1 files changed, 100 insertions, 4 deletions
diff --git a/RELNOTES b/RELNOTES
index fbd620408..e726674ec 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -1,12 +1,102 @@
-firejail (0.9.40-rc1) baseline; urgency=low
+firejail (0.9.45) baseline; urgency=low
+  * development version, work in progress
+  * security: overwrite /etc/resolv.conf found by Martin Carpenter
+  * secuirty: TOCTOU exploit for --get and --put found by Daniel Hodson
+  * security: invalid environment exploit found by Martin Carpenter
+  * security: split most of networking code in a separate executable
+  * security: split seccomp filter code configuration in a separate executable
+  * feature: allow root user access to /dev/shm (--noblacklist=/dev/shm)
+  * new profiles: xiphos, Tor Browser Bundle, display (imagemagik), Wire,
+  * new profiles: mumble, zoom, Guayadeque
+  * bugfixes
+ -- netblue30 <netblue30@yahoo.com>  Sun, 23 Oct 2016 08:00:00 -0500
+firejail (0.9.44) baseline; urgency=low
+  * CVE-2016-7545 submitted by Aleksey Manevich
+  * modifs: removed man firejail-config
+  * modifs: --private-tmp whitelists /tmp/.X11-unix directory
+  * modifs: Nvidia drivers added to --private-dev
+  * modifs: /srv supported by --whitelist
+  * feature: allow user access to /sys/fs (--noblacklist=/sys/fs)
+  * feature: support starting/joining sandbox is a single command
+    (--join-or-start)
+  * feature: X11 detection support for --audit
+  * feature: assign a name to the interface connected to the bridge 
+    (--veth-name)
+  * feature: all user home directories are visible (--allusers)
+  * feature: add files to sandbox container (--put)
+  * feature: blocking x11 (--x11=block)
+  * feature: X11 security extension (--x11=xorg)
+  * feature: disable 3D hardware acceleration (--no3d)
+  * feature: x11 xpra, x11 xephyr, x11 block, allusers, no3d profile commands
+  * feature: move files in sandbox (--put)
+  * feature: accept wildcard patterns in user  name field of restricted
+    shell login feature
+  * new profiles: qpdfview, mupdf, Luminance HDR, Synfig Studio, Gimp, Inkscape
+  * new profiles: feh, ranger, zathura, 7z, keepass, keepassx,
+  * new profiles: claws-mail, mutt, git, emacs, vim, xpdf, VirtualBox, OpenShot
+  * new profiles: Flowblade, Eye of GNOME (eog), Evolution
+  * bugfixes
+ -- netblue30 <netblue30@yahoo.com>  Fri, 21 Oct 2016 08:00:00 -0500
+firejail (0.9.42) baseline; urgency=low
+  * security: --whitelist deleted files, submitted by Vasya Novikov
+  * security: disable x32 ABI in seccomp, submitted by Jann Horn
+  * security: tighten --chroot, submitted by Jann Horn
+  * security: terminal sandbox escape, submitted by Stephan Sokolow
+  * security: several TOCTOU fixes submitted by Aleksey Manevich
+  * modifs: bringing back --private-home option
+  * modifs: deprecated --user option, please use "sudo -u username firejail"
+  * modifs: allow symlinks in home directory for --whitelist option
+  * modifs: Firejail prompt is enabled by env variable FIREJAIL_PROMPT="yes"
+  * modifs: recursive mkdir
+  * modifs: include /dev/snd in --private-dev
+  * modifs: seccomp filter update
+  * modifs: release archives moved to .xz format
+  * feature: AppImage support (--appimage)
+  * feature: AppArmor support (--apparmor)
+  * feature: Ubuntu snap support (/etc/firejail/snap.profile)
+  * feature: Sandbox auditing support (--audit)
+  * feature: remove environment variable (--rmenv)
+  * feature: noexec support (--noexec)
+  * feature: clean local overlay storage directory (--overlay-clean)
+  * feature: store and reuse overlay (--overlay-named)
+  * feature: allow debugging inside the sandbox with gdb and strace
+         (--allow-debuggers)
+  * feature: mkfile profile command
+  * feature: quiet profile command
+  * feature: x11 profile command
+  * feature: option to fix desktop files (firecfg --fix)
+  * compile time: Busybox support (--enable-busybox-workaround)
+  * compile time: disable overlayfs (--disable-overlayfs)
+  * compile time: disable whitlisting (--disable-whitelist)
+  * compile time: disable global config (--disable-globalcfg)
+  * run time: enable/disable overlayfs (overlayfs yes/no)
+  * run time: enable/disable  quiet as default (quiet-by-default yes/no)
+  * run time: user-defined network filter (netfilter-default)
+  * run time: enable/disable whitelisting (whitelist yes/no)
+  * run time: enable/disable remounting of /proc and /sys
+          (remount-proc-sys yes/no)
+  * run time: enable/disable chroot desktop features (chroot-desktop yes/no)
+  * profiles: Gitter, gThumb, mpv, Franz messenger, LibreOffice
+  * profiles: pix, audacity, xz, xzdec, gzip, cpio, less
+  * profiles: Atom Beta, Atom, jitsi, eom, uudeview
+  * profiles: tar (gtar), unzip, unrar, file, skypeforlinux,
+  * profiles: inox, Slack, gnome-chess. Gajim IM client, DOSBox
+  * bugfixes
+ -- netblue30 <netblue30@yahoo.com>  Thu, 8 Sept 2016 08:00:00 -0500
+firejail (0.9.40) baseline; urgency=low
  * added --nice option
  * added --x11 option
  * added --x11=xpra option
  * added --x11=xephyr option
  * added --cpu.print option
  * added filetransfer options --ls and --get
+  * added --writable-etc and --writable-var options
+  * added --read-only option
  * added mkdir, ipc-namespace, and nosound profile commands
-  * added net iface, and iprange profile commands
+  * added net, ip, defaultgw, ip6, mac, mtu and iprange profile commands
  * --version also prints compile options
  * --output option also redirects stderr
  * added compile-time option to restrict --net= to root only
@@ -18,10 +108,16 @@ firejail (0.9.40-rc1) baseline; urgency=low
  * new profiles: lxterminal, Epiphany, cherrytree, Polari, Vivaldi, Atril
  * new profiles: qutebrowser, SlimJet, Battle for Wesnoth, Hedgewars
  * new profiles: qTox, OpenSSH client, OpenBox, Dillo, cmus, dnsmasq
-  * new profiles: PaleMoon, Icedove, abrowser, 0ad
+  * new profiles: PaleMoon, Icedove, abrowser, 0ad, netsurf, Warzone2100
+  * new profiles: okular, gwenview, Google-Play-Music-Desktop-Player
+  * new profiles: Aweather, Stellarium, gpredict, quiterss, cyberfox
+  * new profiles: generic Ubuntu snap application profile, xplayer
+  * new profiles: xreader, xviewer, mcabber, Psi+, Corebird, Konversation
+  * new profiles: Brave, Gitter
+  * generic.profile renamed default.profile
  * build rpm packages using "make rpms"
  * bugfixes
- -- netblue30 <netblue30@yahoo.com>  Sun, 3 Apr 2016 08:00:00 -0500
+ -- netblue30 <netblue30@yahoo.com>  Sun, 29 May 2016 08:00:00 -0500
 firejail (0.9.38) baseline; urgency=low
  * IPv6 support (--ip6 and --netfilter6)

diff --git a/RELNOTES b/RELNOTES index fbd620408..e726674ec 100644 --- a/RELNOTES +++ b/RELNOTES
@@ -1,12 +1,102 @@
1	firejail (0.9.40-rc1) baseline; urgency=low	1	firejail (0.9.45) baseline; urgency=low
		2	* development version, work in progress
		3	* security: overwrite /etc/resolv.conf found by Martin Carpenter
		4	* secuirty: TOCTOU exploit for --get and --put found by Daniel Hodson
		5	* security: invalid environment exploit found by Martin Carpenter
		6	* security: split most of networking code in a separate executable
		7	* security: split seccomp filter code configuration in a separate executable
		8	* feature: allow root user access to /dev/shm (--noblacklist=/dev/shm)
		9	* new profiles: xiphos, Tor Browser Bundle, display (imagemagik), Wire,
		10	* new profiles: mumble, zoom, Guayadeque
		11	* bugfixes
		12	-- netblue30 <netblue30@yahoo.com> Sun, 23 Oct 2016 08:00:00 -0500
		13
		14	firejail (0.9.44) baseline; urgency=low
		15	* CVE-2016-7545 submitted by Aleksey Manevich
		16	* modifs: removed man firejail-config
		17	* modifs: --private-tmp whitelists /tmp/.X11-unix directory
		18	* modifs: Nvidia drivers added to --private-dev
		19	* modifs: /srv supported by --whitelist
		20	* feature: allow user access to /sys/fs (--noblacklist=/sys/fs)
		21	* feature: support starting/joining sandbox is a single command
		22	(--join-or-start)
		23	* feature: X11 detection support for --audit
		24	* feature: assign a name to the interface connected to the bridge
		25	(--veth-name)
		26	* feature: all user home directories are visible (--allusers)
		27	* feature: add files to sandbox container (--put)
		28	* feature: blocking x11 (--x11=block)
		29	* feature: X11 security extension (--x11=xorg)
		30	* feature: disable 3D hardware acceleration (--no3d)
		31	* feature: x11 xpra, x11 xephyr, x11 block, allusers, no3d profile commands
		32	* feature: move files in sandbox (--put)
		33	* feature: accept wildcard patterns in user name field of restricted
		34	shell login feature
		35	* new profiles: qpdfview, mupdf, Luminance HDR, Synfig Studio, Gimp, Inkscape
		36	* new profiles: feh, ranger, zathura, 7z, keepass, keepassx,
		37	* new profiles: claws-mail, mutt, git, emacs, vim, xpdf, VirtualBox, OpenShot
		38	* new profiles: Flowblade, Eye of GNOME (eog), Evolution
		39	* bugfixes
		40	-- netblue30 <netblue30@yahoo.com> Fri, 21 Oct 2016 08:00:00 -0500
		41
		42	firejail (0.9.42) baseline; urgency=low
		43	* security: --whitelist deleted files, submitted by Vasya Novikov
		44	* security: disable x32 ABI in seccomp, submitted by Jann Horn
		45	* security: tighten --chroot, submitted by Jann Horn
		46	* security: terminal sandbox escape, submitted by Stephan Sokolow
		47	* security: several TOCTOU fixes submitted by Aleksey Manevich
		48	* modifs: bringing back --private-home option
		49	* modifs: deprecated --user option, please use "sudo -u username firejail"
		50	* modifs: allow symlinks in home directory for --whitelist option
		51	* modifs: Firejail prompt is enabled by env variable FIREJAIL_PROMPT="yes"
		52	* modifs: recursive mkdir
		53	* modifs: include /dev/snd in --private-dev
		54	* modifs: seccomp filter update
		55	* modifs: release archives moved to .xz format
		56	* feature: AppImage support (--appimage)
		57	* feature: AppArmor support (--apparmor)
		58	* feature: Ubuntu snap support (/etc/firejail/snap.profile)
		59	* feature: Sandbox auditing support (--audit)
		60	* feature: remove environment variable (--rmenv)
		61	* feature: noexec support (--noexec)
		62	* feature: clean local overlay storage directory (--overlay-clean)
		63	* feature: store and reuse overlay (--overlay-named)
		64	* feature: allow debugging inside the sandbox with gdb and strace
		65	(--allow-debuggers)
		66	* feature: mkfile profile command
		67	* feature: quiet profile command
		68	* feature: x11 profile command
		69	* feature: option to fix desktop files (firecfg --fix)
		70	* compile time: Busybox support (--enable-busybox-workaround)
		71	* compile time: disable overlayfs (--disable-overlayfs)
		72	* compile time: disable whitlisting (--disable-whitelist)
		73	* compile time: disable global config (--disable-globalcfg)
		74	* run time: enable/disable overlayfs (overlayfs yes/no)
		75	* run time: enable/disable quiet as default (quiet-by-default yes/no)
		76	* run time: user-defined network filter (netfilter-default)
		77	* run time: enable/disable whitelisting (whitelist yes/no)
		78	* run time: enable/disable remounting of /proc and /sys
		79	(remount-proc-sys yes/no)
		80	* run time: enable/disable chroot desktop features (chroot-desktop yes/no)
		81	* profiles: Gitter, gThumb, mpv, Franz messenger, LibreOffice
		82	* profiles: pix, audacity, xz, xzdec, gzip, cpio, less
		83	* profiles: Atom Beta, Atom, jitsi, eom, uudeview
		84	* profiles: tar (gtar), unzip, unrar, file, skypeforlinux,
		85	* profiles: inox, Slack, gnome-chess. Gajim IM client, DOSBox
		86	* bugfixes
		87	-- netblue30 <netblue30@yahoo.com> Thu, 8 Sept 2016 08:00:00 -0500
		88
		89	firejail (0.9.40) baseline; urgency=low
2	* added --nice option	90	* added --nice option
3	* added --x11 option	91	* added --x11 option
4	* added --x11=xpra option	92	* added --x11=xpra option
5	* added --x11=xephyr option	93	* added --x11=xephyr option
6	* added --cpu.print option	94	* added --cpu.print option
7	* added filetransfer options --ls and --get	95	* added filetransfer options --ls and --get
		96	* added --writable-etc and --writable-var options
		97	* added --read-only option
8	* added mkdir, ipc-namespace, and nosound profile commands	98	* added mkdir, ipc-namespace, and nosound profile commands
9	* added net iface, and iprange profile commands	99	* added net, ip, defaultgw, ip6, mac, mtu and iprange profile commands
10	* --version also prints compile options	100	* --version also prints compile options
11	* --output option also redirects stderr	101	* --output option also redirects stderr
12	* added compile-time option to restrict --net= to root only	102	* added compile-time option to restrict --net= to root only
@@ -18,10 +108,16 @@ firejail (0.9.40-rc1) baseline; urgency=low
18	* new profiles: lxterminal, Epiphany, cherrytree, Polari, Vivaldi, Atril	108	* new profiles: lxterminal, Epiphany, cherrytree, Polari, Vivaldi, Atril
19	* new profiles: qutebrowser, SlimJet, Battle for Wesnoth, Hedgewars	109	* new profiles: qutebrowser, SlimJet, Battle for Wesnoth, Hedgewars
20	* new profiles: qTox, OpenSSH client, OpenBox, Dillo, cmus, dnsmasq	110	* new profiles: qTox, OpenSSH client, OpenBox, Dillo, cmus, dnsmasq
21	* new profiles: PaleMoon, Icedove, abrowser, 0ad	111	* new profiles: PaleMoon, Icedove, abrowser, 0ad, netsurf, Warzone2100
		112	* new profiles: okular, gwenview, Google-Play-Music-Desktop-Player
		113	* new profiles: Aweather, Stellarium, gpredict, quiterss, cyberfox
		114	* new profiles: generic Ubuntu snap application profile, xplayer
		115	* new profiles: xreader, xviewer, mcabber, Psi+, Corebird, Konversation
		116	* new profiles: Brave, Gitter
		117	* generic.profile renamed default.profile
22	* build rpm packages using "make rpms"	118	* build rpm packages using "make rpms"
23	* bugfixes	119	* bugfixes
24	-- netblue30 <netblue30@yahoo.com> Sun, 3 Apr 2016 08:00:00 -0500	120	-- netblue30 <netblue30@yahoo.com> Sun, 29 May 2016 08:00:00 -0500
25		121
26	firejail (0.9.38) baseline; urgency=low	122	firejail (0.9.38) baseline; urgency=low
27	* IPv6 support (--ip6 and --netfilter6)	123	* IPv6 support (--ip6 and --netfilter6)