930261 – sys-apps/xdg-desktop-portal: Version bump to 1.18.4

Bug 930261 - sys-apps/xdg-desktop-portal: Version bump to 1.18.4

Summary: sys-apps/xdg-desktop-portal: Version bump to 1.18.4

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo KDE team

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2024-04-19 20:54 UTC by Christopher Fore
Modified:	2024-04-20 11:58 UTC (History)
CC List:	0 users

See Also:	CVE-2024-32462 930324
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Christopher Fore 2024-04-19 20:54:06 UTC

This version introduces a mitigation for a Flatpak vulnerability that prevents Flatpak apps from creating .desktop files for commands that do not start with -.

[0]: https://github.com/flatpak/flatpak/security/advisories/GHSA-phv6-cpc2-2fgj

Comment 1 Larry the Git Cow gentoo-dev

2024-04-20 11:56:51 UTC

The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a328fdb1daba98a7db5b6aeaf7649489620c1015

commit a328fdb1daba98a7db5b6aeaf7649489620c1015
Author:     Andreas Sturmlechner <asturm@gentoo.org>
AuthorDate: 2024-04-20 11:55:51 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2024-04-20 11:56:42 +0000

    sys-apps/xdg-desktop-portal: add 1.18.4
    
    Closes: https://bugs.gentoo.org/930261
    Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org>

 sys-apps/xdg-desktop-portal/Manifest               |   1 +
 .../xdg-desktop-portal-1.18.4.ebuild               | 116 +++++++++++++++++++++
 2 files changed, 117 insertions(+)