core-agent-linux/debian/changelog

qubes-core-agent (3.1.14-1) wheezy; urgency=medium

  * network: use `qubes-primary-dns` QubesDB entry if present

 -- Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>  Mon, 07 Mar 2016 13:47:01 +0100

qubes-core-agent (3.1.13-1) wheezy; urgency=medium

  [ Marek Marczykowski-Górecki ]
  * sysinit: Accept also old xenbus kernel interface

  [ adrianx64 ]
  * Proposed solution for issue #1657

  [ Marek Marczykowski-Górecki ]
  * Move opening file viewer/editor into separate shell script
  * qubes-open: switch from mimeopen to xdg-open

  [ Olivier MEDOC ]
  * update qubes.InstallUpdateGUI to support archlinux
  * archlinux: add gcc and make as make dependencies
  * implement update proxy support for archlinux
  * archlinux: add Qubes Markers in pacman.conf so that changes done by
    qubes scripts are not inserted at the end of pacman.conf
  * archlinux: properly add qubes markers in pacman.conf
  * update-proxy: use curl instead of wget in archlinux in order to
    limit additional dependencies

 -- Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>  Mon, 08 Feb 2016 05:07:39 +0100

qubes-core-agent (3.1.12-1) wheezy; urgency=medium

  * Unload USB controllers drivers in USB VM before going to sleep
  * Do not try to signal NetworkManager before suspend if it isn't
    running

 -- Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>  Mon, 11 Jan 2016 21:59:34 +0100

qubes-core-agent (3.1.11-1) wheezy; urgency=medium

  [ Marek Marczykowski-Górecki ]
  * dom0-updates: add a message explaining yum deprecated warning

  [ noname ]
  * archlinux: Added python{2,3} as dependency. Solved python22 bug.

  [ Marek Marczykowski-Górecki ]
  * Fix time sync service

 -- Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>  Thu, 07 Jan 2016 05:52:35 +0100

qubes-core-agent (3.1.10-1) wheezy; urgency=medium

  * network: use more strict policy about incoming traffic
  * debian: add missing python-gtk2 dependency

 -- Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>  Thu, 31 Dec 2015 02:58:29 +0100

qubes-core-agent (3.1.9-1) wheezy; urgency=medium

  * dnf: drop shebang, it isn't standalone script
  * Package DNF plugin for both python2 and python3
  * dom0-updates: fix reporting when no updates are available

 -- Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>  Sat, 26 Dec 2015 14:24:00 +0100

qubes-core-agent (3.1.8-1) wheezy; urgency=medium

  [ Marek Marczykowski-Górecki ]
  * open-in-vm: Fix path to mimeinfo database

  [ Olivier MEDOC ]
  * archlinux: fix invalid systemd path in make install directive
  * archlinux: remove quotes when checking system locales (in case it
    has been user defined)

  [ MB ]
  * [network-proxy-setup] Permit !CONFIG_MODuLES

  [ Rusty Bird ]
  * repo description: updates-testing -> security-testing

  [ Marek Marczykowski-Górecki ]
  * debian: add security-testing repository

  [ Olivier MEDOC ]
  * archlinux: ensure systemctl reset preset correctly (need to be
    started twice)

  [ Marek Marczykowski-Górecki ]
  * updates-proxy: restart on network configuration change to reload DNS

 -- Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>  Sun, 20 Dec 2015 03:12:39 +0100

qubes-core-agent (3.1.7-1) wheezy; urgency=medium

  * updates-proxy: explicitly block connection looping back to the proxy
    IP

 -- Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>  Fri, 04 Dec 2015 15:32:14 +0100

qubes-core-agent (3.1.6-1) wheezy; urgency=medium

  * Revert "network: use drop-ins for NetworkManager configuration
    (#1176)"

 -- Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>  Sun, 29 Nov 2015 00:34:34 +0100

qubes-core-agent (3.1.5-1) wheezy; urgency=medium

  [ Patrick Schleizer ]
  * clean up /etc/tinyproxy/filter-updates

  [ Olivier MEDOC ]
  * updates-proxy: remove remaining traces of proxy filtering file from
    Makefile
  * rpm_spec: declare InstallUpdateGUI qrexec_service
  * archlinux: enforce minimum versionning of qubes-utils

  [ Patrick Schleizer ]
  * Prevent services from being accidentally restarted by `needrestart`.
  * Have qubes-sysinit create /var/run/qubes VM type files.

  [ Marek Marczykowski-Górecki ]
  * Package needrestart config only for Debian
  * debian: reformat Build-Depends:
  * debian: update build-depends for split qubes-utils package
  * backup: Use 'type' instead of 'which' to prevent unnecessary
    dependency

 -- Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>  Sat, 28 Nov 2015 14:48:33 +0100

qubes-core-agent (3.1.4-1) wheezy; urgency=medium

  [ Marek Marczykowski-Górecki ]
  * Minor improvements to packaging (based on rpmlint)

  [ Patrick Schleizer ]
  * removed confusing comments
  * minor indent
  * No longer start /etc/init.d/tinyproxy by default anymore.

  [ Marek Marczykowski-Górecki ]
  * Revert "preset disable tinyproxy by default"

  [ Patrick Schleizer ]
  * minor, removed trailing space
  * Improved upgrade notifications sent to QVMM.
  * fixed inverted logic issue in upgrades-installed-check
  * misc/upgrades-installed-check: handle apt-get errors

  [ Marek Marczykowski-Górecki ]
  * Explicitly fail upgrades-installed-check on other distributions

  [ qubesuser ]
  * Allow to provide customized DispVM home directly in the template VM

  [ Marek Marczykowski-Górecki ]
  * network: let NetworkManager configure VM uplink, if enabled
  * Use improved update-notify script also in Fedora
  * Implement qubes.InstallUpdatesGUI qrexec service
  * Really fix update-proxy rules for debian security fixes repo
  * updates-proxy: disable filtering at all
  * network: disable proxy_arp

 -- Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>  Sun, 15 Nov 2015 04:29:29 +0100

qubes-core-agent (3.1.3-1) wheezy; urgency=medium

  [ Marek Marczykowski-Górecki ]
  * network: forward TCP DNS queries

  [ Patrick Schleizer ]
  * removed trailing spaces
  * Renamed qubes-mount-home to qubes-mount-dirs.

  [ Marek Marczykowski-Górecki ]
  * qrexec: implement buffered write to a child stdin

  [ Olivier MEDOC ]
  * archlinux: update packaging and install script to use systemd
    DROPINs
  * archlinux: force running scripts with python2 even when /usr/bin/env
    is used
  * archlinux: readd notification-daemon as a dependency
  * archlinux: readd lines removed by error during merge

  [ Patrick Schleizer ]
  * disable leaking TCP timestamps by default

  [ Marek Marczykowski-Górecki ]
  * rpm: add /etc/sysctl.d/20_tcp_timestamps.conf
  * rpm: remove duplicated entry

  [ Patrick Schleizer ]
  * cleanup /etc/apt/apt.conf.d/00notiy-hook on existing systems

  [ erihe251 ]
  * Small language fixes
  * Update qubes.sudoers

  [ Marek Marczykowski-Górecki ]
  * Require new enough qubes-utils package for updated libqrexec-utils
  * debian: install locales-all instead of custom locales generation
  * makefile: cleanup help message
  * Setup updates proxy in dnf and PackageKit
  * backup: fix handling backup filename with spaces
  * backup: improve exit code reporting

  [ Rusty Bird ]
  * qfile-unpacker: Avoid data loss by checking for child errors

  [ Marek Marczykowski-Górecki ]
  * appmenus: ignore entries with NoDisplay=true
  * qfile-agent: move data handling code to libqubes-rpc-filecopy

  [ yaqu ]
  * Replacing "sleep 365d" with "sleep inf"

  [ Marek Marczykowski-Górecki ]
  * No longer disable auditd
  * dom0-updates: prefer yum-deprecated over dnf
  * fedora: Add skip_if_unavailable=False to Qubes repositories

  [ Olivier MEDOC ]
  * add DROPINS for org.cups.cupsd systemd files.
  * dropins: make current systemd dropins specific to systemd-system in
    order to introduce dropins for systemd-user
  * dropins: implement dropins for systemd user starting with pulseaudio
    systemd service and socket masking

  [ Marek Marczykowski-Górecki ]
  * qrexec: add some comments, minor improvement in readability
  * qrexec: use #define for protocol-specified strings
  * dracut: disable hostonly mode
  * dom0-updates: use yum-deprecated instead of dnf in all calls
  * updates-proxy-setup: use temporary file for config snippet
  * Implement dnf hooks for post-update actions
  * fedora: do not require/use yum-plugin-post-transaction-actions in
    F>=22
  * Get rid of qubes-core-vm-kernel-placeholder
  * systemd: make sure that update check is started only after qrexec-
    agent
  * dom0-updates: do not use 'yum check-update -q'
  * Bump qubes-utils version requirement

  [ Patrick Schleizer ]
  * preset disable tinyproxy by default

  [ Marek Marczykowski-Górecki ]
  * updates-proxy: use separate directory for PID file

 -- Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>  Wed, 11 Nov 2015 06:29:21 +0100

qubes-core-agent (3.1.2-1) wheezy; urgency=medium

  [ Marek Marczykowski-Górecki ]
  * Enlarge /tmp and /dev/shm
  * network: use own iptables service instead of repurposing existing
    one

  [ Patrick Schleizer ]
  * removed iptables-persistent from Depends to improve usablity (avoid
    redundant debconf question)

  [ Marek Marczykowski-Górecki ]
  * debian: disable netfilter-persistent.service
  * Adjust progress message on file move operation
  * Run 'ldconfig' to update /usr/local/lib* cache, if applicable
  * updates-proxy: Disable 'Via: tinyproxy' header
  * Cleanup R3.0->R3.1 transitional package
  * network: use drop-ins for NetworkManager configuration (#1176)
  * network: fix 'qubes-uplink-eth0' NetworkManager connection (#1280)

  [ Patrick Schleizer ]
  * minor

  [ HW42 ]
  * qubes-random-seed: feed kernel rng with randomness from dom0
  * reload qubes-random-seed when restoring DispVM

  [ Marek Marczykowski-Górecki ]
  * systemd: actually enable qubes-random-seed service
  * sysvinit: load random seed from dom0 provided data
  * Use 'type' instead of 'which' to prevent unnecessary dependency
  * Add missing R: dconf to hide nm-applet when not used
  * dom0-updates: Fix showing package list when --check-only option was
    used
  * dom0-updates: check "yum check-update" exit code, not only its
    output
  * dom0-updates: fix hostname in error message

 -- Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>  Sun, 11 Oct 2015 03:00:00 +0200

qubes-core-agent (3.1.1-1) wheezy; urgency=medium

  * Update repository definition for r3.1

 -- Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>  Tue, 29 Sep 2015 16:55:35 +0200

qubes-core-agent (3.1.0-1) wheezy; urgency=medium

  [ Patrick Schleizer ]
  * Allow passwordless login for user "user" (when using 'sudo xl
    console').
  * Allow passwordless login for user "user" (when using 'sudo xl
    console') for images being upgraded.
  * show error msg if qubes.ReceiveUpdates failed

  [ qubesuser ]
  * qubes-rpc: fix broken temporary file deletion in qubes.GetImageRGBA

  [ Patrick Schleizer ]
  * added missing dependency python-dbus to 'Depends:'

  [ Marek Marczykowski-Górecki ]
  * rpm: add dbus-python dependency

  [ qubesuser ]
  * qubes-rpc: fix broken temporary file deletion in qubes.GetImageRGBA
  * qubes-rpc: fix icon selection using pyxdg and support SVG icons

  [ Patrick Schleizer ]
  * fixed 'Debian 8 apt.config.d misconfiguration'
  * added missing dependency xserver-xorg-dev
  * - Prevent 'su -' from asking for password in Debian [based]
    templates. Thanks to @unman and @marmarek for suggesting the fix!
    Fixes https://github.com/QubesOS/qubes-issues/issues/1128. - Changed
    'ifeq (1,${DEBIANBUILD})' to 'ifeq ($(shell lsb_release -is),
    Debian)' to make the build work outside of Qubes Builder as well.
  * Fixed /etc/pam.d/su.qubes. (Moved line 'auth sufficient
    pam_permit.so' up. May not be low '@include' lines.)
  * fix typo

 -- Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>  Tue, 29 Sep 2015 16:39:55 +0200

qubes-core-agent (3.0.16-1) wheezy; urgency=medium

  [ Marek Marczykowski-Górecki ]
  * debian: remove SELinux disabling code
  * Revert "qubes-desktop-run: Activate via DBUS when desktop file
    contains DBusActivatable"
  * qubes-desktop-run: start the Dbus service (if needed)

  [ Patrick Schleizer ]
  * added pulseaudio-kde and spice-vdagent to qubes-trigger-desktop-
    file-install

  [ Jason Mehring ]
  * debian: Move python-xdg to depends section in debian/control
  * sudoers.d: Stops QT from using the MIT-SHM X11 Shared Memory
    Extension

  [ Rusty Bird ]
  * Mount /dev/xvdb with fs type "auto"

  [ Marek Marczykowski-Górecki ]
  * Move .desktop launching code to python moules so it can be reused
  * Implement dropins for /etc/xdg/autostart (#1151)
  * Remove dynamically generated autostart desktop files
  * qubes-session-autostart: do not abort the whole process on invalid
    file
  * qubes-desktop-run: don't crash on Debian wheezy (glib < 2.36)
  * debian: fix /dev permissions on upgrade
  * systemd: fix starting cups
  * debian: depend on gawk
  * Fix show-hide-nm-applet.desktop - use OnlyShowIn=X-QUBES

  [ Patrick Schleizer ]
  * moved python-xdg from Recommends to Depends

 -- Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>  Thu, 03 Sep 2015 02:45:30 +0200

qubes-core-agent (3.0.15-1) wheezy; urgency=medium

  * debian: remove `Recommends: chrony`

 -- Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>  Sat, 08 Aug 2015 23:23:38 +0200

qubes-core-agent (3.0.14-1) wheezy; urgency=medium

  [ Marek Marczykowski-Górecki ]
  * kernel-placeholder: prevent xl2tpd from pulling kernel packages
  * qubes-core-vm-kernel-placeholder 1.0-3

  [ Olivier MEDOC ]
  * archlinux: update dependency list based on .spec file
  * archlinux: reorganize install script to make it more easily
    compareable with the .spec file
  * archlinux: fix syntax errors in install file

  [ Marek Marczykowski-Górecki ]
  * debian: fix permissions of /var/lib/qubes/dom0-updates

  [ Patrick Schleizer ]
  * also inform in cli if no new updates are available

  [ Olivier MEDOC ]
  * archlinux: pulseaudio should be configured in gui agent and will
    break installation of pulseaudio if installed in core-agent-linux
  * archlinux: enabled configuration of all core agent dependencies
  * archlinux: ensure python2 is used for all scripts and fix
    dependencies for qubes-desktop-run

  [ Jason Mehring ]
  * debian: Renamed incorrect filename:  00notiy-hook -> 00notify-hook
  * debian: Comment out deb-src line in qubes-r3.list
  * Use 'which' to locate fuser since fuser path is different in Fedora
    and Debian
  * debian: Change triggers to use `interest-await` (execute triggers
    after all packages installed)
  * Remove '.service' from systemd enable loop as unit_name already
    contains .service in name
  * debian: remove cups/print-applet triggers
  * debian: Added cups, system-config-printer to Recommends
  * Makefile: Add systemd drop-in support which include conditionals to
    prevent services from starting
  * fedora: Add systemd drop-in support which include conditionals to
    prevent services from starting
  * debian: Add systemd drop-in support which include conditionals to
    prevent services from starting
  * Re-aranged qubes-vm.preset to indicate which services are specificly
    for Fedora only
  * vm-systemd: Add systemd drop-in support which include conditionals
    to prevent services from starting

  [ Marek Marczykowski-Górecki ]
  * archlinux: remove installOverridenServices as now handled by systemd
    dropins
  * fedora: do not own dropins directories
  * fedora: simulate preset-all only on first install, not upgrade
  * fedora: fix default locale generation
  * qrexec: fix exit code from qrexec-client-vm
  * qrexec: make sure that all the pipes/sockets are closed on cleanup

  [ Jason Mehring ]
  * qubes-desktop-file-install: Manages xdg desktop entry files
  * debian: Reformat depends in control for better readability
  * debian: qubes-desktop-file-install: Add misssing depend to contol
  * debian: Switch to using org.mate.NotificationDaemon by default to
    eliminate popups not closing
  * fedora: Use 'slider' org.mate.NotificationDaemon theme
  * qubes-desktop-run: Activate via DBUS when desktop file contains
    DBusActivatable

  [ Marek Marczykowski-Górecki ]
  * Move `/usr/share/qubes/xdg` to `/var/lib/qubes/xdg`

  [ Patrick Schleizer ]
  * fixed "in place upgrade issue - base-passwd debconf interative
    question asks 'Remove group "qubes"'"
  * fixed "in place upgrade issue - base-passwd debconf interative
    questi…on asks 'Remove group "qubes"'" for existing users

 -- Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>  Sat, 08 Aug 2015 04:16:52 +0200

qubes-core-agent (3.0.13-1) wheezy; urgency=medium

  * fedora: ensure that /etc/sysconfig/iptables exists (Fedora 20)
  * fedora/systemd: fix service enabling code
  * network: use iptables-restore instead of iptables --wait
  * network: guard iptables call with manual lock
  * network: disable tx csum offload on vif interfaces

 -- Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>  Wed, 01 Jul 2015 07:05:53 +0200

qubes-core-agent (3.0.12-1) wheezy; urgency=medium

  * dom0-updates: make the tool working on Debian
  * fedora, debian: make sure that default locale is generated
  * rpm: improve setting iptables rules
  * Do not override file pointed by /etc/localtime symlink

 -- Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>  Tue, 23 Jun 2015 20:06:22 +0200

qubes-core-agent (3.0.11-1) wheezy; urgency=medium

  [ Marek Marczykowski-Górecki ]
  * debian: fix apt sources.list generation (missing debian version
    field)

  [ Jason Mehring ]
  * Set a default locale if missing

 -- Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>  Thu, 11 Jun 2015 04:06:26 +0200

qubes-core-agent (3.0.10-1) wheezy; urgency=medium

  * rpm: ensure that all the services are enabled after upgrade
  * qrexec: do not show message about missing fork-sever - it isn't an
    error
  * rpm: add missing dependencies

 -- Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>  Tue, 02 Jun 2015 11:20:18 +0200

qubes-core-agent (3.0.9-1) wheezy; urgency=medium

  [ Jason Mehring ]
  * debian: Only notify dom0 on apt-get post hook; don't update package
    index
  * debian: Allow apt-get post hook to fail gracefully (won't work in
    chroot)

  [ Marek Marczykowski-Górecki ]
  * appmenus: hide message about missing /usr/local/share/applications
  * qrexec: prefer VM-local service file (if present) over default one
  * rpm: mark service files as configuration to not override user
    changes

 -- Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>  Fri, 15 May 2015 03:27:58 +0200

qubes-core-agent (3.0.8-1) wheezy; urgency=medium

  [ Marek Marczykowski-Górecki ]
  * Use iptables --wait only when it is supported

  [ Jason Mehring ]
  * debian: Update notification now notifies dom0 when an upgrade is
    completed

 -- Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>  Tue, 28 Apr 2015 12:51:48 +0200

qubes-core-agent (3.0.7-1) wheezy; urgency=medium

  [ Marek Marczykowski-Górecki ]
  * debian: install qubes-download-dom0-updates.sh
  * prepare-dvm: fix bashism
  * network: wait for iptables lock instead of aborting
  * rpm: cleanup R2->R3.0 transitional package

  [ Jason Mehring ]
  * whonix:  Added protected-files file used to prevent scripts from
    modifying files that need to be protected
  * Changed location of PROTECTED_FILE_LIST to /etc/qubes/protected-
    files.d

 -- Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>  Sat, 25 Apr 2015 02:36:55 +0200

qubes-core-agent (3.0.6-1) wheezy; urgency=medium

  * qrexec: do not reset umask to 077 for every started process
  * rpm/systemd: do not use preset-all during package upgrade
  * systemd: disable avahi-daemon and dnf-makecache
  * dispvm: do not start GUI apps during prerun
  * Fix resizing of /rw partition (private.img)
  * Minor fixes in mount-home.sh

 -- Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>  Sat, 11 Apr 2015 03:40:57 +0200

qubes-core-agent (3.0.5-1) wheezy; urgency=medium

  * systemd: use presets to enable services, call preset-all
  * systemd: install overridden unit file for chronyd

 -- Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>  Tue, 07 Apr 2015 14:58:36 +0200

qubes-core-agent (3.0.4-1) wheezy; urgency=medium

  [ Marek Marczykowski-Górecki ]
  * qrexec: try to recover from fork-server communication error
  * rpm: add missing BuildRequires: libX11-devel
  * debian: fix handling SysV units in disableSystemdUnits
  * debian: update NetworkManager configuration

  [ Wojtek Porczyk ]
  * qubes-rpc-multiplexer: deprecate /etc/qubes_rpc, allow /usr/local
  * sudoers: do not require TTY

  [ Marek Marczykowski-Górecki ]
  * Update repository definition: r3 -> r3.0

 -- Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>  Thu, 02 Apr 2015 00:55:09 +0200

qubes-core-agent (3.0.3-1) wheezy; urgency=medium

  * Enable updates repos by default

 -- Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>  Fri, 27 Mar 2015 01:24:43 +0100

qubes-core-agent (3.0.2-1) wheezy; urgency=medium

  [ Marek Marczykowski-Górecki ]
  * debian: fix version number
  * backup: fix qubes.Restore service - do not send garbage as backup
    data

  [ Jason Mehring ]
  * debian:  Add extend-diff-ignore options to debian packager

  [ Marek Marczykowski-Górecki ]
  * qrexec: fork into background after setting up qrexec-fork-server
    socket
  * Fix "backup: fix qubes.Restore service - do not send garbage as
    backup data"

  [ Jason Mehring ]
  * Switched qvm-move-to-vm.{gnome,kde} scripts to use bash not sh
  * Removed nautilus-actions depend and replaced with nautilus-python
  * Removed code that deleted original nautilus actions

  [ Marek Marczykowski-Górecki ]
  * fc21: fix DispVM preparation - Xorg has new name
  * dispvm: kill all process after populating caches
  * dispvm: start gui agent early, do not kill Xorg
  * dispvm: close only visible windows during DispVM preparation
  * Move mounting /rw and /home to separate service
  * dispvm: use qubes.WaitForSession to wait for gui-agent startup
  * dispvm: include memory caches in "used memory" notification
  * dispvm: do not restart qubesdb-daemon, use watch instead
  * qrexec: simplify makefile
  * qrexec: handle data vchan directly from qrexec-client-vm
  * qrexec: return remote process status as qrexec-client-vm exit code
  * qrexec: better handle remote process termination
  * qrexec: do not break connection on duplicated SIGUSR1
  * qrexec: minor readability fix
  * qrexec: process vchan data queue (esp MSG_EXIT_CODE) before sending
    anything
  * qrexec: add option to use real stdin/out of qrexec-client-vm
  * qrexec: do not leak FDs to logger process
  * qrexec: execute RPC service directly (without a shell) if it has
    executable bit set
  * qrexec: get rid of shell in services using EOF for any signaling
  * qrexec: move qrexec-client-vm to /usr/bin
  * Add support for comments in qubes-suspend-module-blacklist
  * Create filesystem if the private.img is empty
  * Provide stub files in /rw/config
  * qrexec: fix compile warning
  * qrexec: do not wait for local process if no one exists
  * qrexec: enable compiler optimization
  * Do not load xen-usbfront automatically
  * fedora: override iptables configuration on initial installation
  * Update comments and xenbus intf in startup scripts regarding vchan
    requirements
  * dom0-update: allow to specify custom yum action

 -- Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>  Thu, 26 Mar 2015 23:56:25 +0100

qubes-core-agent (3.0.1-1) jessie; urgency=medium

  [ Marek Marczykowski-Górecki ]
  * Reenable imsettings service
  * systemd: fix xenstore-ls path

  [ Jason Mehring ]
  * Allow hyphenated distro names in tinyproxy filter
  * Change condition test to compare to a link "-L"
  * debian: add xen-utils-common as a dependancy to allow Debian proxies
  * debian: Added maintainers scripts (pre / postinit + rm) - Currently
    in debug mode
  * debian: preinst needs a group and force no password entry on adduser
  * debian: Added less restrictive filter option for debian packages
    Sites like sourceforge append ?downloadxxx to end
  * debian: added new depends
  * debian: force shell to be bash since its default is dash and many
    qubes scripts rely on bash and will break in dash and added
    tinyproxy user

  [ HW42 ]
  * move fedora specific stuff to install-rh target
  * don't track debina/files (since it is autogenerated)
  * use systemd in debian
  * install iptables/forwarding for debian
  * various patches for debian
  * improve update of /etc/hosts
  * make source.list multiarch compatible
  * add xserver-xorg-video-dummy to the dependencies list of qubes-core-
    agent
  * dispvm-presun.sh needs bash
  * use sleep instead os usleep since it is more portable
  * debian: chown /home_volatile/user in posinst
  * fix xenstore-read path in network-proxy-setup.sh for debian
  * debian: add dependency on xen-utils since it's needed for
    proxy/netvm
  * debian: add support for qubes appmenus

  [ Marek Marczykowski-Górecki ]
  * debian: fix initialization of /etc/hosts

  [ Jason Mehring ]
  * debian: set -e added in place of set -x
  * debian: Made debian proxy filter rules more restrictive
  * debian: Cleanup
  * debian: Prepend package name to maintainers scripts
  * debian: Add qubes-update-check for Debian
  * debian: Revert back to original NetworkManager, ModemManager service
    names
  * debian: apt-get needs to update first
  * debian: Remove absolute path to xenstore-*
  * debian:  Added more dependancies
  * debian: Added postrm disable of other Qubes packages
  * debian: Added all other outstanding triggers contained in rpm_spec
    as well as triggers if other packages get installed at a later date
    the configurations will run on them
  * debian: removed commented out depends
  * debian: Added more error reporting to track down any missing
    dependancies
  * debian:  More depends for debian as netvm and some configuration
    tweaks.

  [ Marek Marczykowski-Górecki ]
  * network: do not use ifcfg-rh NM plugin
  * network: fix NM uplink config permissions

  [ Jason Mehring ]
  * debian: Add new notification agent depends; remove other
  * debian: Added functionality to move desktop entry config files to
    /usr/share/qubes/xdg/autostart to preserve originals
  * debian:  Wrong variable name was used to create
    /usr/share/qubes/xdg/autostart

  [ Marek Marczykowski-Górecki ]
  * Fix compile flags order (-lX11 moved to the end)

  [ Jason Mehring ]
  * debian: Updated tinyproxy filter rules
  * debian: Don't display systemd info in chroot since systemd show does
    not work in chroot

  [ Marek Marczykowski-Górecki ]
  * network: fix indentation
  * Fix disabling nm-applet when NM is disabled
  * debian: create tinyproxy as system user
  * debian: fix generation of apt sources list file
  * debian: add missing python-gi to dependencies
  * debian: remove obsolete code from postinst script
  * debian: fix service name in postinst script
  * Update update-proxy rules for debian security fixes repo

  [ HW42 ]
  * debian: move not strictly required packages to Recommends-Section.
  * debian: remove unneeded acpid dependency

  [ Marek Marczykowski-Górecki ]
  * network: set uplink configuration based on MAC (NetworkManager)
  * network: fix NM config preparation

  [ Jason Mehring ]
  * fc21: iptables configurations conflict with fc21 yum package manager
  * fc21:  Remove left-over code comment

  [ Marek Marczykowski-Górecki ]
  * fedora: Add security-testing repo definition
  * filecopy: prevent files/dirs movement outside incoming directory
    during transfer
  * fedora: Fix iptables config install script
  * fedora: Fix iptables config installation one more time

  [ HW42 ]
  * don't ignore asprintf() return value

  [ Marek Marczykowski-Górecki ]
  * network: support for not setting DNS and/or default gateway

  [ Olivier MEDOC ]
  * archlinux: fix new packaging requirements related to sbin, lib64,
    run ...
  * archlinux: align with fedora changes related to imsettings

  [ Marek Marczykowski-Górecki ]
  * fedora: reduce code duplication in systemd triggers
  * fedora: reload systemd only once
  * systemd: allow to start cron daemon (#909)
  * filecopy: fallback to "open(..., 000)" method when /proc
    inaccessible
  * network: support for not setting DNS and/or default gateway (v2)
  * rpm: add missing R: pygobject3-base

  [ HW42 ]
  * debian: fix for QSB #014 requires up to date qubes-utils
  * debian: postinst: use systemctl mask
  * debian: postinst: use dpkg-divert
  * debian: don't generate regular conf files in postinst
  * debian: postinst: don't remove /etc/udev/rules.d/*
  * debian: postinst: don't create /rw - it is already part of the
    package
  * debian: postinst: use systemctl to set default target
  * debian: postinst: remove fedora specific code
  * debian: postinst: enable netfilter-persistent service
  * debian: postinst: cleanup
  * debian: postinst: don't start systemd services
  * debian: postinst: enable haveged only if installed
  * debian: postinst: remove redundant and misleading trigger output
  * debian: install fstab as normal config file
  * debian: preinst: remove modification of /etc/modules
  * remove 'bashisms' or explicit use bash
  * debian: preinst: don't force the default shell to bash
  * debian: prerm: remove obsolete code
  * debian: preinst: cleanup user creation

  [ Wojtek Porczyk ]
  * spec: require linux-utils-3.0.1

  [ Matt McCutchen ]
  * Switch to preset file for systemd units to disable.
  * Make qvm-run bidirectional and document its limitations.

  [ Marek Marczykowski-Górecki ]
  * debian: change systemctl set-default back to manual symlink
  * network: fix handling newline in firewall rules
  * qrexec: use sockets instead of pipes to communicate with child
    process
  * qrexec: reorganise code for upcoming change
  * qrexec: add simple "fork server" to spawn new processes inside user
    session
  * Adjust permissions of /var/run/qubes

  [ Jason Mehring ]
  * debian: Remove 'exit 0' in maintainer section scripts to all other
    debhelpers (if any) to also execute
  * Add a qubes group and then add the user 'user' to the group
  * Remove 'xen.evtchn' udev rule
  * Set permissions to /proc/xen/privcmd, so a user in qubes group can
    access
  * debian: Converted debian package to a quilt package to allow patches
  * debian: Refactor Debian quilt packaging for xen
  * debian: Remove 'exit 0' in maintainer section scripts to all other
    debhelpers (if any) to also execute
  * Add a qubes group and then add the user 'user' to the group
  * Remove 'xen.evtchn' udev rule
  * Set permissions to /proc/xen/privcmd, so a user in qubes group can
    access
  * debian: Converted debian package to a quilt package to allow patches
  * debian: Revert depends back to use libxen-dev
  * debian:  Move creation of directories into debian.dirs configuration
    file
  * debian:  Remove dist target from Makefile as copy-in is now being
    used
  * debian: Remove unneeded patch file and README
  * Make sure when user is added to qubes group that the group is
    appended

  [ Marek Marczykowski-Górecki ]
  * qrexec: fix compile warning
  * debian: reenable -Werror, mentioned warning already fixed
  * debian: exclude binary packages from source archive
  * updates-proxy: allow xz compressed metadata (fc21)

 -- Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>  Tue, 17 Feb 2015 14:14:16 +0100

qubes-core-agent (3.0.0-1) jessie; urgency=medium

  [ Marek Marczykowski-Górecki ]
  * Improve handling of .desktop files
  * suspend: do not disable network frontend devices
  * Handle tabs in /etc/hosts

  [ Marek Marczykowski ]
  * Update for new vchan API
  * spec: add dependencies on vchan package (both R: and BR:)
  * load xen-gntalloc module required by libxenvchan
  * spec: get backend_vmm from env variable
  * rpm: fix typo
  * Use Qubes DB instead of Xenstore
  * systemd: fix qubes-service handling
  * dispvm: restart qubesdb at DispVM start

  [ Marek Marczykowski-Górecki ]
  * qrexec: remove dom0 targets from makefile
  * code style: replace tabs with spaces
  * qrexec: new protocol - direct data vchan connections
  * Use xenstore.h instead of xs.h
  * qrexec: register exec function
  * Update repos and keys for Qubes R3

 -- Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>  Sat, 22 Nov 2014 16:24:17 +0100

qubes-core-agent (2.1.42) jessie; urgency=medium

  * firewall: show error message only on actual error
  * Avoid 100MB reserved space in private ext4 partition
  * gui-fatal: do not run as root
  * fedora: workaround slow system shutdown (#852)
  * Rename qubes-yum-proxy service to qubes-updates-proxy
  * Rename yum-proxy-setup service to updates-proxy-setup
  * updates-proxy: add rules for debian repositories (#887)
  * qrexec: check for setuid() error when calling zenity/kdialog
  * Use systemd mechanism for loading kernel modules (when available)
  * Add missing u2mfn module load
  * archlinux: modules-load.d handled now in generic files
  * debian: migrate to native systemd services
  * updates-proxy-setup: support setting proxy for apt (#887)
  * Introduce qubes.SetDateTime service for time synchronization
  * systemd: fix 'service' path
  * Include /rw in the package
  * debian: custom dh_auto_clean no longer needed

 -- Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>  Sat, 25 Oct 2014 01:49:58 +0200

qubes-core-agent (2.1.41) jessie; urgency=medium

  [ Marek Marczykowski-Górecki ]
  * dispvm: slow down "spinlock" while waiting for save/restore

  [ Olivier MEDOC ]
  * archlinux: add notification daemon
  * archlinux: follow fedora20 qubes agent improvement
  * archlinux: follow fedora20 qubes agent improvement
  * archlinux: enable/disable services when corresponding packages got
    installed

  [ Marek Marczykowski-Górecki ]
  * network: use the same gateway IP generation method as backend
  * Revert "network: use the same gateway IP generation method as
    backend"

 -- Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>  Fri, 15 Aug 2014 17:45:15 +0200

qubes-core-agent (2.1.40) jessie; urgency=medium

  [ Marek Marczykowski-Górecki ]
  * Fix compiler warnings.
  * Enable compiler optimization.
  * rpm: do not disable abrt-applet autostart
  * systemd: relax qubes-sysinit dependencies
  * systemd: reexec systemd to ensure right version is running
  * rpm: fix notification-daemon setup
  * archlinux: do not fail mount /usr/lib/modules if already mounted
  * version 2.1.34
  * suspend: fix dbus-send invocation
  * qubes-rpc: log service stderr to syslog instead of sending to dom0
    (#842)
  * version 2.1.35

  [ Wojciech Zygmunt Porczyk ]
  * misc: do not display file preview by default (#813)

  [ Vincent Penquerc'h ]
  * vm-file-editor: remove temporary file on exit

  [ Marek Marczykowski-Górecki ]
  * rpm: remove /lib/firmware/updates link
  * Hide nm-applet icon earlier (#857)
  * Configure only installed programs
  * network: setup NM connection when its active in the ProxyVM
  * version 2.1.36
  * Add --dispvm to qvm-run documentation
  * Fix formating
  * Do not start nm-applet at all when no NetworkManager running (#857)
  * version 2.1.37
  * rpm: require generic "desktop-notification-daemon" not a specific
    one
  * rpm: enable haveged service by default (#673)
  * Do not start nm-applet at all when no NetworkManager running -
    update (#857)
  * rpm: enable/disable services when corresponding packages got
    installed
  * dispvm: close all windows after apps prerun (#872)
  * version 2.1.38
  * systemd: do not reexec when not necessary
  * version 2.1.39
  * rpm: mark config files with %config(noreplace)

  [ Davíð Steinn Geirsson ]
  * Split install target into install-common and install-rh, and add all
    target
  * Fix make clean target
  * Check for xenstore-read in /usr/sbin as well (default on debian)
  * Use xenstore.h instead of xs.h when xen >= 4.2
  * Explicitly specify /bin/bash for Makefile SHELL, since it's
    required.
  * Initial debian packaging

  [ Marek Marczykowski-Górecki ]
  * debian: update deps
  * qrexec: fix loop bounds
  * gitignore
  * Fix bashism
  * gitignore: fix binary packages declaration
  * debian: add updates repo definition and key
  * debian: fix qfile-unpacker perms

 -- Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>  Mon, 28 Jul 2014 02:38:59 +0200

qubes-core-agent (2.1.33) jessie; urgency=low

  * Initial Release.

 -- Davíð Steinn Geirsson <david@dsg.is>  Mon, 21 Apr 2014 01:31:55 +0000