0.9.56.2-LTS testing

2026-05-15 06:06:02 -06:00 · 2019-06-04 13:55:11 -04:00 · 2019-06-04 13:55:11 -04:00 · 5dc6ce39b5
commit 5dc6ce39b5
parent fee37dc216
6 changed files with 99 additions and 23 deletions
--- a/78
+++ b/78
@ -38,10 +38,12 @@ Committers
 - glitsj16 (https://github.com/glitsj16)
 - Fred-Barclay (https://github.com/Fred-Barclay)
 - Reiner Herrmann (https://github.com/reinerh - Debian/Ubuntu maintainer)
+- rusty-snake (https://github.com/rusty-snake)
 - smithsohu (https://github.com/smitsohu)
 - SkewedZeppelin (https://github.com/SkewedZeppelin)
 - startx2017 (https://github.com/startx2017) - LTS and *bugfixes branches maintainer)
 - Topi Miettinen (https://github.com/topimiettinen)
+- veloute (https://github.com/veloute)
 - Vincent43 (https://github.com/Vincent43)
 - netblue30 (netblue30@yahoo.com)

@ -49,6 +51,9 @@ Committers

 Firejail Authors (alphabetical order)

+7twin (https://github.com/7twin_
+	- fix typos
+	- fix flameshot raw screenshots
 1dnrr (https://github.com/1dnrr)
 	- add pybitmessage profile
 Aidan Gauland (https://github.com/aidalgol)
@ -64,7 +69,7 @@ Aleksey Manevich (https://github.com/manevich)
 	- fix double quotes/single quotes problem
 	- big rework of argument processing subsystem
 	- --join fixes
-	- spliting up cmdline.c
+	- splitting up cmdline.c
 	- Busybox support
 	- X11 support rewrite
 	- gether shell selection code in one place
@ -87,9 +92,14 @@ andrew160 (https://github.com/andrew160)
 	- profile and man pages fixes
 announ (https://github.com/announ)
 	- mpv and youtube-dl profile fixes
+	- git profile fix
+	- evince profile fix
 Antonio Russo (https://github.com/aerusso)
 	- enumerate root directories in apparmor profile
 	- fix join-or-start
+Austin Morton
+	- deterministic-exit-code option
+	- private-cwd options
 Austin S. Hemmelgarn (https://github.com/Ferroin)
 	- unbound profile update
 avoidr (https://github.com/avoidr)
@ -167,6 +177,10 @@ curiosity-seeker (https://github.com/curiosity-seeker)
 	- various other profile fixes
 	- added digiKam profile
 	- write-protection for thumbnailer dir
+	- added gramps, newsboat, freeoffice-planmaker profiles
+	- added freeoffice-textmaker, freeoffice-presentations profiles
+	- added cantata profile
+	- updated keypassxc profile
 da2x (https://github.com/da2x)
 	- matched RPM license tag
 Daan Bakker (https://github.com/dbakker)
@ -277,6 +291,7 @@ glitsj16 (https://github.com/glitsj16)
 	- spelling fixes
 	- bitblbee profile fixes
 	- fix firefox common addons
+	- many profile fixes
 	- profile fixes: file, strings, claws-mail,
 	- new profiles: QMediathekView, aria2c, Authenticator, checkbashisms
 	- new profiles: devilspie, devilspie2, easystroke, github-desktop, min
@ -294,6 +309,8 @@ greigdp (https://github.com/greigdp)
 	- fixed spotify profile
 	- added Slack profile
 	- add Spotify profile
+grizzlyuser (https://github.com/grizzlyuser)
+	- added support for youtube-dl in smplayer profile
 GSI (https://github.com/GSI)
 	- added Uzbl browser profile
 hamzadis (https://github.com/hamzadis)
@ -328,7 +345,7 @@ Jaykishan Mutkawoa (https://github.com/jmutkawoa)
 	- cpio profile
 James Elford (https://github.com/jelford)
 	- pass password manager support
-	- removed shell none from ssh-agent configuration, fixing the infinit loop
+	- removed shell none from ssh-agent configuration, fixing the infinite loop
 	- added gcloud profile
 	- blacklist sensitive cloud provider files in disable-common
 Jean Lucas (https://github.com/flacks)
@ -343,6 +360,7 @@ Jean Lucas (https://github.com/flacks)
 	- fix wire profile
 	- add Beaker profile
 	- fixes for gnome-music
+	- allow reading of system-wide Flatpak locale in gajim profile
 Jericho (https://github.com/attritionorg)
 	- spelling
 Jesse Smith (https://github.com/slicer69)
@ -358,6 +376,8 @@ John Mullee (https://github.com/jmullee)
 Jonas Heinrich (https://github.com/onny)
 	- added signal-desktop profile
 	- fixed franz profile
+Jose Riha (https://github.com/jose1711)
+	- added meteo-qt profile
 jrabe (https://github.com/jrabe)
 	- disallow access to kdbx files
 	- Epiphany profile
@ -394,6 +414,12 @@ LaurentGH (https://github.com/LaurentGH)
 	- allow private-bin parameters to be absolute paths
 Loïc Damien (https://github.com/dzamlo)
 	- small fixes
+Lockdis (https://github.com/Lockdis)
+	- Added crow, nyx, and google-earth-pro profiles
+Lukáš Krejčí (https://github.com/lskrejci)
+        - fixed parsing of --keep-var-tmp
+luzpaz (https://github.com/luzpaz)
+	- code spelling fixes
 maces (https://github.com/maces)
 	- Franz messenger profile
 Madura A (https://github.com/manushanga)
@ -430,13 +456,21 @@ mustaqimM (https://github.com/mustaqimM)
    - added profile for Nylas Mail
 n1trux (https://github.com/n1trux)
 	- fix flashpeak-slimjet profile typos
-netblue30 (netblue30@yahoo.com)
+Nick Fox (https://github.com/njfox)
+	- add a profile alias for code-oss
+	- add code-oss config directory
+NickMolloy (https://github.com/NickMolloy)
+	- ARP address length fix
 Niklas Haas (https://github.com/haasn)
 	- blacklisting for keybase.io's client
 nyancat18 (https://github.com/nyancat18)
 	- added ardour4, dooble, karbon, krita profiles
 Ondra Nekola (https://github.com/satai)
 	- allow firefox theming with non-global themes
+Lorenzo "Palinuro" Faletra (https://github.com/PalinuroSec)
+	- prevent thunderbird conflicts when firefox is running
+	- add join-or-start to pluma to open multiple files in tabs
+	- fixes to keepassxc, thunderbird and pluma
 Panzerfather (https://github.com/Panzerfather)
 	- allow eog to access user's trash
 Patrick Toomey (https://sourceforge.net/u/ptoomey/profile/)
@ -465,8 +499,13 @@ Petter Reinholdtsen (pere@hungry.com)
 PharmaceuticalCobweb (https://github.com/PharmaceuticalCobweb)
 	- fix quiterss profile
 	- added profile for gnome-ring
+pianoslum (https://github.com/pianoslum)
+	- nodbus breaking evince two-page-view warning
 pirate486743186 (https://github.com/pirate486743186)
 	- KMail profile
+	- mpsyt profile
+	- fix youtube-dl and mpv
+	- fix gnome-mpv profile
 Pixel Fairy (https://github.com/xahare)
 	- added fjclip.py, fjdisplay.py and fjresize.py in contrib section
 PizzaDude (https://github.com/pizzadude)
@ -484,6 +523,10 @@ pszxzsd (https://github.com/pszxzsd)
 	-uGet profile
 pwnage-pineapple (https://github.com/pwnage-pineapple)
 	- update Okular profile
+Quentin Minster (https://github.com/laomaiweng)
+	- propagate --quiet to children Firejail'ed processes
+	- nodbus enhancements/bugfixes
+	- added vim syntax and ftdetect files
 Rafael Cavalcanti (https://github.com/rccavalcanti)
 	- chromium profile fixes for Arch Linux
 Rahiel Kasim (https://github.com/rahiel)
@ -516,14 +559,29 @@ rogshdo (https://github.com/rogshdo)
 	- BitlBee profile
 Ruan (https://github.com/ruany)
 	- fixed hexchat profile
+rusty-snake (https://github.com/rusty-snake)
+	- added profiles: thunderbird-wayland, supertuxkart, ghostwriter
+	- added profiles: klavaro, mypaint, mypaint-ora-thumbnailer, nano
+	- added profiles: gajim-history-manager, freemind, nomacs, kid3
+	- added profiles: kid3-qt, kid3-cli, anki, utox, mp3splt, mp3wrap
+	- added profiles: oggsplt, flacsplt, cheese, inkview, mp3splt-gtk
+	- added profiles: ktouch, yelp
+	- many profile fixing and hardening
+	- some typo fixes
+	- added profile templates
 Salvo 'LtWorf' Tomaselli (https://github.com/ltworf)
 	- fixed ktorrent profile
 sarneaud (https://github.com/sarneaud)
 	- rewrite globbing code to fix various minor issues
 	- added noblacklist command for profile files
 	- various enhancements and bug fixes
+Senemu (https://github.com/Senemu)
+	- protection for .pythonrc.py
+	- fixed evince
 Sergey Alirzaev (https://github.com/l29ah)
 	- firejail.h enum fix
+Tobias Schmidl (https://github.com/schtobia)
+	- added profile for webui-aria2
 Simon Peter (https://github.com/probonopd)
 	- set $APPIMAGE and $APPDIR environment variables
 	- AppImage version detection
@ -632,6 +690,8 @@ Thomas Jarosch (https://github.com/thomasjfox)
 	- added lstat() / lstat64() support to libtrace
 	- include mkuid.sh in make dist
 	- cppcheck bugfixes
+tinmanx (https://github.com/tinmanx)
+	- remove network access from cherrytree.profile
 Tom Mellor (https://github.com/kalegrill)
 	- mupen64plus profile
 Tomasz Jan Góralczyk (https://github.com/tjg)
@ -682,8 +742,18 @@ veloute (https://github.com/veloute)
 	- added flameshot profile
 	- added jdownloader profile
 	- fixed discord profile
+	- fixes for various profiles
+	- removed vim and ranger from firecfg
+	- fixing keepassxc auto-type, noexec /tmp
+	- fix ipc-namespace prblem in file-roller
+	- fix exiftool, viewnior, aria2c, ffmpegthumbnailer
+	- fix pavucontrol (ipcnamespace)
+	- fix gnuchess
+	- add anki profile
 Vincent43 (https://github.com/Vincent43)
 	- apparmor enhancements
+Vincent Blillault (https://github.com/Feandil)
+	- fix mumble profile
 vismir2 (https://github.com/vismir2)
 	- feh, ranger, 7z, keepass, keepassx and zathura profiles
 	- claws-mail, mutt, git, emacs, vim profiles
@ -721,4 +791,4 @@ Zack Weinberg (https://github.com/zackw)
 	  with firejail --x11
 	- support for xpra-extra-params in firejail.config

-Copyright (C) 2014-2017 Firejail Authors
+Copyright (C) 2014-2019 Firejail Authors
--- a/6
+++ b/6
@ -1,3 +1,9 @@
+firejail (0.9.56.2-LTS) baseline; urgency=low
+  * fix CVE-2019-12589
+  * fix CVE-2019-12499
+  * other bugfixes
+ -- netblue30 <netblue30@yahoo.com>  Tue, 4 Jun 2018 08:00:00 -0500
+
 firejail (0.9.56-LTS) baseline; urgency=low
  * code based on Firejail version 0.9.56
  * much smaller code base for SUID executable
--- a/18
+++ b/18
@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for firejail 0.9.56.1-LTS.
+# Generated by GNU Autoconf 2.69 for firejail 0.9.56.2-LTS.
 #
 # Report bugs to <netblue30@yahoo.com>.
 #
@ -580,8 +580,8 @@ MAKEFLAGS=
 # Identity of this package.
 PACKAGE_NAME='firejail'
 PACKAGE_TARNAME='firejail'
-PACKAGE_VERSION='0.9.56.1-LTS'
-PACKAGE_STRING='firejail 0.9.56.1-LTS'
+PACKAGE_VERSION='0.9.56.2-LTS'
+PACKAGE_STRING='firejail 0.9.56.2-LTS'
 PACKAGE_BUGREPORT='netblue30@yahoo.com'
 PACKAGE_URL='http://firejail.wordpress.com'

@ -1263,7 +1263,7 @@ if test "$ac_init_help" = "long"; then
  # Omit some internal or obsolete options to make the list less imposing.
  # This message is too long to be a string in the A/UX 3.1 sh.
  cat <<_ACEOF
-\`configure' configures firejail 0.9.56.1-LTS to adapt to many kinds of systems.
+\`configure' configures firejail 0.9.56.2-LTS to adapt to many kinds of systems.

 Usage: $0 [OPTION]... [VAR=VALUE]...

@ -1325,7 +1325,7 @@ fi

 if test -n "$ac_init_help"; then
  case $ac_init_help in
-     short | recursive ) echo "Configuration of firejail 0.9.56.1-LTS:";;
+     short | recursive ) echo "Configuration of firejail 0.9.56.2-LTS:";;
   esac
  cat <<\_ACEOF

@ -1423,7 +1423,7 @@ fi
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
  cat <<\_ACEOF
-firejail configure 0.9.56.1-LTS
+firejail configure 0.9.56.2-LTS
 generated by GNU Autoconf 2.69

 Copyright (C) 2012 Free Software Foundation, Inc.
@ -1725,7 +1725,7 @@ cat >config.log <<_ACEOF
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.

-It was created by firejail $as_me 0.9.56.1-LTS, which was
+It was created by firejail $as_me 0.9.56.2-LTS, which was
 generated by GNU Autoconf 2.69.  Invocation command line was

  $ $0 $@
@ -4283,7 +4283,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by firejail $as_me 0.9.56.1-LTS, which was
+This file was extended by firejail $as_me 0.9.56.2-LTS, which was
 generated by GNU Autoconf 2.69.  Invocation command line was

  CONFIG_FILES    = $CONFIG_FILES
@ -4337,7 +4337,7 @@ _ACEOF
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
 ac_cs_version="\\
-firejail config.status 0.9.56.1-LTS
+firejail config.status 0.9.56.2-LTS
 configured by $0, generated by GNU Autoconf 2.69,
  with options \\"\$ac_cs_config\\"

--- a/configure.ac
+++ b/configure.ac
@ -1,5 +1,5 @@
 AC_PREREQ([2.68])
-AC_INIT(firejail, 0.9.56.1-LTS, netblue30@yahoo.com, , http://firejail.wordpress.com)
+AC_INIT(firejail, 0.9.56.2-LTS, netblue30@yahoo.com, , http://firejail.wordpress.com)
 AC_CONFIG_SRCDIR([src/firejail/main.c])
 #AC_CONFIG_HEADERS([config.h])

--- a/6
+++ b/6
@ -1,4 +1,8 @@
-Jun 29 test:
+Jun 4 test:
+TESTING: DNS (test/environment/dns.exp)
+netblue@debian:~/work/github/LTSbase/test/environment$ TESTING ERROR 1.2
+
+May 29 test:
 TESTING: tar
 TESTING ERROR 4.2
 TESTING: DNS (test/environment/dns.exp)
--- a/test/profiles/profile_syntax2.exp
+++ b/test/profiles/profile_syntax2.exp
@ -29,18 +29,14 @@ expect {
 	timeout {puts "TESTING ERROR 4\n";exit}
 	"Drop CAP_SYS_MODULE"
 }
-expect {
-	timeout {puts "TESTING ERROR 5\n";exit}
-	"seccomp entries in /run/firejail/mnt/seccomp"
-}
-expect {
-	timeout {puts "TESTING ERROR 7\n";exit}
-	"jeq mount"
-}
 expect {
 	timeout {puts "TESTING ERROR 8\n";exit}
 	"Child process initialized"
 }
+expect {
+	timeout {puts "TESTING ERROR 5\n";exit}
+	"Installing /run/firejail/mnt/seccomp/seccomp seccomp filter"
+}
 send -- "exit\r"
 after 100
 puts "\nall done\n"