fixes, closes, enhances, improvements, and so on

 - .github/ISSUE_TEMPLATE/bug_report.md: get ride off spanish,
   french, ... error messages
 - etc/inc/firefox-common-addons.inc: support ff2mpv
 - etc/profile-a-l/gimp.profile: note about xsane
 - etc/profile-m-z/min.profile: prettify
 - etc/profile-m-z/mpsyt.profile: fix, add lua
 - etc/profile-m-z/qbittorrent.profile: add note for tray-icons; this
   will get a better note once I investigated and audited all the D-Bus
   tray stuff.
 - etc/profile-m-z/transmission-daemon.profile: fix, add protocol packet

close #3686 - mps-youtube needs lua
close #3701 - Firefox native messaging regression in 0.9.62.4 -> 0.9.64rc1
close #3636 - transmission-daemon fills log with error
close #3640 - Gimp - add note how to enable scanning (xsane)
close #3707 - qBittorrent tray icon missing from notification panel when running it with firejail

9 files changed, 34 insertions, 4 deletions

diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md
index d36dd32e4..562d6b9e1 100644
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -36,6 +36,7 @@ Other context about the problem like related errors to understand the problem.
  - [ ] Programs needed for interaction are listed in the profile.
  - [ ] A short search for duplicates was performed.
  - [ ] If it is a AppImage, `--profile=PROFILENAME` is used to set the right profile.
+ - [ ] Used `LC_ALL=en_US.UTF-8 LANG=en_US.UTF-8 PROGRAM` to get english error-messages.
 
 
 <details><summary> debug output </summary>
diff --git a/README.md b/README.md
index 253c3ec10..cc50df2f7 100644
--- a/README.md
+++ b/README.md
@@ -194,4 +194,4 @@ Stats:
 
 ### New profiles:
 
-spectacle
+spectacle, chromium-browser-privacy
diff --git a/RELNOTES b/RELNOTES
index 18ea99c1f..3cdea6d9d 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -1,7 +1,7 @@
 firejail (0.9.65) baseline; urgency=low
   * allow --tmpfs inside $HOME for unprivileged users
   *  --disable-usertmpfs  compile time option
-  * new profiles: spectacle
+  * new profiles: spectacle, chromium-browser-privacy
  -- netblue30 <netblue30@yahoo.com>  Wed, 21 Oct 2020 09:00:00 -0500
 
 firejail (0.9.64) baseline; urgency=low
diff --git a/etc/inc/firefox-common-addons.inc b/etc/inc/firefox-common-addons.inc
index 11acb7b42..198941ac9 100644
--- a/etc/inc/firefox-common-addons.inc
+++ b/etc/inc/firefox-common-addons.inc
@@ -69,3 +69,20 @@ include allow-python3.inc
 # Flash plugin
 # private-etc must first be enabled in firefox-common.profile and in profiles including it.
 #private-etc adobe
+
+# ff2mpv
+#ignore noexec ${HOME}
+#noblacklist ${HOME}/.config/mpv
+#noblacklist ${HOME}/.config/youtube-dl
+#noblacklist ${HOME}/.netrc
+#include allow-lua.inc
+#include allow-python3.inc
+#mkdir ${HOME}/.config/mpv
+#mkdir ${HOME}/.config/youtube-dl
+#whitelist ${HOME}/.config/mpv
+#whitelist ${HOME}/.config/youtube-dl
+#whitelist ${HOME}/.netrc
+#whitelist /usr/share/lua
+#whitelist /usr/share/lua*
+#whitelist /usr/share/vulkan
+#private-bin env,mpv,python3*,waf,youtube-dl
diff --git a/etc/profile-a-l/gimp.profile b/etc/profile-a-l/gimp.profile
index 8093c0c39..ed27de7f5 100644
--- a/etc/profile-a-l/gimp.profile
+++ b/etc/profile-a-l/gimp.profile
@@ -6,6 +6,14 @@ include gimp.local
 # Persistent global definitions
 include globals.local
 
+# Uncomment or add to gimp.local in order to support scanning via xsane (see #3640).
+# TODO: Replace 'ignore seccomp' with a less permissive option.
+#ignore seccomp
+#ignore dbus-system
+#ignore net
+#protocol unix,inet,inet6
+
+
 # gimp plugins are installed by the user in ${HOME}/.gimp-2.8/plug-ins/ directory
 # if you are not using external plugins, you can comment 'ignore noexec' statement below
 # or put 'noexec ${HOME}' in your gimp.local
diff --git a/etc/profile-m-z/min.profile b/etc/profile-m-z/min.profile
index d297b209b..be85fdbc4 100644
--- a/etc/profile-m-z/min.profile
+++ b/etc/profile-m-z/min.profile
@@ -6,8 +6,7 @@ include min.local
 # Persistent global definitions
 include globals.local
 
-# Disable for now, see https://github.com/netblue30/firejail/pull/3688#issuecomment-718711565
-ignore whitelist /usr/share/chromium
+nowhitelist /usr/share/chromium
 
 noblacklist ${HOME}/.config/Min
 
diff --git a/etc/profile-m-z/mpsyt.profile b/etc/profile-m-z/mpsyt.profile
index addeeac44..414eaf312 100644
--- a/etc/profile-m-z/mpsyt.profile
+++ b/etc/profile-m-z/mpsyt.profile
@@ -13,6 +13,9 @@ noblacklist ${HOME}/.mplayer
 noblacklist ${HOME}/.netrc
 noblacklist ${HOME}/mps
 
+# Allow lua (blacklisted by disable-interpreters.inc)
+include allow-lua.inc
+
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
 include allow-python3.inc
diff --git a/etc/profile-m-z/qbittorrent.profile b/etc/profile-m-z/qbittorrent.profile
index 81ec1bc6b..2fb02aefc 100644
--- a/etc/profile-m-z/qbittorrent.profile
+++ b/etc/profile-m-z/qbittorrent.profile
@@ -56,6 +56,7 @@ private-dev
 # private-etc alternatives,ca-certificates,crypto-policies,fonts,pki,resolv.conf,ssl,X11,xdg
 private-tmp
 
+# See https://github.com/netblue30/firejail/issues/3707 for tray-icon
 dbus-user none
 dbus-system none
 
diff --git a/etc/profile-m-z/transmission-daemon.profile b/etc/profile-m-z/transmission-daemon.profile
index 363c685e0..8dbbfcc62 100644
--- a/etc/profile-m-z/transmission-daemon.profile
+++ b/etc/profile-m-z/transmission-daemon.profile
@@ -14,6 +14,7 @@ whitelist ${HOME}/.config/transmission-daemon
 whitelist /var/lib/transmission
 
 caps.keep ipc_lock,net_bind_service,setgid,setuid,sys_chroot
+protocol unix,inet,inet6,packet
 
 private-bin transmission-daemon
 private-etc alternatives,ca-certificates,crypto-policies,nsswitch.conf,pki,resolv.conf,ssl