Sync from SUSE:SLFO:Main bubblewrap revision a0a4e56ecb39ba0309b7e13fc438199f

2024-09-03 13:37:29 +02:00 · 2024-09-03 13:37:29 +02:00 · b44e1406aa
commit b44e1406aa
parent 7f8d3bcb83
4 changed files with 37 additions and 11 deletions
--- a/bubblewrap-0.10.0.tar.xz
+++ b/bubblewrap-0.10.0.tar.xz
--- a/bubblewrap-0.8.0.tar.xz
+++ b/bubblewrap-0.8.0.tar.xz
--- a/bubblewrap.changes
+++ b/bubblewrap.changes
@ -1,3 +1,31 @@
+-------------------------------------------------------------------
+Wed Aug 14 17:02:31 UTC 2024 - Bjørn Lie <bjorn.lie@gmail.com>
+
+- Update to version v0.10.0:
+  * New features: Add the --[ro-]bind-fd option, which can be used
+    to mount a filesystem represented by a file descriptor without
+    time-of-check/time-of-use attacks. This is needed when
+    resolving security issue in Flatpak.
+    (CVE-2024-42472, bsc#1229157)
+  * Other changes: Fix some confusing syntax in SetupOpFlag (no
+    functional change).
+
+-------------------------------------------------------------------
+Tue Apr  2 12:14:33 UTC 2024 - Wolfgang Frisch <wolfgang.frisch@suse.com>
+
+- update to v0.9.0:
+  * Build system changed to Meson from Autotools
+  * Add --argv0
+    https://github.com/containers/bubblewrap/issues/91
+  * --symlink is now idempotent, meaning it succeeds if the symlink already
+    exists and already has the desired target 
+  * Clarify security considerations in documentation
+  * Clarify documentation for --cap-add
+  * Report a better error message if mount(2) fails with ENOSPC
+  * Fix a double-close on error reading from --args, --seccomp or
+    --add-seccomp-fd argument
+  * Improve memory allocation behaviour
+
 -------------------------------------------------------------------
 Mon Mar 27 16:39:05 UTC 2023 - Andreas Stieger <andreas.stieger@gmx.de>

--- a/bubblewrap.spec
+++ b/bubblewrap.spec
@ -1,7 +1,7 @@
 #
 # spec file for package bubblewrap
 #
-# Copyright (c) 2023 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -17,21 +17,20 @@


 Name:           bubblewrap
-Version:        0.8.0
+Version:        0.10.0
 Release:        0
 Summary:        Core execution tool for unprivileged containers
 License:        LGPL-2.0-or-later
 Group:          Productivity/Security
 URL:            https://github.com/containers/bubblewrap
 Source0:        %{url}/releases/download/v%{version}/%{name}-%{version}.tar.xz
-BuildRequires:  autoconf
-BuildRequires:  automake
 BuildRequires:  docbook-xsl-stylesheets
 BuildRequires:  gcc
 BuildRequires:  git
 BuildRequires:  libcap-devel
 BuildRequires:  libtool
 BuildRequires:  libxslt
+BuildRequires:  meson
 BuildRequires:  pkgconfig
 BuildRequires:  pkgconfig(libselinux)

@ -59,12 +58,11 @@ sed -i '1s/env //' demos/bubblewrap-shell.sh demos/userns-block-fd.py
 %endif

 %build
-env NOCONFIGURE=1 ./autogen.sh
-%configure --disable-silent-rules --with-priv-mode=none
-make %{?_smp_mflags}
+%meson
+%meson_build

 %install
-%make_install DESTDIR=%{buildroot} INSTALL="install -p -c"
+%meson_install
 find %{buildroot} -type f -name "*.la" -delete -print

 %files