import CS bubblewrap-0.6.3-1.el9

2025-09-15 11:47:57 +00:00 · 2025-09-15 11:47:57 +00:00 · 8a9d17bacb
commit 8a9d17bacb
parent fa1600321c
4 changed files with 31 additions and 60 deletions
--- a/.bubblewrap.metadata
+++ b/.bubblewrap.metadata
@ -1 +1 @@
-00e121950ea494fcd9cfbe23971c0938d6be6755 SOURCES/bubblewrap-0.4.1.tar.xz
+16b93012c83abca438639beef74d77264e433c0d SOURCES/bubblewrap-0.6.3.tar.xz
--- a/.gitignore
+++ b/.gitignore
@ -1 +1 @@
-SOURCES/bubblewrap-0.4.1.tar.xz
+SOURCES/bubblewrap-0.6.3.tar.xz
--- a/SOURCES/0001-Avoid-memory-leak-if-args-is-specified-multiple-time.patch
+++ b/SOURCES/0001-Avoid-memory-leak-if-args-is-specified-multiple-time.patch
@ -1,39 +0,0 @@
-From d70c640aecc30e9216dc1a614a207e85c8732036 Mon Sep 17 00:00:00 2001
-From: Colin Walters <walters@verbum.org>
-Date: Thu, 27 May 2021 16:19:27 -0400
-Subject: [PATCH] Avoid memory leak if --args is specified multiple times
-
-Found by a static analyzer.
-
-```
-bubblewrap-0.4.1/bubblewrap.c:1500: overwrite_var: Overwriting "opt_args_data" in "opt_args_data = load_file_data(the_fd, &data_len)" leaks the storage that "opt_args_data" points to.
- # 1498|              * keep allocated until exit time, since its argv entries get used
- # 1499|              * by the other cases in parse_args_recurse() when we recurse. */
- # 1500|->           opt_args_data = load_file_data (the_fd, &data_len);
- # 1501|             if (opt_args_data == NULL)
- # 1502|               die_with_error ("Can't read --args data");
-```
---
- bubblewrap.c | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/bubblewrap.c b/bubblewrap.c
-index 771e1ea..56ac07c 100644
--- a/bubblewrap.c
-+++ b/bubblewrap.c
-@@ -1494,6 +1494,12 @@ parse_args_recurse (int          *argcp,
-           if (argv[1][0] == 0 || endptr[0] != 0 || the_fd < 0)
-             die ("Invalid fd: %s", argv[1]);
- 
-+          /* Specifying --args multiple times doesn't work; this just pacifies
-+           * a static analyzer which pointed out the memory leak
-+           */
-+          if (opt_args_data != NULL)
-+            free (opt_args_data);
-+
-           /* opt_args_data is essentially a recursive argv array, which we must
-            * keep allocated until exit time, since its argv entries get used
-            * by the other cases in parse_args_recurse() when we recurse. */
-- 
-2.31.1
-
--- a/SPECS/bubblewrap.spec
+++ b/SPECS/bubblewrap.spec
@ -1,21 +1,18 @@
 Name: bubblewrap
-Version: 0.4.1
-Release: 6%{?dist}
+Version: 0.6.3
+Release: 1%{?dist}
 Summary: Core execution tool for unprivileged containers

-License: LGPLv2+
-#VCS: git:https://github.com/projectatomic/bubblewrap
-URL: https://github.com/projectatomic/bubblewrap
-Source0: https://github.com/projectatomic/bubblewrap/releases/download/v%{version}/bubblewrap-%{version}.tar.xz
-Patch0: 0001-Avoid-memory-leak-if-args-is-specified-multiple-time.patch
+License: LGPL-2.0-or-later
+URL:     https://github.com/containers/bubblewrap/
+Source0: https://github.com/containers/bubblewrap/releases/download/v%{version}/bubblewrap-%{version}.tar.xz

-BuildRequires: autoconf automake libtool
 BuildRequires: gcc
-BuildRequires: libcap-devel
-BuildRequires: pkgconfig(libselinux)
-BuildRequires: libxslt
 BuildRequires: docbook-style-xsl
-BuildRequires: make
+BuildRequires: meson
+BuildRequires: pkgconfig(libcap)
+BuildRequires: pkgconfig(libselinux)
+BuildRequires: /usr/bin/xsltproc

 %description
 Bubblewrap (/usr/bin/bwrap) is a core execution engine for unprivileged
@ -23,30 +20,43 @@ containers that works as a setuid binary on kernels without
 user namespaces.

 %prep
-%autosetup
+%autosetup -p1

 %build
-if ! test -x configure; then NOCONFIGURE=1 ./autogen.sh; fi
-%configure --disable-silent-rules --with-priv-mode=none
-%make_build
+%meson -Dman=enabled
+%meson_build

 %install
-%make_install INSTALL="install -p -c"
-find %{buildroot} -name '*.la' -delete -print
+%meson_install

 %files
 %license COPYING
+%doc README.md
 %dir %{_datadir}/bash-completion
 %dir %{_datadir}/bash-completion/completions
 %{_datadir}/bash-completion/completions/bwrap
+%dir %{_datadir}/zsh
+%dir %{_datadir}/zsh/site-functions
+%{_datadir}/zsh/site-functions/_bwrap
 %if (0%{?rhel} != 0 && 0%{?rhel} <= 7)
 %attr(0755,root,root) %caps(cap_sys_admin,cap_net_admin,cap_sys_chroot,cap_setuid,cap_setgid=ep) %{_bindir}/bwrap
 %else
 %{_bindir}/bwrap
 %endif
-%{_mandir}/man1/*
+%{_mandir}/man1/bwrap.1*

 %changelog
+* Fri Aug 30 2024 Joseph Marrero <jmarrero@redhat.com> - 0.6.3-1
+- Rebase to 0.6.3 which is supported upstream
+  This release also includes the fix for CVE-2024-42472
+  Fixes: #RHEL-56797
+
+* Fri Aug 30 2024 Kalev Lember <klember@redhat.com> - 0.4.1-8
+- Backport upstream fix to help address CVE-2024-42472 in flatpak
+
+* Fri Mar 15 2024 Daan De Meyer <daan.j.demeyer@gmail.com> - 0.4.1-7
+- Backport https://github.com/containers/bubblewrap/commit/4c35d7a5f92499d6ed646d4a5ffad9acc10cb432
+
 * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 0.4.1-6
 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
  Related: rhbz#1991688