Accepting request 431498 from home:tiwai:branches:Virtualization

- Update to version 0.9.42: Security fixes: * –whitelist deleted files * disable x32 ABI in seccomp * tighten –chroot * terminal sandbox escape * several TOCTOU fixes Behavior changes: * bringing back –private-home option * deprecated –user option, please use “sudo -u username firejail” * allow symlinks in home directory for –whitelist option * Firejail prompt is enabled by env variable FIREJAIL_PROMPT=”yes” * recursive mkdir * include /dev/snd in –private-dev * seccomp filter update * release archives moved to .xz format New features: * AppImage support (–appimage) * AppArmor support (–apparmor) * Ubuntu snap support (/etc/firejail/snap.profile) * Sandbox auditing support (–audit) * remove environment variable (–rmenv) * noexec support (–noexec) * clean local overlay storage directory (–overlay-clean) * store and reuse overlay (–overlay-named) * allow debugging inside the sandbox with gdb and strace (–allow-debuggers) * mkfile profile command * quiet profile command * x11 profile command * option to fix desktop files (firecfg –fix) OBS-URL: https://build.opensuse.org/request/show/431498 OBS-URL: https://build.opensuse.org/package/show/Virtualization/firejail?expand=0&rev=3
2016-10-13 08:58:49 +00:00 · 2016-10-13 08:58:49 +00:00 · 555d6e90b4
commit 555d6e90b4
parent c0b4cdac0f
4 changed files with 62 additions and 6 deletions
--- a/firejail-0.9.40.tar.bz2
+++ b/firejail-0.9.40.tar.bz2
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:49ed9c76fb77bf71543f0e6cacf9491f8280ae5602ecf805b57a011b528222b6
-size 197184
--- a/firejail-0.9.42.tar.xz
+++ b/firejail-0.9.42.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:4f3bceee973b84fdf13a5d5ab0060d140ecc8e42c19c945e7fb93f0fd8499b47
+size 204608
--- a/firejail.changes
+++ b/firejail.changes
@ -1,3 +1,56 @@
+-------------------------------------------------------------------
+Fri Sep 30 10:56:58 CEST 2016 - tiwai@suse.de
+
+- Update to version 0.9.42:
+  Security fixes:
+  * –whitelist deleted files
+  * disable x32 ABI in seccomp
+  * tighten –chroot
+  * terminal sandbox escape
+  * several TOCTOU fixes
+  Behavior changes:
+  * bringing back –private-home option
+  * deprecated –user option, please use “sudo -u username firejail”
+  * allow symlinks in home directory for –whitelist option
+  * Firejail prompt is enabled by env variable FIREJAIL_PROMPT=”yes”
+  * recursive mkdir
+  * include /dev/snd in –private-dev
+  * seccomp filter update
+  * release archives moved to .xz format
+  New features:
+  * AppImage support (–appimage)
+  * AppArmor support (–apparmor)
+  * Ubuntu snap support (/etc/firejail/snap.profile)
+  * Sandbox auditing support (–audit)
+  * remove environment variable (–rmenv)
+  * noexec support (–noexec)
+  * clean local overlay storage directory (–overlay-clean)
+  * store and reuse overlay (–overlay-named)
+  * allow debugging inside the sandbox with gdb and strace (–allow-debuggers)
+  * mkfile profile command
+  * quiet profile command
+  * x11 profile command
+  * option to fix desktop files (firecfg –fix)
+  Build options:
+  * Busybox support (–enable-busybox-workaround)
+  * disable overlayfs (–disable-overlayfs)
+  * disable whitlisting (–disable-whitelist)
+  * disable global config (–disable-globalcfg)
+  Runtime options:
+  * enable/disable overlayfs (overlayfs yes/no)
+  * enable/disable quiet as default (quiet-by-default yes/no)
+  * user-defined network filter (netfilter-default)
+  * enable/disable whitelisting (whitelist yes/no)
+  * enable/disable remounting of /proc and /sys (remount-proc-sys yes/no)
+  * enable/disable chroot desktop features (chroot-desktop yes/no)
+  New/updated profiels:
+  * Gitter, gThumb, mpv, Franz messenger, LibreOffice
+  * pix, audacity, xz, xzdec, gzip, cpio, less
+  * Atom Beta, Atom, jitsi, eom, uudeview
+  * tar (gtar), unzip, unrar, file, skypeforlinux,
+  * inox, Slack, gnome-chess. Gajim IM client, DOSBox
+- Enable apparmor support
+
 -------------------------------------------------------------------
 Wed Jun  8 15:20:43 CEST 2016 - tiwai@suse.de

--- a/firejail.spec
+++ b/firejail.spec
@ -17,14 +17,15 @@


 Name:           firejail
-Version:        0.9.40
+Version:        0.9.42
 Release:        0
 Summary:        Linux namepaces sandbox program
 License:        GPL-2.0
 Group:          Productivity/Security
 Url:            https://firejail.wordpress.com/
-Source0:        %{name}-%{version}.tar.bz2
+Source0:        %{name}-%{version}.tar.xz
 Source1:        %{name}.rpmlintrc
+BuildRequires:  libapparmor-devel
 BuildRequires:  gcc-c++
 Requires(pre):  permissions

@ -41,7 +42,8 @@ Linux namespace support. It supports sandboxing specific users upon login.
 %setup -q

 %build
-%configure --docdir=%{_docdir}/%{name}
+%configure --docdir=%{_docdir}/%{name} \
+	   --enable-apparmor
 make %{?_smp_mflags} VERBOSE=1

 %install
@ -68,5 +70,6 @@ make %{?_smp_mflags} DESTDIR=%{buildroot} install
 %{_mandir}/man5/*
 %dir %{_sysconfdir}/%{name}
 %config %{_sysconfdir}/%{name}/*
+/etc/apparmor.d

 %changelog