Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

firejail-zsh-completion-0.9.66-bp154.1.22 RPM for s390x

From OpenSuSE Leap 15.4 for s390x

Name: firejail-zsh-completion Distribution: SUSE Linux Enterprise 15 SP4
Version: 0.9.66 Vendor: openSUSE
Release: bp154.1.22 Build date: Mon May 9 18:36:52 2022
Group: System/Shells Build host: s390zl21
Size: 29255 Source RPM: firejail-0.9.66-bp154.1.22.src.rpm
Packager: https://bugs.opensuse.org
Url: https://firejail.wordpress.com
Summary: Firejail zsh completion
Optional dependency offering zsh completion for firejail

Provides

Requires

License

GPL-2.0-only

Changelog

* Sun Jul 18 2021 Andreas Stieger <andreas.stieger@gmx.de>
  - firejail 0.9.66:
    * deprecated --audit options, relpaced by jailcheck utility
    * deprecated follow-symlink-as-user from firejail.config
    * new firejail.config settings: private-bin, private-etc
    * new firejail.config settings: private-opt, private-srv
    * new firejail.config settings: whitelist-disable-topdir
    * new firejail.config settings: seccomp-filter-add
    * removed kcmp syscall from seccomp default filter
    * rename --noautopulse to keep-config-pulse
    * filtering environment variables
    * zsh completion
    * command line: --mkdir, --mkfile
    * --protocol now accumulates
    * jailtest utility for testing running sandboxes
    * faccessat2 syscall support
    * --private-dev keeps /dev/input
    * added --noinput to disable /dev/input
    * add support for subdirs in --private-etc
    * subdirs support in private-etc
    * input devices support in private-dev, --no-input
    * support trailing comments on profile lines
    * many new profiles
  - split shell completion into standard subpackages
* Sun Feb 07 2021 Илья Индиго <ilya@ilya.pp.ua>
  - Update to 0.9.64.4:
    * disabled overlayfs, pending multiple fixes
    * fixed launch firefox for open url in telegram-desktop.profile
* Thu Jan 28 2021 Илья Индиго <ilya@ilya.pp.ua>
  - Update to 0.9.64.2:
    * allow --tmpfs inside $HOME for unprivileged users
    * --disable-usertmpfs compile time option
    * allow AF_BLUETOOTH via --protocol=bluetooth
    * setup guide for new users: contrib/firejail-welcome.sh
    * implement netns in profiles
    * added nolocal6.net IPv6 network filter
    * new profiles: spectacle, chromium-browser-privacy,
      gtk-straw-viewer, gtk-youtube-viewer, gtk2-youtube-viewer,
      gtk3-youtube-viewer, straw-viewer, lutris, dolphin-emu,
      authenticator-rs, servo, npm, marker, yarn, lsar, unar, agetpkg,
      mdr, shotwell, qnapi, new profiles: guvcview, pkglog, kdiff3, CoyIM.
* Mon Nov 02 2020 Sebastian Wagner <sebix+novell.com@sebix.at>
  - packaging fixes
* Sun Nov 01 2020 Sebastian Wagner <sebix+novell.com@sebix.at>
  - Update to version 0.9.64:
    * replaced --nowrap option with --wrap in firemon
    * The blocking action of seccomp filters has been changed from
      killing the process to returning EPERM to the caller. To get the
      previous behaviour, use --seccomp-error-action=kill or
      syscall:kill syntax when constructing filters, or override in
      /etc/firejail/firejail.config file.
    * Fine-grained D-Bus sandboxing with xdg-dbus-proxy.
      xdg-dbus-proxy must be installed, if not D-Bus access will be allowed.
      With this version nodbus is deprecated, in favor of dbus-user none and
      dbus-system none and will be removed in a future version.
    * DHCP client support
    * firecfg only fix dektop-files if started with sudo
    * SELinux labeling support
    * custom 32-bit seccomp filter support
    * restrict ${RUNUSER} in several profiles
    * blacklist shells such as bash in several profiles
    * whitelist globbing
    * mkdir and mkfile support for /run/user directory
    * support ignore for include
    * --include on the command line
    * splitting up media players whitelists in whitelist-players.inc
    * new condition: HAS_NOSOUND
    * new profiles: gfeeds, firefox-x11, tvbrowser, rtv, clipgrab, muraster
    * new profiles: gnome-passwordsafe, bibtex, gummi, latex, mupdf-x11-curl
    * new profiles: pdflatex, tex, wpp, wpspdf, wps, et, multimc, mupdf-x11
    * new profiles: gnome-hexgl, com.github.johnfactotum.Foliate, mupdf-gl, mutool
    * new profiles: desktopeditors, impressive, planmaker18, planmaker18free
    * new profiles: presentations18, presentations18free, textmaker18, teams
    * new profiles: textmaker18free, xournal, gnome-screenshot, ripperX
    * new profiles: sound-juicer, com.github.dahenson.agenda, gnome-pomodoro
    * new profiles: gnome-todo, x2goclient, iagno, kmplayer, penguin-command
    * new profiles: frogatto, gnome-mines, gnome-nibbles, lightsoff, warmux
    * new profiles: ts3client_runscript.sh, ferdi, abiword, four-in-a-row
    * new profiles: gnome-mahjongg, gnome-robots, gnome-sudoku, gnome-taquin
    * new profiles: gnome-tetravex, blobwars, gravity-beams-and-evaporating-stars
    * new profiles: hyperrogue, jumpnbump-menu, jumpnbump, magicor, mindless
    * new profiles: mirrormagic, mrrescue, scorched3d-wrapper, scorchwentbonkers
    * new profiles: seahorse-adventures, wordwarvi, xbill, gnome-klotski
    * new profiles: swell-foop, fdns, five-or-more, steam-runtime
    * new profiles: nicotine, plv, mocp, apostrophe, quadrapassel, dino-im
    * new profiles: hitori, bijiben, gnote, gnubik, ZeGrapher, xonotic-sdl-wrapper
    * new profiles: gapplication, openarena_ded, element-desktop, cawbird
    * new profiles: freetube, strawberry, jitsi-meet-desktop
    * new profiles: homebank, mattermost-desktop, newsflash, com.gitlab.newsflash
    * new profiles: sushi, xfce4-screenshooter, org.gnome.NautilusPreviewer, lyx
    * new profiles: minitube, nuclear, mtpaint, minecraft-launcher, gnome-calendar
    * new profiles: vmware, git-cola, otter-browser, kazam, menulibre, musictube
    * new profiles: onboard, fractal, mirage, quaternion, spectral, man, psi
    * new profiles: smuxi-frontend-gnome, balsa, kube, trojita, youtube
    * new profiles: youtubemusic-nativefier, cola, dbus-send, notify-send
    * new profiles: qrencode, ytmdesktop, twitch
    * new profiles: xournalpp, chromium-freeworld, equalx
  - remove firejail-0.9.62-fix-usr-etc.patch, included upstream
  - remove firejail-apparmor-3.0.diff, included upstream
* Mon Oct 26 2020 Christian Boltz <suse-beta@cboltz.de>
  - Add firejail-apparmor-3.0.diff to make the AppArmor profile compatible with
    AppArmor 3.0 (add missing include <tunables/global>)
* Wed Aug 19 2020 Paolo Stivanin <info@paolostivanin.com>
  - Update to 0.9.62.4
    * fix AppArmor broken in the previous release
    * miscellaneous fixes
* Thu Aug 13 2020 Paolo Stivanin <info@paolostivanin.com>
  - Update to 0.9.62.2
    * fix CVE-2020-17367
    * fix CVE-2020-17368
    * additional hardening and bug fixes
  - Remove fix-CVE-2020-17368.patch
  - Remove fix-CVE-2020-17367.patch
* Sat Aug 08 2020 Sebastian Wagner <sebix+novell.com@sebix.at>
  - Add patches fix-CVE-2020-17367.patch and fix-CVE-2020-17368.patch to fix CVE-2020-17367 and CVE-2020-17368 and boo#1174986
* Wed Apr 29 2020 Michael Vetter <mvetter@suse.com>
  - Add firejail-0.9.62-fix-usr-etc.patch:
    Check /usr/etc not just /etc
  - Replace python interpreter line in sort.py
* Tue Feb 11 2020 Marcus Rueckert <mrueckert@suse.de>
  - update to version 0.9.62
    * added file-copy-limit in /etc/firejail/firejail.config
    * profile templates (/usr/share/doc/firejail)
    * allow-debuggers support in profiles
    * several seccomp enhancements
    * compiler flags autodetection
    * move chroot entirely from path based to file descriptor based mounts
    * whitelisting /usr/share in a large number of profiles
    * new scripts in conrib: gdb-firejail.sh and sort.py
    * enhancement: whitelist /usr/share in some profiles
    * added signal mediation to apparmor profile
    * new conditions: HAS_X11, HAS_NET
    * new profiles: qgis, klatexformula, klatexformula_cmdl, links, xlinks
    * new profiles: pandoc, teams-for-linux, OpenArena, gnome-sound-recorder
    * new profiles: godot, tcpdump, tshark, newsbeuter, keepassxc-cli
    * new profiles: keepassxc-proxy, rhythmbox-client, jerry, zeal, mpg123
    * new profiles: conplay, mpg123.bin, mpg123-alsa, mpg123-id3dump, out123
    * new profiles: mpg123-jack, mpg123-nas, mpg123-openal, mpg123-oss
    * new profiles: mpg123-portaudio, mpg123-pulse, mpg123-strip, pavucontrol-qt
    * new profiles: gnome-characters, gnome-character-map, rsync, Whalebird,
    * new profiles: tor-browser (AUR), Zulip, tb-starter-wrapper, bzcat,
    * new profiles: kiwix-desktop, bzcat, zstd, pzstd, zstdcat, zstdgrep, zstdless
    * new profiles: zstdmt, unzstd, i2p, ar, gnome-latex, pngquant, kalgebra
    * new profiles: kalgebramobile, signal-cli, amuled, kfind, profanity
    * new profiles: audio-recorder, cameramonitor, ddgtk, drawio, unf, gmpc
    * new profiles: electron-mail, gist, gist-paste
* Sun Jun 02 2019 Sebastian Wagner <sebix+novell.com@sebix.at>
  - update to version 0.9.60:
    * security bug reported by Austin Morton:
    Seccomp filters are copied into /run/firejail/mnt, and are writable
    within the jail. A malicious process can modify files from inside the
    jail. Processes that are later joined to the jail will not have seccomp
    filters applied.
    CVE-2019-12589
    boo#1137139
    * memory-deny-write-execute now also blocks memfd_create
    * add private-cwd option to control working directory within jail
    * blocking system D-Bus socket with --nodbus
    * bringing back Centos 6 support
    * drop support for flatpak/snap packages
    * new profiles: crow, nyx, mypaint, celluoid, nano, transgui, mpdris2
    * new profiles: sysprof, simplescreenrecorder, geekbench, xfce4-mixer
    * new profiles: pavucontrol, d-feet, seahorse, secret-tool, gnome-keyring
    * new profiles: regextester, hardinfo, gnome-system-log, gnome-nettool
    * new profiles: netactview, redshift, devhelp, assogiate, subdownloader
    * new profiles: font-manager, exfalso, gconf-editor, dconf-editor
    * new profiles: sysprof-cli, seahorse-tool, secret-tool, dconf, gsettings
    * new profiles: code-oss, pragha, Maelstrom, ostrichriders, bzflag
    * new profiles: freeciv, lincity-ng, megaglest, openttd, crawl, crawl-tiles
    * new profiles: teeworlds, torcs, tremulous, warsow, lugaru, manaplus
    * new profiles: pioneer, scorched3d, widelands, freemind, kid3, kid3-qt
    * new profiles: kid3-cli, nomacs, freecol, opencity, openclonk, slashem
    * new profiles: vultureseye, vulturesclaw, anki, cheese, utox, mp3splt
    * new profiles: oggsplt, flacsplt, gramps, newsboat, freeoffice-planmaker
    * new profiles: autokey-gtk, autokey-qt, autokey-run, autokey-shell
    * new profiles: freeoffice-presentations, freeoffice-textmaker, mp3wrap
    * new profiles: inkview, meteo-qt, mp3splt-gtk, ktouch, yelp, cantata
* Fri Feb 01 2019 info@paolostivanin.com
  -  update to version 0.9.58:
    * --disable-mnt rework
    * --net.print command
    * GitLab CI/CD integration: disto specific builds
    * profile parser enhancements and conditional handling support
      for HAS_APPIMAGE, HAS_NODBUS, BROWSER_DISABLE_U2F
    * profile name support
    * added explicit nonewprivs support to join option
    * new profiles: QMediathekView, aria2c, Authenticator, checkbashisms
    * new profiles: devilspie, devilspie2, easystroke, github-desktop, min
    * new profiles: bsdcat, bsdcpio, bsdtar, lzmadec, lbunzip2, lbzcat
    * new profiles: lbzip2, lzcat, lzcmp, lzdiff, lzegrep, lzfgrep, lzgrep
    * new profiles: lzless, lzma, lzmainfo, lzmore, unlzma, unxz, xzcat
    * new profiles: xzcmp, xzdiff, xzegrep, xzfgrep, xzgrep, xzless, xzmore
    * new profiles: lzip, artha, nitroshare, nitroshare-cli, nitroshare-nmh
    * new profiles: nirtoshare-send, nitroshare-ui, mencoder, gnome-pie
    * new profiles: masterpdfeditor, QOwnNotes, aisleriot, Mendeley
    * new profiles: feedreader, ocenaudio, mpsyt, thunderbird-wayland
    * new profiles: supertuxkart, ghostwriter, gajim-history-manager
    * bugfixes
* Sat Sep 22 2018 Sebastian Wagner <sebix+novell.com@sebix.at>
  - update to version 0.9.56:
    * modif: removed CFG_CHROOT_DESKTOP configuration option
    * modif: removed compile time --enable-network=restricted
    * modif: removed compile time --disable-bind
    * modif: --net=none allowed even if networking was disabled at compile
      time or at run time
    * modif: allow system users to run the sandbox
    * support wireless devices in --net option
    * support tap devices in --net option (tunneling support)
    * allow IP address configuration if the parent interface specified
      by --net is not configured (--netmask)
    * support for firetunnel utility
    * disable U2F devices (--nou2f)
    * add --private-cache to support private ~/.cache
    * support full paths in private-lib
    * globbing support in private-lib
    * support for local user directories in firecfg (--bindir)
    * new profiles: ms-excel, ms-office, ms-onenote, ms-outlook, ms-powerpoint,
    * new profiles: ms-skype, ms-word, riot-desktop, gnome-mpv, snox, gradio,
    * new profiles: standardnotes-desktop, shellcheck, patch, flameshot,
    * new profiles: rview, rvim, vimcat, vimdiff, vimpager, vimtutor, xxd,
    * new profiles: Beaker, electrum, clamtk, pybitmessage, dig, whois,
    * new profiles: jdownloader, Fluxbox, Blackbox, Awesome, i3
    * new profiles: start-tor-browser.desktop
* Tue Sep 11 2018 Markos Chandras <mchandras@suse.de>
  - Drop ldconfig calls since firejail libraries are installed in their
    own subdirectory which is not scanned by ldconfig.
* Mon Sep 10 2018 Markos Chandras <mchandras@suse.de>
  - Remove the rpmlintrc file since the warnings are no longer relevant.
* Thu Aug 23 2018 sebix+novell.com@sebix.at
  - Changed the permissions of the firejail executable to 4750.
    Setuid mode is used, but only allowed for users in the newly
    created group 'firejail' (boo#1059013).
  - Update to version 0.9.54:
    * modif: --force removed
    * modif: --csh, --zsh removed
    * modif: --debug-check-filename removed
    * modif: --git-install and --git-uninstall removed
    * modif: support for private-bin, private-lib and shell none has been
      disabled while running AppImage archives in order to be able to use
      our regular profile files with AppImages.
    * modif: restrictions for /proc, /sys and /run/user directories
      are moved from AppArmor profile into firejail executable
    * modif: unifying Chromium and Firefox browsers profiles.
      All users of Firefox-based browsers who use addons and plugins
      that read/write from ${HOME} will need to uncomment the includes for
      firefox-common-addons.inc in firefox-common.profile.
    * modif: split disable-devel.inc into disable-devel and
      disable-interpreters.inc
    * Firejail user access database (/etc/firejail/firejail.users,
      man firejail-users)
    * add --noautopulse to disable automatic ~/.config/pulse (for complex setups)
    * Spectre mitigation patch for gcc and clang compiler
    * D-Bus handling (--nodbus)
    * AppArmor support for overlayfs and chroot sandboxes
    * AppArmor support for AppImages
    * Enable AppArmor by default for a large number of programs
    * firejail --apparmor.print option
    * firemon --apparmor option
    * apparmor yes/no flag in /etc/firejail/firejail.config
    * seccomp syscall list update for glibc 2.26-10
    * seccomp disassembler for --seccomp.print option
    * seccomp machine code optimizer for default seccomp filters
    * IPv6 DNS support
    * whitelist support for overlay and chroot sandboxes
    * private-dev support for overlay and chroot sandboxes
    * private-tmp support for overlay and chroot sandboxes
    * added sandbox name support in firemon
    * firemon/prctl enhancements
    * noblacklist support for /sys/module directory
    * whitelist support for /sys/module directory
    * new profiles: basilisk, Tor Browser language packs, PlayOnLinux, sylpheed,
    * new profiles: discord-canary, pycharm-community, pycharm-professional,
    * new profiles: pdfchain, tilp, vivaldi-snapshot, bitcoin-qt, kaffeine,
    * new profiles: falkon, gnome-builder, asunder, VS Code, gnome-recipes,
    * new profiles: akonadi_controle, evince-previewer, evince-thumbnailer,
    * new profiles: blender-2.8, thunderbird-beta, ncdu, gnome-logs, gcloud,
    * new profiles: musixmatch, gunzip, bunzip2, enchant-lsmod, enchant-lsmod-2,
    * new profiles: enchant, enchant-2, Discord, acat, adiff, als, apack,
    * new profiles: arepack, aunpack profiles, ppsspp, scallion, clion,
    * new profiles: baloo_filemetadata_temp_extractor, AnyDesk, webstorm, xmind,
    * new profiles: qmmp, sayonara
* Wed Dec 13 2017 avindra@opensuse.org
  - Update to version 0.9.52:
    * New features
      + systemd-resolved integration
      + whitelisted /var in most profiles
      + GTK2, GTK3 and Qt4 private-lib support
      + --debug-private-lib
      + test deployment of private-lib for the some apps: evince,
      galculator, gnome-calculator, leafpad, mousepad,
      transmission-gtk, xcalc, xmr-stak-cpu, atril,
      mate-color-select, tar, file, strings, gpicview, eom, eog,
      gedit, pluma
      + netfilter template support
      + various new arguments
    * --writable-run-user
    * --rlimit-as
    * --rlimit-cpu
    * --timeout
    * --build (profile build tool)
    * --netfilter.print
    * --netfilter6.print
    * deprecations in modif
      + --allow-private-blacklists (blacklisting, read-only,
      read-write, tmpfs and noexec are allowed in private home
      directories
      + remount-proc-sys (firejail.config)
      + follow-symlink-private-bin (firejail.config)
      + --profile-path
    * enhancements
      + support Firejail user config directory in firecfg
      + disable DBus activation in firecfg
      + enumerate root directories in apparmor profile
      + /etc and /usr/share whitelisting support
      + globbing support for --private-bin
    * new profiles: upstreamed profiles from 3 sources:
      + https://github.com/chiraag-nataraj/firejail-profiles
      + https://github.com/nyancat18/fe
      + https://aur.archlinux.org/packages/firejail-profiles
    * new profiles: terasology, surf, rocketchat, clamscan, clamdscan,
      clamdtop, freshclam, xmr-stak-cpu, amule, ardour4, ardour5,
      brackets, calligra, calligraauthor, calligraconverter,
      calligraflow, calligraplan, calligraplanwork, calligrasheets,
      calligrastage, calligrawords, cin, dooble, dooble-qt4,
      fetchmail, freecad, freecadcmd, google-earth,imagej, karbon,
      1kdenlive, krita, linphone, lmms, macrofusion, mpd, natron,
      Natron, ricochet, shotcut, teamspeak3, tor, tor-browser-en,
      Viber, x-terminal-emulator, zart, conky, arch-audit, ffmpeg,
      bluefish, cinelerra, openshot-qt, pinta, uefitool, aosp,
      pdfmod, gnome-ring, xcalc, zaproxy, kopete, cliqz,
      signal-desktop, kget, nheko, Enpass, kwin_x11, krunner, ping,
      bsdtar, makepkg (Arch), archaudit-report cower (Arch), kdeinit4
  - Add full link to source tarball from sourceforge
  - Add asc file
* Sat Sep 09 2017 aavindraa@gmail.com
  - Update to version 0.9.50:
    * New features:
    - per-profile disable-mnt (--disable-mnt)
    - per-profile support to set X11 Xephyr screen size (--xephyr-screen)
    - private /lib directory (--private-lib)
    - disable CDROM/DVD drive (--nodvd)
    - disable DVB devices (--notv)
    - --profile.print
    * modif: --output split in two commands, --output and --output-stderr
    * set xpra-attach yes in /etc/firejail/firejail.config
    * Enhancements:
    - print all seccomp filters under --debug
    - /proc/sys mounting
    - rework IP address assingment for --net options
    - support for newer Xpra versions (2.1+) -
    - all profiles use a standard layout style
    - create /usr/local for firecfg if the directory doesn't exist
    - allow full paths in --private-bin
    * New seccomp features:
    - --memory-deny-write-execute
    - seccomp post-exec
    - block secondary architecture (--seccomp.block_secondary)
    - seccomp syscall groups
    - print all seccomp filters under --debug
    - default seccomp list update
    * new profiles:
      curl, mplayer2, SMPlayer, Calibre, ebook-viewer, KWrite,
      Geary, Liferea, peek, silentarmy, IntelliJ IDEA,
      Android Studio, electron, riot-web, Extreme Tux Racer,
      Frozen Bubble, Open Invaders, Pingus, Simutrans, SuperTux
      telegram-desktop, arm, rambox, apktool, baobab, dex2jar, gitg,
      hashcat, obs, picard, remmina, sdat2img, soundconverter
      truecraft, gnome-twitch, tuxguitar, musescore, neverball
      sqlitebrowse, Yandex Browser, minetest
* Tue Aug 15 2017 tiwai@suse.de
  - Update to version 0.9.48:
    * modifs: whitelisted Transmission, Deluge, qBitTorrent,
      KTorrent;
      please use ~/Downloads directory for saving files
    * modifs: AppArmor made optional; a warning is printed on the
      screen if the sandbox fails to load the AppArmor profile
    * feature: --novideo
    * feature: drop discretionary access control capabilities for
      root sandboxes
    * feature: added /etc/firejail/globals.local for global
      customizations
    * feature: profile support in overlayfs mode
    * new profiles: vym, darktable, Waterfox, digiKam, Catfish,
      HandBrake
    * bugfixes
* Mon Jan 16 2017 tiwai@suse.de
  - Update to version 0.9.44.4:
    * --bandwidth root shell found by Martin Carpenter (CVE-2017-5207)
    * disabled --allow-debuggers when running on kernel versions prior
      to 4.8; a kernel bug in ptrace system call allows a full bypass
      of seccomp filter; problem reported by Lizzie Dixon (CVE-2017-5206)
    * root exploit found by Sebastian Krahmer (CVE-2017-5180)
  - Update to version 0.9.44.6:
    * new fix for CVE-2017-5180 reported by Sebastian Krahmer last week
    * major cleanup of file copying code
    * tightening the rules for --chroot and --overlay features
    * ported Gentoo compile patch
    * Nvidia drivers bug in --private-dev
    * fix ASSERT_PERMS_FD macro
    * allow local customization using .local files under /etc/firejail
      backported from our development branch
    * spoof machine-id backported from our development branch
  - Remove obsoleted patches:
    firejail-CVE-2017-5180-fix1.patch
    firejail-CVE-2017-5180-fix2.patch
* Thu Jan 05 2017 tiwai@suse.de
  - Update to version 0.9.44.2:
    Security fixes:
    * overwrite /etc/resolv.conf found by Martin Carpenter
    * TOCTOU exploit for –get and –put found by Daniel Hodson
    * invalid environment exploit found by Martin Carpenter
    * several security enhancements
    Bugfixes:
    * crashing VLC by pressing Ctrl-O
    * use user configured icons in KDE
    * mkdir and mkfile are not applied to private directories
    * cannot open files on Deluge running under KDE
    * –private=dir where dir is the user home directory
    * cannot start Vivaldi browser
    * cannot start mupdf
    * ssh profile problems
    * –quiet
    * quiet in git profile
    * memory corruption
  - Fix VUL-0: local root exploit (CVE-2017-5180,bsc#1018259):
    firejail-CVE-2017-5180-fix1.patch
    firejail-CVE-2017-5180-fix2.patch
* Thu Oct 27 2016 tiwai@suse.de
  - Update to version 0.9.44:
    * CVE-2016-7545 submitted by Aleksey Manevich
    Modifications:
    * removed man firejail-config
    * –private-tmp whitelists /tmp/.X11-unix directory
    * Nvidia drivers added to –private-dev
    * /srv supported by –whitelist
    New features:
    * allow user access to /sys/fs (–noblacklist=/sys/fs)
    * support starting/joining sandbox is a single command (–join-or-start)
    * X11 detection support for –audit
    * assign a name to the interface connected to the bridge (–veth-name)
    * all user home directories are visible (–allusers)
    * add files to sandbox container (–put)
    * blocking x11 (–x11=block)
    * X11 security extension (–x11=xorg)
    * disable 3D hardware acceleration (–no3d)
    * x11 xpra, x11 xephyr, x11 block, allusers, no3d profile commands
    * move files in sandbox (–put)
    * accept wildcard patterns in user name field of restricted shell login feature
    New profiles:
    * qpdfview, mupdf, Luminance HDR, Synfig Studio, Gimp, Inkscape
    * feh, ranger, zathura, 7z, keepass, keepassx,
    * claws-mail, mutt, git, emacs, vim, xpdf, VirtualBox, OpenShot
    * Flowblade, Eye of GNOME (eog), Evolution
* Fri Sep 30 2016 tiwai@suse.de
  - Update to version 0.9.42:
    Security fixes:
    * –whitelist deleted files
    * disable x32 ABI in seccomp
    * tighten –chroot
    * terminal sandbox escape
    * several TOCTOU fixes
    Behavior changes:
    * bringing back –private-home option
    * deprecated –user option, please use “sudo -u username firejail”
    * allow symlinks in home directory for –whitelist option
    * Firejail prompt is enabled by env variable FIREJAIL_PROMPT=”yes”
    * recursive mkdir
    * include /dev/snd in –private-dev
    * seccomp filter update
    * release archives moved to .xz format
    New features:
    * AppImage support (–appimage)
    * AppArmor support (–apparmor)
    * Ubuntu snap support (/etc/firejail/snap.profile)
    * Sandbox auditing support (–audit)
    * remove environment variable (–rmenv)
    * noexec support (–noexec)
    * clean local overlay storage directory (–overlay-clean)
    * store and reuse overlay (–overlay-named)
    * allow debugging inside the sandbox with gdb and strace (–allow-debuggers)
    * mkfile profile command
    * quiet profile command
    * x11 profile command
    * option to fix desktop files (firecfg –fix)
    Build options:
    * Busybox support (–enable-busybox-workaround)
    * disable overlayfs (–disable-overlayfs)
    * disable whitlisting (–disable-whitelist)
    * disable global config (–disable-globalcfg)
    Runtime options:
    * enable/disable overlayfs (overlayfs yes/no)
    * enable/disable quiet as default (quiet-by-default yes/no)
    * user-defined network filter (netfilter-default)
    * enable/disable whitelisting (whitelist yes/no)
    * enable/disable remounting of /proc and /sys (remount-proc-sys yes/no)
    * enable/disable chroot desktop features (chroot-desktop yes/no)
    New/updated profiels:
    * Gitter, gThumb, mpv, Franz messenger, LibreOffice
    * pix, audacity, xz, xzdec, gzip, cpio, less
    * Atom Beta, Atom, jitsi, eom, uudeview
    * tar (gtar), unzip, unrar, file, skypeforlinux,
    * inox, Slack, gnome-chess. Gajim IM client, DOSBox
  - Enable apparmor support
* Wed Jun 08 2016 tiwai@suse.de
  - Update to version 0.9.40:
    * Added firecfg utility
    * New options: -nice, -cpu.print, -writable-etc, -writable-var,
    - read-only
    * X11 support: -x11 option (-x11=xpra, -x11=xephr)
    * Filetransfer options: –ls and –get
    * Added mkdir, ipc-namespace, and nosound profile commands
    * added net, ip, defaultgw, ip6, mac, mtu and iprange profile
      commands
    * Run time config support, man firejail-config
    * AppArmor fixes
    * Default seccomp filter update
    * Disable STUN/WebRTC in default netfilter configuration
    * Lots of new profiles
* Tue May 17 2016 tiwai@suse.de
  - initial package: 0.9.38

Files

/usr/share/licenses/firejail-zsh-completion
/usr/share/licenses/firejail-zsh-completion/COPYING
/usr/share/zsh
/usr/share/zsh/site-functions
/usr/share/zsh/site-functions/_firejail


Generated by rpm2html 1.8.1

Fabrice Bellet, Sat Mar 9 17:16:51 2024