- update to version 0.9.60:

* security bug reported by Austin Morton:
   Seccomp filters are copied into /run/firejail/mnt, and are writable
   within the jail. A malicious process can modify files from inside the
   jail. Processes that are later joined to the jail will not have seccomp
   filters applied.
 * memory-deny-write-execute now also blocks memfd_create
 * add private-cwd option to control working directory within jail
 * blocking system D-Bus socket with --nodbus
 * bringing back Centos 6 support
 * drop support for flatpak/snap packages
 * new profiles: crow, nyx, mypaint, celluoid, nano, transgui, mpdris2
 * new profiles: sysprof, simplescreenrecorder, geekbench, xfce4-mixer
 * new profiles: pavucontrol, d-feet, seahorse, secret-tool, gnome-keyring
 * new profiles: regextester, hardinfo, gnome-system-log, gnome-nettool
 * new profiles: netactview, redshift, devhelp, assogiate, subdownloader
 * new profiles: font-manager, exfalso, gconf-editor, dconf-editor
 * new profiles: sysprof-cli, seahorse-tool, secret-tool, dconf, gsettings
 * new profiles: code-oss, pragha, Maelstrom, ostrichriders, bzflag
 * new profiles: freeciv, lincity-ng, megaglest, openttd, crawl, crawl-tiles
 * new profiles: teeworlds, torcs, tremulous, warsow, lugaru, manaplus
 * new profiles: pioneer, scorched3d, widelands, freemind, kid3, kid3-qt
 * new profiles: kid3-cli, nomacs, freecol, opencity, openclonk, slashem
 * new profiles: vultureseye, vulturesclaw, anki, cheese, utox, mp3splt
 * new profiles: oggsplt, flacsplt, gramps, newsboat, freeoffice-planmaker
 * new profiles: autokey-gtk, autokey-qt, autokey-run, autokey-shell
 * new profiles: freeoffice-presentations, freeoffice-textmaker, mp3wrap
 * new profiles: inkview, meteo-qt, mp3splt-gtk, ktouch, yelp, cantata

OBS-URL: https://build.opensuse.org/package/show/Virtualization/firejail?expand=0&rev=18

firejail-0.9.58.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:2f6fcb58e2544d647b4ec28275ffd5e94f677dfd2ead9acaa17efe6e8567bf7b
-size 337708

firejail-0.9.58.tar.xz.asc

@@ -1,11 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQEzBAABCAAdFiEE+VEWSZX1xABqc0EeLMs2rfxYSacFAlxNrZQACgkQLMs2rfxY
-SaeN7wf/UcsgE5HpV7vsxsVzLYTwjhtX98ygRA/AL3+FeIoHaXEHyiRhCl1WJxOJ
-YddTV80ilHmH4OHyUqAI5qgvXrrUjFlXTL6+ebFWGJVEfm5lTUWXwVOy0xfCUSOn
-xLqPOT2hp3T4kSCARhySSTtGH0+VGqrn7q/7aMJj3m4bOLX1rGbflWf37KzKFvq3
-BAN+MvxSG8JhM4CnOP/8G/OyDcy5/U6Z2Icz4caH0GnqGHbGQN8/AlMJrByXo8bd
-q7qwM6JjEdlj7zHyWVim7JaV2ix1iBwZvrWKHc7V8Jc3tSYTzQlTuuddjCcvKLia
-AuTrUlpDI197Vk11BvqTWk8rTGBJrg==
-=uVMi
------END PGP SIGNATURE-----

firejail-0.9.60.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:508fd69f90ba58959d5e82e10a488f96f6dcf918c054872991aa2f0e08d082d7
+size 357136

firejail-0.9.60.tar.xz.asc

@@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQEzBAABCAAdFiEE+VEWSZX1xABqc0EeLMs2rfxYSacFAlzr+RcACgkQLMs2rfxY
+Saf1qAf/UJK2FDIIkPYf+4wWm6gHqUhaagIGm0N0Ywy4Bpa1cGEOxmES55fKnvPL
+/fmiQTNusA9stUi4G3iTqAJOx5Z/MYHol/1KvSnXAz6VjKoG55De1FL8y79a34Tv
+dCFXbL8hPf6eIhvp8yAGaZyIH1b9yYbWDhE5tVD+CQxVhNmuEBGoMEjgd2kclnJn
+D60j2FvIL1v2BqgQbfdUTbSsdvQZ8HkvtphIdKz/LUooNyJk+vNZIsXsmkdyMImv
+AD2lq5U5zVUD8BBJRKxP8G/099hlSnc7RLsZy2QyXtlRvSUsKlUfzT8SopOhEtRO
+gOcZ2b6kN7NWtT9lexvDhnYgHZL56g==
+=b7Q9
+-----END PGP SIGNATURE-----

firejail.changes

@@ -1,3 +1,35 @@
+-------------------------------------------------------------------
+Sun Jun  2 16:30:42 UTC 2019 - Sebastian Wagner <sebix+novell.com@sebix.at>
+
+- update to version 0.9.60:
+ * security bug reported by Austin Morton:
+   Seccomp filters are copied into /run/firejail/mnt, and are writable
+   within the jail. A malicious process can modify files from inside the
+   jail. Processes that are later joined to the jail will not have seccomp
+   filters applied.
+ * memory-deny-write-execute now also blocks memfd_create
+ * add private-cwd option to control working directory within jail
+ * blocking system D-Bus socket with --nodbus
+ * bringing back Centos 6 support
+ * drop support for flatpak/snap packages
+ * new profiles: crow, nyx, mypaint, celluoid, nano, transgui, mpdris2
+ * new profiles: sysprof, simplescreenrecorder, geekbench, xfce4-mixer
+ * new profiles: pavucontrol, d-feet, seahorse, secret-tool, gnome-keyring
+ * new profiles: regextester, hardinfo, gnome-system-log, gnome-nettool
+ * new profiles: netactview, redshift, devhelp, assogiate, subdownloader
+ * new profiles: font-manager, exfalso, gconf-editor, dconf-editor
+ * new profiles: sysprof-cli, seahorse-tool, secret-tool, dconf, gsettings
+ * new profiles: code-oss, pragha, Maelstrom, ostrichriders, bzflag
+ * new profiles: freeciv, lincity-ng, megaglest, openttd, crawl, crawl-tiles
+ * new profiles: teeworlds, torcs, tremulous, warsow, lugaru, manaplus
+ * new profiles: pioneer, scorched3d, widelands, freemind, kid3, kid3-qt
+ * new profiles: kid3-cli, nomacs, freecol, opencity, openclonk, slashem
+ * new profiles: vultureseye, vulturesclaw, anki, cheese, utox, mp3splt
+ * new profiles: oggsplt, flacsplt, gramps, newsboat, freeoffice-planmaker
+ * new profiles: autokey-gtk, autokey-qt, autokey-run, autokey-shell
+ * new profiles: freeoffice-presentations, freeoffice-textmaker, mp3wrap
+ * new profiles: inkview, meteo-qt, mp3splt-gtk, ktouch, yelp, cantata
+
 -------------------------------------------------------------------
 Fri Feb  1 07:29:32 UTC 2019 - info@paolostivanin.com
 

firejail.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package firejail
 #
-# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
 
 
 Name:           firejail
-Version:        0.9.58
+Version:        0.9.60
 Release:        0
 Summary:        Linux namepaces sandbox program
 License:        GPL-2.0-only