rpms/network-manager-applet
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Update to 1.8.4 release

Browse Source
This commit is contained in:
Thomas Haller 2017-09-20 15:35:51 +02:00
parent 53d33a76f0
commit 9de6775371
8 changed files with 12 additions and 278 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -36,3 +36,4 @@
/network-manager-applet-1.7.1.tar.xz
/network-manager-applet-1.8.0.tar.xz
/network-manager-applet-1.8.2.tar.xz
/network-manager-applet-1.8.4.tar.xz

0
nm-applet-no-notifications.patch → 0001-nm-applet-no-notifications.patch
View File

98
0001-wireless-security-acually-save-the-PKCS-11-PINs-for-.patch
View File

@ -1,98 +0,0 @@
From d7e873d91310203726b6e2472da3a94b4c8aac9d Mon Sep 17 00:00:00 2001
From: Lubomir Rintel <lkundrak@v3.sk>
Date: Thu, 22 Jun 2017 12:39:42 +0200
Subject: [PATCH 1/2] wireless-security: acually save the PKCS#11 PINs for
certificates
---
src/wireless-security/eap-method-peap.c | 5 ++++-
src/wireless-security/eap-method-tls.c | 10 ++++++++--
src/wireless-security/eap-method-ttls.c | 5 ++++-
3 files changed, 16 insertions(+), 4 deletions(-)
diff --git a/src/wireless-security/eap-method-peap.c b/src/wireless-security/eap-method-peap.c
index 81bd2754..4be53762 100644
--- a/src/wireless-security/eap-method-peap.c
+++ b/src/wireless-security/eap-method-peap.c
@@ -174,7 +174,7 @@ fill_connection (EAPMethod *parent, NMConnection *connection)
#if LIBNM_BUILD
/* libnm-glib doesn't support this. */
- /* Save CA certificate PIN password flags to the connection */
+ /* Save CA certificate PIN and its flags to the connection */
secret_flags = nma_cert_chooser_get_cert_password_flags (NMA_CERT_CHOOSER (method->ca_cert_chooser));
nm_setting_set_secret_flags (NM_SETTING (s_8021x), NM_SETTING_802_1X_CA_CERT_PASSWORD,
secret_flags, NULL);
@@ -183,6 +183,9 @@ fill_connection (EAPMethod *parent, NMConnection *connection)
nma_cert_chooser_update_cert_password_storage (NMA_CERT_CHOOSER (method->ca_cert_chooser),
secret_flags, NM_SETTING (s_8021x),
NM_SETTING_802_1X_CA_CERT_PASSWORD);
+ g_object_set (s_8021x, NM_SETTING_802_1X_CA_CERT_PASSWORD,
+ nma_cert_chooser_get_cert_password (NMA_CERT_CHOOSER (method->ca_cert_chooser)),
+ NULL);
}
#endif
diff --git a/src/wireless-security/eap-method-tls.c b/src/wireless-security/eap-method-tls.c
index a740c114..0595fd06 100644
--- a/src/wireless-security/eap-method-tls.c
+++ b/src/wireless-security/eap-method-tls.c
@@ -160,7 +160,7 @@ fill_connection (EAPMethod *parent, NMConnection *connection)
#if LIBNM_BUILD
/* libnm-glib doesn't support these. */
- /* Save CA certificate PIN password flags to the connection */
+ /* Save CA certificate PIN and its flags to the connection */
secret_flags = nma_cert_chooser_get_cert_password_flags (NMA_CERT_CHOOSER (method->ca_cert_chooser));
nm_setting_set_secret_flags (NM_SETTING (s_8021x), method->ca_cert_password_flags_name,
secret_flags, NULL);
@@ -169,9 +169,12 @@ fill_connection (EAPMethod *parent, NMConnection *connection)
nma_cert_chooser_update_cert_password_storage (NMA_CERT_CHOOSER (method->ca_cert_chooser),
secret_flags, NM_SETTING (s_8021x),
method->ca_cert_password_flags_name);
+ g_object_set (s_8021x, method->ca_cert_password_flags_name,
+ nma_cert_chooser_get_cert_password (NMA_CERT_CHOOSER (method->ca_cert_chooser)),
+ NULL);
}
- /* Save user certificate PIN password flags to the connection */
+ /* Save user certificate PIN and its flags flags to the connection */
secret_flags = nma_cert_chooser_get_cert_password_flags (NMA_CERT_CHOOSER (method->client_cert_chooser));
nm_setting_set_secret_flags (NM_SETTING (s_8021x), method->client_cert_password_flags_name,
secret_flags, NULL);
@@ -179,6 +182,9 @@ fill_connection (EAPMethod *parent, NMConnection *connection)
nma_cert_chooser_update_cert_password_storage (NMA_CERT_CHOOSER (method->client_cert_chooser),
secret_flags, NM_SETTING (s_8021x),
method->client_cert_password_flags_name);
+ g_object_set (s_8021x, method->client_cert_password_flags_name,
+ nma_cert_chooser_get_cert_password (NMA_CERT_CHOOSER (method->client_cert_chooser)),
+ NULL);
}
#endif
diff --git a/src/wireless-security/eap-method-ttls.c b/src/wireless-security/eap-method-ttls.c
index 4e9201fb..71bede99 100644
--- a/src/wireless-security/eap-method-ttls.c
+++ b/src/wireless-security/eap-method-ttls.c
@@ -170,7 +170,7 @@ fill_connection (EAPMethod *parent, NMConnection *connection)
#if LIBNM_BUILD
/* libnm-glib doesn't support this. */
- /* Save CA certificate PIN password flags to the connection */
+ /* Save CA certificate PIN and its flags to the connection */
secret_flags = nma_cert_chooser_get_cert_password_flags (NMA_CERT_CHOOSER (method->ca_cert_chooser));
nm_setting_set_secret_flags (NM_SETTING (s_8021x), NM_SETTING_802_1X_CA_CERT_PASSWORD,
secret_flags, NULL);
@@ -179,6 +179,9 @@ fill_connection (EAPMethod *parent, NMConnection *connection)
nma_cert_chooser_update_cert_password_storage (NMA_CERT_CHOOSER (method->ca_cert_chooser),
secret_flags, NM_SETTING (s_8021x),
NM_SETTING_802_1X_CA_CERT_PASSWORD);
+ g_object_set (s_8021x, NM_SETTING_802_1X_CA_CERT_PASSWORD,
+ nma_cert_chooser_get_cert_password (NMA_CERT_CHOOSER (method->ca_cert_chooser)),
+ NULL);
}
#endif
--
2.13.0

44
0002-wireless-security-fix-some-crash-issues-on-connectio.patch
View File

@ -1,44 +0,0 @@
From b322931ea69583140b512803ccdc75f0a1671cc1 Mon Sep 17 00:00:00 2001
From: Lubomir Rintel <lkundrak@v3.sk>
Date: Tue, 20 Jun 2017 17:19:04 +0200
Subject: [PATCH 2/2] wireless-security: fix some crash issues on connection
save
A use-after-free and a double-free.
---
src/wireless-security/eap-method-tls.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/src/wireless-security/eap-method-tls.c b/src/wireless-security/eap-method-tls.c
index 0595fd06..d3bbf66d 100644
--- a/src/wireless-security/eap-method-tls.c
+++ b/src/wireless-security/eap-method-tls.c
@@ -143,7 +143,7 @@ fill_connection (EAPMethod *parent, NMConnection *connection)
#endif
/* TLS private key */
- password = g_strdup (nma_cert_chooser_get_key_password (NMA_CERT_CHOOSER (method->client_cert_chooser)));
+ password = nma_cert_chooser_get_key_password (NMA_CERT_CHOOSER (method->client_cert_chooser));
value = nma_cert_chooser_get_key (NMA_CERT_CHOOSER (method->client_cert_chooser), &scheme);
if (parent->phase2) {
@@ -157,6 +157,7 @@ fill_connection (EAPMethod *parent, NMConnection *connection)
g_clear_error (&error);
}
}
+ g_free (value);
#if LIBNM_BUILD
/* libnm-glib doesn't support these. */
@@ -222,6 +223,8 @@ fill_connection (EAPMethod *parent, NMConnection *connection)
/* TLS CA certificate */
if (gtk_widget_get_sensitive (method->ca_cert_chooser))
value = nma_cert_chooser_get_cert (NMA_CERT_CHOOSER (method->ca_cert_chooser), &scheme);
+ else
+ value = NULL;
format = NM_SETTING_802_1X_CK_FORMAT_UNKNOWN;
if (parent->phase2) {
if (!nm_setting_802_1x_set_phase2_ca_cert (s_8021x, value, scheme, &format, &error)) {
--
2.13.0

53
0003-libnma-empty-certificate-fix-rh1469852.patch
View File

@ -1,53 +0,0 @@
From ecaf0b448fb4bb9c224679df8c64caef6714cef5 Mon Sep 17 00:00:00 2001
From: Beniamino Galvani <bgalvani@redhat.com>
Date: Tue, 18 Jul 2017 10:53:02 +0200
Subject: [PATCH 1/1] libnma: don't return empty passwords from certificate
chooser
Return NULL if the user did not specify any password. Setting an empty
password in the connection when it's not needed (e.g. for CA and
client certificate) makes the connection invalid.
Fixes: cfb753f6c907aa443307e48fb21eae0b2755bf22
https://bugzilla.redhat.com/show_bug.cgi?id=1469852
(cherry picked from commit f78c1fe9e528a7cf2edd430a559e2fe5fd5525a7)
---
src/libnma/nma-pkcs11-cert-chooser.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/src/libnma/nma-pkcs11-cert-chooser.c b/src/libnma/nma-pkcs11-cert-chooser.c
index 852be2e1..1c033e93 100644
--- a/src/libnma/nma-pkcs11-cert-chooser.c
+++ b/src/libnma/nma-pkcs11-cert-chooser.c
@@ -48,9 +48,12 @@ static const gchar *
get_key_password (NMACertChooser *cert_chooser)
{
NMAPkcs11CertChooserPrivate *priv = NMA_PKCS11_CERT_CHOOSER_GET_PRIVATE (cert_chooser);
+ const gchar *text;
g_return_val_if_fail (priv->key_password != NULL, NULL);
- return gtk_entry_get_text (GTK_ENTRY (priv->key_password));
+ text = gtk_entry_get_text (GTK_ENTRY (priv->key_password));
+
+ return text && text[0] ? text : NULL;
}
static void
@@ -87,9 +90,12 @@ static const gchar *
get_cert_password (NMACertChooser *cert_chooser)
{
NMAPkcs11CertChooserPrivate *priv = NMA_PKCS11_CERT_CHOOSER_GET_PRIVATE (cert_chooser);
+ const gchar *text;
g_return_val_if_fail (priv->cert_password != NULL, NULL);
- return gtk_entry_get_text (GTK_ENTRY (priv->cert_password));
+ text = gtk_entry_get_text (GTK_ENTRY (priv->cert_password));
+
+ return text && text[0] ? text : NULL;
}
static void
--
2.13.5

69
0004-applet-fix-status-icon-VPN-rh1471510.patch
View File

@ -1,69 +0,0 @@
From 8b8c1db2eb9824a34b36d6b10b4d6c17c4694fb6 Mon Sep 17 00:00:00 2001
From: Beniamino Galvani <bgalvani@redhat.com>
Date: Thu, 10 Aug 2017 17:00:16 +0200
Subject: [PATCH] applet: fix status icon when a VPN has the default route
After commit 35736dd2dfe0 ("applet: use default active interface, even
if it is of unsupported class") when a VPN with default route is
active, applet_get_default_active_connection() returns the VPN
connection, and no icon would be set because the tun device doesn't
have a NMADeviceClass.
Require a device class only when we need to determine the status icon,
otherwise accept any connection.
Fixes: 35736dd2dfe05534e5e45d9e3cdddf3cabec840c
https://bugzilla.gnome.org/show_bug.cgi?id=785775
https://bugzilla.redhat.com/show_bug.cgi?id=1471510
(cherry picked from commit b82db07d652df24e9286d0328462f94183d406c1)
---
src/applet.c | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/src/applet.c b/src/applet.c
index 4ac7fabc..c0bb7b5b 100644
--- a/src/applet.c
+++ b/src/applet.c
@@ -225,7 +225,8 @@ applet_get_best_activating_connection (NMApplet *applet, NMDevice **device)
}
static NMActiveConnection *
-applet_get_default_active_connection (NMApplet *applet, NMDevice **device)
+applet_get_default_active_connection (NMApplet *applet, NMDevice **device,
+ gboolean only_known_devices)
{
NMActiveConnection *default_ac = NULL;
NMDevice *non_default_device = NULL;
@@ -249,6 +250,10 @@ applet_get_default_active_connection (NMApplet *applet, NMDevice **device)
candidate_dev = g_ptr_array_index (devices, 0);
+ if ( only_known_devices
+ && !get_device_class (candidate_dev, applet))
+ continue;
+
/* We have to return default connection/device even if they are of an
* unknown class - otherwise we may end up returning non
* default interface which has nothing to do with our default
@@ -1033,7 +1038,7 @@ nma_menu_vpn_item_clicked (GtkMenuItem *item, gpointer user_data)
return;
}
- active = applet_get_default_active_connection (applet, &device);
+ active = applet_get_default_active_connection (applet, &device, FALSE);
if (!active || !device) {
g_warning ("%s: no active connection or device.", __func__);
return;
@@ -2577,7 +2582,7 @@ applet_get_device_icon_for_state (NMApplet *applet,
/* If there aren't any activating devices, then show the state of
* the default active connection instead.
*/
- active = applet_get_default_active_connection (applet, &device);
+ active = applet_get_default_active_connection (applet, &device, TRUE);
if (!active || !device)
goto out;
}
--
2.13.5

23
network-manager-applet.spec
View File

@ -3,9 +3,11 @@
%global nm_version 1:1.1.0
%global obsoletes_ver 1:0.9.7
%global rpm_version 1.8.2
%global real_version 1.8.2
%global release_version 4
%global rpm_version 1.8.4
%global real_version 1.8.4
%global release_version 1
%global real_version_major %(printf '%s' '%{real_version}' | sed -n 's/^\\([1-9][0-9]*\\.[1-9][0-9]*\\)\\.[1-9][0-9]*$/\\1/p')
Name: network-manager-applet
Summary: A network control and status applet for NetworkManager
@ -16,12 +18,8 @@ License: GPLv2+
URL: http://www.gnome.org/projects/NetworkManager/
Obsoletes: NetworkManager-gnome < %{obsoletes_ver}
Source: https://download.gnome.org/sources/network-manager-applet/1.8/%{name}-%{real_version}.tar.xz
Patch0: nm-applet-no-notifications.patch
Patch1: 0001-wireless-security-acually-save-the-PKCS-11-PINs-for-.patch
Patch2: 0002-wireless-security-fix-some-crash-issues-on-connectio.patch
Patch3: 0003-libnma-empty-certificate-fix-rh1469852.patch
Patch4: 0004-applet-fix-status-icon-VPN-rh1471510.patch
Source: https://download.gnome.org/sources/network-manager-applet/%{real_version_major}/%{name}-%{real_version}.tar.xz
Patch1: 0001-nm-applet-no-notifications.patch
Requires: NetworkManager >= %{nm_version}
Requires: NetworkManager-glib >= %{nm_version}
@ -121,11 +119,7 @@ This package deprecates libnm-gtk.
%prep
%setup -q -n "%{name}-%{real_version}"
%patch0 -p1
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%build
autoreconf -i -f
@ -241,6 +235,9 @@ glib-compile-schemas %{_datadir}/glib-2.0/schemas &>/dev/null || :
%changelog
* Wed Sep 20 2017 Thomas Haller <thaller@redhat.com> - 1.8.4-1
- Update to 1.8.4 release
* Mon Sep 18 2017 Beniamino Galvani <bgalvani@redhat.com> - 1.8.2-4
- applet: fix status icon when a VPN has the default route (rh#1471510)

2
sources
View File

@ -1 +1 @@
SHA512 (network-manager-applet-1.8.2.tar.xz) = 1e9019ca17a55138e08eaf34c7889b7d5f531e918412bf025c0e03eb0794dc323b59f0d3521f14e93b6a94756f8e2a52139c76117ed430c73bcd1366eeffb5c9
SHA512 (network-manager-applet-1.8.4.tar.xz) = 1ea149b8f0ea0fb44c71506a6fd637d3d9cc05e5f9acd7732f5e6e43de598f0d6f78f6e00d54ed9bd1d2a2f039b0e28c4b0aed6b77f4eae46e30bee15f944cc9