outside the sandbox by
controlling the environment of the "flatpak run" command when
spawning a sub-sandbox (boo#1180996)
* Thu Jan 07 2021 Bjørn Lie <bjorn.lie@gmail.com>
- Update to version 1.8.4:
+ Fix support for ppc64.
* Wed Dec 30 2020 Frederic Crozat <fcrozat@suse.com>
- Move flatpak-bisect and flatpak-coredumpctl to devel subpackage,
allow to remove python3 dependency on main package.
* Tue Dec 15 2020 Martin Liška <mliska@suse.cz>
- Enable LTO (boo#1133124) as gobject-introspection works fine with LTO.
* Mon Nov 23 2020 Dominique Leuenberger <dimstar@opensuse.org>
- Update to version 1.8.3:
+ Fixed progress reporting for OCI and extra-data.
+ The in-memory summary cache is more efficient.
+ Fixed authentication getting stuck in a loop in some cases.
+ Fixed authentication error reporting.
+ We now extract OCI info for runtimes as well as apps.
+ Fixed crash if anonymous authentication fails and -y is
specified.
+ flatpak info now only looks at the specified installation if
one is specified.
+ Better error reporting for server HTTP errors during download.
+ Uninstall now removes applications before the runtime it
depends on.
+ Fixed test-suite to pass with the latest OSTree version.
+ Fixed dbus environment variables in flatpak enter.
+ Avoid updating metadata from the remote when uninstalling.
+ Fixed error message handling in various places.
+ FlatpakTransaction now verifies all passed in refs to avoid.
+ potential issues with invalid names.
+ Updated translations.
* Sat Aug 22 2020 Bjørn Lie <bjorn.lie@gmail.com>
- Update to version 1.8.2:
+ Added validation of collection id settings for remotes.
+ Fix seccomp filters on s390.
+ Robustness fixes to the spawn portal.
+ Fix support for masking update in the system installation.
+ Better support for distros with uncommon models of merged /usr.
+ Cache responses from localed/AccountService.
+ Fix hangs in cases where xdg-dbus-proxy fails to start.
+ Fix double-free in cups socket detection.
+ OCI authenticator now doesn't ask for auth in case of http
errors.
* Wed Aug 19 2020 Dominique Leuenberger <dimstar@opensuse.org>
- Fix invalid usage of %{_libexecdir} to reference systemd
directories.
* Fri Jul 10 2020 Antonio Larrosa <alarrosa@suse.com>
- Update to version 1.8.1:
* Avoid calling authenticator in update if ref didn't change
* Don't fail transaction if ref is already installed (after
transaction start)
* Fix flatpak run handling of userns in the --device=all case
* Fix handling of extensions from different remotes
* Fix flatpak run --no-session-bus
* Updated translations
- Update to version 1.8.0:
* FlatpakTransaction has a new signal "install-authenticator"
which clients can handle to install authenticators needed for
the transaction. This is done in the CLI commands.
* We now always expose the host timezone data, allowing us the
expose the host /etc/localtime in a way that works better,
fixing several apps that had timezone issues.
* Fix flatpak enter which didn't work in some cases.
* We now ship a systemd unit (not installed by default) to
automatically detect plugged in usb sticks with sideload repos.
* By default we no longer install the gdm env.d file, as the
systemd generators work better.
* create-usb now exports partial commits by default
* Fix handling of docker media types in oci remotes
* Fix subjects in remote-info --log output
- Remove source file used to generate a flatpak user on the system
since it's now included by upstream:
* system-user-flatpak.conf
* Tue Jul 07 2020 Callum Farmer <callumjfarmer13@gmail.com>
- Fixes for %_libexecdir changing to /usr/libexec
* Thu Jun 25 2020 Bjørn Lie <bjorn.lie@gmail.com>
- Update to version 1.6.4:
+ This release backports some of the OCI authenticator fixes from
the 1.7 series, and should now be able to host flatpak images
on e.g. docker hub.
+ Other changes:
- Fix a use-after free in libflatpak.
- Don't list p2p downgrades in list of available updates.
* Tue Jun 16 2020 Yifan Jiang <yfjiang@suse.com>
- Create a skeleton flatpak repo using "flatpak remotes" instead
of a manually created directory (bsc#1172316, bsc#1169619,
bsc#1170416).
* Mon May 18 2020 Yifan Jiang <yfjiang@suse.com>
- When SLE uses GNOME desktop environment, GNOME Software is
automatically started to provide key update features. During the
startup, it setups flatpak repository so that related features
can function properly. In a system environment of no flatpak
repository has ever been setup before, this triggers
"org.freedesktop.Flatpak.modify-repo" polkit action.
Therefore in systems which use a restrictive security policy
(eg. SLES) for the aforementioned policy action, a polkit
authentication dialog will pop up without any user interaction
for the first time login. This is not user friendly.
This submission creates /var/lib/flatpak/repo at package
installation to avoid such a confusing authentication pop-up, at
nearly 0 cost of security compromise (bsc#1169619, bsc#1170416).
* Mon Apr 06 2020 Antonio Larrosa <alarrosa@suse.com>
- Require bubblewrap 0.4.1
* Mon Apr 06 2020 Antonio Larrosa <alarrosa@suse.com>
- Update to version 1.6.3:
+ The main change in this version is a fix for a regression in
the progress calculation for applications using extra-data.
Additionally the bundled version of bubblewrap is updated to
0.4.1 which fixes a security issue in some cases. See
GHSA-j2qp-rvxj-43vj for details.
+ Don't break if users primary gid is not in the nsswitch
database
+ Fix crash in flatpak repair if no remotes are configured
+ Some updates to the oci authenticator
+ Retry downloads of extra data
+ Updated translations.
* Sun Feb 16 2020 Bjørn Lie <bjorn.lie@gmail.com>
- Drop obsolete _servicedata file.
* Thu Feb 13 2020 Antonio Larrosa <alarrosa@suse.com>
- Update to version 1.6.2:
+ Due to a combination of some behaviour in flatpak and recent
versions of ostree we at some point lost the use of deltas for
the initial install case, instead always falling back to a full
ostree operation which is a lot less efficient for pulls with
many small files like a runtime. This caused some very slow
installs from e.g. flathub, so it's recommended to update to
this version to get better install performance.
+ We now correctly handle TMPDIR env var overrides when bwrap is
setuid
+ Disallow running "flatpak run" under sudo (as it doesn't work
and causes issues)
+ Fix build with older versions of glib
+ Minor documentation updates
+ Updated translations.
* Thu Jan 30 2020 Antonio Larrosa <alarrosa@suse.com>
- Update to version 1.6.1:
+ This is a (mild) security update. Flatpak 1.6.0 added the
ability for an application to request it to be updated, as long
as the new version doesn't require new permissions.
Unfortunately in some special cases, if an app had access to
the home directory, but not the rest of the filesystem it would
still allow a self-update where the new version could access
some files outside the home directory.
+ New permission --device=shm giving access to host /dev/shm, as
needed for jack.
+ Generated correct download size in build-commit-from
+ sub-sandbox now allows the child to share the gpu of the caller
has full device access
+ Fix crash with disabled remotes
+ Fix builds with older versions of glib
+ Updated translations.
* Sat Jan 25 2020 Dominique Leuenberger <dimstar@opensuse.org>
- No longer recommend -lang: supplements are in use
* Tue Jan 14 2020 Antonio Larrosa <alarrosa@suse.com>
- Update dependencies required by flatpak 1.6.0 .
- Require xdg-dbus-proxy instead of building the (outdated)
builtin version.
/usr/bin/flatpak-bisect /usr/bin/flatpak-coredumpctl /usr/include/flatpak /usr/include/flatpak/flatpak-bundle-ref.h /usr/include/flatpak/flatpak-enum-types.h /usr/include/flatpak/flatpak-error.h /usr/include/flatpak/flatpak-installation.h /usr/include/flatpak/flatpak-installed-ref.h /usr/include/flatpak/flatpak-instance.h /usr/include/flatpak/flatpak-portal-error.h /usr/include/flatpak/flatpak-ref.h /usr/include/flatpak/flatpak-related-ref.h /usr/include/flatpak/flatpak-remote-ref.h /usr/include/flatpak/flatpak-remote.h /usr/include/flatpak/flatpak-transaction.h /usr/include/flatpak/flatpak-version-macros.h /usr/include/flatpak/flatpak.h /usr/lib64/libflatpak.so /usr/lib64/pkgconfig/flatpak.pc /usr/share/doc/flatpak /usr/share/doc/flatpak/docbook.css /usr/share/doc/flatpak/flatpak-docs.html /usr/share/gir-1.0/Flatpak-1.0.gir /usr/share/gtk-doc/html/flatpak /usr/share/gtk-doc/html/flatpak/FlatpakBundleRef.html /usr/share/gtk-doc/html/flatpak/FlatpakInstallation.html /usr/share/gtk-doc/html/flatpak/FlatpakInstalledRef.html /usr/share/gtk-doc/html/flatpak/FlatpakInstance.html /usr/share/gtk-doc/html/flatpak/FlatpakRef.html /usr/share/gtk-doc/html/flatpak/FlatpakRelatedRef.html /usr/share/gtk-doc/html/flatpak/FlatpakRemote.html /usr/share/gtk-doc/html/flatpak/FlatpakRemoteRef.html /usr/share/gtk-doc/html/flatpak/FlatpakTransaction.html /usr/share/gtk-doc/html/flatpak/FlatpakTransactionOperation.html /usr/share/gtk-doc/html/flatpak/FlatpakTransactionProgress.html /usr/share/gtk-doc/html/flatpak/annotation-glossary.html /usr/share/gtk-doc/html/flatpak/ch01.html /usr/share/gtk-doc/html/flatpak/ch02.html /usr/share/gtk-doc/html/flatpak/flatpak-Error-codes.html /usr/share/gtk-doc/html/flatpak/flatpak-Version-information.html /usr/share/gtk-doc/html/flatpak/flatpak.devhelp2 /usr/share/gtk-doc/html/flatpak/full-api-index.html /usr/share/gtk-doc/html/flatpak/gdbus-org.freedesktop.Flatpak.Authenticator.html /usr/share/gtk-doc/html/flatpak/gdbus-org.freedesktop.Flatpak.AuthenticatorRequest.html /usr/share/gtk-doc/html/flatpak/gdbus-org.freedesktop.Flatpak.Development.html /usr/share/gtk-doc/html/flatpak/gdbus-org.freedesktop.Flatpak.SessionHelper.html /usr/share/gtk-doc/html/flatpak/gdbus-org.freedesktop.Flatpak.SystemHelper.html /usr/share/gtk-doc/html/flatpak/gdbus-org.freedesktop.impl.portal.PermissionStore.html /usr/share/gtk-doc/html/flatpak/gdbus-org.freedesktop.portal.Documents.html /usr/share/gtk-doc/html/flatpak/gdbus-org.freedesktop.portal.Flatpak.UpdateMonitor.html /usr/share/gtk-doc/html/flatpak/gdbus-org.freedesktop.portal.Flatpak.html /usr/share/gtk-doc/html/flatpak/home.png /usr/share/gtk-doc/html/flatpak/index.html /usr/share/gtk-doc/html/flatpak/left-insensitive.png /usr/share/gtk-doc/html/flatpak/left.png /usr/share/gtk-doc/html/flatpak/object-tree.html /usr/share/gtk-doc/html/flatpak/right-insensitive.png /usr/share/gtk-doc/html/flatpak/right.png /usr/share/gtk-doc/html/flatpak/style.css /usr/share/gtk-doc/html/flatpak/up-insensitive.png /usr/share/gtk-doc/html/flatpak/up.png /usr/share/licenses/flatpak-devel /usr/share/licenses/flatpak-devel/COPYING
Generated by rpm2html 1.8.1
Fabrice Bellet, Sat Mar 9 12:50:11 2024