Control: retitle -1 bookworm-pu: package flatpak/1.14.8-1~deb12u1
flatpak 1.14.7 has now been released, closely followed by 1.14.8 to
revert unintended changes to the libglnx and bubblewrap submodules.
I would like to get this into a Debian 12 point release if possible.
I'm sorry about the size of this update, but we've built up quite a large
backlog of bug-fix changes upstream, and until very recently I have been
the only person making releases, so their frequency is limited by my
available time. If time permits, I will try to do more, smaller stable
updates in future.
[ Impact ]
If not accepted, several known bugs remain present in stable.
The highest-visibility is that the developer name of an app appears
in the CLI where the app name should be, for example "The Chromium Authors"
instead of the correct "Chromium Web Browser".
Also, if we keep up with upstream stable releases, then next time there
is a CVE, we have the option of taking upstream's stable release directly
instead of having to backport individual patches.
[ Tests ]
This is a relatively straightforward backport of the version I uploaded
to unstable today.
There is a fairly comprehensive test suite. It cannot be run under schroot
or lxc due to limitations of nested containers, but I run it in
autopkgtest-virt-qemu before each upload, and ci.debian.net has now been
configured to run flatpak's tests under autopkgtest-virt-qemu has well.
Also successfully manually tested on some bookworm systems:
- Can still set up a fresh installation as per
https://flathub.org/en-GB/setup/Debian and install/run an app
(tested with org.gnome.Recipes)
- Can still upgrade apps on an existing installation
- `flatpak update`, with an updated version of Chromium available, fixes
the developer-name bug mentioned above
- It is now possible to run e.g.
`flatpak run --command=bash org.gnome.Recipes` inside a
`podman run --privileged` container with no D-Bus system bus, which
wasn't possible before
(tested without Recommends, other than ca-certificates which is required
for installing from Flathub)
- CVE-2024-32462 is still fixed
[ Risks ]
Somewhat low risk, all changes are targeted bug fixes. I would say that
the highest-risk are the alterations to how AppStream metadata is parsed
and displayed, but several distributions are already using those changes
via the 1.15.x branch and we have not had regression reports.
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable
[ Changes ]
* Makefile.am,
configure.ac,
data/Makefile.am.inc,
data/tmpfiles.d/flatpak.conf,
debian/flatpak.install,
sideload-repos-systemd/Makefile.am.inc:
- Add systemd-tmpfiles snippet run during boot to delete any obsolete
/var/tmp/flatpak-cache-* from the previous boot
* app/flatpak-builtins-build.c,
common/flatpak-dir.c,
common/flatpak-run.c,
debian/patches/*,
tests/test-run.sh:
- Fix CVE-2024-32462 in upstream source instead of via a patch
* app/flatpak-builtins-ps.c:
- Use xdg-desktop-portal-gnome in addition to -gtk and -kde to determine
whether an app is running in the background
* app/flatpak-builtins-remote-info.c:
- Fix display of app info in `flatpak remote-info`
- Fix some uses of deprecated libappstream API
- Forward-compatibility with libappstream 0.17.x and 1.0
* app/flatpak-builtins-remote-ls.c,
app/flatpak-builtins-search.c,
app/flatpak-builtins-utils.c,
app/flatpak-builtins-utils.h,
config.h.in,
configure.ac:
- Fix some uses of deprecated libappstream API
- Forward-compatibility with libappstream 0.17.x and 1.0
* app/flatpak-builtins-run.c,
tests/testlibrary.c:
- Silence compiler warning false-positives
* common/flatpak-appdata.c,
tests/make-test-app.sh,
tests/test-info.sh:
- Don't parse the app developer name as though it was the app name
(for newly-installed apps the fix takes effect immediately, for
affected apps that were installed with an older Flatpak the fix will
take effect the next time that app is upgraded)
* common/flatpak-dir.c:
- Automatically reload D-Bus session bus configuration on new
installations and upgrades, so that new .service files are reliably
picked up
- Forward compatibility with newer GLib
- Silence a compiler warning false-positive
- Fix a minor memory leak
* common/flatpak-prune.c:
- Fix some signed integer arithmetic that is strictly speaking
undefined behaviour
* common/flatpak-run.c,
doc/flatpak-run.xml:
- Don't let the sandboxed app inherit a wrong value for various
environment variables from the host system related to ld.so, EGL
and Vulkan
* common/flatpak-run.c,
tests/test-repo.sh:
- Don't try to repeat data migration for apps whose data was already
migrated to a new name and then deleted
* common/flatpak-run.c:
- Ensure that
