Hello community, here is the log from the commit of package flatpak.13486 for openSUSE:Leap:15.2:Update checked in at 2020-07-26 16:25:40 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.2:Update/flatpak.13486 (Old) and /work/SRC/openSUSE:Leap:15.2:Update/.flatpak.13486.new.3592 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "flatpak.13486" Sun Jul 26 16:25:40 2020 rev:1 rq:822387 version:1.6.3 Changes: -------- New Changes file: --- /dev/null 2020-07-16 02:54:20.700682797 +0200 +++ /work/SRC/openSUSE:Leap:15.2:Update/.flatpak.13486.new.3592/flatpak.changes 2020-07-26 16:25:41.505161543 +0200 @@ -0,0 +1,3012 @@ +------------------------------------------------------------------- +Tue Jun 16 02:21:39 UTC 2020 - Yifan Jiang <yfji...@suse.com> + +- Create a skeleton flatpak repo using "flatpak remotes" instead + of a manually created directory (bsc#1172316, bsc#1169619, + bsc#1170416). + +------------------------------------------------------------------- +Mon May 18 08:53:10 UTC 2020 - Yifan Jiang <yfji...@suse.com> + +- When SLE uses GNOME desktop environment, GNOME Software is + automatically started to provide key update features. During the + startup, it setups flatpak repository so that related features + can function properly. In a system environment of no flatpak + repository has ever been setup before, this triggers + "org.freedesktop.Flatpak.modify-repo" polkit action. + + Therefore in systems which use a restrictive security policy + (eg. SLES) for the aforementioned policy action, a polkit + authentication dialog will pop up without any user interaction + for the first time login. This is not user friendly. + + This submission creates /var/lib/flatpak/repo at package + installation to avoid such a confusing authentication pop-up, at + nearly 0 cost of security compromise (bsc#1169619, bsc#1170416). + +------------------------------------------------------------------- +Mon Apr 6 14:31:20 UTC 2020 - Antonio Larrosa <alarr...@suse.com> + +- Require bubblewrap 0.4.1 + +------------------------------------------------------------------- +Mon Apr 6 09:32:31 UTC 2020 - Antonio Larrosa <alarr...@suse.com> + +- Update to version 1.6.3: + + The main change in this version is a fix for a regression in + the progress calculation for applications using extra-data. + Additionally the bundled version of bubblewrap is updated to + 0.4.1 which fixes a security issue in some cases. See + GHSA-j2qp-rvxj-43vj for details. + + Don't break if users primary gid is not in the nsswitch + database + + Fix crash in flatpak repair if no remotes are configured + + Some updates to the oci authenticator + + Retry downloads of extra data + + Updated translations. + +------------------------------------------------------------------- +Sun Feb 16 17:22:44 UTC 2020 - Bjørn Lie <bjorn....@gmail.com> + +- Drop obsolete _servicedata file. + +------------------------------------------------------------------- +Thu Feb 13 15:57:51 UTC 2020 - Antonio Larrosa <alarr...@suse.com> + +- Update to version 1.6.2: + + Due to a combination of some behaviour in flatpak and recent + versions of ostree we at some point lost the use of deltas for + the initial install case, instead always falling back to a full + ostree operation which is a lot less efficient for pulls with + many small files like a runtime. This caused some very slow + installs from e.g. flathub, so it's recommended to update to + this version to get better install performance. + + We now correctly handle TMPDIR env var overrides when bwrap is + setuid + + Disallow running "flatpak run" under sudo (as it doesn't work + and causes issues) + + Fix build with older versions of glib + + Minor documentation updates + + Updated translations. + +------------------------------------------------------------------- +Thu Jan 30 16:56:01 UTC 2020 - Antonio Larrosa <alarr...@suse.com> + +- Update to version 1.6.1: + + This is a (mild) security update. Flatpak 1.6.0 added the + ability for an application to request it to be updated, as long + as the new version doesn't require new permissions. + Unfortunately in some special cases, if an app had access to + the home directory, but not the rest of the filesystem it would + still allow a self-update where the new version could access + some files outside the home directory. + + New permission --device=shm giving access to host /dev/shm, as + needed for jack. + + Generated correct download size in build-commit-from + + sub-sandbox now allows the child to share the gpu of the caller + has full device access + + Fix crash with disabled remotes + + Fix builds with older versions of glib + + Updated translations. + +------------------------------------------------------------------- +Sat Jan 25 14:07:31 UTC 2020 - Dominique Leuenberger <dims...@opensuse.org> + +- No longer recommend -lang: supplements are in use + +------------------------------------------------------------------- +Tue Jan 14 11:23:06 UTC 2020 - Antonio Larrosa <alarr...@suse.com> + +- Update dependencies required by flatpak 1.6.0 . +- Require xdg-dbus-proxy instead of building the (outdated) + builtin version. + +------------------------------------------------------------------- +Mon Dec 30 10:00:24 UTC 2019 - Dominique Leuenberger <dims...@opensuse.org> + +- Change %_prefix/lib to %_libexecdir: Makefile installs the file + explicitly into libexecdir. Let's be ready in case this path is + going to change. + +------------------------------------------------------------------- +Fri Dec 27 10:23:14 UTC 2019 - Dominique Leuenberger <dims...@opensuse.org> + +- Co-own /usr/lib/systemd/user-environment-generators. We don't + want to forcibly pull in systemd into the buildroot just to own + this directory. + +------------------------------------------------------------------- +Fri Dec 20 22:44:39 UTC 2019 - Bjørn Lie <bjorn....@gmail.com> + +- Update to version 1.6.0: + + This is the first stable release in the 1.6 series, main + changes since 1.4 is the support for protected content and + improvements in the self-sandboxing support. + + There is one change in the support for OCI remotes, we now only + support the use of labels, not annotations, as labels work with + more registries. This means pre-existing OCI flatpak registries + (like fedora) may need some changes. + + New permissions --socket=cups for direct cups access. + + Fix some leaks. + + Fix reporting of progress with latest version of ostree. + + New no-interaction flag for authenticators. + + Support for auto-installing authenticators from a flatpak + remote. + + Warn less about unset XDG_DATA_DIRS. + + Don't poll for updates in the portal when on a metered + connection. +- Modernize spec with current macros. + +------------------------------------------------------------------- +Mon Nov 25 16:59:29 UTC 2019 - Frederic Crozat <fcro...@suse.com> + +- Package empty /etc/flatpak/remotes.d. + +------------------------------------------------------------------- +Wed Nov 20 12:53:08 UTC 2019 - Dominique Leuenberger <dims...@opensuse.org> + +- Add pkgconfig(libsystemd) BuildRequires (boo#1157126). +- Drop systemd_requires: strictly speaking, we do not require + systemd. + +------------------------------------------------------------------- +Mon Oct 21 19:10:42 UTC 2019 - Bjørn Lie <bjorn....@gmail.com> + +- Update to version 1.4.3: + + Fix crash in revokefs. + + Handle 'versions' extension key (in addition to 'version') when + checking for local extensions, which was causing us to + uninstall some actually used extensions with uninstall + --unused. + + The 'required-flatpak' metadata key now supports listing + multiple versions to support backported features. + + Fix crash with older versions of polkit. + + Fix installation of bundles. + + Fix crash on deploy error. + + Support building bundles of apps installed from a remote. + + OCI: Fix handling of locally cached icons. + + Fix crash when listing unconfigured remotes. + + Ignore differences in trailing slashes for repo uris. + +------------------------------------------------------------------- +Mon Jul 8 12:53:30 UTC 2019 - Dominique Leuenberger <dims...@opensuse.org> + +- Add system-user-flatpak.conf: generate a flatpak user for the + system helper (boo#1137537). + +------------------------------------------------------------------- +Wed Jul 3 08:27:20 UTC 2019 - Antonio Larrosa <alarr...@suse.com> + +- Update to version 1.4.2: + * Support extra_data in extensions. + * Handle double slashes ("//") in XDG_DATA_DIRS. + * Fix detection of local related refs. + +------------------------------------------------------------------- +Thu Jun 14 09:33:16 UTC 2019 - Antonio Larrosa <alarr...@suse.com> + +- Add a _dbusconfigdir variable in the spec file so we install the + flatpak-system-helper config file in a location actually read by + dbus, which didn't support having config files in /usr/share + until 1.9.18 (first introduced in SLE15). +- Remove the systemd environment generator if building with + systemd < 233 which doesn't support environment generators. +- Rename the libflapak-doc.xml file which has a typo in the name + upstream. +- BuildRequire libgpgme-devel, not libqgpgme-devel which is not + really needed. ++++ 2815 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:Leap:15.2:Update/.flatpak.13486.new.3592/flatpak.changes New: ---- _service flatpak-1.6.3.tar.xz flatpak.changes flatpak.spec polkit_rules_usability.patch system-user-flatpak.conf ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ flatpak.spec ++++++ # # spec file for package flatpak # # Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via https://bugs.opensuse.org/ # # dbus only used config files in /etc until 1.9.18 %if %{pkg_vcmp dbus-1 < 1.9.18} %define _dbusconfigdir %{_sysconfdir}/dbus-1/system.d %else %define _dbusconfigdir %{_datadir}/dbus-1/system.d %endif # systemd only supports environment generators since version 233 %if %{pkg_vcmp systemd < 233} %define support_environment_generators 0 %else %define support_environment_generators 1 %endif %define libname libflatpak0 Name: flatpak Version: 1.6.3 Release: 0 Summary: OSTree based application bundles management License: LGPL-2.1-or-later Group: System/Packages URL: https://flatpak.github.io/ Source0: %{name}-%{version}.tar.xz Source1: system-user-flatpak.conf Patch0: polkit_rules_usability.patch BuildRequires: bison BuildRequires: bubblewrap >= 0.4.1 BuildRequires: docbook-xsl-stylesheets BuildRequires: gtk-doc BuildRequires: intltool >= 0.35.0 BuildRequires: libcap-devel BuildRequires: libdwarf-devel BuildRequires: libgpgme-devel >= 1.1.8 BuildRequires: libtool BuildRequires: pkgconfig BuildRequires: sysuser-tools BuildRequires: xdg-dbus-proxy >= 0.1.0 BuildRequires: xsltproc BuildRequires: pkgconfig(appstream-glib) BuildRequires: pkgconfig(dconf) BuildRequires: pkgconfig(fuse) BuildRequires: pkgconfig(gio-2.0) BuildRequires: pkgconfig(gio-unix-2.0) BuildRequires: pkgconfig(glib-2.0) >= 2.44 BuildRequires: pkgconfig(gobject-introspection-1.0) >= 1.40.0 BuildRequires: pkgconfig(gobject-introspection-no-export-1.0) >= 1.40.0 BuildRequires: pkgconfig(json-glib-1.0) BuildRequires: pkgconfig(libarchive) >= 2.8.0 BuildRequires: pkgconfig(libelf) >= 0.8.12 BuildRequires: pkgconfig(libseccomp) BuildRequires: pkgconfig(libsoup-2.4) BuildRequires: pkgconfig(libsystemd) BuildRequires: pkgconfig(ostree-1) >= 2018.9 BuildRequires: pkgconfig(polkit-gobject-1) BuildRequires: pkgconfig(systemd) BuildRequires: pkgconfig(xau) Requires: %{libname} = %{version} Requires: bubblewrap >= 0.4.1 Requires: ostree >= 2018.9 Requires: xdg-dbus-proxy >= 0.1.0 Requires: xdg-desktop-portal >= 0.10 Requires: user(flatpak) # Remove after openSUSE Leap 42 is out of scope Provides: xdg-app = %{version} Obsoletes: xdg-app < %{version} %description flatpak is a system for building, distributing and running sandboxed desktop applications on Linux. See https://wiki.gnome.org/Projects/SandboxedApps for more information. %package -n system-user-flatpak Summary: System user for the flatpak system helper Group: System/Base %sysusers_requires %description -n system-user-flatpak System user for the flatpak system helper. %package -n %{libname} Summary: OSTree based application bundle management library Group: System/Libraries %description -n %{libname} flatpak is a system for building, distributing and running sandboxed desktop applications on Linux. See https://wiki.gnome.org/Projects/SandboxedApps for more information. %package -n typelib-1_0-Flatpak-1_0 Summary: Introspection bindings for the flatpak library Group: System/Libraries %description -n typelib-1_0-Flatpak-1_0 flatpak is a system for building, distributing and running sandboxed desktop applications on Linux. See https://wiki.gnome.org/Projects/SandboxedApps for more information. %package zsh-completion Summary: Zsh tab-completion for flatpak Group: System/Shells Supplements: packageand(%{name}:%(rpm -q --qf '%%{NAME}' --whatprovides zsh)) %description zsh-completion flatpak is a system for building, distributing and running sandboxed desktop applications on Linux. See https://wiki.gnome.org/Projects/SandboxedApps for more information. This package provides zsh tab-completion for flatpak. %package devel Summary: Development files for the flatpak library Group: Development/Languages/C and C++ Requires: %{libname} = %{version} Requires: %{name} = %{version} Requires: typelib-1_0-Flatpak-1_0 = %{version} %description devel flatpak is a system for building, distributing and running sandboxed desktop applications on Linux. See https://wiki.gnome.org/Projects/SandboxedApps for more information. %lang_package %prep %autosetup -p1 sed -i -e '1s,#!%{_bindir}/env python3,#!%{_bindir}/python3,' scripts/flatpak-* %build %define _lto_cflags %{nil} NOCONFIGURE=1 ./autogen.sh %configure \ --disable-silent-rules \ --enable-gtk-doc \ --disable-document-portal \ --with-system-bubblewrap \ --with-priv-mode=none \ --with-dbus-config-dir=%{_dbusconfigdir} \ --with-system-dbus-proxy=%{_bindir}/xdg-dbus-proxy \ %{nil} %make_build %sysusers_generate_pre %{SOURCE1} system-user-flatpak %install %make_install find %{buildroot} -type f -name "*.la" -delete -print mkdir -p %{buildroot}%{_sbindir} ln -s service %{buildroot}%{_sbindir}/rcflatpak-system-helper # add a 60- prefix to the rules file, otherwise it is not effective, because # /etc/polkit-1/rules.d/90-default-privs.rules is executed first and if no # polkit-default-privs rule grants access then an explicit reject is the # result. This should fix bsc#984817, granting members of group wheel access # w/o password entry. mv %{buildroot}/%{_datadir}/polkit-1/rules.d/{,60-}org.freedesktop.Flatpak.rules mkdir -p %{buildroot}%{_sysusersdir} install -m 644 %{SOURCE1} %{buildroot}%{_sysusersdir}/system-user-flatpak.conf %if !%{support_environment_generators} rm -Rf %{buildroot}%{_libexecdir}/systemd/user-environment-generators/ %endif mkdir -p %{buildroot}%{_sysconfdir}/flatpak/remotes.d %find_lang %{name} %pre -n system-user-flatpak -f system-user-flatpak.pre %post -n %{libname} -p /sbin/ldconfig %postun -n %{libname} -p /sbin/ldconfig %pre %service_add_pre flatpak-system-helper.service %preun %service_del_preun flatpak-system-helper.service %post %service_add_post flatpak-system-helper.service # Remove any empty repo directory, which is seen as invalid by flatpak. After that, create a skeleton repository using "flatpak remotes". if [ -e "%{_localstatedir}/lib/flatpak/repo" ] && [ -z "$(ls -A %{_localstatedir}/lib/flatpak/repo)" ]; then rm -r %{_localstatedir}/lib/flatpak/repo fi %{_bindir}/flatpak remotes 1> /dev/null %postun %service_del_postun flatpak-system-helper.service %files -f %{name}.lang %license COPYING %{_bindir}/flatpak %{_bindir}/flatpak-bisect %{_bindir}/flatpak-coredumpctl %{_libexecdir}/flatpak-portal %{_libexecdir}/flatpak-session-helper %{_libexecdir}/flatpak-system-helper %{_libexecdir}/flatpak-validate-icon %{_libexecdir}/revokefs-fuse %{_datadir}/bash-completion/completions/flatpak # # Own dirs so we don't have to depend on dbus for building. %dir %{_datadir}/dbus-1 %dir %{_datadir}/dbus-1/interfaces %dir %{_datadir}/dbus-1/services %{_datadir}/dbus-1/interfaces/org.freedesktop.Flatpak.xml %{_datadir}/dbus-1/interfaces/org.freedesktop.portal.Flatpak.xml %{_datadir}/dbus-1/services/org.freedesktop.Flatpak.service %{_datadir}/dbus-1/services/org.freedesktop.portal.Flatpak.service %{_datadir}/dbus-1/system-services/org.freedesktop.Flatpak.SystemHelper.service %{_dbusconfigdir}/org.freedesktop.Flatpak.SystemHelper.conf # policykit rules %{_datadir}/polkit-1/actions/org.freedesktop.Flatpak.policy %{_datadir}/polkit-1/rules.d/60-org.freedesktop.Flatpak.rules %{_mandir}/man1/%{name}*.1%{ext_man} %{_mandir}/man5/flatpak-metadata.5%{ext_man} %{_mandir}/man5/flatpak-flatpakref.5%{ext_man} %{_mandir}/man5/flatpak-flatpakrepo.5%{ext_man} %{_mandir}/man5/flatpak-installation.5%{ext_man} %{_mandir}/man5/flatpak-remote.5%{ext_man} %{_datadir}/%{name}/ %config %{_sysconfdir}/profile.d/flatpak.sh %{_sysconfdir}/flatpak # Own dirs so we don't have to depend on gdm for building. %dir %{_datadir}/gdm/ %dir %{_datadir}/gdm/env.d/ %{_datadir}/gdm/env.d/flatpak.env %{_unitdir}/flatpak-system-helper.service %{_sbindir}/rcflatpak-system-helper %{_userunitdir}/flatpak-session-helper.service %{_userunitdir}/flatpak-portal.service %ghost %dir %{_localstatedir}/lib/flatpak %if %{support_environment_generators} %dir %{_libexecdir}/systemd/user-environment-generators %{_libexecdir}/systemd/user-environment-generators/60-flatpak %endif %{_libexecdir}/flatpak-oci-authenticator %{_userunitdir}/flatpak-oci-authenticator.service %{_datadir}/dbus-1/interfaces/org.freedesktop.Flatpak.Authenticator.xml %{_datadir}/dbus-1/services/org.flatpak.Authenticator.Oci.service %files -n system-user-flatpak %{_sysusersdir}/system-user-flatpak.conf %files -n %{libname} %{_libdir}/libflatpak.so.* %files -n typelib-1_0-Flatpak-1_0 %{_libdir}/girepository-1.0/Flatpak-1.0.typelib %files zsh-completion %dir %{_datadir}/zsh/site-functions %{_datadir}/zsh/site-functions/_flatpak %files devel %{_libdir}/pkgconfig/flatpak.pc %{_datadir}/gtk-doc/ %{_includedir}/%{name}/ %{_libdir}/libflatpak.so %{_datadir}/gir-1.0/Flatpak-1.0.gir %changelog ++++++ _service ++++++ <?xml version="1.0"?> <services> <service name="tar_scm" mode="disabled"> <param name="url">https://github.com/flatpak/flatpak.git</param> <param name="scm">git</param> <param name="versionformat">@PARENT_TAG@</param> <param name="revision">refs/tags/1.6.3</param> </service> <service name="recompress" mode="disabled"> <param name="file">*.tar</param> <param name="compression">xz</param> </service> <service name="set_version" mode="disabled"/> </services> ++++++ polkit_rules_usability.patch ++++++ Index: flatpak-0.11.8.3/system-helper/org.freedesktop.Flatpak.rules.in =================================================================== --- flatpak-0.11.8.3.orig/system-helper/org.freedesktop.Flatpak.rules.in +++ flatpak-0.11.8.3/system-helper/org.freedesktop.Flatpak.rules.in @@ -3,7 +3,10 @@ polkit.addRule(function(action, subject) action.id == "org.freedesktop.Flatpak.runtime-install"|| action.id == "org.freedesktop.Flatpak.app-uninstall" || action.id == "org.freedesktop.Flatpak.runtime-uninstall" || - action.id == "org.freedesktop.Flatpak.modify-repo") && + action.id == "org.freedesktop.Flatpak.modify-repo" || + action.id == "org.freedesktop.Flatpak.app-update" || + action.id == "org.freedesktop.Flatpak.runtime-update" || + action.id == "org.freedesktop.Flatpak.appstream-update") && subject.active == true && subject.local == true && subject.isInGroup("@privileged_group@")) { return polkit.Result.YES; ++++++ system-user-flatpak.conf ++++++ # Type Name ID GECOS [HOME] u flatpak - "User for flatpak system helper"