From 5fbc1cd504b15b247977e85609a86eae448a7bff Mon Sep 17 00:00:00 2001 From: "Kelvin M. Klann" Date: Sat, 5 Feb 2022 03:05:16 -0300 Subject: RELNOTES: sort items by category Sort in the following category order: security, features, modifications, removals, bugfixes, new includes, removed includes, new profiles. Also, --keep-fd was added to the RELNOTES after whitelist-ro, so move it there. --- RELNOTES | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'RELNOTES') diff --git a/RELNOTES b/RELNOTES index fbaf12716..598e19477 100644 --- a/RELNOTES +++ b/RELNOTES @@ -4,8 +4,8 @@ firejail (0.9.68rc2) baseline; urgency=low (see README.md) (#4748) * security: bugfix: private-cwd leaks access to the entire filesystem (#4780); reported by Hugo Osvaldo Barrera - * exit code: distinguish fatal signals by adding 128 (#4533) - * close file descriptors greater than 2 (--keep-fd) (#4845) + * remove (some) environment variables with auth-tokens (#4157) + * new condition: ALLOW_TRAY (#4510 #4599) * intrusion detection system (--ids-init, --ids-check) * deterministic shutdown (--deterministic-exit-code, --deterministic-shutdown) (#4635) @@ -15,11 +15,11 @@ firejail (0.9.68rc2) baseline; urgency=low * whitelist-ro profile command (#4740) * Allow apostrophe in whitelist and blacklist (#4614) * AppImage support in --build command (#4878) + * exit code: distinguish fatal signals by adding 128 (#4533) * build: firecfg.config is now installed to /etc/firejail/ (#4669) + * close file descriptors greater than 2 (--keep-fd) (#4845) * removed --disable-whitelist at compile time * removed whitelist=yes/no in /etc/firejail/firejail.config - * new condition: ALLOW_TRAY (#4510 #4599) - * remove (some) environment variables with auth-tokens (#4157) * bugfix: Fix sndio support (#4362 #4365) * bugfix: Error mounting tmpfs (MS_REMOUNT flag not being cleared) (#4387) * bugfix: --build clears the environment (#4460 #4467) -- cgit v1.2.3-54-g00ecf From b9baa71e93072953ee7e7501a4beb1d28feb84e8 Mon Sep 17 00:00:00 2001 From: "Kelvin M. Klann" Date: Sat, 5 Feb 2022 03:28:23 -0300 Subject: RELNOTES: add prefixes for features, modifs and removals To make it easier to see at a glance what each item is about. Note: Other than "removal", the prefixes are taken from previous releases. --- RELNOTES | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) (limited to 'RELNOTES') diff --git a/RELNOTES b/RELNOTES index 598e19477..433357945 100644 --- a/RELNOTES +++ b/RELNOTES @@ -4,22 +4,22 @@ firejail (0.9.68rc2) baseline; urgency=low (see README.md) (#4748) * security: bugfix: private-cwd leaks access to the entire filesystem (#4780); reported by Hugo Osvaldo Barrera - * remove (some) environment variables with auth-tokens (#4157) - * new condition: ALLOW_TRAY (#4510 #4599) - * intrusion detection system (--ids-init, --ids-check) - * deterministic shutdown (--deterministic-exit-code, + * feature: remove (some) environment variables with auth-tokens (#4157) + * feature: ALLOW_TRAY condition (#4510 #4599) + * feature: intrusion detection system (--ids-init, --ids-check) + * feature: deterministic shutdown command (--deterministic-exit-code, --deterministic-shutdown) (#4635) - * noprinters command (#4607 #4827) - * network monitor (--nettrace) - * network locker (--netlock) (#4848) - * whitelist-ro profile command (#4740) - * Allow apostrophe in whitelist and blacklist (#4614) - * AppImage support in --build command (#4878) - * exit code: distinguish fatal signals by adding 128 (#4533) - * build: firecfg.config is now installed to /etc/firejail/ (#4669) - * close file descriptors greater than 2 (--keep-fd) (#4845) - * removed --disable-whitelist at compile time - * removed whitelist=yes/no in /etc/firejail/firejail.config + * feature: noprinters command (#4607 #4827) + * feature: network monitor (--nettrace) + * feature: network locker (--netlock) (#4848) + * feature: whitelist-ro profile command (#4740) + * feature: Allow apostrophe in whitelist and blacklist (#4614) + * feature: AppImage support in --build command (#4878) + * modifs: exit code: distinguish fatal signals by adding 128 (#4533) + * modifs: firecfg.config is now installed to /etc/firejail/ (#4669) + * modifs: close file descriptors greater than 2 (--keep-fd) (#4845) + * removal: --disable-whitelist at compile time + * removal: whitelist=yes/no in /etc/firejail/firejail.config * bugfix: Fix sndio support (#4362 #4365) * bugfix: Error mounting tmpfs (MS_REMOUNT flag not being cleared) (#4387) * bugfix: --build clears the environment (#4460 #4467) -- cgit v1.2.3-54-g00ecf From 971972a7ad830e2c35cb5eb1e316efc846c7020a Mon Sep 17 00:00:00 2001 From: "Kelvin M. Klann" Date: Sat, 5 Feb 2022 04:17:09 -0300 Subject: RELNOTES: add docs and group keeping/dropping modifs Relates to #4078 #4632 #4689 #4725 #4732 #4851. --- RELNOTES | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'RELNOTES') diff --git a/RELNOTES b/RELNOTES index 433357945..c2281bec9 100644 --- a/RELNOTES +++ b/RELNOTES @@ -18,6 +18,10 @@ firejail (0.9.68rc2) baseline; urgency=low * modifs: exit code: distinguish fatal signals by adding 128 (#4533) * modifs: firecfg.config is now installed to /etc/firejail/ (#4669) * modifs: close file descriptors greater than 2 (--keep-fd) (#4845) + * modifs: nogroups now stopped causing certain system groups to be dropped, + which are now controlled by the relevant "no" options instead (such as + nosound -> drop audio group), which fixes device access issues on systems + not using (e)logind (such as with seatd) (#4632 #4725 #4732 #4851) * removal: --disable-whitelist at compile time * removal: whitelist=yes/no in /etc/firejail/firejail.config * bugfix: Fix sndio support (#4362 #4365) @@ -31,6 +35,9 @@ firejail (0.9.68rc2) baseline; urgency=low * bugfix: firecfg does not work with symlinks (discord.desktop) (#4235) * bugfix: Seccomp list output goes to stdout instead of stderr (#4328) * bugfix: private-etc does not work with symlinks (#4887) + * docs: fix contradictory descriptions of machine-id ("preserves" vs + "spoofs") (#4689) + * docs: Document that private-bin and private-etc always accumulate (#4078) * new includes: whitelist-run-common.inc (#4288), disable-X11.inc (#4462) * removed includes: disable-passwordmgr.inc (#4454 #4461) * new profiles: microsoft-edge-beta, clion-eap, lifeograph, zim -- cgit v1.2.3-54-g00ecf