[bitnami/nessie] Release 0.107.9-debian-12-r0 (#94389)

Signed-off-by: Bitnami Bot <bitnami.bot@broadcom.com>

Author: bitnami-bot

bitnami/nessie/0/debian-12/Dockerfile

@@ -8,13 +8,13 @@ ARG JAVA_EXTRA_SECURITY_DIR="/bitnami/java/extra-security"
 ARG TARGETARCH
 
 LABEL org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \
-      org.opencontainers.image.created="2026-05-27T11:15:58Z" \
+      org.opencontainers.image.created="2026-06-05T15:05:37Z" \
       org.opencontainers.image.description="Application packaged by Broadcom, Inc." \
       org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/nessie/README.md" \
       org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/nessie" \
       org.opencontainers.image.title="nessie" \
       org.opencontainers.image.vendor="Broadcom, Inc." \
-      org.opencontainers.image.version="0.107.6"
+      org.opencontainers.image.version="0.107.9"
 
 ENV HOME="/" \
     OS_ARCH="${TARGETARCH:-amd64}" \
@@ -30,7 +30,7 @@ RUN --mount=type=secret,id=downloads_url,env=SECRET_DOWNLOADS_URL \
     mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ || exit 1 ; \
     COMPONENTS=( \
       "jre-21.0.11-11-1-linux-${OS_ARCH}-debian-12" \
-      "nessie-0.107.6-0-linux-${OS_ARCH}-debian-12" \
+      "nessie-0.107.9-0-linux-${OS_ARCH}-debian-12" \
     ) ; \
     for COMPONENT in "${COMPONENTS[@]}"; do \
       if [ ! -f "${COMPONENT}.tar.gz" ]; then \
@@ -49,7 +49,7 @@ RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true
 
 COPY rootfs /
 RUN /opt/bitnami/scripts/java/postunpack.sh
-ENV APP_VERSION="0.107.6" \
+ENV APP_VERSION="0.107.9" \
     BITNAMI_APP_NAME="nessie" \
     IMAGE_REVISION="0" \
     JAVA_HOME="/opt/bitnami/java" \

bitnami/nessie/0/debian-12/prebuildfs/opt/bitnami/checksums/nessie-0.107.6-0-linux-amd64-debian-12.tar.gz.sha256

@@ -0,0 +1 @@
+d7c3e1c7d8563adb8519912403bb7dce1a38c473c86847b82be85f85706a9367  nessie-0.107.9-0-linux-amd64-debian-12.tar.gz

bitnami/nessie/0/debian-12/prebuildfs/opt/bitnami/checksums/nessie-0.107.6-0-linux-arm64-debian-12.tar.gz.sha256

@@ -0,0 +1 @@
+8108046d1fd07f6a0bdf1bbedf0d934d1527dc2614577af81f72ef70e902e9c5  nessie-0.107.9-0-linux-arm64-debian-12.tar.gz

bitnami/nessie/0/debian-12/prebuildfs/opt/bitnami/checksums/nessie-0.107.9-0-linux-amd64-debian-12.tar.gz.sha256

@@ -131,6 +131,7 @@ relativize() {
 #   -d|--dir-mode - mode for files.
 #   -u|--user - user
 #   -g|--group - group
+#   -n|--no-dereference - do not follow symlinks (use for runtime root chown of daemon-writable dirs)
 # Returns:
 #   None
 #########################
@@ -140,6 +141,7 @@ configure_permissions_ownership() {
     local file_mode=""
     local user=""
     local group=""
+    local follow_symlinks="yes"
 
     # Validate arguments
     shift 1
@@ -161,6 +163,9 @@ configure_permissions_ownership() {
             shift
             group="${1:?missing group}"
             ;;
+        -n | --no-dereference)
+            follow_symlinks="no"
+            ;;
         *)
             echo "Invalid command line flag $1" >&2
             return 1
@@ -169,22 +174,29 @@ configure_permissions_ownership() {
         shift
     done
 
+    # -L: follow symlinks and emits the target path
+    # This is dangerous at runtime, given a co-located lower-privileged process with write access
+    # to the target path can redirect the chown/chmod to arbitrary paths. Example:
+    # Lower-privileged process run: ln -s /etc /tmp/etc
+    # Then, setup.sh runs: configure_permissions_ownership --dir-mode 775 /tmp
+    local find_L_flag=(); [[ "$follow_symlinks" == "yes" ]] && find_L_flag=("-L")
+    # -h: changes symlink inode ownership without touching the target.
+    local chown_flags=(); [[ "$follow_symlinks" == "no" ]] && chown_flags=("-h")
     read -r -a filepaths <<<"$paths"
     for p in "${filepaths[@]}"; do
         if [[ -e "$p" ]]; then
-            find -L "$p" -printf ""
             if [[ -n $dir_mode ]]; then
-                find -L "$p" -type d ! -perm "$dir_mode" -print0 | xargs -r -0 chmod "$dir_mode"
+                find "${find_L_flag[@]}" "$p" -not -type l -type d ! -perm "$dir_mode" -print0 | xargs -r -0 chmod "$dir_mode"
             fi
             if [[ -n $file_mode ]]; then
-                find -L "$p" -type f ! -perm "$file_mode" -print0 | xargs -r -0 chmod "$file_mode"
+                find "${find_L_flag[@]}" "$p" -not -type l -type f ! -perm "$file_mode" -print0 | xargs -r -0 chmod "$file_mode"
             fi
             if [[ -n $user ]] && [[ -n $group ]]; then
-                find -L "$p" -print0 | xargs -r -0 chown "${user}:${group}"
+                find "${find_L_flag[@]}" "$p" -print0 | xargs -r -0 chown "${chown_flags[@]}" "${user}:${group}"
             elif [[ -n $user ]] && [[ -z $group ]]; then
-                find -L "$p" -print0 | xargs -r -0 chown "${user}"
+                find "${find_L_flag[@]}" "$p" -print0 | xargs -r -0 chown "${chown_flags[@]}" "${user}"
             elif [[ -z $user ]] && [[ -n $group ]]; then
-                find -L "$p" -print0 | xargs -r -0 chgrp "${group}"
+                find "${find_L_flag[@]}" "$p" -print0 | xargs -r -0 chgrp "${chown_flags[@]}" "${group}"
             fi
         else
             stderr_print "$p does not exist"

bitnami/nessie/0/debian-12/prebuildfs/opt/bitnami/checksums/nessie-0.107.9-0-linux-arm64-debian-12.tar.gz.sha256

@@ -170,7 +170,7 @@ ensure_user_exists() {
     if [[ -n "$home" ]]; then
         mkdir -p "$home"
         usermod -d "$home" "$user" >/dev/null 2>&1
-        configure_permissions_ownership "$home" -d "775" -f "664" -u "$user" -g "$group"
+        configure_permissions_ownership "$home" -d "775" -f "664" -u "$user" -g "$group" -n
     fi
 }
 

bitnami/nessie/0/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh

@@ -20,7 +20,7 @@
 #########################
 is_int() {
     local -r int="${1:?missing value}"
-    if [[ "$int" =~ ^-?[0-9]+ ]]; then
+    if [[ "$int" =~ ^-?[0-9]+$ ]]; then
         true
     else
         false

bitnami/nessie/0/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh

@@ -49,3 +49,36 @@ get_sematic_version () {
         fi
     fi
 }
+
+########################
+# Compares two semantic versions
+# Arguments:
+#   $1 - version1: first version to compare
+#   $2 - version2: second version to compare
+# Returns:
+#   -1 if version1 is less than version2
+#   0 if version1 is equal to version2
+#   1 if version1 is greater than version2
+#########################
+compare_semantic_versions() {
+    local version1="${1:?version1 is required}"
+    local version2="${2:?version2 is required}"
+    local major1 major2 minor1 minor2 patch1 patch2
+
+    major1="$(get_sematic_version "$version1" 1)"
+    major2="$(get_sematic_version "$version2" 1)"
+    minor1="$(get_sematic_version "$version1" 2)"
+    minor2="$(get_sematic_version "$version2" 2)"
+    patch1="$(get_sematic_version "$version1" 3)"
+    patch2="$(get_sematic_version "$version2" 3)"
+
+    if [[ "$major1" -eq "$major2" ]] && [[ "$minor1" -eq "$minor2" ]] && [[ "$patch1" -eq "$patch2" ]]; then
+        echo "0"
+    elif [[ "$major1" -lt "$major2" ]] ||
+      { [[ "$major1" -eq "$major2" ]] && [[ "$minor1" -lt "$minor2" ]]; } ||
+      { [[ "$major1" -eq "$major2" ]] && [[ "$minor1" -eq "$minor2" ]] && [[ "$patch1" -lt "$patch2" ]]; }; then
+        echo "-1"
+    else
+        echo "1"
+    fi
+}