diff --git a/_service b/_service
index 25d364c..e24348a 100644
--- a/_service
+++ b/_service
@@ -4,7 +4,7 @@
git
@PARENT_TAG@
enable
- refs/tags/0.9.1
+ refs/tags/0.8.7
*.tar
diff --git a/_servicedata b/_servicedata
index 722b49b..dd18d9e 100644
--- a/_servicedata
+++ b/_servicedata
@@ -1,4 +1,4 @@
- https://github.com/flatpak/flatpak.git
- 696775687721748ba779dfb58f29ab47ed1fd6ae
\ No newline at end of file
+ https://github.com/flatpak/flatpak.git
+ fd186307b56d34f4bf99943251dfaa29bb9864a1
\ No newline at end of file
diff --git a/flatpak-0.8.7.tar.xz b/flatpak-0.8.7.tar.xz
new file mode 100644
index 0000000..bc9fde7
--- /dev/null
+++ b/flatpak-0.8.7.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:81c25888e1aa303e4bc4507cc30ddb928201301e60694b996e17abc632e1f29c
+size 554412
diff --git a/flatpak-0.9.1.tar.xz b/flatpak-0.9.1.tar.xz
deleted file mode 100644
index 501d2c1..0000000
--- a/flatpak-0.9.1.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:4b461701057cb60f3210c0c065369c41c14d23498190c2360a7e068e29965ae7
-size 569988
diff --git a/flatpak.changes b/flatpak.changes
index debcbf1..d5d7d6f 100644
--- a/flatpak.changes
+++ b/flatpak.changes
@@ -1,53 +1,72 @@
-------------------------------------------------------------------
-Thu Mar 16 11:59:38 UTC 2017 - adrien.plazas@suse.com
+Thu Jul 20 20:12:58 UTC 2017 - zaitor@opensuse.org
-- Update to version 0.9.1:
- + The flatpak-builder build cache now uses the rofiles-fuse
- ostree feature.
- + The cflags and cxxflags module properties now work by
- appending, rather that replacing, when there are multiple
- values specified.
- + Do not invalidate build cache when the installed version of the
- SDK changed by default. Use --rebuild-on-sdk-change to force
- rebuild otherwise.
- + The build cache is now per-arch.
- + New buildsystem "cmake-ninja" which works like "cmake", but
- builds using ninja.
- + New buildsystem "simple" which just runs a set of shell
- commands specified in the "build-commands" property.
- + flatpak-builder now has build-runtime and build-extension
- properties that makes it easier to build runtimes and
- extensions.
- + FLATPAK_DEST is set in the build environment to the
- installation destination.
- + flatpak-builder now supports --from-git=URL which pulls the
- json manifest and related files directly from a git repo.
- + modules have a new no-make-install property which skips the
- make install step.
- + Modules and sources have only-arches and skip-arches
- properties, which lets you enable/disable them based on the
- build architecture.
- + build-options has a new property ldflags, which is similar to
- cflags and cxxflags.
- + flatpak build (and thus flatpak-builder --run) now supports
- dbus proxies when needed.
- + All git repos are cloned with fsckObjects=true, which means we
- verify that the repos are valid.
- + New flatpak-builder argument --build-shell=MODULE extracts and
- prepares the sources for a specified module and then starts a
- build sandbox inside it.
- + build-export: Now supports --timestamp=ISO-8601-TIMESTAMP,
- which allows you to create reproducible commits.
- + The OCI support has been updated to the latest version of the
- OCI image specification format.
- + There is a new flatpak-bisect script that can be used to bisect
- flatpak applications, looking for regressions.
- + flatpak list got a revamp. It now shows more information, and
- shows both apps and runtimes by default.
- + flatpak remote-list was renamed flatpak remotes in order to
- minimize confusion with flatpak remote-ls. The old name is
- deprecated but still works.
-- Bump minimal glib to 2.44.
+- Update to version 0.8.7:
+ + This is a minor security update, matching the behaviour on
+ master where we avoid ever creating setuid files or
+ world-writable directories. However, the fix is more localized
+ and does not require a new ostree.
+ + After pulling from a remote, always verify that the staged new
+ files and directories have safe permissions.
+ + Ensure ~/.local/share/flatpak is not readable to other users,
+ to avoid anyone ever seeing possibly world-writeable
+ directories therein.
+ + Fix double-setting a error in case of errors when pulling.
+ + Fix timeout in testcase.
+
+-------------------------------------------------------------------
+Thu Jul 20 20:12:42 UTC 2017 - zaitor@opensuse.org
+
+- Update to version 0.8.6:
+ + TMPDIR is now unset in the sandbox, if set on the host. Each
+ sandbox has a personal /tmp that is used.
+ + Flatpak run now works if /tmp is a symlink on the host.
+ + /etc/hosts and /etc/hosts.conf from the host are now exposed in
+ the sandbox in addition to /etc/resolv.conf.
+ + flatpak now stores the app id in the X-Flatpak key when
+ exporting a desktop file.
+ + Exports are now whitelisted, and the only thing you can
+ export are: desktop files, icons, dbus services.
+ This is somewhat different from the 0.9.x series, where als
+ mime definitions, and gnome-shell search providers are allowed.
+ + Fixed minor race condition in portal application
+ identification.
+ + Support WAYLAND_DISPLAY environment var.
+ + dbus-portal: Fix handling of NameHasOwner.
+ + run: Allow regular files for --filesystem=xdg-config/path.
+ + run: Allow --filesystem=xdg-config/subdir:ro (previously
+ it needed to be writable).
+ + Support for updating to new gpg keys and url when using
+ flatpak remote-modify --update-metadata. This is a manual
+ operation in 0.8.x but is automatic in the 0.9.x series.
+
+-------------------------------------------------------------------
+Thu Jul 20 20:12:04 UTC 2017 - zaitor@opensuse.org
+
+- Update to version 0.8.5:
+ + Fixed a use-after-free and some leaks in the dbus-proxy. This
+ is not currently believed to be exploitable, but the proxy is a
+ security boundary, so we still recommend to update.
+ + Regular updates now never allow updates to an older version
+ than what is currently installed (unless you explicitly specify
+ an old commit id). This closes a hole where a MITM attacker can
+ force clients to downgrade to an earlier (gpg-signed) version
+ of the application.
+ + The automatic detection of --from in flatpak install now
+ detects flatpakref extensions even in URIs that end in a query
+ string such as https://git.gnome.org/browse/gnome-apps-nightly/plain/gedit.flatpakref?h=stable
+ + The detection of "unmaintained" system extensions was broken,
+ and in some cases these extensions were not found. This now
+ always works.
+ + Flatpak now builds with latest OSTree. This required some
+ fixing for multiple definitions of the g_auto* macros as OSTree
+ now exports those.
+ + We no longer rely on ostree trivial-httpd for the tests,
+ because this is optional in later versions of ostree. Instead
+ we use the python SimpleHTTPServer.
+ + The minimum glib version has been corrected to 2.44.
+ + The minumum automake version has been increased to 1.13.4
+ because some older version didn't work.
-------------------------------------------------------------------
Fri Mar 10 20:58:11 UTC 2017 - dimstar@opensuse.org
diff --git a/flatpak.spec b/flatpak.spec
index 21de98c..cb7a2ea 100644
--- a/flatpak.spec
+++ b/flatpak.spec
@@ -22,7 +22,7 @@
%define libname libflatpak0
Name: flatpak
-Version: 0.9.1
+Version: 0.8.7
Release: 0
Summary: Manage OSTree based application bundles
License: LGPL-2.1+
@@ -199,7 +199,6 @@ flatpak remote-list --system > /dev/null 2>&1
%files builder
%defattr(-,root,root)
-%{_bindir}/flatpak-bisect
%{_bindir}/flatpak-builder
%{_mandir}/man1/flatpak-builder.1%{ext_man}