-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 18 Jan 2017 00:56:19 +0000 Source: bubblewrap Binary: bubblewrap Architecture: source Version: 0.1.6-2 Distribution: unstable Urgency: medium Maintainer: Utopia Maintenance Team <pkg-utopia-maintain...@lists.alioth.debian.org> Changed-By: Simon McVittie <s...@debian.org> Description: bubblewrap - setuid wrapper for unprivileged chroot and namespace manipulation Changes: bubblewrap (0.1.6-2) unstable; urgency=medium . * d/p/Make-the-call-to-setsid-optional-with-new-session.patch: Add patch from upstream to make the setsid() that addresses CVE-2017-5226 optional, because it breaks interactive shells. Users of bubblewrap to confine untrusted programs should either add --new-session to the bwrap command line, or prevent the TIOCSTI ioctl with a seccomp filter instead (as Flatpak does). - d/control: add Breaks on versions of Flatpak that did not load the necessary seccomp filter to prevent CVE-2017-5226 * d/p/demos-bubblewrap-shell.sh-Unshare-all-namespaces.patch: Add patch from upstream to improve example code * d/p/Call-setsid-and-setexeccon-befor-forking-the-init-monitor.patch, d/p/Install-seccomp-filter-at-the-very-end.patch: Add patches from upstream to re-order initialization. This means the seccomp filter is no longer required to account for syscalls that are made by bwrap itself. * d/p/Add-unshare-all-and-share-net.patch: Add patch from upstream introducing new command line options --unshare-all and --share-net, for a more whitelist-based approach to sharing namespaces with the parent. Checksums-Sha1: 888f13735b4e809e66c78742c879c677df10b0eb 2180 bubblewrap_0.1.6-2.dsc 52ef62a280cddbea08e43f872c19b09030f0dd0d 12416 bubblewrap_0.1.6-2.debian.tar.xz Checksums-Sha256: 98f1f33e13e93b20d1b972e4e93caa6db5ada23dcf759019de89f397a7bd1135 2180 bubblewrap_0.1.6-2.dsc 585a9056598ea536cf45466918b7ead60fe9e3c7123d236bcc42e4e9a995ec2e 12416 bubblewrap_0.1.6-2.debian.tar.xz Files: f0244f0de77b8d01a3c2b84396b54710 2180 admin optional bubblewrap_0.1.6-2.dsc 8dcaafffd5bd491186a697eddc5ae817 12416 admin optional bubblewrap_0.1.6-2.debian.tar.xz
-----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEE2pjyXAhxxJpZ6v8sTej/KmPHzJAFAlh+wN4ACgkQTej/KmPH zJCszw//Ubi/osIRgaXRqwvGzXh/ElseuaygQQEYLXi+oKehrQKabdlU/cjNR93i 20JKQfym35xXNle1q7HyhmmBbYyuZmFefprYXYRrHSEOnk2uGRNv/2fxWU0opMe+ 4SBGFx1uJPaWOhh6hI9f6kstZCRPUKyny9qGRbwVupZkEo1cHBMwkFR6PBJYcC4S fRBxupK34mC8m4bCXvTssW2hA+S7lOYzoJEusxmbQ4UE87ShZALfGnmYBVrpQDMZ G4b/2pypWpOE8MB5ntH4d7z3k4c/bCBWwjwMbes8LhlyrLDi4NGWlVVLIQkeM1g0 xVqR2LcnSvjOdCx3BJ6J5Zc9XXS5E5OsIN9zfuDYXg+kGayHDG3FljRLaUd/pO/z EINJZsdSl8wqiHroHvHfGYPhPUeWcLuIJ4bhTaABiFupIUMmMRSktFOqYLz3AXI1 0x1fUDfSgPuuGHLWkEAkKkrlfMRCpMMmkRtoxMFdMKtmaZbK9dCs1zAI3X5QEjwp ys94eCXgB/u/Pw/OCmhwWGLwbNToNblcWCwZxkYOUzn0I6dChsWOis8OHbXD7huG C4RwnHqLmW2pTteC0rUWmXtnUhJ4ZCT1013gtKoVvd2hTX6RJMGXwMRKY7N9XdII TreOb8iYPJ7yFnighQNZBdUrU/SF4o1Qra4FtYmmrvdBBpUZt8E= =Q8ar -----END PGP SIGNATURE-----