From 94a2a6d212a29ab4da7df1fde82cd172ab40aee9 Mon Sep 17 00:00:00 2001 From: Markus Volk Date: Fri, 10 May 2024 07:43:57 +0200 Subject: flatpak: update 1.15.6 -> 1.15.8 - remove included patches - set path for fusermount3 to avoid requirement for fuse3-native. This is needed since: https://github.com/flatpak/flatpak/commit/2cb17b4eb82ecedaa98b5b7f954cf3e52fa95682 Changes in 1.15.8 ~~~~~~~~~~~~~~~~~ Security fixes: * Don't allow an executable name to be misinterpreted as a command-line option for bwrap(1). This prevents a sandbox escape where a malicious or compromised app could ask xdg-desktop-portal to generate a .desktop file with access to files outside the sandbox. (CVE-2024-32462) Other bug fixes: * Pass the -export-dynamic linker option as -Wl,-export-dynamic, fixing build failures with clang 18 and lld 18 (#5760) * Fix a double-free when installation is cancelled (#5763) * Fix installed-tests failure with "FUSERMOUNT: unbound variable" (#5751) * Translation updates: pt_BR (#5762), tr (#5761) Changes in 1.15.7 ~~~~~~~~~~~~~~~~~ Released: 2024-03-27 Dependencies: * The Meson build system is now required. Compiling with Autotools is no longer possible. * In distributions that compile Flatpak to use a separate bubblewrap (bwrap) executable, version 0.9.0 is recommended. Several of the bug fixes listed below will not be active if an older version is used. * In distributions that compile Flatpak to use a separate xdg-dbus-proxy executable, version 0.1.5 is recommended. * If libmalcontent (parental controls) is enabled, it must be version 0.5.0 or later. New features: * Automatically remove obsolete driver versions and other autopruned refs (#5632) * `--socket=inherit-wayland-socket` (#5614) * Automatically reload D-Bus session bus configuration after installing or upgrading apps, to pick up any exported D-Bus services (#3342) Bug fixes: * Update included copy of bubblewrap to version 0.9.0: * `--symlink` is now idempotent, meaning it succeeds if the symlink already exists and already has the desired target (#2387, #3477, #5255) * Report a better error message if `mount(2)` fails with `ENOSPC` * Fix a double-close on error reading from `--args`, `--seccomp` or `--add-seccomp-fd` argument * Improve memory allocation behaviour * Silence various compiler warnings * Update included copy of bubblewrap to version 0.1.5: * Fix handling of long object paths * Don't parse `` as the application name (#5700) * Don't refuse to start apps when there is no D-Bus system bus available (#5076) * Don't try to repeat migration of apps whose data was migrated to a new name and then deleted (#5668) * Improve handling of mixed locales on systems with systemd-localed (#5497) * Improve display of ellipsized columns in wide terminals (#5722) * Make `flatpak info -e` look for extensions in all installations (#5670) * Fix warnings from newer GLib versions (#5660, #5737) * Always set the `container` environment variable (#5610) * Always let the app inherit redirected file descriptors (#5626) * In `flatpak ps`, add xdg-desktop-portal-gnome to the list of backends we'll use to learn which apps are running in the background (#5729) * Don't use `WAYLAND_SOCKET` unless given `--socket=inherit-wayland-socket` (#5614) * Use `fusermount3` if compiled with FUSE 3, overridable with `-Dsystem_fusermount` compile-time option (#5104) * Avoid leaking a temporary variable from /etc/profile.d/flatpak.sh into the shell environment (#5574) * Improve async-signal safety (#5687) * Fix various memory leaks (#5683, #5690, #5691) * Avoid undefined behaviour of signed left-shift when storing object IDs in a hash table (#5738) * Detect the correct gtk-doc when cross-compiling (#5650) * Detect the correct wayland-scanner when cross-compiling (#5596) * Documentation improvements (#5659, #5677, #5682, #5664, #5719) * Skip more tests when FUSE isn't available (#5611) * Translation updates (#5602, #5707) Signed-off-by: Markus Volk Signed-off-by: Khem Raj Signed-off-by: Armin Kuster --- ....build-require-for-native-wayland-scanner.patch | 28 -------- .../0001-meson.build-require-native-gtkdoc.patch | 33 --------- meta-oe/recipes-extended/flatpak/flatpak_1.15.6.bb | 78 ---------------------- meta-oe/recipes-extended/flatpak/flatpak_1.15.8.bb | 78 ++++++++++++++++++++++ 4 files changed, 78 insertions(+), 139 deletions(-) delete mode 100644 meta-oe/recipes-extended/flatpak/flatpak/0001-meson.build-require-for-native-wayland-scanner.patch delete mode 100644 meta-oe/recipes-extended/flatpak/flatpak/0001-meson.build-require-native-gtkdoc.patch delete mode 100644 meta-oe/recipes-extended/flatpak/flatpak_1.15.6.bb create mode 100644 meta-oe/recipes-extended/flatpak/flatpak_1.15.8.bb diff --git a/meta-oe/recipes-extended/flatpak/flatpak/0001-meson.build-require-for-native-wayland-scanner.patch b/meta-oe/recipes-extended/flatpak/flatpak/0001-meson.build-require-for-native-wayland-scanner.patch deleted file mode 100644 index b076a3fffd..0000000000 --- a/meta-oe/recipes-extended/flatpak/flatpak/0001-meson.build-require-for-native-wayland-scanner.patch +++ /dev/null @@ -1,28 +0,0 @@ -From ced2e933cf647874da4baff002e0987b9bfe5fac Mon Sep 17 00:00:00 2001 -From: Markus Volk -Date: Sat, 18 Nov 2023 15:07:49 +0100 -Subject: [PATCH] meson.build: require for native wayland-scanner - -Signed-off-by: Markus Volk - -Upstream-Status: Submitted [https://github.com/flatpak/flatpak/pull/5596] ---- - meson.build | 4 ++-- - 1 file changed, 1 insertions(+), 1 deletions(-) - -diff --git a/meson.build b/meson.build -index f4e5b3a3..5d2f9eba 100644 ---- a/meson.build -+++ b/meson.build -@@ -207,7 +207,7 @@ gtkdoc_dep = dependency('gtk-doc', required : get_option('gtkdoc')) - build_gtk_doc = gtkdoc_dep.found() - - wayland_client = dependency('wayland-client', required : get_option('wayland_security_context')) --wayland_scanner = dependency('wayland-scanner', version : '>= 1.15', required : get_option('wayland_security_context')) -+wayland_scanner = dependency('wayland-scanner', version : '>= 1.15', required : get_option('wayland_security_context'), native : true) - wayland_protocols = dependency('wayland-protocols', version : '>= 1.32', required : get_option('wayland_security_context')) - build_wayland_security_context = wayland_client.found() and wayland_scanner.found() and wayland_protocols.found() - --- -2.42.0 - diff --git a/meta-oe/recipes-extended/flatpak/flatpak/0001-meson.build-require-native-gtkdoc.patch b/meta-oe/recipes-extended/flatpak/flatpak/0001-meson.build-require-native-gtkdoc.patch deleted file mode 100644 index 77b60ec98c..0000000000 --- a/meta-oe/recipes-extended/flatpak/flatpak/0001-meson.build-require-native-gtkdoc.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 49737b1e4a74c77a8cd7ae727974d68503da087f Mon Sep 17 00:00:00 2001 -From: Markus Volk -Date: Fri, 12 Jan 2024 13:52:08 +0100 -Subject: [PATCH] meson.build: require native gtkdoc - -this fixes: -| Run-time dependency gtk-doc found: NO (tried pkgconfig) -| -| ../git/meson.build:206:13: ERROR: Dependency "gtk-doc" not found, tried pkgconfig - -Upstream-Status: Submitted [https://github.com/flatpak/flatpak/pull/5650/commits/e5de3e46b917f830d7f81e9db6ed2a9b7d7db942] - -Signed-off-by: Markus Volk ---- - meson.build | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/meson.build b/meson.build -index f7f9372d..dccc3eb4 100644 ---- a/meson.build -+++ b/meson.build -@@ -203,7 +203,7 @@ appstream_dep = dependency('appstream', version : '>=0.12.0') - gdk_pixbuf_dep = dependency('gdk-pixbuf-2.0') - libseccomp_dep = dependency('libseccomp', required : get_option('seccomp')) - gir_dep = dependency('gobject-introspection-1.0', version : '>=1.40.0', required : get_option('gir')) --gtkdoc_dep = dependency('gtk-doc', required : get_option('gtkdoc')) -+gtkdoc_dep = dependency('gtk-doc', required : get_option('gtkdoc'), native : true) - build_gtk_doc = gtkdoc_dep.found() - - wayland_client = dependency('wayland-client', required : get_option('wayland_security_context')) --- -2.43.0 - diff --git a/meta-oe/recipes-extended/flatpak/flatpak_1.15.6.bb b/meta-oe/recipes-extended/flatpak/flatpak_1.15.6.bb deleted file mode 100644 index 97e57c13d5..0000000000 --- a/meta-oe/recipes-extended/flatpak/flatpak_1.15.6.bb +++ /dev/null @@ -1,78 +0,0 @@ -DESCRIPTION = "Desktop containment framework." -HOMEPAGE = "http://flatpak.org" -LICENSE = "LGPL-2.1-only" -LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c" - -SRC_URI = " \ - gitsm://github.com/flatpak/flatpak;protocol=https;branch=main \ - file://0001-flatpak-pc-add-pc_sysrootdir.patch \ - file://0001-meson.build-require-for-native-wayland-scanner.patch \ - file://0001-meson.build-require-native-gtkdoc.patch \ -" - -SRCREV = "27b11b93c2a80a91c9461bc6c7f5e9a201406041" - -S = "${WORKDIR}/git" - -inherit meson pkgconfig gettext systemd gtk-doc gobject-introspection python3native useradd mime features_check - -REQUIRED_DISTRO_FEATURES = "polkit" - -DEPENDS = " \ - appstream \ - bison-native \ - dconf \ - fuse3 \ - gdk-pixbuf \ - glib-2.0 \ - gpgme \ - json-glib \ - libarchive \ - libcap \ - libxml2 \ - ostree \ - polkit \ - python3-pyparsing-native \ - zstd \ -" - -RDEPENDS:${PN} = " \ - ca-certificates \ - dconf \ - flatpak-xdg-utils \ -" - -GIR_MESON_OPTION = "gir" -GIR_MESON_ENABLE_FLAG = 'enabled' -GIR_MESON_DISABLE_FLAG = 'disabled' -GTKDOC_MESON_OPTION = 'gtkdoc' -GTKDOC_MESON_ENABLE_FLAG = 'enabled' -GTKDOC_MESON_DISABLE_FLAG = 'disabled' - -PACKAGECONFIG[curl] = "-Dhttp_backend=curl,,curl" -PACKAGECONFIG[docbook_docs] = "-Ddocbook_docs=enabled,-Ddocbook_docs=disabled,xmlto-native" -PACKAGECONFIG[man] = "-Dman=enabled,-Dman=disabled,libxslt-native" -PACKAGECONFIG[soup] = "-Dhttp_backend=soup,,libsoup-2.4" -PACKAGECONFIG[tests] = "-Dtests=true,-Dtests=false,xauth socat-native" -PACKAGECONFIG[xauth] = "-Dxauth=enabled,-Dxauth=disabled,xauth" -PACKAGECONFIG[seccomp] = "-Dseccomp=enabled,-Dseccomp=disabled,libseccomp" -PACKAGECONFIG[selinux] = "-Dselinux_module=enabled,-Dselinux_module=disabled,libselinux" -PACKAGECONFIG[wayland-security-context] = "-Dwayland_security_context=enabled,-Dwayland_security_context=disabled,wayland wayland-native wayland-protocols" - -PACKAGECONFIG ?= " \ - curl \ - ${@bb.utils.contains('DISTRO_FEATURES', 'x11', 'xauth', '', d)} \ - ${@bb.utils.contains('DISTRO_FEATURES', 'seccomp', 'seccomp', '', d)} \ - ${@bb.utils.contains('DISTRO_FEATURES', 'wayland', 'wayland-security-context', '', d)} \ -" - -FILES:${PN} += "${libdir} ${datadir}" - -USERADD_PACKAGES = "${PN}" -USERADD_PARAM:${PN} = "--system --no-create-home --user-group --home-dir ${sysconfdir}/polkit-1 polkitd" - -do_install:append() { - chmod 0700 ${D}/${datadir}/polkit-1/rules.d - chown polkitd ${D}/${datadir}/polkit-1/rules.d - chgrp root ${D}/${datadir}/polkit-1/rules.d -} diff --git a/meta-oe/recipes-extended/flatpak/flatpak_1.15.8.bb b/meta-oe/recipes-extended/flatpak/flatpak_1.15.8.bb new file mode 100644 index 0000000000..8719d3ef03 --- /dev/null +++ b/meta-oe/recipes-extended/flatpak/flatpak_1.15.8.bb @@ -0,0 +1,78 @@ +DESCRIPTION = "Desktop containment framework." +HOMEPAGE = "http://flatpak.org" +LICENSE = "LGPL-2.1-only" +LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c" + +SRC_URI = " \ + gitsm://github.com/flatpak/flatpak;protocol=https;branch=main \ + file://0001-flatpak-pc-add-pc_sysrootdir.patch \ +" + +SRCREV = "925c80f913d69e7ca424428823e1431c4ffb0deb" + +S = "${WORKDIR}/git" + +inherit meson pkgconfig gettext systemd gtk-doc gobject-introspection python3native useradd mime features_check + +REQUIRED_DISTRO_FEATURES = "polkit" + +DEPENDS = " \ + appstream \ + bison-native \ + dconf \ + fuse3 \ + gdk-pixbuf \ + glib-2.0 \ + gpgme \ + json-glib \ + libarchive \ + libcap \ + libxml2 \ + ostree \ + polkit \ + python3-pyparsing-native \ + zstd \ +" + +RDEPENDS:${PN} = " \ + ca-certificates \ + dconf \ + flatpak-xdg-utils \ +" + +GIR_MESON_OPTION = "gir" +GIR_MESON_ENABLE_FLAG = 'enabled' +GIR_MESON_DISABLE_FLAG = 'disabled' +GTKDOC_MESON_OPTION = 'gtkdoc' +GTKDOC_MESON_ENABLE_FLAG = 'enabled' +GTKDOC_MESON_DISABLE_FLAG = 'disabled' + +PACKAGECONFIG[curl] = "-Dhttp_backend=curl,,curl" +PACKAGECONFIG[docbook_docs] = "-Ddocbook_docs=enabled,-Ddocbook_docs=disabled,xmlto-native" +PACKAGECONFIG[man] = "-Dman=enabled,-Dman=disabled,libxslt-native" +PACKAGECONFIG[soup] = "-Dhttp_backend=soup,,libsoup-2.4" +PACKAGECONFIG[tests] = "-Dtests=true,-Dtests=false,xauth socat-native" +PACKAGECONFIG[xauth] = "-Dxauth=enabled,-Dxauth=disabled,xauth" +PACKAGECONFIG[seccomp] = "-Dseccomp=enabled,-Dseccomp=disabled,libseccomp" +PACKAGECONFIG[selinux] = "-Dselinux_module=enabled,-Dselinux_module=disabled,libselinux" +PACKAGECONFIG[wayland-security-context] = "-Dwayland_security_context=enabled,-Dwayland_security_context=disabled,wayland wayland-native wayland-protocols" + +PACKAGECONFIG ?= " \ + curl \ + ${@bb.utils.contains('DISTRO_FEATURES', 'x11', 'xauth', '', d)} \ + ${@bb.utils.contains('DISTRO_FEATURES', 'seccomp', 'seccomp', '', d)} \ + ${@bb.utils.contains('DISTRO_FEATURES', 'wayland', 'wayland-security-context', '', d)} \ +" + +EXTRA_OEMESON = "-Dsystem_fusermount=${bindir}/fusermount3" + +FILES:${PN} += "${libdir} ${datadir}" + +USERADD_PACKAGES = "${PN}" +USERADD_PARAM:${PN} = "--system --no-create-home --user-group --home-dir ${sysconfdir}/polkit-1 polkitd" + +do_install:append() { + chmod 0700 ${D}/${datadir}/polkit-1/rules.d + chown polkitd ${D}/${datadir}/polkit-1/rules.d + chgrp root ${D}/${datadir}/polkit-1/rules.d +} -- cgit v1.2.3-54-g00ecf