1. 06 Jun, 2019 4 commits
    • Lorenzo Faletra's avatar
      Import Debian changes 0.9.58.2-3parrot1 · c6ca22c6
      Lorenzo Faletra authored
      firejail (0.9.58.2-3parrot1) testing; urgency=medium
      
        * Import new Debian release.
        * Update Parrot patches.
      c6ca22c6
    • Lorenzo Faletra's avatar
      import new release · 0488085c
      Lorenzo Faletra authored
      0488085c
    • Lorenzo Faletra's avatar
      Import Debian changes 0.9.58.2-3parrot1 · b62be1c9
      Lorenzo Faletra authored
      firejail (0.9.58.2-3parrot1) testing; urgency=medium
      
        * Import new Debian release.
        * Update Parrot patches.
      b62be1c9
    • Reiner Herrmann's avatar
      Import Debian changes 0.9.58.2-2 · 7ce6a09b
      Reiner Herrmann authored
      firejail (0.9.58.2-2) unstable; urgency=high
      
        * Cherry-pick security fix for seccomp bypass issue. (Closes: #929732)
          Seccomp filters were writable inside the jail, so they could be
          overwritten/truncated. Another jail that was then joined with the first
          one, had no seccomp filters applied.
        * Cherry-pick security fix for binary truncation issue. (Closes: #929733)
          When the jailed program was running as root, and firejail was killed
          from the outside (as root), the jailed program had the possibility to
          truncate the firejail binary outside the jail.
      
      firejail (0.9.58.2-1) unstable; urgency=medium
      
        * New upstream release.
          - new global configuration flag (name-change) that allows disabling
            automatic renaming of sandboxes, if requested name already exists
            (Closes: #920768)
          - whitelist additional files in zoom profile
            Thanks to Patrik Flykt for the patch. (Closes: #921454)
        * Drop patch applied upstream.
        * Switch off cgroup support by default in firejail.config, as it can be
          used to move processes into less restricted cgroups (see also #916920).
        * Install AppArmor local override file via dh_apparmor.
      
      firejail (0.9.58-1) unstable; urgency=medium
      
        * New upstream release.
        * Mark github-desktop.profile as moved conffile.
        * Allow ptrace read/readby requests in AppArmor profile.
          Thanks to Salvo Tomaselli for the report and intrigeri for help with
          AppArmor. (Closes: #912587)
        * Restrict networking feature by default in firejail.config, as a new
          network namespace can circumvent packet filter of default namespace.
          Thanks to Alain Ducharme for the report. (Closes: #916920)
      
      firejail (0.9.58~rc1-1) experimental; urgency=low
      
        * New upstream release candidate.
          - fix profile detection when path contains spaces (Closes: #903831)
        * Drop patch applied upstream.
        * Bump copyright years.
        * Bump Standards-Version to 4.3.0.
      
      firejail (0.9.56-2) unstable; urgency=medium
      
        * Properly (re)move obsolete conffiles.
          Thanks to Paul Wise for repeatedly reporting these issues.
          (Closes: #909640)
        * Mark autopkgtests as flaky, as some tests behave differently than
          expected depending on the environment they are run in.
        * Cherry-pick upstream patches to skip some environment-dependent tests.
      
      firejail (0.9.56-1) unstable; urgency=medium
      
        * New upstream release.
        * Move profiles test to unisolated test run.
        * Recommend iproute2 for tc used in fshaper.sh for --bandwidth feature.
        * Drop patch applied upstream.
        * Bump Standards-Version to 4.2.1.
      
      firejail (0.9.56~rc1-1) experimental; urgency=low
      
        * New upstream release candidate.
          - evaluate UID_MIN at runtime instead of hardcoding during compilation
            (Closes: #900337)
        * Bump Standards-Version to 4.2.0.
        * debian/tests:
          - disable tests that attempt to access the internet
          - temporarily disable broken tests (fixed upstream already)
          - reorganize tests a bit; allow some to run unisolated
      
      firejail (0.9.54-1) unstable; urgency=medium
      
        * New upstream release.
      
      firejail (0.9.54~rc2-1) experimental; urgency=medium
      
        * New upstream release candidate.
      
      firejail (0.9.54~rc1-1) experimental; urgency=low
      
        * New upstream release candidate.
          - mark ~/.homesick as read-only by default (Closes: #884579)
            Thanks to Alexander Gerasiov for the patch.
        * Add NEWS entry about new user restriction feature.
        * Add renamed profile to maintscript helper.
        * Use dh_missing for missed file detection instead of dh_install.
        * Bump copyright years.
      
      firejail (0.9.52-3) unstable; urgency=medium
      
        * Move packaging VCS to salsa.
        * Bump Standards-Version to 4.1.4.
        * Add upstream metadata file.
      
      firejail (0.9.52-2) unstable; urgency=medium
      
        * Cleanup removed conffile in correct binary package. (Closes: #884915)
        * Bump debhelper compatibility/dependency to 11.
      
      firejail (0.9.52-1) unstable; urgency=medium
      
        * New upstream release.
          - new command to help building new profiles (--build) (Closes: #860942)
        * Drop patch applied upstream.
        * Remove lxterminal.profile conffile, which was deleted upstream.
        * Bump Standards-Version to 4.1.2.
      
      firejail (0.9.50-3) unstable; urgency=medium
      
        * Upload to unstable.
      
      firejail (0.9.50-2) experimental; urgency=low
      
        * Cherry-pick another seccomp-related build fix.
      
      firejail (0.9.50-1) experimental; urgency=medium
      
        * New upstream release.
        * Drop build patch applied upstream.
      
      firejail (0.9.50~rc1-2) experimental; urgency=low
      
        * Cherry-pick fix for build failure on some architectures.
      
      firejail (0.9.50~rc1-1) experimental; urgency=low
      
        * New upstream release candidate.
          - Several profile fixes (Closes: #866014, #872287, #872720)
            Thanks to Martin Dosch for the reports and a patch.
          - Improve cross build support (Closes: #869707)
            Thanks to Helmut Grohne for providing the patch.
        * debian/copyright: Switch URLs to https.
        * Bump Standards-Version to 4.1.0.
      
      firejail (0.9.48-2) unstable; urgency=medium
      
        * Upload to unstable.
      
      firejail (0.9.48-1) experimental; urgency=low
      
        * New upstream release.
          - Allow jailed thunderbird to read mime data (Closes: #864510)
        * Run arguments and fcopy tests during autopkgtest.
      
      firejail (0.9.46-2) experimental; urgency=low
      
        * Fix arch:all build by overriding dh_fixperms only for arch:any
      
      firejail (0.9.46-1) experimental; urgency=low
      
        * New upstream release.
        * Replace patch which prevented installation of contrib scripts to
          /usr/lib with newly added configure option.
        * Add Xvfb as alternative recommendation for X isolation.
      
      firejail (0.9.46~rc1-1) experimental; urgency=low
      
        * New upstream release candidate.
        * Split profiles into separate package (Closes: #850273).
          - New binary package firejail-profiles
          - Remove old profile conffiles from firejail binary package
          - Add NEWS to inform about the package split
        * debian/copyright:
          - Document copyright of contributed script
          - Update path of moved file
          - Bump copyright years to 2017
        * Install contrib scripts in doc directory.
        * Replace icedove with thunderbird in test dependencies.
      
      firejail (0.9.44.10-1) experimental; urgency=medium
      
        * New upstream release.
      
      firejail (0.9.44.8-1) unstable; urgency=medium
      
        * New upstream release.
      
      firejail (0.9.44.6-1) unstable; urgency=medium
      
        * New upstream release.
      
      firejail (0.9.44.4-1) unstable; urgency=high
      
        * New upstream release.
          - Security fixes for: CVE-2017-5180, CVE-2017-5206, CVE-2017-5207
            (Closes: #850528, #850558)
        * Drop patches applied upstream.
      
      firejail (0.9.44.2-3) unstable; urgency=high
      
        * Add followup fix for CVE-2017-5180 (Closes: #850160).
      
      firejail (0.9.44.2-2) unstable; urgency=high
      
        * Add upstream fix for CVE-2017-5180 (Closes: #850160).
      
      firejail (0.9.44.2-1) unstable; urgency=medium
      
        * New upstream release.
      
      firejail (0.9.44-1) unstable; urgency=medium
      
        * New upstream release.
          - Fix sandbox escape via terminal input buffer similar to
            SELinux's CVE-2016-7545.
        * Run apps-x11-xorg tests during autopkgtest.
        * Add xauth to Recommends for x11=xorg sandbox feature.
      
      firejail (0.9.44~rc1-1) experimental; urgency=low
      
        * New upstream release candidate.
          - Fix program crashes with nvidia driver (Closes: #839868)
        * Add iptables to Recommends for netfilter feature.
        * Bump debhelper compat level to 10.
          - Drop --parallel, which is now default behavior
      
      firejail (0.9.42-1) unstable; urgency=medium
      
        * New upstream release.
      
      firejail (0.9.42~rc2-1) experimental; urgency=low
      
        * New upstream release candidate.
          - shell prompt no longer overwritten by default (Closes: #834256)
        * Drop patch for build failure, applied upstream.
        * Add upstream signing key.
        * Check upstream signature with uscan.
        * Install upstream README.
        * Enable AppArmor support.
        * Include upstream sysutils tests in autopkgtest run.
      
      firejail (0.9.42~rc1-2) experimental; urgency=low
      
        * Cherry-pick upstream fix for build failure on non-x86 platforms.
      
      firejail (0.9.42~rc1-1) experimental; urgency=low
      
        * New upstream release candidate.
        * Drop LXC patch applied upstream.
        * Add ping and wget to test dependencies.
        * Run autopkgtests in isolation-machine.
      
      firejail (0.9.40-3) unstable; urgency=low
      
        * Replace patch for LXC support with improved version by upstream.
          Previous fix only worked for firejail as init process, not in
          user sessions inside containers (like with autopkgtest).
      
      firejail (0.9.40-2) unstable; urgency=low
      
        * Remove obsolete conffiles (Closes: #825877).
        * Add iptables to test dependencies.
        * Cherry-pick upstream patch for LXC detection.
          autopkgtests were failing in LXC because firejail wrongly
          detected an already existing sandbox.
        * Add gbp.conf to enable pristine-tar by default.
        * Add Vcs-* fields; git repository is now in collab-maint.
      
      firejail (0.9.40-1) unstable; urgency=low
      
        * New upstream release.
          - Fix legacy Opera profile (Closes: #819950)
        * Add autopkgtests to run upstream's test suite.
          - skip test target in debian/rules, which is run in autopkgtest
      
      firejail (0.9.40~rc1-1) experimental; urgency=low
      
        * New upstream release candidate. (Closes: #823191)
        * Recommend xpra or xserver-xephyr for X11 isolation.
        * Drop autotools-dev; debhelper is now doing the same.
        * Bump copyright years to 2016.
        * Bump Standards-Version to 3.9.8.
      
      firejail (0.9.38-1) unstable; urgency=low
      
        * New upstream release.
        * Bump standards version to 3.9.7.
      
      firejail (0.9.36-1) unstable; urgency=low
      
        * New upstream release.
          - Support for logging of blacklist violations (Closes: #794837)
        * Updated Homepage field.
        * Dropped reproducibility patch, which has been applied upstream.
        * Dropped debian/missing-sources. Upstream removed binaries
          from release tarball.
      
      firejail (0.9.34-1) unstable; urgency=low
      
        * New upstream release.
        * Drop libdir patch applied upstream.
        * Symlink source which lintian thinks is missing.
      
      firejail (0.9.32-1) unstable; urgency=low
      
        * New upstream release.
        * Added README.Debian.
        * Added patch to fix the location of the lib dir.
      
      firejail (0.9.28-1) unstable; urgency=low
      
        * New upstream release.
          - Common include for blacklisted directories (Closes: #789164)
          - Improved support for other architectures (Closes: #789317)
        * Enabled all Linux architectures again.
        * Removed unneeded debian/firejail.bash-completion file.
      
      firejail (0.9.26-1) unstable; urgency=low
      
        * New upstream release.
        * Enabled all hardening options.
        * Amended reproducibility patch to use normalized locale.
        * Dropped usage of outdated bash-completion debhelper.
        * Limited architectures to supported ones (Closes: #789163).
      
      firejail (0.9.24-1) unstable; urgency=low
      
        * New upstream release.
        * Dropped patches applied upstream.
      
      firejail (0.9.22-1) unstable; urgency=low
      
        * Initial release (Closes: #777671)
      7ce6a09b
  2. 05 Jun, 2019 1 commit
    • Lorenzo Faletra's avatar
      Import Debian changes 0.9.58.2-2parrot1 · 768f1186
      Lorenzo Faletra authored
      firejail (0.9.58.2-2parrot1) testing; urgency=medium
      
        * Import new Debian release.
        * Include Parrot patches.
      
      firejail (0.9.58.2-2) unstable; urgency=high
      
        * Cherry-pick security fix for seccomp bypass issue. (Closes: #929732)
          Seccomp filters were writable inside the jail, so they could be
          overwritten/truncated. Another jail that was then joined with the first
          one, had no seccomp filters applied.
        * Cherry-pick security fix for binary truncation issue. (Closes: #929733)
          When the jailed program was running as root, and firejail was killed
          from the outside (as root), the jailed program had the possibility to
          truncate the firejail binary outside the jail.
      768f1186
  3. 03 Apr, 2019 4 commits
  4. 28 Feb, 2019 3 commits
    • Lorenzo Faletra's avatar
      apply parrot patches · 4fbf693c
      Lorenzo Faletra authored
      4fbf693c
    • Lorenzo Faletra's avatar
      Import Debian changes 0.9.58.2-1parrot1 · 668d7740
      Lorenzo Faletra authored
      firejail (0.9.58.2-1parrot1) testing; urgency=medium
      
        * Import new Debian release.
        * Import Parrot profiles.
      
      firejail (0.9.58.2-1) unstable; urgency=medium
      
        * New upstream release.
          - new global configuration flag (name-change) that allows disabling
            automatic renaming of sandboxes, if requested name already exists
            (Closes: #920768)
          - whitelist additional files in zoom profile
            Thanks to Patrik Flykt for the patch. (Closes: #921454)
        * Drop patch applied upstream.
        * Switch off cgroup support by default in firejail.config, as it can be
          used to move processes into less restricted cgroups (see also #916920).
        * Install AppArmor local override file via dh_apparmor.
      668d7740
    • Lorenzo Faletra's avatar
      Import Upstream version 0.9.58.2 · 3806df96
      Lorenzo Faletra authored
      3806df96
  5. 16 Feb, 2019 2 commits
    • Lorenzo Faletra's avatar
      Import Debian changes 0.9.58-1parrot6.1 · dafdf373
      Lorenzo Faletra authored
      firejail (0.9.58-1parrot6.1) testing; urgency=medium
      
        * Add /etc/alternatives support on most of the profiles.
        * Merge recent fixes into parrot-patches.patch.
        * Add networking to vscodium.
      dafdf373
    • Lorenzo Faletra's avatar
      Import Debian changes 0.9.58-1parrot6 · c3c9da80
      Lorenzo Faletra authored
      firejail (0.9.58-1parrot6) UNRELEASED; urgency=medium
      
        * Add /etc/alternatives support on most of the profiles.
        * Merge recent fixes into parrot-patches.patch.
      c3c9da80
  6. 14 Feb, 2019 2 commits
  7. 12 Feb, 2019 1 commit
  8. 07 Feb, 2019 1 commit
  9. 06 Feb, 2019 1 commit
  10. 05 Feb, 2019 3 commits
    • Lorenzo Faletra's avatar
      Import Debian changes 0.9.58-1parrot1 · 33a4c6fa
      Lorenzo Faletra authored
      firejail (0.9.58-1parrot1) testing; urgency=medium
      
        * Import new Debian release.
        * Remake custom profiles from scratch.
        * Disable applications that don't have to be sandboxed.
        * Enable root user for some editors and utilities.
        * Add VSCodium profile.
      33a4c6fa
    • Reiner Herrmann's avatar
      Import Debian changes 0.9.58-1 · ce74b200
      Reiner Herrmann authored
      firejail (0.9.58-1) unstable; urgency=medium
      
        * New upstream release.
        * Mark github-desktop.profile as moved conffile.
        * Allow ptrace read/readby requests in AppArmor profile.
          Thanks to Salvo Tomaselli for the report and intrigeri for help with
          AppArmor. (Closes: #912587)
        * Restrict networking feature by default in firejail.config, as a new
          network namespace can circumvent packet filter of default namespace.
          Thanks to Alain Ducharme for the report. (Closes: #916920)
      
      firejail (0.9.58~rc1-1) experimental; urgency=low
      
        * New upstream release candidate.
          - fix profile detection when path contains spaces (Closes: #903831)
        * Drop patch applied upstream.
        * Bump copyright years.
        * Bump Standards-Version to 4.3.0.
      ce74b200
    • Lorenzo Faletra's avatar
      Import Upstream version 0.9.58 · 74d92f26
      Lorenzo Faletra authored
      74d92f26
  11. 17 Nov, 2018 1 commit
  12. 18 Oct, 2018 2 commits
    • CoffeeFou's avatar
      Import Debian changes 0.9.56-2parrot2 · 2ded013d
      CoffeeFou authored
      firejail (0.9.56-2parrot2) testing; urgency=medium
      
        [ CoffeeFou ]
        * Fix discord profile.
      
        [ Lorenzo "Palinuro" Faletra ]
        * Fix torbrowser-launcher startup.
        * Fix firefox profile (dbus and qbittorrent integration).
        * Disable torbrowser-launcher profile (let's use apparmor for it).
      2ded013d
    • Lorenzo Faletra's avatar
      Merge branch 'patch-2' into 'master' · 44ff19cd
      Lorenzo Faletra authored
      Update discord-common.profile
      
      See merge request parrot/firejail!3
      44ff19cd
  13. 11 Oct, 2018 1 commit
    • Lorenzo Faletra's avatar
      Import Debian changes 0.9.56-2parrot1 · 2e068b6d
      Lorenzo Faletra authored
      firejail (0.9.56-2parrot1) testing; urgency=medium
      
        * Import new Debian patch to disable unwanted tests.
      
      firejail (0.9.56-2) unstable; urgency=medium
      
        * Properly (re)move obsolete conffiles.
          Thanks to Paul Wise for repeatedly reporting these issues.
          (Closes: #909640)
        * Mark autopkgtests as flaky, as some tests behave differently than
          expected depending on the environment they are run in.
        * Cherry-pick upstream patches to skip some environment-dependent tests.
      2e068b6d
  14. 08 Oct, 2018 1 commit
  15. 05 Oct, 2018 1 commit
  16. 26 Sep, 2018 3 commits
    • Lorenzo Faletra's avatar
      re-enable patch · 4ee9829e
      Lorenzo Faletra authored
      4ee9829e
    • Lorenzo Faletra's avatar
      Import Debian changes 0.9.56-1parrot1 · 2480c730
      Lorenzo Faletra authored
      firejail (0.9.56-1parrot1) testing; urgency=medium
      
        * Import new Debian release.
        * Updates Parrot patches.
      
      firejail (0.9.56-1) unstable; urgency=medium
      
        * New upstream release.
        * Move profiles test to unisolated test run.
        * Recommend iproute2 for tc used in fshaper.sh for --bandwidth feature.
        * Drop patch applied upstream.
        * Bump Standards-Version to 4.2.1.
      
      firejail (0.9.56~rc1-1) experimental; urgency=low
      
        * New upstream release candidate.
          - evaluate UID_MIN at runtime instead of hardcoding during compilation
            (Closes: #900337)
        * Bump Standards-Version to 4.2.0.
        * debian/tests:
          - disable tests that attempt to access the internet
          - temporarily disable broken tests (fixed upstream already)
          - reorganize tests a bit; allow some to run unisolated
      2480c730
    • Lorenzo Faletra's avatar
      Import Upstream version 0.9.56 · 10e2693a
      Lorenzo Faletra authored
      10e2693a
  17. 27 Aug, 2018 2 commits
  18. 21 Aug, 2018 1 commit
  19. 11 Aug, 2018 1 commit
  20. 11 Jul, 2018 5 commits