Tags

bubblewrap Debian release 0.1.2-2~bpo8+1

Release 0.1.3 (fixes CVE-2016-8659)

This release fixes CVE-2016-8659: https://github.com/projectatomic/bubblewrap/issues/107
which is a local privilege escalation that applies when
bubblewrap is installed with suid or file capabilities.  This
vulnerability does not apply for systems/distributions which
unconditionally enable `CLONE_NEWUSER` access for unprivileged
users, as e.g. Fedora 24 and newer (as of this writing) do.

However, this will apply to systems such as CentOS/RHEL 7, Debian
stable, Arch, etc. that use bubblewrap as a gating mechanism for
container/app tooling like Flatpak.

The bubblewrap authors wish to thank Sebastian Krahmer, who
has found and responsibly reported many security issues over
time, including this one.

At this time, the bubblewrap authors still believe the codebase is a
sensible option for systems/distributions which don't want to enable
full `CLONE_NEWUSER`.  However, the upstream kernel has improved, and
continues to do so.  It's likely at some point in the future that
bubblewrap will evolve more flexibility around gating access to
`CLONE_NEWUSER`, such as only allowing it for logged in human users,
not background daemons.

Alexander Larsson (3):
      Move commandline args to top of the file
      Don't allow setting hostname if not unsharing UTS namespace
      Only set DUMPABLE when we need it (i.e. in user namespace child)

Bill Nottingham (1):
      Fix capability list in spec file.

Colin Walters (1):
      Release 0.1.3

Kenton Varda (1):
      Make notes on sandstorm.io somewhat more accurate

Git-EVTag-v0-SHA512: 47f77d675735c9ad7f134ac996843b8a6889be9a6a925d586ecc6a4138d2d8d35d1270da04198f09c69434be42a85319b4b763e45ac97e0fce9a961535567c99

bubblewrap Debian release 0.1.2-2

bubblewrap Debian release 0.1.2-1~bpo8+1

bubblewrap Debian release 0.1.2-1

Upstream version 0.1.2

Release 0.1.2

bubblewrap Debian release 0.1.1-1

Upstream version 0.1.1

bubblewrap Debian release 0.1.0-3

Release 0.1.1

A small release with two build fixes.

Git-EVTag-v0-SHA512: 210ede3b45a6b254121091cb97cd2457c3bfd60dff5f1c0915c8a6a692b16bab1d92288d14095fe0872bf8eb92ba375ff21bddbe61074385ece26ce2c28255cc

bubblewrap Debian release 0.1.0-2

Debian release 0.1.0-1

Upstream version 0.1.0

Release 0.1.0

This is the first release.   While bubblewrap has still not had a serious
formal security review, several maintainers believe it is at least as secure
than prior art such as linux-user-chroot.

While this first release is following [semver](http://semver.org/) and
thus may change, we'd like people writing container tools to take a look
at bubblewrap now and consider whether it meets their needs.

Existing tools like flatpak will hard require bubblewrap soon, and
anyone using linux-user-chroot should definitely try migrating now.

Thanks to all contributors!

Alexander Larsson (95):
Antonio Murdaca (1):
Colin Walters (28):
Dan Walsh (4):
Lars Kellogg-Stedman (1):
Matthias Clasen (11):
Mrunal Patel (10):
Pavel Odvody (1):
Tristan Van Berkom (1):

Git-EVTag-v0-SHA512: 7924b7ddfecc30782d4d0e779faf0a971bc0d50be7b72abe6215295b2574c64f1b61a08973f25fd899635d81ffd60648bbaa823e8e4dfb49e28cedc7c0daf5a0

Debian release 0~git160513-2

Debian release 0~git160513-1

Upstream version 0~git160513