2 files changed, 637 insertions, 1 deletions
diff --git a/meta-oe/recipes-security/bubblewrap/bubblewrap/0001-Use-stdbool.h-for-booleans.patch b/meta-oe/recipes-security/bubblewrap/bubblewrap/0001-Use-stdbool.h-for-booleans.patch
new file mode 100644
index 0000000000..2566314ce3
--- /dev/null
+++ b/meta-oe/recipes-security/bubblewrap/bubblewrap/0001-Use-stdbool.h-for-booleans.patch
@@ -0,0 +1,633 @@
+From 4572dd9378c876349e02403cf7f6031c45281f85 Mon Sep 17 00:00:00 2001
+From: "Simon McVittie" <smcv@collabora.com>
+Date: Tue, 8 Apr 2025 16:29:18 +0900
+Subject: [PATCH] Use stdbool.h for booleans
+* backport fix from:
+  https://github.com/containers/bubblewrap/pull/660
+  But patch rework for this version.
+  In gcc 15, bool became a reserved keyword in C23, causing conflicts with our custom bool definition.
+  See also, https://gcc.gnu.org/git/?p=gcc.git;a=commitdiff;h=55e3bd376b2214e200fa76d12b67ff259b06c212
+* to fix:
+  http://errors.yoctoproject.org/Errors/Details/851183/
+  ../bubblewrap-0.10.0/utils.h:46:13: error: 'bool' cannot be defined via 'typedef'
+   46 | typedef int bool;
+      |             ^~~~
+Upstream-Status: Backport [https://github.com/containers/bubblewrap/pull/660]
+Signed-off-by: mark.yang <mark.yang@lge.com>
+---
+ bind-mount.c |  20 ++++----
+ bubblewrap.c | 134 +++++++++++++++++++++++++--------------------------
+ utils.c      |  16 +++---
+ utils.h      |   5 +-
+ 4 files changed, 86 insertions(+), 89 deletions(-)
+diff --git a/bind-mount.c b/bind-mount.c
+index 2757cae..bf7f68d 100644
+--- a/bind-mount.c
+++ b/bind-mount.c
+@@ -76,7 +76,7 @@ match_token (const char *token, const char *token_end, const char *str)
+   if (token == token_end)
+     return *str == 0;
+ 
+-  return FALSE;
+  return false;
+ }
+ 
+ static unsigned long
+@@ -281,12 +281,12 @@ parse_mountinfo (int  proc_fd,
+         die ("Can't parse mountinfo line");
+       rest = line + consumed;
+ 
+-      rest = skip_token (rest, TRUE); /* mountroot */
+      rest = skip_token (rest, true); /* mountroot */
+       mountpoint = rest;
+-      rest = skip_token (rest, FALSE); /* mountpoint */
+      rest = skip_token (rest, false); /* mountpoint */
+       mountpoint_end = rest++;
+       options = rest;
+-      rest = skip_token (rest, FALSE); /* vfs options */
+      rest = skip_token (rest, false); /* vfs options */
+       options_end = rest;
+ 
+       *mountpoint_end = 0;
+@@ -324,7 +324,7 @@ parse_mountinfo (int  proc_fd,
+       MountInfoLine *parent = by_id[this->parent_id];
+       MountInfoLine **to_sibling;
+       MountInfoLine *sibling;
+-      bool covered = FALSE;
+      bool covered = false;
+ 
+       if (!has_path_prefix (this->mountpoint, root_mount))
+         continue;
+@@ -333,7 +333,7 @@ parse_mountinfo (int  proc_fd,
+         continue;
+ 
+       if (strcmp (parent->mountpoint, this->mountpoint) == 0)
+-        parent->covered = TRUE;
+        parent->covered = true;
+ 
+       to_sibling = &parent->first_child;
+       sibling = parent->first_child;
+@@ -344,7 +344,7 @@ parse_mountinfo (int  proc_fd,
+            * covered by the sibling, and we drop it. */
+           if (has_path_prefix (this->mountpoint, sibling->mountpoint))
+             {
+-              covered = TRUE;
+              covered = true;
+               break;
+             }
+ 
+@@ -499,7 +499,7 @@ bind_mount_result_to_string (bind_mount_result res,
+                              bool *want_errno_p)
+ {
+   char *string = NULL;
+-  bool want_errno = TRUE;
+  bool want_errno = true;
+ 
+   switch (res)
+     {
+@@ -521,7 +521,7 @@ bind_mount_result_to_string (bind_mount_result res,
+ 
+       case BIND_MOUNT_ERROR_FIND_DEST_MOUNT:
+         string = xasprintf ("Unable to find \"%s\" in mount table", failing_path);
+-        want_errno = FALSE;
+        want_errno = false;
+         break;
+ 
+       case BIND_MOUNT_ERROR_REMOUNT_DEST:
+@@ -557,7 +557,7 @@ die_with_bind_result (bind_mount_result res,
+                       ...)
+ {
+   va_list args;
+-  bool want_errno = TRUE;
+  bool want_errno = true;
+   char *message;
+ 
+   fprintf (stderr, "bwrap: ");
+diff --git a/bubblewrap.c b/bubblewrap.c
+index bc75da4..1504449 100644
+--- a/bubblewrap.c
+++ b/bubblewrap.c
+@@ -74,19 +74,19 @@ static bool opt_as_pid_1;
+ 
+ static const char *opt_argv0 = NULL;
+ static const char *opt_chdir_path = NULL;
+-static bool opt_assert_userns_disabled = FALSE;
+-static bool opt_disable_userns = FALSE;
+-static bool opt_unshare_user = FALSE;
+-static bool opt_unshare_user_try = FALSE;
+-static bool opt_unshare_pid = FALSE;
+-static bool opt_unshare_ipc = FALSE;
+-static bool opt_unshare_net = FALSE;
+-static bool opt_unshare_uts = FALSE;
+-static bool opt_unshare_cgroup = FALSE;
+-static bool opt_unshare_cgroup_try = FALSE;
+-static bool opt_needs_devpts = FALSE;
+-static bool opt_new_session = FALSE;
+-static bool opt_die_with_parent = FALSE;
+static bool opt_assert_userns_disabled = false;
+static bool opt_disable_userns = false;
+static bool opt_unshare_user = false;
+static bool opt_unshare_user_try = false;
+static bool opt_unshare_pid = false;
+static bool opt_unshare_ipc = false;
+static bool opt_unshare_net = false;
+static bool opt_unshare_uts = false;
+static bool opt_unshare_cgroup = false;
+static bool opt_unshare_cgroup_try = false;
+static bool opt_needs_devpts = false;
+static bool opt_new_session = false;
+static bool opt_die_with_parent = false;
+ static uid_t opt_sandbox_uid = -1;
+ static gid_t opt_sandbox_gid = -1;
+ static int opt_sync_fd = -1;
+@@ -476,7 +476,7 @@ report_child_exit_status (int exitc, int setup_finished_fd)
+     return;
+ 
+   output = xasprintf ("{ \"exit-code\": %i }\n", exitc);
+-  dump_info (opt_json_status_fd, output, FALSE);
+  dump_info (opt_json_status_fd, output, false);
+   close (opt_json_status_fd);
+   opt_json_status_fd = -1;
+   close (setup_finished_fd);
+@@ -621,7 +621,7 @@ do_init (int event_fd, pid_t initial_pid)
+ 
+   seccomp_programs_apply ();
+ 
+-  while (TRUE)
+  while (true)
+     {
+       pid_t child;
+       int status;
+@@ -765,16 +765,16 @@ prctl_caps (uint32_t *caps, bool do_cap_bounding, bool do_set_ambient)
+    */
+   for (cap = 0; cap <= CAP_LAST_CAP; cap++)
+     {
+-      bool keep = FALSE;
+      bool keep = false;
+       if (cap < 32)
+         {
+           if (CAP_TO_MASK_0 (cap) & caps[0])
+-            keep = TRUE;
+            keep = true;
+         }
+       else
+         {
+           if (CAP_TO_MASK_1 (cap) & caps[1])
+-            keep = TRUE;
+            keep = true;
+         }
+ 
+       if (keep && do_set_ambient)
+@@ -803,11 +803,11 @@ static void
+ drop_cap_bounding_set (bool drop_all)
+ {
+   if (!drop_all)
+-    prctl_caps (requested_caps, TRUE, FALSE);
+    prctl_caps (requested_caps, true, false);
+   else
+     {
+       uint32_t no_caps[2] = {0, 0};
+-      prctl_caps (no_caps, TRUE, FALSE);
+      prctl_caps (no_caps, true, false);
+     }
+ }
+ 
+@@ -816,7 +816,7 @@ set_ambient_capabilities (void)
+ {
+   if (is_privileged)
+     return;
+-  prctl_caps (requested_caps, FALSE, TRUE);
+  prctl_caps (requested_caps, false, true);
+ }
+ 
+ /* This acquires the privileges that the bwrap will need it to work.
+@@ -846,7 +846,7 @@ acquire_privs (void)
+       if (euid != 0)
+         die ("Unexpected setuid user %d, should be 0", euid);
+ 
+-      is_privileged = TRUE;
+      is_privileged = true;
+       /* We want to keep running as euid=0 until at the clone()
+        * operation because doing so will make the user namespace be
+        * owned by root, which makes it not ptrace:able by the user as
+@@ -867,7 +867,7 @@ acquire_privs (void)
+         die ("Unable to set fsuid (was %d)", (int)new_fsuid);
+ 
+       /* We never need capabilities after execve(), so lets drop everything from the bounding set */
+-      drop_cap_bounding_set (TRUE);
+      drop_cap_bounding_set (true);
+ 
+       /* Keep only the required capabilities for setup */
+       set_required_caps ();
+@@ -904,7 +904,7 @@ switch_to_user_with_privs (void)
+ {
+   /* If we're in a new user namespace, we got back the bounding set, clear it again */
+   if (opt_unshare_user || opt_userns_fd != -1)
+-    drop_cap_bounding_set (FALSE);
+    drop_cap_bounding_set (false);
+ 
+   /* If we switched to a new user namespace it may allow other uids/gids, so switch to the target one */
+   if (opt_userns_fd != -1)
+@@ -1211,7 +1211,7 @@ setup_newroot (bool unshare_pid,
+             parent_mode &= ~0005U;
+ 
+           dest = get_newroot_path (op->dest);
+-          if (mkdir_with_parents (dest, parent_mode, FALSE) != 0)
+          if (mkdir_with_parents (dest, parent_mode, false) != 0)
+             die_with_error ("Can't mkdir parents for %s", op->dest);
+         }
+ 
+@@ -1761,7 +1761,7 @@ parse_args_recurse (int          *argcp,
+             }
+ 
+           data_argv_copy = data_argv; /* Don't change data_argv, we need to free it */
+-          parse_args_recurse (&data_argc, &data_argv_copy, TRUE, total_parsed_argc_p);
+          parse_args_recurse (&data_argc, &data_argv_copy, true, total_parsed_argc_p);
+ 
+           argv += 1;
+           argc -= 1;
+@@ -1786,45 +1786,45 @@ parse_args_recurse (int          *argcp,
+            */
+           opt_unshare_user_try = opt_unshare_ipc = opt_unshare_pid =
+             opt_unshare_uts = opt_unshare_cgroup_try =
+-            opt_unshare_net = TRUE;
+            opt_unshare_net = true;
+         }
+       /* Begin here the older individual --unshare variants */
+       else if (strcmp (arg, "--unshare-user") == 0)
+         {
+-          opt_unshare_user = TRUE;
+          opt_unshare_user = true;
+         }
+       else if (strcmp (arg, "--unshare-user-try") == 0)
+         {
+-          opt_unshare_user_try = TRUE;
+          opt_unshare_user_try = true;
+         }
+       else if (strcmp (arg, "--unshare-ipc") == 0)
+         {
+-          opt_unshare_ipc = TRUE;
+          opt_unshare_ipc = true;
+         }
+       else if (strcmp (arg, "--unshare-pid") == 0)
+         {
+-          opt_unshare_pid = TRUE;
+          opt_unshare_pid = true;
+         }
+       else if (strcmp (arg, "--unshare-net") == 0)
+         {
+-          opt_unshare_net = TRUE;
+          opt_unshare_net = true;
+         }
+       else if (strcmp (arg, "--unshare-uts") == 0)
+         {
+-          opt_unshare_uts = TRUE;
+          opt_unshare_uts = true;
+         }
+       else if (strcmp (arg, "--unshare-cgroup") == 0)
+         {
+-          opt_unshare_cgroup = TRUE;
+          opt_unshare_cgroup = true;
+         }
+       else if (strcmp (arg, "--unshare-cgroup-try") == 0)
+         {
+-          opt_unshare_cgroup_try = TRUE;
+          opt_unshare_cgroup_try = true;
+         }
+       /* Begin here the newer --share variants */
+       else if (strcmp (arg, "--share-net") == 0)
+         {
+-          opt_unshare_net = FALSE;
+          opt_unshare_net = false;
+         }
+       /* End --share variants, other arguments begin */
+       else if (strcmp (arg, "--chdir") == 0)
+@@ -1841,11 +1841,11 @@ parse_args_recurse (int          *argcp,
+         }
+       else if (strcmp (arg, "--disable-userns") == 0)
+         {
+-          opt_disable_userns = TRUE;
+          opt_disable_userns = true;
+         }
+       else if (strcmp (arg, "--assert-userns-disabled") == 0)
+         {
+-          opt_assert_userns_disabled = TRUE;
+          opt_assert_userns_disabled = true;
+         }
+       else if (strcmp (arg, "--remount-ro") == 0)
+         {
+@@ -1975,7 +1975,7 @@ parse_args_recurse (int          *argcp,
+ 
+           op = setup_op_new (SETUP_MOUNT_DEV);
+           op->dest = argv[1];
+-          opt_needs_devpts = TRUE;
+          opt_needs_devpts = true;
+ 
+           argv += 1;
+           argc -= 1;
+@@ -2425,15 +2425,15 @@ parse_args_recurse (int          *argcp,
+         }
+       else if (strcmp (arg, "--new-session") == 0)
+         {
+-          opt_new_session = TRUE;
+          opt_new_session = true;
+         }
+       else if (strcmp (arg, "--die-with-parent") == 0)
+         {
+-          opt_die_with_parent = TRUE;
+          opt_die_with_parent = true;
+         }
+       else if (strcmp (arg, "--as-pid-1") == 0)
+         {
+-          opt_as_pid_1 = TRUE;
+          opt_as_pid_1 = true;
+         }
+       else if (strcmp (arg, "--cap-add") == 0)
+         {
+@@ -2441,7 +2441,7 @@ parse_args_recurse (int          *argcp,
+           if (argc < 2)
+             die ("--cap-add takes an argument");
+ 
+-          opt_cap_add_or_drop_used = TRUE;
+          opt_cap_add_or_drop_used = true;
+ 
+           if (strcasecmp (argv[1], "ALL") == 0)
+             {
+@@ -2467,7 +2467,7 @@ parse_args_recurse (int          *argcp,
+           if (argc < 2)
+             die ("--cap-drop takes an argument");
+ 
+-          opt_cap_add_or_drop_used = TRUE;
+          opt_cap_add_or_drop_used = true;
+ 
+           if (strcasecmp (argv[1], "ALL") == 0)
+             {
+@@ -2610,7 +2610,7 @@ parse_args (int          *argcp,
+ {
+   int total_parsed_argc = *argcp;
+ 
+-  parse_args_recurse (argcp, argvp, FALSE, &total_parsed_argc);
+  parse_args_recurse (argcp, argvp, false, &total_parsed_argc);
+ }
+ 
+ static void
+@@ -2656,7 +2656,7 @@ namespace_ids_read (pid_t  pid)
+       int r;
+ 
+       /* if we don't unshare this ns, ignore it */
+-      if (do_unshare && *do_unshare == FALSE)
+      if (do_unshare && *do_unshare == false)
+         continue;
+ 
+       r = fstatat (ns_fd, info->name, &st, 0);
+@@ -2691,7 +2691,7 @@ namespace_ids_write (int    fd,
+       output = xasprintf (",%s\"%s-namespace\": %ju",
+                           indent, info->name, nsid);
+ 
+-      dump_info (fd, output, TRUE);
+      dump_info (fd, output, true);
+     }
+ }
+ 
+@@ -2799,18 +2799,18 @@ main (int    argc,
+   /* We have to do this if we weren't installed setuid (and we're not
+    * root), so let's just DWIM */
+   if (!is_privileged && getuid () != 0 && opt_userns_fd == -1)
+-    opt_unshare_user = TRUE;
+    opt_unshare_user = true;
+ 
+ #ifdef ENABLE_REQUIRE_USERNS
+   /* In this build option, we require userns. */
+   if (is_privileged && getuid () != 0 && opt_userns_fd == -1)
+-    opt_unshare_user = TRUE;
+    opt_unshare_user = true;
+ #endif
+ 
+   if (opt_unshare_user_try &&
+       stat ("/proc/self/ns/user", &sbuf) == 0)
+     {
+-      bool disabled = FALSE;
+      bool disabled = false;
+ 
+       /* RHEL7 has a kernel module parameter that lets you enable user namespaces */
+       if (stat ("/sys/module/user_namespace/parameters/enable", &sbuf) == 0)
+@@ -2818,7 +2818,7 @@ main (int    argc,
+           cleanup_free char *enable = NULL;
+           enable = load_file_at (AT_FDCWD, "/sys/module/user_namespace/parameters/enable");
+           if (enable != NULL && enable[0] == 'N')
+-            disabled = TRUE;
+            disabled = true;
+         }
+ 
+       /* Check for max_user_namespaces */
+@@ -2827,7 +2827,7 @@ main (int    argc,
+           cleanup_free char *max_user_ns = NULL;
+           max_user_ns = load_file_at (AT_FDCWD, "/proc/sys/user/max_user_namespaces");
+           if (max_user_ns != NULL && strcmp(max_user_ns, "0\n") == 0)
+-            disabled = TRUE;
+            disabled = true;
+         }
+ 
+       /* Debian lets you disable *unprivileged* user namespaces. However this is not
+@@ -2835,7 +2835,7 @@ main (int    argc,
+          already, and there is not much we can do, its just a non-working setup. */
+ 
+       if (!disabled)
+-        opt_unshare_user = TRUE;
+        opt_unshare_user = true;
+     }
+ 
+   if (argc <= 0)
+@@ -2993,7 +2993,7 @@ main (int    argc,
+            */
+           write_uid_gid_map (ns_uid, real_uid,
+                              ns_gid, real_gid,
+-                             pid, TRUE, opt_needs_devpts);
+                             pid, true, opt_needs_devpts);
+         }
+ 
+       /* Initial launched process, wait for pid 1 or exec:ed command to exit */
+@@ -3002,7 +3002,7 @@ main (int    argc,
+         die_with_error ("Setting userns2 failed");
+ 
+       /* We don't need any privileges in the launcher, drop them immediately. */
+-      drop_privs (FALSE, FALSE);
+      drop_privs (false, false);
+ 
+       /* Optionally bind our lifecycle to that of the parent */
+       handle_die_with_parent ();
+@@ -3010,17 +3010,17 @@ main (int    argc,
+       if (opt_info_fd != -1)
+         {
+           cleanup_free char *output = xasprintf ("{\n    \"child-pid\": %i", pid);
+-          dump_info (opt_info_fd, output, TRUE);
+-          namespace_ids_write (opt_info_fd, FALSE);
+-          dump_info (opt_info_fd, "\n}\n", TRUE);
+          dump_info (opt_info_fd, output, true);
+          namespace_ids_write (opt_info_fd, false);
+          dump_info (opt_info_fd, "\n}\n", true);
+           close (opt_info_fd);
+         }
+       if (opt_json_status_fd != -1)
+         {
+           cleanup_free char *output = xasprintf ("{ \"child-pid\": %i", pid);
+-          dump_info (opt_json_status_fd, output, TRUE);
+-          namespace_ids_write (opt_json_status_fd, TRUE);
+-          dump_info (opt_json_status_fd, " }\n", TRUE);
+          dump_info (opt_json_status_fd, output, true);
+          namespace_ids_write (opt_json_status_fd, true);
+          dump_info (opt_json_status_fd, " }\n", true);
+         }
+ 
+       if (opt_userns_block_fd != -1)
+@@ -3116,7 +3116,7 @@ main (int    argc,
+ 
+       write_uid_gid_map (ns_uid, real_uid,
+                          ns_gid, real_gid,
+-                         -1, TRUE, FALSE);
+                         -1, true, false);
+     }
+ 
+   old_umask = umask (0);
+@@ -3177,7 +3177,7 @@ main (int    argc,
+       if (child == 0)
+         {
+           /* Unprivileged setup process */
+-          drop_privs (FALSE, TRUE);
+          drop_privs (false, true);
+           close (privsep_sockets[0]);
+           setup_newroot (opt_unshare_pid, privsep_sockets[1]);
+           exit (0);
+@@ -3289,11 +3289,11 @@ main (int    argc,
+         die_with_error ("unshare user ns");
+ 
+       /* We're in a new user namespace, we got back the bounding set, clear it again */
+-      drop_cap_bounding_set (FALSE);
+      drop_cap_bounding_set (false);
+ 
+       write_uid_gid_map (opt_sandbox_uid, ns_uid,
+                          opt_sandbox_gid, ns_gid,
+-                         -1, FALSE, FALSE);
+                         -1, false, false);
+     }
+ 
+   if (opt_disable_userns || opt_assert_userns_disabled)
+@@ -3306,7 +3306,7 @@ main (int    argc,
+     }
+ 
+   /* All privileged ops are done now, so drop caps we don't need */
+-  drop_privs (!is_privileged, TRUE);
+  drop_privs (!is_privileged, true);
+ 
+   if (opt_block_fd != -1)
+     {
+@@ -3370,7 +3370,7 @@ main (int    argc,
+ 
+       if (pid != 0)
+         {
+-          drop_all_caps (FALSE);
+          drop_all_caps (false);
+ 
+           /* Close fds in pid 1, except stdio and optionally event_fd
+              (for syncing pid 2 lifetime with monitor_child) and
+diff --git a/utils.c b/utils.c
+index 43c8d79..7c562b1 100644
+--- a/utils.c
+++ b/utils.c
+@@ -206,7 +206,7 @@ bool
+ has_path_prefix (const char *str,
+                  const char *prefix)
+ {
+-  while (TRUE)
+  while (true)
+     {
+       /* Skip consecutive slashes to reach next path
+          element */
+@@ -217,13 +217,13 @@ has_path_prefix (const char *str,
+ 
+       /* No more prefix path elements? Done! */
+       if (*prefix == 0)
+-        return TRUE;
+        return true;
+ 
+       /* Compare path element */
+       while (*prefix != 0 && *prefix != '/')
+         {
+           if (*str != *prefix)
+-            return FALSE;
+            return false;
+           str++;
+           prefix++;
+         }
+@@ -231,7 +231,7 @@ has_path_prefix (const char *str,
+       /* Matched prefix path element,
+          must be entire str path element */
+       if (*str != '/' && *str != 0)
+-        return FALSE;
+        return false;
+     }
+ }
+ 
+@@ -239,7 +239,7 @@ bool
+ path_equal (const char *path1,
+             const char *path2)
+ {
+-  while (TRUE)
+  while (true)
+     {
+       /* Skip consecutive slashes to reach next path
+          element */
+@@ -256,14 +256,14 @@ path_equal (const char *path1,
+       while (*path1 != 0 && *path1 != '/')
+         {
+           if (*path1 != *path2)
+-            return FALSE;
+            return false;
+           path1++;
+           path2++;
+         }
+ 
+       /* Matched path1 path element, must be entire path element */
+       if (*path2 != '/' && *path2 != 0)
+-        return FALSE;
+        return false;
+     }
+ }
+ 
+@@ -526,7 +526,7 @@ copy_file_data (int sfd,
+   char buffer[BUFSIZE];
+   ssize_t bytes_read;
+ 
+-  while (TRUE)
+  while (true)
+     {
+       bytes_read = read (sfd, buffer, BUFSIZE);
+       if (bytes_read == -1)
+diff --git a/utils.h b/utils.h
+index 9f17297..2c37ccb 100644
+--- a/utils.h
+++ b/utils.h
+@@ -24,6 +24,7 @@
+ #include <errno.h>
+ #include <fcntl.h>
+ #include <stdarg.h>
+#include <stdbool.h>
+ #include <stdio.h>
+ #include <stdlib.h>
+ #include <string.h>
+@@ -41,10 +42,6 @@
+ 
+ #define N_ELEMENTS(arr) (sizeof (arr) / sizeof ((arr)[0]))
+ 
+-#define TRUE 1
+-#define FALSE 0
+-typedef int bool;
+-
+ #define PIPE_READ_END 0
+ #define PIPE_WRITE_END 1
+ 
diff --git a/meta-oe/recipes-security/bubblewrap/bubblewrap_0.10.0.bb b/meta-oe/recipes-security/bubblewrap/bubblewrap_0.10.0.bb
index 60155e035b..41ab0cfc32 100644
--- a/meta-oe/recipes-security/bubblewrap/bubblewrap_0.10.0.bb
+++ b/meta-oe/recipes-security/bubblewrap/bubblewrap_0.10.0.bb
@@ -5,7 +5,10 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=5f30f0716dfdd0d91eb439ebec522ec2"
 DEPENDS = "libcap"
-SRC_URI = "https://github.com/containers/${BPN}/releases/download/v${PV}/${BP}.tar.xz"
+SRC_URI = " \
+    https://github.com/containers/${BPN}/releases/download/v${PV}/${BP}.tar.xz \
+    file://0001-Use-stdbool.h-for-booleans.patch \
+"
 SRC_URI[sha256sum] = "65d92cf44a63a51e1b7771f70c05013dce5bd6b0b2841c4b4be54b0c45565471"
 inherit autotools bash-completion github-releases manpages pkgconfig

diff --git a/meta-oe/recipes-security/bubblewrap/bubblewrap/0001-Use-stdbool.h-for-booleans.patch b/meta-oe/recipes-security/bubblewrap/bubblewrap/0001-Use-stdbool.h-for-booleans.patch new file mode 100644 index 0000000000..2566314ce3 --- /dev/null +++ b/meta-oe/recipes-security/bubblewrap/bubblewrap/0001-Use-stdbool.h-for-booleans.patch
@@ -0,0 +1,633 @@
		1	From 4572dd9378c876349e02403cf7f6031c45281f85 Mon Sep 17 00:00:00 2001
		2	From: "Simon McVittie" <smcv@collabora.com>
		3	Date: Tue, 8 Apr 2025 16:29:18 +0900
		4	Subject: [PATCH] Use stdbool.h for booleans
		5
		6	* backport fix from:
		7	https://github.com/containers/bubblewrap/pull/660
		8	But patch rework for this version.
		9	In gcc 15, bool became a reserved keyword in C23, causing conflicts with our custom bool definition.
		10
		11	See also, https://gcc.gnu.org/git/?p=gcc.git;a=commitdiff;h=55e3bd376b2214e200fa76d12b67ff259b06c212
		12
		13	* to fix:
		14	http://errors.yoctoproject.org/Errors/Details/851183/
		15	../bubblewrap-0.10.0/utils.h:46:13: error: 'bool' cannot be defined via 'typedef'
		16	46 \| typedef int bool;
		17	\| ^~~~
		18
		19	Upstream-Status: Backport [https://github.com/containers/bubblewrap/pull/660]
		20	Signed-off-by: mark.yang <mark.yang@lge.com>
		21	---
		22	bind-mount.c \| 20 ++++----
		23	bubblewrap.c \| 134 +++++++++++++++++++++++++--------------------------
		24	utils.c \| 16 +++---
		25	utils.h \| 5 +-
		26	4 files changed, 86 insertions(+), 89 deletions(-)
		27
		28	diff --git a/bind-mount.c b/bind-mount.c
		29	index 2757cae..bf7f68d 100644
		30	--- a/bind-mount.c
		31	+++ b/bind-mount.c
		32	@@ -76,7 +76,7 @@ match_token (const char token, const char token_end, const char *str)
		33	if (token == token_end)
		34	return *str == 0;
		35
		36	- return FALSE;
		37	+ return false;
		38	}
		39
		40	static unsigned long
		41	@@ -281,12 +281,12 @@ parse_mountinfo (int proc_fd,
		42	die ("Can't parse mountinfo line");
		43	rest = line + consumed;
		44
		45	- rest = skip_token (rest, TRUE); /* mountroot */
		46	+ rest = skip_token (rest, true); /* mountroot */
		47	mountpoint = rest;
		48	- rest = skip_token (rest, FALSE); /* mountpoint */
		49	+ rest = skip_token (rest, false); /* mountpoint */
		50	mountpoint_end = rest++;
		51	options = rest;
		52	- rest = skip_token (rest, FALSE); /* vfs options */
		53	+ rest = skip_token (rest, false); /* vfs options */
		54	options_end = rest;
		55
		56	*mountpoint_end = 0;
		57	@@ -324,7 +324,7 @@ parse_mountinfo (int proc_fd,
		58	MountInfoLine *parent = by_id[this->parent_id];
		59	MountInfoLine **to_sibling;
		60	MountInfoLine *sibling;
		61	- bool covered = FALSE;
		62	+ bool covered = false;
		63
		64	if (!has_path_prefix (this->mountpoint, root_mount))
		65	continue;
		66	@@ -333,7 +333,7 @@ parse_mountinfo (int proc_fd,
		67	continue;
		68
		69	if (strcmp (parent->mountpoint, this->mountpoint) == 0)
		70	- parent->covered = TRUE;
		71	+ parent->covered = true;
		72
		73	to_sibling = &parent->first_child;
		74	sibling = parent->first_child;
		75	@@ -344,7 +344,7 @@ parse_mountinfo (int proc_fd,
		76	* covered by the sibling, and we drop it. */
		77	if (has_path_prefix (this->mountpoint, sibling->mountpoint))
		78	{
		79	- covered = TRUE;
		80	+ covered = true;
		81	break;
		82	}
		83
		84	@@ -499,7 +499,7 @@ bind_mount_result_to_string (bind_mount_result res,
		85	bool *want_errno_p)
		86	{
		87	char *string = NULL;
		88	- bool want_errno = TRUE;
		89	+ bool want_errno = true;
		90
		91	switch (res)
		92	{
		93	@@ -521,7 +521,7 @@ bind_mount_result_to_string (bind_mount_result res,
		94
		95	case BIND_MOUNT_ERROR_FIND_DEST_MOUNT:
		96	string = xasprintf ("Unable to find \"%s\" in mount table", failing_path);
		97	- want_errno = FALSE;
		98	+ want_errno = false;
		99	break;
		100
		101	case BIND_MOUNT_ERROR_REMOUNT_DEST:
		102	@@ -557,7 +557,7 @@ die_with_bind_result (bind_mount_result res,
		103	...)
		104	{
		105	va_list args;
		106	- bool want_errno = TRUE;
		107	+ bool want_errno = true;
		108	char *message;
		109
		110	fprintf (stderr, "bwrap: ");
		111	diff --git a/bubblewrap.c b/bubblewrap.c
		112	index bc75da4..1504449 100644
		113	--- a/bubblewrap.c
		114	+++ b/bubblewrap.c
		115	@@ -74,19 +74,19 @@ static bool opt_as_pid_1;
		116
		117	static const char *opt_argv0 = NULL;
		118	static const char *opt_chdir_path = NULL;
		119	-static bool opt_assert_userns_disabled = FALSE;
		120	-static bool opt_disable_userns = FALSE;
		121	-static bool opt_unshare_user = FALSE;
		122	-static bool opt_unshare_user_try = FALSE;
		123	-static bool opt_unshare_pid = FALSE;
		124	-static bool opt_unshare_ipc = FALSE;
		125	-static bool opt_unshare_net = FALSE;
		126	-static bool opt_unshare_uts = FALSE;
		127	-static bool opt_unshare_cgroup = FALSE;
		128	-static bool opt_unshare_cgroup_try = FALSE;
		129	-static bool opt_needs_devpts = FALSE;
		130	-static bool opt_new_session = FALSE;
		131	-static bool opt_die_with_parent = FALSE;
		132	+static bool opt_assert_userns_disabled = false;
		133	+static bool opt_disable_userns = false;
		134	+static bool opt_unshare_user = false;
		135	+static bool opt_unshare_user_try = false;
		136	+static bool opt_unshare_pid = false;
		137	+static bool opt_unshare_ipc = false;
		138	+static bool opt_unshare_net = false;
		139	+static bool opt_unshare_uts = false;
		140	+static bool opt_unshare_cgroup = false;
		141	+static bool opt_unshare_cgroup_try = false;
		142	+static bool opt_needs_devpts = false;
		143	+static bool opt_new_session = false;
		144	+static bool opt_die_with_parent = false;
		145	static uid_t opt_sandbox_uid = -1;
		146	static gid_t opt_sandbox_gid = -1;
		147	static int opt_sync_fd = -1;
		148	@@ -476,7 +476,7 @@ report_child_exit_status (int exitc, int setup_finished_fd)
		149	return;
		150
		151	output = xasprintf ("{ \"exit-code\": %i }\n", exitc);
		152	- dump_info (opt_json_status_fd, output, FALSE);
		153	+ dump_info (opt_json_status_fd, output, false);
		154	close (opt_json_status_fd);
		155	opt_json_status_fd = -1;
		156	close (setup_finished_fd);
		157	@@ -621,7 +621,7 @@ do_init (int event_fd, pid_t initial_pid)
		158
		159	seccomp_programs_apply ();
		160
		161	- while (TRUE)
		162	+ while (true)
		163	{
		164	pid_t child;
		165	int status;
		166	@@ -765,16 +765,16 @@ prctl_caps (uint32_t *caps, bool do_cap_bounding, bool do_set_ambient)
		167	*/
		168	for (cap = 0; cap <= CAP_LAST_CAP; cap++)
		169	{
		170	- bool keep = FALSE;
		171	+ bool keep = false;
		172	if (cap < 32)
		173	{
		174	if (CAP_TO_MASK_0 (cap) & caps[0])
		175	- keep = TRUE;
		176	+ keep = true;
		177	}
		178	else
		179	{
		180	if (CAP_TO_MASK_1 (cap) & caps[1])
		181	- keep = TRUE;
		182	+ keep = true;
		183	}
		184
		185	if (keep && do_set_ambient)
		186	@@ -803,11 +803,11 @@ static void
		187	drop_cap_bounding_set (bool drop_all)
		188	{
		189	if (!drop_all)
		190	- prctl_caps (requested_caps, TRUE, FALSE);
		191	+ prctl_caps (requested_caps, true, false);
		192	else
		193	{
		194	uint32_t no_caps[2] = {0, 0};
		195	- prctl_caps (no_caps, TRUE, FALSE);
		196	+ prctl_caps (no_caps, true, false);
		197	}
		198	}
		199
		200	@@ -816,7 +816,7 @@ set_ambient_capabilities (void)
		201	{
		202	if (is_privileged)
		203	return;
		204	- prctl_caps (requested_caps, FALSE, TRUE);
		205	+ prctl_caps (requested_caps, false, true);
		206	}
		207
		208	/* This acquires the privileges that the bwrap will need it to work.
		209	@@ -846,7 +846,7 @@ acquire_privs (void)
		210	if (euid != 0)
		211	die ("Unexpected setuid user %d, should be 0", euid);
		212
		213	- is_privileged = TRUE;
		214	+ is_privileged = true;
		215	/* We want to keep running as euid=0 until at the clone()
		216	* operation because doing so will make the user namespace be
		217	* owned by root, which makes it not ptrace:able by the user as
		218	@@ -867,7 +867,7 @@ acquire_privs (void)
		219	die ("Unable to set fsuid (was %d)", (int)new_fsuid);
		220
		221	/* We never need capabilities after execve(), so lets drop everything from the bounding set */
		222	- drop_cap_bounding_set (TRUE);
		223	+ drop_cap_bounding_set (true);
		224
		225	/* Keep only the required capabilities for setup */
		226	set_required_caps ();
		227	@@ -904,7 +904,7 @@ switch_to_user_with_privs (void)
		228	{
		229	/* If we're in a new user namespace, we got back the bounding set, clear it again */
		230	if (opt_unshare_user \|\| opt_userns_fd != -1)
		231	- drop_cap_bounding_set (FALSE);
		232	+ drop_cap_bounding_set (false);
		233
		234	/* If we switched to a new user namespace it may allow other uids/gids, so switch to the target one */
		235	if (opt_userns_fd != -1)
		236	@@ -1211,7 +1211,7 @@ setup_newroot (bool unshare_pid,
		237	parent_mode &= ~0005U;
		238
		239	dest = get_newroot_path (op->dest);
		240	- if (mkdir_with_parents (dest, parent_mode, FALSE) != 0)
		241	+ if (mkdir_with_parents (dest, parent_mode, false) != 0)
		242	die_with_error ("Can't mkdir parents for %s", op->dest);
		243	}
		244
		245	@@ -1761,7 +1761,7 @@ parse_args_recurse (int *argcp,
		246	}
		247
		248	data_argv_copy = data_argv; /* Don't change data_argv, we need to free it */
		249	- parse_args_recurse (&data_argc, &data_argv_copy, TRUE, total_parsed_argc_p);
		250	+ parse_args_recurse (&data_argc, &data_argv_copy, true, total_parsed_argc_p);
		251
		252	argv += 1;
		253	argc -= 1;
		254	@@ -1786,45 +1786,45 @@ parse_args_recurse (int *argcp,
		255	*/
		256	opt_unshare_user_try = opt_unshare_ipc = opt_unshare_pid =
		257	opt_unshare_uts = opt_unshare_cgroup_try =
		258	- opt_unshare_net = TRUE;
		259	+ opt_unshare_net = true;
		260	}
		261	/* Begin here the older individual --unshare variants */
		262	else if (strcmp (arg, "--unshare-user") == 0)
		263	{
		264	- opt_unshare_user = TRUE;
		265	+ opt_unshare_user = true;
		266	}
		267	else if (strcmp (arg, "--unshare-user-try") == 0)
		268	{
		269	- opt_unshare_user_try = TRUE;
		270	+ opt_unshare_user_try = true;
		271	}
		272	else if (strcmp (arg, "--unshare-ipc") == 0)
		273	{
		274	- opt_unshare_ipc = TRUE;
		275	+ opt_unshare_ipc = true;
		276	}
		277	else if (strcmp (arg, "--unshare-pid") == 0)
		278	{
		279	- opt_unshare_pid = TRUE;
		280	+ opt_unshare_pid = true;
		281	}
		282	else if (strcmp (arg, "--unshare-net") == 0)
		283	{
		284	- opt_unshare_net = TRUE;
		285	+ opt_unshare_net = true;
		286	}
		287	else if (strcmp (arg, "--unshare-uts") == 0)
		288	{
		289	- opt_unshare_uts = TRUE;
		290	+ opt_unshare_uts = true;
		291	}
		292	else if (strcmp (arg, "--unshare-cgroup") == 0)
		293	{
		294	- opt_unshare_cgroup = TRUE;
		295	+ opt_unshare_cgroup = true;
		296	}
		297	else if (strcmp (arg, "--unshare-cgroup-try") == 0)
		298	{
		299	- opt_unshare_cgroup_try = TRUE;
		300	+ opt_unshare_cgroup_try = true;
		301	}
		302	/* Begin here the newer --share variants */
		303	else if (strcmp (arg, "--share-net") == 0)
		304	{
		305	- opt_unshare_net = FALSE;
		306	+ opt_unshare_net = false;
		307	}
		308	/* End --share variants, other arguments begin */
		309	else if (strcmp (arg, "--chdir") == 0)
		310	@@ -1841,11 +1841,11 @@ parse_args_recurse (int *argcp,
		311	}
		312	else if (strcmp (arg, "--disable-userns") == 0)
		313	{
		314	- opt_disable_userns = TRUE;
		315	+ opt_disable_userns = true;
		316	}
		317	else if (strcmp (arg, "--assert-userns-disabled") == 0)
		318	{
		319	- opt_assert_userns_disabled = TRUE;
		320	+ opt_assert_userns_disabled = true;
		321	}
		322	else if (strcmp (arg, "--remount-ro") == 0)
		323	{
		324	@@ -1975,7 +1975,7 @@ parse_args_recurse (int *argcp,
		325
		326	op = setup_op_new (SETUP_MOUNT_DEV);
		327	op->dest = argv[1];
		328	- opt_needs_devpts = TRUE;
		329	+ opt_needs_devpts = true;
		330
		331	argv += 1;
		332	argc -= 1;
		333	@@ -2425,15 +2425,15 @@ parse_args_recurse (int *argcp,
		334	}
		335	else if (strcmp (arg, "--new-session") == 0)
		336	{
		337	- opt_new_session = TRUE;
		338	+ opt_new_session = true;
		339	}
		340	else if (strcmp (arg, "--die-with-parent") == 0)
		341	{
		342	- opt_die_with_parent = TRUE;
		343	+ opt_die_with_parent = true;
		344	}
		345	else if (strcmp (arg, "--as-pid-1") == 0)
		346	{
		347	- opt_as_pid_1 = TRUE;
		348	+ opt_as_pid_1 = true;
		349	}
		350	else if (strcmp (arg, "--cap-add") == 0)
		351	{
		352	@@ -2441,7 +2441,7 @@ parse_args_recurse (int *argcp,
		353	if (argc < 2)
		354	die ("--cap-add takes an argument");
		355
		356	- opt_cap_add_or_drop_used = TRUE;
		357	+ opt_cap_add_or_drop_used = true;
		358
		359	if (strcasecmp (argv[1], "ALL") == 0)
		360	{
		361	@@ -2467,7 +2467,7 @@ parse_args_recurse (int *argcp,
		362	if (argc < 2)
		363	die ("--cap-drop takes an argument");
		364
		365	- opt_cap_add_or_drop_used = TRUE;
		366	+ opt_cap_add_or_drop_used = true;
		367
		368	if (strcasecmp (argv[1], "ALL") == 0)
		369	{
		370	@@ -2610,7 +2610,7 @@ parse_args (int *argcp,
		371	{
		372	int total_parsed_argc = *argcp;
		373
		374	- parse_args_recurse (argcp, argvp, FALSE, &total_parsed_argc);
		375	+ parse_args_recurse (argcp, argvp, false, &total_parsed_argc);
		376	}
		377
		378	static void
		379	@@ -2656,7 +2656,7 @@ namespace_ids_read (pid_t pid)
		380	int r;
		381
		382	/* if we don't unshare this ns, ignore it */
		383	- if (do_unshare && *do_unshare == FALSE)
		384	+ if (do_unshare && *do_unshare == false)
		385	continue;
		386
		387	r = fstatat (ns_fd, info->name, &st, 0);
		388	@@ -2691,7 +2691,7 @@ namespace_ids_write (int fd,
		389	output = xasprintf (",%s\"%s-namespace\": %ju",
		390	indent, info->name, nsid);
		391
		392	- dump_info (fd, output, TRUE);
		393	+ dump_info (fd, output, true);
		394	}
		395	}
		396
		397	@@ -2799,18 +2799,18 @@ main (int argc,
		398	/* We have to do this if we weren't installed setuid (and we're not
		399	* root), so let's just DWIM */
		400	if (!is_privileged && getuid () != 0 && opt_userns_fd == -1)
		401	- opt_unshare_user = TRUE;
		402	+ opt_unshare_user = true;
		403
		404	#ifdef ENABLE_REQUIRE_USERNS
		405	/* In this build option, we require userns. */
		406	if (is_privileged && getuid () != 0 && opt_userns_fd == -1)
		407	- opt_unshare_user = TRUE;
		408	+ opt_unshare_user = true;
		409	#endif
		410
		411	if (opt_unshare_user_try &&
		412	stat ("/proc/self/ns/user", &sbuf) == 0)
		413	{
		414	- bool disabled = FALSE;
		415	+ bool disabled = false;
		416
		417	/* RHEL7 has a kernel module parameter that lets you enable user namespaces */
		418	if (stat ("/sys/module/user_namespace/parameters/enable", &sbuf) == 0)
		419	@@ -2818,7 +2818,7 @@ main (int argc,
		420	cleanup_free char *enable = NULL;
		421	enable = load_file_at (AT_FDCWD, "/sys/module/user_namespace/parameters/enable");
		422	if (enable != NULL && enable[0] == 'N')
		423	- disabled = TRUE;
		424	+ disabled = true;
		425	}
		426
		427	/* Check for max_user_namespaces */
		428	@@ -2827,7 +2827,7 @@ main (int argc,
		429	cleanup_free char *max_user_ns = NULL;
		430	max_user_ns = load_file_at (AT_FDCWD, "/proc/sys/user/max_user_namespaces");
		431	if (max_user_ns != NULL && strcmp(max_user_ns, "0\n") == 0)
		432	- disabled = TRUE;
		433	+ disabled = true;
		434	}
		435
		436	/* Debian lets you disable unprivileged user namespaces. However this is not
		437	@@ -2835,7 +2835,7 @@ main (int argc,
		438	already, and there is not much we can do, its just a non-working setup. */
		439
		440	if (!disabled)
		441	- opt_unshare_user = TRUE;
		442	+ opt_unshare_user = true;
		443	}
		444
		445	if (argc <= 0)
		446	@@ -2993,7 +2993,7 @@ main (int argc,
		447	*/
		448	write_uid_gid_map (ns_uid, real_uid,
		449	ns_gid, real_gid,
		450	- pid, TRUE, opt_needs_devpts);
		451	+ pid, true, opt_needs_devpts);
		452	}
		453
		454	/* Initial launched process, wait for pid 1 or exec:ed command to exit */
		455	@@ -3002,7 +3002,7 @@ main (int argc,
		456	die_with_error ("Setting userns2 failed");
		457
		458	/* We don't need any privileges in the launcher, drop them immediately. */
		459	- drop_privs (FALSE, FALSE);
		460	+ drop_privs (false, false);
		461
		462	/* Optionally bind our lifecycle to that of the parent */
		463	handle_die_with_parent ();
		464	@@ -3010,17 +3010,17 @@ main (int argc,
		465	if (opt_info_fd != -1)
		466	{
		467	cleanup_free char *output = xasprintf ("{\n \"child-pid\": %i", pid);
		468	- dump_info (opt_info_fd, output, TRUE);
		469	- namespace_ids_write (opt_info_fd, FALSE);
		470	- dump_info (opt_info_fd, "\n}\n", TRUE);
		471	+ dump_info (opt_info_fd, output, true);
		472	+ namespace_ids_write (opt_info_fd, false);
		473	+ dump_info (opt_info_fd, "\n}\n", true);
		474	close (opt_info_fd);
		475	}
		476	if (opt_json_status_fd != -1)
		477	{
		478	cleanup_free char *output = xasprintf ("{ \"child-pid\": %i", pid);
		479	- dump_info (opt_json_status_fd, output, TRUE);
		480	- namespace_ids_write (opt_json_status_fd, TRUE);
		481	- dump_info (opt_json_status_fd, " }\n", TRUE);
		482	+ dump_info (opt_json_status_fd, output, true);
		483	+ namespace_ids_write (opt_json_status_fd, true);
		484	+ dump_info (opt_json_status_fd, " }\n", true);
		485	}
		486
		487	if (opt_userns_block_fd != -1)
		488	@@ -3116,7 +3116,7 @@ main (int argc,
		489
		490	write_uid_gid_map (ns_uid, real_uid,
		491	ns_gid, real_gid,
		492	- -1, TRUE, FALSE);
		493	+ -1, true, false);
		494	}
		495
		496	old_umask = umask (0);
		497	@@ -3177,7 +3177,7 @@ main (int argc,
		498	if (child == 0)
		499	{
		500	/* Unprivileged setup process */
		501	- drop_privs (FALSE, TRUE);
		502	+ drop_privs (false, true);
		503	close (privsep_sockets[0]);
		504	setup_newroot (opt_unshare_pid, privsep_sockets[1]);
		505	exit (0);
		506	@@ -3289,11 +3289,11 @@ main (int argc,
		507	die_with_error ("unshare user ns");
		508
		509	/* We're in a new user namespace, we got back the bounding set, clear it again */
		510	- drop_cap_bounding_set (FALSE);
		511	+ drop_cap_bounding_set (false);
		512
		513	write_uid_gid_map (opt_sandbox_uid, ns_uid,
		514	opt_sandbox_gid, ns_gid,
		515	- -1, FALSE, FALSE);
		516	+ -1, false, false);
		517	}
		518
		519	if (opt_disable_userns \|\| opt_assert_userns_disabled)
		520	@@ -3306,7 +3306,7 @@ main (int argc,
		521	}
		522
		523	/* All privileged ops are done now, so drop caps we don't need */
		524	- drop_privs (!is_privileged, TRUE);
		525	+ drop_privs (!is_privileged, true);
		526
		527	if (opt_block_fd != -1)
		528	{
		529	@@ -3370,7 +3370,7 @@ main (int argc,
		530
		531	if (pid != 0)
		532	{
		533	- drop_all_caps (FALSE);
		534	+ drop_all_caps (false);
		535
		536	/* Close fds in pid 1, except stdio and optionally event_fd
		537	(for syncing pid 2 lifetime with monitor_child) and
		538	diff --git a/utils.c b/utils.c
		539	index 43c8d79..7c562b1 100644
		540	--- a/utils.c
		541	+++ b/utils.c
		542	@@ -206,7 +206,7 @@ bool
		543	has_path_prefix (const char *str,
		544	const char *prefix)
		545	{
		546	- while (TRUE)
		547	+ while (true)
		548	{
		549	/* Skip consecutive slashes to reach next path
		550	element */
		551	@@ -217,13 +217,13 @@ has_path_prefix (const char *str,
		552
		553	/* No more prefix path elements? Done! */
		554	if (*prefix == 0)
		555	- return TRUE;
		556	+ return true;
		557
		558	/* Compare path element */
		559	while (prefix != 0 && prefix != '/')
		560	{
		561	if (str != prefix)
		562	- return FALSE;
		563	+ return false;
		564	str++;
		565	prefix++;
		566	}
		567	@@ -231,7 +231,7 @@ has_path_prefix (const char *str,
		568	/* Matched prefix path element,
		569	must be entire str path element */
		570	if (str != '/' && str != 0)
		571	- return FALSE;
		572	+ return false;
		573	}
		574	}
		575
		576	@@ -239,7 +239,7 @@ bool
		577	path_equal (const char *path1,
		578	const char *path2)
		579	{
		580	- while (TRUE)
		581	+ while (true)
		582	{
		583	/* Skip consecutive slashes to reach next path
		584	element */
		585	@@ -256,14 +256,14 @@ path_equal (const char *path1,
		586	while (path1 != 0 && path1 != '/')
		587	{
		588	if (path1 != path2)
		589	- return FALSE;
		590	+ return false;
		591	path1++;
		592	path2++;
		593	}
		594
		595	/* Matched path1 path element, must be entire path element */
		596	if (path2 != '/' && path2 != 0)
		597	- return FALSE;
		598	+ return false;
		599	}
		600	}
		601
		602	@@ -526,7 +526,7 @@ copy_file_data (int sfd,
		603	char buffer[BUFSIZE];
		604	ssize_t bytes_read;
		605
		606	- while (TRUE)
		607	+ while (true)
		608	{
		609	bytes_read = read (sfd, buffer, BUFSIZE);
		610	if (bytes_read == -1)
		611	diff --git a/utils.h b/utils.h
		612	index 9f17297..2c37ccb 100644
		613	--- a/utils.h
		614	+++ b/utils.h
		615	@@ -24,6 +24,7 @@
		616	#include <errno.h>
		617	#include <fcntl.h>
		618	#include <stdarg.h>
		619	+#include <stdbool.h>
		620	#include <stdio.h>
		621	#include <stdlib.h>
		622	#include <string.h>
		623	@@ -41,10 +42,6 @@
		624
		625	#define N_ELEMENTS(arr) (sizeof (arr) / sizeof ((arr)[0]))
		626
		627	-#define TRUE 1
		628	-#define FALSE 0
		629	-typedef int bool;
		630	-
		631	#define PIPE_READ_END 0
		632	#define PIPE_WRITE_END 1
		633


diff --git a/meta-oe/recipes-security/bubblewrap/bubblewrap_0.10.0.bb b/meta-oe/recipes-security/bubblewrap/bubblewrap_0.10.0.bb index 60155e035b..41ab0cfc32 100644 --- a/meta-oe/recipes-security/bubblewrap/bubblewrap_0.10.0.bb +++ b/meta-oe/recipes-security/bubblewrap/bubblewrap_0.10.0.bb
@@ -5,7 +5,10 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=5f30f0716dfdd0d91eb439ebec522ec2"
5		5
6	DEPENDS = "libcap"	6	DEPENDS = "libcap"
7		7
8	SRC_URI = "https://github.com/containers/${BPN}/releases/download/v${PV}/${BP}.tar.xz"	8	SRC_URI = " \
		9	https://github.com/containers/${BPN}/releases/download/v${PV}/${BP}.tar.xz \
		10	file://0001-Use-stdbool.h-for-booleans.patch \
		11	"
9	SRC_URI[sha256sum] = "65d92cf44a63a51e1b7771f70c05013dce5bd6b0b2841c4b4be54b0c45565471"	12	SRC_URI[sha256sum] = "65d92cf44a63a51e1b7771f70c05013dce5bd6b0b2841c4b4be54b0c45565471"
10		13
11	inherit autotools bash-completion github-releases manpages pkgconfig	14	inherit autotools bash-completion github-releases manpages pkgconfig