flatpak - Debian Package Tracker

general

source: flatpak (main)
version: 1.16.6-1
maintainer: Utopia Maintenance Team (archive) (DMD)
uploaders: Simon McVittie [DMD] – Matthias Klumpp [DMD]
arch: all
std-ver: 4.7.3
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1.10.8-0+deb11u2
o-o-sec: 1.10.8-0+deb11u3
oldstable: 1.14.10-1~deb12u1
old-sec: 1.14.10-1~deb12u1
old-bpo: 1.16.1-1~bpo12+1
stable: 1.16.3-1~deb13u1
testing: 1.16.3-1
unstable: 1.16.6-1
exp: 1.17.3-2

versioned links

1.10.8-0+deb11u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.10.8-0+deb11u3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.14.10-1~deb12u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.16.1-1~bpo12+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.16.3-1~deb13u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.16.3-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.16.5-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.16.6-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.17.2-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.17.3-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

flatpak (26 bugs: 0, 24, 2, 0)
flatpak-tests
gir1.2-flatpak-1.0
libflatpak-dev
libflatpak-doc
libflatpak0

action needed

4 security issues in trixie high

There are 4 open security issues in trixie.

4 important issues:

CVE-2026-34078: Flatpak is a Linux application sandboxing and distribution framework. Prior to 1.16.4, the Flatpak portal accepts paths in the sandbox-expose options which can be app-controlled symlinks pointing at arbitrary paths. Flatpak run mounts the resolved host path in the sandbox. This gives apps access to all host files and can be used as a primitive to gain code execution in the host context. This vulnerability is fixed in 1.16.4.
CVE-2026-34079: Flatpak is a Linux application sandboxing and distribution framework. Prior to 1.16.4, the caching for ld.so removes outdated cache files without properly checking that the app controlled path to the outdated cache is in the cache directory. This allows Flatpak apps to delete arbitrary files on the host. This vulnerability is fixed in 1.16.4.
TEMP-1132945-4CEFB2:
TEMP-1132946-5EDD2C:

Created: 2026-04-08 Last update: 2026-04-10 22:32

4 security issues in forky high

There are 4 open security issues in forky.

4 important issues:

CVE-2026-34078: Flatpak is a Linux application sandboxing and distribution framework. Prior to 1.16.4, the Flatpak portal accepts paths in the sandbox-expose options which can be app-controlled symlinks pointing at arbitrary paths. Flatpak run mounts the resolved host path in the sandbox. This gives apps access to all host files and can be used as a primitive to gain code execution in the host context. This vulnerability is fixed in 1.16.4.
CVE-2026-34079: Flatpak is a Linux application sandboxing and distribution framework. Prior to 1.16.4, the caching for ld.so removes outdated cache files without properly checking that the app controlled path to the outdated cache is in the cache directory. This allows Flatpak apps to delete arbitrary files on the host. This vulnerability is fixed in 1.16.4.
TEMP-1132945-4CEFB2:
TEMP-1132946-5EDD2C:

Created: 2026-04-08 Last update: 2026-04-10 22:32

4 security issues in bullseye high

There are 4 open security issues in bullseye.

4 important issues:

CVE-2026-34078: Flatpak is a Linux application sandboxing and distribution framework. Prior to 1.16.4, the Flatpak portal accepts paths in the sandbox-expose options which can be app-controlled symlinks pointing at arbitrary paths. Flatpak run mounts the resolved host path in the sandbox. This gives apps access to all host files and can be used as a primitive to gain code execution in the host context. This vulnerability is fixed in 1.16.4.
CVE-2026-34079: Flatpak is a Linux application sandboxing and distribution framework. Prior to 1.16.4, the caching for ld.so removes outdated cache files without properly checking that the app controlled path to the outdated cache is in the cache directory. This allows Flatpak apps to delete arbitrary files on the host. This vulnerability is fixed in 1.16.4.
TEMP-1132945-4CEFB2:
TEMP-1132946-5EDD2C:

Created: 2026-04-08 Last update: 2026-04-10 22:32

4 security issues in bookworm high

There are 4 open security issues in bookworm.

4 important issues:

CVE-2026-34078: Flatpak is a Linux application sandboxing and distribution framework. Prior to 1.16.4, the Flatpak portal accepts paths in the sandbox-expose options which can be app-controlled symlinks pointing at arbitrary paths. Flatpak run mounts the resolved host path in the sandbox. This gives apps access to all host files and can be used as a primitive to gain code execution in the host context. This vulnerability is fixed in 1.16.4.
CVE-2026-34079: Flatpak is a Linux application sandboxing and distribution framework. Prior to 1.16.4, the caching for ld.so removes outdated cache files without properly checking that the app controlled path to the outdated cache is in the cache directory. This allows Flatpak apps to delete arbitrary files on the host. This vulnerability is fixed in 1.16.4.
TEMP-1132945-4CEFB2:
TEMP-1132946-5EDD2C:

Created: 2026-04-08 Last update: 2026-04-10 22:32

1 bug tagged help in the BTS normal

The BTS contains 1 bug tagged help, please consider helping the maintainer in dealing with it.

Created: 2025-06-13 Last update: 2026-04-11 07:30

Depends on packages which need a new maintainer normal

The packages that flatpak depends on which need a new maintainer are:

docbook-xml (#802368)
- Build-Depends: docbook-xml
docbook-xsl (#802370)
- Build-Depends: docbook-xsl

Created: 2023-09-01 Last update: 2026-04-11 06:02

lintian reports 2 warnings normal

Lintian reports 2 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2026-04-11 Last update: 2026-04-11 03:01

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 1.17.5-1, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit f36d6e2394051090300afc330c69692154e2a545
Author: Simon McVittie <smcv@debian.org>
Date:   Thu Apr 9 11:51:29 2026 +0100

    Update changelog

commit ffd59f06068aacf61d7534a1f27d98f19d62df23
Author: Simon McVittie <smcv@debian.org>
Date:   Thu Apr 9 10:03:48 2026 +0100

    Drop patches that were applied upstream

commit 2f541ecfb373970f181d0bf7f78edf65a0426881
Author: Simon McVittie <smcv@debian.org>
Date:   Thu Apr 9 10:03:21 2026 +0100

    New upstream release

commit 91ef945e9bba2b531e813d609ca07138fa5d5b28
Merge: d67e929 24b31cb
Author: Simon McVittie <smcv@debian.org>
Date:   Thu Apr 9 10:02:01 2026 +0100

    Update upstream source from tag 'upstream/1.17.5'
    
    Update to upstream version '1.17.5'
    with Debian dir c2a791918c1b5e8aea6c9c99b324d4d2279311ad

commit 24b31cb0030669d99348ded8c8077fe6ecea48e0
Merge: 1996353 2a196e0
Author: Simon McVittie <smcv@debian.org>
Date:   Thu Apr 9 10:01:58 2026 +0100

    New upstream version 1.17.5

commit 2a196e0bdefa240e29b3e2fd59ab7f7cd7071a32
Author: Sebastian Wick <sebastian.wick@redhat.com>
Date:   Thu Apr 9 01:40:52 2026 +0200

    1.17.5

commit 2994060fc7fc425f8cf07fa7269327302ccc6edd
Author: Sebastian Wick <sebastian.wick@redhat.com>
Date:   Thu Apr 9 01:40:18 2026 +0200

    Update translation files for 1.17.5

commit 8599a5109c9470de13d006069b088f3937472054
Author: Sebastian Wick <sebastian.wick@redhat.com>
Date:   Wed Apr 8 21:55:22 2026 +0200

    tests/test-run-custom: Test --bind-fd and --ro-bind-fd

commit a8e3c72454c799d89581df32b199e17a0314f7e2
Author: Sebastian Wick <sebastian.wick@redhat.com>
Date:   Wed Apr 8 14:20:53 2026 +0200

    tests/test-run-custom: Test --usr-path, --usr-fd, --app-path, --app-fd

commit c75d7e2c495ab741a98c38a497d08f578df14018
Author: Alberto Garcia <berto@igalia.com>
Date:   Wed Apr 8 19:28:32 2026 +0200

    portal: update max_fd after creating the instance ID pipe
    
    fd_map_remap_fd() is called several times after this, and without this
    change it can allocate a target fd that collides with instance_id_fd.
    
    Only the write end of the pipe needs to be considered because that's
    the one passed to the child.
    
    Closes: https://github.com/flatpak/flatpak/issues/6570

commit e127ed5aea69eef93dcf856c75ffbd12878babcb
Author: Sebastian Wick <sebastian.wick@redhat.com>
Date:   Wed Apr 8 21:59:19 2026 +0200

    run: Add bind-fd and ro-bind-fd binds after all other binds
    
    This is only moving it a bit down because
    flatpak_run_add_environment_args still adds a whole bunch of binds which
    then can over-mount the user requested binds (bind-fd, ro-bind-fd).

commit db446ef9981a4333fc0694a3c9ecd43acdb8ce1f
Author: Sebastian Wick <sebastian.wick@redhat.com>
Date:   Wed Apr 8 18:19:20 2026 +0200

    run: Use the same FD validation for all FD options

commit 68113de38e2a8eb9d265f38ba4f38e987e1c5713
Author: Sebastian Wick <sebastian.wick@redhat.com>
Date:   Wed Apr 8 18:14:19 2026 +0200

    run: Do not close --bind/--ro-bind

commit fdc4f963a1e3d573bbbdce3e911975e47d42a7a2
Author: Sebastian Wick <sebastian.wick@redhat.com>
Date:   Wed Apr 8 18:15:42 2026 +0200

    utils: Improve error message when passing an FD numer which is not a FD

commit abd44a6d8d2b6699ad8c6a90eb4aac12bdc68c7c
Author: Sebastian Wick <sebastian.wick@redhat.com>
Date:   Wed Apr 8 17:47:48 2026 +0200

    run: Fix fd tracking in flatpak_run_add_app_info_args
    
    Calls to flatpak_bwrap_add_args_data_fd take ownership over the fd they
    take. Closing them while they are still in the bwrap struct will abort
    later when the bwrap struct gets freed and it tries to close the already
    closed fd.
    
    Fix this by using glnx_autofd and g_steal_fd.

commit 3b0bd01263f3871e45b412456c2f484a661dfa0e
Author: Alberto Garcia <berto@igalia.com>
Date:   Wed Apr 8 19:44:29 2026 +0200

    portal: use g_array_index() to read from expose_fds / expose_fds_ro
    
    The data field of a GArray is a gchar* but we're storing integers
    here, so use the proper method to ensure that we're getting the
    element at the right offset and with the correct type.

commit fde4716f67b6620da57fd74481694eb58795d589
Author: Simon McVittie <smcv@collabora.com>
Date:   Wed Apr 8 09:44:55 2026 +0100

    run: Mount original app on /run/parent/app when using --app-path=""
    
    Before addressing CVE-2026-34078, we would always mount the original app
    *somewhere*, either /app (in the normal case) or /run/parent/app (when
    using a custom or empty /app for the subsandbox). The empty-app case
    regressed during the fix for CVE-2026-34078; bring back previous behaviour.
    
    Fixes: ac62ebe3 "run: Use O_PATH fds for the runtime and app deploy directories"
    Resolves: https://github.com/flatpak/flatpak/issues/6568
    Signed-off-by: Simon McVittie <smcv@collabora.com>

commit 066babba75d355d077ea11091e5f65d3b0e0d818
Author: Xiangzhe <xiangzhedev@gmail.com>
Date:   Wed Apr 8 12:27:28 2026 +0800

    run: Fix checking wrong variable in runtime fd selection
    
    In flatpak_run_app(), the else-if branch that handles
    FLATPAK_RUN_APP_DEPLOY_USR_ORIGINAL was checking custom_app_fd instead
    of custom_runtime_fd. When custom_app_fd is APP_EMPTY (-3) and
    custom_runtime_fd is USR_ORIGINAL (-2), the condition would not match
    and fall through to g_assert_not_reached(), aborting the process.
    
    This broke sub-sandbox spawning with --app-path="" (empty app), which
    is used by steam-runtime-check-requirements to verify that Flatpak's
    sub-sandbox mechanism works.
    
    Fixes: ac62ebe3 "run: Use O_PATH fds for the runtime and app deploy directories"
    Helps: https://github.com/flatpak/flatpak/issues/6568

commit c52cca2d7351e7a434dd011151be74919107a4bd
Author: Sebastian Wick <sebastian.wick@redhat.com>
Date:   Wed Apr 8 02:44:33 2026 +0200

    Post-branching version bump

commit 2c7f24dcbf45aaec453960b61d24574c4f489dae
Author: Sebastian Wick <sebastian.wick@redhat.com>
Date:   Wed Apr 8 02:37:05 2026 +0200

    1.17.4

commit 6b1e65dc79ab931e128df460083adcde424f7009
Author: Sebastian Wick <sebastian.wick@redhat.com>
Date:   Wed Apr 8 02:36:29 2026 +0200

    Update translation files for 1.17.4

commit f1bdc6aeae91f7171d1529f40267acc78825231d
Author: Sebastian Wick <sebastian.wick@redhat.com>
Date:   Sat Feb 7 21:57:30 2026 +0100

    system-helper: Only remove an ongoing pull if users match
    
    The code would always remove a pull from the hashtable, and then check if the
    users match and abort if they don't. Either way, the pull gets dropped.
    
    Fix this by only removing the pull if the dir and the user match.

commit 3c111d9e19267dad63bf006647c1d44861a7fec5
Author: Sebastian Wick <sebastian.wick@redhat.com>
Date:   Mon Jan 12 17:38:02 2026 +0100

    utils: Do not follow symlinks in flatpak_open_file_at
    
    We use flatpak_open_file_at in the context of the system helper to open
    files written by a user. This means that we want to prevent DOS and
    exposing files which only the system helper has access to.
    
    To prevent DOS and avoid side-effects, the file is opened with
    O_NONBLOCK and O_NOCTTY.
    
    To prevent leaking files, the file is supposed to not open symlinks.
    This part, we failed at. We check if the opened file is a regular file,
    but what we actually checked is, if the file a symlink might point at is
    a regular file.
    
    Fix this by also specifying O_NOFOLLOW in openat.

commit c94b780e58fd3a6d92a9e7e145dac7a1f5e40d92
Author: Sebastian Wick <sebastian.wick@redhat.com>
Date:   Fri Jan 9 19:24:44 2026 +0100

    utils: Only remove cached files in the cache directory
    
    The function flatpak_switch_symlink_and_remove is used to implement a
    cache for ld.so (regenerate_ld_cache). If the active symlink changes to
    a new cache file, the old cache file is supposed to get removed.
    
    The symlink still points to the old cache file, so we would remove the
    file that it points to and then point at the new file.
    
    Because the symlink is under the app's control, the symlink can point
    anywhere, and the removal happens in the host context, which allows an
    app to remove arbitrary files on the host.
    
    The filename of the cache files are checksums, which means that we can
    ensure that the link is a file in the same directory of the link by
    checking that it only contains the chars a-zA-Z0-9.

commit 3c500145fd4c056a41d36f32138ae61735898087
Author: Sebastian Wick <sebastian.wick@redhat.com>
Date:   Fri Feb 6 21:03:58 2026 +0100

    portal: Use --bind-fd, --app-fd and --usr-fd options to avoid races
    
    Now that flatpak_run_app accepts fds for app and runtime deploy, as well
    as bind and ro-bind fds, and flatpak-run exposes the functionality, we
    can finally hook this all up to the flatpak portal!

commit b5ae89ed332e0f0c9f642bbdddb7c3cbd2f6fae6
Author: Sebastian Wick <sebastian.wick@redhat.com>
Date:   Fri Feb 6 21:03:34 2026 +0100

    run: Add --(ro-)bind-fd options
    
    Exposes the functionality added to flatpak_run_app in the previous
    commit with two new options.

commit 2ed87aff36bb162434a5c8e926396b5121b5e183
Author: Sebastian Wick <sebastian.wick@redhat.com>
Date:   Fri Feb 6 21:02:47 2026 +0100

    run: Add (ro-)bind fds to flatpak_run_app
    
    The flatpak portal allows apps to expose files and folders from within
    the sandbox to a side-sandbox using flatpak-spawn. So far it has used
    the --filesystem option to mount those files and folders, but it takes a
    path. Paths are inherently racy and they allow the app to swap out any
    component of the path with a symlink after handing it off. If they win
    the race, flatpak will mount a completely different directory.
    
    This adds a new way to mount files and directories based on O_PATH
    file descriptor that needs to provided when execing the flatpak binary.

commit 1b5e886d7f22f2ee81c2149c04e915bf4cabe518
Author: Sebastian Wick <sebastian.wick@redhat.com>
Date:   Fri Feb 6 20:55:46 2026 +0100

    run: Add --usr-fd and --app-fd options
    
    Exposes options to pass in a fd for the runtime and app deploy. The
    flatpak portal will make use of this in a following commit.

commit ac62ebe3080401501efb47044981d2b519629186
Author: Sebastian Wick <sebastian.wick@redhat.com>
Date:   Fri Feb 6 20:54:22 2026 +0100

    run: Use O_PATH fds for the runtime and app deploy directories
    
    This also allows us to use glnx_chaseat, and other at-functions to
    traverse the filesystem tree in a safe way.
    
    This is important because the app and runtime deploy directories can be
    under an attackers control. The flatpak portal for example allows
    sandboxed apps to provide them.
    
    In particular, attacks where the deploy dirs get replaced by a symlink
    pointing into the host system will be stopped by this.
    
    Note that this change alone is not enough to avoid the attack, and the
    portal has to be changed as well.

commit aab3f42374634518fdd0d71ab2369bb7557f34d1
Author: Sebastian Wick <sebastian.wick@redhat.com>
Date:   Fri Feb 6 16:32:50 2026 +0100

    flatpak-bwrap: Use glnx_close_fd as clear func
    
    We already have a function which clears a fd that a pointer points to,
    so let's use it instead of duplicating the code.
    
    Will become useful in a later commit as well.

commit 50af610ff417dfd66b9c8d7b7846698808a3abd8
Author: Sebastian Wick <sebastian.wick@redhat.com>
Date:   Fri Feb 6 17:14:49 2026 +0100

    utils: Add flatpak_parse_fd
    
    This is meant to parse file descriptor strings passed via the command
    line. It is not a security mechanism and will happily accept fds 0-3 as
    well.

commit 2acdd330d8aa11c6f2fab5467e038bec29c2474e
Author: Sebastian Wick <sebastian.wick@redhat.com>
Date:   Fri Feb 6 17:56:21 2026 +0100

    flatpak-bwrap: Add dup-ing variant flatpak_bwrap_add_args_data_fd_dup

commit 1293a6441bf0f8522f73727ff9e9872be6b43f03
Merge: 02fc973 ccea836
Author: Simon McVittie <smcv@collabora.com>
Date:   Tue Apr 7 20:39:41 2026 +0100

    Update subtree: libglnx 2026-04-07
    
    * fdio: Avoid relying on VLAs or gcc-specific constant-folding
    * errors: Fix URL to an old libgsystem commit
    * lockfile: Assert non-null path in make_lock_file for analyzers
    * backports: Add g_clear_fd
    * glnx-errors.h: add glnx_fd_throw[_*] variants
    * fdio: Add glnx_fd_reopen
    * local-alloc: Remove duplicate definition of glnx_unref_object
    * fdio: Add glnx_statx
    * chase: Add glnx_chaseat which functions similar to openat2
    * chase: Add glnx_chase_and_statxat
    
    Signed-off-by: Simon McVittie <smcv@collabora.com>

commit 02fc9738a0122bcfe96e4ffe525e8e82a4c7f8c3
Author: Sebastian Wick <sebastian.wick@redhat.com>
Date:   Tue Apr 7 17:02:01 2026 +0200

    Revert "run: Add `--no-scope` to `flatpak run`"
    
    This reverts commit c7824ae5f35576f56ab8f9fff360bc005068ce7e.
    
    We want to use the cgroup as authentication for flatpak instances in the
    future. Giving explicit control over this to the user destroys the
    invariant we need without a backwards incompatible change.

commit c7824ae5f35576f56ab8f9fff360bc005068ce7e
Author: fortime <palfortime@gmail.com>
Date:   Mon Mar 30 17:36:23 2026 +0800

    run: Add `--no-scope` to `flatpak run`
    
    Don't run an app inside a transient systemd scope.
    
    Closes: #6497
    Fixes: #5870
    
    Signed-off-by: fortime <palfortime@gmail.com>

commit 406129532fdf42ad24ed9da252955dc66114212c
Author: Sebastian Wick <sebastian.wick@redhat.com>
Date:   Wed Mar 25 13:37:27 2026 +0100

    run: Allow /dev/ntsync unconditionally
    
    It seems to not expose any new capabilities and neither seems to greatly
    affect the kernel attack surface, so let's just enable it
    unconditionally.
    
    If this turns out to be a bad decision, we can remove it again and maybe
    guard it behind a new --device permission.
    
    Closes: #6199

commit 10470a82d3b5ac1d710d8ca38545a9e7f0c0da1b
Author: Sebastian Wick <sebastian.wick@redhat.com>
Date:   Thu Mar 26 15:24:08 2026 +0100

    tty-utils: Flush stdin before and after issuing Cursor Position command
    
    If the user presses any key while we the CLI transaction UI is being
    shown, it ends up in stdin. When we issue the Cursor Position command,
    the result is appended to stdin and we fail to match on it because of
    the proceeding bytes.
    
    Similarily, if we fail to match the command output (bad data, too slow,
    ..), we leave behind data in stdin which will be echoed back to the
    terminal when we restore the initial termios which icnludes ECHO in
    c_lflag.
    
    Let's use TCSAFLUSH to flush out stdin data before we issue the command,
    which should help with matching the expected response.
    
    Let's also use TCSAFLUSH when we restore the previous termios to make
    sure the stdin is clean and we don't echo whatever remains in stdin.
    
    Closes: #2712

commit 759d6c8615935435ea906be32ac15d2564d09bc8
Author: Baurzhan Muftakhidinov <baurthefirst@gmail.com>
Date:   Sun Mar 29 22:29:06 2026 +0500

    Add Kazakh translation

commit 3178d973215c7681792250aaf002ec784c90d4e9
Author: Kolja Lampe <razzeee@gmail.com>
Date:   Thu Mar 26 17:31:45 2026 +0000

    common: allow automatic branch following for extensions
    
    When an application or runtime is updated and its metadata requests a
    new branch of an extension, Flatpak should automatically pull the new
    branch if the user already has at least one branch of that extension
    installed.
    
    This ensures that "no-autodownload" extensions (like GIMP plugins)
    stay functional after an update that requires a new branch, while still
    respecting the user's explicit opt-in (the existing installation of
    a previous branch).
    
    Fixes: https://github.com/flatpak/flatpak/issues/4208

commit f2ff272157a522dd551bb117a340f824b23d9eed
Author: Kolja Lampe <razzeee@gmail.com>
Date:   Sat Mar 28 12:50:05 2026 +0000

    tests: Add test-preinstall.sh to the test matrix source
    
    test-preinstall.sh was present in the generated test-matrix/meson.build
    but missing from TEST_MATRIX_SOURCE in update-test-matrix, meaning it
    would be dropped if the matrix were regenerated.

commit 6601295c367da6d039452eb0466aaf5473b43f1f
Author: Марко М. Костић (Marko M. Kostić) <marko.m.kostic@gmail.com>
Date:   Fri Mar 20 00:10:31 2026 +0100

    Add Serbian translation

commit 3cad41b163d9e9535c383446af7912c0a69016cd
Author: Kristjan ESPERANTO <35647502+KristjanESPERANTO@users.noreply.github.com>
Date:   Fri Mar 20 11:07:30 2026 +0100

    Add Esperanto translation

commit 66bf6c76c7b576a1202e633c31bd22a672727e46
Author: Debarshi Ray <debarshir@gnome.org>
Date:   Fri Mar 13 23:40:30 2026 +0100

    dir: Fix the order of architecture and branch in triplets in comments
    
    Fallout from 0a9d5ac7f2e0e3f9d49a4c498bcde3d69abed097

commit 70ddf44b40f70a07d1fc9b2e071e4607bcd90fc0
Author: Debarshi Ray <debarshir@gnome.org>
Date:   Fri Mar 13 23:14:55 2026 +0100

    builtins-utils, dir: Be more strict about what is acceptable
    
    The 'arch' parameter of flatpak_dir_remote_fetch_indexed_summary() is
    used to construct the names of the caches, and can't be NULL.  This
    function is used by flatpak_remote_state_ensure_subsummary(), which is
    used by ensure_remote_state_arch().  So, the parameter can't be NULL in
    those either.

commit 00f22d406df2fe82459f788ea618f0da667ddeca
Author: Debarshi Ray <debarshir@gnome.org>
Date:   Tue Jun 7 18:08:42 2022 +0200

    installation: Avoid dereferencing a potentially NULL pointer
    
    ... in flatpak_decomposed_get_ref().
    
    Fallout from db11607016712b02d3d0c4f08f365bccf1b2b3c1

commit 1fa71d98db75d9a9d43dfcc598d8b663bfc005d5
Author: Debarshi Ray <debarshir@gnome.org>
Date:   Fri Mar 13 22:26:42 2026 +0100

    repo-utils: Remove dead code
    
    The first two conditional branches in the loop are beyond the
    terminating condition of the loop.
    
    Fallout from 2c6fec556f77ecbe3b527394e70033beee634988

commit 52d10816c74ca915fbbab4350886174c1aceb9d6
Author: Debarshi Ray <debarshir@gnome.org>
Date:   Mon Jun 6 16:05:30 2022 +0200

    completion: Avoid buffer overrun with strings having too many elements
    
    Here are some strings representing valid refs:
      app/org.test.App/x86_64/stable - full ref
      org.test.App/x86_64/stable - full ref without prefix
      org.test.App - only app ID
      org.test.App/x86_64 - only app ID and arch
      org.test.App//stable - only app ID and branch
    
    Therefore, if a ref's prefix (ie., 'app/' or 'runtime/) is skipped,
    then there can only be a maximum of 3 other elements in it.
    
    Right now, it's possible for find_current_element() to return a count
    of 4, if the string being completed is invalid and has some extra
    elements or slashes in it.  This count is later used to index the
    cur_parts array which only has 4 elements in it.  This opens up the
    possibility of a buffer overrun.
    
    Invalid strings with extra elements or slashes can't be further
    completed because none of the existing refs will match them.
    Therefore, such strings should be outright skipped.
    
    For the rest of the valid strings, the exact intended branch name is
    never known, because the branch element doesn't have a trailing slash
    and hence appears to be a prefix.  Therefore, it's not possible to use
    the branch to find a list of existing refs that could possibly
    complete the string.
    
    Fallout from 7018717ce2abe7503ce6ba3f8b4e219a915b95fb

commit c0ad159e4ab90bbe54b1ec0c3c0b735fdabc8771
Author: Debarshi Ray <debarshir@gnome.org>
Date:   Tue Jun 7 14:04:52 2022 +0200

    system-helper: Remove redundant (and misleading) NULL check
    
    First of all, g_strcmp0() is NULL-safe, so there's no need to check if
    ref_str is NULL or not.
    
    Secondly, the NULL check triggers Coverity.  It thinks that ref_str
    might be NULL in the 'else' branch, where ref_str is unconditionally
    accessed by flatpak_decomposed_new_from_ref().  There's no need to be
    concerned about this because ref_str can't be NULL.  It's one of the
    parameters of the o.fd.Flatpak.SystemHelper.Deploy D-Bus method.  It's
    defined as an 's', and NULL is not a valid value for 's'.  In fact,
    this D-Bus argument is assumed to be not NULL when the Deploy method is
    handled.
    
    Fallout from 701602c6cab1a1c587e7512217175f8826dae94a

commit 81d8ca7a1f144ce52b999c27935a847b8ecb5223
Author: Debarshi Ray <debarshir@gnome.org>
Date:   Fri Jun 3 12:52:46 2022 +0200

    system-helper: Improve the errors on failure to get a remote's URL
    
    As codified in flatpak_dir_get_remote_disabled(), a NULL URL caused by
    a corrupt configuration file or a missing "url" key doesn't represent
    a disabled remote.  It's only disabled if ostree_repo_remote_get_url()
    successfully returns an empty URL (ie., "").
    
    It might be less confusing if the error messages are consistent with
    this subtle difference.

commit ab69f8ef7e9fbcb2e8a7bb4cc7fad717e1ecb6c8
Author: Debarshi Ray <debarshir@gnome.org>
Date:   Fri Jun 3 12:37:08 2022 +0200

    dir, system-helper: Don't ignore errors when getting a remote's URL
    
    Of the 27 instances where ostree_repo_remote_get_url() is used, these
    are the only ones where the return value is ignored.  This triggers
    Coverity.
    
    It might not always be strictly necessary to handle the errors, but
    doing so can only help with debugging.  However, in the case of
    flatpak_dir_get_remote_disabled() this clarifies the subtle difference
    between an empty URL (ie., ""), and a NULL URL caused by a corrupt
    configuration file or a missing "url" key.

commit 74501ad08a42c56f6c31c6c8e052cb5390be595a
Author: lumingzh <lumingzh@qq.com>
Date:   Wed Mar 18 16:43:32 2026 +0800

    update Chinese translation

commit 0c9a818f8d9f00d64286798beb58db164d5aabc2
Author: Simon McVittie <smcv@collabora.com>
Date:   Thu Mar 19 14:24:29 2026 +0000

    tests: Mention [systemd-]localed in debug messages, not "located"
    
    This was not a typo for "located": the daemon is systemd-localed,
    or localed for short.
    
    Fixes: bb549168 "fix: cross typos, detail below"
    Signed-off-by: Simon McVittie <smcv@collabora.com>

commit 0a0e9faa040fd019e83172313efae6de4b149eef
Author: Sebastian Wick <sebastian.wick@redhat.com>
Date:   Thu Mar 19 13:25:22 2026 +0100

    context: Fix make-sandboxed with multiarch by owning the old permission
    
    We would get a reference to the old permission, then free it, and then
    insert the freed pointer into the new hashtable again.
    
    Closes: #6524
    Fixes: 6667e1d3 ("context: Use the new permission system for shares and features")

commit e3b6c4b92f4baec5111f78aa8c1e5a0743f4f82c
Author: Georges Basile Stavracas Neto <georges.stavracas@gmail.com>
Date:   Sat Mar 14 17:26:23 2026 -0300

    Post-release version bump

Created: 2026-04-09 Last update: 2026-04-11 00:01

Issues found with some translations low

Automatic checks made by the Debian l10n team found some issues with the translations contained in this package. You should check the l10n status report for more information.

Issues can be things such as missing translations, problematic translated strings, outdated PO files, unknown languages, etc.

Created: 2026-01-25 Last update: 2026-01-25 14:02

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.4 instead of 4.7.3).

Created: 2026-03-31 Last update: 2026-04-10 22:32

testing migrations

excuses:
- Migration status for flatpak (1.16.3-1 to 1.16.6-1): Waiting for test results or another package, or too young (no action required now - check later)
- Issues preventing migration:
- ∙ ∙ Autopkgtest for flatpak/1.16.6-1: amd64: Pass, arm64: No tests, superficial or marked flaky ♻, i386: Test triggered, ppc64el: Test triggered, riscv64: Test triggered, s390x: Test triggered
- ∙ ∙ Autopkgtest for flatpak-builder/1.4.7-1: amd64: Pass, arm64: No tests, superficial or marked flaky ♻, i386: Test triggered, ppc64el: Test triggered, riscv64: Test triggered, s390x: Test triggered
- ∙ ∙ Autopkgtest for ostree-push/1.2.0-1: amd64: Pass, arm64: Pass, i386: Test triggered, ppc64el: Test triggered, riscv64: Test triggered, s390x: Test triggered
- ∙ ∙ Autopkgtest for reform-tools/1.86-1: amd64: No tests, superficial or marked flaky ♻, arm64: Pass, i386: Test triggered, ppc64el: Test triggered, riscv64: Test triggered, s390x: Test triggered
- ∙ ∙ Lintian check waiting for test results on s390x, ppc64el, riscv64 - info
- ∙ ∙ Too young, only 0 of 2 days old
- Additional info (not blocking):
- ∙ ∙ Updating flatpak will fix bugs in testing: #1132943
- ∙ ∙ Piuparts tested OK - https://piuparts.debian.org/sid/source/f/flatpak.html
- ∙ ∙ Reproducibility check waiting for results on amd64
- ∙ ∙ Reproducibility check waiting for results on arm64
- ∙ ∙ Reproducibility check waiting for results on armhf
- ∙ ∙ Reproducibility check waiting for results on i386
- ∙ ∙ Reproducibility check waiting for results on ppc64el
- Not considered

news

[rss feed]

[2026-04-10] Accepted flatpak 1.16.6-1 (source) into unstable (Simon McVittie)
[2026-04-10] Accepted flatpak 1.16.5-1 (source) into unstable (Simon McVittie)
[2026-04-08] Accepted flatpak 1.16.4-2 (source) into unstable (Simon McVittie)
[2026-04-07] Accepted flatpak 1.17.3-2 (source) into experimental (Simon McVittie)
[2026-04-07] Accepted flatpak 1.16.4-1 (source) into unstable (Simon McVittie)
[2026-03-19] Accepted flatpak 1.17.3-1 (source) into experimental (Simon McVittie)
[2026-02-27] Accepted flatpak 1.16.3-1~deb13u1 (source) into proposed-updates (Debian FTP Masters)
[2026-01-30] flatpak 1.16.3-1 MIGRATED to testing (Debian testing watch)
[2026-01-24] Accepted flatpak 1.16.3-1 (source) into unstable (Simon McVittie)
[2026-01-01] Accepted flatpak 1.16.2-1~deb13u1 (source) into proposed-updates (Debian FTP Masters)
[2025-12-25] flatpak 1.16.2-1 MIGRATED to testing (Debian testing watch)
[2025-12-25] flatpak 1.16.2-1 MIGRATED to testing (Debian testing watch)
[2025-12-19] Accepted flatpak 1.16.2-1 (source) into unstable (Simon McVittie)
[2025-12-17] Accepted flatpak 1.17.2-1 (source) into experimental (Simon McVittie)
[2025-10-06] flatpak 1.16.1-3 MIGRATED to testing (Debian testing watch)
[2025-09-30] Accepted flatpak 1.16.1-3 (source) into unstable (Simon McVittie)
[2025-08-21] flatpak 1.16.1-2 MIGRATED to testing (Debian testing watch)
[2025-08-14] Accepted flatpak 1.16.1-2 (source) into unstable (Simon McVittie)
[2025-05-30] flatpak 1.16.1-1 MIGRATED to testing (Debian testing watch)
[2025-05-29] Accepted flatpak 1.16.1-1~bpo12+1 (source) into stable-backports (Simon McVittie)
[2025-05-13] Accepted flatpak 1.16.0-2~bpo12+1 (all amd64 source) into stable-backports (Debian FTP Masters) (signed by: Simon McVittie)
[2025-05-12] Accepted flatpak 1.16.1-1 (source) into unstable (Simon McVittie)
[2025-03-31] Accepted flatpak 1.10.8-0+deb11u3 (source) into oldstable-security (Adrian Bunk)
[2025-03-23] flatpak 1.16.0-2 MIGRATED to testing (Debian testing watch)
[2025-03-17] Accepted flatpak 1.16.0-2 (source) into unstable (Simon McVittie)
[2025-01-15] flatpak 1.16.0-1 MIGRATED to testing (Debian testing watch)
[2025-01-09] Accepted flatpak 1.16.0-1 (source) into unstable (Simon McVittie)
[2024-12-27] flatpak 1.15.91-1 MIGRATED to testing (Debian testing watch)
[2024-12-22] Accepted flatpak 1.15.91-1 (source) into unstable (Simon McVittie)
[2024-11-28] Accepted flatpak 1.15.12-1 (source) into experimental (Simon McVittie)

bugs [bug history graph]

all: 30
RC: 0
I&N: 28
M&W: 2
F&P: 0
patch: 0
help: 1

links

homepage
lintian (0, 2)
buildd: logs, exp, reproducibility
popcon
browse source code
edit tags
other distros
security tracker
screenshots
l10n (-, 77)
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.16.4-2
24 bugs (1 patch)