jonathan/flatpak
1
0
Fork 0
forked from rpms/flatpak
Code Pull Requests Activity

Fixes CVE-2024-32462

Browse Source
This commit is contained in:
Jonathan Wright 2024-05-07 09:20:57 -05:00
parent ca33e6c3b9
commit 1045f6590d
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
flatpak.spec
View File

@ -3,7 +3,7 @@
Name: flatpak Name: flatpak
Version: 1.12.8 Version: 1.12.8
Release: 1%{?dist} Release: 1%{?dist}.alma.1
Summary: Application deployment framework for desktop apps Summary: Application deployment framework for desktop apps
License: LGPLv2+ License: LGPLv2+
@ -17,6 +17,9 @@ Source1: flatpak-add-fedora-repos.service
# https://bugzilla.redhat.com/show_bug.cgi?id=1935508 # https://bugzilla.redhat.com/show_bug.cgi?id=1935508
Patch0: flatpak-dir-Use-SHA256-not-SHA1-to-name-the-cache-for-a-filt.patch Patch0: flatpak-dir-Use-SHA256-not-SHA1-to-name-the-cache-for-a-filt.patch
# https://github.com/flatpak/flatpak/security/advisories/GHSA-phv6-cpc2-2fgj
# https://github.com/flatpak/flatpak/commit/81abe2a37d363f5099c3d0bdcd0caad6efc5bf97
Patch1: flatpak-cve-2024-32462.patch
BuildRequires: pkgconfig(appstream-glib) BuildRequires: pkgconfig(appstream-glib)
BuildRequires: pkgconfig(dconf) BuildRequires: pkgconfig(dconf)
@ -276,6 +279,9 @@ fi
%changelog %changelog
* Tue Apr 30 2024 Jonathan Wright <jonathan@almalinux.org> - 1.12.8-1.alma.1
- Fix CVE-2024-32462
* Tue Jul 11 2023 Debarshi Ray <rishi@fedoraproject.org> - 1.12.8-1 * Tue Jul 11 2023 Debarshi Ray <rishi@fedoraproject.org> - 1.12.8-1
- Update to 1.12.8 (CVE-2023-28100, CVE-2023-28101) - Update to 1.12.8 (CVE-2023-28100, CVE-2023-28101)
Resolves: #2180312, #2221792 Resolves: #2180312, #2221792