diff options
| author |  netblue30 <netblue30@yahoo.com> | 2016-10-21 09:44:58 -0400 |
|---|---|---|
| committer | netblue30 <netblue30@yahoo.com> | 2016-10-21 09:44:58 -0400 |
| commit | 981ba13ec0b8a88f79b128a09b36bc1474c0f0a1 (patch) | |
| tree | c6f4634dc32a6c461f1ad997cc56680058b98d7e | |
| parent | Merge pull request #867 from manevich/misc (diff) | |
| download | firejail-981ba13ec0b8a88f79b128a09b36bc1474c0f0a1.tar.gz firejail-981ba13ec0b8a88f79b128a09b36bc1474c0f0a1.tar.zst firejail-981ba13ec0b8a88f79b128a09b36bc1474c0f0a1.zip | |
0.9.44 testing
| -rw-r--r-- | RELNOTES | 7 | ||||
| -rwxr-xr-x | configure | 18 | ||||
| -rw-r--r-- | configure.ac | 2 | ||||
| -rw-r--r-- | src/firejail/main.c | 1 | ||||
| -rw-r--r-- | src/man/firejail-login.txt | 4 |
5 files changed, 18 insertions, 14 deletions
| @@ -1,6 +1,5 @@ | |||
| 1 | firejail (0.9.44~rc1) baseline; urgency=low | 1 | firejail (0.9.44) baseline; urgency=low |
| 2 | * CVE-2016-7545 submitted by Aleksey Manevich | 2 | * CVE-2016-7545 submitted by Aleksey Manevich |
| 3 | * development version | ||
| 4 | * modifs: removed man firejail-config | 3 | * modifs: removed man firejail-config |
| 5 | * modifs: --private-tmp whitelists /tmp/.X11-unix directory | 4 | * modifs: --private-tmp whitelists /tmp/.X11-unix directory |
| 6 | * modifs: Nvidia drivers added to --private-dev | 5 | * modifs: Nvidia drivers added to --private-dev |
| @@ -18,12 +17,14 @@ firejail (0.9.44~rc1) baseline; urgency=low | |||
| 18 | * feature: disable 3D hardware acceleration (--no3d) | 17 | * feature: disable 3D hardware acceleration (--no3d) |
| 19 | * feature: x11 xpra, x11 xephyr, x11 block, allusers, no3d profile commands | 18 | * feature: x11 xpra, x11 xephyr, x11 block, allusers, no3d profile commands |
| 20 | * feature: move files in sandbox (--put) | 19 | * feature: move files in sandbox (--put) |
| 20 | * feature: accept wildcard patterns in user name field of restricted | ||
| 21 | shell login feature | ||
| 21 | * new profiles: qpdfview, mupdf, Luminance HDR, Synfig Studio, Gimp, Inkscape | 22 | * new profiles: qpdfview, mupdf, Luminance HDR, Synfig Studio, Gimp, Inkscape |
| 22 | * new profiles: feh, ranger, zathura, 7z, keepass, keepassx, | 23 | * new profiles: feh, ranger, zathura, 7z, keepass, keepassx, |
| 23 | * new profiles: claws-mail, mutt, git, emacs, vim, xpdf, VirtualBox, OpenShot | 24 | * new profiles: claws-mail, mutt, git, emacs, vim, xpdf, VirtualBox, OpenShot |
| 24 | * new profiles: Flowblade, Eye of GNOME (eog), Evolution | 25 | * new profiles: Flowblade, Eye of GNOME (eog), Evolution |
| 25 | * bugfixes | 26 | * bugfixes |
| 26 | -- netblue30 <netblue30@yahoo.com> Sat, 15 Sept 2016 08:00:00 -0500 | 27 | -- netblue30 <netblue30@yahoo.com> Fri, 21 Oct 2016 08:00:00 -0500 |
| 27 | 28 | ||
| 28 | firejail (0.9.42) baseline; urgency=low | 29 | firejail (0.9.42) baseline; urgency=low |
| 29 | * security: --whitelist deleted files, submitted by Vasya Novikov | 30 | * security: --whitelist deleted files, submitted by Vasya Novikov |
| @@ -1,6 +1,6 @@ | |||
| 1 | #! /bin/sh | 1 | #! /bin/sh |
| 2 | # Guess values for system-dependent variables and create Makefiles. | 2 | # Guess values for system-dependent variables and create Makefiles. |
| 3 | # Generated by GNU Autoconf 2.69 for firejail 0.9.44~rc2. | 3 | # Generated by GNU Autoconf 2.69 for firejail 0.9.44. |
| 4 | # | 4 | # |
| 5 | # Report bugs to <netblue30@yahoo.com>. | 5 | # Report bugs to <netblue30@yahoo.com>. |
| 6 | # | 6 | # |
| @@ -580,8 +580,8 @@ MAKEFLAGS= | |||
| 580 | # Identity of this package. | 580 | # Identity of this package. |
| 581 | PACKAGE_NAME='firejail' | 581 | PACKAGE_NAME='firejail' |
| 582 | PACKAGE_TARNAME='firejail' | 582 | PACKAGE_TARNAME='firejail' |
| 583 | PACKAGE_VERSION='0.9.44~rc2' | 583 | PACKAGE_VERSION='0.9.44' |
| 584 | PACKAGE_STRING='firejail 0.9.44~rc2' | 584 | PACKAGE_STRING='firejail 0.9.44' |
| 585 | PACKAGE_BUGREPORT='netblue30@yahoo.com' | 585 | PACKAGE_BUGREPORT='netblue30@yahoo.com' |
| 586 | PACKAGE_URL='http://firejail.wordpress.com' | 586 | PACKAGE_URL='http://firejail.wordpress.com' |
| 587 | 587 | ||
| @@ -1259,7 +1259,7 @@ if test "$ac_init_help" = "long"; then | |||
| 1259 | # Omit some internal or obsolete options to make the list less imposing. | 1259 | # Omit some internal or obsolete options to make the list less imposing. |
| 1260 | # This message is too long to be a string in the A/UX 3.1 sh. | 1260 | # This message is too long to be a string in the A/UX 3.1 sh. |
| 1261 | cat <<_ACEOF | 1261 | cat <<_ACEOF |
| 1262 | \`configure' configures firejail 0.9.44~rc2 to adapt to many kinds of systems. | 1262 | \`configure' configures firejail 0.9.44 to adapt to many kinds of systems. |
| 1263 | 1263 | ||
| 1264 | Usage: $0 [OPTION]... [VAR=VALUE]... | 1264 | Usage: $0 [OPTION]... [VAR=VALUE]... |
| 1265 | 1265 | ||
| @@ -1320,7 +1320,7 @@ fi | |||
| 1320 | 1320 | ||
| 1321 | if test -n "$ac_init_help"; then | 1321 | if test -n "$ac_init_help"; then |
| 1322 | case $ac_init_help in | 1322 | case $ac_init_help in |
| 1323 | short | recursive ) echo "Configuration of firejail 0.9.44~rc2:";; | 1323 | short | recursive ) echo "Configuration of firejail 0.9.44:";; |
| 1324 | esac | 1324 | esac |
| 1325 | cat <<\_ACEOF | 1325 | cat <<\_ACEOF |
| 1326 | 1326 | ||
| @@ -1424,7 +1424,7 @@ fi | |||
| 1424 | test -n "$ac_init_help" && exit $ac_status | 1424 | test -n "$ac_init_help" && exit $ac_status |
| 1425 | if $ac_init_version; then | 1425 | if $ac_init_version; then |
| 1426 | cat <<\_ACEOF | 1426 | cat <<\_ACEOF |
| 1427 | firejail configure 0.9.44~rc2 | 1427 | firejail configure 0.9.44 |
| 1428 | generated by GNU Autoconf 2.69 | 1428 | generated by GNU Autoconf 2.69 |
| 1429 | 1429 | ||
| 1430 | Copyright (C) 2012 Free Software Foundation, Inc. | 1430 | Copyright (C) 2012 Free Software Foundation, Inc. |
| @@ -1726,7 +1726,7 @@ cat >config.log <<_ACEOF | |||
| 1726 | This file contains any messages produced by compilers while | 1726 | This file contains any messages produced by compilers while |
| 1727 | running configure, to aid debugging if configure makes a mistake. | 1727 | running configure, to aid debugging if configure makes a mistake. |
| 1728 | 1728 | ||
| 1729 | It was created by firejail $as_me 0.9.44~rc2, which was | 1729 | It was created by firejail $as_me 0.9.44, which was |
| 1730 | generated by GNU Autoconf 2.69. Invocation command line was | 1730 | generated by GNU Autoconf 2.69. Invocation command line was |
| 1731 | 1731 | ||
| 1732 | $ $0 $@ | 1732 | $ $0 $@ |
| @@ -4303,7 +4303,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 | |||
| 4303 | # report actual input values of CONFIG_FILES etc. instead of their | 4303 | # report actual input values of CONFIG_FILES etc. instead of their |
| 4304 | # values after options handling. | 4304 | # values after options handling. |
| 4305 | ac_log=" | 4305 | ac_log=" |
| 4306 | This file was extended by firejail $as_me 0.9.44~rc2, which was | 4306 | This file was extended by firejail $as_me 0.9.44, which was |
| 4307 | generated by GNU Autoconf 2.69. Invocation command line was | 4307 | generated by GNU Autoconf 2.69. Invocation command line was |
| 4308 | 4308 | ||
| 4309 | CONFIG_FILES = $CONFIG_FILES | 4309 | CONFIG_FILES = $CONFIG_FILES |
| @@ -4357,7 +4357,7 @@ _ACEOF | |||
| 4357 | cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 | 4357 | cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 |
| 4358 | ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" | 4358 | ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" |
| 4359 | ac_cs_version="\\ | 4359 | ac_cs_version="\\ |
| 4360 | firejail config.status 0.9.44~rc2 | 4360 | firejail config.status 0.9.44 |
| 4361 | configured by $0, generated by GNU Autoconf 2.69, | 4361 | configured by $0, generated by GNU Autoconf 2.69, |
| 4362 | with options \\"\$ac_cs_config\\" | 4362 | with options \\"\$ac_cs_config\\" |
| 4363 | 4363 | ||
diff --git a/configure.ac b/configure.ac index 4496550fd..da4b31591 100644 --- a/configure.ac +++ b/configure.ac | |||
| @@ -1,5 +1,5 @@ | |||
| 1 | AC_PREREQ([2.68]) | 1 | AC_PREREQ([2.68]) |
| 2 | AC_INIT(firejail, 0.9.44~rc2, netblue30@yahoo.com, , http://firejail.wordpress.com) | 2 | AC_INIT(firejail, 0.9.44, netblue30@yahoo.com, , http://firejail.wordpress.com) |
| 3 | AC_CONFIG_SRCDIR([src/firejail/main.c]) | 3 | AC_CONFIG_SRCDIR([src/firejail/main.c]) |
| 4 | #AC_CONFIG_HEADERS([config.h]) | 4 | #AC_CONFIG_HEADERS([config.h]) |
| 5 | 5 | ||
diff --git a/src/firejail/main.c b/src/firejail/main.c index 0872a11bb..b5a97c71e 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
| @@ -2579,7 +2579,6 @@ int main(int argc, char **argv) { | |||
| 2579 | g = get_group_id("games"); | 2579 | g = get_group_id("games"); |
| 2580 | if (g) { | 2580 | if (g) { |
| 2581 | sprintf(ptr, "%d %d 1\n", g, g); | 2581 | sprintf(ptr, "%d %d 1\n", g, g); |
| 2582 | ptr += strlen(ptr); | ||
| 2583 | } | 2582 | } |
| 2584 | 2583 | ||
| 2585 | EUID_ROOT(); | 2584 | EUID_ROOT(); |
diff --git a/src/man/firejail-login.txt b/src/man/firejail-login.txt index 691217253..796179d0b 100644 --- a/src/man/firejail-login.txt +++ b/src/man/firejail-login.txt | |||
| @@ -13,6 +13,10 @@ Example: | |||
| 13 | 13 | ||
| 14 | netblue:--net=none --protocol=unix | 14 | netblue:--net=none --protocol=unix |
| 15 | 15 | ||
| 16 | Wildcard patterns are accepted in the user name field: | ||
| 17 | |||
| 18 | user*: --private | ||
| 19 | |||
| 16 | .SH RESTRICTED SHELL | 20 | .SH RESTRICTED SHELL |
| 17 | To configure a restricted shell, replace /bin/bash with /usr/bin/firejail in | 21 | To configure a restricted shell, replace /bin/bash with /usr/bin/firejail in |
| 18 | /etc/passwd file for each user that needs to be restricted. Alternatively, | 22 | /etc/passwd file for each user that needs to be restricted. Alternatively, |