Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

flatpak-selinux-1.15.12-1.2 RPM for noarch

From OpenSuSE Tumbleweed for noarch

Name: flatpak-selinux Distribution: openSUSE Tumbleweed
Version: 1.15.12 Vendor: openSUSE
Release: 1.2 Build date: Thu Nov 28 22:57:18 2024
Group: System Environment/Base Build host: reproducible
Size: 13148 Source RPM: flatpak-1.15.12-1.2.src.rpm
Packager: https://bugs.opensuse.org
Url: https://flatpak.github.io/
Summary: SELinux policy module for flatpak
flatpak is a system for building, distributing and running sandboxed desktop
applications on Linux. See https://wiki.gnome.org/Projects/SandboxedApps for
more information.

This package provides the SELinux policy module for flatpak.

Provides

Requires

License

LGPL-2.1-or-later

Changelog

* Thu Nov 28 2024 Bjørn Lie <[email protected]>
  - Update to version 1.15.12:
    + Return to using the process ID of the Flatpak app in the cgroup
      name. Using the instance ID in 1.15.11 caused crashes when
      installing apps, extensions or runtimes that use the "extra
      data" mechanism, which does not set up an instance ID.
  - Changes from version 1.15.11:
    + Dependencies:
    - In distributions that compile Flatpak to use a separate
      xdg-dbus-proxy executable, version 0.1.6 is recommended (but
      not required).
    - The minimum xdg-dbus-proxy continues to be 0.1.0.
    + Enhancements:
    - Allow applications like WebKit to connect the AT-SPI
      accessibility tree of processes in a sub-sandbox with the
      tree in the main process.
      . New sandboxing parameter flatpak run --a11y-own-name, which
      is like --own-name but for the accessibility bus.
      . flatpak-portal API v7: add new sandbox-a11y-own-names
      option, which accepts names matching ${FLATPAK_ID}.*
      . Apps may call the org.a11y.atspi.Socket.Embedded method on
      names matching ${FLATPAK_ID}.Sandboxed.* by default
      . flatpak run -vv $app_id shows all applicable sandboxing
      parameters and their source, including overrides, as debug
      messages
    - Introduce USB device listing
      . Apps can list which USB devices they want to access ahead
      of time by using the --usb parameter. Check the manpages
      for the more information about the accepted syntax.
      . Denying access to USB devices is also possible with the
    - -no-usb parameter. The syntax is equal to --usb.
      . Both options merely store metadata, and aren't used by
      Flatpak itself. This metadata is intended to be used by the
      (as of now, still in progress) USB portal to decide which
      devices the app can enumerate and request access.
    - Add support for KDE search completion
    - Use the instance id of the Flatpak app as part of the cgroup
      name. This better matches the naming conventions for cgroup.
    + Bug fixes:
    - Update libglnx to 2024-08-23
    - fix build in environments that use -Werror=return-type, such
      as openSUSE Tumbleweed
    - add a fallback definition for G_PID_FORMAT with older GLib
    - avoid warnings for g_steal_fd() with newer GLib
    - improve compatibility of g_closefrom() backport with newer
      GLib
    - Update meson wrap file for xdg-dbus-proxy to version 0.1.6:
    - compatibility with D-Bus implementations that pipeline the
      authentication handshake, such as sd-bus and zbus
    - compatibility with D-Bus implementations that use
      non-consecutive serial numbers, such as godbus and zbus
    - broadcast signals can be allowed without having to add TALK
      permission
    - fix memory leaks
    + Internal changes:
    - Better const-correctness
    - Fix a shellcheck warning in the tests
  - Drop libglnx.patch: Fixed upstream.
* Tue Oct 15 2024 Dominique Leuenberger <[email protected]>
  - Drop rcFOO symlinks (PED-266).
* Wed Oct 02 2024 Robert Frohl <[email protected]>
  - Explicitly BuildRequire selinux-policy-targeted to allow
    selinux_relabel_* in scriptlets to work on other codestreams
* Wed Aug 14 2024 Bjørn Lie <[email protected]>
  - Update to version 1.15.10:
    + Dependencies: In distributions that compile Flatpak to use a
      separate bubblewrap (bwrap) executable, version 0.10.0 is
      required. This version adds a new feature which is required by
      the security fix in this release.
    + Security fixes: Don't follow symbolic links when mounting
      persistent directories (--persist option). This prevents a
      sandbox escape where a malicious or compromised app could edit
      the symlink to point to a directory that the app should not
      have been allowed to read or write. (CVE-2024-42472,
      GHSA-7hgv-f2j8-xw87, bsc#1229157)
    + Documentation: Mark the 1.12.x and 1.10.x branches as
      end-of-life
    + Other bug fixes: Fix several memory leaks
    + Internal changes:
    - Record a log file when running build-time tests with
      AddressSanitizer
    - Add initial suppressions file for AddressSanitizer
* Thu Aug 08 2024 Imo Hester <[email protected]>
  - As per documentation from flatpak 1.0: add weak dep on
    p11-kit-server for certificate transfer (boo#1188902)
* Fri Jun 14 2024 [email protected]
  - remove dependency on /usr/bin/python3 using
    %python3_fix_shebang macro, [bsc#1212476]
* Tue Apr 23 2024 Robert Frohl <[email protected]>
  - disable parental controls for now by using '-Dmalcontent=disabled', to work around
    issues with xdg-desktop-portal
* Fri Apr 19 2024 Robert Frohl <[email protected]>
  - Update to version 1.15.8:
    + Security fixes:
    - Don't allow an executable name to be misinterpreted as a
      command-line option for bwrap(1). This prevents a sandbox
      escape where a malicious or compromised app could ask
      xdg-desktop-portal to generate a .desktop file with access to
      files outside the sandbox. (CVE-2024-32462, boo#1223110).
    + Other bug fixes:
    - Pass the -export-dynamic linker option as
    - Wl,-export-dynamic, fixing build failures with clang 18 and
      lld 18.
    - Fix a double-free when installation is cancelled.
    - Fix installed-tests failure with "FUSERMOUNT: unbound
      variable".
  - Changes from version 1.15.7:
    + New features:
    - Automatically remove obsolete driver versions and other
      autopruned refs.
    - --socket=inherit-wayland-socket.
    - Automatically reload D-Bus session bus configuration after
      installing or upgrading apps, to pick up any exported D-Bus
      services.
    + Bug fixes:
    - Don't parse <developer><name/></developer> as the application
      name.
    - Don't refuse to start apps when there is no D-Bus system bus
      available.
    - Don't try to repeat migration of apps whose data was migrated
      to a new name and then deleted.
    - Improve handling of mixed locales on systems with
      systemd-localed.
    - Improve display of ellipsized columns in wide terminals.
    - Make flatpak info -e look for extensions in all
      installations.
    - Fix warnings from newer GLib versions.
    - Always set the container environment variable.
    - Always let the app inherit redirected file descriptors.
    - In flatpak ps, add xdg-desktop-portal-gnome to the list of
      backends we'll use to learn which apps are running in the
      background.
    - Don't use WAYLAND_SOCKET unless given
    - -socket=inherit-wayland-socket.
    - Use fusermount3 if compiled with FUSE 3, overridable with
    - Dsystem_fusermount compile-time option.
    - Avoid leaking a temporary variable from
      /etc/profile.d/flatpak.sh into the shell environment.
    - Improve async-signal safety.
    - Fix various memory leaks.
    - Avoid undefined behaviour of signed left-shift when storing
      object IDs in a hash table.
    - Detect the correct gtk-doc when cross-compiling.
    - Detect the correct wayland-scanner when cross-compiling.
    - Documentation improvements.
    - Skip more tests when FUSE isn't available.
    - Updated translations.
  - Add libglnx.patch: fix meson function detection.
  - Switch build system to meson:
    + Add meson BuildRequires.
    + Switch configure/make_build/make_install macros to
      meson/meson_build/meson_install, preserving the configure
      parameters as close as possible:
    - -disable-silent-rules => obsoleted
    - -with-system-bubblewrap => -Dsystem_bubblewrap=bwrap
    - -with-curl => -Dhttp_backend=curl
  - Add pkgconfig(malcontent-0) BuildRequires: enable malcontent
    support.
* Tue Mar 19 2024 Antonio Larrosa <[email protected]>
  - Make flatpak-remote-flathub only supplement flatpak in TW
    (bsc#1221662).
* Thu Mar 07 2024 Antonio Larrosa <[email protected]>
  - Add a flatpak-selinux subpackage that provides a SELinux policy
    module (boo#1220591).
* Tue Nov 14 2023 Bjørn Lie <[email protected]>
  - Update to version 1.15.6:
    + In distributions that compile Flatpak to use a separate
      bubblewrap (bwrap) executable, version 0.8.0 is now required.
    + Enabling the optional Wayland security context feature requires
      libwayland-client, wayland-scanner >= 1.15 and
      wayland-protocols >= 1.32.
    + Add --device=input, for access to evdev devices in /dev/input
    + Update bundled copy of bubblewrap to version 0.8.0, and rely on
      its features:
    + Improve error message if seccomp is disabled in kernel config
    + Security hardening: set user namespace limit to 0, to prevent
      creation of nested user namespaces in a more robust way
    + For subsandboxes started by flatpak-portal, inherit
      environment variables from the flatpak run that started the
      original instance rather than from flatpak-portal, fixing
      behaviour of FLATPAK_GL_DRIVERS and similar features
    + Stop http transfers if a download in progress becomes very slow
    + Make it easier to configure extra languages, by picking them up
      from AccountsService if configured there
    + Add new flatpak_transaction_add_rebase_and_uninstall() API,
      allowing end-of-life apps to be replaced by their intended
      replacement more reliably
    + Create a private Wayland socket with the "security context"
      extension if available, allowing the compositor to identify
      connections from sandboxed apps as belonging to the sandbox
    + Update libglnx to 2023-08-29
    + Use features of newer GLib versions if available
    + Turn off system-level crash reporting infrastructure during
      some unit tests that involve intentional assertion failures
    + Add anchors to link to sections of flatpak-metadata
      documentation
    + Bug fixes:
    - Avoid warnings processing symbolic links with GLib >= 2.77.0,
      and with GLib 2.76.0 (GLib 2.76.1 or later silences these
      warnings)
    - Bypass page cache for backend requests in revokefs, fixing
      installation errors with libostree 2023.4
    - Show AppStream metadata in flatpak remote-info as intended
    - Don't let Flatpak apps inherit VK_DRIVER_FILES or
      VK_ICD_FILENAMES from the host system, which would be wrong
      for the sandbox
    - Fix build failure with prereleases of libappstream 0.17.x
    - Forward-compatibility with libappstream 1.0
    - Fix installation with Meson if configured with
    - Dauto_sideloading=true
    - Fix a memory leak
    - Fix compiler warnings
    - Make the tests fail more comprehensibly if a required tool is
      missing
    - Clean up /var/tmp/flatpak-cache-* directories on boot
    - Don't force GIO_USE_VFS=local for programs launched via
      flatpak-spawn
    - Clarify documentation for D-Bus name ownership
    + Internal changes:
    - Split up large source files into smaller modules, reducing
      internal circular dependencies
    - Re-synchronize code backported from GLib with the version in
      GLib
    - Clarify documentation for D-Bus name ownership
    - Make the flags used to apply "extra data" clearer
    - Use glnx_opendirat() where possible
    + Updated translations.
  - Add pkgconfig(wayland-client), pkgconfig(wayland-scanner) and
    pkgconfig(wayland-protocols) BuildRequires and pass
    with-wayland-security-context=yes to configure: Enable the
    optional Wayland security context.
* Wed Aug 02 2023 Luciano Santos <[email protected]>
  - Add update-user-flatpaks service and timer Systemd units - based
    on update-system-flatpaks.{service,timer} - to help users keep
    their user installed flatpaks up to date.
  - Prefix /etc/flatpak/remotes.d/flathub.flatpakrepo with %config
    macro to mark it as a configuration file.
* Fri Mar 17 2023 Bjørn Lie <[email protected]>
  - Update to version 1.15.4 (CVE-2023-28101, CVE-2023-28100):
    + Escape special characters when displaying permissions and
      metadata, preventing malicious apps from manipulating the
      appearance of the permissions list using crafted metadata
      (CVE-2023-28101, bsc#1209410).
    + If a Flatpak app is run on a Linux virtual console (tty1, tty2,
      etc.), don't allow copy/paste via the TIOCLINUX ioctl
      (CVE-2023-28100, bsc#1209411). Note that this is specific to virtual
      consoles: Flatpak is not vulnerable to this if run from a
      graphical terminal emulator such as xterm, gnome-terminal or
      Konsole.
    + Document the path used for flatpak override.
    + Updated translations.
* Fri Mar 17 2023 Bjørn Lie <[email protected]>
  - Update to version 1.15.3:
    + Build system: Building this version of Flatpak with Meson is
      recommended. The source release flatpak-1.15.3.tar.xz no longer
      contains Autotools-generated files, although this version can
      still be built using Autotools after running ./autogen.sh.
      Future versions are likely to remove the Autotools buildsystem.
    + Bug fixes:
    - When splitting an upgrade into two steps (download without
      installing, and then upgrade without allowing further
      downloads) like GNOME Software does, if an app is marked EOL
      and superseded by a replacement, don't remove the superseded
      app in the first step, which would result in the replacement
      incorrectly not being installed.
    - Fix a crash when --socket=gpg-agent is used.
    - Fix a crash when listing apps if one of them is broken or
      misconfigured.
    - If an app has invalid syntax in its overrides or metadata,
      mention the filename in the error message.
    - Unset $GDK_BACKEND for apps, ensuring GTK apps with
    - -socket=fallback-x11 can work.
    - Fix a deprecation warning when compiled with curl >= 7.85.
    + Updated translations.
    + Internal changes: Better diagnostic messages for why runtimes
      are or are not considered unused.
  - Changes from version 1.15.2:
    + Bug fixes:
    - Never try to export a parent of reserved directories as a
    - -filesystem, for example /run, which would prevent the app
      from starting.
    - Never try to export a --filesystem below /run/flatpak or
      /run/host, which could similarly prevent the app from
      starting.
    - The above change also fixes apps not starting if a
    - -filesystem is a symlink to the root directory.
    - Show a warning when the --filesystem exists but cannot be
      shared with the sandbox.
    - Display the intended messages for flatpak repair.
    - Exporting an app to an existing repository on a CIFS
      filesystem now works as intended.
    - Unset $GIO_EXTRA_MODULES for apps, avoiding misbehaviour in
      some GLib apps when set to a path on the host.
    - Unset $XKB_CONFIG_ROOT for apps, avoiding crashes in GTK and
      Qt apps under Wayland when this variable is set to a path not
      available in the sandbox.
    - When using the fish shell, avoid duplicate XDG_DATA_DIRS
      entries if the profile script is sourced more than once.
    - Update included copy of bubblewrap to 0.7.0 for better error
      messages.
    - Install SELinux files correctly when building with Meson
    + Internal changes:
    - Update included copy of libglnx
    - flatpak -v now uses the INFO log level, and flatpak -vv uses
      the DEBUG log level in the flatpak log domain. Previously,
      the extra messages that were logged by flatpak -vv were in a
      separate "flatpak2" log domain. G_MESSAGES_DEBUG=flatpak
      previously had an effect similar to flatpak -v, and is now
      more similar to flatpak -vv.
  - Changes from version 1.15.1:
    + Dependencies: When building with Meson, gpgme 1.8.0 is now
      required. Older versions can still be used by building with
      Autotools.
    + Features: If an old temporary deploy directory was leaked by
      versions before #5146, clean it up the next time the same app
      is updated.
    + Bug fixes:
    - If an app update is blocked by parental controls policies,
      clean up the temporary deploy directory.
    - Fix Autotools build with versions of gpgme that no longer
      provide gpgme-config(1).
    - Fix a possible parallel build failure with Meson.
    - Fix a compiler warning on 32-bit architectures.
    - When building with Autotools, be more consistent about
      applying compiler warning flags.
    - Unset $TEMP, $TEMPDIR and $TMP for apps, the same as $TMPDIR.
    - Treat /efi the same as /boot/efi.
  - Changes from version 1.15.0:
    + Build system:
    - Flatpak can now be compiled using Meson instead of Autotools.
      This requires Meson 0.53.0 or later, and Python 3.5 or later.
    - The Autotools build system is likely to be removed during
      either the 1.15.x or 1.17.x cycle.
    + New features:
    - Allow the modify_ldt system call as part of
    - -allow=multiarch. This increases attack surface, but is
      required when running 16-bit executables in some versions of
      Wine.
    - Share gssproxy socket, which acts like a portal for Kerberos
      authentication. This lets apps use Kerberos authentication
      without needing a sandbox hole.
    - Add a httpbackend variable to flatpak.pc, allowing dependent
      projects like GNOME Software to detect whether they are
      compatible with libflatpak.
    + Bug fixes:
    - Terminate the flatpak-session-helper and flatpak-portal
      services when the session ends, so that applications will not
      inherit outdated Wayland and X11 socket addresses.
    - When using fish shell, don't overwrite a previously-set
      XDG_DATA_DIRS.
    - Don't try to enable HTTP 2 if linked to a libcurl version
      that doesn't support it.
    - Stop systemd reporting the session-helper as failed when
      terminated by a signal.
    - Fix a warning when listing a document with no permissions.
    - Fix compilation with GLib 2.66.x (as used in Debian 11).
    - Fix compilation with GLib 2.58.x (as used in Debian 10).
    - Make generated files more reproducible.
    + Internal changes:
    - Update project logo in README.
    - Update libglnx subproject.
    + Updated translations.
  - Add libtool BuildRequires and pass autogen.sh, bootstrapping
    build is now needed.
  - Add gtk-doc and xmlto BuildRequires and pass enable-documentation
    and enable-gtk-doc to configure, building documentation manually.
* Thu Mar 16 2023 Bjørn Lie <[email protected]>
  - Update to version 1.14.4 (CVE-2023-28101, CVE-2023-28100):
    + Escape special characters when displaying permissions and
      metadata, preventing malicious apps from manipulating the
      appearance of the permissions list using crafted metadata
      (CVE-2023-28101, boo#1209410).
    + If a Flatpak app is run on a Linux virtual console (tty1, tty2,
      etc.), don't allow copy/paste via the TIOCLINUX ioctl
      (CVE-2023-28100). Note that this is specific to virtual
      consoles: Flatpak is not vulnerable to this if run from a
      graphical terminal emulator such as xterm, gnome-terminal or
      Konsole. (boo#1209411)
    + Updated translations.
* Mon Feb 27 2023 Bjørn Lie <[email protected]>
  - Update to version 1.14.3:
    + When splitting an upgrade into two steps (download without
      installing, and then upgrade without allowing further
      downloads) like GNOME Software does, if an app is marked EOL
      and superseded by a replacement, don't remove the superseded
      app in the first step, which would result in the replacement
      incorrectly not being installed.
    + Fix a crash when --socket=gpg-agent is used.
    + Fix a crash when listing apps if one of them is broken or
      misconfigured.
    + If an app has invalid syntax in its overrides or metadata,
      mention the filename in the error message.
    + Unset $GDK_BACKEND for apps, ensuring GTK apps with
    - -socket=fallback-x11 can work.
    + Never try to export a parent of reserved directories as a
    - -filesystem, for example /run, which would prevent the app
      from starting.
    + Never try to export a --filesystem below /run/flatpak or
      /run/host, which could similarly prevent the app from starting.
    + The above change also fixes apps not starting if a --filesystem
      is a symlink to the root directory.
    + Show a warning when the --filesystem exists but cannot be
      shared with the sandbox.
  - Drop flatpak-fix-gpg-agent-double-free.patch: Fixed upstream.
* Thu Feb 23 2023 Alynx Zhou <[email protected]>
  - Add flatpak-fix-gpg-agent-double-free.patch: stdout stream of a
    subprocess is owned by the subprocess, not the caller, so don't
    use g_autoptr for it to prevent double free (bsc#1207434).
* Mon Feb 06 2023 Bjørn Lie <[email protected]>
  - Update to version 1.14.2:
    + The INFO log level is now treated the same as the DEBUG log
      level by flatpak -v, to make backports from 1.15.x simpler.
    + Bug fixes:
    - Display the intended messages for flatpak repair.
    - Exporting an app to an existing repository on a CIFS
      filesystem now works as intended.
    - Unset $GIO_EXTRA_MODULES for apps, avoiding misbehaviour in
      some GLib apps when set to a path on the host.
    - Unset $XKB_CONFIG_ROOT for apps, avoiding crashes in GTK and
      Qt apps under Wayland when this variable is set to a path not
      available in the sandbox.
    - Unset $KRB5CCNAME for apps.
    - When using the fish shell, avoid duplicate XDG_DATA_DIRS
      entries if the profile script is sourced more than once.
  - Package flatpak-remote-flathub sub-package as noarch.
* Wed Jan 11 2023 Antonio Larrosa <[email protected]>
  - Fix the "Requires" version of bubblewrap to be the same as
    "BuildRequires" (>= 0.5.0).
  - Use a macro to define the versions required of bubblewrap,
    ostree and xdg_dbus_proxy to avoid having the same issue in
    the future again.
* Fri Nov 18 2022 Bjørn Lie <[email protected]>
  - Update to version 1.14.1:
    + New features: Add a httpbackend variable to flatpak.pc,
      allowing dependent projects like GNOME Software to detect
      whether they are compatible with libflatpak.
    + Bugs fixed:
    - Terminate the flatpak-session-helper and flatpak-portal
      services when the session ends, so that applications will not
      inherit outdated Wayland and X11 socket addresses.
    - When using fish shell, don't overwrite a previously-set
      XDG_DATA_DIRS.
    - Don't try to enable HTTP 2 if linked to a libcurl version
      that doesn't support it.
    - Stop systemd reporting the session-helper as failed when
      terminated by a signal.
    - Fix a warning when listing a document with no permissions.
    - Fix compilation with GLib 2.66.x (as used in Debian 11).
    - Fix compilation with GLib 2.58.x (as used in Debian 10).
    - Fix a compiler warning on 32-bit architectures.
    - If an app update is blocked by parental controls policies,
      clean up the temporary deploy directory.
    - Fix Autotools build with versions of gpgme that no longer
      provide gpgme-config(1).
    - When building with Autotools, be more consistent about
      applying compiler warning flags.
    - Unset $TEMP, $TEMPDIR and $TMP for apps, the same as $TMPDIR.
    - Treat /efi the same as /boot/efi.
    - Make generated files more reproducible.
    + Updated translations.
* Sun Nov 13 2022 Andreas Stieger <[email protected]>
  - Add and recommend a package flatpak-remote-flathub which adds
    the Flathub repository (boo#1186315)
* Thu Sep 01 2022 Bjørn Lie <[email protected]>
  - Drop pkgconfig(libsoup-2.4) BuildRequires: rely on the curl
    backend. Following this, pass --with-curl to configure.
  - Add pkgconfig(libxml-2.0) BuildRequires, exsisting dependency,
    previously pulled in by libsoup.
* Tue Aug 30 2022 Andreas Stieger <[email protected]>
  - Update to version 1.14.0:
    + Improved support for sideloading.
    + Allow sub-sandboxes to own MPRIS names on the session bus.
    + Commands that accept "--user" will now also take "-u" as an alias
      for that.
    + The CLI now properly informs the user of which apps are
      (indirectly) using end-of-life runtime extensions in end-of-life
      info messages.
    + The CLI now takes into account operations in the pending
      transaction when printing end-of-life messages.
    + The uninstall command now asks for confirmation before removing
      in-use runtimes or runtime extensions.
    + A "--socket=gpg-agent" option is now recognized by "flatpak run"
      and related commands.
    + Curl supported as default HTTP backend.
    + Uses Fuse 3.
    + Implement support for rewriting dynamic launchers when an app
      is renamed.
    + Add --include-sdk/debug options to install command to install
      SDK/debuginfo along with a ref.
    + defense in depth against arbitrary file deletion by
      flatpak-system-helper when using very old libostree
      (boo#1202639).
    + Updated translations.
  - Replace pkgconfig(fuse) BuildRequires with pkgconfig(fuse3):
    Follow upstreams port to fuse3.
  - Add pkgconfig(libcurl) BuildRequires: enable the new HTTP
    backend.
  - Drop gtk-doc BuildRequires and no longer pass --enable-gtk-doc to
    configure: no longer supported.
  - Drop libtool BuildRequires: no need to bootstrap the tarball.
  - Replace pkgconfig(appstream-glib) BuildRequires with
    pkgconfig(appstream): match what configure checks for.
  - Add pkgconfig(gdk-pixbuf-2.0): verified dependency that was
    implicitly included by appstream-glib before.
* Fri Jul 15 2022 Benjamin Greiner <[email protected]>
  - variant-schema-compiler requires the Python module pyparsing
* Sun Jul 03 2022 Andreas Stieger <[email protected]>
  - Correct Supplements for flatpak-zsh-completion boo#1201113
  - package LICENSE file in every package
  - make flatpak-zsh-completion and system-user-flatpak noarch
  - add update-system-flatpaks timer that updates installed flatpaks
    daily if enabled
* Tue Mar 15 2022 Andreas Stieger <[email protected]>
  - Update to version 1.12.7:
    + allow networked access to X11 and PulseAudio services if that
      is configured, and the application has network access
    + Absolute paths in WAYLAND_DISPLAY now work
    + Allow apps that were built with Flatpak 1.13.x to export
      AppStream metadata in share/metainfo
    + Most commands now work if /var/lib/flatpak exists but
      /var/lib/flatpak/repo does not, and will automatically populate
      the repo directory if possible
    + Consistently pass relative subpaths to libostree, working
      around a bug in libostree < 2021.6 when used with GLib >= 2.71
    + Fix some memory leaks in GVariant data processing
* Tue Feb 22 2022 Andreas Stieger <[email protected]>
  - Update to version 1.12.6:
    + Fix a bug that sometimes caused repo corruption in case
      downloads are interrupted or canceled, necessitating a
      "flatpak repair" to recover
    + More reliably detect the GTK theme
    + Fix history command unit test in some edge cases
    + Updated translations.
* Sun Feb 13 2022 Dirk Müller <[email protected]>
  - drop apparently unused libdwarf buildrequires
* Fri Feb 11 2022 Andreas Stieger <[email protected]>
  - Update to version 1.12.5:
    + Detect and remove left-over data from
      /var/lib/flatpak/appstream
    + Fix display bugs in flatpak history
    + Don't set up an unnecessary polkit agent for flatpak history
    + Don't propagate GStreamer-related environment variables into
      sandbox
    + Updated translations.
* Tue Jan 18 2022 Andreas Stieger <[email protected]>
  - Update to 1.12.4:
    + reverting non-backwards-compatible behaviour changes in the
      solution previously chosen for CVE-2022-21682 (boo#1194611)
      Fix will be in flatpak-builder 1.2.2.
    + Clarify documentation of --nofilesystem
    + Improve unit test coverage around --filesystem and
    - -nofilesystem
    + Restore compatibility with older appstream-glib versions,
      fixing a regression in 1.12.3
* Wed Jan 12 2022 Andreas Stieger <[email protected]>
  - Update to 1.12.3:
    + CVE-2021-43860: a malicious repository could have sent invalid
      application metadata in a way that hides some of the app
      permissions displayed during installation (boo#1194610)
    + CVE-2022-21682: flatpak-builder could allow
    - -mirror-screenshots-url commands to create directories outside
      of the build directory (boo#1194611)
    + Extra-data downloading now properly handles compressed
      content-encodings which fixes checksum verification
    + Note: In some corner case server setups this may require the
      extra-data checksum to be changed
    + Avoid unnecessary policy-kit dialog due to auto-pinning when
      installing runtimes
    + Better handling of updates of extensions that exist in multiple
      repositories
    + Fixed (initial) installation apps with renamed ids
    + Fixed regression in updates from no-enumerate remotes
    + We now verify checksums of summary caches, to better handle
      local file corruption
    + Improved cli output for non-terminal targets
    + Flatpak run --session-bus now works
    + Fix build with PyParsing >= 3.0.4
    + Fixed "Since" annotations on FlatpakTransaction signals
    + bash auto completion now doesn't complete on command name
      aliases
    + Minor improvements to the search command
    + Minor improvements to the list command
    + Minor improvements to the repair command
    + Add more tests
    + Updated translations.
  - Drop support-new-pyparsing.patch: Fixed upstream.

Files

/usr/share/selinux/devel/include/contrib/flatpak.if
/usr/share/selinux/packages/flatpak.pp.bz2


Generated by rpm2html 1.8.1

Fabrice Bellet, Sun Jan 12 00:30:25 2025