Bug#888958: stretch-pu: package flatpak/0.8.9-0+deb9u1
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian.org@packages.debian.org
Usertags: pu
Alexander Larsson has released an update to the Flatpak 0.8.x branch,
fixing a sandbox bypass reported by Gabriel Campana of the Google security
team. It also contains a couple of other backported fixes. I would like
to include this in the next stretch point release; I have a tested build
ready for upload.
The Debian security team are not treating Flatpak sandboxing bypasses as
security vulnerabilities, on the basis that the sandboxed app provides its
own security policy, so no privilege boundary is crossed (in the absence
of a curated "app store" where changes to security policy are audited,
or a software-downloading UI that highlights security policy changes,
neither of which is widely deployed right now).
As always, please let me know if any of these changes are unacceptable
for stable: Flatpak 0.8.x is mostly released for our benefit.
Thanks,
smcv
flatpak (0.8.9-0+deb9u1) stretch; urgency=medium
* New upstream release backporting the following fixes from 0.10.x:
- common/flatpak-run.c: Ignore unrecognised permission strings
instead of failing, for forwards compatibility
- dbus-proxy/flatpak-proxy.c: Fix a D-Bus filtering bypass in
flatpak-dbus-proxy (Closes: #888842)
- profile/flatpak.sh.in: Simplify and improve profile.d snippet
(already done in Debian since 0.8.4-1, no practical effect)
* Drop our patch to profile/flatpak.sh.in, no longer necessary
* debian/control: Update Vcs-* metadata for salsa.d.o migration
-- Simon McVittie <smcv@debian.org> Tue, 30 Jan 2018 14:49:40 +0000
debdiff --exclude=configure --exclude=po flatpak_0.8.8-0+deb9u1.dsc flatpak_0.8.9-0+deb9u1.dsc
diffstat for flatpak-0.8.8 flatpak-0.8.9
NEWS | 12
common/flatpak-run.c | 81 +++---
configure.ac | 4
dbus-proxy/flatpak-proxy.c | 127 +++++++---
debian/changelog | 14 +
debian/control | 4
debian/patches/0.9.1/Improve-and-simplify-profile-snippet.patch | 46 ---
debian/patches/series | 1
doc/reference/html/flatpak-Version-information.html | 2
doc/reference/html/index.html | 2
lib/flatpak-version-macros.h | 2
profile/flatpak.sh.in | 8
tests/package_version.txt | 2
13 files changed, 171 insertions(+), 134 deletions(-)
diff -Nru --exclude configure --exclude po flatpak-0.8.8/common/flatpak-run.c flatpak-0.8.9/common/flatpak-run.c
--- flatpak-0.8.8/common/flatpak-run.c 2017-10-30 17:27:01.000000000 +0000
+++ flatpak-0.8.9/common/flatpak-run.c 2018-01-30 13:39:45.000000000 +0000
@@ -1242,13 +1242,16 @@
{
FlatpakContextShares share;
- share = flatpak_context_share_from_string (parse_negated (shares[i], &remove), error);
+ share = flatpak_context_share_from_string (parse_negated (shares[i], &remove), NULL);
if (share == 0)
- return FALSE;
- if (remove)
- flatpak_context_remove_shares (context, share);
+ g_debug ("Unknown share type %s", shares[i]);
else
- flatpak_context_add_shares (context, share);
+ {
+ if (remove)
+ flatpak_context_remove_shares (context, share);
+ else
+ flatpak_context_add_shares (context, share);
+ }
}
}
@@ -1261,13 +1264,16 @@
for (i = 0; sockets[i] != NULL; i++)
{
- FlatpakContextSockets socket = flatpak_context_socket_from_string (parse_negated (sockets[i], &remove), error);
+ FlatpakContextSockets socket = flatpak_context_socket_from_string (parse_negated (sockets[i], &remove), NULL);
if (socket == 0)
- return FALSE;
- if (remove)
- flatpak_context_remove_sockets (context, socket);
+ g_debug ("Unknown socket type %s", sockets[i]);
else
- flatpak_context_add_sockets (context, socket);
+ {
+ if (remove)
+ flatpak_context_remove_sockets (context, socket);
+ else
+ flatpak_context_add_sockets (context, socket);
+ }
}
}
@@ -1281,13 +1287,16 @@
for (i = 0; devices[i] != NULL; i++)
{
- FlatpakContextDevices device = flatpak_context_device_from_string (parse_negated (devices[i], &remove), error);
+ FlatpakContextDevices device = flatpak_context_device_from_string (parse_negated (devices[i], &remove), NULL);
if (device == 0)
- return FALSE;
- if (remove)
- flatpak_context_remove_devices (context, device);
+ g_debug ("Unknown device type %s", devices[i]);
else
- flatpak_context_add_devices (context, device);
+ {
+ if (remove)
+ flatpak_context_remove_devices (context, device);
+ else
+ flatpak_context_add_devices (context, device);
+ }
}
}
@@ -1301,13 +1310,16 @@
for (i = 0; features[i] != NULL; i++)
{
- FlatpakContextFeatures feature = flatpak_context_feature_from_string (parse_negated (features[i], &remove), error);
+ FlatpakContextFeatures feature = flatpak_context_feature_from_string (parse_negated (features[i], &remove), NULL);
if (feature == 0)
- return FALSE;
- if (remove)
- flatpak_context_remove_features (context, feature);
+ g_debug ("Unknown feature type %s", features[i]);
else
- flatpak_context_add_features (context, feature);
+ {
+ if (remove)
+ flatpak_context_remove_features (context, feature);
+ else
+ flatpak_context_add_features (context, feature);
+ }
}
}
@@ -1321,12 +1333,15 @@
for (i = 0; filesystems[i] != NULL; i++)
{
const char *fs = parse_negated (filesystems[i], &remove);
- if (!flatpak_context_verify_filesystem (fs, error))
- return FALSE;
- if (remove)
- flatpak_context_remove_filesystem (context, fs);
+ if (!flatpak_context_verify_filesystem (fs, NULL))
+ g_debug ("Unknown filesystem type %s", filesystems[i]);
else
- flatpak_context_add_filesystem (context, fs);
+ {
+ if (remove)
+ flatpak_context_remove_filesystem (context, fs);
+ else
+ flatpak_context_add_filesystem (context, fs);
+ }
}
}
@@ -1356,11 +1371,9 @@
if (!flatpak_verify_dbus_name (key, error))
return FALSE;
- policy = flatpak_policy_from_string (value, error);
- if ((int) policy == -1)
- return FALSE;
-
- flatpak_context_set_session_bus_policy (context, key, policy);
+ policy = flatpak_policy_from_string (value, NULL);
+ if ((int) policy != -1)
+ flatpak_context_set_session_bus_policy (context, key, policy);
}
}
@@ -1379,11 +1392,9 @@
if (!flatpak_verify_dbus_name (key, error))
return FALSE;
- policy = flatpak_policy_from_string (value, error);
- if ((int) policy == -1)
- return FALSE;
-
- flatpak_context_set_system_bus_policy (context, key, policy);
+ policy = flatpak_policy_from_string (value, NULL);
+ if ((int) policy != -1)
+ flatpak_context_set_system_bus_policy (context, key, policy);
}
}
diff -Nru --exclude configure --exclude po flatpak-0.8.8/configure.ac flatpak-0.8.9/configure.ac
--- flatpak-0.8.8/configure.ac 2017-10-30 17:48:41.000000000 +0000
+++ flatpak-0.8.9/configure.ac 2018-01-30 13:42:43.000000000 +0000
@@ -15,8 +15,8 @@
m4_define([flatpak_major_version], [0])
m4_define([flatpak_minor_version], [8])
-m4_define([flatpak_micro_version], [8])
-m4_define([flatpak_interface_age], [8])
+m4_define([flatpak_micro_version], [9])
+m4_define([flatpak_interface_age], [9])
m4_define([flatpak_binary_age],
[m4_eval(10000 * flatpak_major_version + 100 * flatpak_minor_version + flatpak_micro_version)])
m4_define([flatpak_version],
diff -Nru --exclude configure --exclude po flatpak-0.8.8/dbus-proxy/flatpak-proxy.c flatpak-0.8.9/dbus-proxy/flatpak-proxy.c
--- flatpak-0.8.8/dbus-proxy/flatpak-proxy.c 2017-10-30 17:27:01.000000000 +0000
+++ flatpak-0.8.9/dbus-proxy/flatpak-proxy.c 2018-01-30 13:39:45.000000000 +0000
@@ -173,10 +173,11 @@
FlatpakPolicy flatpak_proxy_get_policy (FlatpakProxy *proxy,
const char *name);
-/* We start looking ignoring the first cr-lf
- since there is no previous line initially */
-#define AUTH_END_INIT_OFFSET 2
-#define AUTH_END_STRING "\r\nBEGIN\r\n"
+#define FIND_AUTH_END_CONTINUE -1
+#define FIND_AUTH_END_ABORT -2
+
+#define AUTH_LINE_SENTINEL "\r\n"
+#define AUTH_BEGIN "BEGIN"
typedef enum {
EXPECTED_REPLY_NONE,
@@ -251,7 +252,7 @@
FlatpakProxy *proxy;
gboolean authenticated;
- int auth_end_offset;
+ GByteArray *auth_buffer;
ProxySide client_side;
ProxySide bus_side;
@@ -363,6 +364,7 @@
client->proxy->clients = g_list_remove (client->proxy->clients, client);
g_clear_object (&client->proxy);
+ g_byte_array_free (client->auth_buffer, TRUE);
g_hash_table_destroy (client->rewrite_reply);
g_hash_table_destroy (client->get_owner_reply);
g_hash_table_destroy (client->unique_id_policy);
@@ -398,7 +400,7 @@
init_side (client, &client->client_side);
init_side (client, &client->bus_side);
- client->auth_end_offset = AUTH_END_INIT_OFFSET;
+ client->auth_buffer = g_byte_array_new ();
client->rewrite_reply = g_hash_table_new_full (g_direct_hash, g_direct_equal, NULL, g_object_unref);
client->get_owner_reply = g_hash_table_new_full (g_direct_hash, g_direct_equal, NULL, g_free);
client->unique_id_policy = g_hash_table_new_full (g_str_hash, g_str_equal, g_free, NULL);
@@ -2203,51 +2205,92 @@
got_buffer_from_bus (client, side, buffer);
}
+#define _DBUS_ISASCII(c) ((c) != '\0' && (((c) & ~0x7f) == 0))
+
+static gboolean
+auth_line_is_valid (guint8 *line, guint8 *line_end)
+{
+ guint8 *p;
+
+ for (p = line; p < line_end; p++)
+ {
+ if (!_DBUS_ISASCII(*p))
+ return FALSE;
+
+ /* Technically, the dbus spec allows all ASCII characters, but for robustness we also
+ fail if we see any control characters. Such low values will appear in potential attacks,
+ but will never happen in real sasl (where all binary data is hex encoded). */
+ if (*p < ' ')
+ return FALSE;
+ }
+
+ /* For robustness we require the first char of the line to be an upper case letter.
+ This is not technically required by the dbus spec, but all commands are upper
+ case, and there is no provisioning for whitespace before the command, so in practice
+ this is true, and this means we're not confused by e.g. initial whitespace. */
+ if (line[0] < 'A' || line[0] > 'Z')
+ return FALSE;
+
+ return TRUE;
+}
+
+static gboolean
+auth_line_is_begin (guint8 *line)
+{
+ guint8 next_char;
+
+ if (!g_str_has_prefix ((char *)line, AUTH_BEGIN))
+ return FALSE;
+
+ /* dbus-daemon accepts either nothing, or a whitespace followed by anything as end of auth */
+ next_char = line[strlen (AUTH_BEGIN)];
+ return (next_char == 0 ||
+ next_char == ' ' ||
+ next_char == '\t');
+}
+
static gssize
find_auth_end (FlatpakProxyClient *client, Buffer *buffer)
{
- guchar *match;
- int i;
+ goffset offset = 0;
+ gsize original_size = client->auth_buffer->len;
+
+ /* Add the new data to the remaining data from last iteration */
+ g_byte_array_append (client->auth_buffer, buffer->data, buffer->pos);
- /* First try to match any leftover at the start */
- if (client->auth_end_offset > 0)
+ while (TRUE)
{
- gsize left = strlen (AUTH_END_STRING) - client->auth_end_offset;
- gsize to_match = MIN (left, buffer->pos);
- /* Matched at least up to to_match */
- if (memcmp (buffer->data, &AUTH_END_STRING[client->auth_end_offset], to_match) == 0)
+ guint8 *line_start = client->auth_buffer->data + offset;
+ gsize remaining_data = client->auth_buffer->len - offset;
+ guint8 *line_end;
+
+ line_end = memmem (line_start, remaining_data,
+ AUTH_LINE_SENTINEL, strlen (AUTH_LINE_SENTINEL));
+ if (line_end) /* Found end of line */
{
- client->auth_end_offset += to_match;
+ offset = (line_end + strlen (AUTH_LINE_SENTINEL) - line_start);
- /* Matched all */
- if (client->auth_end_offset == strlen (AUTH_END_STRING))
- return to_match;
+ if (!auth_line_is_valid (line_start, line_end))
+ return FIND_AUTH_END_ABORT;
- /* Matched to end of buffer */
- return -1;
- }
+ *line_end = 0;
+ if (auth_line_is_begin (line_start))
+ return offset - original_size;
- /* Did not actually match at start */
- client->auth_end_offset = -1;
- }
+ /* continue with next line */
+ }
+ else
+ {
+ /* No end-of-line in this buffer */
+ g_byte_array_remove_range (client->auth_buffer, 0, offset);
- /* Look for whole match inside buffer */
- match = memmem (buffer, buffer->pos,
- AUTH_END_STRING, strlen (AUTH_END_STRING));
- if (match != NULL)
- return match - buffer->data + strlen (AUTH_END_STRING);
+ /* Abort if more than 16k before newline, similar to what dbus-daemon does */
+ if (client->auth_buffer->len >= 16*1024)
+ return FIND_AUTH_END_ABORT;
- /* Record longest prefix match at the end */
- for (i = MIN (strlen (AUTH_END_STRING) - 1, buffer->pos); i > 0; i--)
- {
- if (memcmp (buffer->data + buffer->pos - i, AUTH_END_STRING, i) == 0)
- {
- client->auth_end_offset = i;
- break;
+ return FIND_AUTH_END_CONTINUE;
}
}
-
- return -1;
}
static gboolean
@@ -2306,6 +2349,14 @@
if (extra_data > 0)
side->extra_input_data = g_bytes_new (buffer->data + buffer->size, extra_data);
}
+ else if (auth_end == FIND_AUTH_END_ABORT)
+ {
+ buffer_unref (buffer);
+ if (client->proxy->log_messages)
+ g_print ("Invalid AUTH line, aborting\n");
+ side_closed (side);
+ break;
+ }
}
got_buffer_from_side (side, buffer);
diff -Nru --exclude configure --exclude po flatpak-0.8.8/debian/changelog flatpak-0.8.9/debian/changelog
--- flatpak-0.8.8/debian/changelog 2017-10-31 18:51:01.000000000 +0000
+++ flatpak-0.8.9/debian/changelog 2018-01-30 14:49:40.000000000 +0000
@@ -1,3 +1,17 @@
+flatpak (0.8.9-0+deb9u1) stretch; urgency=medium
+
+ * New upstream release backporting the following fixes from 0.10.x:
+ - common/flatpak-run.c: Ignore unrecognised permission strings
+ instead of failing, for forwards compatibility
+ - dbus-proxy/flatpak-proxy.c: Fix a D-Bus filtering bypass in
+ flatpak-dbus-proxy (Closes: #888842)
+ - profile/flatpak.sh.in: Simplify and improve profile.d snippet
+ (already done in Debian since 0.8.4-1, no practical effect)
+ * Drop our patch to profile/flatpak.sh.in, no longer necessary
+ * debian/control: Update Vcs-* metadata for salsa.d.o migration
+
+ -- Simon McVittie <smcv@debian.org> Tue, 30 Jan 2018 14:49:40 +0000
+
flatpak (0.8.8-0+deb9u1) stretch; urgency=medium
* d/watch: Watch for new 0.8.x versions
diff -Nru --exclude configure --exclude po flatpak-0.8.8/debian/control flatpak-0.8.9/debian/control
--- flatpak-0.8.8/debian/control 2017-10-31 18:51:01.000000000 +0000
+++ flatpak-0.8.9/debian/control 2018-01-30 14:49:40.000000000 +0000
@@ -45,8 +45,8 @@
xsltproc,
Standards-Version: 3.9.8
Homepage: http://flatpak.org/
-Vcs-Git: https://anonscm.debian.org/git/collab-maint/flatpak.git
-Vcs-Browser: https://anonscm.debian.org/cgit/collab-maint/flatpak.git
+Vcs-Git: https://salsa.debian.org/debian/flatpak.git
+Vcs-Browser: https://salsa.debian.org/debian/flatpak
Package: flatpak
Architecture: linux-any
diff -Nru --exclude configure --exclude po flatpak-0.8.8/debian/patches/0.9.1/Improve-and-simplify-profile-snippet.patch flatpak-0.8.9/debian/patches/0.9.1/Improve-and-simplify-profile-snippet.patch
--- flatpak-0.8.8/debian/patches/0.9.1/Improve-and-simplify-profile-snippet.patch 2017-10-31 18:51:01.000000000 +0000
+++ flatpak-0.8.9/debian/patches/0.9.1/Improve-and-simplify-profile-snippet.patch 1970-01-01 01:00:00.000000000 +0100
@@ -1,46 +0,0 @@
-From: Simon McVittie <smcv@debian.org>
-Date: Fri, 10 Mar 2017 20:01:49 +0000
-Subject: Improve and simplify profile snippet
-
-Avoid setting a temporary variable flatpak_dirs which, while not
-exported to the environment, would still be defined as a
-shell "parameter" (variable) in the login shell itself.
-
-Consistently put the Flatpak directories before other XDG_DATA_DIRS,
-rather than putting them last if XDG_DATA_DIRS happens to be already
-set.
-
-Expand XDG_DATA_HOME if necessary, rather than assuming it will
-always be ~/.local/share.
-
-I don't know exactly which shells source profile.d, but it's possible
-that one of them might only implement POSIX test syntax, so prefer
-[ x = y ] over [ x == y ].
-
-Fix some insufficient quoting that could have gone wrong if
-XDG_DATA_DIRS somehow contained spaces.
-
-Signed-off-by: Simon McVittie <smcv@debian.org>
-Applied-upstream: 0.9.1, commit:e572311a26911b74e96c593987e250fb4bbc532b
----
- profile/flatpak.sh.in | 8 ++------
- 1 file changed, 2 insertions(+), 6 deletions(-)
-
-diff --git a/profile/flatpak.sh.in b/profile/flatpak.sh.in
-index cc9c342..8b350e8 100644
---- a/profile/flatpak.sh.in
-+++ b/profile/flatpak.sh.in
-@@ -1,11 +1,7 @@
- # @sysconfdir@/profile.d/flatpak.sh - set XDG_DATA_DIRS
-
--flatpak_dirs=$HOME/.local/share/flatpak/exports/share/:@localstatedir@/lib/flatpak/exports/share/
--
--if [ -z "${XDG_DATA_DIRS}" ]; then
-- XDG_DATA_DIRS="$flatpak_dirs:/usr/local/share/:/usr/share/"
--elif [ "${XDG_DATA_DIRS#*flatpak}" == ${XDG_DATA_DIRS} ]; then
-- XDG_DATA_DIRS="$XDG_DATA_DIRS:$flatpak_dirs"
-+if [ "${XDG_DATA_DIRS#*flatpak}" = "${XDG_DATA_DIRS}" ]; then
-+ XDG_DATA_DIRS="${XDG_DATA_HOME:-"$HOME/.local/share"}/flatpak/exports/share:@localstatedir@/lib/flatpak/exports/share:${XDG_DATA_DIRS:-/usr/local/share:/usr/share}"
- fi
-
- export XDG_DATA_DIRS
diff -Nru --exclude configure --exclude po flatpak-0.8.8/debian/patches/series flatpak-0.8.9/debian/patches/series
--- flatpak-0.8.8/debian/patches/series 2017-10-31 18:51:01.000000000 +0000
+++ flatpak-0.8.9/debian/patches/series 1970-01-01 01:00:00.000000000 +0100
@@ -1 +0,0 @@
-0.9.1/Improve-and-simplify-profile-snippet.patch
diff -Nru --exclude configure --exclude po flatpak-0.8.8/doc/reference/html/flatpak-Version-information.html flatpak-0.8.9/doc/reference/html/flatpak-Version-information.html
--- flatpak-0.8.8/doc/reference/html/flatpak-Version-information.html 2017-10-31 12:49:13.000000000 +0000
+++ flatpak-0.8.9/doc/reference/html/flatpak-Version-information.html 2018-01-30 13:45:37.000000000 +0000
@@ -81,7 +81,7 @@
<hr>
<div class="refsect2">
<a name="FLATPAK-MICRO-VERSION:CAPS"></a><h3>FLATPAK_MICRO_VERSION</h3>
-<pre class="programlisting">#define FLATPAK_MICRO_VERSION (8)
+<pre class="programlisting">#define FLATPAK_MICRO_VERSION (9)
</pre>
</div>
<hr>
diff -Nru --exclude configure --exclude po flatpak-0.8.8/doc/reference/html/index.html flatpak-0.8.9/doc/reference/html/index.html
--- flatpak-0.8.8/doc/reference/html/index.html 2017-10-31 12:49:13.000000000 +0000
+++ flatpak-0.8.9/doc/reference/html/index.html 2018-01-30 13:45:37.000000000 +0000
@@ -15,7 +15,7 @@
<div>
<div><table class="navigation" id="top" width="100%" cellpadding="2" cellspacing="0"><tr><th valign="middle"><p class="title">Flatpak Library Reference Manual</p></th></tr></table></div>
<div><p class="releaseinfo">
- For flatpak 0.8.8
+ For flatpak 0.8.9
</p></div>
</div>
diff -Nru --exclude configure --exclude po flatpak-0.8.8/lib/flatpak-version-macros.h flatpak-0.8.9/lib/flatpak-version-macros.h
--- flatpak-0.8.8/lib/flatpak-version-macros.h 2017-10-31 10:33:24.000000000 +0000
+++ flatpak-0.8.9/lib/flatpak-version-macros.h 2018-01-30 13:44:42.000000000 +0000
@@ -27,7 +27,7 @@
#define FLATPAK_MAJOR_VERSION (0)
#define FLATPAK_MINOR_VERSION (8)
-#define FLATPAK_MICRO_VERSION (8)
+#define FLATPAK_MICRO_VERSION (9)
#define FLATPAK_CHECK_VERSION(major,minor,micro) \
(FLATPAK_MAJOR_VERSION > (major) || \
diff -Nru --exclude configure --exclude po flatpak-0.8.8/NEWS flatpak-0.8.9/NEWS
--- flatpak-0.8.8/NEWS 2017-10-30 17:48:26.000000000 +0000
+++ flatpak-0.8.9/NEWS 2018-01-30 13:41:01.000000000 +0000
@@ -1,3 +1,15 @@
+Major changes in 0.8.9
+======================
+
+This is a security fix release that fixes a sandbox escape in the
+flatpak dbus proxy. This issue was found by Gabriel Campana of The
+Google Security Team.
+
+ * Fix dbus proxy vulnerability in authentication phase
+ * Make permission handling ignore unknown permissions for forwards
+ compatibility
+ * Improved profile snippet
+
Major changes in 0.8.8
======================
diff -Nru --exclude configure --exclude po flatpak-0.8.8/profile/flatpak.sh.in flatpak-0.8.9/profile/flatpak.sh.in
--- flatpak-0.8.8/profile/flatpak.sh.in 2017-10-30 17:26:58.000000000 +0000
+++ flatpak-0.8.9/profile/flatpak.sh.in 2017-12-15 12:00:42.000000000 +0000
@@ -1,11 +1,7 @@
# @sysconfdir@/profile.d/flatpak.sh - set XDG_DATA_DIRS
-flatpak_dirs=$HOME/.local/share/flatpak/exports/share/:@localstatedir@/lib/flatpak/exports/share/
-
-if [ -z "${XDG_DATA_DIRS}" ]; then
- XDG_DATA_DIRS="$flatpak_dirs:/usr/local/share/:/usr/share/"
-elif [ "${XDG_DATA_DIRS#*flatpak}" == ${XDG_DATA_DIRS} ]; then
- XDG_DATA_DIRS="$XDG_DATA_DIRS:$flatpak_dirs"
+if [ "${XDG_DATA_DIRS#*flatpak}" = "${XDG_DATA_DIRS}" ]; then
+ XDG_DATA_DIRS="${XDG_DATA_HOME:-"$HOME/.local/share"}/flatpak/exports/share:@localstatedir@/lib/flatpak/exports/share:${XDG_DATA_DIRS:-/usr/local/share:/usr/share}"
fi
export XDG_DATA_DIRS
diff -Nru --exclude configure --exclude po flatpak-0.8.8/tests/package_version.txt flatpak-0.8.9/tests/package_version.txt
--- flatpak-0.8.8/tests/package_version.txt 2017-10-31 10:33:33.000000000 +0000
+++ flatpak-0.8.9/tests/package_version.txt 2018-01-30 13:45:30.000000000 +0000
@@ -1 +1 @@
-0.8.8
+0.8.9
Reply to: