From patchwork Fri May 10 05:43:57 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Markus Volk X-Patchwork-Id: 43450 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7CD71C25B10 for ; Fri, 10 May 2024 05:43:41 +0000 (UTC) Received: from mailout01.t-online.de (mailout01.t-online.de [194.25.134.80]) by mx.groups.io with SMTP id smtpd.web10.6152.1715319819635537655 for ; Thu, 09 May 2024 22:43:39 -0700 Authentication-Results: mx.groups.io; dkim=none (message not signed); spf=pass (domain: t-online.de, ip: 194.25.134.80, mailfrom: f_l_k@t-online.de) Received: from fwd89.aul.t-online.de (fwd89.aul.t-online.de [10.223.144.115]) by mailout01.t-online.de (Postfix) with SMTP id E7FD32E681 for ; Fri, 10 May 2024 07:43:37 +0200 (CEST) Received: from intel-corei7-64.fritz.box ([79.219.232.205]) by fwd89.t-online.de with (TLSv1.3:TLS_AES_256_GCM_SHA384 encrypted) esmtp id 1s5J2f-0fxbiD0; Fri, 10 May 2024 07:43:37 +0200 From: Markus Volk To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][PATCH 1/4] flatpak: update 1.15.6 -> 1.15.8 Date: Fri, 10 May 2024 07:43:57 +0200 Message-ID: <20240510054400.3796092-1-f_l_k@t-online.de> X-Mailer: git-send-email 2.44.0 MIME-Version: 1.0 X-TOI-EXPURGATEID: 150726::1715319817-26FFADFC-2441BF9D/0/0 CLEAN NORMAL X-TOI-MSGID: 035b3b51-14aa-4787-80ea-ecf9bfd40886 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 10 May 2024 05:43:41 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/110304 - remove included patches - set path for fusermount3 to avoid requirement for fuse3-native. This is needed since: https://github.com/flatpak/flatpak/commit/2cb17b4eb82ecedaa98b5b7f954cf3e52fa95682 Changes in 1.15.8 ~~~~~~~~~~~~~~~~~ Security fixes: * Don't allow an executable name to be misinterpreted as a command-line option for bwrap(1). This prevents a sandbox escape where a malicious or compromised app could ask xdg-desktop-portal to generate a .desktop file with access to files outside the sandbox. (CVE-2024-32462) Other bug fixes: * Pass the -export-dynamic linker option as -Wl,-export-dynamic, fixing build failures with clang 18 and lld 18 (#5760) * Fix a double-free when installation is cancelled (#5763) * Fix installed-tests failure with "FUSERMOUNT: unbound variable" (#5751) * Translation updates: pt_BR (#5762), tr (#5761) Changes in 1.15.7 ~~~~~~~~~~~~~~~~~ Released: 2024-03-27 Dependencies: * The Meson build system is now required. Compiling with Autotools is no longer possible. * In distributions that compile Flatpak to use a separate bubblewrap (bwrap) executable, version 0.9.0 is recommended. Several of the bug fixes listed below will not be active if an older version is used. * In distributions that compile Flatpak to use a separate xdg-dbus-proxy executable, version 0.1.5 is recommended. * If libmalcontent (parental controls) is enabled, it must be version 0.5.0 or later. New features: * Automatically remove obsolete driver versions and other autopruned refs (#5632) * `--socket=inherit-wayland-socket` (#5614) * Automatically reload D-Bus session bus configuration after installing or upgrading apps, to pick up any exported D-Bus services (#3342) Bug fixes: * Update included copy of bubblewrap to version 0.9.0: * `--symlink` is now idempotent, meaning it succeeds if the symlink already exists and already has the desired target (#2387, #3477, #5255) * Report a better error message if `mount(2)` fails with `ENOSPC` * Fix a double-close on error reading from `--args`, `--seccomp` or `--add-seccomp-fd` argument * Improve memory allocation behaviour * Silence various compiler warnings * Update included copy of bubblewrap to version 0.1.5: * Fix handling of long object paths * Don't parse `` as the application name (#5700) * Don't refuse to start apps when there is no D-Bus system bus available (#5076) * Don't try to repeat migration of apps whose data was migrated to a new name and then deleted (#5668) * Improve handling of mixed locales on systems with systemd-localed (#5497) * Improve display of ellipsized columns in wide terminals (#5722) * Make `flatpak info -e` look for extensions in all installations (#5670) * Fix warnings from newer GLib versions (#5660, #5737) * Always set the `container` environment variable (#5610) * Always let the app inherit redirected file descriptors (#5626) * In `flatpak ps`, add xdg-desktop-portal-gnome to the list of backends we'll use to learn which apps are running in the background (#5729) * Don't use `WAYLAND_SOCKET` unless given `--socket=inherit-wayland-socket` (#5614) * Use `fusermount3` if compiled with FUSE 3, overridable with `-Dsystem_fusermount` compile-time option (#5104) * Avoid leaking a temporary variable from /etc/profile.d/flatpak.sh into the shell environment (#5574) * Improve async-signal safety (#5687) * Fix various memory leaks (#5683, #5690, #5691) * Avoid undefined behaviour of signed left-shift when storing object IDs in a hash table (#5738) * Detect the correct gtk-doc when cross-compiling (#5650) * Detect the correct wayland-scanner when cross-compiling (#5596) * Documentation improvements (#5659, #5677, #5682, #5664, #5719) * Skip more tests when FUSE isn't available (#5611) * Translation updates (#5602, #5707) Signed-off-by: Markus Volk --- ...d-require-for-native-wayland-scanner.patch | 28 ---------------- ...01-meson.build-require-native-gtkdoc.patch | 33 ------------------- .../{flatpak_1.15.6.bb => flatpak_1.15.8.bb} | 6 ++-- 3 files changed, 3 insertions(+), 64 deletions(-) delete mode 100644 meta-oe/recipes-extended/flatpak/flatpak/0001-meson.build-require-for-native-wayland-scanner.patch delete mode 100644 meta-oe/recipes-extended/flatpak/flatpak/0001-meson.build-require-native-gtkdoc.patch rename meta-oe/recipes-extended/flatpak/{flatpak_1.15.6.bb => flatpak_1.15.8.bb} (92%) diff --git a/meta-oe/recipes-extended/flatpak/flatpak/0001-meson.build-require-for-native-wayland-scanner.patch b/meta-oe/recipes-extended/flatpak/flatpak/0001-meson.build-require-for-native-wayland-scanner.patch deleted file mode 100644 index b076a3fff..000000000 --- a/meta-oe/recipes-extended/flatpak/flatpak/0001-meson.build-require-for-native-wayland-scanner.patch +++ /dev/null @@ -1,28 +0,0 @@ -From ced2e933cf647874da4baff002e0987b9bfe5fac Mon Sep 17 00:00:00 2001 -From: Markus Volk -Date: Sat, 18 Nov 2023 15:07:49 +0100 -Subject: [PATCH] meson.build: require for native wayland-scanner - -Signed-off-by: Markus Volk - -Upstream-Status: Submitted [https://github.com/flatpak/flatpak/pull/5596] ---- - meson.build | 4 ++-- - 1 file changed, 1 insertions(+), 1 deletions(-) - -diff --git a/meson.build b/meson.build -index f4e5b3a3..5d2f9eba 100644 ---- a/meson.build -+++ b/meson.build -@@ -207,7 +207,7 @@ gtkdoc_dep = dependency('gtk-doc', required : get_option('gtkdoc')) - build_gtk_doc = gtkdoc_dep.found() - - wayland_client = dependency('wayland-client', required : get_option('wayland_security_context')) --wayland_scanner = dependency('wayland-scanner', version : '>= 1.15', required : get_option('wayland_security_context')) -+wayland_scanner = dependency('wayland-scanner', version : '>= 1.15', required : get_option('wayland_security_context'), native : true) - wayland_protocols = dependency('wayland-protocols', version : '>= 1.32', required : get_option('wayland_security_context')) - build_wayland_security_context = wayland_client.found() and wayland_scanner.found() and wayland_protocols.found() - --- -2.42.0 - diff --git a/meta-oe/recipes-extended/flatpak/flatpak/0001-meson.build-require-native-gtkdoc.patch b/meta-oe/recipes-extended/flatpak/flatpak/0001-meson.build-require-native-gtkdoc.patch deleted file mode 100644 index 77b60ec98..000000000 --- a/meta-oe/recipes-extended/flatpak/flatpak/0001-meson.build-require-native-gtkdoc.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 49737b1e4a74c77a8cd7ae727974d68503da087f Mon Sep 17 00:00:00 2001 -From: Markus Volk -Date: Fri, 12 Jan 2024 13:52:08 +0100 -Subject: [PATCH] meson.build: require native gtkdoc - -this fixes: -| Run-time dependency gtk-doc found: NO (tried pkgconfig) -| -| ../git/meson.build:206:13: ERROR: Dependency "gtk-doc" not found, tried pkgconfig - -Upstream-Status: Submitted [https://github.com/flatpak/flatpak/pull/5650/commits/e5de3e46b917f830d7f81e9db6ed2a9b7d7db942] - -Signed-off-by: Markus Volk ---- - meson.build | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/meson.build b/meson.build -index f7f9372d..dccc3eb4 100644 ---- a/meson.build -+++ b/meson.build -@@ -203,7 +203,7 @@ appstream_dep = dependency('appstream', version : '>=0.12.0') - gdk_pixbuf_dep = dependency('gdk-pixbuf-2.0') - libseccomp_dep = dependency('libseccomp', required : get_option('seccomp')) - gir_dep = dependency('gobject-introspection-1.0', version : '>=1.40.0', required : get_option('gir')) --gtkdoc_dep = dependency('gtk-doc', required : get_option('gtkdoc')) -+gtkdoc_dep = dependency('gtk-doc', required : get_option('gtkdoc'), native : true) - build_gtk_doc = gtkdoc_dep.found() - - wayland_client = dependency('wayland-client', required : get_option('wayland_security_context')) --- -2.43.0 - diff --git a/meta-oe/recipes-extended/flatpak/flatpak_1.15.6.bb b/meta-oe/recipes-extended/flatpak/flatpak_1.15.8.bb similarity index 92% rename from meta-oe/recipes-extended/flatpak/flatpak_1.15.6.bb rename to meta-oe/recipes-extended/flatpak/flatpak_1.15.8.bb index 97e57c13d..8719d3ef0 100644 --- a/meta-oe/recipes-extended/flatpak/flatpak_1.15.6.bb +++ b/meta-oe/recipes-extended/flatpak/flatpak_1.15.8.bb @@ -6,11 +6,9 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c" SRC_URI = " \ gitsm://github.com/flatpak/flatpak;protocol=https;branch=main \ file://0001-flatpak-pc-add-pc_sysrootdir.patch \ - file://0001-meson.build-require-for-native-wayland-scanner.patch \ - file://0001-meson.build-require-native-gtkdoc.patch \ " -SRCREV = "27b11b93c2a80a91c9461bc6c7f5e9a201406041" +SRCREV = "925c80f913d69e7ca424428823e1431c4ffb0deb" S = "${WORKDIR}/git" @@ -66,6 +64,8 @@ PACKAGECONFIG ?= " \ ${@bb.utils.contains('DISTRO_FEATURES', 'wayland', 'wayland-security-context', '', d)} \ " +EXTRA_OEMESON = "-Dsystem_fusermount=${bindir}/fusermount3" + FILES:${PN} += "${libdir} ${datadir}" USERADD_PACKAGES = "${PN}" From patchwork Fri May 10 05:43:58 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Markus Volk X-Patchwork-Id: 43451 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6507CC25B4F for ; Fri, 10 May 2024 05:43:51 +0000 (UTC) Received: from mailout03.t-online.de (mailout03.t-online.de [194.25.134.81]) by mx.groups.io with SMTP id smtpd.web11.5969.1715319821317058206 for ; Thu, 09 May 2024 22:43:41 -0700 Authentication-Results: mx.groups.io; dkim=none (message not signed); spf=pass (domain: t-online.de, ip: 194.25.134.81, mailfrom: f_l_k@t-online.de) Received: from fwd89.aul.t-online.de (fwd89.aul.t-online.de [10.223.144.115]) by mailout03.t-online.de (Postfix) with SMTP id 409B83CD1 for ; Fri, 10 May 2024 07:43:39 +0200 (CEST) Received: from intel-corei7-64.fritz.box ([79.219.232.205]) by fwd89.t-online.de with (TLSv1.3:TLS_AES_256_GCM_SHA384 encrypted) esmtp id 1s5J2f-0fxbiE0; Fri, 10 May 2024 07:43:37 +0200 From: Markus Volk To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][PATCH 2/4] xdg-desktop-portal: update 1.18.1 -> 1.18.4 Date: Fri, 10 May 2024 07:43:58 +0200 Message-ID: <20240510054400.3796092-2-f_l_k@t-online.de> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240510054400.3796092-1-f_l_k@t-online.de> References: <20240510054400.3796092-1-f_l_k@t-online.de> MIME-Version: 1.0 X-TOI-EXPURGATEID: 150726::1715319817-26FFADFC-3F59720D/0/0 CLEAN NORMAL X-TOI-MSGID: 25b7dc16-fa2f-49c0-b628-963174793102 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 10 May 2024 05:43:51 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/110305 Changes in 1.18.4 ================= Released: 2024-04-18 - Don't allow commandline arrays when the first commandline item starts with whitespace or hyphen. (CVE-2024-32462) - Do not store device access permission if it returned an error. - Fix crash with config files without a default backend set. Changes in 1.18.3 ================= Released: 2024-04-04 - Don't try to read D-Bus object properties of Request objects on construction. - Fix various memory and file descriptor leaks. - Minuscule optimization to the ScreenCast portal so that it stores restoration data with a single D-Bus call, instead of two. - Fix a crash in the OpenURI file when trying to open a non-existing file. - Various smaller bug fixes. Changes in 1.18.2 ================= Released: 2023-11-22 - Pass the token to the OpenURI portal and, when missing, an empty string. - Fix various memory and file descriptor leaks in the Document portal. - Make files and folders openend with the Document portal close properly. This should fix cases where the Document portal prevented external devices from unmounting, due to files inside them not getting closed after applications stop using them. - Implement FUSE getlk and setlk callbacks.This should enable using sqlite3 through the Document portal. - Properly resolve fd symlinks before opening them with O_NOFOLLOW. - Fix cases where the portal id is assumed to match the .desktop file name. - Allow sending directories in the file transfer portal. This should make it possible to, among other things, drag and drop folders and files simultaneously from and to sandboxed applications. - Fallback to a hardcoded check to xdg-desktop-portal-gtk in the absence of any other portal or configuration file, as a last resort mechanism. - Various smaller fixes to the build system. Signed-off-by: Markus Volk --- ...-desktop-portal_1.18.1.bb => xdg-desktop-portal_1.18.4.bb} | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) rename meta-oe/recipes-support/xdg-desktop-portal/{xdg-desktop-portal_1.18.1.bb => xdg-desktop-portal_1.18.4.bb} (93%) diff --git a/meta-oe/recipes-support/xdg-desktop-portal/xdg-desktop-portal_1.18.1.bb b/meta-oe/recipes-support/xdg-desktop-portal/xdg-desktop-portal_1.18.4.bb similarity index 93% rename from meta-oe/recipes-support/xdg-desktop-portal/xdg-desktop-portal_1.18.1.bb rename to meta-oe/recipes-support/xdg-desktop-portal/xdg-desktop-portal_1.18.4.bb index 0aa872428..8161ed160 100644 --- a/meta-oe/recipes-support/xdg-desktop-portal/xdg-desktop-portal_1.18.1.bb +++ b/meta-oe/recipes-support/xdg-desktop-portal/xdg-desktop-portal_1.18.4.bb @@ -27,12 +27,12 @@ RDEPENDS:${PN} = "bubblewrap rtkit ${PORTAL_BACKENDS}" inherit meson pkgconfig python3native features_check SRC_URI = " \ - git://github.com/flatpak/xdg-desktop-portal.git;protocol=https;branch=main \ + git://github.com/flatpak/xdg-desktop-portal.git;protocol=https;branch=xdg-desktop-portal-1.18 \ file://0001-meson.build-add-a-hack-for-crosscompile.patch \ " S = "${WORKDIR}/git" -SRCREV = "37a6f7c8b8e08b9861f05e172cd4e0d07a832c4d" +SRCREV = "11c8a96b147aeae70e3f770313f93b367d53fedd" FILES:${PN} += "${libdir}/systemd ${datadir}/dbus-1"