diff options
Diffstat (limited to 'debian')
| -rw-r--r-- | debian/NEWS | 13 | ||||
| -rw-r--r-- | debian/control | 1 |
2 files changed, 14 insertions, 0 deletions
diff --git a/debian/NEWS b/debian/NEWS index 9a93de69e..7ad20ccd6 100644 --- a/debian/NEWS +++ b/debian/NEWS @@ -1,3 +1,16 @@ +apt (1.6~alpha1) UNRELEASED; urgency=medium + + All methods provided by apt except for cdrom, gpgv, and rsh now + use seccomp-BPF sandboxing to restrict the list of allowed system + calls, and trap all others with a SIGSYS signal. Three options + can be used to configure this further: + + APT::Sandbox::Seccomp is a boolean to turn it on/off + APT::Sandbox::Seccomp::Trap is a list of names of more syscalls to trap + APT::Sandbox::Seccomp::Allow is a list of names of more syscalls to allow + + -- Julian Andres Klode <jak@debian.org> Sun, 22 Oct 2017 22:29:58 +0200 + apt (1.5~beta1) unstable; urgency=medium [ New HTTPS method ] diff --git a/debian/control b/debian/control index 22567e193..de373a83d 100644 --- a/debian/control +++ b/debian/control @@ -20,6 +20,7 @@ Build-Depends: cmake (>= 3.4), libgnutls28-dev (>= 3.4.6), liblz4-dev (>= 0.0~r126), liblzma-dev, + libseccomp-dev [amd64 arm64 armel armhf i386 mips mips64el mipsel ppc64el s390x hppa powerpc powerpcspe ppc64 x32], libudev-dev [linux-any], pkg-config, po4a (>= 0.34-2), |