Compare commits

...

No commits in common. "c8" and "c10s" have entirely different histories.
c8 ... c10s

9 changed files with 161 additions and 26069 deletions

View File

@ -1 +0,0 @@
a3ec22a8e76f3358d9f69dc505d22267e936dbae SOURCES/NetworkManager-libreswan-1.2.10.tar.xz

26
.gitignore vendored
View File

@ -1 +1,25 @@
SOURCES/NetworkManager-libreswan-1.2.10.tar.xz NetworkManager-openswan-0.8.tar.gz
/NetworkManager-openswan-0.9.8.0.sha256sum
/NetworkManager-openswan-0.9.8.0.tar.xz
/NetworkManager-openswan-0.9.8.4.sha256sum
/NetworkManager-openswan-0.9.8.4.tar.xz
/NetworkManager-openswan-1.0.0.tar.xz
/NetworkManager-openswan-1.0.2.tar.xz
/NetworkManager-openswan-1.0.6.tar.xz
/NetworkManager-openswan-1.2.0.tar.xz
/NetworkManager-libreswan-1.2.0.tar.xz
/NetworkManager-libreswan-1.1.90.tar.xz
/NetworkManager-libreswan-1.1.91.tar.xz
/NetworkManager-libreswan-1.1.92.tar.xz
/NetworkManager-libreswan-1.1.93.tar.xz
/NetworkManager-libreswan-1.2.2.tar.xz
/NetworkManager-libreswan-1.2.4.tar.xz
/NetworkManager-libreswan-1.2.6.tar.xz
/NetworkManager-libreswan-1.2.10.tar.xz
/NetworkManager-libreswan-1.2.12.tar.xz
/NetworkManager-libreswan-1.2.14.tar.xz
/NetworkManager-libreswan-1.2.16.tar.xz
/NetworkManager-libreswan-1.2.18.tar.xz
/NetworkManager-libreswan-1.2.20.tar.xz
/NetworkManager-libreswan-1.2.22.tar.xz
/NetworkManager-libreswan-1.2.24.tar.xz

View File

@ -1,26 +1,34 @@
%if 0%{?fedora} < 28 && 0%{?rhel} < 8 %if 0%{?fedora} < 28 && 0%{?rhel} < 8
%bcond_without libnm_glib %bcond_without libnm_glib
%else %else
# Disable the legacy version by default
%bcond_with libnm_glib %bcond_with libnm_glib
%endif %endif
%if 0%{?fedora} < 36 && 0%{?rhel} < 10
%bcond_with gtk4
%else
%bcond_without gtk4
%endif
%global nm_version 1:1.2.0 %global nm_version 1:1.2.0
%global nma_version 1.2.0 %global nma_version 1.2.0
Summary: NetworkManager VPN plug-in for IPsec VPN Summary: NetworkManager VPN plug-in for IPsec VPN
Name: NetworkManager-libreswan Name: NetworkManager-libreswan
Version: 1.2.10 Version: 1.2.24
Release: 7%{?dist} Release: 2%{?dist}
License: GPLv2+ License: GPL-2.0-or-later
URL: http://www.gnome.org/projects/NetworkManager/ URL: https://gitlab.gnome.org/GNOME/NetworkManager-libreswan
Group: System Environment/Base
Source0: https://download.gnome.org/sources/NetworkManager-libreswan/1.2/%{name}-%{version}.tar.xz Source0: https://download.gnome.org/sources/NetworkManager-libreswan/1.2/%{name}-%{version}.tar.xz
Patch0: 0001-po-import-translations-from-Red-Hat-translators.patch
Patch1: 0002-properties-set-advanced-dialog-modal.patch
Patch2: 0003-service-fix-wrong-refcounting-in-D-Bus-handler-for-C.patch
Patch3: 0004-ipsec-conf-escaping-cve-2024-9050.patch
# These are not bugfixes, hence they are also relevant after
# the next rebase of the source tarball.
# Patch0001: 0001-some.patch
# Bugfixes that are only relevant until next rebase of the package.
# Patch1001: 1001-some.patch
BuildRequires: make
BuildRequires: gcc
BuildRequires: gtk3-devel BuildRequires: gtk3-devel
BuildRequires: libnl3-devel BuildRequires: libnl3-devel
BuildRequires: NetworkManager-libnm-devel >= %{nm_version} BuildRequires: NetworkManager-libnm-devel >= %{nm_version}
@ -34,8 +42,12 @@ BuildRequires: NetworkManager-glib-devel >= %{nm_version}
BuildRequires: libnm-gtk-devel >= %{nma_version} BuildRequires: libnm-gtk-devel >= %{nma_version}
%endif %endif
%if %with gtk4
BuildRequires: libnma-gtk4-devel
%endif
Requires: NetworkManager >= %{nm_version} Requires: NetworkManager >= %{nm_version}
Requires: dbus Requires: dbus-common
Requires: /usr/sbin/ipsec Requires: /usr/sbin/ipsec
Provides: NetworkManager-openswan = %{version}-%{release} Provides: NetworkManager-openswan = %{version}-%{release}
@ -45,13 +57,14 @@ Obsoletes: NetworkManager-openswan < %{version}-%{release}
%global __provides_exclude ^(%{_privatelibs})$ %global __provides_exclude ^(%{_privatelibs})$
%global __requires_exclude ^(%{_privatelibs})$ %global __requires_exclude ^(%{_privatelibs})$
%description %description
This package contains software for integrating the libreswan VPN software This package contains software for integrating the libreswan VPN software
with NetworkManager and the GNOME desktop with NetworkManager and the GNOME desktop
%package -n NetworkManager-libreswan-gnome %package -n NetworkManager-libreswan-gnome
Summary: NetworkManager VPN plugin for libreswan - GNOME files Summary: NetworkManager VPN plugin for libreswan - GNOME files
Group: System Environment/Base
Requires: %{name}%{?_isa} = %{version}-%{release} Requires: %{name}%{?_isa} = %{version}-%{release}
Requires: shared-mime-info Requires: shared-mime-info
@ -63,87 +76,151 @@ Obsoletes: NetworkManager-openswan-gnome < %{version}-%{release}
This package contains software for integrating VPN capabilities with This package contains software for integrating VPN capabilities with
the libreswan server with NetworkManager (GNOME files). the libreswan server with NetworkManager (GNOME files).
%prep %prep
%autosetup -p1 -n %{name}-%{version} %autosetup -p1
%build %build
%configure \ %configure \
--disable-static \ --disable-static \
%if %with gtk4
--with-gtk4 \
%endif
%if %without libnm_glib %if %without libnm_glib
--without-libnm-glib \ --without-libnm-glib \
%endif %endif
--enable-more-warnings=yes \ --enable-more-warnings=yes \
--with-dist-version=%{version}-%{release} --with-dist-version=%{version}-%{release}
make %{?_smp_mflags} %make_build
%install %install
make install DESTDIR=%{buildroot} %make_install
rm -f %{buildroot}%{_libdir}/NetworkManager/lib*.la rm -f %{buildroot}%{_libdir}/NetworkManager/lib*.la
mv %{buildroot}%{_sysconfdir}/dbus-1 %{buildroot}%{_datadir}/
%find_lang %{name} %find_lang %{name}
%post
update-desktop-database &> /dev/null || :
%postun
update-desktop-database &> /dev/null || :
%files -f %{name}.lang %files -f %{name}.lang
%{_libdir}/NetworkManager/libnm-vpn-plugin-libreswan.so %{_libdir}/NetworkManager/libnm-vpn-plugin-libreswan.so
%{_sysconfdir}/dbus-1/system.d/nm-libreswan-service.conf %{_datadir}/dbus-1/system.d/nm-libreswan-service.conf
%{_prefix}/lib/NetworkManager/VPN/nm-libreswan-service.name %{_prefix}/lib/NetworkManager/VPN/nm-libreswan-service.name
%{_libexecdir}/nm-libreswan-service %{_libexecdir}/nm-libreswan-service
%{_libexecdir}/nm-libreswan-service-helper %{_libexecdir}/nm-libreswan-service-helper
%{_mandir}/man5/nm-settings-libreswan.5.gz %{_mandir}/man5/nm-settings-libreswan.5.gz
%doc AUTHORS ChangeLog NEWS %doc AUTHORS NEWS
%license COPYING %license COPYING
%files -n NetworkManager-libreswan-gnome %files -n NetworkManager-libreswan-gnome
%{_libexecdir}/nm-libreswan-auth-dialog %{_libexecdir}/nm-libreswan-auth-dialog
%{_libdir}/NetworkManager/libnm-vpn-plugin-libreswan-editor.so %{_libdir}/NetworkManager/libnm-vpn-plugin-libreswan-editor.so
%dir %{_datadir}/gnome-vpn-properties/libreswan %{_metainfodir}/network-manager-libreswan.metainfo.xml
%{_datadir}/gnome-vpn-properties/libreswan/nm-libreswan-dialog.ui
%{_datadir}/appdata/network-manager-libreswan.metainfo.xml
%if %with libnm_glib %if %with libnm_glib
%{_libdir}/NetworkManager/libnm-*-properties.so %{_libdir}/NetworkManager/libnm-*-properties.so
%{_sysconfdir}/NetworkManager/VPN/nm-libreswan-service.name %{_sysconfdir}/NetworkManager/VPN/nm-libreswan-service.name
%endif %endif
%changelog %if %with gtk4
* Thu Oct 03 2024 Lubomir Rintel <lkundrak@v3.sk> - 1.2.10-7 %{_libdir}/NetworkManager/libnm-gtk4-vpn-plugin-libreswan-editor.so
- Unbreak validation of unknown keys %endif
* Wed Sep 25 2024 Lubomir Rintel <lkundrak@v3.sk> - 1.2.10-6
%changelog
* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 1.2.24-2
- Bump release for October 2024 mass rebuild:
Resolves: RHEL-64018
* Tue Oct 22 2024 Lubomir Rintel <lkundrak@v3.sk> - 1.2.24-1
- Update to 1.2.24 release
- Fix improper escaping of Libreswan configuration (CVE-2024-9050) - Fix improper escaping of Libreswan configuration (CVE-2024-9050)
* Mon Feb 5 2024 Wen Liang <wenliang@redhat.com> - 1.2.10-5 * Thu Sep 12 2024 Íñigo Huguet <ihuguet@redhat.com> - 1.2.22-3
- Fix crash in libreswan_add_profile_wrong_password (RHEL-13123) - Support require-id-on-certificate (RHEL-58812)
* Tue Jul 9 2019 Francesco Giudici <fgiudici@redhat.com> - 1.2.10-4 * Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 1.2.22-2
- Fix Gnome IPsec advanced options dialog (rh #1697329) - Bump release for June 2024 mass rebuild
* Mon Dec 10 2018 Lubomir Rintel <lkundrak@v3.sk> - 1.2.10-3 * Wed May 22 2024 Beniamino Galvani <bgalvani@redhat.com> - 1.2.22-1
- Update the translations (rh #1608329) - Add IPv6 support (RHEL-21875)
* Thu Oct 16 2018 Lubomir Rintel <lkundrak@v3.sk> - 1.2.10-2 * Fri Apr 19 2024 Íñigo Huguet <ihuguet@redhat.com> - 1.2.20-2
- Import the translations (rh #1608329) - Added gating.yaml
* Mon Oct 15 2018 Francesco Giudici <fgiudici@redhat.com> - 1.2.10-1 * Wed Apr 17 2024 Íñigo Huguet <ihuguet@redhat.com> - 1.2.20-1
- Update to 1.2.10 release (rh #1637867) - Update to 1.2.20 release
- Fix import functionality (rh #1633174)
* Wed Oct 3 2018 Beniamino Galvani <bgalvani@redhat.com> - 1.2.8-2 * Mon Jan 22 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.18-3
- Rebuild with updated annobin (rh #1630605) - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Mon Sep 17 2018 Francesco Giudici <fgiudici@redhat.com> - 1.2.8-1 * Fri Jan 19 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.18-2
- Update to 1.2.8 release - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Mon Aug 13 2018 Francesco Giudici <fgiudici@redhat.com> - 1.2.8-0.1 * Fri Dec 15 2023 Beniamino Galvani <bgalvani@redhat.com> - 1.2.18-1
- Update to latest development snapshot of NetworkManager-libreswan 1.2.8 - Update to 1.2.18 release
- Introduced IKEv2 support (rh #1557035)
- Introduced support to more Libreswan properties (rh #1557035) * Fri Sep 08 2023 Till Maas <opensource@till.name> - 1.2.16-5
- Updated translations - Migrate to spdx license
- Cleanup whitespace
- Use make macros
- Fix changelog
- Update URL
* Wed Jul 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.16-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Wed Jan 18 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.16-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Wed Jul 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.16-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Fri Mar 11 2022 Lubomir Rintel <lkundrak@v3.sk> - 1.2.16-1
- Update to 1.2.16 release
* Wed Jan 19 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.14-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Wed Jul 21 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.14-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Mon Feb 15 2021 Lubomir Rintel <lkundrak@v3.sk> - 1.2.14-2
- Move dbus service file into /usr/share/dbus-1
* Mon Jan 25 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.14-1.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Tue Jan 12 2021 Beniamino Galvani <bgalvani@redhat.com> - 1.2.14-1
- Update to 1.2.14 release
* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.12-1.2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.12-1.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Wed Jul 31 2019 Francesco Giudici <fgiudici@redhat.com> - 1.2.12-1
- Updated to 1.2.12
* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.10-1.2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.10-1.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Thu Oct 18 2018 Francesco Giudici <fgiudici@redhat.com> - 1.2.10-1
- Updated to 1.2.10
- Import latest translations from upstream
* Wed Aug 22 2018 Paul Wouters <pwouters@redhat.com> - 1.2.6-1
- Updated to 1.2.6
- Upstream patches for IKEv2 support
* Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.4-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.4-6 * Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.4-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild

View File

@ -1,26 +0,0 @@
From eaf501ab7cb732a152097d2af5636b03fd3f029d Mon Sep 17 00:00:00 2001
From: Francesco Giudici <fgiudici@redhat.com>
Date: Mon, 15 Apr 2019 14:51:26 +0200
Subject: [PATCH] properties: set advanced dialog modal
https://bugzilla.redhat.com/show_bug.cgi?id=1697329
---
properties/nm-libreswan-dialog.ui | 2 ++
1 file changed, 2 insertions(+)
diff --git a/properties/nm-libreswan-dialog.ui b/properties/nm-libreswan-dialog.ui
index 73522d4..e355c08 100644
--- a/properties/nm-libreswan-dialog.ui
+++ b/properties/nm-libreswan-dialog.ui
@@ -451,6 +451,8 @@
<property name="can_focus">False</property>
<property name="border_width">12</property>
<property name="title" translatable="yes">IPsec Advanced Options</property>
+ <property name="modal">True</property>
+ <property name="destroy_with_parent">True</property>
<property name="type_hint">dialog</property>
<child internal-child="vbox">
<object class="GtkBox" id="dialog-vbox1">
--
2.20.1

View File

@ -1,68 +0,0 @@
From 4be4c56b4f8a52b1cd5f8aadee273706c28ae332 Mon Sep 17 00:00:00 2001
From: Beniamino Galvani <bgalvani@redhat.com>
Date: Sat, 13 Jan 2024 18:10:02 +0100
Subject: [PATCH 1/1] service: fix wrong refcounting in D-Bus handler for
Callback()
The Callback() D-Bus method is handled via a GDBus-generated skeleton
code in nm-libreswan-helper-service-dbus.c, function
_nmdbus_libreswan_helper_skeleton_handle_method_call(). The function
emits signal "handle-callback" to let the program handle the incoming
method. As documented in the GDoc comments, the signal handler must
return TRUE if it handles the call.
```
/**
* NMDBusLibreswanHelper::handle-callback:
* @object: A #NMDBusLibreswanHelper.
* @invocation: A #GDBusMethodInvocation.
* @arg_environment: Argument passed by remote caller.
* Signal emitted when a remote caller is invoking the Callback()
D-Bus method.
* If a signal handler returns %TRUE, it means the signal handler
will handle the invocation (e.g. take a reference to @invocation
and eventually call nmdbus_libreswan_helper_complete_callback()
or e.g. g_dbus_method_invocation_return_error() on it) and no
other signal handlers will run. If no signal handler handles the
invocation, the %G_DBUS_ERROR_UNKNOWN_METHOD error is returned.
* Returns: %G_DBUS_METHOD_INVOCATION_HANDLED or %TRUE if the
invocation was handled, %G_DBUS_METHOD_INVOCATION_UNHANDLED or
%FALSE to let other signal handlers run.
*/
```
At the moment, in case of error the handler first calls
nmdbus_libreswan_helper_complete_callback() which decreases the
refcount of "invocation", and then returns FALSE which tells the
skeleton code to return an error, also unreferencing the
invocation. This causes a crash.
Since the G_DBUS_METHOD_INVOCATION_HANDLED alias for TRUE is only
available since GLib 2.68 (while we target 2.36), just return TRUE.
Fixes: acb9eb9de50b ('service: process the configuration in the service, not the helper')
(cherry picked from commit 8ceb901719acac3778e1d76779d9c14289185157)
---
src/nm-libreswan-service.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/nm-libreswan-service.c b/src/nm-libreswan-service.c
index fc470a6..4850729 100644
--- a/src/nm-libreswan-service.c
+++ b/src/nm-libreswan-service.c
@@ -1379,7 +1379,8 @@ out:
}
nmdbus_libreswan_helper_complete_callback (object, invocation);
- return success;
+
+ return TRUE;
}
/****************************************************************/
--
2.43.0

File diff suppressed because it is too large Load Diff

6
gating.yaml Normal file
View File

@ -0,0 +1,6 @@
--- !Policy
product_versions:
- rhel-10
decision_context: osci_compose_gate
rules:
- !PassingTestCaseRule {test_case_name: desktop-qe.desktop-ci.tier1-gating.functional}

1
sources Normal file
View File

@ -0,0 +1 @@
SHA512 (NetworkManager-libreswan-1.2.24.tar.xz) = 8b7c8d7736b3ffcb27d6e28c9073f0cad5098decc41342643dd7392c361a7d2664bdac17ca895b14c9b224d330637d4f5d095f242b06e3d312b00803993c6e5c