-
flatpak (1.8.2-2) unstable; urgency=medium
[ Laurent Bigonville ]
* debian/control: Add libmalcontent-0-dev to the build-dependencies.
This provides optional parental controls for app installation and
launching.
[ Simon McVittie ]
* Add Suggests on malcontent-gui
-- Simon McVittie <email address hidden> Sat, 10 Oct 2020 20:10:55 +0100
-
flatpak (1.8.2-1ubuntu0.2) groovy-security; urgency=medium
* SECURITY UPDATE: Flatpak sandbox escape via crafted .desktop file
(LP: #1918482)
- debian/patches/CVE-2021-21381-1.patch: Disallow @@ and @@u usage in
desktop files.
- debian/patches/CVE-2021-21381-2.patch: dir: Reserve the whole @@
prefix.
- debian/patches/CVE-2021-21381-3.patch: dir: Refuse to export
.desktop files with suspicious uses.
- CVE-2021-21381
-- Andrew Hayzen <email address hidden> Wed, 10 Mar 2021 20:54:38 +0000
-
flatpak (1.8.2-1ubuntu0.1) groovy-security; urgency=medium
* SECURITY UPDATE: Flatpak sandbox escape via spawn portal (LP: #1911473)
- debian/patches/CVE-2021-21261-1.patch: common: Add a backport of
G_DBUS_METHOD_INVOCATION_HANDLED.
- debian/patches/CVE-2021-21261-2.patch: run: Convert all environment
variables into bwrap arguments.
- debian/patches/CVE-2021-21261-3.patch: tests: Expand coverage for
environment variable overrides.
- debian/patches/CVE-2021-21261-4.patch: context: Add --env-fd option.
- debian/patches/CVE-2021-21261-5.patch: portal: Convert --env in
extra-args into --env-fd.
- debian/patches/CVE-2021-21261-6.patch: tests: Exercise --env-fd.
- debian/patches/CVE-2021-21261-7.patch: portal: Do not use
caller-supplied variables in environment.
- debian/patches/CVE-2021-21261-8.patch: tests: Assert that --env= does
not go in `flatpak run` or bwrap environ.
- CVE-2021-21261
-- Andrew Hayzen <email address hidden> Fri, 22 Jan 2021 00:59:12 +0000
-
flatpak (1.8.2-1) unstable; urgency=medium
* New upstream release
- Drop patch for #964541, applied upstream
-- Simon McVittie <email address hidden> Tue, 25 Aug 2020 15:57:31 +0100
-
flatpak (1.8.1-2) unstable; urgency=medium
* Include flatpak-bisect and flatpak-coredumpctl in libflatpak-dev
- Depends: python3, to be able to run the scripts themselves
- Recommends: flatpak, for both scripts
- Suggests: gdb and systemd-coredump, for flatpak-coredumpctl
- Suggests: python3-gi and ostree, for flatpak-bisect
* d/p/Fix-argument-order-of-clone-for-s390x-in-seccomp-filter.patch:
Add proposed patch to fix seccomp filtering on s390x.
Thanks to Julian Andres Klode. (Closes: #964541, LP: #1886814)
-- Simon McVittie <email address hidden> Thu, 06 Aug 2020 22:45:21 +0100
-
flatpak (1.8.1-1) unstable; urgency=medium
* New upstream stable release
-- Simon McVittie <email address hidden> Sat, 04 Jul 2020 15:24:14 +0100
-
flatpak (1.8.0-1) unstable; urgency=medium
* New upstream stable release
- Update configure options
- Install gdm env.d fragment, but only as an example file.
It is harmful on systems where environment.d(5) works (in particular
systems using systemd), because it overwrites additions to the
XDG_DATA_DIRS coming from other app frameworks like Snap.
However, using either this fragment or manual configuration might
be necessary on non-systemd systems. See
/usr/share/doc/flatpak/README.Debian for more details.
- d/flatpak.README.Debian: Add
-- Simon McVittie <email address hidden> Thu, 25 Jun 2020 12:26:28 +0100
-
flatpak (1.6.3-1) unstable; urgency=medium
* New upstream stable release
-- Simon McVittie <email address hidden> Tue, 31 Mar 2020 11:56:06 +0100
