z572 pushed a commit to branch master
in repository guix.
commit d115af1bcc48f07a40dafd94d1d00926d446d068
Author: Daniel Ziltener <dzilte...@lyrion.ch>
AuthorDate: Tue Apr 16 15:38:29 2024 +0200
gnu: flatpak: Update to 1.14.6 [security fixes].
fixes CVE-2024-32462. see https://nvd.nist.gov/vuln/detail/CVE-2024-32462.
* gnu/packages/package-management.scm (flatpak): Update to 1.14.6.
[arguments]: Add '--with-curl'
[inputs]: Add libcap, polkit, zstd. Use fuse replace fuse-2.
* gnu/packages/patches/flatpak-unset-gdk-pixbuf-for-sandbox.patch: Adjust
patch.
Signed-off-by: Zheng Junjie <zhengjun...@iscas.ac.cn>
Change-Id: Idc9b8159f0d6c6d037852792c0dc284c70c7462e
---
gnu/packages/package-management.scm | 13 +++++++++----
.../patches/flatpak-unset-gdk-pixbuf-for-sandbox.patch | 4 +++-
2 files changed, 12 insertions(+), 5 deletions(-)
diff --git a/gnu/packages/package-management.scm
b/gnu/packages/package-management.scm
index e753723dad..1eea7e0d08 100644
--- a/gnu/packages/package-management.scm
+++ b/gnu/packages/package-management.scm
@@ -99,6 +99,7 @@
#:use-module (gnu packages perl)
#:use-module (gnu packages perl-check)
#:use-module (gnu packages pkg-config)
+ #:use-module (gnu packages polkit)
#:use-module (gnu packages popt)
#:use-module (gnu packages python)
#:use-module (gnu packages python-build)
@@ -2022,14 +2023,14 @@ the boot loader configuration.")
(define-public flatpak
(package
(name "flatpak")
- (version "1.14.4")
+ (version "1.14.6")
(source
(origin
(method url-fetch)
(uri (string-append
"https://github.com/flatpak/flatpak/releases/download/";
version "/flatpak-" version ".tar.xz"))
(sha256
- (base32 "16b7f7n2mms6zgm0lj3fn86ny11xjn8cd3mrk1slwhvwnv8dnd4a"))
+ (base32 "0ij93vl9skcfdfgkmgd80q0q4c6q39dss4rds7phxizqqsr3d3sk"))
(patches
(search-patches "flatpak-fix-path.patch"
"flatpak-unset-gdk-pixbuf-for-sandbox.patch"))))
@@ -2042,6 +2043,7 @@ the boot loader configuration.")
(list
#:configure-flags
#~(list
+ "--with-curl"
"--enable-documentation=no" ;; FIXME
"--enable-system-helper=no"
"--localstatedir=/var"
@@ -2105,19 +2107,22 @@ cp -r /tmp/locale/*/en_US.*")))
bubblewrap
curl
dconf
- fuse-2
+ fuse
gdk-pixbuf
gpgme
json-glib
libarchive
+ libcap
libostree
libseccomp
libsoup-minimal-2
libxau
libxml2
p11-kit
+ polkit
util-linux
- xdg-dbus-proxy))
+ xdg-dbus-proxy
+ zstd))
(propagated-inputs (list glib-networking gnupg gsettings-desktop-schemas))
(home-page "https://flatpak.org";)
(synopsis "System for building, distributing, and running sandboxed desktop
diff --git a/gnu/packages/patches/flatpak-unset-gdk-pixbuf-for-sandbox.patch
b/gnu/packages/patches/flatpak-unset-gdk-pixbuf-for-sandbox.patch
index bf9c487ba8..7773b11f7e 100644
--- a/gnu/packages/patches/flatpak-unset-gdk-pixbuf-for-sandbox.patch
+++ b/gnu/packages/patches/flatpak-unset-gdk-pixbuf-for-sandbox.patch
@@ -9,11 +9,13 @@ of host system.
--- a/common/flatpak-run.c
+++ b/common/flatpak-run.c
-@@ -1900,6 +1900,7 @@ static const ExportData default_exports[] = {
+@@ -1900,8 +1900,9 @@ static const ExportData default_exports[] = {
{"XKB_CONFIG_ROOT", NULL},
{"GIO_EXTRA_MODULES", NULL},
{"GDK_BACKEND", NULL},
+ {"GDK_PIXBUF_MODULE_FILE", NULL},
+ {"VK_DRIVER_FILES", NULL},
+ {"VK_ICD_FILENAMES", NULL},
};
static const ExportData no_ld_so_cache_exports[] = {
