diff --git a/SOURCES/0001-network-Populate-AP-list-from-idle-handler.patch b/SOURCES/0001-network-Populate-AP-list-from-idle-handler.patch index c2b8ce9..f5b4b26 100644 --- a/SOURCES/0001-network-Populate-AP-list-from-idle-handler.patch +++ b/SOURCES/0001-network-Populate-AP-list-from-idle-handler.patch @@ -1,7 +1,7 @@ -From 1a7953a72419342437c7c6ca90cccc31f2658757 Mon Sep 17 00:00:00 2001 +From 3e03aaba0453894aa0affd5b2e4f6a54794387cf Mon Sep 17 00:00:00 2001 From: Benjamin Berg Date: Wed, 28 Jul 2021 22:16:21 +0200 -Subject: [PATCH 1/5] network: Populate AP list from idle handler +Subject: [PATCH 1/8] network: Populate AP list from idle handler Doing this should prevent the UI from becoming completely unusable as updates of the AP list should be batched up rather than processed @@ -11,7 +11,7 @@ sequentially. 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/panels/network/net-device-wifi.c b/panels/network/net-device-wifi.c -index 313e9ab8c..1f0e4832e 100644 +index 313e9ab8c..33758e499 100644 --- a/panels/network/net-device-wifi.c +++ b/panels/network/net-device-wifi.c @@ -64,6 +64,7 @@ struct _NetDeviceWifiPrivate @@ -64,10 +64,10 @@ index 313e9ab8c..1f0e4832e 100644 + if (device_wifi->priv->populate_ap_list_idle_id != 0) + return; + -+ device_wifi->priv->populate_ap_list_idle_id = g_idle_add (populate_ap_list_idle, device_wifi); ++ device_wifi->priv->populate_ap_list_idle_id = g_idle_add ((GSourceFunc) populate_ap_list_idle, device_wifi); } static void -- -2.31.1 +2.34.1 diff --git a/SOURCES/0002-ce-page-security-add-SAE-support.patch b/SOURCES/0002-ce-page-security-add-SAE-support.patch index 95b92de..c0747ee 100644 --- a/SOURCES/0002-ce-page-security-add-SAE-support.patch +++ b/SOURCES/0002-ce-page-security-add-SAE-support.patch @@ -1,7 +1,7 @@ -From 8fe7fd50d06066952e21c92f37eaa4359af6d8bf Mon Sep 17 00:00:00 2001 +From f57cad1d508b4f07cc39fd6f7abedd66d1fe9b50 Mon Sep 17 00:00:00 2001 From: David Bauer Date: Fri, 20 Dec 2019 19:54:01 +0100 -Subject: [PATCH 2/5] ce-page-security: add SAE support +Subject: [PATCH 2/8] ce-page-security: add SAE support (cherry picked from commit 2e79c531942cf88051498c962116c010835ab7e1) --- @@ -57,5 +57,5 @@ index d06e3aeb1..5104d7442 100644 CE_PAGE (page)->security_setting = NM_SETTING_WIRELESS_SECURITY_SETTING_NAME; } -- -2.31.1 +2.34.1 diff --git a/SOURCES/0003-ce-page-details-add-SAE-support.patch b/SOURCES/0003-ce-page-details-add-SAE-support.patch index a70f9b7..1ae22f9 100644 --- a/SOURCES/0003-ce-page-details-add-SAE-support.patch +++ b/SOURCES/0003-ce-page-details-add-SAE-support.patch @@ -1,7 +1,7 @@ -From f94d461b61e4c95b71234d24d86d13a35c9bf485 Mon Sep 17 00:00:00 2001 +From 17ca12acd4e0a924a1acd5107b8569dd66d368af Mon Sep 17 00:00:00 2001 From: David Bauer Date: Sat, 21 Dec 2019 17:39:02 +0100 -Subject: [PATCH 3/5] ce-page-details: add SAE support +Subject: [PATCH 3/8] ce-page-details: add SAE support (cherry picked from commit 97f6c8f53c15c7ccb9dd7a65ce1ac02ebc18a724) --- @@ -33,5 +33,5 @@ index c972c0e5b..f0c594dd4 100644 if ((wpa_flags & NM_802_11_AP_SEC_KEY_MGMT_802_1X) || (rsn_flags & NM_802_11_AP_SEC_KEY_MGMT_802_1X)) { -- -2.31.1 +2.34.1 diff --git a/SOURCES/0004-net-device-wifi-Decode-SAE-AP-security.patch b/SOURCES/0004-net-device-wifi-Decode-SAE-AP-security.patch index 651ebfc..6cfeb0d 100644 --- a/SOURCES/0004-net-device-wifi-Decode-SAE-AP-security.patch +++ b/SOURCES/0004-net-device-wifi-Decode-SAE-AP-security.patch @@ -1,7 +1,7 @@ -From 2fe515d0ac3ba9f7ebe0de180a949de8a7cc0d2b Mon Sep 17 00:00:00 2001 +From 0904ae538704409c19c08c88957ff4283d4a152d Mon Sep 17 00:00:00 2001 From: Benjamin Berg Date: Tue, 2 Feb 2021 17:27:05 +0100 -Subject: [PATCH 4/5] net-device-wifi: Decode SAE AP security +Subject: [PATCH 4/8] net-device-wifi: Decode SAE AP security Decode this information for the wireless row. Note that we don't really need this, as it would incorrectly select WPA2 which results in the same @@ -13,7 +13,7 @@ Based on upstream commit da0c45f2ab2b7b78695cfff9d6b7a2b045340ac7 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/panels/network/net-device-wifi.c b/panels/network/net-device-wifi.c -index 1f0e4832e..af0e89733 100644 +index 33758e499..da1e4837a 100644 --- a/panels/network/net-device-wifi.c +++ b/panels/network/net-device-wifi.c @@ -46,7 +46,8 @@ typedef enum { @@ -38,5 +38,5 @@ index 1f0e4832e..af0e89733 100644 type = NM_AP_SEC_WPA2; -- -2.31.1 +2.34.1 diff --git a/SOURCES/0005-network-complete-SAE-support.patch b/SOURCES/0005-network-complete-SAE-support.patch index 8976fa1..d3ffe1d 100644 --- a/SOURCES/0005-network-complete-SAE-support.patch +++ b/SOURCES/0005-network-complete-SAE-support.patch @@ -1,7 +1,7 @@ -From 52420680c5fda5e672aab614bfa7b8d5e2ab85c8 Mon Sep 17 00:00:00 2001 +From 1289e8ea1dbeb91012c262fcb6f014ec73d4c690 Mon Sep 17 00:00:00 2001 From: Jonathan Kang Date: Wed, 9 Sep 2020 14:58:06 +0800 -Subject: [PATCH 5/5] network: complete SAE support +Subject: [PATCH 5/8] network: complete SAE support Added WirelessSecuritySAE class to fully implement SAE support. @@ -13,10 +13,10 @@ Heavily modifid and based on the 3.28.2 version of the WPA PSK widget. panels/network/wireless-security/meson.build | 3 + .../wireless-security.gresource.xml | 1 + .../wireless-security/wireless-security.h | 1 + - panels/network/wireless-security/ws-sae.c | 216 ++++++++++++++++++ + panels/network/wireless-security/ws-sae.c | 214 ++++++++++++++++++ panels/network/wireless-security/ws-sae.h | 30 +++ panels/network/wireless-security/ws-sae.ui | 117 ++++++++++ - 7 files changed, 372 insertions(+), 4 deletions(-) + 7 files changed, 370 insertions(+), 4 deletions(-) create mode 100644 panels/network/wireless-security/ws-sae.c create mode 100644 panels/network/wireless-security/ws-sae.h create mode 100644 panels/network/wireless-security/ws-sae.ui @@ -95,10 +95,10 @@ index 975e750f6..c5508ad1b 100644 diff --git a/panels/network/wireless-security/ws-sae.c b/panels/network/wireless-security/ws-sae.c new file mode 100644 -index 000000000..3138cd723 +index 000000000..96138d522 --- /dev/null +++ b/panels/network/wireless-security/ws-sae.c -@@ -0,0 +1,216 @@ +@@ -0,0 +1,214 @@ +/* -*- Mode: C; tab-width: 4; indent-tabs-mode: t; c-basic-offset: 4 -*- */ +/* NetworkManager Applet -- allow user control over networking + * @@ -158,8 +158,6 @@ index 000000000..3138cd723 +{ + GtkWidget *entry; + const char *key; -+ gsize len; -+ int i; + + entry = GTK_WIDGET (gtk_builder_get_object (parent->builder, "sae_entry")); + g_assert (entry); @@ -475,5 +473,5 @@ index 000000000..d523f16c8 + + -- -2.31.1 +2.34.1 diff --git a/SOURCES/0006-Add-support-for-Enhanced-Open-WiFi-security.patch b/SOURCES/0006-Add-support-for-Enhanced-Open-WiFi-security.patch index 76037aa..bd73588 100644 --- a/SOURCES/0006-Add-support-for-Enhanced-Open-WiFi-security.patch +++ b/SOURCES/0006-Add-support-for-Enhanced-Open-WiFi-security.patch @@ -1,7 +1,7 @@ -From c95964913893c6dca47e2987eb75730229ae1658 Mon Sep 17 00:00:00 2001 +From 73fb050f06649e717aea5654394fe45cd921d4df Mon Sep 17 00:00:00 2001 From: David Bauer Date: Fri, 17 Jul 2020 03:41:44 +0000 -Subject: [PATCH] Add support for Enhanced Open WiFi security +Subject: [PATCH 6/8] Add support for Enhanced Open WiFi security (cherry picked from commit 1d0b664f7c5e38e9d8933956c1cc4661244edb7d) --- @@ -75,7 +75,7 @@ index 37b1e1286..52efb9da1 100644 default_type == NMU_SEC_WPA2_PSK) { CE_PAGE (page)->security_setting = NM_SETTING_WIRELESS_SECURITY_SETTING_NAME; diff --git a/panels/network/net-device-wifi.c b/panels/network/net-device-wifi.c -index af0e89733..86291c08d 100644 +index da1e4837a..fc2fba63f 100644 --- a/panels/network/net-device-wifi.c +++ b/panels/network/net-device-wifi.c @@ -47,7 +47,8 @@ typedef enum { @@ -110,5 +110,5 @@ index af0e89733..86291c08d 100644 } else { widget = gtk_label_new (""); -- -2.31.1 +2.34.1 diff --git a/SOURCES/0007-network-Fix-connection-selection-and-SSID-display-fo.patch b/SOURCES/0007-network-Fix-connection-selection-and-SSID-display-fo.patch new file mode 100644 index 0000000..0bfa761 --- /dev/null +++ b/SOURCES/0007-network-Fix-connection-selection-and-SSID-display-fo.patch @@ -0,0 +1,216 @@ +From e6cebd2fc9b0d18a92f2935e23551b62a7031236 Mon Sep 17 00:00:00 2001 +From: Benjamin Berg +Date: Tue, 4 Jan 2022 11:29:25 +0100 +Subject: [PATCH 7/8] network: Fix connection selection and SSID display for + OWE + +When dealing with OWE APs, we need to use the SSID from the connection +rather than the AP. In this case, we want to group the current AP with +other APs that have the connection SSID. + +As such, first change the unqiue AP selection to take the active AP and +active connection into account (preferring the active AP for correct +signal strength display). + +Then, make sure we have the active connection in the list everywhere and +skip the SSID check when assiging the AP to the connection for the +active AP/connection. + +This way we make sure to have the active connection together with the +active AP in the list. The code will prefer to display the connections +SSID rather than the APS, so we get the right one for OWE. + +This mimicks the behaviour of newer g-c-c versions without pulling in +the full rewrite of the connection list widget. +--- + panels/network/net-device-wifi.c | 86 ++++++++++++++++++++++++++------ + 1 file changed, 72 insertions(+), 14 deletions(-) + +diff --git a/panels/network/net-device-wifi.c b/panels/network/net-device-wifi.c +index fc2fba63f..af489afcc 100644 +--- a/panels/network/net-device-wifi.c ++++ b/panels/network/net-device-wifi.c +@@ -163,25 +163,50 @@ get_access_point_security (NMAccessPoint *ap) + } + + static GPtrArray * +-panel_get_strongest_unique_aps (const GPtrArray *aps) ++panel_get_strongest_unique_aps (NMDevice *nm_device) + { +- GBytes *ssid, *ssid_tmp; ++ const GPtrArray *aps; + GPtrArray *aps_unique = NULL; + gboolean add_ap; + guint i; + guint j; + NMAccessPoint *ap; + NMAccessPoint *ap_tmp; ++ NMAccessPoint *active_ap; ++ NMActiveConnection *ac; ++ NMConnection *ac_con = NULL; ++ GBytes *ac_ssid = NULL; ++ ++ aps = nm_device_wifi_get_access_points (NM_DEVICE_WIFI (nm_device)); ++ active_ap = nm_device_wifi_get_active_access_point (NM_DEVICE_WIFI (nm_device)); ++ ++ /* Use the connection SSID for the active AP as it is different with OWE. */ ++ ac = nm_device_get_active_connection (nm_device); ++ if (ac) ++ ac_con = NM_CONNECTION (nm_active_connection_get_connection (ac)); ++ if (ac_con) { ++ NMSetting *setting; ++ ++ setting = nm_connection_get_setting_by_name (ac_con, NM_SETTING_WIRELESS_SETTING_NAME); ++ if (setting) ++ ac_ssid = nm_setting_wireless_get_ssid (NM_SETTING_WIRELESS (setting)); ++ } + + /* we will have multiple entries for typical hotspots, just + * filter to the one with the strongest signal */ + aps_unique = g_ptr_array_new_with_free_func ((GDestroyNotify) g_object_unref); + if (aps != NULL) + for (i = 0; i < aps->len; i++) { ++ GBytes *ssid = NULL; ++ + ap = NM_ACCESS_POINT (g_ptr_array_index (aps, i)); + ++ if (ap == active_ap) ++ ssid = ac_ssid; ++ if (!ssid) ++ ssid = nm_access_point_get_ssid (ap); ++ + /* Hidden SSIDs don't get shown in the list */ +- ssid = nm_access_point_get_ssid (ap); + if (!ssid) + continue; + +@@ -189,8 +214,15 @@ panel_get_strongest_unique_aps (const GPtrArray *aps) + + /* get already added list */ + for (j=0; jlen; j++) { ++ GBytes *ssid_tmp = NULL; ++ + ap_tmp = NM_ACCESS_POINT (g_ptr_array_index (aps_unique, j)); +- ssid_tmp = nm_access_point_get_ssid (ap_tmp); ++ ++ ssid_tmp = NULL; ++ if (ap_tmp == active_ap) ++ ssid_tmp = ac_ssid; ++ if (!ssid_tmp) ++ ssid_tmp = nm_access_point_get_ssid (ap_tmp); + g_assert (ssid_tmp); + + /* is this the same type and data? */ +@@ -202,9 +234,12 @@ panel_get_strongest_unique_aps (const GPtrArray *aps) + nm_utils_escape_ssid (g_bytes_get_data (ssid_tmp, NULL), + g_bytes_get_size (ssid_tmp))); + +- /* the new access point is stronger */ +- if (nm_access_point_get_strength (ap) > ++ if (ap_tmp == active_ap) { ++ add_ap = FALSE; ++ } else if (ap == active_ap || ++ nm_access_point_get_strength (ap) > + nm_access_point_get_strength (ap_tmp)) { ++ /* the new access point is the default or stronger */ + g_debug ("removing %s", + nm_utils_escape_ssid (g_bytes_get_data (ssid_tmp, NULL), + g_bytes_get_size (ssid_tmp))); +@@ -2042,9 +2077,10 @@ open_history (NetDeviceWifi *device_wifi) + GtkWidget *separator; + GSList *connections; + GSList *l; +- const GPtrArray *aps; + GPtrArray *aps_unique = NULL; + NMAccessPoint *active_ap; ++ NMActiveConnection *ac; ++ NMConnection *ac_con = NULL; + guint i; + NMDevice *nm_device; + GtkWidget *list; +@@ -2119,10 +2155,15 @@ open_history (NetDeviceWifi *device_wifi) + + connections = net_device_get_valid_connections (NET_DEVICE (device_wifi)); + +- aps = nm_device_wifi_get_access_points (NM_DEVICE_WIFI (nm_device)); +- aps_unique = panel_get_strongest_unique_aps (aps); ++ aps_unique = panel_get_strongest_unique_aps (nm_device); + active_ap = nm_device_wifi_get_active_access_point (NM_DEVICE_WIFI (nm_device)); + ++ ac = nm_device_get_active_connection (nm_device); ++ if (ac) ++ ac_con = NM_CONNECTION (nm_active_connection_get_connection (ac)); ++ if (ac_con && !g_slist_find (connections, ac_con)) ++ connections = g_slist_prepend (connections, ac_con); ++ + for (l = connections; l; l = l->next) { + NMConnection *connection = l->data; + NMAccessPoint *ap = NULL; +@@ -2137,7 +2178,13 @@ open_history (NetDeviceWifi *device_wifi) + GBytes *ssid_ap; + ap = NM_ACCESS_POINT (g_ptr_array_index (aps_unique, i)); + ssid_ap = nm_access_point_get_ssid (ap); +- if (nm_utils_same_ssid (g_bytes_get_data (ssid, NULL), g_bytes_get_size (ssid), ++ ++ /* Skip SSID check for active connection/AP (will not match with OWE) */ ++ if (ap == active_ap && connection == ac_con) ++ break; ++ ++ if (ssid_ap && ++ nm_utils_same_ssid (g_bytes_get_data (ssid, NULL), g_bytes_get_size (ssid), + g_bytes_get_data (ssid_ap, NULL), g_bytes_get_size (ssid_ap), + TRUE)) + break; +@@ -2167,13 +2214,14 @@ populate_ap_list_idle (NetDeviceWifi *device_wifi) + NMDevice *nm_device; + GSList *connections; + GSList *l; +- const GPtrArray *aps; + GPtrArray *aps_unique = NULL; + NMAccessPoint *active_ap; + guint i; + GtkWidget *row; + GtkWidget *button; + GList *children, *child; ++ NMActiveConnection *ac; ++ NMConnection *ac_con = NULL; + + device_wifi->priv->populate_ap_list_idle_id = 0; + +@@ -2192,10 +2240,15 @@ populate_ap_list_idle (NetDeviceWifi *device_wifi) + + connections = net_device_get_valid_connections (NET_DEVICE (device_wifi)); + +- aps = nm_device_wifi_get_access_points (NM_DEVICE_WIFI (nm_device)); +- aps_unique = panel_get_strongest_unique_aps (aps); ++ aps_unique = panel_get_strongest_unique_aps (nm_device); + active_ap = nm_device_wifi_get_active_access_point (NM_DEVICE_WIFI (nm_device)); + ++ ac = nm_device_get_active_connection (nm_device); ++ if (ac) ++ ac_con = NM_CONNECTION (nm_active_connection_get_connection (ac)); ++ if (ac_con && !g_slist_find (connections, ac_con)) ++ connections = g_slist_prepend (connections, ac_con); ++ + for (i = 0; i < aps_unique->len; i++) { + GBytes *ssid_ap; + NMAccessPoint *ap; +@@ -2212,9 +2265,14 @@ populate_ap_list_idle (NetDeviceWifi *device_wifi) + continue; + } + ++ /* Skip SSID check for active connection/AP (will not match with OWE) */ ++ if (ap == active_ap && connection == ac_con) ++ break; ++ + setting = nm_connection_get_setting_by_name (connection, NM_SETTING_WIRELESS_SETTING_NAME); + ssid = nm_setting_wireless_get_ssid (NM_SETTING_WIRELESS (setting)); +- if (nm_utils_same_ssid (g_bytes_get_data (ssid, NULL), g_bytes_get_size (ssid), ++ if (ssid_ap && ++ nm_utils_same_ssid (g_bytes_get_data (ssid, NULL), g_bytes_get_size (ssid), + g_bytes_get_data (ssid_ap, NULL), g_bytes_get_size (ssid_ap), + TRUE)) + break; +-- +2.34.1 + diff --git a/SOURCES/0008-network-Fix-saving-passwords-for-non-wifi-connection.patch b/SOURCES/0008-network-Fix-saving-passwords-for-non-wifi-connection.patch new file mode 100644 index 0000000..324de72 --- /dev/null +++ b/SOURCES/0008-network-Fix-saving-passwords-for-non-wifi-connection.patch @@ -0,0 +1,51 @@ +From 4269c292020aa11d7b8e17e804ad207e892d2bfe Mon Sep 17 00:00:00 2001 +From: Benjamin Berg +Date: Thu, 9 Dec 2021 17:53:09 +0100 +Subject: [PATCH 8/8] network: Fix saving passwords for non-wifi connections + +When validating security settings for non-wifi connections, we +temporarily create a wireless connection. Unfortunately, when this +connection is destroyed, it'll clear the stored password from the 802.1x +settings object. + +Avoid this by removing the setting before unref'ing the temporary +connection. +--- + .../connection-editor/ce-page-8021x-security.c | 15 +++++---------- + 1 file changed, 5 insertions(+), 10 deletions(-) + +diff --git a/panels/network/connection-editor/ce-page-8021x-security.c b/panels/network/connection-editor/ce-page-8021x-security.c +index f7d31969a..0ac057f79 100644 +--- a/panels/network/connection-editor/ce-page-8021x-security.c ++++ b/panels/network/connection-editor/ce-page-8021x-security.c +@@ -126,22 +126,17 @@ validate (CEPage *cepage, NMConnection *connection, GError **error) + /* FIXME: get failed property and error out of wireless security objects */ + valid = wireless_security_validate (page->security, error); + if (valid) { +- NMSetting *s_con; +- + /* Here's a nice hack to work around the fact that ws_802_1x_fill_connection needs wireless setting. */ +- tmp_connection = nm_simple_connection_new (); ++ tmp_connection = nm_simple_connection_new_clone (connection); + nm_connection_add_setting (tmp_connection, nm_setting_wireless_new ()); + +- /* temp connection needs a 'connection' setting too, since most of +- * the EAP methods need the UUID for CA cert ignore stuff. +- */ +- s_con = nm_connection_get_setting (connection, NM_TYPE_SETTING_CONNECTION); +- nm_connection_add_setting (tmp_connection, nm_setting_duplicate (s_con)); +- + ws_802_1x_fill_connection (page->security, "wpa_eap_auth_combo", tmp_connection); + ++ /* NOTE: It is important we create a copy of the settings, as the ++ * secrets might be cleared otherwise. ++ */ + s_8021x = nm_connection_get_setting (tmp_connection, NM_TYPE_SETTING_802_1X); +- nm_connection_add_setting (connection, NM_SETTING (g_object_ref (s_8021x))); ++ nm_connection_add_setting (connection, nm_setting_duplicate (NM_SETTING (s_8021x))); + + g_object_unref (tmp_connection); + } +-- +2.34.1 + diff --git a/SPECS/gnome-control-center.spec b/SPECS/gnome-control-center.spec index b9339d8..1274d68 100644 --- a/SPECS/gnome-control-center.spec +++ b/SPECS/gnome-control-center.spec @@ -11,7 +11,7 @@ Name: gnome-control-center Version: 3.28.2 -Release: 29%{?dist} +Release: 30%{?dist} Summary: Utilities to configure the GNOME desktop License: GPLv2+ and CC-BY-SA @@ -72,6 +72,9 @@ Patch33: 0003-ce-page-details-add-SAE-support.patch Patch34: 0004-net-device-wifi-Decode-SAE-AP-security.patch Patch35: 0005-network-complete-SAE-support.patch Patch36: 0006-Add-support-for-Enhanced-Open-WiFi-security.patch +Patch37: 0007-network-Fix-connection-selection-and-SSID-display-fo.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=1938944 +Patch38: 0008-network-Fix-saving-passwords-for-non-wifi-connection.patch BuildRequires: chrpath @@ -246,6 +249,12 @@ chrpath --delete $RPM_BUILD_ROOT%{_bindir}/gnome-control-center %dir %{_datadir}/gnome/wm-properties %changelog +* Tue Jan 04 2022 Benjamin Berg - 3.28.2-30 +- Fix connection list AP selection and SSID display for OWE + Resolves: #2023156 +- Fix saving passwords for non-wifi connections + Resolves: #1938944 + * Wed Nov 10 2021 Benjamin Berg - 3.28.2-29 - Backport SAE/WPA3/OWE support Resolves: #1915411