Hello community, here is the log from the commit of package firejail for openSUSE:Factory checked in at 2019-06-04 12:14:58 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/firejail (Old) and /work/SRC/openSUSE:Factory/.firejail.new.5148 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "firejail" Tue Jun 4 12:14:58 2019 rev:4 rq:707400 version:0.9.60 Changes: -------- --- /work/SRC/openSUSE:Factory/firejail/firejail.changes 2019-02-04 14:25:05.313062959 +0100 +++ /work/SRC/openSUSE:Factory/.firejail.new.5148/firejail.changes 2019-06-04 12:15:06.139767497 +0200 @@ -1,0 +2,34 @@ +Sun Jun 2 16:30:42 UTC 2019 - Sebastian Wagner <[email protected]> + +- update to version 0.9.60: + * security bug reported by Austin Morton: + Seccomp filters are copied into /run/firejail/mnt, and are writable + within the jail. A malicious process can modify files from inside the + jail. Processes that are later joined to the jail will not have seccomp + filters applied. + CVE-2019-12589 + boo#1137139 + * memory-deny-write-execute now also blocks memfd_create + * add private-cwd option to control working directory within jail + * blocking system D-Bus socket with --nodbus + * bringing back Centos 6 support + * drop support for flatpak/snap packages + * new profiles: crow, nyx, mypaint, celluoid, nano, transgui, mpdris2 + * new profiles: sysprof, simplescreenrecorder, geekbench, xfce4-mixer + * new profiles: pavucontrol, d-feet, seahorse, secret-tool, gnome-keyring + * new profiles: regextester, hardinfo, gnome-system-log, gnome-nettool + * new profiles: netactview, redshift, devhelp, assogiate, subdownloader + * new profiles: font-manager, exfalso, gconf-editor, dconf-editor + * new profiles: sysprof-cli, seahorse-tool, secret-tool, dconf, gsettings + * new profiles: code-oss, pragha, Maelstrom, ostrichriders, bzflag + * new profiles: freeciv, lincity-ng, megaglest, openttd, crawl, crawl-tiles + * new profiles: teeworlds, torcs, tremulous, warsow, lugaru, manaplus + * new profiles: pioneer, scorched3d, widelands, freemind, kid3, kid3-qt + * new profiles: kid3-cli, nomacs, freecol, opencity, openclonk, slashem + * new profiles: vultureseye, vulturesclaw, anki, cheese, utox, mp3splt + * new profiles: oggsplt, flacsplt, gramps, newsboat, freeoffice-planmaker + * new profiles: autokey-gtk, autokey-qt, autokey-run, autokey-shell + * new profiles: freeoffice-presentations, freeoffice-textmaker, mp3wrap + * new profiles: inkview, meteo-qt, mp3splt-gtk, ktouch, yelp, cantata + +------------------------------------------------------------------- Old: ---- firejail-0.9.58.tar.xz firejail-0.9.58.tar.xz.asc New: ---- firejail-0.9.60.tar.xz firejail-0.9.60.tar.xz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ firejail.spec ++++++ --- /var/tmp/diff_new_pack.GE2Idu/_old 2019-06-04 12:15:09.023766552 +0200 +++ /var/tmp/diff_new_pack.GE2Idu/_new 2019-06-04 12:15:09.027766551 +0200 @@ -1,7 +1,7 @@ # # spec file for package firejail # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ Name: firejail -Version: 0.9.58 +Version: 0.9.60 Release: 0 Summary: Linux namepaces sandbox program License: GPL-2.0-only ++++++ firejail-0.9.58.tar.xz -> firejail-0.9.60.tar.xz ++++++ ++++ 23570 lines of diff (skipped)
