We had missing icons for a few apps due to this - if this ever happens
it means something very weird is going on with the export process in
a flatpak, so it's probably worth alerting the repo admin.
Closes: #1367
Approved by: pwithnall
The appstream spec suggests that IDs should end in .desktop, but does
not require it. Make the repo appstream update process permit this
so that the appstream and icons are extracted correctly.
Closes: #1367
Approved by: pwithnall
During the authentication all client data is directly forwarded
to the dbus daemon as is, until we detect the BEGIN command after
which we start filtering the binary dbus protocol.
Unfortunately the detection of the BEGIN command in the proxy
did not exactly match the detection in the dbus daemon. A BEGIN
followed by a space or tab was considered ok in the daemon but
not by the proxy. This could be exploited to send arbitrary
dbus messages to the host, which can be used to break out of
the sandbox.
This was noticed by Gabriel Campana of The Google Security Team.
This fix makes the detection of the authentication phase end
match the dbus code. In addition we duplicate the authentication
line validation from dbus, which includes ensuring all data is
ASCII, and limiting the size of a line to 16k. In fact, we add
some extra stringent checks, disallowing ASCII control chars and
requiring that auth lines start with a capital letter.
When the specified remote existed, but had no updates we printed
a message like: error: Remote "flathub" not found
Closes: #1363
Approved by: alexlarsson
When loading data from e.g. an installed app we ignore any permissions
it requests that we don't know about, rather than failing. This allows
us to later add permissions in an optional way. If the added permissions
are not optional you can use the flatpak-version key to request a specific
flatpak version that supports them.
Closes: #1362
Approved by: alexlarsson
This is a convenient function which can be used with flags, adding option to return
real path of the file we are trying to open in case the sandboxed app has access
to it. It also registers this file automatically to document store so there is no
need to call grant_permission() afterwards.
Closes: #1335
Approved by: alexlarsson
If flatpak is compiled with P2P support and the commit in question has a
collection ID in its metadata, show it.
Closes: #1312
Approved by: alexlarsson
When the --show-metadata option is used with remote-info, the metadata
variable is never initialized, causing flatpak to print "(null)". This
commit makes sure the variable is properly initialized so the metadata
prints correctly.
Closes: #1313
Approved by: alexlarsson
As of linux kernel 4.14.5, user namespaces are enabled on Arch with the standard linux kernel.
Username spaces are disabled by default, but can be enabled with the
kernel.unprivileged_userns_clone sysctl.
More information regarding the change can be found in the Arch Linux bug report:
https://bugs.archlinux.org/task/36969Closes: #1328
Approved by: cgwalters
oci_pull_init_progress() seems to set all the default keys wanted by
ostree_repo_pull_default_console_progress_changed() except the
caught-error key, which was added in OSTree commit 5c4f26bd65b492.
Add that key, just in case something queries for it (if it’s missing
when that happens, an assertion failure will be hit).
Signed-off-by: Philip Withnall <withnall@endlessm.com>
Closes: #1320
Approved by: cgwalters
Mark subpaths as a NULL terminated array. Without this the GIR makes
this a single utf8 parameter and bindings can't use it.
Closes: #1327
Approved by: cgwalters
When a remote is found in multiple installations and we ask "Which do
you want to use (0 to abort)?", the 0 choice isn't working because the
min value in the call to flatpak_number_prompt() was set to 1. Fix that
so the user can abort if they want.
Fixes https://github.com/flatpak/flatpak/issues/1305
When building with --disable-p2p, we create a stub type for
OstreeRepoFinderResult and OstreeRepoFinderResultv to avoid having to
add #ifdefs around all uses of them throughout the code base. We also
need to create autoptr functions for them so that the code can continue
to use g_autoptr(OstreeRepoFinderResult).
Previously, we were using `void` as the GDestroyNotify function for the
stub types. This wasn’t valid (it’s not a function), but it worked.
Since g_autolist() support has landed in GLib, this has broken. Fix it
by using a static inline no-op function as the GDestroyNotify function
instead. This should never be called, so exists purely to get things to
compile.
Signed-off-by: Philip Withnall <withnall@endlessm.com>
https://github.com/flatpak/flatpak/issues/1279Closes: #1293
Approved by: mwleeds
Interestingly the telegram appid is "org.telegram.desktop", which means
the wrapper ends up having a .desktop extension which confuses the
desktop file exporter. We fix this by rewriting any exports before
creating the wrappers.
Fixes https://github.com/flathub/org.telegram.desktop/issues/18Closes: #1270
Approved by: alexlarsson
Emit a warning about them rather than ignoring them entirely.
Coverity CID: 1376554
Signed-off-by: Philip Withnall <withnall@endlessm.com>
Closes: #1267
Approved by: alexlarsson
The error wasn’t being propagated properly, leading to a NULL pointer
dereference.
Coverity CID: 1463075
Signed-off-by: Philip Withnall <withnall@endlessm.com>
Closes: #1267
Approved by: alexlarsson
Some of these were leaking entire file contents, or the whole of
xa.metadata.
Signed-off-by: Philip Withnall <withnall@endlessm.com>
Closes: #1259
Approved by: mwleeds
