diff options
author | netblue30 <netblue30@yahoo.com> | 2018-10-03 07:54:53 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2018-10-03 07:54:53 -0400 |
commit | 68819975d8af11337c5462d880eb4a48dd09eb4b (patch) | |
tree | e4b31b261ffbc5ffb7cf8ad3ea2443cc6727b9f5 /RELNOTES | |
parent | building debian apparmror packages (diff) | |
download | firejail-68819975d8af11337c5462d880eb4a48dd09eb4b.tar.gz firejail-68819975d8af11337c5462d880eb4a48dd09eb4b.tar.zst firejail-68819975d8af11337c5462d880eb4a48dd09eb4b.zip |
fixes
Diffstat (limited to 'RELNOTES')
-rw-r--r-- | RELNOTES | 788 |
1 files changed, 14 insertions, 774 deletions
@@ -1,775 +1,15 @@ | |||
1 | firejail (0.9.56~rc1) baseline; urgency=low | 1 | firejail (0.9.56-LTS~rc1) baseline; urgency=low |
2 | * work in progress | 2 | * code based on Firejail version 0.9.56 |
3 | * modif: removed CFG_CHROOT_DESKTOP configuration option | 3 | * much smaller code base for SUID executable |
4 | * modif: removed compile time --enable-network=restricted | 4 | * command line options removed: |
5 | * modif: --net=none allowed even if networking was disabled at compile | 5 | --audit, --build, --cgroup, --chroot, --get, --ls, --output, |
6 | time or at run time | 6 | --output-stderr, --overlay, --overlay-named, --overlay-tmpfs, |
7 | * support wireless devices in --net option | 7 | --overlay-clean, --private-home, --private-bin, --private-etc, |
8 | * support tap devices in --net option (tunneling support) | 8 | --private-opt, --private-srv, --put, --rlimit*, --trace, --tracelog, |
9 | * allow IP address configuration if the parent interface specified | 9 | --x11*, --xephyr* |
10 | by --net is not configured (--netmask) | 10 | * compile-time options: --enable-apparmor, --disable-seccomp, |
11 | * disable U2F devices (--nou2f) | 11 | --disable-globalcfg, --disable-network, --disable-userns, |
12 | * add --private-cache to support private ~/.cache | 12 | --disable-whitelist, --disable-suid, --enable-fatal-warnings, |
13 | * support full paths in private-lib | 13 | --enable-busybox-workaround |
14 | * globbing support in private-lib | 14 | -- netblue30 <netblue30@yahoo.com> Wed, 3 Oct 2018 08:00:00 -0500 |
15 | * new profiles: ms-excel, ms-office, ms-onenote, ms-outlook, ms-powerpoint, | ||
16 | * new profiles: ms-skype, ms-word, riot-desktop, gnome-mpv, snox, gradio, | ||
17 | * new profiles: standardnotes-desktop, shellcheck, patch, flameshot, | ||
18 | * new profiles: rview, rvim, vimcat, vimdiff, vimpager, vimtutor, xxd, | ||
19 | * new profiles: Beaker, electrum | ||
20 | -- netblue30 <netblue30@yahoo.com> Sat, 11 Aug 2018 08:00:00 -0500 | ||
21 | 15 | ||
22 | firejail (0.9.54) baseline; urgency=low | ||
23 | * modif: --force removed | ||
24 | * modif: --csh, --zsh removed | ||
25 | * modif: --debug-check-filename removed | ||
26 | * modif: --git-install and --git-uninstall removed | ||
27 | * modif: support for private-bin, private-lib and shell none has been | ||
28 | disabled while running AppImage archives in order to be able to use | ||
29 | our regular profile files with AppImages. | ||
30 | * modif: restrictions for /proc, /sys and /run/user directories | ||
31 | are moved from AppArmor profile into firejail executable | ||
32 | * modif: unifying Chromium and Firefox browsers profiles. | ||
33 | All users of Firefox-based browsers who use addons and plugins | ||
34 | that read/write from ${HOME} will need to uncomment the includes for | ||
35 | firefox-common-addons.inc in firefox-common.profile. | ||
36 | * modif: split disable-devel.inc into disable-devel and | ||
37 | disable-interpreters.inc | ||
38 | * Firejail user access database (/etc/firejail/firejail.users, | ||
39 | man firejail-users) | ||
40 | * add --noautopulse to disable automatic ~/.config/pulse (for complex setups) | ||
41 | * Spectre mitigation patch for gcc and clang compiler | ||
42 | * D-Bus handling (--nodbus) | ||
43 | * AppArmor support for overlayfs and chroot sandboxes | ||
44 | * AppArmor support for AppImages | ||
45 | * Enable AppArmor by default for a large number of programs | ||
46 | * firejail --apparmor.print option | ||
47 | * firemon --apparmor option | ||
48 | * apparmor yes/no flag in /etc/firejail/firejail.config | ||
49 | * seccomp syscall list update for glibc 2.26-10 | ||
50 | * seccomp disassembler for --seccomp.print option | ||
51 | * seccomp machine code optimizer for default seccomp filters | ||
52 | * IPv6 DNS support | ||
53 | * whitelist support for overlay and chroot sandboxes | ||
54 | * private-dev support for overlay and chroot sandboxes | ||
55 | * private-tmp support for overlay and chroot sandboxes | ||
56 | * added sandbox name support in firemon | ||
57 | * firemon/prctl enhancements | ||
58 | * noblacklist support for /sys/module directory | ||
59 | * whitelist support for /sys/module directory | ||
60 | * new profiles: basilisk, Tor Browser language packs, PlayOnLinux, sylpheed, | ||
61 | * new profiles: discord-canary, pycharm-community, pycharm-professional, | ||
62 | * new profiles: pdfchain, tilp, vivaldi-snapshot, bitcoin-qt, kaffeine, | ||
63 | * new profiles: falkon, gnome-builder, asunder, VS Code, gnome-recipes, | ||
64 | * new profiles: akonadi_controle, evince-previewer, evince-thumbnailer, | ||
65 | * new profiles: blender-2.8, thunderbird-beta, ncdu, gnome-logs, gcloud, | ||
66 | * new profiles: musixmatch, gunzip, bunzip2, enchant-lsmod, enchant-lsmod-2, | ||
67 | * new profiles: enchant, enchant-2, Discord, acat, adiff, als, apack, | ||
68 | * new profiles: arepack, aunpack profiles, ppsspp, scallion, clion, | ||
69 | * new profiles: baloo_filemetadata_temp_extractor, AnyDesk, webstorm, xmind, | ||
70 | * new profiles: qmmp, sayonara | ||
71 | -- netblue30 <netblue30@yahoo.com> Wed, 16 May 2018 08:00:00 -0500 | ||
72 | |||
73 | firejail (0.9.52) baseline; urgency=low | ||
74 | * modif: --allow-private-blacklists was deprecated; blacklisting, | ||
75 | read-only, read-write, tmpfs and noexec are allowed in | ||
76 | private home directories | ||
77 | * modif: remount-proc-sys deprecated from firejail.config | ||
78 | * modif: follow-symlink-private-bin deprecated from firejail.config | ||
79 | * modif: --profile-path was deprecated | ||
80 | * enhancement: support Firejail user config directory in firecfg | ||
81 | * enhancement: disable DBus activation in firecfg | ||
82 | * enhancement; enumerate root directories in apparmor profile | ||
83 | * enhancement: /etc and /usr/share whitelisting support | ||
84 | * enhancement: globbing support for --private-bin | ||
85 | * feature: systemd-resolved integration | ||
86 | * feature: whitelisting /var directory in most profiles | ||
87 | * feature: GTK2, GTK3 and Qt4 private-lib support | ||
88 | * feature: --debug-private-lib | ||
89 | * feature: test deployment of private-lib for the following | ||
90 | applications: evince, galculator, gnome-calculator, | ||
91 | leafpad, mousepad, transmission-gtk, xcalc, xmr-stak-cpu, | ||
92 | atril, mate-color-select, tar, file, strings, gpicview, | ||
93 | eom, eog, gedit, pluma | ||
94 | * feature: --writable-run-user | ||
95 | * feature: --rlimit-as | ||
96 | * feature: --rlimit-cpu | ||
97 | * feature: --timeout | ||
98 | * feature: profile build tool (--build) | ||
99 | * feature: --netfilter.print | ||
100 | * feature: --netfilter6.print | ||
101 | * feature: netfilter template support | ||
102 | * new profiles: upstreamed many profiles from the following sources: | ||
103 | https://github.com/chiraag-nataraj/firejail-profiles, | ||
104 | https://github.com/nyancat18/fe, | ||
105 | https://aur.archlinux.org/packages/firejail-profiles. | ||
106 | * new profiles: terasology, surf, rocketchat, clamscan, clamdscan, | ||
107 | clamdtop, freshclam, xmr-stak-cpu, amule, ardour4, ardour5, | ||
108 | brackets, calligra, calligraauthor, calligraconverter, calligraflow, | ||
109 | calligraplan, calligraplanwork, calligrasheets, calligrastage, | ||
110 | calligrawords, cin, dooble, dooble-qt4, fetchmail, freecad, freecadcmd, | ||
111 | google-earth,imagej, karbon, kdenlive, krita, linphone, lmms, macrofusion, | ||
112 | mpd, natron, Natron, ricochet, shotcut, teamspeak3, tor, tor-browser-en, | ||
113 | Viber, x-terminal-emulator, zart, conky, arch-audit, ffmpeg, bluefish, | ||
114 | cinelerra, openshot-qt, pinta, uefitool, aosp, pdfmod, gnome-ring, | ||
115 | xcalc, zaproxy, kopete, cliqz, signal-desktop, kget, nheko, Enpass, | ||
116 | kwin_x11, krunner, ping, bsdtar, makepkg (Arch), archaudit-report | ||
117 | cower (Arch), kdeinit4 | ||
118 | -- netblue30 <netblue30@yahoo.com> Thu, 7 Dec 2017 08:00:00 -0500 | ||
119 | |||
120 | firejail (0.9.50) baseline; urgency=low | ||
121 | * modif: --output split in two commands, --output and --output-stderr | ||
122 | * feature: per-profile disable-mnt (--disable-mnt) | ||
123 | * feature: per-profile support to set X11 Xephyr screen size (--xephyr-screen) | ||
124 | * feature: private /lib directory (--private-lib) | ||
125 | * feature: disable CDROM/DVD drive (--nodvd) | ||
126 | * feature: disable DVB devices (--notv) | ||
127 | * feature: --profile.print | ||
128 | * enhancement: print all seccomp filters under --debug | ||
129 | * enhancement: /proc/sys mounting | ||
130 | * enhancement: rework IP address assingment for --net options | ||
131 | * enhancement: support for newer Xpra versions (2.1+) - | ||
132 | set xpra-attach yes in /etc/firejail/firejail.config | ||
133 | * enhancement: all profiles use a standard layout style | ||
134 | * enhancement: create /usr/local for firecfg if the directory doesn't exist | ||
135 | * enhancement: allow full paths in --private-bin | ||
136 | * seccomp feature: --memory-deny-write-execute | ||
137 | * seccomp feature: seccomp post-exec | ||
138 | * seccomp feature: block secondary architecture (--seccomp.block_secondary) | ||
139 | * seccomp feature: seccomp syscall groups | ||
140 | * seccomp enhancement: print all seccomp filters under --debug | ||
141 | * seccomp enhancement: default seccomp list update | ||
142 | * new profiles: curl, mplayer2, SMPlayer, Calibre, ebook-viewer, KWrite, | ||
143 | * new profiles: Geary, Liferea, peek, silentarmy, IntelliJ IDEA, | ||
144 | * new profiles: Android Studio, electron, riot-web, Extreme Tux Racer, | ||
145 | * new profiles: Frozen Bubble, Open Invaders, Pingus, Simutrans, SuperTux | ||
146 | * new profiles: telegram-desktop, arm, rambox, apktool, baobab, dex2jar, gitg, | ||
147 | * new profiles: hashcat, obs, picard, remmina, sdat2img, soundconverter | ||
148 | * new profiles: truecraft, gnome-twitch, tuxguitar, musescore, neverball | ||
149 | * new profiles: sqlitebrowse, Yandex Browser, minetest | ||
150 | * bugfixes | ||
151 | -- netblue30 <netblue30@yahoo.com> Sat, 30 Sep 2017 08:00:00 -0500 | ||
152 | |||
153 | firejail (0.9.50~rc1) baseline; urgency=low | ||
154 | * release pending! | ||
155 | * modif: --output split in two commands, --output and --output-stderr | ||
156 | * feature: per-profile disable-mnt (--disable-mnt) | ||
157 | * feature: per-profile support to set X11 Xephyr screen size (--xephyr-screen) | ||
158 | * feature: private /lib directory (--private-lib) | ||
159 | * feature: disable CDROM/DVD drive (--nodvd) | ||
160 | * feature: disable DVB devices (--notv) | ||
161 | * feature: --profile.print | ||
162 | * enhancement: print all seccomp filters under --debug | ||
163 | * enhancement: /proc/sys mounting | ||
164 | * enhancement: rework IP address assingment for --net options | ||
165 | * enhancement: support for newer Xpra versions (2.1+) - | ||
166 | set xpra-attach yes in /etc/firejail/firejail.config | ||
167 | * enhancement: all profiles use a standard layout style | ||
168 | * enhancement: create /usr/local for firecfg if the directory doesn't exist | ||
169 | * enhancement: allow full paths in --private-bin | ||
170 | * seccomp feature: --memory-deny-write-execute | ||
171 | * seccomp feature: seccomp post-exec | ||
172 | * seccomp feature: block secondary architecture (--seccomp.block_secondary) | ||
173 | * seccomp feature: seccomp syscall groups | ||
174 | * seccomp enhancement: print all seccomp filters under --debug | ||
175 | * seccomp enhancement: default seccomp list update | ||
176 | * new profiles: curl, mplayer2, SMPlayer, Calibre, ebook-viewer, KWrite, | ||
177 | * new profiles: Geary, Liferea, peek, silentarmy, IntelliJ IDEA, | ||
178 | * new profiles: Android Studio, electron, riot-web, Extreme Tux Racer, | ||
179 | * new profiles: Frozen Bubble, Open Invaders, Pingus, Simutrans, SuperTux | ||
180 | * new profiles: telegram-desktop, arm, rambox, apktool, baobab, dex2jar, gitg, | ||
181 | * new profiles: hashcat, obs, picard, remmina, sdat2img, soundconverter | ||
182 | * new profiles: truecraft, gnome-twitch, tuxguitar, musescore, neverball | ||
183 | * new profiles: sqlitebrowse, Yandex Browser, minetest | ||
184 | * bugfixes | ||
185 | -- netblue30 <netblue30@yahoo.com> Mon, 12 Jun 2017 20:00:00 -0500 | ||
186 | |||
187 | firejail (0.9.48) baseline; urgency=low | ||
188 | * modifs: whitelisted Transmission, Deluge, qBitTorrent, KTorrent; | ||
189 | please use ~/Downloads directory for saving files | ||
190 | * modifs: AppArmor made optional; a warning is printed on the screen | ||
191 | if the sandbox fails to load the AppArmor profile | ||
192 | * feature: --novideo | ||
193 | * feature: drop discretionary access control capabilities for | ||
194 | root sandboxes | ||
195 | * feature: added /etc/firejail/globals.local for global customizations | ||
196 | * feature: profile support in overlayfs mode | ||
197 | * new profiles: vym, darktable, Waterfox, digiKam, Catfish, HandBrake | ||
198 | * bugfixes | ||
199 | -- netblue30 <netblue30@yahoo.com> Mon, 12 Jun 2017 08:00:00 -0500 | ||
200 | |||
201 | firejail (0.9.46) baseline; urgency=low | ||
202 | * security: split most of networking code in a separate executable | ||
203 | * security: split seccomp filter code configuration in a separate executable | ||
204 | * security: split file copying in private option in a separate executable | ||
205 | * feature: disable gnupg and systemd directories under /run/user | ||
206 | * feature: test coverage (gcov) support | ||
207 | * feature: allow root user access to /dev/shm (--noblacklist=/dev/shm) | ||
208 | * feature: private /opt directory (--private-opt, profile support) | ||
209 | * feature: private /srv directory (--private-srv, profile support) | ||
210 | * feature: spoof machine-id (--machine-id, profile support) | ||
211 | * feature: allow blacklists under --private (--allow-private-blacklist, | ||
212 | profile support) | ||
213 | * feature: user-defined /etc/hosts file (--hosts-file, profile support) | ||
214 | * feature: support for the real /var/log directory (--writable-var-log, | ||
215 | profile support) | ||
216 | * feature: config support for firejail prompt in terminals | ||
217 | * feature: AppImage type 2 support | ||
218 | * feature: pass command line arguments to appimages | ||
219 | * feature: allow non-seccomp setup for OverlayFS sandboxes - more work to come | ||
220 | * feature: added a number of Python scripts for handling sandboxes | ||
221 | * feature: allow local customization using .local files under /etc/firejail | ||
222 | * feature: follow-symlink-as-user runtime config option in | ||
223 | /etc/firejail/firejail.config | ||
224 | * feature: follow-symlink-private-bin option in /etc/firejail/firejail.config | ||
225 | * feature: xvfb X11 server support (--x11=xvfb) | ||
226 | * feature: allow /tmp directory in mkdir and mkfile profile commands | ||
227 | * feature: implemented --noblacklist command, profile support | ||
228 | * feature: config support to disable access to /mnt and /media (disable-mnt) | ||
229 | * feature: config support to disable join (join) | ||
230 | * feature: disabled Go, Rust, and OpenSSL in disable-devel.conf | ||
231 | * feature: support overlay, overlay-named and overlay-tmpfs in profile files | ||
232 | * feature: allow PulseAudio sockets in --private-tmp | ||
233 | * feature: --fix-sound support in firecfg | ||
234 | * feature: added support for sandboxing Xpra, Xvfb and Xephyr in | ||
235 | independent sandboxes when started with firejail --x11 | ||
236 | * feature: enable automatic X server sandboxing for --x11=xpra | ||
237 | and --x11=xephyr | ||
238 | * feature: support for Xpra extra params in firejail config file | ||
239 | * new profiles: xiphos, Tor Browser Bundle, display (imagemagick), Wire, | ||
240 | * new profiles: mumble, zoom, Guayadeque, qemu, keypass2, xed, pluma, | ||
241 | * new profiles: Cryptocat, Bless, Gnome 2048, Gnome Calculator, | ||
242 | * new profiles: Gnome Contacts, JD-GUI, Lollypop, MultiMC5, PDFSam, Pithos, | ||
243 | * new profiles: Xonotic, wireshark, keepassx2, QupZilla, FossaMail, | ||
244 | * new profiles: Uzbl browser, iridium browser, Thunar, Geeqie, Engrampa, | ||
245 | * new profiles: Scribus, mousepad, gpicview, keepassxc, cvlc, MediathekView, | ||
246 | * new profiles: baloo_file, Nylas, dino, BibleTime, viewnior, Kodi, viking, | ||
247 | * new profiles: youtube-dl, meld, Arduino, Akregator, KCalc, KTorrent, | ||
248 | * new profiles: Orage Globaltime, Orage Clendar, xfce4-notes, xfce4-dict, | ||
249 | * new profiles: Ristretto, PCManFM, Dia, FontForge, Geany, Hugin, | ||
250 | * new profiles: mate-calc, mate-dictionary, mate-color-select, caja, | ||
251 | * new profiles: galculator, Nemo, gnome-font-viewer, gucharmap, knotes | ||
252 | * new profiles: clipit, leafpad, lximage-qt, lxmusic, qlipper, Xvfb, Xephyr | ||
253 | * new profiles: Blender, 2048-qt | ||
254 | * bugfixes | ||
255 | -- netblue30 <netblue30@yahoo.com> Sun, 14 May 2017 08:00:00 -0500 | ||
256 | |||
257 | firejail (0.9.44.10) baseline; urgency=low | ||
258 | * security: when using --x11=xorg and --net, incorrect processing of | ||
259 | the return code of /usr/bin/xauth could end up in starting the | ||
260 | sandbox without X11 security extension installed. Problem found/fixed | ||
261 | by Zack Weinberg | ||
262 | * bugfix: ~/.pki directory whitelisted and later blacklisted. This affects | ||
263 | most browsers, and disables the custom certificates installed by the user | ||
264 | * bugfix: firecfg config fix | ||
265 | * bugfix: gajim security profile fix | ||
266 | * bugfix: man page fix | ||
267 | * bugfix: force-nonewprivs fix for /etc/firejail/firejail.config | ||
268 | * bugfix: xephyr-extra-params fix for /etc/firejail/firejail.config | ||
269 | * bugfix: memory corruption in noblacklist processing | ||
270 | * bugfix: --quiet fix for Arch and Fedora systems | ||
271 | * bugfix: updated Keepass(x) profiles | ||
272 | * bugfix: firemon --nowrap problem | ||
273 | * bugfix: document firemon --nowrap in man page and in --help option | ||
274 | * bugfix: bash completion for --noblacklist command | ||
275 | * bugfix: vlc profile fix | ||
276 | * bugfix: fixed handling of .local profile files when the software is | ||
277 | installed in ~/.local directory | ||
278 | * bugfix: temporarily remove private-tmp from all profiles, until a fix for | ||
279 | .Xauthority file handling in KDE becomes available | ||
280 | * maintenance: --output cleanup | ||
281 | * maintenance: updated copyright statement in all files | ||
282 | -- netblue30 <netblue30@yahoo.com> Sat, 18 Mar 2017 10:00:00 -0500 | ||
283 | |||
284 | firejail (0.9.44.8) baseline; urgency=low | ||
285 | * bugfix: fix broken PulseAudio support | ||
286 | -- netblue30 <netblue30@yahoo.com> Wed, 18 Jan 2017 10:00:00 -0500 | ||
287 | |||
288 | firejail (0.9.44.6) baseline; urgency=low | ||
289 | * security: new fix for CVE-2017-5180 reported by Sebastian Krahmer last week, | ||
290 | new CVE code assigned after release: CVE-2017-5940 | ||
291 | * security: major cleanup of file copying code | ||
292 | * security: tightening the rules for --chroot and --overlay features | ||
293 | * bugfix: ported Gentoo compile patch | ||
294 | * bugfix: Nvidia drivers bug in --private-dev | ||
295 | * bugfix: fix ASSERT_PERMS_FD macro | ||
296 | * feature: allow local customization using .local files under /etc/firejail | ||
297 | backported from our development branch | ||
298 | * feature: spoof machine-id backported from our development branch | ||
299 | -- netblue30 <netblue30@yahoo.com> Sun, 15 Jan 2017 10:00:00 -0500 | ||
300 | |||
301 | firejail (0.9.44.4) baseline; urgency=low | ||
302 | * security: --bandwidth root shell found by Martin Carpenter (CVE-2017-5207) | ||
303 | * security: disabled --allow-debuggers when running on kernel | ||
304 | versions prior to 4.8; a kernel bug in ptrace system call | ||
305 | allows a full bypass of seccomp filter; problem reported by Lizzie Dixon | ||
306 | (CVE-2017-5206) | ||
307 | * security: root exploit found by Sebastian Krahmer (CVE-2017-5180) | ||
308 | -- netblue30 <netblue30@yahoo.com> Sat, 7 Jan 2017 10:00:00 -0500 | ||
309 | |||
310 | firejail (0.9.44.2) baseline; urgency=low | ||
311 | * security: overwrite /etc/resolv.conf found by Martin Carpenter (CVE-2016-10118) | ||
312 | * secuirty: TOCTOU exploit for --get and --put found by Daniel Hodson | ||
313 | * security: invalid environment exploit found by Martin Carpenter (CVE-2016-10122) | ||
314 | * security: several security enhancements | ||
315 | * bugfix: crashing VLC by pressing Ctrl-O | ||
316 | * bugfix: use user configured icons in KDE | ||
317 | * bugfix: mkdir and mkfile are not applied to private directories | ||
318 | * bugfix: cannot open files on Deluge running under KDE | ||
319 | * bugfix: --private=dir where dir is the user home directory | ||
320 | * bugfix: cannot start Vivaldi browser | ||
321 | * bugfix: cannot start mupdf | ||
322 | * bugfix: ssh profile problems | ||
323 | * bugfix: --quiet | ||
324 | * bugfix: quiet in git profile | ||
325 | * bugfix: memory corruption | ||
326 | -- netblue30 <netblue30@yahoo.com> Fri, 2 Dec 2016 08:00:00 -0500 | ||
327 | |||
328 | firejail (0.9.44) baseline; urgency=low | ||
329 | * CVE-2016-9016 submitted by Aleksey Manevich | ||
330 | * modifs: removed man firejail-config | ||
331 | * modifs: --private-tmp whitelists /tmp/.X11-unix directory | ||
332 | * modifs: Nvidia drivers added to --private-dev | ||
333 | * modifs: /srv supported by --whitelist | ||
334 | * feature: allow user access to /sys/fs (--noblacklist=/sys/fs) | ||
335 | * feature: support starting/joining sandbox is a single command | ||
336 | (--join-or-start) | ||
337 | * feature: X11 detection support for --audit | ||
338 | * feature: assign a name to the interface connected to the bridge | ||
339 | (--veth-name) | ||
340 | * feature: all user home directories are visible (--allusers) | ||
341 | * feature: add files to sandbox container (--put) | ||
342 | * feature: blocking x11 (--x11=block) | ||
343 | * feature: X11 security extension (--x11=xorg) | ||
344 | * feature: disable 3D hardware acceleration (--no3d) | ||
345 | * feature: x11 xpra, x11 xephyr, x11 block, allusers, no3d profile commands | ||
346 | * feature: move files in sandbox (--put) | ||
347 | * feature: accept wildcard patterns in user name field of restricted | ||
348 | shell login feature | ||
349 | * new profiles: qpdfview, mupdf, Luminance HDR, Synfig Studio, Gimp, Inkscape | ||
350 | * new profiles: feh, ranger, zathura, 7z, keepass, keepassx, | ||
351 | * new profiles: claws-mail, mutt, git, emacs, vim, xpdf, VirtualBox, OpenShot | ||
352 | * new profiles: Flowblade, Eye of GNOME (eog), Evolution | ||
353 | * bugfixes | ||
354 | -- netblue30 <netblue30@yahoo.com> Fri, 21 Oct 2016 08:00:00 -0500 | ||
355 | |||
356 | firejail (0.9.42) baseline; urgency=low | ||
357 | * security: --whitelist deleted files, submitted by Vasya Novikov | ||
358 | * security: disable x32 ABI in seccomp, submitted by Jann Horn | ||
359 | * security: tighten --chroot, submitted by Jann Horn | ||
360 | * security: terminal sandbox escape, submitted by Stephan Sokolow | ||
361 | * security: several TOCTOU fixes submitted by Aleksey Manevich | ||
362 | * modifs: bringing back --private-home option | ||
363 | * modifs: deprecated --user option, please use "sudo -u username firejail" | ||
364 | * modifs: allow symlinks in home directory for --whitelist option | ||
365 | * modifs: Firejail prompt is enabled by env variable FIREJAIL_PROMPT="yes" | ||
366 | * modifs: recursive mkdir | ||
367 | * modifs: include /dev/snd in --private-dev | ||
368 | * modifs: seccomp filter update | ||
369 | * modifs: release archives moved to .xz format | ||
370 | * feature: AppImage support (--appimage) | ||
371 | * feature: AppArmor support (--apparmor) | ||
372 | * feature: Ubuntu snap support (/etc/firejail/snap.profile) | ||
373 | * feature: Sandbox auditing support (--audit) | ||
374 | * feature: remove environment variable (--rmenv) | ||
375 | * feature: noexec support (--noexec) | ||
376 | * feature: clean local overlay storage directory (--overlay-clean) | ||
377 | * feature: store and reuse overlay (--overlay-named) | ||
378 | * feature: allow debugging inside the sandbox with gdb and strace | ||
379 | (--allow-debuggers) | ||
380 | * feature: mkfile profile command | ||
381 | * feature: quiet profile command | ||
382 | * feature: x11 profile command | ||
383 | * feature: option to fix desktop files (firecfg --fix) | ||
384 | * compile time: Busybox support (--enable-busybox-workaround) | ||
385 | * compile time: disable overlayfs (--disable-overlayfs) | ||
386 | * compile time: disable whitelisting (--disable-whitelist) | ||
387 | * compile time: disable global config (--disable-globalcfg) | ||
388 | * run time: enable/disable overlayfs (overlayfs yes/no) | ||
389 | * run time: enable/disable quiet as default (quiet-by-default yes/no) | ||
390 | * run time: user-defined network filter (netfilter-default) | ||
391 | * run time: enable/disable whitelisting (whitelist yes/no) | ||
392 | * run time: enable/disable remounting of /proc and /sys | ||
393 | (remount-proc-sys yes/no) | ||
394 | * run time: enable/disable chroot desktop features (chroot-desktop yes/no) | ||
395 | * profiles: Gitter, gThumb, mpv, Franz messenger, LibreOffice | ||
396 | * profiles: pix, audacity, xz, xzdec, gzip, cpio, less | ||
397 | * profiles: Atom Beta, Atom, jitsi, eom, uudeview | ||
398 | * profiles: tar (gtar), unzip, unrar, file, skypeforlinux, | ||
399 | * profiles: inox, Slack, gnome-chess. Gajim IM client, DOSBox | ||
400 | * bugfixes | ||
401 | -- netblue30 <netblue30@yahoo.com> Thu, 8 Sept 2016 08:00:00 -0500 | ||
402 | |||
403 | firejail (0.9.40) baseline; urgency=low | ||
404 | * added --nice option | ||
405 | * added --x11 option | ||
406 | * added --x11=xpra option | ||
407 | * added --x11=xephyr option | ||
408 | * added --cpu.print option | ||
409 | * added filetransfer options --ls and --get | ||
410 | * added --writable-etc and --writable-var options | ||
411 | * added --read-only option | ||
412 | * added mkdir, ipc-namespace, and nosound profile commands | ||
413 | * added net, ip, defaultgw, ip6, mac, mtu and iprange profile commands | ||
414 | * --version also prints compile options | ||
415 | * --output option also redirects stderr | ||
416 | * added compile-time option to restrict --net= to root only | ||
417 | * run time config support, man firejail-config | ||
418 | * added firecfg utility | ||
419 | * AppArmor fixes | ||
420 | * default seccomp filter update | ||
421 | * disable STUN/WebRTC in default netfilter configuration | ||
422 | * new profiles: lxterminal, Epiphany, cherrytree, Polari, Vivaldi, Atril | ||
423 | * new profiles: qutebrowser, SlimJet, Battle for Wesnoth, Hedgewars | ||
424 | * new profiles: qTox, OpenSSH client, OpenBox, Dillo, cmus, dnsmasq | ||
425 | * new profiles: PaleMoon, Icedove, abrowser, 0ad, netsurf, Warzone2100 | ||
426 | * new profiles: okular, gwenview, Google-Play-Music-Desktop-Player | ||
427 | * new profiles: Aweather, Stellarium, gpredict, quiterss, cyberfox | ||
428 | * new profiles: generic Ubuntu snap application profile, xplayer | ||
429 | * new profiles: xreader, xviewer, mcabber, Psi+, Corebird, Konversation | ||
430 | * new profiles: Brave, Gitter | ||
431 | * generic.profile renamed default.profile | ||
432 | * build rpm packages using "make rpms" | ||
433 | * bugfixes | ||
434 | -- netblue30 <netblue30@yahoo.com> Sun, 29 May 2016 08:00:00 -0500 | ||
435 | |||
436 | firejail (0.9.38.10) baseline; urgency=low | ||
437 | * security: new fix for CVE-2017-5180 reported by Sebastian Krahmer last week | ||
438 | new CVE code assigned after release: CVE-2017-5940 | ||
439 | * security: tightening the rules for --chroot | ||
440 | * bugfix: ported Gentoo compile patch | ||
441 | * bugfix: fix ASSERT_PERMS_FD macro | ||
442 | -- netblue30 <netblue30@yahoo.com> Sun, 15 Jan 2017 10:00:00 -0500 | ||
443 | |||
444 | firejail (0.9.38.8) baseline; urgency=low | ||
445 | * security: root exploit found by Sebastian Krahmer (CVE-2017-5180) | ||
446 | -- netblue30 <netblue30@yahoo.com> Sat, 7 Jan 2017 10:00:00 -0500 | ||
447 | |||
448 | firejail (0.9.38.6) baseline; urgency=low | ||
449 | * security: overwrite /etc/resolv.conf found by Martin Carpenter (CVE-2016-10118) | ||
450 | * bugfix: crashing VLC by pressing Ctrl-O | ||
451 | -- netblue30 <netblue30@yahoo.com> Fri, 16 Dec 2016 10:00:00 -0500 | ||
452 | |||
453 | firejail (0.9.38.4) baseline; urgency=low | ||
454 | * CVE-2016-7545 submitted by Aleksey Manevich | ||
455 | * bugfixes | ||
456 | -- netblue30 <netblue30@yahoo.com> Mon, 10 Oct 2016 10:00:00 -0500 | ||
457 | |||
458 | firejail (0.9.38.2) baseline; urgency=low | ||
459 | * security: --whitelist deleted files, submitted by Vasya Novikov | ||
460 | * security: disable x32 ABI, submitted by Jann Horn | ||
461 | * security: tighten --chroot, submitted by Jann Horn | ||
462 | * security: terminal sandbox escape, submitted by Stephan Sokolow | ||
463 | * feature: clean local overlay storage directory (--overlay-clean) | ||
464 | * bugfixes | ||
465 | -- netblue30 <netblue30@yahoo.com> Tue, 23 Aug 2016 10:00:00 -0500 | ||
466 | |||
467 | firejail (0.9.38) baseline; urgency=low | ||
468 | * IPv6 support (--ip6 and --netfilter6) | ||
469 | * --join command enhancement (--join-network, --join-filesystem) | ||
470 | * added --user command | ||
471 | * added --disable-network and --disable-userns compile time flags | ||
472 | * Centos 6 support | ||
473 | * symlink invocation | ||
474 | * added KMail, Seamonkey, Telegram, Mathematica, uGet, | ||
475 | * and mupen64plus profiles | ||
476 | * --chroot in user mode allowed only if seccomp support is available | ||
477 | * in current Linux kernel (CVE-2016-10123) | ||
478 | * deprecated --private-home feature | ||
479 | * the first protocol list installed takes precedence | ||
480 | * --tmpfs option allowed only running as root (CVE-2016-10117) | ||
481 | * added --private-tmp option | ||
482 | * weak permissions (CVE-2016-10119, CVE-2016-10120, CVE-2016-10121) | ||
483 | * bugfixes | ||
484 | -- netblue30 <netblue30@yahoo.com> Tue, 2 Feb 2016 10:00:00 -0500 | ||
485 | |||
486 | firejail (0.9.36) baseline; urgency=low | ||
487 | * added unbound, dnscrypt-proxy, BitlBee, HexChat, WeeChat, | ||
488 | parole and rtorrent profiles | ||
489 | * Google Chrome profile rework | ||
490 | * added google-chrome-stable profile | ||
491 | * added google-chrome-beta profile | ||
492 | * added google-chrome-unstable profile | ||
493 | * Opera profile rework | ||
494 | * added opera-beta profile | ||
495 | * added --noblacklist option | ||
496 | * added --profile-path option | ||
497 | * added --force option | ||
498 | * whitelist command enhancements | ||
499 | * prevent user name enumeration | ||
500 | * added /etc/firejail/nolocal.net network filter | ||
501 | * added /etc/firejail/webserver.net network filter | ||
502 | * blacklisting firejail configuration by default | ||
503 | * allow default gateway configuration for --interface option | ||
504 | * --debug enhancements: --debug-check-filenames, --debug-blacklists, | ||
505 | --debug-whitelists | ||
506 | * filesystem log | ||
507 | * libtrace enhancements, tracing opendir call | ||
508 | * added --tracelog option | ||
509 | * added "name" command to profile files | ||
510 | * added "hostname" command to profile files | ||
511 | * added automated feature testing framework | ||
512 | * Debian reproducible build | ||
513 | * bugfixes | ||
514 | -- netblue30 <netblue30@yahoo.com> Sun, 27 Dec 2015 09:00:00 -0500 | ||
515 | |||
516 | firejail (0.9.34) baseline; urgency=low | ||
517 | * added --ignore option | ||
518 | * added --protocol option | ||
519 | * support dual i386/amd64 seccomp filters | ||
520 | * added Google Chrome profile | ||
521 | * added Steam, Skype, Wine and Conkeror profiles | ||
522 | * bugfixes | ||
523 | -- netblue30 <netblue30@yahoo.com> Sat, 7 Nov 2015 08:00:00 -0500 | ||
524 | |||
525 | firejail (0.9.32) baseline; urgency=low | ||
526 | * added --interface option | ||
527 | * added --mtu option | ||
528 | * added --private-bin option | ||
529 | * added --nosound option | ||
530 | * added --hostname option | ||
531 | * added --quiet option | ||
532 | * added seccomp errno support | ||
533 | * added FBReader default profile | ||
534 | * added Spotify default profile | ||
535 | * lots of default security profile changes | ||
536 | * fixed a security problem on multi-user systems | ||
537 | * bugfixes | ||
538 | -- netblue30 <netblue30@yahoo.com> Wed, 21 Oct 2015 08:00:00 -0500 | ||
539 | |||
540 | |||
541 | firejail (0.9.30) baseline; urgency=low | ||
542 | * added a disable-history.inc profile as a result of Firefox PDF.js exploit; | ||
543 | disable-history.inc included in all default profiles | ||
544 | * Firefox PDF.js exploit (CVE-2015-4495) fixes | ||
545 | * added --private-etc option | ||
546 | * added --env option | ||
547 | * added --whitelist option | ||
548 | * support ${HOME} token in include directive in profile files | ||
549 | * --private.keep is transitioned to --private-home | ||
550 | * support ~ and blanks in blacklist option | ||
551 | * support "net none" command in profile files | ||
552 | * using /etc/firejail/generic.profile by default for user sessions | ||
553 | * using /etc/firejail/server.profile by default for root sessions | ||
554 | * added build --enable-fatal-warnings configure option | ||
555 | * added persistence to --overlay option | ||
556 | * added --overlay-tmpfs option | ||
557 | * make install-strip implemented, make install renamed | ||
558 | * bugfixes | ||
559 | -- netblue30 <netblue30@yahoo.com> Mon, 14 Sept 2015 08:00:00 -0500 | ||
560 | |||
561 | firejail (0.9.28) baseline; urgency=low | ||
562 | * network scanning, --scan option | ||
563 | * interface MAC address support, --mac option | ||
564 | * IP address range, --iprange option | ||
565 | * traffic shaping, --bandwidth option | ||
566 | * reworked printing of network status at startup | ||
567 | * man pages rework | ||
568 | * added firejail-login man page | ||
569 | * added GNU Icecat, FileZilla, Pidgin, XChat, Empathy, DeaDBeeF default | ||
570 | profiles | ||
571 | * added an /etc/firejail/disable-common.inc file to hold common directory | ||
572 | blacklists | ||
573 | * blacklist Opera and Chrome/Chromium config directories in profile files | ||
574 | * support noroot option for profile files | ||
575 | * enabled noroot in default profile files | ||
576 | * bugfixes | ||
577 | -- netblue30 <netblue30@yahoo.com> Sat, 1 Aug 2015 08:00:00 -0500 | ||
578 | |||
579 | firejail (0.9.26) baseline; urgency=low | ||
580 | * private dev directory | ||
581 | * private.keep option for whitelisting home files in a new private directory | ||
582 | * user namespaces support, noroot option | ||
583 | * added Deluge and qBittorent profiles | ||
584 | * bugfixes | ||
585 | -- netblue30 <netblue30@yahoo.com> Thu, 30 Apr 2015 08:00:00 -0500 | ||
586 | |||
587 | |||
588 | firejail (0.9.24) baseline; urgency=low | ||
589 | * whitelist and blacklist seccomp filters | ||
590 | * doubledash option | ||
591 | * --shell=none support | ||
592 | * netfilter file support in profile files | ||
593 | * dns server support in profile files | ||
594 | * added --dns.print option | ||
595 | * added default profiles for Audacious, Clementine, Gnome-MPlayer, Rhythmbox and Totem. | ||
596 | * added --caps.drop=all in default profiles | ||
597 | * new syscalls in default seccomp filter: sysfs, sysctl, adjtimex, kcmp | ||
598 | * clock_adjtime, lookup_dcookie, perf_event_open, fanotify_init | ||
599 | * Bugfix: using /proc/sys/kernel/pid_max for the max number of pids | ||
600 | * two build patches from Reiner Herman (tickets 11, 12) | ||
601 | * man page patch from Reiner Herman (ticket 13) | ||
602 | * output patch (ticket 15) from sshirokov | ||
603 | |||
604 | -- netblue30 <netblue30@yahoo.com> Sun, 5 Apr 2015 08:00:00 -0500 | ||
605 | |||
606 | firejail (0.9.22) baseline; urgency=low | ||
607 | * Replaced --noip option with --ip=none | ||
608 | * Container stdout logging and log rotation | ||
609 | * Added process_vm_readv, process_vm_writev and mknod to | ||
610 | * default seccomp blacklist | ||
611 | * Added CAP_MKNOD to default caps blacklist | ||
612 | * Blacklist and whitelist custom Linux capabilities filters | ||
613 | * macvlan device driver support for --net option | ||
614 | * DNS server support, --dns option | ||
615 | * Netfilter support | ||
616 | * Monitor network statistics, --netstats option | ||
617 | * Added profile for Mozilla Thunderbird/Icedove | ||
618 | * - --overlay support for Linux kernels 3.18+ | ||
619 | * Bugfix: preserve .Xauthority file in private mode (test with ssh -X) | ||
620 | * Bugfix: check uid/gid for cgroup | ||
621 | |||
622 | -- netblue30 <netblue30@yahoo.com> Mon, 9 Mar 2015 09:00:00 -0500 | ||
623 | |||
624 | firejail (0.9.20) baseline; urgency=low | ||
625 | * utmp, btmp and wtmp enhancements | ||
626 | * create empty /var/log/wtmp and /var/log/btmp files in sandbox | ||
627 | * generate a new /var/run/utmp file in sandbox | ||
628 | * CPU affinity, --cpu option | ||
629 | * Linux control groups support, --cgroup option | ||
630 | * Opera web browser support | ||
631 | * VLC support | ||
632 | * Added "empty" attribute to seccomp command to remove the default | ||
633 | * syscall list form seccomp blacklist | ||
634 | * Added --nogroups option to disable supplementary groups for regular | ||
635 | * users. root user always runs without supplementary groups. | ||
636 | * firemon enhancements | ||
637 | * display the command that started the sandbox | ||
638 | * added --caps option to display capabilities for all sandboxes | ||
639 | * added --cgroup option to display the control groups for all sandboxes | ||
640 | * added --cpu option to display CPU affinity for all sandboxes | ||
641 | * added --seccomp option to display seccomp setting for all sandboxes | ||
642 | * New compile time options: --disable-chroot, --disable-bind | ||
643 | * bugfixes | ||
644 | |||
645 | -- netblue30 <netblue30@yahoo.com> Mon, 02 Feb 2015 08:00:00 -0500 | ||
646 | |||
647 | firejail (0.9.18) baseline; urgency=low | ||
648 | * Support for tracing system, setuid, setgid, setfsuid, setfsgid syscalls | ||
649 | * Support for tracing setreuid, setregid, setresuid, setresguid syscalls | ||
650 | * Added profiles for transmission-gtk and transmission-qt | ||
651 | * bugfixes | ||
652 | |||
653 | -- netblue30 <netblue30@yahoo.com> Fri, 25 Dec 2014 10:00:00 -0500 | ||
654 | |||
655 | firejail (0.9.16) baseline; urgency=low | ||
656 | * Configurable private home directory | ||
657 | * Configurable default user shell | ||
658 | * Software configuration support for --docdir and DESTDIR | ||
659 | * Profile file support for include, caps, seccomp and private keywords | ||
660 | * Dropbox profile file | ||
661 | * Linux capabilities and seccomp filters enabled by default for Firefox, | ||
662 | Midori, Evince and Dropbox | ||
663 | * bugfixes | ||
664 | |||
665 | -- netblue30 <netblue30@yahoo.com> Tue, 4 Nov 2014 10:00:00 -0500 | ||
666 | |||
667 | firejail (0.9.14) baseline; urgency=low | ||
668 | * Linux capabilities and seccomp filters are automatically enabled in | ||
669 | chroot mode (--chroot option) if the sandbox is started as regular user | ||
670 | * Added support for user defined seccomp blacklists | ||
671 | * Added syscall trace support | ||
672 | * Added --tmpfs option | ||
673 | * Added --balcklist option | ||
674 | * Added --read-only option | ||
675 | * Added --bind option | ||
676 | * Logging enhancements | ||
677 | * --overlay option was reactivated | ||
678 | * Added firemon support to print the ARP table for each sandbox | ||
679 | * Added firemon support to print the route table for each sandbox | ||
680 | * Added firemon support to print interface information for each sandbox | ||
681 | * bugfixes | ||
682 | |||
683 | -- netblue30 <netblue30@yahoo.com> Tue, 15 Oct 2014 10:00:00 -0500 | ||
684 | |||
685 | firejail (0.9.12.2) baseline; urgency=low | ||
686 | * Fix for pulseaudio problems | ||
687 | * --overlay option was temporarily disabled in this build | ||
688 | |||
689 | -- netblue30 <netblue30@yahoo.com> Mon, 29 Sept 2014 07:00:00 -0500 | ||
690 | |||
691 | firejail (0.9.12.1) baseline; urgency=low | ||
692 | * Fix for pulseaudio problems | ||
693 | * --overlay option was temporarily disabled in this build | ||
694 | |||
695 | -- netblue30 <netblue30@yahoo.com> Mon, 22 Sept 2014 09:00:00 -0500 | ||
696 | |||
697 | firejail (0.9.12) baseline; urgency=low | ||
698 | * Added capabilities support | ||
699 | * Added support for CentOS 7 | ||
700 | * bugfixes | ||
701 | |||
702 | -- netblue30 <netblue30@yahoo.com> Mon, 15 Sept 2014 10:00:00 -0500 | ||
703 | |||
704 | firejail (0.9.10) baseline; urgency=low | ||
705 | * Disable /proc/kcore, /proc/kallsyms, /dev/port, /boot | ||
706 | * Fixed --top option CPU utilization calculation | ||
707 | * Implemented --tree option in firejail and firemon | ||
708 | * Implemented --join=name option | ||
709 | * Implemented --shutdown option | ||
710 | * Preserve the current working directory if possible | ||
711 | * Cppcheck and clang errors cleanup | ||
712 | * Added a Chromium web browser profile | ||
713 | |||
714 | -- netblue30 <netblue30@yahoo.com> Thu, 28 Aug 2014 07:00:00 -0500 | ||
715 | |||
716 | firejail (0.9.8.1) baseline; urgency=low | ||
717 | * FIxed a number of bugs introduced in 0.9.8 | ||
718 | |||
719 | -- netblue30 <netblue30@yahoo.com> Fri, 25 Jul 2014 07:25:00 -0500 | ||
720 | |||
721 | firejail (0.9.8) baseline; urgency=low | ||
722 | * Implemented nowrap mode for firejail --list command option | ||
723 | * Added --top option in both firejail and firemon | ||
724 | * seccomp filter support | ||
725 | * Added pid support for firemon | ||
726 | * bugfixes | ||
727 | |||
728 | -- netblue30 <netblue30@yahoo.com> Tue, 24 Jul 2014 08:51:00 -0500 | ||
729 | |||
730 | firejail (0.9.6) baseline; urgency=low | ||
731 | |||
732 | * Mounting tmpfs on top of /var/log, required by several server programs | ||
733 | * Server fixes for /var/lib and /var/cache | ||
734 | * Private mode fixes | ||
735 | * csh and zsh default shell support | ||
736 | * Chroot mode fixes | ||
737 | * Added support for lighttpd, isc-dhcp-server, apache2, nginx, snmpd, | ||
738 | |||
739 | -- netblue30 <netblue30@yahoo.com> Sat, 7 Jun 2014 09:00:00 -0500 | ||
740 | |||
741 | firejail (0.9.4) baseline; urgency=low | ||
742 | |||
743 | * Fixed resolv.conf on Ubuntu systems using DHCP | ||
744 | * Fixed resolv.conf on Debian systems using resolvconf package | ||
745 | * Fixed /var/lock directory | ||
746 | * Fixed /var/tmp directory | ||
747 | * Fixed symbolic links in profile files | ||
748 | * Added profiles for evince, midori | ||
749 | |||
750 | -- netblue30 <netblue30@yahoo.com> Sun, 4 May 2014 08:00:00 -0500 | ||
751 | |||
752 | firejail (0.9.2) baseline; urgency=low | ||
753 | |||
754 | * Checking IP address passed with --ip option using ARP; exit if the address | ||
755 | is already present | ||
756 | * Using a lock file during ARP address assignment in order to removed a race | ||
757 | condition. | ||
758 | * Several fixes to --private option; it also mounts a tmpfs filesystem on top | ||
759 | of /tmp | ||
760 | * Added user access check for profile file | ||
761 | * Added --defaultgw option | ||
762 | * Added support of --noip option; it is necessary for DHCP setups | ||
763 | * Added syslog support | ||
764 | * Added support for "tmpfs" and "read-only" profile commands | ||
765 | * Added an expect-based testing framework for the project | ||
766 | * Added bash completion support | ||
767 | * Added support for multiple networks | ||
768 | |||
769 | -- netblue30 <netblue30@yahoo.com> Fri, 25 Apr 2014 08:00:00 -0500 | ||
770 | |||
771 | firejail (0.9) baseline; urgency=low | ||
772 | |||
773 | * First beta version | ||
774 | |||
775 | -- netblue30 <netblue30@yahoo.com> Sat, 12 Apr 2014 09:00:00 -0500 | ||