powerel7
/
base
2
0
Fork 0
Code Issues Pull Requests Releases Activity
Browse Source

NetworkManager package update 

Signed-off-by: basebuilder_pel7x64builder0 <basebuilder@powerel.org>
master
basebuilder_pel7x64builder0 6 years ago
parent
c1cb72c640
commit
15d5359fb0
15 changed files with 13106 additions and 187 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 105
      SOURCES/0001-cloned-mac-address-permanent-rh1413312.patch
  2. 5
      SOURCES/0002-nm-wait-online-not-require-nm-service-rh1520865.patch
  3. 330
      SOURCES/0003-dhclient-no-leading-zero-client-id-rh1556983.patch
  4. 38
      SOURCES/0004-device-disable-rp_filter-handling.patch
  5. 33
      SOURCES/0005-ibft-cap-sys-admin-rh1371201.patch
  6. 275
      SOURCES/0006-support-aes256-private-keys-rh1623798.patch
  7. 36
      SOURCES/0007-core-fix-wireless-bitrate-property-name-on-D-Bus-rh1626391.patch
  8. 42
      SOURCES/0008-dns-dnsmsaq-avoid-crash-no-rev-domains-rh1628576.patch
  9. 34
      SOURCES/1000-cli-remove-assertion-in-nmc_device_state_to_color.patch
  10. 11844
      SOURCES/1001-translations-rh1569438.patch
  11. 120
      SOURCES/1002-cli-fix-reading-vpn.secrets.-from-passwd-file.patch
  12. 4
      SOURCES/20-connectivity-fedora.conf
  13. 4
      SOURCES/20-connectivity-redhat.conf
  14. 56
      SOURCES/9999-fix-pregen-doc.patch
  15. 367
      SPECS/NetworkManager.spec

105
SOURCES/0001-cloned-mac-address-permanent-rh1413312.patch
Unescape View File

@ -1,4 +1,4 @@ @@ -1,4 +1,4 @@
From cf4fabd8dd1235312ebc21becda6378b770eb822 Mon Sep 17 00:00:00 2001
From d7590dd02fd47cc32e0e76e19578116c83910591 Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Fri, 24 Feb 2017 20:25:56 +0100
Subject: [PATCH] Revert "device: change default value for cloned-mac-address
@ -8,17 +8,17 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1413312 @@ -8,17 +8,17 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1413312

This reverts commit fae5ecec5a4d9987a1915441602cb78275a9f490.
---
clients/common/settings-docs.c.in | 4 ++--
clients/common/settings-docs.h.in | 4 ++--
libnm-core/nm-setting-wired.c | 7 +++----
libnm-core/nm-setting-wireless.c | 7 +++----
man/NetworkManager.conf.xml | 4 ++--
src/devices/nm-device.c | 3 ++-
5 files changed, 12 insertions(+), 13 deletions(-)

diff --git a/clients/common/settings-docs.c.in b/clients/common/settings-docs.c.in
index bf544ab6e..12991cc06 100644
--- a/clients/common/settings-docs.c.in
+++ b/clients/common/settings-docs.c.in
diff --git a/clients/common/settings-docs.h.in b/clients/common/settings-docs.h.in
index 7ad8c19a6..5aca99eee 100644
--- a/clients/common/settings-docs.h.in
+++ b/clients/common/settings-docs.h.in
@@ -7,7 +7,7 @@
#define DESCRIBE_DOC_NM_SETTING_WIRELESS_BAND N_("802.11 frequency band of the network. One of \"a\" for 5GHz 802.11a or \"bg\" for 2.4GHz 802.11. This will lock associations to the Wi-Fi network to the specific band, i.e. if \"a\" is specified, the device will not associate with the same network in the 2.4GHz band even if the network's settings are compatible. This setting depends on specific driver capability and may not work with all drivers.")
#define DESCRIBE_DOC_NM_SETTING_WIRELESS_BSSID N_("If specified, directs the device to only associate with the given access point. This capability is highly driver dependent and not supported by all devices. Note: this property does not control the BSSID used when creating an Ad-Hoc network and is unlikely to in the future.")
@ -26,72 +26,72 @@ index bf544ab6e..12991cc06 100644 @@ -26,72 +26,72 @@ index bf544ab6e..12991cc06 100644
-#define DESCRIBE_DOC_NM_SETTING_WIRELESS_CLONED_MAC_ADDRESS N_("If specified, request that the device use this MAC address instead. This is known as MAC cloning or spoofing. Beside explicitly specifying a MAC address, the special values \"preserve\", \"permanent\", \"random\" and \"stable\" are supported. \"preserve\" means not to touch the MAC address on activation. \"permanent\" means to use the permanent hardware address of the device. \"random\" creates a random MAC address on each connect. \"stable\" creates a hashed MAC address based on connection.stable-id and a machine dependent key. If unspecified, the value can be overwritten via global defaults, see manual of NetworkManager.conf. If still unspecified, it defaults to \"preserve\" (older versions of NetworkManager may use a different default value). On D-Bus, this field is expressed as \"assigned-mac-address\" or the deprecated \"cloned-mac-address\".")
+#define DESCRIBE_DOC_NM_SETTING_WIRELESS_CLONED_MAC_ADDRESS N_("If specified, request that the device use this MAC address instead of its permanent MAC address. This is known as MAC cloning or spoofing. Beside explicitly specifying a MAC address, the special values \"preserve\", \"permanent\", \"random\" and \"stable\" are supported. \"preserve\" means not to touch the MAC address on activation. \"permanent\" means to use the permanent hardware address of the device. \"random\" creates a random MAC address on each connect. \"stable\" creates a hashed MAC address based on connection.stable-id and a machine dependent key. If unspecified, the value can be overwritten via global defaults, see manual of NetworkManager.conf. If still unspecified, it defaults to \"permanent\". On D-Bus, this field is expressed as \"assigned-mac-address\" or the deprecated \"cloned-mac-address\".")
#define DESCRIBE_DOC_NM_SETTING_WIRELESS_GENERATE_MAC_ADDRESS_MASK N_("With \"cloned-mac-address\" setting \"random\" or \"stable\", by default all bits of the MAC address are scrambled and a locally-administered, unicast MAC address is created. This property allows to specify that certain bits are fixed. Note that the least significant bit of the first MAC address will always be unset to create a unicast MAC address. If the property is NULL, it is eligible to be overwritten by a default connection setting. If the value is still NULL or an empty string, the default is to create a locally-administered, unicast MAC address. If the value contains one MAC address, this address is used as mask. The set bits of the mask are to be filled with the current MAC address of the device, while the unset bits are subject to randomization. Setting \"FE:FF:FF:00:00:00\" means to preserve the OUI of the current MAC address and only randomize the lower 3 bytes using the \"random\" or \"stable\" algorithm. If the value contains one additional MAC address after the mask, this address is used instead of the current MAC address to fill the bits that shall not be randomized. For example, a value of \"FE:FF:FF:00:00:00 68:F7:28:00:00:00\" will set the OUI of the MAC address to 68:F7:28, while the lower bits are randomized. A value of \"02:00:00:00:00:00 00:00:00:00:00:00\" will create a fully scrambled globally-administered, burned-in MAC address. If the value contains more than one additional MAC addresses, one of them is chosen randomly. For example, \"02:00:00:00:00:00 00:00:00:00:00:00 02:00:00:00:00:00\" will create a fully scrambled MAC address, randomly locally or globally administered.")
#define DESCRIBE_DOC_NM_SETTING_WIRELESS_HIDDEN N_("If TRUE, indicates this network is a non-broadcasting network that hides its SSID. In this case various workarounds may take place, such as probe-scanning the SSID for more reliable network discovery. However, these workarounds expose inherent insecurities with hidden SSID networks, and thus hidden SSID networks should be used with caution.")
#define DESCRIBE_DOC_NM_SETTING_WIRELESS_HIDDEN N_("If TRUE, indicates this network is a non-broadcasting network that hides its SSID. In this case various workarounds may take place, such as probe-scanning the SSID for more reliable network discovery. However, these workarounds expose inherent insecurities with hidden SSID networks, and thus hidden SSID networks should be used with caution. Note that marking the network as hidden may be a privacy issue for you, as the explicit probe-scans may be distinctly recognizable on the air.")
#define DESCRIBE_DOC_NM_SETTING_WIRELESS_MAC_ADDRESS N_("If specified, this connection will only apply to the Wi-Fi device whose permanent MAC address matches. This property does not change the MAC address of the device (i.e. MAC spoofing).")
@@ -87,7 +87,7 @@
@@ -89,7 +89,7 @@
#define DESCRIBE_DOC_NM_SETTING_802_1X_SUBJECT_MATCH N_("Substring to be matched against the subject of the certificate presented by the authentication server. When unset, no verification of the authentication server certificate's subject is performed. This property provides little security, if any, and its use is deprecated in favor of NMSetting8021x:domain-suffix-match.")
#define DESCRIBE_DOC_NM_SETTING_802_1X_SYSTEM_CA_CERTS N_("When TRUE, overrides the \"ca-path\" and \"phase2-ca-path\" properties using the system CA directory specified at configure time with the --system-ca-path switch. The certificates in this directory are added to the verification chain in addition to any certificates specified by the \"ca-cert\" and \"phase2-ca-cert\" properties. If the path provided with --system-ca-path is rather a file name (bundle of trusted CA certificates), it overrides \"ca-cert\" and \"phase2-ca-cert\" properties instead (sets ca_cert/ca_cert2 options for wpa_supplicant).")
#define DESCRIBE_DOC_NM_SETTING_WIRED_AUTO_NEGOTIATE N_("If TRUE, enforce auto-negotiation of port speed and duplex mode. If FALSE, \"speed\" and \"duplex\" properties should be both set or link configuration will be skipped.")
#define DESCRIBE_DOC_NM_SETTING_WIRED_AUTO_NEGOTIATE N_("When TRUE, enforce auto-negotiation of speed and duplex mode. If \"speed\" and \"duplex\" properties are both specified, only that single mode will be advertised and accepted during the link auto-negotiation process: this works only for BASE-T 802.3 specifications and is useful for enforcing gigabits modes, as in these cases link negotiation is mandatory. When FALSE, \"speed\" and \"duplex\" properties should be both set or link configuration will be skipped.")
-#define DESCRIBE_DOC_NM_SETTING_WIRED_CLONED_MAC_ADDRESS N_("If specified, request that the device use this MAC address instead. This is known as MAC cloning or spoofing. Beside explicitly specifying a MAC address, the special values \"preserve\", \"permanent\", \"random\" and \"stable\" are supported. \"preserve\" means not to touch the MAC address on activation. \"permanent\" means to use the permanent hardware address if the device has one (otherwise this is treated as \"preserve\"). \"random\" creates a random MAC address on each connect. \"stable\" creates a hashed MAC address based on connection.stable-id and a machine dependent key. If unspecified, the value can be overwritten via global defaults, see manual of NetworkManager.conf. If still unspecified, it defaults to \"preserve\" (older versions of NetworkManager may use a different default value). On D-Bus, this field is expressed as \"assigned-mac-address\" or the deprecated \"cloned-mac-address\".")
+#define DESCRIBE_DOC_NM_SETTING_WIRED_CLONED_MAC_ADDRESS N_("If specified, request that the device use this MAC address instead of its permanent MAC address. This is known as MAC cloning or spoofing. Beside explicitly specifying a MAC address, the special values \"preserve\", \"permanent\", \"random\" and \"stable\" are supported. \"preserve\" means not to touch the MAC address on activation. \"permanent\" means to use the permanent hardware address if the device has one (otherwise this is treated as \"preserve\"). \"random\" creates a random MAC address on each connect. \"stable\" creates a hashed MAC address based on connection.stable-id and a machine dependent key. If unspecified, the value can be overwritten via global defaults, see manual of NetworkManager.conf. If still unspecified, it defaults to \"permanent\". On D-Bus, this field is expressed as \"assigned-mac-address\" or the deprecated \"cloned-mac-address\".")
#define DESCRIBE_DOC_NM_SETTING_WIRED_DUPLEX N_("Can be specified only when \"auto-negotiate\" is \"off\". In that case, statically configures the device to use that specified duplex mode, either \"half\" or \"full\". Must be set together with the \"speed\" property if specified. Before specifying a duplex mode be sure your device supports it.")
#define DESCRIBE_DOC_NM_SETTING_WIRED_DUPLEX N_("When a value is set, either \"half\" or \"full\", configures the device to use the specified duplex mode. If \"auto-negotiate\" is \"yes\" the specified duplex mode will be the only one advertised during link negotiation: this works only for BASE-T 802.3 specifications and is useful for enforcing gigabits modes, as in these cases link negotiation is mandatory. If the value is unset (the default), the link configuration will be either skipped (if \"auto-negotiate\" is \"no\", the default) or will be auto-negotiated (if \"auto-negotiate\" is \"yes\") and the local device will advertise all the supported duplex modes. Must be set together with the \"speed\" property if specified. Before specifying a duplex mode be sure your device supports it.")
#define DESCRIBE_DOC_NM_SETTING_WIRED_GENERATE_MAC_ADDRESS_MASK N_("With \"cloned-mac-address\" setting \"random\" or \"stable\", by default all bits of the MAC address are scrambled and a locally-administered, unicast MAC address is created. This property allows to specify that certain bits are fixed. Note that the least significant bit of the first MAC address will always be unset to create a unicast MAC address. If the property is NULL, it is eligible to be overwritten by a default connection setting. If the value is still NULL or an empty string, the default is to create a locally-administered, unicast MAC address. If the value contains one MAC address, this address is used as mask. The set bits of the mask are to be filled with the current MAC address of the device, while the unset bits are subject to randomization. Setting \"FE:FF:FF:00:00:00\" means to preserve the OUI of the current MAC address and only randomize the lower 3 bytes using the \"random\" or \"stable\" algorithm. If the value contains one additional MAC address after the mask, this address is used instead of the current MAC address to fill the bits that shall not be randomized. For example, a value of \"FE:FF:FF:00:00:00 68:F7:28:00:00:00\" will set the OUI of the MAC address to 68:F7:28, while the lower bits are randomized. A value of \"02:00:00:00:00:00 00:00:00:00:00:00\" will create a fully scrambled globally-administered, burned-in MAC address. If the value contains more than one additional MAC addresses, one of them is chosen randomly. For example, \"02:00:00:00:00:00 00:00:00:00:00:00 02:00:00:00:00:00\" will create a fully scrambled MAC address, randomly locally or globally administered.")
#define DESCRIBE_DOC_NM_SETTING_WIRED_MAC_ADDRESS N_("If specified, this connection will only apply to the Ethernet device whose permanent MAC address matches. This property does not change the MAC address of the device (i.e. MAC spoofing).")
diff --git a/libnm-core/nm-setting-wired.c b/libnm-core/nm-setting-wired.c
index 9d255e1d0..f36283a7e 100644
index 5da9ce7d7..ccbc42f90 100644
--- a/libnm-core/nm-setting-wired.c
+++ b/libnm-core/nm-setting-wired.c
@@ -1144,8 +1144,8 @@ nm_setting_wired_class_init (NMSettingWiredClass *setting_wired_class)
/**
* NMSettingWired:cloned-mac-address:
*
@@ -1149,8 +1149,8 @@ nm_setting_wired_class_init (NMSettingWiredClass *setting_wired_class)
/**
* NMSettingWired:cloned-mac-address:
*
- * If specified, request that the device use this MAC address instead.
- * This is known as MAC cloning or spoofing.
+ * If specified, request that the device use this MAC address instead of its
+ * permanent MAC address. This is known as MAC cloning or spoofing.
*
* Beside explicitly specifying a MAC address, the special values "preserve", "permanent",
* "random" and "stable" are supported.
@@ -1157,8 +1157,7 @@ nm_setting_wired_class_init (NMSettingWiredClass *setting_wired_class)
* machine dependent key.
*
* If unspecified, the value can be overwritten via global defaults, see manual
*
* Beside explicitly specifying a MAC address, the special values "preserve", "permanent",
* "random" and "stable" are supported.
@@ -1162,8 +1162,7 @@ nm_setting_wired_class_init (NMSettingWiredClass *setting_wired_class)
* machine dependent key.
*
* If unspecified, the value can be overwritten via global defaults, see manual
- * of NetworkManager.conf. If still unspecified, it defaults to "preserve"
- * (older versions of NetworkManager may use a different default value).
+ * of NetworkManager.conf. If still unspecified, it defaults to "permanent".
*
* On D-Bus, this field is expressed as "assigned-mac-address" or the deprecated
* "cloned-mac-address".
*
* On D-Bus, this field is expressed as "assigned-mac-address" or the deprecated
* "cloned-mac-address".
diff --git a/libnm-core/nm-setting-wireless.c b/libnm-core/nm-setting-wireless.c
index 0a3915bfc..8f457ffcc 100644
index 89a2df8eb..e80d153f1 100644
--- a/libnm-core/nm-setting-wireless.c
+++ b/libnm-core/nm-setting-wireless.c
@@ -1350,8 +1350,8 @@ nm_setting_wireless_class_init (NMSettingWirelessClass *setting_wireless_class)
/**
* NMSettingWireless:cloned-mac-address:
*
@@ -1396,8 +1396,8 @@ nm_setting_wireless_class_init (NMSettingWirelessClass *setting_wireless_class)
/**
* NMSettingWireless:cloned-mac-address:
*
- * If specified, request that the device use this MAC address instead.
- * This is known as MAC cloning or spoofing.
+ * If specified, request that the device use this MAC address instead of its
+ * permanent MAC address. This is known as MAC cloning or spoofing.
*
* Beside explicitly specifying a MAC address, the special values "preserve", "permanent",
* "random" and "stable" are supported.
@@ -1362,8 +1362,7 @@ nm_setting_wireless_class_init (NMSettingWirelessClass *setting_wireless_class)
* machine dependent key.
*
* If unspecified, the value can be overwritten via global defaults, see manual
*
* Beside explicitly specifying a MAC address, the special values "preserve", "permanent",
* "random" and "stable" are supported.
@@ -1408,8 +1408,7 @@ nm_setting_wireless_class_init (NMSettingWirelessClass *setting_wireless_class)
* machine dependent key.
*
* If unspecified, the value can be overwritten via global defaults, see manual
- * of NetworkManager.conf. If still unspecified, it defaults to "preserve"
- * (older versions of NetworkManager may use a different default value).
+ * of NetworkManager.conf. If still unspecified, it defaults to "permanent".
*
* On D-Bus, this field is expressed as "assigned-mac-address" or the deprecated
* "cloned-mac-address".
*
* On D-Bus, this field is expressed as "assigned-mac-address" or the deprecated
* "cloned-mac-address".
diff --git a/man/NetworkManager.conf.xml b/man/NetworkManager.conf.xml
index 446540aa1..fc106a51e 100644
index 17bc42f34..aa8e66946 100644
--- a/man/NetworkManager.conf.xml
+++ b/man/NetworkManager.conf.xml
@@ -659,7 +659,7 @@ ipv6.ip6-privacy=0
@@ -661,7 +661,7 @@ ipv6.ip6-privacy=0
</varlistentry>
<varlistentry>
<term><varname>ethernet.cloned-mac-address</varname></term>
@ -100,7 +100,7 @@ index 446540aa1..fc106a51e 100644 @@ -100,7 +100,7 @@ index 446540aa1..fc106a51e 100644
</varlistentry>
<varlistentry>
<term><varname>ethernet.generate-mac-address-mask</varname></term>
@@ -724,7 +724,7 @@ ipv6.ip6-privacy=0
@@ -733,7 +733,7 @@ ipv6.ip6-privacy=0
</varlistentry>
<varlistentry>
<term><varname>wifi.cloned-mac-address</varname></term>
@ -110,18 +110,19 @@ index 446540aa1..fc106a51e 100644 @@ -110,18 +110,19 @@ index 446540aa1..fc106a51e 100644
<varlistentry>
<term><varname>wifi.generate-mac-address-mask</varname></term>
diff --git a/src/devices/nm-device.c b/src/devices/nm-device.c
index afc81dcde..f75cc86e3 100644
index 5a5cb50e9..613e87034 100644
--- a/src/devices/nm-device.c
+++ b/src/devices/nm-device.c
@@ -13624,7 +13624,8 @@ _get_cloned_mac_address_setting (NMDevice *self, NMConnection *connection, gbool
is_wifi ? "wifi.cloned-mac-address" : "ethernet.cloned-mac-address",
self);

@@ -14628,7 +14628,8 @@ _get_cloned_mac_address_setting (NMDevice *self, NMConnection *connection, gbool
is_wifi ? "wifi.cloned-mac-address" : "ethernet.cloned-mac-address",
self);
- addr = NM_CLONED_MAC_PRESERVE;
+ /* RHEL patches the default to permanent (rh#1413312) */
+ addr = NM_CLONED_MAC_PERMANENT;
if (!a) {
if (is_wifi) {
--
2.17.0

if (!a) {
if (is_wifi) {
--
2.14.3

5
SOURCES/0002-nm-wait-online-not-require-nm-service-rh1520865.patch
Unescape View File

@ -33,6 +33,7 @@ index 896324685..1753d2039 100644 @@ -33,6 +33,7 @@ index 896324685..1753d2039 100644
+Requisite=NetworkManager.service
After=NetworkManager.service
Before=network-online.target

--
--
2.14.3


330
SOURCES/0003-dhclient-no-leading-zero-client-id-rh1556983.patch
Unescape View File

@ -0,0 +1,330 @@ @@ -0,0 +1,330 @@
From 8e8c797904fc29396d340609f006add206df4973 Mon Sep 17 00:00:00 2001
From: Beniamino Galvani <bgalvani@redhat.com>
Date: Wed, 20 Jun 2018 11:49:22 +0200
Subject: [PATCH 1/2] Revert "dhclient: write client-id with backslash and
quotes as hex"

This reverts commit 0e4b33ee7552b036332f1bdbfed78f8ee75f000e.
---
src/dhcp/nm-dhcp-dhclient-utils.c | 2 +-
src/dhcp/tests/test-dhcp-dhclient.c | 32 +----------------------------
2 files changed, 2 insertions(+), 32 deletions(-)

diff --git a/src/dhcp/nm-dhcp-dhclient-utils.c b/src/dhcp/nm-dhcp-dhclient-utils.c
index 3290dd65c..6adb395c9 100644
--- a/src/dhcp/nm-dhcp-dhclient-utils.c
+++ b/src/dhcp/nm-dhcp-dhclient-utils.c
@@ -124,7 +124,7 @@ add_ip4_config (GString *str, GBytes *client_id, const char *hostname, gboolean
* as long as all the characters are printable.
*/
for (i = 1; (p[0] == 0) && i < l; i++) {
- if (!g_ascii_isprint (p[i]) || p[i] == '\\' || p[i] == '"')
+ if (!g_ascii_isprint (p[i]))
break;
}
diff --git a/src/dhcp/tests/test-dhcp-dhclient.c b/src/dhcp/tests/test-dhcp-dhclient.c
index 2f369aacc..f3b17807f 100644
--- a/src/dhcp/tests/test-dhcp-dhclient.c
+++ b/src/dhcp/tests/test-dhcp-dhclient.c
@@ -176,35 +176,6 @@ test_quote_client_id (void)
/*****************************************************************************/
-static const char *quote_client_id_expected_2 = \
- "# Created by NetworkManager\n"
- "\n"
- "send dhcp-client-identifier 00:61:5c:62:63; # added by NetworkManager\n"
- "\n"
- "option rfc3442-classless-static-routes code 121 = array of unsigned integer 8;\n"
- "option ms-classless-static-routes code 249 = array of unsigned integer 8;\n"
- "option wpad code 252 = string;\n"
- "\n"
- "also request rfc3442-classless-static-routes;\n"
- "also request ms-classless-static-routes;\n"
- "also request static-routes;\n"
- "also request wpad;\n"
- "also request ntp-servers;\n"
- "\n";
-
-static void
-test_quote_client_id_2 (void)
-{
- test_config (NULL, quote_client_id_expected_2,
- AF_INET, NULL, 0, FALSE,
- "a\\bc",
- NULL,
- "eth0",
- NULL);
-}
-
-/*****************************************************************************/
-
static const char *hex_zero_client_id_expected = \
"# Created by NetworkManager\n"
"\n"
@@ -1026,8 +997,7 @@ main (int argc, char **argv)
g_test_add_func ("/dhcp/dhclient/orig_missing", test_orig_missing);
g_test_add_func ("/dhcp/dhclient/override_client_id", test_override_client_id);
- g_test_add_func ("/dhcp/dhclient/quote_client_id/1", test_quote_client_id);
- g_test_add_func ("/dhcp/dhclient/quote_client_id/2", test_quote_client_id_2);
+ g_test_add_func ("/dhcp/dhclient/quote_client_id", test_quote_client_id);
g_test_add_func ("/dhcp/dhclient/hex_zero_client_id", test_hex_zero_client_id);
g_test_add_func ("/dhcp/dhclient/ascii_client_id", test_ascii_client_id);
g_test_add_func ("/dhcp/dhclient/hex_single_client_id", test_hex_single_client_id);
--
2.17.0

From 5fa45f1a84ea2e46e5fb07aeef19cb46322b64bc Mon Sep 17 00:00:00 2001
From: Beniamino Galvani <bgalvani@redhat.com>
Date: Wed, 20 Jun 2018 11:50:51 +0200
Subject: [PATCH 2/2] Revert "dhcp: dhclient: set type 0 for printable client
IDs"

Keep the RHEL 7.5 behavior.

This reverts commit 8ffa22d10d3001405965826b46463663fd2dacc2.
---
src/dhcp/nm-dhcp-dhclient-utils.c | 46 +++-------------
src/dhcp/tests/test-dhcp-dhclient.c | 83 +++--------------------------
2 files changed, 16 insertions(+), 113 deletions(-)

diff --git a/src/dhcp/nm-dhcp-dhclient-utils.c b/src/dhcp/nm-dhcp-dhclient-utils.c
index 6adb395c9..90fa33397 100644
--- a/src/dhcp/nm-dhcp-dhclient-utils.c
+++ b/src/dhcp/nm-dhcp-dhclient-utils.c
@@ -137,9 +137,8 @@ add_ip4_config (GString *str, GBytes *client_id, const char *hostname, gboolean
g_string_append_printf (str, "%02x", (guint8) p[i]);
}
} else {
- /* Printable; just add to the line with type 0 */
+ /* Printable; just add to the line minus the 'type' */
g_string_append_c (str, '"');
- g_string_append (str, "\\x00");
g_string_append_len (str, p + 1, l - 1);
g_string_append_c (str, '"');
}
@@ -177,60 +176,31 @@ read_client_id (const char *str)
{
gs_free char *s = NULL;
char *p;
- int i = 0, j = 0;
nm_assert (!strncmp (str, CLIENTID_TAG, NM_STRLEN (CLIENTID_TAG)));
- str += NM_STRLEN (CLIENTID_TAG);
- if (!g_ascii_isspace (*str))
- return NULL;
+ str += NM_STRLEN (CLIENTID_TAG);
while (g_ascii_isspace (*str))
str++;
if (*str == '"') {
- /* Parse string literal with escape sequences */
s = g_strdup (str + 1);
p = strrchr (s, '"');
if (p)
*p = '\0';
else
return NULL;
+ } else
+ s = g_strdup (str);
- if (!s[0])
- return NULL;
-
- while (s[i]) {
- if ( s[i] == '\\'
- && s[i + 1] == 'x'
- && g_ascii_isxdigit (s[i + 2])
- && g_ascii_isxdigit (s[i + 3])) {
- s[j++] = (g_ascii_xdigit_value (s[i + 2]) << 4)
- + g_ascii_xdigit_value (s[i + 3]);
- i += 4;
- continue;
- }
- if ( s[i] == '\\'
- && s[i + 1] >= '0' && s[i + 1] <= '7'
- && s[1 + 2] >= '0' && s[i + 2] <= '7'
- && s[1 + 3] >= '0' && s[i + 3] <= '7') {
- s[j++] = ((s[i + 1] - '0') << 6)
- + ((s[i + 2] - '0') << 3)
- + ( s[i + 3] - '0');
- i += 4;
- continue;
- }
- s[j++] = s[i++];
- }
- return g_bytes_new_take (g_steal_pointer (&s), j);
- }
-
- /* Otherwise, try to read a hexadecimal sequence */
- s = g_strdup (str);
g_strchomp (s);
if (s[strlen (s) - 1] == ';')
s[strlen (s) - 1] = '\0';
- return nm_utils_hexstr2bin (s);
+ if (!s[0])
+ return NULL;
+
+ return nm_dhcp_utils_client_id_string_to_bytes (s);
}
GBytes *
diff --git a/src/dhcp/tests/test-dhcp-dhclient.c b/src/dhcp/tests/test-dhcp-dhclient.c
index f3b17807f..377938c87 100644
--- a/src/dhcp/tests/test-dhcp-dhclient.c
+++ b/src/dhcp/tests/test-dhcp-dhclient.c
@@ -150,7 +150,7 @@ test_override_client_id (void)
static const char *quote_client_id_expected = \
"# Created by NetworkManager\n"
"\n"
- "send dhcp-client-identifier \"\\x00abcd\"; # added by NetworkManager\n"
+ "send dhcp-client-identifier \"1234\"; # added by NetworkManager\n"
"\n"
"option rfc3442-classless-static-routes code 121 = array of unsigned integer 8;\n"
"option ms-classless-static-routes code 249 = array of unsigned integer 8;\n"
@@ -168,36 +168,7 @@ test_quote_client_id (void)
{
test_config (NULL, quote_client_id_expected,
AF_INET, NULL, 0, FALSE,
- "abcd",
- NULL,
- "eth0",
- NULL);
-}
-
-/*****************************************************************************/
-
-static const char *hex_zero_client_id_expected = \
- "# Created by NetworkManager\n"
- "\n"
- "send dhcp-client-identifier 00:11:22:33; # added by NetworkManager\n"
- "\n"
- "option rfc3442-classless-static-routes code 121 = array of unsigned integer 8;\n"
- "option ms-classless-static-routes code 249 = array of unsigned integer 8;\n"
- "option wpad code 252 = string;\n"
- "\n"
- "also request rfc3442-classless-static-routes;\n"
- "also request ms-classless-static-routes;\n"
- "also request static-routes;\n"
- "also request wpad;\n"
- "also request ntp-servers;\n"
- "\n";
-
-static void
-test_hex_zero_client_id (void)
-{
- test_config (NULL, hex_zero_client_id_expected,
- AF_INET, NULL, 0, FALSE,
- "00:11:22:33",
+ "1234",
NULL,
"eth0",
NULL);
@@ -208,7 +179,7 @@ test_hex_zero_client_id (void)
static const char *ascii_client_id_expected = \
"# Created by NetworkManager\n"
"\n"
- "send dhcp-client-identifier \"\\x00qb:cd:ef:12:34:56\"; # added by NetworkManager\n"
+ "send dhcp-client-identifier \"qb:cd:ef:12:34:56\"; # added by NetworkManager\n"
"\n"
"option rfc3442-classless-static-routes code 121 = array of unsigned integer 8;\n"
"option ms-classless-static-routes code 249 = array of unsigned integer 8;\n"
@@ -264,13 +235,13 @@ test_hex_single_client_id (void)
/*****************************************************************************/
static const char *existing_hex_client_id_orig = \
- "send dhcp-client-identifier 10:30:04:20:7A:08;\n";
+ "send dhcp-client-identifier 00:30:04:20:7A:08;\n";
static const char *existing_hex_client_id_expected = \
"# Created by NetworkManager\n"
"# Merged from /path/to/dhclient.conf\n"
"\n"
- "send dhcp-client-identifier 10:30:04:20:7A:08;\n"
+ "send dhcp-client-identifier 00:30:04:20:7A:08;\n"
"\n"
"option rfc3442-classless-static-routes code 121 = array of unsigned integer 8;\n"
"option ms-classless-static-routes code 249 = array of unsigned integer 8;\n"
@@ -287,7 +258,7 @@ static void
test_existing_hex_client_id (void)
{
gs_unref_bytes GBytes *new_client_id = NULL;
- const guint8 bytes[] = { 0x10, 0x30, 0x04, 0x20, 0x7A, 0x08 };
+ const guint8 bytes[] = { 0x00, 0x30, 0x04,0x20, 0x7A, 0x08 };
new_client_id = g_bytes_new (bytes, sizeof (bytes));
test_config (existing_hex_client_id_orig, existing_hex_client_id_expected,
@@ -300,52 +271,16 @@ test_existing_hex_client_id (void)
/*****************************************************************************/
-static const char *existing_escaped_client_id_orig = \
- "send dhcp-client-identifier \"\\044test\\xfe\";\n";
-
-static const char *existing_escaped_client_id_expected = \
- "# Created by NetworkManager\n"
- "# Merged from /path/to/dhclient.conf\n"
- "\n"
- "send dhcp-client-identifier \"\\044test\\xfe\";\n"
- "\n"
- "option rfc3442-classless-static-routes code 121 = array of unsigned integer 8;\n"
- "option ms-classless-static-routes code 249 = array of unsigned integer 8;\n"
- "option wpad code 252 = string;\n"
- "\n"
- "also request rfc3442-classless-static-routes;\n"
- "also request ms-classless-static-routes;\n"
- "also request static-routes;\n"
- "also request wpad;\n"
- "also request ntp-servers;\n"
- "\n";
-
-static void
-test_existing_escaped_client_id (void)
-{
- gs_unref_bytes GBytes *new_client_id = NULL;
-
- new_client_id = g_bytes_new ("$test\xfe", 6);
- test_config (existing_escaped_client_id_orig, existing_escaped_client_id_expected,
- AF_INET, NULL, 0, FALSE,
- NULL,
- new_client_id,
- "eth0",
- NULL);
-}
-
-/*****************************************************************************/
-
#define EACID "qb:cd:ef:12:34:56"
static const char *existing_ascii_client_id_orig = \
- "send dhcp-client-identifier \"\\x00" EACID "\";\n";
+ "send dhcp-client-identifier \"" EACID "\";\n";
static const char *existing_ascii_client_id_expected = \
"# Created by NetworkManager\n"
"# Merged from /path/to/dhclient.conf\n"
"\n"
- "send dhcp-client-identifier \"\\x00" EACID "\";\n"
+ "send dhcp-client-identifier \"" EACID "\";\n"
"\n"
"option rfc3442-classless-static-routes code 121 = array of unsigned integer 8;\n"
"option ms-classless-static-routes code 249 = array of unsigned integer 8;\n"
@@ -998,11 +933,9 @@ main (int argc, char **argv)
g_test_add_func ("/dhcp/dhclient/orig_missing", test_orig_missing);
g_test_add_func ("/dhcp/dhclient/override_client_id", test_override_client_id);
g_test_add_func ("/dhcp/dhclient/quote_client_id", test_quote_client_id);
- g_test_add_func ("/dhcp/dhclient/hex_zero_client_id", test_hex_zero_client_id);
g_test_add_func ("/dhcp/dhclient/ascii_client_id", test_ascii_client_id);
g_test_add_func ("/dhcp/dhclient/hex_single_client_id", test_hex_single_client_id);
g_test_add_func ("/dhcp/dhclient/existing-hex-client-id", test_existing_hex_client_id);
- g_test_add_func ("/dhcp/dhclient/existing-client-id", test_existing_escaped_client_id);
g_test_add_func ("/dhcp/dhclient/existing-ascii-client-id", test_existing_ascii_client_id);
g_test_add_func ("/dhcp/dhclient/fqdn", test_fqdn);
g_test_add_func ("/dhcp/dhclient/fqdn_options_override", test_fqdn_options_override);
--
2.17.0

38
SOURCES/0004-device-disable-rp_filter-handling.patch
Unescape View File

@ -0,0 +1,38 @@ @@ -0,0 +1,38 @@
From 1ce88613e6438f0ab9f50b826929f02408eb8f50 Mon Sep 17 00:00:00 2001
From: Beniamino Galvani <bgalvani@redhat.com>
Date: Wed, 4 Jul 2018 08:22:12 +0200
Subject: [PATCH] device: disable rp_filter handling

Don't change rp_filter in any way, like in previous RHEL 7 releases.
See also https://bugzilla.redhat.com/show_bug.cgi?id=1492472.

https://bugzilla.redhat.com/show_bug.cgi?id=1593194
---
src/devices/nm-device.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/devices/nm-device.c b/src/devices/nm-device.c
index 613e87034..ac9e1da08 100644
--- a/src/devices/nm-device.c
+++ b/src/devices/nm-device.c
@@ -11440,7 +11440,7 @@ nm_device_set_ip_config (NMDevice *self,
priv->needs_ip6_subnet = FALSE;
}
- if (IS_IPv4) {
+ if (IS_IPv4 && FALSE /* disabled on RHEL */) {
if (!nm_device_sys_iface_state_is_external_or_assume (self))
ip4_rp_filter_update (self);
}
@@ -12329,7 +12329,7 @@ queued_ip_config_change (NMDevice *self, int addr_family)
set_unmanaged_external_down (self, TRUE);
- if (IS_IPv4) {
+ if (IS_IPv4 && FALSE /* disabled on RHEL */) {
if (!nm_device_sys_iface_state_is_external_or_assume (self)) {
priv->v4_has_shadowed_routes = _v4_has_shadowed_routes_detect (self);;
ip4_rp_filter_update (self);
--
2.17.0

33
SOURCES/0005-ibft-cap-sys-admin-rh1371201.patch
Unescape View File

@ -0,0 +1,33 @@ @@ -0,0 +1,33 @@
From 53a95f9ebd941c9fd2464f69ee420c4c82842eda Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Fri, 2 Sep 2016 15:58:42 +0200
Subject: [PATCH] service: give CAP_SYS_ADMIN for ibft/iscsiadm (rh#1371201)

systemd on rhel-7.3 has a bug with merging CapabilityBoundingSet.
https://github.com/systemd/systemd/issues/1221
Thus it is all in one line.
---
data/NetworkManager.service.in | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/data/NetworkManager.service.in b/data/NetworkManager.service.in
index 2692935..d354b7c 100644
--- a/data/NetworkManager.service.in
+++ b/data/NetworkManager.service.in
@@ -14,10 +14,10 @@ ExecStart=@sbindir@/NetworkManager --no-daemon
Restart=on-failure
# NM doesn't want systemd to kill its children for it
KillMode=process
-CapabilityBoundingSet=CAP_NET_ADMIN CAP_DAC_OVERRIDE CAP_NET_RAW CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_MODULE CAP_AUDIT_WRITE CAP_KILL CAP_SYS_CHROOT
+#CapabilityBoundingSet=CAP_NET_ADMIN CAP_DAC_OVERRIDE CAP_NET_RAW CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_MODULE CAP_AUDIT_WRITE CAP_KILL CAP_SYS_CHROOT
-# ibft settings plugin calls iscsiadm which needs CAP_SYS_ADMIN
-#CapabilityBoundingSet=CAP_SYS_ADMIN
+# ibft settings plugin calls iscsiadm which needs CAP_SYS_ADMIN (rh#1371201)
+CapabilityBoundingSet=CAP_NET_ADMIN CAP_DAC_OVERRIDE CAP_NET_RAW CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_MODULE CAP_AUDIT_WRITE CAP_KILL CAP_SYS_CHROOT CAP_SYS_ADMIN
ProtectSystem=true
ProtectHome=read-only
--
2.17.1

275
SOURCES/0006-support-aes256-private-keys-rh1623798.patch
Unescape View File

@ -0,0 +1,275 @@ @@ -0,0 +1,275 @@
From 0590bacaecdfb57d5289a2c3d0628424689353d1 Mon Sep 17 00:00:00 2001
From: Beniamino Galvani <bgalvani@redhat.com>
Date: Mon, 27 Aug 2018 17:04:34 +0200
Subject: [PATCH] libnm-core: support private keys encrypted with
AES-{192,256}-CBC

https://github.com/NetworkManager/NetworkManager/pull/189
(cherry picked from commit 93f85edcce502cfa6d3676f58bf9e8e1a527ea53)
(cherry picked from commit 74fc6f30b2fef3b8631128907e036bda88491970)
---
Makefile.am | 3 +-
libnm-core/crypto.c | 30 +++++++----
libnm-core/crypto.h | 6 ++-
libnm-core/crypto_gnutls.c | 14 ++++-
libnm-core/crypto_nss.c | 9 +++-
...{test-aes-key.pem => test-aes-128-key.pem} | 0
libnm-core/tests/certs/test-aes-256-key.pem | 54 +++++++++++++++++++
libnm-core/tests/test-crypto.c | 7 ++-
libnm-util/tests/test-crypto.c | 4 +-
9 files changed, 106 insertions(+), 21 deletions(-)
rename libnm-core/tests/certs/{test-aes-key.pem => test-aes-128-key.pem} (100%)
create mode 100644 libnm-core/tests/certs/test-aes-256-key.pem

diff --git a/Makefile.am b/Makefile.am
index cdb5cfc9d..d86fa26c7 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -749,7 +749,8 @@ EXTRA_DIST += \
libnm-core/tests/certs/test2_ca_cert.pem \
libnm-core/tests/certs/test2-cert.p12 \
libnm-core/tests/certs/test2_key_and_cert.pem \
- libnm-core/tests/certs/test-aes-key.pem \
+ libnm-core/tests/certs/test-aes-128-key.pem \
+ libnm-core/tests/certs/test-aes-256-key.pem \
libnm-core/tests/certs/test_ca_cert.der \
libnm-core/tests/certs/test_ca_cert.pem \
libnm-core/tests/certs/test-ca-cert.pem \
diff --git a/libnm-core/crypto.c b/libnm-core/crypto.c
index c4e48475f..319f8055f 100644
--- a/libnm-core/crypto.c
+++ b/libnm-core/crypto.c
@@ -158,7 +158,13 @@ parse_old_openssl_key_file (const guint8 *data,
goto parse_error;
}
} else if (!strncmp (p, DEK_INFO_TAG, strlen (DEK_INFO_TAG))) {
+ static const char *const known_ciphers[] = { CIPHER_DES_EDE3_CBC,
+ CIPHER_DES_CBC,
+ CIPHER_AES_128_CBC,
+ CIPHER_AES_192_CBC,
+ CIPHER_AES_256_CBC };
char *comma;
+ guint i;
if (enc_tags++ != 1 || str->len != 0) {
g_set_error (error, NM_CRYPTO_ERROR,
@@ -187,13 +193,13 @@ parse_old_openssl_key_file (const guint8 *data,
iv = g_strdup (comma);
/* Get the private key cipher */
- if (!strcasecmp (p, "DES-EDE3-CBC")) {
- cipher = g_strdup (p);
- } else if (!strcasecmp (p, "DES-CBC")) {
- cipher = g_strdup (p);
- } else if (!strcasecmp (p, "AES-128-CBC")) {
- cipher = g_strdup (p);
- } else {
+ for (i = 0; i < G_N_ELEMENTS (known_ciphers); i++) {
+ if (!g_ascii_strcasecmp (p, known_ciphers[i])) {
+ cipher = g_strdup (known_ciphers[i]);
+ break;
+ }
+ }
+ if (i == G_N_ELEMENTS (known_ciphers)) {
g_set_error (error, NM_CRYPTO_ERROR,
NM_CRYPTO_ERROR_INVALID_DATA,
_("Malformed PEM file: unknown private key cipher '%s'."),
@@ -383,12 +389,16 @@ crypto_make_des_aes_key (const char *cipher,
g_return_val_if_fail (password != NULL, NULL);
g_return_val_if_fail (out_len != NULL, NULL);
- if (!strcmp (cipher, "DES-EDE3-CBC"))
+ if (!strcmp (cipher, CIPHER_DES_EDE3_CBC))
digest_len = 24;
- else if (!strcmp (cipher, "DES-CBC"))
+ else if (!strcmp (cipher, CIPHER_DES_CBC))
digest_len = 8;
- else if (!strcmp (cipher, "AES-128-CBC"))
+ else if (!strcmp (cipher, CIPHER_AES_128_CBC))
digest_len = 16;
+ else if (!strcmp (cipher, CIPHER_AES_192_CBC))
+ digest_len = 24;
+ else if (!strcmp (cipher, CIPHER_AES_256_CBC))
+ digest_len = 32;
else {
g_set_error (error, NM_CRYPTO_ERROR,
NM_CRYPTO_ERROR_UNKNOWN_CIPHER,
diff --git a/libnm-core/crypto.h b/libnm-core/crypto.h
index e89f09193..d20d6f310 100644
--- a/libnm-core/crypto.h
+++ b/libnm-core/crypto.h
@@ -30,8 +30,10 @@
#define MD5_HASH_LEN 20
#define CIPHER_DES_EDE3_CBC "DES-EDE3-CBC"
-#define CIPHER_DES_CBC "DES-CBC"
-#define CIPHER_AES_CBC "AES-128-CBC"
+#define CIPHER_DES_CBC "DES-CBC"
+#define CIPHER_AES_128_CBC "AES-128-CBC"
+#define CIPHER_AES_192_CBC "AES-192-CBC"
+#define CIPHER_AES_256_CBC "AES-256-CBC"
typedef enum {
NM_CRYPTO_KEY_TYPE_UNKNOWN = 0,
diff --git a/libnm-core/crypto_gnutls.c b/libnm-core/crypto_gnutls.c
index 53a3ba4ad..49181ee72 100644
--- a/libnm-core/crypto_gnutls.c
+++ b/libnm-core/crypto_gnutls.c
@@ -82,9 +82,15 @@ crypto_decrypt (const char *cipher,
} else if (!strcmp (cipher, CIPHER_DES_CBC)) {
cipher_mech = GNUTLS_CIPHER_DES_CBC;
real_iv_len = SALT_LEN;
- } else if (!strcmp (cipher, CIPHER_AES_CBC)) {
+ } else if (!strcmp (cipher, CIPHER_AES_128_CBC)) {
cipher_mech = GNUTLS_CIPHER_AES_128_CBC;
real_iv_len = 16;
+ } else if (!strcmp (cipher, CIPHER_AES_192_CBC)) {
+ cipher_mech = GNUTLS_CIPHER_AES_192_CBC;
+ real_iv_len = 16;
+ } else if (!strcmp (cipher, CIPHER_AES_256_CBC)) {
+ cipher_mech = GNUTLS_CIPHER_AES_256_CBC;
+ real_iv_len = 16;
} else {
g_set_error (error, NM_CRYPTO_ERROR,
NM_CRYPTO_ERROR_UNKNOWN_CIPHER,
@@ -189,8 +195,12 @@ crypto_encrypt (const char *cipher,
if (!strcmp (cipher, CIPHER_DES_EDE3_CBC))
cipher_mech = GNUTLS_CIPHER_3DES_CBC;
- else if (!strcmp (cipher, CIPHER_AES_CBC))
+ else if (!strcmp (cipher, CIPHER_AES_128_CBC))
cipher_mech = GNUTLS_CIPHER_AES_128_CBC;
+ else if (!strcmp (cipher, CIPHER_AES_192_CBC))
+ cipher_mech = GNUTLS_CIPHER_AES_192_CBC;
+ else if (!strcmp (cipher, CIPHER_AES_256_CBC))
+ cipher_mech = GNUTLS_CIPHER_AES_256_CBC;
else {
g_set_error (error, NM_CRYPTO_ERROR,
NM_CRYPTO_ERROR_UNKNOWN_CIPHER,
diff --git a/libnm-core/crypto_nss.c b/libnm-core/crypto_nss.c
index 56e91e26f..9a0c43349 100644
--- a/libnm-core/crypto_nss.c
+++ b/libnm-core/crypto_nss.c
@@ -103,7 +103,9 @@ crypto_decrypt (const char *cipher,
} else if (!strcmp (cipher, CIPHER_DES_CBC)) {
cipher_mech = CKM_DES_CBC_PAD;
real_iv_len = 8;
- } else if (!strcmp (cipher, CIPHER_AES_CBC)) {
+ } else if (NM_IN_STRSET (cipher, CIPHER_AES_128_CBC,
+ CIPHER_AES_192_CBC,
+ CIPHER_AES_256_CBC)) {
cipher_mech = CKM_AES_CBC_PAD;
real_iv_len = 16;
} else {
@@ -269,7 +271,10 @@ crypto_encrypt (const char *cipher,
if (!strcmp (cipher, CIPHER_DES_EDE3_CBC))
cipher_mech = CKM_DES3_CBC_PAD;
- else if (!strcmp (cipher, CIPHER_AES_CBC))
+ else if (NM_IN_STRSET (cipher,
+ CIPHER_AES_128_CBC,
+ CIPHER_AES_192_CBC,
+ CIPHER_AES_256_CBC))
cipher_mech = CKM_AES_CBC_PAD;
else {
g_set_error (error, NM_CRYPTO_ERROR,
diff --git a/libnm-core/tests/certs/test-aes-key.pem b/libnm-core/tests/certs/test-aes-128-key.pem
similarity index 100%
rename from libnm-core/tests/certs/test-aes-key.pem
rename to libnm-core/tests/certs/test-aes-128-key.pem
diff --git a/libnm-core/tests/certs/test-aes-256-key.pem b/libnm-core/tests/certs/test-aes-256-key.pem
new file mode 100644
index 000000000..e51bafd3d
--- /dev/null
+++ b/libnm-core/tests/certs/test-aes-256-key.pem
@@ -0,0 +1,54 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-256-CBC,5FF6BD2D4E57E8933D4A6814DEF5305A
+
+9Br+xw6XOg7qUqfeE5PJ4g/PAm7eTcPMb4FzSKkaEosLo6oj4f37TwXuojJZeAmi
+1EytpqM1vdYHCLdjg+qYaTIq6mzMZIyoaREokcOhcNrq5S0J39gJLVV9LjiXhCAH
+GQgDBnbRT6HGz70AyTRLcW9aj6uBzTv/m92sLUw2txFeBXK8n2AA1oHJTgsFNYjf
+/ZvTCE1VMQHDPx31Vn5WXSUHNc0hx4MTIwpHqWI17ohr8IiWCs5HXVfVaqrNeNEw
+haD7fg8oNxjLs46/4dDWmfWXhDsMFSweZv03gZdyVjwn1IOqeVGmTdLpllfgOW7E
++XE8Y/d55s5nkOxu6eXNMtWgjclKBGr2iMxxnODmEsUt2WcV98cPS+25o3hOfy3s
+NIcfxtWVRFUtjqf3ragyGLuXFqATkj1slj4LVMeewRJ1g+Z6ti0mwBN+ZrYtKdec
+FRNb4zr5FW+3SqkIIJVfxJEYJDB4zODhMg8tySEHLKuT0uz42YQ4aoOHTzO5WDBY
+2BI7TjRppXcExPnkAk5jqbKA6BjT9KcAVyypfxDKvCeXKdjDcL6ISOBSm6cQBh8D
+HxsFzMy9PF6kKNeiNiEsVPnKYvhvs1hTBtp+IAgJ6KZnCDKplZFxo/mBAlV2KyCT
+x+Mhmme3fXdLJkvxlVJAoAhwgXvomVCVTGI3JhcQIqVgxPIKYpqlHVFC7JjG+yQX
+tvzCPtr9G9+Ofrm6zXjlDD7zNyl/KfFtEWhO2ePHkQlCEuKJnsnRIf/wQ0viG0yY
+MH31Z/84o2pKLBKY5fq8+eYuYoP9Rk4W2LpjGMvdkKhEHL26kZofeFyqD+JcaxHc
+kQh7/SbWAsREGb9Jp7I2q1mo749mse1oSFIQa5gN3jB0mgHZd6edRYeW2Up+rqEK
+k6Xd6uqs7bZd5W9sP7Cf6yJOFEjqFVLQEVEXWSchgeta/JNrjGr3UzLFN2S+vhvX
+XgDa41y2UdXHRqj2s864u0ZDPyGXYZnVbvQn/8xHQ7rvxHowpTn+XXUEf0AQnk3j
+9h++3McwP8GuVxkwc6o9TfOL+ell5jup7F3SekwEiE3hqY8x87g6X2zD5VSnfCy3
+0t0LmPGI1b3LABeYjA1WEdhoTlHrNLkwOR4gsudrJ5nxIzfGy+IHaloXLJy4YKfX
+pJ+qyGRUR42YD9IhiEmmmO1VoJgVEYfBiz50Jg8emddku6eKdmv9IKjiSb2pTbDS
+4oUYKg109OOn+krk67dNXofAXrBa8v7QusC0yz9N25H05Xyou1iqpGk+uBrTqEO6
+lW9lWQo57BQU9og40xMKH/xQgIxfQRktUKsPizj8mKil4izo5KgjPSqBeEbj+Q3c
+0FKlrpTXQlXfX5Z5esqMuCSiwQEzoJR+V+SUaSVcg1av0k/CJMin4Cr8roai+OjK
+lhaQIvx35Bzd02yERYsfpDjmQCXmIeiDm8JtB6znbQPUJ4d8kzWR+5ACOZW/dUss
+YhWJRkZpkIwTY+/sDU4mnP2R37MNo+OH4CwZyUDHjlkRPGW+6JBEpnnlI9a/1Vb1
+pjAGpi/8u/luvZGTzCzxQG2dZc5YQR869U+wFsFbLRiD0aP2SpdOH0QxxPOcdR8+
+HWyL01BJBKyK/wZWJhe+63zlk1L5CA0XYpoNkYpMlPNZkcqR7QzUOATfuBgI2aPM
+AXaweaAWhpPCDsc2RypIs9DhTiCCkt8tq8Au15hVUKAoshLeewPtv0t75MEC0hVB
+z6FVnNlqq0cqqcSVqvUG6JUGtFOGgG3ifEMXggq5k12+wGzY63DLR8dFPNpOL6/1
+nocOayHJIU9M8PP817PzhAUAePRRUKRg8kkbKKeZnCJxoF7O15AFVEJnl9Vyokkz
+bULYhzYVx3xh8THMi+5jsnKWPJyMeYHbHH3C658SIw6Ff9fgEWscv5ZkGYdKMg+l
+8hBn+++SoqIO+F3lOGco+s8qlYox106lUwJEtORXcBxmkaHSo/X2AVO8Owt4vYli
+mjWnY6V9vooBgOuCMcY780pcoj2lSf9JPHDYK0j8t5VumDUSLyLt+tCj0yv/vl5L
+9L++vbu2akZRC9ChijYpfhTvXoG36ePhoT7AGGnhpFjjw1VqG80GY4XSODKzH86w
+kUcZoErb8swUPYOtsybtuPb+6c/YofQ8GfpVosPZgSRD4+U7v+zA3/z8xF2B0xt6
+uV8hXbropuni8KmbFuKrPZK3p2v2aZ8F0+GITwS75/hbT6D7ruUSr5q4V0VKeE8G
+k3QSI0s6+74stPv3S/ByCxu8q51ffYqVw00wzPpEc4SmHEa0R7IczJKXupmDdZZM
+1rASSBNzS5TZDBXP6S7npYQ8nHhgXTdCFO7eM3bp24B/i2o0s7+gkKrz0DkEbv9I
+UrCJjTL8OIIP4qSLMILzZ8pB28c+zyM482ZqFY/2b7j6WlTiqa9P1adrD1gLxTQ0
+Sw9xY+sY3PAJqcnPA5NjDZL/h5plgHhCqDa9pEtdBVG2Mxcl9bXbphwD1MIzj4gr
+xtlW1HUJ/iOhFcXldOJ1MCt++Bm5av4mL5adQ/oUnL5Q0oZZFwqT09k7xe7lZ98N
+uj2Lfl8NN7N3ama9KatgbX5g6IALuk/rJN/4KEiiu24m+lR7c5L0pg/cG6LIFjmk
+HlTsc0ANCgeZBhDJ8kvjcXDhFOqoYE/+D2VO6ZEHRsDibQ+kjpaH+DiD01/gh0N0
+HM6GGtm3GbOyZUhw5OFz04xzcyFYo2xaqzgaZieAOcrt2s6XyPVf1gww08/HtTMR
+gLg14MUQvRXV6kPJfdu4OLZ//b6J0KnzVyLDRdOrWIj2raLWmKwQN9qv05/yskcD
+Y6x7wq3v6iZpFjDc53sslhwp2XRsoWT9X5alVspz8WvP/kqgkTdzpPFdp1vIovOQ
+kRXdzzKICDGDJUIcTL8cJ3Dv4XqNR/sVyuB4dfndzQQApbdYTDNpwX0VJDBjMkQy
+Up6aiUknxa6Cbp7b1ZfUQY8yNBAIZL+R8dmobT3nAHW61DaASHSxn+elCD2Ja/6b
+EiWikskyN6crMAv35ILr5ySsZK97ttNNmRoGFbt8bTjRd83Ie+UfH445kCKsY83x
+aDCvWm+bbV6M9rSgjhJ3bWOudiw+EBMGvSamSnS7CYnRmwq4t+4bM2sh2nYKY0qw
+-----END RSA PRIVATE KEY-----
diff --git a/libnm-core/tests/test-crypto.c b/libnm-core/tests/test-crypto.c
index fb99ffea7..5fb26c1fc 100644
--- a/libnm-core/tests/test-crypto.c
+++ b/libnm-core/tests/test-crypto.c
@@ -476,8 +476,11 @@ main (int argc, char **argv)
g_test_add_data_func ("/libnm/crypto/key/padding-8",
"test2_key_and_cert.pem, 12345testing",
test_key);
- g_test_add_data_func ("/libnm/crypto/key/aes",
- "test-aes-key.pem, test-aes-password",
+ g_test_add_data_func ("/libnm/crypto/key/aes-128",
+ "test-aes-128-key.pem, test-aes-password",
+ test_key);
+ g_test_add_data_func ("/libnm/crypto/key/aes-256",
+ "test-aes-256-key.pem, test-aes-password",
test_key);
g_test_add_data_func ("/libnm/crypto/key/decrypted",
"test-key-only-decrypted.pem",
diff --git a/libnm-util/tests/test-crypto.c b/libnm-util/tests/test-crypto.c
index 61bd97745..af6028a52 100644
--- a/libnm-util/tests/test-crypto.c
+++ b/libnm-util/tests/test-crypto.c
@@ -383,8 +383,8 @@ main (int argc, char **argv)
g_test_add_data_func ("/libnm/crypto/key/padding-8",
"test2_key_and_cert.pem, 12345testing",
test_key);
- g_test_add_data_func ("/libnm/crypto/key/aes",
- "test-aes-key.pem, test-aes-password",
+ g_test_add_data_func ("/libnm/crypto/key/aes-128",
+ "test-aes-128-key.pem, test-aes-password",
test_key);
g_test_add_data_func ("/libnm/crypto/PKCS#12/1",
--
2.17.1

36
SOURCES/0007-core-fix-wireless-bitrate-property-name-on-D-Bus-rh1626391.patch
Unescape View File

@ -0,0 +1,36 @@ @@ -0,0 +1,36 @@
From acb43106a919affe65eb736ebc798390396913cc Mon Sep 17 00:00:00 2001
From: Beniamino Galvani <bgalvani@redhat.com>
Date: Fri, 7 Sep 2018 09:33:57 +0200
Subject: [PATCH] core: fix wireless bitrate property name on D-Bus

In commit 297d4985abcc ("core/dbus: rework D-Bus implementation to use
lower layer GDBusConnection API") the Device.Wireless 'Bitrate'
property on D-Bus was accidentally changed to 'BitRate'. Revert the
old name.

Reported-by: Joseph Conley <joseph.j.conley@gmail.com>
Fixes: 297d4985abcc7b571b8c090ee90622357fc60e16

https://mail.gnome.org/archives/networkmanager-list/2018-September/msg00004.html
(cherry picked from commit c882633d48ad70d5c92ce0566a0f46dcbb5c51b3)
(cherry picked from commit 3a2c6f81f6b0a8dd38d45aa89fa7d6d1f897f149)
---
src/devices/wifi/nm-wifi-common.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/devices/wifi/nm-wifi-common.c b/src/devices/wifi/nm-wifi-common.c
index 8e079d115..c95620e7f 100644
--- a/src/devices/wifi/nm-wifi-common.c
+++ b/src/devices/wifi/nm-wifi-common.c
@@ -196,7 +196,7 @@ const NMDBusInterfaceInfoExtended nm_interface_info_device_wireless = {
NM_DEFINE_DBUS_PROPERTY_INFO_EXTENDED_READABLE_L ("HwAddress", "s", NM_DEVICE_HW_ADDRESS),
NM_DEFINE_DBUS_PROPERTY_INFO_EXTENDED_READABLE_L ("PermHwAddress", "s", NM_DEVICE_PERM_HW_ADDRESS),
NM_DEFINE_DBUS_PROPERTY_INFO_EXTENDED_READABLE_L ("Mode", "u", NM_DEVICE_WIFI_MODE),
- NM_DEFINE_DBUS_PROPERTY_INFO_EXTENDED_READABLE_L ("BitRate", "u", NM_DEVICE_WIFI_BITRATE),
+ NM_DEFINE_DBUS_PROPERTY_INFO_EXTENDED_READABLE_L ("Bitrate", "u", NM_DEVICE_WIFI_BITRATE),
NM_DEFINE_DBUS_PROPERTY_INFO_EXTENDED_READABLE_L ("AccessPoints", "ao", NM_DEVICE_WIFI_ACCESS_POINTS),
NM_DEFINE_DBUS_PROPERTY_INFO_EXTENDED_READABLE_L ("ActiveAccessPoint", "o", NM_DEVICE_WIFI_ACTIVE_ACCESS_POINT),
NM_DEFINE_DBUS_PROPERTY_INFO_EXTENDED_READABLE_L ("WirelessCapabilities", "u", NM_DEVICE_WIFI_CAPABILITIES),
--
2.17.1

42
SOURCES/0008-dns-dnsmsaq-avoid-crash-no-rev-domains-rh1628576.patch
Unescape View File

@ -0,0 +1,42 @@ @@ -0,0 +1,42 @@
From 3a040f04f5c32639092ea5e427675df2a1830704 Mon Sep 17 00:00:00 2001
From: Beniamino Galvani <bgalvani@redhat.com>
Date: Thu, 13 Sep 2018 14:50:32 +0200
Subject: [PATCH] dns: dnsmasq: avoid crash when no reverse domains exist

ip_data->domains.reverse can be NULL when the device is being removed
and has no IP configuration for a short moment.

Fixes: 6409e7719c0341baedfdb063366457e390894ed9

https://bugzilla.gnome.org/show_bug.cgi?id=797022
(cherry picked from commit f0c075f05082e4c77fac75ad06d303e7538e4fc7)
(cherry picked from commit 8309a7a6964d3677e0705046fb2f91810ef3ab65)
(cherry picked from commit 3abddc3328e7896f7af137ec9d74db86c27b3302)
---
src/dns/nm-dns-dnsmasq.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/src/dns/nm-dns-dnsmasq.c b/src/dns/nm-dns-dnsmasq.c
index b5b93280d..91f4c55bd 100644
--- a/src/dns/nm-dns-dnsmasq.c
+++ b/src/dns/nm-dns-dnsmasq.c
@@ -183,10 +183,12 @@ add_ip_config (NMDnsDnsmasq *self, GVariantBuilder *servers, const NMDnsIPConfig
domain[0] ? domain : NULL);
}
- for (j = 0; ip_data->domains.reverse[j]; j++) {
- add_dnsmasq_nameserver (self, servers,
- ip_addr_to_string_buf,
- ip_data->domains.reverse[j]);
+ if (ip_data->domains.reverse) {
+ for (j = 0; ip_data->domains.reverse[j]; j++) {
+ add_dnsmasq_nameserver (self, servers,
+ ip_addr_to_string_buf,
+ ip_data->domains.reverse[j]);
+ }
}
}
}
--
2.17.1

34
SOURCES/1000-cli-remove-assertion-in-nmc_device_state_to_color.patch
Unescape View File

@ -0,0 +1,34 @@ @@ -0,0 +1,34 @@
From 2f9faf8348793ed577c0a3f6a7850c182762a7f0 Mon Sep 17 00:00:00 2001
From: Beniamino Galvani <bgalvani@redhat.com>
Date: Thu, 9 Aug 2018 20:37:32 +0200
Subject: [PATCH] cli: remove assertion in nmc_device_state_to_color()

nmcli should not fail when the state device state is > ACTIVATED.
Just return an unknown color code like we used to do, and like we do
for connections.

Fixes: 31aa2cfe29beb1bb7371ff36dbbd8baebeeaa06e

https://bugzilla.gnome.org/show_bug.cgi?id=796834
(cherry picked from commit c955d91d4bbd1aec0e00be8955ac24aecf64182f)
(cherry picked from commit 5b31dfb1a529a4c5eec6343daac22ecc81c83dc5)
---
clients/cli/devices.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/clients/cli/devices.c b/clients/cli/devices.c
index aa28678ff..be7597327 100644
--- a/clients/cli/devices.c
+++ b/clients/cli/devices.c
@@ -1470,7 +1470,7 @@ nmc_device_state_to_color (NMDeviceState state)
else if (state == NM_DEVICE_STATE_ACTIVATED)
return NM_META_COLOR_DEVICE_ACTIVATED;
- g_return_val_if_reached (NM_META_COLOR_DEVICE_UNKNOWN);
+ return NM_META_COLOR_DEVICE_UNKNOWN;
}
static void
--
2.17.1

11844
SOURCES/1001-translations-rh1569438.patch
View File

File diff suppressed because it is too large Load Diff

120
SOURCES/1002-cli-fix-reading-vpn.secrets.-from-passwd-file.patch
Unescape View File

@ -0,0 +1,120 @@ @@ -0,0 +1,120 @@
From 948a03d2a28dae7bb975f6e64dc7b5a31f10d5b9 Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Fri, 14 Sep 2018 11:13:05 +0200
Subject: [PATCH 1/1] cli: fix reading "vpn.secrets.*" from passwd-file

Due to a bug, we required VPN secrets to be prefixed with
"vpn.secret." instead of "vpn.secrets.". This was a change
in behavior with 1.12.0 release.

Fix it, to restore the old behavior. For backward compatibility
to the broken behavior, adjust parse_passwords() to treat accept
that as well.

https://bugzilla.redhat.com/show_bug.cgi?id=1628833
https://github.com/NetworkManager/NetworkManager/pull/201

Fixes: 0601b5d725b072bd3ce4ec60be867898a16f85cd
(cherry picked from commit 5815ae8c60961f088e4e54b41ddf8254cb83574a)
(cherry picked from commit 6bfab6796f064c4f878e05476a60cd59fa8bf11e)
(cherry picked from commit 10888abe96fedd3d6c5b99faea76465522f8e8e9)
---
clients/cli/common.c | 6 +++---
clients/cli/connections.c | 10 +++++++++-
clients/common/nm-secret-agent-simple.c | 2 +-
clients/common/nm-secret-agent-simple.h | 2 +-
clients/tui/nmtui-connect.c | 6 +++---
5 files changed, 17 insertions(+), 9 deletions(-)

diff --git a/clients/cli/common.c b/clients/cli/common.c
index 09c86334a..4aea0d5b2 100644
--- a/clients/cli/common.c
+++ b/clients/cli/common.c
@@ -630,13 +630,13 @@ vpn_openconnect_get_secrets (NMConnection *connection, GPtrArray *secrets)
if (!nm_streq0 (secret->vpn_type, NM_SECRET_AGENT_VPN_TYPE_OPENCONNECT))
continue;
- if (nm_streq0 (secret->entry_id, NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRET "cookie")) {
+ if (nm_streq0 (secret->entry_id, NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRETS "cookie")) {
g_free (secret->value);
secret->value = g_steal_pointer (&cookie);
- } else if (nm_streq0 (secret->entry_id, NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRET "gateway")) {
+ } else if (nm_streq0 (secret->entry_id, NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRETS "gateway")) {
g_free (secret->value);
secret->value = g_steal_pointer (&gateway);
- } else if (nm_streq0 (secret->entry_id, NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRET "gwcert")) {
+ } else if (nm_streq0 (secret->entry_id, NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRETS "gwcert")) {
g_free (secret->value);
secret->value = g_steal_pointer (&gwcert);
}
diff --git a/clients/cli/connections.c b/clients/cli/connections.c
index 1563178de..b547e34ca 100644
--- a/clients/cli/connections.c
+++ b/clients/cli/connections.c
@@ -2565,7 +2565,15 @@ parse_passwords (const char *passwd_file, GError **error)
return NULL;
}
- pwd_spec = g_strdup_printf ("%s.%s", setting, prop);
+ if ( nm_streq (setting, "vpn")
+ && g_str_has_prefix (prop, "secret.")) {
+ /* in 1.12.0, we wrongly required the VPN secrets to be named
+ * "vpn.secret". It should be "vpn.secrets". Work around it
+ * (rh#1628833). */
+ pwd_spec = g_strdup_printf ("vpn.secrets.%s", &prop[NM_STRLEN ("secret.")]);
+ } else
+ pwd_spec = g_strdup_printf ("%s.%s", setting, prop);
+
g_hash_table_insert (pwds_hash, pwd_spec, g_strdup (pwd));
}
return g_steal_pointer (&pwds_hash);
diff --git a/clients/common/nm-secret-agent-simple.c b/clients/common/nm-secret-agent-simple.c
index 0856b51ff..3df8c0386 100644
--- a/clients/common/nm-secret-agent-simple.c
+++ b/clients/common/nm-secret-agent-simple.c
@@ -195,7 +195,7 @@ nm_secret_agent_simple_secret_new (NMSecretAgentSecretType secret_type,
real->base.is_secret = (secret_type != NM_SECRET_AGENT_SECRET_TYPE_PROPERTY);
break;
case NM_SECRET_AGENT_SECRET_TYPE_VPN_SECRET:
- vpn_prefix = NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRET;
+ vpn_prefix = NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRETS;
value = nm_setting_vpn_get_secret (NM_SETTING_VPN (setting), property);
real->base.entry_id = g_strdup_printf ("%s%s", vpn_prefix, property);
nm_assert (vpn_type);
diff --git a/clients/common/nm-secret-agent-simple.h b/clients/common/nm-secret-agent-simple.h
index 505987dfd..529aaeaca 100644
--- a/clients/common/nm-secret-agent-simple.h
+++ b/clients/common/nm-secret-agent-simple.h
@@ -56,7 +56,7 @@ typedef struct {
gboolean is_secret;
} NMSecretAgentSimpleSecret;
-#define NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRET "vpn.secret."
+#define NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRETS "vpn.secrets."
#define NM_SECRET_AGENT_VPN_TYPE_OPENCONNECT NM_DBUS_INTERFACE".openconnect"
diff --git a/clients/tui/nmtui-connect.c b/clients/tui/nmtui-connect.c
index 2a954fb8c..6f29e13e9 100644
--- a/clients/tui/nmtui-connect.c
+++ b/clients/tui/nmtui-connect.c
@@ -121,13 +121,13 @@ secrets_requested (NMSecretAgentSimple *agent,
continue;
if (!nm_streq0 (secret->vpn_type, NM_SECRET_AGENT_VPN_TYPE_OPENCONNECT))
continue;
- if (nm_streq0 (secret->entry_id, NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRET "cookie")) {
+ if (nm_streq0 (secret->entry_id, NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRETS "cookie")) {
g_free (secret->value);
secret->value = g_steal_pointer (&cookie);
- } else if (nm_streq0 (secret->entry_id, NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRET "gateway")) {
+ } else if (nm_streq0 (secret->entry_id, NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRETS "gateway")) {
g_free (secret->value);
secret->value = g_steal_pointer (&gateway);
- } else if (nm_streq0 (secret->entry_id, NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRET "gwcert")) {
+ } else if (nm_streq0 (secret->entry_id, NM_SECRET_AGENT_ENTRY_ID_PREFX_VPN_SECRETS "gwcert")) {
g_free (secret->value);
secret->value = g_steal_pointer (&gwcert);
}
--
2.17.1

4
SOURCES/20-connectivity-fedora.conf
Unescape View File

@ -0,0 +1,4 @@ @@ -0,0 +1,4 @@
[connectivity]
uri=http://fedoraproject.org/static/hotspot.txt
response=OK
interval=300

4
SOURCES/20-connectivity-redhat.conf
Unescape View File

@ -0,0 +1,4 @@ @@ -0,0 +1,4 @@
[connectivity]
uri=http://static.redhat.com/test/rhel-networkmanager.txt
response=OK
interval=300

56
SOURCES/9999-fix-pregen-doc.patch
Unescape View File

@ -1,6 +1,6 @@ @@ -1,6 +1,6 @@
From f3930619ad245fab5f7ba0e4d390daaf1970f27c Mon Sep 17 00:00:00 2001
From: Beniamino Galvani <bgalvani@redhat.com>
Date: Wed, 25 Oct 2017 18:16:59 +0200
From 7c94c0568e3c4a4db49f2a99ff297f7b3efe84e4 Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Mon, 18 Jun 2018 14:01:36 +0200
Subject: [PATCH] patch documentation with the proper default values

We don't regenerate the documentation for RHEL builds, but
@ -9,16 +9,15 @@ of defaults. @@ -9,16 +9,15 @@ of defaults.

Patch the man pages with the proper values.
---
docs/api/html/NetworkManager.conf.html | 10 +++++-----
docs/api/html/gdbus-org.freedesktop.NetworkManager.Device.html | 2 +-
man/NetworkManager.conf.5 | 8 ++++----
3 files changed, 10 insertions(+), 10 deletions(-)
docs/api/html/NetworkManager.conf.html | 8 ++++----
man/NetworkManager.conf.5 | 8 ++++----
2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/docs/api/html/NetworkManager.conf.html b/docs/api/html/NetworkManager.conf.html
index ec32a39cf..5d7e7e8a0 100644
index ae2b1081e..6e5282b2a 100644
--- a/docs/api/html/NetworkManager.conf.html
+++ b/docs/api/html/NetworkManager.conf.html
@@ -183,7 +183,7 @@ plugins-=remove-me
@@ -180,7 +180,7 @@ plugins-=remove-me
clients to be installed. The <code class="literal">internal</code>
option uses a built-in DHCP client which is not currently as
featureful as the external clients.</p>
@ -27,7 +26,7 @@ index ec32a39cf..5d7e7e8a0 100644 @@ -27,7 +26,7 @@ index ec32a39cf..5d7e7e8a0 100644
It the chosen plugin is not available, clients are looked for
in this order: <code class="literal">dhclient</code>, <code class="literal">dhcpcd</code>,
<code class="literal">internal</code>.</p>
@@ -341,7 +341,7 @@ no-auto-default=*
@@ -339,7 +339,7 @@ no-auto-default=*
<p>Set the <code class="filename">resolv.conf</code>
management mode. The default value depends on NetworkManager build
options, and this version of NetworkManager was build with a default of
@ -36,7 +35,7 @@ index ec32a39cf..5d7e7e8a0 100644 @@ -36,7 +35,7 @@ index ec32a39cf..5d7e7e8a0 100644
Regardless of this setting, NetworkManager will
always write resolv.conf to its runtime state directory
<code class="filename">/var/run/NetworkManager/resolv.conf</code>.</p>
@@ -622,7 +622,7 @@ ipv6.ip6-privacy=0
@@ -625,7 +625,7 @@ ipv6.ip6-privacy=0
</tr>
<tr>
<td><p><span class="term"><code class="varname">ethernet.cloned-mac-address</code></span></p></td>
@ -45,7 +44,7 @@ index ec32a39cf..5d7e7e8a0 100644 @@ -45,7 +44,7 @@ index ec32a39cf..5d7e7e8a0 100644
</tr>
<tr>
<td><p><span class="term"><code class="varname">ethernet.generate-mac-address-mask</code></span></p></td>
@@ -692,7 +692,7 @@ ipv6.ip6-privacy=0
@@ -703,7 +703,7 @@ ipv6.ip6-privacy=0
</tr>
<tr>
<td><p><span class="term"><code class="varname">wifi.cloned-mac-address</code></span></p></td>
@ -54,29 +53,11 @@ index ec32a39cf..5d7e7e8a0 100644 @@ -54,29 +53,11 @@ index ec32a39cf..5d7e7e8a0 100644
</tr>
<tr>
<td><p><span class="term"><code class="varname">wifi.generate-mac-address-mask</code></span></p></td>
@@ -1363,4 +1363,4 @@ interface-name:vboxnet*,except:interface-name:vboxnet2
<div class="footer">
<hr>Generated by GTK-Doc V1.26</div>
</body>
-</html>
\ No newline at end of file
+</html>
diff --git a/docs/api/html/gdbus-org.freedesktop.NetworkManager.Device.html b/docs/api/html/gdbus-org.freedesktop.NetworkManager.Device.html
index 4f62d52fc..14bc3c4c5 100644
--- a/docs/api/html/gdbus-org.freedesktop.NetworkManager.Device.html
+++ b/docs/api/html/gdbus-org.freedesktop.NetworkManager.Device.html
@@ -538,4 +538,4 @@ Real readable b
<div class="footer">
<hr>Generated by GTK-Doc V1.26</div>
</body>
-</html>
\ No newline at end of file
+</html>
diff --git a/man/NetworkManager.conf.5 b/man/NetworkManager.conf.5
index aa31c809a..6649f0307 100644
index 26b31e1bd..058177719 100644
--- a/man/NetworkManager.conf.5
+++ b/man/NetworkManager.conf.5
@@ -144,7 +144,7 @@ internal
@@ -145,7 +145,7 @@ internal
option uses a built\-in DHCP client which is not currently as featureful as the external clients\&.
.sp
If this key is missing, it defaults to
@ -85,7 +66,7 @@ index aa31c809a..6649f0307 100644 @@ -85,7 +66,7 @@ index aa31c809a..6649f0307 100644
dhclient,
dhcpcd,
internal\&.
@@ -252,7 +252,7 @@ rc\-manager\ \&unmanaged
@@ -254,7 +254,7 @@ rc\-manager\ \&unmanaged
.RS 4
Set the
resolv\&.conf
@ -94,7 +75,7 @@ index aa31c809a..6649f0307 100644 @@ -94,7 +75,7 @@ index aa31c809a..6649f0307 100644
/var/run/NetworkManager/resolv\&.conf\&.
.sp
symlink: If
@@ -601,7 +601,7 @@ If left unspecified, the default value is 3 tries before failing the connection\
@@ -607,7 +607,7 @@ If left unspecified, the default value is 3 tries before failing the connection\
.PP
\fIethernet\&.cloned\-mac\-address\fR
.RS 4
@ -103,7 +84,7 @@ index aa31c809a..6649f0307 100644 @@ -103,7 +84,7 @@ index aa31c809a..6649f0307 100644
.RE
.PP
\fIethernet\&.generate\-mac\-address\-mask\fR
@@ -673,7 +673,7 @@ If left unspecified, default value of 60 seconds is used\&.
@@ -688,7 +688,7 @@ If left unspecified, default value of 60 seconds is used\&.
.PP
\fIwifi\&.cloned\-mac\-address\fR
.RS 4
@ -112,5 +93,6 @@ index aa31c809a..6649f0307 100644 @@ -112,5 +93,6 @@ index aa31c809a..6649f0307 100644
.RE
.PP
\fIwifi\&.generate\-mac\-address\-mask\fR
--
2.14.3
--
2.17.0


367
SPECS/NetworkManager.spec
Unescape View File

@ -1,15 +1,16 @@ @@ -1,15 +1,16 @@
%global dbus_glib_version 0.100

%global wireless_tools_version 1:28-0pre9
%global libnl3_version 3.2.7

%global wpa_supplicant_version 1:1.1

%global ppp_version %(sed -n 's/^#define\\s*VERSION\\s*"\\([^\\s]*\\)"$/\\1/p' %{_includedir}/pppd/patchlevel.h 2>/dev/null | grep . || echo bad)
%global glib2_version %(pkg-config --modversion glib-2.0 2>/dev/null || echo bad)

%global epoch_version 1
%global rpm_version 1.10.2
%global real_version 1.10.2
%global release_version 13
%global rpm_version 1.12.0
%global real_version 1.12.0
%global release_version 6
%global snapshot %{nil}
%global git_sha %{nil}

@ -18,6 +19,7 @@ @@ -18,6 +19,7 @@

%global systemd_dir %{_prefix}/lib/systemd/system
%global nmlibdir %{_prefix}/lib/%{name}
%global nmplugindir %{_libdir}/%{name}/%{version}-%{release}

%global _hardened_build 1

@ -41,6 +43,7 @@ @@ -41,6 +43,7 @@
%bcond_without wwan
%bcond_without team
%bcond_without wifi
%bcond_with iwd
%bcond_without ovs
%bcond_without ppp
%bcond_without nmtui
@ -55,6 +58,26 @@ @@ -55,6 +58,26 @@
%endif
%bcond_without test
%bcond_with sanitizer
%if 0%{?fedora} > 28 || 0%{?rhel} > 7
%bcond_with libnm_glib
%else
%bcond_without libnm_glib
%endif
%if 0%{?fedora}
%bcond_without connectivity_fedora
%else
%bcond_with connectivity_fedora
%endif
%if 0%{?rhel} && 0%{?rhel} > 7
%bcond_without connectivity_redhat
%else
%bcond_with connectivity_redhat
%endif
%if 0%{?fedora} > 28 || 0%{?rhel} > 7
%bcond_without crypto_gnutls
%else
%bcond_with crypto_gnutls
%endif

###############################################################################

@ -86,39 +109,25 @@ URL: http://www.gnome.org/projects/NetworkManager/ @@ -86,39 +109,25 @@ URL: http://www.gnome.org/projects/NetworkManager/
Source: https://download.gnome.org/sources/NetworkManager/%{real_version_major}/%{name}-%{real_version}.tar.xz
Source1: NetworkManager.conf
Source2: 00-server.conf
Source3: 10-slaves-order.conf
Source4: README.nmcs
Source3: 20-connectivity-fedora.conf
Source4: 20-connectivity-redhat.conf
Source5: 10-slaves-order.conf

# RHEL downstream patches that change behavior from upstream.
# These are not bugfixes, hence they are also relevant after
# the next rebase of the source tarball.
Patch1: 0001-cloned-mac-address-permanent-rh1413312.patch
Patch2: 0002-nm-wait-online-not-require-nm-service-rh1520865.patch
Patch3: 0003-dhclient-no-leading-zero-client-id-rh1556983.patch
Patch4: 0004-device-disable-rp_filter-handling.patch
Patch5: 0005-ibft-cap-sys-admin-rh1371201.patch
Patch6: 0006-support-aes256-private-keys-rh1623798.patch
Patch7: 0007-core-fix-wireless-bitrate-property-name-on-D-Bus-rh1626391.patch
Patch8: 0008-dns-dnsmsaq-avoid-crash-no-rev-domains-rh1628576.patch

Patch3: 0003-po-import-translations-rh1481186.patch
Patch4: 0004-bug-fixes-found-by-coverity.patch
Patch5: 0005-clear-unsaved-flag-on-new-connections-rh1525078.patch
Patch6: 0006-reload-qdiscs-and-tfilters-after-removal-rh1527197.patch
Patch7: 0007-wwan-default-device-route-rh1527934.patch
Patch8: 0008-dhcp-client-id-rh1531173.patch
Patch9: 0009-distinct-route-metric-rh1505893.patch
Patch10: 0010-fix-set-connectivity-check-enabled-rh1534477.patch
Patch11: 0011-fix-assertion-delete-volatile-connection-rh1506552.patch
Patch12: 0012-device-increase-carrier-wait-time-rh1520826.patch
Patch13: 0013-ifcfg-ovs-master-rh1519179.patch
Patch14: 0014-device-skip-IP-conf-for-external-devices-rh1530288.patch
Patch15: 0015-route-get-crash-rh1534721.patch
Patch16: 0016-ovs-interface-dhcp-twice-rh1540063.patch
Patch17: 0017-ensure-alignment-of-team-properties-rh1533830.patch
Patch18: 0018-team-link-watchers-fixes-rh1533926.patch
Patch19: 0019-update-team-runner-desc-rh1533799.patch
Patch20: 0020-team-fix-runner-sys_prio-default-rh1533810.patch
Patch21: 0021-avoid-symbol-clash-with-json-glib-rh1535905.patch
Patch22: 0022-team-add-random-runner-rh1538699.patch
Patch23: 0023-ppp-don-t-start-IPv6-configuration-rh1515829.patch
Patch24: 0024-Revert-IPv4-rp_filter-handling-rh1492472.patch
Patch25: 0025-team-clean-runner-tx-hash-on-set-rh1541922.patch
Patch26: 0026-dhcp-fix-lease-renewal-rh1503587.patch
Patch1000: 1000-cli-remove-assertion-in-nmc_device_state_to_color.patch
Patch1001: 1001-translations-rh1569438.patch
Patch1002: 1002-cli-fix-reading-vpn.secrets.-from-passwd-file.patch

# The pregenerated docs contain default values and paths that depend
# on the configure options when creating the source tarball.
@ -127,7 +136,9 @@ Patch26: 0026-dhcp-fix-lease-renewal-rh1503587.patch @@ -127,7 +136,9 @@ Patch26: 0026-dhcp-fix-lease-renewal-rh1503587.patch
Patch9999: 9999-fix-pregen-doc.patch

Requires(post): systemd
Requires(post): /usr/sbin/update-alternatives
Requires(preun): systemd
Requires(preun): /usr/sbin/update-alternatives
Requires(postun): systemd

Requires: dbus >= %{dbus_version}
@ -147,21 +158,29 @@ Conflicts: NetworkManager-pptp < 1:0.7.0.99-1 @@ -147,21 +158,29 @@ Conflicts: NetworkManager-pptp < 1:0.7.0.99-1
Conflicts: NetworkManager-openconnect < 0:0.7.0.99-1
Conflicts: kde-plasma-networkmanagement < 1:0.9-0.49.20110527git.nm09

BuildRequires: gcc
BuildRequires: libtool
BuildRequires: pkgconfig
BuildRequires: automake
BuildRequires: autoconf
BuildRequires: intltool
BuildRequires: gettext-devel

BuildRequires: dbus-devel >= %{dbus_version}
BuildRequires: dbus-glib-devel >= %{dbus_glib_version}
%if 0%{?fedora}
BuildRequires: wireless-tools-devel >= %{wireless_tools_version}
%endif
BuildRequires: glib2-devel >= 2.32.0
BuildRequires: glib2-devel >= 2.40.0
BuildRequires: gobject-introspection-devel >= 0.10.3
BuildRequires: gettext-devel
BuildRequires: pkgconfig
BuildRequires: libnl3-devel >= %{libnl3_version}
BuildRequires: automake autoconf intltool libtool
%if %{with ppp}
BuildRequires: ppp-devel >= 2.4.5
%endif
%if %{with crypto_gnutls}
BuildRequires: gnutls-devel >= 2.12
%else
BuildRequires: nss-devel >= 3.11.7
%endif
BuildRequires: dhclient
BuildRequires: readline-devel
BuildRequires: audit-libs-devel
@ -189,11 +208,24 @@ BuildRequires: ModemManager-glib-devel >= 1.0 @@ -189,11 +208,24 @@ BuildRequires: ModemManager-glib-devel >= 1.0
BuildRequires: newt-devel
%endif
BuildRequires: /usr/bin/dbus-launch
%if 0%{?fedora} > 27 || 0%{?rhel} > 7
BuildRequires: python3
BuildRequires: python3-gobject-base
BuildRequires: python3-dbus
%else
BuildRequires: python2
BuildRequires: pygobject3-base
BuildRequires: dbus-python
%endif
BuildRequires: libselinux-devel
BuildRequires: polkit-devel
BuildRequires: jansson-devel
%if %{with sanitizer}
BuildRequires: libasan
%if 0%{?fedora}
BuildRequires: libubsan
%endif
%endif


%description
@ -251,7 +283,16 @@ This package contains NetworkManager support for team devices. @@ -251,7 +283,16 @@ This package contains NetworkManager support for team devices.
Summary: Wifi plugin for NetworkManager
Group: System Environment/Base
Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release}
Requires: wpa_supplicant >= 1:1.1

%if %{with iwd} && (0%{?fedora} > 24 || 0%{?rhel} > 7)
Requires: (wpa_supplicant >= %{wpa_supplicant_version} or iwd)
%else
# Just require wpa_supplicant on platforms that don't support boolean
# dependencies even though the plugin supports both supplicant and
# iwd backend.
Requires: wpa_supplicant >= %{wpa_supplicant_version}
%endif

Obsoletes: NetworkManager < %{obsoletes_device_plugins}

%description wifi
@ -276,13 +317,13 @@ devices. @@ -276,13 +317,13 @@ devices.

%if %{with ovs}
%package ovs
Summary: OpenVSwitch device plugin for NetworkManager
Summary: Open vSwitch device plugin for NetworkManager
Group: System Environment/Base
Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release}
Requires: openvswitch

%description ovs
This package contains NetworkManager support for OpenVSwitch bridges.
This package contains NetworkManager support for Open vSwitch bridges.
%endif


@ -355,6 +396,32 @@ applications using NetworkManager functionality from applications. This @@ -355,6 +396,32 @@ applications using NetworkManager functionality from applications. This
is the new NetworkManager API. See also NetworkManager-glib-devel.


%if %{with connectivity_fedora}
%package config-connectivity-fedora
Summary: NetworkManager config file for connectivity checking via Fedora servers
Group: System Environment/Base
BuildArch: noarch
Provides: NetworkManager-config-connectivity = %{epoch}:%{version}-%{release}

%description config-connectivity-fedora
This adds a NetworkManager configuration file to enable connectivity checking
via Fedora infrastructure.
%endif


%if %{with connectivity_redhat}
%package config-connectivity-redhat
Summary: NetworkManager config file for connectivity checking via Red Hat servers
Group: System Environment/Base
BuildArch: noarch
Provides: NetworkManager-config-connectivity = %{epoch}:%{version}-%{release}

%description config-connectivity-redhat
This adds a NetworkManager configuration file to enable connectivity checking
via Red Hat infrastructure.
%endif


%package config-server
Summary: NetworkManager config file for "server-like" defaults
Group: System Environment/Base
@ -370,6 +437,7 @@ ethernet devices with no carrier. @@ -370,6 +437,7 @@ ethernet devices with no carrier.
This package is intended to be installed by default for server
deployments.


%package dispatcher-routing-rules
Summary: NetworkManager dispatcher file for advanced routing rules
Group: System Environment/Base
@ -382,6 +450,7 @@ This adds a NetworkManager dispatcher file to support networking @@ -382,6 +450,7 @@ This adds a NetworkManager dispatcher file to support networking
configurations using "/etc/sysconfig/network-scripts/rule-NAME" files
(eg, to do policy-based routing).


%if 0%{with_nmtui}
%package tui
Summary: NetworkManager curses-based UI
@ -395,36 +464,10 @@ NetworkManager, to allow performing some of the operations supported @@ -395,36 +464,10 @@ NetworkManager, to allow performing some of the operations supported
by nm-connection-editor and nm-applet in a non-graphical environment.
%endif


%prep
%setup -q -n NetworkManager-%{real_version}

%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
%patch9 -p1
%patch10 -p1
%patch11 -p1
%patch12 -p1
%patch13 -p1
%patch14 -p1
%patch15 -p1
%patch16 -p1
%patch17 -p1
%patch18 -p1
%patch19 -p1
%patch20 -p1
%patch21 -p1
%patch22 -p1
%patch23 -p1
%patch24 -p1
%patch25 -p1
%patch26 -p1
%patch9999 -p1
%autosetup -p1 -n NetworkManager-%{real_version}


%build
%if %{with regen_docs}
@ -433,22 +476,24 @@ gtkdocize @@ -433,22 +476,24 @@ gtkdocize
autoreconf --install --force
intltoolize --automake --copy --force
%configure \
--disable-silent-rules \
--disable-static \
--with-dhclient=yes \
--with-dhcpcd=no \
--with-dhcpcanon=no \
--with-config-dhcp-default=dhclient \
--with-crypto=nss \
%if %{with test}
--enable-more-warnings=error \
%if %{with crypto_gnutls}
--with-crypto=gnutls \
%else
--enable-more-warnings=yes \
--with-crypto=nss \
%endif
%if %{with sanitizer}
--enable-address-sanitizer \
--with-address-sanitizer=exec \
%if 0%{?fedora}
--enable-undefined-sanitizer \
%endif
%else
--disable-address-sanitizer \
--with-address-sanitizer=no \
--disable-undefined-sanitizer \
%endif
%if %{with debug}
@ -474,6 +519,11 @@ intltoolize --automake --copy --force @@ -474,6 +519,11 @@ intltoolize --automake --copy --force
%endif
%else
--enable-wifi=no \
%endif
%if %{with iwd}
--with-iwd=yes \
%else
--with-iwd=no \
%endif
--enable-vala=yes \
--enable-introspection \
@ -510,6 +560,7 @@ intltoolize --automake --copy --force @@ -510,6 +560,7 @@ intltoolize --automake --copy --force
%if %{with test}
--with-tests=yes \
%else
--enable-more-warnings=yes \
--with-tests=no \
%endif
--with-valgrind=no \
@ -522,10 +573,16 @@ intltoolize --automake --copy --force @@ -522,10 +573,16 @@ intltoolize --automake --copy --force
--with-config-plugins-default='ifcfg-rh,ibft' \
--with-config-dns-rc-manager-default=file \
--with-config-logging-backend-default=syslog \
--enable-json-validation
--enable-json-validation \
%if %{with libnm_glib}
--with-libnm-glib
%else
--without-libnm-glib
%endif

make %{?_smp_mflags}


%install
# install NM
make install DESTDIR=%{buildroot}
@ -533,20 +590,26 @@ make install DESTDIR=%{buildroot} @@ -533,20 +590,26 @@ make install DESTDIR=%{buildroot}
cp %{SOURCE1} %{buildroot}%{_sysconfdir}/%{name}/

cp %{SOURCE2} %{buildroot}%{nmlibdir}/conf.d/

%if %{with connectivity_fedora}
cp %{SOURCE3} %{buildroot}%{nmlibdir}/conf.d/
%{__cp} %{SOURCE4} .
%endif

%if %{with connectivity_redhat}
cp %{SOURCE4} %{buildroot}%{nmlibdir}/conf.d/
%endif

cp %{SOURCE5} %{buildroot}%{nmlibdir}/conf.d/

cp examples/dispatcher/10-ifcfg-rh-routes.sh %{buildroot}%{_sysconfdir}/%{name}/dispatcher.d/
%ifarch x86_64 ppc64le
ln -s ../no-wait.d/10-ifcfg-rh-routes.sh %{buildroot}%{_sysconfdir}/%{name}/dispatcher.d/pre-up.d/
ln -s ../10-ifcfg-rh-routes.sh %{buildroot}%{_sysconfdir}/%{name}/dispatcher.d/no-wait.d/
%endif

%find_lang %{name}

rm -f %{buildroot}%{_libdir}/*.la
rm -f %{buildroot}%{_libdir}/pppd/%{ppp_version}/*.la
rm -f %{buildroot}%{_libdir}/NetworkManager/*.la
rm -f %{buildroot}%{nmplugindir}/*.la

# Ensure the documentation timestamps are constant to avoid multilib conflicts
find %{buildroot}%{_datadir}/gtk-doc -exec touch --reference configure.ac '{}' \+
@ -556,6 +619,8 @@ mkdir -p %{buildroot}%{_prefix}/src/debug/NetworkManager-%{real_version} @@ -556,6 +619,8 @@ mkdir -p %{buildroot}%{_prefix}/src/debug/NetworkManager-%{real_version}
cp valgrind.suppressions %{buildroot}%{_prefix}/src/debug/NetworkManager-%{real_version}
%endif

touch %{buildroot}%{_sbindir}/ifup %{buildroot}%{_sbindir}/ifdown


%check
%if %{with test}
@ -579,6 +644,16 @@ fi @@ -579,6 +644,16 @@ fi

%systemd_post NetworkManager.service NetworkManager-wait-online.service NetworkManager-dispatcher.service

%triggerin -- initscripts
if [ -f %{_sbindir}/ifup -a ! -L %{_sbindir}/ifup ]; then
# initscripts package too old, won't let us set an alternative
/usr/sbin/update-alternatives --remove ifup %{_libexecdir}/nm-ifup >/dev/null 2>&1 || :
else
/usr/sbin/update-alternatives --install %{_sbindir}/ifup ifup %{_libexecdir}/nm-ifup 50 \
--slave %{_sbindir}/ifdown ifdown %{_libexecdir}/nm-ifdown
fi


%preun
if [ $1 -eq 0 ]; then
# Package removal, not upgrade
@ -586,9 +661,12 @@ if [ $1 -eq 0 ]; then @@ -586,9 +661,12 @@ if [ $1 -eq 0 ]; then

# Don't kill networking entirely just on package remove
#/bin/systemctl stop NetworkManager.service >/dev/null 2>&1 || :

/usr/sbin/update-alternatives --remove ifup %{_libexecdir}/nm-ifup >/dev/null 2>&1 || :
fi
%systemd_preun NetworkManager-wait-online.service NetworkManager-dispatcher.service


%postun
/usr/bin/udevadm control --reload-rules || :
/usr/bin/udevadm trigger --subsystem-match=net || :
@ -620,11 +698,16 @@ fi @@ -620,11 +698,16 @@ fi
%config(noreplace) %{_sysconfdir}/%{name}/NetworkManager.conf
%{nmlibdir}/conf.d/10-slaves-order.conf
%{_bindir}/nm-online
%{_libexecdir}/nm-ifup
%ghost %attr(755, root, root) %{_sbindir}/ifup
%{_libexecdir}/nm-ifdown
%ghost %attr(755, root, root) %{_sbindir}/ifdown
%{_libexecdir}/nm-dhcp-helper
%{_libexecdir}/nm-dispatcher
%{_libexecdir}/nm-iface-helper
%dir %{_libdir}/NetworkManager
%{_libdir}/NetworkManager/libnm-settings-plugin*.so
%dir %{_libdir}/%{name}
%dir %{nmplugindir}
%{nmplugindir}/libnm-settings-plugin*.so
%if %{with nmtui}
%exclude %{_mandir}/man1/nmtui*
%endif
@ -652,54 +735,66 @@ fi @@ -652,54 +735,66 @@ fi
%doc NEWS AUTHORS README CONTRIBUTING TODO
%license COPYING


%if %{with adsl}
%files adsl
%{_libdir}/%{name}/libnm-device-plugin-adsl.so
%{nmplugindir}/libnm-device-plugin-adsl.so
%else
%exclude %{_libdir}/%{name}/libnm-device-plugin-adsl.so
%exclude %{nmplugindir}/libnm-device-plugin-adsl.so
%endif


%if %{with bluetooth}
%files bluetooth
%{_libdir}/%{name}/libnm-device-plugin-bluetooth.so
%{nmplugindir}/libnm-device-plugin-bluetooth.so
%endif


%if %{with team}
%files team
%{_libdir}/%{name}/libnm-device-plugin-team.so
%{nmplugindir}/libnm-device-plugin-team.so
%endif


%if %{with wifi}
%files wifi
%{_libdir}/%{name}/libnm-device-plugin-wifi.so
%{nmplugindir}/libnm-device-plugin-wifi.so
%endif


%if %{with wwan}
%files wwan
%{_libdir}/%{name}/libnm-device-plugin-wwan.so
%{_libdir}/%{name}/libnm-wwan.so
%{nmplugindir}/libnm-device-plugin-wwan.so
%{nmplugindir}/libnm-wwan.so
%endif


%if %{with ovs}
%files ovs
%{_libdir}/%{name}/libnm-device-plugin-ovs.so
%{nmplugindir}/libnm-device-plugin-ovs.so
%{systemd_dir}/NetworkManager.service.d/NetworkManager-ovs.conf
%{_mandir}/man7/nm-openvswitch.7*
%endif


%if %{with ppp}
%files ppp
%{_libdir}/pppd/%{ppp_version}/nm-pppd-plugin.so
%{_libdir}/%{name}/libnm-ppp-plugin.so
%{nmplugindir}/libnm-ppp-plugin.so
%endif


%if %{with libnm_glib}
%files glib -f %{name}.lang
%{_libdir}/libnm-glib.so.*
%{_libdir}/libnm-glib-vpn.so.*
%{_libdir}/libnm-util.so.*
%{_libdir}/girepository-1.0/NetworkManager-1.0.typelib
%{_libdir}/girepository-1.0/NMClient-1.0.typelib
%endif


%if %{with libnm_glib}
%files glib-devel
%doc docs/api/html/*
%dir %{_includedir}/libnm-glib
@ -726,15 +821,16 @@ fi @@ -726,15 +821,16 @@ fi
%{_datadir}/gtk-doc/html/libnm-glib/*
%dir %{_datadir}/gtk-doc/html/libnm-util
%{_datadir}/gtk-doc/html/libnm-util/*
%dir %{_datadir}/gtk-doc/html/NetworkManager
%{_datadir}/gtk-doc/html/NetworkManager/*
%{_datadir}/vala/vapi/libnm-*.deps
%{_datadir}/vala/vapi/libnm-*.vapi
%endif


%files libnm -f %{name}.lang
%{_libdir}/libnm.so.*
%{_libdir}/girepository-1.0/NM-1.0.typelib


%files libnm-devel
%doc docs/api/html/*
%dir %{_includedir}/libnm
@ -744,21 +840,41 @@ fi @@ -744,21 +840,41 @@ fi
%{_datadir}/gir-1.0/NM-1.0.gir
%dir %{_datadir}/gtk-doc/html/libnm
%{_datadir}/gtk-doc/html/libnm/*
%dir %{_datadir}/gtk-doc/html/NetworkManager
%{_datadir}/gtk-doc/html/NetworkManager/*
%{_datadir}/vala/vapi/libnm.deps
%{_datadir}/vala/vapi/libnm.vapi
%{_datadir}/dbus-1/interfaces/*.xml


%if %{with connectivity_fedora}
%files config-connectivity-fedora
%dir %{nmlibdir}
%dir %{nmlibdir}/conf.d
%{nmlibdir}/conf.d/20-connectivity-fedora.conf
%endif


%if %{with connectivity_redhat}
%files config-connectivity-redhat
%dir %{nmlibdir}
%dir %{nmlibdir}/conf.d
%{nmlibdir}/conf.d/20-connectivity-redhat.conf
%endif


%files config-server
%doc README.nmcs
%dir %{nmlibdir}
%dir %{nmlibdir}/conf.d
%{nmlibdir}/conf.d/00-server.conf


%files dispatcher-routing-rules
%{_sysconfdir}/%{name}/dispatcher.d/10-ifcfg-rh-routes.sh
%{_sysconfdir}/%{name}/dispatcher.d/no-wait.d/10-ifcfg-rh-routes.sh
%{_sysconfdir}/%{name}/dispatcher.d/pre-up.d/10-ifcfg-rh-routes.sh


%if %{with nmtui}
%files tui
%{_bindir}/nmtui
@ -768,7 +884,66 @@ fi @@ -768,7 +884,66 @@ fi
%{_mandir}/man1/nmtui*
%endif


%changelog
* Sat Sep 15 2018 Beniamino Galvani <bgalvani@redhat.com> - 1:1.12.0-6
- dns: dnsmasq: avoid crash when no reverse domains exist (rh #1628576)
- initscripts: fix ownership of ifup/ifdown executables (rh #1626517)
- cli: fix parsing vpn secrets from password file (rh #1628946)

* Fri Sep 7 2018 Beniamino Galvani <bgalvani@redhat.com> - 1:1.12.0-5
- core: fix wireless bitrate property name on D-Bus (rh #1626391)

* Thu Aug 30 2018 Beniamino Galvani <bgalvani@redhat.com> - 1:1.12.0-4
- libnm-core: support private keys encrypted with AES-{192,256}-CBC (rh #1623798)

* Sun Aug 19 2018 Lubomir Rintel <lrintel@redhat.com> - 1:1.12.0-3
- cli: remove assertion in nmc_device_state_to_color() (rh #1614691)
- po: import Japanese translation (rh #1569438)

* Wed Jul 4 2018 Beniamino Galvani <bgalvani@redhat.com> - 1:1.12.0-2
- device: disable rp_filter handling (rh #1593194)
- ibft: grant required CAP_SYS_ADMIN capabilities (rh#1596954)

* Sun Jul 1 2018 Thomas Haller <thaller@redhat.com> - 1:1.12.0-1
- Update to upstream 1.12.0 release (rh #1592311)
- device: improve MTU handling for VLAN (rh #1586191)

* Wed Jun 20 2018 Beniamino Galvani <bgalvani@redhat.com> - 1:1.12.0-0.2
- dhcp: preserve old behavior and don't add leading zero to printable client-id (rh #1556983)

* Mon Jun 18 2018 Thomas Haller <thaller@redhat.com> - 1:1.12.0-0.1
- Update to upstream release 1.11.90 (release candidate) (rh #1592311)
- libnm: properly handle cancelling of async operations (rh #1555281)
- libnm: support handling checkpoints (rh #1496739)
- core: fix blocking/not-blocking autoconnect related to missing secrets (rh #1553113)
- core: rework and improve IPv4 address collission detection (rh #1507864)
- wifi: fix timeout handling for supplicant when no secrets provided (rh #1575501)
- macsec: enable sending SCI by default and make it configurable (rh #1588041)
- ethernet: support announcing duplex/speed in combination with autonegotiation (rh #1487477)
- wwan: improve failure reason for unsupported IP methods (rh #1459529)
- tun: use netlink kernel API for tun devices if available (rh #1547213)
- ovs: fix assertion during shutdown of NetworkManager (rh #1543871)
- dhcp: improve handling DHCP timeouts (rh #1573780)
- dhcp: support specifying ipv6.dhcp-duid (rh #1414093)
- dhcp: support generating ipv4.dhcp-client-id based on MAC/stable-id
- dns: avoid updating resolv.conf when exiting (rh #1541031)
- ifcfg-rh: fix IPv4 settings in combination with method "shared" (rh #1519299)
- ifcfg-rh: fix handling unset Wi-Fi mode (rh #1549972)
- iface-helper: fix invalid reentrant call to platform (rh #1546656)
- doc: various improvments to documentation (rh #1543832)

* Fri Jun 15 2018 Thomas Haller <thaller@redhat.com> - 1:1.10.2-16
- device: fix crash during reapply of connection settings (rh #1591631)

* Wed Jun 6 2018 Beniamino Galvani <bgalvani@redhat.com> - 1:1.10.2-15
- device: start IP configuration when master carrier goes up (rh #1576254)

* Mon Apr 23 2018 Beniamino Galvani <bgalvani@redhat.com> - 1:1.10.2-14
- manager: retry activating devices when the parent becomes managed (rh #1553595)
- manager: allow autoconnect-slaves to reconnect the same connection (rh #1548265)
- manager: fix starting teamd after service restart (rh #1551958)

* Tue Feb 20 2018 Francesco Giudici <fgiudici@redhat.com> - 1:1.10.2-13
- dhcp: better handle DHCP outages and retry DHCP indefinitely (rh #1503587)

@ -2968,7 +3143,7 @@ fi @@ -2968,7 +3143,7 @@ fi
- Add dbus-glib-devel BuildRequires for NetworkManager-glib-devel (rh #442978)
- Add PPP settings page to connection editor
- Fix a few crashes with PPPoE
- Fix active connection state changes that confused clients
- Fix active connection state changes that confused clients

* Thu Apr 17 2008 Dan Williams <dcbw@redhat.com> - 1:0.7.0-0.9.2.svn3571
- Fix build in pppd-plugin
@ -3299,7 +3474,7 @@ fi @@ -3299,7 +3474,7 @@ fi
* Fri Feb 2 2007 Christopher Aillon <caillon@redhat.com> - 1:0.6.5-0.2.cvs20061025
- Move .so file to -devel package

* Sat Nov 25 2006 Matthias Clasen <mclasen@redhat.com>
* Sat Nov 25 2006 Matthias Clasen <mclasen@redhat.com>
- Own the /etc/NetworkManager/dispatcher.d directory
- Require pkgconfig for the -devel packages
- Fix compilation with dbus 1.0
@ -3377,7 +3552,7 @@ fi @@ -3377,7 +3552,7 @@ fi
(did he fire ten args, or only nine?)

* Thu Apr 27 2006 Jeremy Katz <katzj@redhat.com> - 0.6.2-2.fc6
- use the hal device type instead of poking via ioctl so that wireless
- use the hal device type instead of poking via ioctl so that wireless
devices are properly detected even if the kill switch has been used

* Thu Mar 30 2006 Dan Williams <dcbw@redhat.com> - 0.6.2-1
@ -3521,7 +3696,7 @@ fi @@ -3521,7 +3696,7 @@ fi
o Better caching of information in the applet (Bill Moss)
o Generate automatic suggested Ad-Hoc network name from machine's hostname
(Robert Love)
o Update all network information on successfull connect, not just
o Update all network information on successfull connect, not just
authentication method

* Fri Jul 29 2005 Ray Strode <rstrode@redhat.com> - 0.4-34.cvs20050729

Write Preview
Loading…
Cancel
Save