Compare commits

..

No commits in common. 'c8' and 'c9' have entirely different histories.
c8 ... c9

@ -1 +1 @@
a3ec22a8e76f3358d9f69dc505d22267e936dbae SOURCES/NetworkManager-libreswan-1.2.10.tar.xz 7f62450f66f2a21789fd6cfebbf3355ae99553ea SOURCES/NetworkManager-libreswan-1.2.22.tar.xz

2
.gitignore vendored

@ -1 +1 @@
SOURCES/NetworkManager-libreswan-1.2.10.tar.xz SOURCES/NetworkManager-libreswan-1.2.22.tar.xz

@ -1,4 +1,4 @@
From dcf656747eece80e2534dc21b79c15e13bb28b5a Mon Sep 17 00:00:00 2001 From f9f321fc00f9016569a592140d9e5a24f9c4db01 Mon Sep 17 00:00:00 2001
From: Lubomir Rintel <lkundrak@v3.sk> From: Lubomir Rintel <lkundrak@v3.sk>
Date: Fri, 13 Sep 2024 14:49:12 +0200 Date: Fri, 13 Sep 2024 14:49:12 +0200
Subject: [PATCH 1/6] shared/nm-glib: import newer g_steal_pointer() Subject: [PATCH 1/6] shared/nm-glib: import newer g_steal_pointer()
@ -63,7 +63,7 @@ index 770cf0f..1b6487c 100644
-- --
2.46.0 2.46.0
From 50b019de99a9005065db6d069167ffacbe62151b Mon Sep 17 00:00:00 2001 From 72816f82b029063e4d8aaff6703f175da5232293 Mon Sep 17 00:00:00 2001
From: Lubomir Rintel <lkundrak@v3.sk> From: Lubomir Rintel <lkundrak@v3.sk>
Date: Tue, 17 Sep 2024 13:28:58 +0200 Date: Tue, 17 Sep 2024 13:28:58 +0200
Subject: [PATCH 2/6] build: get rid of {properties,src}/libutils.la Subject: [PATCH 2/6] build: get rid of {properties,src}/libutils.la
@ -73,49 +73,76 @@ more complicated. Get rid of then, and just roll src/libutils.la.
[lkundrak@v3.sk: Backported from 1.24.0] [lkundrak@v3.sk: Backported from 1.24.0]
--- ---
Makefile.am | 47 ++++++++++++++++++----------------------------- Makefile.am | 69 +++++++++++++++++++++--------------------------------
1 file changed, 18 insertions(+), 29 deletions(-) 1 file changed, 27 insertions(+), 42 deletions(-)
diff --git a/Makefile.am b/Makefile.am diff --git a/Makefile.am b/Makefile.am
index 8442d64..e2847d4 100644 index 29084a9..d46cfcd 100644
--- a/Makefile.am --- a/Makefile.am
+++ b/Makefile.am +++ b/Makefile.am
@@ -53,23 +53,25 @@ common_CFLAGS = \ @@ -33,6 +33,26 @@ nmvpnservice_DATA = nm-libreswan-service.name
############################################################################### ###############################################################################
-noinst_LTLIBRARIES += properties/libutils.la
+noinst_LTLIBRARIES += shared/libutils.la +noinst_LTLIBRARIES += shared/libutils.la
+
-properties_libutils_la_SOURCES = \
- shared/utils.c \
- shared/utils.h \
- shared/nm-utils/nm-vpn-plugin-utils.c \
- shared/nm-utils/nm-vpn-plugin-utils.h \
+shared_libutils_la_SOURCES = \ +shared_libutils_la_SOURCES = \
shared/nm-utils/nm-shared-utils.c \ + shared/nm-utils/nm-shared-utils.c \
shared/nm-utils/nm-shared-utils.h \ + shared/nm-utils/nm-shared-utils.h \
+ shared/utils.c \ + shared/utils.c \
+ shared/utils.h \ + shared/utils.h \
shared/nm-service-defines.h + shared/nm-service-defines.h
+
-properties_libutils_la_CPPFLAGS = \
- -DNETWORKMANAGER_COMPILATION=NM_NETWORKMANAGER_COMPILATION_LIB_BASE \
- -DNM_PLUGIN_DIR=\"$(NM_PLUGIN_DIR)\" \
+shared_libutils_la_CFLAGS = \ +shared_libutils_la_CFLAGS = \
$(common_CFLAGS) \ + -DPREFIX=\""$(prefix)"\" \
$(LIBNM_CFLAGS) + $(common_CFLAGS) \
+ $(LIBNM_CFLAGS)
+
+shared_libutils_la_LIBADD = \ +shared_libutils_la_LIBADD = \
+ $(GLIB_LIBS) \ + $(GLIB_LIBS) \
+ $(LIBNM_LIBS) + $(LIBNM_LIBS)
+ +
+############################################################################### +###############################################################################
+ +
properties/resources.h: properties/gresource.xml
$(AM_V_GEN) $(GLIB_COMPILE_RESOURCES) $< --target=$@ --sourcedir=$(srcdir)/properties --generate-header --internal
@@ -53,10 +73,6 @@ gtk4/%.ui: properties/%.ui
EXTRA_DIST += \
gtk4/nm-libreswan-dialog.ui
-plugin_sources = \
- properties/nm-libreswan-editor-plugin.c \
- properties/nm-libreswan-editor-plugin.h
-
editor_sources = \
properties/nm-libreswan-editor.c \
properties/nm-libreswan-editor.h
@@ -68,23 +84,6 @@ common_CFLAGS = \
###############################################################################
-noinst_LTLIBRARIES += properties/libutils.la
-
-properties_libutils_la_SOURCES = \
- shared/utils.c \
- shared/utils.h \
- shared/nm-utils/nm-vpn-plugin-utils.c \
- shared/nm-utils/nm-vpn-plugin-utils.h \
- shared/nm-utils/nm-shared-utils.c \
- shared/nm-utils/nm-shared-utils.h \
- shared/nm-service-defines.h
-
-properties_libutils_la_CPPFLAGS = \
- -DPREFIX=\""$(prefix)"\" \
- -DNETWORKMANAGER_COMPILATION=NM_NETWORKMANAGER_COMPILATION_LIB_BASE \
- $(common_CFLAGS) \
- $(LIBNM_CFLAGS)
-
plugin_LTLIBRARIES += properties/libnm-vpn-plugin-libreswan.la plugin_LTLIBRARIES += properties/libnm-vpn-plugin-libreswan.la
properties_libnm_vpn_plugin_libreswan_la_CFLAGS = \ properties_libnm_vpn_plugin_libreswan_la_CFLAGS = \
@@ -79,10 +81,13 @@ properties_libnm_vpn_plugin_libreswan_la_CFLAGS = \ @@ -93,10 +92,13 @@ properties_libnm_vpn_plugin_libreswan_la_CFLAGS = \
$(LIBNM_CFLAGS) $(LIBNM_CFLAGS)
properties_libnm_vpn_plugin_libreswan_la_SOURCES = \ properties_libnm_vpn_plugin_libreswan_la_SOURCES = \
@ -131,7 +158,15 @@ index 8442d64..e2847d4 100644
$(LIBNM_LIBS) \ $(LIBNM_LIBS) \
$(DL_LIBS) $(DL_LIBS)
@@ -216,22 +221,6 @@ src/nm-libreswan-helper-service-dbus.h: src/nm-libreswan-helper-service.xml @@ -198,7 +200,6 @@ auth_dialog_nm_libreswan_auth_dialog_LDADD = \
src_cppflags = \
-DBINDIR=\"$(bindir)\" \
- -DPREFIX=\""$(prefix)"\" \
-DLIBDIR=\""$(libdir)"\" \
-DLIBEXECDIR=\""$(libexecdir)"\" \
-DLOCALSTATEDIR=\""$(localstatedir)"\" \
@@ -230,22 +231,6 @@ src/nm-libreswan-helper-service-dbus.h: src/nm-libreswan-helper-service.xml
src/nm-libreswan-helper-service-dbus.c: src/nm-libreswan-helper-service-dbus.h src/nm-libreswan-helper-service-dbus.c: src/nm-libreswan-helper-service-dbus.h
@true @true
@ -154,7 +189,7 @@ index 8442d64..e2847d4 100644
############################################################################### ###############################################################################
libexec_PROGRAMS += src/nm-libreswan-service libexec_PROGRAMS += src/nm-libreswan-service
@@ -241,7 +230,7 @@ src_nm_libreswan_service_CPPFLAGS = \ @@ -255,7 +240,7 @@ src_nm_libreswan_service_CPPFLAGS = \
src_nm_libreswan_service_LDADD = \ src_nm_libreswan_service_LDADD = \
src/libnm-libreswan-helper-service-dbus.la \ src/libnm-libreswan-helper-service-dbus.la \
@ -163,7 +198,7 @@ index 8442d64..e2847d4 100644
$(GLIB_LIBS) \ $(GLIB_LIBS) \
$(LIBNM_LIBS) \ $(LIBNM_LIBS) \
$(LIBNL_LIBS) \ $(LIBNL_LIBS) \
@@ -258,7 +247,7 @@ src_nm_libreswan_service_helper_CPPFLAGS = \ @@ -272,7 +257,7 @@ src_nm_libreswan_service_helper_CPPFLAGS = \
src_nm_libreswan_service_helper_LDADD = \ src_nm_libreswan_service_helper_LDADD = \
src/libnm-libreswan-helper-service-dbus.la \ src/libnm-libreswan-helper-service-dbus.la \
@ -175,7 +210,7 @@ index 8442d64..e2847d4 100644
-- --
2.46.0 2.46.0
From a076344da47a3ec930f01d7b70d1929431c301cc Mon Sep 17 00:00:00 2001 From cf9777bd065ddc40c627e1d994432e95b1e70a82 Mon Sep 17 00:00:00 2001
From: Lubomir Rintel <lkundrak@v3.sk> From: Lubomir Rintel <lkundrak@v3.sk>
Date: Mon, 23 Sep 2024 11:39:22 +0200 Date: Mon, 23 Sep 2024 11:39:22 +0200
Subject: [PATCH 3/6] shared/test-utils: cover config write with unit tests Subject: [PATCH 3/6] shared/test-utils: cover config write with unit tests
@ -191,10 +226,10 @@ cases.
create mode 100644 shared/test-utils.c create mode 100644 shared/test-utils.c
diff --git a/Makefile.am b/Makefile.am diff --git a/Makefile.am b/Makefile.am
index e2847d4..d97d3c3 100644 index d46cfcd..3f4e85c 100644
--- a/Makefile.am --- a/Makefile.am
+++ b/Makefile.am +++ b/Makefile.am
@@ -19,6 +19,8 @@ libexec_PROGRAMS = @@ -21,6 +21,8 @@ libexec_PROGRAMS =
noinst_PROGRAMS = noinst_PROGRAMS =
@ -203,7 +238,7 @@ index e2847d4..d97d3c3 100644
SUBDIRS = po man SUBDIRS = po man
############################################################################### ###############################################################################
@@ -70,6 +72,20 @@ shared_libutils_la_LIBADD = \ @@ -51,6 +53,20 @@ shared_libutils_la_LIBADD = \
$(GLIB_LIBS) \ $(GLIB_LIBS) \
$(LIBNM_LIBS) $(LIBNM_LIBS)
@ -223,7 +258,7 @@ index e2847d4..d97d3c3 100644
+ +
############################################################################### ###############################################################################
plugin_LTLIBRARIES += properties/libnm-vpn-plugin-libreswan.la properties/resources.h: properties/gresource.xml
diff --git a/shared/test-utils.c b/shared/test-utils.c diff --git a/shared/test-utils.c b/shared/test-utils.c
new file mode 100644 new file mode 100644
index 0000000..82ee933 index 0000000..82ee933
@ -360,7 +395,7 @@ index 0000000..82ee933
-- --
2.46.0 2.46.0
From 486c9e7a8517a1f376cd9f290e2e16298770e004 Mon Sep 17 00:00:00 2001 From 2b07bfeec5e67cbdce9b23b7c0648cb0ee55416d Mon Sep 17 00:00:00 2001
From: Lubomir Rintel <lkundrak@v3.sk> From: Lubomir Rintel <lkundrak@v3.sk>
Date: Sun, 22 Sep 2024 14:20:22 +0200 Date: Sun, 22 Sep 2024 14:20:22 +0200
Subject: [PATCH 4/6] all: rework formatting of ipsec.conf Subject: [PATCH 4/6] all: rework formatting of ipsec.conf
@ -376,24 +411,27 @@ https://issues.redhat.com/browse/RHEL-59565
[lkundrak@v3.sk: Backported from 1.24.0] [lkundrak@v3.sk: Backported from 1.24.0]
--- ---
properties/nm-libreswan-editor-plugin.c | 29 +- properties/nm-libreswan-editor-plugin.c | 30 +-
shared/test-utils.c | 99 ++---- shared/test-utils.c | 97 +----
shared/utils.c | 407 ++++++++++++++---------- shared/utils.c | 491 ++++++++++++++----------
shared/utils.h | 26 +- shared/utils.h | 28 +-
src/nm-libreswan-service.c | 176 +++++----- src/nm-libreswan-service.c | 183 +++++----
5 files changed, 375 insertions(+), 362 deletions(-) 5 files changed, 423 insertions(+), 406 deletions(-)
diff --git a/properties/nm-libreswan-editor-plugin.c b/properties/nm-libreswan-editor-plugin.c diff --git a/properties/nm-libreswan-editor-plugin.c b/properties/nm-libreswan-editor-plugin.c
index d6b63f2..6f23936 100644 index fe473d1..9393212 100644
--- a/properties/nm-libreswan-editor-plugin.c --- a/properties/nm-libreswan-editor-plugin.c
+++ b/properties/nm-libreswan-editor-plugin.c +++ b/properties/nm-libreswan-editor-plugin.c
@@ -266,38 +266,25 @@ export_to_file (NMVpnEditorPlugin *self, @@ -286,19 +286,11 @@ export_to_file (NMVpnEditorPlugin *self,
{ {
NMSettingVpn *s_vpn; NMSettingVpn *s_vpn;
gboolean openswan = FALSE; gboolean openswan = FALSE;
- int fd, errsv; - int fd, errsv;
gs_free_error GError *local = NULL; gs_free_error GError *local = NULL;
- + gs_free char *ipsec_conf = NULL;
gboolean is_openswan;
int version;
- fd = g_open (path, O_WRONLY | O_CREAT, 0666); - fd = g_open (path, O_WRONLY | O_CREAT, 0666);
- if (fd == -1) { - if (fd == -1) {
- errsv = errno; - errsv = errno;
@ -401,13 +439,16 @@ index d6b63f2..6f23936 100644
- _("Cant open file “%s”: %s"), path, g_strerror (errsv)); - _("Cant open file “%s”: %s"), path, g_strerror (errsv));
- return FALSE; - return FALSE;
- } - }
+ gs_free char *ipsec_conf = NULL; -
s_vpn = nm_connection_get_setting_vpn (connection); s_vpn = nm_connection_get_setting_vpn (connection);
if (s_vpn) if (s_vpn)
openswan = nm_streq (nm_setting_vpn_get_service_type (s_vpn), NM_VPN_SERVICE_TYPE_OPENSWAN); openswan = nm_streq (nm_setting_vpn_get_service_type (s_vpn), NM_VPN_SERVICE_TYPE_OPENSWAN);
@@ -306,24 +298,18 @@ export_to_file (NMVpnEditorPlugin *self,
nm_libreswan_detect_version (nm_libreswan_find_helper_bin ("ipsec", NULL),
&is_openswan, &version, NULL);
- if (!nm_libreswan_config_write (fd, - if (!nm_libreswan_config_write (fd,
- version,
- connection, - connection,
- nm_connection_get_id (connection), - nm_connection_get_id (connection),
- NULL, - NULL,
@ -416,7 +457,7 @@ index d6b63f2..6f23936 100644
- NULL, - NULL,
- &local)) { - &local)) {
- g_close (fd, NULL); - g_close (fd, NULL);
+ ipsec_conf = nm_libreswan_get_ipsec_conf (s_vpn, + ipsec_conf = nm_libreswan_get_ipsec_conf (version, s_vpn,
+ nm_connection_get_id (connection), + nm_connection_get_id (connection),
+ NULL, openswan, TRUE, error); + NULL, openswan, TRUE, error);
+ if (ipsec_conf == NULL) + if (ipsec_conf == NULL)
@ -435,7 +476,7 @@ index d6b63f2..6f23936 100644
} }
diff --git a/shared/test-utils.c b/shared/test-utils.c diff --git a/shared/test-utils.c b/shared/test-utils.c
index 82ee933..965daef 100644 index 82ee933..49aa32a 100644
--- a/shared/test-utils.c --- a/shared/test-utils.c
+++ b/shared/test-utils.c +++ b/shared/test-utils.c
@@ -2,117 +2,60 @@ @@ -2,117 +2,60 @@
@ -507,7 +548,7 @@ index 82ee933..965daef 100644
+ s_vpn = NM_SETTING_VPN (nm_setting_vpn_new ()); + s_vpn = NM_SETTING_VPN (nm_setting_vpn_new ());
nm_setting_vpn_add_data_item (NM_SETTING_VPN(s_vpn), "right", "11.12.13.14"); nm_setting_vpn_add_data_item (NM_SETTING_VPN(s_vpn), "right", "11.12.13.14");
- str = _setting_into_ipsec_conf (s_vpn, "con_name", &error); - str = _setting_into_ipsec_conf (s_vpn, "con_name", &error);
+ str = nm_libreswan_get_ipsec_conf (s_vpn, "con_name", NULL, FALSE, TRUE, &error); + str = nm_libreswan_get_ipsec_conf (4, s_vpn, "con_name", NULL, FALSE, TRUE, &error);
g_assert_no_error (error); g_assert_no_error (error);
g_assert_cmpstr (str, ==, g_assert_cmpstr (str, ==,
"conn con_name\n" "conn con_name\n"
@ -521,8 +562,7 @@ index 82ee933..965daef 100644
- " modecfgpull=yes\n" - " modecfgpull=yes\n"
" rightsubnet=0.0.0.0/0\n" " rightsubnet=0.0.0.0/0\n"
" leftxauthclient=yes\n" " leftxauthclient=yes\n"
- " remote-peer-type=cisco\n" " remote-peer-type=cisco\n"
+ " remote_peer_type=cisco\n"
" rightxauthserver=yes\n" " rightxauthserver=yes\n"
" ikelifetime=24h\n" " ikelifetime=24h\n"
" salifetime=24h\n" " salifetime=24h\n"
@ -545,7 +585,7 @@ index 82ee933..965daef 100644
- str = _setting_into_ipsec_conf (s_vpn, - str = _setting_into_ipsec_conf (s_vpn,
- "f0008435-07af-4836-a53d-b43e8730e68f", - "f0008435-07af-4836-a53d-b43e8730e68f",
- &error); - &error);
+ str = nm_libreswan_get_ipsec_conf (s_vpn, + str = nm_libreswan_get_ipsec_conf (4, s_vpn,
+ "f0008435-07af-4836-a53d-b43e8730e68f", + "f0008435-07af-4836-a53d-b43e8730e68f",
+ NULL, FALSE, TRUE, &error); + NULL, FALSE, TRUE, &error);
g_assert_no_error (error); g_assert_no_error (error);
@ -578,10 +618,10 @@ index 82ee933..965daef 100644
} }
diff --git a/shared/utils.c b/shared/utils.c diff --git a/shared/utils.c b/shared/utils.c
index 36af877..7533f7f 100644 index 65bc603..2482311 100644
--- a/shared/utils.c --- a/shared/utils.c
+++ b/shared/utils.c +++ b/shared/utils.c
@@ -30,81 +30,108 @@ @@ -30,82 +30,109 @@
#include <string.h> #include <string.h>
#include <errno.h> #include <errno.h>
@ -657,6 +697,7 @@ index 36af877..7533f7f 100644
-gboolean -gboolean
-nm_libreswan_config_write (gint fd, -nm_libreswan_config_write (gint fd,
- int ipsec_version,
- NMConnection *connection, - NMConnection *connection,
- const char *con_name, - const char *con_name,
- const char *leftupdown_script, - const char *leftupdown_script,
@ -733,7 +774,8 @@ index 36af877..7533f7f 100644
+} +}
+ +
+char * +char *
+nm_libreswan_get_ipsec_conf (NMSettingVpn *s_vpn, +nm_libreswan_get_ipsec_conf (int ipsec_version,
+ NMSettingVpn *s_vpn,
+ const char *con_name, + const char *con_name,
+ const char *leftupdown_script, + const char *leftupdown_script,
+ gboolean openswan, + gboolean openswan,
@ -750,8 +792,8 @@ index 36af877..7533f7f 100644
+ const char *right; + const char *right;
const char *leftid; const char *leftid;
const char *leftcert; const char *leftcert;
const char *leftrsasigkey; const char *rightcert;
@@ -112,122 +139,158 @@ nm_libreswan_config_write (gint fd, @@ -116,129 +143,176 @@ nm_libreswan_config_write (gint fd,
const char *remote_network; const char *remote_network;
const char *ikev2 = NULL; const char *ikev2 = NULL;
const char *rightid; const char *rightid;
@ -760,6 +802,8 @@ index 36af877..7533f7f 100644
- const char *fragmentation; - const char *fragmentation;
- const char *mobike; - const char *mobike;
const char *pfs; const char *pfs;
const char *client_family;
const char *item;
gboolean is_ikev2 = FALSE; gboolean is_ikev2 = FALSE;
- g_return_val_if_fail (fd > 0, FALSE); - g_return_val_if_fail (fd > 0, FALSE);
@ -845,9 +889,41 @@ index 36af877..7533f7f 100644
+ } + }
} }
- item = nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_KEY_HOSTADDRFAMILY);
- if (item && strlen (item))
- WRITE_CHECK (fd, debug_write_fcn, error, " hostaddrfamily=%s", item);
+ if (!optional_printable (ipsec_conf, s_vpn, NM_LIBRESWAN_KEY_HOSTADDRFAMILY, error))
+ return FALSE;
client_family = nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_KEY_CLIENTADDRFAMILY);
- if (client_family && strlen (client_family))
- WRITE_CHECK (fd, debug_write_fcn, error, " clientaddrfamily=%s", client_family);
+ if (client_family && client_family[0] != '\0') {
+ g_string_append (ipsec_conf, " clientaddrfamily=");
+ if (!printable_val (ipsec_conf, client_family, error)) {
+ g_prefix_error (error, _("Invalid value for '%s': "),
+ NM_LIBRESWAN_KEY_CLIENTADDRFAMILY);
+ return FALSE;
+ }
+ }
leftrsasigkey = nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_KEY_LEFTRSASIGKEY); leftrsasigkey = nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_KEY_LEFTRSASIGKEY);
rightrsasigkey = nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_KEY_RIGHTRSASIGKEY); rightrsasigkey = nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_KEY_RIGHTRSASIGKEY);
leftcert = nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_KEY_LEFTCERT); leftcert = nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_KEY_LEFTCERT);
rightcert = nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_KEY_RIGHTCERT);
authby = nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_KEY_AUTHBY);
- if (rightcert && strlen (rightcert)) {
- WRITE_CHECK (fd, debug_write_fcn, error, " rightcert=%s", rightcert);
+ if (rightcert && rightcert[0] != '\0') {
+ g_string_append (ipsec_conf, " rightcert=");
+ if (!string_val (ipsec_conf, rightcert, error)) {
+ g_prefix_error (error, _("Invalid value for '%s': "),
+ NM_LIBRESWAN_KEY_RIGHTCERT);
+ return FALSE;
+ }
if (!rightrsasigkey)
rightrsasigkey = "%cert";
}
- if (leftcert && strlen (leftcert)) { - if (leftcert && strlen (leftcert)) {
- WRITE_CHECK (fd, debug_write_fcn, error, " leftcert=%s", leftcert); - WRITE_CHECK (fd, debug_write_fcn, error, " leftcert=%s", leftcert);
+ if (leftcert && leftcert[0] != '\0') { + if (leftcert && leftcert[0] != '\0') {
@ -866,17 +942,24 @@ index 36af877..7533f7f 100644
- WRITE_CHECK (fd, debug_write_fcn, error, " leftrsasigkey=%s", leftrsasigkey); - WRITE_CHECK (fd, debug_write_fcn, error, " leftrsasigkey=%s", leftrsasigkey);
- if (rightrsasigkey && strlen (rightrsasigkey)) - if (rightrsasigkey && strlen (rightrsasigkey))
- WRITE_CHECK (fd, debug_write_fcn, error, " rightrsasigkey=%s", rightrsasigkey); - WRITE_CHECK (fd, debug_write_fcn, error, " rightrsasigkey=%s", rightrsasigkey);
- if ( !(leftrsasigkey && strlen (leftrsasigkey))
- && !(rightrsasigkey && strlen (rightrsasigkey))) {
- WRITE_CHECK (fd, debug_write_fcn, error, " authby=secret");
+ if (!optional_string_val (ipsec_conf, NM_LIBRESWAN_KEY_LEFTRSASIGKEY, leftrsasigkey, error)) + if (!optional_string_val (ipsec_conf, NM_LIBRESWAN_KEY_LEFTRSASIGKEY, leftrsasigkey, error))
+ return FALSE; + return FALSE;
+ if (!optional_string_val (ipsec_conf, NM_LIBRESWAN_KEY_RIGHTRSASIGKEY, rightrsasigkey, error)) + if (!optional_string_val (ipsec_conf, NM_LIBRESWAN_KEY_RIGHTRSASIGKEY, rightrsasigkey, error))
+ return FALSE; + return FALSE;
- if (authby && strlen (authby)) {
- WRITE_CHECK (fd, debug_write_fcn, error, " authby=%s", authby);
- } else if ( !(leftrsasigkey && strlen (leftrsasigkey))
- && !(rightrsasigkey && strlen (rightrsasigkey))) {
- WRITE_CHECK (fd, debug_write_fcn, error, " authby=secret");
+ if (authby == NULL || authby[0] == '\0') {
+ if ( !(leftrsasigkey && leftrsasigkey[0] != '\0') + if ( !(leftrsasigkey && leftrsasigkey[0] != '\0')
+ && !(rightrsasigkey && rightrsasigkey[0] != '\0')) { + && !(rightrsasigkey && rightrsasigkey[0] != '\0')) {
+ g_string_append (ipsec_conf, " authby=secret\n"); + authby = "secret";
+ }
} }
+ if (!optional_printable_val (ipsec_conf, NM_LIBRESWAN_KEY_AUTHBY, authby, error))
+ return FALSE;
left = nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_KEY_LEFT); left = nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_KEY_LEFT);
- if (left && strlen (left)) - if (left && strlen (left))
@ -892,11 +975,18 @@ index 36af877..7533f7f 100644
+ return FALSE; + return FALSE;
+ } + }
item = nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_KEY_LEFTMODECFGCLIENT);
if (nm_streq0 (item, "no")) {
- WRITE_CHECK (fd, debug_write_fcn, error, " leftmodecfgclient=no");
+ g_string_append (ipsec_conf, " leftmodecfgclient=no\n");
} else {
- WRITE_CHECK (fd, debug_write_fcn, error, " leftmodecfgclient=yes"); - WRITE_CHECK (fd, debug_write_fcn, error, " leftmodecfgclient=yes");
- if (leftupdown_script)
- WRITE_CHECK (fd, debug_write_fcn, error, " leftupdown=%s", leftupdown_script);
+ g_string_append (ipsec_conf, " leftmodecfgclient=yes\n"); + g_string_append (ipsec_conf, " leftmodecfgclient=yes\n");
}
- if (leftupdown_script)
- WRITE_CHECK (fd, debug_write_fcn, error, " leftupdown=%s", leftupdown_script);
-
- WRITE_CHECK (fd, debug_write_fcn, error, " right=%s", nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_KEY_RIGHT)); - WRITE_CHECK (fd, debug_write_fcn, error, " right=%s", nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_KEY_RIGHT));
rightid = nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_KEY_RIGHTID); rightid = nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_KEY_RIGHTID);
- if (rightid && strlen (rightid)) { - if (rightid && strlen (rightid)) {
@ -920,23 +1010,47 @@ index 36af877..7533f7f 100644
} }
- WRITE_CHECK (fd, debug_write_fcn, error, " rightmodecfgserver=yes"); - WRITE_CHECK (fd, debug_write_fcn, error, " rightmodecfgserver=yes");
- WRITE_CHECK (fd, debug_write_fcn, error, " modecfgpull=yes"); - WRITE_CHECK (fd, debug_write_fcn, error, " modecfgpull=yes");
-
- remote_network = nm_setting_vpn_get_data_item (s_vpn, local_network = nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_KEY_LOCALNETWORK);
- NM_LIBRESWAN_KEY_REMOTENETWORK); if (local_network) {
- if (!remote_network || !strlen (remote_network)) - WRITE_CHECK (fd, debug_write_fcn, error, " leftsubnet=%s", local_network);
+ g_string_append (ipsec_conf, " leftsubnet=");
+ if (!printable_val (ipsec_conf, local_network, error)) {
+ g_prefix_error (error, _("Invalid value for '%s': "),
+ NM_LIBRESWAN_KEY_LOCALNETWORK);
+ return FALSE;
+ }
}
remote_network = nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_KEY_REMOTENETWORK);
- if (!remote_network || !strlen (remote_network)) {
+ if (!remote_network || remote_network[0] == '\0') {
int addr_family = AF_UNSPEC;
/* Detect the address family of the remote subnet. We use in order:
@@ -259,43 +333,50 @@ nm_libreswan_config_write (gint fd,
}
if (addr_family == AF_INET6) {
- WRITE_CHECK (fd, debug_write_fcn, error, " rightsubnet=::/0");
+ remote_network = "::/0";
} else {
/* For backwards compatibility, if we can't determine the family
* assume it's IPv4. Anyway, in the future we need to stop adding
* the option automatically. */
- WRITE_CHECK (fd, debug_write_fcn, error, " rightsubnet=0.0.0.0/0"); - WRITE_CHECK (fd, debug_write_fcn, error, " rightsubnet=0.0.0.0/0");
- else
- WRITE_CHECK (fd, debug_write_fcn, error, " rightsubnet=%s",
- remote_network);
+ remote_network = nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_KEY_REMOTENETWORK);
+ if (!remote_network || remote_network[0] == '\0')
+ remote_network = "0.0.0.0/0"; + remote_network = "0.0.0.0/0";
}
- } else {
- WRITE_CHECK (fd, debug_write_fcn, error, " rightsubnet=%s", remote_network);
+ }
+ g_string_append (ipsec_conf, " rightsubnet="); + g_string_append (ipsec_conf, " rightsubnet=");
+ if (!printable_val (ipsec_conf, remote_network, error)) { + if (!printable_val (ipsec_conf, remote_network, error)) {
+ g_prefix_error (error, _("Invalid value for '%s': "), + g_prefix_error (error, _("Invalid value for '%s': "),
+ NM_LIBRESWAN_KEY_REMOTENETWORK); + NM_LIBRESWAN_KEY_REMOTENETWORK);
+ return FALSE; + return FALSE;
+ } }
if (!is_ikev2) { if (!is_ikev2) {
/* When IKEv1 is in place, we enforce XAUTH: so, use IKE version /* When IKEv1 is in place, we enforce XAUTH: so, use IKE version
@ -947,24 +1061,39 @@ index 36af877..7533f7f 100644
- default_username = nm_setting_vpn_get_user_name (s_vpn); - default_username = nm_setting_vpn_get_user_name (s_vpn);
- props_username = nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_KEY_LEFTXAUTHUSER); - props_username = nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_KEY_LEFTXAUTHUSER);
- if (!props_username)
- props_username = nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_KEY_LEFTUSERNAME);
- if (props_username && strlen (props_username)) - if (props_username && strlen (props_username))
- WRITE_CHECK (fd, debug_write_fcn, error, " leftxauthusername=%s", props_username); - WRITE_CHECK (fd, debug_write_fcn, error,
- ipsec_version >= 4 ? " leftusername=%s" : " leftxauthusername=%s",
- props_username);
- else if (default_username && strlen (default_username)) - else if (default_username && strlen (default_username))
- WRITE_CHECK (fd, debug_write_fcn, error, " leftxauthusername=%s", default_username); - WRITE_CHECK (fd, debug_write_fcn, error,
- ipsec_version >= 4 ? " leftusername=%s" : " leftxauthusername=%s",
- default_username);
+ username = nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_KEY_LEFTXAUTHUSER); + username = nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_KEY_LEFTXAUTHUSER);
+ if (username == NULL || username[0] == '\0') + if (username == NULL || username[0] == '\0')
+ username = nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_KEY_LEFTUSERNAME);
+ if (username == NULL || username[0] == '\0')
+ username = nm_setting_vpn_get_user_name (s_vpn); + username = nm_setting_vpn_get_user_name (s_vpn);
+ if (username != NULL && username[0] != '\0') { + if (username != NULL && username[0] != '\0') {
+ g_string_append (ipsec_conf, " leftxauthusername="); + g_string_append (ipsec_conf,
+ ipsec_version >= 4 ?
+ " leftusername=" :
+ " leftxauthusername=");
+ if (!string_val (ipsec_conf, username, error)) { + if (!string_val (ipsec_conf, username, error)) {
+ g_prefix_error (error, _("Invalid username: ")); + g_prefix_error (error, _("Invalid username: "));
+ return FALSE; + return FALSE;
+ } + }
+ } + }
- WRITE_CHECK (fd, debug_write_fcn, error, " remote_peer_type=cisco"); - WRITE_CHECK (fd, debug_write_fcn, error,
- ipsec_version >= 4 ? " remote-peer-type=cisco" : " remote_peer_type=cisco");
- WRITE_CHECK (fd, debug_write_fcn, error, " rightxauthserver=yes"); - WRITE_CHECK (fd, debug_write_fcn, error, " rightxauthserver=yes");
+ g_string_append (ipsec_conf, " remote_peer_type=cisco\n"); + g_string_append (ipsec_conf,
+ ipsec_version >= 4 ?
+ " remote-peer-type=cisco\n" :
+ " remote_peer_type=cisco\n");
+ g_string_append (ipsec_conf, " rightxauthserver=yes\n"); + g_string_append (ipsec_conf, " rightxauthserver=yes\n");
} }
@ -973,7 +1102,7 @@ index 36af877..7533f7f 100644
/* When the crypto is unspecified, let Libreswan use many sets of crypto /* When the crypto is unspecified, let Libreswan use many sets of crypto
* proposals (just leave the property unset). An exception should be made * proposals (just leave the property unset). An exception should be made
* for IKEv1 connections in aggressive mode: there the DH group in the crypto * for IKEv1 connections in aggressive mode: there the DH group in the crypto
@@ -236,62 +299,70 @@ nm_libreswan_config_write (gint fd, @@ -304,84 +385,80 @@ nm_libreswan_config_write (gint fd,
* force the best proposal that should be accepted by all obsolete VPN SW/HW * force the best proposal that should be accepted by all obsolete VPN SW/HW
* acting as a remote access VPN server. * acting as a remote access VPN server.
*/ */
@ -1062,8 +1191,16 @@ index 36af877..7533f7f 100644
+ return FALSE; + return FALSE;
+ if (!optional_printable (ipsec_conf, s_vpn, NM_LIBRESWAN_KEY_MOBIKE, error)) + if (!optional_printable (ipsec_conf, s_vpn, NM_LIBRESWAN_KEY_MOBIKE, error))
+ return FALSE; + return FALSE;
+ if (!optional_printable (ipsec_conf, s_vpn, NM_LIBRESWAN_KEY_DPDDELAY, error))
+ return FALSE;
+ if (!optional_printable (ipsec_conf, s_vpn, NM_LIBRESWAN_KEY_DPDTIMEOUT, error)) + if (!optional_printable (ipsec_conf, s_vpn, NM_LIBRESWAN_KEY_DPDTIMEOUT, error))
+ return FALSE; + return FALSE;
+ if (!optional_printable (ipsec_conf, s_vpn, NM_LIBRESWAN_KEY_DPDACTION, error))
+ return FALSE;
+ if (!optional_printable (ipsec_conf, s_vpn, NM_LIBRESWAN_KEY_IPSEC_INTERFACE, error))
+ return FALSE;
+ if (!optional_printable (ipsec_conf, s_vpn, NM_LIBRESWAN_KEY_TYPE, error))
+ return FALSE;
- narrowing = nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_KEY_NARROWING); - narrowing = nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_KEY_NARROWING);
- if (narrowing && strlen (narrowing)) - if (narrowing && strlen (narrowing))
@ -1081,6 +1218,26 @@ index 36af877..7533f7f 100644
- if (mobike && strlen (mobike)) - if (mobike && strlen (mobike))
- WRITE_CHECK (fd, debug_write_fcn, error, " mobike=%s", mobike); - WRITE_CHECK (fd, debug_write_fcn, error, " mobike=%s", mobike);
- -
- item = nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_KEY_DPDDELAY);
- if (item && strlen (item))
- WRITE_CHECK (fd, debug_write_fcn, error, " dpddelay=%s", item);
-
- item = nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_KEY_DPDTIMEOUT);
- if (item && strlen (item))
- WRITE_CHECK (fd, debug_write_fcn, error, " dpdtimeout=%s", item);
-
- item = nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_KEY_DPDACTION);
- if (item && strlen (item))
- WRITE_CHECK (fd, debug_write_fcn, error, " dpdaction=%s", item);
-
- item = nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_KEY_IPSEC_INTERFACE);
- if (item && strlen (item))
- WRITE_CHECK (fd, debug_write_fcn, error, " ipsec-interface=%s", item);
-
- item = nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_KEY_TYPE);
- if (item && strlen (item))
- WRITE_CHECK (fd, debug_write_fcn, error, " type=%s", item);
-
- WRITE_CHECK (fd, debug_write_fcn, error, " nm-configured=yes"); - WRITE_CHECK (fd, debug_write_fcn, error, " nm-configured=yes");
- -
- WRITE_CHECK_NEWLINE (fd, trailing_newline, debug_write_fcn, error, " auto=add"); - WRITE_CHECK_NEWLINE (fd, trailing_newline, debug_write_fcn, error, " auto=add");
@ -1088,11 +1245,13 @@ index 36af877..7533f7f 100644
- return TRUE; - return TRUE;
+ return g_string_free (g_steal_pointer (&ipsec_conf), FALSE); + return g_string_free (g_steal_pointer (&ipsec_conf), FALSE);
} }
static const char *
diff --git a/shared/utils.h b/shared/utils.h diff --git a/shared/utils.h b/shared/utils.h
index b5d8f53..839c03a 100644 index 7e89841..2e2450c 100644
--- a/shared/utils.h --- a/shared/utils.h
+++ b/shared/utils.h +++ b/shared/utils.h
@@ -24,26 +24,12 @@ @@ -24,27 +24,13 @@
#ifndef __UTILS_H__ #ifndef __UTILS_H__
#define __UTILS_H__ #define __UTILS_H__
@ -1109,6 +1268,7 @@ index b5d8f53..839c03a 100644
- -
-gboolean -gboolean
-nm_libreswan_config_write (gint fd, -nm_libreswan_config_write (gint fd,
- int ipsec_version,
- NMConnection *connection, - NMConnection *connection,
- const char *con_name, - const char *con_name,
- const char *leftupdown_script, - const char *leftupdown_script,
@ -1116,7 +1276,8 @@ index b5d8f53..839c03a 100644
- gboolean trailing_newline, - gboolean trailing_newline,
- NMDebugWriteFcn debug_write_fcn, - NMDebugWriteFcn debug_write_fcn,
- GError **error); - GError **error);
+char *nm_libreswan_get_ipsec_conf (NMSettingVpn *s_vpn, +char *nm_libreswan_get_ipsec_conf (int ipsec_version,
+ NMSettingVpn *s_vpn,
+ const char *con_name, + const char *con_name,
+ const char *leftupdown_script, + const char *leftupdown_script,
+ gboolean openswan, + gboolean openswan,
@ -1126,10 +1287,10 @@ index b5d8f53..839c03a 100644
static inline gboolean static inline gboolean
nm_libreswan_utils_setting_is_ikev2 (NMSettingVpn *s_vpn, const char **out_ikev2) nm_libreswan_utils_setting_is_ikev2 (NMSettingVpn *s_vpn, const char **out_ikev2)
diff --git a/src/nm-libreswan-service.c b/src/nm-libreswan-service.c diff --git a/src/nm-libreswan-service.c b/src/nm-libreswan-service.c
index e69deb8..24108f6 100644 index e5956af..35f602c 100644
--- a/src/nm-libreswan-service.c --- a/src/nm-libreswan-service.c
+++ b/src/nm-libreswan-service.c +++ b/src/nm-libreswan-service.c
@@ -103,6 +103,8 @@ typedef struct { @@ -101,12 +101,13 @@ typedef struct {
const char *whack_path; const char *whack_path;
char *secrets_path; char *secrets_path;
@ -1138,7 +1299,13 @@ index e69deb8..24108f6 100644
gboolean openswan; gboolean openswan;
gboolean interactive; gboolean interactive;
gboolean pending_auth; gboolean pending_auth;
@@ -153,12 +155,6 @@ _LOGD_enabled (void) gboolean managed;
gboolean xauth_enabled;
- int version;
GPid pid;
guint watch_id;
@@ -152,12 +153,6 @@ _LOGD_enabled (void)
#define _LOGW(...) _NMLOG(LOG_WARNING, __VA_ARGS__) #define _LOGW(...) _NMLOG(LOG_WARNING, __VA_ARGS__)
#define _LOGE(...) _NMLOG(LOG_EMERG, __VA_ARGS__) #define _LOGE(...) _NMLOG(LOG_EMERG, __VA_ARGS__)
@ -1150,8 +1317,8 @@ index e69deb8..24108f6 100644
- -
/****************************************************************/ /****************************************************************/
guint32 static gboolean pr_cb (GIOChannel *source, GIOCondition condition, gpointer user_data);
@@ -726,9 +722,9 @@ nm_libreswan_config_psk_write (NMSettingVpn *s_vpn, @@ -666,9 +661,9 @@ nm_libreswan_config_psk_write (NMSettingVpn *s_vpn,
GError **error) GError **error)
{ {
const char *pw_type, *psk, *leftid, *right; const char *pw_type, *psk, *leftid, *right;
@ -1164,7 +1331,7 @@ index e69deb8..24108f6 100644
/* Check for ignored group password */ /* Check for ignored group password */
pw_type = nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_KEY_PSK_INPUT_MODES); pw_type = nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_KEY_PSK_INPUT_MODES);
@@ -739,47 +735,32 @@ nm_libreswan_config_psk_write (NMSettingVpn *s_vpn, @@ -679,47 +674,32 @@ nm_libreswan_config_psk_write (NMSettingVpn *s_vpn,
if (!psk) if (!psk)
return TRUE; return TRUE;
@ -1232,7 +1399,7 @@ index e69deb8..24108f6 100644
} }
/****************************************************************/ /****************************************************************/
@@ -1547,6 +1528,44 @@ done: @@ -1766,6 +1746,44 @@ done:
return success ? G_SOURCE_CONTINUE : G_SOURCE_REMOVE; return success ? G_SOURCE_CONTINUE : G_SOURCE_REMOVE;
} }
@ -1277,7 +1444,7 @@ index e69deb8..24108f6 100644
static gboolean static gboolean
connect_step (NMLibreswanPlugin *self, GError **error) connect_step (NMLibreswanPlugin *self, GError **error)
{ {
@@ -1629,36 +1648,12 @@ connect_step (NMLibreswanPlugin *self, GError **error) @@ -1848,37 +1866,12 @@ connect_step (NMLibreswanPlugin *self, GError **error)
return TRUE; return TRUE;
case CONNECT_STEP_CONFIG_ADD: { case CONNECT_STEP_CONFIG_ADD: {
@ -1304,6 +1471,7 @@ index e69deb8..24108f6 100644
- bus_name); - bus_name);
- -
- if (!nm_libreswan_config_write (fd, - if (!nm_libreswan_config_write (fd,
- priv->version,
- priv->connection, - priv->connection,
- uuid, - uuid,
- ifupdown_script, - ifupdown_script,
@ -1315,14 +1483,14 @@ index e69deb8..24108f6 100644
g_close (fd, NULL); g_close (fd, NULL);
return FALSE; return FALSE;
} }
@@ -1721,12 +1716,24 @@ _connect_common (NMVpnServicePlugin *plugin, @@ -1928,19 +1921,31 @@ _connect_common (NMVpnServicePlugin *plugin,
NMLibreswanPluginPrivate *priv = NM_LIBRESWAN_PLUGIN_GET_PRIVATE (self);
NMSettingVpn *s_vpn; NMSettingVpn *s_vpn;
const char *con_name = nm_connection_get_uuid (connection); const char *con_name = nm_connection_get_uuid (connection);
+ gs_free char *ipsec_banner = NULL; gs_free char *ipsec_banner = NULL;
+ gs_free char *ifupdown_script = NULL; + gs_free char *ifupdown_script = NULL;
+ gs_free char *bus_name = NULL; + gs_free char *bus_name = NULL;
+ gboolean trailing_newline; + gboolean trailing_newline;
+ int version;
if (_LOGD_enabled ()) { if (_LOGD_enabled ()) {
_LOGD ("connection:"); _LOGD ("connection:");
@ -1337,10 +1505,19 @@ index e69deb8..24108f6 100644
+ return FALSE; + return FALSE;
+ } + }
+ +
priv->ipsec_path = find_helper_bin ("ipsec", error); priv->ipsec_path = nm_libreswan_find_helper_bin ("ipsec", error);
if (!priv->ipsec_path) if (!priv->ipsec_path)
return FALSE; return FALSE;
@@ -1750,13 +1757,30 @@ _connect_common (NMVpnServicePlugin *plugin,
- nm_libreswan_detect_version (priv->ipsec_path, &priv->openswan, &priv->version, &ipsec_banner);
+ nm_libreswan_detect_version (priv->ipsec_path, &priv->openswan, &version, &ipsec_banner);
_LOGD ("ipsec: version banner: %s", ipsec_banner);
- _LOGD ("ipsec: detected version %d (%s)", priv->version, priv->openswan ? "Openswan" : "Libreswan");
+ _LOGD ("ipsec: detected version %d (%s)", version, priv->openswan ? "Openswan" : "Libreswan");
if (!priv->openswan) {
priv->pluto_path = nm_libreswan_find_helper_libexec ("pluto", error);
@@ -1960,13 +1965,31 @@ _connect_common (NMVpnServicePlugin *plugin,
if (!nm_libreswan_secrets_validate (s_vpn, error)) if (!nm_libreswan_secrets_validate (s_vpn, error))
return FALSE; return FALSE;
@ -1365,7 +1542,8 @@ index e69deb8..24108f6 100644
+ +
+ /* Compose the ipsec.conf early, to catch configuration errors before + /* Compose the ipsec.conf early, to catch configuration errors before
+ * we initiate the conneciton. */ + * we initiate the conneciton. */
+ priv->ipsec_conf = nm_libreswan_get_ipsec_conf (s_vpn, + priv->ipsec_conf = nm_libreswan_get_ipsec_conf (version,
+ s_vpn,
+ con_name, + con_name,
+ ifupdown_script, + ifupdown_script,
+ priv->openswan, + priv->openswan,
@ -1377,7 +1555,7 @@ index e69deb8..24108f6 100644
/* XAUTH is not part of the IKEv2 standard and we always enforce it in IKEv1 */ /* XAUTH is not part of the IKEv2 standard and we always enforce it in IKEv1 */
priv->xauth_enabled = !nm_libreswan_utils_setting_is_ikev2 (s_vpn, NULL); priv->xauth_enabled = !nm_libreswan_utils_setting_is_ikev2 (s_vpn, NULL);
@@ -1928,6 +1952,7 @@ real_disconnect (NMVpnServicePlugin *plugin, GError **error) @@ -2141,6 +2164,7 @@ real_disconnect (NMVpnServicePlugin *plugin, GError **error)
priv->watch_id = g_child_watch_add (priv->pid, child_watch_cb, plugin); priv->watch_id = g_child_watch_add (priv->pid, child_watch_cb, plugin);
g_clear_object (&priv->connection); g_clear_object (&priv->connection);
@ -1385,7 +1563,7 @@ index e69deb8..24108f6 100644
return ret; return ret;
} }
@@ -1960,6 +1985,7 @@ finalize (GObject *object) @@ -2173,6 +2197,7 @@ finalize (GObject *object)
{ {
NMLibreswanPluginPrivate *priv = NM_LIBRESWAN_PLUGIN_GET_PRIVATE (object); NMLibreswanPluginPrivate *priv = NM_LIBRESWAN_PLUGIN_GET_PRIVATE (object);
@ -1396,7 +1574,7 @@ index e69deb8..24108f6 100644
-- --
2.46.0 2.46.0
From b3ab419db37186d2e888cfe1d91ca0a82c0be884 Mon Sep 17 00:00:00 2001 From 8cbc188222d6a3dcff7ed937d44415f75e34b503 Mon Sep 17 00:00:00 2001
From: Lubomir Rintel <lkundrak@v3.sk> From: Lubomir Rintel <lkundrak@v3.sk>
Date: Tue, 24 Sep 2024 10:55:02 +0200 Date: Tue, 24 Sep 2024 10:55:02 +0200
Subject: [PATCH 6/6] shared/test-utils: add more test cases Subject: [PATCH 6/6] shared/test-utils: add more test cases
@ -1405,11 +1583,11 @@ Test ipsec.conf formatting more thoroughly, include negative cases.
[lkundrak@v3.sk: Backported from 1.24.0] [lkundrak@v3.sk: Backported from 1.24.0]
--- ---
shared/test-utils.c | 81 +++++++++++++++++++++++++++++++++++++++++++++ shared/test-utils.c | 82 +++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 81 insertions(+) 1 file changed, 82 insertions(+)
diff --git a/shared/test-utils.c b/shared/test-utils.c diff --git a/shared/test-utils.c b/shared/test-utils.c
index 965daef..35d9a76 100644 index 49aa32a..0a92d2b 100644
--- a/shared/test-utils.c --- a/shared/test-utils.c
+++ b/shared/test-utils.c +++ b/shared/test-utils.c
@@ -2,6 +2,8 @@ @@ -2,6 +2,8 @@
@ -1421,7 +1599,7 @@ index 965daef..35d9a76 100644
static void static void
test_config_write (void) test_config_write (void)
{ {
@@ -57,6 +59,85 @@ test_config_write (void) @@ -57,6 +59,86 @@ test_config_write (void)
" rightmodecfgserver=yes\n" " rightmodecfgserver=yes\n"
" modecfgpull=yes\n"); " modecfgpull=yes\n");
g_free (str); g_free (str);
@ -1431,7 +1609,7 @@ index 965daef..35d9a76 100644
+ nm_setting_vpn_add_data_item (NM_SETTING_VPN(s_vpn), "leftrsasigkey", "hello"); + nm_setting_vpn_add_data_item (NM_SETTING_VPN(s_vpn), "leftrsasigkey", "hello");
+ nm_setting_vpn_add_data_item (NM_SETTING_VPN(s_vpn), "rightrsasigkey", "world"); + nm_setting_vpn_add_data_item (NM_SETTING_VPN(s_vpn), "rightrsasigkey", "world");
+ nm_setting_vpn_add_data_item (NM_SETTING_VPN(s_vpn), "right", "11.12.13.14"); + nm_setting_vpn_add_data_item (NM_SETTING_VPN(s_vpn), "right", "11.12.13.14");
+ str = nm_libreswan_get_ipsec_conf (s_vpn, "conn", NULL, FALSE, TRUE, &error); + str = nm_libreswan_get_ipsec_conf (4, s_vpn, "conn", NULL, FALSE, TRUE, &error);
+ g_assert_no_error (error); + g_assert_no_error (error);
+ g_assert_cmpstr (str, ==, + g_assert_cmpstr (str, ==,
+ "conn conn\n" + "conn conn\n"
@ -1448,9 +1626,10 @@ index 965daef..35d9a76 100644
+ " modecfgpull=yes\n"); + " modecfgpull=yes\n");
+ g_free (str); + g_free (str);
+ +
+
+ s_vpn = NM_SETTING_VPN (nm_setting_vpn_new ()); + s_vpn = NM_SETTING_VPN (nm_setting_vpn_new ());
+ nm_setting_vpn_add_data_item (NM_SETTING_VPN(s_vpn), "right", "11.12.13.14"); + nm_setting_vpn_add_data_item (NM_SETTING_VPN(s_vpn), "right", "11.12.13.14");
+ str = nm_libreswan_get_ipsec_conf (s_vpn, + str = nm_libreswan_get_ipsec_conf (3, s_vpn,
+ "my_con", + "my_con",
+ "/foo/bar/ifupdown hello 123 456", + "/foo/bar/ifupdown hello 123 456",
+ TRUE, FALSE, &error); + TRUE, FALSE, &error);
@ -1478,7 +1657,7 @@ index 965daef..35d9a76 100644
+ g_free (str); + g_free (str);
+ +
+ s_vpn = NM_SETTING_VPN (nm_setting_vpn_new ()); + s_vpn = NM_SETTING_VPN (nm_setting_vpn_new ());
+ str = nm_libreswan_get_ipsec_conf (s_vpn, "conn", NULL, FALSE, TRUE, &error); + str = nm_libreswan_get_ipsec_conf (4, s_vpn, "conn", NULL, FALSE, TRUE, &error);
+ g_assert_error (error, NM_UTILS_ERROR, NM_UTILS_ERROR_INVALID_ARGUMENT); + g_assert_error (error, NM_UTILS_ERROR, NM_UTILS_ERROR_INVALID_ARGUMENT);
+ g_assert_null (str); + g_assert_null (str);
+ g_clear_error (&error); + g_clear_error (&error);
@ -1486,21 +1665,21 @@ index 965daef..35d9a76 100644
+ s_vpn = NM_SETTING_VPN (nm_setting_vpn_new ()); + s_vpn = NM_SETTING_VPN (nm_setting_vpn_new ());
+ nm_setting_vpn_add_data_item (NM_SETTING_VPN(s_vpn), "right", "11.12.13.14"); + nm_setting_vpn_add_data_item (NM_SETTING_VPN(s_vpn), "right", "11.12.13.14");
+ nm_setting_vpn_add_data_item (NM_SETTING_VPN(s_vpn), "ikev2", "hello world"); + nm_setting_vpn_add_data_item (NM_SETTING_VPN(s_vpn), "ikev2", "hello world");
+ str = nm_libreswan_get_ipsec_conf (s_vpn, "conn", NULL, FALSE, TRUE, &error); + str = nm_libreswan_get_ipsec_conf (4, s_vpn, "conn", NULL, FALSE, TRUE, &error);
+ g_assert_error (error, NM_UTILS_ERROR, NM_UTILS_ERROR_INVALID_ARGUMENT); + g_assert_error (error, NM_UTILS_ERROR, NM_UTILS_ERROR_INVALID_ARGUMENT);
+ g_assert_null (str); + g_assert_null (str);
+ g_clear_error (&error); + g_clear_error (&error);
+ +
+ s_vpn = NM_SETTING_VPN (nm_setting_vpn_new ()); + s_vpn = NM_SETTING_VPN (nm_setting_vpn_new ());
+ nm_setting_vpn_add_data_item (NM_SETTING_VPN(s_vpn), "right", "11.12\n13.14"); + nm_setting_vpn_add_data_item (NM_SETTING_VPN(s_vpn), "right", "11.12\n13.14");
+ str = nm_libreswan_get_ipsec_conf (s_vpn, "conn", NULL, FALSE, TRUE, &error); + str = nm_libreswan_get_ipsec_conf (4, s_vpn, "conn", NULL, FALSE, TRUE, &error);
+ g_assert_error (error, NM_UTILS_ERROR, NM_UTILS_ERROR_INVALID_ARGUMENT); + g_assert_error (error, NM_UTILS_ERROR, NM_UTILS_ERROR_INVALID_ARGUMENT);
+ g_assert_null (str); + g_assert_null (str);
+ g_clear_error (&error); + g_clear_error (&error);
+ +
+ s_vpn = NM_SETTING_VPN (nm_setting_vpn_new ()); + s_vpn = NM_SETTING_VPN (nm_setting_vpn_new ());
+ nm_setting_vpn_add_data_item (NM_SETTING_VPN(s_vpn), "rightcert", "\"cert\""); + nm_setting_vpn_add_data_item (NM_SETTING_VPN(s_vpn), "rightcert", "\"cert\"");
+ str = nm_libreswan_get_ipsec_conf (s_vpn, "conn", NULL, FALSE, TRUE, &error); + str = nm_libreswan_get_ipsec_conf (4, s_vpn, "conn", NULL, FALSE, TRUE, &error);
+ g_assert_error (error, NM_UTILS_ERROR, NM_UTILS_ERROR_INVALID_ARGUMENT); + g_assert_error (error, NM_UTILS_ERROR, NM_UTILS_ERROR_INVALID_ARGUMENT);
+ g_assert_null (str); + g_assert_null (str);
+ g_clear_error (&error); + g_clear_error (&error);

@ -1,26 +0,0 @@
From eaf501ab7cb732a152097d2af5636b03fd3f029d Mon Sep 17 00:00:00 2001
From: Francesco Giudici <fgiudici@redhat.com>
Date: Mon, 15 Apr 2019 14:51:26 +0200
Subject: [PATCH] properties: set advanced dialog modal
https://bugzilla.redhat.com/show_bug.cgi?id=1697329
---
properties/nm-libreswan-dialog.ui | 2 ++
1 file changed, 2 insertions(+)
diff --git a/properties/nm-libreswan-dialog.ui b/properties/nm-libreswan-dialog.ui
index 73522d4..e355c08 100644
--- a/properties/nm-libreswan-dialog.ui
+++ b/properties/nm-libreswan-dialog.ui
@@ -451,6 +451,8 @@
<property name="can_focus">False</property>
<property name="border_width">12</property>
<property name="title" translatable="yes">IPsec Advanced Options</property>
+ <property name="modal">True</property>
+ <property name="destroy_with_parent">True</property>
<property name="type_hint">dialog</property>
<child internal-child="vbox">
<object class="GtkBox" id="dialog-vbox1">
--
2.20.1

@ -1,68 +0,0 @@
From 4be4c56b4f8a52b1cd5f8aadee273706c28ae332 Mon Sep 17 00:00:00 2001
From: Beniamino Galvani <bgalvani@redhat.com>
Date: Sat, 13 Jan 2024 18:10:02 +0100
Subject: [PATCH 1/1] service: fix wrong refcounting in D-Bus handler for
Callback()
The Callback() D-Bus method is handled via a GDBus-generated skeleton
code in nm-libreswan-helper-service-dbus.c, function
_nmdbus_libreswan_helper_skeleton_handle_method_call(). The function
emits signal "handle-callback" to let the program handle the incoming
method. As documented in the GDoc comments, the signal handler must
return TRUE if it handles the call.
```
/**
* NMDBusLibreswanHelper::handle-callback:
* @object: A #NMDBusLibreswanHelper.
* @invocation: A #GDBusMethodInvocation.
* @arg_environment: Argument passed by remote caller.
* Signal emitted when a remote caller is invoking the Callback()
D-Bus method.
* If a signal handler returns %TRUE, it means the signal handler
will handle the invocation (e.g. take a reference to @invocation
and eventually call nmdbus_libreswan_helper_complete_callback()
or e.g. g_dbus_method_invocation_return_error() on it) and no
other signal handlers will run. If no signal handler handles the
invocation, the %G_DBUS_ERROR_UNKNOWN_METHOD error is returned.
* Returns: %G_DBUS_METHOD_INVOCATION_HANDLED or %TRUE if the
invocation was handled, %G_DBUS_METHOD_INVOCATION_UNHANDLED or
%FALSE to let other signal handlers run.
*/
```
At the moment, in case of error the handler first calls
nmdbus_libreswan_helper_complete_callback() which decreases the
refcount of "invocation", and then returns FALSE which tells the
skeleton code to return an error, also unreferencing the
invocation. This causes a crash.
Since the G_DBUS_METHOD_INVOCATION_HANDLED alias for TRUE is only
available since GLib 2.68 (while we target 2.36), just return TRUE.
Fixes: acb9eb9de50b ('service: process the configuration in the service, not the helper')
(cherry picked from commit 8ceb901719acac3778e1d76779d9c14289185157)
---
src/nm-libreswan-service.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/nm-libreswan-service.c b/src/nm-libreswan-service.c
index fc470a6..4850729 100644
--- a/src/nm-libreswan-service.c
+++ b/src/nm-libreswan-service.c
@@ -1379,7 +1379,8 @@ out:
}
nmdbus_libreswan_helper_complete_callback (object, invocation);
- return success;
+
+ return TRUE;
}
/****************************************************************/
--
2.43.0

@ -1,26 +1,37 @@
%if 0%{?fedora} < 28 && 0%{?rhel} < 8 %if 0%{?fedora} < 28 && 0%{?rhel} < 8
%bcond_without libnm_glib %bcond_without libnm_glib
%else %else
# Disable the legacy version by default
%bcond_with libnm_glib %bcond_with libnm_glib
%endif %endif
%if 0%{?fedora} < 36 && 0%{?rhel} < 10
%bcond_with gtk4
%else
%bcond_without gtk4
%endif
%global real_version 1.2.22
%global rpm_version 1.2.22
%global release_version 4
%global real_version_major %(printf '%s' '%{real_version}' | sed -n 's/^\\([1-9][0-9]*\\.[1-9][0-9]*\\)\\.[1-9][0-9]*$/\\1/p')
%global nm_version 1:1.2.0 %global nm_version 1:1.2.0
%global nma_version 1.2.0 %global nma_version 1.2.0
Summary: NetworkManager VPN plug-in for IPsec VPN Summary: NetworkManager VPN plug-in for IPsec VPN
Name: NetworkManager-libreswan Name: NetworkManager-libreswan
Version: 1.2.10 Version: %{rpm_version}
Release: 7%{?dist} Release: %{release_version}%{?dist}
License: GPLv2+ License: GPLv2+
URL: http://www.gnome.org/projects/NetworkManager/ URL: http://www.gnome.org/projects/NetworkManager/
Group: System Environment/Base Source0: https://download.gnome.org/sources/NetworkManager-libreswan/%{real_version_major}/%{name}-%{real_version}.tar.xz
Source0: https://download.gnome.org/sources/NetworkManager-libreswan/1.2/%{name}-%{version}.tar.xz
Patch0: 0001-po-import-translations-from-Red-Hat-translators.patch # Patch1: 0001-some.patch
Patch1: 0002-properties-set-advanced-dialog-modal.patch Patch1: 0001-ipsec-conf-escaping-cve-2024-9050.patch
Patch2: 0003-service-fix-wrong-refcounting-in-D-Bus-handler-for-C.patch
Patch3: 0004-ipsec-conf-escaping-cve-2024-9050.patch
BuildRequires: make
BuildRequires: gcc
BuildRequires: gtk3-devel BuildRequires: gtk3-devel
BuildRequires: libnl3-devel BuildRequires: libnl3-devel
BuildRequires: NetworkManager-libnm-devel >= %{nm_version} BuildRequires: NetworkManager-libnm-devel >= %{nm_version}
@ -34,6 +45,10 @@ BuildRequires: NetworkManager-glib-devel >= %{nm_version}
BuildRequires: libnm-gtk-devel >= %{nma_version} BuildRequires: libnm-gtk-devel >= %{nma_version}
%endif %endif
%if %with gtk4
BuildRequires: libnma-gtk4-devel
%endif
Requires: NetworkManager >= %{nm_version} Requires: NetworkManager >= %{nm_version}
Requires: dbus Requires: dbus
Requires: /usr/sbin/ipsec Requires: /usr/sbin/ipsec
@ -45,13 +60,14 @@ Obsoletes: NetworkManager-openswan < %{version}-%{release}
%global __provides_exclude ^(%{_privatelibs})$ %global __provides_exclude ^(%{_privatelibs})$
%global __requires_exclude ^(%{_privatelibs})$ %global __requires_exclude ^(%{_privatelibs})$
%description %description
This package contains software for integrating the libreswan VPN software This package contains software for integrating the libreswan VPN software
with NetworkManager and the GNOME desktop with NetworkManager and the GNOME desktop
%package -n NetworkManager-libreswan-gnome %package -n NetworkManager-libreswan-gnome
Summary: NetworkManager VPN plugin for libreswan - GNOME files Summary: NetworkManager VPN plugin for libreswan - GNOME files
Group: System Environment/Base
Requires: %{name}%{?_isa} = %{version}-%{release} Requires: %{name}%{?_isa} = %{version}-%{release}
Requires: shared-mime-info Requires: shared-mime-info
@ -63,12 +79,17 @@ Obsoletes: NetworkManager-openswan-gnome < %{version}-%{release}
This package contains software for integrating VPN capabilities with This package contains software for integrating VPN capabilities with
the libreswan server with NetworkManager (GNOME files). the libreswan server with NetworkManager (GNOME files).
%prep %prep
%autosetup -p1 -n %{name}-%{version} %autosetup -p1 -n "%{name}-%{real_version}"
%build %build
%configure \ %configure \
--disable-static \ --disable-static \
%if %with gtk4
--with-gtk4 \
%endif
%if %without libnm_glib %if %without libnm_glib
--without-libnm-glib \ --without-libnm-glib \
%endif %endif
@ -76,18 +97,13 @@ the libreswan server with NetworkManager (GNOME files).
--with-dist-version=%{version}-%{release} --with-dist-version=%{version}-%{release}
make %{?_smp_mflags} make %{?_smp_mflags}
%install %install
make install DESTDIR=%{buildroot} make install DESTDIR=%{buildroot}
rm -f %{buildroot}%{_libdir}/NetworkManager/lib*.la rm -f %{buildroot}%{_libdir}/NetworkManager/lib*.la
%find_lang %{name} %find_lang %{name}
%post
update-desktop-database &> /dev/null || :
%postun
update-desktop-database &> /dev/null || :
%files -f %{name}.lang %files -f %{name}.lang
%{_libdir}/NetworkManager/libnm-vpn-plugin-libreswan.so %{_libdir}/NetworkManager/libnm-vpn-plugin-libreswan.so
%{_sysconfdir}/dbus-1/system.d/nm-libreswan-service.conf %{_sysconfdir}/dbus-1/system.d/nm-libreswan-service.conf
@ -95,55 +111,84 @@ update-desktop-database &> /dev/null || :
%{_libexecdir}/nm-libreswan-service %{_libexecdir}/nm-libreswan-service
%{_libexecdir}/nm-libreswan-service-helper %{_libexecdir}/nm-libreswan-service-helper
%{_mandir}/man5/nm-settings-libreswan.5.gz %{_mandir}/man5/nm-settings-libreswan.5.gz
%doc AUTHORS ChangeLog NEWS %doc AUTHORS NEWS
%license COPYING %license COPYING
%files -n NetworkManager-libreswan-gnome %files -n NetworkManager-libreswan-gnome
%{_libexecdir}/nm-libreswan-auth-dialog %{_libexecdir}/nm-libreswan-auth-dialog
%{_libdir}/NetworkManager/libnm-vpn-plugin-libreswan-editor.so %{_libdir}/NetworkManager/libnm-vpn-plugin-libreswan-editor.so
%dir %{_datadir}/gnome-vpn-properties/libreswan %{_metainfodir}/network-manager-libreswan.metainfo.xml
%{_datadir}/gnome-vpn-properties/libreswan/nm-libreswan-dialog.ui
%{_datadir}/appdata/network-manager-libreswan.metainfo.xml
%if %with libnm_glib %if %with libnm_glib
%{_libdir}/NetworkManager/libnm-*-properties.so %{_libdir}/NetworkManager/libnm-*-properties.so
%{_sysconfdir}/NetworkManager/VPN/nm-libreswan-service.name %{_sysconfdir}/NetworkManager/VPN/nm-libreswan-service.name
%endif %endif
%if %with gtk4
%{_libdir}/NetworkManager/libnm-gtk4-vpn-plugin-libreswan-editor.so
%endif
%changelog %changelog
* Thu Oct 03 2024 Lubomir Rintel <lkundrak@v3.sk> - 1.2.10-7 * Thu Oct 03 2024 Lubomir Rintel <lkundrak@v3.sk> - 1.2.22-4
- Unbreak validation of unknown keys - Unbreak validation of unknown keys
* Wed Sep 25 2024 Lubomir Rintel <lkundrak@v3.sk> - 1.2.10-6 * Wed Sep 25 2024 Lubomir Rintel <lkundrak@v3.sk> - 1.2.22-2
- Fix improper escaping of Libreswan configuration (CVE-2024-9050) - Fix improper escaping of Libreswan configuration (CVE-2024-9050)
* Mon Feb 5 2024 Wen Liang <wenliang@redhat.com> - 1.2.10-5 * Wed May 22 2024 Beniamino Galvani <bgalvani@redhat.com> - 1.2.22-1
- Fix crash in libreswan_add_profile_wrong_password (RHEL-13123) - Add IPv6 support (RHEL-21875)
* Wed Apr 17 2024 Íñigo Huguet <ihuguet@redhat.com> - 1.2.20-1
- Support "leftsubnet" property (RHEL-26776)
- Support "rightcert" property (RHEL-30370)
* Wed Jan 17 2024 Fernando Fernandez Mancera <ferferna@redhat.com> - 1.2.18-2
- Support point-to-point IPSec tunnel (RHEL-20690)
- Fix crash in libreswan_nmstate_iface_dpd_rsa (RHEL-21221)
- Support configuring IPSec mode with 'type' (RHEL-21554)
* Fri Dec 15 2023 Fernando Fernandez Mancera <ferferna@redhat.com> - 1.2.18-1
- Update to 1.2.18 release
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.2.14-1.3
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 1.2.14-1.2
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Mon Jan 25 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.14-1.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Tue Jan 12 2021 Beniamino Galvani <bgalvani@redhat.com> - 1.2.14-1
- Update to 1.2.14 release
* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.12-1.2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Tue Jul 9 2019 Francesco Giudici <fgiudici@redhat.com> - 1.2.10-4 * Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.12-1.1
- Fix Gnome IPsec advanced options dialog (rh #1697329) - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Mon Dec 10 2018 Lubomir Rintel <lkundrak@v3.sk> - 1.2.10-3 * Wed Jul 31 2019 Francesco Giudici <fgiudici@redhat.com> - 1.2.12-1
- Update the translations (rh #1608329) - Updated to 1.2.12
* Thu Oct 16 2018 Lubomir Rintel <lkundrak@v3.sk> - 1.2.10-2 * Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.10-1.2
- Import the translations (rh #1608329) - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Mon Oct 15 2018 Francesco Giudici <fgiudici@redhat.com> - 1.2.10-1 * Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.10-1.1
- Update to 1.2.10 release (rh #1637867) - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
- Fix import functionality (rh #1633174)
* Wed Oct 3 2018 Beniamino Galvani <bgalvani@redhat.com> - 1.2.8-2 * Thu Oct 18 2018 Francesco Giudici <fgiudici@redhat.com> - 1.2.10-1
- Rebuild with updated annobin (rh #1630605) - Updated to 1.2.10
- Import latest translations from upstream
* Mon Sep 17 2018 Francesco Giudici <fgiudici@redhat.com> - 1.2.8-1 * Wed Aug 22 2018 Paul Wouters <pwouters@redhat.com> - 1.2.6-1
- Update to 1.2.8 release - Updated to 1.2.6
- Upstream patches for IKEv2 support
* Mon Aug 13 2018 Francesco Giudici <fgiudici@redhat.com> - 1.2.8-0.1 * Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.4-7
- Update to latest development snapshot of NetworkManager-libreswan 1.2.8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
- Introduced IKEv2 support (rh #1557035)
- Introduced support to more Libreswan properties (rh #1557035)
- Updated translations
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.4-6 * Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.4-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild

Loading…
Cancel
Save