| Commit message (Collapse) | Author | Age |
... | |
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
the password database (/etc/passwd file)
|
|\ |
|
| |
| |
| |
| |
| |
| |
| | |
See src/tools/extract_errnos.sh.
Added on commit 081d1fbf2 ("Add seccomp errno filter support",
2015-09-23) / PR #66.
|
|/ |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some shell scripts are not executable, so fix their file modes:
$ git grep -Elz '^#!/bin/(ba)?sh' | xargs -0 -I '{}' \
chmod +x '{}'
Files changed:
* src/fgit/fgit-uninstall.sh
* src/tools/extract_errnos.sh
Note: I have manually checked that the files above are indeed intended
to be executable directly and not just sourced, as a script of the
latter kind could also contain a shebang (for example, to help ensure
proper syntax highlighting).
Misc: The affected files were added on commit e46dd3e95 ("git-install",
2017-02-04) and on commit 081d1fbf2 ("Add seccomp errno filter support",
2015-09-23) / PR #66, respectively.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
common.mk contains definitions for building programs and it includes
config.mk.
Some makefiles that include common.mk do not contain any targets for
building programs. They depend only on configure-time variable
definitions (which are defined on config.mk) rather than anything
specific to common.mk. So change their includes of common.mk to
config.mk.
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, the configure-time variables (that is, the ones that assign
to placeholders, such as "@HAVE_MAN@", which are set/replaced at
configure-time) are defined on multiple files (such as on Makefile.in
and on common.mk.in).
To avoid duplication, centralize these variables on a single file
(config.mk.in) and replace all of the other definitions of them with an
include of config.mk.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A non-absolute path on an include command is always treated as being
relative to the directory in which "make" was started in, rather than
being relative to the makefile that contains the command. For example,
given the following project structure and file contents:
* Makefile: include src/foo.mk
* src/foo.mk: include bar.mk
* src/bar.mk:
Running "make" on the root project directory (that is, where "Makefile"
is) yields the following:
src/foo.mk:1: bar.mk: No such file or directory
As "bar.mk" in "include bar.mk" is relative to the current (process)
directory (that is, "./bar.mk") and not to where foo.mk is located in
("./src/bar.mk").
So on every makefile that contains an include command, define the root
project directory in the ROOT variable and always include relative to
it, to later enable any included mkfiles to include other mkfiles
without having to worry about the correct path.
Commands used to search and replace:
$ git grep -Flz 'include ../common.mk' -- src |
xargs -0 -I '{}' sh -c \
"printf '%s\n' \"\`sed 's|include ../common.mk|ROOT = ../..\ninclude \$(ROOT)/src/common.mk|' '{}'\`\" >'{}'"
Environment: GNU make 4.3-3.1 on Artix Linux
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It currently claims to contain "common definitions for all makefiles",
but it is not included by all makefiles under src/ and it contains
variable definitions that may possibly clash with the ones defined on
certain makefiles. Mainly, the following makefiles (which are used for
building shared objects) use a different set of CFLAGS compared to
src/common.mk.in:
* src/libpostexecseccomp/Makefile.in
* src/libtrace/Makefile.in
* src/libtracelog/Makefile.in
Given the contents of common.mk.in, it seems to be intended only for
makefiles that build C programs and/or non-shared objects (which are
most of, but not all of the makefiles under src/), so put that in the
comment instead.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
the previous commit "CVE-2022-31214: fixing the fix"
made private-etc=fonts,fonts and similar commands
fail with an error
fix that regression by tolerating already existing
directories
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
at compile time.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, when running on CI, `firejail --version` only prints the
following line:
firejail version 0.9.69
Add a new print_version() function that always prints both the above and
the compile-time options (like it is done outside of CI) and call it in
both of the places that handle --version on main.c.
Misc: The printing of compile-time features was added on commit
48dd1fbec ("apparmor", 2016-08-02).
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As caught by the Clang Static Analyzer:
$ make clean && NO_EXTRA_CFLAGS="yes" scan-build --status-bugs make -C src/fzenity
[...]
main.c:77:10: warning: Value stored to 'ptr' is never read [deadcode.DeadStores]
return ptr++;
^~~~~
1 warning generated.
[...]
scan-build: Analysis run complete.
scan-build: 1 bug found.
The above increment is a no-op, as it is equivalent to
`return ptr; ptr++;`.
For it to make any difference, the prefix increment operator would have
to be used in place of the postfix one:
return ++ptr;
Which would be equivalent to `++ptr; return ptr;`.
But in order to fix the warning (and CI) while avoiding to change the
current behavior, just remove the operator instead.
Added on commit 1cdfa6f95 ("more on firecfg --guide: fzenity",
2022-04-25).
|
| |
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Partial error log when building firejail-git (afee8603f) with
--enable-fatal-warnings:
hostnames.c: In function ‘retrieve_hostname’:
hostnames.c:53:17: error: ‘fclose’ called on pointer returned from a mismatched allocation function [-Werror=mismatched-dealloc]
53 | fclose(fp);
| ^~~~~~~~~~
hostnames.c:38:20: note: returned from ‘popen’
38 | FILE *fp = popen(cmd, "r");
| ^~~~~~~~~~~~~~~
cc1: all warnings being treated as errors
make[1]: *** [Makefile:7: hostnames.o] Error 1
Environment: gcc 11.2.0-4 on Artix Linux.
Added on commit 500a56efd ("more on nettrace", 2022-01-07).
|
| | |
|
|/
|
|
| |
/etc/alternatives on Debian
|
|\ |
|
| |\
| | |
| | | |
Stop warning on safe supplementary group clean
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When nogroups is used, the following warning may be issued (potentially
multiple times, as drop_privs may be called more than once):
Warning: cleaning all supplementary groups
But the warning is being shown even when it seems that all supplementary
groups can be safely dropped (and are thus dropped), which is likely a
common scenario. This commit prevents the warning from being printed in
that case, making it so that it is only shown in the non-happy paths (as
was the case on firejail 0.9.66).
Misc: The added code was copied from drop_privs.
This amends commit 7abce0b4c ("Fix keeping certain groups with
nogroups", 2021-11-30) / PR #4732.
Kind of relates to #4930.
|
|/ / |
|
| | |
|
| | |
|