| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit b4d0b24c533c8aebb8961bf658e3b41580b073e2.
This amends commit 56b86f8ac ("Revert "Makefile.in: stop running
distclean on dist"", 2022-06-08) / PR #5182. Since the revert, `make
dist` itself already runs `make distclean`.
This also means that it is no longer necessary to run ./configure (to
generate "Makefile" from "Makefile.in") before running
./contrib/fj-mkdeb.py.
Misc: This is not a clean revert.
Relates to #5154.
|
| |
|
| |
|
| |
|
|\
| |
| | |
RELNOTES: add new and removed profiles
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Commands used to find the profile:
$ git log --pretty= --graph --name-only \
--diff-filter=DBX 0.9.68..HEAD -- etc
$ tig --diff-filter=DXB 0.9.68..HEAD -- etc
Relates to #5058.
|
|/
|
|
|
|
|
|
|
|
|
|
| |
Profiles: opera-developer, node-gyp, npx, semver, ping-hardened.
Commands used to find the profiles:
$ git log --pretty= --graph --name-only \
--diff-filter=AC 0.9.68..HEAD -- etc
$ tig --diff-filter=AC 0.9.68..HEAD -- etc
Relates to #5001 #5058 #5061.
|
|
|
|
| |
Relates to #5111 #5122 #5155.
|
|
|
|
| |
Relates to #5110.
|
|
|
|
| |
Relates to #5133 #5154.
|
|\
| |
| | |
Revert "Makefile.in: stop running distclean on dist"
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This reverts commit 1fb814e51149d105233f1edc1abb0de202f71b4d.
If distclean is not executed before copying the files on dist, then the
generated files inside src/ are included in the dist archive:
$ ./configure >/dev/null && make distclean >/dev/null &&
./configure >/dev/null && make dist | grep 'Makefile$' | wc -l
26
This happens because src/ is copied wholesale on dist (see DISTFILES).
Revert the commit to ensure that only the input files (such as the
"Makefile.in" files) are archived.
Related discussion:
https://github.com/netblue30/firejail/pull/5154#pullrequestreview-980810845
Relates to #5142.
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
the previous commit "CVE-2022-31214: fixing the fix"
made private-etc=fonts,fonts and similar commands
fail with an error
fix that regression by tolerating already existing
directories
|
| | |
|
| | |
|
|/ |
|
|
|
|
| |
Relates to #5088 #5114.
|
|
|
|
| |
Relates to #5078 #5147 #5148.
|
|
|
|
|
|
| |
Added on commit ddd7e6fec ("merges", 2022-02-20).
Relates to #4936.
|
|
|
|
|
|
| |
Move the modif entries after the feature entries to be consistent with
the notes of the previous release (0.9.68): features, modifs/reworks,
removals, bugfixes, build, ci, docs, includes/profiles.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.11 to 2.1.12.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/a3a6c128d771b6b9bdebb1c9d0583ebd2728a108...27ea8f8fe5977c00f5b37e076ab846c5bd783b96)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
|\
| |
| | |
mkdeb.sh.in: stop enabling apparmor
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Since `make deb-apparmor` already exists, use that for now instead of
changing what `make deb` does.
This fixes CI.
Added on commit 494b26d50 ("adding --enable-apparmor by default for make
deb - most Debian-based distros have apparmor enabled by default",
2022-06-03).
Kind of relates to #5154.
|
|\ \
| |/
|/| |
Revert "I am preparing a point release for next week, fixes and small…
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
of new features. Check in everything you have out."
This reverts commit e8cb03cde8a3a7d083a6f539b06c6253d031af82.
More specifically: s/0.9.68.1/0.9.69/.
The current development version contains not only new features, but also
breaking changes (see "modif:" on the RELNOTES). Ensure at least a
minor (rather than only a patch) version bump (to 0.9.70 on the final
version) to avoid breaking user expectations.
|
|/
|
|
|
|
|
| |
transmission-{gtk,qt} (#5175)
* add comment for enabling desktop notifications
* add comment for enabling desktop notifications
|
| |
|
|
|
|
| |
have apparmor enabled by default
|
|
|
|
| |
features. Check in everything you have out.
|
| |
|
| |
|
| |
|
| |
|
| |
|
|\
| |
| | |
disable-shell.inc: add global shell paths from ids.config
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Since /etc/profile is present, add the other shell-related paths in /etc
that are listed on ids.config.
Suggestion by @rusty-snake[1].
Relates to #5167 #5170.
[1] https://github.com/netblue30/firejail/pull/5167#pullrequestreview-989621852
|
| | |
|
| | |
|
| | |
|
|/ |
|
|\
| |
| | |
ids.config: add missing global shell paths
|
| |
| |
| |
| |
| |
| | |
Add missing paths for bash, ksh and zsh.
Environment: Artix Linux
|
|\ \
| |/
|/| |
profiles: move blacklist of /etc/profile.d & blacklist /etc/profile
|
| |
| |
| |
| | |
Since /etc/profile.d is already being blacklisted.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
To disable-shell.inc.
Interactive shells can be executed from certain development-related
programs (such as IDEs) and the shells themselves are not blocked by
default, but this shell startup directory currently is. To avoid
running a shell without access to potentially needed startup files, only
blacklist /etc/profile.d when interactive shells are also blocked.
Note that /etc/profile.d should only be of concern to interactive
shells, so a profile that includes both disable-shell.inc and
allow-bin-sh.inc (which likely means that it needs access to only
non-interactive shells) should not be affected by the blacklisting.
Relates to #3411 #5159.
|
|/
|
|
|
|
|
| |
This amends commit b6b3f3b38 ("kate.profile: allow common development
file access", 2022-05-28) / PR #5159.
See etc/templates/profile.template.
|
|\ |
|
| |\
| | |
| | | |
mkdeb.sh.in: pass remaining arguments to ./configure
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Currently, mkdeb.sh (which is used to make a .deb package) runs
./configure with hardcoded options (some of which are automatically
detected based on configure-time variables). To work around the
hardcoding, contrib/fj-mkdeb.py is used to add additional options by
rewriting the actual call to ./configure on mkdeb.sh. For example, the
following invocation adds --disable-firetunnel to mkdeb.sh:
$ ./configure && ./contrib/fj-mkdeb.py --disable-firetunnel
To avoid depending on another script and to avoid re-generating
mkdeb.sh, just let the latter pass the remaining arguments (the first
one is an optional package filename suffix) to ./configure directly.
Example:
$ make distclean && ./configure && make dist &&
./mkdeb.sh "" --disable-firetunnel
Additionally, change contrib/fj-mkdeb.py to do roughly the same as the
above example, by simply forwarding the arguments that it receives to
./mkdeb.sh (which then forwards them to ./configure). Also, remove the
--only-fix-mkdeb option, since the script does not change mkdeb.sh
anymore. With these changes, the script's usage (other than when using
--only-fix-mkdeb) should remain the same.
Note: To clean the generated files and then make a .deb package using
the default configuration, the invocation is still the same:
$ make distclean && ./configure && make deb
Note2: Running ./configure in the above examples is only needed for
generating Makefile/mkdeb.sh from Makefile.in/mkdeb.sh.in after running
distclean, so that running `make` / `./mkdeb.sh` afterwards works.
Should fully fix #772.
Relates to #1205 #3414 #5148.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This (mostly) restores the behavior from before commit 1fb814e51
("Makefile.in: stop running distclean on dist", 2022-05-13) / PR #5142.
./configure still has to be called before calling ./contrib/fj-mkdeb.py
(to generate Makefile from Makefile.in before calling `make distclean`).
|