bubblewrap-0.3.3-lp151.2.3.1<>,bĉ\k/=„@J:ە9wIю*RϤ͂C,K&ŧ7Xż7eo{!Aj~ o{Ƀe~S|Ơ.2\1Ջ7S_:I4^^',bA)<̠K/?1D~0+wzΙmW}Md8ƀBa_c99MiFnCKED5 V$%r7<^'[1o%/ĤfMøtZ$* \E>>.?. d   O & ?U   4  T|(89: F&G'H'LI'X'Y'\']'^( b)c*dd*e*f+l+u+v+Lw-x-<y-tz----.Cbubblewrap0.3.3lp151.2.3.1Core execution tool for unprivileged containersBubblewrap (/usr/bin/bwrap) is a core execution engine for unprivileged containers that works as a setuid binary on kernels without user namespaces.\kcloud109openSUSE Leap 15.1openSUSELGPL-2.0-or-laterhttp://bugs.opensuse.orgProductivity/Securityhttps://github.com/projectatomic/bubblewraplinuxi586׌  Jc' AA큤A큤A큤A큤\i\i\i\]\k\}+\]\]\}+\}+\]\k\}+\i482e7218fc40f50e058eedd820fbcba8a3290fda642ee486645871100c60bb6e89f09205318fc84dc135d97494269ab7c5c1efda71b796c9e711aed13c51f0d1c101e8d2a56683cf5a8d82991a300cb36436e372dc37dbfc28952b2cc1ff78fad7ce88ff6014f184097f7527d406c14ba163d71bc93e31e95d784ae19c2b103f65300032fa925dd20f07b7ef8914c3847e26bb95731910c0054dc0c582bf98698fd08d3d6db04338dd4ac9b710b14b23a21162154359c6ef5cf16810802eed66f31665319d76a627acc9527e1999a55681836ec986fc2b1fbc320de75f4bb1d3b7993225104d90ddd8024fd838faf300bea5e83d91203eab98e29512acebd69c408591d8b6d26ae33b55c62ab879f12b125732bb916afb20c2622225658c5889rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootbubblewrap-0.3.3-lp151.2.3.1.src.rpmbubblewrapbubblewrap(x86-32)@@@@@@@@@@@@@@    libc.so.6libc.so.6(GLIBC_2.0)libc.so.6(GLIBC_2.1)libc.so.6(GLIBC_2.1.3)libc.so.6(GLIBC_2.16)libc.so.6(GLIBC_2.2)libc.so.6(GLIBC_2.3)libc.so.6(GLIBC_2.3.4)libc.so.6(GLIBC_2.4)libc.so.6(GLIBC_2.7)libc.so.6(GLIBC_2.8)libc.so.6(GLIBC_2.9)libcap.so.2libselinux.so.1rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)3.0.4-14.6.0-14.0-15.2-14.14.1\h[;@[IZVYdY@Y_wY&@X @XS@XW֘WWSebastian Wagner Antonio Larrosa - 0.3.1sebix+novell.com@sebix.atsebix+novell.com@sebix.atsebix+novell.com@sebix.atsebix+novell.com@sebix.atsebix+novell.com@sebix.atsebix+novell.com@sebix.atsebix+novell.com@sebix.atsebix+novell.com@sebix.atColin Walters - 0.1.3-2Kalev Lember - 0.1.2-1Igor Gnatenko - 0.1.1-2Colin Walters - 0.1.1- Update to version 0.3.3: - This release is the same as 0.3.2 but the version number in configure.ac was accidentally still set to 0.3.1 - Update to version 0.3.2: - fixes boo#1136958 / CVE-2019-12439 This release fixes a mostly theoretical security issue in unusual/broken setups where `$XDG_RUNTIME_DIR` is unset. There are some other smaller fixes, as well as an addition to the JSON API that allows reading the inner process exit code, separately from the `bwrap` exit code. - Print "Out of memory" on stderr, not stdout - bwrap: add option json-status-fd to show child exit code - bwrap: Report COMMAND exit code in json-status-fd - man page: Describe --chdir, not nonexistent --cwd - Don't create our own temporary mount point for pivot_root - Make lockdata long enough on 32-bit with 64-bit file pointers.- update to version 0.3.1: * New feature in this release is --bind-try (as well as --dev-bind-try and --ro-bind-try) which works like the regular versions if the source exists, but does nothing if it doesn't exist. * The mount type for the root tmpfs was also changed to "tmpfs" instead of being empty, as the later could cause problems with some programs when parsing the mountinfo files in /proc.- update to version 0.3.0: * The biggest feature from this release is that bwrap now supports being invoked recursively (from other container runtimes such as Docker/podman/runc as well as bwrap itself) when user namespaces are enabled, and the outer container manager allows it (Docker's default seccomp policy doesn't). * This is useful for testing scenarios; for example a project uses Kubernetes for its CI, but inside build the project wants to run each unit test in their own pid namespace, without going out and creating a new pod for every single unit test. * Similarly, rpm-ostree compose tree uses bwrap internally for scripts, and we want to support running rpm-ostree inside a container as well. * Another feature is bwrap now supports -- to terminate argument parsing. To detect availablity of this, you could parse bwrap --version.- update to version 0.2.1: * All the demos are included * bugfixes for the demo files * There was an issue with mkdir when running bubblewrap on an NFS filesystem that has been fixed, so flatpak now works on NFS shares. * Some leaks have been fixed, including a file descriptor leak.- update to version 0.2.0 - bwrap now automatically detects the new user namespace restrictions in Red Hat Enterprise Linux 7.4: bubblewrap: check for max_user_namespaces == 0. - The most notable features are new arguments --as-pid1, and - -cap-add/--cap-drop. These were added for running systemd (or in general a "full" init system) inside bubblewrap. But the capability options are also useful for unprivileged callers to potentially retain capbilities inside the sandbox (for example CAP_NET_ADMIN), when user namespaces are enabled. Conversely, privileged callers (uid 0) can conversely drop capabilities (without user namespaces). Contributed by Giuseppe Scrivano. - With --dev, add /dev/fd and /dev/core symlinks which should improve compatibility with older software.- add group- fix build macro with rpm < 4.12 (non-Factory currently)- update to version 0.1.8 - New --die-with-parent which is based on the Linux prctl(PR_SET_PDEATHSIG) API. - smaller bugfixes- upgrade to upstream version 0.1.7 - note that this package was *never* affected by CVE-2017-5226 as it was introduced in version 0.1.6 - upstream changelog of version 0.1.7: This release backs out the change in 0.1.6 which unconditionally called setsid() in order to fix a security issue with TIOCSTI, aka CVE-2017-522. That change caused some behavioural issues that are hard to work with in some cases. For instance, it makes shell job control not work for the bwrap command. Instead there is now a new option --new-session which works like 0.1.6. It is recommended that you use this if possible, but if not we recommended that you neutralize this some other way, for instance using SECCOMP, which is what flatpak does: https://github.com/flatpak/flatpak/commit/902fb713990a8f968ea4350c7c2a27ff46f1a6c4 In order to make it easy to create maximally safe sandboxes we have also added a new commandline switch called --unshare-all. It unshares all possible namespaces and is currently equivalent with: - -unshare-user-try --unshare-ipc --unshare-pid --unshare-net - -unshare-uts --unshare-cgroup-try However, the intent is that as new namespaces are added to the kernel they will be added to this list. Additionally, if --share-net is specified the network namespace is not unshared. This release also has some bugfixes: bwrap reaps (unexpected) children that are inherited from the parent, something which can happen if bwrap is part of a shell pipeline. bwrap clears the capability bounding set. The permitted capabilities was already empty, and use of PR_NO_NEW_PRIVS should make it impossible to increase the capabilities, but more layers of protection is better. The seccomp filter is now installed at the very end of bwrap, which means the requirement of the filter is minimal. Any bwrap seccomp filter must at least allow: execve, waitpid and write Alexander Larsson (7): Handle inherited children dying Clear capability bounding set Make the call to setsid() optional, with --new-session demos/bubblewrap-shell.sh: Unshare all namespaces Call setsid() and setexeccon() befor forking the init monitor Install seccomp filter at the very end Bump version to 0.1.7 Colin Walters (6): Release 0.1.6 man: Correct namespace user -> mount demo/shell: Add /var/tmp compat symlink, tweak PS1, add more docs Release 0.1.6 ci: Combine ASAN and UBSAN Add --unshare-all and --share-net - upstream changelog for 0.1.6: This fixes a security issue with TIOCSTI, aka CVE-2017-522. Note bubblewrap is far from the only program that has this issue, and I think the best fix is probably in the kernel to support disabling this ioctl. Programs can also work around this by calling setsid() on their own in an exec handler before doing an exevp("bwrap"). - upstream changelog for 0.1.5: This is a bugfix release, here are the major changes: Running bubblewrap as root now works again Various fixes for the testsuite Use same default compiler warnings as ostree Handle errors resolving symlinks during bind mounts Alexander Larsson (2): bind-mount: Check for errors in realpath() Bump version to 0.1.5 Colin Walters (6): Don't call capset() unless we need to Only --unshare-user automatically if we're not root ci: Modernize a bit, add f25-ubsan README.md: Update with better one liner and more information utils: Add __attribute__((printf)) to die() build: Sync default warning -> error set from ostree Simon McVittie (4): test-run: be a bash script test-run: don't assume we are uid 1000 Adapt tests so they can be run against installed binaries Fix incorrect nesting of backticks when finding a FUSE mount- upgrade to upstream version 0.1.4 - Build also for Leap 42.2- New upstream version- Update to 0.1.2- Trivial fixes in packaging- Initial packagecloud109 1559566187 0.3.3-lp151.2.3.10.3.3-lp151.2.3.1 bwrapbash-completioncompletionsbwrapbubblewrapREADME.mddemosbubblewrap-shell.shflatpak-run.shflatpak.bpfuserns-block-fd.pybubblewrapCOPYINGbwrap.1.gz/usr/bin//usr/share//usr/share/bash-completion//usr/share/bash-completion/completions//usr/share/doc/packages//usr/share/doc/packages/bubblewrap//usr/share/doc/packages/bubblewrap/demos//usr/share/licenses//usr/share/licenses/bubblewrap//usr/share/man/man1/-fomit-frame-pointer -fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.opensuse.org/openSUSE:Maintenance:10346/openSUSE_Leap_15.1_Update/5e3a3c980b8fff82ee69f62913a5e92a-bubblewrap.openSUSE_Leap_15.1_Updatedrpmxz5i586-suse-linuxELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, interpreter /lib, for GNU/Linux 3.2.0, BuildID[sha1]=54381a1eb7dc1184b64d7e6626d72e860e92e0e9, strippeddirectoryASCII textASCII text, with very long linesBourne-Again shell script, ASCII text executablePython script, ASCII text executabletroff or preprocessor input, ASCII text, with very long lines (gzip compressed data, max compression, from Unix)R R RRRR RRRRRR R RL0N:CW9utf-84b1634d2c232452a5e5560fcb97ae3991d8d27fb22526cbe5e37ed0693cf886c? 7zXZ !t/W\0^]"k%w!?K15e/7%EFO#>'!+{l%"f-9eڍT ȑg)+ſ,X8qj:9YW `xjdnVݹWz\Ùy=<$~" o*G*na[ F+>jқa;@/%iow e9w'kL)*.%4Lzk*&60[ܕH)v+[ū(=Z7s 1%Q%>E^Y0 *-"pGTz~2x9W ˛qxSZTG1k |^會{}`bם*nԓ kN.޳=kVXv GSy[W!IJ, 2ȘL|(YGp|*SC=qJ+Nm"ًIx wZՆ_?P:|Rۈ:n5("V$V " 7D`a*wӆ;$ O_2Ka4գ(Id6zFa1u~p#?&֊Ns k=s#س쐹q?'84YC31C>dž]Юx"jͮCR8mħWШCyR> d=*Iv>BϢ~f$R7jy" OҾg;P~q&.^OJ_Dhtjd>UxYs0LCNAq_ &mF)1=ʺp{*~hSTom6gz{:Y2%+髇1j&pʏ':zmN,|z7:]ВYW} TrrS7|20|N[d*H ekcXfC$l&"3<~)!GŎ$Zv꩒5l=SvV|(@R׷T4(,2ɌOi؛1AYgZۗ4' ]4%K])r>k+HqqD:eO\DDVۊt)<όuI$W2Hњk/AHcl< v n#x%37D5F]BC%{DVB)!߸⠵h`@Dd4 @ t&0C(KN/1h> \ɦMy+%n£ߗEt ed|6@TMybsŹTdZ(Hv[}2Zݰ)*x 4:1X JȢ yOaiń"`Ks~D7v*|RM_<;,NtVR#v}YĿ$;͸=3aJ[He3ΔO=zuBkǞ ܭ_U`9D;v9=Y͜m>=$N}?- }x7:@DZ[nĽ ->,߱s8pЕ|\lS7g-'LyCO@%3o#X1&gq H+m,ޞoJd3eo<ۈ U fW%6/daHA*l˺| (b(paU+(aafɤ~^^lΈ5AiOa هggpX ū5aUiDUW{Ͼavv=Tŝ媃.n\{ Ckm*tk2b08U`&( 5Mx)>ۃ+ya[p]1 :bʗ]W!;^utEnrYm:Bg_Nd7UhtLBr@M[Bz9_'8t&+֌^}1/:͙_Ad^\zFI)N3 t ΋5;~@C#K; ©-ų stBZ:!2P ?ÕbX'c>fD\N@O0G>I; KK):?!LWTtd <鬦 S0ʋcpQx3J/0"s# cpn;Ddr.mȹѨa!>tT9Q/ʏ:z6đ4趠5AHT#cmm7-[wHi2øvk$Cv-4B0d792 EV4XOn{8|z5#롫#S_]20~s/DQWxN51IX5u-鼞%a7.ANb}B,k{#0Vq k<\]x,)8Cg˲t#bAF}R.W97nT$ZRLJ?9FK#՛˶IRC@H:wZL%aB7ةL#/ j!-5N7!lӺBͲYf;]ЋbsS˵/3 @ZA]C)>8E4 --iG伐Đ΃,T c> %F@h+gI.b[vgD&By`t{X#0{e0tBsOI* o!F|+q3o'zURSjЯ _!J %*l6 R؉ "(C3Uh}y+ YXᢴ3\>8ƤbM>BP^QA/fT! Qz fsQ@YT]yc}R|W.c݀@]HBnvFO+I3_kϛ-,:T߿vJ,1a^]yK~$ -uwq-d[WkLȱ!Q#{lV׎HSjЋ֗n;TBʮOUIoKh#YYnz&lDv6u]AJBɱaNqlw?&Y6*s=Zc|f 'D4ͬcn[ ~[.ivT23=x ֿ$6XNEoӥ{s÷-z~k˟T0"ut0ׄ[Њ @|HiQޅmNn^C dUjI켙~֕R>(tԤYhZׁs;X|2=ӱXW׻2r]!q(EOTN!3ٲgu͸7.Ob80ῐz Mu;bW-MH HA@Tj d49*N lӚ`> [yd\u5-$ w*KH 6Q{#on(yյq5[o=>F6avD +\2/o^5 ŪhSu*GYrweFAjBԠ+$"cvp1E]C.N8NrNm|5pm+LrSQ5i?z`7OC(Ql0 h9/WͦL?n.a6uC!]VG½?ҷH}:=GK -wd(ÅJ5YC! jm P0Z;*VUIrYf V! z_*^v bPDʭ{HiШÖ] w0@S4UP߰e*23fjK βJ fTQB"M IeV`Z]U nsKP"%vBDɬuTYG~H =/'X!v3)[`h]MU}H1Ұ#Ez9} p3N"٥D!/$lAo|ΤToCu.=)#Xյ0Oba$ wc^vL濤z^#h WF3\Ԯ2>o2<+PjYP}KݢjEQoRe(.zO8+$e`]с~y'ͤ[]Bk(ΨTbplj}\N[LsX9ܝ==Fbu`qOJoƢ*Qp/E^gr>\P FJcJC2{g^I} !Ywh}pC%~±(~zCz`dΨ(:u=")ǂ5Fl4TJ 1 x6 Xo+\PH@.kOM8H|SSө?eV(Ǜ $;I6{ h#^X8+(m4ǃܥx+ drT6hB>]ORA0їFN8LЫ9EAb&6htV~zr3РޖùBİ @Bii4b6ܠ:ub-<=ܱl^C@>3匹#gjV#Dwj#B`YꙬXIV82kfsnYrP*6wo*{42Ծ 4qw BMic_Xo'Y2b]H&hQUSd|8zc?rF 󚢧U@W.[R#6V=ES_r!8 ۛgëE=pJrH<z”FXGyqlUk:1+'a"IGFz^4-"9 <_Xo#N`ز(|(pt~&H#KD5"Ѫ>3ǒdH<شlVktπyWcRq8ҀXcl"(<#uU=7=YwF<=tڊ{Ca`y>$F  'nqYuc }xGXuQ#LJZTwgNlL{,.27Oi!AE80mʩG޹YpU n. p{8wv3#+!BG˧, }{r@鎧t垫q7ʁIҲ] 5nrb[[iE(6PETzd$LPѻ똭v$0=2z fafw.d- 2%,: JF2R*T!]ȃ* _Q9^td'[7*)oH|'XLp}:y?aϣ)Kd$jF~ݔv%#eH|X<1Ӣ5:K/NÑF&<%Te9hgymѬsO2l׬4ҁV{?>#D}E2M*^^C$'l0<3*bJ#xLjT}e>50Ĭeټp|/^6?6قwa U-X&68pىoC {V(.3ze*KJVVUR΂\:L F[W6{]U;e|%|{h 6%W|"W՟2>;aJ Fv10 WCiepH1x0Ԃqd:i \nB1t׸G&9gfo>a)W0EN 5cam.'QFe \}֢->⌰Y\M=~&2 F/:9`'鯘6HSa>2} z[mfR9Dk 3K5`}PMm԰SBZˌs$Ƒqٟxb=N~R Uӽ1sp3|n-Q,nd !%ui!!eTT&ߖhZphmgQ*>bDzL;Kk"/U#f^0u_p[*/ͨj/Ui )N1\ą=Hz$Gw.'3r9xUR/Pllv^_#FEFWkv)w¢w|TPeQNY}ٮϬV A)YNrWY[ x)jRBb"qr\eЃ]zUwّ_mRz6ZLJVBΌ#2_J>Z ?#`;xDu9`m_Sh:<#h>?`FQ)Ζ*(_̓vǖ󟔄Y,% ,4A)k޷Lgwsr>kKOԉq);;3;̴Uri(gX'o]k#b\Q3t8@a .8s3\ŠzGuOrBd3 Վ=":ta*8cdǫq&Ey*P8ALU̺;5K>Dzzѥ7?77Z2/a~nK[7^gh:jSxdӕRd Z&umT ;ϸ[8?Xv=?ڽ(xv5gVf6̜l@&q:;8 vcM[v2i?& cssҏnrԯ` F&r< vIw{dT'e,ݣz?jyȲj:}hd2Lj ߐMTsTT:$N:4ܑ|e-M;2 26\Ii! Yc- LFtHjH*=/Q,hfZ](^W9*x Op{Iw&ɳ36wd7<-^}1"0N# 6S%a${Eåki>J)QuşnL58[n>Bm 1#ZVx=}1 yH'hss%b[ ĢҶ=5vMP,3TFp0DZIhz0î ͎ 9=O;,n'l)239iִJ'ˊO5JJx\q9oK/UK}/,l~ufWyWL;o#2z=w!"kYBV#Iz kG)@:\l,$pMWc##&[5xw4!#|&E v2~jT 򋕠Kg$rMN'5wasY !䃧Qh;?iyQ eD!CC$F`k z(Ss|໳>?0T1ݘV1ٕfǾM˩ՎAPD[Aż L )a#H뺰SUtصX28ߍ !Z}85ɎK YU7^h7Y Tq}ßf[͓^[Z<+c:awg|V1RyTJkX .U,哥jqL&57Ԍ!K^Z<\vs9o+'dv%.Jf? dž֍Oy=.B5xlmiVզwV7OfzfDAT@¡h ҹ}Y٢Y@1Q1@j~)1>]|bP+s)vXf` uf! VAZI)@sHg0BTaۡH&il~Ѐ5|MiKH2Ќ A{m^f})H GaR\>]5sG> aY60JL{8x}٩%<Q_Ȯ):j+ VldZ9- !69g yf~+4C`H&}OwV( :0B6nCt|!}l5Re9=x߇E@,oh|r3;ς'KDAUֲ&zO#I8ۆ|zk"8 2$cPb}P ^!P%LܼEOɆK9k#,Íiuswkw3O\dXfOayY~`o5)`fp',,ZYA?u=C(%QDbܬG/D\Ֆ[PMz1F'7"'[jx' zo;۰ŗ#Ũf+9xi-9,|WԣMu~D悤-ysR-J Z>TiK xu(7r ˉN&[E_4#dL)ޢ=_Cl*ig%d_\+.)2-e vsI#~'R*(q/[.h! )Y-~"kAƿJꮶSΑGϏivjW[!?|CdxV9H.vVH8kqTpϜ!^j-\V1=ޮWMaB6^a^ڐ2i*ꏭ:$+Klj塷 V ]NTCVdF8 Rˁ >}Qcqn <.o 1gGUX-i΁YOe}dkzEY aں(<Ǖ͍E6*LZ2!ّw@ͅ@L1UR]^ 4Ÿ<#(rZH&g}Ao!̵#^LnD/RپFy镙9P_]U<@b4xچMt<1X9 W sCx^ޯLƵ4/If sAAd~5' gE4_|3 Q9VG ,!Ii*&AlMmј3}N,G2j)2%=d+c|=_D1V^ xhݹKnIM|.yi#Y`Uaݮj) YZ