Import upstream patches after 1.8.2

This commit is contained in:
Beniamino Galvani 2017-07-17 18:06:18 +02:00
parent 8ca68d8c30
commit 46b9e17739
3 changed files with 272 additions and 2 deletions

View File

@ -0,0 +1,158 @@
From 810d243f3ebfe46e78024b239da19ac0cf150801 Mon Sep 17 00:00:00 2001
From: Jonathan Kang <jonathan121537@gmail.com>
Date: Thu, 6 Jul 2017 16:20:25 +0800
Subject: [PATCH 1/2] dhcp/dhclient: improve "interface" statement parsing
In commit d405cfd9089f9552969e6a3e1a1c4550fc3c1695, parsing "interface"
statement is introduced. But it leads to uncommplete parsing of the
"request" entry, if one of the lines in "request" entry is prefixed with
word "interface". For example, the default configuration of openSUSE
distribution:
request subnet-mask, broadcast-address, routers,
rfc3442-classless-static-routes,
interface-mtu, host-name, domain-name, domain-search,
domain-name-servers, nis-domain, nis-servers,
nds-context, nds-servers, nds-tree-name,
netbios-name-servers, netbios-dd-server,
netbios-node-type, netbios-scope, ntp-servers;
Fixes: d405cfd9089f9552969e6a3e1a1c4550fc3c1695
https://bugzilla.opensuse.org/show_bug.cgi?id=1047004
https://mail.gnome.org/archives/networkmanager-list/2017-July/msg00015.html
(cherry picked from commit 3646ed083dda590de1e991915048905b8c784cdd)
(cherry picked from commit 7200906a6202285a97969fea8dea86d5dce9cddf)
---
src/dhcp/nm-dhcp-dhclient-utils.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/dhcp/nm-dhcp-dhclient-utils.c b/src/dhcp/nm-dhcp-dhclient-utils.c
index 216319b..28c290c 100644
--- a/src/dhcp/nm-dhcp-dhclient-utils.c
+++ b/src/dhcp/nm-dhcp-dhclient-utils.c
@@ -296,7 +296,8 @@ nm_dhcp_dhclient_create_config (const char *interface,
continue;
if ( !intf[0]
- && g_str_has_prefix (p, "interface")) {
+ && g_str_has_prefix (p, "interface")
+ && !in_req) {
if (read_interface (p, intf, sizeof (intf)))
continue;
}
--
2.9.3
From 3f2821e1d95c0acb6aebd7d91ae5457c1739b664 Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Mon, 10 Jul 2017 11:40:43 +0200
Subject: [PATCH 2/2] dhcp/tests: add test parsing dhclient config
(cherry picked from commit 0c23191b01fb0582d8f3d470f463afdabc2fdf46)
(cherry picked from commit beeb8df9ac93ad432c9533362d862c0c2466cd5e)
---
src/dhcp/tests/test-dhcp-dhclient.c | 70 ++++++++++++++++++++++++++++++++-----
1 file changed, 62 insertions(+), 8 deletions(-)
diff --git a/src/dhcp/tests/test-dhcp-dhclient.c b/src/dhcp/tests/test-dhcp-dhclient.c
index 40a3e07..3c9760a 100644
--- a/src/dhcp/tests/test-dhcp-dhclient.c
+++ b/src/dhcp/tests/test-dhcp-dhclient.c
@@ -66,17 +66,16 @@ test_config (const char *orig,
&new_client_id);
g_assert (new != NULL);
-#if DEBUG
- if ( strlen (new) != strlen (expected)
- || strcmp (new, expected)) {
- g_message ("\n- NEW ---------------------------------\n"
+ if (!nm_streq (new, expected)) {
+ g_message ("\n* OLD ---------------------------------\n"
"%s"
- "+ EXPECTED ++++++++++++++++++++++++++++++\n"
+ "\n- NEW -----------------------------------\n"
"%s"
- "^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n",
- new, expected);
+ "\n+ EXPECTED ++++++++++++++++++++++++++++++\n"
+ "%s"
+ "\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n",
+ orig, new, expected);
}
-#endif
g_assert_cmpstr (new, ==, expected);
if (expected_new_client_id) {
@@ -831,6 +830,60 @@ test_interface2 (void)
NULL);
}
+static void
+test_config_req_intf (void)
+{
+ static const char *const orig = \
+ "request subnet-mask, broadcast-address, routers,\n"
+ " rfc3442-classless-static-routes,\n"
+ " interface-mtu, host-name, domain-name, domain-search,\n"
+ " domain-name-servers, nis-domain, nis-servers,\n"
+ " nds-context, nds-servers, nds-tree-name,\n"
+ " netbios-name-servers, netbios-dd-server,\n"
+ " netbios-node-type, netbios-scope, ntp-servers;\n"
+ "";
+ static const char *const expected = \
+ "# Created by NetworkManager\n"
+ "# Merged from /path/to/dhclient.conf\n"
+ "\n"
+ "\n"
+ "option rfc3442-classless-static-routes code 121 = array of unsigned integer 8;\n"
+ "option ms-classless-static-routes code 249 = array of unsigned integer 8;\n"
+ "option wpad code 252 = string;\n"
+ "\n"
+ "request; # override dhclient defaults\n"
+ "also request subnet-mask;\n"
+ "also request broadcast-address;\n"
+ "also request routers;\n"
+ "also request rfc3442-classless-static-routes;\n"
+ "also request interface-mtu;\n"
+ "also request host-name;\n"
+ "also request domain-name;\n"
+ "also request domain-search;\n"
+ "also request domain-name-servers;\n"
+ "also request nis-domain;\n"
+ "also request nis-servers;\n"
+ "also request nds-context;\n"
+ "also request nds-servers;\n"
+ "also request nds-tree-name;\n"
+ "also request netbios-name-servers;\n"
+ "also request netbios-dd-server;\n"
+ "also request netbios-node-type;\n"
+ "also request netbios-scope;\n"
+ "also request ntp-servers;\n"
+ "also request ms-classless-static-routes;\n"
+ "also request static-routes;\n"
+ "also request wpad;\n"
+ "\n";
+
+ test_config (orig, expected,
+ FALSE, NULL, FALSE,
+ NULL,
+ NULL,
+ "eth0",
+ NULL);
+}
+
/*****************************************************************************/
static void
@@ -982,6 +1035,7 @@ main (int argc, char **argv)
g_test_add_func ("/dhcp/dhclient/duids", test_duids);
g_test_add_func ("/dhcp/dhclient/interface/1", test_interface1);
g_test_add_func ("/dhcp/dhclient/interface/2", test_interface2);
+ g_test_add_func ("/dhcp/dhclient/config/req_intf", test_config_req_intf);
g_test_add_func ("/dhcp/dhclient/read_duid_from_leasefile", test_read_duid_from_leasefile);
g_test_add_func ("/dhcp/dhclient/read_commented_duid_from_leasefile", test_read_commented_duid_from_leasefile);
--
2.9.3

View File

@ -0,0 +1,108 @@
From dd3531f120df2e9d249c6fddc062345c169db58e Mon Sep 17 00:00:00 2001
From: Beniamino Galvani <bgalvani@redhat.com>
Date: Fri, 14 Jul 2017 07:10:08 +0200
Subject: [PATCH] dns: perform the public-suffix check only for the
hostname-derived domain
The DNS manager drops from the search list domains that are public
suffixes to prevent a possible domain hijack when using two-labels
hostnames [1].
This is a problem now that every single-label domain can be a TLD
since this means that such domains can't be used in the search list.
While it's useful to apply such restriction to the domain
automatically derived from the system hostname, it seems wrong to drop
domains specified by users in the configuration or provided by DHCP.
This commit keeps the public-suffix check only for the
hostname-derived domain
[1] https://bugzilla.redhat.com/show_bug.cgi?id=812394
https://bugzilla.redhat.com/show_bug.cgi?id=1404350
(cherry picked from commit 5aa22ed8c9c1944f8843442912561dcec83a11b2)
(cherry picked from commit e80163c713cdd911cb79036f3f7b629040297c58)
---
src/dns/nm-dns-manager.c | 18 +++++++++---------
1 file changed, 9 insertions(+), 9 deletions(-)
diff --git a/src/dns/nm-dns-manager.c b/src/dns/nm-dns-manager.c
index f443f34..952468e 100644
--- a/src/dns/nm-dns-manager.c
+++ b/src/dns/nm-dns-manager.c
@@ -158,12 +158,12 @@ G_DEFINE_TYPE (NMDnsManager, nm_dns_manager, NM_TYPE_EXPORTED_OBJECT)
#define NM_DNS_MANAGER_GET_PRIVATE(self) _NM_GET_PRIVATE(self, NMDnsManager, NM_IS_DNS_MANAGER)
static gboolean
-domain_is_valid (const gchar *domain)
+domain_is_valid (const gchar *domain, gboolean check_public_suffix)
{
if (*domain == '\0')
return FALSE;
#if WITH_LIBPSL
- if (psl_is_public_suffix (psl_builtin (), domain))
+ if (check_public_suffix && psl_is_public_suffix (psl_builtin (), domain))
return FALSE;
#endif
return TRUE;
@@ -312,7 +312,7 @@ merge_one_ip4_config (NMResolvConfData *rc, NMIP4Config *src)
const char *search;
search = nm_ip4_config_get_search (src, i);
- if (!domain_is_valid (search))
+ if (!domain_is_valid (search, FALSE))
continue;
add_string_item (rc->searches, search);
}
@@ -322,7 +322,7 @@ merge_one_ip4_config (NMResolvConfData *rc, NMIP4Config *src)
const char *domain;
domain = nm_ip4_config_get_domain (src, i);
- if (!domain_is_valid (domain))
+ if (!domain_is_valid (domain, FALSE))
continue;
add_string_item (rc->searches, domain);
}
@@ -382,7 +382,7 @@ merge_one_ip6_config (NMResolvConfData *rc, NMIP6Config *src, const char *iface)
const char *search;
search = nm_ip6_config_get_search (src, i);
- if (!domain_is_valid (search))
+ if (!domain_is_valid (search, FALSE))
continue;
add_string_item (rc->searches, search);
}
@@ -392,7 +392,7 @@ merge_one_ip6_config (NMResolvConfData *rc, NMIP6Config *src, const char *iface)
const char *domain;
domain = nm_ip6_config_get_domain (src, i);
- if (!domain_is_valid (domain))
+ if (!domain_is_valid (domain, FALSE))
continue;
add_string_item (rc->searches, domain);
}
@@ -923,7 +923,7 @@ merge_global_dns_config (NMResolvConfData *rc, NMGlobalDnsConfig *global_conf)
options = nm_global_dns_config_get_options (global_conf);
for (i = 0; searches && searches[i]; i++) {
- if (domain_is_valid (searches[i]))
+ if (domain_is_valid (searches[i], FALSE))
add_string_item (rc->searches, searches[i]);
}
@@ -1055,9 +1055,9 @@ _collect_resolv_conf_data (NMDnsManager *self, /* only for logging context, no o
if ( hostdomain
&& !nm_utils_ipaddr_valid (AF_UNSPEC, hostname)) {
hostdomain++;
- if (domain_is_valid (hostdomain))
+ if (domain_is_valid (hostdomain, TRUE))
add_string_item (rc.searches, hostdomain);
- else if (domain_is_valid (hostname))
+ else if (domain_is_valid (hostname, TRUE))
add_string_item (rc.searches, hostname);
}
}
--
2.9.3

View File

@ -82,7 +82,8 @@ Source1: NetworkManager.conf
Source2: 00-server.conf Source2: 00-server.conf
Source3: 20-connectivity-fedora.conf Source3: 20-connectivity-fedora.conf
#Patch1: Patch1: 0001-dhcp-interface-parsing.patch
Patch2: 0002-dns-fix-domain-suffix-check.patch
Requires(post): systemd Requires(post): systemd
Requires(preun): systemd Requires(preun): systemd
@ -337,7 +338,8 @@ by nm-connection-editor and nm-applet in a non-graphical environment.
%prep %prep
%setup -q -n NetworkManager-%{real_version} %setup -q -n NetworkManager-%{real_version}
#%patch1 -p1 %patch1 -p1
%patch2 -p1
%build %build
%if %{with regen_docs} %if %{with regen_docs}
@ -652,6 +654,8 @@ fi
%changelog %changelog
* Mon Jul 17 2017 Beniamino Galvani <bgalvani@redhat.com> - 1:1.8.2-1 * Mon Jul 17 2017 Beniamino Galvani <bgalvani@redhat.com> - 1:1.8.2-1
- Update to 1.8.2 release - Update to 1.8.2 release
- dhcp/dhclient: improve "interface" statement parsing
- dns: fix public suffix check on search domains (rh #1404350)
* Thu Jun 22 2017 Lubomir Rintel <lkundrak@v3.sk> - 1:1.8.0-6 * Thu Jun 22 2017 Lubomir Rintel <lkundrak@v3.sk> - 1:1.8.0-6
- device: don't change MTU unless explicitly configured (rh #1460760) - device: don't change MTU unless explicitly configured (rh #1460760)