diff --git a/0003-kill-dns-plugin-child-synchronously-rh1161232.patch b/0003-kill-dns-plugin-child-synchronously-rh1161232.patch new file mode 100644 index 0000000..5534dce --- /dev/null +++ b/0003-kill-dns-plugin-child-synchronously-rh1161232.patch @@ -0,0 +1,92 @@ +From 993bd6ab583c077eb0e94fb25f090eb164922435 Mon Sep 17 00:00:00 2001 +From: Lubomir Rintel +Date: Wed, 6 May 2015 11:52:27 +0200 +Subject: [PATCH 1/4] dns: kill plugin child synchronously to avoid restart + race (rh #1161232) (bgo #728342) + +NM was killing the dnsmasq local caching nameserver process and immediately +starting a new one, and new process couldn't bind to 127.0.0.1 because the +old one hadn't quit yet. Thus the new process quit, and the user was +left with no split DNS at all. + +While this does introduce more synchronous waiting into the connection +process, it's not that much time and NM will kill dnsmasq if it hasn't +quit after 1 second. The longer-term fix is to use dnsmasq's D-Bus +interface to update DNS without respawning it. + +https://bugzilla.gnome.org/show_bug.cgi?id=728342 +https://bugzilla.redhat.com/show_bug.cgi?id=1161232 + +This is a rework of 10aff12526a2fc4b2d099df2710fdb040ccd9e4c. The newer +branches have ff3b753 (core: use nm_utils_kill_child_async() and +nm_utils_kill_child_sync()) which in turn relies on 1f84185 (core: add +nm_utils_kill_child_async() and nm_utils_kill_child_sync() function) that is +not entirely trivial to backport. +--- + src/dns-manager/nm-dns-plugin.c | 41 ++++++++++++----------------------------- + 1 file changed, 12 insertions(+), 29 deletions(-) + +diff --git a/src/dns-manager/nm-dns-plugin.c b/src/dns-manager/nm-dns-plugin.c +index e85b2a0..549efe3 100644 +--- a/src/dns-manager/nm-dns-plugin.c ++++ b/src/dns-manager/nm-dns-plugin.c +@@ -196,29 +196,6 @@ nm_dns_plugin_child_spawn (NMDnsPlugin *self, + return priv->pid; + } + +-typedef struct { +- int pid; +- char *progname; +-} KillInfo; +- +-static gboolean +-ensure_killed (gpointer data) +-{ +- KillInfo *info = data; +- +- if (kill (info->pid, 0) == 0) +- kill (info->pid, SIGKILL); +- +- /* ensure the child is reaped */ +- nm_log_dbg (LOGD_DNS, "waiting for %s pid %d to exit", info->progname, info->pid); +- waitpid (info->pid, NULL, 0); +- nm_log_dbg (LOGD_DNS, "dnsmasq pid %d cleaned up", info->pid); +- +- g_free (info->progname); +- g_free (info); +- return FALSE; +-} +- + gboolean nm_dns_plugin_child_kill (NMDnsPlugin *self) + { + NMDnsPluginPrivate *priv = NM_DNS_PLUGIN_GET_PRIVATE (self); +@@ -229,14 +206,20 @@ gboolean nm_dns_plugin_child_kill (NMDnsPlugin *self) + } + + if (priv->pid) { +- KillInfo *info; + + if (kill (priv->pid, SIGTERM) == 0) { +- info = g_malloc0 (sizeof (KillInfo)); +- info->pid = priv->pid; +- info->progname = g_strdup (priv->progname); +- g_timeout_add_seconds (2, ensure_killed, info); +- } else { ++ int counter = 20; ++ ++ /* Wait up to 2 seconds synchronously. */ ++ while (counter--) { ++ if (waitpid (priv->pid, NULL, WNOHANG)) ++ break; ++ g_usleep (100000); ++ } ++ } ++ ++ if (kill (priv->pid, 0) == 0) { ++ /* Not dead yet. */ + kill (priv->pid, SIGKILL); + + /* ensure the child is reaped */ +-- +2.4.0 + diff --git a/0004-refactor-building-IP-config-lists-for-dns-plugins-rh1161232.patch b/0004-refactor-building-IP-config-lists-for-dns-plugins-rh1161232.patch new file mode 100644 index 0000000..711178f --- /dev/null +++ b/0004-refactor-building-IP-config-lists-for-dns-plugins-rh1161232.patch @@ -0,0 +1,135 @@ +From 2171b984e3c9a17c032ac80054db79523d97d9dd Mon Sep 17 00:00:00 2001 +From: Dan Williams +Date: Wed, 14 Jan 2015 17:03:22 -0600 +Subject: [PATCH 2/4] dns: refactor building IP config lists for plugins (bgo + #728342) + +Don't bother building the lists if no DNS plugins are enabled. + +https://bugzilla.gnome.org/show_bug.cgi?id=728342 +(cherry picked from commit cc8d9f778c2237b3e9e6815a2e0cc5635328edab) +--- + src/dns-manager/nm-dns-manager.c | 70 ++++++++++++++++++++++++---------------- + 1 file changed, 43 insertions(+), 27 deletions(-) + +diff --git a/src/dns-manager/nm-dns-manager.c b/src/dns-manager/nm-dns-manager.c +index ddf31af..e6984e3 100644 +--- a/src/dns-manager/nm-dns-manager.c ++++ b/src/dns-manager/nm-dns-manager.c +@@ -561,6 +561,42 @@ compute_hash (NMDnsManager *self, guint8 buffer[HASH_LEN]) + g_checksum_free (sum); + } + ++static void ++build_plugin_config_lists (NMDnsManager *self, ++ GSList **out_vpn_configs, ++ GSList **out_dev_configs, ++ GSList **out_other_configs) ++{ ++ NMDnsManagerPrivate *priv = NM_DNS_MANAGER_GET_PRIVATE (self); ++ GSList *iter; ++ ++ g_return_if_fail (out_vpn_configs && !*out_vpn_configs); ++ g_return_if_fail (out_dev_configs && !*out_dev_configs); ++ g_return_if_fail (out_other_configs && !*out_other_configs); ++ ++ /* Build up config lists for plugins; we use the raw configs here, not the ++ * merged information that we write to resolv.conf so that the plugins can ++ * still use the domain information in each config to provide split DNS if ++ * they want to. ++ */ ++ if (priv->ip4_vpn_config) ++ *out_vpn_configs = g_slist_append (*out_vpn_configs, priv->ip4_vpn_config); ++ if (priv->ip6_vpn_config) ++ *out_vpn_configs = g_slist_append (*out_vpn_configs, priv->ip6_vpn_config); ++ if (priv->ip4_device_config) ++ *out_dev_configs = g_slist_append (*out_dev_configs, priv->ip4_device_config); ++ if (priv->ip6_device_config) ++ *out_dev_configs = g_slist_append (*out_dev_configs, priv->ip6_device_config); ++ ++ for (iter = priv->configs; iter; iter = g_slist_next (iter)) { ++ if ( (iter->data != priv->ip4_vpn_config) ++ && (iter->data != priv->ip4_device_config) ++ && (iter->data != priv->ip6_vpn_config) ++ && (iter->data != priv->ip6_device_config)) ++ *out_other_configs = g_slist_append (*out_other_configs, iter->data); ++ } ++} ++ + static gboolean + update_dns (NMDnsManager *self, + gboolean no_caching, +@@ -568,7 +604,7 @@ update_dns (NMDnsManager *self, + { + NMDnsManagerPrivate *priv; + NMResolvConfData rc; +- GSList *iter, *vpn_configs = NULL, *dev_configs = NULL, *other_configs = NULL; ++ GSList *iter; + const char *nis_domain = NULL; + char **searches = NULL; + char **nameservers = NULL; +@@ -674,32 +710,11 @@ update_dns (NMDnsManager *self, + + nis_domain = rc.nis_domain; + +- /* Build up config lists for plugins; we use the raw configs here, not the +- * merged information that we write to resolv.conf so that the plugins can +- * still use the domain information in each config to provide split DNS if +- * they want to. +- */ +- if (priv->ip4_vpn_config) +- vpn_configs = g_slist_append (vpn_configs, priv->ip4_vpn_config); +- if (priv->ip6_vpn_config) +- vpn_configs = g_slist_append (vpn_configs, priv->ip6_vpn_config); +- if (priv->ip4_device_config) +- dev_configs = g_slist_append (dev_configs, priv->ip4_device_config); +- if (priv->ip6_device_config) +- dev_configs = g_slist_append (dev_configs, priv->ip6_device_config); +- +- for (iter = priv->configs; iter; iter = g_slist_next (iter)) { +- if ( (iter->data != priv->ip4_vpn_config) +- && (iter->data != priv->ip4_device_config) +- && (iter->data != priv->ip6_vpn_config) +- && (iter->data != priv->ip6_device_config)) +- other_configs = g_slist_append (other_configs, iter->data); +- } +- + /* Let any plugins do their thing first */ + if (priv->plugin) { + NMDnsPlugin *plugin = priv->plugin; + const char *plugin_name = nm_dns_plugin_get_name (plugin); ++ GSList *vpn_configs = NULL, *dev_configs = NULL, *other_configs = NULL; + + if (nm_dns_plugin_is_caching (plugin)) { + if (no_caching) { +@@ -710,6 +725,8 @@ update_dns (NMDnsManager *self, + caching = TRUE; + } + ++ build_plugin_config_lists (self, &vpn_configs, &dev_configs, &other_configs); ++ + nm_log_dbg (LOGD_DNS, "DNS: updating plugin %s", plugin_name); + if (!nm_dns_plugin_update (plugin, + vpn_configs, +@@ -723,15 +740,14 @@ update_dns (NMDnsManager *self, + */ + caching = FALSE; + } ++ g_slist_free (vpn_configs); ++ g_slist_free (dev_configs); ++ g_slist_free (other_configs); + + skip: + ; + } + +- g_slist_free (vpn_configs); +- g_slist_free (dev_configs); +- g_slist_free (other_configs); +- + /* If caching was successful, we only send 127.0.0.1 to /etc/resolv.conf + * to ensure that the glibc resolver doesn't try to round-robin nameservers, + * but only uses the local caching nameserver. +-- +2.4.0 + diff --git a/0005-ensure-that-update_dns-always-returns-a-GError-rh1161232.patch b/0005-ensure-that-update_dns-always-returns-a-GError-rh1161232.patch new file mode 100644 index 0000000..e7cc26a --- /dev/null +++ b/0005-ensure-that-update_dns-always-returns-a-GError-rh1161232.patch @@ -0,0 +1,300 @@ +From 991b8efca0d3136d8c63b202a9346572c8197da5 Mon Sep 17 00:00:00 2001 +From: Dan Williams +Date: Thu, 26 Feb 2015 15:04:36 -0600 +Subject: [PATCH 3/4] dns: ensure that update_dns() always returns a GError on + failure + +Callers may expect this, so make sure we do it. + +(cherry picked from commit 06f25a3ec7c07eac5785daeb99f648200abe3feb) +--- + src/NetworkManagerUtils.c | 19 ++++---- + src/NetworkManagerUtils.h | 2 +- + src/dns-manager/nm-dns-manager.c | 99 +++++++++++++++++++++------------------- + src/dns-manager/nm-dns-unbound.c | 2 +- + 4 files changed, 62 insertions(+), 60 deletions(-) + +diff --git a/src/NetworkManagerUtils.c b/src/NetworkManagerUtils.c +index e6814e3..0a7a9b6 100644 +--- a/src/NetworkManagerUtils.c ++++ b/src/NetworkManagerUtils.c +@@ -134,27 +134,26 @@ nm_utils_ip6_address_clear_host_address (struct in6_addr *dst, const struct in6_ + + + int +-nm_spawn_process (const char *args) ++nm_spawn_process (const char *args, GError **error) + { ++ GError *local = NULL; + gint num_args; + char **argv = NULL; + int status = -1; +- GError *error = NULL; + + g_return_val_if_fail (args != NULL, -1); ++ g_return_val_if_fail (!error || !*error, -1); + +- if (!g_shell_parse_argv (args, &num_args, &argv, &error)) { +- nm_log_warn (LOGD_CORE, "could not parse arguments for '%s': %s", args, error->message); +- g_error_free (error); +- return -1; ++ if (g_shell_parse_argv (args, &num_args, &argv, &local)) { ++ g_spawn_sync ("/", argv, NULL, 0, nm_unblock_posix_signals, NULL, NULL, NULL, &status, &local); ++ g_strfreev (argv); + } + +- if (!g_spawn_sync ("/", argv, NULL, 0, nm_unblock_posix_signals, NULL, NULL, NULL, &status, &error)) { +- nm_log_warn (LOGD_CORE, "could not spawn process '%s': %s", args, error->message); +- g_error_free (error); ++ if (local) { ++ nm_log_warn (LOGD_CORE, "could not spawn process '%s': %s", args, local->message); ++ g_propagate_error (error, local); + } + +- g_strfreev (argv); + return status; + } + +diff --git a/src/NetworkManagerUtils.h b/src/NetworkManagerUtils.h +index 7be316e..22d665e 100644 +--- a/src/NetworkManagerUtils.h ++++ b/src/NetworkManagerUtils.h +@@ -53,7 +53,7 @@ nm_utils_ip6_route_metric_normalize (guint32 metric) + return metric ? metric : 1024 /*NM_PLATFORM_ROUTE_METRIC_DEFAULT*/; + } + +-int nm_spawn_process (const char *args); ++int nm_spawn_process (const char *args, GError **error); + + /* macro to return strlen() of a compile time string. */ + #define STRLEN(str) ( sizeof ("" str) - 1 ) +diff --git a/src/dns-manager/nm-dns-manager.c b/src/dns-manager/nm-dns-manager.c +index e6984e3..e833ce4 100644 +--- a/src/dns-manager/nm-dns-manager.c ++++ b/src/dns-manager/nm-dns-manager.c +@@ -323,12 +323,19 @@ dispatch_netconfig (char **searches, + + again: + +- ret = waitpid (pid, NULL, 0); +- if (ret < 0 && errno == EINTR) +- goto again; +- else if (ret < 0 && errno == ECHILD) { +- /* When the netconfig exist, the errno is ECHILD, it should return TRUE */ +- return TRUE; ++ if (waitpid (pid, NULL, 0) < 0) { ++ if (errno == EINTR) ++ goto again; ++ else if (errno == ECHILD) { ++ /* child already exited */ ++ ret = pid; ++ } else { ++ g_set_error_literal (error, ++ NM_MANAGER_ERROR, ++ NM_MANAGER_ERROR_FAILED, ++ "Error waiting for netconfig to exit: %s", ++ strerror (errno)); ++ } + } + + return ret > 0; +@@ -344,22 +351,13 @@ write_resolv_conf (FILE *f, + { + char *searches_str = NULL; + char *nameservers_str = NULL; +- int i; + gboolean retval = FALSE; ++ char *tmp_str; + GString *str; + +- if (fprintf (f, "%s","# Generated by NetworkManager\n") < 0) { +- g_set_error (error, +- NM_DNS_MANAGER_ERROR, +- NM_DNS_MANAGER_ERROR_SYSTEM, +- "Could not write " _PATH_RESCONF ": %s\n", +- g_strerror (errno)); +- return FALSE; +- } ++ int i; + + if (searches) { +- char *tmp_str; +- + tmp_str = g_strjoinv (" ", searches); + searches_str = g_strconcat ("search ", tmp_str, "\n", NULL); + g_free (tmp_str); +@@ -387,10 +385,17 @@ write_resolv_conf (FILE *f, + + nameservers_str = g_string_free (str, FALSE); + +- if (fprintf (f, "%s%s", ++ if (fprintf (f, "# Generated by NetworkManager\n%s%s", + searches_str ? searches_str : "", +- strlen (nameservers_str) ? nameservers_str : "") != -1) ++ nameservers_str) > 0) + retval = TRUE; ++ else { ++ g_set_error (error, ++ NM_DNS_MANAGER_ERROR, ++ NM_DNS_MANAGER_ERROR_SYSTEM, ++ "Could not write " _PATH_RESCONF ": %s\n", ++ g_strerror (errno)); ++ } + + g_free (searches_str); + g_free (nameservers_str); +@@ -407,9 +412,15 @@ dispatch_resolvconf (char **searches, + char *cmd; + FILE *f; + gboolean retval = FALSE; ++ int errnosv, err; + +- if (! g_file_test (RESOLVCONF_PATH, G_FILE_TEST_IS_EXECUTABLE)) ++ if (!g_file_test (RESOLVCONF_PATH, G_FILE_TEST_IS_EXECUTABLE)) { ++ g_set_error_literal (error, ++ NM_MANAGER_ERROR, ++ NM_MANAGER_ERROR_FAILED, ++ RESOLVCONF_PATH " is not executable"); + return FALSE; ++ } + + if (searches || nameservers) { + cmd = g_strconcat (RESOLVCONF_PATH, " -a ", "NetworkManager", NULL); +@@ -423,12 +434,21 @@ dispatch_resolvconf (char **searches, + g_strerror (errno)); + else { + retval = write_resolv_conf (f, searches, nameservers, error); +- retval &= (pclose (f) == 0); ++ err = pclose (f); ++ if (err < 0) { ++ errnosv = errno; ++ g_set_error (error, G_IO_ERROR, g_io_error_from_errno (errnosv), ++ "Failed to close pipe to resolvconf: %d", errnosv); ++ retval = FALSE; ++ } else if (err > 0) { ++ nm_log_warn (LOGD_DNS, "resolvconf failed with status %d", err); ++ retval = FALSE; ++ } + } + } else { + cmd = g_strconcat (RESOLVCONF_PATH, " -d ", "NetworkManager", NULL); + nm_log_info (LOGD_DNS, "Removing DNS information from %s", RESOLVCONF_PATH); +- if (nm_spawn_process (cmd) == 0) ++ if (nm_spawn_process (cmd, error) == 0) + retval = TRUE; + } + +@@ -612,8 +632,7 @@ update_dns (NMDnsManager *self, + int num, i, len; + gboolean success = FALSE, caching = FALSE; + +- g_return_val_if_fail (error != NULL, FALSE); +- g_return_val_if_fail (*error == NULL, FALSE); ++ g_return_val_if_fail (!error || !*error, FALSE); + + priv = NM_DNS_MANAGER_GET_PRIVATE (self); + +@@ -799,9 +818,7 @@ plugin_failed (NMDnsPlugin *plugin, gpointer user_data) + + /* Disable caching until the next DNS update */ + if (!update_dns (self, TRUE, &error)) { +- nm_log_warn (LOGD_DNS, "could not commit DNS changes: (%d) %s", +- error ? error->code : -1, +- error && error->message ? error->message : "(unknown)"); ++ nm_log_warn (LOGD_DNS, "could not commit DNS changes: %s", error->message); + g_clear_error (&error); + } + } +@@ -838,9 +855,7 @@ nm_dns_manager_add_ip4_config (NMDnsManager *mgr, + priv->configs = g_slist_append (priv->configs, g_object_ref (config)); + + if (!priv->updates_queue && !update_dns (mgr, FALSE, &error)) { +- nm_log_warn (LOGD_DNS, "could not commit DNS changes: (%d) %s", +- error ? error->code : -1, +- error && error->message ? error->message : "(unknown)"); ++ nm_log_warn (LOGD_DNS, "could not commit DNS changes: %s", error->message); + g_clear_error (&error); + } + +@@ -872,9 +887,7 @@ nm_dns_manager_remove_ip4_config (NMDnsManager *mgr, NMIP4Config *config) + g_object_unref (config); + + if (!priv->updates_queue && !update_dns (mgr, FALSE, &error)) { +- nm_log_warn (LOGD_DNS, "could not commit DNS changes: (%d) %s", +- error ? error->code : -1, +- error && error->message ? error->message : "(unknown)"); ++ nm_log_warn (LOGD_DNS, "could not commit DNS changes: %s", error->message); + g_clear_error (&error); + } + +@@ -915,9 +928,7 @@ nm_dns_manager_add_ip6_config (NMDnsManager *mgr, + priv->configs = g_slist_append (priv->configs, g_object_ref (config)); + + if (!priv->updates_queue && !update_dns (mgr, FALSE, &error)) { +- nm_log_warn (LOGD_DNS, "could not commit DNS changes: (%d) %s", +- error ? error->code : -1, +- error && error->message ? error->message : "(unknown)"); ++ nm_log_warn (LOGD_DNS, "could not commit DNS changes: %s", error->message); + g_clear_error (&error); + } + +@@ -949,9 +960,7 @@ nm_dns_manager_remove_ip6_config (NMDnsManager *mgr, NMIP6Config *config) + g_object_unref (config); + + if (!priv->updates_queue && !update_dns (mgr, FALSE, &error)) { +- nm_log_warn (LOGD_DNS, "could not commit DNS changes: (%d) %s", +- error ? error->code : -1, +- error && error->message ? error->message : "(unknown)"); ++ nm_log_warn (LOGD_DNS, "could not commit DNS changes: %s", error->message); + g_clear_error (&error); + } + +@@ -994,9 +1003,7 @@ nm_dns_manager_set_hostname (NMDnsManager *mgr, + priv->hostname = g_strdup (filtered); + + if (!priv->updates_queue && !update_dns (mgr, FALSE, &error)) { +- nm_log_warn (LOGD_DNS, "could not commit DNS changes: (%d) %s", +- error ? error->code : -1, +- error && error->message ? error->message : "(unknown)"); ++ nm_log_warn (LOGD_DNS, "could not commit DNS changes: %s", error->message); + g_clear_error (&error); + } + } +@@ -1050,9 +1057,7 @@ nm_dns_manager_end_updates (NMDnsManager *mgr, const char *func) + /* Commit all the outstanding changes */ + nm_log_dbg (LOGD_DNS, "(%s): committing DNS changes (%d)", func, priv->updates_queue); + if (!update_dns (mgr, FALSE, &error)) { +- nm_log_warn (LOGD_DNS, "could not commit DNS changes: (%d) %s", +- error ? error->code : -1, +- error && error->message ? error->message : "(unknown)"); ++ nm_log_warn (LOGD_DNS, "could not commit DNS changes: %s", error->message); + g_clear_error (&error); + } + +@@ -1152,9 +1157,7 @@ dispose (GObject *object) + * DNS updates yet, there's no reason to touch resolv.conf on shutdown. + */ + if (priv->dns_touched && !update_dns (self, TRUE, &error)) { +- nm_log_warn (LOGD_DNS, "could not commit DNS changes on shutdown: (%d) %s", +- error ? error->code : -1, +- error && error->message ? error->message : "(unknown)"); ++ nm_log_warn (LOGD_DNS, "could not commit DNS changes on shutdown: %s", error->message); + g_clear_error (&error); + priv->dns_touched = FALSE; + } +diff --git a/src/dns-manager/nm-dns-unbound.c b/src/dns-manager/nm-dns-unbound.c +index 137fd20..5520d38 100644 +--- a/src/dns-manager/nm-dns-unbound.c ++++ b/src/dns-manager/nm-dns-unbound.c +@@ -40,7 +40,7 @@ update (NMDnsPlugin *plugin, + * without calling custom scripts. The dnssec-trigger functionality + * may be eventually merged into NetworkManager. + */ +- return nm_spawn_process ("/usr/libexec/dnssec-trigger-script --async --update") == 0; ++ return nm_spawn_process ("/usr/libexec/dnssec-trigger-script --async --update", NULL) == 0; + } + + static gboolean +-- +2.4.0 + diff --git a/0006-refresh-DNS-if-plugin-child-quits-unexpectedly-rh1161232.patch b/0006-refresh-DNS-if-plugin-child-quits-unexpectedly-rh1161232.patch new file mode 100644 index 0000000..3813668 --- /dev/null +++ b/0006-refresh-DNS-if-plugin-child-quits-unexpectedly-rh1161232.patch @@ -0,0 +1,67 @@ +From e6b47236f00ab91056be9fc3f9b8611fb16d9e57 Mon Sep 17 00:00:00 2001 +From: Dan Williams +Date: Thu, 15 Jan 2015 11:38:33 -0600 +Subject: [PATCH 4/4] dns: refresh DNS if plugin child quits unexpectedly (bgo + #728342) + +If the child dies, or something kills the child externally, refresh +DNS which should respawn the child, similar to what we do with +wpa_supplicant, teamd, etc. + +https://bugzilla.gnome.org/show_bug.cgi?id=728342 +(cherry picked from commit 09a05f6c3e0b4502252d70cb121654e7312520c5) +--- + src/dns-manager/nm-dns-manager.c | 23 ++++++++++++++++++++++- + 1 file changed, 22 insertions(+), 1 deletion(-) + +diff --git a/src/dns-manager/nm-dns-manager.c b/src/dns-manager/nm-dns-manager.c +index e833ce4..c81bfd6 100644 +--- a/src/dns-manager/nm-dns-manager.c ++++ b/src/dns-manager/nm-dns-manager.c +@@ -823,6 +823,22 @@ plugin_failed (NMDnsPlugin *plugin, gpointer user_data) + } + } + ++static void ++plugin_child_quit (NMDnsPlugin *plugin, int exit_status, gpointer user_data) ++{ ++ NMDnsManager *self = NM_DNS_MANAGER (user_data); ++ GError *error = NULL; ++ ++ nm_log_warn (LOGD_DNS, "DNS: plugin %s child quit unexpectedly; refreshing DNS", ++ nm_dns_plugin_get_name (plugin)); ++ ++ /* Let the plugin try to spawn the child again */ ++ if (!update_dns (self, FALSE, &error)) { ++ nm_log_warn (LOGD_DNS, "could not commit DNS changes: %s", error->message); ++ g_clear_error (&error); ++ } ++} ++ + gboolean + nm_dns_manager_add_ip4_config (NMDnsManager *mgr, + const char *iface, +@@ -1139,6 +1155,7 @@ nm_dns_manager_init (NMDnsManager *self) + if (priv->plugin) { + nm_log_info (LOGD_DNS, "DNS: loaded plugin %s", nm_dns_plugin_get_name (priv->plugin)); + g_signal_connect (priv->plugin, NM_DNS_PLUGIN_FAILED, G_CALLBACK (plugin_failed), self); ++ g_signal_connect (priv->plugin, NM_DNS_PLUGIN_CHILD_QUIT, G_CALLBACK (plugin_child_quit), self); + } + } + +@@ -1149,7 +1166,11 @@ dispose (GObject *object) + NMDnsManagerPrivate *priv = NM_DNS_MANAGER_GET_PRIVATE (self); + GError *error = NULL; + +- g_clear_object (&priv->plugin); ++ if (priv->plugin) { ++ g_signal_handlers_disconnect_by_func (priv->plugin, plugin_failed, self); ++ g_signal_handlers_disconnect_by_func (priv->plugin, plugin_child_quit, self); ++ g_clear_object (&priv->plugin); ++ } + + /* If we're quitting, leave a valid resolv.conf in place, not one + * pointing to 127.0.0.1 if any plugins were active. Thus update +-- +2.4.0 + diff --git a/0007-cli-add-PHYS_PORT_ID-property-rh1168573.patch b/0007-cli-add-PHYS_PORT_ID-property-rh1168573.patch new file mode 100644 index 0000000..e337e7b --- /dev/null +++ b/0007-cli-add-PHYS_PORT_ID-property-rh1168573.patch @@ -0,0 +1,55 @@ +From 1974b8b50cf00e706c795a99f13120d509b42a33 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ji=C5=99=C3=AD=20Klime=C5=A1?= +Date: Tue, 14 Apr 2015 12:08:15 +0200 +Subject: [PATCH] cli: add PHYS_PORT_ID property to devices + +The physical-port-id property was added to libnm (libnm-glib) in commit +47cc8b25f2efe015defde7e76e49e67086603bb3. + +(cherry picked from commit 825255361565588a428aad69eb7ea9ffe9475fc2) +--- + cli/src/devices.c | 19 +++++++++++-------- + 1 file changed, 11 insertions(+), 8 deletions(-) + +diff --git a/cli/src/devices.c b/cli/src/devices.c +index 5a3ab45..3b20186 100644 +--- a/cli/src/devices.c ++++ b/cli/src/devices.c +@@ -103,13 +103,15 @@ static NmcOutputField nmc_fields_dev_show_general[] = { + {"NM-MANAGED", N_("NM-MANAGED"), 15}, /* 14 */ + {"AUTOCONNECT", N_("AUTOCONNECT"), 15}, /* 15 */ + {"FIRMWARE-MISSING", N_("FIRMWARE-MISSING"), 18}, /* 16 */ +- {"CONNECTION", N_("CONNECTION"), 20}, /* 17 */ +- {"CON-UUID", N_("CON-UUID"), 38}, /* 18 */ +- {"CON-PATH", N_("CON-PATH"), 51}, /* 19 */ ++ {"PHYS-PORT-ID", N_("PHYS-PORT-ID"), 18}, /* 17 */ ++ {"CONNECTION", N_("CONNECTION"), 20}, /* 18 */ ++ {"CON-UUID", N_("CON-UUID"), 38}, /* 19 */ ++ {"CON-PATH", N_("CON-PATH"), 51}, /* 20 */ + {NULL, NULL, 0} + }; +-#define NMC_FIELDS_DEV_SHOW_GENERAL_ALL "NAME,DEVICE,TYPE,VENDOR,PRODUCT,DRIVER,DRIVER-VERSION,FIRMWARE-VERSION,HWADDR,MTU,STATE,REASON,"\ +- "UDI,IP-IFACE,NM-MANAGED,AUTOCONNECT,FIRMWARE-MISSING,CONNECTION,CON-UUID,CON-PATH" ++#define NMC_FIELDS_DEV_SHOW_GENERAL_ALL "NAME,DEVICE,TYPE,VENDOR,PRODUCT,DRIVER,DRIVER-VERSION,FIRMWARE-VERSION,HWADDR,MTU,"\ ++ "STATE,REASON,UDI,IP-IFACE,NM-MANAGED,AUTOCONNECT,FIRMWARE-MISSING,PHYS-PORT-ID,"\ ++ "CONNECTION,CON-UUID,CON-PATH" + #define NMC_FIELDS_DEV_SHOW_GENERAL_COMMON "NAME,DEVICE,TYPE,VENDOR,PRODUCT,DRIVER,HWADDR,STATE" + + /* Available fields for 'device show' - CONNECTIONS part */ +@@ -801,9 +803,10 @@ show_device_info (NMDevice *device, NmCli *nmc) + set_val_strc (arr, 14, nm_device_get_managed (device) ? _("yes") : _("no")); + set_val_strc (arr, 15, nm_device_get_autoconnect (device) ? _("yes") : _("no")); + set_val_strc (arr, 16, nm_device_get_firmware_missing (device) ? _("yes") : _("no")); +- set_val_strc (arr, 17, get_active_connection_id (device)); +- set_val_strc (arr, 18, acon ? nm_active_connection_get_uuid (acon) : NULL); +- set_val_strc (arr, 19, acon ? nm_object_get_path (NM_OBJECT (acon)) : NULL); ++ set_val_strc (arr, 17, nm_device_get_physical_port_id (device)); ++ set_val_strc (arr, 18, get_active_connection_id (device)); ++ set_val_strc (arr, 19, acon ? nm_active_connection_get_uuid (acon) : NULL); ++ set_val_strc (arr, 20, acon ? nm_object_get_path (NM_OBJECT (acon)) : NULL); + g_ptr_array_add (nmc->output_data, arr); + + print_data (nmc); /* Print all data */ +-- +2.4.0 + diff --git a/0008-cli-better-indicate-Wi-Fi-plugin-missing-rh1168573.patch b/0008-cli-better-indicate-Wi-Fi-plugin-missing-rh1168573.patch new file mode 100644 index 0000000..74d8748 --- /dev/null +++ b/0008-cli-better-indicate-Wi-Fi-plugin-missing-rh1168573.patch @@ -0,0 +1,153 @@ +From e304f04932304f896ca3f95f499217496334ec83 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ji=C5=99=C3=AD=20Klime=C5=A1?= +Date: Tue, 14 Apr 2015 14:35:14 +0200 +Subject: [PATCH] cli: better indicate when a Wi-Fi plugin might not be + available (rh #1168573) + +* print an error message indicating NM Wi-Fi plugin may be missing, for + nmcli device wifi ifname + nmcli device wifi connect ifname + +* add NM-TYPE to 'nmcli device show' command displaying internal NM device type + (like NMDeviceWifi, NMDeviceGeneric, ...) + +https://bugzilla.redhat.com/show_bug.cgi?id=1168573 + +(cherry picked from commit 823df334eda48a8e2cec897d6123f7b2158c12ff) +--- + cli/src/devices.c | 96 +++++++++++++++++++++++++++++++------------------------ + 1 file changed, 55 insertions(+), 41 deletions(-) + +diff --git a/cli/src/devices.c b/cli/src/devices.c +index 3b20186..71198fb 100644 +--- a/cli/src/devices.c ++++ b/cli/src/devices.c +@@ -89,27 +89,28 @@ static NmcOutputField nmc_fields_dev_show_general[] = { + {"NAME", N_("NAME"), 10}, /* 0 */ + {"DEVICE", N_("DEVICE"), 10}, /* 1 */ + {"TYPE", N_("TYPE"), 17}, /* 2 */ +- {"VENDOR", N_("VENDOR"), 20}, /* 3 */ +- {"PRODUCT", N_("PRODUCT"), 50}, /* 4 */ +- {"DRIVER", N_("DRIVER"), 9}, /* 5 */ +- {"DRIVER-VERSION", N_("DRIVER-VERSION"), 18}, /* 6 */ +- {"FIRMWARE-VERSION", N_("FIRMWARE-VERSION"), 18}, /* 7 */ +- {"HWADDR", N_("HWADDR"), 19}, /* 8 */ +- {"MTU", N_("MTU"), 10}, /* 9 */ +- {"STATE", N_("STATE"), 14}, /* 10 */ +- {"REASON", N_("REASON"), 25}, /* 11 */ +- {"UDI", N_("UDI"), 64}, /* 12 */ +- {"IP-IFACE", N_("IP-IFACE"), 10}, /* 13 */ +- {"NM-MANAGED", N_("NM-MANAGED"), 15}, /* 14 */ +- {"AUTOCONNECT", N_("AUTOCONNECT"), 15}, /* 15 */ +- {"FIRMWARE-MISSING", N_("FIRMWARE-MISSING"), 18}, /* 16 */ +- {"PHYS-PORT-ID", N_("PHYS-PORT-ID"), 18}, /* 17 */ +- {"CONNECTION", N_("CONNECTION"), 20}, /* 18 */ +- {"CON-UUID", N_("CON-UUID"), 38}, /* 19 */ +- {"CON-PATH", N_("CON-PATH"), 51}, /* 20 */ ++ {"NM-TYPE", N_("NM-TYPE"), 17}, /* 3 */ ++ {"VENDOR", N_("VENDOR"), 20}, /* 4 */ ++ {"PRODUCT", N_("PRODUCT"), 50}, /* 5 */ ++ {"DRIVER", N_("DRIVER"), 9}, /* 6 */ ++ {"DRIVER-VERSION", N_("DRIVER-VERSION"), 18}, /* 7 */ ++ {"FIRMWARE-VERSION", N_("FIRMWARE-VERSION"), 18}, /* 8 */ ++ {"HWADDR", N_("HWADDR"), 19}, /* 9 */ ++ {"MTU", N_("MTU"), 10}, /* 10 */ ++ {"STATE", N_("STATE"), 14}, /* 11 */ ++ {"REASON", N_("REASON"), 25}, /* 12 */ ++ {"UDI", N_("UDI"), 64}, /* 13 */ ++ {"IP-IFACE", N_("IP-IFACE"), 10}, /* 14 */ ++ {"NM-MANAGED", N_("NM-MANAGED"), 15}, /* 15 */ ++ {"AUTOCONNECT", N_("AUTOCONNECT"), 15}, /* 16 */ ++ {"FIRMWARE-MISSING", N_("FIRMWARE-MISSING"), 18}, /* 17 */ ++ {"PHYS-PORT-ID", N_("PHYS-PORT-ID"), 18}, /* 18 */ ++ {"CONNECTION", N_("CONNECTION"), 20}, /* 19 */ ++ {"CON-UUID", N_("CON-UUID"), 38}, /* 20 */ ++ {"CON-PATH", N_("CON-PATH"), 51}, /* 21 */ + {NULL, NULL, 0} + }; +-#define NMC_FIELDS_DEV_SHOW_GENERAL_ALL "NAME,DEVICE,TYPE,VENDOR,PRODUCT,DRIVER,DRIVER-VERSION,FIRMWARE-VERSION,HWADDR,MTU,"\ ++#define NMC_FIELDS_DEV_SHOW_GENERAL_ALL "NAME,DEVICE,TYPE,NM-TYPE,VENDOR,PRODUCT,DRIVER,DRIVER-VERSION,FIRMWARE-VERSION,HWADDR,MTU,"\ + "STATE,REASON,UDI,IP-IFACE,NM-MANAGED,AUTOCONNECT,FIRMWARE-MISSING,PHYS-PORT-ID,"\ + "CONNECTION,CON-UUID,CON-PATH" + #define NMC_FIELDS_DEV_SHOW_GENERAL_COMMON "NAME,DEVICE,TYPE,VENDOR,PRODUCT,DRIVER,HWADDR,STATE" +@@ -789,24 +790,25 @@ show_device_info (NMDevice *device, NmCli *nmc) + set_val_strc (arr, 0, nmc_fields_dev_show_sections[0].name); /* "GENERAL"*/ + set_val_strc (arr, 1, nm_device_get_iface (device)); + set_val_strc (arr, 2, nm_device_get_type_description (device)); +- set_val_strc (arr, 3, nm_device_get_vendor (device)); +- set_val_strc (arr, 4, nm_device_get_product (device)); +- set_val_strc (arr, 5, nm_device_get_driver (device) ? nm_device_get_driver (device) : _("(unknown)")); +- set_val_strc (arr, 6, nm_device_get_driver_version (device)); +- set_val_strc (arr, 7, nm_device_get_firmware_version (device)); +- set_val_strc (arr, 8, hwaddr ? hwaddr : _("(unknown)")); +- set_val_str (arr, 9, mtu_str); +- set_val_str (arr, 10, state_str); +- set_val_str (arr, 11, reason_str); +- set_val_strc (arr, 12, nm_device_get_udi (device)); +- set_val_strc (arr, 13, nm_device_get_ip_iface (device)); +- set_val_strc (arr, 14, nm_device_get_managed (device) ? _("yes") : _("no")); +- set_val_strc (arr, 15, nm_device_get_autoconnect (device) ? _("yes") : _("no")); +- set_val_strc (arr, 16, nm_device_get_firmware_missing (device) ? _("yes") : _("no")); +- set_val_strc (arr, 17, nm_device_get_physical_port_id (device)); +- set_val_strc (arr, 18, get_active_connection_id (device)); +- set_val_strc (arr, 19, acon ? nm_active_connection_get_uuid (acon) : NULL); +- set_val_strc (arr, 20, acon ? nm_object_get_path (NM_OBJECT (acon)) : NULL); ++ set_val_strc (arr, 3, G_OBJECT_TYPE_NAME (device)); ++ set_val_strc (arr, 4, nm_device_get_vendor (device)); ++ set_val_strc (arr, 5, nm_device_get_product (device)); ++ set_val_strc (arr, 6, nm_device_get_driver (device) ? nm_device_get_driver (device) : _("(unknown)")); ++ set_val_strc (arr, 7, nm_device_get_driver_version (device)); ++ set_val_strc (arr, 8, nm_device_get_firmware_version (device)); ++ set_val_strc (arr, 9, hwaddr ? hwaddr : _("(unknown)")); ++ set_val_str (arr, 10, mtu_str); ++ set_val_str (arr, 11, state_str); ++ set_val_str (arr, 12, reason_str); ++ set_val_strc (arr, 13, nm_device_get_udi (device)); ++ set_val_strc (arr, 14, nm_device_get_ip_iface (device)); ++ set_val_strc (arr, 15, nm_device_get_managed (device) ? _("yes") : _("no")); ++ set_val_strc (arr, 16, nm_device_get_autoconnect (device) ? _("yes") : _("no")); ++ set_val_strc (arr, 17, nm_device_get_firmware_missing (device) ? _("yes") : _("no")); ++ set_val_strc (arr, 18, nm_device_get_physical_port_id (device)); ++ set_val_strc (arr, 19, get_active_connection_id (device)); ++ set_val_strc (arr, 20, acon ? nm_active_connection_get_uuid (acon) : NULL); ++ set_val_strc (arr, 21, acon ? nm_object_get_path (NM_OBJECT (acon)) : NULL); + g_ptr_array_add (nmc->output_data, arr); + + print_data (nmc); /* Print all data */ +@@ -1752,7 +1754,13 @@ do_device_wifi_list (NmCli *nmc, int argc, char **argv) + show_acces_point_info (device, nmc); + } + } else { +- g_string_printf (nmc->return_text, _("Error: Device '%s' is not a Wi-Fi device."), ifname); ++ const char *err_msg; ++ if ( nm_device_get_device_type (device) == NM_DEVICE_TYPE_GENERIC ++ && g_strcmp0 (nm_device_get_type_description (device), "wifi") == 0) ++ err_msg = _("Error: Device '%s' was not recognized as a Wi-Fi device, check NetworkManager Wi-Fi plugin."); ++ else ++ err_msg = _("Error: Device '%s' is not a Wi-Fi device."); ++ g_string_printf (nmc->return_text, err_msg, ifname); + nmc->return_value = NMC_RESULT_ERROR_UNKNOWN; + goto error; + } +@@ -2317,9 +2325,15 @@ do_device_wifi_rescan (NmCli *nmc, int argc, char **argv) + device = find_wifi_device_by_iface (devices, ifname, &devices_idx); + + if (!device) { +- if (ifname) +- g_string_printf (nmc->return_text, _("Error: Device '%s' is not a Wi-Fi device."), ifname); +- else ++ if (ifname) { ++ const char *err_msg; ++ if ( nm_device_get_device_type (device) == NM_DEVICE_TYPE_GENERIC ++ && g_strcmp0 (nm_device_get_type_description (device), "wifi") == 0) ++ err_msg = _("Error: Device '%s' was not recognized as a Wi-Fi device, check NetworkManager Wi-Fi plugin."); ++ else ++ err_msg = _("Error: Device '%s' is not a Wi-Fi device."); ++ g_string_printf (nmc->return_text, err_msg, ifname); ++ } else + g_string_printf (nmc->return_text, _("Error: No Wi-Fi device found.")); + nmc->return_value = NMC_RESULT_ERROR_UNKNOWN; + goto error; +-- +2.4.0 + diff --git a/0009-CVE-2015-2924-don-t-let-RA-lower-hop-limit-rh1209903.patch b/0009-CVE-2015-2924-don-t-let-RA-lower-hop-limit-rh1209903.patch new file mode 100644 index 0000000..a643342 --- /dev/null +++ b/0009-CVE-2015-2924-don-t-let-RA-lower-hop-limit-rh1209903.patch @@ -0,0 +1,102 @@ +From d195edb95a543f7eebbd0a164e8ff3bef599370a Mon Sep 17 00:00:00 2001 +From: Thomas Haller +Date: Wed, 8 Apr 2015 15:54:30 +0200 +Subject: [PATCH] platform: don't accept lowering IPv6 hop-limit from RA + (CVE-2015-2924) + +https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6fd99094de2b83d1d4c8457f2c83483b2828e75a +http://seclists.org/oss-sec/2015/q2/46 +https://bugzilla.redhat.com/show_bug.cgi?id=1209902 +https://bugzilla.redhat.com/show_bug.cgi?id=1209903 +(cherry picked from commit bdaaf9849b0cacf131b71fa2ae168f5db796874f) + +Conflicts: + src/devices/nm-device.c + src/nm-iface-helper.c + src/platform/nm-platform.h +--- + src/devices/nm-device.c | 10 ++-------- + src/platform/nm-platform.c | 32 ++++++++++++++++++++++++++++++++ + src/platform/nm-platform.h | 2 ++ + 3 files changed, 36 insertions(+), 8 deletions(-) + +diff --git a/src/devices/nm-device.c b/src/devices/nm-device.c +index 7ab51e4..8cdf01b 100644 +--- a/src/devices/nm-device.c ++++ b/src/devices/nm-device.c +@@ -3716,14 +3716,8 @@ rdisc_config_changed (NMRDisc *rdisc, NMRDiscConfigMap changed, NMDevice *device + } + } + +- /* hop_limit == 0 is a special value "unspecified", so do not touch +- * in this case */ +- if (changed & NM_RDISC_CONFIG_HOP_LIMIT && rdisc->hop_limit > 0) { +- char val[16]; +- +- g_snprintf (val, sizeof (val), "%d", rdisc->hop_limit); +- nm_device_ipv6_sysctl_set (device, "hop_limit", val); +- } ++ if (changed & NM_RDISC_CONFIG_HOP_LIMIT) ++ nm_platform_sysctl_set_ip6_hop_limit_safe (nm_device_get_ip_iface (device), rdisc->hop_limit); + + nm_device_activate_schedule_ip6_config_result (device); + } +diff --git a/src/platform/nm-platform.c b/src/platform/nm-platform.c +index e95d6af..9629d9d 100644 +--- a/src/platform/nm-platform.c ++++ b/src/platform/nm-platform.c +@@ -240,6 +240,38 @@ nm_platform_sysctl_set (const char *path, const char *value) + return klass->sysctl_set (platform, path, value); + } + ++gboolean ++nm_platform_sysctl_set_ip6_hop_limit_safe (const char *iface, int value) ++{ ++ const char *path; ++ gint64 cur; ++ ++ /* the hop-limit provided via RA is uint8. */ ++ if (value > 0xFF) ++ return FALSE; ++ ++ /* don't allow unreasonable small values */ ++ if (value < 10) ++ return FALSE; ++ ++ path = nm_utils_ip6_property_path (iface, "hop_limit"); ++ cur = nm_platform_sysctl_get_int_checked (path, 10, 1, G_MAXINT32, -1); ++ ++ /* only allow increasing the hop-limit to avoid DOS by an attacker ++ * setting a low hop-limit (CVE-2015-2924, rh#1209902) */ ++ ++ if (value < cur) ++ return FALSE; ++ if (value != cur) { ++ char svalue[20]; ++ ++ sprintf (svalue, "%d", value); ++ nm_platform_sysctl_set (path, svalue); ++ } ++ ++ return TRUE; ++} ++ + /** + * nm_platform_sysctl_get: + * @path: Absolute path to sysctl +diff --git a/src/platform/nm-platform.h b/src/platform/nm-platform.h +index 275557c..6a1e503 100644 +--- a/src/platform/nm-platform.h ++++ b/src/platform/nm-platform.h +@@ -504,6 +504,8 @@ char *nm_platform_sysctl_get (const char *path); + gint32 nm_platform_sysctl_get_int32 (const char *path, gint32 fallback); + gint64 nm_platform_sysctl_get_int_checked (const char *path, guint base, gint64 min, gint64 max, gint64 fallback); + ++gboolean nm_platform_sysctl_set_ip6_hop_limit_safe (const char *iface, int value); ++ + gboolean nm_platform_link_get (int ifindex, NMPlatformLink *link); + GArray *nm_platform_link_get_all (void); + gboolean nm_platform_dummy_add (const char *name); +-- +2.4.0 + diff --git a/0010-load-libnl-3.so.200-rh1205195.patch b/0010-load-libnl-3.so.200-rh1205195.patch new file mode 100644 index 0000000..611e807 --- /dev/null +++ b/0010-load-libnl-3.so.200-rh1205195.patch @@ -0,0 +1,29 @@ +From 15420eb0a2c5b3ba248068e33b5464c3f7d2e752 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ji=C5=99=C3=AD=20Klime=C5=A1?= +Date: Wed, 25 Mar 2015 15:30:57 +0100 +Subject: [PATCH] platform: load libnl-3.so.200, not libnl-3.so (rh #1205195) + +libnl-3.so link is only present in devel package (libnl3-devel). + +https://bugzilla.redhat.com/show_bug.cgi?id=1205195 +(cherry picked from commit d767fb160c36bd9dc339e343ebac58274204ad4f) +--- + src/platform/nm-linux-platform.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/platform/nm-linux-platform.c b/src/platform/nm-linux-platform.c +index cf2164d..0f8b80d 100644 +--- a/src/platform/nm-linux-platform.c ++++ b/src/platform/nm-linux-platform.c +@@ -113,7 +113,7 @@ _nl_get_vtable () + if (G_UNLIKELY (!vtable.f_nl_has_capability)) { + void *handle; + +- handle = dlopen ("libnl-3.so", RTLD_LAZY | RTLD_NOLOAD); ++ handle = dlopen ("libnl-3.so.200", RTLD_LAZY | RTLD_NOLOAD); + if (handle) { + vtable.handle = handle; + vtable.f_nl_has_capability = dlsym (handle, "nl_has_capability"); +-- +2.4.0 + diff --git a/NetworkManager.spec b/NetworkManager.spec index 526333d..a7e8165 100644 --- a/NetworkManager.spec +++ b/NetworkManager.spec @@ -12,7 +12,7 @@ %define snapshot %{nil} %define realversion 0.9.10.2 -%define release_version 3 +%define release_version 4 %define epoch_version 1 %define obsoletes_nmver 1:0.9.9.95-1 @@ -81,9 +81,24 @@ Patch0: 0000-explain-dns1-dns2.patch Patch1: 0001-connectivity-disable-HTTP-keepalive-for-connectivity.patch Patch2: rh1203904-NM-loop-fix.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=1161232 +Patch3: 0003-kill-dns-plugin-child-synchronously-rh1161232.patch +Patch4: 0004-refactor-building-IP-config-lists-for-dns-plugins-rh1161232.patch +Patch5: 0005-ensure-that-update_dns-always-returns-a-GError-rh1161232.patch +Patch6: 0006-refresh-DNS-if-plugin-child-quits-unexpectedly-rh1161232.patch + # Cherry-picks from upstream: # http://cgit.freedesktop.org/NetworkManager/NetworkManager/log/?h=nm-0-9-10 -# + +# https://bugzilla.redhat.com/show_bug.cgi?id=1168573 +Patch7: 0007-cli-add-PHYS_PORT_ID-property-rh1168573.patch +Patch8: 0008-cli-better-indicate-Wi-Fi-plugin-missing-rh1168573.patch + +# https://bugzilla.redhat.com/show_bug.cgi?id=1209903 +Patch9: 0009-CVE-2015-2924-don-t-let-RA-lower-hop-limit-rh1209903.patch + +# https://bugzilla.redhat.com/show_bug.cgi?id=1205195 +Patch10: 0010-load-libnl-3.so.200-rh1205195.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) @@ -324,6 +339,14 @@ by nm-connection-editor and nm-applet in a non-graphical environment. %patch0 -p1 -b .explain-dns1-dns2.orig %patch1 -p1 -b .0001-connectivity-disable-HTTP-keepalive-for-connectivity.orig %patch2 -p1 -b .rh1203904-NM-loop-fix.orig +%patch3 -p1 -b .kill-dns-plugin-child-synchronously-rh1161232.orig +%patch4 -p1 -b .refactor-building-IP-config-lists-for-dns-plugins-rh1161232.orig +%patch5 -p1 -b .ensure-that-update_dns-always-returns-a-GError-rh1161232.orig +%patch6 -p1 -b .refresh-DNS-if-plugin-child-quits-unexpectedly-rh1161232.orig +%patch7 -p1 -b .cli-add-PHYS_PORT_ID-property-rh1168573.orig +%patch8 -p1 -b .cli-better-indicate-Wi-Fi-plugin-missing-rh1168573.orig +%patch9 -p1 -b .CVE-2015-2924-don-t-let-RA-lower-hop-limit-rh1209903.orig +%patch10 -p1 -b .load-libnl-3.so.200-rh1205195.orig %build @@ -595,6 +618,12 @@ fi %endif %changelog +* Wed May 6 2015 Lubomir Rintel - 1:0.9.10.2-4 +- Fix split DNS configuration with dnsmasq and VPN connections (rh #1161232) +- Fix indication that a WiFi plugin is missing (rh #1168573) +- Don't let IPv6 Router Advertisements lower Hop Limit (CVE-2015-2924) (rh #1209903) +- User a proper SONAME when loading libnl (rh #1205195) + * Fri Mar 20 2015 Jiří Klimeš - 1:0.9.10.2-3 - Fix NetworkManager loop when 0.0.0.0/1 is added (rh #1203924)