Compare commits
31 Commits
Author | SHA1 | Date | |
---|---|---|---|
|
dcdaefa75e | ||
|
a99f0b80ea | ||
|
631d934213 | ||
|
c1cbb3d3cf | ||
|
51939ebc60 | ||
|
d296fac843 | ||
|
70ab67a4ec | ||
|
91e80af0b7 | ||
|
51083bdcb6 | ||
|
0403647fbb | ||
|
1db3b8e581 | ||
|
d7751575c9 | ||
|
905b53b5b1 | ||
|
f53db99e24 | ||
|
0aad706ec9 | ||
|
a71990f645 | ||
|
85596bf315 | ||
|
a3ae10b400 | ||
|
69a8c60fae | ||
|
26165f2e69 | ||
|
4d25eb6f40 | ||
|
035415185f | ||
|
5717faa588 | ||
|
335e63c781 | ||
|
5dfc586442 | ||
|
8ad0f034e2 | ||
|
cc79957fc3 | ||
|
6c5b0cbaca | ||
|
e63b491005 | ||
|
f9d15b1a26 | ||
|
31af83963b |
131
.gitignore
vendored
131
.gitignore
vendored
@ -1,4 +1,5 @@
|
|||||||
*.makerepo-split.*
|
*.makerepo-split.*
|
||||||
|
makerepo.gitignore
|
||||||
network-manager-applet-0.6.5.tar.bz2
|
network-manager-applet-0.6.5.tar.bz2
|
||||||
NetworkManager-0.6.5.tar.bz2
|
NetworkManager-0.6.5.tar.bz2
|
||||||
NetworkManager-0.7.0.svn2736.tar.gz
|
NetworkManager-0.7.0.svn2736.tar.gz
|
||||||
@ -308,126 +309,10 @@ network-manager-applet-0.8.1.tar.bz2
|
|||||||
/NetworkManager-0.9.9.95.git20140609.1963adda.tar.bz2
|
/NetworkManager-0.9.9.95.git20140609.1963adda.tar.bz2
|
||||||
/NetworkManager-0.9.9.98.git20140620.63b0a2f5.tar.bz2
|
/NetworkManager-0.9.9.98.git20140620.63b0a2f5.tar.bz2
|
||||||
/NetworkManager-0.9.10.0.git20140704.6eb82acd.tar.bz2
|
/NetworkManager-0.9.10.0.git20140704.6eb82acd.tar.bz2
|
||||||
/NetworkManager-1.0.0.tar.xz
|
/NetworkManager-0.9.10.1.git20150105.b00ad26.tar.bz2
|
||||||
/NetworkManager-1.0.1.git20150305.2a72527c.tar.bz2
|
/NetworkManager-0.9.10.1.20150109git.ce3b386.tar.bz2
|
||||||
/NetworkManager-1.0.1.git20150429.a658561.tar.bz2
|
/NetworkManager-0.9.10.1.20150115git.ea40551.tar.bz2
|
||||||
/NetworkManager-1.0.2.tar.xz
|
/NetworkManager-0.9.10.1.20150115git.76c00cf.tar.bz2
|
||||||
/NetworkManager-1.0.3.tar.bz2
|
/NetworkManager-0.9.10.1.tar.xz
|
||||||
/NetworkManager-1.0.3.git20160624.f245b49a.tar.bz2
|
/NetworkManager-0.9.10.1.20150219git.e734eee2.tar.bz2
|
||||||
/NetworkManager-1.0.3.git20150707.cf15f2a.tar.bz2
|
/NetworkManager-0.9.10.2.tar.xz
|
||||||
/NetworkManager-1.0.3.git20150707.e3bd4e1.tar.bz2
|
|
||||||
/NetworkManager-1.0.4.git20150713.38bf2cb0.tar.bz2
|
|
||||||
/NetworkManager-1.0.4.tar.xz
|
|
||||||
/NetworkManager-1.0.6.tar.xz
|
|
||||||
/NetworkManager-1.2.0.tar.xz
|
|
||||||
/NetworkManager-1.1.90.tar.xz
|
|
||||||
/NetworkManager-1.1.91.tar.xz
|
|
||||||
/NetworkManager-1.1.92.tar.xz
|
|
||||||
/NetworkManager-1.1.93.tar.xz
|
|
||||||
/NetworkManager-1.1.94.tar.xz
|
|
||||||
/NetworkManager-1.2.2.tar.xz
|
|
||||||
/NetworkManager-1.3.0.git20160621.072358da.tar.xz
|
|
||||||
/NetworkManager-1.4.0.tar.xz
|
|
||||||
/NetworkManager-1.4.2.tar.xz
|
|
||||||
/NetworkManager-1.5.2.tar.xz
|
|
||||||
/NetworkManager-1.5.3.tar.xz
|
|
||||||
/NetworkManager-1.5.90.tar.xz
|
|
||||||
/NetworkManager-1.6.0.tar.xz
|
|
||||||
/NetworkManager-1.6.2.tar.xz
|
|
||||||
/NetworkManager-1.7.2.tar.xz
|
|
||||||
/NetworkManager-1.7.91.tar.xz
|
|
||||||
/NetworkManager-1.7.92.tar.xz
|
|
||||||
/NetworkManager-1.8.0.tar.xz
|
|
||||||
/NetworkManager-1.8.2.tar.xz
|
|
||||||
/NetworkManager-1.8.4.tar.xz
|
|
||||||
/NetworkManager-1.10.2.tar.xz
|
|
||||||
/NetworkManager-1.10.4.tar.xz
|
|
||||||
/NetworkManager-1.10.6.tar.xz
|
|
||||||
/NetworkManager-1.10.8.tar.xz
|
|
||||||
/NetworkManager-1.11.4.tar.xz
|
|
||||||
/NetworkManager-1.11.90.tar.xz
|
|
||||||
/NetworkManager-1.12.0.tar.xz
|
|
||||||
/NetworkManager-1.12.2.tar.xz
|
|
||||||
/NetworkManager-1.14.0.tar.xz
|
|
||||||
/NetworkManager-1.14.2.tar.xz
|
|
||||||
/NetworkManager-1.14.4.tar.xz
|
|
||||||
/NetworkManager-1.15.90.tar.xz
|
|
||||||
/NetworkManager-1.15.91.tar.xz
|
|
||||||
/NetworkManager-1.16.0.tar.xz
|
|
||||||
/NetworkManager-1.18.0.tar.xz
|
|
||||||
/NetworkManager-1.19.2.tar.xz
|
|
||||||
/NetworkManager-1.19.3.tar.xz
|
|
||||||
/NetworkManager-1.19.5.tar.xz
|
|
||||||
/NetworkManager-1.19.90.tar.xz
|
|
||||||
/NetworkManager-1.20.0.tar.xz
|
|
||||||
/NetworkManager-1.20.2.tar.xz
|
|
||||||
/NetworkManager-1.20.4.tar.xz
|
|
||||||
/NetworkManager-1.21.3.tar.xz
|
|
||||||
/NetworkManager-1.21.90.tar.xz
|
|
||||||
/NetworkManager-1.22.0.tar.xz
|
|
||||||
/NetworkManager-1.22.2.tar.xz
|
|
||||||
/NetworkManager-1.22.4.tar.xz
|
|
||||||
/NetworkManager-1.22.6.tar.xz
|
|
||||||
/NetworkManager-1.22.8.tar.xz
|
|
||||||
/NetworkManager-1.22.10.tar.xz
|
|
||||||
/NetworkManager-1.23.90.tar.xz
|
|
||||||
/NetworkManager-1.23.91.tar.xz
|
|
||||||
/NetworkManager-1.24.0.tar.xz
|
|
||||||
/NetworkManager-1.24.2.tar.xz
|
|
||||||
/NetworkManager-1.25.90.tar.xz
|
|
||||||
/NetworkManager-1.26.0.tar.xz
|
|
||||||
/NetworkManager-1.26.2.tar.xz
|
|
||||||
/NetworkManager-1.27.90.tar.xz
|
|
||||||
/NetworkManager-1.27.91.tar.xz
|
|
||||||
/NetworkManager-1.28.0.tar.xz
|
|
||||||
/NetworkManager-1.29.8.tar.xz
|
|
||||||
/NetworkManager-1.29.9.tar.xz
|
|
||||||
/NetworkManager-1.29.11.tar.xz
|
|
||||||
/NetworkManager-1.29.90.tar.xz
|
|
||||||
/NetworkManager-1.30.0.tar.xz
|
|
||||||
/NetworkManager-1.30.2.tar.xz
|
|
||||||
/NetworkManager-1.31.2.tar.xz
|
|
||||||
/NetworkManager-1.31.3.tar.xz
|
|
||||||
/NetworkManager-1.31.4.tar.xz
|
|
||||||
/NetworkManager-1.31.90.tar.xz
|
|
||||||
/NetworkManager-1.32.0.tar.xz
|
|
||||||
/NetworkManager-1.32.4.tar.xz
|
|
||||||
/NetworkManager-1.32.6.tar.xz
|
|
||||||
/NetworkManager-1.32.8.tar.xz
|
|
||||||
/NetworkManager-1.32.10.tar.xz
|
|
||||||
/NetworkManager-1.32.12.tar.xz
|
|
||||||
/NetworkManager-1.35.1.tar.xz
|
|
||||||
/NetworkManager-1.35.2.tar.xz
|
|
||||||
/NetworkManager-1.35.3.tar.xz
|
|
||||||
/NetworkManager-1.35.4.tar.xz
|
|
||||||
/NetworkManager-1.35.6.tar.xz
|
|
||||||
/NetworkManager-1.35.7.tar.xz
|
|
||||||
/NetworkManager-1.35.90.tar.xz
|
|
||||||
/NetworkManager-1.35.91.tar.xz
|
|
||||||
/NetworkManager-1.35.92.tar.xz
|
|
||||||
/NetworkManager-1.36.0.tar.xz
|
|
||||||
/NetworkManager-1.36.2.tar.xz
|
|
||||||
/NetworkManager-1.36.4.tar.xz
|
|
||||||
/NetworkManager-1.37.3.tar.xz
|
|
||||||
/NetworkManager-1.37.90.tar.xz
|
|
||||||
/NetworkManager-1.37.91.tar.xz
|
|
||||||
/NetworkManager-1.37.92.tar.xz
|
|
||||||
/NetworkManager-1.38.0.tar.xz
|
|
||||||
/NetworkManager-1.39.8.tar.xz
|
|
||||||
/NetworkManager-1.39.10.tar.xz
|
|
||||||
/NetworkManager-1.39.11.tar.xz
|
|
||||||
/NetworkManager-1.39.90.tar.xz
|
|
||||||
/NetworkManager-1.40.0.tar.xz
|
|
||||||
/NetworkManager-1.41.3.tar.xz
|
|
||||||
/NetworkManager-1.41.4.tar.xz
|
|
||||||
/NetworkManager-1.41.5.tar.xz
|
|
||||||
/NetworkManager-1.41.6.tar.xz
|
|
||||||
/NetworkManager-1.41.7.tar.xz
|
|
||||||
/NetworkManager-1.41.8.tar.xz
|
|
||||||
/NetworkManager-1.41.90.tar.xz
|
|
||||||
/NetworkManager-1.41.91.tar.xz
|
|
||||||
/NetworkManager-1.42.0.tar.xz
|
|
||||||
/NetworkManager-1.43.3.tar.xz
|
|
||||||
/NetworkManager-1.43.4.tar.xz
|
|
||||||
/NetworkManager-1.43.5.tar.xz
|
|
||||||
/NetworkManager-1.43.6.tar.xz
|
|
||||||
|
@ -1,8 +1,14 @@
|
|||||||
# This configuration file changes NetworkManager's behavior to
|
# This configuration file, when placed into into
|
||||||
|
# /etc/NetworkManager/conf.d changes NetworkManager's behavior to
|
||||||
# what's expected on "traditional UNIX server" type deployments.
|
# what's expected on "traditional UNIX server" type deployments.
|
||||||
#
|
#
|
||||||
# See "man NetworkManager.conf" for more information about these
|
# See "man NetworkManager.conf" for more information about these
|
||||||
# and other keys.
|
# and other keys.
|
||||||
|
#
|
||||||
|
# Do not edit this file; it will be overwritten on upgrades. If you
|
||||||
|
# want to override the values here, or set additional values, you can
|
||||||
|
# do so by adding another file (eg, "99-local.conf") to this directory
|
||||||
|
# and setting keys there.
|
||||||
|
|
||||||
[main]
|
[main]
|
||||||
# Do not do automatic (DHCP/SLAAC) configuration on ethernet devices
|
# Do not do automatic (DHCP/SLAAC) configuration on ethernet devices
|
||||||
|
27
0000-explain-dns1-dns2.patch
Normal file
27
0000-explain-dns1-dns2.patch
Normal file
@ -0,0 +1,27 @@
|
|||||||
|
diff -up NetworkManager-0.8.2/src/dns-manager/nm-dns-manager.c.explain-dns1-dns2 NetworkManager-0.8.2/src/dns-manager/nm-dns-manager.c
|
||||||
|
--- NetworkManager-0.8.2/src/dns-manager/nm-dns-manager.c.explain-dns1-dns2 2010-10-18 18:44:05.000000000 -0500
|
||||||
|
+++ NetworkManager-0.8.2/src/dns-manager/nm-dns-manager.c 2010-11-03 13:51:56.614584001 -0500
|
||||||
|
@@ -358,7 +358,7 @@ write_resolv_conf (FILE *f, const char *
|
||||||
|
|
||||||
|
str = g_string_new ("");
|
||||||
|
|
||||||
|
- if (nameservers) {
|
||||||
|
+ if (nameservers && g_strv_length (nameservers)) {
|
||||||
|
int num = g_strv_length (nameservers);
|
||||||
|
|
||||||
|
for (i = 0; i < num; i++) {
|
||||||
|
@@ -374,6 +374,14 @@ write_resolv_conf (FILE *f, const char *
|
||||||
|
g_string_append (str, nameservers[i]);
|
||||||
|
g_string_append_c (str, '\n');
|
||||||
|
}
|
||||||
|
+ } else {
|
||||||
|
+ g_string_append_printf (str, "\n\n%s%s%s%s%s%s",
|
||||||
|
+ "# No nameservers found; try putting DNS servers into your\n",
|
||||||
|
+ "# ifcfg files in /etc/sysconfig/network-scripts like so:\n",
|
||||||
|
+ "#\n",
|
||||||
|
+ "# DNS1=xxx.xxx.xxx.xxx\n",
|
||||||
|
+ "# DNS2=xxx.xxx.xxx.xxx\n",
|
||||||
|
+ "# DOMAIN=lab.foo.com bar.foo.com\n");
|
||||||
|
}
|
||||||
|
|
||||||
|
nameservers_str = g_string_free (str, FALSE);
|
@ -0,0 +1,32 @@
|
|||||||
|
From 46c836e5cd5342cab5dfb4cd6eb5daf6170b70a0 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Dan Williams <dcbw@redhat.com>
|
||||||
|
Date: Mon, 16 Mar 2015 10:44:16 -0500
|
||||||
|
Subject: [PATCH] connectivity: disable HTTP keepalive for connectivity checks
|
||||||
|
|
||||||
|
There won't be any further requests, so there's no point in keeping
|
||||||
|
the connection alive. Even if the HTTP server doesn't care, proxy
|
||||||
|
servers in-between might keep the connection open for a couple seconds
|
||||||
|
for keepalive, and we might as well be nice to them and tell them we
|
||||||
|
don't need to keep it alive.
|
||||||
|
|
||||||
|
(cherry picked from commit 90692e3efff398f0e4420827fc6d7ac342360e5c)
|
||||||
|
---
|
||||||
|
src/nm-connectivity.c | 2 ++
|
||||||
|
1 file changed, 2 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/src/nm-connectivity.c b/src/nm-connectivity.c
|
||||||
|
index 4d5feef..85bd70a 100644
|
||||||
|
--- a/src/nm-connectivity.c
|
||||||
|
+++ b/src/nm-connectivity.c
|
||||||
|
@@ -247,6 +247,8 @@ nm_connectivity_check_async (NMConnectivity *self,
|
||||||
|
if (priv->uri && priv->interval) {
|
||||||
|
msg = soup_message_new ("GET", priv->uri);
|
||||||
|
soup_message_set_flags (msg, SOUP_MESSAGE_NO_REDIRECT);
|
||||||
|
+ /* Disable HTTP/1.1 keepalive; the connection should not persist */
|
||||||
|
+ soup_message_headers_append (msg->request_headers, "Connection", "close");
|
||||||
|
soup_session_queue_message (priv->soup_session,
|
||||||
|
msg,
|
||||||
|
nm_connectivity_check_cb,
|
||||||
|
--
|
||||||
|
2.1.0
|
||||||
|
|
103
0003-kill-dns-plugin-child-synchronously-rh1161232.patch
Normal file
103
0003-kill-dns-plugin-child-synchronously-rh1161232.patch
Normal file
@ -0,0 +1,103 @@
|
|||||||
|
From a6ac4dd1176f7fc6f12e8513ec49da58607a6922 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Lubomir Rintel <lkundrak@v3.sk>
|
||||||
|
Date: Wed, 6 May 2015 11:52:27 +0200
|
||||||
|
Subject: [PATCH] dns: kill plugin child synchronously to avoid restart race
|
||||||
|
(rh #1161232) (bgo #728342)
|
||||||
|
|
||||||
|
NM was killing the dnsmasq local caching nameserver process and immediately
|
||||||
|
starting a new one, and new process couldn't bind to 127.0.0.1 because the
|
||||||
|
old one hadn't quit yet. Thus the new process quit, and the user was
|
||||||
|
left with no split DNS at all.
|
||||||
|
|
||||||
|
While this does introduce more synchronous waiting into the connection
|
||||||
|
process, it's not that much time and NM will kill dnsmasq if it hasn't
|
||||||
|
quit after 1 second. The longer-term fix is to use dnsmasq's D-Bus
|
||||||
|
interface to update DNS without respawning it.
|
||||||
|
|
||||||
|
https://bugzilla.gnome.org/show_bug.cgi?id=728342
|
||||||
|
https://bugzilla.redhat.com/show_bug.cgi?id=1161232
|
||||||
|
|
||||||
|
This is a rework of 10aff12526a2fc4b2d099df2710fdb040ccd9e4c. The newer
|
||||||
|
branches have ff3b753 (core: use nm_utils_kill_child_async() and
|
||||||
|
nm_utils_kill_child_sync()) which in turn relies on 1f84185 (core: add
|
||||||
|
nm_utils_kill_child_async() and nm_utils_kill_child_sync() function) that is
|
||||||
|
not entirely trivial to backport.
|
||||||
|
---
|
||||||
|
src/dns-manager/nm-dns-plugin.c | 46 ++++++++++++++---------------------------
|
||||||
|
1 file changed, 16 insertions(+), 30 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/dns-manager/nm-dns-plugin.c b/src/dns-manager/nm-dns-plugin.c
|
||||||
|
index e85b2a0..4f86d63 100644
|
||||||
|
--- a/src/dns-manager/nm-dns-plugin.c
|
||||||
|
+++ b/src/dns-manager/nm-dns-plugin.c
|
||||||
|
@@ -196,29 +196,6 @@ nm_dns_plugin_child_spawn (NMDnsPlugin *self,
|
||||||
|
return priv->pid;
|
||||||
|
}
|
||||||
|
|
||||||
|
-typedef struct {
|
||||||
|
- int pid;
|
||||||
|
- char *progname;
|
||||||
|
-} KillInfo;
|
||||||
|
-
|
||||||
|
-static gboolean
|
||||||
|
-ensure_killed (gpointer data)
|
||||||
|
-{
|
||||||
|
- KillInfo *info = data;
|
||||||
|
-
|
||||||
|
- if (kill (info->pid, 0) == 0)
|
||||||
|
- kill (info->pid, SIGKILL);
|
||||||
|
-
|
||||||
|
- /* ensure the child is reaped */
|
||||||
|
- nm_log_dbg (LOGD_DNS, "waiting for %s pid %d to exit", info->progname, info->pid);
|
||||||
|
- waitpid (info->pid, NULL, 0);
|
||||||
|
- nm_log_dbg (LOGD_DNS, "dnsmasq pid %d cleaned up", info->pid);
|
||||||
|
-
|
||||||
|
- g_free (info->progname);
|
||||||
|
- g_free (info);
|
||||||
|
- return FALSE;
|
||||||
|
-}
|
||||||
|
-
|
||||||
|
gboolean nm_dns_plugin_child_kill (NMDnsPlugin *self)
|
||||||
|
{
|
||||||
|
NMDnsPluginPrivate *priv = NM_DNS_PLUGIN_GET_PRIVATE (self);
|
||||||
|
@@ -229,21 +206,30 @@ gboolean nm_dns_plugin_child_kill (NMDnsPlugin *self)
|
||||||
|
}
|
||||||
|
|
||||||
|
if (priv->pid) {
|
||||||
|
- KillInfo *info;
|
||||||
|
|
||||||
|
if (kill (priv->pid, SIGTERM) == 0) {
|
||||||
|
- info = g_malloc0 (sizeof (KillInfo));
|
||||||
|
- info->pid = priv->pid;
|
||||||
|
- info->progname = g_strdup (priv->progname);
|
||||||
|
- g_timeout_add_seconds (2, ensure_killed, info);
|
||||||
|
- } else {
|
||||||
|
+ int counter = 20;
|
||||||
|
+
|
||||||
|
+ /* Wait up to 2 seconds synchronously. */
|
||||||
|
+ nm_log_dbg (LOGD_DNS, "waiting for %s pid %d to exit", priv->progname, priv->pid);
|
||||||
|
+ while (counter--) {
|
||||||
|
+ if (waitpid (priv->pid, NULL, WNOHANG))
|
||||||
|
+ goto killed;
|
||||||
|
+ g_usleep (100000);
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (kill (priv->pid, 0) == 0) {
|
||||||
|
+ /* Not dead yet. */
|
||||||
|
kill (priv->pid, SIGKILL);
|
||||||
|
|
||||||
|
/* ensure the child is reaped */
|
||||||
|
nm_log_dbg (LOGD_DNS, "waiting for %s pid %d to exit", priv->progname, priv->pid);
|
||||||
|
waitpid (priv->pid, NULL, 0);
|
||||||
|
- nm_log_dbg (LOGD_DNS, "%s pid %d cleaned up", priv->progname, priv->pid);
|
||||||
|
}
|
||||||
|
+
|
||||||
|
+killed:
|
||||||
|
+ nm_log_dbg (LOGD_DNS, "%s pid %d cleaned up", priv->progname, priv->pid);
|
||||||
|
priv->pid = 0;
|
||||||
|
g_free (priv->progname);
|
||||||
|
priv->progname = NULL;
|
||||||
|
--
|
||||||
|
2.4.0
|
||||||
|
|
@ -0,0 +1,135 @@
|
|||||||
|
From 2171b984e3c9a17c032ac80054db79523d97d9dd Mon Sep 17 00:00:00 2001
|
||||||
|
From: Dan Williams <dcbw@redhat.com>
|
||||||
|
Date: Wed, 14 Jan 2015 17:03:22 -0600
|
||||||
|
Subject: [PATCH 2/4] dns: refactor building IP config lists for plugins (bgo
|
||||||
|
#728342)
|
||||||
|
|
||||||
|
Don't bother building the lists if no DNS plugins are enabled.
|
||||||
|
|
||||||
|
https://bugzilla.gnome.org/show_bug.cgi?id=728342
|
||||||
|
(cherry picked from commit cc8d9f778c2237b3e9e6815a2e0cc5635328edab)
|
||||||
|
---
|
||||||
|
src/dns-manager/nm-dns-manager.c | 70 ++++++++++++++++++++++++----------------
|
||||||
|
1 file changed, 43 insertions(+), 27 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/dns-manager/nm-dns-manager.c b/src/dns-manager/nm-dns-manager.c
|
||||||
|
index ddf31af..e6984e3 100644
|
||||||
|
--- a/src/dns-manager/nm-dns-manager.c
|
||||||
|
+++ b/src/dns-manager/nm-dns-manager.c
|
||||||
|
@@ -561,6 +561,42 @@ compute_hash (NMDnsManager *self, guint8 buffer[HASH_LEN])
|
||||||
|
g_checksum_free (sum);
|
||||||
|
}
|
||||||
|
|
||||||
|
+static void
|
||||||
|
+build_plugin_config_lists (NMDnsManager *self,
|
||||||
|
+ GSList **out_vpn_configs,
|
||||||
|
+ GSList **out_dev_configs,
|
||||||
|
+ GSList **out_other_configs)
|
||||||
|
+{
|
||||||
|
+ NMDnsManagerPrivate *priv = NM_DNS_MANAGER_GET_PRIVATE (self);
|
||||||
|
+ GSList *iter;
|
||||||
|
+
|
||||||
|
+ g_return_if_fail (out_vpn_configs && !*out_vpn_configs);
|
||||||
|
+ g_return_if_fail (out_dev_configs && !*out_dev_configs);
|
||||||
|
+ g_return_if_fail (out_other_configs && !*out_other_configs);
|
||||||
|
+
|
||||||
|
+ /* Build up config lists for plugins; we use the raw configs here, not the
|
||||||
|
+ * merged information that we write to resolv.conf so that the plugins can
|
||||||
|
+ * still use the domain information in each config to provide split DNS if
|
||||||
|
+ * they want to.
|
||||||
|
+ */
|
||||||
|
+ if (priv->ip4_vpn_config)
|
||||||
|
+ *out_vpn_configs = g_slist_append (*out_vpn_configs, priv->ip4_vpn_config);
|
||||||
|
+ if (priv->ip6_vpn_config)
|
||||||
|
+ *out_vpn_configs = g_slist_append (*out_vpn_configs, priv->ip6_vpn_config);
|
||||||
|
+ if (priv->ip4_device_config)
|
||||||
|
+ *out_dev_configs = g_slist_append (*out_dev_configs, priv->ip4_device_config);
|
||||||
|
+ if (priv->ip6_device_config)
|
||||||
|
+ *out_dev_configs = g_slist_append (*out_dev_configs, priv->ip6_device_config);
|
||||||
|
+
|
||||||
|
+ for (iter = priv->configs; iter; iter = g_slist_next (iter)) {
|
||||||
|
+ if ( (iter->data != priv->ip4_vpn_config)
|
||||||
|
+ && (iter->data != priv->ip4_device_config)
|
||||||
|
+ && (iter->data != priv->ip6_vpn_config)
|
||||||
|
+ && (iter->data != priv->ip6_device_config))
|
||||||
|
+ *out_other_configs = g_slist_append (*out_other_configs, iter->data);
|
||||||
|
+ }
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
static gboolean
|
||||||
|
update_dns (NMDnsManager *self,
|
||||||
|
gboolean no_caching,
|
||||||
|
@@ -568,7 +604,7 @@ update_dns (NMDnsManager *self,
|
||||||
|
{
|
||||||
|
NMDnsManagerPrivate *priv;
|
||||||
|
NMResolvConfData rc;
|
||||||
|
- GSList *iter, *vpn_configs = NULL, *dev_configs = NULL, *other_configs = NULL;
|
||||||
|
+ GSList *iter;
|
||||||
|
const char *nis_domain = NULL;
|
||||||
|
char **searches = NULL;
|
||||||
|
char **nameservers = NULL;
|
||||||
|
@@ -674,32 +710,11 @@ update_dns (NMDnsManager *self,
|
||||||
|
|
||||||
|
nis_domain = rc.nis_domain;
|
||||||
|
|
||||||
|
- /* Build up config lists for plugins; we use the raw configs here, not the
|
||||||
|
- * merged information that we write to resolv.conf so that the plugins can
|
||||||
|
- * still use the domain information in each config to provide split DNS if
|
||||||
|
- * they want to.
|
||||||
|
- */
|
||||||
|
- if (priv->ip4_vpn_config)
|
||||||
|
- vpn_configs = g_slist_append (vpn_configs, priv->ip4_vpn_config);
|
||||||
|
- if (priv->ip6_vpn_config)
|
||||||
|
- vpn_configs = g_slist_append (vpn_configs, priv->ip6_vpn_config);
|
||||||
|
- if (priv->ip4_device_config)
|
||||||
|
- dev_configs = g_slist_append (dev_configs, priv->ip4_device_config);
|
||||||
|
- if (priv->ip6_device_config)
|
||||||
|
- dev_configs = g_slist_append (dev_configs, priv->ip6_device_config);
|
||||||
|
-
|
||||||
|
- for (iter = priv->configs; iter; iter = g_slist_next (iter)) {
|
||||||
|
- if ( (iter->data != priv->ip4_vpn_config)
|
||||||
|
- && (iter->data != priv->ip4_device_config)
|
||||||
|
- && (iter->data != priv->ip6_vpn_config)
|
||||||
|
- && (iter->data != priv->ip6_device_config))
|
||||||
|
- other_configs = g_slist_append (other_configs, iter->data);
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
/* Let any plugins do their thing first */
|
||||||
|
if (priv->plugin) {
|
||||||
|
NMDnsPlugin *plugin = priv->plugin;
|
||||||
|
const char *plugin_name = nm_dns_plugin_get_name (plugin);
|
||||||
|
+ GSList *vpn_configs = NULL, *dev_configs = NULL, *other_configs = NULL;
|
||||||
|
|
||||||
|
if (nm_dns_plugin_is_caching (plugin)) {
|
||||||
|
if (no_caching) {
|
||||||
|
@@ -710,6 +725,8 @@ update_dns (NMDnsManager *self,
|
||||||
|
caching = TRUE;
|
||||||
|
}
|
||||||
|
|
||||||
|
+ build_plugin_config_lists (self, &vpn_configs, &dev_configs, &other_configs);
|
||||||
|
+
|
||||||
|
nm_log_dbg (LOGD_DNS, "DNS: updating plugin %s", plugin_name);
|
||||||
|
if (!nm_dns_plugin_update (plugin,
|
||||||
|
vpn_configs,
|
||||||
|
@@ -723,15 +740,14 @@ update_dns (NMDnsManager *self,
|
||||||
|
*/
|
||||||
|
caching = FALSE;
|
||||||
|
}
|
||||||
|
+ g_slist_free (vpn_configs);
|
||||||
|
+ g_slist_free (dev_configs);
|
||||||
|
+ g_slist_free (other_configs);
|
||||||
|
|
||||||
|
skip:
|
||||||
|
;
|
||||||
|
}
|
||||||
|
|
||||||
|
- g_slist_free (vpn_configs);
|
||||||
|
- g_slist_free (dev_configs);
|
||||||
|
- g_slist_free (other_configs);
|
||||||
|
-
|
||||||
|
/* If caching was successful, we only send 127.0.0.1 to /etc/resolv.conf
|
||||||
|
* to ensure that the glibc resolver doesn't try to round-robin nameservers,
|
||||||
|
* but only uses the local caching nameserver.
|
||||||
|
--
|
||||||
|
2.4.0
|
||||||
|
|
@ -0,0 +1,300 @@
|
|||||||
|
From 991b8efca0d3136d8c63b202a9346572c8197da5 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Dan Williams <dcbw@redhat.com>
|
||||||
|
Date: Thu, 26 Feb 2015 15:04:36 -0600
|
||||||
|
Subject: [PATCH 3/4] dns: ensure that update_dns() always returns a GError on
|
||||||
|
failure
|
||||||
|
|
||||||
|
Callers may expect this, so make sure we do it.
|
||||||
|
|
||||||
|
(cherry picked from commit 06f25a3ec7c07eac5785daeb99f648200abe3feb)
|
||||||
|
---
|
||||||
|
src/NetworkManagerUtils.c | 19 ++++----
|
||||||
|
src/NetworkManagerUtils.h | 2 +-
|
||||||
|
src/dns-manager/nm-dns-manager.c | 99 +++++++++++++++++++++-------------------
|
||||||
|
src/dns-manager/nm-dns-unbound.c | 2 +-
|
||||||
|
4 files changed, 62 insertions(+), 60 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/NetworkManagerUtils.c b/src/NetworkManagerUtils.c
|
||||||
|
index e6814e3..0a7a9b6 100644
|
||||||
|
--- a/src/NetworkManagerUtils.c
|
||||||
|
+++ b/src/NetworkManagerUtils.c
|
||||||
|
@@ -134,27 +134,26 @@ nm_utils_ip6_address_clear_host_address (struct in6_addr *dst, const struct in6_
|
||||||
|
|
||||||
|
|
||||||
|
int
|
||||||
|
-nm_spawn_process (const char *args)
|
||||||
|
+nm_spawn_process (const char *args, GError **error)
|
||||||
|
{
|
||||||
|
+ GError *local = NULL;
|
||||||
|
gint num_args;
|
||||||
|
char **argv = NULL;
|
||||||
|
int status = -1;
|
||||||
|
- GError *error = NULL;
|
||||||
|
|
||||||
|
g_return_val_if_fail (args != NULL, -1);
|
||||||
|
+ g_return_val_if_fail (!error || !*error, -1);
|
||||||
|
|
||||||
|
- if (!g_shell_parse_argv (args, &num_args, &argv, &error)) {
|
||||||
|
- nm_log_warn (LOGD_CORE, "could not parse arguments for '%s': %s", args, error->message);
|
||||||
|
- g_error_free (error);
|
||||||
|
- return -1;
|
||||||
|
+ if (g_shell_parse_argv (args, &num_args, &argv, &local)) {
|
||||||
|
+ g_spawn_sync ("/", argv, NULL, 0, nm_unblock_posix_signals, NULL, NULL, NULL, &status, &local);
|
||||||
|
+ g_strfreev (argv);
|
||||||
|
}
|
||||||
|
|
||||||
|
- if (!g_spawn_sync ("/", argv, NULL, 0, nm_unblock_posix_signals, NULL, NULL, NULL, &status, &error)) {
|
||||||
|
- nm_log_warn (LOGD_CORE, "could not spawn process '%s': %s", args, error->message);
|
||||||
|
- g_error_free (error);
|
||||||
|
+ if (local) {
|
||||||
|
+ nm_log_warn (LOGD_CORE, "could not spawn process '%s': %s", args, local->message);
|
||||||
|
+ g_propagate_error (error, local);
|
||||||
|
}
|
||||||
|
|
||||||
|
- g_strfreev (argv);
|
||||||
|
return status;
|
||||||
|
}
|
||||||
|
|
||||||
|
diff --git a/src/NetworkManagerUtils.h b/src/NetworkManagerUtils.h
|
||||||
|
index 7be316e..22d665e 100644
|
||||||
|
--- a/src/NetworkManagerUtils.h
|
||||||
|
+++ b/src/NetworkManagerUtils.h
|
||||||
|
@@ -53,7 +53,7 @@ nm_utils_ip6_route_metric_normalize (guint32 metric)
|
||||||
|
return metric ? metric : 1024 /*NM_PLATFORM_ROUTE_METRIC_DEFAULT*/;
|
||||||
|
}
|
||||||
|
|
||||||
|
-int nm_spawn_process (const char *args);
|
||||||
|
+int nm_spawn_process (const char *args, GError **error);
|
||||||
|
|
||||||
|
/* macro to return strlen() of a compile time string. */
|
||||||
|
#define STRLEN(str) ( sizeof ("" str) - 1 )
|
||||||
|
diff --git a/src/dns-manager/nm-dns-manager.c b/src/dns-manager/nm-dns-manager.c
|
||||||
|
index e6984e3..e833ce4 100644
|
||||||
|
--- a/src/dns-manager/nm-dns-manager.c
|
||||||
|
+++ b/src/dns-manager/nm-dns-manager.c
|
||||||
|
@@ -323,12 +323,19 @@ dispatch_netconfig (char **searches,
|
||||||
|
|
||||||
|
again:
|
||||||
|
|
||||||
|
- ret = waitpid (pid, NULL, 0);
|
||||||
|
- if (ret < 0 && errno == EINTR)
|
||||||
|
- goto again;
|
||||||
|
- else if (ret < 0 && errno == ECHILD) {
|
||||||
|
- /* When the netconfig exist, the errno is ECHILD, it should return TRUE */
|
||||||
|
- return TRUE;
|
||||||
|
+ if (waitpid (pid, NULL, 0) < 0) {
|
||||||
|
+ if (errno == EINTR)
|
||||||
|
+ goto again;
|
||||||
|
+ else if (errno == ECHILD) {
|
||||||
|
+ /* child already exited */
|
||||||
|
+ ret = pid;
|
||||||
|
+ } else {
|
||||||
|
+ g_set_error_literal (error,
|
||||||
|
+ NM_MANAGER_ERROR,
|
||||||
|
+ NM_MANAGER_ERROR_FAILED,
|
||||||
|
+ "Error waiting for netconfig to exit: %s",
|
||||||
|
+ strerror (errno));
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
|
||||||
|
return ret > 0;
|
||||||
|
@@ -344,22 +351,13 @@ write_resolv_conf (FILE *f,
|
||||||
|
{
|
||||||
|
char *searches_str = NULL;
|
||||||
|
char *nameservers_str = NULL;
|
||||||
|
- int i;
|
||||||
|
gboolean retval = FALSE;
|
||||||
|
+ char *tmp_str;
|
||||||
|
GString *str;
|
||||||
|
|
||||||
|
- if (fprintf (f, "%s","# Generated by NetworkManager\n") < 0) {
|
||||||
|
- g_set_error (error,
|
||||||
|
- NM_DNS_MANAGER_ERROR,
|
||||||
|
- NM_DNS_MANAGER_ERROR_SYSTEM,
|
||||||
|
- "Could not write " _PATH_RESCONF ": %s\n",
|
||||||
|
- g_strerror (errno));
|
||||||
|
- return FALSE;
|
||||||
|
- }
|
||||||
|
+ int i;
|
||||||
|
|
||||||
|
if (searches) {
|
||||||
|
- char *tmp_str;
|
||||||
|
-
|
||||||
|
tmp_str = g_strjoinv (" ", searches);
|
||||||
|
searches_str = g_strconcat ("search ", tmp_str, "\n", NULL);
|
||||||
|
g_free (tmp_str);
|
||||||
|
@@ -387,10 +385,17 @@ write_resolv_conf (FILE *f,
|
||||||
|
|
||||||
|
nameservers_str = g_string_free (str, FALSE);
|
||||||
|
|
||||||
|
- if (fprintf (f, "%s%s",
|
||||||
|
+ if (fprintf (f, "# Generated by NetworkManager\n%s%s",
|
||||||
|
searches_str ? searches_str : "",
|
||||||
|
- strlen (nameservers_str) ? nameservers_str : "") != -1)
|
||||||
|
+ nameservers_str) > 0)
|
||||||
|
retval = TRUE;
|
||||||
|
+ else {
|
||||||
|
+ g_set_error (error,
|
||||||
|
+ NM_DNS_MANAGER_ERROR,
|
||||||
|
+ NM_DNS_MANAGER_ERROR_SYSTEM,
|
||||||
|
+ "Could not write " _PATH_RESCONF ": %s\n",
|
||||||
|
+ g_strerror (errno));
|
||||||
|
+ }
|
||||||
|
|
||||||
|
g_free (searches_str);
|
||||||
|
g_free (nameservers_str);
|
||||||
|
@@ -407,9 +412,15 @@ dispatch_resolvconf (char **searches,
|
||||||
|
char *cmd;
|
||||||
|
FILE *f;
|
||||||
|
gboolean retval = FALSE;
|
||||||
|
+ int errnosv, err;
|
||||||
|
|
||||||
|
- if (! g_file_test (RESOLVCONF_PATH, G_FILE_TEST_IS_EXECUTABLE))
|
||||||
|
+ if (!g_file_test (RESOLVCONF_PATH, G_FILE_TEST_IS_EXECUTABLE)) {
|
||||||
|
+ g_set_error_literal (error,
|
||||||
|
+ NM_MANAGER_ERROR,
|
||||||
|
+ NM_MANAGER_ERROR_FAILED,
|
||||||
|
+ RESOLVCONF_PATH " is not executable");
|
||||||
|
return FALSE;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
if (searches || nameservers) {
|
||||||
|
cmd = g_strconcat (RESOLVCONF_PATH, " -a ", "NetworkManager", NULL);
|
||||||
|
@@ -423,12 +434,21 @@ dispatch_resolvconf (char **searches,
|
||||||
|
g_strerror (errno));
|
||||||
|
else {
|
||||||
|
retval = write_resolv_conf (f, searches, nameservers, error);
|
||||||
|
- retval &= (pclose (f) == 0);
|
||||||
|
+ err = pclose (f);
|
||||||
|
+ if (err < 0) {
|
||||||
|
+ errnosv = errno;
|
||||||
|
+ g_set_error (error, G_IO_ERROR, g_io_error_from_errno (errnosv),
|
||||||
|
+ "Failed to close pipe to resolvconf: %d", errnosv);
|
||||||
|
+ retval = FALSE;
|
||||||
|
+ } else if (err > 0) {
|
||||||
|
+ nm_log_warn (LOGD_DNS, "resolvconf failed with status %d", err);
|
||||||
|
+ retval = FALSE;
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
cmd = g_strconcat (RESOLVCONF_PATH, " -d ", "NetworkManager", NULL);
|
||||||
|
nm_log_info (LOGD_DNS, "Removing DNS information from %s", RESOLVCONF_PATH);
|
||||||
|
- if (nm_spawn_process (cmd) == 0)
|
||||||
|
+ if (nm_spawn_process (cmd, error) == 0)
|
||||||
|
retval = TRUE;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -612,8 +632,7 @@ update_dns (NMDnsManager *self,
|
||||||
|
int num, i, len;
|
||||||
|
gboolean success = FALSE, caching = FALSE;
|
||||||
|
|
||||||
|
- g_return_val_if_fail (error != NULL, FALSE);
|
||||||
|
- g_return_val_if_fail (*error == NULL, FALSE);
|
||||||
|
+ g_return_val_if_fail (!error || !*error, FALSE);
|
||||||
|
|
||||||
|
priv = NM_DNS_MANAGER_GET_PRIVATE (self);
|
||||||
|
|
||||||
|
@@ -799,9 +818,7 @@ plugin_failed (NMDnsPlugin *plugin, gpointer user_data)
|
||||||
|
|
||||||
|
/* Disable caching until the next DNS update */
|
||||||
|
if (!update_dns (self, TRUE, &error)) {
|
||||||
|
- nm_log_warn (LOGD_DNS, "could not commit DNS changes: (%d) %s",
|
||||||
|
- error ? error->code : -1,
|
||||||
|
- error && error->message ? error->message : "(unknown)");
|
||||||
|
+ nm_log_warn (LOGD_DNS, "could not commit DNS changes: %s", error->message);
|
||||||
|
g_clear_error (&error);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
@@ -838,9 +855,7 @@ nm_dns_manager_add_ip4_config (NMDnsManager *mgr,
|
||||||
|
priv->configs = g_slist_append (priv->configs, g_object_ref (config));
|
||||||
|
|
||||||
|
if (!priv->updates_queue && !update_dns (mgr, FALSE, &error)) {
|
||||||
|
- nm_log_warn (LOGD_DNS, "could not commit DNS changes: (%d) %s",
|
||||||
|
- error ? error->code : -1,
|
||||||
|
- error && error->message ? error->message : "(unknown)");
|
||||||
|
+ nm_log_warn (LOGD_DNS, "could not commit DNS changes: %s", error->message);
|
||||||
|
g_clear_error (&error);
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -872,9 +887,7 @@ nm_dns_manager_remove_ip4_config (NMDnsManager *mgr, NMIP4Config *config)
|
||||||
|
g_object_unref (config);
|
||||||
|
|
||||||
|
if (!priv->updates_queue && !update_dns (mgr, FALSE, &error)) {
|
||||||
|
- nm_log_warn (LOGD_DNS, "could not commit DNS changes: (%d) %s",
|
||||||
|
- error ? error->code : -1,
|
||||||
|
- error && error->message ? error->message : "(unknown)");
|
||||||
|
+ nm_log_warn (LOGD_DNS, "could not commit DNS changes: %s", error->message);
|
||||||
|
g_clear_error (&error);
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -915,9 +928,7 @@ nm_dns_manager_add_ip6_config (NMDnsManager *mgr,
|
||||||
|
priv->configs = g_slist_append (priv->configs, g_object_ref (config));
|
||||||
|
|
||||||
|
if (!priv->updates_queue && !update_dns (mgr, FALSE, &error)) {
|
||||||
|
- nm_log_warn (LOGD_DNS, "could not commit DNS changes: (%d) %s",
|
||||||
|
- error ? error->code : -1,
|
||||||
|
- error && error->message ? error->message : "(unknown)");
|
||||||
|
+ nm_log_warn (LOGD_DNS, "could not commit DNS changes: %s", error->message);
|
||||||
|
g_clear_error (&error);
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -949,9 +960,7 @@ nm_dns_manager_remove_ip6_config (NMDnsManager *mgr, NMIP6Config *config)
|
||||||
|
g_object_unref (config);
|
||||||
|
|
||||||
|
if (!priv->updates_queue && !update_dns (mgr, FALSE, &error)) {
|
||||||
|
- nm_log_warn (LOGD_DNS, "could not commit DNS changes: (%d) %s",
|
||||||
|
- error ? error->code : -1,
|
||||||
|
- error && error->message ? error->message : "(unknown)");
|
||||||
|
+ nm_log_warn (LOGD_DNS, "could not commit DNS changes: %s", error->message);
|
||||||
|
g_clear_error (&error);
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -994,9 +1003,7 @@ nm_dns_manager_set_hostname (NMDnsManager *mgr,
|
||||||
|
priv->hostname = g_strdup (filtered);
|
||||||
|
|
||||||
|
if (!priv->updates_queue && !update_dns (mgr, FALSE, &error)) {
|
||||||
|
- nm_log_warn (LOGD_DNS, "could not commit DNS changes: (%d) %s",
|
||||||
|
- error ? error->code : -1,
|
||||||
|
- error && error->message ? error->message : "(unknown)");
|
||||||
|
+ nm_log_warn (LOGD_DNS, "could not commit DNS changes: %s", error->message);
|
||||||
|
g_clear_error (&error);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
@@ -1050,9 +1057,7 @@ nm_dns_manager_end_updates (NMDnsManager *mgr, const char *func)
|
||||||
|
/* Commit all the outstanding changes */
|
||||||
|
nm_log_dbg (LOGD_DNS, "(%s): committing DNS changes (%d)", func, priv->updates_queue);
|
||||||
|
if (!update_dns (mgr, FALSE, &error)) {
|
||||||
|
- nm_log_warn (LOGD_DNS, "could not commit DNS changes: (%d) %s",
|
||||||
|
- error ? error->code : -1,
|
||||||
|
- error && error->message ? error->message : "(unknown)");
|
||||||
|
+ nm_log_warn (LOGD_DNS, "could not commit DNS changes: %s", error->message);
|
||||||
|
g_clear_error (&error);
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -1152,9 +1157,7 @@ dispose (GObject *object)
|
||||||
|
* DNS updates yet, there's no reason to touch resolv.conf on shutdown.
|
||||||
|
*/
|
||||||
|
if (priv->dns_touched && !update_dns (self, TRUE, &error)) {
|
||||||
|
- nm_log_warn (LOGD_DNS, "could not commit DNS changes on shutdown: (%d) %s",
|
||||||
|
- error ? error->code : -1,
|
||||||
|
- error && error->message ? error->message : "(unknown)");
|
||||||
|
+ nm_log_warn (LOGD_DNS, "could not commit DNS changes on shutdown: %s", error->message);
|
||||||
|
g_clear_error (&error);
|
||||||
|
priv->dns_touched = FALSE;
|
||||||
|
}
|
||||||
|
diff --git a/src/dns-manager/nm-dns-unbound.c b/src/dns-manager/nm-dns-unbound.c
|
||||||
|
index 137fd20..5520d38 100644
|
||||||
|
--- a/src/dns-manager/nm-dns-unbound.c
|
||||||
|
+++ b/src/dns-manager/nm-dns-unbound.c
|
||||||
|
@@ -40,7 +40,7 @@ update (NMDnsPlugin *plugin,
|
||||||
|
* without calling custom scripts. The dnssec-trigger functionality
|
||||||
|
* may be eventually merged into NetworkManager.
|
||||||
|
*/
|
||||||
|
- return nm_spawn_process ("/usr/libexec/dnssec-trigger-script --async --update") == 0;
|
||||||
|
+ return nm_spawn_process ("/usr/libexec/dnssec-trigger-script --async --update", NULL) == 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
static gboolean
|
||||||
|
--
|
||||||
|
2.4.0
|
||||||
|
|
@ -0,0 +1,67 @@
|
|||||||
|
From e6b47236f00ab91056be9fc3f9b8611fb16d9e57 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Dan Williams <dcbw@redhat.com>
|
||||||
|
Date: Thu, 15 Jan 2015 11:38:33 -0600
|
||||||
|
Subject: [PATCH 4/4] dns: refresh DNS if plugin child quits unexpectedly (bgo
|
||||||
|
#728342)
|
||||||
|
|
||||||
|
If the child dies, or something kills the child externally, refresh
|
||||||
|
DNS which should respawn the child, similar to what we do with
|
||||||
|
wpa_supplicant, teamd, etc.
|
||||||
|
|
||||||
|
https://bugzilla.gnome.org/show_bug.cgi?id=728342
|
||||||
|
(cherry picked from commit 09a05f6c3e0b4502252d70cb121654e7312520c5)
|
||||||
|
---
|
||||||
|
src/dns-manager/nm-dns-manager.c | 23 ++++++++++++++++++++++-
|
||||||
|
1 file changed, 22 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/src/dns-manager/nm-dns-manager.c b/src/dns-manager/nm-dns-manager.c
|
||||||
|
index e833ce4..c81bfd6 100644
|
||||||
|
--- a/src/dns-manager/nm-dns-manager.c
|
||||||
|
+++ b/src/dns-manager/nm-dns-manager.c
|
||||||
|
@@ -823,6 +823,22 @@ plugin_failed (NMDnsPlugin *plugin, gpointer user_data)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
+static void
|
||||||
|
+plugin_child_quit (NMDnsPlugin *plugin, int exit_status, gpointer user_data)
|
||||||
|
+{
|
||||||
|
+ NMDnsManager *self = NM_DNS_MANAGER (user_data);
|
||||||
|
+ GError *error = NULL;
|
||||||
|
+
|
||||||
|
+ nm_log_warn (LOGD_DNS, "DNS: plugin %s child quit unexpectedly; refreshing DNS",
|
||||||
|
+ nm_dns_plugin_get_name (plugin));
|
||||||
|
+
|
||||||
|
+ /* Let the plugin try to spawn the child again */
|
||||||
|
+ if (!update_dns (self, FALSE, &error)) {
|
||||||
|
+ nm_log_warn (LOGD_DNS, "could not commit DNS changes: %s", error->message);
|
||||||
|
+ g_clear_error (&error);
|
||||||
|
+ }
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
gboolean
|
||||||
|
nm_dns_manager_add_ip4_config (NMDnsManager *mgr,
|
||||||
|
const char *iface,
|
||||||
|
@@ -1139,6 +1155,7 @@ nm_dns_manager_init (NMDnsManager *self)
|
||||||
|
if (priv->plugin) {
|
||||||
|
nm_log_info (LOGD_DNS, "DNS: loaded plugin %s", nm_dns_plugin_get_name (priv->plugin));
|
||||||
|
g_signal_connect (priv->plugin, NM_DNS_PLUGIN_FAILED, G_CALLBACK (plugin_failed), self);
|
||||||
|
+ g_signal_connect (priv->plugin, NM_DNS_PLUGIN_CHILD_QUIT, G_CALLBACK (plugin_child_quit), self);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -1149,7 +1166,11 @@ dispose (GObject *object)
|
||||||
|
NMDnsManagerPrivate *priv = NM_DNS_MANAGER_GET_PRIVATE (self);
|
||||||
|
GError *error = NULL;
|
||||||
|
|
||||||
|
- g_clear_object (&priv->plugin);
|
||||||
|
+ if (priv->plugin) {
|
||||||
|
+ g_signal_handlers_disconnect_by_func (priv->plugin, plugin_failed, self);
|
||||||
|
+ g_signal_handlers_disconnect_by_func (priv->plugin, plugin_child_quit, self);
|
||||||
|
+ g_clear_object (&priv->plugin);
|
||||||
|
+ }
|
||||||
|
|
||||||
|
/* If we're quitting, leave a valid resolv.conf in place, not one
|
||||||
|
* pointing to 127.0.0.1 if any plugins were active. Thus update
|
||||||
|
--
|
||||||
|
2.4.0
|
||||||
|
|
55
0007-cli-add-PHYS_PORT_ID-property-rh1168573.patch
Normal file
55
0007-cli-add-PHYS_PORT_ID-property-rh1168573.patch
Normal file
@ -0,0 +1,55 @@
|
|||||||
|
From 1974b8b50cf00e706c795a99f13120d509b42a33 Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Ji=C5=99=C3=AD=20Klime=C5=A1?= <jklimes@redhat.com>
|
||||||
|
Date: Tue, 14 Apr 2015 12:08:15 +0200
|
||||||
|
Subject: [PATCH] cli: add PHYS_PORT_ID property to devices
|
||||||
|
|
||||||
|
The physical-port-id property was added to libnm (libnm-glib) in commit
|
||||||
|
47cc8b25f2efe015defde7e76e49e67086603bb3.
|
||||||
|
|
||||||
|
(cherry picked from commit 825255361565588a428aad69eb7ea9ffe9475fc2)
|
||||||
|
---
|
||||||
|
cli/src/devices.c | 19 +++++++++++--------
|
||||||
|
1 file changed, 11 insertions(+), 8 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/cli/src/devices.c b/cli/src/devices.c
|
||||||
|
index 5a3ab45..3b20186 100644
|
||||||
|
--- a/cli/src/devices.c
|
||||||
|
+++ b/cli/src/devices.c
|
||||||
|
@@ -103,13 +103,15 @@ static NmcOutputField nmc_fields_dev_show_general[] = {
|
||||||
|
{"NM-MANAGED", N_("NM-MANAGED"), 15}, /* 14 */
|
||||||
|
{"AUTOCONNECT", N_("AUTOCONNECT"), 15}, /* 15 */
|
||||||
|
{"FIRMWARE-MISSING", N_("FIRMWARE-MISSING"), 18}, /* 16 */
|
||||||
|
- {"CONNECTION", N_("CONNECTION"), 20}, /* 17 */
|
||||||
|
- {"CON-UUID", N_("CON-UUID"), 38}, /* 18 */
|
||||||
|
- {"CON-PATH", N_("CON-PATH"), 51}, /* 19 */
|
||||||
|
+ {"PHYS-PORT-ID", N_("PHYS-PORT-ID"), 18}, /* 17 */
|
||||||
|
+ {"CONNECTION", N_("CONNECTION"), 20}, /* 18 */
|
||||||
|
+ {"CON-UUID", N_("CON-UUID"), 38}, /* 19 */
|
||||||
|
+ {"CON-PATH", N_("CON-PATH"), 51}, /* 20 */
|
||||||
|
{NULL, NULL, 0}
|
||||||
|
};
|
||||||
|
-#define NMC_FIELDS_DEV_SHOW_GENERAL_ALL "NAME,DEVICE,TYPE,VENDOR,PRODUCT,DRIVER,DRIVER-VERSION,FIRMWARE-VERSION,HWADDR,MTU,STATE,REASON,"\
|
||||||
|
- "UDI,IP-IFACE,NM-MANAGED,AUTOCONNECT,FIRMWARE-MISSING,CONNECTION,CON-UUID,CON-PATH"
|
||||||
|
+#define NMC_FIELDS_DEV_SHOW_GENERAL_ALL "NAME,DEVICE,TYPE,VENDOR,PRODUCT,DRIVER,DRIVER-VERSION,FIRMWARE-VERSION,HWADDR,MTU,"\
|
||||||
|
+ "STATE,REASON,UDI,IP-IFACE,NM-MANAGED,AUTOCONNECT,FIRMWARE-MISSING,PHYS-PORT-ID,"\
|
||||||
|
+ "CONNECTION,CON-UUID,CON-PATH"
|
||||||
|
#define NMC_FIELDS_DEV_SHOW_GENERAL_COMMON "NAME,DEVICE,TYPE,VENDOR,PRODUCT,DRIVER,HWADDR,STATE"
|
||||||
|
|
||||||
|
/* Available fields for 'device show' - CONNECTIONS part */
|
||||||
|
@@ -801,9 +803,10 @@ show_device_info (NMDevice *device, NmCli *nmc)
|
||||||
|
set_val_strc (arr, 14, nm_device_get_managed (device) ? _("yes") : _("no"));
|
||||||
|
set_val_strc (arr, 15, nm_device_get_autoconnect (device) ? _("yes") : _("no"));
|
||||||
|
set_val_strc (arr, 16, nm_device_get_firmware_missing (device) ? _("yes") : _("no"));
|
||||||
|
- set_val_strc (arr, 17, get_active_connection_id (device));
|
||||||
|
- set_val_strc (arr, 18, acon ? nm_active_connection_get_uuid (acon) : NULL);
|
||||||
|
- set_val_strc (arr, 19, acon ? nm_object_get_path (NM_OBJECT (acon)) : NULL);
|
||||||
|
+ set_val_strc (arr, 17, nm_device_get_physical_port_id (device));
|
||||||
|
+ set_val_strc (arr, 18, get_active_connection_id (device));
|
||||||
|
+ set_val_strc (arr, 19, acon ? nm_active_connection_get_uuid (acon) : NULL);
|
||||||
|
+ set_val_strc (arr, 20, acon ? nm_object_get_path (NM_OBJECT (acon)) : NULL);
|
||||||
|
g_ptr_array_add (nmc->output_data, arr);
|
||||||
|
|
||||||
|
print_data (nmc); /* Print all data */
|
||||||
|
--
|
||||||
|
2.4.0
|
||||||
|
|
153
0008-cli-better-indicate-Wi-Fi-plugin-missing-rh1168573.patch
Normal file
153
0008-cli-better-indicate-Wi-Fi-plugin-missing-rh1168573.patch
Normal file
@ -0,0 +1,153 @@
|
|||||||
|
From e304f04932304f896ca3f95f499217496334ec83 Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Ji=C5=99=C3=AD=20Klime=C5=A1?= <jklimes@redhat.com>
|
||||||
|
Date: Tue, 14 Apr 2015 14:35:14 +0200
|
||||||
|
Subject: [PATCH] cli: better indicate when a Wi-Fi plugin might not be
|
||||||
|
available (rh #1168573)
|
||||||
|
|
||||||
|
* print an error message indicating NM Wi-Fi plugin may be missing, for
|
||||||
|
nmcli device wifi ifname <dev-name>
|
||||||
|
nmcli device wifi connect ifname <dev-name>
|
||||||
|
|
||||||
|
* add NM-TYPE to 'nmcli device show' command displaying internal NM device type
|
||||||
|
(like NMDeviceWifi, NMDeviceGeneric, ...)
|
||||||
|
|
||||||
|
https://bugzilla.redhat.com/show_bug.cgi?id=1168573
|
||||||
|
|
||||||
|
(cherry picked from commit 823df334eda48a8e2cec897d6123f7b2158c12ff)
|
||||||
|
---
|
||||||
|
cli/src/devices.c | 96 +++++++++++++++++++++++++++++++------------------------
|
||||||
|
1 file changed, 55 insertions(+), 41 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/cli/src/devices.c b/cli/src/devices.c
|
||||||
|
index 3b20186..71198fb 100644
|
||||||
|
--- a/cli/src/devices.c
|
||||||
|
+++ b/cli/src/devices.c
|
||||||
|
@@ -89,27 +89,28 @@ static NmcOutputField nmc_fields_dev_show_general[] = {
|
||||||
|
{"NAME", N_("NAME"), 10}, /* 0 */
|
||||||
|
{"DEVICE", N_("DEVICE"), 10}, /* 1 */
|
||||||
|
{"TYPE", N_("TYPE"), 17}, /* 2 */
|
||||||
|
- {"VENDOR", N_("VENDOR"), 20}, /* 3 */
|
||||||
|
- {"PRODUCT", N_("PRODUCT"), 50}, /* 4 */
|
||||||
|
- {"DRIVER", N_("DRIVER"), 9}, /* 5 */
|
||||||
|
- {"DRIVER-VERSION", N_("DRIVER-VERSION"), 18}, /* 6 */
|
||||||
|
- {"FIRMWARE-VERSION", N_("FIRMWARE-VERSION"), 18}, /* 7 */
|
||||||
|
- {"HWADDR", N_("HWADDR"), 19}, /* 8 */
|
||||||
|
- {"MTU", N_("MTU"), 10}, /* 9 */
|
||||||
|
- {"STATE", N_("STATE"), 14}, /* 10 */
|
||||||
|
- {"REASON", N_("REASON"), 25}, /* 11 */
|
||||||
|
- {"UDI", N_("UDI"), 64}, /* 12 */
|
||||||
|
- {"IP-IFACE", N_("IP-IFACE"), 10}, /* 13 */
|
||||||
|
- {"NM-MANAGED", N_("NM-MANAGED"), 15}, /* 14 */
|
||||||
|
- {"AUTOCONNECT", N_("AUTOCONNECT"), 15}, /* 15 */
|
||||||
|
- {"FIRMWARE-MISSING", N_("FIRMWARE-MISSING"), 18}, /* 16 */
|
||||||
|
- {"PHYS-PORT-ID", N_("PHYS-PORT-ID"), 18}, /* 17 */
|
||||||
|
- {"CONNECTION", N_("CONNECTION"), 20}, /* 18 */
|
||||||
|
- {"CON-UUID", N_("CON-UUID"), 38}, /* 19 */
|
||||||
|
- {"CON-PATH", N_("CON-PATH"), 51}, /* 20 */
|
||||||
|
+ {"NM-TYPE", N_("NM-TYPE"), 17}, /* 3 */
|
||||||
|
+ {"VENDOR", N_("VENDOR"), 20}, /* 4 */
|
||||||
|
+ {"PRODUCT", N_("PRODUCT"), 50}, /* 5 */
|
||||||
|
+ {"DRIVER", N_("DRIVER"), 9}, /* 6 */
|
||||||
|
+ {"DRIVER-VERSION", N_("DRIVER-VERSION"), 18}, /* 7 */
|
||||||
|
+ {"FIRMWARE-VERSION", N_("FIRMWARE-VERSION"), 18}, /* 8 */
|
||||||
|
+ {"HWADDR", N_("HWADDR"), 19}, /* 9 */
|
||||||
|
+ {"MTU", N_("MTU"), 10}, /* 10 */
|
||||||
|
+ {"STATE", N_("STATE"), 14}, /* 11 */
|
||||||
|
+ {"REASON", N_("REASON"), 25}, /* 12 */
|
||||||
|
+ {"UDI", N_("UDI"), 64}, /* 13 */
|
||||||
|
+ {"IP-IFACE", N_("IP-IFACE"), 10}, /* 14 */
|
||||||
|
+ {"NM-MANAGED", N_("NM-MANAGED"), 15}, /* 15 */
|
||||||
|
+ {"AUTOCONNECT", N_("AUTOCONNECT"), 15}, /* 16 */
|
||||||
|
+ {"FIRMWARE-MISSING", N_("FIRMWARE-MISSING"), 18}, /* 17 */
|
||||||
|
+ {"PHYS-PORT-ID", N_("PHYS-PORT-ID"), 18}, /* 18 */
|
||||||
|
+ {"CONNECTION", N_("CONNECTION"), 20}, /* 19 */
|
||||||
|
+ {"CON-UUID", N_("CON-UUID"), 38}, /* 20 */
|
||||||
|
+ {"CON-PATH", N_("CON-PATH"), 51}, /* 21 */
|
||||||
|
{NULL, NULL, 0}
|
||||||
|
};
|
||||||
|
-#define NMC_FIELDS_DEV_SHOW_GENERAL_ALL "NAME,DEVICE,TYPE,VENDOR,PRODUCT,DRIVER,DRIVER-VERSION,FIRMWARE-VERSION,HWADDR,MTU,"\
|
||||||
|
+#define NMC_FIELDS_DEV_SHOW_GENERAL_ALL "NAME,DEVICE,TYPE,NM-TYPE,VENDOR,PRODUCT,DRIVER,DRIVER-VERSION,FIRMWARE-VERSION,HWADDR,MTU,"\
|
||||||
|
"STATE,REASON,UDI,IP-IFACE,NM-MANAGED,AUTOCONNECT,FIRMWARE-MISSING,PHYS-PORT-ID,"\
|
||||||
|
"CONNECTION,CON-UUID,CON-PATH"
|
||||||
|
#define NMC_FIELDS_DEV_SHOW_GENERAL_COMMON "NAME,DEVICE,TYPE,VENDOR,PRODUCT,DRIVER,HWADDR,STATE"
|
||||||
|
@@ -789,24 +790,25 @@ show_device_info (NMDevice *device, NmCli *nmc)
|
||||||
|
set_val_strc (arr, 0, nmc_fields_dev_show_sections[0].name); /* "GENERAL"*/
|
||||||
|
set_val_strc (arr, 1, nm_device_get_iface (device));
|
||||||
|
set_val_strc (arr, 2, nm_device_get_type_description (device));
|
||||||
|
- set_val_strc (arr, 3, nm_device_get_vendor (device));
|
||||||
|
- set_val_strc (arr, 4, nm_device_get_product (device));
|
||||||
|
- set_val_strc (arr, 5, nm_device_get_driver (device) ? nm_device_get_driver (device) : _("(unknown)"));
|
||||||
|
- set_val_strc (arr, 6, nm_device_get_driver_version (device));
|
||||||
|
- set_val_strc (arr, 7, nm_device_get_firmware_version (device));
|
||||||
|
- set_val_strc (arr, 8, hwaddr ? hwaddr : _("(unknown)"));
|
||||||
|
- set_val_str (arr, 9, mtu_str);
|
||||||
|
- set_val_str (arr, 10, state_str);
|
||||||
|
- set_val_str (arr, 11, reason_str);
|
||||||
|
- set_val_strc (arr, 12, nm_device_get_udi (device));
|
||||||
|
- set_val_strc (arr, 13, nm_device_get_ip_iface (device));
|
||||||
|
- set_val_strc (arr, 14, nm_device_get_managed (device) ? _("yes") : _("no"));
|
||||||
|
- set_val_strc (arr, 15, nm_device_get_autoconnect (device) ? _("yes") : _("no"));
|
||||||
|
- set_val_strc (arr, 16, nm_device_get_firmware_missing (device) ? _("yes") : _("no"));
|
||||||
|
- set_val_strc (arr, 17, nm_device_get_physical_port_id (device));
|
||||||
|
- set_val_strc (arr, 18, get_active_connection_id (device));
|
||||||
|
- set_val_strc (arr, 19, acon ? nm_active_connection_get_uuid (acon) : NULL);
|
||||||
|
- set_val_strc (arr, 20, acon ? nm_object_get_path (NM_OBJECT (acon)) : NULL);
|
||||||
|
+ set_val_strc (arr, 3, G_OBJECT_TYPE_NAME (device));
|
||||||
|
+ set_val_strc (arr, 4, nm_device_get_vendor (device));
|
||||||
|
+ set_val_strc (arr, 5, nm_device_get_product (device));
|
||||||
|
+ set_val_strc (arr, 6, nm_device_get_driver (device) ? nm_device_get_driver (device) : _("(unknown)"));
|
||||||
|
+ set_val_strc (arr, 7, nm_device_get_driver_version (device));
|
||||||
|
+ set_val_strc (arr, 8, nm_device_get_firmware_version (device));
|
||||||
|
+ set_val_strc (arr, 9, hwaddr ? hwaddr : _("(unknown)"));
|
||||||
|
+ set_val_str (arr, 10, mtu_str);
|
||||||
|
+ set_val_str (arr, 11, state_str);
|
||||||
|
+ set_val_str (arr, 12, reason_str);
|
||||||
|
+ set_val_strc (arr, 13, nm_device_get_udi (device));
|
||||||
|
+ set_val_strc (arr, 14, nm_device_get_ip_iface (device));
|
||||||
|
+ set_val_strc (arr, 15, nm_device_get_managed (device) ? _("yes") : _("no"));
|
||||||
|
+ set_val_strc (arr, 16, nm_device_get_autoconnect (device) ? _("yes") : _("no"));
|
||||||
|
+ set_val_strc (arr, 17, nm_device_get_firmware_missing (device) ? _("yes") : _("no"));
|
||||||
|
+ set_val_strc (arr, 18, nm_device_get_physical_port_id (device));
|
||||||
|
+ set_val_strc (arr, 19, get_active_connection_id (device));
|
||||||
|
+ set_val_strc (arr, 20, acon ? nm_active_connection_get_uuid (acon) : NULL);
|
||||||
|
+ set_val_strc (arr, 21, acon ? nm_object_get_path (NM_OBJECT (acon)) : NULL);
|
||||||
|
g_ptr_array_add (nmc->output_data, arr);
|
||||||
|
|
||||||
|
print_data (nmc); /* Print all data */
|
||||||
|
@@ -1752,7 +1754,13 @@ do_device_wifi_list (NmCli *nmc, int argc, char **argv)
|
||||||
|
show_acces_point_info (device, nmc);
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
- g_string_printf (nmc->return_text, _("Error: Device '%s' is not a Wi-Fi device."), ifname);
|
||||||
|
+ const char *err_msg;
|
||||||
|
+ if ( nm_device_get_device_type (device) == NM_DEVICE_TYPE_GENERIC
|
||||||
|
+ && g_strcmp0 (nm_device_get_type_description (device), "wifi") == 0)
|
||||||
|
+ err_msg = _("Error: Device '%s' was not recognized as a Wi-Fi device, check NetworkManager Wi-Fi plugin.");
|
||||||
|
+ else
|
||||||
|
+ err_msg = _("Error: Device '%s' is not a Wi-Fi device.");
|
||||||
|
+ g_string_printf (nmc->return_text, err_msg, ifname);
|
||||||
|
nmc->return_value = NMC_RESULT_ERROR_UNKNOWN;
|
||||||
|
goto error;
|
||||||
|
}
|
||||||
|
@@ -2317,9 +2325,15 @@ do_device_wifi_rescan (NmCli *nmc, int argc, char **argv)
|
||||||
|
device = find_wifi_device_by_iface (devices, ifname, &devices_idx);
|
||||||
|
|
||||||
|
if (!device) {
|
||||||
|
- if (ifname)
|
||||||
|
- g_string_printf (nmc->return_text, _("Error: Device '%s' is not a Wi-Fi device."), ifname);
|
||||||
|
- else
|
||||||
|
+ if (ifname) {
|
||||||
|
+ const char *err_msg;
|
||||||
|
+ if ( nm_device_get_device_type (device) == NM_DEVICE_TYPE_GENERIC
|
||||||
|
+ && g_strcmp0 (nm_device_get_type_description (device), "wifi") == 0)
|
||||||
|
+ err_msg = _("Error: Device '%s' was not recognized as a Wi-Fi device, check NetworkManager Wi-Fi plugin.");
|
||||||
|
+ else
|
||||||
|
+ err_msg = _("Error: Device '%s' is not a Wi-Fi device.");
|
||||||
|
+ g_string_printf (nmc->return_text, err_msg, ifname);
|
||||||
|
+ } else
|
||||||
|
g_string_printf (nmc->return_text, _("Error: No Wi-Fi device found."));
|
||||||
|
nmc->return_value = NMC_RESULT_ERROR_UNKNOWN;
|
||||||
|
goto error;
|
||||||
|
--
|
||||||
|
2.4.0
|
||||||
|
|
102
0009-CVE-2015-2924-don-t-let-RA-lower-hop-limit-rh1209903.patch
Normal file
102
0009-CVE-2015-2924-don-t-let-RA-lower-hop-limit-rh1209903.patch
Normal file
@ -0,0 +1,102 @@
|
|||||||
|
From d195edb95a543f7eebbd0a164e8ff3bef599370a Mon Sep 17 00:00:00 2001
|
||||||
|
From: Thomas Haller <thaller@redhat.com>
|
||||||
|
Date: Wed, 8 Apr 2015 15:54:30 +0200
|
||||||
|
Subject: [PATCH] platform: don't accept lowering IPv6 hop-limit from RA
|
||||||
|
(CVE-2015-2924)
|
||||||
|
|
||||||
|
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6fd99094de2b83d1d4c8457f2c83483b2828e75a
|
||||||
|
http://seclists.org/oss-sec/2015/q2/46
|
||||||
|
https://bugzilla.redhat.com/show_bug.cgi?id=1209902
|
||||||
|
https://bugzilla.redhat.com/show_bug.cgi?id=1209903
|
||||||
|
(cherry picked from commit bdaaf9849b0cacf131b71fa2ae168f5db796874f)
|
||||||
|
|
||||||
|
Conflicts:
|
||||||
|
src/devices/nm-device.c
|
||||||
|
src/nm-iface-helper.c
|
||||||
|
src/platform/nm-platform.h
|
||||||
|
---
|
||||||
|
src/devices/nm-device.c | 10 ++--------
|
||||||
|
src/platform/nm-platform.c | 32 ++++++++++++++++++++++++++++++++
|
||||||
|
src/platform/nm-platform.h | 2 ++
|
||||||
|
3 files changed, 36 insertions(+), 8 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/devices/nm-device.c b/src/devices/nm-device.c
|
||||||
|
index 7ab51e4..8cdf01b 100644
|
||||||
|
--- a/src/devices/nm-device.c
|
||||||
|
+++ b/src/devices/nm-device.c
|
||||||
|
@@ -3716,14 +3716,8 @@ rdisc_config_changed (NMRDisc *rdisc, NMRDiscConfigMap changed, NMDevice *device
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
- /* hop_limit == 0 is a special value "unspecified", so do not touch
|
||||||
|
- * in this case */
|
||||||
|
- if (changed & NM_RDISC_CONFIG_HOP_LIMIT && rdisc->hop_limit > 0) {
|
||||||
|
- char val[16];
|
||||||
|
-
|
||||||
|
- g_snprintf (val, sizeof (val), "%d", rdisc->hop_limit);
|
||||||
|
- nm_device_ipv6_sysctl_set (device, "hop_limit", val);
|
||||||
|
- }
|
||||||
|
+ if (changed & NM_RDISC_CONFIG_HOP_LIMIT)
|
||||||
|
+ nm_platform_sysctl_set_ip6_hop_limit_safe (nm_device_get_ip_iface (device), rdisc->hop_limit);
|
||||||
|
|
||||||
|
nm_device_activate_schedule_ip6_config_result (device);
|
||||||
|
}
|
||||||
|
diff --git a/src/platform/nm-platform.c b/src/platform/nm-platform.c
|
||||||
|
index e95d6af..9629d9d 100644
|
||||||
|
--- a/src/platform/nm-platform.c
|
||||||
|
+++ b/src/platform/nm-platform.c
|
||||||
|
@@ -240,6 +240,38 @@ nm_platform_sysctl_set (const char *path, const char *value)
|
||||||
|
return klass->sysctl_set (platform, path, value);
|
||||||
|
}
|
||||||
|
|
||||||
|
+gboolean
|
||||||
|
+nm_platform_sysctl_set_ip6_hop_limit_safe (const char *iface, int value)
|
||||||
|
+{
|
||||||
|
+ const char *path;
|
||||||
|
+ gint64 cur;
|
||||||
|
+
|
||||||
|
+ /* the hop-limit provided via RA is uint8. */
|
||||||
|
+ if (value > 0xFF)
|
||||||
|
+ return FALSE;
|
||||||
|
+
|
||||||
|
+ /* don't allow unreasonable small values */
|
||||||
|
+ if (value < 10)
|
||||||
|
+ return FALSE;
|
||||||
|
+
|
||||||
|
+ path = nm_utils_ip6_property_path (iface, "hop_limit");
|
||||||
|
+ cur = nm_platform_sysctl_get_int_checked (path, 10, 1, G_MAXINT32, -1);
|
||||||
|
+
|
||||||
|
+ /* only allow increasing the hop-limit to avoid DOS by an attacker
|
||||||
|
+ * setting a low hop-limit (CVE-2015-2924, rh#1209902) */
|
||||||
|
+
|
||||||
|
+ if (value < cur)
|
||||||
|
+ return FALSE;
|
||||||
|
+ if (value != cur) {
|
||||||
|
+ char svalue[20];
|
||||||
|
+
|
||||||
|
+ sprintf (svalue, "%d", value);
|
||||||
|
+ nm_platform_sysctl_set (path, svalue);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return TRUE;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
/**
|
||||||
|
* nm_platform_sysctl_get:
|
||||||
|
* @path: Absolute path to sysctl
|
||||||
|
diff --git a/src/platform/nm-platform.h b/src/platform/nm-platform.h
|
||||||
|
index 275557c..6a1e503 100644
|
||||||
|
--- a/src/platform/nm-platform.h
|
||||||
|
+++ b/src/platform/nm-platform.h
|
||||||
|
@@ -504,6 +504,8 @@ char *nm_platform_sysctl_get (const char *path);
|
||||||
|
gint32 nm_platform_sysctl_get_int32 (const char *path, gint32 fallback);
|
||||||
|
gint64 nm_platform_sysctl_get_int_checked (const char *path, guint base, gint64 min, gint64 max, gint64 fallback);
|
||||||
|
|
||||||
|
+gboolean nm_platform_sysctl_set_ip6_hop_limit_safe (const char *iface, int value);
|
||||||
|
+
|
||||||
|
gboolean nm_platform_link_get (int ifindex, NMPlatformLink *link);
|
||||||
|
GArray *nm_platform_link_get_all (void);
|
||||||
|
gboolean nm_platform_dummy_add (const char *name);
|
||||||
|
--
|
||||||
|
2.4.0
|
||||||
|
|
29
0010-load-libnl-3.so.200-rh1205195.patch
Normal file
29
0010-load-libnl-3.so.200-rh1205195.patch
Normal file
@ -0,0 +1,29 @@
|
|||||||
|
From 15420eb0a2c5b3ba248068e33b5464c3f7d2e752 Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Ji=C5=99=C3=AD=20Klime=C5=A1?= <jklimes@redhat.com>
|
||||||
|
Date: Wed, 25 Mar 2015 15:30:57 +0100
|
||||||
|
Subject: [PATCH] platform: load libnl-3.so.200, not libnl-3.so (rh #1205195)
|
||||||
|
|
||||||
|
libnl-3.so link is only present in devel package (libnl3-devel).
|
||||||
|
|
||||||
|
https://bugzilla.redhat.com/show_bug.cgi?id=1205195
|
||||||
|
(cherry picked from commit d767fb160c36bd9dc339e343ebac58274204ad4f)
|
||||||
|
---
|
||||||
|
src/platform/nm-linux-platform.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/src/platform/nm-linux-platform.c b/src/platform/nm-linux-platform.c
|
||||||
|
index cf2164d..0f8b80d 100644
|
||||||
|
--- a/src/platform/nm-linux-platform.c
|
||||||
|
+++ b/src/platform/nm-linux-platform.c
|
||||||
|
@@ -113,7 +113,7 @@ _nl_get_vtable ()
|
||||||
|
if (G_UNLIKELY (!vtable.f_nl_has_capability)) {
|
||||||
|
void *handle;
|
||||||
|
|
||||||
|
- handle = dlopen ("libnl-3.so", RTLD_LAZY | RTLD_NOLOAD);
|
||||||
|
+ handle = dlopen ("libnl-3.so.200", RTLD_LAZY | RTLD_NOLOAD);
|
||||||
|
if (handle) {
|
||||||
|
vtable.handle = handle;
|
||||||
|
vtable.f_nl_has_capability = dlsym (handle, "nl_has_capability");
|
||||||
|
--
|
||||||
|
2.4.0
|
||||||
|
|
@ -1,10 +1,4 @@
|
|||||||
# Enable connectivity checking for NetworkManager.
|
|
||||||
# See `man NetworkManager.conf`.
|
|
||||||
#
|
|
||||||
# Note that connectivity checking works badly with rp_filter set to
|
|
||||||
# strict. Check "/proc/sys/net/ipv4/conf/*/rp_filter".
|
|
||||||
[connectivity]
|
[connectivity]
|
||||||
enabled=true
|
uri=https://fedoraproject.org/static/hotspot.txt
|
||||||
uri=http://fedoraproject.org/static/hotspot.txt
|
|
||||||
response=OK
|
response=OK
|
||||||
interval=300
|
interval=300
|
||||||
|
@ -1,10 +0,0 @@
|
|||||||
# Enable connectivity checking for NetworkManager.
|
|
||||||
# See `man NetworkManager.conf`.
|
|
||||||
#
|
|
||||||
# Note that connectivity checking works badly with rp_filter set to
|
|
||||||
# strict. Check "/proc/sys/net/ipv4/conf/*/rp_filter".
|
|
||||||
[connectivity]
|
|
||||||
enabled=true
|
|
||||||
uri=http://static.redhat.com/test/rhel-networkmanager.txt
|
|
||||||
response=OK
|
|
||||||
interval=300
|
|
@ -1,15 +0,0 @@
|
|||||||
# The Strict mode of RFC3704 Reverse Path filtering breaks some pretty
|
|
||||||
# common and reasonable use cases.
|
|
||||||
#
|
|
||||||
# Notably, it makes it impossible for NetworkManager to do connectivity
|
|
||||||
# check on a newly arriving default route (it starts with a higher metric
|
|
||||||
# and is bumped lower if there's connectivity).
|
|
||||||
#
|
|
||||||
# Kernel's default is 0 (no filter), systemd configures a Loose filter since
|
|
||||||
# commit 230450d4e4f1 ('sysctl.d: switch net.ipv4.conf.all.rp_filter from 1
|
|
||||||
# to 2'). However, RHEL systemd package happens to default to Strict mode
|
|
||||||
# for historic reasons. Let's override it if we're doing connectivity
|
|
||||||
# checking.
|
|
||||||
|
|
||||||
# Source route verification
|
|
||||||
net.ipv4.conf.all.rp_filter = 0
|
|
@ -1,52 +1,2 @@
|
|||||||
# Configuration file for NetworkManager.
|
|
||||||
#
|
|
||||||
# See "man 5 NetworkManager.conf" for details.
|
|
||||||
#
|
|
||||||
# The directories /usr/lib/NetworkManager/conf.d/ and /run/NetworkManager/conf.d/
|
|
||||||
# can contain additional .conf snippets installed by packages. These files are
|
|
||||||
# read before NetworkManager.conf and have thus lowest priority.
|
|
||||||
# The directory /etc/NetworkManager/conf.d/ can contain additional .conf
|
|
||||||
# snippets. Those snippets are merged last and overwrite the settings from this main
|
|
||||||
# file.
|
|
||||||
#
|
|
||||||
# The files within one conf.d/ directory are read in asciibetical order.
|
|
||||||
#
|
|
||||||
# You can prevent loading a file /usr/lib/NetworkManager/conf.d/NAME.conf
|
|
||||||
# by having a file NAME.conf in either /run/NetworkManager/conf.d/ or /etc/NetworkManager/conf.d/.
|
|
||||||
# Likewise, snippets from /run can be prevented from loading by placing
|
|
||||||
# a file with the same name in /etc/NetworkManager/conf.d/.
|
|
||||||
#
|
|
||||||
# If two files define the same key, the one that is read afterwards will overwrite
|
|
||||||
# the previous one.
|
|
||||||
|
|
||||||
[main]
|
[main]
|
||||||
#plugins=keyfile,ifcfg-rh
|
plugins=ifcfg-rh
|
||||||
|
|
||||||
|
|
||||||
[logging]
|
|
||||||
# When debugging NetworkManager, enabling debug logging is of great help.
|
|
||||||
#
|
|
||||||
# Logfiles contain no passwords and little sensitive information. But please
|
|
||||||
# check before posting the file online. You can also personally hand over the
|
|
||||||
# logfile to a NM developer to treat it confidential. Meet us on #nm on Libera.Chat.
|
|
||||||
#
|
|
||||||
# You can also change the log-level at runtime via
|
|
||||||
# $ nmcli general logging level TRACE domains ALL
|
|
||||||
# However, usually it's cleaner to enable debug logging
|
|
||||||
# in the configuration and restart NetworkManager so that
|
|
||||||
# debug logging is enabled from the start.
|
|
||||||
#
|
|
||||||
# You will find the logfiles in syslog, for example via
|
|
||||||
# $ journalctl -u NetworkManager
|
|
||||||
#
|
|
||||||
# Please post full logfiles for bug reports without pre-filtering or truncation.
|
|
||||||
# Also, for debugging the entire `journalctl` output can be interesting. Don't
|
|
||||||
# limit unnecessarily with `journalctl -u`. Exceptions are if you are worried
|
|
||||||
# about private data. Check before posting logfiles!
|
|
||||||
#
|
|
||||||
# Note that debug logging of NetworkManager can be quite verbose. Some messages
|
|
||||||
# might be rate-limited by the logging daemon (see RateLimitIntervalSec, RateLimitBurst
|
|
||||||
# in man journald.conf). Please disable rate-limiting before collecting debug logs!
|
|
||||||
#
|
|
||||||
#level=TRACE
|
|
||||||
#domains=ALL
|
|
||||||
|
2097
NetworkManager.spec
2097
NetworkManager.spec
File diff suppressed because it is too large
Load Diff
@ -1,31 +0,0 @@
|
|||||||
NetworkManager stores new network profiles in keyfile format in the
|
|
||||||
/etc/NetworkManager/system-connections/ directory.
|
|
||||||
|
|
||||||
Previously, NetworkManager stored network profiles in ifcfg format
|
|
||||||
in this directory (/etc/sysconfig/network-scripts/). However, the ifcfg
|
|
||||||
format is deprecated. By default, NetworkManager no longer creates
|
|
||||||
new profiles in this format.
|
|
||||||
|
|
||||||
Connection profiles in keyfile format have many benefits. For example,
|
|
||||||
this format is INI file-based and can easily be parsed and generated.
|
|
||||||
|
|
||||||
Each section in NetworkManager keyfiles corresponds to a NetworkManager
|
|
||||||
setting name as described in the nm-settings(5) and nm-settings-keyfile(5)
|
|
||||||
man pages. Each key-value-pair in a section is one of the properties
|
|
||||||
listed in the settings specification of the man page.
|
|
||||||
|
|
||||||
If you still use network profiles in ifcfg format, consider migrating
|
|
||||||
them to keyfile format. To migrate all profiles at once, enter:
|
|
||||||
|
|
||||||
# nmcli connection migrate
|
|
||||||
|
|
||||||
This command migrates all profiles from ifcfg format to keyfile
|
|
||||||
format and stores them in /etc/NetworkManager/system-connections/.
|
|
||||||
|
|
||||||
Alternatively, to migrate only a specific profile, enter:
|
|
||||||
|
|
||||||
# nmcli connection migrate <profile_name|UUID|D-Bus_path>
|
|
||||||
|
|
||||||
For further details, see:
|
|
||||||
* nm-settings-keyfile(5)
|
|
||||||
* nmcli(1)
|
|
113
rh1203904-NM-loop-fix.patch
Normal file
113
rh1203904-NM-loop-fix.patch
Normal file
@ -0,0 +1,113 @@
|
|||||||
|
From 5a09a1205cea2c5d223f97f5d91a2e46d91c55ce Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Ji=C5=99=C3=AD=20Klime=C5=A1?= <jklimes@redhat.com>
|
||||||
|
Date: Fri, 20 Mar 2015 14:02:19 +0100
|
||||||
|
Subject: [PATCH] libnm-util: allow 0.0.0.0/1 route in verify() (rh #1203904)
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
OpenVPN uses a trick to override default route by adding these two routes:
|
||||||
|
0.0.0.0/1 and 128.0.0.0/1.
|
||||||
|
We should allow this and only refuse real default route (i.e. prefix == 0).
|
||||||
|
|
||||||
|
Also verify IPv6 addresses and routes.
|
||||||
|
|
||||||
|
See:
|
||||||
|
man openvpn (search for def1)
|
||||||
|
https://community.openvpn.net/openvpn/wiki/IgnoreRedirectGateway
|
||||||
|
|
||||||
|
https://bugzilla.redhat.com/show_bug.cgi?id=1203904
|
||||||
|
|
||||||
|
(cherry picked from commit ba35c63db60aa652528e492aa483c971b9217f1e)
|
||||||
|
Signed-off-by: Jiří Klimeš <jklimes@redhat.com>
|
||||||
|
---
|
||||||
|
libnm-util/nm-setting-ip4-config.c | 10 ---------
|
||||||
|
libnm-util/nm-setting-ip6-config.c | 44 ++++++++++++++++++++++++++++++++++++++
|
||||||
|
2 files changed, 44 insertions(+), 10 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/libnm-util/nm-setting-ip4-config.c b/libnm-util/nm-setting-ip4-config.c
|
||||||
|
index 26ce4e5..c967f62 100644
|
||||||
|
--- a/libnm-util/nm-setting-ip4-config.c
|
||||||
|
+++ b/libnm-util/nm-setting-ip4-config.c
|
||||||
|
@@ -1018,16 +1018,6 @@ verify (NMSetting *setting, GSList *all_settings, GError **error)
|
||||||
|
NMIP4Route *route = (NMIP4Route *) iter->data;
|
||||||
|
guint32 prefix = nm_ip4_route_get_prefix (route);
|
||||||
|
|
||||||
|
- if (!nm_ip4_route_get_dest (route)) {
|
||||||
|
- g_set_error (error,
|
||||||
|
- NM_SETTING_IP4_CONFIG_ERROR,
|
||||||
|
- NM_SETTING_IP4_CONFIG_ERROR_INVALID_PROPERTY,
|
||||||
|
- _("%d. route is invalid"),
|
||||||
|
- i+1);
|
||||||
|
- g_prefix_error (error, "%s.%s: ", NM_SETTING_IP4_CONFIG_SETTING_NAME, NM_SETTING_IP4_CONFIG_ROUTES);
|
||||||
|
- return FALSE;
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
if (!prefix || prefix > 32) {
|
||||||
|
g_set_error (error,
|
||||||
|
NM_SETTING_IP4_CONFIG_ERROR,
|
||||||
|
diff --git a/libnm-util/nm-setting-ip6-config.c b/libnm-util/nm-setting-ip6-config.c
|
||||||
|
index 78be723..fb35932 100644
|
||||||
|
--- a/libnm-util/nm-setting-ip6-config.c
|
||||||
|
+++ b/libnm-util/nm-setting-ip6-config.c
|
||||||
|
@@ -804,6 +804,8 @@ static gboolean
|
||||||
|
verify (NMSetting *setting, GSList *all_settings, GError **error)
|
||||||
|
{
|
||||||
|
NMSettingIP6ConfigPrivate *priv = NM_SETTING_IP6_CONFIG_GET_PRIVATE (setting);
|
||||||
|
+ GSList *iter;
|
||||||
|
+ int i;
|
||||||
|
|
||||||
|
if (!priv->method) {
|
||||||
|
g_set_error_literal (error,
|
||||||
|
@@ -878,6 +880,48 @@ verify (NMSetting *setting, GSList *all_settings, GError **error)
|
||||||
|
return FALSE;
|
||||||
|
}
|
||||||
|
|
||||||
|
+ /* Validate addresses */
|
||||||
|
+ for (iter = priv->addresses, i = 0; iter; iter = g_slist_next (iter), i++) {
|
||||||
|
+ NMIP6Address *addr = (NMIP6Address *) iter->data;
|
||||||
|
+ guint32 prefix = nm_ip6_address_get_prefix (addr);
|
||||||
|
+
|
||||||
|
+ if (IN6_IS_ADDR_UNSPECIFIED (nm_ip6_address_get_address (addr))) {
|
||||||
|
+ g_set_error (error,
|
||||||
|
+ NM_SETTING_IP6_CONFIG_ERROR,
|
||||||
|
+ NM_SETTING_IP6_CONFIG_ERROR_INVALID_PROPERTY,
|
||||||
|
+ _("%d. IPv6 address is invalid"),
|
||||||
|
+ i+1);
|
||||||
|
+ g_prefix_error (error, "%s.%s: ", NM_SETTING_IP6_CONFIG_SETTING_NAME, NM_SETTING_IP6_CONFIG_ADDRESSES);
|
||||||
|
+ return FALSE;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (!prefix || prefix > 128) {
|
||||||
|
+ g_set_error (error,
|
||||||
|
+ NM_SETTING_IP6_CONFIG_ERROR,
|
||||||
|
+ NM_SETTING_IP6_CONFIG_ERROR_INVALID_PROPERTY,
|
||||||
|
+ _("%d. IPv6 address has invalid prefix"),
|
||||||
|
+ i+1);
|
||||||
|
+ g_prefix_error (error, "%s.%s: ", NM_SETTING_IP6_CONFIG_SETTING_NAME, NM_SETTING_IP6_CONFIG_ADDRESSES);
|
||||||
|
+ return FALSE;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ /* Validate routes */
|
||||||
|
+ for (iter = priv->routes, i = 0; iter; iter = g_slist_next (iter), i++) {
|
||||||
|
+ NMIP6Route *route = (NMIP6Route *) iter->data;
|
||||||
|
+ guint32 prefix = nm_ip6_route_get_prefix (route);
|
||||||
|
+
|
||||||
|
+ if (!prefix || prefix > 128) {
|
||||||
|
+ g_set_error (error,
|
||||||
|
+ NM_SETTING_IP6_CONFIG_ERROR,
|
||||||
|
+ NM_SETTING_IP6_CONFIG_ERROR_INVALID_PROPERTY,
|
||||||
|
+ _("%d. route has invalid prefix"),
|
||||||
|
+ i+1);
|
||||||
|
+ g_prefix_error (error, "%s.%s: ", NM_SETTING_IP6_CONFIG_SETTING_NAME, NM_SETTING_IP6_CONFIG_ROUTES);
|
||||||
|
+ return FALSE;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
return TRUE;
|
||||||
|
}
|
||||||
|
|
||||||
|
--
|
||||||
|
2.1.0
|
||||||
|
|
2
sources
2
sources
@ -1 +1 @@
|
|||||||
SHA512 (NetworkManager-1.43.6.tar.xz) = e1d898d3e6154018defcf189bc017a962ed93b9f5d7bafd90642cd70f9bbd4885874b24f716d524e52cf9e44c7ba338e3c416e78bd7b6ec6eaa1cb5066244504
|
96a5fb710b1f56e0c1c11fc43ddcf24b NetworkManager-0.9.10.2.tar.xz
|
||||||
|
@ -1,13 +0,0 @@
|
|||||||
# Tests for NetworkManager
|
|
||||||
- hosts: localhost
|
|
||||||
roles:
|
|
||||||
- role: standard-test-basic
|
|
||||||
tags:
|
|
||||||
- classic
|
|
||||||
repositories:
|
|
||||||
- repo: "https://github.com/NetworkManager/NetworkManager-ci"
|
|
||||||
dest: "NetworkManager-ci"
|
|
||||||
tests:
|
|
||||||
- sanity-tests:
|
|
||||||
dir: NetworkManager-ci
|
|
||||||
run: run/osci/run-tests fedora28
|
|
Loading…
Reference in New Issue
Block a user