6 changed files with 131 additions and 6 deletions
--- a/.bubblewrap.metadata
+++ b/.bubblewrap.metadata
@ -1 +1 @@
-f62f7900c32a5fec4e53a929eae5a9fd16bb3536 SOURCES/bubblewrap-0.4.0.tar.xz
+00e121950ea494fcd9cfbe23971c0938d6be6755 bubblewrap-0.4.1.tar.xz
--- a/.gitignore
+++ b/.gitignore
@ -1 +1,17 @@
-SOURCES/bubblewrap-0.4.0.tar.xz
+/bubblewrap-0.1.1.tar.gz
+/bubblewrap-v0.1.1.tar.gz
+/bubblewrap-0.1.2.tar.gz
+/bubblewrap-0.1.3.tar.xz
+/bubblewrap-0.1.3.tar.gz
+/bubblewrap-0.1.4.tar.xz
+/bubblewrap-0.1.5.tar.xz
+/bubblewrap-0.1.6.tar.xz
+/bubblewrap-0.1.7.tar.xz
+/bubblewrap-0.1.8.tar.xz
+/bubblewrap-0.2.0.tar.xz
+/bubblewrap-0.2.1.tar.xz
+/bubblewrap-0.3.0.tar.xz
+/bubblewrap-0.3.1.tar.xz
+/bubblewrap-0.3.3.tar.xz
+/bubblewrap-0.4.0.tar.xz
+/bubblewrap-0.4.1.tar.xz
--- a/0001-Accept-EROFS-for-access-check-of-proc-entries.patch
+++ b/0001-Accept-EROFS-for-access-check-of-proc-entries.patch
@ -0,0 +1,26 @@
+From 4c35d7a5f92499d6ed646d4a5ffad9acc10cb432 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?J=C3=BCrg=20Billeter?= <j@bitron.ch>
+Date: Tue, 18 Aug 2020 17:33:49 +0200
+Subject: [PATCH] Accept EROFS for access() check of /proc entries
+
+This is required to work in a Docker container.
+---
+ bubblewrap.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/bubblewrap.c b/bubblewrap.c
+index e1a4629..d65ffef 100644
+--- a/bubblewrap.c
+++ b/bubblewrap.c
+@@ -1148,7 +1148,7 @@ setup_newroot (bool unshare_pid,
+               if (access (subdir, W_OK) < 0)
+                 {
+                   /* The file is already read-only or doesn't exist.  */
+-                  if (errno == EACCES || errno == ENOENT)
+                  if (errno == EACCES || errno == ENOENT || errno == EROFS)
+                     continue;
+ 
+                   die_with_error ("Can't access %s", subdir);
+-- 
+2.44.0
+
--- a/0001-Avoid-memory-leak-if-args-is-specified-multiple-time.patch
+++ b/0001-Avoid-memory-leak-if-args-is-specified-multiple-time.patch
@ -0,0 +1,39 @@
+From d70c640aecc30e9216dc1a614a207e85c8732036 Mon Sep 17 00:00:00 2001
+From: Colin Walters <walters@verbum.org>
+Date: Thu, 27 May 2021 16:19:27 -0400
+Subject: [PATCH] Avoid memory leak if --args is specified multiple times
+
+Found by a static analyzer.
+
+```
+bubblewrap-0.4.1/bubblewrap.c:1500: overwrite_var: Overwriting "opt_args_data" in "opt_args_data = load_file_data(the_fd, &data_len)" leaks the storage that "opt_args_data" points to.
+ # 1498|              * keep allocated until exit time, since its argv entries get used
+ # 1499|              * by the other cases in parse_args_recurse() when we recurse. */
+ # 1500|->           opt_args_data = load_file_data (the_fd, &data_len);
+ # 1501|             if (opt_args_data == NULL)
+ # 1502|               die_with_error ("Can't read --args data");
+```
+---
+ bubblewrap.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/bubblewrap.c b/bubblewrap.c
+index 771e1ea..56ac07c 100644
+--- a/bubblewrap.c
+++ b/bubblewrap.c
+@@ -1494,6 +1494,12 @@ parse_args_recurse (int          *argcp,
+           if (argv[1][0] == 0 || endptr[0] != 0 || the_fd < 0)
+             die ("Invalid fd: %s", argv[1]);
+ 
+          /* Specifying --args multiple times doesn't work; this just pacifies
+           * a static analyzer which pointed out the memory leak
+           */
+          if (opt_args_data != NULL)
+            free (opt_args_data);
+
+           /* opt_args_data is essentially a recursive argv array, which we must
+            * keep allocated until exit time, since its argv entries get used
+            * by the other cases in parse_args_recurse() when we recurse. */
+-- 
+2.31.1
+
--- a/SPECS/bubblewrap.spec
+++ b/SPECS/bubblewrap.spec
@ -1,12 +1,14 @@
 Name: bubblewrap
-Version: 0.4.0
-Release: 1%{?dist}
+Version: 0.4.1
+Release: 7%{?dist}
 Summary: Core execution tool for unprivileged containers

 License: LGPLv2+
 #VCS: git:https://github.com/projectatomic/bubblewrap
 URL: https://github.com/projectatomic/bubblewrap
 Source0: https://github.com/projectatomic/bubblewrap/releases/download/v%{version}/bubblewrap-%{version}.tar.xz
+Patch0: 0001-Avoid-memory-leak-if-args-is-specified-multiple-time.patch
+Patch1: 0001-Accept-EROFS-for-access-check-of-proc-entries.patch

 BuildRequires: autoconf automake libtool
 BuildRequires: gcc
@ -14,6 +16,7 @@ BuildRequires: libcap-devel
 BuildRequires: pkgconfig(libselinux)
 BuildRequires: libxslt
 BuildRequires: docbook-style-xsl
+BuildRequires: make

 %description
 Bubblewrap (/usr/bin/bwrap) is a core execution engine for unprivileged
@ -45,8 +48,48 @@ find %{buildroot} -name '*.la' -delete -print
 %{_mandir}/man1/*

 %changelog
-* Thu Jan 09 2020 David King <dking@redhat.com> - 0.4.0-1
- Rebase to 0.4.0 (#1788067)
+* Fri Mar 15 2024 Daan De Meyer <daan.j.demeyer@gmail.com> - 0.4.1-7
+- Backport https://github.com/containers/bubblewrap/commit/4c35d7a5f92499d6ed646d4a5ffad9acc10cb432
+
+* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 0.4.1-6
+- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
+  Related: rhbz#1991688
+
+* Thu May 27 2021 Colin Walters <walters@verbum.org> - 0.4.1-5
+- Backport https://github.com/containers/bubblewrap/pull/426
+
+* Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 0.4.1-4
+- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
+
+* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.4.1-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.4.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Mon Mar 30 2020 David King <amigadave@amigadave.com> - 0.4.1-1
+- Update to 0.4.1
+
+* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.4.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Wed Nov 27 2019 Kalev Lember <klember@redhat.com> - 0.4.0-1
+- Update to 0.4.0
+
+* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.3-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Wed May 01 2019 Colin Walters <walters@redhat.com> - 0.3.3-2
+- New upstream release
+
+* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Mon Oct 01 2018 Kalev Lember <klember@redhat.com> - 0.3.1-1
+- Update to 0.3.1
+
+* Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild

 * Wed Jul 11 2018 Colin Walters <walters@verbum.org> - 0.3.0-1
 - https://github.com/projectatomic/bubblewrap/releases/tag/v0.3.0
--- a/1
+++ b/1
@ -0,0 +1 @@
+SHA512 (bubblewrap-0.4.1.tar.xz) = 0ff46dc0fda2d0cffbb36cc52ff43951b30cbd835a42cc56806acbbbd827796bfadbb1cfafc84d6b47a72c031ca44abe1c377acc0cc25fe3b33e854f5f687d35
				`@ -0,0 +1 @@`
				`SHA512 (bubblewrap-0.4.1.tar.xz) = 0ff46dc0fda2d0cffbb36cc52ff43951b30cbd835a42cc56806acbbbd827796bfadbb1cfafc84d6b47a72c031ca44abe1c377acc0cc25fe3b33e854f5f687d35`