Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 769230 - sys-apps/firejail-0.9.64.4: version bump
Summary: sys-apps/firejail-0.9.64.4: version bump
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Hank Leininger
URL:
Whiteboard:
Keywords: PullRequest
Depends on:
Blocks: CVE-2021-26910
  Show dependency tree
 
Reported: 2021-02-07 02:43 UTC by Sam James
Modified: 2021-02-09 07:34 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-02-07 02:43:16 UTC 
firejail (0.9.64.2) baseline; urgency=low
  * allow --tmpfs inside $HOME for unprivileged users
  * --disable-usertmpfs  compile time option
  * allow AF_BLUETOOTH via --protocol=bluetooth
  * Setup guide for new users: contrib/firejail-welcome.sh
  * implement netns in profiles
  * added nolocal6.net IPv6 network filter
  * new profiles: spectacle, chromium-browser-privacy, gtk-straw-viewer
  * new profiles: gtk-youtube-viewer, gtk2-youtube-viewer, gtk3-youtube-viewer
  * new profiles: straw-viewer, lutris, dolphin-emu, authenticator-rs, servo
  * new profiles: npm, marker, yarn, lsar, unar, agetpkg, mdr, shotwell, qnapi
  * new profiles: guvcview, pkglog, kdiff3, CoyIM
 -- netblue30 <netblue30@yahoo.com>  Tue, 26 Jan 2021 09:00:00 -0500
Comment 1 Larry the Git Cow gentoo-dev 2021-02-09 07:34:31 UTC 
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5c891dd97151555cea24f2793933c85fa0b8e71b

commit 5c891dd97151555cea24f2793933c85fa0b8e71b
Author:     Hank Leininger <hlein@korelogic.com>
AuthorDate: 2021-02-08 20:21:30 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2021-02-09 07:26:41 +0000

    sys-apps/firejail: Version bump, disables overlayfs to fix privesc
    
    New version disables overlayfs, which has a root privesc vuln.
    Some new profiles and other minor fixes also included. Disable
    overlayfs USE flag in live ebuild as well.
    
    Signed-off-by: Hank Leininger <hlein@korelogic.com>
    Closes: https://bugs.gentoo.org/769230
    Bug: https://bugs.gentoo.org/769542
    Package-Manager: Portage-3.0.14, Repoman-3.0.2
    Closes: https://github.com/gentoo/gentoo/pull/19377
    Signed-off-by: Sam James <sam@gentoo.org>

 sys-apps/firejail/Manifest                 |  1 +
 sys-apps/firejail/firejail-0.9.64.4.ebuild | 97 ++++++++++++++++++++++++++++++
 sys-apps/firejail/firejail-9999.ebuild     |  5 +-
 3 files changed, 100 insertions(+), 3 deletions(-)