diff options
author | netblue30 <netblue30@yahoo.com> | 2019-05-26 11:25:38 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2019-05-26 11:25:38 -0400 |
commit | b14f223a62399d73eec4d9c27d5a4cbb295b4d89 (patch) | |
tree | d0efa7dc2b59d3e19d8b64ed68bbd26759bb0edd | |
parent | Merge pull request #2724 from netblue30/Fred-Barclay-securityinfo (diff) | |
download | firejail-b14f223a62399d73eec4d9c27d5a4cbb295b4d89.tar.gz firejail-b14f223a62399d73eec4d9c27d5a4cbb295b4d89.tar.zst firejail-b14f223a62399d73eec4d9c27d5a4cbb295b4d89.zip |
0.9.60 testing
-rw-r--r-- | README | 10 | ||||
-rw-r--r-- | RELNOTES | 16 | ||||
-rwxr-xr-x | configure | 18 | ||||
-rw-r--r-- | configure.ac | 2 | ||||
-rw-r--r-- | etc/orage.profile | 2 | ||||
-rwxr-xr-x | test/private-lib/private-lib.sh | 2 |
6 files changed, 33 insertions, 17 deletions
@@ -179,6 +179,8 @@ curiosity-seeker (https://github.com/curiosity-seeker) | |||
179 | - write-protection for thumbnailer dir | 179 | - write-protection for thumbnailer dir |
180 | - added gramps, newsboat, freeoffice-planmaker profiles | 180 | - added gramps, newsboat, freeoffice-planmaker profiles |
181 | - added freeoffice-textmaker, freeoffice-presentations profiles | 181 | - added freeoffice-textmaker, freeoffice-presentations profiles |
182 | - added cantata profile | ||
183 | - updated keypassxc profile | ||
182 | da2x (https://github.com/da2x) | 184 | da2x (https://github.com/da2x) |
183 | - matched RPM license tag | 185 | - matched RPM license tag |
184 | Daan Bakker (https://github.com/dbakker) | 186 | Daan Bakker (https://github.com/dbakker) |
@@ -307,6 +309,8 @@ greigdp (https://github.com/greigdp) | |||
307 | - fixed spotify profile | 309 | - fixed spotify profile |
308 | - added Slack profile | 310 | - added Slack profile |
309 | - add Spotify profile | 311 | - add Spotify profile |
312 | grizzlyuser (https://github.com/grizzlyuser) | ||
313 | - added support for youtube-dl in smplayer profile | ||
310 | GSI (https://github.com/GSI) | 314 | GSI (https://github.com/GSI) |
311 | - added Uzbl browser profile | 315 | - added Uzbl browser profile |
312 | hamzadis (https://github.com/hamzadis) | 316 | hamzadis (https://github.com/hamzadis) |
@@ -356,6 +360,7 @@ Jean Lucas (https://github.com/flacks) | |||
356 | - fix wire profile | 360 | - fix wire profile |
357 | - add Beaker profile | 361 | - add Beaker profile |
358 | - fixes for gnome-music | 362 | - fixes for gnome-music |
363 | - allow reading of system-wide Flatpak locale in gajim profile | ||
359 | Jericho (https://github.com/attritionorg) | 364 | Jericho (https://github.com/attritionorg) |
360 | - spelling | 365 | - spelling |
361 | Jesse Smith (https://github.com/slicer69) | 366 | Jesse Smith (https://github.com/slicer69) |
@@ -372,7 +377,7 @@ Jonas Heinrich (https://github.com/onny) | |||
372 | - added signal-desktop profile | 377 | - added signal-desktop profile |
373 | - fixed franz profile | 378 | - fixed franz profile |
374 | Jose Riha (https://github.com/jose1711) | 379 | Jose Riha (https://github.com/jose1711) |
375 | - added meteo-qt profile | 380 | - added meteo-qt profile |
376 | jrabe (https://github.com/jrabe) | 381 | jrabe (https://github.com/jrabe) |
377 | - disallow access to kdbx files | 382 | - disallow access to kdbx files |
378 | - Epiphany profile | 383 | - Epiphany profile |
@@ -521,6 +526,7 @@ pwnage-pineapple (https://github.com/pwnage-pineapple) | |||
521 | Quentin Minster (https://github.com/laomaiweng) | 526 | Quentin Minster (https://github.com/laomaiweng) |
522 | - propagate --quiet to children Firejail'ed processes | 527 | - propagate --quiet to children Firejail'ed processes |
523 | - nodbus enhancements/bugfixes | 528 | - nodbus enhancements/bugfixes |
529 | - added vim syntax and ftdetect files | ||
524 | Rafael Cavalcanti (https://github.com/rccavalcanti) | 530 | Rafael Cavalcanti (https://github.com/rccavalcanti) |
525 | - chromium profile fixes for Arch Linux | 531 | - chromium profile fixes for Arch Linux |
526 | Rahiel Kasim (https://github.com/rahiel) | 532 | Rahiel Kasim (https://github.com/rahiel) |
@@ -761,6 +767,8 @@ veloute (https://github.com/veloute) | |||
761 | - add anki profile | 767 | - add anki profile |
762 | Vincent43 (https://github.com/Vincent43) | 768 | Vincent43 (https://github.com/Vincent43) |
763 | - apparmor enhancements | 769 | - apparmor enhancements |
770 | Vincent Blillault (https://github.com/Feandil) | ||
771 | - fix mumble profile | ||
764 | vismir2 (https://github.com/vismir2) | 772 | vismir2 (https://github.com/vismir2) |
765 | - feh, ranger, 7z, keepass, keepassx and zathura profiles | 773 | - feh, ranger, 7z, keepass, keepassx and zathura profiles |
766 | - claws-mail, mutt, git, emacs, vim profiles | 774 | - claws-mail, mutt, git, emacs, vim profiles |
@@ -1,4 +1,14 @@ | |||
1 | firejail (0.9.60~rc2) baseline; urgency=low | 1 | firejail (0.9.60) baseline; urgency=low |
2 | * security bug reported by Austin Morton: | ||
3 | Seccomp filters are copied into /run/firejail/mnt, and are writable | ||
4 | within the jail. A malicious process can modify files from inside the | ||
5 | jail. Processes that are later joined to the jail will not have seccomp | ||
6 | filters applied. | ||
7 | * memory-deny-write-execute now also blocks memfd_create | ||
8 | * add private-cwd option to control working directory within jail | ||
9 | * blocking system D-Bus socket with --nodbus | ||
10 | * bringing back Centos 6 support | ||
11 | * drop support for flatpak/snap packages | ||
2 | * new profiles: crow, nyx, mypaint, celluoid, nano, transgui, mpdris2 | 12 | * new profiles: crow, nyx, mypaint, celluoid, nano, transgui, mpdris2 |
3 | * new profiles: sysprof, simplescreenrecorder, geekbench, xfce4-mixer | 13 | * new profiles: sysprof, simplescreenrecorder, geekbench, xfce4-mixer |
4 | * new profiles: pavucontrol, d-feet, seahorse, secret-tool, gnome-keyring | 14 | * new profiles: pavucontrol, d-feet, seahorse, secret-tool, gnome-keyring |
@@ -16,9 +26,7 @@ firejail (0.9.60~rc2) baseline; urgency=low | |||
16 | * new profiles: autokey-gtk, autokey-qt, autokey-run, autokey-shell | 26 | * new profiles: autokey-gtk, autokey-qt, autokey-run, autokey-shell |
17 | * new profiles: freeoffice-presentations, freeoffice-textmaker, mp3wrap | 27 | * new profiles: freeoffice-presentations, freeoffice-textmaker, mp3wrap |
18 | * new profiles: inkview, meteo-qt, mp3splt-gtk, ktouch, yelp | 28 | * new profiles: inkview, meteo-qt, mp3splt-gtk, ktouch, yelp |
19 | * memory-deny-write-execute now also blocks memfd_create | 29 | -- netblue30 <netblue30@yahoo.com> Sun, 26 May 2019 08:00:00 -0500 |
20 | * drop support for flatpak/snap packages | ||
21 | -- netblue30 <netblue30@yahoo.com> Sun, 21 Apr 2019 08:00:00 -0500 | ||
22 | 30 | ||
23 | firejail (0.9.58,2) baseline; urgency=low | 31 | firejail (0.9.58,2) baseline; urgency=low |
24 | * cgroup flag in /etc/firejail/firejail.config file | 32 | * cgroup flag in /etc/firejail/firejail.config file |
@@ -1,6 +1,6 @@ | |||
1 | #! /bin/sh | 1 | #! /bin/sh |
2 | # Guess values for system-dependent variables and create Makefiles. | 2 | # Guess values for system-dependent variables and create Makefiles. |
3 | # Generated by GNU Autoconf 2.69 for firejail 0.9.60~rc2. | 3 | # Generated by GNU Autoconf 2.69 for firejail 0.9.60. |
4 | # | 4 | # |
5 | # Report bugs to <netblue30@yahoo.com>. | 5 | # Report bugs to <netblue30@yahoo.com>. |
6 | # | 6 | # |
@@ -580,8 +580,8 @@ MAKEFLAGS= | |||
580 | # Identity of this package. | 580 | # Identity of this package. |
581 | PACKAGE_NAME='firejail' | 581 | PACKAGE_NAME='firejail' |
582 | PACKAGE_TARNAME='firejail' | 582 | PACKAGE_TARNAME='firejail' |
583 | PACKAGE_VERSION='0.9.60~rc2' | 583 | PACKAGE_VERSION='0.9.60' |
584 | PACKAGE_STRING='firejail 0.9.60~rc2' | 584 | PACKAGE_STRING='firejail 0.9.60' |
585 | PACKAGE_BUGREPORT='netblue30@yahoo.com' | 585 | PACKAGE_BUGREPORT='netblue30@yahoo.com' |
586 | PACKAGE_URL='https://firejail.wordpress.com' | 586 | PACKAGE_URL='https://firejail.wordpress.com' |
587 | 587 | ||
@@ -1275,7 +1275,7 @@ if test "$ac_init_help" = "long"; then | |||
1275 | # Omit some internal or obsolete options to make the list less imposing. | 1275 | # Omit some internal or obsolete options to make the list less imposing. |
1276 | # This message is too long to be a string in the A/UX 3.1 sh. | 1276 | # This message is too long to be a string in the A/UX 3.1 sh. |
1277 | cat <<_ACEOF | 1277 | cat <<_ACEOF |
1278 | \`configure' configures firejail 0.9.60~rc2 to adapt to many kinds of systems. | 1278 | \`configure' configures firejail 0.9.60 to adapt to many kinds of systems. |
1279 | 1279 | ||
1280 | Usage: $0 [OPTION]... [VAR=VALUE]... | 1280 | Usage: $0 [OPTION]... [VAR=VALUE]... |
1281 | 1281 | ||
@@ -1337,7 +1337,7 @@ fi | |||
1337 | 1337 | ||
1338 | if test -n "$ac_init_help"; then | 1338 | if test -n "$ac_init_help"; then |
1339 | case $ac_init_help in | 1339 | case $ac_init_help in |
1340 | short | recursive ) echo "Configuration of firejail 0.9.60~rc2:";; | 1340 | short | recursive ) echo "Configuration of firejail 0.9.60:";; |
1341 | esac | 1341 | esac |
1342 | cat <<\_ACEOF | 1342 | cat <<\_ACEOF |
1343 | 1343 | ||
@@ -1442,7 +1442,7 @@ fi | |||
1442 | test -n "$ac_init_help" && exit $ac_status | 1442 | test -n "$ac_init_help" && exit $ac_status |
1443 | if $ac_init_version; then | 1443 | if $ac_init_version; then |
1444 | cat <<\_ACEOF | 1444 | cat <<\_ACEOF |
1445 | firejail configure 0.9.60~rc2 | 1445 | firejail configure 0.9.60 |
1446 | generated by GNU Autoconf 2.69 | 1446 | generated by GNU Autoconf 2.69 |
1447 | 1447 | ||
1448 | Copyright (C) 2012 Free Software Foundation, Inc. | 1448 | Copyright (C) 2012 Free Software Foundation, Inc. |
@@ -1744,7 +1744,7 @@ cat >config.log <<_ACEOF | |||
1744 | This file contains any messages produced by compilers while | 1744 | This file contains any messages produced by compilers while |
1745 | running configure, to aid debugging if configure makes a mistake. | 1745 | running configure, to aid debugging if configure makes a mistake. |
1746 | 1746 | ||
1747 | It was created by firejail $as_me 0.9.60~rc2, which was | 1747 | It was created by firejail $as_me 0.9.60, which was |
1748 | generated by GNU Autoconf 2.69. Invocation command line was | 1748 | generated by GNU Autoconf 2.69. Invocation command line was |
1749 | 1749 | ||
1750 | $ $0 $@ | 1750 | $ $0 $@ |
@@ -4379,7 +4379,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 | |||
4379 | # report actual input values of CONFIG_FILES etc. instead of their | 4379 | # report actual input values of CONFIG_FILES etc. instead of their |
4380 | # values after options handling. | 4380 | # values after options handling. |
4381 | ac_log=" | 4381 | ac_log=" |
4382 | This file was extended by firejail $as_me 0.9.60~rc2, which was | 4382 | This file was extended by firejail $as_me 0.9.60, which was |
4383 | generated by GNU Autoconf 2.69. Invocation command line was | 4383 | generated by GNU Autoconf 2.69. Invocation command line was |
4384 | 4384 | ||
4385 | CONFIG_FILES = $CONFIG_FILES | 4385 | CONFIG_FILES = $CONFIG_FILES |
@@ -4433,7 +4433,7 @@ _ACEOF | |||
4433 | cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 | 4433 | cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 |
4434 | ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" | 4434 | ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" |
4435 | ac_cs_version="\\ | 4435 | ac_cs_version="\\ |
4436 | firejail config.status 0.9.60~rc2 | 4436 | firejail config.status 0.9.60 |
4437 | configured by $0, generated by GNU Autoconf 2.69, | 4437 | configured by $0, generated by GNU Autoconf 2.69, |
4438 | with options \\"\$ac_cs_config\\" | 4438 | with options \\"\$ac_cs_config\\" |
4439 | 4439 | ||
diff --git a/configure.ac b/configure.ac index 4d0b847f5..60c9dae9c 100644 --- a/configure.ac +++ b/configure.ac | |||
@@ -1,5 +1,5 @@ | |||
1 | AC_PREREQ([2.68]) | 1 | AC_PREREQ([2.68]) |
2 | AC_INIT(firejail, 0.9.60~rc2, netblue30@yahoo.com, , https://firejail.wordpress.com) | 2 | AC_INIT(firejail, 0.9.60, netblue30@yahoo.com, , https://firejail.wordpress.com) |
3 | AC_CONFIG_SRCDIR([src/firejail/main.c]) | 3 | AC_CONFIG_SRCDIR([src/firejail/main.c]) |
4 | #AC_CONFIG_HEADERS([config.h]) | 4 | #AC_CONFIG_HEADERS([config.h]) |
5 | 5 | ||
diff --git a/etc/orage.profile b/etc/orage.profile index 2c55ab909..4e12892d6 100644 --- a/etc/orage.profile +++ b/etc/orage.profile | |||
@@ -24,7 +24,7 @@ nodvd | |||
24 | nogroups | 24 | nogroups |
25 | nonewprivs | 25 | nonewprivs |
26 | noroot | 26 | noroot |
27 | nosound | 27 | # nosound - calendar application, It must be able to play sound to wake you up. |
28 | notv | 28 | notv |
29 | nou2f | 29 | nou2f |
30 | novideo | 30 | novideo |
diff --git a/test/private-lib/private-lib.sh b/test/private-lib/private-lib.sh index 5e9d75379..79913fed6 100755 --- a/test/private-lib/private-lib.sh +++ b/test/private-lib/private-lib.sh | |||
@@ -5,7 +5,7 @@ | |||
5 | 5 | ||
6 | export MALLOC_CHECK_=3g | 6 | export MALLOC_CHECK_=3g |
7 | export MALLOC_PERTURB_=$(($RANDOM % 255 + 1)) | 7 | export MALLOC_PERTURB_=$(($RANDOM % 255 + 1)) |
8 | LIST="gnome-logs gnome-system-log gnome-nettool pavucontrol dig whois evince galculator gnome-calculator gedit leafpad mousepad pluma transmission-gtk xcalc atril gpicview eom eog" | 8 | LIST="gnome-logs gnome-system-log gnome-nettool pavucontrol dig evince whois galculator gnome-calculator gedit leafpad mousepad pluma transmission-gtk xcalc atril gpicview eom eog" |
9 | 9 | ||
10 | 10 | ||
11 | for app in $LIST; do | 11 | for app in $LIST; do |