diff options
author | netblue30 <netblue30@protonmail.com> | 2021-06-02 11:28:00 -0400 |
---|---|---|
committer | netblue30 <netblue30@protonmail.com> | 2021-06-02 11:28:00 -0400 |
commit | 4522ccb4ef529fe9cafa60178027be139ce0e592 (patch) | |
tree | ca327d628f10c671701b58b561f34490dadd2590 | |
parent | Update README.md & RELNOTES (diff) | |
download | firejail-4522ccb4ef529fe9cafa60178027be139ce0e592.tar.gz firejail-4522ccb4ef529fe9cafa60178027be139ce0e592.tar.zst firejail-4522ccb4ef529fe9cafa60178027be139ce0e592.zip |
version 0.9.66rc1 released0.9.66rc1
-rw-r--r-- | README | 41 | ||||
-rw-r--r-- | RELNOTES | 5 | ||||
-rwxr-xr-x | configure | 19 | ||||
-rw-r--r-- | configure.ac | 2 | ||||
-rw-r--r-- | src/firejail/checkcfg.c | 2 |
5 files changed, 56 insertions, 13 deletions
@@ -109,6 +109,7 @@ Amin Vakil (https://github.com/aminvakil) | |||
109 | - whois profile fix | 109 | - whois profile fix |
110 | - added profile for strawberry | 110 | - added profile for strawberry |
111 | - w3m profile fix | 111 | - w3m profile fix |
112 | - disable seccomp in wireshark profile | ||
112 | Andreas Hunkeler (https://github.com/Karneades) | 113 | Andreas Hunkeler (https://github.com/Karneades) |
113 | - Add profile for offical Linux Teams application | 114 | - Add profile for offical Linux Teams application |
114 | Andrey Alekseenko (https://github.com/al42and) | 115 | Andrey Alekseenko (https://github.com/al42and) |
@@ -203,6 +204,7 @@ Bundy01 (https://github.com/Bundy01) | |||
203 | - fixup geary | 204 | - fixup geary |
204 | - add gradio profile | 205 | - add gradio profile |
205 | - update virtualbox.profile | 206 | - update virtualbox.profile |
207 | - Quodlibet profile | ||
206 | BytesTuner (https://github.com/BytesTuner) | 208 | BytesTuner (https://github.com/BytesTuner) |
207 | - provided keepassxc profile | 209 | - provided keepassxc profile |
208 | caoliver (https://github.com/caoliver) | 210 | caoliver (https://github.com/caoliver) |
@@ -435,6 +437,8 @@ hamzadis (https://github.com/hamzadis) | |||
435 | - added --overlay-named=name and --overlay-path=path | 437 | - added --overlay-named=name and --overlay-path=path |
436 | Hans-Christoph Steiner (https://github.com/eighthave) | 438 | Hans-Christoph Steiner (https://github.com/eighthave) |
437 | - added xournal profile | 439 | - added xournal profile |
440 | Harald Kubota (https://github.com/haraldkubota) | ||
441 | - zsh completion | ||
438 | hawkey116477 (https://github.com/hawkeye116477) | 442 | hawkey116477 (https://github.com/hawkeye116477) |
439 | - added Waterfox profile | 443 | - added Waterfox profile |
440 | - updated Cyberfox profile | 444 | - updated Cyberfox profile |
@@ -520,6 +524,7 @@ Jose Riha (https://github.com/jose1711) | |||
520 | - Add davfs2 secrets file to blacklist | 524 | - Add davfs2 secrets file to blacklist |
521 | - Add profile for udiskie | 525 | - Add profile for udiskie |
522 | - fix udiskie.profile | 526 | - fix udiskie.profile |
527 | - improve hints for allowing browser access to Gnome extensions connector | ||
523 | jrabe (https://github.com/jrabe) | 528 | jrabe (https://github.com/jrabe) |
524 | - disallow access to kdbx files | 529 | - disallow access to kdbx files |
525 | - Epiphany profile | 530 | - Epiphany profile |
@@ -555,6 +560,7 @@ Kishore96in (https://github.com/Kishore96in) | |||
555 | - jitsi-meet-desktop profile | 560 | - jitsi-meet-desktop profile |
556 | - konversatin profile fix | 561 | - konversatin profile fix |
557 | - added Neochat profile | 562 | - added Neochat profile |
563 | - added whitelist-1793-workaround.inc | ||
558 | KOLANICH (https://github.com/KOLANICH) | 564 | KOLANICH (https://github.com/KOLANICH) |
559 | - added symlink fixer fix_private-bin.py in contrib section | 565 | - added symlink fixer fix_private-bin.py in contrib section |
560 | - update fix_private-bin.py | 566 | - update fix_private-bin.py |
@@ -610,6 +616,8 @@ Mattias Wadman (https://github.com/wader) | |||
610 | - seccomp errno filter support | 616 | - seccomp errno filter support |
611 | Matthew Gyurgyik (https://github.com/pyther) | 617 | Matthew Gyurgyik (https://github.com/pyther) |
612 | - rpm spec and several fixes | 618 | - rpm spec and several fixes |
619 | Matthew Cline (https://github.com/matthew-cline) | ||
620 | - steam profile and dropbox profile fixes | ||
613 | matu3ba (https://github.com/matu3ba) | 621 | matu3ba (https://github.com/matu3ba) |
614 | - evince hardening, dbus removed | 622 | - evince hardening, dbus removed |
615 | - fix dia profile | 623 | - fix dia profile |
@@ -649,12 +657,20 @@ Nick Fox (https://github.com/njfox) | |||
649 | - fix wire-desktop.profile on arch | 657 | - fix wire-desktop.profile on arch |
650 | NickMolloy (https://github.com/NickMolloy) | 658 | NickMolloy (https://github.com/NickMolloy) |
651 | - ARP address length fix | 659 | - ARP address length fix |
660 | Nico (https://github.com/dr460nf1r3) | ||
661 | - added FireDragon profile | ||
662 | Nicola Davide Mannarelli (https://github.com/nidamanx) | ||
663 | - fix "Could not create AF_NETLINK socket" | ||
664 | - added nextcloud profiles | ||
665 | - Firefox, KeepassXC, Telegram fixes | ||
652 | Niklas Haas (https://github.com/haasn) | 666 | Niklas Haas (https://github.com/haasn) |
653 | - blacklisting for keybase.io's client | 667 | - blacklisting for keybase.io's client |
654 | Niklas Goerke (https://github.com/Niklas974) | 668 | Niklas Goerke (https://github.com/Niklas974) |
655 | - update QOwnNotes profile | 669 | - update QOwnNotes profile |
656 | Nikos Chantziaras (https://github.com/realnc) | 670 | Nikos Chantziaras (https://github.com/realnc) |
657 | - fix audio support for Discord | 671 | - fix audio support for Discord |
672 | nolanl (https://github.com/nolanl) | ||
673 | - added localtime to signal-desktop's profile | ||
658 | nyancat18 (https://github.com/nyancat18) | 674 | nyancat18 (https://github.com/nyancat18) |
659 | - added ardour4, dooble, karbon, krita profiles | 675 | - added ardour4, dooble, karbon, krita profiles |
660 | Ondra Nekola (https://github.com/satai) | 676 | Ondra Nekola (https://github.com/satai) |
@@ -702,6 +718,8 @@ Petter Reinholdtsen (pere@hungry.com) | |||
702 | PharmaceuticalCobweb (https://github.com/PharmaceuticalCobweb) | 718 | PharmaceuticalCobweb (https://github.com/PharmaceuticalCobweb) |
703 | - fix quiterss profile | 719 | - fix quiterss profile |
704 | - added profile for gnome-ring | 720 | - added profile for gnome-ring |
721 | pholodniak (https://github.com/pholodniak) | ||
722 | - profstats fixes | ||
705 | pianoslum (https://github.com/pianoslum) | 723 | pianoslum (https://github.com/pianoslum) |
706 | - nodbus breaking evince two-page-view warning | 724 | - nodbus breaking evince two-page-view warning |
707 | pirate486743186 (https://github.com/pirate486743186) | 725 | pirate486743186 (https://github.com/pirate486743186) |
@@ -709,6 +727,17 @@ pirate486743186 (https://github.com/pirate486743186) | |||
709 | - mpsyt profile | 727 | - mpsyt profile |
710 | - fix youtube-dl and mpv | 728 | - fix youtube-dl and mpv |
711 | - fix gnome-mpv profile | 729 | - fix gnome-mpv profile |
730 | - fix gunzip profile | ||
731 | - reorganizing youtube-viewers | ||
732 | - fix pluma profile | ||
733 | - whitelist /var/lib/aspell | ||
734 | - mcomix fixes | ||
735 | - fixing engrampa profile | ||
736 | - adding qcomicbook and pipe-viewer in disable-programs | ||
737 | - newsboat/newsbeuter profiles | ||
738 | - fix atril profile | ||
739 | - rtv profile | ||
740 | - reorganizing links browsers | ||
712 | Pixel Fairy (https://github.com/xahare) | 741 | Pixel Fairy (https://github.com/xahare) |
713 | - added fjclip.py, fjdisplay.py and fjresize.py in contrib section | 742 | - added fjclip.py, fjdisplay.py and fjresize.py in contrib section |
714 | PizzaDude (https://github.com/pizzadude) | 743 | PizzaDude (https://github.com/pizzadude) |
@@ -745,6 +774,7 @@ Rahul Golam (https://github.com/technoLord) | |||
745 | RandomVoid (https://github.com/RandomVoid) | 774 | RandomVoid (https://github.com/RandomVoid) |
746 | - fix building C# projects in Godot | 775 | - fix building C# projects in Godot |
747 | - fix Lutris profile | 776 | - fix Lutris profile |
777 | - fix running games with enabled Feral GameMode in Lutris | ||
748 | Raphaël Droz (https://github.com/drzraf) | 778 | Raphaël Droz (https://github.com/drzraf) |
749 | - zoom profile fixes | 779 | - zoom profile fixes |
750 | realaltffour (https://github.com/realaltffour) | 780 | realaltffour (https://github.com/realaltffour) |
@@ -786,6 +816,8 @@ rusty-snake (https://github.com/rusty-snake) | |||
786 | - some typo fixes | 816 | - some typo fixes |
787 | - added profile templates | 817 | - added profile templates |
788 | - added sort.py to contrib | 818 | - added sort.py to contrib |
819 | sak96 (https://github.com/sak96) | ||
820 | - discord profile fixes | ||
789 | Salvo 'LtWorf' Tomaselli (https://github.com/ltworf) | 821 | Salvo 'LtWorf' Tomaselli (https://github.com/ltworf) |
790 | - fixed ktorrent profile | 822 | - fixed ktorrent profile |
791 | sarneaud (https://github.com/sarneaud) | 823 | sarneaud (https://github.com/sarneaud) |
@@ -814,6 +846,8 @@ sinkuu (https://github.com/sinkuu) | |||
814 | - fix symlink invocation for programs placing symlinks in $PATH | 846 | - fix symlink invocation for programs placing symlinks in $PATH |
815 | Simo Piiroinen (https://github.com/spiiroin) | 847 | Simo Piiroinen (https://github.com/spiiroin) |
816 | - Jolla/SailfishOS patches | 848 | - Jolla/SailfishOS patches |
849 | slowpeek (https://github.com/slowpeek) | ||
850 | - refine appimage example in docs | ||
817 | smitsohu (https://github.com/smitsohu) | 851 | smitsohu (https://github.com/smitsohu) |
818 | - read-only kde4 services directory | 852 | - read-only kde4 services directory |
819 | - enhanced mediathekview profile | 853 | - enhanced mediathekview profile |
@@ -939,6 +973,10 @@ Topi Miettinen (https://github.com/topimiettinen) | |||
939 | - improve loading of seccomp filter and memory-deny-write-execute feature | 973 | - improve loading of seccomp filter and memory-deny-write-execute feature |
940 | - private-lib feature | 974 | - private-lib feature |
941 | - make --nodbus block also system D-Bus socket | 975 | - make --nodbus block also system D-Bus socket |
976 | Ted Robertson (https://github.com/tredondo) | ||
977 | - webstorm profile fixes | ||
978 | - added bcompare profile | ||
979 | - various documentation fixes | ||
942 | user1024 (user1024@tut.by) | 980 | user1024 (user1024@tut.by) |
943 | - electron profile whitelisting | 981 | - electron profile whitelisting |
944 | - fixed Rocket.Chat profile | 982 | - fixed Rocket.Chat profile |
@@ -1003,6 +1041,9 @@ Vladimir Schowalter (https://github.com/VladimirSchowalter20) | |||
1003 | - apparmor profile enhancements | 1041 | - apparmor profile enhancements |
1004 | - various KDE profile enhancements | 1042 | - various KDE profile enhancements |
1005 | read-only kde5 services directory | 1043 | read-only kde5 services directory |
1044 | Vladislav Nepogodin (https://github.com/vnepogodin) | ||
1045 | - added Librewolf profiles | ||
1046 | - added Sway profile | ||
1006 | xee5ch (https://github.com/xee5ch) | 1047 | xee5ch (https://github.com/xee5ch) |
1007 | - skypeforlinux profile | 1048 | - skypeforlinux profile |
1008 | Ypnose (https://github.com/Ypnose) | 1049 | Ypnose (https://github.com/Ypnose) |
@@ -1,6 +1,7 @@ | |||
1 | firejail (0.9.65) baseline; urgency=low | 1 | firejail (0.9.65) baseline; urgency=low |
2 | * deprecated --audit options, relpaced by jailtest | 2 | * deprecated --audit options, relpaced by jailcheck utility |
3 | * deprecated follow-symlink-as-user from firejail.config | 3 | * deprecated follow-symlink-as-user from firejail.config |
4 | * rename --noautopulse to keep-config-pulse | ||
4 | * filtering environment variables | 5 | * filtering environment variables |
5 | * zsh completion | 6 | * zsh completion |
6 | * command line: --mkdir, --mkfile | 7 | * command line: --mkdir, --mkfile |
@@ -33,7 +34,7 @@ firejail (0.9.65) baseline; urgency=low | |||
33 | * neverball-wrapper, neverputt-wrapper, supertuxkart-wrapper, neochat, | 34 | * neverball-wrapper, neverputt-wrapper, supertuxkart-wrapper, neochat, |
34 | * cargo, LibreCAD, blobby, funnyboat, pipe-viewer, gtk-pipe-viewer | 35 | * cargo, LibreCAD, blobby, funnyboat, pipe-viewer, gtk-pipe-viewer |
35 | * links2, xlinks2 | 36 | * links2, xlinks2 |
36 | -- netblue30 <netblue30@yahoo.com> Tue, 9 Feb 2021 09:00:00 -0500 | 37 | -- netblue30 <netblue30@yahoo.com> Wed, 2 Jun 2021 09:00:00 -0500 |
37 | 38 | ||
38 | firejail (0.9.64.4) baseline; urgency=low | 39 | firejail (0.9.64.4) baseline; urgency=low |
39 | * disabled overlayfs, pending multiple fixes (CVE-2021-26910) | 40 | * disabled overlayfs, pending multiple fixes (CVE-2021-26910) |
@@ -1,6 +1,6 @@ | |||
1 | #! /bin/sh | 1 | #! /bin/sh |
2 | # Guess values for system-dependent variables and create Makefiles. | 2 | # Guess values for system-dependent variables and create Makefiles. |
3 | # Generated by GNU Autoconf 2.69 for firejail 0.9.65. | 3 | # Generated by GNU Autoconf 2.69 for firejail 0.9.66rc1. |
4 | # | 4 | # |
5 | # Report bugs to <netblue30@protonmail.com>. | 5 | # Report bugs to <netblue30@protonmail.com>. |
6 | # | 6 | # |
@@ -580,8 +580,8 @@ MAKEFLAGS= | |||
580 | # Identity of this package. | 580 | # Identity of this package. |
581 | PACKAGE_NAME='firejail' | 581 | PACKAGE_NAME='firejail' |
582 | PACKAGE_TARNAME='firejail' | 582 | PACKAGE_TARNAME='firejail' |
583 | PACKAGE_VERSION='0.9.65' | 583 | PACKAGE_VERSION='0.9.66rc1' |
584 | PACKAGE_STRING='firejail 0.9.65' | 584 | PACKAGE_STRING='firejail 0.9.66rc1' |
585 | PACKAGE_BUGREPORT='netblue30@protonmail.com' | 585 | PACKAGE_BUGREPORT='netblue30@protonmail.com' |
586 | PACKAGE_URL='https://firejail.wordpress.com' | 586 | PACKAGE_URL='https://firejail.wordpress.com' |
587 | 587 | ||
@@ -1299,7 +1299,7 @@ if test "$ac_init_help" = "long"; then | |||
1299 | # Omit some internal or obsolete options to make the list less imposing. | 1299 | # Omit some internal or obsolete options to make the list less imposing. |
1300 | # This message is too long to be a string in the A/UX 3.1 sh. | 1300 | # This message is too long to be a string in the A/UX 3.1 sh. |
1301 | cat <<_ACEOF | 1301 | cat <<_ACEOF |
1302 | \`configure' configures firejail 0.9.65 to adapt to many kinds of systems. | 1302 | \`configure' configures firejail 0.9.66rc1 to adapt to many kinds of systems. |
1303 | 1303 | ||
1304 | Usage: $0 [OPTION]... [VAR=VALUE]... | 1304 | Usage: $0 [OPTION]... [VAR=VALUE]... |
1305 | 1305 | ||
@@ -1361,7 +1361,7 @@ fi | |||
1361 | 1361 | ||
1362 | if test -n "$ac_init_help"; then | 1362 | if test -n "$ac_init_help"; then |
1363 | case $ac_init_help in | 1363 | case $ac_init_help in |
1364 | short | recursive ) echo "Configuration of firejail 0.9.65:";; | 1364 | short | recursive ) echo "Configuration of firejail 0.9.66rc1:";; |
1365 | esac | 1365 | esac |
1366 | cat <<\_ACEOF | 1366 | cat <<\_ACEOF |
1367 | 1367 | ||
@@ -1481,7 +1481,7 @@ fi | |||
1481 | test -n "$ac_init_help" && exit $ac_status | 1481 | test -n "$ac_init_help" && exit $ac_status |
1482 | if $ac_init_version; then | 1482 | if $ac_init_version; then |
1483 | cat <<\_ACEOF | 1483 | cat <<\_ACEOF |
1484 | firejail configure 0.9.65 | 1484 | firejail configure 0.9.66rc1 |
1485 | generated by GNU Autoconf 2.69 | 1485 | generated by GNU Autoconf 2.69 |
1486 | 1486 | ||
1487 | Copyright (C) 2012 Free Software Foundation, Inc. | 1487 | Copyright (C) 2012 Free Software Foundation, Inc. |
@@ -1783,7 +1783,7 @@ cat >config.log <<_ACEOF | |||
1783 | This file contains any messages produced by compilers while | 1783 | This file contains any messages produced by compilers while |
1784 | running configure, to aid debugging if configure makes a mistake. | 1784 | running configure, to aid debugging if configure makes a mistake. |
1785 | 1785 | ||
1786 | It was created by firejail $as_me 0.9.65, which was | 1786 | It was created by firejail $as_me 0.9.66rc1, which was |
1787 | generated by GNU Autoconf 2.69. Invocation command line was | 1787 | generated by GNU Autoconf 2.69. Invocation command line was |
1788 | 1788 | ||
1789 | $ $0 $@ | 1789 | $ $0 $@ |
@@ -4910,7 +4910,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 | |||
4910 | # report actual input values of CONFIG_FILES etc. instead of their | 4910 | # report actual input values of CONFIG_FILES etc. instead of their |
4911 | # values after options handling. | 4911 | # values after options handling. |
4912 | ac_log=" | 4912 | ac_log=" |
4913 | This file was extended by firejail $as_me 0.9.65, which was | 4913 | This file was extended by firejail $as_me 0.9.66rc1, which was |
4914 | generated by GNU Autoconf 2.69. Invocation command line was | 4914 | generated by GNU Autoconf 2.69. Invocation command line was |
4915 | 4915 | ||
4916 | CONFIG_FILES = $CONFIG_FILES | 4916 | CONFIG_FILES = $CONFIG_FILES |
@@ -4964,7 +4964,7 @@ _ACEOF | |||
4964 | cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 | 4964 | cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 |
4965 | ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" | 4965 | ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" |
4966 | ac_cs_version="\\ | 4966 | ac_cs_version="\\ |
4967 | firejail config.status 0.9.65 | 4967 | firejail config.status 0.9.66rc1 |
4968 | configured by $0, generated by GNU Autoconf 2.69, | 4968 | configured by $0, generated by GNU Autoconf 2.69, |
4969 | with options \\"\$ac_cs_config\\" | 4969 | with options \\"\$ac_cs_config\\" |
4970 | 4970 | ||
@@ -5559,6 +5559,7 @@ if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then | |||
5559 | $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;} | 5559 | $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;} |
5560 | fi | 5560 | fi |
5561 | 5561 | ||
5562 | |||
5562 | cat <<EOF | 5563 | cat <<EOF |
5563 | 5564 | ||
5564 | Configuration options: | 5565 | Configuration options: |
diff --git a/configure.ac b/configure.ac index 0eb616355..f37db5926 100644 --- a/configure.ac +++ b/configure.ac | |||
@@ -12,7 +12,7 @@ | |||
12 | # | 12 | # |
13 | 13 | ||
14 | AC_PREREQ([2.68]) | 14 | AC_PREREQ([2.68]) |
15 | AC_INIT([firejail],[0.9.65],[netblue30@protonmail.com],[],[https://firejail.wordpress.com]) | 15 | AC_INIT([firejail],[0.9.66rc1],[netblue30@protonmail.com],[],[https://firejail.wordpress.com]) |
16 | AC_CONFIG_SRCDIR([src/firejail/main.c]) | 16 | AC_CONFIG_SRCDIR([src/firejail/main.c]) |
17 | 17 | ||
18 | AC_CONFIG_MACRO_DIR([m4]) | 18 | AC_CONFIG_MACRO_DIR([m4]) |
diff --git a/src/firejail/checkcfg.c b/src/firejail/checkcfg.c index cb087d395..6726abdc8 100644 --- a/src/firejail/checkcfg.c +++ b/src/firejail/checkcfg.c | |||
@@ -294,7 +294,7 @@ errout: | |||
294 | 294 | ||
295 | void print_compiletime_support(void) { | 295 | void print_compiletime_support(void) { |
296 | printf("Compile time support:\n"); | 296 | printf("Compile time support:\n"); |
297 | printf("\t- Always force nonewprivs support is %s\n", | 297 | printf("\t- always force nonewprivs support is %s\n", |
298 | #ifdef HAVE_FORCE_NONEWPRIVS | 298 | #ifdef HAVE_FORCE_NONEWPRIVS |
299 | "enabled" | 299 | "enabled" |
300 | #else | 300 | #else |