Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update Pressure Vessel and Runtime #97

Merged
merged 8 commits into from
Apr 25, 2024
Merged

Conversation

R1kaB3rN
Copy link
Member

@R1kaB3rN R1kaB3rN commented Apr 23, 2024

Depends on #95 being merged.

Currently, the launcher uses a runtime platform, steamrt3 (sniper), that is several releases behind the latest. As a result, the launcher misses the latest bug/security fixes that address CVEs such as CVE-2024-3094 and improvements that may effect games.

This pull request updates the sniper runtime and pressure vessel to the current latest, and changes the launcher to download the new official archive for the runtime, SteamLinuxRuntime_sniper.tar.xz, which has superseded steam-container-runtime{,-complete}.tar.gz

See https://gitlab.steamos.cloud/steamrt/steamrt/-/wikis/Sniper-release-notes#container-runtime-5

@R1kaB3rN R1kaB3rN marked this pull request as draft April 24, 2024 07:30
- Delete the pressure vessel key value pair and use the build id as the value instead of the directory name of the runtime platform. The build id is included in the official endpoint for the runtime and will be used as part of the url.

- This commit also updates the sniper runtime to the current latest (0.20240423.85483) to apply bug and security fixes such as CVE-2024-3094
- The file steam-container-runtime{,-complete}.tar.gz has been superseded by SteamLinuxRuntime_sniper.tar.xz, so the launcher needs to download that archive for the runtime.

- See https://gitlab.steamos.cloud/steamrt/steamrt/-/wikis/Sniper-release-notes#container-runtime-5
- Warn the user when the launcher will extract without a data filter. Data filters were added in Python 3.12 and backported to 3.10 due to its severe security consequences. Since we're extracting an archive that is not ours, we should warn them about this and encourage them to take action
@R1kaB3rN R1kaB3rN marked this pull request as ready for review April 25, 2024 23:12
@R1kaB3rN R1kaB3rN changed the title Update Pressure Vessel Update Pressure Vessel and Runtime Apr 25, 2024
@R1kaB3rN R1kaB3rN merged commit 487f47e into Open-Wine-Components:main Apr 25, 2024
4 checks passed
@R1kaB3rN R1kaB3rN deleted the pv branch April 25, 2024 23:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

1 participant