Tags

flatpak release 1.16.0-1 for unstable (sid)

(maintainer view tag generated by dgit --quilt=unapplied)

[dgit distro=debian split --quilt=unapplied]

Upstream version 1.16.0

flatpak 1.16.0

Bug fixes:

 * Update libglnx to 2024-12-06:
    - Fix an assertion failure if creating a parent directory encounters a
      dangling symlink (GNOME/libglnx#1)
    - Fix a Meson warning

* Don't emit terminal progress indicator escape sequences by default. They are
  interpreted as notifications by some terminal emulators. (#6052)

* Fix introspection annotations in libflatpak

Enhancements:

* Add the `FLATPAK_TTY_PROGRESS` environment variable, which re-enables the
  terminal progress indicator escape sequences added in 1.15.91.

* Document the `FLATPAK_FANCY_OUTPUT` environment variable, which allows
  disabling the fancy formatting when outputting to a terminal.

Git-EVTag-v0-SHA512: f01f43dfd872034bf571a2d2fd73cf5ea4e6c5dc8fd3e7a55af49b8f48c701573a5466ed3f65690e177853f4a0fe0377b3b18e87fdbd53cb171b60f557978f82

flatpak release 1.15.91-1 for unstable (sid)

(maintainer view tag generated by dgit --quilt=unapplied)

[dgit distro=debian split --quilt=unapplied]

Upstream version 1.15.91

flatpak 1.15.91

Enhancements:

 * Add the `FLATPAK_DATA_DIR` environment variable, which allows overriding
   at runtime the data directory location that Flatpak uses to search for
   configuration files such as remotes. This is useful for running tests,
   and for when installing using Flatpak in a chroot.

 * Add a `FLATPAK_DOWNLOAD_TMPDIR` variable. This allows using download
   directories other than /var/tmp.

 * Emit progress escape sequence. This can be used by terminal emulators
   to detect and display progress of Flatpak operations on their graphical
   user interfaces.

Bug fixes:

 * Install missing test data. This should fix "as-installed" tests via
   `ginsttest-runner`, used for example in Debian's autopkgtest framework.

 * Unify and improve how the Wayland socket is passed to the sandboxed app.
   This should fix a regression that is triggered by compositors that both
   implement the security-context-v1 protocol, and sets the `WAYLAND_DISPLAY`
   environment variable when launching Flatpak apps. (#5863)

 * Fix the plural form of a translatable string.

Git-EVTag-v0-SHA512: f8416d6a99c2d35464a99c8c223f602d2cc09769f441c9e72a78789c4737176c95042f373f521cdc3fbe4e70b70ca47d2d5cc62b718119f0541d0bfc1b6b96cd

flatpak 1.15.12

Bug fixes:

 * Return to using the process ID of the Flatpak app in the cgroup name.
   Using the instance ID in 1.15.11 caused crashes when installing apps,
   extensions or runtimes that use the "extra data" mechanism, which
   does not set up an instance ID. (#6009)

Git-EVTag-v0-SHA512: 43dd2b94b3005854c444774478b60ee3b70dda3e31976bfbcbab63f80569eca1ba1285bd9cbb29c7c99a98371d1f917f94265baa2652ec64180a778476641e99

flatpak release 1.15.12-1 for experimental (rc-buggy)

(maintainer view tag generated by dgit --quilt=unapplied)

[dgit distro=debian split --quilt=unapplied]

Upstream version 1.15.12

Upstream version 1.15.11

1.15.11

flatpak Debian release 1.14.10-1~deb12u1

flatpak Debian release 1.15.10-1

flatpak 1.14.10

Dependencies:

 * In distributions that compile Flatpak to use a separate bubblewrap (bwrap)
   executable, either version 0.10.0, version 0.6.x ≥ 0.6.3, or a version
   with a backport of the --bind-fd option is required.
   These versions add a new feature which is required by the security fix
   in this release.

Security fixes:

 * Don't follow symbolic links when mounting persistent directories
   (--persist option). This prevents a sandbox escape where a malicious or
   compromised app could edit the symlink to point to a directory that
   the app should not have been allowed to read or write.
   (CVE-2024-42472, GHSA-7hgv-f2j8-xw87)

Documentation:

 * Mark the 1.12.x and 1.10.x branches as end-of-life (#5352)

Version 1.14.9 was not released due to an incompatibility with older
versions of GLib. Version 1.14.10 replaces it.

Git-EVTag-v0-SHA512: 0e3beba9f136a5b3a242a63bff710f1690ba5c9972621cc3931bd255e85288eee628de83ec04bd277b7cd224b3fa4b375bdac1248fd2f00a38ab3b3c106fec50

flatpak 1.15.10

Dependencies:

 * In distributions that compile Flatpak to use a separate bubblewrap (bwrap)
   executable, version 0.10.0 is required.
   This version adds a new feature which is required by the security fix
   in this release.

Security fixes:

 * Don't follow symbolic links when mounting persistent directories
   (--persist option). This prevents a sandbox escape where a malicious or
   compromised app could edit the symlink to point to a directory that
   the app should not have been allowed to read or write.
   (CVE-2024-42472, GHSA-7hgv-f2j8-xw87)

Documentation:

 * Mark the 1.12.x and 1.10.x branches as end-of-life (#5352)

Other bug fixes:

 * Fix several memory leaks (#5883, #5884)

Internal changes:

 * Record a log file when running build-time tests with
   AddressSanitizer (#5884)

 * Add initial suppressions file for AddressSanitizer (#5884)

Git-EVTag-v0-SHA512: 485fe6c4478c13ef3b36592ce207f93932aaacef5769ecca628dfc9e3a34baaea6d010b1987788d85343aa5ff2138353a45041a63db634b66776c6cb1610f95a

flatpak release 1.14.10-1 for unstable (sid)

(maintainer view tag generated by dgit --quilt=unapplied)

[dgit distro=debian split --quilt=unapplied]

Upstream version 1.14.10

Upstream version 1.15.10

flatpak 1.15.9

Released: 2024-07-22

Dependencies:

 * bubblewrap and xdg-dbus-proxy are now provided by Meson wrap files
   instead of being directly vendored via `git submodule`.
   If downloading external software during build is not allowed in your
   environment, please install suitable versions of bubblewrap and
   xdg-dbus-proxy separately, then configure Flatpak with options similar to
   `-Dsystem_bubblewrap=bwrap -Dsystem_dbus_proxy=xdg-dbus-proxy`
   (most major distributions package it like this already).

Enhancements:

 * If xdg-dbus-proxy is new enough (0.1.6 or later, not yet released),
   allow two broadcast signals from AT-SPI by default, allowing bus
   traffic to be reduced. If xdg-dbus-proxy is older, this change will
   have no practical effect but is harmless. (#5828)

 * Install csh profile snippet (#5753)

Bug fixes:

 * Expand the list of environment variables that Flatpak apps do not
   inherit from the host system (#5765, #5785)

 * Take time zone information from $TZDIR if set (#5850)

 * Fix a memory leak since 1.15.7 when reloading D-Bus configuration (#5856)

 * Fix a memory leak when running `flatpak permissions` (#5844)

 * Fix memory leaks in `flatpak update` (#5816)

 * Fix memory leaks when installing packages (#5811)

 * Use more similar translatable strings for some error messages (#5748)

 * Document `flatpak config --set languages '*all*'` correctly:
   it is really `*all*` (or equivalently `*`), not just `all` (#5836)

 * Fix a misleading comment in the test for CVE-2024-32462 (#5779)

 * Fix a copy/paste error in the 1.15.7 release notes

 * On systems where subdirectories of /sys have been made inaccessible,
   continue without them (#5138)

 * Make tests more compatible with non-GNU shell utilities (#5812)

 * Translation updates: ka (#5873), hi (#5838), pt_BR (#5877), zh_CN (#5843)

Internal changes:

 * libglnx and variant-schema-compiler are now managed as `git subtree`
   instead of `git submodule`.
   Maintainers and contributors, please see `subprojects/README.md` for
   details of how to interact with these.
   In particular this means that submodules no longer need to be set up
   before working on a git clone. (#5800, #5845)

 * Split library code into more, smaller translation units, reducing
   internal circular dependencies (#5409, #5801, #5803)

 * Add some convenience macros in the test suite (#5693)

 * Minor internal robustness improvement (#5833)

 * Add configuration for Github Codespaces (#5767)

 * Improve CI configuration (#5791)

 * Work around infrastructure issues in third-party apt repositories
   used by default in Github Workflows (#5786)

Git-EVTag-v0-SHA512: a94fb9752b94a0f6fb53ac753cd85d82ab74e0f48b4dafecbdda40e02ebe822142f3dfd7a0b5973549a85413978817ffd40f465e7923ee5b7a51c9a2566af9a5

flatpak release 1.15.9-1 for experimental (rc-buggy)

(maintainer view tag generated by dgit --quilt=unapplied)

[dgit distro=debian split --quilt=unapplied]