From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-1249358-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id 813161382C5
	for <garchives@archives.gentoo.org>; Tue,  9 Feb 2021 07:39:39 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 94463E0901;
	Tue,  9 Feb 2021 07:39:38 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 6FFEDE0901
	for <gentoo-commits@lists.gentoo.org>; Tue,  9 Feb 2021 07:39:38 +0000 (UTC)
Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id F12AD340E3B
	for <gentoo-commits@lists.gentoo.org>; Tue,  9 Feb 2021 07:34:35 +0000 (UTC)
Received: from localhost.localdomain (localhost [IPv6:::1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id 66219C3
	for <gentoo-commits@lists.gentoo.org>; Tue,  9 Feb 2021 07:34:34 +0000 (UTC)
From: "Sam James" <sam@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Sam James" <sam@gentoo.org>
Message-ID: <1612855601.5c891dd97151555cea24f2793933c85fa0b8e71b.sam@gentoo>
Subject: [gentoo-commits] repo/gentoo:master commit in: sys-apps/firejail/
X-VCS-Repository: repo/gentoo
X-VCS-Files: sys-apps/firejail/Manifest sys-apps/firejail/firejail-0.9.64.4.ebuild sys-apps/firejail/firejail-9999.ebuild
X-VCS-Directories: sys-apps/firejail/
X-VCS-Committer: sam
X-VCS-Committer-Name: Sam James
X-VCS-Revision: 5c891dd97151555cea24f2793933c85fa0b8e71b
X-VCS-Branch: master
Date: Tue,  9 Feb 2021 07:34:34 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
X-Archives-Salt: bb02f842-e137-4835-a8b1-c67593a21f3c
X-Archives-Hash: 6adca580bda1c42f9c0914b82ed0c243

commit:     5c891dd97151555cea24f2793933c85fa0b8e71b
Author:     Hank Leininger <hlein <AT> korelogic <DOT> com>
AuthorDate: Mon Feb  8 20:21:30 2021 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue Feb  9 07:26:41 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5c891dd9

sys-apps/firejail: Version bump, disables overlayfs to fix privesc

New version disables overlayfs, which has a root privesc vuln.
Some new profiles and other minor fixes also included. Disable
overlayfs USE flag in live ebuild as well.

Signed-off-by: Hank Leininger <hlein <AT> korelogic.com>
Closes: https://bugs.gentoo.org/769230
Bug: https://bugs.gentoo.org/769542
Package-Manager: Portage-3.0.14, Repoman-3.0.2
Closes: https://github.com/gentoo/gentoo/pull/19377
Signed-off-by: Sam James <sam <AT> gentoo.org>

 sys-apps/firejail/Manifest                                   |  1 +
 .../{firejail-9999.ebuild => firejail-0.9.64.4.ebuild}       | 12 ++++++++----
 sys-apps/firejail/firejail-9999.ebuild                       |  5 ++---
 3 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/sys-apps/firejail/Manifest b/sys-apps/firejail/Manifest
index c58b96b657a..e0b97ae0157 100644
--- a/sys-apps/firejail/Manifest
+++ b/sys-apps/firejail/Manifest
@@ -1 +1,2 @@
+DIST firejail-0.9.64.4.tar.xz 431116 BLAKE2B 1e64af1459cdbd6e753299796b2521efdc1fe364a66b8f0f40df1adabec32d0673cb9805a2ab385b96b64aca16e038e615ab1e4dc4df1dbcaa0b5b24f54c89d0 SHA512 580a074cb40e7559f6d532418b5e05e042c30306e8507d32ac3c71a51dec6648035ad810d253da02caaa4adc41f773dfdab55528618f5ca30ff30d4e7bbd12c9
 DIST firejail-0.9.64.tar.xz 419464 BLAKE2B 9425910bd78739dc628a05247877f3e96065f9eab6be1fa87a70932ff04a53817e03cd67a81b35b0e5a69b5598fc5be9d6191f9c5c2bf511bc76c1edaf0eb22d SHA512 89bab9aee944ebde6221a96f0f028380f607cd49046cad5348d5974efcc92c50a172edf5e50c56606091d2060d1d8f0c50a41f05f63327672a3c3cb48eb93699

diff --git a/sys-apps/firejail/firejail-9999.ebuild b/sys-apps/firejail/firejail-0.9.64.4.ebuild
similarity index 86%
copy from sys-apps/firejail/firejail-9999.ebuild
copy to sys-apps/firejail/firejail-0.9.64.4.ebuild
index 7a15ae3bdeb..1542ba12484 100644
--- a/sys-apps/firejail/firejail-9999.ebuild
+++ b/sys-apps/firejail/firejail-0.9.64.4.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2020 Gentoo Authors
+# Copyright 1999-2021 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=7
@@ -8,7 +8,7 @@ PYTHON_COMPAT=( python3_{7..9} )
 inherit toolchain-funcs python-single-r1 linux-info
 
 if [[ ${PV} != 9999 ]]; then
-	KEYWORDS="~amd64 ~x86"
+	KEYWORDS="~amd64 ~arm64 ~x86"
 	SRC_URI="https://github.com/netblue30/${PN}/releases/download/${PV}/${P}.tar.xz"
 else
 	inherit git-r3
@@ -21,7 +21,7 @@ HOMEPAGE="https://firejail.wordpress.com/"
 
 LICENSE="GPL-2"
 SLOT="0"
-IUSE="X apparmor +chroot contrib +dbusproxy +file-transfer +globalcfg +network +overlayfs +private-home +suid test +userns +whitelist"
+IUSE="X apparmor +chroot contrib +dbusproxy +file-transfer +globalcfg +network +private-home +suid test +userns +whitelist"
 RESTRICT="!test? ( test )"
 
 RDEPEND="!sys-apps/firejail-lts
@@ -52,6 +52,11 @@ src_prepare() {
 	if use contrib; then
 		python_fix_shebang -f contrib/*.py
 	fi
+
+	# some tests were missing from this release's tarball
+	if use test; then
+		sed -i -r -e 's/^(test:.*) test-private-lib (.*)/\1 \2/; s/^(test:.*) test-fnetfilter (.*)/\1 \2/' Makefile.in || die
+	fi
 }
 
 src_configure() {
@@ -63,7 +68,6 @@ src_configure() {
 		$(use_enable file-transfer) \
 		$(use_enable globalcfg) \
 		$(use_enable network) \
-		$(use_enable overlayfs) \
 		$(use_enable private-home) \
 		$(use_enable suid) \
 		$(use_enable userns) \

diff --git a/sys-apps/firejail/firejail-9999.ebuild b/sys-apps/firejail/firejail-9999.ebuild
index 7a15ae3bdeb..7c0a516bf0c 100644
--- a/sys-apps/firejail/firejail-9999.ebuild
+++ b/sys-apps/firejail/firejail-9999.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2020 Gentoo Authors
+# Copyright 1999-2021 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=7
@@ -21,7 +21,7 @@ HOMEPAGE="https://firejail.wordpress.com/"
 
 LICENSE="GPL-2"
 SLOT="0"
-IUSE="X apparmor +chroot contrib +dbusproxy +file-transfer +globalcfg +network +overlayfs +private-home +suid test +userns +whitelist"
+IUSE="X apparmor +chroot contrib +dbusproxy +file-transfer +globalcfg +network +private-home +suid test +userns +whitelist"
 RESTRICT="!test? ( test )"
 
 RDEPEND="!sys-apps/firejail-lts
@@ -63,7 +63,6 @@ src_configure() {
 		$(use_enable file-transfer) \
 		$(use_enable globalcfg) \
 		$(use_enable network) \
-		$(use_enable overlayfs) \
 		$(use_enable private-home) \
 		$(use_enable suid) \
 		$(use_enable userns) \