Your message dated Thu, 21 Jan 2021 18:18:42 +0000 with message-id <[email protected]> and subject line Bug#980323: fixed in flatpak 1.10.1-1 has caused the Debian Bug report #980323, regarding flatpak: LD_LIBRARY_PATH is not set under flatpak-builder to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 980323: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980323 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: flatpak Version: 1.2.5-0+deb10u2 Severity: important Dear Maintainer, With flatpak 1.2.5-0+deb10u2, LD_LIBRARY_PATH is not set when invoked over flatpak-builder. This became apparent when I was reviewing [1], where a contributor intends to add the Jansson library to be shipped alongside GNU Emacs in the /app/lib directory. Usually the build environment provided by flatpak-builder would have this directory referred to by LD_LIBRARY_PATH. With this latest security update, the environment variable is entirely absent. If I test with the older release, flatpak=1.2.5-0+deb10u1, running flatpak-builder like this: flatpak-builder --force-clean --build-shell=emacs ./build2 org.gnu.emacs.json I get into a shell with LD_LIBRARY_PATH set to /app/lib:/usr/lib/x86_64-linux-gnu/GL/default/lib:/usr/lib/x86_64-linux-gnu/openh264/extra With this software version, building the flatpak under review will succeed if I simply omit the --build-shell option. I am not thoroughly familiar with the Flathub ecosystem, but I would suspect that there are other flatpaks which can not be built on systems that have 1.2.5-0+deb10u2 installed. I would still expect that flatpak 1.2.5-0+deb10u2 can run the same flatpaks when consumed prebuilt from e.g. flathub. The mechanism for linker paths is not based on LD_LIBRARY_PATH when flatpak is simply run, as opposed to building. [1] https://github.com/flathub/org.gnu.emacs/pull/36 -- System Information: Debian Release: 10.7 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-13-amd64 (SMP w/8 CPU cores) Locale: LANG=fi_FI.UTF-8, LC_CTYPE=fi_FI.UTF-8 (charmap=UTF-8), LANGUAGE=fi_FI.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages flatpak depends on: ii bubblewrap 0.3.1-4 ii libappstream-glib8 0.7.14-1+deb10u1 ii libarchive13 3.3.3-4+deb10u1 ii libc6 2.28-10 ii libdconf1 0.30.1-2 ii libgdk-pixbuf2.0-0 2.38.1+dfsg-1 ii libglib2.0-0 2.58.3-2+deb10u2 ii libgpgme11 1.12.0-6 ii libjson-glib-1.0-0 1.4.4-2 ii libostree-1-1 2019.1-1 ii libpolkit-agent-1-0 0.105-25 ii libpolkit-gobject-1-0 0.105-25 ii libseccomp2 2.3.3-4 ii libsoup2.4-1 2.64.2-2 ii libsystemd0 241-7~deb10u5 ii libxau6 1:1.0.8-1+b2 ii libxml2 2.9.4+dfsg1-7+deb10u1 ii xdg-dbus-proxy 0.1.1-1 ii xdg-desktop-portal 1.2.0-1 Versions of packages flatpak recommends: ii desktop-file-utils 0.23-4 ii gtk-update-icon-cache 3.24.5-1 ii hicolor-icon-theme 0.17-2 ii libpam-systemd 241-7~deb10u5 ii p11-kit 0.23.15-2+deb10u1 ii policykit-1 0.105-25 ii shared-mime-info 1.10-1 ii xdg-desktop-portal-gtk [xdg-desktop-portal-backend] 1.2.0-1 Versions of packages flatpak suggests: ii avahi-daemon 0.7-4+b1 -- no debconf information
--- End Message ---
--- Begin Message ---Source: flatpak Source-Version: 1.10.1-1 Done: Simon McVittie <[email protected]> We believe that the bug you reported is fixed in the latest version of flatpak, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Simon McVittie <[email protected]> (supplier of updated flatpak package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 21 Jan 2021 14:12:22 +0000 Source: flatpak Architecture: source Version: 1.10.1-1 Distribution: unstable Urgency: medium Maintainer: Utopia Maintenance Team <[email protected]> Changed-By: Simon McVittie <[email protected]> Closes: 980323 Changes: flatpak (1.10.1-1) unstable; urgency=medium . * New upstream release - Fix a regression in 'flatpak build' after fixing CVE-2021-21261 (Closes: #980323) Checksums-Sha1: 4aae6eb82a668c2c3e5fd83cf83f5988cce93fde 3615 flatpak_1.10.1-1.dsc 02acbaeb403892748b1050add7e6e84a123085d5 1507668 flatpak_1.10.1.orig.tar.xz 0500b4b2434dc89d42eb9cb4a2fd71a07217e563 29968 flatpak_1.10.1-1.debian.tar.xz 4c3de93fe1d9280189c8d6210d0f77e4274f0f03 11535 flatpak_1.10.1-1_source.buildinfo Checksums-Sha256: 734b9850b7673cb86702ce61986f18268f38325dca40187d3e765b8035ee7ddd 3615 flatpak_1.10.1-1.dsc c1354f42bf3b5d51aeb4028c9b62fd4ffc673ef2ff6e583c17777f5dafdbdcb7 1507668 flatpak_1.10.1.orig.tar.xz d892cc74059c1cce068d568f1bc2d907e23f1e05f05b4fa12e768b54fc9ff041 29968 flatpak_1.10.1-1.debian.tar.xz 08fbd1ab4dce4e036ec47b4ff9a41ebc8688997fc0fbd1648102a236794a3d65 11535 flatpak_1.10.1-1_source.buildinfo Files: 8e849eade9b30937e4bfe042eea0b7d1 3615 admin optional flatpak_1.10.1-1.dsc 0622dc74e3c80872027223b9fa951ce3 1507668 admin optional flatpak_1.10.1.orig.tar.xz c2c7878f8284ed1e808a3c3ceaf8b487 29968 admin optional flatpak_1.10.1-1.debian.tar.xz 8322ecb971ec196a795737bab735957e 11535 admin optional flatpak_1.10.1-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEENuxaZEik9e95vv6Y4FrhR4+BTE8FAmAJwAQACgkQ4FrhR4+B TE+B9g//Wy8Jj9esaoiL1cMssFL1/XtSnafL2sTkSspUJvcqcS3VdHzqAvmSGXip 9FsP6q/Xl6wjIZ675AJvQe8dDc8s1rEbTOM8/391hmOR65ngD6cFuXSNrqqwmsDw +Ut2CVc6bTQQGTloMT16D+yL9levn21u25s4stoMc2tWQKW3LnSS4GjLe6Bnvavh LJ3BSfbMbrwZSt1Lfrsx5diZv3iHqEq/LICrbh678S68HhKHLNp64jzXIz25CBFN T72JoHTuA6dqa7yBTZD2F04f/bzso/14z6ubssIAgkI6lslkaX/yXMoBQMnb/vVa e9TxcMDc8dvWRZSDpLXJZGUGg+GFKqj6GaEGWC5uRHiio8JS5BU8OIjOs7Wz8NlF bd7eMbwphAj1C5K7Jl2ddMc/D5rmSwuvrj+hAXcc4eJPmvi1posGGJcIFn63VlcC 0Wb90JR5CFxX3jteJ45K1FziNFab49h3qyEplOvBRHBB/7nipnjnaHu4R/Dt0eIp Y5O1/o0yzmu/jKT1PMB+w7ZFWvaMt4HucO9RWx5kc7HTdikUzAHikBhTN95jUP4O 9azuK97dm1Q1++JriIrDNlR8y6LZskpUadCHo3cWvYC6Q8om6skKFTBI783Vr3Cf 0n9TpxcJzxw7Ds1DlwSu4RYNGX18VmQVcqUSZTGj5xn5EulGhjU= =SIcq -----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________ Pkg-utopia-maintainers mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-utopia-maintainers
