Commit 7ce6a09b authored by Reiner Herrmann's avatar Reiner Herrmann Committed by Lorenzo "Palinuro" Faletra
Browse files

Import Debian changes 0.9.58.2-2

firejail (0.9.58.2-2) unstable; urgency=high

  * Cherry-pick security fix for seccomp bypass issue. (Closes: #929732)
    Seccomp filters were writable inside the jail, so they could be
    overwritten/truncated. Another jail that was then joined with the first
    one, had no seccomp filters applied.
  * Cherry-pick security fix for binary truncation issue. (Closes: #929733)
    When the jailed program was running as root, and firejail was killed
    from the outside (as root), the jailed program had the possibility to
    truncate the firejail binary outside the jail.

firejail (0.9.58.2-1) unstable; urgency=medium

  * New upstream release.
    - new global configuration flag (name-change) that allows disabling
      automatic renaming of sandboxes, if requested name already exists
      (Closes: #920768)
    - whitelist additional files in zoom profile
      Thanks to Patrik Flykt for the patch. (Closes: #921454)
  * Drop patch applied upstream.
  * Switch off cgroup support by default in firejail.config, as it can be
    used to move processes into less restricted cgroups (see also #916920).
  * Install AppArmor local override file via dh_apparmor.

firejail (0.9.58-1) unstable; urgency=medium

  * New upstream release.
  * Mark github-desktop.profile as moved conffile.
  * Allow ptrace read/readby requests in AppArmor profile.
    Thanks to Salvo Tomaselli for the report and intrigeri for help with
    AppArmor. (Closes: #912587)
  * Restrict networking feature by default in firejail.config, as a new
    network namespace can circumvent packet filter of default namespace.
    Thanks to Alain Ducharme for the report. (Closes: #916920)

firejail (0.9.58~rc1-1) experimental; urgency=low

  * New upstream release candidate.
    - fix profile detection when path contains spaces (Closes: #903831)
  * Drop patch applied upstream.
  * Bump copyright years.
  * Bump Standards-Version to 4.3.0.

firejail (0.9.56-2) unstable; urgency=medium

  * Properly (re)move obsolete conffiles.
    Thanks to Paul Wise for repeatedly reporting these issues.
    (Closes: #909640)
  * Mark autopkgtests as flaky, as some tests behave differently than
    expected depending on the environment they are run in.
  * Cherry-pick upstream patches to skip some environment-dependent tests.

firejail (0.9.56-1) unstable; urgency=medium

  * New upstream release.
  * Move profiles test to unisolated test run.
  * Recommend iproute2 for tc used in fshaper.sh for --bandwidth feature.
  * Drop patch applied upstream.
  * Bump Standards-Version to 4.2.1.

firejail (0.9.56~rc1-1) experimental; urgency=low

  * New upstream release candidate.
    - evaluate UID_MIN at runtime instead of hardcoding during compilation
      (Closes: #900337)
  * Bump Standards-Version to 4.2.0.
  * debian/tests:
    - disable tests that attempt to access the internet
    - temporarily disable broken tests (fixed upstream already)
    - reorganize tests a bit; allow some to run unisolated

firejail (0.9.54-1) unstable; urgency=medium

  * New upstream release.

firejail (0.9.54~rc2-1) experimental; urgency=medium

  * New upstream release candidate.

firejail (0.9.54~rc1-1) experimental; urgency=low

  * New upstream release candidate.
    - mark ~/.homesick as read-only by default (Closes: #884579)
      Thanks to Alexander Gerasiov for the patch.
  * Add NEWS entry about new user restriction feature.
  * Add renamed profile to maintscript helper.
  * Use dh_missing for missed file detection instead of dh_install.
  * Bump copyright years.

firejail (0.9.52-3) unstable; urgency=medium

  * Move packaging VCS to salsa.
  * Bump Standards-Version to 4.1.4.
  * Add upstream metadata file.

firejail (0.9.52-2) unstable; urgency=medium

  * Cleanup removed conffile in correct binary package. (Closes: #884915)
  * Bump debhelper compatibility/dependency to 11.

firejail (0.9.52-1) unstable; urgency=medium

  * New upstream release.
    - new command to help building new profiles (--build) (Closes: #860942)
  * Drop patch applied upstream.
  * Remove lxterminal.profile conffile, which was deleted upstream.
  * Bump Standards-Version to 4.1.2.

firejail (0.9.50-3) unstable; urgency=medium

  * Upload to unstable.

firejail (0.9.50-2) experimental; urgency=low

  * Cherry-pick another seccomp-related build fix.

firejail (0.9.50-1) experimental; urgency=medium

  * New upstream release.
  * Drop build patch applied upstream.

firejail (0.9.50~rc1-2) experimental; urgency=low

  * Cherry-pick fix for build failure on some architectures.

firejail (0.9.50~rc1-1) experimental; urgency=low

  * New upstream release candidate.
    - Several profile fixes (Closes: #866014, #872287, #872720)
      Thanks to Martin Dosch for the reports and a patch.
    - Improve cross build support (Closes: #869707)
      Thanks to Helmut Grohne for providing the patch.
  * debian/copyright: Switch URLs to https.
  * Bump Standards-Version to 4.1.0.

firejail (0.9.48-2) unstable; urgency=medium

  * Upload to unstable.

firejail (0.9.48-1) experimental; urgency=low

  * New upstream release.
    - Allow jailed thunderbird to read mime data (Closes: #864510)
  * Run arguments and fcopy tests during autopkgtest.

firejail (0.9.46-2) experimental; urgency=low

  * Fix arch:all build by overriding dh_fixperms only for arch:any

firejail (0.9.46-1) experimental; urgency=low

  * New upstream release.
  * Replace patch which prevented installation of contrib scripts to
    /usr/lib with newly added configure option.
  * Add Xvfb as alternative recommendation for X isolation.

firejail (0.9.46~rc1-1) experimental; urgency=low

  * New upstream release candidate.
  * Split profiles into separate package (Closes: #850273).
    - New binary package firejail-profiles
    - Remove old profile conffiles from firejail binary package
    - Add NEWS to inform about the package split
  * debian/copyright:
    - Document copyright of contributed script
    - Update path of moved file
    - Bump copyright years to 2017
  * Install contrib scripts in doc directory.
  * Replace icedove with thunderbird in test dependencies.

firejail (0.9.44.10-1) experimental; urgency=medium

  * New upstream release.

firejail (0.9.44.8-1) unstable; urgency=medium

  * New upstream release.

firejail (0.9.44.6-1) unstable; urgency=medium

  * New upstream release.

firejail (0.9.44.4-1) unstable; urgency=high

  * New upstream release.
    - Security fixes for: CVE-2017-5180, CVE-2017-5206, CVE-2017-5207
      (Closes: #850528, #850558)
  * Drop patches applied upstream.

firejail (0.9.44.2-3) unstable; urgency=high

  * Add followup fix for CVE-2017-5180 (Closes: #850160).

firejail (0.9.44.2-2) unstable; urgency=high

  * Add upstream fix for CVE-2017-5180 (Closes: #850160).

firejail (0.9.44.2-1) unstable; urgency=medium

  * New upstream release.

firejail (0.9.44-1) unstable; urgency=medium

  * New upstream release.
    - Fix sandbox escape via terminal input buffer similar to
      SELinux's CVE-2016-7545.
  * Run apps-x11-xorg tests during autopkgtest.
  * Add xauth to Recommends for x11=xorg sandbox feature.

firejail (0.9.44~rc1-1) experimental; urgency=low

  * New upstream release candidate.
    - Fix program crashes with nvidia driver (Closes: #839868)
  * Add iptables to Recommends for netfilter feature.
  * Bump debhelper compat level to 10.
    - Drop --parallel, which is now default behavior

firejail (0.9.42-1) unstable; urgency=medium

  * New upstream release.

firejail (0.9.42~rc2-1) experimental; urgency=low

  * New upstream release candidate.
    - shell prompt no longer overwritten by default (Closes: #834256)
  * Drop patch for build failure, applied upstream.
  * Add upstream signing key.
  * Check upstream signature with uscan.
  * Install upstream README.
  * Enable AppArmor support.
  * Include upstream sysutils tests in autopkgtest run.

firejail (0.9.42~rc1-2) experimental; urgency=low

  * Cherry-pick upstream fix for build failure on non-x86 platforms.

firejail (0.9.42~rc1-1) experimental; urgency=low

  * New upstream release candidate.
  * Drop LXC patch applied upstream.
  * Add ping and wget to test dependencies.
  * Run autopkgtests in isolation-machine.

firejail (0.9.40-3) unstable; urgency=low

  * Replace patch for LXC support with improved version by upstream.
    Previous fix only worked for firejail as init process, not in
    user sessions inside containers (like with autopkgtest).

firejail (0.9.40-2) unstable; urgency=low

  * Remove obsolete conffiles (Closes: #825877).
  * Add iptables to test dependencies.
  * Cherry-pick upstream patch for LXC detection.
    autopkgtests were failing in LXC because firejail wrongly
    detected an already existing sandbox.
  * Add gbp.conf to enable pristine-tar by default.
  * Add Vcs-* fields; git repository is now in collab-maint.

firejail (0.9.40-1) unstable; urgency=low

  * New upstream release.
    - Fix legacy Opera profile (Closes: #819950)
  * Add autopkgtests to run upstream's test suite.
    - skip test target in debian/rules, which is run in autopkgtest

firejail (0.9.40~rc1-1) experimental; urgency=low

  * New upstream release candidate. (Closes: #823191)
  * Recommend xpra or xserver-xephyr for X11 isolation.
  * Drop autotools-dev; debhelper is now doing the same.
  * Bump copyright years to 2016.
  * Bump Standards-Version to 3.9.8.

firejail (0.9.38-1) unstable; urgency=low

  * New upstream release.
  * Bump standards version to 3.9.7.

firejail (0.9.36-1) unstable; urgency=low

  * New upstream release.
    - Support for logging of blacklist violations (Closes: #794837)
  * Updated Homepage field.
  * Dropped reproducibility patch, which has been applied upstream.
  * Dropped debian/missing-sources. Upstream removed binaries
    from release tarball.

firejail (0.9.34-1) unstable; urgency=low

  * New upstream release.
  * Drop libdir patch applied upstream.
  * Symlink source which lintian thinks is missing.

firejail (0.9.32-1) unstable; urgency=low

  * New upstream release.
  * Added README.Debian.
  * Added patch to fix the location of the lib dir.

firejail (0.9.28-1) unstable; urgency=low

  * New upstream release.
    - Common include for blacklisted directories (Closes: #789164)
    - Improved support for other architectures (Closes: #789317)
  * Enabled all Linux architectures again.
  * Removed unneeded debian/firejail.bash-completion file.

firejail (0.9.26-1) unstable; urgency=low

  * New upstream release.
  * Enabled all hardening options.
  * Amended reproducibility patch to use normalized locale.
  * Dropped usage of outdated bash-completion debhelper.
  * Limited architectures to supported ones (Closes: #789163).

firejail (0.9.24-1) unstable; urgency=low

  * New upstream release.
  * Dropped patches applied upstream.

firejail (0.9.22-1) unstable; urgency=low

  * Initial release (Closes: #777671)
parent 768f1186
firejail (0.9.58.2-2parrot1) testing; urgency=medium
* Import new Debian release.
* Include Parrot patches.
-- Lorenzo "Palinuro" Faletra <palinuro@parrotsec.org> Wed, 05 Jun 2019 17:28:12 +0200
firejail (0.9.58.2-2) unstable; urgency=high
* Cherry-pick security fix for seccomp bypass issue. (Closes: #929732)
......@@ -18,38 +11,6 @@ firejail (0.9.58.2-2) unstable; urgency=high
-- Reiner Herrmann <reiner@reiner-h.de> Wed, 29 May 2019 21:06:42 +0200
firejail (0.9.58.2-1parrot3.2) testing; urgency=medium
* Force inclusion of apparmor local profile.
-- Lorenzo "Palinuro" Faletra <palinuro@parrotsec.org> Wed, 03 Apr 2019 10:30:31 +0200
firejail (0.9.58.2-1parrot3.1) testing; urgency=medium
* Rebuild package.
-- Lorenzo "Palinuro" Faletra <palinuro@parrotsec.org> Wed, 03 Apr 2019 07:12:56 +0200
firejail (0.9.58.2-1parrot3) testing; urgency=medium
* Update patch for apparmor compilation.
-- Lorenzo "Palinuro" Faletra <palinuro@parrotsec.org> Wed, 03 Apr 2019 06:55:13 +0200
firejail (0.9.58.2-1parrot2) testing; urgency=medium
* Fix apparmor conflict when compiled on a build node without apparmor.
* Prevent firecfg from failing when executed as root without sudo.
-- Lorenzo "Palinuro" Faletra <palinuro@parrotsec.org> Wed, 03 Apr 2019 06:17:39 +0200
firejail (0.9.58.2-1parrot1) testing; urgency=medium
* Import new Debian release.
* Import Parrot profiles.
-- Lorenzo "Palinuro" Faletra <palinuro@parrotsec.org> Thu, 28 Feb 2019 02:25:11 +0100
firejail (0.9.58.2-1) unstable; urgency=medium
* New upstream release.
......@@ -65,51 +26,6 @@ firejail (0.9.58.2-1) unstable; urgency=medium
-- Reiner Herrmann <reiner@reiner-h.de> Fri, 08 Feb 2019 20:06:02 +0100
firejail (0.9.58-1parrot6.1) testing; urgency=medium
* Add /etc/alternatives support on most of the profiles.
* Merge recent fixes into parrot-patches.patch.
* Add networking to vscodium.
-- Lorenzo "Palinuro" Faletra <palinuro@parrotsec.org> Sat, 16 Feb 2019 16:55:26 +0100
firejail (0.9.58-1parrot5) testing; urgency=medium
* Fix torbrowser-launcher sandbox proile.
* Fix keepassxc sandbox profile.
* Fix thunderbird conflicts with firefox.
-- Lorenzo "Palinuro" Faletra <palinuro@parrotsec.org> Thu, 14 Feb 2019 02:40:48 +0100
firejail (0.9.58-1parrot4) testing; urgency=medium
* Fix thunderbird sandbox profile.
-- Lorenzo "Palinuro" Faletra <palinuro@parrotsec.org> Wed, 13 Feb 2019 00:05:36 +0100
firejail (0.9.58-1parrot3) testing; urgency=medium
* Fix several profiles with wrong join-or-start option.
* Fix firefox widevinecdm support.
-- Lorenzo "Palinuro" Faletra <palinuro@parrotsec.org> Thu, 07 Feb 2019 21:53:08 +0100
firejail (0.9.58-1parrot2) testing; urgency=medium
* Temporarily exclude libreoffice from sandbox (it does not work properly).
-- Lorenzo "Palinuro" Faletra <palinuro@parrotsec.org> Wed, 06 Feb 2019 09:01:59 +0100
firejail (0.9.58-1parrot1) testing; urgency=medium
* Import new Debian release.
* Remake custom profiles from scratch.
* Disable applications that don't have to be sandboxed.
* Enable root user for some editors and utilities.
* Add VSCodium profile.
-- Lorenzo "Palinuro" Faletra <palinuro@parrotsec.org> Tue, 05 Feb 2019 13:29:29 +0100
firejail (0.9.58-1) unstable; urgency=medium
* New upstream release.
......@@ -133,30 +49,6 @@ firejail (0.9.58~rc1-1) experimental; urgency=low
-- Reiner Herrmann <reiner@reiner-h.de> Mon, 21 Jan 2019 21:37:32 +0100
firejail (0.9.56-2parrot3) testing; urgency=medium
* Fix playonlinux profile (it needs python).
-- Lorenzo "Palinuro" Faletra <palinuro@parrotsec.org> Sat, 17 Nov 2018 03:34:57 +0100
firejail (0.9.56-2parrot2) testing; urgency=medium
[ CoffeeFou ]
* Fix discord profile.
[ Lorenzo "Palinuro" Faletra ]
* Fix torbrowser-launcher startup.
* Fix firefox profile (dbus and qbittorrent integration).
* Disable torbrowser-launcher profile (let's use apparmor for it).
-- CoffeeFou <coffeefou@protonmail.com> Thu, 18 Oct 2018 14:20:22 +0200
firejail (0.9.56-2parrot1) testing; urgency=medium
* Import new Debian patch to disable unwanted tests.
-- Lorenzo "Palinuro" Faletra <palinuro@parrotsec.org> Thu, 11 Oct 2018 19:19:31 +0200
firejail (0.9.56-2) unstable; urgency=medium
* Properly (re)move obsolete conffiles.
......@@ -168,20 +60,6 @@ firejail (0.9.56-2) unstable; urgency=medium
-- Reiner Herrmann <reiner@reiner-h.de> Mon, 01 Oct 2018 15:55:51 +0200
firejail (0.9.56-1parrot2) testing; urgency=medium
* Use ${VIDEOS} instead of ${VIDEO}
* Fix atril profile.
-- Lorenzo "Palinuro" Faletra <palinuro@parrotsec.org> Thu, 27 Sep 2018 10:21:07 +0200
firejail (0.9.56-1parrot1) testing; urgency=medium
* Import new Debian release.
* Updates Parrot patches.
-- Lorenzo "Palinuro" Faletra <palinuro@parrotsec.org> Wed, 26 Sep 2018 13:37:18 +0200
firejail (0.9.56-1) unstable; urgency=medium
* New upstream release.
......@@ -205,62 +83,6 @@ firejail (0.9.56~rc1-1) experimental; urgency=low
-- Reiner Herrmann <reiner@reiner-h.de> Thu, 16 Aug 2018 19:26:39 +0200
firejail (0.9.54-1parrot8) testing; urgency=medium
* Fix keepasscx profile.
-- Lorenzo "Palinuro" Faletra <palinuro@parrotsec.org> Mon, 27 Aug 2018 21:10:37 +0200
firejail (0.9.54-1parrot7) testing; urgency=medium
* Disable arduino sandbox.
-- Lorenzo "Palinuro" Faletra <palinuro@parrotsec.org> Tue, 21 Aug 2018 17:17:29 +0200
firejail (0.9.54-1parrot6) testing; urgency=medium
* Enable apparmor for libreoffice to fix system freeze.
-- Lorenzo "Palinuro" Faletra <palinuro@parrotsec.org> Sat, 11 Aug 2018 15:28:32 +0200
firejail (0.9.54-1parrot5.1) testing; urgency=medium
* Import Coffeefou merge requests to fix code and discord.
-- Lorenzo "Palinuro" Faletra <palinuro@parrotsec.org> Thu, 12 Jul 2018 00:32:26 +0200
firejail (0.9.54-1parrot5) testing; urgency=medium
* Update qbittorrent profile.
* Update torbrowser-launcher profile.
-- Lorenzo "Palinuro" Faletra <palinuro@parrotsec.org> Wed, 11 Jul 2018 23:50:32 +0200
firejail (0.9.54-1parrot4) testing; urgency=medium
* Update atril profile for nvidia/bumblebee OpenGL support.
-- Lorenzo "Palinuro" Faletra <palinuro@parrotsec.org> Mon, 25 Jun 2018 18:37:16 +0200
firejail (0.9.54-1parrot3) testing; urgency=medium
* Fix atril profile.
-- Lorenzo "Palinuro" Faletra <palinuro@parrotsec.org> Wed, 20 Jun 2018 15:44:53 +0200
firejail (0.9.54-1parrot2) testing; urgency=medium
* Fix libreoffice profile.
-- Lorenzo "Palinuro" Faletra <palinuro@parrotsec.org> Fri, 25 May 2018 14:54:42 +0200
firejail (0.9.54-1parrot1) testing; urgency=medium
* Import new Debian version.
* Re-apply and update old patches.
-- Lorenzo "Palinuro" Faletra <palinuro@parrotsec.org> Fri, 25 May 2018 03:23:17 +0200
firejail (0.9.54-1) unstable; urgency=medium
* New upstream release.
......@@ -285,12 +107,6 @@ firejail (0.9.54~rc1-1) experimental; urgency=low
-- Reiner Herrmann <reiner@reiner-h.de> Mon, 07 May 2018 22:42:16 +0200
firejail (0.9.52-3parrot1) testing; urgency=medium
* Rebuild for Parrot.
-- Lorenzo "Palinuro" Faletra <palinuro@parrotsec.org> Fri, 04 May 2018 15:02:40 +0200
firejail (0.9.52-3) unstable; urgency=medium
* Move packaging VCS to salsa.
......@@ -299,31 +115,6 @@ firejail (0.9.52-3) unstable; urgency=medium
-- Reiner Herrmann <reiner@reiner-h.de> Fri, 27 Apr 2018 19:42:28 +0200
firejail (0.9.52-2parrot3) testing; urgency=medium
* Fix keepassxc missing libraries.
-- Lorenzo "Palinuro" Faletra <palinuro@parrotsec.org> Mon, 16 Apr 2018 09:46:37 +0200
firejail (0.9.52-2parrot2) testing; urgency=medium
* Update atril profile.
* Update geany profile.
-- Lorenzo "Palinuro" Faletra <palinuro@localhost.localdomain> Mon, 08 Jan 2018 23:05:20 +0100
firejail (0.9.52-2parrot1) testing; urgency=medium
* fix libreoffice javaldx startup crash
-- Lorenzo "Palinuro" Faletra <palinuro@parrotsec.org> Sat, 30 Dec 2017 00:35:11 +0100
firejail (0.9.52-2parrot0) testing; urgency=medium
* Remove bleachbit from firecfg config.
-- Lorenzo "Palinuro" Faletra <palinuro@parrotsec.org> Thu, 28 Dec 2017 15:26:15 +0100
firejail (0.9.52-2) unstable; urgency=medium
* Cleanup removed conffile in correct binary package. (Closes: #884915)
......@@ -331,13 +122,6 @@ firejail (0.9.52-2) unstable; urgency=medium
-- Reiner Herrmann <reiner@reiner-h.de> Thu, 21 Dec 2017 18:53:32 +0100
firejail (0.9.52-1parrot0) testing; urgency=medium
* Import new Debian release.
* Reinclude profile patches.
-- Lorenzo "Palinuro" Faletra <palinuro@parrotsec.org> Tue, 26 Dec 2017 11:30:12 +0100
firejail (0.9.52-1) unstable; urgency=medium
* New upstream release.
......@@ -348,52 +132,6 @@ firejail (0.9.52-1) unstable; urgency=medium
-- Reiner Herrmann <reiner@reiner-h.de> Sat, 16 Dec 2017 14:07:29 +0100
firejail (0.9.50-3parrot6) testing; urgency=medium
* Fix libreoffice cache path.
-- Lorenzo "Palinuro" Faletra <palinuro@parrotsec.org> Mon, 11 Dec 2017 00:23:19 +0100
firejail (0.9.50-3parrot5) testing; urgency=medium
* Fix typo.
* Refresh patches.
-- Lorenzo "Palinuro" Faletra <palinuro@parrotsec.org> Tue, 05 Dec 2017 09:06:14 +0100
firejail (0.9.50-3parrot4) testing; urgency=medium
* Disable libreoffice devel blacklist.
-- Lorenzo "Palinuro" Faletra <palinuro@parrotsec.org> Fri, 01 Dec 2017 09:24:08 +0100
firejail (0.9.50-3parrot3) testing; urgency=medium
* Fix thunderbird compatibility with icedove profiles.
-- Lorenzo "Palinuro" Faletra <palinuro@parrotsec.org> Mon, 27 Nov 2017 23:15:30 +0100
firejail (0.9.50-3parrot2) testing; urgency=medium
* Update profiles.
-- Lorenzo "Palinuro" Faletra <palinuro@parrotsec.org> Mon, 27 Nov 2017 03:22:17 +0100
firejail (0.9.50-3parrot1) testing; urgency=medium
* Fix firefox rules.
-- Lorenzo "Palinuro" Faletra <palinuro@parrotsec.org> Tue, 31 Oct 2017 22:29:40 +0100
firejail (0.9.50-3parrot0) testing; urgency=medium
* Non-maintainer upload.
* Fix thunderbird rules.
* Fix display rules.
* Fix libreoffice rules.
-- Lorenzo "Palinuro" Faletra <palinuro@parrotsec.org> Mon, 30 Oct 2017 12:06:09 +0100
firejail (0.9.50-3) unstable; urgency=medium
* Upload to unstable.
......
Description: Disable some profiles.
Author: Lorenzo "Palinuro" Faletra <palinuro@parrotsec.org>
Last-Update: 2019-02-28
--- firejail-0.9.58.2.orig/src/firecfg/firecfg.config
+++ firejail-0.9.58.2/src/firecfg/firecfg.config
@@ -32,7 +32,7 @@ arch-audit
archaudit-report
ardour4
ardour5
-arduino
+#arduino
ark
arm
artha
@@ -54,7 +54,7 @@ basilisk
beaker
bibletime
bitlbee
-bleachbit
+#bleachbit
blender
blender-2.8
bless
@@ -80,10 +80,10 @@ chromium
chromium-browser
cin
cinelerra
-clamdscan
-clamdtop
-clamscan
-clamtk
+#clamdscan
+#clamdtop
+#clamscan
+#clamtk
claws-mail
clawsker
clementine
Description: Fix missing apparmor profiles.
firejail (0.9.58.2-1parrot3.2) testing; urgency=medium
.
* Force inclusion of apparmor local profile.
Author: Lorenzo "Palinuro" Faletra <palinuro@parrotsec.org>
Last-Update: 2019-04-03
--- firejail-0.9.58.2.orig/Makefile.in
+++ firejail-0.9.58.2/Makefile.in
@@ -131,9 +131,11 @@ endif
rm -fr .etc
ifeq ($(HAVE_APPARMOR),-DHAVE_APPARMOR)
# install apparmor profile
+ sh -c "mkdir -p $(DESTDIR)/$(sysconfdir)/apparmor.d/local"
sh -c "if [ ! -d $(DESTDIR)/$(sysconfdir)/apparmor.d ]; then install -d -m 755 $(DESTDIR)/$(sysconfdir)/apparmor.d; fi;"
install -c -m 0644 etc/firejail-default $(DESTDIR)/$(sysconfdir)/apparmor.d/.
sh -c "if [ ! -d $(DESTDIR)/$(sysconfdir)/apparmor.d/local ]; then install -d -m 755 $(DESTDIR)/$(sysconfdir)/apparmor.d/local; fi;"
+ install -c -m 0644 etc/firejail-local $(DESTDIR)/$(sysconfdir)/apparmor.d/local.
endif
# man pages
install -m 0755 -d $(DESTDIR)/$(mandir)/man1
Description: Include Parrot patches
firejail (0.9.58.2-2parrot1) testing; urgency=medium
.
* Import new Debian release.
* Include Parrot patches.
Author: Lorenzo "Palinuro" Faletra <palinuro@parrotsec.org>
Last-Update: 2019-06-05
--- firejail-0.9.58.2.orig/Makefile.in
+++ firejail-0.9.58.2/Makefile.in
@@ -131,9 +131,11 @@ endif
rm -fr .etc
ifeq ($(HAVE_APPARMOR),-DHAVE_APPARMOR)
# install apparmor profile
+ sh -c "mkdir -p $(DESTDIR)/$(sysconfdir)/apparmor.d/local"
sh -c "if [ ! -d $(DESTDIR)/$(sysconfdir)/apparmor.d ]; then install -d -m 755 $(DESTDIR)/$(sysconfdir)/apparmor.d; fi;"
install -c -m 0644 etc/firejail-default $(DESTDIR)/$(sysconfdir)/apparmor.d/.
sh -c "if [ ! -d $(DESTDIR)/$(sysconfdir)/apparmor.d/local ]; then install -d -m 755 $(DESTDIR)/$(sysconfdir)/apparmor.d/local; fi;"
+ install -c -m 0644 etc/firejail-local $(DESTDIR)/$(sysconfdir)/apparmor.d/local.
endif
# man pages
install -m 0755 -d $(DESTDIR)/$(mandir)/man1
--- /dev/null
+++ firejail-0.9.58.2/Makefile.in.orig
@@ -0,0 +1,331 @@
+all: apps man filters
+MYLIBS = src/lib
+APPS = src/firejail src/firemon src/fsec-print src/fsec-optimize src/firecfg src/fnetfilter src/libtrace src/libtracelog src/ftee src/faudit src/fnet src/fseccomp src/fbuilder src/fcopy src/fldd src/libpostexecseccomp
+MANPAGES = firejail.1 firemon.1 firecfg.1 firejail-profile.5 firejail-login.5 firejail-users.5
+SECCOMP_FILTERS = seccomp seccomp.debug seccomp.32 seccomp.block_secondary seccomp.mdwx
+
+prefix=@prefix@
+exec_prefix=@exec_prefix@
+bindir=@bindir@
+libdir=@libdir@
+datarootdir=@datarootdir@
+mandir=@mandir@
+sysconfdir=@sysconfdir@
+
+VERSION=@PACKAGE_VERSION@
+NAME=@PACKAGE_NAME@
+PACKAGE_TARNAME=@PACKAGE_TARNAME@
+DOCDIR=@docdir@
+HAVE_SECCOMP=@HAVE_SECCOMP@
+HAVE_APPARMOR=@HAVE_APPARMOR@
+HAVE_CONTRIB_INSTALL=@HAVE_CONTRIB_INSTALL@
+BUSYBOX_WORKAROUND=@BUSYBOX_WORKAROUND@
+HAVE_SUID=@HAVE_SUID@
+
+.PHONY: mylibs $(MYLIBS)
+mylibs: $(MYLIBS)
+$(MYLIBS):
+ $(MAKE) -C $@
+
+.PHONY: apps $(APPS)
+apps: $(APPS)
+$(APPS): $(MYLIBS)
+ $(MAKE) -C $@
+
+$(MANPAGES): $(wildcard src/man/*.txt)
+ ./mkman.sh $(VERSION) src/man/$(basename $@).txt $@
+
+man: $(MANPAGES)
+
+filters: src/fseccomp
+ifeq ($(HAVE_SECCOMP),-DHAVE_SECCOMP)
+ src/fseccomp/fseccomp default seccomp
+ src/fsec-optimize/fsec-optimize seccomp
+ src/fseccomp/fseccomp default seccomp.debug allow-debuggers
+ src/fsec-optimize/fsec-optimize seccomp.debug
+ src/fseccomp/fseccomp secondary 32 seccomp.32
+ src/fsec-optimize/fsec-optimize seccomp.32
+ src/fseccomp/fseccomp secondary block seccomp.block_secondary
+ src/fseccomp/fseccomp memory-deny-write-execute seccomp.mdwx
+endif
+
+clean:
+ for dir in $(APPS) $(MYLIBS); do \
+ $(MAKE) -C $$dir clean; \
+ done
+ rm -f $(MANPAGES) $(MANPAGES:%=%.gz) firejail*.rpm
+ rm -f $(SECCOMP_FILTERS)
+ rm -f test/utils/index.html*
+ rm -f test/utils/wget-log
+ rm -f test/utils/lstesting
+ rm -f test/environment/index.html*
+ rm -f test/environment/wget-log*
+ rm -fr test/environment/-testdir
+ rm -f test/environment/logfile*
+ rm -f test/environment/index.html
+ rm -f test/environment/wget-log
+ rm -f test/sysutils/firejail_t*
+ cd test/compile; ./compile.sh --clean; cd ../..
+
+distclean: clean
+ for dir in $(APPS) $(MYLIBS); do \
+ $(MAKE) -C $$dir distclean; \
+ done
+ rm -fr Makefile autom4te.cache config.log config.status config.h dummy.o src/common.mk
+
+realinstall:
+ # firejail executable
+ install -m 0755 -d $(DESTDIR)/$(bindir)
+ install -c -m 0755 src/firejail/firejail $(DESTDIR)/$(bindir)/.
+ifeq ($(HAVE_SUID),yes)
+ chmod u+s $(DESTDIR)/$(bindir)/firejail
+endif
+ # firemon executable
+ install -c -m 0755 src/firemon/firemon $(DESTDIR)/$(bindir)/.
+ # firecfg executable
+ install -c -m 0755 src/firecfg/firecfg $(DESTDIR)/$(bindir)/.
+ # libraries and plugins
+ install -m 0755 -d $(DESTDIR)/$(libdir)/firejail
+ install -c -m 0644 src/libtrace/libtrace.so $(DESTDIR)/$(libdir)/firejail/.
+ install -c -m 0644 src/libtracelog/libtracelog.so $(DESTDIR)/$(libdir)/firejail/.
+ install -c -m 0644 src/libpostexecseccomp/libpostexecseccomp.so $(DESTDIR)/$(libdir)/firejail/.
+ install -c -m 0755 src/ftee/ftee $(DESTDIR)/$(libdir)/firejail/.
+ install -c -m 0755 src/fshaper/fshaper.sh $(DESTDIR)/$(libdir)/firejail/.
+
+ install -c -m 0644 src/firecfg/firecfg.config $(DESTDIR)/$(libdir)/firejail/.
+ install -c -m 0755 src/faudit/faudit $(DESTDIR)/$(libdir)/firejail/.
+ install -c -m 0755 src/fnet/fnet $(DESTDIR)/$(libdir)/firejail/.
+ install -c -m 0755 src/fnetfilter/fnetfilter $(DESTDIR)/$(libdir)/firejail/.
+ install -c -m 0755 src/fcopy/fcopy $(DESTDIR)/$(libdir)/firejail/.
+ install -c -m 0755 src/fldd/fldd $(DESTDIR)/$(libdir)/firejail/.
+ install -c -m 0755 src/fbuilder/fbuilder $(DESTDIR)/$(libdir)/firejail/.
+ifeq ($(HAVE_SECCOMP),-DHAVE_SECCOMP)
+ install -c -m 0755 src/fsec-print/fsec-print $(DESTDIR)/$(libdir)/firejail/.
+ install -c -m 0755 src/fsec-optimize/fsec-optimize $(DESTDIR)/$(libdir)/firejail/.
+ install -c -m 0755 src/fseccomp/fseccomp $(DESTDIR)/$(libdir)/firejail/.
+ install -c -m 0644 seccomp $(DESTDIR)/$(libdir)/firejail/.
+ install -c -m 0644 seccomp.debug $(DESTDIR)/$(libdir)/firejail/.
+ install -c -m 0644 seccomp.32 $(DESTDIR)/$(libdir)/firejail/.
+ install -c -m 0644 seccomp.block_secondary $(DESTDIR)/$(libdir)/firejail/.
+ install -c -m 0644 seccomp.mdwx $(DESTDIR)/$(libdir)/firejail/.
+endif
+ifeq ($(HAVE_CONTRIB_INSTALL),yes)
+ install -c -m 0755 contrib/fix_private-bin.py $(DESTDIR)/$(libdir)/firejail/.
+ install -c -m 0755 contrib/fjclip.py $(DESTDIR)/$(libdir)/firejail/.
+ install -c -m 0755 contrib/fjdisplay.py $(DESTDIR)/$(libdir)/firejail/.
+ install -c -m 0755 contrib/fjresize.py $(DESTDIR)/$(libdir)/firejail/.
+ install -c -m 0755 contrib/fj-mkdeb.py $(DESTDIR)/$(libdir)/firejail/.
+endif
+ # documents
+ install -m 0755 -d $(DESTDIR)/$(DOCDIR)
+ install -c -m 0644 COPYING $(DESTDIR)/$(DOCDIR)/.
+ install -c -m 0644 README $(DESTDIR)/$(DOCDIR)/.
+ install -c -m 0644 RELNOTES $(DESTDIR)/$(DOCDIR)/.
+ # etc files
+ ./mketc.sh $(sysconfdir) $(BUSYBOX_WORKAROUND)
+ install -m 0755 -d $(DESTDIR)/$(sysconfdir)/firejail
+ for file in .etc/* etc/firejail.config; do \
+ install -c -m 0644 $$file $(DESTDIR)/$(sysconfdir)/firejail; \
+ done
+ sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;"
+ rm -fr .etc
+ifeq ($(HAVE_APPARMOR),-DHAVE_APPARMOR)
+ # install apparmor profile
+ sh -c "mkdir -p $(DESTDIR)/$(sysconfdir)/apparmor.d/local"
+ sh -c "if [ ! -d $(DESTDIR)/$(sysconfdir)/apparmor.d ]; then install -d -m 755 $(DESTDIR)/$(sysconfdir)/apparmor.d; fi;"
+ install -c -m 0644 etc/firejail-default $(DESTDIR)/$(sysconfdir)/apparmor.d/.
+ sh -c "if [ ! -d $(DESTDIR)/$(sysconfdir)/apparmor.d/local ]; then install -d -m 755 $(DESTDIR)/$(sysconfdir)/apparmor.d/local; fi;"
+ install -c -m 0644 etc/firejail-local $(DESTDIR)/$(sysconfdir)/apparmor.d/local.
+endif
+ # man pages
+ install -m 0755 -d $(DESTDIR)/$(mandir)/man1
+ install -m 0755 -d $(DESTDIR)/$(mandir)/man5
+ for man in $(MANPAGES); do \
+ rm -f $$man.gz; \
+ gzip -9n $$man; \
+ case "$$man" in \
+ *.1) install -c -m 0644 $$man.gz $(DESTDIR)/$(mandir)/man1/; ;; \
+ *.5) install -c -m 0644 $$man.gz $(DESTDIR)/$(mandir)/man5/; ;; \
+ esac; \
+ done
+ rm -f $(MANPAGES) $(MANPAGES:%=%.gz)
+ # bash completion
+ install -m 0755 -d $(DESTDIR)/$(datarootdir)/bash-completion/completions
+ install -c -m 0644 src/bash_completion/firejail.bash_completion $(DESTDIR)/$(datarootdir)/bash-completion/completions/firejail
+ install -c -m 0644 src/bash_completion/firemon.bash_completion $(DESTDIR)/$(datarootdir)/bash-completion/completions/firemon
+ install -c -m 0644 src/bash_completion/firecfg.bash_completion $(DESTDIR)/$(datarootdir)/bash-completion/completions/firecfg
+
+install: all
+ $(MAKE) realinstall
+
+install-strip: all
+ strip src/firejail/firejail
+ strip src/firemon/firemon
+ strip src/firecfg/firecfg
+ strip src/libtrace/libtrace.so
+ strip src/libtracelog/libtracelog.so
+ strip src/libpostexecseccomp/libpostexecseccomp.so
+ strip src/ftee/ftee
+ strip src/faudit/faudit
+ strip src/fnet/fnet
+ strip src/fnetfilter/fnetfilter
+ strip src/fseccomp/fseccomp
+ strip src/fsec-print/fsec-print
+ strip src/fsec-optimize/fsec-optimize
+ strip src/fcopy/fcopy
+ strip src/fldd/fldd
+ strip src/fbuilder/fbuilder
+ $(MAKE) realinstall
+
+uninstall:
+ rm -f $(DESTDIR)/$(bindir)/firejail
+ rm -f $(DESTDIR)/$(bindir)/firemon
+ rm -f $(DESTDIR)/$(bindir)/firecfg
+ rm -fr $(DESTDIR)/$(libdir)/firejail
+ rm -fr $(DESTDIR)/$(datarootdir)/doc/firejail
+ for man in $(MANPAGES); do \
+ rm -f $(DESTDIR)/$(mandir)/man5/$$man*; \
+ rm -f $(DESTDIR)/$(mandir)/man1/$$man*; \
+ done
+ rm -f $(DESTDIR)/$(datarootdir)/bash-completion/completions/firejail
+ rm -f $(DESTDIR)/$(datarootdir)/bash-completion/completions/firemon
+ rm -f $(DESTDIR)/$(datarootdir)/bash-completion/completions/firecfg
+
+DISTFILES = "src etc platform contrib configure configure.ac dummy.c Makefile.in install.sh mkman.sh mketc.sh mkdeb.sh mkdeb-apparmor.sh COPYING README RELNOTES"
+DISTFILES_TEST = "test/apps test/apps-x11 test/apps-x11-xorg test/root test/fcopy test/environment test/profiles test/utils test/compile test/filters test/network test/arguments test/fs test/sysutils test/chroot"
+
+dist:
+ mv config.status config.status.old
+ make distclean
+ mv config.status.old config.status
+ rm -fr $(NAME)-$(VERSION) $(NAME)-$(VERSION).tar.xz
+ mkdir -p $(NAME)-$(VERSION)/test
+ cp -a "$(DISTFILES)" $(NAME)-$(VERSION)
+ cp -a "$(DISTFILES_TEST)" $(NAME)-$(VERSION)/test
+ rm -rf $(NAME)-$(VERSION)/src/tools
+ find $(NAME)-$(VERSION) -name .svn -delete
+ tar -cJvf $(NAME)-$(VERSION).tar.xz $(NAME)-$(VERSION)
+ rm -fr $(NAME)-$(VERSION)
+
+asc:; ./mkasc.sh $(VERSION)
+
+deb: dist
+ ./mkdeb.sh $(NAME) $(VERSION)
+
+deb-apparmor: dist
+ ./mkdeb-apparmor.sh $(NAME) $(VERSION)
+
+snap: all
+ cd platform/snap; ./snap.sh
+
+install-snap: snap
+ sudo snap remove faudit; sudo snap install faudit*.snap
+
+test-compile: dist
+ cd test/compile; ./compile.sh $(NAME)-$(VERSION)
+
+.PHONY: rpms
+rpms: