Bug fixes:

• Fix logic error when migrating AppStream XML
• Improve error-checking
• Fix various memory and file descriptor leaks, in particular with
  flatpak-spawn --env=...
• Fix fd confusion in flatpak-spawn --env=... --forward-fd=..., which
  caused "Steam Linux Runtime" containers to fail to start
• Avoid a crash when looking up summary for a ref without an arch
• Improve handling of refs belonging to more than one architecture,
  e.g. for cross-compilation
• Don't abort uninstall if deploy metadata is missing
• Don't fail transaction if searching for dependencies fails in one remote
• Fix test failure when running tests as root
• Improve error message for 'sudo flatpak run'

Internal changes:

• Improve printf format string validation
• Improve test coverage
• Reduce risk of accidentally hard-coding x86 in the tests

Translation updates: Danish, Indonesian, Russian

$ sha256sum flatpak-1.11.2.tar.xz 
8799cf835d8b11deef5495a91a4cef258d882417c4483fbd594a2c7cc79b6684  flatpak-1.11.2.tar.xz

This is the first unstable release in the series that will lead to 1.12.

New features:

• All instances of the same app-ID share their /tmp directory
• All instances of the same app-ID share their $XDG_RUNTIME_DIR
• Instances of the same app-ID can optionally share their /dev/shm directory
  (enabled by a new --allow flag, --allow=per-app-dev-shm)
• Allow a subsandbox to have a different /usr and/or /app.
  Steam will use this to launch games with its own container runtime
  as /usr (the "Steam Linux Runtime" mechanism).
• enter: Improve support for TUI programs like gdb
• build-update-repo: Add a higher-performance reimplementation of
  ostree prune specialized for archive-mode repositories

Bug fixes:

• Fix deploys of local remotes in system-helper
• Fix test failures on non-x86_64 systems
• Fix two intermittent test failures
• Make polkit queries non-interactive when operating in non-interactive mode
• Use a local main-context when using libsoup in a thread
• create-usb: Skip copying extra-data flatpaks
• OCI: Switch to pax-format tar archives
• history: Handle transaction log entries with empty REF field
• portal: Fix flatpak-spawn --clear-env on OSs where flatpak is not on
  the fallback PATH, such as NixOS
• Fix various issues detected by scan-build

Internal changes:

• Use GNU bison to build parse-datetime.y
• Add information about security support and security vulnerability
  reporting (see SECURITY.md)
• Move all git submodules into subprojects/ directory
• Several sockets are now created in /run/flatpak in the sandbox, with
  symbolic links in $XDG_RUNTIME_DIR

$ sha256sum flatpak-1.11.1.tar.xz   
a21ce530496a394227719dfbe4340c64b6ccc09e193c9a63d2856c83bbccbce5  flatpak-1.11.1.tar.xz

This is a security update which fixes a potential attack where
a flatpak application could use custom formated .desktop files to
gain access to files on the host system.

Other changes:

• Fix memory leaks
• Some test fixes
• Documentation updates
• G_BEGIN/END_DECLS added to library headders for c++ use
• Fix for X11 cookies on OpenSUSE
• Spawn portal better handles non-utf8 filenames

$ sha256sum flatpak-1.10.2.tar.xz 
db152739d072f8ff299e4e888d8963a1b4538da7b10e0b86525be438f2e1dde4  flatpak-1.10.2.tar.xz

Changes in 1.10.1

• Fix flatpak build on systems with setuid bwrap
• Fix some compiler warnings
• Add --enable-asan configure option
• Fix crash on updating apps with no deploy data
• Update translations

$ sha256sum flatpak-1.10.1.tar.xz 
c1354f42bf3b5d51aeb4028c9b62fd4ffc673ef2ff6e583c17777f5dafdbdcb7  flatpak-1.10.1.tar.xz

This is the first stable release after the 1.9.x unstable series.
The major new feature in this series compared to 1.8 is the support
for the new repo format which should make updates faster and download
less data.

This release also contains the security fixes from 1.8.5, so everyone
on the 1.9.x series should update immediately.

Other changes since 1.9.3:

• The systemd generator snippets now call flatpak --print-updated-env
  in place of a bunch of shell for better login performance.
• The .profile snippets now disable GVfs when calling flatpak to
  avoid spawning a gvfs daemon when logging in via ssh.
• Build fixes for GCC 11.
• Flatpak now finds the pulseaudio sockets better in uncommon
  configurations.
• Sandboxes with network access it now also has access to the
  systemd-resolved socket to do dns lookups.
• Flatpak supports unsetting env vars in the sandbox using --unset-env,
  and --env=FOO= now sets FOO to the empty string instead of
  unsetting it.
• Similarly the spawn portal has an option to unset an env var.
• The spawn portal now has an option to share the pid namespace
  with the sub-sandbox.

$ sha256sum flatpak-1.10.0.tar.xz 
c70215792b7cbece83c489dab86adc9bfaf9b140c506affe2a48c92afa3d69b7  flatpak-1.10.0.tar.xz

This is a security update that fixes a sandbox escape where a
malicious application can execute code outside the sandbox
by controlling the environment of the "flatpak run" command
when spawning a sub-sandbox.

See the advisory for details:
GHSA-4ppf-fxf6-vxg2

$ sha256sum flatpak-1.8.5.tar.xz 
338dc47398ef0b9bd95d14b6a321f6ee4d9ae53fdb06dc0f8901d6440319d47c  flatpak-1.8.5.tar.xz

I expect this to be the final 1.9.x release, and we can expect 1.10.0
early next year, containing basically what's in this release in terms
of features.

A minor change in the new indexed summary format in this release. The
gpg signature of the summary index is now stored in a filename indexed
by the checksum of the index rather than a static filename. This fixes
an update race between clients accessing the two files during and update.
It also helps in keeping mirrors and cached coherent. The old filename
is still created/used for backwards compat with 1.9.1, but may go
away in the future.

Other changes:

• --filesystem=host now exposed /var/usrlocal (as seen on ostree)
• Better error messages in flatpak portal.
• Rebases during update now install the new app before uninstalling
  the old, which means failure during the first doesn't leave the app
  uninstalled.
• flatpak_installation_list_installed_refs_for_update() now handles
  some case better when apps in the user installation depends on
  runtimes in the system installation.
• New version of the deploy files which guarantees the existance of
  a bit more data. This is useful for eol detection of apps that were
  installed with previous flatpak versions.
• Some corner cases when installing an app with extra-data into a nonstandard
  installation were fixed.
• Fixed crashed when killing and entering running instance that have
  was running a runtime, not an app.
• The root user can now bypass parental controls.
• Some fixes to library annotations.
• Updated translations

$ sha256sum flatpak-1.9.3.tar.xz 
8cd4c372d2b962ec0ba3abbbef0d42c85aa4590bdd57b08094f7fd2d51f9a73c  flatpak-1.9.3.tar.xz

Changes in this release:

• Fix support for ppc64

$ sha256sum flatpak-1.8.4.tar.xz 
3066af9a4504d36754ea0b4cd7a32a84743894563e6c9aa2a3134f812b3ccf27  flatpak-1.8.4.tar.xz

• Some build fixes on non-x86-64 arches
• Fix permission issue in endless installer
• Fixed a bug where flatpak was accidentally clearing the summary cache
  during updates in the user installation.
• Fix handling of the multiarch permission.,
• Add back the commit timestamp to the summary file.

$ sha256sum flatpak-1.9.2.tar.xz 
7c0425fb64c63cded58251c237130049ffee91ea050ae55296d1bae017767253  flatpak-1.9.2.tar.xz

This is the first unstable release in the series that will lead to
1.10. The main change in this version is a new format for the summary
file used when accessing an OSTree repository on the network. For this
reason we now require OSTree version 2020.8.

The new format should make getting the initial metadata required for
most flatpak operations much faster, and use less network
bandwidth. This will allow repositories to scale to more apps and more
architectures without affecting clients. The old format is still
generated for compatibility with older clients.

The new format also allows repositories to publish named subsets, and
for clients to declare that they only want to see that subset. The
goal here is to allow for example flathub to mark all FOSS apps, and
make it possible for users to use a flathub-foss remote without
flathub having to maintain two duplicated repositories. This is
accessible by passing --subset=SUBSET to the build-commit-from and
build-export commands.

The new repo option flatpak.summary-arches controls which architectures
are put in the old format summary. This can be used to avoid newly added
architectures making old clients slower, at the cost of requiring a newer
flatpak client version for the new architecture.

Other major changes

• There is a new flatpak pin command that lets you pin runtimes
  so that they are not considered unused. Also, we now by default pin
  runtimes that are installed explicitly (i.e. not as a dependency of an
  app).
• During a regular update or uninstall of an app, if the operation
  makes a previously used runtime unused, and the runtime is marked
  as end-of-lifed, then the runtime is automatically uninstalled.
• During flatpak update (i.e. with no specific app given) flatpak
  now automatically adds uninstall operations for end-of-life runtimes
  that are unused.
• The end-of-life warnings in the flatpak CLI are now better, showing
  more useful details (like version and what apps are using the runtime)
  and less unuseful details.
• Some changes was made in which dconf paths were considered "similar"
  to the app id, allowing for example org.gnome.SoundJuicer to
  migrate from /org/gnome/sound-juicer.
• Flatpak run now implements the new standard for os-release in containers
  (https://www.freedesktop.org/software/systemd/man/os-release.html).
• There is now a tcsh profile snippet
• The origin remote for an app is now prioritized over other remotes with
  the same priority when looking for dependencies.
• We now allow extra-data apply_extra processes to run multiarch code.
• A new internal representation for ostree ref strings was added which
  is more efficient. This should not affect the behaviour of flatpak
  but the large amounts of changes to use this may have accidentally
  introduced regressions.
• Some fixes to the in-memory summary cache make it more efficient.
• --filesystem=/ is now explicitly forbidden as it doesn't work (and never
  did).
• Flatpak install/update now only prints (partial) for an update that
  actually is partial (not just for all locales).
• Flatpak remote-ls on a file: uri (for example a sideloaded repo) now
  correctly lists the refs in the repo.
• New library APIS: flatpak_installation_list_pinned_refs,
  flatpak_transaction_set_disable_auto_pin,
  flatpak_transaction_set_include_unused_uninstall_ops,
  flatpak_transaction_operation_get_subpaths,
  flatpak_transaction_operation_get_requires_authentication.
• flatpak_installation_list_installed_refs_for_update() now returns
  refs that have a end-of-life rebase that it could be updated to.
• There is a new ready-pre-auth signal in FlatpakTransaction allowing
  clients new ways to handling authentication.
• Fix bug where extension sources were sometimes auto-installed

$ sha256sum flatpak-1.9.1.tar.xz 
fbac3c49beba82a18bfd0404801f89b9cf71ee713aab76a8d0176f46d967e8ed  flatpak-1.9.1.tar.xz