Upstream has issued an advisory on October 8: https://github.com/flatpak/flatpak/security/advisories/GHSA-67h7-w3jq-vh4q The issue is fixed upstream in 1.10.4 and 1.12.0, with regression fixes in 1.10.5 and 1.12.1: https://github.com/flatpak/flatpak/releases/tag/1.10.4 https://github.com/flatpak/flatpak/releases/tag/1.10.5 https://github.com/flatpak/flatpak/releases/tag/1.12.0 https://github.com/flatpak/flatpak/releases/tag/1.12.1 Mageia 8 is also affected.
Status comment: (none) => Fixed upstream in 1.10.4 and 1.12.0Whiteboard: (none) => MGA8TOO
Assigning to the registered flatpack maintainer
CC: (none) => marja11Assignee: bugsquad => mageia
1.12.x branch has another bugfix update: https://github.com/flatpak/flatpak/releases/tag/1.12.2
Fedora has issued an advisory for this on October 12: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/R5656ONDP2MGKIJMKEC7N2NXCV27WGTC/
CC: (none) => fri
New version 1.12.1 pushed in mga9: fixed in mga8: src: - flatpak-1.10.4-1.mga8
Whiteboard: MGA8TOO => (none)Assignee: mageia => qa-bugsStatus comment: Fixed upstream in 1.10.4 and 1.12.0 => (none)Version: Cauldron => 8
MGA 64 Core I3 4Go RAM Updated with QA repo and RPms: flatpak 1.10.4 1.mga8 x86_64 lib64flatpak-gir1.0 1.10.4 1.mga8 x86_64 lib64flatpak0 1.10.4 1.mga8 x86_64 No issue after installation tested with command: flatpak remotes => OK flatpak update => OK
CC: (none) => guillaume.royer
Updating to 1.10.5 and 1.12.2 now to pick up the additional bug fixes.
1.10.4 mga8 64bit i7 nvidia-current, plasma Updated using rpmdrake, same pkgs as comment 5 flatpak list, remotes, update, and finds, installs and runs Firefox.
flatpak-1.10.5-1.mga8 libflatpak0-1.10.5-1.mga8 libflatpak-gir1.0-1.10.5-1.mga8 libflatpak-devel-1.10.5-1.mga8 flatpak-tests-1.10.5-1.mga8 flatpak-1.10.5-1.mga8.src.rpm
1.10.5 mga8 64bit i7 nvidia-current, plasma Updated using rpmdrake. Exercised: flatpak list, remotes, update, and finds, installs and runs Notpeadqq.
MGA8-64 Plasma on Lenovo B50 No installation issues. All I understand of this (looking at previous updates) is $ flatpak --help Usage: flatpak [OPTION…] COMMAND Builtin Commands: Manage installed applications and runtimes install Install an application or runtime update Update an installed application or runtime uninstall Uninstall an installed application or runtime mask Mask out updates and automatic installation pin Pin a runtime to prevent automatic removal list List installed apps and/or runtimes info Show info for installed app or runtime history Show history config Configure flatpak repair Repair flatpak installation create-usb Put applications or runtimes onto removable media Finding applications and runtimes etc .... list and remotes return nothing and $ flatpak update Note that the directories '/var/lib/flatpak/exports/share' '/home/tester8/.local/share/flatpak/exports/share' are not in the search path set by the XDG_DATA_DIRS environment variable, so applications installed by Flatpak may not appear on your desktop until the session is restarted. Looking for updates… Nothing to do. Which seems fair to me. I would need to study the whole business to setup links to repos e.a. I guess, but not today.....
CC: (none) => herman.viaene
If you are interested another day: https://wiki.mageia.org/en/Ways_to_install_programs#Flatpak
Mageia 8 X64 Gnome No installation issues After reboot, applications are present. $ flatpak --version Flatpak 1.10.5 Installed Spotify without problems $ flatpak install flathub com.spotify.Client I launched Spotify without issues $ flatpak run com.spotify.Client I tried with another program Drawing. $ flatpak run com.github.maoschanz.drawing I've got this error: (drawing:2): Gdk-WARNING **: 12:17:16.646: Failed to read portal settings: GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name org.freedesktop.portal.Desktop was not provided by any .service files I can't save any files. Flatpak seems to be ok, not all applications.
CC: (none) => hdetavernier
That error may be some version mismatch between the app and a flatpak component
Now flatpak 1.10.5 update command show recommendation for further updating of some parts. Do we need to advance flatpak version or will the projects supplying the parts supply updates flatpak can update to? $ flatpak update Looking for updates… Info: org.kde.Platform//5.11 is end-of-life, with reason: The KDE 5.11 runtime is no longer supported and does not receive security updates. We strongly recommend migrating to a supported runtime. Applications using this runtime: com.notepadqq.Notepadqq Info: org.freedesktop.Platform.ffmpeg//1.6 is end-of-life, with reason: The Freedesktop 1.6 runtime is no longer supported and does not receive security updates. Please ask your application developer to migrate to a supported runtime.
That would be up to whoever is creating the flatpak you're using.
I find you are correct, thanks.
Looks good to me
Whiteboard: (none) => MGA8-64-OK
Thank you, everyone! Validating.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => advisoryCC: (none) => davidwhodgins
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0486.html
Status: NEW => RESOLVEDResolution: (none) => FIXED