clean make cppcheck

author: netblue30 <netblue30@yahoo.com> 2020-08-10 07:31:38 -0400
committer: netblue30 <netblue30@yahoo.com> 2020-08-10 07:31:38 -0400
commit: 66a0f7288fc627f1f9e2e6bb6f08a55cfb03e598 (patch)
tree: 0b8a49bbf7053b2e72698acfdd67c1549178a1f9
parent: Merge branch 'release-0.9.62' of https://github.com/netblue30/firejail into r... (diff)
download: firejail-66a0f7288fc627f1f9e2e6bb6f08a55cfb03e598.tar.gz
firejail-66a0f7288fc627f1f9e2e6bb6f08a55cfb03e598.tar.zst
firejail-66a0f7288fc627f1f9e2e6bb6f08a55cfb03e598.zip
3 files changed, 72 insertions, 9 deletions
diff --git a/README b/README
index 1a7f5cea0..cf6579265 100644
--- a/README
+++ b/README
@@ -29,7 +29,7 @@ development libraries and pkg-config are required when using --apparmor
 $ sudo apt-get install git build-essential libapparmor-dev pkg-config
+For --selinux option, add libselinux1-dev (libselinux-devel for Fedora).
 Maintainer:
 - netblue30 (netblue30@yahoo.com)
@@ -37,8 +37,10 @@ Maintainer:
 Committers
 - chiraag-nataraj (https://github.com/chiraag-nataraj)
 - crass (https://github.com/crass)
+- curiosityseeker (https://github.com/curiosityseeker)
 - glitsj16 (https://github.com/glitsj16)
 - Fred-Barclay (https://github.com/Fred-Barclay)
+- Kristóf Marussy (https://github.com/kris7t)
 - Reiner Herrmann (https://github.com/reinerh - Debian/Ubuntu maintainer)
 - rusty-snake (https://github.com/rusty-snake)
 - smithsohu (https://github.com/smitsohu)
@@ -53,13 +55,17 @@ Committers
 Firejail Authors (alphabetical order)
-7twin (https://github.com/7twin_
+0x7969 (https://github.com/0x7969)
+        - fix wire-desktop.profile
+        - add ferdi.profile
+7twin (https://github.com/7twin_)
        - fix typos
        - fix flameshot raw screenshots
 1dnrr (https://github.com/1dnrr)
        - add pybitmessage profile
 Adrian L. Shaw (https://github.com/adrianlshaw)
        - add profanity profile
+        - add barrirer profile
 Aidan Gauland (https://github.com/aidalgol)
        - added electron and riot-web profiles
 Akhil Hans Maulloo (https://github.com/kouul)
@@ -89,11 +95,18 @@ Alexander Gerasiov (https://github.com/gerasiov)
        - profile updates
 Alexander Stein (https://github.com/ajstein)
        - added profile for qutebrowser
+Amin Vakil (https://github.com/aminvakil)
+        - whois profile fix
+        - added profile for strawberry
+Andreas Hunkeler (https://github.com/Karneades)
+        - Add profile for offical Linux Teams application
 Andrey Alekseenko (https://github.com/al42and)
        - fixing lintian warnings
        - fixed Skype profile
 andrew160 (https://github.com/andrew160)
        - profile and man pages fixes
+Andrew Branson (https://github.com/abranson)
+        - 32bit ARM syscall table
 announ (https://github.com/announ)
        - mpv and youtube-dl profile fixes
        - git profile fix
@@ -101,13 +114,20 @@ announ (https://github.com/announ)
 Antonio Russo (https://github.com/aerusso)
        - enumerate root directories in apparmor profile
        - fix join-or-start
+        - wusc fixes
+        - okular profile fixes
+        - manpage fixes
 aoand (https://github.com/aoand)
        - seccomp fix: allow numeric syscalls
+Atrate (https://github.com/Atrate)
+        - BetterDiscord support
 Austin Morton (https://github.com/apmorton)
        - deterministic-exit-code option
        - private-cwd options
 Austin S. Hemmelgarn (https://github.com/Ferroin)
        - unbound profile update
+Avi Lumelsky (https://github.com/avilum)
+        - syscall.sh improvements
 avoidr (https://github.com/avoidr)
        - whitelist fix
        - recently-used.xbel fix
@@ -156,10 +176,16 @@ BytesTuner (https://github.com/BytesTuner)
        - provided keepassxc profile
 caoliver (https://github.com/caoliver)
        - network system fixes
+Carlo Abelli (https://github.com/carloabelli)
+        - fixed udiskie profile
+        - Allow mbind syscall for GIMP
 Cat (https://github.com/ecat3)
        - prevent tmux connecting to an existing session
+Christian Pinedo (https://github.com/chrpinedo)
+        - added nicotine profile
 creideiki (https://github.com/creideiki)
        - make the sandbox process reap all children
+        - tor browser profile fix
 chiraag-nataraj (https://github.com/chiraag-nataraj)
        - support for newer Xpra versions (2.1+)
        - added Viber, amule, ardour5, brackets, calligra, cin, fetchmail profiles
@@ -178,7 +204,8 @@ crass (https://github.com/crass)
        - extract_command_name fixes
        - update appimage size calculation to newest code from libappimage
        - firejail should look for processes with names exactly named
-curiosity-seeker (https://github.com/curiosity-seeker)
+curiosity-seeker (https://github.com/curiosity-seeker - old)
+curiosityseeker (https://github.com/curiosityseeker - new)
        - tightening unbound and dnscrypt-proxy profiles
        - correct and tighten QuiteRss profile
        - dnsmasq profile
@@ -195,6 +222,8 @@ curiosity-seeker (https://github.com/curiosity-seeker)
        - added cantata profile
        - updated keypassxc profile
        - added syscalls.sh, which determine the necessary syscalls for a program
+        - fixed conky profile
+        - thunderbird.profile: harden and enable the rules necessary to make Firefox open links
 da2x (https://github.com/da2x)
        - matched RPM license tag
 Daan Bakker (https://github.com/dbakker)
@@ -209,6 +238,8 @@ Dara Adib (https://github.com/daradib)
        - evince profile fix
 David Thole (https://github.com/TheDarkTrumpet)
        - added profile for teams-for-linux
+Davide Beatrici (https://github.com/davidebeatrici)
+        - steam.profile: correctly blacklist unneeded directories in user's home
 Deelvesh Bunjun (https://github.com/DeelveshBunjun)
        - added xpdf profile
 Denys Havrysh (https://github.com/vutny)
@@ -222,6 +253,9 @@ DiGitHubCap (https://github.com/DiGitHubCap)
        - deluge profile fix
 Disconnect3d (https://github.com/disconnect3d)
        - code cleanup
+dmfreemon (https://github.com/dmfreemon)
+        - add sandbox name or name of private directory to the window title when xpra is used
+        - handle malloc() failures; use gnu_basename() instead of basenaem()
 dshmgh (https://github.com/dshmgh)
        - overlayfs fix for systems with /home mounted on a separate partition
 Duncan Overbruck (https://github.com/Duncaen)
@@ -242,6 +276,10 @@ Fabian Würfl (https://github.com/BafDyce)
        - Liferea profile
 Felipe Barriga Richards (https://github.com/fbarriga)
        - --private-etc fix
+Florian Begusch (https://github.com/florianbegusch)
+        - (la)tex profiles
+        - fixed transmission-common.profile
+        - fixed standardnotes-desktop.profile
 floxo (https://github.com/floxo)
        - fixed qml disk cache issue
 Franco (nextime) Lanza (https://github.com/nextime)
@@ -332,6 +370,8 @@ glitsj16 (https://github.com/glitsj16)
        - new profiles: masterpdfeditor
 gm10 (https://github.com/gm10)
        - get_user() do not use the unreliable getlogin()
+GovanifY (https://github.com/GovanifY)
+        - Blacklisting openrc paths by defaults
 graywolf (https://github.com/graywolf)
        - spelling fix
 greigdp (https://github.com/greigdp)
@@ -343,8 +383,12 @@ grizzlyuser (https://github.com/grizzlyuser)
        - added support for youtube-dl in smplayer profile
 GSI (https://github.com/GSI)
        - added Uzbl browser profile
+haarp (https://github.com/haarp)
+        - Allow sound for hexchat
 hamzadis (https://github.com/hamzadis)
        - added --overlay-named=name and --overlay-path=path
+Hans-Christoph Steiner (https://github.com/eighthave)
+        - added xournal profile
 hawkey116477 (https://github.com/hawkeye116477)
        - added Waterfox profile
        - updated Cyberfox profile
@@ -444,6 +488,10 @@ Kishore96in (https://github.com/Kishore96in)
        - added falkon profile
 KOLANICH (https://github.com/KOLANICH)
        - added symlink fixer fix_private-bin.py in contrib section
+        - update fix_private-bin.py
+        - fix meld
+Kristóf Marussy (https://github.com/kris7t)
+        - dns support
 Kunal Mehta (https://github.com/legoktm)
        - converted all links to https in manpages
 laniakea64 (https://github.com/laniakea64)
@@ -456,12 +504,17 @@ LaurentGH (https://github.com/LaurentGH)
        - allow private-bin parameters to be absolute paths
 Loïc Damien (https://github.com/dzamlo)
        - small fixes
+Liorst4 (https://github.com/Liorst4)
+        - Preserve CFLAGS given to configure in common.mk.in
+        - fix emacs config to load as read-write
 Lockdis (https://github.com/Lockdis)
        - Added crow, nyx, and google-earth-pro profiles
 Lukáš Krejčí (https://github.com/lskrejci)
        - fixed parsing of --keep-var-tmp
 luzpaz (https://github.com/luzpaz)
        - code spelling fixes
+Mace Muilman (https://github.com/mace015)
+        - google-chrome{,beta,unstable} flags
 maces (https://github.com/maces)
        - Franz messenger profile
 Madura A (https://github.com/manushanga)
@@ -486,6 +539,7 @@ Matthew Gyurgyik (https://github.com/pyther)
 matu3ba (https://github.com/matu3ba)
        - evince hardening, dbus removed
        - fix dia profile
+        - several template fixes
 maxice8 (https://github.com/maxice8)
        - fixed missing header
 Melvin Vermeeren (https://github.com/melvinvermeeren)
@@ -503,6 +557,8 @@ mustaqimM (https://github.com/mustaqimM)
    - added profile for Nylas Mail
 n1trux (https://github.com/n1trux)
        - fix flashpeak-slimjet profile typos
+nblock (https://github.com/nblock)
+        - cmus: allow access to resolv.conf
 Nick Fox (https://github.com/njfox)
        - add a profile alias for code-oss
        - add code-oss config directory
@@ -546,6 +602,8 @@ Peter Hogg (https://github.com/pigmonkey)
        - bitlbee profile fixes
        - mutt profile fixes
        - fixes for youtube-dl in mpv profile
+Peter Sanford (https://github.com/psanford)
+        - fix QtWebEngine in zoom
 Petter Reinholdtsen (pere@hungry.com)
        - Opera profile patch
 PharmaceuticalCobweb (https://github.com/PharmaceuticalCobweb)
@@ -565,6 +623,8 @@ PizzaDude (https://github.com/pizzadude)
        - added profile for torbrowser-launcher
        - added profile for sayonara and qmmp
        - remove tracelog from Firefox profile
+polyzen (https://github.com/polyzen)
+        - fixed wusc issue with mpv/Vulkan
 probonopd (https://github.com/probonopd)
        - automatic build on Travis CI
 pshpsh (https://github.com/pshpsh)
@@ -579,6 +639,7 @@ Quentin Minster (https://github.com/laomaiweng)
        - propagate --quiet to children Firejail'ed processes
        - nodbus enhancements/bugfixes
        - added vim syntax and ftdetect files
+        - Allow exec from /usr/libexec & co. with AppArmor
 Rafael Cavalcanti (https://github.com/rccavalcanti)
        - chromium profile fixes for Arch Linux
 Rahiel Kasim (https://github.com/rahiel)
@@ -739,6 +800,7 @@ StelFux (https://github.com/StelFux)
        - Fix youtube video in totem
 the-antz (https://github.com/the-antz)
        - Fix libx265 encoding in ffmpeg profile
+        - Fix Firefox profile
        - Profile tweaks
 thewisenerd (https://github.com/thewisenerd)
        - allow multiple private-home commands
@@ -859,4 +921,4 @@ Zack Weinberg (https://github.com/zackw)
          with firejail --x11
        - support for xpra-extra-params in firejail.config
-Copyright (C) 2014-2019 Firejail Authors
+Copyright (C) 2014-2020 Firejail Authors
diff --git a/RELNOTES b/RELNOTES
index d31145c83..cd7c6f33b 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -1,5 +1,4 @@
 firejail (0.9.62.2) baseline; urgency=low
-  * work in progress
  * patches from Debian (firejail 0.9.62-3, sid):
         profile-fixes.patch, apparmor-include.patch
  * patches from Debian (firejail 0.9.64-4, sid)
@@ -8,7 +7,8 @@ firejail (0.9.62.2) baseline; urgency=low
  * patches from Debian (firejail 0.9.64-4, sid)
         element-profile.patch,  usrsharedoc.patch,
         pathnames.patch, usr-share-firefox.patch
- -- netblue30 <netblue30@yahoo.com>  Fri, 7 Aug 2020 08:00:00 -0500
+  * additional hardening and bug fixes
+ -- netblue30 <netblue30@yahoo.com>  Fri, 10 Aug 2020 08:00:00 -0500
 firejail (0.9.62) baseline; urgency=low
  * added file-copy-limit in /etc/firejail/firejail.config
diff --git a/src/firejail/macros.c b/src/firejail/macros.c
index ef64178b5..17ccbdff2 100644
--- a/src/firejail/macros.c
+++ b/src/firejail/macros.c
@@ -300,13 +300,14 @@ void invalid_filename(const char *fname, int globbing) {
        size_t i = 0;
        while (ptr[i] != '\0') {
                if (iscntrl((unsigned char) ptr[i])) {
-                        fprintf(stderr, "Error: \"%s\" is an invalid filename: no control characters allowed\n",
+                        char *msg = fix_control_chars(fname);
-                                fix_control_chars(fname));
+                        fprintf(stderr, "Error: \"%s\" is an invalid filename: no control characters allowed\n", msg);
+                        free(msg);
                        exit(1);
                }
                i++;
        }
-        
        char *reject;
        if (globbing)
                reject = "\\&!\"'<>%^{};,"; // file globbing ('*?[]') is allowed
author	netblue30 <netblue30@yahoo.com>	2020-08-10 07:31:38 -0400
committer	netblue30 <netblue30@yahoo.com>	2020-08-10 07:31:38 -0400
commit	66a0f7288fc627f1f9e2e6bb6f08a55cfb03e598 (patch)
tree	0b8a49bbf7053b2e72698acfdd67c1549178a1f9
parent	Merge branch 'release-0.9.62' of https://github.com/netblue30/firejail into r... (diff)
download	firejail-66a0f7288fc627f1f9e2e6bb6f08a55cfb03e598.tar.gz firejail-66a0f7288fc627f1f9e2e6bb6f08a55cfb03e598.tar.zst firejail-66a0f7288fc627f1f9e2e6bb6f08a55cfb03e598.zip

diff --git a/README b/README index 1a7f5cea0..cf6579265 100644 --- a/README +++ b/README
@@ -29,7 +29,7 @@ development libraries and pkg-config are required when using --apparmor
29		29
30	$ sudo apt-get install git build-essential libapparmor-dev pkg-config	30	$ sudo apt-get install git build-essential libapparmor-dev pkg-config
31		31
32		32	For --selinux option, add libselinux1-dev (libselinux-devel for Fedora).
33		33
34	Maintainer:	34	Maintainer:
35	- netblue30 (netblue30@yahoo.com)	35	- netblue30 (netblue30@yahoo.com)
@@ -37,8 +37,10 @@ Maintainer:
37	Committers	37	Committers
38	- chiraag-nataraj (https://github.com/chiraag-nataraj)	38	- chiraag-nataraj (https://github.com/chiraag-nataraj)
39	- crass (https://github.com/crass)	39	- crass (https://github.com/crass)
		40	- curiosityseeker (https://github.com/curiosityseeker)
40	- glitsj16 (https://github.com/glitsj16)	41	- glitsj16 (https://github.com/glitsj16)
41	- Fred-Barclay (https://github.com/Fred-Barclay)	42	- Fred-Barclay (https://github.com/Fred-Barclay)
		43	- Kristóf Marussy (https://github.com/kris7t)
42	- Reiner Herrmann (https://github.com/reinerh - Debian/Ubuntu maintainer)	44	- Reiner Herrmann (https://github.com/reinerh - Debian/Ubuntu maintainer)
43	- rusty-snake (https://github.com/rusty-snake)	45	- rusty-snake (https://github.com/rusty-snake)
44	- smithsohu (https://github.com/smitsohu)	46	- smithsohu (https://github.com/smitsohu)
@@ -53,13 +55,17 @@ Committers
53		55
54	Firejail Authors (alphabetical order)	56	Firejail Authors (alphabetical order)
55		57
56	7twin (https://github.com/7twin_	58	0x7969 (https://github.com/0x7969)
		59	- fix wire-desktop.profile
		60	- add ferdi.profile
		61	7twin (https://github.com/7twin_)
57	- fix typos	62	- fix typos
58	- fix flameshot raw screenshots	63	- fix flameshot raw screenshots
59	1dnrr (https://github.com/1dnrr)	64	1dnrr (https://github.com/1dnrr)
60	- add pybitmessage profile	65	- add pybitmessage profile
61	Adrian L. Shaw (https://github.com/adrianlshaw)	66	Adrian L. Shaw (https://github.com/adrianlshaw)
62	- add profanity profile	67	- add profanity profile
		68	- add barrirer profile
63	Aidan Gauland (https://github.com/aidalgol)	69	Aidan Gauland (https://github.com/aidalgol)
64	- added electron and riot-web profiles	70	- added electron and riot-web profiles
65	Akhil Hans Maulloo (https://github.com/kouul)	71	Akhil Hans Maulloo (https://github.com/kouul)
@@ -89,11 +95,18 @@ Alexander Gerasiov (https://github.com/gerasiov)
89	- profile updates	95	- profile updates
90	Alexander Stein (https://github.com/ajstein)	96	Alexander Stein (https://github.com/ajstein)
91	- added profile for qutebrowser	97	- added profile for qutebrowser
		98	Amin Vakil (https://github.com/aminvakil)
		99	- whois profile fix
		100	- added profile for strawberry
		101	Andreas Hunkeler (https://github.com/Karneades)
		102	- Add profile for offical Linux Teams application
92	Andrey Alekseenko (https://github.com/al42and)	103	Andrey Alekseenko (https://github.com/al42and)
93	- fixing lintian warnings	104	- fixing lintian warnings
94	- fixed Skype profile	105	- fixed Skype profile
95	andrew160 (https://github.com/andrew160)	106	andrew160 (https://github.com/andrew160)
96	- profile and man pages fixes	107	- profile and man pages fixes
		108	Andrew Branson (https://github.com/abranson)
		109	- 32bit ARM syscall table
97	announ (https://github.com/announ)	110	announ (https://github.com/announ)
98	- mpv and youtube-dl profile fixes	111	- mpv and youtube-dl profile fixes
99	- git profile fix	112	- git profile fix
@@ -101,13 +114,20 @@ announ (https://github.com/announ)
101	Antonio Russo (https://github.com/aerusso)	114	Antonio Russo (https://github.com/aerusso)
102	- enumerate root directories in apparmor profile	115	- enumerate root directories in apparmor profile
103	- fix join-or-start	116	- fix join-or-start
		117	- wusc fixes
		118	- okular profile fixes
		119	- manpage fixes
104	aoand (https://github.com/aoand)	120	aoand (https://github.com/aoand)
105	- seccomp fix: allow numeric syscalls	121	- seccomp fix: allow numeric syscalls
		122	Atrate (https://github.com/Atrate)
		123	- BetterDiscord support
106	Austin Morton (https://github.com/apmorton)	124	Austin Morton (https://github.com/apmorton)
107	- deterministic-exit-code option	125	- deterministic-exit-code option
108	- private-cwd options	126	- private-cwd options
109	Austin S. Hemmelgarn (https://github.com/Ferroin)	127	Austin S. Hemmelgarn (https://github.com/Ferroin)
110	- unbound profile update	128	- unbound profile update
		129	Avi Lumelsky (https://github.com/avilum)
		130	- syscall.sh improvements
111	avoidr (https://github.com/avoidr)	131	avoidr (https://github.com/avoidr)
112	- whitelist fix	132	- whitelist fix
113	- recently-used.xbel fix	133	- recently-used.xbel fix
@@ -156,10 +176,16 @@ BytesTuner (https://github.com/BytesTuner)
156	- provided keepassxc profile	176	- provided keepassxc profile
157	caoliver (https://github.com/caoliver)	177	caoliver (https://github.com/caoliver)
158	- network system fixes	178	- network system fixes
		179	Carlo Abelli (https://github.com/carloabelli)
		180	- fixed udiskie profile
		181	- Allow mbind syscall for GIMP
159	Cat (https://github.com/ecat3)	182	Cat (https://github.com/ecat3)
160	- prevent tmux connecting to an existing session	183	- prevent tmux connecting to an existing session
		184	Christian Pinedo (https://github.com/chrpinedo)
		185	- added nicotine profile
161	creideiki (https://github.com/creideiki)	186	creideiki (https://github.com/creideiki)
162	- make the sandbox process reap all children	187	- make the sandbox process reap all children
		188	- tor browser profile fix
163	chiraag-nataraj (https://github.com/chiraag-nataraj)	189	chiraag-nataraj (https://github.com/chiraag-nataraj)
164	- support for newer Xpra versions (2.1+)	190	- support for newer Xpra versions (2.1+)
165	- added Viber, amule, ardour5, brackets, calligra, cin, fetchmail profiles	191	- added Viber, amule, ardour5, brackets, calligra, cin, fetchmail profiles
@@ -178,7 +204,8 @@ crass (https://github.com/crass)
178	- extract_command_name fixes	204	- extract_command_name fixes
179	- update appimage size calculation to newest code from libappimage	205	- update appimage size calculation to newest code from libappimage
180	- firejail should look for processes with names exactly named	206	- firejail should look for processes with names exactly named
181	curiosity-seeker (https://github.com/curiosity-seeker)	207	curiosity-seeker (https://github.com/curiosity-seeker - old)
		208	curiosityseeker (https://github.com/curiosityseeker - new)
182	- tightening unbound and dnscrypt-proxy profiles	209	- tightening unbound and dnscrypt-proxy profiles
183	- correct and tighten QuiteRss profile	210	- correct and tighten QuiteRss profile
184	- dnsmasq profile	211	- dnsmasq profile
@@ -195,6 +222,8 @@ curiosity-seeker (https://github.com/curiosity-seeker)
195	- added cantata profile	222	- added cantata profile
196	- updated keypassxc profile	223	- updated keypassxc profile
197	- added syscalls.sh, which determine the necessary syscalls for a program	224	- added syscalls.sh, which determine the necessary syscalls for a program
		225	- fixed conky profile
		226	- thunderbird.profile: harden and enable the rules necessary to make Firefox open links
198	da2x (https://github.com/da2x)	227	da2x (https://github.com/da2x)
199	- matched RPM license tag	228	- matched RPM license tag
200	Daan Bakker (https://github.com/dbakker)	229	Daan Bakker (https://github.com/dbakker)
@@ -209,6 +238,8 @@ Dara Adib (https://github.com/daradib)
209	- evince profile fix	238	- evince profile fix
210	David Thole (https://github.com/TheDarkTrumpet)	239	David Thole (https://github.com/TheDarkTrumpet)
211	- added profile for teams-for-linux	240	- added profile for teams-for-linux
		241	Davide Beatrici (https://github.com/davidebeatrici)
		242	- steam.profile: correctly blacklist unneeded directories in user's home
212	Deelvesh Bunjun (https://github.com/DeelveshBunjun)	243	Deelvesh Bunjun (https://github.com/DeelveshBunjun)
213	- added xpdf profile	244	- added xpdf profile
214	Denys Havrysh (https://github.com/vutny)	245	Denys Havrysh (https://github.com/vutny)
@@ -222,6 +253,9 @@ DiGitHubCap (https://github.com/DiGitHubCap)
222	- deluge profile fix	253	- deluge profile fix
223	Disconnect3d (https://github.com/disconnect3d)	254	Disconnect3d (https://github.com/disconnect3d)
224	- code cleanup	255	- code cleanup
		256	dmfreemon (https://github.com/dmfreemon)
		257	- add sandbox name or name of private directory to the window title when xpra is used
		258	- handle malloc() failures; use gnu_basename() instead of basenaem()
225	dshmgh (https://github.com/dshmgh)	259	dshmgh (https://github.com/dshmgh)
226	- overlayfs fix for systems with /home mounted on a separate partition	260	- overlayfs fix for systems with /home mounted on a separate partition
227	Duncan Overbruck (https://github.com/Duncaen)	261	Duncan Overbruck (https://github.com/Duncaen)
@@ -242,6 +276,10 @@ Fabian Würfl (https://github.com/BafDyce)
242	- Liferea profile	276	- Liferea profile
243	Felipe Barriga Richards (https://github.com/fbarriga)	277	Felipe Barriga Richards (https://github.com/fbarriga)
244	- --private-etc fix	278	- --private-etc fix
		279	Florian Begusch (https://github.com/florianbegusch)
		280	- (la)tex profiles
		281	- fixed transmission-common.profile
		282	- fixed standardnotes-desktop.profile
245	floxo (https://github.com/floxo)	283	floxo (https://github.com/floxo)
246	- fixed qml disk cache issue	284	- fixed qml disk cache issue
247	Franco (nextime) Lanza (https://github.com/nextime)	285	Franco (nextime) Lanza (https://github.com/nextime)
@@ -332,6 +370,8 @@ glitsj16 (https://github.com/glitsj16)
332	- new profiles: masterpdfeditor	370	- new profiles: masterpdfeditor
333	gm10 (https://github.com/gm10)	371	gm10 (https://github.com/gm10)
334	- get_user() do not use the unreliable getlogin()	372	- get_user() do not use the unreliable getlogin()
		373	GovanifY (https://github.com/GovanifY)
		374	- Blacklisting openrc paths by defaults
335	graywolf (https://github.com/graywolf)	375	graywolf (https://github.com/graywolf)
336	- spelling fix	376	- spelling fix
337	greigdp (https://github.com/greigdp)	377	greigdp (https://github.com/greigdp)
@@ -343,8 +383,12 @@ grizzlyuser (https://github.com/grizzlyuser)
343	- added support for youtube-dl in smplayer profile	383	- added support for youtube-dl in smplayer profile
344	GSI (https://github.com/GSI)	384	GSI (https://github.com/GSI)
345	- added Uzbl browser profile	385	- added Uzbl browser profile
		386	haarp (https://github.com/haarp)
		387	- Allow sound for hexchat
346	hamzadis (https://github.com/hamzadis)	388	hamzadis (https://github.com/hamzadis)
347	- added --overlay-named=name and --overlay-path=path	389	- added --overlay-named=name and --overlay-path=path
		390	Hans-Christoph Steiner (https://github.com/eighthave)
		391	- added xournal profile
348	hawkey116477 (https://github.com/hawkeye116477)	392	hawkey116477 (https://github.com/hawkeye116477)
349	- added Waterfox profile	393	- added Waterfox profile
350	- updated Cyberfox profile	394	- updated Cyberfox profile
@@ -444,6 +488,10 @@ Kishore96in (https://github.com/Kishore96in)
444	- added falkon profile	488	- added falkon profile
445	KOLANICH (https://github.com/KOLANICH)	489	KOLANICH (https://github.com/KOLANICH)
446	- added symlink fixer fix_private-bin.py in contrib section	490	- added symlink fixer fix_private-bin.py in contrib section
		491	- update fix_private-bin.py
		492	- fix meld
		493	Kristóf Marussy (https://github.com/kris7t)
		494	- dns support
447	Kunal Mehta (https://github.com/legoktm)	495	Kunal Mehta (https://github.com/legoktm)
448	- converted all links to https in manpages	496	- converted all links to https in manpages
449	laniakea64 (https://github.com/laniakea64)	497	laniakea64 (https://github.com/laniakea64)
@@ -456,12 +504,17 @@ LaurentGH (https://github.com/LaurentGH)
456	- allow private-bin parameters to be absolute paths	504	- allow private-bin parameters to be absolute paths
457	Loïc Damien (https://github.com/dzamlo)	505	Loïc Damien (https://github.com/dzamlo)
458	- small fixes	506	- small fixes
		507	Liorst4 (https://github.com/Liorst4)
		508	- Preserve CFLAGS given to configure in common.mk.in
		509	- fix emacs config to load as read-write
459	Lockdis (https://github.com/Lockdis)	510	Lockdis (https://github.com/Lockdis)
460	- Added crow, nyx, and google-earth-pro profiles	511	- Added crow, nyx, and google-earth-pro profiles
461	Lukáš Krejčí (https://github.com/lskrejci)	512	Lukáš Krejčí (https://github.com/lskrejci)
462	- fixed parsing of --keep-var-tmp	513	- fixed parsing of --keep-var-tmp
463	luzpaz (https://github.com/luzpaz)	514	luzpaz (https://github.com/luzpaz)
464	- code spelling fixes	515	- code spelling fixes
		516	Mace Muilman (https://github.com/mace015)
		517	- google-chrome{,beta,unstable} flags
465	maces (https://github.com/maces)	518	maces (https://github.com/maces)
466	- Franz messenger profile	519	- Franz messenger profile
467	Madura A (https://github.com/manushanga)	520	Madura A (https://github.com/manushanga)
@@ -486,6 +539,7 @@ Matthew Gyurgyik (https://github.com/pyther)
486	matu3ba (https://github.com/matu3ba)	539	matu3ba (https://github.com/matu3ba)
487	- evince hardening, dbus removed	540	- evince hardening, dbus removed
488	- fix dia profile	541	- fix dia profile
		542	- several template fixes
489	maxice8 (https://github.com/maxice8)	543	maxice8 (https://github.com/maxice8)
490	- fixed missing header	544	- fixed missing header
491	Melvin Vermeeren (https://github.com/melvinvermeeren)	545	Melvin Vermeeren (https://github.com/melvinvermeeren)
@@ -503,6 +557,8 @@ mustaqimM (https://github.com/mustaqimM)
503	- added profile for Nylas Mail	557	- added profile for Nylas Mail
504	n1trux (https://github.com/n1trux)	558	n1trux (https://github.com/n1trux)
505	- fix flashpeak-slimjet profile typos	559	- fix flashpeak-slimjet profile typos
		560	nblock (https://github.com/nblock)
		561	- cmus: allow access to resolv.conf
506	Nick Fox (https://github.com/njfox)	562	Nick Fox (https://github.com/njfox)
507	- add a profile alias for code-oss	563	- add a profile alias for code-oss
508	- add code-oss config directory	564	- add code-oss config directory
@@ -546,6 +602,8 @@ Peter Hogg (https://github.com/pigmonkey)
546	- bitlbee profile fixes	602	- bitlbee profile fixes
547	- mutt profile fixes	603	- mutt profile fixes
548	- fixes for youtube-dl in mpv profile	604	- fixes for youtube-dl in mpv profile
		605	Peter Sanford (https://github.com/psanford)
		606	- fix QtWebEngine in zoom
549	Petter Reinholdtsen (pere@hungry.com)	607	Petter Reinholdtsen (pere@hungry.com)
550	- Opera profile patch	608	- Opera profile patch
551	PharmaceuticalCobweb (https://github.com/PharmaceuticalCobweb)	609	PharmaceuticalCobweb (https://github.com/PharmaceuticalCobweb)
@@ -565,6 +623,8 @@ PizzaDude (https://github.com/pizzadude)
565	- added profile for torbrowser-launcher	623	- added profile for torbrowser-launcher
566	- added profile for sayonara and qmmp	624	- added profile for sayonara and qmmp
567	- remove tracelog from Firefox profile	625	- remove tracelog from Firefox profile
		626	polyzen (https://github.com/polyzen)
		627	- fixed wusc issue with mpv/Vulkan
568	probonopd (https://github.com/probonopd)	628	probonopd (https://github.com/probonopd)
569	- automatic build on Travis CI	629	- automatic build on Travis CI
570	pshpsh (https://github.com/pshpsh)	630	pshpsh (https://github.com/pshpsh)
@@ -579,6 +639,7 @@ Quentin Minster (https://github.com/laomaiweng)
579	- propagate --quiet to children Firejail'ed processes	639	- propagate --quiet to children Firejail'ed processes
580	- nodbus enhancements/bugfixes	640	- nodbus enhancements/bugfixes
581	- added vim syntax and ftdetect files	641	- added vim syntax and ftdetect files
		642	- Allow exec from /usr/libexec & co. with AppArmor
582	Rafael Cavalcanti (https://github.com/rccavalcanti)	643	Rafael Cavalcanti (https://github.com/rccavalcanti)
583	- chromium profile fixes for Arch Linux	644	- chromium profile fixes for Arch Linux
584	Rahiel Kasim (https://github.com/rahiel)	645	Rahiel Kasim (https://github.com/rahiel)
@@ -739,6 +800,7 @@ StelFux (https://github.com/StelFux)
739	- Fix youtube video in totem	800	- Fix youtube video in totem
740	the-antz (https://github.com/the-antz)	801	the-antz (https://github.com/the-antz)
741	- Fix libx265 encoding in ffmpeg profile	802	- Fix libx265 encoding in ffmpeg profile
		803	- Fix Firefox profile
742	- Profile tweaks	804	- Profile tweaks
743	thewisenerd (https://github.com/thewisenerd)	805	thewisenerd (https://github.com/thewisenerd)
744	- allow multiple private-home commands	806	- allow multiple private-home commands
@@ -859,4 +921,4 @@ Zack Weinberg (https://github.com/zackw)
859	with firejail --x11	921	with firejail --x11
860	- support for xpra-extra-params in firejail.config	922	- support for xpra-extra-params in firejail.config
861		923
862	Copyright (C) 2014-2019 Firejail Authors	924	Copyright (C) 2014-2020 Firejail Authors


diff --git a/RELNOTES b/RELNOTES index d31145c83..cd7c6f33b 100644 --- a/RELNOTES +++ b/RELNOTES
@@ -1,5 +1,4 @@
1	firejail (0.9.62.2) baseline; urgency=low	1	firejail (0.9.62.2) baseline; urgency=low
2	* work in progress
3	* patches from Debian (firejail 0.9.62-3, sid):	2	* patches from Debian (firejail 0.9.62-3, sid):
4	profile-fixes.patch, apparmor-include.patch	3	profile-fixes.patch, apparmor-include.patch
5	* patches from Debian (firejail 0.9.64-4, sid)	4	* patches from Debian (firejail 0.9.64-4, sid)
@@ -8,7 +7,8 @@ firejail (0.9.62.2) baseline; urgency=low
8	* patches from Debian (firejail 0.9.64-4, sid)	7	* patches from Debian (firejail 0.9.64-4, sid)
9	element-profile.patch, usrsharedoc.patch,	8	element-profile.patch, usrsharedoc.patch,
10	pathnames.patch, usr-share-firefox.patch	9	pathnames.patch, usr-share-firefox.patch
11	-- netblue30 <netblue30@yahoo.com> Fri, 7 Aug 2020 08:00:00 -0500	10	* additional hardening and bug fixes
		11	-- netblue30 <netblue30@yahoo.com> Fri, 10 Aug 2020 08:00:00 -0500
12		12
13	firejail (0.9.62) baseline; urgency=low	13	firejail (0.9.62) baseline; urgency=low
14	* added file-copy-limit in /etc/firejail/firejail.config	14	* added file-copy-limit in /etc/firejail/firejail.config


diff --git a/src/firejail/macros.c b/src/firejail/macros.c index ef64178b5..17ccbdff2 100644 --- a/src/firejail/macros.c +++ b/src/firejail/macros.c
@@ -300,13 +300,14 @@ void invalid_filename(const char *fname, int globbing) {
300	size_t i = 0;	300	size_t i = 0;
301	while (ptr[i] != '\0') {	301	while (ptr[i] != '\0') {
302	if (iscntrl((unsigned char) ptr[i])) {	302	if (iscntrl((unsigned char) ptr[i])) {
303	fprintf(stderr, "Error: \"%s\" is an invalid filename: no control characters allowed\n",	303	char *msg = fix_control_chars(fname);
304	fix_control_chars(fname));	304	fprintf(stderr, "Error: \"%s\" is an invalid filename: no control characters allowed\n", msg);
		305	free(msg);
305	exit(1);	306	exit(1);
306	}	307	}
307	i++;	308	i++;
308	}	309	}
309		310
310	char *reject;	311	char *reject;
311	if (globbing)	312	if (globbing)
312	reject = "\\&!\"'<>%^{};,"; // file globbing ('*?[]') is allowed	313	reject = "\\&!\"'<>%^{};,"; // file globbing ('*?[]') is allowed