Adrian Perez de Castro
dcf9158263
package/bubblewrap: bump to version 0.8.0
...
This version allows disabling usage of nested user namespaces and
improves error messages. Release notes:
https://github.com/containers/bubblewrap/releases/tag/v0.8.0
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com >
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr >
2023-04-15 18:34:03 +02:00
Adrian Perez de Castro
b9735d0e74
package/bubblewrap: bump to version 0.7.0
...
This version contains a few minor fixes, provides better error messages,
and includes a new option to set the size of created tmpfs volumes.
Release notes:
https://github.com/containers/bubblewrap/releases/tag/v0.7.0
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com >
Signed-off-by: Peter Korsgaard <peter@korsgaard.com >
2023-01-27 13:54:02 +01:00
Adrian Perez de Castro
a03d82b1b9
package/bubblewrap: bump to version 0.6.2
...
This version now allows to disable building tests, which allows dropping
the patch "0001-meson-add-tests-option.patch", and contains a few minor
fixes. Release notes can be found at:
https://github.com/containers/bubblewrap/releases/tag/v0.6.2
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com >
Signed-off-by: Peter Korsgaard <peter@korsgaard.com >
2022-05-18 09:18:42 +02:00
Fabrice Fontaine
ebf745b676
package/bubblewrap: disable tests
...
Disable tests to avoid the following build failure on mips32:
[9/10] Compiling C object tests/try-syscall.p/try-syscall.c.o
FAILED: tests/try-syscall.p/try-syscall.c.o
/home/autobuild/autobuild/instance-11/output-1/host/bin/mipsel-buildroot-linux-musl-gcc -Itests/try-syscall.p -Itests -I../tests -fdiagnostics-color=always -Wall -Winvalid-pch -Wextra -O3 -D_GNU_SOURCE -Werror=shadow -Werror=empty-body -Werror=strict-prototypes -Werror=missing-prototypes -Werror=implicit-function-declaration -Werror=pointer-arith -Werror=init-self -Werror=missing-declarations -Werror=return-type -Werror=overflow -Werror=int-conversion -Werror=incompatible-pointer-types -Werror=misleading-indentation -Werror=missing-include-dirs -Werror=aggregate-return -Werror=switch-default -Wswitch-enum -Wno-sign-compare -Wno-error=sign-compare -Wno-missing-field-initializers -Wno-error=missing-field-initializers -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -O1 -g0 -MD -MQ tests/try-syscall.p/try-syscall.c.o -MF tests/try-syscall.p/try-syscall.c.o.d -o tests/try-syscall.p/try-syscall.c.o -c ../tests/try-syscall.c
../tests/try-syscall.c:34:5: error: #error "Unknown MIPS ABI"
34 | # error "Unknown MIPS ABI"
| ^~~~~
Fixes:
- http://autobuild.buildroot.org/results/cf0365354fc8c16e5871d561daae0fa5039d0bee
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com >
Acked-by: Adrian Perez de Castro <aperez@igalia.com >
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be >
2022-04-30 20:20:49 +02:00
Adrian Perez de Castro
eceb90dc76
package/bubblewrap: switch to the meson build system
...
Version 0.6.0 introduced a Meson build system, and upstream seems to
have the intention to abandon the previous autotools based one. Switch
to Meson for future proofing.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com >
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be >
2022-03-15 20:54:18 +01:00
Adrian Perez de Castro
d589604b46
package/bubblewrap: bump to version 0.6.1
...
This version includes a new feature which allows specifying multiple
seccomp filters. There is now a Meson-based build system as well, but
for the moment the build recipe keeps using the autotools based one.
Release notes can be found at:
https://github.com/containers/bubblewrap/releases/tag/v0.6.0
https://github.com/containers/bubblewrap/releases/tag/v0.6.1
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com >
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be >
2022-03-15 20:54:15 +01:00
Adrian Perez de Castro
ef5b6158b6
package/bubblewrap: bump to version 0.5.0
...
Not much new, but has a few interesting bug fixes. Release notes:
https://github.com/containers/bubblewrap/releases/tag/v0.5.0
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com >
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be >
2021-08-26 23:38:16 +02:00
Fabrice Fontaine
1b0a7c6a91
package/bubblewwrap: add BUBBLEWRAP_CPE_ID_VENDOR
...
cpe:2.3🅰️ projectatomic:bubblewrap is a valid CPE identifier for this
package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aprojectatomic%3Abubblewrap
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com >
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr >
2021-03-02 14:00:33 +01:00
Fabrice Fontaine
d82a5ade0b
package/bubblewrap: security bump to version 0.4.1
...
Fix CVE-2020-5291: Bubblewrap (bwrap) before version 0.4.1, if installed
in setuid mode and the kernel supports unprivileged user namespaces,
then the `bwrap --userns2` option can be used to make the setuid process
keep running as root while being traceable. This can in turn be used to
gain root permissions. Note that this only affects the combination of
bubblewrap in setuid mode (which is typically used when unprivileged
user namespaces are not supported) and the support of unprivileged user
namespaces.
Also update indentation of hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com >
Reviewed-by: Adrian Perez de Castro <aperez@igalia.com >
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com >
2020-04-05 16:25:43 +02:00
Fabrice Fontaine
8380bec8aa
package/bubblewrap: bump to version 0.4.0
...
musl is supported since
300da62ab6fontaine.fabrice@gmail.com >
Signed-off-by: Peter Korsgaard <peter@korsgaard.com >
2020-01-06 16:42:09 +01:00
Adrian Perez de Castro
0f4bdc8fd1
package/bubblewrap: new package
...
Bubblewrap is a sandboxing tool based on kernel namespaces, typically
used as lower-level infastructure by other end-user tools e.g. Flatpak.
https://github.com/containers/bubblewrap
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com >
[Peter: needs mmu and !musl toolchain]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com >
2019-12-02 17:27:30 +01:00
