diff options
Diffstat (limited to 'RELNOTES')
-rw-r--r-- | RELNOTES | 376 |
1 files changed, 371 insertions, 5 deletions
@@ -1,10 +1,376 @@ | |||
1 | firejail (0.9.51) baseline; urgency=low | 1 | firejail (0.9.67) baseline; urgency=low |
2 | * work in progress! | 2 | * work in progress |
3 | * deprecated --disable-whitelist at compile time | ||
4 | * deprecated whitelist=yes/no in /etc/firejail/firejail.config | ||
5 | * remove (some) environment variables with auth-tokens | ||
6 | * new includes: whitelist-run-common.inc, disable-X11.inc | ||
7 | * removed includes: disable-passwordmgr.inc | ||
8 | * new profiles: microsoft-edge-beta, clion-eap, lifeograph, zim | ||
9 | * new profiles: io.github.lainsce.Notejot, rednotebook, gallery-dl | ||
10 | * new profiles: yt-dlp | ||
11 | -- netblue30 <netblue30@yahoo.com> Thu, 29 Jul 2021 09:00:00 -0500 | ||
12 | |||
13 | firejail (0.9.66) baseline; urgency=low | ||
14 | * deprecated --audit options, relpaced by jailcheck utility | ||
15 | * deprecated follow-symlink-as-user from firejail.config | ||
16 | * new firejail.config settings: private-bin, private-etc | ||
17 | * new firejail.config settings: private-opt, private-srv | ||
18 | * new firejail.config settings: whitelist-disable-topdir | ||
19 | * new firejail.config settings: seccomp-filter-add | ||
20 | * removed kcmp syscall from seccomp default filter | ||
21 | * rename --noautopulse to keep-config-pulse | ||
22 | * filtering environment variables | ||
23 | * zsh completion | ||
24 | * command line: --mkdir, --mkfile | ||
25 | * --protocol now accumulates | ||
26 | * Jolla/SailfishOS patches | ||
27 | * private-lib rework | ||
28 | * whitelist rework | ||
29 | * jailtest utility for testing running sandboxes | ||
30 | * capabilities list update | ||
31 | * faccessat2 syscall support | ||
32 | * --private-dev keeps /dev/input | ||
33 | * added --noinput to disable /dev/input | ||
34 | * add support for subdirs in --private-etc | ||
35 | * compile time: --enable-force-nonewprivs | ||
36 | * compile time: --disable-output | ||
37 | * compile time: --enable-lts | ||
38 | * subdirs support in private-etc | ||
39 | * input devices support in private-dev, --no-input | ||
40 | * support trailing comments on profile lines | ||
41 | * new profiles: vmware-view, display-im6.q16, ipcalc, ipcalc-ng | ||
42 | * ebook-convert, ebook-edit, ebook-meta, ebook-polish, lzop, | ||
43 | * avidemux, calligragemini, vmware-player, vmware-workstation | ||
44 | * gget, com.github.phase1geo.minder, nextcloud-desktop, pcsxr | ||
45 | * PPSSPPSDL, openmw, openmw-launcher, jami-gnome, PCSX2, sum | ||
46 | * bcompare, b2sum, cksum, md5sum, sha1sum, sha224sum, sha256sum | ||
47 | * sha384sum, sha512sum, librewold-nightly, Quodlibet, tmux, sway | ||
48 | * alienarena, alienarena-wrapper, ballbuster, ballbuster-wrapper, | ||
49 | * colorful, colorful-wrapper, gl-117, gl-117-wrapper, glaxium, | ||
50 | * glaxium-wrapper, pinball, pinball-wrapper, etr-wrapper, firedragon | ||
51 | * neverball-wrapper, neverputt-wrapper, supertuxkart-wrapper, neochat, | ||
52 | * cargo, LibreCAD, blobby, funnyboat, pipe-viewer, gtk-pipe-viewer | ||
53 | * links2, xlinks2, googler, ddgr, tin | ||
54 | -- netblue30 <netblue30@yahoo.com> Mon, 28 Jun 2021 09:00:00 -0500 | ||
55 | |||
56 | firejail (0.9.64.4) baseline; urgency=low | ||
57 | * disabled overlayfs, pending multiple fixes (CVE-2021-26910) | ||
58 | -- netblue30 <netblue30@yahoo.com> Sun, 7 Feb 2021 09:00:00 -0500 | ||
59 | |||
60 | firejail (0.9.64.2) baseline; urgency=low | ||
61 | * allow --tmpfs inside $HOME for unprivileged users | ||
62 | * --disable-usertmpfs compile time option | ||
63 | * allow AF_BLUETOOTH via --protocol=bluetooth | ||
64 | * Setup guide for new users: contrib/firejail-welcome.sh | ||
65 | * implement netns in profiles | ||
66 | * added nolocal6.net IPv6 network filter | ||
67 | * new profiles: spectacle, chromium-browser-privacy, gtk-straw-viewer | ||
68 | * new profiles: gtk-youtube-viewer, gtk2-youtube-viewer, gtk3-youtube-viewer | ||
69 | * new profiles: straw-viewer, lutris, dolphin-emu, authenticator-rs, servo | ||
70 | * new profiles: npm, marker, yarn, lsar, unar, agetpkg, mdr, shotwell, qnapi | ||
71 | * new profiles: guvcview, pkglog, kdiff3, CoyIM | ||
72 | -- netblue30 <netblue30@yahoo.com> Tue, 26 Jan 2021 09:00:00 -0500 | ||
73 | |||
74 | firejail (0.9.64) baseline; urgency=low | ||
75 | * replaced --nowrap option with --wrap in firemon | ||
76 | * The blocking action of seccomp filters has been changed from | ||
77 | killing the process to returning EPERM to the caller. To get the | ||
78 | previous behaviour, use --seccomp-error-action=kill or | ||
79 | syscall:kill syntax when constructing filters, or override in | ||
80 | /etc/firejail/firejail.config file. | ||
81 | * Fine-grained D-Bus sandboxing with xdg-dbus-proxy. | ||
82 | xdg-dbus-proxy must be installed, if not D-Bus access will be allowed. | ||
83 | With this version nodbus is deprecated, in favor of dbus-user none and | ||
84 | dbus-system none and will be removed in a future version. | ||
85 | * DHCP client support | ||
86 | * firecfg only fix dektop-files if started with sudo | ||
87 | * SELinux labeling support | ||
88 | * custom 32-bit seccomp filter support | ||
89 | * restrict ${RUNUSER} in several profiles | ||
90 | * blacklist shells such as bash in several profiles | ||
91 | * whitelist globbing | ||
92 | * mkdir and mkfile support for /run/user directory | ||
93 | * support ignore for include | ||
94 | * --include on the command line | ||
95 | * splitting up media players whitelists in whitelist-players.inc | ||
96 | * new condition: HAS_NOSOUND | ||
97 | * new profiles: gfeeds, firefox-x11, tvbrowser, rtv, clipgrab, muraster | ||
98 | * new profiles: gnome-passwordsafe, bibtex, gummi, latex, mupdf-x11-curl | ||
99 | * new profiles: pdflatex, tex, wpp, wpspdf, wps, et, multimc, mupdf-x11 | ||
100 | * new profiles: gnome-hexgl, com.github.johnfactotum.Foliate, mupdf-gl, mutool | ||
101 | * new profiles: desktopeditors, impressive, planmaker18, planmaker18free | ||
102 | * new profiles: presentations18, presentations18free, textmaker18, teams | ||
103 | * new profiles: textmaker18free, xournal, gnome-screenshot, ripperX | ||
104 | * new profiles: sound-juicer, com.github.dahenson.agenda, gnome-pomodoro | ||
105 | * new profiles: gnome-todo, x2goclient, iagno, kmplayer, penguin-command | ||
106 | * new profiles: frogatto, gnome-mines, gnome-nibbles, lightsoff, warmux | ||
107 | * new profiles: ts3client_runscript.sh, ferdi, abiword, four-in-a-row | ||
108 | * new profiles: gnome-mahjongg, gnome-robots, gnome-sudoku, gnome-taquin | ||
109 | * new profiles: gnome-tetravex, blobwars, gravity-beams-and-evaporating-stars | ||
110 | * new profiles: hyperrogue, jumpnbump-menu, jumpnbump, magicor, mindless | ||
111 | * new profiles: mirrormagic, mrrescue, scorched3d-wrapper, scorchwentbonkers | ||
112 | * new profiles: seahorse-adventures, wordwarvi, xbill, gnome-klotski | ||
113 | * new profiles: swell-foop, fdns, five-or-more, steam-runtime | ||
114 | * new profiles: nicotine, plv, mocp, apostrophe, quadrapassel, dino-im | ||
115 | * new profiles: hitori, bijiben, gnote, gnubik, ZeGrapher, xonotic-sdl-wrapper | ||
116 | * new profiles: gapplication, openarena_ded, element-desktop, cawbird | ||
117 | * new profiles: freetube, strawberry, jitsi-meet-desktop | ||
118 | * new profiles: homebank, mattermost-desktop, newsflash, com.gitlab.newsflash | ||
119 | * new profiles: sushi, xfce4-screenshooter, org.gnome.NautilusPreviewer, lyx | ||
120 | * new profiles: minitube, nuclear, mtpaint, minecraft-launcher, gnome-calendar | ||
121 | * new profiles: vmware, git-cola, otter-browser, kazam, menulibre, musictube | ||
122 | * new profiles: onboard, fractal, mirage, quaternion, spectral, man, psi | ||
123 | * new profiles: smuxi-frontend-gnome, balsa, kube, trojita, youtube | ||
124 | * new profiles: youtubemusic-nativefier, cola, dbus-send, notify-send | ||
125 | * new profiles: qrencode, ytmdesktop, twitch | ||
126 | * new profiles: xournalpp, chromium-freeworld, equalx | ||
127 | -- netblue30 <netblue30@yahoo.com> Wed, 21 Oct 2020 08:00:00 -0500 | ||
128 | |||
129 | firejail (0.9.62) baseline; urgency=low | ||
130 | * added file-copy-limit in /etc/firejail/firejail.config | ||
131 | * profile templates (/usr/share/doc/firejail) | ||
132 | * allow-debuggers support in profiles | ||
133 | * several seccomp enhancements | ||
134 | * compiler flags autodetection | ||
135 | * move chroot entirely from path based to file descriptor based mounts | ||
136 | * whitelisting /usr/share in a large number of profiles | ||
137 | * new scripts in conrib: gdb-firejail.sh and sort.py | ||
138 | * enhancement: whitelist /usr/share in some profiles | ||
139 | * added signal mediation ot apparmor profile | ||
140 | * new conditions: HAS_X11, HAS_NET | ||
141 | * new profiles: qgis, klatexformula, klatexformula_cmdl, links, xlinks | ||
142 | * new profiles: pandoc, teams-for-linux, OpenArena, gnome-sound-recorder | ||
143 | * new profiles: godot, tcpdump, tshark, newsbeuter, keepassxc-cli | ||
144 | * new profiles: keepassxc-proxy, rhythmbox-client, jerry, zeal, mpg123 | ||
145 | * new profiles: conplay, mpg123.bin, mpg123-alsa, mpg123-id3dump, out123 | ||
146 | * new profiles: mpg123-jack, mpg123-nas, mpg123-openal, mpg123-oss | ||
147 | * new profiles: mpg123-portaudio, mpg123-pulse, mpg123-strip, pavucontrol-qt | ||
148 | * new profiles: gnome-characters, gnome-character-map, rsync, Whalebird, | ||
149 | * new profiles: tor-browser (AUR), Zulip, tb-starter-wrapper, bzcat, | ||
150 | * new profiles: kiwix-desktop, bzcat, zstd, pzstd, zstdcat, zstdgrep, zstdless | ||
151 | * new profiles: zstdmt, unzstd, i2p, ar, gnome-latex, pngquant, kalgebra | ||
152 | * new profiles: kalgebramobile, signal-cli, amuled, kfind, profanity | ||
153 | * new profiles: audio-recorder, cameramonitor, ddgtk, drawio, unf, gmpc | ||
154 | * new profiles: electron-mail, gist, gist-paste | ||
155 | -- netblue30 <netblue30@yahoo.com> Sat, 28 Dec 2019 08:00:00 -0500 | ||
156 | |||
157 | firejail (0.9.60) baseline; urgency=low | ||
158 | * security bug reported by Austin Morton: | ||
159 | Seccomp filters are copied into /run/firejail/mnt, and are writable | ||
160 | within the jail. A malicious process can modify files from inside the | ||
161 | jail. Processes that are later joined to the jail will not have seccomp | ||
162 | filters applied. | ||
163 | * memory-deny-write-execute now also blocks memfd_create | ||
164 | * add private-cwd option to control working directory within jail | ||
165 | * blocking system D-Bus socket with --nodbus | ||
166 | * bringing back Centos 6 support | ||
167 | * drop support for flatpak/snap packages | ||
168 | * new profiles: crow, nyx, mypaint, celluoid, nano, transgui, mpdris2 | ||
169 | * new profiles: sysprof, simplescreenrecorder, geekbench, xfce4-mixer | ||
170 | * new profiles: pavucontrol, d-feet, seahorse, secret-tool, gnome-keyring | ||
171 | * new profiles: regextester, hardinfo, gnome-system-log, gnome-nettool | ||
172 | * new profiles: netactview, redshift, devhelp, assogiate, subdownloader | ||
173 | * new profiles: font-manager, exfalso, gconf-editor, dconf-editor | ||
174 | * new profiles: sysprof-cli, seahorse-tool, secret-tool, dconf, gsettings | ||
175 | * new profiles: code-oss, pragha, Maelstrom, ostrichriders, bzflag | ||
176 | * new profiles: freeciv, lincity-ng, megaglest, openttd, crawl, crawl-tiles | ||
177 | * new profiles: teeworlds, torcs, tremulous, warsow, lugaru, manaplus | ||
178 | * new profiles: pioneer, scorched3d, widelands, freemind, kid3, kid3-qt | ||
179 | * new profiles: kid3-cli, nomacs, freecol, opencity, openclonk, slashem | ||
180 | * new profiles: vultureseye, vulturesclaw, anki, cheese, utox, mp3splt | ||
181 | * new profiles: oggsplt, flacsplt, gramps, newsboat, freeoffice-planmaker | ||
182 | * new profiles: autokey-gtk, autokey-qt, autokey-run, autokey-shell | ||
183 | * new profiles: freeoffice-presentations, freeoffice-textmaker, mp3wrap | ||
184 | * new profiles: inkview, meteo-qt, mp3splt-gtk, ktouch, yelp, cantata | ||
185 | -- netblue30 <netblue30@yahoo.com> Sun, 26 May 2019 08:00:00 -0500 | ||
186 | |||
187 | firejail (0.9.58,2) baseline; urgency=low | ||
188 | * cgroup flag in /etc/firejail/firejail.config file | ||
189 | * name-change flag in /etc/firejail.config file | ||
190 | * --name rework | ||
191 | * new profiles: klavaro, vscodium | ||
192 | * browser profiles fixes | ||
193 | * various other bugfixes | ||
194 | -- netblue30 <netblue30@yahoo.com> Fri, 8 Feb 2019 08:00:00 -0500 | ||
195 | |||
196 | firejail (0.9.58) baseline; urgency=low | ||
197 | * --disable-mnt rework | ||
198 | * --net.print command | ||
199 | * GitLab CI/CD integration: disto specific builds | ||
200 | * profile parser enhancements and conditional handling support | ||
201 | for HAS_APPIMAGE, HAS_NODBUS, BROWSER_DISABLE_U2F | ||
202 | * profile name support | ||
203 | * added explicit nonewprivs support to join option | ||
204 | * new profiles: QMediathekView, aria2c, Authenticator, checkbashisms | ||
205 | * new profiles: devilspie, devilspie2, easystroke, github-desktop, min | ||
206 | * new profiles: bsdcat, bsdcpio, bsdtar, lzmadec, lbunzip2, lbzcat | ||
207 | * new profiles: lbzip2, lzcat, lzcmp, lzdiff, lzegrep, lzfgrep, lzgrep | ||
208 | * new profiles: lzless, lzma, lzmainfo, lzmore, unlzma, unxz, xzcat | ||
209 | * new profiles: xzcmp, xzdiff, xzegrep, xzfgrep, xzgrep, xzless, xzmore | ||
210 | * new profiles: lzip, artha, nitroshare, nitroshare-cli, nitroshare-nmh | ||
211 | * new profiles: nirtoshare-send, nitroshare-ui, mencoder, gnome-pie | ||
212 | * new profiles: masterpdfeditor, QOwnNotes, aisleriot, Mendeley | ||
213 | * new profiles: feedreader, ocenaudio, mpsyt, thunderbird-wayland | ||
214 | * new profiles: supertuxkart, ghostwriter, gajim-history-manager | ||
215 | * bugfixes | ||
216 | -- netblue30 <netblue30@yahoo.com> Sat, 26 Jan 2019 08:00:00 -0500 | ||
217 | |||
218 | firejail (0.9.56) baseline; urgency=low | ||
219 | * modif: removed CFG_CHROOT_DESKTOP configuration option | ||
220 | * modif: removed compile time --enable-network=restricted | ||
221 | * modif: removed compile time --disable-bind | ||
222 | * modif: --net=none allowed even if networking was disabled at compile | ||
223 | time or at run time | ||
224 | * modif: allow system users to run the sandbox | ||
225 | * support wireless devices in --net option | ||
226 | * support tap devices in --net option (tunneling support) | ||
227 | * allow IP address configuration if the parent interface specified | ||
228 | by --net is not configured (--netmask) | ||
229 | * support for firetunnel utility | ||
230 | * disable U2F devices (--nou2f) | ||
231 | * add --private-cache to support private ~/.cache | ||
232 | * support full paths in private-lib | ||
233 | * globbing support in private-lib | ||
234 | * support for local user directories in firecfg (--bindir) | ||
235 | * new profiles: ms-excel, ms-office, ms-onenote, ms-outlook, ms-powerpoint, | ||
236 | * new profiles: ms-skype, ms-word, riot-desktop, gnome-mpv, snox, gradio, | ||
237 | * new profiles: standardnotes-desktop, shellcheck, patch, flameshot, | ||
238 | * new profiles: rview, rvim, vimcat, vimdiff, vimpager, vimtutor, xxd, | ||
239 | * new profiles: Beaker, electrum, clamtk, pybitmessage, dig, whois, | ||
240 | * new profiles: jdownloader, Fluxbox, Blackbox, Awesome, i3 | ||
241 | * new profiles: start-tor-browser.desktop | ||
242 | -- netblue30 <netblue30@yahoo.com> Tue, 18 Sep 2018 08:00:00 -0500 | ||
243 | |||
244 | firejail (0.9.54) baseline; urgency=low | ||
245 | * modif: --force removed | ||
246 | * modif: --csh, --zsh removed | ||
247 | * modif: --debug-check-filename removed | ||
248 | * modif: --git-install and --git-uninstall removed | ||
249 | * modif: support for private-bin, private-lib and shell none has been | ||
250 | disabled while running AppImage archives in order to be able to use | ||
251 | our regular profile files with AppImages. | ||
252 | * modif: restrictions for /proc, /sys and /run/user directories | ||
253 | are moved from AppArmor profile into firejail executable | ||
254 | * modif: unifying Chromium and Firefox browsers profiles. | ||
255 | All users of Firefox-based browsers who use addons and plugins | ||
256 | that read/write from ${HOME} will need to uncomment the includes for | ||
257 | firefox-common-addons.inc in firefox-common.profile. | ||
258 | * modif: split disable-devel.inc into disable-devel and | ||
259 | disable-interpreters.inc | ||
260 | * Firejail user access database (/etc/firejail/firejail.users, | ||
261 | man firejail-users) | ||
262 | * add --noautopulse to disable automatic ~/.config/pulse (for complex setups) | ||
263 | * Spectre mitigation patch for gcc and clang compiler | ||
264 | * D-Bus handling (--nodbus) | ||
265 | * AppArmor support for overlayfs and chroot sandboxes | ||
266 | * AppArmor support for AppImages | ||
267 | * Enable AppArmor by default for a large number of programs | ||
268 | * firejail --apparmor.print option | ||
269 | * firemon --apparmor option | ||
270 | * apparmor yes/no flag in /etc/firejail/firejail.config | ||
271 | * seccomp syscall list update for glibc 2.26-10 | ||
272 | * seccomp disassembler for --seccomp.print option | ||
273 | * seccomp machine code optimizer for default seccomp filters | ||
274 | * IPv6 DNS support | ||
275 | * whitelist support for overlay and chroot sandboxes | ||
276 | * private-dev support for overlay and chroot sandboxes | ||
277 | * private-tmp support for overlay and chroot sandboxes | ||
278 | * added sandbox name support in firemon | ||
279 | * firemon/prctl enhancements | ||
280 | * noblacklist support for /sys/module directory | ||
281 | * whitelist support for /sys/module directory | ||
282 | * new profiles: basilisk, Tor Browser language packs, PlayOnLinux, sylpheed, | ||
283 | * new profiles: discord-canary, pycharm-community, pycharm-professional, | ||
284 | * new profiles: pdfchain, tilp, vivaldi-snapshot, bitcoin-qt, kaffeine, | ||
285 | * new profiles: falkon, gnome-builder, asunder, VS Code, gnome-recipes, | ||
286 | * new profiles: akonadi_controle, evince-previewer, evince-thumbnailer, | ||
287 | * new profiles: blender-2.8, thunderbird-beta, ncdu, gnome-logs, gcloud, | ||
288 | * new profiles: musixmatch, gunzip, bunzip2, enchant-lsmod, enchant-lsmod-2, | ||
289 | * new profiles: enchant, enchant-2, Discord, acat, adiff, als, apack, | ||
290 | * new profiles: arepack, aunpack profiles, ppsspp, scallion, clion, | ||
291 | * new profiles: baloo_filemetadata_temp_extractor, AnyDesk, webstorm, xmind, | ||
292 | * new profiles: qmmp, sayonara | ||
293 | -- netblue30 <netblue30@yahoo.com> Wed, 16 May 2018 08:00:00 -0500 | ||
294 | |||
295 | firejail (0.9.52) baseline; urgency=low | ||
296 | * modif: --allow-private-blacklists was deprecated; blacklisting, | ||
297 | read-only, read-write, tmpfs and noexec are allowed in | ||
298 | private home directories | ||
299 | * modif: remount-proc-sys deprecated from firejail.config | ||
300 | * modif: follow-symlink-private-bin deprecated from firejail.config | ||
301 | * modif: --profile-path was deprecated | ||
3 | * enhancement: support Firejail user config directory in firecfg | 302 | * enhancement: support Firejail user config directory in firecfg |
4 | * enhancement: disable DBus activation in firecfg | 303 | * enhancement: disable DBus activation in firecfg |
304 | * enhancement; enumerate root directories in apparmor profile | ||
305 | * enhancement: /etc and /usr/share whitelisting support | ||
306 | * enhancement: globbing support for --private-bin | ||
307 | * feature: systemd-resolved integration | ||
308 | * feature: whitelisting /var directory in most profiles | ||
309 | * feature: GTK2, GTK3 and Qt4 private-lib support | ||
310 | * feature: --debug-private-lib | ||
311 | * feature: test deployment of private-lib for the following | ||
312 | applications: evince, galculator, gnome-calculator, | ||
313 | leafpad, mousepad, transmission-gtk, xcalc, xmr-stak-cpu, | ||
314 | atril, mate-color-select, tar, file, strings, gpicview, | ||
315 | eom, eog, gedit, pluma | ||
5 | * feature: --writable-run-user | 316 | * feature: --writable-run-user |
317 | * feature: --rlimit-as | ||
318 | * feature: --rlimit-cpu | ||
319 | * feature: --timeout | ||
6 | * feature: profile build tool (--build) | 320 | * feature: profile build tool (--build) |
7 | -- netblue30 <netblue30@yahoo.com> Thu, 14 Sep 2017 20:00:00 -0500 | 321 | * feature: --netfilter.print |
322 | * feature: --netfilter6.print | ||
323 | * feature: netfilter template support | ||
324 | * new profiles: upstreamed many profiles from the following sources: | ||
325 | https://github.com/chiraag-nataraj/firejail-profiles, | ||
326 | https://github.com/nyancat18/fe, | ||
327 | https://aur.archlinux.org/packages/firejail-profiles. | ||
328 | * new profiles: terasology, surf, rocketchat, clamscan, clamdscan, | ||
329 | clamdtop, freshclam, xmr-stak-cpu, amule, ardour4, ardour5, | ||
330 | brackets, calligra, calligraauthor, calligraconverter, calligraflow, | ||
331 | calligraplan, calligraplanwork, calligrasheets, calligrastage, | ||
332 | calligrawords, cin, dooble, dooble-qt4, fetchmail, freecad, freecadcmd, | ||
333 | google-earth,imagej, karbon, kdenlive, krita, linphone, lmms, macrofusion, | ||
334 | mpd, natron, Natron, ricochet, shotcut, teamspeak3, tor, tor-browser-en, | ||
335 | Viber, x-terminal-emulator, zart, conky, arch-audit, ffmpeg, bluefish, | ||
336 | cinelerra, openshot-qt, pinta, uefitool, aosp, pdfmod, gnome-ring, | ||
337 | xcalc, zaproxy, kopete, cliqz, signal-desktop, kget, nheko, Enpass, | ||
338 | kwin_x11, krunner, ping, bsdtar, makepkg (Arch), archaudit-report | ||
339 | cower (Arch), kdeinit4 | ||
340 | -- netblue30 <netblue30@yahoo.com> Thu, 7 Dec 2017 08:00:00 -0500 | ||
341 | |||
342 | firejail (0.9.50) baseline; urgency=low | ||
343 | * modif: --output split in two commands, --output and --output-stderr | ||
344 | * feature: per-profile disable-mnt (--disable-mnt) | ||
345 | * feature: per-profile support to set X11 Xephyr screen size (--xephyr-screen) | ||
346 | * feature: private /lib directory (--private-lib) | ||
347 | * feature: disable CDROM/DVD drive (--nodvd) | ||
348 | * feature: disable DVB devices (--notv) | ||
349 | * feature: --profile.print | ||
350 | * enhancement: print all seccomp filters under --debug | ||
351 | * enhancement: /proc/sys mounting | ||
352 | * enhancement: rework IP address assignment for --net options | ||
353 | * enhancement: support for newer Xpra versions (2.1+) - | ||
354 | set xpra-attach yes in /etc/firejail/firejail.config | ||
355 | * enhancement: all profiles use a standard layout style | ||
356 | * enhancement: create /usr/local for firecfg if the directory doesn't exist | ||
357 | * enhancement: allow full paths in --private-bin | ||
358 | * seccomp feature: --memory-deny-write-execute | ||
359 | * seccomp feature: seccomp post-exec | ||
360 | * seccomp feature: block secondary architecture (--seccomp.block_secondary) | ||
361 | * seccomp feature: seccomp syscall groups | ||
362 | * seccomp enhancement: print all seccomp filters under --debug | ||
363 | * seccomp enhancement: default seccomp list update | ||
364 | * new profiles: curl, mplayer2, SMPlayer, Calibre, ebook-viewer, KWrite, | ||
365 | * new profiles: Geary, Liferea, peek, silentarmy, IntelliJ IDEA, | ||
366 | * new profiles: Android Studio, electron, riot-web, Extreme Tux Racer, | ||
367 | * new profiles: Frozen Bubble, Open Invaders, Pingus, Simutrans, SuperTux | ||
368 | * new profiles: telegram-desktop, arm, rambox, apktool, baobab, dex2jar, gitg, | ||
369 | * new profiles: hashcat, obs, picard, remmina, sdat2img, soundconverter | ||
370 | * new profiles: truecraft, gnome-twitch, tuxguitar, musescore, neverball | ||
371 | * new profiles: sqlitebrowse, Yandex Browser, minetest | ||
372 | * bugfixes | ||
373 | -- netblue30 <netblue30@yahoo.com> Sat, 30 Sep 2017 08:00:00 -0500 | ||
8 | 374 | ||
9 | firejail (0.9.50~rc1) baseline; urgency=low | 375 | firejail (0.9.50~rc1) baseline; urgency=low |
10 | * release pending! | 376 | * release pending! |
@@ -17,7 +383,7 @@ firejail (0.9.50~rc1) baseline; urgency=low | |||
17 | * feature: --profile.print | 383 | * feature: --profile.print |
18 | * enhancement: print all seccomp filters under --debug | 384 | * enhancement: print all seccomp filters under --debug |
19 | * enhancement: /proc/sys mounting | 385 | * enhancement: /proc/sys mounting |
20 | * enhancement: rework IP address assingment for --net options | 386 | * enhancement: rework IP address assignment for --net options |
21 | * enhancement: support for newer Xpra versions (2.1+) - | 387 | * enhancement: support for newer Xpra versions (2.1+) - |
22 | set xpra-attach yes in /etc/firejail/firejail.config | 388 | set xpra-attach yes in /etc/firejail/firejail.config |
23 | * enhancement: all profiles use a standard layout style | 389 | * enhancement: all profiles use a standard layout style |
@@ -239,7 +605,7 @@ firejail (0.9.42) baseline; urgency=low | |||
239 | * feature: option to fix desktop files (firecfg --fix) | 605 | * feature: option to fix desktop files (firecfg --fix) |
240 | * compile time: Busybox support (--enable-busybox-workaround) | 606 | * compile time: Busybox support (--enable-busybox-workaround) |
241 | * compile time: disable overlayfs (--disable-overlayfs) | 607 | * compile time: disable overlayfs (--disable-overlayfs) |
242 | * compile time: disable whitlisting (--disable-whitelist) | 608 | * compile time: disable whitelisting (--disable-whitelist) |
243 | * compile time: disable global config (--disable-globalcfg) | 609 | * compile time: disable global config (--disable-globalcfg) |
244 | * run time: enable/disable overlayfs (overlayfs yes/no) | 610 | * run time: enable/disable overlayfs (overlayfs yes/no) |
245 | * run time: enable/disable quiet as default (quiet-by-default yes/no) | 611 | * run time: enable/disable quiet as default (quiet-by-default yes/no) |