Backport a couple of fixes
These are fixes that were fixed between 1.0.0 and 1.0.2, but missing in Fedora 21's 0.9.10.x release. I guess it does no harm to do an update before we release 0.9.10.4 really. - Fix split DNS configuration with dnsmasq and VPN connections (rh #1161232) - Fix indication that a WiFi plugin is missing (rh #1168573) - Don't let IPv6 Router Advertisements lower Hop Limit (CVE-2015-2924) (rh #1209903) - User a proper SONAME when loading libnl (rh #1205195)
This commit is contained in:
parent
631d934213
commit
a99f0b80ea
|
@ -0,0 +1,92 @@
|
|||
From 993bd6ab583c077eb0e94fb25f090eb164922435 Mon Sep 17 00:00:00 2001
|
||||
From: Lubomir Rintel <lkundrak@v3.sk>
|
||||
Date: Wed, 6 May 2015 11:52:27 +0200
|
||||
Subject: [PATCH 1/4] dns: kill plugin child synchronously to avoid restart
|
||||
race (rh #1161232) (bgo #728342)
|
||||
|
||||
NM was killing the dnsmasq local caching nameserver process and immediately
|
||||
starting a new one, and new process couldn't bind to 127.0.0.1 because the
|
||||
old one hadn't quit yet. Thus the new process quit, and the user was
|
||||
left with no split DNS at all.
|
||||
|
||||
While this does introduce more synchronous waiting into the connection
|
||||
process, it's not that much time and NM will kill dnsmasq if it hasn't
|
||||
quit after 1 second. The longer-term fix is to use dnsmasq's D-Bus
|
||||
interface to update DNS without respawning it.
|
||||
|
||||
https://bugzilla.gnome.org/show_bug.cgi?id=728342
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=1161232
|
||||
|
||||
This is a rework of 10aff12526a2fc4b2d099df2710fdb040ccd9e4c. The newer
|
||||
branches have ff3b753 (core: use nm_utils_kill_child_async() and
|
||||
nm_utils_kill_child_sync()) which in turn relies on 1f84185 (core: add
|
||||
nm_utils_kill_child_async() and nm_utils_kill_child_sync() function) that is
|
||||
not entirely trivial to backport.
|
||||
---
|
||||
src/dns-manager/nm-dns-plugin.c | 41 ++++++++++++-----------------------------
|
||||
1 file changed, 12 insertions(+), 29 deletions(-)
|
||||
|
||||
diff --git a/src/dns-manager/nm-dns-plugin.c b/src/dns-manager/nm-dns-plugin.c
|
||||
index e85b2a0..549efe3 100644
|
||||
--- a/src/dns-manager/nm-dns-plugin.c
|
||||
+++ b/src/dns-manager/nm-dns-plugin.c
|
||||
@@ -196,29 +196,6 @@ nm_dns_plugin_child_spawn (NMDnsPlugin *self,
|
||||
return priv->pid;
|
||||
}
|
||||
|
||||
-typedef struct {
|
||||
- int pid;
|
||||
- char *progname;
|
||||
-} KillInfo;
|
||||
-
|
||||
-static gboolean
|
||||
-ensure_killed (gpointer data)
|
||||
-{
|
||||
- KillInfo *info = data;
|
||||
-
|
||||
- if (kill (info->pid, 0) == 0)
|
||||
- kill (info->pid, SIGKILL);
|
||||
-
|
||||
- /* ensure the child is reaped */
|
||||
- nm_log_dbg (LOGD_DNS, "waiting for %s pid %d to exit", info->progname, info->pid);
|
||||
- waitpid (info->pid, NULL, 0);
|
||||
- nm_log_dbg (LOGD_DNS, "dnsmasq pid %d cleaned up", info->pid);
|
||||
-
|
||||
- g_free (info->progname);
|
||||
- g_free (info);
|
||||
- return FALSE;
|
||||
-}
|
||||
-
|
||||
gboolean nm_dns_plugin_child_kill (NMDnsPlugin *self)
|
||||
{
|
||||
NMDnsPluginPrivate *priv = NM_DNS_PLUGIN_GET_PRIVATE (self);
|
||||
@@ -229,14 +206,20 @@ gboolean nm_dns_plugin_child_kill (NMDnsPlugin *self)
|
||||
}
|
||||
|
||||
if (priv->pid) {
|
||||
- KillInfo *info;
|
||||
|
||||
if (kill (priv->pid, SIGTERM) == 0) {
|
||||
- info = g_malloc0 (sizeof (KillInfo));
|
||||
- info->pid = priv->pid;
|
||||
- info->progname = g_strdup (priv->progname);
|
||||
- g_timeout_add_seconds (2, ensure_killed, info);
|
||||
- } else {
|
||||
+ int counter = 20;
|
||||
+
|
||||
+ /* Wait up to 2 seconds synchronously. */
|
||||
+ while (counter--) {
|
||||
+ if (waitpid (priv->pid, NULL, WNOHANG))
|
||||
+ break;
|
||||
+ g_usleep (100000);
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ if (kill (priv->pid, 0) == 0) {
|
||||
+ /* Not dead yet. */
|
||||
kill (priv->pid, SIGKILL);
|
||||
|
||||
/* ensure the child is reaped */
|
||||
--
|
||||
2.4.0
|
||||
|
|
@ -0,0 +1,135 @@
|
|||
From 2171b984e3c9a17c032ac80054db79523d97d9dd Mon Sep 17 00:00:00 2001
|
||||
From: Dan Williams <dcbw@redhat.com>
|
||||
Date: Wed, 14 Jan 2015 17:03:22 -0600
|
||||
Subject: [PATCH 2/4] dns: refactor building IP config lists for plugins (bgo
|
||||
#728342)
|
||||
|
||||
Don't bother building the lists if no DNS plugins are enabled.
|
||||
|
||||
https://bugzilla.gnome.org/show_bug.cgi?id=728342
|
||||
(cherry picked from commit cc8d9f778c2237b3e9e6815a2e0cc5635328edab)
|
||||
---
|
||||
src/dns-manager/nm-dns-manager.c | 70 ++++++++++++++++++++++++----------------
|
||||
1 file changed, 43 insertions(+), 27 deletions(-)
|
||||
|
||||
diff --git a/src/dns-manager/nm-dns-manager.c b/src/dns-manager/nm-dns-manager.c
|
||||
index ddf31af..e6984e3 100644
|
||||
--- a/src/dns-manager/nm-dns-manager.c
|
||||
+++ b/src/dns-manager/nm-dns-manager.c
|
||||
@@ -561,6 +561,42 @@ compute_hash (NMDnsManager *self, guint8 buffer[HASH_LEN])
|
||||
g_checksum_free (sum);
|
||||
}
|
||||
|
||||
+static void
|
||||
+build_plugin_config_lists (NMDnsManager *self,
|
||||
+ GSList **out_vpn_configs,
|
||||
+ GSList **out_dev_configs,
|
||||
+ GSList **out_other_configs)
|
||||
+{
|
||||
+ NMDnsManagerPrivate *priv = NM_DNS_MANAGER_GET_PRIVATE (self);
|
||||
+ GSList *iter;
|
||||
+
|
||||
+ g_return_if_fail (out_vpn_configs && !*out_vpn_configs);
|
||||
+ g_return_if_fail (out_dev_configs && !*out_dev_configs);
|
||||
+ g_return_if_fail (out_other_configs && !*out_other_configs);
|
||||
+
|
||||
+ /* Build up config lists for plugins; we use the raw configs here, not the
|
||||
+ * merged information that we write to resolv.conf so that the plugins can
|
||||
+ * still use the domain information in each config to provide split DNS if
|
||||
+ * they want to.
|
||||
+ */
|
||||
+ if (priv->ip4_vpn_config)
|
||||
+ *out_vpn_configs = g_slist_append (*out_vpn_configs, priv->ip4_vpn_config);
|
||||
+ if (priv->ip6_vpn_config)
|
||||
+ *out_vpn_configs = g_slist_append (*out_vpn_configs, priv->ip6_vpn_config);
|
||||
+ if (priv->ip4_device_config)
|
||||
+ *out_dev_configs = g_slist_append (*out_dev_configs, priv->ip4_device_config);
|
||||
+ if (priv->ip6_device_config)
|
||||
+ *out_dev_configs = g_slist_append (*out_dev_configs, priv->ip6_device_config);
|
||||
+
|
||||
+ for (iter = priv->configs; iter; iter = g_slist_next (iter)) {
|
||||
+ if ( (iter->data != priv->ip4_vpn_config)
|
||||
+ && (iter->data != priv->ip4_device_config)
|
||||
+ && (iter->data != priv->ip6_vpn_config)
|
||||
+ && (iter->data != priv->ip6_device_config))
|
||||
+ *out_other_configs = g_slist_append (*out_other_configs, iter->data);
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
static gboolean
|
||||
update_dns (NMDnsManager *self,
|
||||
gboolean no_caching,
|
||||
@@ -568,7 +604,7 @@ update_dns (NMDnsManager *self,
|
||||
{
|
||||
NMDnsManagerPrivate *priv;
|
||||
NMResolvConfData rc;
|
||||
- GSList *iter, *vpn_configs = NULL, *dev_configs = NULL, *other_configs = NULL;
|
||||
+ GSList *iter;
|
||||
const char *nis_domain = NULL;
|
||||
char **searches = NULL;
|
||||
char **nameservers = NULL;
|
||||
@@ -674,32 +710,11 @@ update_dns (NMDnsManager *self,
|
||||
|
||||
nis_domain = rc.nis_domain;
|
||||
|
||||
- /* Build up config lists for plugins; we use the raw configs here, not the
|
||||
- * merged information that we write to resolv.conf so that the plugins can
|
||||
- * still use the domain information in each config to provide split DNS if
|
||||
- * they want to.
|
||||
- */
|
||||
- if (priv->ip4_vpn_config)
|
||||
- vpn_configs = g_slist_append (vpn_configs, priv->ip4_vpn_config);
|
||||
- if (priv->ip6_vpn_config)
|
||||
- vpn_configs = g_slist_append (vpn_configs, priv->ip6_vpn_config);
|
||||
- if (priv->ip4_device_config)
|
||||
- dev_configs = g_slist_append (dev_configs, priv->ip4_device_config);
|
||||
- if (priv->ip6_device_config)
|
||||
- dev_configs = g_slist_append (dev_configs, priv->ip6_device_config);
|
||||
-
|
||||
- for (iter = priv->configs; iter; iter = g_slist_next (iter)) {
|
||||
- if ( (iter->data != priv->ip4_vpn_config)
|
||||
- && (iter->data != priv->ip4_device_config)
|
||||
- && (iter->data != priv->ip6_vpn_config)
|
||||
- && (iter->data != priv->ip6_device_config))
|
||||
- other_configs = g_slist_append (other_configs, iter->data);
|
||||
- }
|
||||
-
|
||||
/* Let any plugins do their thing first */
|
||||
if (priv->plugin) {
|
||||
NMDnsPlugin *plugin = priv->plugin;
|
||||
const char *plugin_name = nm_dns_plugin_get_name (plugin);
|
||||
+ GSList *vpn_configs = NULL, *dev_configs = NULL, *other_configs = NULL;
|
||||
|
||||
if (nm_dns_plugin_is_caching (plugin)) {
|
||||
if (no_caching) {
|
||||
@@ -710,6 +725,8 @@ update_dns (NMDnsManager *self,
|
||||
caching = TRUE;
|
||||
}
|
||||
|
||||
+ build_plugin_config_lists (self, &vpn_configs, &dev_configs, &other_configs);
|
||||
+
|
||||
nm_log_dbg (LOGD_DNS, "DNS: updating plugin %s", plugin_name);
|
||||
if (!nm_dns_plugin_update (plugin,
|
||||
vpn_configs,
|
||||
@@ -723,15 +740,14 @@ update_dns (NMDnsManager *self,
|
||||
*/
|
||||
caching = FALSE;
|
||||
}
|
||||
+ g_slist_free (vpn_configs);
|
||||
+ g_slist_free (dev_configs);
|
||||
+ g_slist_free (other_configs);
|
||||
|
||||
skip:
|
||||
;
|
||||
}
|
||||
|
||||
- g_slist_free (vpn_configs);
|
||||
- g_slist_free (dev_configs);
|
||||
- g_slist_free (other_configs);
|
||||
-
|
||||
/* If caching was successful, we only send 127.0.0.1 to /etc/resolv.conf
|
||||
* to ensure that the glibc resolver doesn't try to round-robin nameservers,
|
||||
* but only uses the local caching nameserver.
|
||||
--
|
||||
2.4.0
|
||||
|
|
@ -0,0 +1,300 @@
|
|||
From 991b8efca0d3136d8c63b202a9346572c8197da5 Mon Sep 17 00:00:00 2001
|
||||
From: Dan Williams <dcbw@redhat.com>
|
||||
Date: Thu, 26 Feb 2015 15:04:36 -0600
|
||||
Subject: [PATCH 3/4] dns: ensure that update_dns() always returns a GError on
|
||||
failure
|
||||
|
||||
Callers may expect this, so make sure we do it.
|
||||
|
||||
(cherry picked from commit 06f25a3ec7c07eac5785daeb99f648200abe3feb)
|
||||
---
|
||||
src/NetworkManagerUtils.c | 19 ++++----
|
||||
src/NetworkManagerUtils.h | 2 +-
|
||||
src/dns-manager/nm-dns-manager.c | 99 +++++++++++++++++++++-------------------
|
||||
src/dns-manager/nm-dns-unbound.c | 2 +-
|
||||
4 files changed, 62 insertions(+), 60 deletions(-)
|
||||
|
||||
diff --git a/src/NetworkManagerUtils.c b/src/NetworkManagerUtils.c
|
||||
index e6814e3..0a7a9b6 100644
|
||||
--- a/src/NetworkManagerUtils.c
|
||||
+++ b/src/NetworkManagerUtils.c
|
||||
@@ -134,27 +134,26 @@ nm_utils_ip6_address_clear_host_address (struct in6_addr *dst, const struct in6_
|
||||
|
||||
|
||||
int
|
||||
-nm_spawn_process (const char *args)
|
||||
+nm_spawn_process (const char *args, GError **error)
|
||||
{
|
||||
+ GError *local = NULL;
|
||||
gint num_args;
|
||||
char **argv = NULL;
|
||||
int status = -1;
|
||||
- GError *error = NULL;
|
||||
|
||||
g_return_val_if_fail (args != NULL, -1);
|
||||
+ g_return_val_if_fail (!error || !*error, -1);
|
||||
|
||||
- if (!g_shell_parse_argv (args, &num_args, &argv, &error)) {
|
||||
- nm_log_warn (LOGD_CORE, "could not parse arguments for '%s': %s", args, error->message);
|
||||
- g_error_free (error);
|
||||
- return -1;
|
||||
+ if (g_shell_parse_argv (args, &num_args, &argv, &local)) {
|
||||
+ g_spawn_sync ("/", argv, NULL, 0, nm_unblock_posix_signals, NULL, NULL, NULL, &status, &local);
|
||||
+ g_strfreev (argv);
|
||||
}
|
||||
|
||||
- if (!g_spawn_sync ("/", argv, NULL, 0, nm_unblock_posix_signals, NULL, NULL, NULL, &status, &error)) {
|
||||
- nm_log_warn (LOGD_CORE, "could not spawn process '%s': %s", args, error->message);
|
||||
- g_error_free (error);
|
||||
+ if (local) {
|
||||
+ nm_log_warn (LOGD_CORE, "could not spawn process '%s': %s", args, local->message);
|
||||
+ g_propagate_error (error, local);
|
||||
}
|
||||
|
||||
- g_strfreev (argv);
|
||||
return status;
|
||||
}
|
||||
|
||||
diff --git a/src/NetworkManagerUtils.h b/src/NetworkManagerUtils.h
|
||||
index 7be316e..22d665e 100644
|
||||
--- a/src/NetworkManagerUtils.h
|
||||
+++ b/src/NetworkManagerUtils.h
|
||||
@@ -53,7 +53,7 @@ nm_utils_ip6_route_metric_normalize (guint32 metric)
|
||||
return metric ? metric : 1024 /*NM_PLATFORM_ROUTE_METRIC_DEFAULT*/;
|
||||
}
|
||||
|
||||
-int nm_spawn_process (const char *args);
|
||||
+int nm_spawn_process (const char *args, GError **error);
|
||||
|
||||
/* macro to return strlen() of a compile time string. */
|
||||
#define STRLEN(str) ( sizeof ("" str) - 1 )
|
||||
diff --git a/src/dns-manager/nm-dns-manager.c b/src/dns-manager/nm-dns-manager.c
|
||||
index e6984e3..e833ce4 100644
|
||||
--- a/src/dns-manager/nm-dns-manager.c
|
||||
+++ b/src/dns-manager/nm-dns-manager.c
|
||||
@@ -323,12 +323,19 @@ dispatch_netconfig (char **searches,
|
||||
|
||||
again:
|
||||
|
||||
- ret = waitpid (pid, NULL, 0);
|
||||
- if (ret < 0 && errno == EINTR)
|
||||
- goto again;
|
||||
- else if (ret < 0 && errno == ECHILD) {
|
||||
- /* When the netconfig exist, the errno is ECHILD, it should return TRUE */
|
||||
- return TRUE;
|
||||
+ if (waitpid (pid, NULL, 0) < 0) {
|
||||
+ if (errno == EINTR)
|
||||
+ goto again;
|
||||
+ else if (errno == ECHILD) {
|
||||
+ /* child already exited */
|
||||
+ ret = pid;
|
||||
+ } else {
|
||||
+ g_set_error_literal (error,
|
||||
+ NM_MANAGER_ERROR,
|
||||
+ NM_MANAGER_ERROR_FAILED,
|
||||
+ "Error waiting for netconfig to exit: %s",
|
||||
+ strerror (errno));
|
||||
+ }
|
||||
}
|
||||
|
||||
return ret > 0;
|
||||
@@ -344,22 +351,13 @@ write_resolv_conf (FILE *f,
|
||||
{
|
||||
char *searches_str = NULL;
|
||||
char *nameservers_str = NULL;
|
||||
- int i;
|
||||
gboolean retval = FALSE;
|
||||
+ char *tmp_str;
|
||||
GString *str;
|
||||
|
||||
- if (fprintf (f, "%s","# Generated by NetworkManager\n") < 0) {
|
||||
- g_set_error (error,
|
||||
- NM_DNS_MANAGER_ERROR,
|
||||
- NM_DNS_MANAGER_ERROR_SYSTEM,
|
||||
- "Could not write " _PATH_RESCONF ": %s\n",
|
||||
- g_strerror (errno));
|
||||
- return FALSE;
|
||||
- }
|
||||
+ int i;
|
||||
|
||||
if (searches) {
|
||||
- char *tmp_str;
|
||||
-
|
||||
tmp_str = g_strjoinv (" ", searches);
|
||||
searches_str = g_strconcat ("search ", tmp_str, "\n", NULL);
|
||||
g_free (tmp_str);
|
||||
@@ -387,10 +385,17 @@ write_resolv_conf (FILE *f,
|
||||
|
||||
nameservers_str = g_string_free (str, FALSE);
|
||||
|
||||
- if (fprintf (f, "%s%s",
|
||||
+ if (fprintf (f, "# Generated by NetworkManager\n%s%s",
|
||||
searches_str ? searches_str : "",
|
||||
- strlen (nameservers_str) ? nameservers_str : "") != -1)
|
||||
+ nameservers_str) > 0)
|
||||
retval = TRUE;
|
||||
+ else {
|
||||
+ g_set_error (error,
|
||||
+ NM_DNS_MANAGER_ERROR,
|
||||
+ NM_DNS_MANAGER_ERROR_SYSTEM,
|
||||
+ "Could not write " _PATH_RESCONF ": %s\n",
|
||||
+ g_strerror (errno));
|
||||
+ }
|
||||
|
||||
g_free (searches_str);
|
||||
g_free (nameservers_str);
|
||||
@@ -407,9 +412,15 @@ dispatch_resolvconf (char **searches,
|
||||
char *cmd;
|
||||
FILE *f;
|
||||
gboolean retval = FALSE;
|
||||
+ int errnosv, err;
|
||||
|
||||
- if (! g_file_test (RESOLVCONF_PATH, G_FILE_TEST_IS_EXECUTABLE))
|
||||
+ if (!g_file_test (RESOLVCONF_PATH, G_FILE_TEST_IS_EXECUTABLE)) {
|
||||
+ g_set_error_literal (error,
|
||||
+ NM_MANAGER_ERROR,
|
||||
+ NM_MANAGER_ERROR_FAILED,
|
||||
+ RESOLVCONF_PATH " is not executable");
|
||||
return FALSE;
|
||||
+ }
|
||||
|
||||
if (searches || nameservers) {
|
||||
cmd = g_strconcat (RESOLVCONF_PATH, " -a ", "NetworkManager", NULL);
|
||||
@@ -423,12 +434,21 @@ dispatch_resolvconf (char **searches,
|
||||
g_strerror (errno));
|
||||
else {
|
||||
retval = write_resolv_conf (f, searches, nameservers, error);
|
||||
- retval &= (pclose (f) == 0);
|
||||
+ err = pclose (f);
|
||||
+ if (err < 0) {
|
||||
+ errnosv = errno;
|
||||
+ g_set_error (error, G_IO_ERROR, g_io_error_from_errno (errnosv),
|
||||
+ "Failed to close pipe to resolvconf: %d", errnosv);
|
||||
+ retval = FALSE;
|
||||
+ } else if (err > 0) {
|
||||
+ nm_log_warn (LOGD_DNS, "resolvconf failed with status %d", err);
|
||||
+ retval = FALSE;
|
||||
+ }
|
||||
}
|
||||
} else {
|
||||
cmd = g_strconcat (RESOLVCONF_PATH, " -d ", "NetworkManager", NULL);
|
||||
nm_log_info (LOGD_DNS, "Removing DNS information from %s", RESOLVCONF_PATH);
|
||||
- if (nm_spawn_process (cmd) == 0)
|
||||
+ if (nm_spawn_process (cmd, error) == 0)
|
||||
retval = TRUE;
|
||||
}
|
||||
|
||||
@@ -612,8 +632,7 @@ update_dns (NMDnsManager *self,
|
||||
int num, i, len;
|
||||
gboolean success = FALSE, caching = FALSE;
|
||||
|
||||
- g_return_val_if_fail (error != NULL, FALSE);
|
||||
- g_return_val_if_fail (*error == NULL, FALSE);
|
||||
+ g_return_val_if_fail (!error || !*error, FALSE);
|
||||
|
||||
priv = NM_DNS_MANAGER_GET_PRIVATE (self);
|
||||
|
||||
@@ -799,9 +818,7 @@ plugin_failed (NMDnsPlugin *plugin, gpointer user_data)
|
||||
|
||||
/* Disable caching until the next DNS update */
|
||||
if (!update_dns (self, TRUE, &error)) {
|
||||
- nm_log_warn (LOGD_DNS, "could not commit DNS changes: (%d) %s",
|
||||
- error ? error->code : -1,
|
||||
- error && error->message ? error->message : "(unknown)");
|
||||
+ nm_log_warn (LOGD_DNS, "could not commit DNS changes: %s", error->message);
|
||||
g_clear_error (&error);
|
||||
}
|
||||
}
|
||||
@@ -838,9 +855,7 @@ nm_dns_manager_add_ip4_config (NMDnsManager *mgr,
|
||||
priv->configs = g_slist_append (priv->configs, g_object_ref (config));
|
||||
|
||||
if (!priv->updates_queue && !update_dns (mgr, FALSE, &error)) {
|
||||
- nm_log_warn (LOGD_DNS, "could not commit DNS changes: (%d) %s",
|
||||
- error ? error->code : -1,
|
||||
- error && error->message ? error->message : "(unknown)");
|
||||
+ nm_log_warn (LOGD_DNS, "could not commit DNS changes: %s", error->message);
|
||||
g_clear_error (&error);
|
||||
}
|
||||
|
||||
@@ -872,9 +887,7 @@ nm_dns_manager_remove_ip4_config (NMDnsManager *mgr, NMIP4Config *config)
|
||||
g_object_unref (config);
|
||||
|
||||
if (!priv->updates_queue && !update_dns (mgr, FALSE, &error)) {
|
||||
- nm_log_warn (LOGD_DNS, "could not commit DNS changes: (%d) %s",
|
||||
- error ? error->code : -1,
|
||||
- error && error->message ? error->message : "(unknown)");
|
||||
+ nm_log_warn (LOGD_DNS, "could not commit DNS changes: %s", error->message);
|
||||
g_clear_error (&error);
|
||||
}
|
||||
|
||||
@@ -915,9 +928,7 @@ nm_dns_manager_add_ip6_config (NMDnsManager *mgr,
|
||||
priv->configs = g_slist_append (priv->configs, g_object_ref (config));
|
||||
|
||||
if (!priv->updates_queue && !update_dns (mgr, FALSE, &error)) {
|
||||
- nm_log_warn (LOGD_DNS, "could not commit DNS changes: (%d) %s",
|
||||
- error ? error->code : -1,
|
||||
- error && error->message ? error->message : "(unknown)");
|
||||
+ nm_log_warn (LOGD_DNS, "could not commit DNS changes: %s", error->message);
|
||||
g_clear_error (&error);
|
||||
}
|
||||
|
||||
@@ -949,9 +960,7 @@ nm_dns_manager_remove_ip6_config (NMDnsManager *mgr, NMIP6Config *config)
|
||||
g_object_unref (config);
|
||||
|
||||
if (!priv->updates_queue && !update_dns (mgr, FALSE, &error)) {
|
||||
- nm_log_warn (LOGD_DNS, "could not commit DNS changes: (%d) %s",
|
||||
- error ? error->code : -1,
|
||||
- error && error->message ? error->message : "(unknown)");
|
||||
+ nm_log_warn (LOGD_DNS, "could not commit DNS changes: %s", error->message);
|
||||
g_clear_error (&error);
|
||||
}
|
||||
|
||||
@@ -994,9 +1003,7 @@ nm_dns_manager_set_hostname (NMDnsManager *mgr,
|
||||
priv->hostname = g_strdup (filtered);
|
||||
|
||||
if (!priv->updates_queue && !update_dns (mgr, FALSE, &error)) {
|
||||
- nm_log_warn (LOGD_DNS, "could not commit DNS changes: (%d) %s",
|
||||
- error ? error->code : -1,
|
||||
- error && error->message ? error->message : "(unknown)");
|
||||
+ nm_log_warn (LOGD_DNS, "could not commit DNS changes: %s", error->message);
|
||||
g_clear_error (&error);
|
||||
}
|
||||
}
|
||||
@@ -1050,9 +1057,7 @@ nm_dns_manager_end_updates (NMDnsManager *mgr, const char *func)
|
||||
/* Commit all the outstanding changes */
|
||||
nm_log_dbg (LOGD_DNS, "(%s): committing DNS changes (%d)", func, priv->updates_queue);
|
||||
if (!update_dns (mgr, FALSE, &error)) {
|
||||
- nm_log_warn (LOGD_DNS, "could not commit DNS changes: (%d) %s",
|
||||
- error ? error->code : -1,
|
||||
- error && error->message ? error->message : "(unknown)");
|
||||
+ nm_log_warn (LOGD_DNS, "could not commit DNS changes: %s", error->message);
|
||||
g_clear_error (&error);
|
||||
}
|
||||
|
||||
@@ -1152,9 +1157,7 @@ dispose (GObject *object)
|
||||
* DNS updates yet, there's no reason to touch resolv.conf on shutdown.
|
||||
*/
|
||||
if (priv->dns_touched && !update_dns (self, TRUE, &error)) {
|
||||
- nm_log_warn (LOGD_DNS, "could not commit DNS changes on shutdown: (%d) %s",
|
||||
- error ? error->code : -1,
|
||||
- error && error->message ? error->message : "(unknown)");
|
||||
+ nm_log_warn (LOGD_DNS, "could not commit DNS changes on shutdown: %s", error->message);
|
||||
g_clear_error (&error);
|
||||
priv->dns_touched = FALSE;
|
||||
}
|
||||
diff --git a/src/dns-manager/nm-dns-unbound.c b/src/dns-manager/nm-dns-unbound.c
|
||||
index 137fd20..5520d38 100644
|
||||
--- a/src/dns-manager/nm-dns-unbound.c
|
||||
+++ b/src/dns-manager/nm-dns-unbound.c
|
||||
@@ -40,7 +40,7 @@ update (NMDnsPlugin *plugin,
|
||||
* without calling custom scripts. The dnssec-trigger functionality
|
||||
* may be eventually merged into NetworkManager.
|
||||
*/
|
||||
- return nm_spawn_process ("/usr/libexec/dnssec-trigger-script --async --update") == 0;
|
||||
+ return nm_spawn_process ("/usr/libexec/dnssec-trigger-script --async --update", NULL) == 0;
|
||||
}
|
||||
|
||||
static gboolean
|
||||
--
|
||||
2.4.0
|
||||
|
|
@ -0,0 +1,67 @@
|
|||
From e6b47236f00ab91056be9fc3f9b8611fb16d9e57 Mon Sep 17 00:00:00 2001
|
||||
From: Dan Williams <dcbw@redhat.com>
|
||||
Date: Thu, 15 Jan 2015 11:38:33 -0600
|
||||
Subject: [PATCH 4/4] dns: refresh DNS if plugin child quits unexpectedly (bgo
|
||||
#728342)
|
||||
|
||||
If the child dies, or something kills the child externally, refresh
|
||||
DNS which should respawn the child, similar to what we do with
|
||||
wpa_supplicant, teamd, etc.
|
||||
|
||||
https://bugzilla.gnome.org/show_bug.cgi?id=728342
|
||||
(cherry picked from commit 09a05f6c3e0b4502252d70cb121654e7312520c5)
|
||||
---
|
||||
src/dns-manager/nm-dns-manager.c | 23 ++++++++++++++++++++++-
|
||||
1 file changed, 22 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/dns-manager/nm-dns-manager.c b/src/dns-manager/nm-dns-manager.c
|
||||
index e833ce4..c81bfd6 100644
|
||||
--- a/src/dns-manager/nm-dns-manager.c
|
||||
+++ b/src/dns-manager/nm-dns-manager.c
|
||||
@@ -823,6 +823,22 @@ plugin_failed (NMDnsPlugin *plugin, gpointer user_data)
|
||||
}
|
||||
}
|
||||
|
||||
+static void
|
||||
+plugin_child_quit (NMDnsPlugin *plugin, int exit_status, gpointer user_data)
|
||||
+{
|
||||
+ NMDnsManager *self = NM_DNS_MANAGER (user_data);
|
||||
+ GError *error = NULL;
|
||||
+
|
||||
+ nm_log_warn (LOGD_DNS, "DNS: plugin %s child quit unexpectedly; refreshing DNS",
|
||||
+ nm_dns_plugin_get_name (plugin));
|
||||
+
|
||||
+ /* Let the plugin try to spawn the child again */
|
||||
+ if (!update_dns (self, FALSE, &error)) {
|
||||
+ nm_log_warn (LOGD_DNS, "could not commit DNS changes: %s", error->message);
|
||||
+ g_clear_error (&error);
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
gboolean
|
||||
nm_dns_manager_add_ip4_config (NMDnsManager *mgr,
|
||||
const char *iface,
|
||||
@@ -1139,6 +1155,7 @@ nm_dns_manager_init (NMDnsManager *self)
|
||||
if (priv->plugin) {
|
||||
nm_log_info (LOGD_DNS, "DNS: loaded plugin %s", nm_dns_plugin_get_name (priv->plugin));
|
||||
g_signal_connect (priv->plugin, NM_DNS_PLUGIN_FAILED, G_CALLBACK (plugin_failed), self);
|
||||
+ g_signal_connect (priv->plugin, NM_DNS_PLUGIN_CHILD_QUIT, G_CALLBACK (plugin_child_quit), self);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1149,7 +1166,11 @@ dispose (GObject *object)
|
||||
NMDnsManagerPrivate *priv = NM_DNS_MANAGER_GET_PRIVATE (self);
|
||||
GError *error = NULL;
|
||||
|
||||
- g_clear_object (&priv->plugin);
|
||||
+ if (priv->plugin) {
|
||||
+ g_signal_handlers_disconnect_by_func (priv->plugin, plugin_failed, self);
|
||||
+ g_signal_handlers_disconnect_by_func (priv->plugin, plugin_child_quit, self);
|
||||
+ g_clear_object (&priv->plugin);
|
||||
+ }
|
||||
|
||||
/* If we're quitting, leave a valid resolv.conf in place, not one
|
||||
* pointing to 127.0.0.1 if any plugins were active. Thus update
|
||||
--
|
||||
2.4.0
|
||||
|
|
@ -0,0 +1,55 @@
|
|||
From 1974b8b50cf00e706c795a99f13120d509b42a33 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Ji=C5=99=C3=AD=20Klime=C5=A1?= <jklimes@redhat.com>
|
||||
Date: Tue, 14 Apr 2015 12:08:15 +0200
|
||||
Subject: [PATCH] cli: add PHYS_PORT_ID property to devices
|
||||
|
||||
The physical-port-id property was added to libnm (libnm-glib) in commit
|
||||
47cc8b25f2efe015defde7e76e49e67086603bb3.
|
||||
|
||||
(cherry picked from commit 825255361565588a428aad69eb7ea9ffe9475fc2)
|
||||
---
|
||||
cli/src/devices.c | 19 +++++++++++--------
|
||||
1 file changed, 11 insertions(+), 8 deletions(-)
|
||||
|
||||
diff --git a/cli/src/devices.c b/cli/src/devices.c
|
||||
index 5a3ab45..3b20186 100644
|
||||
--- a/cli/src/devices.c
|
||||
+++ b/cli/src/devices.c
|
||||
@@ -103,13 +103,15 @@ static NmcOutputField nmc_fields_dev_show_general[] = {
|
||||
{"NM-MANAGED", N_("NM-MANAGED"), 15}, /* 14 */
|
||||
{"AUTOCONNECT", N_("AUTOCONNECT"), 15}, /* 15 */
|
||||
{"FIRMWARE-MISSING", N_("FIRMWARE-MISSING"), 18}, /* 16 */
|
||||
- {"CONNECTION", N_("CONNECTION"), 20}, /* 17 */
|
||||
- {"CON-UUID", N_("CON-UUID"), 38}, /* 18 */
|
||||
- {"CON-PATH", N_("CON-PATH"), 51}, /* 19 */
|
||||
+ {"PHYS-PORT-ID", N_("PHYS-PORT-ID"), 18}, /* 17 */
|
||||
+ {"CONNECTION", N_("CONNECTION"), 20}, /* 18 */
|
||||
+ {"CON-UUID", N_("CON-UUID"), 38}, /* 19 */
|
||||
+ {"CON-PATH", N_("CON-PATH"), 51}, /* 20 */
|
||||
{NULL, NULL, 0}
|
||||
};
|
||||
-#define NMC_FIELDS_DEV_SHOW_GENERAL_ALL "NAME,DEVICE,TYPE,VENDOR,PRODUCT,DRIVER,DRIVER-VERSION,FIRMWARE-VERSION,HWADDR,MTU,STATE,REASON,"\
|
||||
- "UDI,IP-IFACE,NM-MANAGED,AUTOCONNECT,FIRMWARE-MISSING,CONNECTION,CON-UUID,CON-PATH"
|
||||
+#define NMC_FIELDS_DEV_SHOW_GENERAL_ALL "NAME,DEVICE,TYPE,VENDOR,PRODUCT,DRIVER,DRIVER-VERSION,FIRMWARE-VERSION,HWADDR,MTU,"\
|
||||
+ "STATE,REASON,UDI,IP-IFACE,NM-MANAGED,AUTOCONNECT,FIRMWARE-MISSING,PHYS-PORT-ID,"\
|
||||
+ "CONNECTION,CON-UUID,CON-PATH"
|
||||
#define NMC_FIELDS_DEV_SHOW_GENERAL_COMMON "NAME,DEVICE,TYPE,VENDOR,PRODUCT,DRIVER,HWADDR,STATE"
|
||||
|
||||
/* Available fields for 'device show' - CONNECTIONS part */
|
||||
@@ -801,9 +803,10 @@ show_device_info (NMDevice *device, NmCli *nmc)
|
||||
set_val_strc (arr, 14, nm_device_get_managed (device) ? _("yes") : _("no"));
|
||||
set_val_strc (arr, 15, nm_device_get_autoconnect (device) ? _("yes") : _("no"));
|
||||
set_val_strc (arr, 16, nm_device_get_firmware_missing (device) ? _("yes") : _("no"));
|
||||
- set_val_strc (arr, 17, get_active_connection_id (device));
|
||||
- set_val_strc (arr, 18, acon ? nm_active_connection_get_uuid (acon) : NULL);
|
||||
- set_val_strc (arr, 19, acon ? nm_object_get_path (NM_OBJECT (acon)) : NULL);
|
||||
+ set_val_strc (arr, 17, nm_device_get_physical_port_id (device));
|
||||
+ set_val_strc (arr, 18, get_active_connection_id (device));
|
||||
+ set_val_strc (arr, 19, acon ? nm_active_connection_get_uuid (acon) : NULL);
|
||||
+ set_val_strc (arr, 20, acon ? nm_object_get_path (NM_OBJECT (acon)) : NULL);
|
||||
g_ptr_array_add (nmc->output_data, arr);
|
||||
|
||||
print_data (nmc); /* Print all data */
|
||||
--
|
||||
2.4.0
|
||||
|
|
@ -0,0 +1,153 @@
|
|||
From e304f04932304f896ca3f95f499217496334ec83 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Ji=C5=99=C3=AD=20Klime=C5=A1?= <jklimes@redhat.com>
|
||||
Date: Tue, 14 Apr 2015 14:35:14 +0200
|
||||
Subject: [PATCH] cli: better indicate when a Wi-Fi plugin might not be
|
||||
available (rh #1168573)
|
||||
|
||||
* print an error message indicating NM Wi-Fi plugin may be missing, for
|
||||
nmcli device wifi ifname <dev-name>
|
||||
nmcli device wifi connect ifname <dev-name>
|
||||
|
||||
* add NM-TYPE to 'nmcli device show' command displaying internal NM device type
|
||||
(like NMDeviceWifi, NMDeviceGeneric, ...)
|
||||
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=1168573
|
||||
|
||||
(cherry picked from commit 823df334eda48a8e2cec897d6123f7b2158c12ff)
|
||||
---
|
||||
cli/src/devices.c | 96 +++++++++++++++++++++++++++++++------------------------
|
||||
1 file changed, 55 insertions(+), 41 deletions(-)
|
||||
|
||||
diff --git a/cli/src/devices.c b/cli/src/devices.c
|
||||
index 3b20186..71198fb 100644
|
||||
--- a/cli/src/devices.c
|
||||
+++ b/cli/src/devices.c
|
||||
@@ -89,27 +89,28 @@ static NmcOutputField nmc_fields_dev_show_general[] = {
|
||||
{"NAME", N_("NAME"), 10}, /* 0 */
|
||||
{"DEVICE", N_("DEVICE"), 10}, /* 1 */
|
||||
{"TYPE", N_("TYPE"), 17}, /* 2 */
|
||||
- {"VENDOR", N_("VENDOR"), 20}, /* 3 */
|
||||
- {"PRODUCT", N_("PRODUCT"), 50}, /* 4 */
|
||||
- {"DRIVER", N_("DRIVER"), 9}, /* 5 */
|
||||
- {"DRIVER-VERSION", N_("DRIVER-VERSION"), 18}, /* 6 */
|
||||
- {"FIRMWARE-VERSION", N_("FIRMWARE-VERSION"), 18}, /* 7 */
|
||||
- {"HWADDR", N_("HWADDR"), 19}, /* 8 */
|
||||
- {"MTU", N_("MTU"), 10}, /* 9 */
|
||||
- {"STATE", N_("STATE"), 14}, /* 10 */
|
||||
- {"REASON", N_("REASON"), 25}, /* 11 */
|
||||
- {"UDI", N_("UDI"), 64}, /* 12 */
|
||||
- {"IP-IFACE", N_("IP-IFACE"), 10}, /* 13 */
|
||||
- {"NM-MANAGED", N_("NM-MANAGED"), 15}, /* 14 */
|
||||
- {"AUTOCONNECT", N_("AUTOCONNECT"), 15}, /* 15 */
|
||||
- {"FIRMWARE-MISSING", N_("FIRMWARE-MISSING"), 18}, /* 16 */
|
||||
- {"PHYS-PORT-ID", N_("PHYS-PORT-ID"), 18}, /* 17 */
|
||||
- {"CONNECTION", N_("CONNECTION"), 20}, /* 18 */
|
||||
- {"CON-UUID", N_("CON-UUID"), 38}, /* 19 */
|
||||
- {"CON-PATH", N_("CON-PATH"), 51}, /* 20 */
|
||||
+ {"NM-TYPE", N_("NM-TYPE"), 17}, /* 3 */
|
||||
+ {"VENDOR", N_("VENDOR"), 20}, /* 4 */
|
||||
+ {"PRODUCT", N_("PRODUCT"), 50}, /* 5 */
|
||||
+ {"DRIVER", N_("DRIVER"), 9}, /* 6 */
|
||||
+ {"DRIVER-VERSION", N_("DRIVER-VERSION"), 18}, /* 7 */
|
||||
+ {"FIRMWARE-VERSION", N_("FIRMWARE-VERSION"), 18}, /* 8 */
|
||||
+ {"HWADDR", N_("HWADDR"), 19}, /* 9 */
|
||||
+ {"MTU", N_("MTU"), 10}, /* 10 */
|
||||
+ {"STATE", N_("STATE"), 14}, /* 11 */
|
||||
+ {"REASON", N_("REASON"), 25}, /* 12 */
|
||||
+ {"UDI", N_("UDI"), 64}, /* 13 */
|
||||
+ {"IP-IFACE", N_("IP-IFACE"), 10}, /* 14 */
|
||||
+ {"NM-MANAGED", N_("NM-MANAGED"), 15}, /* 15 */
|
||||
+ {"AUTOCONNECT", N_("AUTOCONNECT"), 15}, /* 16 */
|
||||
+ {"FIRMWARE-MISSING", N_("FIRMWARE-MISSING"), 18}, /* 17 */
|
||||
+ {"PHYS-PORT-ID", N_("PHYS-PORT-ID"), 18}, /* 18 */
|
||||
+ {"CONNECTION", N_("CONNECTION"), 20}, /* 19 */
|
||||
+ {"CON-UUID", N_("CON-UUID"), 38}, /* 20 */
|
||||
+ {"CON-PATH", N_("CON-PATH"), 51}, /* 21 */
|
||||
{NULL, NULL, 0}
|
||||
};
|
||||
-#define NMC_FIELDS_DEV_SHOW_GENERAL_ALL "NAME,DEVICE,TYPE,VENDOR,PRODUCT,DRIVER,DRIVER-VERSION,FIRMWARE-VERSION,HWADDR,MTU,"\
|
||||
+#define NMC_FIELDS_DEV_SHOW_GENERAL_ALL "NAME,DEVICE,TYPE,NM-TYPE,VENDOR,PRODUCT,DRIVER,DRIVER-VERSION,FIRMWARE-VERSION,HWADDR,MTU,"\
|
||||
"STATE,REASON,UDI,IP-IFACE,NM-MANAGED,AUTOCONNECT,FIRMWARE-MISSING,PHYS-PORT-ID,"\
|
||||
"CONNECTION,CON-UUID,CON-PATH"
|
||||
#define NMC_FIELDS_DEV_SHOW_GENERAL_COMMON "NAME,DEVICE,TYPE,VENDOR,PRODUCT,DRIVER,HWADDR,STATE"
|
||||
@@ -789,24 +790,25 @@ show_device_info (NMDevice *device, NmCli *nmc)
|
||||
set_val_strc (arr, 0, nmc_fields_dev_show_sections[0].name); /* "GENERAL"*/
|
||||
set_val_strc (arr, 1, nm_device_get_iface (device));
|
||||
set_val_strc (arr, 2, nm_device_get_type_description (device));
|
||||
- set_val_strc (arr, 3, nm_device_get_vendor (device));
|
||||
- set_val_strc (arr, 4, nm_device_get_product (device));
|
||||
- set_val_strc (arr, 5, nm_device_get_driver (device) ? nm_device_get_driver (device) : _("(unknown)"));
|
||||
- set_val_strc (arr, 6, nm_device_get_driver_version (device));
|
||||
- set_val_strc (arr, 7, nm_device_get_firmware_version (device));
|
||||
- set_val_strc (arr, 8, hwaddr ? hwaddr : _("(unknown)"));
|
||||
- set_val_str (arr, 9, mtu_str);
|
||||
- set_val_str (arr, 10, state_str);
|
||||
- set_val_str (arr, 11, reason_str);
|
||||
- set_val_strc (arr, 12, nm_device_get_udi (device));
|
||||
- set_val_strc (arr, 13, nm_device_get_ip_iface (device));
|
||||
- set_val_strc (arr, 14, nm_device_get_managed (device) ? _("yes") : _("no"));
|
||||
- set_val_strc (arr, 15, nm_device_get_autoconnect (device) ? _("yes") : _("no"));
|
||||
- set_val_strc (arr, 16, nm_device_get_firmware_missing (device) ? _("yes") : _("no"));
|
||||
- set_val_strc (arr, 17, nm_device_get_physical_port_id (device));
|
||||
- set_val_strc (arr, 18, get_active_connection_id (device));
|
||||
- set_val_strc (arr, 19, acon ? nm_active_connection_get_uuid (acon) : NULL);
|
||||
- set_val_strc (arr, 20, acon ? nm_object_get_path (NM_OBJECT (acon)) : NULL);
|
||||
+ set_val_strc (arr, 3, G_OBJECT_TYPE_NAME (device));
|
||||
+ set_val_strc (arr, 4, nm_device_get_vendor (device));
|
||||
+ set_val_strc (arr, 5, nm_device_get_product (device));
|
||||
+ set_val_strc (arr, 6, nm_device_get_driver (device) ? nm_device_get_driver (device) : _("(unknown)"));
|
||||
+ set_val_strc (arr, 7, nm_device_get_driver_version (device));
|
||||
+ set_val_strc (arr, 8, nm_device_get_firmware_version (device));
|
||||
+ set_val_strc (arr, 9, hwaddr ? hwaddr : _("(unknown)"));
|
||||
+ set_val_str (arr, 10, mtu_str);
|
||||
+ set_val_str (arr, 11, state_str);
|
||||
+ set_val_str (arr, 12, reason_str);
|
||||
+ set_val_strc (arr, 13, nm_device_get_udi (device));
|
||||
+ set_val_strc (arr, 14, nm_device_get_ip_iface (device));
|
||||
+ set_val_strc (arr, 15, nm_device_get_managed (device) ? _("yes") : _("no"));
|
||||
+ set_val_strc (arr, 16, nm_device_get_autoconnect (device) ? _("yes") : _("no"));
|
||||
+ set_val_strc (arr, 17, nm_device_get_firmware_missing (device) ? _("yes") : _("no"));
|
||||
+ set_val_strc (arr, 18, nm_device_get_physical_port_id (device));
|
||||
+ set_val_strc (arr, 19, get_active_connection_id (device));
|
||||
+ set_val_strc (arr, 20, acon ? nm_active_connection_get_uuid (acon) : NULL);
|
||||
+ set_val_strc (arr, 21, acon ? nm_object_get_path (NM_OBJECT (acon)) : NULL);
|
||||
g_ptr_array_add (nmc->output_data, arr);
|
||||
|
||||
print_data (nmc); /* Print all data */
|
||||
@@ -1752,7 +1754,13 @@ do_device_wifi_list (NmCli *nmc, int argc, char **argv)
|
||||
show_acces_point_info (device, nmc);
|
||||
}
|
||||
} else {
|
||||
- g_string_printf (nmc->return_text, _("Error: Device '%s' is not a Wi-Fi device."), ifname);
|
||||
+ const char *err_msg;
|
||||
+ if ( nm_device_get_device_type (device) == NM_DEVICE_TYPE_GENERIC
|
||||
+ && g_strcmp0 (nm_device_get_type_description (device), "wifi") == 0)
|
||||
+ err_msg = _("Error: Device '%s' was not recognized as a Wi-Fi device, check NetworkManager Wi-Fi plugin.");
|
||||
+ else
|
||||
+ err_msg = _("Error: Device '%s' is not a Wi-Fi device.");
|
||||
+ g_string_printf (nmc->return_text, err_msg, ifname);
|
||||
nmc->return_value = NMC_RESULT_ERROR_UNKNOWN;
|
||||
goto error;
|
||||
}
|
||||
@@ -2317,9 +2325,15 @@ do_device_wifi_rescan (NmCli *nmc, int argc, char **argv)
|
||||
device = find_wifi_device_by_iface (devices, ifname, &devices_idx);
|
||||
|
||||
if (!device) {
|
||||
- if (ifname)
|
||||
- g_string_printf (nmc->return_text, _("Error: Device '%s' is not a Wi-Fi device."), ifname);
|
||||
- else
|
||||
+ if (ifname) {
|
||||
+ const char *err_msg;
|
||||
+ if ( nm_device_get_device_type (device) == NM_DEVICE_TYPE_GENERIC
|
||||
+ && g_strcmp0 (nm_device_get_type_description (device), "wifi") == 0)
|
||||
+ err_msg = _("Error: Device '%s' was not recognized as a Wi-Fi device, check NetworkManager Wi-Fi plugin.");
|
||||
+ else
|
||||
+ err_msg = _("Error: Device '%s' is not a Wi-Fi device.");
|
||||
+ g_string_printf (nmc->return_text, err_msg, ifname);
|
||||
+ } else
|
||||
g_string_printf (nmc->return_text, _("Error: No Wi-Fi device found."));
|
||||
nmc->return_value = NMC_RESULT_ERROR_UNKNOWN;
|
||||
goto error;
|
||||
--
|
||||
2.4.0
|
||||
|
|
@ -0,0 +1,102 @@
|
|||
From d195edb95a543f7eebbd0a164e8ff3bef599370a Mon Sep 17 00:00:00 2001
|
||||
From: Thomas Haller <thaller@redhat.com>
|
||||
Date: Wed, 8 Apr 2015 15:54:30 +0200
|
||||
Subject: [PATCH] platform: don't accept lowering IPv6 hop-limit from RA
|
||||
(CVE-2015-2924)
|
||||
|
||||
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6fd99094de2b83d1d4c8457f2c83483b2828e75a
|
||||
http://seclists.org/oss-sec/2015/q2/46
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=1209902
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=1209903
|
||||
(cherry picked from commit bdaaf9849b0cacf131b71fa2ae168f5db796874f)
|
||||
|
||||
Conflicts:
|
||||
src/devices/nm-device.c
|
||||
src/nm-iface-helper.c
|
||||
src/platform/nm-platform.h
|
||||
---
|
||||
src/devices/nm-device.c | 10 ++--------
|
||||
src/platform/nm-platform.c | 32 ++++++++++++++++++++++++++++++++
|
||||
src/platform/nm-platform.h | 2 ++
|
||||
3 files changed, 36 insertions(+), 8 deletions(-)
|
||||
|
||||
diff --git a/src/devices/nm-device.c b/src/devices/nm-device.c
|
||||
index 7ab51e4..8cdf01b 100644
|
||||
--- a/src/devices/nm-device.c
|
||||
+++ b/src/devices/nm-device.c
|
||||
@@ -3716,14 +3716,8 @@ rdisc_config_changed (NMRDisc *rdisc, NMRDiscConfigMap changed, NMDevice *device
|
||||
}
|
||||
}
|
||||
|
||||
- /* hop_limit == 0 is a special value "unspecified", so do not touch
|
||||
- * in this case */
|
||||
- if (changed & NM_RDISC_CONFIG_HOP_LIMIT && rdisc->hop_limit > 0) {
|
||||
- char val[16];
|
||||
-
|
||||
- g_snprintf (val, sizeof (val), "%d", rdisc->hop_limit);
|
||||
- nm_device_ipv6_sysctl_set (device, "hop_limit", val);
|
||||
- }
|
||||
+ if (changed & NM_RDISC_CONFIG_HOP_LIMIT)
|
||||
+ nm_platform_sysctl_set_ip6_hop_limit_safe (nm_device_get_ip_iface (device), rdisc->hop_limit);
|
||||
|
||||
nm_device_activate_schedule_ip6_config_result (device);
|
||||
}
|
||||
diff --git a/src/platform/nm-platform.c b/src/platform/nm-platform.c
|
||||
index e95d6af..9629d9d 100644
|
||||
--- a/src/platform/nm-platform.c
|
||||
+++ b/src/platform/nm-platform.c
|
||||
@@ -240,6 +240,38 @@ nm_platform_sysctl_set (const char *path, const char *value)
|
||||
return klass->sysctl_set (platform, path, value);
|
||||
}
|
||||
|
||||
+gboolean
|
||||
+nm_platform_sysctl_set_ip6_hop_limit_safe (const char *iface, int value)
|
||||
+{
|
||||
+ const char *path;
|
||||
+ gint64 cur;
|
||||
+
|
||||
+ /* the hop-limit provided via RA is uint8. */
|
||||
+ if (value > 0xFF)
|
||||
+ return FALSE;
|
||||
+
|
||||
+ /* don't allow unreasonable small values */
|
||||
+ if (value < 10)
|
||||
+ return FALSE;
|
||||
+
|
||||
+ path = nm_utils_ip6_property_path (iface, "hop_limit");
|
||||
+ cur = nm_platform_sysctl_get_int_checked (path, 10, 1, G_MAXINT32, -1);
|
||||
+
|
||||
+ /* only allow increasing the hop-limit to avoid DOS by an attacker
|
||||
+ * setting a low hop-limit (CVE-2015-2924, rh#1209902) */
|
||||
+
|
||||
+ if (value < cur)
|
||||
+ return FALSE;
|
||||
+ if (value != cur) {
|
||||
+ char svalue[20];
|
||||
+
|
||||
+ sprintf (svalue, "%d", value);
|
||||
+ nm_platform_sysctl_set (path, svalue);
|
||||
+ }
|
||||
+
|
||||
+ return TRUE;
|
||||
+}
|
||||
+
|
||||
/**
|
||||
* nm_platform_sysctl_get:
|
||||
* @path: Absolute path to sysctl
|
||||
diff --git a/src/platform/nm-platform.h b/src/platform/nm-platform.h
|
||||
index 275557c..6a1e503 100644
|
||||
--- a/src/platform/nm-platform.h
|
||||
+++ b/src/platform/nm-platform.h
|
||||
@@ -504,6 +504,8 @@ char *nm_platform_sysctl_get (const char *path);
|
||||
gint32 nm_platform_sysctl_get_int32 (const char *path, gint32 fallback);
|
||||
gint64 nm_platform_sysctl_get_int_checked (const char *path, guint base, gint64 min, gint64 max, gint64 fallback);
|
||||
|
||||
+gboolean nm_platform_sysctl_set_ip6_hop_limit_safe (const char *iface, int value);
|
||||
+
|
||||
gboolean nm_platform_link_get (int ifindex, NMPlatformLink *link);
|
||||
GArray *nm_platform_link_get_all (void);
|
||||
gboolean nm_platform_dummy_add (const char *name);
|
||||
--
|
||||
2.4.0
|
||||
|
|
@ -0,0 +1,29 @@
|
|||
From 15420eb0a2c5b3ba248068e33b5464c3f7d2e752 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Ji=C5=99=C3=AD=20Klime=C5=A1?= <jklimes@redhat.com>
|
||||
Date: Wed, 25 Mar 2015 15:30:57 +0100
|
||||
Subject: [PATCH] platform: load libnl-3.so.200, not libnl-3.so (rh #1205195)
|
||||
|
||||
libnl-3.so link is only present in devel package (libnl3-devel).
|
||||
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=1205195
|
||||
(cherry picked from commit d767fb160c36bd9dc339e343ebac58274204ad4f)
|
||||
---
|
||||
src/platform/nm-linux-platform.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/platform/nm-linux-platform.c b/src/platform/nm-linux-platform.c
|
||||
index cf2164d..0f8b80d 100644
|
||||
--- a/src/platform/nm-linux-platform.c
|
||||
+++ b/src/platform/nm-linux-platform.c
|
||||
@@ -113,7 +113,7 @@ _nl_get_vtable ()
|
||||
if (G_UNLIKELY (!vtable.f_nl_has_capability)) {
|
||||
void *handle;
|
||||
|
||||
- handle = dlopen ("libnl-3.so", RTLD_LAZY | RTLD_NOLOAD);
|
||||
+ handle = dlopen ("libnl-3.so.200", RTLD_LAZY | RTLD_NOLOAD);
|
||||
if (handle) {
|
||||
vtable.handle = handle;
|
||||
vtable.f_nl_has_capability = dlsym (handle, "nl_has_capability");
|
||||
--
|
||||
2.4.0
|
||||
|
|
@ -12,7 +12,7 @@
|
|||
|
||||
%define snapshot %{nil}
|
||||
%define realversion 0.9.10.2
|
||||
%define release_version 3
|
||||
%define release_version 4
|
||||
%define epoch_version 1
|
||||
|
||||
%define obsoletes_nmver 1:0.9.9.95-1
|
||||
|
@ -81,9 +81,24 @@ Patch0: 0000-explain-dns1-dns2.patch
|
|||
Patch1: 0001-connectivity-disable-HTTP-keepalive-for-connectivity.patch
|
||||
Patch2: rh1203904-NM-loop-fix.patch
|
||||
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1161232
|
||||
Patch3: 0003-kill-dns-plugin-child-synchronously-rh1161232.patch
|
||||
Patch4: 0004-refactor-building-IP-config-lists-for-dns-plugins-rh1161232.patch
|
||||
Patch5: 0005-ensure-that-update_dns-always-returns-a-GError-rh1161232.patch
|
||||
Patch6: 0006-refresh-DNS-if-plugin-child-quits-unexpectedly-rh1161232.patch
|
||||
|
||||
# Cherry-picks from upstream:
|
||||
# http://cgit.freedesktop.org/NetworkManager/NetworkManager/log/?h=nm-0-9-10
|
||||
#
|
||||
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1168573
|
||||
Patch7: 0007-cli-add-PHYS_PORT_ID-property-rh1168573.patch
|
||||
Patch8: 0008-cli-better-indicate-Wi-Fi-plugin-missing-rh1168573.patch
|
||||
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1209903
|
||||
Patch9: 0009-CVE-2015-2924-don-t-let-RA-lower-hop-limit-rh1209903.patch
|
||||
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1205195
|
||||
Patch10: 0010-load-libnl-3.so.200-rh1205195.patch
|
||||
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||
|
||||
|
@ -324,6 +339,14 @@ by nm-connection-editor and nm-applet in a non-graphical environment.
|
|||
%patch0 -p1 -b .explain-dns1-dns2.orig
|
||||
%patch1 -p1 -b .0001-connectivity-disable-HTTP-keepalive-for-connectivity.orig
|
||||
%patch2 -p1 -b .rh1203904-NM-loop-fix.orig
|
||||
%patch3 -p1 -b .kill-dns-plugin-child-synchronously-rh1161232.orig
|
||||
%patch4 -p1 -b .refactor-building-IP-config-lists-for-dns-plugins-rh1161232.orig
|
||||
%patch5 -p1 -b .ensure-that-update_dns-always-returns-a-GError-rh1161232.orig
|
||||
%patch6 -p1 -b .refresh-DNS-if-plugin-child-quits-unexpectedly-rh1161232.orig
|
||||
%patch7 -p1 -b .cli-add-PHYS_PORT_ID-property-rh1168573.orig
|
||||
%patch8 -p1 -b .cli-better-indicate-Wi-Fi-plugin-missing-rh1168573.orig
|
||||
%patch9 -p1 -b .CVE-2015-2924-don-t-let-RA-lower-hop-limit-rh1209903.orig
|
||||
%patch10 -p1 -b .load-libnl-3.so.200-rh1205195.orig
|
||||
|
||||
%build
|
||||
|
||||
|
@ -595,6 +618,12 @@ fi
|
|||
%endif
|
||||
|
||||
%changelog
|
||||
* Wed May 6 2015 Lubomir Rintel <lkundrak@v3.sk> - 1:0.9.10.2-4
|
||||
- Fix split DNS configuration with dnsmasq and VPN connections (rh #1161232)
|
||||
- Fix indication that a WiFi plugin is missing (rh #1168573)
|
||||
- Don't let IPv6 Router Advertisements lower Hop Limit (CVE-2015-2924) (rh #1209903)
|
||||
- User a proper SONAME when loading libnl (rh #1205195)
|
||||
|
||||
* Fri Mar 20 2015 Jiří Klimeš <jklimes@redhat.com> - 1:0.9.10.2-3
|
||||
- Fix NetworkManager loop when 0.0.0.0/1 is added (rh #1203924)
|
||||
|
||||
|
|
Loading…
Reference in New Issue