Change log for flatpak package in Ubuntu
| 1 → 75 of 142 results | First • Previous • Next • Last |
flatpak (1.14.8-1) unstable; urgency=medium
* New upstream stable release 1.14.7
- Automatically reload D-Bus session bus configuration when apps are
installed or upgraded, ensuring that any new .service files get
picked up
- Allow apps to be run if the D-Bus system bus is missing or
non-functional
- Add several more environment variables to the list not inherited
into the sandbox:
+ $LD_AUDIT, $LD_PRELOAD for ld.so
+ $__EGL_VENDOR_LIBRARY_DIRS, etc. for EGL
+ $VK_ADD_DRIVER_FILES, etc. for Vulkan
+ $container, when running Flatpak inside a container manager
- Use xdg-desktop-portal-gnome, if installed, to detect whether apps
are running in the background
- If an app's data is migrated to a new name and then deleted, don't
try to migrate it again, avoiding a recursive symlink loop
- Don't leak temporary variable $new_dirs from /etc/profile.d/flatpak.sh
into user shell sessions
- Avoid an out-of-bounds left-shift (which is technically undefined
behaviour) when hashing object names
- Fix critical warnings "GFileInfo created without
standard::is-symlink" when using /var/lib/flatpak/extension with
testing/unstable glib2.0
- Fix validation of documentation against Docbook DTD
- Fix a misleading comment in the test for CVE-2024-32462
- Fix a double-free in the test suite
- Skip more tests if bubblewrap works but FUSE doesn't
* New upstream stable release 1.14.8
- Respin of 1.14.7 reverting unintended submodule changes
* d/control: Replace one more polkitd|policykit-1 dependency with polkitd
* d/control: Move dbus-system-bus from Depends to Recommends.
`flatpak run` no longer has a working system bus as a hard requirement.
-- Simon McVittie <email address hidden> Tue, 30 Apr 2024 15:08:35 +0100
Available diffs
- diff from 1.14.6-1 to 1.14.8-1 (132.6 KiB)
| Superseded in oracular-release |
| Published in noble-release |
| Deleted in noble-proposed (Reason: Moved to noble) |
flatpak (1.14.6-1) unstable; urgency=high
* New upstream stable release 1.14.6
- Don't allow an executable name to be misinterpreted as a command-line
option for bwrap(1). This prevents a sandbox escape where a malicious
or compromised app could ask xdg-desktop-portal to generate a .desktop
file with access to files outside the sandbox. (CVE-2024-32462)
- Don't parse `<developer><name/></developer>` as the application name
* d/control: Drop alternative dependencies on transitional policykit-1.
polkitd was released in Debian 12 and Ubuntu 22.04.
-- Simon McVittie <email address hidden> Wed, 17 Apr 2024 19:34:28 +0100
Available diffs
flatpak (1.14.5-1build6) noble; urgency=medium * No-change rebuild against libarchive13t64 -- Steve Langasek <email address hidden> Sun, 07 Apr 2024 07:06:19 +0000
Available diffs
- diff from 1.14.5-1build5 to 1.14.5-1build6 (314 bytes)
flatpak (1.14.5-1build5) noble; urgency=medium * No-change rebuild for CVE-2024-3094 -- Steve Langasek <email address hidden> Sun, 31 Mar 2024 00:58:42 +0000
Available diffs
- diff from 1.14.5-1build4 to 1.14.5-1build5 (314 bytes)
flatpak (1.14.5-1build4) noble; urgency=medium * No-change rebuild against libcurl3t64-gnutls -- Steve Langasek <email address hidden> Sat, 16 Mar 2024 06:52:41 +0000
Available diffs
| Superseded in noble-proposed |
flatpak (1.14.5-1build3) noble; urgency=medium * No-change rebuild against libglib2.0-0t64 -- Steve Langasek <email address hidden> Mon, 11 Mar 2024 22:36:01 +0000
Available diffs
- diff from 1.14.5-1build2 to 1.14.5-1build3 (297 bytes)
| Superseded in noble-proposed |
flatpak (1.14.5-1build2) noble; urgency=medium * No-change rebuild against libglib2.0-0t64 -- Steve Langasek <email address hidden> Fri, 08 Mar 2024 04:20:41 +0000
Available diffs
- diff from 1.14.5-1build1 to 1.14.5-1build2 (531 bytes)
| Deleted in noble-updates (Reason: superseded by release) |
| Superseded in noble-release |
| Deleted in noble-proposed (Reason: Moved to noble) |
flatpak (1.14.5-1build1) noble; urgency=medium * Rebuild against latest appstream -- Jeremy Bícha <email address hidden> Sun, 17 Dec 2023 15:30:49 -0500
Available diffs
- diff from 1.14.5-1 (in Debian) to 1.14.5-1build1 (404 bytes)
flatpak (1.14.5-1) unstable; urgency=medium
* New upstream stable release
* Drop patches cherry-picked in 1.14.4-2, applied upstream
* d/flatpak.install: Install new tmpfiles.d snippet
* d/test.sh: Disable http proxy if used, to ensure we can reach localhost.
Some reproducible.org builders set http_proxy, which makes attempts
to access our temporary http server on localhost fail with a 503 error.
* d/control: (Build-)depend on pkgconf in preference to pkg-config
* d/control: Add ${gir:Depends}, ${gir:Provides} to -dev package
(Helps: #1030223)
* d/control: Build-depend on required GIR XML files (Helps: #1030223)
* Install systemd system unit into /usr/lib/systemd/system.
This was allowed by TC resolution #1053901.
Build-depend on debhelper 13.11.6~ to ensure that the unit is still
picked up by dh_installsystemd.
-- Simon McVittie <email address hidden> Fri, 08 Dec 2023 12:25:50 +0000
Available diffs
- diff from 1.14.4-2 to 1.14.5-1 (59.4 KiB)
| Superseded in noble-release |
| Published in mantic-release |
| Deleted in mantic-proposed (Reason: Moved to mantic) |
flatpak (1.14.4-2) unstable; urgency=medium * Team upload [ Simon McVittie ] * Mention #1033098, #1033099 in previous changelog entry [ Jeremy Bicha ] * Cherry-pick 2 patches for compatibility with glib 2.77 -- Jeremy Bícha <email address hidden> Tue, 18 Jul 2023 17:05:30 -0400
Available diffs
| Superseded in mantic-release |
| Published in lunar-release |
| Deleted in lunar-proposed (Reason: Moved to lunar) |
flatpak (1.14.4-1ubuntu1) lunar; urgency=medium [ Simon McVittie ] * Mention #1033098, #1033099 in previous changelog entry [ Jeremy Bicha ] * Cherry-pick 2 patches for compatibility with glib 2.76.0 -- Jeremy Bicha <email address hidden> Sat, 18 Mar 2023 19:43:33 -0400
Available diffs
flatpak (1.14.4-1) unstable; urgency=high
* New upstream security fix release
- Escape special characters when displaying permissions and metadata,
preventing malicious apps from manipulating the appearance of the
permissions list using crafted metadata (CVE-2023-28101)
- If a Flatpak app is run on a Linux virtual console (tty1, etc.),
don't allow copy/paste via the TIOCLINUX ioctl (CVE-2023-28100).
Note that this is specific to virtual consoles: Flatpak is not
vulnerable to this if run from a graphical terminal emulator such
as xterm, gnome-terminal or Konsole.
- Translation update: pl
-- Simon McVittie <email address hidden> Thu, 16 Mar 2023 10:39:01 +0000
Available diffs
- diff from 1.14.3-1 to 1.14.4-1 (52.5 KiB)
flatpak (1.14.3-1) unstable; urgency=medium
* New upstream stable release
- Fix handling of apps superseded by an app of a different name
in GNOME Software (flatpak#5172)
- Fix a crash when an app has --socket=gpg-agent permission
(flatpak#5095)
- Fix a crash when listing broken or misconfigured apps (flatpak#5293)
- If an app has invalid syntax in its overrides or metadata, mention
the filename in the error message (flatpak#5293)
- Unset $GDK_BACKEND so that GTK apps with --socket=fallback-x11
work reliably (flatpak#5303)
- Ignore some --filesystem permissions which would otherwise prevent
all apps from starting (flatpak#1357, flatpak#5205, flatpak#5207)
- Show a warning when a --filesystem exists but cannot be shared with
the sandbox (flatpak#1357, flatpak#5035, flatpak#5205, flatpak#5207)
-- Simon McVittie <email address hidden> Mon, 27 Feb 2023 12:52:48 +0000
Available diffs
- diff from 1.14.1-1 to 1.14.3-1 (171.3 KiB)
- diff from 1.14.2-1 to 1.14.3-1 (97.9 KiB)
flatpak (1.14.2-1) unstable; urgency=medium * New upstream stable release * Update standards version to 4.6.2 (no changes needed) -- Simon McVittie <email address hidden> Mon, 06 Feb 2023 17:21:47 +0000
Available diffs
- diff from 1.14.1-1 to 1.14.2-1 (32.6 KiB)
flatpak (1.14.1-1) unstable; urgency=medium
* New upstream stable release
* Remove obsolete maintscript entries
* Avoid explicitly specifying -Wl,--as-needed linker flag, which is
the default with newer toolchains
-- Simon McVittie <email address hidden> Fri, 18 Nov 2022 13:45:56 +0000
Available diffs
- diff from 1.14.0-2 to 1.14.1-1 (205.0 KiB)
| Superseded in lunar-release |
| Obsolete in kinetic-release |
| Deleted in kinetic-proposed (Reason: Moved to kinetic) |
flatpak (1.14.0-2) unstable; urgency=medium
* d/control: Add dependency on fuse3, for fusermount3.
Strictly speaking this is only needed for system installations, but
those are the default, and a missing fusermount3 produces unclear
symptoms.
* d/control: Depend on polkitd in preference to transitional policykit-1.
This package doesn't need pkexec.
* Update Lintian overrides
-- Simon McVittie <email address hidden> Fri, 02 Sep 2022 08:59:06 +0100
Available diffs
- diff from 1.14.0-1 to 1.14.0-2 (1.2 KiB)
flatpak (1.14.0-1) unstable; urgency=medium * New upstream release * d/copyright: Update * Build with libfuse3 -- Simon McVittie <email address hidden> Tue, 23 Aug 2022 20:26:06 +0100
Available diffs
- diff from 1.13.3-2 to 1.14.0-1 (500.9 KiB)
flatpak (1.13.3-2) experimental; urgency=medium
* Build with libcurl http backend.
This avoids library conflicts during the transition to GNOME 43, in
which core apps and libraries have switched to libsoup3, which conflicts
with libsoup2.4. See #1016589.
* d/control: Remove backwards-compat with libgdk-pixbuf2.0-dev.
libgdk-pixbuf-2.0-dev was released in bullseye, and official backports
to old distributions need to swap the dependency anyway, because of
how buildds resolve alternative dependencies.
* Set correct Vcs-Git field for experimental branch
* Standards-Version: 4.6.1 (no changes required)
-- Simon McVittie <email address hidden> Fri, 05 Aug 2022 10:06:16 +0100
Available diffs
- diff from 1.12.7-1 to 1.13.3-2 (731.5 KiB)
| Superseded in kinetic-release |
| Published in jammy-release |
| Deleted in jammy-proposed (Reason: Moved to jammy) |
flatpak (1.12.7-1) unstable; urgency=medium
* New upstream stable release
- Pass through a remote X11 display if the app has --share=network
- Pass through a remote PulseAudio server if the app has --share=network
- WAYLAND_DISPLAY can be an absolute path
- Accept /app/share/metainfo/*.xml exports from apps that were built
with Flatpak 1.13.x
- Automatically set up /var/lib/flatpak/repo if required
- Work around a bug in libostree < 2021.6 when used with GLib >= 2.71
- Fix some memory leaks in GVariant data processing
* d/gbp.conf: Use upstream/1.12.x branch for upstream imports
* d/watch: Only watch for upstream stable releases
-- Simon McVittie <email address hidden> Mon, 14 Mar 2022 17:37:10 +0000
Available diffs
- diff from 1.12.6-1 to 1.12.7-1 (235.4 KiB)
flatpak (1.12.6-1) unstable; urgency=medium
* New upstream stable release
- Better robustness against downloads being interrupted or cancelled
- Detect the GTK theme more reliably
- Fix history command unit test when not using persistent systemd journal
- Translation update: pt_BR
-- Simon McVittie <email address hidden> Tue, 22 Feb 2022 10:58:48 +0000
Available diffs
- diff from 1.12.5-1 to 1.12.6-1 (38.8 KiB)
flatpak (1.12.5-1) unstable; urgency=medium
* New upstream stable release
- Don't propagate GStreamer-related environment variables into sandbox
- Fix regressions in `flatpak history` since 1.9.1
- Remove temporary files from /var/lib/flatpak/appstream
* Stop installing flatpak-bisect and flatpak-coredumpctl as examples.
Since 1.8.1-2 they're installed into PATH, in libflatpak-dev.
* d/flatpak.docs: Use debhelper 11 dh_installdoc instead of dh-exec
-- Simon McVittie <email address hidden> Fri, 11 Feb 2022 17:16:22 +0000
Available diffs
- diff from 1.12.4-1 to 1.12.5-1 (194.0 KiB)
flatpak (1.12.4-1) unstable; urgency=medium
* New upstream stable release
* Alter the solution to CVE-2022-21682 to avoid regressions:
- Revert semantics of --nofilesystem=host to be the same as 1.12.2
- Revert semantics of --nofilesystem=home to be the same as 1.12.2
- Add --nofilesystem=host:reset which means the same thing that
--nofilesystem=host did in 1.12.3
- Users of flatpak-builder should update it to 1.2.2 to resolve
CVE-2022-21682
* Other bug fixes:
- Clarify documentation related to CVE-2022-21682
- Improve test coverage related to CVE-2022-21682
- Restore compatibility with older appstream-glib versions, for backports
* Set high urgency to resolve regressions in 1.12.3
-- Simon McVittie <email address hidden> Tue, 18 Jan 2022 18:01:05 +0000
Available diffs
- diff from 1.12.3-1 to 1.12.4-1 (173.0 KiB)
flatpak (1.12.3-1) unstable; urgency=high
* New upstream stable release
* Security fixes:
- Prevent a malicious repository from arranging for permissions to be
granted without being correctly displayed during installation
(CVE-2021-43860, GHSA-qpjc-vq3c-572j)
- Prevent a malicious build in flatpak-builder creating directories
outside the build directory (GHSA-8ch7-5j3h-g4fx)
* Behaviour changes, as a result of how GHSA-8ch7-5j3h-g4fx was fixed:
- --nofilesystem=host is now special-cased to negate all --filesystem
permissions. Previously, it would cancel out --filesystem=host but
not --filesystem=/some/dir.
- --nofilesystem=home is now special-cased to negate several
home-directory-related filesystem permssions such as
--filesystem=xdg-config/foo, not just --filesystem=host.
* Other bug fixes:
- Extra-data downloading now properly handles compressed
content-encodings, which fixes checksum verification
- Avoid unnecessary polkit prompt due to auto-pinning when installing
runtimes
- Better handling of updates of extensions that exist in multiple
repositories
- Fixed (initial) installation of apps with renamed app-IDs
- Support more pulseaudio configuration, including the one used in WSL2
- Fixed regression in updates from no-enumerate remotes
- We now verify checksums of summary caches, to better handle local file
corruption
- Improved CLI output for non-terminal targets
- Flatpak run --session-bus now works
- Fix build with PyParsing >= 3.0.4
- bash auto completion now doesn't complete on command name aliases
- Minor improvements to the search command
- Minor improvements to the list command
- Minor improvements to the repair command
- Add more tests
- Updated translations and docs
* d/copyright: Update
-- Simon McVittie <email address hidden> Wed, 12 Jan 2022 13:33:12 +0000
Available diffs
- diff from 1.12.2-2 to 1.12.3-1 (376.8 KiB)
flatpak (1.12.2-2) unstable; urgency=medium
* flatpak Recommends xdg-user-dirs.
If we don't have this, the XDG special directories for documents, music,
downloads etc. will not be listed in ~/.config/user-dirs.dirs unless
configured manually; this means that app permissions that would normally
share those directories with the host, such as --filesystem=xdg-download,
will have no practical effect. (Closes: #1000609)
* Build/test-depend on dbus-daemon.
We don't necessarily need a full implementation for the unit tests, but
we do need to be able to run dbus-daemon --session.
* Depend on default-dbus-system-bus | dbus-system-bus instead of dbus.
Any implementation of the system bus will do.
* Adjust Lintian overrides for current Lintian
-- Simon McVittie <email address hidden> Mon, 13 Dec 2021 13:22:23 +0000
Available diffs
- diff from 1.12.2-1 to 1.12.2-2 (1.1 KiB)
flatpak (1.6.5-0ubuntu0.4) focal-security; urgency=medium
* SECURITY UPDATE: Sandbox bypass via recent VFS-manipulating syscalls
(LP: #1946578)
- debian/paches/CVE-2021-41133-1.patch
- debian/paches/CVE-2021-41133-2.patch
- debian/paches/CVE-2021-41133-3.patch
- debian/paches/CVE-2021-41133-4.patch
- debian/paches/CVE-2021-41133-5.patch
- debian/paches/CVE-2021-41133-6.patch
- debian/paches/CVE-2021-41133-7.patch
- debian/paches/CVE-2021-41133-8.patch
- debian/paches/CVE-2021-41133-9.patch
- debian/paches/CVE-2021-41133-10.patch
- CVE-2021-41133
-- Andrew Hayzen <email address hidden> Wed, 13 Oct 2021 00:36:35 +0100
Available diffs
flatpak (1.0.9-0ubuntu0.4) bionic-security; urgency=medium
* SECURITY UPDATE: Sandbox bypass via recent VFS-manipulating syscalls
(LP: #1946578)
- debian/paches/CVE-2021-41133-1.patch
- debian/paches/CVE-2021-41133-2.patch
- debian/paches/CVE-2021-41133-3.patch
- debian/paches/CVE-2021-41133-4.patch
- debian/paches/CVE-2021-41133-5.patch
- debian/paches/CVE-2021-41133-6.patch
- debian/paches/CVE-2021-41133-7.patch
- debian/paches/CVE-2021-41133-8.patch
- debian/paches/CVE-2021-41133-9.patch
- debian/paches/CVE-2021-41133-10.patch
- CVE-2021-41133
-- Andrew Hayzen <email address hidden> Wed, 13 Oct 2021 00:36:35 +0100
Available diffs
flatpak (1.10.2-1ubuntu1.1) hirsute-security; urgency=medium
* SECURITY UPDATE: Sandbox bypass via recent VFS-manipulating syscalls
(LP: #1946578)
- debian/paches/CVE-2021-41133-1.patch
- debian/paches/CVE-2021-41133-2.patch
- debian/paches/CVE-2021-41133-3.patch
- debian/paches/CVE-2021-41133-4.patch
- debian/paches/CVE-2021-41133-5.patch
- debian/paches/CVE-2021-41133-6.patch
- debian/paches/CVE-2021-41133-7.patch
- debian/paches/CVE-2021-41133-8.patch
- debian/paches/CVE-2021-41133-9.patch
- debian/paches/CVE-2021-41133-10.patch
- CVE-2021-41133
-- Andrew Hayzen <email address hidden> Wed, 13 Oct 2021 00:36:35 +0100
Available diffs
flatpak (1.10.2-3ubuntu0.1) impish-security; urgency=medium
* SECURITY UPDATE: Sandbox bypass via recent VFS-manipulating syscalls
(LP: #1946578)
- debian/paches/CVE-2021-41133-1.patch
- debian/paches/CVE-2021-41133-2.patch
- debian/paches/CVE-2021-41133-3.patch
- debian/paches/CVE-2021-41133-4.patch
- debian/paches/CVE-2021-41133-5.patch
- debian/paches/CVE-2021-41133-6.patch
- debian/paches/CVE-2021-41133-7.patch
- debian/paches/CVE-2021-41133-8.patch
- debian/paches/CVE-2021-41133-9.patch
- debian/paches/CVE-2021-41133-10.patch
- CVE-2021-41133
-- Andrew Hayzen <email address hidden> Wed, 13 Oct 2021 00:36:35 +0100
Available diffs
flatpak (1.12.2-1) unstable; urgency=medium
* New upstream stable release
- Better diagnostic messages if libseccomp calls fail
- Install translations referenced by LANG, LANGUAGE or LC_ALL,
fixing test failures in 1.12.0+ on older distributions
- Update Polish translation
* d/p/Fix-handling-of-syscalls-only-allowed-by-devel.patch:
Drop patch, applied upstream
-- Simon McVittie <email address hidden> Tue, 12 Oct 2021 11:54:06 +0100
Available diffs
- diff from 1.10.2-3 to 1.12.2-1 (887.6 KiB)
| Superseded in jammy-release |
| Obsolete in impish-release |
| Deleted in impish-proposed (Reason: Moved to impish) |
flatpak (1.10.2-3) unstable; urgency=medium
* d/patches: Align with upstream flatpak-1.10.x branch, making this
effectively a release candidate for upstream stable release 1.10.3
- d/patches: Update metadata to reflect upstream flatpak-1.10.x branch.
All the patches we apply in Debian are expected to be released in
1.10.3 upstream, but not all were annotated to reflect this.
- d/p/system-helper-Fix-deploys-of-local-remotes.patch:
Fix some failures to update in GNOME Software and the unit tests.
This change was previously applied in Ubuntu's flatpak_1.10.2-1ubuntu1
to fix a unit test failure, possibly triggered by a newer version of
GLib. It has also been reported to fix a failure to upgrade Flatpak
apps using GNOME Software, this time in Fedora.
- d/p/create-usb-Skip-copying-extra-data-flatpaks.patch:
Skip flatpaks with "extra-data" when using `flatpak create-usb`.
This command is intended to create USB drives that can be
used to install Flatpak apps and/or runtimes while offline,
but the "extra-data" feature downloads extra content for an app
or runtime at install time, as a way to automate installation of
data that can be re-downloaded by end users but is not licensed
for redistribution by Flatpak repositories. Such apps and runtimes
would fail to install while offline.
- d/p/series: Re-order patches to match upstream flatpak-1.10.x branch
-- Simon McVittie <email address hidden> Sun, 25 Jul 2021 20:44:58 +0100
Available diffs
| Superseded in impish-release |
| Obsolete in hirsute-release |
| Deleted in hirsute-proposed (Reason: Moved to hirsute) |
flatpak (1.10.2-1ubuntu1) hirsute; urgency=medium
* debian/patches/0001-system-helper-Fix-deploys-of-local-remotes.patch:
Cherry pick a patch to fix the tests with new glib2.0.
For updates in remotes with a local (file:) uri we just do a deploy with a
LOCAL_PULL flag set and an empty arg_repo_path. However, our arg_repo_path
checking at some point seemed to stop properly handling the case where it
is empty. I got it to report "No such file" wich broke the tests.
-- Iain Lane <email address hidden> Thu, 08 Apr 2021 18:12:53 +0100
Available diffs
flatpak (1.0.9-0ubuntu0.3) bionic-security; urgency=medium
* SECURITY UPDATE: Flatpak sandbox escape via crafted .desktop file
(LP: #1918482)
- debian/patches/CVE-2021-21381-1.patch: Disallow @@ and @@u usage in
desktop files.
- debian/patches/CVE-2021-21381-2.patch: dir: Reserve the whole @@
prefix.
- debian/patches/CVE-2021-21381-3.patch: dir: Refuse to export
.desktop files with suspicious uses.
- CVE-2021-21381
-- Andrew Hayzen <email address hidden> Wed, 10 Mar 2021 20:51:04 +0000
Available diffs
flatpak (1.6.5-0ubuntu0.3) focal-security; urgency=medium
* SECURITY UPDATE: Flatpak sandbox escape via crafted .desktop file
(LP: #1918482)
- debian/patches/CVE-2021-21381-1.patch: Disallow @@ and @@u usage in
desktop files.
- debian/patches/CVE-2021-21381-2.patch: dir: Reserve the whole @@
prefix.
- debian/patches/CVE-2021-21381-3.patch: dir: Refuse to export
.desktop files with suspicious uses.
- CVE-2021-21381
-- Andrew Hayzen <email address hidden> Fri, 05 Mar 2021 22:21:25 +0000
Available diffs
flatpak (1.8.2-1ubuntu0.2) groovy-security; urgency=medium
* SECURITY UPDATE: Flatpak sandbox escape via crafted .desktop file
(LP: #1918482)
- debian/patches/CVE-2021-21381-1.patch: Disallow @@ and @@u usage in
desktop files.
- debian/patches/CVE-2021-21381-2.patch: dir: Reserve the whole @@
prefix.
- debian/patches/CVE-2021-21381-3.patch: dir: Refuse to export
.desktop files with suspicious uses.
- CVE-2021-21381
-- Andrew Hayzen <email address hidden> Wed, 10 Mar 2021 20:54:38 +0000
Available diffs
flatpak (1.10.2-1) unstable; urgency=medium
* New upstream stable release
- Make --filesystem, --nofilesystem accept non-ASCII filenames more
reliably
- Improve solution for #984859 so it refuses to install apps that
appear to be trying to exploit the vulnerability
- Fix a memory leak
- Improve compatibility with openSUSE's X authentication setup
- Use a single version of Docbook for all documentation
- This release also incorporates the fixes that were applied in
1.10.1-2 and 1.10.1-3, and part of 1.10.1-4
* Drop patches that were applied upstream
* d/p/tests-Remove-hard-coded-references-to-x86_64.patch:
Mark the remaining patch as applied upstream for 1.11.0
* Add reference to #984859 in previous changelog entry
-- Simon McVittie <email address hidden> Wed, 10 Mar 2021 10:58:32 +0000
Available diffs
flatpak (1.10.1-4) unstable; urgency=high
* d/p/Disallow-and-u-usage-in-desktop-files.patch:
Add proposed patch to fix a sandbox escape via crafted .desktop
files (flatpak#4146). Thanks, Ryan Gonzalez
* d/p/tests-Remove-hard-coded-references-to-x86_64.patch:
Add proposed patch to fix some tests on non-x86_64 machines.
The affected tests were already skipped in schroot/lxc for other
reasons, but would be run (and fail) on autopkgtest testbeds with
isolation-machine and working FUSE.
-- Simon McVittie <email address hidden> Fri, 05 Mar 2021 10:21:35 +0000
Available diffs
flatpak (1.10.1-3ubuntu1) hirsute; urgency=medium
* Merge from Debian unstable. Remaining changes:
- Designate 'test-unused' test as flaky. It is new in this version, so
has never passed in autopkgtests on !amd64.
Available diffs
flatpak (1.10.1-2ubuntu2) hirsute; urgency=medium
* Designate 'test-unused' test as flaky. It is new in this version, so
has never passed in autopkgtests.
-- Rik Mills <email address hidden> Tue, 23 Feb 2021 20:48:19 +0000
Available diffs
- diff from 1.8.5-1 (in Debian) to 1.10.1-2ubuntu2 (895.5 KiB)
- diff from 1.10.1-2ubuntu1 to 1.10.1-2ubuntu2 (566 bytes)
| Superseded in hirsute-proposed |
flatpak (1.10.1-2ubuntu1) hirsute; urgency=medium
* Add patch from Fedora, backporting upstream commit fixing headers
after new glibc changes. Fixes at least plasma-discover FTBFS
against flatpak with new glibc.
- 0001-Add-G_BEGIN_DECLS-G_END_DECLS-to-public-headers.patch
-- Rik Mills <email address hidden> Tue, 23 Feb 2021 18:34:37 +0000
Available diffs
flatpak (1.8.2-1ubuntu0.1) groovy-security; urgency=medium * SECURITY UPDATE: Flatpak sandbox escape via spawn portal (LP: #1911473) - debian/patches/CVE-2021-21261-1.patch: common: Add a backport of G_DBUS_METHOD_INVOCATION_HANDLED. - debian/patches/CVE-2021-21261-2.patch: run: Convert all environment variables into bwrap arguments. - debian/patches/CVE-2021-21261-3.patch: tests: Expand coverage for environment variable overrides. - debian/patches/CVE-2021-21261-4.patch: context: Add --env-fd option. - debian/patches/CVE-2021-21261-5.patch: portal: Convert --env in extra-args into --env-fd. - debian/patches/CVE-2021-21261-6.patch: tests: Exercise --env-fd. - debian/patches/CVE-2021-21261-7.patch: portal: Do not use caller-supplied variables in environment. - debian/patches/CVE-2021-21261-8.patch: tests: Assert that --env= does not go in `flatpak run` or bwrap environ. - CVE-2021-21261 -- Andrew Hayzen <email address hidden> Fri, 22 Jan 2021 00:59:12 +0000
Available diffs
flatpak (1.6.5-0ubuntu0.2) focal-security; urgency=medium * SECURITY UPDATE: Flatpak sandbox escape via spawn portal (LP: #1911473) - debian/patches/CVE-2021-21261-1.patch: tests: Add minimal version of "ok" helper. - debian/patches/CVE-2021-21261-2.patch: common: Add a backport of G_DBUS_METHOD_INVOCATION_HANDLED. - debian/patches/CVE-2021-21261-3.patch: run: Convert all environment variables into bwrap arguments. - debian/patches/CVE-2021-21261-4.patch: tests: Expand coverage for environment variable overrides. - debian/patches/CVE-2021-21261-5.patch: context: Add --env-fd option. - debian/patches/CVE-2021-21261-6.patch: portal: Convert --env in extra-args into --env-fd. - debian/patches/CVE-2021-21261-7.patch: tests: Exercise --env-fd. - debian/patches/CVE-2021-21261-8.patch: portal: Do not use caller-supplied variables in environment. - debian/patches/CVE-2021-21261-9.patch: tests: Assert that --env= does not go in `flatpak run` or bwrap environ. - CVE-2021-21261 -- Andrew Hayzen <email address hidden> Wed, 13 Jan 2021 21:09:15 +0000
flatpak (1.0.9-0ubuntu0.2) bionic-security; urgency=medium * SECURITY UPDATE: Flatpak sandbox escape via spawn portal (LP: #1911473) - debian/patches/CVE-2021-21261-1.patch: run: Convert all environment variables into bwrap arguments. - debian/patches/CVE-2021-21261-2.patch: common: Move flatpak_buffer_to_sealed_memfd_or_tmpfile to its own file. - debian/patches/CVE-2021-21261-3.patch: context: Add --env-fd option. - debian/patches/CVE-2021-21261-4.patch: portal: Convert --env in extra-args into --env-fd. - debian/patches/CVE-2021-21261-5.patch: portal: Do not use caller-supplied variables in environment. - CVE-2021-21261 -- Paulo Flabiano Smorigo <email address hidden> Tue, 19 Jan 2021 14:21:40 +0000
Available diffs
flatpak (1.10.1-2) unstable; urgency=medium
* d/patches: Disable FUSE-based revokefs if any of several factors fail.
This fixes FTBFS in pbuilder, and hopefully also on Launchpad
autobuilders.
-- Simon McVittie <email address hidden> Thu, 28 Jan 2021 22:24:20 +0000
Available diffs
- diff from 1.10.1-1 to 1.10.1-2 (2.5 KiB)
flatpak (1.10.1-1) unstable; urgency=medium
* New upstream release
- Fix a regression in 'flatpak build' after fixing CVE-2021-21261
(Closes: #980323)
-- Simon McVittie <email address hidden> Thu, 21 Jan 2021 14:12:22 +0000
Available diffs
- diff from 1.10.0-2 to 1.10.1-1 (60.4 KiB)
flatpak (1.10.0-2) unstable; urgency=medium * Upload 1.10.x branch to unstable * Add CVE-2021-21261 reference to 1.8.5-1 changelog entry -- Simon McVittie <email address hidden> Sun, 17 Jan 2021 11:51:16 +0000
Available diffs
- diff from 1.8.5-1 to 1.10.0-2 (887.4 KiB)
flatpak (1.8.5-1) unstable; urgency=high
* New upstream release fixing a sandbox escape vulnerability
(GHSA-4ppf-fxf6-vxg2)
* Mark patch for #975710 as having been applied upstream
-- Simon McVittie <email address hidden> Thu, 14 Jan 2021 09:34:09 +0000
Available diffs
- diff from 1.8.4-2 to 1.8.5-1 (34.5 KiB)
flatpak (1.8.4-2) unstable; urgency=medium
* Mark patch for #972138 as having been applied upstream
* Add patch to avoid gvfs-daemon being started when logging in as root.
Thanks to Mourad De Clerck (Closes: #975710)
* Add package-specific info from bubblewrap to bug reports.
In particular, this will tell us whether it's setuid.
-- Simon McVittie <email address hidden> Sun, 03 Jan 2021 15:37:04 +0000
Available diffs
- diff from 1.8.4-1 to 1.8.4-2 (1.3 KiB)
flatpak (1.8.4-1) unstable; urgency=medium
* debian/o.fd.Flatpak.pkla: sync with rules provided by upstream
* Use debian/unstable branch for packaging
* New upstream release
* d/p/variant-schema-compiler-Disable-optimized-calculation-of-.patch:
Drop patch, which should be unnecessary with the new version
-- Simon McVittie <email address hidden> Thu, 24 Dec 2020 10:58:59 +0000
Available diffs
- diff from 1.8.3-2 to 1.8.4-1 (5.4 KiB)
flatpak (1.8.3-2) unstable; urgency=medium
* Preferentially build-depend on libgdk-pixbuf-2.0-dev.
We don't need the deprecated Xlib integration that is also pulled in
by the older libgdk-pixbuf2.0-dev package (see #974870).
* Standards-Version: 4.5.1 (no changes required)
-- Simon McVittie <email address hidden> Tue, 24 Nov 2020 12:01:18 +0000
Available diffs
- diff from 1.8.3-1 to 1.8.3-2 (616 bytes)
flatpak (1.8.3-1) unstable; urgency=medium * New upstream release -- Simon McVittie <email address hidden> Thu, 19 Nov 2020 14:51:15 +0000
Available diffs
- diff from 1.8.2-3 to 1.8.3-1 (71.9 KiB)
flatpak (1.8.2-3) unstable; urgency=medium
* d/p/Skip-parental-controls-checks-on-ServiceUnknown-or-NameHa.patch:
Add proposed patch to skip parental controls if accountsservice is not
installed.
The malcontent package (which activates parental controls support)
depends on accountsservice, but the libmalcontent-0-0 client library
does not, so we need to cope gracefully with the case where
neither malcontent nor accountsservice is installed. Presumably, in such
installations the sysadmin did not want the parental controls feature.
Ideally libmalcontent would do this itself (#972145). (Closes: #972138)
* Add Depends on dbus, for the well-known system bus service.
Now that the parental controls feature is enabled, Flatpak will refuse
to run apps if the D-Bus system bus is unavailable. Previously, it would
have partially worked (but with severely reduced functionality, in
particular only --user installations).
* d/control: Canonicalize case of Multi-Arch
* Update lintian overrides to silence some false-positives
-- Simon McVittie <email address hidden> Thu, 15 Oct 2020 09:47:28 +0100
Available diffs
- diff from 1.8.2-1 to 1.8.2-3 (2.5 KiB)
- diff from 1.8.2-2 to 1.8.2-3 (2.2 KiB)
| Superseded in hirsute-proposed |
| Deleted in groovy-proposed (Reason: From groovy-as-devel-series, now present in hirsute, not ...) |
flatpak (1.8.2-2) unstable; urgency=medium
[ Laurent Bigonville ]
* debian/control: Add libmalcontent-0-dev to the build-dependencies.
This provides optional parental controls for app installation and
launching.
[ Simon McVittie ]
* Add Suggests on malcontent-gui
-- Simon McVittie <email address hidden> Sat, 10 Oct 2020 20:10:55 +0100
Available diffs
- diff from 1.8.2-1 to 1.8.2-2 (589 bytes)
| Superseded in hirsute-release |
| Obsolete in groovy-release |
| Deleted in groovy-proposed (Reason: moved to Release) |
flatpak (1.8.2-1) unstable; urgency=medium
* New upstream release
- Drop patch for #964541, applied upstream
-- Simon McVittie <email address hidden> Tue, 25 Aug 2020 15:57:31 +0100
Available diffs
- diff from 1.8.1-2 to 1.8.2-1 (78.2 KiB)
flatpak (1.8.1-2) unstable; urgency=medium
* Include flatpak-bisect and flatpak-coredumpctl in libflatpak-dev
- Depends: python3, to be able to run the scripts themselves
- Recommends: flatpak, for both scripts
- Suggests: gdb and systemd-coredump, for flatpak-coredumpctl
- Suggests: python3-gi and ostree, for flatpak-bisect
* d/p/Fix-argument-order-of-clone-for-s390x-in-seccomp-filter.patch:
Add proposed patch to fix seccomp filtering on s390x.
Thanks to Julian Andres Klode. (Closes: #964541, LP: #1886814)
-- Simon McVittie <email address hidden> Thu, 06 Aug 2020 22:45:21 +0100
Available diffs
- diff from 1.8.1-1 to 1.8.1-2 (1.8 KiB)
flatpak (1.6.5-0ubuntu0.1) focal; urgency=medium * New upstream release 1.6.5 (LP: #1884594) - Backports some of the OCI authenticator fixes from the 1.7 series - Fix a use-after free in libflatpak - Don't list p2p downgrades in list of available updates - Install gdm env.d fragment, but only as an example file. It is harmful on systems where environment.d(5) works (in particular systems using systemd), because it overwrites additions to the XDG_DATA_DIRS coming from other app frameworks like Snap. However, using either this fragment or manual configuration might be necessary on non-systemd systems. See /usr/share/doc/flatpak/README.Debian for more details. (LP: #1801814) - debian/flatpak.README.Debian: Add -- Andrew Hayzen <email address hidden> Wed, 08 Jul 2020 00:34:35 +0000
Available diffs
flatpak (1.8.1-1) unstable; urgency=medium * New upstream stable release -- Simon McVittie <email address hidden> Sat, 04 Jul 2020 15:24:14 +0100
Available diffs
- diff from 1.8.0-1 to 1.8.1-1 (58.9 KiB)
flatpak (1.8.0-1) unstable; urgency=medium
* New upstream stable release
- Update configure options
- Install gdm env.d fragment, but only as an example file.
It is harmful on systems where environment.d(5) works (in particular
systems using systemd), because it overwrites additions to the
XDG_DATA_DIRS coming from other app frameworks like Snap.
However, using either this fragment or manual configuration might
be necessary on non-systemd systems. See
/usr/share/doc/flatpak/README.Debian for more details.
- d/flatpak.README.Debian: Add
-- Simon McVittie <email address hidden> Thu, 25 Jun 2020 12:26:28 +0100
Available diffs
- diff from 1.6.3-1 to 1.8.0-1 (692.7 KiB)
| Superseded in groovy-release |
| Published in focal-release |
| Deleted in focal-proposed (Reason: moved to Release) |
flatpak (1.6.3-1) unstable; urgency=medium * New upstream stable release -- Simon McVittie <email address hidden> Tue, 31 Mar 2020 11:56:06 +0100
Available diffs
- diff from 1.6.2-1 to 1.6.3-1 (16.8 KiB)
flatpak (1.6.2-1) unstable; urgency=medium * New upstream stable release -- Simon McVittie <email address hidden> Thu, 13 Feb 2020 16:42:14 +0000
Available diffs
- diff from 1.6.1-1 to 1.6.2-1 (118.1 KiB)
flatpak (1.6.1-1) unstable; urgency=medium
* New upstream stable release
* Use secure URI in Homepage field.
* Set upstream metadata fields: Repository.
* Remove obsolete field Name from debian/upstream/metadata (already
present in machine-readable debian/copyright).
* Standards-Version: 4.5.0 (no changes required)
-- Simon McVittie <email address hidden> Thu, 23 Jan 2020 17:53:52 +0000
Available diffs
- diff from 1.6.0-1 to 1.6.1-1 (74.2 KiB)
flatpak (1.6.0-1) unstable; urgency=medium
* New upstream stable release
- d/p/testlibrary-Don-t-assert-that-progress-is-signalled.patch:
Drop workaround, the leaks that broke this test have been fixed
- Drop other patches, applied upstream
- Bump xdg-desktop-portal dependency to 1.6.x.
That version has new API which Flatpak apps might rely on, so the
corresponding versions should be tested and backported together.
* d/watch: Only watch for stable releases
* Set upstream branch to upstream/1.6.x
* Drop xdg-desktop-portal from Depends to Recommends.
Installing xdg-desktop-portal 1.6.x is strongly recommended, but
strictly speaking it is not required: some of the simpler Flatpak
apps can work without it. (Closes: #947022)
* tests: Depend on fuse and policykit-1
* Revert Build-Conflicts on elogind to be nice to non-systemd derivatives.
This was a workaround for the build-dependency resolver used in
experimental, and is unnecessary now that I'm targeting unstable.
-- Simon McVittie <email address hidden> Tue, 24 Dec 2019 16:11:00 +0000
Available diffs
- diff from 1.4.3-1 to 1.6.0-1 (695.2 KiB)
flatpak (1.0.9-0ubuntu0.1) bionic; urgency=medium * Update to 1.0.9 (LP: #1844666) * New upstream release - Allow use of extra_data for runtimes, this is required for the openh264 extension. -- Andrew Hayzen <email address hidden> Sat, 21 Sep 2019 21:30:00 +0000
flatpak (1.2.5-0ubuntu0.1) disco; urgency=medium * Update to 1.2.5 (LP: #1844665) * New upstream release - Allow use of extra_data for runtimes, this is required for the openh264 extension. -- Andrew Hayzen <email address hidden> Sat, 21 Sep 2019 22:04:15 +0000
Available diffs
| Superseded in focal-release |
| Obsolete in eoan-release |
| Deleted in eoan-proposed (Reason: moved to Release) |
flatpak (1.4.3-1) unstable; urgency=medium
* New upstream stable release
- d/p/Don-t-register-polkit-agent-if-we-cannot-connect-to-syste.patch,
d/p/tests-Skip-tests-that-use-system-helper-if-uid-or-gid-is-.patch:
drop patches, applied upstream
* Remove redundant --libexecdir, no longer needed with compat level 12
-- Simon McVittie <email address hidden> Thu, 19 Sep 2019 16:13:57 +0100
Available diffs
- diff from 1.4.2-2 to 1.4.3-1 (66.8 KiB)
flatpak (1.4.2-2) unstable; urgency=medium * Upload to unstable * d/gbp.conf: Return to debian/master branch * Use debhelper-compat 12 * Standards-Version: 4.4.0 (no changes required) -- Simon McVittie <email address hidden> Tue, 09 Jul 2019 17:59:57 +0100
Available diffs
- diff from 1.4.1-1 (in Ubuntu) to 1.4.2-2 (62.5 KiB)
- diff from 1.4.2-1 to 1.4.2-2 (921 bytes)
flatpak (1.4.2-1) experimental; urgency=medium
* New upstream release
* d/p/Don-t-register-polkit-agent-if-we-cannot-connect-to-syste.patch:
Add proposed patch to avoid crashing if the system bus is unavailable,
working around policykit-1 bug #923046
* d/salsa-ci.yml: Request standard CI on salsa.debian.org
* d/p/tests-Skip-tests-that-use-system-helper-if-uid-or-gid-is-.patch:
Avoid testing the system helper if uid or gid is zero.
The system helper refuses to run in test mode if it has privileges,
but some CI systems (currently including salsa-ci) run as uid or
gid 0 in a disposable container.
* d/test.sh: Don't run tests under linux32, even if reprotest did the
build under linux32
* d/test.sh: Don't output non-test logs (notably
debian/output/reprotest.log on salsa-ci) after running tests
-- Simon McVittie <email address hidden> Tue, 02 Jul 2019 16:20:14 +0100
Available diffs
- diff from 1.4.1-1 (in Ubuntu) to 1.4.2-1 (62.2 KiB)
flatpak (1.4.1-1) experimental; urgency=high
* New upstream stable release
- This reverts an unintended ABI break in 1.4.0.
-- Ken VanDine <email address hidden> Thu, 13 Jun 2019 11:45:33 +0100
Available diffs
- diff from 1.4.0-1 to 1.4.1-1 (23.5 KiB)
flatpak (1.4.0-1) experimental; urgency=medium * New upstream stable release
Available diffs
- diff from 1.2.4-1 (in Debian) to 1.4.0-1 (607.1 KiB)
flatpak (1.0.8-0ubuntu0.18.10.1) cosmic-security; urgency=medium * Update to 1.0.8 (LP: #1821811) * New upstream release - SECURITY UPDATE: seccomp: Reject all ioctls that the kernel will interpret as TIOCSTI, including those where the high 32 bits in a 64-bit word are nonzero. - CVE-2019-10063 -- Andrew Hayzen <email address hidden> Thu, 28 Mar 2019 21:57:34 +0000
Available diffs
flatpak (1.0.8-0ubuntu0.18.04.1) bionic-security; urgency=medium * Update to 1.0.8 (LP: #1821811) * New upstream release - SECURITY UPDATE: seccomp: Reject all ioctls that the kernel will interpret as TIOCSTI, including those where the high 32 bits in a 64-bit word are nonzero. - CVE-2019-10063 -- Andrew Hayzen <email address hidden> Wed, 27 Mar 2019 21:21:48 +0000
Available diffs
| Superseded in eoan-release |
| Obsolete in disco-release |
| Deleted in disco-proposed (Reason: moved to release) |
flatpak (1.2.4-1) unstable; urgency=medium
* New upstream stable release
- Canonicalize XDG_RUNTIME_DIR if it's a symlink
- Support device nodes for multiple Nvidia graphics cards if the
proprietary driver is used
- Fix a crash when certain errors occur while updating apps
- Fix "flatpak list --arch"
- Make "Installing %d/%d..." translatable
* d/p/run-Only-compare-the-lowest-32-ioctl-arg-bits-for-TIOCSTI.patch:
Drop patch, applied upstream
-- Simon McVittie <email address hidden> Wed, 27 Mar 2019 20:47:33 +0000
Available diffs
- diff from 1.2.3-1 to 1.2.4-1 (56.8 KiB)
flatpak (1.0.7-0ubuntu0.18.04.1) bionic-security; urgency=medium * Update to 1.0.7 (LP: #1815528) * New upstream release - SECURITY UPDATE: do not let the apply_extra script for a system installation modify the host-side executable via /proc/self/exe, similar to CVE-2019-5736 in runc - CVE-2019-8308 -- Andrew Hayzen <email address hidden> Wed, 13 Feb 2019 21:24:42 +0000
flatpak (1.0.7-0ubuntu0.18.10.1) cosmic-security; urgency=medium * Update to 1.0.7 (LP: #1815528) * New upstream release - SECURITY UPDATE: do not let the apply_extra script for a system installation modify the host-side executable via /proc/self/exe, similar to CVE-2019-5736 in runc - CVE-2019-8308 -- Andrew Hayzen <email address hidden> Wed, 13 Feb 2019 21:31:52 +0000
flatpak (1.2.3-1) unstable; urgency=high
* New upstream stable release
- Security update: do not let the apply_extra script for a system
installation modify the host-side executable via /proc/self/exe,
similar to CVE-2019-5736 in runc (Closes: #922059)
-- Simon McVittie <email address hidden> Mon, 11 Feb 2019 16:17:09 +0000
Available diffs
- diff from 1.2.2-1 to 1.2.3-1 (11.7 KiB)
flatpak (1.2.2-1) unstable; urgency=medium * New upstream stable release -- Simon McVittie <email address hidden> Wed, 06 Feb 2019 11:03:38 +0000
Available diffs
- diff from 1.2.1-1 to 1.2.2-1 (4.1 KiB)
| 1 → 75 of 142 results | First • Previous • Next • Last |
