rpms/NetworkManager-libreswan
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix one small regression in nm-auto-defaults=yes

Browse Source 
* Symetric import/export with nm-auto-default (via comment)
* Esp param properly exported
* Correct leftid export when it contains @

Resolves: RHEL-122626
Resolves: RHEL-122306
This commit is contained in:
Vladimír Beneš 2025-10-21 10:11:49 +02:00
parent 259474b588
commit a269899f52
2 changed files with 59 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
0004-sanitize-before-exporting-RHEL-only.patch Normal file
View File

@ -0,0 +1,54 @@
From 15946667c771ba88d38f82cc467fd52d268e44bb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C3=8D=C3=B1igo=20Huguet?= <ihuguet@riseup.net>
Date: Tue, 21 Oct 2025 08:37:35 +0200
Subject: [PATCH] export: sanitize before exporting (RHEL only)
The commit referenced below moved the responsibility of sanitizing the
connection from nm_libreswan_get_ipsec_conf to its caller, but it forgot
to sanitize in export_to_file(). Fix it.
This is a RHEL-only patch, as this is fixed by a later commit that we
didn't want to backport yet. When we rebase, this patch can be dropped.
Fixes: 50d0fc5a265b ('Fix PSK authentication when leftid starts with `@`')
---
properties/nm-libreswan-editor-plugin.c | 16 ++++++++++++++--
1 file changed, 14 insertions(+), 2 deletions(-)
diff --git a/properties/nm-libreswan-editor-plugin.c b/properties/nm-libreswan-editor-plugin.c
index 2b455ba..7a75e09 100644
--- a/properties/nm-libreswan-editor-plugin.c
+++ b/properties/nm-libreswan-editor-plugin.c
@@ -91,6 +91,7 @@ export_to_file (NMVpnEditorPlugin *self,
GError **error)
{
NMSettingVpn *s_vpn;
+ gs_unref_object NMSettingVpn *s_vpn_sanitized = NULL;
gboolean openswan = FALSE;
gs_free_error GError *local = NULL;
gs_free char *ipsec_conf = NULL;
@@ -98,8 +99,19 @@ export_to_file (NMVpnEditorPlugin *self,
int version;
s_vpn = nm_connection_get_setting_vpn (connection);
- if (s_vpn)
- openswan = nm_streq (nm_setting_vpn_get_service_type (s_vpn), NM_VPN_SERVICE_TYPE_OPENSWAN);
+ if (!s_vpn) {
+ g_set_error_literal (error,
+ NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_INVALID_CONNECTION,
+ _("Empty VPN setting."));
+ return FALSE;
+ }
+
+ s_vpn_sanitized = sanitize_setting_vpn (s_vpn, error);
+ if (!s_vpn_sanitized)
+ return FALSE;
+
+ s_vpn = s_vpn_sanitized;
+ openswan = nm_streq (nm_setting_vpn_get_service_type (s_vpn), NM_VPN_SERVICE_TYPE_OPENSWAN);
nm_libreswan_detect_version (nm_libreswan_find_helper_bin ("ipsec", NULL),
&is_openswan, &version, NULL);
--
2.51.0

6
NetworkManager-libreswan.spec
View File

@ -11,7 +11,7 @@
%global real_version 1.2.27
%global rpm_version 1.2.27
%global release_version 2
%global release_version 3
%global real_version_major %(printf '%s' '%{real_version}' | sed -n 's/^\\([1-9][0-9]*\\.[1-9][0-9]*\\)\\.[1-9][0-9]*$/\\1/p')
@ -30,6 +30,7 @@ Source0: https://download.gnome.org/sources/NetworkManager-libreswan/%{real_ve
Patch0: 0001-Export-esp-option.patch
Patch1: 0002-fix-psk-auth-when-leftid-starts-with-at.patch
Patch2: 0003-import-export-nm-auto-defaults-no.patch
Patch3: 0004-sanitize-before-exporting-RHEL-only.patch
BuildRequires: make
BuildRequires: gcc
@ -131,6 +132,9 @@ rm -f %{buildroot}%{_libdir}/NetworkManager/lib*.la
%endif
%changelog
* Tue Oct 21 2025 Vladimír Beneš <vbenes@redhat.com> - 1.2.27-3
* Fix small nm-auto-defaults issue
* Mon Oct 20 2025 Vladimír Beneš <vbenes@redhat.com> - 1.2.27-2
* Symetric import/export with nm-auto-default (RHEL-122306)
* Esp param properly exported (RHEL-122626)