Overview
Request 659047 accepted
- Update to version 1.0.6:
* This release fixes an issue that lets system-wide installed
applications create setuid root files inside their app dir
(somewhere in /var/lib/flatpak/app). Setuid support is disabled
inside flatpaks, so such files are only a risk if the user runs
them manually outside flatpak. Installing a flatpak system-wide
needs root access, so this isn't a privilege elevation for
non-root users.
* The permissions of the files created by the apply_extra script is
canonicalized and the script itself is run without any capabilities.
* Better matching of existing remotes when the local and remote configuration
differs wrt collection ids.
* New flatpakrepo DeployCollectionID replaces CollectionID, doing the
same thing. It is recommended to use this instead because older versions
of flatpak has bugs in the support of collection ids, and this key
will only be respected in versions where it works.
* The X11 socket is now mounted read-only.
- Mark flatpak.sh as %config and move the systemhelper dbus config
file under /usr
- Remove the flatpak-rpmlintrc file that is no longer needed.
- Make polkit_rules_usability.patch effective by adding a 60- prefix
to the rules file. This will cause it to be executed before the (forwarded request 657831 from alarrosa)
Request History
dimstar created request
- Update to version 1.0.6:
* This release fixes an issue that lets system-wide installed
applications create setuid root files inside their app dir
(somewhere in /var/lib/flatpak/app). Setuid support is disabled
inside flatpaks, so such files are only a risk if the user runs
them manually outside flatpak. Installing a flatpak system-wide
needs root access, so this isn't a privilege elevation for
non-root users.
* The permissions of the files created by the apply_extra script is
canonicalized and the script itself is run without any capabilities.
* Better matching of existing remotes when the local and remote configuration
differs wrt collection ids.
* New flatpakrepo DeployCollectionID replaces CollectionID, doing the
same thing. It is recommended to use this instead because older versions
of flatpak has bugs in the support of collection ids, and this key
will only be respected in versions where it works.
* The X11 socket is now mounted read-only.
- Mark flatpak.sh as %config and move the systemhelper dbus config
file under /usr
- Remove the flatpak-rpmlintrc file that is no longer needed.
- Make polkit_rules_usability.patch effective by adding a 60- prefix
to the rules file. This will cause it to be executed before the (forwarded request 657831 from alarrosa)
factory-auto added opensuse-review-team as a reviewer
Please review sources
factory-auto added repo-checker as a reviewer
Please review build success
factory-auto accepted review
Check script succeeded
staging-bot set openSUSE:Factory:Staging:H as a staging project
Being evaluated by staging project "openSUSE:Factory:Staging:H"
staging-bot accepted review
Picked openSUSE:Factory:Staging:H
jengelh accepted review
repo-checker accepted review
cycle and install check passed
dimstar_suse changed priority to moderate => important
raising priority for openSUSE:Factory:Staging:H
licensedigger accepted review
ok
dimstar_suse accepted review
ready to accept
dimstar_suse approved review
ready to accept
dimstar_suse accepted request
Accept to openSUSE:Factory