diff options
author | Daniel Ziltener <dziltener@lyrion.ch> | 2024-04-16 15:38:29 +0200 |
---|---|---|
committer | Zheng Junjie <zhengjunjie@iscas.ac.cn> | 2024-04-24 10:22:33 +0800 |
commit | d115af1bcc48f07a40dafd94d1d00926d446d068 (patch) | |
tree | 74b81ed15ae831cdb2009df29982013c37af2a6e | |
parent | 06a5ff1a41c26ff5985b861c52385faea4d5da8e (diff) | |
download | guix-d115af1bcc48f07a40dafd94d1d00926d446d068.tar.gz guix-d115af1bcc48f07a40dafd94d1d00926d446d068.zip |
gnu: flatpak: Update to 1.14.6 [security fixes].
fixes CVE-2024-32462. see https://nvd.nist.gov/vuln/detail/CVE-2024-32462.
* gnu/packages/package-management.scm (flatpak): Update to 1.14.6.
[arguments]: Add '--with-curl'
[inputs]: Add libcap, polkit, zstd. Use fuse replace fuse-2.
* gnu/packages/patches/flatpak-unset-gdk-pixbuf-for-sandbox.patch: Adjust patch.
Signed-off-by: Zheng Junjie <zhengjunjie@iscas.ac.cn>
Change-Id: Idc9b8159f0d6c6d037852792c0dc284c70c7462e
-rw-r--r-- | gnu/packages/package-management.scm | 13 | ||||
-rw-r--r-- | gnu/packages/patches/flatpak-unset-gdk-pixbuf-for-sandbox.patch | 4 |
2 files changed, 12 insertions, 5 deletions
diff --git a/gnu/packages/package-management.scm b/gnu/packages/package-management.scm index e753723dad..1eea7e0d08 100644 --- a/gnu/packages/package-management.scm +++ b/gnu/packages/package-management.scm @@ -99,6 +99,7 @@ #:use-module (gnu packages perl) #:use-module (gnu packages perl-check) #:use-module (gnu packages pkg-config) + #:use-module (gnu packages polkit) #:use-module (gnu packages popt) #:use-module (gnu packages python) #:use-module (gnu packages python-build) @@ -2022,14 +2023,14 @@ the boot loader configuration.") (define-public flatpak (package (name "flatpak") - (version "1.14.4") + (version "1.14.6") (source (origin (method url-fetch) (uri (string-append "https://github.com/flatpak/flatpak/releases/download/" version "/flatpak-" version ".tar.xz")) (sha256 - (base32 "16b7f7n2mms6zgm0lj3fn86ny11xjn8cd3mrk1slwhvwnv8dnd4a")) + (base32 "0ij93vl9skcfdfgkmgd80q0q4c6q39dss4rds7phxizqqsr3d3sk")) (patches (search-patches "flatpak-fix-path.patch" "flatpak-unset-gdk-pixbuf-for-sandbox.patch")))) @@ -2042,6 +2043,7 @@ the boot loader configuration.") (list #:configure-flags #~(list + "--with-curl" "--enable-documentation=no" ;; FIXME "--enable-system-helper=no" "--localstatedir=/var" @@ -2105,19 +2107,22 @@ cp -r /tmp/locale/*/en_US.*"))) bubblewrap curl dconf - fuse-2 + fuse gdk-pixbuf gpgme json-glib libarchive + libcap libostree libseccomp libsoup-minimal-2 libxau libxml2 p11-kit + polkit util-linux - xdg-dbus-proxy)) + xdg-dbus-proxy + zstd)) (propagated-inputs (list glib-networking gnupg gsettings-desktop-schemas)) (home-page "https://flatpak.org") (synopsis "System for building, distributing, and running sandboxed desktop diff --git a/gnu/packages/patches/flatpak-unset-gdk-pixbuf-for-sandbox.patch b/gnu/packages/patches/flatpak-unset-gdk-pixbuf-for-sandbox.patch index bf9c487ba8..7773b11f7e 100644 --- a/gnu/packages/patches/flatpak-unset-gdk-pixbuf-for-sandbox.patch +++ b/gnu/packages/patches/flatpak-unset-gdk-pixbuf-for-sandbox.patch @@ -9,11 +9,13 @@ of host system. --- a/common/flatpak-run.c +++ b/common/flatpak-run.c -@@ -1900,6 +1900,7 @@ static const ExportData default_exports[] = { +@@ -1900,8 +1900,9 @@ static const ExportData default_exports[] = { {"XKB_CONFIG_ROOT", NULL}, {"GIO_EXTRA_MODULES", NULL}, {"GDK_BACKEND", NULL}, + {"GDK_PIXBUF_MODULE_FILE", NULL}, + {"VK_DRIVER_FILES", NULL}, + {"VK_ICD_FILENAMES", NULL}, }; static const ExportData no_ld_so_cache_exports[] = { |