mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-05-31 13:20:03 +00:00
Code Issues Projects Releases Wiki Activity

flatpak: upgrade 1.17.3 -> 1.17.6

Browse Source 
Contains fixes for CVE-2026-34078 and CVE-2026-34079

Add explicit CVE_STATUS tags for these CVEs, because they are tracked
without version info by NVD at this time.

Changelog:
17.6:
Bug fixes:
- Fix the remaining regression for Chromium based browsers by not leaking file
  descriptors down to wrapped command
- Fix a regression when installing extra-data without a runtime, which is the
  case for openh264
- Fix the remaining regression for Epiphany by ignoring unusable sandbox-expose
  paths for sub-sandboxes in the portal
- Fix the installed tests by allowing to add a new ref to an existing temporary
  ostree repo
- Avoid closing fds 0/1/2 when they are used as a bad argument to flatpak-run,
  and reduce duplication in handling file descriptor arguments

Enhancements:
- Disable auto-pin in flatpak-repair to preserve the pin state across
  re-installs
- Small improvements for the tests

17.5:
Bug fixes:
- Fix regressions caused by the sandbox escape security fix, which impact some
  browsers, browser-based apps and Steam (#6577, #6569, #6576, #6574)

Enhancements:
- Expand test coverage of flatpak-run features used by flatpak-portal (#6573)

17.4:
Security fixes:
- Fix a complete sandbox escape which leads to host file access and code
  execution in the host context (CVE-2026-34078)
- Prevent arbitrary file deletion on the host filesystem (CVE-2026-34079)
- Prevent arbitrary read-access to files in the system-helper context
  (GHSA-2fxp-43j9-pwvc)
- Prevent orphaning cross-user pull operations (GHSA-89xm-3m96-w3jg)

Enhancements:
- Enable ntsync unconditionally
- Automatic branch following for extensions to ensure that "no-autodownload"
  extensions stay functional after an update that requires a new branch
- Translation updates: eo, kk, sr, zh_CN

Bug fixes:
- Prevent CPR sequence from showing up in the terminal
- Fix a crash for apps/runtimes with multiarch permission
- Fixes for Coverity warnings
- Add test-preinstall.sh to the test matrix source
- Fix a test message to refer to "systemd-localed" instead of "located"

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
This commit is contained in:
Gyorgy Sarvari
2026-04-13 20:02:23 +02:00
committed by Khem Raj
parent 85f7185fec
commit 15b3c0f141
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-oe/recipes-extended/flatpak/flatpak_1.17.3.bb → meta-oe/recipes-extended/flatpak/flatpak_1.17.6.bb
+4 -1
View File
@@ -8,7 +8,7 @@ SRC_URI = " \
file://0001-flatpak-pc-add-pc_sysrootdir.patch \
"
SRCREV = "13b26a94a3bd6fec309a16982a3a80d83776d7ac"
SRCREV = "9b21874f1a175a9b7c79175a221fa043e202ca73"
inherit meson pkgconfig gettext systemd gtk-doc gobject-introspection python3native mime features_check useradd
@@ -76,3 +76,6 @@ USERADD_PACKAGES = "${PN}"
USERADD_PARAM:${PN} = "--system --no-create-home --user-group --shell /sbin/nologin flatpak"
FILES:${PN} += "${libdir} ${datadir}"
CVE_STATUS[CVE-2026-34078] = "fixed-version: fixed in v1.17.4"
CVE_STATUS[CVE-2026-34079] = "fixed-version: fixed in v1.17.4"