here is the log from the commit of package flatpak for openSUSE:Factory checked
in at 2017-08-10 13:43:53
Comparing /work/SRC/openSUSE:Factory/flatpak (Old)
and /work/SRC/openSUSE:Factory/.flatpak.new (New)
Package is "flatpak"
Thu Aug 10 13:43:53 2017 rev:9 rq:511902 version:0.8.7
--- /work/SRC/openSUSE:Factory/flatpak/flatpak.changes 2017-03-29
+++ /work/SRC/openSUSE:Factory/.flatpak.new/flatpak.changes 2017-08-10
@@ -2 +2 @@
-Thu Mar 16 11:59:38 UTC 2017 - adrien.pla...@suse.com
+Thu Jul 20 20:12:58 UTC 2017 - zai...@opensuse.org
@@ -4,47 +4,66 @@
-- Update to version 0.9.1:
- + The flatpak-builder build cache now uses the rofiles-fuse
- ostree feature.
- + The cflags and cxxflags module properties now work by
- appending, rather that replacing, when there are multiple
- values specified.
- + Do not invalidate build cache when the installed version of the
- SDK changed by default. Use --rebuild-on-sdk-change to force
- rebuild otherwise.
- + The build cache is now per-arch.
- + New buildsystem "cmake-ninja" which works like "cmake", but
- builds using ninja.
- + New buildsystem "simple" which just runs a set of shell
- commands specified in the "build-commands" property.
- + flatpak-builder now has build-runtime and build-extension
- properties that makes it easier to build runtimes and
- + FLATPAK_DEST is set in the build environment to the
- installation destination.
- + flatpak-builder now supports --from-git=URL which pulls the
- json manifest and related files directly from a git repo.
- + modules have a new no-make-install property which skips the
- make install step.
- + Modules and sources have only-arches and skip-arches
- properties, which lets you enable/disable them based on the
- build architecture.
- + build-options has a new property ldflags, which is similar to
- cflags and cxxflags.
- + flatpak build (and thus flatpak-builder --run) now supports
- dbus proxies when needed.
- + All git repos are cloned with fsckObjects=true, which means we
- verify that the repos are valid.
- + New flatpak-builder argument --build-shell=MODULE extracts and
- prepares the sources for a specified module and then starts a
- build sandbox inside it.
- + build-export: Now supports --timestamp=ISO-8601-TIMESTAMP,
- which allows you to create reproducible commits.
- + The OCI support has been updated to the latest version of the
- OCI image specification format.
- + There is a new flatpak-bisect script that can be used to bisect
- flatpak applications, looking for regressions.
- + flatpak list got a revamp. It now shows more information, and
- shows both apps and runtimes by default.
- + flatpak remote-list was renamed flatpak remotes in order to
- minimize confusion with flatpak remote-ls. The old name is
- deprecated but still works.
-- Bump minimal glib to 2.44.
+- Update to version 0.8.7:
+ + This is a minor security update, matching the behaviour on
+ master where we avoid ever creating setuid files or
+ world-writable directories. However, the fix is more localized
+ and does not require a new ostree.
+ + After pulling from a remote, always verify that the staged new
+ files and directories have safe permissions.
+ + Ensure ~/.local/share/flatpak is not readable to other users,
+ to avoid anyone ever seeing possibly world-writeable
+ directories therein.
+ + Fix double-setting a error in case of errors when pulling.
+ + Fix timeout in testcase.
+Thu Jul 20 20:12:42 UTC 2017 - zai...@opensuse.org
+- Update to version 0.8.6:
+ + TMPDIR is now unset in the sandbox, if set on the host. Each
+ sandbox has a personal /tmp that is used.
+ + Flatpak run now works if /tmp is a symlink on the host.
+ + /etc/hosts and /etc/hosts.conf from the host are now exposed in
+ the sandbox in addition to /etc/resolv.conf.
+ + flatpak now stores the app id in the X-Flatpak key when
+ exporting a desktop file.
+ + Exports are now whitelisted, and the only thing you can
+ export are: desktop files, icons, dbus services.
+ This is somewhat different from the 0.9.x series, where als
+ mime definitions, and gnome-shell search providers are allowed.
+ + Fixed minor race condition in portal application
+ + Support WAYLAND_DISPLAY environment var.
+ + dbus-portal: Fix handling of NameHasOwner.
+ + run: Allow regular files for --filesystem=xdg-config/path.
+ + run: Allow --filesystem=xdg-config/subdir:ro (previously
+ it needed to be writable).
+ + Support for updating to new gpg keys and url when using
+ flatpak remote-modify --update-metadata. This is a manual
+ operation in 0.8.x but is automatic in the 0.9.x series.
+Thu Jul 20 20:12:04 UTC 2017 - zai...@opensuse.org
+- Update to version 0.8.5:
+ + Fixed a use-after-free and some leaks in the dbus-proxy. This
+ is not currently believed to be exploitable, but the proxy is a
+ security boundary, so we still recommend to update.
+ + Regular updates now never allow updates to an older version
+ than what is currently installed (unless you explicitly specify
+ an old commit id). This closes a hole where a MITM attacker can
+ force clients to downgrade to an earlier (gpg-signed) version
+ of the application.
+ + The automatic detection of --from in flatpak install now
+ detects flatpakref extensions even in URIs that end in a query
+ string such as
+ + The detection of "unmaintained" system extensions was broken,
+ and in some cases these extensions were not found. This now
+ always works.
+ + Flatpak now builds with latest OSTree. This required some
+ fixing for multiple definitions of the g_auto* macros as OSTree
+ now exports those.
+ + We no longer rely on ostree trivial-httpd for the tests,
+ because this is optional in later versions of ostree. Instead
+ we use the python SimpleHTTPServer.
+ + The minimum glib version has been corrected to 2.44.
+ + The minumum automake version has been increased to 1.13.4
+ because some older version didn't work.
++++++ flatpak.spec ++++++
--- /var/tmp/diff_new_pack.nl0fxf/_old 2017-08-10 13:43:54.930553858 +0200
+++ /var/tmp/diff_new_pack.nl0fxf/_new 2017-08-10 13:43:54.938552732 +0200
@@ -22,7 +22,7 @@
%define libname libflatpak0
Summary: Manage OSTree based application bundles
@@ -199,7 +199,6 @@
++++++ _service ++++++
--- /var/tmp/diff_new_pack.nl0fxf/_old 2017-08-10 13:43:55.166520641 +0200
+++ /var/tmp/diff_new_pack.nl0fxf/_new 2017-08-10 13:43:55.190517263 +0200
@@ -4,7 +4,7 @@
- <param name="revision">refs/tags/0.9.1</param>
+ <param name="revision">refs/tags/0.8.7</param>
<service name="recompress" mode="disabled">
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.nl0fxf/_old 2017-08-10 13:43:55.270506002 +0200
+++ /var/tmp/diff_new_pack.nl0fxf/_new 2017-08-10 13:43:55.270506002 +0200
@@ -1,4 +1,4 @@
- <param name="url">https://github.com/flatpak/flatpak.git</param>
\ No newline at end of file
\ No newline at end of file
++++++ flatpak-0.9.1.tar.xz -> flatpak-0.8.7.tar.xz ++++++
++++ 32193 lines of diff (skipped)