Compare commits

...

No commits in common. "imports/c8-beta/flatpak-1.10.7-1.el8" and "c8" have entirely different histories.

4 changed files with 85 additions and 9 deletions

View File

@ -1 +1 @@
5f93e0a445a2e0088f114c2e2a192ce7a98faae2 SOURCES/flatpak-1.10.7.tar.xz 41429400eab33868b6c6045fe235e86e1086a056 SOURCES/flatpak-1.12.9.tar.xz

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/flatpak-1.10.7.tar.xz SOURCES/flatpak-1.12.9.tar.xz

View File

@ -0,0 +1,28 @@
From 1c73110795b865246ce3595042dcd2d5e7891359 Mon Sep 17 00:00:00 2001
From: Debarshi Ray <debarshir@gnome.org>
Date: Mon, 6 Nov 2023 20:27:16 +0100
Subject: [PATCH] Revert "selinux: Permit using systemd-userdbd"
This reverts commit 399710ada185c1ee232bc3e6266a71688eb152b7.
---
selinux/flatpak.te | 4 ----
1 file changed, 4 deletions(-)
diff --git a/selinux/flatpak.te b/selinux/flatpak.te
index bb3d80e316eb..4cf895c44abe 100644
--- a/selinux/flatpak.te
+++ b/selinux/flatpak.te
@@ -33,10 +33,6 @@ optional_policy(`
policykit_dbus_chat(flatpak_helper_t)
')
-optional_policy(`
- systemd_userdbd_stream_connect(flatpak_helper_t)
-')
-
optional_policy(`
unconfined_domain(flatpak_helper_t)
')
--
2.41.0

View File

@ -2,7 +2,7 @@
%global ostree_version 2020.8 %global ostree_version 2020.8
Name: flatpak Name: flatpak
Version: 1.10.7 Version: 1.12.9
Release: 1%{?dist} Release: 1%{?dist}
Summary: Application deployment framework for desktop apps Summary: Application deployment framework for desktop apps
@ -10,12 +10,21 @@ License: LGPLv2+
URL: http://flatpak.org/ URL: http://flatpak.org/
Source0: https://github.com/flatpak/flatpak/releases/download/%{version}/%{name}-%{version}.tar.xz Source0: https://github.com/flatpak/flatpak/releases/download/%{version}/%{name}-%{version}.tar.xz
%if 0%{?fedora}
# Add Fedora flatpak repositories
Source1: flatpak-add-fedora-repos.service
%endif
# https://issues.redhat.com/browse/RHEL-4220
Patch0: flatpak-Revert-selinux-Permit-using-systemd-userdbd.patch
BuildRequires: pkgconfig(appstream-glib) BuildRequires: pkgconfig(appstream-glib)
BuildRequires: pkgconfig(dconf) BuildRequires: pkgconfig(dconf)
BuildRequires: pkgconfig(fuse) BuildRequires: pkgconfig(fuse)
BuildRequires: pkgconfig(gdk-pixbuf-2.0) BuildRequires: pkgconfig(gdk-pixbuf-2.0)
BuildRequires: pkgconfig(gio-unix-2.0) BuildRequires: pkgconfig(gio-unix-2.0)
BuildRequires: pkgconfig(gobject-introspection-1.0) >= 1.40.0 BuildRequires: pkgconfig(gobject-introspection-1.0) >= 1.40.0
BuildRequires: pkgconfig(gpgme)
BuildRequires: pkgconfig(json-glib-1.0) BuildRequires: pkgconfig(json-glib-1.0)
BuildRequires: pkgconfig(libarchive) >= 2.8.0 BuildRequires: pkgconfig(libarchive) >= 2.8.0
BuildRequires: pkgconfig(libseccomp) BuildRequires: pkgconfig(libseccomp)
@ -31,16 +40,14 @@ BuildRequires: bubblewrap >= %{bubblewrap_version}
BuildRequires: docbook-dtds BuildRequires: docbook-dtds
BuildRequires: docbook-style-xsl BuildRequires: docbook-style-xsl
BuildRequires: gettext BuildRequires: gettext
BuildRequires: gpgme-devel BuildRequires: libassuan-devel
BuildRequires: libcap-devel BuildRequires: libcap-devel
BuildRequires: python3-devel
BuildRequires: python3-pyparsing BuildRequires: python3-pyparsing
BuildRequires: systemd BuildRequires: systemd
BuildRequires: /usr/bin/python3
BuildRequires: /usr/bin/xmlto BuildRequires: /usr/bin/xmlto
BuildRequires: /usr/bin/xsltproc BuildRequires: /usr/bin/xsltproc
%{?systemd_requires}
Requires: bubblewrap >= %{bubblewrap_version} Requires: bubblewrap >= %{bubblewrap_version}
Requires: librsvg2%{?_isa} Requires: librsvg2%{?_isa}
Requires: ostree-libs%{?_isa} >= %{ostree_version} Requires: ostree-libs%{?_isa} >= %{ostree_version}
@ -118,6 +125,8 @@ This package contains installed tests for %{name}.
%prep %prep
%autosetup -p1 %autosetup -p1
# Make sure to use the RHEL-lifetime supported Python and no other
%py3_shebang_fix scripts/* subprojects/variant-schema-compiler/* tests/*
%build %build
@ -141,6 +150,11 @@ install -pm 644 NEWS README.md %{buildroot}/%{_pkgdocdir}
install -d %{buildroot}%{_localstatedir}/lib/flatpak install -d %{buildroot}%{_localstatedir}/lib/flatpak
install -d %{buildroot}%{_sysconfdir}/flatpak/remotes.d install -d %{buildroot}%{_sysconfdir}/flatpak/remotes.d
rm -f %{buildroot}%{_libdir}/libflatpak.la rm -f %{buildroot}%{_libdir}/libflatpak.la
%if 0%{?fedora}
install -D -t %{buildroot}%{_unitdir} %{SOURCE1}
%endif
%find_lang %{name} %find_lang %{name}
# Work around selinux denials, see # Work around selinux denials, see
@ -157,15 +171,28 @@ getent passwd flatpak >/dev/null || \
exit 0 exit 0
%if 0%{?fedora}
%post %post
# Create an (empty) system-wide repo. %systemd_post flatpak-add-fedora-repos.service
flatpak remote-list --system &> /dev/null || : %endif
%post selinux %post selinux
%selinux_modules_install %{_datadir}/selinux/packages/flatpak.pp.bz2 %selinux_modules_install %{_datadir}/selinux/packages/flatpak.pp.bz2
%if 0%{?fedora}
%preun
%systemd_preun flatpak-add-fedora-repos.service
%endif
%if 0%{?fedora}
%postun
%systemd_postun_with_restart flatpak-add-fedora-repos.service
%endif
%postun selinux %postun selinux
if [ $1 -eq 0 ]; then if [ $1 -eq 0 ]; then
%selinux_modules_uninstall %{_datadir}/selinux/packages/flatpak.pp.bz2 %selinux_modules_uninstall %{_datadir}/selinux/packages/flatpak.pp.bz2
@ -208,6 +235,7 @@ fi
%{_mandir}/man5/flatpak-installation.5* %{_mandir}/man5/flatpak-installation.5*
%{_mandir}/man5/flatpak-remote.5* %{_mandir}/man5/flatpak-remote.5*
%{_sysconfdir}/dbus-1/system.d/org.freedesktop.Flatpak.SystemHelper.conf %{_sysconfdir}/dbus-1/system.d/org.freedesktop.Flatpak.SystemHelper.conf
%dir %{_sysconfdir}/flatpak
%{_sysconfdir}/flatpak/remotes.d %{_sysconfdir}/flatpak/remotes.d
%{_sysconfdir}/profile.d/flatpak.sh %{_sysconfdir}/profile.d/flatpak.sh
%{_sysusersdir}/flatpak.conf %{_sysusersdir}/flatpak.conf
@ -216,6 +244,10 @@ fi
%{_userunitdir}/flatpak-portal.service %{_userunitdir}/flatpak-portal.service
%{_systemd_user_env_generator_dir}/60-flatpak %{_systemd_user_env_generator_dir}/60-flatpak
%if 0%{?fedora}
%{_unitdir}/flatpak-add-fedora-repos.service
%endif
%files devel %files devel
%{_datadir}/gir-1.0/Flatpak-1.0.gir %{_datadir}/gir-1.0/Flatpak-1.0.gir
%{_datadir}/gtk-doc/ %{_datadir}/gtk-doc/
@ -245,6 +277,22 @@ fi
%changelog %changelog
* Tue Apr 30 2024 Kalev Lember <klember@redhat.com> - 1.12.9-1
- Update to 1.12.9 (CVE-2024-32462)
* Mon Nov 06 2023 Debarshi Ray <rishi@fedoraproject.org> - 1.12.8-1
- Rebase to 1.12.8 (RHEL-4220)
* Mon Nov 06 2023 Debarshi Ray <rishi@fedoraproject.org> - 1.10.8-3
- Let flatpak own %%{_sysconfdir}/flatpak (RHEL-15822)
* Mon Sep 04 2023 Miro Hrončok <mhroncok@redhat.com> - 1.10.8-2
- Make sure to use the RHEL-lifetime supported Python and no other (RHEL-2225)
* Tue Jul 11 2023 Debarshi Ray <rishi@fedoraproject.org> - 1.10.8-1
- Rebase to 1.10.8 (#2222103)
- Fix CVE-2023-28100 and CVE-2023-28101 (#2180311)
* Wed Mar 09 2022 Debarshi Ray <rishi@fedoraproject.org> - 1.10.7-1 * Wed Mar 09 2022 Debarshi Ray <rishi@fedoraproject.org> - 1.10.7-1
- Rebase to 1.10.7 (#2062417) - Rebase to 1.10.7 (#2062417)