From fccd220bbe044fbaf24e069fb4b8d8a877f5b00d Mon Sep 17 00:00:00 2001
From: Gaming4JC <g4jc@openmailbox.org>
Date: Fri, 23 Oct 2015 20:13:47 -0400
Subject: update firejail with hardening patches

---
 pcr/firejail/PKGBUILD | 45 +++++++++++++++++++++++++++------------------
 1 file changed, 27 insertions(+), 18 deletions(-)

(limited to 'pcr/firejail/PKGBUILD')

diff --git a/pcr/firejail/PKGBUILD b/pcr/firejail/PKGBUILD
index 7115796ad..a36ba0364 100644
--- a/pcr/firejail/PKGBUILD
+++ b/pcr/firejail/PKGBUILD
@@ -2,8 +2,8 @@
 # Contributor (Arch): ajs124 < aur AT ajs124 DOT de > 
 
 pkgname=firejail
-pkgver=0.9.30
-pkgrel=2
+pkgver=0.9.32
+pkgrel=1
 pkgdesc="Linux namespaces sandbox program"
 arch=('i686' 'x86_64' 'armv7h')
 license=(GPL2)
@@ -11,38 +11,47 @@ url=https://l3net.wordpress.com/projects/firejail/
 source=("https://downloads.sourceforge.net/project/$pkgname/$pkgname/$pkgname-$pkgver.tar.bz2"
 'PKGBUILD'
 'PKGBUILD.sig'
-'001-addmoresecurity-firefox.patch'
+'001-disable-secret.inc-more-security.patch'
+'002-disable-common.inc-more-security.patch'
 "$pkgname.install")
 install=("$pkgname.install")
 validpgpkeys=('CB6E213A349B8DF9E96B622AC3F4FFCF3EAE8697') # PKGBUILD Maintainer's key
-sha512sums=('a7b4940da63d0001673a11e351a7ba7640e9eea2d8475789125ae96d881d7e11a98f437b44b08347a8ec5208c38f471e2d4cf84ed5d2314b763c1207ceceb56e'
+sha512sums=('02beec4771a0bb3ae75890162e2f5bbee6dbbf51dc972e31a2e133251127f4c6666f53b5f5100ad6133a20ad4e8d128a42a8899d0079820aa76c97b830fe07c3'
             'SKIP'
             'SKIP'
-            'b2121a15fff44ab093c7bce64fe052ef6b7a7e6c66541846b7a36ee303115b67f4f4b73fd2dc3bda75e118a511ec4d0acd94de49c0ee6047a9360748d4b11b6b'
-            'f573592cc977cc739d2913f75ebe1ab2642d1d7d638706c56bca792dce6014d88c8789341ddeae59307aa94f72f3ab178299652b71a62804b1b674433a89ec21')
-whirlpoolsums=('f030e182c8c742b8ead0aa5afe0cd6f3675bbeb806565616913b2deb4bb15b4dbc653e6eb4801567ce6ee816931db0b33b0fdd1c46e82742827af80c76599b3c'
+            '1321ffb099489c1b6748e6a27c196d36cdfb7f125114c8eed8ecf5c777b2ceba5b9bb205113d7dbdee5ca287f7277d0b5b20b9f3061cf8cf3e961c0831b83e48'
+            'ea248b9de6ae51e6e307d61cff44ac2b9298c66a7376268e65640e536e9e847e8a9b115d0855b8654334fba76a1673340829c8628128ec91e7ad09820a4863bf'
+            '77907ac86db9eae3ff78d9013dbc27bc02bcc0bc2514e952af963955d421cb733a3f64c52b444e6918228d17f1fd8aa5a5f384918cbf32aa627794ce813482a7')
+whirlpoolsums=('c87471107017d1b20dbaa97bcf4bdf9abc30cba4177d6db1738861cba38612d96b1cb4e9a0d3df0aaea869c745168de45332e0224a9c5e3b7453b457f7ad9b74'
 'SKIP'
 'SKIP'
-'685427a6d986b5068a05ff784b52a47c43a8354c1fe0a370dbf9aac1f08bdd4287400114062e300285d574454f3cdeb95e26d0ec2a2579d44e55ca070a2001ff'
-'8f6848ad73bb498cb6a4f754a55094629443e7f56d669990e8e3f33415ba723d7ba47eb65737dd3ed918299665bf9bd455c25b5005caa74bb8c8dbb5e02ab4dc')
+'422626df14c9669f5f36e7092467d0a9ca4b1bf90d7227416481c5f979283f038144acbae28cfb1c60b2c0887191771c9f9beb0d0663f8542e51061198aff052'
+'71ad60139c7a7f3b987c8d472cef293996126c13c04a358bad29ba4f8d02d60050862acf881bb8448943c1170001dd1dcc611006d38b9ec50e1e04ac98602aff'
+'fb08f184d8d052aedf6145107388082d3ca2c6157308730df4c318fee46bbec294b801c3dd6bb07f39e924b617b1d643ad1736408b174e8f645eabf460c7b6f2')
 
 prepare() {
 	cd "${srcdir}/${pkgname}-${pkgver}"
-	sed -i '\|bash -c "if \[ ! -f /etc/firejail/login\.users | s|bash -c ".*"$|install -c -m 0644 etc/login.users $(DESTDIR)/etc/firejail/\.|' Makefile.in ## Fix "backup entry file not in packag" warning.
-	patch ${srcdir}/${pkgname}-${pkgver}/etc/firefox.profile $srcdir/001-addmoresecurity-firefox.patch ## Add additional blacklists to FireFox profile for more security
+	sed -i '\|bash -c "if \[ ! -f /etc/firejail/login\.users | s|bash -c ".*"$|install -c -m 0644 etc/login.users $(DESTDIR)/etc/firejail/\.|' Makefile.in ## Fix "backup entry file not in package" warning.
 
-	## Remove non-libre program profiles.
-	rm ${srcdir}/${pkgname}-${pkgver}/etc/dropbox.profile
-	sed -i 's|install -c -m 0644 etc/dropbox.profile $(DESTDIR)/etc/firejail/.||'  ${srcdir}/${pkgname}-${pkgver}/Makefile.in
+        ## Add additional blacklists to harden firejail ##
+	patch ${srcdir}/${pkgname}-${pkgver}/etc/disable-secret.inc $srcdir/001-disable-secret.inc-more-security.patch
+	patch ${srcdir}/${pkgname}-${pkgver}/etc/disable-common.inc $srcdir/002-disable-common.inc-more-security.patch
+
+	## Remove non-libre program profiles. ##
+	rm ${srcdir}/${pkgname}-${pkgver}/etc/chromium-browser.profile
+	sed -i 's|install -c -m 0644 etc/chromium-browser.profile $(DESTDIR)/$(sysconfdir)/firejail/.||'  ${srcdir}/${pkgname}-${pkgver}/Makefile.in
 
 	rm ${srcdir}/${pkgname}-${pkgver}/etc/chromium.profile
-	sed -i 's|install -c -m 0644 etc/chromium.profile $(DESTDIR)/etc/firejail/.||'  ${srcdir}/${pkgname}-${pkgver}/Makefile.in
+	sed -i 's|install -c -m 0644 etc/chromium.profile $(DESTDIR)/$(sysconfdir)/firejail/.||'  ${srcdir}/${pkgname}-${pkgver}/Makefile.in
 
-	rm ${srcdir}/${pkgname}-${pkgver}/etc/chromium-browser.profile
-	sed -i 's|install -c -m 0644 etc/chromium-browser.profile $(DESTDIR)/etc/firejail/.||'  ${srcdir}/${pkgname}-${pkgver}/Makefile.in
+	rm ${srcdir}/${pkgname}-${pkgver}/etc/dropbox.profile
+	sed -i 's|install -c -m 0644 etc/dropbox.profile $(DESTDIR)/$(sysconfdir)/firejail/.||'  ${srcdir}/${pkgname}-${pkgver}/Makefile.in
 	
 	rm ${srcdir}/${pkgname}-${pkgver}/etc/opera.profile
-	sed -i 's|install -c -m 0644 etc/opera.profile $(DESTDIR)/etc/firejail/.||'  ${srcdir}/${pkgname}-${pkgver}/Makefile.in
+	sed -i 's|install -c -m 0644 etc/opera.profile $(DESTDIR)/$(sysconfdir)/firejail/.||'  ${srcdir}/${pkgname}-${pkgver}/Makefile.in
+
+	rm ${srcdir}/${pkgname}-${pkgver}/etc/spotify.profile
+	sed -i 's|install -c -m 0644 etc/spotify.profile $(DESTDIR)/$(sysconfdir)/firejail/.||'  ${srcdir}/${pkgname}-${pkgver}/Makefile.in
 }
 
 build() {
-- 
cgit v1.2.3