diff options
author | netblue30 <netblue30@yahoo.com> | 2017-04-06 08:42:24 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2017-04-06 08:42:24 -0400 |
commit | e01768531600e950252f372b85b0b66caf46b8da (patch) | |
tree | bd3f25548a175dae897cf20b69ab082ec386cd0a | |
parent | doc update for merge (diff) | |
download | firejail-e01768531600e950252f372b85b0b66caf46b8da.tar.gz firejail-e01768531600e950252f372b85b0b66caf46b8da.tar.zst firejail-e01768531600e950252f372b85b0b66caf46b8da.zip |
RELNOTES update
-rw-r--r-- | RELNOTES | 112 |
1 files changed, 102 insertions, 10 deletions
@@ -1,18 +1,8 @@ | |||
1 | firejail (0.9.45) baseline; urgency=low | 1 | firejail (0.9.45) baseline; urgency=low |
2 | * development version, work in progress | 2 | * development version, work in progress |
3 | * Gentoo compile patch | ||
4 | * security: --bandwidth root shell found by Martin Carpenter (CVE-2017-5207) | ||
5 | * security: disabled --allow-debuggers when running on kernel | ||
6 | versions prior to 4.8; a kernel bug in ptrace system call | ||
7 | allows a full bypass of seccomp filter; problem reported by Lizzie Dixon | ||
8 | (CVE-2017-5206) | ||
9 | * security: overwrite /etc/resolv.conf found by Martin Carpenter (CVE-2016-10118) | ||
10 | * security: TOCTOU exploit for --get and --put found by Daniel Hodson | ||
11 | * security: invalid environment exploit found by Martin Carpenter (CVE-2016-10122) | ||
12 | * security: split most of networking code in a separate executable | 3 | * security: split most of networking code in a separate executable |
13 | * security: split seccomp filter code configuration in a separate executable | 4 | * security: split seccomp filter code configuration in a separate executable |
14 | * security: split file copying in private option in a separate executable | 5 | * security: split file copying in private option in a separate executable |
15 | * security: root exploit found by Sebastian Krahmer (CVE-2017-5180) | ||
16 | * feature: disable gnupg and systemd directories under /run/user | 6 | * feature: disable gnupg and systemd directories under /run/user |
17 | * feature: test coverage (gcov) support | 7 | * feature: test coverage (gcov) support |
18 | * feature: allow root user access to /dev/shm (--noblacklist=/dev/shm) | 8 | * feature: allow root user access to /dev/shm (--noblacklist=/dev/shm) |
@@ -46,6 +36,77 @@ firejail (0.9.45) baseline; urgency=low | |||
46 | * bugfixes | 36 | * bugfixes |
47 | -- netblue30 <netblue30@yahoo.com> Sun, 23 Oct 2016 08:00:00 -0500 | 37 | -- netblue30 <netblue30@yahoo.com> Sun, 23 Oct 2016 08:00:00 -0500 |
48 | 38 | ||
39 | firejail (0.9.44.10) baseline; urgency=low | ||
40 | * security: when using --x11=xorg and --net, incorrect processing of | ||
41 | the return code of /usr/bin/xauth could end up in starting the | ||
42 | sandbox without X11 security extension installed. Problem found/fixed | ||
43 | by Zack Weinberg | ||
44 | * bugfix: ~/.pki directory whitelisted and later blacklisted. This affects | ||
45 | most browsers, and disables the custom certificates installed by the user | ||
46 | * bugfix: firecfg config fix | ||
47 | * bugfix: gajim security profile fix | ||
48 | * bugfix: man page fix | ||
49 | * bugfix: force-nonewprivs fix for /etc/firejail/firejail.config | ||
50 | * bugfix: xephyr-extra-params fix for /etc/firejail/firejail.config | ||
51 | * bugfix: memory corruption in noblacklist processing | ||
52 | * bugfix: --quiet fix for Arch and Fedora systems | ||
53 | * bugfix: updated Keepass(x) profiles | ||
54 | * bugfix: firemon --nowrap problem | ||
55 | * bugfix: document firemon --nowrap in man page and in --help option | ||
56 | * bugfix: bash completion for --noblacklist command | ||
57 | * bugfix: vlc profile fix | ||
58 | * bugfix: fixed handling of .local profile files when the software is | ||
59 | installed in ~/.local directory | ||
60 | * bugfix: temporarily remove private-tmp from all profiles, until a fix for | ||
61 | .Xauthority file handling in KDE becomes available | ||
62 | * maintenance: --output cleanup | ||
63 | * maintenance: updated copyright statement in all files | ||
64 | -- netblue30 <netblue30@yahoo.com> Sat, 18 Mar 2017 10:00:00 -0500 | ||
65 | |||
66 | firejail (0.9.44.8) baseline; urgency=low | ||
67 | * bugfix: fix broken PulseAudio support | ||
68 | -- netblue30 <netblue30@yahoo.com> Wed, 18 Jan 2017 10:00:00 -0500 | ||
69 | |||
70 | firejail (0.9.44.6) baseline; urgency=low | ||
71 | * security: new fix for CVE-2017-5180 reported by Sebastian Krahmer last week, | ||
72 | new CVE code assigned after release: CVE-2017-5940 | ||
73 | * security: major cleanup of file copying code | ||
74 | * security: tightening the rules for --chroot and --overlay features | ||
75 | * bugfix: ported Gentoo compile patch | ||
76 | * bugfix: Nvidia drivers bug in --private-dev | ||
77 | * bugfix: fix ASSERT_PERMS_FD macro | ||
78 | * feature: allow local customization using .local files under /etc/firejail | ||
79 | backported from our development branch | ||
80 | * feature: spoof machine-id backported from our development branch | ||
81 | -- netblue30 <netblue30@yahoo.com> Sun, 15 Jan 2017 10:00:00 -0500 | ||
82 | |||
83 | firejail (0.9.44.4) baseline; urgency=low | ||
84 | * security: --bandwidth root shell found by Martin Carpenter (CVE-2017-5207) | ||
85 | * security: disabled --allow-debuggers when running on kernel | ||
86 | versions prior to 4.8; a kernel bug in ptrace system call | ||
87 | allows a full bypass of seccomp filter; problem reported by Lizzie Dixon | ||
88 | (CVE-2017-5206) | ||
89 | * security: root exploit found by Sebastian Krahmer (CVE-2017-5180) | ||
90 | -- netblue30 <netblue30@yahoo.com> Sat, 7 Jan 2017 10:00:00 -0500 | ||
91 | |||
92 | firejail (0.9.44.2) baseline; urgency=low | ||
93 | * security: overwrite /etc/resolv.conf found by Martin Carpenter (CVE-2016-10118) | ||
94 | * secuirty: TOCTOU exploit for --get and --put found by Daniel Hodson | ||
95 | * security: invalid environment exploit found by Martin Carpenter (CVE-2016-10122) | ||
96 | * security: several security enhancements | ||
97 | * bugfix: crashing VLC by pressing Ctrl-O | ||
98 | * bugfix: use user configured icons in KDE | ||
99 | * bugfix: mkdir and mkfile are not applied to private directories | ||
100 | * bugfix: cannot open files on Deluge running under KDE | ||
101 | * bugfix: --private=dir where dir is the user home directory | ||
102 | * bugfix: cannot start Vivaldi browser | ||
103 | * bugfix: cannot start mupdf | ||
104 | * bugfix: ssh profile problems | ||
105 | * bugfix: --quiet | ||
106 | * bugfix: quiet in git profile | ||
107 | * bugfix: memory corruption | ||
108 | -- netblue30 <netblue30@yahoo.com> Fri, 2 Dec 2016 08:00:00 -0500 | ||
109 | |||
49 | firejail (0.9.44) baseline; urgency=low | 110 | firejail (0.9.44) baseline; urgency=low |
50 | * CVE-2016-9016 submitted by Aleksey Manevich | 111 | * CVE-2016-9016 submitted by Aleksey Manevich |
51 | * modifs: removed man firejail-config | 112 | * modifs: removed man firejail-config |
@@ -154,6 +215,37 @@ firejail (0.9.40) baseline; urgency=low | |||
154 | * bugfixes | 215 | * bugfixes |
155 | -- netblue30 <netblue30@yahoo.com> Sun, 29 May 2016 08:00:00 -0500 | 216 | -- netblue30 <netblue30@yahoo.com> Sun, 29 May 2016 08:00:00 -0500 |
156 | 217 | ||
218 | firejail (0.9.38.10) baseline; urgency=low | ||
219 | * security: new fix for CVE-2017-5180 reported by Sebastian Krahmer last week | ||
220 | new CVE code assigned after release: CVE-2017-5940 | ||
221 | * security: tightening the rules for --chroot | ||
222 | * bugfix: ported Gentoo compile patch | ||
223 | * bugfix: fix ASSERT_PERMS_FD macro | ||
224 | -- netblue30 <netblue30@yahoo.com> Sun, 15 Jan 2017 10:00:00 -0500 | ||
225 | |||
226 | firejail (0.9.38.8) baseline; urgency=low | ||
227 | * security: root exploit found by Sebastian Krahmer (CVE-2017-5180) | ||
228 | -- netblue30 <netblue30@yahoo.com> Sat, 7 Jan 2017 10:00:00 -0500 | ||
229 | |||
230 | firejail (0.9.38.6) baseline; urgency=low | ||
231 | * security: overwrite /etc/resolv.conf found by Martin Carpenter (CVE-2016-10118) | ||
232 | * bugfix: crashing VLC by pressing Ctrl-O | ||
233 | -- netblue30 <netblue30@yahoo.com> Fri, 16 Dec 2016 10:00:00 -0500 | ||
234 | |||
235 | firejail (0.9.38.4) baseline; urgency=low | ||
236 | * CVE-2016-7545 submitted by Aleksey Manevich | ||
237 | * bugfixes | ||
238 | -- netblue30 <netblue30@yahoo.com> Mon, 10 Oct 2016 10:00:00 -0500 | ||
239 | |||
240 | firejail (0.9.38.2) baseline; urgency=low | ||
241 | * security: --whitelist deleted files, submitted by Vasya Novikov | ||
242 | * security: disable x32 ABI, submitted by Jann Horn | ||
243 | * security: tighten --chroot, submitted by Jann Horn | ||
244 | * security: terminal sandbox escape, submitted by Stephan Sokolow | ||
245 | * feature: clean local overlay storage directory (--overlay-clean) | ||
246 | * bugfixes | ||
247 | -- netblue30 <netblue30@yahoo.com> Tue, 23 Aug 2016 10:00:00 -0500 | ||
248 | |||
157 | firejail (0.9.38) baseline; urgency=low | 249 | firejail (0.9.38) baseline; urgency=low |
158 | * IPv6 support (--ip6 and --netfilter6) | 250 | * IPv6 support (--ip6 and --netfilter6) |
159 | * --join command enhancement (--join-network, --join-filesystem) | 251 | * --join command enhancement (--join-network, --join-filesystem) |