Announce: Flatpak 0.8.2 (security update)
Alexander Larsson
alexl at redhat.com
Fri Jan 27 10:48:50 UTC 2017
Available here:
https://github.com/flatpak/flatpak/releases/tag/0.8.2
$ sha256sum flatpak-0.8.2.tar.xz
2d9372f3d37374c14cbd55eac21ac3093c72bb7548b5fd0fac99a2bff85d8490 flatpak-0.8.2.tar.xz
Major changes in 0.8.2
======================
This is a bugfix and security update.
Some of the bind-mounts that flatpak sets up were not read-only as
they should have. This includes: extensions, system fonts,
resolv.conf, localtime and machine-id. Many of thse are typically only
writable by root, but some, like the user-specific fonts and
user-installed extensions could be modified from the sandbox.
Everyone using 0.8.x is recommended to update to this version.
Other fixes:
* There are new configure options for where to install dbus
configuration
* Broken symlinks in the root directory no longer break flatpak run
* flatpak run with HOME in /var now works
* dri access now also handles mali devices
* install handles --arch when installing flatpakrefs
* system-helper activation fixed on systemd-less setups
* dbus-proxy now works without /run
* During installation, failing to update a dependency is now not
fatal.
* /etc is now fully writable when building runtimes
* --filesystem=xdg-config/foo now sets up the bind-mount from the
host dir even when not using :create.
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Alexander Larsson Red Hat, Inc
alexl at redhat.com alexander.larsson at gmail.com
He's a fast talking Jewish messiah with a mysterious suitcase handcuffed
to his arm. She's a radical antique-collecting mechanic who dreams of
becoming Elvis. They fight crime!
More information about the xdg-app
mailing list