Control: retitle -1 bookworm-pu: package flatpak/1.14.8-1~deb12u1
flatpak 1.14.7 has now been released, closely followed by 1.14.8 to
revert unintended changes to the libglnx and bubblewrap submodules.
I would like to get this into a Debian 12 point release if possible.
I'm sorry about the size of this update, but we've built up quite a large
backlog of bug-fix changes upstream, and until very recently I have been
the only person making releases, so their frequency is limited by my
available time. If time permits, I will try to do more, smaller stable
updates in future.
[ Impact ]
If not accepted, several known bugs remain present in stable.
The highest-visibility is that the developer name of an app appears
in the CLI where the app name should be, for example "The Chromium Authors"
instead of the correct "Chromium Web Browser".
Also, if we keep up with upstream stable releases, then next time there
is a CVE, we have the option of taking upstream's stable release directly
instead of having to backport individual patches.
[ Tests ]
This is a relatively straightforward backport of the version I uploaded
to unstable today.
There is a fairly comprehensive test suite. It cannot be run under schroot
or lxc due to limitations of nested containers, but I run it in
autopkgtest-virt-qemu before each upload, and ci.debian.net has now been
configured to run flatpak's tests under autopkgtest-virt-qemu has well.
Also successfully manually tested on some bookworm systems:
- Can still set up a fresh installation as per
https://flathub.org/en-GB/setup/Debian and install/run an app
(tested with org.gnome.Recipes)
- Can still upgrade apps on an existing installation
- `flatpak update`, with an updated version of Chromium available, fixes
the developer-name bug mentioned above
- It is now possible to run e.g.
`flatpak run --command=bash org.gnome.Recipes` inside a
`podman run --privileged` container with no D-Bus system bus, which
wasn't possible before
(tested without Recommends, other than ca-certificates which is required
for installing from Flathub)
- CVE-2024-32462 is still fixed
[ Risks ]
Somewhat low risk, all changes are targeted bug fixes. I would say that
the highest-risk are the alterations to how AppStream metadata is parsed
and displayed, but several distributions are already using those changes
via the 1.15.x branch and we have not had regression reports.
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable
[ Changes ]
* Makefile.am,
configure.ac,
data/Makefile.am.inc,
data/tmpfiles.d/flatpak.conf,
debian/flatpak.install,
sideload-repos-systemd/Makefile.am.inc:
- Add systemd-tmpfiles snippet run during boot to delete any obsolete
/var/tmp/flatpak-cache-* from the previous boot
* app/flatpak-builtins-build.c,
common/flatpak-dir.c,
common/flatpak-run.c,
debian/patches/*,
tests/test-run.sh:
- Fix CVE-2024-32462 in upstream source instead of via a patch
* app/flatpak-builtins-ps.c:
- Use xdg-desktop-portal-gnome in addition to -gtk and -kde to determine
whether an app is running in the background
* app/flatpak-builtins-remote-info.c:
- Fix display of app info in `flatpak remote-info`
- Fix some uses of deprecated libappstream API
- Forward-compatibility with libappstream 0.17.x and 1.0
* app/flatpak-builtins-remote-ls.c,
app/flatpak-builtins-search.c,
app/flatpak-builtins-utils.c,
app/flatpak-builtins-utils.h,
config.h.in,
configure.ac:
- Fix some uses of deprecated libappstream API
- Forward-compatibility with libappstream 0.17.x and 1.0
* app/flatpak-builtins-run.c,
tests/testlibrary.c:
- Silence compiler warning false-positives
* common/flatpak-appdata.c,
tests/make-test-app.sh,
tests/test-info.sh:
- Don't parse the app developer name as though it was the app name
(for newly-installed apps the fix takes effect immediately, for
affected apps that were installed with an older Flatpak the fix will
take effect the next time that app is upgraded)
* common/flatpak-dir.c:
- Automatically reload D-Bus session bus configuration on new
installations and upgrades, so that new .service files are reliably
picked up
- Forward compatibility with newer GLib
- Silence a compiler warning false-positive
- Fix a minor memory leak
* common/flatpak-prune.c:
- Fix some signed integer arithmetic that is strictly speaking
undefined behaviour
* common/flatpak-run.c,
doc/flatpak-run.xml:
- Don't let the sandboxed app inherit a wrong value for various
environment variables from the host system related to ld.so, EGL
and Vulkan
* common/flatpak-run.c,
tests/test-repo.sh:
- Don't try to repeat data migration for apps whose data was already
migrated to a new name and then deleted
* common/flatpak-run.c:
- Ensure that environment variable container=flatpak is set, even if
Flatpak is run inside a different container manager
* common/flatpak-run.c,
debian/control:
- If we can't connect to the D-Bus system bus, don't treat that as
though parental controls forbid running apps, which in practice is
troublesome when running Flatpak in a container
- Reduce default-dbus-system-bus from Depends to Recommends as a result
* common/flatpak-utils-http.c:
- Cancel downloads if they become very slow
* common/flatpak-utils.c,
tests/test-exports.c,
tests/test-instance.c:
- Forward-compatibility with newer GLib releases
* debian/test.sh:
- Unset proxy environment variables to make sure a test http server on
localhost is reachable
* doc/flatpak-*.xml:
- Fix validity of Docbook XML against its DTD
* doc/flatpak-metadata.xml:
- Provide anchors for internal linking
- Clarify documentation on which D-Bus names are allowed by default
* portal/flatpak-portal.c:
- Save the original environment before setting GIO_USE_VFS, and restore it
before starting sandboxed programs, so that GVfs can work
* profile/flatpak.sh:
- Don't leak a temporary variable "new_dirs" into user shell sessions
* revokefs/main.c:
- Forward-compatibility with libostree 2023.4
* session-helper/flatpak-session-helper.c:
- Same as portal/, but for programs run on the host system by trusted
Flatpak apps
* tests/test-bundle.sh,
tests/test-update-portal.sh:
- Skip tests that require FUSE if the test suite is run in an
environment where FUSE doesn't work or is not allowed, but
bubblewrap does work
* tests/test-context.c:
- Fix a double-free in a unit test
* tests/test-run.sh:
- Fix a misleading comment when testing CVE-2024-32462
* tests/make-test-runtime.sh:
- Fail tests earlier, with a better error message, if a required program
is missing
* NEWS,
common/flatpak-version-macros.h,
configure.ac,
tests/package_version.txt:
- The usual release management noise
* gtk-doc.make:
- Regenerated from a slightly newer gtk-doc
* doc/reference/html/*.html:
- Regenerated
(these are also re-regenerated during build)
(Filtered from debdiff)
* po/*.po,
po/flatpak.pot:
- Regenerated during upstream release procedure (different line numbering)
(Filtered from debdiff)
* aclocal.m4,
configure,
config.guess,
config.h.in,
config.sub,
install-sh,
ltmain.sh,
m4/libtool.m4,
m4/ltversion.m4,
Makefile.in,
*/Makefile.in:
- Regenerated
(these are also re-regenerated during build)
(Filtered from debdiff)
diffstat for flatpak-1.14.4 flatpak-1.14.8
Makefile.am | 1
Makefile.in | 34
NEWS | 112
aclocal.m4 | 49
app/flatpak-builtins-ps.c | 2
app/flatpak-builtins-remote-info.c | 22
app/flatpak-builtins-remote-ls.c | 16
app/flatpak-builtins-run.c | 5
app/flatpak-builtins-search.c | 17
app/flatpak-builtins-utils.c | 76
app/flatpak-builtins-utils.h | 26
common/flatpak-appdata.c | 13
common/flatpak-dir.c | 30
common/flatpak-prune.c | 8
common/flatpak-run.c | 43
common/flatpak-utils-http.c | 8
common/flatpak-utils.c | 1
common/flatpak-version-macros.h | 2
config.guess | 97
config.h.in | 31
config.sub | 224
configure | 3071 +++++-----
configure.ac | 12
data/Makefile.am.inc | 2
data/tmpfiles.d/flatpak.conf | 2
debian/changelog | 164
debian/control | 2
debian/flatpak.install | 1
debian/patches/When-starting-non-static-command-using-bwrap-use.patch | 67
debian/patches/series | 2
debian/patches/test-run-Add-a-reproducer-for-CVE-2024-32462.patch | 38
debian/test.sh | 9
doc/Makefile.in | 3
doc/flatpak-build-finish.xml | 3
doc/flatpak-build.xml | 3
doc/flatpak-metadata.xml | 67
doc/flatpak-override.xml | 3
doc/flatpak-run.xml | 17
doc/flatpak-spawn.xml | 4
doc/reference/Makefile.in | 17
doc/reference/html/FlatpakBundleRef.html | 48
doc/reference/html/FlatpakInstallation.html | 710 +-
doc/reference/html/FlatpakInstalledRef.html | 92
doc/reference/html/FlatpakInstance.html | 26
doc/reference/html/FlatpakRef.html | 12
doc/reference/html/FlatpakRelatedRef.html | 48
doc/reference/html/FlatpakRemote.html | 66
doc/reference/html/FlatpakRemoteRef.html | 42
doc/reference/html/FlatpakTransaction.html | 314 -
doc/reference/html/FlatpakTransactionOperation.html | 32
doc/reference/html/FlatpakTransactionProgress.html | 26
doc/reference/html/annotation-glossary.html | 4
doc/reference/html/ch01.html | 4
doc/reference/html/ch02.html | 4
doc/reference/html/flatpak-Error-codes.html | 6
doc/reference/html/flatpak-Version-information.html | 6
doc/reference/html/full-api-index.html | 4
doc/reference/html/gdbus-org.freedesktop.Flatpak.Authenticator.html | 26
doc/reference/html/gdbus-org.freedesktop.Flatpak.AuthenticatorRequest.html | 8
doc/reference/html/gdbus-org.freedesktop.Flatpak.Development.html | 12
doc/reference/html/gdbus-org.freedesktop.Flatpak.SessionHelper.html | 4
doc/reference/html/gdbus-org.freedesktop.Flatpak.SystemHelper.html | 4
doc/reference/html/gdbus-org.freedesktop.impl.portal.PermissionStore.html | 4
doc/reference/html/gdbus-org.freedesktop.portal.Documents.html | 4
doc/reference/html/gdbus-org.freedesktop.portal.Flatpak.UpdateMonitor.html | 60
doc/reference/html/gdbus-org.freedesktop.portal.Flatpak.html | 307
doc/reference/html/home.png |binary
doc/reference/html/index.html | 6
doc/reference/html/left-insensitive.png |binary
doc/reference/html/left.png |binary
doc/reference/html/object-tree.html | 6
doc/reference/html/right-insensitive.png |binary
doc/reference/html/right.png |binary
doc/reference/html/style.css | 1
doc/reference/html/up-insensitive.png |binary
doc/reference/html/up.png |binary
gtk-doc.make | 14
install-sh | 8
ltmain.sh | 49
m4/libtool.m4 | 50
m4/ltversion.m4 | 10
po/cs.po | 250
po/da.po | 250
po/de.po | 250
po/en_GB.po | 250
po/es.po | 254
po/flatpak.pot | 252
po/fr.po | 250
po/gl.po | 250
po/hi.po | 250
po/hr.po | 250
po/hu.po | 250
po/id.po | 250
po/oc.po | 250
po/pl.po | 250
po/pt.po | 250
po/pt_BR.po | 250
po/ro.po | 254
po/ru.po | 250
po/sk.po | 250
po/sv.po | 254
po/tr.po | 250
po/uk.po | 250
po/zh_CN.po | 250
po/zh_TW.po | 250
portal/flatpak-portal.c | 10
profile/flatpak.sh | 2
revokefs/main.c | 4
session-helper/flatpak-session-helper.c | 8
sideload-repos-systemd/Makefile.am.inc | 3
tests/make-test-app.sh | 3
tests/make-test-runtime.sh | 6
tests/package_version.txt | 2
tests/test-bundle.sh | 1
tests/test-context.c | 2
tests/test-exports.c | 3
tests/test-info.sh | 8
tests/test-instance.c | 3
tests/test-repo.sh | 8
tests/test-run.sh | 2
tests/test-update-portal.sh | 1
tests/testlibrary.c | 2
122 files changed, 6488 insertions(+), 5915 deletions(-)
diff -Nru flatpak-1.14.4/app/flatpak-builtins-ps.c flatpak-1.14.8/app/flatpak-builtins-ps.c
--- flatpak-1.14.4/app/flatpak-builtins-ps.c 2022-11-17 18:26:13.000000000 +0000
+++ flatpak-1.14.8/app/flatpak-builtins-ps.c 2024-04-30 14:18:04.000000000 +0100
@@ -72,6 +72,8 @@
g_autoptr(GVariant) ret = NULL;
GVariant *list = NULL;
const char *backends[] = {
+ "org.freedesktop.impl.portal.desktop.gnome",
+ /* Background portal was removed in 1.15.0, retained for compatibility */
"org.freedesktop.impl.portal.desktop.gtk",
"org.freedesktop.impl.portal.desktop.kde",
NULL
diff -Nru flatpak-1.14.4/app/flatpak-builtins-remote-info.c flatpak-1.14.8/app/flatpak-builtins-remote-info.c
--- flatpak-1.14.4/app/flatpak-builtins-remote-info.c 2023-03-15 17:37:23.000000000 +0000
+++ flatpak-1.14.8/app/flatpak-builtins-remote-info.c 2024-04-29 17:46:35.000000000 +0100
@@ -180,24 +180,24 @@
int rows, cols;
int width;
g_autoptr(AsMetadata) mdata = as_metadata_new ();
- AsComponent *app = NULL;
+ AsComponent *cpt = NULL;
const char *version = NULL;
const char *license = NULL;
- g_autofree char *id = flatpak_decomposed_dup_id (ref);
+ g_autofree char *arch = flatpak_decomposed_dup_arch (ref);
flatpak_get_window_size (&rows, &cols);
- flatpak_dir_load_appstream_store (preferred_dir, remote, id, mdata, NULL, NULL);
- app = as_store_find_app (mdata, flatpak_decomposed_get_ref (ref));
- if (app)
+ flatpak_dir_load_appstream_data (preferred_dir, remote, arch, mdata, NULL, NULL);
+ cpt = metadata_find_component (mdata, flatpak_decomposed_get_ref (ref));
+ if (cpt)
{
- const char *name = as_component_get_name (app);
- const char *comment = as_component_get_summary (app);
+ const char *name = as_component_get_name (cpt);
+ const char *comment = as_component_get_summary (cpt);
print_wrapped (MIN (cols, 80), "\n%s - %s\n", name, comment);
- version = as_app_get_version (app);
- license = as_component_get_project_license (app);
+ version = component_get_version_latest (cpt);
+ license = as_component_get_project_license (cpt);
}
if (commit_v)
@@ -267,9 +267,9 @@
width = cols - (len + 1);
- print_aligned (len, _("ID:"), id);
+ print_aligned_take (len, _("ID:"), flatpak_decomposed_dup_id (ref));
print_aligned (len, _("Ref:"), flatpak_decomposed_get_ref (ref));
- print_aligned_take (len, _("Arch:"), flatpak_decomposed_dup_arch (ref));
+ print_aligned (len, _("Arch:"), arch);
print_aligned_take (len, _("Branch:"), flatpak_decomposed_dup_branch (ref));
if (version != NULL)
print_aligned (len, _("Version:"), version);
diff -Nru flatpak-1.14.4/app/flatpak-builtins-remote-ls.c flatpak-1.14.8/app/flatpak-builtins-remote-ls.c
--- flatpak-1.14.4/app/flatpak-builtins-remote-ls.c 2022-11-17 18:26:13.000000000 +0000
+++ flatpak-1.14.8/app/flatpak-builtins-remote-ls.c 2024-04-30 14:18:04.000000000 +0100
@@ -231,7 +231,7 @@
if (need_appstream_data)
{
mdata = as_metadata_new ();
- flatpak_dir_load_appstream_store (dir, remote, NULL, mdata, NULL, NULL);
+ flatpak_dir_load_appstream_data (dir, remote, NULL, mdata, NULL, NULL);
}
keys = (FlatpakDecomposed **) g_hash_table_get_keys_as_array (names, &n_keys);
@@ -244,7 +244,7 @@
guint64 installed_size;
guint64 download_size;
g_autofree char *runtime = NULL;
- AsComponent *app = NULL;
+ AsComponent *cpt = NULL;
gboolean has_sparse_cache;
VarMetadataRef sparse_cache;
g_autofree char *id = flatpak_decomposed_dup_id (ref);
@@ -278,7 +278,7 @@
}
if (need_appstream_data)
- app = as_store_find_app (mdata, ref_str);
+ cpt = metadata_find_component (mdata, ref_str);
if (app_runtime && runtime)
{
@@ -296,8 +296,8 @@
const char *name = NULL;
g_autofree char *readable_id = NULL;
- if (app)
- name = as_component_get_name (app);
+ if (cpt)
+ name = as_component_get_name (cpt);
if (name == NULL)
readable_id = flatpak_decomposed_dup_readable_id (ref);
@@ -307,13 +307,13 @@
else if (strcmp (columns[j].name, "description") == 0)
{
const char *comment = NULL;
- if (app)
- comment = as_component_get_summary (app);
+ if (cpt)
+ comment = as_component_get_summary (cpt);
flatpak_table_printer_add_column (printer, comment);
}
else if (strcmp (columns[j].name, "version") == 0)
- flatpak_table_printer_add_column (printer, app ? as_app_get_version (app) : "");
+ flatpak_table_printer_add_column (printer, cpt ? component_get_version_latest (cpt) : "");
else if (strcmp (columns[j].name, "ref") == 0)
flatpak_table_printer_add_column (printer, ref_str);
else if (strcmp (columns[j].name, "application") == 0)
diff -Nru flatpak-1.14.4/app/flatpak-builtins-run.c flatpak-1.14.8/app/flatpak-builtins-run.c
--- flatpak-1.14.4/app/flatpak-builtins-run.c 2022-11-17 18:26:13.000000000 +0000
+++ flatpak-1.14.8/app/flatpak-builtins-run.c 2024-04-30 14:18:04.000000000 +0100
@@ -101,7 +101,7 @@
g_autoptr(FlatpakDecomposed) runtime_ref = NULL;
const char *pref;
int i;
- int rest_argv_start, rest_argc;
+ int rest_argv_start = 0, rest_argc = 0;
g_autoptr(FlatpakContext) arg_context = NULL;
g_autofree char *id = NULL;
g_autofree char *arch = NULL;
@@ -114,7 +114,6 @@
context = g_option_context_new (_("APP [ARGUMENT…] - Run an app"));
g_option_context_set_translation_domain (context, GETTEXT_PACKAGE);
- rest_argc = 0;
for (i = 1; i < argc; i++)
{
/* The non-option is the command, take it out of the arguments */
@@ -155,6 +154,8 @@
if (rest_argc == 0)
return usage_error (context, _("APP must be specified"), error);
+ /* If we get here, then rest_argv_start must have been set >= 1 */
+ g_assert (rest_argv_start > 0);
pref = argv[rest_argv_start];
if (!flatpak_split_partial_ref_arg (pref, FLATPAK_KINDS_APP | FLATPAK_KINDS_RUNTIME,
diff -Nru flatpak-1.14.4/app/flatpak-builtins-search.c flatpak-1.14.8/app/flatpak-builtins-search.c
--- flatpak-1.14.4/app/flatpak-builtins-search.c 2022-11-17 18:26:13.000000000 +0000
+++ flatpak-1.14.8/app/flatpak-builtins-search.c 2024-04-30 14:18:04.000000000 +0100
@@ -76,7 +76,7 @@
{
g_autoptr(AsMetadata) mdata = as_metadata_new ();
- flatpak_dir_load_appstream_store (dir, remotes[j], arch, mdata, cancellable, &error);
+ flatpak_dir_load_appstream_data (dir, remotes[j], arch, mdata, cancellable, &error);
if (error)
{
@@ -185,7 +185,7 @@
static void
print_app (Column *columns, MatchResult *res, FlatpakTablePrinter *printer)
{
- const char *version = as_app_get_version (res->app);
+ const char *version = component_get_version_latest (res->app);
g_autofree char *id = component_get_flatpak_id (res->app);
const char *name = as_component_get_name (res->app);
const char *comment = as_component_get_summary (res->app);
@@ -272,12 +272,21 @@
for (j = 0; j < remote_stores->len; ++j)
{
AsMetadata *mdata = g_ptr_array_index (remote_stores, j);
+#if AS_CHECK_VERSION(1, 0, 0)
+ AsComponentBox *apps = as_metadata_get_components (mdata);
+#else
GPtrArray *apps = as_metadata_get_components (mdata);
- guint i;
+#endif
- for (i = 0; i < apps->len; ++i)
+#if AS_CHECK_VERSION(1, 0, 0)
+ for (guint i = 0; i < as_component_box_len (apps); ++i)
+ {
+ AsComponent *app = as_component_box_index (apps, i);
+#else
+ for (guint i = 0; i < apps->len; ++i)
{
AsComponent *app = g_ptr_array_index (apps, i);
+#endif
const char *remote_name = g_object_get_data (G_OBJECT (mdata), "remote-name");
g_autoptr(FlatpakDecomposed) decomposed = NULL;
diff -Nru flatpak-1.14.4/app/flatpak-builtins-utils.c flatpak-1.14.8/app/flatpak-builtins-utils.c
--- flatpak-1.14.4/app/flatpak-builtins-utils.c 2022-11-17 18:26:13.000000000 +0000
+++ flatpak-1.14.8/app/flatpak-builtins-utils.c 2024-04-30 14:18:04.000000000 +0100
@@ -1042,50 +1042,79 @@
}
const char *
-as_app_get_version (AsComponent *app)
+component_get_version_latest (AsComponent *component)
{
- GPtrArray *releases = as_component_get_releases (app);
+#if AS_CHECK_VERSION(1, 0, 0)
+ AsReleaseList *releases = NULL;
+
+ /* load releases without network access, ignoring any errors */
+ as_component_load_releases (component, FALSE, NULL);
+
+ /* fetch default releases even if previous loading has failed */
+ releases = as_component_get_releases_plain (component);
+ if (releases != NULL && as_release_list_len (releases) > 0)
+ return as_release_get_version (as_release_list_index (releases, 0));
+#else
+ GPtrArray *releases = as_component_get_releases (component);
if (releases != NULL && releases->len > 0)
return as_release_get_version (AS_RELEASE (g_ptr_array_index (releases, 0)));
+#endif
return NULL;
}
AsComponent *
-as_store_find_app (AsMetadata *mdata,
- const char *ref)
+metadata_find_component (AsMetadata *mdata,
+ const char *ref)
{
g_autoptr(FlatpakRef) rref = flatpak_ref_parse (ref, NULL);
- const char *appid = flatpak_ref_get_name (rref);
- g_autofree char *desktopid = g_strconcat (appid, ".desktop", NULL);
- int j;
+ const char *cid = flatpak_ref_get_name (rref);
+ g_autofree char *desktopid = g_strconcat (cid, ".desktop", NULL);
- for (j = 0; j < 2; j++)
+ for (int j = 0; j < 2; j++)
{
- const char *id = j == 0 ? appid : desktopid;
+ const char *id = j == 0 ? cid : desktopid;
+#if AS_CHECK_VERSION(1, 0, 0)
+ AsComponentBox *cbox = as_metadata_get_components (mdata);
+
+ for (gsize i = 0; i < as_component_box_len (cbox); i++)
+ {
+ AsComponent *component = as_component_box_index (cbox, i);
+ AsBundle *bundle;
+
+ if (g_strcmp0 (as_component_get_id (component), id) != 0)
+ continue;
+
+ bundle = as_component_get_bundle (component, AS_BUNDLE_KIND_FLATPAK);
+ if (bundle &&
+ g_str_equal (as_bundle_get_id (bundle), ref))
+ return component;
+ }
+#else
GPtrArray *components = as_metadata_get_components (mdata);
for (gsize i = 0; i < components->len; i++)
{
- AsComponent *app = g_ptr_array_index (components, i);
+ AsComponent *component = g_ptr_array_index (components, i);
AsBundle *bundle;
- if (g_strcmp0 (as_component_get_id (app), id) != 0)
+ if (g_strcmp0 (as_component_get_id (component), id) != 0)
continue;
- bundle = as_component_get_bundle (app, AS_BUNDLE_KIND_FLATPAK);
+ bundle = as_component_get_bundle (component, AS_BUNDLE_KIND_FLATPAK);
if (bundle &&
g_str_equal (as_bundle_get_id (bundle), ref))
- return app;
+ return component;
}
+#endif
}
return NULL;
}
/**
- * flatpak_dir_load_appstream_store:
+ * flatpak_dir_load_appstream_data:
* @self: a #FlatpakDir
* @remote_name: name of the remote to load the AppStream data for
* @arch: (nullable): name of the architecture to load the AppStream data for,
@@ -1103,12 +1132,12 @@
* otherwise
*/
gboolean
-flatpak_dir_load_appstream_store (FlatpakDir *self,
- const gchar *remote_name,
- const gchar *arch,
- AsMetadata *mdata,
- GCancellable *cancellable,
- GError **error)
+flatpak_dir_load_appstream_data (FlatpakDir *self,
+ const gchar *remote_name,
+ const gchar *arch,
+ AsMetadata *mdata,
+ GCancellable *cancellable,
+ GError **error)
{
const char *install_path = flatpak_file_get_path_cached (flatpak_dir_get_path (self));
g_autoptr(GFile) appstream_file = NULL;
@@ -1129,8 +1158,13 @@
NULL);
appstream_file = g_file_new_for_path (appstream_path);
+#if AS_CHECK_VERSION(0, 16, 0)
+ as_metadata_set_format_style (mdata, AS_FORMAT_STYLE_CATALOG);
+#else
+ /* Deprecated name for the same thing */
as_metadata_set_format_style (mdata, AS_FORMAT_STYLE_COLLECTION);
-#ifdef HAVE_APPSTREAM_0_14_0
+#endif
+#if AS_CHECK_VERSION(0, 14, 0)
success = as_metadata_parse_file (mdata, appstream_file, AS_FORMAT_KIND_XML, &local_error);
#else
as_metadata_parse_file (mdata, appstream_file, AS_FORMAT_KIND_XML, &local_error);
diff -Nru flatpak-1.14.4/app/flatpak-builtins-utils.h flatpak-1.14.8/app/flatpak-builtins-utils.h
--- flatpak-1.14.4/app/flatpak-builtins-utils.h 2022-11-17 18:07:49.000000000 +0000
+++ flatpak-1.14.8/app/flatpak-builtins-utils.h 2024-04-29 17:46:35.000000000 +0100
@@ -28,6 +28,12 @@
#include "flatpak-dir-private.h"
#include "flatpak-permission-dbus-generated.h"
+/* AS_CHECK_VERSION was introduced in 0.14.0; we still support 0.12.0, so
+ * behave as though versions without this macro are arbitrarily old */
+#ifndef AS_CHECK_VERSION
+#define AS_CHECK_VERSION(major, minor, micro) (0)
+#endif
+
/* Appstream data expires after a day */
#define FLATPAK_APPSTREAM_TTL 86400
@@ -154,16 +160,16 @@
const char *title,
char *value);
-AsComponent *as_store_find_app (AsMetadata *mdata,
- const char *ref);
-const char *as_app_get_version (AsComponent *component);
-
-gboolean flatpak_dir_load_appstream_store (FlatpakDir *self,
- const gchar *remote_name,
- const gchar *arch,
- AsMetadata *mdata,
- GCancellable *cancellable,
- GError **error);
+AsComponent *metadata_find_component (AsMetadata *mdata,
+ const char *ref);
+const char *component_get_version_latest (AsComponent *component);
+
+gboolean flatpak_dir_load_appstream_data (FlatpakDir *self,
+ const gchar *remote_name,
+ const gchar *arch,
+ AsMetadata *mdata,
+ GCancellable *cancellable,
+ GError **error);
int cell_width (const char *text);
const char *cell_advance (const char *text,
diff -Nru flatpak-1.14.4/common/flatpak-appdata.c flatpak-1.14.8/common/flatpak-appdata.c
--- flatpak-1.14.4/common/flatpak-appdata.c 2022-11-17 18:26:13.000000000 +0000
+++ flatpak-1.14.8/common/flatpak-appdata.c 2024-04-29 18:44:16.000000000 +0100
@@ -43,6 +43,7 @@
gboolean in_text;
gboolean in_component;
gboolean in_content_rating;
+ gboolean in_developer;
char *lang;
guint64 timestamp;
const char *id; /* interned */
@@ -119,7 +120,7 @@
{
data->in_text = TRUE;
}
- else if (g_str_equal (element_name, "name") ||
+ else if ((!data->in_developer && g_str_equal (element_name, "name")) ||
g_str_equal (element_name, "summary"))
{
const char *lang = NULL;
@@ -259,6 +260,10 @@
g_warning ("Ignoring content attribute missing id attribute");
}
}
+ else if (g_str_equal (element_name, "developer"))
+ {
+ data->in_developer = TRUE;
+ }
}
static void
@@ -294,7 +299,7 @@
{
component->id = g_steal_pointer (&text);
}
- else if (g_str_equal (element_name, "name"))
+ else if (!data->in_developer && g_str_equal (element_name, "name"))
{
g_hash_table_insert (component->names, g_steal_pointer (&data->lang), g_steal_pointer (&text));
}
@@ -316,6 +321,10 @@
g_assert (component->content_rating != NULL);
g_hash_table_insert (component->content_rating, (gpointer) data->id, (gpointer) g_intern_string (text));
}
+ else if (g_str_equal (element_name, "developer"))
+ {
+ data->in_developer = FALSE;
+ }
}
static void
diff -Nru flatpak-1.14.4/common/flatpak-dir.c flatpak-1.14.8/common/flatpak-dir.c
--- flatpak-1.14.4/common/flatpak-dir.c 2024-04-30 17:52:59.000000000 +0100
+++ flatpak-1.14.8/common/flatpak-dir.c 2024-04-30 14:18:04.000000000 +0100
@@ -4402,7 +4402,7 @@
GError **error)
{
g_autoptr(GPtrArray) patterns = flatpak_dir_get_config_patterns (self, key);
- g_autofree char *regexp;
+ g_autofree char *regexp = NULL;
gboolean already_present;
g_autofree char *merged_patterns = NULL;
@@ -6997,6 +6997,28 @@
return ret;
}
+static void
+maybe_reload_dbus_config (GCancellable *cancellable)
+{
+ g_autoptr(GDBusConnection) session_bus = NULL;
+
+ session_bus = g_bus_get_sync (G_BUS_TYPE_SESSION, cancellable, NULL);
+ if (!session_bus)
+ return;
+
+ g_dbus_connection_call_sync (session_bus,
+ "org.freedesktop.DBus",
+ "/org/freedesktop/DBus",
+ "org.freedesktop.DBus",
+ "ReloadConfig",
+ NULL,
+ NULL,
+ G_DBUS_CALL_FLAGS_NONE,
+ 2000,
+ cancellable,
+ NULL);
+}
+
gboolean
flatpak_dir_run_triggers (FlatpakDir *self,
GCancellable *cancellable,
@@ -7009,6 +7031,8 @@
GError *temp_error = NULL;
const char *triggerspath;
+ maybe_reload_dbus_config (cancellable);
+
if (flatpak_dir_use_system_helper (self, NULL))
{
const char *installation = flatpak_dir_get_id (self);
@@ -11478,7 +11502,7 @@
extension_dir = flatpak_dir_get_unmaintained_extension_dir (self, name, arch, branch);
extension_dir_info = g_file_query_info (extension_dir,
- G_FILE_ATTRIBUTE_STANDARD_SYMLINK_TARGET,
+ G_FILE_ATTRIBUTE_STANDARD_SYMLINK_TARGET "," G_FILE_ATTRIBUTE_STANDARD_IS_SYMLINK,
G_FILE_QUERY_INFO_NOFOLLOW_SYMLINKS,
cancellable,
NULL);
@@ -12494,6 +12518,8 @@
if (flatpak_dir_remote_load_cached_summary (self, old_cache_name, old_checksum, ".sub", NULL,
&old_summary, NULL, cancellable, NULL))
break;
+
+ g_clear_pointer (&old_checksum, g_free);
}
if (old_summary)
diff -Nru flatpak-1.14.4/common/flatpak-prune.c flatpak-1.14.8/common/flatpak-prune.c
--- flatpak-1.14.4/common/flatpak-prune.c 2022-11-17 18:26:13.000000000 +0000
+++ flatpak-1.14.8/common/flatpak-prune.c 2024-04-30 14:18:04.000000000 +0100
@@ -381,10 +381,10 @@
those are the ones that will be first compared on a hash collision,
so if they were always the same that would waste 4 comparisons. */
return
- data[32] |
- data[31] << 8 |
- data[30] << 16 |
- data[29] << 24;
+ ((guint32) data[32]) |
+ ((guint32) data[31]) << 8 |
+ ((guint32) data[30]) << 16 |
+ ((guint32) data[29]) << 24;
}
static gboolean
diff -Nru flatpak-1.14.4/common/flatpak-run.c flatpak-1.14.8/common/flatpak-run.c
--- flatpak-1.14.4/common/flatpak-run.c 2024-04-30 17:52:59.000000000 +0100
+++ flatpak-1.14.8/common/flatpak-run.c 2024-04-30 14:18:04.000000000 +0100
@@ -1863,10 +1863,13 @@
static const ExportData default_exports[] = {
{"PATH", "/app/bin:/usr/bin"},
- /* We always want to unset LD_LIBRARY_PATH to avoid inheriting weird
- * dependencies from the host. But if not using ld.so.cache this is
- * later set. */
+ /* We always want to unset LD variables to avoid inheriting weird
+ * dependencies from the host. But if not using ld.so.cache LD_LIBRARY_PATH
+ is later set. */
{"LD_LIBRARY_PATH", NULL},
+ {"LD_PRELOAD", NULL},
+ {"LD_AUDIT", NULL},
+
{"XDG_CONFIG_DIRS", "/app/etc/xdg:/etc/xdg"},
{"XDG_DATA_DIRS", "/app/share:/usr/share"},
{"SHELL", "/bin/sh"},
@@ -1879,6 +1882,9 @@
* outside the sandbox is somewhere else. Don't allow a different
* setting from outside the sandbox to overwrite this. */
{"XDG_RUNTIME_DIR", NULL},
+ /* Ensure our container environment variable takes precedence over the one
+ * set by a container manager. */
+ {"container", NULL},
/* Some env vars are common enough and will affect the sandbox badly
if set on the host. We clear these always. If updating this list,
@@ -1903,6 +1909,15 @@
{"XKB_CONFIG_ROOT", NULL},
{"GIO_EXTRA_MODULES", NULL},
{"GDK_BACKEND", NULL},
+ {"VK_ADD_DRIVER_FILES", NULL},
+ {"VK_ADD_LAYER_PATH", NULL},
+ {"VK_DRIVER_FILES", NULL},
+ {"VK_ICD_FILENAMES", NULL},
+ {"VK_LAYER_PATH", NULL},
+ {"__EGL_EXTERNAL_PLATFORM_CONFIG_DIRS", NULL},
+ {"__EGL_EXTERNAL_PLATFORM_CONFIG_FILENAMES", NULL},
+ {"__EGL_VENDOR_LIBRARY_DIRS", NULL},
+ {"__EGL_VENDOR_LIBRARY_FILENAMES", NULL},
};
static const ExportData no_ld_so_cache_exports[] = {
@@ -3996,9 +4011,21 @@
g_autoptr(GDesktopAppInfo) app_info = NULL;
gboolean allowed = FALSE;
- system_bus = g_bus_get_sync (G_BUS_TYPE_SYSTEM, NULL, error);
+ system_bus = g_bus_get_sync (G_BUS_TYPE_SYSTEM, NULL, &local_error);
if (system_bus == NULL)
- return FALSE;
+ {
+ /* Since the checks below allow access when malcontent or
+ * accounts-service aren't available on the bus, this whole routine can
+ * be trivially bypassed by setting DBUS_SYSTEM_BUS_ADDRESS to a
+ * temporary dbus-daemon. Not being able to connect to the system bus is
+ * basically equivalent.
+ */
+ g_debug ("Skipping parental controls check for %s since D-Bus system "
+ "bus connection failed: %s",
+ flatpak_decomposed_get_ref (app_ref),
+ local_error ? local_error->message : "unknown reason");
+ return TRUE;
+ }
manager = mct_manager_new (system_bus);
app_filter = mct_manager_get_app_filter (manager, getuid (),
@@ -4359,6 +4386,12 @@
{
do_migrate = FALSE; /* Don't migrate older things, they are likely symlinks to this dir */
+ /* Don't migrate a symlink pointing to the new data dir. It was likely left over
+ * from a previous migration and would end up pointing to itself */
+ if (g_file_info_get_is_symlink (previous_app_id_dir_info) &&
+ g_strcmp0 (g_file_info_get_symlink_target (previous_app_id_dir_info), app_id) == 0)
+ break;
+
if (!flatpak_file_rename (previous_app_id_dir, real_app_id_dir, cancellable, &local_error))
{
g_warning (_("Failed to migrate old app data directory %s to new name %s: %s"),
diff -Nru flatpak-1.14.4/common/flatpak-utils.c flatpak-1.14.8/common/flatpak-utils.c
--- flatpak-1.14.4/common/flatpak-utils.c 2023-03-16 09:55:13.000000000 +0000
+++ flatpak-1.14.8/common/flatpak-utils.c 2024-04-30 14:18:04.000000000 +0100
@@ -5055,6 +5055,7 @@
g_file_info_set_name (file_info, filename);
g_file_info_set_file_type (file_info, G_FILE_TYPE_SYMBOLIC_LINK);
+ g_file_info_set_size (file_info, 0);
g_file_info_set_attribute_uint32 (file_info, "unix::uid", 0);
g_file_info_set_attribute_uint32 (file_info, "unix::gid", 0);
g_file_info_set_attribute_uint32 (file_info, "unix::mode", S_IFLNK | 0777);
diff -Nru flatpak-1.14.4/common/flatpak-utils-http.c flatpak-1.14.8/common/flatpak-utils-http.c
--- flatpak-1.14.4/common/flatpak-utils-http.c 2022-11-17 18:26:13.000000000 +0000
+++ flatpak-1.14.8/common/flatpak-utils-http.c 2024-04-30 14:18:04.000000000 +0100
@@ -403,8 +403,16 @@
curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, _write_cb);
curl_easy_setopt(curl, CURLOPT_HEADERFUNCTION, _header_cb);
+ /* Abort the connection if connecting to the server takes too long. This
+ * timeout has no effect after a connection is established. */
curl_easy_setopt (curl, CURLOPT_CONNECTTIMEOUT, (long)FLATPAK_HTTP_TIMEOUT_SECS);
+ /* Abort the download if it’s slower than 10KB/sec for 60 seconds. An example
+ * compressed summary file is 1.5MB in size, so anything slower than this rate
+ * will mean it takes over 2.5 minutes to download just the summary file. */
+ curl_easy_setopt(curl, CURLOPT_LOW_SPEED_TIME, (long)FLATPAK_HTTP_TIMEOUT_SECS);
+ curl_easy_setopt(curl, CURLOPT_LOW_SPEED_LIMIT, 10000L);
+
return session;
}
diff -Nru flatpak-1.14.4/common/flatpak-version-macros.h flatpak-1.14.8/common/flatpak-version-macros.h
--- flatpak-1.14.4/common/flatpak-version-macros.h 2023-03-16 09:56:12.000000000 +0000
+++ flatpak-1.14.8/common/flatpak-version-macros.h 2024-04-30 14:25:05.000000000 +0100
@@ -45,7 +45,7 @@
*
* The micro version.
*/
-#define FLATPAK_MICRO_VERSION (4)
+#define FLATPAK_MICRO_VERSION (8)
/**
* FLATPAK_CHECK_VERSION:
diff -Nru flatpak-1.14.4/configure.ac flatpak-1.14.8/configure.ac
--- flatpak-1.14.4/configure.ac 2023-03-16 09:55:13.000000000 +0000
+++ flatpak-1.14.8/configure.ac 2024-04-30 14:24:13.000000000 +0100
@@ -15,7 +15,7 @@
m4_define([flatpak_major_version], [1])
m4_define([flatpak_minor_version], [14])
-m4_define([flatpak_micro_version], [4])
+m4_define([flatpak_micro_version], [8])
m4_define([flatpak_extra_version], [])
m4_define([flatpak_interface_age], [0])
m4_define([flatpak_binary_age],
@@ -362,9 +362,6 @@
PKG_CHECK_MODULES(JSON, [json-glib-1.0])
PKG_CHECK_MODULES(APPSTREAM, [appstream >= 0.12.0])
-PKG_CHECK_MODULES(APPSTREAM_0_14_0, appstream >= 0.14.0,
- [AC_DEFINE([HAVE_APPSTREAM_0_14_0], [1], [Define if appstream >= 0.14.0 is available])],
- [true])
PKG_CHECK_MODULES(GDK_PIXBUF, [gdk-pixbuf-2.0])
@@ -425,6 +422,13 @@
[with_sysusersdir='${prefix}/lib/sysusers.d'])
AC_SUBST([sysusersdir], [$with_sysusersdir])
+AC_ARG_WITH([tmpfilesdir],
+ [AS_HELP_STRING([--with-tmpfilesdir=DIR],
+ [Directory for systemd tmpfiles.d configuration files (default=PREFIX/lib/tmpfiles.d)])],
+ [],
+ [with_tmpfilesdir='${prefix}/lib/tmpfiles.d'])
+AC_SUBST([tmpfilesdir], [$with_tmpfilesdir])
+
AC_ARG_WITH(system-helper-user,
[AS_HELP_STRING([--with-system-helper-user=USERNAME],
[Name of the system helper user])],
diff -Nru flatpak-1.14.4/data/Makefile.am.inc flatpak-1.14.8/data/Makefile.am.inc
--- flatpak-1.14.4/data/Makefile.am.inc 2022-11-17 18:30:08.000000000 +0000
+++ flatpak-1.14.8/data/Makefile.am.inc 2024-04-30 14:18:04.000000000 +0100
@@ -5,6 +5,8 @@
data/org.freedesktop.portal.Flatpak.xml \
$(NULL)
+dist_tmpfiles_DATA += data/tmpfiles.d/flatpak.conf
+
EXTRA_DIST += \
data/org.freedesktop.portal.Documents.xml \
data/org.freedesktop.impl.portal.PermissionStore.xml \
diff -Nru flatpak-1.14.4/data/tmpfiles.d/flatpak.conf flatpak-1.14.8/data/tmpfiles.d/flatpak.conf
--- flatpak-1.14.4/data/tmpfiles.d/flatpak.conf 1970-01-01 01:00:00.000000000 +0100
+++ flatpak-1.14.8/data/tmpfiles.d/flatpak.conf 2024-04-29 17:46:35.000000000 +0100
@@ -0,0 +1,2 @@
+# This is a systemd tmpfiles.d configuration file
+R! /var/tmp/flatpak-cache-*
diff -Nru flatpak-1.14.4/debian/changelog flatpak-1.14.8/debian/changelog
--- flatpak-1.14.4/debian/changelog 2024-04-17 19:39:48.000000000 +0100
+++ flatpak-1.14.8/debian/changelog 2024-04-30 16:50:10.000000000 +0100
@@ -1,3 +1,74 @@
+flatpak (1.14.8-1~deb12u1) bookworm; urgency=medium
+
+ * Backport upstream stable release for Debian 12
+ * Changes relative to 1.14.4-1+deb12u1 in bookworm-security:
+ - New upstream stable release 1.14.6
+ + Don't parse `<developer><name/></developer>` as though it was
+ the application name
+ + Install a tmpfiles.d snippet to clean up /var/tmp/flatpak-cache-*
+ during boot
+ + Stop http transfers if a download in progress becomes very slow
+ + Silence warnings when using GLib 2.77.0 or later
+ + Bypass page cache for backend requests in revokefs, fixing
+ installation errors with libostree 2023.4 or later
+ + Show AppStream metadata in `flatpak remote-info` as intended,
+ fixing a regression in 1.9.1
+ + Don't let Flatpak apps inherit $VK_DRIVER_FILES or $VK_ICD_FILENAMES
+ from the host system, which would be wrong in the sandbox
+ + Fix forward-compatibility with libappstream 0.17.x and 1.0
+ + Fix a memory leak
+ + Fix some compiler warnings
+ + Make the test failure produce a clearer message if a required tool
+ is missing
+ + Don't force `GIO_USE_VFS=local` for programs launched via
+ flatpak-spawn
+ + Documentation improvements
+ - New upstream stable release 1.14.7
+ + Automatically reload D-Bus session bus configuration when apps are
+ installed or upgraded, ensuring that any new .service files get
+ picked up
+ + Allow apps to be run if the D-Bus system bus is missing or
+ non-functional
+ + Add several more environment variables to the list not inherited
+ into the sandbox:
+ * $LD_AUDIT, $LD_PRELOAD for ld.so
+ * $__EGL_VENDOR_LIBRARY_DIRS, etc. for EGL
+ * $VK_ADD_DRIVER_FILES, etc. for Vulkan
+ * $container, when running Flatpak inside a container manager
+ + Use xdg-desktop-portal-gnome, if installed, to detect whether apps
+ are running in the background
+ + If an app's data is migrated to a new name and then deleted, don't
+ try to migrate it again, avoiding a recursive symlink loop
+ + Don't leak temporary variable $new_dirs from /etc/profile.d/flatpak.sh
+ into user shell sessions
+ + Avoid an out-of-bounds left-shift (which is technically undefined
+ behaviour) when hashing object names
+ + Fix critical warnings "GFileInfo created without
+ standard::is-symlink" when using /var/lib/flatpak/extension with
+ testing/unstable glib2.0
+ + Fix validation of documentation against Docbook DTD
+ + Fix a misleading comment in the test for CVE-2024-32462
+ + Fix a double-free in the test suite
+ + Skip more tests if bubblewrap works but FUSE doesn't
+ - New upstream stable release 1.14.8
+ + Respin of 1.14.7 reverting unintended submodule changes
+ - d/control: Move dbus-system-bus from Depends to Recommends.
+ `flatpak run` no longer has a working system bus as a hard requirement
+ (verified in `podman run --privileged --rm -it debian:sid-slim`)
+ - Drop CVE-2024-32462 patches, included in the upstream stable release
+ - debian/test.sh: Disable http proxy if used, to ensure we can reach
+ a HTTP server on localhost during automated tests
+ * Changes relative to 1.14.8-1 in unstable:
+ - Revert polkitd dependencies to polkitd | policykit-1 as previously
+ used in bookworm
+ - Revert pkgconf dependencies to pkg-config as previously used in
+ bookworm
+ - Revert location of systemd unit to /lib/systemd/system as previously
+ used in bookworm, dropping versioned dependency on debhelper 13.11.6~
+ - Revert changes related to Debian 13 GIR XML packaging policy
+
+ -- Simon McVittie <s...@debian.org> Tue, 30 Apr 2024 16:50:10 +0100
+
flatpak (1.14.4-1+deb12u1) bookworm-security; urgency=high
* d/p/When-starting-non-static-command-using-bwrap-use.patch,
@@ -10,14 +81,103 @@
-- Simon McVittie <s...@debian.org> Wed, 17 Apr 2024 19:39:48 +0100
+flatpak (1.14.8-1) unstable; urgency=medium
+
+ * New upstream stable release 1.14.7
+ - Automatically reload D-Bus session bus configuration when apps are
+ installed or upgraded, ensuring that any new .service files get
+ picked up
+ - Allow apps to be run if the D-Bus system bus is missing or
+ non-functional
+ - Add several more environment variables to the list not inherited
+ into the sandbox:
+ + $LD_AUDIT, $LD_PRELOAD for ld.so
+ + $__EGL_VENDOR_LIBRARY_DIRS, etc. for EGL
+ + $VK_ADD_DRIVER_FILES, etc. for Vulkan
+ + $container, when running Flatpak inside a container manager
+ - Use xdg-desktop-portal-gnome, if installed, to detect whether apps
+ are running in the background
+ - If an app's data is migrated to a new name and then deleted, don't
+ try to migrate it again, avoiding a recursive symlink loop
+ - Don't leak temporary variable $new_dirs from /etc/profile.d/flatpak.sh
+ into user shell sessions
+ - Avoid an out-of-bounds left-shift (which is technically undefined
+ behaviour) when hashing object names
+ - Fix critical warnings "GFileInfo created without
+ standard::is-symlink" when using /var/lib/flatpak/extension with
+ testing/unstable glib2.0
+ - Fix validation of documentation against Docbook DTD
+ - Fix a misleading comment in the test for CVE-2024-32462
+ - Fix a double-free in the test suite
+ - Skip more tests if bubblewrap works but FUSE doesn't
+ * New upstream stable release 1.14.8
+ - Respin of 1.14.7 reverting unintended submodule changes
+ * d/control: Replace one more polkitd|policykit-1 dependency with polkitd
+ * d/control: Move dbus-system-bus from Depends to Recommends.
+ `flatpak run` no longer has a working system bus as a hard requirement.
+
+ -- Simon McVittie <s...@debian.org> Tue, 30 Apr 2024 15:08:35 +0100
+
+flatpak (1.14.6-1~deb13u1) trixie; urgency=high
+
+ * Rebuild for trixie
+
+ -- Simon McVittie <s...@debian.org> Fri, 19 Apr 2024 11:00:13 +0100
+
+flatpak (1.14.6-1) unstable; urgency=high
+
+ * New upstream stable release 1.14.6
+ - Don't allow an executable name to be misinterpreted as a command-line
+ option for bwrap(1). This prevents a sandbox escape where a malicious
+ or compromised app could ask xdg-desktop-portal to generate a .desktop
+ file with access to files outside the sandbox. (CVE-2024-32462)
+ - Don't parse `<developer><name/></developer>` as the application name
+ * d/control: Drop alternative dependencies on transitional policykit-1.
+ polkitd was released in Debian 12 and Ubuntu 22.04.
+
+ -- Simon McVittie <s...@debian.org> Wed, 17 Apr 2024 19:34:28 +0100
+
+flatpak (1.14.5-1) unstable; urgency=medium
+
+ * New upstream stable release
+ * Drop patches cherry-picked in 1.14.4-2, applied upstream
+ * d/flatpak.install: Install new tmpfiles.d snippet
+ * d/test.sh: Disable http proxy if used, to ensure we can reach localhost.
+ Some reproducible.org builders set http_proxy, which makes attempts
+ to access our temporary http server on localhost fail with a 503 error.
+ * d/control: (Build-)depend on pkgconf in preference to pkg-config
+ * d/control: Add ${gir:Depends}, ${gir:Provides} to -dev package
+ (Helps: #1030223)
+ * d/control: Build-depend on required GIR XML files (Helps: #1030223)
+ * Install systemd system unit into /usr/lib/systemd/system.
+ This was allowed by TC resolution #1053901.
+ Build-depend on debhelper 13.11.6~ to ensure that the unit is still
+ picked up by dh_installsystemd.
+
+ -- Simon McVittie <s...@debian.org> Fri, 08 Dec 2023 12:25:50 +0000
+
+flatpak (1.14.4-2) unstable; urgency=medium
+
+ * Team upload
+
+ [ Simon McVittie ]
+ * Mention #1033098, #1033099 in previous changelog entry
+
+ [ Jeremy Bicha ]
+ * Cherry-pick 2 patches for compatibility with glib 2.77
+
+ -- Jeremy Bícha <jbi...@ubuntu.com> Tue, 18 Jul 2023 17:05:30 -0400
+
flatpak (1.14.4-1) unstable; urgency=high
* New upstream security fix release
- Escape special characters when displaying permissions and metadata,
preventing malicious apps from manipulating the appearance of the
- permissions list using crafted metadata (CVE-2023-28101)
+ permissions list using crafted metadata
+ (Closes: #1033098; CVE-2023-28101)
- If a Flatpak app is run on a Linux virtual console (tty1, etc.),
- don't allow copy/paste via the TIOCLINUX ioctl (CVE-2023-28100).
+ don't allow copy/paste via the TIOCLINUX ioctl
+ (Closes: #1033099; CVE-2023-28100).
Note that this is specific to virtual consoles: Flatpak is not
vulnerable to this if run from a graphical terminal emulator such
as xterm, gnome-terminal or Konsole.
diff -Nru flatpak-1.14.4/debian/control flatpak-1.14.8/debian/control
--- flatpak-1.14.4/debian/control 2024-04-17 19:39:48.000000000 +0100
+++ flatpak-1.14.8/debian/control 2024-04-30 16:50:10.000000000 +0100
@@ -71,13 +71,13 @@
Depends:
adduser,
bubblewrap (>= 0.5.0),
- default-dbus-system-bus | dbus-system-bus,
fuse3,
xdg-dbus-proxy (>= 0.1.0),
${misc:Depends},
${shlibs:Depends},
Recommends:
ca-certificates,
+ default-dbus-system-bus | dbus-system-bus,
desktop-file-utils,
hicolor-icon-theme,
gtk-update-icon-cache,
diff -Nru flatpak-1.14.4/debian/flatpak.install flatpak-1.14.8/debian/flatpak.install
--- flatpak-1.14.4/debian/flatpak.install 2024-04-17 19:39:48.000000000 +0100
+++ flatpak-1.14.8/debian/flatpak.install 2024-04-30 16:50:10.000000000 +0100
@@ -9,6 +9,7 @@
usr/lib/systemd/user/flatpak-portal.service
usr/lib/systemd/user/flatpak-session-helper.service
usr/lib/sysusers.d
+usr/lib/tmpfiles.d
usr/libexec/flatpak-oci-authenticator
usr/libexec/flatpak-portal
usr/libexec/flatpak-session-helper
diff -Nru flatpak-1.14.4/debian/patches/series flatpak-1.14.8/debian/patches/series
--- flatpak-1.14.4/debian/patches/series 2024-04-17 19:39:48.000000000 +0100
+++ flatpak-1.14.8/debian/patches/series 1970-01-01 01:00:00.000000000 +0100
@@ -1,2 +0,0 @@
-When-starting-non-static-command-using-bwrap-use.patch
-test-run-Add-a-reproducer-for-CVE-2024-32462.patch
diff -Nru flatpak-1.14.4/debian/patches/test-run-Add-a-reproducer-for-CVE-2024-32462.patch flatpak-1.14.8/debian/patches/test-run-Add-a-reproducer-for-CVE-2024-32462.patch
--- flatpak-1.14.4/debian/patches/test-run-Add-a-reproducer-for-CVE-2024-32462.patch 2024-04-17 19:39:48.000000000 +0100
+++ flatpak-1.14.8/debian/patches/test-run-Add-a-reproducer-for-CVE-2024-32462.patch 1970-01-01 01:00:00.000000000 +0100
@@ -1,38 +0,0 @@
-From: Simon McVittie <s...@collabora.com>
-Date: Tue, 16 Apr 2024 10:50:00 +0100
-Subject: test-run: Add a reproducer for CVE-2024-32462
-
-Signed-off-by: Simon McVittie <s...@collabora.com>
----
- tests/test-run.sh | 11 ++++++++++-
- 1 file changed, 10 insertions(+), 1 deletion(-)
-
-diff --git a/tests/test-run.sh b/tests/test-run.sh
-index 7138bc6..d124c51 100644
---- a/tests/test-run.sh
-+++ b/tests/test-run.sh
-@@ -24,7 +24,7 @@ set -euo pipefail
- skip_without_bwrap
- skip_revokefs_without_fuse
-
--echo "1..20"
-+echo "1..21"
-
- # Use stable rather than master as the branch so we can test that the run
- # command automatically finds the branch correctly
-@@ -76,6 +76,15 @@ assert_file_has_content hello_out '^Hello world, from a sandbox$'
-
- ok "hello"
-
-+# This should try and fail to run e.g. /usr/bin/--tmpfs, which will
-+# exit with status 127 because there is no such executable.
-+# It should not pass "--tmpfs /blah hello.sh" as bwrap options.
-+exit_status=0
-+run --command=--tmpfs org.test.Hello /blah hello.sh >&2 || exit_status=$?
-+assert_not_streq "$exit_status" 0
-+
-+ok "avoided CVE-2024-32462"
-+
- # XDG_RUNTIME_DIR is set to <temp directory>/runtime by libtest.sh,
- # so we always have the necessary setup to reproduce #4372
- assert_not_streq "$XDG_RUNTIME_DIR" "/run/user/$(id -u)"
diff -Nru flatpak-1.14.4/debian/patches/When-starting-non-static-command-using-bwrap-use.patch flatpak-1.14.8/debian/patches/When-starting-non-static-command-using-bwrap-use.patch
--- flatpak-1.14.4/debian/patches/When-starting-non-static-command-using-bwrap-use.patch 2024-04-17 19:39:48.000000000 +0100
+++ flatpak-1.14.8/debian/patches/When-starting-non-static-command-using-bwrap-use.patch 1970-01-01 01:00:00.000000000 +0100
@@ -1,67 +0,0 @@
-From: Alexander Larsson <al...@redhat.com>
-Date: Mon, 15 Apr 2024 16:10:36 +0200
-Subject: When starting non-static command using bwrap use "--"
-
-This ensures that the command is not taken to be a bwrap option.
-
-Resolves: CVE-2024-32462
-Resolves: GHSA-phv6-cpc2-2fgj
-Signed-off-by: Alexander Larsson <al...@redhat.com>
-[smcv: Fix DISABLE_SANDBOXED_TRIGGERS code path]
-[smcv: Make flatpak_run_maybe_start_dbus_proxy() more obviously correct]
-Signed-off-by: Simon McVittie <s...@collabora.com>
----
- app/flatpak-builtins-build.c | 3 ++-
- common/flatpak-dir.c | 1 +
- common/flatpak-run.c | 5 ++++-
- 3 files changed, 7 insertions(+), 2 deletions(-)
-
-diff --git a/app/flatpak-builtins-build.c b/app/flatpak-builtins-build.c
-index f9f1a40..ed7f92b 100644
---- a/app/flatpak-builtins-build.c
-+++ b/app/flatpak-builtins-build.c
-@@ -587,7 +587,8 @@ flatpak_builtin_build (int argc, char **argv, GCancellable *cancellable, GError
- if (!flatpak_bwrap_bundle_args (bwrap, 1, -1, FALSE, error))
- return FALSE;
-
-- flatpak_bwrap_add_args (bwrap, command, NULL);
-+ flatpak_bwrap_add_args (bwrap, "--", command, NULL);
-+
- flatpak_bwrap_append_argsv (bwrap,
- &argv[rest_argv_start + 2],
- rest_argc - 2);
-diff --git a/common/flatpak-dir.c b/common/flatpak-dir.c
-index eba81fe..edf2eb3 100644
---- a/common/flatpak-dir.c
-+++ b/common/flatpak-dir.c
-@@ -7071,6 +7071,7 @@ flatpak_dir_run_triggers (FlatpakDir *self,
- "--proc", "/proc",
- "--dev", "/dev",
- "--bind", basedir, basedir,
-+ "--",
- NULL);
- #endif
- flatpak_bwrap_add_args (bwrap,
-diff --git a/common/flatpak-run.c b/common/flatpak-run.c
-index 8fa8c0e..db42ceb 100644
---- a/common/flatpak-run.c
-+++ b/common/flatpak-run.c
-@@ -1299,6 +1299,9 @@ add_bwrap_wrapper (FlatpakBwrap *bwrap,
- if (!flatpak_bwrap_bundle_args (bwrap, 1, -1, FALSE, error))
- return FALSE;
-
-+ /* End of options: the next argument will be the executable name */
-+ flatpak_bwrap_add_arg (bwrap, "--");
-+
- return TRUE;
- }
-
-@@ -4680,7 +4683,7 @@ flatpak_run_app (FlatpakDecomposed *app_ref,
- if (!flatpak_bwrap_bundle_args (bwrap, 1, -1, FALSE, error))
- return FALSE;
-
-- flatpak_bwrap_add_arg (bwrap, command);
-+ flatpak_bwrap_add_args (bwrap, "--", command, NULL);
-
- if (!add_rest_args (bwrap, app_id,
- exports, (flags & FLATPAK_RUN_FLAG_FILE_FORWARDING) != 0,
diff -Nru flatpak-1.14.4/debian/test.sh flatpak-1.14.8/debian/test.sh
--- flatpak-1.14.4/debian/test.sh 2024-04-17 19:39:48.000000000 +0100
+++ flatpak-1.14.8/debian/test.sh 2024-04-30 16:50:10.000000000 +0100
@@ -1,6 +1,15 @@
#!/bin/sh
set -eu
+# Some build/test infrastructure provides internet access via a proxy.
+# libostree doesn't always support no_proxy (and in any case
+# reproducible-builds.org doesn't set it), so tests will try to use the
+# proxy for localhost, and fail to reach the test server.
+unset ftp_proxy
+unset http_proxy
+unset https_proxy
+unset no_proxy
+
adverb=
if [ "$DEB_HOST_ARCH_BITS" = 64 ]; then
diff -Nru flatpak-1.14.4/doc/flatpak-build-finish.xml flatpak-1.14.8/doc/flatpak-build-finish.xml
--- flatpak-1.14.4/doc/flatpak-build-finish.xml 2022-11-17 18:26:13.000000000 +0000
+++ flatpak-1.14.8/doc/flatpak-build-finish.xml 2024-04-30 14:18:04.000000000 +0100
@@ -270,8 +270,7 @@
[Policy subsystem]
key=v1;v2;
</programlisting>
- </para></listitem>
- <listitem><para>
+ </para><para>
This option can be used multiple times.
</para></listitem>
</varlistentry>
diff -Nru flatpak-1.14.4/doc/flatpak-build.xml flatpak-1.14.8/doc/flatpak-build.xml
--- flatpak-1.14.4/doc/flatpak-build.xml 2022-11-17 18:26:13.000000000 +0000
+++ flatpak-1.14.8/doc/flatpak-build.xml 2024-04-30 14:18:04.000000000 +0100
@@ -268,8 +268,7 @@
[Policy subsystem]
key=v1;v2;
</programlisting>
- </para></listitem>
- <listitem><para>
+ </para><para>
This option can be used multiple times.
</para></listitem>
</varlistentry>
diff -Nru flatpak-1.14.4/doc/flatpak-metadata.xml flatpak-1.14.8/doc/flatpak-metadata.xml
--- flatpak-1.14.4/doc/flatpak-metadata.xml 2022-11-17 18:26:56.000000000 +0000
+++ flatpak-1.14.8/doc/flatpak-metadata.xml 2024-04-30 14:18:04.000000000 +0100
@@ -63,7 +63,7 @@
systemd unit files or application .desktop files.
</para>
- <refsect2>
+ <refsect2 id="application-runtime-metadata">
<title>[Application] or [Runtime]</title>
<para>
@@ -128,7 +128,7 @@
</varlistentry>
</variablelist>
</refsect2>
- <refsect2>
+ <refsect2 id="context-metadata">
<title>[Context]</title>
<para>
This group determines various system resources that may be shared
@@ -510,7 +510,7 @@
</varlistentry>
</variablelist>
</refsect2>
- <refsect2>
+ <refsect2 id="instance-metadata">
<title>[Instance]</title>
<para>
This group only appears in <filename>/.flatpak-info</filename>
@@ -543,15 +543,13 @@
The absolute path on the host system of the app's
app files, as mounted at <filename>/app</filename>
inside the container. Available since 0.6.10.
- </para></listitem>
- <listitem><para>
+ </para><para>
Since 1.12.0, if <command>flatpak run</command>
was run with the <option>--app-path</option> option,
this key gives the absolute path of whatever files
were mounted on <filename>/app</filename>, even if
that differs from the app's normal app files.
- </para></listitem>
- <listitem><para>
+ </para><para>
If <command>flatpak run</command> was run with
<option>--app-path=</option> (resulting in an
empty directory being mounted on
@@ -567,8 +565,7 @@
the absolute path of the app's original files,
as mounted at <filename>/run/parent/app</filename>
inside the container. Available since 1.12.0.
- </para></listitem>
- <listitem><para>
+ </para><para>
If this key is missing, the app files are given
by <option>app-path</option>.
</para></listitem>
@@ -621,8 +618,7 @@
The absolute path on the host system of the app's
runtime files, as mounted at <filename>/usr</filename>
inside the container. Available since 0.6.10.
- </para></listitem>
- <listitem><para>
+ </para><para>
Since 1.12.0, if <command>flatpak run</command>
was run with the <option>--usr-path</option> option,
this key gives the absolute path of whatever files
@@ -638,8 +634,7 @@
the absolute path of the app's original runtime,
as mounted at <filename>/run/parent/usr</filename>
inside the container. Available since 1.12.0.
- </para></listitem>
- <listitem><para>
+ </para><para>
If this key is missing, the runtime files are given
by <option>runtime-path</option>.
</para></listitem>
@@ -707,7 +702,7 @@
</varlistentry>
</variablelist>
</refsect2>
- <refsect2>
+ <refsect2 id="session-bus-policy-metadata">
<title>[Session Bus Policy]</title>
<para>
If the <option>sockets</option> key is not allowing full access
@@ -715,12 +710,14 @@
</para>
<para>
The default policy for the session bus only allows the
- application to own its own application ID and
- subnames. For instance if the app is called
- "org.my.App", it can only own "org.my.App" and
- "org.my.App.*". Its also only allowed to talk to the
- bus itself (org.freedesktop.DBus) and the portal APIs
- APIs (bus names of the form org.freedesktop.portal.*).
+ application to own its own application ID, its
+ subnames and its own application id as a subname of
+ "org.mpris.MediaPlayer2". For instance if the app is called
+ "org.my.App", it can only own "org.my.App", "org.my.App.*"
+ and "org.mpris.MediaPlayer2.org.my.App".
+ It is only allowed to talk to names matching those patterns, plus
+ the bus itself (org.freedesktop.DBus)
+ and the portal APIs (bus names of the form org.freedesktop.portal.*).
</para>
<para>
Additionally the app is always allowed to reply to
@@ -772,7 +769,7 @@
</varlistentry>
</variablelist>
</refsect2>
- <refsect2>
+ <refsect2 id="system-bus-policy-metadata">
<title>[System Bus Policy]</title>
<para>
If the <option>sockets</option> key is not allowing full access
@@ -785,7 +782,7 @@
However, the app has no permissions by default.
</para>
</refsect2>
- <refsect2>
+ <refsect2 id="environment-metadata">
<title>[Environment]</title>
<para>
The [Environment] group specifies environment variables to set
@@ -803,7 +800,7 @@
[Context] group.
</para>
</refsect2>
- <refsect2>
+ <refsect2 id="extension-metadata">
<title>[Extension NAME]</title>
<para>
Runtimes and applications can define extension points, which allow
@@ -875,40 +872,40 @@
<variablelist>
<varlistentry>
<term><option>active-gl-driver</option></term>
- <para>
+ <listitem><para>
Is true if the name of the active GL driver matches the
extension point basename. Available since 0.9.1, and backported to
the 0.8.x branch in 0.8.3.
- </para>
+ </para></listitem>
</varlistentry>
<varlistentry>
<term><option>active-gtk-theme</option></term>
- <para>
+ <listitem><para>
Is true if the name of the current GTK theme
(via org.gnome.desktop.interface GSetting) matches the extension point
basename. Added 0.10.1.
- </para>
+ </para></listitem>
</varlistentry>
<varlistentry>
<term><option>have-intel-gpu</option></term>
- <para>Is true if the i915 kernel module is loaded. Added 0.10.1.</para>
+ <listitem><para>Is true if the i915 kernel module is loaded. Added 0.10.1.</para></listitem>
</varlistentry>
<varlistentry>
<term><option>have-kernel-module-*</option></term>
- <para>
+ <listitem><para>
Is true if the suffix (case-sensitive) is found in <literal>/proc/modules</literal>.
For example <literal>have-kernel-module-nvidia</literal>.
Added 1.13.1.
- </para>
+ </para></listitem>
</varlistentry>
<varlistentry>
<term><option>on-xdg-desktop-*</option></term>
- <para>
+ <listitem><para>
Is true if the suffix (case-insensitively) is in the
<literal>XDG_CURRENT_DESKTOP</literal> env var.
For example <literal>on-xdg-desktop-GNOME-classic</literal>.
Added 1.1.1.
- </para>
+ </para></listitem>
</varlistentry>
</variablelist>
</listitem>
@@ -989,7 +986,7 @@
</varlistentry>
</variablelist>
</refsect2>
- <refsect2>
+ <refsect2 id="extension-of-metadata">
<title>[ExtensionOf]</title>
<para>
This optional group may be present if the runtime is an extension.
@@ -1028,7 +1025,7 @@
</varlistentry>
</variablelist>
</refsect2>
- <refsect2>
+ <refsect2 id="extra-data-metadata">
<title>[Extra Data]</title>
<para>
This optional group may be present if the runtime or application uses
@@ -1075,7 +1072,7 @@
</varlistentry>
</variablelist>
</refsect2>
- <refsect2>
+ <refsect2 id="policy-metadata">
<title>[Policy SUBSYSTEM]</title>
<para>
Subsystems can define their own policies to be placed in a group
diff -Nru flatpak-1.14.4/doc/flatpak-override.xml flatpak-1.14.8/doc/flatpak-override.xml
--- flatpak-1.14.4/doc/flatpak-override.xml 2022-11-17 18:26:13.000000000 +0000
+++ flatpak-1.14.8/doc/flatpak-override.xml 2024-04-30 14:18:04.000000000 +0100
@@ -271,8 +271,7 @@
[Policy subsystem]
key=v1;v2;
</programlisting>
- </para></listitem>
- <listitem><para>
+ </para><para>
This option can be used multiple times.
</para></listitem>
</varlistentry>
diff -Nru flatpak-1.14.4/doc/flatpak-run.xml flatpak-1.14.8/doc/flatpak-run.xml
--- flatpak-1.14.4/doc/flatpak-run.xml 2023-02-18 14:08:27.000000000 +0000
+++ flatpak-1.14.8/doc/flatpak-run.xml 2024-04-30 14:18:04.000000000 +0100
@@ -88,6 +88,8 @@
<simplelist>
<member>PATH</member>
<member>LD_LIBRARY_PATH</member>
+ <member>LD_PRELOAD</member>
+ <member>LD_AUDIT</member>
<member>XDG_CONFIG_DIRS</member>
<member>XDG_DATA_DIRS</member>
<member>XDG_RUNTIME_DIR</member>
@@ -104,6 +106,15 @@
<member>XKB_CONFIG_ROOT</member>
<member>GIO_EXTRA_MODULES</member>
<member>GDK_BACKEND</member>
+ <member>VK_ADD_DRIVER_FILES</member>
+ <member>VK_ADD_LAYER_PATH</member>
+ <member>VK_DRIVER_FILES</member>
+ <member>VK_ICD_FILENAMES</member>
+ <member>VK_LAYER_PATH</member>
+ <member>__EGL_EXTERNAL_PLATFORM_CONFIG_DIRS</member>
+ <member>__EGL_EXTERNAL_PLATFORM_CONFIG_FILENAMES</member>
+ <member>__EGL_VENDOR_LIBRARY_DIRS</member>
+ <member>__EGL_VENDOR_LIBRARY_FILENAMES</member>
</simplelist>
<para>
Also several environment variables with the prefix "GST_" that are used by gstreamer
@@ -437,8 +448,7 @@
[Policy subsystem]
key=v1;v2;
</programlisting>
- </para></listitem>
- <listitem><para>
+ </para><para>
This option can be used multiple times.
</para></listitem>
</varlistentry>
@@ -726,8 +736,7 @@
into <filename>/run/parent/usr</filename>, and will not
be included in the <envar>LD_LIBRARY_PATH</envar> inside
the sandbox.
- </para></listitem>
- <listitem><para>
+ </para><para>
This option will usually only be useful if it is
combined with <option>--app-path=</option> and
<option>--env=LD_LIBRARY_PATH=<replaceable>...</replaceable></option>.
diff -Nru flatpak-1.14.4/doc/flatpak-spawn.xml flatpak-1.14.8/doc/flatpak-spawn.xml
--- flatpak-1.14.4/doc/flatpak-spawn.xml 2022-11-17 18:07:49.000000000 +0000
+++ flatpak-1.14.8/doc/flatpak-spawn.xml 2024-04-29 18:44:16.000000000 +0100
@@ -148,7 +148,7 @@
Note that absolute paths or subdirectories are not allowed.
The files must be in the <filename>sandbox</filename> subdirectory of
the instance directory (i.e. <filename>~/.var/app/$APP_ID/sandbox</filename>).
- <para></para>
+ </para><para>
This option is useful in combination with <option>--sandbox</option> (otherwise the
instance directory is accessible anyway).
</para></listitem>
@@ -163,7 +163,7 @@
Note that absolute paths or subdirectories are not allowed.
The files must be in the <filename>sandbox</filename> subdirectory of
the instance directory (i.e. <filename>~/.var/app/$APP_ID/sandbox</filename>).
- <para></para>
+ </para><para>
This option is useful in combination with <option>--sandbox</option> (otherwise the
instance directory is accessible anyway).
</para></listitem>
Binary files /tmp/Vzn_axeKRK/flatpak-1.14.4/doc/reference/html/home.png and /tmp/td1HdKFLpp/flatpak-1.14.8/doc/reference/html/home.png differ
Binary files /tmp/Vzn_axeKRK/flatpak-1.14.4/doc/reference/html/left-insensitive.png and /tmp/td1HdKFLpp/flatpak-1.14.8/doc/reference/html/left-insensitive.png differ
Binary files /tmp/Vzn_axeKRK/flatpak-1.14.4/doc/reference/html/left.png and /tmp/td1HdKFLpp/flatpak-1.14.8/doc/reference/html/left.png differ
Binary files /tmp/Vzn_axeKRK/flatpak-1.14.4/doc/reference/html/right-insensitive.png and /tmp/td1HdKFLpp/flatpak-1.14.8/doc/reference/html/right-insensitive.png differ
Binary files /tmp/Vzn_axeKRK/flatpak-1.14.4/doc/reference/html/right.png and /tmp/td1HdKFLpp/flatpak-1.14.8/doc/reference/html/right.png differ
diff -Nru flatpak-1.14.4/doc/reference/html/style.css flatpak-1.14.8/doc/reference/html/style.css
--- flatpak-1.14.4/doc/reference/html/style.css 2023-03-16 09:58:22.000000000 +0000
+++ flatpak-1.14.8/doc/reference/html/style.css 2024-04-30 14:57:12.000000000 +0100
@@ -473,6 +473,7 @@
.cs { color: #3D7B7B; font-style: italic } /* Comment.Special */
.gd { color: #A00000 } /* Generic.Deleted */
.ge { font-style: italic } /* Generic.Emph */
+.ges { font-weight: bold; font-style: italic } /* Generic.EmphStrong */
.gr { color: #E40000 } /* Generic.Error */
.gh { color: #000080; font-weight: bold } /* Generic.Heading */
.gi { color: #008400 } /* Generic.Inserted */
Binary files /tmp/Vzn_axeKRK/flatpak-1.14.4/doc/reference/html/up-insensitive.png and /tmp/td1HdKFLpp/flatpak-1.14.8/doc/reference/html/up-insensitive.png differ
Binary files /tmp/Vzn_axeKRK/flatpak-1.14.4/doc/reference/html/up.png and /tmp/td1HdKFLpp/flatpak-1.14.8/doc/reference/html/up.png differ
diff -Nru flatpak-1.14.4/gtk-doc.make flatpak-1.14.8/gtk-doc.make
--- flatpak-1.14.4/gtk-doc.make 2023-03-15 13:00:06.000000000 +0000
+++ flatpak-1.14.8/gtk-doc.make 2024-04-30 14:25:00.000000000 +0100
@@ -136,7 +136,7 @@
gtkdoc-scan --module=$(DOC_MODULE) --ignore-headers="$(IGNORE_HFILES)" $${_source_dir} $(SCAN_OPTIONS) $(EXTRA_HFILES)
$(GTK_DOC_V_INTROSPECT)if grep -l '^..*$$' $(DOC_MODULE).types > /dev/null 2>&1 ; then \
scanobj_options=""; \
- gtkdoc-scangobj 2>&1 --help | grep >/dev/null "\-\-verbose"; \
+ gtkdoc-scangobj 2>&1 --help | grep >/dev/null "\--verbose"; \
if test "$$?" = "0"; then \
if test "x$(V)" = "x1"; then \
scanobj_options="--verbose"; \
@@ -198,13 +198,13 @@
html-build.stamp: sgml.stamp $(DOC_MAIN_SGML_FILE) $(content_files) $(expand_content_files)
$(GTK_DOC_V_HTML)rm -rf html && mkdir html && \
mkhtml_options=""; \
- gtkdoc-mkhtml 2>&1 --help | grep >/dev/null "\-\-verbose"; \
+ gtkdoc-mkhtml 2>&1 --help | grep >/dev/null "\--verbose"; \
if test "$$?" = "0"; then \
if test "x$(V)" = "x1"; then \
mkhtml_options="$$mkhtml_options --verbose"; \
fi; \
fi; \
- gtkdoc-mkhtml 2>&1 --help | grep >/dev/null "\-\-path"; \
+ gtkdoc-mkhtml 2>&1 --help | grep >/dev/null "\--path"; \
if test "$$?" = "0"; then \
mkhtml_options="$$mkhtml_options --path=\"$(abs_srcdir)\""; \
fi; \
@@ -227,7 +227,7 @@
pdf-build.stamp: sgml.stamp $(DOC_MAIN_SGML_FILE) $(content_files) $(expand_content_files)
$(GTK_DOC_V_PDF)rm -f $(DOC_MODULE).pdf && \
mkpdf_options=""; \
- gtkdoc-mkpdf 2>&1 --help | grep >/dev/null "\-\-verbose"; \
+ gtkdoc-mkpdf 2>&1 --help | grep >/dev/null "\--verbose"; \
if test "$$?" = "0"; then \
if test "x$(V)" = "x1"; then \
mkpdf_options="$$mkpdf_options --verbose"; \
@@ -236,7 +236,7 @@
if test "x$(HTML_IMAGES)" != "x"; then \
for img in $(HTML_IMAGES); do \
part=`dirname $$img`; \
- echo $$mkpdf_options | grep >/dev/null "\-\-imgdir=$$part "; \
+ echo $$mkpdf_options | grep >/dev/null "\--imgdir=$$part "; \
if test $$? != 0; then \
mkpdf_options="$$mkpdf_options --imgdir=$$part"; \
fi; \
@@ -250,10 +250,10 @@
clean-local:
@rm -f *~ *.bak
@rm -rf .libs
- @if echo $(SCAN_OPTIONS) | grep -q "\-\-rebuild-types" ; then \
+ @if echo $(SCAN_OPTIONS) | grep -q "\--rebuild-types" ; then \
rm -f $(DOC_MODULE).types; \
fi
- @if echo $(SCAN_OPTIONS) | grep -q "\-\-rebuild-sections" ; then \
+ @if echo $(SCAN_OPTIONS) | grep -q "\--rebuild-sections" ; then \
rm -f $(DOC_MODULE)-sections.txt; \
fi
diff -Nru flatpak-1.14.4/Makefile.am flatpak-1.14.8/Makefile.am
--- flatpak-1.14.4/Makefile.am 2022-11-17 18:30:08.000000000 +0000
+++ flatpak-1.14.8/Makefile.am 2024-04-30 14:18:04.000000000 +0100
@@ -33,6 +33,7 @@
dbus_service_DATA = $(NULL)
systemdsystemunit_DATA = $(NULL)
systemduserunit_DATA = $(NULL)
+dist_tmpfiles_DATA = $(NULL)
CLEANFILES += $(dbus_service_DATA)
CLEANFILES += $(systemduserunit_DATA)
EXTRA_DIST += $(service_in_files)
diff -Nru flatpak-1.14.4/NEWS flatpak-1.14.8/NEWS
--- flatpak-1.14.4/NEWS 2023-03-16 09:55:13.000000000 +0000
+++ flatpak-1.14.8/NEWS 2024-04-30 14:23:58.000000000 +0100
@@ -1,3 +1,115 @@
+Changes in 1.14.8
+~~~~~~~~~~~~~~~~~
+Released: 2024-04-30
+
+No changes. This release rolling out to correct mismatching submodule versions
+in the release tarball.
+
+Changes in 1.14.7
+~~~~~~~~~~~~~~~~~
+Released: 2024-04-29
+
+New features:
+
+ * Automatically reload D-Bus session bus configuration after installing
+ or upgrading apps, to pick up any exported D-Bus services (#3342)
+
+Bug fixes:
+
+ * Expand the list of environment variables that Flatpak apps do not
+ inherit from the host system (#5765, #5785)
+
+ * Don't refuse to start apps when there is no D-Bus system bus available
+ (#5076)
+
+ * Don't try to repeat migration of apps whose data was migrated to a new
+ name and then deleted (#5668)
+
+ * Fix warnings from newer GLib versions (#5660)
+
+ * Always set the `container` environment variable (#5610)
+
+ * In `flatpak ps`, add xdg-desktop-portal-gnome to the list of backends
+ we'll use to learn which apps are running in the background (#5729)
+
+ * Avoid leaking a temporary variable from /etc/profile.d/flatpak.sh into
+ the shell environment (#5574)
+
+ * Avoid undefined behaviour of signed left-shift when storing object IDs
+ in a hash table (#5738)
+
+ * Fix Docbook validity in documentation (#5719)
+
+ * Skip more tests when FUSE isn't available (#5611)
+
+ * Fix a misleading comment in the test for CVE-2024-32462 (#5779)
+
+Internal changes:
+
+ * Fix Github Workflows recipes
+
+Changes in 1.14.6
+~~~~~~~~~~~~~~~~~
+Released: 2024-04-18
+
+Security fixes:
+
+ * Don't allow an executable name to be misinterpreted as a command-line
+ option for bwrap(1). This prevents a sandbox escape where a malicious
+ or compromised app could ask xdg-desktop-portal to generate a .desktop
+ file with access to files outside the sandbox. (CVE-2024-32462)
+
+Other bug fixes:
+
+ * Don't parse `<developer><name/></developer>` as the application name
+ (#5700)
+
+Changes in 1.14.5
+~~~~~~~~~~~~~~~~~
+Released: 2023-12-08
+
+Features:
+
+ * Stop http transfers if a download in progress becomes very slow (#5519)
+
+ * Add anchors to link to sections of flatpak-metadata documentation (#5582)
+
+Bug fixes:
+
+ * Avoid warnings processing symbolic links with GLib >= 2.77.0, and
+ with GLib 2.76.0 (GLib 2.76.1 or later silences these warnings)
+
+ * Bypass page cache for backend requests in revokefs, fixing installation
+ errors with libostree 2023.4 (#5452)
+
+ * Show AppStream metadata in `flatpak remote-info` as intended
+ (#5523; regression in 1.9.1)
+
+ * Don't let Flatpak apps inherit VK_DRIVER_FILES or VK_ICD_FILENAMES
+ from the host system, which would be wrong for the sandbox (#5553)
+
+ * Fix build failure with prereleases of libappstream 0.17.x (#5472)
+
+ * Forward-compatibility with libappstream 1.0 (#5563)
+
+ * Fix a memory leak (#5329)
+
+ * Fix compiler warnings (#5362, #5366)
+
+ * Make the tests fail more comprehensibly if a required tool is missing
+ (#5020)
+
+ * Clean up `/var/tmp/flatpak-cache-*` directories on boot (#1119)
+
+ * Don't force `GIO_USE_VFS=local` for programs launched via flatpak-spawn
+ (#5567)
+
+ * Clarify documentation for D-Bus name ownership (#5582)
+
+Internal changes:
+
+ * CI improvements (#5381)
+
Changes in 1.14.4
~~~~~~~~~~~~~~~~~
Released: 2023-03-16
diff -Nru flatpak-1.14.4/portal/flatpak-portal.c flatpak-1.14.8/portal/flatpak-portal.c
--- flatpak-1.14.4/portal/flatpak-portal.c 2023-01-30 11:51:00.000000000 +0000
+++ flatpak-1.14.8/portal/flatpak-portal.c 2024-04-30 14:18:04.000000000 +0100
@@ -63,6 +63,7 @@
/* Should be roughly 2 seconds */
#define CHILD_STATUS_CHECK_ATTEMPTS 20
+static GStrv original_environ = NULL;
static GHashTable *client_pid_data_hash = NULL;
static GDBusConnection *session_bus = NULL;
static GNetworkMonitor *network_monitor = NULL;
@@ -999,7 +1000,9 @@
env = g_strdupv (empty);
}
else
- env = g_get_environ ();
+ {
+ env = g_strdupv (original_environ);
+ }
if ((flatpak = g_getenv ("FLATPAK_PORTAL_MOCK_FLATPAK")) != NULL)
g_ptr_array_add (flatpak_argv, g_strdup (flatpak));
@@ -2994,6 +2997,10 @@
{ NULL }
};
+ /* Save the enviroment before changing anything, so that subprocesses
+ * can get the unchanged version */
+ original_environ = g_get_environ ();
+
setlocale (LC_ALL, "");
g_setenv ("GIO_USE_VFS", "local", TRUE);
@@ -3096,5 +3103,6 @@
main_loop = g_main_loop_new (NULL, FALSE);
g_main_loop_run (main_loop);
+ g_strfreev (original_environ);
return 0;
}
diff -Nru flatpak-1.14.4/profile/flatpak.sh flatpak-1.14.8/profile/flatpak.sh
--- flatpak-1.14.4/profile/flatpak.sh 2022-11-17 18:07:49.000000000 +0000
+++ flatpak-1.14.8/profile/flatpak.sh 2024-04-29 18:44:16.000000000 +0100
@@ -23,4 +23,6 @@
export XDG_DATA_DIRS
XDG_DATA_DIRS="${new_dirs:+${new_dirs}:}${XDG_DATA_DIRS:-/usr/local/share:/usr/share}"
+
+ unset new_dirs
fi
diff -Nru flatpak-1.14.4/revokefs/main.c flatpak-1.14.8/revokefs/main.c
--- flatpak-1.14.4/revokefs/main.c 2022-11-17 18:26:13.000000000 +0000
+++ flatpak-1.14.8/revokefs/main.c 2024-04-30 14:18:04.000000000 +0100
@@ -297,6 +297,10 @@
return fd;
finfo->fh = fd + REMOTE_FD_OFFSET;
+
+ /* Ensure all I/O requests bypass the page cache and are sent to
+ * the backend. */
+ finfo->direct_io = 1;
}
return 0;
diff -Nru flatpak-1.14.4/session-helper/flatpak-session-helper.c flatpak-1.14.8/session-helper/flatpak-session-helper.c
--- flatpak-1.14.4/session-helper/flatpak-session-helper.c 2023-01-30 11:51:00.000000000 +0000
+++ flatpak-1.14.8/session-helper/flatpak-session-helper.c 2024-04-30 14:18:04.000000000 +0100
@@ -32,6 +32,7 @@
#include "flatpak-session-helper.h"
#include "flatpak-utils-base-private.h"
+static GStrv original_environ = NULL;
static char *monitor_dir;
static char *p11_kit_server_socket_path;
static int p11_kit_server_pid = 0;
@@ -310,7 +311,7 @@
env = g_strdupv (empty);
}
else
- env = g_get_environ ();
+ env = g_strdupv (original_environ);
n_envs = g_variant_n_children (arg_envs);
for (i = 0; i < n_envs; i++)
@@ -783,6 +784,10 @@
m_localtime = NULL;
struct sigaction action;
+ /* Save the enviroment before changing anything, so that subprocesses
+ * can get the unchanged version */
+ original_environ = g_get_environ ();
+
atexit (do_atexit);
memset (&action, 0, sizeof (struct sigaction));
@@ -880,5 +885,6 @@
g_bus_unown_name (owner_id);
+ g_strfreev (original_environ);
return 0;
}
diff -Nru flatpak-1.14.4/sideload-repos-systemd/Makefile.am.inc flatpak-1.14.8/sideload-repos-systemd/Makefile.am.inc
--- flatpak-1.14.4/sideload-repos-systemd/Makefile.am.inc 2022-11-17 18:30:08.000000000 +0000
+++ flatpak-1.14.8/sideload-repos-systemd/Makefile.am.inc 2024-04-30 14:18:04.000000000 +0100
@@ -11,8 +11,7 @@
%.path: %.path.in config.log
$(AM_V_GEN) $(SED) -e "s|\@media_dir\@|$(RUN_MEDIA_DIR)|" $< > $@
-tmpfilesdir = $(prefix)/lib/tmpfiles.d
-dist_tmpfiles_DATA = sideload-repos-systemd/tmpfiles.d/flatpak-sideload-repos.conf
+dist_tmpfiles_DATA += sideload-repos-systemd/tmpfiles.d/flatpak-sideload-repos.conf
endif
diff -Nru flatpak-1.14.4/tests/make-test-app.sh flatpak-1.14.8/tests/make-test-app.sh
--- flatpak-1.14.4/tests/make-test-app.sh 2023-03-15 17:37:23.000000000 +0000
+++ flatpak-1.14.8/tests/make-test-app.sh 2024-04-29 18:44:16.000000000 +0100
@@ -130,6 +130,9 @@
<name>Hello world test app: $APP_ID</name>
<summary>Print a greeting</summary>
<description><p>This is a test app.</p></description>
+ <developer>
+ <name>Developer name</name>
+ </developer>
<categories>
<category>Utility</category>
</categories>
diff -Nru flatpak-1.14.4/tests/make-test-runtime.sh flatpak-1.14.8/tests/make-test-runtime.sh
--- flatpak-1.14.4/tests/make-test-runtime.sh 2022-11-17 18:26:13.000000000 +0000
+++ flatpak-1.14.8/tests/make-test-runtime.sh 2024-04-29 17:46:35.000000000 +0100
@@ -47,6 +47,12 @@
local f=$1
shift
+ # Check if the program is installed
+ if ! command -v "${f}" &> /dev/null; then
+ echo "${f} not found"
+ exit 1
+ fi
+
if grep -qFe "${f}" $BINS; then
# Already handled
return 0
diff -Nru flatpak-1.14.4/tests/package_version.txt flatpak-1.14.8/tests/package_version.txt
--- flatpak-1.14.4/tests/package_version.txt 2023-03-16 09:57:43.000000000 +0000
+++ flatpak-1.14.8/tests/package_version.txt 2024-04-30 14:25:25.000000000 +0100
@@ -1 +1 @@
-1.14.4
+1.14.8
diff -Nru flatpak-1.14.4/tests/test-bundle.sh flatpak-1.14.8/tests/test-bundle.sh
--- flatpak-1.14.4/tests/test-bundle.sh 2022-11-17 18:26:13.000000000 +0000
+++ flatpak-1.14.8/tests/test-bundle.sh 2024-04-29 18:44:15.000000000 +0100
@@ -22,6 +22,7 @@
. $(dirname $0)/libtest.sh
skip_without_bwrap
+skip_revokefs_without_fuse
echo "1..8"
diff -Nru flatpak-1.14.4/tests/test-context.c flatpak-1.14.8/tests/test-context.c
--- flatpak-1.14.4/tests/test-context.c 2023-03-16 09:55:13.000000000 +0000
+++ flatpak-1.14.8/tests/test-context.c 2024-04-30 14:18:04.000000000 +0100
@@ -158,7 +158,7 @@
oc = g_option_context_new ("");
group = flatpak_context_get_options (context);
- g_option_context_add_group (oc, group);
+ g_option_context_add_group (oc, g_steal_pointer (&group));
g_option_context_parse_strv (oc, &argv, error);
}
diff -Nru flatpak-1.14.4/tests/test-exports.c flatpak-1.14.8/tests/test-exports.c
--- flatpak-1.14.4/tests/test-exports.c 2023-02-18 14:08:15.000000000 +0000
+++ flatpak-1.14.8/tests/test-exports.c 2024-04-30 14:18:04.000000000 +0100
@@ -1477,9 +1477,8 @@
/* Do not call setlocale() here: some tests look at untranslated error
* messages. */
- isolated_test_dir_global_setup ();
-
g_test_init (&argc, &argv, NULL);
+ isolated_test_dir_global_setup ();
g_test_add_func ("/context/empty", test_empty_context);
g_test_add_func ("/context/filesystems", test_filesystems);
diff -Nru flatpak-1.14.4/tests/test-info.sh flatpak-1.14.8/tests/test-info.sh
--- flatpak-1.14.4/tests/test-info.sh 2023-03-16 09:55:13.000000000 +0000
+++ flatpak-1.14.8/tests/test-info.sh 2024-04-29 18:44:16.000000000 +0100
@@ -6,7 +6,7 @@
skip_revokefs_without_fuse
-echo "1..8"
+echo "1..9"
INCLUDE_SPECIAL_CHARACTER=1 setup_repo
install_repo
@@ -62,3 +62,9 @@
assert_file_has_content info "^hidden$"
ok "info --file-access"
+
+${FLATPAK} info org.test.Hello > info
+
+assert_file_has_content info "^Hello world test app: org\.test\.Hello - Print a greeting$"
+
+ok "info (name header)"
diff -Nru flatpak-1.14.4/tests/test-instance.c flatpak-1.14.8/tests/test-instance.c
--- flatpak-1.14.4/tests/test-instance.c 2022-11-17 18:26:13.000000000 +0000
+++ flatpak-1.14.8/tests/test-instance.c 2024-04-30 14:18:04.000000000 +0100
@@ -491,9 +491,8 @@
{
int res;
- isolated_test_dir_global_setup ();
-
g_test_init (&argc, &argv, NULL);
+ isolated_test_dir_global_setup ();
g_test_add_func ("/instance/gc", test_gc);
g_test_add_func ("/instance/claim-per-app-temp-directory",
diff -Nru flatpak-1.14.4/tests/testlibrary.c flatpak-1.14.8/tests/testlibrary.c
--- flatpak-1.14.4/tests/testlibrary.c 2023-02-22 15:43:05.000000000 +0000
+++ flatpak-1.14.8/tests/testlibrary.c 2024-04-30 14:18:04.000000000 +0100
@@ -207,7 +207,7 @@
g_autofree char *path = NULL;
g_autoptr(GFile) file = NULL;
g_autoptr(GError) error = NULL;
- g_autofree char *value;
+ g_autofree char *value = NULL;
gboolean res;
guint64 bytes;
diff -Nru flatpak-1.14.4/tests/test-repo.sh flatpak-1.14.8/tests/test-repo.sh
--- flatpak-1.14.4/tests/test-repo.sh 2023-02-22 15:43:05.000000000 +0000
+++ flatpak-1.14.8/tests/test-repo.sh 2024-04-30 14:18:04.000000000 +0100
@@ -464,6 +464,14 @@
assert_has_file $HOME/.var/app/org.test.Hello/data/a-file
assert_has_file $HOME/.var/app/org.test.Hello/data/another-file
+# Simulate removal of app data dir
+rm -rf $HOME/.var/app/org.test.NewHello
+
+${FLATPAK} run org.test.NewHello >&2
+
+# Ensure the data dir is re-created instead of migrating the symlink
+assert_has_dir $HOME/.var/app/org.test.NewHello
+
${FLATPAK} ${U} uninstall -y org.test.NewHello org.test.Platform >&2
ok "eol-rebase"
diff -Nru flatpak-1.14.4/tests/test-run.sh flatpak-1.14.8/tests/test-run.sh
--- flatpak-1.14.4/tests/test-run.sh 2024-04-30 17:52:59.000000000 +0100
+++ flatpak-1.14.8/tests/test-run.sh 2024-04-30 14:18:04.000000000 +0100
@@ -77,7 +77,7 @@
ok "hello"
# This should try and fail to run e.g. /usr/bin/--tmpfs, which will
-# exit with status 127 because there is no such executable.
+# exit with a nonzero status because there is no such executable.
# It should not pass "--tmpfs /blah hello.sh" as bwrap options.
exit_status=0
run --command=--tmpfs org.test.Hello /blah hello.sh >&2 || exit_status=$?
diff -Nru flatpak-1.14.4/tests/test-update-portal.sh flatpak-1.14.8/tests/test-update-portal.sh
--- flatpak-1.14.4/tests/test-update-portal.sh 2022-11-17 18:26:13.000000000 +0000
+++ flatpak-1.14.8/tests/test-update-portal.sh 2024-04-29 18:44:15.000000000 +0100
@@ -22,6 +22,7 @@
. $(dirname $0)/libtest.sh
skip_without_bwrap
+skip_revokefs_without_fuse
echo "1..6"
