From 5dc6ce39b598033b71b03bd1baa388f4a10dc0f8 Mon Sep 17 00:00:00 2001 From: netblue30 Date: Tue, 4 Jun 2019 13:55:11 -0400 Subject: 0.9.56.2-LTS testing --- README | 78 +++++++++++++++++++++++++++++++++++++-- RELNOTES | 6 +++ configure | 18 ++++----- configure.ac | 2 +- status | 6 ++- test/profiles/profile_syntax2.exp | 12 ++---- 6 files changed, 99 insertions(+), 23 deletions(-) diff --git a/README b/README index b2f19b070..d6cf5389b 100644 --- a/README +++ b/README @@ -38,10 +38,12 @@ Committers - glitsj16 (https://github.com/glitsj16) - Fred-Barclay (https://github.com/Fred-Barclay) - Reiner Herrmann (https://github.com/reinerh - Debian/Ubuntu maintainer) +- rusty-snake (https://github.com/rusty-snake) - smithsohu (https://github.com/smitsohu) - SkewedZeppelin (https://github.com/SkewedZeppelin) - startx2017 (https://github.com/startx2017) - LTS and *bugfixes branches maintainer) - Topi Miettinen (https://github.com/topimiettinen) +- veloute (https://github.com/veloute) - Vincent43 (https://github.com/Vincent43) - netblue30 (netblue30@yahoo.com) @@ -49,6 +51,9 @@ Committers Firejail Authors (alphabetical order) +7twin (https://github.com/7twin_ + - fix typos + - fix flameshot raw screenshots 1dnrr (https://github.com/1dnrr) - add pybitmessage profile Aidan Gauland (https://github.com/aidalgol) @@ -64,7 +69,7 @@ Aleksey Manevich (https://github.com/manevich) - fix double quotes/single quotes problem - big rework of argument processing subsystem - --join fixes - - spliting up cmdline.c + - splitting up cmdline.c - Busybox support - X11 support rewrite - gether shell selection code in one place @@ -87,9 +92,14 @@ andrew160 (https://github.com/andrew160) - profile and man pages fixes announ (https://github.com/announ) - mpv and youtube-dl profile fixes + - git profile fix + - evince profile fix Antonio Russo (https://github.com/aerusso) - enumerate root directories in apparmor profile - fix join-or-start +Austin Morton + - deterministic-exit-code option + - private-cwd options Austin S. Hemmelgarn (https://github.com/Ferroin) - unbound profile update avoidr (https://github.com/avoidr) @@ -167,6 +177,10 @@ curiosity-seeker (https://github.com/curiosity-seeker) - various other profile fixes - added digiKam profile - write-protection for thumbnailer dir + - added gramps, newsboat, freeoffice-planmaker profiles + - added freeoffice-textmaker, freeoffice-presentations profiles + - added cantata profile + - updated keypassxc profile da2x (https://github.com/da2x) - matched RPM license tag Daan Bakker (https://github.com/dbakker) @@ -277,6 +291,7 @@ glitsj16 (https://github.com/glitsj16) - spelling fixes - bitblbee profile fixes - fix firefox common addons + - many profile fixes - profile fixes: file, strings, claws-mail, - new profiles: QMediathekView, aria2c, Authenticator, checkbashisms - new profiles: devilspie, devilspie2, easystroke, github-desktop, min @@ -294,6 +309,8 @@ greigdp (https://github.com/greigdp) - fixed spotify profile - added Slack profile - add Spotify profile +grizzlyuser (https://github.com/grizzlyuser) + - added support for youtube-dl in smplayer profile GSI (https://github.com/GSI) - added Uzbl browser profile hamzadis (https://github.com/hamzadis) @@ -328,7 +345,7 @@ Jaykishan Mutkawoa (https://github.com/jmutkawoa) - cpio profile James Elford (https://github.com/jelford) - pass password manager support - - removed shell none from ssh-agent configuration, fixing the infinit loop + - removed shell none from ssh-agent configuration, fixing the infinite loop - added gcloud profile - blacklist sensitive cloud provider files in disable-common Jean Lucas (https://github.com/flacks) @@ -343,6 +360,7 @@ Jean Lucas (https://github.com/flacks) - fix wire profile - add Beaker profile - fixes for gnome-music + - allow reading of system-wide Flatpak locale in gajim profile Jericho (https://github.com/attritionorg) - spelling Jesse Smith (https://github.com/slicer69) @@ -358,6 +376,8 @@ John Mullee (https://github.com/jmullee) Jonas Heinrich (https://github.com/onny) - added signal-desktop profile - fixed franz profile +Jose Riha (https://github.com/jose1711) + - added meteo-qt profile jrabe (https://github.com/jrabe) - disallow access to kdbx files - Epiphany profile @@ -394,6 +414,12 @@ LaurentGH (https://github.com/LaurentGH) - allow private-bin parameters to be absolute paths Loïc Damien (https://github.com/dzamlo) - small fixes +Lockdis (https://github.com/Lockdis) + - Added crow, nyx, and google-earth-pro profiles +Lukáš Krejčí (https://github.com/lskrejci) + - fixed parsing of --keep-var-tmp +luzpaz (https://github.com/luzpaz) + - code spelling fixes maces (https://github.com/maces) - Franz messenger profile Madura A (https://github.com/manushanga) @@ -430,13 +456,21 @@ mustaqimM (https://github.com/mustaqimM) - added profile for Nylas Mail n1trux (https://github.com/n1trux) - fix flashpeak-slimjet profile typos -netblue30 (netblue30@yahoo.com) +Nick Fox (https://github.com/njfox) + - add a profile alias for code-oss + - add code-oss config directory +NickMolloy (https://github.com/NickMolloy) + - ARP address length fix Niklas Haas (https://github.com/haasn) - blacklisting for keybase.io's client nyancat18 (https://github.com/nyancat18) - added ardour4, dooble, karbon, krita profiles Ondra Nekola (https://github.com/satai) - allow firefox theming with non-global themes +Lorenzo "Palinuro" Faletra (https://github.com/PalinuroSec) + - prevent thunderbird conflicts when firefox is running + - add join-or-start to pluma to open multiple files in tabs + - fixes to keepassxc, thunderbird and pluma Panzerfather (https://github.com/Panzerfather) - allow eog to access user's trash Patrick Toomey (https://sourceforge.net/u/ptoomey/profile/) @@ -465,8 +499,13 @@ Petter Reinholdtsen (pere@hungry.com) PharmaceuticalCobweb (https://github.com/PharmaceuticalCobweb) - fix quiterss profile - added profile for gnome-ring +pianoslum (https://github.com/pianoslum) + - nodbus breaking evince two-page-view warning pirate486743186 (https://github.com/pirate486743186) - KMail profile + - mpsyt profile + - fix youtube-dl and mpv + - fix gnome-mpv profile Pixel Fairy (https://github.com/xahare) - added fjclip.py, fjdisplay.py and fjresize.py in contrib section PizzaDude (https://github.com/pizzadude) @@ -484,6 +523,10 @@ pszxzsd (https://github.com/pszxzsd) -uGet profile pwnage-pineapple (https://github.com/pwnage-pineapple) - update Okular profile +Quentin Minster (https://github.com/laomaiweng) + - propagate --quiet to children Firejail'ed processes + - nodbus enhancements/bugfixes + - added vim syntax and ftdetect files Rafael Cavalcanti (https://github.com/rccavalcanti) - chromium profile fixes for Arch Linux Rahiel Kasim (https://github.com/rahiel) @@ -516,14 +559,29 @@ rogshdo (https://github.com/rogshdo) - BitlBee profile Ruan (https://github.com/ruany) - fixed hexchat profile +rusty-snake (https://github.com/rusty-snake) + - added profiles: thunderbird-wayland, supertuxkart, ghostwriter + - added profiles: klavaro, mypaint, mypaint-ora-thumbnailer, nano + - added profiles: gajim-history-manager, freemind, nomacs, kid3 + - added profiles: kid3-qt, kid3-cli, anki, utox, mp3splt, mp3wrap + - added profiles: oggsplt, flacsplt, cheese, inkview, mp3splt-gtk + - added profiles: ktouch, yelp + - many profile fixing and hardening + - some typo fixes + - added profile templates Salvo 'LtWorf' Tomaselli (https://github.com/ltworf) - fixed ktorrent profile sarneaud (https://github.com/sarneaud) - rewrite globbing code to fix various minor issues - added noblacklist command for profile files - various enhancements and bug fixes +Senemu (https://github.com/Senemu) + - protection for .pythonrc.py + - fixed evince Sergey Alirzaev (https://github.com/l29ah) - firejail.h enum fix +Tobias Schmidl (https://github.com/schtobia) + - added profile for webui-aria2 Simon Peter (https://github.com/probonopd) - set $APPIMAGE and $APPDIR environment variables - AppImage version detection @@ -632,6 +690,8 @@ Thomas Jarosch (https://github.com/thomasjfox) - added lstat() / lstat64() support to libtrace - include mkuid.sh in make dist - cppcheck bugfixes +tinmanx (https://github.com/tinmanx) + - remove network access from cherrytree.profile Tom Mellor (https://github.com/kalegrill) - mupen64plus profile Tomasz Jan Góralczyk (https://github.com/tjg) @@ -682,8 +742,18 @@ veloute (https://github.com/veloute) - added flameshot profile - added jdownloader profile - fixed discord profile + - fixes for various profiles + - removed vim and ranger from firecfg + - fixing keepassxc auto-type, noexec /tmp + - fix ipc-namespace prblem in file-roller + - fix exiftool, viewnior, aria2c, ffmpegthumbnailer + - fix pavucontrol (ipcnamespace) + - fix gnuchess + - add anki profile Vincent43 (https://github.com/Vincent43) - apparmor enhancements +Vincent Blillault (https://github.com/Feandil) + - fix mumble profile vismir2 (https://github.com/vismir2) - feh, ranger, 7z, keepass, keepassx and zathura profiles - claws-mail, mutt, git, emacs, vim profiles @@ -721,4 +791,4 @@ Zack Weinberg (https://github.com/zackw) with firejail --x11 - support for xpra-extra-params in firejail.config -Copyright (C) 2014-2017 Firejail Authors +Copyright (C) 2014-2019 Firejail Authors diff --git a/RELNOTES b/RELNOTES index 106c00d53..93b5efa21 100644 --- a/RELNOTES +++ b/RELNOTES @@ -1,3 +1,9 @@ +firejail (0.9.56.2-LTS) baseline; urgency=low + * fix CVE-2019-12589 + * fix CVE-2019-12499 + * other bugfixes + -- netblue30 Tue, 4 Jun 2018 08:00:00 -0500 + firejail (0.9.56-LTS) baseline; urgency=low * code based on Firejail version 0.9.56 * much smaller code base for SUID executable diff --git a/configure b/configure index 79f1801e5..8603ee554 100755 --- a/configure +++ b/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for firejail 0.9.56.1-LTS. +# Generated by GNU Autoconf 2.69 for firejail 0.9.56.2-LTS. # # Report bugs to . # @@ -580,8 +580,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='firejail' PACKAGE_TARNAME='firejail' -PACKAGE_VERSION='0.9.56.1-LTS' -PACKAGE_STRING='firejail 0.9.56.1-LTS' +PACKAGE_VERSION='0.9.56.2-LTS' +PACKAGE_STRING='firejail 0.9.56.2-LTS' PACKAGE_BUGREPORT='netblue30@yahoo.com' PACKAGE_URL='http://firejail.wordpress.com' @@ -1263,7 +1263,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures firejail 0.9.56.1-LTS to adapt to many kinds of systems. +\`configure' configures firejail 0.9.56.2-LTS to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1325,7 +1325,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of firejail 0.9.56.1-LTS:";; + short | recursive ) echo "Configuration of firejail 0.9.56.2-LTS:";; esac cat <<\_ACEOF @@ -1423,7 +1423,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -firejail configure 0.9.56.1-LTS +firejail configure 0.9.56.2-LTS generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -1725,7 +1725,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by firejail $as_me 0.9.56.1-LTS, which was +It was created by firejail $as_me 0.9.56.2-LTS, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -4283,7 +4283,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by firejail $as_me 0.9.56.1-LTS, which was +This file was extended by firejail $as_me 0.9.56.2-LTS, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -4337,7 +4337,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -firejail config.status 0.9.56.1-LTS +firejail config.status 0.9.56.2-LTS configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff --git a/configure.ac b/configure.ac index 9e4b72247..06765406c 100644 --- a/configure.ac +++ b/configure.ac @@ -1,5 +1,5 @@ AC_PREREQ([2.68]) -AC_INIT(firejail, 0.9.56.1-LTS, netblue30@yahoo.com, , http://firejail.wordpress.com) +AC_INIT(firejail, 0.9.56.2-LTS, netblue30@yahoo.com, , http://firejail.wordpress.com) AC_CONFIG_SRCDIR([src/firejail/main.c]) #AC_CONFIG_HEADERS([config.h]) diff --git a/status b/status index b3f0e5a63..6bee3f58f 100644 --- a/status +++ b/status @@ -1,4 +1,8 @@ -Jun 29 test: +Jun 4 test: +TESTING: DNS (test/environment/dns.exp) +netblue@debian:~/work/github/LTSbase/test/environment$ TESTING ERROR 1.2 + +May 29 test: TESTING: tar TESTING ERROR 4.2 TESTING: DNS (test/environment/dns.exp) diff --git a/test/profiles/profile_syntax2.exp b/test/profiles/profile_syntax2.exp index 4d621f3ec..c64283606 100755 --- a/test/profiles/profile_syntax2.exp +++ b/test/profiles/profile_syntax2.exp @@ -29,18 +29,14 @@ expect { timeout {puts "TESTING ERROR 4\n";exit} "Drop CAP_SYS_MODULE" } -expect { - timeout {puts "TESTING ERROR 5\n";exit} - "seccomp entries in /run/firejail/mnt/seccomp" -} -expect { - timeout {puts "TESTING ERROR 7\n";exit} - "jeq mount" -} expect { timeout {puts "TESTING ERROR 8\n";exit} "Child process initialized" } +expect { + timeout {puts "TESTING ERROR 5\n";exit} + "Installing /run/firejail/mnt/seccomp/seccomp seccomp filter" +} send -- "exit\r" after 100 puts "\nall done\n" -- cgit v1.2.3-70-g09d2