Sandbox methods with seccomp-BPF; except cdrom, gpgv, rsh

This reduces the number of syscalls to about 140 from about 350 or so, significantly reducing security risks. Also change prepare-release to ignore the architecture lists in the build dependencies when generating the build-depends package for travis. We might want to clean up things a bit more and/or move it somewhere else.
author: Julian Andres Klode <jak@debian.org> 2017-10-22 23:34:03 +0200
committer: Julian Andres Klode <jak@debian.org> 2017-10-22 23:38:31 +0200
commit: 32bcbd73e0988d2d2237690ffae33b4f5cc5ff81 (patch)
tree: 3234d16c59f85a84a02371e6ef2f0bc79af42738 /debian/NEWS
parent: 9130b5f9304b7f58273a826ff9acf04e10c6f98e (diff)
1 files changed, 13 insertions, 0 deletions
diff --git a/debian/NEWS b/debian/NEWS
index 9a93de69e..7ad20ccd6 100644
--- a/debian/NEWS
+++ b/debian/NEWS
@@ -1,3 +1,16 @@
+apt (1.6~alpha1) UNRELEASED; urgency=medium
+
+  All methods provided by apt except for cdrom, gpgv, and rsh now
+  use seccomp-BPF sandboxing to restrict the list of allowed system
+  calls, and trap all others with a SIGSYS signal. Three options
+  can be used to configure this further:
+
+    APT::Sandbox::Seccomp is a boolean to turn it on/off
+    APT::Sandbox::Seccomp::Trap is a list of names of more syscalls to trap
+    APT::Sandbox::Seccomp::Allow is a list of names of more syscalls to allow
+
+ -- Julian Andres Klode <jak@debian.org>  Sun, 22 Oct 2017 22:29:58 +0200
+
 apt (1.5~beta1) unstable; urgency=medium
 
   [ New HTTPS method ]
author	Julian Andres Klode <jak@debian.org>	2017-10-22 23:34:03 +0200
committer	Julian Andres Klode <jak@debian.org>	2017-10-22 23:38:31 +0200
commit	32bcbd73e0988d2d2237690ffae33b4f5cc5ff81 (patch)
tree	3234d16c59f85a84a02371e6ef2f0bc79af42738 /debian/NEWS
parent	9130b5f9304b7f58273a826ff9acf04e10c6f98e (diff)