diff options
-rw-r--r-- | .github/workflows/build-extra.yml | 8 | ||||
-rw-r--r-- | .github/workflows/build.yml | 2 | ||||
-rw-r--r-- | .github/workflows/codeql-analysis.yml | 8 | ||||
-rw-r--r-- | .github/workflows/profile-checks.yml | 2 | ||||
-rw-r--r-- | RELNOTES | 2 |
5 files changed, 11 insertions, 11 deletions
diff --git a/.github/workflows/build-extra.yml b/.github/workflows/build-extra.yml index a7b7c8a3e..1ed662352 100644 --- a/.github/workflows/build-extra.yml +++ b/.github/workflows/build-extra.yml | |||
@@ -54,7 +54,7 @@ jobs: | |||
54 | runs-on: ubuntu-22.04 | 54 | runs-on: ubuntu-22.04 |
55 | steps: | 55 | steps: |
56 | - name: Harden Runner | 56 | - name: Harden Runner |
57 | uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 | 57 | uses: step-security/harden-runner@c8454efe5d0bdefd25384362fe217428ca277d57 |
58 | with: | 58 | with: |
59 | egress-policy: block | 59 | egress-policy: block |
60 | allowed-endpoints: > | 60 | allowed-endpoints: > |
@@ -75,7 +75,7 @@ jobs: | |||
75 | runs-on: ubuntu-22.04 | 75 | runs-on: ubuntu-22.04 |
76 | steps: | 76 | steps: |
77 | - name: Harden Runner | 77 | - name: Harden Runner |
78 | uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 | 78 | uses: step-security/harden-runner@c8454efe5d0bdefd25384362fe217428ca277d57 |
79 | with: | 79 | with: |
80 | egress-policy: block | 80 | egress-policy: block |
81 | allowed-endpoints: > | 81 | allowed-endpoints: > |
@@ -92,7 +92,7 @@ jobs: | |||
92 | runs-on: ubuntu-22.04 | 92 | runs-on: ubuntu-22.04 |
93 | steps: | 93 | steps: |
94 | - name: Harden Runner | 94 | - name: Harden Runner |
95 | uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 | 95 | uses: step-security/harden-runner@c8454efe5d0bdefd25384362fe217428ca277d57 |
96 | with: | 96 | with: |
97 | egress-policy: block | 97 | egress-policy: block |
98 | allowed-endpoints: > | 98 | allowed-endpoints: > |
@@ -109,7 +109,7 @@ jobs: | |||
109 | runs-on: ubuntu-20.04 | 109 | runs-on: ubuntu-20.04 |
110 | steps: | 110 | steps: |
111 | - name: Harden Runner | 111 | - name: Harden Runner |
112 | uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 | 112 | uses: step-security/harden-runner@c8454efe5d0bdefd25384362fe217428ca277d57 |
113 | with: | 113 | with: |
114 | egress-policy: block | 114 | egress-policy: block |
115 | allowed-endpoints: > | 115 | allowed-endpoints: > |
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index f1167b78b..5135dd193 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml | |||
@@ -44,7 +44,7 @@ jobs: | |||
44 | runs-on: ubuntu-22.04 | 44 | runs-on: ubuntu-22.04 |
45 | steps: | 45 | steps: |
46 | - name: Harden Runner | 46 | - name: Harden Runner |
47 | uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 | 47 | uses: step-security/harden-runner@c8454efe5d0bdefd25384362fe217428ca277d57 |
48 | with: | 48 | with: |
49 | egress-policy: block | 49 | egress-policy: block |
50 | allowed-endpoints: > | 50 | allowed-endpoints: > |
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index c232f59d9..edf8dad19 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml | |||
@@ -74,7 +74,7 @@ jobs: | |||
74 | 74 | ||
75 | steps: | 75 | steps: |
76 | - name: Harden Runner | 76 | - name: Harden Runner |
77 | uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 | 77 | uses: step-security/harden-runner@c8454efe5d0bdefd25384362fe217428ca277d57 |
78 | with: | 78 | with: |
79 | disable-sudo: true | 79 | disable-sudo: true |
80 | egress-policy: block | 80 | egress-policy: block |
@@ -88,7 +88,7 @@ jobs: | |||
88 | 88 | ||
89 | # Initializes the CodeQL tools for scanning. | 89 | # Initializes the CodeQL tools for scanning. |
90 | - name: Initialize CodeQL | 90 | - name: Initialize CodeQL |
91 | uses: github/codeql-action/init@17573ee1cc1b9d061760f3a006fc4aac4f944fd5 | 91 | uses: github/codeql-action/init@32dc499307d133bb5085bae78498c0ac2cf762d5 |
92 | with: | 92 | with: |
93 | languages: ${{ matrix.language }} | 93 | languages: ${{ matrix.language }} |
94 | # If you wish to specify custom queries, you can do so here or in a config file. | 94 | # If you wish to specify custom queries, you can do so here or in a config file. |
@@ -99,7 +99,7 @@ jobs: | |||
99 | # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). | 99 | # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). |
100 | # If this step fails, then you should remove it and run the build manually (see below) | 100 | # If this step fails, then you should remove it and run the build manually (see below) |
101 | - name: Autobuild | 101 | - name: Autobuild |
102 | uses: github/codeql-action/autobuild@17573ee1cc1b9d061760f3a006fc4aac4f944fd5 | 102 | uses: github/codeql-action/autobuild@32dc499307d133bb5085bae78498c0ac2cf762d5 |
103 | 103 | ||
104 | # âšī¸ Command-line programs to run using the OS shell. | 104 | # âšī¸ Command-line programs to run using the OS shell. |
105 | # đ https://git.io/JvXDl | 105 | # đ https://git.io/JvXDl |
@@ -113,4 +113,4 @@ jobs: | |||
113 | # make release | 113 | # make release |
114 | 114 | ||
115 | - name: Perform CodeQL Analysis | 115 | - name: Perform CodeQL Analysis |
116 | uses: github/codeql-action/analyze@17573ee1cc1b9d061760f3a006fc4aac4f944fd5 | 116 | uses: github/codeql-action/analyze@32dc499307d133bb5085bae78498c0ac2cf762d5 |
diff --git a/.github/workflows/profile-checks.yml b/.github/workflows/profile-checks.yml index ad4f86b53..97e5378fd 100644 --- a/.github/workflows/profile-checks.yml +++ b/.github/workflows/profile-checks.yml | |||
@@ -26,7 +26,7 @@ jobs: | |||
26 | runs-on: ubuntu-latest | 26 | runs-on: ubuntu-latest |
27 | steps: | 27 | steps: |
28 | - name: Harden Runner | 28 | - name: Harden Runner |
29 | uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 | 29 | uses: step-security/harden-runner@c8454efe5d0bdefd25384362fe217428ca277d57 |
30 | with: | 30 | with: |
31 | disable-sudo: true | 31 | disable-sudo: true |
32 | egress-policy: block | 32 | egress-policy: block |
@@ -322,7 +322,7 @@ firejail (0.9.62) baseline; urgency=low | |||
322 | * compiler flags autodetection | 322 | * compiler flags autodetection |
323 | * move chroot entirely from path based to file descriptor based mounts | 323 | * move chroot entirely from path based to file descriptor based mounts |
324 | * whitelisting /usr/share in a large number of profiles | 324 | * whitelisting /usr/share in a large number of profiles |
325 | * new scripts in conrib: gdb-firejail.sh and sort.py | 325 | * new scripts in contrib: gdb-firejail.sh and sort.py |
326 | * enhancement: whitelist /usr/share in some profiles | 326 | * enhancement: whitelist /usr/share in some profiles |
327 | * added signal mediation ot apparmor profile | 327 | * added signal mediation ot apparmor profile |
328 | * new conditions: HAS_X11, HAS_NET | 328 | * new conditions: HAS_X11, HAS_NET |