Git log: commit bf1b5baac1936b21dd4166dc8ac80de13a1ceab1
Author: Simon McVittie <smcv@debian.org>
Date: Wed Apr 17 20:17:53 2024 +0100
Release to experimental
commit 83318c64447c23aa4c334fcc2fba4a25e8fb52c9
Author: Simon McVittie <smcv@debian.org>
Date: Wed Apr 17 20:17:39 2024 +0100
Merge packaging from unstable
commit bf89b80e76e1b0299e8f85f211c489843a6f23bb
Merge: fb91460 825d4d0
Author: Simon McVittie <smcv@debian.org>
Date: Wed Apr 17 20:16:55 2024 +0100
Merge branch 'debian/unstable' into debian/experimental
commit fb914608715b82ab76b809b3f424f7f24a677e98
Author: Simon McVittie <smcv@debian.org>
Date: Wed Apr 17 20:04:22 2024 +0100
d/patches: Drop patch, included in upstream release
commit d785b2e51570594c32b1d5372aca6ddb9502aec4
Author: Simon McVittie <smcv@debian.org>
Date: Wed Apr 17 20:03:52 2024 +0100
Update changelog
commit 60389a65eb6a478d7807328594101e2e27b0d1d7
Merge: 9f26770 6d82c12
Author: Simon McVittie <smcv@debian.org>
Date: Wed Apr 17 20:03:42 2024 +0100
Merge tag 'upstream/1.15.8' into debian/experimental
Upstream version 1.15.8
commit 6d82c1211695b21c5553343d7cf5fa7ab48a95f3
Merge: 21ec22f 925c80f
Author: Simon McVittie <smcv@debian.org>
Date: Wed Apr 17 19:59:51 2024 +0100
New upstream version 1.15.8
commit 825d4d08527cb833626c1f1df3a977ac9e24d8e9
Author: Simon McVittie <smcv@debian.org>
Date: Wed Apr 17 19:34:44 2024 +0100
Release to unstable
commit ebd2c9954ef15b053248ecace64a24884e1854ab
Author: Simon McVittie <smcv@debian.org>
Date: Wed Apr 17 19:34:23 2024 +0100
Update changelog
commit 6cf8f37c87e7adc6d0eab9b5325764b976931887
Merge: c3fa20e b29908d
Author: Simon McVittie <smcv@debian.org>
Date: Wed Apr 17 19:32:57 2024 +0100
Update upstream source from tag 'upstream/1.14.6'
Update to upstream version '1.14.6'
with Debian dir 736a1c868925c6c95666e77b5ddcbd41677f76e8
commit b29908d0a879d11bf43ae881d3455489951a8012
Merge: 00bc1c2 3344a7a
Author: Simon McVittie <smcv@debian.org>
Date: Wed Apr 17 19:32:40 2024 +0100
New upstream version 1.14.6
commit c3fa20ed41655fadf1bb79fec68f78b7b72c8296
Author: Simon McVittie <smcv@debian.org>
Date: Wed Apr 17 19:31:29 2024 +0100
Update changelog
commit 3344a7a72ff2e3e728e31c846fff42bda14429dd
Author: Simon McVittie <smcv@collabora.com>
Date: Wed Apr 17 19:21:02 2024 +0100
Update translation files for 1.14.6
Signed-off-by: Simon McVittie <smcv@collabora.com>
commit 925c80f913d69e7ca424428823e1431c4ffb0deb
Author: Simon McVittie <smcv@collabora.com>
Date: Wed Apr 17 19:08:17 2024 +0100
Update translation files for 1.15.8 release
Signed-off-by: Simon McVittie <smcv@collabora.com>
commit 95168c73fe9ae83130efec3dced55c5c8564e406
Author: Simon McVittie <smcv@collabora.com>
Date: Wed Apr 17 18:28:27 2024 +0100
Prepare v1.14.6
Signed-off-by: Simon McVittie <smcv@collabora.com>
commit 6273c375d284a25f5068e945c3d2bbb975a3b6a5
Author: Simon McVittie <smcv@collabora.com>
Date: Wed Apr 17 18:25:38 2024 +0100
Prepare v1.15.8
Signed-off-by: Simon McVittie <smcv@collabora.com>
commit 4dc55a80c8e541acd70b9b40e927e1d2368abd2e
Author: Simon McVittie <smcv@collabora.com>
Date: Wed Apr 17 18:13:11 2024 +0100
Update NEWS
Signed-off-by: Simon McVittie <smcv@collabora.com>
commit 4fa5156efb384c3ceca61c28c853f392d4fcaa3a
Author: Simon McVittie <smcv@collabora.com>
Date: Tue Apr 16 10:50:00 2024 +0100
test-run: Add a reproducer for CVE-2024-32462
Signed-off-by: Simon McVittie <smcv@collabora.com>
commit b7c1a558e58aaeb1d007d29529bbb270dc4ff11e
Author: Alexander Larsson <alexl@redhat.com>
Date: Mon Apr 15 16:10:36 2024 +0200
When starting non-static command using bwrap use "--"
This ensures that the command is not taken to be a bwrap option.
Resolves: CVE-2024-32462
Resolves: GHSA-phv6-cpc2-2fgj
Signed-off-by: Alexander Larsson <alexl@redhat.com>
[smcv: Fix DISABLE_SANDBOXED_TRIGGERS code path]
[smcv: Make flatpak_run_maybe_start_dbus_proxy() more obviously correct]
Signed-off-by: Simon McVittie <smcv@collabora.com>
commit 4e54394cd2a221aa4b5214692f0000e0b668c4dd
Author: Simon McVittie <smcv@collabora.com>
Date: Wed Apr 17 18:10:22 2024 +0100
Update NEWS
Signed-off-by: Simon McVittie <smcv@collabora.com>
commit 84984e494899a9796e0fd63642b1ff0e6a8e64e1
Author: Simon McVittie <smcv@collabora.com>
Date: Tue Apr 16 10:50:00 2024 +0100
test-run: Add a reproducer for CVE-2024-32462
Signed-off-by: Simon McVittie <smcv@collabora.com>
commit c777f818b9838fe234f390dcddd0d0d24d81610f
Author: Simon McVittie <smcv@collabora.com>
Date: Tue Apr 16 11:21:15 2024 +0100
validate-icon: For completeness, always add "--" to bwrap arguments
This particular bwrap invocation cannot cause a sandbox escape because
the command to run is hard-coded, but it's more clearly correct if we
pass "--" to every bwrap invocation.
Signed-off-by: Simon McVittie <smcv@collabora.com>
commit c95214b62b5b57fdbad3ed4f129657e8380e9df5
Author: Simon McVittie <smcv@collabora.com>
Date: Tue Apr 16 11:12:50 2024 +0100
flatpak-dir: For completeness, always add "--" to bwrap arguments
This particular bwrap invocation cannot cause a sandbox escape because
the command to run is hard-coded, but it's more clearly correct if we
pass "--" to every bwrap invocation.
Signed-off-by: Simon McVittie <smcv@collabora.com>
commit bbab7ed1e672356d1a78b422462b210e8e875931
Author: Alexander Larsson <alexl@redhat.com>
Date: Mon Apr 15 16:10:36 2024 +0200
When starting non-static command using bwrap use "--"
This ensures that the command is not taken to be a bwrap option.
Resolves: CVE-2024-32462
Resolves: GHSA-phv6-cpc2-2fgj
Signed-off-by: Alexander Larsson <alexl@redhat.com>
[smcv: Fix DISABLE_SANDBOXED_TRIGGERS code path]
[smcv: Make flatpak_run_maybe_start_dbus_proxy() more obviously correct]
Signed-off-by: Simon McVittie <smcv@collabora.com>
commit f16e064fd9454fb8f754b769ad1ffce0e42b51db
Author: Simon McVittie <smcv@collabora.com>
Date: Wed Mar 27 15:34:50 2024 +0000
tests: Make sure FUSERMOUNT gets set for "as-installed" tests
Otherwise, tests for OCI and the update portal fail with:
/usr/libexec/installed-tests/Flatpak/libtest.sh: line 611: FUSERMOUNT: unbound variable
Fixes: 2cb17b4e "Do not hard-code fusermount, add option or auto-detect instead"
Signed-off-by: Simon McVittie <smcv@collabora.com>
commit 1f770f3d92eea69cb9425f7a9857771b9c399566
Author: Virtuti Militari <angrypenguinpoland@gmail.com>
Date: Sun Mar 31 19:24:09 2024 +0200
Fix export dynamic linker option
As of LLVM/Clang 18 and LLD18 linker with the -export-dynamic option compilation ends with an error:
cc: error: unknown argument: '-export-dynamic'
For GCC and the default compiler this is not a problem. The problem occurs in Clang/LLD 18.
Fix tested on Mandriva via https://github.com/OpenMandrivaAssociation/flatpak/commit/39f1c03e915ea20bb58ef9e8838823488f6a1e08
commit 9c059ebdd2812b57b74093b6ff6aba80a31f0548
Author: Sabri Ünal <yakushabb@gmail.com>
Date: Mon Apr 1 16:11:20 2024 +0300
Update Turkish translation
Use Kapı translation for Portal strings.
commit f94370e10ca6727f768301990fb35d50563c1fc4
Author: Rafael Fontenelle <rffontenelle@users.noreply.github.com>
Date: Wed Apr 3 13:30:18 2024 -0300
Update Brazilian Portuguese translation
commit 0450c16fdb74038480c028d3dcc8f31e8fe7816d
Author: Sebastian Wick <sebastian.wick@redhat.com>
Date: Thu Apr 4 19:19:38 2024 +0200
cli-transaction: Do not double free transaction ops
The transaction ops are a g_autolist(FlatpakTransactionOperation) which
means the list gets freed automatically. Calling g_list_free_full
without clearing the variable to NULL results in a double-free.
Closes: https://github.com/flatpak/flatpak/issues/5763
Fixes: 6e3cc82a ("Fix memory leaks")
Signed-off-by: Sebastian Wick <sebastian.wick@redhat.com>
commit 2a9a668fe8ddd77f6324b730678da0b6d14f2d1e
Author: Simon McVittie <smcv@collabora.com>
Date: Fri Mar 15 18:26:04 2024 +0000
Update NEWS
Signed-off-by: Simon McVittie <smcv@collabora.com>
commit bcf0480e9423b07e4a043b1398559f9446c68abb
Author: Chris Williams <chrisawign@gmail.com>
Date: Wed Feb 21 17:12:52 2024 -0500
tests: Check appdata name parsing via flatpak info
Add a basic test for the extraction of appdata name and summary values
that are displayed in the flatpak UI. Also use the new developer name
syntax in the test app. This tests the fix made in previous commit.
commit 2cba9e3db316d7ea4deac2f55704978d5dcdcdc8
Author: Chris Williams <chrisawign@gmail.com>
Date: Wed Feb 21 13:24:26 2024 -0500
appdata: exclude <name> element inside <developer>
<developer_name> has been deprecated in favor of <developer> with a
<name> child. We need to ensure that this developer name isn't parsed
as the application name.
Fixes: #5700
commit 48390284f0af888d981f155ce922d441f0daf957
Author: Simon McVittie <smcv@debian.org>
Date: Fri Feb 23 12:22:27 2024 +0000
d/control: Drop alternative dependencies on transitional policykit-1
polkitd was released in Debian 12 and Ubuntu 22.04.
commit 87216b31387c17d4d246b7136d648de429232b34
Author: Simon McVittie <smcv@debian.org>
Date: Fri Dec 8 12:26:24 2023 +0000
Release to unstable
commit 504db1237a2d46f91c84ef47dbea28de4dd9ba3e
Author: Simon McVittie <smcv@debian.org>
Date: Fri Dec 8 12:26:20 2023 +0000
Update changelog
commit 0cc5c65c6f71855142a55b2827a9ef5ff6a576fe
Author: Simon McVittie <smcv@debian.org>
Date: Tue Nov 14 17:34:07 2023 +0000
d/flatpak.install: Install new tmpfiles.d snippet
commit 9987affae15d3a3231266ecb8cbc7379595f3852
Author: Simon McVittie <smcv@debian.org>
Date: Fri Dec 8 12:23:40 2023 +0000
Drop patches cherry-picked in 1.14.4-2, applied upstream
commit 40fa065a3c7f484faffd43792ab2658cf8a6cf78
Author: Simon McVittie <smcv@debian.org>
Date: Fri Dec 8 12:23:01 2023 +0000
New upstream stable release
commit af012146cdf472f7bdee2ed86d2eb711f0b42cb7
Merge: 3222e15 00bc1c2
Author: Simon McVittie <smcv@debian.org>
Date: Fri Dec 8 12:22:38 2023 +0000
Update upstream source from tag 'upstream/1.14.5'
Update to upstream version '1.14.5'
with Debian dir a37e0d6f53b0dc653397978850765771b5b7f6c7
commit 00bc1c231af97155c8265ac6e93c1edb5e02bf96
Merge: 7e4a25f 17455f9
Author: Simon McVittie <smcv@debian.org>
Date: Fri Dec 8 12:22:27 2023 +0000
New upstream version 1.14.5
commit 3222e153de0f4f76442b1d6d9b5639448f64a4ad
Author: Simon McVittie <smcv@debian.org>
Date: Fri Dec 8 12:21:18 2023 +0000
Update changelog
commit d9180236d556668414dc2d07d1523c2c5620647b
Author: Simon McVittie <smcv@debian.org>
Date: Tue Oct 17 10:44:33 2023 +0100
Install systemd system unit into /usr/lib/systemd/system
This was allowed by TC resolution #1053901.
Build-depend on debhelper 13.11.6~ to ensure that the unit is still
picked up by dh_installsystemd.
commit dc0a71fa8e8fc8f237340675a7c18ecab09f394a
Author: Simon McVittie <smcv@debian.org>
Date: Tue Nov 14 15:40:33 2023 +0000
d/control: Build-depend on required GIR XML files
Helps: #1030223
commit 3dd0c7cd919326a91852f647c781686cc4c1eeef
Author: Simon McVittie <smcv@debian.org>
Date: Tue Nov 14 15:40:53 2023 +0000
d/control: Add ${gir:Depends}, ${gir:Provides} to -dev package
Helps: #1030223
commit 17455f97fc93bdd0a5a42a79a74fac5cdc1ba316
Author: Simon McVittie <smcv@collabora.com>
Date: Fri Dec 8 12:16:10 2023 +0000
Automated update of translation files for 1.14.5
Signed-off-by: Simon McVittie <smcv@collabora.com>
commit c68219cd717e8caaef18b2bd23225388167c7562
Author: Simon McVittie <smcv@collabora.com>
Date: Fri Dec 8 12:15:18 2023 +0000
Prepare v1.14.5
Signed-off-by: Simon McVittie <smcv@collabora.com>
commit bfa9d0fff892fbc8d6daf6b82454ac202f776d26
Author: Simon McVittie <smcv@collabora.com>
Date: Tue Nov 14 21:36:56 2023 +0000
Update NEWS
Signed-off-by: Simon McVittie <smcv@collabora.com>
commit 4870e6ad03964d6b059443af99922d1b671f4ce4
Author: Simon McVittie <smcv@collabora.com>
Date: Thu Nov 2 11:19:37 2023 +0000
portal, session-helper: Save original environment and use it for child
Otherwise, the child process will inherit GIO_USE_VFS=local, breaking
its ability to use GVfs and other GIO plugin interfaces.
Resolves: https://github.com/flatpak/flatpak/issues/5567
Signed-off-by: Simon McVittie <smcv@collabora.com>
(cherry picked from commit 6e7eb1e19a333d57b03605be3573f4e8bfd3a4cb)
commit 3ac2d5278ed7613e718d940048f00877c269af12
Author: Alberto Garcia <berto@igalia.com>
Date: Wed Nov 8 19:11:19 2023 +0100
data: Remove all /var/tmp/flatpak-cache-* directories on boot
No one is clearing those directories so they pile up and can take a
significant amount of disk space.
Resolves: https://github.com/flatpak/flatpak/issues/1119
Signed-off-by: Alberto Garcia <berto@igalia.com>
(cherry picked from commit 14d735bfdaf211d13b7f0b4b9f203b847a581f39)
commit 135261338056cf855f0f37f5b6d036ba95d40b0d
Author: bbhtt <bbhtt.zn0i8@slmail.me>
Date: Tue Nov 7 18:52:01 2023 +0530
Make flatpak-metadata sections linkable
(cherry picked from commit ec3989def68c5e6a842fe61abf35fee69b616c1d)
commit 53a471782872327be3a11b076c335f36c172328c
Author: bbhtt <bbhtt.zn0i8@slmail.me>
Date: Tue Nov 7 08:28:30 2023 +0530
Clarify that an app can own its app-id as subname of MPRIS bus
(cherry picked from commit c8e7b8df5c5a779655d11b0745763e5afb375341)
commit acec767157557f7291b7e62d4927558e3c809fba
Author: Matthias Klumpp <matthias@tenstral.net>
Date: Sun Oct 8 20:55:12 2023 +0200
Adjust to AppStream 1.0 API changes
(cherry picked from commit c0c466f269d96b27b5b477a67f903a6229b2df93)
commit 8607ee7ad0b3520bbd129159b4dd442997f35e98
Author: Steveice10 <1269164+Steveice10@users.noreply.github.com>
Date: Fri Oct 6 19:32:56 2023 -0700
flatpak-run: Unset VK_DRIVER_FILES and VK_ICD_FILENAMES
These environment variables inform the Vulkan loader on where to find driver files.
Since they typically point to locations on the host filesystem, any application that
attempts to load Vulkan within the flatpak sandbox would break with these set.
(cherry picked from commit b8d8d80c611c4e50946ca0e31332843b496ed57e)
commit 595b4f1f4cbfe9bc8c611a6fd150267387dfa1ca
Author: Georges Basile Stavracas Neto <georges.stavracas@gmail.com>
Date: Tue Oct 3 15:26:26 2023 -0300
tests: Check if program exists before using it
The tests/make-test-runtime.sh scripts sets '-e' in lieu of
implementing useful error checking, but doesn't actually check
if the programs it uses exist in the first place; and aborts
silently when they're not available.
It is more useful to warn about them, and stop execution earlier.
This leaves some leftover files, but arguably that's better than
leaving leftover files AND people scratching their heads.
Warn about missing required programs.
Related: https://github.com/flatpak/flatpak/issues/5020
(cherry picked from commit 6a57fa42e4da08e71f02156115d441cd6e244156)
commit 6fc12bfaa73261a0742da87ed42108c12407ffea
Author: Timo Eisenmann <141955678+eit47@users.noreply.github.com>
Date: Sun Sep 17 18:10:04 2023 +0200
remote-info: Fix call to flatpak_dir_load_appstream_store()
Use architecture instead of id in call to
flatpak_dir_load_appstream_store ().
Without this, remote-info does not show AppStream metadata.
Fixes: adb3b61f "decomposed: Return FlatpakDecomposed from flatpak_dir_find_remote_ref()"
(cherry picked from commit 02bef871c046fc7377b8357b47e79d3257036c4e)
commit 64da41f2b5963d5271fc449c8b6118089b2e4c03
Author: Philip Withnall <pwithnall@endlessos.org>
Date: Wed Sep 13 15:38:25 2023 +0100
utils-http: Add transfer speed timeout for libcurl HTTP downloads
There was already a timeout set using `CURLOPT_CONNECTTIMEOUT`, but that
only affects the initial connection. Once a HTTP connection is
established, the timeout is ineffective.
That means that once a HTTP connection is established, there is no bound
on the length of time a download can take. Sometimes, downloads drop to
very low speeds (for Networking Reasons) and we need a way to give up on
a download if that happens.
So, set a low speed limit of 10KB/s for 60s. If a curl download goes
more slowly than this, it will be considered timed out, and the
`CURLE_OPERATION_TIMEDOUT` code path will be taken.
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Fixes: https://github.com/flatpak/flatpak/issues/5519
(cherry picked from commit d6b10c26efd583805ec7085c040a52d0884c305b)
commit 419e784e5ef86519270e513617f3c675f04634c9
Author: Simon McVittie <smcv@collabora.com>
Date: Mon Jul 10 18:44:49 2023 +0100
app: Use AS_FORMAT_STYLE_CATALOG if available
AS_FORMAT_STYLE_COLLECTION is a deprecated alias for ..._CATALOG, and
was removed entirely in appstream git main (presumably version 0.17
or 1.0).
Resolves: https://github.com/flatpak/flatpak/issues/5472
Signed-off-by: Simon McVittie <smcv@collabora.com>
(cherry picked from commit 7a55b7c49f567bad371ecb18d2ef1833f337065a)
commit 8434abaedf12f7586622baa70e34c893a9ba0f13
Author: Simon McVittie <smcv@collabora.com>
Date: Mon Jul 10 18:43:23 2023 +0100
app: Provide a stub implementation of AS_CHECK_VERSION if needed
Our only code that is conditional on the libappstream version wants
version 0.14.0, which conveniently is exactly the version that
introduced AS_CHECK_VERSION.
Signed-off-by: Simon McVittie <smcv@collabora.com>
(cherry picked from commit 556984e1c142e5c65f047ad7af9c7a11c34c8419)
commit b6e376f6d10c7a414010c3b97dc5e78591108efa
Author: Dan Nicholson <dbn@endlessos.org>
Date: Tue Jun 27 14:49:51 2023 -0600
revokefs: Always bypass page cache for backend requests
By default, FUSE runs in cached I/O mode[1]. That means some I/O
responses will be taken from the page cache instead of being handled by
the FUSE process. For files opened for reading that's not a problem as
all the requests are just passed through.
However, that is problematic for files opened for writing since those
requests need to be handled by the backend. It's particularly bad for a
file opened `O_RDWR` since `read` responses from the page cache are
likely to be wrong. Instruct FUSE to use `direct-io` for those files so
that the page cache is bypassed.
1. https://docs.kernel.org/filesystems/fuse-io.html
Fixes: #5452
(cherry picked from commit c4738f80059b4eacd3befc5b46be829ef84d2038)
commit 99e44c10d90009c040ae0a3d0de685d9321c8518
Author: K.B.Dharun Krishna <kbdharunkrishna@gmail.com>
Date: Fri Apr 7 18:28:48 2023 +0530
check.yml: bump Ubuntu runner for valgrind
(cherry picked from commit 1cbff35386f4e6584646199a26fdfe82e72d732b)
commit ebd15e962e26d7b35a847849bb4edfe080d58b54
Author: K.B.Dharun Krishna <kbdharunkrishna@gmail.com>
Date: Fri Apr 7 18:16:56 2023 +0530
check.yml: bump actions/upload-artifacts to v3
(cherry picked from commit a98854b1a0c68ffdc21374b5a75583805aad3d5b)
commit 9c1938f68fe906a7e923f7aa39998ce6f6d8f92e
Author: K.B.Dharun Krishna <kbdharunkrishna@gmail.com>
Date: Fri Apr 7 18:14:52 2023 +0530
check.yml: remove glib260 ppa
The required package is present in Ubuntu repos https://packages.ubuntu.com/focal/libglib2.0-dev
(cherry picked from commit cb655ab336bced50a0ef1d14b935a7d5b6f1823b)
commit 7c9bbb62e672d596c55e6d583790d8476f7d25a2
Author: K.B.Dharun Krishna <kbdharunkrishna@gmail.com>
Date: Fri Apr 7 17:55:39 2023 +0530
block-autosquash-commits.yml: bump block-autosquash-commits-action version to 2.2.0
(cherry picked from commit dad39f61b5db15a0b44c94c277de04288b0f1a9b)
commit d65cf36543b7cb3e47921104b1b7d8be790e6acc
Author: K.B.Dharun Krishna <kbdharunkrishna@gmail.com>
Date: Fri Apr 7 17:54:07 2023 +0530
check.yml: bump actions/checkout version and replace deprecated 18.04 runner with 20.04
(cherry picked from commit 97768cea841350bc22285f864eb0f27d4cb877e9)
commit 38f1409b40c2264ae1e36d809f55a719791df3ed
Author: Simon McVittie <smcv@collabora.com>
Date: Thu Mar 23 11:26:12 2023 +0000
testlibrary: Initialize autofree variable to silence a compiler warning
As with commit 43085c0e "dir: Consistently initialize g_autofree
variables", this is currently harmless because we never actually
early-return or goto out of the region between declaration and
initialization, but some compiler versions log a warning here anyway.
Signed-off-by: Simon McVittie <smcv@collabora.com>
(cherry picked from commit cffc3aed5b9034e9b74ae60daba452ceb97ac9cc)
commit 9de6856f7ef6de4a8fcfa8e11cccf4d4414c0cd1
Author: Simon McVittie <smcv@collabora.com>
Date: Mon Mar 20 11:20:10 2023 +0000
run: Make it clearer that rest_argv_start is not used uninitialized
rest_argv_start is initialized whenever rest_argc != 0, so the previous
code was in fact safe; but this wasn't obvious to either a human reader
or the compiler, and some gcc versions warn here.
Signed-off-by: Simon McVittie <smcv@collabora.com>
(cherry picked from commit 0e3e646839bbf5c03d8c190edc68affc279556d0)
commit b7a18d8f98d85ede57f93656e63909214da6c571
Author: Simon McVittie <smcv@collabora.com>
Date: Mon Mar 20 11:18:43 2023 +0000
dir: Consistently initialize g_autofree variables
All g_autofree and g_autoptr variables should be initialized, either
with a value or NULL, and some gcc versions warn if they are not.
This particular instance was harmless, because we initialized regexp
to either NULL or a valid non-NULL value as the first statement of the
function, so there was no way to return before regexp was initialized;
but if we introduced an early-return such as a g_return_val_if_fail
before the current first statement, then that early return would have
caused uninitialized stack contents to be freed, likely resulting in a
crash.
Signed-off-by: Simon McVittie <smcv@collabora.com>
(cherry picked from commit 43085c0e2a3ccfe9e3735b034a5d6a9fc6f5c7b4)
commit 2fc0fa33063805edb93f8e5221959229a9178ff1
Author: Philip Withnall <pwithnall@endlessos.org>
Date: Wed Mar 1 19:33:08 2023 +0000
dir: Fix a minor leak of an OSTree checksum
The checksum here can leak if `flatpak_dir_remote_load_cached_summary()`
returns false at least once.
Spotted by asan while running gnome-software:
```
Direct leak of 2925 byte(s) in 45 object(s) allocated from:
#0 0x7f44774ba6af in __interceptor_malloc (/lib64/libasan.so.8+0xba6af)
#1 0x7f44764c941a in g_malloc ../../source/glib/glib/gmem.c:130
#2 0x7f445bc860e7 in ostree_checksum_from_bytes src/libostree/ostree-core.c:1599
#3 0x7f445bdbea82 in flatpak_dir_remote_fetch_indexed_summary /opt/gnome/source/flatpak/common/flatpak-dir.c:12563
#4 0x7f445bd9932e in flatpak_remote_state_ensure_subsummary /opt/gnome/source/flatpak/common/flatpak-dir.c:577
#5 0x7f445bdbfd42 in _flatpak_dir_get_remote_state /opt/gnome/source/flatpak/common/flatpak-dir.c:12872
#6 0x7f445bdc006c in flatpak_dir_get_remote_state_optional /opt/gnome/source/flatpak/common/flatpak-dir.c:12953
#7 0x7f445be07886 in flatpak_transaction_ensure_remote_state /opt/gnome/source/flatpak/common/flatpak-transaction.c:2057
#8 0x7f445be095c7 in flatpak_transaction_add_ref /opt/gnome/source/flatpak/common/flatpak-transaction.c:2732
#9 0x7f445be09c37 in flatpak_transaction_add_update /opt/gnome/source/flatpak/common/flatpak-transaction.c:2940
#10 0x7f445bdd202c in flatpak_installation_list_installed_refs_for_update /opt/gnome/source/flatpak/common/flatpak-installation.c:1103
#11 0x7f445bf07824 in gs_flatpak_add_updates ../../source/gnome-software/plugins/flatpak/gs-flatpak.c:2082
#12 0x7f445bf2e2b9 in gs_plugin_add_updates ../../source/gnome-software/plugins/flatpak/gs-plugin-flatpak.c:484
#13 0x7f44770533b2 in gs_plugin_loader_call_vfunc ../../source/gnome-software/lib/gs-plugin-loader.c:620
#14 0x7f447705430f in gs_plugin_loader_run_results ../../source/gnome-software/lib/gs-plugin-loader.c:748
#15 0x7f447706cb03 in gs_plugin_loader_process_thread_cb ../../source/gnome-software/lib/gs-plugin-loader.c:3110
#16 0x7f44769967ed in g_task_thread_pool_thread ../../source/glib/gio/gtask.c:1531
#17 0x7f447650e760 in g_thread_pool_thread_proxy ../../source/glib/glib/gthreadpool.c:350
#18 0x7f447650dd02 in g_thread_proxy ../../source/glib/glib/gthread.c:831
```
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
(cherry picked from commit ce4bb3d1531e99740806512449801d23a4d1d8a9)
commit 9a28eafcc40a60bc9f5ace2edf947d6d2d109226
Author: Simon McVittie <smcv@collabora.com>
Date: Fri Mar 17 11:55:56 2023 +0000
tests: Call g_test_init() before isolated_test_dir_global_setup()
g_test_init() is meant to be called before any other use of GTest APIs,
and isolated_test_dir_global_setup() can call g_test_message(). GLib
2.76 makes this more of a practical problem.
(isolated_test_dir_global_setup() is essentially a reimplementation of
G_TEST_OPTION_ISOLATE_DIRS, since we don't depend on GLib 2.60.)
Alternative to https://github.com/flatpak/flatpak/pull/5355.
Signed-off-by: Simon McVittie <smcv@collabora.com>
(cherry picked from commit a058d9617fabcc17346db2d25bcb1c2b589c3bc2)
commit 1423f0e9bf9232ba36fadb4975b18c48b3fe4c40
Author: Simon McVittie <smcv@collabora.com>
Date: Wed Mar 15 12:45:55 2023 +0000
security policy: Downgrade 1.12.x, 1.10.x to "supported if feasible"
We have too many branches and too few maintainers to be able to treat
old-stable branches as fully supported.
Helps: #5352
Signed-off-by: Simon McVittie <smcv@collabora.com>
(cherry picked from commit 319832190f44e16d4b9315b59cc8aa0b1c73f0e5)
commit 0dea86b0d6ab40bebe2495d4314855188ab75bac
Author: Jan Alexander Steffens (heftig) <jan.steffens@gmail.com>
Date: Fri Mar 17 01:58:24 2023 +0100
Set size of file info for symlinks to 0
`ostree_raw_file_to_content_stream` will try to read it, causing a
critical warning with GLib 2.76 causing tests to fail.
(cherry picked from commit c9cbdf5179ee964bd2b26bc10527d160356f50b1)
commit 8bf5213ab1919bd29e4315b215e0f1b0a566c368
Author: Simon McVittie <smcv@debian.org>
Date: Tue Oct 17 10:43:01 2023 +0100
d/control: (Build-)depend on pkgconf in preference to pkg-config
commit 237da8e2abe1752478131ef1650f07b17451e36b
Author: Simon McVittie <smcv@debian.org>
Date: Wed Jul 26 12:07:09 2023 +0100
d/test.sh: Disable http proxy if used, to ensure we can reach localhost
Some reproducible.org builders set http_proxy, which makes attempts
to access our temporary http server on localhost fail with a 503 error.
commit 71bc7481a27fad5eb9b26e2406fa1f3351de6d63
Author: Jeremy Bicha <jeremy.bicha@canonical.com>
Date: Tue Jul 18 17:05:57 2023 -0400
releasing package flatpak version 1.14.4-2
commit c1043afc9a803983d542373be0e4fde3bc6d8210
Author: Jeremy Bicha <jeremy.bicha@canonical.com>
Date: Sat Mar 18 19:36:25 2023 -0400
Cherry-pick 2 patches for compatibility with glib 2.76.0
commit 7cf9c87fabb3e78049c0c0ce6b4257835051a4a4
Author: Simon McVittie <smcv@debian.org>
Date: Sat Mar 18 15:32:54 2023 +0000
Mention #1033098, #1033099 in previous changelog entry