pool/firejail
SHA256
3
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
c5bd94cd19
firejail/firejail.changes
Ismail Dönmez c5bd94cd19 Accepting request 437560 from home:tiwai:branches:Virtualization 
- Update to version 0.9.44:
  * CVE-2016-7545 submitted by Aleksey Manevich
  Modifications:
  * removed man firejail-config
  * –private-tmp whitelists /tmp/.X11-unix directory
  * Nvidia drivers added to –private-dev
  * /srv supported by –whitelist
  New features:
  * allow user access to /sys/fs (–noblacklist=/sys/fs)
  * support starting/joining sandbox is a single command (–join-or-start)
  * X11 detection support for –audit
  * assign a name to the interface connected to the bridge (–veth-name)
  * all user home directories are visible (–allusers)
  * add files to sandbox container (–put)
  * blocking x11 (–x11=block)
  * X11 security extension (–x11=xorg)
  * disable 3D hardware acceleration (–no3d)
  * x11 xpra, x11 xephyr, x11 block, allusers, no3d profile commands
  * move files in sandbox (–put)
  * accept wildcard patterns in user name field of restricted shell login feature
  New profiles:
  * qpdfview, mupdf, Luminance HDR, Synfig Studio, Gimp, Inkscape
  * feh, ranger, zathura, 7z, keepass, keepassx,
  * claws-mail, mutt, git, emacs, vim, xpdf, VirtualBox, OpenShot
  * Flowblade, Eye of GNOME (eog), Evolution

OBS-URL: https://build.opensuse.org/request/show/437560
OBS-URL: https://build.opensuse.org/package/show/Virtualization/firejail?expand=0&rev=4
2016-11-03 08:20:46 +00:00

106 lines
4.1 KiB
Plaintext
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

-------------------------------------------------------------------
Thu Oct 27 17:49:48 CEST 2016 - tiwai@suse.de
- Update to version 0.9.44:
* CVE-2016-7545 submitted by Aleksey Manevich
Modifications:
* removed man firejail-config
* private-tmp whitelists /tmp/.X11-unix directory
* Nvidia drivers added to private-dev
* /srv supported by whitelist
New features:
* allow user access to /sys/fs (noblacklist=/sys/fs)
* support starting/joining sandbox is a single command (join-or-start)
* X11 detection support for audit
* assign a name to the interface connected to the bridge (veth-name)
* all user home directories are visible (allusers)
* add files to sandbox container (put)
* blocking x11 (x11=block)
* X11 security extension (x11=xorg)
* disable 3D hardware acceleration (no3d)
* x11 xpra, x11 xephyr, x11 block, allusers, no3d profile commands
* move files in sandbox (put)
* accept wildcard patterns in user name field of restricted shell login feature
New profiles:
* qpdfview, mupdf, Luminance HDR, Synfig Studio, Gimp, Inkscape
* feh, ranger, zathura, 7z, keepass, keepassx,
* claws-mail, mutt, git, emacs, vim, xpdf, VirtualBox, OpenShot
* Flowblade, Eye of GNOME (eog), Evolution
-------------------------------------------------------------------
Fri Sep 30 10:56:58 CEST 2016 - tiwai@suse.de
- Update to version 0.9.42:
Security fixes:
* whitelist deleted files
* disable x32 ABI in seccomp
* tighten chroot
* terminal sandbox escape
* several TOCTOU fixes
Behavior changes:
* bringing back private-home option
* deprecated user option, please use “sudo -u username firejail”
* allow symlinks in home directory for whitelist option
* Firejail prompt is enabled by env variable FIREJAIL_PROMPT=”yes”
* recursive mkdir
* include /dev/snd in private-dev
* seccomp filter update
* release archives moved to .xz format
New features:
* AppImage support (appimage)
* AppArmor support (apparmor)
* Ubuntu snap support (/etc/firejail/snap.profile)
* Sandbox auditing support (audit)
* remove environment variable (rmenv)
* noexec support (noexec)
* clean local overlay storage directory (overlay-clean)
* store and reuse overlay (overlay-named)
* allow debugging inside the sandbox with gdb and strace (allow-debuggers)
* mkfile profile command
* quiet profile command
* x11 profile command
* option to fix desktop files (firecfg fix)
Build options:
* Busybox support (enable-busybox-workaround)
* disable overlayfs (disable-overlayfs)
* disable whitlisting (disable-whitelist)
* disable global config (disable-globalcfg)
Runtime options:
* enable/disable overlayfs (overlayfs yes/no)
* enable/disable quiet as default (quiet-by-default yes/no)
* user-defined network filter (netfilter-default)
* enable/disable whitelisting (whitelist yes/no)
* enable/disable remounting of /proc and /sys (remount-proc-sys yes/no)
* enable/disable chroot desktop features (chroot-desktop yes/no)
New/updated profiels:
* Gitter, gThumb, mpv, Franz messenger, LibreOffice
* pix, audacity, xz, xzdec, gzip, cpio, less
* Atom Beta, Atom, jitsi, eom, uudeview
* tar (gtar), unzip, unrar, file, skypeforlinux,
* inox, Slack, gnome-chess. Gajim IM client, DOSBox
- Enable apparmor support
-------------------------------------------------------------------
Wed Jun 8 15:20:43 CEST 2016 - tiwai@suse.de
- Update to version 0.9.40:
* Added firecfg utility
* New options: -nice, -cpu.print, -writable-etc, -writable-var,
-read-only
* X11 support: -x11 option (-x11=xpra, -x11=xephr)
* Filetransfer options: ls and get
* Added mkdir, ipc-namespace, and nosound profile commands
* added net, ip, defaultgw, ip6, mac, mtu and iprange profile
commands
* Run time config support, man firejail-config
* AppArmor fixes
* Default seccomp filter update
* Disable STUN/WebRTC in default netfilter configuration
* Lots of new profiles
-------------------------------------------------------------------
Tue May 17 17:13:03 CEST 2016 - tiwai@suse.de
- initial package: 0.9.38
Reference in New Issue View Git Blame Copy Permalink