Hello community, here is the log from the commit of package flatpak for openSUSE:Factory checked in at 2017-08-10 13:43:53 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/flatpak (Old) and /work/SRC/openSUSE:Factory/.flatpak.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "flatpak" Thu Aug 10 13:43:53 2017 rev:9 rq:511902 version:0.8.7 Changes: -------- --- /work/SRC/openSUSE:Factory/flatpak/flatpak.changes 2017-03-29 13:24:18.590672312 +0200 +++ /work/SRC/openSUSE:Factory/.flatpak.new/flatpak.changes 2017-08-10 13:43:53.830708685 +0200 @@ -2 +2 @@ -Thu Mar 16 11:59:38 UTC 2017 - adrien.pla...@suse.com +Thu Jul 20 20:12:58 UTC 2017 - zai...@opensuse.org @@ -4,47 +4,66 @@ -- Update to version 0.9.1: - + The flatpak-builder build cache now uses the rofiles-fuse - ostree feature. - + The cflags and cxxflags module properties now work by - appending, rather that replacing, when there are multiple - values specified. - + Do not invalidate build cache when the installed version of the - SDK changed by default. Use --rebuild-on-sdk-change to force - rebuild otherwise. - + The build cache is now per-arch. - + New buildsystem "cmake-ninja" which works like "cmake", but - builds using ninja. - + New buildsystem "simple" which just runs a set of shell - commands specified in the "build-commands" property. - + flatpak-builder now has build-runtime and build-extension - properties that makes it easier to build runtimes and - extensions. - + FLATPAK_DEST is set in the build environment to the - installation destination. - + flatpak-builder now supports --from-git=URL which pulls the - json manifest and related files directly from a git repo. - + modules have a new no-make-install property which skips the - make install step. - + Modules and sources have only-arches and skip-arches - properties, which lets you enable/disable them based on the - build architecture. - + build-options has a new property ldflags, which is similar to - cflags and cxxflags. - + flatpak build (and thus flatpak-builder --run) now supports - dbus proxies when needed. - + All git repos are cloned with fsckObjects=true, which means we - verify that the repos are valid. - + New flatpak-builder argument --build-shell=MODULE extracts and - prepares the sources for a specified module and then starts a - build sandbox inside it. - + build-export: Now supports --timestamp=ISO-8601-TIMESTAMP, - which allows you to create reproducible commits. - + The OCI support has been updated to the latest version of the - OCI image specification format. - + There is a new flatpak-bisect script that can be used to bisect - flatpak applications, looking for regressions. - + flatpak list got a revamp. It now shows more information, and - shows both apps and runtimes by default. - + flatpak remote-list was renamed flatpak remotes in order to - minimize confusion with flatpak remote-ls. The old name is - deprecated but still works. -- Bump minimal glib to 2.44. +- Update to version 0.8.7: + + This is a minor security update, matching the behaviour on + master where we avoid ever creating setuid files or + world-writable directories. However, the fix is more localized + and does not require a new ostree. + + After pulling from a remote, always verify that the staged new + files and directories have safe permissions. + + Ensure ~/.local/share/flatpak is not readable to other users, + to avoid anyone ever seeing possibly world-writeable + directories therein. + + Fix double-setting a error in case of errors when pulling. + + Fix timeout in testcase. + +------------------------------------------------------------------- +Thu Jul 20 20:12:42 UTC 2017 - zai...@opensuse.org + +- Update to version 0.8.6: + + TMPDIR is now unset in the sandbox, if set on the host. Each + sandbox has a personal /tmp that is used. + + Flatpak run now works if /tmp is a symlink on the host. + + /etc/hosts and /etc/hosts.conf from the host are now exposed in + the sandbox in addition to /etc/resolv.conf. + + flatpak now stores the app id in the X-Flatpak key when + exporting a desktop file. + + Exports are now whitelisted, and the only thing you can + export are: desktop files, icons, dbus services. + This is somewhat different from the 0.9.x series, where als + mime definitions, and gnome-shell search providers are allowed. + + Fixed minor race condition in portal application + identification. + + Support WAYLAND_DISPLAY environment var. + + dbus-portal: Fix handling of NameHasOwner. + + run: Allow regular files for --filesystem=xdg-config/path. + + run: Allow --filesystem=xdg-config/subdir:ro (previously + it needed to be writable). + + Support for updating to new gpg keys and url when using + flatpak remote-modify --update-metadata. This is a manual + operation in 0.8.x but is automatic in the 0.9.x series. + +------------------------------------------------------------------- +Thu Jul 20 20:12:04 UTC 2017 - zai...@opensuse.org + +- Update to version 0.8.5: + + Fixed a use-after-free and some leaks in the dbus-proxy. This + is not currently believed to be exploitable, but the proxy is a + security boundary, so we still recommend to update. + + Regular updates now never allow updates to an older version + than what is currently installed (unless you explicitly specify + an old commit id). This closes a hole where a MITM attacker can + force clients to downgrade to an earlier (gpg-signed) version + of the application. + + The automatic detection of --from in flatpak install now + detects flatpakref extensions even in URIs that end in a query + string such as https://git.gnome.org/browse/gnome-apps-nightly/plain/gedit.flatpakref?h=stable + + The detection of "unmaintained" system extensions was broken, + and in some cases these extensions were not found. This now + always works. + + Flatpak now builds with latest OSTree. This required some + fixing for multiple definitions of the g_auto* macros as OSTree + now exports those. + + We no longer rely on ostree trivial-httpd for the tests, + because this is optional in later versions of ostree. Instead + we use the python SimpleHTTPServer. + + The minimum glib version has been corrected to 2.44. + + The minumum automake version has been increased to 1.13.4 + because some older version didn't work. Old: ---- flatpak-0.9.1.tar.xz New: ---- flatpak-0.8.7.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ flatpak.spec ++++++ --- /var/tmp/diff_new_pack.nl0fxf/_old 2017-08-10 13:43:54.930553858 +0200 +++ /var/tmp/diff_new_pack.nl0fxf/_new 2017-08-10 13:43:54.938552732 +0200 @@ -22,7 +22,7 @@ %define libname libflatpak0 Name: flatpak -Version: 0.9.1 +Version: 0.8.7 Release: 0 Summary: Manage OSTree based application bundles License: LGPL-2.1+ @@ -199,7 +199,6 @@ %files builder %defattr(-,root,root) -%{_bindir}/flatpak-bisect %{_bindir}/flatpak-builder %{_mandir}/man1/flatpak-builder.1%{ext_man} ++++++ _service ++++++ --- /var/tmp/diff_new_pack.nl0fxf/_old 2017-08-10 13:43:55.166520641 +0200 +++ /var/tmp/diff_new_pack.nl0fxf/_new 2017-08-10 13:43:55.190517263 +0200 @@ -4,7 +4,7 @@ <param name="scm">git</param> <param name="versionformat">@PARENT_TAG@</param> <param name="changesgenerate">enable</param> - <param name="revision">refs/tags/0.9.1</param> + <param name="revision">refs/tags/0.8.7</param> </service> <service name="recompress" mode="disabled"> <param name="file">*.tar</param> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.nl0fxf/_old 2017-08-10 13:43:55.270506002 +0200 +++ /var/tmp/diff_new_pack.nl0fxf/_new 2017-08-10 13:43:55.270506002 +0200 @@ -1,4 +1,4 @@ <servicedata> <service name="tar_scm"> - <param name="url">https://github.com/flatpak/flatpak.git</param> - <param name="changesrevision">696775687721748ba779dfb58f29ab47ed1fd6ae</param></service></servicedata> \ No newline at end of file + <param name="url">https://github.com/flatpak/flatpak.git</param> + <param name="changesrevision">fd186307b56d34f4bf99943251dfaa29bb9864a1</param></service></servicedata> \ No newline at end of file ++++++ flatpak-0.9.1.tar.xz -> flatpak-0.8.7.tar.xz ++++++ ++++ 32193 lines of diff (skipped)