Accepting request 522777 from home:avindra

- Update to version 0.9.50: * New features: - per-profile disable-mnt (--disable-mnt) - per-profile support to set X11 Xephyr screen size (--xephyr-screen) - private /lib directory (--private-lib) - disable CDROM/DVD drive (--nodvd) - disable DVB devices (--notv) - --profile.print * modif: --output split in two commands, --output and --output-stderr * set xpra-attach yes in /etc/firejail/firejail.config * Enhancements: - print all seccomp filters under --debug - /proc/sys mounting - rework IP address assingment for --net options - support for newer Xpra versions (2.1+) - - all profiles use a standard layout style - create /usr/local for firecfg if the directory doesn't exist - allow full paths in --private-bin * New seccomp features: - --memory-deny-write-execute - seccomp post-exec - block secondary architecture (--seccomp.block_secondary) - seccomp syscall groups - print all seccomp filters under --debug - default seccomp list update * new profiles: curl, mplayer2, SMPlayer, Calibre, ebook-viewer, KWrite, Geary, Liferea, peek, silentarmy, IntelliJ IDEA, Android Studio, electron, riot-web, Extreme Tux Racer, Frozen Bubble, Open Invaders, Pingus, Simutrans, SuperTux telegram-desktop, arm, rambox, apktool, baobab, dex2jar, gitg, hashcat, obs, picard, remmina, sdat2img, soundconverter truecraft, gnome-twitch, tuxguitar, musescore, neverball sqlitebrowse, Yandex Browser, minetest OBS-URL: https://build.opensuse.org/request/show/522777 OBS-URL: https://build.opensuse.org/package/show/Virtualization/firejail?expand=0&rev=8
2017-09-13 09:08:57 +00:00 · 2017-09-13 09:08:57 +00:00 · c320ca99e4
commit c320ca99e4
parent a872b3d7c4
4 changed files with 47 additions and 10 deletions
--- a/firejail-0.9.48.tar.xz
+++ b/firejail-0.9.48.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:637da4221ff91c351020de15ef07a7b4f72bc015255be74cbbeb898bba254709
-size 257592
--- a/firejail-0.9.50.tar.xz
+++ b/firejail-0.9.50.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:c15475b7ec8b42ee8707f03207bef9ba92d801fc61fd8d1e0f8cfc03833bb800
+size 279488
--- a/firejail.changes
+++ b/firejail.changes
@ -1,3 +1,41 @@
+-------------------------------------------------------------------
+Sat Sep  9 14:40:29 UTC 2017 - aavindraa@gmail.com
+
+- Update to version 0.9.50:
+  * New features:
+    - per-profile disable-mnt (--disable-mnt)
+    - per-profile support to set X11 Xephyr screen size (--xephyr-screen)
+    - private /lib directory (--private-lib)
+    - disable CDROM/DVD drive (--nodvd)
+    - disable DVB devices (--notv)
+    - --profile.print
+  * modif: --output split in two commands, --output and --output-stderr
+  * set xpra-attach yes in /etc/firejail/firejail.config
+  * Enhancements:
+    - print all seccomp filters under --debug
+    - /proc/sys mounting
+    - rework IP address assingment for --net options
+    - support for newer Xpra versions (2.1+) -
+    - all profiles use a standard layout style
+    - create /usr/local for firecfg if the directory doesn't exist
+    - allow full paths in --private-bin
+   * New seccomp features:
+    - --memory-deny-write-execute
+    - seccomp post-exec
+    - block secondary architecture (--seccomp.block_secondary)
+    - seccomp syscall groups
+    - print all seccomp filters under --debug
+    - default seccomp list update
+  * new profiles:
+    curl, mplayer2, SMPlayer, Calibre, ebook-viewer, KWrite,
+    Geary, Liferea, peek, silentarmy, IntelliJ IDEA,
+    Android Studio, electron, riot-web, Extreme Tux Racer,
+    Frozen Bubble, Open Invaders, Pingus, Simutrans, SuperTux
+    telegram-desktop, arm, rambox, apktool, baobab, dex2jar, gitg,
+    hashcat, obs, picard, remmina, sdat2img, soundconverter
+    truecraft, gnome-twitch, tuxguitar, musescore, neverball
+    sqlitebrowse, Yandex Browser, minetest
+
 -------------------------------------------------------------------
 Tue Aug 15 15:47:49 CEST 2017 - tiwai@suse.de

--- a/firejail.spec
+++ b/firejail.spec
@ -1,7 +1,7 @@
 #
 # spec file for package firejail
 #
-# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -17,7 +17,7 @@


 Name:           firejail
-Version:        0.9.48
+Version:        0.9.50
 Release:        0
 Summary:        Linux namepaces sandbox program
 License:        GPL-2.0
@ -25,8 +25,8 @@ Group:          Productivity/Security
 Url:            https://firejail.wordpress.com/
 Source0:        %{name}-%{version}.tar.xz
 Source1:        %{name}.rpmlintrc
-BuildRequires:  libapparmor-devel
 BuildRequires:  gcc-c++
+BuildRequires:  libapparmor-devel
 Requires(pre):  permissions

 %description
@ -35,7 +35,7 @@ breaches by restricting the running environment of untrusted applications
 using Linux namespaces and seccomp-bpf. It includes sandbox profiles for
 many existing applications like Iceweasel/Mozilla Firefox and Chromium.

-Firejail also expands the restricted shell facility found in bash by adding 
+Firejail also expands the restricted shell facility found in bash by adding
 Linux namespace support. It supports sandboxing specific users upon login.

 %prep
@ -47,7 +47,7 @@ Linux namespace support. It supports sandboxing specific users upon login.
 make %{?_smp_mflags} VERBOSE=1

 %install
-make %{?_smp_mflags} DESTDIR=%{buildroot} install
+%make_install

 %post
 /sbin/ldconfig
@ -59,7 +59,6 @@ make %{?_smp_mflags} DESTDIR=%{buildroot} install
 %postun -p /sbin/ldconfig

 %files
-%defattr(-,root,root)
 %verify(not user group mode) %{_bindir}/firejail
 %{_bindir}/firecfg
 %{_bindir}/firemon
@ -70,6 +69,6 @@ make %{?_smp_mflags} DESTDIR=%{buildroot} install
 %{_mandir}/man5/*
 %dir %{_sysconfdir}/%{name}
 %config %{_sysconfdir}/%{name}/*
-/etc/apparmor.d
+%{_sysconfdir}/apparmor.d

 %changelog