.flatpak.metadata

@@ -1 +1 @@
-5f93e0a445a2e0088f114c2e2a192ce7a98faae2 SOURCES/flatpak-1.10.7.tar.xz
+41429400eab33868b6c6045fe235e86e1086a056 SOURCES/flatpak-1.12.9.tar.xz

.gitignore

@@ -1 +1 @@
-SOURCES/flatpak-1.10.7.tar.xz
+SOURCES/flatpak-1.12.9.tar.xz

SOURCES/flatpak-Revert-selinux-Permit-using-systemd-userdbd.patch

@@ -0,0 +1,28 @@
+From 1c73110795b865246ce3595042dcd2d5e7891359 Mon Sep 17 00:00:00 2001
+From: Debarshi Ray <debarshir@gnome.org>
+Date: Mon, 6 Nov 2023 20:27:16 +0100
+Subject: [PATCH] Revert "selinux: Permit using systemd-userdbd"
+
+This reverts commit 399710ada185c1ee232bc3e6266a71688eb152b7.
+---
+ selinux/flatpak.te | 4 ----
+ 1 file changed, 4 deletions(-)
+
+diff --git a/selinux/flatpak.te b/selinux/flatpak.te
+index bb3d80e316eb..4cf895c44abe 100644
+--- a/selinux/flatpak.te
++++ b/selinux/flatpak.te
+@@ -33,10 +33,6 @@ optional_policy(`
+    policykit_dbus_chat(flatpak_helper_t)
+ ')
+ 
+-optional_policy(`
+-   systemd_userdbd_stream_connect(flatpak_helper_t)
+-')
+-
+ optional_policy(`                   
+     unconfined_domain(flatpak_helper_t)
+ ')
+-- 
+2.41.0
+

SPECS/flatpak.spec

@@ -2,7 +2,7 @@
 %global ostree_version 2020.8
 
 Name:           flatpak
-Version:        1.10.7
+Version:        1.12.9
 Release:        1%{?dist}
 Summary:        Application deployment framework for desktop apps
 
@@ -10,12 +10,21 @@ License:        LGPLv2+
 URL:            http://flatpak.org/
 Source0:        https://github.com/flatpak/flatpak/releases/download/%{version}/%{name}-%{version}.tar.xz
 
+%if 0%{?fedora}
+# Add Fedora flatpak repositories
+Source1:        flatpak-add-fedora-repos.service
+%endif
+
+# https://issues.redhat.com/browse/RHEL-4220
+Patch0:         flatpak-Revert-selinux-Permit-using-systemd-userdbd.patch
+
 BuildRequires:  pkgconfig(appstream-glib)
 BuildRequires:  pkgconfig(dconf)
 BuildRequires:  pkgconfig(fuse)
 BuildRequires:  pkgconfig(gdk-pixbuf-2.0)
 BuildRequires:  pkgconfig(gio-unix-2.0)
 BuildRequires:  pkgconfig(gobject-introspection-1.0) >= 1.40.0
+BuildRequires:  pkgconfig(gpgme)
 BuildRequires:  pkgconfig(json-glib-1.0)
 BuildRequires:  pkgconfig(libarchive) >= 2.8.0
 BuildRequires:  pkgconfig(libseccomp)
@@ -31,16 +40,14 @@ BuildRequires:  bubblewrap >= %{bubblewrap_version}
 BuildRequires:  docbook-dtds
 BuildRequires:  docbook-style-xsl
 BuildRequires:  gettext
-BuildRequires:  gpgme-devel
+BuildRequires:  libassuan-devel
 BuildRequires:  libcap-devel
+BuildRequires:  python3-devel
 BuildRequires:  python3-pyparsing
 BuildRequires:  systemd
-BuildRequires:  /usr/bin/python3
 BuildRequires:  /usr/bin/xmlto
 BuildRequires:  /usr/bin/xsltproc
 
-%{?systemd_requires}
-
 Requires:       bubblewrap >= %{bubblewrap_version}
 Requires:       librsvg2%{?_isa}
 Requires:       ostree-libs%{?_isa} >= %{ostree_version}
@@ -118,6 +125,8 @@ This package contains installed tests for %{name}.
 
 %prep
 %autosetup -p1
+# Make sure to use the RHEL-lifetime supported Python and no other
+%py3_shebang_fix scripts/* subprojects/variant-schema-compiler/* tests/*
 
 
 %build
@@ -141,6 +150,11 @@ install -pm 644 NEWS README.md %{buildroot}/%{_pkgdocdir}
 install -d %{buildroot}%{_localstatedir}/lib/flatpak
 install -d %{buildroot}%{_sysconfdir}/flatpak/remotes.d
 rm -f %{buildroot}%{_libdir}/libflatpak.la
+
+%if 0%{?fedora}
+install -D -t %{buildroot}%{_unitdir} %{SOURCE1}
+%endif
+
 %find_lang %{name}
 
 # Work around selinux denials, see
@@ -157,15 +171,28 @@ getent passwd flatpak >/dev/null || \
 exit 0
 
 
+%if 0%{?fedora}
 %post
-# Create an (empty) system-wide repo.
+%systemd_post flatpak-add-fedora-repos.service
-flatpak remote-list --system &> /dev/null || :
+%endif
 
 
 %post selinux
 %selinux_modules_install %{_datadir}/selinux/packages/flatpak.pp.bz2
 
 
+%if 0%{?fedora}
+%preun
+%systemd_preun flatpak-add-fedora-repos.service
+%endif
+
+
+%if 0%{?fedora}
+%postun
+%systemd_postun_with_restart flatpak-add-fedora-repos.service
+%endif
+
+
 %postun selinux
 if [ $1 -eq 0 ]; then
     %selinux_modules_uninstall %{_datadir}/selinux/packages/flatpak.pp.bz2
@@ -208,6 +235,7 @@ fi
 %{_mandir}/man5/flatpak-installation.5*
 %{_mandir}/man5/flatpak-remote.5*
 %{_sysconfdir}/dbus-1/system.d/org.freedesktop.Flatpak.SystemHelper.conf
+%dir %{_sysconfdir}/flatpak
 %{_sysconfdir}/flatpak/remotes.d
 %{_sysconfdir}/profile.d/flatpak.sh
 %{_sysusersdir}/flatpak.conf
@@ -216,6 +244,10 @@ fi
 %{_userunitdir}/flatpak-portal.service
 %{_systemd_user_env_generator_dir}/60-flatpak
 
+%if 0%{?fedora}
+%{_unitdir}/flatpak-add-fedora-repos.service
+%endif
+
 %files devel
 %{_datadir}/gir-1.0/Flatpak-1.0.gir
 %{_datadir}/gtk-doc/
@@ -245,6 +277,22 @@ fi
 
 
 %changelog
+* Tue Apr 30 2024 Kalev Lember <klember@redhat.com> - 1.12.9-1
+- Update to 1.12.9 (CVE-2024-32462)
+
+* Mon Nov 06 2023 Debarshi Ray <rishi@fedoraproject.org> - 1.12.8-1
+- Rebase to 1.12.8 (RHEL-4220)
+
+* Mon Nov 06 2023 Debarshi Ray <rishi@fedoraproject.org> - 1.10.8-3
+- Let flatpak own %%{_sysconfdir}/flatpak (RHEL-15822)
+
+* Mon Sep 04 2023 Miro Hrončok <mhroncok@redhat.com> - 1.10.8-2
+- Make sure to use the RHEL-lifetime supported Python and no other (RHEL-2225)
+
+* Tue Jul 11 2023 Debarshi Ray <rishi@fedoraproject.org> - 1.10.8-1
+- Rebase to 1.10.8 (#2222103)
+- Fix CVE-2023-28100 and CVE-2023-28101 (#2180311)
+
 * Wed Mar 09 2022 Debarshi Ray <rishi@fedoraproject.org> - 1.10.7-1
 - Rebase to 1.10.7 (#2062417)