Ubuntu
firejail package

[SRU] New upstream microrelease

  1. Xenial (16.04)
  2. Bug #1658824
Bug #1658824 reported by Mattia Rizzolo
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
firejail (Ubuntu)
Xenial
Fix Released
Medium
Reiner Herrmann

Bug Description

[Impact]
 * The current version is affected by a bunch of important and security bugs
 * Upstream is maintaining this branch with targeted bug fixes.

[Test Case]
 N/A

[Regression Potential]
 * Upstream maintains LTS branch for 0.9.38.x and takes care not to introduce breaking changes. An extensive test suite is available and maintained by upstream, which is also run before releases.
Estimated regression potentional is therefore low.

Upstream changelog:

firejail (0.9.38.10) baseline; urgency=low
  * security: new fix for CVE-2017-5180 reported by Sebastian Krahmer last week
  * security: tightening the rules for --chroot
  * bugfix: ported Gentoo compile patch
  * bugfix: fix ASSERT_PERMS_FD macro
 -- netblue30 Sun, 15 Jan 2017 10:00:00 -0500

firejail (0.9.38.8) baseline; urgency=low
  * security: root exploit found by Sebastian Krahmer (CVE-2017-5180)
 -- netblue30 Sat, 7 Jan 2017 10:00:00 -0500

firejail (0.9.38.6) baseline; urgency=low
  * security: overwrite /etc/resolv.conf found by Martin Carpenter (CVE-2016-10118)
  * bugfix: crashing VLC by pressing Ctrl-O
 -- netblue30 Fri, 16 Dec 2016 10:00:00 -0500

firejail (0.9.38.4) baseline; urgency=low
  * CVE-2016-7545 submitted by Aleksey Manevich
  * bugfixes
 -- netblue30 Mon, 10 Oct 2016 10:00:00 -0500

firejail (0.9.38.2) baseline; urgency=low
  * security: --whitelist deleted files, submitted by Vasya Novikov
  * security: disable x32 ABI, submitted by Jann Horn
  * security: tighten --chroot, submitted by Jann Horn
  * security: terminal sandbox escape, submitted by Stephan Sokolow
  * feature: clean local overlay storage directory (--overlay-clean)
  * bugfixes
 -- netblue30 Tue, 23 Aug 2016 10:00:00 -0500

See original description
Mattia Rizzolo (mapreri)
no longer affects: firejail (Ubuntu)
Changed in firejail (Ubuntu Xenial):
assignee: nobody → Reiner Herrmann (deki)
status: New → In Progress
importance: Undecided → Medium
Reiner Herrmann (deki)
description: updated
description: updated
Revision history for this message
Brian Murray (brian-murray) wrote :

The upload in the Xenial SRU queue has no Launchpad-Bugs-Fixed in the .changes file, this will break the SRU process. Please reupload the package such that Launchpad-Bugs-Fixed are produced.

Revision history for this message
Mattia Rizzolo (mapreri) wrote :

Yeah, I've got the same feedback for another thing yesterday…
Please reject it, and I'll upload again with a proper Launchpad-Bugs-Fixed entry…

Revision history for this message
Brian Murray (brian-murray) wrote :

I'll go ahead and accept this but I think the test case should include some information about how to ensure that firejail is still working and doesn't regress.

Changed in firejail (Ubuntu Xenial):
status: In Progress → Fix Committed
tags: added: verification-needed
Revision history for this message
Brian Murray (brian-murray) wrote : Please test proposed package

Hello Mattia, or anyone else affected,

Accepted firejail into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/firejail/0.9.38.10-0ubuntu0.16.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Revision history for this message
Pjotr12345 (computertip) wrote :

I've been running Firejail 0.9.38.10 for more than a week now, on several computers which are being used intensively. Operating systems: Xubuntu 16.04.1 and Linux Mint 18.1 Xfce (which is based on Ubuntu 16.04).

It works fine; I haven't noticed any regression.

tags: added: verification-done
removed: verification-needed
Revision history for this message
Reiner Herrmann (deki) wrote :

I also tested basic functionality in a Ubuntu 16.04.1 VM, like restricted access to blacklisted files, separate process and network namespaces, private directories.
I also don't see any regression with the proposed 0.9.38.10-0ubuntu0.16.04.1.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package firejail - 0.9.38.10-0ubuntu0.16.04.1

---------------
firejail (0.9.38.10-0ubuntu0.16.04.1) xenial; urgency=medium

  * New upstream micro release. (LP: #1658824)

 -- Reiner Herrmann <email address hidden> Mon, 16 Jan 2017 21:52:07 +0100

Changed in firejail (Ubuntu Xenial):
status: Fix Committed → Fix Released
Revision history for this message
Chris J Arges (arges) wrote : Update Released

The verification of the Stable Release Update for firejail has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.