From b44e1406aa2b833e72a873e4eebeb8bd4613249ce5c15e3b442fee00356253fb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adrian=20Schr=C3=B6ter?= Date: Tue, 3 Sep 2024 13:37:29 +0200 Subject: [PATCH] Sync from SUSE:SLFO:Main bubblewrap revision a0a4e56ecb39ba0309b7e13fc438199f --- bubblewrap-0.10.0.tar.xz | 3 +++ bubblewrap-0.8.0.tar.xz | 3 --- bubblewrap.changes | 28 ++++++++++++++++++++++++++++ bubblewrap.spec | 14 ++++++-------- 4 files changed, 37 insertions(+), 11 deletions(-) create mode 100644 bubblewrap-0.10.0.tar.xz delete mode 100644 bubblewrap-0.8.0.tar.xz diff --git a/bubblewrap-0.10.0.tar.xz b/bubblewrap-0.10.0.tar.xz new file mode 100644 index 0000000..af90317 --- /dev/null +++ b/bubblewrap-0.10.0.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:65d92cf44a63a51e1b7771f70c05013dce5bd6b0b2841c4b4be54b0c45565471 +size 119328 diff --git a/bubblewrap-0.8.0.tar.xz b/bubblewrap-0.8.0.tar.xz deleted file mode 100644 index 9e360db..0000000 --- a/bubblewrap-0.8.0.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:957ad1149db9033db88e988b12bcebe349a445e1efc8a9b59ad2939a113d333a -size 149088 diff --git a/bubblewrap.changes b/bubblewrap.changes index 0d89be6..c445360 100644 --- a/bubblewrap.changes +++ b/bubblewrap.changes @@ -1,3 +1,31 @@ +------------------------------------------------------------------- +Wed Aug 14 17:02:31 UTC 2024 - Bjørn Lie + +- Update to version v0.10.0: + * New features: Add the --[ro-]bind-fd option, which can be used + to mount a filesystem represented by a file descriptor without + time-of-check/time-of-use attacks. This is needed when + resolving security issue in Flatpak. + (CVE-2024-42472, bsc#1229157) + * Other changes: Fix some confusing syntax in SetupOpFlag (no + functional change). + +------------------------------------------------------------------- +Tue Apr 2 12:14:33 UTC 2024 - Wolfgang Frisch + +- update to v0.9.0: + * Build system changed to Meson from Autotools + * Add --argv0 + https://github.com/containers/bubblewrap/issues/91 + * --symlink is now idempotent, meaning it succeeds if the symlink already + exists and already has the desired target + * Clarify security considerations in documentation + * Clarify documentation for --cap-add + * Report a better error message if mount(2) fails with ENOSPC + * Fix a double-close on error reading from --args, --seccomp or + --add-seccomp-fd argument + * Improve memory allocation behaviour + ------------------------------------------------------------------- Mon Mar 27 16:39:05 UTC 2023 - Andreas Stieger diff --git a/bubblewrap.spec b/bubblewrap.spec index 1278d17..af1d4d9 100644 --- a/bubblewrap.spec +++ b/bubblewrap.spec @@ -1,7 +1,7 @@ # # spec file for package bubblewrap # -# Copyright (c) 2023 SUSE LLC +# Copyright (c) 2024 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,21 +17,20 @@ Name: bubblewrap -Version: 0.8.0 +Version: 0.10.0 Release: 0 Summary: Core execution tool for unprivileged containers License: LGPL-2.0-or-later Group: Productivity/Security URL: https://github.com/containers/bubblewrap Source0: %{url}/releases/download/v%{version}/%{name}-%{version}.tar.xz -BuildRequires: autoconf -BuildRequires: automake BuildRequires: docbook-xsl-stylesheets BuildRequires: gcc BuildRequires: git BuildRequires: libcap-devel BuildRequires: libtool BuildRequires: libxslt +BuildRequires: meson BuildRequires: pkgconfig BuildRequires: pkgconfig(libselinux) @@ -59,12 +58,11 @@ sed -i '1s/env //' demos/bubblewrap-shell.sh demos/userns-block-fd.py %endif %build -env NOCONFIGURE=1 ./autogen.sh -%configure --disable-silent-rules --with-priv-mode=none -make %{?_smp_mflags} +%meson +%meson_build %install -%make_install DESTDIR=%{buildroot} INSTALL="install -p -c" +%meson_install find %{buildroot} -type f -name "*.la" -delete -print %files