From b6456a51bb98ec1bd6b6dbdc5bcc46bad2f1930a Mon Sep 17 00:00:00 2001
From: David King <amigadave@amigadave.com>
Date: Fri, 12 Apr 2019 12:56:33 +0100
Subject: [PATCH] Update to 1.3.2 (#1699338)

---
 .gitignore                        |  1 +
 flatpak-1.3.2-system-helper.patch | 28 ++++++++++++++++
 flatpak.spec                      | 56 ++++++++++++++++++++++++++++---
 sources                           |  2 +-
 4 files changed, 81 insertions(+), 6 deletions(-)
 create mode 100644 flatpak-1.3.2-system-helper.patch

diff --git a/.gitignore b/.gitignore
index 1546034..9141e6d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -65,3 +65,4 @@
 /flatpak-1.2.3.tar.xz
 /flatpak-1.3.0.tar.xz
 /flatpak-1.3.1.tar.xz
+/flatpak-1.3.2.tar.xz
diff --git a/flatpak-1.3.2-system-helper.patch b/flatpak-1.3.2-system-helper.patch
new file mode 100644
index 0000000..2e7cc9d
--- /dev/null
+++ b/flatpak-1.3.2-system-helper.patch
@@ -0,0 +1,28 @@
+From 9647c954c34b3547ff260c4a02d2f7ed5ef47ff7 Mon Sep 17 00:00:00 2001
+From: Matthias Clasen <mclasen@redhat.com>
+Date: Sun, 14 Apr 2019 23:38:39 -0400
+Subject: [PATCH] Fix a system-helper crash
+
+As seen in https://github.com/flatpak/flatpak/issues/2829,
+the system-helper crashes while trying to access an as
+parameter as s. Looking at the likely culprits for this,
+I find that the permission check for Deploy has an off-by-one
+error where it tries to get the installation, but
+passes the offset for the previous_ids  parameter.
+---
+ system-helper/flatpak-system-helper.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/system-helper/flatpak-system-helper.c b/system-helper/flatpak-system-helper.c
+index 59cc65c5b..b8deab755 100644
+--- a/system-helper/flatpak-system-helper.c
++++ b/system-helper/flatpak-system-helper.c
+@@ -1885,7 +1885,7 @@ flatpak_authorize_method_handler (GDBusInterfaceSkeleton *interface,
+       g_variant_get_child (parameters, 1, "u", &flags);
+       g_variant_get_child (parameters, 2, "&s", &ref);
+       g_variant_get_child (parameters, 3, "&s", &origin);
+-      g_variant_get_child (parameters, 5, "&s", &installation);
++      g_variant_get_child (parameters, 6, "&s", &installation);
+ 
+       /* For metadata updates, redirect to the metadata-update action which
+        * should basically always be allowed */
diff --git a/flatpak.spec b/flatpak.spec
index b07146c..2db1fad 100644
--- a/flatpak.spec
+++ b/flatpak.spec
@@ -2,8 +2,8 @@
 %global ostree_version 2018.9
 
 Name:           flatpak
-Version:        1.3.1
-Release:        2%{?dist}
+Version:        1.3.2
+Release:        1%{?dist}
 Summary:        Application deployment framework for desktop apps
 
 License:        LGPLv2+
@@ -11,9 +11,11 @@ URL:            http://flatpak.org/
 Source0:        https://github.com/flatpak/flatpak/releases/download/%{version}/%{name}-%{version}.tar.xz
 # Add Fedora flatpak repositories
 Source1:        flatpak-add-fedora-repos.service
+Patch0:         flatpak-1.3.2-system-helper.patch
 
 BuildRequires:  pkgconfig(appstream-glib)
 BuildRequires:  pkgconfig(dconf)
+BuildRequires:  pkgconfig(fuse)
 BuildRequires:  pkgconfig(gdk-pixbuf-2.0)
 BuildRequires:  pkgconfig(gio-unix-2.0)
 BuildRequires:  pkgconfig(gobject-introspection-1.0) >= 1.40.0
@@ -49,6 +51,8 @@ Requires:       bubblewrap >= %{bubblewrap_version}
 Requires:       librsvg2%{?_isa}
 Requires:       ostree-libs%{?_isa} >= %{ostree_version}
 Requires:       /usr/bin/xdg-dbus-proxy
+# https://fedoraproject.org/wiki/SELinux/IndependentPolicy
+Recommends:     flatpak-selinux
 Recommends:     p11-kit-server
 
 # Make sure the document portal is installed
@@ -77,10 +81,24 @@ Summary:        Libraries for %{name}
 License:        LGPLv2+
 Requires:       bubblewrap >= %{bubblewrap_version}
 Requires:       ostree%{?_isa} >= %{ostree_version}
+Requires(pre):  /usr/sbin/useradd
 
 %description libs
 This package contains libflatpak.
 
+%package selinux
+Summary:        SELinux policy module for %{name}
+License:        LGPLv2+
+BuildRequires:  checkpolicy
+BuildRequires:  selinux-policy-devel
+Requires:       selinux-policy
+Requires(post): policycoreutils
+Requires(post): policycoreutils-python
+Requires(postun): policycoreutils-python
+
+%description selinux
+This package contains the SELinux policy module for %{name}.
+
 %package tests
 Summary:        Tests for %{name}
 License:        LGPLv2+
@@ -103,12 +121,14 @@ find tests -name '*.py' -exec \
     sed -i -e 's|/usr/bin/python|/usr/bin/python3|' {} +
 
 (if ! test -x configure; then NOCONFIGURE=1 ./autogen.sh; CONFIGFLAGS=--enable-gtk-doc; fi;
- # User namespace support is sufficient.
- %configure --with-priv-mode=none \
+ %configure \
+            --enable-docbook-docs \
             --enable-installed-tests \
+            --enable-selinux-module \
+            --with-priv-mode=none \
             --with-system-bubblewrap \
             --with-system-dbus-proxy \
-            --enable-docbook-docs $CONFIGFLAGS)
+            $CONFIGFLAGS)
 %make_build V=1
 
 
@@ -123,6 +143,14 @@ rm -f %{buildroot}%{_libdir}/libflatpak.la
 %find_lang %{name}
 
 
+%pre
+getent group flatpak >/dev/null || groupadd -r flatpak
+getent passwd flatpak >/dev/null || \
+    useradd -r -g flatpak -d / -s /sbin/nologin \
+     -c "User for flatpak system helper" flatpak
+exit 0
+
+
 %post
 %systemd_post flatpak-add-fedora-repos.service
 
@@ -134,12 +162,22 @@ if [ $1 -gt 1 ] ; then
         systemctl --no-reload preset flatpak-add-fedora-repos.service >/dev/null 2>&1 || :
 fi
 
+%post selinux
+%selinux_modules_install %{_datadir}/selinux/packages/flatpak.pp.bz2
+
+
 %preun
 %systemd_preun flatpak-add-fedora-repos.service
 
+
 %postun
 %systemd_postun_with_restart flatpak-add-fedora-repos.service
 
+%postun selinux
+if [ $1 -eq 0 ]; then
+    %selinux_modules_uninstall %{_datadir}/selinux/packages/flatpak.pp.bz2
+fi
+
 
 %ldconfig_scriptlets libs
 
@@ -168,6 +206,7 @@ fi
 %{_libexecdir}/flatpak-session-helper
 %{_libexecdir}/flatpak-system-helper
 %{_libexecdir}/flatpak-validate-icon
+%{_libexecdir}/revokefs-fuse
 %dir %{_localstatedir}/lib/flatpak
 %{_mandir}/man1/%{name}*.1*
 %{_mandir}/man5/%{name}-metadata.5*
@@ -196,12 +235,19 @@ fi
 %{_libdir}/girepository-1.0/Flatpak-1.0.typelib
 %{_libdir}/libflatpak.so.*
 
+%files selinux
+%{_datadir}/selinux/packages/flatpak.pp.bz2
+%{_datadir}/selinux/devel/include/contrib/flatpak.if
+
 %files tests
 %{_datadir}/installed-tests
 %{_libexecdir}/installed-tests
 
 
 %changelog
+* Fri Apr 12 2019 David King <amigadave@amigadave.com> - 1.3.2-1
+- Update to 1.3.2 (#1699338)
+
 * Wed Apr 03 2019 Kalev Lember <klember@redhat.com> - 1.3.1-2
 - Add a oneshot systemd service to add Fedora flatpak repos
 - Remove the post script to create system repo now that we have the service
diff --git a/sources b/sources
index 61ee6fc..a3108fb 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (flatpak-1.3.1.tar.xz) = 473ecfbe1533c630045451ff550c51a0fae56e8d799ae8973309a2f41d60598535a23f88b79163ebc3c1a7ac97aea76f8647ddfbb6e228bb052e9a8aa3ca0948
+SHA512 (flatpak-1.3.2.tar.xz) = f65b6ef2e231a1ad7039defcaa5109a167eaa65870f6876e119b4e6923155b2628e7b539cd2337f03ded5ccda4ea274039cd5ce93cf85cab8d434b89bcc08c10