version 4.1.19
This commit is contained in:
Marek Marczykowski-Górecki
parent
e71edb8584
commit
932727b3df
110
debian/changelog
vendored
110
debian/changelog
vendored
@ -1,3 +1,113 @@
|
|||||||
|
qubes-core-agent (4.1.19-1) unstable; urgency=medium
|
||||||
|
|
||||||
|
[ Marek Marczykowski-Górecki ]
|
||||||
|
* grub: override GRUB_DEVICE with /dev/mapper/dmroot
|
||||||
|
* Add a service to enable swap early - before fsck of the root
|
||||||
|
filesystem
|
||||||
|
* Drop systemd re-exec during boot
|
||||||
|
* Relax private.img condition for mkfs even further
|
||||||
|
|
||||||
|
[ Frédéric Pierret (fepitre) ]
|
||||||
|
* Add .gitlab-ci.yml
|
||||||
|
|
||||||
|
[ Marek Marczykowski-Górecki ]
|
||||||
|
* gitlab-ci: move tests earlier, rename job
|
||||||
|
* gitlab-ci: include codecov
|
||||||
|
* gitlab-ci: install test dependencies
|
||||||
|
|
||||||
|
[ Demi Marie Obenour ]
|
||||||
|
* qubes.ShowInTerminal requires socat
|
||||||
|
|
||||||
|
[ Marek Marczykowski-Górecki ]
|
||||||
|
* network: setup anti-spoofing firewall rules before enabling the
|
||||||
|
interface
|
||||||
|
* network: prevent IP spoofing on upstream (eth0) interface
|
||||||
|
|
||||||
|
[ Demi Marie Obenour ]
|
||||||
|
* Add permanent neighbor entries
|
||||||
|
* Add gateway IP+MAC, not VM’s own
|
||||||
|
* Don’t hardcode MAC addresses
|
||||||
|
* Fix running under -euo pipefail
|
||||||
|
* Don’t use onlink flag for nexthop
|
||||||
|
* vif-route-qubes: better input validation
|
||||||
|
* NAT network namespaces need neighbor entries
|
||||||
|
* Optimization: use `ip -n` over `ip netns exec`
|
||||||
|
* Add NetVM-facing neighbor entry in NAT namespace
|
||||||
|
* Remove commented-out code
|
||||||
|
* Use netvm_gw_ip instead of netvm_ip
|
||||||
|
|
||||||
|
[ ejose19 ]
|
||||||
|
* Replace custom script reloading with sourcing /etc/profile in
|
||||||
|
qubes.GetAppmenus
|
||||||
|
|
||||||
|
[ Demi Marie Obenour ]
|
||||||
|
* Only allow known-safe characters in socket paths
|
||||||
|
|
||||||
|
[ Marek Marczykowski-Górecki ]
|
||||||
|
* Allow DHCPv6 replies on uplink interface, if ipv6 is enabled
|
||||||
|
* network: stop IP forwarding before disabling firewall
|
||||||
|
* Order qubes-early-vm-config.service before networking
|
||||||
|
* Move network uplink setup to a separate service
|
||||||
|
* Cleanup setup-ip script a bit
|
||||||
|
* Make init/functions suitable for running with 'set -u'
|
||||||
|
* init/functions: do not guess 'eth0' as Qubes-managed interface
|
||||||
|
* Order NetworkManager after qubes-network-uplink.service
|
||||||
|
|
||||||
|
[ Demi Marie Obenour ]
|
||||||
|
* Replace tabs with spaces
|
||||||
|
|
||||||
|
[ Frédéric Pierret (fepitre) ]
|
||||||
|
* debian: update control
|
||||||
|
* debian: update compat
|
||||||
|
|
||||||
|
[ Demi Marie Obenour ]
|
||||||
|
* Always pass ‘-y’ to dnf
|
||||||
|
* Metadata is now signed
|
||||||
|
* Purge stale connection tracking entries
|
||||||
|
* vif-route-qubes: Check that the -e flag is set
|
||||||
|
* Remove spurious line continuation; add quotes.
|
||||||
|
* Stop disabling checksum offload
|
||||||
|
* Keep shellcheck from complaining
|
||||||
|
* Add conntrack-tools dependency to qubes-core-agent-networking
|
||||||
|
* Don’t assume dom0 will never have a network connection
|
||||||
|
* Don’t rely on an arbitrary length limit
|
||||||
|
* Use /usr/lib instead of /lib
|
||||||
|
* Only give the “qubes” group full Polkit access
|
||||||
|
* “sudo” must remove SELinux restrictions
|
||||||
|
* Use 022 instead of 002 as sudo umask
|
||||||
|
|
||||||
|
[ Marek Marczykowski-Górecki ]
|
||||||
|
* Actually install unit files into /usr/lib/systemd/system
|
||||||
|
* archlinux: add missing python-setuptools makedepends
|
||||||
|
|
||||||
|
[ icequbes1 ]
|
||||||
|
* Fix comments in default qubes-firewall-user-script
|
||||||
|
* Handle UnicodeError in firewall when resolving hostname
|
||||||
|
|
||||||
|
[ Demi Marie Obenour ]
|
||||||
|
* Avoid deprecated /var/run directory
|
||||||
|
* Ignore more options of qubes-dom0-update
|
||||||
|
* Allow SELinux to stay enabled
|
||||||
|
* Harden shell scripts against metacharacters
|
||||||
|
* Avoid spawning a Zenity progress meter
|
||||||
|
|
||||||
|
[ Ludovic Bellier ]
|
||||||
|
* upgrades-installed-check requires pacman-contrib for checkupdates
|
||||||
|
* fix archlinux detection of available upgrades note: checkupdates
|
||||||
|
return 2 when no updates are available (source: man page and source
|
||||||
|
code)
|
||||||
|
* fix for ArchLinux: notify dom0 about installed updates The launch of
|
||||||
|
the qubes-update-check service failed on ArchLinux, because the
|
||||||
|
qubes-rpc uses the `service` command which isn't available for this
|
||||||
|
OS.
|
||||||
|
|
||||||
|
[ Marek Marczykowski-Górecki ]
|
||||||
|
* archlinux: checkupdates output is not checked anymore, ignore it
|
||||||
|
* network: fix waiting for VM network uplink
|
||||||
|
* Increase upgrades-status-notify verbosity
|
||||||
|
|
||||||
|
-- Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com> Sun, 03 Jan 2021 06:38:51 +0100
|
||||||
|
|
||||||
qubes-core-agent (4.1.18-1) unstable; urgency=medium
|
qubes-core-agent (4.1.18-1) unstable; urgency=medium
|
||||||
|
|
||||||
[ Frédéric Pierret (fepitre) ]
|
[ Frédéric Pierret (fepitre) ]
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user