------------------------------------------------------------------- Thu Feb 19 04:42:02 UTC 2026 - pallas wept - Build for selinux ------------------------------------------------------------------- Sat Jan 3 18:23:36 UTC 2026 - Glen Masgai - Update to version 0.9.78: * feature: add arg-max-count / arg-max-len to firejail.config (#4633 #6878) * feature: add env-max-count / env-max-len to firejail.config (#3678 #6951) * feature: add --xephyr-extra-params= command (#6952) * feature: replace bubblewrap (bwrap) in the sandbox with a dummy program (fbwrap) to work around issues with glycin 2.0.0 via gdk-pixbuf2 and add --allow-bwrap command to force the use of the real bwrap (#6906 #7009) * modif: firemon: improve debug message code (#6856) * modif: rlimit: allow uppercase suffixes (#6890) * modif: rlimit: use uppercase suffixes in the code/docs (#6891) * modif: rlimit: improve error messages (#6893) * modif: update and add syscalls for several architectures (#6956 #6961) * modif: check for --version during early init (#6972) * removal: --disable-globalcfg configure option (#6984) * removal: overlayfs support/--overlay commands (#6994) * removal: Intrusion Detection System (IDS)/fids (#6995) * bugfix: remove /usr/share + "runner:root" CI workaround (#6844) * bugfix: firemon: fix inconsistent debug message format (#6854) * bugfix: fix potential infinite loop in checkcfg (-fanalyzer) (#6859) * bugfix: fnettrace-icmp: fix uninitialized vars (cppcheck) (#6869) * bugfix: firemon: avoid cmd double-free in procevent_monitor (#6792 #6846) * bugfix: firemon: fix potential memory leak in procevent_monitor (#6872) * bugfix: firecfg: fix parsing filenames with multiple ".desktop" (#6865 #6871) * bugfix: fix French translation for ${PICTURES} macro (#6942) * bugfix: add missing macros in profile.template (#6948) * bugfix: check for --quiet/--debug earlier during init (#6969) * bugfix: disable apparmor if --allow-debuggers (#6882) * bugfix: firecfg: skip snap-packaged programs to avoid breaking them on Ubuntu desktop (#7008) * build: cppcheck: ignore src/lib/syscalls.c (#6868) * build: cppcheck: use --check-level=exhaustive (#6877) * build: add script to generate syscall headers (#6960 #6990) * build: add sort-profiles target for sort.py (#7004) * tests: rlimit: add missing tests for rlimit-as / rlimit-cpu (#6895) * tests: man: fix timeout error (#6949) * tests: man: disable test due to timeout (#6955) * tests: fix test-appimage on Arch and Debian 13 (#7007) * ci: allow new github domain for codeql download (#6845) * ci: standardize "apt-get install" step name (#6862) * ci: speed-up main build & add build-gcc (#6864) * ci: cppcheck: upgrade ubuntu-22.04 to ubuntu-24.04 (#6874) * ci: codespell: upgrade ubuntu-22.04 to ubuntu-24.04 (#6873) * ci: codeql-cpp: print config.log if configure fails (#7003) * docs: man: improve strace usage and add refs (#6851) * docs: add debian/ubuntu links to README.md (#6850) * docs: github: clarify how to attach logs (#6858) * docs: rlimit: improve text and use base-2 units (#6894) * docs: man: clarify what ipc-namespace affects (#6930) * docs: improve build/install commands (#6962) * docs: add distribution-specific build/install instructions (#6964) * docs: clarify that only latest and dev versions are supported (#6965) * docs: always use full path to program in examples (#6963) * profiles: thunderbird: fix ignoring wruc (#6839 #6852) * profiles: wine: disable noinput so gamepads work (#6866 #6867) * profiles: qutebrowser: whitelist /usr/share/pdf.js (#6875) * profiles: firefox-common: add a comment about mpris (#6876) * profiles: qutebrowser: add comment about qute-pass support (#6879) * profiles: add missing mailcap entries (#6883 #6884) * profiles: organize blacklist sections as per profile.template (#6885) * profiles: godot: allow ~/.local/share/Trash (#6904) * profiles: wusc: add /usr/share/glycin-loaders (#6907) * profiles: wusc: add /usr/share/gtk-4.0 (#6909) * profiles: mullvad-browser: allow readlink and realpath (#6923) * profiles: blink-common-hardened: disable noroot to fix saving files (#6920) * profiles: steam: allow ~/.local/share/doublefine (#6937) * profiles: wusc: add /usr/share/gtksourceview-5 (#6947) * profiles: ssh: add ${RUNUSER}/openssh_agent socket path (#6975) * profiles: brave: add org.mpris.MediaPlayer2.brave.* (#6980) * profiles: hashcat: fix runtime errors (#6364 #6888) * new profile: ne (text editor) (ae22e56) * new profile: trivalent (#6900) * new profile: openra (#7005) * new profile: gzdoom, lzdoom, uzdoom (#7010) * new profile: quakespasm (#7014) ------------------------------------------------------------------- Thu Jul 31 10:43:14 UTC 2025 - Sebastian Wagner - add new additional signing key support+releasesigning@divested.dev 6395FC9911EDCD6158712DF7BADFCABDDBF5B694 - Update to version 0.9.76: * feature: use globbing in hardcoded numbered /dev paths (#2723 #6704) * feature: add warn command (#6710) * feature: use non-blocking flock calls (#6761) * modif: block TPM devices & turn notpm command into keep-dev-tpm (#6698) * modif: improve error messages in mountinfo.c (#6711) * modif: use "Error:" in errExit message (#6716) * modif: keep tss group if keep-dev-tpm is used (#6718) * modif: keep /dev/tpmrm devices if keep-dev-tpm is used (#6719) * modif: keep tcm/tcmrm devices if keep-dev-tpm is used (#6724) * modif: improve "Failed mount" error messages in util.c (#6747) * modif: improve fcopy error messages in check() (#6801) * modif: fcopy: try normal case first instead of last in check() (#6804) * modif: improve new network namespace error message (#6824) * modif: improve error messages in sandbox.c/sbox.c (#6825) * bugfix: fix flock debug messages going to stderr (#6712) * bugfix: add missing selinux relabeling for /dev paths (#6734) * bugfix: fix potential deadlock with flock + SIGTSTP (#6729 #6750) * bugfix: fcopy: add /usr/share + "runner:root" exception to fix CI (#6797 #6803) * bugfix: fcopy: allow /etc/resolv.conf owned by systemd-resolve (#4545 #6808) * bugfix: fix "Not enforcing Landlock" message always being printed (#6806) * bugfix: add NULL check for cmdline in find_child() (#6840) * build: use TARNAME in SYSCONFDIR/VARDIR (#6713) * build: add localstatedir and use in VARDIR (#6715) * build: replace SYSCONFDIR with @sysconfdir@ (#6737) * ci: upgrade debian:buster to debian:bullseye (#6832) * docs: improve URL formatting in man pages (#6706) * docs: clarify --private bug in man pages (#6805) * docs: fix man formatting of landlock.enforce (#6807) * profiles: split commands that increase/reduce access (#6687) * profiles: firefox: add comment about creating PWA shortcuts (#6689) * profiles: add more xorg paths (#6708) * profiles: fix include of deprecated disable-X11.inc (uppercase) (#6709) * profiles: godot: remove noinput so gamepads work (#6707) * profiles: remove mkdir ~/.pki (#6732) * profiles: mpv: remove mkfile ~/.netrc (#6735) * profiles: curl: allow ~/.netrc (#6736) * profiles: discord-common: add env to private-bin (#6738) * profiles: firecfg: disable checksum programs (#6755) * profiles: rssguard: allow lua (#6758 #6759) * profiles: wine: allow python to fix Epic Games Launcher (#6762 #6763) * profiles: wusc: add /usr/share/xkeyboard-config-2 (#6773 #6775) * profiles: chafa: quiet output (#6777) * profiles: ripperx/sound-juicer: fix profile name typos (#6780) * profiles: ani-cli: add mpv to private-etc for plugins access (#6779) * profiles: use private-etc groups in more profiles (#6783) * profiles: firecfg: disable foliate (#6784) * profiles: finish converting private-opt to whitelist (#6785) * profiles: replace hosts.conf with host.conf in private-etc (#6791) * profiles: makedeb: allow dpkg (#6816) * profiles: kate: fix network access (#6815 #6823) * profiles: keepassxc: add x11 group to private-etc (#6827 #6828) * profiles: allow org.kde.kwalletd6 for Plasma 6 systems (#6819) * profiles: xreader: disable no3d to fix startup (#6829) * profiles: firefox: add alternative tridactylrc path (#6720 #6721) * new profile: ansel (#6751) ------------------------------------------------------------------- Sat Jul 19 11:11:41 UTC 2025 - Sebastian Wagner - update to version 0.9.74: * security: fix sscanf rv checks (CodeQL) (#6184) * feature: private-etc rework: improve handling of /etc/resolv.conf and add * private-etc groups (#6400 #5518 #5608 #5609 #5629 #5638 #5641 #5642 #5643 * #5650 #5681 #5737 #5844 #5989 #6016 #6104 #5655 #6435 #6514 #6515) * feature: Add "keep-shell-rc" command and option (#1127 #5634) * feature: Print the argument when failing with "too long arguments" (#5677) * feature: a random hostname is assigned to each sandbox unless * overwritten using --hostname command * feature: add IPv6 support for --net.print option * feature: QUIC (HTTP/3) support in --nettrace * feature: add seccomp filters for --restrict-namespaces * feature: stats support for --nettrace * feature: add doas support in firecfg and jailcheck (#5899 #5900) * feature: firecfg: add firecfg.d & add ignore command (#2097 #5245 #5876 * #6153 #6268) * feature: expand simple macros in more commands (--chroot= --netfilter= * --netfilter6= --trace=) (#6032 #6109) * feature: add Landlock support (#5269 #6078 #6115 #6125 #6187 #6195 #6200 * #6228 #6260 #6302 #6305) * feature: add support for comm, coredump, and prctl procevents in firemon * (#6414 #6415) * feature: add notpm command & keep tpm devices in private-dev (#6379 #6390) * feature: fshaper.sh: support tc on NixOS (#6426 #6431) * feature: add aarch64 syscalls (#5821 #6574) * feature: add --disable-sandbox-check configure flag (#6592) * feature: block /dev/ntsync & add keep-dev-ntsync command (#6655 #6660) * modif: Stop forwarding own double-dash to the shell (#5599 #5600) * modif: Prevent sandbox name (--name=) and host name (--hostname=) * from containing only digits (#5578 #5741) * modif: Escape control characters of the command line (#5613) * modif: Allow mostly only ASCII letters and digits for sandbox name * (--name=) and host name (--hostname=) (#5708 #5856) * modif: make private-lib a configure-time option, disabled by default (see * --enable-private-lib) (#5727 #5732) * modif: Improve --version/--help & print version on startup (#5829 #6172) * modif: improve errExit error messages (#5871) * modif: drop deprecated 'shell' option references (#5894) * modif: keep pipewire group unless nosound is used (#5992 #5993) * modif: fcopy: use lstat when copying directory (#5378 #5957) * modif: private-dev: keep /dev/kfd unless no3d is used (#6380) * modif: keep /sys/module/nvidia* if prop driver and no no3d (#6372 #6387) * modif: clarify error messages in profile.c (#6605) * modif: keep plugdev group unless nou2f is used (#6664) * removal: firemon: remove --interface option (it duplicates the firejail * --net.print= option) (0e48f99) * removal: remove support for LTS and firetunnel (db09546) * bugfix: fix --hostname and --hosts-file commands * bugfix: fix examples in firejail-local AppArmor profile (#5717) * bugfix: arp.c: ensure positive timeout on select(2) (#5806) * bugfix: Wrong syscall names for s390_pci_mmio_read and s390_pci_mmio_write * (#5965 #5976) * bugfix: firejail --ls reports wrong file sizes for large files (#5982 * #6086) * bugfix: fix startup race condition for /run/firejail directory (#6307) * bugfix: fix various resource leaks (#6367) * bugfix: profstats: fix restrict-namespaces max count (#6369) * bugfix: remove --noautopulse from --help and zsh comp (#6401) * bugfix: parse --debug before using it (#6579) * bugfix: fix possible memory leak in fs_home.c (#6598) * bugfix: do not interact with dbus directory if dbus proxy is disabled * (#6591) * bugfix: firecfg: check full .desktop filename in check_profile() (#6674) * build: auto-generate syntax files (#5627) * build: mark all phony targets as such (#5637) * build: mkdeb.sh: pass all arguments to ./configure (#5654) * build: deb: enable apparmor by default & remove deb-apparmor (#5668) * build: Fix whitespace and add .editorconfig (#5674) * build: remove for loop initial declarations to fix building with old * compilers (#5778) * build: enable compiler warnings by default (#5842) * build: remove -mretpoline and NO_EXTRA_CFLAGS (#5859) * build: disable all built-in implicit make rules (#5864) * build: organize and standardize make vars and targets (#5866) * build: fix seccomp filters and man pages always being rebuilt when running * make (#5156 #5898) * build: fix hardcoded make & remove unnecessary distclean targets (#5911) * build: dist and asc improvements (#5916) * build: fix some shellcheck issues & use config.sh in more scripts (#5927) * build: firecfg.config sorting improvements (#5942) * build: codespell improvements (#5955) * build: add missing makefile dep & syntax improvements (#5956) * build: sort.py: use case-sensitive sorting (#6070) * build: mkrpm.sh: append instead of override configure args (#6126) * build: use CPPFLAGS instead of INCLUDE in compile targets (#6159) * build: use full paths on compile/link targets (#6158) * build: automatically generate header dependencies (#6164) * build: improve main clean target (#6186) * build: mkrpm.sh improvements (#6196) * build: move errExit macro into inline function (#6217) * build: allow overriding certain tools & sync targets with CI (#6222) * build: reduce hardcoding and inconsistencies & add installcheck target * (#6230 #6620) * build: sort.py: filter empty and duplicate items (#6261) * build: fix "warning: "_FORTIFY_SOURCE" redefined" (#6282 #6283) * build: sort.py: add -h/-i/-n/-- options (#6290 #6339 #6562) * build: add strip target and simplify install targets (#6342) * build: remove clean dependency from cppcheck targets (#6343) * build: allow overriding common tools (#6354) * build: standardize install commands (#6366) * build: improve reliability/portability of date command usage (#6403 #6404) * build: sort.py: strip whitespace in profiles (#6556) * build: sort.py: fix whitespace in entire profile (#6593) * build: sort.py: quote diff lines (#6594) * build: remove cppcheck-old target/job (#6676) * ci: always update the package db before installing packages (#5742) * ci: fix codeql unable to download its own bundle (#5783) * ci: split configure/build/install commands on gitlab (#5784) * ci: fix swapped name/email arguments in debian_ci (#5795) * ci: formatting and misc improvements (#5802) * ci: run for every branch instead of just master (#5815) * ci: upgrade debian:stretch to debian:buster (#5818) * ci: standardize apt-get update/install & misc improvements (#5857) * ci: Update step-security/harden-runner and update allowed endpoints (#5953) * ci: whitelist paths, reorganize workflows & speed-up tests (#5960 #6627) * ci: fix dependabot duplicated workflow runs (#5984) * ci: allow running workflows manually (#6026) * ci: add timeout limits (#6178) * ci: make dependabot updates monthly and bump PR limit (#6338) * contrib/syntax: remove 'text/plain' from firejail-profile.lang.in (#6057 * #6059) * contrib/vim: match profile files more broadly (#5850) * contrib/vim: add ftplugin file (based on cfg.vim) (#6680) * test: split individual test groups in github workflows * test: add chroot, appimage and network tests in github workflows * docs: remove apparmor options in --help when building without apparmor * support (#5589) * docs: fix typos (#5693) * docs: markdown formatting and misc improvements (#5757) * docs: add uninstall instructions to README.md (#5812) * docs: add precedence info to manpage & fix noblacklist example (#6358 * #6359) * docs: bug_report.md: use absolute path in 'steps to reproduce' (#6382) * docs: man: format and sort some private- items (#6398) * docs: man: improve blacklist/whitelist examples with spaces (#6425) * docs: add build_issue.md issue template (#6423) * docs: man: sort commands (firejail.1) (#6451) * docs: man: fix bold in command TPs (#6472) * docs: man: fix wrong escapes (#6474) * docs: github: streamline environment in issue templates (#6471 #6607) * docs: fix typos of --enable-selinux configure option (#6526) * docs: clarify intro and build section in README (#6524) * docs: clarify that other tools may not be in PPA (#6407) * docs: use GitHub issues as the bug reporting address (#6525) * docs: update distribution table & add note in SECURITY.md (#6624) * docs: clarify unmaintained status of overlayfs in configure.ac (#6632) * docs: improve whitelist and blacklist descriptions in man pages (#6622) * docs: note that --build may generate a non-functional profile (#6653) * legal: selinux.c: Split Copyright notice & use same license as upstream * (#5667) * profiles: qutebrowser: fix links not opening in the existing instance * (#5601 #5618) * profiles: clarify userns comments (#5686) * profiles: bulk rename electron to electron-common (#5700) * profiles: streamline seccomp socket comment (#5735) * profiles: drop hostname option from all profiles (#5702) * profiles: move read-only config entries to disable-common.inc (#5763) * profiles: standardize on just "GTK" on comments (#5794) * profiles: bleachbit: allow erasing Trash contents (#5337 #5902) * profiles: improvements to profiles using private (#5946) * profiles: standardize commented code and eol comments (#5987) * profiles: disable-common: add more suid programs (#6049 #6051 #6052) * profiles: replace private-opt with whitelist & document private-opt issues * (#6021) * profiles: drop paths already in wusc (#6218) * profiles: deny access to ~/.config/autostart (#6257) * profiles: replace x11 socket blacklist with disable-X11.inc (#6286) * profiles: sort blacklist sections (#6289) * profiles: rename disable-X11.inc to disable-x11.inc (#6294) * profiles: add allow-nodejs.inc to profile.template (#6298) * profiles: add allow-php.inc to profile.template (#6299) * profiles: clarify and add opengl-game to profile.template (#6300) * profiles: allow-ssh: allow /etc/ssh/ssh_revoked_hosts (#6308 #6309) * profiles: libreoffice: support signing documents with GPG (#6352 #6353) * profiles: blacklist i3 IPC socket & dir except for i3 itself (#6361) * profiles: librewolf: add new dbus name (io.gitlab.firefox) (#6413 #6473) * profiles: nextcloud: fix access to ~/Nextcloud (#5877 #6478) * profiles: ssh: add ${RUNUSER}/gvfsd-sftp (#5816 #6479) * profiles: firecfg: disable text editors (#6002 #6477) * profiles: browsers: centralize/sync/improve comments (#6486) * profiles: keepassxc: add new socket location (#5447 #6391) * profiles: signal-desktop: allow org.freedesktop.secrets (#6498) * profiles: firefox-common: allow org.freedesktop.portal.Documents (#6444 * #6499) * profiles: keepassxc: allow access to ssh-agent socket (#3314 #6531) * profiles: firecfg.config: disable dnsmasq (#6533) * profiles: game-launchers: disable nou2f (#6534) * profiles: anki: fix opening, allow media & add to firecfg (#6544 #6545) * profiles: wget: allow ~/.local/share/wget (#6542) * profiles: wget: unify wget2 into wget profile (#6551) * profiles: tesseract: disable private-tmp to fix ocrmypdf (#6550 #6552) * profiles: ensure allow-lua where mpv is allowed (#6555) * profiles: video-players: add missing /usr/share paths (#6557) * profiles: clamav: add /etc/clamav (#6565) * profiles: lutris: add comment for gamescope workaround (#6192) * profiles: disable-common: add bubblejail paths (#6571) * profiles: fix misc in kmail/transmission-qt & add kontact.profile (#5905) * profiles: misc changes and self-ref fixes in ghostwriter/peek (#5648) * profiles: firecfg: fix sha384sum & add b2sum/cksum (#6578) * profiles: refactor com.github.johnfactotum.Foliate into foliate.profile * (#6582) * profiles: anki: fix dark mode detection & misc changes (#6581) * profiles: tor: add memory-deny-write-execute (#6641) * profiles: torbrowser-launcher: move path from dc to dp (#6640) * profiles: ytmdesktop: add redirect & whitelist /opt/ytmdesktop (#6662 * #6666) * profiles: seahorse: add redirect org.gnome.seahorse.Application (#6658 * #6673) * profiles: godot: ignore noexec in home to fix addons (#6686) * new profiles: qpdf and redirects (fix-qdf, qpdf, zlib-flate) (#5675) * new profiles: parsecd (#5646 #5682) * new profiles: lobster (#5706 #5847 #5885 #6155) * new profiles: ani-cli (#5707 #5733 #5892 #5954) * new profiles: discord redirects (DiscordPTB, discord-ptb) (#5729) * new profiles: jami and postman (#5691) * new profiles: mov-cli (#5710) * new profiles: standard-notes (#5761) * new profiles: url-eater (#5780) * new profiles: fbreader redirect (FBReader) (d88c8d4) * new profiles: rssguard (#5881) * new profiles: mullvad-browser (#5887) * new profiles: sniffnet (#5920) * new profiles: daisy (#5935) * new profiles: reader (#5934) * new profiles: journal-viewer (#5943) * new profiles: clac (#5947) * new profiles: blender redirect (blender-3.6) (#6013) * new profiles: fluffychat (#6007) * new profiles: lettura (#6027) * new profiles: brz and bzr (Breezy) (#6028) * new profiles: floorp (#6030 #6683) * new profiles: tidal-hifi (#6008 #6009) * new profiles: termshark (#6039) * new profiles: tiny-rdm (#6083) * new profiles: rawtherapee (#6180) * new profiles: electron-cash (#6181) * new profiles: gnome-boxes (#6226) * new profiles: virt-manager (#6227) * new profiles: ledger-live-desktop (#6219) * new profiles: lz4 and redirects (#6241) * new profiles: qt5ct (#6249) * new profiles: qt6ct (#6250) * new profiles: green-recoder (#6237) * new profiles: bpftop (#6231) * new profiles: erd (#6236) * new profiles: lyriek (#6245) * new profiles: statusof (#6253) * new profiles: cloneit (#6232) * new profiles: deadlink (#6233) * new profiles: dexios (#6234) * new profiles: koreader (#6243) * new profiles: editorconfiger (#6235) * new profiles: localsend_app (#6244) * new profiles: rymdport (#6251) * new profiles: textroom (#6254) * new profiles: tvnamer (#6256) * new profiles: mimetype (#6247) * new profiles: session-desktop (#6259) * new profiles: metadata-cleaner (#6246) * new profiles: tqemu (#6255) * new profiles: gh (GitHub CLI) (#6293) * new profiles: axel (#6315) * new profiles: several kids programs (alienblaster geki2 geki3 lbreakouthd * tuxtype typespeed) (4c5f558) * new profiles: loupe (#6327 #6333) * new profiles: d-spy (#6328) * new profiles: nhex (#6341) * new profiles: armcord (#6365) * new profiles: dtui (#6422) * new profiles: singularity (Endgame: Singularity) (#6463) * new profiles: prismlauncher (#6558) * new profiles: irssi (#6549) * new profiles: syncthing (#6536) * new profiles: obsidian (#6314) * new profiles: b3sum (blake3) (#6577) * new profiles: aria2p/aria2rpc (#6583 #6609) * new profiles: buku (#6584) * new profiles: monero-wallet-cli (#6586) * new profiles: tremc (#6590) * new profiles: device-flasher.linux (CalyxOS) (#6616) * new profiles: hledger/hledger-ui (#6585) * new profiles: ncmpcpp (#6587) * new profiles: pyradio (#6589) * new profiles: vesktop (#6654) * new profiles: nsxiv (#6588) * new profiles: remmina-file-wrapper (#6669) * new profiles: ouch (#6678) * new profiles: xarchiver (#6679) ------------------------------------------------------------------- Thu Jan 9 21:42:45 UTC 2025 - Christian Boltz - Load/reload AppArmor profiles when installing the package (boo#1235142#c1) ------------------------------------------------------------------- Sun Feb 4 19:16:55 UTC 2024 - Arjen de Korte - Use sysuser-tools to generate firejail group ------------------------------------------------------------------- Sun Apr 9 14:43:39 UTC 2023 - Sebastian Wagner - update to version 0.9.72: * modif: move hardcoded apps recognized by default in uiapps file * modif: remove sandbox edit dialog and replace it with uiapps file * feature: added uiapps file for default and user apps configuration * feature: added a system network monitor in sandbox stats * feature: added apparmor support in firejail-ui * feature: added bluetooth support in firejail-ui * feature: print final sandbox configuration in firejail-ui * bugfixes ------------------------------------------------------------------- Tue Jun 14 20:21:18 UTC 2022 - Sebastian Wagner - remove patches fix-internet-access.patch and fix-CVE-2022-31214.patch as they are integrated upstream - update to version 0.9.70: - security: CVE-2022-31214 - root escalation in --join logic - Reported by Matthias Gerstner, working exploit code was provided to our - development team. In the same time frame, the problem was independently - reported by Birk Blechschmidt. Full working exploit code was also provided. - feature: enable shell tab completion with --tab (#4936) - feature: disable user profiles at compile time (#4990) - feature: Allow resolution of .local names with avahi-daemon in the apparmor - profile (#5088) - feature: always log seccomp errors (#5110) - feature: firecfg --guide, guided user configuration (#5111) - feature: --oom, kernel OutOfMemory-killer (#5122) - modif: --ids feature needs to be enabled at compile time (#5155) - modif: --nettrace only available to root user - rework: whitelist restructuring (#4985) - rework: firemon, speed up and lots of fixes - bugfix: --private-cwd not expanding macros, broken hyperrogue (#4910) - bugfix: nogroups + wrc prints confusing messages (#4930 #4933) - bugfix: openSUSE Leap - whitelist-run-common.inc (#4954) - bugfix: fix printing in evince (#5011) - bugfix: gcov: fix gcov functions always declared as dummy (#5028) - bugfix: Stop warning on safe supplementary group clean (#5114) - build: remove ultimately unused INSTALL and RANLIB check macros (#5133) - build: mkdeb.sh.in: pass remaining arguments to ./configure (#5154) - ci: replace centos (EOL) with almalinux (#4912) - ci: fix --version not printing compile-time features (#5147) - ci: print version after install & fix apparmor support on build_apparmor - (#5148) - docs: Refer to firejail.config in configuration files (#4916) - docs: firejail.config: add warning about allow-tray (#4946) - docs: mention that the protocol command accumulates (#5043) - docs: mention inconsistent homedir bug involving --private=dir (#5052) - docs: mention capabilities(7) on --caps (#5078) - new profiles: onionshare, onionshare-cli, opera-developer, songrec - new profiles: node-gyp, npx, semver, ping-hardened - removed profiles: nvm ------------------------------------------------------------------- Wed Jun 8 21:08:03 UTC 2022 - Sebastian Wagner - fix bsc#1199148 CVE-2022-31214 by adding patch fix-CVE-2022-31214.patch using commits from upstream. ------------------------------------------------------------------- Mon Feb 28 19:38:38 UTC 2022 - Sebastian Wagner - add fix-internet-access.patch to fix boo#1196542 ------------------------------------------------------------------- Sun Feb 6 21:09:00 UTC 2022 - Sebastian Wagner - update to firejail 0.9.68: - security: on Ubuntu, the PPA is now recommended over the distro package - (see README.md) (#4748) - security: bugfix: private-cwd leaks access to the entire filesystem - (#4780); reported by Hugo Osvaldo Barrera - feature: remove (some) environment variables with auth-tokens (#4157) - feature: ALLOW_TRAY condition (#4510 #4599) - feature: add basic Firejail support to AppArmor base abstraction (#3226 - #4628) - feature: intrusion detection system (--ids-init, --ids-check) - feature: deterministic shutdown command (--deterministic-exit-code, - --deterministic-shutdown) (#928 #3042 #4635) - feature: noprinters command (#4607 #4827) - feature: network monitor (--nettrace) - feature: network locker (--netlock) (#4848) - feature: whitelist-ro profile command (#4740) - feature: disable pipewire with --nosound (#4855) - feature: Unset TMP if it doesn't exist inside of sandbox (#4151) - feature: Allow apostrophe in whitelist and blacklist (#4614) - feature: AppImage support in --build command (#4878) - modifs: exit code: distinguish fatal signals by adding 128 (#4533) - modifs: firecfg.config is now installed to /etc/firejail/ (#408 #4669) - modifs: close file descriptors greater than 2 (--keep-fd) (#4845) - modifs: nogroups now stopped causing certain system groups to be dropped, - which are now controlled by the relevant "no" options instead (such as - nosound -> drop audio group), which fixes device access issues on systems - not using (e)logind (such as with seatd) (#4632 #4725 #4732 #4851) - removal: --disable-whitelist at compile time - removal: whitelist=yes/no in /etc/firejail/firejail.config - bugfix: Fix sndio support (#4362 #4365) - bugfix: Error mounting tmpfs (MS_REMOUNT flag not being cleared) (#4387) - bugfix: --build clears the environment (#4460 #4467) - bugfix: firejail hangs with net parameter (#3958 #4476) - bugfix: Firejail does not work with a custom hosts file (#2758 #4560) - bugfix: --tracelog and --trace override /etc/ld.so.preload (#4558 #4586) - bugfix: PATH_MAX is undeclared on musl libc (#4578 #4579 #4583 #4606) - bugfix: firejail symlinks are not skipped with private-bin + globs (#4626) - bugfix: Firejail rejects empty arguments (#4395) - bugfix: firecfg does not work with symlinks (discord.desktop) (#4235) - bugfix: Seccomp list output goes to stdout instead of stderr (#4328) - bugfix: private-etc does not work with symlinks (#4887) - bugfix: Hardware key not detected on keepassxc (#4883) - build: allow building with address sanitizer (#4594) - build: Stop linking pthread (#4695) - build: Configure cleanup and improvements (#4712) - ci: add profile checks for sorting disable-programs.inc and - firecfg.config and for the required arguments in private-etc (#2739 #4643) - ci: pin GitHub actions to SHAs and use Dependabot to update them (#4774) - docs: Add new command checklist to CONTRIBUTING.md (#4413) - docs: Rework bug report issue template and add both a question and a - feature request template (#4479 #4515 #4561) - docs: fix contradictory descriptions of machine-id ("preserves" vs - "spoofs") (#4689) - docs: Document that private-bin and private-etc always accumulate (#4078) - new includes: whitelist-run-common.inc (#4288), disable-X11.inc (#4462) - new includes: disable-proc.inc (#4521) - removed includes: disable-passwordmgr.inc (#4454 #4461) - new profiles: microsoft-edge-beta, clion-eap, lifeograph, zim - new profiles: io.github.lainsce.Notejot, rednotebook, gallery-dl - new profiles: yt-dlp, goldendict, goldendict, bundle, cmake - new profiles: make, meson, pip, codium, telnet, ftp, OpenStego - new profiles: imv, retroarch, torbrowser, CachyBrowser, - new profiles: notable, RPCS3, wget2, raincat, conitop, 1passwd, - new profiles: Seafile, neovim, com.github.tchx84.Flatseal ------------------------------------------------------------------- Sun Jul 18 16:45:49 UTC 2021 - Andreas Stieger - firejail 0.9.66: * deprecated --audit options, relpaced by jailcheck utility * deprecated follow-symlink-as-user from firejail.config * new firejail.config settings: private-bin, private-etc * new firejail.config settings: private-opt, private-srv * new firejail.config settings: whitelist-disable-topdir * new firejail.config settings: seccomp-filter-add * removed kcmp syscall from seccomp default filter * rename --noautopulse to keep-config-pulse * filtering environment variables * zsh completion * command line: --mkdir, --mkfile * --protocol now accumulates * jailtest utility for testing running sandboxes * faccessat2 syscall support * --private-dev keeps /dev/input * added --noinput to disable /dev/input * add support for subdirs in --private-etc * subdirs support in private-etc * input devices support in private-dev, --no-input * support trailing comments on profile lines * many new profiles - split shell completion into standard subpackages ------------------------------------------------------------------- Sun Feb 7 23:09:58 UTC 2021 - Илья Индиго - Update to 0.9.64.4: * disabled overlayfs, pending multiple fixes * fixed launch firefox for open url in telegram-desktop.profile ------------------------------------------------------------------- Thu Jan 28 18:35:06 UTC 2021 - Илья Индиго - Update to 0.9.64.2: * allow --tmpfs inside $HOME for unprivileged users * --disable-usertmpfs compile time option * allow AF_BLUETOOTH via --protocol=bluetooth * setup guide for new users: contrib/firejail-welcome.sh * implement netns in profiles * added nolocal6.net IPv6 network filter * new profiles: spectacle, chromium-browser-privacy, gtk-straw-viewer, gtk-youtube-viewer, gtk2-youtube-viewer, gtk3-youtube-viewer, straw-viewer, lutris, dolphin-emu, authenticator-rs, servo, npm, marker, yarn, lsar, unar, agetpkg, mdr, shotwell, qnapi, new profiles: guvcview, pkglog, kdiff3, CoyIM. ------------------------------------------------------------------- Mon Nov 2 19:44:51 UTC 2020 - Sebastian Wagner - packaging fixes ------------------------------------------------------------------- Sun Nov 1 16:58:56 UTC 2020 - Sebastian Wagner - Update to version 0.9.64: * replaced --nowrap option with --wrap in firemon * The blocking action of seccomp filters has been changed from killing the process to returning EPERM to the caller. To get the previous behaviour, use --seccomp-error-action=kill or syscall:kill syntax when constructing filters, or override in /etc/firejail/firejail.config file. * Fine-grained D-Bus sandboxing with xdg-dbus-proxy. xdg-dbus-proxy must be installed, if not D-Bus access will be allowed. With this version nodbus is deprecated, in favor of dbus-user none and dbus-system none and will be removed in a future version. * DHCP client support * firecfg only fix dektop-files if started with sudo * SELinux labeling support * custom 32-bit seccomp filter support * restrict ${RUNUSER} in several profiles * blacklist shells such as bash in several profiles * whitelist globbing * mkdir and mkfile support for /run/user directory * support ignore for include * --include on the command line * splitting up media players whitelists in whitelist-players.inc * new condition: HAS_NOSOUND * new profiles: gfeeds, firefox-x11, tvbrowser, rtv, clipgrab, muraster * new profiles: gnome-passwordsafe, bibtex, gummi, latex, mupdf-x11-curl * new profiles: pdflatex, tex, wpp, wpspdf, wps, et, multimc, mupdf-x11 * new profiles: gnome-hexgl, com.github.johnfactotum.Foliate, mupdf-gl, mutool * new profiles: desktopeditors, impressive, planmaker18, planmaker18free * new profiles: presentations18, presentations18free, textmaker18, teams * new profiles: textmaker18free, xournal, gnome-screenshot, ripperX * new profiles: sound-juicer, com.github.dahenson.agenda, gnome-pomodoro * new profiles: gnome-todo, x2goclient, iagno, kmplayer, penguin-command * new profiles: frogatto, gnome-mines, gnome-nibbles, lightsoff, warmux * new profiles: ts3client_runscript.sh, ferdi, abiword, four-in-a-row * new profiles: gnome-mahjongg, gnome-robots, gnome-sudoku, gnome-taquin * new profiles: gnome-tetravex, blobwars, gravity-beams-and-evaporating-stars * new profiles: hyperrogue, jumpnbump-menu, jumpnbump, magicor, mindless * new profiles: mirrormagic, mrrescue, scorched3d-wrapper, scorchwentbonkers * new profiles: seahorse-adventures, wordwarvi, xbill, gnome-klotski * new profiles: swell-foop, fdns, five-or-more, steam-runtime * new profiles: nicotine, plv, mocp, apostrophe, quadrapassel, dino-im * new profiles: hitori, bijiben, gnote, gnubik, ZeGrapher, xonotic-sdl-wrapper * new profiles: gapplication, openarena_ded, element-desktop, cawbird * new profiles: freetube, strawberry, jitsi-meet-desktop * new profiles: homebank, mattermost-desktop, newsflash, com.gitlab.newsflash * new profiles: sushi, xfce4-screenshooter, org.gnome.NautilusPreviewer, lyx * new profiles: minitube, nuclear, mtpaint, minecraft-launcher, gnome-calendar * new profiles: vmware, git-cola, otter-browser, kazam, menulibre, musictube * new profiles: onboard, fractal, mirage, quaternion, spectral, man, psi * new profiles: smuxi-frontend-gnome, balsa, kube, trojita, youtube * new profiles: youtubemusic-nativefier, cola, dbus-send, notify-send * new profiles: qrencode, ytmdesktop, twitch * new profiles: xournalpp, chromium-freeworld, equalx - remove firejail-0.9.62-fix-usr-etc.patch, included upstream - remove firejail-apparmor-3.0.diff, included upstream ------------------------------------------------------------------- Mon Oct 26 22:34:02 UTC 2020 - Christian Boltz - Add firejail-apparmor-3.0.diff to make the AppArmor profile compatible with AppArmor 3.0 (add missing include ) ------------------------------------------------------------------- Wed Aug 19 06:15:16 UTC 2020 - Paolo Stivanin - Update to 0.9.62.4 * fix AppArmor broken in the previous release * miscellaneous fixes ------------------------------------------------------------------- Thu Aug 13 06:13:57 UTC 2020 - Paolo Stivanin - Update to 0.9.62.2 * fix CVE-2020-17367 * fix CVE-2020-17368 * additional hardening and bug fixes - Remove fix-CVE-2020-17368.patch - Remove fix-CVE-2020-17367.patch ------------------------------------------------------------------- Sat Aug 8 16:56:43 UTC 2020 - Sebastian Wagner - Add patches fix-CVE-2020-17367.patch and fix-CVE-2020-17368.patch to fix CVE-2020-17367 and CVE-2020-17368 and boo#1174986 ------------------------------------------------------------------- Wed Apr 29 11:30:38 UTC 2020 - Michael Vetter - Add firejail-0.9.62-fix-usr-etc.patch: Check /usr/etc not just /etc - Replace python interpreter line in sort.py ------------------------------------------------------------------- Tue Feb 11 22:32:46 UTC 2020 - Marcus Rueckert - update to version 0.9.62 * added file-copy-limit in /etc/firejail/firejail.config * profile templates (/usr/share/doc/firejail) * allow-debuggers support in profiles * several seccomp enhancements * compiler flags autodetection * move chroot entirely from path based to file descriptor based mounts * whitelisting /usr/share in a large number of profiles * new scripts in conrib: gdb-firejail.sh and sort.py * enhancement: whitelist /usr/share in some profiles * added signal mediation to apparmor profile * new conditions: HAS_X11, HAS_NET * new profiles: qgis, klatexformula, klatexformula_cmdl, links, xlinks * new profiles: pandoc, teams-for-linux, OpenArena, gnome-sound-recorder * new profiles: godot, tcpdump, tshark, newsbeuter, keepassxc-cli * new profiles: keepassxc-proxy, rhythmbox-client, jerry, zeal, mpg123 * new profiles: conplay, mpg123.bin, mpg123-alsa, mpg123-id3dump, out123 * new profiles: mpg123-jack, mpg123-nas, mpg123-openal, mpg123-oss * new profiles: mpg123-portaudio, mpg123-pulse, mpg123-strip, pavucontrol-qt * new profiles: gnome-characters, gnome-character-map, rsync, Whalebird, * new profiles: tor-browser (AUR), Zulip, tb-starter-wrapper, bzcat, * new profiles: kiwix-desktop, bzcat, zstd, pzstd, zstdcat, zstdgrep, zstdless * new profiles: zstdmt, unzstd, i2p, ar, gnome-latex, pngquant, kalgebra * new profiles: kalgebramobile, signal-cli, amuled, kfind, profanity * new profiles: audio-recorder, cameramonitor, ddgtk, drawio, unf, gmpc * new profiles: electron-mail, gist, gist-paste ------------------------------------------------------------------- Sun Jun 2 16:30:42 UTC 2019 - Sebastian Wagner - update to version 0.9.60: * security bug reported by Austin Morton: Seccomp filters are copied into /run/firejail/mnt, and are writable within the jail. A malicious process can modify files from inside the jail. Processes that are later joined to the jail will not have seccomp filters applied. CVE-2019-12589 boo#1137139 * memory-deny-write-execute now also blocks memfd_create * add private-cwd option to control working directory within jail * blocking system D-Bus socket with --nodbus * bringing back Centos 6 support * drop support for flatpak/snap packages * new profiles: crow, nyx, mypaint, celluoid, nano, transgui, mpdris2 * new profiles: sysprof, simplescreenrecorder, geekbench, xfce4-mixer * new profiles: pavucontrol, d-feet, seahorse, secret-tool, gnome-keyring * new profiles: regextester, hardinfo, gnome-system-log, gnome-nettool * new profiles: netactview, redshift, devhelp, assogiate, subdownloader * new profiles: font-manager, exfalso, gconf-editor, dconf-editor * new profiles: sysprof-cli, seahorse-tool, secret-tool, dconf, gsettings * new profiles: code-oss, pragha, Maelstrom, ostrichriders, bzflag * new profiles: freeciv, lincity-ng, megaglest, openttd, crawl, crawl-tiles * new profiles: teeworlds, torcs, tremulous, warsow, lugaru, manaplus * new profiles: pioneer, scorched3d, widelands, freemind, kid3, kid3-qt * new profiles: kid3-cli, nomacs, freecol, opencity, openclonk, slashem * new profiles: vultureseye, vulturesclaw, anki, cheese, utox, mp3splt * new profiles: oggsplt, flacsplt, gramps, newsboat, freeoffice-planmaker * new profiles: autokey-gtk, autokey-qt, autokey-run, autokey-shell * new profiles: freeoffice-presentations, freeoffice-textmaker, mp3wrap * new profiles: inkview, meteo-qt, mp3splt-gtk, ktouch, yelp, cantata ------------------------------------------------------------------- Fri Feb 1 07:29:32 UTC 2019 - info@paolostivanin.com - update to version 0.9.58: * --disable-mnt rework * --net.print command * GitLab CI/CD integration: disto specific builds * profile parser enhancements and conditional handling support for HAS_APPIMAGE, HAS_NODBUS, BROWSER_DISABLE_U2F * profile name support * added explicit nonewprivs support to join option * new profiles: QMediathekView, aria2c, Authenticator, checkbashisms * new profiles: devilspie, devilspie2, easystroke, github-desktop, min * new profiles: bsdcat, bsdcpio, bsdtar, lzmadec, lbunzip2, lbzcat * new profiles: lbzip2, lzcat, lzcmp, lzdiff, lzegrep, lzfgrep, lzgrep * new profiles: lzless, lzma, lzmainfo, lzmore, unlzma, unxz, xzcat * new profiles: xzcmp, xzdiff, xzegrep, xzfgrep, xzgrep, xzless, xzmore * new profiles: lzip, artha, nitroshare, nitroshare-cli, nitroshare-nmh * new profiles: nirtoshare-send, nitroshare-ui, mencoder, gnome-pie * new profiles: masterpdfeditor, QOwnNotes, aisleriot, Mendeley * new profiles: feedreader, ocenaudio, mpsyt, thunderbird-wayland * new profiles: supertuxkart, ghostwriter, gajim-history-manager * bugfixes ------------------------------------------------------------------- Sat Sep 22 09:11:21 UTC 2018 - Sebastian Wagner - update to version 0.9.56: * modif: removed CFG_CHROOT_DESKTOP configuration option * modif: removed compile time --enable-network=restricted * modif: removed compile time --disable-bind * modif: --net=none allowed even if networking was disabled at compile time or at run time * modif: allow system users to run the sandbox * support wireless devices in --net option * support tap devices in --net option (tunneling support) * allow IP address configuration if the parent interface specified by --net is not configured (--netmask) * support for firetunnel utility * disable U2F devices (--nou2f) * add --private-cache to support private ~/.cache * support full paths in private-lib * globbing support in private-lib * support for local user directories in firecfg (--bindir) * new profiles: ms-excel, ms-office, ms-onenote, ms-outlook, ms-powerpoint, * new profiles: ms-skype, ms-word, riot-desktop, gnome-mpv, snox, gradio, * new profiles: standardnotes-desktop, shellcheck, patch, flameshot, * new profiles: rview, rvim, vimcat, vimdiff, vimpager, vimtutor, xxd, * new profiles: Beaker, electrum, clamtk, pybitmessage, dig, whois, * new profiles: jdownloader, Fluxbox, Blackbox, Awesome, i3 * new profiles: start-tor-browser.desktop ------------------------------------------------------------------- Tue Sep 11 08:12:48 UTC 2018 - Markos Chandras - Drop ldconfig calls since firejail libraries are installed in their own subdirectory which is not scanned by ldconfig. ------------------------------------------------------------------- Mon Sep 10 08:58:32 UTC 2018 - Markos Chandras - Remove the rpmlintrc file since the warnings are no longer relevant. ------------------------------------------------------------------- Thu Aug 23 19:34:44 UTC 2018 - sebix@sebix.at - Changed the permissions of the firejail executable to 4750. Setuid mode is used, but only allowed for users in the newly created group 'firejail' (boo#1059013). - Update to version 0.9.54: * modif: --force removed * modif: --csh, --zsh removed * modif: --debug-check-filename removed * modif: --git-install and --git-uninstall removed * modif: support for private-bin, private-lib and shell none has been disabled while running AppImage archives in order to be able to use our regular profile files with AppImages. * modif: restrictions for /proc, /sys and /run/user directories are moved from AppArmor profile into firejail executable * modif: unifying Chromium and Firefox browsers profiles. All users of Firefox-based browsers who use addons and plugins that read/write from ${HOME} will need to uncomment the includes for firefox-common-addons.inc in firefox-common.profile. * modif: split disable-devel.inc into disable-devel and disable-interpreters.inc * Firejail user access database (/etc/firejail/firejail.users, man firejail-users) * add --noautopulse to disable automatic ~/.config/pulse (for complex setups) * Spectre mitigation patch for gcc and clang compiler * D-Bus handling (--nodbus) * AppArmor support for overlayfs and chroot sandboxes * AppArmor support for AppImages * Enable AppArmor by default for a large number of programs * firejail --apparmor.print option * firemon --apparmor option * apparmor yes/no flag in /etc/firejail/firejail.config * seccomp syscall list update for glibc 2.26-10 * seccomp disassembler for --seccomp.print option * seccomp machine code optimizer for default seccomp filters * IPv6 DNS support * whitelist support for overlay and chroot sandboxes * private-dev support for overlay and chroot sandboxes * private-tmp support for overlay and chroot sandboxes * added sandbox name support in firemon * firemon/prctl enhancements * noblacklist support for /sys/module directory * whitelist support for /sys/module directory * new profiles: basilisk, Tor Browser language packs, PlayOnLinux, sylpheed, * new profiles: discord-canary, pycharm-community, pycharm-professional, * new profiles: pdfchain, tilp, vivaldi-snapshot, bitcoin-qt, kaffeine, * new profiles: falkon, gnome-builder, asunder, VS Code, gnome-recipes, * new profiles: akonadi_controle, evince-previewer, evince-thumbnailer, * new profiles: blender-2.8, thunderbird-beta, ncdu, gnome-logs, gcloud, * new profiles: musixmatch, gunzip, bunzip2, enchant-lsmod, enchant-lsmod-2, * new profiles: enchant, enchant-2, Discord, acat, adiff, als, apack, * new profiles: arepack, aunpack profiles, ppsspp, scallion, clion, * new profiles: baloo_filemetadata_temp_extractor, AnyDesk, webstorm, xmind, * new profiles: qmmp, sayonara ------------------------------------------------------------------- Wed Dec 13 00:54:11 UTC 2017 - avindra@opensuse.org - Update to version 0.9.52: * New features + systemd-resolved integration + whitelisted /var in most profiles + GTK2, GTK3 and Qt4 private-lib support + --debug-private-lib + test deployment of private-lib for the some apps: evince, galculator, gnome-calculator, leafpad, mousepad, transmission-gtk, xcalc, xmr-stak-cpu, atril, mate-color-select, tar, file, strings, gpicview, eom, eog, gedit, pluma + netfilter template support + various new arguments * --writable-run-user * --rlimit-as * --rlimit-cpu * --timeout * --build (profile build tool) * --netfilter.print * --netfilter6.print * deprecations in modif + --allow-private-blacklists (blacklisting, read-only, read-write, tmpfs and noexec are allowed in private home directories + remount-proc-sys (firejail.config) + follow-symlink-private-bin (firejail.config) + --profile-path * enhancements + support Firejail user config directory in firecfg + disable DBus activation in firecfg + enumerate root directories in apparmor profile + /etc and /usr/share whitelisting support + globbing support for --private-bin * new profiles: upstreamed profiles from 3 sources: + https://github.com/chiraag-nataraj/firejail-profiles + https://github.com/nyancat18/fe + https://aur.archlinux.org/packages/firejail-profiles * new profiles: terasology, surf, rocketchat, clamscan, clamdscan, clamdtop, freshclam, xmr-stak-cpu, amule, ardour4, ardour5, brackets, calligra, calligraauthor, calligraconverter, calligraflow, calligraplan, calligraplanwork, calligrasheets, calligrastage, calligrawords, cin, dooble, dooble-qt4, fetchmail, freecad, freecadcmd, google-earth,imagej, karbon, 1kdenlive, krita, linphone, lmms, macrofusion, mpd, natron, Natron, ricochet, shotcut, teamspeak3, tor, tor-browser-en, Viber, x-terminal-emulator, zart, conky, arch-audit, ffmpeg, bluefish, cinelerra, openshot-qt, pinta, uefitool, aosp, pdfmod, gnome-ring, xcalc, zaproxy, kopete, cliqz, signal-desktop, kget, nheko, Enpass, kwin_x11, krunner, ping, bsdtar, makepkg (Arch), archaudit-report cower (Arch), kdeinit4 - Add full link to source tarball from sourceforge - Add asc file ------------------------------------------------------------------- Sat Sep 9 14:40:29 UTC 2017 - aavindraa@gmail.com - Update to version 0.9.50: * New features: - per-profile disable-mnt (--disable-mnt) - per-profile support to set X11 Xephyr screen size (--xephyr-screen) - private /lib directory (--private-lib) - disable CDROM/DVD drive (--nodvd) - disable DVB devices (--notv) - --profile.print * modif: --output split in two commands, --output and --output-stderr * set xpra-attach yes in /etc/firejail/firejail.config * Enhancements: - print all seccomp filters under --debug - /proc/sys mounting - rework IP address assingment for --net options - support for newer Xpra versions (2.1+) - - all profiles use a standard layout style - create /usr/local for firecfg if the directory doesn't exist - allow full paths in --private-bin * New seccomp features: - --memory-deny-write-execute - seccomp post-exec - block secondary architecture (--seccomp.block_secondary) - seccomp syscall groups - print all seccomp filters under --debug - default seccomp list update * new profiles: curl, mplayer2, SMPlayer, Calibre, ebook-viewer, KWrite, Geary, Liferea, peek, silentarmy, IntelliJ IDEA, Android Studio, electron, riot-web, Extreme Tux Racer, Frozen Bubble, Open Invaders, Pingus, Simutrans, SuperTux telegram-desktop, arm, rambox, apktool, baobab, dex2jar, gitg, hashcat, obs, picard, remmina, sdat2img, soundconverter truecraft, gnome-twitch, tuxguitar, musescore, neverball sqlitebrowse, Yandex Browser, minetest ------------------------------------------------------------------- Tue Aug 15 15:47:49 CEST 2017 - tiwai@suse.de - Update to version 0.9.48: * modifs: whitelisted Transmission, Deluge, qBitTorrent, KTorrent; please use ~/Downloads directory for saving files * modifs: AppArmor made optional; a warning is printed on the screen if the sandbox fails to load the AppArmor profile * feature: --novideo * feature: drop discretionary access control capabilities for root sandboxes * feature: added /etc/firejail/globals.local for global customizations * feature: profile support in overlayfs mode * new profiles: vym, darktable, Waterfox, digiKam, Catfish, HandBrake * bugfixes ------------------------------------------------------------------- Mon Jan 16 16:33:59 CET 2017 - tiwai@suse.de - Update to version 0.9.44.4: * --bandwidth root shell found by Martin Carpenter (CVE-2017-5207) * disabled --allow-debuggers when running on kernel versions prior to 4.8; a kernel bug in ptrace system call allows a full bypass of seccomp filter; problem reported by Lizzie Dixon (CVE-2017-5206) * root exploit found by Sebastian Krahmer (CVE-2017-5180) - Update to version 0.9.44.6: * new fix for CVE-2017-5180 reported by Sebastian Krahmer last week * major cleanup of file copying code * tightening the rules for --chroot and --overlay features * ported Gentoo compile patch * Nvidia drivers bug in --private-dev * fix ASSERT_PERMS_FD macro * allow local customization using .local files under /etc/firejail backported from our development branch * spoof machine-id backported from our development branch - Remove obsoleted patches: firejail-CVE-2017-5180-fix1.patch firejail-CVE-2017-5180-fix2.patch ------------------------------------------------------------------- Thu Jan 5 10:38:43 CET 2017 - tiwai@suse.de - Update to version 0.9.44.2: Security fixes: * overwrite /etc/resolv.conf found by Martin Carpenter * TOCTOU exploit for –get and –put found by Daniel Hodson * invalid environment exploit found by Martin Carpenter * several security enhancements Bugfixes: * crashing VLC by pressing Ctrl-O * use user configured icons in KDE * mkdir and mkfile are not applied to private directories * cannot open files on Deluge running under KDE * –private=dir where dir is the user home directory * cannot start Vivaldi browser * cannot start mupdf * ssh profile problems * –quiet * quiet in git profile * memory corruption - Fix VUL-0: local root exploit (CVE-2017-5180,bsc#1018259): firejail-CVE-2017-5180-fix1.patch firejail-CVE-2017-5180-fix2.patch ------------------------------------------------------------------- Thu Oct 27 17:49:48 CEST 2016 - tiwai@suse.de - Update to version 0.9.44: * CVE-2016-7545 submitted by Aleksey Manevich Modifications: * removed man firejail-config * –private-tmp whitelists /tmp/.X11-unix directory * Nvidia drivers added to –private-dev * /srv supported by –whitelist New features: * allow user access to /sys/fs (–noblacklist=/sys/fs) * support starting/joining sandbox is a single command (–join-or-start) * X11 detection support for –audit * assign a name to the interface connected to the bridge (–veth-name) * all user home directories are visible (–allusers) * add files to sandbox container (–put) * blocking x11 (–x11=block) * X11 security extension (–x11=xorg) * disable 3D hardware acceleration (–no3d) * x11 xpra, x11 xephyr, x11 block, allusers, no3d profile commands * move files in sandbox (–put) * accept wildcard patterns in user name field of restricted shell login feature New profiles: * qpdfview, mupdf, Luminance HDR, Synfig Studio, Gimp, Inkscape * feh, ranger, zathura, 7z, keepass, keepassx, * claws-mail, mutt, git, emacs, vim, xpdf, VirtualBox, OpenShot * Flowblade, Eye of GNOME (eog), Evolution ------------------------------------------------------------------- Fri Sep 30 10:56:58 CEST 2016 - tiwai@suse.de - Update to version 0.9.42: Security fixes: * –whitelist deleted files * disable x32 ABI in seccomp * tighten –chroot * terminal sandbox escape * several TOCTOU fixes Behavior changes: * bringing back –private-home option * deprecated –user option, please use “sudo -u username firejail” * allow symlinks in home directory for –whitelist option * Firejail prompt is enabled by env variable FIREJAIL_PROMPT=”yes” * recursive mkdir * include /dev/snd in –private-dev * seccomp filter update * release archives moved to .xz format New features: * AppImage support (–appimage) * AppArmor support (–apparmor) * Ubuntu snap support (/etc/firejail/snap.profile) * Sandbox auditing support (–audit) * remove environment variable (–rmenv) * noexec support (–noexec) * clean local overlay storage directory (–overlay-clean) * store and reuse overlay (–overlay-named) * allow debugging inside the sandbox with gdb and strace (–allow-debuggers) * mkfile profile command * quiet profile command * x11 profile command * option to fix desktop files (firecfg –fix) Build options: * Busybox support (–enable-busybox-workaround) * disable overlayfs (–disable-overlayfs) * disable whitlisting (–disable-whitelist) * disable global config (–disable-globalcfg) Runtime options: * enable/disable overlayfs (overlayfs yes/no) * enable/disable quiet as default (quiet-by-default yes/no) * user-defined network filter (netfilter-default) * enable/disable whitelisting (whitelist yes/no) * enable/disable remounting of /proc and /sys (remount-proc-sys yes/no) * enable/disable chroot desktop features (chroot-desktop yes/no) New/updated profiels: * Gitter, gThumb, mpv, Franz messenger, LibreOffice * pix, audacity, xz, xzdec, gzip, cpio, less * Atom Beta, Atom, jitsi, eom, uudeview * tar (gtar), unzip, unrar, file, skypeforlinux, * inox, Slack, gnome-chess. Gajim IM client, DOSBox - Enable apparmor support ------------------------------------------------------------------- Wed Jun 8 15:20:43 CEST 2016 - tiwai@suse.de - Update to version 0.9.40: * Added firecfg utility * New options: -nice, -cpu.print, -writable-etc, -writable-var, -read-only * X11 support: -x11 option (-x11=xpra, -x11=xephr) * Filetransfer options: –ls and –get * Added mkdir, ipc-namespace, and nosound profile commands * added net, ip, defaultgw, ip6, mac, mtu and iprange profile commands * Run time config support, man firejail-config * AppArmor fixes * Default seccomp filter update * Disable STUN/WebRTC in default netfilter configuration * Lots of new profiles ------------------------------------------------------------------- Tue May 17 17:13:03 CEST 2016 - tiwai@suse.de - initial package: 0.9.38