Debian release 0.9.52-3parrot1

Debian release 0.9.52-2parrot3

Debian release 0.9.52-2parrot2

Debian release 0.9.52-2parrot1

Debian release 0.9.52-2parrot0

Debian release 0.9.52-1parrot0

Debian release 0.9.52-1

Upstream version 0.9.52

Debian release 0.9.50-3parrot5

Debian release 0.9.50-3parrot4

Debian release 0.9.50-3parrot3

Debian release 0.9.50-3parrot1

Debian release 0.9.50-3parrot0

Upstream version 0.9.50

Version 0.9.50

  * modif: --output split in two commands, --output and --output-stderr
  * feature: per-profile disable-mnt (--disable-mnt)
  * feature: per-profile support to set X11 Xephyr screen size (--xephyr-screen)
  * feature: private /lib directory (--private-lib)
  * feature: disable CDROM/DVD drive (--nodvd)
  * feature: disable DVB devices (--notv)
  * feature: --profile.print
  * enhancement: print all seccomp filters under --debug
  * enhancement: /proc/sys mounting
  * enhancement: rework IP address assingment for --net options
  * enhancement: support for newer Xpra versions (2.1+) -
     set xpra-attach yes in /etc/firejail/firejail.config
  * enhancement: all profiles use a standard layout style
  * enhancement: create /usr/local for firecfg if the directory doesn't exist
  * enhancement: allow full paths in --private-bin
  * seccomp feature: --memory-deny-write-execute
  * seccomp feature: seccomp post-exec
  * seccomp feature: block secondary architecture (--seccomp.block_secondary)
  * seccomp feature: seccomp syscall groups
  * seccomp enhancement: print all seccomp filters under --debug
  * seccomp enhancement: default seccomp list update
  * new profiles: curl, mplayer2, SMPlayer, Calibre, ebook-viewer, KWrite,
  * new profiles: Geary, Liferea, peek, silentarmy, IntelliJ IDEA,
  * new profiles: Android Studio, electron, riot-web, Extreme Tux Racer,
  * new profiles: Frozen Bubble, Open Invaders, Pingus, Simutrans, SuperTux
  * new profiles: telegram-desktop, arm, rambox, apktool, baobab, dex2jar, gitg,
  * new profiles: hashcat, obs, picard, remmina, sdat2img, soundconverter
  * new profiles: truecraft, gnome-twitch, tuxguitar, musescore, neverball
  * new profiles: sqlitebrowse, Yandex Browser, minetest
  * bugfixes

Version 0.9.50~rc1
  * modif: --output split in two commands, --output and --output-stderr
  * feature: per-profile disable-mnt (--disable-mnt)
  * feature: per-profile support to set X11 Xephyr screen size (--xephyr-screen)
  * feature: private /lib directory (--private-lib)
  * feature: disable CDROM/DVD drive (--nodvd)
  * feature: disable DVB devices (--notv)
  * enhancement: print all seccomp filters under --debug
  * enhancement: /proc/sys mounting
  * enhancement: rework IP address assingment for --net options
  * enhancement: support for newer Xpra versions (2.1+) -
     set xpra-attach yes in /etc/firejail/firejail.config
  * enhancement: all profiles use a standard layout style
  * enhancement: create /usr/local for firecfg if the directory doesn't exist
  * enhancement: allow full paths in --private-bin
  * seccomp feature: --memory-deny-write-execute
  * seccomp feature: seccomp post-exec
  * seccomp feature: block secondary architecture (--seccomp.block_secondary)
  * seccomp feature: seccomp syscall groups
  * seccomp enhancement: print all seccomp filters under --debug
  * seccomp enhancement: default seccomp list update
  * new profiles: curl, mplayer2, SMPlayer, Calibre, ebook-viewer, KWrite,
  * new profiles: Geary, Liferea, peek, silentarmy, IntelliJ IDEA,
  * new profiles: Android Studio, electron, riot-web, Extreme Tux Racer,
  * new profiles: Frozen Bubble, Open Invaders, Pingus, Simutrans, SuperTux
  * new profiles: telegram-desktop, arm, rambox, apktool, baobab, dex2jar, gitg,
  * new profiles: hashcat, obs, picard, remmina, sdat2img, soundconverter
  * new profiles: truecraft, gnome-twitch, tuxguitar, musescore, neverball
  * new profiles: sqlitebrowse,
  * bugfixes

Version 0.9.48

  * modifs: whitelisted Transmission, Deluge, qBitTorrent, KTorrent;
    please use ~/Downloads directory for saving files
  * modifs: AppArmor made optional; a warning is printed on the screen
    if the sandbox fails to load the AppArmor profile
  * feature: --novideo
  * feature: drop discretionary access control capabilities for
    root sandboxes
  * feature: added /etc/firejail/globals.local for global customizations
  * feature: profile support in overlayfs mode
  * new profiles: vym, darktable, Waterfox, digiKam, Catfish, HandBrake
  * bugfixes

Version 0.9.46

  * security: split most of networking code in a separate executable
  * security: split seccomp filter code configuration in a separate executable
  * security: split file copying in private option in a separate executable
  * feature: disable gnupg and systemd directories under /run/user
  * feature: test coverage (gcov) support
  * feature: allow root user access to /dev/shm (--noblacklist=/dev/shm)
  * feature: private /opt directory (--private-opt, profile support)
  * feature: private /srv directory (--private-srv, profile support)
  * feature: spoof machine-id (--machine-id, profile support)
  * feature: allow blacklists under --private (--allow-private-blacklist,
    profile support)
  * feature: user-defined /etc/hosts file (--hosts-file, profile support)
  * feature: support for the real /var/log directory (--writable-var-log,
    profile support)
  * feature: config support for firejail prompt in terminals
  * feature: AppImage type 2 support
  * feature: pass command line arguments to appimages
  * feature: allow non-seccomp setup for OverlayFS sandboxes - more work to come
  * feature: added a number of Python scripts for handling sandboxes
  * feature: allow local customization using .local files under /etc/firejail
  * feature: follow-symlink-as-user runtime config option in
    /etc/firejail/firejail.config
  * feature: follow-symlink-private-bin option in /etc/firejail/firejail.config
  * feature: xvfb X11 server support (--x11=xvfb)
  * feature: allow /tmp directory in mkdir and mkfile profile commands
  * feature: implemented --noblacklist command, profile support
  * feature: config support to disable access to /mnt and /media (disable-mnt)
  * feature: config support to disable join (join)
  * feature: disabled Go, Rust, and OpenSSL in disable-devel.conf
  * feature: support overlay, overlay-named and overlay-tmpfs in profile files
  * feature: allow PulseAudio sockets in --private-tmp
  * feature: --fix-sound support in firecfg
  * feature: added support for sandboxing Xpra, Xvfb and Xephyr in
    independent sandboxes when started with firejail --x11
  * feature: enable automatic X server sandboxing for --x11=xpra
    and --x11=xephyr
  * feature: support for Xpra extra params in firejail config file
  * new profiles: xiphos, Tor Browser Bundle, display (imagemagick), Wire,
  * new profiles: mumble, zoom, Guayadeque, qemu, keypass2, xed, pluma,
  * new profiles: Cryptocat, Bless, Gnome 2048, Gnome Calculator,
  * new profiles: Gnome Contacts, JD-GUI, Lollypop, MultiMC5, PDFSam, Pithos,
  * new profiles: Xonotic, wireshark, keepassx2, QupZilla, FossaMail,
  * new profiles: Uzbl browser, iridium browser, Thunar, Geeqie, Engrampa,
  * new profiles: Scribus, mousepad, gpicview, keepassxc, cvlc, MediathekView,
  * new profiles: baloo_file, Nylas, dino, BibleTime, viewnior, Kodi, viking,
  * new profiles: youtube-dl, meld, Arduino, Akregator, KCalc, KTorrent,
  * new profiles: Orage Globaltime, Orage Clendar, xfce4-notes, xfce4-dict,
  * new profiles: Ristretto, PCManFM, Dia, FontForge, Geany, Hugin,
  * new profiles: mate-calc, mate-dictionary, mate-color-select, caja,
  * new profiles: galculator, Nemo, gnome-font-viewer, gucharmap, knotes
  * new profiles: clipit, leafpad, lximage-qt, lxmusic, qlipper, Xvfb, Xephyr
  * new profiles: Blender, 2048-qt
  * bugfixes

Version 0.9.46~rc1
  * development version, work in progress
  * security: split most of networking code in a separate executable
  * security: split seccomp filter code configuration in a separate executable
  * security: split file copying in private option in a separate executable
  * feature: disable gnupg and systemd directories under /run/user
  * feature: test coverage (gcov) support
  * feature: allow root user access to /dev/shm (--noblacklist=/dev/shm)
  * feature: private /opt directory (--private-opt, profile support)
  * feature: private /srv directory (--private-srv, profile support)
  * feature: spoof machine-id (--machine-id, profile support)
  * feature: allow blacklists under --private (--allow-private-blacklist,
    profile support)
  * feature: user-defined /etc/hosts file (--hosts-file, profile support)
  * feature: support for the real /var/log directory (--writable-var-log,
    profile support)
  * feature: config support for firejail prompt in terminals
  * feature: AppImage type 2 support
  * feature: pass command line arguments to appimages
  * feature: allow non-seccomp setup for OverlayFS sandboxes - more work to come
  * feature: added a number of Python scripts for handling sandboxes
  * feature: allow local customization using .local files under /etc/firejail
  * feature: follow-symlink-as-user runtime config option in
    /etc/firejail/firejail.config
  * feature: follow-symlink-private-bin option in /etc/firejail/firejail.config
  * feature: xvfb X11 server support (--x11=xvfb)
  * feature: allow /tmp directory in mkdir and mkfile profile commands
  * feature: implemented --noblacklist command, profile support
  * feature: config support to disable access to /mnt and /media (disable-mnt)
  * feature: config support to disable join (join)
  * feature: disabled Go, Rust, and OpenSSL in disable-devel.conf
  * new profiles: xiphos, Tor Browser Bundle, display (imagemagik), Wire,
  * new profiles: mumble, zoom, Guayadeque, qemu, keypass2, xed, pluma,
  * new profiles: Cryptocat, Bless, Gnome 2048, Gnome Calculator,
  * new profiles: Gnome Contacts, JD-GUI, Lollypop, MultiMC5, PDFSam, Pithos,
  * new profies: Xonotic, wireshark, keepassx2, QupZilla, FossaMail,
  * new profiles: Uzbl browser, iridium browser, Thunar, Geeqie, Engrampa
  * new profiles: Scribus, mousepad, gpicview, keepassxc, cvlc, MediathekView
  * bugfixes

Version 0.9.44.10
  * security: when using --x11=xorg and --net, incorrect processing of
    the return code of /usr/bin/xauth could end up in starting the
    sandbox without X11 security extension installed. Problem found/fixed
    by Zack Weinberg
  * bugfix: ~/.pki directory whitelisted and later blacklisted. This affects
    most browsers, and disables the custom certificates installed by the user
  * bugfix: firecfg config fix
  * bugfix: gajim security profile fix
  * bugfix: man page fix
  * bugfix: force-nonewprivs fix for /etc/firejail/firejail.config
  * bugfix: xephyr-extra-params fix for /etc/firejail/firejail.config
  * bugfix: memory corruption in noblacklist processing
  * bugfix: --quiet fix for Arch and Fedora systems
  * bugfix: updated Keepass(x) profiles
  * bugfix: firemon --nowrap problem
  * bugfix: document firemon --nowrap in man page and in --help option
  * bugfix: bash completion for --noblacklist command
  * bugfix: vlc profile fix
  * bugfix: fixed handling of .local profile files when the software is
    installed in ~/.local directory
  * bugfix: temporarily remove private-tmp from all profiles, until a fix for
    .Xauthority file handling in KDE becomes available
  * maintenance: --output cleanup
  * maintenance: updated copyright statement in all files