2011-01-05 - Changes between 0.9.4 and 0.9.5 New features: o This release includes packages for OpenSuSE 11.3 and Fedora 13. o X11 applications running in a playground can now be started in a nested and isolated X11 session. o It is now possible to force removal of dead playgrounds even if some files are no longer present. Bugfixes: o Creating permanent rules from sandbox escalations was broken. This is fixed now. o Fix a deadlock with dazukofs. o Reset SIGCHLD handler for playground processes. 2010-10-21 - Changes between 0.9.3 and 0.9.4 New features: o The Playground feature, which introduces a copy on write filesystem for selected processes that are started in a playground session. It also includes graphical and CLI management tools. With these tools / features it is possible to selectively discard or commit changes to the real filesystem when the a playground is halted. To secure the commit operation it is possible to configure optional content scanners, i.e. anti virus software, which can determine if the selected files pose any risk to the integrity of the system, and if needed alert the user or reject the commit entirely in case a virus is detected. o Implemented a process browser in xanoubis, which greatly simplifies the examination of Anoubis rulesets and other details for each process on the system. This feature uses the Anoubis daemon's built-in process tracking to list all processes and is especially useful for debugging and correlating processes to rulesets or playground sessions. o added support for Ubuntu Lucid and Debian Squeeze o introduced 'anoubisctl ps' command o introduced 'anoubisctl stat' command o added kernel based SFS/Sandbox exceptions o added some library support for mount points and file names o added some more tray icons in different sizes (for smoother scaling) o created userland and kernel source repository on sourceforge.net o kernel source packages for .deb and .rpm now also available o copy button in rule editor (for cloning rules) Bugfixes: o fixed some potential resource leaks o fixed a few bugs in the SFS browser o protected anoubisd from OOM killer o fixed rule display for admin rules o fixed several xanoubis segfaults o fixed anoubisd upgrade segfault o fixed ALF default rule logging o fixed ruleeditor alignment o fixed GUI notifications o fixed de-selection handling o fixed broken errno assignment o repaired broken error messages o fixed xanoubis sigchld handling o fixed NFS problems with UDP mounts o fixed anoubisctl client-connect segfault o activated PAE in the Debian kernel config o fixed writeback issues in Anoubis Options Tab o enabled POSIX style option parsing in anoubis cli binaries o corrected several broken translations and provided some missing ones o fixed NULL dereference bug found by clang and added asserts (false positives) o refined certificate error messages when connecting to daemon o made sure that only a single line can be selected in AnGrids o fixed runaway modprobe loop when loading sha256 early o fixed potential message passing lockup in anoubisd o worked around startup bug in autostart for gnome o fixed reported crash with NULL sock->sk fields o several valgrind fixes (xanoubis and anoubisd) o fixed issues in Linux kernel found by sparse o fixed some sparse findings in userspace o fixed Use-after Free Bug in anoubisd o fixed Fedora/OpenSuSE kernel patches o fixed 64Bit kernel stack corruption o fixed debian init script dependcies o waiting for /dev/log during startup o addressed some cppcheck findings o fixed package dependencies typo o fixed waiting for task bar area o fixed kernel directory events o fixed logging for admin rules o some kernel package fixes o fixed OpenBSD kernel Bugs o fixed Ubuntu distro kernel o quieted some clang warnings o fixed message compatibility o ComCSMultiTask design fix Other changes: o updated / cleaned up the Anoubis LiveCD o cleaned up the display of new escalations o fine tuned the display of command names o updated the Linux kernel to 2.6.32.24 o unified write dispatcher functions o Fedora/OpenSuSE packaging cleanups o updated anoubisd.conf in packages o improved ALF module rule display o application-icons for Anoubis o extensive code refactoring o added a CSMulti request class o made queues aware of write events o added message to the xanoubis close dialog o implemented a template based AnListProperty o switched to less restrictive truecrypt policies o display of checksum states in SFS escalations o converted Checksum removes to CSMulti requests o made sure that SFS does not consume all inodes o increased tolerance for newlines in the APN syntax o make more use of the buffer overflow library o removed splint-includes.h from source tarball o use non-root values for free space calculation o removed kernel-header-dependencies from userland o force a dynamic policy change when the UID of a process changes o updated and extended documentation (for users as well as developers) o improved many error messages to offer more details / be more specific 2010-03-18 - Changes between 0.9.2 and 0.9.3 New features: o anoubisd: Remove unnecessary fsync call in anoubisd/sfs.c which resulted in a huge performance loss when adding checksums. o anoubisd: Now uses the multi-checksum-request messages to improve performance. o xanoubis: Now uses the multi-checksum-request messages to improve performance. o anoubisd: Limit the size of policy-files which can be configured in anoubisd.conf(5). o xanoubis: Implementation of client-authorization was added to xanoubis. o xanoubis: Support for editing default policies. o xanoubis: Provide a dialogue to generate key-pair within the GUI. o xanoubis: comprehensive performance improvements regarding the handling of very large policies within xanoubis. o xanoubis: The nosfs-flag can now be set within the Rule Editor and RuleWizard. o Support for SCTP was added to apn, anoubis daemon and xanoubis. o Support for eCryptfs was added to the Anoubis Linux kernel. o Authentication was added in protocol version 4. o A multi-checksum-request message type was added in protocol version 5. o Long-running jobs comprised of numerous tasks such as register and validate operations can now be interrupted within xanoubis. Bug fixes: o Linux Kernel: Fix a NULL pointer dereference sfs_bprm_committed_creds gets called with a task that does not have a security label attached to it. BUG #1447 o OpenBSD: Fix OpenBSD pool allocator bug. o OpenBSD: anoubisctl leaks the setgid status to anoubisd causing issues on opening /dev/eventdev o OpenBSD kernel: Fix an OpenBSD bug that can cause crashes in namei NFS code. o OpenBSD kernel: Fix deadlocks with vnode locks in OpenBSD. o Kernel: Disable ANOUBIS_REQUEST_STATS ioctl for regular users. o anoubisd: Fix memory leaks in the anoubis daemon revealed by valgrind(1) o Fix a crash in the SHA256 calculation of libanoubissig. o xanoubis: Fix a display bug that caused text to be displayed in adjacent empty cells. o xanoubis: Assure that the private key is loaded only into memory when actually needed. o xanoubis: Fix timeout of end-of-session key within SFS-Browser. o xanoubis: Fix a bug were index counting for visible/invisible columns could lead to a memory access behind the actual end of the list in question. o xanoubis: Fix a segfault when xanoubis gets closed while in the upgrade message dialogue. o xanoubis: Fix view in Rule Editor to show non-bold fonts in headers, refuse selection of these and store the size persistently. o xanoubis: Change permissions of .xanoubis directory to 0700. o xanoubis: Fix AnPickFromFS Dialogue to handle files as well as directories. o xanoubis: Fix a segfault if a PolicyCtrl object is destroyed without an explicit creation. o xanoubis: Handling of the TrayIcon exclamation mark is now correctly done when opening LogViewer or Notification tab o anoubis-keyinstall: Bail out and provide and exit with a reasonable error message when the tool is called by non-root users. o Properly handle syssigs on !SFS_CS_OK filesystems to allow execs on dazukofs mounts. Other changes: o Limit connections per user to avoid DoS by ENFILE o anoubisd: Enforce secure exec if the policy of a task changes during exec. o anoubisd: The number of pending notifications per session was limited to avoid an out of memory DOS. o xanoubis: Fix ComCsumAddTask to calculate checksum/signature in CsumCalcTask not until both are meant to be send to daemon to improve performance. o xanoubis: Redesign of the ALF, SB and SFS overview module. o xanoubis: Double-Clicking on an empty application rules now also opens the Rule Editor. o xanoubis: A dialogue is shown to the user if a non-matching key-pair was detected. o xanoubis: Redesign of the Rule Editor which now uses a grid widget. o xanoubis: Provide better error messages if an error occurs during authentication. o Linux kernel: Update to 2.6.32 o Initial implementation of a buffer overflow protection library used by anoubisd o Fix quoting in APN to handle filenames containing quotes properly. o Add README.privsep as extra dist file providing information on privilege separation. 2009-11-03 - Changes between 0.9.1 and 0.9.2 New features: o Initial support for dazukoFS: Make sure anoubisd is unaffected by dazukoFS and include dazukoFS in the kernel packages. o Handle OS upgrades correctly even if anoubisd is restarted in the process. This is done by delaying the restart until after the upgrade finished. o Anoubisctl/sfssig/xanoubis will now also log errors to the syslog that may be interesting for the administrator. Bug fixes: o OpenBSD kernel: Fix an OpenBSD bug that can cause crashes in nfs_reply. o xanoubis: Fix directory path interfering with filter/invert options. BUG #1168 o anoubisd/anoubisctl: Do not leak pid filehandle to childs. o xanoubis: Various fixes for operating at low screen resolutions. BUG #893 o sfssig: Fix exporting of signatures. o anoubisd: Fix /etc/services not being available to anoubisd childs. o xanoubis: Fix 'Unexpected return-code: 1' error message. BUG #1373 o xanoubis: Fix the Status field in the rule editor being updated too late. BUG #1369 o xanoubis: Display correct state in Upgrade view. o xanoubis: Don't try to create a rule for an unknown binary after an ask event. o xanoubis: Make large SFS error messages scrollable. BUG #1352 o Linux kernel: Fix EBADF when writing to a raw socket. This sometimes prevented dhclient from working. o sfssig: Fix 'add' failing if file is open for writing. BUG #1342 o Linux kernel: Make sure a new file is not created if write access was denied. Other changes: o Send upgrade-notify events to all attached UIs. Show the upgrade dialogue in xanoubis when such an event is received. Also use this to get rid of INotify. o xanoubis: Give a general overview message for SFS errors. o xanoubis: Save table column widths in xanoubis.conf. o xanoubis: Adjust column witdths to window/table size. BUG #1321 o xanoubis: Create Anoubis specific MessageBox class. o xanoubis: Various text improvements. o anoubisd: Return EXDEV instead of EPERM when rename restrictions apply. This makes programs like mv and patch copy the file instead. BUG #1353 o Handle mknod calls in kernel sfs and generate SFS-write events. 2009-10-12 - Changes between 0.1.10.D023.970.D170 and 0.9.1 New features: o Introduce version/compatibility checks between various Anoubis components. Introduce version numbers for various on disk file formats. o Add support for updating checksums / signatures after an operating system upgrade. For unsigned checksums, this can be done automatically. For signed checksums, xanoubis displays a list with the changed files. Bug fixes: o Add a missing destructor for sfssubject o Add missing event_add in acc_flush of libanoubischat o Add upgrade lists to ComTask o Deactivate wizard if disconnected o Fix flex warnings caused by ununsed symbol in code generated by flex o Fix list perspective in notification tab o Fix memory leaks in apn parser o Fix notification bubbles for notify-osd o Fix segfault in checksum comparison for new context o Fixed creation of user application policy o Length verification for checksum operations o Prevent looping in module SFS when in recursive mode o Support display of ruleset that contain borrow o Truncated length of error message from SFS to prevent KDE Window Manager crash o Various I18N fixes Other changes: o Get rid of apn_hash_type o Get rid of protocol family in filtspec rules o Get rid of state timeout in APN o Implement new sfs tree format o Add Upgrade marker to signature files on upgrade o Module SFS: New implementation of list operations o Move Checksums into a Subject in APN o Performance improvement of calls to SelectedItemCount o Performance improvement of hasSelection in AnList o Provide direct access to the SFS-Browser tab o Remove explicit checksums in policies o Unify the handling of configuration options by new AnConfig-class o Update the kernel configs with default mmap_min_addr o Use TimerEvent to check for Changes in menu.lst o anoubisctl and xanoubis now report PACKAGE_BUILD version