Bug#993396: bullseye-pu: package flatpak/1.10.3-0+deb11u1

To: 993396@bugs.debian.org
Subject: Bug#993396: bullseye-pu: package flatpak/1.10.3-0+deb11u1
From: Simon McVittie <smcv@debian.org>
Date: Fri, 10 Sep 2021 18:00:12 +0100
Message-id: <[🔎] YTuPHNaazEnYTbDO@momentum.pseudorandom.co.uk>
Reply-to: Simon McVittie <smcv@debian.org>, 993396@bugs.debian.org
In-reply-to: <YS5+mc3gjvpQXoGZ@momentum.pseudorandom.co.uk>
References: <YS5+mc3gjvpQXoGZ@momentum.pseudorandom.co.uk> <YS5+mc3gjvpQXoGZ@momentum.pseudorandom.co.uk>

On Tue, 31 Aug 2021 at 20:10:17 +0100, Simon McVittie wrote:
>   [x] attach debdiff against the package in (old)stable
>       - It's a filtered git diff rather than a debdiff, but I upload with
>         dgit, so what's in git has to match what's uploaded. I did a diff
>         between patched trees, because the majority of the upstream code
>         changes were previously in debian/patches.

Sorry, I was sure I'd attached the diff but it must have got lost. See
attached.

    smcv

git diff patch-queue/debian/bullseye-r0..patch-queue/debian/bullseye |
filterdiff -p1 -xMakefile.in -xaclocal.m4 -xcompile -xconfig.guess \
 -xconfig.sub -xconfig.h.in -xconfigure -xdepcomp -x'*/Makefile.in' \
 -xinstall-sh -xltmain.sh -xm4/libtool.m4 -xmissing -x'po/*.pot' \
 -x'debian/patches/*.patch' -x'doc/reference/html/*' -x'po/*.po' \
 -xtest-driver

diff --git a/NEWS b/NEWS
index 06f6a2603..1a791f4a1 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,22 @@
+Changes in 1.10.3
+~~~~~~~~~~~~~~~~~
+Released: 2021-08-31
+
+This is a maintenance update with various bug fixes backported from 1.11.x.
+
+* Don't inherit an unusual $XDG_RUNTIME_DIR setting into the sandbox, fixing
+  a regression introduced when CVE-2021-21261 was fixed in 1.8.5 and 1.10.0
+* Fix various memory and file descriptor leaks, in particular with
+  flatpak-spawn --env=...
+* Fix fd confusion in flatpak-spawn --env=... --forward-fd=..., resolving a
+  regression introduced in 1.8.5 and 1.10.0
+* Fix deploys of local remotes in system-helper, possibly involving newer
+  GLib versions
+* Fix test failures on non-x86_64 systems
+* create-usb: Skip copying extra-data flatpaks
+* Improve test coverage on Debian derivatives by ensuring /sbin is in
+  tests' PATH
+
 Changes in 1.10.2
 ~~~~~~~~~~~~~~~~~
 Released: 2021-03-10
diff --git a/common/flatpak-run.c b/common/flatpak-run.c
index f48f402a9..81ead1e60 100644
--- a/common/flatpak-run.c
+++ b/common/flatpak-run.c
@@ -1525,6 +1525,10 @@ static const ExportData default_exports[] = {
   {"XDG_DATA_DIRS", "/app/share:/usr/share"},
   {"SHELL", "/bin/sh"},
   {"TMPDIR", NULL}, /* Unset TMPDIR as it may not exist in the sandbox */
+  /* We always use /run/user/UID, even if the user's XDG_RUNTIME_DIR
+   * outside the sandbox is somewhere else. Don't allow a different
+   * setting from outside the sandbox to overwrite this. */
+  {"XDG_RUNTIME_DIR", NULL},
 
   /* Some env vars are common enough and will affect the sandbox badly
      if set on the host. We clear these always. */
diff --git a/common/flatpak-version-macros.h b/common/flatpak-version-macros.h
index 2971afee0..210faa4c9 100644
--- a/common/flatpak-version-macros.h
+++ b/common/flatpak-version-macros.h
@@ -45,7 +45,7 @@
  *
  * The micro version.
  */
-#define FLATPAK_MICRO_VERSION (2)
+#define FLATPAK_MICRO_VERSION (3)
 
 /**
  * FLATPAK_CHECK_VERSION:
diff --git a/configure.ac b/configure.ac
index c879e472d..ad5d17d77 100644
--- a/configure.ac
+++ b/configure.ac
@@ -15,7 +15,7 @@ AC_PREREQ([2.63])
 
 m4_define([flatpak_major_version], [1])
 m4_define([flatpak_minor_version], [10])
-m4_define([flatpak_micro_version], [2])
+m4_define([flatpak_micro_version], [3])
 m4_define([flatpak_extra_version], [])
 m4_define([flatpak_interface_age], [0])
 m4_define([flatpak_binary_age],
diff --git a/debian/changelog b/debian/changelog
index 061ced8f9..8fc2067e1 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,16 @@
+flatpak (1.10.3-1) UNRELEASED; urgency=medium
+
+  * New upstream stable release
+    - Don't inherit an unusual $XDG_RUNTIME_DIR setting into the sandbox
+      (regression in 1.8.5 and 1.10.0)
+    - Improve unit test coverage
+    - Various other changes that were already in earlier releases to Debian
+  * Drop all patches, applied upstream
+  * d/gbp.conf, d/control: Branch for bullseye
+  * d/watch: Restrict to 1.10.x versions for bullseye
+
+ -- Simon McVittie <smcv@debian.org>  Thu, 26 Aug 2021 12:01:16 +0100
+
 flatpak (1.10.2-3) unstable; urgency=medium
 
   * d/patches: Align with upstream flatpak-1.10.x branch, making this
diff --git a/debian/control b/debian/control
index f60402586..c1e35889f 100644
--- a/debian/control
+++ b/debian/control
@@ -62,7 +62,7 @@ Build-Depends-Indep:
  libostree-doc,
 Standards-Version: 4.5.1
 Homepage: https://flatpak.org/
-Vcs-Git: https://salsa.debian.org/debian/flatpak.git
+Vcs-Git: https://salsa.debian.org/debian/flatpak.git -b debian/bullseye
 Vcs-Browser: https://salsa.debian.org/debian/flatpak
 Rules-Requires-Root: no
 
diff --git a/debian/gbp.conf b/debian/gbp.conf
index f331df1a9..dd1cde049 100644
--- a/debian/gbp.conf
+++ b/debian/gbp.conf
@@ -1,7 +1,7 @@
 [DEFAULT]
 pristine-tar = True
 compression = xz
-debian-branch = debian/unstable
+debian-branch = debian/bullseye
 upstream-branch = upstream/1.10.x
 patch-numbers = False
 upstream-vcs-tag = %(version)s
diff --git a/debian/patches/series b/debian/patches/series
deleted file mode 100644
index 0ab2b98a6..000000000
--- a/debian/patches/series
+++ /dev/null
@@ -1,7 +0,0 @@
-create-usb-Skip-copying-extra-data-flatpaks.patch
-Fix-several-memory-leaks.patch
-portal-Don-t-leak-fd-used-for-serialized-environment.patch
-portal-Use-a-GArray-to-store-fds.patch
-portal-Remap-env-fd-into-child-process-s-fd-space.patch
-tests-Remove-hard-coded-references-to-x86_64.patch
-system-helper-Fix-deploys-of-local-remotes.patch
diff --git a/debian/watch b/debian/watch
index 4eaffe935..6d55f4d35 100644
--- a/debian/watch
+++ b/debian/watch
@@ -1,2 +1,2 @@
 version=4
-https://github.com/@PACKAGE@/@PACKAGE@/releases .*/@PACKAGE@-(\d+\.\d*[02468]\.[\-+\.:\~\da-zA-Z]*)@ARCHIVE_EXT@
+https://github.com/@PACKAGE@/@PACKAGE@/releases .*/@PACKAGE@-(1\.10\.[\-+\.:\~\da-zA-Z]*)@ARCHIVE_EXT@
diff --git a/doc/reference/html/home.png b/doc/reference/html/home.png
index 9346b336a..3966a915c 100644
Binary files a/doc/reference/html/home.png and b/doc/reference/html/home.png differ
diff --git a/doc/reference/html/left-insensitive.png b/doc/reference/html/left-insensitive.png
index 3269393a7..2cd8c169c 100644
Binary files a/doc/reference/html/left-insensitive.png and b/doc/reference/html/left-insensitive.png differ
diff --git a/doc/reference/html/left.png b/doc/reference/html/left.png
index 2abde032b..1ca1664c6 100644
Binary files a/doc/reference/html/left.png and b/doc/reference/html/left.png differ
diff --git a/doc/reference/html/right-insensitive.png b/doc/reference/html/right-insensitive.png
index 4c95785b9..763208da8 100644
Binary files a/doc/reference/html/right-insensitive.png and b/doc/reference/html/right-insensitive.png differ
diff --git a/doc/reference/html/right.png b/doc/reference/html/right.png
index 76260ec88..eb90dd442 100644
Binary files a/doc/reference/html/right.png and b/doc/reference/html/right.png differ
diff --git a/doc/reference/html/up-insensitive.png b/doc/reference/html/up-insensitive.png
index f40498606..478700c9b 100644
Binary files a/doc/reference/html/up-insensitive.png and b/doc/reference/html/up-insensitive.png differ
diff --git a/doc/reference/html/up.png b/doc/reference/html/up.png
index 80b4b37e9..636d50ddb 100644
Binary files a/doc/reference/html/up.png and b/doc/reference/html/up.png differ
diff --git a/tests/libtest.sh b/tests/libtest.sh
index 2c020667d..1daac3331 100644
--- a/tests/libtest.sh
+++ b/tests/libtest.sh
@@ -105,6 +105,10 @@ export XDG_RUNTIME_DIR=${TEST_DATA_DIR}/runtime
 export XDG_DESKTOP_PORTAL_DIR=${test_builddir}/share/xdg-desktop-portal/portals
 export XDG_CURRENT_DESKTOP=test
 
+# On Debian derivatives, /usr/sbin and /sbin aren't in ordinary users'
+# PATHs, but ldconfig and capsh are kept in /sbin
+PATH="$PATH:/usr/sbin:/sbin"
+
 export USERDIR=${TEST_DATA_DIR}/home/share/flatpak
 export SYSTEMDIR=${TEST_DATA_DIR}/system
 export ARCH=`flatpak --default-arch`
diff --git a/tests/package_version.txt b/tests/package_version.txt
index 5ad2491cf..587c5f0c7 100644
--- a/tests/package_version.txt
+++ b/tests/package_version.txt
@@ -1 +1 @@
-1.10.2
+1.10.3
diff --git a/tests/test-run.sh b/tests/test-run.sh
index 3c344df19..b28cf7b66 100644
--- a/tests/test-run.sh
+++ b/tests/test-run.sh
@@ -24,7 +24,7 @@ set -euo pipefail
 skip_without_bwrap
 skip_revokefs_without_fuse
 
-echo "1..18"
+echo "1..19"
 
 # Use stable rather than master as the branch so we can test that the run
 # command automatically finds the branch correctly
@@ -74,6 +74,15 @@ assert_file_has_content hello_out '^Hello world, from a sandbox$'
 
 ok "hello"
 
+# XDG_RUNTIME_DIR is set to <temp directory>/runtime by libtest.sh,
+# so we always have the necessary setup to reproduce #4372
+assert_not_streq "$XDG_RUNTIME_DIR" "/run/user/$(id -u)"
+run_sh org.test.Platform 'echo $XDG_RUNTIME_DIR' > value-in-sandbox
+head value-in-sandbox >&2
+assert_file_has_content value-in-sandbox "^/run/user/$(id -u)\$"
+
+ok "XDG_RUNTIME_DIR=$XDG_RUNTIME_DIR not inherited"
+
 run_sh org.test.Platform cat /.flatpak-info >runtime-fpi
 assert_file_has_content runtime-fpi "[Runtime]"
 assert_file_has_content runtime-fpi "^runtime=runtime/org\.test\.Platform/$ARCH/stable$"

Reply to:

Follow-Ups:
- Bug#993396: bullseye-pu: package flatpak/1.10.3-0+deb11u1
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

Prev by Date: Re: 11.1 and 10.11 planning
Next by Date: Bug#994064: bullseye-pu: package python-eventlet/0.26.1-7
Previous by thread: Processed: nvidia-cuda-toolkit 9.2.148-7+deb10u1 flagged for acceptance
Next by thread: Bug#993396: bullseye-pu: package flatpak/1.10.3-0+deb11u1
Index(es):
- Date
- Thread