1. 15 Oct, 2021 2 commits
  2. 14 Oct, 2021 1 commit
    • Ritesh Raj Sarraf's avatar
      Merge remote-tracking branch 'origin/apertis/v2022pre' into... · 8e83e454
      Ritesh Raj Sarraf authored
      Merge remote-tracking branch 'origin/apertis/v2022pre' into proposed-updates/debian/bullseye-security/e9a4c177
      
      * origin/apertis/v2022pre: (28 commits)
        Release flatpak version 1.10.2-3+apertis2
        d/patches: fix flatpak build-sign command
        Refresh the automatically detected licensing information
        Release flatpak version 1.10.2-3+apertis1
        Whitelist GPL-3 license files
        Drop obsolete ci config file
        Release flatpak version 1.10.2-2+apertis1
        d/patches: rebase conflicting patch
        Release flatpak version 1.10.1-4apertis2
        d/patches: re-enable GPG-related command-line options
        Release flatpak version 1.10.1-4apertis1
        Add missing symbols
        Disable GPG support when building the package
        Add patches to disable GPG support and enable ed25519 signatures
        Cleanup unused patch file
        Release flatpak version 1.10.1-4apertis1
        Drop patch Disable-failing-tests-during-package-build.patch
        Release flatpak version 1.2.5-0+deb10u3co1
        Refresh the automatically detected licensing information
        Release flatpak version 1.2.5-0+deb10u1co2
        ...
      8e83e454
  3. 13 Oct, 2021 2 commits
  4. 07 Oct, 2021 2 commits
  5. 12 Aug, 2021 5 commits
  6. 11 Aug, 2021 1 commit
  7. 21 Jul, 2021 2 commits
  8. 18 Jul, 2021 3 commits
  9. 18 Jun, 2021 2 commits
  10. 16 Mar, 2021 5 commits
  11. 15 Mar, 2021 2 commits
  12. 11 Mar, 2021 1 commit
  13. 06 Mar, 2021 1 commit
  14. 05 Mar, 2021 1 commit
    • Simon McVittie's avatar
      Import Debian changes 1.10.1-4 · 21210638
      Simon McVittie authored
      flatpak (1.10.1-4) unstable; urgency=high
      .
        * d/p/Disallow-and-u-usage-in-desktop-files.patch:
          Add proposed patch to fix a sandbox escape via crafted .desktop
          files (flatpak#4146). Thanks, Ryan Gonzalez
        * d/p/tests-Remove-hard-coded-references-to-x86_64.patch:
          Add proposed patch to fix some tests on non-x86_64 machines.
          The affected tests were already skipped in schroot/lxc for other
          reasons, but would be run (and fail) on autopkgtest testbeds with
          isolation-machine and working FUSE.
      .
      flatpak (1.10.1-3) unstable; urgency=medium
      .
        * Mark patch as applied upstream
        * Add bugfixes from upstream flatpak-1.10.x branch
          - Add extern "C" guards to header files, fixing compilation of C++ code
            such as plasma-discover against GLib 2.67.x
          - Fix memory leaks in the unit tests
      21210638
  15. 22 Feb, 2021 3 commits
  16. 15 Feb, 2021 1 commit
  17. 28 Jan, 2021 1 commit
    • Simon McVittie's avatar
      Import Debian changes 1.10.1-2 · 747f5fdb
      Simon McVittie authored
      flatpak (1.10.1-2) unstable; urgency=medium
      
        * d/patches: Disable FUSE-based revokefs if any of several factors fail.
          This fixes FTBFS in pbuilder, and hopefully also on Launchpad
          autobuilders.
      
      flatpak (1.10.1-1) unstable; urgency=medium
      
        * New upstream release
          - Fix a regression in 'flatpak build' after fixing CVE-2021-21261
            (Closes: #980323)
      
      flatpak (1.10.0-2) unstable; urgency=medium
      
        * Upload 1.10.x branch to unstable
        * Add CVE-2021-21261 reference to 1.8.5-1 changelog entry
      
      flatpak (1.10.0-1) experimental; urgency=medium
      
        * d/control: Fix branch in Vcs-Git for experimental
        * Merge packaging from unstable
        * New upstream release, starting the 1.10.x branch
        * Drop patches, applied upstream
        * d/flatpak.install: Install new systemd environment generator
        * d/tests: Mark update portal test as flaky due to
          https://github.com/flatpak/flatpak/issues/4065
      
      flatpak (1.8.5-1) unstable; urgency=high
      
        * New upstream release fixing a sandbox escape vulnerability
          (GHSA-4ppf-fxf6-vxg2, CVE-2021-21261)
        * Mark patch for #975710 as having been applied upstream
      
      flatpak (1.8.4-2) unstable; urgency=medium
      
        * Mark patch for #972138 as having been applied upstream
        * Add patch to avoid gvfs-daemon being started when logging in as root.
          Thanks to Mourad De Clerck (Closes: #975710)
        * Add package-specific info from bubblewrap to bug reports.
          In particular, this will tell us whether it's setuid.
      
      flatpak (1.9.3-2) experimental; urgency=medium
      
        * Add patch to avoid gvfs-daemon being started when logging in as root.
          Thanks to Mourad De Clerck (Closes: #975710)
        * Add package-specific info from bubblewrap to bug reports.
          In particular, this will tell us whether it's setuid.
      
      flatpak (1.9.3-1) experimental; urgency=medium
      
        * Merge packaging changes from unstable
        * New upstream release
        * d/p/variant-schema-compiler-Disable-optimized-calculation-of-.patch:
          Drop patch, which should be unnecessary with the new version
        * Mark remaining patch as forwarded
      
      flatpak (1.8.4-1) unstable; urgency=medium
      
        * debian/o.fd.Flatpak.pkla: sync with rules provided by upstream
        * Use debian/unstable branch for packaging
        * New upstream release
        * d/p/variant-schema-compiler-Disable-optimized-calculation-of-.patch:
          Drop patch, which should be unnecessary with the new version
      
      flatpak (1.8.3-2) unstable; urgency=medium
      
        * Preferentially build-depend on libgdk-pixbuf-2.0-dev.
          We don't need the deprecated Xlib integration that is also pulled in
          by the older libgdk-pixbuf2.0-dev package (see #974870).
        * Standards-Version: 4.5.1 (no changes required)
      
      flatpak (1.9.2-1) experimental; urgency=medium
      
        * Branch for experimental
        * New upstream development release
        * Update ostree build-dependency
        * Use upstream's autogen.sh now that it's shipped
        * d/copyright: Update
        * d/p/Skip-parental-controls-checks-on-ServiceUnknown-or-NameHa.patch:
          Drop patch that was applied upstream
        * d/p/Skip-a-test-case-if-etc-mtab-doesn-t-exist.patch:
          Work around a test failure that can happen in sbuild
        * Update symbols file.
          Ignore removal of flatpak_http_error_quark (aka FLATPAK_HTTP_ERROR),
          which is not in any public headers and is not referenced by any
          other Debian package.
      
      flatpak (1.8.3-1) unstable; urgency=medium
      
        * New upstream release
      
      flatpak (1.8.2-3) unstable; urgency=medium
      
        * d/p/Skip-parental-controls-checks-on-ServiceUnknown-or-NameHa.patch:
          Add proposed patch to skip parental controls if accountsservice is not
          installed.
          The malcontent package (which activates parental controls support)
          depends on accountsservice, but the libmalcontent-0-0 client library
          does not, so we need to cope gracefully with the case where
          neither malcontent nor accountsservice is installed. Presumably, in such
          installations the sysadmin did not want the parental controls feature.
          Ideally libmalcontent would do this itself (#972145). (Closes: #972138)
        * Add Depends on dbus, for the well-known system bus service.
          Now that the parental controls feature is enabled, Flatpak will refuse
          to run apps if the D-Bus system bus is unavailable. Previously, it would
          have partially worked (but with severely reduced functionality, in
          particular only --user installations).
        * d/control: Canonicalize case of Multi-Arch
        * Update lintian overrides to silence some false-positives
      
      flatpak (1.8.2-2) unstable; urgency=medium
      
        [ Laurent Bigonville ]
        * debian/control: Add libmalcontent-0-dev to the build-dependencies.
          This provides optional parental controls for app installation and
          launching.
      
        [ Simon McVittie ]
        * Add Suggests on malcontent-gui
      
      flatpak (1.8.2-1) unstable; urgency=medium
      
        * New upstream release
          - Drop patch for #964541, applied upstream
      
      flatpak (1.8.1-2) unstable; urgency=medium
      
        * Include flatpak-bisect and flatpak-coredumpctl in libflatpak-dev
          - Depends: python3, to be able to run the scripts themselves
          - Recommends: flatpak, for both scripts
          - Suggests: gdb and systemd-coredump, for flatpak-coredumpctl
          - Suggests: python3-gi and ostree, for flatpak-bisect
        * d/p/Fix-argument-order-of-clone-for-s390x-in-seccomp-filter.patch:
          Add proposed patch to fix seccomp filtering on s390x.
          Thanks to Julian Andres Klode. (Closes: #964541, LP: #1886814)
      
      flatpak (1.8.1-1) unstable; urgency=medium
      
        * New upstream stable release
      
      flatpak (1.8.0-1) unstable; urgency=medium
      
        * New upstream stable release
          - Update configure options
          - Install gdm env.d fragment, but only as an example file.
            It is harmful on systems where environment.d(5) works (in particular
            systems using systemd), because it overwrites additions to the
            XDG_DATA_DIRS coming from other app frameworks like Snap.
            However, using either this fragment or manual configuration might
            be necessary on non-systemd systems. See
            /usr/share/doc/flatpak/README.Debian for more details.
          - d/flatpak.README.Debian: Add
      
      flatpak (1.7.3-1) experimental; urgency=medium
      
        * New upstream development release
        * Install new fish completions
        * Enable new libzstd support
        * Install new sysusers.d fragment
        * d/libflatpak0.symbols: Update.
          Ignore deletion of flatpak_oci_error_quark(), which was not public API.
      
      flatpak (1.7.1-1) experimental; urgency=medium
      
        * New upstream development release
          - Sideloading apps now works differently.
            Flatpak no longer supports installing from local network peers, and
            sideloading from a local USB drive is no longer automatic.
            Instead of being configured via `flatpak config sideload-repos`,
            enabling sideloading is now done by creating a symbolic link in
            /var/lib/flatpak/sideload-repos or /run/flatpak/sideload-repos.
      
      flatpak (1.6.3-1) unstable; urgency=medium
      
        * New upstream stable release
      
      flatpak (1.7.0~git20200330-1) experimental; urgency=medium
      
        * New upstream snapshot
          - d/copyright: Update
          - Drop all patches, applied upstream
        * Revert "d/control: Add spurious Build-Conflicts on elogind packages".
          experimental buildds now use aptitude rather than aspcud, so this
          particular workaround shouldn't be necessary, even in experimental.
        * Explicitly build-depend on python3-pyparsing.
          This is required to generate the variant schema compiler.
        * d/p/variant-schema-compiler-Disable-optimized-calculation-of-.patch:
          Disable optimized calculation of offset size.
          This doesn't seem to be completely portable, and it isn't clear why not,
          so disable it until we have more answers.
      
      flatpak (1.7.0~git20200325-1) experimental; urgency=medium
      
        * Branch for 1.7.x and Debian experimental
          - d/control, d/gbp.conf: Use debian/experimental packaging branch
          - d/gbp.conf: Use upstream/latest branch
          - d/watch: Watch for development releases
        * New upstream snapshot
        * Build-depend on python3 even when not running tests, for
          variant-schema-compiler
        * Update symbols file
        * d/patches: Add patches proposed upstream to formalize deprecations
          and fix rebuild of generated files
        * d/control: Add spurious Build-Conflicts on elogind packages.
          As in 1.5.0-1, this works around a build-dependency resolver failure
          when using the same aspcud resolution behaviour as official Debian
          experimental buildds, and can safely be reverted in distributions
          that only have elogind, such as Devuan.
      
      flatpak (1.6.2-1) unstable; urgency=medium
      
        * New upstream stable release
      
      flatpak (1.6.1-1) unstable; urgency=medium
      
        * New upstream stable release
        * Use secure URI in Homepage field.
        * Set upstream metadata fields: Repository.
        * Remove obsolete field Name from debian/upstream/metadata (already
          present in machine-readable debian/copyright).
        * Standards-Version: 4.5.0 (no changes required)
      
      flatpak (1.6.0-1) unstable; urgency=medium
      
        * New upstream stable release
          - d/p/testlibrary-Don-t-assert-that-progress-is-signalled.patch:
            Drop workaround, the leaks that broke this test have been fixed
          - Drop other patches, applied upstream
          - Bump xdg-desktop-portal dependency to 1.6.x.
            That version has new API which Flatpak apps might rely on, so the
            corresponding versions should be tested and backported together.
        * d/watch: Only watch for stable releases
        * Set upstream branch to upstream/1.6.x
        * Drop xdg-desktop-portal from Depends to Recommends.
          Installing xdg-desktop-portal 1.6.x is strongly recommended, but
          strictly speaking it is not required: some of the simpler Flatpak
          apps can work without it. (Closes: #947022)
        * tests: Depend on fuse and policykit-1
        * Revert Build-Conflicts on elogind to be nice to non-systemd derivatives.
          This was a workaround for the build-dependency resolver used in
          experimental, and is unnecessary now that I'm targeting unstable.
      
      flatpak (1.5.2-1) experimental; urgency=medium
      
        * New upstream development release
          - d/copyright: Update
          - d/control: Depend on bubblewrap 0.4.0
          - Update d/libflatpak0.symbols
        * d/tests/build: Use correct compiler for proposed autopkgtest
          cross-architecture testing support
        * Make autopkgtests shellcheck-clean
        * d/p/debian/Use-Python-3-for-test-web-server.patch:
          Drop patch, no longer needed.
          The tests now require Python 3 upstream, and no longer support
          Python 2.
        * Depend on xdg-desktop-portal 1.5.4.
          This is probably not strictly required, but they are likely to be
          released together and some features will need it.
        * d/tests/build: Use correct compiler for proposed autopkgtest
          cross-architecture testing support
        * Make autopkgtests shellcheck-clean
        * d/patches:
          Add proposed patches from upstream PR 3307 to fix memory and fd leaks
        * d/patches:
          Add proposed patches from upstream PR 3310, 3311, 3312 to fix some
          minor memory leaks
        * d/p/testlibrary-Don-t-assert-that-progress-is-signalled.patch:
          Remove problematic assertions while the failure is investigated
      
      flatpak (1.5.0-1) experimental; urgency=medium
      
        * New upstream development release
          - Update d/libflatpak0.symbols
        * Standards-Version: 4.4.1 (no changes required)
        * Set packaging branch to debian/experimental
        * tests: Depend on socat
        * d/control: Add spurious Build-Conflicts on elogind packages.
          This works around a build-dependency resolver failure when using
          the same aspcud resolution behaviour as official Debian experimental
          buildds, which for some reason tries to co-install systemd and elogind,
          causing failure to install build-dependencies.
          (This can safely be reverted in distributions that only have elogind,
          such as Devuan.)
      
      flatpak (1.4.3-1) unstable; urgency=medium
      
        * New upstream stable release
          - d/p/Don-t-register-polkit-agent-if-we-cannot-connect-to-syste.patch,
            d/p/tests-Skip-tests-that-use-system-helper-if-uid-or-gid-is-.patch:
            drop patches, applied upstream
        * Remove redundant --libexecdir, no longer needed with compat level 12
      
      flatpak (1.4.2-2) unstable; urgency=medium
      
        * Upload to unstable
        * d/gbp.conf: Return to debian/master branch
        * Use debhelper-compat 12
        * Standards-Version: 4.4.0 (no changes required)
      
      flatpak (1.4.2-1) experimental; urgency=medium
      
        * New upstream release
        * d/p/Don-t-register-polkit-agent-if-we-cannot-connect-to-syste.patch:
          Add proposed patch to avoid crashing if the system bus is unavailable,
          working around policykit-1 bug #923046
        * d/salsa-ci.yml: Request standard CI on salsa.debian.org
        * d/p/tests-Skip-tests-that-use-system-helper-if-uid-or-gid-is-.patch:
          Avoid testing the system helper if uid or gid is zero.
          The system helper refuses to run in test mode if it has privileges,
          but some CI systems (currently including salsa-ci) run as uid or
          gid 0 in a disposable container.
        * d/test.sh: Don't run tests under linux32, even if reprotest did the
          build under linux32
        * d/test.sh: Don't output non-test logs (notably
          debian/output/reprotest.log on salsa-ci) after running tests
      
      flatpak (1.4.1-1) experimental; urgency=high
      
        * New upstream stable release
          - This reverts an unintended ABI break in 1.4.0.
      
      flatpak (1.4.0-1) experimental; urgency=medium
      
        * New upstream stable release
      
      flatpak (1.3.4-1) experimental; urgency=medium
      
        * New upstream development release
          - Incompatible change: /etc/flatpak/remotes.d/*.conf are no longer
            read, and are superseded by /etc/flatpak/remotes.d/*.flatpakrepo
        * Require libostree 2019.2, for OSTREE_REPO_PULL_FLAGS_MIRROR
        * Install flatpak-docker-seccomp.json to /u/s/d/flatpak/examples.
          This seccomp profile can be used to configure a Docker container to
          allow bubblewrap and Flatpak to be run, with some caveats:
          - The host kernel must allow unprivileged user namespace creation
            (for example Debian with sysctl kernel.unprivileged_userns_clone=1,
            or recent Ubuntu in its default configuration)
          - Use the seccomp profile
            (docker run --security-opt seccomp=flatpak-docker-seccomp.json)
          - Make the host system /proc visible in the container
            (docker run -v=/proc:/host/proc)
          - Run flatpak as an ordinary user in the container, not as root
        * d/copyright: Update
        * d/libflatpak0.symbols: Update
      
      flatpak (1.3.3-1) experimental; urgency=medium
      
        * New upstream development release
          - Drop patches that were applied upstream
          - d/libflatpak0.symbols: Update
      
      flatpak (1.3.2-1) experimental; urgency=medium
      
        * New upstream development release
        * d/watch: Watch for development (odd-numbered) versions
        * d/gbp.conf: Branch to upstream/latest and debian/experimental
        * Depend on adduser and create _flatpak user in postinst.
          This is now required by the helper that installs apps and runtimes
          system-wide.
        * Disable SELinux module for now.
          Advice from SELinux users/maintainers on whether/how this can fit
          into Debian systems with the non-default SELinux LSM would be welcomed.
        * Build-depend on libfuse-dev and install new revokefs-fuse helper
        * d/libflatpak0.symbols: Update
        * d/copyright: Update
        * Build-depend on policykit-1 for tests
        * Build-depend on fuse for tests
        * d/p/Use-system-copy-of-xdg-dbus-proxy-for-build-time-tests-if.patch:
          Use the correct system xdg-dbus-proxy for build-time tests
        * d/p/Skip-some-tests-if-we-can-t-use-FUSE.patch:
          Skip tests that rely on FUSE when built on a buildd, in a schroot
          or in a Docker container. FUSE doesn't work in any of these places.
      747f5fdb
  18. 21 Jan, 2021 1 commit
    • Simon McVittie's avatar
      Import Debian changes 1.2.5-0+deb10u3 · 0c314757
      Simon McVittie authored
      flatpak (1.2.5-0+deb10u3) buster-security; urgency=medium
      
        * Fix regressions in DSA 4830-1
          - Add patch from upstream to fix a regression in 'flatpak build'.
            The patches to resolve CVE-2021-21261 caused a regression in which
            'flatpak build' wouldn't set the LD_LIBRARY_PATH that it should.
            (Closes: #980323)
          - Add a patch from upstream to fix possible regressions in extra-data.
            The extra-data mechanism, used to download large or proprietary
            components out-of-band, could suffer from a regression similar to
            #980323 if the app or runtime's apply_extra entry point relies on
            LD_LIBRARY_PATH.
        * Add CVE-2021-21261 reference to previous changelog entry
      
      flatpak (1.2.5-0+deb10u2) buster-security; urgency=medium
      
        * Add patches for sandbox escape vulnerability GHSA-4ppf-fxf6-vxg2
          (CVE-2021-21261)
      0c314757
  19. 28 Oct, 2020 1 commit
  20. 30 Mar, 2020 1 commit
  21. 27 Mar, 2020 1 commit
  22. 19 Mar, 2020 1 commit