bubblewrap (0.11.0-1) unstable; urgency=medium * New upstream release -- Simon McVittie Wed, 30 Oct 2024 16:15:12 +0000 bubblewrap (0.10.0+30+g0545e72-1) experimental; urgency=low * New upstream snapshot - New options to create overlay mounts (--overlay, etc.) - New option --level-prefix - Handle EINTR - Ensure socket control message data is aligned correctly - Remove Autotools build system - Silence Meson and compiler warnings * d/salsa-ci.yml: Don't run Salsa-CI for branches targeting Ubuntu * Standards-Version: 4.7.0 (no changes required) -- Simon McVittie Fri, 18 Oct 2024 19:52:17 +0100 bubblewrap (0.10.0-1) unstable; urgency=high * New upstream release - This version adds the --[ro-]bind-fd option, which is necessary to resolve CVE-2024-42472 in Flatpak without introducing a potentially exploitable race condition. -- Simon McVittie Wed, 14 Aug 2024 09:43:11 +0100 bubblewrap (0.9.0-1) unstable; urgency=medium * New upstream release * d/copyright: Update * d/p/tests-Explicitly-unshare-userns-when-testing-disable-user.patch, d/p/tests-Try-harder-to-evade-disable-userns.patch: Drop patches that were included upstream -- Simon McVittie Tue, 26 Mar 2024 21:16:50 +0000 bubblewrap (0.8.0-2) unstable; urgency=medium * Upload to unstable. The changes since 0.7.0 are small, and if a Flatpak vulnerability similar to CVE-2021-41133 is reported during the Debian 12 release lifetime, having the new --disable-userns option will give us more options for how to prevent it. -- Simon McVittie Tue, 28 Feb 2023 09:38:53 +0000 bubblewrap (0.8.0-1) experimental; urgency=medium * New upstream release * d/p/test-run-Filter-out-no-new-privs-in-capsh-output.patch: Drop patch that was applied upstream * d/p/tests-Explicitly-unshare-userns-when-testing-disable-user.patch, d/p/tests-Try-harder-to-evade-disable-userns.patch: Add proposed patches to fix test failure when run as root -- Simon McVittie Mon, 27 Feb 2023 12:30:28 +0000 bubblewrap (0.7.0-2) unstable; urgency=medium * d/p/test-run-Filter-out-no-new-privs-in-capsh-output.patch: Add patch from upstream to fix test failure with newer capsh * Update standards version to 4.6.2 (no changes needed) * Remove version constraints unnecessary since buster (oldstable) -- Simon McVittie Wed, 11 Jan 2023 18:30:16 +0000 bubblewrap (0.7.0-1) unstable; urgency=medium * New upstream release * Standards-Version: 4.6.1 (no changes required) * d/watch: Adapt to Github web page changes * d/control: Add test dependencies to Build-Depends. We can't run build-time tests in locked-down buildd chroots, but we can run them in privileged Docker containers on Salsa-CI, which will need these extra packages. -- Simon McVittie Mon, 07 Nov 2022 17:57:24 +0000 bubblewrap (0.6.2-1) unstable; urgency=medium * New upstream release -- Simon McVittie Wed, 11 May 2022 15:07:05 +0100 bubblewrap (0.6.1-1) unstable; urgency=medium * New upstream release * Build using Meson -- Simon McVittie Fri, 25 Feb 2022 17:46:05 +0000 bubblewrap (0.6.0-1) unstable; urgency=medium * New upstream release -- Simon McVittie Thu, 24 Feb 2022 14:39:45 +0000 bubblewrap (0.5.0-1) unstable; urgency=medium * New upstream release - Drop patches that were applied upstream * Standards-Version: 4.6.0 (no changes required) * Use recommended debhelper compat level 13 - No need to check for DEB_BUILD_OPTIONS=nocheck any more * Release to unstable -- Simon McVittie Fri, 20 Aug 2021 16:19:25 +0100 bubblewrap (0.4.1+git20210624-1) experimental; urgency=medium * Branch for experimental * New upstream git snapshot - When creating mount points for files, create them read-only - Allow mounting a non-directory over any existing non-directory, non-symlink, in particular mounting a socket over a socket - Add zsh completion - Cope better with case-insensitive filesystems - Better error messages when failing to mount a filesystem - New --clearenv option - New --perms option allows control over permissions of --bind-data, --dir (if newly-created), --file, --ro-bind-data and --tmpfs - New --chmod option - Better test coverage - Better zsh completion - Drop most patches, applied upstream * d/README.Debian: Clarify when a setuid bwrap was normally used * d/rules: Don't install bash completion as an executable script * d/p/build-Fix-installation-of-zsh-completions-in-user-specifi.patch, d/p/completions-Don-t-start-bash-completion-with.patch: Add patches to fix shell completions -- Simon McVittie Mon, 28 Jun 2021 14:37:50 +0100 bubblewrap (0.4.1-3) unstable; urgency=medium * Stop making /usr/bin/bwrap setuid root. With Debian kernels >= 5.10, this is no longer necessary: unprivileged users can now create user namespaces, the same as in upstream kernels and Ubuntu. For smooth upgrades, install a sysctl configuration fragment that will configure older kernels to behave similarly if the recommended procps package is installed, or if booting with systemd. (Closes: #977841) - This change also makes more Flatpak features available; in particular, it is necessary for the Chromium browser. (Closes: #977758) * Include setuid status, etc. in bug reports -- Simon McVittie Sun, 03 Jan 2021 14:13:01 +0000 bubblewrap (0.4.1-2) unstable; urgency=medium * d/gbp.conf: Rename development branch to debian/latest * Standards-Version: 4.5.1 (no changes required) * Reference CVE-2020-5291 in previous changelog entry * Add some bugfix patches from upstream - Correct the name of PR_SET_NO_NEW_PRIVS in an error message - Silence warnings from the kernel when a non-Y2038-compliant filesystem such as xfs is remounted into the sandbox - Don't fail if /proc is read-only, as it can be inside Docker * Forward python3 patch upstream * d/control: Canonicalize case of Multi-Arch * Add a patch to fix typos in the man page * Add a README.Debian describing ways in which bubblewrap can be used * Add patch to include Debian-specific links in EPERM error message -- Simon McVittie Fri, 01 Jan 2021 15:31:11 +0000 bubblewrap (0.4.1-1) unstable; urgency=high * New upstream release - Fixes a root privilege escalation vulnerability introduced in 0.4.0, in cases where the kernel allows creation of user namespaces by unprivileged users and bwrap is (unnecessarily) setuid root. Debian systems are vulnerable if /proc/sys/kernel/unprivileged_userns_clone (default 0) has been changed to 1, or if using an upstream kernel instead of a Debian kernel. Ubuntu systems are not normally vulnerable, because bwrap is not normally setuid there. (GHSA-j2qp-rvxj-43vj, CVE-2020-5291) - Fixes test failure with libcap >= 2.29 (Closes: #951577) * Update various URLs from https://github.com/projectatomic/bubblewrap to https://github.com/containers/bubblewrap * Set upstream metadata fields: Repository. * Remove obsolete field Name from debian/upstream/metadata (already present in machine-readable debian/copyright). * Standards-Version: 4.5.0 (no changes required) * d/tests/control: Qualify CLI tools with :native. Thanks to Steve Langasek (Closes: #948617) -- Simon McVittie Mon, 30 Mar 2020 14:33:54 +0100 bubblewrap (0.4.0-1) unstable; urgency=medium * New upstream release * Use debhelper-compat 12 * Standards-Version: 4.4.1 (no changes required) -- Simon McVittie Thu, 28 Nov 2019 11:14:41 +0000 bubblewrap (0.3.3-2) unstable; urgency=medium * Release to unstable * d/salsa-ci.yml: Request standard CI on salsa.debian.org * d/rules: Disable any active LD_PRELOAD hacks while running tests. These will typically assume a fully-featured OS (for example faketime assumes sem_open() will work), but bubblewrap is a low-level tool that temporarily operates in a container that is only partially functional (for example /dev/shm isn't always mounted). * Standards-Version: 4.4.0 (no changes required) -- Simon McVittie Tue, 09 Jul 2019 09:34:53 +0100 bubblewrap (0.3.3-1) experimental; urgency=medium * New upstream release - Drop all patches except d/p/debian/Use-Python-3-for-test-demo-code.patch, merged upstream -- Simon McVittie Sun, 05 May 2019 10:36:48 +0100 bubblewrap (0.3.1-4) unstable; urgency=medium * d/p/Don-t-create-our-own-temporary-mount-point-for-pivot_root.patch: Replace with the version that was applied upstream * d/p/tests-Ensure-that-tmpfs-with-oldroot-newroot-doesn-t-appe.patch: Add a test to check that the above patch works as intended -- Simon McVittie Wed, 06 Mar 2019 14:43:44 +0000 bubblewrap (0.3.1-3) unstable; urgency=medium * d/p/Don-t-create-our-own-temporary-mount-point-for-pivot_root.patch: Avoid denial of service and potential symlink attacks on systems not using systemd-logind (Closes: #923557) * Standards-Version: 4.3.0 (no changes required) * d/upstream/metadata: Add DEP-12 metadata -- Simon McVittie Sat, 02 Mar 2019 13:03:29 +0000 bubblewrap (0.3.1-2) unstable; urgency=medium [ Iain Lane ] * d/tests/basic: Don't assume `id` will be the same inside the sandbox, making this test pass on (Ubuntu) systems where bubblewrap is not setuid (Closes: #910006) * d/tests/upstream-usrmerge: Add a test to ensure that bubblewrap works on a /usr-merged system [ Simon McVittie ] * d/p/tests-Handle-systems-without-merged-usr.patch: Add patch from upstream git to make tests pass on non-merged-/usr systems where bubblewrap is not setuid. Thanks to Iain Lane. * d/p/man-page-Describe-chdir-not-nonexistent-cwd.patch: Add patch from upstream git to fix documentation of --chdir option * d/p/Make-lockdata-long-enough-on-32-bit-with-64-bit-file-poin.patch: Add patch from upstream git to fix lock handling in tests on 32-bit platforms with 64-bit off_t. Thanks to Timothy E Baldwin. -- Simon McVittie Wed, 03 Oct 2018 15:23:27 +0100 bubblewrap (0.3.1-1) unstable; urgency=medium [ Simon McVittie ] * Standards-Version: 4.2.1 (no changes required) * New upstream release [ Iain Lane ] * Don't install setuid on Ubuntu and derivatives. Ubuntu's kernel enables unprivileged user namespaces, so we don't need to install bwrap setuid there. -- Simon McVittie Thu, 27 Sep 2018 20:30:53 +0100 bubblewrap (0.3.0-1) unstable; urgency=medium * New upstream release * Upload to unstable - d/gbp.conf: Switch back to debian/master * Standards-Version: 4.1.5 (no changes required) -- Simon McVittie Thu, 12 Jul 2018 10:03:38 +0100 bubblewrap (0.2.1+5+g5991dab-1) experimental; urgency=medium * d/watch: Strip +N+gHHHHHHH snapshot markers from version * d/gbp.conf: Use debian/experimental branch * New upstream git snapshot -- Simon McVittie Thu, 07 Jun 2018 13:04:18 +0100 bubblewrap (0.2.1-1) unstable; urgency=medium * New upstream release - Drop all patches except d/p/debian/Use-Python-3-for-test-demo-code.patch, merged upstream * Standards-Version: 4.1.4 (no changes required) -- Simon McVittie Sun, 08 Apr 2018 15:42:03 +0100 bubblewrap (0.2.0-4) unstable; urgency=medium * Change Vcs-* to point to salsa.debian.org * Standards-Version: 4.1.3 (no changes required) * d/control, d/tests/control, d/p/debian/Use-Python-3-for-test-demo-code.patch: Use Python 3 for tests and demo code * d/control: Annotate python3 dependency with -- Simon McVittie Wed, 17 Jan 2018 14:12:50 +0000 bubblewrap (0.2.0-3) unstable; urgency=medium * d/patches/0.2.1/userns-block-fd-*.patch: Update patches to match what was merged upstream, with both Python 2 and 3 support * Standards-Version: 4.1.2 (no changes required) -- Simon McVittie Fri, 15 Dec 2017 15:01:39 +0000 bubblewrap (0.2.0-2) unstable; urgency=medium * Build-depend on automake (>= 1.14.1) to avoid backports resolvers sometimes deciding to install automake1.11, which is not enough * Standards-Version: 4.1.1 (no changes required) * Set Rules-Requires-Root: no * d/dist/, d/patches/dist/: Add missing files via a patch instead of shipping them in debian/ * Add patches to make demos/userns-block-fd.py work on Debian -- Simon McVittie Tue, 31 Oct 2017 15:53:05 +0000 bubblewrap (0.2.0-1) unstable; urgency=medium * New upstream release * d/watch: Import release tarballs * d/gbp.conf: Merge upstream git tags into the tarball imports * d/watch: Stop repacking upstream tarballs * d/dist/: Add upstream README.md and demos/ directory, which are missing from the official tarball releases -- Simon McVittie Mon, 09 Oct 2017 17:31:27 +0100 bubblewrap (0.1.8+git37+g27eb690-1) experimental; urgency=medium * d/gbp.conf: Branch for experimental * New upstream snapshot v0.1.8-37-g27eb690 - d/copyright: Remove Files-Excluded, the non-DFSG file was removed upstream - d/patches: Remove * d/watch: Adjust to remove +git... suffix * d/tests/upstream-as-root: Re-run upstream tests as root if allowed * d/tests/control: Depend on libcap2-bin, for capsh and getpcaps -- Simon McVittie Sat, 07 Oct 2017 14:19:53 +0100 bubblewrap (0.1.8+dfsg-1) unstable; urgency=medium * Repack tarball to remove CC-BY-ND cat picture (Closes: #876980) - d/copyright: Add Files-Excluded - d/watch: Adjust to add/remove +dfsg suffix - Add patch from upstream removing a link to it from the README * d/watch: Take the opportunity to upgrade to v4 and use @PACKAGE@, @ANY_VERSION@, @ARCHIVE_EXT@ tokens -- Simon McVittie Wed, 27 Sep 2017 11:47:42 +0100 bubblewrap (0.1.8-3) unstable; urgency=medium * Use Perl rather than shell script for the autopkgtest test cases. This avoids needing the uncommon bats package, or writing shell scripts. -- Simon McVittie Tue, 25 Jul 2017 21:10:13 +0100 bubblewrap (0.1.8-2) unstable; urgency=medium * Standards-Version: 4.0.0 - Use https URL for format of debian/copyright * Upload to unstable -- Simon McVittie Wed, 21 Jun 2017 14:14:20 +0100 bubblewrap (0.1.8-1) experimental; urgency=medium * New upstream release - Stop trying to run tests/test-basic.sh, it no longer exists - Build-depend on python, one test now needs it * Build-depend on docbook-xml for the documentation DTD * Move to debhelper compat level 10 - drop dh-autoreconf, it is now done by default - drop explicit --parallel, it is now the default -- Simon McVittie Mon, 03 Apr 2017 18:35:44 +0100 bubblewrap (0.1.7-1) unstable; urgency=medium * New upstream release - effectively the same as 0.1.6-2 - drop all patches -- Simon McVittie Thu, 19 Jan 2017 14:33:46 +0000 bubblewrap (0.1.6-2) unstable; urgency=medium * d/p/Make-the-call-to-setsid-optional-with-new-session.patch: Add patch from upstream to make the setsid() that addresses CVE-2017-5226 optional, because it breaks interactive shells. Users of bubblewrap to confine untrusted programs should either add --new-session to the bwrap command line, or prevent the TIOCSTI ioctl with a seccomp filter instead (as Flatpak does). - d/control: add Breaks on versions of Flatpak that did not load the necessary seccomp filter to prevent CVE-2017-5226 * d/p/demos-bubblewrap-shell.sh-Unshare-all-namespaces.patch: Add patch from upstream to improve example code * d/p/Call-setsid-and-setexeccon-befor-forking-the-init-monitor.patch, d/p/Install-seccomp-filter-at-the-very-end.patch: Add patches from upstream to re-order initialization. This means the seccomp filter is no longer required to account for syscalls that are made by bwrap itself. * d/p/Add-unshare-all-and-share-net.patch: Add patch from upstream introducing new command line options --unshare-all and --share-net, for a more whitelist-based approach to sharing namespaces with the parent. -- Simon McVittie Wed, 18 Jan 2017 00:56:19 +0000 bubblewrap (0.1.6-1) unstable; urgency=medium * New upstream release - drop the only patch, applied upstream * debian/patches: update to upstream master for additional fixes to SIGCHLD handling and documentation, and improved hardening against being able to obtain capabilities * debian/bubblewrap.examples: install upstream examples -- Simon McVittie Sat, 14 Jan 2017 22:18:09 +0000 bubblewrap (0.1.5-2) unstable; urgency=high * d/p/Call-setsid-before-executing-sandboxed-code-CVE-2017-5226.patch: Call setsid() before executing sandboxed code, preventing a sandboxed executable invoked with a controlling terminal (for example in Flatpak) from escalating its privileges by injecting keypresses into the controlling terminal with the TIOCSTI ioctl. (Closes: #850702; CVE-2017-5226) * d/control: remove Maintainer status from Laszlo Boszormenyi at his request. Add him to Uploaders instead, and hand the package over to the Utopia Maintenance Team (the same as OSTree and Flatpak). -- Simon McVittie Mon, 09 Jan 2017 18:09:54 +0000 bubblewrap (0.1.5-1) unstable; urgency=medium * New upstream release - drop all patches, applied upstream - debian/copyright: update for build system additions -- Simon McVittie Tue, 20 Dec 2016 11:25:23 +0000 bubblewrap (0.1.4-2) unstable; urgency=medium * d/tests/*: only run tests on a real or virtual machine, not in a container. bubblewrap is effectively already a container, and nesting containers doesn't work particularly well. Unfortunately this means the tests won't work on ci.debian.net, which uses LXC. -- Simon McVittie Thu, 01 Dec 2016 12:42:33 +0000 bubblewrap (0.1.4-1) unstable; urgency=medium * New upstream release * d/p/test-run-be-a-bash-script.patch, d/p/test-run-don-t-assume-we-are-uid-1000.patch, d/p/Adapt-tests-so-they-can-be-run-against-installed-binaries.patch, d/p/Fix-incorrect-nesting-of-backticks-when-finding-a-FUSE-mo.patch: improve the upstream tests * d/tests/upstream: run the upstream tests as autopkgtests * d/rules: Do not enable setuid mode at configure time. If we do, we can't run the build-time tests, and it no longer makes any difference to the actual code. Make the executable setuid via Debian packaging instead. -- Simon McVittie Tue, 29 Nov 2016 12:55:31 +0000 bubblewrap (0.1.3-1) unstable; urgency=medium * New upstream release - bring back --set-hostname, the upstream fix for CVE-2016-8659 makes it no longer a vulnerability -- Simon McVittie Sun, 16 Oct 2016 14:32:11 +0100 bubblewrap (0.1.2-2) unstable; urgency=high * Revert addition of --set-hostname as a short-term fix for CVE-2016-8659 (Closes: #840605) -- Simon McVittie Thu, 13 Oct 2016 11:12:38 +0100 bubblewrap (0.1.2-1) unstable; urgency=medium * New upstream release -- Simon McVittie Fri, 09 Sep 2016 09:22:57 +0100 bubblewrap (0.1.1-1) unstable; urgency=medium * New upstream release - drop patch, included upstream -- Simon McVittie Sun, 17 Jul 2016 09:08:35 +0100 bubblewrap (0.1.0-3) unstable; urgency=medium * d/control: bubblewrap is Multi-Arch: foreign * Hardening: build as a position-independent executable with eager symbol binding -- Simon McVittie Wed, 06 Jul 2016 11:07:32 +0100 bubblewrap (0.1.0-2) unstable; urgency=medium * Run basic and dev autopkgtests in addition to userns * Really add the regression test for keeping CAP_NET_ADMIN * debian/gbp.conf: add DEP-14-style git-buildpackage configuration * Normalize package lists via `wrap-and-sort -abst` * Add Vcs-Git, Vcs-Browser metadata * d/p/build-put-libraries-in-LDADD-not-LDFLAGS.patch: new patch fixing linking with -Wl,--as-needed (closes: #826787) -- Simon McVittie Tue, 14 Jun 2016 16:28:09 -0400 bubblewrap (0.1.0-1) unstable; urgency=low * New upstream release (closes: #826358). * Add watch file. * Add Simon McVittie as uploader. [ Simon McVittie ] * debian/copyright: correct package name and source (closes: #824969) * debian/control: make the whole package Linux-only. Like Flatpak, this package is inherently non-portable. * Move from Section: web to Section: admin * Increase Priority to optional, because this tool is likely to be depended on by gnome-software (via Flatpak) in future * Add some simple autopkgtests, including one for bug 71 (closes: #824968) -- Laszlo Boszormenyi (GCS) Mon, 06 Jun 2016 17:20:38 +0000 bubblewrap (0~git160513-2) unstable; urgency=low * Install bwrap binary setuid (closes: #824646). * Make libselinux1-dev build dependency Linux only. -- Laszlo Boszormenyi (GCS) Thu, 19 May 2016 15:24:35 +0000 bubblewrap (0~git160513-1) unstable; urgency=low * Initial upload (closes: #823548). -- Laszlo Boszormenyi (GCS) Tue, 10 May 2016 08:45:59 +0000