diff --git a/0002-libnm-secrets-without-flags-rh1332491.patch b/0002-libnm-secrets-without-flags-rh1332491.patch new file mode 100644 index 0000000..36914ca --- /dev/null +++ b/0002-libnm-secrets-without-flags-rh1332491.patch @@ -0,0 +1,91 @@ +From ece6252756c2d8e64efaadaaa5c2a2d2626770fe Mon Sep 17 00:00:00 2001 +From: Lubomir Rintel +Date: Tue, 19 Jul 2016 14:41:40 +0200 +Subject: [PATCH 1/1] setting-vpn: whatever is in vpn.secrets always is a + secrets + +Even when there's no -flags key for it in vpn-data. + +This is essentially to fix regression in the way openconnect uses the VPN +secrets: + +Openconnect auth helper is essentially a web browser that fills in an arbitrary +HTML (or XML) form that's used to get the session cookie. The actual secret the +service needs is the cookie itself. + +However, what needs to be remembered includes the form data. What data can be +in the form is installation dependent and can not be known in advance. Thus the +flags for it can't be currently set in the connection. The auth helper is not +capable of setting the flags either, because it can only return secrets. + +Prior to 1424f249e we treated vpn.secrets without the flags as system secrets +and store them in the connection. Since that commit we just filter them away, +which broke user configurations. + +This restores the behavior or treating everyting in vpn.secrets as secrets and +falling back to system secrets. + +Another way would be to find a way to flag the secrets, perhaps by +extending the auth helper protocol to be able to store non-secret +properties too. + +https://bugzilla.gnome.org/show_bug.cgi?id=768737 +https://bugzilla.redhat.com/show_bug.cgi?id=1332491 + +(cherry picked from commit 9b96bfaa722f3cccf0df3a3bca6e8f227643f94f) +(cherry picked from commit bb45adeda0bf427ada23b09daf970b0757e82d60) +--- + libnm-core/nm-setting-vpn.c | 20 ++++++-------------- + 1 file changed, 6 insertions(+), 14 deletions(-) + +diff --git a/libnm-core/nm-setting-vpn.c b/libnm-core/nm-setting-vpn.c +index c9a1e20..aa4ddc3 100644 +--- a/libnm-core/nm-setting-vpn.c ++++ b/libnm-core/nm-setting-vpn.c +@@ -566,8 +566,7 @@ get_secret_flags (NMSetting *setting, + GError **error) + { + NMSettingVpnPrivate *priv = NM_SETTING_VPN_GET_PRIVATE (setting); +- gboolean success = FALSE; +- char *flags_key; ++ gs_free char *flags_key = NULL; + gpointer val; + unsigned long tmp; + NMSettingSecretFlags flags = NM_SETTING_SECRET_FLAG_NONE; +@@ -576,28 +575,21 @@ get_secret_flags (NMSetting *setting, + if (g_hash_table_lookup_extended (priv->data, flags_key, NULL, &val)) { + errno = 0; + tmp = strtoul ((const char *) val, NULL, 10); +- if ((errno == 0) && (tmp <= NM_SETTING_SECRET_FLAGS_ALL)) { +- flags = (NMSettingSecretFlags) tmp; +- success = TRUE; +- } else { ++ if ((errno != 0) || (tmp > NM_SETTING_SECRET_FLAGS_ALL)) { + g_set_error (error, + NM_CONNECTION_ERROR, + NM_CONNECTION_ERROR_INVALID_PROPERTY, + _("failed to convert value '%s' to uint"), + (const char *) val); + g_prefix_error (error, "%s.%s: ", NM_SETTING_VPN_SETTING_NAME, flags_key); ++ return FALSE; + } +- } else { +- g_set_error_literal (error, +- NM_CONNECTION_ERROR, +- NM_CONNECTION_ERROR_MISSING_PROPERTY, +- _("secret flags property not found")); +- g_prefix_error (error, "%s.%s: ", NM_SETTING_VPN_SETTING_NAME, flags_key); ++ flags = (NMSettingSecretFlags) tmp; + } +- g_free (flags_key); ++ + if (out_flags) + *out_flags = flags; +- return success; ++ return TRUE; + } + + static gboolean +-- +2.7.4 + diff --git a/NetworkManager.spec b/NetworkManager.spec index 428ee90..9e5b9dc 100644 --- a/NetworkManager.spec +++ b/NetworkManager.spec @@ -11,7 +11,7 @@ %global git_sha %{nil} %global rpm_version 1.2.4 %global real_version 1.2.4 -%global release_version 2 +%global release_version 3 %global epoch_version 1 %global obsoletes_nmver 1:0.9.9.95-1 @@ -98,6 +98,7 @@ Source2: 00-server.conf Source3: 20-connectivity-fedora.conf Patch1: 0001-wifi-clear-WiFi-requested-scan-rh1362165.patch +Patch2: 0002-libnm-secrets-without-flags-rh1332491.patch Requires(post): systemd Requires(preun): systemd @@ -339,6 +340,7 @@ by nm-connection-editor and nm-applet in a non-graphical environment. %setup -q -n NetworkManager-%{real_version} %patch1 -p1 +%patch2 -p1 %build gtkdocize @@ -641,6 +643,9 @@ fi %endif %changelog +* Wed Oct 12 2016 Thomas Haller - 1:1.2.4-3 +- libnm: accept secrets without flags for nm-openconnect (rh#1332491) + * Wed Aug 17 2016 Francesco Giudici - 1:1.2.4-2 - fix stale Wi-Fi after resume from suspend (rh#1362165)