1 files changed, 111 insertions, 4 deletions
diff --git a/RELNOTES b/RELNOTES
index fbd620408..064553f98 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -1,12 +1,113 @@
-firejail (0.9.40-rc1) baseline; urgency=low
+firejail (0.9.45) baseline; urgency=low
+  * development version, work in progress
+  * security: overwrite /etc/resolv.conf found by Martin Carpenter
+  * secuirty: TOCTOU exploit for --get and --put found by Daniel Hodson
+  * security: invalid environment exploit found by Martin Carpenter
+  * security: split most of networking code in a separate executable
+  * security: split seccomp filter code configuration in a separate executable
+  * security: split file copying in private option in a separate executable
+  * feature: disable gnupg and systemd directories under /run/user
+  * feature: allow root user access to /dev/shm (--noblacklist=/dev/shm)
+  * feature: AppImage type 2 support
+  * feature: test coverage (gcov) support
+  * feature: private /opt directory (--private-opt, profile support)
+  * feature: private /srv directory (--private-srv, profile support)
+  * feature: spoof machine-id
+  * feature: config support for firejail prompt in terminal
+  * new profiles: xiphos, Tor Browser Bundle, display (imagemagik), Wire,
+  * new profiles: mumble, zoom, Guayadeque, qemu, keypass2, xed, pluma,
+  * new profiles: Cryptocat, Bless, Gnome 2048, Gnome Calculator, 
+  * new profiles: Gnome Contacts, JD-GUI, Lollypop, MultiMC5, PDFSam, Pithos,
+  * new profies: Xonotic, wireshark
+  * bugfixes
+ -- netblue30 <netblue30@yahoo.com>  Sun, 23 Oct 2016 08:00:00 -0500
+firejail (0.9.44) baseline; urgency=low
+  * CVE-2016-7545 submitted by Aleksey Manevich
+  * modifs: removed man firejail-config
+  * modifs: --private-tmp whitelists /tmp/.X11-unix directory
+  * modifs: Nvidia drivers added to --private-dev
+  * modifs: /srv supported by --whitelist
+  * feature: allow user access to /sys/fs (--noblacklist=/sys/fs)
+  * feature: support starting/joining sandbox is a single command
+    (--join-or-start)
+  * feature: X11 detection support for --audit
+  * feature: assign a name to the interface connected to the bridge 
+    (--veth-name)
+  * feature: all user home directories are visible (--allusers)
+  * feature: add files to sandbox container (--put)
+  * feature: blocking x11 (--x11=block)
+  * feature: X11 security extension (--x11=xorg)
+  * feature: disable 3D hardware acceleration (--no3d)
+  * feature: x11 xpra, x11 xephyr, x11 block, allusers, no3d profile commands
+  * feature: move files in sandbox (--put)
+  * feature: accept wildcard patterns in user  name field of restricted
+    shell login feature
+  * new profiles: qpdfview, mupdf, Luminance HDR, Synfig Studio, Gimp, Inkscape
+  * new profiles: feh, ranger, zathura, 7z, keepass, keepassx,
+  * new profiles: claws-mail, mutt, git, emacs, vim, xpdf, VirtualBox, OpenShot
+  * new profiles: Flowblade, Eye of GNOME (eog), Evolution
+  * bugfixes
+ -- netblue30 <netblue30@yahoo.com>  Fri, 21 Oct 2016 08:00:00 -0500
+firejail (0.9.42) baseline; urgency=low
+  * security: --whitelist deleted files, submitted by Vasya Novikov
+  * security: disable x32 ABI in seccomp, submitted by Jann Horn
+  * security: tighten --chroot, submitted by Jann Horn
+  * security: terminal sandbox escape, submitted by Stephan Sokolow
+  * security: several TOCTOU fixes submitted by Aleksey Manevich
+  * modifs: bringing back --private-home option
+  * modifs: deprecated --user option, please use "sudo -u username firejail"
+  * modifs: allow symlinks in home directory for --whitelist option
+  * modifs: Firejail prompt is enabled by env variable FIREJAIL_PROMPT="yes"
+  * modifs: recursive mkdir
+  * modifs: include /dev/snd in --private-dev
+  * modifs: seccomp filter update
+  * modifs: release archives moved to .xz format
+  * feature: AppImage support (--appimage)
+  * feature: AppArmor support (--apparmor)
+  * feature: Ubuntu snap support (/etc/firejail/snap.profile)
+  * feature: Sandbox auditing support (--audit)
+  * feature: remove environment variable (--rmenv)
+  * feature: noexec support (--noexec)
+  * feature: clean local overlay storage directory (--overlay-clean)
+  * feature: store and reuse overlay (--overlay-named)
+  * feature: allow debugging inside the sandbox with gdb and strace
+         (--allow-debuggers)
+  * feature: mkfile profile command
+  * feature: quiet profile command
+  * feature: x11 profile command
+  * feature: option to fix desktop files (firecfg --fix)
+  * compile time: Busybox support (--enable-busybox-workaround)
+  * compile time: disable overlayfs (--disable-overlayfs)
+  * compile time: disable whitlisting (--disable-whitelist)
+  * compile time: disable global config (--disable-globalcfg)
+  * run time: enable/disable overlayfs (overlayfs yes/no)
+  * run time: enable/disable  quiet as default (quiet-by-default yes/no)
+  * run time: user-defined network filter (netfilter-default)
+  * run time: enable/disable whitelisting (whitelist yes/no)
+  * run time: enable/disable remounting of /proc and /sys
+          (remount-proc-sys yes/no)
+  * run time: enable/disable chroot desktop features (chroot-desktop yes/no)
+  * profiles: Gitter, gThumb, mpv, Franz messenger, LibreOffice
+  * profiles: pix, audacity, xz, xzdec, gzip, cpio, less
+  * profiles: Atom Beta, Atom, jitsi, eom, uudeview
+  * profiles: tar (gtar), unzip, unrar, file, skypeforlinux,
+  * profiles: inox, Slack, gnome-chess. Gajim IM client, DOSBox
+  * bugfixes
+ -- netblue30 <netblue30@yahoo.com>  Thu, 8 Sept 2016 08:00:00 -0500
+firejail (0.9.40) baseline; urgency=low
  * added --nice option
  * added --x11 option
  * added --x11=xpra option
  * added --x11=xephyr option
  * added --cpu.print option
  * added filetransfer options --ls and --get
+  * added --writable-etc and --writable-var options
+  * added --read-only option
  * added mkdir, ipc-namespace, and nosound profile commands
-  * added net iface, and iprange profile commands
+  * added net, ip, defaultgw, ip6, mac, mtu and iprange profile commands
  * --version also prints compile options
  * --output option also redirects stderr
  * added compile-time option to restrict --net= to root only
@@ -18,10 +119,16 @@ firejail (0.9.40-rc1) baseline; urgency=low
  * new profiles: lxterminal, Epiphany, cherrytree, Polari, Vivaldi, Atril
  * new profiles: qutebrowser, SlimJet, Battle for Wesnoth, Hedgewars
  * new profiles: qTox, OpenSSH client, OpenBox, Dillo, cmus, dnsmasq
-  * new profiles: PaleMoon, Icedove, abrowser, 0ad
+  * new profiles: PaleMoon, Icedove, abrowser, 0ad, netsurf, Warzone2100
+  * new profiles: okular, gwenview, Google-Play-Music-Desktop-Player
+  * new profiles: Aweather, Stellarium, gpredict, quiterss, cyberfox
+  * new profiles: generic Ubuntu snap application profile, xplayer
+  * new profiles: xreader, xviewer, mcabber, Psi+, Corebird, Konversation
+  * new profiles: Brave, Gitter
+  * generic.profile renamed default.profile
  * build rpm packages using "make rpms"
  * bugfixes
- -- netblue30 <netblue30@yahoo.com>  Sun, 3 Apr 2016 08:00:00 -0500
+ -- netblue30 <netblue30@yahoo.com>  Sun, 29 May 2016 08:00:00 -0500
 firejail (0.9.38) baseline; urgency=low
  * IPv6 support (--ip6 and --netfilter6)

diff --git a/RELNOTES b/RELNOTES index fbd620408..064553f98 100644 --- a/RELNOTES +++ b/RELNOTES
@@ -1,12 +1,113 @@
1	firejail (0.9.40-rc1) baseline; urgency=low	1	firejail (0.9.45) baseline; urgency=low
		2	* development version, work in progress
		3	* security: overwrite /etc/resolv.conf found by Martin Carpenter
		4	* secuirty: TOCTOU exploit for --get and --put found by Daniel Hodson
		5	* security: invalid environment exploit found by Martin Carpenter
		6	* security: split most of networking code in a separate executable
		7	* security: split seccomp filter code configuration in a separate executable
		8	* security: split file copying in private option in a separate executable
		9	* feature: disable gnupg and systemd directories under /run/user
		10	* feature: allow root user access to /dev/shm (--noblacklist=/dev/shm)
		11	* feature: AppImage type 2 support
		12	* feature: test coverage (gcov) support
		13	* feature: private /opt directory (--private-opt, profile support)
		14	* feature: private /srv directory (--private-srv, profile support)
		15	* feature: spoof machine-id
		16	* feature: config support for firejail prompt in terminal
		17	* new profiles: xiphos, Tor Browser Bundle, display (imagemagik), Wire,
		18	* new profiles: mumble, zoom, Guayadeque, qemu, keypass2, xed, pluma,
		19	* new profiles: Cryptocat, Bless, Gnome 2048, Gnome Calculator,
		20	* new profiles: Gnome Contacts, JD-GUI, Lollypop, MultiMC5, PDFSam, Pithos,
		21	* new profies: Xonotic, wireshark
		22	* bugfixes
		23	-- netblue30 <netblue30@yahoo.com> Sun, 23 Oct 2016 08:00:00 -0500
		24
		25	firejail (0.9.44) baseline; urgency=low
		26	* CVE-2016-7545 submitted by Aleksey Manevich
		27	* modifs: removed man firejail-config
		28	* modifs: --private-tmp whitelists /tmp/.X11-unix directory
		29	* modifs: Nvidia drivers added to --private-dev
		30	* modifs: /srv supported by --whitelist
		31	* feature: allow user access to /sys/fs (--noblacklist=/sys/fs)
		32	* feature: support starting/joining sandbox is a single command
		33	(--join-or-start)
		34	* feature: X11 detection support for --audit
		35	* feature: assign a name to the interface connected to the bridge
		36	(--veth-name)
		37	* feature: all user home directories are visible (--allusers)
		38	* feature: add files to sandbox container (--put)
		39	* feature: blocking x11 (--x11=block)
		40	* feature: X11 security extension (--x11=xorg)
		41	* feature: disable 3D hardware acceleration (--no3d)
		42	* feature: x11 xpra, x11 xephyr, x11 block, allusers, no3d profile commands
		43	* feature: move files in sandbox (--put)
		44	* feature: accept wildcard patterns in user name field of restricted
		45	shell login feature
		46	* new profiles: qpdfview, mupdf, Luminance HDR, Synfig Studio, Gimp, Inkscape
		47	* new profiles: feh, ranger, zathura, 7z, keepass, keepassx,
		48	* new profiles: claws-mail, mutt, git, emacs, vim, xpdf, VirtualBox, OpenShot
		49	* new profiles: Flowblade, Eye of GNOME (eog), Evolution
		50	* bugfixes
		51	-- netblue30 <netblue30@yahoo.com> Fri, 21 Oct 2016 08:00:00 -0500
		52
		53	firejail (0.9.42) baseline; urgency=low
		54	* security: --whitelist deleted files, submitted by Vasya Novikov
		55	* security: disable x32 ABI in seccomp, submitted by Jann Horn
		56	* security: tighten --chroot, submitted by Jann Horn
		57	* security: terminal sandbox escape, submitted by Stephan Sokolow
		58	* security: several TOCTOU fixes submitted by Aleksey Manevich
		59	* modifs: bringing back --private-home option
		60	* modifs: deprecated --user option, please use "sudo -u username firejail"
		61	* modifs: allow symlinks in home directory for --whitelist option
		62	* modifs: Firejail prompt is enabled by env variable FIREJAIL_PROMPT="yes"
		63	* modifs: recursive mkdir
		64	* modifs: include /dev/snd in --private-dev
		65	* modifs: seccomp filter update
		66	* modifs: release archives moved to .xz format
		67	* feature: AppImage support (--appimage)
		68	* feature: AppArmor support (--apparmor)
		69	* feature: Ubuntu snap support (/etc/firejail/snap.profile)
		70	* feature: Sandbox auditing support (--audit)
		71	* feature: remove environment variable (--rmenv)
		72	* feature: noexec support (--noexec)
		73	* feature: clean local overlay storage directory (--overlay-clean)
		74	* feature: store and reuse overlay (--overlay-named)
		75	* feature: allow debugging inside the sandbox with gdb and strace
		76	(--allow-debuggers)
		77	* feature: mkfile profile command
		78	* feature: quiet profile command
		79	* feature: x11 profile command
		80	* feature: option to fix desktop files (firecfg --fix)
		81	* compile time: Busybox support (--enable-busybox-workaround)
		82	* compile time: disable overlayfs (--disable-overlayfs)
		83	* compile time: disable whitlisting (--disable-whitelist)
		84	* compile time: disable global config (--disable-globalcfg)
		85	* run time: enable/disable overlayfs (overlayfs yes/no)
		86	* run time: enable/disable quiet as default (quiet-by-default yes/no)
		87	* run time: user-defined network filter (netfilter-default)
		88	* run time: enable/disable whitelisting (whitelist yes/no)
		89	* run time: enable/disable remounting of /proc and /sys
		90	(remount-proc-sys yes/no)
		91	* run time: enable/disable chroot desktop features (chroot-desktop yes/no)
		92	* profiles: Gitter, gThumb, mpv, Franz messenger, LibreOffice
		93	* profiles: pix, audacity, xz, xzdec, gzip, cpio, less
		94	* profiles: Atom Beta, Atom, jitsi, eom, uudeview
		95	* profiles: tar (gtar), unzip, unrar, file, skypeforlinux,
		96	* profiles: inox, Slack, gnome-chess. Gajim IM client, DOSBox
		97	* bugfixes
		98	-- netblue30 <netblue30@yahoo.com> Thu, 8 Sept 2016 08:00:00 -0500
		99
		100	firejail (0.9.40) baseline; urgency=low
2	* added --nice option	101	* added --nice option
3	* added --x11 option	102	* added --x11 option
4	* added --x11=xpra option	103	* added --x11=xpra option
5	* added --x11=xephyr option	104	* added --x11=xephyr option
6	* added --cpu.print option	105	* added --cpu.print option
7	* added filetransfer options --ls and --get	106	* added filetransfer options --ls and --get
		107	* added --writable-etc and --writable-var options
		108	* added --read-only option
8	* added mkdir, ipc-namespace, and nosound profile commands	109	* added mkdir, ipc-namespace, and nosound profile commands
9	* added net iface, and iprange profile commands	110	* added net, ip, defaultgw, ip6, mac, mtu and iprange profile commands
10	* --version also prints compile options	111	* --version also prints compile options
11	* --output option also redirects stderr	112	* --output option also redirects stderr
12	* added compile-time option to restrict --net= to root only	113	* added compile-time option to restrict --net= to root only
@@ -18,10 +119,16 @@ firejail (0.9.40-rc1) baseline; urgency=low
18	* new profiles: lxterminal, Epiphany, cherrytree, Polari, Vivaldi, Atril	119	* new profiles: lxterminal, Epiphany, cherrytree, Polari, Vivaldi, Atril
19	* new profiles: qutebrowser, SlimJet, Battle for Wesnoth, Hedgewars	120	* new profiles: qutebrowser, SlimJet, Battle for Wesnoth, Hedgewars
20	* new profiles: qTox, OpenSSH client, OpenBox, Dillo, cmus, dnsmasq	121	* new profiles: qTox, OpenSSH client, OpenBox, Dillo, cmus, dnsmasq
21	* new profiles: PaleMoon, Icedove, abrowser, 0ad	122	* new profiles: PaleMoon, Icedove, abrowser, 0ad, netsurf, Warzone2100
		123	* new profiles: okular, gwenview, Google-Play-Music-Desktop-Player
		124	* new profiles: Aweather, Stellarium, gpredict, quiterss, cyberfox
		125	* new profiles: generic Ubuntu snap application profile, xplayer
		126	* new profiles: xreader, xviewer, mcabber, Psi+, Corebird, Konversation
		127	* new profiles: Brave, Gitter
		128	* generic.profile renamed default.profile
22	* build rpm packages using "make rpms"	129	* build rpm packages using "make rpms"
23	* bugfixes	130	* bugfixes
24	-- netblue30 <netblue30@yahoo.com> Sun, 3 Apr 2016 08:00:00 -0500	131	-- netblue30 <netblue30@yahoo.com> Sun, 29 May 2016 08:00:00 -0500
25		132
26	firejail (0.9.38) baseline; urgency=low	133	firejail (0.9.38) baseline; urgency=low
27	* IPv6 support (--ip6 and --netfilter6)	134	* IPv6 support (--ip6 and --netfilter6)