commit: ed3b50be88c8c1c62c38c959919de131838e3855
parent ea3cbbd89c92c107b719e121e2675d22a75585f7
Author: Michael Forney <mforney@mforney.org>
Date: Sun, 2 Feb 2025 01:46:07 -0800
bubblewrap: Update to 0.11.0
Diffstat:
8 files changed, 397 insertions(+), 82 deletions(-)
diff --git a/pkg/bubblewrap/config.h b/pkg/bubblewrap/config.h
@@ -1 +1 @@
-#define PACKAGE_STRING "bubblewrap 0.8.0"
+#define PACKAGE_STRING "bubblewrap 0.11.0"
diff --git a/pkg/bubblewrap/patch/0001-utils-Avoid-unnecessary-VLAs.patch b/pkg/bubblewrap/patch/0001-utils-Avoid-unnecessary-VLAs.patch
@@ -1,4 +1,4 @@
-From f399ecdc5cc4a3d6563b9ea3c8984c3832d655ea Mon Sep 17 00:00:00 2001
+From 5b70e5f6af8d0688b8947c649acc2904cce96d3b Mon Sep 17 00:00:00 2001
From: Michael Forney <mforney@mforney.org>
Date: Tue, 4 Jul 2023 10:44:15 -0700
Subject: [PATCH] utils: Avoid unnecessary VLAs
@@ -8,18 +8,18 @@ Subject: [PATCH] utils: Avoid unnecessary VLAs
1 file changed, 4 insertions(+), 6 deletions(-)
diff --git a/utils.c b/utils.c
-index 693273b..6845283 100644
+index 51875ae..8ab89bb 100644
--- a/utils.c
+++ b/utils.c
-@@ -727,15 +727,14 @@ send_pid_on_socket (int socket)
+@@ -758,15 +758,14 @@ send_pid_on_socket (int sockfd)
char buf[1] = { 0 };
struct msghdr msg = {};
struct iovec iov = { buf, sizeof (buf) };
- const ssize_t control_len_snd = CMSG_SPACE(sizeof(struct ucred));
-- char control_buf_snd[control_len_snd];
-+ char control_buf_snd[CMSG_SPACE(sizeof(struct ucred))];
+- _Alignas(struct cmsghdr) char control_buf_snd[control_len_snd];
++ _Alignas(struct cmsghdr) char control_buf_snd[CMSG_SPACE(sizeof(struct ucred))];
struct cmsghdr *cmsg;
- struct ucred *cred;
+ struct ucred cred;
msg.msg_iov = &iov;
msg.msg_iovlen = 1;
@@ -29,13 +29,13 @@ index 693273b..6845283 100644
cmsg = CMSG_FIRSTHDR(&msg);
cmsg->cmsg_level = SOL_SOCKET;
-@@ -769,14 +768,13 @@ read_pid_from_socket (int socket)
+@@ -800,14 +799,13 @@ read_pid_from_socket (int sockfd)
char recv_buf[1] = { 0 };
struct msghdr msg = {};
struct iovec iov = { recv_buf, sizeof (recv_buf) };
- const ssize_t control_len_rcv = CMSG_SPACE(sizeof(struct ucred));
-- char control_buf_rcv[control_len_rcv];
-+ char control_buf_rcv[CMSG_SPACE(sizeof(struct ucred))];
+- _Alignas(struct cmsghdr) char control_buf_rcv[control_len_rcv];
++ _Alignas(struct cmsghdr) char control_buf_rcv[CMSG_SPACE(sizeof(struct ucred))];
struct cmsghdr* cmsg;
msg.msg_iov = &iov;
@@ -44,8 +44,8 @@ index 693273b..6845283 100644
- msg.msg_controllen = control_len_rcv;
+ msg.msg_controllen = sizeof (control_buf_rcv);
- if (recvmsg (socket, &msg, 0) < 0)
+ if (TEMP_FAILURE_RETRY (recvmsg (sockfd, &msg, 0)) < 0)
die_with_error ("Can't read pid from socket");
--
-2.37.3
+2.44.0
diff --git a/pkg/bubblewrap/patch/0002-Break-up-long-string-literal.patch b/pkg/bubblewrap/patch/0002-Break-up-long-string-literal.patch
@@ -1,4 +1,4 @@
-From 21b0b65179640a795394a9664862d797aaca9120 Mon Sep 17 00:00:00 2001
+From c1dc134f5f2591d364907a2e6102848d76c762a7 Mon Sep 17 00:00:00 2001
From: Michael Forney <mforney@mforney.org>
Date: Tue, 4 Jul 2023 18:57:02 -0700
Subject: [PATCH] Break up long string literal
@@ -8,18 +8,18 @@ Subject: [PATCH] Break up long string literal
1 file changed, 2 insertions(+)
diff --git a/bubblewrap.c b/bubblewrap.c
-index 8322ea0..ceb4beb 100644
+index f8728c7..d834618 100644
--- a/bubblewrap.c
+++ b/bubblewrap.c
-@@ -339,6 +339,8 @@ usage (int ecode, FILE *out)
+@@ -340,6 +340,8 @@ usage (int ecode, FILE *out)
" --dev-bind-try SRC DEST Equal to --dev-bind but ignores non-existent SRC\n"
" --ro-bind SRC DEST Bind mount the host path SRC readonly on DEST\n"
" --ro-bind-try SRC DEST Equal to --ro-bind but ignores non-existent SRC\n"
+ );
+ fprintf (out,
+ " --bind-fd FD DEST Bind open directory or path fd on DEST\n"
+ " --ro-bind-fd FD DEST Bind open directory or path fd read-only on DEST\n"
" --remount-ro DEST Remount DEST as readonly; does not recursively remount\n"
- " --exec-label LABEL Exec label for the sandbox\n"
- " --file-label LABEL File label for temporary sandbox content\n"
--
-2.37.3
+2.44.0
diff --git a/pkg/bubblewrap/patch/0003-Avoid-statement-expressions-for-TEMP_FAILURE_RETRY.patch b/pkg/bubblewrap/patch/0003-Avoid-statement-expressions-for-TEMP_FAILURE_RETRY.patch
@@ -1,63 +0,0 @@
-From 095786df5a2eb12f7996a183a16912cbb8368105 Mon Sep 17 00:00:00 2001
-From: Michael Forney <mforney@mforney.org>
-Date: Tue, 4 Jul 2023 19:04:48 -0700
-Subject: [PATCH] Avoid statement expressions for TEMP_FAILURE_RETRY
-
----
- bubblewrap.c | 19 ++++++++-----------
- 1 file changed, 8 insertions(+), 11 deletions(-)
-
-diff --git a/bubblewrap.c b/bubblewrap.c
-index ceb4beb..608009d 100644
---- a/bubblewrap.c
-+++ b/bubblewrap.c
-@@ -44,14 +44,6 @@
- #define CLONE_NEWCGROUP 0x02000000 /* New cgroup namespace */
- #endif
-
--#ifndef TEMP_FAILURE_RETRY
--#define TEMP_FAILURE_RETRY(expression) \
-- (__extension__ \
-- ({ long int __result; \
-- do __result = (long int) (expression); \
-- while (__result == -1L && errno == EINTR); \
-- __result; }))
--#endif
-
- /* We limit the size of a tmpfs to half the architecture's address space,
- * to avoid hitting arbitrary limits in the kernel.
-@@ -467,7 +459,8 @@ report_child_exit_status (int exitc, int setup_finished_fd)
- if (opt_json_status_fd == -1 || setup_finished_fd == -1)
- return;
-
-- s = TEMP_FAILURE_RETRY (read (setup_finished_fd, data, sizeof data));
-+ do s = read (setup_finished_fd, data, sizeof data);
-+ while (s == -1 && errno == EINTR);
- if (s == -1 && errno != EAGAIN)
- die_with_error ("read eventfd");
- if (s != 1) // Is 0 if pipe closed before exec, is 2 if closed after exec.
-@@ -2953,7 +2946,9 @@ main (int argc,
- if (opt_userns_block_fd != -1)
- {
- char b[1];
-- (void) TEMP_FAILURE_RETRY (read (opt_userns_block_fd, b, 1));
-+ ssize_t s;
-+ do s = read (opt_userns_block_fd, b, 1);
-+ while (s == -1 && errno == EINTR);
- close (opt_userns_block_fd);
- }
-
-@@ -3238,7 +3233,9 @@ main (int argc,
- if (opt_block_fd != -1)
- {
- char b[1];
-- (void) TEMP_FAILURE_RETRY (read (opt_block_fd, b, 1));
-+ ssize_t s;
-+ do s = read (opt_block_fd, b, 1);
-+ while (s == -1 && errno == EINTR);
- close (opt_block_fd);
- }
-
---
-2.37.3
-
diff --git a/pkg/bubblewrap/patch/0003-Use-external-string-to-cap-function.patch b/pkg/bubblewrap/patch/0003-Use-external-string-to-cap-function.patch
@@ -0,0 +1,75 @@
+From 0859d2570ddc7ff9ff5c7dc1309dea88eef2168a Mon Sep 17 00:00:00 2001
+From: Michael Forney <mforney@mforney.org>
+Date: Tue, 4 Jul 2023 19:20:51 -0700
+Subject: [PATCH] Use external string-to-cap function
+
+---
+ bubblewrap.c | 16 +++++++++++-----
+ 1 file changed, 11 insertions(+), 5 deletions(-)
+
+diff --git a/bubblewrap.c b/bubblewrap.c
+index d834618..bc53891 100644
+--- a/bubblewrap.c
++++ b/bubblewrap.c
+@@ -30,8 +30,8 @@
+ #include <sys/eventfd.h>
+ #include <sys/fsuid.h>
+ #include <sys/signalfd.h>
+-#include <sys/capability.h>
+ #include <sys/prctl.h>
++#include <linux/capability.h>
+ #include <linux/sched.h>
+ #include <linux/seccomp.h>
+ #include <linux/filter.h>
+@@ -44,6 +44,10 @@
+ #define CLONE_NEWCGROUP 0x02000000 /* New cgroup namespace */
+ #endif
+
++int capset(void *, void *);
++int capget(void *, void *);
++int cap_from_name(const char *);
++
+ /* We limit the size of a tmpfs to half the architecture's address space,
+ * to avoid hitting arbitrary limits in the kernel.
+ * For example, on at least one x86_64 machine, the actual limit seems to be
+@@ -2604,7 +2608,7 @@ parse_args_recurse (int *argcp,
+ }
+ else if (strcmp (arg, "--cap-add") == 0)
+ {
+- cap_value_t cap;
++ int cap;
+ if (argc < 2)
+ die ("--cap-add takes an argument");
+
+@@ -2616,7 +2620,8 @@ parse_args_recurse (int *argcp,
+ }
+ else
+ {
+- if (cap_from_name (argv[1], &cap) < 0)
++ cap = cap_from_name (argv[1]);
++ if (cap < 0)
+ die ("unknown cap: %s", argv[1]);
+
+ if (cap < 32)
+@@ -2630,7 +2635,7 @@ parse_args_recurse (int *argcp,
+ }
+ else if (strcmp (arg, "--cap-drop") == 0)
+ {
+- cap_value_t cap;
++ int cap;
+ if (argc < 2)
+ die ("--cap-drop takes an argument");
+
+@@ -2642,7 +2647,8 @@ parse_args_recurse (int *argcp,
+ }
+ else
+ {
+- if (cap_from_name (argv[1], &cap) < 0)
++ cap = cap_from_name (argv[1]);
++ if (cap < 0)
+ die ("unknown cap: %s", argv[1]);
+
+ if (cap < 32)
+--
+2.44.0
+
diff --git a/pkg/bubblewrap/patch/0004-Revert-Handle-EINTR-when-doing-I-O-on-files-or-socke.patch b/pkg/bubblewrap/patch/0004-Revert-Handle-EINTR-when-doing-I-O-on-files-or-socke.patch
@@ -0,0 +1,238 @@
+From bbe8e2f75800633c251adbb34f7f9a1632a0d22a Mon Sep 17 00:00:00 2001
+From: Michael Forney <mforney@mforney.org>
+Date: Sun, 2 Feb 2025 01:34:54 -0800
+Subject: [PATCH] Revert "Handle EINTR when doing I/O on files or sockets"
+
+This reverts commit 0c9646573f140d415cf790310ed17c2ab89f64a3.
+---
+ bind-mount.c | 2 +-
+ bubblewrap.c | 26 +++++++++++++-------------
+ network.c | 6 +++---
+ utils.c | 16 ++++++++--------
+ 4 files changed, 25 insertions(+), 25 deletions(-)
+
+diff --git a/bind-mount.c b/bind-mount.c
+index a2e1ac6..c1aa9ce 100644
+--- a/bind-mount.c
++++ b/bind-mount.c
+@@ -405,7 +405,7 @@ bind_mount (int proc_fd,
+ if (resolved_dest == NULL)
+ return BIND_MOUNT_ERROR_REALPATH_DEST;
+
+- dest_fd = TEMP_FAILURE_RETRY (open (resolved_dest, O_PATH | O_CLOEXEC));
++ dest_fd = open (resolved_dest, O_PATH | O_CLOEXEC);
+ if (dest_fd < 0)
+ {
+ if (failing_path != NULL)
+diff --git a/bubblewrap.c b/bubblewrap.c
+index bc53891..4848713 100644
+--- a/bubblewrap.c
++++ b/bubblewrap.c
+@@ -608,7 +608,7 @@ do_init (int event_fd, pid_t initial_pid)
+
+ for (lock = lock_files; lock != NULL; lock = lock->next)
+ {
+- int fd = TEMP_FAILURE_RETRY (open (lock->path, O_RDONLY | O_CLOEXEC));
++ int fd = open (lock->path, O_RDONLY | O_CLOEXEC);
+ if (fd == -1)
+ die_with_error ("Unable to open lock file %s", lock->path);
+
+@@ -619,7 +619,7 @@ do_init (int event_fd, pid_t initial_pid)
+ .l_len = 0
+ };
+
+- if (TEMP_FAILURE_RETRY (fcntl (fd, F_SETLK, &l)) < 0)
++ if (fcntl (fd, F_SETLK, &l) < 0)
+ die_with_error ("Unable to lock file %s", lock->path);
+
+ /* Keep fd open to hang on to lock */
+@@ -636,7 +636,7 @@ do_init (int event_fd, pid_t initial_pid)
+ pid_t child;
+ int status;
+
+- child = TEMP_FAILURE_RETRY (wait (&status));
++ child = wait (&status);
+ if (child == initial_pid)
+ {
+ initial_exit_status = propagate_exit_status (status);
+@@ -647,7 +647,7 @@ do_init (int event_fd, pid_t initial_pid)
+ int res UNUSED;
+
+ val = initial_exit_status + 1;
+- res = TEMP_FAILURE_RETRY (write (event_fd, &val, 8));
++ res = write (event_fd, &val, 8);
+ /* Ignore res, if e.g. the parent died and closed event_fd
+ we don't want to error out here */
+ }
+@@ -1071,10 +1071,10 @@ privileged_op (int privileged_op_socket,
+ if (arg2 != NULL)
+ strcpy ((char *) buffer + arg2_offset, arg2);
+
+- if (TEMP_FAILURE_RETRY (write (privileged_op_socket, buffer, buffer_size)) != (ssize_t)buffer_size)
++ if (write (privileged_op_socket, buffer, buffer_size) != (ssize_t)buffer_size)
+ die ("Can't write to privileged_op_socket");
+
+- if (TEMP_FAILURE_RETRY (read (privileged_op_socket, buffer, 1)) != 1)
++ if (read (privileged_op_socket, buffer, 1) != 1)
+ die ("Can't read from privileged_op_socket");
+
+ return;
+@@ -2824,7 +2824,7 @@ namespace_ids_read (pid_t pid)
+ NsInfo *info;
+
+ dir = xasprintf ("%d/ns", pid);
+- ns_fd = TEMP_FAILURE_RETRY (openat (proc_fd, dir, O_PATH));
++ ns_fd = openat (proc_fd, dir, O_PATH);
+
+ if (ns_fd < 0)
+ die_with_error ("open /proc/%s/ns failed", dir);
+@@ -3046,7 +3046,7 @@ main (int argc,
+
+ /* We need to read stuff from proc during the pivot_root dance, etc.
+ Lets keep a fd to it open */
+- proc_fd = TEMP_FAILURE_RETRY (open ("/proc", O_PATH));
++ proc_fd = open ("/proc", O_PATH);
+ if (proc_fd == -1)
+ die_with_error ("Can't open /proc");
+
+@@ -3213,7 +3213,7 @@ main (int argc,
+
+ /* Let child run now that the uid maps are set up */
+ val = 1;
+- res = TEMP_FAILURE_RETRY (write (child_wait_fd, &val, 8));
++ res = write (child_wait_fd, &val, 8);
+ /* Ignore res, if e.g. the child died and closed child_wait_fd we don't want to error out here */
+ close (child_wait_fd);
+
+@@ -3393,12 +3393,12 @@ main (int argc,
+ op = read_priv_sec_op (unpriv_socket, buffer, sizeof (buffer),
+ &flags, &perms, &size_arg, &arg1, &arg2);
+ privileged_op (-1, op, flags, perms, size_arg, arg1, arg2);
+- if (TEMP_FAILURE_RETRY (write (unpriv_socket, buffer, 1)) != 1)
++ if (write (unpriv_socket, buffer, 1) != 1)
+ die ("Can't write to op_socket");
+ }
+ while (op != PRIV_SEP_OP_DONE);
+
+- TEMP_FAILURE_RETRY (waitpid (child, &status, 0));
++ waitpid (child, &status, 0);
+ /* Continue post setup */
+ }
+ }
+@@ -3422,7 +3422,7 @@ main (int argc,
+ * We're aiming to make /newroot the real root, and get rid of /oldroot. To do
+ * that we need a temporary place to store it before we can unmount it.
+ */
+- { cleanup_fd int oldrootfd = TEMP_FAILURE_RETRY (open ("/", O_DIRECTORY | O_RDONLY));
++ { cleanup_fd int oldrootfd = open ("/", O_DIRECTORY | O_RDONLY);
+ if (oldrootfd < 0)
+ die_with_error ("can't open /");
+ if (chdir ("/newroot") != 0)
+@@ -3470,7 +3470,7 @@ main (int argc,
+ {
+ cleanup_fd int sysctl_fd = -1;
+
+- sysctl_fd = TEMP_FAILURE_RETRY (openat (proc_fd, "sys/user/max_user_namespaces", O_WRONLY));
++ sysctl_fd = openat (proc_fd, "sys/user/max_user_namespaces", O_WRONLY);
+
+ if (sysctl_fd < 0)
+ die_with_error ("cannot open /proc/sys/user/max_user_namespaces");
+diff --git a/network.c b/network.c
+index 373d606..f6d58a6 100644
+--- a/network.c
++++ b/network.c
+@@ -53,8 +53,8 @@ rtnl_send_request (int rtnl_fd,
+ struct sockaddr_nl dst_addr = { AF_NETLINK, 0 };
+ ssize_t sent;
+
+- sent = TEMP_FAILURE_RETRY (sendto (rtnl_fd, (void *) header, header->nlmsg_len, 0,
+- (struct sockaddr *) &dst_addr, sizeof (dst_addr)));
++ sent = sendto (rtnl_fd, (void *) header, header->nlmsg_len, 0,
++ (struct sockaddr *) &dst_addr, sizeof (dst_addr));
+ if (sent < 0)
+ return -1;
+
+@@ -71,7 +71,7 @@ rtnl_read_reply (int rtnl_fd,
+
+ while (1)
+ {
+- received = TEMP_FAILURE_RETRY (recv (rtnl_fd, buffer, sizeof (buffer), 0));
++ received = recv (rtnl_fd, buffer, sizeof (buffer), 0);
+ if (received < 0)
+ return -1;
+
+diff --git a/utils.c b/utils.c
+index 8ab89bb..ffe0a0d 100644
+--- a/utils.c
++++ b/utils.c
+@@ -378,7 +378,7 @@ fdwalk (int proc_fd, int (*cb)(void *data,
+ int res = 0;
+ DIR *d;
+
+- dfd = TEMP_FAILURE_RETRY (openat (proc_fd, "self/fd", O_DIRECTORY | O_RDONLY | O_NONBLOCK | O_CLOEXEC | O_NOCTTY));
++ dfd = openat (proc_fd, "self/fd", O_DIRECTORY | O_RDONLY | O_NONBLOCK | O_CLOEXEC | O_NOCTTY);
+ if (dfd == -1)
+ return res;
+
+@@ -460,7 +460,7 @@ write_file_at (int dfd,
+ bool res;
+ int errsv;
+
+- fd = TEMP_FAILURE_RETRY (openat (dfd, path, O_RDWR | O_CLOEXEC, 0));
++ fd = openat (dfd, path, O_RDWR | O_CLOEXEC, 0);
+ if (fd == -1)
+ return -1;
+
+@@ -485,7 +485,7 @@ create_file (const char *path,
+ int res;
+ int errsv;
+
+- fd = TEMP_FAILURE_RETRY (creat (path, mode));
++ fd = creat (path, mode);
+ if (fd == -1)
+ return -1;
+
+@@ -566,11 +566,11 @@ copy_file (const char *src_path,
+ int res;
+ int errsv;
+
+- sfd = TEMP_FAILURE_RETRY (open (src_path, O_CLOEXEC | O_RDONLY));
++ sfd = open (src_path, O_CLOEXEC | O_RDONLY);
+ if (sfd == -1)
+ return -1;
+
+- dfd = TEMP_FAILURE_RETRY (creat (dst_path, mode));
++ dfd = creat (dst_path, mode);
+ if (dfd == -1)
+ {
+ errsv = errno;
+@@ -647,7 +647,7 @@ load_file_at (int dfd,
+ char *data;
+ int errsv;
+
+- fd = TEMP_FAILURE_RETRY (openat (dfd, path, O_CLOEXEC | O_RDONLY));
++ fd = openat (dfd, path, O_CLOEXEC | O_RDONLY);
+ if (fd == -1)
+ return NULL;
+
+@@ -777,7 +777,7 @@ send_pid_on_socket (int sockfd)
+ cred.gid = getegid ();
+ memcpy (CMSG_DATA (cmsg), &cred, sizeof (cred));
+
+- if (TEMP_FAILURE_RETRY (sendmsg (sockfd, &msg, 0)) < 0)
++ if (sendmsg (sockfd, &msg, 0) < 0)
+ die_with_error ("Can't send pid");
+ }
+
+@@ -807,7 +807,7 @@ read_pid_from_socket (int sockfd)
+ msg.msg_control = control_buf_rcv;
+ msg.msg_controllen = sizeof (control_buf_rcv);
+
+- if (TEMP_FAILURE_RETRY (recvmsg (sockfd, &msg, 0)) < 0)
++ if (recvmsg (sockfd, &msg, 0) < 0)
+ die_with_error ("Can't read pid from socket");
+
+ if (msg.msg_controllen <= 0)
+--
+2.44.0
+
diff --git a/pkg/bubblewrap/patch/0005-Remove-unnecessary-TEMP_FAILURE_RETRY.patch b/pkg/bubblewrap/patch/0005-Remove-unnecessary-TEMP_FAILURE_RETRY.patch
@@ -0,0 +1,65 @@
+From cd531eb41821e239f3776295c5a2a4e14bbda2a7 Mon Sep 17 00:00:00 2001
+From: Michael Forney <mforney@mforney.org>
+Date: Sun, 2 Feb 2025 01:40:38 -0800
+Subject: [PATCH] Remove unnecessary TEMP_FAILURE_RETRY
+
+bwrap doesn't use signal handlers.
+---
+ bubblewrap.c | 6 +++---
+ utils.h | 9 ---------
+ 2 files changed, 3 insertions(+), 12 deletions(-)
+
+diff --git a/bubblewrap.c b/bubblewrap.c
+index 4848713..c593436 100644
+--- a/bubblewrap.c
++++ b/bubblewrap.c
+@@ -479,7 +479,7 @@ report_child_exit_status (int exitc, int setup_finished_fd)
+ if (opt_json_status_fd == -1 || setup_finished_fd == -1)
+ return;
+
+- s = TEMP_FAILURE_RETRY (read (setup_finished_fd, data, sizeof data));
++ s = read (setup_finished_fd, data, sizeof data);
+ if (s == -1 && errno != EAGAIN)
+ die_with_error ("read eventfd");
+ if (s != 1) // Is 0 if pipe closed before exec, is 2 if closed after exec.
+@@ -3207,7 +3207,7 @@ main (int argc,
+ if (opt_userns_block_fd != -1)
+ {
+ char b[1];
+- (void) TEMP_FAILURE_RETRY (read (opt_userns_block_fd, b, 1));
++ read (opt_userns_block_fd, b, 1);
+ close (opt_userns_block_fd);
+ }
+
+@@ -3505,7 +3505,7 @@ main (int argc,
+ if (opt_block_fd != -1)
+ {
+ char b[1];
+- (void) TEMP_FAILURE_RETRY (read (opt_block_fd, b, 1));
++ read (opt_block_fd, b, 1);
+ close (opt_block_fd);
+ }
+
+diff --git a/utils.h b/utils.h
+index 079fe7c..bea4e9d 100644
+--- a/utils.h
++++ b/utils.h
+@@ -43,15 +43,6 @@
+
+ #define N_ELEMENTS(arr) (sizeof (arr) / sizeof ((arr)[0]))
+
+-#ifndef TEMP_FAILURE_RETRY
+-#define TEMP_FAILURE_RETRY(expression) \
+- (__extension__ \
+- ({ long int __result; \
+- do __result = (long int) (expression); \
+- while (__result == -1L && errno == EINTR); \
+- __result; }))
+-#endif
+-
+ #define PIPE_READ_END 0
+ #define PIPE_WRITE_END 1
+
+--
+2.44.0
+
diff --git a/pkg/bubblewrap/ver b/pkg/bubblewrap/ver
@@ -1 +1 @@
-0.8.0 r1
+0.11.0 r0
