[oe] [meta-oe][PATCH 2/2] flatpak: update 1.15.9 -> 1.15.10

Wed, 21 Aug 2024 01:34:13 -0700 

Dependencies:

    In distributions that compile Flatpak to use a separate bubblewrap (bwrap) 
executable, version 0.10.0 is required.
    This version adds a new feature which is required by the security fix in 
this release.

Security fixes:

    Don't follow symbolic links when mounting persistent directories (--persist 
option). This prevents a sandbox escape where a malicious or compromised app 
could edit the symlink to point to a directory that the app should not have 
been allowed to read or write. (CVE-2024-42472, GHSA-7hgv-f2j8-xw87)

Documentation:

    Mark the 1.12.x and 1.10.x branches as end-of-life (#5352)

Other bug fixes:

    Fix several memory leaks (#5883, #5884)

Internal changes:

    Record a log file when running build-time tests with AddressSanitizer 
(#5884)

    Add initial suppressions file for AddressSanitizer (#5884)

Signed-off-by: Markus Volk <[email protected]>
---
 .../flatpak/{flatpak_1.15.9.bb => flatpak_1.15.10.bb}         | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 rename meta-oe/recipes-extended/flatpak/{flatpak_1.15.9.bb => 
flatpak_1.15.10.bb} (95%)

diff --git a/meta-oe/recipes-extended/flatpak/flatpak_1.15.9.bb 
b/meta-oe/recipes-extended/flatpak/flatpak_1.15.10.bb
similarity index 95%
rename from meta-oe/recipes-extended/flatpak/flatpak_1.15.9.bb
rename to meta-oe/recipes-extended/flatpak/flatpak_1.15.10.bb
index f8d211236..c9d04e926 100644
--- a/meta-oe/recipes-extended/flatpak/flatpak_1.15.9.bb
+++ b/meta-oe/recipes-extended/flatpak/flatpak_1.15.10.bb
@@ -4,11 +4,11 @@ LICENSE = "LGPL-2.1-only"
 LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c"
 
 SRC_URI = " \
-    gitsm://github.com/flatpak/flatpak;protocol=https;branch=main \
+    git://github.com/flatpak/flatpak;protocol=https;branch=main \
     file://0001-flatpak-pc-add-pc_sysrootdir.patch \
 "
 
-SRCREV = "b026910d1c18900e9daf07c429f7e901eb1c3f20"
+SRCREV = "8b4f523c4f8287d57f1a84a3a8216efe200c5fbf"
 
 S = "${WORKDIR}/git"
 
-- 
2.45.2


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#111880): 
https://lists.openembedded.org/g/openembedded-devel/message/111880
Mute This Topic: https://lists.openembedded.org/mt/108016184/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub 
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to