aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAge
...
| * configure*: list one file per line on AC_CONFIG_FILESLibravatar Kelvin M. Klann2022-06-12
| | | | | | | | | | | | | | | | To make it easier to read and edit them and to make the diffs clearer. vim commands used to search and replace: :0/AC_CONFIG_FILES/1 | ,+3s/ \\// | -3,+1s/ /\r/g
| * configure*: run autoconfLibravatar Kelvin M. Klann2022-06-12
|/ | | | | | | An output message and some whitespace were changed on commit 9903aaa9c ("rel 0.9.68rc1 testing", 2022-01-18). Environment: autoconf 2.69 (with the runstatedir patch) on Artix Linux
* README.md updateLibravatar netblue302022-06-12
|
* 0.9.71Libravatar netblue302022-06-12
|
* Revert "fj-mkdeb.py: run distclean before ./configure"Libravatar Kelvin M. Klann2022-06-11
| | | | | | | | | | | | | | | | This reverts commit b4d0b24c533c8aebb8961bf658e3b41580b073e2. This amends commit 56b86f8ac ("Revert "Makefile.in: stop running distclean on dist"", 2022-06-08) / PR #5182. Since the revert, `make dist` itself already runs `make distclean`. This also means that it is no longer necessary to run ./configure (to generate "Makefile" from "Makefile.in") before running ./contrib/fj-mkdeb.py. Misc: This is not a clean revert. Relates to #5154.
* fix typo in firejail-welcome.shLibravatar PizzaDude2022-06-10
|
* fix typoLibravatar Reiner Herrmann2022-06-09
|
* release 0.9.70 testing0.9.70Libravatar netblue2022-06-09
|
* Merge pull request #5184 from kmk3/relnotes-new-removed-profilesLibravatar netblue302022-06-09
|\ | | | | RELNOTES: add new and removed profiles
| * RELNOTES: add removed nvm profileLibravatar Kelvin M. Klann2022-06-09
| | | | | | | | | | | | | | | | | | | | Commands used to find the profile: $ git log --pretty= --graph --name-only \ --diff-filter=DBX 0.9.68..HEAD -- etc $ tig --diff-filter=DXB 0.9.68..HEAD -- etc Relates to #5058.
| * RELNOTES: add missing new profilesLibravatar Kelvin M. Klann2022-06-09
|/ | | | | | | | | | | | Profiles: opera-developer, node-gyp, npx, semver, ping-hardened. Commands used to find the profiles: $ git log --pretty= --graph --name-only \ --diff-filter=AC 0.9.68..HEAD -- etc $ tig --diff-filter=AC 0.9.68..HEAD -- etc Relates to #5001 #5058 #5061.
* RELNOTES: sort items by done date within categoriesLibravatar Kelvin M. Klann2022-06-09
| | | | Relates to #5111 #5122 #5155.
* RELNOTES: add feature: always log seccomp errorsLibravatar Kelvin M. Klann2022-06-08
| | | | Relates to #5110.
* RELNOTES: add build entriesLibravatar Kelvin M. Klann2022-06-08
| | | | Relates to #5133 #5154.
* Merge pull request #5182 from kmk3/revert-stop-distclean-on-distLibravatar netblue302022-06-08
|\ | | | | Revert "Makefile.in: stop running distclean on dist"
| * Revert "Makefile.in: stop running distclean on dist"Libravatar Kelvin M. Klann2022-06-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit 1fb814e51149d105233f1edc1abb0de202f71b4d. If distclean is not executed before copying the files on dist, then the generated files inside src/ are included in the dist archive: $ ./configure >/dev/null && make distclean >/dev/null && ./configure >/dev/null && make dist | grep 'Makefile$' | wc -l 26 This happens because src/ is copied wholesale on dist (see DISTFILES). Revert the commit to ensure that only the input files (such as the "Makefile.in" files) are archived. Related discussion: https://github.com/netblue30/firejail/pull/5154#pullrequestreview-980810845 Relates to #5142.
* | CVE-2022-31214: fixing the fix, one more timeLibravatar smitsohu2022-06-08
| | | | | | | | | | | | | | | | | | the previous commit "CVE-2022-31214: fixing the fix" made private-etc=fonts,fonts and similar commands fail with an error fix that regression by tolerating already existing directories
* | CVE-2022-31214: fixing the fixLibravatar smitsohu2022-06-08
| |
* | shutdown testingLibravatar smitsohu2022-06-08
| |
* | fixing CVE-2022-31214Libravatar smitsohu2022-06-08
|/
* RELNOTES: add feature/bugfixLibravatar Kelvin M. Klann2022-06-08
| | | | Relates to #5088 #5114.
* RELNOTES: add ci/docsLibravatar Kelvin M. Klann2022-06-07
| | | | Relates to #5078 #5147 #5148.
* RELNOTES: mention --tab option on its entryLibravatar Kelvin M. Klann2022-06-07
| | | | | | Added on commit ddd7e6fec ("merges", 2022-02-20). Relates to #4936.
* RELNOTES: sort items by category (features/modifs)Libravatar Kelvin M. Klann2022-06-07
| | | | | | Move the modif entries after the feature entries to be consistent with the notes of the previous release (0.9.68): features, modifs/reworks, removals, bugfixes, build, ci, docs, includes/profiles.
* build(deps): bump github/codeql-action from 2.1.11 to 2.1.12Libravatar dependabot[bot]2022-06-06
| | | | | | | | | | | | | | | Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.11 to 2.1.12. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/a3a6c128d771b6b9bdebb1c9d0583ebd2728a108...27ea8f8fe5977c00f5b37e076ab846c5bd783b96) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
* Merge pull request #5176 from kmk3/build-mkdeb-undo-apparmorLibravatar netblue302022-06-06
|\ | | | | mkdeb.sh.in: stop enabling apparmor
| * mkdeb.sh.in: stop enabling apparmorLibravatar Kelvin M. Klann2022-06-05
| | | | | | | | | | | | | | | | | | | | | | | | | | Since `make deb-apparmor` already exists, use that for now instead of changing what `make deb` does. This fixes CI. Added on commit 494b26d50 ("adding --enable-apparmor by default for make deb - most Debian-based distros have apparmor enabled by default", 2022-06-03). Kind of relates to #5154.
* | Merge pull request #5174 from kmk3/revert-release-versionLibravatar netblue302022-06-06
|\ \ | |/ |/| Revert "I am preparing a point release for next week, fixes and small…
| * Revert "I am preparing a point release for next week, fixes and small number ↵Libravatar Kelvin M. Klann2022-06-04
| | | | | | | | | | | | | | | | | | | | | | | | | | of new features. Check in everything you have out." This reverts commit e8cb03cde8a3a7d083a6f539b06c6253d031af82. More specifically: s/0.9.68.1/0.9.69/. The current development version contains not only new features, but also breaking changes (see "modif:" on the RELNOTES). Ensure at least a minor (rather than only a patch) version bump (to 0.9.70 on the final version) to avoid breaking user expectations.
* | Add comment for enabling D-Bus desktop notifications to ↵Libravatar glitsj162022-06-05
|/ | | | | | | transmission-{gtk,qt} (#5175) * add comment for enabling desktop notifications * add comment for enabling desktop notifications
* harden blacklistLibravatar smitsohu2022-06-03
|
* adding --enable-apparmor by default for make deb - most Debian-based distros ↵Libravatar netblue302022-06-03
| | | | have apparmor enabled by default
* I am preparing a point release for next week, fixes and small number of new ↵Libravatar netblue302022-06-03
| | | | features. Check in everything you have out.
* removed enforcement of nonewprivs for --noprofileLibravatar netblue302022-06-03
|
* more relnotesLibravatar netblue302022-06-03
|
* relnotesLibravatar netblue302022-06-03
|
* --nettrace only available when running the sandbox as rootLibravatar netblue302022-06-03
|
* enforce nonewprivs for --noprofile optionLibravatar netblue302022-06-03
|
* Merge pull request #5172 from kmk3/ds-add-ids-pathsLibravatar netblue302022-06-03
|\ | | | | disable-shell.inc: add global shell paths from ids.config
| * disable-shell.inc: add global shell paths from ids.configLibravatar Kelvin M. Klann2022-06-02
| | | | | | | | | | | | | | | | | | | | | | Since /etc/profile is present, add the other shell-related paths in /etc that are listed on ids.config. Suggestion by @rusty-snake[1]. Relates to #5167 #5170. [1] https://github.com/netblue30/firejail/pull/5167#pullrequestreview-989621852
| * ids.config: sort global shell pathsLibravatar Kelvin M. Klann2022-06-02
| |
* | fixesLibravatar netblue302022-06-02
| |
* | firemon reworkLibravatar netblue302022-06-02
| |
* | speed up firemonLibravatar netblue302022-06-02
|/
* Merge pull request #5170 from kmk3/ids-add-sh-pathsLibravatar netblue302022-05-31
|\ | | | | ids.config: add missing global shell paths
| * ids.config: add missing global shell pathsLibravatar Kelvin M. Klann2022-05-30
| | | | | | | | | | | | Add missing paths for bash, ksh and zsh. Environment: Artix Linux
* | Merge pull request #5167 from kmk3/mv-sh-profile-blacklistLibravatar netblue302022-05-31
|\ \ | |/ |/| profiles: move blacklist of /etc/profile.d & blacklist /etc/profile
| * disable-shell.inc: blacklist /etc/profileLibravatar Kelvin M. Klann2022-05-30
| | | | | | | | Since /etc/profile.d is already being blacklisted.
| * disable-common.inc: move blacklist of /etc/profile.dLibravatar Kelvin M. Klann2022-05-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | To disable-shell.inc. Interactive shells can be executed from certain development-related programs (such as IDEs) and the shells themselves are not blocked by default, but this shell startup directory currently is. To avoid running a shell without access to potentially needed startup files, only blacklist /etc/profile.d when interactive shells are also blocked. Note that /etc/profile.d should only be of concern to interactive shells, so a profile that includes both disable-shell.inc and allow-bin-sh.inc (which likely means that it needs access to only non-interactive shells) should not be affected by the blacklisting. Relates to #3411 #5159.
| * kate.profile: add missing include commentLibravatar Kelvin M. Klann2022-05-30
|/ | | | | | | This amends commit b6b3f3b38 ("kate.profile: allow common development file access", 2022-05-28) / PR #5159. See etc/templates/profile.template.
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-23 21:12:27 +0000