From b14f223a62399d73eec4d9c27d5a4cbb295b4d89 Mon Sep 17 00:00:00 2001 From: netblue30 Date: Sun, 26 May 2019 11:25:38 -0400 Subject: 0.9.60 testing --- README | 10 +++++++++- RELNOTES | 16 ++++++++++++---- configure | 18 +++++++++--------- configure.ac | 2 +- etc/orage.profile | 2 +- test/private-lib/private-lib.sh | 2 +- 6 files changed, 33 insertions(+), 17 deletions(-) diff --git a/README b/README index beb296bf1..4940ed167 100644 --- a/README +++ b/README @@ -179,6 +179,8 @@ curiosity-seeker (https://github.com/curiosity-seeker) - write-protection for thumbnailer dir - added gramps, newsboat, freeoffice-planmaker profiles - added freeoffice-textmaker, freeoffice-presentations profiles + - added cantata profile + - updated keypassxc profile da2x (https://github.com/da2x) - matched RPM license tag Daan Bakker (https://github.com/dbakker) @@ -307,6 +309,8 @@ greigdp (https://github.com/greigdp) - fixed spotify profile - added Slack profile - add Spotify profile +grizzlyuser (https://github.com/grizzlyuser) + - added support for youtube-dl in smplayer profile GSI (https://github.com/GSI) - added Uzbl browser profile hamzadis (https://github.com/hamzadis) @@ -356,6 +360,7 @@ Jean Lucas (https://github.com/flacks) - fix wire profile - add Beaker profile - fixes for gnome-music + - allow reading of system-wide Flatpak locale in gajim profile Jericho (https://github.com/attritionorg) - spelling Jesse Smith (https://github.com/slicer69) @@ -372,7 +377,7 @@ Jonas Heinrich (https://github.com/onny) - added signal-desktop profile - fixed franz profile Jose Riha (https://github.com/jose1711) - - added meteo-qt profile + - added meteo-qt profile jrabe (https://github.com/jrabe) - disallow access to kdbx files - Epiphany profile @@ -521,6 +526,7 @@ pwnage-pineapple (https://github.com/pwnage-pineapple) Quentin Minster (https://github.com/laomaiweng) - propagate --quiet to children Firejail'ed processes - nodbus enhancements/bugfixes + - added vim syntax and ftdetect files Rafael Cavalcanti (https://github.com/rccavalcanti) - chromium profile fixes for Arch Linux Rahiel Kasim (https://github.com/rahiel) @@ -761,6 +767,8 @@ veloute (https://github.com/veloute) - add anki profile Vincent43 (https://github.com/Vincent43) - apparmor enhancements +Vincent Blillault (https://github.com/Feandil) + - fix mumble profile vismir2 (https://github.com/vismir2) - feh, ranger, 7z, keepass, keepassx and zathura profiles - claws-mail, mutt, git, emacs, vim profiles diff --git a/RELNOTES b/RELNOTES index 9d9400a90..06b106c22 100644 --- a/RELNOTES +++ b/RELNOTES @@ -1,4 +1,14 @@ -firejail (0.9.60~rc2) baseline; urgency=low +firejail (0.9.60) baseline; urgency=low + * security bug reported by Austin Morton: + Seccomp filters are copied into /run/firejail/mnt, and are writable + within the jail. A malicious process can modify files from inside the + jail. Processes that are later joined to the jail will not have seccomp + filters applied. + * memory-deny-write-execute now also blocks memfd_create + * add private-cwd option to control working directory within jail + * blocking system D-Bus socket with --nodbus + * bringing back Centos 6 support + * drop support for flatpak/snap packages * new profiles: crow, nyx, mypaint, celluoid, nano, transgui, mpdris2 * new profiles: sysprof, simplescreenrecorder, geekbench, xfce4-mixer * new profiles: pavucontrol, d-feet, seahorse, secret-tool, gnome-keyring @@ -16,9 +26,7 @@ firejail (0.9.60~rc2) baseline; urgency=low * new profiles: autokey-gtk, autokey-qt, autokey-run, autokey-shell * new profiles: freeoffice-presentations, freeoffice-textmaker, mp3wrap * new profiles: inkview, meteo-qt, mp3splt-gtk, ktouch, yelp - * memory-deny-write-execute now also blocks memfd_create - * drop support for flatpak/snap packages - -- netblue30 Sun, 21 Apr 2019 08:00:00 -0500 + -- netblue30 Sun, 26 May 2019 08:00:00 -0500 firejail (0.9.58,2) baseline; urgency=low * cgroup flag in /etc/firejail/firejail.config file diff --git a/configure b/configure index 0eece5428..140872a29 100755 --- a/configure +++ b/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for firejail 0.9.60~rc2. +# Generated by GNU Autoconf 2.69 for firejail 0.9.60. # # Report bugs to . # @@ -580,8 +580,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='firejail' PACKAGE_TARNAME='firejail' -PACKAGE_VERSION='0.9.60~rc2' -PACKAGE_STRING='firejail 0.9.60~rc2' +PACKAGE_VERSION='0.9.60' +PACKAGE_STRING='firejail 0.9.60' PACKAGE_BUGREPORT='netblue30@yahoo.com' PACKAGE_URL='https://firejail.wordpress.com' @@ -1275,7 +1275,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures firejail 0.9.60~rc2 to adapt to many kinds of systems. +\`configure' configures firejail 0.9.60 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1337,7 +1337,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of firejail 0.9.60~rc2:";; + short | recursive ) echo "Configuration of firejail 0.9.60:";; esac cat <<\_ACEOF @@ -1442,7 +1442,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -firejail configure 0.9.60~rc2 +firejail configure 0.9.60 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -1744,7 +1744,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by firejail $as_me 0.9.60~rc2, which was +It was created by firejail $as_me 0.9.60, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -4379,7 +4379,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by firejail $as_me 0.9.60~rc2, which was +This file was extended by firejail $as_me 0.9.60, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -4433,7 +4433,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -firejail config.status 0.9.60~rc2 +firejail config.status 0.9.60 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff --git a/configure.ac b/configure.ac index 4d0b847f5..60c9dae9c 100644 --- a/configure.ac +++ b/configure.ac @@ -1,5 +1,5 @@ AC_PREREQ([2.68]) -AC_INIT(firejail, 0.9.60~rc2, netblue30@yahoo.com, , https://firejail.wordpress.com) +AC_INIT(firejail, 0.9.60, netblue30@yahoo.com, , https://firejail.wordpress.com) AC_CONFIG_SRCDIR([src/firejail/main.c]) #AC_CONFIG_HEADERS([config.h]) diff --git a/etc/orage.profile b/etc/orage.profile index 2c55ab909..4e12892d6 100644 --- a/etc/orage.profile +++ b/etc/orage.profile @@ -24,7 +24,7 @@ nodvd nogroups nonewprivs noroot -nosound +# nosound - calendar application, It must be able to play sound to wake you up. notv nou2f novideo diff --git a/test/private-lib/private-lib.sh b/test/private-lib/private-lib.sh index 5e9d75379..79913fed6 100755 --- a/test/private-lib/private-lib.sh +++ b/test/private-lib/private-lib.sh @@ -5,7 +5,7 @@ export MALLOC_CHECK_=3g export MALLOC_PERTURB_=$(($RANDOM % 255 + 1)) -LIST="gnome-logs gnome-system-log gnome-nettool pavucontrol dig whois evince galculator gnome-calculator gedit leafpad mousepad pluma transmission-gtk xcalc atril gpicview eom eog" +LIST="gnome-logs gnome-system-log gnome-nettool pavucontrol dig evince whois galculator gnome-calculator gedit leafpad mousepad pluma transmission-gtk xcalc atril gpicview eom eog" for app in $LIST; do -- cgit v1.2.3-54-g00ecf