This bug was fixed in the package flatpak - 0.8.2-1~ubuntu16.10.1 --------------- flatpak (0.8.2-1~ubuntu16.10.1) yakkety; urgency=medium * Backport to Ubuntu 16.10 (LP: #1656712) * Drop all patches, applied in new version * Keep dh compat 9 (including explicit dh-autoreconf and dh-systemd) for easier backporting to Ubuntu 16.04 LTS * Also allow libgtk-3-bin to satisfy the gtk-update-icon-cache dependency flatpak (0.8.2-1) unstable; urgency=medium * New upstream bugfix release - drop remaining patch, applied upstream - security fix: prevent writing to per-user-installed fonts and Flatpak extensions (typically locales) * d/control: flatpak-tests Recommends python, which is needed for one test (silencing a lintian warning) flatpak (0.8.1-1) unstable; urgency=medium * New upstream release, very similar to 0.8.0-2 - drop all patches * d/p/flatpak-system-helper-remove-dangling-reference-to-EXTERN.patch: do not search /export/share, which seems to have been unintended flatpak (0.8.0-2) unstable; urgency=medium * d/p/Use-seccomp-to-filter-out-TIOCSTI-ioctl.patch: Add patch from upstream to prevent contained apps from using TIOCSTI ioctl. This would let the app inject commands into the terminal from which it was invoked (CVE-2017-5226). This was initially fixed in bubblewrap by calling setsid(), but that breaks the ability to use Ctrl+Z or Ctrl+C on a flatpak-confined process, so it is being made optional; prevent the attack here instead, in a way that doesn't break shells. * d/p/Fix-update-of-standalone-bundle.patch: Add patch from upstream to fix updating an existing app with "flatpak install --bundle foo.flatpak" * d/p/Make-sure-var-tmp-is-not-on-tmpfs.patch: Add patch from upstream to mount ~/.var/APP/cache/tmp at /var/tmp inside the sandbox, so apps can rely on /var/tmp being on disk * d/p/Document-the-DefaultBranch-key.patch, d/p/Document-RuntimeRepo-key.patch: Add patches from upstream to fill in some missing documentation * d/p/testlibrary-ensure-that-contents_array-is-NULL-terminated.patch, d/p/tests-Install-testpython.py-executable.patch, d/p/tests-Move-the-test-repo-to-a-subdirectory-repos-test.patch: Fix some bugs in the tests * debian/tests/: split out builder-python into a separate autopkgtest, it too has more dependencies flatpak (0.8.0-1) unstable; urgency=medium * New upstream stable release - Bump bubblewrap dependencies to 0.1.5 following configure.ac - Bump ostree dependency to 2016.15 following upstream release notes (the minimal dependency is 2016.14, but 2016.15 is recommended) - debian/libflatpak0.symbols: add new ABIs - d/p/pull-Exit-early-on-error-without-aborting-transaction.patch: drop patch, applied upstream * debian/gbp.conf: switch upstream branch to debian/0.8.x to follow the first upstream stable-branch * debian/watch: only follow stable-branches * debian/org.freedesktop.Flatpak.pkla: configure polkit 0.105 to allow sudoers to uninstall apps and runtimes without re-authenticating, following upstream changes to the org.freedesktop.Flatpak.rules used in newer polkit versions * d/p/Update-Polish-translation.patch: update translated strings from upstream git * d/p/flatpak-builder-1-fix-typo.patch: fix a typo in the man page flatpak (0.6.14-3) unstable; urgency=medium * d/tests/*: only run tests on a real or virtual machine, not in a container. bubblewrap is effectively already a container, and nesting containers doesn't work particularly well. Unfortunately this means the tests won't work on ci.debian.net, which uses LXC. flatpak (0.6.14-2) unstable; urgency=medium * d/p/pull-Exit-early-on-error-without-aborting-transaction.patch: Add patch recommended by upstream to fix a GNOME Software crash flatpak (0.6.14-1) unstable; urgency=medium * New upstream release - update ostree build-dependency to 2016.14 flatpak (0.6.13-1) unstable; urgency=medium * New upstream release - update symbols file - update ostree build-dependency to 2016.12 flatpak (0.6.12-1) unstable; urgency=medium * This release drops source compatibility with Debian jessie. If you are building unofficial backports for older Debian derivatives, please base them on the debian/jessie-backports git branch instead of debian/master from now on. * d/control: rely on gtk-update-icon-theme, removing libgtk-3-bin alternative. - d/p/debian/Try-gtk-3.0-version-of-the-icon-cache-utility-first.patch: drop patch, this branch can now rely on having the plain gtk-update-icon-theme executable * Bump debhelper compatibility level to 10 - do not explicitly build in parallel, it is now the default - do not explicitly enable autoreconf and systemd sequences, they are now the default * New upstream release - d/libflatpak0.symbols: update -- Jeremy Bicha