-
flatpak (1.12.7-1) unstable; urgency=medium
* New upstream stable release
- Pass through a remote X11 display if the app has --share=network
- Pass through a remote PulseAudio server if the app has --share=network
- WAYLAND_DISPLAY can be an absolute path
- Accept /app/share/metainfo/*.xml exports from apps that were built
with Flatpak 1.13.x
- Automatically set up /var/lib/flatpak/repo if required
- Work around a bug in libostree < 2021.6 when used with GLib >= 2.71
- Fix some memory leaks in GVariant data processing
* d/gbp.conf: Use upstream/1.12.x branch for upstream imports
* d/watch: Only watch for upstream stable releases
-- Simon McVittie <email address hidden> Mon, 14 Mar 2022 17:37:10 +0000
-
flatpak (1.12.6-1) unstable; urgency=medium
* New upstream stable release
- Better robustness against downloads being interrupted or cancelled
- Detect the GTK theme more reliably
- Fix history command unit test when not using persistent systemd journal
- Translation update: pt_BR
-- Simon McVittie <email address hidden> Tue, 22 Feb 2022 10:58:48 +0000
-
flatpak (1.12.5-1) unstable; urgency=medium
* New upstream stable release
- Don't propagate GStreamer-related environment variables into sandbox
- Fix regressions in `flatpak history` since 1.9.1
- Remove temporary files from /var/lib/flatpak/appstream
* Stop installing flatpak-bisect and flatpak-coredumpctl as examples.
Since 1.8.1-2 they're installed into PATH, in libflatpak-dev.
* d/flatpak.docs: Use debhelper 11 dh_installdoc instead of dh-exec
-- Simon McVittie <email address hidden> Fri, 11 Feb 2022 17:16:22 +0000
-
flatpak (1.12.4-1) unstable; urgency=medium
* New upstream stable release
* Alter the solution to CVE-2022-21682 to avoid regressions:
- Revert semantics of --nofilesystem=host to be the same as 1.12.2
- Revert semantics of --nofilesystem=home to be the same as 1.12.2
- Add --nofilesystem=host:reset which means the same thing that
--nofilesystem=host did in 1.12.3
- Users of flatpak-builder should update it to 1.2.2 to resolve
CVE-2022-21682
* Other bug fixes:
- Clarify documentation related to CVE-2022-21682
- Improve test coverage related to CVE-2022-21682
- Restore compatibility with older appstream-glib versions, for backports
* Set high urgency to resolve regressions in 1.12.3
-- Simon McVittie <email address hidden> Tue, 18 Jan 2022 18:01:05 +0000
-
flatpak (1.12.3-1) unstable; urgency=high
* New upstream stable release
* Security fixes:
- Prevent a malicious repository from arranging for permissions to be
granted without being correctly displayed during installation
(CVE-2021-43860, GHSA-qpjc-vq3c-572j)
- Prevent a malicious build in flatpak-builder creating directories
outside the build directory (GHSA-8ch7-5j3h-g4fx)
* Behaviour changes, as a result of how GHSA-8ch7-5j3h-g4fx was fixed:
- --nofilesystem=host is now special-cased to negate all --filesystem
permissions. Previously, it would cancel out --filesystem=host but
not --filesystem=/some/dir.
- --nofilesystem=home is now special-cased to negate several
home-directory-related filesystem permssions such as
--filesystem=xdg-config/foo, not just --filesystem=host.
* Other bug fixes:
- Extra-data downloading now properly handles compressed
content-encodings, which fixes checksum verification
- Avoid unnecessary polkit prompt due to auto-pinning when installing
runtimes
- Better handling of updates of extensions that exist in multiple
repositories
- Fixed (initial) installation of apps with renamed app-IDs
- Support more pulseaudio configuration, including the one used in WSL2
- Fixed regression in updates from no-enumerate remotes
- We now verify checksums of summary caches, to better handle local file
corruption
- Improved CLI output for non-terminal targets
- Flatpak run --session-bus now works
- Fix build with PyParsing >= 3.0.4
- bash auto completion now doesn't complete on command name aliases
- Minor improvements to the search command
- Minor improvements to the list command
- Minor improvements to the repair command
- Add more tests
- Updated translations and docs
* d/copyright: Update
-- Simon McVittie <email address hidden> Wed, 12 Jan 2022 13:33:12 +0000
-
flatpak (1.12.2-2) unstable; urgency=medium
* flatpak Recommends xdg-user-dirs.
If we don't have this, the XDG special directories for documents, music,
downloads etc. will not be listed in ~/.config/user-dirs.dirs unless
configured manually; this means that app permissions that would normally
share those directories with the host, such as --filesystem=xdg-download,
will have no practical effect. (Closes: #1000609)
* Build/test-depend on dbus-daemon.
We don't necessarily need a full implementation for the unit tests, but
we do need to be able to run dbus-daemon --session.
* Depend on default-dbus-system-bus | dbus-system-bus instead of dbus.
Any implementation of the system bus will do.
* Adjust Lintian overrides for current Lintian
-- Simon McVittie <email address hidden> Mon, 13 Dec 2021 13:22:23 +0000
-
flatpak (1.12.2-1) unstable; urgency=medium
* New upstream stable release
- Better diagnostic messages if libseccomp calls fail
- Install translations referenced by LANG, LANGUAGE or LC_ALL,
fixing test failures in 1.12.0+ on older distributions
- Update Polish translation
* d/p/Fix-handling-of-syscalls-only-allowed-by-devel.patch:
Drop patch, applied upstream
-- Simon McVittie <email address hidden> Tue, 12 Oct 2021 11:54:06 +0100
-
flatpak (1.10.2-3) unstable; urgency=medium
* d/patches: Align with upstream flatpak-1.10.x branch, making this
effectively a release candidate for upstream stable release 1.10.3
- d/patches: Update metadata to reflect upstream flatpak-1.10.x branch.
All the patches we apply in Debian are expected to be released in
1.10.3 upstream, but not all were annotated to reflect this.
- d/p/system-helper-Fix-deploys-of-local-remotes.patch:
Fix some failures to update in GNOME Software and the unit tests.
This change was previously applied in Ubuntu's flatpak_1.10.2-1ubuntu1
to fix a unit test failure, possibly triggered by a newer version of
GLib. It has also been reported to fix a failure to upgrade Flatpak
apps using GNOME Software, this time in Fedora.
- d/p/create-usb-Skip-copying-extra-data-flatpaks.patch:
Skip flatpaks with "extra-data" when using `flatpak create-usb`.
This command is intended to create USB drives that can be
used to install Flatpak apps and/or runtimes while offline,
but the "extra-data" feature downloads extra content for an app
or runtime at install time, as a way to automate installation of
data that can be re-downloaded by end users but is not licensed
for redistribution by Flatpak repositories. Such apps and runtimes
would fail to install while offline.
- d/p/series: Re-order patches to match upstream flatpak-1.10.x branch
-- Simon McVittie <email address hidden> Sun, 25 Jul 2021 20:44:58 +0100