Accepting request 1298122 from Virtualization

Automatic submission by obs-autosubmit

OBS-URL: https://build.opensuse.org/request/show/1298122
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/firejail?expand=0&rev=22

firejail-0.9.72.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:82e177c48cfc87f62b088b55efc53ff4612b9740aab5ea35cbf2395e83efe7f4
-size 503192

firejail-0.9.72.tar.xz.asc

@@ -1,11 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQEzBAABCgAdFiEE+VEWSZX1xABqc0EeLMs2rfxYSacFAmPFc+MACgkQLMs2rfxY
-SacfywgAnwZQTaBTK/bwUgcu3vBeptFtmiAgCRYSbabCXoX2HvssAO3h5Jk8Vxt7
-nsauL0Opxw01yocAXD03aS9ShMSB5zzhbk+Svlu6yieIvw4mYCyZbho4baAZA83H
-Q7V+HH3CEN1fyRwyA8gcYqEjdrf9fd6EbzoOkokTfg98b+hx5ad08o652G8X3GHI
-aYV+Gdc5NJ2ChRo07XeeIfIHHfIBWWrcxhXGhvWHovNaqA0+h+vAZ4RvLvY2pd3J
-yq0r+68NciUsoOyJBQvopmFG/xH+fRBDgbui8JP3tyoUr/82BEgPpA89rUiGrft3
-lvssRZ9TsjS7lbpd/YdEXqqE/aQcQg==
-=skSG
------END PGP SIGNATURE-----

firejail-0.9.76.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:6bfaa57e10897f65cc1183b330974d555669d888d6897c7a8739bb1d334d9e4a
+size 526972

firejail-0.9.76.tar.xz.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEY5X8mRHtzWFYcS33ut/Kvdv1tpQFAmiKA18ACgkQut/Kvdv1
+tpSmcRAAurqnD9PuMkWK7jM3TDYoDejnBNcMeTl5FC1UwraIAcY0/3EREMcu33Sc
+rMsvgtuQqTU2p6VfNCEld0w35tJQ3GSjQqGxsamS3EZm7KI8tsVVzRPHD7kj06np
+Pd0dgC1yCUs5m6oAP1E9oQyzLS14i8uqmAV/dklYGjMSrzGGvdZZ0e4zklycXYUa
+frSAE/Xo8ZoVAwc5JdC7wlkQySRAyNMfJFQFDASo5k0qN2g+MLtlnAsyDiGMWzg2
+NEJMM1esA8S9zIjVt0sZl9NNo3NmxKqHDD9TKF5vV2utoIK+Xld/ESQMZy1rRmRj
+RqCUGoUgEEWEsNjpI3yuSjZtOQ8Cr28MDgYxZlzdnxuQbedd4Q8bRG84gPpNr9EV
+OHMUcSpKlQAJ8mtvw7MKNOni9LaSWxX7wS6hy/hL/09gaFLBNgZerFOmKHiS1BvV
+3iUAQ2CLZhkgbHKXFOFCb15usDh87PesSLaF7PNjRHkaykwFtUzlnaBcqeO7dmKM
+JLtBHS1XH+6bk1Uvhn59Bftnke7WtWl+rZfftbhOeVKm+YkRGrnE5yTm5RvHCiHs
+iUIuGCbw89tGKYlSyABGk1jOL+LpixsfJOr+Hb8gRVo4fkk8maRG1Kh6Vcl3yhfI
+v2kO9hFkcU2N0NuLCiZZFmGmFwF8KLQAqKy6DwyE6rRoIJhNZY4=
+=fekR
+-----END PGP SIGNATURE-----

firejail.changes

@@ -1,3 +1,361 @@
+-------------------------------------------------------------------
+Thu Jul 31 10:43:14 UTC 2025 - Sebastian Wagner <sebix@sebix.at>
+
+- add new additional signing key support+releasesigning@divested.dev 6395FC9911EDCD6158712DF7BADFCABDDBF5B694
+- Update to version 0.9.76:
+ * feature: use globbing in hardcoded numbered /dev paths (#2723 #6704)
+ * feature: add warn command (#6710)
+ * feature: use non-blocking flock calls (#6761)
+ * modif: block TPM devices & turn notpm command into keep-dev-tpm (#6698)
+ * modif: improve error messages in mountinfo.c (#6711)
+ * modif: use "Error:" in errExit message (#6716)
+ * modif: keep tss group if keep-dev-tpm is used (#6718)
+ * modif: keep /dev/tpmrm devices if keep-dev-tpm is used (#6719)
+ * modif: keep tcm/tcmrm devices if keep-dev-tpm is used (#6724)
+ * modif: improve "Failed mount" error messages in util.c (#6747)
+ * modif: improve fcopy error messages in check() (#6801)
+ * modif: fcopy: try normal case first instead of last in check() (#6804)
+ * modif: improve new network namespace error message (#6824)
+ * modif: improve error messages in sandbox.c/sbox.c (#6825)
+ * bugfix: fix flock debug messages going to stderr (#6712)
+ * bugfix: add missing selinux relabeling for /dev paths (#6734)
+ * bugfix: fix potential deadlock with flock + SIGTSTP (#6729 #6750)
+ * bugfix: fcopy: add /usr/share + "runner:root" exception to fix CI (#6797 #6803)
+ * bugfix: fcopy: allow /etc/resolv.conf owned by systemd-resolve (#4545 #6808)
+ * bugfix: fix "Not enforcing Landlock" message always being printed (#6806)
+ * bugfix: add NULL check for cmdline in find_child() (#6840)
+ * build: use TARNAME in SYSCONFDIR/VARDIR (#6713)
+ * build: add localstatedir and use in VARDIR (#6715)
+ * build: replace SYSCONFDIR with @sysconfdir@ (#6737)
+ * ci: upgrade debian:buster to debian:bullseye (#6832)
+ * docs: improve URL formatting in man pages (#6706)
+ * docs: clarify --private bug in man pages (#6805)
+ * docs: fix man formatting of landlock.enforce (#6807)
+ * profiles: split commands that increase/reduce access (#6687)
+ * profiles: firefox: add comment about creating PWA shortcuts (#6689)
+ * profiles: add more xorg paths (#6708)
+ * profiles: fix include of deprecated disable-X11.inc (uppercase) (#6709)
+ * profiles: godot: remove noinput so gamepads work (#6707)
+ * profiles: remove mkdir ~/.pki (#6732)
+ * profiles: mpv: remove mkfile ~/.netrc (#6735)
+ * profiles: curl: allow ~/.netrc (#6736)
+ * profiles: discord-common: add env to private-bin (#6738)
+ * profiles: firecfg: disable checksum programs (#6755)
+ * profiles: rssguard: allow lua (#6758 #6759)
+ * profiles: wine: allow python to fix Epic Games Launcher (#6762 #6763)
+ * profiles: wusc: add /usr/share/xkeyboard-config-2 (#6773 #6775)
+ * profiles: chafa: quiet output (#6777)
+ * profiles: ripperx/sound-juicer: fix profile name typos (#6780)
+ * profiles: ani-cli: add mpv to private-etc for plugins access (#6779)
+ * profiles: use private-etc groups in more profiles (#6783)
+ * profiles: firecfg: disable foliate (#6784)
+ * profiles: finish converting private-opt to whitelist (#6785)
+ * profiles: replace hosts.conf with host.conf in private-etc (#6791)
+ * profiles: makedeb: allow dpkg (#6816)
+ * profiles: kate: fix network access (#6815 #6823)
+ * profiles: keepassxc: add x11 group to private-etc (#6827 #6828)
+ * profiles: allow org.kde.kwalletd6 for Plasma 6 systems (#6819)
+ * profiles: xreader: disable no3d to fix startup (#6829)
+ * profiles: firefox: add alternative tridactylrc path (#6720 #6721)
+ * new profile: ansel (#6751)
+
+-------------------------------------------------------------------
+Sat Jul 19 11:11:41 UTC 2025 - Sebastian Wagner <sebix@sebix.at>
+
+- update to version 0.9.74:
+  * security: fix sscanf rv checks (CodeQL) (#6184)
+  * feature: private-etc rework: improve handling of /etc/resolv.conf and add
+  * private-etc groups (#6400 #5518 #5608 #5609 #5629 #5638 #5641 #5642 #5643
+  * #5650 #5681 #5737 #5844 #5989 #6016 #6104 #5655 #6435 #6514 #6515)
+  * feature: Add "keep-shell-rc" command and option (#1127 #5634)
+  * feature: Print the argument when failing with "too long arguments" (#5677)
+  * feature: a random hostname is assigned to each sandbox unless
+  * overwritten using --hostname command
+  * feature: add IPv6 support for --net.print option
+  * feature: QUIC (HTTP/3) support in --nettrace
+  * feature: add seccomp filters for --restrict-namespaces
+  * feature: stats support for --nettrace
+  * feature: add doas support in firecfg and jailcheck (#5899 #5900)
+  * feature: firecfg: add firecfg.d & add ignore command (#2097 #5245 #5876
+  * #6153 #6268)
+  * feature: expand simple macros in more commands (--chroot= --netfilter=
+  * --netfilter6= --trace=) (#6032 #6109)
+  * feature: add Landlock support (#5269 #6078 #6115 #6125 #6187 #6195 #6200
+  * #6228 #6260 #6302 #6305)
+  * feature: add support for comm, coredump, and prctl procevents in firemon
+  * (#6414 #6415)
+  * feature: add notpm command & keep tpm devices in private-dev (#6379 #6390)
+  * feature: fshaper.sh: support tc on NixOS (#6426 #6431)
+  * feature: add aarch64 syscalls (#5821 #6574)
+  * feature: add --disable-sandbox-check configure flag (#6592)
+  * feature: block /dev/ntsync & add keep-dev-ntsync command (#6655 #6660)
+  * modif: Stop forwarding own double-dash to the shell (#5599 #5600)
+  * modif: Prevent sandbox name (--name=) and host name (--hostname=)
+  * from containing only digits (#5578 #5741)
+  * modif: Escape control characters of the command line (#5613)
+  * modif: Allow mostly only ASCII letters and digits for sandbox name
+  * (--name=) and host name (--hostname=) (#5708 #5856)
+  * modif: make private-lib a configure-time option, disabled by default (see
+  * --enable-private-lib) (#5727 #5732)
+  * modif: Improve --version/--help & print version on startup (#5829 #6172)
+  * modif: improve errExit error messages (#5871)
+  * modif: drop deprecated 'shell' option references (#5894)
+  * modif: keep pipewire group unless nosound is used (#5992 #5993)
+  * modif: fcopy: use lstat when copying directory (#5378 #5957)
+  * modif: private-dev: keep /dev/kfd unless no3d is used (#6380)
+  * modif: keep /sys/module/nvidia* if prop driver and no no3d (#6372 #6387)
+  * modif: clarify error messages in profile.c (#6605)
+  * modif: keep plugdev group unless nou2f is used (#6664)
+  * removal: firemon: remove --interface option (it duplicates the firejail
+  * --net.print= option) (0e48f99)
+  * removal: remove support for LTS and firetunnel (db09546)
+  * bugfix: fix --hostname and --hosts-file commands
+  * bugfix: fix examples in firejail-local AppArmor profile (#5717)
+  * bugfix: arp.c: ensure positive timeout on select(2) (#5806)
+  * bugfix: Wrong syscall names for s390_pci_mmio_read and s390_pci_mmio_write
+  * (#5965 #5976)
+  * bugfix: firejail --ls reports wrong file sizes for large files (#5982
+  * #6086)
+  * bugfix: fix startup race condition for /run/firejail directory (#6307)
+  * bugfix: fix various resource leaks (#6367)
+  * bugfix: profstats: fix restrict-namespaces max count (#6369)
+  * bugfix: remove --noautopulse from --help and zsh comp (#6401)
+  * bugfix: parse --debug before using it (#6579)
+  * bugfix: fix possible memory leak in fs_home.c (#6598)
+  * bugfix: do not interact with dbus directory if dbus proxy is disabled
+  * (#6591)
+  * bugfix: firecfg: check full .desktop filename in check_profile() (#6674)
+  * build: auto-generate syntax files (#5627)
+  * build: mark all phony targets as such (#5637)
+  * build: mkdeb.sh: pass all arguments to ./configure (#5654)
+  * build: deb: enable apparmor by default & remove deb-apparmor (#5668)
+  * build: Fix whitespace and add .editorconfig (#5674)
+  * build: remove for loop initial declarations to fix building with old
+  * compilers (#5778)
+  * build: enable compiler warnings by default (#5842)
+  * build: remove -mretpoline and NO_EXTRA_CFLAGS (#5859)
+  * build: disable all built-in implicit make rules (#5864)
+  * build: organize and standardize make vars and targets (#5866)
+  * build: fix seccomp filters and man pages always being rebuilt when running
+  * make (#5156 #5898)
+  * build: fix hardcoded make & remove unnecessary distclean targets (#5911)
+  * build: dist and asc improvements (#5916)
+  * build: fix some shellcheck issues & use config.sh in more scripts (#5927)
+  * build: firecfg.config sorting improvements (#5942)
+  * build: codespell improvements (#5955)
+  * build: add missing makefile dep & syntax improvements (#5956)
+  * build: sort.py: use case-sensitive sorting (#6070)
+  * build: mkrpm.sh: append instead of override configure args (#6126)
+  * build: use CPPFLAGS instead of INCLUDE in compile targets (#6159)
+  * build: use full paths on compile/link targets (#6158)
+  * build: automatically generate header dependencies (#6164)
+  * build: improve main clean target (#6186)
+  * build: mkrpm.sh improvements (#6196)
+  * build: move errExit macro into inline function (#6217)
+  * build: allow overriding certain tools & sync targets with CI (#6222)
+  * build: reduce hardcoding and inconsistencies & add installcheck target
+  * (#6230 #6620)
+  * build: sort.py: filter empty and duplicate items (#6261)
+  * build: fix "warning: "_FORTIFY_SOURCE" redefined" (#6282 #6283)
+  * build: sort.py: add -h/-i/-n/-- options (#6290 #6339 #6562)
+  * build: add strip target and simplify install targets (#6342)
+  * build: remove clean dependency from cppcheck targets (#6343)
+  * build: allow overriding common tools (#6354)
+  * build: standardize install commands (#6366)
+  * build: improve reliability/portability of date command usage (#6403 #6404)
+  * build: sort.py: strip whitespace in profiles (#6556)
+  * build: sort.py: fix whitespace in entire profile (#6593)
+  * build: sort.py: quote diff lines (#6594)
+  * build: remove cppcheck-old target/job (#6676)
+  * ci: always update the package db before installing packages (#5742)
+  * ci: fix codeql unable to download its own bundle (#5783)
+  * ci: split configure/build/install commands on gitlab (#5784)
+  * ci: fix swapped name/email arguments in debian_ci (#5795)
+  * ci: formatting and misc improvements (#5802)
+  * ci: run for every branch instead of just master (#5815)
+  * ci: upgrade debian:stretch to debian:buster (#5818)
+  * ci: standardize apt-get update/install & misc improvements (#5857)
+  * ci: Update step-security/harden-runner and update allowed endpoints (#5953)
+  * ci: whitelist paths, reorganize workflows & speed-up tests (#5960 #6627)
+  * ci: fix dependabot duplicated workflow runs (#5984)
+  * ci: allow running workflows manually (#6026)
+  * ci: add timeout limits (#6178)
+  * ci: make dependabot updates monthly and bump PR limit (#6338)
+  * contrib/syntax: remove 'text/plain' from firejail-profile.lang.in (#6057
+  * #6059)
+  * contrib/vim: match profile files more broadly (#5850)
+  * contrib/vim: add ftplugin file (based on cfg.vim) (#6680)
+  * test: split individual test groups in github workflows
+  * test: add chroot, appimage and network tests in github workflows
+  * docs: remove apparmor options in --help when building without apparmor
+  * support (#5589)
+  * docs: fix typos (#5693)
+  * docs: markdown formatting and misc improvements (#5757)
+  * docs: add uninstall instructions to README.md (#5812)
+  * docs: add precedence info to manpage & fix noblacklist example (#6358
+  * #6359)
+  * docs: bug_report.md: use absolute path in 'steps to reproduce' (#6382)
+  * docs: man: format and sort some private- items (#6398)
+  * docs: man: improve blacklist/whitelist examples with spaces (#6425)
+  * docs: add build_issue.md issue template (#6423)
+  * docs: man: sort commands (firejail.1) (#6451)
+  * docs: man: fix bold in command TPs (#6472)
+  * docs: man: fix wrong escapes (#6474)
+  * docs: github: streamline environment in issue templates (#6471 #6607)
+  * docs: fix typos of --enable-selinux configure option (#6526)
+  * docs: clarify intro and build section in README (#6524)
+  * docs: clarify that other tools may not be in PPA (#6407)
+  * docs: use GitHub issues as the bug reporting address (#6525)
+  * docs: update distribution table & add note in SECURITY.md (#6624)
+  * docs: clarify unmaintained status of overlayfs in configure.ac (#6632)
+  * docs: improve whitelist and blacklist descriptions in man pages (#6622)
+  * docs: note that --build may generate a non-functional profile (#6653)
+  * legal: selinux.c: Split Copyright notice & use same license as upstream
+  * (#5667)
+  * profiles: qutebrowser: fix links not opening in the existing instance
+  * (#5601 #5618)
+  * profiles: clarify userns comments (#5686)
+  * profiles: bulk rename electron to electron-common (#5700)
+  * profiles: streamline seccomp socket comment (#5735)
+  * profiles: drop hostname option from all profiles (#5702)
+  * profiles: move read-only config entries to disable-common.inc (#5763)
+  * profiles: standardize on just "GTK" on comments (#5794)
+  * profiles: bleachbit: allow erasing Trash contents (#5337 #5902)
+  * profiles: improvements to profiles using private (#5946)
+  * profiles: standardize commented code and eol comments (#5987)
+  * profiles: disable-common: add more suid programs (#6049 #6051 #6052)
+  * profiles: replace private-opt with whitelist & document private-opt issues
+  * (#6021)
+  * profiles: drop paths already in wusc (#6218)
+  * profiles: deny access to ~/.config/autostart (#6257)
+  * profiles: replace x11 socket blacklist with disable-X11.inc (#6286)
+  * profiles: sort blacklist sections (#6289)
+  * profiles: rename disable-X11.inc to disable-x11.inc (#6294)
+  * profiles: add allow-nodejs.inc to profile.template (#6298)
+  * profiles: add allow-php.inc to profile.template (#6299)
+  * profiles: clarify and add opengl-game to profile.template (#6300)
+  * profiles: allow-ssh: allow /etc/ssh/ssh_revoked_hosts (#6308 #6309)
+  * profiles: libreoffice: support signing documents with GPG (#6352 #6353)
+  * profiles: blacklist i3 IPC socket & dir except for i3 itself (#6361)
+  * profiles: librewolf: add new dbus name (io.gitlab.firefox) (#6413 #6473)
+  * profiles: nextcloud: fix access to ~/Nextcloud (#5877 #6478)
+  * profiles: ssh: add ${RUNUSER}/gvfsd-sftp (#5816 #6479)
+  * profiles: firecfg: disable text editors (#6002 #6477)
+  * profiles: browsers: centralize/sync/improve comments (#6486)
+  * profiles: keepassxc: add new socket location (#5447 #6391)
+  * profiles: signal-desktop: allow org.freedesktop.secrets (#6498)
+  * profiles: firefox-common: allow org.freedesktop.portal.Documents (#6444
+  * #6499)
+  * profiles: keepassxc: allow access to ssh-agent socket (#3314 #6531)
+  * profiles: firecfg.config: disable dnsmasq (#6533)
+  * profiles: game-launchers: disable nou2f (#6534)
+  * profiles: anki: fix opening, allow media & add to firecfg (#6544 #6545)
+  * profiles: wget: allow ~/.local/share/wget (#6542)
+  * profiles: wget: unify wget2 into wget profile (#6551)
+  * profiles: tesseract: disable private-tmp to fix ocrmypdf (#6550 #6552)
+  * profiles: ensure allow-lua where mpv is allowed (#6555)
+  * profiles: video-players: add missing /usr/share paths (#6557)
+  * profiles: clamav: add /etc/clamav (#6565)
+  * profiles: lutris: add comment for gamescope workaround (#6192)
+  * profiles: disable-common: add bubblejail paths (#6571)
+  * profiles: fix misc in kmail/transmission-qt & add kontact.profile (#5905)
+  * profiles: misc changes and self-ref fixes in ghostwriter/peek (#5648)
+  * profiles: firecfg: fix sha384sum & add b2sum/cksum (#6578)
+  * profiles: refactor com.github.johnfactotum.Foliate into foliate.profile
+  * (#6582)
+  * profiles: anki: fix dark mode detection & misc changes (#6581)
+  * profiles: tor: add memory-deny-write-execute (#6641)
+  * profiles: torbrowser-launcher: move path from dc to dp (#6640)
+  * profiles: ytmdesktop: add redirect & whitelist /opt/ytmdesktop (#6662
+  * #6666)
+  * profiles: seahorse: add redirect org.gnome.seahorse.Application (#6658
+  * #6673)
+  * profiles: godot: ignore noexec in home to fix addons (#6686)
+  * new profiles: qpdf and redirects (fix-qdf, qpdf, zlib-flate) (#5675)
+  * new profiles: parsecd (#5646 #5682)
+  * new profiles: lobster (#5706 #5847 #5885 #6155)
+  * new profiles: ani-cli (#5707 #5733 #5892 #5954)
+  * new profiles: discord redirects (DiscordPTB, discord-ptb) (#5729)
+  * new profiles: jami and postman (#5691)
+  * new profiles: mov-cli (#5710)
+  * new profiles: standard-notes (#5761)
+  * new profiles: url-eater (#5780)
+  * new profiles: fbreader redirect (FBReader) (d88c8d4)
+  * new profiles: rssguard (#5881)
+  * new profiles: mullvad-browser (#5887)
+  * new profiles: sniffnet (#5920)
+  * new profiles: daisy (#5935)
+  * new profiles: reader (#5934)
+  * new profiles: journal-viewer (#5943)
+  * new profiles: clac (#5947)
+  * new profiles: blender redirect (blender-3.6) (#6013)
+  * new profiles: fluffychat (#6007)
+  * new profiles: lettura (#6027)
+  * new profiles: brz and bzr (Breezy) (#6028)
+  * new profiles: floorp (#6030 #6683)
+  * new profiles: tidal-hifi (#6008 #6009)
+  * new profiles: termshark (#6039)
+  * new profiles: tiny-rdm (#6083)
+  * new profiles: rawtherapee (#6180)
+  * new profiles: electron-cash (#6181)
+  * new profiles: gnome-boxes (#6226)
+  * new profiles: virt-manager (#6227)
+  * new profiles: ledger-live-desktop (#6219)
+  * new profiles: lz4 and redirects (#6241)
+  * new profiles: qt5ct (#6249)
+  * new profiles: qt6ct (#6250)
+  * new profiles: green-recoder (#6237)
+  * new profiles: bpftop (#6231)
+  * new profiles: erd (#6236)
+  * new profiles: lyriek (#6245)
+  * new profiles: statusof (#6253)
+  * new profiles: cloneit (#6232)
+  * new profiles: deadlink (#6233)
+  * new profiles: dexios (#6234)
+  * new profiles: koreader (#6243)
+  * new profiles: editorconfiger (#6235)
+  * new profiles: localsend_app (#6244)
+  * new profiles: rymdport (#6251)
+  * new profiles: textroom (#6254)
+  * new profiles: tvnamer (#6256)
+  * new profiles: mimetype (#6247)
+  * new profiles: session-desktop (#6259)
+  * new profiles: metadata-cleaner (#6246)
+  * new profiles: tqemu (#6255)
+  * new profiles: gh (GitHub CLI) (#6293)
+  * new profiles: axel (#6315)
+  * new profiles: several kids programs (alienblaster geki2 geki3 lbreakouthd
+  * tuxtype typespeed) (4c5f558)
+  * new profiles: loupe (#6327 #6333)
+  * new profiles: d-spy (#6328)
+  * new profiles: nhex (#6341)
+  * new profiles: armcord (#6365)
+  * new profiles: dtui (#6422)
+  * new profiles: singularity (Endgame: Singularity) (#6463)
+  * new profiles: prismlauncher (#6558)
+  * new profiles: irssi (#6549)
+  * new profiles: syncthing (#6536)
+  * new profiles: obsidian (#6314)
+  * new profiles: b3sum (blake3) (#6577)
+  * new profiles: aria2p/aria2rpc (#6583 #6609)
+  * new profiles: buku (#6584)
+  * new profiles: monero-wallet-cli (#6586)
+  * new profiles: tremc (#6590)
+  * new profiles: device-flasher.linux (CalyxOS) (#6616)
+  * new profiles: hledger/hledger-ui (#6585)
+  * new profiles: ncmpcpp (#6587)
+  * new profiles: pyradio (#6589)
+  * new profiles: vesktop (#6654)
+  * new profiles: nsxiv (#6588)
+  * new profiles: remmina-file-wrapper (#6669)
+  * new profiles: ouch (#6678)
+  * new profiles: xarchiver (#6679)
+
+-------------------------------------------------------------------
+Thu Jan  9 21:42:45 UTC 2025 - Christian Boltz <suse-beta@cboltz.de>
+
+- Load/reload AppArmor profiles when installing the package (boo#1235142#c1)
+
 -------------------------------------------------------------------
 Sun Feb  4 19:16:55 UTC 2024 - Arjen de Korte <suse+build@de-korte.org>
 
@@ -17,7 +375,7 @@ Sun Apr  9 14:43:39 UTC 2023 - Sebastian Wagner <sebix@sebix.at>
   * bugfixes
 
 -------------------------------------------------------------------
-Tue Jun 14 20:21:18 UTC 2022 - Sebastian Wagner <sebix+novell.com@sebix.at>
+Tue Jun 14 20:21:18 UTC 2022 - Sebastian Wagner <sebix@sebix.at>
 
 - remove patches fix-internet-access.patch and fix-CVE-2022-31214.patch
   as they are integrated upstream
@@ -59,18 +417,18 @@ Tue Jun 14 20:21:18 UTC 2022 - Sebastian Wagner <sebix+novell.com@sebix.at>
  - removed profiles: nvm
 
 -------------------------------------------------------------------
-Wed Jun  8 21:08:03 UTC 2022 - Sebastian Wagner <sebix+novell.com@sebix.at>
+Wed Jun  8 21:08:03 UTC 2022 - Sebastian Wagner <sebix@sebix.at>
 
 - fix bsc#1199148 CVE-2022-31214 by adding patch fix-CVE-2022-31214.patch
   using commits from upstream.
 
 -------------------------------------------------------------------
-Mon Feb 28 19:38:38 UTC 2022 - Sebastian Wagner <sebix+novell.com@sebix.at>
+Mon Feb 28 19:38:38 UTC 2022 - Sebastian Wagner <sebix@sebix.at>
 
 - add fix-internet-access.patch to fix boo#1196542
 
 -------------------------------------------------------------------
-Sun Feb  6 21:09:00 UTC 2022 - Sebastian Wagner <sebix+novell.com@sebix.at>
+Sun Feb  6 21:09:00 UTC 2022 - Sebastian Wagner <sebix@sebix.at>
 
 - update to firejail 0.9.68:
  - security: on Ubuntu, the PPA is now recommended over the distro package
@@ -188,12 +546,12 @@ Thu Jan 28 18:35:06 UTC 2021 - Илья Индиго <ilya@ilya.pp.ua>
     mdr, shotwell, qnapi, new profiles: guvcview, pkglog, kdiff3, CoyIM.
 
 -------------------------------------------------------------------
-Mon Nov  2 19:44:51 UTC 2020 - Sebastian Wagner <sebix+novell.com@sebix.at>
+Mon Nov  2 19:44:51 UTC 2020 - Sebastian Wagner <sebix@sebix.at>
 
 - packaging fixes
 
 -------------------------------------------------------------------
-Sun Nov  1 16:58:56 UTC 2020 - Sebastian Wagner <sebix+novell.com@sebix.at>
+Sun Nov  1 16:58:56 UTC 2020 - Sebastian Wagner <sebix@sebix.at>
 
 - Update to version 0.9.64:
   * replaced --nowrap option with --wrap in firemon
@@ -275,7 +633,7 @@ Thu Aug 13 06:13:57 UTC 2020 - Paolo Stivanin <info@paolostivanin.com>
 - Remove fix-CVE-2020-17367.patch
 
 -------------------------------------------------------------------
-Sat Aug  8 16:56:43 UTC 2020 - Sebastian Wagner <sebix+novell.com@sebix.at>
+Sat Aug  8 16:56:43 UTC 2020 - Sebastian Wagner <sebix@sebix.at>
 
 - Add patches fix-CVE-2020-17367.patch and fix-CVE-2020-17368.patch to fix CVE-2020-17367 and CVE-2020-17368 and boo#1174986
 
@@ -317,7 +675,7 @@ Tue Feb 11 22:32:46 UTC 2020 - Marcus Rueckert <mrueckert@suse.de>
   * new profiles: electron-mail, gist, gist-paste
 
 -------------------------------------------------------------------
-Sun Jun  2 16:30:42 UTC 2019 - Sebastian Wagner <sebix+novell.com@sebix.at>
+Sun Jun  2 16:30:42 UTC 2019 - Sebastian Wagner <sebix@sebix.at>
 
 - update to version 0.9.60:
  * security bug reported by Austin Morton:
@@ -375,7 +733,7 @@ Fri Feb  1 07:29:32 UTC 2019 - info@paolostivanin.com
   * bugfixes
 
 -------------------------------------------------------------------
-Sat Sep 22 09:11:21 UTC 2018 - Sebastian Wagner <sebix+novell.com@sebix.at>
+Sat Sep 22 09:11:21 UTC 2018 - Sebastian Wagner <sebix@sebix.at>
 
 - update to version 0.9.56:
   * modif: removed CFG_CHROOT_DESKTOP configuration option
@@ -414,7 +772,7 @@ Mon Sep 10 08:58:32 UTC 2018 - Markos Chandras <mchandras@suse.de>
 - Remove the rpmlintrc file since the warnings are no longer relevant.
 
 -------------------------------------------------------------------
-Thu Aug 23 19:34:44 UTC 2018 - sebix+novell.com@sebix.at
+Thu Aug 23 19:34:44 UTC 2018 - sebix@sebix.at
 
 - Changed the permissions of the firejail executable to 4750.
   Setuid mode is used, but only allowed for users in the newly

firejail.keyring

@@ -28,3 +28,32 @@ ilSqRQrPqyCjic8MUB9S+eBQC4Z67i9YqJaBfb80x9HqINLncGFDHKIajwy8f7Sh
 k67z733GYXrAnyHsia4IF4UGRLW4+1xtKE9xmUThmwMdkgqtJ9eqBpAF9A==
 =/BT3
 -----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+xsFNBF/La4cBEADGUgoiPUJcEs0DRpWgmmpnMtgRxOiqT4b2R1d9cwtWpMOqQ3eN
+OJqSBdzmN+aNwt61XWi4MUAseN5O3L3C+UXIk8HptOmalNySSHcGXk6Kn250Tmy5
+O+ZGHlPng1zqOMBBZs1kNYw9aXuxQFCRk1rfFcePreyF+rHuBx0K2EGJPQ7udEf0
+znq8gRZ29wFz3TzqGmKVv5cWkdGSUUkQc9ecZX89yBMfuqRXUG/ucojD0gLaQyTy
+cjfS/0RE+Bje8Mpe8wswR+hg2qZDO+n9uMY/7dmdctKGU/kdxEBPqe0dak1sJ16M
+0bawI+Rq/5RqPYwgEcfTg4VQotvpENUN/uAqi1b0IRLcPE46kXGpY9HIukFkzRKD
+N1WMz8D6sVNimV99KucKvXzD/1VvyawChPWJsGCow4OoYrvHTU5f8J7PHStLQ61O
+pVjWRbRonpjGBvz3hP0vkwCgy21AkYnRWaSKztwSkIJ36NCqsU24WIH1XgWzxsrf
+kniQdXP6+sMCAxV+u6ig671BdtqYqaIGxb15j/wPXuju92myrTGa4rk0uUTur+VV
+v0ethh3S8c9yisuRjkV+K/xpoJjGv7MsZf6hkcyIT826cv4Jr8LbtSMVD/pQB93i
+olhizs8U0ph+RMnNPC4ZiroPgjDhYDZcIPuWw8WETHrUQDaEj6XgYm8P2QARAQAB
+zUhEaXZlc3RlZCBSZWxlYXNlIFNpZ25pbmcgKDIwMjAgIzEpIDxzdXBwb3J0K3Jl
+bGVhc2VzaWduaW5nQGRpdmVzdGVkLmRldj7CwY4EEwEIADgWIQRjlfyZEe3NYVhx
+Lfe638q92/W2lAUCX8trhwIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRC6
+38q92/W2lH49D/9F4f1pGf5ZWZjs7LiW4BQgAOx0NiKsvFTXBAhhUSJwTseB3vnK
+ZGx3qoUCI0pk+4Z/YHhY91QTopJHcg/QW8tj/shjtRbzmfBB6dwFQkZtOHofXHMV
+DowoY2MXZRd9dRIBhwLRvktZA9yKO1iH0M0vSqxuh8ALkvUlDgfzy0QBsAHjsUTB
+FoxGemxT+70zDNx+xL0PusRA25AOn7EXzrjk6E1653KL1sRojqGZ/XzWWw+6dZyM
+4Aap3CGrS7+YrXhJTMokOC/OfariDaN02YtlRizztWYEhkJ5SB0kIIlzgrGmY659
+b0ENjjHAVK16LfRoDprb1PpC3du2QAVFtBRDqD2zwXBmELjyOpAnSYDuJVPgv4T8
+Oty5be+U84lKVIgG5N60VrJzkwi5J+FSx2hTJl0C5BZyKChDXXvlnJI2Y4Qrwjyz
+7mx5gjFLZra/yKrVKnfxp5AJ7DxHxNOYn0dcceWBBVC1L5sniim9z4Q5fNRErJT8
+ayf77gecLuCVt+LhCH1rFejeIZrl0QEw+udrTYrPt3BWUK2OOIzF8PqLHfyUF+7W
+ZuLgMxj0nGLMqOlPSszrQ6RxmL//GmXkmE3CeDNXV+7SpmMYe07pHzycg8+d/tNq
+EajUfLQJqUYj3m51MnKW2r+QUKjkIYsn4iFfk+2aeY5HX1RalWJ7d4NHJQ==
+=fNZP
+-----END PGP PUBLIC KEY BLOCK-----

firejail.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package firejail
 #
-# Copyright (c) 2023 SUSE LLC
+# Copyright (c) 2025 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
 
 
 Name:           firejail
-Version:        0.9.72
+Version:        0.9.76
 Release:        0
 Summary:        Linux namepaces sandbox program
 License:        GPL-2.0-only
@@ -28,6 +28,7 @@ Source1:        https://github.com/netblue30/%{name}/releases/download/%{version
 # https://firejail.wordpress.com/download-2/
 Source2:        %{name}.keyring
 Source3:        %{name}-group.conf
+BuildRequires:  apparmor-rpm-macros
 BuildRequires:  fdupes
 BuildRequires:  gcc-c++
 BuildRequires:  libapparmor-devel
@@ -87,6 +88,7 @@ rm %{buildroot}%{_docdir}/firejail/COPYING
 
 %post
 %set_permissions %{_bindir}/firejail
+%apparmor_reload %{_sysconfdir}/apparmor.d/firejail-default
 
 %verifyscript
 %verify_permissions -e %{_bindir}/firejail
@@ -112,8 +114,10 @@ rm %{buildroot}%{_docdir}/firejail/COPYING
 %dir %{_datadir}/vim
 %dir %{_datadir}/vim/vimfiles
 %dir %{_datadir}/vim/vimfiles/ftdetect
+%dir %{_datadir}/vim/vimfiles/ftplugin
 %dir %{_datadir}/vim/vimfiles/syntax
 %{_datadir}/vim/vimfiles/ftdetect/firejail.vim
+%{_datadir}/vim/vimfiles/ftplugin/firejail.vim
 %{_datadir}/vim/vimfiles/syntax/firejail.vim
 %dir %{_datadir}/gtksourceview-5
 %dir %{_datadir}/gtksourceview-5/language-specs