From b7e9ca40b8d6feace32242679953d2154951818d Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Oct 30 2018 06:03:36 +0000 Subject: import flatpak-1.0.2-2.el7 --- diff --git a/.flatpak.metadata b/.flatpak.metadata index b8f84a2..1450248 100644 --- a/.flatpak.metadata +++ b/.flatpak.metadata @@ -1,2 +1,3 @@ -a2aaeced6ca28308e3208640f7a33b36d476c6fb SOURCES/flatpak-0.8.8.tar.xz -e486e7b004dc6eb072bee9ce275504db42ddddd3 SOURCES/libostree-2017.2.tar.xz +2dc9cc0f1d80421ea800be3c005d9b5dd94c8156 SOURCES/flatpak-1.0.2.tar.xz +5cab51142ec15ee113b4c87a2645b4e1c7179fa7 SOURCES/flatpak-builder-1.0.0.tar.xz +c8dabfe09e987a15d99e4723be23f23da9f7bbb3 SOURCES/libostree-2018.8.tar.xz diff --git a/.gitignore b/.gitignore index 0bbff02..48b75c2 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ -SOURCES/flatpak-0.8.8.tar.xz -SOURCES/libostree-2017.2.tar.xz +SOURCES/flatpak-1.0.2.tar.xz +SOURCES/flatpak-builder-1.0.0.tar.xz +SOURCES/libostree-2018.8.tar.xz diff --git a/SOURCES/fix-build.patch b/SOURCES/fix-build.patch deleted file mode 100644 index 7c8bd8e..0000000 --- a/SOURCES/fix-build.patch +++ /dev/null @@ -1,46 +0,0 @@ -libglnx: throw in custom basename implementation - -libglnx tries to avoid using a specific implementation of basename by -doing #undef basename. This trick doesn't work with glibc anymore -apparently. - -But basename is like 3 lines of code to write, so just write it. - -diff --git a/libglnx/glnx-fdio.h b/libglnx/glnx-fdio.h ---- a/libglnx/glnx-fdio.h 2017-11-08 13:41:49.734931484 -0500 -+++ b/libglnx/glnx-fdio.h 2017-11-08 13:45:33.330758205 -0500 -@@ -43,7 +43,14 @@ G_BEGIN_DECLS - static inline - const char *glnx_basename (const char *path) - { -- return (basename) (path); -+ gchar *base; -+ -+ base = strrchr (path, G_DIR_SEPARATOR); -+ -+ if (base) -+ return base + 1; -+ -+ return path; - } - - gboolean -diff --git a/libostree-2017.2/libglnx/glnx-fdio.h b/libostree-2017.2/libglnx/glnx-fdio.h ---- a/libostree-2017.2/libglnx/glnx-fdio.h 2017-11-08 13:53:45.655413948 -0500 -+++ b/libostree-2017.2/libglnx/glnx-fdio.h 2017-11-08 13:53:57.543285889 -0500 -@@ -43,7 +43,14 @@ G_BEGIN_DECLS - static inline - const char *glnx_basename (const char *path) - { -- return (basename) (path); -+ gchar *base; -+ -+ base = strrchr (path, G_DIR_SEPARATOR); -+ -+ if (base) -+ return base + 1; -+ -+ return path; - } - - gboolean diff --git a/SOURCES/flatpak-0.8.8-cve-2018-6560.patch b/SOURCES/flatpak-0.8.8-cve-2018-6560.patch deleted file mode 100644 index 1125a7a..0000000 --- a/SOURCES/flatpak-0.8.8-cve-2018-6560.patch +++ /dev/null @@ -1,214 +0,0 @@ -From e00ded769dcdddea0169dd813c5878c915a63f6a Mon Sep 17 00:00:00 2001 -From: Alexander Larsson -Date: Sun, 28 Jan 2018 20:51:54 +0100 -Subject: [PATCH] Fix vulnerability in dbus proxy - -During the authentication all client data is directly forwarded -to the dbus daemon as is, until we detect the BEGIN command after -which we start filtering the binary dbus protocol. - -Unfortunately the detection of the BEGIN command in the proxy -did not exactly match the detection in the dbus daemon. A BEGIN -followed by a space or tab was considered ok in the daemon but -not by the proxy. This could be exploited to send arbitrary -dbus messages to the host, which can be used to break out of -the sandbox. - -This was noticed by Gabriel Campana of The Google Security Team. - -This fix makes the detection of the authentication phase end -match the dbus code. In addition we duplicate the authentication -line validation from dbus, which includes ensuring all data is -ASCII, and limiting the size of a line to 16k. In fact, we add -some extra stringent checks, disallowing ASCII control chars and -requiring that auth lines start with a capital letter. ---- - dbus-proxy/flatpak-proxy.c | 127 ++++++++++++++++++++++++++----------- - 1 file changed, 89 insertions(+), 38 deletions(-) - -diff --git a/dbus-proxy/flatpak-proxy.c b/dbus-proxy/flatpak-proxy.c -index aee73993..ec90cba7 100644 ---- a/dbus-proxy/flatpak-proxy.c -+++ b/dbus-proxy/flatpak-proxy.c -@@ -173,10 +173,11 @@ typedef struct FlatpakProxyClient FlatpakProxyClient; - FlatpakPolicy flatpak_proxy_get_policy (FlatpakProxy *proxy, - const char *name); - --/* We start looking ignoring the first cr-lf -- since there is no previous line initially */ --#define AUTH_END_INIT_OFFSET 2 --#define AUTH_END_STRING "\r\nBEGIN\r\n" -+#define FIND_AUTH_END_CONTINUE -1 -+#define FIND_AUTH_END_ABORT -2 -+ -+#define AUTH_LINE_SENTINEL "\r\n" -+#define AUTH_BEGIN "BEGIN" - - typedef enum { - EXPECTED_REPLY_NONE, -@@ -251,7 +252,7 @@ struct FlatpakProxyClient - FlatpakProxy *proxy; - - gboolean authenticated; -- int auth_end_offset; -+ GByteArray *auth_buffer; - - ProxySide client_side; - ProxySide bus_side; -@@ -363,6 +364,7 @@ flatpak_proxy_client_finalize (GObject *object) - client->proxy->clients = g_list_remove (client->proxy->clients, client); - g_clear_object (&client->proxy); - -+ g_byte_array_free (client->auth_buffer, TRUE); - g_hash_table_destroy (client->rewrite_reply); - g_hash_table_destroy (client->get_owner_reply); - g_hash_table_destroy (client->unique_id_policy); -@@ -398,7 +400,7 @@ flatpak_proxy_client_init (FlatpakProxyClient *client) - init_side (client, &client->client_side); - init_side (client, &client->bus_side); - -- client->auth_end_offset = AUTH_END_INIT_OFFSET; -+ client->auth_buffer = g_byte_array_new (); - client->rewrite_reply = g_hash_table_new_full (g_direct_hash, g_direct_equal, NULL, g_object_unref); - client->get_owner_reply = g_hash_table_new_full (g_direct_hash, g_direct_equal, NULL, g_free); - client->unique_id_policy = g_hash_table_new_full (g_str_hash, g_str_equal, g_free, NULL); -@@ -2203,51 +2205,92 @@ got_buffer_from_side (ProxySide *side, Buffer *buffer) - got_buffer_from_bus (client, side, buffer); - } - -+#define _DBUS_ISASCII(c) ((c) != '\0' && (((c) & ~0x7f) == 0)) -+ -+static gboolean -+auth_line_is_valid (guint8 *line, guint8 *line_end) -+{ -+ guint8 *p; -+ -+ for (p = line; p < line_end; p++) -+ { -+ if (!_DBUS_ISASCII(*p)) -+ return FALSE; -+ -+ /* Technically, the dbus spec allows all ASCII characters, but for robustness we also -+ fail if we see any control characters. Such low values will appear in potential attacks, -+ but will never happen in real sasl (where all binary data is hex encoded). */ -+ if (*p < ' ') -+ return FALSE; -+ } -+ -+ /* For robustness we require the first char of the line to be an upper case letter. -+ This is not technically required by the dbus spec, but all commands are upper -+ case, and there is no provisioning for whitespace before the command, so in practice -+ this is true, and this means we're not confused by e.g. initial whitespace. */ -+ if (line[0] < 'A' || line[0] > 'Z') -+ return FALSE; -+ -+ return TRUE; -+} -+ -+static gboolean -+auth_line_is_begin (guint8 *line) -+{ -+ guint8 next_char; -+ -+ if (!g_str_has_prefix ((char *)line, AUTH_BEGIN)) -+ return FALSE; -+ -+ /* dbus-daemon accepts either nothing, or a whitespace followed by anything as end of auth */ -+ next_char = line[strlen (AUTH_BEGIN)]; -+ return (next_char == 0 || -+ next_char == ' ' || -+ next_char == '\t'); -+} -+ - static gssize - find_auth_end (FlatpakProxyClient *client, Buffer *buffer) - { -- guchar *match; -- int i; -+ goffset offset = 0; -+ gsize original_size = client->auth_buffer->len; -+ -+ /* Add the new data to the remaining data from last iteration */ -+ g_byte_array_append (client->auth_buffer, buffer->data, buffer->pos); - -- /* First try to match any leftover at the start */ -- if (client->auth_end_offset > 0) -+ while (TRUE) - { -- gsize left = strlen (AUTH_END_STRING) - client->auth_end_offset; -- gsize to_match = MIN (left, buffer->pos); -- /* Matched at least up to to_match */ -- if (memcmp (buffer->data, &AUTH_END_STRING[client->auth_end_offset], to_match) == 0) -+ guint8 *line_start = client->auth_buffer->data + offset; -+ gsize remaining_data = client->auth_buffer->len - offset; -+ guint8 *line_end; -+ -+ line_end = memmem (line_start, remaining_data, -+ AUTH_LINE_SENTINEL, strlen (AUTH_LINE_SENTINEL)); -+ if (line_end) /* Found end of line */ - { -- client->auth_end_offset += to_match; -+ offset = (line_end + strlen (AUTH_LINE_SENTINEL) - line_start); - -- /* Matched all */ -- if (client->auth_end_offset == strlen (AUTH_END_STRING)) -- return to_match; -+ if (!auth_line_is_valid (line_start, line_end)) -+ return FIND_AUTH_END_ABORT; - -- /* Matched to end of buffer */ -- return -1; -- } -+ *line_end = 0; -+ if (auth_line_is_begin (line_start)) -+ return offset - original_size; - -- /* Did not actually match at start */ -- client->auth_end_offset = -1; -- } -+ /* continue with next line */ -+ } -+ else -+ { -+ /* No end-of-line in this buffer */ -+ g_byte_array_remove_range (client->auth_buffer, 0, offset); - -- /* Look for whole match inside buffer */ -- match = memmem (buffer, buffer->pos, -- AUTH_END_STRING, strlen (AUTH_END_STRING)); -- if (match != NULL) -- return match - buffer->data + strlen (AUTH_END_STRING); -+ /* Abort if more than 16k before newline, similar to what dbus-daemon does */ -+ if (client->auth_buffer->len >= 16*1024) -+ return FIND_AUTH_END_ABORT; - -- /* Record longest prefix match at the end */ -- for (i = MIN (strlen (AUTH_END_STRING) - 1, buffer->pos); i > 0; i--) -- { -- if (memcmp (buffer->data + buffer->pos - i, AUTH_END_STRING, i) == 0) -- { -- client->auth_end_offset = i; -- break; -+ return FIND_AUTH_END_CONTINUE; - } - } -- -- return -1; - } - - static gboolean -@@ -2306,6 +2349,14 @@ side_in_cb (GSocket *socket, GIOCondition condition, gpointer user_data) - if (extra_data > 0) - side->extra_input_data = g_bytes_new (buffer->data + buffer->size, extra_data); - } -+ else if (auth_end == FIND_AUTH_END_ABORT) -+ { -+ buffer_unref (buffer); -+ if (client->proxy->log_messages) -+ g_print ("Invalid AUTH line, aborting\n"); -+ side_closed (side); -+ break; -+ } - } - - got_buffer_from_side (side, buffer); diff --git a/SOURCES/flatpak-ostree-bundle.patch b/SOURCES/flatpak-ostree-bundle.patch new file mode 100644 index 0000000..96102ff --- /dev/null +++ b/SOURCES/flatpak-ostree-bundle.patch @@ -0,0 +1,26 @@ +Make sure rpath gets added for ostree libs + +We bundle ostree in the package, so we need to make sure an rpath +gets set pointing to our bundled library. + +The Makefiles are missing the OSTREE_LIBS (and so the -Wl,-rpath), +so add them in. +--- flatpak-1.0.1/session-helper/Makefile.am.inc.old 2018-08-08 16:56:20.000000000 +0200 ++++ flatpak-1.0.1/session-helper/Makefile.am.inc 2018-09-12 13:23:08.304959872 +0200 +@@ -12,5 +12,5 @@ + session-helper/flatpak-session-helper.c \ + $(NULL) + +-flatpak_session_helper_LDADD = $(AM_LDADD) $(BASE_LIBS) libflatpak-common.la ++flatpak_session_helper_LDADD = $(AM_LDADD) $(BASE_LIBS) $(OSTREE_LIBS) libflatpak-common.la + flatpak_session_helper_CFLAGS = $(AM_CFLAGS) $(BASE_CFLAGS) $(SOUP_CFLAGS) $(OSTREE_CFLAGS) $(GSYSTEM_CFLAGS) $(JSON_CFLAGS) -DFLATPAK_COMPILATION +--- flatpak-1.0.1/portal/Makefile.am.inc.old 2018-08-08 16:56:20.000000000 +0200 ++++ flatpak-1.0.1/portal/Makefile.am.inc 2018-09-12 13:23:54.795014399 +0200 +@@ -34,6 +34,6 @@ + BUILT_SOURCES += $(nodist_flatpak_portal_SOURCES) + CLEANFILES += $(nodist_flatpak_portal_SOURCES) + +-flatpak_portal_LDADD = $(AM_LDADD) $(BASE_LIBS) ++flatpak_portal_LDADD = $(AM_LDADD) $(BASE_LIBS) $(OSTREE_LIBS) + flatpak_portal_CFLAGS = $(AM_CFLAGS) $(BASE_CFLAGS) -DFLATPAK_COMPILATION + flatpak_portal_CPPFLAGS = $(AM_CPPFLAGS) -I$(builddir)/portal diff --git a/SOURCES/no-user-systemd.patch b/SOURCES/no-user-systemd.patch index 5ba1864..add73d3 100644 --- a/SOURCES/no-user-systemd.patch +++ b/SOURCES/no-user-systemd.patch @@ -6,22 +6,6 @@ pretty sure we don't have systemd --user) This commit just drops the lines, so dbus can activate on its own. -diff --git a/permission-store/org.freedesktop.impl.portal.PermissionStore.service.in b/permission-store/org.freedesktop.impl.portal.PermissionStore.service.in ---- a/permission-store/org.freedesktop.impl.portal.PermissionStore.service.in 2017-11-08 13:26:55.759617833 -0500 -+++ b/permission-store/org.freedesktop.impl.portal.PermissionStore.service.in 2017-11-08 13:27:00.382567509 -0500 -@@ -1,4 +1,3 @@ - [D-BUS Service] - Name=org.freedesktop.impl.portal.PermissionStore - Exec=@libexecdir@/xdg-permission-store --SystemdService=xdg-permission-store.service -diff -up flatpak-0.8.8/document-portal/org.freedesktop.portal.Documents.service.in.no-user-systemd flatpak-0.8.8/document-portal/org.freedesktop.portal.Documents.service.in ---- flatpak-0.8.8/document-portal/org.freedesktop.portal.Documents.service.in.no-user-systemd 2017-11-08 16:33:31.652110888 -0500 -+++ flatpak-0.8.8/document-portal/org.freedesktop.portal.Documents.service.in 2017-11-08 16:33:45.688957745 -0500 -@@ -1,4 +1,3 @@ - [D-BUS Service] - Name=org.freedesktop.portal.Documents - Exec=@libexecdir@/xdg-document-portal --SystemdService=xdg-document-portal.service diff -up flatpak-0.8.8/session-helper/org.freedesktop.Flatpak.service.in.no-user-systemd flatpak-0.8.8/session-helper/org.freedesktop.Flatpak.service.in --- flatpak-0.8.8/session-helper/org.freedesktop.Flatpak.service.in.no-user-systemd 2017-11-08 16:33:21.045226761 -0500 +++ flatpak-0.8.8/session-helper/org.freedesktop.Flatpak.service.in 2017-11-08 16:33:38.361037649 -0500 @@ -30,3 +14,10 @@ diff -up flatpak-0.8.8/session-helper/org.freedesktop.Flatpak.service.in.no-user Name=org.freedesktop.Flatpak Exec=@libexecdir@/flatpak-session-helper -SystemdService=flatpak-session-helper.service +--- flatpak-1.0.1/portal/org.freedesktop.portal.Flatpak.service.in.no-user-systemd 2018-05-30 14:58:57.000000000 +0200 ++++ flatpak-1.0.1/portal/org.freedesktop.portal.Flatpak.service.in 2018-09-12 12:11:27.428215430 +0200 +@@ -1,4 +1,3 @@ + [D-BUS Service] + Name=org.freedesktop.portal.Flatpak + Exec=@libexecdir@/flatpak-portal +-SystemdService=flatpak-portal.service diff --git a/SOURCES/ostree-bundle.patch b/SOURCES/ostree-bundle.patch deleted file mode 100644 index 4a78c0d..0000000 --- a/SOURCES/ostree-bundle.patch +++ /dev/null @@ -1,37 +0,0 @@ -Make sure rpath gets added for ostree libs - -We bundle ostree in the package, so we need to make sure an rpath -gets set pointing to our bundled library. - -The Makefiles are missing the OSTREE_LIBS (and so the -Wl,-rpath), -so add them in. -diff --git a/document-portal/Makefile.am.inc b/document-portal/Makefile.am.inc ---- a/document-portal/Makefile.am.inc 2017-11-08 16:52:40.135530435 -0500 -+++ b/document-portal/Makefile.am.inc 2017-11-08 16:52:53.340379677 -0500 -@@ -34,5 +34,5 @@ xdg_document_portal_SOURCES = \ - document-portal/xdp-fuse.c \ - $(NULL) - --xdg_document_portal_LDADD = $(BASE_LIBS) $(FUSE_LIBS) libflatpak-common.la -+xdg_document_portal_LDADD = $(BASE_LIBS) $(FUSE_LIBS) $(OSTREE_LIBS) libflatpak-common.la - xdg_document_portal_CFLAGS = $(BASE_CFLAGS) $(OSTREE_CFLAGS) $(SOUP_CFLAGS) $(JSON_CFLAGS) $(FUSE_CFLAGS) -I$(srcdir)/document-portal -I$(builddir)/document-portal -I$(srcdir)/permission-store -I$(builddir)/permission-store -DFLATPAK_COMPILATION -diff --git a/permission-store/Makefile.am.inc b/permission-store/Makefile.am.inc ---- a/permission-store/Makefile.am.inc 2017-11-09 14:34:13.681220097 -0500 -+++ b/permission-store/Makefile.am.inc 2017-11-09 14:34:20.578146811 -0500 -@@ -30,5 +30,5 @@ xdg_permission_store_SOURCES = \ - permission-store/xdg-permission-store.h \ - $(NULL) - --xdg_permission_store_LDADD = $(BASE_LIBS) libflatpak-common.la -+xdg_permission_store_LDADD = $(BASE_LIBS) $(OSTREE_LIBS) libflatpak-common.la - xdg_permission_store_CFLAGS = $(BASE_CFLAGS) $(SOUP_CFLAGS) $(JSON_CFLAGS) $(OSTREE_CFLAGS) $(GSYSTEM_CFLAGS) -I$(srcdir)/permission-store -I$(builddir)/permission-store -diff --git a/session-helper/Makefile.am.inc b/session-helper/Makefile.am.inc ---- a/session-helper/Makefile.am.inc 2017-11-09 14:34:47.849857022 -0500 -+++ b/session-helper/Makefile.am.inc 2017-11-09 14:35:01.377713286 -0500 -@@ -12,5 +12,5 @@ flatpak_session_helper_SOURCES = \ - session-helper/flatpak-session-helper.c \ - $(NULL) - --flatpak_session_helper_LDADD = $(BASE_LIBS) libflatpak-common.la -+flatpak_session_helper_LDADD = $(BASE_LIBS) $(OSTREE_LIBS) libflatpak-common.la - flatpak_session_helper_CFLAGS = $(BASE_CFLAGS) $(SOUP_CFLAGS) $(OSTREE_CFLAGS) $(GSYSTEM_CFLAGS) $(JSON_CFLAGS) diff --git a/SOURCES/ostree-soup-Hold-a-ref-to-the-pending-URI-during-completion.patch b/SOURCES/ostree-soup-Hold-a-ref-to-the-pending-URI-during-completion.patch deleted file mode 100644 index c995e61..0000000 --- a/SOURCES/ostree-soup-Hold-a-ref-to-the-pending-URI-during-completion.patch +++ /dev/null @@ -1,58 +0,0 @@ -From cd5f5fcbde1dd92dabc59058ad90cf0e7dcfaad9 Mon Sep 17 00:00:00 2001 -From: Colin Walters -Date: Mon, 3 Apr 2017 12:46:37 -0400 -Subject: [PATCH] soup: Hold a ref to the pending URI during completion - processing - -It was reported that in the range request handling, we called `remove_pending()` -twice, and this could be viewed as a use-after-free. Currently though, the task -object already holds a strong reference, so I observed the refcount was 2, hence -there is no use-after-free in practice. - -Reported-By: "Siddharth Sharma" ---- - src/libostree/ostree-fetcher-soup.c | 12 ++++++------ - 1 file changed, 6 insertions(+), 6 deletions(-) - -diff --git a/src/libostree/ostree-fetcher-soup.c b/src/libostree/ostree-fetcher-soup.c -index b130b48..0a931c4 100644 ---- a/src/libostree/ostree-fetcher-soup.c -+++ b/src/libostree/ostree-fetcher-soup.c -@@ -1040,21 +1040,20 @@ on_request_sent (GObject *object, - gpointer user_data) - { - GTask *task = G_TASK (user_data); -- OstreeFetcherPendingURI *pending; -- GCancellable *cancellable; -+ /* Hold a ref to the pending across this function, since we remove -+ * it from the hash early in some cases, not in others. */ -+ OstreeFetcherPendingURI *pending = pending_uri_ref (g_task_get_task_data (task)); -+ GCancellable *cancellable = g_task_get_cancellable (task); - GError *local_error = NULL; - glnx_unref_object SoupMessage *msg = NULL; - -- pending = g_task_get_task_data (task); -- cancellable = g_task_get_cancellable (task); -- - pending->state = OSTREE_FETCHER_STATE_COMPLETE; - pending->request_body = soup_request_send_finish ((SoupRequest*) object, - result, &local_error); - - if (!pending->request_body) - goto out; -- -+ - if (SOUP_IS_REQUEST_HTTP (object)) - { - msg = soup_request_http_get_message ((SoupRequestHTTP*) object); -@@ -1183,6 +1182,7 @@ on_request_sent (GObject *object, - remove_pending (pending); - } - -+ pending_uri_unref (pending); - g_object_unref (task); - } - --- -2.9.3 - diff --git a/SPECS/flatpak.spec b/SPECS/flatpak.spec index 6d3b509..7fec546 100644 --- a/SPECS/flatpak.spec +++ b/SPECS/flatpak.spec @@ -1,21 +1,26 @@ -%global ostree_version 2017.2 +%global flatpak_version 1.0.2 +%global flatpak_builder_version 1.0.0 +%global ostree_version 2018.8 Name: flatpak -Version: 0.8.8 -Release: 4%{?dist} +Version: %{flatpak_version} +Release: 2%{?dist} Summary: Application deployment framework for desktop apps -Group: Development/Tools License: LGPLv2+ URL: http://flatpak.org/ Source0: https://github.com/flatpak/flatpak/releases/download/%{version}/%{name}-%{version}.tar.xz Source1: https://github.com/ostreedev/ostree/releases/download/v%{ostree_version}/libostree-%{ostree_version}.tar.xz -Patch0: ostree-soup-Hold-a-ref-to-the-pending-URI-during-completion.patch -Patch1: no-user-systemd.patch -Patch2: fix-build.patch -Patch3: ostree-bundle.patch -# https://bugzilla.redhat.com/show_bug.cgi?id=1547376 -Patch4: flatpak-0.8.8-cve-2018-6560.patch +Source2: https://github.com/flatpak/flatpak-builder/releases/download/%{flatpak_builder_version}/flatpak-builder-%{flatpak_builder_version}.tar.xz + +# Avoid dbus activating systemd services on the session bus (we don't have a +# user bus, and I'm pretty sure we don't have systemd --user) +Patch0: no-user-systemd.patch +# Make sure our resulting binaries always have the rpath set to the bundled +# ostree directory +Patch1: flatpak-ostree-bundle.patch + +BuildRequires: pkgconfig(appstream-glib) BuildRequires: pkgconfig(fuse) BuildRequires: pkgconfig(gio-unix-2.0) BuildRequires: pkgconfig(gobject-introspection-1.0) >= 1.40.0 @@ -23,9 +28,11 @@ BuildRequires: pkgconfig(json-glib-1.0) BuildRequires: pkgconfig(libarchive) >= 2.8.0 BuildRequires: pkgconfig(libelf) >= 0.8.12 BuildRequires: pkgconfig(libsoup-2.4) +BuildRequires: pkgconfig(libxml-2.0) >= 2.4 BuildRequires: pkgconfig(polkit-gobject-1) BuildRequires: pkgconfig(libseccomp) BuildRequires: pkgconfig(liblzma) +BuildRequires: pkgconfig(yaml-0.1) BuildRequires: pkgconfig(xau) BuildRequires: pkgconfig(e2p) BuildRequires: automake, autoconf, libtool, gettext-devel, gtk-doc @@ -38,11 +45,15 @@ BuildRequires: libcap-devel BuildRequires: libdwarf-devel BuildRequires: gpgme-devel BuildRequires: systemd +BuildRequires: /usr/bin/eu-strip BuildRequires: /usr/bin/xmlto BuildRequires: /usr/bin/xsltproc - -# Needed for the document portal. -Requires: /usr/bin/fusermount +# Bundled ostree BRs: +BuildRequires: pkgconfig(zlib) +BuildRequires: pkgconfig(libcurl) +BuildRequires: openssl-devel +BuildRequires: pkgconfig(mount) +BuildRequires: pkgconfig(libsystemd) # libostree bundling # https://fedoraproject.org/wiki/EPEL:Packaging_Autoprovides_and_Requires_Filtering @@ -59,67 +70,65 @@ Requires: /usr/bin/fusermount # library. Requires: %{name}-libs = %{version}-%{release} +# Make sure the document portal is installed +%if 0%{?fedora} || 0%{?rhel} > 7 +Recommends: xdg-desktop-portal > 0.10 +# Remove in F30. +Conflicts: xdg-desktop-portal < 0.10 +%else +Requires: xdg-desktop-portal > 0.10 +%endif + %description flatpak is a system for building, distributing and running sandboxed desktop applications on Linux. See https://wiki.gnome.org/Projects/SandboxedApps for more information. %package builder +# Override to the version of the bundled flatpak-builder. +Version: %{flatpak_builder_version} Summary: Build helper for %{name} -Group: Development/Tools License: LGPLv2+ -Requires: %{name}%{?_isa} = %{version}-%{release} +# Overridden, as the macro expands to the version of this subpackage. +Requires: %{name}%{?_isa} = %{flatpak_version}-%{release} Requires: /usr/bin/bzip2 Requires: /usr/bin/bzr Requires: /usr/bin/git Requires: /usr/bin/patch Requires: /usr/bin/strip +Requires: /usr/bin/svn Requires: /usr/bin/tar Requires: /usr/bin/unzip -# Remove in F27. -Provides: xdg-app-builder = %{version}-%{release} -Obsoletes: xdg-app-builder <= 0.5.2-2 %description builder flatpak-builder is a tool that makes it easy to build applications and their dependencies by automating the configure && make && make install steps. %package devel +# Overriden, to reset the version macro back to that of the base package. +Version: %{flatpak_version} Summary: Development files for %{name} -Group: Development/Libraries License: LGPLv2+ Requires: %{name}%{?_isa} = %{version}-%{release} Requires: %{name}-libs%{?_isa} = %{version}-%{release} -# Remove in F27. -Provides: xdg-app-devel%{?_isa} = %{version}-%{release} -Obsoletes: xdg-app-devel <= 0.5.2-2 %description devel This package contains the pkg-config file and development headers for %{name}. %package libs Summary: Libraries for %{name} -Group: Development/Libraries License: LGPLv2+ # Drop if using an external ostree-libs. Requires: %{name}%{?_isa} = %{version}-%{release} -# Remove in F27. -Provides: xdg-app-libs%{?_isa} = %{version}-%{release} -Obsoletes: xdg-app-libs <= 0.5.2-2 %description libs This package contains libflatpak. %prep -%setup -q -a 1 -cd libostree-%{ostree_version} +%setup -q -a 1 -a 2 %patch0 -p1 -cd .. %patch1 -p1 -%patch2 -p1 -%patch3 -p1 -%patch4 -p1 %build @@ -162,12 +171,25 @@ export PKG_CONFIG_PATH=$ROOT/lib/pkgconfig # Generate consistent IDs between runs to avoid multilib problems. export XMLTO_FLAGS="--stringparam generate.consistent.ids=1" %configure \ - --with-dwarf-header=%{_includedir}/libdwarf --with-priv-mode=none \ + --with-priv-mode=none \ --enable-docbook-docs \ --disable-introspection $CONFIGFLAGS) %make_build V=1 sed -i s/ostree-1// %{name}.pc +cd flatpak-builder-%{flatpak_builder_version} +cat > flatpak < /dev/null || : %post libs -p /sbin/ldconfig - %postun libs -p /sbin/ldconfig @@ -204,22 +233,20 @@ flatpak remote-list --system &> /dev/null || : %{_bindir}/flatpak %{_datadir}/bash-completion %{_datadir}/dbus-1/interfaces/org.freedesktop.Flatpak.xml -%{_datadir}/dbus-1/interfaces/org.freedesktop.portal.Documents.xml -%{_datadir}/dbus-1/interfaces/org.freedesktop.impl.portal.PermissionStore.xml +%{_datadir}/dbus-1/interfaces/org.freedesktop.portal.Flatpak.xml %{_datadir}/dbus-1/services/org.freedesktop.Flatpak.service -%{_datadir}/dbus-1/services/org.freedesktop.impl.portal.PermissionStore.service -%{_datadir}/dbus-1/services/org.freedesktop.portal.Documents.service +%{_datadir}/dbus-1/services/org.freedesktop.portal.Flatpak.service %{_datadir}/dbus-1/system-services/org.freedesktop.Flatpak.SystemHelper.service # Co-own directory. %{_datadir}/gdm/env.d %{_datadir}/%{name} %{_datadir}/polkit-1/actions/org.freedesktop.Flatpak.policy %{_datadir}/polkit-1/rules.d/org.freedesktop.Flatpak.rules +%{_datadir}/zsh/site-functions %{_libexecdir}/flatpak-dbus-proxy +%{_libexecdir}/flatpak-portal %{_libexecdir}/flatpak-session-helper %{_libexecdir}/flatpak-system-helper -%{_libexecdir}/xdg-document-portal -%{_libexecdir}/xdg-permission-store %attr(04755,root,root) %{_libexecdir}/flatpak-bwrap %dir %{_localstatedir}/lib/flatpak @@ -227,20 +254,23 @@ flatpak remote-list --system &> /dev/null || : %{_mandir}/man5/%{name}-metadata.5* %{_mandir}/man5/flatpak-flatpakref.5* %{_mandir}/man5/flatpak-flatpakrepo.5* +%{_mandir}/man5/flatpak-installation.5* +%{_mandir}/man5/flatpak-remote.5* %exclude %{_mandir}/man1/flatpak-builder.1* %{_sysconfdir}/dbus-1/system.d/org.freedesktop.Flatpak.SystemHelper.conf %{_sysconfdir}/flatpak/remotes.d %{_sysconfdir}/profile.d/flatpak.sh %{_unitdir}/flatpak-system-helper.service +%{_userunitdir}/flatpak-portal.service %{_userunitdir}/flatpak-session-helper.service -%{_userunitdir}/xdg-document-portal.service -%{_userunitdir}/xdg-permission-store.service # Co-own directory. %{_userunitdir}/dbus.service.d %files builder +%doc %{_docdir}/flatpak-builder %{_bindir}/flatpak-builder %{_mandir}/man1/flatpak-builder.1* +%{_mandir}/man5/flatpak-manifest.5* %files devel %{_datadir}/gtk-doc/ @@ -255,8 +285,17 @@ flatpak remote-list --system &> /dev/null || : %changelog -* Tue Aug 28 2018 David King - 0.8.8-4 -- Add patch for CVE-2018-6560 (#1547376) +* Thu Sep 13 2018 Kalev Lember - 1.0.2-2 +- Update to 1.0.2 (#1570030) + +* Wed Sep 12 2018 Kalev Lember - 1.0.1-1 +- Update to 1.0.1 (#1570030) + +* Mon Jun 04 2018 David King - 0.10.4-2 +- Fix subpackage versions (#1585604) + +* Fri Jun 01 2018 David King - 0.10.4-1 +- Rebase to 0.10.4 (#1570030) * Mon Dec 11 2017 David King - 0.8.8-3 - Disable O_TMPFILE in libglnx (#1520311)