From c320ca99e40408b1a354f39e024703da49597f8457303861efa06d54200d3127 Mon Sep 17 00:00:00 2001
From: Takashi Iwai <tiwai@suse.com>
Date: Wed, 13 Sep 2017 09:08:57 +0000
Subject: [PATCH] Accepting request 522777 from home:avindra

- Update to version 0.9.50:
  * New features:
    - per-profile disable-mnt (--disable-mnt)
    - per-profile support to set X11 Xephyr screen size (--xephyr-screen)
    - private /lib directory (--private-lib)
    - disable CDROM/DVD drive (--nodvd)
    - disable DVB devices (--notv)
    - --profile.print
  * modif: --output split in two commands, --output and --output-stderr
  * set xpra-attach yes in /etc/firejail/firejail.config
  * Enhancements:
    - print all seccomp filters under --debug
    - /proc/sys mounting
    - rework IP address assingment for --net options
    - support for newer Xpra versions (2.1+) -
    - all profiles use a standard layout style
    - create /usr/local for firecfg if the directory doesn't exist
    - allow full paths in --private-bin
   * New seccomp features:
    - --memory-deny-write-execute
    - seccomp post-exec
    - block secondary architecture (--seccomp.block_secondary)
    - seccomp syscall groups
    - print all seccomp filters under --debug
    - default seccomp list update
  * new profiles:
    curl, mplayer2, SMPlayer, Calibre, ebook-viewer, KWrite,
    Geary, Liferea, peek, silentarmy, IntelliJ IDEA,
    Android Studio, electron, riot-web, Extreme Tux Racer,
    Frozen Bubble, Open Invaders, Pingus, Simutrans, SuperTux
    telegram-desktop, arm, rambox, apktool, baobab, dex2jar, gitg,
    hashcat, obs, picard, remmina, sdat2img, soundconverter
    truecraft, gnome-twitch, tuxguitar, musescore, neverball
    sqlitebrowse, Yandex Browser, minetest

OBS-URL: https://build.opensuse.org/request/show/522777
OBS-URL: https://build.opensuse.org/package/show/Virtualization/firejail?expand=0&rev=8
---
 firejail-0.9.48.tar.xz |  3 ---
 firejail-0.9.50.tar.xz |  3 +++
 firejail.changes       | 38 ++++++++++++++++++++++++++++++++++++++
 firejail.spec          | 13 ++++++-------
 4 files changed, 47 insertions(+), 10 deletions(-)
 delete mode 100644 firejail-0.9.48.tar.xz
 create mode 100644 firejail-0.9.50.tar.xz

diff --git a/firejail-0.9.48.tar.xz b/firejail-0.9.48.tar.xz
deleted file mode 100644
index f7b9a24..0000000
--- a/firejail-0.9.48.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:637da4221ff91c351020de15ef07a7b4f72bc015255be74cbbeb898bba254709
-size 257592
diff --git a/firejail-0.9.50.tar.xz b/firejail-0.9.50.tar.xz
new file mode 100644
index 0000000..305fc54
--- /dev/null
+++ b/firejail-0.9.50.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:c15475b7ec8b42ee8707f03207bef9ba92d801fc61fd8d1e0f8cfc03833bb800
+size 279488
diff --git a/firejail.changes b/firejail.changes
index 9e2d783..dd04ee1 100644
--- a/firejail.changes
+++ b/firejail.changes
@@ -1,3 +1,41 @@
+-------------------------------------------------------------------
+Sat Sep  9 14:40:29 UTC 2017 - aavindraa@gmail.com
+
+- Update to version 0.9.50:
+  * New features:
+    - per-profile disable-mnt (--disable-mnt)
+    - per-profile support to set X11 Xephyr screen size (--xephyr-screen)
+    - private /lib directory (--private-lib)
+    - disable CDROM/DVD drive (--nodvd)
+    - disable DVB devices (--notv)
+    - --profile.print
+  * modif: --output split in two commands, --output and --output-stderr
+  * set xpra-attach yes in /etc/firejail/firejail.config
+  * Enhancements:
+    - print all seccomp filters under --debug
+    - /proc/sys mounting
+    - rework IP address assingment for --net options
+    - support for newer Xpra versions (2.1+) -
+    - all profiles use a standard layout style
+    - create /usr/local for firecfg if the directory doesn't exist
+    - allow full paths in --private-bin
+   * New seccomp features:
+    - --memory-deny-write-execute
+    - seccomp post-exec
+    - block secondary architecture (--seccomp.block_secondary)
+    - seccomp syscall groups
+    - print all seccomp filters under --debug
+    - default seccomp list update
+  * new profiles:
+    curl, mplayer2, SMPlayer, Calibre, ebook-viewer, KWrite,
+    Geary, Liferea, peek, silentarmy, IntelliJ IDEA,
+    Android Studio, electron, riot-web, Extreme Tux Racer,
+    Frozen Bubble, Open Invaders, Pingus, Simutrans, SuperTux
+    telegram-desktop, arm, rambox, apktool, baobab, dex2jar, gitg,
+    hashcat, obs, picard, remmina, sdat2img, soundconverter
+    truecraft, gnome-twitch, tuxguitar, musescore, neverball
+    sqlitebrowse, Yandex Browser, minetest
+
 -------------------------------------------------------------------
 Tue Aug 15 15:47:49 CEST 2017 - tiwai@suse.de
 
diff --git a/firejail.spec b/firejail.spec
index 911c587..1a699e1 100644
--- a/firejail.spec
+++ b/firejail.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package firejail
 #
-# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
 
 
 Name:           firejail
-Version:        0.9.48
+Version:        0.9.50
 Release:        0
 Summary:        Linux namepaces sandbox program
 License:        GPL-2.0
@@ -25,8 +25,8 @@ Group:          Productivity/Security
 Url:            https://firejail.wordpress.com/
 Source0:        %{name}-%{version}.tar.xz
 Source1:        %{name}.rpmlintrc
-BuildRequires:  libapparmor-devel
 BuildRequires:  gcc-c++
+BuildRequires:  libapparmor-devel
 Requires(pre):  permissions
 
 %description
@@ -35,7 +35,7 @@ breaches by restricting the running environment of untrusted applications
 using Linux namespaces and seccomp-bpf. It includes sandbox profiles for
 many existing applications like Iceweasel/Mozilla Firefox and Chromium.
 
-Firejail also expands the restricted shell facility found in bash by adding 
+Firejail also expands the restricted shell facility found in bash by adding
 Linux namespace support. It supports sandboxing specific users upon login.
 
 %prep
@@ -47,7 +47,7 @@ Linux namespace support. It supports sandboxing specific users upon login.
 make %{?_smp_mflags} VERBOSE=1
 
 %install
-make %{?_smp_mflags} DESTDIR=%{buildroot} install
+%make_install
 
 %post
 /sbin/ldconfig
@@ -59,7 +59,6 @@ make %{?_smp_mflags} DESTDIR=%{buildroot} install
 %postun -p /sbin/ldconfig
 
 %files
-%defattr(-,root,root)
 %verify(not user group mode) %{_bindir}/firejail
 %{_bindir}/firecfg
 %{_bindir}/firemon
@@ -70,6 +69,6 @@ make %{?_smp_mflags} DESTDIR=%{buildroot} install
 %{_mandir}/man5/*
 %dir %{_sysconfdir}/%{name}
 %config %{_sysconfdir}/%{name}/*
-/etc/apparmor.d
+%{_sysconfdir}/apparmor.d
 
 %changelog