diff --git a/flatpak-1.14.4.tar.xz b/flatpak-1.14.4.tar.xz deleted file mode 100644 index abfcf52c64f1f666c056e3583ee07809183b4258..0000000000000000000000000000000000000000 Binary files a/flatpak-1.14.4.tar.xz and /dev/null differ diff --git a/flatpak-1.15.4.tar.xz b/flatpak-1.15.4.tar.xz new file mode 100644 index 0000000000000000000000000000000000000000..ac9f66d3a311f014015b7cfb7cd29fb7b0ea85d6 Binary files /dev/null and b/flatpak-1.15.4.tar.xz differ diff --git a/flatpak.spec b/flatpak.spec index 09a21a3c394805ae28d5d6524ffaed1577047d31..c00f77b4d72d2bba4a39f63e15207e26dc295e34 100644 --- a/flatpak.spec +++ b/flatpak.spec @@ -1,60 +1,71 @@ %define anolis_release 1 -%global appstream_version 0.14.0 +%global appstream_version 0.15.3 %global bubblewrap_version 0.5.0 +%global glib_version 2.46.0 +%global libcurl_version 7.29.0 %global ostree_version 2020.8 Name: flatpak -Version: 1.14.4 +Version: 1.15.4 Release: %{anolis_release}%{?dist} Summary: Application deployment framework for desktop apps -License: LGPLv2+ -URL: http://flatpak.org/ +License: LGPL-2.1-or-later +URL: https://flatpak.org/ Source0: https://github.com/flatpak/flatpak/releases/download/%{version}/%{name}-%{version}.tar.xz -BuildRequires: pkgconfig(appstream) >= %{appstream_version} -BuildRequires: pkgconfig(dconf) >= 0.26 -BuildRequires: pkgconfig(fuse3) >= 3.1.1 -BuildRequires: pkgconfig(gdk-pixbuf-2.0) -BuildRequires: pkgconfig(gio-2.0) -BuildRequires: pkgconfig(gio-unix-2.0) -BuildRequires: pkgconfig(gobject-introspection-1.0) >= 1.40.0 -BuildRequires: pkgconfig(glib-2.0) >= 2.46 -BuildRequires: pkgconfig(gpgme) >= 1.8.0 -BuildRequires: pkgconfig(json-glib-1.0) -BuildRequires: pkgconfig(libarchive) >= 2.8.0 -BuildRequires: pkgconfig(libcurl) >= 7.29.0 -BuildRequires: pkgconfig(libseccomp) -BuildRequires: pkgconfig(libsystemd) -BuildRequires: pkgconfig(libxml-2.0) >= 2.4 -BuildRequires: pkgconfig(libzstd) >= 0.8.1 -BuildRequires: pkgconfig(malcontent-0) >= 0.4.0 -BuildRequires: pkgconfig(ostree-1) >= %{ostree_version} -BuildRequires: pkgconfig(polkit-agent-1) >= 0.98 -BuildRequires: pkgconfig(xau) +# systemd-sysusers config. Only used for the %%pre macro. Must be kept in sync +# with the config from upstream sources. +Source1: flatpak.sysusers.conf + +BuildRequires: pkgconfig(appstream) >= %{appstream_version} +BuildRequires: pkgconfig(dconf) +BuildRequires: pkgconfig(fuse3) +BuildRequires: pkgconfig(gdk-pixbuf-2.0) +BuildRequires: pkgconfig(gio-unix-2.0) >= %{glib_version} +BuildRequires: pkgconfig(gobject-introspection-1.0) >= 1.40.0 +BuildRequires: pkgconfig(json-glib-1.0) +BuildRequires: pkgconfig(libarchive) >= 2.8.0 +BuildRequires: pkgconfig(libseccomp) +BuildRequires: pkgconfig(libcurl) >= %{libcurl_version} +BuildRequires: pkgconfig(libsystemd) +BuildRequires: pkgconfig(libxml-2.0) >= 2.4 +BuildRequires: pkgconfig(libzstd) >= 0.8.1 +BuildRequires: pkgconfig(malcontent-0) +BuildRequires: pkgconfig(ostree-1) >= %{ostree_version} +BuildRequires: pkgconfig(polkit-gobject-1) +BuildRequires: pkgconfig(xau) BuildRequires: bison BuildRequires: bubblewrap >= %{bubblewrap_version} BuildRequires: docbook-dtds BuildRequires: docbook-style-xsl -BuildRequires: gettext +BuildRequires: gettext-devel BuildRequires: gpgme-devel +BuildRequires: gtk-doc BuildRequires: libcap-devel +BuildRequires: meson BuildRequires: python3-pyparsing BuildRequires: systemd -BuildRequires: xdg-dbus-proxy >= 0.1.0 +BuildRequires: systemd-rpm-macros +BuildRequires: /usr/bin/pkcheck +BuildRequires: /usr/bin/socat +BuildRequires: /usr/bin/xdg-dbus-proxy BuildRequires: /usr/bin/xmlto BuildRequires: /usr/bin/xsltproc %{?sysusers_requires_compat} - + Requires: appstream >= %{appstream_version} Requires: bubblewrap >= %{bubblewrap_version} +Requires: glib2 >= %{glib_version} +Requires: libcurl >= %{libcurl_version} Requires: librsvg2 Requires: ostree-libs >= %{ostree_version} -Requires: xdg-dbus-proxy >= 0.1.0 -Requires: (flatpak-selinux = %{EVR} if selinux-policy-targeted) -Requires: %{name}-session-helper = %{EVR} +Requires: /usr/bin/fusermount +Requires: /usr/bin/xdg-dbus-proxy +Requires: (flatpak-selinux = %{?epoch:%{epoch}:}%{version}-%{release} if selinux-policy-targeted) +Requires: %{name}-session-helper = %{?epoch:%{epoch}:}%{version}-%{release} Recommends: p11-kit-server Recommends: xdg-desktop-portal > 0.10 @@ -66,26 +77,22 @@ more information. %package devel Summary: Development files for %{name} -License: LGPLv2+ -Requires: %{name} = %{version}-%{release} -Requires: %{name}-libs = %{version}-%{release} +Requires: %{name} = %{?epoch:%{epoch}:}%{version}-%{release} +Requires: %{name}-libs = %{?epoch:%{epoch}:}%{version}-%{release} %description devel This package contains the pkg-config file and development headers for %{name}. %package libs Summary: Libraries for %{name} -License: LGPLv2+ Requires: bubblewrap >= %{bubblewrap_version} Requires: ostree >= %{ostree_version} -Requires(pre): /usr/sbin/useradd %description libs This package contains libflatpak. %package selinux Summary: SELinux policy module for %{name} -License: LGPLv2+ BuildRequires: selinux-policy BuildRequires: selinux-policy-devel BuildRequires: make @@ -97,8 +104,7 @@ This package contains the SELinux policy module for %{name}. %package session-helper Summary: User D-Bus service used by %{name} and others -License: LGPLv2+ -Conflicts: flatpak < 1.4.1 +Conflicts: flatpak < 1.4.1-2 Requires: systemd %description session-helper @@ -107,10 +113,9 @@ that's used by %{name} and other packages. %package tests Summary: Tests for %{name} -License: LGPLv2+ -Requires: %{name} = %{version}-%{release} -Requires: %{name}-libs = %{version}-%{release} -Requires: %{name}-session-helper = %{version}-%{release} +Requires: %{name} = %{?epoch:%{epoch}:}%{version}-%{release} +Requires: %{name}-libs = %{?epoch:%{epoch}:}%{version}-%{release} +Requires: %{name}-session-helper = %{?epoch:%{epoch}:}%{version}-%{release} Requires: bubblewrap >= %{bubblewrap_version} Requires: ostree >= %{ostree_version} @@ -143,6 +148,7 @@ autoreconf $CONFIGFLAGS) %make_build + %install %make_install install -pm 644 NEWS README.md %{buildroot}/%{_pkgdocdir} @@ -155,15 +161,13 @@ install -d %{buildroot}%{_sysconfdir}/flatpak/remotes.d %generate_compatibility_deps %pre -getent group flatpak >/dev/null || groupadd -r flatpak -getent passwd flatpak >/dev/null || \ - useradd -r -g flatpak -d / -s /sbin/nologin \ - -c "User for flatpak system helper" flatpak -exit 0 +%sysusers_create_compat %{SOURCE1} + %post selinux %selinux_modules_install %{_datadir}/selinux/packages/flatpak.pp.bz2 + %postun selinux if [ $1 -eq 0 ]; then %selinux_modules_uninstall %{_datadir}/selinux/packages/flatpak.pp.bz2 @@ -204,9 +208,10 @@ fi %{_mandir}/man5/flatpak-installation.5* %{_mandir}/man5/flatpak-remote.5* %{_sysconfdir}/dbus-1/system.d/org.freedesktop.Flatpak.SystemHelper.conf +%dir %{_sysconfdir}/flatpak %{_sysconfdir}/flatpak/remotes.d %{_sysconfdir}/profile.d/flatpak.sh -%{_sysusersdir}/flatpak.conf +%{_sysusersdir}/%{name}.conf %{_unitdir}/flatpak-system-helper.service %{_userunitdir}/flatpak-oci-authenticator.service %{_userunitdir}/flatpak-portal.service @@ -246,6 +251,10 @@ fi %doc README.md NEWS INSTALL %changelog +* Tue Jun 13 2023 mgb01105731 - 1.15.4-1 +- New version 1.15.4 +- Fix CVE-2023-28100 + * Fri Mar 17 2023 Funda Wang - 1.14.4-1 - New version 1.14.4 diff --git a/flatpak.sysusers.conf b/flatpak.sysusers.conf new file mode 100644 index 0000000000000000000000000000000000000000..8203ed594181730879925a14ef945b4edc4d44b2 --- /dev/null +++ b/flatpak.sysusers.conf @@ -0,0 +1 @@ +u flatpak - "Flatpak system helper" -