[Pkg-utopia-maintainers] bubblewrap_0.1.6-2_source.changes ACCEPTED into unstable
Debian FTP Masters
ftpmaster at ftp-master.debian.org
Wed Jan 18 01:33:41 UTC 2017
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 18 Jan 2017 00:56:19 +0000
Source: bubblewrap
Binary: bubblewrap
Architecture: source
Version: 0.1.6-2
Distribution: unstable
Urgency: medium
Maintainer: Utopia Maintenance Team <pkg-utopia-maintainers at lists.alioth.debian.org>
Changed-By: Simon McVittie <smcv at debian.org>
Description:
bubblewrap - setuid wrapper for unprivileged chroot and namespace manipulation
Changes:
bubblewrap (0.1.6-2) unstable; urgency=medium
.
* d/p/Make-the-call-to-setsid-optional-with-new-session.patch:
Add patch from upstream to make the setsid() that addresses
CVE-2017-5226 optional, because it breaks interactive shells.
Users of bubblewrap to confine untrusted programs should either
add --new-session to the bwrap command line, or prevent the
TIOCSTI ioctl with a seccomp filter instead (as Flatpak does).
- d/control: add Breaks on versions of Flatpak that did not
load the necessary seccomp filter to prevent CVE-2017-5226
* d/p/demos-bubblewrap-shell.sh-Unshare-all-namespaces.patch:
Add patch from upstream to improve example code
* d/p/Call-setsid-and-setexeccon-befor-forking-the-init-monitor.patch,
d/p/Install-seccomp-filter-at-the-very-end.patch:
Add patches from upstream to re-order initialization. This means
the seccomp filter is no longer required to account for syscalls that
are made by bwrap itself.
* d/p/Add-unshare-all-and-share-net.patch:
Add patch from upstream introducing new command line options
--unshare-all and --share-net, for a more whitelist-based approach
to sharing namespaces with the parent.
Checksums-Sha1:
888f13735b4e809e66c78742c879c677df10b0eb 2180 bubblewrap_0.1.6-2.dsc
52ef62a280cddbea08e43f872c19b09030f0dd0d 12416 bubblewrap_0.1.6-2.debian.tar.xz
Checksums-Sha256:
98f1f33e13e93b20d1b972e4e93caa6db5ada23dcf759019de89f397a7bd1135 2180 bubblewrap_0.1.6-2.dsc
585a9056598ea536cf45466918b7ead60fe9e3c7123d236bcc42e4e9a995ec2e 12416 bubblewrap_0.1.6-2.debian.tar.xz
Files:
f0244f0de77b8d01a3c2b84396b54710 2180 admin optional bubblewrap_0.1.6-2.dsc
8dcaafffd5bd491186a697eddc5ae817 12416 admin optional bubblewrap_0.1.6-2.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEE2pjyXAhxxJpZ6v8sTej/KmPHzJAFAlh+wN4ACgkQTej/KmPH
zJCszw//Ubi/osIRgaXRqwvGzXh/ElseuaygQQEYLXi+oKehrQKabdlU/cjNR93i
20JKQfym35xXNle1q7HyhmmBbYyuZmFefprYXYRrHSEOnk2uGRNv/2fxWU0opMe+
4SBGFx1uJPaWOhh6hI9f6kstZCRPUKyny9qGRbwVupZkEo1cHBMwkFR6PBJYcC4S
fRBxupK34mC8m4bCXvTssW2hA+S7lOYzoJEusxmbQ4UE87ShZALfGnmYBVrpQDMZ
G4b/2pypWpOE8MB5ntH4d7z3k4c/bCBWwjwMbes8LhlyrLDi4NGWlVVLIQkeM1g0
xVqR2LcnSvjOdCx3BJ6J5Zc9XXS5E5OsIN9zfuDYXg+kGayHDG3FljRLaUd/pO/z
EINJZsdSl8wqiHroHvHfGYPhPUeWcLuIJ4bhTaABiFupIUMmMRSktFOqYLz3AXI1
0x1fUDfSgPuuGHLWkEAkKkrlfMRCpMMmkRtoxMFdMKtmaZbK9dCs1zAI3X5QEjwp
ys94eCXgB/u/Pw/OCmhwWGLwbNToNblcWCwZxkYOUzn0I6dChsWOis8OHbXD7huG
C4RwnHqLmW2pTteC0rUWmXtnUhJ4ZCT1013gtKoVvd2hTX6RJMGXwMRKY7N9XdII
TreOb8iYPJ7yFnighQNZBdUrU/SF4o1Qra4FtYmmrvdBBpUZt8E=
=Q8ar
-----END PGP SIGNATURE-----
Thank you for your contribution to Debian.
More information about the Pkg-utopia-maintainers
mailing list