RELNOTES update

author: netblue30 <netblue30@yahoo.com> 2017-04-06 08:42:24 -0400
committer: netblue30 <netblue30@yahoo.com> 2017-04-06 08:42:24 -0400
commit: e01768531600e950252f372b85b0b66caf46b8da (patch)
tree: bd3f25548a175dae897cf20b69ab082ec386cd0a /RELNOTES
parent: doc update for merge (diff)
download: firejail-e01768531600e950252f372b85b0b66caf46b8da.tar.gz
firejail-e01768531600e950252f372b85b0b66caf46b8da.tar.zst
firejail-e01768531600e950252f372b85b0b66caf46b8da.zip
1 files changed, 102 insertions, 10 deletions
diff --git a/RELNOTES b/RELNOTES
index 333d6b160..b33184379 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -1,18 +1,8 @@
 firejail (0.9.45) baseline; urgency=low
  * development version, work in progress
-  * Gentoo compile patch
-  * security: --bandwidth root shell found by Martin Carpenter (CVE-2017-5207)
-  * security: disabled --allow-debuggers when running on kernel
-    versions prior to 4.8; a kernel bug in ptrace system call
-    allows a full bypass of seccomp filter; problem reported by Lizzie Dixon
-    (CVE-2017-5206)
-  * security: overwrite /etc/resolv.conf found by Martin Carpenter (CVE-2016-10118)
-  * security: TOCTOU exploit for --get and --put found by Daniel Hodson
-  * security: invalid environment exploit found by Martin Carpenter (CVE-2016-10122)
  * security: split most of networking code in a separate executable
  * security: split seccomp filter code configuration in a separate executable
  * security: split file copying in private option in a separate executable
-  * security: root exploit found by Sebastian Krahmer (CVE-2017-5180)
  * feature: disable gnupg and systemd directories under /run/user
  * feature: test coverage (gcov) support
  * feature: allow root user access to /dev/shm (--noblacklist=/dev/shm)
@@ -46,6 +36,77 @@ firejail (0.9.45) baseline; urgency=low
  * bugfixes
 -- netblue30 <netblue30@yahoo.com>  Sun, 23 Oct 2016 08:00:00 -0500
+firejail (0.9.44.10) baseline; urgency=low
+  * security: when using --x11=xorg and --net, incorrect processing of
+    the return code of /usr/bin/xauth could end up in starting the
+    sandbox without X11 security extension installed. Problem found/fixed
+    by Zack Weinberg
+  * bugfix: ~/.pki directory whitelisted and later blacklisted. This affects 
+    most browsers, and disables the custom certificates installed by the user
+  * bugfix: firecfg config fix
+  * bugfix: gajim security profile fix
+  * bugfix: man page fix
+  * bugfix: force-nonewprivs fix for /etc/firejail/firejail.config
+  * bugfix: xephyr-extra-params fix for /etc/firejail/firejail.config
+  * bugfix: memory corruption in noblacklist processing
+  * bugfix: --quiet fix for Arch and Fedora systems
+  * bugfix: updated Keepass(x) profiles
+  * bugfix: firemon --nowrap problem
+  * bugfix: document firemon --nowrap in man page and in --help option
+  * bugfix: bash completion for --noblacklist command
+  * bugfix: vlc profile fix
+  * bugfix: fixed handling of .local profile files when the software is
+    installed in ~/.local directory
+  * bugfix: temporarily remove private-tmp from all profiles, until a fix for
+    .Xauthority file handling in KDE becomes available
+  * maintenance: --output cleanup
+  * maintenance: updated copyright statement in all files
+ -- netblue30 <netblue30@yahoo.com>  Sat, 18 Mar 2017 10:00:00 -0500
+firejail (0.9.44.8) baseline; urgency=low
+  * bugfix: fix broken PulseAudio support
+ -- netblue30 <netblue30@yahoo.com>  Wed, 18 Jan 2017 10:00:00 -0500
+firejail (0.9.44.6) baseline; urgency=low
+  * security: new fix for CVE-2017-5180 reported by Sebastian Krahmer last week,
+     new CVE code assigned after release: CVE-2017-5940
+  * security: major cleanup of file copying code
+  * security: tightening the rules for --chroot and --overlay features
+  * bugfix: ported Gentoo compile patch
+  * bugfix: Nvidia drivers bug in --private-dev
+  * bugfix: fix ASSERT_PERMS_FD macro
+  * feature: allow local customization using .local files under /etc/firejail
+    backported from our development branch
+  * feature: spoof machine-id backported from our development branch
+ -- netblue30 <netblue30@yahoo.com>  Sun, 15 Jan 2017 10:00:00 -0500
+firejail (0.9.44.4) baseline; urgency=low
+  * security: --bandwidth root shell found by Martin Carpenter (CVE-2017-5207)
+  * security: disabled --allow-debuggers when running on kernel
+    versions prior to 4.8; a kernel bug in ptrace system call
+    allows a full bypass of seccomp filter; problem reported by Lizzie Dixon
+    (CVE-2017-5206)
+  * security: root exploit found by Sebastian Krahmer (CVE-2017-5180)
+ -- netblue30 <netblue30@yahoo.com>  Sat, 7 Jan 2017 10:00:00 -0500
+firejail (0.9.44.2) baseline; urgency=low
+  * security: overwrite /etc/resolv.conf found by Martin Carpenter (CVE-2016-10118)
+  * secuirty: TOCTOU exploit for --get and --put found by Daniel Hodson
+  * security: invalid environment exploit found by Martin Carpenter (CVE-2016-10122)
+  * security: several security enhancements
+  * bugfix: crashing VLC by pressing Ctrl-O
+  * bugfix: use user configured icons in KDE
+  * bugfix: mkdir and mkfile are not applied to private directories
+  * bugfix: cannot open files on Deluge running under KDE
+  * bugfix: --private=dir where dir is the user home directory
+  * bugfix: cannot start Vivaldi browser
+  * bugfix: cannot start mupdf
+  * bugfix: ssh profile problems
+  * bugfix: --quiet
+  * bugfix: quiet in git profile
+  * bugfix: memory corruption
+ -- netblue30 <netblue30@yahoo.com>  Fri, 2 Dec 2016 08:00:00 -0500
 firejail (0.9.44) baseline; urgency=low
  * CVE-2016-9016 submitted by Aleksey Manevich
  * modifs: removed man firejail-config
@@ -154,6 +215,37 @@ firejail (0.9.40) baseline; urgency=low
  * bugfixes
 -- netblue30 <netblue30@yahoo.com>  Sun, 29 May 2016 08:00:00 -0500
+firejail (0.9.38.10) baseline; urgency=low
+  * security: new fix for CVE-2017-5180 reported by Sebastian Krahmer last week
+     new CVE code assigned after release: CVE-2017-5940
+  * security: tightening the rules for --chroot
+  * bugfix: ported Gentoo compile patch
+  * bugfix: fix ASSERT_PERMS_FD macro
+ -- netblue30 <netblue30@yahoo.com>  Sun, 15 Jan 2017 10:00:00 -0500
+firejail (0.9.38.8) baseline; urgency=low
+  * security: root exploit found by Sebastian Krahmer (CVE-2017-5180)
+ -- netblue30 <netblue30@yahoo.com>  Sat, 7 Jan 2017 10:00:00 -0500
+firejail (0.9.38.6) baseline; urgency=low
+  * security: overwrite /etc/resolv.conf found by Martin Carpenter (CVE-2016-10118)
+  * bugfix: crashing VLC by pressing Ctrl-O
+ -- netblue30 <netblue30@yahoo.com>  Fri, 16 Dec 2016 10:00:00 -0500
+firejail (0.9.38.4) baseline; urgency=low
+  * CVE-2016-7545 submitted by Aleksey Manevich
+  * bugfixes 
+ -- netblue30 <netblue30@yahoo.com>  Mon, 10 Oct 2016 10:00:00 -0500
+firejail (0.9.38.2) baseline; urgency=low
+  * security: --whitelist deleted files, submitted by Vasya Novikov
+  * security: disable x32 ABI, submitted by Jann Horn
+  * security: tighten --chroot, submitted by Jann Horn
+  * security: terminal sandbox escape, submitted by Stephan Sokolow
+  * feature: clean local overlay storage directory (--overlay-clean)
+  * bugfixes
+ -- netblue30 <netblue30@yahoo.com>  Tue, 23 Aug 2016 10:00:00 -0500
 firejail (0.9.38) baseline; urgency=low
  * IPv6 support (--ip6 and --netfilter6)
  * --join command enhancement (--join-network, --join-filesystem)
author	netblue30 <netblue30@yahoo.com>	2017-04-06 08:42:24 -0400
committer	netblue30 <netblue30@yahoo.com>	2017-04-06 08:42:24 -0400
commit	e01768531600e950252f372b85b0b66caf46b8da (patch)
tree	bd3f25548a175dae897cf20b69ab082ec386cd0a /RELNOTES
parent	doc update for merge (diff)
download	firejail-e01768531600e950252f372b85b0b66caf46b8da.tar.gz firejail-e01768531600e950252f372b85b0b66caf46b8da.tar.zst firejail-e01768531600e950252f372b85b0b66caf46b8da.zip

diff --git a/RELNOTES b/RELNOTES index 333d6b160..b33184379 100644 --- a/RELNOTES +++ b/RELNOTES
@@ -1,18 +1,8 @@
1	firejail (0.9.45) baseline; urgency=low	1	firejail (0.9.45) baseline; urgency=low
2	* development version, work in progress	2	* development version, work in progress
3	* Gentoo compile patch
4	* security: --bandwidth root shell found by Martin Carpenter (CVE-2017-5207)
5	* security: disabled --allow-debuggers when running on kernel
6	versions prior to 4.8; a kernel bug in ptrace system call
7	allows a full bypass of seccomp filter; problem reported by Lizzie Dixon
8	(CVE-2017-5206)
9	* security: overwrite /etc/resolv.conf found by Martin Carpenter (CVE-2016-10118)
10	* security: TOCTOU exploit for --get and --put found by Daniel Hodson
11	* security: invalid environment exploit found by Martin Carpenter (CVE-2016-10122)
12	* security: split most of networking code in a separate executable	3	* security: split most of networking code in a separate executable
13	* security: split seccomp filter code configuration in a separate executable	4	* security: split seccomp filter code configuration in a separate executable
14	* security: split file copying in private option in a separate executable	5	* security: split file copying in private option in a separate executable
15	* security: root exploit found by Sebastian Krahmer (CVE-2017-5180)
16	* feature: disable gnupg and systemd directories under /run/user	6	* feature: disable gnupg and systemd directories under /run/user
17	* feature: test coverage (gcov) support	7	* feature: test coverage (gcov) support
18	* feature: allow root user access to /dev/shm (--noblacklist=/dev/shm)	8	* feature: allow root user access to /dev/shm (--noblacklist=/dev/shm)
@@ -46,6 +36,77 @@ firejail (0.9.45) baseline; urgency=low
46	* bugfixes	36	* bugfixes
47	-- netblue30 <netblue30@yahoo.com> Sun, 23 Oct 2016 08:00:00 -0500	37	-- netblue30 <netblue30@yahoo.com> Sun, 23 Oct 2016 08:00:00 -0500
48		38
		39	firejail (0.9.44.10) baseline; urgency=low
		40	* security: when using --x11=xorg and --net, incorrect processing of
		41	the return code of /usr/bin/xauth could end up in starting the
		42	sandbox without X11 security extension installed. Problem found/fixed
		43	by Zack Weinberg
		44	* bugfix: ~/.pki directory whitelisted and later blacklisted. This affects
		45	most browsers, and disables the custom certificates installed by the user
		46	* bugfix: firecfg config fix
		47	* bugfix: gajim security profile fix
		48	* bugfix: man page fix
		49	* bugfix: force-nonewprivs fix for /etc/firejail/firejail.config
		50	* bugfix: xephyr-extra-params fix for /etc/firejail/firejail.config
		51	* bugfix: memory corruption in noblacklist processing
		52	* bugfix: --quiet fix for Arch and Fedora systems
		53	* bugfix: updated Keepass(x) profiles
		54	* bugfix: firemon --nowrap problem
		55	* bugfix: document firemon --nowrap in man page and in --help option
		56	* bugfix: bash completion for --noblacklist command
		57	* bugfix: vlc profile fix
		58	* bugfix: fixed handling of .local profile files when the software is
		59	installed in ~/.local directory
		60	* bugfix: temporarily remove private-tmp from all profiles, until a fix for
		61	.Xauthority file handling in KDE becomes available
		62	* maintenance: --output cleanup
		63	* maintenance: updated copyright statement in all files
		64	-- netblue30 <netblue30@yahoo.com> Sat, 18 Mar 2017 10:00:00 -0500
		65
		66	firejail (0.9.44.8) baseline; urgency=low
		67	* bugfix: fix broken PulseAudio support
		68	-- netblue30 <netblue30@yahoo.com> Wed, 18 Jan 2017 10:00:00 -0500
		69
		70	firejail (0.9.44.6) baseline; urgency=low
		71	* security: new fix for CVE-2017-5180 reported by Sebastian Krahmer last week,
		72	new CVE code assigned after release: CVE-2017-5940
		73	* security: major cleanup of file copying code
		74	* security: tightening the rules for --chroot and --overlay features
		75	* bugfix: ported Gentoo compile patch
		76	* bugfix: Nvidia drivers bug in --private-dev
		77	* bugfix: fix ASSERT_PERMS_FD macro
		78	* feature: allow local customization using .local files under /etc/firejail
		79	backported from our development branch
		80	* feature: spoof machine-id backported from our development branch
		81	-- netblue30 <netblue30@yahoo.com> Sun, 15 Jan 2017 10:00:00 -0500
		82
		83	firejail (0.9.44.4) baseline; urgency=low
		84	* security: --bandwidth root shell found by Martin Carpenter (CVE-2017-5207)
		85	* security: disabled --allow-debuggers when running on kernel
		86	versions prior to 4.8; a kernel bug in ptrace system call
		87	allows a full bypass of seccomp filter; problem reported by Lizzie Dixon
		88	(CVE-2017-5206)
		89	* security: root exploit found by Sebastian Krahmer (CVE-2017-5180)
		90	-- netblue30 <netblue30@yahoo.com> Sat, 7 Jan 2017 10:00:00 -0500
		91
		92	firejail (0.9.44.2) baseline; urgency=low
		93	* security: overwrite /etc/resolv.conf found by Martin Carpenter (CVE-2016-10118)
		94	* secuirty: TOCTOU exploit for --get and --put found by Daniel Hodson
		95	* security: invalid environment exploit found by Martin Carpenter (CVE-2016-10122)
		96	* security: several security enhancements
		97	* bugfix: crashing VLC by pressing Ctrl-O
		98	* bugfix: use user configured icons in KDE
		99	* bugfix: mkdir and mkfile are not applied to private directories
		100	* bugfix: cannot open files on Deluge running under KDE
		101	* bugfix: --private=dir where dir is the user home directory
		102	* bugfix: cannot start Vivaldi browser
		103	* bugfix: cannot start mupdf
		104	* bugfix: ssh profile problems
		105	* bugfix: --quiet
		106	* bugfix: quiet in git profile
		107	* bugfix: memory corruption
		108	-- netblue30 <netblue30@yahoo.com> Fri, 2 Dec 2016 08:00:00 -0500
		109
49	firejail (0.9.44) baseline; urgency=low	110	firejail (0.9.44) baseline; urgency=low
50	* CVE-2016-9016 submitted by Aleksey Manevich	111	* CVE-2016-9016 submitted by Aleksey Manevich
51	* modifs: removed man firejail-config	112	* modifs: removed man firejail-config
@@ -154,6 +215,37 @@ firejail (0.9.40) baseline; urgency=low
154	* bugfixes	215	* bugfixes
155	-- netblue30 <netblue30@yahoo.com> Sun, 29 May 2016 08:00:00 -0500	216	-- netblue30 <netblue30@yahoo.com> Sun, 29 May 2016 08:00:00 -0500
156		217
		218	firejail (0.9.38.10) baseline; urgency=low
		219	* security: new fix for CVE-2017-5180 reported by Sebastian Krahmer last week
		220	new CVE code assigned after release: CVE-2017-5940
		221	* security: tightening the rules for --chroot
		222	* bugfix: ported Gentoo compile patch
		223	* bugfix: fix ASSERT_PERMS_FD macro
		224	-- netblue30 <netblue30@yahoo.com> Sun, 15 Jan 2017 10:00:00 -0500
		225
		226	firejail (0.9.38.8) baseline; urgency=low
		227	* security: root exploit found by Sebastian Krahmer (CVE-2017-5180)
		228	-- netblue30 <netblue30@yahoo.com> Sat, 7 Jan 2017 10:00:00 -0500
		229
		230	firejail (0.9.38.6) baseline; urgency=low
		231	* security: overwrite /etc/resolv.conf found by Martin Carpenter (CVE-2016-10118)
		232	* bugfix: crashing VLC by pressing Ctrl-O
		233	-- netblue30 <netblue30@yahoo.com> Fri, 16 Dec 2016 10:00:00 -0500
		234
		235	firejail (0.9.38.4) baseline; urgency=low
		236	* CVE-2016-7545 submitted by Aleksey Manevich
		237	* bugfixes
		238	-- netblue30 <netblue30@yahoo.com> Mon, 10 Oct 2016 10:00:00 -0500
		239
		240	firejail (0.9.38.2) baseline; urgency=low
		241	* security: --whitelist deleted files, submitted by Vasya Novikov
		242	* security: disable x32 ABI, submitted by Jann Horn
		243	* security: tighten --chroot, submitted by Jann Horn
		244	* security: terminal sandbox escape, submitted by Stephan Sokolow
		245	* feature: clean local overlay storage directory (--overlay-clean)
		246	* bugfixes
		247	-- netblue30 <netblue30@yahoo.com> Tue, 23 Aug 2016 10:00:00 -0500
		248
157	firejail (0.9.38) baseline; urgency=low	249	firejail (0.9.38) baseline; urgency=low
158	* IPv6 support (--ip6 and --netfilter6)	250	* IPv6 support (--ip6 and --netfilter6)
159	* --join command enhancement (--join-network, --join-filesystem)	251	* --join command enhancement (--join-network, --join-filesystem)