github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 6

0.9.78 is out

Browse source
This commit is contained in:
netblue30 2026-01-02 19:08:16 -05:00
parent 06bc34547c
commit 36df4e61c1
4 changed files with 26 additions and 87 deletions
Download patch file Download diff file Expand all files Collapse all files

88
README.md
View file

@ -346,89 +346,25 @@ See `man firecfg` for details.
Note: Broken symlinks are ignored when searching for an executable in `$PATH`,
so uninstalling without doing the above should not cause issues.
## Latest released version: 0.9.76
## Latest released version: 0.9.78
This is an emergency release, many thanks to @kmk3, @SkewedZeppelin, and all
the Arch Linux users that reported the problem.
This is an emergency release due to GTK library changes:
Due to an xorg change in the xkeyboard-config package
(https://gitlab.freedesktop.org/xkeyboard-config/xkeyboard-config), many/most
xorg programs were rendered completely broken when running under firejail
0.9.74:
`````
Applications that use glycin 2.0.0 or later via gdk-pixbuf2
(examples: Firefox, Thunderbird, GIMP) crash.
* <https://github.com/netblue30/firejail/issues/6773>
The library glycin provides a set of "safe" image format loaders
to gdk-pixbuf2, another library which is widely used in GTK-based
applications for loading images.
This was fixed in the following PR:
* <https://github.com/netblue30/firejail/pull/6775>
## Current development version: 0.9.77
### New features
```text
$ man firejail
--xephyr-extra-params=OPTIONS
Set Xephyr server command extra parameters for x11 --x11=xephyr.
The setting will overwrite the default set in /etc/firejail/fire
jail.config for the current sandbox. Run Xephyr -help to get a
list of available options.
Example:
$ firejail --net=eth0 --x11=xephyr --xephyr-extra-params="-title
firefox" /usr/bin/firefox
As of gdk-pixbuf2 2.44.1 the calls to glycin loaders are wrapped in
bubblewrap (bwrap). https://github.com/netblue30/firejail/issues/6906
`````
--notpm (deprecated)
Ignored for compatibility.
TPM devices are now blocked by default, see --keep-dev-tpm.
## Current development version: 0.9.79
--keep-dev-tpm
Allow access to Trusted Cryptography Module (TCM) and Trusted
Platform Module (TPM) devices (even with --private-dev), which
are blocked by default.
Paths:
/dev/tcm[0-9]*
/dev/tcmrm[0-9]*
/dev/tpm[0-9]*
/dev/tpmrm[0-9]*
Example:
$ firejail --keep-dev-tpm --private-dev
```
### firejail.config enhancements
```text
$ less /etc/firejail/firejail.config
[...]
# Maximum number of arguments in the command line.
# Example: `firejail --foo /usr/bin/bar baz` has 4 arguments.
# This limit is intended to make stack smashing harder (see
# https://github.com/netblue30/firejail/issues/4633).
# arg-max-count 128
# Maximum length of each argument in the command line.
# Example: `--foo=bar` has a length of 9.
# This limit is intended to make stack smashing harder (see
# https://github.com/netblue30/firejail/issues/4633).
# arg-max-len 4096
[...]
# Maximum number of environment variables.
# This limit is intended to make stack smashing harder (see
# https://github.com/netblue30/firejail/issues/4633).
# env-max-count 256
# Maximum length for each environment variable value.
# Example: `FOO=barr` has a length of 4.
# This limit is intended to make stack smashing harder (see
# https://github.com/netblue30/firejail/issues/4633).
# Note: The actual default value is based on `PATH_MAX`; see checkcfg.c.
# env-max-len 4096
[...]
```
### Landlock support - ongoing/experimental

5
RELNOTES
View file

@ -1,5 +1,8 @@
firejail (0.9.78) baseline; urgency=low
firejail (0.9.79) baseline; urgency=low
* work in progress
-- netblue30 <netblue30@yahoo.com> Sat, 3 Jan 2026 11:00:00 -0500
firejail (0.9.78) baseline; urgency=low
* feature: add arg-max-count / arg-max-len to firejail.config (#4633 #6878)
* feature: add env-max-count / env-max-len to firejail.config (#3678 #6951)
* feature: add --xephyr-extra-params= command (#6952)

18
configure vendored
View file

@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
# Generated by GNU Autoconf 2.72 for firejail 0.9.78.
# Generated by GNU Autoconf 2.72 for firejail 0.9.79.
#
# Report bugs to <https://github.com/netblue30/firejail/issues>.
#
@ -603,8 +603,8 @@ MAKEFLAGS=
# Identity of this package.
PACKAGE_NAME='firejail'
PACKAGE_TARNAME='firejail'
PACKAGE_VERSION='0.9.78'
PACKAGE_STRING='firejail 0.9.78'
PACKAGE_VERSION='0.9.79'
PACKAGE_STRING='firejail 0.9.79'
PACKAGE_BUGREPORT='https://github.com/netblue30/firejail/issues'
PACKAGE_URL='https://firejail.wordpress.com'
@ -1315,7 +1315,7 @@ if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
'configure' configures firejail 0.9.78 to adapt to many kinds of systems.
'configure' configures firejail 0.9.79 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@ -1377,7 +1377,7 @@ fi
if test -n "$ac_init_help"; then
case $ac_init_help in
short | recursive ) echo "Configuration of firejail 0.9.78:";;
short | recursive ) echo "Configuration of firejail 0.9.79:";;
esac
cat <<\_ACEOF
@ -1501,7 +1501,7 @@ fi
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
firejail configure 0.9.78
firejail configure 0.9.79
generated by GNU Autoconf 2.72
Copyright (C) 2023 Free Software Foundation, Inc.
@ -1613,7 +1613,7 @@ cat >config.log <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
It was created by firejail $as_me 0.9.78, which was
It was created by firejail $as_me 0.9.79, which was
generated by GNU Autoconf 2.72. Invocation command line was
$ $0$ac_configure_args_raw
@ -5111,7 +5111,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
This file was extended by firejail $as_me 0.9.78, which was
This file was extended by firejail $as_me 0.9.79, which was
generated by GNU Autoconf 2.72. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@ -5167,7 +5167,7 @@ ac_cs_config_escaped=`printf "%s\n" "$ac_cs_config" | sed "s/^ //; s/'/'\\\\\\\\
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config='$ac_cs_config_escaped'
ac_cs_version="\\
firejail config.status 0.9.78
firejail config.status 0.9.79
configured by $0, generated by GNU Autoconf 2.72,
with options \\"\$ac_cs_config\\"

2
configure.ac
View file

@ -12,7 +12,7 @@
#
AC_PREREQ([2.68])
AC_INIT([firejail], [0.9.78], [https://github.com/netblue30/firejail/issues],
AC_INIT([firejail], [0.9.79], [https://github.com/netblue30/firejail/issues],
[], [https://firejail.wordpress.com])
AC_CONFIG_SRCDIR([src/firejail/main.c])