From c5bd94cd19b210adb686a2aede9a67c967f6eebc43957c557b966b5136b41404 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ismail=20D=C3=B6nmez?= Date: Thu, 3 Nov 2016 08:20:46 +0000 Subject: [PATCH] Accepting request 437560 from home:tiwai:branches:Virtualization MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Update to version 0.9.44: * CVE-2016-7545 submitted by Aleksey Manevich Modifications: * removed man firejail-config * –private-tmp whitelists /tmp/.X11-unix directory * Nvidia drivers added to –private-dev * /srv supported by –whitelist New features: * allow user access to /sys/fs (–noblacklist=/sys/fs) * support starting/joining sandbox is a single command (–join-or-start) * X11 detection support for –audit * assign a name to the interface connected to the bridge (–veth-name) * all user home directories are visible (–allusers) * add files to sandbox container (–put) * blocking x11 (–x11=block) * X11 security extension (–x11=xorg) * disable 3D hardware acceleration (–no3d) * x11 xpra, x11 xephyr, x11 block, allusers, no3d profile commands * move files in sandbox (–put) * accept wildcard patterns in user name field of restricted shell login feature New profiles: * qpdfview, mupdf, Luminance HDR, Synfig Studio, Gimp, Inkscape * feh, ranger, zathura, 7z, keepass, keepassx, * claws-mail, mutt, git, emacs, vim, xpdf, VirtualBox, OpenShot * Flowblade, Eye of GNOME (eog), Evolution OBS-URL: https://build.opensuse.org/request/show/437560 OBS-URL: https://build.opensuse.org/package/show/Virtualization/firejail?expand=0&rev=4 --- firejail-0.9.42.tar.xz | 3 --- firejail-0.9.44.tar.xz | 3 +++ firejail.changes | 29 +++++++++++++++++++++++++++++ firejail.spec | 2 +- 4 files changed, 33 insertions(+), 4 deletions(-) delete mode 100644 firejail-0.9.42.tar.xz create mode 100644 firejail-0.9.44.tar.xz diff --git a/firejail-0.9.42.tar.xz b/firejail-0.9.42.tar.xz deleted file mode 100644 index e30b92d..0000000 --- a/firejail-0.9.42.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:4f3bceee973b84fdf13a5d5ab0060d140ecc8e42c19c945e7fb93f0fd8499b47 -size 204608 diff --git a/firejail-0.9.44.tar.xz b/firejail-0.9.44.tar.xz new file mode 100644 index 0000000..0c5a229 --- /dev/null +++ b/firejail-0.9.44.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:2cd8ba061a546b593e52748ebbcd8dbdac55973aaeff21250ada43fe3405992c +size 212532 diff --git a/firejail.changes b/firejail.changes index e258bd7..349cf00 100644 --- a/firejail.changes +++ b/firejail.changes @@ -1,3 +1,32 @@ +------------------------------------------------------------------- +Thu Oct 27 17:49:48 CEST 2016 - tiwai@suse.de + +- Update to version 0.9.44: + * CVE-2016-7545 submitted by Aleksey Manevich + Modifications: + * removed man firejail-config + * –private-tmp whitelists /tmp/.X11-unix directory + * Nvidia drivers added to –private-dev + * /srv supported by –whitelist + New features: + * allow user access to /sys/fs (–noblacklist=/sys/fs) + * support starting/joining sandbox is a single command (–join-or-start) + * X11 detection support for –audit + * assign a name to the interface connected to the bridge (–veth-name) + * all user home directories are visible (–allusers) + * add files to sandbox container (–put) + * blocking x11 (–x11=block) + * X11 security extension (–x11=xorg) + * disable 3D hardware acceleration (–no3d) + * x11 xpra, x11 xephyr, x11 block, allusers, no3d profile commands + * move files in sandbox (–put) + * accept wildcard patterns in user name field of restricted shell login feature + New profiles: + * qpdfview, mupdf, Luminance HDR, Synfig Studio, Gimp, Inkscape + * feh, ranger, zathura, 7z, keepass, keepassx, + * claws-mail, mutt, git, emacs, vim, xpdf, VirtualBox, OpenShot + * Flowblade, Eye of GNOME (eog), Evolution + ------------------------------------------------------------------- Fri Sep 30 10:56:58 CEST 2016 - tiwai@suse.de diff --git a/firejail.spec b/firejail.spec index dea6a28..0d2f282 100644 --- a/firejail.spec +++ b/firejail.spec @@ -17,7 +17,7 @@ Name: firejail -Version: 0.9.42 +Version: 0.9.44 Release: 0 Summary: Linux namepaces sandbox program License: GPL-2.0