diff --git a/SOURCES/0001-display-Only-display-configuration-options-if-apply-.patch b/SOURCES/0001-display-Only-display-configuration-options-if-apply-.patch new file mode 100644 index 0000000..9916dbb --- /dev/null +++ b/SOURCES/0001-display-Only-display-configuration-options-if-apply-.patch @@ -0,0 +1,185 @@ +From 22c43422f83a69d7654953db368585f168952aab Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Jonas=20=C3=85dahl?= +Date: Fri, 4 Feb 2022 11:45:53 +0100 +Subject: [PATCH] display: Only display configuration options if apply is + allowed + +org.gnome.Mutter.DisplayConfig contains a new property that tells +whether apply will be allowed to be called or not. Whether it is true or +not depends on policy stored in any of its monitors.xml configuration +files. + +In order to make it clearer that configuration is not possible, except +for night light, make sure to hide the unconfigurable parts, leaving +only night light. +--- + .../display/cc-display-config-manager-dbus.c | 36 +++++++++++++++++++ + panels/display/cc-display-config-manager.c | 6 ++++ + panels/display/cc-display-config-manager.h | 3 ++ + panels/display/cc-display-panel.c | 23 ++++++++++++ + 4 files changed, 68 insertions(+) + +diff --git a/panels/display/cc-display-config-manager-dbus.c b/panels/display/cc-display-config-manager-dbus.c +index 8912faaa8..7f85c3a01 100644 +--- a/panels/display/cc-display-config-manager-dbus.c ++++ b/panels/display/cc-display-config-manager-dbus.c +@@ -31,6 +31,8 @@ struct _CcDisplayConfigManagerDBus + guint monitors_changed_id; + + GVariant *current_state; ++ ++ gboolean apply_allowed; + }; + + G_DEFINE_TYPE (CcDisplayConfigManagerDBus, +@@ -119,6 +121,8 @@ bus_gotten (GObject *object, + CcDisplayConfigManagerDBus *self; + GDBusConnection *connection; + GError *error = NULL; ++ g_autoptr(GDBusProxy) proxy = NULL; ++ g_autoptr(GVariant) variant = NULL; + + connection = g_bus_get_finish (result, &error); + if (!connection) +@@ -145,12 +149,35 @@ bus_gotten (GObject *object, + monitors_changed, + self, + NULL); ++ ++ proxy = g_dbus_proxy_new_sync (self->connection, ++ G_DBUS_PROXY_FLAGS_NONE, ++ NULL, ++ "org.gnome.Mutter.DisplayConfig", ++ "/org/gnome/Mutter/DisplayConfig", ++ "org.gnome.Mutter.DisplayConfig", ++ NULL, ++ &error); ++ if (!proxy) ++ { ++ g_warning ("Failed to create D-Bus proxy to \"org.gnome.Mutter.DisplayConfig\": %s", ++ error->message); ++ return; ++ } ++ ++ variant = g_dbus_proxy_get_cached_property (proxy, "ApplyMonitorsConfigAllowed"); ++ if (variant) ++ self->apply_allowed = g_variant_get_boolean (variant); ++ else ++ g_warning ("Missing property 'ApplyMonitorsConfigAllowed' on DisplayConfig API"); ++ + get_current_state (self); + } + + static void + cc_display_config_manager_dbus_init (CcDisplayConfigManagerDBus *self) + { ++ self->apply_allowed = TRUE; + self->cancellable = g_cancellable_new (); + g_bus_get (G_BUS_TYPE_SESSION, self->cancellable, bus_gotten, self); + } +@@ -172,6 +199,14 @@ cc_display_config_manager_dbus_finalize (GObject *object) + G_OBJECT_CLASS (cc_display_config_manager_dbus_parent_class)->finalize (object); + } + ++static gboolean ++cc_display_config_manager_dbus_get_apply_allowed (CcDisplayConfigManager *pself) ++{ ++ CcDisplayConfigManagerDBus *self = CC_DISPLAY_CONFIG_MANAGER_DBUS (pself); ++ ++ return self->apply_allowed; ++} ++ + static void + cc_display_config_manager_dbus_class_init (CcDisplayConfigManagerDBusClass *klass) + { +@@ -181,6 +216,7 @@ cc_display_config_manager_dbus_class_init (CcDisplayConfigManagerDBusClass *klas + gobject_class->finalize = cc_display_config_manager_dbus_finalize; + + parent_class->get_current = cc_display_config_manager_dbus_get_current; ++ parent_class->get_apply_allowed = cc_display_config_manager_dbus_get_apply_allowed; + } + + CcDisplayConfigManager * +diff --git a/panels/display/cc-display-config-manager.c b/panels/display/cc-display-config-manager.c +index 0da298a29..3d683c53d 100644 +--- a/panels/display/cc-display-config-manager.c ++++ b/panels/display/cc-display-config-manager.c +@@ -59,3 +59,9 @@ cc_display_config_manager_get_current (CcDisplayConfigManager *self) + { + return CC_DISPLAY_CONFIG_MANAGER_GET_CLASS (self)->get_current (self); + } ++ ++gboolean ++cc_display_config_manager_get_apply_allowed (CcDisplayConfigManager *self) ++{ ++ return CC_DISPLAY_CONFIG_MANAGER_GET_CLASS (self)->get_apply_allowed (self); ++} +diff --git a/panels/display/cc-display-config-manager.h b/panels/display/cc-display-config-manager.h +index 134cea0a1..22c16758c 100644 +--- a/panels/display/cc-display-config-manager.h ++++ b/panels/display/cc-display-config-manager.h +@@ -35,10 +35,13 @@ struct _CcDisplayConfigManagerClass + GObjectClass parent_class; + + CcDisplayConfig * (*get_current) (CcDisplayConfigManager *self); ++ gboolean (* get_apply_allowed) (CcDisplayConfigManager *self); + }; + + CcDisplayConfig * cc_display_config_manager_get_current (CcDisplayConfigManager *self); + ++gboolean cc_display_config_manager_get_apply_allowed (CcDisplayConfigManager *self); ++ + void _cc_display_config_manager_emit_changed (CcDisplayConfigManager *self); + + G_END_DECLS +diff --git a/panels/display/cc-display-panel.c b/panels/display/cc-display-panel.c +index 0b4fa193d..1b0db8321 100644 +--- a/panels/display/cc-display-panel.c ++++ b/panels/display/cc-display-panel.c +@@ -1245,6 +1245,22 @@ make_output_ui (CcDisplayPanel *panel) + return listbox; + } + ++static GtkWidget * ++make_night_light_only_ui (CcDisplayPanel *panel) ++{ ++ CcDisplayPanelPrivate *priv = panel->priv; ++ GtkWidget *vbox; ++ ++ priv->rows_size_group = gtk_size_group_new (GTK_SIZE_GROUP_BOTH); ++ ++ vbox = make_main_vbox (priv->main_size_group); ++ ++ gtk_container_add (GTK_CONTAINER (vbox), make_night_light_widget (panel)); ++ ++ g_clear_object (&priv->rows_size_group); ++ return make_scrollable (vbox); ++} ++ + static GtkWidget * + make_single_output_ui (CcDisplayPanel *panel) + { +@@ -2097,6 +2113,12 @@ on_screen_changed (CcDisplayPanel *panel) + if (!priv->current_config) + goto show_error; + ++ if (!cc_display_config_manager_get_apply_allowed (priv->manager)) ++ { ++ main_widget = make_night_light_only_ui (panel); ++ goto show_main_widget; ++ } ++ + ensure_monitor_labels (panel); + + if (!priv->current_output) +@@ -2121,6 +2143,7 @@ on_screen_changed (CcDisplayPanel *panel) + main_widget = make_multi_output_ui (panel); + } + ++ show_main_widget: + gtk_widget_show_all (main_widget); + gtk_stack_add_named (GTK_STACK (priv->stack), main_widget, "main"); + gtk_stack_set_visible_child (GTK_STACK (priv->stack), main_widget); +-- +2.33.1 + diff --git a/SOURCES/0001-displays-Don-t-enlarge-display-panel-artificially.patch b/SOURCES/0001-displays-Don-t-enlarge-display-panel-artificially.patch new file mode 100644 index 0000000..6f4cda7 --- /dev/null +++ b/SOURCES/0001-displays-Don-t-enlarge-display-panel-artificially.patch @@ -0,0 +1,41 @@ +From 228857e1f4513c513ca5252b780656d8d8952632 Mon Sep 17 00:00:00 2001 +From: Carlos Garnacho +Date: Wed, 9 Jun 2021 16:51:10 +0200 +Subject: [PATCH] displays: Don't enlarge display panel artificially + +Don't set a size group on the main box, and don't let the padding +boxes expand, either. This makes the display panel able to fit +again in a 800x600 resolution. +--- + panels/display/cc-display-panel.c | 7 ++----- + 1 file changed, 2 insertions(+), 5 deletions(-) + +diff --git a/panels/display/cc-display-panel.c b/panels/display/cc-display-panel.c +index 0b4fa193d..0e7dc131e 100644 +--- a/panels/display/cc-display-panel.c ++++ b/panels/display/cc-display-panel.c +@@ -541,9 +541,9 @@ static GtkWidget * + wrap_in_boxes (GtkWidget *widget) + { + GtkWidget *box = gtk_box_new (GTK_ORIENTATION_HORIZONTAL, PANEL_PADDING); +- gtk_box_pack_start (GTK_BOX (box), make_bin(), TRUE, TRUE, 0); ++ gtk_box_pack_start (GTK_BOX (box), make_bin(), FALSE, FALSE, 0); + gtk_box_pack_start (GTK_BOX (box), widget, TRUE, TRUE, 0); +- gtk_box_pack_start (GTK_BOX (box), make_bin(), TRUE, TRUE, 0); ++ gtk_box_pack_start (GTK_BOX (box), make_bin(), FALSE, FALSE, 0); + return box; + } + +@@ -586,9 +586,6 @@ make_main_vbox (GtkSizeGroup *size_group) + gtk_widget_set_margin_top (vbox, PANEL_PADDING); + gtk_widget_set_margin_bottom (vbox, PANEL_PADDING); + +- if (size_group) +- gtk_size_group_add_widget (size_group, vbox); +- + return vbox; + } + +-- +2.32.0.rc1 + diff --git a/SOURCES/0001-network-Fix-OWE-settings.patch b/SOURCES/0001-network-Fix-OWE-settings.patch new file mode 100644 index 0000000..f28b4cb --- /dev/null +++ b/SOURCES/0001-network-Fix-OWE-settings.patch @@ -0,0 +1,59 @@ +From 5b280e46029f1d857fb69ccc0db2e63b8a0e3c82 Mon Sep 17 00:00:00 2001 +From: Ana Cabral +Date: Mon, 21 Feb 2022 21:49:29 +0100 +Subject: [PATCH] network: Fix OWE settings + +Enhanced Open (OWE) is not being saved properly from connection-editor. +When we create a Wi-Fi connection using Enhanced Open (OWE) Security +from nm-connection-editor and save it, it was not being saved and the +security was being set as "None", with Wireless Security Setting +being discarded. This is fixed by this commit. The fix is also being +done in libnma (implementing OWE in libnma, +https://gitlab.gnome.org/GNOME/libnma/-/issues/9), but this commit +fixes meanwhile it gets ready. + +It was solved by adding treatment for the case in which owe was set. +OWE is not treated anymore in the same case as None. + +https://gitlab.gnome.org/GNOME/gnome-control-center/-/issues/1521 +--- + .../connection-editor/ce-page-security.c | 23 +++++++++++++++---- + 1 file changed, 19 insertions(+), 4 deletions(-) + +diff --git a/panels/network/connection-editor/ce-page-security.c b/panels/network/connection-editor/ce-page-security.c +index 52efb9da1..ce42be146 100644 +--- a/panels/network/connection-editor/ce-page-security.c ++++ b/panels/network/connection-editor/ce-page-security.c +@@ -435,10 +435,25 @@ validate (CEPage *page, + + wireless_security_unref (sec); + } else { +- /* No security, unencrypted */ +- nm_connection_remove_setting (connection, NM_TYPE_SETTING_WIRELESS_SECURITY); +- nm_connection_remove_setting (connection, NM_TYPE_SETTING_802_1X); +- valid = TRUE; ++ ++ if (gtk_combo_box_get_active ((CE_PAGE_SECURITY (page))->security_combo) == 0) { ++ /* No security, unencrypted */ ++ nm_connection_remove_setting (connection, NM_TYPE_SETTING_WIRELESS_SECURITY); ++ nm_connection_remove_setting (connection, NM_TYPE_SETTING_802_1X); ++ valid = TRUE; ++ } else { ++ /* owe case: ++ * fill the connection manually until libnma implements OWE wireless security ++ */ ++ NMSetting *sws; ++ ++ sws = nm_setting_wireless_security_new (); ++ g_object_set (sws, NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "owe", NULL); ++ nm_connection_add_setting (connection, sws); ++ nm_connection_remove_setting (connection, NM_TYPE_SETTING_802_1X); ++ valid = TRUE; ++ } ++ + } + + return valid; +-- +2.35.1 + diff --git a/SOURCES/0001-network-Populate-AP-list-from-idle-handler.patch b/SOURCES/0001-network-Populate-AP-list-from-idle-handler.patch index f323194..f5b4b26 100644 --- a/SOURCES/0001-network-Populate-AP-list-from-idle-handler.patch +++ b/SOURCES/0001-network-Populate-AP-list-from-idle-handler.patch @@ -1,7 +1,7 @@ -From 1a7953a72419342437c7c6ca90cccc31f2658757 Mon Sep 17 00:00:00 2001 +From 3e03aaba0453894aa0affd5b2e4f6a54794387cf Mon Sep 17 00:00:00 2001 From: Benjamin Berg Date: Wed, 28 Jul 2021 22:16:21 +0200 -Subject: [PATCH 1/5] network: Populate AP list from idle handler +Subject: [PATCH 1/8] network: Populate AP list from idle handler Doing this should prevent the UI from becoming completely unusable as updates of the AP list should be batched up rather than processed @@ -11,7 +11,7 @@ sequentially. 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/panels/network/net-device-wifi.c b/panels/network/net-device-wifi.c -index 313e9ab8c..1f0e4832e 100644 +index 313e9ab8c..33758e499 100644 --- a/panels/network/net-device-wifi.c +++ b/panels/network/net-device-wifi.c @@ -64,6 +64,7 @@ struct _NetDeviceWifiPrivate @@ -69,5 +69,5 @@ index 313e9ab8c..1f0e4832e 100644 static void -- -2.31.1 +2.34.1 diff --git a/SOURCES/0002-ce-page-security-add-SAE-support.patch b/SOURCES/0002-ce-page-security-add-SAE-support.patch new file mode 100644 index 0000000..c0747ee --- /dev/null +++ b/SOURCES/0002-ce-page-security-add-SAE-support.patch @@ -0,0 +1,61 @@ +From f57cad1d508b4f07cc39fd6f7abedd66d1fe9b50 Mon Sep 17 00:00:00 2001 +From: David Bauer +Date: Fri, 20 Dec 2019 19:54:01 +0100 +Subject: [PATCH 2/8] ce-page-security: add SAE support + +(cherry picked from commit 2e79c531942cf88051498c962116c010835ab7e1) +--- + .../connection-editor/ce-page-security.c | 23 +++++++++++++++++++ + 1 file changed, 23 insertions(+) + +diff --git a/panels/network/connection-editor/ce-page-security.c b/panels/network/connection-editor/ce-page-security.c +index d06e3aeb1..5104d7442 100644 +--- a/panels/network/connection-editor/ce-page-security.c ++++ b/panels/network/connection-editor/ce-page-security.c +@@ -68,6 +68,11 @@ get_default_type_for_security (NMSettingWirelessSecurity *sec) + return NMU_SEC_LEAP; + return NMU_SEC_DYNAMIC_WEP; + } ++#if NM_CHECK_VERSION(1,20,6) ++ if (!strcmp (key_mgmt, "sae")) { ++ return NMU_SEC_SAE; ++ } ++#endif + + if ( !strcmp (key_mgmt, "wpa-none") + || !strcmp (key_mgmt, "wpa-psk")) { +@@ -336,6 +341,21 @@ finish_setup (CEPageSecurity *page) + } + } + ++#if NM_CHECK_VERSION(1,20,6) ++ if (nm_utils_security_valid (NMU_SEC_SAE, dev_caps, FALSE, is_adhoc, 0, 0, 0)) { ++ WirelessSecurityWPAPSK *ws_wpa_psk; ++ ++ ws_wpa_psk = ws_wpa_psk_new (connection, FALSE); ++ if (ws_wpa_psk) { ++ add_security_item (page, WIRELESS_SECURITY (ws_wpa_psk), sec_model, ++ &iter, _("WPA3 Personal"), FALSE); ++ if ((active < 0) && ((default_type == NMU_SEC_SAE))) ++ active = item; ++ item++; ++ } ++ } ++#endif ++ + gtk_combo_box_set_model (combo, GTK_TREE_MODEL (sec_model)); + gtk_cell_layout_clear (GTK_CELL_LAYOUT (combo)); + +@@ -451,6 +471,9 @@ ce_page_security_new (NMConnection *connection, + if (default_type == NMU_SEC_STATIC_WEP || + default_type == NMU_SEC_LEAP || + default_type == NMU_SEC_WPA_PSK || ++#if NM_CHECK_VERSION(1,20,6) ++ default_type == NMU_SEC_SAE || ++#endif + default_type == NMU_SEC_WPA2_PSK) { + CE_PAGE (page)->security_setting = NM_SETTING_WIRELESS_SECURITY_SETTING_NAME; + } +-- +2.34.1 + diff --git a/SOURCES/0003-ce-page-details-add-SAE-support.patch b/SOURCES/0003-ce-page-details-add-SAE-support.patch new file mode 100644 index 0000000..1ae22f9 --- /dev/null +++ b/SOURCES/0003-ce-page-details-add-SAE-support.patch @@ -0,0 +1,37 @@ +From 17ca12acd4e0a924a1acd5107b8569dd66d368af Mon Sep 17 00:00:00 2001 +From: David Bauer +Date: Sat, 21 Dec 2019 17:39:02 +0100 +Subject: [PATCH 3/8] ce-page-details: add SAE support + +(cherry picked from commit 97f6c8f53c15c7ccb9dd7a65ce1ac02ebc18a724) +--- + panels/network/connection-editor/ce-page-details.c | 13 +++++++++++-- + 1 file changed, 11 insertions(+), 2 deletions(-) + +diff --git a/panels/network/connection-editor/ce-page-details.c b/panels/network/connection-editor/ce-page-details.c +index c972c0e5b..f0c594dd4 100644 +--- a/panels/network/connection-editor/ce-page-details.c ++++ b/panels/network/connection-editor/ce-page-details.c +@@ -60,8 +60,17 @@ get_ap_security_string (NMAccessPoint *ap) + g_string_append_printf (str, "%s, ", _("WPA")); + } + if (rsn_flags != NM_802_11_AP_SEC_NONE) { +- /* TRANSLATORS: this WPA WiFi security */ +- g_string_append_printf (str, "%s, ", _("WPA2")); ++#if NM_CHECK_VERSION(1,20,6) ++ if (rsn_flags & NM_802_11_AP_SEC_KEY_MGMT_SAE) { ++ /* TRANSLATORS: this WPA3 WiFi security */ ++ g_string_append_printf (str, "%s, ", _("WPA3")); ++ } ++ else ++#endif ++ { ++ /* TRANSLATORS: this WPA WiFi security */ ++ g_string_append_printf (str, "%s, ", _("WPA2")); ++ } + } + if ((wpa_flags & NM_802_11_AP_SEC_KEY_MGMT_802_1X) || + (rsn_flags & NM_802_11_AP_SEC_KEY_MGMT_802_1X)) { +-- +2.34.1 + diff --git a/SOURCES/0004-net-device-wifi-Decode-SAE-AP-security.patch b/SOURCES/0004-net-device-wifi-Decode-SAE-AP-security.patch new file mode 100644 index 0000000..6cfeb0d --- /dev/null +++ b/SOURCES/0004-net-device-wifi-Decode-SAE-AP-security.patch @@ -0,0 +1,42 @@ +From 0904ae538704409c19c08c88957ff4283d4a152d Mon Sep 17 00:00:00 2001 +From: Benjamin Berg +Date: Tue, 2 Feb 2021 17:27:05 +0100 +Subject: [PATCH 4/8] net-device-wifi: Decode SAE AP security + +Decode this information for the wireless row. Note that we don't really +need this, as it would incorrectly select WPA2 which results in the same +icon. + +Based on upstream commit da0c45f2ab2b7b78695cfff9d6b7a2b045340ac7 +--- + panels/network/net-device-wifi.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/panels/network/net-device-wifi.c b/panels/network/net-device-wifi.c +index 33758e499..da1e4837a 100644 +--- a/panels/network/net-device-wifi.c ++++ b/panels/network/net-device-wifi.c +@@ -46,7 +46,8 @@ typedef enum { + NM_AP_SEC_NONE, + NM_AP_SEC_WEP, + NM_AP_SEC_WPA, +- NM_AP_SEC_WPA2 ++ NM_AP_SEC_WPA2, ++ NM_AP_SEC_SAE + } NMAccessPointSecurity; + + static void nm_device_wifi_refresh_ui (NetDeviceWifi *device_wifi); +@@ -146,6 +147,10 @@ get_access_point_security (NMAccessPoint *ap) + wpa_flags != NM_802_11_AP_SEC_NONE && + rsn_flags != NM_802_11_AP_SEC_NONE) + type = NM_AP_SEC_WPA; ++#if NM_CHECK_VERSION(1,20,6) ++ else if (rsn_flags & NM_802_11_AP_SEC_KEY_MGMT_SAE) ++ type = NM_AP_SEC_SAE; ++#endif + else + type = NM_AP_SEC_WPA2; + +-- +2.34.1 + diff --git a/SOURCES/0005-network-complete-SAE-support.patch b/SOURCES/0005-network-complete-SAE-support.patch new file mode 100644 index 0000000..d3ffe1d --- /dev/null +++ b/SOURCES/0005-network-complete-SAE-support.patch @@ -0,0 +1,477 @@ +From 1289e8ea1dbeb91012c262fcb6f014ec73d4c690 Mon Sep 17 00:00:00 2001 +From: Jonathan Kang +Date: Wed, 9 Sep 2020 14:58:06 +0800 +Subject: [PATCH 5/8] network: complete SAE support + +Added WirelessSecuritySAE class to fully implement SAE support. + +Heavily modifid and based on the 3.28.2 version of the WPA PSK widget. + +(cherry picked from commit 918838f567740172591ff1f2c32d8227c348be72) +--- + .../connection-editor/ce-page-security.c | 8 +- + panels/network/wireless-security/meson.build | 3 + + .../wireless-security.gresource.xml | 1 + + .../wireless-security/wireless-security.h | 1 + + panels/network/wireless-security/ws-sae.c | 214 ++++++++++++++++++ + panels/network/wireless-security/ws-sae.h | 30 +++ + panels/network/wireless-security/ws-sae.ui | 117 ++++++++++ + 7 files changed, 370 insertions(+), 4 deletions(-) + create mode 100644 panels/network/wireless-security/ws-sae.c + create mode 100644 panels/network/wireless-security/ws-sae.h + create mode 100644 panels/network/wireless-security/ws-sae.ui + +diff --git a/panels/network/connection-editor/ce-page-security.c b/panels/network/connection-editor/ce-page-security.c +index 5104d7442..37b1e1286 100644 +--- a/panels/network/connection-editor/ce-page-security.c ++++ b/panels/network/connection-editor/ce-page-security.c +@@ -343,11 +343,11 @@ finish_setup (CEPageSecurity *page) + + #if NM_CHECK_VERSION(1,20,6) + if (nm_utils_security_valid (NMU_SEC_SAE, dev_caps, FALSE, is_adhoc, 0, 0, 0)) { +- WirelessSecurityWPAPSK *ws_wpa_psk; ++ WirelessSecuritySAE *ws_sae; + +- ws_wpa_psk = ws_wpa_psk_new (connection, FALSE); +- if (ws_wpa_psk) { +- add_security_item (page, WIRELESS_SECURITY (ws_wpa_psk), sec_model, ++ ws_sae = ws_sae_new (connection, FALSE); ++ if (ws_sae) { ++ add_security_item (page, WIRELESS_SECURITY (ws_sae), sec_model, + &iter, _("WPA3 Personal"), FALSE); + if ((active < 0) && ((default_type == NMU_SEC_SAE))) + active = item; +diff --git a/panels/network/wireless-security/meson.build b/panels/network/wireless-security/meson.build +index 47def7a63..6036f56af 100644 +--- a/panels/network/wireless-security/meson.build ++++ b/panels/network/wireless-security/meson.build +@@ -14,6 +14,7 @@ nm_applet_headers = [ + 'wireless-security.h', + 'ws-leap.h', + 'ws-dynamic-wep.h', ++ 'ws-sae.h', + 'ws-wep-key.h', + 'ws-wpa-eap.h', + 'ws-wpa-psk.h' +@@ -31,6 +32,7 @@ nm_applet_sources = [ + 'wireless-security.c', + 'ws-leap.c', + 'ws-dynamic-wep.c', ++ 'ws-sae.c', + 'ws-wep-key.c', + 'ws-wpa-eap.c', + 'ws-wpa-psk.c' +@@ -47,6 +49,7 @@ nm_resource_data = [ + 'eap-method-ttls.ui', + 'ws-dynamic-wep.ui', + 'ws-leap.ui', ++ 'ws-sae.ui', + 'ws-wep-key.ui', + 'ws-wpa-eap.ui', + 'ws-wpa-psk.ui' +diff --git a/panels/network/wireless-security/wireless-security.gresource.xml b/panels/network/wireless-security/wireless-security.gresource.xml +index a483d06a0..fa1a965ad 100644 +--- a/panels/network/wireless-security/wireless-security.gresource.xml ++++ b/panels/network/wireless-security/wireless-security.gresource.xml +@@ -9,6 +9,7 @@ + eap-method-ttls.ui + ws-dynamic-wep.ui + ws-leap.ui ++ ws-sae.ui + ws-wep-key.ui + ws-wpa-eap.ui + ws-wpa-psk.ui +diff --git a/panels/network/wireless-security/wireless-security.h b/panels/network/wireless-security/wireless-security.h +index 975e750f6..c5508ad1b 100644 +--- a/panels/network/wireless-security/wireless-security.h ++++ b/panels/network/wireless-security/wireless-security.h +@@ -102,6 +102,7 @@ GType wireless_security_get_type (void); + #include "ws-wep-key.h" + #include "ws-wpa-psk.h" + #include "ws-leap.h" ++#include "ws-sae.h" + #include "ws-wpa-eap.h" + #include "ws-dynamic-wep.h" + +diff --git a/panels/network/wireless-security/ws-sae.c b/panels/network/wireless-security/ws-sae.c +new file mode 100644 +index 000000000..96138d522 +--- /dev/null ++++ b/panels/network/wireless-security/ws-sae.c +@@ -0,0 +1,214 @@ ++/* -*- Mode: C; tab-width: 4; indent-tabs-mode: t; c-basic-offset: 4 -*- */ ++/* NetworkManager Applet -- allow user control over networking ++ * ++ * Dan Williams ++ * ++ * This program is free software; you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation; either version 2 of the License, or ++ * (at your option) any later version. ++ * ++ * This program is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License along ++ * with this program; if not, write to the Free Software Foundation, Inc., ++ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Copyright 2007 - 2014 Red Hat, Inc. ++ */ ++ ++#include "nm-default.h" ++ ++#include ++#include ++ ++#include "wireless-security.h" ++#include "helpers.h" ++#include "nma-ui-utils.h" ++#include "utils.h" ++ ++#define WPA_PMK_LEN 32 ++ ++struct _WirelessSecuritySAE { ++ WirelessSecurity parent; ++ ++ gboolean editing_connection; ++ const char *password_flags_name; ++}; ++ ++static void ++show_toggled_cb (GtkCheckButton *button, WirelessSecurity *sec) ++{ ++ GtkWidget *widget; ++ gboolean visible; ++ ++ widget = GTK_WIDGET (gtk_builder_get_object (sec->builder, "sae_entry")); ++ g_assert (widget); ++ ++ visible = gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (button)); ++ gtk_entry_set_visibility (GTK_ENTRY (widget), visible); ++} ++ ++static gboolean ++validate (WirelessSecurity *parent, GError **error) ++{ ++ GtkWidget *entry; ++ const char *key; ++ ++ entry = GTK_WIDGET (gtk_builder_get_object (parent->builder, "sae_entry")); ++ g_assert (entry); ++ ++ key = gtk_entry_get_text (GTK_ENTRY (entry)); ++ if (key == NULL || key[0] == '\0') { ++ widget_set_error (entry); ++ g_set_error_literal (error, NMA_ERROR, NMA_ERROR_GENERIC, _("Wi-Fi password is missing.")); ++ return FALSE; ++ } ++ widget_unset_error (entry); ++ ++ /* passphrase can be between 8 and 63 characters inclusive */ ++ ++ return TRUE; ++} ++ ++static void ++add_to_size_group (WirelessSecurity *parent, GtkSizeGroup *group) ++{ ++ GtkWidget *widget; ++ ++ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "sae_type_label")); ++ gtk_size_group_add_widget (group, widget); ++ ++ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "sae_label")); ++ gtk_size_group_add_widget (group, widget); ++} ++ ++static void ++fill_connection (WirelessSecurity *parent, NMConnection *connection) ++{ ++ WirelessSecuritySAE *sae = (WirelessSecuritySAE *) parent; ++ GtkWidget *widget, *passwd_entry; ++ const char *key; ++ NMSettingWireless *s_wireless; ++ NMSettingWirelessSecurity *s_wireless_sec; ++ NMSettingSecretFlags secret_flags; ++ const char *mode; ++ gboolean is_adhoc = FALSE; ++ ++ s_wireless = nm_connection_get_setting_wireless (connection); ++ g_assert (s_wireless); ++ ++ mode = nm_setting_wireless_get_mode (s_wireless); ++ if (mode && !strcmp (mode, "adhoc")) ++ is_adhoc = TRUE; ++ ++ /* Blow away the old security setting by adding a clear one */ ++ s_wireless_sec = (NMSettingWirelessSecurity *) nm_setting_wireless_security_new (); ++ nm_connection_add_setting (connection, (NMSetting *) s_wireless_sec); ++ ++ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "sae_entry")); ++ passwd_entry = widget; ++ key = gtk_entry_get_text (GTK_ENTRY (widget)); ++ g_object_set (s_wireless_sec, NM_SETTING_WIRELESS_SECURITY_PSK, key, NULL); ++ ++ /* Save PSK_FLAGS to the connection */ ++ secret_flags = nma_utils_menu_to_secret_flags (passwd_entry); ++ nm_setting_set_secret_flags (NM_SETTING (s_wireless_sec), NM_SETTING_WIRELESS_SECURITY_PSK, ++ secret_flags, NULL); ++ ++ /* Update secret flags and popup when editing the connection */ ++ if (sae->editing_connection) ++ nma_utils_update_password_storage (passwd_entry, secret_flags, ++ NM_SETTING (s_wireless_sec), sae->password_flags_name); ++ ++ wireless_security_clear_ciphers (connection); ++ if (is_adhoc) { ++ /* Ad-Hoc settings as specified by the supplicant */ ++ g_object_set (s_wireless_sec, NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "sae", NULL); ++ nm_setting_wireless_security_add_proto (s_wireless_sec, "rsn"); ++ nm_setting_wireless_security_add_pairwise (s_wireless_sec, "ccmp"); ++ nm_setting_wireless_security_add_group (s_wireless_sec, "ccmp"); ++ } else { ++ g_object_set (s_wireless_sec, NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "sae", NULL); ++ ++ /* Just leave ciphers and protocol empty, the supplicant will ++ * figure that out magically based on the AP IEs and card capabilities. ++ */ ++ } ++} ++ ++static void ++update_secrets (WirelessSecurity *parent, NMConnection *connection) ++{ ++ helper_fill_secret_entry (connection, ++ parent->builder, ++ "sae_entry", ++ NM_TYPE_SETTING_WIRELESS_SECURITY, ++ (HelperSecretFunc) nm_setting_wireless_security_get_psk); ++} ++ ++WirelessSecuritySAE * ++ws_sae_new (NMConnection *connection, gboolean secrets_only) ++{ ++ WirelessSecurity *parent; ++ WirelessSecuritySAE *sec; ++ NMSetting *setting = NULL; ++ GtkWidget *widget; ++ ++ parent = wireless_security_init (sizeof (WirelessSecuritySAE), ++ validate, ++ add_to_size_group, ++ fill_connection, ++ update_secrets, ++ NULL, ++ "/org/gnome/ControlCenter/network/ws-sae.ui", ++ "sae_notebook", ++ "sae_entry"); ++ if (!parent) ++ return NULL; ++ ++ parent->adhoc_compatible = FALSE; ++ sec = (WirelessSecuritySAE *) parent; ++ sec->editing_connection = secrets_only ? FALSE : TRUE; ++ sec->password_flags_name = NM_SETTING_WIRELESS_SECURITY_PSK; ++ ++ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "sae_entry")); ++ g_assert (widget); ++ g_signal_connect (G_OBJECT (widget), "changed", ++ (GCallback) wireless_security_changed_cb, ++ sec); ++ gtk_entry_set_width_chars (GTK_ENTRY (widget), 28); ++ ++ /* Create password-storage popup menu for password entry under entry's secondary icon */ ++ if (connection) ++ setting = (NMSetting *) nm_connection_get_setting_wireless_security (connection); ++ nma_utils_setup_password_storage (widget, 0, setting, sec->password_flags_name, ++ FALSE, secrets_only); ++ ++ /* Fill secrets, if any */ ++ if (connection) ++ update_secrets (WIRELESS_SECURITY (sec), connection); ++ ++ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "show_checkbutton_wpa")); ++ g_assert (widget); ++ g_signal_connect (G_OBJECT (widget), "toggled", ++ (GCallback) show_toggled_cb, ++ sec); ++ ++ /* Hide WPA/RSN for now since this can be autodetected by NM and the ++ * supplicant when connecting to the AP. ++ */ ++ ++ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "sae_type_combo")); ++ g_assert (widget); ++ gtk_widget_hide (widget); ++ ++ widget = GTK_WIDGET (gtk_builder_get_object (parent->builder, "sae_type_label")); ++ g_assert (widget); ++ gtk_widget_hide (widget); ++ ++ return sec; ++} +diff --git a/panels/network/wireless-security/ws-sae.h b/panels/network/wireless-security/ws-sae.h +new file mode 100644 +index 000000000..9a1262cd0 +--- /dev/null ++++ b/panels/network/wireless-security/ws-sae.h +@@ -0,0 +1,30 @@ ++/* -*- Mode: C; tab-width: 4; indent-tabs-mode: t; c-basic-offset: 4 -*- */ ++/* NetworkManager Applet -- allow user control over networking ++ * ++ * Dan Williams ++ * ++ * This program is free software; you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation; either version 2 of the License, or ++ * (at your option) any later version. ++ * ++ * This program is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License along ++ * with this program; if not, write to the Free Software Foundation, Inc., ++ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Copyright 2007 - 2014 Red Hat, Inc. ++ */ ++ ++#ifndef WS_SAE_H ++#define WS_SAE_H ++ ++typedef struct _WirelessSecuritySAE WirelessSecuritySAE; ++ ++WirelessSecuritySAE * ws_sae_new (NMConnection *connection, gboolean secrets_only); ++ ++#endif /* WS_SAE_H */ +diff --git a/panels/network/wireless-security/ws-sae.ui b/panels/network/wireless-security/ws-sae.ui +new file mode 100644 +index 000000000..d523f16c8 +--- /dev/null ++++ b/panels/network/wireless-security/ws-sae.ui +@@ -0,0 +1,117 @@ ++ ++ ++ ++ ++ True ++ False ++ False ++ False ++ ++ ++ True ++ False ++ 3 ++ 2 ++ 6 ++ 6 ++ ++ ++ True ++ False ++ 1 ++ _Password ++ True ++ sae_entry ++ ++ ++ GTK_FILL ++ ++ ++ ++ ++ ++ True ++ True ++ 64 ++ False ++ True ++ ++ ++ 1 ++ 2 ++ ++ ++ ++ ++ ++ True ++ False ++ 1 ++ _Type ++ True ++ sae_type_combo ++ ++ ++ 2 ++ 3 ++ GTK_FILL ++ ++ ++ ++ ++ ++ True ++ False ++ 0 ++ ++ ++ 1 ++ 2 ++ GTK_FILL ++ ++ ++ ++ ++ ++ Sho_w password ++ True ++ True ++ False ++ True ++ True ++ ++ ++ 1 ++ 2 ++ 1 ++ 2 ++ GTK_FILL ++ ++ ++ ++ ++ ++ True ++ False ++ ++ ++ 1 ++ 2 ++ 2 ++ 3 ++ GTK_FILL ++ ++ ++ ++ ++ ++ ++ True ++ False ++ ++ ++ False ++ ++ ++ ++ +-- +2.34.1 + diff --git a/SOURCES/0006-Add-support-for-Enhanced-Open-WiFi-security.patch b/SOURCES/0006-Add-support-for-Enhanced-Open-WiFi-security.patch new file mode 100644 index 0000000..bd73588 --- /dev/null +++ b/SOURCES/0006-Add-support-for-Enhanced-Open-WiFi-security.patch @@ -0,0 +1,114 @@ +From 73fb050f06649e717aea5654394fe45cd921d4df Mon Sep 17 00:00:00 2001 +From: David Bauer +Date: Fri, 17 Jul 2020 03:41:44 +0000 +Subject: [PATCH 6/8] Add support for Enhanced Open WiFi security + +(cherry picked from commit 1d0b664f7c5e38e9d8933956c1cc4661244edb7d) +--- + .../connection-editor/ce-page-details.c | 6 +++++ + .../connection-editor/ce-page-security.c | 22 +++++++++++++++++++ + panels/network/net-device-wifi.c | 10 +++++++-- + 3 files changed, 36 insertions(+), 2 deletions(-) + +diff --git a/panels/network/connection-editor/ce-page-details.c b/panels/network/connection-editor/ce-page-details.c +index f0c594dd4..8bdb932a4 100644 +--- a/panels/network/connection-editor/ce-page-details.c ++++ b/panels/network/connection-editor/ce-page-details.c +@@ -65,6 +65,12 @@ get_ap_security_string (NMAccessPoint *ap) + /* TRANSLATORS: this WPA3 WiFi security */ + g_string_append_printf (str, "%s, ", _("WPA3")); + } ++#if NM_CHECK_VERSION(1,24,0) ++ else if (rsn_flags & NM_802_11_AP_SEC_KEY_MGMT_OWE) { ++ /* TRANSLATORS: this Enhanced Open WiFi security */ ++ g_string_append_printf (str, "%s, ", _("Enhanced Open")); ++ } ++#endif + else + #endif + { +diff --git a/panels/network/connection-editor/ce-page-security.c b/panels/network/connection-editor/ce-page-security.c +index 37b1e1286..52efb9da1 100644 +--- a/panels/network/connection-editor/ce-page-security.c ++++ b/panels/network/connection-editor/ce-page-security.c +@@ -68,6 +68,13 @@ get_default_type_for_security (NMSettingWirelessSecurity *sec) + return NMU_SEC_LEAP; + return NMU_SEC_DYNAMIC_WEP; + } ++ ++#if NM_CHECK_VERSION(1,24,0) ++ if (!strcmp (key_mgmt, "owe")) { ++ return NMU_SEC_OWE; ++ } ++#endif ++ + #if NM_CHECK_VERSION(1,20,6) + if (!strcmp (key_mgmt, "sae")) { + return NMU_SEC_SAE; +@@ -255,6 +262,18 @@ finish_setup (CEPageSecurity *page) + item++; + } + ++#if NM_CHECK_VERSION(1,24,0) ++ if (nm_utils_security_valid (NMU_SEC_OWE, dev_caps, FALSE, is_adhoc, 0, 0, 0)) { ++ gtk_list_store_insert_with_values (sec_model, &iter, -1, ++ S_NAME_COLUMN, _("Enhanced Open"), ++ S_ADHOC_VALID_COLUMN, FALSE, ++ -1); ++ if (active < 0 && default_type == NMU_SEC_OWE) ++ active = item; ++ item++; ++ } ++#endif ++ + if (nm_utils_security_valid (NMU_SEC_STATIC_WEP, dev_caps, FALSE, is_adhoc, 0, 0, 0)) { + WirelessSecurityWEPKey *ws_wep; + NMWepKeyType wep_type = NM_WEP_KEY_TYPE_KEY; +@@ -473,6 +492,9 @@ ce_page_security_new (NMConnection *connection, + default_type == NMU_SEC_WPA_PSK || + #if NM_CHECK_VERSION(1,20,6) + default_type == NMU_SEC_SAE || ++#endif ++#if NM_CHECK_VERSION(1,24,0) ++ default_type == NMU_SEC_OWE || + #endif + default_type == NMU_SEC_WPA2_PSK) { + CE_PAGE (page)->security_setting = NM_SETTING_WIRELESS_SECURITY_SETTING_NAME; +diff --git a/panels/network/net-device-wifi.c b/panels/network/net-device-wifi.c +index da1e4837a..fc2fba63f 100644 +--- a/panels/network/net-device-wifi.c ++++ b/panels/network/net-device-wifi.c +@@ -47,7 +47,8 @@ typedef enum { + NM_AP_SEC_WEP, + NM_AP_SEC_WPA, + NM_AP_SEC_WPA2, +- NM_AP_SEC_SAE ++ NM_AP_SEC_SAE, ++ NM_AP_SEC_OWE, + } NMAccessPointSecurity; + + static void nm_device_wifi_refresh_ui (NetDeviceWifi *device_wifi); +@@ -150,6 +151,10 @@ get_access_point_security (NMAccessPoint *ap) + #if NM_CHECK_VERSION(1,20,6) + else if (rsn_flags & NM_802_11_AP_SEC_KEY_MGMT_SAE) + type = NM_AP_SEC_SAE; ++#endif ++#if NM_CHECK_VERSION(1,20,6) ++ else if (rsn_flags & NM_802_11_AP_SEC_KEY_MGMT_OWE) ++ type = NM_AP_SEC_OWE; + #endif + else + type = NM_AP_SEC_WPA2; +@@ -1930,7 +1935,8 @@ make_row (GtkSizeGroup *rows, + + if (in_range) { + if (security != NM_AP_SEC_UNKNOWN && +- security != NM_AP_SEC_NONE) { ++ security != NM_AP_SEC_NONE && ++ security != NM_AP_SEC_OWE) { + widget = gtk_image_new_from_icon_name ("network-wireless-encrypted-symbolic", GTK_ICON_SIZE_MENU); + } else { + widget = gtk_label_new (""); +-- +2.34.1 + diff --git a/SOURCES/0007-network-Fix-connection-selection-and-SSID-display-fo.patch b/SOURCES/0007-network-Fix-connection-selection-and-SSID-display-fo.patch new file mode 100644 index 0000000..0bfa761 --- /dev/null +++ b/SOURCES/0007-network-Fix-connection-selection-and-SSID-display-fo.patch @@ -0,0 +1,216 @@ +From e6cebd2fc9b0d18a92f2935e23551b62a7031236 Mon Sep 17 00:00:00 2001 +From: Benjamin Berg +Date: Tue, 4 Jan 2022 11:29:25 +0100 +Subject: [PATCH 7/8] network: Fix connection selection and SSID display for + OWE + +When dealing with OWE APs, we need to use the SSID from the connection +rather than the AP. In this case, we want to group the current AP with +other APs that have the connection SSID. + +As such, first change the unqiue AP selection to take the active AP and +active connection into account (preferring the active AP for correct +signal strength display). + +Then, make sure we have the active connection in the list everywhere and +skip the SSID check when assiging the AP to the connection for the +active AP/connection. + +This way we make sure to have the active connection together with the +active AP in the list. The code will prefer to display the connections +SSID rather than the APS, so we get the right one for OWE. + +This mimicks the behaviour of newer g-c-c versions without pulling in +the full rewrite of the connection list widget. +--- + panels/network/net-device-wifi.c | 86 ++++++++++++++++++++++++++------ + 1 file changed, 72 insertions(+), 14 deletions(-) + +diff --git a/panels/network/net-device-wifi.c b/panels/network/net-device-wifi.c +index fc2fba63f..af489afcc 100644 +--- a/panels/network/net-device-wifi.c ++++ b/panels/network/net-device-wifi.c +@@ -163,25 +163,50 @@ get_access_point_security (NMAccessPoint *ap) + } + + static GPtrArray * +-panel_get_strongest_unique_aps (const GPtrArray *aps) ++panel_get_strongest_unique_aps (NMDevice *nm_device) + { +- GBytes *ssid, *ssid_tmp; ++ const GPtrArray *aps; + GPtrArray *aps_unique = NULL; + gboolean add_ap; + guint i; + guint j; + NMAccessPoint *ap; + NMAccessPoint *ap_tmp; ++ NMAccessPoint *active_ap; ++ NMActiveConnection *ac; ++ NMConnection *ac_con = NULL; ++ GBytes *ac_ssid = NULL; ++ ++ aps = nm_device_wifi_get_access_points (NM_DEVICE_WIFI (nm_device)); ++ active_ap = nm_device_wifi_get_active_access_point (NM_DEVICE_WIFI (nm_device)); ++ ++ /* Use the connection SSID for the active AP as it is different with OWE. */ ++ ac = nm_device_get_active_connection (nm_device); ++ if (ac) ++ ac_con = NM_CONNECTION (nm_active_connection_get_connection (ac)); ++ if (ac_con) { ++ NMSetting *setting; ++ ++ setting = nm_connection_get_setting_by_name (ac_con, NM_SETTING_WIRELESS_SETTING_NAME); ++ if (setting) ++ ac_ssid = nm_setting_wireless_get_ssid (NM_SETTING_WIRELESS (setting)); ++ } + + /* we will have multiple entries for typical hotspots, just + * filter to the one with the strongest signal */ + aps_unique = g_ptr_array_new_with_free_func ((GDestroyNotify) g_object_unref); + if (aps != NULL) + for (i = 0; i < aps->len; i++) { ++ GBytes *ssid = NULL; ++ + ap = NM_ACCESS_POINT (g_ptr_array_index (aps, i)); + ++ if (ap == active_ap) ++ ssid = ac_ssid; ++ if (!ssid) ++ ssid = nm_access_point_get_ssid (ap); ++ + /* Hidden SSIDs don't get shown in the list */ +- ssid = nm_access_point_get_ssid (ap); + if (!ssid) + continue; + +@@ -189,8 +214,15 @@ panel_get_strongest_unique_aps (const GPtrArray *aps) + + /* get already added list */ + for (j=0; jlen; j++) { ++ GBytes *ssid_tmp = NULL; ++ + ap_tmp = NM_ACCESS_POINT (g_ptr_array_index (aps_unique, j)); +- ssid_tmp = nm_access_point_get_ssid (ap_tmp); ++ ++ ssid_tmp = NULL; ++ if (ap_tmp == active_ap) ++ ssid_tmp = ac_ssid; ++ if (!ssid_tmp) ++ ssid_tmp = nm_access_point_get_ssid (ap_tmp); + g_assert (ssid_tmp); + + /* is this the same type and data? */ +@@ -202,9 +234,12 @@ panel_get_strongest_unique_aps (const GPtrArray *aps) + nm_utils_escape_ssid (g_bytes_get_data (ssid_tmp, NULL), + g_bytes_get_size (ssid_tmp))); + +- /* the new access point is stronger */ +- if (nm_access_point_get_strength (ap) > ++ if (ap_tmp == active_ap) { ++ add_ap = FALSE; ++ } else if (ap == active_ap || ++ nm_access_point_get_strength (ap) > + nm_access_point_get_strength (ap_tmp)) { ++ /* the new access point is the default or stronger */ + g_debug ("removing %s", + nm_utils_escape_ssid (g_bytes_get_data (ssid_tmp, NULL), + g_bytes_get_size (ssid_tmp))); +@@ -2042,9 +2077,10 @@ open_history (NetDeviceWifi *device_wifi) + GtkWidget *separator; + GSList *connections; + GSList *l; +- const GPtrArray *aps; + GPtrArray *aps_unique = NULL; + NMAccessPoint *active_ap; ++ NMActiveConnection *ac; ++ NMConnection *ac_con = NULL; + guint i; + NMDevice *nm_device; + GtkWidget *list; +@@ -2119,10 +2155,15 @@ open_history (NetDeviceWifi *device_wifi) + + connections = net_device_get_valid_connections (NET_DEVICE (device_wifi)); + +- aps = nm_device_wifi_get_access_points (NM_DEVICE_WIFI (nm_device)); +- aps_unique = panel_get_strongest_unique_aps (aps); ++ aps_unique = panel_get_strongest_unique_aps (nm_device); + active_ap = nm_device_wifi_get_active_access_point (NM_DEVICE_WIFI (nm_device)); + ++ ac = nm_device_get_active_connection (nm_device); ++ if (ac) ++ ac_con = NM_CONNECTION (nm_active_connection_get_connection (ac)); ++ if (ac_con && !g_slist_find (connections, ac_con)) ++ connections = g_slist_prepend (connections, ac_con); ++ + for (l = connections; l; l = l->next) { + NMConnection *connection = l->data; + NMAccessPoint *ap = NULL; +@@ -2137,7 +2178,13 @@ open_history (NetDeviceWifi *device_wifi) + GBytes *ssid_ap; + ap = NM_ACCESS_POINT (g_ptr_array_index (aps_unique, i)); + ssid_ap = nm_access_point_get_ssid (ap); +- if (nm_utils_same_ssid (g_bytes_get_data (ssid, NULL), g_bytes_get_size (ssid), ++ ++ /* Skip SSID check for active connection/AP (will not match with OWE) */ ++ if (ap == active_ap && connection == ac_con) ++ break; ++ ++ if (ssid_ap && ++ nm_utils_same_ssid (g_bytes_get_data (ssid, NULL), g_bytes_get_size (ssid), + g_bytes_get_data (ssid_ap, NULL), g_bytes_get_size (ssid_ap), + TRUE)) + break; +@@ -2167,13 +2214,14 @@ populate_ap_list_idle (NetDeviceWifi *device_wifi) + NMDevice *nm_device; + GSList *connections; + GSList *l; +- const GPtrArray *aps; + GPtrArray *aps_unique = NULL; + NMAccessPoint *active_ap; + guint i; + GtkWidget *row; + GtkWidget *button; + GList *children, *child; ++ NMActiveConnection *ac; ++ NMConnection *ac_con = NULL; + + device_wifi->priv->populate_ap_list_idle_id = 0; + +@@ -2192,10 +2240,15 @@ populate_ap_list_idle (NetDeviceWifi *device_wifi) + + connections = net_device_get_valid_connections (NET_DEVICE (device_wifi)); + +- aps = nm_device_wifi_get_access_points (NM_DEVICE_WIFI (nm_device)); +- aps_unique = panel_get_strongest_unique_aps (aps); ++ aps_unique = panel_get_strongest_unique_aps (nm_device); + active_ap = nm_device_wifi_get_active_access_point (NM_DEVICE_WIFI (nm_device)); + ++ ac = nm_device_get_active_connection (nm_device); ++ if (ac) ++ ac_con = NM_CONNECTION (nm_active_connection_get_connection (ac)); ++ if (ac_con && !g_slist_find (connections, ac_con)) ++ connections = g_slist_prepend (connections, ac_con); ++ + for (i = 0; i < aps_unique->len; i++) { + GBytes *ssid_ap; + NMAccessPoint *ap; +@@ -2212,9 +2265,14 @@ populate_ap_list_idle (NetDeviceWifi *device_wifi) + continue; + } + ++ /* Skip SSID check for active connection/AP (will not match with OWE) */ ++ if (ap == active_ap && connection == ac_con) ++ break; ++ + setting = nm_connection_get_setting_by_name (connection, NM_SETTING_WIRELESS_SETTING_NAME); + ssid = nm_setting_wireless_get_ssid (NM_SETTING_WIRELESS (setting)); +- if (nm_utils_same_ssid (g_bytes_get_data (ssid, NULL), g_bytes_get_size (ssid), ++ if (ssid_ap && ++ nm_utils_same_ssid (g_bytes_get_data (ssid, NULL), g_bytes_get_size (ssid), + g_bytes_get_data (ssid_ap, NULL), g_bytes_get_size (ssid_ap), + TRUE)) + break; +-- +2.34.1 + diff --git a/SOURCES/0008-network-Fix-saving-passwords-for-non-wifi-connection.patch b/SOURCES/0008-network-Fix-saving-passwords-for-non-wifi-connection.patch new file mode 100644 index 0000000..324de72 --- /dev/null +++ b/SOURCES/0008-network-Fix-saving-passwords-for-non-wifi-connection.patch @@ -0,0 +1,51 @@ +From 4269c292020aa11d7b8e17e804ad207e892d2bfe Mon Sep 17 00:00:00 2001 +From: Benjamin Berg +Date: Thu, 9 Dec 2021 17:53:09 +0100 +Subject: [PATCH 8/8] network: Fix saving passwords for non-wifi connections + +When validating security settings for non-wifi connections, we +temporarily create a wireless connection. Unfortunately, when this +connection is destroyed, it'll clear the stored password from the 802.1x +settings object. + +Avoid this by removing the setting before unref'ing the temporary +connection. +--- + .../connection-editor/ce-page-8021x-security.c | 15 +++++---------- + 1 file changed, 5 insertions(+), 10 deletions(-) + +diff --git a/panels/network/connection-editor/ce-page-8021x-security.c b/panels/network/connection-editor/ce-page-8021x-security.c +index f7d31969a..0ac057f79 100644 +--- a/panels/network/connection-editor/ce-page-8021x-security.c ++++ b/panels/network/connection-editor/ce-page-8021x-security.c +@@ -126,22 +126,17 @@ validate (CEPage *cepage, NMConnection *connection, GError **error) + /* FIXME: get failed property and error out of wireless security objects */ + valid = wireless_security_validate (page->security, error); + if (valid) { +- NMSetting *s_con; +- + /* Here's a nice hack to work around the fact that ws_802_1x_fill_connection needs wireless setting. */ +- tmp_connection = nm_simple_connection_new (); ++ tmp_connection = nm_simple_connection_new_clone (connection); + nm_connection_add_setting (tmp_connection, nm_setting_wireless_new ()); + +- /* temp connection needs a 'connection' setting too, since most of +- * the EAP methods need the UUID for CA cert ignore stuff. +- */ +- s_con = nm_connection_get_setting (connection, NM_TYPE_SETTING_CONNECTION); +- nm_connection_add_setting (tmp_connection, nm_setting_duplicate (s_con)); +- + ws_802_1x_fill_connection (page->security, "wpa_eap_auth_combo", tmp_connection); + ++ /* NOTE: It is important we create a copy of the settings, as the ++ * secrets might be cleared otherwise. ++ */ + s_8021x = nm_connection_get_setting (tmp_connection, NM_TYPE_SETTING_802_1X); +- nm_connection_add_setting (connection, NM_SETTING (g_object_ref (s_8021x))); ++ nm_connection_add_setting (connection, nm_setting_duplicate (NM_SETTING (s_8021x))); + + g_object_unref (tmp_connection); + } +-- +2.34.1 + diff --git a/SPECS/gnome-control-center.spec b/SPECS/gnome-control-center.spec index 54e029a..2f3b6ee 100644 --- a/SPECS/gnome-control-center.spec +++ b/SPECS/gnome-control-center.spec @@ -11,7 +11,7 @@ Name: gnome-control-center Version: 3.28.2 -Release: 29%{?dist} +Release: 33%{?dist} Summary: Utilities to configure the GNOME desktop License: GPLv2+ and CC-BY-SA @@ -64,8 +64,25 @@ Patch25: printers-Update-entries.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1876291 Patch26: Update-translations.patch -# https://bugzilla.redhat.com/show_bug.cgi?id=2024707 -Patch27: 0001-network-Populate-AP-list-from-idle-handler.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=1938323 +Patch31: 0001-network-Populate-AP-list-from-idle-handler.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=1915411 +Patch32: 0002-ce-page-security-add-SAE-support.patch +Patch33: 0003-ce-page-details-add-SAE-support.patch +Patch34: 0004-net-device-wifi-Decode-SAE-AP-security.patch +Patch35: 0005-network-complete-SAE-support.patch +Patch36: 0006-Add-support-for-Enhanced-Open-WiFi-security.patch +Patch37: 0007-network-Fix-connection-selection-and-SSID-display-fo.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=1938944 +Patch38: 0008-network-Fix-saving-passwords-for-non-wifi-connection.patch + +# Backport monitor config policy (#2001655) +Patch39: 0001-display-Only-display-configuration-options-if-apply-.patch + +Patch40: 0001-displays-Don-t-enlarge-display-panel-artificially.patch + +# Workaround for libnma not handling OWE https://gitlab.gnome.org/GNOME/libnma/-/issues/9 +Patch41: 0001-network-Fix-OWE-settings.patch BuildRequires: chrpath BuildRequires: cups-devel @@ -239,13 +256,34 @@ chrpath --delete $RPM_BUILD_ROOT%{_bindir}/gnome-control-center %dir %{_datadir}/gnome/wm-properties %changelog -* Tue Jan 19 2022 Benjamin Berg - 3.28.2-29 -- Push AP list update into idle handler - Resolves: #2024707 +* Thu Feb 24 2022 Benjamin Berg - 3.28.2-33 +- Work around libnma not handling OWE + Related: #2023156 + +* Thu Feb 10 2022 Carlos Garnacho - 3.28.2-32 +- Make displays panel able to fit in 800x600 resolution + Resolves: #1893650 + +* Fri Feb 04 2022 Jonas Ã…dahl - 3.28.3-31 +- Backport monitor config policy + Resolves: #2001655 + +* Tue Jan 04 2022 Benjamin Berg - 3.28.2-30 +- Fix connection list AP selection and SSID display for OWE + Resolves: #2023156 +- Fix saving passwords for non-wifi connections + Resolves: #1938944 + +* Wed Nov 10 2021 Benjamin Berg - 3.28.2-29 +- Backport SAE/WPA3/OWE support + Resolves: #1915411 + Resolves: #2023156 +- Add patch to fix wifi performance issue + Resolves: #1938323 * Fri Sep 10 2021 Kalev Lember - 3.28.2-28 - Update pt_BR translations -- Resolves: #1978612 +- Resolves: #2003069 * Fri Jul 02 2021 Tomas Popela - 3.28.2-27 - Update fr, ja, zh_CN translations