| 1 |
commit: 5c891dd97151555cea24f2793933c85fa0b8e71b |
| 2 |
Author: Hank Leininger <hlein <AT> korelogic <DOT> com> |
| 3 |
AuthorDate: Mon Feb 8 20:21:30 2021 +0000 |
| 4 |
Commit: Sam James <sam <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Tue Feb 9 07:26:41 2021 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5c891dd9 |
| 7 |
|
| 8 |
sys-apps/firejail: Version bump, disables overlayfs to fix privesc |
| 9 |
|
| 10 |
New version disables overlayfs, which has a root privesc vuln. |
| 11 |
Some new profiles and other minor fixes also included. Disable |
| 12 |
overlayfs USE flag in live ebuild as well. |
| 13 |
|
| 14 |
Signed-off-by: Hank Leininger <hlein <AT> korelogic.com> |
| 15 |
Closes: https://bugs.gentoo.org/769230 |
| 16 |
Bug: https://bugs.gentoo.org/769542 |
| 17 |
Package-Manager: Portage-3.0.14, Repoman-3.0.2 |
| 18 |
Closes: https://github.com/gentoo/gentoo/pull/19377 |
| 19 |
Signed-off-by: Sam James <sam <AT> gentoo.org> |
| 20 |
|
| 21 |
sys-apps/firejail/Manifest | 1 + |
| 22 |
.../{firejail-9999.ebuild => firejail-0.9.64.4.ebuild} | 12 ++++++++---- |
| 23 |
sys-apps/firejail/firejail-9999.ebuild | 5 ++--- |
| 24 |
3 files changed, 11 insertions(+), 7 deletions(-) |
| 25 |
|
| 26 |
diff --git a/sys-apps/firejail/Manifest b/sys-apps/firejail/Manifest |
| 27 |
index c58b96b657a..e0b97ae0157 100644 |
| 28 |
--- a/sys-apps/firejail/Manifest |
| 29 |
+++ b/sys-apps/firejail/Manifest |
| 30 |
@@ -1 +1,2 @@ |
| 31 |
+DIST firejail-0.9.64.4.tar.xz 431116 BLAKE2B 1e64af1459cdbd6e753299796b2521efdc1fe364a66b8f0f40df1adabec32d0673cb9805a2ab385b96b64aca16e038e615ab1e4dc4df1dbcaa0b5b24f54c89d0 SHA512 580a074cb40e7559f6d532418b5e05e042c30306e8507d32ac3c71a51dec6648035ad810d253da02caaa4adc41f773dfdab55528618f5ca30ff30d4e7bbd12c9 |
| 32 |
DIST firejail-0.9.64.tar.xz 419464 BLAKE2B 9425910bd78739dc628a05247877f3e96065f9eab6be1fa87a70932ff04a53817e03cd67a81b35b0e5a69b5598fc5be9d6191f9c5c2bf511bc76c1edaf0eb22d SHA512 89bab9aee944ebde6221a96f0f028380f607cd49046cad5348d5974efcc92c50a172edf5e50c56606091d2060d1d8f0c50a41f05f63327672a3c3cb48eb93699 |
| 33 |
|
| 34 |
diff --git a/sys-apps/firejail/firejail-9999.ebuild b/sys-apps/firejail/firejail-0.9.64.4.ebuild |
| 35 |
similarity index 86% |
| 36 |
copy from sys-apps/firejail/firejail-9999.ebuild |
| 37 |
copy to sys-apps/firejail/firejail-0.9.64.4.ebuild |
| 38 |
index 7a15ae3bdeb..1542ba12484 100644 |
| 39 |
--- a/sys-apps/firejail/firejail-9999.ebuild |
| 40 |
+++ b/sys-apps/firejail/firejail-0.9.64.4.ebuild |
| 41 |
@@ -1,4 +1,4 @@ |
| 42 |
-# Copyright 1999-2020 Gentoo Authors |
| 43 |
+# Copyright 1999-2021 Gentoo Authors |
| 44 |
# Distributed under the terms of the GNU General Public License v2 |
| 45 |
|
| 46 |
EAPI=7 |
| 47 |
@@ -8,7 +8,7 @@ PYTHON_COMPAT=( python3_{7..9} ) |
| 48 |
inherit toolchain-funcs python-single-r1 linux-info |
| 49 |
|
| 50 |
if [[ ${PV} != 9999 ]]; then |
| 51 |
- KEYWORDS="~amd64 ~x86" |
| 52 |
+ KEYWORDS="~amd64 ~arm64 ~x86" |
| 53 |
SRC_URI="https://github.com/netblue30/${PN}/releases/download/${PV}/${P}.tar.xz" |
| 54 |
else |
| 55 |
inherit git-r3 |
| 56 |
@@ -21,7 +21,7 @@ HOMEPAGE="https://firejail.wordpress.com/" |
| 57 |
|
| 58 |
LICENSE="GPL-2" |
| 59 |
SLOT="0" |
| 60 |
-IUSE="X apparmor +chroot contrib +dbusproxy +file-transfer +globalcfg +network +overlayfs +private-home +suid test +userns +whitelist" |
| 61 |
+IUSE="X apparmor +chroot contrib +dbusproxy +file-transfer +globalcfg +network +private-home +suid test +userns +whitelist" |
| 62 |
RESTRICT="!test? ( test )" |
| 63 |
|
| 64 |
RDEPEND="!sys-apps/firejail-lts |
| 65 |
@@ -52,6 +52,11 @@ src_prepare() { |
| 66 |
if use contrib; then |
| 67 |
python_fix_shebang -f contrib/*.py |
| 68 |
fi |
| 69 |
+ |
| 70 |
+ # some tests were missing from this release's tarball |
| 71 |
+ if use test; then |
| 72 |
+ sed -i -r -e 's/^(test:.*) test-private-lib (.*)/\1 \2/; s/^(test:.*) test-fnetfilter (.*)/\1 \2/' Makefile.in || die |
| 73 |
+ fi |
| 74 |
} |
| 75 |
|
| 76 |
src_configure() { |
| 77 |
@@ -63,7 +68,6 @@ src_configure() { |
| 78 |
$(use_enable file-transfer) \ |
| 79 |
$(use_enable globalcfg) \ |
| 80 |
$(use_enable network) \ |
| 81 |
- $(use_enable overlayfs) \ |
| 82 |
$(use_enable private-home) \ |
| 83 |
$(use_enable suid) \ |
| 84 |
$(use_enable userns) \ |
| 85 |
|
| 86 |
diff --git a/sys-apps/firejail/firejail-9999.ebuild b/sys-apps/firejail/firejail-9999.ebuild |
| 87 |
index 7a15ae3bdeb..7c0a516bf0c 100644 |
| 88 |
--- a/sys-apps/firejail/firejail-9999.ebuild |
| 89 |
+++ b/sys-apps/firejail/firejail-9999.ebuild |
| 90 |
@@ -1,4 +1,4 @@ |
| 91 |
-# Copyright 1999-2020 Gentoo Authors |
| 92 |
+# Copyright 1999-2021 Gentoo Authors |
| 93 |
# Distributed under the terms of the GNU General Public License v2 |
| 94 |
|
| 95 |
EAPI=7 |
| 96 |
@@ -21,7 +21,7 @@ HOMEPAGE="https://firejail.wordpress.com/" |
| 97 |
|
| 98 |
LICENSE="GPL-2" |
| 99 |
SLOT="0" |
| 100 |
-IUSE="X apparmor +chroot contrib +dbusproxy +file-transfer +globalcfg +network +overlayfs +private-home +suid test +userns +whitelist" |
| 101 |
+IUSE="X apparmor +chroot contrib +dbusproxy +file-transfer +globalcfg +network +private-home +suid test +userns +whitelist" |
| 102 |
RESTRICT="!test? ( test )" |
| 103 |
|
| 104 |
RDEPEND="!sys-apps/firejail-lts |
| 105 |
@@ -63,7 +63,6 @@ src_configure() { |
| 106 |
$(use_enable file-transfer) \ |
| 107 |
$(use_enable globalcfg) \ |
| 108 |
$(use_enable network) \ |
| 109 |
- $(use_enable overlayfs) \ |
| 110 |
$(use_enable private-home) \ |
| 111 |
$(use_enable suid) \ |
| 112 |
$(use_enable userns) \ |
Archives