1. 19 Jun, 2019 3 commits
  2. 06 Jun, 2019 2 commits
    • Lorenzo Faletra's avatar
      Import Debian changes 0.9.58.2-3parrot1 · b62be1c9
      Lorenzo Faletra authored
      firejail (0.9.58.2-3parrot1) testing; urgency=medium
      
        * Import new Debian release.
        * Update Parrot patches.
      b62be1c9
    • Reiner Herrmann's avatar
      Import Debian changes 0.9.58.2-2 · 7ce6a09b
      Reiner Herrmann authored
      firejail (0.9.58.2-2) unstable; urgency=high
      
        * Cherry-pick security fix for seccomp bypass issue. (Closes: #929732)
          Seccomp filters were writable inside the jail, so they could be
          overwritten/truncated. Another jail that was then joined with the first
          one, had no seccomp filters applied.
        * Cherry-pick security fix for binary truncation issue. (Closes: #929733)
          When the jailed program was running as root, and firejail was killed
          from the outside (as root), the jailed program had the possibility to
          truncate the firejail binary outside the jail.
      
      firejail (0.9.58.2-1) unstable; urgency=medium
      
        * New upstream release.
          - new global configuration flag (name-change) that allows disabling
            automatic renaming of sandboxes, if requested name already exists
            (Closes: #920768)
          - whitelist additional files in zoom profile
            Thanks to Patrik Flykt for the patch. (Closes: #921454)
        * Drop patch applied upstream.
        * Switch off cgroup support by default in firejail.config, as it can be
          used to move processes into less restricted cgroups (see also #916920).
        * Install AppArmor local override file via dh_apparmor.
      
      firejail (0.9.58-1) unstable; urgency=medium
      
        * New upstream release.
        * Mark github-desktop.profile as moved conffile.
        * Allow ptrace read/readby requests in AppArmor profile.
          Thanks to Salvo Tomaselli for the report and intrigeri for help with
          AppArmor. (Closes: #912587)
        * Restrict networking feature by default in firejail.config, as a new
          network namespace can circumvent packet filter of default namespace.
          Thanks to Alain Ducharme for the report. (Closes: #916920)
      
      firejail (0.9.58~rc1-1) experimental; urgency=low
      
        * New upstream release candidate.
          - fix profile detection when path contains spaces (Closes: #903831)
        * Drop patch applied upstream.
        * Bump copyright years.
        * Bump Standards-Version to 4.3.0.
      
      firejail (0.9.56-2) unstable; urgency=medium
      
        * Properly (re)move obsolete conffiles.
          Thanks to Paul Wise for repeatedly reporting these issues.
          (Closes: #909640)
        * Mark autopkgtests as flaky, as some tests behave differently than
          expected depending on the environment they are run in.
        * Cherry-pick upstream patches to skip some environment-dependent tests.
      
      firejail (0.9.56-1) unstable; urgency=medium
      
        * New upstream release.
        * Move profiles test to unisolated test run.
        * Recommend iproute2 for tc used in fshaper.sh for --bandwidth feature.
        * Drop patch applied upstream.
        * Bump Standards-Version to 4.2.1.
      
      firejail (0.9.56~rc1-1) experimental; urgency=low
      
        * New upstream release candidate.
          - evaluate UID_MIN at runtime instead of hardcoding during compilation
            (Closes: #900337)
        * Bump Standards-Version to 4.2.0.
        * debian/tests:
          - disable tests that attempt to access the internet
          - temporarily disable broken tests (fixed upstream already)
          - reorganize tests a bit; allow some to run unisolated
      
      firejail (0.9.54-1) unstable; urgency=medium
      
        * New upstream release.
      
      firejail (0.9.54~rc2-1) experimental; urgency=medium
      
        * New upstream release candidate.
      
      firejail (0.9.54~rc1-1) experimental; urgency=low
      
        * New upstream release candidate.
          - mark ~/.homesick as read-only by default (Closes: #884579)
            Thanks to Alexander Gerasiov for the patch.
        * Add NEWS entry about new user restriction feature.
        * Add renamed profile to maintscript helper.
        * Use dh_missing for missed file detection instead of dh_install.
        * Bump copyright years.
      
      firejail (0.9.52-3) unstable; urgency=medium
      
        * Move packaging VCS to salsa.
        * Bump Standards-Version to 4.1.4.
        * Add upstream metadata file.
      
      firejail (0.9.52-2) unstable; urgency=medium
      
        * Cleanup removed conffile in correct binary package. (Closes: #884915)
        * Bump debhelper compatibility/dependency to 11.
      
      firejail (0.9.52-1) unstable; urgency=medium
      
        * New upstream release.
          - new command to help building new profiles (--build) (Closes: #860942)
        * Drop patch applied upstream.
        * Remove lxterminal.profile conffile, which was deleted upstream.
        * Bump Standards-Version to 4.1.2.
      
      firejail (0.9.50-3) unstable; urgency=medium
      
        * Upload to unstable.
      
      firejail (0.9.50-2) experimental; urgency=low
      
        * Cherry-pick another seccomp-related build fix.
      
      firejail (0.9.50-1) experimental; urgency=medium
      
        * New upstream release.
        * Drop build patch applied upstream.
      
      firejail (0.9.50~rc1-2) experimental; urgency=low
      
        * Cherry-pick fix for build failure on some architectures.
      
      firejail (0.9.50~rc1-1) experimental; urgency=low
      
        * New upstream release candidate.
          - Several profile fixes (Closes: #866014, #872287, #872720)
            Thanks to Martin Dosch for the reports and a patch.
          - Improve cross build support (Closes: #869707)
            Thanks to Helmut Grohne for providing the patch.
        * debian/copyright: Switch URLs to https.
        * Bump Standards-Version to 4.1.0.
      
      firejail (0.9.48-2) unstable; urgency=medium
      
        * Upload to unstable.
      
      firejail (0.9.48-1) experimental; urgency=low
      
        * New upstream release.
          - Allow jailed thunderbird to read mime data (Closes: #864510)
        * Run arguments and fcopy tests during autopkgtest.
      
      firejail (0.9.46-2) experimental; urgency=low
      
        * Fix arch:all build by overriding dh_fixperms only for arch:any
      
      firejail (0.9.46-1) experimental; urgency=low
      
        * New upstream release.
        * Replace patch which prevented installation of contrib scripts to
          /usr/lib with newly added configure option.
        * Add Xvfb as alternative recommendation for X isolation.
      
      firejail (0.9.46~rc1-1) experimental; urgency=low
      
        * New upstream release candidate.
        * Split profiles into separate package (Closes: #850273).
          - New binary package firejail-profiles
          - Remove old profile conffiles from firejail binary package
          - Add NEWS to inform about the package split
        * debian/copyright:
          - Document copyright of contributed script
          - Update path of moved file
          - Bump copyright years to 2017
        * Install contrib scripts in doc directory.
        * Replace icedove with thunderbird in test dependencies.
      
      firejail (0.9.44.10-1) experimental; urgency=medium
      
        * New upstream release.
      
      firejail (0.9.44.8-1) unstable; urgency=medium
      
        * New upstream release.
      
      firejail (0.9.44.6-1) unstable; urgency=medium
      
        * New upstream release.
      
      firejail (0.9.44.4-1) unstable; urgency=high
      
        * New upstream release.
          - Security fixes for: CVE-2017-5180, CVE-2017-5206, CVE-2017-5207
            (Closes: #850528, #850558)
        * Drop patches applied upstream.
      
      firejail (0.9.44.2-3) unstable; urgency=high
      
        * Add followup fix for CVE-2017-5180 (Closes: #850160).
      
      firejail (0.9.44.2-2) unstable; urgency=high
      
        * Add upstream fix for CVE-2017-5180 (Closes: #850160).
      
      firejail (0.9.44.2-1) unstable; urgency=medium
      
        * New upstream release.
      
      firejail (0.9.44-1) unstable; urgency=medium
      
        * New upstream release.
          - Fix sandbox escape via terminal input buffer similar to
            SELinux's CVE-2016-7545.
        * Run apps-x11-xorg tests during autopkgtest.
        * Add xauth to Recommends for x11=xorg sandbox feature.
      
      firejail (0.9.44~rc1-1) experimental; urgency=low
      
        * New upstream release candidate.
          - Fix program crashes with nvidia driver (Closes: #839868)
        * Add iptables to Recommends for netfilter feature.
        * Bump debhelper compat level to 10.
          - Drop --parallel, which is now default behavior
      
      firejail (0.9.42-1) unstable; urgency=medium
      
        * New upstream release.
      
      firejail (0.9.42~rc2-1) experimental; urgency=low
      
        * New upstream release candidate.
          - shell prompt no longer overwritten by default (Closes: #834256)
        * Drop patch for build failure, applied upstream.
        * Add upstream signing key.
        * Check upstream signature with uscan.
        * Install upstream README.
        * Enable AppArmor support.
        * Include upstream sysutils tests in autopkgtest run.
      
      firejail (0.9.42~rc1-2) experimental; urgency=low
      
        * Cherry-pick upstream fix for build failure on non-x86 platforms.
      
      firejail (0.9.42~rc1-1) experimental; urgency=low
      
        * New upstream release candidate.
        * Drop LXC patch applied upstream.
        * Add ping and wget to test dependencies.
        * Run autopkgtests in isolation-machine.
      
      firejail (0.9.40-3) unstable; urgency=low
      
        * Replace patch for LXC support with improved version by upstream.
          Previous fix only worked for firejail as init process, not in
          user sessions inside containers (like with autopkgtest).
      
      firejail (0.9.40-2) unstable; urgency=low
      
        * Remove obsolete conffiles (Closes: #825877).
        * Add iptables to test dependencies.
        * Cherry-pick upstream patch for LXC detection.
          autopkgtests were failing in LXC because firejail wrongly
          detected an already existing sandbox.
        * Add gbp.conf to enable pristine-tar by default.
        * Add Vcs-* fields; git repository is now in collab-maint.
      
      firejail (0.9.40-1) unstable; urgency=low
      
        * New upstream release.
          - Fix legacy Opera profile (Closes: #819950)
        * Add autopkgtests to run upstream's test suite.
          - skip test target in debian/rules, which is run in autopkgtest
      
      firejail (0.9.40~rc1-1) experimental; urgency=low
      
        * New upstream release candidate. (Closes: #823191)
        * Recommend xpra or xserver-xephyr for X11 isolation.
        * Drop autotools-dev; debhelper is now doing the same.
        * Bump copyright years to 2016.
        * Bump Standards-Version to 3.9.8.
      
      firejail (0.9.38-1) unstable; urgency=low
      
        * New upstream release.
        * Bump standards version to 3.9.7.
      
      firejail (0.9.36-1) unstable; urgency=low
      
        * New upstream release.
          - Support for logging of blacklist violations (Closes: #794837)
        * Updated Homepage field.
        * Dropped reproducibility patch, which has been applied upstream.
        * Dropped debian/missing-sources. Upstream removed binaries
          from release tarball.
      
      firejail (0.9.34-1) unstable; urgency=low
      
        * New upstream release.
        * Drop libdir patch applied upstream.
        * Symlink source which lintian thinks is missing.
      
      firejail (0.9.32-1) unstable; urgency=low
      
        * New upstream release.
        * Added README.Debian.
        * Added patch to fix the location of the lib dir.
      
      firejail (0.9.28-1) unstable; urgency=low
      
        * New upstream release.
          - Common include for blacklisted directories (Closes: #789164)
          - Improved support for other architectures (Closes: #789317)
        * Enabled all Linux architectures again.
        * Removed unneeded debian/firejail.bash-completion file.
      
      firejail (0.9.26-1) unstable; urgency=low
      
        * New upstream release.
        * Enabled all hardening options.
        * Amended reproducibility patch to use normalized locale.
        * Dropped usage of outdated bash-completion debhelper.
        * Limited architectures to supported ones (Closes: #789163).
      
      firejail (0.9.24-1) unstable; urgency=low
      
        * New upstream release.
        * Dropped patches applied upstream.
      
      firejail (0.9.22-1) unstable; urgency=low
      
        * Initial release (Closes: #777671)
      7ce6a09b
  3. 05 Jun, 2019 1 commit
    • Lorenzo Faletra's avatar
      Import Debian changes 0.9.58.2-2parrot1 · 768f1186
      Lorenzo Faletra authored
      firejail (0.9.58.2-2parrot1) testing; urgency=medium
      
        * Import new Debian release.
        * Include Parrot patches.
      
      firejail (0.9.58.2-2) unstable; urgency=high
      
        * Cherry-pick security fix for seccomp bypass issue. (Closes: #929732)
          Seccomp filters were writable inside the jail, so they could be
          overwritten/truncated. Another jail that was then joined with the first
          one, had no seccomp filters applied.
        * Cherry-pick security fix for binary truncation issue. (Closes: #929733)
          When the jailed program was running as root, and firejail was killed
          from the outside (as root), the jailed program had the possibility to
          truncate the firejail binary outside the jail.
      768f1186
  4. 03 Apr, 2019 4 commits
  5. 16 Feb, 2019 2 commits
    • Lorenzo Faletra's avatar
      Import Debian changes 0.9.58-1parrot6.1 · dafdf373
      Lorenzo Faletra authored
      firejail (0.9.58-1parrot6.1) testing; urgency=medium
      
        * Add /etc/alternatives support on most of the profiles.
        * Merge recent fixes into parrot-patches.patch.
        * Add networking to vscodium.
      dafdf373
    • Lorenzo Faletra's avatar
      Import Debian changes 0.9.58-1parrot6 · c3c9da80
      Lorenzo Faletra authored
      firejail (0.9.58-1parrot6) UNRELEASED; urgency=medium
      
        * Add /etc/alternatives support on most of the profiles.
        * Merge recent fixes into parrot-patches.patch.
      c3c9da80
  6. 14 Feb, 2019 2 commits
  7. 12 Feb, 2019 1 commit
  8. 07 Feb, 2019 1 commit
  9. 06 Feb, 2019 1 commit
  10. 05 Feb, 2019 1 commit
    • Lorenzo Faletra's avatar
      Import Debian changes 0.9.58-1parrot1 · 33a4c6fa
      Lorenzo Faletra authored
      firejail (0.9.58-1parrot1) testing; urgency=medium
      
        * Import new Debian release.
        * Remake custom profiles from scratch.
        * Disable applications that don't have to be sandboxed.
        * Enable root user for some editors and utilities.
        * Add VSCodium profile.
      33a4c6fa
  11. 17 Nov, 2018 1 commit
  12. 18 Oct, 2018 1 commit
    • CoffeeFou's avatar
      Import Debian changes 0.9.56-2parrot2 · 2ded013d
      CoffeeFou authored
      firejail (0.9.56-2parrot2) testing; urgency=medium
      
        [ CoffeeFou ]
        * Fix discord profile.
      
        [ Lorenzo "Palinuro" Faletra ]
        * Fix torbrowser-launcher startup.
        * Fix firefox profile (dbus and qbittorrent integration).
        * Disable torbrowser-launcher profile (let's use apparmor for it).
      2ded013d
  13. 11 Oct, 2018 1 commit
    • Lorenzo Faletra's avatar
      Import Debian changes 0.9.56-2parrot1 · 2e068b6d
      Lorenzo Faletra authored
      firejail (0.9.56-2parrot1) testing; urgency=medium
      
        * Import new Debian patch to disable unwanted tests.
      
      firejail (0.9.56-2) unstable; urgency=medium
      
        * Properly (re)move obsolete conffiles.
          Thanks to Paul Wise for repeatedly reporting these issues.
          (Closes: #909640)
        * Mark autopkgtests as flaky, as some tests behave differently than
          expected depending on the environment they are run in.
        * Cherry-pick upstream patches to skip some environment-dependent tests.
      2e068b6d
  14. 05 Oct, 2018 1 commit
  15. 26 Sep, 2018 1 commit
  16. 27 Aug, 2018 1 commit
  17. 21 Aug, 2018 1 commit
  18. 11 Aug, 2018 1 commit
  19. 11 Jul, 2018 3 commits
  20. 25 Jun, 2018 1 commit
    • Lorenzo Faletra's avatar
      Import Debian changes 0.9.54-1parrot4 · 5038cb96
      Lorenzo Faletra authored
      firejail (0.9.54-1parrot4) testing; urgency=medium
      
        * Update atril profile for nvidia/bumblebee OpenGL support.
      
      firejail (0.9.54-1parrot3) testing; urgency=medium
      
        * Fix atril profile.
      5038cb96
  21. 25 May, 2018 3 commits
  22. 04 May, 2018 2 commits
  23. 16 Apr, 2018 1 commit
  24. 08 Jan, 2018 2 commits
  25. 29 Dec, 2017 1 commit
  26. 28 Dec, 2017 1 commit
    • Lorenzo Faletra's avatar
      Import Debian changes 0.9.52-2parrot0 · 8af309cf
      Lorenzo Faletra authored
      firejail (0.9.52-2parrot0) testing; urgency=medium
      
        * Remove bleachbit from firecfg config.
      
      firejail (0.9.52-2) unstable; urgency=medium
      
        * Cleanup removed conffile in correct binary package. (Closes: #884915)
        * Bump debhelper compatibility/dependency to 11.
      8af309cf