flatpak: update 1.15.9 -> 1.15.10

Dependencies: In distributions that compile Flatpak to use a separate bubblewrap (bwrap) executable, version 0.10.0 is required. This version adds a new feature which is required by the security fix in this release. Security fixes: Don't follow symbolic links when mounting persistent directories (--persist option). This prevents a sandbox escape where a malicious or compromised app could edit the symlink to point to a directory that the app should not have been allowed to read or write. (CVE-2024-42472, GHSA-7hgv-f2j8-xw87) Documentation: Mark the 1.12.x and 1.10.x branches as end-of-life (#5352) Other bug fixes: Fix several memory leaks (#5883, #5884) Internal changes: Record a log file when running build-time tests with AddressSanitizer (#5884) Add initial suppressions file for AddressSanitizer (#5884) Signed-off-by: Markus Volk <f_l_k@t-online.de> Signed-off-by: Khem Raj <raj.khem@gmail.com>
author: Markus Volk <f_l_k@t-online.de> 2024-08-21 10:35:25 +0200
committer: Khem Raj <raj.khem@gmail.com> 2024-08-21 08:45:47 -0700
commit: 0edc4266acdd5d06e89c6f2491f511877910b455 (patch)
tree: a9b6ec27fd985d915527214dec244f2cab301642 /meta-oe/recipes-extended/flatpak/flatpak_1.15.10.bb
parent: 8d0b921fb6ec8e46bd1fc5c5f1f3fcb63a313915 (diff)
download: meta-openembedded-0edc4266acdd5d06e89c6f2491f511877910b455.tar.gz
1 files changed, 87 insertions, 0 deletions
diff --git a/meta-oe/recipes-extended/flatpak/flatpak_1.15.10.bb b/meta-oe/recipes-extended/flatpak/flatpak_1.15.10.bb
new file mode 100644
index 0000000000..cf512c7cc6
--- /dev/null
+++ b/meta-oe/recipes-extended/flatpak/flatpak_1.15.10.bb
@@ -0,0 +1,87 @@
+DESCRIPTION = "Desktop containment framework."
+HOMEPAGE = "http://flatpak.org"
+LICENSE = "LGPL-2.1-only"
+LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c"
+SRC_URI = " \
+    git://github.com/flatpak/flatpak;protocol=https;branch=main \
+    file://0001-flatpak-pc-add-pc_sysrootdir.patch \
+"
+SRCREV = "8b4f523c4f8287d57f1a84a3a8216efe200c5fbf"
+S = "${WORKDIR}/git"
+inherit meson pkgconfig gettext systemd gtk-doc gobject-introspection python3native useradd mime features_check
+REQUIRED_DISTRO_FEATURES = "polkit"
+DEPENDS = " \
+    appstream \
+    bison-native \
+    bubblewrap-native \
+    fuse3 \
+    gdk-pixbuf \
+    glib-2.0 \
+    gpgme \
+    json-glib \
+    libarchive \
+    libcap \
+    libxml2 \
+    ostree \
+    polkit \
+    python3-pyparsing-native \
+    xdg-dbus-proxy-native \
+    zstd \
+"
+RDEPENDS:${PN} = " \
+    ca-certificates \
+    flatpak-xdg-utils \
+    fuse3-utils \
+    bubblewrap \
+    xdg-dbus-proxy \
+"
+GIR_MESON_OPTION = "gir"
+GIR_MESON_ENABLE_FLAG = 'enabled'
+GIR_MESON_DISABLE_FLAG = 'disabled'
+GTKDOC_MESON_OPTION = 'gtkdoc'
+GTKDOC_MESON_ENABLE_FLAG = 'enabled'
+GTKDOC_MESON_DISABLE_FLAG = 'disabled'
+PACKAGECONFIG[curl] = "-Dhttp_backend=curl,,curl"
+PACKAGECONFIG[dconf] = "-Ddconf=enabled,-Ddconf=disabled,dconf"
+PACKAGECONFIG[docbook_docs] = "-Ddocbook_docs=enabled,-Ddocbook_docs=disabled,xmlto-native"
+PACKAGECONFIG[man] = "-Dman=enabled,-Dman=disabled,libxslt-native"
+PACKAGECONFIG[soup] = "-Dhttp_backend=soup,,libsoup-2.4"
+PACKAGECONFIG[tests] = "-Dtests=true,-Dtests=false,xauth socat-native"
+PACKAGECONFIG[xauth] = "-Dxauth=enabled,-Dxauth=disabled,xauth"
+PACKAGECONFIG[seccomp] = "-Dseccomp=enabled,-Dseccomp=disabled,libseccomp"
+PACKAGECONFIG[malcontent] = "-Dmalcontent=enabled,-Dmalcontent=disabled,malcontent"
+PACKAGECONFIG[selinux] = "-Dselinux_module=enabled,-Dselinux_module=disabled,libselinux"
+PACKAGECONFIG[wayland-security-context] = "-Dwayland_security_context=enabled,-Dwayland_security_context=disabled,wayland wayland-native wayland-protocols"
+PACKAGECONFIG ?= " \
+    curl \
+    ${@bb.utils.contains('DISTRO_FEATURES', 'x11', 'xauth', '', d)} \
+    ${@bb.utils.contains('DISTRO_FEATURES', 'seccomp', 'seccomp', '', d)} \
+    ${@bb.utils.contains('DISTRO_FEATURES', 'wayland', 'wayland-security-context', '', d)} \
+"
+EXTRA_OEMESON = " \
+    -Dsystem_fusermount=fusermount3 \
+    -Dsystem_bubblewrap=bwrap \
+    -Dsystem_dbus_proxy=xdg-dbus-proxy \
+"
+FILES:${PN} += "${libdir} ${datadir}"
+USERADD_PACKAGES = "${PN}"
+USERADD_PARAM:${PN} = "--system --no-create-home --user-group --home-dir ${sysconfdir}/polkit-1 polkitd"
+do_install:append() {
+    chmod 0700 ${D}/${datadir}/polkit-1/rules.d
+    chown polkitd ${D}/${datadir}/polkit-1/rules.d
+    chgrp root ${D}/${datadir}/polkit-1/rules.d
+}
author	Markus Volk <f_l_k@t-online.de>	2024-08-21 10:35:25 +0200
committer	Khem Raj <raj.khem@gmail.com>	2024-08-21 08:45:47 -0700
commit	0edc4266acdd5d06e89c6f2491f511877910b455 (patch)
tree	a9b6ec27fd985d915527214dec244f2cab301642 /meta-oe/recipes-extended/flatpak/flatpak_1.15.10.bb
parent	8d0b921fb6ec8e46bd1fc5c5f1f3fcb63a313915 (diff)
download	meta-openembedded-0edc4266acdd5d06e89c6f2491f511877910b455.tar.gz

diff --git a/meta-oe/recipes-extended/flatpak/flatpak_1.15.10.bb b/meta-oe/recipes-extended/flatpak/flatpak_1.15.10.bb new file mode 100644 index 0000000000..cf512c7cc6 --- /dev/null +++ b/meta-oe/recipes-extended/flatpak/flatpak_1.15.10.bb
@@ -0,0 +1,87 @@
	1	DESCRIPTION = "Desktop containment framework."
	2	HOMEPAGE = "http://flatpak.org"
	3	LICENSE = "LGPL-2.1-only"
	4	LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c"
	5
	6	SRC_URI = " \
	7	git://github.com/flatpak/flatpak;protocol=https;branch=main \
	8	file://0001-flatpak-pc-add-pc_sysrootdir.patch \
	9	"
	10
	11	SRCREV = "8b4f523c4f8287d57f1a84a3a8216efe200c5fbf"
	12
	13	S = "${WORKDIR}/git"
	14
	15	inherit meson pkgconfig gettext systemd gtk-doc gobject-introspection python3native useradd mime features_check
	16
	17	REQUIRED_DISTRO_FEATURES = "polkit"
	18
	19	DEPENDS = " \
	20	appstream \
	21	bison-native \
	22	bubblewrap-native \
	23	fuse3 \
	24	gdk-pixbuf \
	25	glib-2.0 \
	26	gpgme \
	27	json-glib \
	28	libarchive \
	29	libcap \
	30	libxml2 \
	31	ostree \
	32	polkit \
	33	python3-pyparsing-native \
	34	xdg-dbus-proxy-native \
	35	zstd \
	36	"
	37
	38	RDEPENDS:${PN} = " \
	39	ca-certificates \
	40	flatpak-xdg-utils \
	41	fuse3-utils \
	42	bubblewrap \
	43	xdg-dbus-proxy \
	44	"
	45
	46	GIR_MESON_OPTION = "gir"
	47	GIR_MESON_ENABLE_FLAG = 'enabled'
	48	GIR_MESON_DISABLE_FLAG = 'disabled'
	49	GTKDOC_MESON_OPTION = 'gtkdoc'
	50	GTKDOC_MESON_ENABLE_FLAG = 'enabled'
	51	GTKDOC_MESON_DISABLE_FLAG = 'disabled'
	52
	53	PACKAGECONFIG[curl] = "-Dhttp_backend=curl,,curl"
	54	PACKAGECONFIG[dconf] = "-Ddconf=enabled,-Ddconf=disabled,dconf"
	55	PACKAGECONFIG[docbook_docs] = "-Ddocbook_docs=enabled,-Ddocbook_docs=disabled,xmlto-native"
	56	PACKAGECONFIG[man] = "-Dman=enabled,-Dman=disabled,libxslt-native"
	57	PACKAGECONFIG[soup] = "-Dhttp_backend=soup,,libsoup-2.4"
	58	PACKAGECONFIG[tests] = "-Dtests=true,-Dtests=false,xauth socat-native"
	59	PACKAGECONFIG[xauth] = "-Dxauth=enabled,-Dxauth=disabled,xauth"
	60	PACKAGECONFIG[seccomp] = "-Dseccomp=enabled,-Dseccomp=disabled,libseccomp"
	61	PACKAGECONFIG[malcontent] = "-Dmalcontent=enabled,-Dmalcontent=disabled,malcontent"
	62	PACKAGECONFIG[selinux] = "-Dselinux_module=enabled,-Dselinux_module=disabled,libselinux"
	63	PACKAGECONFIG[wayland-security-context] = "-Dwayland_security_context=enabled,-Dwayland_security_context=disabled,wayland wayland-native wayland-protocols"
	64
	65	PACKAGECONFIG ?= " \
	66	curl \
	67	${@bb.utils.contains('DISTRO_FEATURES', 'x11', 'xauth', '', d)} \
	68	${@bb.utils.contains('DISTRO_FEATURES', 'seccomp', 'seccomp', '', d)} \
	69	${@bb.utils.contains('DISTRO_FEATURES', 'wayland', 'wayland-security-context', '', d)} \
	70	"
	71
	72	EXTRA_OEMESON = " \
	73	-Dsystem_fusermount=fusermount3 \
	74	-Dsystem_bubblewrap=bwrap \
	75	-Dsystem_dbus_proxy=xdg-dbus-proxy \
	76	"
	77
	78	FILES:${PN} += "${libdir} ${datadir}"
	79
	80	USERADD_PACKAGES = "${PN}"
	81	USERADD_PARAM:${PN} = "--system --no-create-home --user-group --home-dir ${sysconfdir}/polkit-1 polkitd"
	82
	83	do_install:append() {
	84	chmod 0700 ${D}/${datadir}/polkit-1/rules.d
	85	chown polkitd ${D}/${datadir}/polkit-1/rules.d
	86	chgrp root ${D}/${datadir}/polkit-1/rules.d
	87	}