qubes-core-qrexec (4.2.4-1+deb11u1) bullseye; urgency=medium

  * Build for bullseye

 -- Builder <user@localhost>  Wed, 26 Apr 2023 03:44:30 +0200

qubes-core-qrexec (4.2.4-1) unstable; urgency=medium

  [ Marek Marczykowski-Górecki ]
  * Fix policy permissions on upgrade too

  [ Maja Kądziołka ]
  * Fix man page format

  [ Marek Marczykowski-Górecki ]
  * Switch to new codecov uploader

  [ Frédéric Pierret (fepitre) ]
  * Rework Archlinux packaging

 -- Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>  Wed, 26 Apr 2023 03:44:30 +0200

qubes-core-qrexec (4.2.3-1) unstable; urgency=medium

  * Wrap coroutine in a task before passing to asyncio.wait
  * Do not call asyncio.get_event_loop() before creating one
  * Make pylint happy

 -- Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>  Sat, 28 Jan 2023 03:39:36 +0100

qubes-core-qrexec (4.2.2-1) unstable; urgency=medium

  * debian: drop explicit dependency on libvchan-xen

 -- Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>  Mon, 09 Jan 2023 11:02:14 +0100

qubes-core-qrexec (4.2.1-1) unstable; urgency=medium

  [ Demi Marie Obenour ]
  * Only spawn services via exec
  * Prevent log injection into qrexec-agent

  [ Marek Marczykowski-Górecki ]
  * Update fuzzer wrapper
  * Relax validation of MSG_DATA_STDIN/MSG_DATA_STDOUT

  [ Demi Marie Obenour ]
  * Zero-initialize some stack variables
  * Add some error checking
  * More error checking
  * qrexec-client-vm: add --help
  * Prefix data support
  * Remove the connect_existing variable
  * Replace one use of select(2) with poll(2)
  * Add a ppoll_vchan() function
  * Abort on bad return from select()
  * Replace one use of select(2) with ppoll(2)
  * simplify fd_set code
  * Remove another use of select()
  * Move CLIENT_INVALID check to handle_message_from_client
  * Use a NULL fdset instead of an empty one
  * Remove last use of select(2)
  * Use clock_gettime() instead of gettimeofday()
  * Drop FD_SETSIZE check
  * Do not exit successfully if local process failed

  [ Marek Marczykowski-Górecki ]
  * ci: drop R4.1

  [ Demi Marie Obenour ]
  * Add SELinux policy for qrexec
  * Allow user_t to use qrexec if a boolean is set
  * Allow qrexec to exec systemctl
  * Set agent SELinux context in systemd unit file
  * Set SELinux context in qrexec too
  * Avoid running /bin/sh as local_login_t
  * Try to fix an SELinux denial
  * Allow qrexec to start systemd services
  * fix for systemd selinux rules
  * try to fix more denials
  * Allow qrexec to connect to anything
  * Allow qrexec to connect to any socket

 -- Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>  Fri, 30 Dec 2022 06:12:11 +0100

qubes-core-qrexec (4.2.0-1) unstable; urgency=medium

  [ Marek Marczykowski-Górecki ]
  * Ignore oversensitive pylint warnings
  * Reformat code to be PEP8 compliant

  [ Frédéric Pierret (fepitre) ]
  * Drop Travis CI

  [ Marek Marczykowski-Górecki ]
  * ci: add codecov-wrapper

  [ Marta Marczykowska-Górecka ]
  * Fix incorrect ownership of policy dirs

  [ Locria Cyber ]
  * In PKGBUILD: copy instead of symlink

  [ locriacyber ]
  * Update archlinux/PKGBUILD

  [ Marek Marczykowski-Górecki ]
  * ci: install extra packages necessary for unit tests

  [ Frédéric Pierret (fepitre) ]
  * Add Qubes Builder v2 integration

  [ Marta Marczykowska-Górecka ]
  * Add get_files to policy admin client
  * Remove root user requirement for policy admin client
  * Add str representation to policy rule objects
  * add more tests to placate codecov
  * Apply @marmarek's code review
  * Fix empty file list in PolicyClient.get_files

 -- Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>  Tue, 11 Oct 2022 17:58:34 +0200

qubes-core-qrexec (4.1.18-1) unstable; urgency=medium

  * Fix parsing legacy policy files

 -- Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>  Sat, 05 Mar 2022 05:47:18 +0100

qubes-core-qrexec (4.1.17-1) unstable; urgency=medium

  [ Demi Marie Obenour ]
  * Check the return value of snprintf

  [ Marek Marczykowski-Górecki ]
  * Fix error return value in allocate_vchan_port
  * policy: fix notification on refused autostart

 -- Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>  Fri, 18 Feb 2022 05:21:30 +0100

qubes-core-qrexec (4.1.16-1) unstable; urgency=medium

  [ Demi Marie Obenour ]
  * Add assertions that FD_SETSIZE is not exceeded

  [ Marek Marczykowski-Górecki ]
  * policy: fix reporting failed target start

 -- Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>  Fri, 17 Dec 2021 04:56:52 +0100

qubes-core-qrexec (4.1.15-1) unstable; urgency=medium

  * Fix FD leak causing DispVMs not being cleaned up properly

 -- Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>  Thu, 01 Jul 2021 05:48:23 +0200

qubes-core-qrexec (4.1.14-1) unstable; urgency=medium

  [ Dmitry Fedorov ]
  * winusb: allow to build without pam
  * winusb: set guivm to None on unknown source
  * winusb: append LDLIBS
  * winsub: fix broad exception
  * winusb: check if pam include file exists and set appropriate flags

  [ Marek Marczykowski-Górecki ]
  * Adjust vchan_{send,recv} error checking
  * daemon: fix checking qrexec-policy-daemon response

  [ Demi Marie Obenour ]
  * Switch from __gcov_flush to __gcov_dump + __gcov_reset
  * Be stricter about command-line parsing
  * Create a DispVMTemplate instance when needed

  [ Marek Marczykowski-Górecki ]
  * Use generic 'guivm' service to tell if running inside GUI VM

  [ Demi Marie Obenour ]
  * Add a policy.EvalSimple qrexec service
  * Add unit tests for policy.EvalSimple
  * Tell pylint not to whine about extra parentheses
  * Add policy.EvalGUI service
  * Do not use the asynctest module
  * Use separate sockets for different services
  * Lots of unit tests and some bug fixes
  * Shut up pylint
  * Set socket modes properly
  * Handle partial reads from StreamReader.read
  * Automatically install dependencies when possible
  * Avoid calling get_system_info() twice
  * Parse the qrexec call metadata before untrusted data
  * Add a test for qrexec policy allowing an operation

  [ Marek Marczykowski-Górecki ]
  * Force color pytest output in gitlab

 -- Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>  Fri, 18 Jun 2021 03:33:11 +0200

qubes-core-qrexec (4.1.13-1) unstable; urgency=medium

  * agent: do not interrupt established connections on restart

 -- Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>  Sun, 10 Jan 2021 03:14:46 +0100

qubes-core-qrexec (4.1.12-1) unstable; urgency=medium

  [ Frédéric Pierret (fepitre) ]
  * Set default BACKEND_VMM value to xen
  * Use pkg-config to get BACKEND_VMM

  [ Marek Marczykowski-Górecki ]
  * Allow to override vchan variant selection with BACKEND_VMM variable

  [ Frédéric Pierret (fepitre) ]
  * Add .gitlab-ci.yml

  [ Marek Marczykowski-Górecki ]
  * gitlab-ci: include custom jobs
  * pylint: temporarily disable unsubscriptable-object - buggy with
    py3.9

  [ Frédéric Pierret (fepitre) ]
  * debian: update control
  * debian: update compat

 -- Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>  Tue, 05 Jan 2021 22:22:23 +0100

qubes-core-qrexec (4.1.11-1) unstable; urgency=medium

  [ Frédéric Pierret (fepitre) ]
  * Add ArchLinux packaging
  * archlinux: ensure python-setuptools make deps
  * archlinux: don't need to qubes-vm-utils
  * makefile: /lib is SYSLIBDIR
  * archlinux: ensure PKGBUILD.install

  [ icequbes1 ]
  * [archlinux] Fix qrexec installing wrong qrexec.pam file

  [ Marek Marczykowski-Górecki ]
  * daemon: fix handling multiple parallel qrexec-policy processes
  * libqrexec: fix calling qubes.WaitForSession
  * tests: minor adjustment
  * qrexec-policy-agent: do not patch event loop on module import
  * Start qrexec-agent only after systemd let in normal users

 -- Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>  Fri, 13 Nov 2020 03:43:37 +0100

qubes-core-qrexec (4.1.10-1) unstable; urgency=medium

  * agent: do not crash on spurious MSG_SERVICE_CONNECT from the daemon
  * daemon: do not send MSG_SERVICE_* messages twice for a given
    connection
  * policy: adjust call target for allow action too

 -- Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>  Sun, 11 Oct 2020 19:10:47 +0200

qubes-core-qrexec (4.1.9-1) unstable; urgency=medium

  [ Frédéric Pierret (fepitre) ]
  * Update travis

  [ Marek Marczykowski-Górecki ]
  * travis: restore language option
  * policy: interpret invalid requested target as @default

  [ Paweł Marczewski ]
  * Add 'autostart=no' option to policy
  * policy: allow '*' as source and target
  * Add a QubesRPC API for policy
  * policy admin: change API to use policy.include.*
  * policy admin: add tokens to prevent concurrent modification
  * policy admin: add client API and command-line tool
  * policy admin: package
  * policy admin: add default configuration
  * Handle Pylint upgrade

  [ Frédéric Pierret (fepitre) ]
  * Fix documentation build
  * Fix sphinx build

  [ Marek Marczykowski-Górecki ]
  * Fix handling default_target in ask action

 -- Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>  Sat, 10 Oct 2020 05:15:15 +0200

qubes-core-qrexec (4.1.8-1) unstable; urgency=medium

  * Fix dangerous-default-value pylint warning
  * test: downgrade pytest-asyncio
  * Revert "test: downgrade pytest-asyncio"
  * Update for changed qubesd socket protocol
  * rpm: restart qrexec-policy-daemon on upgrade
  * Fix documentation for relative paths in !include directive
  * parser: ignore .rpmsave/.rpmnew/.swp and .* policy files...
  * Update qrexec-policy-graph tool for new qrexec module
  * rpm: adjust depencency on qubes-core-dom0

 -- Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>  Sun, 24 May 2020 04:38:25 +0200

qubes-core-qrexec (4.1.7-1) unstable; urgency=medium

  [ Paweł Marczewski ]
  * fuzzer: use C++ compiler for linking

  [ Marek Marczykowski-Górecki ]
  * Adjust dependencies to avoid breaking USB proxy
  * policy/utils: fix pyinotify cleanup

  [ Paweł Marczewski ]
  * Remove false error message on vchan disconnect
  * qrexec-agent, qrexec-daemon: unblock signals before exec()
  * qrexec-client: handle failed service exec

  [ Frédéric Pierret (fepitre) ]
  * spec: fix hardcoded python3 prefix for CentOS

 -- Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>  Sat, 04 Apr 2020 19:18:23 +0200

qubes-core-qrexec (4.1.6-1) unstable; urgency=medium

  [ Paweł Marczewski ]
  * Factor out parse_qubes_rpc_command
  * Add a fuzzer for parse_qubes_rpc_command
  * Add a fuzzer for handle_remote_data
  * daemon, agent: unify main loop

  [ Marek Marczykowski-Górecki ]
  * rpm: add BR: systemd-devel to packages using %systemd_* macros

  [ Paweł Marczewski ]
  * Rewrite CLI tests
  * qrexec-policy-exec: don't use exit() directly in --just-ask
  * qrexec-policy-agent: prepare for GuiVM
  * qrexec-policy-agent: install in the common package, use socket
    activation
  * qrexec-policy-agent: enable systemd socket
  * travis: run pylint from docker
  * Add missing license header
  * qrexec-policy-agent: add policy.Notify call
  * Support notifications on allowed and denied calls
  * Refactor socket server into a more reusable SocketService class
  * qrexec-policy-exec: recover from failure when notifying
  * qrexec-policy-exec: handle 'execution failed' corner case
  * Change format for 'ask' response
  * qrexec-policy-daemon: don't reply with result=allow before execution
  * Add a test for no-GuiVM notifications
  * Document qrexec-policy-agent API
  * Refactor socket service handling
  * Clean up call() and call_async()
  * Add a requirement for qubes-core-dom0 version >= 4.1.9
  * policy-agent: use autostart program, not systemd service
  * qrexec-policy-agent: always show service argument
  * Factor out parsing service configuration
  * Support wait-for-session in dom0
  * travis: add job names, add fuzzer

 -- Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>  Sat, 28 Mar 2020 04:08:39 +0100

qubes-core-qrexec (4.1.5-1) unstable; urgency=medium

  * daemon: fix makefile
  * Isolate *-base, *-dom0 and *-vm make targets

 -- Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>  Thu, 26 Mar 2020 00:08:32 +0100

qubes-core-qrexec (4.1.4-1) unstable; urgency=medium

  [ Pawel Marczewski ]
  * qrexec-client: ignore SIGPIPE
  * Separate GTK test classes from object under test
  * Skip GTK tests when DISPLAY is not set or empty
  * agent: add options for alternative socket paths
  * agent: don't try to change user if not necessary
  * Add tests for agent using vchan-socket
  * Move socket tests to qrexec/tests/socket
  * Add tests for MSG_SERVICE_REFUSED
  * daemon: add options to enable testing
  * Add tests for qrexec-daemon
  * Don't run tests as root in Docker
  * qrexec-daemon: don't open log file when run with --direct
  * daemon: don't listen to clients while reconnecting to agent

  [ Paweł Marczewski ]
  * agent: don't skip PAM setup outside of tests
  * Add tests for agent communication
  * Test that agent is sending MSG_CONNECTION_TERMINATED
  * daemon: add tests for port allocation and connecting a service
  * Add --socket-dir option to qrexec-client
  * qrexec-client: close vchan before exiting
  * Add tests for qrexec-client
  * Add a test for client with both remote and local cmdline

  [ Demi M. Obenour ]
  * Add more generated files to .gitignore
  * Makefile improvements
  * Add assertions and fix compiler warnings
  * Ensure that stdout and stdin use distinct file descriptors
  * Working socket-based qrexec
  * Pass service parameters to sockets
  * Prevent socket-based services in dom0 from hanging
  * flush_client_data(-1, buffer) should be a no-op
  * Socket-based services do not have a local process
  * Do not try to close the same file descriptor twice
  * Avoid closing local_stdout_fd if writing to local_stdin_fd fails
  * Socket-based services have no child processes

  [ Marek Marczykowski-Górecki ]
  * Add coveragerc

  [ Demi M. Obenour ]
  * Close the vchan when exiting
  * make some variables static
  * Fix exit status of qrexec-client

  [ Paweł Marczewski ]
  * daemon: prevent collisions between port numbers

  [ Marek Marczykowski-Górecki ]
  * tests: adjust after recent changes
  * travis: workaround for coverage 5.0 incompatibility
  * Collect test coverage data about C programs too
  * daemon: minor cleanup of SIGCHLD setup
  * daemon: add SIGTERM handler for graceful exit
  * daemon: fix handling EINTR in the main loop
  * tests: terminate daemon before client
  * agent: add SIGTERM handler for graceful exit
  * policy: move source=target check later

  [ Paweł Marczewski ]
  * Refactor execute_parsed_qubes_rpc_command
  * Add a test for QUBESRPC and socket-based services
  * Add a wait to port allocation test
  * Add a TODO about test_run_dom0_command_and_connect_vm
  * client tests: always wait for client to end
  * tests: run strace detached (-D)
  * Add test for terminating agent before restarting

  [ Marta Marczykowska-Górecka ]
  * Qrexec policy daemon and tests
  * Working qrexec-policy-daemon
  * Fixed assorted errors and better handling for logging
  * Fixed tests and assorted bugs discovered with them
  * Added policy caching
  * Added tests to PolicyCache
  * Typos cleanup

  [ Paweł Marczewski ]
  * Remove _GNU_SOURCE (definition moved to Makefile)
  * Update qrexec-client error handling
  * Make trailing whitespace in tests visible
  * Add a TODO about test_run_dom0_command_and_connect_vm

  [ Marek Marczykowski-Górecki ]
  * PolicyCache: add option to lazy load policy

  [ Paweł Marczewski ]
  * daemon, agent: ensure proper shutdown
  * Remove ConfirmCreate (unused)
  * Compile C programs with -std=gnu11
  * Add more tests for qrexec
  * Add tests that cover writing into closed stdin
  * Add tests that trigger WRITE_STDIN_BUFFERED

  [ Marek Marczykowski-Górecki ]
  * policy: don't fail if policy directory doesn't exist
  * policy: improve PolicyCache.cleanup()

  [ Paweł Marczewski ]
  * Extract do_replace_chars()
  * Factor out handle_remote_data to libqrexec
  * qrexec-client: use handle_remote_data instead of handle_vchan_data
  * Factor out handle_input from qrexec-agent-data.c
  * qrexec-client: use the common handle_input
  * Factor out send_exit_code()
  * Fix replace_chars usage
  * Factor out process_child_io
  * qrexec-client: use common code for process_io
  * agent: fix error path on failed service exec
  * Fix reading from a dead process (ECONNRESET on read)
  * Add a test in which we wait for a granchild to close streams
  * Move all closing code to process_io.c; don't exit early
  * Fix timeout in wait_for_vchan_or_argfd
  * Always return remote exit status
  * qrexec-client-vm: pass local process PID to process_io
  * Split handle_new_process_common
  * Add a test for replace_chars
  * Remove debug print
  * Fix test_exit_before_closing_streams
  * Handle SIGPIPE in qrexec-client-vm
  * Test stdio socket for client-vm as well

  [ Marek Marczykowski-Górecki ]
  * Use different error messages for different error paths
  * qrexec-client{,-vm}: do not fail if cannot sent just final EOF
  * libqrexec: fix cleanup on qubes_connect error
  * Add '[Install]' section to qubes-qrexec-policy-daemon.service
  * gitignore: ignore 'build' dir
  * policy daemon: fix double ++ in logs
  * Fix not closed file descriptors in qubes-rpc-multiplexer
  * Test closing stdout early also through qrexec service
  * Ensure matching libqrexec-utils package
  * Adjust dependencies to avoid breaking non-executable services

  [ Paweł Marczewski ]
  * Add logging macros
  * Convert error messages to logging macros
  * Fix "executed user pid" message
  * Include program name in logs
  * Update log messages
  * process_io: use poll, detect socket close
  * Handle POLLERR for stdin as well as POLLHUP
  * Add an error message in case of early break
  * Fix race condition in process_io
  * Fix qrexec-fork-server handling of MSG_JUST_EXEC

 -- Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>  Wed, 25 Mar 2020 16:08:16 +0100

qubes-core-qrexec (4.1.3-1) unstable; urgency=medium

  [ Frédéric Pierret (fepitre) ]
  * travis: switch to bionic

  [ Marek Marczykowski-Górecki ]
  * travis: switch to python 3.6
  * Remove extra header

  [ pierwill ]
  * Add README

  [ Marek Marczykowski-Górecki ]
  * travis: run tests in docker
  * travis: install codecov outside docker too

  [ pierwill ]
  * Update documentation info in qrexec.h

  [ Frédéric Pierret (fepitre) ]
  * travis: switch to dom0 Fedora 31

  [ Pawel Marczewski ]
  * Fix utf8 headers
  * Handle error while executing qrexec-client

 -- Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>  Sat, 18 Jan 2020 04:37:25 +0100

qubes-core-qrexec (4.1.2-1) unstable; urgency=medium

  * policy: fix dropped call argument
  * policy: fix @dispvm default template evaluation
  * tests: revive qrexec-policy-exec tests
  * policy: fix keyword-based intended target argument for actual
    service call
  * policy: revive some more tests, add few policy eval tests
  * qrexec-client-vm: add option to replace control characters on
    stdout/err
  * Make pylint happy

 -- Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>  Wed, 09 Oct 2019 04:12:00 +0200

qubes-core-qrexec (4.1.1-1) wheezy; urgency=medium

  * rpm: fix build with mock
  * debian: add Build-Depends: lsb-release

 -- Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>  Mon, 01 Jul 2019 02:29:17 +0200

qubes-core-qrexec (4.1.0-1) unstable; urgency=medium

  * Initial debian packaging

 -- Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>  Fri, 05 Apr 2019 03:51:22 +0200
