Bug#864028: unblock (pre-approval): flatpak/0.8.6-1
Control: retitle 864028 unblock (pre-approval): flatpak/0.8.6-1
> On Sat, 03 Jun 2017 at 12:47:30 +0100, Simon McVittie wrote:
> > The upstream developer is planning to release 0.8.6 at some point in the
> > near future, but for now here is an unblock request for the patchset that
> > would be in 0.8.6 if it was released today.
0.8.6 has now been released. It is identical to my proposed 0.8.5-3, other
than release stuff (configure.ac, NEWS), generated files and translations.
I attach an updated debdiff, with most of the generated bits filtered.
I suspect you're probably not going to want this for r0 at this point,
so I'll upload to unstable shortly to give it more visibility, with a
view to asking for a stretch-pu upload before r1. There is no new
public API, so that should be unproblematic.
Regards,
S
diffstat for flatpak-0.8.5 flatpak-0.8.6
NEWS | 26 ++++++
common/flatpak-dir.c | 70 +++++++++++++----
common/flatpak-run.c | 126 ++++++++++++++++++++++++--------
configure.ac | 4 -
dbus-proxy/flatpak-proxy.c | 2
debian/changelog | 27 ++++++
document-portal/xdp-dbus.c | 20 ++---
document-portal/xdp-dbus.h | 2
lib/flatpak-version-macros.h | 2
session-helper/flatpak-session-helper.c | 2
tests/package_version.txt | 2
11 files changed, 222 insertions(+), 61 deletions(-)
diff -Nru --exclude configure --exclude po --exclude html flatpak-0.8.5/common/flatpak-dir.c flatpak-0.8.6/common/flatpak-dir.c
--- flatpak-0.8.5/common/flatpak-dir.c 2017-04-03 12:44:28.000000000 +0100
+++ flatpak-0.8.6/common/flatpak-dir.c 2017-06-05 13:45:47.000000000 +0100
@@ -3113,6 +3113,9 @@
"X-Flatpak-Tags",
(const char * const *) tags, length);
}
+
+ /* Add a marker so consumers can easily find out that this launches a sandbox */
+ g_key_file_set_string (keyfile, "Desktop Entry", "X-Flatpak", app);
}
groups = g_key_file_get_groups (keyfile, NULL);
@@ -3408,21 +3411,33 @@
GCancellable *cancellable,
GError **error)
{
- gboolean ret = FALSE;
+ const char *exported_subdirs[] = {
+ "share/applications", "../..",
+ "share/icons", "../..",
+ "share/dbus-1/services", "../../.."
+ };
+ int i;
- if (!flatpak_mkdir_p (destination, cancellable, error))
- goto out;
+ for (i = 0; i < G_N_ELEMENTS(exported_subdirs); i = i + 2)
+ {
+ /* The fds are closed by this call */
+ g_autoptr(GFile) sub_source = g_file_resolve_relative_path (source, exported_subdirs[i]);
+ g_autoptr(GFile) sub_destination = g_file_resolve_relative_path (destination, exported_subdirs[i]);
+ g_autofree char *sub_symlink_prefix = g_build_filename (exported_subdirs[i+1], symlink_prefix, exported_subdirs[i], NULL);
- /* The fds are closed by this call */
- if (!export_dir (AT_FDCWD, flatpak_file_get_path_cached (source), symlink_prefix, "",
- AT_FDCWD, flatpak_file_get_path_cached (destination),
- cancellable, error))
- goto out;
+ if (!g_file_query_exists (sub_source, cancellable))
+ continue;
- ret = TRUE;
+ if (!flatpak_mkdir_p (sub_destination, cancellable, error))
+ return FALSE;
-out:
- return ret;
+ if (!export_dir (AT_FDCWD, flatpak_file_get_path_cached (sub_source), sub_symlink_prefix, "",
+ AT_FDCWD, flatpak_file_get_path_cached (sub_destination),
+ cancellable, error))
+ return FALSE;
+ }
+
+ return TRUE;
}
gboolean
@@ -7292,13 +7307,17 @@
flatpak_repo_set_* () family of functions) */
static const char *const supported_params[] = {
"xa.title",
- "xa.default-branch", NULL
+ "xa.default-branch",
+ "xa.gpg-keys",
+ "xa.redirect-url",
+ NULL
};
g_autoptr(GVariant) summary = NULL;
g_autoptr(GVariant) extensions = NULL;
g_autoptr(GPtrArray) updated_params = NULL;
GVariantIter iter;
+ g_autoptr(GBytes) gpg_keys = NULL;
updated_params = g_ptr_array_new_with_free_func (g_free);
summary = fetch_remote_summary_file (self, remote, cancellable, error);
@@ -7315,14 +7334,31 @@
while (g_variant_iter_next (&iter, "{sv}", &key, &value_var))
{
- /* At the moment, every supported parameter are strings */
- if (g_strv_contains (supported_params, key) &&
- g_variant_get_type_string (value_var))
+ /* At the moment, every supported parameter except gpg-keys are strings */
+ if (strcmp (key, "xa.gpg-keys") == 0 &&
+ g_variant_is_of_type (value_var, G_VARIANT_TYPE_BYTESTRING))
+ {
+ const guchar *gpg_data = g_variant_get_data (value_var);
+ gsize gpg_size = g_variant_get_size (value_var);
+ g_autofree gchar *gpg_data_checksum = g_compute_checksum_for_data (G_CHECKSUM_SHA256, gpg_data, gpg_size);
+
+ gpg_keys = g_bytes_new (gpg_data, gpg_size);
+
+ /* We store the hash so that we can detect when things changed or not
+ instead of re-importing the key over-and-over */
+ g_ptr_array_add (updated_params, g_strdup ("xa.gpg-keys-hash"));
+ g_ptr_array_add (updated_params, g_steal_pointer (&gpg_data_checksum));
+ }
+ else if (g_strv_contains (supported_params, key) &&
+ g_variant_is_of_type (value_var, G_VARIANT_TYPE_STRING))
{
const char *value = g_variant_get_string(value_var, NULL);
if (value != NULL && *value != 0)
{
- g_ptr_array_add (updated_params, g_strdup (key));
+ if (strcmp (key, "xa.redirect-url") == 0)
+ g_ptr_array_add (updated_params, g_strdup ("url"));
+ else
+ g_ptr_array_add (updated_params, g_strdup (key));
g_ptr_array_add (updated_params, g_strdup (value));
}
}
@@ -7389,7 +7425,7 @@
}
/* Update the local remote configuration with the updated info. */
- if (!flatpak_dir_modify_remote (self, remote, config, NULL, cancellable, error))
+ if (!flatpak_dir_modify_remote (self, remote, config, gpg_keys, cancellable, error))
return FALSE;
}
diff -Nru --exclude configure --exclude po --exclude html flatpak-0.8.5/common/flatpak-run.c flatpak-0.8.6/common/flatpak-run.c
--- flatpak-0.8.5/common/flatpak-run.c 2017-04-03 12:23:30.000000000 +0100
+++ flatpak-0.8.6/common/flatpak-run.c 2017-06-05 13:45:42.000000000 +0100
@@ -1969,8 +1969,16 @@
flatpak_run_add_wayland_args (GPtrArray *argv_array,
char ***envp_p)
{
- g_autofree char *wayland_socket = g_build_filename (g_get_user_runtime_dir (), "wayland-0", NULL);
- g_autofree char *sandbox_wayland_socket = g_strdup_printf ("/run/user/%d/wayland-0", getuid ());
+ const char *wayland_display;
+ g_autofree char *wayland_socket = NULL;
+ g_autofree char *sandbox_wayland_socket = NULL;
+
+ wayland_display = g_getenv ("WAYLAND_DISPLAY");
+ if (!wayland_display)
+ wayland_display = "wayland-0";
+
+ wayland_socket = g_build_filename (g_get_user_runtime_dir (), wayland_display, NULL);
+ sandbox_wayland_socket = g_strdup_printf ("/run/user/%d/%s", getuid (), wayland_display);
if (g_file_test (wayland_socket, G_FILE_TEST_EXISTS))
{
@@ -2423,6 +2431,18 @@
g_hash_table_insert (hash_table, ep->path, ep);
}
+static gboolean
+never_export_as_symlink (const char *path)
+{
+ /* Don't export /tmp as a symlink even if it is on the host, because
+ that will fail with the pre-existing directory we created for /tmp,
+ and anyway, it being a symlink is not useful in the sandbox */
+ if (strcmp (path, "/tmp") == 0)
+ return TRUE;
+
+ return FALSE;
+}
+
/* We use the level to make sure we get the ordering somewhat right.
* For instance if /symlink -> /z_dir is exported, then we want to create
* /z_dir before /symlink, because otherwise an export like /symlink/foo
@@ -2472,7 +2492,7 @@
if (old_ep != NULL)
old_mode = old_ep->mode;
- if (S_ISLNK (st.st_mode))
+ if (S_ISLNK (st.st_mode) && !never_export_as_symlink (path))
{
g_autofree char *resolved = flatpak_resolve_link (path, NULL);
@@ -2747,11 +2767,11 @@
"--dir", g_get_home_dir (),
NULL);
- /* Special case subdirectories of the cache, config and data xdg dirs.
- * If these are accessible explicilty, in a read-write fashion, then
- * we bind-mount these in the app-id dir. This allows applications to
- * explicitly opt out of keeping some config/cache/data in the
- * app-specific directory.
+ /* Special case subdirectories of the cache, config and data xdg
+ * dirs. If these are accessible explicilty, then we bind-mount
+ * these in the app-id dir. This allows applications to explicitly
+ * opt out of keeping some config/cache/data in the app-specific
+ * directory.
*/
if (app_id_dir)
{
@@ -2766,17 +2786,18 @@
xdg_path = get_xdg_dir_from_string (filesystem, &rest, &where);
if (xdg_path != NULL && *rest != 0 &&
- mode >= FLATPAK_FILESYSTEM_MODE_READ_WRITE)
+ mode >= FLATPAK_FILESYSTEM_MODE_READ_ONLY)
{
g_autoptr(GFile) app_version = g_file_get_child (app_id_dir, where);
g_autoptr(GFile) app_version_subdir = g_file_resolve_relative_path (app_version, rest);
- if (g_file_test (xdg_path, G_FILE_TEST_IS_DIR))
+ if (g_file_test (xdg_path, G_FILE_TEST_IS_DIR) ||
+ g_file_test (xdg_path, G_FILE_TEST_IS_REGULAR))
{
g_autofree char *xdg_path_in_app = g_file_get_path (app_version_subdir);
- g_mkdir_with_parents (xdg_path_in_app, 0755);
add_args (argv_array,
- "--bind", xdg_path, xdg_path_in_app,
+ mode == FLATPAK_FILESYSTEM_MODE_READ_ONLY ? "--ro-bind" : "--bind",
+ xdg_path, xdg_path_in_app,
NULL);
}
}
@@ -2872,6 +2893,7 @@
{"XDG_CONFIG_DIRS", "/app/etc/xdg:/etc/xdg"},
{"XDG_DATA_DIRS", "/app/share:/usr/share"},
{"SHELL", "/bin/sh"},
+ {"TMPDIR", NULL}, /* Unset TMPDIR as it may not exist in the sandbox */
};
static const struct {const char *env;
@@ -2926,12 +2948,18 @@
env_array = g_ptr_array_new_with_free_func (g_free);
for (i = 0; i < G_N_ELEMENTS (default_exports); i++)
- g_ptr_array_add (env_array, g_strdup_printf ("%s=%s", default_exports[i].env, default_exports[i].val));
+ {
+ if (default_exports[i].val)
+ g_ptr_array_add (env_array, g_strdup_printf ("%s=%s", default_exports[i].env, default_exports[i].val));
+ }
if (devel)
{
for (i = 0; i < G_N_ELEMENTS(devel_exports); i++)
- g_ptr_array_add (env_array, g_strdup_printf ("%s=%s", devel_exports[i].env, devel_exports[i].val));
+ {
+ if (devel_exports[i].val)
+ g_ptr_array_add (env_array, g_strdup_printf ("%s=%s", devel_exports[i].env, devel_exports[i].val));
+ }
}
for (i = 0; i < G_N_ELEMENTS (copy); i++)
@@ -2961,7 +2989,14 @@
int i;
for (i = 0; i < G_N_ELEMENTS (default_exports); i++)
- envp = g_environ_setenv (envp, default_exports[i].env, default_exports[i].val, TRUE);
+ {
+ const char *value = default_exports[i].val;
+
+ if (value)
+ envp = g_environ_setenv (envp, default_exports[i].env, value, TRUE);
+ else
+ envp = g_environ_unsetenv (envp, default_exports[i].env);
+ }
return envp;
}
@@ -3225,10 +3260,11 @@
GError **error)
{
g_autofree char *tmp_path = NULL;
- int fd;
+ int fd, fd2;
g_autoptr(GKeyFile) keyfile = NULL;
g_autofree char *runtime_path = NULL;
g_autofree char *fd_str = NULL;
+ g_autofree char *fd2_str = NULL;
g_autofree char *old_dest = g_strdup_printf ("/run/user/%d/flatpak-info", getuid ());
const char *group;
@@ -3276,6 +3312,17 @@
if (!g_key_file_save_to_file (keyfile, tmp_path, error))
return FALSE;
+ /* We want to create a file on /.flatpak-info that the app cannot modify, which
+ we do by creating a read-only bind mount. This way one can openat()
+ /proc/$pid/root, and if that succeeds use openat via that to find the
+ unfakable .flatpak-info file. However, there is a tiny race in that if
+ you manage to open /proc/$pid/root, but then the pid dies, then
+ every mount but the root is unmounted in the namespace, so the
+ .flatpak-info will be empty. We fix this by first creating a real file
+ with the real info in, then bind-mounting on top of that, the same info.
+ This way even if the bind-mount is unmounted we can find the real data.
+ */
+
fd = open (tmp_path, O_RDONLY);
if (fd == -1)
{
@@ -3285,14 +3332,29 @@
return FALSE;
}
+ fd2 = open (tmp_path, O_RDONLY);
+ if (fd2 == -1)
+ {
+ close (fd);
+ int errsv = errno;
+ g_set_error (error, G_IO_ERROR, g_io_error_from_errno (errsv),
+ _("Failed to open temp file: %s"), g_strerror (errsv));
+ return FALSE;
+ }
+
unlink (tmp_path);
fd_str = g_strdup_printf ("%d", fd);
+ fd2_str = g_strdup_printf ("%d", fd2);
if (fd_array)
- g_array_append_val (fd_array, fd);
+ {
+ g_array_append_val (fd_array, fd);
+ g_array_append_val (fd_array, fd2);
+ }
add_args (argv_array,
- "--ro-bind-data", fd_str, "/.flatpak-info",
+ "--file", fd_str, "/.flatpak-info",
+ "--ro-bind-data", fd2_str, "/.flatpak-info",
"--symlink", "../../../.flatpak-info", old_dest,
NULL);
@@ -3326,12 +3388,10 @@
{
add_args (argv_array,
"--ro-bind", monitor_path, "/run/host/monitor",
- NULL);
- add_args (argv_array,
"--symlink", "/run/host/monitor/localtime", "/etc/localtime",
- NULL);
- add_args (argv_array,
"--symlink", "/run/host/monitor/resolv.conf", "/etc/resolv.conf",
+ "--symlink", "/run/host/monitor/host.conf", "/etc/host.conf",
+ "--symlink", "/run/host/monitor/hosts", "/etc/hosts",
NULL);
}
else
@@ -3362,11 +3422,17 @@
}
if (g_file_test ("/etc/resolv.conf", G_FILE_TEST_EXISTS))
- {
- add_args (argv_array,
- "--ro-bind", "/etc/resolv.conf", "/etc/resolv.conf",
- NULL);
- }
+ add_args (argv_array,
+ "--ro-bind", "/etc/resolv.conf", "/etc/resolv.conf",
+ NULL);
+ if (g_file_test ("/etc/host.conf", G_FILE_TEST_EXISTS))
+ add_args (argv_array,
+ "--ro-bind", "/etc/host.conf", "/etc/host.conf",
+ NULL);
+ if (g_file_test ("/etc/hosts", G_FILE_TEST_EXISTS))
+ add_args (argv_array,
+ "--ro-bind", "/etc/hosts", "/etc/hosts",
+ NULL);
}
}
@@ -3521,7 +3587,9 @@
g_ptr_array_add (bwrap_args, g_strdup (proxy_socket_dir));
g_ptr_array_add (bwrap_args, g_strdup (proxy_socket_dir));
- g_ptr_array_add (bwrap_args, g_strdup ("--ro-bind-data"));
+ /* This is a file rather than a bind mount, because it will then
+ not be unmounted from the namespace when the namespace dies. */
+ g_ptr_array_add (bwrap_args, g_strdup ("--file"));
g_ptr_array_add (bwrap_args, g_strdup_printf ("%d", app_info_fd));
g_ptr_array_add (bwrap_args, g_strdup ("/.flatpak-info"));
@@ -3986,6 +4054,8 @@
strcmp (dent->d_name, "group") == 0 ||
strcmp (dent->d_name, "machine-id") == 0 ||
strcmp (dent->d_name, "resolv.conf") == 0 ||
+ strcmp (dent->d_name, "host.conf") == 0 ||
+ strcmp (dent->d_name, "hosts") == 0 ||
strcmp (dent->d_name, "localtime") == 0)
continue;
diff -Nru --exclude configure --exclude po --exclude html flatpak-0.8.5/configure.ac flatpak-0.8.6/configure.ac
--- flatpak-0.8.5/configure.ac 2017-04-03 13:07:27.000000000 +0100
+++ flatpak-0.8.6/configure.ac 2017-06-05 13:52:50.000000000 +0100
@@ -15,8 +15,8 @@
m4_define([flatpak_major_version], [0])
m4_define([flatpak_minor_version], [8])
-m4_define([flatpak_micro_version], [5])
-m4_define([flatpak_interface_age], [5])
+m4_define([flatpak_micro_version], [6])
+m4_define([flatpak_interface_age], [6])
m4_define([flatpak_binary_age],
[m4_eval(10000 * flatpak_major_version + 100 * flatpak_minor_version + flatpak_micro_version)])
m4_define([flatpak_version],
diff -Nru --exclude configure --exclude po --exclude html flatpak-0.8.5/dbus-proxy/flatpak-proxy.c flatpak-0.8.6/dbus-proxy/flatpak-proxy.c
--- flatpak-0.8.5/dbus-proxy/flatpak-proxy.c 2017-04-03 12:44:16.000000000 +0100
+++ flatpak-0.8.6/dbus-proxy/flatpak-proxy.c 2017-06-05 13:45:42.000000000 +0100
@@ -1304,7 +1304,7 @@
g_dbus_message_set_message_type (reply, G_DBUS_MESSAGE_TYPE_METHOD_RETURN);
g_dbus_message_set_flags (reply, G_DBUS_MESSAGE_FLAGS_NO_REPLY_EXPECTED);
g_dbus_message_set_reply_serial (reply, header->serial - client->serial_offset);
- g_dbus_message_set_body (reply, g_variant_new_boolean (val));
+ g_dbus_message_set_body (reply, g_variant_new ("(b)", val));
return reply;
}
diff -Nru --exclude configure --exclude po --exclude html flatpak-0.8.5/debian/changelog flatpak-0.8.6/debian/changelog
--- flatpak-0.8.5/debian/changelog 2017-04-24 12:59:09.000000000 +0100
+++ flatpak-0.8.6/debian/changelog 2017-06-05 21:30:06.000000000 +0100
@@ -1,3 +1,30 @@
+flatpak (0.8.6-1) unstable; urgency=medium
+
+ * New upstream release
+ - Fix the return value type for filtered NameHasOwner() D-Bus calls
+ (upstream issue 817)
+ - Security hardening: Only export .desktop files, D-Bus session
+ services and icons, but not other files that an app might try to
+ export
+ - Allow remote repositories to specify a new GPG key (for key rollover)
+ or a new URL (for location migration) in their signed metadata
+ - Let KDE apps bind-mount ~/.config/kdeglobals into the sandbox:
+ + Allow bind-mounting regular files in the XDG cache, config or data
+ directories, not just directories
+ + Allow bind-mounting files in the XDG directories read-only, not
+ just read/write
+ - Close a race condition in app identification by portals
+ - Cope with a non-default WAYLAND_DISPLAY
+ - Cope with /tmp on the host being a symlink
+ - Clear TMPDIR in the sandbox, fixing sandboxed Spotify
+ - Add X-Flatpak=$app_id to exported .desktop files
+ so that the desktop environment can identify what will be launched
+ - Make the host's /etc/hosts and /etc/host.conf available in the sandbox,
+ fixing sandboxed Spotify
+ - Update Hungarian translation
+
+ -- Simon McVittie <smcv@debian.org> Mon, 05 Jun 2017 21:30:06 +0100
+
flatpak (0.8.5-2) unstable; urgency=medium
* flatpak Recommends xdg-desktop-portal-gtk | xdg-desktop-portal-backend,
diff -Nru --exclude configure --exclude po --exclude html flatpak-0.8.5/document-portal/xdp-dbus.c flatpak-0.8.6/document-portal/xdp-dbus.c
--- flatpak-0.8.5/document-portal/xdp-dbus.c 2016-10-28 10:02:39.000000000 +0100
+++ flatpak-0.8.6/document-portal/xdp-dbus.c 2017-06-05 13:46:17.000000000 +0100
@@ -1,5 +1,5 @@
/*
- * Generated by gdbus-codegen 2.51.0. DO NOT EDIT.
+ * Generated by gdbus-codegen 2.53.2. DO NOT EDIT.
*
* The license of this code is the same as for the source it was derived from.
*/
@@ -720,7 +720,7 @@
*/
typedef XdpDbusDocumentsIface XdpDbusDocumentsInterface;
-G_DEFINE_INTERFACE (XdpDbusDocuments, xdp_dbus_documents, G_TYPE_OBJECT);
+G_DEFINE_INTERFACE (XdpDbusDocuments, xdp_dbus_documents, G_TYPE_OBJECT)
static void
xdp_dbus_documents_default_init (XdpDbusDocumentsIface *iface)
@@ -2123,11 +2123,11 @@
#if GLIB_VERSION_MAX_ALLOWED >= GLIB_VERSION_2_38
G_DEFINE_TYPE_WITH_CODE (XdpDbusDocumentsProxy, xdp_dbus_documents_proxy, G_TYPE_DBUS_PROXY,
G_ADD_PRIVATE (XdpDbusDocumentsProxy)
- G_IMPLEMENT_INTERFACE (XDP_DBUS_TYPE_DOCUMENTS, xdp_dbus_documents_proxy_iface_init));
+ G_IMPLEMENT_INTERFACE (XDP_DBUS_TYPE_DOCUMENTS, xdp_dbus_documents_proxy_iface_init))
#else
G_DEFINE_TYPE_WITH_CODE (XdpDbusDocumentsProxy, xdp_dbus_documents_proxy, G_TYPE_DBUS_PROXY,
- G_IMPLEMENT_INTERFACE (XDP_DBUS_TYPE_DOCUMENTS, xdp_dbus_documents_proxy_iface_init));
+ G_IMPLEMENT_INTERFACE (XDP_DBUS_TYPE_DOCUMENTS, xdp_dbus_documents_proxy_iface_init))
#endif
static void
@@ -2164,8 +2164,8 @@
GVariantIter iter;
GVariant *child;
GValue *paramv;
- guint num_params;
- guint n;
+ gsize num_params;
+ gsize n;
guint signal_id;
info = (_ExtendedGDBusSignalInfo *) g_dbus_interface_info_lookup_signal ((GDBusInterfaceInfo *) &_xdp_dbus_documents_interface_info.parent_struct, signal_name);
if (info == NULL)
@@ -2481,9 +2481,9 @@
GVariantIter iter;
GVariant *child;
GValue *paramv;
- guint num_params;
+ gsize num_params;
guint num_extra;
- guint n;
+ gsize n;
guint signal_id;
GValue return_value = G_VALUE_INIT;
info = (_ExtendedGDBusMethodInfo *) g_dbus_method_invocation_get_method_info (invocation);
@@ -2657,11 +2657,11 @@
#if GLIB_VERSION_MAX_ALLOWED >= GLIB_VERSION_2_38
G_DEFINE_TYPE_WITH_CODE (XdpDbusDocumentsSkeleton, xdp_dbus_documents_skeleton, G_TYPE_DBUS_INTERFACE_SKELETON,
G_ADD_PRIVATE (XdpDbusDocumentsSkeleton)
- G_IMPLEMENT_INTERFACE (XDP_DBUS_TYPE_DOCUMENTS, xdp_dbus_documents_skeleton_iface_init));
+ G_IMPLEMENT_INTERFACE (XDP_DBUS_TYPE_DOCUMENTS, xdp_dbus_documents_skeleton_iface_init))
#else
G_DEFINE_TYPE_WITH_CODE (XdpDbusDocumentsSkeleton, xdp_dbus_documents_skeleton, G_TYPE_DBUS_INTERFACE_SKELETON,
- G_IMPLEMENT_INTERFACE (XDP_DBUS_TYPE_DOCUMENTS, xdp_dbus_documents_skeleton_iface_init));
+ G_IMPLEMENT_INTERFACE (XDP_DBUS_TYPE_DOCUMENTS, xdp_dbus_documents_skeleton_iface_init))
#endif
static void
diff -Nru --exclude configure --exclude po --exclude html flatpak-0.8.5/document-portal/xdp-dbus.h flatpak-0.8.6/document-portal/xdp-dbus.h
--- flatpak-0.8.5/document-portal/xdp-dbus.h 2016-10-28 10:02:39.000000000 +0100
+++ flatpak-0.8.6/document-portal/xdp-dbus.h 2017-06-05 13:46:17.000000000 +0100
@@ -1,5 +1,5 @@
/*
- * Generated by gdbus-codegen 2.51.0. DO NOT EDIT.
+ * Generated by gdbus-codegen 2.53.2. DO NOT EDIT.
*
* The license of this code is the same as for the source it was derived from.
*/
diff -Nru --exclude configure --exclude po --exclude html flatpak-0.8.5/lib/flatpak-version-macros.h flatpak-0.8.6/lib/flatpak-version-macros.h
--- flatpak-0.8.5/lib/flatpak-version-macros.h 2017-04-03 13:07:52.000000000 +0100
+++ flatpak-0.8.6/lib/flatpak-version-macros.h 2017-06-05 13:53:35.000000000 +0100
@@ -27,7 +27,7 @@
#define FLATPAK_MAJOR_VERSION (0)
#define FLATPAK_MINOR_VERSION (8)
-#define FLATPAK_MICRO_VERSION (5)
+#define FLATPAK_MICRO_VERSION (6)
#define FLATPAK_CHECK_VERSION(major,minor,micro) \
(FLATPAK_MAJOR_VERSION > (major) || \
diff -Nru --exclude configure --exclude po --exclude html flatpak-0.8.5/NEWS flatpak-0.8.6/NEWS
--- flatpak-0.8.5/NEWS 2017-04-03 13:06:41.000000000 +0100
+++ flatpak-0.8.6/NEWS 2017-06-05 13:52:34.000000000 +0100
@@ -1,3 +1,29 @@
+Major changes in 0.8.6
+======================
+
+ * TMPDIR is now unset in the sandbox, if set on the
+ host. Each sandbox has a personal /tmp that is used.
+ * Flatpak run now works if /tmp is a symlink on the
+ host.
+ * /etc/hosts and /etc/hosts.conf from the host are now exposed
+ in the sandbox in addition to /etc/resolv.conf.
+ * flatpak now stores the app id in the X-Flatpak key when exporting a
+ desktop file.
+ * Exports are now whitelisted, and the only thing you can
+ export are:
+ desktop files, icons, dbus services
+ This is somewhat different from the 0.9.x series, where als
+ mime definitions, and gnome-shell search providers are allowed.
+ * Fixed minor race condition in portal application identification.
+ * Support WAYLAND_DISPLAY environment var.
+ * dbus-portal: Fix handling of NameHasOwner
+ * run: Allow regular files for --filesystem=xdg-config/path
+ * run: Allow --filesystem=xdg-config/subdir:ro (previously
+ it needed to be writable).
+ * Support for updating to new gpg keys and url when using
+ flatpak remote-modify --update-metadata. This is a manual
+ operation in 0.8.x but is automatic in the 0.9.x series.
+
Major changes in 0.8.5
======================
diff -Nru --exclude configure --exclude po --exclude html flatpak-0.8.5/session-helper/flatpak-session-helper.c flatpak-0.8.6/session-helper/flatpak-session-helper.c
--- flatpak-0.8.5/session-helper/flatpak-session-helper.c 2017-03-30 08:17:39.000000000 +0100
+++ flatpak-0.8.6/session-helper/flatpak-session-helper.c 2017-06-05 13:45:42.000000000 +0100
@@ -529,6 +529,8 @@
}
setup_file_monitor ("/etc/resolv.conf");
+ setup_file_monitor ("/etc/host.conf");
+ setup_file_monitor ("/etc/hosts");
setup_file_monitor ("/etc/localtime");
flags = G_BUS_NAME_OWNER_FLAGS_ALLOW_REPLACEMENT;
diff -Nru --exclude configure --exclude po --exclude html flatpak-0.8.5/tests/package_version.txt flatpak-0.8.6/tests/package_version.txt
--- flatpak-0.8.5/tests/package_version.txt 2017-04-03 13:08:08.000000000 +0100
+++ flatpak-0.8.6/tests/package_version.txt 2017-06-05 13:53:35.000000000 +0100
@@ -1 +1 @@
-0.8.5
+0.8.6
Reply to: