diff options
| -rw-r--r-- | .github/workflows/build-extra.yml | 8 | ||||
| -rw-r--r-- | .github/workflows/build.yml | 2 | ||||
| -rw-r--r-- | .github/workflows/codeql-analysis.yml | 8 | ||||
| -rw-r--r-- | .github/workflows/profile-checks.yml | 2 | ||||
| -rw-r--r-- | RELNOTES | 2 |
5 files changed, 11 insertions, 11 deletions
diff --git a/.github/workflows/build-extra.yml b/.github/workflows/build-extra.yml index a7b7c8a3e..1ed662352 100644 --- a/.github/workflows/build-extra.yml +++ b/.github/workflows/build-extra.yml | |||
| @@ -54,7 +54,7 @@ jobs: | |||
| 54 | runs-on: ubuntu-22.04 | 54 | runs-on: ubuntu-22.04 |
| 55 | steps: | 55 | steps: |
| 56 | - name: Harden Runner | 56 | - name: Harden Runner |
| 57 | uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 | 57 | uses: step-security/harden-runner@c8454efe5d0bdefd25384362fe217428ca277d57 |
| 58 | with: | 58 | with: |
| 59 | egress-policy: block | 59 | egress-policy: block |
| 60 | allowed-endpoints: > | 60 | allowed-endpoints: > |
| @@ -75,7 +75,7 @@ jobs: | |||
| 75 | runs-on: ubuntu-22.04 | 75 | runs-on: ubuntu-22.04 |
| 76 | steps: | 76 | steps: |
| 77 | - name: Harden Runner | 77 | - name: Harden Runner |
| 78 | uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 | 78 | uses: step-security/harden-runner@c8454efe5d0bdefd25384362fe217428ca277d57 |
| 79 | with: | 79 | with: |
| 80 | egress-policy: block | 80 | egress-policy: block |
| 81 | allowed-endpoints: > | 81 | allowed-endpoints: > |
| @@ -92,7 +92,7 @@ jobs: | |||
| 92 | runs-on: ubuntu-22.04 | 92 | runs-on: ubuntu-22.04 |
| 93 | steps: | 93 | steps: |
| 94 | - name: Harden Runner | 94 | - name: Harden Runner |
| 95 | uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 | 95 | uses: step-security/harden-runner@c8454efe5d0bdefd25384362fe217428ca277d57 |
| 96 | with: | 96 | with: |
| 97 | egress-policy: block | 97 | egress-policy: block |
| 98 | allowed-endpoints: > | 98 | allowed-endpoints: > |
| @@ -109,7 +109,7 @@ jobs: | |||
| 109 | runs-on: ubuntu-20.04 | 109 | runs-on: ubuntu-20.04 |
| 110 | steps: | 110 | steps: |
| 111 | - name: Harden Runner | 111 | - name: Harden Runner |
| 112 | uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 | 112 | uses: step-security/harden-runner@c8454efe5d0bdefd25384362fe217428ca277d57 |
| 113 | with: | 113 | with: |
| 114 | egress-policy: block | 114 | egress-policy: block |
| 115 | allowed-endpoints: > | 115 | allowed-endpoints: > |
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index f1167b78b..5135dd193 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml | |||
| @@ -44,7 +44,7 @@ jobs: | |||
| 44 | runs-on: ubuntu-22.04 | 44 | runs-on: ubuntu-22.04 |
| 45 | steps: | 45 | steps: |
| 46 | - name: Harden Runner | 46 | - name: Harden Runner |
| 47 | uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 | 47 | uses: step-security/harden-runner@c8454efe5d0bdefd25384362fe217428ca277d57 |
| 48 | with: | 48 | with: |
| 49 | egress-policy: block | 49 | egress-policy: block |
| 50 | allowed-endpoints: > | 50 | allowed-endpoints: > |
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index c232f59d9..edf8dad19 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml | |||
| @@ -74,7 +74,7 @@ jobs: | |||
| 74 | 74 | ||
| 75 | steps: | 75 | steps: |
| 76 | - name: Harden Runner | 76 | - name: Harden Runner |
| 77 | uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 | 77 | uses: step-security/harden-runner@c8454efe5d0bdefd25384362fe217428ca277d57 |
| 78 | with: | 78 | with: |
| 79 | disable-sudo: true | 79 | disable-sudo: true |
| 80 | egress-policy: block | 80 | egress-policy: block |
| @@ -88,7 +88,7 @@ jobs: | |||
| 88 | 88 | ||
| 89 | # Initializes the CodeQL tools for scanning. | 89 | # Initializes the CodeQL tools for scanning. |
| 90 | - name: Initialize CodeQL | 90 | - name: Initialize CodeQL |
| 91 | uses: github/codeql-action/init@17573ee1cc1b9d061760f3a006fc4aac4f944fd5 | 91 | uses: github/codeql-action/init@32dc499307d133bb5085bae78498c0ac2cf762d5 |
| 92 | with: | 92 | with: |
| 93 | languages: ${{ matrix.language }} | 93 | languages: ${{ matrix.language }} |
| 94 | # If you wish to specify custom queries, you can do so here or in a config file. | 94 | # If you wish to specify custom queries, you can do so here or in a config file. |
| @@ -99,7 +99,7 @@ jobs: | |||
| 99 | # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). | 99 | # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). |
| 100 | # If this step fails, then you should remove it and run the build manually (see below) | 100 | # If this step fails, then you should remove it and run the build manually (see below) |
| 101 | - name: Autobuild | 101 | - name: Autobuild |
| 102 | uses: github/codeql-action/autobuild@17573ee1cc1b9d061760f3a006fc4aac4f944fd5 | 102 | uses: github/codeql-action/autobuild@32dc499307d133bb5085bae78498c0ac2cf762d5 |
| 103 | 103 | ||
| 104 | # âšī¸ Command-line programs to run using the OS shell. | 104 | # âšī¸ Command-line programs to run using the OS shell. |
| 105 | # đ https://git.io/JvXDl | 105 | # đ https://git.io/JvXDl |
| @@ -113,4 +113,4 @@ jobs: | |||
| 113 | # make release | 113 | # make release |
| 114 | 114 | ||
| 115 | - name: Perform CodeQL Analysis | 115 | - name: Perform CodeQL Analysis |
| 116 | uses: github/codeql-action/analyze@17573ee1cc1b9d061760f3a006fc4aac4f944fd5 | 116 | uses: github/codeql-action/analyze@32dc499307d133bb5085bae78498c0ac2cf762d5 |
diff --git a/.github/workflows/profile-checks.yml b/.github/workflows/profile-checks.yml index ad4f86b53..97e5378fd 100644 --- a/.github/workflows/profile-checks.yml +++ b/.github/workflows/profile-checks.yml | |||
| @@ -26,7 +26,7 @@ jobs: | |||
| 26 | runs-on: ubuntu-latest | 26 | runs-on: ubuntu-latest |
| 27 | steps: | 27 | steps: |
| 28 | - name: Harden Runner | 28 | - name: Harden Runner |
| 29 | uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 | 29 | uses: step-security/harden-runner@c8454efe5d0bdefd25384362fe217428ca277d57 |
| 30 | with: | 30 | with: |
| 31 | disable-sudo: true | 31 | disable-sudo: true |
| 32 | egress-policy: block | 32 | egress-policy: block |
| @@ -322,7 +322,7 @@ firejail (0.9.62) baseline; urgency=low | |||
| 322 | * compiler flags autodetection | 322 | * compiler flags autodetection |
| 323 | * move chroot entirely from path based to file descriptor based mounts | 323 | * move chroot entirely from path based to file descriptor based mounts |
| 324 | * whitelisting /usr/share in a large number of profiles | 324 | * whitelisting /usr/share in a large number of profiles |
| 325 | * new scripts in conrib: gdb-firejail.sh and sort.py | 325 | * new scripts in contrib: gdb-firejail.sh and sort.py |
| 326 | * enhancement: whitelist /usr/share in some profiles | 326 | * enhancement: whitelist /usr/share in some profiles |
| 327 | * added signal mediation ot apparmor profile | 327 | * added signal mediation ot apparmor profile |
| 328 | * new conditions: HAS_X11, HAS_NET | 328 | * new conditions: HAS_X11, HAS_NET |