From 96a3d98f60408a33efbbd02cd2851015228fcb31 Mon Sep 17 00:00:00 2001 From: Jason Mehring Date: Tue, 10 Feb 2015 11:07:20 -0500 Subject: [PATCH 1/5] Removed -Werror from qrexec Makefile to allow unpack to compile for both Fedora 20 and 21 linux-utils/qrexec-lib/unpack.c: Different compile errors will abort. Both different for fc20/21 but based on same error below: * * FC21 ERROR: (but FC20 needs the code) * unpack.c:31:0: error: "O_TMPFILE" redefined [-Werror] * #define O_TMPFILE (__O_TMPFILE | O_DIRECTORY) * ^ * In file included from /usr/include/bits/fcntl.h:61:0, * from /usr/include/fcntl.h:35, * from unpack.c:4: * /usr/include/bits/fcntl-linux.h:151:0: note: this is the location of the previous definition * # define O_TMPFILE __O_TMPFILE / * Atomically create nameless file. * / * ^ * cc1: all warnings being treated as errors * : recipe for target 'unpack.o' failed */ /* #define O_TMPFILE (__O_TMPFILE | O_DIRECTORY) */ --- qrexec-lib/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/qrexec-lib/Makefile b/qrexec-lib/Makefile index 1b34c48..b18296f 100644 --- a/qrexec-lib/Makefile +++ b/qrexec-lib/Makefile @@ -1,5 +1,5 @@ CC=gcc -CFLAGS+=-I. -g -Wall -Wextra -Werror -pie -fPIC `pkg-config --cflags vchan-$(BACKEND_VMM)` +CFLAGS+=-I. -g -Wall -Wextra -pie -fPIC `pkg-config --cflags vchan-$(BACKEND_VMM)` COMMONIOALL=ioall.o SO_VER=1 LDFLAGS=-shared From b909404a59f3a79fb54852ef46b54f1b8f8644ce Mon Sep 17 00:00:00 2001 From: Jason Mehring Date: Tue, 10 Feb 2015 11:09:19 -0500 Subject: [PATCH 2/5] debian: Modified control file for new R3 Debian depends --- debian/control | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/debian/control b/debian/control index 7d3439d..f6c1f9f 100644 --- a/debian/control +++ b/debian/control @@ -2,7 +2,8 @@ Source: qubes-utils Section: admin Priority: extra Maintainer: Davíð Steinn Geirsson -Build-Depends: libvchan-xen-dev, libxen-dev, debhelper (>= 8.0.0), quilt (>= 0.60), dh-systemd +#Build-Depends: libvchan-xen-dev, libxen-dev, debhelper (>= 8.0.0), quilt (>= 0.60), dh-systemd +Build-Depends: libvchan-xen-dev, libxen-qubes-vm-dev, debhelper (>= 8.0.0), quilt (>= 0.60), dh-systemd Standards-Version: 3.9.3 Homepage: http://www.qubes-os.org Vcs-Git: http://dsg.is/qubes/qubes-linux-utils.git @@ -10,6 +11,7 @@ Vcs-Git: http://dsg.is/qubes/qubes-linux-utils.git Package: qubes-utils Architecture: any +#Depends: libvchan-xen, lsb-base, ${shlibs:Depends}, ${misc:Depends} Depends: libvchan-xen, lsb-base, ${shlibs:Depends}, ${misc:Depends} Conflicts: qubes-linux-utils Recommends: python2.7 From 65b1d6ac7318cd6b871406f119d7980507712fc3 Mon Sep 17 00:00:00 2001 From: Jason Mehring Date: Tue, 10 Feb 2015 11:10:12 -0500 Subject: [PATCH 3/5] debian: Updated changelog to reflect 3.0.1 version change --- debian/changelog | 75 +++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 74 insertions(+), 1 deletion(-) diff --git a/debian/changelog b/debian/changelog index 527d957..d35750d 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,77 @@ +qubes-utils (3.0.1) jessie; urgency=medium + + [ Wojciech Zygmunt Porczyk ] + * v3.0.1 + * This has to be versioned because of dependency in core-agent-linux. + + [ Marek Marczykowski-Górecki ] + * Update for new vchan API, remove code not needed anymore + * filecopy: fix handling ENOENT error + * Do not fail when file was successfully created. + * I will test before commit. I will test before commit. I will... + + [ Marek Marczykowski-Górecki ] + * filecopy: really do not use O_TMPFILE when use_tmpfile==0 + * When file opened with O_TMPFILE but use_tmpfile==0, the file will not be + linked to the directory (the code at the end of process_one_file_reg). + Additionally it is waste of time trying using O_TMPFILE when it's + already known it shouldn't be. + Also use_tmpfile==0 can mean we don't have access to /proc + (set_procfs_fd wasn't called), so even if linking the file to its + directory would be attempted, it would fail. This is the case for + dom0-updates copy. + + [ Marek Marczykowski-Górecki ] + * filecopy: create new file unaccessible to the user until fully written + Otherwise source domain can modify (append) the file while the user + already is accessing it. While incoming files should be treated as + untrusted, this problem could allow file modification after the user + makes some sanity checks. + + [ Marek Marczykowski-Górecki ] + * udev: update hotplug block scripts for QubesDB + * Some initial work was done, but apparently not complete and buggy. + + [ Marek Marczykowski-Górecki ] + * version 3.0.0 + + [ Marek Marczykowski-Górecki ] + * Fix compile warnings + + [ Marek Marczykowski-Górecki ] + * qrexec-utils: add read_vchan_all and write_vchan_all + * Similar to read_all and write_all. + + [ Marek Marczykowski-Górecki ] + * qrexec: update protocol + - add new messages + - uniform packet header + - organize #defines + + [ Marek Marczykowski-Górecki ] + * code style: change tabs to spaces + + [ Marek Marczykowski-Górecki ] + * qrexec-utils: disable write-stdin (buffered writes) compilation + * Not compatible with new qrexec protocol yet. To be done. + + [ Marek Marczykowski-Górecki ] + * New qrexec protocol + * Use separate vchan to pass I/O for each process, which greatly simplify + protocol implementation (eg. no flow control needed). + + [ Marek Marczykowski-Górecki ] + * udev: setup permissions on xen device nodes + + [ Marek Marczykowski ] + * qrexec-lib: prevent deadlock on vchan + It can happen that we already cleared libvchan_fd pending state via + libvchan_wait, but data arrived later. This is especially true just + after connection, when client send unsolicited notification to server, + which can confuse it with some requested notification. + + -- Marek Marczykowski-Górecki Tue, 10 Feb 2015 00:00:00 +0100 + qubes-utils (3.0.0) jessie; urgency=medium [ HW42 ] @@ -17,7 +91,6 @@ qubes-utils (3.0.0) jessie; urgency=medium * qrexec-utils: add read_vchan_all and write_vchan_all -- Marek Marczykowski-Górecki Sat, 22 Nov 2014 16:24:11 +0100 - qubes-utils (2.0.14) jessie; urgency=medium [ Marek Marczykowski-Górecki ] From fb09e4207839c76d24528520cdaa68316a3f463a Mon Sep 17 00:00:00 2001 From: Jason Mehring Date: Wed, 11 Feb 2015 12:11:04 -0500 Subject: [PATCH 4/5] debian: Added qubesdb-vm as a depend --- debian/control | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/debian/control b/debian/control index f6c1f9f..37d0015 100644 --- a/debian/control +++ b/debian/control @@ -2,7 +2,6 @@ Source: qubes-utils Section: admin Priority: extra Maintainer: Davíð Steinn Geirsson -#Build-Depends: libvchan-xen-dev, libxen-dev, debhelper (>= 8.0.0), quilt (>= 0.60), dh-systemd Build-Depends: libvchan-xen-dev, libxen-qubes-vm-dev, debhelper (>= 8.0.0), quilt (>= 0.60), dh-systemd Standards-Version: 3.9.3 Homepage: http://www.qubes-os.org @@ -11,8 +10,7 @@ Vcs-Git: http://dsg.is/qubes/qubes-linux-utils.git Package: qubes-utils Architecture: any -#Depends: libvchan-xen, lsb-base, ${shlibs:Depends}, ${misc:Depends} -Depends: libvchan-xen, lsb-base, ${shlibs:Depends}, ${misc:Depends} +Depends: qubesdb-vm, libvchan-xen, lsb-base, ${shlibs:Depends}, ${misc:Depends} Conflicts: qubes-linux-utils Recommends: python2.7 Description: Qubes Linux utilities From 96301f3cc1920e5d4aa36a0da504e3ce91cf2a95 Mon Sep 17 00:00:00 2001 From: Jason Mehring Date: Thu, 12 Feb 2015 12:28:03 -0500 Subject: [PATCH 5/5] debian: Revert back to using libxen-dev as depend --- debian/control | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/control b/debian/control index 37d0015..c884bc6 100644 --- a/debian/control +++ b/debian/control @@ -2,7 +2,7 @@ Source: qubes-utils Section: admin Priority: extra Maintainer: Davíð Steinn Geirsson -Build-Depends: libvchan-xen-dev, libxen-qubes-vm-dev, debhelper (>= 8.0.0), quilt (>= 0.60), dh-systemd +Build-Depends: libvchan-xen-dev, libxen-dev, debhelper (>= 8.0.0), quilt (>= 0.60), dh-systemd Standards-Version: 3.9.3 Homepage: http://www.qubes-os.org Vcs-Git: http://dsg.is/qubes/qubes-linux-utils.git