diff --git a/_service b/_service
index a4b24b8..93bbb47 100644
--- a/_service
+++ b/_service
@@ -4,7 +4,7 @@
git
@PARENT_TAG@
enable
- refs/tags/1.0.3
+ refs/tags/1.0.5
*.tar
diff --git a/_servicedata b/_servicedata
index 70ac5db..80776b7 100644
--- a/_servicedata
+++ b/_servicedata
@@ -1,4 +1,4 @@
https://github.com/flatpak/flatpak.git
- b6a8cab35ff7628050a5e5c385979a034a2ff2dc
+ 89a7da60a21678bd1fc4b020050cf66feb676a0d
\ No newline at end of file
diff --git a/flatpak-1.0.3.tar.xz b/flatpak-1.0.3.tar.xz
deleted file mode 100644
index aecd3be..0000000
--- a/flatpak-1.0.3.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:75110b38705e5a553918c7708c721efecba9ea9f0fa7466e8496636cf5e5e9b4
-size 715136
diff --git a/flatpak-1.0.5.tar.xz b/flatpak-1.0.5.tar.xz
new file mode 100644
index 0000000..de0bee2
--- /dev/null
+++ b/flatpak-1.0.5.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:c7cc295be5d5cf99d4fc29d523e6fe39620ee17c5357a295f71ab1934b6eb14d
+size 718180
diff --git a/flatpak.changes b/flatpak.changes
index cc08924..26ab20f 100644
--- a/flatpak.changes
+++ b/flatpak.changes
@@ -1,3 +1,54 @@
+-------------------------------------------------------------------
+Fri Nov 16 10:09:01 UTC 2018 - matthias.gerstner@suse.com
+
+- Make polkit_rules_usability.patch effective by adding a 60- prefix to the
+ rules file. This will cause it to be executed before the
+ polkit-default-privs are executed (bsc#984817).
+
+-------------------------------------------------------------------
+Tue Nov 13 08:55:03 UTC 2018 - Antonio Larrosa
+
+- Update to version 1.0.5:
+ + Make the /etc -> /usr/etc bind-mounts read-only.
+ + Make various app-specific configuration files read-only.
+ + flatpak is more picky about remote names to avoid problems with
+ storing weird names in the ostree config.
+ + A segfault in libflatpak handling of bundles was fixed.
+ + Updated translations
+ + Fixed a regression in flatpak run that caused problems running
+ user-installed apps when the system installation was broken.
+ + Implicity grant MPRIS2 permissions
+- Changes from version 1.0.4:
+ + Flatpak 0.99.1 removed the inheritance of permissions from the
+ runtime due to concerns with dynamic app permissions. Due to
+ popular requests, this version re-introduces such inheritance,
+ but does it instead at build time. This solved the issues with
+ dynamic permissions while still allowing runtimes to have
+ default permissions. Apps can disable this by passing
+ --no-inherit-permissions to build-finish.
+ + The sandbox now always includes a /etc/timezone file, following
+ the (old) debian standard for this. This is needed, because the
+ more modern way of exposing the timezone name by having
+ /etc/localtime be a symlink into /usr/share/zoneinfo doesn't
+ work when exposing the host timezone.
+ + All apps now have automatic permissions to own their own app id
+ as a subname of org.mpris.MediaPlayer2.
+ + We now properly re-load remote state in FlatpakTransaction if
+ the metadata was updated for the remote.
+ + The signature of the FlatpakTransaction::operation-done signal
+ was wrong in the header and has now been corrected to the
+ signature that is actually emitted.
+ + A crash was fixed when reading invalid .flatpakref files.
+ + A crash during updates when a local ref was unexpectedly
+ missing was fixed.
+ + An error case on uninstalling was incorrectly returning success
+ even thought there was an error.
+ + flatpak_installation_modify_remote did not correctly save the
+ nodeps state.
+ + flatpak_installation_load_app_overrides() was improperly
+ returning freed memory.
+ + The tarball now ships with an icon (flatpak.png).
+
-------------------------------------------------------------------
Fri Oct 19 12:05:14 UTC 2018 - alarrosa@suse.com
diff --git a/flatpak.spec b/flatpak.spec
index 2a21f8e..ecde752 100644
--- a/flatpak.spec
+++ b/flatpak.spec
@@ -12,13 +12,13 @@
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
-# Please submit bugfixes or comments via https://bugs.opensuse.org/
+# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
%define libname libflatpak0
Name: flatpak
-Version: 1.0.3
+Version: 1.0.5
Release: 0
Summary: OSTree based application bundles management
License: LGPL-2.1-or-later
@@ -132,6 +132,12 @@ make %{?_smp_mflags}
find %{buildroot} -type f -name "*.la" -delete -print
mkdir -p %{buildroot}%{_sbindir}
ln -s service %{buildroot}%{_sbindir}/rcflatpak-system-helper
+# add a 60- prefix to the rules file, otherwise it is not effective, because
+# /etc/polkit-1/rules.d/90-default-privs.rules is executed first and if no
+# polkit-default-privs rule grants access then an explicit reject is the
+# result. This should fix bsc#984817, granting members of group wheel access
+# w/o password entry.
+mv %{buildroot}/%{_datadir}/polkit-1/rules.d/{,60-}org.freedesktop.Flatpak.rules
%find_lang %{name}
@@ -170,7 +176,7 @@ ln -s service %{buildroot}%{_sbindir}/rcflatpak-system-helper
%{_datadir}/dbus-1/system-services/org.freedesktop.Flatpak.SystemHelper.service
# policykit rules
%{_datadir}/polkit-1/actions/org.freedesktop.Flatpak.policy
-%{_datadir}/polkit-1/rules.d/org.freedesktop.Flatpak.rules
+%{_datadir}/polkit-1/rules.d/60-org.freedesktop.Flatpak.rules
%{_mandir}/man1/%{name}*.1%{ext_man}
%{_mandir}/man5/flatpak-metadata.5%{ext_man}
%{_mandir}/man5/flatpak-flatpakref.5%{ext_man}