Update to 1.12.8 (CVE-2023-28100, CVE-2023-28101)

.flatpak.metadata

@@ -0,0 +1 @@
+aadb61d0d67fa6bc4a3cbe54b0acfb78403a5cd1 flatpak-1.12.8.tar.xz

.gitignore

@@ -98,3 +98,4 @@
 /flatpak-1.12.4.tar.xz
 /flatpak-1.12.5.tar.xz
 /flatpak-1.12.7.tar.xz
+/flatpak-1.12.8.tar.xz

flatpak.spec

@@ -2,8 +2,8 @@
 %global ostree_version 2020.8
 
 Name:           flatpak
-Version:        1.12.7
-Release:        2%{?dist}
+Version:        1.12.8
+Release:        1%{?dist}
 Summary:        Application deployment framework for desktop apps
 
 License:        LGPLv2+
@@ -24,6 +24,7 @@ BuildRequires:  pkgconfig(fuse)
 BuildRequires:  pkgconfig(gdk-pixbuf-2.0)
 BuildRequires:  pkgconfig(gio-unix-2.0)
 BuildRequires:  pkgconfig(gobject-introspection-1.0) >= 1.40.0
+BuildRequires:  pkgconfig(gpgme)
 BuildRequires:  pkgconfig(json-glib-1.0)
 BuildRequires:  pkgconfig(libarchive) >= 2.8.0
 BuildRequires:  pkgconfig(libseccomp)
@@ -39,7 +40,6 @@ BuildRequires:  bubblewrap >= %{bubblewrap_version}
 BuildRequires:  docbook-dtds
 BuildRequires:  docbook-style-xsl
 BuildRequires:  gettext
-BuildRequires:  gpgme-devel
 BuildRequires:  libcap-devel
 BuildRequires:  python3-pyparsing
 BuildRequires:  systemd
@@ -276,6 +276,10 @@ fi
 
 
 %changelog
+* Tue Jul 11 2023 Debarshi Ray <rishi@fedoraproject.org> - 1.12.8-1
+- Update to 1.12.8 (CVE-2023-28100, CVE-2023-28101)
+Resolves: #2180312, #2221792
+
 * Mon Jun 27 2022 Debarshi Ray <rishi@fedoraproject.org> - 1.12.7-2
 - Let flatpak own %%{_sysconfdir}/flatpak
 Resolves: #2101456

sources

@@ -1 +1 @@
-SHA512 (flatpak-1.12.7.tar.xz) = 425f9d330c649de1079f3286cb6ad8cf7b6e5838921effa4fd6f51020b9bf7991ded9071566ec7032b9868ef3f7e14d1fb7c2be96f903e3af23a075592b78f50
+SHA512 (flatpak-1.12.8.tar.xz) = 5a37d94e12c18a746b222c1ddbd20bddfb22079af1d3a79dc819cdb25f04774c9e4b3a51f9b5ed64f210317e7ec9fb97324ae38ec3430c6a515ba4042805fc57