dhcp: fix out-of-bounds heap write for DHCPv6 with internal plugin (CVE-2018-15688)

Test sets are defined in run/osci/distro.tests file instead a yaml.

.gitignore

@@ -340,94 +340,5 @@ network-manager-applet-0.8.1.tar.bz2
 /NetworkManager-1.8.0.tar.xz
 /NetworkManager-1.8.2.tar.xz
 /NetworkManager-1.8.4.tar.xz
-/NetworkManager-1.10.2.tar.xz
-/NetworkManager-1.10.4.tar.xz
-/NetworkManager-1.10.6.tar.xz
-/NetworkManager-1.10.8.tar.xz
-/NetworkManager-1.11.4.tar.xz
-/NetworkManager-1.11.90.tar.xz
-/NetworkManager-1.12.0.tar.xz
-/NetworkManager-1.12.2.tar.xz
-/NetworkManager-1.14.0.tar.xz
-/NetworkManager-1.14.2.tar.xz
-/NetworkManager-1.14.4.tar.xz
-/NetworkManager-1.15.90.tar.xz
-/NetworkManager-1.15.91.tar.xz
-/NetworkManager-1.16.0.tar.xz
-/NetworkManager-1.18.0.tar.xz
-/NetworkManager-1.19.2.tar.xz
-/NetworkManager-1.19.3.tar.xz
-/NetworkManager-1.19.5.tar.xz
-/NetworkManager-1.19.90.tar.xz
-/NetworkManager-1.20.0.tar.xz
-/NetworkManager-1.20.2.tar.xz
-/NetworkManager-1.20.4.tar.xz
-/NetworkManager-1.21.3.tar.xz
-/NetworkManager-1.21.90.tar.xz
-/NetworkManager-1.22.0.tar.xz
-/NetworkManager-1.22.2.tar.xz
-/NetworkManager-1.22.4.tar.xz
-/NetworkManager-1.22.6.tar.xz
-/NetworkManager-1.22.8.tar.xz
-/NetworkManager-1.22.10.tar.xz
-/NetworkManager-1.23.90.tar.xz
-/NetworkManager-1.23.91.tar.xz
-/NetworkManager-1.24.0.tar.xz
-/NetworkManager-1.24.2.tar.xz
-/NetworkManager-1.25.90.tar.xz
-/NetworkManager-1.26.0.tar.xz
-/NetworkManager-1.26.2.tar.xz
-/NetworkManager-1.27.90.tar.xz
-/NetworkManager-1.27.91.tar.xz
-/NetworkManager-1.28.0.tar.xz
-/NetworkManager-1.29.8.tar.xz
-/NetworkManager-1.29.9.tar.xz
-/NetworkManager-1.29.11.tar.xz
-/NetworkManager-1.29.90.tar.xz
-/NetworkManager-1.30.0.tar.xz
-/NetworkManager-1.30.2.tar.xz
-/NetworkManager-1.31.2.tar.xz
-/NetworkManager-1.31.3.tar.xz
-/NetworkManager-1.31.4.tar.xz
-/NetworkManager-1.31.90.tar.xz
-/NetworkManager-1.32.0.tar.xz
-/NetworkManager-1.32.4.tar.xz
-/NetworkManager-1.32.6.tar.xz
-/NetworkManager-1.32.8.tar.xz
-/NetworkManager-1.32.10.tar.xz
-/NetworkManager-1.32.12.tar.xz
-/NetworkManager-1.35.1.tar.xz
-/NetworkManager-1.35.2.tar.xz
-/NetworkManager-1.35.3.tar.xz
-/NetworkManager-1.35.4.tar.xz
-/NetworkManager-1.35.6.tar.xz
-/NetworkManager-1.35.7.tar.xz
-/NetworkManager-1.35.90.tar.xz
-/NetworkManager-1.35.91.tar.xz
-/NetworkManager-1.35.92.tar.xz
-/NetworkManager-1.36.0.tar.xz
-/NetworkManager-1.36.2.tar.xz
-/NetworkManager-1.36.4.tar.xz
-/NetworkManager-1.37.3.tar.xz
-/NetworkManager-1.37.90.tar.xz
-/NetworkManager-1.37.91.tar.xz
-/NetworkManager-1.37.92.tar.xz
-/NetworkManager-1.38.0.tar.xz
-/NetworkManager-1.39.8.tar.xz
-/NetworkManager-1.39.10.tar.xz
-/NetworkManager-1.39.11.tar.xz
-/NetworkManager-1.39.90.tar.xz
-/NetworkManager-1.40.0.tar.xz
-/NetworkManager-1.41.3.tar.xz
-/NetworkManager-1.41.4.tar.xz
-/NetworkManager-1.41.5.tar.xz
-/NetworkManager-1.41.6.tar.xz
-/NetworkManager-1.41.7.tar.xz
-/NetworkManager-1.41.8.tar.xz
-/NetworkManager-1.41.90.tar.xz
-/NetworkManager-1.41.91.tar.xz
-/NetworkManager-1.42.0.tar.xz
-/NetworkManager-1.43.3.tar.xz
-/NetworkManager-1.43.4.tar.xz
-/NetworkManager-1.43.5.tar.xz
-/NetworkManager-1.43.6.tar.xz
+/NetworkManager-1.8.6.tar.xz
+/NetworkManager-1.8.8.tar.xz

0001-dhcp-CVE-2018-15688.patch

@@ -0,0 +1,327 @@
+From aff13dd42efe390d72ad7a9605b06e44fefddfeb Mon Sep 17 00:00:00 2001
+From: Thomas Haller <thaller@redhat.com>
+Date: Mon, 10 Sep 2018 15:22:28 +0200
+Subject: [PATCH 1/6] systemd/dhcp: fix assertion starting DHCP client without
+ MAC address
+
+An assertion in dhcp_network_bind_raw_socket() is triggered when
+starting an sd_dhcp_client without setting setting a MAC address
+first.
+
+  - sd_dhcp_client_start()
+    - client_start()
+      - client_start_delayed()
+        - dhcp_network_bind_raw_socket()
+
+In that case, the arp-type and MAC address is still unset. Note that
+dhcp_network_bind_raw_socket() already checks for a valid arp-type
+and MAC address below, so we should just gracefully return -EINVAL.
+
+Maybe sd_dhcp_client_start() should fail earlier when starting without
+MAC address. But the failure here will be correctly propagated and
+the start aborted.
+
+See-also: https://github.com/systemd/systemd/pull/10054
+(cherry picked from commit 34af574d5810ab2b0d6d354cbc28135cde4a55b1)
+(cherry picked from commit 0a797bdc2a592385a21e7ed918c08ef54a346d99)
+(cherry picked from commit f37ed84ca495ee212b1e82b9c5a5682c4acfebcd)
+(cherry picked from commit 1031b2bb5c97bd48ff93f85537b3f5ce0f6f64bf)
+(cherry picked from commit 4ca49f52fae5c7841f873bc0a01d654dc19c2152)
+---
+ src/systemd/src/libsystemd-network/dhcp-network.c | 2 --
+ 1 file changed, 2 deletions(-)
+
+diff --git a/src/systemd/src/libsystemd-network/dhcp-network.c b/src/systemd/src/libsystemd-network/dhcp-network.c
+index 7ad0ec375..f0b1b0a22 100644
+--- a/src/systemd/src/libsystemd-network/dhcp-network.c
++++ b/src/systemd/src/libsystemd-network/dhcp-network.c
+@@ -142,8 +142,6 @@ int dhcp_network_bind_raw_socket(int ifindex, union sockaddr_union *link,
+         const uint8_t *bcast_addr = NULL;
+         uint8_t dhcp_hlen = 0;
+ 
+-        assert_return(mac_addr_len > 0, -EINVAL);
+-
+         if (arp_type == ARPHRD_ETHER) {
+                 assert_return(mac_addr_len == ETH_ALEN, -EINVAL);
+                 memcpy(&eth_mac, mac_addr, ETH_ALEN);
+-- 
+2.17.1
+
+
+From 141c3fe8f083449e2a9d223a4f8995ad89ca0501 Mon Sep 17 00:00:00 2001
+From: Evgeny Vereshchagin <evvers@ya.ru>
+Date: Sat, 29 Sep 2018 03:06:10 +0000
+Subject: [PATCH 2/6] dhcp6: fix an off-by-one error in
+ dhcp6_option_parse_domainname
+
+==14==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60200055fa9c at pc 0x0000005458f1 bp 0x7ffc78940d90 sp 0x7ffc78940d88
+READ of size 1 at 0x60200055fa9c thread T0
+    #0 0x5458f0 in dhcp6_option_parse_domainname /work/build/../../src/systemd/src/libsystemd-network/dhcp6-option.c:555:29
+    #1 0x54706e in dhcp6_lease_set_domains /work/build/../../src/systemd/src/libsystemd-network/sd-dhcp6-lease.c:242:13
+    #2 0x53fce0 in client_parse_message /work/build/../../src/systemd/src/libsystemd-network/sd-dhcp6-client.c:984:29
+    #3 0x53f3bc in client_receive_advertise /work/build/../../src/systemd/src/libsystemd-network/sd-dhcp6-client.c:1083:13
+    #4 0x53d57f in client_receive_message /work/build/../../src/systemd/src/libsystemd-network/sd-dhcp6-client.c:1182:21
+    #5 0x7f0f7159deee in source_dispatch /work/build/../../src/systemd/src/libsystemd/sd-event/sd-event.c:3042:21
+    #6 0x7f0f7159d431 in sd_event_dispatch /work/build/../../src/systemd/src/libsystemd/sd-event/sd-event.c:3455:21
+    #7 0x7f0f7159ea8d in sd_event_run /work/build/../../src/systemd/src/libsystemd/sd-event/sd-event.c:3512:21
+    #8 0x531f2b in fuzz_client /work/build/../../src/systemd/src/fuzz/fuzz-dhcp6-client.c:44:9
+    #9 0x531bc1 in LLVMFuzzerTestOneInput /work/build/../../src/systemd/src/fuzz/fuzz-dhcp6-client.c:53:9
+    #10 0x57bec8 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:570:15
+    #11 0x579d67 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) /src/libfuzzer/FuzzerLoop.cpp:479:3
+    #12 0x57dc92 in fuzzer::Fuzzer::MutateAndTestOne() /src/libfuzzer/FuzzerLoop.cpp:707:19
+    #13 0x580ca6 in fuzzer::Fuzzer::Loop(std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, fuzzer::fuzzer_allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > > const&) /src/libfuzzer/FuzzerLoop.cpp:838:5
+    #14 0x55e968 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:764:6
+    #15 0x551a1c in main /src/libfuzzer/FuzzerMain.cpp:20:10
+    #16 0x7f0f701a082f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
+    #17 0x41e928 in _start (/out/fuzz-dhcp6-client+0x41e928)
+
+https://github.com/systemd/systemd/pull/10200
+https://github.com/systemd/systemd/commit/b387d3c1327a3ad2a2509bd3d3491e674392ff21
+(cherry picked from commit 7cb7cffc4962245a32e87017bcf264005c043250)
+(cherry picked from commit cd3aacefdd0b91741b7b2e7b5ee5baab210addd9)
+(cherry picked from commit 5b140a77bc7b01dc002dbf28a7a2507a27a63d7c)
+(cherry picked from commit 0f25f47767794fb179edb9916566a208fbcfcb8f)
+(cherry picked from commit c13e43979e10e636e3787bf85a4d56fa5187e70d)
+---
+ src/systemd/src/libsystemd-network/dhcp6-option.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/systemd/src/libsystemd-network/dhcp6-option.c b/src/systemd/src/libsystemd-network/dhcp6-option.c
+index 3a77e34d5..d8812c36f 100644
+--- a/src/systemd/src/libsystemd-network/dhcp6-option.c
++++ b/src/systemd/src/libsystemd-network/dhcp6-option.c
+@@ -366,7 +366,7 @@ int dhcp6_option_parse_domainname(const uint8_t *optval, uint16_t optlen, char *
+                                 /* Literal label */
+                                 label = (const char *)&optval[pos];
+                                 pos += c;
+-                                if (pos > optlen)
++                                if (pos >= optlen)
+                                         return -EMSGSIZE;
+ 
+                                 if (!GREEDY_REALLOC(ret, allocated, n + !first + DNS_LABEL_ESCAPED_MAX)) {
+-- 
+2.17.1
+
+
+From c854e0c2eea17c9d2f49d0c416a25b35186de577 Mon Sep 17 00:00:00 2001
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Thu, 27 Sep 2018 18:04:59 +0900
+Subject: [PATCH 3/6] sd-dhcp-lease: fix memleaks
+
+(cherry picked from commit e2975f854831d08a25b4f5eb329b6d04102e115f)
+(cherry picked from commit 157094abd83f933fad142758a7d177cfa1a347f7)
+(cherry picked from commit 3fd9d11619a5e60d375076fbe13851dd1d3a4a63)
+(cherry picked from commit 4439f07841bdddc6878132a993c229df032e8e85)
+(cherry picked from commit cbd0609cc482168912c747bad883ba6d434c2a11)
+---
+ src/systemd/src/libsystemd-network/sd-dhcp-lease.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/systemd/src/libsystemd-network/sd-dhcp-lease.c b/src/systemd/src/libsystemd-network/sd-dhcp-lease.c
+index 5a3bff2f7..d92441fc5 100644
+--- a/src/systemd/src/libsystemd-network/sd-dhcp-lease.c
++++ b/src/systemd/src/libsystemd-network/sd-dhcp-lease.c
+@@ -277,6 +277,8 @@ sd_dhcp_lease *sd_dhcp_lease_unref(sd_dhcp_lease *lease) {
+                 free(option);
+         }
+ 
++        free(lease->root_path);
++        free(lease->timezone);
+         free(lease->hostname);
+         free(lease->domainname);
+         free(lease->dns);
+-- 
+2.17.1
+
+
+From 4f6f76aa79bb63c6fea356d702e80754e8291728 Mon Sep 17 00:00:00 2001
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Fri, 19 Oct 2018 03:42:10 +0900
+Subject: [PATCH 4/6] sd-dhcp6: make dhcp6_option_parse_domainname() not store
+ empty domain
+
+This improves performance of fuzzer.
+C.f. oss-fuzz#11019.
+
+(cherry picked from commit 3c72b6ed4252e7ff5f7704bfe44557ec197b47fa)
+(cherry picked from commit 50403cccee28c7dcd54b138a0d3b3f69ea0204fe)
+(cherry picked from commit f11f5abb1a8b96b553d2d156f8b5cf440695c04d)
+(cherry picked from commit c836279fca80fb22ca7ef02acaa5b987fee61123)
+(cherry picked from commit 4ca0e57c46cf6861ec6f6b6c8e0d430edb3fa5b1)
+(cherry picked from commit 32e71d5bc09494736866fd78606994f8bf93b31d)
+---
+ .../src/libsystemd-network/dhcp6-option.c     | 66 ++++++++-----------
+ 1 file changed, 29 insertions(+), 37 deletions(-)
+
+diff --git a/src/systemd/src/libsystemd-network/dhcp6-option.c b/src/systemd/src/libsystemd-network/dhcp6-option.c
+index d8812c36f..d49624437 100644
+--- a/src/systemd/src/libsystemd-network/dhcp6-option.c
++++ b/src/systemd/src/libsystemd-network/dhcp6-option.c
+@@ -353,6 +353,7 @@ int dhcp6_option_parse_domainname(const uint8_t *optval, uint16_t optlen, char *
+                 bool first = true;
+ 
+                 for (;;) {
++                        const char *label;
+                         uint8_t c;
+ 
+                         c = optval[pos++];
+@@ -360,47 +361,41 @@ int dhcp6_option_parse_domainname(const uint8_t *optval, uint16_t optlen, char *
+                         if (c == 0)
+                                 /* End of name */
+                                 break;
+-                        else if (c <= 63) {
+-                                const char *label;
+-
+-                                /* Literal label */
+-                                label = (const char *)&optval[pos];
+-                                pos += c;
+-                                if (pos >= optlen)
+-                                        return -EMSGSIZE;
+-
+-                                if (!GREEDY_REALLOC(ret, allocated, n + !first + DNS_LABEL_ESCAPED_MAX)) {
+-                                        r = -ENOMEM;
+-                                        goto fail;
+-                                }
+-
+-                                if (first)
+-                                        first = false;
+-                                else
+-                                        ret[n++] = '.';
+-
+-                                r = dns_label_escape(label, c, ret + n, DNS_LABEL_ESCAPED_MAX);
+-                                if (r < 0)
+-                                        goto fail;
+-
+-                                n += r;
+-                                continue;
+-                        } else {
+-                                r = -EBADMSG;
+-                                goto fail;
+-                        }
+-                }
++                        if (c > 63)
++                                return -EBADMSG;
++
++                        /* Literal label */
++                        label = (const char *)&optval[pos];
++                        pos += c;
++                        if (pos >= optlen)
++                                return -EMSGSIZE;
++
++                        if (!GREEDY_REALLOC(ret, allocated, n + !first + DNS_LABEL_ESCAPED_MAX))
++                                return -ENOMEM;
++
++                        if (first)
++                                first = false;
++                        else
++                                ret[n++] = '.';
+ 
+-                if (!GREEDY_REALLOC(ret, allocated, n + 1)) {
+-                        r = -ENOMEM;
+-                        goto fail;
++                        r = dns_label_escape(label, c, ret + n, DNS_LABEL_ESCAPED_MAX);
++                        if (r < 0)
++                                return r;
++
++                        n += r;
+                 }
+ 
++                if (n == 0)
++                        continue;
++
++                if (!GREEDY_REALLOC(ret, allocated, n + 1))
++                        return -ENOMEM;
++
+                 ret[n] = 0;
+ 
+                 r = strv_extend(&names, ret);
+                 if (r < 0)
+-                        goto fail;
++                        return r;
+ 
+                 idx++;
+         }
+@@ -409,7 +404,4 @@ int dhcp6_option_parse_domainname(const uint8_t *optval, uint16_t optlen, char *
+         names = NULL;
+ 
+         return idx;
+-
+-fail:
+-        return r;
+ }
+-- 
+2.17.1
+
+
+From 017d77c8c6c88fd4cfa1a2f8a2ac03b9a491f314 Mon Sep 17 00:00:00 2001
+From: Li Song <song.li@honeywell.com>
+Date: Fri, 19 Oct 2018 13:41:51 -0400
+Subject: [PATCH 5/6] sd-dhcp: remove unreachable route after rebinding return
+ NAK
+
+(cherry picked from commit cc3981b1272b9ce37e7d734a7b2f42e84acac535)
+(cherry picked from commit 915c2f675a23b2ae16d292d1ac570706f76b384d)
+(cherry picked from commit cb77290a696dce924e2a993690634986ac035490)
+(cherry picked from commit f211b140a5861ddedc2424946e3ab07d3b642b5f)
+(cherry picked from commit 1cfefbb99ff3c2ab7a0f54829c6f3f787d9e6d77)
+(cherry picked from commit f3f5441820d0ecd0ff6861480ace696a6bf34fbd)
+---
+ src/systemd/src/libsystemd-network/sd-dhcp-client.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/systemd/src/libsystemd-network/sd-dhcp-client.c b/src/systemd/src/libsystemd-network/sd-dhcp-client.c
+index 17393e206..c9623a448 100644
+--- a/src/systemd/src/libsystemd-network/sd-dhcp-client.c
++++ b/src/systemd/src/libsystemd-network/sd-dhcp-client.c
+@@ -1580,6 +1580,8 @@ static int client_handle_message(sd_dhcp_client *client, DHCPMessage *message, i
+                         client->timeout_resend =
+                                 sd_event_source_unref(client->timeout_resend);
+ 
++                        client_notify(client, SD_DHCP_CLIENT_EVENT_EXPIRED);
++
+                         r = client_initialize(client);
+                         if (r < 0)
+                                 goto error;
+-- 
+2.17.1
+
+
+From 35b634d535c8f151bcb6add9630305121349802c Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Fri, 19 Oct 2018 12:12:33 +0200
+Subject: [PATCH 6/6] dhcp6: make sure we have enough space for the DHCP6
+ option header
+
+Fixes a vulnerability originally discovered by Felix Wilhelm from
+Google.
+
+CVE-2018-15688
+LP: #1795921
+https://bugzilla.redhat.com/show_bug.cgi?id=1639067
+
+(cherry picked from commit 4dac5eaba4e419b29c97da38a8b1f82336c2c892)
+(cherry picked from commit 01ca2053bbea09f35b958c8cc7631e15469acb79)
+(cherry picked from commit fc230dca139142f409d7bac99dbfabe9b004e2fb)
+(cherry picked from commit cc1e5a7f5731f223d1eb8473fa0eecbedfc0ae5f)
+(cherry picked from commit c3221cb0c5b4a2936c198e33b6f7853141991277)
+(cherry picked from commit f4f765534191ed3c5d8e78b97333f3fd978a2b63)
+---
+ src/systemd/src/libsystemd-network/dhcp6-option.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/systemd/src/libsystemd-network/dhcp6-option.c b/src/systemd/src/libsystemd-network/dhcp6-option.c
+index d49624437..7615cb80e 100644
+--- a/src/systemd/src/libsystemd-network/dhcp6-option.c
++++ b/src/systemd/src/libsystemd-network/dhcp6-option.c
+@@ -103,7 +103,7 @@ int dhcp6_option_append_ia(uint8_t **buf, size_t *buflen, DHCP6IA *ia) {
+                 return -EINVAL;
+         }
+ 
+-        if (*buflen < len)
++        if (*buflen < offsetof(DHCP6Option, data) + len)
+                 return -ENOBUFS;
+ 
+         ia_hdr = *buf;
+-- 
+2.17.1
+

20-connectivity-fedora.conf

@@ -1,10 +1,4 @@
-# Enable connectivity checking for NetworkManager.
-# See `man NetworkManager.conf`.
-#
-# Note that connectivity checking works badly with rp_filter set to
-# strict. Check "/proc/sys/net/ipv4/conf/*/rp_filter".
 [connectivity]
-enabled=true
 uri=http://fedoraproject.org/static/hotspot.txt
 response=OK
 interval=300

20-connectivity-redhat.conf

@@ -1,10 +0,0 @@
-# Enable connectivity checking for NetworkManager.
-# See `man NetworkManager.conf`.
-#
-# Note that connectivity checking works badly with rp_filter set to
-# strict. Check "/proc/sys/net/ipv4/conf/*/rp_filter".
-[connectivity]
-enabled=true
-uri=http://static.redhat.com/test/rhel-networkmanager.txt
-response=OK
-interval=300

70-nm-connectivity.conf

@@ -1,15 +0,0 @@
-# The Strict mode of RFC3704 Reverse Path filtering breaks some pretty
-# common and reasonable use cases.
-#
-# Notably, it makes it impossible for NetworkManager to do connectivity
-# check on a newly arriving default route (it starts with a higher metric
-# and is bumped lower if there's connectivity).
-#
-# Kernel's default is 0 (no filter), systemd configures a Loose filter since
-# commit 230450d4e4f1 ('sysctl.d: switch net.ipv4.conf.all.rp_filter from 1
-# to 2'). However, RHEL systemd package happens to default to Strict mode
-# for historic reasons. Let's override it if we're doing connectivity
-# checking.
-
-# Source route verification
-net.ipv4.conf.all.rp_filter = 0

NetworkManager.conf

@@ -2,25 +2,27 @@
 #
 # See "man 5 NetworkManager.conf" for details.
 #
-# The directories /usr/lib/NetworkManager/conf.d/ and /run/NetworkManager/conf.d/
-# can contain additional .conf snippets installed by packages. These files are
+# The directories /usr/lib/NetworkManager/conf.d/ and /var/run/NetworkManager/conf.d/
+# can contain additional configuration snippets installed by packages. These files are
 # read before NetworkManager.conf and have thus lowest priority.
-# The directory /etc/NetworkManager/conf.d/ can contain additional .conf
+# The directory /etc/NetworkManager/conf.d/ can contain additional configuration
 # snippets. Those snippets are merged last and overwrite the settings from this main
 # file.
 #
 # The files within one conf.d/ directory are read in asciibetical order.
 #
-# You can prevent loading a file /usr/lib/NetworkManager/conf.d/NAME.conf
-# by having a file NAME.conf in either /run/NetworkManager/conf.d/ or /etc/NetworkManager/conf.d/.
-# Likewise, snippets from /run can be prevented from loading by placing
-# a file with the same name in /etc/NetworkManager/conf.d/.
+# If /etc/NetworkManager/conf.d/ contains a file with the same name as
+# /usr/lib/NetworkManager/conf.d/, the latter file is shadowed and thus ignored.
+# Hence, to disable loading a file from /usr/lib/NetworkManager/conf.d/ you can
+# put an empty file to /etc with the same name. The same applies with respect
+# to the directory /var/run/NetworkManager/conf.d where files in /var/run shadow
+# /usr/lib and are themselves shadowed by files under /etc.
 #
 # If two files define the same key, the one that is read afterwards will overwrite
 # the previous one.
 
 [main]
-#plugins=keyfile,ifcfg-rh
+#plugins=ifcfg-rh,ibft
 
 
 [logging]
@@ -28,7 +30,8 @@
 #
 # Logfiles contain no passwords and little sensitive information. But please
 # check before posting the file online. You can also personally hand over the
-# logfile to a NM developer to treat it confidential. Meet us on #nm on Libera.Chat.
+# logfile to a NM developer to treat it confidential. Meet us on #nm on freenode.
+# Please post full logfiles except minimal modifications of private data.
 #
 # You can also change the log-level at runtime via
 #   $ nmcli general logging level TRACE domains ALL
@@ -39,14 +42,9 @@
 # You will find the logfiles in syslog, for example via
 #   $ journalctl -u NetworkManager
 #
-# Please post full logfiles for bug reports without pre-filtering or truncation.
-# Also, for debugging the entire `journalctl` output can be interesting. Don't
-# limit unnecessarily with `journalctl -u`. Exceptions are if you are worried
-# about private data. Check before posting logfiles!
-#
 # Note that debug logging of NetworkManager can be quite verbose. Some messages
 # might be rate-limited by the logging daemon (see RateLimitIntervalSec, RateLimitBurst
-# in man journald.conf). Please disable rate-limiting before collecting debug logs!
+# in man journald.conf).
 #
 #level=TRACE
 #domains=ALL

readme-ifcfg-rh.txt

@@ -1,31 +0,0 @@
-NetworkManager stores new network profiles in keyfile format in the
-/etc/NetworkManager/system-connections/ directory.
-
-Previously, NetworkManager stored network profiles in ifcfg format
-in this directory (/etc/sysconfig/network-scripts/). However, the ifcfg
-format is deprecated. By default, NetworkManager no longer creates
-new profiles in this format.
-
-Connection profiles in keyfile format have many benefits. For example,
-this format is INI file-based and can easily be parsed and generated.
-
-Each section in NetworkManager keyfiles corresponds to a NetworkManager
-setting name as described in the nm-settings(5) and nm-settings-keyfile(5)
-man pages. Each key-value-pair in a section is one of the properties
-listed in the settings specification of the man page.
-
-If you still use network profiles in ifcfg format, consider migrating
-them to keyfile format. To migrate all profiles at once, enter:
-
-# nmcli connection migrate
-
-This command migrates all profiles from ifcfg format to keyfile
-format and stores them in /etc/NetworkManager/system-connections/.
-
-Alternatively, to migrate only a specific profile, enter:
-
-# nmcli connection migrate <profile_name|UUID|D-Bus_path>
-
-For further details, see:
-* nm-settings-keyfile(5)
-* nmcli(1)

sources

@@ -1 +1 @@
-SHA512 (NetworkManager-1.43.6.tar.xz) = e1d898d3e6154018defcf189bc017a962ed93b9f5d7bafd90642cd70f9bbd4885874b24f716d524e52cf9e44c7ba338e3c416e78bd7b6ec6eaa1cb5066244504
+SHA512 (NetworkManager-1.8.8.tar.xz) = 7468313ea251cfaa157e6bd359537b3a4846436ceca2ce121acfbf322db80d19a83b036c28115162936b246db6a0f8d0f752dc143bbf62180ee53e2e16fc8271

tests/tests.yml

@@ -10,4 +10,4 @@
     tests:
     - sanity-tests:
         dir: NetworkManager-ci
-        run: run/osci/run-tests fedora28
+        run: run/osci/run-tests fedora27