| Commit message (Collapse) | Author | Age |
|
|
|
| |
Relates to #5916 #5927.
|
|
|
|
| |
Relates to #5894 #5911.
|
|
|
|
| |
Relates to #5871 #5899 #5900.
|
|
|
|
|
|
|
|
|
|
|
| |
See the following commits:
* 6fa19aab9 ("feature: use seccomp filters build at install time for
* --restrict-namespaces", 2023-07-12) and commit
* 80eb28483 ("build: restore seccomp filter targets", 2023-07-13)
* 76bd5ad0f ("build: simplify code related to man pages", 2023-07-12)
Relates to #5898.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Simplify the main targets and use wildcards instead of repeating the
filenames manually.
Also, restore the `man` target and building only when `HAVE_MAN` is
enabled.
Note: Make automatically removes intermediate files (.1 and .5), so in
general only the .gz files have to be cleaned.
Commands used to rename the man pages:
cd src/man
git mv firecfg.txt firecfg.1.in
git mv firejail-login.txt firejail-login.5.in
git mv firejail-profile.txt firejail-profile.5.in
git mv firejail-users.txt firejail-users.5.in
git mv firejail.txt firejail.1.in
git mv firemon.txt firemon.1.in
git mv jailcheck.txt jailcheck.1.in
This is kind of a follow-up to commit 9e206b7f2 ("rework src/man
Makefile", 2023-07-07).
|
| |
|
| |
|
|
|
|
| |
Relates to #5859 #5864 #5866.
|
| |
|
|
|
|
|
|
|
|
| |
Added on commit b689b69f6 ("make --private-lib a compile time option,
disabled by default", 2023-03-09) and on commit 91f2b3ffc ("private-lib
cleanup", 2023-03-09).
Relates to #5727 #5732.
|
|
|
|
| |
Relates to #5708 #5741 #5856.
|
|
|
|
| |
Relates to #5842 #5850 #5857.
|
|
|
|
|
| |
See commit f48886f25 ("build: mark most phony targets as such",
2023-02-01) / PR #5637.
|
|
|
|
| |
Relates to #5829.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of Debian 9, use Debian 10 in build_debian_package.
It currently fails to update the package index[1]:
$ apt-get update -qq
W: The repository 'http://deb.debian.org/debian stretch Release' does not have a Release file.
W: The repository 'http://deb.debian.org/debian stretch-updates Release' does not have a Release file.
W: The repository 'http://security.debian.org/debian-security stretch/updates Release' does not have a Release file.
E: Failed to fetch http://deb.debian.org/debian/dists/stretch/main/binary-amd64/Packages 404 Not Found [IP: 146.75.38.132 80]
E: Failed to fetch http://deb.debian.org/debian/dists/stretch-updates/main/binary-amd64/Packages 404 Not Found [IP: 146.75.38.132 80]
E: Failed to fetch http://security.debian.org/debian-security/dists/stretch/updates/main/binary-amd64/Packages 404 Not Found [IP: 151.101.130.132 80]
E: Some index files failed to download. They have been ignored, or old ones used instead.
Also, note that LTS support for Debian 9 ended on 2022-06-30, while
Debian 10 has LTS support until 2024-06-30[2].
Relates to #5818.
[1] https://gitlab.com/Firejail/firejail_ci/-/jobs/4195782936
[2] https://wiki.debian.org/LTS
|
|
|
|
| |
Relates to #5806 #5812 #5815.
|
|
|
|
| |
Relates to #5795 #5802.
|
| |
|
|
|
|
|
| |
* Create url-eater.profile
* RELNOTES: add url-eater to 'new profiles'
|
|
|
|
| |
Relates to #5784.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Log from a recent run of build_ubuntu_package[1]:
$ ./configure && make deb && dpkg -i firejail*.deb
[...]
dpkg-deb: building package 'firejail' in 'debian.deb'.
A future release will drop --no-tag-display-limit; please use '--tag-display-limit 0' instead.
running with root privileges is not recommended!
E: firejail: latest-changelog-entry-without-new-date [usr/share/doc/firejail/changelog.Debian.gz:1]
[...]
make: *** [Makefile:341: deb] Error 2
$ command -V firejail && firejail --version
/usr/bin/bash: line 139: command: firejail: not found
[1] https://gitlab.com/Firejail/firejail_ci/-/pipelines/832916003
|
|
|
|
| |
Relates to #5757.
|
|
|
|
|
|
|
| |
Licensing-related changes are not quite the same as documentation
changes.
Relates to #5667.
|
|
|
|
| |
Relates to #5783.
|
|
|
|
|
| |
* Create standard-notes.profile
* RELNOTES: add standard-notes to 'new profiles'
|
|
|
|
| |
Relates to #5742.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Added in the following commits:
* 336ecb5d6 ("network testing; merges", 2023-03-02)
* 0e48f9933 ("remove firemon --interface option - it is a duplication of
firejail --net.print", 2023-03-08)
Relates to the following commits:
* e4f9f36a4 ("random hostname by default; fix --hostname and
--hosts-file", 2023-02-27)
* 0e48f9933 ("remove firemon --interface option - it is a duplication of
firejail --net.print", 2023-03-08)
|
| |
|
| |
|
| |
|
|
|
|
| |
Relates to #5674 #5677.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Create qpdf.profile and redirects
qpdf (CLI) provides PDF metadata cleaning.
See privacy-handbuch.de[1] for details.
The site offers pdf-meta-clean.sh[2], which works very well with
firejailed qpdf.
[1] https://www.privacy-handbuch.de/handbuch_43a.htm
[2] https://www.privacy-handbuch.de/download/pdf-meta-clean.sh
* RELNOTES: add qpdf and redirects to new profiles section
* firecfg.config: add qpdf and redirects
* qpdf: use 'seccomp socket' instead of 'protocol unix'
See https://github.com/netblue30/firejail/issues/639. Thanks @rusty-snake in code review.
|
|
|
|
| |
Relates to #5667 #5668.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This amends commit 707f48a12 ("RELNOTES", 2023-02-14).
Note: The "Allow only letters and digits" modif item was implemented on
commit b4ffaa207 ("merges; more on cleaning up esc chars", 2023-02-14)
and relates to both #5578 and #5613. The "--hostname" part of both the
"Prevent" and the "Allow" modif items was also only added on that
commit. Discussion about the hostname:
https://github.com/netblue30/firejail/pull/5613#issuecomment-1421271389
Relates to #5578.
|
|
|
|
| |
Relates to #5613 #5654.
|
|
|
|
|
|
|
|
|
| |
Move it before modifs, add missing PR reference and make the description
match the PR name.
This amends commit 9d68139d7 ("merges", 2023-02-06).
Relates to #1127 #5634.
|
| |
|
| |
|
|
|
|
| |
Relates to #5627 #5637.
|
|
|
|
|
|
|
|
|
|
|
|
| |
Change the "fix:" prefix to "bugfix:" and move it below modifs, for
consistency with the previous releases.
Also, add a missing PR reference and make the description match the
current issue title.
Added on commit be88622c8 ("private-etc: fix man page", 2023-01-25).
Relates to #5601 #5618.
|
|
|
|
|
|
| |
Added on commit 897f5791d ("merges", 2023-01-30).
Relates to #5578.
|
| |
|
| |
|
|
|
|
| |
Relates to #5589 #5599 #5600.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commands used to find the profiles and print the RELNOTES items:
$ git log --reverse --pretty= --name-only --diff-filter=A \
0.9.70..0.9.72 -- etc/inc etc/net etc/profile-* | cut -f 3 -d / |
sed -E -e 's/^([^.]+)\.profile$/\1/' -e 's/$/,/' | tr '\n' ' ' |
fold -s -w 61 | sed 's/^/ * new profiles: /'; echo
Based on the commands from commit a320957a1 ("RELNOTES: add missing new
profiles", 2022-06-09) / PR #5184.
Note: 61 is used in fold because it's 79 (the default `textwidth` / `tw`
in vim) minus 18 (the length of " * new profiles: ").
Note2: ".profile" is only trimmed if it's the only suffix, to make it
clear that a new etc/profile-a-l/foo.inc.profile is not a new
etc/inc/foo.inc profile.
Note3: Keep the commas at the end because removing them could need
another `fold` to make the output exactly equivalent to
writing/formatting the items manually.
Note4: There were no profiles removed in 0.9.72:
$ git log --reverse --pretty= --name-only --diff-filter=D \
0.9.70..0.9.72 -- etc/inc etc/net etc/profile-*
$
|
| |
|
| |
|
|
|
|
|
| |
This amends commit a100cbe99 ("RELNOTES: move etc-hide-blacklisted item
to modif", 2023-01-16).
|