GCC 14 complains:

qrexec-agent.c: In function ...pam_conv_callback...:
qrexec-agent.c:101:23: e...

This print leaks the whole qrexec policy to the caller of the
policy.RegisterArgument service. D...

* origin/pr/131:
rpm: add missing directory ownership
rpm: adjust pyinotify pkg name for ope...

* origin/pr/132:
Add dedicated PAM file for Gentoo

When --full-output is given, include also which specific arguments are
allowed, not only whether...

The line color is supposed to mean ask/allow actions. With --full-output
it incorrectly used alw...

QubesOS/qubes-issues#8648

When the tool is called with a specific service argument, consider rules
with wildcard argument ...

For example --target=@default doesn't make sense.
When parsing source/targets already, save pars...

QubesOS/qubes-issues#6567

QubesOS/qubes-issues#6567

QubesOS/qubes-issues#6567

/qubes-rpc/policy.{Ask,Notify} intentionally points to files created at
runtime (in /var/run). o...

It's just python-rpm-macros there, not python3-rpm-macros

This way it works on both Fedora and openSUSE.
Use also common "sphinx-build" name, which is a s...

Consider '@default' target when collecting policy rules, as it might
match different rules than ...

Fixes: https://github.com/QubesOS/qubes-issues/issues/8644

* origin/pr/128:
Don't wait for stdin if there is unsent prefix data

Generate gcov reports in appropriate directories (not just top level) to
match them to the sourc...

Without this change, prefix data is not sent until stdin becomes
readable. With this change, pr...

* origin/pr/123:
Tests for legacy policy convert tool
Modify qrexec-policy-graph for more fl...

Enable outputting more information about permissions/actions
Make output more flexible (can be p...

* origin/pr/109:
Ensure that VLAs do not creep back into the code
Allow specifying a usernam...

fixes QubesOS/qubes-issues#8000

They are a bad idea and the Linux kernel has banned them from its code.

This also dramatically improves the configuration parser. Configuration
files now use a strict ...

The utils.get_system_info() still returns full system_info dict, not
just "domains" element (thi...

This requires some internal refactoring, which is split off into a
separate commit to ease revie...

This avoids crashes if a buggy qrexec agent sends a malformed message.
It also avoids variable-l...

exit() will double-flush streams, among other problems.

This allows the C compiler to type-check arguments to qrexec_log() and
thus to the logging macros.

If remote VM fails to establish (already allowed by the policy)
connection, the local side (qrex...

It does exist in dom0 normally, but not necessarily in CI or devel
environment.

Remove options not existing anymore.

Enforce file mode and ownership for replaced files.

Signed-off-by: Ben Grande <ben.grande.b@gma...

Signed-off-by: Ben Grande <[email protected]>

Make it add rules into
/etc/qubes/policy.d/60-registered-arguments.policy, instead of legacy
/et...

This corresponds to an service program with an empty name. Such a
program cannot actually exist...

Previously, this would cause the service name to be truncated, which is
not helpful. Also rejec...

* origin/pr/118:
Move variables into MSG_TRIGGER_SERVICE3 block

* origin/pr/114:
Ensure that all external variables are type-checked
Banish old-style functi...

These variables are only used in that block, so declare them in that
block.

Signed-off-by: Ben Grande <[email protected]>

When service call is rejected early, release memory before returning.

Fix compile error:

../daemon/qrexec-daemon.c:1235:13: error: expected expression
...

This requires that all objects with external linkage are declared in a
header file that is inclu...

They are deprecated in all versions of C and are fundamentally unsafe.
Also ensure that all func...

* origin/pr/112:
Fix header validation by qrexec agent

* origin/pr/110:
Reject requests with invalid request ID

Debian uses Python 3.9.2 which does not support typing.TypeAlias.
Ensure that typing.TypeAlias i...

Signed-off-by: Ben Grande <[email protected]>

This avoids a 1-byte out-of-bounds buffer underread in the agent. It
also ensures that an inval...

Apparently it's too soon to use close_range() yet. At least environment
used in oss-fuzz does no...

This is the primary function parsing messages from VM, in dom0. Fuzz
this too. It requires a lit...

'echo -ne' doesn't work with all shell builtin echo implementation.
Force bash.

Make it not-static in fuzzing build and also free memory even when if
normally the process would...

Policy editor uses those.

Fixes: 0ab2ac1 "Avoid having qrexec-policy-daemon handle connections"

* py36:
Do not use 'annotation' future extension

The handle_message_from_agent() assumes there is always a space for
terminating NUL character in...

It isn't available in Python 3.6 (CentOS Stream 8), use manual string
annotations where necessar...

Mangling the request ID is not useful: the agent will use the mangled
request ID to look up the ...

This makes qrexec-policy-daemon stateless and ensures that restarting it
does not e.g. cause dat...

Using pytest.fixture() no longer works in Python 3.11. This manifests
as test failures when run...

This adds lots of types to Python code, making it easier to understand
and maintain. A mypy.ini...

This will be used by qrexec to clean up disposable VMs.

These functions will be used in qrexec-daemon and qrexec-client to
support communication with qu...

by adding '--' to the rm command line

This avoids errors from later coverage runs.

Previously the ln commands would fail because the symlinks already
existed.

No functional change intended.