diff options
| author | Thomas Gerbet <thomas@gerbet.me> | 2022-01-27 19:09:28 +0100 |
|---|---|---|
| committer | github-actions[bot] <github-actions[bot]@users.noreply.github.com> | 2022-01-27 22:01:57 +0000 |
| commit | b1c3374bf4063e5565aeca248c116368150e18bb (patch) | |
| tree | fdf089a5a6ed8cafea24f88048901422936c901f | |
| parent | Merge pull request #157057 from NixOS/backport-156857-to-release-21.11 (diff) | |
| download | nixpkgs-origin/backport-157036-to-release-21.11.tar.gz | |
flatpak: 1.12.2 -> 1.12.4origin/backport-157036-to-release-21.11
Fixes CVE-2021-43860 and CVE-2022-21682
Changes:
https://github.com/flatpak/flatpak/releases/tag/1.12.4
https://github.com/flatpak/flatpak/releases/tag/1.12.3
Security advisories:
https://github.com/flatpak/flatpak/security/advisories/GHSA-qpjc-vq3c-572j
https://github.com/flatpak/flatpak/security/advisories/GHSA-8ch7-5j3h-g4fx
(cherry picked from commit a4f05760dc80d89905c29e958e9464c536afbac8)
| -rw-r--r-- | nixos/tests/installed-tests/flatpak.nix | 1 | ||||
| -rw-r--r-- | pkgs/development/libraries/flatpak/default.nix | 12 |
2 files changed, 3 insertions, 10 deletions
diff --git a/nixos/tests/installed-tests/flatpak.nix b/nixos/tests/installed-tests/flatpak.nix index 8aeeaca90f61..c7fe9cf45882 100644 --- a/nixos/tests/installed-tests/flatpak.nix +++ b/nixos/tests/installed-tests/flatpak.nix @@ -6,6 +6,7 @@ makeInstalledTest { testConfig = { xdg.portal.enable = true; + xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-gtk ]; services.flatpak.enable = true; environment.systemPackages = with pkgs; [ gnupg ostree python3 ]; virtualisation.memorySize = 2047; diff --git a/pkgs/development/libraries/flatpak/default.nix b/pkgs/development/libraries/flatpak/default.nix index d03d280204d3..9b8bbed55e97 100644 --- a/pkgs/development/libraries/flatpak/default.nix +++ b/pkgs/development/libraries/flatpak/default.nix @@ -1,6 +1,5 @@ { lib, stdenv , fetchurl -, fetchpatch , autoreconfHook , docbook_xml_dtd_45 , docbook-xsl-nons @@ -54,14 +53,14 @@ stdenv.mkDerivation rec { pname = "flatpak"; - version = "1.12.2"; + version = "1.12.4"; # TODO: split out lib once we figure out what to do with triggerdir outputs = [ "out" "dev" "man" "doc" "devdoc" "installedTests" ]; src = fetchurl { url = "https://github.com/flatpak/flatpak/releases/download/${version}/${pname}-${version}.tar.xz"; - sha256 = "df1eb464f9142c11627f99f04f6a5c02c868bbb145489b8902cb6c105e774b75"; # Taken from https://github.com/flatpak/flatpak/releases/ + sha256 = "792e6265f7f6d71b2a087028472a048287bed2587e43d2eec2c31d360c16211c"; # Taken from https://github.com/flatpak/flatpak/releases/ }; patches = [ @@ -97,13 +96,6 @@ stdenv.mkDerivation rec { # But we want the GDK_PIXBUF_MODULE_FILE from the wrapper affect the icon validator. ./validate-icon-pixbuf.patch - - # Tests don't respect the FLATPAK_BINARY override that was added, this is a workaround. - # https://github.com/flatpak/flatpak/pull/4496 (Can be removed once included). - (fetchpatch { - url = "https://github.com/flatpak/flatpak/commit/96dbe28cfa96e80b23fa1d8072eb36edad41279c.patch"; - sha256 = "1jczk06ymfs98h3nsg245g0jwxvml7wg2x6pb7mrfpsdmrpz2czd"; - }) ]; nativeBuildInputs = [ |