gnu: flatpak: Update to 1.14.6 [security fixes].

fixes CVE-2024-32462. see https://nvd.nist.gov/vuln/detail/CVE-2024-32462. * gnu/packages/package-management.scm (flatpak): Update to 1.14.6. [arguments]: Add '--with-curl' [inputs]: Add libcap, polkit, zstd. Use fuse replace fuse-2. * gnu/packages/patches/flatpak-unset-gdk-pixbuf-for-sandbox.patch: Adjust patch. Signed-off-by: Zheng Junjie <zhengjunjie@iscas.ac.cn> Change-Id: Idc9b8159f0d6c6d037852792c0dc284c70c7462e
2024-04-16 15:38:29 +02:00 · 2024-04-16 15:38:29 +02:00 · d115af1bcc
commit d115af1bcc
parent 06a5ff1a41
2 changed files with 12 additions and 5 deletions
--- a/gnu/packages/package-management.scm
+++ b/gnu/packages/package-management.scm
@ -99,6 +99,7 @@
  #:use-module (gnu packages perl)
  #:use-module (gnu packages perl-check)
  #:use-module (gnu packages pkg-config)
+  #:use-module (gnu packages polkit)
  #:use-module (gnu packages popt)
  #:use-module (gnu packages python)
  #:use-module (gnu packages python-build)
@ -2022,14 +2023,14 @@ the boot loader configuration.")
 (define-public flatpak
  (package
    (name "flatpak")
-    (version "1.14.4")
+    (version "1.14.6")
    (source
     (origin
       (method url-fetch)
       (uri (string-append "https://github.com/flatpak/flatpak/releases/download/"
                           version "/flatpak-" version ".tar.xz"))
       (sha256
-        (base32 "16b7f7n2mms6zgm0lj3fn86ny11xjn8cd3mrk1slwhvwnv8dnd4a"))
+        (base32 "0ij93vl9skcfdfgkmgd80q0q4c6q39dss4rds7phxizqqsr3d3sk"))
       (patches
        (search-patches "flatpak-fix-path.patch"
                        "flatpak-unset-gdk-pixbuf-for-sandbox.patch"))))
@ -2042,6 +2043,7 @@ the boot loader configuration.")
     (list
      #:configure-flags
      #~(list
+         "--with-curl"
         "--enable-documentation=no" ;; FIXME
         "--enable-system-helper=no"
         "--localstatedir=/var"
@ -2105,19 +2107,22 @@ cp -r /tmp/locale/*/en_US.*")))
           bubblewrap
           curl
           dconf
-           fuse-2
+           fuse
           gdk-pixbuf
           gpgme
           json-glib
           libarchive
+           libcap
           libostree
           libseccomp
           libsoup-minimal-2
           libxau
           libxml2
           p11-kit
+           polkit
           util-linux
-           xdg-dbus-proxy))
+           xdg-dbus-proxy
+           zstd))
    (propagated-inputs (list glib-networking gnupg gsettings-desktop-schemas))
    (home-page "https://flatpak.org")
    (synopsis "System for building, distributing, and running sandboxed desktop
--- a/gnu/packages/patches/flatpak-unset-gdk-pixbuf-for-sandbox.patch
+++ b/gnu/packages/patches/flatpak-unset-gdk-pixbuf-for-sandbox.patch
@ -9,11 +9,13 @@ of host system.

 --- a/common/flatpak-run.c
 +++ b/common/flatpak-run.c
-@@ -1900,6 +1900,7 @@ static const ExportData default_exports[] = {
+@@ -1900,8 +1900,9 @@ static const ExportData default_exports[] = {
   {"XKB_CONFIG_ROOT", NULL},
   {"GIO_EXTRA_MODULES", NULL},
   {"GDK_BACKEND", NULL},
 +  {"GDK_PIXBUF_MODULE_FILE", NULL},
+   {"VK_DRIVER_FILES", NULL},
+   {"VK_ICD_FILENAMES", NULL},
 };
 
 static const ExportData no_ld_so_cache_exports[] = {