forked from flatpak/flatpak
-
Notifications
You must be signed in to change notification settings - Fork 0
/
NEWS
3076 lines (2641 loc) · 135 KB
/
NEWS
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
Changes in 1.15.3
~~~~~~~~~~~~~~~~~
Released: 2023-02-21
Build system:
* Building this version of Flatpak with Meson is recommended. The source
release flatpak-1.15.3.tar.xz no longer contains Autotools-generated
files, although this version can still be built using Autotools after
running `./autogen.sh`. Future versions are likely to remove the
Autotools build system.
Bug fixes:
* When splitting an upgrade into two steps (download without installing, and
then upgrade without allowing further downloads) like GNOME Software does,
if an app is marked EOL and superseded by a replacement, don't remove the
superseded app in the first step, which would result in the replacement
incorrectly not being installed (#5172)
* Fix a crash when --socket=gpg-agent is used (#5095)
* Fix a crash when listing apps if one of them is broken or misconfigured
(#5293)
* If an app has invalid syntax in its overrides or metadata, mention the
filename in the error message (#5293)
* Unset $GDK_BACKEND for apps, ensuring GTK apps with --socket=fallback-x11
can work (#5303)
* Fix a deprecation warning when compiled with curl >= 7.85 (#5284)
* Translation updates: es, ru (#5266, #5312, #5313)
Internal changes:
* Better diagnostic messages for why runtimes are or are not considered
unused (#5237)
Changes in 1.15.2
~~~~~~~~~~~~~~~~~
Released: 2023-02-06
Bug fixes:
* Never try to export a parent of reserved directories as a --filesystem,
for example /run, which would prevent the app from starting (#5205, #5207)
* Never try to export a --filesystem below /run/flatpak or /run/host,
which could similarly prevent the app from starting
* The above change also fixes apps not starting if a --filesystem is a
symlink to the root directory (#1357)
* Show a warning when the --filesystem exists but cannot be shared with
the sandbox (#1357, #5035, #5205, #5207)
* Display the intended messages for `flatpak repair` (#5204)
* Exporting an app to an existing repository on a CIFS filesystem
now works as intended (#5257)
* Unset $GIO_EXTRA_MODULES for apps, avoiding misbehaviour in some GLib
apps when set to a path on the host (#5206)
* Unset $XKB_CONFIG_ROOT for apps, avoiding crashes in GTK and Qt apps
under Wayland when this variable is set to a path not available in the
sandbox (#5194)
* When using the fish shell, avoid duplicate XDG_DATA_DIRS entries if the
profile script is sourced more than once (#5198)
* Update included copy of bubblewrap to 0.7.0 for better error messages
* Install SELinux files correctly when building with Meson
* Translation updates: ru, tr (#5256, #5262)
Internal changes:
* Update included copy of libglnx
* flatpak -v now uses the INFO log level, and flatpak -vv uses the
DEBUG log level in the flatpak log domain. Previously, the extra
messages that were logged by flatpak -vv were in a separate "flatpak2"
log domain. G_MESSAGES_DEBUG=flatpak previously had an effect similar to
flatpak -v, and is now more similar to flatpak -vv. (#5001)
Changes in 1.15.1
~~~~~~~~~~~~~~~~~
Released: 2022-11-17
Dependencies:
* When building with Meson, gpgme 1.8.0 is now required.
Older versions can still be used by building with Autotools.
Features:
* If an old temporary deploy directory was leaked by versions before #5146,
clean it up the next time the same app is updated (#5164)
Bug fixes:
* If an app update is blocked by parental controls policies, clean up the
temporary deploy directory (#5146)
* Fix Autotools build with versions of gpgme that no longer provide
gpgme-config(1) (#5173)
* Fix a possible parallel build failure with Meson (#5165)
* Fix a compiler warning on 32-bit architectures (#5148)
* When building with Autotools, be more consistent about applying compiler
warning flags (#5149)
* Unset $TEMP, $TEMPDIR and $TMP for apps, the same as $TMPDIR (#5168)
* Treat /efi the same as /boot/efi (#5155)
Changes in 1.15.0
~~~~~~~~~~~~~~~~~
Released: 2022-10-24
Build system:
* Flatpak can now be compiled using Meson instead of Autotools.
This requires Meson 0.53.0 or later, and Python 3.5 or later.
The Autotools build system is likely to be removed during either the
1.15.x or 1.17.x cycle. (#4845)
New features:
* Allow the `modify_ldt` system call as part of `--allow=multiarch`.
This increases attack surface, but is required when running 16-bit
executables in some versions of Wine. (#4297)
* Share gssproxy socket, which acts like a portal for Kerberos authentication.
This lets apps use Kerberos authentication without needing a sandbox hole.
(#4914)
* Add a httpbackend variable to flatpak.pc, allowing dependent projects
like GNOME Software to detect whether they are compatible with libflatpak
(#5054)
Bug fixes:
* Terminate the flatpak-session-helper and flatpak-portal services when the
session ends, so that applications will not inherit outdated Wayland
and X11 socket addresses (#5068)
* When using `fish` shell, don't overwrite a previously-set XDG_DATA_DIRS
(#5123)
* Don't try to enable HTTP 2 if linked to a libcurl version that doesn't
support it (#5074)
* Stop systemd reporting the session-helper as failed when terminated by
a signal (#5129)
* Fix a warning when listing a document with no permissions (#5055)
* Fix compilation with GLib 2.66.x (as used in Debian 11) (#5062)
* Fix compilation with GLib 2.58.x (as used in Debian 10) (#5066)
* Make generated files more reproducible (#5085)
* Translation updates: cs, id, pl, pt_BR (#5052, #5056, #5059, #5126)
Internal changes:
* Update project logo in README (#5119)
* Update libglnx subproject (#5140)
Changes in 1.14.0
~~~~~~~~~~~~~~~~~
Released: 2022-08-22
Known issues:
* There may be an issue where non-primary architecture builds don't show up
(https://github.com/flatpak/flatpak/issues/5045)
* There is a new security advisory on Flatpak but all supported versions are
not affected due to using new enough versions of libostree
(https://github.com/flatpak/flatpak/security/advisories/GHSA-45jq-5658-v38x)
Dependencies:
* Conditional on a build time option, revokefs will now use version 3 of the
FUSE API rather than version 2 (#4326)
* Libappstream should be updated to at least 0.15.3 to avoid critical warning
messages when using the "flatpak search" command
(https://github.com/ximion/appstream/issues/384)
New features:
* A new key "DeploySideloadCollectionID" is now supported in flatpakref and
flatpakrepo files, to allow setting a collection ID at the time a remote is
added from one of those files, rather than when metadata is pulled from the
remote, and without affecting versions of Flatpak with the older pre-sideload
P2P implementation (#4826)
* Allow sub-sandboxes to own MPRIS names on the session bus (#5023)
* Commands that accept "--user" will now also take "-u" as an alias for that
(#5014)
* The CLI now properly informs the user of which apps are (indirectly) using
end-of-life runtime extensions in end-of-life info messages (#4835)
* The CLI now takes into account operations in the pending transaction when
printing end-of-life messages (#4835)
* The uninstall command now asks for confirmation before removing in-use
runtimes or runtime extensions (#4835)
* A "--socket=gpg-agent" option is now recognized by "flatpak run" and related
commands (#4958)
Bug fixes:
* Fix a memory corruption issue caused by use of libcurl in an unsafe way
(#5046)
* Update selinux policy to cover symbolic links in /var/lib/flatpak (#4992)
* Fix a crash in case a .desktop file processed by the build-export command has
no Exec= key, and some related fixes for handling such .desktop files (#4817)
* Preserve the X11 display number rather than redirecting it to :99 (#5034)
Other changes:
* Various improvements to the unit tests, CI infra, and documentation
* Some changes were made to ensure translators can work on full sentences
rather than fragments in several places
* Translation updates: de, ru, sv, tr, uk, zh_CN
Changes in 1.13.3
~~~~~~~~~~~~~~~~~
Released: 2022-06-16
Dependencies:
* Support curl 7.29 or later as an additional, and the default, HTTP backend
alongwith libsoup 2.x (#4943)
* Clarify that glib 2.46 or later is now required (#4944)
New features:
* Implement support for rewriting dynamic launchers when an app is renamed
(#4703)
* Add --include-sdk/debug options to install command to install SDK/debuginfo
along with a ref (#4777)
* Improve --sideload-repo option to take create-usb dirs (#4843)
* Add a new library API flatpak_transaction_get_operation_for_ref() (#4947)
Bug fixes:
* Update the SELinux module to explicitly permit the system helper have read
access to /etc/passwd and systemd-userdbd, read and lock access to
/var/lib/flatpak, and watch files inside $libexecdir (#4852, #4855, #4892)
* Fix the error messages and the exit code of the 'uninstall' command when
non-existent refs are specified (#4857)
* Be more careful with errors when creating directories and deleting files,
and address some memory errors (#4930)
* Fix support for --noninteractive in the 'uninstall' command (#4947)
Other changes:
* Cosmetic improvements to end-of-life messages and other aspects of the CLI
output (#4947)
* Speed up the tests by not installing the polkit agent (#4942)
* Disable fuzzy ref matching when ID has a period or a slash, or when the
standard input or output is not a TTY (#4829, #4848)
* Update the icon-validator to print the format and size for consumption by
the dynamic launcher portal (#4803, #4808)
* Remove a pointless test (#4856)
* Improve various details of the GitHub workflows (#4870)
* Prepare for the addition of a Meson build (#4842, #4871, #4888, #4889, #4890)
* Only add the specified 'summary-arches' to the compat summary. This is
important since we're nearing the 10MB size limit for Flathub's legacy
summary files. (#4880)
* Translation updates: id, pt, sv, tr, uk
Changes in 1.13.2
~~~~~~~~~~~~~~~~~
Released: 2022-03-14
Bug fixes:
* Consistently pass relative subpaths to libostree, working around a bug
in libostree < 2021.6 when used with GLib >= 2.71 (#4805)
* Document have-kernel-module-* as having been added in 1.13.1
* Fix some memory leaks in GVariant data processing
Changes in 1.13.1
~~~~~~~~~~~~~~~~~
Released: 2022-03-01
Dependencies:
* libappstream 0.12.0 or later is now required
* appstream-glib is no longer required
* In distributions that compile Flatpak to use a separate bubblewrap (bwrap)
executable, version 0.5.0 is now required
New features:
* Create a directory for XDG_STATE_HOME and set the environment variable
(#4477)
- Apps requiring a state directory without a dependency on this updated
Flatpak version can get similar functionality by using:
--persist=.local/state --unset-env=XDG_STATE_HOME
which will use the same storage location
* Set HOST_XDG_STATE_HOME environment variable (#4477)
* Add have-kernel-module-foo family of conditionals for extensions, a
generalization of have-intel-gpu (which is now mostly equivalent to
have-kernel-module-i915) (#4647)
* Add `flatpak document-unexport --doc-id=...` (#1897)
* Export Appstream metadata for host system to use (#4350, #4599)
* Add command-line completion for the Fish shell (#3109)
* Add FlatpakTransaction:no-interaction API (#4699)
* We now allow networked access to X11 and PulseAudio services
if that is configured, and the application has network access.
(#397, #3908, #4702)
* `flatpak build-init` automatically sets the build directory to be
ignored by git (#4741)
Other changes:
* Updated bundled xdg-dbus-proxy to 0.1.3 (#4737)
* Updated bundled bubblewrap to 0.6.1 (#4779)
* The default branch in the Github repository is now named 'main'
* Don't offer options in CLI tab completion unless the user typed a '-'
(#4753)
* Disable fancy output (e.g. progress bars that get redrawn) when
G_MESSAGES_DEBUG is set in the environment (#4767)
* Most commands now work if /var/lib/flatpak exists but /var/lib/flatpak/repo
does not, and will automatically populate the repo directory if
possible (#4111)
* Disable session bus access for `flatpak-spawn --sandbox` as intended
(#4630)
* Make `sudo flatpak --user ...` fail with an error message, since acting
on root's per-user installation is unlikely to be what was intended
(#4638)
* Don't mention "negative" permissions like !host in /.flatpak-info (#4691)
* Improve performance when finding related refs
* Use SHA256 instead of SHA1 to avoid false-positives from static analysis
(in fact the use of SHA1 was not security-sensitive here) (#4716)
* Create sandbox's XDG_RUNTIME_DIR with 0700 permissions (#3397)
* Always create /.flatpak-info with 0600 permissions
* Absolute paths in WAYLAND_DISPLAY now work (#4752)
* Improve reliability of detecting the current GTK theme (#4754)
* Fix some error code paths when deploying malformed apps
* Improve some error messages
* Use URN for fontconfig DTD, consistent with fontconfig itself (#4617)
* Use `type -P` or `command -v` in preference to which(1) (#4696)
* Improve measurement of test coverage (#4681)
* Translation updates: de, fr, hi, hr, id, oc, pl, pt_BR, sv, uk, zh_CN
Changes in 1.12.6
~~~~~~~~~~~~~~~~~
Released: 2022-02-21
* Fix a bug that sometimes caused repo corruption in case downloads are
interrupted or canceled, necessitating a "flatpak repair" to recover
(#3479, #4258)
* More reliably detect the GTK theme (#4754)
* Fix history command unit test in some edge cases (#4764)
* Improve NEWS for 1.12.5
* Translation update: pt_BR
Changes in 1.12.5
~~~~~~~~~~~~~~~~~
Released: 2022-02-11
* Fixed a case where temporary data was sometimes left in
/var/lib/flatpak/appstream, and we now detect such leftover data and
remove it. (#4735)
* Fix regressions in `flatpak history` since 1.9.1 (#4121, #4332)
- Don't display the appstream branch used internally
- Don't display temporary repositories used internally
- Warn instead of failing if other non-app, non-runtime refs are found
- Don't set up an unnecessary polkit agent for `flatpak history`
- Add test coverage
* Don't propagate GStreamer-related environment variables into
sandbox (#4728)
* Fix a typo in an error message
* Fix incorrect year in NEWS for 1.12.4 release
* Translation update: pl
Changes in 1.12.4
~~~~~~~~~~~~~~~~~
Released: 2022-01-18
This is a regression fix update, reverting non-backwards-compatible
behaviour changes in the solution previously chosen for CVE-2022-21682.
Flatpak 1.12.3 and 1.10.6 changed the behaviour of `--nofilesystem=host`
and `--nofilesystem=home` in a way that was not backwards-compatible in
all cases. For example, some Flatpak users previously used a global
`flatpak override --nofilesystem=home` or
`flatpak override --nofilesystem=host`, but expected that individual apps
would still be able to have finer-grained filesystem access granted by the
app manifest, such as Zoom's `--filesystem=~/Documents/Zoom:create`. With
the changes in 1.12.3, this no longer had the intended result, because
`--nofilesystem=home` was special-cased to disallow inheriting the
finer-grained `--filesystem`.
Flatpak 1.12.4 and 1.10.7 return to the previous behaviour of
`--nofilesystem=host` and `--nofilesystem=home`. Instead, CVE-2022-21682
will be resolved by a new 1.2.2 release of flatpak-builder, which will
use a new option `--nofilesystem=host:reset` introduced in Flatpak 1.12.4
and 1.10.7. In addition to behaving like `--nofilesystem=host`, the new
option prevents filesystem permissions from being inherited from the
app manifest.
Other changes:
* Clarify documentation of `--nofilesystem`
* Improve unit test coverage around `--filesystem` and `--nofilesystem`
* Restore compatibility with older appstream-glib versions, fixing a
regression in 1.12.3
Changes in 1.12.3
~~~~~~~~~~~~~~~~~
Released: 2022-01-12
This is a security update that fixes two issues that were found in flatpak:
https://github.com/flatpak/flatpak/security/advisories/GHSA-qpjc-vq3c-572j
(also known as CVE-2021-43860)
This issue is about the possibility for a malicious repository to send
invalid application metadata in a way that hides some of the app
permissions displayed during installation.
https://github.com/flatpak/flatpak/security/advisories/GHSA-8ch7-5j3h-g4fx
(also known as CVE-2022-21682)
This issue is a problem with how flatpak-builder uses flatpak, that
can cause `flatpak-builder --mirror-screenshots-url` commands to be
allowed to create directories outside of the build directory.
The fix for this is done in flatpak by making the --nofilesystem=host
and --nofilesystem=home more powerful. They previously only removed
access to the particular location, i.e. `--nofilesystem=host` negated
`--filesystem=host`, but not `--filesytem=/some/dir`. This is a minor
change in behavior, as it may change the behavior of an override
with these specific options, however it is likely that the new
behavior was the expected one.
Other changes:
* Extra-data downloading now properly handles compressed content-encodings
which fixes checksum verification (see #4415)
Note: In some corner case server setups this may require the extra-data
checksum to be changed
* Avoid unnecessary policy-kit dialog due to auto-pinning when installing runtimes
* Better handling of updates of extensions that exist in multiple repositories
* Fixed (initial) installation apps with renamed ids
* Support more pulseaudio configuration, including the one used in WSL2
* Fixed regression in updates from no-enumerate remotes
* We now verify checksums of summary caches, to better handle local file
corruption
* Improved cli output for non-terminal targets
* Flatpak run --session-bus now works
* Fix build with PyParsing >= 3.0.4
* Fixed "Since" annotations on FlatpakTransaction signals
* bash auto completion now doesn't complete on command name aliases
* Minor improvements to the search command
* Minor improvements to the list command
* Minor improvements to the repair command
* Add more tests
* Updated translations and docs
Changes in 1.12.2
~~~~~~~~~~~~~~~~~
Released: 2021-10-12
* Install translations referenced by LANG, LANGUAGE or LC_ALL
* Fix error handling for the syscalls that are blocked when not using --devel
* Improve diagnostic messages when seccomp rules cannot be applied
* Update Polish translation
Changes in 1.12.1
~~~~~~~~~~~~~~~~~
Released: 2021-10-08
The security fix in the 1.12.0 release failed when used with some
older versions of libseccomp (that don't know about the new syscalls).
More specifically, installing modules that use extra-data would fail, and so
would running applications with the --allow=multiarch feature, such as Steam.
This release fixes those regressions.
Changes in 1.12.0
~~~~~~~~~~~~~~~~~
Released: 2021-10-08
This is the first stable release in the 1.12.x series. The major changes
in this series is the support for better control of sub-sandboxes, as
used by the Steam Flatpak app to run Windows games under Proton.
In addition, this release fixes a security vulnerability in the portal
support. Some recently added syscalls were not blocked by the seccomp rules
which allowed the application to create sub-sandboxes which can confuse
the sandboxing verification mechanisms of the portal. This has been
fixed by extending the seccomp rules. (CVE-2021-41133)
For details, see:
https://github.com/flatpak/flatpak/security/advisories/GHSA-67h7-w3jq-vh4q
Other changes in this version:
* Some test fixes
* Update translations
* Support for specifying the flatpak binary to use during exports
* Install translations for all languages in the locale, not just the ones in
LC_MESSAGES.
* Fix progress reporting in flatpak fsck
* Handle cases where /var/tmp is a symlink
* Expose /etc/gai.conf to the sandbox
* Fix the parental control checks for root
* Handle missing /etc/ld.so.cache (musl)
Changes in 1.11.3
~~~~~~~~~~~~~~~~~
Released: 2021-08-25
Dependencies:
* For Linux distributions that compile Flatpak to use a separate
bubblewrap (bwrap) executable, updating to version 0.5.0 is recommended,
but not required. The minimal version is still 0.4.0.
Bug fixes:
* Don't inherit an unusual $XDG_RUNTIME_DIR setting into the sandbox, fixing
a regression introduced when CVE-2021-21261 was fixed in 1.8.5 and 1.10.0
* Update the included copy of bubblewrap (flatpak-bwrap) to 0.5.0
- Better diagnostics when a --bind or other bind-mount fails
- Create non-directories with safer permissions
- Allow mounting an non-directory over an existing non-directory
- Silence kernel messages for our bind-mounts
- Improve ability to bind-mount directories on case-insensitive filesystems
* Don't ask user which remote to download from if there is only one option
* Improve robustness of autogen.sh
Internal changes:
* Improve test coverage
* Spelling fixes
Translation updates: Brazilian Portuguese, Russian, Spanish, Ukrainian
Changes in 1.11.2
~~~~~~~~~~~~~~~~~
Released: 2021-06-17
Bug fixes:
* Fix logic error when migrating AppStream XML
* Improve error-checking
* Fix various memory and file descriptor leaks, in particular with
flatpak-spawn --env=...
* Fix fd confusion in flatpak-spawn --env=... --forward-fd=..., which
caused "Steam Linux Runtime" containers to fail to start
* Avoid a crash when looking up summary for a ref without an arch
* Improve handling of refs belonging to more than one architecture,
e.g. for cross-compilation
* Don't abort uninstall if deploy metadata is missing
* Don't fail transaction if searching for dependencies fails in one remote
* Fix test failure when running tests as root
* Improve error message for 'sudo flatpak run'
Internal changes:
* Improve printf format string validation
* Improve test coverage
* Reduce risk of accidentally hard-coding x86 in the tests
Translation updates: Danish, Indonesian, Russian
Changes in 1.11.1
~~~~~~~~~~~~~~~~~
Released: 2021-04-26
This is the first unstable release in the series that will lead to 1.12.
New features:
* All instances of the same app-ID share their /tmp directory
* All instances of the same app-ID share their $XDG_RUNTIME_DIR
* Instances of the same app-ID can optionally share their /dev/shm directory
(enabled by a new --allow flag, --allow=per-app-dev-shm)
* Allow a subsandbox to have a different /usr and/or /app.
Steam will use this to launch games with its own container runtime
as /usr (the "Steam Linux Runtime" mechanism).
* enter: Improve support for TUI programs like gdb
* build-update-repo: Add a higher-performance reimplementation of
`ostree prune` specialized for archive-mode repositories
Bug fixes:
* Fix deploys of local remotes in system-helper
* Fix test failures on non-x86_64 systems
* Fix two intermittent test failures
* Make polkit queries non-interactive when operating in non-interactive mode
* Use a local main-context when using libsoup in a thread
* create-usb: Skip copying extra-data flatpaks
* OCI: Switch to pax-format tar archives
* history: Handle transaction log entries with empty REF field
* portal: Fix flatpak-spawn --clear-env on OSs where flatpak is not on
the fallback PATH, such as NixOS
* Fix various issues detected by scan-build
Internal changes:
* Use GNU bison to build parse-datetime.y
* Add information about security support and security vulnerability
reporting (see `SECURITY.md`)
* Move all git submodules into subprojects/ directory
* Several sockets are now created in /run/flatpak in the sandbox, with
symbolic links in $XDG_RUNTIME_DIR
Changes in 1.10.2
~~~~~~~~~~~~~~~~~
Released: 2021-03-10
This is a security update which fixes a potential attack where
a flatpak application could use custom formated .desktop files to
gain access to files on the host system.
Other changes:
* Fix memory leaks
* Some test fixes
* Documentation updates
* G_BEGIN/END_DECLS added to library headders for c++ use
* Fix for X11 cookies on OpenSUSE
* Spawn portal better handles non-utf8 filenames
Changes in 1.10.1
~~~~~~~~~~~~~~~~~
Released: 2021-01-21
* Fix flatpak build on systems with setuid bwrap
* Fix some compiler warnings
* Add --enable-asan configure option
* Fix crash on updating apps with no deploy data
* Update translations
Changes in 1.10.0
~~~~~~~~~~~~~~~~~
Released: 2021-01-14
This is the first stable release after the 1.9.x unstable series.
The major new feature in this series compared to 1.8 is the support
for the new repo format which should make updates faster and download
less data.
This release also contains the security fixes from 1.8.5, so everyone
on the 1.9.x series should update immediately. (CVE-2021-21261)
Other changes since 1.9.3:
* The systemd generator snippets now call flatpak --print-updated-env
in place of a bunch of shell for better login performance.
* The .profile snippets now disable GVfs when calling flatpak to
avoid spawning a gvfs daemon when logging in via ssh.
* Build fixes for GCC 11.
* Flatpak now finds the pulseaudio sockets better in uncommon
configurations.
* Sandboxes with network access it now also has access to the
systemd-resolved socket to do dns lookups.
* Flatpak supports unsetting env vars in the sandbox using --unset-env,
and `--env=FOO=` now sets FOO to the empty string instead of
unsetting it.
* Similarly the spawn portal has an option to unset an env var.
* The spawn portal now has an option to share the pid namespace
with the sub-sandbox.
Changes in 1.9.3
~~~~~~~~~~~~~~~~
Released: 2020-12-22
I expect this to be the final 1.9.x release, and we can expect 1.10.0
early next year, containing basically whats in this release in terms
of features.
A minor change in the new indexed summary format in this release. The
gpg signature of the summary index is now stored in a filename indexed
by the checksum of the index rather than a static filename. This fixes
an update race between clients accessing the two files during and update.
It also helps in keeping mirrors and cached coherent. The old filename
is still created/used for backwards compat with 1.9.1, but may go
away in the future.
Other changes:
* --filesystem=host now exposed /var/usrlocal (as seen on ostree)
* Better error messages in flatpak portal.
* Rebases during update now install the new app before uninstalling
the old, which means failure during the first doesn't leave the app
uninstalled.
* flatpak_installation_list_installed_refs_for_update() now handles
some case better when apps in the user installation depends on
runtimes in the system installation.
* New version of the deploy files which guarantees the existance of
a bit more data. This is useful for eol detection of apps that were
installed with previous flatpak versions.
* Some corner cases when installing an app with extra-data into a nonstandard
installation were fixed.
* Fixed crashed when killing and entering running instance that have
was running a runtime, not an app.
* The root user can now bypass parental controls.
* Some fixes to library annotations.
* Updated translations
Changes in 1.9.2
~~~~~~~~~~~~~~~~
Released: 2020-11-20
* Some build fixes on non-x86-64 arches
* Fix permission issue in endless installer
* Fixed a bug where flatpak was accidentally clearing the summary cache
during updates in the user installation.
* Fix handling of the multiarch permission.,
* Add back the commit timestamp to the summary file.
Changes in 1.9.1
~~~~~~~~~~~~~~~~
Released: 2020-11-19
This is the first unstable release in the series that will lead to
1.10. The main change in this version is a new format for the summary
file used when accessing an OSTree repository on the network. For this
reason we now require OSTree version 2020.8.
The new format should make getting the initial metadata required for
most flatpak operations much faster, and use less network
bandwidth. This will allow repositories to scale to more apps and more
architectures without affecting clients. The old format is still
generated for compatibility with older clients.
The new format also allows repositories to publish named subsets, and
for clients to declare that they only want to see that subset. The
goal here is to allow for example flathub to mark all FOSS apps, and
make it possible for users to use a flathub-foss remote without
flathub having to maintain two duplicated repositories. This is
accessible by passing --subset=SUBSET to the build-commit-from and
build-export commands.
The new repo option `flatpak.summary-arches` controls which architectures
are put in the old format summary. This can be used to avoid newly added
architectures making old clients slower, at the cost of requiring a newer
flatpak client version for the new architecture.
Other major changes
* There is a new `flatpak pin` command that lets you pin runtimes
so that they are not considered unused. Also, we now by default pin
runtimes that are installed explicitly (i.e. not as a dependency of an
app).
* During a regular update or uninstall of an app, if the operation
makes a previously used runtime unused, and the runtime is marked
as end-of-lifed, then the runtime is automatically uninstalled.
* During `flatpak update` (i.e. with no specific app given) flatpak
now automatically adds uninstall operations for end-of-life runtimes
that are unused.
* The end-of-life warnings in the flatpak CLI are now better, showing
more useful details (like version and what apps are using the runtime)
and less unuseful details.
* Some changes was made in which dconf paths were considered "similar"
to the app id, allowing for example `org.gnome.SoundJuicer` to
migrate from `/org/gnome/sound-juicer`.
* Flatpak run now implements the new standard for os-release in containers
(https://www.freedesktop.org/software/systemd/man/os-release.html).
* There is now a tcsh profile snippet
* The origin remote for an app is now prioritized over other remotes with
the same priority when looking for dependencies.
* We now allow extra-data apply_extra processes to run multiarch code.
* A new internal representation for ostree ref strings was added which
is more efficient. This should not affect the behaviour of flatpak
but the large amounts of changes to use this may have accidentally
introduced regressions.
* Some fixes to the in-memory summary cache make it more efficient.
* --filesystem=/ is now explicitly forbidden as it doesn't work (and never
did).
* Flatpak install/update now only prints `(partial)` for an update that
actually is partial (not just for all locales).
* Flatpak remote-ls on a file: uri (for example a sideloaded repo) now
correctly lists the refs in the repo.
* New library APIS: flatpak_installation_list_pinned_refs,
flatpak_transaction_set_disable_auto_pin,
flatpak_transaction_set_include_unused_uninstall_ops,
flatpak_transaction_operation_get_subpaths,
flatpak_transaction_operation_get_requires_authentication.
* flatpak_installation_list_installed_refs_for_update() now returns
refs that have a end-of-life rebase that it could be updated to.
* There is a new `ready-pre-auth` signal in FlatpakTransaction allowing
clients new ways to handling authentication.
* Fix bug where extension sources were sometimes auto-installed
Changes in 1.8.3
~~~~~~~~~~~~~~~~
Released: 2020-11-17
* Fixed progress reporting for OCI and extra-data
* The in-memory summary cache is more efficient
* Fixed authentication getting stuck in a loop in some cases
* Fixed authentication error reporting
* We now extract OCI info for runtimes as well as apps
* Fixed crash if anonymous authentication fails and -y is specified
* flatpak info now only looks at the specified installation
if one is specified
* Better error reporting for server HTTP errors during download
* Uninstall now removes applications before the runtime it depends on
* Fixed test-suite to pass with the latest OSTree version
* Fixed dbus environment variables in flatpak enter
* Avoid updating metadata from the remote when uninstalling
* Fixed error message handling in various places
* FlatpakTransaction now verifies all passed in refs to avoid
potential issues with invalid names
* Updated translations
Changes in 1.8.2
================
* Added validation of collection id settins for remotes
* Fix seccomp filters on s390
* Robustness fixes to the spawn portal
* Fix support for masking update in the system installation
* Better support for distros with uncommon models of merged /usr
* Cache responses from localed/AccoutService
* Fix hangs in cases where xdg-dbus-proxy fails to start
* Fix double-free in cups socket detection
* OCI authenticator now doesn't ask for auth in case of http errors
Changes in 1.8.1
================
* Avoid calling authenticator in update if ref didn't change
* Don't fail transaction if ref is already installed (after transaction start)
* Fix flatpak run handling of userns in the --device=all case
* Fix handling of extensions from different remotes
* Fix flatpak run --no-session-bus
* Updated translations
Changes in 1.8.0
================
New stable release series 1.8.
Changes:
* FlatpakTransaction has a new signal "install-authenticator" which clients can handle to
install authenticators needed for the transaction. This is done in the CLI commands.
* We now always expose the host timezone data, allowing us the expose the host /etc/localtime
in a way that works better, fixing several apps that had timezone issues.
* Fix flatpak enter which didn't work in some cases.
* We now ship a systemd unit (not installed by default) to automatically detect plugged in
usb sticks with sideload repos.
* By default we no longer install the gdm env.d file, as the systemd generators work better
* create-usb now exports partial commits by default
* Fix handling of docker media types in oci remotes
* Fix subjects in remote-info --log output
Changes in 1.7.3
================
* Allow direct ALSA device access if app has pulseaudio access.
* Flatpak now ships a sysusers.d file for allowing systemd to create the required users.
* Fix issue in remote-delete where it failed to delete system remotes if it had to uninstall
something first.
* New library calls flatpak_transaction_operation_get_related_to_ops(), flatpak_transaction_operation_get_is_skipped() and
flatpak_transaction_set_no_interaction().
* New options --[no-]follow-redirect in remote-add/modify
* New spawn portal APIs to get real pid of launched app.
* By default, all OCI remotes now use the flatpak-oci-authenticator.
* Support flatpak remote-info and flatpak update --commit= to specific versions for OCI remotes.
* Initial work in progress on using deltas for OCI remotes.
* Fix race in the generation of ld.so.cache when starting copies of the same app at the same time.
* Minor fix in what locales are installed on update.
* Flatpak uninstall now doesn't fail if one ref (of many) was not installed.
* Flatpak systemd transient units now have an app-prefix to match new XDG spec for
cgroup names.
* In some cases we previously downloaded the summary twice.
* flatpak upgrade is now an alias for flatpak update.
* Fix to selinux module to work without unconfined module.
* Respect user XDG basedirs when finding users fonts and icons.
* Fix issue where thread were sometimes initialized causing flatpak enter to fail.
* Better error reporting when authentication goes wrong.
Changes in 1.7.2
================
This fixes some regressions in progress reporting in 1.7.1, where it would report > 100%.
Other changes:
* Completion support for fish shell
* Properly handle migration of remotes with collection ids
* The summary now has some extra-data download size info which can make downloads slightly more efficient
Changes in 1.7.1
================
This is the first release in the 1.7.x unstable release series.
A major change is that the support for the ostree peer-to-peer installation has been
simplified. Flatpak no longer supports installing from local network peers, and sideloading
from local usb stick is no longer automatic. To enable sideloading you have to configure
a sideload repository by creating a symlink to it from /var/lib/flatpak/sideload-repos or
/run/flatpak/sideload-repos. Due to this the flatpak code has been simplified internally
and the p2p support is more efficient.
Other major changes
* If an app has filesystem access, the host /lib is accessible as /run/host/lib, etc.
* New filesystem permission "host-etc" and "host-os" give access to system /usr and /etc.
* Flatpak now uses variant-schema-compiler to generate more efficient code for
parsing GVariant files from ostreee.
* libsystemd use is now optional in configure.
* Journal sockets are mounted readonly
* document-export now supports exporting directories (requires new portal version)
* DConf migration now allows version numbers in object paths
Changes in 1.6.3
================
The main change in this version is a fix for a regression in the progress calculation
for applications using extra-data. Additionally the bundled version of bubblewrap
is updated to 0.4.1 which fixes a security issue in some cases. See
https://github.com/containers/bubblewrap/security/advisories/GHSA-j2qp-rvxj-43vj
for details.
Other changes:
* Updated translations
* Don't break if users primary gid is not in the nsswitch database
* Fix crash in flatpak repair if no remotes are configured
* Some updates to the oci authenticator
* Retry downloads of extra data
Changes in 1.6.2
================
Due to a combination of some behaviour in flatpak and recent versions of ostree we at some
point lost the use of deltas for the initial install case, instead always falling back
to a full ostree operation which is a lot less efficient for pulls with many small files
like a runtime. This caused some very slow installs from e.g. flathub, so I recommend
everyone update to this version to get better install performance.
Other changes are:
* We now correctly handle TMPDIR env var overrides when bwrap is setuid
* Disallow running "flatpak run" under sudo (as it doesn't work and causes issues)
* Fix build with older versions of glib
* Minor documentation updates
* Updated translations
Changes in 1.6.1
================
This is a (mild) security update. Flatpak 1.6.0 added the ability for an application to request it to be
updated, as long as the new version doesn't require new permissions. Unfortunately in some special cases,
if an app had acces to the home directory, but not the rest of the filesystem it would still allow a
self-update where the new version could access some files outside the home directory..
This is fixed in this version, and all users of 1.6.0 are recommended to update.
Other changes are:
* New permission --device=shm giving access to host /dev/shm, as needed for jack.
* Generated correct download size in build-commit-from
* sub-sandbox now allows the child to share the gpu of the caller has full device access
* Fix crash with disabled remotes
* Fix builds with older versions of glib
* Update translations
Changes in 1.6.0
================
This is the first stable release in the 1.6 series, main changes
since 1.4 is the support for protected content and improvements
in the self-sandboxing support.
There is one change in the support for OCI remotes, we now
only support the use of labels, not annotations, as labels
work with more registries. This means pre-existing OCI flatpak
registries (like fedora) may need some changes.
Changes since 1.5.2:
* New permissions --socket=cups for direct cups access
* Fix some leaks
* Fix reporting of progress with latest version of ostree
* New no-interaction flag for authenticators
* Support for auto-installing authenticators from a flatpak remote
* Warn less about unset XDG_DATA_DIRS
* Don't poll for updates in the portal when on a metered connection
Changes in 1.5.2
================
This version has further changes to the protocol and API for handing
authentication, in order to make it more flexible and futureproof. The
sample authenticator has been updated to the new APIs. Flatpak now
ships with a OCI authenticator that can be used to access private OCI
registries.
FlatpakTransaction now also has a callback for simple user/password
authentication for an authenticator (the basic-auth-start signal)
modeled on HTTP basic authentication. This is handled in the flatpak
CLI by interactive prompts on the terminal. This is needed by the OCI
authenticator, but can also be used by other authenticators that have
simple authentication requirements.
There were also some fixes to the new self-sandboxing support of the
flatpak spawn portal, allowing webkit to use it.
Other changes:
* Show background status in flatpak ps
* Improved docs and help output
* Fix support for fd forwarding and the allow_a11y flag in the sandboxing portal
* Some improvements to the new permission-set command
* New remote option that allows settting the default token type (mostly for debugging)
Changes in 1.5.1
================
The major new feature of this is the support for protected applications and the system
around authenticting downloads to it. This is not considered stable yet, but this release
has the initial work to make it possible for developers to play around with this. I
will send out a separate mail about this later.
Other changes:
* Flatpak now bundles bubblewrap 0.4.0, and requires 0.4.0 to use the system bubblewrap.
* Optional support for parental controls using libmalcontent.
* Transaction now installs extensions before apps to ensure we have a working app immediately after install.
* Changes in temporary file use makes flatpak run work better in low disk space situations.
* flatpak enter now works without sudo, and works better in general.
* New features for the flatpak portal:
* Support starting a sub-sandbox with the child processes visible in the original sandbox.
* Support adding some kinds of permissions to sub-sandboxes