aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Ziltener <dziltener@lyrion.ch>2024-04-16 15:38:29 +0200
committerZheng Junjie <zhengjunjie@iscas.ac.cn>2024-04-24 10:22:33 +0800
commitd115af1bcc48f07a40dafd94d1d00926d446d068 (patch)
tree74b81ed15ae831cdb2009df29982013c37af2a6e
parent06a5ff1a41c26ff5985b861c52385faea4d5da8e (diff)
downloadguix-d115af1bcc48f07a40dafd94d1d00926d446d068.tar.gz
guix-d115af1bcc48f07a40dafd94d1d00926d446d068.zip
gnu: flatpak: Update to 1.14.6 [security fixes].
fixes CVE-2024-32462. see https://nvd.nist.gov/vuln/detail/CVE-2024-32462. * gnu/packages/package-management.scm (flatpak): Update to 1.14.6. [arguments]: Add '--with-curl' [inputs]: Add libcap, polkit, zstd. Use fuse replace fuse-2. * gnu/packages/patches/flatpak-unset-gdk-pixbuf-for-sandbox.patch: Adjust patch. Signed-off-by: Zheng Junjie <zhengjunjie@iscas.ac.cn> Change-Id: Idc9b8159f0d6c6d037852792c0dc284c70c7462e
-rw-r--r--gnu/packages/package-management.scm13
-rw-r--r--gnu/packages/patches/flatpak-unset-gdk-pixbuf-for-sandbox.patch4
2 files changed, 12 insertions, 5 deletions
diff --git a/gnu/packages/package-management.scm b/gnu/packages/package-management.scm
index e753723dad..1eea7e0d08 100644
--- a/gnu/packages/package-management.scm
+++ b/gnu/packages/package-management.scm
@@ -99,6 +99,7 @@
#:use-module (gnu packages perl)
#:use-module (gnu packages perl-check)
#:use-module (gnu packages pkg-config)
+ #:use-module (gnu packages polkit)
#:use-module (gnu packages popt)
#:use-module (gnu packages python)
#:use-module (gnu packages python-build)
@@ -2022,14 +2023,14 @@ the boot loader configuration.")
(define-public flatpak
(package
(name "flatpak")
- (version "1.14.4")
+ (version "1.14.6")
(source
(origin
(method url-fetch)
(uri (string-append "https://github.com/flatpak/flatpak/releases/download/"
version "/flatpak-" version ".tar.xz"))
(sha256
- (base32 "16b7f7n2mms6zgm0lj3fn86ny11xjn8cd3mrk1slwhvwnv8dnd4a"))
+ (base32 "0ij93vl9skcfdfgkmgd80q0q4c6q39dss4rds7phxizqqsr3d3sk"))
(patches
(search-patches "flatpak-fix-path.patch"
"flatpak-unset-gdk-pixbuf-for-sandbox.patch"))))
@@ -2042,6 +2043,7 @@ the boot loader configuration.")
(list
#:configure-flags
#~(list
+ "--with-curl"
"--enable-documentation=no" ;; FIXME
"--enable-system-helper=no"
"--localstatedir=/var"
@@ -2105,19 +2107,22 @@ cp -r /tmp/locale/*/en_US.*")))
bubblewrap
curl
dconf
- fuse-2
+ fuse
gdk-pixbuf
gpgme
json-glib
libarchive
+ libcap
libostree
libseccomp
libsoup-minimal-2
libxau
libxml2
p11-kit
+ polkit
util-linux
- xdg-dbus-proxy))
+ xdg-dbus-proxy
+ zstd))
(propagated-inputs (list glib-networking gnupg gsettings-desktop-schemas))
(home-page "https://flatpak.org")
(synopsis "System for building, distributing, and running sandboxed desktop
diff --git a/gnu/packages/patches/flatpak-unset-gdk-pixbuf-for-sandbox.patch b/gnu/packages/patches/flatpak-unset-gdk-pixbuf-for-sandbox.patch
index bf9c487ba8..7773b11f7e 100644
--- a/gnu/packages/patches/flatpak-unset-gdk-pixbuf-for-sandbox.patch
+++ b/gnu/packages/patches/flatpak-unset-gdk-pixbuf-for-sandbox.patch
@@ -9,11 +9,13 @@ of host system.
--- a/common/flatpak-run.c
+++ b/common/flatpak-run.c
-@@ -1900,6 +1900,7 @@ static const ExportData default_exports[] = {
+@@ -1900,8 +1900,9 @@ static const ExportData default_exports[] = {
{"XKB_CONFIG_ROOT", NULL},
{"GIO_EXTRA_MODULES", NULL},
{"GDK_BACKEND", NULL},
+ {"GDK_PIXBUF_MODULE_FILE", NULL},
+ {"VK_DRIVER_FILES", NULL},
+ {"VK_ICD_FILENAMES", NULL},
};
static const ExportData no_ld_so_cache_exports[] = {