Debian Package Tracker

From: Simon McVittie <smcv@debian.org>
To: <debian-backports-changes@lists.debian.org>
Subject: Accepted flatpak 0.8.7-2~deb9u1~bpo8+1 (all source) into jessie-backports->backports-policy, jessie-backports
Date: Fri, 02 Feb 2018 08:14:22 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 22 Dec 2017 10:36:18 +0000
Source: flatpak
Binary: flatpak flatpak-builder flatpak-tests gir1.2-flatpak-1.0 libflatpak-dev libflatpak-doc libflatpak0
Architecture: all source
Version: 0.8.7-2~deb9u1~bpo8+1
Distribution: jessie-backports
Urgency: high
Maintainer: Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>
Changed-By: Simon McVittie <smcv@debian.org>
Closes: 865413
Description: 
 flatpak    - Application deployment framework for desktop apps
 flatpak-builder - Flatpak application building helper
 flatpak-tests - Application deployment framework for desktop apps (tests)
 gir1.2-flatpak-1.0 - Application deployment framework for desktop apps (introspection)
 libflatpak0 - Application deployment framework for desktop apps (library)
 libflatpak-dev - Application deployment framework for desktop apps (development)
 libflatpak-doc - Application deployment framework for desktop apps (documentation)
Changes:
 flatpak (0.8.7-2~deb9u1~bpo8+1) jessie-backports; urgency=medium
 .
   * Backport to jessie
     - debian/gbp.conf: adjust for this branch
     - debian/control: (build-)depend on libgtk-3-bin, not
       gtk-update-icon-cache
     - d/p/debian/Try-gtk-3.0-version-of-the-icon-cache-utility-first.patch:
       try to use gtk-update-icon-cache-3.0 before gtk-update-icon-cache
     - d/p/backport/*.patch, d/control: Relax GLib dependency to 2.42
 .
 flatpak (0.8.7-2~deb9u1) stretch; urgency=medium
 .
   * Rebuild for stretch
   * Merge changelog from stretch-security
   * debian/gbp.conf: Switch branch to debian/stretch
 .
 flatpak (0.8.7-2) unstable; urgency=medium
 .
   * Move upstreamed patch to debian/patches/0.9.1/ to make it obvious
     when it can be dropped
   * d/p/0.8.8/: add patches backported from upstream 0.9.4, 0.9.6,
     together with a new patch to the tests, to restore compatibility
     with libostree 2017.7 (all applied upstream already)
 .
 flatpak (0.8.7-1) unstable; urgency=high
 .
   * New upstream stable release
     - Security: prevent deploying files with inappropriate permissions
       (world-writable, setuid, etc.) (Closes: #865413)
     - Security: make ~/.local/share/flatpak private to user to defend
       against app vendors that might have released files with
       inappropriate permissions in the past
     - If an error occurs during pull, do not double-set an error,
       which is considered to be invalid
     - Increase some arbitrary timeouts in a test to make it more
       reliable
 .
 flatpak (0.8.6-1) unstable; urgency=medium
 .
   * New upstream release
     - Fix the return value type for filtered NameHasOwner() D-Bus calls
       (upstream issue 817)
     - Security hardening: Only export .desktop files, D-Bus session
       services and icons, but not other files that an app might try to
       export
     - Allow remote repositories to specify a new GPG key (for key rollover)
       or a new URL (for location migration) in their signed metadata
     - Let KDE apps bind-mount ~/.config/kdeglobals into the sandbox:
       + Allow bind-mounting regular files in the XDG cache, config or data
         directories, not just directories
       + Allow bind-mounting files in the XDG directories read-only, not
         just read/write
     - Close a race condition in app identification by portals
     - Cope with a non-default WAYLAND_DISPLAY
     - Cope with /tmp on the host being a symlink
     - Clear TMPDIR in the sandbox, fixing sandboxed Spotify
     - Add X-Flatpak=$app_id to exported .desktop files
       so that the desktop environment can identify what will be launched
     - Make the host's /etc/hosts and /etc/host.conf available in the sandbox,
       fixing sandboxed Spotify
     - Update Hungarian translation
Checksums-Sha1: 
 7c1e8c1a223078c566696bdea231b776681197d8 35160 libflatpak-doc_0.8.7-2~deb9u1~bpo8+1_all.deb
 2459a4ad4e7708e203ccd91b4b9e19d483bb820b 2991 flatpak_0.8.7-2~deb9u1~bpo8+1.dsc
 517c096d9981fd5d2a3d97551e577f6fcfed7c81 25152 flatpak_0.8.7-2~deb9u1~bpo8+1.debian.tar.xz
Checksums-Sha256: 
 ed456f5d914b98ba1b696e28f6d37642571f2f13c82c331340bcd3e4aeeac48d 35160 libflatpak-doc_0.8.7-2~deb9u1~bpo8+1_all.deb
 c636bb66d66814a85e2136c9cc5195c0e1e77e7823acb73b1d7ca30e9bf497aa 2991 flatpak_0.8.7-2~deb9u1~bpo8+1.dsc
 625d7b2dc042ccd4c109bbc66bd08dc69418e9cc9743a36ffefa467bdd11afbb 25152 flatpak_0.8.7-2~deb9u1~bpo8+1.debian.tar.xz
Files: 
 580f6cf325867eba1b869b83d308b5dd 35160 doc optional libflatpak-doc_0.8.7-2~deb9u1~bpo8+1_all.deb
 ba56313cd40b0afcbbd11654fe508bb7 2991 admin optional flatpak_0.8.7-2~deb9u1~bpo8+1.dsc
 96198c41ea107440a0b25b31c343e637 25152 admin optional flatpak_0.8.7-2~deb9u1~bpo8+1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEENuxaZEik9e95vv6Y4FrhR4+BTE8FAlpzKngACgkQ4FrhR4+B
TE/HWRAAo/ng4SRQmqYUH9oLb2NmOWhStlMqXaF/wlN9EXJICWKBw+p2EoTggCRk
JpZl3NGB+HSpjHadQ+YL5xgU43R/ftGbv4q9OUqs056C2iQfOsZ/kZkl5vbQSN9z
omWzEHCblcF/Raq1pnEySVQQSyNObZcaR3f5fjZhQh0DoYl8ykiwpuaIvX5jttEv
7pDN9Q/uCqqRerlh04TBkNuVEyJ9xSJ4nIqP88Lj34LqpriQ+CWiUj3O/WABanQS
KHVfv8QnnQZE59W1i1ZWViTDRU83QhzejsEzSfumZnYfNclRJy3Gtpmw3xEP3rXG
McPnX43nGPHKb8ktB9Jtm2sYU9mfPGASoli0QcAWqlZ3L3ZDqiYejzPJ0p0aT0GX
bbQJHpjeYFRco5iGkJwEEqYK6i2561clu3I3bKrvsGoo9ncNrozHE43PFnylKIWp
l6roCFACiE/uNc54JCnMtxXuhJu54dIPvqxSHifHtlyo3r0dHzhrRj4V12onqw8e
cn1SbbqNCu4BJCURSD3y1PcZxav/3zTwu5JvEtzc9RMXj3yu9Uk37ft5KF5FdXnQ
IoBfVSxVQwaZT0YuIfMC3x81xeXmYACKxY2KyfYNoMxCHBZ7/cqljgnxp4/ePk5j
bqE2FMzRC0bkgeYH+rwIpexBSDx9C31d8iFKVx7uPhSa6BHogXM=
=f6vw
-----END PGP SIGNATURE-----
News for package flatpak
