bubblewrap 0.1.6-2 source package in Ubuntu

Changelog

bubblewrap (0.1.6-2) unstable; urgency=medium

  * d/p/Make-the-call-to-setsid-optional-with-new-session.patch:
    Add patch from upstream to make the setsid() that addresses
    CVE-2017-5226 optional, because it breaks interactive shells.
    Users of bubblewrap to confine untrusted programs should either
    add --new-session to the bwrap command line, or prevent the
    TIOCSTI ioctl with a seccomp filter instead (as Flatpak does).
    - d/control: add Breaks on versions of Flatpak that did not
      load the necessary seccomp filter to prevent CVE-2017-5226
  * d/p/demos-bubblewrap-shell.sh-Unshare-all-namespaces.patch:
    Add patch from upstream to improve example code
  * d/p/Call-setsid-and-setexeccon-befor-forking-the-init-monitor.patch,
    d/p/Install-seccomp-filter-at-the-very-end.patch:
    Add patches from upstream to re-order initialization. This means
    the seccomp filter is no longer required to account for syscalls that
    are made by bwrap itself.
  * d/p/Add-unshare-all-and-share-net.patch:
    Add patch from upstream introducing new command line options
    --unshare-all and --share-net, for a more whitelist-based approach
    to sharing namespaces with the parent.

 -- Simon McVittie <email address hidden>  Wed, 18 Jan 2017 00:56:19 +0000