Skip to content

Tags

Tags give the ability to mark specific points in history as being important

  • debian/1.14.4-2

    71bc7481 · releasing package flatpak version 1.14.4-2 · 
    tagging package flatpak version debian/1.14.4-2
    Unverified

  • debian/1.10.8-0+deb11u1

    9aa43c35 · d/changelog: Add bug numbers · 
    flatpak release 1.10.8-0+deb11u1 for bullseye (bullseye)

(maintainer view tag generated by dgit --quilt=unapplied)

[dgit distro=debian split --quilt=unapplied]
    Unverified

  • 1.10.8

    d771946b · Update translation files for 1.10.8 release · 
    flatpak 1.10.8

Security fixes:

 * Escape special characters when displaying permissions and metadata,
   preventing malicious apps from manipulating the appearance of the
   permissions list using crafted metadata (CVE-2023-28101).

 * If a Flatpak app is run on a Linux virtual console (tty1, tty2, etc.),
   don't allow copy/paste via the TIOCLINUX ioctl (CVE-2023-28100).
   Note that this is specific to virtual consoles: Flatpak is not
   vulnerable to this if run from a graphical terminal emulator such as
   xterm, gnome-terminal or Konsole.

Other bug fixes:

 * If an app update is blocked by parental controls policies, clean up the
   temporary deploy directory (#5146)
 * Fix Autotools build with versions of gpgme that no longer provide
   gpgme-config(1) (#5173)
 * Fix regressions in `flatpak history` since 1.9.1
   - Don't display the appstream branch used internally
   - Don't display temporary repositories used internally
   - Ignore transaction log entries with empty REF field
   - Warn instead of failing if other non-app, non-runtime refs are found
   - Don't set up an unnecessary polkit agent for `flatpak history`
   - Add test coverage
 * Fix a typo in an error message
 * Fix incorrect year in NEWS for 1.10.7 release
 * Translation update: pl
 * Add test coverage for Flatpak's seccomp filters

Git-EVTag-v0-SHA512: 8962500582d542dbbc332ba8fe43866bf57f7d18873edba13dfdc83e7eeb67bb4ed4f0d3688f6978cbfad80709ebdfc0f03826b873027936b259f1b1fd0da2f5
    Unverified

  • 1.12.8

    c87d8b25 · Update translation files for 1.12.8 release · 
    flatpak 1.12.8

Security fixes:

* Escape special characters when displaying permissions and metadata,
  preventing malicious apps from manipulating the appearance of the
  permissions list using crafted metadata (CVE-2023-28101).

* If a Flatpak app is run on a Linux virtual console (tty1, tty2, etc.),
  don't allow copy/paste via the TIOCLINUX ioctl (CVE-2023-28100).
  Note that this is specific to virtual consoles: Flatpak is not
  vulnerable to this if run from a graphical terminal emulator such as
  xterm, gnome-terminal or Konsole.

Other bug fixes:

* Update the SELinux module to explicitly permit the system helper have read
  access to /etc/passwd and systemd-userdbd, read and lock access to
  /var/lib/flatpak, and watch files inside $libexecdir
  (#4852, #4855, #4892; Red Hat #2071217, #2071215, #2070741,
  #2053634, #2070350)
* If an app update is blocked by parental controls policies, clean up the
  temporary deploy directory (#5146)
* Fix Autotools build with versions of gpgme that no longer provide
  gpgme-config(1) (#5173)
* Remove some unreachable code (Coverity: CID 1514265)
* Add missing handling for some D-Bus errors

Git-EVTag-v0-SHA512: b8360cfc1de210ab96fd73547a1c6c99e4b75a9baa9485b8edb8b88300524132598f3b645a04b649a67a11f2e51846579f9886e000e7940686f60b6411627103
    Unverified

  • 1.14.4

    8a1edcea · Update translation files for 1.14.4 release · 
    flatpak 1.14.4

Security fixes:

* Escape special characters when displaying permissions and metadata,
  preventing malicious apps from manipulating the appearance of the
  permissions list using crafted metadata (CVE-2023-28101).

* If a Flatpak app is run on a Linux virtual console (tty1, tty2, etc.),
  don't allow copy/paste via the TIOCLINUX ioctl (CVE-2023-28100).
  Note that this is specific to virtual consoles: Flatpak is not
  vulnerable to this if run from a graphical terminal emulator such as
  xterm, gnome-terminal or Konsole.

Other bug fixes:

* Translation update: pl

Git-EVTag-v0-SHA512: a83091c2a471dbb072f231e53ebe24edab3ecfdfd99fdbc6aa2d11a56441fe8117f01a3c6244e83cac7a603273e338309c72e527badf86c4ab2e0c8471a86b8e
    Unverified

  • 1.15.4

    e936e310 · Update translation files for release · 
    flatpak 1.15.4

Security fixes:

* Escape special characters when displaying permissions and metadata,
  preventing malicious apps from manipulating the appearance of the
  permissions list using crafted metadata (CVE-2023-28101).

* If a Flatpak app is run on a Linux virtual console (tty1, tty2, etc.),
  don't allow copy/paste via the TIOCLINUX ioctl (CVE-2023-28100).
  Note that this is specific to virtual consoles: Flatpak is not
  vulnerable to this if run from a graphical terminal emulator such as
  xterm, gnome-terminal or Konsole.

Other bug fixes:

* Document the path used for `flatpak override`
* Translation updates: oc, pl, ru, sv, tr

Git-EVTag-v0-SHA512: da193fee33f3108222ff5e3b48fdd6c41ff5215fd0e556864f597f3a81d521fa794ec1c6918b67c0efe47b9be0a03181d2a1f2ab9910fdb8479d3f5da65372d5
    Unverified

  • debian/1.14.4-1_bpo11+1

    063ce2c8 · Rebuild for bullseye-backports · 
    flatpak release 1.14.4-1~bpo11+1 for bullseye-backports (bullseye-backports)

(maintainer view tag generated by dgit --quilt=unapplied)

[dgit distro=debian split --quilt=unapplied]
    Unverified

  • upstream/1.10.8

    cc87a693 · New upstream version 1.10.8 · 
    Upstream version 1.10.8

  • upstream/1.12.8

    526c9618 · New upstream version 1.12.8 · 
    Upstream version 1.12.8

  • debian/1.15.4-1

    600a94d1 · Release to experimental · 
    flatpak release 1.15.4-1 for experimental (experimental)

(maintainer view tag generated by dgit --quilt=unapplied)

[dgit distro=debian split --quilt=unapplied]
    Unverified

  • debian/1.14.4-1

    9d2b0294 · Release to unstable · 
    flatpak release 1.14.4-1 for unstable (sid)

(maintainer view tag generated by dgit --quilt=unapplied)

[dgit distro=debian split --quilt=unapplied]
    Unverified

  • upstream/1.14.4

    7e4a25f1 · New upstream version 1.14.4 · 
    Upstream version 1.14.4

  • upstream/1.15.4

    358194cb · New upstream version 1.15.4 · 
    Upstream version 1.15.4

  • upstream/1.12.7+git20230315

    ab6a9518 · New upstream version 1.12.7+git20230315 · 
    Upstream version 1.12.7+git20230315

  • upstream/1.10.7+git20230315

    9964cfc5 · New upstream version 1.10.7+git20230315 · 
    Upstream version 1.10.7+git20230315

  • debian/1.14.3-1_bpo11+1

    d96bf441 · Rebuild for bullseye-backports · 
    flatpak release 1.14.3-1~bpo11+1 for bullseye-backports (bullseye-backports)

(maintainer view tag generated by dgit --quilt=unapplied)

[dgit distro=debian split --quilt=unapplied]
    Unverified

  • 1.14.3

    ccafd8c1 · Update translation files for release · 
    flatpak v1.14.3

Bug fixes:

* When splitting an upgrade into two steps (download without installing, and
  then upgrade without allowing further downloads) like GNOME Software does,
  if an app is marked EOL and superseded by a replacement, don't remove the
  superseded app in the first step, which would result in the replacement
  incorrectly not being installed (#5172)
* Fix a crash when `--socket=gpg-agent` is used (#5095)
* Fix a crash when listing apps if one of them is broken or misconfigured
  (#5293)
* If an app has invalid syntax in its overrides or metadata, mention the
  filename in the error message (#5293)
* Unset `$GDK_BACKEND` for apps, ensuring GTK apps with `--socket=fallback-x11`
  can work (#5303)
* Never try to export a parent of reserved directories as a `--filesystem`,
  for example `/run`, which would prevent the app from starting (#5205, #5207)
* Never try to export a `--filesystem` below `/run/flatpak` or `/run/host`,
  which could similarly prevent the app from starting
* The above change also fixes apps not starting if a `--filesystem` is a
  symlink to the root directory (#1357)
* Show a warning when the `--filesystem` exists but cannot be shared with
  the sandbox (#1357, #5035, #5205, #5207)

Git-EVTag-v0-SHA512: c87becc8f0d6650a0904cc46db572ce71f2ec0a2098425caa5ba604d0b4395c160f4760a33b252a29e22fbb2b8db14aefd224721dfb26c536f2db41f781d4d28
    Unverified

  • debian/1.14.3-1

    c5d0879f · Release to unstable · 
    flatpak release 1.14.3-1 for unstable (sid)

(maintainer view tag generated by dgit --quilt=unapplied)

[dgit distro=debian split --quilt=unapplied]
    Unverified

  • upstream/1.14.3

    e8c9c3d5 · New upstream version 1.14.3 · 
    Upstream version 1.14.3

  • 1.15.3

    756994b5 · Prepare v1.15.3 · 
    flatpak 1.15.3

Build system:

* Building this version of Flatpak with Meson is recommended. The source
  release flatpak-1.15.3.tar.xz no longer contains Autotools-generated
  files, although this version can still be built using Autotools after
  running `./autogen.sh`. Future versions are likely to remove the
  Autotools build system.

Bug fixes:

* When splitting an upgrade into two steps (download without installing, and
  then upgrade without allowing further downloads) like GNOME Software does,
  if an app is marked EOL and superseded by a replacement, don't remove the
  superseded app in the first step, which would result in the replacement
  incorrectly not being installed (#5172)
* Fix a crash when --socket=gpg-agent is used (#5095)
* Fix a crash when listing apps if one of them is broken or misconfigured
  (#5293)
* If an app has invalid syntax in its overrides or metadata, mention the
  filename in the error message (#5293)
* Unset $GDK_BACKEND for apps, ensuring GTK apps with --socket=fallback-x11
  can work (#5303)
* Fix a deprecation warning when compiled with curl >= 7.85 (#5284)
* Translation updates: es, ru (#5266, #5312, #5313)

Internal changes:

* Better diagnostic messages for why runtimes are or are not considered
  unused (#5237)

Git-EVTag-v0-SHA512: a440a346d1107375245c3013c6b2d044eb187302bc6e4d1db66ec8c7b1a2353ee5b5edf8779d9378ea5c482619c40f003ccd7a3d9825a45f99ae356ac3db2a16
    Unverified