update code
This commit is contained in:
zhuchunyi
parent
9de73b8f5c
commit
10b5826125
@ -1,44 +0,0 @@
|
||||
diff -Nurp bubblewrap-0.3.1/bubblewrap.c bubblewrap-0.3.1-old/bubblewrap.c
|
||||
--- bubblewrap-0.3.1/bubblewrap.c 2018-09-26 08:55:17.000000000 -0400
|
||||
+++ bubblewrap-0.3.1-old/bubblewrap.c 2019-06-13 03:26:14.489000000 -0400
|
||||
@@ -1977,7 +1977,7 @@ main (int argc,
|
||||
char **argv)
|
||||
{
|
||||
mode_t old_umask;
|
||||
- cleanup_free char *base_path = NULL;
|
||||
+ const char *base_path = NULL;
|
||||
int clone_flags;
|
||||
char *old_cwd = NULL;
|
||||
pid_t pid;
|
||||
@@ -2117,15 +2117,12 @@ main (int argc,
|
||||
die_with_error ("Can't open /proc");
|
||||
|
||||
/* We need *some* mountpoint where we can mount the root tmpfs.
|
||||
- We first try in /run, and if that fails, try in /tmp. */
|
||||
- base_path = xasprintf ("/run/user/%d/.bubblewrap", real_uid);
|
||||
- if (ensure_dir (base_path, 0755))
|
||||
- {
|
||||
- free (base_path);
|
||||
- base_path = xasprintf ("/tmp/.bubblewrap-%d", real_uid);
|
||||
- if (ensure_dir (base_path, 0755))
|
||||
- die_with_error ("Creating root mountpoint failed");
|
||||
- }
|
||||
+ * Because we use pivot_root, it won't appear to be mounted from
|
||||
+ * * the perspective of the sandboxed process, so we can use anywhere
|
||||
+ * * that is sure to exist, that is sure to not be a symlink controlled
|
||||
+ * * by someone malicious, and that we won't immediately need to
|
||||
+ * * access ourselves. */
|
||||
+ base_path = "/tmp";
|
||||
|
||||
__debug__ (("creating new namespace\n"));
|
||||
|
||||
@@ -2315,7 +2312,8 @@ main (int argc,
|
||||
/* We create a subdir "$base_path/newroot" for the new root, that
|
||||
* way we can pivot_root to base_path, and put the old root at
|
||||
* "$base_path/oldroot". This avoids problems accessing the oldroot
|
||||
- * dir if the user requested to bind mount something over / */
|
||||
+ * dir if the user requested to bind mount something over / (or
|
||||
+ * over /tmp, now that we use that for base_path). */
|
||||
|
||||
if (mkdir ("newroot", 0755))
|
||||
die_with_error ("Creating newroot failed");
|
||||
Binary file not shown.
BIN
bubblewrap-0.3.3.tar.xz
Normal file
BIN
bubblewrap-0.3.3.tar.xz
Normal file
Binary file not shown.
122
bubblewrap.spec
122
bubblewrap.spec
@ -1,28 +1,22 @@
|
||||
Name: bubblewrap
|
||||
Version: 0.3.1
|
||||
Release: 1.h1%{?dist}
|
||||
Summary: Core execution tool for unprivileged containers
|
||||
Name: bubblewrap
|
||||
Version: 0.3.3
|
||||
Release: 1
|
||||
Summary: Core execution tool for unprivileged containers
|
||||
License: LGPLv2+
|
||||
URL: https://github.com/projectatomic/bubblewrap
|
||||
Source0: https://github.com/containers/bubblewrap/archive/bubblewrap-%{version}.tar.xz
|
||||
|
||||
License: LGPLv2+
|
||||
#VCS: git:https://github.com/projectatomic/bubblewrap
|
||||
URL: https://github.com/projectatomic/bubblewrap
|
||||
Source0: https://github.com/projectatomic/bubblewrap/releases/download/v%{version}/bubblewrap-%{version}.tar.xz
|
||||
Patch6000:CVE-2019-12439.patch
|
||||
|
||||
BuildRequires: autoconf automake libtool
|
||||
BuildRequires: gcc
|
||||
BuildRequires: libcap-devel
|
||||
BuildRequires: pkgconfig(libselinux)
|
||||
BuildRequires: libxslt
|
||||
BuildRequires: docbook-style-xsl
|
||||
BuildRequires: autoconf automake libtool gcc libcap-devel
|
||||
BuildRequires: pkgconfig(libselinux) libxslt docbook-style-xsl
|
||||
|
||||
%description
|
||||
Bubblewrap (/usr/bin/bwrap) is a core execution engine for unprivileged
|
||||
containers that works as a setuid binary on kernels without
|
||||
user namespaces.
|
||||
There is an effort in the Linux kernel called user namespaces which
|
||||
attempts to allow unprivileged users to use container features.
|
||||
|
||||
%package_help
|
||||
|
||||
%prep
|
||||
%autosetup
|
||||
%autosetup -n %{name}-%{version} -p1
|
||||
|
||||
%build
|
||||
if ! test -x configure; then NOCONFIGURE=1 ./autogen.sh; fi
|
||||
@ -30,88 +24,20 @@ if ! test -x configure; then NOCONFIGURE=1 ./autogen.sh; fi
|
||||
%make_build
|
||||
|
||||
%install
|
||||
%make_install INSTALL="install -p -c"
|
||||
find %{buildroot} -name '*.la' -delete -print
|
||||
%make_install
|
||||
%delete_la
|
||||
|
||||
%files
|
||||
%defattr(-,root,root)
|
||||
%license COPYING
|
||||
%dir %{_datadir}/bash-completion
|
||||
%dir %{_datadir}/bash-completion/completions
|
||||
%{_datadir}/bash-completion/completions/bwrap
|
||||
%if (0%{?rhel} != 0 && 0%{?rhel} <= 7)
|
||||
%attr(0755,root,root) %caps(cap_sys_admin,cap_net_admin,cap_sys_chroot,cap_setuid,cap_setgid=ep) %{_bindir}/bwrap
|
||||
%else
|
||||
%{_bindir}/bwrap
|
||||
%endif
|
||||
%{_datadir}/bash-completion/completions/bwrap
|
||||
|
||||
%files help
|
||||
%defattr(-,root,root)
|
||||
%doc README.md
|
||||
%{_mandir}/man1/*
|
||||
|
||||
%changelog
|
||||
* Thu Jun 13 2019 yuejiayan<yuejiayan@huawei.com> - 0.3.1-1.h1
|
||||
- Type:cves
|
||||
- ID:CVE-2019-12439
|
||||
- SUG:NA
|
||||
- DESC:fix CVE-2019-12439
|
||||
* Mon Oct 01 2018 Kalev Lember <klember@redhat.com> - 0.3.1-1
|
||||
- Update to 0.3.1
|
||||
|
||||
* Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.0-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
||||
|
||||
* Wed Jul 11 2018 Colin Walters <walters@verbum.org> - 0.3.0-1
|
||||
- https://github.com/projectatomic/bubblewrap/releases/tag/v0.3.0
|
||||
|
||||
* Wed May 16 2018 Kalev Lember <klember@redhat.com> - 0.2.1-1
|
||||
- Update to 0.2.1
|
||||
|
||||
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.2.0-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
||||
|
||||
* Mon Oct 09 2017 Colin Walters <walters@verbum.org> - 0.2.0-2
|
||||
- New upstream version
|
||||
- https://github.com/projectatomic/bubblewrap/releases/tag/v0.2.0
|
||||
|
||||
* Wed Aug 02 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.1.8-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
|
||||
|
||||
* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.1.8-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
|
||||
|
||||
* Tue Mar 28 2017 Colin Walters <walters@verbum.org> - 0.1.8-1
|
||||
- New upstream version
|
||||
https://github.com/projectatomic/bubblewrap/releases/tag/v0.1.8
|
||||
|
||||
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.1.7-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
|
||||
|
||||
* Wed Jan 18 2017 Colin Walters <walters@verbum.org> - 0.1.7-1
|
||||
- New upstream version;
|
||||
https://github.com/projectatomic/bubblewrap/releases/tag/v0.1.7
|
||||
- Resolves: #1411814
|
||||
|
||||
* Tue Jan 10 2017 Colin Walters <walters@verbum.org> - 0.1.6-1
|
||||
- New upstream version with security fix
|
||||
- Resolves: #1411814
|
||||
|
||||
* Mon Dec 19 2016 Kalev Lember <klember@redhat.com> - 0.1.5-1
|
||||
- Update to 0.1.5
|
||||
|
||||
* Tue Dec 06 2016 walters@redhat.com - 0.1.4-4
|
||||
- Backport fix for regression in previous commit for rpm-ostree
|
||||
|
||||
* Thu Dec 01 2016 walters@redhat.com - 0.1.4-3
|
||||
- Backport patch to fix running via nspawn, which should fix rpm-ostree-in-bodhi
|
||||
|
||||
* Tue Nov 29 2016 Kalev Lember <klember@redhat.com> - 0.1.4-1
|
||||
- Update to 0.1.4
|
||||
|
||||
* Fri Oct 14 2016 Colin Walters <walters@verbum.org> - 0.1.3-2
|
||||
- New upstream version
|
||||
|
||||
* Mon Sep 12 2016 Kalev Lember <klember@redhat.com> - 0.1.2-1
|
||||
- Update to 0.1.2
|
||||
|
||||
* Tue Jul 12 2016 Igor Gnatenko <ignatenko@redhat.com> - 0.1.1-2
|
||||
- Trivial fixes in packaging
|
||||
|
||||
* Fri Jul 08 2016 Colin Walters <walters@verbum.org> - 0.1.1
|
||||
- Initial package
|
||||
* Mon Oct 21 2019 openEuler Buildteam <buildteam@openeuler.org> - 0.3.3-1
|
||||
- Package init
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user