version 3.1.13

I need to set some flags in order to boot as described here:
https://www.qubes-os.org/doc/uefi-troubleshooting/

My settings look like this:
    $ efibootmgr -v
    BootCurrent: 0000
    Boot0000* Qubes HD(...)/File(\EFI\qubes\xen.efi)p.l.a.c.e.h.o...

which causes awk to get confused and think my $EFI_DIR should be:
    /EFI/qubesp.l.a.c.e.h.o.l.d.e.r. ./.m.a.p.b.s. ./.n.o.e.x.i.t.b.o.o.t.

This causes the script to later bail:
    if [ ! -d "$EFI_DIR" ]; then
        # non-EFI system
        exit 0;
    fi

So my xen.cfg did not get new entries when installing dom0 kernel packages.

(cherry picked from commit 9b7667c3a5)

appmenus-scripts/qubes-core-appmenus.py

@@ -169,7 +169,7 @@ def QubesVm_appmenus_replace_entry(self, old_name, new_name):
                 f.write(''.join(new_lines))
 
 
-def QubesVm_appicons_create(self, srcdir=None):
+def QubesVm_appicons_create(self, srcdir=None, force=False):
     if srcdir is None:
         srcdir = self.appmenus_template_icons_dir
     if srcdir is None:
@@ -201,7 +201,7 @@ def QubesVm_appicons_create(self, srcdir=None):
 
         src_icon = os.path.join(srcdir, icon)
         dst_icon = os.path.join(self.appmenus_icons_dir, icon)
-        if not os.path.exists(dst_icon) or \
+        if not os.path.exists(dst_icon) or force or \
                 os.path.getmtime(src_icon) > os.path.getmtime(dst_icon):
             qubes.imgconverter.tint(src_icon, dst_icon, self.label.color)
 
@@ -315,7 +315,7 @@ def QubesVm_remove_from_disk(self):
 
 
 def QubesVm_label_setter(self, _):
-    self.appicons_create()
+    self.appicons_create(force=True)
 
     # Apparently desktop environments heavily caches the icons,
     # see #751 for details

appmenus-scripts/qubes-receive-appmenus

@@ -44,7 +44,7 @@ appmenus_line_size = 1024
 appmenus_line_count = 100000
 
 # regexps for sanitization of retrieved values
-std_re = re.compile(r"^[/a-zA-Z0-9.,&()_ -]*$")
+std_re = re.compile(r"^[/a-zA-Z0-9.,:&()_ -]*$")
 fields_regexp = {
     "Name": std_re,
     "GenericName": std_re,

dom0-updates/qubes-dom0-update

@@ -22,13 +22,11 @@ if [ "$1" = "--help" ]; then
     exit
 fi
 
-# Prevent template upgrade - this would override user changes
-TEMPLATE_EXCLUDE_OPTS="--exclude=`rpm -qa --qf '%{NAME},' qubes-template-\*`"
 PKGS=
-YUM_OPTS="$TEMPLATE_EXCLUDE_OPTS"
+YUM_OPTS=
 GUI=
 CHECK_ONLY=
-ALL_OPTS="$TEMPLATE_EXCLUDE_OPTS $*"
+ALL_OPTS="$*"
 YUM_ACTION=
 QVMRUN_OPTS=
 CLEAN=
@@ -63,6 +61,38 @@ while [ $# -gt 0 ]; do
     shift
 done
 
+# Prevent template upgrade - this would override user changes -
+# but do allow explicit template reinstalls
+if [ "$YUM_ACTION" == "reinstall" ] && [[ "$PKGS" == *"qubes-template-"* ]]; then
+    TEMPLATE_EXCLUDE_OPTS=""
+    echo "WARNING: Reinstalling a template will erase all files in template's /home and /rw !"
+
+    ONEPKG=`cut -f 1 -d ' ' <<<$PKGS`
+    if [[ "$ONEPKG" == "qubes-template-"* ]] && [[ "$ONEPKG" == "${PKGS#\ }" ]]; then # test "$PKGS" minus space
+    # Prepare to backup template root.img in case reinstall doesn't complete.
+        TEMPLATE=${ONEPKG#qubes-template-}
+        if qvm-shutdown --wait $TEMPLATE ; then
+            echo "Template VM halted"
+        fi
+        if ! TEMPLATE_NETVM=`qvm-prefs --force-root $TEMPLATE netvm` \
+        || ! BAK_TEMPLATE_ROOT=`qvm-prefs --force-root $TEMPLATE root_img` \
+        || ! BAK_TEMPLATE_PRIVATE=`qvm-prefs --force-root $TEMPLATE private_img` ; then
+            exit 1
+        fi
+        if [[ "$TEMPLATE_NETVM" == *"(default)" ]] ; then
+            TEMPLATE_NETVM="default"
+        fi
+    else
+        echo "ERROR: Specify only one package to reinstall template"
+        exit 1
+    fi
+
+else
+    TEMPLATE_EXCLUDE_OPTS="--exclude=`rpm -qa --qf '%{NAME},' qubes-template-\*`"
+fi
+YUM_OPTS="$TEMPLATE_EXCLUDE_OPTS $YUM_OPTS"
+ALL_OPTS="$TEMPLATE_EXCLUDE_OPTS $ALL_OPTS"
+
 ID=$(id -ur)
 if [ $ID != 0 -a -z "$GUI" -a -z "$CHECK_ONLY" ] ; then
     echo "This script should be run as root (when used in console mode), use sudo." >&2
@@ -157,14 +187,44 @@ if [ -z "$YUM_ACTION" ]; then
 fi
 
 if [ "x$PKGS" != "x" ]; then
-    yum $YUM_OPTS $YUM_ACTION $PKGS
+    if [[ -n "$BAK_TEMPLATE_ROOT" ]] ; then # Handle template details
+    # Backup root.img and private.img just in case
+        echo "Creating img backup files"
+        mv "$BAK_TEMPLATE_ROOT" "$BAK_TEMPLATE_ROOT-bak"
+        mv "$BAK_TEMPLATE_PRIVATE" "$BAK_TEMPLATE_PRIVATE-bak"
+        TDIR=`qvm-prefs --force-root $TEMPLATE dir`
+        rm -f "$TDIR/volatile.img"
+        echo "--> Creating private.img..."
+        truncate -s 2G $BAK_TEMPLATE_PRIVATE
+        mkfs.ext4 -m 0 -q -F $BAK_TEMPLATE_PRIVATE
+        chown root:qubes $BAK_TEMPLATE_PRIVATE
+        chmod 0660 $BAK_TEMPLATE_PRIVATE
+    fi
+
+    yum $YUM_OPTS $YUM_ACTION $PKGS ; RETCODE=$?
+
+    if [[ -n "$BAK_TEMPLATE_ROOT" ]] ; then # Handle template details
+        if [ $RETCODE -eq 0 ] ; then
+        # Reinstall went OK, remove backup files.
+            rm -f "$BAK_TEMPLATE_ROOT-bak"
+            rm -f "$BAK_TEMPLATE_PRIVATE-bak"
+        else
+            echo "Yum exit: Restoring img files"
+            mv "$BAK_TEMPLATE_ROOT-bak" "$BAK_TEMPLATE_ROOT"
+            mv "$BAK_TEMPLATE_PRIVATE-bak" "$BAK_TEMPLATE_PRIVATE"
+        fi
+        if ! qvm-prefs --force-root -s $TEMPLATE netvm $TEMPLATE_NETVM ; then
+            echo "ERROR: NetVM setting could not be restored!"
+            exit 1
+        fi
+    fi
 elif [ -f /var/lib/qubes/updates/repodata/repomd.xml ]; then
     # Above file exists only when at least one package was downloaded
     if [ "$GUI" == "1" ]; then
         $guiapp
     else
         yum check-update
-        if [ $? -eq 100 ]; then
+        if [ $? -eq 100 ]; then # Run yum with options
             yum $YUM_OPTS $YUM_ACTION
         fi
     fi

dracut/dracut.conf.d/qubes-disable-network.conf

@@ -0,0 +1,6 @@
+# Omission of network and kernel-network-modules is needed
+# to avoid letting the initramfs load kernel modules related
+# to networking, even if PCI devices are seized by Xen's
+# pciback kernel module.
+
+omit_dracutmodules+=" network kernel-network-modules "

qrexec/qrexec-client.c

@@ -34,9 +34,9 @@
 #include "qrexec.h"
 #include "libqrexec-utils.h"
 
-// whether qrexec-client should replace ESC with _ before printing the output
-int replace_esc_stdout = 0;
-int replace_esc_stderr = 0;
+// whether qrexec-client should replace problematic bytes with _ before printing the output
+int replace_chars_stdout = 0;
+int replace_chars_stderr = 0;
 
 #define VCHAN_BUFFER_SIZE 65536
 
@@ -332,12 +332,20 @@ static void handle_input(libvchan_t *vchan)
     }
 }
 
-void do_replace_esc(char *buf, int len) {
+void do_replace_chars(char *buf, int len) {
 	int i;
-
-	for (i = 0; i < len; i++)
-		if (buf[i] == '\033')
+	unsigned char c;
+
+	for (i = 0; i < len; i++) {
+		c = buf[i];
+		if ((c < '\040' || c > '\176') &&  /* not printable ASCII */
+		    (c != '\t') &&                 /* not tab */
+		    (c != '\n') &&                 /* not newline */
+		    (c != '\r') &&                 /* not return */
+		    (c != '\b') &&                 /* not backspace */
+		    (c != '\a'))                   /* not bell */
 			buf[i] = '_';
+	}
 }
 
 static int handle_vchan_data(libvchan_t *vchan, struct buffer *stdin_buf)
@@ -378,8 +386,8 @@ static int handle_vchan_data(libvchan_t *vchan, struct buffer *stdin_buf)
         case MSG_DATA_STDOUT:
             if (local_stdin_fd == -1)
                 break;
-            if (replace_esc_stdout)
-                do_replace_esc(buf, hdr.len);
+            if (replace_chars_stdout)
+                do_replace_chars(buf, hdr.len);
             if (hdr.len == 0) {
                 /* restore flags, as we may have not the only copy of this file descriptor
                 */
@@ -408,8 +416,8 @@ static int handle_vchan_data(libvchan_t *vchan, struct buffer *stdin_buf)
             }
             break;
         case MSG_DATA_STDERR:
-            if (replace_esc_stderr)
-                do_replace_esc(buf, hdr.len);
+            if (replace_chars_stderr)
+                do_replace_chars(buf, hdr.len);
             write_all(2, buf, hdr.len);
             break;
         case MSG_DATA_EXIT_CODE:
@@ -542,7 +550,7 @@ static void usage(char *name)
             "-c request_id,src_domain_name,src_domain_id|"
             "-e] remote_cmdline\n"
             "-e means exit after sending cmd,\n"
-            "-t enables replacing ESC character with '_' in command output, -T is the same for stderr\n"
+            "-t enables replacing problematic bytes with '_' in command output, -T is the same for stderr\n"
             "-c: connect to existing process (response to trigger service call)\n"
             "-w timeout: override default connection timeout of 5s (set 0 for no timeout)\n",
             name);
@@ -666,10 +674,10 @@ int main(int argc, char **argv)
                 is_service = 1;
                 break;
             case 't':
-                replace_esc_stdout = 1;
+                replace_chars_stdout = 1;
                 break;
             case 'T':
-                replace_esc_stderr = 1;
+                replace_chars_stderr = 1;
                 break;
             case 'w':
                 connection_timeout = atoi(optarg);

qrexec/qrexec-daemon.c

@@ -624,7 +624,7 @@ static int find_policy_pending_slot() {
     return -1;
 }
 
-static void sanitize_name(char * untrusted_s_signed)
+static void sanitize_name(char * untrusted_s_signed, char *extra_allowed_chars)
 {
     unsigned char * untrusted_s;
     for (untrusted_s=(unsigned char*)untrusted_s_signed; *untrusted_s; untrusted_s++) {
@@ -634,7 +634,12 @@ static void sanitize_name(char * untrusted_s_signed)
             continue;
         if (*untrusted_s >= '0' && *untrusted_s <= '9')
             continue;
-        if (*untrusted_s == '$' || *untrusted_s == '_' || *untrusted_s == '-' || *untrusted_s == '.' || *untrusted_s == ' ')
+        if (*untrusted_s == '$' ||
+               *untrusted_s == '_' ||
+               *untrusted_s == '-' ||
+               *untrusted_s == '.')
+            continue;
+        if (extra_allowed_chars && strchr(extra_allowed_chars, *untrusted_s))
             continue;
         *untrusted_s = '_';
     }
@@ -661,9 +666,9 @@ static void handle_execute_service(void)
     ENSURE_NULL_TERMINATED(untrusted_params.service_name);
     ENSURE_NULL_TERMINATED(untrusted_params.target_domain);
     ENSURE_NULL_TERMINATED(untrusted_params.request_id.ident);
-    sanitize_name(untrusted_params.service_name);
-    sanitize_name(untrusted_params.target_domain);
-    sanitize_name(untrusted_params.request_id.ident);
+    sanitize_name(untrusted_params.service_name, "");
+    sanitize_name(untrusted_params.target_domain, "");
+    sanitize_name(untrusted_params.request_id.ident, " ");
     params = untrusted_params;
     /* sanitize end */
 

qrexec/qrexec-policy

@@ -67,7 +67,7 @@ def read_policy_file(service_name):
     return policy_list
 
 def is_match(item, config_term):
-    return (item is not "dom0" and config_term == "$anyvm") or item == config_term
+    return (item != "dom0" and config_term == "$anyvm") or item == config_term
 
 def get_default_policy():
     dict={}

qrexec/qubes-rpc-multiplexer

@@ -1,7 +1,7 @@
 #!/bin/sh
 
 mkfifo /tmp/qrexec-rpc-stderr.$$
-logger -t "$1-$2" -f /tmp/qrexec-rpc-stderr.$$ &
+logger -t "$1-$2" -f /tmp/qrexec-rpc-stderr.$$ >/dev/null 2>&1 </dev/null &
 exec 2>/tmp/qrexec-rpc-stderr.$$
 rm -f /tmp/qrexec-rpc-stderr.$$
 
@@ -9,22 +9,27 @@ QUBES_RPC=/etc/qubes-rpc
 # XXX: Backward compatibility
 DEPRECATED_QUBES_RPC=/etc/qubes_rpc
 if ! [ $# = 2 ] ; then
-	echo $0: bad argument count >&2
+	echo $0: bad argument count, usage: $0 SERVICE-NAME REMOTE-DOMAIN-NAME >&2
 	exit 1
 fi
 export QREXEC_REMOTE_DOMAIN="$2"
-CFG_FILE=$QUBES_RPC/"$1"
-if [ -s "$CFG_FILE" ] ; then
-	exec /bin/sh "$CFG_FILE"
+
+if [ -s "$QUBES_RPC/$1" ]; then
+    CFG_FILE=$QUBES_RPC/"$1"
+elif [ -s "$DEPRECATED_QUBES_RPC/$1" ]; then
+    echo "$0: RPC service '$1' uses deprecated directory, please move to $QUBES_RPC" >&2
+    CFG_FILE=$DEPRECATED_QUBES_RPC/"$1"
+else
+    echo "$0: Cannot find service $1 file in $QUBES_RPC" >&2
+    exit 1
+fi
+
+if [ -x "$CFG_FILE" ] ; then
+	exec "$CFG_FILE"
 	echo "$0: failed to execute handler for" "$1" >&2
 	exit 1
-fi
-CFG_FILE=$DEPRECATED_QUBES_RPC/"$1"
-if [ -s "$CFG_FILE" ] ; then
-    echo "$0: RPC service '$1' uses deprecated directory, please move to $QUBES_RPC" >&2
+else
 	exec /bin/sh "$CFG_FILE"
 	echo "$0: failed to execute handler for" "$1" >&2
 	exit 1
 fi
-echo "$0: nonexistent or empty" "$CFG_FILE" file >&2
-exit 1

system-config/kernel-xen-efi.install

@@ -6,7 +6,23 @@ COMMAND="$1"
 KVER="$2"
 
 ESP_MOUNTPOINT=/boot/efi
-EFI_DIR="$ESP_MOUNTPOINT/EFI/qubes"
+
+EFI_DIR=$(efibootmgr -v 2>/dev/null | awk '
+        /^BootCurrent:/ { current=$2; }
+        /^Boot....\* / { 
+            if ("Boot" current "*" == $1) {
+                sub(".*File\\(", "");
+                sub("\\\\xen.efi\\).*", "");
+                gsub("\\\\", "/");
+                print;
+            }
+        }')
+
+if [ -z "$EFI_DIR" ]; then
+    EFI_DIR="$ESP_MOUNTPOINT/EFI/qubes"
+else
+    EFI_DIR="$ESP_MOUNTPOINT$EFI_DIR"
+fi
 
 if [ ! -d "$EFI_DIR" ]; then
     # non-EFI system
@@ -15,48 +31,50 @@ fi
 
 case "$COMMAND" in
     add)
-        # take the default section and use it as a template for the new entry
-        awk -F = --assign "kver=${KVER}" '
-          /^\[/ {
-              # section header - previous section (if any) ended
+        if ! fgrep -q "[${KVER}]" $EFI_DIR/xen.cfg; then
+            # take the default section and use it as a template for the new entry
+            awk -F = --assign "kver=${KVER}" '
+              /^\[/ {
+                  # section header - previous section (if any) ended
 
-              # if default section already processed, that is all
-              if (in_default) exit;
-              in_global=0; 
-              in_default=0; 
-          } 
-          /\[global\]/ { 
-              in_global=1; 
-          }
-          /^\[/ {
-              if ("[" default_name "]" == $0) {
-                  in_default=1;
-                  print "[" kver "]";
-                  next;
+                  # if default section already processed, that is all
+                  if (in_default) exit;
+                  in_global=0; 
+                  in_default=0; 
+              } 
+              /\[global\]/ { 
+                  in_global=1; 
+              }
+              /^\[/ {
+                  if ("[" default_name "]" == $0) {
+                      in_default=1;
+                      print "[" kver "]";
+                      next;
+                  }
               }
-          }
-          /^default=/ {
-              if (in_global)
-                  default_name=$2;
-          }
-          /^kernel=/ {
-              if (in_default) {
-                  sub("=[^ ]*", "=vmlinuz-" kver);
+              /^default=/ {
+                  if (in_global)
+                      default_name=$2;
               }
-          }
-          /^ramdisk=/ {
-              if (in_default) {
-                  sub("=[^ ]*", "=initramfs-" kver ".img");
+              /^kernel=/ {
+                  if (in_default) {
+                      sub("=[^ ]*", "=vmlinuz-" kver);
+                  }
               }
-          }
-          {
-              if (in_default) {
-                  print;
+              /^ramdisk=/ {
+                  if (in_default) {
+                      sub("=[^ ]*", "=initramfs-" kver ".img");
+                  }
               }
-          }' $EFI_DIR/xen.cfg >> $EFI_DIR/xen.cfg
-        
-        # then change the default
-        sed -e "s/default=.*/default=$KVER/" -i $EFI_DIR/xen.cfg
+              {
+                  if (in_default) {
+                      print;
+                  }
+              }' $EFI_DIR/xen.cfg >> $EFI_DIR/xen.cfg
+            
+            # then change the default
+            sed -e "s/default=.*/default=$KVER/" -i $EFI_DIR/xen.cfg
+        fi
 
         cp "/boot/vmlinuz-$KVER" "$EFI_DIR/"
         dracut -f "$EFI_DIR/initramfs-${KVER}.img" "$KVER"
@@ -64,22 +82,24 @@ case "$COMMAND" in
     remove)
         # don't care about changing default= line - yum should prevent removing
         # currently running kernel
-        awk -F = --assign "kver=${KVER}" '
-          /^\[/ {
-              # section header - previous section (if any) ended
+        if [ -r $EFI_DIR/xen.cfg ]; then
+            awk -F = --assign "kver=${KVER}" '
+              /^\[/ {
+                  # section header - previous section (if any) ended
 
-              in_current=0; 
-          } 
-          /^\[/ {
-              if ($0 == "[" kver "]")
-                  in_current=1;
-          }
-          {
-              if (!in_current) {
-                  print;
+                  in_current=0; 
+              } 
+              /^\[/ {
+                  if ($0 == "[" kver "]")
+                      in_current=1;
               }
-          }' $EFI_DIR/xen.cfg > $EFI_DIR/xen.cfg.new
-          mv $EFI_DIR/xen.cfg.new $EFI_DIR/xen.cfg
+              {
+                  if (!in_current) {
+                      print;
+                  }
+              }' $EFI_DIR/xen.cfg > $EFI_DIR/xen.cfg.new
+            mv $EFI_DIR/xen.cfg.new $EFI_DIR/xen.cfg
+        fi
         rm -f "$EFI_DIR/initramfs-${KVER}.img"
         ;;
 esac

version

@@ -1 +1 @@
-3.1.9
+3.1.13