6 files changed, 33 insertions, 17 deletions

diff --git a/README b/README
index beb296bf1..4940ed167 100644
--- a/README
+++ b/README
@@ -179,6 +179,8 @@ curiosity-seeker (https://github.com/curiosity-seeker)
         - write-protection for thumbnailer dir
         - added gramps, newsboat, freeoffice-planmaker profiles
         - added freeoffice-textmaker, freeoffice-presentations profiles
+        - added cantata profile
+        - updated keypassxc profile
 da2x (https://github.com/da2x)
         - matched RPM license tag
 Daan Bakker (https://github.com/dbakker)
@@ -307,6 +309,8 @@ greigdp (https://github.com/greigdp)
         - fixed spotify profile
         - added Slack profile
         - add Spotify profile
+grizzlyuser (https://github.com/grizzlyuser)
+        - added support for youtube-dl in smplayer profile
 GSI (https://github.com/GSI)
         - added Uzbl browser profile
 hamzadis (https://github.com/hamzadis)
@@ -356,6 +360,7 @@ Jean Lucas (https://github.com/flacks)
         - fix wire profile
         - add Beaker profile
         - fixes for gnome-music
+        - allow reading of system-wide Flatpak locale in gajim profile
 Jericho (https://github.com/attritionorg)
         - spelling
 Jesse Smith (https://github.com/slicer69)
@@ -372,7 +377,7 @@ Jonas Heinrich (https://github.com/onny)
         - added signal-desktop profile
         - fixed franz profile
 Jose Riha (https://github.com/jose1711)
-        - added meteo-qt profile
+        - added meteo-qt profile
 jrabe (https://github.com/jrabe)
         - disallow access to kdbx files
         - Epiphany profile
@@ -521,6 +526,7 @@ pwnage-pineapple (https://github.com/pwnage-pineapple)
 Quentin Minster (https://github.com/laomaiweng)
         - propagate --quiet to children Firejail'ed processes
         - nodbus enhancements/bugfixes
+        - added vim syntax and ftdetect files
 Rafael Cavalcanti (https://github.com/rccavalcanti)
         - chromium profile fixes for Arch Linux
 Rahiel Kasim (https://github.com/rahiel)
@@ -761,6 +767,8 @@ veloute (https://github.com/veloute)
         - add anki profile
 Vincent43 (https://github.com/Vincent43)
         - apparmor enhancements
+Vincent Blillault (https://github.com/Feandil)
+        - fix mumble profile
 vismir2 (https://github.com/vismir2)
         - feh, ranger, 7z, keepass, keepassx and zathura profiles
         - claws-mail, mutt, git, emacs, vim profiles
diff --git a/RELNOTES b/RELNOTES
index 9d9400a90..06b106c22 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -1,4 +1,14 @@
-firejail (0.9.60~rc2) baseline; urgency=low
+firejail (0.9.60) baseline; urgency=low
+  * security bug reported by Austin Morton:
+    Seccomp filters are copied into /run/firejail/mnt, and are writable
+    within the jail. A malicious process can modify files from inside the
+    jail. Processes that are later joined to the jail will not have seccomp
+    filters applied.
+  * memory-deny-write-execute now also blocks memfd_create
+  * add private-cwd option to control working directory within jail
+  * blocking system D-Bus socket with --nodbus
+  * bringing back Centos 6 support
+  * drop support for flatpak/snap packages
   * new profiles: crow, nyx, mypaint, celluoid, nano, transgui, mpdris2
   * new profiles: sysprof, simplescreenrecorder, geekbench, xfce4-mixer
   * new profiles: pavucontrol, d-feet, seahorse, secret-tool, gnome-keyring
@@ -16,9 +26,7 @@ firejail (0.9.60~rc2) baseline; urgency=low
   * new profiles: autokey-gtk, autokey-qt, autokey-run, autokey-shell
   * new profiles: freeoffice-presentations, freeoffice-textmaker, mp3wrap
   * new profiles: inkview, meteo-qt, mp3splt-gtk, ktouch, yelp
-  * memory-deny-write-execute now also blocks memfd_create
-  * drop support for flatpak/snap packages
- -- netblue30 <netblue30@yahoo.com>  Sun, 21 Apr 2019 08:00:00 -0500
+ -- netblue30 <netblue30@yahoo.com>  Sun, 26 May 2019 08:00:00 -0500
 
 firejail (0.9.58,2) baseline; urgency=low
   * cgroup flag in /etc/firejail/firejail.config file
diff --git a/configure b/configure
index 0eece5428..140872a29 100755
--- a/configure
+++ b/configure
@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for firejail 0.9.60~rc2.
+# Generated by GNU Autoconf 2.69 for firejail 0.9.60.
 #
 # Report bugs to <netblue30@yahoo.com>.
 #
@@ -580,8 +580,8 @@ MAKEFLAGS=
 # Identity of this package.
 PACKAGE_NAME='firejail'
 PACKAGE_TARNAME='firejail'
-PACKAGE_VERSION='0.9.60~rc2'
-PACKAGE_STRING='firejail 0.9.60~rc2'
+PACKAGE_VERSION='0.9.60'
+PACKAGE_STRING='firejail 0.9.60'
 PACKAGE_BUGREPORT='netblue30@yahoo.com'
 PACKAGE_URL='https://firejail.wordpress.com'
 
@@ -1275,7 +1275,7 @@ if test "$ac_init_help" = "long"; then
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures firejail 0.9.60~rc2 to adapt to many kinds of systems.
+\`configure' configures firejail 0.9.60 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1337,7 +1337,7 @@ fi
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of firejail 0.9.60~rc2:";;
+     short | recursive ) echo "Configuration of firejail 0.9.60:";;
    esac
   cat <<\_ACEOF
 
@@ -1442,7 +1442,7 @@ fi
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-firejail configure 0.9.60~rc2
+firejail configure 0.9.60
 generated by GNU Autoconf 2.69
 
 Copyright (C) 2012 Free Software Foundation, Inc.
@@ -1744,7 +1744,7 @@ cat >config.log <<_ACEOF
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by firejail $as_me 0.9.60~rc2, which was
+It was created by firejail $as_me 0.9.60, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   $ $0 $@
@@ -4379,7 +4379,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by firejail $as_me 0.9.60~rc2, which was
+This file was extended by firejail $as_me 0.9.60, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -4433,7 +4433,7 @@ _ACEOF
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
 ac_cs_version="\\
-firejail config.status 0.9.60~rc2
+firejail config.status 0.9.60
 configured by $0, generated by GNU Autoconf 2.69,
   with options \\"\$ac_cs_config\\"
 
diff --git a/configure.ac b/configure.ac
index 4d0b847f5..60c9dae9c 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,5 +1,5 @@
 AC_PREREQ([2.68])
-AC_INIT(firejail, 0.9.60~rc2, netblue30@yahoo.com, , https://firejail.wordpress.com)
+AC_INIT(firejail, 0.9.60, netblue30@yahoo.com, , https://firejail.wordpress.com)
 AC_CONFIG_SRCDIR([src/firejail/main.c])
 #AC_CONFIG_HEADERS([config.h])
 
diff --git a/etc/orage.profile b/etc/orage.profile
index 2c55ab909..4e12892d6 100644
--- a/etc/orage.profile
+++ b/etc/orage.profile
@@ -24,7 +24,7 @@ nodvd
 nogroups
 nonewprivs
 noroot
-nosound
+# nosound - calendar application, It must be able to play sound to wake you up.
 notv
 nou2f
 novideo
diff --git a/test/private-lib/private-lib.sh b/test/private-lib/private-lib.sh
index 5e9d75379..79913fed6 100755
--- a/test/private-lib/private-lib.sh
+++ b/test/private-lib/private-lib.sh
@@ -5,7 +5,7 @@
 
 export MALLOC_CHECK_=3g
 export MALLOC_PERTURB_=$(($RANDOM % 255 + 1))
-LIST="gnome-logs gnome-system-log gnome-nettool pavucontrol dig whois evince galculator gnome-calculator gedit leafpad mousepad pluma transmission-gtk xcalc atril gpicview eom eog"
+LIST="gnome-logs gnome-system-log gnome-nettool pavucontrol dig evince whois galculator gnome-calculator gedit leafpad mousepad pluma transmission-gtk xcalc atril gpicview eom eog"
 
 
 for app in $LIST; do