Skip to content

Tags: flatpak/flatpak

Tags

1.14.4

Toggle 1.14.4's commit message 
flatpak 1.14.4

Security fixes:

* Escape special characters when displaying permissions and metadata,
  preventing malicious apps from manipulating the appearance of the
  permissions list using crafted metadata (CVE-2023-28101).

* If a Flatpak app is run on a Linux virtual console (tty1, tty2, etc.),
  don't allow copy/paste via the TIOCLINUX ioctl (CVE-2023-28100).
  Note that this is specific to virtual consoles: Flatpak is not
  vulnerable to this if run from a graphical terminal emulator such as
  xterm, gnome-terminal or Konsole.

Other bug fixes:

* Translation update: pl

Git-EVTag-v0-SHA512: a83091c2a471dbb072f231e53ebe24edab3ecfdfd99fdbc6aa2d11a56441fe8117f01a3c6244e83cac7a603273e338309c72e527badf86c4ab2e0c8471a86b8e

1.12.8

Toggle 1.12.8's commit message 
flatpak 1.12.8

Security fixes:

* Escape special characters when displaying permissions and metadata,
  preventing malicious apps from manipulating the appearance of the
  permissions list using crafted metadata (CVE-2023-28101).

* If a Flatpak app is run on a Linux virtual console (tty1, tty2, etc.),
  don't allow copy/paste via the TIOCLINUX ioctl (CVE-2023-28100).
  Note that this is specific to virtual consoles: Flatpak is not
  vulnerable to this if run from a graphical terminal emulator such as
  xterm, gnome-terminal or Konsole.

Other bug fixes:

* Update the SELinux module to explicitly permit the system helper have read
  access to /etc/passwd and systemd-userdbd, read and lock access to
  /var/lib/flatpak, and watch files inside $libexecdir
  (#4852, #4855, #4892; Red Hat #2071217, #2071215, #2070741,
  #2053634, #2070350)
* If an app update is blocked by parental controls policies, clean up the
  temporary deploy directory (#5146)
* Fix Autotools build with versions of gpgme that no longer provide
  gpgme-config(1) (#5173)
* Remove some unreachable code (Coverity: CID 1514265)
* Add missing handling for some D-Bus errors

Git-EVTag-v0-SHA512: b8360cfc1de210ab96fd73547a1c6c99e4b75a9baa9485b8edb8b88300524132598f3b645a04b649a67a11f2e51846579f9886e000e7940686f60b6411627103

1.10.8

Toggle 1.10.8's commit message 
flatpak 1.10.8

Security fixes:

 * Escape special characters when displaying permissions and metadata,
   preventing malicious apps from manipulating the appearance of the
   permissions list using crafted metadata (CVE-2023-28101).

 * If a Flatpak app is run on a Linux virtual console (tty1, tty2, etc.),
   don't allow copy/paste via the TIOCLINUX ioctl (CVE-2023-28100).
   Note that this is specific to virtual consoles: Flatpak is not
   vulnerable to this if run from a graphical terminal emulator such as
   xterm, gnome-terminal or Konsole.

Other bug fixes:

 * If an app update is blocked by parental controls policies, clean up the
   temporary deploy directory (#5146)
 * Fix Autotools build with versions of gpgme that no longer provide
   gpgme-config(1) (#5173)
 * Fix regressions in `flatpak history` since 1.9.1
   - Don't display the appstream branch used internally
   - Don't display temporary repositories used internally
   - Ignore transaction log entries with empty REF field
   - Warn instead of failing if other non-app, non-runtime refs are found
   - Don't set up an unnecessary polkit agent for `flatpak history`
   - Add test coverage
 * Fix a typo in an error message
 * Fix incorrect year in NEWS for 1.10.7 release
 * Translation update: pl
 * Add test coverage for Flatpak's seccomp filters

Git-EVTag-v0-SHA512: 8962500582d542dbbc332ba8fe43866bf57f7d18873edba13dfdc83e7eeb67bb4ed4f0d3688f6978cbfad80709ebdfc0f03826b873027936b259f1b1fd0da2f5

1.14.3

Toggle 1.14.3's commit message 
flatpak v1.14.3

Bug fixes:

* When splitting an upgrade into two steps (download without installing, and
  then upgrade without allowing further downloads) like GNOME Software does,
  if an app is marked EOL and superseded by a replacement, don't remove the
  superseded app in the first step, which would result in the replacement
  incorrectly not being installed (#5172)
* Fix a crash when `--socket=gpg-agent` is used (#5095)
* Fix a crash when listing apps if one of them is broken or misconfigured
  (#5293)
* If an app has invalid syntax in its overrides or metadata, mention the
  filename in the error message (#5293)
* Unset `$GDK_BACKEND` for apps, ensuring GTK apps with `--socket=fallback-x11`
  can work (#5303)
* Never try to export a parent of reserved directories as a `--filesystem`,
  for example `/run`, which would prevent the app from starting (#5205, #5207)
* Never try to export a `--filesystem` below `/run/flatpak` or `/run/host`,
  which could similarly prevent the app from starting
* The above change also fixes apps not starting if a `--filesystem` is a
  symlink to the root directory (#1357)
* Show a warning when the `--filesystem` exists but cannot be shared with
  the sandbox (#1357, #5035, #5205, #5207)

Git-EVTag-v0-SHA512: c87becc8f0d6650a0904cc46db572ce71f2ec0a2098425caa5ba604d0b4395c160f4760a33b252a29e22fbb2b8db14aefd224721dfb26c536f2db41f781d4d28

1.15.3

Toggle 1.15.3's commit message 
flatpak 1.15.3

Build system:

* Building this version of Flatpak with Meson is recommended. The source
  release flatpak-1.15.3.tar.xz no longer contains Autotools-generated
  files, although this version can still be built using Autotools after
  running `./autogen.sh`. Future versions are likely to remove the
  Autotools build system.

Bug fixes:

* When splitting an upgrade into two steps (download without installing, and
  then upgrade without allowing further downloads) like GNOME Software does,
  if an app is marked EOL and superseded by a replacement, don't remove the
  superseded app in the first step, which would result in the replacement
  incorrectly not being installed (#5172)
* Fix a crash when --socket=gpg-agent is used (#5095)
* Fix a crash when listing apps if one of them is broken or misconfigured
  (#5293)
* If an app has invalid syntax in its overrides or metadata, mention the
  filename in the error message (#5293)
* Unset $GDK_BACKEND for apps, ensuring GTK apps with --socket=fallback-x11
  can work (#5303)
* Fix a deprecation warning when compiled with curl >= 7.85 (#5284)
* Translation updates: es, ru (#5266, #5312, #5313)

Internal changes:

* Better diagnostic messages for why runtimes are or are not considered
  unused (#5237)

Git-EVTag-v0-SHA512: a440a346d1107375245c3013c6b2d044eb187302bc6e4d1db66ec8c7b1a2353ee5b5edf8779d9378ea5c482619c40f003ccd7a3d9825a45f99ae356ac3db2a16

1.15.2

Toggle 1.15.2's commit message 
flatpak 1.15.2

Bug fixes:

* Never try to export a parent of reserved directories as a --filesystem,
  for example /run, which would prevent the app from starting (#5205, #5207)
* Never try to export a --filesystem below /run/flatpak or /run/host,
  which could similarly prevent the app from starting
* The above change also fixes apps not starting if a --filesystem is a
  symlink to the root directory (#1357)
* Show a warning when the --filesystem exists but cannot be shared with
  the sandbox (#1357, #5035, #5205, #5207)
* Display the intended messages for `flatpak repair` (#5204)
* Exporting an app to an existing repository on a CIFS filesystem
  now works as intended (#5257)
* Unset $GIO_EXTRA_MODULES for apps, avoiding misbehaviour in some GLib
  apps when set to a path on the host (#5206)
* Unset $XKB_CONFIG_ROOT for apps, avoiding crashes in GTK and Qt apps
  under Wayland when this variable is set to a path not available in the
  sandbox (#5194)
* When using the fish shell, avoid duplicate XDG_DATA_DIRS entries if the
  profile script is sourced more than once (#5198)
* Update included copy of bubblewrap to 0.7.0 for better error messages
* Install SELinux files correctly when building with Meson
* Translation updates: ru, tr (#5256, #5262)

Internal changes:

* Update included copy of libglnx
* flatpak -v now uses the INFO log level, and flatpak -vv uses the
  DEBUG log level in the flatpak log domain. Previously, the extra
  messages that were logged by flatpak -vv were in a separate "flatpak2"
  log domain. G_MESSAGES_DEBUG=flatpak previously had an effect similar to
  flatpak -v, and is now more similar to flatpak -vv. (#5001)

Git-EVTag-v0-SHA512: 1f4eb9112c79cbd33fe8a4d9ac9f3cadbcdae0bd02ae5361588e6fb37eae41ffcebe466c204f531fbc69012aadc86268c588d20507e10fab99e7bca0c19f29b2

1.14.2

Toggle 1.14.2's commit message 
flatpak 1.14.2

Bug fixes:

* Display the intended messages for `flatpak repair` (#5204)
* Exporting an app to an existing repository on a CIFS filesystem
  now works as intended (#5257)
* Unset $GIO_EXTRA_MODULES for apps, avoiding misbehaviour in some GLib
  apps when set to a path on the host (#5206)
* Unset $XKB_CONFIG_ROOT for apps, avoiding crashes in GTK and Qt apps
  under Wayland when this variable is set to a path not available in the
  sandbox (#5194)
* Unset $KRB5CCNAME for apps
* When using the fish shell, avoid duplicate XDG_DATA_DIRS entries if the
  profile script is sourced more than once (#5198)

Internal changes:

* The INFO log level is now treated the same as the DEBUG log level
  by `flatpak -v`, to make backports from 1.15.x simpler

Git-EVTag-v0-SHA512: 4105887de752427fab1a5e08ca870b2d4d0b06b26588e4755aaba907a96d0693e1249bedf10013f09bbbfa6db34b29b503056f0ccf0ea385cf4c05c6fb49f12f

1.14.1

Toggle 1.14.1's commit message 
flatpak 1.14.1

New features:

* Add a httpbackend variable to flatpak.pc, allowing dependent projects
  like GNOME Software to detect whether they are compatible with libflatpak
  (#5054)

Bug fixes:

* Terminate the flatpak-session-helper and flatpak-portal services when the
  session ends, so that applications will not inherit outdated Wayland
  and X11 socket addresses (#5068)
* When using `fish` shell, don't overwrite a previously-set XDG_DATA_DIRS
  (#5123)
* Don't try to enable HTTP 2 if linked to a libcurl version that doesn't
  support it (#5074)
* Stop systemd reporting the session-helper as failed when terminated by
  a signal (#5129)
* Fix a warning when listing a document with no permissions (#5055)
* Fix compilation with GLib 2.66.x (as used in Debian 11) (#5062)
* Fix compilation with GLib 2.58.x (as used in Debian 10) (#5066)
* Fix a compiler warning on 32-bit architectures (#5148)
* If an app update is blocked by parental controls policies, clean up the
  temporary deploy directory (#5146)
* Fix Autotools build with versions of gpgme that no longer provide
  gpgme-config(1) (#5173)
* When building with Autotools, be more consistent about applying compiler
  warning flags (#5149)
* Unset $TEMP, $TEMPDIR and $TMP for apps, the same as $TMPDIR (#5168)
* Treat /efi the same as /boot/efi (#5155)
* Make generated files more reproducible (#5085)
* Translation updates: cs, id, pl, pt_BR (#5052, #5056, #5059, #5126)

Internal changes:

* Update project logo in README (#5119)

Git-EVTag-v0-SHA512: 50f6c1134c20a8f0c676a36bebd2e2782fa8f52490365ab0a96c24981fd1ccf0bbbe5370decfc0782af04f0299a10481656a12d5f826616bf94ec0ae9f45f8bd

1.15.1

Toggle 1.15.1's commit message 
flatpak 1.15.1

Dependencies:

* When building with Meson, gpgme 1.8.0 is now required.
  Older versions can still be used by building with Autotools.

Features:

* If an old temporary deploy directory was leaked by versions before #5146,
  clean it up the next time the same app is updated (#5164)

Bug fixes:

* If an app update is blocked by parental controls policies, clean up the
  temporary deploy directory (#5146)
* Fix Autotools build with versions of gpgme that no longer provide
  gpgme-config(1) (#5173)
* Fix a possible parallel build failure with Meson (#5165)
* Fix a compiler warning on 32-bit architectures (#5148)
* When building with Autotools, be more consistent about applying compiler
  warning flags (#5149)
* Unset $TEMP, $TEMPDIR and $TMP for apps, the same as $TMPDIR (#5168)
* Treat /efi the same as /boot/efi (#5155)

Git-EVTag-v0-SHA512: 7afbdf3846d86e1e1b5459e71ee499ee338068a6929203c151705a9da5d117efe4fb752fc9d2a17610fa034aec6c7326a0f43482663b5971f9e80757dad9393b

1.15.0

Toggle 1.15.0's commit message 
Release 1.15.0

Git-EVTag-v0-SHA512: 7fc9ef19f4ca039da10340b26b78bf3f904bd0822d5e113770be2ee8ad9a9307004058d23a9eca9ff7f15283564ef4ca54d86140a8b3a8abc25f5b225786c0fb