Move the modif entries after the feature entries to be consistent with
the notes of the previous release (0.9.68): features, modifs/reworks,
removals, bugfixes, build, ci, docs, includes/profiles.
Since `make deb-apparmor` already exists, use that for now instead of
changing what `make deb` does.
This fixes CI.
Added on commit 494b26d50 ("adding --enable-apparmor by default for make
deb - most Debian-based distros have apparmor enabled by default",
2022-06-03).
Kind of relates to #5154.
This reverts commit e8cb03cde8.
More specifically: s/0.9.68.1/0.9.69/.
The current development version contains not only new features, but also
breaking changes (see "modif:" on the RELNOTES). Ensure at least a
minor (rather than only a patch) version bump (to 0.9.70 on the final
version) to avoid breaking user expectations.
To disable-shell.inc.
Interactive shells can be executed from certain development-related
programs (such as IDEs) and the shells themselves are not blocked by
default, but this shell startup directory currently is. To avoid
running a shell without access to potentially needed startup files, only
blacklist /etc/profile.d when interactive shells are also blocked.
Note that /etc/profile.d should only be of concern to interactive
shells, so a profile that includes both disable-shell.inc and
allow-bin-sh.inc (which likely means that it needs access to only
non-interactive shells) should not be affected by the blacklisting.
Relates to #3411#5159.
Currently, mkdeb.sh (which is used to make a .deb package) runs
./configure with hardcoded options (some of which are automatically
detected based on configure-time variables). To work around the
hardcoding, contrib/fj-mkdeb.py is used to add additional options by
rewriting the actual call to ./configure on mkdeb.sh. For example, the
following invocation adds --disable-firetunnel to mkdeb.sh:
$ ./configure && ./contrib/fj-mkdeb.py --disable-firetunnel
To avoid depending on another script and to avoid re-generating
mkdeb.sh, just let the latter pass the remaining arguments (the first
one is an optional package filename suffix) to ./configure directly.
Example:
$ make distclean && ./configure && make dist &&
./mkdeb.sh "" --disable-firetunnel
Additionally, change contrib/fj-mkdeb.py to do roughly the same as the
above example, by simply forwarding the arguments that it receives to
./mkdeb.sh (which then forwards them to ./configure). Also, remove the
--only-fix-mkdeb option, since the script does not change mkdeb.sh
anymore. With these changes, the script's usage (other than when using
--only-fix-mkdeb) should remain the same.
Note: To clean the generated files and then make a .deb package using
the default configuration, the invocation is still the same:
$ make distclean && ./configure && make deb
Note2: Running ./configure in the above examples is only needed for
generating Makefile/mkdeb.sh from Makefile.in/mkdeb.sh.in after running
distclean, so that running `make` / `./mkdeb.sh` afterwards works.
Should fully fix#772.
Relates to #1205#3414#5148.
When starting kate and loading into a session containing a git repository, tracelog caused about 30 seconds of delay until the project structure appeared in the projects sidebar. Error message on console:
QProcess: Destroyed while process ("/usr/bin/git") is still running.
Drop tracelog to mitigate the delay and error message.
When starting Kate, a blacklist violation from accessing the kwinrc config file is reported. As a KDE application, it should be fine for Kate to access it.
blacklist violation - sandbox 13410, name kate, exe kate, syscall access, path /home/user/.config/kwinrc
A side effect of including disable-common.inc is loosing access to /etc/profile.d, where Bash completion is located.
Explicitly enable access to console scripts in /etc/profile.d, so that Kate's built-in Konsole instance can be used without limitations.
Minor side effect: the spawned Bash tries to access /etc/init.d
blacklist violation - sandbox 17317, name kate, exe bash, syscall stat, path /etc/init.d
Kate has grown support for software development, making it a light IDE. Some version control modules exist, and when using the Git module, a blacklist violation is reported:
blacklist violation - sandbox 13902, name kate, exe git, syscall access, path /home/user/.gitconfig
Including support for common development file access mitigates this violation issue.
This (mostly) restores the behavior from before commit 1fb814e51
("Makefile.in: stop running distclean on dist", 2022-05-13) / PR #5142.
./configure still has to be called before calling ./contrib/fj-mkdeb.py
(to generate Makefile from Makefile.in before calling `make distclean`).
PACKAGE_TARNAME was added on commit 87e7b3139 ("Configure Debian package
with AA and SELinux options", 2020-05-13) / PR #3414.
TOP was added on commit ed4a24ce7 ("porting make deb-apparmor from LTS
build", 2019-01-26).
