firejail-bash-completion-0.9.70-bp155.2.7 >  A ddٙI%z iw(m^,+p_](ig COrW"O$fVP(0w夏u.ubg۶!fsqT'Nş@)bۉH~>:6Rbk/6<($t,.x4 x{8p-CWL KaY-uw/io״DT2JkatnUQ Ku2$< ==,un`I|2$HNX$0[xc_*유u{wM7bgF!/qӘn8%sBXEO;rAWA\*k|*zE }}:D@eaP$ dKLDM<s !~F;u1juvpzJ|;O匄ݣa*]Қg (D{1JJI(1\Pf|+# 6p>?d" , E 8 F T p w  \t(89:bFG(HDI`XhYp\]^bcBdefluvz /04:|Cfirejail-bash-completion0.9.70bp155.2.7Firejail Bash completionOptional dependency offering bash completion for firejailddوold-cirrus2\SUSE Linux Enterprise 15 SP5openSUSEGPL-2.0-onlyhttps://bugs.opensuse.orgSystem/Shellshttps://firejail.wordpress.comlinuxx86_64 FAA큤A큤dd{dd{dd{dd{dd{ddوbZ5ac3dd28dedc732c8a333bc5fb99249f4c17ed66e50bf9f41f9b612e131541e38604094087f1a445bea65dc60a2cab93c8ae9af2988375e30fa429aaed94fa38356c63967945f435cf299ba2dc32a5186a9defa311baac03f66a9d22493991138177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643rootrootrootrootrootrootrootrootrootrootrootrootrootrootfirejail-0.9.70-bp155.2.7.src.rpmfirejail-bash-completionfirejail-bash-completion(x86-64)    bash-completionfirejailrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)0.9.703.0.4-14.6.0-14.0-15.2-14.14.3bx@b@b@a@``@`@__@_@_=@_5+@_.^l@^B@\@\T4[.[@[\[~Z1@YY@X|Xn5@X@WSWXW;Sebastian Wagner Sebastian Wagner Sebastian Wagner Sebastian Wagner Andreas Stieger Илья Индиго Илья Индиго Sebastian Wagner Sebastian Wagner Christian Boltz Paolo Stivanin Paolo Stivanin Sebastian Wagner Michael Vetter Marcus Rueckert Sebastian Wagner info@paolostivanin.comSebastian Wagner Markos Chandras Markos Chandras sebix+novell.com@sebix.atavindra@opensuse.orgaavindraa@gmail.comtiwai@suse.detiwai@suse.detiwai@suse.detiwai@suse.detiwai@suse.detiwai@suse.detiwai@suse.de- remove patches fix-internet-access.patch and fix-CVE-2022-31214.patch as they are integrated upstream - update to version 0.9.70: - security: CVE-2022-31214 - root escalation in --join logic - Reported by Matthias Gerstner, working exploit code was provided to our - development team. In the same time frame, the problem was independently - reported by Birk Blechschmidt. Full working exploit code was also provided. - feature: enable shell tab completion with --tab (#4936) - feature: disable user profiles at compile time (#4990) - feature: Allow resolution of .local names with avahi-daemon in the apparmor - profile (#5088) - feature: always log seccomp errors (#5110) - feature: firecfg --guide, guided user configuration (#5111) - feature: --oom, kernel OutOfMemory-killer (#5122) - modif: --ids feature needs to be enabled at compile time (#5155) - modif: --nettrace only available to root user - rework: whitelist restructuring (#4985) - rework: firemon, speed up and lots of fixes - bugfix: --private-cwd not expanding macros, broken hyperrogue (#4910) - bugfix: nogroups + wrc prints confusing messages (#4930 #4933) - bugfix: openSUSE Leap - whitelist-run-common.inc (#4954) - bugfix: fix printing in evince (#5011) - bugfix: gcov: fix gcov functions always declared as dummy (#5028) - bugfix: Stop warning on safe supplementary group clean (#5114) - build: remove ultimately unused INSTALL and RANLIB check macros (#5133) - build: mkdeb.sh.in: pass remaining arguments to ./configure (#5154) - ci: replace centos (EOL) with almalinux (#4912) - ci: fix --version not printing compile-time features (#5147) - ci: print version after install & fix apparmor support on build_apparmor - (#5148) - docs: Refer to firejail.config in configuration files (#4916) - docs: firejail.config: add warning about allow-tray (#4946) - docs: mention that the protocol command accumulates (#5043) - docs: mention inconsistent homedir bug involving --private=dir (#5052) - docs: mention capabilities(7) on --caps (#5078) - new profiles: onionshare, onionshare-cli, opera-developer, songrec - new profiles: node-gyp, npx, semver, ping-hardened - removed profiles: nvm- fix bsc#1199148 CVE-2022-31214 by adding patch fix-CVE-2022-31214.patch using commits from upstream.- add fix-internet-access.patch to fix boo#1196542- update to firejail 0.9.68: - security: on Ubuntu, the PPA is now recommended over the distro package - (see README.md) (#4748) - security: bugfix: private-cwd leaks access to the entire filesystem - (#4780); reported by Hugo Osvaldo Barrera - feature: remove (some) environment variables with auth-tokens (#4157) - feature: ALLOW_TRAY condition (#4510 #4599) - feature: add basic Firejail support to AppArmor base abstraction (#3226 - #4628) - feature: intrusion detection system (--ids-init, --ids-check) - feature: deterministic shutdown command (--deterministic-exit-code, - --deterministic-shutdown) (#928 #3042 #4635) - feature: noprinters command (#4607 #4827) - feature: network monitor (--nettrace) - feature: network locker (--netlock) (#4848) - feature: whitelist-ro profile command (#4740) - feature: disable pipewire with --nosound (#4855) - feature: Unset TMP if it doesn't exist inside of sandbox (#4151) - feature: Allow apostrophe in whitelist and blacklist (#4614) - feature: AppImage support in --build command (#4878) - modifs: exit code: distinguish fatal signals by adding 128 (#4533) - modifs: firecfg.config is now installed to /etc/firejail/ (#408 #4669) - modifs: close file descriptors greater than 2 (--keep-fd) (#4845) - modifs: nogroups now stopped causing certain system groups to be dropped, - which are now controlled by the relevant "no" options instead (such as - nosound -> drop audio group), which fixes device access issues on systems - not using (e)logind (such as with seatd) (#4632 #4725 #4732 #4851) - removal: --disable-whitelist at compile time - removal: whitelist=yes/no in /etc/firejail/firejail.config - bugfix: Fix sndio support (#4362 #4365) - bugfix: Error mounting tmpfs (MS_REMOUNT flag not being cleared) (#4387) - bugfix: --build clears the environment (#4460 #4467) - bugfix: firejail hangs with net parameter (#3958 #4476) - bugfix: Firejail does not work with a custom hosts file (#2758 #4560) - bugfix: --tracelog and --trace override /etc/ld.so.preload (#4558 #4586) - bugfix: PATH_MAX is undeclared on musl libc (#4578 #4579 #4583 #4606) - bugfix: firejail symlinks are not skipped with private-bin + globs (#4626) - bugfix: Firejail rejects empty arguments (#4395) - bugfix: firecfg does not work with symlinks (discord.desktop) (#4235) - bugfix: Seccomp list output goes to stdout instead of stderr (#4328) - bugfix: private-etc does not work with symlinks (#4887) - bugfix: Hardware key not detected on keepassxc (#4883) - build: allow building with address sanitizer (#4594) - build: Stop linking pthread (#4695) - build: Configure cleanup and improvements (#4712) - ci: add profile checks for sorting disable-programs.inc and - firecfg.config and for the required arguments in private-etc (#2739 #4643) - ci: pin GitHub actions to SHAs and use Dependabot to update them (#4774) - docs: Add new command checklist to CONTRIBUTING.md (#4413) - docs: Rework bug report issue template and add both a question and a - feature request template (#4479 #4515 #4561) - docs: fix contradictory descriptions of machine-id ("preserves" vs - "spoofs") (#4689) - docs: Document that private-bin and private-etc always accumulate (#4078) - new includes: whitelist-run-common.inc (#4288), disable-X11.inc (#4462) - new includes: disable-proc.inc (#4521) - removed includes: disable-passwordmgr.inc (#4454 #4461) - new profiles: microsoft-edge-beta, clion-eap, lifeograph, zim - new profiles: io.github.lainsce.Notejot, rednotebook, gallery-dl - new profiles: yt-dlp, goldendict, goldendict, bundle, cmake - new profiles: make, meson, pip, codium, telnet, ftp, OpenStego - new profiles: imv, retroarch, torbrowser, CachyBrowser, - new profiles: notable, RPCS3, wget2, raincat, conitop, 1passwd, - new profiles: Seafile, neovim, com.github.tchx84.Flatseal- firejail 0.9.66: * deprecated --audit options, relpaced by jailcheck utility * deprecated follow-symlink-as-user from firejail.config * new firejail.config settings: private-bin, private-etc * new firejail.config settings: private-opt, private-srv * new firejail.config settings: whitelist-disable-topdir * new firejail.config settings: seccomp-filter-add * removed kcmp syscall from seccomp default filter * rename --noautopulse to keep-config-pulse * filtering environment variables * zsh completion * command line: --mkdir, --mkfile * --protocol now accumulates * jailtest utility for testing running sandboxes * faccessat2 syscall support * --private-dev keeps /dev/input * added --noinput to disable /dev/input * add support for subdirs in --private-etc * subdirs support in private-etc * input devices support in private-dev, --no-input * support trailing comments on profile lines * many new profiles - split shell completion into standard subpackages- Update to 0.9.64.4: * disabled overlayfs, pending multiple fixes * fixed launch firefox for open url in telegram-desktop.profile- Update to 0.9.64.2: * allow --tmpfs inside $HOME for unprivileged users * --disable-usertmpfs compile time option * allow AF_BLUETOOTH via --protocol=bluetooth * setup guide for new users: contrib/firejail-welcome.sh * implement netns in profiles * added nolocal6.net IPv6 network filter * new profiles: spectacle, chromium-browser-privacy, gtk-straw-viewer, gtk-youtube-viewer, gtk2-youtube-viewer, gtk3-youtube-viewer, straw-viewer, lutris, dolphin-emu, authenticator-rs, servo, npm, marker, yarn, lsar, unar, agetpkg, mdr, shotwell, qnapi, new profiles: guvcview, pkglog, kdiff3, CoyIM.- packaging fixes- Update to version 0.9.64: * replaced --nowrap option with --wrap in firemon * The blocking action of seccomp filters has been changed from killing the process to returning EPERM to the caller. To get the previous behaviour, use --seccomp-error-action=kill or syscall:kill syntax when constructing filters, or override in /etc/firejail/firejail.config file. * Fine-grained D-Bus sandboxing with xdg-dbus-proxy. xdg-dbus-proxy must be installed, if not D-Bus access will be allowed. With this version nodbus is deprecated, in favor of dbus-user none and dbus-system none and will be removed in a future version. * DHCP client support * firecfg only fix dektop-files if started with sudo * SELinux labeling support * custom 32-bit seccomp filter support * restrict ${RUNUSER} in several profiles * blacklist shells such as bash in several profiles * whitelist globbing * mkdir and mkfile support for /run/user directory * support ignore for include * --include on the command line * splitting up media players whitelists in whitelist-players.inc * new condition: HAS_NOSOUND * new profiles: gfeeds, firefox-x11, tvbrowser, rtv, clipgrab, muraster * new profiles: gnome-passwordsafe, bibtex, gummi, latex, mupdf-x11-curl * new profiles: pdflatex, tex, wpp, wpspdf, wps, et, multimc, mupdf-x11 * new profiles: gnome-hexgl, com.github.johnfactotum.Foliate, mupdf-gl, mutool * new profiles: desktopeditors, impressive, planmaker18, planmaker18free * new profiles: presentations18, presentations18free, textmaker18, teams * new profiles: textmaker18free, xournal, gnome-screenshot, ripperX * new profiles: sound-juicer, com.github.dahenson.agenda, gnome-pomodoro * new profiles: gnome-todo, x2goclient, iagno, kmplayer, penguin-command * new profiles: frogatto, gnome-mines, gnome-nibbles, lightsoff, warmux * new profiles: ts3client_runscript.sh, ferdi, abiword, four-in-a-row * new profiles: gnome-mahjongg, gnome-robots, gnome-sudoku, gnome-taquin * new profiles: gnome-tetravex, blobwars, gravity-beams-and-evaporating-stars * new profiles: hyperrogue, jumpnbump-menu, jumpnbump, magicor, mindless * new profiles: mirrormagic, mrrescue, scorched3d-wrapper, scorchwentbonkers * new profiles: seahorse-adventures, wordwarvi, xbill, gnome-klotski * new profiles: swell-foop, fdns, five-or-more, steam-runtime * new profiles: nicotine, plv, mocp, apostrophe, quadrapassel, dino-im * new profiles: hitori, bijiben, gnote, gnubik, ZeGrapher, xonotic-sdl-wrapper * new profiles: gapplication, openarena_ded, element-desktop, cawbird * new profiles: freetube, strawberry, jitsi-meet-desktop * new profiles: homebank, mattermost-desktop, newsflash, com.gitlab.newsflash * new profiles: sushi, xfce4-screenshooter, org.gnome.NautilusPreviewer, lyx * new profiles: minitube, nuclear, mtpaint, minecraft-launcher, gnome-calendar * new profiles: vmware, git-cola, otter-browser, kazam, menulibre, musictube * new profiles: onboard, fractal, mirage, quaternion, spectral, man, psi * new profiles: smuxi-frontend-gnome, balsa, kube, trojita, youtube * new profiles: youtubemusic-nativefier, cola, dbus-send, notify-send * new profiles: qrencode, ytmdesktop, twitch * new profiles: xournalpp, chromium-freeworld, equalx - remove firejail-0.9.62-fix-usr-etc.patch, included upstream - remove firejail-apparmor-3.0.diff, included upstream- Add firejail-apparmor-3.0.diff to make the AppArmor profile compatible with AppArmor 3.0 (add missing include )- Update to 0.9.62.4 * fix AppArmor broken in the previous release * miscellaneous fixes- Update to 0.9.62.2 * fix CVE-2020-17367 * fix CVE-2020-17368 * additional hardening and bug fixes - Remove fix-CVE-2020-17368.patch - Remove fix-CVE-2020-17367.patch- Add patches fix-CVE-2020-17367.patch and fix-CVE-2020-17368.patch to fix CVE-2020-17367 and CVE-2020-17368 and boo#1174986- Add firejail-0.9.62-fix-usr-etc.patch: Check /usr/etc not just /etc - Replace python interpreter line in sort.py- update to version 0.9.62 * added file-copy-limit in /etc/firejail/firejail.config * profile templates (/usr/share/doc/firejail) * allow-debuggers support in profiles * several seccomp enhancements * compiler flags autodetection * move chroot entirely from path based to file descriptor based mounts * whitelisting /usr/share in a large number of profiles * new scripts in conrib: gdb-firejail.sh and sort.py * enhancement: whitelist /usr/share in some profiles * added signal mediation to apparmor profile * new conditions: HAS_X11, HAS_NET * new profiles: qgis, klatexformula, klatexformula_cmdl, links, xlinks * new profiles: pandoc, teams-for-linux, OpenArena, gnome-sound-recorder * new profiles: godot, tcpdump, tshark, newsbeuter, keepassxc-cli * new profiles: keepassxc-proxy, rhythmbox-client, jerry, zeal, mpg123 * new profiles: conplay, mpg123.bin, mpg123-alsa, mpg123-id3dump, out123 * new profiles: mpg123-jack, mpg123-nas, mpg123-openal, mpg123-oss * new profiles: mpg123-portaudio, mpg123-pulse, mpg123-strip, pavucontrol-qt * new profiles: gnome-characters, gnome-character-map, rsync, Whalebird, * new profiles: tor-browser (AUR), Zulip, tb-starter-wrapper, bzcat, * new profiles: kiwix-desktop, bzcat, zstd, pzstd, zstdcat, zstdgrep, zstdless * new profiles: zstdmt, unzstd, i2p, ar, gnome-latex, pngquant, kalgebra * new profiles: kalgebramobile, signal-cli, amuled, kfind, profanity * new profiles: audio-recorder, cameramonitor, ddgtk, drawio, unf, gmpc * new profiles: electron-mail, gist, gist-paste- update to version 0.9.60: * security bug reported by Austin Morton: Seccomp filters are copied into /run/firejail/mnt, and are writable within the jail. A malicious process can modify files from inside the jail. Processes that are later joined to the jail will not have seccomp filters applied. CVE-2019-12589 boo#1137139 * memory-deny-write-execute now also blocks memfd_create * add private-cwd option to control working directory within jail * blocking system D-Bus socket with --nodbus * bringing back Centos 6 support * drop support for flatpak/snap packages * new profiles: crow, nyx, mypaint, celluoid, nano, transgui, mpdris2 * new profiles: sysprof, simplescreenrecorder, geekbench, xfce4-mixer * new profiles: pavucontrol, d-feet, seahorse, secret-tool, gnome-keyring * new profiles: regextester, hardinfo, gnome-system-log, gnome-nettool * new profiles: netactview, redshift, devhelp, assogiate, subdownloader * new profiles: font-manager, exfalso, gconf-editor, dconf-editor * new profiles: sysprof-cli, seahorse-tool, secret-tool, dconf, gsettings * new profiles: code-oss, pragha, Maelstrom, ostrichriders, bzflag * new profiles: freeciv, lincity-ng, megaglest, openttd, crawl, crawl-tiles * new profiles: teeworlds, torcs, tremulous, warsow, lugaru, manaplus * new profiles: pioneer, scorched3d, widelands, freemind, kid3, kid3-qt * new profiles: kid3-cli, nomacs, freecol, opencity, openclonk, slashem * new profiles: vultureseye, vulturesclaw, anki, cheese, utox, mp3splt * new profiles: oggsplt, flacsplt, gramps, newsboat, freeoffice-planmaker * new profiles: autokey-gtk, autokey-qt, autokey-run, autokey-shell * new profiles: freeoffice-presentations, freeoffice-textmaker, mp3wrap * new profiles: inkview, meteo-qt, mp3splt-gtk, ktouch, yelp, cantata- update to version 0.9.58: * --disable-mnt rework * --net.print command * GitLab CI/CD integration: disto specific builds * profile parser enhancements and conditional handling support for HAS_APPIMAGE, HAS_NODBUS, BROWSER_DISABLE_U2F * profile name support * added explicit nonewprivs support to join option * new profiles: QMediathekView, aria2c, Authenticator, checkbashisms * new profiles: devilspie, devilspie2, easystroke, github-desktop, min * new profiles: bsdcat, bsdcpio, bsdtar, lzmadec, lbunzip2, lbzcat * new profiles: lbzip2, lzcat, lzcmp, lzdiff, lzegrep, lzfgrep, lzgrep * new profiles: lzless, lzma, lzmainfo, lzmore, unlzma, unxz, xzcat * new profiles: xzcmp, xzdiff, xzegrep, xzfgrep, xzgrep, xzless, xzmore * new profiles: lzip, artha, nitroshare, nitroshare-cli, nitroshare-nmh * new profiles: nirtoshare-send, nitroshare-ui, mencoder, gnome-pie * new profiles: masterpdfeditor, QOwnNotes, aisleriot, Mendeley * new profiles: feedreader, ocenaudio, mpsyt, thunderbird-wayland * new profiles: supertuxkart, ghostwriter, gajim-history-manager * bugfixes- update to version 0.9.56: * modif: removed CFG_CHROOT_DESKTOP configuration option * modif: removed compile time --enable-network=restricted * modif: removed compile time --disable-bind * modif: --net=none allowed even if networking was disabled at compile time or at run time * modif: allow system users to run the sandbox * support wireless devices in --net option * support tap devices in --net option (tunneling support) * allow IP address configuration if the parent interface specified by --net is not configured (--netmask) * support for firetunnel utility * disable U2F devices (--nou2f) * add --private-cache to support private ~/.cache * support full paths in private-lib * globbing support in private-lib * support for local user directories in firecfg (--bindir) * new profiles: ms-excel, ms-office, ms-onenote, ms-outlook, ms-powerpoint, * new profiles: ms-skype, ms-word, riot-desktop, gnome-mpv, snox, gradio, * new profiles: standardnotes-desktop, shellcheck, patch, flameshot, * new profiles: rview, rvim, vimcat, vimdiff, vimpager, vimtutor, xxd, * new profiles: Beaker, electrum, clamtk, pybitmessage, dig, whois, * new profiles: jdownloader, Fluxbox, Blackbox, Awesome, i3 * new profiles: start-tor-browser.desktop- Drop ldconfig calls since firejail libraries are installed in their own subdirectory which is not scanned by ldconfig.- Remove the rpmlintrc file since the warnings are no longer relevant.- Changed the permissions of the firejail executable to 4750. Setuid mode is used, but only allowed for users in the newly created group 'firejail' (boo#1059013). - Update to version 0.9.54: * modif: --force removed * modif: --csh, --zsh removed * modif: --debug-check-filename removed * modif: --git-install and --git-uninstall removed * modif: support for private-bin, private-lib and shell none has been disabled while running AppImage archives in order to be able to use our regular profile files with AppImages. * modif: restrictions for /proc, /sys and /run/user directories are moved from AppArmor profile into firejail executable * modif: unifying Chromium and Firefox browsers profiles. All users of Firefox-based browsers who use addons and plugins that read/write from ${HOME} will need to uncomment the includes for firefox-common-addons.inc in firefox-common.profile. * modif: split disable-devel.inc into disable-devel and disable-interpreters.inc * Firejail user access database (/etc/firejail/firejail.users, man firejail-users) * add --noautopulse to disable automatic ~/.config/pulse (for complex setups) * Spectre mitigation patch for gcc and clang compiler * D-Bus handling (--nodbus) * AppArmor support for overlayfs and chroot sandboxes * AppArmor support for AppImages * Enable AppArmor by default for a large number of programs * firejail --apparmor.print option * firemon --apparmor option * apparmor yes/no flag in /etc/firejail/firejail.config * seccomp syscall list update for glibc 2.26-10 * seccomp disassembler for --seccomp.print option * seccomp machine code optimizer for default seccomp filters * IPv6 DNS support * whitelist support for overlay and chroot sandboxes * private-dev support for overlay and chroot sandboxes * private-tmp support for overlay and chroot sandboxes * added sandbox name support in firemon * firemon/prctl enhancements * noblacklist support for /sys/module directory * whitelist support for /sys/module directory * new profiles: basilisk, Tor Browser language packs, PlayOnLinux, sylpheed, * new profiles: discord-canary, pycharm-community, pycharm-professional, * new profiles: pdfchain, tilp, vivaldi-snapshot, bitcoin-qt, kaffeine, * new profiles: falkon, gnome-builder, asunder, VS Code, gnome-recipes, * new profiles: akonadi_controle, evince-previewer, evince-thumbnailer, * new profiles: blender-2.8, thunderbird-beta, ncdu, gnome-logs, gcloud, * new profiles: musixmatch, gunzip, bunzip2, enchant-lsmod, enchant-lsmod-2, * new profiles: enchant, enchant-2, Discord, acat, adiff, als, apack, * new profiles: arepack, aunpack profiles, ppsspp, scallion, clion, * new profiles: baloo_filemetadata_temp_extractor, AnyDesk, webstorm, xmind, * new profiles: qmmp, sayonara- Update to version 0.9.52: * New features + systemd-resolved integration + whitelisted /var in most profiles + GTK2, GTK3 and Qt4 private-lib support + --debug-private-lib + test deployment of private-lib for the some apps: evince, galculator, gnome-calculator, leafpad, mousepad, transmission-gtk, xcalc, xmr-stak-cpu, atril, mate-color-select, tar, file, strings, gpicview, eom, eog, gedit, pluma + netfilter template support + various new arguments * --writable-run-user * --rlimit-as * --rlimit-cpu * --timeout * --build (profile build tool) * --netfilter.print * --netfilter6.print * deprecations in modif + --allow-private-blacklists (blacklisting, read-only, read-write, tmpfs and noexec are allowed in private home directories + remount-proc-sys (firejail.config) + follow-symlink-private-bin (firejail.config) + --profile-path * enhancements + support Firejail user config directory in firecfg + disable DBus activation in firecfg + enumerate root directories in apparmor profile + /etc and /usr/share whitelisting support + globbing support for --private-bin * new profiles: upstreamed profiles from 3 sources: + https://github.com/chiraag-nataraj/firejail-profiles + https://github.com/nyancat18/fe + https://aur.archlinux.org/packages/firejail-profiles * new profiles: terasology, surf, rocketchat, clamscan, clamdscan, clamdtop, freshclam, xmr-stak-cpu, amule, ardour4, ardour5, brackets, calligra, calligraauthor, calligraconverter, calligraflow, calligraplan, calligraplanwork, calligrasheets, calligrastage, calligrawords, cin, dooble, dooble-qt4, fetchmail, freecad, freecadcmd, google-earth,imagej, karbon, 1kdenlive, krita, linphone, lmms, macrofusion, mpd, natron, Natron, ricochet, shotcut, teamspeak3, tor, tor-browser-en, Viber, x-terminal-emulator, zart, conky, arch-audit, ffmpeg, bluefish, cinelerra, openshot-qt, pinta, uefitool, aosp, pdfmod, gnome-ring, xcalc, zaproxy, kopete, cliqz, signal-desktop, kget, nheko, Enpass, kwin_x11, krunner, ping, bsdtar, makepkg (Arch), archaudit-report cower (Arch), kdeinit4 - Add full link to source tarball from sourceforge - Add asc file- Update to version 0.9.50: * New features: - per-profile disable-mnt (--disable-mnt) - per-profile support to set X11 Xephyr screen size (--xephyr-screen) - private /lib directory (--private-lib) - disable CDROM/DVD drive (--nodvd) - disable DVB devices (--notv) - --profile.print * modif: --output split in two commands, --output and --output-stderr * set xpra-attach yes in /etc/firejail/firejail.config * Enhancements: - print all seccomp filters under --debug - /proc/sys mounting - rework IP address assingment for --net options - support for newer Xpra versions (2.1+) - - all profiles use a standard layout style - create /usr/local for firecfg if the directory doesn't exist - allow full paths in --private-bin * New seccomp features: - --memory-deny-write-execute - seccomp post-exec - block secondary architecture (--seccomp.block_secondary) - seccomp syscall groups - print all seccomp filters under --debug - default seccomp list update * new profiles: curl, mplayer2, SMPlayer, Calibre, ebook-viewer, KWrite, Geary, Liferea, peek, silentarmy, IntelliJ IDEA, Android Studio, electron, riot-web, Extreme Tux Racer, Frozen Bubble, Open Invaders, Pingus, Simutrans, SuperTux telegram-desktop, arm, rambox, apktool, baobab, dex2jar, gitg, hashcat, obs, picard, remmina, sdat2img, soundconverter truecraft, gnome-twitch, tuxguitar, musescore, neverball sqlitebrowse, Yandex Browser, minetest- Update to version 0.9.48: * modifs: whitelisted Transmission, Deluge, qBitTorrent, KTorrent; please use ~/Downloads directory for saving files * modifs: AppArmor made optional; a warning is printed on the screen if the sandbox fails to load the AppArmor profile * feature: --novideo * feature: drop discretionary access control capabilities for root sandboxes * feature: added /etc/firejail/globals.local for global customizations * feature: profile support in overlayfs mode * new profiles: vym, darktable, Waterfox, digiKam, Catfish, HandBrake * bugfixes- Update to version 0.9.44.4: * --bandwidth root shell found by Martin Carpenter (CVE-2017-5207) * disabled --allow-debuggers when running on kernel versions prior to 4.8; a kernel bug in ptrace system call allows a full bypass of seccomp filter; problem reported by Lizzie Dixon (CVE-2017-5206) * root exploit found by Sebastian Krahmer (CVE-2017-5180) - Update to version 0.9.44.6: * new fix for CVE-2017-5180 reported by Sebastian Krahmer last week * major cleanup of file copying code * tightening the rules for --chroot and --overlay features * ported Gentoo compile patch * Nvidia drivers bug in --private-dev * fix ASSERT_PERMS_FD macro * allow local customization using .local files under /etc/firejail backported from our development branch * spoof machine-id backported from our development branch - Remove obsoleted patches: firejail-CVE-2017-5180-fix1.patch firejail-CVE-2017-5180-fix2.patch- Update to version 0.9.44.2: Security fixes: * overwrite /etc/resolv.conf found by Martin Carpenter * TOCTOU exploit for –get and –put found by Daniel Hodson * invalid environment exploit found by Martin Carpenter * several security enhancements Bugfixes: * crashing VLC by pressing Ctrl-O * use user configured icons in KDE * mkdir and mkfile are not applied to private directories * cannot open files on Deluge running under KDE * –private=dir where dir is the user home directory * cannot start Vivaldi browser * cannot start mupdf * ssh profile problems * –quiet * quiet in git profile * memory corruption - Fix VUL-0: local root exploit (CVE-2017-5180,bsc#1018259): firejail-CVE-2017-5180-fix1.patch firejail-CVE-2017-5180-fix2.patch- Update to version 0.9.44: * CVE-2016-7545 submitted by Aleksey Manevich Modifications: * removed man firejail-config * –private-tmp whitelists /tmp/.X11-unix directory * Nvidia drivers added to –private-dev * /srv supported by –whitelist New features: * allow user access to /sys/fs (–noblacklist=/sys/fs) * support starting/joining sandbox is a single command (–join-or-start) * X11 detection support for –audit * assign a name to the interface connected to the bridge (–veth-name) * all user home directories are visible (–allusers) * add files to sandbox container (–put) * blocking x11 (–x11=block) * X11 security extension (–x11=xorg) * disable 3D hardware acceleration (–no3d) * x11 xpra, x11 xephyr, x11 block, allusers, no3d profile commands * move files in sandbox (–put) * accept wildcard patterns in user name field of restricted shell login feature New profiles: * qpdfview, mupdf, Luminance HDR, Synfig Studio, Gimp, Inkscape * feh, ranger, zathura, 7z, keepass, keepassx, * claws-mail, mutt, git, emacs, vim, xpdf, VirtualBox, OpenShot * Flowblade, Eye of GNOME (eog), Evolution- Update to version 0.9.42: Security fixes: * –whitelist deleted files * disable x32 ABI in seccomp * tighten –chroot * terminal sandbox escape * several TOCTOU fixes Behavior changes: * bringing back –private-home option * deprecated –user option, please use “sudo -u username firejail” * allow symlinks in home directory for –whitelist option * Firejail prompt is enabled by env variable FIREJAIL_PROMPT=”yes” * recursive mkdir * include /dev/snd in –private-dev * seccomp filter update * release archives moved to .xz format New features: * AppImage support (–appimage) * AppArmor support (–apparmor) * Ubuntu snap support (/etc/firejail/snap.profile) * Sandbox auditing support (–audit) * remove environment variable (–rmenv) * noexec support (–noexec) * clean local overlay storage directory (–overlay-clean) * store and reuse overlay (–overlay-named) * allow debugging inside the sandbox with gdb and strace (–allow-debuggers) * mkfile profile command * quiet profile command * x11 profile command * option to fix desktop files (firecfg –fix) Build options: * Busybox support (–enable-busybox-workaround) * disable overlayfs (–disable-overlayfs) * disable whitlisting (–disable-whitelist) * disable global config (–disable-globalcfg) Runtime options: * enable/disable overlayfs (overlayfs yes/no) * enable/disable quiet as default (quiet-by-default yes/no) * user-defined network filter (netfilter-default) * enable/disable whitelisting (whitelist yes/no) * enable/disable remounting of /proc and /sys (remount-proc-sys yes/no) * enable/disable chroot desktop features (chroot-desktop yes/no) New/updated profiels: * Gitter, gThumb, mpv, Franz messenger, LibreOffice * pix, audacity, xz, xzdec, gzip, cpio, less * Atom Beta, Atom, jitsi, eom, uudeview * tar (gtar), unzip, unrar, file, skypeforlinux, * inox, Slack, gnome-chess. Gajim IM client, DOSBox - Enable apparmor support- Update to version 0.9.40: * Added firecfg utility * New options: -nice, -cpu.print, -writable-etc, -writable-var, - read-only * X11 support: -x11 option (-x11=xpra, -x11=xephr) * Filetransfer options: –ls and –get * Added mkdir, ipc-namespace, and nosound profile commands * added net, ip, defaultgw, ip6, mac, mtu and iprange profile commands * Run time config support, man firejail-config * AppArmor fixes * Default seccomp filter update * Disable STUN/WebRTC in default netfilter configuration * Lots of new profiles- initial package: 0.9.38old-cirrus2 16843308880.9.70-bp155.2.70.9.70-bp155.2.7bash-completioncompletionsfirecfgfirejailfiremonfirejail-bash-completionCOPYING/usr/share//usr/share/bash-completion//usr/share/bash-completion/completions//usr/share/licenses//usr/share/licenses/firejail-bash-completion/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.opensuse.org/openSUSE:Backports:SLE-15-SP5/standard/30044224b06664103fb7ef4cdb64d0a9-firejailcpioxz5x86_64-suse-linuxdirectoryASCII textZH Ӆ! Aʇ$(firejail and bash-completion)utf-858819b5ccdb5aefb575a7e1e64e8f77efd9df5e32858fda55c5b12710bf2d58d? 7zXZ !t/acp] crt:bLL r37.R Ǯw rN(`^?rZ¢$}^ixPc4Zbs=}[}YQ>(\wcHpܘܼZ+TNNF<.A|30?{b3RFs~Po.H-毫[XE푽e>\-|4`BʀSqy9YRG}E1 223AM'lmjl/8zV[pb.-  %*;{>w쌈{ث%p@]ۗI4aY,n8d't%O1 Vh0\PN0+y!yba㵜kcJESphގn̅ok읣=&;Q:&FuA%F#h26Eoh70zY ]wpتIJǩ&YxEUt[a3܅)vbefkPngAoYG怸ct[P M5uSM{3§܍uf]\dD?yߴ1'$; , ?Zp.1حjKC97@jͭMMoP+:f&Cv~z aV*FBW^4*w!g-N01pC-ڦ4[[<5彈<n 3!L0w;硤mLJ@jxzyR7SyZ1:õs8eSwNi!~^BD8`6GG>C ~] <^uc5pѿMˎيWh8#{lr\1䩭Fz}1o#c!B9*%IkCf(͖; ِD!H&MTbw@C?owAdy$` pJ!H*yˑD"yCj!Iv/}y 9:ΔsS3F).y`9LjRXdHɁHhTi>x9ȅDXf1uĺ?*엔3Dfa ݝet{,<(=B^as݋8mv+q}tA9CD}Ԟ"GF+sxxGteC˚RVӷhqL +ޕ^,[oKX&^OfOFt>NcM ʥm5ugo;Kx=/66SYB;WƗ,o(57-_&{IDs*C"k0wڊ %&ÛKlJh(9h5H7$Zȣ&y/f" #e3T Ѫ$.L/]xvOSر}Rz:l,NT&< 8rJ\"*Ex<| tj@).7;U@"׀;@<-iEo(5X;)ljaq;,gsiSO$`A讌[W \̭%$k-nԸo 73~wMl[v9|zJU ugY&61 H +om IIs#Wrw2pˍ \FtL w[|GN,"m8 wb/j=d+FΜ4iX;#+LeHVRp.0-(2]'ſלu C.xɜ.(!)_͂j\J\H-[/Al7XKX7WgiBhɀUI/x#<;ծ}yJV<*.!AGRq&T?/ʳ5)zߩJpLQL'LA<EEι$Wh5 er^ZR;NύqjRH y`iKR@~ ~a;Kvqs\M="(Ӧ.5ܳ.x=j8_׹`4rׂ/o{-kN "!950m,H_5 \r0 3D\r]:=|{)vMq>$V(38KuUj?g5}9,Q*ښ8 9_3k/QZpک{ȉpEk#䋠*?{W0ٷjǧv4\5yTbfr O 'MqwfiX$ ٍJIyRbUi藿Ndw_Vřr5SC}! ܴzKfV{rS.;!\ULQMGK +{i vA#ss$  F:o.G2(4y\*'_ASUyq^c u`ƿSנӽ󸡱fWhe']SS2x锯åf×u J@?Uʩv8 T{wZg5 bϹ( EzO)n*~&˽&u_& FNh=T 93MzY9kafSG]&B΋SKb{"lu2u;xŅbnΝ-o.S 羘B[pQ>RQU[ P#s$w^@f5@jZP)@9[MuK"]&k+P҃?ԣسXQQ+y:ìc.FWOUCAMlw{c V.>i4 h  }gxE\q H~G9(LX24:N>F>I+H,_ۀ^)L2ӑf[nJX wuer] 1&m6sVAz3+SY]D_{ʠ)?~;k¹hT Wf)o8R zŝsp I];~KFL0ZQO]= ,>vu+ӴS3Hѓ4S8tfihGטֲqs:V3f&]#O⋚=stQ"ZYbǿN G.V:rƒ (fgߌL*<25ITŭ"$-_a-U&r]0M8F)U^%R9(9ǽ+,~74Y!&ZɊ"*gohK;R(|x܆*(6VD{J~Z76Z  Q~M473-& _ҵ/`y?MKO|<ߙ'إX*u[o6U^Dga4\Co ّLfȔ!Moӄ)r > Iq|Hځ6!f;E YZ