diff options
-rw-r--r-- | RELNOTES | 7 | ||||
-rwxr-xr-x | configure | 18 | ||||
-rw-r--r-- | configure.ac | 2 | ||||
-rw-r--r-- | src/firejail/main.c | 1 | ||||
-rw-r--r-- | src/man/firejail-login.txt | 4 |
5 files changed, 18 insertions, 14 deletions
@@ -1,6 +1,5 @@ | |||
1 | firejail (0.9.44~rc1) baseline; urgency=low | 1 | firejail (0.9.44) baseline; urgency=low |
2 | * CVE-2016-7545 submitted by Aleksey Manevich | 2 | * CVE-2016-7545 submitted by Aleksey Manevich |
3 | * development version | ||
4 | * modifs: removed man firejail-config | 3 | * modifs: removed man firejail-config |
5 | * modifs: --private-tmp whitelists /tmp/.X11-unix directory | 4 | * modifs: --private-tmp whitelists /tmp/.X11-unix directory |
6 | * modifs: Nvidia drivers added to --private-dev | 5 | * modifs: Nvidia drivers added to --private-dev |
@@ -18,12 +17,14 @@ firejail (0.9.44~rc1) baseline; urgency=low | |||
18 | * feature: disable 3D hardware acceleration (--no3d) | 17 | * feature: disable 3D hardware acceleration (--no3d) |
19 | * feature: x11 xpra, x11 xephyr, x11 block, allusers, no3d profile commands | 18 | * feature: x11 xpra, x11 xephyr, x11 block, allusers, no3d profile commands |
20 | * feature: move files in sandbox (--put) | 19 | * feature: move files in sandbox (--put) |
20 | * feature: accept wildcard patterns in user name field of restricted | ||
21 | shell login feature | ||
21 | * new profiles: qpdfview, mupdf, Luminance HDR, Synfig Studio, Gimp, Inkscape | 22 | * new profiles: qpdfview, mupdf, Luminance HDR, Synfig Studio, Gimp, Inkscape |
22 | * new profiles: feh, ranger, zathura, 7z, keepass, keepassx, | 23 | * new profiles: feh, ranger, zathura, 7z, keepass, keepassx, |
23 | * new profiles: claws-mail, mutt, git, emacs, vim, xpdf, VirtualBox, OpenShot | 24 | * new profiles: claws-mail, mutt, git, emacs, vim, xpdf, VirtualBox, OpenShot |
24 | * new profiles: Flowblade, Eye of GNOME (eog), Evolution | 25 | * new profiles: Flowblade, Eye of GNOME (eog), Evolution |
25 | * bugfixes | 26 | * bugfixes |
26 | -- netblue30 <netblue30@yahoo.com> Sat, 15 Sept 2016 08:00:00 -0500 | 27 | -- netblue30 <netblue30@yahoo.com> Fri, 21 Oct 2016 08:00:00 -0500 |
27 | 28 | ||
28 | firejail (0.9.42) baseline; urgency=low | 29 | firejail (0.9.42) baseline; urgency=low |
29 | * security: --whitelist deleted files, submitted by Vasya Novikov | 30 | * security: --whitelist deleted files, submitted by Vasya Novikov |
@@ -1,6 +1,6 @@ | |||
1 | #! /bin/sh | 1 | #! /bin/sh |
2 | # Guess values for system-dependent variables and create Makefiles. | 2 | # Guess values for system-dependent variables and create Makefiles. |
3 | # Generated by GNU Autoconf 2.69 for firejail 0.9.44~rc2. | 3 | # Generated by GNU Autoconf 2.69 for firejail 0.9.44. |
4 | # | 4 | # |
5 | # Report bugs to <netblue30@yahoo.com>. | 5 | # Report bugs to <netblue30@yahoo.com>. |
6 | # | 6 | # |
@@ -580,8 +580,8 @@ MAKEFLAGS= | |||
580 | # Identity of this package. | 580 | # Identity of this package. |
581 | PACKAGE_NAME='firejail' | 581 | PACKAGE_NAME='firejail' |
582 | PACKAGE_TARNAME='firejail' | 582 | PACKAGE_TARNAME='firejail' |
583 | PACKAGE_VERSION='0.9.44~rc2' | 583 | PACKAGE_VERSION='0.9.44' |
584 | PACKAGE_STRING='firejail 0.9.44~rc2' | 584 | PACKAGE_STRING='firejail 0.9.44' |
585 | PACKAGE_BUGREPORT='netblue30@yahoo.com' | 585 | PACKAGE_BUGREPORT='netblue30@yahoo.com' |
586 | PACKAGE_URL='http://firejail.wordpress.com' | 586 | PACKAGE_URL='http://firejail.wordpress.com' |
587 | 587 | ||
@@ -1259,7 +1259,7 @@ if test "$ac_init_help" = "long"; then | |||
1259 | # Omit some internal or obsolete options to make the list less imposing. | 1259 | # Omit some internal or obsolete options to make the list less imposing. |
1260 | # This message is too long to be a string in the A/UX 3.1 sh. | 1260 | # This message is too long to be a string in the A/UX 3.1 sh. |
1261 | cat <<_ACEOF | 1261 | cat <<_ACEOF |
1262 | \`configure' configures firejail 0.9.44~rc2 to adapt to many kinds of systems. | 1262 | \`configure' configures firejail 0.9.44 to adapt to many kinds of systems. |
1263 | 1263 | ||
1264 | Usage: $0 [OPTION]... [VAR=VALUE]... | 1264 | Usage: $0 [OPTION]... [VAR=VALUE]... |
1265 | 1265 | ||
@@ -1320,7 +1320,7 @@ fi | |||
1320 | 1320 | ||
1321 | if test -n "$ac_init_help"; then | 1321 | if test -n "$ac_init_help"; then |
1322 | case $ac_init_help in | 1322 | case $ac_init_help in |
1323 | short | recursive ) echo "Configuration of firejail 0.9.44~rc2:";; | 1323 | short | recursive ) echo "Configuration of firejail 0.9.44:";; |
1324 | esac | 1324 | esac |
1325 | cat <<\_ACEOF | 1325 | cat <<\_ACEOF |
1326 | 1326 | ||
@@ -1424,7 +1424,7 @@ fi | |||
1424 | test -n "$ac_init_help" && exit $ac_status | 1424 | test -n "$ac_init_help" && exit $ac_status |
1425 | if $ac_init_version; then | 1425 | if $ac_init_version; then |
1426 | cat <<\_ACEOF | 1426 | cat <<\_ACEOF |
1427 | firejail configure 0.9.44~rc2 | 1427 | firejail configure 0.9.44 |
1428 | generated by GNU Autoconf 2.69 | 1428 | generated by GNU Autoconf 2.69 |
1429 | 1429 | ||
1430 | Copyright (C) 2012 Free Software Foundation, Inc. | 1430 | Copyright (C) 2012 Free Software Foundation, Inc. |
@@ -1726,7 +1726,7 @@ cat >config.log <<_ACEOF | |||
1726 | This file contains any messages produced by compilers while | 1726 | This file contains any messages produced by compilers while |
1727 | running configure, to aid debugging if configure makes a mistake. | 1727 | running configure, to aid debugging if configure makes a mistake. |
1728 | 1728 | ||
1729 | It was created by firejail $as_me 0.9.44~rc2, which was | 1729 | It was created by firejail $as_me 0.9.44, which was |
1730 | generated by GNU Autoconf 2.69. Invocation command line was | 1730 | generated by GNU Autoconf 2.69. Invocation command line was |
1731 | 1731 | ||
1732 | $ $0 $@ | 1732 | $ $0 $@ |
@@ -4303,7 +4303,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 | |||
4303 | # report actual input values of CONFIG_FILES etc. instead of their | 4303 | # report actual input values of CONFIG_FILES etc. instead of their |
4304 | # values after options handling. | 4304 | # values after options handling. |
4305 | ac_log=" | 4305 | ac_log=" |
4306 | This file was extended by firejail $as_me 0.9.44~rc2, which was | 4306 | This file was extended by firejail $as_me 0.9.44, which was |
4307 | generated by GNU Autoconf 2.69. Invocation command line was | 4307 | generated by GNU Autoconf 2.69. Invocation command line was |
4308 | 4308 | ||
4309 | CONFIG_FILES = $CONFIG_FILES | 4309 | CONFIG_FILES = $CONFIG_FILES |
@@ -4357,7 +4357,7 @@ _ACEOF | |||
4357 | cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 | 4357 | cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 |
4358 | ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" | 4358 | ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" |
4359 | ac_cs_version="\\ | 4359 | ac_cs_version="\\ |
4360 | firejail config.status 0.9.44~rc2 | 4360 | firejail config.status 0.9.44 |
4361 | configured by $0, generated by GNU Autoconf 2.69, | 4361 | configured by $0, generated by GNU Autoconf 2.69, |
4362 | with options \\"\$ac_cs_config\\" | 4362 | with options \\"\$ac_cs_config\\" |
4363 | 4363 | ||
diff --git a/configure.ac b/configure.ac index 4496550fd..da4b31591 100644 --- a/configure.ac +++ b/configure.ac | |||
@@ -1,5 +1,5 @@ | |||
1 | AC_PREREQ([2.68]) | 1 | AC_PREREQ([2.68]) |
2 | AC_INIT(firejail, 0.9.44~rc2, netblue30@yahoo.com, , http://firejail.wordpress.com) | 2 | AC_INIT(firejail, 0.9.44, netblue30@yahoo.com, , http://firejail.wordpress.com) |
3 | AC_CONFIG_SRCDIR([src/firejail/main.c]) | 3 | AC_CONFIG_SRCDIR([src/firejail/main.c]) |
4 | #AC_CONFIG_HEADERS([config.h]) | 4 | #AC_CONFIG_HEADERS([config.h]) |
5 | 5 | ||
diff --git a/src/firejail/main.c b/src/firejail/main.c index 0872a11bb..b5a97c71e 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -2579,7 +2579,6 @@ int main(int argc, char **argv) { | |||
2579 | g = get_group_id("games"); | 2579 | g = get_group_id("games"); |
2580 | if (g) { | 2580 | if (g) { |
2581 | sprintf(ptr, "%d %d 1\n", g, g); | 2581 | sprintf(ptr, "%d %d 1\n", g, g); |
2582 | ptr += strlen(ptr); | ||
2583 | } | 2582 | } |
2584 | 2583 | ||
2585 | EUID_ROOT(); | 2584 | EUID_ROOT(); |
diff --git a/src/man/firejail-login.txt b/src/man/firejail-login.txt index 691217253..796179d0b 100644 --- a/src/man/firejail-login.txt +++ b/src/man/firejail-login.txt | |||
@@ -13,6 +13,10 @@ Example: | |||
13 | 13 | ||
14 | netblue:--net=none --protocol=unix | 14 | netblue:--net=none --protocol=unix |
15 | 15 | ||
16 | Wildcard patterns are accepted in the user name field: | ||
17 | |||
18 | user*: --private | ||
19 | |||
16 | .SH RESTRICTED SHELL | 20 | .SH RESTRICTED SHELL |
17 | To configure a restricted shell, replace /bin/bash with /usr/bin/firejail in | 21 | To configure a restricted shell, replace /bin/bash with /usr/bin/firejail in |
18 | /etc/passwd file for each user that needs to be restricted. Alternatively, | 22 | /etc/passwd file for each user that needs to be restricted. Alternatively, |