basebuilder_pel7x64builder0
6 years ago
15 changed files with 13106 additions and 187 deletions
@ -0,0 +1,330 @@
@@ -0,0 +1,330 @@
|
||||
From 8e8c797904fc29396d340609f006add206df4973 Mon Sep 17 00:00:00 2001 |
||||
From: Beniamino Galvani <bgalvani@redhat.com> |
||||
Date: Wed, 20 Jun 2018 11:49:22 +0200 |
||||
Subject: [PATCH 1/2] Revert "dhclient: write client-id with backslash and |
||||
quotes as hex" |
||||
|
||||
This reverts commit 0e4b33ee7552b036332f1bdbfed78f8ee75f000e. |
||||
--- |
||||
src/dhcp/nm-dhcp-dhclient-utils.c | 2 +- |
||||
src/dhcp/tests/test-dhcp-dhclient.c | 32 +---------------------------- |
||||
2 files changed, 2 insertions(+), 32 deletions(-) |
||||
|
||||
diff --git a/src/dhcp/nm-dhcp-dhclient-utils.c b/src/dhcp/nm-dhcp-dhclient-utils.c |
||||
index 3290dd65c..6adb395c9 100644 |
||||
--- a/src/dhcp/nm-dhcp-dhclient-utils.c |
||||
+++ b/src/dhcp/nm-dhcp-dhclient-utils.c |
||||
@@ -124,7 +124,7 @@ add_ip4_config (GString *str, GBytes *client_id, const char *hostname, gboolean |
||||
* as long as all the characters are printable. |
||||
*/ |
||||
for (i = 1; (p[0] == 0) && i < l; i++) { |
||||
- if (!g_ascii_isprint (p[i]) || p[i] == '\\' || p[i] == '"') |
||||
+ if (!g_ascii_isprint (p[i])) |
||||
break; |
||||
} |
||||
|
||||
diff --git a/src/dhcp/tests/test-dhcp-dhclient.c b/src/dhcp/tests/test-dhcp-dhclient.c |
||||
index 2f369aacc..f3b17807f 100644 |
||||
--- a/src/dhcp/tests/test-dhcp-dhclient.c |
||||
+++ b/src/dhcp/tests/test-dhcp-dhclient.c |
||||
@@ -176,35 +176,6 @@ test_quote_client_id (void) |
||||
|
||||
/*****************************************************************************/ |
||||
|
||||
-static const char *quote_client_id_expected_2 = \ |
||||
- "# Created by NetworkManager\n" |
||||
- "\n" |
||||
- "send dhcp-client-identifier 00:61:5c:62:63; # added by NetworkManager\n" |
||||
- "\n" |
||||
- "option rfc3442-classless-static-routes code 121 = array of unsigned integer 8;\n" |
||||
- "option ms-classless-static-routes code 249 = array of unsigned integer 8;\n" |
||||
- "option wpad code 252 = string;\n" |
||||
- "\n" |
||||
- "also request rfc3442-classless-static-routes;\n" |
||||
- "also request ms-classless-static-routes;\n" |
||||
- "also request static-routes;\n" |
||||
- "also request wpad;\n" |
||||
- "also request ntp-servers;\n" |
||||
- "\n"; |
||||
- |
||||
-static void |
||||
-test_quote_client_id_2 (void) |
||||
-{ |
||||
- test_config (NULL, quote_client_id_expected_2, |
||||
- AF_INET, NULL, 0, FALSE, |
||||
- "a\\bc", |
||||
- NULL, |
||||
- "eth0", |
||||
- NULL); |
||||
-} |
||||
- |
||||
-/*****************************************************************************/ |
||||
- |
||||
static const char *hex_zero_client_id_expected = \ |
||||
"# Created by NetworkManager\n" |
||||
"\n" |
||||
@@ -1026,8 +997,7 @@ main (int argc, char **argv) |
||||
|
||||
g_test_add_func ("/dhcp/dhclient/orig_missing", test_orig_missing); |
||||
g_test_add_func ("/dhcp/dhclient/override_client_id", test_override_client_id); |
||||
- g_test_add_func ("/dhcp/dhclient/quote_client_id/1", test_quote_client_id); |
||||
- g_test_add_func ("/dhcp/dhclient/quote_client_id/2", test_quote_client_id_2); |
||||
+ g_test_add_func ("/dhcp/dhclient/quote_client_id", test_quote_client_id); |
||||
g_test_add_func ("/dhcp/dhclient/hex_zero_client_id", test_hex_zero_client_id); |
||||
g_test_add_func ("/dhcp/dhclient/ascii_client_id", test_ascii_client_id); |
||||
g_test_add_func ("/dhcp/dhclient/hex_single_client_id", test_hex_single_client_id); |
||||
-- |
||||
2.17.0 |
||||
|
||||
From 5fa45f1a84ea2e46e5fb07aeef19cb46322b64bc Mon Sep 17 00:00:00 2001 |
||||
From: Beniamino Galvani <bgalvani@redhat.com> |
||||
Date: Wed, 20 Jun 2018 11:50:51 +0200 |
||||
Subject: [PATCH 2/2] Revert "dhcp: dhclient: set type 0 for printable client |
||||
IDs" |
||||
|
||||
Keep the RHEL 7.5 behavior. |
||||
|
||||
This reverts commit 8ffa22d10d3001405965826b46463663fd2dacc2. |
||||
--- |
||||
src/dhcp/nm-dhcp-dhclient-utils.c | 46 +++------------- |
||||
src/dhcp/tests/test-dhcp-dhclient.c | 83 +++-------------------------- |
||||
2 files changed, 16 insertions(+), 113 deletions(-) |
||||
|
||||
diff --git a/src/dhcp/nm-dhcp-dhclient-utils.c b/src/dhcp/nm-dhcp-dhclient-utils.c |
||||
index 6adb395c9..90fa33397 100644 |
||||
--- a/src/dhcp/nm-dhcp-dhclient-utils.c |
||||
+++ b/src/dhcp/nm-dhcp-dhclient-utils.c |
||||
@@ -137,9 +137,8 @@ add_ip4_config (GString *str, GBytes *client_id, const char *hostname, gboolean |
||||
g_string_append_printf (str, "%02x", (guint8) p[i]); |
||||
} |
||||
} else { |
||||
- /* Printable; just add to the line with type 0 */ |
||||
+ /* Printable; just add to the line minus the 'type' */ |
||||
g_string_append_c (str, '"'); |
||||
- g_string_append (str, "\\x00"); |
||||
g_string_append_len (str, p + 1, l - 1); |
||||
g_string_append_c (str, '"'); |
||||
} |
||||
@@ -177,60 +176,31 @@ read_client_id (const char *str) |
||||
{ |
||||
gs_free char *s = NULL; |
||||
char *p; |
||||
- int i = 0, j = 0; |
||||
|
||||
nm_assert (!strncmp (str, CLIENTID_TAG, NM_STRLEN (CLIENTID_TAG))); |
||||
- str += NM_STRLEN (CLIENTID_TAG); |
||||
|
||||
- if (!g_ascii_isspace (*str)) |
||||
- return NULL; |
||||
+ str += NM_STRLEN (CLIENTID_TAG); |
||||
while (g_ascii_isspace (*str)) |
||||
str++; |
||||
|
||||
if (*str == '"') { |
||||
- /* Parse string literal with escape sequences */ |
||||
s = g_strdup (str + 1); |
||||
p = strrchr (s, '"'); |
||||
if (p) |
||||
*p = '\0'; |
||||
else |
||||
return NULL; |
||||
+ } else |
||||
+ s = g_strdup (str); |
||||
|
||||
- if (!s[0]) |
||||
- return NULL; |
||||
- |
||||
- while (s[i]) { |
||||
- if ( s[i] == '\\' |
||||
- && s[i + 1] == 'x' |
||||
- && g_ascii_isxdigit (s[i + 2]) |
||||
- && g_ascii_isxdigit (s[i + 3])) { |
||||
- s[j++] = (g_ascii_xdigit_value (s[i + 2]) << 4) |
||||
- + g_ascii_xdigit_value (s[i + 3]); |
||||
- i += 4; |
||||
- continue; |
||||
- } |
||||
- if ( s[i] == '\\' |
||||
- && s[i + 1] >= '0' && s[i + 1] <= '7' |
||||
- && s[1 + 2] >= '0' && s[i + 2] <= '7' |
||||
- && s[1 + 3] >= '0' && s[i + 3] <= '7') { |
||||
- s[j++] = ((s[i + 1] - '0') << 6) |
||||
- + ((s[i + 2] - '0') << 3) |
||||
- + ( s[i + 3] - '0'); |
||||
- i += 4; |
||||
- continue; |
||||
- } |
||||
- s[j++] = s[i++]; |
||||
- } |
||||
- return g_bytes_new_take (g_steal_pointer (&s), j); |
||||
- } |
||||
- |
||||
- /* Otherwise, try to read a hexadecimal sequence */ |
||||
- s = g_strdup (str); |
||||
g_strchomp (s); |
||||
if (s[strlen (s) - 1] == ';') |
||||
s[strlen (s) - 1] = '\0'; |
||||
|
||||
- return nm_utils_hexstr2bin (s); |
||||
+ if (!s[0]) |
||||
+ return NULL; |
||||
+ |
||||
+ return nm_dhcp_utils_client_id_string_to_bytes (s); |
||||
} |
||||
|
||||
GBytes * |
||||
diff --git a/src/dhcp/tests/test-dhcp-dhclient.c b/src/dhcp/tests/test-dhcp-dhclient.c |
||||
index f3b17807f..377938c87 100644 |
||||
--- a/src/dhcp/tests/test-dhcp-dhclient.c |
||||
+++ b/src/dhcp/tests/test-dhcp-dhclient.c |
||||
@@ -150,7 +150,7 @@ test_override_client_id (void) |
||||
static const char *quote_client_id_expected = \ |
||||
"# Created by NetworkManager\n" |
||||
"\n" |
||||
- "send dhcp-client-identifier \"\\x00abcd\"; # added by NetworkManager\n" |
||||
+ "send dhcp-client-identifier \"1234\"; # added by NetworkManager\n" |
||||
"\n" |
||||
"option rfc3442-classless-static-routes code 121 = array of unsigned integer 8;\n" |
||||
"option ms-classless-static-routes code 249 = array of unsigned integer 8;\n" |
||||
@@ -168,36 +168,7 @@ test_quote_client_id (void) |
||||
{ |
||||
test_config (NULL, quote_client_id_expected, |
||||
AF_INET, NULL, 0, FALSE, |
||||
- "abcd", |
||||
- NULL, |
||||
- "eth0", |
||||
- NULL); |
||||
-} |
||||
- |
||||
-/*****************************************************************************/ |
||||
- |
||||
-static const char *hex_zero_client_id_expected = \ |
||||
- "# Created by NetworkManager\n" |
||||
- "\n" |
||||
- "send dhcp-client-identifier 00:11:22:33; # added by NetworkManager\n" |
||||
- "\n" |
||||
- "option rfc3442-classless-static-routes code 121 = array of unsigned integer 8;\n" |
||||
- "option ms-classless-static-routes code 249 = array of unsigned integer 8;\n" |
||||
- "option wpad code 252 = string;\n" |
||||
- "\n" |
||||
- "also request rfc3442-classless-static-routes;\n" |
||||
- "also request ms-classless-static-routes;\n" |
||||
- "also request static-routes;\n" |
||||
- "also request wpad;\n" |
||||
- "also request ntp-servers;\n" |
||||
- "\n"; |
||||
- |
||||
-static void |
||||
-test_hex_zero_client_id (void) |
||||
-{ |
||||
- test_config (NULL, hex_zero_client_id_expected, |
||||
- AF_INET, NULL, 0, FALSE, |
||||
- "00:11:22:33", |
||||
+ "1234", |
||||
NULL, |
||||
"eth0", |
||||
NULL); |
||||
@@ -208,7 +179,7 @@ test_hex_zero_client_id (void) |
||||
static const char *ascii_client_id_expected = \ |
||||
"# Created by NetworkManager\n" |
||||
"\n" |
||||
- "send dhcp-client-identifier \"\\x00qb:cd:ef:12:34:56\"; # added by NetworkManager\n" |
||||
+ "send dhcp-client-identifier \"qb:cd:ef:12:34:56\"; # added by NetworkManager\n" |
||||
"\n" |
||||
"option rfc3442-classless-static-routes code 121 = array of unsigned integer 8;\n" |
||||
"option ms-classless-static-routes code 249 = array of unsigned integer 8;\n" |
||||
@@ -264,13 +235,13 @@ test_hex_single_client_id (void) |
||||
/*****************************************************************************/ |
||||
|
||||
static const char *existing_hex_client_id_orig = \ |
||||
- "send dhcp-client-identifier 10:30:04:20:7A:08;\n"; |
||||
+ "send dhcp-client-identifier 00:30:04:20:7A:08;\n"; |
||||
|
||||
static const char *existing_hex_client_id_expected = \ |
||||
"# Created by NetworkManager\n" |
||||
"# Merged from /path/to/dhclient.conf\n" |
||||
"\n" |
||||
- "send dhcp-client-identifier 10:30:04:20:7A:08;\n" |
||||
+ "send dhcp-client-identifier 00:30:04:20:7A:08;\n" |
||||
"\n" |
||||
"option rfc3442-classless-static-routes code 121 = array of unsigned integer 8;\n" |
||||
"option ms-classless-static-routes code 249 = array of unsigned integer 8;\n" |
||||
@@ -287,7 +258,7 @@ static void |
||||
test_existing_hex_client_id (void) |
||||
{ |
||||
gs_unref_bytes GBytes *new_client_id = NULL; |
||||
- const guint8 bytes[] = { 0x10, 0x30, 0x04, 0x20, 0x7A, 0x08 }; |
||||
+ const guint8 bytes[] = { 0x00, 0x30, 0x04,0x20, 0x7A, 0x08 }; |
||||
|
||||
new_client_id = g_bytes_new (bytes, sizeof (bytes)); |
||||
test_config (existing_hex_client_id_orig, existing_hex_client_id_expected, |
||||
@@ -300,52 +271,16 @@ test_existing_hex_client_id (void) |
||||
|
||||
/*****************************************************************************/ |
||||
|
||||
-static const char *existing_escaped_client_id_orig = \ |
||||
- "send dhcp-client-identifier \"\\044test\\xfe\";\n"; |
||||
- |
||||
-static const char *existing_escaped_client_id_expected = \ |
||||
- "# Created by NetworkManager\n" |
||||
- "# Merged from /path/to/dhclient.conf\n" |
||||
- "\n" |
||||
- "send dhcp-client-identifier \"\\044test\\xfe\";\n" |
||||
- "\n" |
||||
- "option rfc3442-classless-static-routes code 121 = array of unsigned integer 8;\n" |
||||
- "option ms-classless-static-routes code 249 = array of unsigned integer 8;\n" |
||||
- "option wpad code 252 = string;\n" |
||||
- "\n" |
||||
- "also request rfc3442-classless-static-routes;\n" |
||||
- "also request ms-classless-static-routes;\n" |
||||
- "also request static-routes;\n" |
||||
- "also request wpad;\n" |
||||
- "also request ntp-servers;\n" |
||||
- "\n"; |
||||
- |
||||
-static void |
||||
-test_existing_escaped_client_id (void) |
||||
-{ |
||||
- gs_unref_bytes GBytes *new_client_id = NULL; |
||||
- |
||||
- new_client_id = g_bytes_new ("$test\xfe", 6); |
||||
- test_config (existing_escaped_client_id_orig, existing_escaped_client_id_expected, |
||||
- AF_INET, NULL, 0, FALSE, |
||||
- NULL, |
||||
- new_client_id, |
||||
- "eth0", |
||||
- NULL); |
||||
-} |
||||
- |
||||
-/*****************************************************************************/ |
||||
- |
||||
#define EACID "qb:cd:ef:12:34:56" |
||||
|
||||
static const char *existing_ascii_client_id_orig = \ |
||||
- "send dhcp-client-identifier \"\\x00" EACID "\";\n"; |
||||
+ "send dhcp-client-identifier \"" EACID "\";\n"; |
||||
|
||||
static const char *existing_ascii_client_id_expected = \ |
||||
"# Created by NetworkManager\n" |
||||
"# Merged from /path/to/dhclient.conf\n" |
||||
"\n" |
||||
- "send dhcp-client-identifier \"\\x00" EACID "\";\n" |
||||
+ "send dhcp-client-identifier \"" EACID "\";\n" |
||||
"\n" |
||||
"option rfc3442-classless-static-routes code 121 = array of unsigned integer 8;\n" |
||||
"option ms-classless-static-routes code 249 = array of unsigned integer 8;\n" |
||||
@@ -998,11 +933,9 @@ main (int argc, char **argv) |
||||
g_test_add_func ("/dhcp/dhclient/orig_missing", test_orig_missing); |
||||
g_test_add_func ("/dhcp/dhclient/override_client_id", test_override_client_id); |
||||
g_test_add_func ("/dhcp/dhclient/quote_client_id", test_quote_client_id); |
||||
- g_test_add_func ("/dhcp/dhclient/hex_zero_client_id", test_hex_zero_client_id); |
||||
g_test_add_func ("/dhcp/dhclient/ascii_client_id", test_ascii_client_id); |
||||
g_test_add_func ("/dhcp/dhclient/hex_single_client_id", test_hex_single_client_id); |
||||
g_test_add_func ("/dhcp/dhclient/existing-hex-client-id", test_existing_hex_client_id); |
||||
- g_test_add_func ("/dhcp/dhclient/existing-client-id", test_existing_escaped_client_id); |
||||
g_test_add_func ("/dhcp/dhclient/existing-ascii-client-id", test_existing_ascii_client_id); |
||||
g_test_add_func ("/dhcp/dhclient/fqdn", test_fqdn); |
||||
g_test_add_func ("/dhcp/dhclient/fqdn_options_override", test_fqdn_options_override); |
||||
-- |
||||
2.17.0 |
||||
|
@ -0,0 +1,38 @@
@@ -0,0 +1,38 @@
|
||||
From 1ce88613e6438f0ab9f50b826929f02408eb8f50 Mon Sep 17 00:00:00 2001 |
||||
From: Beniamino Galvani <bgalvani@redhat.com> |
||||
Date: Wed, 4 Jul 2018 08:22:12 +0200 |
||||
Subject: [PATCH] device: disable rp_filter handling |
||||
|
||||
Don't change rp_filter in any way, like in previous RHEL 7 releases. |
||||
See also https://bugzilla.redhat.com/show_bug.cgi?id=1492472. |
||||
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=1593194 |
||||
--- |
||||
src/devices/nm-device.c | 4 ++-- |
||||
1 file changed, 2 insertions(+), 2 deletions(-) |
||||
|
||||
diff --git a/src/devices/nm-device.c b/src/devices/nm-device.c |
||||
index 613e87034..ac9e1da08 100644 |
||||
--- a/src/devices/nm-device.c |
||||
+++ b/src/devices/nm-device.c |
||||
@@ -11440,7 +11440,7 @@ nm_device_set_ip_config (NMDevice *self, |
||||
priv->needs_ip6_subnet = FALSE; |
||||
} |
||||
|
||||
- if (IS_IPv4) { |
||||
+ if (IS_IPv4 && FALSE /* disabled on RHEL */) { |
||||
if (!nm_device_sys_iface_state_is_external_or_assume (self)) |
||||
ip4_rp_filter_update (self); |
||||
} |
||||
@@ -12329,7 +12329,7 @@ queued_ip_config_change (NMDevice *self, int addr_family) |
||||
|
||||
set_unmanaged_external_down (self, TRUE); |
||||
|
||||
- if (IS_IPv4) { |
||||
+ if (IS_IPv4 && FALSE /* disabled on RHEL */) { |
||||
if (!nm_device_sys_iface_state_is_external_or_assume (self)) { |
||||
priv->v4_has_shadowed_routes = _v4_has_shadowed_routes_detect (self);; |
||||
ip4_rp_filter_update (self); |
||||
-- |
||||
2.17.0 |
||||
|
@ -0,0 +1,33 @@
@@ -0,0 +1,33 @@
|
||||
From 53a95f9ebd941c9fd2464f69ee420c4c82842eda Mon Sep 17 00:00:00 2001 |
||||
From: Thomas Haller <thaller@redhat.com> |
||||
Date: Fri, 2 Sep 2016 15:58:42 +0200 |
||||
Subject: [PATCH] service: give CAP_SYS_ADMIN for ibft/iscsiadm (rh#1371201) |
||||
|
||||
systemd on rhel-7.3 has a bug with merging CapabilityBoundingSet. |
||||
https://github.com/systemd/systemd/issues/1221 |
||||
Thus it is all in one line. |
||||
--- |
||||
data/NetworkManager.service.in | 6 +++--- |
||||
1 file changed, 3 insertions(+), 3 deletions(-) |
||||
|
||||
diff --git a/data/NetworkManager.service.in b/data/NetworkManager.service.in |
||||
index 2692935..d354b7c 100644 |
||||
--- a/data/NetworkManager.service.in |
||||
+++ b/data/NetworkManager.service.in |
||||
@@ -14,10 +14,10 @@ ExecStart=@sbindir@/NetworkManager --no-daemon |
||||
Restart=on-failure |
||||
# NM doesn't want systemd to kill its children for it |
||||
KillMode=process |
||||
-CapabilityBoundingSet=CAP_NET_ADMIN CAP_DAC_OVERRIDE CAP_NET_RAW CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_MODULE CAP_AUDIT_WRITE CAP_KILL CAP_SYS_CHROOT |
||||
+#CapabilityBoundingSet=CAP_NET_ADMIN CAP_DAC_OVERRIDE CAP_NET_RAW CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_MODULE CAP_AUDIT_WRITE CAP_KILL CAP_SYS_CHROOT |
||||
|
||||
-# ibft settings plugin calls iscsiadm which needs CAP_SYS_ADMIN |
||||
-#CapabilityBoundingSet=CAP_SYS_ADMIN |
||||
+# ibft settings plugin calls iscsiadm which needs CAP_SYS_ADMIN (rh#1371201) |
||||
+CapabilityBoundingSet=CAP_NET_ADMIN CAP_DAC_OVERRIDE CAP_NET_RAW CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_MODULE CAP_AUDIT_WRITE CAP_KILL CAP_SYS_CHROOT CAP_SYS_ADMIN |
||||
|
||||
ProtectSystem=true |
||||
ProtectHome=read-only |
||||
-- |
||||
2.17.1 |
||||
|
@ -0,0 +1,275 @@
@@ -0,0 +1,275 @@
|
||||
From 0590bacaecdfb57d5289a2c3d0628424689353d1 Mon Sep 17 00:00:00 2001 |
||||
From: Beniamino Galvani <bgalvani@redhat.com> |
||||
Date: Mon, 27 Aug 2018 17:04:34 +0200 |
||||
Subject: [PATCH] libnm-core: support private keys encrypted with |
||||
AES-{192,256}-CBC |
||||
|
||||
https://github.com/NetworkManager/NetworkManager/pull/189 |
||||
(cherry picked from commit 93f85edcce502cfa6d3676f58bf9e8e1a527ea53) |
||||
(cherry picked from commit 74fc6f30b2fef3b8631128907e036bda88491970) |
||||
--- |
||||
Makefile.am | 3 +- |
||||
libnm-core/crypto.c | 30 +++++++---- |
||||
libnm-core/crypto.h | 6 ++- |
||||
libnm-core/crypto_gnutls.c | 14 ++++- |
||||
libnm-core/crypto_nss.c | 9 +++- |
||||
...{test-aes-key.pem => test-aes-128-key.pem} | 0 |
||||
libnm-core/tests/certs/test-aes-256-key.pem | 54 +++++++++++++++++++ |
||||
libnm-core/tests/test-crypto.c | 7 ++- |
||||
libnm-util/tests/test-crypto.c | 4 +- |
||||
9 files changed, 106 insertions(+), 21 deletions(-) |
||||
rename libnm-core/tests/certs/{test-aes-key.pem => test-aes-128-key.pem} (100%) |
||||
create mode 100644 libnm-core/tests/certs/test-aes-256-key.pem |
||||
|
||||
diff --git a/Makefile.am b/Makefile.am |
||||
index cdb5cfc9d..d86fa26c7 100644 |
||||
--- a/Makefile.am |
||||
+++ b/Makefile.am |
||||
@@ -749,7 +749,8 @@ EXTRA_DIST += \ |
||||
libnm-core/tests/certs/test2_ca_cert.pem \ |
||||
libnm-core/tests/certs/test2-cert.p12 \ |
||||
libnm-core/tests/certs/test2_key_and_cert.pem \ |
||||
- libnm-core/tests/certs/test-aes-key.pem \ |
||||
+ libnm-core/tests/certs/test-aes-128-key.pem \ |
||||
+ libnm-core/tests/certs/test-aes-256-key.pem \ |
||||
libnm-core/tests/certs/test_ca_cert.der \ |
||||
libnm-core/tests/certs/test_ca_cert.pem \ |
||||
libnm-core/tests/certs/test-ca-cert.pem \ |
||||
diff --git a/libnm-core/crypto.c b/libnm-core/crypto.c |
||||
index c4e48475f..319f8055f 100644 |
||||
--- a/libnm-core/crypto.c |
||||
+++ b/libnm-core/crypto.c |
||||
@@ -158,7 +158,13 @@ parse_old_openssl_key_file (const guint8 *data, |
||||
goto parse_error; |
||||
} |
||||
} else if (!strncmp (p, DEK_INFO_TAG, strlen (DEK_INFO_TAG))) { |
||||
+ static const char *const known_ciphers[] = { CIPHER_DES_EDE3_CBC, |
||||
+ CIPHER_DES_CBC, |
||||
+ CIPHER_AES_128_CBC, |
||||
+ CIPHER_AES_192_CBC, |
||||
+ CIPHER_AES_256_CBC }; |
||||
char *comma; |
||||
+ guint i; |
||||
|
||||
if (enc_tags++ != 1 || str->len != 0) { |
||||
g_set_error (error, NM_CRYPTO_ERROR, |
||||
@@ -187,13 +193,13 @@ parse_old_openssl_key_file (const guint8 *data, |
||||
iv = g_strdup (comma); |
||||
|
||||
/* Get the private key cipher */ |
||||
- if (!strcasecmp (p, "DES-EDE3-CBC")) { |
||||
- cipher = g_strdup (p); |
||||
- } else if (!strcasecmp (p, "DES-CBC")) { |
||||
- cipher = g_strdup (p); |
||||
- } else if (!strcasecmp (p, "AES-128-CBC")) { |
||||
- cipher = g_strdup (p); |
||||
- } else { |
||||
+ for (i = 0; i < G_N_ELEMENTS (known_ciphers); i++) { |
||||
+ if (!g_ascii_strcasecmp (p, known_ciphers[i])) { |
||||
+ cipher = g_strdup (known_ciphers[i]); |
||||
+ break; |
||||
+ } |
||||
+ } |
||||
+ if (i == G_N_ELEMENTS (known_ciphers)) { |
||||
g_set_error (error, NM_CRYPTO_ERROR, |
||||
NM_CRYPTO_ERROR_INVALID_DATA, |
||||
_("Malformed PEM file: unknown private key cipher '%s'."), |
||||
@@ -383,12 +389,16 @@ crypto_make_des_aes_key (const char *cipher, |
||||
g_return_val_if_fail (password != NULL, NULL); |
||||
g_return_val_if_fail (out_len != NULL, NULL); |
||||
|
||||
- if (!strcmp (cipher, "DES-EDE3-CBC")) |
||||
+ if (!strcmp (cipher, CIPHER_DES_EDE3_CBC)) |
||||
digest_len = 24; |
||||
- else if (!strcmp (cipher, "DES-CBC")) |
||||
+ else if (!strcmp (cipher, CIPHER_DES_CBC)) |
||||
digest_len = 8; |
||||
- else if (!strcmp (cipher, "AES-128-CBC")) |
||||
+ else if (!strcmp (cipher, CIPHER_AES_128_CBC)) |
||||
digest_len = 16; |
||||
+ else if (!strcmp (cipher, CIPHER_AES_192_CBC)) |
||||
+ digest_len = 24; |
||||
+ else if (!strcmp (cipher, CIPHER_AES_256_CBC)) |
||||
+ digest_len = 32; |
||||
else { |
||||
g_set_error (error, NM_CRYPTO_ERROR, |
||||
NM_CRYPTO_ERROR_UNKNOWN_CIPHER, |
||||
diff --git a/libnm-core/crypto.h b/libnm-core/crypto.h |
||||
index e89f09193..d20d6f310 100644 |
||||
--- a/libnm-core/crypto.h |
||||
+++ b/libnm-core/crypto.h |
||||
@@ -30,8 +30,10 @@ |
||||
|
||||
#define MD5_HASH_LEN 20 |
||||
#define CIPHER_DES_EDE3_CBC "DES-EDE3-CBC" |
||||
-#define CIPHER_DES_CBC "DES-CBC" |
||||
-#define CIPHER_AES_CBC "AES-128-CBC" |
||||
+#define CIPHER_DES_CBC "DES-CBC" |
||||
+#define CIPHER_AES_128_CBC "AES-128-CBC" |
||||
+#define CIPHER_AES_192_CBC "AES-192-CBC" |
||||
+#define CIPHER_AES_256_CBC "AES-256-CBC" |
||||
|
||||
typedef enum { |
||||
NM_CRYPTO_KEY_TYPE_UNKNOWN = 0, |
||||
diff --git a/libnm-core/crypto_gnutls.c b/libnm-core/crypto_gnutls.c |
||||
index 53a3ba4ad..49181ee72 100644 |
||||
--- a/libnm-core/crypto_gnutls.c |
||||
+++ b/libnm-core/crypto_gnutls.c |
||||
@@ -82,9 +82,15 @@ crypto_decrypt (const char *cipher, |
||||
} else if (!strcmp (cipher, CIPHER_DES_CBC)) { |
||||
cipher_mech = GNUTLS_CIPHER_DES_CBC; |
||||
real_iv_len = SALT_LEN; |
||||
- } else if (!strcmp (cipher, CIPHER_AES_CBC)) { |
||||
+ } else if (!strcmp (cipher, CIPHER_AES_128_CBC)) { |
||||
cipher_mech = GNUTLS_CIPHER_AES_128_CBC; |
||||
real_iv_len = 16; |
||||
+ } else if (!strcmp (cipher, CIPHER_AES_192_CBC)) { |
||||
+ cipher_mech = GNUTLS_CIPHER_AES_192_CBC; |
||||
+ real_iv_len = 16; |
||||
+ } else if (!strcmp (cipher, CIPHER_AES_256_CBC)) { |
||||
+ cipher_mech = GNUTLS_CIPHER_AES_256_CBC; |
||||
+ real_iv_len = 16; |
||||
} else { |
||||
g_set_error (error, NM_CRYPTO_ERROR, |
||||
NM_CRYPTO_ERROR_UNKNOWN_CIPHER, |
||||
@@ -189,8 +195,12 @@ crypto_encrypt (const char *cipher, |
||||
|
||||
if (!strcmp (cipher, CIPHER_DES_EDE3_CBC)) |
||||
cipher_mech = GNUTLS_CIPHER_3DES_CBC; |
||||
- else if (!strcmp (cipher, CIPHER_AES_CBC)) |
||||
+ else if (!strcmp (cipher, CIPHER_AES_128_CBC)) |
||||
cipher_mech = GNUTLS_CIPHER_AES_128_CBC; |
||||
+ else if (!strcmp (cipher, CIPHER_AES_192_CBC)) |
||||
+ cipher_mech = GNUTLS_CIPHER_AES_192_CBC; |
||||
+ else if (!strcmp (cipher, CIPHER_AES_256_CBC)) |
||||
+ cipher_mech = GNUTLS_CIPHER_AES_256_CBC; |
||||
else { |
||||
g_set_error (error, NM_CRYPTO_ERROR, |
||||
NM_CRYPTO_ERROR_UNKNOWN_CIPHER, |
||||
diff --git a/libnm-core/crypto_nss.c b/libnm-core/crypto_nss.c |
||||
index 56e91e26f..9a0c43349 100644 |
||||
--- a/libnm-core/crypto_nss.c |
||||
+++ b/libnm-core/crypto_nss.c |
||||
@@ -103,7 +103,9 @@ crypto_decrypt (const char *cipher, |
||||
} else if (!strcmp (cipher, CIPHER_DES_CBC)) { |
||||
cipher_mech = CKM_DES_CBC_PAD; |
||||
real_iv_len = 8; |
||||
- } else if (!strcmp (cipher, CIPHER_AES_CBC)) { |
||||
+ } else if (NM_IN_STRSET (cipher, CIPHER_AES_128_CBC, |
||||
+ CIPHER_AES_192_CBC, |
||||
+ CIPHER_AES_256_CBC)) { |
||||
cipher_mech = CKM_AES_CBC_PAD; |
||||
real_iv_len = 16; |
||||
} else { |
||||
@@ -269,7 +271,10 @@ crypto_encrypt (const char *cipher, |
||||
|
||||
if (!strcmp (cipher, CIPHER_DES_EDE3_CBC)) |
||||
cipher_mech = CKM_DES3_CBC_PAD; |
||||
- else if (!strcmp (cipher, CIPHER_AES_CBC)) |
||||
+ else if (NM_IN_STRSET (cipher, |
||||
+ CIPHER_AES_128_CBC, |
||||
+ CIPHER_AES_192_CBC, |
||||
+ CIPHER_AES_256_CBC)) |
||||
cipher_mech = CKM_AES_CBC_PAD; |
||||
else { |
||||
g_set_error (error, NM_CRYPTO_ERROR, |
||||
diff --git a/libnm-core/tests/certs/test-aes-key.pem b/libnm-core/tests/certs/test-aes-128-key.pem |
||||
similarity index 100% |
||||
rename from libnm-core/tests/certs/test-aes-key.pem |
||||
rename to libnm-core/tests/certs/test-aes-128-key.pem |
||||
diff --git a/libnm-core/tests/certs/test-aes-256-key.pem b/libnm-core/tests/certs/test-aes-256-key.pem |
||||
new file mode 100644 |
||||
index 000000000..e51bafd3d |
||||
--- /dev/null |
||||
+++ b/libnm-core/tests/certs/test-aes-256-key.pem |
||||
@@ -0,0 +1,54 @@ |
||||
+-----BEGIN RSA PRIVATE KEY----- |
||||
+Proc-Type: 4,ENCRYPTED |
||||
+DEK-Info: AES-256-CBC,5FF6BD2D4E57E8933D4A6814DEF5305A |
||||
+ |
||||
+9Br+xw6XOg7qUqfeE5PJ4g/PAm7eTcPMb4FzSKkaEosLo6oj4f37TwXuojJZeAmi |
||||
+1EytpqM1vdYHCLdjg+qYaTIq6mzMZIyoaREokcOhcNrq5S0J39gJLVV9LjiXhCAH |
||||
+GQgDBnbRT6HGz70AyTRLcW9aj6uBzTv/m92sLUw2txFeBXK8n2AA1oHJTgsFNYjf |
||||
+/ZvTCE1VMQHDPx31Vn5WXSUHNc0hx4MTIwpHqWI17ohr8IiWCs5HXVfVaqrNeNEw |
||||
+haD7fg8oNxjLs46/4dDWmfWXhDsMFSweZv03gZdyVjwn1IOqeVGmTdLpllfgOW7E |
||||
++XE8Y/d55s5nkOxu6eXNMtWgjclKBGr2iMxxnODmEsUt2WcV98cPS+25o3hOfy3s |
||||
+NIcfxtWVRFUtjqf3ragyGLuXFqATkj1slj4LVMeewRJ1g+Z6ti0mwBN+ZrYtKdec |
||||
+FRNb4zr5FW+3SqkIIJVfxJEYJDB4zODhMg8tySEHLKuT0uz42YQ4aoOHTzO5WDBY |
||||
+2BI7TjRppXcExPnkAk5jqbKA6BjT9KcAVyypfxDKvCeXKdjDcL6ISOBSm6cQBh8D |
||||
+HxsFzMy9PF6kKNeiNiEsVPnKYvhvs1hTBtp+IAgJ6KZnCDKplZFxo/mBAlV2KyCT |
||||
+x+Mhmme3fXdLJkvxlVJAoAhwgXvomVCVTGI3JhcQIqVgxPIKYpqlHVFC7JjG+yQX |
||||
+tvzCPtr9G9+Ofrm6zXjlDD7zNyl/KfFtEWhO2ePHkQlCEuKJnsnRIf/wQ0viG0yY |
||||
+MH31Z/84o2pKLBKY5fq8+eYuYoP9Rk4W2LpjGMvdkKhEHL26kZofeFyqD+JcaxHc |
||||
+kQh7/SbWAsREGb9Jp7I2q1mo749mse1oSFIQa5gN3jB0mgHZd6edRYeW2Up+rqEK |
||||
+k6Xd6uqs7bZd5W9sP7Cf6yJOFEjqFVLQEVEXWSchgeta/JNrjGr3UzLFN2S+vhvX |
||||
+XgDa41y2UdXHRqj2s864u0ZDPyGXYZnVbvQn/8xHQ7rvxHowpTn+XXUEf0AQnk3j |
||||
+9h++3McwP8GuVxkwc6o9TfOL+ell5jup7F3SekwEiE3hqY8x87g6X2zD5VSnfCy3 |
||||
+0t0LmPGI1b3LABeYjA1WEdhoTlHrNLkwOR4gsudrJ5nxIzfGy+IHaloXLJy4YKfX |
||||
+pJ+qyGRUR42YD9IhiEmmmO1VoJgVEYfBiz50Jg8emddku6eKdmv9IKjiSb2pTbDS |
||||
+4oUYKg109OOn+krk67dNXofAXrBa8v7QusC0yz9N25H05Xyou1iqpGk+uBrTqEO6 |
||||
+lW9lWQo57BQU9og40xMKH/xQgIxfQRktUKsPizj8mKil4izo5KgjPSqBeEbj+Q3c |
||||
+0FKlrpTXQlXfX5Z5esqMuCSiwQEzoJR+V+SUaSVcg1av0k/CJMin4Cr8roai+OjK |
||||
+lhaQIvx35Bzd02yERYsfpDjmQCXmIeiDm8JtB6znbQPUJ4d8kzWR+5ACOZW/dUss |
||||
+YhWJRkZpkIwTY+/sDU4mnP2R37MNo+OH4CwZyUDHjlkRPGW+6JBEpnnlI9a/1Vb1 |
||||
+pjAGpi/8u/luvZGTzCzxQG2dZc5YQR869U+wFsFbLRiD0aP2SpdOH0QxxPOcdR8+ |
||||
+HWyL01BJBKyK/wZWJhe+63zlk1L5CA0XYpoNkYpMlPNZkcqR7QzUOATfuBgI2aPM |
||||
+AXaweaAWhpPCDsc2RypIs9DhTiCCkt8tq8Au15hVUKAoshLeewPtv0t75MEC0hVB |
||||
+z6FVnNlqq0cqqcSVqvUG6JUGtFOGgG3ifEMXggq5k12+wGzY63DLR8dFPNpOL6/1 |
||||
+nocOayHJIU9M8PP817PzhAUAePRRUKRg8kkbKKeZnCJxoF7O15AFVEJnl9Vyokkz |
||||
+bULYhzYVx3xh8THMi+5jsnKWPJyMeYHbHH3C658SIw6Ff9fgEWscv5ZkGYdKMg+l |
||||
+8hBn+++SoqIO+F3lOGco+s8qlYox106lUwJEtORXcBxmkaHSo/X2AVO8Owt4vYli |
||||
+mjWnY6V9vooBgOuCMcY780pcoj2lSf9JPHDYK0j8t5VumDUSLyLt+tCj0yv/vl5L |
||||
+9L++vbu2akZRC9ChijYpfhTvXoG36ePhoT7AGGnhpFjjw1VqG80GY4XSODKzH86w |
||||
+kUcZoErb8swUPYOtsybtuPb+6c/YofQ8GfpVosPZgSRD4+U7v+zA3/z8xF2B0xt6 |
||||
+uV8hXbropuni8KmbFuKrPZK3p2v2aZ8F0+GITwS75/hbT6D7ruUSr5q4V0VKeE8G |
||||
+k3QSI0s6+74stPv3S/ByCxu8q51ffYqVw00wzPpEc4SmHEa0R7IczJKXupmDdZZM |
||||
+1rASSBNzS5TZDBXP6S7npYQ8nHhgXTdCFO7eM3bp24B/i2o0s7+gkKrz0DkEbv9I |
||||
+UrCJjTL8OIIP4qSLMILzZ8pB28c+zyM482ZqFY/2b7j6WlTiqa9P1adrD1gLxTQ0 |
||||
+Sw9xY+sY3PAJqcnPA5NjDZL/h5plgHhCqDa9pEtdBVG2Mxcl9bXbphwD1MIzj4gr |
||||
+xtlW1HUJ/iOhFcXldOJ1MCt++Bm5av4mL5adQ/oUnL5Q0oZZFwqT09k7xe7lZ98N |
||||
+uj2Lfl8NN7N3ama9KatgbX5g6IALuk/rJN/4KEiiu24m+lR7c5L0pg/cG6LIFjmk |
||||
+HlTsc0ANCgeZBhDJ8kvjcXDhFOqoYE/+D2VO6ZEHRsDibQ+kjpaH+DiD01/gh0N0 |
||||
+HM6GGtm3GbOyZUhw5OFz04xzcyFYo2xaqzgaZieAOcrt2s6XyPVf1gww08/HtTMR |
||||
+gLg14MUQvRXV6kPJfdu4OLZ//b6J0KnzVyLDRdOrWIj2raLWmKwQN9qv05/yskcD |
||||
+Y6x7wq3v6iZpFjDc53sslhwp2XRsoWT9X5alVspz8WvP/kqgkTdzpPFdp1vIovOQ |
||||
+kRXdzzKICDGDJUIcTL8cJ3Dv4XqNR/sVyuB4dfndzQQApbdYTDNpwX0VJDBjMkQy |
||||
+Up6aiUknxa6Cbp7b1ZfUQY8yNBAIZL+R8dmobT3nAHW61DaASHSxn+elCD2Ja/6b |
||||
+EiWikskyN6crMAv35ILr5ySsZK97ttNNmRoGFbt8bTjRd83Ie+UfH445kCKsY83x |
||||
+aDCvWm+bbV6M9rSgjhJ3bWOudiw+EBMGvSamSnS7CYnRmwq4t+4bM2sh2nYKY0qw |
||||
+-----END RSA PRIVATE KEY----- |
||||
diff --git a/libnm-core/tests/test-crypto.c b/libnm-core/tests/test-crypto.c |
||||
index fb99ffea7..5fb26c1fc 100644 |
||||
--- a/libnm-core/tests/test-crypto.c |
||||
+++ b/libnm-core/tests/test-crypto.c |
||||
@@ -476,8 +476,11 @@ main (int argc, char **argv) |
||||
g_test_add_data_func ("/libnm/crypto/key/padding-8", |
||||
"test2_key_and_cert.pem, 12345testing", |
||||
test_key); |
||||
- g_test_add_data_func ("/libnm/crypto/key/aes", |
||||
- "test-aes-key.pem, test-aes-password", |
||||
+ g_test_add_data_func ("/libnm/crypto/key/aes-128", |
||||
+ "test-aes-128-key.pem, test-aes-password", |
||||
+ test_key); |
||||
+ g_test_add_data_func ("/libnm/crypto/key/aes-256", |
||||
+ "test-aes-256-key.pem, test-aes-password", |
||||
test_key); |
||||
g_test_add_data_func ("/libnm/crypto/key/decrypted", |
||||
"test-key-only-decrypted.pem", |
||||
diff --git a/libnm-util/tests/test-crypto.c b/libnm-util/tests/test-crypto.c |
||||
index 61bd97745..af6028a52 100644 |
||||
--- a/libnm-util/tests/test-crypto.c |
||||
+++ b/libnm-util/tests/test-crypto.c |
||||
@@ -383,8 +383,8 @@ main (int argc, char **argv) |
||||
g_test_add_data_func ("/libnm/crypto/key/padding-8", |
||||
"test2_key_and_cert.pem, 12345testing", |
||||
test_key); |
||||
- g_test_add_data_func ("/libnm/crypto/key/aes", |
||||
- "test-aes-key.pem, test-aes-password", |
||||
+ g_test_add_data_func ("/libnm/crypto/key/aes-128", |
||||
+ "test-aes-128-key.pem, test-aes-password", |
||||
test_key); |
||||
|
||||
g_test_add_data_func ("/libnm/crypto/PKCS#12/1", |
||||
-- |
||||
2.17.1 |
||||
|
@ -0,0 +1,36 @@
@@ -0,0 +1,36 @@
|
||||
From acb43106a919affe65eb736ebc798390396913cc Mon Sep 17 00:00:00 2001 |
||||
From: Beniamino Galvani <bgalvani@redhat.com> |
||||
Date: Fri, 7 Sep 2018 09:33:57 +0200 |
||||
Subject: [PATCH] core: fix wireless bitrate property name on D-Bus |
||||
|
||||
In commit 297d4985abcc ("core/dbus: rework D-Bus implementation to use |
||||
lower layer GDBusConnection API") the Device.Wireless 'Bitrate' |
||||
property on D-Bus was accidentally changed to 'BitRate'. Revert the |
||||
old name. |
||||
|
||||
Reported-by: Joseph Conley <joseph.j.conley@gmail.com> |
||||
Fixes: 297d4985abcc7b571b8c090ee90622357fc60e16 |
||||
|
||||
https://mail.gnome.org/archives/networkmanager-list/2018-September/msg00004.html |
||||
(cherry picked from commit c882633d48ad70d5c92ce0566a0f46dcbb5c51b3) |
||||
(cherry picked from commit 3a2c6f81f6b0a8dd38d45aa89fa7d6d1f897f149) |
||||
--- |
||||
src/devices/wifi/nm-wifi-common.c | 2 +- |
||||
1 file changed, 1 insertion(+), 1 deletion(-) |
||||
|
||||
diff --git a/src/devices/wifi/nm-wifi-common.c b/src/devices/wifi/nm-wifi-common.c |
||||
index 8e079d115..c95620e7f 100644 |
||||
--- a/src/devices/wifi/nm-wifi-common.c |
||||
+++ b/src/devices/wifi/nm-wifi-common.c |
||||
@@ -196,7 +196,7 @@ const NMDBusInterfaceInfoExtended nm_interface_info_device_wireless = { |
||||
NM_DEFINE_DBUS_PROPERTY_INFO_EXTENDED_READABLE_L ("HwAddress", "s", NM_DEVICE_HW_ADDRESS), |
||||
NM_DEFINE_DBUS_PROPERTY_INFO_EXTENDED_READABLE_L ("PermHwAddress", "s", NM_DEVICE_PERM_HW_ADDRESS), |
||||
NM_DEFINE_DBUS_PROPERTY_INFO_EXTENDED_READABLE_L ("Mode", "u", NM_DEVICE_WIFI_MODE), |
||||
- NM_DEFINE_DBUS_PROPERTY_INFO_EXTENDED_READABLE_L ("BitRate", "u", NM_DEVICE_WIFI_BITRATE), |
||||
+ NM_DEFINE_DBUS_PROPERTY_INFO_EXTENDED_READABLE_L ("Bitrate", "u", NM_DEVICE_WIFI_BITRATE), |
||||
NM_DEFINE_DBUS_PROPERTY_INFO_EXTENDED_READABLE_L ("AccessPoints", "ao", NM_DEVICE_WIFI_ACCESS_POINTS), |
||||
NM_DEFINE_DBUS_PROPERTY_INFO_EXTENDED_READABLE_L ("ActiveAccessPoint", "o", NM_DEVICE_WIFI_ACTIVE_ACCESS_POINT), |
||||
NM_DEFINE_DBUS_PROPERTY_INFO_EXTENDED_READABLE_L ("WirelessCapabilities", "u", NM_DEVICE_WIFI_CAPABILITIES), |
||||
-- |
||||
2.17.1 |
||||
|
@ -0,0 +1,42 @@
@@ -0,0 +1,42 @@
|
||||
From 3a040f04f5c32639092ea5e427675df2a1830704 Mon Sep 17 00:00:00 2001 |
||||
From: Beniamino Galvani <bgalvani@redhat.com> |
||||
Date: Thu, 13 Sep 2018 14:50:32 +0200 |
||||
Subject: [PATCH] dns: dnsmasq: avoid crash when no reverse domains exist |
||||
|
||||
ip_data->domains.reverse can be NULL when the device is being removed |
||||
and has no IP configuration for a short moment. |
||||
|
||||
Fixes: 6409e7719c0341baedfdb063366457e390894ed9 |
||||
|
||||
https://bugzilla.gnome.org/show_bug.cgi?id=797022 |
||||
(cherry picked from commit f0c075f05082e4c77fac75ad06d303e7538e4fc7) |
||||
(cherry picked from commit 8309a7a6964d3677e0705046fb2f91810ef3ab65) |
||||
(cherry picked from commit 3abddc3328e7896f7af137ec9d74db86c27b3302) |
||||
--- |
||||
src/dns/nm-dns-dnsmasq.c | 10 ++++++---- |
||||
1 file changed, 6 insertions(+), 4 deletions(-) |
||||
|
||||
diff --git a/src/dns/nm-dns-dnsmasq.c b/src/dns/nm-dns-dnsmasq.c |
||||
index b5b93280d..91f4c55bd 100644 |
||||
--- a/src/dns/nm-dns-dnsmasq.c |
||||
+++ b/src/dns/nm-dns-dnsmasq.c |
||||
@@ -183,10 +183,12 @@ add_ip_config (NMDnsDnsmasq *self, GVariantBuilder *servers, const NMDnsIPConfig |
||||
domain[0] ? domain : NULL); |
||||
} |
||||
|
||||
- for (j = 0; ip_data->domains.reverse[j]; j++) { |
||||
- add_dnsmasq_nameserver (self, servers, |
||||
- ip_addr_to_string_buf, |
||||
- ip_data->domains.reverse[j]); |
||||
+ if (ip_data->domains.reverse) { |
||||
+ for (j = 0; ip_data->domains.reverse[j]; j++) { |
||||
+ add_dnsmasq_nameserver (self, servers, |
||||
+ ip_addr_to_string_buf, |
||||
+ ip_data->domains.reverse[j]); |
||||
+ } |
||||
} |
||||
} |
||||
} |
||||
-- |
||||
2.17.1 |
||||
|
@ -0,0 +1,34 @@
@@ -0,0 +1,34 @@
|
||||
From 2f9faf8348793ed577c0a3f6a7850c182762a7f0 Mon Sep 17 00:00:00 2001 |
||||
From: Beniamino Galvani <bgalvani@redhat.com> |
||||
Date: Thu, 9 Aug 2018 20:37:32 +0200 |
||||
Subject: [PATCH] cli: remove assertion in nmc_device_state_to_color() |
||||
|
||||
nmcli should not fail when the state device state is > ACTIVATED. |
||||
Just return an unknown color code like we used to do, and like we do |
||||
for connections. |
||||
|
||||
Fixes: 31aa2cfe29beb1bb7371ff36dbbd8baebeeaa06e |
||||
|
||||
https://bugzilla.gnome.org/show_bug.cgi?id=796834 |
||||
(cherry picked from commit c955d91d4bbd1aec0e00be8955ac24aecf64182f) |
||||
(cherry picked from commit 5b31dfb1a529a4c5eec6343daac22ecc81c83dc5) |
||||
--- |
||||
clients/cli/devices.c | 2 +- |
||||
1 file changed, 1 insertion(+), 1 deletion(-) |
||||
|
||||
diff --git a/clients/cli/devices.c b/clients/cli/devices.c |
||||
index aa28678ff..be7597327 100644 |
||||
--- a/clients/cli/devices.c |
||||
+++ b/clients/cli/devices.c |
||||
@@ -1470,7 +1470,7 @@ nmc_device_state_to_color (NMDeviceState state) |
||||
else if (state == NM_DEVICE_STATE_ACTIVATED) |
||||
return NM_META_COLOR_DEVICE_ACTIVATED; |
||||
|
||||
- g_return_val_if_reached (NM_META_COLOR_DEVICE_UNKNOWN); |
||||
+ return NM_META_COLOR_DEVICE_UNKNOWN; |
||||
} |
||||
|
||||
static void |
||||
-- |
||||
2.17.1 |
||||
|
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,120 @@
@@ -0,0 +1,120 @@
|
||||
From 948a03d2a28dae7bb975f6e64dc7b5a31f10d5b9 Mon Sep 17 00:00:00 2001 |
||||
From: Thomas Haller <thaller@redhat.com> |
||||
Date: Fri, 14 Sep 2018 11:13:05 +0200 |
||||
Subject: [PATCH 1/1] cli: fix reading "vpn.secrets.*" from passwd-file |
||||
|
||||
Due to a bug, we required VPN secrets to be prefixed with |
||||
"vpn.secret." instead of "vpn.secrets.". This was a change |
||||
in behavior with 1.12.0 release. |
||||
|
||||
Fix it, to restore the old behavior. For backward compatibility |
||||
to the broken behavior, adjust parse_passwords() to treat accept |
||||
that as well. |
||||
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=1628833 |
||||
https://github.com/NetworkManager/NetworkManager/pull/201 |
||||
|
||||
Fixes: 0601b5d725b072bd3ce4ec60be867898a16f85cd |
||||
(cherry picked from commit 5815ae8c60961f088e4e54b41ddf8254cb83574a) |
||||
(cherry picked from commit 6bfab6796f064c4f878e05476a60cd59fa8bf11e) |
||||
(cherry picked from commit 10888abe96fedd3d6c5b99faea76465522f8e8e9) |
||||
--- |
||||
clients/cli/common.c | 6 +++--- |
||||
clients/cli/connections.c | 10 +++++++++- |
||||
clients/common/nm-secret-agent-simple.c | 2 +- |
||||
clients/common/nm-secret-agent-simple.h | 2 +- |
||||
clients/tui/nmtui-connect.c | 6 +++--- |
||||
5 files changed, 17 insertions(+), 9 deletions(-) |
||||
|
||||
diff --git a/clients/cli/common.c b/clients/cli/common.c |
||||
index 09c86334a..4aea0d5b2 100644 |
||||
--- a/clients/cli/common.c |
||||
+++ b/clients/cli/common.c |
||||
@@ -630,13 +630,13 @@ vpn_openconnect_get_secrets (NMConnection *connection, GPtrArray *secrets) |
||||
if (!nm_streq0 (secret->vpn_type, NM_SECRET_AGENT_VPN_TYPE_OPENCONNECT)) |
||||
continue; |
||||
|
||||
- if (nm_streq0 (secret->entry_id, NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRET "cookie")) { |
||||
+ if (nm_streq0 (secret->entry_id, NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRETS "cookie")) { |
||||
g_free (secret->value); |
||||
secret->value = g_steal_pointer (&cookie); |
||||
- } else if (nm_streq0 (secret->entry_id, NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRET "gateway")) { |
||||
+ } else if (nm_streq0 (secret->entry_id, NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRETS "gateway")) { |
||||
g_free (secret->value); |
||||
secret->value = g_steal_pointer (&gateway); |
||||
- } else if (nm_streq0 (secret->entry_id, NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRET "gwcert")) { |
||||
+ } else if (nm_streq0 (secret->entry_id, NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRETS "gwcert")) { |
||||
g_free (secret->value); |
||||
secret->value = g_steal_pointer (&gwcert); |
||||
} |
||||
diff --git a/clients/cli/connections.c b/clients/cli/connections.c |
||||
index 1563178de..b547e34ca 100644 |
||||
--- a/clients/cli/connections.c |
||||
+++ b/clients/cli/connections.c |
||||
@@ -2565,7 +2565,15 @@ parse_passwords (const char *passwd_file, GError **error) |
||||
return NULL; |
||||
} |
||||
|
||||
- pwd_spec = g_strdup_printf ("%s.%s", setting, prop); |
||||
+ if ( nm_streq (setting, "vpn") |
||||
+ && g_str_has_prefix (prop, "secret.")) { |
||||
+ /* in 1.12.0, we wrongly required the VPN secrets to be named |
||||
+ * "vpn.secret". It should be "vpn.secrets". Work around it |
||||
+ * (rh#1628833). */ |
||||
+ pwd_spec = g_strdup_printf ("vpn.secrets.%s", &prop[NM_STRLEN ("secret.")]); |
||||
+ } else |
||||
+ pwd_spec = g_strdup_printf ("%s.%s", setting, prop); |
||||
+ |
||||
g_hash_table_insert (pwds_hash, pwd_spec, g_strdup (pwd)); |
||||
} |
||||
return g_steal_pointer (&pwds_hash); |
||||
diff --git a/clients/common/nm-secret-agent-simple.c b/clients/common/nm-secret-agent-simple.c |
||||
index 0856b51ff..3df8c0386 100644 |
||||
--- a/clients/common/nm-secret-agent-simple.c |
||||
+++ b/clients/common/nm-secret-agent-simple.c |
||||
@@ -195,7 +195,7 @@ nm_secret_agent_simple_secret_new (NMSecretAgentSecretType secret_type, |
||||
real->base.is_secret = (secret_type != NM_SECRET_AGENT_SECRET_TYPE_PROPERTY); |
||||
break; |
||||
case NM_SECRET_AGENT_SECRET_TYPE_VPN_SECRET: |
||||
- vpn_prefix = NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRET; |
||||
+ vpn_prefix = NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRETS; |
||||
value = nm_setting_vpn_get_secret (NM_SETTING_VPN (setting), property); |
||||
real->base.entry_id = g_strdup_printf ("%s%s", vpn_prefix, property); |
||||
nm_assert (vpn_type); |
||||
diff --git a/clients/common/nm-secret-agent-simple.h b/clients/common/nm-secret-agent-simple.h |
||||
index 505987dfd..529aaeaca 100644 |
||||
--- a/clients/common/nm-secret-agent-simple.h |
||||
+++ b/clients/common/nm-secret-agent-simple.h |
||||
@@ -56,7 +56,7 @@ typedef struct { |
||||
gboolean is_secret; |
||||
} NMSecretAgentSimpleSecret; |
||||
|
||||
-#define NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRET "vpn.secret." |
||||
+#define NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRETS "vpn.secrets." |
||||
|
||||
#define NM_SECRET_AGENT_VPN_TYPE_OPENCONNECT NM_DBUS_INTERFACE".openconnect" |
||||
|
||||
diff --git a/clients/tui/nmtui-connect.c b/clients/tui/nmtui-connect.c |
||||
index 2a954fb8c..6f29e13e9 100644 |
||||
--- a/clients/tui/nmtui-connect.c |
||||
+++ b/clients/tui/nmtui-connect.c |
||||
@@ -121,13 +121,13 @@ secrets_requested (NMSecretAgentSimple *agent, |
||||
continue; |
||||
if (!nm_streq0 (secret->vpn_type, NM_SECRET_AGENT_VPN_TYPE_OPENCONNECT)) |
||||
continue; |
||||
- if (nm_streq0 (secret->entry_id, NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRET "cookie")) { |
||||
+ if (nm_streq0 (secret->entry_id, NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRETS "cookie")) { |
||||
g_free (secret->value); |
||||
secret->value = g_steal_pointer (&cookie); |
||||
- } else if (nm_streq0 (secret->entry_id, NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRET "gateway")) { |
||||
+ } else if (nm_streq0 (secret->entry_id, NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRETS "gateway")) { |
||||
g_free (secret->value); |
||||
secret->value = g_steal_pointer (&gateway); |
||||
- } else if (nm_streq0 (secret->entry_id, NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRET "gwcert")) { |
||||
+ } else if (nm_streq0 (secret->entry_id, NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRETS "gwcert")) { |
||||
g_free (secret->value); |
||||
secret->value = g_steal_pointer (&gwcert); |
||||
} |
||||
-- |
||||
2.17.1 |
||||
|
@ -0,0 +1,4 @@
@@ -0,0 +1,4 @@
|
||||
[connectivity] |
||||
uri=http://fedoraproject.org/static/hotspot.txt |
||||
response=OK |
||||
interval=300 |
@ -0,0 +1,4 @@
@@ -0,0 +1,4 @@
|
||||
[connectivity] |
||||
uri=http://static.redhat.com/test/rhel-networkmanager.txt |
||||
response=OK |
||||
interval=300 |
Loading…
Reference in new issue