Change log for flatpak package in Ubuntu
1 → 75 of 142 results | First • Previous • Next • Last |
flatpak (1.14.8-1) unstable; urgency=medium * New upstream stable release 1.14.7 - Automatically reload D-Bus session bus configuration when apps are installed or upgraded, ensuring that any new .service files get picked up - Allow apps to be run if the D-Bus system bus is missing or non-functional - Add several more environment variables to the list not inherited into the sandbox: + $LD_AUDIT, $LD_PRELOAD for ld.so + $__EGL_VENDOR_LIBRARY_DIRS, etc. for EGL + $VK_ADD_DRIVER_FILES, etc. for Vulkan + $container, when running Flatpak inside a container manager - Use xdg-desktop-portal-gnome, if installed, to detect whether apps are running in the background - If an app's data is migrated to a new name and then deleted, don't try to migrate it again, avoiding a recursive symlink loop - Don't leak temporary variable $new_dirs from /etc/profile.d/flatpak.sh into user shell sessions - Avoid an out-of-bounds left-shift (which is technically undefined behaviour) when hashing object names - Fix critical warnings "GFileInfo created without standard::is-symlink" when using /var/lib/flatpak/extension with testing/unstable glib2.0 - Fix validation of documentation against Docbook DTD - Fix a misleading comment in the test for CVE-2024-32462 - Fix a double-free in the test suite - Skip more tests if bubblewrap works but FUSE doesn't * New upstream stable release 1.14.8 - Respin of 1.14.7 reverting unintended submodule changes * d/control: Replace one more polkitd|policykit-1 dependency with polkitd * d/control: Move dbus-system-bus from Depends to Recommends. `flatpak run` no longer has a working system bus as a hard requirement. -- Simon McVittie <email address hidden> Tue, 30 Apr 2024 15:08:35 +0100
Available diffs
- diff from 1.14.6-1 to 1.14.8-1 (132.6 KiB)
Superseded in oracular-release |
Published in noble-release |
Deleted in noble-proposed (Reason: Moved to noble) |
flatpak (1.14.6-1) unstable; urgency=high * New upstream stable release 1.14.6 - Don't allow an executable name to be misinterpreted as a command-line option for bwrap(1). This prevents a sandbox escape where a malicious or compromised app could ask xdg-desktop-portal to generate a .desktop file with access to files outside the sandbox. (CVE-2024-32462) - Don't parse `<developer><name/></developer>` as the application name * d/control: Drop alternative dependencies on transitional policykit-1. polkitd was released in Debian 12 and Ubuntu 22.04. -- Simon McVittie <email address hidden> Wed, 17 Apr 2024 19:34:28 +0100
Available diffs
flatpak (1.14.5-1build6) noble; urgency=medium * No-change rebuild against libarchive13t64 -- Steve Langasek <email address hidden> Sun, 07 Apr 2024 07:06:19 +0000
Available diffs
- diff from 1.14.5-1build5 to 1.14.5-1build6 (314 bytes)
flatpak (1.14.5-1build5) noble; urgency=medium * No-change rebuild for CVE-2024-3094 -- Steve Langasek <email address hidden> Sun, 31 Mar 2024 00:58:42 +0000
Available diffs
- diff from 1.14.5-1build4 to 1.14.5-1build5 (314 bytes)
flatpak (1.14.5-1build4) noble; urgency=medium * No-change rebuild against libcurl3t64-gnutls -- Steve Langasek <email address hidden> Sat, 16 Mar 2024 06:52:41 +0000
Available diffs
Superseded in noble-proposed |
flatpak (1.14.5-1build3) noble; urgency=medium * No-change rebuild against libglib2.0-0t64 -- Steve Langasek <email address hidden> Mon, 11 Mar 2024 22:36:01 +0000
Available diffs
- diff from 1.14.5-1build2 to 1.14.5-1build3 (297 bytes)
Superseded in noble-proposed |
flatpak (1.14.5-1build2) noble; urgency=medium * No-change rebuild against libglib2.0-0t64 -- Steve Langasek <email address hidden> Fri, 08 Mar 2024 04:20:41 +0000
Available diffs
- diff from 1.14.5-1build1 to 1.14.5-1build2 (531 bytes)
Deleted in noble-updates (Reason: superseded by release) |
Superseded in noble-release |
Deleted in noble-proposed (Reason: Moved to noble) |
flatpak (1.14.5-1build1) noble; urgency=medium * Rebuild against latest appstream -- Jeremy Bícha <email address hidden> Sun, 17 Dec 2023 15:30:49 -0500
Available diffs
- diff from 1.14.5-1 (in Debian) to 1.14.5-1build1 (404 bytes)
flatpak (1.14.5-1) unstable; urgency=medium * New upstream stable release * Drop patches cherry-picked in 1.14.4-2, applied upstream * d/flatpak.install: Install new tmpfiles.d snippet * d/test.sh: Disable http proxy if used, to ensure we can reach localhost. Some reproducible.org builders set http_proxy, which makes attempts to access our temporary http server on localhost fail with a 503 error. * d/control: (Build-)depend on pkgconf in preference to pkg-config * d/control: Add ${gir:Depends}, ${gir:Provides} to -dev package (Helps: #1030223) * d/control: Build-depend on required GIR XML files (Helps: #1030223) * Install systemd system unit into /usr/lib/systemd/system. This was allowed by TC resolution #1053901. Build-depend on debhelper 13.11.6~ to ensure that the unit is still picked up by dh_installsystemd. -- Simon McVittie <email address hidden> Fri, 08 Dec 2023 12:25:50 +0000
Available diffs
- diff from 1.14.4-2 to 1.14.5-1 (59.4 KiB)
Superseded in noble-release |
Published in mantic-release |
Deleted in mantic-proposed (Reason: Moved to mantic) |
flatpak (1.14.4-2) unstable; urgency=medium * Team upload [ Simon McVittie ] * Mention #1033098, #1033099 in previous changelog entry [ Jeremy Bicha ] * Cherry-pick 2 patches for compatibility with glib 2.77 -- Jeremy Bícha <email address hidden> Tue, 18 Jul 2023 17:05:30 -0400
Available diffs
Superseded in mantic-release |
Published in lunar-release |
Deleted in lunar-proposed (Reason: Moved to lunar) |
flatpak (1.14.4-1ubuntu1) lunar; urgency=medium [ Simon McVittie ] * Mention #1033098, #1033099 in previous changelog entry [ Jeremy Bicha ] * Cherry-pick 2 patches for compatibility with glib 2.76.0 -- Jeremy Bicha <email address hidden> Sat, 18 Mar 2023 19:43:33 -0400
Available diffs
flatpak (1.14.4-1) unstable; urgency=high * New upstream security fix release - Escape special characters when displaying permissions and metadata, preventing malicious apps from manipulating the appearance of the permissions list using crafted metadata (CVE-2023-28101) - If a Flatpak app is run on a Linux virtual console (tty1, etc.), don't allow copy/paste via the TIOCLINUX ioctl (CVE-2023-28100). Note that this is specific to virtual consoles: Flatpak is not vulnerable to this if run from a graphical terminal emulator such as xterm, gnome-terminal or Konsole. - Translation update: pl -- Simon McVittie <email address hidden> Thu, 16 Mar 2023 10:39:01 +0000
Available diffs
- diff from 1.14.3-1 to 1.14.4-1 (52.5 KiB)
flatpak (1.14.3-1) unstable; urgency=medium * New upstream stable release - Fix handling of apps superseded by an app of a different name in GNOME Software (flatpak#5172) - Fix a crash when an app has --socket=gpg-agent permission (flatpak#5095) - Fix a crash when listing broken or misconfigured apps (flatpak#5293) - If an app has invalid syntax in its overrides or metadata, mention the filename in the error message (flatpak#5293) - Unset $GDK_BACKEND so that GTK apps with --socket=fallback-x11 work reliably (flatpak#5303) - Ignore some --filesystem permissions which would otherwise prevent all apps from starting (flatpak#1357, flatpak#5205, flatpak#5207) - Show a warning when a --filesystem exists but cannot be shared with the sandbox (flatpak#1357, flatpak#5035, flatpak#5205, flatpak#5207) -- Simon McVittie <email address hidden> Mon, 27 Feb 2023 12:52:48 +0000
Available diffs
- diff from 1.14.1-1 to 1.14.3-1 (171.3 KiB)
- diff from 1.14.2-1 to 1.14.3-1 (97.9 KiB)
flatpak (1.14.2-1) unstable; urgency=medium * New upstream stable release * Update standards version to 4.6.2 (no changes needed) -- Simon McVittie <email address hidden> Mon, 06 Feb 2023 17:21:47 +0000
Available diffs
- diff from 1.14.1-1 to 1.14.2-1 (32.6 KiB)
flatpak (1.14.1-1) unstable; urgency=medium * New upstream stable release * Remove obsolete maintscript entries * Avoid explicitly specifying -Wl,--as-needed linker flag, which is the default with newer toolchains -- Simon McVittie <email address hidden> Fri, 18 Nov 2022 13:45:56 +0000
Available diffs
- diff from 1.14.0-2 to 1.14.1-1 (205.0 KiB)
Superseded in lunar-release |
Obsolete in kinetic-release |
Deleted in kinetic-proposed (Reason: Moved to kinetic) |
flatpak (1.14.0-2) unstable; urgency=medium * d/control: Add dependency on fuse3, for fusermount3. Strictly speaking this is only needed for system installations, but those are the default, and a missing fusermount3 produces unclear symptoms. * d/control: Depend on polkitd in preference to transitional policykit-1. This package doesn't need pkexec. * Update Lintian overrides -- Simon McVittie <email address hidden> Fri, 02 Sep 2022 08:59:06 +0100
Available diffs
- diff from 1.14.0-1 to 1.14.0-2 (1.2 KiB)
flatpak (1.14.0-1) unstable; urgency=medium * New upstream release * d/copyright: Update * Build with libfuse3 -- Simon McVittie <email address hidden> Tue, 23 Aug 2022 20:26:06 +0100
Available diffs
- diff from 1.13.3-2 to 1.14.0-1 (500.9 KiB)
flatpak (1.13.3-2) experimental; urgency=medium * Build with libcurl http backend. This avoids library conflicts during the transition to GNOME 43, in which core apps and libraries have switched to libsoup3, which conflicts with libsoup2.4. See #1016589. * d/control: Remove backwards-compat with libgdk-pixbuf2.0-dev. libgdk-pixbuf-2.0-dev was released in bullseye, and official backports to old distributions need to swap the dependency anyway, because of how buildds resolve alternative dependencies. * Set correct Vcs-Git field for experimental branch * Standards-Version: 4.6.1 (no changes required) -- Simon McVittie <email address hidden> Fri, 05 Aug 2022 10:06:16 +0100
Available diffs
- diff from 1.12.7-1 to 1.13.3-2 (731.5 KiB)
Superseded in kinetic-release |
Published in jammy-release |
Deleted in jammy-proposed (Reason: Moved to jammy) |
flatpak (1.12.7-1) unstable; urgency=medium * New upstream stable release - Pass through a remote X11 display if the app has --share=network - Pass through a remote PulseAudio server if the app has --share=network - WAYLAND_DISPLAY can be an absolute path - Accept /app/share/metainfo/*.xml exports from apps that were built with Flatpak 1.13.x - Automatically set up /var/lib/flatpak/repo if required - Work around a bug in libostree < 2021.6 when used with GLib >= 2.71 - Fix some memory leaks in GVariant data processing * d/gbp.conf: Use upstream/1.12.x branch for upstream imports * d/watch: Only watch for upstream stable releases -- Simon McVittie <email address hidden> Mon, 14 Mar 2022 17:37:10 +0000
Available diffs
- diff from 1.12.6-1 to 1.12.7-1 (235.4 KiB)
flatpak (1.12.6-1) unstable; urgency=medium * New upstream stable release - Better robustness against downloads being interrupted or cancelled - Detect the GTK theme more reliably - Fix history command unit test when not using persistent systemd journal - Translation update: pt_BR -- Simon McVittie <email address hidden> Tue, 22 Feb 2022 10:58:48 +0000
Available diffs
- diff from 1.12.5-1 to 1.12.6-1 (38.8 KiB)
flatpak (1.12.5-1) unstable; urgency=medium * New upstream stable release - Don't propagate GStreamer-related environment variables into sandbox - Fix regressions in `flatpak history` since 1.9.1 - Remove temporary files from /var/lib/flatpak/appstream * Stop installing flatpak-bisect and flatpak-coredumpctl as examples. Since 1.8.1-2 they're installed into PATH, in libflatpak-dev. * d/flatpak.docs: Use debhelper 11 dh_installdoc instead of dh-exec -- Simon McVittie <email address hidden> Fri, 11 Feb 2022 17:16:22 +0000
Available diffs
- diff from 1.12.4-1 to 1.12.5-1 (194.0 KiB)
flatpak (1.12.4-1) unstable; urgency=medium * New upstream stable release * Alter the solution to CVE-2022-21682 to avoid regressions: - Revert semantics of --nofilesystem=host to be the same as 1.12.2 - Revert semantics of --nofilesystem=home to be the same as 1.12.2 - Add --nofilesystem=host:reset which means the same thing that --nofilesystem=host did in 1.12.3 - Users of flatpak-builder should update it to 1.2.2 to resolve CVE-2022-21682 * Other bug fixes: - Clarify documentation related to CVE-2022-21682 - Improve test coverage related to CVE-2022-21682 - Restore compatibility with older appstream-glib versions, for backports * Set high urgency to resolve regressions in 1.12.3 -- Simon McVittie <email address hidden> Tue, 18 Jan 2022 18:01:05 +0000
Available diffs
- diff from 1.12.3-1 to 1.12.4-1 (173.0 KiB)
flatpak (1.12.3-1) unstable; urgency=high * New upstream stable release * Security fixes: - Prevent a malicious repository from arranging for permissions to be granted without being correctly displayed during installation (CVE-2021-43860, GHSA-qpjc-vq3c-572j) - Prevent a malicious build in flatpak-builder creating directories outside the build directory (GHSA-8ch7-5j3h-g4fx) * Behaviour changes, as a result of how GHSA-8ch7-5j3h-g4fx was fixed: - --nofilesystem=host is now special-cased to negate all --filesystem permissions. Previously, it would cancel out --filesystem=host but not --filesystem=/some/dir. - --nofilesystem=home is now special-cased to negate several home-directory-related filesystem permssions such as --filesystem=xdg-config/foo, not just --filesystem=host. * Other bug fixes: - Extra-data downloading now properly handles compressed content-encodings, which fixes checksum verification - Avoid unnecessary polkit prompt due to auto-pinning when installing runtimes - Better handling of updates of extensions that exist in multiple repositories - Fixed (initial) installation of apps with renamed app-IDs - Support more pulseaudio configuration, including the one used in WSL2 - Fixed regression in updates from no-enumerate remotes - We now verify checksums of summary caches, to better handle local file corruption - Improved CLI output for non-terminal targets - Flatpak run --session-bus now works - Fix build with PyParsing >= 3.0.4 - bash auto completion now doesn't complete on command name aliases - Minor improvements to the search command - Minor improvements to the list command - Minor improvements to the repair command - Add more tests - Updated translations and docs * d/copyright: Update -- Simon McVittie <email address hidden> Wed, 12 Jan 2022 13:33:12 +0000
Available diffs
- diff from 1.12.2-2 to 1.12.3-1 (376.8 KiB)
flatpak (1.12.2-2) unstable; urgency=medium * flatpak Recommends xdg-user-dirs. If we don't have this, the XDG special directories for documents, music, downloads etc. will not be listed in ~/.config/user-dirs.dirs unless configured manually; this means that app permissions that would normally share those directories with the host, such as --filesystem=xdg-download, will have no practical effect. (Closes: #1000609) * Build/test-depend on dbus-daemon. We don't necessarily need a full implementation for the unit tests, but we do need to be able to run dbus-daemon --session. * Depend on default-dbus-system-bus | dbus-system-bus instead of dbus. Any implementation of the system bus will do. * Adjust Lintian overrides for current Lintian -- Simon McVittie <email address hidden> Mon, 13 Dec 2021 13:22:23 +0000
Available diffs
- diff from 1.12.2-1 to 1.12.2-2 (1.1 KiB)
flatpak (1.6.5-0ubuntu0.4) focal-security; urgency=medium * SECURITY UPDATE: Sandbox bypass via recent VFS-manipulating syscalls (LP: #1946578) - debian/paches/CVE-2021-41133-1.patch - debian/paches/CVE-2021-41133-2.patch - debian/paches/CVE-2021-41133-3.patch - debian/paches/CVE-2021-41133-4.patch - debian/paches/CVE-2021-41133-5.patch - debian/paches/CVE-2021-41133-6.patch - debian/paches/CVE-2021-41133-7.patch - debian/paches/CVE-2021-41133-8.patch - debian/paches/CVE-2021-41133-9.patch - debian/paches/CVE-2021-41133-10.patch - CVE-2021-41133 -- Andrew Hayzen <email address hidden> Wed, 13 Oct 2021 00:36:35 +0100
Available diffs
flatpak (1.0.9-0ubuntu0.4) bionic-security; urgency=medium * SECURITY UPDATE: Sandbox bypass via recent VFS-manipulating syscalls (LP: #1946578) - debian/paches/CVE-2021-41133-1.patch - debian/paches/CVE-2021-41133-2.patch - debian/paches/CVE-2021-41133-3.patch - debian/paches/CVE-2021-41133-4.patch - debian/paches/CVE-2021-41133-5.patch - debian/paches/CVE-2021-41133-6.patch - debian/paches/CVE-2021-41133-7.patch - debian/paches/CVE-2021-41133-8.patch - debian/paches/CVE-2021-41133-9.patch - debian/paches/CVE-2021-41133-10.patch - CVE-2021-41133 -- Andrew Hayzen <email address hidden> Wed, 13 Oct 2021 00:36:35 +0100
Available diffs
flatpak (1.10.2-1ubuntu1.1) hirsute-security; urgency=medium * SECURITY UPDATE: Sandbox bypass via recent VFS-manipulating syscalls (LP: #1946578) - debian/paches/CVE-2021-41133-1.patch - debian/paches/CVE-2021-41133-2.patch - debian/paches/CVE-2021-41133-3.patch - debian/paches/CVE-2021-41133-4.patch - debian/paches/CVE-2021-41133-5.patch - debian/paches/CVE-2021-41133-6.patch - debian/paches/CVE-2021-41133-7.patch - debian/paches/CVE-2021-41133-8.patch - debian/paches/CVE-2021-41133-9.patch - debian/paches/CVE-2021-41133-10.patch - CVE-2021-41133 -- Andrew Hayzen <email address hidden> Wed, 13 Oct 2021 00:36:35 +0100
Available diffs
flatpak (1.10.2-3ubuntu0.1) impish-security; urgency=medium * SECURITY UPDATE: Sandbox bypass via recent VFS-manipulating syscalls (LP: #1946578) - debian/paches/CVE-2021-41133-1.patch - debian/paches/CVE-2021-41133-2.patch - debian/paches/CVE-2021-41133-3.patch - debian/paches/CVE-2021-41133-4.patch - debian/paches/CVE-2021-41133-5.patch - debian/paches/CVE-2021-41133-6.patch - debian/paches/CVE-2021-41133-7.patch - debian/paches/CVE-2021-41133-8.patch - debian/paches/CVE-2021-41133-9.patch - debian/paches/CVE-2021-41133-10.patch - CVE-2021-41133 -- Andrew Hayzen <email address hidden> Wed, 13 Oct 2021 00:36:35 +0100
Available diffs
flatpak (1.12.2-1) unstable; urgency=medium * New upstream stable release - Better diagnostic messages if libseccomp calls fail - Install translations referenced by LANG, LANGUAGE or LC_ALL, fixing test failures in 1.12.0+ on older distributions - Update Polish translation * d/p/Fix-handling-of-syscalls-only-allowed-by-devel.patch: Drop patch, applied upstream -- Simon McVittie <email address hidden> Tue, 12 Oct 2021 11:54:06 +0100
Available diffs
- diff from 1.10.2-3 to 1.12.2-1 (887.6 KiB)
Superseded in jammy-release |
Obsolete in impish-release |
Deleted in impish-proposed (Reason: Moved to impish) |
flatpak (1.10.2-3) unstable; urgency=medium * d/patches: Align with upstream flatpak-1.10.x branch, making this effectively a release candidate for upstream stable release 1.10.3 - d/patches: Update metadata to reflect upstream flatpak-1.10.x branch. All the patches we apply in Debian are expected to be released in 1.10.3 upstream, but not all were annotated to reflect this. - d/p/system-helper-Fix-deploys-of-local-remotes.patch: Fix some failures to update in GNOME Software and the unit tests. This change was previously applied in Ubuntu's flatpak_1.10.2-1ubuntu1 to fix a unit test failure, possibly triggered by a newer version of GLib. It has also been reported to fix a failure to upgrade Flatpak apps using GNOME Software, this time in Fedora. - d/p/create-usb-Skip-copying-extra-data-flatpaks.patch: Skip flatpaks with "extra-data" when using `flatpak create-usb`. This command is intended to create USB drives that can be used to install Flatpak apps and/or runtimes while offline, but the "extra-data" feature downloads extra content for an app or runtime at install time, as a way to automate installation of data that can be re-downloaded by end users but is not licensed for redistribution by Flatpak repositories. Such apps and runtimes would fail to install while offline. - d/p/series: Re-order patches to match upstream flatpak-1.10.x branch -- Simon McVittie <email address hidden> Sun, 25 Jul 2021 20:44:58 +0100
Available diffs
Superseded in impish-release |
Obsolete in hirsute-release |
Deleted in hirsute-proposed (Reason: Moved to hirsute) |
flatpak (1.10.2-1ubuntu1) hirsute; urgency=medium * debian/patches/0001-system-helper-Fix-deploys-of-local-remotes.patch: Cherry pick a patch to fix the tests with new glib2.0. For updates in remotes with a local (file:) uri we just do a deploy with a LOCAL_PULL flag set and an empty arg_repo_path. However, our arg_repo_path checking at some point seemed to stop properly handling the case where it is empty. I got it to report "No such file" wich broke the tests. -- Iain Lane <email address hidden> Thu, 08 Apr 2021 18:12:53 +0100
Available diffs
flatpak (1.0.9-0ubuntu0.3) bionic-security; urgency=medium * SECURITY UPDATE: Flatpak sandbox escape via crafted .desktop file (LP: #1918482) - debian/patches/CVE-2021-21381-1.patch: Disallow @@ and @@u usage in desktop files. - debian/patches/CVE-2021-21381-2.patch: dir: Reserve the whole @@ prefix. - debian/patches/CVE-2021-21381-3.patch: dir: Refuse to export .desktop files with suspicious uses. - CVE-2021-21381 -- Andrew Hayzen <email address hidden> Wed, 10 Mar 2021 20:51:04 +0000
Available diffs
flatpak (1.6.5-0ubuntu0.3) focal-security; urgency=medium * SECURITY UPDATE: Flatpak sandbox escape via crafted .desktop file (LP: #1918482) - debian/patches/CVE-2021-21381-1.patch: Disallow @@ and @@u usage in desktop files. - debian/patches/CVE-2021-21381-2.patch: dir: Reserve the whole @@ prefix. - debian/patches/CVE-2021-21381-3.patch: dir: Refuse to export .desktop files with suspicious uses. - CVE-2021-21381 -- Andrew Hayzen <email address hidden> Fri, 05 Mar 2021 22:21:25 +0000
Available diffs
flatpak (1.8.2-1ubuntu0.2) groovy-security; urgency=medium * SECURITY UPDATE: Flatpak sandbox escape via crafted .desktop file (LP: #1918482) - debian/patches/CVE-2021-21381-1.patch: Disallow @@ and @@u usage in desktop files. - debian/patches/CVE-2021-21381-2.patch: dir: Reserve the whole @@ prefix. - debian/patches/CVE-2021-21381-3.patch: dir: Refuse to export .desktop files with suspicious uses. - CVE-2021-21381 -- Andrew Hayzen <email address hidden> Wed, 10 Mar 2021 20:54:38 +0000
Available diffs
flatpak (1.10.2-1) unstable; urgency=medium * New upstream stable release - Make --filesystem, --nofilesystem accept non-ASCII filenames more reliably - Improve solution for #984859 so it refuses to install apps that appear to be trying to exploit the vulnerability - Fix a memory leak - Improve compatibility with openSUSE's X authentication setup - Use a single version of Docbook for all documentation - This release also incorporates the fixes that were applied in 1.10.1-2 and 1.10.1-3, and part of 1.10.1-4 * Drop patches that were applied upstream * d/p/tests-Remove-hard-coded-references-to-x86_64.patch: Mark the remaining patch as applied upstream for 1.11.0 * Add reference to #984859 in previous changelog entry -- Simon McVittie <email address hidden> Wed, 10 Mar 2021 10:58:32 +0000
Available diffs
flatpak (1.10.1-4) unstable; urgency=high * d/p/Disallow-and-u-usage-in-desktop-files.patch: Add proposed patch to fix a sandbox escape via crafted .desktop files (flatpak#4146). Thanks, Ryan Gonzalez * d/p/tests-Remove-hard-coded-references-to-x86_64.patch: Add proposed patch to fix some tests on non-x86_64 machines. The affected tests were already skipped in schroot/lxc for other reasons, but would be run (and fail) on autopkgtest testbeds with isolation-machine and working FUSE. -- Simon McVittie <email address hidden> Fri, 05 Mar 2021 10:21:35 +0000
Available diffs
flatpak (1.10.1-3ubuntu1) hirsute; urgency=medium * Merge from Debian unstable. Remaining changes: - Designate 'test-unused' test as flaky. It is new in this version, so has never passed in autopkgtests on !amd64.
Available diffs
flatpak (1.10.1-2ubuntu2) hirsute; urgency=medium * Designate 'test-unused' test as flaky. It is new in this version, so has never passed in autopkgtests. -- Rik Mills <email address hidden> Tue, 23 Feb 2021 20:48:19 +0000
Available diffs
- diff from 1.8.5-1 (in Debian) to 1.10.1-2ubuntu2 (895.5 KiB)
- diff from 1.10.1-2ubuntu1 to 1.10.1-2ubuntu2 (566 bytes)
Superseded in hirsute-proposed |
flatpak (1.10.1-2ubuntu1) hirsute; urgency=medium * Add patch from Fedora, backporting upstream commit fixing headers after new glibc changes. Fixes at least plasma-discover FTBFS against flatpak with new glibc. - 0001-Add-G_BEGIN_DECLS-G_END_DECLS-to-public-headers.patch -- Rik Mills <email address hidden> Tue, 23 Feb 2021 18:34:37 +0000
Available diffs
flatpak (1.8.2-1ubuntu0.1) groovy-security; urgency=medium * SECURITY UPDATE: Flatpak sandbox escape via spawn portal (LP: #1911473) - debian/patches/CVE-2021-21261-1.patch: common: Add a backport of G_DBUS_METHOD_INVOCATION_HANDLED. - debian/patches/CVE-2021-21261-2.patch: run: Convert all environment variables into bwrap arguments. - debian/patches/CVE-2021-21261-3.patch: tests: Expand coverage for environment variable overrides. - debian/patches/CVE-2021-21261-4.patch: context: Add --env-fd option. - debian/patches/CVE-2021-21261-5.patch: portal: Convert --env in extra-args into --env-fd. - debian/patches/CVE-2021-21261-6.patch: tests: Exercise --env-fd. - debian/patches/CVE-2021-21261-7.patch: portal: Do not use caller-supplied variables in environment. - debian/patches/CVE-2021-21261-8.patch: tests: Assert that --env= does not go in `flatpak run` or bwrap environ. - CVE-2021-21261 -- Andrew Hayzen <email address hidden> Fri, 22 Jan 2021 00:59:12 +0000
Available diffs
flatpak (1.6.5-0ubuntu0.2) focal-security; urgency=medium * SECURITY UPDATE: Flatpak sandbox escape via spawn portal (LP: #1911473) - debian/patches/CVE-2021-21261-1.patch: tests: Add minimal version of "ok" helper. - debian/patches/CVE-2021-21261-2.patch: common: Add a backport of G_DBUS_METHOD_INVOCATION_HANDLED. - debian/patches/CVE-2021-21261-3.patch: run: Convert all environment variables into bwrap arguments. - debian/patches/CVE-2021-21261-4.patch: tests: Expand coverage for environment variable overrides. - debian/patches/CVE-2021-21261-5.patch: context: Add --env-fd option. - debian/patches/CVE-2021-21261-6.patch: portal: Convert --env in extra-args into --env-fd. - debian/patches/CVE-2021-21261-7.patch: tests: Exercise --env-fd. - debian/patches/CVE-2021-21261-8.patch: portal: Do not use caller-supplied variables in environment. - debian/patches/CVE-2021-21261-9.patch: tests: Assert that --env= does not go in `flatpak run` or bwrap environ. - CVE-2021-21261 -- Andrew Hayzen <email address hidden> Wed, 13 Jan 2021 21:09:15 +0000
flatpak (1.0.9-0ubuntu0.2) bionic-security; urgency=medium * SECURITY UPDATE: Flatpak sandbox escape via spawn portal (LP: #1911473) - debian/patches/CVE-2021-21261-1.patch: run: Convert all environment variables into bwrap arguments. - debian/patches/CVE-2021-21261-2.patch: common: Move flatpak_buffer_to_sealed_memfd_or_tmpfile to its own file. - debian/patches/CVE-2021-21261-3.patch: context: Add --env-fd option. - debian/patches/CVE-2021-21261-4.patch: portal: Convert --env in extra-args into --env-fd. - debian/patches/CVE-2021-21261-5.patch: portal: Do not use caller-supplied variables in environment. - CVE-2021-21261 -- Paulo Flabiano Smorigo <email address hidden> Tue, 19 Jan 2021 14:21:40 +0000
Available diffs
flatpak (1.10.1-2) unstable; urgency=medium * d/patches: Disable FUSE-based revokefs if any of several factors fail. This fixes FTBFS in pbuilder, and hopefully also on Launchpad autobuilders. -- Simon McVittie <email address hidden> Thu, 28 Jan 2021 22:24:20 +0000
Available diffs
- diff from 1.10.1-1 to 1.10.1-2 (2.5 KiB)
flatpak (1.10.1-1) unstable; urgency=medium * New upstream release - Fix a regression in 'flatpak build' after fixing CVE-2021-21261 (Closes: #980323) -- Simon McVittie <email address hidden> Thu, 21 Jan 2021 14:12:22 +0000
Available diffs
- diff from 1.10.0-2 to 1.10.1-1 (60.4 KiB)
flatpak (1.10.0-2) unstable; urgency=medium * Upload 1.10.x branch to unstable * Add CVE-2021-21261 reference to 1.8.5-1 changelog entry -- Simon McVittie <email address hidden> Sun, 17 Jan 2021 11:51:16 +0000
Available diffs
- diff from 1.8.5-1 to 1.10.0-2 (887.4 KiB)
flatpak (1.8.5-1) unstable; urgency=high * New upstream release fixing a sandbox escape vulnerability (GHSA-4ppf-fxf6-vxg2) * Mark patch for #975710 as having been applied upstream -- Simon McVittie <email address hidden> Thu, 14 Jan 2021 09:34:09 +0000
Available diffs
- diff from 1.8.4-2 to 1.8.5-1 (34.5 KiB)
flatpak (1.8.4-2) unstable; urgency=medium * Mark patch for #972138 as having been applied upstream * Add patch to avoid gvfs-daemon being started when logging in as root. Thanks to Mourad De Clerck (Closes: #975710) * Add package-specific info from bubblewrap to bug reports. In particular, this will tell us whether it's setuid. -- Simon McVittie <email address hidden> Sun, 03 Jan 2021 15:37:04 +0000
Available diffs
- diff from 1.8.4-1 to 1.8.4-2 (1.3 KiB)
flatpak (1.8.4-1) unstable; urgency=medium * debian/o.fd.Flatpak.pkla: sync with rules provided by upstream * Use debian/unstable branch for packaging * New upstream release * d/p/variant-schema-compiler-Disable-optimized-calculation-of-.patch: Drop patch, which should be unnecessary with the new version -- Simon McVittie <email address hidden> Thu, 24 Dec 2020 10:58:59 +0000
Available diffs
- diff from 1.8.3-2 to 1.8.4-1 (5.4 KiB)
flatpak (1.8.3-2) unstable; urgency=medium * Preferentially build-depend on libgdk-pixbuf-2.0-dev. We don't need the deprecated Xlib integration that is also pulled in by the older libgdk-pixbuf2.0-dev package (see #974870). * Standards-Version: 4.5.1 (no changes required) -- Simon McVittie <email address hidden> Tue, 24 Nov 2020 12:01:18 +0000
Available diffs
- diff from 1.8.3-1 to 1.8.3-2 (616 bytes)
flatpak (1.8.3-1) unstable; urgency=medium * New upstream release -- Simon McVittie <email address hidden> Thu, 19 Nov 2020 14:51:15 +0000
Available diffs
- diff from 1.8.2-3 to 1.8.3-1 (71.9 KiB)
flatpak (1.8.2-3) unstable; urgency=medium * d/p/Skip-parental-controls-checks-on-ServiceUnknown-or-NameHa.patch: Add proposed patch to skip parental controls if accountsservice is not installed. The malcontent package (which activates parental controls support) depends on accountsservice, but the libmalcontent-0-0 client library does not, so we need to cope gracefully with the case where neither malcontent nor accountsservice is installed. Presumably, in such installations the sysadmin did not want the parental controls feature. Ideally libmalcontent would do this itself (#972145). (Closes: #972138) * Add Depends on dbus, for the well-known system bus service. Now that the parental controls feature is enabled, Flatpak will refuse to run apps if the D-Bus system bus is unavailable. Previously, it would have partially worked (but with severely reduced functionality, in particular only --user installations). * d/control: Canonicalize case of Multi-Arch * Update lintian overrides to silence some false-positives -- Simon McVittie <email address hidden> Thu, 15 Oct 2020 09:47:28 +0100
Available diffs
- diff from 1.8.2-1 to 1.8.2-3 (2.5 KiB)
- diff from 1.8.2-2 to 1.8.2-3 (2.2 KiB)
Superseded in hirsute-proposed |
Deleted in groovy-proposed (Reason: From groovy-as-devel-series, now present in hirsute, not ...) |
flatpak (1.8.2-2) unstable; urgency=medium [ Laurent Bigonville ] * debian/control: Add libmalcontent-0-dev to the build-dependencies. This provides optional parental controls for app installation and launching. [ Simon McVittie ] * Add Suggests on malcontent-gui -- Simon McVittie <email address hidden> Sat, 10 Oct 2020 20:10:55 +0100
Available diffs
- diff from 1.8.2-1 to 1.8.2-2 (589 bytes)
Superseded in hirsute-release |
Obsolete in groovy-release |
Deleted in groovy-proposed (Reason: moved to Release) |
flatpak (1.8.2-1) unstable; urgency=medium * New upstream release - Drop patch for #964541, applied upstream -- Simon McVittie <email address hidden> Tue, 25 Aug 2020 15:57:31 +0100
Available diffs
- diff from 1.8.1-2 to 1.8.2-1 (78.2 KiB)
flatpak (1.8.1-2) unstable; urgency=medium * Include flatpak-bisect and flatpak-coredumpctl in libflatpak-dev - Depends: python3, to be able to run the scripts themselves - Recommends: flatpak, for both scripts - Suggests: gdb and systemd-coredump, for flatpak-coredumpctl - Suggests: python3-gi and ostree, for flatpak-bisect * d/p/Fix-argument-order-of-clone-for-s390x-in-seccomp-filter.patch: Add proposed patch to fix seccomp filtering on s390x. Thanks to Julian Andres Klode. (Closes: #964541, LP: #1886814) -- Simon McVittie <email address hidden> Thu, 06 Aug 2020 22:45:21 +0100
Available diffs
- diff from 1.8.1-1 to 1.8.1-2 (1.8 KiB)
flatpak (1.6.5-0ubuntu0.1) focal; urgency=medium * New upstream release 1.6.5 (LP: #1884594) - Backports some of the OCI authenticator fixes from the 1.7 series - Fix a use-after free in libflatpak - Don't list p2p downgrades in list of available updates - Install gdm env.d fragment, but only as an example file. It is harmful on systems where environment.d(5) works (in particular systems using systemd), because it overwrites additions to the XDG_DATA_DIRS coming from other app frameworks like Snap. However, using either this fragment or manual configuration might be necessary on non-systemd systems. See /usr/share/doc/flatpak/README.Debian for more details. (LP: #1801814) - debian/flatpak.README.Debian: Add -- Andrew Hayzen <email address hidden> Wed, 08 Jul 2020 00:34:35 +0000
Available diffs
flatpak (1.8.1-1) unstable; urgency=medium * New upstream stable release -- Simon McVittie <email address hidden> Sat, 04 Jul 2020 15:24:14 +0100
Available diffs
- diff from 1.8.0-1 to 1.8.1-1 (58.9 KiB)
flatpak (1.8.0-1) unstable; urgency=medium * New upstream stable release - Update configure options - Install gdm env.d fragment, but only as an example file. It is harmful on systems where environment.d(5) works (in particular systems using systemd), because it overwrites additions to the XDG_DATA_DIRS coming from other app frameworks like Snap. However, using either this fragment or manual configuration might be necessary on non-systemd systems. See /usr/share/doc/flatpak/README.Debian for more details. - d/flatpak.README.Debian: Add -- Simon McVittie <email address hidden> Thu, 25 Jun 2020 12:26:28 +0100
Available diffs
- diff from 1.6.3-1 to 1.8.0-1 (692.7 KiB)
Superseded in groovy-release |
Published in focal-release |
Deleted in focal-proposed (Reason: moved to Release) |
flatpak (1.6.3-1) unstable; urgency=medium * New upstream stable release -- Simon McVittie <email address hidden> Tue, 31 Mar 2020 11:56:06 +0100
Available diffs
- diff from 1.6.2-1 to 1.6.3-1 (16.8 KiB)
flatpak (1.6.2-1) unstable; urgency=medium * New upstream stable release -- Simon McVittie <email address hidden> Thu, 13 Feb 2020 16:42:14 +0000
Available diffs
- diff from 1.6.1-1 to 1.6.2-1 (118.1 KiB)
flatpak (1.6.1-1) unstable; urgency=medium * New upstream stable release * Use secure URI in Homepage field. * Set upstream metadata fields: Repository. * Remove obsolete field Name from debian/upstream/metadata (already present in machine-readable debian/copyright). * Standards-Version: 4.5.0 (no changes required) -- Simon McVittie <email address hidden> Thu, 23 Jan 2020 17:53:52 +0000
Available diffs
- diff from 1.6.0-1 to 1.6.1-1 (74.2 KiB)
flatpak (1.6.0-1) unstable; urgency=medium * New upstream stable release - d/p/testlibrary-Don-t-assert-that-progress-is-signalled.patch: Drop workaround, the leaks that broke this test have been fixed - Drop other patches, applied upstream - Bump xdg-desktop-portal dependency to 1.6.x. That version has new API which Flatpak apps might rely on, so the corresponding versions should be tested and backported together. * d/watch: Only watch for stable releases * Set upstream branch to upstream/1.6.x * Drop xdg-desktop-portal from Depends to Recommends. Installing xdg-desktop-portal 1.6.x is strongly recommended, but strictly speaking it is not required: some of the simpler Flatpak apps can work without it. (Closes: #947022) * tests: Depend on fuse and policykit-1 * Revert Build-Conflicts on elogind to be nice to non-systemd derivatives. This was a workaround for the build-dependency resolver used in experimental, and is unnecessary now that I'm targeting unstable. -- Simon McVittie <email address hidden> Tue, 24 Dec 2019 16:11:00 +0000
Available diffs
- diff from 1.4.3-1 to 1.6.0-1 (695.2 KiB)
flatpak (1.0.9-0ubuntu0.1) bionic; urgency=medium * Update to 1.0.9 (LP: #1844666) * New upstream release - Allow use of extra_data for runtimes, this is required for the openh264 extension. -- Andrew Hayzen <email address hidden> Sat, 21 Sep 2019 21:30:00 +0000
flatpak (1.2.5-0ubuntu0.1) disco; urgency=medium * Update to 1.2.5 (LP: #1844665) * New upstream release - Allow use of extra_data for runtimes, this is required for the openh264 extension. -- Andrew Hayzen <email address hidden> Sat, 21 Sep 2019 22:04:15 +0000
Available diffs
Superseded in focal-release |
Obsolete in eoan-release |
Deleted in eoan-proposed (Reason: moved to Release) |
flatpak (1.4.3-1) unstable; urgency=medium * New upstream stable release - d/p/Don-t-register-polkit-agent-if-we-cannot-connect-to-syste.patch, d/p/tests-Skip-tests-that-use-system-helper-if-uid-or-gid-is-.patch: drop patches, applied upstream * Remove redundant --libexecdir, no longer needed with compat level 12 -- Simon McVittie <email address hidden> Thu, 19 Sep 2019 16:13:57 +0100
Available diffs
- diff from 1.4.2-2 to 1.4.3-1 (66.8 KiB)
flatpak (1.4.2-2) unstable; urgency=medium * Upload to unstable * d/gbp.conf: Return to debian/master branch * Use debhelper-compat 12 * Standards-Version: 4.4.0 (no changes required) -- Simon McVittie <email address hidden> Tue, 09 Jul 2019 17:59:57 +0100
Available diffs
- diff from 1.4.1-1 (in Ubuntu) to 1.4.2-2 (62.5 KiB)
- diff from 1.4.2-1 to 1.4.2-2 (921 bytes)
flatpak (1.4.2-1) experimental; urgency=medium * New upstream release * d/p/Don-t-register-polkit-agent-if-we-cannot-connect-to-syste.patch: Add proposed patch to avoid crashing if the system bus is unavailable, working around policykit-1 bug #923046 * d/salsa-ci.yml: Request standard CI on salsa.debian.org * d/p/tests-Skip-tests-that-use-system-helper-if-uid-or-gid-is-.patch: Avoid testing the system helper if uid or gid is zero. The system helper refuses to run in test mode if it has privileges, but some CI systems (currently including salsa-ci) run as uid or gid 0 in a disposable container. * d/test.sh: Don't run tests under linux32, even if reprotest did the build under linux32 * d/test.sh: Don't output non-test logs (notably debian/output/reprotest.log on salsa-ci) after running tests -- Simon McVittie <email address hidden> Tue, 02 Jul 2019 16:20:14 +0100
Available diffs
- diff from 1.4.1-1 (in Ubuntu) to 1.4.2-1 (62.2 KiB)
flatpak (1.4.1-1) experimental; urgency=high * New upstream stable release - This reverts an unintended ABI break in 1.4.0. -- Ken VanDine <email address hidden> Thu, 13 Jun 2019 11:45:33 +0100
Available diffs
- diff from 1.4.0-1 to 1.4.1-1 (23.5 KiB)
flatpak (1.4.0-1) experimental; urgency=medium * New upstream stable release
Available diffs
- diff from 1.2.4-1 (in Debian) to 1.4.0-1 (607.1 KiB)
flatpak (1.0.8-0ubuntu0.18.10.1) cosmic-security; urgency=medium * Update to 1.0.8 (LP: #1821811) * New upstream release - SECURITY UPDATE: seccomp: Reject all ioctls that the kernel will interpret as TIOCSTI, including those where the high 32 bits in a 64-bit word are nonzero. - CVE-2019-10063 -- Andrew Hayzen <email address hidden> Thu, 28 Mar 2019 21:57:34 +0000
Available diffs
flatpak (1.0.8-0ubuntu0.18.04.1) bionic-security; urgency=medium * Update to 1.0.8 (LP: #1821811) * New upstream release - SECURITY UPDATE: seccomp: Reject all ioctls that the kernel will interpret as TIOCSTI, including those where the high 32 bits in a 64-bit word are nonzero. - CVE-2019-10063 -- Andrew Hayzen <email address hidden> Wed, 27 Mar 2019 21:21:48 +0000
Available diffs
Superseded in eoan-release |
Obsolete in disco-release |
Deleted in disco-proposed (Reason: moved to release) |
flatpak (1.2.4-1) unstable; urgency=medium * New upstream stable release - Canonicalize XDG_RUNTIME_DIR if it's a symlink - Support device nodes for multiple Nvidia graphics cards if the proprietary driver is used - Fix a crash when certain errors occur while updating apps - Fix "flatpak list --arch" - Make "Installing %d/%d..." translatable * d/p/run-Only-compare-the-lowest-32-ioctl-arg-bits-for-TIOCSTI.patch: Drop patch, applied upstream -- Simon McVittie <email address hidden> Wed, 27 Mar 2019 20:47:33 +0000
Available diffs
- diff from 1.2.3-1 to 1.2.4-1 (56.8 KiB)
flatpak (1.0.7-0ubuntu0.18.04.1) bionic-security; urgency=medium * Update to 1.0.7 (LP: #1815528) * New upstream release - SECURITY UPDATE: do not let the apply_extra script for a system installation modify the host-side executable via /proc/self/exe, similar to CVE-2019-5736 in runc - CVE-2019-8308 -- Andrew Hayzen <email address hidden> Wed, 13 Feb 2019 21:24:42 +0000
flatpak (1.0.7-0ubuntu0.18.10.1) cosmic-security; urgency=medium * Update to 1.0.7 (LP: #1815528) * New upstream release - SECURITY UPDATE: do not let the apply_extra script for a system installation modify the host-side executable via /proc/self/exe, similar to CVE-2019-5736 in runc - CVE-2019-8308 -- Andrew Hayzen <email address hidden> Wed, 13 Feb 2019 21:31:52 +0000
flatpak (1.2.3-1) unstable; urgency=high * New upstream stable release - Security update: do not let the apply_extra script for a system installation modify the host-side executable via /proc/self/exe, similar to CVE-2019-5736 in runc (Closes: #922059) -- Simon McVittie <email address hidden> Mon, 11 Feb 2019 16:17:09 +0000
Available diffs
- diff from 1.2.2-1 to 1.2.3-1 (11.7 KiB)
flatpak (1.2.2-1) unstable; urgency=medium * New upstream stable release -- Simon McVittie <email address hidden> Wed, 06 Feb 2019 11:03:38 +0000
Available diffs
- diff from 1.2.1-1 to 1.2.2-1 (4.1 KiB)
1 → 75 of 142 results | First • Previous • Next • Last |