-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJU5oZKAAoJEBu5sftaTG2tbAUQAMfGO8f0Ml/rNpQI+TvQryCg
4tzdToILvk1pEjNxX5my6sDMxrHXf3fqOl8CQkNUbUZvVeFbDsZNodzE0ZNmJI+u
qaJBi+cG3KeE7LoqqzVhMyzwzBzd/WmSPqgNaJkEFgadmp77B61R7im4oCPxwk0j
gHloe91B+qq+lNBAbrphf6GJ6HgiTyGnDppXc3WSr6YMpNrdDlWmaPXHknfcm8WC
2Ay3ml16o0Xt6PHHwm4SUuxFSVmXYSU1HYHGPvnxx3jc5Dgt+FWM8yEsTQlKHpE0
3kTc2F6VTak5TcDIInGeot0FPv7+m8Hmdbc3uDy3LtMHvE39DxnGPUrwK6Vpumf6
7U8oisUfeP2wFwIzs8ZJwvNvnz86vb+Kl+s9fgXvT9LJjCHkC+fGczjtNLtSH007
7qiE1GAGbxi2K2e7fe6XEC0nDEt1mDBM7dFW/3siR6XU7mz7Eay71FtY6kVL6bOc
FNmn+8u0w784ZMr91biNVzxLFRygDueV/zXeOy0QTIwIrWvk3IdfVsiPFF+u8L24
diiMcBRtV1lvSHCFP2jPXR4yfbQ3qDGsScuL5zeJnRFwuzcBu8gFkPhdvGasK9sc
DAGxYb2AeCBFMV+six+NLmfZZCNki7yQzSWxqAisP8unwGh8Jl0nJHwbpWNPwIZ1
5ob6rJ8Vu/t3P8oftG7R
=yx2Q
-----END PGP SIGNATURE-----
Merge tag 'jm_de51e155'
Tag for commit de51e155f3
# gpg: Signature made Fri Feb 20 01:56:42 2015 CET using RSA key ID 5A4C6DAD
# gpg: Good signature from "Jason Mehring (Qubes OS Signing Key) <nrgaway@gmail.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: E0E3 2283 FDCA C1A5 1007 8F27 1BB9 B1FB 5A4C 6DAD
This will ignore excluded deb, rpm, pkg and .git directories that were
tar'ed for the .orig.tar.gz debian upstream package file and will prevent
build errors
Do not send 'which' command output to stdout, as it will mess real
backup data.
This fixes regression introduced by this commit:
commit dad5bfbd18
Author: HW42 <hw42@ipsumj.de>
Date: Thu Feb 5 03:14:41 2015 +0100
remove 'bashisms' or explicit use bash
This process should be started from user session (most likely
qubes-session). New processes (of that user) will be created as
children of that session making logind and such crap happy. This should
also solve problems with EOF transmission (no additional "su" process)
and prevent loading all the environment multiple times.
Move (qrexec-agent version of) do_exec to qrexec-agent.c, move
handle_handshake to qrexec-agent-data.c (common to all agent binaries).
Fix indentation (tabs -> spaces).
The main advantage is possible use of single socket for both stdin and
stdout. This is strictly required for using USBIP over qrexec.
For compatibility qrexec still creates three socket pairs (instead of
pipes) for stdin/out/err respectively. When qrexec-agent receives
SIGUSR1, it will close stdout socket and use stdin socket for both
directions.
Some additional work is needed here to actually allow child process to
send that signal - qrexec is running as root, but child as "user" in
most cases.
Since the rules are no more directly handed to echo -e, sed needs to
handle all escape sequences used in rules (newline only, but in
different notations).
- Use copy-in for debian-quilt package in Makefile.builder instead of hook (to be removed) in Makefile.debian
- Remove patches from debian/patches; they are now applied dynamicly from series-debian-vm.conf
Applied patch to qrexec Makefile to prevent compile failure on warnings
qrexec: Disable all warnings being treated as errors
gcc -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -I. -g -Wall -Wextra -Werror -pie -fPIC `pkg-config --cflags vchan-xen` -D_FORTIFY_SOURCE=2 -c -o qrexec-agent-data.o qrexec-agent-data.c
qrexec-agent-data.c: In function 'handle_remote_data':
qrexec-agent-data.c:217:17: error: dereferencing type-punned pointer will break strict-aliasing rules [-Werror=strict-aliasing]
status = *(unsigned int *)buf;
^
cc1: all warnings being treated as errors
<builtin>: recipe for target 'qrexec-agent-data.o' failed
This is to allow permissions to be set on some devices where the user needs
less restrictive permissions. /etc/udev/rules.d/99-qubes-misc.rules changes
a few xen devices to allow the users in the qubes group access
Applied patch to qrexec Makefile to prevent compile failure on warnings
qrexec: Disable all warnings being treated as errors
gcc -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -I. -g -Wall -Wextra -Werror -pie -fPIC `pkg-config --cflags vchan-xen` -D_FORTIFY_SOURCE=2 -c -o qrexec-agent-data.o qrexec-agent-data.c
qrexec-agent-data.c: In function 'handle_remote_data':
qrexec-agent-data.c:217:17: error: dereferencing type-punned pointer will break strict-aliasing rules [-Werror=strict-aliasing]
status = *(unsigned int *)buf;
^
cc1: all warnings being treated as errors
<builtin>: recipe for target 'qrexec-agent-data.o' failed
This is to allow permissions to be set on some devices where the user needs
less restrictive permissions. /etc/udev/rules.d/99-qubes-misc.rules changes
a few xen devices to allow the users in the qubes group access
Generate user-groups via -U instead of explicit via groupadd. This also
fix the problem that the tinyproxy group were not gererated as
"system"-group.
Also suppress unneeded output of the existence test.