--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: stretch-pu: package flatpak/0.8.8-0+deb9u1
- From: Simon McVittie <smcv@debian.org>
- Date: Mon, 4 Dec 2017 15:45:40 +0000
- Message-id: <20171204154105.GA22416@perpetual.pseudorandom.co.uk>
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian.org@packages.debian.org
Usertags: pu
The upstream maintainer of Flatpak has made a 0.8.8 release, which
collects the patches we apply to 0.8.7 in stretch, together with some
more fixes backported from the 0.10.x branch. I would like to update
stretch to this release.
Because we already apply a bunch of patches, the attached diff was made
by unpacking the 0.8.7 and 0.8.8 packages, comparing the two patched
trees, and ignoring the actual patches (together with Autotools noise,
documentation noise and translation updates):
dpkg-source -x flatpak_0.8.7-2~deb9u1.dsc
dpkg-source -x flatpak_0.8.8-0+deb9u1.dsc
diff -Nru flatpak-0.8.7 flatpak-0.8.8 | \
filterdiff -p1 --exclude=.pc/\* --exclude=debian/patches/0.8.8/\* \
--exclude=po/\*.po --exclude=po/\*.pot --exclude=py-compile \
--exclude=INSTALL --exclude=gtk-doc.make --exclude=Makefile.in \
--exclude=doc/reference/Makefile.in --exclude=doc/reference/html/\*.html \
--exclude configure | \
pee diffstat sponge > flatpak_0.8.8-0+deb9u1.diff
Full source debdiff without those filters available here:
https://people.debian.org/~smcv/flatpak_0.8.8-0+deb9u1_full.diff.gz
Annotated changelog below. As usual, please let me know if there is
anything that I should query or get reverted. Debian is the main consumer
of the 0.8.x branch, so if it isn't useful to us, it isn't useful.
Thanks,
smcv
----
> Add compatibility with ostree ≥ 2017.7 (in Debian, the same
> changes were already in 0.8.7-2)
>
> d/p/0.8.8/: Drop patches that added compatibility with
> ostree ≥ 2017.7, no longer necessary
(debian/patches/series is the only sign of this in the diff)
No practical effect.
> Security: Do not allow legacy eavesdropping on the D-Bus
> session bus (Closes: #880451)
(dbus-proxy/flatpak-proxy.c lines >= 1358)
Sandboxed applications with filtered/proxied access to the D-Bus session
bus could have used this to spy on other applications. Florian Weimer
has indicated that the security team do not consider this DSA-worthy.
> Ensure that LD_LIBRARY_PATH is in the correct order, respecting
> extensions' priorities
> Ensure that extensions are mounted in the correct order even if
> they have differing priorities, fixing Steam
(common/flatpak-run.c, lines < 2500)
Extensions are a way to provide extra "plugins" for an app or runtime.
One of the things they can do is to prepend library directories (for
example the proprietary NVIDIA graphics driver or a newer version of
Mesa) to LD_LIBRARY_PATH, with a concept of priority to determine which
extension "wins". In some cases they were applied in the wrong order,
causing an unintended library to be used.
> Remove PYTHONPATH, PERLLIB, PERL5LIB, XCURSOR_PATH from the
> environment given to sandboxed apps
(common/flatpak-run.c @@ -2894,6 +2936,13 @@)
Host-side search paths are rarely right for the sandboxed app,
because they contain entries that have a different meaning inside the
sandbox. Flatpak now scrubs a few more of these from the environment.
> Give each app a persistent cache directory for fontconfig
(common/flatpak-run.c lines >= 3000)
Apps with different runtimes or options might see different fonts, so
they would do the wrong thing if they shared a cache. We need to write
each app's font cache to a different place.
> Make /usr/share/icons available in the sandbox so that sandboxed
> apps can use the host's icon theme
(common/flatpak-run.c lines >= 3000)
If the user has chosen a non-standard theme that isn't present in the
container runtime, we want their chosen icon style to show up.
> Disable debug-level FUSE logging for the document portal
(document-portal/xdp-fuse.c)
This was presumably left over from debugging some issue. It shouldn't
have been enabled in production unless specifically requested.
> Make the * wildcard at the end of a D-Bus filtering rule match
> zero or more components, so --talk="com.example.Foo.*" behaves
> the same as D-Bus' arg0namespace="com.example.Foo". Previously,
> it would only match exactly one component. This matches a proposed
> design for integrating equivalent filtering into future dbus
> versions.
(dbus-proxy/flatpak-proxy.c lines < 1358)
dbus-daemon already has features that match messages with a particular
subset of bus names, and so did Flatpak's D-Bus proxy, but their
behaviour didn't match. Now they do. This makes the D-Bus proxy slightly
more lenient, but is unlikely to have any significant practical effect.
----
NEWS | 18 ++++++++
common/flatpak-run.c | 89 +++++++++++++++++++++++++++++++++++++------
configure.ac | 4 -
dbus-proxy/flatpak-proxy.c | 60 +++++++++++++++++++++++-----
debian/changelog | 30 ++++++++++++++
debian/patches/series | 4 -
debian/watch | 2
document-portal/xdp-dbus.c | 2
document-portal/xdp-dbus.h | 2
document-portal/xdp-fuse.c | 2
lib/flatpak-version-macros.h | 2
po/de.gmo |binary
po/hu.gmo |binary
po/pl.gmo |binary
po/pt_BR.gmo |binary
po/ru.gmo |binary
po/sk.gmo |binary
po/sv.gmo |binary
po/uk.gmo |binary
tests/package_version.txt | 2
20 files changed, 182 insertions(+), 35 deletions(-)
diff -Nru flatpak-0.8.7/common/flatpak-run.c flatpak-0.8.8/common/flatpak-run.c
--- flatpak-0.8.7/common/flatpak-run.c 2017-06-20 14:17:13.000000000 +0100
+++ flatpak-0.8.8/common/flatpak-run.c 2017-10-30 17:27:01.000000000 +0000
@@ -2187,6 +2187,16 @@
}
}
+static int
+flatpak_extension_compare_by_path (gconstpointer _a,
+ gconstpointer _b)
+{
+ const FlatpakExtension *a = _a;
+ const FlatpakExtension *b = _b;
+
+ return g_strcmp0 (a->directory, b->directory);
+}
+
gboolean
flatpak_run_add_extension_args (GPtrArray *argv_array,
char ***envp_p,
@@ -2197,7 +2207,8 @@
{
g_auto(GStrv) parts = NULL;
gboolean is_app;
- GList *extensions, *l;
+ GList *extensions, *path_sorted_extensions, *l;
+ g_autoptr(GString) ld_library_path = g_string_new ("");
g_autoptr(GHashTable) mounted_tmpfs =
g_hash_table_new_full (g_str_hash, g_str_equal, g_free, NULL);
g_autoptr(GHashTable) created_symlink =
@@ -2212,14 +2223,18 @@
extensions = flatpak_list_extensions (metakey,
parts[2], parts[3]);
- for (l = extensions; l != NULL; l = l->next)
+ /* First we apply all the bindings, they are sorted alphabetically in order for parent directory
+ to be mounted before child directories */
+ path_sorted_extensions = g_list_copy (extensions);
+ path_sorted_extensions = g_list_sort (path_sorted_extensions, flatpak_extension_compare_by_path);
+
+ for (l = path_sorted_extensions; l != NULL; l = l->next)
{
FlatpakExtension *ext = l->data;
g_autofree char *directory = g_build_filename (is_app ? "/app" : "/usr", ext->directory, NULL);
g_autofree char *full_directory = g_build_filename (directory, ext->subdir_suffix, NULL);
g_autofree char *ref = g_build_filename (full_directory, ".ref", NULL);
g_autofree char *real_ref = g_build_filename (ext->files_path, ext->directory, ".ref", NULL);
- int i;
if (ext->needs_tmpfs)
{
@@ -2242,19 +2257,25 @@
add_args (argv_array,
"--lock-file", ref,
NULL);
+ }
+
+ g_list_free (path_sorted_extensions);
+
+ /* Then apply library directories and file merging, in extension prio order */
+
+ for (l = extensions; l != NULL; l = l->next)
+ {
+ FlatpakExtension *ext = l->data;
+ g_autofree char *directory = g_build_filename (is_app ? "/app" : "/usr", ext->directory, NULL);
+ g_autofree char *full_directory = g_build_filename (directory, ext->subdir_suffix, NULL);
+ int i;
if (ext->add_ld_path)
{
g_autofree char *ld_path = g_build_filename (full_directory, ext->add_ld_path, NULL);
- const gchar *old_ld_path = g_environ_getenv (*envp_p, "LD_LIBRARY_PATH");
- g_autofree char *new_ld_path = NULL;
-
- if (old_ld_path != NULL)
- new_ld_path = g_strconcat (old_ld_path, ":", ld_path, NULL);
- else
- new_ld_path = g_strdup (new_ld_path);
-
- *envp_p = g_environ_setenv (*envp_p, "LD_LIBRARY_PATH", new_ld_path , TRUE);
+ if (ld_library_path->len != 0)
+ g_string_append (ld_library_path, ":");
+ g_string_append (ld_library_path, ld_path);
}
for (i = 0; ext->merge_dirs != NULL && ext->merge_dirs[i] != NULL; i++)
@@ -2286,6 +2307,27 @@
g_list_free_full (extensions, (GDestroyNotify) flatpak_extension_free);
+ if (ld_library_path->len != 0)
+ {
+ const gchar *old_ld_path = g_environ_getenv (*envp_p, "LD_LIBRARY_PATH");
+
+ if (old_ld_path != NULL && *old_ld_path != 0)
+ {
+ if (is_app)
+ {
+ g_string_append (ld_library_path, ":");
+ g_string_append (ld_library_path, old_ld_path);
+ }
+ else
+ {
+ g_string_prepend (ld_library_path, ":");
+ g_string_prepend (ld_library_path, old_ld_path);
+ }
+ }
+
+ *envp_p = g_environ_setenv (*envp_p, "LD_LIBRARY_PATH", ld_library_path->str , TRUE);
+ }
+
return TRUE;
}
@@ -2894,6 +2936,13 @@
{"XDG_DATA_DIRS", "/app/share:/usr/share"},
{"SHELL", "/bin/sh"},
{"TMPDIR", NULL}, /* Unset TMPDIR as it may not exist in the sandbox */
+
+ /* Some env vars are common enough and will affect the sandbox badly
+ if set on the host. We clear these always. */
+ {"PYTHONPATH", NULL},
+ {"PERLLIB", NULL},
+ {"PERL5LIB", NULL},
+ {"XCURSOR_PATH", NULL},
};
static const struct {const char *env;
@@ -3057,6 +3106,7 @@
g_autoptr(GFile) dir = flatpak_get_data_dir (app_id);
g_autoptr(GFile) data_dir = g_file_get_child (dir, "data");
g_autoptr(GFile) cache_dir = g_file_get_child (dir, "cache");
+ g_autoptr(GFile) fontconfig_cache_dir = g_file_get_child (cache_dir, "fontconfig");
g_autoptr(GFile) tmp_dir = g_file_get_child (cache_dir, "tmp");
g_autoptr(GFile) config_dir = g_file_get_child (dir, "config");
@@ -3066,6 +3116,9 @@
if (!flatpak_mkdir_p (cache_dir, cancellable, error))
return NULL;
+ if (!flatpak_mkdir_p (fontconfig_cache_dir, cancellable, error))
+ return NULL;
+
if (!flatpak_mkdir_p (tmp_dir, cancellable, error))
return NULL;
@@ -3219,6 +3272,17 @@
}
static void
+add_icon_path_args (GPtrArray *argv_array)
+{
+ if (g_file_test ("/usr/share/icons", G_FILE_TEST_IS_DIR))
+ {
+ add_args (argv_array,
+ "--ro-bind", "/usr/share/icons", "/run/host/share/icons",
+ NULL);
+ }
+}
+
+static void
add_default_permissions (FlatpakContext *app_context)
{
flatpak_context_set_session_bus_policy (app_context,
@@ -4325,6 +4389,7 @@
app_ref_parts[1], app_context, app_id_dir);
flatpak_run_add_journal_args (argv_array);
add_font_path_args (argv_array);
+ add_icon_path_args (argv_array);
/* Must run this before spawning the dbus proxy, to ensure it
ends up in the app cgroup */
diff -Nru flatpak-0.8.7/configure.ac flatpak-0.8.8/configure.ac
--- flatpak-0.8.7/configure.ac 2017-06-20 14:24:11.000000000 +0100
+++ flatpak-0.8.8/configure.ac 2017-10-30 17:48:41.000000000 +0000
@@ -15,8 +15,8 @@
m4_define([flatpak_major_version], [0])
m4_define([flatpak_minor_version], [8])
-m4_define([flatpak_micro_version], [7])
-m4_define([flatpak_interface_age], [7])
+m4_define([flatpak_micro_version], [8])
+m4_define([flatpak_interface_age], [8])
m4_define([flatpak_binary_age],
[m4_eval(10000 * flatpak_major_version + 100 * flatpak_minor_version + flatpak_micro_version)])
m4_define([flatpak_version],
diff -Nru flatpak-0.8.7/dbus-proxy/flatpak-proxy.c flatpak-0.8.8/dbus-proxy/flatpak-proxy.c
--- flatpak-0.8.7/dbus-proxy/flatpak-proxy.c 2017-06-20 14:17:13.000000000 +0100
+++ flatpak-0.8.8/dbus-proxy/flatpak-proxy.c 2017-10-30 17:27:01.000000000 +0000
@@ -338,8 +338,6 @@
return buffer;
}
-G_DEFINE_AUTOPTR_CLEANUP_FUNC (Buffer, buffer_unref)
-
static void
free_side (ProxySide *side)
{
@@ -424,18 +422,19 @@
static FlatpakPolicy
flatpak_proxy_get_wildcard_policy (FlatpakProxy *proxy,
- const char *name)
+ const char *_name)
{
- guint wildcard_policy = 0;
+ guint policy, wildcard_policy = 0;
char *dot;
- char buffer[256];
+ g_autofree char *name = g_strdup (_name);
- dot = strrchr (name, '.');
- if (dot && (dot - name) <= 255)
+ dot = name + strlen (name);
+ while (dot)
{
- strncpy (buffer, name, dot - name);
- buffer[dot - name] = 0;
- wildcard_policy = GPOINTER_TO_INT (g_hash_table_lookup (proxy->wildcard_policy, buffer));
+ *dot = 0;
+ policy = GPOINTER_TO_INT (g_hash_table_lookup (proxy->wildcard_policy, name));
+ wildcard_policy = MAX (wildcard_policy, policy);
+ dot = strrchr (name, '.');
}
return wildcard_policy;
@@ -1359,6 +1358,7 @@
HANDLE_VALIDATE_OWN,
HANDLE_VALIDATE_SEE,
HANDLE_VALIDATE_TALK,
+ HANDLE_VALIDATE_MATCH,
} BusHandler;
static gboolean
@@ -1420,8 +1420,10 @@
if (method == NULL)
return HANDLE_DENY;
+ if (strcmp (method, "AddMatch") == 0)
+ return HANDLE_VALIDATE_MATCH;
+
if (strcmp (method, "Hello") == 0 ||
- strcmp (method, "AddMatch") == 0 ||
strcmp (method, "RemoveMatch") == 0 ||
strcmp (method, "GetId") == 0)
return HANDLE_PASS;
@@ -1503,6 +1505,28 @@
}
static gboolean
+validate_arg0_match (FlatpakProxyClient *client, Buffer *buffer)
+{
+ GDBusMessage *message = g_dbus_message_new_from_blob (buffer->data, buffer->size, 0, NULL);
+ GVariant *body, *arg0;
+ const char *match;
+ gboolean res = TRUE;
+
+ if (message != NULL &&
+ (body = g_dbus_message_get_body (message)) != NULL &&
+ (arg0 = g_variant_get_child_value (body, 0)) != NULL &&
+ g_variant_is_of_type (arg0, G_VARIANT_TYPE_STRING))
+ {
+ match = g_variant_get_string (arg0, NULL);
+ if (strstr (match, "eavesdrop=") != NULL)
+ res = FALSE;
+ }
+
+ g_object_unref (message);
+ return res;
+}
+
+static gboolean
validate_arg0_name (FlatpakProxyClient *client, Buffer *buffer, FlatpakPolicy required_policy, FlatpakPolicy *has_policy)
{
GDBusMessage *message = g_dbus_message_new_from_blob (buffer->data, buffer->size, 0, NULL);
@@ -1884,6 +1908,20 @@
expecting_reply = EXPECTED_REPLY_REWRITE;
break;
}
+
+ goto handle_pass;
+
+ case HANDLE_VALIDATE_MATCH:
+ if (!validate_arg0_match (client, buffer))
+ {
+ if (client->proxy->log_messages)
+ g_print ("*DENIED* (ping)\n");
+ g_clear_pointer (&buffer, buffer_unref);
+ buffer = get_error_for_roundtrip (client, header,
+ "org.freedesktop.DBus.Error.AccessDenied");
+ expecting_reply = EXPECTED_REPLY_REWRITE;
+ break;
+ }
goto handle_pass;
diff -Nru flatpak-0.8.7/debian/changelog flatpak-0.8.8/debian/changelog
--- flatpak-0.8.7/debian/changelog 2017-07-31 08:44:53.000000000 +0100
+++ flatpak-0.8.8/debian/changelog 2017-10-31 18:51:01.000000000 +0000
@@ -1,3 +1,33 @@
+flatpak (0.8.8-0+deb9u1) stretch; urgency=medium
+
+ * d/watch: Watch for new 0.8.x versions
+ * New upstream release from 0.8.x branch, backporting the following
+ fixes from 0.10.x:
+ - Add compatibility with ostree ≥ 2017.7 (in Debian, the same
+ changes were already in 0.8.7-2)
+ - Security: Do not allow legacy eavesdropping on the D-Bus
+ session bus (Closes: #880451)
+ - Ensure that LD_LIBRARY_PATH is in the correct order, respecting
+ extensions' priorities
+ - Ensure that extensions are mounted in the correct order even if
+ they have differing priorities, fixing Steam
+ - Remove PYTHONPATH, PERLLIB, PERL5LIB, XCURSOR_PATH from the
+ environment given to sandboxed apps
+ - Give each app a persistent cache directory for fontconfig
+ - Make /usr/share/icons available in the sandbox so that sandboxed
+ apps can use the host's icon theme
+ - Disable debug-level FUSE logging for the document portal
+ - Make the * wildcard at the end of a D-Bus filtering rule match
+ zero or more components, so --talk="com.example.Foo.*" behaves
+ the same as D-Bus' arg0namespace="com.example.Foo". Previously,
+ it would only match exactly one component. This matches a proposed
+ design for integrating equivalent filtering into future dbus
+ versions.
+ * d/p/0.8.8/: Drop patches that added compatibility with
+ ostree ≥ 2017.7, no longer necessary
+
+ -- Simon McVittie <smcv@debian.org> Tue, 31 Oct 2017 18:51:01 +0000
+
flatpak (0.8.7-2~deb9u1) stretch; urgency=medium
* Rebuild for stretch
diff -Nru flatpak-0.8.7/debian/patches/series flatpak-0.8.8/debian/patches/series
--- flatpak-0.8.7/debian/patches/series 2017-07-31 08:44:53.000000000 +0100
+++ flatpak-0.8.8/debian/patches/series 2017-10-31 18:51:01.000000000 +0000
@@ -1,5 +1 @@
-0.8.8/test-run-Allow-org.test.Setuid-to-install-as-long-as-it-s.patch
-0.8.8/common-Store-the-summary-signature-in-the-cache-too.patch
-0.8.8/install-Manually-save-summary-.sig-in-cache-repo.patch
-0.8.8/Manually-copy-summary-for-update-and-appdata-too.patch
0.9.1/Improve-and-simplify-profile-snippet.patch
diff -Nru flatpak-0.8.7/debian/watch flatpak-0.8.8/debian/watch
--- flatpak-0.8.7/debian/watch 2017-07-31 08:44:53.000000000 +0100
+++ flatpak-0.8.8/debian/watch 2017-10-31 18:51:01.000000000 +0000
@@ -1,2 +1,2 @@
version=4
-https://github.com/@PACKAGE@/@PACKAGE@/releases .*/@PACKAGE@-(\d+\.\d*[02468]\.\S*)@ARCHIVE_EXT@
+https://github.com/@PACKAGE@/@PACKAGE@/releases .*/@PACKAGE@-(0\.8\.\S*)@ARCHIVE_EXT@
diff -Nru flatpak-0.8.7/document-portal/xdp-dbus.c flatpak-0.8.8/document-portal/xdp-dbus.c
--- flatpak-0.8.7/document-portal/xdp-dbus.c 2017-06-20 14:24:38.000000000 +0100
+++ flatpak-0.8.8/document-portal/xdp-dbus.c 2017-10-30 17:34:16.000000000 +0000
@@ -1,5 +1,5 @@
/*
- * Generated by gdbus-codegen 2.53.2. DO NOT EDIT.
+ * Generated by gdbus-codegen 2.55.0. DO NOT EDIT.
*
* The license of this code is the same as for the source it was derived from.
*/
diff -Nru flatpak-0.8.7/document-portal/xdp-dbus.h flatpak-0.8.8/document-portal/xdp-dbus.h
--- flatpak-0.8.7/document-portal/xdp-dbus.h 2017-06-20 14:24:38.000000000 +0100
+++ flatpak-0.8.8/document-portal/xdp-dbus.h 2017-10-30 17:34:16.000000000 +0000
@@ -1,5 +1,5 @@
/*
- * Generated by gdbus-codegen 2.53.2. DO NOT EDIT.
+ * Generated by gdbus-codegen 2.55.0. DO NOT EDIT.
*
* The license of this code is the same as for the source it was derived from.
*/
diff -Nru flatpak-0.8.7/document-portal/xdp-fuse.c flatpak-0.8.8/document-portal/xdp-fuse.c
--- flatpak-0.8.7/document-portal/xdp-fuse.c 2017-06-20 14:17:13.000000000 +0100
+++ flatpak-0.8.8/document-portal/xdp-fuse.c 2017-10-30 17:27:01.000000000 +0000
@@ -2307,7 +2307,7 @@
gboolean
xdp_fuse_init (GError **error)
{
- char *argv[] = { "xdp-fuse", "-osplice_write,splice_move", "-d" };
+ char *argv[] = { "xdp-fuse", "-osplice_write,splice_move" };
struct fuse_args args = FUSE_ARGS_INIT (G_N_ELEMENTS (argv), argv);
struct stat st;
const char *path;
diff -Nru flatpak-0.8.7/lib/flatpak-version-macros.h flatpak-0.8.8/lib/flatpak-version-macros.h
--- flatpak-0.8.7/lib/flatpak-version-macros.h 2017-06-20 14:24:38.000000000 +0100
+++ flatpak-0.8.8/lib/flatpak-version-macros.h 2017-10-31 10:33:24.000000000 +0000
@@ -27,7 +27,7 @@
#define FLATPAK_MAJOR_VERSION (0)
#define FLATPAK_MINOR_VERSION (8)
-#define FLATPAK_MICRO_VERSION (7)
+#define FLATPAK_MICRO_VERSION (8)
#define FLATPAK_CHECK_VERSION(major,minor,micro) \
(FLATPAK_MAJOR_VERSION > (major) || \
diff -Nru flatpak-0.8.7/NEWS flatpak-0.8.8/NEWS
--- flatpak-0.8.7/NEWS 2017-06-20 14:23:42.000000000 +0100
+++ flatpak-0.8.8/NEWS 2017-10-30 17:48:26.000000000 +0000
@@ -1,3 +1,21 @@
+Major changes in 0.8.8
+======================
+
+This is a minor security update, as well as an update to match
+some sandbox behaviours that were added to the 0.10.0 release.
+
+Changes:
+ * SECURITY: Forbit old-style eavesdropping in the dbus proxy
+ * Expose icons from host in /run/host/share/icons
+ * Ensure fontconfig caches are per-sandbox
+ * Some problematic env vars are no longer inherited from the host
+ * The LD_LIBRARY_PATH order is now correct for extensions with
+ different priorities.
+ * Extensions are now mounted in the correct orders, even if they
+ have different priorities, fixing steam.
+ * Disable debug spew in the document portal fuse filesystem
+ * Now works current version of ostree
+
Major changes in 0.8.7
======================
Binary files flatpak-0.8.7/po/de.gmo and flatpak-0.8.8/po/de.gmo differ
Binary files flatpak-0.8.7/po/hu.gmo and flatpak-0.8.8/po/hu.gmo differ
Binary files flatpak-0.8.7/po/pl.gmo and flatpak-0.8.8/po/pl.gmo differ
Binary files flatpak-0.8.7/po/pt_BR.gmo and flatpak-0.8.8/po/pt_BR.gmo differ
Binary files flatpak-0.8.7/po/ru.gmo and flatpak-0.8.8/po/ru.gmo differ
Binary files flatpak-0.8.7/po/sk.gmo and flatpak-0.8.8/po/sk.gmo differ
Binary files flatpak-0.8.7/po/sv.gmo and flatpak-0.8.8/po/sv.gmo differ
Binary files flatpak-0.8.7/po/uk.gmo and flatpak-0.8.8/po/uk.gmo differ
diff -Nru flatpak-0.8.7/tests/package_version.txt flatpak-0.8.8/tests/package_version.txt
--- flatpak-0.8.7/tests/package_version.txt 2017-06-20 14:25:26.000000000 +0100
+++ flatpak-0.8.8/tests/package_version.txt 2017-10-31 10:33:33.000000000 +0000
@@ -1 +1 @@
-0.8.7
+0.8.8
--- End Message ---