Thank you for the comment. You suspect that problems you are having with Flatpak might be due to our version being out of date.

It looks as if it applies also to Cauldron, so changing the Version accordingly.
 flatpak-1.4.1-1.mga7.src.rpm
 flatpak-1.6.2-1.mga8.src.rpm

Assigning to Neal, the package maintainer.

Version: 7 => Cauldron
Assignee: bugsquad => ngompa13
Source RPM: Flatpak => flatpak-1.4.1-1.mga7.src.rpm, flatpak-1.6.2-1.mga8.src.rpm
Whiteboard: (none) => MGA7TOO

Neal: I forgot to check who owns it. I'm updating it to 1.8.1 in Cauldron. There's a few new BuildRequires.

CC: (none) => olav

That's fine, Olav, but make sure you rebuild GNOME Software and Plasma Discover with the new libflatpak afterward, because despite the "stable" ABI for libflatpak, they tend to randomly crash and fail in odd ways if they aren't rebuilt against new libflatpak. This rule basically only matters when doing minor version upgrades, as patch versions are usually safe.

Oh, and all the portals need to be updated too, since they closely track the interfaces and behaviors of flatpak itself.

The KDE portal and Discover package has warnings not to rebuild it. Seems a bit silly, but I'm going to send a message to dev about that.

please go ahead with this change :-)

CC: (none) => mageia

Thanks! Also, sorry for being a bit harsh here about the instructions. When I linked to the bug I forgot how I wrote that.

Hi!

Since Mageia 8 Beta 1, I have installed Discover and flatpak 1.8.1. I can confirm from here, that the problem I had with the applications: Spotify, Deltachat and Element, has been solved and now they work perfectly.

So the bugs it reported are due to flatpak and its dependencies outdated I guess.

But if you want to use these applications or others without errors in Mageia 7 you will have to update it.

Related: do not forget
Bug 25978 - Package flatpak-tests require flatpak-libs which does not exist

CC: (none) => fri

But, In Mageia 7 I haven't have problems with the flatpak instalation.

The problem is that some applications no works fine because the flatpack version is outdated. I can confirm this, because in Mga8 I haven't this bug installing the same applications.

@Jose,
Have you done

$ flatpak update

in order to update all Frameworks ?


I haven't seen any error with Mageia 8b1.
I haven't mga7 installed on any PC.

I have tried this, appears in konsole:

[jose@localhost ~]$ flatpak update
Looking for updates…
GLib-GIO-Message: 16:36:37.895: Using the 'memory' GSettings backend.  Your settings will not be saved or shared with other applications.
Nothing to do.
[jose@localhost ~]$

The apps Spotify and Element has been installed with discover and in Mageia 7 don't works.

The same apps in Mageia 8 works fine installed from discover.

And doing flatpak update as root too?

Source RPM: flatpak-1.4.1-1.mga7.src.rpm, flatpak-1.6.2-1.mga8.src.rpm => flatpak-1.4.1-1.mga7.src.rpm

(In reply to Jose Manuel López from comment #13)
> I have tried this, appears in konsole:
> 
> [jose@localhost ~]$ flatpak update
> Looking for updates…
> GLib-GIO-Message: 16:36:37.895: Using the 'memory' GSettings backend.  Your
> settings will not be saved or shared with other applications.

This message is odd. I'd expect dconf to be installed and working. Not sure if it's logical due to Flatpak. Normally it would causing all kinds of issues.

It updates here om a mga7, updated including updates testing repos.

[morgan@svarten ~]$ flatpak update
Looking for updates…


        ID                                              Arch         Gren        Remote         Hämta
 1. [✓] org.freedesktop.Platform                        x86_64       19.08       flathub          9,6 MB / 238,5 MB
 2. [✓] org.freedesktop.Platform.Locale                 x86_64       19.08       flathub         16,6 kB / 318,3 MB
 3. [✓] org.signal.Signal                               x86_64       stable      flathub        105,7 MB / 134,9 MB
 4. [✓] org.kde.Platform                                x86_64       5.14        flathub         53,4 MB / 362,5 MB
 5. [✓] org.freedesktop.Platform.GL.default             x86_64       19.08       flathub         23,2 MB / 89,1 MB
 6. [✓] org.freedesktop.Platform.GL.nvidia-430-64       x86_64       1.4         flathub         71,3 MB / 71,8 MB
 7. [✓] org.kde.Platform.Locale                         x86_64       5.14        flathub        255,7 kB / 337,6 MB
 8. [✓] org.qelectrotech.QElectroTech                   x86_64       master      qet-devel        5,2 MB / 16,5 MB

Updates complete.
Info: org.gnome.Platform is end-of-life, with reason: The GNOME 3.32 runtime is no longer supported as of 11th March 2020. Please ask your application developer to migrate to a supported platform.
Info: org.gnome.Platform.Locale is end-of-life, with reason: The GNOME 3.32 runtime is no longer supported as of 11th March 2020. Please ask your application developer to migrate to a supported platform.


        ID                                          Arch           Gren          Remote         Hämta
 1. [✓] org.gnome.Platform                          x86_64         3.36          flathub        40,5 MB / 324,5 MB
 2. [✓] org.gnome.Platform.Locale                   x86_64         3.36          flathub        88,0 kB / 323,0 MB
 3. [✓] org.freedesktop.Platform.GL.default         x86_64         19.08         flathub        23,2 MB / 89,1 MB

Updates complete.


Gotta go now. Will try Spotify later.

Installed spotify: seem to launch OK but silently (in double meaning ;) ) fail to play music.
In termimnal from where i launched it: 
/app/extra/share/spotify/spotify: /app/lib/libcurl-gnutls.so.4: no version information available (required by /app/extra/share/spotify/spotify)
/proc/self/exe: /app/lib/libcurl-gnutls.so.4: no version information available (required by /proc/self/exe)

I have already tried to do everything that is mentioned and the applications do not work in Mageia 7 and the current version of flatpak.

Same conclusion.

Flatpak is broken in Mageia 7. Mageia 8 Cauldron is OK! therefore.

This is same output trying launch Spotify in Mageia 7 (Install is ok).

/app/extra/bin/spotify: /app/lib/libcurl-gnutls.so.4: no version information available (required by /app/extra/bin/spotify)
Gtk-Message: 15:55:39.885: Failed to load module "canberra-gtk-module"
/app/extra/share/spotify/spotify: /app/lib/libcurl-gnutls.so.4: no version information available (required by /app/extra/share/spotify/spotify)
/proc/self/exe: /app/lib/libcurl-gnutls.so.4: no version information available (required by /proc/self/exe)
/proc/self/exe: /app/lib/libcurl-gnutls.so.4: no version information available (required by /proc/self/exe)

Seems there are outdated files. Flatpak 1.8 in M8 is OK. So please update or backport it for our users in M7.

Version: Cauldron => 7
Target Milestone: --- => Mageia 7
Whiteboard: MGA7TOO => Cauldron updated OK
Severity: normal => critical
Priority: Normal => High

Flatpak version of Spotify seems to not have access to Internet.
It complains about Firewall blocking network or bad proxy settings.

But even deactivate shorewall, it has no Internet access.
Therefore, seems there is a bad permission issue, that should be resolved by updating flatpak.

Note that to open the firewall, the command to use is "shorewall clear", not
stopping shorewall.

CC: (none) => davidwhodgins

Yeah Dave,
I already did that way before stopping shorewall.

It seems flatpak app can't have internet access, like if they don't have permission / right to do so.

Hi,
This is High priority bug for a good reason.

Making Mageia even better than ever is best direction.
In order to do right thing, this bug should be examined and fixed as soon as possible.

Packagers, please make the status to Assigned when you are working on this.
Feel free to reassign the bug if bad-triaged. Also, if bug is old, please close it.

On October 1st 2020, we will drop priority to normal.

In Mageia 8 it works properly, it will be necessary to evaluate whether it is corrected for Mageia 7 or already waited for it to leave the Mageia 8 cauldron.

FWIW, trying to install org.chromium.Chromium on mga7 results in:

Error: org.chromium.Chromium needs a later flatpak version
error: Failed to install org.chromium.Chromium: app/org.chromium.Chromium/x86_64/stable needs a later flatpak version (1.8.2)

CC: (none) => dan

Re comments 2-7, 15: @Olav, Neal
That was all back in August. Any advance on this? It is clearly causing angst for Mageia 7 users, who will be around for some time yet.

On this day, M7 Plasma x86_64, fully updated.
$ uname -a
Linux localhost 5.9.16-desktop-1.mga7 #1 SMP Mon Dec 21 16:51:55 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux

$ flatpak --version
Flatpak 1.4.1

$ flatpak install com.spotify.client
Looking for matches…
Found similar ref(s) for ‘com.spotify.client’ in remote ‘flathub’ (system).
Use this remote? [Y/n]: 
Found ref ‘app/com.spotify.Client/x86_64/stable’ in remote ‘flathub’ (system).
Use this ref? [Y/n]: 
Skipping: com.spotify.Client/x86_64/stable is already installed
[aurelien@localhost ~]$ 
[aurelien@localhost ~]$ flatpak run com.spotify.Client
[aurelien@localhost ~]$ /app/extra/bin/spotify: /app/lib/libcurl-gnutls.so.4: no version information available (required by /app/extra/bin/spotify)
[spotifywm] attached to spotify
Gtk-Message: 16:51:08.593: Failed to load module "canberra-gtk-module"
[spotifywm] spotify window found
/app/extra/share/spotify/spotify: /app/lib/libcurl-gnutls.so.4: no version information available (required by /app/extra/share/spotify/spotify)
/app/extra/share/spotify/spotify: /app/lib/libcurl-gnutls.so.4: no version information available (required by /app/extra/share/spotify/spotify)
[spotifywm] attached to spotify
[spotifywm] attached to spotify
[spotifywm] spotify window found
/proc/self/exe: /app/lib/libcurl-gnutls.so.4: no version information available (required by /proc/self/exe)
[spotifywm] spotify window found
[spotifywm] attached to spotify
[spotifywm] spotify window found
[spotifywm] spotify window found

Connecting to my Spotify account is OK!
and I'm able to listen to music.

So, I imagine a fix somewhere in spotify app or under-the-hood frameworks.

Also:
$ flatpak install flathub im.riot.Riot
Looking for matches…

im.riot.Riot permissions:
    ipc       network       pulseaudio       x11       devices      file access [1]      dbus access [2]      bus ownership [3]

    [1] xdg-download, xdg-run/keyring
    [2] org.freedesktop.Notifications, org.freedesktop.portal.Fcitx, org.kde.StatusNotifierWatcher
    [3] org.kde.StatusNotifierItem-2-1


        ID                   Arch           Branch         Remote          Download
 1. [✓] im.riot.Riot         x86_64         stable         flathub         95,1 MB / 95,2 MB

Installation complete.
[aurelien@localhost ~]$ flatpak run im.riot.Riot
/home/aurelien/.var/app/im.riot.Riot/config/Element exists: no
/home/aurelien/.var/app/im.riot.Riot/config/Riot exists: no
Gtk-Message: 17:05:29.911: Failed to load module "canberra-gtk-module"
Starting auto update with base URL: https://packages.riot.im/desktop/update/
Auto update not supported on this platform
Error getting the event index passphrase out of the secret store [Error: org.freedesktop.DBus.Error.ServiceUnknown]

this correctly launches element matrix IRC client.

BUT true about chromium.
$ flatpak install flathub org.chromium.Chromium
Looking for matches…

org.chromium.Chromium permissions:
    ipc             network                 cups                   pulseaudio               wayland                       x11
    devices         file access [1]         dbus access [2]        bus ownership [3]        system dbus access [4]

    [1] home, xdg-run/pipewire-0
    [2] org.freedesktop.FileManager1, org.freedesktop.Notifications, org.freedesktop.secrets, org.gnome.SessionManager
    [3] org.mpris.MediaPlayer2.chromium.*
    [4] org.freedesktop.Avahi, org.freedesktop.UPower


        ID                                     Arch             Branch           Remote            Download
 1. [✗] org.chromium.Chromium                  x86_64           stable           flathub           < 102,8 MB
 2. [ ] org.chromium.Chromium.Codecs           x86_64           stable           flathub             < 1,1 MB
 3. [ ] org.chromium.Chromium.Locale           x86_64           stable           flathub           < 113,6 kB (partial)

Error: org.chromium.Chromium needs a later flatpak version
error: Failed to install org.chromium.Chromium: app/org.chromium.Chromium/x86_64/stable needs a later flatpak version (1.8.2)

So, for M7 we need an updated version.

CC: (none) => ouaurelien

Note that Cauldron/M8 has 1.8.1 version.
https://github.com/flatpak/flatpak/releases:

- 1.8.4 is available

- 1.9.3 (pre 1.10.0) release also with many fix.

Target Milestone: Mageia 7 => Mageia 8
Source RPM: flatpak-1.4.1-1.mga7.src.rpm => flatpak-1.8.1-1.mga8.src.rpm
Status comment: (none) => flatpak-1.4.1-1.mga7.src.rpm
Whiteboard: Cauldron updated OK => MGA7TOO
Version: 7 => Cauldron

I pushed flatpak 1.8.5 (up from 1.8.1) in Cauldron as it fixes atleast one security issue)

https://github.com/flatpak/flatpak/releases/tag/1.8.5

Any 1.8.5 for mga7 testing?

Is it too late to evaluate latest stable 1.10.0 in cauldron?
(which also includes the security fixes)
- I suggest to put in i.e cauldron backport until tested OK

I'm not flatpak maintainer, and the update is done from the last stable branch...
and switching to a new ".0" at this point is not really wise as it can/will affect several packages with no idea of how much will break...

--
Thomas

I will be updating to 1.10.0 because we need support for the new metadata format. I don't know how long older clients will stay working, so changing to the new stable series is important.

(In reply to Thomas Backlund from comment #31)
> switching to a new ".0" at this point

".0" versions normally itches me too, but 1.9 series was the "beta" series, so this is potentially much better off than several other softwares ".0" releases.

1.10 is the new stable and as Neal say, we need to support new software needing this.


And for mga7 we need 1.8.5 (at lest for the security fix)

Debian has issued an advisory for this on January 14:
https://www.debian.org/security/2021/dsa-4830

Upstream advisory with CVE:
https://github.com/flatpak/flatpak/security/advisories/GHSA-4ppf-fxf6-vxg2

Summary: flatpak new security issue fixed upstream in 1.8.5 => flatpak new security issue fixed upstream in 1.8.5 (CVE-2021-21261)

(In reply to Neal Gompa from comment #32)
> I will be updating to 1.10.0 because we need support for the new metadata
> format. I don't know how long older clients will stay working, so changing
> to the new stable series is important.

Can you prepare is ASAP for Cauldron then so we hopefully can handle of the fallout before Mageia 8 is released.

Fedora has issued an advisory for this on January 19:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/2K2Q5P4IIUN2SFJKQKB4UJQ37CE2E55K/

Hi, 

This remain unresolved. We are about to see the release of Mageia 8, so we should consider this bug obsolete since it seems that this application will not be updated in Mageia 7?

In Mageia 8 flatpak works fine and is updated.

Greetings!!

Releasing Mageia 8 does not immediately end support for Mageia 7. Bugs still
need to be fixed.

FWIW,
Yesterday on my wifes mga7 laptop using flatpak 1.4.1 
$ flatpak update
updated itself without error, and also updated spotify:
Spotify now works (failed a half year ago)
Then I also successfully installed and used Zoom.

instead of patching, can we update flatpak ?

We may have to now, given Bug 28575.

(In reply to Nicolas Lécureuil from comment #41)
> instead of patching, can we update flatpak ?
From https://wiki.mageia.org/en/Updates_policy#Version_Policy
exceptions include "Software versions that are no longer supported upstream".

We also allow it for leaf packages if patching is "too much work", provided
the new version does not require user interaction to make it work such as
changing config file formats, cause regressions in functionality, dropping
features, etc. and has no impact on other packages such as changing an api
for a lib shared with other packages (i.e. is not a leaf package).

Those types of exceptions are decided on a case by case basis.

src:
   - mageia 7:
              - libglib-testing-0.1.0-2.mga7
              - appstream-glib-0.7.15-1.mga7
              - ... ( more to come )

src:
   - mageia 7:
              - libglib-testing-0.1.0-2.mga7
              - appstream-glib-0.7.15-1.mga7
              - malcontent-0.9.0-1.mga7
              - bubblewrap-0.4.1-1.mga7
              - ostree-2020.8-1.mga7
              - flatpak-1.10.2-1.mga7 ( to be built )

src:
   - mageia 7:
              - libglib-testing-0.1.0-2.mga7
              - appstream-glib-0.7.15-1.mga7
              - malcontent-0.9.0-2.mga7
              - bubblewrap-0.4.1-1.mga7
              - ostree-2020.8-1.mga7
              - flatpak-1.10.2-1.mga7

need to be done:
         - Rebuild some deps ( discover, gnome software, etc ).

deps rebuilded:

gnome-software-3.32.2-2.1.mga7
discover-5.15.4-2.2.mga7

This update provide a new version of flatpak fixing numerous CVE.

In addition it fixes:
https://bugs.mageia.org/show_bug.cgi?id=28575
https://bugs.mageia.org/show_bug.cgi?id=25978

src:
   - mageia 7:
              - libglib-testing-0.1.0-2.mga7
              - appstream-glib-0.7.15-1.mga7
              - malcontent-0.9.0-2.mga7
              - bubblewrap-0.4.1-1.mga7
              - ostree-2020.8-1.mga7
              - flatpak-1.10.2-1.mga7
              - gnome-software-3.32.2-2.1.mga7
              - discover-5.15.4-2.2.mga7

Status comment: Fixed upstream in 1.8.5 => (none)
Assignee: ngompa13 => qa-bugs

Thank you for the big leap update, Nicolas!
In short, it just works.

System: mga7-64 Plasma

In my test below Spotify flatpak worked before and right after the updates.  It had some problem after running "flatpak update" but that is a flatpak/Spotify issue.  After retrying twice it worked.  May have been enough with reboot i dont know.  I believe that is not our fault.

There is one issue with both Spotify and Flameshot (which render Flameshot unusable):   No icon in system tray !

But this is no regression; it was so also before, so I would say the update is OK.

But that begs a question: If that can be improved so the icons show up in system tray.

Or is it just a problem on my system?

I curently have no mga8 system to compare to.


I have not tried gnome-software nor Plasma Discover, i have never used them.




===================Details===============


___Updated___

Updated:
- appstream-glib-i18n-0.7.15-1.mga7.noarch
- bubblewrap-0.4.1-1.mga7.x86_64
- discover-5.15.4-2.2.mga7.x86_64
- flatpak-1.10.2-1.mga7.x86_64
- lib64appstream-glib8-0.7.15-1.mga7.x86_64
- lib64flatpak-gir1.0-1.10.2-1.mga7.x86_64
- lib64flatpak0-1.10.2-1.mga7.x86_64
- lib64malcontent-gir0-0.9.0-2.mga7.x86_64
- lib64malcontent0-0.9.0-2.mga7.x86_64
- lib64ostree1-2020.8-1.mga7.x86_64
- malcontent-0.9.0-2.mga7.x86_64
- malcontent-i18n-0.9.0-2.mga7.noarch
- ostree-2020.8-1.mga7.x86_64

$ flatpak --version
Flatpak 1.10.2


___Test_Spotify___

$ flatpak run com.spotify.Client
/app/extra/bin/spotify: /app/lib/libcurl-gnutls.so.4: no version information available (required by /app/extra/bin/spotify)
[morgan@svarten ~]$ [spotifywm] attached to spotify
Gtk-Message: 09:54:52.908: Failed to load module "canberra-gtk-module"
[spotifywm] spotify window found
/app/extra/share/spotify/spotify: /app/lib/libcurl-gnutls.so.4: no version information available (required by /app/extra/share/spotify/spotify)
/app/extra/share/spotify/spotify: /app/lib/libcurl-gnutls.so.4: no version information available (required by /app/extra/share/spotify/spotify)
[spotifywm] attached to spotify
[spotifywm] attached to spotify
/proc/self/exe: /app/lib/libcurl-gnutls.so.4: no version information available (required by /proc/self/exe)
[spotifywm] attached to spotify
[spotifywm] spotify window found
[spotifywm] spotify window found

 Still works :)  worked also in previous Flatpak version last month, but not a half year ago.
 When I close Spotify window, it vanishes, not in system tray either, but cursor did not return in konsole, have to Ctrl-C. (I forgot to check running processes)
 This is like before the update.


___Flatpak internal updating___


$ flatpak update
Looking for updates…

        ID                                                    Gren              Op            Fjärr                Hämta
 1. [✓] org.freedesktop.Platform.GL.nvidia-430-64             1.4               u             flathub               71,3 MB / 71,8 MB
 2. [✓] org.freedesktop.Platform.GL.nvidia-450-57             1.4               u             flathub              101,1 MB / 101,5 MB
 3. [✓] org.freedesktop.Platform.GL.nvidia-460-56             1.4               u             flathub              133,3 MB / 133,7 MB
 4. [✓] org.kde.Platform.Locale                               5.15              u             flathub               24,4 kB / 341,6 MB
 5. [✓] org.kde.Platform                                      5.15              u             flathub               21,0 MB / 365,3 MB
 6. [✓] org.qelectrotech.QElectroTech                         master            u             qet-devel              3,6 MB / 16,8 MB

Updates complete.
Info: org.gnome.Platform//3.32 is end-of-life, with reason:
   The GNOME 3.32 runtime is no longer supported as of 11th March 2020. Please ask your application developer to migrate to a supported platform.


        ID                                                   Gren              Op            Fjärr              Hämta
 1. [✓] org.freedesktop.Platform.GL.nvidia-430-64            1.4               u             flathub             71,3 MB / 71,8 MB
 2. [✓] org.freedesktop.Platform.GL.nvidia-450-57            1.4               u             flathub            101,1 MB / 101,5 MB
 3. [✓] org.freedesktop.Platform.GL.nvidia-460-56            1.4               u             flathub            133,3 MB / 133,7 MB
 4. [✓] org.kde.Platform.Locale                              5.15              u             flathub             24,4 kB / 341,6 MB
 5. [✓] org.kde.Platform                                     5.15              u             flathub             21,0 MB / 365,3 MB
 6. [✓] org.flameshot.Flameshot                              stable            u             flathub            636,7 kB / 780,7 kB
 7. [-] org.gnome.Platform.Locale                            3.32              r
 8. [-] org.gnome.Platform                                   3.32              r

Changes complete.


___Test_again_Spotify___

$ flatpak run com.spotify.Client
[morgan@svarten ~]$ /app/extra/bin/spotify: /app/lib/libcurl-gnutls.so.4: no version information available (required by /app/extra/bin/spotify)
[spotifywm] attached to spotify
Gtk-Message: 10:02:04.853: Failed to load module "canberra-gtk-module"
[spotifywm] spotify window found
/app/extra/share/spotify/spotify: /app/lib/libcurl-gnutls.so.4: no version information available (required by /app/extra/share/spotify/spotify)
/app/extra/share/spotify/spotify: /app/lib/libcurl-gnutls.so.4: no version information available (required by /app/extra/share/spotify/spotify)
[spotifywm] attached to spotify
[spotifywm] attached to spotify
/proc/self/exe: /app/lib/libcurl-gnutls.so.4: no version information available (required by /proc/self/exe)
[spotifywm] spotify window found
[0311/100205.118364:FATAL:gpu_data_manager_impl_private.cc(442)] GPU process isn't usable. Goodbye.
[spotifywm] attached to spotify

I find no spotify window...

Ctrl-C and relaunch -> Now spotify window shows up, completely black :(

In journal I see:
mar 11 10:07:58 svarten.tribun systemd[7420]: Started app-flatpak-com.spotify.Client-25866.scope.
mar 11 10:07:58 svarten.tribun kernel: traps: spotify[25952] trap int3 ip:7f1a899ec3d2 sp:7fff85efcee0 error:0 in libcef.so[7f1a872da000+75cd000]

Again close window and Ctrl-C again.
Relaunching: Now Spotyfy works  :)


___Test_Flameshot___

$ flatpak run org.flameshot.Flameshot
QSettings::value: Empty key passed
QSettings::value: Empty key passed
QSettings::setValue: Empty key passed
QSettings::value: Empty key passed
QSettings::setValue: Empty key passed

It shows briefly a popup telling to use the icon in system tray, but like with Spotify there is none.  I dont know if it can be used any other way, have not checked...  Exit by Ctrl-C in Konsole where i launched it from.

I normally use an Appimage of elder Flameshot (the new one dont work), but shut that down before flatpak Flameshot tests.

Also now tested OK:
$ flatpak run org.qelectrotech.QElectroTech

No issue whatsoever, except printing dialogue do not show any printer.
I dont know it that ever worked or is supposed to.
Export to pdf succeed and is what I use.

Icons in system tray:

Seem to be OK after reboot (for other reasons)
At least Spotify icon now works.

Flameshot icon is not visible but "appears" like an empty space between two other icons and right and leftclicking there works as intended. It is just invisible... So possible a Flameshot issue.

Actual RPMs list for this update (discover is not, it is in Bug 28581).

libglib-testing0-0.1.0-2.mga7
libglib-testing-devel-0.1.0-2.mga7
appstream-util-0.7.15-1.mga7
libappstream-glib8-0.7.15-1.mga7
libappstream-glib-gir1.0-0.7.15-1.mga7
libappstream-glib-devel-0.7.15-1.mga7
appstream-glib-i18n-0.7.15-1.mga7
malcontent-0.9.0-2.mga7
malcontent-i18n-0.9.0-2.mga7
libmalcontent0-0.9.0-2.mga7
libmalcontent-devel-0.9.0-2.mga7
libmalcontent-gir0-0.9.0-2.mga7
bubblewrap-0.4.1-1.mga7
ostree-2020.8-1.mga7
libostree1-2020.8-1.mga7
libostree-devel-2020.8-1.mga7
libostree-gir1.0-2020.8-1.mga7
ostree-grub2-2020.8-1.mga7
ostree-tests-2020.8-1.mga7
flatpak-1.10.2-1.mga7
libflatpak-devel-1.10.2-1.mga7
libflatpak0-1.10.2-1.mga7
libflatpak-gir1.0-1.10.2-1.mga7
gnome-software-3.32.2-2.1.mga7
gnome-software-devel-3.32.2-2.1.mga7
gnome-software-editor-3.32.2-2.1.mga7

from SRPMS:
libglib-testing-0.1.0-2.mga7.src.rpm
appstream-glib-0.7.15-1.mga7.src.rpm
malcontent-0.9.0-2.mga7.src.rpm
bubblewrap-0.4.1-1.mga7.src.rpm
ostree-2020.8-1.mga7.src.rpm
flatpak-1.10.2-1.mga7.src.rpm
gnome-software-3.32.2-2.1.mga7.src.rpm

Advisory:
========================

Updated flatpak packages fix security vulnerabilities:

Sandbox escape where a malicious application can execute code outside the
sandbox by controlling the environment of the "flatpak run" command when
spawning a sub-sandbox (CVE-2021-21261).

A potential attack where a flatpak application could use custom formatted
.desktop files to gain access to files on the host system (CVE-2021-21381).

The update also removes the unnecessary flatpak-tests subpackage.

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21261
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21381
https://github.com/flatpak/flatpak/security/advisories/GHSA-4ppf-fxf6-vxg2
https://github.com/flatpak/flatpak/security/advisories/GHSA-xgh4-387p-hqpp
https://github.com/flatpak/flatpak/issues/4146
https://github.com/flatpak/flatpak/releases
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/2K2Q5P4IIUN2SFJKQKB4UJQ37CE2E55K/
https://bugs.mageia.org/show_bug.cgi?id=25978
https://bugs.mageia.org/show_bug.cgi?id=28575
https://bugs.mageia.org/show_bug.cgi?id=28575

Blocks: (none) => 25978

Tested Flatpak with VM MGA7 Gnome 5.10.20-desktop-2.mga7

Updated with : 

libglib-testing0-0.1.0-2.mga7
libglib-testing-devel-0.1.0-2.mga7
appstream-util-0.7.15-1.mga7
libappstream-glib8-0.7.15-1.mga7
libappstream-glib-gir1.0-0.7.15-1.mga7
libappstream-glib-devel-0.7.15-1.mga7
appstream-glib-i18n-0.7.15-1.mga7
malcontent-0.9.0-2.mga7
malcontent-i18n-0.9.0-2.mga7
libmalcontent0-0.9.0-2.mga7
libmalcontent-devel-0.9.0-2.mga7
libmalcontent-gir0-0.9.0-2.mga7
bubblewrap-0.4.1-1.mga7
ostree-2020.8-1.mga7
libostree1-2020.8-1.mga7
libostree-devel-2020.8-1.mga7
libostree-gir1.0-2020.8-1.mga7
ostree-grub2-2020.8-1.mga7
ostree-tests-2020.8-1.mga7
flatpak-1.10.2-1.mga7
libflatpak-devel-1.10.2-1.mga7
libflatpak0-1.10.2-1.mga7
libflatpak-gir1.0-1.10.2-1.mga7
gnome-software-3.32.2-2.1.mga7
gnome-software-devel-3.32.2-2.1.mga7
gnome-software-editor-3.32.2-2.1.mga7

Updated without error message.

Flatpak install signal software correctly:

$flatpak install signal
Looking for matches…
Found similar ref(s) for ‘signal’ in remote ‘flathub’ (system).
Use this remote? [Y/n]: y
Found ref ‘app/org.signal.Signal/x86_64/stable’ in remote ‘flathub’ (system).
Use this ref? [Y/n]: y
Required runtime for org.signal.Signal/x86_64/stable (runtime/org.freedesktop.Platform/x86_64/20.08) found in remote flathub
Do you want to install it? [Y/n]: y

org.signal.Signal permissions:
    ipc          network              pulseaudio           x11
    devices      file access [1]      dbus access [2]      bus ownership [3]

    [1] xdg-desktop, xdg-documents, xdg-download, xdg-music, xdg-pictures,
        xdg-public-share, xdg-videos
    [2] org.freedesktop.Notifications, org.kde.StatusNotifierWatcher
    [3] org.kde.StatusNotifierItem-2-1


        ID                                  Branch Op Remote  Download
 1. [✓] org.freedesktop.Platform.GL.default 20.08  i  flathub  95,3 MB / 95,9 MB
 2. [✓] org.freedesktop.Platform.Locale     20.08  i  flathub   5,9 MB / 322,2 MB
 3. [✓] org.freedesktop.Platform.openh264   2.0    i  flathub   1,5 MB / 1,5 MB
 4. [✓] org.freedesktop.Platform            20.08  i  flathub 222,3 MB / 267,7 MB
 5. [✓] org.signal.Signal                   stable i  flathub 144,3 MB / 146,9 MB

Installation complete.

Signal works correctly 

Install ELement software witn Gnome-software 3.32.2
Install is OK and Element works but can't contact my private server

CC: (none) => guillaume.royer

Already tested CVE-2021-21381 for M8.

CVE-2021-21261 does not have an immediate PoC.

Meanwhile, this installs OK on M7 x86_64 Plasma.
flatpak usage is OK.

Give this an OK.
Validating.
Advisory committed to SVN.

CVE: (none) => CVE-2021-21261, CVE-2021-21381
Keywords: (none) => advisory, validated_update
Whiteboard: (none) => MGA7-64-OK
Summary: flatpak new security issue fixed upstream in 1.8.5 (CVE-2021-21261) => flatpak new security issue fixed upstream in 1.8.5 (CVE-2021-21261, CVE-2021-21381)
CC: (none) => sysadmin-bugs

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2021-0143.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED