mirror of
https://github.com/flatpak/flatpak.git
synced 2026-04-02 22:34:25 -04:00
db3a785241
This adds three "positive" tests: the common case --persist=.persist, the deprecated spelling --persist=/.persist, and the less common special case --persist=. as used by Steam. It also adds "negative" tests for CVE-2024-42472: if the --persist directory is a symbolic link or contains path segment "..", we want that to be rejected. Reproduces: CVE-2024-42472, GHSA-7hgv-f2j8-xw87 [smcv: Add "positive" tests] [smcv: Exercise --persist=..] [smcv: Assert that --persist with a symlink produces expected message] Co-authored-by: Simon McVittie <smcv@collabora.com> Signed-off-by: Simon McVittie <smcv@collabora.com>
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux.
See https://flatpak.org/ for more information.
Community discussion happens in #flatpak:matrix.org, on the mailing list, and on the Flathub Discourse.
Read documentation for Flatpak here.
Contributing
Flatpak welcomes contributions from anyone! Here are some ways you can help:
- Fix one of the issues and submit a PR
- Update flatpak's translations and submit a PR
- Improve flatpak's documentation, hosted at http://docs.flatpak.org and developed over in flatpak-docs
- Find a bug and submit a detailed report including your OS, flatpak version, and the steps to reproduce
- Add your favorite application to Flathub by writing a flatpak-builder manifest and submitting it
- Improve the Flatpak support in your favorite Linux distribution
Hacking
See CONTRIBUTING.md
Related Projects
Here are some notable projects in the Flatpak ecosystem:
- Flatseal: An app for managing permissions of Flatpak apps without using the CLI
- Flat-manager: A tool for managing Flatpak repositories