From 586d42b3266f2e70b01fa32dc76c830bd51b6b0a Mon Sep 17 00:00:00 2001 From: MSVSphere Packaging Team Date: Tue, 18 Jun 2024 03:02:52 +0300 Subject: [PATCH] import flatpak-1.12.9-1.el8_10 --- .flatpak.metadata | 2 +- .gitignore | 2 +- ...selinux-Permit-using-systemd-userdbd.patch | 28 +++++++++ SPECS/flatpak.spec | 57 ++++++++++++++++--- 4 files changed, 80 insertions(+), 9 deletions(-) create mode 100644 SOURCES/flatpak-Revert-selinux-Permit-using-systemd-userdbd.patch diff --git a/.flatpak.metadata b/.flatpak.metadata index 3e6b496..56a0c50 100644 --- a/.flatpak.metadata +++ b/.flatpak.metadata @@ -1 +1 @@ -89420d434afa1d3bb9c43450935fd13e37ddc439 SOURCES/flatpak-1.10.8.tar.xz +41429400eab33868b6c6045fe235e86e1086a056 SOURCES/flatpak-1.12.9.tar.xz diff --git a/.gitignore b/.gitignore index f7ca2f2..804ac25 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/flatpak-1.10.8.tar.xz +SOURCES/flatpak-1.12.9.tar.xz diff --git a/SOURCES/flatpak-Revert-selinux-Permit-using-systemd-userdbd.patch b/SOURCES/flatpak-Revert-selinux-Permit-using-systemd-userdbd.patch new file mode 100644 index 0000000..8c9dd9f --- /dev/null +++ b/SOURCES/flatpak-Revert-selinux-Permit-using-systemd-userdbd.patch @@ -0,0 +1,28 @@ +From 1c73110795b865246ce3595042dcd2d5e7891359 Mon Sep 17 00:00:00 2001 +From: Debarshi Ray +Date: Mon, 6 Nov 2023 20:27:16 +0100 +Subject: [PATCH] Revert "selinux: Permit using systemd-userdbd" + +This reverts commit 399710ada185c1ee232bc3e6266a71688eb152b7. +--- + selinux/flatpak.te | 4 ---- + 1 file changed, 4 deletions(-) + +diff --git a/selinux/flatpak.te b/selinux/flatpak.te +index bb3d80e316eb..4cf895c44abe 100644 +--- a/selinux/flatpak.te ++++ b/selinux/flatpak.te +@@ -33,10 +33,6 @@ optional_policy(` + policykit_dbus_chat(flatpak_helper_t) + ') + +-optional_policy(` +- systemd_userdbd_stream_connect(flatpak_helper_t) +-') +- + optional_policy(` + unconfined_domain(flatpak_helper_t) + ') +-- +2.41.0 + diff --git a/SPECS/flatpak.spec b/SPECS/flatpak.spec index 3c1c6db..d86d240 100644 --- a/SPECS/flatpak.spec +++ b/SPECS/flatpak.spec @@ -2,7 +2,7 @@ %global ostree_version 2020.8 Name: flatpak -Version: 1.10.8 +Version: 1.12.9 Release: 1%{?dist} Summary: Application deployment framework for desktop apps @@ -10,6 +10,14 @@ License: LGPLv2+ URL: http://flatpak.org/ Source0: https://github.com/flatpak/flatpak/releases/download/%{version}/%{name}-%{version}.tar.xz +%if 0%{?fedora} +# Add Fedora flatpak repositories +Source1: flatpak-add-fedora-repos.service +%endif + +# https://issues.redhat.com/browse/RHEL-4220 +Patch0: flatpak-Revert-selinux-Permit-using-systemd-userdbd.patch + BuildRequires: pkgconfig(appstream-glib) BuildRequires: pkgconfig(dconf) BuildRequires: pkgconfig(fuse) @@ -34,14 +42,12 @@ BuildRequires: docbook-style-xsl BuildRequires: gettext BuildRequires: libassuan-devel BuildRequires: libcap-devel -BuildRequires: python3.11-pyparsing +BuildRequires: python3-devel +BuildRequires: python3-pyparsing BuildRequires: systemd -BuildRequires: /usr/bin/python3 BuildRequires: /usr/bin/xmlto BuildRequires: /usr/bin/xsltproc -%{?systemd_requires} - Requires: bubblewrap >= %{bubblewrap_version} Requires: librsvg2%{?_isa} Requires: ostree-libs%{?_isa} >= %{ostree_version} @@ -119,6 +125,8 @@ This package contains installed tests for %{name}. %prep %autosetup -p1 +# Make sure to use the RHEL-lifetime supported Python and no other +%py3_shebang_fix scripts/* subprojects/variant-schema-compiler/* tests/* %build @@ -142,6 +150,11 @@ install -pm 644 NEWS README.md %{buildroot}/%{_pkgdocdir} install -d %{buildroot}%{_localstatedir}/lib/flatpak install -d %{buildroot}%{_sysconfdir}/flatpak/remotes.d rm -f %{buildroot}%{_libdir}/libflatpak.la + +%if 0%{?fedora} +install -D -t %{buildroot}%{_unitdir} %{SOURCE1} +%endif + %find_lang %{name} # Work around selinux denials, see @@ -158,15 +171,28 @@ getent passwd flatpak >/dev/null || \ exit 0 +%if 0%{?fedora} %post -# Create an (empty) system-wide repo. -flatpak remote-list --system &> /dev/null || : +%systemd_post flatpak-add-fedora-repos.service +%endif %post selinux %selinux_modules_install %{_datadir}/selinux/packages/flatpak.pp.bz2 +%if 0%{?fedora} +%preun +%systemd_preun flatpak-add-fedora-repos.service +%endif + + +%if 0%{?fedora} +%postun +%systemd_postun_with_restart flatpak-add-fedora-repos.service +%endif + + %postun selinux if [ $1 -eq 0 ]; then %selinux_modules_uninstall %{_datadir}/selinux/packages/flatpak.pp.bz2 @@ -209,6 +235,7 @@ fi %{_mandir}/man5/flatpak-installation.5* %{_mandir}/man5/flatpak-remote.5* %{_sysconfdir}/dbus-1/system.d/org.freedesktop.Flatpak.SystemHelper.conf +%dir %{_sysconfdir}/flatpak %{_sysconfdir}/flatpak/remotes.d %{_sysconfdir}/profile.d/flatpak.sh %{_sysusersdir}/flatpak.conf @@ -217,6 +244,10 @@ fi %{_userunitdir}/flatpak-portal.service %{_systemd_user_env_generator_dir}/60-flatpak +%if 0%{?fedora} +%{_unitdir}/flatpak-add-fedora-repos.service +%endif + %files devel %{_datadir}/gir-1.0/Flatpak-1.0.gir %{_datadir}/gtk-doc/ @@ -246,6 +277,18 @@ fi %changelog +* Tue Apr 30 2024 Kalev Lember - 1.12.9-1 +- Update to 1.12.9 (CVE-2024-32462) + +* Mon Nov 06 2023 Debarshi Ray - 1.12.8-1 +- Rebase to 1.12.8 (RHEL-4220) + +* Mon Nov 06 2023 Debarshi Ray - 1.10.8-3 +- Let flatpak own %%{_sysconfdir}/flatpak (RHEL-15822) + +* Mon Sep 04 2023 Miro HronĨok - 1.10.8-2 +- Make sure to use the RHEL-lifetime supported Python and no other (RHEL-2225) + * Tue Jul 25 2023 MSVSphere Packaging Team - 1.10.8-1 - Rebuilt for MSVSphere 8.8