Hello community, here is the log from the commit of package flatpak for openSUSE:Factory checked in at 2019-02-24 17:06:05 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/flatpak (Old) and /work/SRC/openSUSE:Factory/.flatpak.new.28833 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "flatpak" Sun Feb 24 17:06:05 2019 rev:27 rq:674492 version:1.2.3 Changes: -------- --- /work/SRC/openSUSE:Factory/flatpak/flatpak.changes 2019-02-11 21:18:08.311313272 +0100 +++ /work/SRC/openSUSE:Factory/.flatpak.new.28833/flatpak.changes 2019-02-24 17:06:14.156599400 +0100 @@ -1,0 +2,30 @@ +Wed Feb 13 08:06:06 UTC 2019 - [email protected] + +- Update to version 1.2.3: + + Don't expose /proc in apply_extra script sandbox. The CVE-2019-5736 + runc vulnerability is about using /proc/self/exe to modify the host + side binary from the sandbox. This mostly does not affect flatpak + since the flatpak sandbox is not run with root permissions. + However, there is one case (running the apply_extra script for + system installs) where this happens, so this release contains a fix + for that. +- Update to version 1.2.2: + + Reverted green checkbox as they caused table alignment issues + + Fix a division by zero if the terminal reports a zero terminal + width (which happens in the flathub build environment). +- Update to version 1.2.1: + + Ensure flatpak builds with older versions of glib and + appstream-glib. + + build-commit-from: Fix the new --extra-id option. + + build-export: Allow disabling the sandboxing of the icon validator + and do so during the tests. + + profile: Don't break if debug logging is enabled. + + Better handling of the appdata release attribute. + + Don't install polkit agent when not needed, avoiding some + unnecessary log lines in some cases. + + Fix the output of the sandboxed icon validator not being visible. + + builld-init: Allow specifying a full ref for the sdk, which is + used to select the branch name when checking sdk extensions. + + Make the ok checks in the output green + +------------------------------------------------------------------- Old: ---- flatpak-1.2.0.tar.xz New: ---- flatpak-1.2.3.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ flatpak.spec ++++++ --- /var/tmp/diff_new_pack.0d87lw/_old 2019-02-24 17:06:14.784599101 +0100 +++ /var/tmp/diff_new_pack.0d87lw/_new 2019-02-24 17:06:14.788599099 +0100 @@ -18,7 +18,7 @@ %define libname libflatpak0 Name: flatpak -Version: 1.2.0 +Version: 1.2.3 Release: 0 Summary: OSTree based application bundles management License: LGPL-2.1-or-later ++++++ _service ++++++ --- /var/tmp/diff_new_pack.0d87lw/_old 2019-02-24 17:06:14.808599089 +0100 +++ /var/tmp/diff_new_pack.0d87lw/_new 2019-02-24 17:06:14.808599089 +0100 @@ -4,7 +4,7 @@ <param name="scm">git</param> <param name="versionformat">@PARENT_TAG@</param> <param name="changesgenerate">enable</param> - <param name="revision">refs/tags/1.2.0</param> + <param name="revision">refs/tags/1.2.3</param> </service> <service name="recompress" mode="disabled"> <param name="file">*.tar</param> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.0d87lw/_old 2019-02-24 17:06:14.820599084 +0100 +++ /var/tmp/diff_new_pack.0d87lw/_new 2019-02-24 17:06:14.820599084 +0100 @@ -1,4 +1,4 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/flatpak/flatpak.git</param> - <param name="changesrevision">7baac10cdbb9096e675377d8adf21a09e2ffd2e8</param></service></servicedata> \ No newline at end of file + <param name="changesrevision">428c7bf8566d1cdb9f5eafccde1a19a41aeab144</param></service></servicedata> \ No newline at end of file ++++++ flatpak-1.2.0.tar.xz -> flatpak-1.2.3.tar.xz ++++++ ++++ 21755 lines of diff (skipped)
