Merge pull request #4748 from kmk3/readme-clarify-ubuntu

README.md: Mention security situation on Ubuntu and recommend PPA
author: netblue30 <netblue30@protonmail.com> 2021-12-08 17:40:12 +0000
committer: GitHub <noreply@github.com> 2021-12-08 17:40:12 +0000
commit: 7c7b47b4362a394737f95c5e6b29e38244d7f09d (patch)
tree: 14b7898d31de3f7b73a06a039dc86714baa8197f
parent: updates (diff)
parent: README.md: Mention security situation on Ubuntu and recommend PPA (diff)
download: firejail-7c7b47b4362a394737f95c5e6b29e38244d7f09d.tar.gz
firejail-7c7b47b4362a394737f95c5e6b29e38244d7f09d.tar.zst
firejail-7c7b47b4362a394737f95c5e6b29e38244d7f09d.zip
1 files changed, 42 insertions, 2 deletions
diff --git a/README.md b/README.md
index 4e40e1a32..6cd1f761f 100644
--- a/README.md
+++ b/README.md
@@ -94,9 +94,49 @@ https://unparalleled.eu/blog/2021/20210208-rigged-race-against-firejail-for-loca
 ## Installing
-Try installing Firejail from your system packages first. Firejail is included in Alpine, ALT Linux, Arch, Artix, Chakra, Debian, Deepin, Devuan, Fedora, Gentoo, Manjaro, Mint, NixOS, Parabola, Parrot, PCLinuxOS, ROSA, Solus, Slackware/SlackBuilds, Trisquel, Ubuntu, Void and possibly others.
+### Debian
-The firejail 0.9.52-LTS version is deprecated. On Ubuntu 18.04 LTS users are advised to use the [PPA](https://launchpad.net/~deki/+archive/ubuntu/firejail). On Debian stable (bullseye) we recommend to use the [backports](https://packages.debian.org/bullseye-backports/firejail) package.
+Debian stable (bullseye): We recommend to use the [backports](https://packages.debian.org/bullseye-backports/firejail) package.
+### Ubuntu
+For Ubuntu 18.04+ and derivatives (such as Linux Mint), users are **strongly advised** to use the [PPA](https://launchpad.net/~deki/+archive/ubuntu/firejail).
+How to add and install from the PPA:
+```sh
+sudo add-apt-repository ppa:deki/firejail
+sudo apt-get update
+sudo apt-get install firejail firejail-profiles
+```
+Reason: The firejail package for Ubuntu 20.04 has been left vulnerable to CVE-2021-26910 for months after a patch for it was posted on Launchpad:
+* [firejail version in Ubuntu 20.04 LTS is vulnerable to CVE-2021-26910](https://bugs.launchpad.net/ubuntu/+source/firejail/+bug/1916767)
+See also <https://wiki.ubuntu.com/SecurityTeam/FAQ>:
+> What software is supported by the Ubuntu Security team?
+>
+> Ubuntu is currently divided into four components: main, restricted, universe
+> and multiverse. All binary packages in main and restricted are supported by
+> the Ubuntu Security team for the life of an Ubuntu release, while binary
+> packages in universe and multiverse are supported by the Ubuntu community.
+Additionally, the PPA version is likely to be more recent and to contain more profile fixes.
+See the following discussions for details:
+* [Should I keep using the version of firejail available in my distro repos?](https://github.com/netblue30/firejail/discussions/4666)
+* [How to install the latest version on Ubuntu and derivatives](https://github.com/netblue30/firejail/discussions/4663)
+### Other
+Try installing Firejail from your distribution.
+Firejail is included in Alpine, ALT Linux, Arch, Artix, Chakra, Debian, Deepin, Devuan, Fedora, Gentoo, Manjaro, Mint, NixOS, Parabola, Parrot, PCLinuxOS, ROSA, Solus, Slackware/SlackBuilds, Trisquel, Ubuntu, Void and possibly others.
+Note: The firejail 0.9.52-LTS version is deprecated.
 You can also install one of the [released packages](http://sourceforge.net/projects/firejail/files/firejail), or clone Firejail’s source code from our Git repository and compile manually:
author	netblue30 <netblue30@protonmail.com>	2021-12-08 17:40:12 +0000
committer	GitHub <noreply@github.com>	2021-12-08 17:40:12 +0000
commit	7c7b47b4362a394737f95c5e6b29e38244d7f09d (patch)
tree	14b7898d31de3f7b73a06a039dc86714baa8197f
parent	updates (diff)
parent	README.md: Mention security situation on Ubuntu and recommend PPA (diff)
download	firejail-7c7b47b4362a394737f95c5e6b29e38244d7f09d.tar.gz firejail-7c7b47b4362a394737f95c5e6b29e38244d7f09d.tar.zst firejail-7c7b47b4362a394737f95c5e6b29e38244d7f09d.zip

diff --git a/README.md b/README.md index 4e40e1a32..6cd1f761f 100644 --- a/README.md +++ b/README.md
@@ -94,9 +94,49 @@ https://unparalleled.eu/blog/2021/20210208-rigged-race-against-firejail-for-loca
94		94
95	## Installing	95	## Installing
96		96
97	Try installing Firejail from your system packages first. Firejail is included in Alpine, ALT Linux, Arch, Artix, Chakra, Debian, Deepin, Devuan, Fedora, Gentoo, Manjaro, Mint, NixOS, Parabola, Parrot, PCLinuxOS, ROSA, Solus, Slackware/SlackBuilds, Trisquel, Ubuntu, Void and possibly others.	97	### Debian
98		98
99	The firejail 0.9.52-LTS version is deprecated. On Ubuntu 18.04 LTS users are advised to use the [PPA](https://launchpad.net/~deki/+archive/ubuntu/firejail). On Debian stable (bullseye) we recommend to use the [backports](https://packages.debian.org/bullseye-backports/firejail) package.	99	Debian stable (bullseye): We recommend to use the [backports](https://packages.debian.org/bullseye-backports/firejail) package.
		100
		101	### Ubuntu
		102
		103	For Ubuntu 18.04+ and derivatives (such as Linux Mint), users are strongly advised to use the [PPA](https://launchpad.net/~deki/+archive/ubuntu/firejail).
		104
		105	How to add and install from the PPA:
		106
		107	```sh
		108	sudo add-apt-repository ppa:deki/firejail
		109	sudo apt-get update
		110	sudo apt-get install firejail firejail-profiles
		111	```
		112
		113	Reason: The firejail package for Ubuntu 20.04 has been left vulnerable to CVE-2021-26910 for months after a patch for it was posted on Launchpad:
		114
		115	* [firejail version in Ubuntu 20.04 LTS is vulnerable to CVE-2021-26910](https://bugs.launchpad.net/ubuntu/+source/firejail/+bug/1916767)
		116
		117	See also <https://wiki.ubuntu.com/SecurityTeam/FAQ>:
		118
		119	> What software is supported by the Ubuntu Security team?
		120	>
		121	> Ubuntu is currently divided into four components: main, restricted, universe
		122	> and multiverse. All binary packages in main and restricted are supported by
		123	> the Ubuntu Security team for the life of an Ubuntu release, while binary
		124	> packages in universe and multiverse are supported by the Ubuntu community.
		125
		126	Additionally, the PPA version is likely to be more recent and to contain more profile fixes.
		127
		128	See the following discussions for details:
		129
		130	* [Should I keep using the version of firejail available in my distro repos?](https://github.com/netblue30/firejail/discussions/4666)
		131	* [How to install the latest version on Ubuntu and derivatives](https://github.com/netblue30/firejail/discussions/4663)
		132
		133	### Other
		134
		135	Try installing Firejail from your distribution.
		136
		137	Firejail is included in Alpine, ALT Linux, Arch, Artix, Chakra, Debian, Deepin, Devuan, Fedora, Gentoo, Manjaro, Mint, NixOS, Parabola, Parrot, PCLinuxOS, ROSA, Solus, Slackware/SlackBuilds, Trisquel, Ubuntu, Void and possibly others.
		138
		139	Note: The firejail 0.9.52-LTS version is deprecated.
100		140
101	You can also install one of the [released packages](http://sourceforge.net/projects/firejail/files/firejail), or clone Firejail’s source code from our Git repository and compile manually:	141	You can also install one of the [released packages](http://sourceforge.net/projects/firejail/files/firejail), or clone Firejail’s source code from our Git repository and compile manually:
102		142