Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package firejail for openSUSE:Factory checked in at 2022-06-23 10:23:38 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/firejail (Old) and /work/SRC/openSUSE:Factory/.firejail.new.1548 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "firejail" Thu Jun 23 10:23:38 2022 rev:17 rq:984254 version:0.9.70 Changes: -------- --- /work/SRC/openSUSE:Factory/firejail/firejail.changes 2022-06-09 14:12:04.800551139 +0200 +++ /work/SRC/openSUSE:Factory/.firejail.new.1548/firejail.changes 2022-06-23 10:23:58.739720992 +0200 @@ -1,0 +2,42 @@ +Tue Jun 14 20:21:18 UTC 2022 - Sebastian Wagner <[email protected]> + +- remove patches fix-internet-access.patch and fix-CVE-2022-31214.patch + as they are integrated upstream +- update to version 0.9.70: + - security: CVE-2022-31214 - root escalation in --join logic + - Reported by Matthias Gerstner, working exploit code was provided to our + - development team. In the same time frame, the problem was independently + - reported by Birk Blechschmidt. Full working exploit code was also provided. + - feature: enable shell tab completion with --tab (#4936) + - feature: disable user profiles at compile time (#4990) + - feature: Allow resolution of .local names with avahi-daemon in the apparmor + - profile (#5088) + - feature: always log seccomp errors (#5110) + - feature: firecfg --guide, guided user configuration (#5111) + - feature: --oom, kernel OutOfMemory-killer (#5122) + - modif: --ids feature needs to be enabled at compile time (#5155) + - modif: --nettrace only available to root user + - rework: whitelist restructuring (#4985) + - rework: firemon, speed up and lots of fixes + - bugfix: --private-cwd not expanding macros, broken hyperrogue (#4910) + - bugfix: nogroups + wrc prints confusing messages (#4930 #4933) + - bugfix: openSUSE Leap - whitelist-run-common.inc (#4954) + - bugfix: fix printing in evince (#5011) + - bugfix: gcov: fix gcov functions always declared as dummy (#5028) + - bugfix: Stop warning on safe supplementary group clean (#5114) + - build: remove ultimately unused INSTALL and RANLIB check macros (#5133) + - build: mkdeb.sh.in: pass remaining arguments to ./configure (#5154) + - ci: replace centos (EOL) with almalinux (#4912) + - ci: fix --version not printing compile-time features (#5147) + - ci: print version after install & fix apparmor support on build_apparmor + - (#5148) + - docs: Refer to firejail.config in configuration files (#4916) + - docs: firejail.config: add warning about allow-tray (#4946) + - docs: mention that the protocol command accumulates (#5043) + - docs: mention inconsistent homedir bug involving --private=dir (#5052) + - docs: mention capabilities(7) on --caps (#5078) + - new profiles: onionshare, onionshare-cli, opera-developer, songrec + - new profiles: node-gyp, npx, semver, ping-hardened + - removed profiles: nvm + +------------------------------------------------------------------- Old: ---- firejail-0.9.68.tar.xz firejail-0.9.68.tar.xz.asc fix-CVE-2022-31214.patch fix-internet-access.patch New: ---- firejail-0.9.70.tar.xz firejail-0.9.70.tar.xz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ firejail.spec ++++++ --- /var/tmp/diff_new_pack.snGxRv/_old 2022-06-23 10:23:59.159721448 +0200 +++ /var/tmp/diff_new_pack.snGxRv/_new 2022-06-23 10:23:59.163721452 +0200 @@ -17,7 +17,7 @@ Name: firejail -Version: 0.9.68 +Version: 0.9.70 Release: 0 Summary: Linux namepaces sandbox program License: GPL-2.0-only @@ -27,10 +27,6 @@ Source1: https://github.com/netblue30/%{name}/releases/download/%{version}/%{name}-%{version}.tar.xz.asc # https://firejail.wordpress.com/download-2/ Source2: %{name}.keyring -# PATCH-FIX-UPSTREAM fix-internet-access.patch -- from https://github.com/netblue30/firejail/commit/bb334a8fd4f0911a8dfa1538d02fbd0574b81333.patch -Patch0: fix-internet-access.patch -# PATCH-FIX-UPSTREAM fix-CVE-2022-31214.patch -- from https://github.com/netblue30/firejail/commit/27cde3d7d1e4e16d4190932347c7151dc2a84c50 and https://github.com/netblue30/firejail/commit/dab835e7a0eb287822016f5ae4e87f46e1d363e7.patch and https://github.com/netblue30/firejail/commit/1884ea22a90d225950d81c804f1771b42ae55f54 -Patch1: fix-CVE-2022-31214.patch BuildRequires: fdupes BuildRequires: gcc-c++ BuildRequires: libapparmor-devel @@ -69,8 +65,6 @@ %prep %setup -q sed -i '1s/^#!\/usr\/bin\/env /#!\/usr\/bin\//' contrib/fj-mkdeb.py contrib/fjclip.py contrib/fjdisplay.py contrib/fjresize.py contrib/sort.py contrib/fix_private-bin.py contrib/jail_prober.py -%patch0 -p1 -%patch1 -p1 %build %configure --docdir=%{_docdir}/%{name} \ ++++++ firejail-0.9.68.tar.xz -> firejail-0.9.70.tar.xz ++++++ ++++ 13325 lines of diff (skipped)
