[gentoo-commits] repo/gentoo:master commit in: sys-apps/firejail/

public inbox for gentoo-commits@lists.gentoo.org
 help / color / mirror / Atom feed

From: "Sam James" <sam@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] repo/gentoo:master commit in: sys-apps/firejail/
Date: Tue,  9 Feb 2021 07:34:34 +0000 (UTC)	[thread overview]
Message-ID: <1612855601.5c891dd97151555cea24f2793933c85fa0b8e71b.sam@gentoo> (raw)

commit:     5c891dd97151555cea24f2793933c85fa0b8e71b
Author:     Hank Leininger <hlein <AT> korelogic <DOT> com>
AuthorDate: Mon Feb  8 20:21:30 2021 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue Feb  9 07:26:41 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5c891dd9

sys-apps/firejail: Version bump, disables overlayfs to fix privesc

New version disables overlayfs, which has a root privesc vuln.
Some new profiles and other minor fixes also included. Disable
overlayfs USE flag in live ebuild as well.

Signed-off-by: Hank Leininger <hlein <AT> korelogic.com>
Closes: https://bugs.gentoo.org/769230
Bug: https://bugs.gentoo.org/769542
Package-Manager: Portage-3.0.14, Repoman-3.0.2
Closes: https://github.com/gentoo/gentoo/pull/19377
Signed-off-by: Sam James <sam <AT> gentoo.org>

 sys-apps/firejail/Manifest                                   |  1 +
 .../{firejail-9999.ebuild => firejail-0.9.64.4.ebuild}       | 12 ++++++++----
 sys-apps/firejail/firejail-9999.ebuild                       |  5 ++---
 3 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/sys-apps/firejail/Manifest b/sys-apps/firejail/Manifest
index c58b96b657a..e0b97ae0157 100644
--- a/sys-apps/firejail/Manifest
+++ b/sys-apps/firejail/Manifest
@@ -1 +1,2 @@
+DIST firejail-0.9.64.4.tar.xz 431116 BLAKE2B 1e64af1459cdbd6e753299796b2521efdc1fe364a66b8f0f40df1adabec32d0673cb9805a2ab385b96b64aca16e038e615ab1e4dc4df1dbcaa0b5b24f54c89d0 SHA512 580a074cb40e7559f6d532418b5e05e042c30306e8507d32ac3c71a51dec6648035ad810d253da02caaa4adc41f773dfdab55528618f5ca30ff30d4e7bbd12c9
 DIST firejail-0.9.64.tar.xz 419464 BLAKE2B 9425910bd78739dc628a05247877f3e96065f9eab6be1fa87a70932ff04a53817e03cd67a81b35b0e5a69b5598fc5be9d6191f9c5c2bf511bc76c1edaf0eb22d SHA512 89bab9aee944ebde6221a96f0f028380f607cd49046cad5348d5974efcc92c50a172edf5e50c56606091d2060d1d8f0c50a41f05f63327672a3c3cb48eb93699

diff --git a/sys-apps/firejail/firejail-9999.ebuild b/sys-apps/firejail/firejail-0.9.64.4.ebuild
similarity index 86%
copy from sys-apps/firejail/firejail-9999.ebuild
copy to sys-apps/firejail/firejail-0.9.64.4.ebuild
index 7a15ae3bdeb..1542ba12484 100644
--- a/sys-apps/firejail/firejail-9999.ebuild
+++ b/sys-apps/firejail/firejail-0.9.64.4.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2020 Gentoo Authors
+# Copyright 1999-2021 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=7
@@ -8,7 +8,7 @@ PYTHON_COMPAT=( python3_{7..9} )
 inherit toolchain-funcs python-single-r1 linux-info
 
 if [[ ${PV} != 9999 ]]; then
-	KEYWORDS="~amd64 ~x86"
+	KEYWORDS="~amd64 ~arm64 ~x86"
 	SRC_URI="https://github.com/netblue30/${PN}/releases/download/${PV}/${P}.tar.xz"
 else
 	inherit git-r3
@@ -21,7 +21,7 @@ HOMEPAGE="https://firejail.wordpress.com/"
 
 LICENSE="GPL-2"
 SLOT="0"
-IUSE="X apparmor +chroot contrib +dbusproxy +file-transfer +globalcfg +network +overlayfs +private-home +suid test +userns +whitelist"
+IUSE="X apparmor +chroot contrib +dbusproxy +file-transfer +globalcfg +network +private-home +suid test +userns +whitelist"
 RESTRICT="!test? ( test )"
 
 RDEPEND="!sys-apps/firejail-lts
@@ -52,6 +52,11 @@ src_prepare() {
 	if use contrib; then
 		python_fix_shebang -f contrib/*.py
 	fi
+
+	# some tests were missing from this release's tarball
+	if use test; then
+		sed -i -r -e 's/^(test:.*) test-private-lib (.*)/\1 \2/; s/^(test:.*) test-fnetfilter (.*)/\1 \2/' Makefile.in || die
+	fi
 }
 
 src_configure() {
@@ -63,7 +68,6 @@ src_configure() {
 		$(use_enable file-transfer) \
 		$(use_enable globalcfg) \
 		$(use_enable network) \
-		$(use_enable overlayfs) \
 		$(use_enable private-home) \
 		$(use_enable suid) \
 		$(use_enable userns) \

diff --git a/sys-apps/firejail/firejail-9999.ebuild b/sys-apps/firejail/firejail-9999.ebuild
index 7a15ae3bdeb..7c0a516bf0c 100644
--- a/sys-apps/firejail/firejail-9999.ebuild
+++ b/sys-apps/firejail/firejail-9999.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2020 Gentoo Authors
+# Copyright 1999-2021 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=7
@@ -21,7 +21,7 @@ HOMEPAGE="https://firejail.wordpress.com/"
 
 LICENSE="GPL-2"
 SLOT="0"
-IUSE="X apparmor +chroot contrib +dbusproxy +file-transfer +globalcfg +network +overlayfs +private-home +suid test +userns +whitelist"
+IUSE="X apparmor +chroot contrib +dbusproxy +file-transfer +globalcfg +network +private-home +suid test +userns +whitelist"
 RESTRICT="!test? ( test )"
 
 RDEPEND="!sys-apps/firejail-lts
@@ -63,7 +63,6 @@ src_configure() {
 		$(use_enable file-transfer) \
 		$(use_enable globalcfg) \
 		$(use_enable network) \
-		$(use_enable overlayfs) \
 		$(use_enable private-home) \
 		$(use_enable suid) \
 		$(use_enable userns) \

next             reply	other threads:[~2021-02-09  7:39 UTC|newest]

Thread overview: 67+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-02-09  7:34 Sam James [this message]
  -- strict thread matches above, loose matches on Subject: below --
2025-05-01 21:52 [gentoo-commits] repo/gentoo:master commit in: sys-apps/firejail/ Sam James
2025-05-01 21:51 Sam James
2024-12-13  6:53 Arthur Zamarin
2024-06-04  0:51 Sam James
2024-06-02  4:57 Sam James
2023-04-19  9:45 Sam James
2022-08-27 11:38 Sam James
2022-07-15 10:28 Joonas Niilola
2022-03-29  7:20 Joonas Niilola
2022-02-21  1:51 Sam James
2021-07-16  0:38 Sam James
2021-07-16  0:36 Sam James
2021-07-16  0:36 Sam James
2021-02-21  5:19 Sam James
2021-02-18 23:12 Conrad Kostecki
2021-02-18  0:59 Sam James
2021-02-18  0:54 Sam James
2020-12-02 23:21 Sam James
2020-11-21  7:21 Joonas Niilola
2020-11-20 11:45 Joonas Niilola
2020-11-20 11:45 Joonas Niilola
2020-11-20 10:42 Joonas Niilola
2020-11-20 10:42 Joonas Niilola
2020-11-14 23:39 Sam James
2020-11-13 20:57 Aaron Bauman
2020-11-11  7:50 Joonas Niilola
2020-11-11  7:50 Joonas Niilola
2020-11-11  7:50 Joonas Niilola
2020-10-11 19:42 Dennis Lamm
2020-08-22 10:18 Dennis Lamm
2020-08-22 10:18 Dennis Lamm
2020-07-05 13:36 Agostino Sarubbo
2020-01-02 16:45 Dennis Lamm
2019-11-09 11:52 Dennis Lamm
2019-11-09 11:18 Dennis Lamm
2019-10-28  7:41 Agostino Sarubbo
2019-08-11 20:06 Dennis Lamm
2019-08-04 18:27 Dennis Lamm
2019-07-29 18:36 Mikle Kolyada
2019-07-29 12:16 Mikle Kolyada
2019-07-29  4:21 Dennis Lamm
2019-07-07 21:13 Amadeusz Piotr Żołnowski
2018-12-04 22:16 Amadeusz Piotr Żołnowski
2017-12-16 17:24 Tobias Klausmann
2017-11-30 20:40 Thomas Deutschmann
2017-09-10 21:49 Amadeusz Piotr Żołnowski
2017-05-16 21:41 Amadeusz Piotr Żołnowski
2017-01-30 13:09 Agostino Sarubbo
2017-01-27 22:21 Amadeusz Piotr Żołnowski
2017-01-27 22:21 Amadeusz Piotr Żołnowski
2017-01-13 17:06 Agostino Sarubbo
2016-12-18 13:27 Amadeusz Piotr Żołnowski
2016-12-13 11:05 Agostino Sarubbo
2016-10-30 10:37 Amadeusz Piotr Żołnowski
2016-09-27  8:57 Agostino Sarubbo
2016-09-26 20:35 Amadeusz Piotr Żołnowski
2016-09-26 20:35 Amadeusz Piotr Żołnowski
2016-09-26 12:36 Agostino Sarubbo
2016-09-14  9:19 Amadeusz Piotr Żołnowski
2016-06-06 13:33 Agostino Sarubbo
2016-06-04 20:56 Amadeusz Piotr Żołnowski
2016-06-04 18:24 Amadeusz Piotr Żołnowski
2016-04-20  4:29 Mike Frysinger
2016-02-12 20:09 Amadeusz Piotr Żołnowski
2016-02-12 20:06 Amadeusz Piotr Żołnowski
2016-01-05 21:20 Amadeusz Piotr Żołnowski

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:c58b96b657 dfblob:e0b97ae015 dfblob:7a15ae3bde
dfblob:1542ba1248 dfblob:7a15ae3bde dfblob:7c0a516bf0 )
 OR (
bs:"[gentoo-commits] repo/gentoo:master commit in: sys-apps/firejail/" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1612855601.5c891dd97151555cea24f2793933c85fa0b8e71b.sam@gentoo \
    --to=sam@gentoo.org \
    --cc=gentoo-commits@lists.gentoo.org \
    --cc=gentoo-dev@lists.gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox