Accepting request 984254 from Virtualization

Automatic submission by obs-autosubmit OBS-URL: https://build.opensuse.org/request/show/984254 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/firejail?expand=0&rev=17
2022-06-23 08:23:38 +00:00 · 2022-06-23 08:23:38 +00:00 · 4e0f543415
commit 4e0f543415
parent c4df071dcc 02185620d8
8 changed files with 57 additions and 2287 deletions
--- a/firejail-0.9.68.tar.xz
+++ b/firejail-0.9.68.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:a322395597d89d2e5ea21fb11cb3f2afc44b00fca5439bf44c7636c5cffa652f
-size 477332
--- a/firejail-0.9.68.tar.xz.asc
+++ b/firejail-0.9.68.tar.xz.asc
@ -1,11 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iQEzBAABCgAdFiEE+VEWSZX1xABqc0EeLMs2rfxYSacFAmH/zu0ACgkQLMs2rfxY
-Saf2WAf/UI98s9MugTAq45CIuxaqzhbbGc435Lwo2NgS2LCYKoJOmes6UdyLPUa1
-aawBImtfqTyOXWrWnKjYBl7fIVATKpP7Ddm2+y6RJ+px/4dRUWNLVqEvka5BLYNS
-HrYP84a1vxqeg0LVOMcmD701mTmbT68jwpjD2Ai2ZkiRGXS5KfBWIRL+WR7PAorj
-jDxqUSorEF8x316d+0doy9NyeCXS5A1aqTmjnTxZ3RBfkg+Zq33S+x+2ktepdnDH
-q/Fv9W4C/GVoXBj6PKtk4JXFUJIeYUYCXE9sq2bpCEAdom5J+EpUMo+42G1/xLYL
-mFP0G113+ciMoLWkjJMNQH6KbFjCsQ==
-=6MJb
-----END PGP SIGNATURE-----
--- a/firejail-0.9.70.tar.xz
+++ b/firejail-0.9.70.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:b77b67a4db7c01d69cb033a50aa7b1132dfaeb2cd97ce6412285235265b71b17
+size 485096
--- a/firejail-0.9.70.tar.xz.asc
+++ b/firejail-0.9.70.tar.xz.asc
@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQEzBAABCgAdFiEE+VEWSZX1xABqc0EeLMs2rfxYSacFAmKiC7EACgkQLMs2rfxY
+SacmLAf+MhUh5ylaEjCSUKCYJKC7E/OoSYWm2/bRWl3KIeREeL59wxgb3n9ulqGD
+MWKHuwetVtRMg5rO7D9LUHUEY80nZw/8iDC8QLzfOsZpS3dQF26Ab4bqaIo/HEQr
+9eDk3SIHGqhP62qsAjaGACOOlVDeJXWx5h4M9cTe7VN+IFT7XtN7ytDc23/UZF9o
+PmViKz9dyiXX6omt7mVddJx+OBeRUmSsTknmbNafz38aIikoJwivgn3Fc8PxGNzI
+lwgHU1Kz4fenTZp2500Cof7rFqQwTdqcZbNIrt1xwQgBF/tdc2Bb4+MkfgiRYhGa
+BV/EsPB7vysgGFluZsIY17Ptjc91lw==
+=pzNZ
+-----END PGP SIGNATURE-----
--- a/firejail.changes
+++ b/firejail.changes
@ -1,3 +1,45 @@
+-------------------------------------------------------------------
+Tue Jun 14 20:21:18 UTC 2022 - Sebastian Wagner <sebix+novell.com@sebix.at>
+
+- remove patches fix-internet-access.patch and fix-CVE-2022-31214.patch
+  as they are integrated upstream
+- update to version 0.9.70:
+ - security: CVE-2022-31214 - root escalation in --join logic
+ - Reported by Matthias Gerstner, working exploit code was provided to our
+ - development team. In the same time frame, the problem was independently
+ - reported by Birk Blechschmidt. Full working exploit code was also provided.
+ - feature: enable shell tab completion with --tab (#4936)
+ - feature: disable user profiles at compile time (#4990)
+ - feature: Allow resolution of .local names with avahi-daemon in the apparmor
+ - profile (#5088)
+ - feature: always log seccomp errors (#5110)
+ - feature: firecfg --guide, guided user configuration (#5111)
+ - feature: --oom, kernel OutOfMemory-killer (#5122)
+ - modif: --ids feature needs to be enabled at compile time (#5155)
+ - modif: --nettrace only available to root user
+ - rework: whitelist restructuring (#4985)
+ - rework: firemon, speed up and lots of fixes
+ - bugfix: --private-cwd not expanding macros, broken hyperrogue (#4910)
+ - bugfix: nogroups + wrc prints confusing messages (#4930 #4933)
+ - bugfix: openSUSE Leap - whitelist-run-common.inc (#4954)
+ - bugfix: fix printing in evince (#5011)
+ - bugfix: gcov: fix gcov functions always declared as dummy (#5028)
+ - bugfix: Stop warning on safe supplementary group clean (#5114)
+ - build: remove ultimately unused INSTALL and RANLIB check macros (#5133)
+ - build: mkdeb.sh.in: pass remaining arguments to ./configure (#5154)
+ - ci: replace centos (EOL) with almalinux (#4912)
+ - ci: fix --version not printing compile-time features (#5147)
+ - ci: print version after install & fix apparmor support on build_apparmor
+ - (#5148)
+ - docs: Refer to firejail.config in configuration files (#4916)
+ - docs: firejail.config: add warning about allow-tray (#4946)
+ - docs: mention that the protocol command accumulates (#5043)
+ - docs: mention inconsistent homedir bug involving --private=dir (#5052)
+ - docs: mention capabilities(7) on --caps (#5078)
+ - new profiles: onionshare, onionshare-cli, opera-developer, songrec
+ - new profiles: node-gyp, npx, semver, ping-hardened
+ - removed profiles: nvm
+
 -------------------------------------------------------------------
 Wed Jun  8 21:08:03 UTC 2022 - Sebastian Wagner <sebix+novell.com@sebix.at>

--- a/firejail.spec
+++ b/firejail.spec
@ -17,7 +17,7 @@


 Name:           firejail
-Version:        0.9.68
+Version:        0.9.70
 Release:        0
 Summary:        Linux namepaces sandbox program
 License:        GPL-2.0-only
@ -27,10 +27,6 @@ Source0:        https://github.com/netblue30/%{name}/releases/download/%{version
 Source1:        https://github.com/netblue30/%{name}/releases/download/%{version}/%{name}-%{version}.tar.xz.asc
 # https://firejail.wordpress.com/download-2/
 Source2:        %{name}.keyring
-# PATCH-FIX-UPSTREAM fix-internet-access.patch -- from https://github.com/netblue30/firejail/commit/bb334a8fd4f0911a8dfa1538d02fbd0574b81333.patch
-Patch0:         fix-internet-access.patch
-# PATCH-FIX-UPSTREAM fix-CVE-2022-31214.patch -- from https://github.com/netblue30/firejail/commit/27cde3d7d1e4e16d4190932347c7151dc2a84c50 and https://github.com/netblue30/firejail/commit/dab835e7a0eb287822016f5ae4e87f46e1d363e7.patch and https://github.com/netblue30/firejail/commit/1884ea22a90d225950d81c804f1771b42ae55f54
-Patch1:         fix-CVE-2022-31214.patch
 BuildRequires:  fdupes
 BuildRequires:  gcc-c++
 BuildRequires:  libapparmor-devel
@ -69,8 +65,6 @@ Optional dependency offering zsh completion for firejail
 %prep
 %setup -q
 sed -i '1s/^#!\/usr\/bin\/env /#!\/usr\/bin\//' contrib/fj-mkdeb.py contrib/fjclip.py contrib/fjdisplay.py contrib/fjresize.py contrib/sort.py contrib/fix_private-bin.py contrib/jail_prober.py
-%patch0 -p1
-%patch1 -p1

 %build
 %configure --docdir=%{_docdir}/%{name} \
--- a/fix-CVE-2022-31214.patch
+++ b/fix-CVE-2022-31214.patch
--- a/fix-internet-access.patch
+++ b/fix-internet-access.patch
@ -1,22 +0,0 @@
-From bb334a8fd4f0911a8dfa1538d02fbd0574b81333 Mon Sep 17 00:00:00 2001
-From: netblue30 <netblue30@protonmail.com>
-Date: Tue, 22 Feb 2022 09:32:46 -0500
-Subject: [PATCH] openSUSE Leap - whitelist-run-common.inc (#4954)
-
---
- RELNOTES                         | 1 +
- etc/inc/whitelist-run-common.inc | 1 +
- 2 files changed, 2 insertions(+)
-
-diff --git a/etc/inc/whitelist-run-common.inc b/etc/inc/whitelist-run-common.inc
-index d74655a087..26160a10b9 100644
--- a/etc/inc/whitelist-run-common.inc
-+++ b/etc/inc/whitelist-run-common.inc
-@@ -7,6 +7,7 @@ whitelist /run/cups/cups.sock
- whitelist /run/dbus/system_bus_socket
- whitelist /run/media
- whitelist /run/resolvconf/resolv.conf
-+whitelist /run/netconfig/resolv.conf	# openSUSE Leap
- whitelist /run/shm
- whitelist /run/systemd/journal/dev-log
- whitelist /run/systemd/journal/socket