.gear/connman-openresolv.path | 10 + .gear/connman-openresolv.service | 11 + .gear/connmand.init | 97 ++++++++ .gear/rules | 7 + .../tags/7d531a0d2b44b273ee78453b086454a8181a47a8 | 6 + .gear/tags/list | 1 + .gear/upstream/remotes | 3 + Makefile.plugins | 8 +- configure.ac | 4 +- connman.spec | 267 +++++++++++++++++++++ src/connman.service.in | 3 +- src/main.conf | 2 +- 12 files changed, 413 insertions(+), 6 deletions(-) diff --git a/.gear/connman-openresolv.path b/.gear/connman-openresolv.path new file mode 100644 index 00000000..846cf16a --- /dev/null +++ b/.gear/connman-openresolv.path @@ -0,0 +1,10 @@ +[Unit] +Description=Update openresolv data from connman +RequiresMountsFor=/etc +ConditionPathIsSymbolicLink=!/etc/resolv.conf + +[Path] +PathModified=/run/connman/resolv.conf + +[Install] +WantedBy=multi-user.target diff --git a/.gear/connman-openresolv.service b/.gear/connman-openresolv.service new file mode 100644 index 00000000..69f7ef6d --- /dev/null +++ b/.gear/connman-openresolv.service @@ -0,0 +1,11 @@ +[Unit] +Description=Update openresolv data from connman +After=network.target +ConditionFileIsExecutable=/sbin/resolvconf +ConditionPathIsSymbolicLink=!/etc/resolv.conf + +[Service] +Type=oneshot +TimeoutSec=35s +StartLimitBurst=20 +ExecStart=/bin/sh -c 'if /usr/sbin/connmand-wait-online --timeout=30; then /sbin/resolvconf -a connman < /run/connman/resolv.conf; fi' diff --git a/.gear/connmand.init b/.gear/connmand.init new file mode 100644 index 00000000..1e2829a2 --- /dev/null +++ b/.gear/connmand.init @@ -0,0 +1,97 @@ +#!/bin/sh +# +# Daemon for managing internet connections +# +# chkconfig: - 90 10 +# +# description: +# The ConnMan project provides a daemon for managing internet connections within embedded devices +# running # the Linux operating system. The Connection Manager is designed to be slim and to use as +# few resources as possible, so it can be easyly integrated. It is a fully modular system that can +# be extended, through plug-ins, to support all kinds of wired or wireless technologies. +# +# processname: connmand +# config: /etc/template.conf +# pidfile: /var/run/connmand.pid + +# Do not load RH compatibility interface. +WITHOUT_RC_COMPAT=1 + +# Source function library. +. /etc/init.d/functions + +# Configuration file +SourceIfNotEmpty /etc/sysconfig/connman + +PIDFILE=/var/run/connamnd.pid +LOCKFILE=/var/lock/subsys/connmand +RETVAL=0 + +start() +{ + start_daemon --make-pidfile --pidfile "$PIDFILE" --lockfile "$LOCKFILE" --expect-user root -- \ + connmand -n $CONNMAND_OPTS + RETVAL=$? + return $RETVAL +} + +stop() +{ + stop_daemon --pidfile "$PIDFILE" --lockfile "$LOCKFILE" --expect-user root -- connmand + RETVAL=$? + return $RETVAL +} + +restart() +{ + stop + start +} + +reload() +{ + msg_reloading template + stop_daemon --pidfile "$PIDFILE" --expect-user root -HUP -- connmand + RETVAL=$? + return $RETVAL +} + +# See how we were called. +case "$1" in + start) + start + ;; + stop) + stop + ;; + reload) + reload + ;; + restart) + restart + ;; + condstop) + if [ -e "$LOCKFILE" ]; then + stop + fi + ;; + condrestart) + if [ -e "$LOCKFILE" ]; then + restart + fi + ;; + condreload) + if [ -e "$LOCKFILE" ]; then + reload + fi + ;; + status) + status --pidfile "$PIDFILE" --expect-user root -- connmand + RETVAL=$? + ;; + *) + msg_usage "${0##*/} {start|stop|reload|restart|condstop|condrestart|condreload|status}" + RETVAL=1 +esac + +exit $RETVAL diff --git a/.gear/rules b/.gear/rules new file mode 100644 index 00000000..ab4fa887 --- /dev/null +++ b/.gear/rules @@ -0,0 +1,7 @@ +tar: @version@:. +diff: @version@:. . name=@name@-@version@.patch +copy?: .gear/*.init +copy?: .gear/*.patch +copy?: .gear/*.path +copy?: .gear/*.service + diff --git a/.gear/tags/7d531a0d2b44b273ee78453b086454a8181a47a8 b/.gear/tags/7d531a0d2b44b273ee78453b086454a8181a47a8 new file mode 100644 index 00000000..20812bdf --- /dev/null +++ b/.gear/tags/7d531a0d2b44b273ee78453b086454a8181a47a8 @@ -0,0 +1,6 @@ +object 6a51d5d3396559ac1f8fa56f3739157ff18385bd +type commit +tag 1.42 +tagger Marcel Holtmann 1691138482 +0200 + +Release 1.42 diff --git a/.gear/tags/list b/.gear/tags/list new file mode 100644 index 00000000..d407fd2a --- /dev/null +++ b/.gear/tags/list @@ -0,0 +1 @@ +7d531a0d2b44b273ee78453b086454a8181a47a8 1.42 diff --git a/.gear/upstream/remotes b/.gear/upstream/remotes new file mode 100644 index 00000000..846d872f --- /dev/null +++ b/.gear/upstream/remotes @@ -0,0 +1,3 @@ +[remote "upstream"] + url = git://git.kernel.org/pub/scm/network/connman/connman.git + fetch = +refs/heads/*:refs/remotes/upstream/* diff --git a/Makefile.plugins b/Makefile.plugins index bd5049ec..d668a72c 100644 --- a/Makefile.plugins +++ b/Makefile.plugins @@ -83,7 +83,7 @@ vpn_plugins_wireguard_la_CFLAGS = $(plugin_cflags) @LIBMNL_CFLAGS@ \ -DVPN_STATEDIR=\""$(vpn_statedir)"\" \ -DSCRIPTDIR=\""$(build_scriptdir)"\" vpn_plugins_wireguard_la_LDFLAGS = $(plugin_ldflags) -vpn_plugins_wireguard_la_LIBADD = @LIBMNL_LIBS@ +vpn_plugins_wireguard_la_LIBADD = @LIBMNL_LIBS@ @GLIB_LIBS@ @DBUS_LIBS@ endif endif @@ -105,7 +105,7 @@ vpn_plugins_openconnect_la_CFLAGS = $(plugin_cflags) \ -DSCRIPTDIR=\""$(build_scriptdir)"\" \ @LIBOPENCONNECT_CFLAGS@ vpn_plugins_openconnect_la_LDFLAGS = $(plugin_ldflags) -vpn_plugins_openconnect_la_LIBADD = @LIBOPENCONNECT_LIBS@ +vpn_plugins_openconnect_la_LIBADD = @LIBOPENCONNECT_LIBS@ @GLIB_LIBS@ @DBUS_LIBS@ endif endif @@ -123,6 +123,7 @@ vpn_plugins_openvpn_la_CFLAGS = $(plugin_cflags) -DOPENVPN=\"@OPENVPN@\" \ -DVPN_STATEDIR=\""$(vpn_statedir)"\" \ -DSCRIPTDIR=\""$(build_scriptdir)"\" vpn_plugins_openvpn_la_LDFLAGS = $(plugin_ldflags) +vpn_plugins_openvpn_la_LIBADD = @GLIB_LIBS@ @DBUS_LIBS@ endif endif @@ -141,6 +142,7 @@ vpn_plugins_vpnc_la_CFLAGS = $(plugin_cflags) -DVPNC=\"@VPNC@\" \ -DRUNSTATEDIR=\""$(runstatedir)"\" \ -DSCRIPTDIR=\""$(build_scriptdir)"\" vpn_plugins_vpnc_la_LDFLAGS = $(plugin_ldflags) +vpn_plugins_vpnc_la_LIBADD = @GLIB_LIBS@ @DBUS_LIBS@ endif endif @@ -158,6 +160,7 @@ vpn_plugins_l2tp_la_CFLAGS = $(plugin_cflags) -DL2TP=\"@L2TP@\" \ -DVPN_STATEDIR=\""$(vpn_statedir)"\" \ -DSCRIPTDIR=\""$(build_scriptdir)"\" vpn_plugins_l2tp_la_LDFLAGS = $(plugin_ldflags) +vpn_plugins_l2tp_la_LIBADD = @GLIB_LIBS@ @DBUS_LIBS@ endif endif @@ -176,6 +179,7 @@ vpn_plugins_pptp_la_CFLAGS = $(plugin_cflags) -DPPPD=\"@PPPD@\" \ -DVPN_STATEDIR=\""$(vpn_statedir)"\" \ -DSCRIPTDIR=\""$(build_scriptdir)"\" vpn_plugins_pptp_la_LDFLAGS = $(plugin_ldflags) +vpn_plugins_pptp_la_LIBADD = @GLIB_LIBS@ @DBUS_LIBS@ endif endif diff --git a/configure.ac b/configure.ac index f224bcc7..dd827e8f 100644 --- a/configure.ac +++ b/configure.ac @@ -333,8 +333,8 @@ AC_ARG_ENABLE(polkit, AC_HELP_STRING([--enable-polkit], [enable PolicyKit support]), [enable_polkit=${enableval}], [enable_polkit="no"]) if (test "${enable_polkit}" != "no"); then - POLKIT_DATADIR="`$PKG_CONFIG --variable=actiondir polkit`" - POLKIT_DATADIR="" + POLKIT_DATADIR="`$PKG_CONFIG --variable=actiondir polkit-gobject-1`" + #POLKIT_DATADIR="" if (test -z "${POLKIT_DATADIR}"); then POLKIT_DATADIR="${datadir}/polkit-1/actions" fi diff --git a/connman.spec b/connman.spec new file mode 100644 index 00000000..5abeb428 --- /dev/null +++ b/connman.spec @@ -0,0 +1,267 @@ +%global _unpackaged_files_terminate_build 1 +%define _localstatedir %_var + +# nftables or iptables +%define firewall_type iptables +#internal or systemd-resolved +%define dns_backend_type internal + +Name: connman +Version: 1.42 +Release: alt1 + +Summary: ConnMan is a daemon for managing internet connections. +License: GPL-2.0-only +Group: Networking/Other +Url: http://connman.net/ + +Source: %name-%version.tar +Source1: connmand.init +Source4: connman-openresolv.path +Source5: connman-openresolv.service + +Patch: %name-%version.patch + +BuildRequires: gcc-c++ +BuildRequires: pkgconfig(glib-2.0) >= 2.40 +BuildRequires: pkgconfig(dbus-1) >= 1.4 +BuildRequires: openvpn vpnc xl2tpd pptp-client ppp-devel +BuildRequires: pkgconfig(openconnect) >= 8 openconnect +%if %firewall_type == iptables +BuildRequires: pkgconfig(xtables) >= 1.4.11 +%else +BuildRequires: pkgconfig(libnftnl) >= 1.0.4 +%endif +BuildRequires: pkgconfig(libmnl) >= 1.0.0 +BuildRequires: pkgconfig(polkit-gobject-1) +BuildRequires: iptables +BuildRequires: wpa_supplicant +BuildRequires: gtk-doc libgnutls-devel libreadline-devel +BuildRequires: libselinux-devel +BuildRequires: systemd-devel libsystemd-devel + +Provides: network-config-subsystem + +%description +The Connection Manager (ConnMan) project provides a daemon for +managing internet connections within embedded devices running +the Linux operating system. ConnMan is designed to be slim +and to use as few resources as possible, so it can be easily integrated. +It is a fully modular system that can be extended, through plug-ins, +to support all kinds of wired or wireless technologies. +The plug-in approach allows for easy adaption and modification +for various use cases. + +%package -n %name-docs +Summary: Documentation for %name +Group: Documentation +BuildArch: noarch + +%description -n %name-docs +This package contains documentation files for %name + +%package -n %name-devel +Summary: Include files for development with ConnMan Library +Group: Development/C +Requires: %name = %version-%release + +%description -n %name-devel +The Connection Manager (ConnMan) project provides a daemon for managing +internet connections within embedded devices running the Linux operating system. + +This package contains include files required for development %name-based software. + +%prep +%setup +%patch -p1 + +%build +%autoreconf +%configure \ + --enable-pie \ + --enable-debug \ + --with-systemdunitdir=%_unitdir \ + --with-tmpfilesdir=%_tmpfilesdir \ + --enable-datafiles \ + --enable-client \ + --enable-nmcompat \ + --enable-polkit \ + --enable-selinux \ + --enable-openconnect \ + --enable-openvpn \ + --enable-vpnc \ + --enable-l2tp \ + --enable-pptp \ + --enable-wireguard \ + --with-firewall=%firewall_type \ + --with-dns-backend=%dns_backend_type + + +%make_build runstatedir=/run + +%install +%makeinstall_std + +mkdir -p -- \ + %buildroot%_initdir \ + %buildroot%_sysconfdir/sysconfig \ + %buildroot%_localstatedir/lib/%name \ + %buildroot%_localstatedir/lib/%name-vpn \ +# + +echo 'CONNMAND_OPTS="-r"' > %buildroot%_sysconfdir/sysconfig/connman + +install -pm0755 -D %SOURCE1 %buildroot%_initdir/connmand +install -pm0644 -D src/main.conf %buildroot%_sysconfdir/connman/main.conf + +ln -s connman.service %buildroot%_unitdir/connmand.service + +find %buildroot%_libdir/%name -name '*.la' -delete + +mkdir -p %buildroot%_unitdir/multi-user.target.wants +install -m644 %SOURCE4 %buildroot%_unitdir/connman-openresolv.path +install -m644 %SOURCE5 %buildroot%_unitdir/connman-openresolv.service +ln -s ../connman-openresolv.path %buildroot%_unitdir/multi-user.target.wants + +%post +%post_service connmand + +%preun +%preun_service connmand + +%files +%_sbindir/* +%_bindir/* + +%dir %_sysconfdir/connman +%config(noreplace) %_sysconfdir/connman/main.conf +%config(noreplace) %_sysconfdir/sysconfig/connman + +%_datadir/dbus-1/system.d/*.conf +%_datadir/dbus-1/system-services/*.service + +%_initdir/* +%_unitdir/* +%_tmpfilesdir/* + +%dir %_libdir/%name +%dir %_libdir/%name/plugins* +%_libdir/%name/plugins*/*.so + +%dir %_libdir/%name/scripts +%_libdir/%name/scripts/*.so +%_libdir/%name/scripts/*-script + +%_datadir/polkit-1/actions/* + +%_localstatedir/lib/%name +%_localstatedir/lib/%name-vpn + +%_man1dir/* +%_man5dir/* +%_man8dir/* + +%files -n %name-docs +%doc AUTHORS README TODO README ChangeLog doc/*.txt + +%files -n %name-devel +%_pkgconfigdir/*.pc +%_includedir/* + +%changelog +* Tue Aug 08 2023 Alexey Shabalin 1.42-alt1 +- New version 1.42. (Fixes: CVE-2022-32292, CVE-2022-32293, CVE-2023-28488) + +* Thu Feb 03 2022 Alexey Shabalin 1.41-alt1 +- new version 1.41 (Fixes: CVE-2022-23096, CVE-2022-23097, CVE-2022-23098) + +* Fri Sep 03 2021 Alexey Shabalin 1.40-alt1 +- new version 1.40 (Fixes: CVE-2021-33833) + +* Tue Feb 09 2021 Alexey Shabalin 1.39-alt1 +- new version 1.39 (Fixes: CVE-2021-26675, CVE-2021-26676) + +* Tue Sep 10 2019 Alexey Shabalin 1.37-alt1 +- 1.37 + +* Wed Nov 28 2018 Alexey Shabalin 1.36-alt1 +- 1.36 + +* Fri Feb 02 2018 Aleksei Nikiforov 1.35-alt3 +- Fixed build with new kernel headers. + +* Mon Sep 11 2017 Paul Wolneykien 1.35-alt2 +- Fix: Explicitly set runstatedir=/run (closes: #33848). + +* Wed Aug 30 2017 Alexey Shabalin 1.35-alt1 +- 1.35 + +* Wed Feb 15 2017 Alexey Shabalin 1.33-alt1 +- 1.33 +- add systemd unit for update resolv.conf with openresolv + +* Mon Apr 18 2016 Alexey Shabalin 1.32-alt1 +- 1.32 + +* Thu Aug 28 2014 Michael Shigorin 1.20-alt4 +- Provides: network-config-subsystem (closes: #30263) + +* Tue Jul 01 2014 Michael Shigorin 1.20-alt3 +- symlink connman.service as connmand.service (closes: #30147) + +* Tue Dec 10 2013 Alexey Gladkov 1.20-alt2 +- Rebuilt with new version. + +* Thu Dec 05 2013 Cronbuild Service 1.20-alt1 +- Fresh up to v1.20 with the help of cronbuild and update-source-functions. + +* Tue Oct 29 2013 Alexey Gladkov 1.19-alt2 +- Add missing directories, manpages and config file. +- Add connmanctl utility. +- Fix sysvinit startup script. + +* Tue Oct 15 2013 Cronbuild Service 1.19-alt1 +- Fresh up to v1.19 with the help of cronbuild and update-source-functions. + +* Tue Sep 03 2013 Cronbuild Service 1.18-alt1 +- Fresh up to v1.18 with the help of cronbuild and update-source-functions. + +* Mon Aug 19 2013 Cronbuild Service 1.17-alt1 +- Fresh up to v1.17 with the help of cronbuild and update-source-functions. + +* Wed Jul 17 2013 Cronbuild Service 1.16-alt1 +- Fresh up to v1.16 with the help of cronbuild and update-source-functions. + +* Sun Jun 02 2013 Cronbuild Service 1.15-alt1 +- Fresh up to v1.15 with the help of cronbuild and update-source-functions. + +* Thu May 09 2013 Cronbuild Service 1.14-alt1 +- Fresh up to v1.14 with the help of cronbuild and update-source-functions. + +* Fri Apr 12 2013 Paul Wolneykien 1.13-alt1 +- Remove the already applied ip6_addr patch. +- Fresh up to v1.13 with the help of cronbuild and update-source-functions. + +* Mon Apr 08 2013 Aleksey Avdeev 1.12-alt1 +- New version 1.1 + +* Wed Mar 06 2013 Dmitry V. Levin 1.11-alt2.1 +- Rebuilt with libxtables.so.10. + +* Mon Feb 04 2013 Paul Wolneykien 1.11-alt2 +- Disable DNS proxy by default. +- Make use of /etc/sysconfig/connman. + +* Sat Feb 02 2013 Cronbuild Service 1.11-alt1 +- repocop cronbuild 20130202. At your service. + +* Tue Jan 22 2013 Paul Wolneykien 1.10-alt2 +- Fix the storagedir location. + +* Fri Jan 18 2013 Paul Wolneykien 1.10-alt1 +- Build with additional features/plugins. +- New version 1.10. +- Add cronbuild scripts. + +* Thu Jan 17 2013 Paul Wolneykien 0.77-alt6 +- Initial build for ALT Linux Sisyphus. diff --git a/src/connman.service.in b/src/connman.service.in index 7376346e..52de7ff6 100644 --- a/src/connman.service.in +++ b/src/connman.service.in @@ -8,10 +8,11 @@ Before=network.target multi-user.target shutdown.target Wants=network.target [Service] +EnvironmentFile=/etc/sysconfig/connman Type=dbus BusName=net.connman Restart=on-failure -ExecStart=@sbindir@/connmand -n +ExecStart=@sbindir@/connmand -n $CONNMAND_OPTS StandardOutput=null CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_ADMIN ProtectHome=true diff --git a/src/main.conf b/src/main.conf index ddd57996..385663dd 100644 --- a/src/main.conf +++ b/src/main.conf @@ -72,7 +72,7 @@ # Allow ConnMan to change the system hostname. This can # happen for example if we receive DHCP hostname option. # Default value is true. -# AllowHostnameUpdates = true +AllowHostnameUpdates = false # Allow ConnMan to change the system domainname. This can # happen for example if we receive DHCP domainname option.