From 1a72f13f015380fd4516ac918035eb5b19b13992 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Tue, 17 May 2022 06:36:06 -0400 Subject: [PATCH] import bubblewrap-0.4.1-6.el9 --- .bubblewrap.metadata | 1 + .gitignore | 1 + ...k-if-args-is-specified-multiple-time.patch | 39 +++++ SPECS/bubblewrap.spec | 147 ++++++++++++++++++ 4 files changed, 188 insertions(+) create mode 100644 .bubblewrap.metadata create mode 100644 .gitignore create mode 100644 SOURCES/0001-Avoid-memory-leak-if-args-is-specified-multiple-time.patch create mode 100644 SPECS/bubblewrap.spec diff --git a/.bubblewrap.metadata b/.bubblewrap.metadata new file mode 100644 index 0000000..20239a1 --- /dev/null +++ b/.bubblewrap.metadata @@ -0,0 +1 @@ +00e121950ea494fcd9cfbe23971c0938d6be6755 SOURCES/bubblewrap-0.4.1.tar.xz diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..cb13d4c --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/bubblewrap-0.4.1.tar.xz diff --git a/SOURCES/0001-Avoid-memory-leak-if-args-is-specified-multiple-time.patch b/SOURCES/0001-Avoid-memory-leak-if-args-is-specified-multiple-time.patch new file mode 100644 index 0000000..9a11a57 --- /dev/null +++ b/SOURCES/0001-Avoid-memory-leak-if-args-is-specified-multiple-time.patch @@ -0,0 +1,39 @@ +From d70c640aecc30e9216dc1a614a207e85c8732036 Mon Sep 17 00:00:00 2001 +From: Colin Walters +Date: Thu, 27 May 2021 16:19:27 -0400 +Subject: [PATCH] Avoid memory leak if --args is specified multiple times + +Found by a static analyzer. + +``` +bubblewrap-0.4.1/bubblewrap.c:1500: overwrite_var: Overwriting "opt_args_data" in "opt_args_data = load_file_data(the_fd, &data_len)" leaks the storage that "opt_args_data" points to. + # 1498| * keep allocated until exit time, since its argv entries get used + # 1499| * by the other cases in parse_args_recurse() when we recurse. */ + # 1500|-> opt_args_data = load_file_data (the_fd, &data_len); + # 1501| if (opt_args_data == NULL) + # 1502| die_with_error ("Can't read --args data"); +``` +--- + bubblewrap.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/bubblewrap.c b/bubblewrap.c +index 771e1ea..56ac07c 100644 +--- a/bubblewrap.c ++++ b/bubblewrap.c +@@ -1494,6 +1494,12 @@ parse_args_recurse (int *argcp, + if (argv[1][0] == 0 || endptr[0] != 0 || the_fd < 0) + die ("Invalid fd: %s", argv[1]); + ++ /* Specifying --args multiple times doesn't work; this just pacifies ++ * a static analyzer which pointed out the memory leak ++ */ ++ if (opt_args_data != NULL) ++ free (opt_args_data); ++ + /* opt_args_data is essentially a recursive argv array, which we must + * keep allocated until exit time, since its argv entries get used + * by the other cases in parse_args_recurse() when we recurse. */ +-- +2.31.1 + diff --git a/SPECS/bubblewrap.spec b/SPECS/bubblewrap.spec new file mode 100644 index 0000000..d8d7f65 --- /dev/null +++ b/SPECS/bubblewrap.spec @@ -0,0 +1,147 @@ +Name: bubblewrap +Version: 0.4.1 +Release: 6%{?dist} +Summary: Core execution tool for unprivileged containers + +License: LGPLv2+ +#VCS: git:https://github.com/projectatomic/bubblewrap +URL: https://github.com/projectatomic/bubblewrap +Source0: https://github.com/projectatomic/bubblewrap/releases/download/v%{version}/bubblewrap-%{version}.tar.xz +Patch0: 0001-Avoid-memory-leak-if-args-is-specified-multiple-time.patch + +BuildRequires: autoconf automake libtool +BuildRequires: gcc +BuildRequires: libcap-devel +BuildRequires: pkgconfig(libselinux) +BuildRequires: libxslt +BuildRequires: docbook-style-xsl +BuildRequires: make + +%description +Bubblewrap (/usr/bin/bwrap) is a core execution engine for unprivileged +containers that works as a setuid binary on kernels without +user namespaces. + +%prep +%autosetup + +%build +if ! test -x configure; then NOCONFIGURE=1 ./autogen.sh; fi +%configure --disable-silent-rules --with-priv-mode=none +%make_build + +%install +%make_install INSTALL="install -p -c" +find %{buildroot} -name '*.la' -delete -print + +%files +%license COPYING +%dir %{_datadir}/bash-completion +%dir %{_datadir}/bash-completion/completions +%{_datadir}/bash-completion/completions/bwrap +%if (0%{?rhel} != 0 && 0%{?rhel} <= 7) +%attr(0755,root,root) %caps(cap_sys_admin,cap_net_admin,cap_sys_chroot,cap_setuid,cap_setgid=ep) %{_bindir}/bwrap +%else +%{_bindir}/bwrap +%endif +%{_mandir}/man1/* + +%changelog +* Mon Aug 09 2021 Mohan Boddu - 0.4.1-6 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Thu May 27 2021 Colin Walters - 0.4.1-5 +- Backport https://github.com/containers/bubblewrap/pull/426 + +* Thu Apr 15 2021 Mohan Boddu - 0.4.1-4 +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +* Tue Jan 26 2021 Fedora Release Engineering - 0.4.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Mon Jul 27 2020 Fedora Release Engineering - 0.4.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Mon Mar 30 2020 David King - 0.4.1-1 +- Update to 0.4.1 + +* Tue Jan 28 2020 Fedora Release Engineering - 0.4.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Wed Nov 27 2019 Kalev Lember - 0.4.0-1 +- Update to 0.4.0 + +* Wed Jul 24 2019 Fedora Release Engineering - 0.3.3-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Wed May 01 2019 Colin Walters - 0.3.3-2 +- New upstream release + +* Thu Jan 31 2019 Fedora Release Engineering - 0.3.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Mon Oct 01 2018 Kalev Lember - 0.3.1-1 +- Update to 0.3.1 + +* Thu Jul 12 2018 Fedora Release Engineering - 0.3.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Wed Jul 11 2018 Colin Walters - 0.3.0-1 +- https://github.com/projectatomic/bubblewrap/releases/tag/v0.3.0 + +* Wed May 16 2018 Kalev Lember - 0.2.1-1 +- Update to 0.2.1 + +* Wed Feb 07 2018 Fedora Release Engineering - 0.2.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Mon Oct 09 2017 Colin Walters - 0.2.0-2 +- New upstream version +- https://github.com/projectatomic/bubblewrap/releases/tag/v0.2.0 + +* Wed Aug 02 2017 Fedora Release Engineering - 0.1.8-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Wed Jul 26 2017 Fedora Release Engineering - 0.1.8-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Tue Mar 28 2017 Colin Walters - 0.1.8-1 +- New upstream version + https://github.com/projectatomic/bubblewrap/releases/tag/v0.1.8 + +* Fri Feb 10 2017 Fedora Release Engineering - 0.1.7-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Wed Jan 18 2017 Colin Walters - 0.1.7-1 +- New upstream version; + https://github.com/projectatomic/bubblewrap/releases/tag/v0.1.7 +- Resolves: #1411814 + +* Tue Jan 10 2017 Colin Walters - 0.1.6-1 +- New upstream version with security fix +- Resolves: #1411814 + +* Mon Dec 19 2016 Kalev Lember - 0.1.5-1 +- Update to 0.1.5 + +* Tue Dec 06 2016 walters@redhat.com - 0.1.4-4 +- Backport fix for regression in previous commit for rpm-ostree + +* Thu Dec 01 2016 walters@redhat.com - 0.1.4-3 +- Backport patch to fix running via nspawn, which should fix rpm-ostree-in-bodhi + +* Tue Nov 29 2016 Kalev Lember - 0.1.4-1 +- Update to 0.1.4 + +* Fri Oct 14 2016 Colin Walters - 0.1.3-2 +- New upstream version + +* Mon Sep 12 2016 Kalev Lember - 0.1.2-1 +- Update to 0.1.2 + +* Tue Jul 12 2016 Igor Gnatenko - 0.1.1-2 +- Trivial fixes in packaging + +* Fri Jul 08 2016 Colin Walters - 0.1.1 +- Initial package