- Update to 0.6.1:

- Add a release checklist
 - completions: Make zsh completion non-executable
   The Autotools build system installed it with 0644 permissions because
   it's listed as DATA, but the Meson build system installs executable
   files as executable by default.
   zsh completions don't need to be executable to work, and this one doesn't
   have the `#!` marker that should start an executable script.
- update to 0.6.0:
 - meson: Improve compatibility with Meson 0.49
   That version doesn't allow more than two arguments for define_variable.
 - Disable test-specifying-pidns.sh under 'meson dist' while I investigate
   This test is hanging when run under 'meson dist' for some reason, but
   not when run under 'meson test', and not locally, only in the Github
   Workflow-based CI. Disable it for now.
 - meson: Actually build and run the tests
 - tests: Fix compiler warnings for unused arguments
 - meson: Run test scripts from $srcdir
 - meson: Make G_TEST_SRCDIR, G_TEST_BUILDDIR match Autotools
 - meson: Run the Python test script with Python, not bash
   The python build option can be used to swap to a different interpreter,
   for environments like the Steam Runtime where the python3 executable in
   the PATH is extremely old but there is a better interpreter available.
   This is treated as non-optional, because Meson is written in Python,
   so the situation where there is no Python interpreter at build-time
   shouldn't arise.
 - meson: Build the try-syscall helper
 - meson: Build tests with equivalent of -I$(top_srcdir) -I$(top_builddir)
 - meson.build: Remove unnecessary check for sh
 - Add a Meson build system

OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/bubblewrap?expand=0&rev=27

bubblewrap-0.5.0.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:16fdaf33799d63104e347e0133f909196fe90d0c50515d010bcb422eb5a00818
-size 137796

bubblewrap-0.6.1.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:9609c7dc162bc68abc29abfab566934fdca37520a15ed01b675adcf3a4303282
+size 145500

bubblewrap.changes

@@ -1,3 +1,111 @@
+-------------------------------------------------------------------
+Fri Mar  4 18:13:15 UTC 2022 - Sebastian Wagner <sebix+novell.com@sebix.at>
+
+- Update to 0.6.1:
+ - Add a release checklist
+ - completions: Make zsh completion non-executable
+   The Autotools build system installed it with 0644 permissions because
+   it's listed as DATA, but the Meson build system installs executable
+   files as executable by default.
+   zsh completions don't need to be executable to work, and this one doesn't
+   have the `#!` marker that should start an executable script.
+- update to 0.6.0:
+ - meson: Improve compatibility with Meson 0.49
+   That version doesn't allow more than two arguments for define_variable.
+ - Disable test-specifying-pidns.sh under 'meson dist' while I investigate
+   This test is hanging when run under 'meson dist' for some reason, but
+   not when run under 'meson test', and not locally, only in the Github
+   Workflow-based CI. Disable it for now.
+ - meson: Actually build and run the tests
+ - tests: Fix compiler warnings for unused arguments
+ - meson: Run test scripts from $srcdir
+ - meson: Make G_TEST_SRCDIR, G_TEST_BUILDDIR match Autotools
+ - meson: Run the Python test script with Python, not bash
+   The python build option can be used to swap to a different interpreter,
+   for environments like the Steam Runtime where the python3 executable in
+   the PATH is extremely old but there is a better interpreter available.
+   This is treated as non-optional, because Meson is written in Python,
+   so the situation where there is no Python interpreter at build-time
+   shouldn't arise.
+ - meson: Build the try-syscall helper
+ - meson: Build tests with equivalent of -I$(top_srcdir) -I$(top_builddir)
+ - meson.build: Remove unnecessary check for sh
+ - Add a Meson build system
+   This allows bwrap to be built as a subproject in larger Meson projects.
+   When built as a subproject, we install into the --libexecdir and
+   require a program prefix to be specified: for example, Flatpak would use
+   program_prefix=flatpak- to get /usr/libexec/flatpak-bwrap. Verified to
+   be backwards-compatible as far as Meson 0.49.0 (Debian 9 backports).
+   Loosely based on previous work by Jussi Pakkanen (see #133).
+   Differences between the Autotools and Meson builds:
+   The Meson build requires a version of libcap that has pkg-config
+   metadata (introduced in libcap 2.23, in 2013).
+   The Meson build has no equivalent of --with-priv-mode=setuid. On
+   distributions like Debian <= 10 and RHEL <= 7 that require a setuid bwrap
+   executable, the sysadmin or distribution packaging will need to set the
+   correct permissions on the bwrap executable; Debian already did this via
+   packaging rather than the upstream build system.
+   The Meson build supports being used as a subproject, and there is CI
+   for this. It automatically disables shell completions and man pages,
+   moves the bubblewrap executable to ${libexecdir}, and renames the
+   bubblewrap executable according to a program_prefix option that the
+   caller must specify (for example, Flatpak would use
+   -Dprogram_prefix=flatpak- to get /usr/libexec/flatpak-bwrap). See the
+   tests/use-as-subproject/ directory for an example.
+ - Use HEAD to refer to other projects' default branches in documentation
+   This makes the URL independent of the name they have chosen for their
+   default branches.
+ - workflows: Update for rename of default branch to main
+ - tests: Exercise seccomp filters
+ - Allow loading more than one seccomp program
+   This will allow Flatpak to combine an allow-list (default-deny) of
+   known system calls with a deny-list (default-allow) of system calls
+   that are undesired.
+   Resolves: https://github.com/containers/bubblewrap/issues/453
+ - Generalize linked lists of LockFile and SetupOp
+   I'm about to add a third linked list, for seccomp programs, which would
+   seem like too much duplication.
+ - Handle argc == 0 better
+   Unfortunately it's possible for argc to be 0, so error out pretty early
+   on in that case. I don't think this is a security issue in this case.
+ - Fix typo
+ - Remove trailing whitespace
+ - Fix spelling
+ - bash: Fix shellcheck warnings
+ - bash: Invoke bash using /usr/bin/env
+ - bubblewrap: Avoid a -Wjump-misses-init false-positive
+   When building with -Wjump-misses-init as part of a larger project, gcc
+   reports that we jump past initialization of cover_proc_dirs. This is
+   technically true, but we only use this variable in the case where it's
+   initialized, so that's harmless.
+   However, we can avoid this altogether by making the array static and
+   constant, which allows it to be moved from initialized data to read-only
+   data.
+ - bind-mount: Be more const-correct
+   When compiled with -Wwrite-strings as part of a larger project, gcc and
+   clang both warn that we're assigning a string constant to a mutable
+   struct member. There's actually no reason why it should be mutable, so
+   make it const.
+ - die_with_error: Save errno sooner
+   We need to save errno immediately, otherwise it could be overwritten
+   by a failing library call somewhere in the implementation of fprintf.
+ - main: Warn when non-repeatable options are repeated
+   A user might reasonably expect that `bwrap --seccomp 3 --seccomp 4 ...`
+   would load seccomp programs from both fds 3 and 4, but in fact it only
+   loads the program from fd 4.
+   Helps: https://github.com/containers/bubblewrap/issues/453
+   Resolves: https://github.com/containers/bubblewrap/issues/454
+ - utils: Add warn()
+ - Add SPDX-License-Identifier for files that already specify license
+   This is a step towards REUSE compliance. Third-party files that we do
+   not otherwise edit (git.mk, m4/attributes.m4) are excluded here.
+ - tests: Use preferred spelling for SPDX license identifiers
+ - Remove obsolete .travis.yml
+   We no longer use Travis-CI.
+ - Remove obsolete papr CI
+   We no longer use this.
+
+
 -------------------------------------------------------------------
 Mon Sep 20 18:52:20 UTC 2021 - Bjørn Lie <bjorn.lie@gmail.com>
 

bubblewrap.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package bubblewrap
 #
-# Copyright (c) 2021 SUSE LLC
+# Copyright (c) 2022 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
 
 
 Name:           bubblewrap
-Version:        0.5.0
+Version:        0.6.1
 Release:        0
 Summary:        Core execution tool for unprivileged containers
 License:        LGPL-2.0-or-later