Tags

flatpak Debian release 1.15.10-1

flatpak 1.14.10

Dependencies:

 * In distributions that compile Flatpak to use a separate bubblewrap (bwrap)
   executable, either version 0.10.0, version 0.6.x ≥ 0.6.3, or a version
   with a backport of the --bind-fd option is required.
   These versions add a new feature which is required by the security fix
   in this release.

Security fixes:

 * Don't follow symbolic links when mounting persistent directories
   (--persist option). This prevents a sandbox escape where a malicious or
   compromised app could edit the symlink to point to a directory that
   the app should not have been allowed to read or write.
   (CVE-2024-42472, GHSA-7hgv-f2j8-xw87)

Documentation:

 * Mark the 1.12.x and 1.10.x branches as end-of-life (#5352)

Version 1.14.9 was not released due to an incompatibility with older
versions of GLib. Version 1.14.10 replaces it.

Git-EVTag-v0-SHA512: 0e3beba9f136a5b3a242a63bff710f1690ba5c9972621cc3931bd255e85288eee628de83ec04bd277b7cd224b3fa4b375bdac1248fd2f00a38ab3b3c106fec50

flatpak 1.15.10

Dependencies:

 * In distributions that compile Flatpak to use a separate bubblewrap (bwrap)
   executable, version 0.10.0 is required.
   This version adds a new feature which is required by the security fix
   in this release.

Security fixes:

 * Don't follow symbolic links when mounting persistent directories
   (--persist option). This prevents a sandbox escape where a malicious or
   compromised app could edit the symlink to point to a directory that
   the app should not have been allowed to read or write.
   (CVE-2024-42472, GHSA-7hgv-f2j8-xw87)

Documentation:

 * Mark the 1.12.x and 1.10.x branches as end-of-life (#5352)

Other bug fixes:

 * Fix several memory leaks (#5883, #5884)

Internal changes:

 * Record a log file when running build-time tests with
   AddressSanitizer (#5884)

 * Add initial suppressions file for AddressSanitizer (#5884)

Git-EVTag-v0-SHA512: 485fe6c4478c13ef3b36592ce207f93932aaacef5769ecca628dfc9e3a34baaea6d010b1987788d85343aa5ff2138353a45041a63db634b66776c6cb1610f95a

flatpak release 1.14.10-1 for unstable (sid)

(maintainer view tag generated by dgit --quilt=unapplied)

[dgit distro=debian split --quilt=unapplied]

Upstream version 1.14.10

Upstream version 1.15.10

flatpak 1.15.9

Released: 2024-07-22

Dependencies:

 * bubblewrap and xdg-dbus-proxy are now provided by Meson wrap files
   instead of being directly vendored via `git submodule`.
   If downloading external software during build is not allowed in your
   environment, please install suitable versions of bubblewrap and
   xdg-dbus-proxy separately, then configure Flatpak with options similar to
   `-Dsystem_bubblewrap=bwrap -Dsystem_dbus_proxy=xdg-dbus-proxy`
   (most major distributions package it like this already).

Enhancements:

 * If xdg-dbus-proxy is new enough (0.1.6 or later, not yet released),
   allow two broadcast signals from AT-SPI by default, allowing bus
   traffic to be reduced. If xdg-dbus-proxy is older, this change will
   have no practical effect but is harmless. (#5828)

 * Install csh profile snippet (#5753)

Bug fixes:

 * Expand the list of environment variables that Flatpak apps do not
   inherit from the host system (#5765, #5785)

 * Take time zone information from $TZDIR if set (#5850)

 * Fix a memory leak since 1.15.7 when reloading D-Bus configuration (#5856)

 * Fix a memory leak when running `flatpak permissions` (#5844)

 * Fix memory leaks in `flatpak update` (#5816)

 * Fix memory leaks when installing packages (#5811)

 * Use more similar translatable strings for some error messages (#5748)

 * Document `flatpak config --set languages '*all*'` correctly:
   it is really `*all*` (or equivalently `*`), not just `all` (#5836)

 * Fix a misleading comment in the test for CVE-2024-32462 (#5779)

 * Fix a copy/paste error in the 1.15.7 release notes

 * On systems where subdirectories of /sys have been made inaccessible,
   continue without them (#5138)

 * Make tests more compatible with non-GNU shell utilities (#5812)

 * Translation updates: ka (#5873), hi (#5838), pt_BR (#5877), zh_CN (#5843)

Internal changes:

 * libglnx and variant-schema-compiler are now managed as `git subtree`
   instead of `git submodule`.
   Maintainers and contributors, please see `subprojects/README.md` for
   details of how to interact with these.
   In particular this means that submodules no longer need to be set up
   before working on a git clone. (#5800, #5845)

 * Split library code into more, smaller translation units, reducing
   internal circular dependencies (#5409, #5801, #5803)

 * Add some convenience macros in the test suite (#5693)

 * Minor internal robustness improvement (#5833)

 * Add configuration for Github Codespaces (#5767)

 * Improve CI configuration (#5791)

 * Work around infrastructure issues in third-party apt repositories
   used by default in Github Workflows (#5786)

Git-EVTag-v0-SHA512: a94fb9752b94a0f6fb53ac753cd85d82ab74e0f48b4dafecbdda40e02ebe822142f3dfd7a0b5973549a85413978817ffd40f465e7923ee5b7a51c9a2566af9a5

flatpak release 1.15.9-1 for experimental (rc-buggy)

(maintainer view tag generated by dgit --quilt=unapplied)

[dgit distro=debian split --quilt=unapplied]

Upstream version 1.15.9

flatpak release 1.14.8-1~deb12u1 for bookworm (bookworm)

(maintainer view tag generated by dgit --quilt=unapplied)

[dgit distro=debian split --quilt=unapplied]

flatpak release 1.14.8-1 for unstable (sid)

(maintainer view tag generated by dgit --quilt=unapplied)

[dgit distro=debian split --quilt=unapplied]

Upstream version 1.14.8

1.14.8

Upstream version 1.14.7

1.14.7

flatpak release 1.14.4-1+deb12u1~bpo11+1 for bullseye-backports (bullseye-backports)

(maintainer view tag generated by dgit --quilt=unapplied)

[dgit distro=debian split --quilt=unapplied]

flatpak release 1.14.6-1~deb13u1 for trixie (trixie)

(maintainer view tag generated by dgit --quilt=unapplied)

[dgit distro=debian split --quilt=unapplied]

flatpak Debian release 1.10.8-0+deb11u2

flatpak Debian release 1.14.4-1+deb12u1

flatpak 1.10.9

Security fixes:

 * Don't allow an executable name to be misinterpreted as a command-line
   option for bwrap(1). This prevents a sandbox escape where a malicious
   or compromised app could ask xdg-desktop-portal to generate a .desktop
   file with access to files outside the sandbox. (CVE-2024-32462)

Git-EVTag-v0-SHA512: a14f1fc0bbd96b9f8bb7dd4f6c1c7fc33e18db4865d185f9b16a46a76a28830ce54002d67afd95a3ce69e1f35d45a45109b8f58d871b267cf5c4802509b9847f