flatpak (1.2.5-0+deb10u4) buster-security; urgency=high * Add patches from upstream 1.10.2 release to fix a sandbox escape via special tokens in .desktop files (flatpak#4146, Closes: #984859) -- Simon McVittie Wed, 10 Mar 2021 11:13:59 +0000 flatpak (1.2.5-0+deb10u3) buster-security; urgency=medium * Fix regressions in DSA 4830-1 - Add patch from upstream to fix a regression in 'flatpak build'. The patches to resolve CVE-2021-21261 caused a regression in which 'flatpak build' wouldn't set the LD_LIBRARY_PATH that it should. (Closes: #980323) - Add a patch from upstream to fix possible regressions in extra-data. The extra-data mechanism, used to download large or proprietary components out-of-band, could suffer from a regression similar to #980323 if the app or runtime's apply_extra entry point relies on LD_LIBRARY_PATH. * Add CVE-2021-21261 reference to previous changelog entry -- Simon McVittie Thu, 21 Jan 2021 13:57:39 +0000 flatpak (1.2.5-0+deb10u2) buster-security; urgency=medium * Add patches for sandbox escape vulnerability GHSA-4ppf-fxf6-vxg2 (CVE-2021-21261) -- Simon McVittie Tue, 12 Jan 2021 16:23:32 +0000 flatpak (1.2.5-0+deb10u1) buster; urgency=medium * New upstream stable release - Allow runtimes (not just apps) to use extra_data, which is required by the new org.freedesktop.Platform.openh264 extension - Support apps that specify several required Flatpak versions, such as 1.4.2;1.2.5; for runtimes that require the above feature - Backport some crash bug fixes from 1.4.x - Fix installation of bundles - Set looser permissions on the /run/host/monitor directory, to work better with tools like Fedora Toolbox on the host system - Do not wrongly remove extensions as "unused" if they are referenced by the 'versions' extension key rather than by 'version' * d/gbp.conf: Use debian/buster packaging branch * d/watch: Only look for 1.2.x releases -- Simon McVittie Mon, 23 Sep 2019 08:44:18 +0100 flatpak (1.2.4-1) unstable; urgency=medium * New upstream stable release - Canonicalize XDG_RUNTIME_DIR if it's a symlink - Support device nodes for multiple Nvidia graphics cards if the proprietary driver is used - Fix a crash when certain errors occur while updating apps - Fix "flatpak list --arch" - Make "Installing %d/%d..." translatable * d/p/run-Only-compare-the-lowest-32-ioctl-arg-bits-for-TIOCSTI.patch: Drop patch, applied upstream -- Simon McVittie Wed, 27 Mar 2019 20:47:33 +0000 flatpak (1.2.3-2) unstable; urgency=high * seccomp: Reject all ioctls that the kernel will interpret as TIOCSTI, including those where the high 32 bits in a 64-bit word are nonzero. (Closes: #925541, CVE-2019-10063) -- Simon McVittie Tue, 26 Mar 2019 20:38:36 +0000 flatpak (1.2.3-1) unstable; urgency=high * New upstream stable release - Security update: do not let the apply_extra script for a system installation modify the host-side executable via /proc/self/exe, similar to CVE-2019-5736 in runc (Closes: #922059; CVE-2019-8308) -- Simon McVittie Mon, 11 Feb 2019 16:17:09 +0000 flatpak (1.2.2-1) unstable; urgency=medium * New upstream stable release -- Simon McVittie Wed, 06 Feb 2019 11:03:38 +0000 flatpak (1.2.1-1) unstable; urgency=medium * New upstream stable release - Drop most patches, applied upstream -- Simon McVittie Tue, 05 Feb 2019 15:42:35 +0000 flatpak (1.2.0-1) unstable; urgency=medium * New upstream stable release branch - Drop most patches, applied upstream - B-D on libgdk-pixbuf2.0-dev for icon validator - Install new flatpak-validate-icon tool * d/p/build-export-Allow-sandboxing-on-icon-validator-to-be-dis.patch, d/p/make-test-Don-t-sandbox-the-icon-validator.patch: Disable sandboxing on icon validator during build-time tests. We can't rely on bwrap working in a buildd environment. * Merge debian/experimental branch into debian/master - Use upstream/1.2.x branch to import future releases - d/watch: Only watch for 1.even.x releases * d/upstream/metadata: Add DEP-12 metadata * Release to unstable -- Simon McVittie Mon, 28 Jan 2019 14:07:47 +0000 flatpak (1.0.6-2) unstable; urgency=medium * Use external xdg-dbus-proxy now that it has passed NEW * Standards-Version: 4.3.0 (no changes required) -- Simon McVittie Tue, 15 Jan 2019 09:44:11 +0000 flatpak (1.1.3-2) experimental; urgency=medium * d/p/Install-environment-generator-as-an-executable-file.patch, d/p/profile-Don-t-rely-on-bash-syntax.patch: Mark patches as applied upstream * d/p/testcommon-An-i386-Flatpak-doesn-t-support-x86_64-apps.patch: Add patch to fix build-time test failure on i386 * d/p/docs-Clarify-that-command-is-only-for-run.patch, d/p/app-Support-DeployCollectionID-in-flatpakrepo.patch, d/p/uninstall-Deal-with-empty-installations.patch, d/p/Fix-xml-syntax-in-org.freedesktop.portal.Flatpak.xml.patch: Add additional bugfix patches from upstream -- Simon McVittie Wed, 16 Jan 2019 08:14:38 +0000 flatpak (1.1.3-1) experimental; urgency=medium * New upstream release - Add B-D on libdconf-dev - d/copyright: Update - d/flatpak.install: Adjust installed paths for profile/environment snippets - d/libflatpak0.symbols: Update * Use external xdg-dbus-proxy now that it has passed NEW * d/flatpak.install: Canonicalize order * d/p/Install-environment-generator-as-an-executable-file.patch: Install the environment generator as an executable script * d/rules, d/test.sh: Use a temporary HOME and XDG_RUNTIME_DIR to run tests * d/p/profile-Don-t-rely-on-bash-syntax.patch: Make the profile.d snippet (which we also use in /etc/X11/Xsession.d) POSIX shell compatible -- Simon McVittie Tue, 15 Jan 2019 22:09:50 +0000 flatpak (1.1.2-1) experimental; urgency=medium * New upstream release - Drop most patches, applied upstream * Standards-Version: 4.3.0 (no changes required) * Fix Vcs-Git branch in d/control -- Simon McVittie Thu, 03 Jan 2019 12:52:43 +0000 flatpak (1.1.1-1) experimental; urgency=medium * New upstream release - Drop most patches, applied upstream - d/control: Build-depend on libpolkit-agent-1-dev - d/copyright: Update - d/libflatpak0.symbols: Update * Add post-release bug fixes from upstream * d/p/testlibrary-Don-t-leak-source-IDs.patch: Add proposed patch to fix installed-test failure * Fix a typo in previous changelog entry: the patches were to make tests pass on *non*-x86_64 machines * Move to debhelper compat level 11 - Build-depend on debhelper-compat (= 11) virtual package instead of using d/compat * Don't start system helper on installation, only on-demand * Install dbus-daemon policy defaults in /usr/share/dbus-1/system.d (supported by Debian's dbus-daemon since stretch), not in /etc/dbus-1/system.d - d/flatpak.maintscript: Remove obsolete conffile if unmodified * d/flatpak.postrm: Only remove /var/lib/flatpak if it exists -- Simon McVittie Wed, 12 Dec 2018 18:15:08 +0000 flatpak (1.1.0-2) experimental; urgency=medium * Add proposed patches to make tests pass on non-x86_64 (Closes: #914988) -- Simon McVittie Thu, 29 Nov 2018 12:19:56 +0000 flatpak (1.1.0-1) experimental; urgency=medium * Revert 'd/watch: Only watch for stable-branch versions' * New upstream development release - Update ostree dependency version - Build-depend on libsystemd, for Journal logging of Flatpak operations (having systemd or the Journal continues to be optional at runtime) - d/libflatpak0.symbols: Update - Add installed-test dependency on gettext * d/patches: Add some cherry-picks from upstream * d/patches: test-override: Skip tests that need bwrap if necessary * d/patches: Fix a typo that broke installed-tests * d/gbp.conf: Use debian/experimental branch -- Simon McVittie Mon, 19 Nov 2018 16:21:34 +0000 flatpak (1.0.6-1) unstable; urgency=medium * d/watch: Only watch for stable-branch versions * New upstream release - Avoid apply_extra scripts being able to create non-canonical permissions such as setuid -- Simon McVittie Fri, 16 Nov 2018 14:29:51 +0000 flatpak (1.0.5-1) unstable; urgency=medium * New upstream release * d/tests/control: Mark build test as superficial (see #904979) -- Simon McVittie Mon, 12 Nov 2018 15:44:45 +0000 flatpak (1.0.4-1) unstable; urgency=medium * New upstream release -- Simon McVittie Fri, 12 Oct 2018 11:53:03 +0100 flatpak (1.0.3-1) unstable; urgency=medium [ Ondřej Nový ] * d/tests: Use AUTOPKGTEST_TMP instead of ADTTMP [ Simon McVittie ] * New upstream release * d/p/debian/patches/test-webserver-Fix-race-condition.patch: Drop patch, applied upstream * Install upstream NEWS and README.md into flatpak and libflatpak-doc * d/libflatpak0.symbols: Update * d/flatpak-tests.lintian-overrides: Silence some package-contains-documentation-outside-usr-share-doc false positives -- Simon McVittie Thu, 04 Oct 2018 15:40:00 +0100 flatpak (1.0.2-1) unstable; urgency=medium * New upstream release * d/p/debian/patches/test-webserver-Fix-race-condition.patch: Mark as forwarded * d/libflatpak0.symbols: Update -- Simon McVittie Sat, 15 Sep 2018 11:41:26 +0100 flatpak (1.0.1-1) unstable; urgency=medium * New upstream release - Drop most patches, applied upstream * d/p/test-webserver-Fix-race-condition.patch: Fix a race condition in test setup -- Simon McVittie Tue, 28 Aug 2018 16:28:09 +0100 flatpak (1.0.0-2) unstable; urgency=medium * d/p/build-Install-httpcache-if-installed-tests-are-enabled.patch, d/p/tests-Look-for-httpcache-in-test_builddir-not-PATH.patch, d/p/Make-test-scripts-bilingual-Python-2-Python-3.patch, d/p/test-webserver-Be-more-verbose-about-what-we-re-doing.patch, d/p/tests-Remove-vestigial-support-for-putting-Python-2-in-a-.patch: Mark as applied upstream * d/patches: Update to upstream commit 1.0.0-38-ge9d9f54a - Fix OCI summary generation on 32-bit architectures - Fix a hang that can occur while testing OCI - Documentation and GObject-Introspection fixes - Translation updates - Add `flatpak ps` - Be more backportable * d/tests/gnome-desktop-testing: Enable full test coverage on machines where the login name is "user" and the hostname is "host" * d/tests: Mark OCI tests as flaky for now, since hangs do not appear to have been completely addressed * Standards-Version: 4.2.1 -- Simon McVittie Tue, 28 Aug 2018 11:50:22 +0100 flatpak (1.0.0-1) unstable; urgency=medium * New upstream stable release * (Build-)Depend on ostree 2018.7 * flatpak Recommends p11-kit, for p11-kit-server * d/p/build-Install-httpcache-if-installed-tests-are-enabled.patch, d/p/tests-Look-for-httpcache-in-test_builddir-not-PATH.patch: Add patches to fix installed-tests * d/p/Make-test-scripts-bilingual-Python-2-Python-3.patch, d/p/test-webserver-Be-more-verbose-about-what-we-re-doing.patch: Add patch to make test scripts equally valid in Python 3 * d/p/tests-Remove-vestigial-support-for-putting-Python-2-in-a-.patch: Remove support for including Python 2 in a runtime, which is only used in flatpak-builder * d/p/debian/Use-Python-3-for-test-web-server.patch: Expand to cover more test code * Standards-Version: 4.2.0 -- Simon McVittie Mon, 20 Aug 2018 21:29:02 +0100 flatpak (0.99.3-1) unstable; urgency=medium * New upstream release - Drop patch from previous version, applied upstream - Update symbols file -- Simon McVittie Tue, 10 Jul 2018 21:37:09 +0100 flatpak (0.99.2-3) unstable; urgency=medium * Standards-Version: 4.1.5 (no changes required) * Put helper binaries in /usr/libexec as allowed by FHS 3.0 * d/p/Fix-error-handling-while-deploying-AppStream.patch: Add a patch fixing error handling in system helper -- Simon McVittie Sat, 07 Jul 2018 12:54:42 +0100 flatpak (0.99.2-2) unstable; urgency=medium * Version the ostree command-line tool dependency for the tests. For the stretch backport, the ostree in stretch is not enough: we need the one from stretch-backports. -- Simon McVittie Sun, 01 Jul 2018 22:34:02 +0100 flatpak (0.99.2-1) unstable; urgency=medium * New upstream release -- Simon McVittie Thu, 28 Jun 2018 18:04:44 +0100 flatpak (0.99.1-1) unstable; urgency=medium * New upstream release - Update symbols file for new ABI - Bump ostree dependencies to 2018.6 - flatpak Suggests avahi-daemon for peer-to-peer app sharing - Install new flatpak-coredumpctl script as an example -- Simon McVittie Fri, 22 Jun 2018 22:12:01 +0100 flatpak (0.11.8.3-1) unstable; urgency=medium * New upstream release -- Simon McVittie Wed, 13 Jun 2018 13:04:12 +0100 flatpak (0.11.8.2-1) unstable; urgency=medium * New upstream release * Drop the patches added in 0.11.8-1, which were merged upstream -- Simon McVittie Mon, 11 Jun 2018 14:07:13 +0100 flatpak (0.11.8.1-1) unstable; urgency=medium * New upstream release, fixing a regression in D-Bus filtering * Remove --disable-document-portal, no longer necessary since 0.11.0 -- Simon McVittie Fri, 08 Jun 2018 18:14:02 +0100 flatpak (0.11.8-1) unstable; urgency=medium * New upstream release - Install zsh completion functions - d/copyright: Update - d/control: Update bubblewrap and ostree dependencies - d/control: Depend on python3 for build-time tests - Update symbols file for new ABI * d/test.sh: Output test logs in the build log, even on success * d/p/testlibrary-Let-the-test-web-server-s-stderr-go-to-the-te.patch, d/p/testlibrary-Correct-a-wrong-string-in-a-debug-message.patch, d/p/test-webserver-Print-http-server-output.patch: Add patches to improve test diagnostics * d/p/test-webserver.sh-Wait-longer-for-web-server-to-start.patch: Add patch to allow up to 30 seconds for the web server to start * d/p/debian/Use-Python-3-for-test-web-server.patch: Rebase -- Simon McVittie Thu, 07 Jun 2018 22:43:06 +0100 flatpak (0.11.7-1) unstable; urgency=medium * New upstream release -- Simon McVittie Thu, 03 May 2018 13:55:51 +0100 flatpak (0.11.6-1) unstable; urgency=medium * New upstream release * Drop patches added in previous version, both merged upstream -- Simon McVittie Wed, 02 May 2018 18:33:05 +0100 flatpak (0.11.5-1) unstable; urgency=medium * New upstream release * d/p/make-test-runtime-Look-in-usr-sbin-for-ldconfig.patch: Use an upstreamable patch to detect /sbin/ldconfig in tests, instead of working around lack of /sbin in PATH in Debian test scripts * d/p/parse-datetime-Build-YACC-parser-from-source.patch: Force parse-datetime.c to be build from source using bison -- Simon McVittie Mon, 30 Apr 2018 15:27:33 +0100 flatpak (0.11.4-1) unstable; urgency=medium * New upstream release - Drop patches that were applied upstream - d/copyright: Update - Build-depend on bison - Add new flatpak-portal to flatpak.deb - Update symbols file for new ABI * Standards-Version: 4.1.4 (no changes required) -- Simon McVittie Thu, 26 Apr 2018 20:06:07 +0100 flatpak (0.11.3-3) unstable; urgency=medium * Add Recommends: policykit-1. This is required when installing apps and runtimes system-wide, which is the default for the CLI, but is not required when installing into your own home directory with "flatpak --user install...". (Closes: #892583) -- Simon McVittie Sun, 11 Mar 2018 16:00:02 +0000 flatpak (0.11.3-2) unstable; urgency=medium * Merge from experimental to unstable * d/p/Update-*-translation.patch: Update Czech and Indonesian translations from upstream * d/p/Fix-assertion-when-no-gsettings-schema-installed.patch: Add patch from upstream fixing an assertion failure if no GSettings schemas are installed -- Simon McVittie Thu, 01 Mar 2018 09:21:46 +0000 flatpak (0.11.3-1) experimental; urgency=medium * New upstream release - d/p/Remove-unused-FUSE-build-dependency.patch: Drop, applied upstream -- Simon McVittie Mon, 19 Feb 2018 15:18:05 +0000 flatpak (0.11.1-1) experimental; urgency=medium * d/gbp.conf: Target experimental * d/watch: Track development versions * New upstream development release * d/p/Only-require-FUSE-if-we-re-still-building-the-document-po.patch: Drop, not applicable to 0.11.x * d/p/Remove-unused-FUSE-build-dependency.patch: Remove unnecessary check for FUSE * Build-depend on gnupg, needed to run tests -- Simon McVittie Thu, 15 Feb 2018 09:26:09 +0000 flatpak (0.10.4-1) unstable; urgency=medium * New upstream release * Don't install documents portal or permission store. Depend on xdg-desktop-portal (>= 0.10) instead: they have moved there. * d/p/Only-require-FUSE-if-we-re-still-building-the-document-po.patch: Don't depend on FUSE at build-time -- Simon McVittie Wed, 14 Feb 2018 17:44:47 +0000 flatpak (0.10.3-1) unstable; urgency=medium * New upstream bugfix release - Fixes a D-Bus filtering bypass in flatpak-dbus-proxy (Closes: #888842) -- Simon McVittie Tue, 30 Jan 2018 14:38:24 +0000 flatpak (0.10.2.1-2) unstable; urgency=medium * Move Vcs-* to salsa.debian.org * Standards-Version: 4.1.3 (no changes required) * d/control, d/tests/control, d/p/debian/Use-Python-3-for-test-web-server.patch: Use Python 3 for tests -- Simon McVittie Wed, 17 Jan 2018 20:55:34 +0000 flatpak (0.10.2.1-1) unstable; urgency=medium * New upstream release -- Simon McVittie Thu, 21 Dec 2017 14:00:52 +0000 flatpak (0.10.2-1) unstable; urgency=medium * New upstream release - d/control: Be specific about the appstream-glib dependency, which is newer than oldstable - d/control: Update build-dependency on ostree to 2017.14 * Standards-Version: 4.1.2 (no changes required) -- Simon McVittie Fri, 15 Dec 2017 15:26:30 +0000 flatpak (0.10.1-1) unstable; urgency=medium * New upstream release - d/copyright: Update - d/control: Add build-dependency on appstream-glib * d/autogen.sh: Run gtkdocize --copy. Plain gtkdocize replaces gtk-doc.make with a symlink, which dh_autoreconf_clean won't remove, breaking the ability to build twice in a row from the same directory. (See #881915) -- Simon McVittie Mon, 27 Nov 2017 09:21:56 +0000 flatpak (0.10.0-2) unstable; urgency=medium * Version the dh-exec build-dependency to (>= 0.23~). The version in oldstable doesn't support build profiles. Strictly speaking 0.15 might be enough, but I'm not going to test with anything older than oldstable-backports. * d/tests/gnome-desktop-testing: Clear proxy-related environment variables, as was previously done for ostree. These are set on Ubuntu's infrastructure to allow accessing the Internet (which we don't need), at the cost of breaking access to 127.0.0.1 (which we do need) for anything that doesn't respect $no_proxy (in particular libostree). (Closes: #880043) * d/control: Set Rules-Requires-Root to no - d/control: Build-depend on gobject-introspection 1.54.1-2 for a fixed dh_girepository to make this work (#880095) -- Simon McVittie Sun, 05 Nov 2017 14:06:00 +0000 flatpak (0.10.0-1) unstable; urgency=medium * d/watch: Track stable-branches (x.y.z where y is even), and fix to cope with multi-digit minor versions * New upstream stable release - Update symbols file * Disable gtk-doc if we are not going to build libflatpak-doc, in particular for architecture-specific builds. Note that it remains in Build-Depends (not Build-Depends-Indep) because it is also needed for gtkdocize during dh_autoreconf. * Do not force --disable-silent-rules, debhelper does this now * Install gtk-doc documentation to the standard /usr/share/gtk-doc, with a symbolic link in /usr/share/doc, instead of the other way round. The gtk-doc documentation is functionally significant (it affects cross-reference generation during build of other packages) so according to Policy §12.3 it is not appropriate for /usr/share/doc. - Install dpkg-maintscript-helper fragments for this migration * Disable documentation generation under nodoc DEB_BUILD_OPTIONS * Disable libflatpak-doc under nodoc build profile * Don't run build-time tests if building only Arch: all packages -- Simon McVittie Thu, 26 Oct 2017 12:35:52 +0100 flatpak (0.9.99-1) unstable; urgency=medium * New upstream release - Update symbols file for new ABI - Increase libostree dependency to 2017.12 * d/tests/gnome-desktop-testing: Treat debci as a test-specific user * Ensure that /sbin/ldconfig is in tests' PATH * Standards-Version: 4.1.1 (no changes required) -- Simon McVittie Mon, 09 Oct 2017 14:17:06 +0100 flatpak (0.9.98.2-1) unstable; urgency=medium * New upstream release - Drop patch, applied upstream -- Simon McVittie Wed, 27 Sep 2017 11:51:44 +0100 flatpak (0.9.98-1) unstable; urgency=medium * New upstream release - Increase libostree dependency to 2017.11 * Add a patch to skip build-time tests if a simple bwrap invocation cannot create all the new namespaces that Flatpak would (Closes: #876743) -- Simon McVittie Tue, 26 Sep 2017 09:30:48 +0100 flatpak (0.9.12-2) unstable; urgency=medium * Merge experimental branch to unstable - src:flatpak no longer has a bundled copy of flatpak-builder, which is now produced by the new src:flatpak-builder * Release to unstable -- Simon McVittie Fri, 22 Sep 2017 19:06:01 +0100 flatpak (0.9.12-1) experimental; urgency=medium * New upstream release -- Simon McVittie Thu, 14 Sep 2017 11:59:58 +0100 flatpak (0.9.12~builder0.9.11-1) unstable; urgency=medium * New upstream release * d/watch: Append ~builderFIXME to the output filenames. They will still need renaming manually to insert the right flatpak-builder version before importing. * d/gbp.conf: Make sure we import the builder tarball on this branch -- Simon McVittie Thu, 14 Sep 2017 12:06:02 +0100 flatpak (0.9.11-1) experimental; urgency=medium * New upstream release * Standards-Version: 4.1.0 (no changes required) -- Simon McVittie Wed, 13 Sep 2017 21:04:20 +0100 flatpak (0.9.11~builder0.9.11-1) unstable; urgency=medium * Switch git branch for upstream imports to upstream/with-builder * New upstream releases - Drop patch to flatpak-builder -- Simon McVittie Wed, 13 Sep 2017 22:02:55 +0100 flatpak (0.9.10-1) experimental; urgency=medium * New upstream release, fixing a regression in the D-Bus proxy * d/upstream/signing-key.asc: Remove; upstream no longer signs released tarballs (and hasn't for a while) -- Simon McVittie Mon, 04 Sep 2017 10:30:31 +0100 flatpak (0.9.10~builder0.9.9-1) unstable; urgency=medium * New upstream release - Drop patches, applied upstream - Update symbols file * Temporarily re-bundle flatpak-builder (which was separated out upstream) while waiting for the new flatpak-builder source package to get through the NEW queue - Run most build steps twice - Add a horrible script to PATH to build against the just-built flatpak - Add patch from upstream to fix FTBFS on non-x86 non-ARM architectures - debian/gbp.conf: Don't merge upstream tags while we bundle flatpak and flatpak-builder - d/copyright: Clarify GPL-2+ status of one source file in flatpak-builder, which means the binary is effectively GPL-2+ -- Simon McVittie Tue, 12 Sep 2017 10:05:10 +0100 flatpak (0.9.9-1) experimental; urgency=medium * New upstream release, without flatpak-builder included - Drop patches, applied upstream - Drop all flatpak-builder packaging - Update symbols file -- Simon McVittie Fri, 01 Sep 2017 17:23:35 +0100 flatpak (0.9.8-2) unstable; urgency=medium * Switch git branch for unstable * d/upstream/signing-key.asc: Remove; upstream no longer signs released tarballs (and hasn't for a while) * Standards-Version: 4.1.0 (no changes required) * Release to unstable -- Simon McVittie Mon, 11 Sep 2017 16:12:27 +0100 flatpak (0.9.8-1) experimental; urgency=medium * New upstream release - d/control: Bump libostree dependency - Do not enable experimental P2P feature for now, it needs experimental libostree APIs enabled first - Drop patches, applied upstream - Update symbols file * Add patch from upstream to fix a regression that broke --devel * Add patch already merged upstream to improve test diagnostics (see #870312) * Move flatpak-manifest(5) from flatpak to flatpak-builder. Manifest files are not part of core Flatpak, and are only used by flatpak-builder. * Install flatpak-bisect as an example in flatpak, not as a public entry point in flatpak-builder. It will not be in flatpak-builder after the projects are separated upstream, and does not seem important enough to justify a python3 dependency in flatpak or a separate binary package. - Do not use dh-python * Use dh_missing instead of deprecated dh_install --fail-missing * Merge packaging from unstable - d/rules, d/autogen.sh: Run gtkdocize as well as autoreconf (similar to upstream's autogen.sh but much simpler), replacing gtk-doc.make at build time with the one in Debian's gtk-doc-tools - Standards-Version: 4.0.1 (no changes required) * Add patches to improve test coverage by not skipping most tests when running on tmpfs -- Simon McVittie Thu, 31 Aug 2017 15:26:32 +0100 flatpak (0.8.7-5) unstable; urgency=medium * d/p/tests-Isolate-tests-from-real-home-directory-more-thoroug.patch: Mark as upstreamed for 0.9.8, and move to d/p/0.9.8/ directory * d/p/Improve-test-diagnostics.patch: Add patch to improve test diagnostics (see #870312) * Standards-Version: 4.0.1 (no changes required) * d/p/testlibrary-Skip-tests-that-need-extended-attributes-if-n.patch: Add patch to skip tests that need extended attributes if /var/tmp does not support them (Closes: #870312) -- Simon McVittie Thu, 31 Aug 2017 11:33:05 +0100 flatpak (0.8.7-4) unstable; urgency=medium * d/rules, d/autogen.sh: Run gtkdocize as well as autoreconf (similar to upstream's autogen.sh but much simpler), replacing gtk-doc.make at build time with the one in Debian's gtk-doc-tools -- Simon McVittie Tue, 18 Jul 2017 23:12:52 +0100 flatpak (0.8.7-3) unstable; urgency=medium * d/patches/: Add patch backported from 0.9.4, and new patch sent upstream to PR #894, to avoid using the real home directory in tests * d/control: Add libglib2.0-doc, libostree-doc to Build-Depends-Indep so that libflatpak-doc can cross-reference those documentation packages * debian/test.sh: Do not ignore build-time tests' exit status * d/rules: Do not run build-time tests with DEB_BUILD_OPTIONS=nocheck * d/control: Do not build-depend on gnome-desktop-testing. It is only used for the installed-tests. * d/control: Annotate test-only build-dependencies with * Standards-Version: 4.0.0 - Use https URL for format of debian/copyright -- Simon McVittie Tue, 04 Jul 2017 11:59:37 +0100 flatpak (0.8.7-2) unstable; urgency=medium * Move upstreamed patch to debian/patches/0.9.1/ to make it obvious when it can be dropped * d/p/0.8.8/: add patches backported from upstream 0.9.4, 0.9.6, together with a new patch to the tests, to restore compatibility with libostree 2017.7 (all applied upstream already) -- Simon McVittie Wed, 28 Jun 2017 11:55:18 +0100 flatpak (0.8.7-1) unstable; urgency=high * New upstream stable release - Security: prevent deploying files with inappropriate permissions (world-writable, setuid, etc.) (Closes: #865413) - Security: make ~/.local/share/flatpak private to user to defend against app vendors that might have released files with inappropriate permissions in the past - If an error occurs during pull, do not double-set an error, which is considered to be invalid - Increase some arbitrary timeouts in a test to make it more reliable -- Simon McVittie Wed, 21 Jun 2017 09:50:09 +0100 flatpak (0.8.6-1) unstable; urgency=medium * New upstream release - Fix the return value type for filtered NameHasOwner() D-Bus calls (upstream issue 817) - Security hardening: Only export .desktop files, D-Bus session services and icons, but not other files that an app might try to export - Allow remote repositories to specify a new GPG key (for key rollover) or a new URL (for location migration) in their signed metadata - Let KDE apps bind-mount ~/.config/kdeglobals into the sandbox: + Allow bind-mounting regular files in the XDG cache, config or data directories, not just directories + Allow bind-mounting files in the XDG directories read-only, not just read/write - Close a race condition in app identification by portals - Cope with a non-default WAYLAND_DISPLAY - Cope with /tmp on the host being a symlink - Clear TMPDIR in the sandbox, fixing sandboxed Spotify - Add X-Flatpak=$app_id to exported .desktop files so that the desktop environment can identify what will be launched - Make the host's /etc/hosts and /etc/host.conf available in the sandbox, fixing sandboxed Spotify - Update Hungarian translation -- Simon McVittie Mon, 05 Jun 2017 21:30:06 +0100 flatpak (0.8.5-2) unstable; urgency=medium * flatpak Recommends xdg-desktop-portal-gtk | xdg-desktop-portal-backend, so that sandboxed apps can communicate with the outside world (Closes: #861068) -- Simon McVittie Mon, 24 Apr 2017 12:59:09 +0100 flatpak (0.9.7-1) experimental; urgency=medium * New upstream release * d/control: Add libglib2.0-doc, libostree-doc to Build-Depends-Indep so that libflatpak-doc can cross-reference those documentation packages * debian/test.sh: Do not ignore build-time tests' exit status * d/rules: Do not run build-time tests with DEB_BUILD_OPTIONS=nocheck * d/control: Do not build-depend on gnome-desktop-testing. It is only used for the installed-tests. * d/control: Annotate test-only build-dependencies with * d/patches/: Add a patch to isolate tests from $HOME more thoroughly -- Simon McVittie Tue, 04 Jul 2017 11:54:36 +0100 flatpak (0.9.6-1) experimental; urgency=high * New upstream release - Security: prevent deploying files with inappropriate permissions (world-writable, setuid, etc.) (Closes: #865413) - Security: make ~/.local/share/flatpak private to user to defend against app vendors that might have released files with inappropriate permissions in the past - Bump libostree build-dependency to 2017.7 - d/p/testlibrary-Call-g_assert_no_error-first.patch: Drop, applied upstream * Standards-Version: 4.0.0 - Use https URL for format of debian/copyright -- Simon McVittie Wed, 21 Jun 2017 15:09:59 +0100 flatpak (0.9.5-1) experimental; urgency=medium * New upstream release * d/p/installed-tests-Install-test-keyring2-to-the-right-place.patch: Drop patch, superseded by an equivalent upstream change * d/p/testlibrary-Call-g_assert_no_error-first.patch: Mark as applied upstream -- Simon McVittie Sun, 18 Jun 2017 21:22:01 +0100 flatpak (0.9.4-1) experimental; urgency=medium * New upstream release - Add new API to symbols file - Build-depend on libxml2-dev - Increase required libostree and bubblewrap versions * d/p/installed-tests-Install-test-keyring2-to-the-right-place.patch: Fix failure to install data for installed-tests * d/p/testlibrary-Call-g_assert_no_error-first.patch: Improve diagnostics on failing tests -- Simon McVittie Thu, 25 May 2017 09:57:27 +0100 flatpak (0.9.3-1) experimental; urgency=medium * New upstream release - Install new man pages -- Simon McVittie Fri, 28 Apr 2017 18:17:12 +0100 flatpak (0.9.2-1) experimental; urgency=medium * New upstream release - Drop all patches, applied upstream * flatpak-builder: Depend on ostree, for rofiles-fuse (Closes: #859884) -- Simon McVittie Mon, 10 Apr 2017 09:31:59 +0100 flatpak (0.9.1+git20170403.1-2) experimental; urgency=medium * Build with large file support, fixing FTBFS on 32-bit architectures when gpgme detects a mismatch * Correct some format strings on 32-bit architectures -- Simon McVittie Tue, 04 Apr 2017 00:04:39 +0100 flatpak (0.9.1+git20170403.1-1) experimental; urgency=medium * New upstream snapshot, to merge the same fixes that are in 0.8.5 - Build-depend on libgpgme-dev - Update d/copyright - Don't (build-)depend on ostree-tests any more, ostree trivial-httpd is no longer required for the tests - Install a new man page -- Simon McVittie Mon, 03 Apr 2017 21:04:25 +0100 flatpak (0.8.5-1) unstable; urgency=medium * New upstream bugfix release * Upstream security fixes: - dbus-proxy: Fix a use-after-free (no specific exploit is known) and several memory leaks - system-helper: Correct the check that was meant to prevent unprivileged users from downgrading system-wide-installed apps - Do not allow downgrading apps to validly-signed older versions unless a specific older version is requested, so that a man-in-the-middle cannot cause a downgrade to an older app version with a vulnerability * Other upstream fixes: - Increase GLib build-dependency to 2.44 (in practice this was already required, there is a patch in jessie-backports to relax this) - Collect system extension references from all system directories, not just the first that exists (upstream issue 654) - Stop using ostree trivial-httpd, which is not available in post-stretch ostree (upstream issues 658, 723) - Be build-time compatible with post-stretch ostree (upstream issue 756) - Strip ?query suffix before detecting whether a URI points to a .flatpakref or .flatpakrepo file (upstream issue 659) - Fix a typo in help output * d/tests/control: most tests now require python, for the ostree-trivial-httpd replacement -- Simon McVittie Mon, 03 Apr 2017 16:35:44 +0100 flatpak (0.9.1-1) experimental; urgency=medium * d/gbp.conf, d/watch: switch to development branch for experimental * New upstream development release - Drop patch, applied upstream - d/copyright: Update - Add flatpak-bisect to the flatpak-builder package - Adjust install files for rename of `flatpak remote-list` to `flatpak remotes` - Update symbols * flatpak Recommends xdg-desktop-portal-gtk | xdg-desktop-portal-backend, so that sandboxed apps can communicate with the outside world * Build-depend on ostree-tests and make flatpak-tests depend on it, for ostree trivial-httpd -- Simon McVittie Thu, 16 Mar 2017 11:50:46 +0000 flatpak (0.8.4-3) unstable; urgency=medium * Mark the one remaining patch as applied in 0.9.1 * Upload to unstable -- Simon McVittie Wed, 15 Mar 2017 18:43:51 +0000 flatpak (0.8.4-2) experimental; urgency=medium * Explicitly build-depend on automake. Otherwise, the aspcud resolver used in experimental sometimes chooses automake1.11 as the best solution to dh-autoreconf's dependency on automake | automaken, causing FTBFS. - Set the dependency to 1.14.1 since flatpak is known to build successfully with that version in jessie-backports, whereas older versions are not known to work. -- Simon McVittie Sun, 12 Mar 2017 13:59:18 +0000 flatpak (0.8.4-1) experimental; urgency=medium * New upstream bugfix release - Don't add flatpak directories to XDG_DATA_DIRS if already present - Do add flatpak directories to XDG_DATA_DIRS if it already has a non-default value - Improve progress estimates and reporting for UI frontends - Fill in many missing options in man pages - Support extensions that apply to multiple versions, particularly useful for OpenGL drivers - Support extensions that do not depend on any specific runtime, particularly useful for proprietary OpenGL drivers packaged with a static binary helper - Various fixes for error checking and crashes - Make flatpak_get_system_installations() return an array that owns (takes responsibility for freeing) its contents. This is technically an ABI break, but it makes this function consistent with others that have a similar signature, and nothing in Debian uses it yet. - Disable spliced reads in the FUSE file system, which don't appear to work - Make FamilyWild xauth tokens available in the sandbox, not just FamilyLocal - Fix a misleading message on systems without systemd --user: it now disables an optional feature without breaking sandboxing * Add patch simplifying profile.d snippet * Initially upload to experimental since this is relatively large for a stable-branch release -- Simon McVittie Sat, 11 Mar 2017 13:00:05 +0000 flatpak (0.8.3-1) unstable; urgency=medium * New upstream bugfix release - fixes portals' ability to identify confined apps (Closes: #855129) - better support for third-party (proprietary) OpenGL drivers - better handling of errors for extra-data - handle extra-data properly for runtimes (as well as apps) - respect required version for runtimes (as well as apps) - flatpak list: Don't break if some local ref is not deployed - builder: Look for appstream data in /app/share/metadata also - builder: Fix buildsystem=cmake builds - Add progress reporting to extra-data download - Fix uid/gid for directories in document portal * Duplicate the profile.d snippet in /etc/X11/Xsession.d so it applies to X11 sessions, not just login shells. This matches the upstream intention: X11 sessions have traditionally run in a login shell on Red Hat derivatives, but not in Debian derivatives. (Closes: #846338) -- Simon McVittie Tue, 14 Feb 2017 14:14:45 +0000 flatpak (0.8.2-1) unstable; urgency=medium * New upstream bugfix release - drop remaining patch, applied upstream - security fix: prevent writing to per-user-installed fonts and Flatpak extensions (typically locales) * d/control: flatpak-tests Recommends python, which is needed for one test (silencing a lintian warning) -- Simon McVittie Fri, 27 Jan 2017 21:56:51 +0000 flatpak (0.8.1-1) unstable; urgency=medium * New upstream release, very similar to 0.8.0-2 - drop all patches * d/p/flatpak-system-helper-remove-dangling-reference-to-EXTERN.patch: do not search /export/share, which seems to have been unintended -- Simon McVittie Thu, 19 Jan 2017 14:55:24 +0000 flatpak (0.8.0-2) unstable; urgency=medium * d/p/Use-seccomp-to-filter-out-TIOCSTI-ioctl.patch: Add patch from upstream to prevent contained apps from using TIOCSTI ioctl. This would let the app inject commands into the terminal from which it was invoked (CVE-2017-5226). This was initially fixed in bubblewrap by calling setsid(), but that breaks the ability to use Ctrl+Z or Ctrl+C on a flatpak-confined process, so it is being made optional; prevent the attack here instead, in a way that doesn't break shells. * d/p/Fix-update-of-standalone-bundle.patch: Add patch from upstream to fix updating an existing app with "flatpak install --bundle foo.flatpak" * d/p/Make-sure-var-tmp-is-not-on-tmpfs.patch: Add patch from upstream to mount ~/.var/APP/cache/tmp at /var/tmp inside the sandbox, so apps can rely on /var/tmp being on disk * d/p/Document-the-DefaultBranch-key.patch, d/p/Document-RuntimeRepo-key.patch: Add patches from upstream to fill in some missing documentation * d/p/testlibrary-ensure-that-contents_array-is-NULL-terminated.patch, d/p/tests-Install-testpython.py-executable.patch, d/p/tests-Move-the-test-repo-to-a-subdirectory-repos-test.patch: Fix some bugs in the tests * debian/tests/: split out builder-python into a separate autopkgtest, it too has more dependencies -- Simon McVittie Wed, 18 Jan 2017 00:02:19 +0000 flatpak (0.8.0-1) unstable; urgency=medium * New upstream stable release - Bump bubblewrap dependencies to 0.1.5 following configure.ac - Bump ostree dependency to 2016.15 following upstream release notes (the minimal dependency is 2016.14, but 2016.15 is recommended) - debian/libflatpak0.symbols: add new ABIs - d/p/pull-Exit-early-on-error-without-aborting-transaction.patch: drop patch, applied upstream * debian/gbp.conf: switch upstream branch to debian/0.8.x to follow the first upstream stable-branch * debian/watch: only follow stable-branches * debian/org.freedesktop.Flatpak.pkla: configure polkit 0.105 to allow sudoers to uninstall apps and runtimes without re-authenticating, following upstream changes to the org.freedesktop.Flatpak.rules used in newer polkit versions * d/p/Update-Polish-translation.patch: update translated strings from upstream git * d/p/flatpak-builder-1-fix-typo.patch: fix a typo in the man page -- Simon McVittie Wed, 21 Dec 2016 14:13:52 +0000 flatpak (0.6.14-3) unstable; urgency=medium * d/tests/*: only run tests on a real or virtual machine, not in a container. bubblewrap is effectively already a container, and nesting containers doesn't work particularly well. Unfortunately this means the tests won't work on ci.debian.net, which uses LXC. -- Simon McVittie Thu, 01 Dec 2016 12:42:45 +0000 flatpak (0.6.14-2) unstable; urgency=medium * d/p/pull-Exit-early-on-error-without-aborting-transaction.patch: Add patch recommended by upstream to fix a GNOME Software crash -- Simon McVittie Tue, 29 Nov 2016 17:53:34 +0000 flatpak (0.6.14-1) unstable; urgency=medium * New upstream release - update ostree build-dependency to 2016.14 -- Simon McVittie Tue, 29 Nov 2016 12:51:43 +0000 flatpak (0.6.13-1) unstable; urgency=medium * New upstream release - update symbols file - update ostree build-dependency to 2016.12 -- Simon McVittie Wed, 26 Oct 2016 19:10:48 +0100 flatpak (0.6.12-1) unstable; urgency=medium * This release drops source compatibility with Debian jessie. If you are building unofficial backports for older Debian derivatives, please base them on the debian/jessie-backports git branch instead of debian/master from now on. * d/control: rely on gtk-update-icon-theme, removing libgtk-3-bin alternative. - d/p/debian/Try-gtk-3.0-version-of-the-icon-cache-utility-first.patch: drop patch, this branch can now rely on having the plain gtk-update-icon-theme executable * Bump debhelper compatibility level to 10 - do not explicitly build in parallel, it is now the default - do not explicitly enable autoreconf and systemd sequences, they are now the default * New upstream release - d/libflatpak0.symbols: update -- Simon McVittie Fri, 07 Oct 2016 22:41:21 +0100 flatpak (0.6.11-1) unstable; urgency=medium * New upstream release - install new man pages flatpak-flatpakrepo(5), flatpak-flatpakref(5) * Install Flatpak-1.0.typelib to multiarch path (Closes: #838308) * Make gir1.2-flatpak-1.0 Multi-arch: same * Make libflatpak-dev depend on gir1.2-flatpak-1.0 in accordance with the g-i mini-policy * Relicense debian/ under LGPL, with permission from David King * Register flatpak-docs.html in the Debian doc-base system -- Simon McVittie Wed, 21 Sep 2016 19:01:32 +0100 flatpak (0.6.10-1) unstable; urgency=medium * New upstream release - d/libflatpak0.symbols: update - Build-depend on ostree 2016.10 - Bump bubblewrap (build-)dependencies to 0.1.2 - Drop all patches except d/p/debian/Try-gtk-3.0-version-of-the-icon-cache-utility-first.patch: all applied upstream - Demote libpam-systemd from Depends to Recommends. It is no longer mandatory to be running systemd --user, since flatpak 0.6.10 identifies contained processes via their /proc/$pid/root/.flatpak-info instead of via cgroups * d/copyright: mention the Autoconf permissive license of acinclude.m4 * Make libflatpak-dev Multi-Arch: same -- Simon McVittie Thu, 15 Sep 2016 08:28:19 +0100 flatpak (0.6.9-1) unstable; urgency=medium * New upstream release - d/control: libgsystem is no longer required - d/copyright: update for new libglnx - drop most patches, applied upstream * Drop unused build-dependency on docbook-xsl-doc-html. It is documentation about docbook-xsl, so isn't needed at build-time. * Expand build-dependencies to what we would use if no tests are skipped. In practice buildds disallow some of what the tests do, but we shouldn't rely on that. * d/patches: cherry-pick various post-release bug fixes from upstream * Build-depend on attr, and make flatpak-tests depend on it, for better test coverage if /var/tmp supports xattrs * Build-depend on fuse, so we can run fusermount if supported * Make flatpak-tests depend on ostree instead of using d/tests/control * d/p/make-test-runtime-cope-with-Debian-s-Python-2.7-configura.patch, add patch to make more build-time tests pass * d/p/Tell-build-time-tests-which-bwrap-we-are-going-to-use.patch: skip tests that cannot be run because we are in an environment where bwrap fails * d/p/test_install_launch_uninstall-consistently-check-for-GErr.patch: add patch to improve diagnostics on some test failures * d/p/document-portal-cope-with-multiple-events-that-would-caus.patch: in the document portal, don't crash if there is more than one reason to exit * Remove unused lintian overrides * Add lintian override for flatpak-system-helper.service. It is deliberately missing an [Install] section (so enabling it for eager startup is not possible), because it is intended to be started via D-Bus activation. * d/p/Terminate-gpg-agent-after-using-it-for-tests.patch: add patch to terminate gpg-agent processes after use * Terminate any further stray gpg-agent processes when running tests -- Simon McVittie Wed, 07 Sep 2016 22:42:09 +0100 flatpak (0.6.8-1) unstable; urgency=medium * New upstream release - d/copyright: source files are now licensed as LGPL-2.1+ - d/flatpak.install: install systemd snippet to configure dbus.service with flatpak in XDG_DATA_DIRS - d/control, d/rules: build-depend on xmlto and enable all documentation - d/flatpak.install: install documentation for the command-line tools, and i18n - d/p/dist/Add-flatpak-metadata.xml-from-upstream-git.patch: Add missing flatpak-metadata.xml from upstream git, which was not included in the released tarball * d/p/unrpm-prevent-shell-injection.patch: Avoid shell injection when building a Flatpak from an RPM * d/p/Wait-for-locks-in-TEST_DATA_DIR-to-be-released-before-del.patch: Drop patch, it does not appear to make testing pass on ci.debian.net as I had hoped * d/tests: mark test-extensions.sh to only be run in virtual machines, in the hope that when ci.debian.net gets a qemu runner, it will work there -- Simon McVittie Tue, 02 Aug 2016 15:19:41 +0100 flatpak (0.6.7-2) unstable; urgency=medium * d/p/libtest-replace-dbus-launch-with-dbus-daemon.patch: Add patch to stop using dbus-launch in the tests * d/p/Wait-for-locks-in-TEST_DATA_DIR-to-be-released-before-del.patch: Add patch to avoid a race condition during testing between the container's "init" process shutting down, and libtest.sh proceeding with cleanup in response to the container's main process (which exits first) shutting down -- Simon McVittie Thu, 28 Jul 2016 09:12:38 +0100 flatpak (0.6.7-1) unstable; urgency=medium * New upstream release - drop all patches except d/p/debian/*, applied upstream - d/libflatpak0.symbols: update for new ABIs - d/control: depend and build-depend on OSTree 2016.6 - d/tests/control: flatpak-builder test now needs git * Depend on system bubblewrap (Closes: #824647) * Remove obsolete note about requiring unprivileged user namespaces * d/p/build-run-install-test-data-hook-even-if-using-system-bwr.patch: add patch to fix installed-tests with system bwrap -- Simon McVittie Wed, 06 Jul 2016 12:45:03 +0100 flatpak (0.6.6-2) unstable; urgency=medium * d/flatpak.postrm: delete /var/lib/flatpak/.changed on purge, fixing piuparts error * d/p/test-basic-do-not-fail-in-non-English-locales.patch: fix FTBFS in non-English locales, for instance during reproducible build testing -- Simon McVittie Tue, 28 Jun 2016 08:33:51 +0100 flatpak (0.6.6-1) unstable; urgency=medium * New upstream release - drop patches, applied upstream - d/libflatpak0.symbols: update * d/p/document-portal-don-t-reply-to-GetMountPoint-until-ready.patch: Add patch to make the document portal (and hence FUSE support) optional for "flatpak run" * d/p/tests-don-t-treat-helper-scripts-as-though-they-were-test.patch: Add patch to avoid non-test helper scripts being run as tests * d/p/Downgrade-failure-to-get-document-portal-from-warning-to-.patch: Add patch to avoid test failure when FUSE is unusable * d/p/Run-tests-with-a-private-XDG_RUNTIME_DIR.patch: Add patch to run tests with a private XDG_RUNTIME_DIR, so the document portal under test works correctly even if the user is already running one * d/p/debian/Try-gtk-3.0-version-of-the-icon-cache-utility-first.patch: bring back compatibility with gtk-update-icon-cache-3.0, for backports - d/control: libgtk-3-bin is an alternative to gtk-update-icon-cache again -- Simon McVittie Sat, 25 Jun 2016 12:03:06 +0100 flatpak (0.6.5-1) unstable; urgency=medium * New upstream release - d/p/flatpak-run-don-t-fail-if-there-are-no-system-fonts.patch: drop, applied upstream - update symbols file for new ABI * d/p/Link-libselinux-into-bwrap-if-enabled-with-LDADD-not-LDFL.patch: make sure bwrap links even if the linker is pedantic * d/tests/gnome-desktop-testing: correctly report failures * d/tests/control: depend on ostree, used to export a Flatpak repository for testing * d/control: flatpak-builder Recommends binutils (for strip) and elfutils (for eu-strip), which can be invoked outside the sandbox by manifests that specify {'build-options': {'strip': true}} or {'build-options': {'no-debuginfo': true}} * d/p/sandbox-Make-var-tmp-and-tmp-different-dirs-not-symlinks.patch, d/p/test-run-don-t-use-test_builddir-to-exercise-filesystem.patch: add patches to make the installed-tests test-run.sh and test-run-system.sh pass with --prefix=/usr * Upload to unstable (LP: #1590411) -- Simon McVittie Tue, 21 Jun 2016 10:22:13 +0100 flatpak (0.6.4-1) experimental; urgency=medium * New upstream release - d/p/Correctly-handle-with-privileged-group.patch: drop, no longer necessary - adjust packaging for new name and location of flatpak-bwrap - adjust packaging for new location of installed-tests * Unconditionally recommend gtk-update-icon-cache now that it's in testing - d/p/Try-gtk-3.0-version-of-the-icon-cache-utility-first.patch: drop, no longer necessary * d/control: update Homepage * d/copyright: update Source * tests: depend on attr, for setfattr, to get better test coverage (still skipped if /var/tmp on the testbed does not support xattrs) * d/p/flatpak-run-don-t-fail-if-there-are-no-system-fonts.patch: don't fail uses of flatpak-run or the builder test if the system has no fonts * debian/org.freedesktop.Flatpak.pkla: add an equivalent of the upstream JavaScript polkit rules (used by polkit >= 0.106), for use with polkit 0.105 as shipped in Debian. This allows members of group 'sudo' to install apps and runtimes into the system-wide location, from any remote that was previously added/trusted by a privileged user, without re-authenticating. (Closes: #825766) -- Simon McVittie Sun, 05 Jun 2016 15:19:00 +0100 flatpak (0.6.2-1) experimental; urgency=medium * New upstream release - d/p/Treat-members-of-sudo-group-as-privileged.patch: drop, superseded by new --with-privileged-group option - d/p/Skip-tests-that-make-a-repository-if-var-tmp-lacks-user-x.patch: drop, merged upstream * Use new --with-privileged-group option to make "sudo" group privileged - d/p/Correctly-handle-with-privileged-group.patch: add post-release patch from upstream to make it work - drop hack to make admin group privileged on Ubuntu, they started to phase out that group in 2012 * Build-depend on libdw-dev from src:elfutils instead of libdwarf-dev. Both provide dwarf.h, which is all we really need; libdw-dev is the one that is used in various important packages, including systemd. We also require src:elfutils anyway, for libelf-dev. (Closes: #825191) * debian/upstream/signing-key.asc: add * debian/gbp.conf: automatically merge upstream tag into imported source -- Simon McVittie Tue, 24 May 2016 20:24:48 +0100 flatpak (0.6.1-1) experimental; urgency=medium * New upstream release - drop patches to bubblewrap, included in the submodule upstream * d/p/Try-gtk-3.0-version-of-the-icon-cache-utility-first.patch: add missing space between the tool's name and its --quiet argument * d/p/Treat-members-of-sudo-group-as-privileged.patch: use sudo, not wheel, as the group of administrative users - d/rules: alter the polkit policy on Ubuntu derivatives to treat the admin group as equivalent to sudo * d/rules: don't install bwrap setuid on Ubuntu. Ubuntu enables unprivileged user namespaces by default. (Closes: #825090) * d/p/Skip-tests-that-make-a-repository-if-var-tmp-lacks-user-x.patch: skip several tests if we can run bwrap, but cannot write extended attributes in /var/tmp, for example on an Ubuntu live system * Use dh_girepository to get correct ${gir:Depends} * Prefer gtk-update-icon-cache as provider of the binary of the same name, but still accept libgtk-3-bin for now, to be nice to backports -- Simon McVittie Mon, 23 May 2016 23:06:50 +0100 flatpak (0.6.0-3) experimental; urgency=medium * Build-depend on procps, for /bin/kill (used in the tests). This fixes FTBFS in a more up-to-date buildd schroot. -- Simon McVittie Sun, 22 May 2016 14:19:12 +0100 flatpak (0.6.0-2) experimental; urgency=medium * debian/flatpak.postinst: initialize /var/lib/flatpak/repo as requested by upstream * debian/flatpak.postrm: remove /var/lib/flatpak/repo on purge * Use dh-systemd to restart flatpak-system-helper on upgrades * debian/tests/control: flatpak-builder test requires make * Add patches from bubblewrap bug #71 to the embedded copy of bwrap, fixing flatpak-builder on the normal configuration of Debian kernels * Change patch for gtk-update-icon-cache-3.0 to fall back to gtk-update-icon-cache. This means it will still work when the Debian-specific gtk-update-icon-cache-3.0 name is dropped. -- Simon McVittie Sat, 21 May 2016 22:57:49 +0100 flatpak (0.6.0-1) experimental; urgency=medium * Rename package from xdg-app to flatpak, following upstream rename * New upstream release - Remove patches, applied upstream - Add new build-dependency on libpolkit-gobject-1-dev * libflatpak-dev: depend on libflatpak0, not flatpak (Closes: #823328) * debian/copyright: update * Install bwrap (bubblewrap) helper tool setuid by default, so that the package works without further configuration (Closes: #823535) - note that an unreleased snapshot of bwrap is also available as src:bubblewrap; for now this package uses its bundled submodule, until we get a better idea of how closely these packages will need to track each other * Add autopkgtests for as-installed testing * Build-depend on dbus-x11: the tests explicitly use dbus-launch -- Simon McVittie Wed, 04 May 2016 09:36:05 +0100 xdg-app (0.5.2-1) experimental; urgency=medium * New upstream release * debian/patches/install-Only-set-current-for-apps-not-for-runtimes.patch: remove, no longer necessary (and wasn't applied) * debian/gbp.conf: use DEP-14 branch names * Correct ITP bug number in previous changelog entry (was #697477, should have been #813308) * Don't build-depend on fuse. The test that uses fuse appears to fail on buildds, possibly because the kernel module is blacklisted; it should automatically be skipped when fuse isn't installed. * debian/gbp.conf: disable numbered patches, to reduce diff noise when they get applied upstream * d/p/session-helper-connect-the-D-Bus-and-systemd-services.patch: link the D-Bus session service to the systemd user service * Standards-Version: 3.9.8 (no changes needed) -- Simon McVittie Mon, 25 Apr 2016 09:06:11 +0100 xdg-app (0.5.0-1) experimental; urgency=medium * Prepare package for Debian (Closes: #813308) * Set the Utopia Maintenance Team as maintainer, with myself and Matthias Klumpp as uploaders * Add Vcs-Git, Vcs-Browser (in collab-maint git) * Remove unnecessary use of dh-exec * Remove -dbg package, rely on automatic dbgsym packages instead * debian/.gitignore: add * debian/copyright: fill in all copyright holders * Normalize packaging via `wrap-and-sort -abst` * Adjust Section for the packages * Run the tests with VERBOSE=1 * Install the new systemd user services * Run dh_install with --fail-missing to catch mistakes * Rename libxdgapp to the correct libxdg-app0 corresponding to libxdg-app.so.0 * Rename libxdgapp-dev to libxdg-app-dev for consistency * Stop disabling the test that relies on FUSE; it is now correctly skipped if appropriate * Re-enable gtk-doc and add a libxdg-app-doc package * Add libxdg-app0.symbols * Add missing development dependencies * Set ${libexecdir} to /usr/lib/xdg-app, to avoid the toolchain getting confused by PIE executables in ${libexecdir} and treating them as incorrectly-named shared libraries * xdg-app-builder: reduce non-mandatory build tools to Recommends * xdg-app-builder: do not depend on tar, which is Essential * Fill in better values for Description * Depend on libpam-systemd (i.e. a working systemd-logind), because xdg-app currently relies on systemd to put user processes in cgroups * Run tests once via check-TESTS, but do not run them a second time via gtester, which fails because all test-cases in one test might be skipped * debian/control: document how to enable user namespaces * Only build for Linux: this package is specifically not portable -- Simon McVittie Sat, 19 Mar 2016 18:08:53 +0000 xdg-app (0.5.0-0alexlarsson1~wily1) wily; urgency=medium * Update to new upstream version -- Alexander Larsson Wed, 16 Mar 2016 10:10:34 +0200 xdg-app (0.4.13-0alexlarsson3~vivid1) vivid; urgency=medium * Update to new upstream version -- Alexander Larsson Fri, 26 Feb 2016 10:12:00 +0200 xdg-app (0.4.12-0alexlarsson1~vivid1) vivid; urgency=medium * Update to new upstream version -- Alexander Larsson Fri, 19 Feb 2016 13:18:00 +0200 xdg-app (0.4.11-0alexlarsson1~vivid1) vivid; urgency=medium * Update to new upstream version -- Alexander Larsson Tue, 9 Feb 2016 12:25:00 +0200 xdg-app (0.4.10-0alexlarsson1~vivid1) vivid; urgency=medium * Update to new upstream version -- Alexander Larsson Tue, 9 Feb 2016 10:42:00 +0200 xdg-app (0.4.9-0alexlarsson1~vivid1) vivid; urgency=medium * Update to new upstream version -- Alexander Larsson Mon, 8 Feb 2016 15:15:00 +0200 xdg-app (0.4.7-alexlarsson1~vivid4) vivid; urgency=medium * Disabled gtk-doc -- Alexander Larsson Mon, 25 Jan 2016 11:15:00 +0200 xdg-app (0.4.7-alexlarsson1~vivid1) vivid; urgency=medium * New upstream release -- Alexander Larsson Mon, 25 Jan 2016 11:05:00 +0200 xdg-app (0.4.6-alexlarsson1~vivid2) vivid; urgency=medium * New upstream release -- Alexander Larsson Thu, 17 Dec 2015 11:05:00 +0200 xdg-app (0.4.5-alexlarsson1~vivid) vivid; urgency=medium * New upstream release -- Alexander Larsson Fri, 06 Nov 2015 15:41:00 +0200 xdg-app (0.4.4-alexlarsson1) vivid; urgency=medium * New upstream release -- Alexander Larsson Fri, 02 Oct 2015 10:01:55 +0200 xdg-app (0.4.3-alexlarsson5) vivid; urgency=medium * Really disable fuse tests -- Alexander Larsson Fri, 02 Oct 2015 09:20:53 +0200 xdg-app (0.4.3-alexlarsson4) vivid; urgency=medium * Remove fuse based tests, as they don't work in ppa build -- Alexander Larsson Fri, 02 Oct 2015 09:06:51 +0200 xdg-app (0.4.3-alexlarsson3) vivid; urgency=medium * Add fuse dependency -- Alexander Larsson Fri, 02 Oct 2015 08:48:48 +0200 xdg-app (0.4.3-alexlarsson2) vivid; urgency=medium * Add dbus dependency -- Alexander Larsson Fri, 02 Oct 2015 08:40:46 +0200 xdg-app (0.4.3-alexlarsson1) vivid; urgency=medium * New upstream release -- Alexander Larsson Thu, 01 Oct 2015 13:06:05 +0200 xdg-app (0.1-0amigadave4) trusty; urgency=low * Add build dependency on dh-exec. -- David King Wed, 08 Apr 2015 13:48:36 +0100 xdg-app (0.1-0amigadave3) trusty; urgency=low [ David King ] * Add build dependency on libattr1-dev. -- David King Wed, 08 Apr 2015 13:36:39 +0100 xdg-app (0.1-0amigadave2) trusty; urgency=low [ David King ] * Add build dependency on xsltproc. -- David King Wed, 08 Apr 2015 13:28:14 +0100 xdg-app (0.1-0amigadave1) trusty; urgency=low [ David King ] * Initial packaging. -- David King Thu, 02 Apr 2015 15:44:01 +0000