rpms
/
NetworkManager
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update to 1.15.90 release (1.16-rc1)

This commit is contained in:
Thomas Haller 2019-02-23 10:54:58 +01:00
parent 3fcb0e3703
commit 2a9113a2f9
4 changed files with 49 additions and 313 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -351,3 +351,4 @@ network-manager-applet-0.8.1.tar.bz2
/NetworkManager-1.14.0.tar.xz
/NetworkManager-1.14.2.tar.xz
/NetworkManager-1.14.4.tar.xz
/NetworkManager-1.15.90.tar.xz

299
0001-dhcp-CVE-2018-15688.patch
View File

@ -1,299 +0,0 @@
From 157094abd83f933fad142758a7d177cfa1a347f7 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Thu, 27 Sep 2018 18:04:59 +0900
Subject: [PATCH 1/6] sd-dhcp-lease: fix memleaks
(cherry picked from commit e2975f854831d08a25b4f5eb329b6d04102e115f)
---
src/systemd/src/libsystemd-network/sd-dhcp-lease.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/systemd/src/libsystemd-network/sd-dhcp-lease.c b/src/systemd/src/libsystemd-network/sd-dhcp-lease.c
index d2402595c6..cac07d3e5f 100644
--- a/src/systemd/src/libsystemd-network/sd-dhcp-lease.c
+++ b/src/systemd/src/libsystemd-network/sd-dhcp-lease.c
@@ -279,6 +279,8 @@ sd_dhcp_lease *sd_dhcp_lease_unref(sd_dhcp_lease *lease) {
free(option);
}
+ free(lease->root_path);
+ free(lease->timezone);
free(lease->hostname);
free(lease->domainname);
free(lease->dns);
--
2.17.1
From 91fb1673d5217aaf1461998fd2675630f5c265f9 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Thu, 27 Sep 2018 23:48:51 +0900
Subject: [PATCH 2/6] dhcp6: fix buffer size checking
(cherry picked from commit cb1bdeaf56852275e6b0dd1fba932bb174767f70)
---
src/systemd/src/libsystemd-network/sd-dhcp6-client.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/systemd/src/libsystemd-network/sd-dhcp6-client.c b/src/systemd/src/libsystemd-network/sd-dhcp6-client.c
index 8444a750a4..0b261a2cba 100644
--- a/src/systemd/src/libsystemd-network/sd-dhcp6-client.c
+++ b/src/systemd/src/libsystemd-network/sd-dhcp6-client.c
@@ -818,8 +818,8 @@ static int client_parse_message(
uint8_t *optval;
be32_t iaid_lease;
- if (len < offsetof(DHCP6Option, data) ||
- len < offsetof(DHCP6Option, data) + be16toh(option->len))
+ if (len < pos + offsetof(DHCP6Option, data) ||
+ len < pos + offsetof(DHCP6Option, data) + be16toh(option->len))
return -ENOBUFS;
optcode = be16toh(option->code);
--
2.17.1
From 0e93fd895daa6f0f578ffa8fc4ed3e0ea85c62e8 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Fri, 19 Oct 2018 03:44:56 +0900
Subject: [PATCH 3/6] sd-dhcp6: fix argument and error handling of
dhcp6_option_parse_status()
(cherry picked from commit 91c43f3978fa7c8341550b9ca279e460ba7e74e6)
(cherry picked from commit 373cbfc8c6e9591b3c8cc12d58c4b31ac35ab24f)
---
src/systemd/src/libsystemd-network/dhcp6-option.c | 10 ++++++----
src/systemd/src/libsystemd-network/sd-dhcp6-client.c | 9 +++++----
2 files changed, 11 insertions(+), 8 deletions(-)
diff --git a/src/systemd/src/libsystemd-network/dhcp6-option.c b/src/systemd/src/libsystemd-network/dhcp6-option.c
index ff1cbf13d8..cfddefcb56 100644
--- a/src/systemd/src/libsystemd-network/dhcp6-option.c
+++ b/src/systemd/src/libsystemd-network/dhcp6-option.c
@@ -465,13 +465,15 @@ int dhcp6_option_parse_ia(DHCP6Option *iaoption, DHCP6IA *ia) {
case SD_DHCP6_OPTION_STATUS_CODE:
- status = dhcp6_option_parse_status(option, optlen);
- if (status) {
+ status = dhcp6_option_parse_status(option, optlen + sizeof(DHCP6Option));
+ if (status < 0) {
+ r = status;
+ goto error;
+ }
+ if (status > 0) {
log_dhcp6_client(client, "IA status %d",
status);
- dhcp6_lease_free_ia(ia);
-
r = -EINVAL;
goto error;
}
diff --git a/src/systemd/src/libsystemd-network/sd-dhcp6-client.c b/src/systemd/src/libsystemd-network/sd-dhcp6-client.c
index 0b261a2cba..b694786a77 100644
--- a/src/systemd/src/libsystemd-network/sd-dhcp6-client.c
+++ b/src/systemd/src/libsystemd-network/sd-dhcp6-client.c
@@ -870,13 +870,14 @@ static int client_parse_message(
break;
case SD_DHCP6_OPTION_STATUS_CODE:
- status = dhcp6_option_parse_status(option, optlen);
- if (status) {
+ status = dhcp6_option_parse_status(option, optlen + sizeof(DHCP6Option));
+ if (status < 0)
+ return status;
+
+ if (status > 0) {
log_dhcp6_client(client, "%s Status %s",
dhcp6_message_type_to_string(message->type),
dhcp6_message_status_to_string(status));
- dhcp6_lease_free_ia(&lease->ia);
- dhcp6_lease_free_ia(&lease->pd);
return -EINVAL;
}
--
2.17.1
From f11f5abb1a8b96b553d2d156f8b5cf440695c04d Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Fri, 19 Oct 2018 03:42:10 +0900
Subject: [PATCH 4/6] sd-dhcp6: make dhcp6_option_parse_domainname() not store
empty domain
This improves performance of fuzzer.
C.f. oss-fuzz#11019.
(cherry picked from commit 3c72b6ed4252e7ff5f7704bfe44557ec197b47fa)
(cherry picked from commit 50403cccee28c7dcd54b138a0d3b3f69ea0204fe)
---
.../src/libsystemd-network/dhcp6-option.c | 66 ++++++++-----------
1 file changed, 29 insertions(+), 37 deletions(-)
diff --git a/src/systemd/src/libsystemd-network/dhcp6-option.c b/src/systemd/src/libsystemd-network/dhcp6-option.c
index cfddefcb56..be5c222372 100644
--- a/src/systemd/src/libsystemd-network/dhcp6-option.c
+++ b/src/systemd/src/libsystemd-network/dhcp6-option.c
@@ -555,6 +555,7 @@ int dhcp6_option_parse_domainname(const uint8_t *optval, uint16_t optlen, char *
bool first = true;
for (;;) {
+ const char *label;
uint8_t c;
c = optval[pos++];
@@ -562,47 +563,41 @@ int dhcp6_option_parse_domainname(const uint8_t *optval, uint16_t optlen, char *
if (c == 0)
/* End of name */
break;
- else if (c <= 63) {
- const char *label;
-
- /* Literal label */
- label = (const char *)&optval[pos];
- pos += c;
- if (pos >= optlen)
- return -EMSGSIZE;
-
- if (!GREEDY_REALLOC(ret, allocated, n + !first + DNS_LABEL_ESCAPED_MAX)) {
- r = -ENOMEM;
- goto fail;
- }
-
- if (first)
- first = false;
- else
- ret[n++] = '.';
-
- r = dns_label_escape(label, c, ret + n, DNS_LABEL_ESCAPED_MAX);
- if (r < 0)
- goto fail;
-
- n += r;
- continue;
- } else {
- r = -EBADMSG;
- goto fail;
- }
- }
+ if (c > 63)
+ return -EBADMSG;
+
+ /* Literal label */
+ label = (const char *)&optval[pos];
+ pos += c;
+ if (pos >= optlen)
+ return -EMSGSIZE;
+
+ if (!GREEDY_REALLOC(ret, allocated, n + !first + DNS_LABEL_ESCAPED_MAX))
+ return -ENOMEM;
+
+ if (first)
+ first = false;
+ else
+ ret[n++] = '.';
+
+ r = dns_label_escape(label, c, ret + n, DNS_LABEL_ESCAPED_MAX);
+ if (r < 0)
+ return r;
- if (!GREEDY_REALLOC(ret, allocated, n + 1)) {
- r = -ENOMEM;
- goto fail;
+ n += r;
}
+ if (n == 0)
+ continue;
+
+ if (!GREEDY_REALLOC(ret, allocated, n + 1))
+ return -ENOMEM;
+
ret[n] = 0;
r = strv_extend(&names, ret);
if (r < 0)
- goto fail;
+ return r;
idx++;
}
@@ -610,7 +605,4 @@ int dhcp6_option_parse_domainname(const uint8_t *optval, uint16_t optlen, char *
*str_arr = TAKE_PTR(names);
return idx;
-
-fail:
- return r;
}
--
2.17.1
From cb77290a696dce924e2a993690634986ac035490 Mon Sep 17 00:00:00 2001
From: Li Song <song.li@honeywell.com>
Date: Fri, 19 Oct 2018 13:41:51 -0400
Subject: [PATCH 5/6] sd-dhcp: remove unreachable route after rebinding return
NAK
(cherry picked from commit cc3981b1272b9ce37e7d734a7b2f42e84acac535)
(cherry picked from commit 915c2f675a23b2ae16d292d1ac570706f76b384d)
---
src/systemd/src/libsystemd-network/sd-dhcp-client.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/systemd/src/libsystemd-network/sd-dhcp-client.c b/src/systemd/src/libsystemd-network/sd-dhcp-client.c
index 42707f10d8..9158945372 100644
--- a/src/systemd/src/libsystemd-network/sd-dhcp-client.c
+++ b/src/systemd/src/libsystemd-network/sd-dhcp-client.c
@@ -1688,6 +1688,8 @@ static int client_handle_message(sd_dhcp_client *client, DHCPMessage *message, i
client->timeout_resend =
sd_event_source_unref(client->timeout_resend);
+ client_notify(client, SD_DHCP_CLIENT_EVENT_EXPIRED);
+
r = client_initialize(client);
if (r < 0)
goto error;
--
2.17.1
From fc230dca139142f409d7bac99dbfabe9b004e2fb Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Fri, 19 Oct 2018 12:12:33 +0200
Subject: [PATCH 6/6] dhcp6: make sure we have enough space for the DHCP6
option header
Fixes a vulnerability originally discovered by Felix Wilhelm from
Google.
CVE-2018-15688
LP: #1795921
https://bugzilla.redhat.com/show_bug.cgi?id=1639067
(cherry picked from commit 4dac5eaba4e419b29c97da38a8b1f82336c2c892)
(cherry picked from commit 01ca2053bbea09f35b958c8cc7631e15469acb79)
---
src/systemd/src/libsystemd-network/dhcp6-option.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/systemd/src/libsystemd-network/dhcp6-option.c b/src/systemd/src/libsystemd-network/dhcp6-option.c
index be5c222372..22970443d6 100644
--- a/src/systemd/src/libsystemd-network/dhcp6-option.c
+++ b/src/systemd/src/libsystemd-network/dhcp6-option.c
@@ -105,7 +105,7 @@ int dhcp6_option_append_ia(uint8_t **buf, size_t *buflen, DHCP6IA *ia) {
return -EINVAL;
}
- if (*buflen < len)
+ if (*buflen < offsetof(DHCP6Option, data) + len)
return -ENOBUFS;
ia_hdr = *buf;
--
2.17.1

60
NetworkManager.spec
View File

@ -8,9 +8,9 @@
%global glib2_version %(pkg-config --modversion glib-2.0 2>/dev/null || echo bad)
%global epoch_version 1
%global rpm_version 1.14.4
%global real_version 1.14.4
%global release_version 2
%global rpm_version 1.16.0
%global real_version 1.15.90
%global release_version 0.1
%global snapshot %{nil}
%global git_sha %{nil}
@ -23,10 +23,10 @@
%global _hardened_build 1
%if x%{?snapshot} != x
%if "x%{?snapshot}" != x
%global snapshot_dot .%{snapshot}
%endif
%if x%{?git_sha} != x
%if "x%{?git_sha}" != x
%global git_sha_dot .%{git_sha}
%endif
@ -49,6 +49,7 @@
%bcond_without regen_docs
%bcond_with debug
%bcond_with test
%bcond_with lto
%bcond_with sanitizer
%if 0%{?fedora} > 28 || 0%{?rhel} > 7
%bcond_with libnm_glib
@ -99,18 +100,17 @@ Name: NetworkManager
Summary: Network connection manager and user applications
Epoch: %{epoch_version}
Version: %{rpm_version}
Release: %{release_version}%{?snap}%{?dist}.3
Release: %{release_version}%{?snap}%{?dist}
License: GPLv2+
URL: http://www.gnome.org/projects/NetworkManager/
Source: https://download.gnome.org/sources/NetworkManager/%{real_version_major}/%{name}-%{real_version}.tar.xz
Source1: NetworkManager.conf
Source2: 00-server.conf
Source3: 20-connectivity-fedora.conf
Source4: 20-connectivity-redhat.conf
Source4: 20-connectivity-fedora.conf
Source5: 20-connectivity-redhat.conf
#Patch1: 0001-some.patch
Patch1: 0001-dhcp-CVE-2018-15688.patch
Requires(post): systemd
Requires(post): /usr/sbin/update-alternatives
@ -205,6 +205,18 @@ BuildRequires: libubsan
%endif
%endif
# NetworkManager uses various parts of systemd-networkd internally, including
# DHCP client, IPv4 Link-Local address negotiation or LLDP support.
# This provide is essentially here so that NetworkManager shows on Security
# Response Team's radar in case a flaw is found. The code is frequently
# synchronized and thus it's not easy to establish a good version number
# here. The version of zero is there just to have something conservative so
# that the scripts that would parse the SPEC file naively would be unlikely
# to fail. Refer to git log for the real date and commit number of last
# synchronization:
# https://gitlab.freedesktop.org/NetworkManager/NetworkManager/commits/master/src/systemd
Provides: bundled(systemd) = 0
%description
NetworkManager is a system service that manages network interfaces and
@ -292,7 +304,9 @@ devices.
%package ovs
Summary: Open vSwitch device plugin for NetworkManager
Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release}
%if 0%{?rhel} == 0
Requires: openvswitch
%endif
%description ovs
This package contains NetworkManager support for Open vSwitch bridges.
@ -434,6 +448,10 @@ by nm-connection-editor and nm-applet in a non-graphical environment.
%build
%if %{with meson}
%meson \
--warnlevel 2 \
%if %{with test}
--werror \
%endif
-Ddhcpcanon=no \
-Ddhcpcd=no \
-Dconfig_dhcp_default=%{dhcp_default} \
@ -450,6 +468,11 @@ by nm-connection-editor and nm-applet in a non-graphical environment.
-Dmore_asserts=0 \
%endif
-Dld_gc=true \
%if %{with lto}
-D b_lto=true \
%else
-D b_lto=false \
%endif
-Dlibaudit=yes-disabled-by-default \
%if 0%{?with_modem_manager_1}
-Dmodem_manager=true \
@ -489,14 +512,16 @@ by nm-connection-editor and nm-applet in a non-graphical environment.
-Dovs=false \
%endif
-Dselinux=true \
-Dpolkit=yes \
-Dpolkit=true \
-Dpolkit_agent=true \
-Dmodify_system=true \
-Dconcheck=true \
%if 0%{?fedora}
-Dlibpsl=true \
-Debpf=true \
%else
-Dlibpsl=false \
-Debpf=false \
%endif
-Dsession_tracking=systemd \
-Dsuspend_resume=systemd \
@ -559,6 +584,11 @@ intltoolize --automake --copy --force
--without-more-asserts \
%endif
--enable-ld-gc \
%if %{with lto}
--enable-lto \
%else
--disable-lto \
%endif
--with-libaudit=yes-disabled-by-default \
%if 0%{?with_modem_manager_1}
--with-modem-manager-1=yes \
@ -604,8 +634,10 @@ intltoolize --automake --copy --force
--enable-concheck \
%if 0%{?fedora}
--with-libpsl \
--with-ebpf \
%else
--without-libpsl \
--without-ebpf \
%endif
--with-session-tracking=systemd \
--with-suspend-resume=systemd \
@ -651,11 +683,11 @@ cp %{SOURCE1} %{buildroot}%{_sysconfdir}/%{name}/
cp %{SOURCE2} %{buildroot}%{nmlibdir}/conf.d/
%if %{with connectivity_fedora}
cp %{SOURCE3} %{buildroot}%{nmlibdir}/conf.d/
cp %{SOURCE4} %{buildroot}%{nmlibdir}/conf.d/
%endif
%if %{with connectivity_redhat}
cp %{SOURCE4} %{buildroot}%{nmlibdir}/conf.d/
cp %{SOURCE5} %{buildroot}%{nmlibdir}/conf.d/
%endif
cp examples/dispatcher/10-ifcfg-rh-routes.sh %{buildroot}%{_sysconfdir}/%{name}/dispatcher.d/
@ -789,7 +821,6 @@ fi
%dir %{_localstatedir}/lib/NetworkManager
%dir %{_sysconfdir}/NetworkManager/system-connections
%dir %{_sysconfdir}/sysconfig/network-scripts
%{_datadir}/dbus-1/system-services/org.freedesktop.NetworkManager.service
%{_datadir}/dbus-1/system-services/org.freedesktop.nm_dispatcher.service
%{_datadir}/polkit-1/actions/*.policy
%{_prefix}/lib/udev/rules.d/*.rules
@ -951,6 +982,9 @@ fi
%changelog
* Sat Feb 23 2019 Thomas Haller <thaller@redhat.com> - 1:1.16.0-0.1
- Update to 1.15.90 release (1.16-rc1)
* Sun Feb 17 2019 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 1:1.14.4-2.3
- Rebuild for readline 8.0

2
sources
View File

@ -1 +1 @@
SHA512 (NetworkManager-1.14.4.tar.xz) = 4199d6d7bbbee318b0f69cf2c1bf46cc3721c764121634751753c3cc833c4c5ac0856467896536e3d403ba8783fe452aaa79bfcd71a5ec324a4274989fb656c7
SHA512 (NetworkManager-1.15.90.tar.xz) = 8d9555599113887252f7588aabe9121ca7bd5ee9cd723dc9ff32c5a745d8d85f09855a899baa3726c4f54c843a15ae78b2eb8b74fe09828b14794f1a891db413