Overview Repositories Revisions Requests Users Attributes Meta

Revisions of firejail

Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 1079767 from Factory Maintainer's avatar Factory Maintainer (factory-maintainer) (revision 18) 
Automatic submission by obs-autosubmit
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 984254 from Factory Maintainer's avatar Factory Maintainer (factory-maintainer) (revision 17) 
Automatic submission by obs-autosubmit
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 981393 from Sebastian Wagner's avatar Sebastian Wagner (sebix) (revision 16) 
- fix bsc#1199148 CVE-2022-31214 by adding patch fix-CVE-2022-31214.patch
  using commits from upstream.
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 958270 from Sebastian Wagner's avatar Sebastian Wagner (sebix) (revision 15) 
- add fix-internet-access.patch to fix boo#1196542
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 956436 from Factory Maintainer's avatar Factory Maintainer (factory-maintainer) (revision 14) 
Automatic submission by obs-autosubmit
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 870339 from Илья Индиго's avatar Илья Индиго (13ilya) (revision 12) 
- Update to 0.9.64.4:
  * disabled overlayfs, pending multiple fixes
  * fixed launch firefox for open url in telegram-desktop.profile
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 846925 from Илья Индиго's avatar Илья Индиго (13ilya) (revision 10) 
- packaging fixes
- Update to version 0.9.64:
  * replaced --nowrap option with --wrap in firemon
  * The blocking action of seccomp filters has been changed from
    killing the process to returning EPERM to the caller. To get the
    previous behaviour, use --seccomp-error-action=kill or
    syscall:kill syntax when constructing filters, or override in
    /etc/firejail/firejail.config file.
  * Fine-grained D-Bus sandboxing with xdg-dbus-proxy.
    xdg-dbus-proxy must be installed, if not D-Bus access will be allowed.
    With this version nodbus is deprecated, in favor of dbus-user none and
    dbus-system none and will be removed in a future version.
  * DHCP client support
  * firecfg only fix dektop-files if started with sudo
  * SELinux labeling support
  * custom 32-bit seccomp filter support
  * restrict ${RUNUSER} in several profiles
  * blacklist shells such as bash in several profiles
  * whitelist globbing
  * mkdir and mkfile support for /run/user directory
  * support ignore for include
  * --include on the command line
  * splitting up media players whitelists in whitelist-players.inc
  * new condition: HAS_NOSOUND
  * new profiles: gfeeds, firefox-x11, tvbrowser, rtv, clipgrab, muraster
  * new profiles: gnome-passwordsafe, bibtex, gummi, latex, mupdf-x11-curl
  * new profiles: pdflatex, tex, wpp, wpspdf, wps, et, multimc, mupdf-x11
  * new profiles: gnome-hexgl, com.github.johnfactotum.Foliate, mupdf-gl, mutool
  * new profiles: desktopeditors, impressive, planmaker18, planmaker18free
  * new profiles: presentations18, presentations18free, textmaker18, teams
  * new profiles: textmaker18free, xournal, gnome-screenshot, ripperX
  * new profiles: sound-juicer, com.github.dahenson.agenda, gnome-pomodoro
  * new profiles: gnome-todo, x2goclient, iagno, kmplayer, penguin-command
  * new profiles: frogatto, gnome-mines, gnome-nibbles, lightsoff, warmux
  * new profiles: ts3client_runscript.sh, ferdi, abiword, four-in-a-row
  * new profiles: gnome-mahjongg, gnome-robots, gnome-sudoku, gnome-taquin
  * new profiles: gnome-tetravex, blobwars, gravity-beams-and-evaporating-stars
  * new profiles: hyperrogue, jumpnbump-menu, jumpnbump, magicor, mindless
  * new profiles: mirrormagic, mrrescue, scorched3d-wrapper, scorchwentbonkers
  * new profiles: seahorse-adventures, wordwarvi, xbill, gnome-klotski
  * new profiles: swell-foop, fdns, five-or-more, steam-runtime
  * new profiles: nicotine, plv, mocp, apostrophe, quadrapassel, dino-im
  * new profiles: hitori, bijiben, gnote, gnubik, ZeGrapher, xonotic-sdl-wrapper
  * new profiles: gapplication, openarena_ded, element-desktop, cawbird
  * new profiles: freetube, strawberry, jitsi-meet-desktop
  * new profiles: homebank, mattermost-desktop, newsflash, com.gitlab.newsflash
  * new profiles: sushi, xfce4-screenshooter, org.gnome.NautilusPreviewer, lyx
  * new profiles: minitube, nuclear, mtpaint, minecraft-launcher, gnome-calendar
  * new profiles: vmware, git-cola, otter-browser, kazam, menulibre, musictube
  * new profiles: onboard, fractal, mirage, quaternion, spectral, man, psi
  * new profiles: smuxi-frontend-gnome, balsa, kube, trojita, youtube
  * new profiles: youtubemusic-nativefier, cola, dbus-send, notify-send
  * new profiles: qrencode, ytmdesktop, twitch
  * new profiles: xournalpp, chromium-freeworld, equalx
- remove firejail-0.9.62-fix-usr-etc.patch, included upstream
- remove firejail-apparmor-3.0.diff, included upstream
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 825005 from Sebastian Wagner's avatar Sebastian Wagner (sebix) (revision 7) 
- Add patches fix-CVE-2020-17367.patch and fix-CVE-2020-17368.patch to fix CVE-2020-17367 and CVE-2020-17368 and boo#1174986
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 799832 from Sebastian Wagner's avatar Sebastian Wagner (sebix) (revision 6) 
- Add firejail-0.9.62-fix-usr-etc.patch:
  Check /usr/etc not just /etc
- Replace python interpreter line in sort.py
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 774571 from Sebastian Wagner's avatar Sebastian Wagner (sebix) (revision 5) 
- update to version 0.9.62 
  * added file-copy-limit in /etc/firejail/firejail.config
  * profile templates (/usr/share/doc/firejail)
  * allow-debuggers support in profiles
  * several seccomp enhancements
  * compiler flags autodetection
  * move chroot entirely from path based to file descriptor based mounts
  * whitelisting /usr/share in a large number of profiles
  * new scripts in conrib: gdb-firejail.sh and sort.py
  * enhancement: whitelist /usr/share in some profiles
  * added signal mediation to apparmor profile
  * new conditions: HAS_X11, HAS_NET
  * new profiles: qgis, klatexformula, klatexformula_cmdl, links, xlinks
  * new profiles: pandoc, teams-for-linux, OpenArena, gnome-sound-recorder
  * new profiles: godot, tcpdump, tshark, newsbeuter, keepassxc-cli
  * new profiles: keepassxc-proxy, rhythmbox-client, jerry, zeal, mpg123
  * new profiles: conplay, mpg123.bin, mpg123-alsa, mpg123-id3dump, out123
  * new profiles: mpg123-jack, mpg123-nas, mpg123-openal, mpg123-oss
  * new profiles: mpg123-portaudio, mpg123-pulse, mpg123-strip, pavucontrol-qt
  * new profiles: gnome-characters, gnome-character-map, rsync, Whalebird,
  * new profiles: tor-browser (AUR), Zulip, tb-starter-wrapper, bzcat,
  * new profiles: kiwix-desktop, bzcat, zstd, pzstd, zstdcat, zstdgrep, zstdless
  * new profiles: zstdmt, unzstd, i2p, ar, gnome-latex, pngquant, kalgebra
  * new profiles: kalgebramobile, signal-cli, amuled, kfind, profanity
  * new profiles: audio-recorder, cameramonitor, ddgtk, drawio, unf, gmpc
  * new profiles: electron-mail, gist, gist-paste (forwarded request 773543 from darix)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 707400 from Sebastian Wagner's avatar Sebastian Wagner (sebix) (revision 4) 
- update to version 0.9.60:
 * security bug reported by Austin Morton:
   Seccomp filters are copied into /run/firejail/mnt, and are writable
   within the jail. A malicious process can modify files from inside the
   jail. Processes that are later joined to the jail will not have seccomp
   filters applied.
   CVE-2019-12589
   boo#1137139
 * memory-deny-write-execute now also blocks memfd_create
 * add private-cwd option to control working directory within jail
 * blocking system D-Bus socket with --nodbus
 * bringing back Centos 6 support
 * drop support for flatpak/snap packages
 * new profiles: crow, nyx, mypaint, celluoid, nano, transgui, mpdris2
 * new profiles: sysprof, simplescreenrecorder, geekbench, xfce4-mixer
 * new profiles: pavucontrol, d-feet, seahorse, secret-tool, gnome-keyring
 * new profiles: regextester, hardinfo, gnome-system-log, gnome-nettool
 * new profiles: netactview, redshift, devhelp, assogiate, subdownloader
 * new profiles: font-manager, exfalso, gconf-editor, dconf-editor
 * new profiles: sysprof-cli, seahorse-tool, secret-tool, dconf, gsettings
 * new profiles: code-oss, pragha, Maelstrom, ostrichriders, bzflag
 * new profiles: freeciv, lincity-ng, megaglest, openttd, crawl, crawl-tiles
 * new profiles: teeworlds, torcs, tremulous, warsow, lugaru, manaplus
 * new profiles: pioneer, scorched3d, widelands, freemind, kid3, kid3-qt
 * new profiles: kid3-cli, nomacs, freecol, opencity, openclonk, slashem
 * new profiles: vultureseye, vulturesclaw, anki, cheese, utox, mp3splt
 * new profiles: oggsplt, flacsplt, gramps, newsboat, freeoffice-planmaker
 * new profiles: autokey-gtk, autokey-qt, autokey-run, autokey-shell
 * new profiles: freeoffice-presentations, freeoffice-textmaker, mp3wrap
 * new profiles: inkview, meteo-qt, mp3splt-gtk, ktouch, yelp, cantata
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 639122 from Factory Maintainer's avatar Factory Maintainer (factory-maintainer) (revision 2) 
Automatic submission by obs-autosubmit
Displaying all 19 revisions
openSUSE Build Service is sponsored by
Places