From 0edc4266acdd5d06e89c6f2491f511877910b455 Mon Sep 17 00:00:00 2001 From: Markus Volk Date: Wed, 21 Aug 2024 10:35:25 +0200 Subject: flatpak: update 1.15.9 -> 1.15.10 Dependencies: In distributions that compile Flatpak to use a separate bubblewrap (bwrap) executable, version 0.10.0 is required. This version adds a new feature which is required by the security fix in this release. Security fixes: Don't follow symbolic links when mounting persistent directories (--persist option). This prevents a sandbox escape where a malicious or compromised app could edit the symlink to point to a directory that the app should not have been allowed to read or write. (CVE-2024-42472, GHSA-7hgv-f2j8-xw87) Documentation: Mark the 1.12.x and 1.10.x branches as end-of-life (#5352) Other bug fixes: Fix several memory leaks (#5883, #5884) Internal changes: Record a log file when running build-time tests with AddressSanitizer (#5884) Add initial suppressions file for AddressSanitizer (#5884) Signed-off-by: Markus Volk Signed-off-by: Khem Raj --- .../recipes-extended/flatpak/flatpak_1.15.10.bb | 87 ++++++++++++++++++++++ 1 file changed, 87 insertions(+) create mode 100644 meta-oe/recipes-extended/flatpak/flatpak_1.15.10.bb (limited to 'meta-oe/recipes-extended/flatpak/flatpak_1.15.10.bb') diff --git a/meta-oe/recipes-extended/flatpak/flatpak_1.15.10.bb b/meta-oe/recipes-extended/flatpak/flatpak_1.15.10.bb new file mode 100644 index 0000000000..cf512c7cc6 --- /dev/null +++ b/meta-oe/recipes-extended/flatpak/flatpak_1.15.10.bb @@ -0,0 +1,87 @@ +DESCRIPTION = "Desktop containment framework." +HOMEPAGE = "http://flatpak.org" +LICENSE = "LGPL-2.1-only" +LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c" + +SRC_URI = " \ + git://github.com/flatpak/flatpak;protocol=https;branch=main \ + file://0001-flatpak-pc-add-pc_sysrootdir.patch \ +" + +SRCREV = "8b4f523c4f8287d57f1a84a3a8216efe200c5fbf" + +S = "${WORKDIR}/git" + +inherit meson pkgconfig gettext systemd gtk-doc gobject-introspection python3native useradd mime features_check + +REQUIRED_DISTRO_FEATURES = "polkit" + +DEPENDS = " \ + appstream \ + bison-native \ + bubblewrap-native \ + fuse3 \ + gdk-pixbuf \ + glib-2.0 \ + gpgme \ + json-glib \ + libarchive \ + libcap \ + libxml2 \ + ostree \ + polkit \ + python3-pyparsing-native \ + xdg-dbus-proxy-native \ + zstd \ +" + +RDEPENDS:${PN} = " \ + ca-certificates \ + flatpak-xdg-utils \ + fuse3-utils \ + bubblewrap \ + xdg-dbus-proxy \ +" + +GIR_MESON_OPTION = "gir" +GIR_MESON_ENABLE_FLAG = 'enabled' +GIR_MESON_DISABLE_FLAG = 'disabled' +GTKDOC_MESON_OPTION = 'gtkdoc' +GTKDOC_MESON_ENABLE_FLAG = 'enabled' +GTKDOC_MESON_DISABLE_FLAG = 'disabled' + +PACKAGECONFIG[curl] = "-Dhttp_backend=curl,,curl" +PACKAGECONFIG[dconf] = "-Ddconf=enabled,-Ddconf=disabled,dconf" +PACKAGECONFIG[docbook_docs] = "-Ddocbook_docs=enabled,-Ddocbook_docs=disabled,xmlto-native" +PACKAGECONFIG[man] = "-Dman=enabled,-Dman=disabled,libxslt-native" +PACKAGECONFIG[soup] = "-Dhttp_backend=soup,,libsoup-2.4" +PACKAGECONFIG[tests] = "-Dtests=true,-Dtests=false,xauth socat-native" +PACKAGECONFIG[xauth] = "-Dxauth=enabled,-Dxauth=disabled,xauth" +PACKAGECONFIG[seccomp] = "-Dseccomp=enabled,-Dseccomp=disabled,libseccomp" +PACKAGECONFIG[malcontent] = "-Dmalcontent=enabled,-Dmalcontent=disabled,malcontent" +PACKAGECONFIG[selinux] = "-Dselinux_module=enabled,-Dselinux_module=disabled,libselinux" +PACKAGECONFIG[wayland-security-context] = "-Dwayland_security_context=enabled,-Dwayland_security_context=disabled,wayland wayland-native wayland-protocols" + +PACKAGECONFIG ?= " \ + curl \ + ${@bb.utils.contains('DISTRO_FEATURES', 'x11', 'xauth', '', d)} \ + ${@bb.utils.contains('DISTRO_FEATURES', 'seccomp', 'seccomp', '', d)} \ + ${@bb.utils.contains('DISTRO_FEATURES', 'wayland', 'wayland-security-context', '', d)} \ +" + +EXTRA_OEMESON = " \ + -Dsystem_fusermount=fusermount3 \ + -Dsystem_bubblewrap=bwrap \ + -Dsystem_dbus_proxy=xdg-dbus-proxy \ +" + +FILES:${PN} += "${libdir} ${datadir}" + +USERADD_PACKAGES = "${PN}" +USERADD_PARAM:${PN} = "--system --no-create-home --user-group --home-dir ${sysconfdir}/polkit-1 polkitd" + +do_install:append() { + chmod 0700 ${D}/${datadir}/polkit-1/rules.d + chown polkitd ${D}/${datadir}/polkit-1/rules.d + chgrp root ${D}/${datadir}/polkit-1/rules.d +} -- cgit v1.2.3-54-g00ecf