Tags: faan11/flatpak
Tags
Release 1.13.1 Git-EVTag-v0-SHA512: 77712b5314d0948a29b3ca6fe31d201cd3a586adac8503cb86835877d3b050c31e8de86edb657903d0b8d116bbd8a4be0ea02f49dec592b17fca3892d4878677 ExtendedVerify-SHA256-archive-tar: 64c5a8fc86977186973604b46a5e59aa1d06674f0992251fe9a61af91446bd37 ExtendedVerify-git-version: git version 2.35.1
Release 1.12.6 Git-EVTag-v0-SHA512: 2ab688b65945500ae9868fc8ccac1cdcd9c52f6c43d696b32afd9c2dc494a642569f91b5dff2a57576f156d15c2c4a80be04aea60a57c16e14c12f20441aca57 ExtendedVerify-SHA256-archive-tar: 578d364c2baeda8262f496ff025810b1f1d7bdd7d3b41f765b2f16ed79638925 ExtendedVerify-git-version: git version 2.35.1
flatpak 1.12.4 This is a regression fix update, reverting non-backwards-compatible behaviour changes in the solution previously chosen for CVE-2022-21682. Flatpak 1.12.3 and 1.10.6 changed the behaviour of `--nofilesystem=host` and `--nofilesystem=home` in a way that was not backwards-compatible in all cases. For example, some Flatpak users previously used a global `flatpak override --nofilesystem=home` or `flatpak override --nofilesystem=host`, but expected that individual apps would still be able to have finer-grained filesystem access granted by the app manifest, such as Zoom's `--filesystem=~/Documents/Zoom:create`. With the changes in 1.12.3, this no longer had the intended result, because `--nofilesystem=home` was special-cased to disallow inheriting the finer-grained `--filesystem`. Flatpak 1.12.4 and 1.10.7 return to the previous behaviour of `--nofilesystem=host` and `--nofilesystem=home`. Instead, CVE-2022-21682 will be resolved by a new 1.2.2 release of flatpak-builder, which will use a new option `--nofilesystem=host:reset` introduced in Flatpak 1.12.4 and 1.10.7. In addition to behaving like `--nofilesystem=host`, the new option prevents filesystem permissions from being inherited from the app manifest. Other changes: * Clarify documentation of `--nofilesystem` * Improve unit test coverage around `--filesystem` and `--nofilesystem` * Restore compatibility with older appstream-glib versions, fixing a regression in 1.12.3 Git-EVTag-v0-SHA512: 61d12aef36cf0850a69bab9df268de365366f017333511f117c63a86e804945644cef2d84067a4150a53549d8c8b109585c8fef0c0933c456b01c4a7087fd8e9
flatpak 1.10.7 This is a regression fix update, reverting non-backwards-compatible behaviour changes in the solution previously chosen for CVE-2022-21682. Flatpak 1.12.3 and 1.10.6 changed the behaviour of `--nofilesystem=host` and `--nofilesystem=home` in a way that was not backwards-compatible in all cases. For example, some Flatpak users previously used a global `flatpak override --nofilesystem=home` or `flatpak override --nofilesystem=host`, but expected that individual apps would still be able to have finer-grained filesystem access granted by the app manifest, such as Zoom's `--filesystem=~/Documents/Zoom:create`. With the changes in 1.12.3, this no longer had the intended result, because `--nofilesystem=home` was special-cased to disallow inheriting the finer-grained `--filesystem`. Flatpak 1.12.4 and 1.10.7 return to the previous behaviour of `--nofilesystem=host` and `--nofilesystem=home`. Instead, CVE-2022-21682 will be resolved by a new 1.2.2 release of flatpak-builder, which will use a new option `--nofilesystem=host:reset` introduced in Flatpak 1.12.4 and 1.10.7. In addition to behaving like `--nofilesystem=host`, the new option prevents filesystem permissions from being inherited from the app manifest. Other changes: * Clarify documentation of `--nofilesystem` * Improve unit test coverage around `--filesystem` and `--nofilesystem` * Restore compatibility with older appstream-glib versions, fixing a regression in 1.12.3 * Update variant-schema-compiler subproject to fix builds with newer versions of pyparsing (the content of the generated code is not affected) * Make the unit test for CVE-2021-43860 robust against versions of Python's http.server module that only read timestamps with a 1 second granularity Git-EVTag-v0-SHA512: 91a47d62e3ae4b541d835a1fc786034b58a45d7895f82f3d16252e3feb729f67204ea1474a61e2567b47c29a913ce690be3a3e740bd18a1d3bc34aa4ed4c43c7