[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Accepted bubblewrap 0.1.7-1~bpo8+1 (source amd64) into jessie-backports->backports-policy, jessie-backports



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 27 Feb 2017 11:05:06 +0000
Source: bubblewrap
Binary: bubblewrap
Architecture: source amd64
Version: 0.1.7-1~bpo8+1
Distribution: jessie-backports
Urgency: medium
Maintainer: Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>
Changed-By: Simon McVittie <smcv@debian.org>
Description:
 bubblewrap - setuid wrapper for unprivileged chroot and namespace manipulation
Changes:
 bubblewrap (0.1.7-1~bpo8+1) jessie-backports; urgency=medium
 .
   * Rebuild for jessie-backports
     - debian/gbp.conf: adjust for this branch
 .
 bubblewrap (0.1.7-1) unstable; urgency=medium
 .
   * New upstream release
     - effectively the same as 0.1.6-2
     - drop all patches
 .
 bubblewrap (0.1.6-2) unstable; urgency=medium
 .
   * d/p/Make-the-call-to-setsid-optional-with-new-session.patch:
     Add patch from upstream to make the setsid() that addresses
     CVE-2017-5226 optional, because it breaks interactive shells.
     Users of bubblewrap to confine untrusted programs should either
     add --new-session to the bwrap command line, or prevent the
     TIOCSTI ioctl with a seccomp filter instead (as Flatpak does).
     - d/control: add Breaks on versions of Flatpak that did not
       load the necessary seccomp filter to prevent CVE-2017-5226
   * d/p/demos-bubblewrap-shell.sh-Unshare-all-namespaces.patch:
     Add patch from upstream to improve example code
   * d/p/Call-setsid-and-setexeccon-befor-forking-the-init-monitor.patch,
     d/p/Install-seccomp-filter-at-the-very-end.patch:
     Add patches from upstream to re-order initialization. This means
     the seccomp filter is no longer required to account for syscalls that
     are made by bwrap itself.
   * d/p/Add-unshare-all-and-share-net.patch:
     Add patch from upstream introducing new command line options
     --unshare-all and --share-net, for a more whitelist-based approach
     to sharing namespaces with the parent.
 .
 bubblewrap (0.1.6-1) unstable; urgency=medium
 .
   * New upstream release
     - drop the only patch, applied upstream
   * debian/patches: update to upstream master for additional fixes
     to SIGCHLD handling and documentation, and improved hardening
     against being able to obtain capabilities
   * debian/bubblewrap.examples: install upstream examples
Checksums-Sha1:
 5b4285caa051e996f9be959eb5dfeea6e5ca4abe 2170 bubblewrap_0.1.7-1~bpo8+1.dsc
 c093b95ef2cb9f4676a1e1f83cd3eb1a5e8f6af4 5724 bubblewrap_0.1.7-1~bpo8+1.debian.tar.xz
 86501e7f131918df6334cb63cb43366627545925 30804 bubblewrap_0.1.7-1~bpo8+1_amd64.deb
Checksums-Sha256:
 cd8357e15cfc32cbc1ac33423f1c1e7696a15ea798d155bfd1a1499fb0661901 2170 bubblewrap_0.1.7-1~bpo8+1.dsc
 46ec803ca2d997192f3decbce34ec09cf66912d0d0b2113657ca5e40b59ebadf 5724 bubblewrap_0.1.7-1~bpo8+1.debian.tar.xz
 5b99dfb44dac6bfa2b031ab0dcc2ff88f31f1b746bacbd7fd4ea7d75c4156313 30804 bubblewrap_0.1.7-1~bpo8+1_amd64.deb
Files:
 6a8425dc585cba9df1fa0816e3682d67 2170 admin optional bubblewrap_0.1.7-1~bpo8+1.dsc
 2801ab4d8296e69ca0f0f40754d51240 5724 admin optional bubblewrap_0.1.7-1~bpo8+1.debian.tar.xz
 6f96cd92599f5ebb68fd8861dd569fb1 30804 admin optional bubblewrap_0.1.7-1~bpo8+1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE2pjyXAhxxJpZ6v8sTej/KmPHzJAFAli0IMUACgkQTej/KmPH
zJD7Dw//b/VmetG9B69KNo8IDj813HG98LrDd4j/ur1M12hXMinjrVUMpzdBUpxg
J8EwVD5J7rftYR6Iys53hWTaZZDRFu+qiQqu/vpJZWS8Xd7avBk8Uv/usPp89zzT
RpN70+/ZM/8MYC80/QwlxQ33wk/9M+d7Z75XyvNgiFDff9RoU5oyQnedJX088BfZ
k9/KEYwR8UxXcHWOmc9vNFaHK1JtGM5QKVo+xdUV/FrSPFCMed8D5JiAv5oesAiB
ZDgmyZXJr7AH+ccSKFPNSgGNuX3cE//8f/VEemoDVYrsSqnP4gpo5vIt29FpmeWV
uyJsd5m7bZ2P8oB0oymrZjR96Na1sK7MdeWaN81doaYm2xvXG0vYl227QBa/EWCO
F+Hcw9Lxr/YYwbuG+WD8+CGrNmjcwjqzDQSLhbY2fVXqQtg9KXvTVpqWMOjsGLkL
Bu+fVJXVR/cvGpCdeXErU7HfAEm3Gv3MmMnOWk89nIBaLxFbDZWcr+f/QCURxjy1
C3r30lOaT2Qf3siku/6mVOTv0Jl1cVuk5XVhNf+P2+Rt0KF816smUFhHjsVHLsX8
L6etjSEMn2RYvu7EC7m9wmUOTULW9B0Hti2lMuyBv/QFZeRSjWoVxs/7DOmjZ77H
m2bj9AOmTzK5gm6L0rAEQ933vtzrlhgYXTlf5CQhtoCPSELSqGA=
=x7L0
-----END PGP SIGNATURE-----


Reply to: