Flatpak

Security Bugfix Announcement: Distribution maintainers please update your packages!

Today Simon McVittie released updates fixing security issues on the supported Flatpak stable branches 1.14.4, 1.12.8, and 1.10.8.

One issue (CVE-2023-28101) involves maliciously crafted metadata hiding permissions using special characters and the other (CVE-2023-28100) involves an ioctl system call allowing copy/paste on virtual terminals (tty1, tty2, etc.)

https://github.com/flatpak/flatpak/releases/tag/1.14.4

Episode 501 of the Linux Unplugged podcast features an insightful interview with @ramcq@nondeterministic.computer on Flatpak and the exciting plans for Flathub in 2023! Check it out on your podcast app.

@orowith2os@tech.lgbt @ProfessorCode@fosstodon.org thank you! Help improving docs is always appreciated!

Here are some of the @matrixdotorg channels you can join for Flatpak discussion:
- Flatpak: https://matrix.to/#/#flatpak:matrix.org
- Portals: https://matrix.to/#/#xdg-desktop-portal:matrix.org
- Flathub: https://matrix.to/#/#flathub:matrix.org
- Freedesktop-sdk: https://matrix.to/#/#freedesktop-sdk:matrix.org

It's a great day for folks who love the Meson build system since Simon McVittie just released Flatpak 1.15.0 (an unstable development release) with support for building Flatpak using Meson!

The culmination of several months of work by dozens of people, Flatpak 1.14.0 is now out! Check out the release notes here:
https://github.com/flatpak/flatpak/releases/tag/1.14.0

There will be a Flatpak BoF session tomorrow at noon CDT (UTC-5) in Guadalajara, Mexico and online as part of GUADEC! Please join if you'd like to collaborate on Flatpak, Flathub, or portals. See https://guadec.org for how to join

A little-known (and destructive!) feature of Flatpak: you can remove the data leftover from all apps that have been uninstalled with the command "flatpak uninstall --delete-data". By default, your user data is left untouched when you uninstall an app.

Specifically this removes data stored by the app in ~/.var/app/$APP_ID (the default writable location for per-app data) and also resets any overridden permissions.

"How many Flathub apps reuse other package formats?" by
Will Thompson

https://blogs.gnome.org/wjjt/2022/06/14/how-many-flathub-apps-reuse-other-package-formats/

If you write a blog post or give a presentation on something Flatpak related, and it seems fit for http://flatpak.org, please submit a PR to add it to one of these pages:
- https://flatpak.org/blog-posts/
- https://flatpak.org/presentations/

Here's the relevant repo on GitHub:
https://github.com/flatpak/flatpak.github.io

Shout-out to @jimmac@mastodon.social for designing snazzy new branding for Flatpak!