group.of.nepali.translators team mailing list archive
-
group.of.nepali.translators team
-
Mailing list archive
-
Message #12401
[Bug 1656712] Re: Update flatpak and ostree to 0.8
This bug was fixed in the package flatpak - 0.8.2-1~ubuntu16.10.1
---------------
flatpak (0.8.2-1~ubuntu16.10.1) yakkety; urgency=medium
* Backport to Ubuntu 16.10 (LP: #1656712)
* Drop all patches, applied in new version
* Keep dh compat 9 (including explicit dh-autoreconf and dh-systemd) for
easier backporting to Ubuntu 16.04 LTS
* Also allow libgtk-3-bin to satisfy the gtk-update-icon-cache dependency
flatpak (0.8.2-1) unstable; urgency=medium
* New upstream bugfix release
- drop remaining patch, applied upstream
- security fix: prevent writing to per-user-installed fonts
and Flatpak extensions (typically locales)
* d/control: flatpak-tests Recommends python, which is needed for
one test (silencing a lintian warning)
flatpak (0.8.1-1) unstable; urgency=medium
* New upstream release, very similar to 0.8.0-2
- drop all patches
* d/p/flatpak-system-helper-remove-dangling-reference-to-EXTERN.patch:
do not search /export/share, which seems to have been unintended
flatpak (0.8.0-2) unstable; urgency=medium
* d/p/Use-seccomp-to-filter-out-TIOCSTI-ioctl.patch:
Add patch from upstream to prevent contained apps from using
TIOCSTI ioctl. This would let the app inject commands into the
terminal from which it was invoked (CVE-2017-5226). This was
initially fixed in bubblewrap by calling setsid(), but that
breaks the ability to use Ctrl+Z or Ctrl+C on a flatpak-confined
process, so it is being made optional; prevent the attack here
instead, in a way that doesn't break shells.
* d/p/Fix-update-of-standalone-bundle.patch:
Add patch from upstream to fix updating an existing app with
"flatpak install --bundle foo.flatpak"
* d/p/Make-sure-var-tmp-is-not-on-tmpfs.patch:
Add patch from upstream to mount ~/.var/APP/cache/tmp at /var/tmp
inside the sandbox, so apps can rely on /var/tmp being on disk
* d/p/Document-the-DefaultBranch-key.patch,
d/p/Document-RuntimeRepo-key.patch:
Add patches from upstream to fill in some missing documentation
* d/p/testlibrary-ensure-that-contents_array-is-NULL-terminated.patch,
d/p/tests-Install-testpython.py-executable.patch,
d/p/tests-Move-the-test-repo-to-a-subdirectory-repos-test.patch:
Fix some bugs in the tests
* debian/tests/: split out builder-python into a separate autopkgtest,
it too has more dependencies
flatpak (0.8.0-1) unstable; urgency=medium
* New upstream stable release
- Bump bubblewrap dependencies to 0.1.5 following configure.ac
- Bump ostree dependency to 2016.15 following upstream release notes
(the minimal dependency is 2016.14, but 2016.15 is recommended)
- debian/libflatpak0.symbols: add new ABIs
- d/p/pull-Exit-early-on-error-without-aborting-transaction.patch:
drop patch, applied upstream
* debian/gbp.conf: switch upstream branch to debian/0.8.x to follow
the first upstream stable-branch
* debian/watch: only follow stable-branches
* debian/org.freedesktop.Flatpak.pkla: configure polkit 0.105 to
allow sudoers to uninstall apps and runtimes without re-authenticating,
following upstream changes to the org.freedesktop.Flatpak.rules used in
newer polkit versions
* d/p/Update-Polish-translation.patch: update translated strings from
upstream git
* d/p/flatpak-builder-1-fix-typo.patch: fix a typo in the man page
flatpak (0.6.14-3) unstable; urgency=medium
* d/tests/*: only run tests on a real or virtual machine, not in a
container. bubblewrap is effectively already a container, and
nesting containers doesn't work particularly well.
Unfortunately this means the tests won't work on ci.debian.net,
which uses LXC.
flatpak (0.6.14-2) unstable; urgency=medium
* d/p/pull-Exit-early-on-error-without-aborting-transaction.patch:
Add patch recommended by upstream to fix a GNOME Software crash
flatpak (0.6.14-1) unstable; urgency=medium
* New upstream release
- update ostree build-dependency to 2016.14
flatpak (0.6.13-1) unstable; urgency=medium
* New upstream release
- update symbols file
- update ostree build-dependency to 2016.12
flatpak (0.6.12-1) unstable; urgency=medium
* This release drops source compatibility with Debian jessie. If
you are building unofficial backports for older Debian derivatives,
please base them on the debian/jessie-backports git branch instead of
debian/master from now on.
* d/control: rely on gtk-update-icon-theme, removing libgtk-3-bin
alternative.
- d/p/debian/Try-gtk-3.0-version-of-the-icon-cache-utility-first.patch:
drop patch, this branch can now rely on having the plain
gtk-update-icon-theme executable
* Bump debhelper compatibility level to 10
- do not explicitly build in parallel, it is now the default
- do not explicitly enable autoreconf and systemd sequences, they
are now the default
* New upstream release
- d/libflatpak0.symbols: update
-- Jeremy Bicha <jbicha@xxxxxxxxxx> Fri, 10 Feb 2017 07:07:12 -0500
** Changed in: flatpak (Ubuntu Yakkety)
Status: Fix Committed => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2017-5226
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1656712
Title:
Update flatpak and ostree to 0.8
Status in flatpak package in Ubuntu:
Fix Released
Status in ostree package in Ubuntu:
Fix Released
Status in flatpak source package in Xenial:
In Progress
Status in ostree source package in Xenial:
In Progress
Status in flatpak source package in Yakkety:
Fix Released
Status in ostree source package in Yakkety:
Fix Released
Bug description:
Impact
======
Flatpak 0.8 is a new LTS release of the alternative package set.
https://blogs.gnome.org/alexl/2016/12/22/a-stable-base-for-
flatpak-0-8/
This update includes these components for 16.04 LTS and 16.10:
- flatpak 0.8.2
- ostree 2016.15
This basically matches the set that is also available in Debian's
upcoming new stable release. All of these source packages are new to
16.04 LTS.
Test Case
=========
1. Install an app with the old syntax (before upgrading flatpak and ostree)
sudo apt install flatpak
wget https://people.gnome.org/~alexl/keys/gnome-sdk.gpg
flatpak remote-add --user --gpg-import=gnome-sdk.gpg gnome http://sdk.gnome.org/repo/
flatpak --user install gnome org.gnome.Platform 3.22
flatpak --user remote-add --gpg-import=gnome-sdk.gpg gnome-apps http://sdk.gnome.org/repo-apps/
flatpak --user install gnome-apps org.gnome.iagno
Note that you may need to logout and log back in after installing your
first Flatpak app before the app shows up in the Activities Overview.
After upgrading flapak and ostree, check whether the Iagno app is
still installed.
2. Install an app with the new syntax
flatpak remote-add --from gnome https://sdk.gnome.org/gnome.flatpakrepo
flatpak remote-add --from gnome-apps https://sdk.gnome.org/gnome-apps.flatpakrepo
flatpak --user install gnome-apps org.gnome.Devhelp
flatpak run org.gnome.Devhelp (or click the launcher like any other app)
The test case for ostree is just making sure flatpak works.
Regression Potential
====================
There's no regression for Ubuntu 16.04 since these are new packages there that should have no affect on other packages.
For 16.10, this has an inherent regression. The command-line syntax
changed in flatpak 0.6.13. However, since virtually all of the guides
to using Flatpak including http://flatpak.org/apps use the new syntax
that will not work with 16.10's older flatpak, it seems better for
users to get used to the new syntax.
Other Info
==========
Just like snap was backported to 14.04 LTS to -updates, this is being backported to 16.04 LTS -updates. Both snap and Flatpak are useful for people who want to run new apps on an LTS operating system.
Flatpak is not easily backportable to 14.04 LTS.
bubblewrap is required for this SRU and is being tracked in LP:
#1649330
A separate SRU may be filed later to update xdg-desktop-portal and
xdg-desktop-portal-gtk. They are optional dependencies and I'm told
that most Flatpak apps do not use them yet.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/flatpak/+bug/1656712/+subscriptions
