| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.36 to 2.1.37.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/a669cc5936cc5e1b6a362ec1ff9e410dc570d190...959cbb7472c4d4ad70cdfe6f4976053fe48ab394)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
| |
|
|\
| |
| |
| |
| | |
netblue30/dependabot/github_actions/github/codeql-action-2.1.36
build(deps): bump github/codeql-action from 2.1.35 to 2.1.36
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.35 to 2.1.36.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/b2a92eb56d8cb930006a1c6ed86b0782dd8a4297...a669cc5936cc5e1b6a362ec1ff9e410dc570d190)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
|\ \
| | |
| | | |
Avidemux tools support
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Add a profile for the Qt5 GUI to process Avidemux jobs.
Use a redirection to the avidemux3_qt5 profile to reuse translation
files. The application needs to create a network socket on localhost and
fails to run with protocol unix, so that entry in the default avidemux
profile needs to be extended.
|
| | |
| | |
| | |
| | |
| | | |
Add a profile for the command-line interface of Avidemux, which
redirects to the existing avidemux profile.
|
| | |
| | |
| | |
| | |
| | |
| | | |
The Avidemux project stores configuration profile data in ~/.avidemux6,
while the package built by Packman-repositories for openSUSE patches it
to use ~/.avidemux3 at the moment (at least for Avidemux 2.8).
|
| | |
| | |
| | |
| | | |
Add a profile for the Qt5-GUI of Avidemux.
|
| | |
| | |
| | |
| | | |
Add the information that file contents will be overwritten on updates.
|
| | |
| | |
| | |
| | |
| | | |
* qbittorrent: add support for Qt6
* wusc: add support for Qt6
|
|/ /
| |
| | |
Overlooked [this comment](https://github.com/netblue30/firejail/pull/5389#discussion_r992471940) that pointed out a mistake I made.
|
|/
|
|
|
|
|
| |
* clipit hardening
* clipit: fix hardening
* clipit: add xdotool lib to private-lib
|
| |
|
|\
| |
| | |
build: actually set LDFLAGS/LIBS & stop overriding CFLAGS/LDFLAGS
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
From the manual of GNU Automake (version 1.16.5)[1] [2]:
> 3.6 Variables reserved for the user
>
> Some `Makefile` variables are reserved by the GNU Coding Standards for
> the use of the "user"—the person building the package. For instance,
> `CFLAGS` is one such variable.
>
> Sometimes package developers are tempted to set user variables such
> as `CFLAGS` because it appears to make their job easier. However, the
> package itself should never set a user variable, particularly not to
> include switches that are required for proper compilation of the
> package. Since these variables are documented as being for the
> package builder, that person rightfully expects to be able to override
> any of these variables at build time.
>
> To get around this problem, Automake introduces an
> automake-specific shadow variable for each user flag variable.
> (Shadow variables are not introduced for variables like `CC`, where
> they would make no sense.) The shadow variable is named by prepending
> `AM_` to the user variable's name. For instance, the shadow variable
> for `YFLAGS` is `AM_YFLAGS`. The package maintainer—that is, the
> author(s) of the `Makefile.am` and `configure.ac` files—may adjust
> these shadow variables however necessary.
>
> Note Flag Variables Ordering::, for more discussion about these
> variables and how they interact with per-target variables.
See also the description of CFLAGS in the GNU Autoconf manual[3].
Note: We do not use automake (save for aclocal) nor generally follow the
GNU Coding Standards, but the concept still applies. Also, the closest
analogous in the project to the `AM_` prefix would currently likely be
`EXTRA_`.
[1] https://www.gnu.org/software/automake/manual/1.16.5/html_node/User-Variables.html
[2] https://www.gnu.org/software/automake/manual/1.16.5/html_node/Flag-Variables-Ordering.html
[3] https://www.gnu.org/software/autoconf/manual/autoconf-2.69/html_node/Preset-Output-Variables.html
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
LIBS is the variable that Autoconf uses to put library flags. From the
manual of GNU Autoconf (version 2.69):
> -- Variable: LDFLAGS
>
> [...]
>
> This variable's contents should contain options like '-s' and '-L'
> that affect only the behavior of the linker. Please see the
> explanation of 'CFLAGS' for what you can do if an option also
> affects other phases of the compiler.
>
> Don't use this variable to pass library names ('-l') to the linker;
> use 'LIBS' instead.
>
> -- Variable: LIBS
>
> '-l' options to pass to the linker. The default value is empty,
> but some Autoconf macros may prepend extra libraries to this
> variable if those libraries are found and provide necessary
> functions, see *note Libraries::. 'configure' uses this variable
> when linking programs to test for C, C++, Objective C, Objective
> C++, Fortran, and Go features.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Both variables are used inside on src/prog.mk and src/so.mk, but they
are not currently defined in any makefile, so their values cannot be
substituted by ./configure.
This means that the variables can be set when running make (such as with
`make LDFLAGS=-Lfoo`), but changing them in configure.ac has no effect.
The same applies when trying to set them when running ./configure (such
as with `./configure LDFLAGS=-Lfoo`).
|
| |
| |
| |
| |
| |
| | |
Currently, only EXTRA_CFLAGS and EXTRA_LDFLAGS are printed.
See also the variables defined on config.mk.in.
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* private-etc: always include 'alternatives'
* private-etc: always include 'alternatives'
* private-etc: always include 'alternatives'
* private-etc: always include 'alternatives'
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Add firecfg support for tesseract
* Add tesseract to 'New profiles' section in README.md
* Create tesseract.profile
* tesseract: fix private-etc
* tesseract: fix XDG black/whitelisting
* tesseract: use 'seccomp socket' instead of 'protocol unix'
As kindly suggested by @rusty-snake.
* tesseract: add 'restrict-namespaces'
As kindly suggested by @rusty-snake.
* tesseract: use full seccomp filtering
The tesseract application works fine without 'protocol' or 'seccomp socket'.
|
| |
| |
| |
| |
| |
| |
| |
| | |
Just like the other nearby error messages for `chdir`.
Relates to #5510.
Suggested-by: @gitsteff
|
|\ \
| | |
| | | |
spotify.profile: allow spotify-adblock paths
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
As suggested by @glitsj16[1].
Project homepage: https://github.com/abba23/spotify-adblock
Configuration paths:
* /etc/spotify-adblock/config.toml
* ~/.config/spotify-adblock/config.toml
Fixes #5494.
[1] https://github.com/netblue30/firejail/discussions/5494#discussioncomment-4280887
Reported-by: @Rewig95
|
|\ \
| | |
| | | |
kcalc.profile: fix mkfile without mkdir & comment legacy paths
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Leave them commented.
With this commit, there are no more profiles creating paths in ~/.kde
nor in ~/.kde4:
$ git grep -e '^mkdir .*\.kde' -e '^mkfile .*\.kde' -- etc
$
See also commit 3ef030257 ("ktorrent.profile: stop creating legacy KDE
paths", 2022-10-11) / PR #5415.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
firejail may fail to create the following files:
* ~/.kde/share/config/kcalcrc
* ~/.kde4/share/config/kcalcrc
Because it does not create the preceding directories beforehand:
* ~/.kde/share/config
* ~/.kde4/share/config
See also commit 7f1906dba ("ktorrent.profile: fix mkfile without mkdir",
2022-10-11) / PR #5415.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.31 to 2.1.35.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/c3b6fce4ee2ca25bc1066aa3bf73962fda0e8898...b2a92eb56d8cb930006a1c6ed86b0782dd8a4297)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
| |/
|/|
| |
| |
| |
| |
| | |
Tested with org.gnome.TextEditor.
The gtksourceview language-spec hasn't changed between gtksourceview 3,
4 and 5 AFAIK so it should also work on older systems if you copy/link
the file in the right places.
|
|\ \
| | |
| | | |
build: fix formatting and misc in configure
|
| | |
| | |
| | |
| | |
| | | |
Misc: I missed this one on commit 221c10177 ("configure*: Add missing
quotes to arguments", 2021-06-03) / PR #4712.
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Instead of binding them together with conditionals in a single line,
split shell commands into multiple lines to make them more readable.
Note that for the macro arguments in question, the content inside []
quotes is output literally into ./configure, so the commands can be
written as if they were in a shell script directly (save for any special
characters/tokens in Autoconf).
Misc: Relates to commit 2c64d1fdd ("use AX_CHECK_COMPILE_FLAG to check
for spectre flags", 2019-06-21).
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Added on commit d1acb31c9 ("compile time: enable LTS", 2021-02-28).
Note: Do not print a preceding blank line because one is already printed
right before the warning message, right after the items on "Features:".
Example of the resulting warning message:
$ autoconf && ./configure
[...]
configure: creating ./config.status
config.status: creating config.mk
config.status: creating config.sh
Compile options:
[...]
prefix: /usr/local
sysconfdir: ${prefix}/etc
Spectre compiler patch: yes
Features:
[...]
SELinux labeling support:
user namespace: -DHAVE_USERNS
X11 sandboxing support: -DHAVE_X11
*********************************************************
* Warning: Long-term support (LTS) was enabled! *
* Most compile-time options have been rewritten! *
*********************************************************
$
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Consider the current code:
AS_IF([test "x$enable_lts" = "xyes"], [
# ...
HAVE_CONTRIB_INSTALL="no",
Result of testing the value:
$ HAVE_CONTRIB_INSTALL="no",
$ printf '%s\n' "$HAVE_CONTRIB_INSTALL"
no,
$ test "x$HAVE_CONTRIB_INSTALL" = "xno" &&
echo equal || echo 'not equal'
not equal
This means that whenever HAVE_LTS is enabled, HAVE_CONTRIB_INSTALL is
always considered enabled when testing against "no".
But luckily, in the current code the latter variable is only tested
against "yes", so nothing should be affected:
$ git grep HAVE_CONTRIB_INSTALL |
grep -v -e '^configure:' -e '^configure.ac:'
Makefile:ifeq ($(HAVE_CONTRIB_INSTALL),yes)
config.mk.in:HAVE_CONTRIB_INSTALL=@HAVE_CONTRIB_INSTALL@
Added on commit d1acb31c9 ("compile time: enable LTS", 2021-02-28).
|
| | |
| | |
| | |
| | |
| | |
| | | |
s/bean/been
Added on commit d1acb31c9 ("compile time: enable LTS", 2021-02-28).
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* fix whitelisting in ${RUNUSER}
See discussions https://github.com/netblue30/firejail/discussions/5495 for context.
* Prevent whitelisting ${RUNUSER} comment
|
| |/
|/|
| |
| |
| | |
* AppArmor: add more examples to firejail-local
* comments fixes
|
| |
| |
| |
| | |
Relates to #5189 #5349 #5439 #5485.
|
|/ |
|
|
|
|
|
|
|
|
|
|
| |
To avoid running CI unnecessarily.
Misc: I noticed this on commit a42c1de0b ("profile-checks.yml: sort
paths-ignore", 2022-11-27). See also commit 768410cf5 ("Run
profile-ckeck on workflow edits", 2022-11-27).
Relates to #5481.
|
|
|
|
|
| |
See commit 9bf5e453c ("ci: sort items on paths-ignore lists",
2022-07-12) / PR #5481 for details.
|
| |
|
| |
|
| |
|
|
|
|
| |
Relates to #5429 #5478 #5481.
|
|\
| |
| | |
ktorrent.profile: fix mkfile without mkdir & comment legacy paths
|