rpms
/
NetworkManager
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Backport a couple of fixes 

These are fixes that were fixed between 1.0.0 and 1.0.2, but missing in Fedora
21's 0.9.10.x release. I guess it does no harm to do an update before we
release 0.9.10.4 really.

- Fix split DNS configuration with dnsmasq and VPN connections (rh #1161232)
- Fix indication that a WiFi plugin is missing (rh #1168573)
- Don't let IPv6 Router Advertisements lower Hop Limit (CVE-2015-2924) (rh #1209903)
- User a proper SONAME when loading libnl (rh #1205195)
This commit is contained in:
Lubomir Rintel 2015-05-06 16:33:42 +02:00
parent 631d934213
commit a99f0b80ea
9 changed files with 964 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

92
0003-kill-dns-plugin-child-synchronously-rh1161232.patch Normal file
View File

@ -0,0 +1,92 @@
From 993bd6ab583c077eb0e94fb25f090eb164922435 Mon Sep 17 00:00:00 2001
From: Lubomir Rintel <lkundrak@v3.sk>
Date: Wed, 6 May 2015 11:52:27 +0200
Subject: [PATCH 1/4] dns: kill plugin child synchronously to avoid restart
race (rh #1161232) (bgo #728342)
NM was killing the dnsmasq local caching nameserver process and immediately
starting a new one, and new process couldn't bind to 127.0.0.1 because the
old one hadn't quit yet. Thus the new process quit, and the user was
left with no split DNS at all.
While this does introduce more synchronous waiting into the connection
process, it's not that much time and NM will kill dnsmasq if it hasn't
quit after 1 second. The longer-term fix is to use dnsmasq's D-Bus
interface to update DNS without respawning it.
https://bugzilla.gnome.org/show_bug.cgi?id=728342
https://bugzilla.redhat.com/show_bug.cgi?id=1161232
This is a rework of 10aff12526a2fc4b2d099df2710fdb040ccd9e4c. The newer
branches have ff3b753 (core: use nm_utils_kill_child_async() and
nm_utils_kill_child_sync()) which in turn relies on 1f84185 (core: add
nm_utils_kill_child_async() and nm_utils_kill_child_sync() function) that is
not entirely trivial to backport.
---
src/dns-manager/nm-dns-plugin.c | 41 ++++++++++++-----------------------------
1 file changed, 12 insertions(+), 29 deletions(-)
diff --git a/src/dns-manager/nm-dns-plugin.c b/src/dns-manager/nm-dns-plugin.c
index e85b2a0..549efe3 100644
--- a/src/dns-manager/nm-dns-plugin.c
+++ b/src/dns-manager/nm-dns-plugin.c
@@ -196,29 +196,6 @@ nm_dns_plugin_child_spawn (NMDnsPlugin *self,
return priv->pid;
}
-typedef struct {
- int pid;
- char *progname;
-} KillInfo;
-
-static gboolean
-ensure_killed (gpointer data)
-{
- KillInfo *info = data;
-
- if (kill (info->pid, 0) == 0)
- kill (info->pid, SIGKILL);
-
- /* ensure the child is reaped */
- nm_log_dbg (LOGD_DNS, "waiting for %s pid %d to exit", info->progname, info->pid);
- waitpid (info->pid, NULL, 0);
- nm_log_dbg (LOGD_DNS, "dnsmasq pid %d cleaned up", info->pid);
-
- g_free (info->progname);
- g_free (info);
- return FALSE;
-}
-
gboolean nm_dns_plugin_child_kill (NMDnsPlugin *self)
{
NMDnsPluginPrivate *priv = NM_DNS_PLUGIN_GET_PRIVATE (self);
@@ -229,14 +206,20 @@ gboolean nm_dns_plugin_child_kill (NMDnsPlugin *self)
}
if (priv->pid) {
- KillInfo *info;
if (kill (priv->pid, SIGTERM) == 0) {
- info = g_malloc0 (sizeof (KillInfo));
- info->pid = priv->pid;
- info->progname = g_strdup (priv->progname);
- g_timeout_add_seconds (2, ensure_killed, info);
- } else {
+ int counter = 20;
+
+ /* Wait up to 2 seconds synchronously. */
+ while (counter--) {
+ if (waitpid (priv->pid, NULL, WNOHANG))
+ break;
+ g_usleep (100000);
+ }
+ }
+
+ if (kill (priv->pid, 0) == 0) {
+ /* Not dead yet. */
kill (priv->pid, SIGKILL);
/* ensure the child is reaped */
--
2.4.0

135
0004-refactor-building-IP-config-lists-for-dns-plugins-rh1161232.patch Normal file
View File

@ -0,0 +1,135 @@
From 2171b984e3c9a17c032ac80054db79523d97d9dd Mon Sep 17 00:00:00 2001
From: Dan Williams <dcbw@redhat.com>
Date: Wed, 14 Jan 2015 17:03:22 -0600
Subject: [PATCH 2/4] dns: refactor building IP config lists for plugins (bgo
#728342)
Don't bother building the lists if no DNS plugins are enabled.
https://bugzilla.gnome.org/show_bug.cgi?id=728342
(cherry picked from commit cc8d9f778c2237b3e9e6815a2e0cc5635328edab)
---
src/dns-manager/nm-dns-manager.c | 70 ++++++++++++++++++++++++----------------
1 file changed, 43 insertions(+), 27 deletions(-)
diff --git a/src/dns-manager/nm-dns-manager.c b/src/dns-manager/nm-dns-manager.c
index ddf31af..e6984e3 100644
--- a/src/dns-manager/nm-dns-manager.c
+++ b/src/dns-manager/nm-dns-manager.c
@@ -561,6 +561,42 @@ compute_hash (NMDnsManager *self, guint8 buffer[HASH_LEN])
g_checksum_free (sum);
}
+static void
+build_plugin_config_lists (NMDnsManager *self,
+ GSList **out_vpn_configs,
+ GSList **out_dev_configs,
+ GSList **out_other_configs)
+{
+ NMDnsManagerPrivate *priv = NM_DNS_MANAGER_GET_PRIVATE (self);
+ GSList *iter;
+
+ g_return_if_fail (out_vpn_configs && !*out_vpn_configs);
+ g_return_if_fail (out_dev_configs && !*out_dev_configs);
+ g_return_if_fail (out_other_configs && !*out_other_configs);
+
+ /* Build up config lists for plugins; we use the raw configs here, not the
+ * merged information that we write to resolv.conf so that the plugins can
+ * still use the domain information in each config to provide split DNS if
+ * they want to.
+ */
+ if (priv->ip4_vpn_config)
+ *out_vpn_configs = g_slist_append (*out_vpn_configs, priv->ip4_vpn_config);
+ if (priv->ip6_vpn_config)
+ *out_vpn_configs = g_slist_append (*out_vpn_configs, priv->ip6_vpn_config);
+ if (priv->ip4_device_config)
+ *out_dev_configs = g_slist_append (*out_dev_configs, priv->ip4_device_config);
+ if (priv->ip6_device_config)
+ *out_dev_configs = g_slist_append (*out_dev_configs, priv->ip6_device_config);
+
+ for (iter = priv->configs; iter; iter = g_slist_next (iter)) {
+ if ( (iter->data != priv->ip4_vpn_config)
+ && (iter->data != priv->ip4_device_config)
+ && (iter->data != priv->ip6_vpn_config)
+ && (iter->data != priv->ip6_device_config))
+ *out_other_configs = g_slist_append (*out_other_configs, iter->data);
+ }
+}
+
static gboolean
update_dns (NMDnsManager *self,
gboolean no_caching,
@@ -568,7 +604,7 @@ update_dns (NMDnsManager *self,
{
NMDnsManagerPrivate *priv;
NMResolvConfData rc;
- GSList *iter, *vpn_configs = NULL, *dev_configs = NULL, *other_configs = NULL;
+ GSList *iter;
const char *nis_domain = NULL;
char **searches = NULL;
char **nameservers = NULL;
@@ -674,32 +710,11 @@ update_dns (NMDnsManager *self,
nis_domain = rc.nis_domain;
- /* Build up config lists for plugins; we use the raw configs here, not the
- * merged information that we write to resolv.conf so that the plugins can
- * still use the domain information in each config to provide split DNS if
- * they want to.
- */
- if (priv->ip4_vpn_config)
- vpn_configs = g_slist_append (vpn_configs, priv->ip4_vpn_config);
- if (priv->ip6_vpn_config)
- vpn_configs = g_slist_append (vpn_configs, priv->ip6_vpn_config);
- if (priv->ip4_device_config)
- dev_configs = g_slist_append (dev_configs, priv->ip4_device_config);
- if (priv->ip6_device_config)
- dev_configs = g_slist_append (dev_configs, priv->ip6_device_config);
-
- for (iter = priv->configs; iter; iter = g_slist_next (iter)) {
- if ( (iter->data != priv->ip4_vpn_config)
- && (iter->data != priv->ip4_device_config)
- && (iter->data != priv->ip6_vpn_config)
- && (iter->data != priv->ip6_device_config))
- other_configs = g_slist_append (other_configs, iter->data);
- }
-
/* Let any plugins do their thing first */
if (priv->plugin) {
NMDnsPlugin *plugin = priv->plugin;
const char *plugin_name = nm_dns_plugin_get_name (plugin);
+ GSList *vpn_configs = NULL, *dev_configs = NULL, *other_configs = NULL;
if (nm_dns_plugin_is_caching (plugin)) {
if (no_caching) {
@@ -710,6 +725,8 @@ update_dns (NMDnsManager *self,
caching = TRUE;
}
+ build_plugin_config_lists (self, &vpn_configs, &dev_configs, &other_configs);
+
nm_log_dbg (LOGD_DNS, "DNS: updating plugin %s", plugin_name);
if (!nm_dns_plugin_update (plugin,
vpn_configs,
@@ -723,15 +740,14 @@ update_dns (NMDnsManager *self,
*/
caching = FALSE;
}
+ g_slist_free (vpn_configs);
+ g_slist_free (dev_configs);
+ g_slist_free (other_configs);
skip:
;
}
- g_slist_free (vpn_configs);
- g_slist_free (dev_configs);
- g_slist_free (other_configs);
-
/* If caching was successful, we only send 127.0.0.1 to /etc/resolv.conf
* to ensure that the glibc resolver doesn't try to round-robin nameservers,
* but only uses the local caching nameserver.
--
2.4.0

300
0005-ensure-that-update_dns-always-returns-a-GError-rh1161232.patch Normal file
View File

@ -0,0 +1,300 @@
From 991b8efca0d3136d8c63b202a9346572c8197da5 Mon Sep 17 00:00:00 2001
From: Dan Williams <dcbw@redhat.com>
Date: Thu, 26 Feb 2015 15:04:36 -0600
Subject: [PATCH 3/4] dns: ensure that update_dns() always returns a GError on
failure
Callers may expect this, so make sure we do it.
(cherry picked from commit 06f25a3ec7c07eac5785daeb99f648200abe3feb)
---
src/NetworkManagerUtils.c | 19 ++++----
src/NetworkManagerUtils.h | 2 +-
src/dns-manager/nm-dns-manager.c | 99 +++++++++++++++++++++-------------------
src/dns-manager/nm-dns-unbound.c | 2 +-
4 files changed, 62 insertions(+), 60 deletions(-)
diff --git a/src/NetworkManagerUtils.c b/src/NetworkManagerUtils.c
index e6814e3..0a7a9b6 100644
--- a/src/NetworkManagerUtils.c
+++ b/src/NetworkManagerUtils.c
@@ -134,27 +134,26 @@ nm_utils_ip6_address_clear_host_address (struct in6_addr *dst, const struct in6_
int
-nm_spawn_process (const char *args)
+nm_spawn_process (const char *args, GError **error)
{
+ GError *local = NULL;
gint num_args;
char **argv = NULL;
int status = -1;
- GError *error = NULL;
g_return_val_if_fail (args != NULL, -1);
+ g_return_val_if_fail (!error || !*error, -1);
- if (!g_shell_parse_argv (args, &num_args, &argv, &error)) {
- nm_log_warn (LOGD_CORE, "could not parse arguments for '%s': %s", args, error->message);
- g_error_free (error);
- return -1;
+ if (g_shell_parse_argv (args, &num_args, &argv, &local)) {
+ g_spawn_sync ("/", argv, NULL, 0, nm_unblock_posix_signals, NULL, NULL, NULL, &status, &local);
+ g_strfreev (argv);
}
- if (!g_spawn_sync ("/", argv, NULL, 0, nm_unblock_posix_signals, NULL, NULL, NULL, &status, &error)) {
- nm_log_warn (LOGD_CORE, "could not spawn process '%s': %s", args, error->message);
- g_error_free (error);
+ if (local) {
+ nm_log_warn (LOGD_CORE, "could not spawn process '%s': %s", args, local->message);
+ g_propagate_error (error, local);
}
- g_strfreev (argv);
return status;
}
diff --git a/src/NetworkManagerUtils.h b/src/NetworkManagerUtils.h
index 7be316e..22d665e 100644
--- a/src/NetworkManagerUtils.h
+++ b/src/NetworkManagerUtils.h
@@ -53,7 +53,7 @@ nm_utils_ip6_route_metric_normalize (guint32 metric)
return metric ? metric : 1024 /*NM_PLATFORM_ROUTE_METRIC_DEFAULT*/;
}
-int nm_spawn_process (const char *args);
+int nm_spawn_process (const char *args, GError **error);
/* macro to return strlen() of a compile time string. */
#define STRLEN(str) ( sizeof ("" str) - 1 )
diff --git a/src/dns-manager/nm-dns-manager.c b/src/dns-manager/nm-dns-manager.c
index e6984e3..e833ce4 100644
--- a/src/dns-manager/nm-dns-manager.c
+++ b/src/dns-manager/nm-dns-manager.c
@@ -323,12 +323,19 @@ dispatch_netconfig (char **searches,
again:
- ret = waitpid (pid, NULL, 0);
- if (ret < 0 && errno == EINTR)
- goto again;
- else if (ret < 0 && errno == ECHILD) {
- /* When the netconfig exist, the errno is ECHILD, it should return TRUE */
- return TRUE;
+ if (waitpid (pid, NULL, 0) < 0) {
+ if (errno == EINTR)
+ goto again;
+ else if (errno == ECHILD) {
+ /* child already exited */
+ ret = pid;
+ } else {
+ g_set_error_literal (error,
+ NM_MANAGER_ERROR,
+ NM_MANAGER_ERROR_FAILED,
+ "Error waiting for netconfig to exit: %s",
+ strerror (errno));
+ }
}
return ret > 0;
@@ -344,22 +351,13 @@ write_resolv_conf (FILE *f,
{
char *searches_str = NULL;
char *nameservers_str = NULL;
- int i;
gboolean retval = FALSE;
+ char *tmp_str;
GString *str;
- if (fprintf (f, "%s","# Generated by NetworkManager\n") < 0) {
- g_set_error (error,
- NM_DNS_MANAGER_ERROR,
- NM_DNS_MANAGER_ERROR_SYSTEM,
- "Could not write " _PATH_RESCONF ": %s\n",
- g_strerror (errno));
- return FALSE;
- }
+ int i;
if (searches) {
- char *tmp_str;
-
tmp_str = g_strjoinv (" ", searches);
searches_str = g_strconcat ("search ", tmp_str, "\n", NULL);
g_free (tmp_str);
@@ -387,10 +385,17 @@ write_resolv_conf (FILE *f,
nameservers_str = g_string_free (str, FALSE);
- if (fprintf (f, "%s%s",
+ if (fprintf (f, "# Generated by NetworkManager\n%s%s",
searches_str ? searches_str : "",
- strlen (nameservers_str) ? nameservers_str : "") != -1)
+ nameservers_str) > 0)
retval = TRUE;
+ else {
+ g_set_error (error,
+ NM_DNS_MANAGER_ERROR,
+ NM_DNS_MANAGER_ERROR_SYSTEM,
+ "Could not write " _PATH_RESCONF ": %s\n",
+ g_strerror (errno));
+ }
g_free (searches_str);
g_free (nameservers_str);
@@ -407,9 +412,15 @@ dispatch_resolvconf (char **searches,
char *cmd;
FILE *f;
gboolean retval = FALSE;
+ int errnosv, err;
- if (! g_file_test (RESOLVCONF_PATH, G_FILE_TEST_IS_EXECUTABLE))
+ if (!g_file_test (RESOLVCONF_PATH, G_FILE_TEST_IS_EXECUTABLE)) {
+ g_set_error_literal (error,
+ NM_MANAGER_ERROR,
+ NM_MANAGER_ERROR_FAILED,
+ RESOLVCONF_PATH " is not executable");
return FALSE;
+ }
if (searches || nameservers) {
cmd = g_strconcat (RESOLVCONF_PATH, " -a ", "NetworkManager", NULL);
@@ -423,12 +434,21 @@ dispatch_resolvconf (char **searches,
g_strerror (errno));
else {
retval = write_resolv_conf (f, searches, nameservers, error);
- retval &= (pclose (f) == 0);
+ err = pclose (f);
+ if (err < 0) {
+ errnosv = errno;
+ g_set_error (error, G_IO_ERROR, g_io_error_from_errno (errnosv),
+ "Failed to close pipe to resolvconf: %d", errnosv);
+ retval = FALSE;
+ } else if (err > 0) {
+ nm_log_warn (LOGD_DNS, "resolvconf failed with status %d", err);
+ retval = FALSE;
+ }
}
} else {
cmd = g_strconcat (RESOLVCONF_PATH, " -d ", "NetworkManager", NULL);
nm_log_info (LOGD_DNS, "Removing DNS information from %s", RESOLVCONF_PATH);
- if (nm_spawn_process (cmd) == 0)
+ if (nm_spawn_process (cmd, error) == 0)
retval = TRUE;
}
@@ -612,8 +632,7 @@ update_dns (NMDnsManager *self,
int num, i, len;
gboolean success = FALSE, caching = FALSE;
- g_return_val_if_fail (error != NULL, FALSE);
- g_return_val_if_fail (*error == NULL, FALSE);
+ g_return_val_if_fail (!error || !*error, FALSE);
priv = NM_DNS_MANAGER_GET_PRIVATE (self);
@@ -799,9 +818,7 @@ plugin_failed (NMDnsPlugin *plugin, gpointer user_data)
/* Disable caching until the next DNS update */
if (!update_dns (self, TRUE, &error)) {
- nm_log_warn (LOGD_DNS, "could not commit DNS changes: (%d) %s",
- error ? error->code : -1,
- error && error->message ? error->message : "(unknown)");
+ nm_log_warn (LOGD_DNS, "could not commit DNS changes: %s", error->message);
g_clear_error (&error);
}
}
@@ -838,9 +855,7 @@ nm_dns_manager_add_ip4_config (NMDnsManager *mgr,
priv->configs = g_slist_append (priv->configs, g_object_ref (config));
if (!priv->updates_queue && !update_dns (mgr, FALSE, &error)) {
- nm_log_warn (LOGD_DNS, "could not commit DNS changes: (%d) %s",
- error ? error->code : -1,
- error && error->message ? error->message : "(unknown)");
+ nm_log_warn (LOGD_DNS, "could not commit DNS changes: %s", error->message);
g_clear_error (&error);
}
@@ -872,9 +887,7 @@ nm_dns_manager_remove_ip4_config (NMDnsManager *mgr, NMIP4Config *config)
g_object_unref (config);
if (!priv->updates_queue && !update_dns (mgr, FALSE, &error)) {
- nm_log_warn (LOGD_DNS, "could not commit DNS changes: (%d) %s",
- error ? error->code : -1,
- error && error->message ? error->message : "(unknown)");
+ nm_log_warn (LOGD_DNS, "could not commit DNS changes: %s", error->message);
g_clear_error (&error);
}
@@ -915,9 +928,7 @@ nm_dns_manager_add_ip6_config (NMDnsManager *mgr,
priv->configs = g_slist_append (priv->configs, g_object_ref (config));
if (!priv->updates_queue && !update_dns (mgr, FALSE, &error)) {
- nm_log_warn (LOGD_DNS, "could not commit DNS changes: (%d) %s",
- error ? error->code : -1,
- error && error->message ? error->message : "(unknown)");
+ nm_log_warn (LOGD_DNS, "could not commit DNS changes: %s", error->message);
g_clear_error (&error);
}
@@ -949,9 +960,7 @@ nm_dns_manager_remove_ip6_config (NMDnsManager *mgr, NMIP6Config *config)
g_object_unref (config);
if (!priv->updates_queue && !update_dns (mgr, FALSE, &error)) {
- nm_log_warn (LOGD_DNS, "could not commit DNS changes: (%d) %s",
- error ? error->code : -1,
- error && error->message ? error->message : "(unknown)");
+ nm_log_warn (LOGD_DNS, "could not commit DNS changes: %s", error->message);
g_clear_error (&error);
}
@@ -994,9 +1003,7 @@ nm_dns_manager_set_hostname (NMDnsManager *mgr,
priv->hostname = g_strdup (filtered);
if (!priv->updates_queue && !update_dns (mgr, FALSE, &error)) {
- nm_log_warn (LOGD_DNS, "could not commit DNS changes: (%d) %s",
- error ? error->code : -1,
- error && error->message ? error->message : "(unknown)");
+ nm_log_warn (LOGD_DNS, "could not commit DNS changes: %s", error->message);
g_clear_error (&error);
}
}
@@ -1050,9 +1057,7 @@ nm_dns_manager_end_updates (NMDnsManager *mgr, const char *func)
/* Commit all the outstanding changes */
nm_log_dbg (LOGD_DNS, "(%s): committing DNS changes (%d)", func, priv->updates_queue);
if (!update_dns (mgr, FALSE, &error)) {
- nm_log_warn (LOGD_DNS, "could not commit DNS changes: (%d) %s",
- error ? error->code : -1,
- error && error->message ? error->message : "(unknown)");
+ nm_log_warn (LOGD_DNS, "could not commit DNS changes: %s", error->message);
g_clear_error (&error);
}
@@ -1152,9 +1157,7 @@ dispose (GObject *object)
* DNS updates yet, there's no reason to touch resolv.conf on shutdown.
*/
if (priv->dns_touched && !update_dns (self, TRUE, &error)) {
- nm_log_warn (LOGD_DNS, "could not commit DNS changes on shutdown: (%d) %s",
- error ? error->code : -1,
- error && error->message ? error->message : "(unknown)");
+ nm_log_warn (LOGD_DNS, "could not commit DNS changes on shutdown: %s", error->message);
g_clear_error (&error);
priv->dns_touched = FALSE;
}
diff --git a/src/dns-manager/nm-dns-unbound.c b/src/dns-manager/nm-dns-unbound.c
index 137fd20..5520d38 100644
--- a/src/dns-manager/nm-dns-unbound.c
+++ b/src/dns-manager/nm-dns-unbound.c
@@ -40,7 +40,7 @@ update (NMDnsPlugin *plugin,
* without calling custom scripts. The dnssec-trigger functionality
* may be eventually merged into NetworkManager.
*/
- return nm_spawn_process ("/usr/libexec/dnssec-trigger-script --async --update") == 0;
+ return nm_spawn_process ("/usr/libexec/dnssec-trigger-script --async --update", NULL) == 0;
}
static gboolean
--
2.4.0

67
0006-refresh-DNS-if-plugin-child-quits-unexpectedly-rh1161232.patch Normal file
View File

@ -0,0 +1,67 @@
From e6b47236f00ab91056be9fc3f9b8611fb16d9e57 Mon Sep 17 00:00:00 2001
From: Dan Williams <dcbw@redhat.com>
Date: Thu, 15 Jan 2015 11:38:33 -0600
Subject: [PATCH 4/4] dns: refresh DNS if plugin child quits unexpectedly (bgo
#728342)
If the child dies, or something kills the child externally, refresh
DNS which should respawn the child, similar to what we do with
wpa_supplicant, teamd, etc.
https://bugzilla.gnome.org/show_bug.cgi?id=728342
(cherry picked from commit 09a05f6c3e0b4502252d70cb121654e7312520c5)
---
src/dns-manager/nm-dns-manager.c | 23 ++++++++++++++++++++++-
1 file changed, 22 insertions(+), 1 deletion(-)
diff --git a/src/dns-manager/nm-dns-manager.c b/src/dns-manager/nm-dns-manager.c
index e833ce4..c81bfd6 100644
--- a/src/dns-manager/nm-dns-manager.c
+++ b/src/dns-manager/nm-dns-manager.c
@@ -823,6 +823,22 @@ plugin_failed (NMDnsPlugin *plugin, gpointer user_data)
}
}
+static void
+plugin_child_quit (NMDnsPlugin *plugin, int exit_status, gpointer user_data)
+{
+ NMDnsManager *self = NM_DNS_MANAGER (user_data);
+ GError *error = NULL;
+
+ nm_log_warn (LOGD_DNS, "DNS: plugin %s child quit unexpectedly; refreshing DNS",
+ nm_dns_plugin_get_name (plugin));
+
+ /* Let the plugin try to spawn the child again */
+ if (!update_dns (self, FALSE, &error)) {
+ nm_log_warn (LOGD_DNS, "could not commit DNS changes: %s", error->message);
+ g_clear_error (&error);
+ }
+}
+
gboolean
nm_dns_manager_add_ip4_config (NMDnsManager *mgr,
const char *iface,
@@ -1139,6 +1155,7 @@ nm_dns_manager_init (NMDnsManager *self)
if (priv->plugin) {
nm_log_info (LOGD_DNS, "DNS: loaded plugin %s", nm_dns_plugin_get_name (priv->plugin));
g_signal_connect (priv->plugin, NM_DNS_PLUGIN_FAILED, G_CALLBACK (plugin_failed), self);
+ g_signal_connect (priv->plugin, NM_DNS_PLUGIN_CHILD_QUIT, G_CALLBACK (plugin_child_quit), self);
}
}
@@ -1149,7 +1166,11 @@ dispose (GObject *object)
NMDnsManagerPrivate *priv = NM_DNS_MANAGER_GET_PRIVATE (self);
GError *error = NULL;
- g_clear_object (&priv->plugin);
+ if (priv->plugin) {
+ g_signal_handlers_disconnect_by_func (priv->plugin, plugin_failed, self);
+ g_signal_handlers_disconnect_by_func (priv->plugin, plugin_child_quit, self);
+ g_clear_object (&priv->plugin);
+ }
/* If we're quitting, leave a valid resolv.conf in place, not one
* pointing to 127.0.0.1 if any plugins were active. Thus update
--
2.4.0

55
0007-cli-add-PHYS_PORT_ID-property-rh1168573.patch Normal file
View File

@ -0,0 +1,55 @@
From 1974b8b50cf00e706c795a99f13120d509b42a33 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ji=C5=99=C3=AD=20Klime=C5=A1?= <jklimes@redhat.com>
Date: Tue, 14 Apr 2015 12:08:15 +0200
Subject: [PATCH] cli: add PHYS_PORT_ID property to devices
The physical-port-id property was added to libnm (libnm-glib) in commit
47cc8b25f2efe015defde7e76e49e67086603bb3.
(cherry picked from commit 825255361565588a428aad69eb7ea9ffe9475fc2)
---
cli/src/devices.c | 19 +++++++++++--------
1 file changed, 11 insertions(+), 8 deletions(-)
diff --git a/cli/src/devices.c b/cli/src/devices.c
index 5a3ab45..3b20186 100644
--- a/cli/src/devices.c
+++ b/cli/src/devices.c
@@ -103,13 +103,15 @@ static NmcOutputField nmc_fields_dev_show_general[] = {
{"NM-MANAGED", N_("NM-MANAGED"), 15}, /* 14 */
{"AUTOCONNECT", N_("AUTOCONNECT"), 15}, /* 15 */
{"FIRMWARE-MISSING", N_("FIRMWARE-MISSING"), 18}, /* 16 */
- {"CONNECTION", N_("CONNECTION"), 20}, /* 17 */
- {"CON-UUID", N_("CON-UUID"), 38}, /* 18 */
- {"CON-PATH", N_("CON-PATH"), 51}, /* 19 */
+ {"PHYS-PORT-ID", N_("PHYS-PORT-ID"), 18}, /* 17 */
+ {"CONNECTION", N_("CONNECTION"), 20}, /* 18 */
+ {"CON-UUID", N_("CON-UUID"), 38}, /* 19 */
+ {"CON-PATH", N_("CON-PATH"), 51}, /* 20 */
{NULL, NULL, 0}
};
-#define NMC_FIELDS_DEV_SHOW_GENERAL_ALL "NAME,DEVICE,TYPE,VENDOR,PRODUCT,DRIVER,DRIVER-VERSION,FIRMWARE-VERSION,HWADDR,MTU,STATE,REASON,"\
- "UDI,IP-IFACE,NM-MANAGED,AUTOCONNECT,FIRMWARE-MISSING,CONNECTION,CON-UUID,CON-PATH"
+#define NMC_FIELDS_DEV_SHOW_GENERAL_ALL "NAME,DEVICE,TYPE,VENDOR,PRODUCT,DRIVER,DRIVER-VERSION,FIRMWARE-VERSION,HWADDR,MTU,"\
+ "STATE,REASON,UDI,IP-IFACE,NM-MANAGED,AUTOCONNECT,FIRMWARE-MISSING,PHYS-PORT-ID,"\
+ "CONNECTION,CON-UUID,CON-PATH"
#define NMC_FIELDS_DEV_SHOW_GENERAL_COMMON "NAME,DEVICE,TYPE,VENDOR,PRODUCT,DRIVER,HWADDR,STATE"
/* Available fields for 'device show' - CONNECTIONS part */
@@ -801,9 +803,10 @@ show_device_info (NMDevice *device, NmCli *nmc)
set_val_strc (arr, 14, nm_device_get_managed (device) ? _("yes") : _("no"));
set_val_strc (arr, 15, nm_device_get_autoconnect (device) ? _("yes") : _("no"));
set_val_strc (arr, 16, nm_device_get_firmware_missing (device) ? _("yes") : _("no"));
- set_val_strc (arr, 17, get_active_connection_id (device));
- set_val_strc (arr, 18, acon ? nm_active_connection_get_uuid (acon) : NULL);
- set_val_strc (arr, 19, acon ? nm_object_get_path (NM_OBJECT (acon)) : NULL);
+ set_val_strc (arr, 17, nm_device_get_physical_port_id (device));
+ set_val_strc (arr, 18, get_active_connection_id (device));
+ set_val_strc (arr, 19, acon ? nm_active_connection_get_uuid (acon) : NULL);
+ set_val_strc (arr, 20, acon ? nm_object_get_path (NM_OBJECT (acon)) : NULL);
g_ptr_array_add (nmc->output_data, arr);
print_data (nmc); /* Print all data */
--
2.4.0

153
0008-cli-better-indicate-Wi-Fi-plugin-missing-rh1168573.patch Normal file
View File

@ -0,0 +1,153 @@
From e304f04932304f896ca3f95f499217496334ec83 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ji=C5=99=C3=AD=20Klime=C5=A1?= <jklimes@redhat.com>
Date: Tue, 14 Apr 2015 14:35:14 +0200
Subject: [PATCH] cli: better indicate when a Wi-Fi plugin might not be
available (rh #1168573)
* print an error message indicating NM Wi-Fi plugin may be missing, for
nmcli device wifi ifname <dev-name>
nmcli device wifi connect ifname <dev-name>
* add NM-TYPE to 'nmcli device show' command displaying internal NM device type
(like NMDeviceWifi, NMDeviceGeneric, ...)
https://bugzilla.redhat.com/show_bug.cgi?id=1168573
(cherry picked from commit 823df334eda48a8e2cec897d6123f7b2158c12ff)
---
cli/src/devices.c | 96 +++++++++++++++++++++++++++++++------------------------
1 file changed, 55 insertions(+), 41 deletions(-)
diff --git a/cli/src/devices.c b/cli/src/devices.c
index 3b20186..71198fb 100644
--- a/cli/src/devices.c
+++ b/cli/src/devices.c
@@ -89,27 +89,28 @@ static NmcOutputField nmc_fields_dev_show_general[] = {
{"NAME", N_("NAME"), 10}, /* 0 */
{"DEVICE", N_("DEVICE"), 10}, /* 1 */
{"TYPE", N_("TYPE"), 17}, /* 2 */
- {"VENDOR", N_("VENDOR"), 20}, /* 3 */
- {"PRODUCT", N_("PRODUCT"), 50}, /* 4 */
- {"DRIVER", N_("DRIVER"), 9}, /* 5 */
- {"DRIVER-VERSION", N_("DRIVER-VERSION"), 18}, /* 6 */
- {"FIRMWARE-VERSION", N_("FIRMWARE-VERSION"), 18}, /* 7 */
- {"HWADDR", N_("HWADDR"), 19}, /* 8 */
- {"MTU", N_("MTU"), 10}, /* 9 */
- {"STATE", N_("STATE"), 14}, /* 10 */
- {"REASON", N_("REASON"), 25}, /* 11 */
- {"UDI", N_("UDI"), 64}, /* 12 */
- {"IP-IFACE", N_("IP-IFACE"), 10}, /* 13 */
- {"NM-MANAGED", N_("NM-MANAGED"), 15}, /* 14 */
- {"AUTOCONNECT", N_("AUTOCONNECT"), 15}, /* 15 */
- {"FIRMWARE-MISSING", N_("FIRMWARE-MISSING"), 18}, /* 16 */
- {"PHYS-PORT-ID", N_("PHYS-PORT-ID"), 18}, /* 17 */
- {"CONNECTION", N_("CONNECTION"), 20}, /* 18 */
- {"CON-UUID", N_("CON-UUID"), 38}, /* 19 */
- {"CON-PATH", N_("CON-PATH"), 51}, /* 20 */
+ {"NM-TYPE", N_("NM-TYPE"), 17}, /* 3 */
+ {"VENDOR", N_("VENDOR"), 20}, /* 4 */
+ {"PRODUCT", N_("PRODUCT"), 50}, /* 5 */
+ {"DRIVER", N_("DRIVER"), 9}, /* 6 */
+ {"DRIVER-VERSION", N_("DRIVER-VERSION"), 18}, /* 7 */
+ {"FIRMWARE-VERSION", N_("FIRMWARE-VERSION"), 18}, /* 8 */
+ {"HWADDR", N_("HWADDR"), 19}, /* 9 */
+ {"MTU", N_("MTU"), 10}, /* 10 */
+ {"STATE", N_("STATE"), 14}, /* 11 */
+ {"REASON", N_("REASON"), 25}, /* 12 */
+ {"UDI", N_("UDI"), 64}, /* 13 */
+ {"IP-IFACE", N_("IP-IFACE"), 10}, /* 14 */
+ {"NM-MANAGED", N_("NM-MANAGED"), 15}, /* 15 */
+ {"AUTOCONNECT", N_("AUTOCONNECT"), 15}, /* 16 */
+ {"FIRMWARE-MISSING", N_("FIRMWARE-MISSING"), 18}, /* 17 */
+ {"PHYS-PORT-ID", N_("PHYS-PORT-ID"), 18}, /* 18 */
+ {"CONNECTION", N_("CONNECTION"), 20}, /* 19 */
+ {"CON-UUID", N_("CON-UUID"), 38}, /* 20 */
+ {"CON-PATH", N_("CON-PATH"), 51}, /* 21 */
{NULL, NULL, 0}
};
-#define NMC_FIELDS_DEV_SHOW_GENERAL_ALL "NAME,DEVICE,TYPE,VENDOR,PRODUCT,DRIVER,DRIVER-VERSION,FIRMWARE-VERSION,HWADDR,MTU,"\
+#define NMC_FIELDS_DEV_SHOW_GENERAL_ALL "NAME,DEVICE,TYPE,NM-TYPE,VENDOR,PRODUCT,DRIVER,DRIVER-VERSION,FIRMWARE-VERSION,HWADDR,MTU,"\
"STATE,REASON,UDI,IP-IFACE,NM-MANAGED,AUTOCONNECT,FIRMWARE-MISSING,PHYS-PORT-ID,"\
"CONNECTION,CON-UUID,CON-PATH"
#define NMC_FIELDS_DEV_SHOW_GENERAL_COMMON "NAME,DEVICE,TYPE,VENDOR,PRODUCT,DRIVER,HWADDR,STATE"
@@ -789,24 +790,25 @@ show_device_info (NMDevice *device, NmCli *nmc)
set_val_strc (arr, 0, nmc_fields_dev_show_sections[0].name); /* "GENERAL"*/
set_val_strc (arr, 1, nm_device_get_iface (device));
set_val_strc (arr, 2, nm_device_get_type_description (device));
- set_val_strc (arr, 3, nm_device_get_vendor (device));
- set_val_strc (arr, 4, nm_device_get_product (device));
- set_val_strc (arr, 5, nm_device_get_driver (device) ? nm_device_get_driver (device) : _("(unknown)"));
- set_val_strc (arr, 6, nm_device_get_driver_version (device));
- set_val_strc (arr, 7, nm_device_get_firmware_version (device));
- set_val_strc (arr, 8, hwaddr ? hwaddr : _("(unknown)"));
- set_val_str (arr, 9, mtu_str);
- set_val_str (arr, 10, state_str);
- set_val_str (arr, 11, reason_str);
- set_val_strc (arr, 12, nm_device_get_udi (device));
- set_val_strc (arr, 13, nm_device_get_ip_iface (device));
- set_val_strc (arr, 14, nm_device_get_managed (device) ? _("yes") : _("no"));
- set_val_strc (arr, 15, nm_device_get_autoconnect (device) ? _("yes") : _("no"));
- set_val_strc (arr, 16, nm_device_get_firmware_missing (device) ? _("yes") : _("no"));
- set_val_strc (arr, 17, nm_device_get_physical_port_id (device));
- set_val_strc (arr, 18, get_active_connection_id (device));
- set_val_strc (arr, 19, acon ? nm_active_connection_get_uuid (acon) : NULL);
- set_val_strc (arr, 20, acon ? nm_object_get_path (NM_OBJECT (acon)) : NULL);
+ set_val_strc (arr, 3, G_OBJECT_TYPE_NAME (device));
+ set_val_strc (arr, 4, nm_device_get_vendor (device));
+ set_val_strc (arr, 5, nm_device_get_product (device));
+ set_val_strc (arr, 6, nm_device_get_driver (device) ? nm_device_get_driver (device) : _("(unknown)"));
+ set_val_strc (arr, 7, nm_device_get_driver_version (device));
+ set_val_strc (arr, 8, nm_device_get_firmware_version (device));
+ set_val_strc (arr, 9, hwaddr ? hwaddr : _("(unknown)"));
+ set_val_str (arr, 10, mtu_str);
+ set_val_str (arr, 11, state_str);
+ set_val_str (arr, 12, reason_str);
+ set_val_strc (arr, 13, nm_device_get_udi (device));
+ set_val_strc (arr, 14, nm_device_get_ip_iface (device));
+ set_val_strc (arr, 15, nm_device_get_managed (device) ? _("yes") : _("no"));
+ set_val_strc (arr, 16, nm_device_get_autoconnect (device) ? _("yes") : _("no"));
+ set_val_strc (arr, 17, nm_device_get_firmware_missing (device) ? _("yes") : _("no"));
+ set_val_strc (arr, 18, nm_device_get_physical_port_id (device));
+ set_val_strc (arr, 19, get_active_connection_id (device));
+ set_val_strc (arr, 20, acon ? nm_active_connection_get_uuid (acon) : NULL);
+ set_val_strc (arr, 21, acon ? nm_object_get_path (NM_OBJECT (acon)) : NULL);
g_ptr_array_add (nmc->output_data, arr);
print_data (nmc); /* Print all data */
@@ -1752,7 +1754,13 @@ do_device_wifi_list (NmCli *nmc, int argc, char **argv)
show_acces_point_info (device, nmc);
}
} else {
- g_string_printf (nmc->return_text, _("Error: Device '%s' is not a Wi-Fi device."), ifname);
+ const char *err_msg;
+ if ( nm_device_get_device_type (device) == NM_DEVICE_TYPE_GENERIC
+ && g_strcmp0 (nm_device_get_type_description (device), "wifi") == 0)
+ err_msg = _("Error: Device '%s' was not recognized as a Wi-Fi device, check NetworkManager Wi-Fi plugin.");
+ else
+ err_msg = _("Error: Device '%s' is not a Wi-Fi device.");
+ g_string_printf (nmc->return_text, err_msg, ifname);
nmc->return_value = NMC_RESULT_ERROR_UNKNOWN;
goto error;
}
@@ -2317,9 +2325,15 @@ do_device_wifi_rescan (NmCli *nmc, int argc, char **argv)
device = find_wifi_device_by_iface (devices, ifname, &devices_idx);
if (!device) {
- if (ifname)
- g_string_printf (nmc->return_text, _("Error: Device '%s' is not a Wi-Fi device."), ifname);
- else
+ if (ifname) {
+ const char *err_msg;
+ if ( nm_device_get_device_type (device) == NM_DEVICE_TYPE_GENERIC
+ && g_strcmp0 (nm_device_get_type_description (device), "wifi") == 0)
+ err_msg = _("Error: Device '%s' was not recognized as a Wi-Fi device, check NetworkManager Wi-Fi plugin.");
+ else
+ err_msg = _("Error: Device '%s' is not a Wi-Fi device.");
+ g_string_printf (nmc->return_text, err_msg, ifname);
+ } else
g_string_printf (nmc->return_text, _("Error: No Wi-Fi device found."));
nmc->return_value = NMC_RESULT_ERROR_UNKNOWN;
goto error;
--
2.4.0

102
0009-CVE-2015-2924-don-t-let-RA-lower-hop-limit-rh1209903.patch Normal file
View File

@ -0,0 +1,102 @@
From d195edb95a543f7eebbd0a164e8ff3bef599370a Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Wed, 8 Apr 2015 15:54:30 +0200
Subject: [PATCH] platform: don't accept lowering IPv6 hop-limit from RA
(CVE-2015-2924)
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6fd99094de2b83d1d4c8457f2c83483b2828e75a
http://seclists.org/oss-sec/2015/q2/46
https://bugzilla.redhat.com/show_bug.cgi?id=1209902
https://bugzilla.redhat.com/show_bug.cgi?id=1209903
(cherry picked from commit bdaaf9849b0cacf131b71fa2ae168f5db796874f)
Conflicts:
src/devices/nm-device.c
src/nm-iface-helper.c
src/platform/nm-platform.h
---
src/devices/nm-device.c | 10 ++--------
src/platform/nm-platform.c | 32 ++++++++++++++++++++++++++++++++
src/platform/nm-platform.h | 2 ++
3 files changed, 36 insertions(+), 8 deletions(-)
diff --git a/src/devices/nm-device.c b/src/devices/nm-device.c
index 7ab51e4..8cdf01b 100644
--- a/src/devices/nm-device.c
+++ b/src/devices/nm-device.c
@@ -3716,14 +3716,8 @@ rdisc_config_changed (NMRDisc *rdisc, NMRDiscConfigMap changed, NMDevice *device
}
}
- /* hop_limit == 0 is a special value "unspecified", so do not touch
- * in this case */
- if (changed & NM_RDISC_CONFIG_HOP_LIMIT && rdisc->hop_limit > 0) {
- char val[16];
-
- g_snprintf (val, sizeof (val), "%d", rdisc->hop_limit);
- nm_device_ipv6_sysctl_set (device, "hop_limit", val);
- }
+ if (changed & NM_RDISC_CONFIG_HOP_LIMIT)
+ nm_platform_sysctl_set_ip6_hop_limit_safe (nm_device_get_ip_iface (device), rdisc->hop_limit);
nm_device_activate_schedule_ip6_config_result (device);
}
diff --git a/src/platform/nm-platform.c b/src/platform/nm-platform.c
index e95d6af..9629d9d 100644
--- a/src/platform/nm-platform.c
+++ b/src/platform/nm-platform.c
@@ -240,6 +240,38 @@ nm_platform_sysctl_set (const char *path, const char *value)
return klass->sysctl_set (platform, path, value);
}
+gboolean
+nm_platform_sysctl_set_ip6_hop_limit_safe (const char *iface, int value)
+{
+ const char *path;
+ gint64 cur;
+
+ /* the hop-limit provided via RA is uint8. */
+ if (value > 0xFF)
+ return FALSE;
+
+ /* don't allow unreasonable small values */
+ if (value < 10)
+ return FALSE;
+
+ path = nm_utils_ip6_property_path (iface, "hop_limit");
+ cur = nm_platform_sysctl_get_int_checked (path, 10, 1, G_MAXINT32, -1);
+
+ /* only allow increasing the hop-limit to avoid DOS by an attacker
+ * setting a low hop-limit (CVE-2015-2924, rh#1209902) */
+
+ if (value < cur)
+ return FALSE;
+ if (value != cur) {
+ char svalue[20];
+
+ sprintf (svalue, "%d", value);
+ nm_platform_sysctl_set (path, svalue);
+ }
+
+ return TRUE;
+}
+
/**
* nm_platform_sysctl_get:
* @path: Absolute path to sysctl
diff --git a/src/platform/nm-platform.h b/src/platform/nm-platform.h
index 275557c..6a1e503 100644
--- a/src/platform/nm-platform.h
+++ b/src/platform/nm-platform.h
@@ -504,6 +504,8 @@ char *nm_platform_sysctl_get (const char *path);
gint32 nm_platform_sysctl_get_int32 (const char *path, gint32 fallback);
gint64 nm_platform_sysctl_get_int_checked (const char *path, guint base, gint64 min, gint64 max, gint64 fallback);
+gboolean nm_platform_sysctl_set_ip6_hop_limit_safe (const char *iface, int value);
+
gboolean nm_platform_link_get (int ifindex, NMPlatformLink *link);
GArray *nm_platform_link_get_all (void);
gboolean nm_platform_dummy_add (const char *name);
--
2.4.0

29
0010-load-libnl-3.so.200-rh1205195.patch Normal file
View File

@ -0,0 +1,29 @@
From 15420eb0a2c5b3ba248068e33b5464c3f7d2e752 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ji=C5=99=C3=AD=20Klime=C5=A1?= <jklimes@redhat.com>
Date: Wed, 25 Mar 2015 15:30:57 +0100
Subject: [PATCH] platform: load libnl-3.so.200, not libnl-3.so (rh #1205195)
libnl-3.so link is only present in devel package (libnl3-devel).
https://bugzilla.redhat.com/show_bug.cgi?id=1205195
(cherry picked from commit d767fb160c36bd9dc339e343ebac58274204ad4f)
---
src/platform/nm-linux-platform.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/platform/nm-linux-platform.c b/src/platform/nm-linux-platform.c
index cf2164d..0f8b80d 100644
--- a/src/platform/nm-linux-platform.c
+++ b/src/platform/nm-linux-platform.c
@@ -113,7 +113,7 @@ _nl_get_vtable ()
if (G_UNLIKELY (!vtable.f_nl_has_capability)) {
void *handle;
- handle = dlopen ("libnl-3.so", RTLD_LAZY | RTLD_NOLOAD);
+ handle = dlopen ("libnl-3.so.200", RTLD_LAZY | RTLD_NOLOAD);
if (handle) {
vtable.handle = handle;
vtable.f_nl_has_capability = dlsym (handle, "nl_has_capability");
--
2.4.0

33
NetworkManager.spec
View File

@ -12,7 +12,7 @@
%define snapshot %{nil}
%define realversion 0.9.10.2
%define release_version 3
%define release_version 4
%define epoch_version 1
%define obsoletes_nmver 1:0.9.9.95-1
@ -81,9 +81,24 @@ Patch0: 0000-explain-dns1-dns2.patch
Patch1: 0001-connectivity-disable-HTTP-keepalive-for-connectivity.patch
Patch2: rh1203904-NM-loop-fix.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1161232
Patch3: 0003-kill-dns-plugin-child-synchronously-rh1161232.patch
Patch4: 0004-refactor-building-IP-config-lists-for-dns-plugins-rh1161232.patch
Patch5: 0005-ensure-that-update_dns-always-returns-a-GError-rh1161232.patch
Patch6: 0006-refresh-DNS-if-plugin-child-quits-unexpectedly-rh1161232.patch
# Cherry-picks from upstream:
# http://cgit.freedesktop.org/NetworkManager/NetworkManager/log/?h=nm-0-9-10
#
# https://bugzilla.redhat.com/show_bug.cgi?id=1168573
Patch7: 0007-cli-add-PHYS_PORT_ID-property-rh1168573.patch
Patch8: 0008-cli-better-indicate-Wi-Fi-plugin-missing-rh1168573.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1209903
Patch9: 0009-CVE-2015-2924-don-t-let-RA-lower-hop-limit-rh1209903.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1205195
Patch10: 0010-load-libnl-3.so.200-rh1205195.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@ -324,6 +339,14 @@ by nm-connection-editor and nm-applet in a non-graphical environment.
%patch0 -p1 -b .explain-dns1-dns2.orig
%patch1 -p1 -b .0001-connectivity-disable-HTTP-keepalive-for-connectivity.orig
%patch2 -p1 -b .rh1203904-NM-loop-fix.orig
%patch3 -p1 -b .kill-dns-plugin-child-synchronously-rh1161232.orig
%patch4 -p1 -b .refactor-building-IP-config-lists-for-dns-plugins-rh1161232.orig
%patch5 -p1 -b .ensure-that-update_dns-always-returns-a-GError-rh1161232.orig
%patch6 -p1 -b .refresh-DNS-if-plugin-child-quits-unexpectedly-rh1161232.orig
%patch7 -p1 -b .cli-add-PHYS_PORT_ID-property-rh1168573.orig
%patch8 -p1 -b .cli-better-indicate-Wi-Fi-plugin-missing-rh1168573.orig
%patch9 -p1 -b .CVE-2015-2924-don-t-let-RA-lower-hop-limit-rh1209903.orig
%patch10 -p1 -b .load-libnl-3.so.200-rh1205195.orig
%build
@ -595,6 +618,12 @@ fi
%endif
%changelog
* Wed May 6 2015 Lubomir Rintel <lkundrak@v3.sk> - 1:0.9.10.2-4
- Fix split DNS configuration with dnsmasq and VPN connections (rh #1161232)
- Fix indication that a WiFi plugin is missing (rh #1168573)
- Don't let IPv6 Router Advertisements lower Hop Limit (CVE-2015-2924) (rh #1209903)
- User a proper SONAME when loading libnl (rh #1205195)
* Fri Mar 20 2015 Jiří Klimeš <jklimes@redhat.com> - 1:0.9.10.2-3
- Fix NetworkManager loop when 0.0.0.0/1 is added (rh #1203924)