SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for flatpak-1.15.10-216.1.x86_64.rpm :

* Tue Oct 15 2024 Dominique Leuenberger - Drop rcFOO symlinks (PED-266).
* Wed Oct 02 2024 Robert Frohl - Explicitly BuildRequire selinux-policy-targeted to allow selinux_relabel_
* in scriptlets to work on other codestreams
* Wed Aug 14 2024 Bjørn Lie - Update to version 1.15.10: + Dependencies: In distributions that compile Flatpak to use a separate bubblewrap (bwrap) executable, version 0.10.0 is required. This version adds a new feature which is required by the security fix in this release. + Security fixes: Don\'t follow symbolic links when mounting persistent directories (--persist option). This prevents a sandbox escape where a malicious or compromised app could edit the symlink to point to a directory that the app should not have been allowed to read or write. (CVE-2024-42472, GHSA-7hgv-f2j8-xw87, bsc#1229157) + Documentation: Mark the 1.12.x and 1.10.x branches as end-of-life + Other bug fixes: Fix several memory leaks + Internal changes: - Record a log file when running build-time tests with AddressSanitizer - Add initial suppressions file for AddressSanitizer
* Thu Aug 08 2024 Imo Hester - As per documentation from flatpak 1.0: add weak dep on p11-kit-server for certificate transfer (boo#1188902)
* Fri Jun 14 2024 pgajdosAATTsuse.com- remove dependency on /usr/bin/python3 using %python3_fix_shebang macro, [bsc#1212476]
* Tue Apr 23 2024 Robert Frohl - disable parental controls for now by using \'-Dmalcontent=disabled\', to work around issues with xdg-desktop-portal
* Fri Apr 19 2024 Robert Frohl - Update to version 1.15.8: + Security fixes: - Don\'t allow an executable name to be misinterpreted as a command-line option for bwrap(1). This prevents a sandbox escape where a malicious or compromised app could ask xdg-desktop-portal to generate a .desktop file with access to files outside the sandbox. (CVE-2024-32462, boo#1223110). + Other bug fixes: - Pass the -export-dynamic linker option as - Wl,-export-dynamic, fixing build failures with clang 18 and lld 18. - Fix a double-free when installation is cancelled. - Fix installed-tests failure with \"FUSERMOUNT: unbound variable\".- Changes from version 1.15.7: + New features: - Automatically remove obsolete driver versions and other autopruned refs. - --socket=inherit-wayland-socket. - Automatically reload D-Bus session bus configuration after installing or upgrading apps, to pick up any exported D-Bus services. + Bug fixes: - Don\'t parse as the application name. - Don\'t refuse to start apps when there is no D-Bus system bus available. - Don\'t try to repeat migration of apps whose data was migrated to a new name and then deleted. - Improve handling of mixed locales on systems with systemd-localed. - Improve display of ellipsized columns in wide terminals. - Make flatpak info -e look for extensions in all installations. - Fix warnings from newer GLib versions. - Always set the container environment variable. - Always let the app inherit redirected file descriptors. - In flatpak ps, add xdg-desktop-portal-gnome to the list of backends we\'ll use to learn which apps are running in the background. - Don\'t use WAYLAND_SOCKET unless given - -socket=inherit-wayland-socket. - Use fusermount3 if compiled with FUSE 3, overridable with - Dsystem_fusermount compile-time option. - Avoid leaking a temporary variable from /etc/profile.d/flatpak.sh into the shell environment. - Improve async-signal safety. - Fix various memory leaks. - Avoid undefined behaviour of signed left-shift when storing object IDs in a hash table. - Detect the correct gtk-doc when cross-compiling. - Detect the correct wayland-scanner when cross-compiling. - Documentation improvements. - Skip more tests when FUSE isn\'t available. - Updated translations.- Add libglnx.patch: fix meson function detection.- Switch build system to meson: + Add meson BuildRequires. + Switch configure/make_build/make_install macros to meson/meson_build/meson_install, preserving the configure parameters as close as possible: - -disable-silent-rules => obsoleted - -with-system-bubblewrap => -Dsystem_bubblewrap=bwrap - -with-curl => -Dhttp_backend=curl- Add pkgconfig(malcontent-0) BuildRequires: enable malcontent support.
* Tue Mar 19 2024 Antonio Larrosa - Make flatpak-remote-flathub only supplement flatpak in TW (bsc#1221662).
* Thu Mar 07 2024 Antonio Larrosa - Add a flatpak-selinux subpackage that provides a SELinux policy module (boo#1220591).
* Tue Nov 14 2023 Bjørn Lie - Update to version 1.15.6: + In distributions that compile Flatpak to use a separate bubblewrap (bwrap) executable, version 0.8.0 is now required. + Enabling the optional Wayland security context feature requires libwayland-client, wayland-scanner >= 1.15 and wayland-protocols >= 1.32. + Add --device=input, for access to evdev devices in /dev/input + Update bundled copy of bubblewrap to version 0.8.0, and rely on its features: + Improve error message if seccomp is disabled in kernel config + Security hardening: set user namespace limit to 0, to prevent creation of nested user namespaces in a more robust way + For subsandboxes started by flatpak-portal, inherit environment variables from the flatpak run that started the original instance rather than from flatpak-portal, fixing behaviour of FLATPAK_GL_DRIVERS and similar features + Stop http transfers if a download in progress becomes very slow + Make it easier to configure extra languages, by picking them up from AccountsService if configured there + Add new flatpak_transaction_add_rebase_and_uninstall() API, allowing end-of-life apps to be replaced by their intended replacement more reliably + Create a private Wayland socket with the \"security context\" extension if available, allowing the compositor to identify connections from sandboxed apps as belonging to the sandbox + Update libglnx to 2023-08-29 + Use features of newer GLib versions if available + Turn off system-level crash reporting infrastructure during some unit tests that involve intentional assertion failures + Add anchors to link to sections of flatpak-metadata documentation + Bug fixes: - Avoid warnings processing symbolic links with GLib >= 2.77.0, and with GLib 2.76.0 (GLib 2.76.1 or later silences these warnings) - Bypass page cache for backend requests in revokefs, fixing installation errors with libostree 2023.4 - Show AppStream metadata in flatpak remote-info as intended - Don\'t let Flatpak apps inherit VK_DRIVER_FILES or VK_ICD_FILENAMES from the host system, which would be wrong for the sandbox - Fix build failure with prereleases of libappstream 0.17.x - Forward-compatibility with libappstream 1.0 - Fix installation with Meson if configured with - Dauto_sideloading=true - Fix a memory leak - Fix compiler warnings - Make the tests fail more comprehensibly if a required tool is missing - Clean up /var/tmp/flatpak-cache-
* directories on boot - Don\'t force GIO_USE_VFS=local for programs launched via flatpak-spawn - Clarify documentation for D-Bus name ownership + Internal changes: - Split up large source files into smaller modules, reducing internal circular dependencies - Re-synchronize code backported from GLib with the version in GLib - Clarify documentation for D-Bus name ownership - Make the flags used to apply \"extra data\" clearer - Use glnx_opendirat() where possible + Updated translations.- Add pkgconfig(wayland-client), pkgconfig(wayland-scanner) and pkgconfig(wayland-protocols) BuildRequires and pass with-wayland-security-context=yes to configure: Enable the optional Wayland security context.
* Wed Aug 02 2023 Luciano Santos - Add update-user-flatpaks service and timer Systemd units - based on update-system-flatpaks.{service,timer} - to help users keep their user installed flatpaks up to date.- Prefix /etc/flatpak/remotes.d/flathub.flatpakrepo with %config macro to mark it as a configuration file.
* Fri Mar 17 2023 Bjørn Lie - Update to version 1.15.4 (CVE-2023-28101, CVE-2023-28100): + Escape special characters when displaying permissions and metadata, preventing malicious apps from manipulating the appearance of the permissions list using crafted metadata (CVE-2023-28101, bsc#1209410). + If a Flatpak app is run on a Linux virtual console (tty1, tty2, etc.), don\'t allow copy/paste via the TIOCLINUX ioctl (CVE-2023-28100, bsc#1209411). Note that this is specific to virtual consoles: Flatpak is not vulnerable to this if run from a graphical terminal emulator such as xterm, gnome-terminal or Konsole. + Document the path used for flatpak override. + Updated translations.
* Fri Mar 17 2023 Bjørn Lie - Update to version 1.15.3: + Build system: Building this version of Flatpak with Meson is recommended. The source release flatpak-1.15.3.tar.xz no longer contains Autotools-generated files, although this version can still be built using Autotools after running ./autogen.sh. Future versions are likely to remove the Autotools buildsystem. + Bug fixes: - When splitting an upgrade into two steps (download without installing, and then upgrade without allowing further downloads) like GNOME Software does, if an app is marked EOL and superseded by a replacement, don\'t remove the superseded app in the first step, which would result in the replacement incorrectly not being installed. - Fix a crash when --socket=gpg-agent is used. - Fix a crash when listing apps if one of them is broken or misconfigured. - If an app has invalid syntax in its overrides or metadata, mention the filename in the error message. - Unset $GDK_BACKEND for apps, ensuring GTK apps with - -socket=fallback-x11 can work. - Fix a deprecation warning when compiled with curl >= 7.85. + Updated translations. + Internal changes: Better diagnostic messages for why runtimes are or are not considered unused.- Changes from version 1.15.2: + Bug fixes: - Never try to export a parent of reserved directories as a - -filesystem, for example /run, which would prevent the app from starting. - Never try to export a --filesystem below /run/flatpak or /run/host, which could similarly prevent the app from starting. - The above change also fixes apps not starting if a - -filesystem is a symlink to the root directory. - Show a warning when the --filesystem exists but cannot be shared with the sandbox. - Display the intended messages for flatpak repair. - Exporting an app to an existing repository on a CIFS filesystem now works as intended. - Unset $GIO_EXTRA_MODULES for apps, avoiding misbehaviour in some GLib apps when set to a path on the host. - Unset $XKB_CONFIG_ROOT for apps, avoiding crashes in GTK and Qt apps under Wayland when this variable is set to a path not available in the sandbox. - When using the fish shell, avoid duplicate XDG_DATA_DIRS entries if the profile script is sourced more than once. - Update included copy of bubblewrap to 0.7.0 for better error messages. - Install SELinux files correctly when building with Meson + Internal changes: - Update included copy of libglnx - flatpak -v now uses the INFO log level, and flatpak -vv uses the DEBUG log level in the flatpak log domain. Previously, the extra messages that were logged by flatpak -vv were in a separate \"flatpak2\" log domain. G_MESSAGES_DEBUG=flatpak previously had an effect similar to flatpak -v, and is now more similar to flatpak -vv.- Changes from version 1.15.1: + Dependencies: When building with Meson, gpgme 1.8.0 is now required. Older versions can still be used by building with Autotools. + Features: If an old temporary deploy directory was leaked by versions before #5146, clean it up the next time the same app is updated. + Bug fixes: - If an app update is blocked by parental controls policies, clean up the temporary deploy directory. - Fix Autotools build with versions of gpgme that no longer provide gpgme-config(1). - Fix a possible parallel build failure with Meson. - Fix a compiler warning on 32-bit architectures. - When building with Autotools, be more consistent about applying compiler warning flags. - Unset $TEMP, $TEMPDIR and $TMP for apps, the same as $TMPDIR. - Treat /efi the same as /boot/efi.- Changes from version 1.15.0: + Build system: - Flatpak can now be compiled using Meson instead of Autotools. This requires Meson 0.53.0 or later, and Python 3.5 or later. - The Autotools build system is likely to be removed during either the 1.15.x or 1.17.x cycle. + New features: - Allow the modify_ldt system call as part of - -allow=multiarch. This increases attack surface, but is required when running 16-bit executables in some versions of Wine. - Share gssproxy socket, which acts like a portal for Kerberos authentication. This lets apps use Kerberos authentication without needing a sandbox hole. - Add a httpbackend variable to flatpak.pc, allowing dependent projects like GNOME Software to detect whether they are compatible with libflatpak. + Bug fixes: - Terminate the flatpak-session-helper and flatpak-portal services when the session ends, so that applications will not inherit outdated Wayland and X11 socket addresses. - When using fish shell, don\'t overwrite a previously-set XDG_DATA_DIRS. - Don\'t try to enable HTTP 2 if linked to a libcurl version that doesn\'t support it. - Stop systemd reporting the session-helper as failed when terminated by a signal. - Fix a warning when listing a document with no permissions. - Fix compilation with GLib 2.66.x (as used in Debian 11). - Fix compilation with GLib 2.58.x (as used in Debian 10). - Make generated files more reproducible. + Internal changes: - Update project logo in README. - Update libglnx subproject. + Updated translations.- Add libtool BuildRequires and pass autogen.sh, bootstrapping build is now needed.- Add gtk-doc and xmlto BuildRequires and pass enable-documentation and enable-gtk-doc to configure, building documentation manually.
* Thu Mar 16 2023 Bjørn Lie - Update to version 1.14.4 (CVE-2023-28101, CVE-2023-28100): + Escape special characters when displaying permissions and metadata, preventing malicious apps from manipulating the appearance of the permissions list using crafted metadata (CVE-2023-28101, boo#1209410). + If a Flatpak app is run on a Linux virtual console (tty1, tty2, etc.), don\'t allow copy/paste via the TIOCLINUX ioctl (CVE-2023-28100). Note that this is specific to virtual consoles: Flatpak is not vulnerable to this if run from a graphical terminal emulator such as xterm, gnome-terminal or Konsole. (boo#1209411) + Updated translations.
* Mon Feb 27 2023 Bjørn Lie - Update to version 1.14.3: + When splitting an upgrade into two steps (download without installing, and then upgrade without allowing further downloads) like GNOME Software does, if an app is marked EOL and superseded by a replacement, don\'t remove the superseded app in the first step, which would result in the replacement incorrectly not being installed. + Fix a crash when --socket=gpg-agent is used. + Fix a crash when listing apps if one of them is broken or misconfigured. + If an app has invalid syntax in its overrides or metadata, mention the filename in the error message. + Unset $GDK_BACKEND for apps, ensuring GTK apps with - -socket=fallback-x11 can work. + Never try to export a parent of reserved directories as a - -filesystem, for example /run, which would prevent the app from starting. + Never try to export a --filesystem below /run/flatpak or /run/host, which could similarly prevent the app from starting. + The above change also fixes apps not starting if a --filesystem is a symlink to the root directory. + Show a warning when the --filesystem exists but cannot be shared with the sandbox.- Drop flatpak-fix-gpg-agent-double-free.patch: Fixed upstream.
* Thu Feb 23 2023 Alynx Zhou - Add flatpak-fix-gpg-agent-double-free.patch: stdout stream of a subprocess is owned by the subprocess, not the caller, so don\'t use g_autoptr for it to prevent double free (bsc#1207434).
* Mon Feb 06 2023 Bjørn Lie - Update to version 1.14.2: + The INFO log level is now treated the same as the DEBUG log level by flatpak -v, to make backports from 1.15.x simpler. + Bug fixes: - Display the intended messages for flatpak repair. - Exporting an app to an existing repository on a CIFS filesystem now works as intended. - Unset $GIO_EXTRA_MODULES for apps, avoiding misbehaviour in some GLib apps when set to a path on the host. - Unset $XKB_CONFIG_ROOT for apps, avoiding crashes in GTK and Qt apps under Wayland when this variable is set to a path not available in the sandbox. - Unset $KRB5CCNAME for apps. - When using the fish shell, avoid duplicate XDG_DATA_DIRS entries if the profile script is sourced more than once.- Package flatpak-remote-flathub sub-package as noarch.
* Wed Jan 11 2023 Antonio Larrosa - Fix the \"Requires\" version of bubblewrap to be the same as \"BuildRequires\" (>= 0.5.0).- Use a macro to define the versions required of bubblewrap, ostree and xdg_dbus_proxy to avoid having the same issue in the future again.
* Fri Nov 18 2022 Bjørn Lie - Update to version 1.14.1: + New features: Add a httpbackend variable to flatpak.pc, allowing dependent projects like GNOME Software to detect whether they are compatible with libflatpak. + Bugs fixed: - Terminate the flatpak-session-helper and flatpak-portal services when the session ends, so that applications will not inherit outdated Wayland and X11 socket addresses. - When using fish shell, don\'t overwrite a previously-set XDG_DATA_DIRS. - Don\'t try to enable HTTP 2 if linked to a libcurl version that doesn\'t support it. - Stop systemd reporting the session-helper as failed when terminated by a signal. - Fix a warning when listing a document with no permissions. - Fix compilation with GLib 2.66.x (as used in Debian 11). - Fix compilation with GLib 2.58.x (as used in Debian 10). - Fix a compiler warning on 32-bit architectures. - If an app update is blocked by parental controls policies, clean up the temporary deploy directory. - Fix Autotools build with versions of gpgme that no longer provide gpgme-config(1). - When building with Autotools, be more consistent about applying compiler warning flags. - Unset $TEMP, $TEMPDIR and $TMP for apps, the same as $TMPDIR. - Treat /efi the same as /boot/efi. - Make generated files more reproducible. + Updated translations.
* Sun Nov 13 2022 Andreas Stieger - Add and recommend a package flatpak-remote-flathub which adds the Flathub repository (boo#1186315)
* Thu Sep 01 2022 Bjørn Lie - Drop pkgconfig(libsoup-2.4) BuildRequires: rely on the curl backend. Following this, pass --with-curl to configure.- Add pkgconfig(libxml-2.0) BuildRequires, exsisting dependency, previously pulled in by libsoup.
* Tue Aug 30 2022 Andreas Stieger - Update to version 1.14.0: + Improved support for sideloading. + Allow sub-sandboxes to own MPRIS names on the session bus. + Commands that accept \"--user\" will now also take \"-u\" as an alias for that. + The CLI now properly informs the user of which apps are (indirectly) using end-of-life runtime extensions in end-of-life info messages. + The CLI now takes into account operations in the pending transaction when printing end-of-life messages. + The uninstall command now asks for confirmation before removing in-use runtimes or runtime extensions. + A \"--socket=gpg-agent\" option is now recognized by \"flatpak run\" and related commands. + Curl supported as default HTTP backend. + Uses Fuse 3. + Implement support for rewriting dynamic launchers when an app is renamed. + Add --include-sdk/debug options to install command to install SDK/debuginfo along with a ref. + defense in depth against arbitrary file deletion by flatpak-system-helper when using very old libostree (boo#1202639). + Updated translations.- Replace pkgconfig(fuse) BuildRequires with pkgconfig(fuse3): Follow upstreams port to fuse3.- Add pkgconfig(libcurl) BuildRequires: enable the new HTTP backend.- Drop gtk-doc BuildRequires and no longer pass --enable-gtk-doc to configure: no longer supported.- Drop libtool BuildRequires: no need to bootstrap the tarball.- Replace pkgconfig(appstream-glib) BuildRequires with pkgconfig(appstream): match what configure checks for.- Add pkgconfig(gdk-pixbuf-2.0): verified dependency that was implicitly included by appstream-glib before.
* Fri Jul 15 2022 Benjamin Greiner - variant-schema-compiler requires the Python module pyparsing
* Sun Jul 03 2022 Andreas Stieger - Correct Supplements for flatpak-zsh-completion boo#1201113- package LICENSE file in every package- make flatpak-zsh-completion and system-user-flatpak noarch- add update-system-flatpaks timer that updates installed flatpaks daily if enabled
* Tue Mar 15 2022 Andreas Stieger - Update to version 1.12.7: + allow networked access to X11 and PulseAudio services if that is configured, and the application has network access + Absolute paths in WAYLAND_DISPLAY now work + Allow apps that were built with Flatpak 1.13.x to export AppStream metadata in share/metainfo + Most commands now work if /var/lib/flatpak exists but /var/lib/flatpak/repo does not, and will automatically populate the repo directory if possible + Consistently pass relative subpaths to libostree, working around a bug in libostree < 2021.6 when used with GLib >= 2.71 + Fix some memory leaks in GVariant data processing
* Tue Feb 22 2022 Andreas Stieger - Update to version 1.12.6: + Fix a bug that sometimes caused repo corruption in case downloads are interrupted or canceled, necessitating a \"flatpak repair\" to recover + More reliably detect the GTK theme + Fix history command unit test in some edge cases + Updated translations.
* Sun Feb 13 2022 Dirk Müller - drop apparently unused libdwarf buildrequires
* Fri Feb 11 2022 Andreas Stieger - Update to version 1.12.5: + Detect and remove left-over data from /var/lib/flatpak/appstream + Fix display bugs in flatpak history + Don\'t set up an unnecessary polkit agent for flatpak history + Don\'t propagate GStreamer-related environment variables into sandbox + Updated translations.
* Tue Jan 18 2022 Andreas Stieger - Update to 1.12.4: + reverting non-backwards-compatible behaviour changes in the solution previously chosen for CVE-2022-21682 (boo#1194611) Fix will be in flatpak-builder 1.2.2. + Clarify documentation of --nofilesystem + Improve unit test coverage around --filesystem and - -nofilesystem + Restore compatibility with older appstream-glib versions, fixing a regression in 1.12.3
* Wed Jan 12 2022 Andreas Stieger - Update to 1.12.3: + CVE-2021-43860: a malicious repository could have sent invalid application metadata in a way that hides some of the app permissions displayed during installation (boo#1194610) + CVE-2022-21682: flatpak-builder could allow - -mirror-screenshots-url commands to create directories outside of the build directory (boo#1194611) + Extra-data downloading now properly handles compressed content-encodings which fixes checksum verification + Note: In some corner case server setups this may require the extra-data checksum to be changed + Avoid unnecessary policy-kit dialog due to auto-pinning when installing runtimes + Better handling of updates of extensions that exist in multiple repositories + Fixed (initial) installation apps with renamed ids + Fixed regression in updates from no-enumerate remotes + We now verify checksums of summary caches, to better handle local file corruption + Improved cli output for non-terminal targets + Flatpak run --session-bus now works + Fix build with PyParsing >= 3.0.4 + Fixed \"Since\" annotations on FlatpakTransaction signals + bash auto completion now doesn\'t complete on command name aliases + Minor improvements to the search command + Minor improvements to the list command + Minor improvements to the repair command + Add more tests + Updated translations.- Drop support-new-pyparsing.patch: Fixed upstream.
* Thu Dec 09 2021 Steve Kowalik - Add patch support-new-pyparsing.patch:
* Support pyparsing >= 3.0.4.
* Wed Oct 13 2021 Andreas Stieger - Update to 1.12.2: + Install translations referenced by LANG, LANGUAGE or LC_ALL + Fix error handling for the syscalls that are blocked when not using --devel + Improve diagnostic messages when seccomp rules cannot be applied + Updated translations.
* Sat Oct 09 2021 Bjørn Lie - Update to version 1.12.1: + The security fix in the 1.12.0 release failed when used with some older versions of libseccomp (that don\'t know about the new syscalls).
* Fri Oct 08 2021 Bjørn Lie - Update to version 1.12.0: + This is the first stable release in the 1.12.x series. The major changes in this series is the support for better control of sub-sandboxes, as used by the steam flatpak. + In addition, this release fixes a security vulnerability in the portal support. Some recently added syscalls were not blocked by the seccomp rules which allowed the application to create sub-sandboxes which can confuse the sandboxing verification mechanisms of the portal. This has been fixed by extending the seccomp rules (boo#1191507, CVE-2021-41133) + Some test fixes + Support for specifying the flatpak binary to use during exports + Install translations for all languages in the locale, not just the ones in LC_MESSAGES. + Fix progress reporting in flatpak fsck + Handle cases where /var/tmp is a symlink + Expose /etc/gai.conf to the sandbox + Fix the parental control checks for root + Handle missing /etc/ld.so.cache (musl) + Updated translations
* Wed Aug 25 2021 andy great - Update to version 1.11.3.
* Bug fixes:
* Don\'t inherit an unusual $XDG_RUNTIME_DIR setting into the sandbox, fixing a regression introduced when CVE-2021-21261 was fixed in 1.8.5 and 1.10.0
* Update the included copy of bubblewrap (flatpak-bwrap) to 0.5.0
* Better diagnostics when a --bind or other bind-mount fails
* Create non-directories with safer permissions
* Allow mounting an non-directory over an existing non-directory
* Silence kernel messages for our bind-mounts
* Improve ability to bind-mount directories on case-insensitive filesystems
* Don\'t ask user which remote to download from if there is only one option
* Internal changes:
* Improve test coverage
* Spelling fixes
* Translation updates: Brazilian Portuguese, Russian, Spanish, Ukrainian
* Fri Jun 18 2021 Callum Farmer - Add now working CONFIG parameter to sysusers generator
* Fri Jun 18 2021 Paolo Stivanin - Update to version 1.11.2: + Bug fixes: - Fix logic error when migrating AppStream XML - Improve error-checking - Fix various memory and file descriptor leaks, in particular with flatpak-spawn --env=... - Fix fd confusion in flatpak-spawn --env=... --forward-fd=..., which caused \"Steam Linux Runtime\" containers to fail to start - Avoid a crash when looking up summary for a ref without an arch - Improve handling of refs belonging to more than one architecture, e.g. for cross-compilation - Don\'t abort uninstall if deploy metadata is missing - Don\'t fail transaction if searching for dependencies fails in one remote - Fix test failure when running tests as root - Improve error message for \'sudo flatpak run\' + Internal changes: - Improve printf format string validation - Improve test coverage - Reduce risk of accidentally hard-coding x86 in the tests
* Tue Apr 27 2021 Antonio Larrosa - Update to version 1.11.1: + New features: - All instances of the same app-ID share their /tmp directory - All instances of the same app-ID share their $XDG_RUNTIME_DIR - Instances of the same app-ID can optionally share their /dev/shm directory (enabled by a new --allow flag, - -allow=per-app-dev-shm) - Allow a subsandbox to have a different /usr and/or /app. - Steam will use this to launch games with its own container runtime as /usr (the \"Steam Linux Runtime\" mechanism). - enter: Improve support for TUI programs like gdb - build-update-repo: Add a higher-performance reimplementation of ostree prune specialized for archive-mode repositories + Bug fixes: - Fix deploys of local remotes in system-helper - Fix test failures on non-x86_64 systems - Fix two intermittent test failures - Make polkit queries non-interactive when operating in non-interactive mode - Use a local main-context when using libsoup in a thread - create-usb: Skip copying extra-data flatpaks - OCI: Switch to pax-format tar archives - history: Handle transaction log entries with empty REF field - portal: Fix flatpak-spawn --clear-env on OSs where flatpak is not on the fallback PATH, such as NixOS - Fix various issues detected by scan-build + Internal changes: - Use GNU bison to build parse-datetime.y - Add information about security support and security vulnerability reporting (see SECURITY.md) - Move all git submodules into subprojects/ directory - Several sockets are now created in /run/flatpak in the sandbox, with symbolic links in $XDG_RUNTIME_DIR
* Wed Mar 10 2021 Antonio Larrosa - Update to version 1.10.2: + This is a security update which fixes a potential attack where a flatpak application could use custom formated .desktop files to gain access to files on the host system. + Fix memory leaks + Some test fixes + Documentation updates + G_BEGIN/END_DECLS added to library headders for c++ use + Fix for X11 cookies on OpenSUSE + Spawn portal better handles non-utf8 filenames
* Thu Jan 28 2021 Antonio Larrosa - Flatpak only requires glib 2.44, not 2.60- Update ostree version required to 2020.8
* Sun Jan 24 2021 Andreas Stieger - Update to version 1.10.1: + Fix flatpak build on systems with setuid bwrap + Fix some compiler warnings + Fix crash on updating apps with no deploy data + Updated translations.- Remove deprecated texinfo packaging macros.- Switch to upstream release tarball.
* Fri Jan 15 2021 Bjørn Lie - Update to version 1.10.0: + The major new feature in this series compared to 1.8 is the support for the new repo format which should make updates faster and download less data. + The systemd generator snippets now call flatpak - -print-updated-env in place of a bunch of shell for better login performance. + The .profile snippets now disable GVfs when calling flatpak to avoid spawning a gvfs daemon when logging in via ssh. + Build fixes for GCC 11. + Flatpak now finds the pulseaudio sockets better in uncommon configurations. + Sandboxes with network access it now also has access to the systemd-resolved socket to do dns lookups. + Flatpak supports unsetting env vars in the sandbox using - -unset-env, and --env=FOO= now sets FOO to the empty string instead of unsetting it. + Similarly the spawn portal has an option to unset an env var. + The spawn portal now has an option to share the pid namespace with the sub-sandbox.
* Fri Jan 15 2021 Bjørn Lie - Update to version 1.8.5 (CVE-2021-21261): + This is a security update that fixes a sandbox escape where a malicious application can execute code outside the sandbox by controlling the environment of the \"flatpak run\" command when spawning a sub-sandbox (boo#1180996)
* Thu Jan 07 2021 Bjørn Lie - Update to version 1.8.4: + Fix support for ppc64.
  
ICM