1 files changed, 371 insertions, 5 deletions

diff --git a/RELNOTES b/RELNOTES
index 4c272ccee..86c4a6104 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -1,10 +1,376 @@
-firejail (0.9.51) baseline; urgency=low
-  * work in progress!
+firejail (0.9.67) baseline; urgency=low
+  * work in progress
+  * deprecated --disable-whitelist at compile time
+  * deprecated whitelist=yes/no in /etc/firejail/firejail.config
+  * remove (some) environment variables with auth-tokens
+  * new includes: whitelist-run-common.inc, disable-X11.inc
+  * removed includes: disable-passwordmgr.inc
+  * new profiles: microsoft-edge-beta, clion-eap, lifeograph, zim
+  * new profiles: io.github.lainsce.Notejot, rednotebook, gallery-dl
+  * new profiles: yt-dlp
+ -- netblue30 <netblue30@yahoo.com>  Thu, 29 Jul 2021 09:00:00 -0500
+
+firejail (0.9.66) baseline; urgency=low
+  * deprecated --audit options, relpaced by jailcheck utility
+  * deprecated follow-symlink-as-user from firejail.config
+  * new firejail.config settings: private-bin, private-etc
+  * new firejail.config settings: private-opt, private-srv
+  * new firejail.config settings: whitelist-disable-topdir
+  * new firejail.config settings: seccomp-filter-add
+  * removed kcmp syscall from seccomp default filter
+  * rename --noautopulse to keep-config-pulse
+  * filtering environment variables
+  * zsh completion
+  * command line: --mkdir, --mkfile
+  * --protocol now accumulates
+  * Jolla/SailfishOS patches
+  * private-lib rework
+  * whitelist rework
+  * jailtest utility for testing running sandboxes
+  * capabilities list update
+  * faccessat2 syscall support
+  * --private-dev keeps /dev/input
+  * added --noinput to disable /dev/input
+  * add support for subdirs in --private-etc
+  * compile time: --enable-force-nonewprivs
+  * compile time: --disable-output
+  * compile time: --enable-lts
+  * subdirs support in private-etc
+  * input devices support in private-dev, --no-input
+  * support trailing comments on profile lines
+  * new profiles: vmware-view, display-im6.q16, ipcalc, ipcalc-ng
+  * ebook-convert, ebook-edit, ebook-meta, ebook-polish, lzop,
+  * avidemux, calligragemini, vmware-player, vmware-workstation
+  * gget, com.github.phase1geo.minder, nextcloud-desktop, pcsxr
+  * PPSSPPSDL, openmw, openmw-launcher, jami-gnome, PCSX2, sum
+  * bcompare, b2sum, cksum, md5sum, sha1sum, sha224sum, sha256sum
+  * sha384sum, sha512sum, librewold-nightly, Quodlibet, tmux, sway
+  * alienarena, alienarena-wrapper, ballbuster, ballbuster-wrapper,
+  * colorful, colorful-wrapper, gl-117, gl-117-wrapper, glaxium,
+  * glaxium-wrapper, pinball, pinball-wrapper, etr-wrapper, firedragon
+  * neverball-wrapper, neverputt-wrapper, supertuxkart-wrapper, neochat,
+  * cargo, LibreCAD, blobby, funnyboat, pipe-viewer, gtk-pipe-viewer
+  * links2, xlinks2, googler, ddgr, tin
+ -- netblue30 <netblue30@yahoo.com>  Mon, 28 Jun 2021 09:00:00 -0500
+
+firejail (0.9.64.4) baseline; urgency=low
+  * disabled overlayfs, pending multiple fixes (CVE-2021-26910)
+ -- netblue30 <netblue30@yahoo.com>  Sun, 7 Feb 2021 09:00:00 -0500
+
+firejail (0.9.64.2) baseline; urgency=low
+  * allow --tmpfs inside $HOME for unprivileged users
+  * --disable-usertmpfs  compile time option
+  * allow AF_BLUETOOTH via --protocol=bluetooth
+  * Setup guide for new users: contrib/firejail-welcome.sh
+  * implement netns in profiles
+  * added nolocal6.net IPv6 network filter
+  * new profiles: spectacle, chromium-browser-privacy, gtk-straw-viewer
+  * new profiles: gtk-youtube-viewer, gtk2-youtube-viewer, gtk3-youtube-viewer
+  * new profiles: straw-viewer, lutris, dolphin-emu, authenticator-rs, servo
+  * new profiles: npm, marker, yarn, lsar, unar, agetpkg, mdr, shotwell, qnapi
+  * new profiles: guvcview, pkglog, kdiff3, CoyIM
+ -- netblue30 <netblue30@yahoo.com>  Tue, 26 Jan 2021 09:00:00 -0500
+
+firejail (0.9.64) baseline; urgency=low
+  * replaced --nowrap option with --wrap in firemon
+  * The blocking action of seccomp filters has been changed from
+    killing the process to returning EPERM to the caller. To get the
+    previous behaviour, use --seccomp-error-action=kill or
+    syscall:kill syntax when constructing filters, or override in
+    /etc/firejail/firejail.config file.
+  * Fine-grained D-Bus sandboxing with xdg-dbus-proxy.
+    xdg-dbus-proxy must be installed, if not D-Bus access will be allowed.
+    With this version nodbus is deprecated, in favor of dbus-user none and
+    dbus-system none and will be removed in a future version.
+  * DHCP client support
+  * firecfg only fix dektop-files if started with sudo
+  * SELinux labeling support
+  * custom 32-bit seccomp filter support
+  * restrict ${RUNUSER} in several profiles
+  * blacklist shells such as bash in several profiles
+  * whitelist globbing
+  * mkdir and mkfile support for /run/user directory
+  * support ignore for include
+  * --include on the command line
+  * splitting up media players whitelists in whitelist-players.inc
+  * new condition: HAS_NOSOUND
+  * new profiles: gfeeds, firefox-x11, tvbrowser, rtv, clipgrab, muraster
+  * new profiles: gnome-passwordsafe, bibtex, gummi, latex, mupdf-x11-curl
+  * new profiles: pdflatex, tex, wpp, wpspdf, wps, et, multimc, mupdf-x11
+  * new profiles: gnome-hexgl, com.github.johnfactotum.Foliate, mupdf-gl, mutool
+  * new profiles: desktopeditors, impressive, planmaker18, planmaker18free
+  * new profiles: presentations18, presentations18free, textmaker18, teams
+  * new profiles: textmaker18free, xournal, gnome-screenshot, ripperX
+  * new profiles: sound-juicer, com.github.dahenson.agenda, gnome-pomodoro
+  * new profiles: gnome-todo, x2goclient, iagno, kmplayer, penguin-command
+  * new profiles: frogatto, gnome-mines, gnome-nibbles, lightsoff, warmux
+  * new profiles: ts3client_runscript.sh, ferdi, abiword, four-in-a-row
+  * new profiles: gnome-mahjongg, gnome-robots, gnome-sudoku, gnome-taquin
+  * new profiles: gnome-tetravex, blobwars, gravity-beams-and-evaporating-stars
+  * new profiles: hyperrogue, jumpnbump-menu, jumpnbump, magicor, mindless
+  * new profiles: mirrormagic, mrrescue, scorched3d-wrapper, scorchwentbonkers
+  * new profiles: seahorse-adventures, wordwarvi, xbill, gnome-klotski
+  * new profiles: swell-foop, fdns, five-or-more, steam-runtime
+  * new profiles: nicotine, plv, mocp, apostrophe, quadrapassel, dino-im
+  * new profiles: hitori, bijiben, gnote, gnubik, ZeGrapher, xonotic-sdl-wrapper
+  * new profiles: gapplication, openarena_ded, element-desktop, cawbird
+  * new profiles: freetube, strawberry, jitsi-meet-desktop
+  * new profiles: homebank, mattermost-desktop, newsflash, com.gitlab.newsflash
+  * new profiles: sushi, xfce4-screenshooter, org.gnome.NautilusPreviewer, lyx
+  * new profiles: minitube, nuclear, mtpaint, minecraft-launcher, gnome-calendar
+  * new profiles: vmware, git-cola, otter-browser, kazam, menulibre, musictube
+  * new profiles: onboard, fractal, mirage, quaternion, spectral, man, psi
+  * new profiles: smuxi-frontend-gnome, balsa, kube, trojita, youtube
+  * new profiles: youtubemusic-nativefier, cola, dbus-send, notify-send
+  * new profiles: qrencode, ytmdesktop, twitch
+  * new profiles: xournalpp, chromium-freeworld, equalx
+ -- netblue30 <netblue30@yahoo.com>  Wed, 21 Oct 2020 08:00:00 -0500
+
+firejail (0.9.62) baseline; urgency=low
+  * added file-copy-limit in /etc/firejail/firejail.config
+  * profile templates (/usr/share/doc/firejail)
+  * allow-debuggers support in profiles
+  * several seccomp enhancements
+  * compiler flags autodetection
+  * move chroot entirely from path based to file descriptor based mounts
+  * whitelisting /usr/share in a large number of profiles
+  * new scripts in conrib: gdb-firejail.sh and sort.py
+  * enhancement: whitelist /usr/share in some profiles
+  * added signal mediation ot apparmor profile
+  * new conditions: HAS_X11, HAS_NET
+  * new profiles: qgis, klatexformula, klatexformula_cmdl, links, xlinks
+  * new profiles: pandoc, teams-for-linux, OpenArena, gnome-sound-recorder
+  * new profiles: godot, tcpdump, tshark, newsbeuter, keepassxc-cli
+  * new profiles: keepassxc-proxy, rhythmbox-client, jerry, zeal, mpg123
+  * new profiles: conplay, mpg123.bin, mpg123-alsa, mpg123-id3dump, out123
+  * new profiles: mpg123-jack, mpg123-nas, mpg123-openal, mpg123-oss
+  * new profiles: mpg123-portaudio, mpg123-pulse, mpg123-strip, pavucontrol-qt
+  * new profiles: gnome-characters, gnome-character-map, rsync, Whalebird,
+  * new profiles: tor-browser (AUR), Zulip, tb-starter-wrapper, bzcat,
+  * new profiles: kiwix-desktop, bzcat, zstd, pzstd, zstdcat, zstdgrep, zstdless
+  * new profiles: zstdmt, unzstd, i2p, ar, gnome-latex, pngquant, kalgebra
+  * new profiles: kalgebramobile, signal-cli, amuled, kfind, profanity
+  * new profiles: audio-recorder, cameramonitor, ddgtk, drawio, unf, gmpc
+  * new profiles: electron-mail, gist, gist-paste
+ -- netblue30 <netblue30@yahoo.com>  Sat, 28 Dec 2019 08:00:00 -0500
+
+firejail (0.9.60) baseline; urgency=low
+  * security bug reported by Austin Morton:
+    Seccomp filters are copied into /run/firejail/mnt, and are writable
+    within the jail. A malicious process can modify files from inside the
+    jail. Processes that are later joined to the jail will not have seccomp
+    filters applied.
+  * memory-deny-write-execute now also blocks memfd_create
+  * add private-cwd option to control working directory within jail
+  * blocking system D-Bus socket with --nodbus
+  * bringing back Centos 6 support
+  * drop support for flatpak/snap packages
+  * new profiles: crow, nyx, mypaint, celluoid, nano, transgui, mpdris2
+  * new profiles: sysprof, simplescreenrecorder, geekbench, xfce4-mixer
+  * new profiles: pavucontrol, d-feet, seahorse, secret-tool, gnome-keyring
+  * new profiles: regextester, hardinfo, gnome-system-log, gnome-nettool
+  * new profiles: netactview, redshift, devhelp, assogiate, subdownloader
+  * new profiles: font-manager, exfalso, gconf-editor, dconf-editor
+  * new profiles: sysprof-cli, seahorse-tool, secret-tool, dconf, gsettings
+  * new profiles: code-oss, pragha, Maelstrom, ostrichriders, bzflag
+  * new profiles: freeciv, lincity-ng, megaglest, openttd, crawl, crawl-tiles
+  * new profiles: teeworlds, torcs, tremulous, warsow, lugaru, manaplus
+  * new profiles: pioneer, scorched3d, widelands, freemind, kid3, kid3-qt
+  * new profiles: kid3-cli, nomacs, freecol, opencity, openclonk, slashem
+  * new profiles: vultureseye, vulturesclaw, anki, cheese, utox, mp3splt
+  * new profiles: oggsplt, flacsplt, gramps, newsboat, freeoffice-planmaker
+  * new profiles: autokey-gtk, autokey-qt, autokey-run, autokey-shell
+  * new profiles: freeoffice-presentations, freeoffice-textmaker, mp3wrap
+  * new profiles: inkview, meteo-qt, mp3splt-gtk, ktouch, yelp, cantata
+ -- netblue30 <netblue30@yahoo.com>  Sun, 26 May 2019 08:00:00 -0500
+
+firejail (0.9.58,2) baseline; urgency=low
+  * cgroup flag in /etc/firejail/firejail.config file
+  * name-change flag in /etc/firejail.config file
+  * --name rework
+  * new profiles: klavaro, vscodium
+  * browser profiles fixes
+  * various other bugfixes
+ -- netblue30 <netblue30@yahoo.com>  Fri, 8 Feb 2019 08:00:00 -0500
+
+firejail (0.9.58) baseline; urgency=low
+  * --disable-mnt rework
+  * --net.print command
+  * GitLab CI/CD integration: disto specific builds
+  * profile parser enhancements and conditional handling support
+     for HAS_APPIMAGE, HAS_NODBUS, BROWSER_DISABLE_U2F
+  * profile name support
+  * added explicit nonewprivs support to join option
+  * new profiles: QMediathekView, aria2c, Authenticator, checkbashisms
+  * new profiles: devilspie, devilspie2, easystroke, github-desktop, min
+  * new profiles: bsdcat, bsdcpio, bsdtar, lzmadec, lbunzip2, lbzcat
+  * new profiles: lbzip2, lzcat, lzcmp, lzdiff, lzegrep, lzfgrep, lzgrep
+  * new profiles: lzless, lzma, lzmainfo, lzmore, unlzma, unxz, xzcat
+  * new profiles: xzcmp, xzdiff, xzegrep, xzfgrep, xzgrep, xzless, xzmore
+  * new profiles: lzip, artha, nitroshare, nitroshare-cli, nitroshare-nmh
+  * new profiles: nirtoshare-send, nitroshare-ui, mencoder, gnome-pie
+  * new profiles: masterpdfeditor, QOwnNotes, aisleriot, Mendeley
+  * new profiles: feedreader, ocenaudio, mpsyt, thunderbird-wayland
+  * new profiles: supertuxkart, ghostwriter, gajim-history-manager
+  * bugfixes
+ -- netblue30 <netblue30@yahoo.com>  Sat, 26 Jan 2019 08:00:00 -0500
+
+firejail (0.9.56) baseline; urgency=low
+  * modif: removed CFG_CHROOT_DESKTOP configuration option
+  * modif: removed compile time --enable-network=restricted
+  * modif: removed compile time --disable-bind
+  * modif: --net=none allowed even if networking was disabled at compile
+     time or at run time
+  * modif: allow system users to run the sandbox
+  * support wireless devices in --net option
+  * support tap devices in --net option (tunneling support)
+  * allow IP address configuration if the parent interface specified
+     by --net is not configured (--netmask)
+  * support for firetunnel utility
+  * disable U2F devices (--nou2f)
+  * add --private-cache to support private ~/.cache
+  * support full paths in private-lib
+  * globbing support in private-lib
+  * support for local user directories in firecfg (--bindir)
+  * new profiles: ms-excel, ms-office, ms-onenote, ms-outlook, ms-powerpoint,
+  * new profiles: ms-skype, ms-word, riot-desktop, gnome-mpv, snox, gradio,
+  * new profiles: standardnotes-desktop, shellcheck, patch, flameshot,
+  * new profiles: rview, rvim, vimcat, vimdiff, vimpager, vimtutor, xxd,
+  * new profiles: Beaker, electrum, clamtk, pybitmessage, dig, whois,
+  * new profiles: jdownloader, Fluxbox, Blackbox, Awesome, i3
+  * new profiles: start-tor-browser.desktop
+ -- netblue30 <netblue30@yahoo.com>  Tue, 18 Sep 2018 08:00:00 -0500
+
+firejail (0.9.54) baseline; urgency=low
+  * modif: --force removed
+  * modif: --csh, --zsh removed
+  * modif: --debug-check-filename removed
+  * modif: --git-install and --git-uninstall removed
+  * modif: support for private-bin, private-lib and shell none has been
+     disabled while running AppImage archives in order to be able to use
+     our regular profile files with AppImages.
+  * modif: restrictions for /proc, /sys and /run/user directories
+     are moved from AppArmor profile into firejail executable
+  * modif: unifying Chromium and Firefox browsers profiles.
+     All users of Firefox-based browsers who use addons and plugins
+     that read/write from ${HOME} will need to uncomment the includes for
+     firefox-common-addons.inc in firefox-common.profile.
+  * modif: split disable-devel.inc into disable-devel and
+     disable-interpreters.inc
+  * Firejail user access database (/etc/firejail/firejail.users,
+     man firejail-users)
+  * add --noautopulse to disable automatic ~/.config/pulse (for complex setups)
+  * Spectre mitigation patch for gcc and clang compiler
+  * D-Bus handling (--nodbus)
+  * AppArmor support for overlayfs and chroot sandboxes
+  * AppArmor support for AppImages
+  * Enable AppArmor by default for a large number of programs
+  * firejail --apparmor.print option
+  * firemon --apparmor option
+  * apparmor yes/no flag in /etc/firejail/firejail.config
+  * seccomp syscall list update for glibc 2.26-10
+  * seccomp disassembler for --seccomp.print option
+  * seccomp machine code optimizer for default seccomp filters
+  * IPv6 DNS support
+  * whitelist support for overlay and chroot sandboxes
+  * private-dev support for overlay and chroot sandboxes
+  * private-tmp support for overlay and chroot sandboxes
+  * added sandbox name support in firemon
+  * firemon/prctl enhancements
+  * noblacklist support for /sys/module directory
+  * whitelist support for /sys/module directory
+  * new profiles: basilisk, Tor Browser language packs, PlayOnLinux, sylpheed,
+  * new profiles: discord-canary, pycharm-community, pycharm-professional,
+  * new profiles: pdfchain, tilp, vivaldi-snapshot, bitcoin-qt, kaffeine,
+  * new profiles: falkon, gnome-builder, asunder, VS Code, gnome-recipes,
+  * new profiles: akonadi_controle, evince-previewer, evince-thumbnailer,
+  * new profiles: blender-2.8, thunderbird-beta, ncdu, gnome-logs, gcloud,
+  * new profiles: musixmatch, gunzip, bunzip2, enchant-lsmod, enchant-lsmod-2,
+  * new profiles: enchant, enchant-2, Discord, acat, adiff, als, apack,
+  * new profiles: arepack, aunpack profiles, ppsspp, scallion, clion,
+  * new profiles: baloo_filemetadata_temp_extractor, AnyDesk, webstorm, xmind,
+  * new profiles: qmmp, sayonara
+ -- netblue30 <netblue30@yahoo.com>  Wed, 16 May 2018 08:00:00 -0500
+
+firejail (0.9.52) baseline; urgency=low
+  * modif: --allow-private-blacklists was deprecated; blacklisting,
+    read-only, read-write, tmpfs and noexec are allowed in
+    private home directories
+  * modif: remount-proc-sys deprecated from firejail.config
+  * modif: follow-symlink-private-bin deprecated from firejail.config
+  * modif: --profile-path was deprecated
   * enhancement: support Firejail user config directory in firecfg
   * enhancement: disable DBus activation in firecfg
+  * enhancement; enumerate root directories in apparmor profile
+  * enhancement: /etc and /usr/share whitelisting support
+  * enhancement: globbing support for --private-bin
+  * feature: systemd-resolved integration
+  * feature: whitelisting /var directory in most profiles
+  * feature: GTK2, GTK3 and Qt4 private-lib support
+  * feature: --debug-private-lib
+  * feature: test deployment of private-lib for the following
+    applications: evince, galculator, gnome-calculator,
+    leafpad, mousepad, transmission-gtk, xcalc, xmr-stak-cpu,
+    atril, mate-color-select, tar, file, strings, gpicview,
+    eom, eog, gedit, pluma
   * feature: --writable-run-user
+  * feature: --rlimit-as
+  * feature: --rlimit-cpu
+  * feature: --timeout
   * feature: profile build tool (--build)
- -- netblue30 <netblue30@yahoo.com>  Thu, 14 Sep 2017 20:00:00 -0500
+  * feature: --netfilter.print
+  * feature: --netfilter6.print
+  * feature: netfilter template support
+  * new profiles: upstreamed many profiles from the following sources:
+     https://github.com/chiraag-nataraj/firejail-profiles,
+     https://github.com/nyancat18/fe,
+     https://aur.archlinux.org/packages/firejail-profiles.
+  * new profiles: terasology, surf, rocketchat, clamscan, clamdscan,
+      clamdtop, freshclam, xmr-stak-cpu, amule, ardour4, ardour5,
+      brackets, calligra, calligraauthor, calligraconverter, calligraflow,
+      calligraplan, calligraplanwork, calligrasheets, calligrastage,
+      calligrawords, cin, dooble, dooble-qt4, fetchmail, freecad, freecadcmd,
+      google-earth,imagej, karbon, kdenlive, krita, linphone, lmms, macrofusion,
+      mpd, natron, Natron, ricochet, shotcut, teamspeak3, tor, tor-browser-en,
+      Viber, x-terminal-emulator, zart, conky, arch-audit, ffmpeg, bluefish,
+      cinelerra, openshot-qt, pinta, uefitool, aosp, pdfmod, gnome-ring,
+      xcalc, zaproxy, kopete, cliqz, signal-desktop, kget, nheko, Enpass,
+      kwin_x11, krunner, ping, bsdtar, makepkg (Arch), archaudit-report
+      cower (Arch), kdeinit4
+ -- netblue30 <netblue30@yahoo.com>  Thu, 7 Dec 2017 08:00:00 -0500
+
+firejail (0.9.50) baseline; urgency=low
+  * modif: --output split in two commands, --output and --output-stderr
+  * feature: per-profile disable-mnt (--disable-mnt)
+  * feature: per-profile support to set X11 Xephyr screen size (--xephyr-screen)
+  * feature: private /lib directory (--private-lib)
+  * feature: disable CDROM/DVD drive (--nodvd)
+  * feature: disable DVB devices (--notv)
+  * feature: --profile.print
+  * enhancement: print all seccomp filters under --debug
+  * enhancement: /proc/sys mounting
+  * enhancement: rework IP address assignment for --net options
+  * enhancement: support for newer Xpra versions (2.1+) -
+     set xpra-attach yes in /etc/firejail/firejail.config
+  * enhancement: all profiles use a standard layout style
+  * enhancement: create /usr/local for firecfg if the directory doesn't exist
+  * enhancement: allow full paths in --private-bin
+  * seccomp feature: --memory-deny-write-execute
+  * seccomp feature: seccomp post-exec
+  * seccomp feature: block secondary architecture (--seccomp.block_secondary)
+  * seccomp feature: seccomp syscall groups
+  * seccomp enhancement: print all seccomp filters under --debug
+  * seccomp enhancement: default seccomp list update
+  * new profiles: curl, mplayer2, SMPlayer, Calibre, ebook-viewer, KWrite,
+  * new profiles: Geary, Liferea, peek, silentarmy, IntelliJ IDEA,
+  * new profiles: Android Studio, electron, riot-web, Extreme Tux Racer,
+  * new profiles: Frozen Bubble, Open Invaders, Pingus, Simutrans, SuperTux
+  * new profiles: telegram-desktop, arm, rambox, apktool, baobab, dex2jar, gitg,
+  * new profiles: hashcat, obs, picard, remmina, sdat2img, soundconverter
+  * new profiles: truecraft, gnome-twitch, tuxguitar, musescore, neverball
+  * new profiles: sqlitebrowse, Yandex Browser, minetest
+  * bugfixes
+ -- netblue30 <netblue30@yahoo.com>  Sat, 30 Sep 2017 08:00:00 -0500
 
 firejail (0.9.50~rc1) baseline; urgency=low
   * release pending!
@@ -17,7 +383,7 @@ firejail (0.9.50~rc1) baseline; urgency=low
   * feature: --profile.print
   * enhancement: print all seccomp filters under --debug
   * enhancement: /proc/sys mounting
-  * enhancement: rework IP address assingment for --net options
+  * enhancement: rework IP address assignment for --net options
   * enhancement: support for newer Xpra versions (2.1+) -
      set xpra-attach yes in /etc/firejail/firejail.config
   * enhancement: all profiles use a standard layout style
@@ -239,7 +605,7 @@ firejail (0.9.42) baseline; urgency=low
   * feature: option to fix desktop files (firecfg --fix)
   * compile time: Busybox support (--enable-busybox-workaround)
   * compile time: disable overlayfs (--disable-overlayfs)
-  * compile time: disable whitlisting (--disable-whitelist)
+  * compile time: disable whitelisting (--disable-whitelist)
   * compile time: disable global config (--disable-globalcfg)
   * run time: enable/disable overlayfs (overlayfs yes/no)
   * run time: enable/disable  quiet as default (quiet-by-default yes/no)