Your message dated Thu, 01 Jan 2026 10:17:05 +0000
with message-id <[email protected]>
and subject line Bug#1114484: fixed in flatpak 1.16.2-1~deb13u1
has caused the Debian Bug report #1114484,
regarding flatpak-session-helper leaks memory
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1114484: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1114484
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: flatpak
Version: 1.16.1-1
Severity: normal
Tags: upstream patch
X-Debbugs-Cc: [email protected]
Dear Maintainer,
Depending on the application, flatpak-session-helper can leak memory
at an alarming rate.
For example, when using the StreamController flatpak the memory leak
can render a system unusable after about a week.
flatpak-session-helper appears to run alongside each flatpak
application, or similar, so it isn't easy to avoid.
This has been fixed upstream via commit:
cd80e843 session-helper: Avoid a memory leak
The issue was tracked upstream via:
https://github.com/flatpak/flatpak/issues/5821
It would be fabulous to have this fix in the Debian flatpak package.
Thanks!
peace & happiness,
martin
-- Package-specific info:
Permissions of /usr/bin/bwrap:
-rwxr-xr-x 1 root root 80272 Dec 30 2024 /usr/bin/bwrap
/etc/sysctl.d/*-bubblewrap.conf:
cat: '/etc/sysctl.d/*-bubblewrap.conf': No such file or directory
/usr/lib/sysctl.d/50-bubblewrap.conf:
# Enable unprivileged creation of new user namespaces in older Debian
# kernels.
#
# If this is not desired, copy this file to
# /etc/sysctl.d/50-bubblewrap.conf and change the value of this parameter
# to 0, then use dpkg-statoverride to make /usr/bin/bwrap setuid root.
#
# For more details see https://deb.li/bubblewrap or
# /usr/share/doc/bubblewrap/README.Debian
kernel.unprivileged_userns_clone=1
/proc/sys/kernel/unprivileged_userns_clone:
1
/proc/sys/user/max_cgroup_namespaces:
255859
/proc/sys/user/max_ipc_namespaces:
255859
/proc/sys/user/max_mnt_namespaces:
255859
/proc/sys/user/max_net_namespaces:
255859
/proc/sys/user/max_pid_namespaces:
255859
/proc/sys/user/max_time_namespaces:
255859
/proc/sys/user/max_user_namespaces:
255859
/proc/sys/user/max_uts_namespaces:
255859
-- System Information:
Debian Release: 13.0
APT prefers stable-updates
APT policy: (990, 'stable-updates'), (990, 'stable-security'), (990, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 6.12.32-rt-amd64 (SMP w/12 CPU threads; PREEMPT)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8),
LANGUAGE=en_AU:en
Shell: /bin/sh linked to /usr/bin/dash
Init: sysvinit (via /sbin/init)
LSM: AppArmor: enabled
Versions of packages flatpak depends on:
ii adduser 3.152
ii bubblewrap 0.11.0-2
ii fuse3 3.17.2-3
ii libappstream5 1.0.5-1
ii libarchive13t64 3.7.4-4
ii libc6 2.41-12
ii libcurl3t64-gnutls 8.14.1-2
ii libdconf1 0.40.0-5
ii libfuse3-4 3.17.2-3
ii libgdk-pixbuf-2.0-0 2.42.12+dfsg-4
ii libglib2.0-0t64 2.84.3-1
ii libgpgme11t64 1.24.2-3
ii libjson-glib-1.0-0 1.10.6+ds-2
ii libmalcontent-0-0 0.13.0-2
ii libostree-1-1 2025.2-1
ii libpolkit-agent-1-0 126-2
ii libpolkit-gobject-1-0 126-2
ii libseccomp2 2.6.0-2
ii libsystemd0 257.7-1
ii libwayland-client0 1.23.1-3
ii libxau6 1:1.0.11-1
ii libxml2 2.12.7+dfsg+really2.9.14-2.1+deb13u1
ii libzstd1 1.5.7+dfsg-1
ii xdg-dbus-proxy 0.1.6-1
Versions of packages flatpak recommends:
ii ca-certificates 20250419
ii dbus [default-dbus-system-bus] 1.16.2-2
ii desktop-file-utils 0.28-1
ii gtk-update-icon-cache 4.18.6+ds-2
ii hicolor-icon-theme 0.18-2
pn libpam-systemd <none>
ii p11-kit 0.25.5-3
ii polkitd 126-2
ii shared-mime-info 2.4-5+b2
ii xdg-desktop-portal 1.20.3+ds-1
ii xdg-desktop-portal-gtk [xdg-desktop-portal-backend] 1.15.3-1
ii xdg-user-dirs 0.18-2
Versions of packages flatpak suggests:
ii avahi-daemon 0.8-16
pn malcontent-gui <none>
Versions of packages bubblewrap depends on:
ii libc6 2.41-12
ii libcap2 1:2.75-10+b1
ii libselinux1 3.8.1-1
Versions of packages bubblewrap recommends:
ii procps 2:4.0.4-9
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: flatpak
Source-Version: 1.16.2-1~deb13u1
Done: Simon McVittie <[email protected]>
We believe that the bug you reported is fixed in the latest version of
flatpak, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Simon McVittie <[email protected]> (supplier of updated flatpak package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 20 Dec 2025 17:15:35 +0000
Source: flatpak
Architecture: source
Version: 1.16.2-1~deb13u1
Distribution: trixie
Urgency: medium
Maintainer: Utopia Maintenance Team
<[email protected]>
Changed-By: Simon McVittie <[email protected]>
Closes: 1114484 1116737
Changes:
flatpak (1.16.2-1~deb13u1) trixie; urgency=medium
.
* d/control, d/gbp.conf: Use debian/trixie packaging branch
* Summary of changes since trixie:
- New upstream stable release, see 1.16.2-1 changelog
(Closes: #1114484)
- Fix FTBFS with DEB_BUILD_OPTIONS=nocheck
(Closes: #1116737)
- d/copyright: Point to GNU web address instead of old FSF postal
address
- d/copyright: Clarify possible interpretations of LGPL-2
* Revert changes that are not appropriate for a stable update:
- Revert "Prefer the OpenSSL flavour of libcurl"
- Revert "d/control: Only require gtk-doc-tools, etc. if we are
building documentation"
- Revert "Stop build-depending on libgirepository1.0-dev"
- Revert "d/control: Remove Rules-Requires-Root"
- Revert "Normalize formatting with debputy"
.
flatpak (1.16.2-1) unstable; urgency=medium
.
* New upstream stable release
- Fix a memory leak in flatpak-session-helper when invoking host
commands (flatpak-spawn --host) from privileged apps
(Closes: #1114484)
- Treat either the xe or i915 kernel module as indicating an Intel GPU,
not just i915, and install the appropriate VA-API extensions
- If using GLib 2.86.1 (specifically that version due to a regression
that was later fixed), avoid exposing $HOME to apps if an XDG special
directory such as Music is requested by the app but has been disabled
locally
- In flatpak-kill(1), make killing processes more robust, and avoid race
conditions that could lead to the whole process group being killed
- Allow `flatpak run` or `flatpak install --user` while under
`sudo -u otheruser` or `sudo -g`, as long as the other user is not root,
relaxing a check that was only intended to avoid accidents involving
running as root
- Provide an empty /run/host/font-dirs.xml during flatpak-build(1),
avoiding spurious warnings for processes that use fontconfig during
build-time tests
- Fix a crash in `flatpak install --include-sdk` if the app is installed
on a per-user basis but the corresponding SDK is already installed
system-wide
- Take the --reinstall option into account when installing a bundle
- Add a missing argument to fcntl F_DUPFD_CLOEXEC during Flatpak's own
build-time tests, fixing a test regression with newer glibc on Ubuntu
- Fix flatpak-pin(1)/flatpak-mask(1) with multiple arguments, by
reloading configuration when needed
- Fix an assertion failure in flatpak-build-import-bundle(1)
- When using the library API, allow http downloads with libcurl to be
cancelled
- If an OCI registry only has one image, allow the tag to be omitted
- Fix a memory leak when using an OCI registry
- Fix an uninitialized variable
- Documentation improvements
- Translation updates: pl
* d/libflatpak-doc.install:
Install single-file HTML documentation for the library.
This was built by Autotools in 1.14.x and disappeared during the switch
to Meson, but is now built again as a result of upstream fixes.
.
flatpak (1.16.1-3) unstable; urgency=medium
.
* Fix <!nocheck> builds (Closes: #1116737)
- d/control: Remove <!nocheck> annotation from fuse3.
This is required unconditionally (even if not running tests)
since 1.15.7 upstream, so that the build system can autodetect
the distro's appropriate path to fusermount3 or fusermount.
- d/control, d/rules: Tighten up handling of nocheck and noinsttest.
The upstream build system checks for some programs that are required
during testing whenever the tests are compiled. If we are under both
the nocheck and noinsttest build profiles, don't compile the tests,
so that pkcheck and socat won't be needed in that configuration;
and otherwise, we need them in Build-Depends.
* d/control: Remove Rules-Requires-Root, no longer needed since trixie
* Normalize formatting with debputy
.
flatpak (1.16.1-2) unstable; urgency=medium
.
* d/copyright: Point to GNU web address instead of old FSF postal address
* d/copyright: Clarify possible interpretations of LGPL-2
* Stop build-depending on libgirepository1.0-dev.
Build-depend on gobject-introspection (>= 1.80) instead.
libgirepository1.0-dev is not multiarch-compatible and should be removed
during the forky cycle.
* d/control: Only require gtk-doc-tools, etc. if we are building
documentation
* Prefer the OpenSSL flavour of libcurl.
This is the one that upstream is going to be testing with in practice.
Checksums-Sha1:
dd2b251df08bbc0bbe08ea028940b687a15f9be9 3997 flatpak_1.16.2-1~deb13u1.dsc
4cb0f9e47194abb8c318147179356bdfece9e13b 41716
flatpak_1.16.2-1~deb13u1.debian.tar.xz
a968a6be0a86efaf4b0a5f6590ca215806ed7b23 5011088
flatpak_1.16.2-1~deb13u1.git.tar.xz
d19c15fcc991ff0ef0d3ea21300d45885500cd0c 17171
flatpak_1.16.2-1~deb13u1_source.buildinfo
Checksums-Sha256:
613bbc5acb89c2e33c4ec69235ca5222030bd7a36296347f60bb2e0a72680d61 3997
flatpak_1.16.2-1~deb13u1.dsc
f9f988dc03daea8d9a9b61f250c5af15833be7bd591152a46c32016d2096bd58 41716
flatpak_1.16.2-1~deb13u1.debian.tar.xz
1d09aaf7d7d454da230b8f972ba7e82888fbd21813d4afc994d66c406a87f0e6 5011088
flatpak_1.16.2-1~deb13u1.git.tar.xz
b931022d2725afabc1407ecfb99529abd9f1a2b065d38d457836bee7c883a870 17171
flatpak_1.16.2-1~deb13u1_source.buildinfo
Files:
739f410590db6cdc59d0bf1c58cfd0d7 3997 admin optional
flatpak_1.16.2-1~deb13u1.dsc
2f57ca3f9788af6ef271f78e6c89dc0d 41716 admin optional
flatpak_1.16.2-1~deb13u1.debian.tar.xz
ee11d2ce53521374aed4c469b13d2326 5011088 admin optional
flatpak_1.16.2-1~deb13u1.git.tar.xz
6476f17cf8db265d1cecdbc9608e930f 17171 admin optional
flatpak_1.16.2-1~deb13u1_source.buildinfo
Git-Tag-Info: tag=8fb45a5d6213f1daf94cbc2ae92ead45b9805313
fp=7a073ad1ae694fa25bff62e5235c099d3eb33076
Git-Tag-Tagger: Simon McVittie <[email protected]>
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEN02M5NuW6cvUwJcqYG0ITkaDwHkFAmlH7S0ACgkQYG0ITkaD
wHmyhw/9Gp7WeLCsDi2riOaDWqnC0WBBsDxTKki5rC9LGDOSjNeKmGxcDus88X2h
SV1cvgs/wmp+I25EHO5QX4qtjB2BeUhoMYoqE8LTnJilIPUH3NC0CJp6HKfVvpzF
uRWNkqvvgwStlFNKwwx5ga7oh2+QVxLKb6PbnI6BFbbdUgtsgV5mLAbMpOii5KSK
acrbiA6WAEHEYQh8oHTP+wlvxWkB5F1pmjYLKZwi4BIs/p1MRjG489RYXq+vOyIu
AVPnlPU096/tTIlh1FcAWFGRRrCu3HoOHVNguTNseOk0M78ASigpL5DQpnq0FOnJ
l32uXNVwETzwTOdN8+haNzDTixw8IUmlXEq7oTqjxOVfISMkEfeq5FREBBZpLyIT
+7h+AWdr5A+PnBrLOifLRPlZ2n5y46MBYTGouwO4tQAZp0IGfuFZgvY1NXs4goWs
j9U5ain6MVSeOZL2I4DBtbc8gsvLtBf17lEcd1X/Mf118z8xA8tX8UjnBNvHbqA1
B3x7Sb8lv1HlWxu6+o+i/L7xisNOhoZXMdF9PLFFPEn4L6xUfyr1riwURQ/lScHY
CqUYd4hRj+7Qbh+VVpCaDVbrNTQI/gLDyRqinLP4UOiRKnJXdzRxv8rPKU9WAHnu
s5BpMAuVOvbwADCF9a+gUkCq7QgyHsLYECjeJxXW/I19WVFZK2Q=
=sv0m
-----END PGP SIGNATURE-----
pgpzXojI4af6M.pgp
Description: PGP signature
--- End Message ---
