flatpak 1.12.8 Security fixes: * Escape special characters when displaying permissions and metadata, preventing malicious apps from manipulating the appearance of the permissions list using crafted metadata (CVE-2023-28101). * If a Flatpak app is run on a Linux virtual console (tty1, tty2, etc.), don't allow copy/paste via the TIOCLINUX ioctl (CVE-2023-28100). Note that this is specific to virtual consoles: Flatpak is not vulnerable to this if run from a graphical terminal emulator such as xterm, gnome-terminal or Konsole. Other bug fixes: * Update the SELinux module to explicitly permit the system helper have read access to /etc/passwd and systemd-userdbd, read and lock access to /var/lib/flatpak, and watch files inside $libexecdir (#4852, #4855, #4892; Red Hat #2071217, #2071215, #2070741, #2053634, #2070350) * If an app update is blocked by parental controls policies, clean up the temporary deploy directory (#5146) * Fix Autotools build with versions of gpgme that no longer provide gpgme-config(1) (#5173) * Remove some unreachable code (Coverity: CID 1514265) * Add missing handling for some D-Bus errors Git-EVTag-v0-SHA512: b8360cfc1de210ab96fd73547a1c6c99e4b75a9baa9485b8edb8b88300524132598f3b645a04b649a67a11f2e51846579f9886e000e7940686f60b6411627103