New upstream version 0.9.62.4
Reiner Herrmann
3 years ago
| 136 | 136 | sh -c "if [ ! -d $(DESTDIR)/$(sysconfdir)/apparmor.d ]; then install -d -m 755 $(DESTDIR)/$(sysconfdir)/apparmor.d; fi;" |
| 137 | 137 | install -c -m 0644 etc/firejail-default $(DESTDIR)/$(sysconfdir)/apparmor.d/. |
| 138 | 138 | sh -c "if [ ! -d $(DESTDIR)/$(sysconfdir)/apparmor.d/local ]; then install -d -m 755 $(DESTDIR)/$(sysconfdir)/apparmor.d/local; fi;" |
| 139 | install -c -m 0644 etc/firejail-local $(DESTDIR)/$(sysconfdir)/apparmor.d/local/firejail-default | |
| 139 | 140 | endif |
| 140 | 141 | # man pages |
| 141 | 142 | install -m 0755 -d $(DESTDIR)/$(mandir)/man1 |
| 62 | 62 | - fix flameshot raw screenshots |
| 63 | 63 | 1dnrr (https://github.com/1dnrr) |
| 64 | 64 | - add pybitmessage profile |
| 65 | Ádler Jonas Gross (https://github.com/adgross) | |
| 66 | - AppArmor fix | |
| 65 | 67 | Adrian L. Shaw (https://github.com/adrianlshaw) |
| 66 | 68 | - add profanity profile |
| 67 | 69 | - add barrirer profile |
| 0 | firejail (0.9.62.4) baseline; urgency=low | |
| 1 | * fix AppArmor broken in the previous release | |
| 2 | * miscellaneous fixes | |
| 3 | -- netblue30 <netblue30@yahoo.com> Mon, 17 Aug 2020 08:00:00 -0500 | |
| 4 | ||
| 0 | 5 | firejail (0.9.62.2) baseline; urgency=low |
| 1 | 6 | * patches from Debian (firejail 0.9.62-3, sid): |
| 2 | 7 | profile-fixes.patch, apparmor-include.patch |
| 0 | 0 | #! /bin/sh |
| 1 | 1 | # Guess values for system-dependent variables and create Makefiles. |
| 2 | # Generated by GNU Autoconf 2.69 for firejail 0.9.62.2. | |
| 2 | # Generated by GNU Autoconf 2.69 for firejail 0.9.62.4. | |
| 3 | 3 | # |
| 4 | 4 | # Report bugs to <netblue30@yahoo.com>. |
| 5 | 5 | # |
| 579 | 579 | # Identity of this package. |
| 580 | 580 | PACKAGE_NAME='firejail' |
| 581 | 581 | PACKAGE_TARNAME='firejail' |
| 582 | PACKAGE_VERSION='0.9.62.2' | |
| 583 | PACKAGE_STRING='firejail 0.9.62.2' | |
| 582 | PACKAGE_VERSION='0.9.62.4' | |
| 583 | PACKAGE_STRING='firejail 0.9.62.4' | |
| 584 | 584 | PACKAGE_BUGREPORT='netblue30@yahoo.com' |
| 585 | 585 | PACKAGE_URL='https://firejail.wordpress.com' |
| 586 | 586 | |
| 1275 | 1275 | # Omit some internal or obsolete options to make the list less imposing. |
| 1276 | 1276 | # This message is too long to be a string in the A/UX 3.1 sh. |
| 1277 | 1277 | cat <<_ACEOF |
| 1278 | \`configure' configures firejail 0.9.62.2 to adapt to many kinds of systems. | |
| 1278 | \`configure' configures firejail 0.9.62.4 to adapt to many kinds of systems. | |
| 1279 | 1279 | |
| 1280 | 1280 | Usage: $0 [OPTION]... [VAR=VALUE]... |
| 1281 | 1281 | |
| 1336 | 1336 | |
| 1337 | 1337 | if test -n "$ac_init_help"; then |
| 1338 | 1338 | case $ac_init_help in |
| 1339 | short | recursive ) echo "Configuration of firejail 0.9.62.2:";; | |
| 1339 | short | recursive ) echo "Configuration of firejail 0.9.62.4:";; | |
| 1340 | 1340 | esac |
| 1341 | 1341 | cat <<\_ACEOF |
| 1342 | 1342 | |
| 1449 | 1449 | test -n "$ac_init_help" && exit $ac_status |
| 1450 | 1450 | if $ac_init_version; then |
| 1451 | 1451 | cat <<\_ACEOF |
| 1452 | firejail configure 0.9.62.2 | |
| 1452 | firejail configure 0.9.62.4 | |
| 1453 | 1453 | generated by GNU Autoconf 2.69 |
| 1454 | 1454 | |
| 1455 | 1455 | Copyright (C) 2012 Free Software Foundation, Inc. |
| 1751 | 1751 | This file contains any messages produced by compilers while |
| 1752 | 1752 | running configure, to aid debugging if configure makes a mistake. |
| 1753 | 1753 | |
| 1754 | It was created by firejail $as_me 0.9.62.2, which was | |
| 1754 | It was created by firejail $as_me 0.9.62.4, which was | |
| 1755 | 1755 | generated by GNU Autoconf 2.69. Invocation command line was |
| 1756 | 1756 | |
| 1757 | 1757 | $ $0 $@ |
| 4700 | 4700 | # report actual input values of CONFIG_FILES etc. instead of their |
| 4701 | 4701 | # values after options handling. |
| 4702 | 4702 | ac_log=" |
| 4703 | This file was extended by firejail $as_me 0.9.62.2, which was | |
| 4703 | This file was extended by firejail $as_me 0.9.62.4, which was | |
| 4704 | 4704 | generated by GNU Autoconf 2.69. Invocation command line was |
| 4705 | 4705 | |
| 4706 | 4706 | CONFIG_FILES = $CONFIG_FILES |
| 4754 | 4754 | cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 |
| 4755 | 4755 | ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" |
| 4756 | 4756 | ac_cs_version="\\ |
| 4757 | firejail config.status 0.9.62.2 | |
| 4757 | firejail config.status 0.9.62.4 | |
| 4758 | 4758 | configured by $0, generated by GNU Autoconf 2.69, |
| 4759 | 4759 | with options \\"\$ac_cs_config\\" |
| 4760 | 4760 | |
| 11 | 11 | # |
| 12 | 12 | |
| 13 | 13 | AC_PREREQ([2.68]) |
| 14 | AC_INIT(firejail, 0.9.62.2, netblue30@yahoo.com, , https://firejail.wordpress.com) | |
| 14 | AC_INIT(firejail, 0.9.62.4, netblue30@yahoo.com, , https://firejail.wordpress.com) | |
| 15 | 15 | AC_CONFIG_SRCDIR([src/firejail/main.c]) |
| 16 | 16 | |
| 17 | 17 | AC_CONFIG_MACRO_DIR([m4]) |
| 243 | 243 | blacklist ${HOME}/.config/meld |
| 244 | 244 | blacklist ${HOME}/.config/meteo-qt |
| 245 | 245 | blacklist ${HOME}/.config/mfusion |
| 246 | blacklist ${HOME}/.config/Microsoft | |
| 246 | 247 | blacklist ${HOME}/.config/midori |
| 247 | 248 | blacklist ${HOME}/.config/mono |
| 248 | 249 | blacklist ${HOME}/.config/mpDris2 |
| 648 | 649 | blacklist ${HOME}/.sword |
| 649 | 650 | blacklist ${HOME}/.sylpheed-2.0 |
| 650 | 651 | blacklist ${HOME}/.synfig |
| 652 | blacklist ${HOME}/.config/teams | |
| 651 | 653 | blacklist ${HOME}/.config/teams-for-linux |
| 652 | 654 | blacklist ${HOME}/.tb |
| 653 | 655 | blacklist ${HOME}/.tconn |
| 0 | # Firejail profile for element-desktop | |
| 1 | # Description: All-in-one secure chat app for teams, friends and organisations | |
| 2 | # This file is overwritten after every install/update | |
| 3 | # Persistent local customizations | |
| 4 | include element-desktop.local | |
| 5 | # Persistent global definitions | |
| 6 | # added by included profile | |
| 7 | #include globals.local | |
| 8 | ||
| 9 | noblacklist ${HOME}/.config/Element | |
| 10 | noblacklist ${HOME}/.config/Element (Riot) | |
| 11 | ||
| 12 | mkdir ${HOME}/.config/Element | |
| 13 | mkdir ${HOME}/.config/Element (Riot) | |
| 14 | whitelist ${HOME}/.config/Element | |
| 15 | whitelist ${HOME}/.config/Element (Riot) | |
| 16 | whitelist /opt/Element | |
| 17 | ||
| 18 | private-opt Element | |
| 19 | ||
| 20 | # Redirect | |
| 21 | include riot-desktop.profile |
| 0 | # Firejail profile for teams | |
| 1 | # Description: Official Microsoft Teams client for Linux using Electron. | |
| 2 | # This file is overwritten after every install/update | |
| 3 | # Persistent local customizations | |
| 4 | include teams.local | |
| 5 | # Persistent global definitions | |
| 6 | # added by included profile | |
| 7 | #include globals.local | |
| 8 | ||
| 9 | # see #3404 | |
| 10 | ignore apparmor | |
| 11 | ignore nodbus | |
| 12 | ||
| 13 | noblacklist ${HOME}/.config/teams | |
| 14 | noblacklist ${HOME}/.config/Microsoft | |
| 15 | ||
| 16 | include disable-devel.inc | |
| 17 | include disable-exec.inc | |
| 18 | include disable-interpreters.inc | |
| 19 | ||
| 20 | mkdir ${HOME}/.config/teams | |
| 21 | mkdir ${HOME}/.config/Microsoft | |
| 22 | whitelist ${HOME}/.config/teams | |
| 23 | whitelist ${HOME}/.config/Microsoft | |
| 24 | include whitelist-common.inc | |
| 25 | include whitelist-var-common.inc | |
| 26 | ||
| 27 | nou2f | |
| 28 | shell none | |
| 29 | tracelog | |
| 30 | ||
| 31 | disable-mnt | |
| 32 | private-cache | |
| 33 | private-dev | |
| 34 | ||
| 35 | # Redirect | |
| 36 | include electron.profile |
| 578 | 578 | sysprof |
| 579 | 579 | sysprof-cli |
| 580 | 580 | tb-starter-wrapper |
| 581 | teams | |
| 581 | 582 | teams-for-linux |
| 582 | 583 | teamspeak3 |
| 583 | 584 | teeworlds |
| 24 | 24 | #include <dirent.h> |
| 25 | 25 | #include <fcntl.h> |
| 26 | 26 | #include <pwd.h> |
| 27 | #include <errno.h> | |
| 27 | 28 | #ifndef _BSD_SOURCE |
| 28 | 29 | #define _BSD_SOURCE |
| 29 | 30 | #endif |
| 147 | 148 | return; |
| 148 | 149 | |
| 149 | 150 | errexit: |
| 150 | fprintf(stderr, "Error: cannot create %s device\n", path); | |
| 151 | fprintf(stderr, "Error: cannot create %s device: %s\n", path, strerror(errno)); | |
| 151 | 152 | exit(1); |
| 152 | 153 | } |
| 153 | 154 | |
| 62 | 62 | sleep(1); |
| 63 | 63 | monsec--; |
| 64 | 64 | |
| 65 | EUID_ROOT(); | |
| 65 | 66 | FILE *fp = fopen(monfile, "r"); |
| 67 | EUID_USER(); | |
| 66 | 68 | if (!fp) { |
| 67 | 69 | killdone = 1; |
| 68 | 70 | break; |
| 26 | 26 | } |
| 27 | 27 | expect { |
| 28 | 28 | timeout {puts "TESTING ERROR 1.4\n";exit} |
| 29 | "Max address space 123456789012 123456789012" | |
| 29 | "Max address space 1234567890 1234567890" | |
| 30 | 30 | } |
| 31 | 31 | expect { |
| 32 | 32 | timeout {puts "TESTING ERROR 1.5\n";exit} |
| 4 | 4 | spawn $env(SHELL) |
| 5 | 5 | match_max 100000 |
| 6 | 6 | |
| 7 | send -- "firejail --rlimit-fsize=1024 --rlimit-nproc=1000 --rlimit-nofile=500 --rlimit-sigpending=200 --rlimit-as=123456789012\r" | |
| 7 | send -- "firejail --rlimit-fsize=1024 --rlimit-nproc=1000 --rlimit-nofile=500 --rlimit-sigpending=200 --rlimit-as=1234567890\r" | |
| 8 | 8 | expect { |
| 9 | 9 | timeout {puts "TESTING ERROR 0\n";exit} |
| 10 | 10 | "Child process initialized" |
| 26 | 26 | } |
| 27 | 27 | expect { |
| 28 | 28 | timeout {puts "TESTING ERROR 1.4\n";exit} |
| 29 | "Max address space 123456789012 123456789012" | |
| 29 | "Max address space 1234567890 1234567890" | |
| 30 | 30 | } |
| 31 | 31 | expect { |
| 32 | 32 | timeout {puts "TESTING ERROR 1.5\n";exit} |
| 1 | 1 | rlimit-nproc 1000 |
| 2 | 2 | rlimit-nofile 500 |
| 3 | 3 | rlimit-sigpending 200 |
| 4 | rlimit-as 123456789012 | |
| 4 | rlimit-as 1234567890 |
| 29 | 29 | send -- "cd /lib; find .\r" |
| 30 | 30 | expect { |
| 31 | 31 | timeout {puts "TESTING ERROR 5\n";exit} |
| 32 | "modules" {puts "TESTING ERROR 6\n";exit} | |
| 33 | "firmware" {puts "TESTING ERROR 7\n";exit} | |
| 32 | "./modules" {puts "TESTING ERROR 6\n";exit} | |
| 33 | "./firmware" {puts "TESTING ERROR 7\n";exit} | |
| 34 | 34 | "libc.so" |
| 35 | 35 | } |
| 36 | 36 | after 100 |