Baseline firejail 0.9.28

author: netblue30 <netblue30@yahoo.com> 2015-08-08 19:12:30 -0400
committer: netblue30 <netblue30@yahoo.com> 2015-08-08 19:12:30 -0400
commit: 1379851360349d6617ad32944a25ee5e2bb74fc2 (patch)
tree: f69b48e90708bfa3c2723d5a27ed3e024c827b43 /RELNOTES
parent: delete files (diff)
download: firejail-1379851360349d6617ad32944a25ee5e2bb74fc2.tar.gz
firejail-1379851360349d6617ad32944a25ee5e2bb74fc2.tar.zst
firejail-1379851360349d6617ad32944a25ee5e2bb74fc2.zip
1 files changed, 215 insertions, 0 deletions
diff --git a/RELNOTES b/RELNOTES
new file mode 100644
index 000000000..379c8f1c3
--- /dev/null
+++ b/RELNOTES
@@ -0,0 +1,215 @@
+firejail (0.9.28) baseline; urgency=low
+  * network scanning, --scan option
+  * interface MAC address support, --mac option
+  * IP address range, --iprange option
+  * traffic shaping, --bandwidth option
+  * reworked printing of network status at startup
+  * man pages rework
+  * added firejail-login man page
+  * added GNU Icecat, FileZilla, Pidgin, XChat, Empathy, DeaDBeeF default
+    profiles
+  * added an /etc/firejail/disable-common.inc file to hold common directory
+    blacklists
+  * blacklist Opera and Chrome/Chromium config directories in profile files
+  * support noroot option for profile files
+  * enabled noroot in default profile files
+  * bugfixes
+ -- netblue30 <netblue30@yahoo.com>  Sat, 1 Aug 2015 08:00:00 -0500
+firejail (0.9.26) baseline; urgency=low
+  * private dev directory
+  * private.keep option for whitelisting home files in a new private directory
+  * user namespaces support, noroot option
+  * added Deluge and qBittorent profiles
+  * bugfixes
+ -- netblue30 <netblue30@yahoo.com>  Thu, 30 Apr 2015 08:00:00 -0500
+firejail (0.9.24) baseline; urgency=low
+  * whitelist and blacklist seccomp filters
+  * doubledash option
+  * --shell=none support
+  * netfilter file support in profile files
+  * dns server support in profile files
+  * added --dns.print option
+  * added default profiles for Audacious, Clementine, Gnome-MPlayer, Rhythmbox and Totem.
+  * added --caps.drop=all in default profiles
+  * new syscalls in default seccomp filter: sysfs, sysctl, adjtimex, kcmp
+  *         clock_adjtime, lookup_dcookie, perf_event_open, fanotify_init
+  * Bugfix: using /proc/sys/kernel/pid_max for the max number of pids
+  * two build patches from Reiner Herman (tickets 11, 12)
+  * man page patch from Reiner Herman (ticket 13)
+  * output patch (ticket 15) from sshirokov
+  
+ -- netblue30 <netblue30@yahoo.com>  Sun, 5 Apr 2015 08:00:00 -0500
+firejail (0.9.22) baseline; urgency=low
+  * Replaced --noip option with --ip=none
+  * Container stdout logging and log rotation
+  * Added process_vm_readv, process_vm_writev and mknod to
+  *    default seccomp blacklist
+  * Added CAP_MKNOD to default caps blacklist
+  * Blacklist and whitelist custom Linux capabilities filters
+  * macvlan device driver support for --net option
+  * DNS server support, --dns option
+  * Netfilter support
+  * Monitor network statistics, --netstats option
+  * Added profile for Mozilla Thunderbird/Icedove
+  * - --overlay support for Linux kernels 3.18+
+  * Bugfix: preserve .Xauthority file in private mode (test with ssh -X)
+  * Bugfix: check uid/gid for cgroup
+ -- netblue30 <netblue30@yahoo.com>  Mon, 9 Mar 2015 09:00:00 -0500
+firejail (0.9.20) baseline; urgency=low
+  * utmp, btmp and wtmp enhancements
+  *    create empty /var/log/wtmp and /var/log/btmp files in sandbox
+  *    generate a new /var/run/utmp file in sandbox
+  * CPU affinity, --cpu option
+  * Linux control groups support, --cgroup option
+  * Opera web browser support
+  * VLC support
+  * Added "empty" attribute to seccomp command to remove the default
+  *    syscall list form seccomp blacklist
+  * Added --nogroups option to disable supplementary groups for regular
+  *   users. root user always runs without supplementary groups.
+  * firemon enhancements
+  *   display the command that started the sandbox
+  *   added --caps option to display capabilities for all sandboxes
+  *   added --cgroup option to display the control groups for all sandboxes
+  *   added --cpu option to display CPU affinity for all sandboxes
+  *   added --seccomp option to display seccomp setting for all sandboxes
+  * New compile time options: --disable-chroot, --disable-bind
+  * bugfixes
+ -- netblue30 <netblue30@yahoo.com>  Mon, 02 Feb 2015 08:00:00 -0500
+firejail (0.9.18) baseline; urgency=low
+  * Support for tracing system, setuid, setgid, setfsuid, setfsgid syscalls
+  * Support for tracing setreuid, setregid, setresuid, setresguid syscalls
+  * Added profiles for transmission-gtk and transmission-qt
+  * bugfixes
+ -- netblue30 <netblue30@yahoo.com>  Fri, 25 Dec 2014 10:00:00 -0500
+firejail (0.9.16) baseline; urgency=low
+  * Configurable private home directory
+  * Configurable default user shell
+  * Software configuration support for --docdir and DESTDIR
+  * Profile file support for include, caps, seccomp and private keywords
+  * Dropbox profile file
+  * Linux capabilities and seccomp filters enabled by default for Firefox,
+  Midori, Evince and Dropbox
+  * bugfixes
+ -- netblue30 <netblue30@yahoo.com>  Tue, 4 Nov 2014 10:00:00 -0500
+firejail (0.9.14) baseline; urgency=low
+  * Linux capabilities and seccomp filters are automatically enabled in 
+    chroot mode (--chroot option) if the sandbox is started as regular user
+  * Added support for user defined seccomp blacklists
+  * Added syscall trace support
+  * Added --tmpfs option
+  * Added --balcklist option
+  * Added --read-only option
+  * Added --bind option
+  * Logging enhancements
+  * --overlay option was reactivated
+  * Added firemon support to print the ARP table for each sandbox
+  * Added firemon support to print the route table for each sandbox
+  * Added firemon support to print interface information for each sandbox
+  * bugfixes
+ -- netblue30 <netblue30@yahoo.com>  Tue, 15 Oct 2014 10:00:00 -0500
+firejail (0.9.12.2) baseline; urgency=low
+  * Fix for pulseaudio problems
+  * --overlay option was temporarily disabled in this build
+ -- netblue30 <netblue30@yahoo.com>  Mon, 29 Sept 2014 07:00:00 -0500
+firejail (0.9.12.1) baseline; urgency=low
+  * Fix for pulseaudio problems
+  * --overlay option was temporarily disabled in this build
+ -- netblue30 <netblue30@yahoo.com>  Mon, 22 Sept 2014 09:00:00 -0500
+firejail (0.9.12) baseline; urgency=low
+  * Added capabilities support
+  * Added support for CentOS 7
+  * bugfixes
+ -- netblue30 <netblue30@yahoo.com>  Mon, 15 Sept 2014 10:00:00 -0500
+firejail (0.9.10) baseline; urgency=low
+  * Disable /proc/kcore, /proc/kallsyms, /dev/port, /boot
+  * Fixed --top option CPU utilization calculation
+  * Implemented --tree option in firejail and firemon
+  * Implemented --join=name option
+  * Implemented --shutdown option
+  * Preserve the current working directory if possible
+  * Cppcheck and clang errors cleanup
+  * Added a Chromium web browser profile
+ -- netblue30 <netblue30@yahoo.com>  Thu, 28 Aug 2014 07:00:00 -0500
+firejail (0.9.8.1) baseline; urgency=low
+  * FIxed a number of bugs introduced in 0.9.8
+ -- netblue30 <netblue30@yahoo.com>  Fri, 25 Jul 2014 07:25:00 -0500
+  
+firejail (0.9.8) baseline; urgency=low
+  * Implemented nowrap mode for firejail --list command option
+  * Added --top option in both firejail and firemon
+  * seccomp filter support
+  * Added pid support for firemon
+  * bugfixes
+ -- netblue30 <netblue30@yahoo.com>  Tue, 24 Jul 2014 08:51:00 -0500
+  
+firejail (0.9.6) baseline; urgency=low
+  * Mounting tmpfs on top of /var/log, required by several server programs
+  * Server fixes for /var/lib and /var/cache
+  * Private mode fixes
+  * csh and zsh default shell support
+  * Chroot mode fixes
+  * Added support for lighttpd, isc-dhcp-server, apache2, nginx, snmpd,
+ -- netblue30 <netblue30@yahoo.com>  Sat, 7 Jun 2014 09:00:00 -0500
+firejail (0.9.4) baseline; urgency=low
+  * Fixed resolv.conf on Ubuntu systems using DHCP
+  * Fixed resolv.conf on Debian systems using resolvconf package
+  * Fixed /var/lock directory
+  * Fixed /var/tmp directory
+  * Fixed symbolic links in profile files
+  * Added profiles for evince, midori
+ -- netblue30 <netblue30@yahoo.com>  Sun, 4 May 2014 08:00:00 -0500
+firejail (0.9.2) baseline; urgency=low
+  * Checking IP address passed with --ip option using ARP; exit if the address
+   is already present
+  * Using a lock file during ARP address assignment in order to removed a race
+   condition.
+  * Several fixes to --private option; it also mounts a tmpfs filesystem on top
+   of /tmp
+  * Added user access check for profile file
+  * Added --defaultgw option
+  * Added support of --noip option; it is necessary for DHCP setups
+  * Added syslog support
+  * Added support for "tmpfs" and "read-only" profile commands
+  * Added an expect-based testing framework for the project
+  * Added bash completion support
+  * Added support for multiple networks
+  
+ -- netblue30 <netblue30@yahoo.com>  Fri, 25 Apr 2014 08:00:00 -0500
+firejail (0.9) baseline; urgency=low
+  * First beta version
+ -- netblue30 <netblue30@yahoo.com>  Sat, 12 Apr 2014 09:00:00 -0500
author	netblue30 <netblue30@yahoo.com>	2015-08-08 19:12:30 -0400
committer	netblue30 <netblue30@yahoo.com>	2015-08-08 19:12:30 -0400
commit	1379851360349d6617ad32944a25ee5e2bb74fc2 (patch)
tree	f69b48e90708bfa3c2723d5a27ed3e024c827b43 /RELNOTES
parent	delete files (diff)
download	firejail-1379851360349d6617ad32944a25ee5e2bb74fc2.tar.gz firejail-1379851360349d6617ad32944a25ee5e2bb74fc2.tar.zst firejail-1379851360349d6617ad32944a25ee5e2bb74fc2.zip

diff --git a/RELNOTES b/RELNOTES new file mode 100644 index 000000000..379c8f1c3 --- /dev/null +++ b/RELNOTES
@@ -0,0 +1,215 @@
	1	firejail (0.9.28) baseline; urgency=low
	2	* network scanning, --scan option
	3	* interface MAC address support, --mac option
	4	* IP address range, --iprange option
	5	* traffic shaping, --bandwidth option
	6	* reworked printing of network status at startup
	7	* man pages rework
	8	* added firejail-login man page
	9	* added GNU Icecat, FileZilla, Pidgin, XChat, Empathy, DeaDBeeF default
	10	profiles
	11	* added an /etc/firejail/disable-common.inc file to hold common directory
	12	blacklists
	13	* blacklist Opera and Chrome/Chromium config directories in profile files
	14	* support noroot option for profile files
	15	* enabled noroot in default profile files
	16	* bugfixes
	17	-- netblue30 <netblue30@yahoo.com> Sat, 1 Aug 2015 08:00:00 -0500
	18
	19	firejail (0.9.26) baseline; urgency=low
	20	* private dev directory
	21	* private.keep option for whitelisting home files in a new private directory
	22	* user namespaces support, noroot option
	23	* added Deluge and qBittorent profiles
	24	* bugfixes
	25	-- netblue30 <netblue30@yahoo.com> Thu, 30 Apr 2015 08:00:00 -0500
	26
	27
	28	firejail (0.9.24) baseline; urgency=low
	29	* whitelist and blacklist seccomp filters
	30	* doubledash option
	31	* --shell=none support
	32	* netfilter file support in profile files
	33	* dns server support in profile files
	34	* added --dns.print option
	35	* added default profiles for Audacious, Clementine, Gnome-MPlayer, Rhythmbox and Totem.
	36	* added --caps.drop=all in default profiles
	37	* new syscalls in default seccomp filter: sysfs, sysctl, adjtimex, kcmp
	38	* clock_adjtime, lookup_dcookie, perf_event_open, fanotify_init
	39	* Bugfix: using /proc/sys/kernel/pid_max for the max number of pids
	40	* two build patches from Reiner Herman (tickets 11, 12)
	41	* man page patch from Reiner Herman (ticket 13)
	42	* output patch (ticket 15) from sshirokov
	43
	44	-- netblue30 <netblue30@yahoo.com> Sun, 5 Apr 2015 08:00:00 -0500
	45
	46	firejail (0.9.22) baseline; urgency=low
	47	* Replaced --noip option with --ip=none
	48	* Container stdout logging and log rotation
	49	* Added process_vm_readv, process_vm_writev and mknod to
	50	* default seccomp blacklist
	51	* Added CAP_MKNOD to default caps blacklist
	52	* Blacklist and whitelist custom Linux capabilities filters
	53	* macvlan device driver support for --net option
	54	* DNS server support, --dns option
	55	* Netfilter support
	56	* Monitor network statistics, --netstats option
	57	* Added profile for Mozilla Thunderbird/Icedove
	58	* - --overlay support for Linux kernels 3.18+
	59	* Bugfix: preserve .Xauthority file in private mode (test with ssh -X)
	60	* Bugfix: check uid/gid for cgroup
	61
	62	-- netblue30 <netblue30@yahoo.com> Mon, 9 Mar 2015 09:00:00 -0500
	63
	64	firejail (0.9.20) baseline; urgency=low
	65	* utmp, btmp and wtmp enhancements
	66	* create empty /var/log/wtmp and /var/log/btmp files in sandbox
	67	* generate a new /var/run/utmp file in sandbox
	68	* CPU affinity, --cpu option
	69	* Linux control groups support, --cgroup option
	70	* Opera web browser support
	71	* VLC support
	72	* Added "empty" attribute to seccomp command to remove the default
	73	* syscall list form seccomp blacklist
	74	* Added --nogroups option to disable supplementary groups for regular
	75	* users. root user always runs without supplementary groups.
	76	* firemon enhancements
	77	* display the command that started the sandbox
	78	* added --caps option to display capabilities for all sandboxes
	79	* added --cgroup option to display the control groups for all sandboxes
	80	* added --cpu option to display CPU affinity for all sandboxes
	81	* added --seccomp option to display seccomp setting for all sandboxes
	82	* New compile time options: --disable-chroot, --disable-bind
	83	* bugfixes
	84
	85	-- netblue30 <netblue30@yahoo.com> Mon, 02 Feb 2015 08:00:00 -0500
	86
	87	firejail (0.9.18) baseline; urgency=low
	88	* Support for tracing system, setuid, setgid, setfsuid, setfsgid syscalls
	89	* Support for tracing setreuid, setregid, setresuid, setresguid syscalls
	90	* Added profiles for transmission-gtk and transmission-qt
	91	* bugfixes
	92
	93	-- netblue30 <netblue30@yahoo.com> Fri, 25 Dec 2014 10:00:00 -0500
	94
	95	firejail (0.9.16) baseline; urgency=low
	96	* Configurable private home directory
	97	* Configurable default user shell
	98	* Software configuration support for --docdir and DESTDIR
	99	* Profile file support for include, caps, seccomp and private keywords
	100	* Dropbox profile file
	101	* Linux capabilities and seccomp filters enabled by default for Firefox,
	102	Midori, Evince and Dropbox
	103	* bugfixes
	104
	105	-- netblue30 <netblue30@yahoo.com> Tue, 4 Nov 2014 10:00:00 -0500
	106
	107	firejail (0.9.14) baseline; urgency=low
	108	* Linux capabilities and seccomp filters are automatically enabled in
	109	chroot mode (--chroot option) if the sandbox is started as regular user
	110	* Added support for user defined seccomp blacklists
	111	* Added syscall trace support
	112	* Added --tmpfs option
	113	* Added --balcklist option
	114	* Added --read-only option
	115	* Added --bind option
	116	* Logging enhancements
	117	* --overlay option was reactivated
	118	* Added firemon support to print the ARP table for each sandbox
	119	* Added firemon support to print the route table for each sandbox
	120	* Added firemon support to print interface information for each sandbox
	121	* bugfixes
	122
	123	-- netblue30 <netblue30@yahoo.com> Tue, 15 Oct 2014 10:00:00 -0500
	124
	125	firejail (0.9.12.2) baseline; urgency=low
	126	* Fix for pulseaudio problems
	127	* --overlay option was temporarily disabled in this build
	128
	129	-- netblue30 <netblue30@yahoo.com> Mon, 29 Sept 2014 07:00:00 -0500
	130
	131	firejail (0.9.12.1) baseline; urgency=low
	132	* Fix for pulseaudio problems
	133	* --overlay option was temporarily disabled in this build
	134
	135	-- netblue30 <netblue30@yahoo.com> Mon, 22 Sept 2014 09:00:00 -0500
	136
	137	firejail (0.9.12) baseline; urgency=low
	138	* Added capabilities support
	139	* Added support for CentOS 7
	140	* bugfixes
	141
	142	-- netblue30 <netblue30@yahoo.com> Mon, 15 Sept 2014 10:00:00 -0500
	143
	144	firejail (0.9.10) baseline; urgency=low
	145	* Disable /proc/kcore, /proc/kallsyms, /dev/port, /boot
	146	* Fixed --top option CPU utilization calculation
	147	* Implemented --tree option in firejail and firemon
	148	* Implemented --join=name option
	149	* Implemented --shutdown option
	150	* Preserve the current working directory if possible
	151	* Cppcheck and clang errors cleanup
	152	* Added a Chromium web browser profile
	153
	154	-- netblue30 <netblue30@yahoo.com> Thu, 28 Aug 2014 07:00:00 -0500
	155
	156	firejail (0.9.8.1) baseline; urgency=low
	157	* FIxed a number of bugs introduced in 0.9.8
	158
	159	-- netblue30 <netblue30@yahoo.com> Fri, 25 Jul 2014 07:25:00 -0500
	160
	161	firejail (0.9.8) baseline; urgency=low
	162	* Implemented nowrap mode for firejail --list command option
	163	* Added --top option in both firejail and firemon
	164	* seccomp filter support
	165	* Added pid support for firemon
	166	* bugfixes
	167
	168	-- netblue30 <netblue30@yahoo.com> Tue, 24 Jul 2014 08:51:00 -0500
	169
	170	firejail (0.9.6) baseline; urgency=low
	171
	172	* Mounting tmpfs on top of /var/log, required by several server programs
	173	* Server fixes for /var/lib and /var/cache
	174	* Private mode fixes
	175	* csh and zsh default shell support
	176	* Chroot mode fixes
	177	* Added support for lighttpd, isc-dhcp-server, apache2, nginx, snmpd,
	178
	179	-- netblue30 <netblue30@yahoo.com> Sat, 7 Jun 2014 09:00:00 -0500
	180
	181	firejail (0.9.4) baseline; urgency=low
	182
	183	* Fixed resolv.conf on Ubuntu systems using DHCP
	184	* Fixed resolv.conf on Debian systems using resolvconf package
	185	* Fixed /var/lock directory
	186	* Fixed /var/tmp directory
	187	* Fixed symbolic links in profile files
	188	* Added profiles for evince, midori
	189
	190	-- netblue30 <netblue30@yahoo.com> Sun, 4 May 2014 08:00:00 -0500
	191
	192	firejail (0.9.2) baseline; urgency=low
	193
	194	* Checking IP address passed with --ip option using ARP; exit if the address
	195	is already present
	196	* Using a lock file during ARP address assignment in order to removed a race
	197	condition.
	198	* Several fixes to --private option; it also mounts a tmpfs filesystem on top
	199	of /tmp
	200	* Added user access check for profile file
	201	* Added --defaultgw option
	202	* Added support of --noip option; it is necessary for DHCP setups
	203	* Added syslog support
	204	* Added support for "tmpfs" and "read-only" profile commands
	205	* Added an expect-based testing framework for the project
	206	* Added bash completion support
	207	* Added support for multiple networks
	208
	209	-- netblue30 <netblue30@yahoo.com> Fri, 25 Apr 2014 08:00:00 -0500
	210
	211	firejail (0.9) baseline; urgency=low
	212
	213	* First beta version
	214
	215	-- netblue30 <netblue30@yahoo.com> Sat, 12 Apr 2014 09:00:00 -0500