From b1b5c9a1025d7f55520b6a5923a77c15e0249d07 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Aug 06 2019 11:05:17 +0000 Subject: import NetworkManager-1.18.0-5.el7 --- diff --git a/.NetworkManager.metadata b/.NetworkManager.metadata index a70ee3e..462411f 100644 --- a/.NetworkManager.metadata +++ b/.NetworkManager.metadata @@ -1 +1 @@ -3b217472a9a96a49cdb143b66b1c2d964f6a473f SOURCES/NetworkManager-1.12.0.tar.xz +c1c90837161e149f454e886c4cdba414e87fc120 SOURCES/NetworkManager-1.18.0.tar.xz diff --git a/.gitignore b/.gitignore index 7028f3b..03b22ff 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/NetworkManager-1.12.0.tar.xz +SOURCES/NetworkManager-1.18.0.tar.xz diff --git a/SOURCES/0001-cloned-mac-address-permanent-rh1413312.patch b/SOURCES/0001-cloned-mac-address-permanent-rh1413312.patch index 0b2cde2..fb8e464 100644 --- a/SOURCES/0001-cloned-mac-address-permanent-rh1413312.patch +++ b/SOURCES/0001-cloned-mac-address-permanent-rh1413312.patch @@ -1,4 +1,4 @@ -From d7590dd02fd47cc32e0e76e19578116c83910591 Mon Sep 17 00:00:00 2001 +From 488696bfaabe783972f756f53ff2cce7b0aa8d4b Mon Sep 17 00:00:00 2001 From: Thomas Haller Date: Fri, 24 Feb 2017 20:25:56 +0100 Subject: [PATCH] Revert "device: change default value for cloned-mac-address @@ -16,7 +16,7 @@ This reverts commit fae5ecec5a4d9987a1915441602cb78275a9f490. 5 files changed, 12 insertions(+), 13 deletions(-) diff --git a/clients/common/settings-docs.h.in b/clients/common/settings-docs.h.in -index 7ad8c19a6..5aca99eee 100644 +index 59ca4cc..5fbafb7 100644 --- a/clients/common/settings-docs.h.in +++ b/clients/common/settings-docs.h.in @@ -7,7 +7,7 @@ @@ -26,9 +26,9 @@ index 7ad8c19a6..5aca99eee 100644 -#define DESCRIBE_DOC_NM_SETTING_WIRELESS_CLONED_MAC_ADDRESS N_("If specified, request that the device use this MAC address instead. This is known as MAC cloning or spoofing. Beside explicitly specifying a MAC address, the special values \"preserve\", \"permanent\", \"random\" and \"stable\" are supported. \"preserve\" means not to touch the MAC address on activation. \"permanent\" means to use the permanent hardware address of the device. \"random\" creates a random MAC address on each connect. \"stable\" creates a hashed MAC address based on connection.stable-id and a machine dependent key. If unspecified, the value can be overwritten via global defaults, see manual of NetworkManager.conf. If still unspecified, it defaults to \"preserve\" (older versions of NetworkManager may use a different default value). On D-Bus, this field is expressed as \"assigned-mac-address\" or the deprecated \"cloned-mac-address\".") +#define DESCRIBE_DOC_NM_SETTING_WIRELESS_CLONED_MAC_ADDRESS N_("If specified, request that the device use this MAC address instead of its permanent MAC address. This is known as MAC cloning or spoofing. Beside explicitly specifying a MAC address, the special values \"preserve\", \"permanent\", \"random\" and \"stable\" are supported. \"preserve\" means not to touch the MAC address on activation. \"permanent\" means to use the permanent hardware address of the device. \"random\" creates a random MAC address on each connect. \"stable\" creates a hashed MAC address based on connection.stable-id and a machine dependent key. If unspecified, the value can be overwritten via global defaults, see manual of NetworkManager.conf. If still unspecified, it defaults to \"permanent\". On D-Bus, this field is expressed as \"assigned-mac-address\" or the deprecated \"cloned-mac-address\".") #define DESCRIBE_DOC_NM_SETTING_WIRELESS_GENERATE_MAC_ADDRESS_MASK N_("With \"cloned-mac-address\" setting \"random\" or \"stable\", by default all bits of the MAC address are scrambled and a locally-administered, unicast MAC address is created. This property allows to specify that certain bits are fixed. Note that the least significant bit of the first MAC address will always be unset to create a unicast MAC address. If the property is NULL, it is eligible to be overwritten by a default connection setting. If the value is still NULL or an empty string, the default is to create a locally-administered, unicast MAC address. If the value contains one MAC address, this address is used as mask. The set bits of the mask are to be filled with the current MAC address of the device, while the unset bits are subject to randomization. Setting \"FE:FF:FF:00:00:00\" means to preserve the OUI of the current MAC address and only randomize the lower 3 bytes using the \"random\" or \"stable\" algorithm. If the value contains one additional MAC address after the mask, this address is used instead of the current MAC address to fill the bits that shall not be randomized. For example, a value of \"FE:FF:FF:00:00:00 68:F7:28:00:00:00\" will set the OUI of the MAC address to 68:F7:28, while the lower bits are randomized. A value of \"02:00:00:00:00:00 00:00:00:00:00:00\" will create a fully scrambled globally-administered, burned-in MAC address. If the value contains more than one additional MAC addresses, one of them is chosen randomly. For example, \"02:00:00:00:00:00 00:00:00:00:00:00 02:00:00:00:00:00\" will create a fully scrambled MAC address, randomly locally or globally administered.") - #define DESCRIBE_DOC_NM_SETTING_WIRELESS_HIDDEN N_("If TRUE, indicates this network is a non-broadcasting network that hides its SSID. In this case various workarounds may take place, such as probe-scanning the SSID for more reliable network discovery. However, these workarounds expose inherent insecurities with hidden SSID networks, and thus hidden SSID networks should be used with caution. Note that marking the network as hidden may be a privacy issue for you, as the explicit probe-scans may be distinctly recognizable on the air.") + #define DESCRIBE_DOC_NM_SETTING_WIRELESS_HIDDEN N_("If TRUE, indicates that the network is a non-broadcasting network that hides its SSID. This works both in infrastructure and AP mode. In infrastructure mode, various workarounds are used for a more reliable discovery of hidden networks, such as probe-scanning the SSID. However, these workarounds expose inherent insecurities with hidden SSID networks, and thus hidden SSID networks should be used with caution. In AP mode, the created network does not broadcast its SSID. Note that marking the network as hidden may be a privacy issue for you (in infrastructure mode) or client stations (in AP mode), as the explicit probe-scans are distinctly recognizable on the air.") #define DESCRIBE_DOC_NM_SETTING_WIRELESS_MAC_ADDRESS N_("If specified, this connection will only apply to the Wi-Fi device whose permanent MAC address matches. This property does not change the MAC address of the device (i.e. MAC spoofing).") -@@ -89,7 +89,7 @@ +@@ -86,7 +86,7 @@ #define DESCRIBE_DOC_NM_SETTING_802_1X_SUBJECT_MATCH N_("Substring to be matched against the subject of the certificate presented by the authentication server. When unset, no verification of the authentication server certificate's subject is performed. This property provides little security, if any, and its use is deprecated in favor of NMSetting8021x:domain-suffix-match.") #define DESCRIBE_DOC_NM_SETTING_802_1X_SYSTEM_CA_CERTS N_("When TRUE, overrides the \"ca-path\" and \"phase2-ca-path\" properties using the system CA directory specified at configure time with the --system-ca-path switch. The certificates in this directory are added to the verification chain in addition to any certificates specified by the \"ca-cert\" and \"phase2-ca-cert\" properties. If the path provided with --system-ca-path is rather a file name (bundle of trusted CA certificates), it overrides \"ca-cert\" and \"phase2-ca-cert\" properties instead (sets ca_cert/ca_cert2 options for wpa_supplicant).") #define DESCRIBE_DOC_NM_SETTING_WIRED_AUTO_NEGOTIATE N_("When TRUE, enforce auto-negotiation of speed and duplex mode. If \"speed\" and \"duplex\" properties are both specified, only that single mode will be advertised and accepted during the link auto-negotiation process: this works only for BASE-T 802.3 specifications and is useful for enforcing gigabits modes, as in these cases link negotiation is mandatory. When FALSE, \"speed\" and \"duplex\" properties should be both set or link configuration will be skipped.") @@ -38,10 +38,10 @@ index 7ad8c19a6..5aca99eee 100644 #define DESCRIBE_DOC_NM_SETTING_WIRED_GENERATE_MAC_ADDRESS_MASK N_("With \"cloned-mac-address\" setting \"random\" or \"stable\", by default all bits of the MAC address are scrambled and a locally-administered, unicast MAC address is created. This property allows to specify that certain bits are fixed. Note that the least significant bit of the first MAC address will always be unset to create a unicast MAC address. If the property is NULL, it is eligible to be overwritten by a default connection setting. If the value is still NULL or an empty string, the default is to create a locally-administered, unicast MAC address. If the value contains one MAC address, this address is used as mask. The set bits of the mask are to be filled with the current MAC address of the device, while the unset bits are subject to randomization. Setting \"FE:FF:FF:00:00:00\" means to preserve the OUI of the current MAC address and only randomize the lower 3 bytes using the \"random\" or \"stable\" algorithm. If the value contains one additional MAC address after the mask, this address is used instead of the current MAC address to fill the bits that shall not be randomized. For example, a value of \"FE:FF:FF:00:00:00 68:F7:28:00:00:00\" will set the OUI of the MAC address to 68:F7:28, while the lower bits are randomized. A value of \"02:00:00:00:00:00 00:00:00:00:00:00\" will create a fully scrambled globally-administered, burned-in MAC address. If the value contains more than one additional MAC addresses, one of them is chosen randomly. For example, \"02:00:00:00:00:00 00:00:00:00:00:00 02:00:00:00:00:00\" will create a fully scrambled MAC address, randomly locally or globally administered.") #define DESCRIBE_DOC_NM_SETTING_WIRED_MAC_ADDRESS N_("If specified, this connection will only apply to the Ethernet device whose permanent MAC address matches. This property does not change the MAC address of the device (i.e. MAC spoofing).") diff --git a/libnm-core/nm-setting-wired.c b/libnm-core/nm-setting-wired.c -index 5da9ce7d7..ccbc42f90 100644 +index 7f08430..b916a7c 100644 --- a/libnm-core/nm-setting-wired.c +++ b/libnm-core/nm-setting-wired.c -@@ -1149,8 +1149,8 @@ nm_setting_wired_class_init (NMSettingWiredClass *setting_wired_class) +@@ -1150,8 +1150,8 @@ nm_setting_wired_class_init (NMSettingWiredClass *klass) /** * NMSettingWired:cloned-mac-address: * @@ -52,7 +52,7 @@ index 5da9ce7d7..ccbc42f90 100644 * * Beside explicitly specifying a MAC address, the special values "preserve", "permanent", * "random" and "stable" are supported. -@@ -1162,8 +1162,7 @@ nm_setting_wired_class_init (NMSettingWiredClass *setting_wired_class) +@@ -1163,8 +1163,7 @@ nm_setting_wired_class_init (NMSettingWiredClass *klass) * machine dependent key. * * If unspecified, the value can be overwritten via global defaults, see manual @@ -63,10 +63,10 @@ index 5da9ce7d7..ccbc42f90 100644 * On D-Bus, this field is expressed as "assigned-mac-address" or the deprecated * "cloned-mac-address". diff --git a/libnm-core/nm-setting-wireless.c b/libnm-core/nm-setting-wireless.c -index 89a2df8eb..e80d153f1 100644 +index b4cb105..ac3f168 100644 --- a/libnm-core/nm-setting-wireless.c +++ b/libnm-core/nm-setting-wireless.c -@@ -1396,8 +1396,8 @@ nm_setting_wireless_class_init (NMSettingWirelessClass *setting_wireless_class) +@@ -1405,8 +1405,8 @@ nm_setting_wireless_class_init (NMSettingWirelessClass *klass) /** * NMSettingWireless:cloned-mac-address: * @@ -77,7 +77,7 @@ index 89a2df8eb..e80d153f1 100644 * * Beside explicitly specifying a MAC address, the special values "preserve", "permanent", * "random" and "stable" are supported. -@@ -1408,8 +1408,7 @@ nm_setting_wireless_class_init (NMSettingWirelessClass *setting_wireless_class) +@@ -1417,8 +1417,7 @@ nm_setting_wireless_class_init (NMSettingWirelessClass *klass) * machine dependent key. * * If unspecified, the value can be overwritten via global defaults, see manual @@ -88,10 +88,10 @@ index 89a2df8eb..e80d153f1 100644 * On D-Bus, this field is expressed as "assigned-mac-address" or the deprecated * "cloned-mac-address". diff --git a/man/NetworkManager.conf.xml b/man/NetworkManager.conf.xml -index 17bc42f34..aa8e66946 100644 +index 2893424..a8c4d0b 100644 --- a/man/NetworkManager.conf.xml +++ b/man/NetworkManager.conf.xml -@@ -661,7 +661,7 @@ ipv6.ip6-privacy=0 +@@ -705,7 +705,7 @@ ipv6.ip6-privacy=0 ethernet.cloned-mac-address @@ -100,7 +100,7 @@ index 17bc42f34..aa8e66946 100644 ethernet.generate-mac-address-mask -@@ -733,7 +733,7 @@ ipv6.ip6-privacy=0 +@@ -794,7 +794,7 @@ ipv6.ip6-privacy=0 wifi.cloned-mac-address @@ -110,11 +110,11 @@ index 17bc42f34..aa8e66946 100644 wifi.generate-mac-address-mask diff --git a/src/devices/nm-device.c b/src/devices/nm-device.c -index 5a5cb50e9..613e87034 100644 +index 06ad2ce82..c0867a04b 100644 --- a/src/devices/nm-device.c +++ b/src/devices/nm-device.c -@@ -14628,7 +14628,8 @@ _get_cloned_mac_address_setting (NMDevice *self, NMConnection *connection, gbool - is_wifi ? "wifi.cloned-mac-address" : "ethernet.cloned-mac-address", +@@ -15453,7 +15453,8 @@ _get_cloned_mac_address_setting (NMDevice *self, NMConnection *connection, gbool + : NM_CON_DEFAULT ("ethernet.cloned-mac-address"), self); - addr = NM_CLONED_MAC_PRESERVE; @@ -124,5 +124,5 @@ index 5a5cb50e9..613e87034 100644 if (!a) { if (is_wifi) { -- -2.17.0 +2.21.0 diff --git a/SOURCES/0003-dhclient-no-leading-zero-client-id-rh1556983.patch b/SOURCES/0003-dhclient-no-leading-zero-client-id-rh1556983.patch index 575d0b1..b3516dc 100644 --- a/SOURCES/0003-dhclient-no-leading-zero-client-id-rh1556983.patch +++ b/SOURCES/0003-dhclient-no-leading-zero-client-id-rh1556983.patch @@ -1,4 +1,4 @@ -From 8e8c797904fc29396d340609f006add206df4973 Mon Sep 17 00:00:00 2001 +From bbee3b6833ab1792e75470db5f3b7022e9a965f5 Mon Sep 17 00:00:00 2001 From: Beniamino Galvani Date: Wed, 20 Jun 2018 11:49:22 +0200 Subject: [PATCH 1/2] Revert "dhclient: write client-id with backslash and @@ -7,11 +7,11 @@ Subject: [PATCH 1/2] Revert "dhclient: write client-id with backslash and This reverts commit 0e4b33ee7552b036332f1bdbfed78f8ee75f000e. --- src/dhcp/nm-dhcp-dhclient-utils.c | 2 +- - src/dhcp/tests/test-dhcp-dhclient.c | 32 +---------------------------- - 2 files changed, 2 insertions(+), 32 deletions(-) + src/dhcp/tests/test-dhcp-dhclient.c | 33 +---------------------------- + 2 files changed, 2 insertions(+), 33 deletions(-) diff --git a/src/dhcp/nm-dhcp-dhclient-utils.c b/src/dhcp/nm-dhcp-dhclient-utils.c -index 3290dd65c..6adb395c9 100644 +index cbd706f..7324597 100644 --- a/src/dhcp/nm-dhcp-dhclient-utils.c +++ b/src/dhcp/nm-dhcp-dhclient-utils.c @@ -124,7 +124,7 @@ add_ip4_config (GString *str, GBytes *client_id, const char *hostname, gboolean @@ -24,10 +24,10 @@ index 3290dd65c..6adb395c9 100644 } diff --git a/src/dhcp/tests/test-dhcp-dhclient.c b/src/dhcp/tests/test-dhcp-dhclient.c -index 2f369aacc..f3b17807f 100644 +index 55d712b..7df0720 100644 --- a/src/dhcp/tests/test-dhcp-dhclient.c +++ b/src/dhcp/tests/test-dhcp-dhclient.c -@@ -176,35 +176,6 @@ test_quote_client_id (void) +@@ -178,36 +178,6 @@ test_quote_client_id (void) /*****************************************************************************/ @@ -45,6 +45,7 @@ index 2f369aacc..f3b17807f 100644 - "also request static-routes;\n" - "also request wpad;\n" - "also request ntp-servers;\n" +- "also request root-path;\n" - "\n"; - -static void @@ -63,7 +64,7 @@ index 2f369aacc..f3b17807f 100644 static const char *hex_zero_client_id_expected = \ "# Created by NetworkManager\n" "\n" -@@ -1026,8 +997,7 @@ main (int argc, char **argv) +@@ -1130,8 +1100,7 @@ main (int argc, char **argv) g_test_add_func ("/dhcp/dhclient/orig_missing", test_orig_missing); g_test_add_func ("/dhcp/dhclient/override_client_id", test_override_client_id); @@ -74,9 +75,9 @@ index 2f369aacc..f3b17807f 100644 g_test_add_func ("/dhcp/dhclient/ascii_client_id", test_ascii_client_id); g_test_add_func ("/dhcp/dhclient/hex_single_client_id", test_hex_single_client_id); -- -2.17.0 +2.21.0 -From 5fa45f1a84ea2e46e5fb07aeef19cb46322b64bc Mon Sep 17 00:00:00 2001 +From 2049c9c861f262aa6c949f45cd401ec515c2f2d0 Mon Sep 17 00:00:00 2001 From: Beniamino Galvani Date: Wed, 20 Jun 2018 11:50:51 +0200 Subject: [PATCH 2/2] Revert "dhcp: dhclient: set type 0 for printable client @@ -86,12 +87,12 @@ Keep the RHEL 7.5 behavior. This reverts commit 8ffa22d10d3001405965826b46463663fd2dacc2. --- - src/dhcp/nm-dhcp-dhclient-utils.c | 46 +++------------- - src/dhcp/tests/test-dhcp-dhclient.c | 83 +++-------------------------- - 2 files changed, 16 insertions(+), 113 deletions(-) + src/dhcp/nm-dhcp-dhclient-utils.c | 46 +++------------ + src/dhcp/tests/test-dhcp-dhclient.c | 87 +++-------------------------- + 2 files changed, 17 insertions(+), 116 deletions(-) diff --git a/src/dhcp/nm-dhcp-dhclient-utils.c b/src/dhcp/nm-dhcp-dhclient-utils.c -index 6adb395c9..90fa33397 100644 +index 7324597..4eb4c5d 100644 --- a/src/dhcp/nm-dhcp-dhclient-utils.c +++ b/src/dhcp/nm-dhcp-dhclient-utils.c @@ -137,9 +137,8 @@ add_ip4_config (GString *str, GBytes *client_id, const char *hostname, gboolean @@ -172,12 +173,12 @@ index 6adb395c9..90fa33397 100644 + return nm_dhcp_utils_client_id_string_to_bytes (s); } - GBytes * + static gboolean diff --git a/src/dhcp/tests/test-dhcp-dhclient.c b/src/dhcp/tests/test-dhcp-dhclient.c -index f3b17807f..377938c87 100644 +index 7df0720..acdd276 100644 --- a/src/dhcp/tests/test-dhcp-dhclient.c +++ b/src/dhcp/tests/test-dhcp-dhclient.c -@@ -150,7 +150,7 @@ test_override_client_id (void) +@@ -151,7 +151,7 @@ test_override_client_id (void) static const char *quote_client_id_expected = \ "# Created by NetworkManager\n" "\n" @@ -186,7 +187,7 @@ index f3b17807f..377938c87 100644 "\n" "option rfc3442-classless-static-routes code 121 = array of unsigned integer 8;\n" "option ms-classless-static-routes code 249 = array of unsigned integer 8;\n" -@@ -168,36 +168,7 @@ test_quote_client_id (void) +@@ -170,37 +170,7 @@ test_quote_client_id (void) { test_config (NULL, quote_client_id_expected, AF_INET, NULL, 0, FALSE, @@ -212,6 +213,7 @@ index f3b17807f..377938c87 100644 - "also request static-routes;\n" - "also request wpad;\n" - "also request ntp-servers;\n" +- "also request root-path;\n" - "\n"; - -static void @@ -224,7 +226,7 @@ index f3b17807f..377938c87 100644 NULL, "eth0", NULL); -@@ -208,7 +179,7 @@ test_hex_zero_client_id (void) +@@ -211,7 +181,7 @@ test_hex_zero_client_id (void) static const char *ascii_client_id_expected = \ "# Created by NetworkManager\n" "\n" @@ -233,7 +235,7 @@ index f3b17807f..377938c87 100644 "\n" "option rfc3442-classless-static-routes code 121 = array of unsigned integer 8;\n" "option ms-classless-static-routes code 249 = array of unsigned integer 8;\n" -@@ -264,13 +235,13 @@ test_hex_single_client_id (void) +@@ -269,13 +239,13 @@ test_hex_single_client_id (void) /*****************************************************************************/ static const char *existing_hex_client_id_orig = \ @@ -249,7 +251,7 @@ index f3b17807f..377938c87 100644 "\n" "option rfc3442-classless-static-routes code 121 = array of unsigned integer 8;\n" "option ms-classless-static-routes code 249 = array of unsigned integer 8;\n" -@@ -287,7 +258,7 @@ static void +@@ -293,7 +263,7 @@ static void test_existing_hex_client_id (void) { gs_unref_bytes GBytes *new_client_id = NULL; @@ -258,7 +260,7 @@ index f3b17807f..377938c87 100644 new_client_id = g_bytes_new (bytes, sizeof (bytes)); test_config (existing_hex_client_id_orig, existing_hex_client_id_expected, -@@ -300,52 +271,16 @@ test_existing_hex_client_id (void) +@@ -306,53 +276,16 @@ test_existing_hex_client_id (void) /*****************************************************************************/ @@ -280,6 +282,7 @@ index f3b17807f..377938c87 100644 - "also request static-routes;\n" - "also request wpad;\n" - "also request ntp-servers;\n" +- "also request root-path;\n" - "\n"; - -static void @@ -313,7 +316,16 @@ index f3b17807f..377938c87 100644 "\n" "option rfc3442-classless-static-routes code 121 = array of unsigned integer 8;\n" "option ms-classless-static-routes code 249 = array of unsigned integer 8;\n" -@@ -998,11 +933,9 @@ main (int argc, char **argv) +@@ -944,7 +877,7 @@ static void + test_structured (void) + { + gs_unref_bytes GBytes *new_client_id = NULL; +- const guint8 bytes[] = "sad-and-useless"; ++ const guint8 bytes[] = "\x00sad-and-useless"; + + static const char *const orig = \ + "interface \"eth0\" { \n" +@@ -1101,11 +1034,9 @@ main (int argc, char **argv) g_test_add_func ("/dhcp/dhclient/orig_missing", test_orig_missing); g_test_add_func ("/dhcp/dhclient/override_client_id", test_override_client_id); g_test_add_func ("/dhcp/dhclient/quote_client_id", test_quote_client_id); @@ -326,5 +338,5 @@ index f3b17807f..377938c87 100644 g_test_add_func ("/dhcp/dhclient/fqdn", test_fqdn); g_test_add_func ("/dhcp/dhclient/fqdn_options_override", test_fqdn_options_override); -- -2.17.0 +2.21.0 diff --git a/SOURCES/0004-device-disable-rp_filter-handling.patch b/SOURCES/0004-device-disable-rp_filter-handling.patch deleted file mode 100644 index 46c41a4..0000000 --- a/SOURCES/0004-device-disable-rp_filter-handling.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 1ce88613e6438f0ab9f50b826929f02408eb8f50 Mon Sep 17 00:00:00 2001 -From: Beniamino Galvani -Date: Wed, 4 Jul 2018 08:22:12 +0200 -Subject: [PATCH] device: disable rp_filter handling - -Don't change rp_filter in any way, like in previous RHEL 7 releases. -See also https://bugzilla.redhat.com/show_bug.cgi?id=1492472. - -https://bugzilla.redhat.com/show_bug.cgi?id=1593194 ---- - src/devices/nm-device.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/devices/nm-device.c b/src/devices/nm-device.c -index 613e87034..ac9e1da08 100644 ---- a/src/devices/nm-device.c -+++ b/src/devices/nm-device.c -@@ -11440,7 +11440,7 @@ nm_device_set_ip_config (NMDevice *self, - priv->needs_ip6_subnet = FALSE; - } - -- if (IS_IPv4) { -+ if (IS_IPv4 && FALSE /* disabled on RHEL */) { - if (!nm_device_sys_iface_state_is_external_or_assume (self)) - ip4_rp_filter_update (self); - } -@@ -12329,7 +12329,7 @@ queued_ip_config_change (NMDevice *self, int addr_family) - - set_unmanaged_external_down (self, TRUE); - -- if (IS_IPv4) { -+ if (IS_IPv4 && FALSE /* disabled on RHEL */) { - if (!nm_device_sys_iface_state_is_external_or_assume (self)) { - priv->v4_has_shadowed_routes = _v4_has_shadowed_routes_detect (self);; - ip4_rp_filter_update (self); --- -2.17.0 - diff --git a/SOURCES/0004-ibft-cap-sys-admin-rh1371201.patch b/SOURCES/0004-ibft-cap-sys-admin-rh1371201.patch new file mode 100644 index 0000000..e7f3bfb --- /dev/null +++ b/SOURCES/0004-ibft-cap-sys-admin-rh1371201.patch @@ -0,0 +1,33 @@ +From 53a95f9ebd941c9fd2464f69ee420c4c82842eda Mon Sep 17 00:00:00 2001 +From: Thomas Haller +Date: Fri, 2 Sep 2016 15:58:42 +0200 +Subject: [PATCH] service: give CAP_SYS_ADMIN for ibft/iscsiadm (rh#1371201) + +systemd on rhel-7.3 has a bug with merging CapabilityBoundingSet. +https://github.com/systemd/systemd/issues/1221 +Thus it is all in one line. +--- + data/NetworkManager.service.in | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/data/NetworkManager.service.in b/data/NetworkManager.service.in +index ff90456ff..680b5889a 100644 +--- a/data/NetworkManager.service.in ++++ b/data/NetworkManager.service.in +@@ -14,10 +14,10 @@ ExecStart=@sbindir@/NetworkManager --no-daemon + Restart=on-failure + # NM doesn't want systemd to kill its children for it + KillMode=process +-CapabilityBoundingSet=CAP_NET_ADMIN CAP_DAC_OVERRIDE CAP_NET_RAW CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_MODULE CAP_AUDIT_WRITE CAP_KILL CAP_SYS_CHROOT ++#CapabilityBoundingSet=CAP_NET_ADMIN CAP_DAC_OVERRIDE CAP_NET_RAW CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_MODULE CAP_AUDIT_WRITE CAP_KILL CAP_SYS_CHROOT + +-# ibft settings plugin calls iscsiadm which needs CAP_SYS_ADMIN +-#CapabilityBoundingSet=CAP_SYS_ADMIN ++# ibft settings plugin calls iscsiadm which needs CAP_SYS_ADMIN (rh#1371201) ++CapabilityBoundingSet=CAP_NET_ADMIN CAP_DAC_OVERRIDE CAP_NET_RAW CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_MODULE CAP_AUDIT_WRITE CAP_KILL CAP_SYS_CHROOT CAP_SYS_ADMIN + + ProtectSystem=true + ProtectHome=read-only +-- +2.17.1 + diff --git a/SOURCES/0005-dhcp-internal-default-client-id-rh1695723.patch b/SOURCES/0005-dhcp-internal-default-client-id-rh1695723.patch new file mode 100644 index 0000000..aa198b2 --- /dev/null +++ b/SOURCES/0005-dhcp-internal-default-client-id-rh1695723.patch @@ -0,0 +1,47 @@ +From 5ca3888861d4f05935c9f330804c1f30ab8c57e5 Mon Sep 17 00:00:00 2001 +From: Francesco Giudici +Date: Tue, 9 Apr 2019 11:41:27 +0200 +Subject: [PATCH] dhcp/internal: make default dhcp-client-id based on systemd + DUID-EN + +For RHEL-7 we want to stick to the legacy behavior of the internal +dhcp client: the default dhcp-client-id is based on systemd DUID-EN. + +https://bugzilla.redhat.com/show_bug.cgi?id=1695723 + +This reverts commit cfd696cc3cf43f5f510046b757949546bcee4cdc. +--- + src/dhcp/nm-dhcp-manager.c | 2 +- + src/dhcp/nm-dhcp-systemd.c | 3 ++- + 2 files changed, 3 insertions(+), 2 deletions(-) + +diff --git a/src/dhcp/nm-dhcp-manager.c b/src/dhcp/nm-dhcp-manager.c +index 7063c82cf..4a40d2e52 100644 +--- a/src/dhcp/nm-dhcp-manager.c ++++ b/src/dhcp/nm-dhcp-manager.c +@@ -237,7 +237,7 @@ client_start (NMDhcpManager *self, + * + * - for IPv4, the calling code may determine a client-id (from NM's connection profile). + * If present, it is taken. If not present, the DHCP plugin uses a plugin specific default. +- * - for "internal" plugin, the default is just "mac". ++ * - for "internal" plugin, the default is just "duid". + * - for "dhclient", we try to get the configuration from dhclient's /etc/dhcp or fallback + * to whatever dhclient uses by default. + * We do it this way, because for dhclient the user may configure a default +diff --git a/src/dhcp/nm-dhcp-systemd.c b/src/dhcp/nm-dhcp-systemd.c +index 70ed87150..84973aa2a 100644 +--- a/src/dhcp/nm-dhcp-systemd.c ++++ b/src/dhcp/nm-dhcp-systemd.c +@@ -750,7 +750,8 @@ ip4_start (NMDhcpClient *client, + + client_id = nm_dhcp_client_get_client_id (client); + if (!client_id) { +- client_id_new = nm_utils_dhcp_client_id_mac (arp_type, hwaddr_arr, hwaddr_len); ++ client_id_new = nm_utils_dhcp_client_id_systemd_node_specific (TRUE, ++ nm_dhcp_client_get_iface (client)); + client_id = client_id_new; + } + +-- +2.20.1 + diff --git a/SOURCES/0005-ibft-cap-sys-admin-rh1371201.patch b/SOURCES/0005-ibft-cap-sys-admin-rh1371201.patch deleted file mode 100644 index 843fc75..0000000 --- a/SOURCES/0005-ibft-cap-sys-admin-rh1371201.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 53a95f9ebd941c9fd2464f69ee420c4c82842eda Mon Sep 17 00:00:00 2001 -From: Thomas Haller -Date: Fri, 2 Sep 2016 15:58:42 +0200 -Subject: [PATCH] service: give CAP_SYS_ADMIN for ibft/iscsiadm (rh#1371201) - -systemd on rhel-7.3 has a bug with merging CapabilityBoundingSet. -https://github.com/systemd/systemd/issues/1221 -Thus it is all in one line. ---- - data/NetworkManager.service.in | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/data/NetworkManager.service.in b/data/NetworkManager.service.in -index 2692935..d354b7c 100644 ---- a/data/NetworkManager.service.in -+++ b/data/NetworkManager.service.in -@@ -14,10 +14,10 @@ ExecStart=@sbindir@/NetworkManager --no-daemon - Restart=on-failure - # NM doesn't want systemd to kill its children for it - KillMode=process --CapabilityBoundingSet=CAP_NET_ADMIN CAP_DAC_OVERRIDE CAP_NET_RAW CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_MODULE CAP_AUDIT_WRITE CAP_KILL CAP_SYS_CHROOT -+#CapabilityBoundingSet=CAP_NET_ADMIN CAP_DAC_OVERRIDE CAP_NET_RAW CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_MODULE CAP_AUDIT_WRITE CAP_KILL CAP_SYS_CHROOT - --# ibft settings plugin calls iscsiadm which needs CAP_SYS_ADMIN --#CapabilityBoundingSet=CAP_SYS_ADMIN -+# ibft settings plugin calls iscsiadm which needs CAP_SYS_ADMIN (rh#1371201) -+CapabilityBoundingSet=CAP_NET_ADMIN CAP_DAC_OVERRIDE CAP_NET_RAW CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_MODULE CAP_AUDIT_WRITE CAP_KILL CAP_SYS_CHROOT CAP_SYS_ADMIN - - ProtectSystem=true - ProtectHome=read-only --- -2.17.1 - diff --git a/SOURCES/0006-no-keyfile-file-name-extension-rh1697858.patch b/SOURCES/0006-no-keyfile-file-name-extension-rh1697858.patch new file mode 100644 index 0000000..5f45622 --- /dev/null +++ b/SOURCES/0006-no-keyfile-file-name-extension-rh1697858.patch @@ -0,0 +1,40 @@ +From a67de1d4f7025f86701c1e2cc319238cbbc88f98 Mon Sep 17 00:00:00 2001 +From: Thomas Haller +Date: Tue, 9 Apr 2019 18:00:21 +0200 +Subject: [PATCH 1/1] Revert "keyfile: also add ".nmconnection" extension when + writing keyfiles in /etc" + +This reverts commit d37ad15f12bafd91cf724cda50aea7093e04bf7a. +--- + src/settings/plugins/keyfile/nms-keyfile-writer.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/src/settings/plugins/keyfile/nms-keyfile-writer.c b/src/settings/plugins/keyfile/nms-keyfile-writer.c +index 8c75d8c79..fe05df28e 100644 +--- a/src/settings/plugins/keyfile/nms-keyfile-writer.c ++++ b/src/settings/plugins/keyfile/nms-keyfile-writer.c +@@ -357,16 +357,19 @@ nms_keyfile_writer_connection (NMConnection *connection, + GError **error) + { + const char *keyfile_dir; ++ gboolean with_extension = FALSE; + + if (save_to_disk) + keyfile_dir = nms_keyfile_utils_get_path (); +- else ++ else { + keyfile_dir = NM_KEYFILE_PATH_NAME_RUN; ++ with_extension = TRUE; ++ } + + return _internal_write_connection (connection, + keyfile_dir, + nms_keyfile_utils_get_path (), +- TRUE, ++ with_extension, + 0, + 0, + existing_path, +-- +2.20.1 + diff --git a/SOURCES/0006-support-aes256-private-keys-rh1623798.patch b/SOURCES/0006-support-aes256-private-keys-rh1623798.patch deleted file mode 100644 index 0702108..0000000 --- a/SOURCES/0006-support-aes256-private-keys-rh1623798.patch +++ /dev/null @@ -1,275 +0,0 @@ -From 0590bacaecdfb57d5289a2c3d0628424689353d1 Mon Sep 17 00:00:00 2001 -From: Beniamino Galvani -Date: Mon, 27 Aug 2018 17:04:34 +0200 -Subject: [PATCH] libnm-core: support private keys encrypted with - AES-{192,256}-CBC - -https://github.com/NetworkManager/NetworkManager/pull/189 -(cherry picked from commit 93f85edcce502cfa6d3676f58bf9e8e1a527ea53) -(cherry picked from commit 74fc6f30b2fef3b8631128907e036bda88491970) ---- - Makefile.am | 3 +- - libnm-core/crypto.c | 30 +++++++---- - libnm-core/crypto.h | 6 ++- - libnm-core/crypto_gnutls.c | 14 ++++- - libnm-core/crypto_nss.c | 9 +++- - ...{test-aes-key.pem => test-aes-128-key.pem} | 0 - libnm-core/tests/certs/test-aes-256-key.pem | 54 +++++++++++++++++++ - libnm-core/tests/test-crypto.c | 7 ++- - libnm-util/tests/test-crypto.c | 4 +- - 9 files changed, 106 insertions(+), 21 deletions(-) - rename libnm-core/tests/certs/{test-aes-key.pem => test-aes-128-key.pem} (100%) - create mode 100644 libnm-core/tests/certs/test-aes-256-key.pem - -diff --git a/Makefile.am b/Makefile.am -index cdb5cfc9d..d86fa26c7 100644 ---- a/Makefile.am -+++ b/Makefile.am -@@ -749,7 +749,8 @@ EXTRA_DIST += \ - libnm-core/tests/certs/test2_ca_cert.pem \ - libnm-core/tests/certs/test2-cert.p12 \ - libnm-core/tests/certs/test2_key_and_cert.pem \ -- libnm-core/tests/certs/test-aes-key.pem \ -+ libnm-core/tests/certs/test-aes-128-key.pem \ -+ libnm-core/tests/certs/test-aes-256-key.pem \ - libnm-core/tests/certs/test_ca_cert.der \ - libnm-core/tests/certs/test_ca_cert.pem \ - libnm-core/tests/certs/test-ca-cert.pem \ -diff --git a/libnm-core/crypto.c b/libnm-core/crypto.c -index c4e48475f..319f8055f 100644 ---- a/libnm-core/crypto.c -+++ b/libnm-core/crypto.c -@@ -158,7 +158,13 @@ parse_old_openssl_key_file (const guint8 *data, - goto parse_error; - } - } else if (!strncmp (p, DEK_INFO_TAG, strlen (DEK_INFO_TAG))) { -+ static const char *const known_ciphers[] = { CIPHER_DES_EDE3_CBC, -+ CIPHER_DES_CBC, -+ CIPHER_AES_128_CBC, -+ CIPHER_AES_192_CBC, -+ CIPHER_AES_256_CBC }; - char *comma; -+ guint i; - - if (enc_tags++ != 1 || str->len != 0) { - g_set_error (error, NM_CRYPTO_ERROR, -@@ -187,13 +193,13 @@ parse_old_openssl_key_file (const guint8 *data, - iv = g_strdup (comma); - - /* Get the private key cipher */ -- if (!strcasecmp (p, "DES-EDE3-CBC")) { -- cipher = g_strdup (p); -- } else if (!strcasecmp (p, "DES-CBC")) { -- cipher = g_strdup (p); -- } else if (!strcasecmp (p, "AES-128-CBC")) { -- cipher = g_strdup (p); -- } else { -+ for (i = 0; i < G_N_ELEMENTS (known_ciphers); i++) { -+ if (!g_ascii_strcasecmp (p, known_ciphers[i])) { -+ cipher = g_strdup (known_ciphers[i]); -+ break; -+ } -+ } -+ if (i == G_N_ELEMENTS (known_ciphers)) { - g_set_error (error, NM_CRYPTO_ERROR, - NM_CRYPTO_ERROR_INVALID_DATA, - _("Malformed PEM file: unknown private key cipher '%s'."), -@@ -383,12 +389,16 @@ crypto_make_des_aes_key (const char *cipher, - g_return_val_if_fail (password != NULL, NULL); - g_return_val_if_fail (out_len != NULL, NULL); - -- if (!strcmp (cipher, "DES-EDE3-CBC")) -+ if (!strcmp (cipher, CIPHER_DES_EDE3_CBC)) - digest_len = 24; -- else if (!strcmp (cipher, "DES-CBC")) -+ else if (!strcmp (cipher, CIPHER_DES_CBC)) - digest_len = 8; -- else if (!strcmp (cipher, "AES-128-CBC")) -+ else if (!strcmp (cipher, CIPHER_AES_128_CBC)) - digest_len = 16; -+ else if (!strcmp (cipher, CIPHER_AES_192_CBC)) -+ digest_len = 24; -+ else if (!strcmp (cipher, CIPHER_AES_256_CBC)) -+ digest_len = 32; - else { - g_set_error (error, NM_CRYPTO_ERROR, - NM_CRYPTO_ERROR_UNKNOWN_CIPHER, -diff --git a/libnm-core/crypto.h b/libnm-core/crypto.h -index e89f09193..d20d6f310 100644 ---- a/libnm-core/crypto.h -+++ b/libnm-core/crypto.h -@@ -30,8 +30,10 @@ - - #define MD5_HASH_LEN 20 - #define CIPHER_DES_EDE3_CBC "DES-EDE3-CBC" --#define CIPHER_DES_CBC "DES-CBC" --#define CIPHER_AES_CBC "AES-128-CBC" -+#define CIPHER_DES_CBC "DES-CBC" -+#define CIPHER_AES_128_CBC "AES-128-CBC" -+#define CIPHER_AES_192_CBC "AES-192-CBC" -+#define CIPHER_AES_256_CBC "AES-256-CBC" - - typedef enum { - NM_CRYPTO_KEY_TYPE_UNKNOWN = 0, -diff --git a/libnm-core/crypto_gnutls.c b/libnm-core/crypto_gnutls.c -index 53a3ba4ad..49181ee72 100644 ---- a/libnm-core/crypto_gnutls.c -+++ b/libnm-core/crypto_gnutls.c -@@ -82,9 +82,15 @@ crypto_decrypt (const char *cipher, - } else if (!strcmp (cipher, CIPHER_DES_CBC)) { - cipher_mech = GNUTLS_CIPHER_DES_CBC; - real_iv_len = SALT_LEN; -- } else if (!strcmp (cipher, CIPHER_AES_CBC)) { -+ } else if (!strcmp (cipher, CIPHER_AES_128_CBC)) { - cipher_mech = GNUTLS_CIPHER_AES_128_CBC; - real_iv_len = 16; -+ } else if (!strcmp (cipher, CIPHER_AES_192_CBC)) { -+ cipher_mech = GNUTLS_CIPHER_AES_192_CBC; -+ real_iv_len = 16; -+ } else if (!strcmp (cipher, CIPHER_AES_256_CBC)) { -+ cipher_mech = GNUTLS_CIPHER_AES_256_CBC; -+ real_iv_len = 16; - } else { - g_set_error (error, NM_CRYPTO_ERROR, - NM_CRYPTO_ERROR_UNKNOWN_CIPHER, -@@ -189,8 +195,12 @@ crypto_encrypt (const char *cipher, - - if (!strcmp (cipher, CIPHER_DES_EDE3_CBC)) - cipher_mech = GNUTLS_CIPHER_3DES_CBC; -- else if (!strcmp (cipher, CIPHER_AES_CBC)) -+ else if (!strcmp (cipher, CIPHER_AES_128_CBC)) - cipher_mech = GNUTLS_CIPHER_AES_128_CBC; -+ else if (!strcmp (cipher, CIPHER_AES_192_CBC)) -+ cipher_mech = GNUTLS_CIPHER_AES_192_CBC; -+ else if (!strcmp (cipher, CIPHER_AES_256_CBC)) -+ cipher_mech = GNUTLS_CIPHER_AES_256_CBC; - else { - g_set_error (error, NM_CRYPTO_ERROR, - NM_CRYPTO_ERROR_UNKNOWN_CIPHER, -diff --git a/libnm-core/crypto_nss.c b/libnm-core/crypto_nss.c -index 56e91e26f..9a0c43349 100644 ---- a/libnm-core/crypto_nss.c -+++ b/libnm-core/crypto_nss.c -@@ -103,7 +103,9 @@ crypto_decrypt (const char *cipher, - } else if (!strcmp (cipher, CIPHER_DES_CBC)) { - cipher_mech = CKM_DES_CBC_PAD; - real_iv_len = 8; -- } else if (!strcmp (cipher, CIPHER_AES_CBC)) { -+ } else if (NM_IN_STRSET (cipher, CIPHER_AES_128_CBC, -+ CIPHER_AES_192_CBC, -+ CIPHER_AES_256_CBC)) { - cipher_mech = CKM_AES_CBC_PAD; - real_iv_len = 16; - } else { -@@ -269,7 +271,10 @@ crypto_encrypt (const char *cipher, - - if (!strcmp (cipher, CIPHER_DES_EDE3_CBC)) - cipher_mech = CKM_DES3_CBC_PAD; -- else if (!strcmp (cipher, CIPHER_AES_CBC)) -+ else if (NM_IN_STRSET (cipher, -+ CIPHER_AES_128_CBC, -+ CIPHER_AES_192_CBC, -+ CIPHER_AES_256_CBC)) - cipher_mech = CKM_AES_CBC_PAD; - else { - g_set_error (error, NM_CRYPTO_ERROR, -diff --git a/libnm-core/tests/certs/test-aes-key.pem b/libnm-core/tests/certs/test-aes-128-key.pem -similarity index 100% -rename from libnm-core/tests/certs/test-aes-key.pem -rename to libnm-core/tests/certs/test-aes-128-key.pem -diff --git a/libnm-core/tests/certs/test-aes-256-key.pem b/libnm-core/tests/certs/test-aes-256-key.pem -new file mode 100644 -index 000000000..e51bafd3d ---- /dev/null -+++ b/libnm-core/tests/certs/test-aes-256-key.pem -@@ -0,0 +1,54 @@ -+-----BEGIN RSA PRIVATE KEY----- -+Proc-Type: 4,ENCRYPTED -+DEK-Info: AES-256-CBC,5FF6BD2D4E57E8933D4A6814DEF5305A -+ -+9Br+xw6XOg7qUqfeE5PJ4g/PAm7eTcPMb4FzSKkaEosLo6oj4f37TwXuojJZeAmi -+1EytpqM1vdYHCLdjg+qYaTIq6mzMZIyoaREokcOhcNrq5S0J39gJLVV9LjiXhCAH -+GQgDBnbRT6HGz70AyTRLcW9aj6uBzTv/m92sLUw2txFeBXK8n2AA1oHJTgsFNYjf -+/ZvTCE1VMQHDPx31Vn5WXSUHNc0hx4MTIwpHqWI17ohr8IiWCs5HXVfVaqrNeNEw -+haD7fg8oNxjLs46/4dDWmfWXhDsMFSweZv03gZdyVjwn1IOqeVGmTdLpllfgOW7E -++XE8Y/d55s5nkOxu6eXNMtWgjclKBGr2iMxxnODmEsUt2WcV98cPS+25o3hOfy3s -+NIcfxtWVRFUtjqf3ragyGLuXFqATkj1slj4LVMeewRJ1g+Z6ti0mwBN+ZrYtKdec -+FRNb4zr5FW+3SqkIIJVfxJEYJDB4zODhMg8tySEHLKuT0uz42YQ4aoOHTzO5WDBY -+2BI7TjRppXcExPnkAk5jqbKA6BjT9KcAVyypfxDKvCeXKdjDcL6ISOBSm6cQBh8D -+HxsFzMy9PF6kKNeiNiEsVPnKYvhvs1hTBtp+IAgJ6KZnCDKplZFxo/mBAlV2KyCT -+x+Mhmme3fXdLJkvxlVJAoAhwgXvomVCVTGI3JhcQIqVgxPIKYpqlHVFC7JjG+yQX -+tvzCPtr9G9+Ofrm6zXjlDD7zNyl/KfFtEWhO2ePHkQlCEuKJnsnRIf/wQ0viG0yY -+MH31Z/84o2pKLBKY5fq8+eYuYoP9Rk4W2LpjGMvdkKhEHL26kZofeFyqD+JcaxHc -+kQh7/SbWAsREGb9Jp7I2q1mo749mse1oSFIQa5gN3jB0mgHZd6edRYeW2Up+rqEK -+k6Xd6uqs7bZd5W9sP7Cf6yJOFEjqFVLQEVEXWSchgeta/JNrjGr3UzLFN2S+vhvX -+XgDa41y2UdXHRqj2s864u0ZDPyGXYZnVbvQn/8xHQ7rvxHowpTn+XXUEf0AQnk3j -+9h++3McwP8GuVxkwc6o9TfOL+ell5jup7F3SekwEiE3hqY8x87g6X2zD5VSnfCy3 -+0t0LmPGI1b3LABeYjA1WEdhoTlHrNLkwOR4gsudrJ5nxIzfGy+IHaloXLJy4YKfX -+pJ+qyGRUR42YD9IhiEmmmO1VoJgVEYfBiz50Jg8emddku6eKdmv9IKjiSb2pTbDS -+4oUYKg109OOn+krk67dNXofAXrBa8v7QusC0yz9N25H05Xyou1iqpGk+uBrTqEO6 -+lW9lWQo57BQU9og40xMKH/xQgIxfQRktUKsPizj8mKil4izo5KgjPSqBeEbj+Q3c -+0FKlrpTXQlXfX5Z5esqMuCSiwQEzoJR+V+SUaSVcg1av0k/CJMin4Cr8roai+OjK -+lhaQIvx35Bzd02yERYsfpDjmQCXmIeiDm8JtB6znbQPUJ4d8kzWR+5ACOZW/dUss -+YhWJRkZpkIwTY+/sDU4mnP2R37MNo+OH4CwZyUDHjlkRPGW+6JBEpnnlI9a/1Vb1 -+pjAGpi/8u/luvZGTzCzxQG2dZc5YQR869U+wFsFbLRiD0aP2SpdOH0QxxPOcdR8+ -+HWyL01BJBKyK/wZWJhe+63zlk1L5CA0XYpoNkYpMlPNZkcqR7QzUOATfuBgI2aPM -+AXaweaAWhpPCDsc2RypIs9DhTiCCkt8tq8Au15hVUKAoshLeewPtv0t75MEC0hVB -+z6FVnNlqq0cqqcSVqvUG6JUGtFOGgG3ifEMXggq5k12+wGzY63DLR8dFPNpOL6/1 -+nocOayHJIU9M8PP817PzhAUAePRRUKRg8kkbKKeZnCJxoF7O15AFVEJnl9Vyokkz -+bULYhzYVx3xh8THMi+5jsnKWPJyMeYHbHH3C658SIw6Ff9fgEWscv5ZkGYdKMg+l -+8hBn+++SoqIO+F3lOGco+s8qlYox106lUwJEtORXcBxmkaHSo/X2AVO8Owt4vYli -+mjWnY6V9vooBgOuCMcY780pcoj2lSf9JPHDYK0j8t5VumDUSLyLt+tCj0yv/vl5L -+9L++vbu2akZRC9ChijYpfhTvXoG36ePhoT7AGGnhpFjjw1VqG80GY4XSODKzH86w -+kUcZoErb8swUPYOtsybtuPb+6c/YofQ8GfpVosPZgSRD4+U7v+zA3/z8xF2B0xt6 -+uV8hXbropuni8KmbFuKrPZK3p2v2aZ8F0+GITwS75/hbT6D7ruUSr5q4V0VKeE8G -+k3QSI0s6+74stPv3S/ByCxu8q51ffYqVw00wzPpEc4SmHEa0R7IczJKXupmDdZZM -+1rASSBNzS5TZDBXP6S7npYQ8nHhgXTdCFO7eM3bp24B/i2o0s7+gkKrz0DkEbv9I -+UrCJjTL8OIIP4qSLMILzZ8pB28c+zyM482ZqFY/2b7j6WlTiqa9P1adrD1gLxTQ0 -+Sw9xY+sY3PAJqcnPA5NjDZL/h5plgHhCqDa9pEtdBVG2Mxcl9bXbphwD1MIzj4gr -+xtlW1HUJ/iOhFcXldOJ1MCt++Bm5av4mL5adQ/oUnL5Q0oZZFwqT09k7xe7lZ98N -+uj2Lfl8NN7N3ama9KatgbX5g6IALuk/rJN/4KEiiu24m+lR7c5L0pg/cG6LIFjmk -+HlTsc0ANCgeZBhDJ8kvjcXDhFOqoYE/+D2VO6ZEHRsDibQ+kjpaH+DiD01/gh0N0 -+HM6GGtm3GbOyZUhw5OFz04xzcyFYo2xaqzgaZieAOcrt2s6XyPVf1gww08/HtTMR -+gLg14MUQvRXV6kPJfdu4OLZ//b6J0KnzVyLDRdOrWIj2raLWmKwQN9qv05/yskcD -+Y6x7wq3v6iZpFjDc53sslhwp2XRsoWT9X5alVspz8WvP/kqgkTdzpPFdp1vIovOQ -+kRXdzzKICDGDJUIcTL8cJ3Dv4XqNR/sVyuB4dfndzQQApbdYTDNpwX0VJDBjMkQy -+Up6aiUknxa6Cbp7b1ZfUQY8yNBAIZL+R8dmobT3nAHW61DaASHSxn+elCD2Ja/6b -+EiWikskyN6crMAv35ILr5ySsZK97ttNNmRoGFbt8bTjRd83Ie+UfH445kCKsY83x -+aDCvWm+bbV6M9rSgjhJ3bWOudiw+EBMGvSamSnS7CYnRmwq4t+4bM2sh2nYKY0qw -+-----END RSA PRIVATE KEY----- -diff --git a/libnm-core/tests/test-crypto.c b/libnm-core/tests/test-crypto.c -index fb99ffea7..5fb26c1fc 100644 ---- a/libnm-core/tests/test-crypto.c -+++ b/libnm-core/tests/test-crypto.c -@@ -476,8 +476,11 @@ main (int argc, char **argv) - g_test_add_data_func ("/libnm/crypto/key/padding-8", - "test2_key_and_cert.pem, 12345testing", - test_key); -- g_test_add_data_func ("/libnm/crypto/key/aes", -- "test-aes-key.pem, test-aes-password", -+ g_test_add_data_func ("/libnm/crypto/key/aes-128", -+ "test-aes-128-key.pem, test-aes-password", -+ test_key); -+ g_test_add_data_func ("/libnm/crypto/key/aes-256", -+ "test-aes-256-key.pem, test-aes-password", - test_key); - g_test_add_data_func ("/libnm/crypto/key/decrypted", - "test-key-only-decrypted.pem", -diff --git a/libnm-util/tests/test-crypto.c b/libnm-util/tests/test-crypto.c -index 61bd97745..af6028a52 100644 ---- a/libnm-util/tests/test-crypto.c -+++ b/libnm-util/tests/test-crypto.c -@@ -383,8 +383,8 @@ main (int argc, char **argv) - g_test_add_data_func ("/libnm/crypto/key/padding-8", - "test2_key_and_cert.pem, 12345testing", - test_key); -- g_test_add_data_func ("/libnm/crypto/key/aes", -- "test-aes-key.pem, test-aes-password", -+ g_test_add_data_func ("/libnm/crypto/key/aes-128", -+ "test-aes-128-key.pem, test-aes-password", - test_key); - - g_test_add_data_func ("/libnm/crypto/PKCS#12/1", --- -2.17.1 - diff --git a/SOURCES/0007-core-fix-wireless-bitrate-property-name-on-D-Bus-rh1626391.patch b/SOURCES/0007-core-fix-wireless-bitrate-property-name-on-D-Bus-rh1626391.patch deleted file mode 100644 index d6fce0f..0000000 --- a/SOURCES/0007-core-fix-wireless-bitrate-property-name-on-D-Bus-rh1626391.patch +++ /dev/null @@ -1,36 +0,0 @@ -From acb43106a919affe65eb736ebc798390396913cc Mon Sep 17 00:00:00 2001 -From: Beniamino Galvani -Date: Fri, 7 Sep 2018 09:33:57 +0200 -Subject: [PATCH] core: fix wireless bitrate property name on D-Bus - -In commit 297d4985abcc ("core/dbus: rework D-Bus implementation to use -lower layer GDBusConnection API") the Device.Wireless 'Bitrate' -property on D-Bus was accidentally changed to 'BitRate'. Revert the -old name. - -Reported-by: Joseph Conley -Fixes: 297d4985abcc7b571b8c090ee90622357fc60e16 - -https://mail.gnome.org/archives/networkmanager-list/2018-September/msg00004.html -(cherry picked from commit c882633d48ad70d5c92ce0566a0f46dcbb5c51b3) -(cherry picked from commit 3a2c6f81f6b0a8dd38d45aa89fa7d6d1f897f149) ---- - src/devices/wifi/nm-wifi-common.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/devices/wifi/nm-wifi-common.c b/src/devices/wifi/nm-wifi-common.c -index 8e079d115..c95620e7f 100644 ---- a/src/devices/wifi/nm-wifi-common.c -+++ b/src/devices/wifi/nm-wifi-common.c -@@ -196,7 +196,7 @@ const NMDBusInterfaceInfoExtended nm_interface_info_device_wireless = { - NM_DEFINE_DBUS_PROPERTY_INFO_EXTENDED_READABLE_L ("HwAddress", "s", NM_DEVICE_HW_ADDRESS), - NM_DEFINE_DBUS_PROPERTY_INFO_EXTENDED_READABLE_L ("PermHwAddress", "s", NM_DEVICE_PERM_HW_ADDRESS), - NM_DEFINE_DBUS_PROPERTY_INFO_EXTENDED_READABLE_L ("Mode", "u", NM_DEVICE_WIFI_MODE), -- NM_DEFINE_DBUS_PROPERTY_INFO_EXTENDED_READABLE_L ("BitRate", "u", NM_DEVICE_WIFI_BITRATE), -+ NM_DEFINE_DBUS_PROPERTY_INFO_EXTENDED_READABLE_L ("Bitrate", "u", NM_DEVICE_WIFI_BITRATE), - NM_DEFINE_DBUS_PROPERTY_INFO_EXTENDED_READABLE_L ("AccessPoints", "ao", NM_DEVICE_WIFI_ACCESS_POINTS), - NM_DEFINE_DBUS_PROPERTY_INFO_EXTENDED_READABLE_L ("ActiveAccessPoint", "o", NM_DEVICE_WIFI_ACTIVE_ACCESS_POINT), - NM_DEFINE_DBUS_PROPERTY_INFO_EXTENDED_READABLE_L ("WirelessCapabilities", "u", NM_DEVICE_WIFI_CAPABILITIES), --- -2.17.1 - diff --git a/SOURCES/0008-dns-dnsmsaq-avoid-crash-no-rev-domains-rh1628576.patch b/SOURCES/0008-dns-dnsmsaq-avoid-crash-no-rev-domains-rh1628576.patch deleted file mode 100644 index d80d1e0..0000000 --- a/SOURCES/0008-dns-dnsmsaq-avoid-crash-no-rev-domains-rh1628576.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 3a040f04f5c32639092ea5e427675df2a1830704 Mon Sep 17 00:00:00 2001 -From: Beniamino Galvani -Date: Thu, 13 Sep 2018 14:50:32 +0200 -Subject: [PATCH] dns: dnsmasq: avoid crash when no reverse domains exist - -ip_data->domains.reverse can be NULL when the device is being removed -and has no IP configuration for a short moment. - -Fixes: 6409e7719c0341baedfdb063366457e390894ed9 - -https://bugzilla.gnome.org/show_bug.cgi?id=797022 -(cherry picked from commit f0c075f05082e4c77fac75ad06d303e7538e4fc7) -(cherry picked from commit 8309a7a6964d3677e0705046fb2f91810ef3ab65) -(cherry picked from commit 3abddc3328e7896f7af137ec9d74db86c27b3302) ---- - src/dns/nm-dns-dnsmasq.c | 10 ++++++---- - 1 file changed, 6 insertions(+), 4 deletions(-) - -diff --git a/src/dns/nm-dns-dnsmasq.c b/src/dns/nm-dns-dnsmasq.c -index b5b93280d..91f4c55bd 100644 ---- a/src/dns/nm-dns-dnsmasq.c -+++ b/src/dns/nm-dns-dnsmasq.c -@@ -183,10 +183,12 @@ add_ip_config (NMDnsDnsmasq *self, GVariantBuilder *servers, const NMDnsIPConfig - domain[0] ? domain : NULL); - } - -- for (j = 0; ip_data->domains.reverse[j]; j++) { -- add_dnsmasq_nameserver (self, servers, -- ip_addr_to_string_buf, -- ip_data->domains.reverse[j]); -+ if (ip_data->domains.reverse) { -+ for (j = 0; ip_data->domains.reverse[j]; j++) { -+ add_dnsmasq_nameserver (self, servers, -+ ip_addr_to_string_buf, -+ ip_data->domains.reverse[j]); -+ } - } - } - } --- -2.17.1 - diff --git a/SOURCES/0009-dhcp-internal-fixes-cve-2018-15688-rh1643984.patch b/SOURCES/0009-dhcp-internal-fixes-cve-2018-15688-rh1643984.patch deleted file mode 100644 index 8d67575..0000000 --- a/SOURCES/0009-dhcp-internal-fixes-cve-2018-15688-rh1643984.patch +++ /dev/null @@ -1,506 +0,0 @@ -From 0d4220fa98fbbd8aa0944a6ed87122b579716ff5 Mon Sep 17 00:00:00 2001 -From: Thomas Haller -Date: Mon, 10 Sep 2018 15:22:28 +0200 -Subject: [PATCH 1/9] systemd/dhcp: fix assertion starting DHCP client without - MAC address - -An assertion in dhcp_network_bind_raw_socket() is triggered when -starting an sd_dhcp_client without setting setting a MAC address -first. - - - sd_dhcp_client_start() - - client_start() - - client_start_delayed() - - dhcp_network_bind_raw_socket() - -In that case, the arp-type and MAC address is still unset. Note that -dhcp_network_bind_raw_socket() already checks for a valid arp-type -and MAC address below, so we should just gracefully return -EINVAL. - -Maybe sd_dhcp_client_start() should fail earlier when starting without -MAC address. But the failure here will be correctly propagated and -the start aborted. - -See-also: https://github.com/systemd/systemd/pull/10054 -(cherry picked from commit 34af574d5810ab2b0d6d354cbc28135cde4a55b1) -(cherry picked from commit 0a797bdc2a592385a21e7ed918c08ef54a346d99) -(cherry picked from commit f37ed84ca495ee212b1e82b9c5a5682c4acfebcd) ---- - src/systemd/src/libsystemd-network/dhcp-network.c | 2 -- - 1 file changed, 2 deletions(-) - -diff --git a/src/systemd/src/libsystemd-network/dhcp-network.c b/src/systemd/src/libsystemd-network/dhcp-network.c -index 90fe29d04..80e9577cd 100644 ---- a/src/systemd/src/libsystemd-network/dhcp-network.c -+++ b/src/systemd/src/libsystemd-network/dhcp-network.c -@@ -128,8 +128,6 @@ int dhcp_network_bind_raw_socket(int ifindex, union sockaddr_union *link, - const uint8_t *bcast_addr = NULL; - uint8_t dhcp_hlen = 0; - -- assert_return(mac_addr_len > 0, -EINVAL); -- - if (arp_type == ARPHRD_ETHER) { - assert_return(mac_addr_len == ETH_ALEN, -EINVAL); - memcpy(ð_mac, mac_addr, ETH_ALEN); --- -2.17.1 - - -From ee92f8164c0ecee86cec104240f0bbe155901891 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Sun, 30 Sep 2018 20:23:58 +0900 -Subject: [PATCH 2/9] dhcp6: check option length before reading values - -Fixes oss-fuzz#10746 -https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10746. - -https://github.com/systemd/systemd/pull/10213 -https://github.com/systemd/systemd/commit/84452783b8bcc44e0dbb7fa6ddc6dad8c064bdfe -(cherry picked from commit 484e92e17f93aa9658944dc886d420ef32bc625e) -(cherry picked from commit 0cec1cb93edd2efa6bee8e2ec1000d94a86ec61e) -(cherry picked from commit 8b8b248679ee17b5c8e68fb8e8e6f6cd3ec32f03) ---- - src/systemd/src/libsystemd-network/dhcp6-internal.h | 2 +- - src/systemd/src/libsystemd-network/dhcp6-option.c | 11 ++++++----- - src/systemd/src/libsystemd-network/sd-dhcp6-client.c | 2 +- - 3 files changed, 8 insertions(+), 7 deletions(-) - -diff --git a/src/systemd/src/libsystemd-network/dhcp6-internal.h b/src/systemd/src/libsystemd-network/dhcp6-internal.h -index f1cbd6a4f..06e2e5324 100644 ---- a/src/systemd/src/libsystemd-network/dhcp6-internal.h -+++ b/src/systemd/src/libsystemd-network/dhcp6-internal.h -@@ -91,7 +91,7 @@ int dhcp6_option_append_pd(uint8_t *buf, size_t len, DHCP6IA *pd); - int dhcp6_option_append_fqdn(uint8_t **buf, size_t *buflen, const char *fqdn); - int dhcp6_option_parse(uint8_t **buf, size_t *buflen, uint16_t *optcode, - size_t *optlen, uint8_t **optvalue); --int dhcp6_option_parse_status(DHCP6Option *option); -+int dhcp6_option_parse_status(DHCP6Option *option, size_t len); - int dhcp6_option_parse_ia(DHCP6Option *iaoption, DHCP6IA *ia); - int dhcp6_option_parse_ip6addrs(uint8_t *optval, uint16_t optlen, - struct in6_addr **addrs, size_t count, -diff --git a/src/systemd/src/libsystemd-network/dhcp6-option.c b/src/systemd/src/libsystemd-network/dhcp6-option.c -index a8a56463a..e462b7083 100644 ---- a/src/systemd/src/libsystemd-network/dhcp6-option.c -+++ b/src/systemd/src/libsystemd-network/dhcp6-option.c -@@ -249,10 +249,11 @@ int dhcp6_option_parse(uint8_t **buf, size_t *buflen, uint16_t *optcode, - return 0; - } - --int dhcp6_option_parse_status(DHCP6Option *option) { -+int dhcp6_option_parse_status(DHCP6Option *option, size_t len) { - DHCP6StatusOption *statusopt = (DHCP6StatusOption *)option; - -- if (be16toh(option->len) + sizeof(DHCP6Option) < sizeof(*statusopt)) -+ if (len < sizeof(DHCP6StatusOption) || -+ be16toh(option->len) + sizeof(DHCP6Option) < sizeof(DHCP6StatusOption)) - return -ENOBUFS; - - return be16toh(statusopt->status); -@@ -279,7 +280,7 @@ static int dhcp6_option_parse_address(DHCP6Option *option, DHCP6IA *ia, - } - - if (be16toh(option->len) + sizeof(DHCP6Option) > sizeof(*addr_option)) { -- r = dhcp6_option_parse_status((DHCP6Option *)addr_option->options); -+ r = dhcp6_option_parse_status((DHCP6Option *)addr_option->options, be16toh(option->len) + sizeof(DHCP6Option) - sizeof(*addr_option)); - if (r != 0) - return r < 0 ? r: 0; - } -@@ -319,7 +320,7 @@ static int dhcp6_option_parse_pdprefix(DHCP6Option *option, DHCP6IA *ia, - } - - if (be16toh(option->len) + sizeof(DHCP6Option) > sizeof(*pdprefix_option)) { -- r = dhcp6_option_parse_status((DHCP6Option *)pdprefix_option->options); -+ r = dhcp6_option_parse_status((DHCP6Option *)pdprefix_option->options, be16toh(option->len) + sizeof(DHCP6Option) - sizeof(*pdprefix_option)); - if (r != 0) - return r < 0 ? r: 0; - } -@@ -464,7 +465,7 @@ int dhcp6_option_parse_ia(DHCP6Option *iaoption, DHCP6IA *ia) { - - case SD_DHCP6_OPTION_STATUS_CODE: - -- status = dhcp6_option_parse_status(option); -+ status = dhcp6_option_parse_status(option, optlen); - if (status) { - log_dhcp6_client(client, "IA status %d", - status); -diff --git a/src/systemd/src/libsystemd-network/sd-dhcp6-client.c b/src/systemd/src/libsystemd-network/sd-dhcp6-client.c -index ca03f580e..b82e3f45f 100644 ---- a/src/systemd/src/libsystemd-network/sd-dhcp6-client.c -+++ b/src/systemd/src/libsystemd-network/sd-dhcp6-client.c -@@ -828,7 +828,7 @@ static int client_parse_message( - break; - - case SD_DHCP6_OPTION_STATUS_CODE: -- status = dhcp6_option_parse_status(option); -+ status = dhcp6_option_parse_status(option, optlen); - if (status) { - log_dhcp6_client(client, "%s Status %s", - dhcp6_message_type_to_string(message->type), --- -2.17.1 - - -From a944785f244e92094eb4379cf12e76f5205037d3 Mon Sep 17 00:00:00 2001 -From: Evgeny Vereshchagin -Date: Sat, 29 Sep 2018 03:06:10 +0000 -Subject: [PATCH 3/9] dhcp6: fix an off-by-one error in - dhcp6_option_parse_domainname - -==14==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60200055fa9c at pc 0x0000005458f1 bp 0x7ffc78940d90 sp 0x7ffc78940d88 -READ of size 1 at 0x60200055fa9c thread T0 - #0 0x5458f0 in dhcp6_option_parse_domainname /work/build/../../src/systemd/src/libsystemd-network/dhcp6-option.c:555:29 - #1 0x54706e in dhcp6_lease_set_domains /work/build/../../src/systemd/src/libsystemd-network/sd-dhcp6-lease.c:242:13 - #2 0x53fce0 in client_parse_message /work/build/../../src/systemd/src/libsystemd-network/sd-dhcp6-client.c:984:29 - #3 0x53f3bc in client_receive_advertise /work/build/../../src/systemd/src/libsystemd-network/sd-dhcp6-client.c:1083:13 - #4 0x53d57f in client_receive_message /work/build/../../src/systemd/src/libsystemd-network/sd-dhcp6-client.c:1182:21 - #5 0x7f0f7159deee in source_dispatch /work/build/../../src/systemd/src/libsystemd/sd-event/sd-event.c:3042:21 - #6 0x7f0f7159d431 in sd_event_dispatch /work/build/../../src/systemd/src/libsystemd/sd-event/sd-event.c:3455:21 - #7 0x7f0f7159ea8d in sd_event_run /work/build/../../src/systemd/src/libsystemd/sd-event/sd-event.c:3512:21 - #8 0x531f2b in fuzz_client /work/build/../../src/systemd/src/fuzz/fuzz-dhcp6-client.c:44:9 - #9 0x531bc1 in LLVMFuzzerTestOneInput /work/build/../../src/systemd/src/fuzz/fuzz-dhcp6-client.c:53:9 - #10 0x57bec8 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:570:15 - #11 0x579d67 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) /src/libfuzzer/FuzzerLoop.cpp:479:3 - #12 0x57dc92 in fuzzer::Fuzzer::MutateAndTestOne() /src/libfuzzer/FuzzerLoop.cpp:707:19 - #13 0x580ca6 in fuzzer::Fuzzer::Loop(std::__1::vector, std::__1::allocator >, fuzzer::fuzzer_allocator, std::__1::allocator > > > const&) /src/libfuzzer/FuzzerLoop.cpp:838:5 - #14 0x55e968 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:764:6 - #15 0x551a1c in main /src/libfuzzer/FuzzerMain.cpp:20:10 - #16 0x7f0f701a082f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f) - #17 0x41e928 in _start (/out/fuzz-dhcp6-client+0x41e928) - -https://github.com/systemd/systemd/pull/10200 -https://github.com/systemd/systemd/commit/b387d3c1327a3ad2a2509bd3d3491e674392ff21 -(cherry picked from commit 7cb7cffc4962245a32e87017bcf264005c043250) -(cherry picked from commit cd3aacefdd0b91741b7b2e7b5ee5baab210addd9) -(cherry picked from commit 5b140a77bc7b01dc002dbf28a7a2507a27a63d7c) ---- - src/systemd/src/libsystemd-network/dhcp6-option.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/systemd/src/libsystemd-network/dhcp6-option.c b/src/systemd/src/libsystemd-network/dhcp6-option.c -index e462b7083..ff1cbf13d 100644 ---- a/src/systemd/src/libsystemd-network/dhcp6-option.c -+++ b/src/systemd/src/libsystemd-network/dhcp6-option.c -@@ -566,7 +566,7 @@ int dhcp6_option_parse_domainname(const uint8_t *optval, uint16_t optlen, char * - /* Literal label */ - label = (const char *)&optval[pos]; - pos += c; -- if (pos > optlen) -+ if (pos >= optlen) - return -EMSGSIZE; - - if (!GREEDY_REALLOC(ret, allocated, n + !first + DNS_LABEL_ESCAPED_MAX)) { --- -2.17.1 - - -From fc04015063d44a61b85bdf2c2648d9ac9fb4a446 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Thu, 27 Sep 2018 18:04:59 +0900 -Subject: [PATCH 4/9] sd-dhcp-lease: fix memleaks - -(cherry picked from commit e2975f854831d08a25b4f5eb329b6d04102e115f) -(cherry picked from commit 157094abd83f933fad142758a7d177cfa1a347f7) -(cherry picked from commit 3fd9d11619a5e60d375076fbe13851dd1d3a4a63) ---- - src/systemd/src/libsystemd-network/sd-dhcp-lease.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/src/systemd/src/libsystemd-network/sd-dhcp-lease.c b/src/systemd/src/libsystemd-network/sd-dhcp-lease.c -index 33a0796a8..841d07926 100644 ---- a/src/systemd/src/libsystemd-network/sd-dhcp-lease.c -+++ b/src/systemd/src/libsystemd-network/sd-dhcp-lease.c -@@ -279,6 +279,8 @@ sd_dhcp_lease *sd_dhcp_lease_unref(sd_dhcp_lease *lease) { - free(option); - } - -+ free(lease->root_path); -+ free(lease->timezone); - free(lease->hostname); - free(lease->domainname); - free(lease->dns); --- -2.17.1 - - -From ae56f71f5bd4233f335ec4c2a5172b59be3d80ca Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Thu, 27 Sep 2018 23:48:51 +0900 -Subject: [PATCH 5/9] dhcp6: fix buffer size checking - -(cherry picked from commit cb1bdeaf56852275e6b0dd1fba932bb174767f70) -(cherry picked from commit 91fb1673d5217aaf1461998fd2675630f5c265f9) -(cherry picked from commit 15a3c6c692ee0125d4673df42ef8986e9e3d69c7) ---- - src/systemd/src/libsystemd-network/sd-dhcp6-client.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/systemd/src/libsystemd-network/sd-dhcp6-client.c b/src/systemd/src/libsystemd-network/sd-dhcp6-client.c -index b82e3f45f..b65c31171 100644 ---- a/src/systemd/src/libsystemd-network/sd-dhcp6-client.c -+++ b/src/systemd/src/libsystemd-network/sd-dhcp6-client.c -@@ -776,8 +776,8 @@ static int client_parse_message( - uint8_t *optval; - be32_t iaid_lease; - -- if (len < offsetof(DHCP6Option, data) || -- len < offsetof(DHCP6Option, data) + be16toh(option->len)) -+ if (len < pos + offsetof(DHCP6Option, data) || -+ len < pos + offsetof(DHCP6Option, data) + be16toh(option->len)) - return -ENOBUFS; - - optcode = be16toh(option->code); --- -2.17.1 - - -From 9babde953073b460d8bcda13329c60a0a74cdc3c Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Fri, 19 Oct 2018 03:44:56 +0900 -Subject: [PATCH 6/9] sd-dhcp6: fix argument and error handling of - dhcp6_option_parse_status() - -(cherry picked from commit 91c43f3978fa7c8341550b9ca279e460ba7e74e6) -(cherry picked from commit 373cbfc8c6e9591b3c8cc12d58c4b31ac35ab24f) -(cherry picked from commit 0e93fd895daa6f0f578ffa8fc4ed3e0ea85c62e8) -(cherry picked from commit 6ea13fc82523bebaa08cf2ab8404e751a654261f) ---- - src/systemd/src/libsystemd-network/dhcp6-option.c | 10 ++++++---- - src/systemd/src/libsystemd-network/sd-dhcp6-client.c | 9 +++++---- - 2 files changed, 11 insertions(+), 8 deletions(-) - -diff --git a/src/systemd/src/libsystemd-network/dhcp6-option.c b/src/systemd/src/libsystemd-network/dhcp6-option.c -index ff1cbf13d..cfddefcb5 100644 ---- a/src/systemd/src/libsystemd-network/dhcp6-option.c -+++ b/src/systemd/src/libsystemd-network/dhcp6-option.c -@@ -465,13 +465,15 @@ int dhcp6_option_parse_ia(DHCP6Option *iaoption, DHCP6IA *ia) { - - case SD_DHCP6_OPTION_STATUS_CODE: - -- status = dhcp6_option_parse_status(option, optlen); -- if (status) { -+ status = dhcp6_option_parse_status(option, optlen + sizeof(DHCP6Option)); -+ if (status < 0) { -+ r = status; -+ goto error; -+ } -+ if (status > 0) { - log_dhcp6_client(client, "IA status %d", - status); - -- dhcp6_lease_free_ia(ia); -- - r = -EINVAL; - goto error; - } -diff --git a/src/systemd/src/libsystemd-network/sd-dhcp6-client.c b/src/systemd/src/libsystemd-network/sd-dhcp6-client.c -index b65c31171..15c4f445f 100644 ---- a/src/systemd/src/libsystemd-network/sd-dhcp6-client.c -+++ b/src/systemd/src/libsystemd-network/sd-dhcp6-client.c -@@ -828,13 +828,14 @@ static int client_parse_message( - break; - - case SD_DHCP6_OPTION_STATUS_CODE: -- status = dhcp6_option_parse_status(option, optlen); -- if (status) { -+ status = dhcp6_option_parse_status(option, optlen + sizeof(DHCP6Option)); -+ if (status < 0) -+ return status; -+ -+ if (status > 0) { - log_dhcp6_client(client, "%s Status %s", - dhcp6_message_type_to_string(message->type), - dhcp6_message_status_to_string(status)); -- dhcp6_lease_free_ia(&lease->ia); -- dhcp6_lease_free_ia(&lease->pd); - - return -EINVAL; - } --- -2.17.1 - - -From 19b82104da425efdb9ad0207ccabf5a1a091b81a Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Fri, 19 Oct 2018 03:42:10 +0900 -Subject: [PATCH 7/9] sd-dhcp6: make dhcp6_option_parse_domainname() not store - empty domain - -This improves performance of fuzzer. -C.f. oss-fuzz#11019. - -(cherry picked from commit 3c72b6ed4252e7ff5f7704bfe44557ec197b47fa) -(cherry picked from commit 50403cccee28c7dcd54b138a0d3b3f69ea0204fe) -(cherry picked from commit f11f5abb1a8b96b553d2d156f8b5cf440695c04d) -(cherry picked from commit c836279fca80fb22ca7ef02acaa5b987fee61123) ---- - .../src/libsystemd-network/dhcp6-option.c | 66 ++++++++----------- - 1 file changed, 29 insertions(+), 37 deletions(-) - -diff --git a/src/systemd/src/libsystemd-network/dhcp6-option.c b/src/systemd/src/libsystemd-network/dhcp6-option.c -index cfddefcb5..be5c22237 100644 ---- a/src/systemd/src/libsystemd-network/dhcp6-option.c -+++ b/src/systemd/src/libsystemd-network/dhcp6-option.c -@@ -555,6 +555,7 @@ int dhcp6_option_parse_domainname(const uint8_t *optval, uint16_t optlen, char * - bool first = true; - - for (;;) { -+ const char *label; - uint8_t c; - - c = optval[pos++]; -@@ -562,47 +563,41 @@ int dhcp6_option_parse_domainname(const uint8_t *optval, uint16_t optlen, char * - if (c == 0) - /* End of name */ - break; -- else if (c <= 63) { -- const char *label; -- -- /* Literal label */ -- label = (const char *)&optval[pos]; -- pos += c; -- if (pos >= optlen) -- return -EMSGSIZE; -- -- if (!GREEDY_REALLOC(ret, allocated, n + !first + DNS_LABEL_ESCAPED_MAX)) { -- r = -ENOMEM; -- goto fail; -- } -- -- if (first) -- first = false; -- else -- ret[n++] = '.'; -- -- r = dns_label_escape(label, c, ret + n, DNS_LABEL_ESCAPED_MAX); -- if (r < 0) -- goto fail; -- -- n += r; -- continue; -- } else { -- r = -EBADMSG; -- goto fail; -- } -- } -+ if (c > 63) -+ return -EBADMSG; -+ -+ /* Literal label */ -+ label = (const char *)&optval[pos]; -+ pos += c; -+ if (pos >= optlen) -+ return -EMSGSIZE; -+ -+ if (!GREEDY_REALLOC(ret, allocated, n + !first + DNS_LABEL_ESCAPED_MAX)) -+ return -ENOMEM; -+ -+ if (first) -+ first = false; -+ else -+ ret[n++] = '.'; -+ -+ r = dns_label_escape(label, c, ret + n, DNS_LABEL_ESCAPED_MAX); -+ if (r < 0) -+ return r; - -- if (!GREEDY_REALLOC(ret, allocated, n + 1)) { -- r = -ENOMEM; -- goto fail; -+ n += r; - } - -+ if (n == 0) -+ continue; -+ -+ if (!GREEDY_REALLOC(ret, allocated, n + 1)) -+ return -ENOMEM; -+ - ret[n] = 0; - - r = strv_extend(&names, ret); - if (r < 0) -- goto fail; -+ return r; - - idx++; - } -@@ -610,7 +605,4 @@ int dhcp6_option_parse_domainname(const uint8_t *optval, uint16_t optlen, char * - *str_arr = TAKE_PTR(names); - - return idx; -- --fail: -- return r; - } --- -2.17.1 - - -From 7dd0b1ae8cc44a6e3c91dc921a278f939d045f0d Mon Sep 17 00:00:00 2001 -From: Li Song -Date: Fri, 19 Oct 2018 13:41:51 -0400 -Subject: [PATCH 8/9] sd-dhcp: remove unreachable route after rebinding return - NAK - -(cherry picked from commit cc3981b1272b9ce37e7d734a7b2f42e84acac535) -(cherry picked from commit 915c2f675a23b2ae16d292d1ac570706f76b384d) -(cherry picked from commit cb77290a696dce924e2a993690634986ac035490) -(cherry picked from commit f211b140a5861ddedc2424946e3ab07d3b642b5f) ---- - src/systemd/src/libsystemd-network/sd-dhcp-client.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/src/systemd/src/libsystemd-network/sd-dhcp-client.c b/src/systemd/src/libsystemd-network/sd-dhcp-client.c -index c2f81e1c4..c28025410 100644 ---- a/src/systemd/src/libsystemd-network/sd-dhcp-client.c -+++ b/src/systemd/src/libsystemd-network/sd-dhcp-client.c -@@ -1649,6 +1649,8 @@ static int client_handle_message(sd_dhcp_client *client, DHCPMessage *message, i - client->timeout_resend = - sd_event_source_unref(client->timeout_resend); - -+ client_notify(client, SD_DHCP_CLIENT_EVENT_EXPIRED); -+ - r = client_initialize(client); - if (r < 0) - goto error; --- -2.17.1 - - -From 5a89e393279e8d0c8c2943b4cce99b91c5ebe903 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Fri, 19 Oct 2018 12:12:33 +0200 -Subject: [PATCH 9/9] dhcp6: make sure we have enough space for the DHCP6 - option header - -Fixes a vulnerability originally discovered by Felix Wilhelm from -Google. - -CVE-2018-15688 -LP: #1795921 -https://bugzilla.redhat.com/show_bug.cgi?id=1639067 - -(cherry picked from commit 4dac5eaba4e419b29c97da38a8b1f82336c2c892) -(cherry picked from commit 01ca2053bbea09f35b958c8cc7631e15469acb79) -(cherry picked from commit fc230dca139142f409d7bac99dbfabe9b004e2fb) -(cherry picked from commit cc1e5a7f5731f223d1eb8473fa0eecbedfc0ae5f) ---- - src/systemd/src/libsystemd-network/dhcp6-option.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/systemd/src/libsystemd-network/dhcp6-option.c b/src/systemd/src/libsystemd-network/dhcp6-option.c -index be5c22237..22970443d 100644 ---- a/src/systemd/src/libsystemd-network/dhcp6-option.c -+++ b/src/systemd/src/libsystemd-network/dhcp6-option.c -@@ -105,7 +105,7 @@ int dhcp6_option_append_ia(uint8_t **buf, size_t *buflen, DHCP6IA *ia) { - return -EINVAL; - } - -- if (*buflen < len) -+ if (*buflen < offsetof(DHCP6Option, data) + len) - return -ENOBUFS; - - ia_hdr = *buf; --- -2.17.1 - diff --git a/SOURCES/1000-cli-hide-certificate-blobs-rh1702199.patch b/SOURCES/1000-cli-hide-certificate-blobs-rh1702199.patch new file mode 100644 index 0000000..02d3c75 --- /dev/null +++ b/SOURCES/1000-cli-hide-certificate-blobs-rh1702199.patch @@ -0,0 +1,398 @@ +From ff8fb5975a6cf8d904256fa414b359c9f1c4682d Mon Sep 17 00:00:00 2001 +From: Beniamino Galvani +Date: Tue, 23 Apr 2019 14:17:47 +0200 +Subject: [PATCH 1/6] cli: fix setting private key password + +Fixes: fe390556abfe ('cli: add property type for 802-1x certificate properties (pt3)') +(cherry picked from commit ee96387578ca5428b9836dda382f9e6d64d5a7a8) +(cherry picked from commit d8badb280ce2acfcd0ae6fb3d8d133cae6326b7c) +--- + clients/common/nm-meta-setting-desc.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/clients/common/nm-meta-setting-desc.c b/clients/common/nm-meta-setting-desc.c +index 698ded869..b21ce37cf 100644 +--- a/clients/common/nm-meta-setting-desc.c ++++ b/clients/common/nm-meta-setting-desc.c +@@ -2276,6 +2276,7 @@ _set_fcn_cert_8021x (ARGS_SET_FCN) + password = path + strcspn (path, " \t"); + if (password[0] != '\0') { + password[0] = '\0'; ++ password++; + while (nm_utils_is_separator (password[0])) + password++; + } else { +-- +2.20.1 + +From 2fe6e3a039fa1c1b1975020f409a1b505c27ec3d Mon Sep 17 00:00:00 2001 +From: Beniamino Galvani +Date: Tue, 23 Apr 2019 14:55:32 +0200 +Subject: [PATCH 2/6] cli: parse escape sequences when reading an 802.1x + private key + +In this way it become possible to specify a filename that includes one +of the delimiters. + +(cherry picked from commit eac15501b2364a20505a90661e037a339a63b0ea) +(cherry picked from commit 0f03773b75548151a98cae8d696fcfc698a23bb7) +--- + clients/common/nm-meta-setting-desc.c | 28 +++++++++++++++++---------- + 1 file changed, 18 insertions(+), 10 deletions(-) + +diff --git a/clients/common/nm-meta-setting-desc.c b/clients/common/nm-meta-setting-desc.c +index b21ce37cf..768e371e9 100644 +--- a/clients/common/nm-meta-setting-desc.c ++++ b/clients/common/nm-meta-setting-desc.c +@@ -2268,17 +2268,25 @@ _set_fcn_cert_8021x (ARGS_SET_FCN) + vtable = &nm_setting_8021x_scheme_vtable[property_info->property_typ_data->subtype.cert_8021x.scheme_type]; + + if (vtable->is_secret) { +- gs_free char *path = NULL; + nm_auto_free_secret char *password_free = NULL; +- char *password; +- +- path = g_strdup (value); +- password = path + strcspn (path, " \t"); +- if (password[0] != '\0') { +- password[0] = '\0'; +- password++; +- while (nm_utils_is_separator (password[0])) +- password++; ++ gs_free const char **strv = NULL; ++ const char *password; ++ const char *path; ++ gsize len; ++ ++ strv = nm_utils_escaped_tokens_split (value, NM_ASCII_SPACES); ++ len = NM_PTRARRAY_LEN (strv); ++ if (len > 2) { ++ g_set_error_literal (error, ++ NM_UTILS_ERROR, ++ NM_UTILS_ERROR_INVALID_ARGUMENT, ++ _("too many arguments. Please only specify a private key file and optionally a password")); ++ return FALSE; ++ } ++ ++ path = len > 0 ? strv[0] : NULL; ++ if (len == 2) { ++ password = strv[1]; + } else { + password_free = g_strdup (vtable->passwd_func (NM_SETTING_802_1X (setting))); + password = password_free; +-- +2.20.1 + +From 312f84cefd672ee141c999e374d49711176ff877 Mon Sep 17 00:00:00 2001 +From: Beniamino Galvani +Date: Tue, 23 Apr 2019 21:14:31 +0200 +Subject: [PATCH 3/6] cli: remove bluetooth completion code + +The 'bt-type' property alias accepts values provided by +gen_func_bt_type(); instead the 'bluetooth.type' property can only be +set to [dun, panu, nap] and therefore it doesn't need special +handling. + +(cherry picked from commit 78b9448b69d1e511aab9f24f4da8a6731c2dc7ee) +(cherry picked from commit a9728a61125ef44ac5008ebb0d6d028d26d683af) +--- + clients/cli/connections.c | 10 ++-------- + 1 file changed, 2 insertions(+), 8 deletions(-) + +diff --git a/clients/cli/connections.c b/clients/cli/connections.c +index 6ee3b49f9..b8f9b5f27 100644 +--- a/clients/cli/connections.c ++++ b/clients/cli/connections.c +@@ -4561,14 +4561,8 @@ complete_property (const char *setting_name, const char *property, const char *p + const NMMetaPropertyInfo *property_info; + + property_info = nm_meta_property_info_find_by_name (setting_name, property); +- if (property_info) { +- if (complete_option ((const NMMetaAbstractInfo *) property_info, prefix, connection)) +- return; +- } +- +- if ( strcmp (setting_name, NM_SETTING_BLUETOOTH_SETTING_NAME) == 0 +- && strcmp (property, NM_SETTING_BLUETOOTH_TYPE) == 0) +- run_rl_generator (gen_func_bt_type, prefix); ++ if (property_info) ++ complete_option ((const NMMetaAbstractInfo *) property_info, prefix, connection); + } + + /*****************************************************************************/ +-- +2.20.1 + +From 00cffb99f83e058835ed1f5a0ce78e4b2dc92e5c Mon Sep 17 00:00:00 2001 +From: Beniamino Galvani +Date: Tue, 23 Apr 2019 21:35:19 +0200 +Subject: [PATCH 4/6] cli: allow completing filenames + +Allow the completion function to indicate that the word should be +completed as a filename by the shell. + +(cherry picked from commit eb724293c25038c7e0f0d6789af2cea11da176eb) +(cherry picked from commit 09f9831fc628c2bfa406987bc1e1b77c036a3b20) +--- + clients/cli/connections.c | 23 ++++++++++++++++------- + clients/common/nm-meta-setting-access.c | 2 ++ + clients/common/nm-meta-setting-access.h | 1 + + clients/common/nm-meta-setting-desc.c | 4 +++- + clients/common/nm-meta-setting-desc.h | 2 ++ + 5 files changed, 24 insertions(+), 8 deletions(-) + +diff --git a/clients/cli/connections.c b/clients/cli/connections.c +index b8f9b5f27..034fc19f5 100644 +--- a/clients/cli/connections.c ++++ b/clients/cli/connections.c +@@ -3785,6 +3785,7 @@ _meta_abstract_complete (const NMMetaAbstractInfo *abstract_info, const char *te + nmc_meta_environment_arg, + &ctx, + text, ++ NULL, + &values_to_free); + if (values) + return values_to_free ?: g_strdupv ((char **) values); +@@ -4525,11 +4526,12 @@ run_rl_generator (rl_compentry_func_t *generator_func, const char *prefix) + } + + static gboolean +-complete_option (const NMMetaAbstractInfo *abstract_info, const char *prefix, NMConnection *context_connection) ++complete_option (NmCli *nmc, const NMMetaAbstractInfo *abstract_info, const char *prefix, NMConnection *context_connection) + { + const OptionInfo *candidate; + const char *const*values; + gs_strfreev char **values_to_free = NULL; ++ gboolean complete_filename = FALSE; + const NMMetaOperationContext ctx = { + .connection = context_connection, + }; +@@ -4539,7 +4541,12 @@ complete_option (const NMMetaAbstractInfo *abstract_info, const char *prefix, NM + nmc_meta_environment_arg, + &ctx, + prefix, ++ &complete_filename, + &values_to_free); ++ if (complete_filename) { ++ nmc->return_value = NMC_RESULT_COMPLETE_FILE; ++ return TRUE; ++ } + if (values) { + for (; values[0]; values++) + g_print ("%s\n", values[0]); +@@ -4556,13 +4563,13 @@ complete_option (const NMMetaAbstractInfo *abstract_info, const char *prefix, NM + } + + static void +-complete_property (const char *setting_name, const char *property, const char *prefix, NMConnection *connection) ++complete_property (NmCli *nmc, const char *setting_name, const char *property, const char *prefix, NMConnection *connection) + { + const NMMetaPropertyInfo *property_info; + + property_info = nm_meta_property_info_find_by_name (setting_name, property); + if (property_info) +- complete_option ((const NMMetaAbstractInfo *) property_info, prefix, connection); ++ complete_option (nmc, (const NMMetaAbstractInfo *) property_info, prefix, connection); + } + + /*****************************************************************************/ +@@ -4652,8 +4659,10 @@ nmc_read_connection_properties (NmCli *nmc, + if (!get_value (&value, argc, argv, option, error)) + return FALSE; + +- if (!*argc && nmc->complete) +- complete_property (setting, strv[1], value ?: "", connection); ++ if (!*argc && nmc->complete) { ++ complete_property (nmc, setting, strv[1], value ?: "", connection); ++ return TRUE; ++ } + + if (!set_property (nmc->client, connection, setting_name, strv[1], value, modifier, error)) + return FALSE; +@@ -4734,7 +4743,7 @@ nmc_read_connection_properties (NmCli *nmc, + return FALSE; + + if (!*argc && nmc->complete) +- complete_option (chosen, value ?: "", connection); ++ complete_option (nmc, chosen, value ?: "", connection); + + if (!set_option (nmc, connection, chosen, value, error)) + return FALSE; +@@ -8861,7 +8870,7 @@ do_connection_import (NmCli *nmc, int argc, char **argv) + if ( argc == 1 + && nmc->complete) { + nmc_complete_strings (*argv, "wireguard"); +- complete_option ((const NMMetaAbstractInfo *) nm_meta_property_info_vpn_service_type, ++ complete_option (nmc, (const NMMetaAbstractInfo *) nm_meta_property_info_vpn_service_type, + *argv, + NULL); + } +diff --git a/clients/common/nm-meta-setting-access.c b/clients/common/nm-meta-setting-access.c +index 8399f29db..ce5cd331c 100644 +--- a/clients/common/nm-meta-setting-access.c ++++ b/clients/common/nm-meta-setting-access.c +@@ -273,6 +273,7 @@ nm_meta_abstract_info_complete (const NMMetaAbstractInfo *abstract_info, + gpointer environment_user_data, + const NMMetaOperationContext *operation_context, + const char *text, ++ gboolean *out_complete_filename, + char ***out_to_free) + { + const char *const*values; +@@ -292,6 +293,7 @@ nm_meta_abstract_info_complete (const NMMetaAbstractInfo *abstract_info, + environment_user_data, + operation_context, + text, ++ out_complete_filename, + out_to_free); + + nm_assert (!*out_to_free || values == (const char *const*) *out_to_free); +diff --git a/clients/common/nm-meta-setting-access.h b/clients/common/nm-meta-setting-access.h +index ec1c2ba00..38f22c7a4 100644 +--- a/clients/common/nm-meta-setting-access.h ++++ b/clients/common/nm-meta-setting-access.h +@@ -69,6 +69,7 @@ const char *const*nm_meta_abstract_info_complete (const NMMetaAbstractInfo *abst + gpointer environment_user_data, + const NMMetaOperationContext *operation_context, + const char *text, ++ gboolean *out_complete_filename, + char ***out_to_free); + + /*****************************************************************************/ +diff --git a/clients/common/nm-meta-setting-desc.c b/clients/common/nm-meta-setting-desc.c +index 768e371e9..7e4eb3d31 100644 +--- a/clients/common/nm-meta-setting-desc.c ++++ b/clients/common/nm-meta-setting-desc.c +@@ -788,7 +788,7 @@ _env_warn_fcn (const NMMetaEnvironment *environment, + const NMMetaPropertyInfo *property_info, const NMMetaEnvironment *environment, gpointer environment_user_data, NMSetting *setting, const char *value, GError **error + + #define ARGS_COMPLETE_FCN \ +- const NMMetaPropertyInfo *property_info, const NMMetaEnvironment *environment, gpointer environment_user_data, const NMMetaOperationContext *operation_context, const char *text, char ***out_to_free ++ const NMMetaPropertyInfo *property_info, const NMMetaEnvironment *environment, gpointer environment_user_data, const NMMetaOperationContext *operation_context, const char *text, gboolean *out_complete_filename, char ***out_to_free + + #define ARGS_VALUES_FCN \ + const NMMetaPropertyInfo *property_info, char ***out_to_free +@@ -8159,6 +8159,7 @@ _meta_type_property_info_complete_fcn (const NMMetaAbstractInfo *abstract_info, + gpointer environment_user_data, + const NMMetaOperationContext *operation_context, + const char *text, ++ gboolean *out_complete_filename, + char ***out_to_free) + { + const NMMetaPropertyInfo *info = (const NMMetaPropertyInfo *) abstract_info; +@@ -8171,6 +8172,7 @@ _meta_type_property_info_complete_fcn (const NMMetaAbstractInfo *abstract_info, + environment_user_data, + operation_context, + text, ++ out_complete_filename, + out_to_free); + } + +diff --git a/clients/common/nm-meta-setting-desc.h b/clients/common/nm-meta-setting-desc.h +index b69a07b50..2fee080b9 100644 +--- a/clients/common/nm-meta-setting-desc.h ++++ b/clients/common/nm-meta-setting-desc.h +@@ -221,6 +221,7 @@ struct _NMMetaPropertyType { + gpointer environment_user_data, + const NMMetaOperationContext *operation_context, + const char *text, ++ gboolean *out_complete_filename, + char ***out_to_free); + + /* Whether set_fcn() supports the '-' modifier. That is, whether the property +@@ -444,6 +445,7 @@ struct _NMMetaType { + gpointer environment_user_data, + const NMMetaOperationContext *operation_context, + const char *text, ++ gboolean *out_complete_filename, + char ***out_to_free); + }; + +-- +2.20.1 + +From 4fe5505236fdf1d268d8d8a8cc9a339c4e2eb47e Mon Sep 17 00:00:00 2001 +From: Beniamino Galvani +Date: Tue, 23 Apr 2019 22:01:15 +0200 +Subject: [PATCH 5/6] cli: complete 802.1x certificate file names + +(cherry picked from commit ec4a12ecdbebbca5b8108e1611e95fa93b43d637) +(cherry picked from commit 3d3fac55e38c5da544f8acc36aaf9334a92cbf11) +--- + clients/common/nm-meta-setting-desc.c | 21 +++++++++++++++++++++ + 1 file changed, 21 insertions(+) + +diff --git a/clients/common/nm-meta-setting-desc.c b/clients/common/nm-meta-setting-desc.c +index 7e4eb3d31..7c8f89563 100644 +--- a/clients/common/nm-meta-setting-desc.c ++++ b/clients/common/nm-meta-setting-desc.c +@@ -2307,6 +2307,26 @@ _set_fcn_cert_8021x (ARGS_SET_FCN) + } + } + ++static const char *const* ++_complete_fcn_cert_8021x (ARGS_COMPLETE_FCN) ++{ ++ const NMSetting8021xSchemeVtable *vtable; ++ ++ vtable = &nm_setting_8021x_scheme_vtable[property_info->property_typ_data->subtype.cert_8021x.scheme_type]; ++ ++ if (vtable->is_secret) { ++ gs_free const char **strv = NULL; ++ ++ strv = nm_utils_escaped_tokens_split (text, NM_ASCII_SPACES); ++ /* don't try to complete the password */ ++ if (NM_PTRARRAY_LEN (strv) > 1) ++ return NULL; ++ } ++ ++ NM_SET_OUT (out_complete_filename, TRUE); ++ return NULL; ++} ++ + static gconstpointer + _get_fcn_gobject_bytes (ARGS_GET_FCN) + { +@@ -4466,6 +4486,7 @@ static const NMMetaPropertyType _pt_dcb = { + static const NMMetaPropertyType _pt_cert_8021x = { + .get_fcn = _get_fcn_cert_8021x, + .set_fcn = _set_fcn_cert_8021x, ++ .complete_fcn = _complete_fcn_cert_8021x, + }; + + static const NMMetaPropertyType _pt_ethtool = { +-- +2.20.1 + +From 1d02cd13072aa90471cdf0f0f2dde048a126c007 Mon Sep 17 00:00:00 2001 +From: Beniamino Galvani +Date: Wed, 24 Apr 2019 15:21:34 +0200 +Subject: [PATCH 6/6] cli: hide certificate blobs unless --show-secrets is + passed + +This restores the behavior before commit 99711579ed43. + +Fixes: 99711579ed43 ('cli: add property type for 802-1x certificate properties (pt2)'). +(cherry picked from commit c91aad49695fc0d5ff1dd07a4459dc7fbe9bdbc0) +(cherry picked from commit 8c75120df055ac6c7b778a885473af202897abf9) +--- + clients/common/nm-meta-setting-desc.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/clients/common/nm-meta-setting-desc.c b/clients/common/nm-meta-setting-desc.c +index 7c8f89563..9b5debcfe 100644 +--- a/clients/common/nm-meta-setting-desc.c ++++ b/clients/common/nm-meta-setting-desc.c +@@ -2229,8 +2229,7 @@ _get_fcn_cert_8021x (ARGS_GET_FCN) + + switch (vtable->scheme_func (s_8021X)) { + case NM_SETTING_802_1X_CK_SCHEME_BLOB: +- if ( vtable->is_secret +- && !NM_FLAGS_HAS (get_flags, NM_META_ACCESSOR_GET_FLAGS_SHOW_SECRETS)) ++ if (!NM_FLAGS_HAS (get_flags, NM_META_ACCESSOR_GET_FLAGS_SHOW_SECRETS)) + return _get_text_hidden (get_type); + str = bytes_to_string (vtable->blob_func (s_8021X)); + break; +-- +2.20.1 + diff --git a/SOURCES/1000-cli-remove-assertion-in-nmc_device_state_to_color.patch b/SOURCES/1000-cli-remove-assertion-in-nmc_device_state_to_color.patch deleted file mode 100644 index ad52000..0000000 --- a/SOURCES/1000-cli-remove-assertion-in-nmc_device_state_to_color.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 2f9faf8348793ed577c0a3f6a7850c182762a7f0 Mon Sep 17 00:00:00 2001 -From: Beniamino Galvani -Date: Thu, 9 Aug 2018 20:37:32 +0200 -Subject: [PATCH] cli: remove assertion in nmc_device_state_to_color() - -nmcli should not fail when the state device state is > ACTIVATED. -Just return an unknown color code like we used to do, and like we do -for connections. - -Fixes: 31aa2cfe29beb1bb7371ff36dbbd8baebeeaa06e - -https://bugzilla.gnome.org/show_bug.cgi?id=796834 -(cherry picked from commit c955d91d4bbd1aec0e00be8955ac24aecf64182f) -(cherry picked from commit 5b31dfb1a529a4c5eec6343daac22ecc81c83dc5) ---- - clients/cli/devices.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/clients/cli/devices.c b/clients/cli/devices.c -index aa28678ff..be7597327 100644 ---- a/clients/cli/devices.c -+++ b/clients/cli/devices.c -@@ -1470,7 +1470,7 @@ nmc_device_state_to_color (NMDeviceState state) - else if (state == NM_DEVICE_STATE_ACTIVATED) - return NM_META_COLOR_DEVICE_ACTIVATED; - -- g_return_val_if_reached (NM_META_COLOR_DEVICE_UNKNOWN); -+ return NM_META_COLOR_DEVICE_UNKNOWN; - } - - static void --- -2.17.1 - diff --git a/SOURCES/1001-device-fix-reapply-of-MTU-rh1702657.patch b/SOURCES/1001-device-fix-reapply-of-MTU-rh1702657.patch new file mode 100644 index 0000000..cd52c15 --- /dev/null +++ b/SOURCES/1001-device-fix-reapply-of-MTU-rh1702657.patch @@ -0,0 +1,42 @@ +From 89af6353940018621493764927a3f10335084628 Mon Sep 17 00:00:00 2001 +From: Beniamino Galvani +Date: Fri, 26 Apr 2019 10:49:21 +0200 +Subject: [PATCH] device: fix reapply of MTU + +When we set the MTU on the link we remember its previous source +(ip-config, parent-device or connection profile) and don't change it +again afterwards to avoid interfering with user's manual changes. The +only exceptions when we change it again are (1) if the parent device +MTU changes and (2) if the new MTU has higher priority than the one +previously set. + +To allow a live reapply of the MTU property we also need to clear the +saved source, or the checks described above will prevent setting the +new value. + +Fixes: 2f8917237fdf ('device: rework mtu priority handling') + +https://bugzilla.redhat.com/show_bug.cgi?id=1702657 +(cherry picked from commit 4ed72fa658c03790700ba9084e9328fe38afdee9) +(cherry picked from commit e738479bdd714f754aa311bada3315147efab376) +--- + src/devices/nm-device.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/devices/nm-device.c b/src/devices/nm-device.c +index b909f0ddf..8ae64b968 100644 +--- a/src/devices/nm-device.c ++++ b/src/devices/nm-device.c +@@ -11312,6 +11312,9 @@ check_and_reapply_connection (NMDevice *self, + s_ip6_old = nm_connection_get_setting_ip6_config (con_old); + s_ip6_new = nm_connection_get_setting_ip6_config (con_new); + ++ /* Allow reapply of MTU */ ++ priv->mtu_source = NM_DEVICE_MTU_SOURCE_NONE; ++ + nm_device_reactivate_ip4_config (self, s_ip4_old, s_ip4_new); + nm_device_reactivate_ip6_config (self, s_ip6_old, s_ip6_new); + +-- +2.20.1 + diff --git a/SOURCES/1001-translations-rh1569438.patch b/SOURCES/1001-translations-rh1569438.patch deleted file mode 100644 index e9413b1..0000000 --- a/SOURCES/1001-translations-rh1569438.patch +++ /dev/null @@ -1,11844 +0,0 @@ -From 4f8a029a6574e33eb1466840fe41ff02a52dea92 Mon Sep 17 00:00:00 2001 -From: Lubomir Rintel -Date: Tue, 12 Dec 2017 10:46:10 +0100 -Subject: [PATCH 1/3] po: add zanata.xml - ---- - zanata.xml | 16 ++++++++++++++++ - 1 file changed, 16 insertions(+) - create mode 100644 zanata.xml - -diff --git a/zanata.xml b/zanata.xml -new file mode 100644 -index 0000000..4c7147b ---- /dev/null -+++ b/zanata.xml -@@ -0,0 +1,16 @@ -+ -+ -+ -+ -+ -+ https://vendors.zanata.redhat.com/ -+ networkmanager -+ RHEL-7.6 -+ gettext -+ po -+ po -+ -+ --- -2.17.1 - -From 2021084e8dec54ea581886f4f7f6c61a124c8068 Mon Sep 17 00:00:00 2001 -From: Lubomir Rintel -Date: Sun, 19 Aug 2018 13:04:25 +0200 -Subject: [PATCH 2/3] po/ja: translations from the Red Hat translators - ---- - po/ja.po | 4941 ++++++++++++++++++++++++++++-------------------------- - 1 file changed, 2609 insertions(+), 2332 deletions(-) - -diff --git a/po/ja.po b/po/ja.po -index f54f8a4..35f9c7c 100644 ---- a/po/ja.po -+++ b/po/ja.po -@@ -7,20 +7,23 @@ - # Noriko Mizumoto , 2013 - 2014. - # amoewaki , 2017. #zanata - # lrintel , 2017. #zanata -+# amoewaki , 2018. #zanata -+# kemorigu , 2018. #zanata -+# lrintel , 2018. #zanata - msgid "" - msgstr "" - "Project-Id-Version: PACKAGE VERSION\n" - "Report-Msgid-Bugs-To: \n" --"POT-Creation-Date: 2017-12-12 10:22+0100\n" --"PO-Revision-Date: 2017-12-04 11:32+0000\n" --"Last-Translator: amoewaki \n" -+"POT-Creation-Date: 2018-08-19 12:54+0200\n" -+"PO-Revision-Date: 2018-08-16 01:39+0000\n" -+"Last-Translator: kemorigu \n" - "Language-Team: Japanese \n" - "Language: ja\n" - "MIME-Version: 1.0\n" - "Content-Type: text/plain; charset=UTF-8\n" - "Content-Transfer-Encoding: 8bit\n" - "Plural-Forms: Plural-Forms: nplurals=1; plural=0;\n" --"X-Generator: Zanata 4.3.2\n" -+"X-Generator: Zanata 4.6.0\n" - - #: ../clients/cli/agent.c:40 - #, c-format -@@ -32,7 +35,7 @@ msgid "" - msgstr "" - "使い方: nmcli agent { COMMAND | help }\n" - "\n" --"COMMAND := { secret | polkit | all }\n" -+"コマンド := { secret | polkit | all }\n" - "\n" - "\n" - -@@ -87,48 +90,49 @@ msgstr "" - "す。\n" - "\n" - --#: ../clients/cli/agent.c:158 -+#: ../clients/cli/agent.c:157 - #, c-format - msgid "nmcli successfully registered as a NetworkManager's secret agent.\n" - msgstr "" - "nmcli は NetworkManager のシークレットエージェントとして適切に登録されまし" - "た。\n" - --#: ../clients/cli/agent.c:160 -+#: ../clients/cli/agent.c:159 - #, c-format - msgid "Error: secret agent initialization failed" - msgstr "エラー: シークレットエージェントの初期化に失敗しました" - --#: ../clients/cli/agent.c:179 -+#: ../clients/cli/agent.c:178 - #, c-format - msgid "Error: polkit agent initialization failed: %s" - msgstr "エラー: polkit エージェントの初期化に失敗しました: %s" - --#: ../clients/cli/agent.c:187 -+#: ../clients/cli/agent.c:186 - #, c-format - msgid "nmcli successfully registered as a polkit agent.\n" - msgstr "nmcli が polkit エージェントとして適切に登録されました。\n" - --#: ../clients/cli/common.c:262 ../clients/cli/common.c:277 -+#: ../clients/cli/common.c:306 ../clients/cli/common.c:332 -+#: ../clients/cli/connections.c:1297 - msgid "GROUP" - msgstr "グループ" - --#: ../clients/cli/common.c:559 -+#: ../clients/cli/common.c:606 - #, c-format - msgid "Error: openconnect failed: %s\n" - msgstr "エラー: openconnect が失敗しました: %s\n" - --#: ../clients/cli/common.c:566 -+#: ../clients/cli/common.c:613 - #, c-format - msgid "Error: openconnect failed with status %d\n" - msgstr "エラー: openconnect がステータス %d で失敗しました\n" - --#: ../clients/cli/common.c:568 -+#: ../clients/cli/common.c:615 - #, c-format - msgid "Error: openconnect failed with signal %d\n" - msgstr "エラー: openconnect がシグナル %d で失敗しました\n" - --#: ../clients/cli/common.c:648 -+#: ../clients/cli/common.c:695 - #, c-format - msgid "" - "Warning: password for '%s' not given in 'passwd-file' and nmcli cannot ask " -@@ -137,25 +141,25 @@ msgstr "" - "警告: '%s' のパスワードが 'passwd-file' で提供されていません。nmcli は '--" - "ask' オプションがないと尋ねることができません。\n" - --#: ../clients/cli/common.c:1114 -+#: ../clients/cli/common.c:1185 - #, c-format - msgid "Error: Could not create NMClient object: %s." - msgstr "エラー: NMClient オブジェクトを作成できませんでした: %s。" - --#: ../clients/cli/common.c:1134 -+#: ../clients/cli/common.c:1205 - msgid "Error: NetworkManager is not running." - msgstr "エラー: NetworkManager が起動していません。" - --#: ../clients/cli/common.c:1231 -+#: ../clients/cli/common.c:1301 - #, c-format - msgid "Error: argument '%s' not understood. Try passing --help instead." - msgstr "エラー: 引数 '%s' が認識されません。代わりに --help を渡してください。" - --#: ../clients/cli/common.c:1241 -+#: ../clients/cli/common.c:1311 - msgid "Error: missing argument. Try passing --help." - msgstr "エラー: 引数がありません。--help を渡してください。" - --#: ../clients/cli/common.c:1294 -+#: ../clients/cli/common.c:1364 - msgid "access denied" - msgstr "アクセスは拒否されました" - -@@ -166,7 +170,7 @@ msgstr "設定名は? " - - #: ../clients/cli/connections.c:65 - msgid "Property name? " --msgstr "プロパティ名は? " -+msgstr "プロパティー名は? " - - #: ../clients/cli/connections.c:66 - msgid "Enter connection type: " -@@ -189,7 +193,70 @@ msgstr "接続 (名前、UUID またはパス)" - msgid "Connection(s) (name, UUID, path or apath)" - msgstr "接続 (名前、UUID、パス または apath)" - --#: ../clients/cli/connections.c:195 -+#: ../clients/cli/connections.c:80 ../clients/cli/connections.c:89 -+#: ../clients/cli/devices.c:1201 ../clients/cli/devices.c:1245 -+#: ../clients/cli/devices.c:1247 ../clients/cli/general.c:41 -+#: ../clients/cli/general.c:82 ../clients/cli/general.c:150 -+#: ../clients/cli/general.c:155 ../clients/common/nm-client-utils.c:288 -+#: ../clients/common/nm-client-utils.c:291 -+#: ../clients/common/nm-client-utils.c:307 -+#: ../clients/common/nm-client-utils.c:310 -+#: ../clients/common/nm-meta-setting-desc.c:1482 -+#: ../clients/common/nm-meta-setting-desc.c:1532 -+#: ../clients/common/nm-meta-setting-desc.c:2681 -+#: ../clients/common/nm-meta-setting-desc.c:2736 -+msgid "unknown" -+msgstr "不明" -+ -+#: ../clients/cli/connections.c:81 -+msgid "activating" -+msgstr "アクティベート中" -+ -+#: ../clients/cli/connections.c:82 -+msgid "activated" -+msgstr "アクティベート済み" -+ -+#: ../clients/cli/connections.c:83 ../clients/common/nm-client-utils.c:284 -+msgid "deactivating" -+msgstr "停止中" -+ -+#: ../clients/cli/connections.c:84 -+msgid "deactivated" -+msgstr "停止しました" -+ -+#: ../clients/cli/connections.c:90 -+msgid "VPN connecting (prepare)" -+msgstr "VPN 接続(準備)" -+ -+#: ../clients/cli/connections.c:91 -+msgid "VPN connecting (need authentication)" -+msgstr "VPN 接続(認証が必要)" -+ -+#: ../clients/cli/connections.c:92 -+msgid "VPN connecting" -+msgstr "VPN 接続" -+ -+#: ../clients/cli/connections.c:93 -+msgid "VPN connecting (getting IP configuration)" -+msgstr "VPN 接続(IP 設定を取得)" -+ -+#: ../clients/cli/connections.c:94 -+msgid "VPN connected" -+msgstr "VPN 接続済み" -+ -+#: ../clients/cli/connections.c:95 -+msgid "VPN connection failed" -+msgstr "VPN 接続失敗" -+ -+#: ../clients/cli/connections.c:96 -+msgid "VPN disconnected" -+msgstr "VPN 切断済み" -+ -+#: ../clients/cli/connections.c:452 -+msgid "never" -+msgstr "しない" -+ -+#: ../clients/cli/connections.c:713 - #, c-format - msgid "" - "Usage: nmcli connection { COMMAND | help }\n" -@@ -266,7 +333,7 @@ msgstr "" - " export [id | uuid | path] []\n" - "\n" - --#: ../clients/cli/connections.c:217 -+#: ../clients/cli/connections.c:735 - #, c-format - msgid "" - "Usage: nmcli connection show { ARGUMENTS | help }\n" -@@ -315,7 +382,7 @@ msgstr "" - "関連するシークレットも表示する場合は、グローバルな --show-secrets オプション" - "を使用します。\n" - --#: ../clients/cli/connections.c:238 -+#: ../clients/cli/connections.c:756 - #, c-format - msgid "" - "Usage: nmcli connection up { ARGUMENTS | help }\n" -@@ -359,7 +426,7 @@ msgstr "" - "passwd-file - 接続をアクティブにするのに必要なパスワードを含むファイル\n" - "\n" - --#: ../clients/cli/connections.c:259 -+#: ../clients/cli/connections.c:777 - #, c-format - msgid "" - "Usage: nmcli connection down { ARGUMENTS | help }\n" -@@ -381,7 +448,7 @@ msgstr "" - "で識別します。\n" - "\n" - --#: ../clients/cli/connections.c:271 -+#: ../clients/cli/connections.c:789 - #, c-format - msgid "" - "Usage: nmcli connection add { ARGUMENTS | help }\n" -@@ -680,7 +747,7 @@ msgstr "" - " [ip6 ] [gw6 ]\n" - "\n" - --#: ../clients/cli/connections.c:389 -+#: ../clients/cli/connections.c:907 - #, c-format - msgid "" - "Usage: nmcli connection modify { ARGUMENTS | help }\n" -@@ -726,7 +793,7 @@ msgstr "" - "nmcli con mod bond0 -bond.options downdelay\n" - "\n" - --#: ../clients/cli/connections.c:412 -+#: ../clients/cli/connections.c:930 - #, c-format - msgid "" - "Usage: nmcli connection clone { ARGUMENTS | help }\n" -@@ -749,7 +816,7 @@ msgstr "" - "を除き、 の完全なコピーになります。\n" - "\n" - --#: ../clients/cli/connections.c:424 -+#: ../clients/cli/connections.c:942 - #, c-format - msgid "" - "Usage: nmcli connection edit { ARGUMENTS | help }\n" -@@ -768,7 +835,7 @@ msgstr "" - "\n" - "引数 := [id | uuid | path] \n" - "\n" --"インテラクティブなエディタで既存の接続プロファイルを編集します。\n" -+"インテラクティブなエディターで既存の接続プロファイルを編集します。\n" - "プロファイルは名前、UUID、D-Bus パスなどで識別します。\n" - "\n" - "引数 := [type <新しい接続タイプ>] [con-name <新しい接続名>]\n" -@@ -776,7 +843,7 @@ msgstr "" - "インテラクティブなエディターで新しい接続プロファイルを追加します。\n" - "\n" - --#: ../clients/cli/connections.c:439 -+#: ../clients/cli/connections.c:957 - #, c-format - msgid "" - "Usage: nmcli connection delete { ARGUMENTS | help }\n" -@@ -795,7 +862,7 @@ msgstr "" - "プロファイルは名前、UUID、D-Bus パスで識別します。\n" - "\n" - --#: ../clients/cli/connections.c:450 -+#: ../clients/cli/connections.c:968 - #, c-format - msgid "" - "Usage: nmcli connection monitor { ARGUMENTS | help }\n" -@@ -816,7 +883,7 @@ msgstr "" - "何も指定されない場合は、すべての接続プロファイルを監視します。\n" - "\n" - --#: ../clients/cli/connections.c:462 -+#: ../clients/cli/connections.c:980 - #, c-format - msgid "" - "Usage: nmcli connection reload { help }\n" -@@ -828,7 +895,7 @@ msgstr "" - "\n" - "ディスクからすべての接続ファイルを再読み込みします。\n" - --#: ../clients/cli/connections.c:470 -+#: ../clients/cli/connections.c:988 - #, c-format - msgid "" - "Usage: nmcli connection load { ARGUMENTS | help }\n" -@@ -850,7 +917,7 @@ msgstr "" - "NetworkManager に最新の状態を認識させてください。\n" - "\n" - --#: ../clients/cli/connections.c:482 -+#: ../clients/cli/connections.c:1000 - #, c-format - msgid "" - "Usage: nmcli connection import { ARGUMENTS | help }\n" -@@ -874,7 +941,7 @@ msgstr "" - "NetworkManager VPN プラグインによりインポートされます。\n" - "\n" - --#: ../clients/cli/connections.c:495 -+#: ../clients/cli/connections.c:1013 - #, c-format - msgid "" - "Usage: nmcli connection export { ARGUMENTS | help }\n" -@@ -893,441 +960,337 @@ msgstr "" - "データは標準出力またはファイル (名前が指定された場合) に送信されます。\n" - "\n" - --#: ../clients/cli/connections.c:525 --msgid "activating" --msgstr "アクティベート中" -- --#: ../clients/cli/connections.c:527 --msgid "activated" --msgstr "アクティベート済み" -- --#: ../clients/cli/connections.c:529 ../clients/common/nm-client-utils.c:243 --msgid "deactivating" --msgstr "停止中" -- --#: ../clients/cli/connections.c:531 --msgid "deactivated" --msgstr "停止しました" -- --#: ../clients/cli/connections.c:534 ../clients/cli/connections.c:557 --#: ../clients/cli/devices.c:1207 ../clients/cli/devices.c:1251 --#: ../clients/cli/devices.c:1253 ../clients/cli/general.c:41 --#: ../clients/cli/general.c:79 ../clients/cli/general.c:146 --#: ../clients/cli/general.c:151 ../clients/common/nm-client-utils.c:247 --#: ../clients/common/nm-client-utils.c:250 --#: ../clients/common/nm-client-utils.c:266 --#: ../clients/common/nm-client-utils.c:269 --#: ../clients/common/nm-meta-setting-desc.c:1479 --#: ../clients/common/nm-meta-setting-desc.c:1547 --#: ../clients/common/nm-meta-setting-desc.c:2692 --#: ../clients/common/nm-meta-setting-desc.c:2746 --msgid "unknown" --msgstr "不明" -- --#: ../clients/cli/connections.c:543 --msgid "VPN connecting (prepare)" --msgstr "VPN 接続(準備)" -- --#: ../clients/cli/connections.c:545 --msgid "VPN connecting (need authentication)" --msgstr "VPN 接続(認証が必要)" -- --#: ../clients/cli/connections.c:547 --msgid "VPN connecting" --msgstr "VPN 接続" -- --#: ../clients/cli/connections.c:549 --msgid "VPN connecting (getting IP configuration)" --msgstr "VPN 接続(IP 設定を取得)" -- --#: ../clients/cli/connections.c:551 --msgid "VPN connected" --msgstr "VPN 接続済み" -- --#: ../clients/cli/connections.c:553 --msgid "VPN connection failed" --msgstr "VPN 接続失敗" -- --#: ../clients/cli/connections.c:555 --msgid "VPN disconnected" --msgstr "VPN 切断済み" -- --#: ../clients/cli/connections.c:625 -+#: ../clients/cli/connections.c:1095 - #, c-format - msgid "Error updating secrets for %s: %s\n" - msgstr "%s のシークレットの更新中にエラーが発生しました: %s\n" - --#: ../clients/cli/connections.c:645 -+#: ../clients/cli/connections.c:1138 - msgid "Connection profile details" - msgstr "接続プロファイルの詳細" - --#: ../clients/cli/connections.c:658 ../clients/cli/connections.c:1108 -+#: ../clients/cli/connections.c:1151 ../clients/cli/connections.c:1249 - #, c-format - msgid "Error: 'connection show': %s" - msgstr "エラー: 'connection show': %s" - --#: ../clients/cli/connections.c:876 --msgid "never" --msgstr "しない" -- --#. "CAPABILITIES" --#: ../clients/cli/connections.c:877 ../clients/cli/connections.c:879 --#: ../clients/cli/connections.c:881 ../clients/cli/connections.c:914 --#: ../clients/cli/connections.c:981 ../clients/cli/connections.c:982 --#: ../clients/cli/connections.c:984 ../clients/cli/connections.c:4427 --#: ../clients/cli/connections.c:6365 ../clients/cli/connections.c:6366 --#: ../clients/cli/devices.c:881 ../clients/cli/devices.c:1170 --#: ../clients/cli/devices.c:1171 ../clients/cli/devices.c:1172 --#: ../clients/cli/devices.c:1173 ../clients/cli/devices.c:1174 --#: ../clients/cli/devices.c:1211 ../clients/cli/devices.c:1213 --#: ../clients/cli/devices.c:1214 ../clients/cli/devices.c:1244 --#: ../clients/cli/devices.c:1245 ../clients/cli/devices.c:1246 --#: ../clients/cli/devices.c:1247 ../clients/cli/devices.c:1248 --#: ../clients/cli/devices.c:1249 ../clients/cli/devices.c:1250 --#: ../clients/cli/devices.c:1252 ../clients/cli/devices.c:1254 --#: ../clients/cli/general.c:152 ../clients/common/nm-client-utils.c:258 --#: ../clients/common/nm-meta-setting-desc.c:719 --#: ../clients/common/nm-meta-setting-desc.c:2685 --msgid "yes" --msgstr "はい" -- --#: ../clients/cli/connections.c:877 ../clients/cli/connections.c:879 --#: ../clients/cli/connections.c:881 ../clients/cli/connections.c:981 --#: ../clients/cli/connections.c:982 ../clients/cli/connections.c:984 --#: ../clients/cli/connections.c:4426 ../clients/cli/connections.c:6365 --#: ../clients/cli/connections.c:6366 ../clients/cli/devices.c:881 --#: ../clients/cli/devices.c:1170 ../clients/cli/devices.c:1171 --#: ../clients/cli/devices.c:1172 ../clients/cli/devices.c:1173 --#: ../clients/cli/devices.c:1174 ../clients/cli/devices.c:1211 --#: ../clients/cli/devices.c:1213 ../clients/cli/devices.c:1214 --#: ../clients/cli/devices.c:1244 ../clients/cli/devices.c:1245 --#: ../clients/cli/devices.c:1246 ../clients/cli/devices.c:1247 --#: ../clients/cli/devices.c:1248 ../clients/cli/devices.c:1249 --#: ../clients/cli/devices.c:1250 ../clients/cli/devices.c:1252 --#: ../clients/cli/devices.c:1254 ../clients/cli/general.c:153 --#: ../clients/common/nm-client-utils.c:260 --#: ../clients/common/nm-meta-setting-desc.c:719 --#: ../clients/common/nm-meta-setting-desc.c:2688 --msgid "no" --msgstr "いいえ" -- --#: ../clients/cli/connections.c:1098 -+#: ../clients/cli/connections.c:1239 - msgid "Activate connection details" - msgstr "アクティブな接続の詳細" - --#: ../clients/cli/connections.c:1345 -+#: ../clients/cli/connections.c:1485 - #, c-format - msgid "invalid field '%s'; allowed fields: %s and %s, or %s,%s" - msgstr "" - "無効なフィールド '%s'; 使用できるフィールド: %s および %s、または %s、%s" - --#: ../clients/cli/connections.c:1360 ../clients/cli/connections.c:1368 -+#: ../clients/cli/connections.c:1500 ../clients/cli/connections.c:1508 - #, c-format - msgid "'%s' has to be alone" - msgstr "'%s' は孤立させる必要があります" - --#: ../clients/cli/connections.c:1568 -+#: ../clients/cli/connections.c:1773 - #, c-format - msgid "incorrect string '%s' of '--order' option" - msgstr "'--order' オプションの正しくない文字列 '%s'" - --#: ../clients/cli/connections.c:1594 -+#: ../clients/cli/connections.c:1798 - #, c-format - msgid "incorrect item '%s' in '--order' option" - msgstr "'--order' オプションの正しくないアイテム '%s'" - --#: ../clients/cli/connections.c:1624 -+#: ../clients/cli/connections.c:1836 - msgid "No connection specified" - msgstr "接続が指定されていません。" - --#: ../clients/cli/connections.c:1639 -+#: ../clients/cli/connections.c:1847 - #, c-format - msgid "%s argument is missing" - msgstr "%s 引数がありません。" - --#: ../clients/cli/connections.c:1649 -+#: ../clients/cli/connections.c:1865 - #, c-format - msgid "unknown connection '%s'" - msgstr "不明な接続 '%s'" - --#: ../clients/cli/connections.c:1682 -+#: ../clients/cli/connections.c:1894 - msgid "'--order' argument is missing" - msgstr "'--order' 引数がありません" - --#: ../clients/cli/connections.c:1737 -+#: ../clients/cli/connections.c:1955 - msgid "NetworkManager active profiles" - msgstr "NetworkManager のアクティブなプロファイル" - --#: ../clients/cli/connections.c:1738 -+#: ../clients/cli/connections.c:1956 - msgid "NetworkManager connection profiles" - msgstr "NetworkManager 接続プロファイル" - --#: ../clients/cli/connections.c:1791 ../clients/cli/connections.c:2466 --#: ../clients/cli/connections.c:2478 ../clients/cli/connections.c:2490 --#: ../clients/cli/connections.c:2666 ../clients/cli/connections.c:8428 --#: ../clients/cli/connections.c:8445 ../clients/cli/devices.c:2678 --#: ../clients/cli/devices.c:2689 ../clients/cli/devices.c:2931 --#: ../clients/cli/devices.c:2942 ../clients/cli/devices.c:2960 --#: ../clients/cli/devices.c:2969 ../clients/cli/devices.c:2990 --#: ../clients/cli/devices.c:3001 ../clients/cli/devices.c:3019 --#: ../clients/cli/devices.c:3397 ../clients/cli/devices.c:3407 --#: ../clients/cli/devices.c:3415 ../clients/cli/devices.c:3427 --#: ../clients/cli/devices.c:3442 ../clients/cli/devices.c:3450 --#: ../clients/cli/devices.c:3624 ../clients/cli/devices.c:3635 --#: ../clients/cli/devices.c:3807 -+#: ../clients/cli/connections.c:2008 ../clients/cli/connections.c:2707 -+#: ../clients/cli/connections.c:2719 ../clients/cli/connections.c:2731 -+#: ../clients/cli/connections.c:2957 ../clients/cli/connections.c:8644 -+#: ../clients/cli/connections.c:8660 ../clients/cli/devices.c:2849 -+#: ../clients/cli/devices.c:2861 ../clients/cli/devices.c:2874 -+#: ../clients/cli/devices.c:3025 ../clients/cli/devices.c:3036 -+#: ../clients/cli/devices.c:3054 ../clients/cli/devices.c:3063 -+#: ../clients/cli/devices.c:3084 ../clients/cli/devices.c:3095 -+#: ../clients/cli/devices.c:3113 ../clients/cli/devices.c:3493 -+#: ../clients/cli/devices.c:3503 ../clients/cli/devices.c:3511 -+#: ../clients/cli/devices.c:3523 ../clients/cli/devices.c:3538 -+#: ../clients/cli/devices.c:3546 ../clients/cli/devices.c:3720 -+#: ../clients/cli/devices.c:3731 ../clients/cli/devices.c:3902 - #, c-format - msgid "Error: %s argument is missing." - msgstr "エラー: %s 引数がありません。" - --#: ../clients/cli/connections.c:1810 -+#: ../clients/cli/connections.c:2036 - #, c-format - msgid "Error: %s - no such connection profile." - msgstr "エラー: %s - そのような接続プロファイルはありません。" - --#: ../clients/cli/connections.c:1874 ../clients/cli/connections.c:2453 --#: ../clients/cli/connections.c:2517 ../clients/cli/connections.c:7938 --#: ../clients/cli/connections.c:8049 ../clients/cli/connections.c:8559 --#: ../clients/cli/devices.c:1579 ../clients/cli/devices.c:1865 --#: ../clients/cli/devices.c:2034 ../clients/cli/devices.c:2142 --#: ../clients/cli/devices.c:2331 ../clients/cli/devices.c:3587 --#: ../clients/cli/devices.c:3813 ../clients/cli/general.c:928 -+#: ../clients/cli/connections.c:2127 ../clients/cli/connections.c:2694 -+#: ../clients/cli/connections.c:2758 ../clients/cli/connections.c:8168 -+#: ../clients/cli/connections.c:8274 ../clients/cli/connections.c:8760 -+#: ../clients/cli/devices.c:1570 ../clients/cli/devices.c:1856 -+#: ../clients/cli/devices.c:2025 ../clients/cli/devices.c:2133 -+#: ../clients/cli/devices.c:2322 ../clients/cli/devices.c:3683 -+#: ../clients/cli/devices.c:3908 ../clients/cli/general.c:914 - #, c-format - msgid "Error: %s." - msgstr "エラー: %s." - --#: ../clients/cli/connections.c:1972 -+#: ../clients/cli/connections.c:2220 - #, c-format - msgid "no active connection on device '%s'" - msgstr "デバイス '%s' 上にアクティブな接続はありません" - --#: ../clients/cli/connections.c:1980 -+#: ../clients/cli/connections.c:2228 - msgid "no active connection or device" - msgstr "アクティブな接続またはデバイスがありません" - --#: ../clients/cli/connections.c:2000 -+#: ../clients/cli/connections.c:2248 - #, c-format - msgid "device '%s' not compatible with connection '%s':" - msgstr "デバイス '%s' は接続 '%s' と互換性がありません:" - --#: ../clients/cli/connections.c:2036 -+#: ../clients/cli/connections.c:2281 - #, c-format - msgid "device '%s' not compatible with connection '%s'" - msgstr "デバイス '%s' は接続 '%s' と互換性がありません" - --#: ../clients/cli/connections.c:2039 -+#: ../clients/cli/connections.c:2284 - #, c-format - msgid "no device found for connection '%s'" - msgstr "接続 '%s'用のデバイスが見つかりません" - --#: ../clients/cli/connections.c:2067 -+#: ../clients/cli/connections.c:2316 - #, c-format - msgid "Connection successfully activated (%s) (D-Bus active path: %s)\n" - msgstr "接続が正常にアクティベートされました (%s) (D-Bus アクティブパス: %s)\n" - --#: ../clients/cli/connections.c:2071 ../clients/cli/connections.c:2219 --#: ../clients/cli/connections.c:6244 -+#: ../clients/cli/connections.c:2320 ../clients/cli/connections.c:2468 -+#: ../clients/cli/connections.c:6534 - #, c-format - msgid "Connection successfully activated (D-Bus active path: %s)\n" - msgstr "接続が正常にアクティベートされました (D-Bus アクティブパス: %s)\n" - --#: ../clients/cli/connections.c:2078 ../clients/cli/connections.c:2199 -+#: ../clients/cli/connections.c:2327 ../clients/cli/connections.c:2448 - #, c-format - msgid "Error: Connection activation failed: %s" - msgstr "エラー: 接続のアクティベーションに失敗: %s" - --#: ../clients/cli/connections.c:2114 -+#: ../clients/cli/connections.c:2363 - #, c-format - msgid "Error: Timeout expired (%d seconds)" - msgstr "エラー: タイムアウト (%d 秒) になりました" - --#: ../clients/cli/connections.c:2280 -+#: ../clients/cli/connections.c:2530 - #, c-format - msgid "failed to read passwd-file '%s': %s" - msgstr "passwd-file '%s'の読み込みに失敗: %s" - --#: ../clients/cli/connections.c:2292 -+#: ../clients/cli/connections.c:2543 - #, c-format - msgid "missing colon in 'password' entry '%s'" - msgstr "'password' エントリー '%s' にコロンがありません" - --#: ../clients/cli/connections.c:2300 -+#: ../clients/cli/connections.c:2551 - #, c-format - msgid "missing dot in 'password' entry '%s'" - msgstr "'password' エントリー '%s' にドットがありません" - --#: ../clients/cli/connections.c:2313 -+#: ../clients/cli/connections.c:2564 - #, c-format - msgid "invalid setting name in 'password' entry '%s'" - msgstr "'password' エントリー '%s' の設定名が無効です" - --#: ../clients/cli/connections.c:2369 -+#: ../clients/cli/connections.c:2610 - #, c-format - msgid "unknown device '%s'." - msgstr "不明なデバイス '%s' です。" - --#: ../clients/cli/connections.c:2374 -+#: ../clients/cli/connections.c:2615 - msgid "neither a valid connection nor device given" - msgstr "有効な接続、デバイスいずれも指定されていません" - --#: ../clients/cli/connections.c:2500 ../clients/cli/devices.c:1530 --#: ../clients/cli/devices.c:2696 ../clients/cli/devices.c:3032 --#: ../clients/cli/devices.c:3641 -+#: ../clients/cli/connections.c:2741 ../clients/cli/devices.c:1521 -+#: ../clients/cli/devices.c:2906 ../clients/cli/devices.c:3126 -+#: ../clients/cli/devices.c:3737 - #, c-format - msgid "Unknown parameter: %s\n" - msgstr "不明なパラメーター: %s\n" - --#: ../clients/cli/connections.c:2525 -+#: ../clients/cli/connections.c:2766 - msgid "preparing" - msgstr "準備中" - --#: ../clients/cli/connections.c:2545 -+#: ../clients/cli/connections.c:2874 - #, c-format - msgid "Connection '%s' (%s) successfully deleted.\n" - msgstr "接続 '%s' (%s) が正常に削除されました。\n" - --#: ../clients/cli/connections.c:2561 -+#: ../clients/cli/connections.c:2890 - #, c-format - msgid "Connection '%s' successfully deactivated (D-Bus active path: %s)\n" - msgstr "" - "接続 '%s' が正常に非アクティブ化されました (D-Bus アクティブパス: %s)\n" - --#: ../clients/cli/connections.c:2642 ../clients/cli/connections.c:8164 --#: ../clients/cli/connections.c:8196 ../clients/cli/connections.c:8353 -+#: ../clients/cli/connections.c:2939 ../clients/cli/connections.c:8381 -+#: ../clients/cli/connections.c:8412 ../clients/cli/connections.c:8570 - #, c-format - msgid "Error: No connection specified." - msgstr "エラー: 接続が指定されていません。" - --#: ../clients/cli/connections.c:2683 -+#: ../clients/cli/connections.c:2969 - #, c-format - msgid "Error: '%s' is not an active connection.\n" - msgstr "エラー: '%s' はアクティブな接続ではありません。\n" - --#: ../clients/cli/connections.c:2684 -+#: ../clients/cli/connections.c:2970 - #, c-format - msgid "Error: not all active connections found." - msgstr "エラー: アクティブな一部の接続が見つかりません。" - --#: ../clients/cli/connections.c:2693 -+#: ../clients/cli/connections.c:2978 - #, c-format - msgid "Error: no active connection provided." - msgstr "エラー: アクティブな接続がありません。" - --#: ../clients/cli/connections.c:2727 -+#: ../clients/cli/connections.c:3009 - #, c-format - msgid "Connection '%s' deactivation failed: %s\n" - msgstr "接続 '%s' の非アクティブ化に失敗しました: %s\n" - --#: ../clients/cli/connections.c:2983 ../clients/cli/connections.c:3040 --#: ../clients/common/nm-client-utils.c:169 -+#: ../clients/cli/connections.c:3260 ../clients/cli/connections.c:3317 -+#: ../clients/common/nm-client-utils.c:221 - #, c-format - msgid "'%s' not among [%s]" - msgstr "'%s' は [%s] にはありません" - - #. We should not really come here --#: ../clients/cli/connections.c:3003 ../clients/cli/connections.c:3063 --#: ../clients/common/nm-client-utils.c:279 -+#: ../clients/cli/connections.c:3280 ../clients/cli/connections.c:3340 -+#: ../clients/common/nm-client-utils.c:320 - #, c-format - msgid "Unknown error" - msgstr "不明なエラー" - --#: ../clients/cli/connections.c:3197 -+#: ../clients/cli/connections.c:3474 - #, c-format - msgid "Warning: master='%s' doesn't refer to any existing profile.\n" - msgstr "警告: master='%s' は既存のプロファイルを参照しません。\n" - --#: ../clients/cli/connections.c:3534 -+#: ../clients/cli/connections.c:3811 - #, c-format - msgid "Error: invalid property '%s': %s." --msgstr "エラー: 無効なプロパティ '%s': %s。" -+msgstr "エラー: 無効なプロパティー '%s': %s。" - --#: ../clients/cli/connections.c:3551 -+#: ../clients/cli/connections.c:3828 - #, c-format - msgid "Error: failed to modify %s.%s: %s." - msgstr "エラー: %s.%s の変更に失敗しました: %s。" - --#: ../clients/cli/connections.c:3570 -+#: ../clients/cli/connections.c:3848 - #, c-format - msgid "Error: failed to remove a value from %s.%s: %s." - msgstr "エラー: '%s' の値の削除に失敗しました、%s: %s。" - --#: ../clients/cli/connections.c:3604 -+#: ../clients/cli/connections.c:3882 - #, c-format - msgid "Error: '%s' is mandatory." - msgstr "エラー: '%s' は必須です。" - --#: ../clients/cli/connections.c:3631 -+#: ../clients/cli/connections.c:3909 - #, c-format - msgid "Error: invalid slave type; %s." - msgstr "エラー: 無効なスレーブタイプ; %s。" - --#: ../clients/cli/connections.c:3639 -+#: ../clients/cli/connections.c:3917 - #, c-format - msgid "Error: invalid connection type; %s." - msgstr "エラー: 無効な接続タイプ; %s。" - --#: ../clients/cli/connections.c:3716 -+#: ../clients/cli/connections.c:3994 - #, c-format - msgid "Error: bad connection type: %s" - msgstr "エラー: 問題のある接続タイプ: %s" - --#: ../clients/cli/connections.c:3762 -+#: ../clients/cli/connections.c:4040 - #, c-format - msgid "Error: '%s': %s" - msgstr "エラー: '%s': %s" - --#: ../clients/cli/connections.c:3783 -+#: ../clients/cli/connections.c:4061 - msgid "Error: master is required" - msgstr "エラー: マスターが必要です" - --#: ../clients/cli/connections.c:3842 -+#: ../clients/cli/connections.c:4120 - #, c-format - msgid "Error: error adding bond option '%s=%s'." - msgstr "エラー: ボンドオプション '%s=%s' の追加中にエラー。" - --#: ../clients/cli/connections.c:3873 -+#: ../clients/cli/connections.c:4151 - #, c-format - msgid "Error: '%s' is not a valid monitoring mode; use '%s' or '%s'.\n" - msgstr "" - "エラー: '%s' は無効なモニタリングモードです; '%s' または '%s' を使用してくだ" - "さい。\n" - --#: ../clients/cli/connections.c:3904 -+#: ../clients/cli/connections.c:4182 - #, c-format - msgid "Error: 'bt-type': '%s' not valid; use [%s, %s, %s (%s), %s]." - msgstr "" - "エラー: 'bt-type': '%s' は無効です。[%s, %s, %s (%s), %s] を使用してくださ" - "い。" - --#: ../clients/cli/connections.c:4153 -+#: ../clients/cli/connections.c:4431 - #, c-format - msgid "Error: value for '%s' is missing." - msgstr "エラー: '%s' の値が不明です。" - --#: ../clients/cli/connections.c:4199 -+#: ../clients/cli/connections.c:4477 - msgid "Error: . argument is missing." - msgstr "エラー: . 引数がありません。" - --#: ../clients/cli/connections.c:4222 -+#: ../clients/cli/connections.c:4500 - #, c-format - msgid "Error: invalid or not allowed setting '%s': %s." - msgstr "エラー: 無効または許可されていない設定 '%s' です: %s。" - --#: ../clients/cli/connections.c:4268 ../clients/cli/connections.c:4284 -+#: ../clients/cli/connections.c:4546 ../clients/cli/connections.c:4562 - #, c-format - msgid "Error: '%s' is ambiguous (%s.%s or %s.%s)." - msgstr "エラー:'%s' があいまいです (%s.%s または %s.%s)。" - --#: ../clients/cli/connections.c:4302 -+#: ../clients/cli/connections.c:4580 - #, c-format - msgid "Error: invalid . '%s'." - msgstr "エラー: 無効な . '%s' です。" - --#: ../clients/cli/connections.c:4346 ../clients/cli/connections.c:7989 -+#: ../clients/cli/connections.c:4624 ../clients/cli/connections.c:8214 - #, c-format - msgid "Error: Failed to add '%s' connection: %s" - msgstr "エラー: '%s' 接続の追加に失敗しました: %s" - --#: ../clients/cli/connections.c:4364 -+#: ../clients/cli/connections.c:4642 - #, c-format - msgid "" - "Warning: There is another connection with the name '%1$s'. Reference the " -@@ -1339,12 +1302,47 @@ msgstr[0] "" - "警告: 名前が '%1$s' の接続が他に %3$u 個あります。uuid が '%2$s' の接続を参照" - "してください。\n" - --#: ../clients/cli/connections.c:4373 -+#: ../clients/cli/connections.c:4651 - #, c-format - msgid "Connection '%s' (%s) successfully added.\n" - msgstr "接続 '%s' (%s) が正常に追加されました。\n" - --#: ../clients/cli/connections.c:4511 -+#: ../clients/cli/connections.c:4704 ../clients/cli/connections.c:6651 -+#: ../clients/cli/connections.c:6652 ../clients/cli/devices.c:876 -+#: ../clients/cli/devices.c:1164 ../clients/cli/devices.c:1165 -+#: ../clients/cli/devices.c:1166 ../clients/cli/devices.c:1167 -+#: ../clients/cli/devices.c:1168 ../clients/cli/devices.c:1205 -+#: ../clients/cli/devices.c:1207 ../clients/cli/devices.c:1208 -+#: ../clients/cli/devices.c:1238 ../clients/cli/devices.c:1239 -+#: ../clients/cli/devices.c:1240 ../clients/cli/devices.c:1241 -+#: ../clients/cli/devices.c:1242 ../clients/cli/devices.c:1243 -+#: ../clients/cli/devices.c:1244 ../clients/cli/devices.c:1246 -+#: ../clients/cli/devices.c:1248 ../clients/cli/general.c:157 -+#: ../clients/cli/utils.h:220 ../clients/common/nm-client-utils.c:301 -+#: ../clients/common/nm-meta-setting-desc.c:754 -+#: ../clients/common/nm-meta-setting-desc.c:2676 -+msgid "no" -+msgstr "いいえ" -+ -+#. "CAPABILITIES" -+#: ../clients/cli/connections.c:4705 ../clients/cli/connections.c:6651 -+#: ../clients/cli/connections.c:6652 ../clients/cli/devices.c:876 -+#: ../clients/cli/devices.c:1164 ../clients/cli/devices.c:1165 -+#: ../clients/cli/devices.c:1166 ../clients/cli/devices.c:1167 -+#: ../clients/cli/devices.c:1168 ../clients/cli/devices.c:1205 -+#: ../clients/cli/devices.c:1207 ../clients/cli/devices.c:1208 -+#: ../clients/cli/devices.c:1238 ../clients/cli/devices.c:1239 -+#: ../clients/cli/devices.c:1240 ../clients/cli/devices.c:1241 -+#: ../clients/cli/devices.c:1242 ../clients/cli/devices.c:1243 -+#: ../clients/cli/devices.c:1244 ../clients/cli/devices.c:1246 -+#: ../clients/cli/devices.c:1248 ../clients/cli/general.c:156 -+#: ../clients/cli/utils.h:220 ../clients/common/nm-client-utils.c:299 -+#: ../clients/common/nm-meta-setting-desc.c:754 -+#: ../clients/common/nm-meta-setting-desc.c:2673 -+msgid "yes" -+msgstr "はい" -+ -+#: ../clients/cli/connections.c:4789 - #, c-format - msgid "" - "You can specify this option more than once. Press when you're done.\n" -@@ -1353,34 +1351,34 @@ msgstr "" - "さい。\n" - - #. Ask for optional arguments. --#: ../clients/cli/connections.c:4610 -+#: ../clients/cli/connections.c:4888 - #, c-format - msgid "There is %d optional setting for %s.\n" - msgid_plural "There are %d optional settings for %s.\n" - msgstr[0] "%2$s には、任意の設定が %1$d 個あります。\n" - --#: ../clients/cli/connections.c:4613 -+#: ../clients/cli/connections.c:4891 - #, c-format - msgid "Do you want to provide it? %s" - msgid_plural "Do you want to provide them? %s" - msgstr[0] "指定しますか? %s" - --#: ../clients/cli/connections.c:4749 ../clients/cli/utils.c:303 -+#: ../clients/cli/connections.c:5024 ../clients/cli/utils.c:292 - #, c-format - msgid "Error: value for '%s' argument is required." - msgstr "エラー: '%s' 引数の値が必要です。" - --#: ../clients/cli/connections.c:4755 -+#: ../clients/cli/connections.c:5031 - #, c-format - msgid "Error: 'save': %s." - msgstr "エラー: 'save': %s。" - --#: ../clients/cli/connections.c:4843 ../clients/cli/connections.c:4854 -+#: ../clients/cli/connections.c:5117 ../clients/cli/connections.c:5128 - #, c-format - msgid "Error: '%s' argument is required." - msgstr "エラー: '%s' 引数が必要です。" - --#: ../clients/cli/connections.c:5832 -+#: ../clients/cli/connections.c:6093 - #, c-format - msgid "['%s' setting values]\n" - msgstr "['%s' 設定値]\n" -@@ -1388,7 +1386,7 @@ msgstr "['%s' 設定値]\n" - #. TRANSLATORS: do not translate command names and keywords before :: - #. * However, you should translate terms enclosed in <>. - #. --#: ../clients/cli/connections.c:5911 -+#: ../clients/cli/connections.c:6202 - #, c-format - msgid "" - "---[ Main menu ]---\n" -@@ -1421,7 +1419,7 @@ msgstr "" - "nmcli :: nmcli 設定\n" - "quit :: nmcli を終了する\n" - --#: ../clients/cli/connections.c:5938 -+#: ../clients/cli/connections.c:6229 - #, c-format - msgid "" - "goto [.] | :: enter setting/property for editing\n" -@@ -1440,7 +1438,7 @@ msgstr "" - " nmcli connection> goto secondaries\n" - " nmcli> goto ipv4.addresses\n" - --#: ../clients/cli/connections.c:5945 -+#: ../clients/cli/connections.c:6236 - #, c-format - msgid "" - "remove [.] :: remove setting or reset property value\n" -@@ -1461,7 +1459,7 @@ msgstr "" - "例: nmcli> remove wifi-sec\n" - " nmcli> remove eth.mtu\n" - --#: ../clients/cli/connections.c:5952 -+#: ../clients/cli/connections.c:6243 - #, c-format - msgid "" - "set [. ] :: set property value\n" -@@ -1476,7 +1474,7 @@ msgstr "" - "\n" - "例: nmcli> set con.id My connection\n" - --#: ../clients/cli/connections.c:5957 -+#: ../clients/cli/connections.c:6248 - #, c-format - msgid "" - "describe [.] :: describe property\n" -@@ -1489,7 +1487,7 @@ msgstr "" - "プロパティー詳細を表示します。NM の設定およびプロパティーの全詳細については、" - "nm-settings(5) の man ページを参照してください。\n" - --#: ../clients/cli/connections.c:5962 -+#: ../clients/cli/connections.c:6253 - #, c-format - msgid "" - "print [all] :: print setting or connection values\n" -@@ -1504,7 +1502,7 @@ msgstr "" - "\n" - "例: nmcli ipv4> print all\n" - --#: ../clients/cli/connections.c:5967 -+#: ../clients/cli/connections.c:6258 - #, c-format - msgid "" - "verify [all | fix] :: verify setting or connection validity\n" -@@ -1529,7 +1527,7 @@ msgstr "" - " nmcli> verify fix\n" - " nmcli bond> verify\n" - --#: ../clients/cli/connections.c:5976 -+#: ../clients/cli/connections.c:6267 - #, c-format - msgid "" - "save [persistent|temporary] :: save the connection\n" -@@ -1550,12 +1548,12 @@ msgstr "" - "メモリーにのみ保持します。引数がない 'save' は 'save persistent' を\n" - "意味します。\n" - "プロファイルを永続的に保存すると、これらの設定は、再起動しても\n" --"保持されます。以降の変更も一時的または永続的に行なえますが\n" -+"保持されます。以降の変更も一時的または永続的に行えますが\n" - "一時的な変更は再起動後に保持されません。\n" - "永続的な接続を完全に削除する場合は、接続プロファイルを削除する\n" - "必要があります。\n" - --#: ../clients/cli/connections.c:5987 -+#: ../clients/cli/connections.c:6278 - #, c-format - msgid "" - "activate [] [/|] :: activate the connection\n" -@@ -1576,7 +1574,7 @@ msgstr "" - "/| - AP (Wi-Fi) または NSP (WiMAX) ( が指定されていない場合" - "は / を先頭に付ける)\n" - --#: ../clients/cli/connections.c:5994 ../clients/cli/connections.c:6153 -+#: ../clients/cli/connections.c:6285 ../clients/cli/connections.c:6443 - #, c-format - msgid "" - "back :: go to upper menu level\n" -@@ -1585,7 +1583,7 @@ msgstr "" - "back :: 一つ上のメニューレベルに移動\n" - "\n" - --#: ../clients/cli/connections.c:5997 -+#: ../clients/cli/connections.c:6288 - #, c-format - msgid "" - "help/? [] :: help for the nmcli commands\n" -@@ -1594,7 +1592,7 @@ msgstr "" - "help/? [] :: nmcli コマンドのヘルプ\n" - "\n" - --#: ../clients/cli/connections.c:6000 -+#: ../clients/cli/connections.c:6291 - #, c-format - msgid "" - "nmcli [ ] :: nmcli configuration\n" -@@ -1621,7 +1619,7 @@ msgstr "" - " nmcli> nmcli save-confirmation no\n" - " nmcli> nmcli prompt-color 3\n" - --#: ../clients/cli/connections.c:6022 ../clients/cli/connections.c:6159 -+#: ../clients/cli/connections.c:6313 ../clients/cli/connections.c:6449 - #, c-format - msgid "" - "quit :: exit nmcli\n" -@@ -1634,8 +1632,8 @@ msgstr "" - "nmcli を終了します。変更した接続の保存を行なっていない場合、この動作の確認が" - "求められます。\n" - --#: ../clients/cli/connections.c:6027 ../clients/cli/connections.c:6164 --#: ../clients/cli/connections.c:6600 ../clients/cli/connections.c:7557 -+#: ../clients/cli/connections.c:6318 ../clients/cli/connections.c:6454 -+#: ../clients/cli/connections.c:6873 ../clients/cli/connections.c:7800 - #, c-format - msgid "Unknown command: '%s'\n" - msgstr "不明なコマンド: '%s'\n" -@@ -1643,7 +1641,7 @@ msgstr "不明なコマンド: '%s'\n" - #. TRANSLATORS: do not translate command names and keywords before :: - #. * However, you should translate terms enclosed in <>. - #. --#: ../clients/cli/connections.c:6093 -+#: ../clients/cli/connections.c:6383 - #, c-format - msgid "" - "---[ Property menu ]---\n" -@@ -1669,7 +1667,7 @@ msgstr "" - "help/? [] :: このヘルプまたはコマンドの詳細を表示\n" - "quit :: nmcli の終了\n" - --#: ../clients/cli/connections.c:6118 -+#: ../clients/cli/connections.c:6408 - #, c-format - msgid "" - "set [] :: set new value\n" -@@ -1680,7 +1678,7 @@ msgstr "" - "\n" - "このプロパティーに指定した を設定します。\n" - --#: ../clients/cli/connections.c:6122 -+#: ../clients/cli/connections.c:6412 - #, c-format - msgid "" - "add [] :: append new value to the property\n" -@@ -1695,7 +1693,7 @@ msgstr "" - " がこのプロパティーに追加されます。単一値のプロパティーの場合は、その" - "プロパティー値が置換されます ('set' の場合と同じ)。\n" - --#: ../clients/cli/connections.c:6128 -+#: ../clients/cli/connections.c:6418 - #, c-format - msgid "" - "change :: change current value\n" -@@ -1706,7 +1704,7 @@ msgstr "" - "\n" - "現在の値を表示し、その値を変更することができます。\n" - --#: ../clients/cli/connections.c:6132 -+#: ../clients/cli/connections.c:6422 - #, c-format - msgid "" - "remove [||