diff --git a/firejail-0.9.40.tar.bz2 b/firejail-0.9.40.tar.bz2 deleted file mode 100644 index 6861e88..0000000 --- a/firejail-0.9.40.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:49ed9c76fb77bf71543f0e6cacf9491f8280ae5602ecf805b57a011b528222b6 -size 197184 diff --git a/firejail-0.9.42.tar.xz b/firejail-0.9.42.tar.xz new file mode 100644 index 0000000..e30b92d --- /dev/null +++ b/firejail-0.9.42.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:4f3bceee973b84fdf13a5d5ab0060d140ecc8e42c19c945e7fb93f0fd8499b47 +size 204608 diff --git a/firejail.changes b/firejail.changes index 18f352a..e258bd7 100644 --- a/firejail.changes +++ b/firejail.changes @@ -1,3 +1,56 @@ +------------------------------------------------------------------- +Fri Sep 30 10:56:58 CEST 2016 - tiwai@suse.de + +- Update to version 0.9.42: + Security fixes: + * –whitelist deleted files + * disable x32 ABI in seccomp + * tighten –chroot + * terminal sandbox escape + * several TOCTOU fixes + Behavior changes: + * bringing back –private-home option + * deprecated –user option, please use “sudo -u username firejail” + * allow symlinks in home directory for –whitelist option + * Firejail prompt is enabled by env variable FIREJAIL_PROMPT=”yes” + * recursive mkdir + * include /dev/snd in –private-dev + * seccomp filter update + * release archives moved to .xz format + New features: + * AppImage support (–appimage) + * AppArmor support (–apparmor) + * Ubuntu snap support (/etc/firejail/snap.profile) + * Sandbox auditing support (–audit) + * remove environment variable (–rmenv) + * noexec support (–noexec) + * clean local overlay storage directory (–overlay-clean) + * store and reuse overlay (–overlay-named) + * allow debugging inside the sandbox with gdb and strace (–allow-debuggers) + * mkfile profile command + * quiet profile command + * x11 profile command + * option to fix desktop files (firecfg –fix) + Build options: + * Busybox support (–enable-busybox-workaround) + * disable overlayfs (–disable-overlayfs) + * disable whitlisting (–disable-whitelist) + * disable global config (–disable-globalcfg) + Runtime options: + * enable/disable overlayfs (overlayfs yes/no) + * enable/disable quiet as default (quiet-by-default yes/no) + * user-defined network filter (netfilter-default) + * enable/disable whitelisting (whitelist yes/no) + * enable/disable remounting of /proc and /sys (remount-proc-sys yes/no) + * enable/disable chroot desktop features (chroot-desktop yes/no) + New/updated profiels: + * Gitter, gThumb, mpv, Franz messenger, LibreOffice + * pix, audacity, xz, xzdec, gzip, cpio, less + * Atom Beta, Atom, jitsi, eom, uudeview + * tar (gtar), unzip, unrar, file, skypeforlinux, + * inox, Slack, gnome-chess. Gajim IM client, DOSBox +- Enable apparmor support + ------------------------------------------------------------------- Wed Jun 8 15:20:43 CEST 2016 - tiwai@suse.de diff --git a/firejail.spec b/firejail.spec index e088f8f..dea6a28 100644 --- a/firejail.spec +++ b/firejail.spec @@ -17,14 +17,15 @@ Name: firejail -Version: 0.9.40 +Version: 0.9.42 Release: 0 Summary: Linux namepaces sandbox program License: GPL-2.0 Group: Productivity/Security Url: https://firejail.wordpress.com/ -Source0: %{name}-%{version}.tar.bz2 +Source0: %{name}-%{version}.tar.xz Source1: %{name}.rpmlintrc +BuildRequires: libapparmor-devel BuildRequires: gcc-c++ Requires(pre): permissions @@ -41,7 +42,8 @@ Linux namespace support. It supports sandboxing specific users upon login. %setup -q %build -%configure --docdir=%{_docdir}/%{name} +%configure --docdir=%{_docdir}/%{name} \ + --enable-apparmor make %{?_smp_mflags} VERBOSE=1 %install @@ -68,5 +70,6 @@ make %{?_smp_mflags} DESTDIR=%{buildroot} install %{_mandir}/man5/* %dir %{_sysconfdir}/%{name} %config %{_sysconfdir}/%{name}/* +/etc/apparmor.d %changelog