mirror of
https://github.com/openai/codex.git
synced 2026-05-15 16:53:05 +00:00
123ec8b035
## Why `codex-rs/vendor/bubblewrap` had fallen behind upstream, and upstream `v0.11.2` is the current Bubblewrap release. The release is a security update for `CVE-2026-41163`, affecting setuid Bubblewrap builds, and deprecates setuid support in favor of the default non-setuid build mode. ## What changed - Refreshed the vendored Bubblewrap sources under `codex-rs/vendor/bubblewrap` to upstream `v0.11.2`. - Brought in the upstream `-Dsupport_setuid` build option, which defaults setuid support off. - Updated vendored release notes and documentation files included with Bubblewrap. ## Verification Not run locally; this PR only refreshes the vendored upstream Bubblewrap source snapshot. Upstream release: https://github.com/containers/bubblewrap/releases/tag/v0.11.2
777 B
777 B
bubblewrap release checklist
- Collect release notes in
NEWS.md - Update version number in
meson.buildand release date inNEWS.md - Commit the changes
meson dist -C ${builddir}- Do any final smoke-testing, e.g. update a package, install and test it
git evtag sign v$VERSION- Include the release notes from
NEWS.mdin the tag message
- Include the release notes from
git push --atomic origin main v$VERSION- https://github.com/containers/bubblewrap/releases/new
- Fill in the new version's tag in the "Tag version" box
- Title:
$VERSION - Copy the release notes into the description
- Upload the tarball that you built with
meson dist - Get the
sha256sumof the tarball and append it to the description Publish release