release 0.9.30

README

@@ -43,7 +43,7 @@ Michael Haas (https://github.com/mhaas)
 mjudtmann (https://github.com/mjudtmann)
 	- lock firejail configuration in disable-mgmt.inc
 iiotx (https://github.com/iiotx)
-	- use generci.profile by default
+	- use generic.profile by default
 pstn (https://github.com/pstn)
 	- added install-strip, make install without strip
 Alexey Kuznetsov (kuznet@ms2.inr.ac.ru)

RELNOTES

@@ -1,4 +1,4 @@
-firejail (0.9.30-rc1) baseline; urgency=low
+firejail (0.9.30) baseline; urgency=low
   * added a disable-history.inc profile as a result of Firefox PDF.js exploit;
     disable-history.inc included in all default profiles
   * Firefox PDF.js exploit (CVE-2015-4495) fixes
@@ -14,9 +14,9 @@ firejail (0.9.30-rc1) baseline; urgency=low
   * added build --enable-fatal-warnings configure option
   * added persistence to --overlay option
   * added --overlay-tmpfs option
-  * make install renamed make install-strip
+  * make install-strip implemented, make install renamed
   * bugfixes
- -- netblue30 <netblue30@yahoo.com>  Wed, 9 Sept 2015 08:00:00 -0500
+ -- netblue30 <netblue30@yahoo.com>  Mon, 14 Sept 2015 08:00:00 -0500
 
 firejail (0.9.28) baseline; urgency=low
   * network scanning, --scan option

configure

@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for firejail 0.9.30-rc2-development.
+# Generated by GNU Autoconf 2.69 for firejail 0.9.30.
 #
 # Report bugs to <netblue30@yahoo.com>.
 #
@@ -580,8 +580,8 @@ MAKEFLAGS=
 # Identity of this package.
 PACKAGE_NAME='firejail'
 PACKAGE_TARNAME='firejail'
-PACKAGE_VERSION='0.9.30-rc2-development'
-PACKAGE_STRING='firejail 0.9.30-rc2-development'
+PACKAGE_VERSION='0.9.30'
+PACKAGE_STRING='firejail 0.9.30'
 PACKAGE_BUGREPORT='netblue30@yahoo.com'
 PACKAGE_URL='http://firejail.sourceforge.net'
 
@@ -1238,7 +1238,7 @@ if test "$ac_init_help" = "long"; then
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures firejail 0.9.30-rc2-development to adapt to many kinds of systems.
+\`configure' configures firejail 0.9.30 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1299,7 +1299,7 @@ fi
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of firejail 0.9.30-rc2-development:";;
+     short | recursive ) echo "Configuration of firejail 0.9.30:";;
    esac
   cat <<\_ACEOF
 
@@ -1389,7 +1389,7 @@ fi
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-firejail configure 0.9.30-rc2-development
+firejail configure 0.9.30
 generated by GNU Autoconf 2.69
 
 Copyright (C) 2012 Free Software Foundation, Inc.
@@ -1691,7 +1691,7 @@ cat >config.log <<_ACEOF
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by firejail $as_me 0.9.30-rc2-development, which was
+It was created by firejail $as_me 0.9.30, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   $ $0 $@
@@ -4102,7 +4102,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by firejail $as_me 0.9.30-rc2-development, which was
+This file was extended by firejail $as_me 0.9.30, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -4156,7 +4156,7 @@ _ACEOF
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
 ac_cs_version="\\
-firejail config.status 0.9.30-rc2-development
+firejail config.status 0.9.30
 configured by $0, generated by GNU Autoconf 2.69,
   with options \\"\$ac_cs_config\\"
 

configure.ac

@@ -1,5 +1,5 @@
 AC_PREREQ([2.68])
-AC_INIT(firejail, 0.9.30-rc2-development, netblue30@yahoo.com, , http://firejail.sourceforge.net)
+AC_INIT(firejail, 0.9.30, netblue30@yahoo.com, , http://firejail.sourceforge.net)
 AC_CONFIG_SRCDIR([src/firejail/main.c])
 #AC_CONFIG_HEADERS([config.h])
 

platform/rpm/mkrpm.sh

@@ -1,5 +1,5 @@
 #!/bin/bash
-VERSION="0.9.26"
+VERSION="0.9.30"
 rm -fr ~/rpmbuild
 rm -f firejail-$VERSION-1.x86_64.rpm
 
@@ -19,6 +19,7 @@ install -m 755 /usr/bin/firemon firejail-$VERSION/usr/bin/.
 mkdir -p  firejail-$VERSION/usr/lib/firejail
 install -m 644 /usr/lib/firejail/libtrace.so  firejail-$VERSION/usr/lib/firejail/.
 install -m 755 /usr/lib/firejail/ftee  firejail-$VERSION/usr/lib/firejail/.
+install -m 755 /usr/lib/firejail/fshaper.sh  firejail-$VERSION/usr/lib/firejail/.
 
 mkdir -p firejail-$VERSION/usr/share/man/man1
 install -m 644 /usr/share/man/man1/firejail.1.gz firejail-$VERSION/usr/share/man/man1/.
@@ -26,6 +27,7 @@ install -m 644 /usr/share/man/man1/firemon.1.gz firejail-$VERSION/usr/share/man/
 
 mkdir -p firejail-$VERSION/usr/share/man/man5
 install -m 644 /usr/share/man/man5/firejail-profile.5.gz firejail-$VERSION/usr/share/man/man5/.
+install -m 644 /usr/share/man/man5/firejail-login.5.gz firejail-$VERSION/usr/share/man/man5/.
 
 mkdir -p firejail-$VERSION/usr/share/doc/packages/firejail
 install -m 644 /usr/share/doc/firejail/COPYING firejail-$VERSION/usr/share/doc/packages/firejail/.
@@ -33,9 +35,17 @@ install -m 644 /usr/share/doc/firejail/README firejail-$VERSION/usr/share/doc/pa
 install -m 644 /usr/share/doc/firejail/RELNOTES firejail-$VERSION/usr/share/doc/packages/firejail/.
 
 mkdir -p firejail-$VERSION/etc/firejail
+install -m 644 /etc/firejail/xchat.profile firejail-$VERSION/etc/firejail/xchat.profile
+install -m 644 /etc/firejail/server.profile firejail-$VERSION/etc/firejail/server.profile
+install -m 644 /etc/firejail/quassel.profile firejail-$VERSION/etc/firejail/quassel.profile
+install -m 644 /etc/firejail/pidgin.profile firejail-$VERSION/etc/firejail/pidgin.profile
+install -m 644 /etc/firejail/icecat.profile firejail-$VERSION/etc/firejail/icecat.profile
+install -m 644 /etc/firejail/filezilla.profile firejail-$VERSION/etc/firejail/filezilla.profile
 install -m 644 /etc/firejail/chromium-browser.profile firejail-$VERSION/etc/firejail/chromium-browser.profile
 install -m 644 /etc/firejail/chromium.profile firejail-$VERSION/etc/firejail/chromium.profile
 install -m 644 /etc/firejail/dropbox.profile firejail-$VERSION/etc/firejail/dropbox.profile
+install -m 644 /etc/firejail/disable-common.inc firejail-$VERSION/etc/firejail/disable-common.inc
+install -m 644 /etc/firejail/disable-history.inc firejail-$VERSION/etc/firejail/disable-history.inc
 install -m 644 /etc/firejail/disable-secret.inc firejail-$VERSION/etc/firejail/disable-secret.inc
 install -m 644 /etc/firejail/disable-mgmt.inc firejail-$VERSION/etc/firejail/disable-mgmt.inc
 install -m 644 /etc/firejail/evince.profile firejail-$VERSION/etc/firejail/evince.profile
@@ -57,9 +67,13 @@ install -m 644 /etc/firejail/deluge.profile firejail-$VERSION/etc/firejail/delug
 install -m 644 /etc/firejail/qbittorrent.profile firejail-$VERSION/etc/firejail/qbittorrent.profile
 install -m 644 /etc/firejail/generic.profile firejail-$VERSION/etc/firejail/generic.profile
 install -m 644 /etc/firejail/login.users firejail-$VERSION/etc/firejail/login.users
+install -m 644 /etc/firejail/deadbeef.profile firejail-$VERSION/etc/firejail/deadbeef.profile
+install -m 644 /etc/firejail/empathy.profile firejail-$VERSION/etc/firejail/empathy.profile
+
 
 mkdir -p firejail-$VERSION/usr/share/bash-completion/completions
 install -m 644 /usr/share/bash-completion/completions/firejail  firejail-$VERSION/usr/share/bash-completion/completions/.
+install -m 644 /usr/share/bash-completion/completions/firemon  firejail-$VERSION/usr/share/bash-completion/completions/.
 
 echo "building tar.gz archive"
 tar -czvf firejail-$VERSION.tar.gz firejail-$VERSION
@@ -130,23 +144,72 @@ rm -rf %{buildroot}
 %config(noreplace) %{_sysconfdir}/%{name}/deluge.profile
 %config(noreplace) %{_sysconfdir}/%{name}/qbittorrent.profile
 %config(noreplace) %{_sysconfdir}/%{name}/generic.profile
+%config(noreplace) %{_sysconfdir}/%{name}/deadbeef.profile
+%config(noreplace) %{_sysconfdir}/%{name}/disable-common.inc
+%config(noreplace) %{_sysconfdir}/%{name}/disable-history.inc
+%config(noreplace) %{_sysconfdir}/%{name}/empathy.profile
+%config(noreplace) %{_sysconfdir}/%{name}/filezilla.profile
+%config(noreplace) %{_sysconfdir}/%{name}/icecat.profile
+%config(noreplace) %{_sysconfdir}/%{name}/pidgin.profile
+%config(noreplace) %{_sysconfdir}/%{name}/quassel.profile
+%config(noreplace) %{_sysconfdir}/%{name}/server.profile
+%config(noreplace) %{_sysconfdir}/%{name}/xchat.profile
 
 /usr/bin/firejail
 /usr/bin/firemon
 /usr/lib/firejail/libtrace.so
 /usr/lib/firejail/ftee
+/usr/lib/firejail/fshaper.sh
 /usr/share/doc/packages/firejail/COPYING
 /usr/share/doc/packages/firejail/README
 /usr/share/doc/packages/firejail/RELNOTES
 /usr/share/man/man1/firejail.1.gz
 /usr/share/man/man1/firemon.1.gz
 /usr/share/man/man5/firejail-profile.5.gz
+/usr/share/man/man5/firejail-login.5.gz
 /usr/share/bash-completion/completions/firejail
+/usr/share/bash-completion/completions/firemon
  
 %post
 chmod u+s /usr/bin/firejail
 
 %changelog
+* Mon Sep 14 2015 netblue30 <netblue30@yahoo.com> 0.9.30-1
+ - added a disable-history.inc profile as a result of Firefox PDF.js exploit;
+   disable-history.inc included in all default profiles
+ - Firefox PDF.js exploit (CVE-2015-4495) fixes
+ - added --private-etc option
+ - added --env option
+ - added --whitelist option
+ - support ${HOME} token in include directive in profile files
+ - --private.keep is transitioned to --private-home
+ - support ~ and blanks in blacklist option
+ - support "net none" command in profile files
+ - using /etc/firejail/generic.profile by default for user sessions
+ - using /etc/firejail/server.profile by default for root sessions
+ - added build --enable-fatal-warnings configure option
+ - added persistence to --overlay option
+ - added --overlay-tmpfs option
+ - make install-strip implemented, make install renamed
+ - bugfixes
+
+* Sat Aug 1 2015 netblue30 <netblue30@yahoo.com> 0.9.28-1
+ - network scanning, --scan option
+ - interface MAC address support, --mac option
+ - IP address range, --iprange option
+ - traffic shaping, --bandwidth option
+ - reworked printing of network status at startup
+ - man pages rework
+ - added firejail-login man page
+ - added GNU Icecat, FileZilla, Pidgin, XChat, Empathy, DeaDBeeF default
+   profiles
+ - added an /etc/firejail/disable-common.inc file to hold common directory
+   blacklists
+ - blacklist Opera and Chrome/Chromium config directories in profile files
+ - support noroot option for profile files
+ - enabled noroot in default profile files
+ - bugfixes
+
 * Thu Apr 30 2015 netblue30 <netblue30@yahoo.com> 0.9.26-1
  - private dev directory
  - private.keep option for whitelisting home files in a new private directory

todo

@@ -31,3 +31,15 @@ $
 
 4. Remove exclude-token from profile include in 0.9.34 (deprecated in 0.9.30)
 
+5. Debian 32bit compile with --enable-fatal-warnings
+make[1]: Entering directory `/home/netblue/work/firejail-0.9.30/src/firejail'
+cc -ggdb -W -Wall -Werror -O2 -DVERSION='"0.9.30"' -DPREFIX='"/usr"' -DHAVE_SECCOMP  -DHAVE_CHROOT -DHAVE_BIND -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security  -c seccomp.c -o seccomp.o
+seccomp.c: In function ‘write_seccomp_file’:
+seccomp.c:337:81: error: format ‘%lu’ expects argument of type ‘long unsigned int’, but argument 2 has type ‘unsigned int’ [-Werror=format]
+seccomp.c: In function ‘read_seccomp_file’:
+seccomp.c:391:81: error: format ‘%lu’ expects argument of type ‘long unsigned int’, but argument 2 has type ‘unsigned int’ [-Werror=format]
+cc1: all warnings being treated as errors
+make[1]: *** [seccomp.o] Error 1
+
+6. Debian 32bit - multiple problems with the testing utility
+