version 2.0.21

Even in case of some error (for example invalid image).

(cherry picked from commit fc3347c914)

Makefile

@@ -1,8 +1,10 @@
+ifndef LIBDIR
   ifeq ($(shell uname -m),x86_64)
   LIBDIR = /usr/lib64
   else
   LIBDIR = /usr/lib
   endif
+endif
 INCLUDEDIR = /usr/include
 
 export LIBDIR INCLUDEDIR

archlinux/PKGBUILD

@@ -6,7 +6,7 @@
 # Maintainer: Olivier Medoc <o_medoc@yahoo.fr>
 pkgname=qubes-vm-utils
 pkgver=`cat version`
-pkgrel=8
+pkgrel=9
 epoch=
 pkgdesc="Common Linux files for Qubes VM."
 arch=("x86_64")
@@ -37,13 +37,13 @@ for source in qrexec-lib udev qmemman core Makefile; do
   (ln -s $srcdir/../$source $srcdir/$source)
 done
 
-make all
+make all LIBDIR=/usr/lib SBINDIR=/usr/bin
 
 }
 
 package() {
 
-make install DESTDIR=$pkgdir
+make install DESTDIR=$pkgdir LIBDIR=/usr/lib SBINDIR=/usr/bin
 
 }
 

core/imgconverter.py

@@ -115,6 +115,8 @@ get_from_stream(), get_from_vm(), get_xdg_icon_from_vm(), get_through_dvm()'''
         maxhdrlen = imghdrlen(max_width, max_height)
 
         untrusted_header = stream.readline(maxhdrlen)
+        if len(untrusted_header) == 0:
+            raise ValueError('No icon received')
         if not re_imghdr.match(untrusted_header):
             raise ValueError('Image format violation')
         header = untrusted_header
@@ -150,8 +152,9 @@ get_from_stream(), get_from_vm(), get_xdg_icon_from_vm(), get_through_dvm()'''
         p.stdin.write('{0}\n'.format(src))
         p.stdin.close()
 
+        try:
             img = cls.get_from_stream(p.stdout, **kwargs)
-
+        finally:
             p.stdout.close()
         if p.wait():
             raise Exception('Something went wrong with receiver')

debian/changelog

@@ -1,3 +1,53 @@
+qubes-utils (2.0.21) wheezy; urgency=medium
+
+  * fedora: fix systemd service files permission
+  * qrexec-lib: enable compiler optimization
+  * udev: ignore temporary devices created during VM startup
+  * udev: fix block devices ignoring rule
+  * imgconverter: use more meaningful error for empty icon image
+  * imgconverter: ensure that connection to the VM is properly closed
+
+ -- Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>  Tue, 29 Sep 2015 12:47:50 +0200
+
+qubes-utils (2.0.20) jessie; urgency=medium
+
+  * archlinux: fix new packaging requirements related to run, sbin,
+    lib64...
+
+ -- Olivier MEDOC <o_medoc@yahoo.fr>  Mon, 02 Feb 2015 00:19:22 +0100
+
+qubes-utils (2.0.19) jessie; urgency=medium
+
+  * debian: O_TMPFILE already defined
+
+ -- Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>  Sun, 01 Feb 2015 03:07:29 +0100
+
+qubes-utils (2.0.18) jessie; urgency=medium
+
+  * filecopy: fix handling ENOENT error
+
+ -- Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>  Fri, 23 Jan 2015 01:22:10 +0100
+
+qubes-utils (2.0.17) jessie; urgency=medium
+
+  * filecopy: really do not use O_TMPFILE when use_tmpfile==0
+
+ -- Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>  Wed, 21 Jan 2015 16:07:40 +0100
+
+qubes-utils (2.0.16) jessie; urgency=medium
+
+  * filecopy: create new file unaccessible to the user until fully
+    written
+
+ -- Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>  Sun, 18 Jan 2015 18:05:35 +0100
+
+qubes-utils (2.0.15) jessie; urgency=medium
+
+  [ HW42 ]
+  * use systemd in debian
+
+ -- Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>  Mon, 01 Dec 2014 04:32:48 +0100
+
 qubes-utils (2.0.14) jessie; urgency=medium
 
   [ Marek Marczykowski-Górecki ]

qmemman/Makefile

@@ -1,5 +1,7 @@
 CC=gcc
 CFLAGS=-Wall -Wextra -Werror -g -O3
+SBINDIR ?= /usr/sbin
+
 all:	meminfo-writer
 
 _XENSTORE_H=$(shell ls /usr/include/xenstore.h)
@@ -10,13 +12,13 @@ endif
 meminfo-writer: meminfo-writer.o
 	$(CC) -g -o meminfo-writer meminfo-writer.o -lxenstore
 install:
-	install -D meminfo-writer $(DESTDIR)/usr/sbin/meminfo-writer
+	install -D meminfo-writer $(DESTDIR)$(SBINDIR)/meminfo-writer
 ifeq (1,${DEBIANBUILD})
 	install -d $(DESTDIR)/lib/systemd/system/
 	install -m 0644 qubes-meminfo-writer.service $(DESTDIR)/lib/systemd/system/
 else
 	install -d $(DESTDIR)/usr/lib/systemd/system/
-	install qubes-meminfo-writer*service $(DESTDIR)/usr/lib/systemd/system/
+	install -m 0644 qubes-meminfo-writer*service $(DESTDIR)/usr/lib/systemd/system/
 endif
 clean:
 	rm -f meminfo-writer xenstore-watch *.o

qrexec-lib/Makefile

@@ -1,5 +1,5 @@
 CC=gcc
-CFLAGS+=-I. -g -Wall -Wextra -Werror -pie -fPIC
+CFLAGS+=-I. -g -O2 -Wall -Wextra -Werror -pie -fPIC
 XENLIBS=-lxenctrl -lxenstore -lvchan
 COMMONIOALL=ioall.o
 SO_VER=1

qrexec-lib/libqubes-rpc-filecopy.h

@@ -66,6 +66,8 @@ int copy_file(int outfd, int infd, long long size, unsigned long *crc32);
 const char *copy_file_status_to_str(int status);
 void set_size_limit(unsigned long long new_bytes_limit, unsigned long long new_files_limit);
 void set_verbose(int value);
+/* register open fd to /proc/PID/fd of this process */
+void set_procfs_fd(int value);
 int write_all(int fd, const void *buf, int size);
 int read_all(int fd, void *buf, int size);
 int copy_fd_all(int fdout, int fdin);

qrexec-lib/unpack.c

@@ -18,9 +18,21 @@ unsigned long long files_limit = 0;
 unsigned long long total_bytes = 0;
 unsigned long long total_files = 0;
 int verbose = 0;
+int use_tmpfile = 0;
+int procdir_fd = -1;
 
 void send_status_and_crc(int code, const char *last_filename);
 
+/* copy from asm-generic/fcntl.h */
+#ifndef __O_TMPFILE
+#define __O_TMPFILE 020000000
+#endif
+#ifndef O_TMPFILE
+/* a horrid kludge trying to make sure that this will fail on old kernels */
+#define O_TMPFILE (__O_TMPFILE | O_DIRECTORY)
+#define O_TMPFILE_MASK (__O_TMPFILE | O_DIRECTORY | O_CREAT)
+#endif
+
 void do_exit(int code, const char *last_filename)
 {
 	close(0);
@@ -39,6 +51,12 @@ void set_verbose(int value)
 	verbose = value;
 }
 
+void set_procfs_fd(int value)
+{
+	procdir_fd = value;
+	use_tmpfile = 1;
+}
+
 unsigned long crc32_sum = 0;
 int read_all_with_crc(int fd, void *buf, int size) {
 	int ret;
@@ -88,7 +106,21 @@ void process_one_file_reg(struct file_header *untrusted_hdr,
 			  const char *untrusted_name)
 {
 	int ret;
-	int fdout = open(untrusted_name, O_WRONLY | O_CREAT | O_EXCL | O_NOFOLLOW, 0700);	/* safe because of chroot */
+	int fdout = -1;
+
+	/* make the file inaccessible until fully written */
+	if (use_tmpfile) {
+		fdout = open(".", O_WRONLY | O_TMPFILE, 0700);
+		if (fdout < 0) {
+		   if (errno==ENOENT)
+			   /* if it fails, do not attempt further use - most likely kernel too old */
+			   use_tmpfile = 0;
+		   else
+			   do_exit(errno, untrusted_name);
+		}
+	}
+	if (fdout < 0)
+		fdout = open(untrusted_name, O_WRONLY | O_CREAT | O_EXCL | O_NOFOLLOW, 0000);	/* safe because of chroot */
 	if (fdout < 0)
 		do_exit(errno, untrusted_name);
 	/* sizes are signed elsewhere */
@@ -105,6 +137,13 @@ void process_one_file_reg(struct file_header *untrusted_hdr,
 		else
 			do_exit(errno, untrusted_name);
 	}
+	fdatasync(fdout);
+	if (use_tmpfile) {
+		char fd_str[7];
+		snprintf(fd_str, sizeof(fd_str), "%d", fdout);
+		if (linkat(procdir_fd, fd_str, AT_FDCWD, untrusted_name, AT_SYMLINK_FOLLOW) < 0)
+			do_exit(errno, untrusted_name);
+	}
 	close(fdout);
 	fix_times_and_perms(untrusted_hdr, untrusted_name);
 }

udev/udev-block-add-change

@@ -34,6 +34,13 @@ if [ "$MAJOR" -eq 7 -a ! -d /sys/$DEVPATH/loop ]; then
     xs_remove
     exit 0
 fi
+# ... and temporary devices used during VM startup
+if [[ "$NAME" = 'loop'* ]] && \
+       [[ "`cat /sys/block/${NAME%p*}/loop/backing_file`" = \
+            '/var/lib/qubes/'*'/volatile.img' ]]; then
+    xs_remove
+    exit 0
+fi
 
 # Check if device is read-only
 if [ "`cat /sys/$DEVPATH/ro`" -eq 1 ]; then

version

@@ -1 +1 @@
-2.0.14
+2.0.21