On Tue, 31 Aug 2021 at 20:10:17 +0100, Simon McVittie wrote:
> [x] attach debdiff against the package in (old)stable
> - It's a filtered git diff rather than a debdiff, but I upload with
> dgit, so what's in git has to match what's uploaded. I did a diff
> between patched trees, because the majority of the upstream code
> changes were previously in debian/patches.
Sorry, I was sure I'd attached the diff but it must have got lost. See
attached.
smcv
git diff patch-queue/debian/bullseye-r0..patch-queue/debian/bullseye |
filterdiff -p1 -xMakefile.in -xaclocal.m4 -xcompile -xconfig.guess \
-xconfig.sub -xconfig.h.in -xconfigure -xdepcomp -x'*/Makefile.in' \
-xinstall-sh -xltmain.sh -xm4/libtool.m4 -xmissing -x'po/*.pot' \
-x'debian/patches/*.patch' -x'doc/reference/html/*' -x'po/*.po' \
-xtest-driver
diff --git a/NEWS b/NEWS
index 06f6a2603..1a791f4a1 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,22 @@
+Changes in 1.10.3
+~~~~~~~~~~~~~~~~~
+Released: 2021-08-31
+
+This is a maintenance update with various bug fixes backported from 1.11.x.
+
+* Don't inherit an unusual $XDG_RUNTIME_DIR setting into the sandbox, fixing
+ a regression introduced when CVE-2021-21261 was fixed in 1.8.5 and 1.10.0
+* Fix various memory and file descriptor leaks, in particular with
+ flatpak-spawn --env=...
+* Fix fd confusion in flatpak-spawn --env=... --forward-fd=..., resolving a
+ regression introduced in 1.8.5 and 1.10.0
+* Fix deploys of local remotes in system-helper, possibly involving newer
+ GLib versions
+* Fix test failures on non-x86_64 systems
+* create-usb: Skip copying extra-data flatpaks
+* Improve test coverage on Debian derivatives by ensuring /sbin is in
+ tests' PATH
+
Changes in 1.10.2
~~~~~~~~~~~~~~~~~
Released: 2021-03-10
diff --git a/common/flatpak-run.c b/common/flatpak-run.c
index f48f402a9..81ead1e60 100644
--- a/common/flatpak-run.c
+++ b/common/flatpak-run.c
@@ -1525,6 +1525,10 @@ static const ExportData default_exports[] = {
{"XDG_DATA_DIRS", "/app/share:/usr/share"},
{"SHELL", "/bin/sh"},
{"TMPDIR", NULL}, /* Unset TMPDIR as it may not exist in the sandbox */
+ /* We always use /run/user/UID, even if the user's XDG_RUNTIME_DIR
+ * outside the sandbox is somewhere else. Don't allow a different
+ * setting from outside the sandbox to overwrite this. */
+ {"XDG_RUNTIME_DIR", NULL},
/* Some env vars are common enough and will affect the sandbox badly
if set on the host. We clear these always. */
diff --git a/common/flatpak-version-macros.h b/common/flatpak-version-macros.h
index 2971afee0..210faa4c9 100644
--- a/common/flatpak-version-macros.h
+++ b/common/flatpak-version-macros.h
@@ -45,7 +45,7 @@
*
* The micro version.
*/
-#define FLATPAK_MICRO_VERSION (2)
+#define FLATPAK_MICRO_VERSION (3)
/**
* FLATPAK_CHECK_VERSION:
diff --git a/configure.ac b/configure.ac
index c879e472d..ad5d17d77 100644
--- a/configure.ac
+++ b/configure.ac
@@ -15,7 +15,7 @@ AC_PREREQ([2.63])
m4_define([flatpak_major_version], [1])
m4_define([flatpak_minor_version], [10])
-m4_define([flatpak_micro_version], [2])
+m4_define([flatpak_micro_version], [3])
m4_define([flatpak_extra_version], [])
m4_define([flatpak_interface_age], [0])
m4_define([flatpak_binary_age],
diff --git a/debian/changelog b/debian/changelog
index 061ced8f9..8fc2067e1 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,16 @@
+flatpak (1.10.3-1) UNRELEASED; urgency=medium
+
+ * New upstream stable release
+ - Don't inherit an unusual $XDG_RUNTIME_DIR setting into the sandbox
+ (regression in 1.8.5 and 1.10.0)
+ - Improve unit test coverage
+ - Various other changes that were already in earlier releases to Debian
+ * Drop all patches, applied upstream
+ * d/gbp.conf, d/control: Branch for bullseye
+ * d/watch: Restrict to 1.10.x versions for bullseye
+
+ -- Simon McVittie <s...@debian.org> Thu, 26 Aug 2021 12:01:16 +0100
+
flatpak (1.10.2-3) unstable; urgency=medium
* d/patches: Align with upstream flatpak-1.10.x branch, making this
diff --git a/debian/control b/debian/control
index f60402586..c1e35889f 100644
--- a/debian/control
+++ b/debian/control
@@ -62,7 +62,7 @@ Build-Depends-Indep:
libostree-doc,
Standards-Version: 4.5.1
Homepage: https://flatpak.org/
-Vcs-Git: https://salsa.debian.org/debian/flatpak.git
+Vcs-Git: https://salsa.debian.org/debian/flatpak.git -b debian/bullseye
Vcs-Browser: https://salsa.debian.org/debian/flatpak
Rules-Requires-Root: no
diff --git a/debian/gbp.conf b/debian/gbp.conf
index f331df1a9..dd1cde049 100644
--- a/debian/gbp.conf
+++ b/debian/gbp.conf
@@ -1,7 +1,7 @@
[DEFAULT]
pristine-tar = True
compression = xz
-debian-branch = debian/unstable
+debian-branch = debian/bullseye
upstream-branch = upstream/1.10.x
patch-numbers = False
upstream-vcs-tag = %(version)s
diff --git a/debian/patches/series b/debian/patches/series
deleted file mode 100644
index 0ab2b98a6..000000000
--- a/debian/patches/series
+++ /dev/null
@@ -1,7 +0,0 @@
-create-usb-Skip-copying-extra-data-flatpaks.patch
-Fix-several-memory-leaks.patch
-portal-Don-t-leak-fd-used-for-serialized-environment.patch
-portal-Use-a-GArray-to-store-fds.patch
-portal-Remap-env-fd-into-child-process-s-fd-space.patch
-tests-Remove-hard-coded-references-to-x86_64.patch
-system-helper-Fix-deploys-of-local-remotes.patch
diff --git a/debian/watch b/debian/watch
index 4eaffe935..6d55f4d35 100644
--- a/debian/watch
+++ b/debian/watch
@@ -1,2 +1,2 @@
version=4
-https://github.com/@PACKAGE@/@PACKAGE@/releases .*/@PACKAGE@-(\d+\.\d*[02468]\.[\-+\.:\~\da-zA-Z]*)@ARCHIVE_EXT@
+https://github.com/@PACKAGE@/@PACKAGE@/releases .*/@PACKAGE@-(1\.10\.[\-+\.:\~\da-zA-Z]*)@ARCHIVE_EXT@
diff --git a/doc/reference/html/home.png b/doc/reference/html/home.png
index 9346b336a..3966a915c 100644
Binary files a/doc/reference/html/home.png and b/doc/reference/html/home.png differ
diff --git a/doc/reference/html/left-insensitive.png b/doc/reference/html/left-insensitive.png
index 3269393a7..2cd8c169c 100644
Binary files a/doc/reference/html/left-insensitive.png and b/doc/reference/html/left-insensitive.png differ
diff --git a/doc/reference/html/left.png b/doc/reference/html/left.png
index 2abde032b..1ca1664c6 100644
Binary files a/doc/reference/html/left.png and b/doc/reference/html/left.png differ
diff --git a/doc/reference/html/right-insensitive.png b/doc/reference/html/right-insensitive.png
index 4c95785b9..763208da8 100644
Binary files a/doc/reference/html/right-insensitive.png and b/doc/reference/html/right-insensitive.png differ
diff --git a/doc/reference/html/right.png b/doc/reference/html/right.png
index 76260ec88..eb90dd442 100644
Binary files a/doc/reference/html/right.png and b/doc/reference/html/right.png differ
diff --git a/doc/reference/html/up-insensitive.png b/doc/reference/html/up-insensitive.png
index f40498606..478700c9b 100644
Binary files a/doc/reference/html/up-insensitive.png and b/doc/reference/html/up-insensitive.png differ
diff --git a/doc/reference/html/up.png b/doc/reference/html/up.png
index 80b4b37e9..636d50ddb 100644
Binary files a/doc/reference/html/up.png and b/doc/reference/html/up.png differ
diff --git a/tests/libtest.sh b/tests/libtest.sh
index 2c020667d..1daac3331 100644
--- a/tests/libtest.sh
+++ b/tests/libtest.sh
@@ -105,6 +105,10 @@ export XDG_RUNTIME_DIR=${TEST_DATA_DIR}/runtime
export XDG_DESKTOP_PORTAL_DIR=${test_builddir}/share/xdg-desktop-portal/portals
export XDG_CURRENT_DESKTOP=test
+# On Debian derivatives, /usr/sbin and /sbin aren't in ordinary users'
+# PATHs, but ldconfig and capsh are kept in /sbin
+PATH="$PATH:/usr/sbin:/sbin"
+
export USERDIR=${TEST_DATA_DIR}/home/share/flatpak
export SYSTEMDIR=${TEST_DATA_DIR}/system
export ARCH=`flatpak --default-arch`
diff --git a/tests/package_version.txt b/tests/package_version.txt
index 5ad2491cf..587c5f0c7 100644
--- a/tests/package_version.txt
+++ b/tests/package_version.txt
@@ -1 +1 @@
-1.10.2
+1.10.3
diff --git a/tests/test-run.sh b/tests/test-run.sh
index 3c344df19..b28cf7b66 100644
--- a/tests/test-run.sh
+++ b/tests/test-run.sh
@@ -24,7 +24,7 @@ set -euo pipefail
skip_without_bwrap
skip_revokefs_without_fuse
-echo "1..18"
+echo "1..19"
# Use stable rather than master as the branch so we can test that the run
# command automatically finds the branch correctly
@@ -74,6 +74,15 @@ assert_file_has_content hello_out '^Hello world, from a sandbox$'
ok "hello"
+# XDG_RUNTIME_DIR is set to <temp directory>/runtime by libtest.sh,
+# so we always have the necessary setup to reproduce #4372
+assert_not_streq "$XDG_RUNTIME_DIR" "/run/user/$(id -u)"
+run_sh org.test.Platform 'echo $XDG_RUNTIME_DIR' > value-in-sandbox
+head value-in-sandbox >&2
+assert_file_has_content value-in-sandbox "^/run/user/$(id -u)\$"
+
+ok "XDG_RUNTIME_DIR=$XDG_RUNTIME_DIR not inherited"
+
run_sh org.test.Platform cat /.flatpak-info >runtime-fpi
assert_file_has_content runtime-fpi "[Runtime]"
assert_file_has_content runtime-fpi "^runtime=runtime/org\.test\.Platform/$ARCH/stable$"
