summaryrefslogtreecommitdiff
path: root/gnome-extra/nm-applet
diff options
context:
space:
mode:
Diffstat (limited to 'gnome-extra/nm-applet')
-rw-r--r--gnome-extra/nm-applet/Manifest12
-rw-r--r--gnome-extra/nm-applet/files/1.4.6-CVE-2017-6590.patch253
-rw-r--r--gnome-extra/nm-applet/files/1.4.6-fix-nma-bindings.patch38
-rw-r--r--gnome-extra/nm-applet/files/1.4.6-fix-translations-in-g-c-c.patch80
-rw-r--r--gnome-extra/nm-applet/files/1.4.6-improved-certfile-error-msg.patch39
-rw-r--r--gnome-extra/nm-applet/files/nm-applet-1.8.10-cert-chooser.patch38
-rw-r--r--gnome-extra/nm-applet/files/nm-applet-1.8.10-vpn-crash.patch137
-rw-r--r--gnome-extra/nm-applet/metadata.xml14
-rw-r--r--gnome-extra/nm-applet/nm-applet-1.4.6-r1.ebuild62
-rw-r--r--gnome-extra/nm-applet/nm-applet-1.8.10-r1.ebuild72
-rw-r--r--gnome-extra/nm-applet/nm-applet-1.8.10.ebuild62
11 files changed, 807 insertions, 0 deletions
diff --git a/gnome-extra/nm-applet/Manifest b/gnome-extra/nm-applet/Manifest
new file mode 100644
index 000000000000..66e429550de1
--- /dev/null
+++ b/gnome-extra/nm-applet/Manifest
@@ -0,0 +1,12 @@
+AUX 1.4.6-CVE-2017-6590.patch 8963 BLAKE2B d725254a4cee53f4d24aaa062f1782ecf4e5c5aad841d9d473660e94c021dc7576fb1ee57b3d61da3eb18ae508472cda1c0ea52c618f66649e688910991fb928 SHA512 7798b5f62b971c505e0d1569ea9daabe0683e6aadd2ecb6e653e7927e14f47fb0e672aee874f5125eff50aa56916f74bd0756f9433cfa0b040723bcc4a2b9532
+AUX 1.4.6-fix-nma-bindings.patch 1350 BLAKE2B e09dbb79718de55270405de02efd48c0df45448e3073762088523070346076c0fa0c42813beeb3de377108c55516908e9b37440f8089a308d9840be74d8d1a41 SHA512 a2237c8fd94260c1681e97aabe6a8c203acb5e743996c280e6e7f8890cf4ccf1525c7d61d768e3418915258ef2a9416614a41eee6d223e4db11f1f168c17cf4f
+AUX 1.4.6-fix-translations-in-g-c-c.patch 4530 BLAKE2B 34f76eb8ffc74d58be05e05dfe636ca594149b1a101c2611d4df896e2148519d18087ebd12a3cc5e17253be5e57bf6bf90ed87aa5895e5a100fbfc82f74e4fbf SHA512 3af403696d1e647bfdf5a2316c17064b7fd4eb07c4ccce6d23fb0b6ce59143a90ba5b37377ed559d3abbe7fbe06642958c8a59b39cb67c19541dd6dd81831f7d
+AUX 1.4.6-improved-certfile-error-msg.patch 1481 BLAKE2B ca880144ffe78153b4989399d883def5d318668e886449f2bb2fdf094742cf2a6d25e6fa36fd6faba505d9caa97771fd6c1969c721bf14352c8665b072f07fca SHA512 dce3cbd0e8184d2558ffc63b068b7d1d396473f428fdba60c566eb1c5aae8c2519ee427516efebd63e69518ca55cac86c21db18a3753dd2780f0db2743d80bad
+AUX nm-applet-1.8.10-cert-chooser.patch 1421 BLAKE2B 6c867f5cca1c3b67a27cdfc9a80da728be65f80a8619dcfa0d53f910884e56d7cc1e6c2aa4a2661079d29f3abd49257a0720d59c09d0ba8024e140dc086ce033 SHA512 79ac1445ee0885b63092f28d2fbfd74b6b926696d44ee0ff47d079adc293301c05b8984ad812c66d4b7cab34c32902faed467fee1a2f14af66d2c43914858ed6
+AUX nm-applet-1.8.10-vpn-crash.patch 4613 BLAKE2B 44dbc67736d2025f177de3c29961234c8f8f1f0002bd7a4275cdd2631e5a3961f011c73c9c1a9ee77b2471945d5ce83c5120b2b26e8395f5666338e64b067359 SHA512 e2a9bc66b13f84270ac9735315d197c1ab264c99e5941218df310ebaa40900490661dec5f5972734e75c89b6db27530fd6ef02ad91a61a20c0eb388cff0b42aa
+DIST network-manager-applet-1.4.6.tar.xz 1388916 BLAKE2B 697587e4451d37ab91e99e25e40a1d797724e26568d252c77361e25f32508722a58dba1b2b4d2c784150479493c0451173da0b42314ebb17f1b7215628675444 SHA512 f0eab5c50739c2309fa19336e23ead6603dc953b62fff0600a91988df8d41c2f300c22ebd4d5be8654a3fd7bac38dacc23be149f1a7085f10bb55e1830d9472f
+DIST network-manager-applet-1.8.10.tar.xz 1479032 BLAKE2B 482c7a644edaf4f19ed02ca3f29ffbbcf11c01b1c9572affa430a7edb8314d1381ca6738d998e91537903f6eceea0cff1b82b88e7acd1e9b5665c566271cdf3c SHA512 319a280ad56efe8d1b31db7879aebd6242f2e67453287476d397835069f5f5c6ce7884c84d65e0177a94a554b8f1a6e1d353ab33f8ddfc63269d8133b76b1372
+EBUILD nm-applet-1.4.6-r1.ebuild 1670 BLAKE2B 3119a19f109ee03c9a149167b4e11812b6303fda297485f61c5494c669dbdb99e9b40e0721d8c9180ab7ea95af1e1d20f83a96f85c3915fc53fb3f2f67e8ffaf SHA512 ba565628ef8430a0e93e85ee5495409cd36094801a5ec9cf6207df3cf829405a0c74848e8840c4e6d0cb9ceb642d8abe3f888fc793e57bf9272f66ebb6fe7cf5
+EBUILD nm-applet-1.8.10-r1.ebuild 1782 BLAKE2B d4f25b89b7005270718ac2c0ede3ee063a33f8b434b6033826b5ffe793d7be4d409c0227ccefe84f6479545c636799f22e775ba3f7b8b84cbc71fb80d986e91f SHA512 03855f3ffcf930d139197f33cf2a646dc17071d2634a65021949c2e4845e5244364672b235de56a09828ef162cd1320976481df3e7026cfc802535b1646a966d
+EBUILD nm-applet-1.8.10.ebuild 1521 BLAKE2B 745e2371612905c6d42ff9bc57b1e29f4bfcf078a0ed32ee5bcd9bd6f106d7f44204e84fdeca46701fa64fee6cecad28d155a5b4a56d0fa08514c246b95930fa SHA512 4c498d9b8bba82485134556025b9be43640a259bbb01be404537c655102a1d08198c58c9f28e4bc0b720810a5d4842e92b67885303f6b0a6a3c279bc65224166
+MISC metadata.xml 548 BLAKE2B 2b7a8b83983ab5c3477f2fbd75b35176f875dd6c9dccd28d8cb010168b10df3ca13307ee525db41c4309f9caab8e7c8e96b0822d3bb8480479a5cec8a25650c1 SHA512 3a163bc5738f3ee35fe00273788f2a3bd943db38832096c9e8a8d7c3676e0b90ba891ed0cc4903109e11c2dbbda950c100b66a79ddfb09b4a5fcb160b6a55067
diff --git a/gnome-extra/nm-applet/files/1.4.6-CVE-2017-6590.patch b/gnome-extra/nm-applet/files/1.4.6-CVE-2017-6590.patch
new file mode 100644
index 000000000000..25270e1f4c83
--- /dev/null
+++ b/gnome-extra/nm-applet/files/1.4.6-CVE-2017-6590.patch
@@ -0,0 +1,253 @@
+This is a squashed to one diff of the following 3 upstream commits:
+
+From d1ebd01abfad506d9a8797a252d4549c2df2045a Mon Sep 17 00:00:00 2001
+From: Iain Lane <iain@orangesquash.org.uk>
+Date: Fri, 3 Mar 2017 12:27:23 +0000
+Subject: [PATCH 1/3] applet: check permissions before showing 802.1x wifi
+ dialog (CVE-2017-6590)
+
+In most places, we (or NM) check permissions before performing actions.
+One place we don't is when we need more information when connecting to
+and 802.1x network. In that case we pop up a dialog to ask for more
+information before initiaing the connection.
+
+The dialog contains a GTK+ filechooser. We don't want unprivileged users
+to have access to this as it allows opening files.
+
+Check for MODIFY_SYSTEM or MODIFY_OWN before showing the dialog for
+802.1x connections. If the user doesn't have or can't get it, don't show
+the dialog. They wouldn't have been able to create the connection
+anyway.
+
+This fixes CVE-2017-6590.
+
+https://mail.gnome.org/archives/networkmanager-list/2017-March/msg00032.html
+https://bugs.launchpad.net/bugs/1668321
+
+[bgalvani@redhat.com: changed commit subject line, added links]
+
+(cherry picked from commit 523d0439c9d5633daccc77474f793c82cbd731ee)
+
+From f1f61ade24296b93044b9719fb2de1b561955e83 Mon Sep 17 00:00:00 2001
+From: Beniamino Galvani <bgalvani@redhat.com>
+Date: Tue, 14 Mar 2017 14:18:06 +0100
+Subject: [PATCH 2/3] applet-device-wifi: remove unused functions
+
+They are not needed since commit 9b002809514a ("applet: remove usage
+of dbus-glib and private session D-Bus API").
+
+(cherry picked from commit d1c7f4d61f2eca23d90078c587059e4d8d11d3fc)
+
+From 7a582c5e6536b9e9a542d4791ae38a9d2840936b Mon Sep 17 00:00:00 2001
+From: Beniamino Galvani <bgalvani@redhat.com>
+Date: Tue, 14 Mar 2017 14:37:19 +0100
+Subject: [PATCH 3/3] applet-device-wifi: return FALSE on failure of
+ new_auto_connection() method
+
+If the permission check fails, we never run the callback: return FALSE
+so that the caller can free resources.
+
+(cherry picked from commit 38303e04cefb56a0a2176c5e30b399b14f21fc05)
+
+diff --git a/src/applet-device-wifi.c b/src/applet-device-wifi.c
+index 7b8fa6e..cd44e05 100644
+--- a/src/applet-device-wifi.c
++++ b/src/applet-device-wifi.c
+@@ -40,12 +40,6 @@ static void wifi_dialog_response_cb (GtkDialog *dialog, gint response, gpointer
+
+ static NMAccessPoint *update_active_ap (NMDevice *device, NMDeviceState state, NMApplet *applet);
+
+-static void _do_new_auto_connection (NMApplet *applet,
+- NMDevice *device,
+- NMAccessPoint *ap,
+- AppletNewAutoConnectionCallback callback,
+- gpointer callback_data);
+-
+ /*****************************************************************************/
+
+ typedef struct {
+@@ -292,74 +286,6 @@ nma_menu_add_create_network_item (GtkWidget *menu, NMApplet *applet)
+ gtk_widget_set_sensitive (GTK_WIDGET (menu_item), FALSE);
+ }
+
+-static void
+-dbus_8021x_add_and_activate_cb (GObject *client,
+- GAsyncResult *result,
+- gpointer user_data)
+-{
+- GError *error = NULL;
+- NMActiveConnection *active;
+-
+- active = nm_client_add_and_activate_connection_finish (NM_CLIENT (client), result, &error);
+- if (error)
+- g_warning ("Failed to add/activate connection: (%d) %s", error->code, error->message);
+-
+- g_clear_object (&active);
+- g_clear_error (&error);
+-}
+-
+-typedef struct {
+- NMApplet *applet;
+- NMDevice *device;
+- NMAccessPoint *ap;
+-} Dbus8021xInfo;
+-
+-static void
+-dbus_connect_8021x_cb (NMConnection *connection,
+- gboolean auto_created,
+- gboolean canceled,
+- gpointer user_data)
+-{
+- Dbus8021xInfo *info = user_data;
+-
+- if (canceled == FALSE) {
+- g_return_if_fail (connection != NULL);
+-
+- /* Ask NM to add the new connection and activate it; NM will fill in the
+- * missing details based on the specific object and the device.
+- */
+- nm_client_add_and_activate_connection_async (info->applet->nm_client,
+- connection,
+- info->device,
+- nm_object_get_path (NM_OBJECT (info->ap)),
+- NULL,
+- dbus_8021x_add_and_activate_cb,
+- info->applet);
+- }
+-
+- g_object_unref (info->device);
+- g_object_unref (info->ap);
+- memset (info, 0, sizeof (*info));
+- g_free (info);
+-}
+-
+-gboolean
+-applet_wifi_connect_to_8021x_network (NMApplet *applet,
+- NMDevice *device,
+- NMAccessPoint *ap)
+-{
+- Dbus8021xInfo *info;
+-
+- info = g_malloc0 (sizeof (*info));
+- info->applet = applet;
+- info->device = g_object_ref (device);
+- info->ap = g_object_ref (ap);
+-
+- _do_new_auto_connection (applet, device, ap, dbus_connect_8021x_cb, info);
+- return TRUE;
+-}
+-
+-
+ typedef struct {
+ NMApplet *applet;
+ NMDeviceWifi *device;
+@@ -514,17 +440,28 @@ done:
+ gtk_widget_destroy (GTK_WIDGET (dialog));
+ }
+
+-static void
+-_do_new_auto_connection (NMApplet *applet,
+- NMDevice *device,
+- NMAccessPoint *ap,
+- AppletNewAutoConnectionCallback callback,
+- gpointer callback_data)
++static gboolean
++can_get_permission (NMApplet *applet, NMClientPermission perm)
+ {
+- NMConnection *connection = NULL;
+- NMSettingConnection *s_con = NULL;
++ if ( applet->permissions[perm] == NM_CLIENT_PERMISSION_RESULT_YES
++ || applet->permissions[perm] == NM_CLIENT_PERMISSION_RESULT_AUTH)
++ return TRUE;
++ return FALSE;
++}
++
++static gboolean
++wifi_new_auto_connection (NMDevice *device,
++ gpointer dclass_data,
++ AppletNewAutoConnectionCallback callback,
++ gpointer callback_data)
++{
++ WifiMenuItemInfo *info = (WifiMenuItemInfo *) dclass_data;
++ NMApplet *applet;
++ NMAccessPoint *ap;
++ NMConnection *connection;
++ NMSettingConnection *s_con;
+ NMSettingWireless *s_wifi = NULL;
+- NMSettingWirelessSecurity *s_wsec = NULL;
++ NMSettingWirelessSecurity *s_wsec;
+ NMSetting8021x *s_8021x = NULL;
+ GBytes *ssid;
+ NM80211ApSecurityFlags wpa_flags, rsn_flags;
+@@ -532,9 +469,13 @@ _do_new_auto_connection (NMApplet *applet,
+ MoreInfo *more_info;
+ char *uuid;
+
+- g_assert (applet);
+- g_assert (device);
+- g_assert (ap);
++ g_return_val_if_fail (dclass_data, FALSE);
++ g_return_val_if_fail (NM_IS_DEVICE (device), FALSE);
++ g_return_val_if_fail (NM_IS_ACCESS_POINT (info->ap), FALSE);
++ g_return_val_if_fail (NM_IS_APPLET (info->applet), FALSE);
++
++ applet = info->applet;
++ ap = info->ap;
+
+ connection = nm_simple_connection_new ();
+
+@@ -590,6 +531,15 @@ _do_new_auto_connection (NMApplet *applet,
+ * Dialog Of Doom.
+ */
+ if (s_8021x) {
++ if (!can_get_permission (applet, NM_CLIENT_PERMISSION_SETTINGS_MODIFY_SYSTEM) &&
++ !can_get_permission (applet, NM_CLIENT_PERMISSION_SETTINGS_MODIFY_OWN)) {
++ const char *text = _("Failed to add new connection");
++ const char *err_text = _("Insufficient privileges.");
++ g_warning ("%s: %s", text, err_text);
++ utils_show_error_dialog (_("Connection failure"), text, err_text, FALSE, NULL);
++ g_clear_object (&connection);
++ return FALSE;
++ }
+ more_info = g_malloc0 (sizeof (*more_info));
+ more_info->applet = applet;
+ more_info->callback = callback;
+@@ -606,24 +556,10 @@ _do_new_auto_connection (NMApplet *applet,
+ /* Everything else can just get activated right away */
+ callback (connection, TRUE, FALSE, callback_data);
+ }
+-}
+
+-static gboolean
+-wifi_new_auto_connection (NMDevice *device,
+- gpointer dclass_data,
+- AppletNewAutoConnectionCallback callback,
+- gpointer callback_data)
+-{
+- WifiMenuItemInfo *info = (WifiMenuItemInfo *) dclass_data;
+-
+- g_return_val_if_fail (device != NULL, FALSE);
+- g_return_val_if_fail (info->ap != NULL, FALSE);
+-
+- _do_new_auto_connection (info->applet, device, info->ap, callback, callback_data);
+ return TRUE;
+ }
+
+-
+ static void
+ wifi_menu_item_activate (GtkMenuItem *item, gpointer user_data)
+ {
+diff --git a/src/applet.h b/src/applet.h
+index 41e95a1..b28dfa2 100644
+--- a/src/applet.h
++++ b/src/applet.h
+@@ -285,9 +285,6 @@ GdkPixbuf * nma_icon_check_and_load (const char *name,
+ NMApplet *applet);
+
+ gboolean applet_wifi_connect_to_hidden_network (NMApplet *applet);
+-gboolean applet_wifi_connect_to_8021x_network (NMApplet *applet,
+- NMDevice *device,
+- NMAccessPoint *ap);
+ gboolean applet_wifi_create_wifi_network (NMApplet *applet);
+ gboolean applet_wifi_can_create_wifi_network (NMApplet *applet);
+
diff --git a/gnome-extra/nm-applet/files/1.4.6-fix-nma-bindings.patch b/gnome-extra/nm-applet/files/1.4.6-fix-nma-bindings.patch
new file mode 100644
index 000000000000..2a04a5327394
--- /dev/null
+++ b/gnome-extra/nm-applet/files/1.4.6-fix-nma-bindings.patch
@@ -0,0 +1,38 @@
+From 58e47dc92d38974141e1053b25cae02d7c8414b0 Mon Sep 17 00:00:00 2001
+From: Thomas Haller <thaller@redhat.com>
+Date: Tue, 7 Mar 2017 09:43:03 +0100
+Subject: [PATCH] libnma/pygobject: libnma/NMA must use libnm/NM instead of
+ legacy libraries
+
+libnma uses libnm, and not libnm-util/libnm-glib. Hence, the python bindings
+must load "NM" and not "NMClient"/"NetworkManager".
+
+As it was, the generated bindings for libnma were unusable and loading
+them would fail with
+
+ libnm-ERROR **: libnm-util symbols detected; Mixing libnm with libnm-util/libnm-glib is not supported
+
+https://bugzilla.gnome.org/show_bug.cgi?id=779153
+
+Fixes: 76a12beac4e8692f30071169e11e2b521ec4eab7
+(cherry picked from commit 7a59d41e5f6666d0da51f1f7aae7518befdb1182)
+---
+ Makefile.am | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Makefile.am b/Makefile.am
+index a57e15f..e76c9ba 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -532,7 +532,7 @@ pkgconfig_DATA += src/libnma/libnma.pc
+
+ if HAVE_INTROSPECTION
+ src/libnma/NMA-1.0.gir: src/libnma/libnma.la
+-src_libnma_NMA_1_0_gir_INCLUDES = NMClient-1.0 NetworkManager-1.0 Gtk-3.0
++src_libnma_NMA_1_0_gir_INCLUDES = NM-1.0 Gtk-3.0
+ src_libnma_NMA_1_0_gir_EXPORT_PACKAGES = libnma
+ src_libnma_NMA_1_0_gir_CFLAGS = $(src_libnma_libnma_la_CFLAGS)
+ src_libnma_NMA_1_0_gir_LIBS = src/libnma/libnma.la
+--
+2.10.1
+
diff --git a/gnome-extra/nm-applet/files/1.4.6-fix-translations-in-g-c-c.patch b/gnome-extra/nm-applet/files/1.4.6-fix-translations-in-g-c-c.patch
new file mode 100644
index 000000000000..8a1fe825e38e
--- /dev/null
+++ b/gnome-extra/nm-applet/files/1.4.6-fix-translations-in-g-c-c.patch
@@ -0,0 +1,80 @@
+From 718b24286559169ba29f89536c3f6c81dcfe6e30 Mon Sep 17 00:00:00 2001
+From: Beniamino Galvani <bgalvani@redhat.com>
+Date: Mon, 13 Mar 2017 21:57:28 +0100
+Subject: [PATCH] libnma,libnm-gtk: use package-aware gettext() macro
+
+gettext("str") expands to dcgettext(NULL, "str") which gets
+translations from the last used domain, while _("str") is equivalent
+to g_dgettext(GETTEXT_PACKAGE, "str") which uses the library's
+translations.
+
+https://bugzilla.gnome.org/show_bug.cgi?id=772362
+(cherry picked from commit 9df10e2e758a7b78aa5a69a15900030f45e48fff)
+---
+ src/libnm-gtk/nm-ui-utils.c | 10 +++++-----
+ src/libnma/nma-ui-utils.c | 10 +++++-----
+ 2 files changed, 10 insertions(+), 10 deletions(-)
+
+diff --git a/src/libnm-gtk/nm-ui-utils.c b/src/libnm-gtk/nm-ui-utils.c
+index e92ff80..eec9a5f 100644
+--- a/src/libnm-gtk/nm-ui-utils.c
++++ b/src/libnm-gtk/nm-ui-utils.c
+@@ -642,7 +642,7 @@ change_password_storage_icon (GtkWidget *passwd_entry, MenuItem item)
+ icon_name_table[item]);
+ gtk_entry_set_icon_tooltip_text (GTK_ENTRY (passwd_entry),
+ GTK_ENTRY_ICON_SECONDARY,
+- gettext (icon_desc_table[item]));
++ _(icon_desc_table[item]));
+
+ /* We want to make entry insensitive when ITEM_STORAGE_ASK is selected
+ * Unfortunately, making GtkEntry insensitive will also make the icon
+@@ -843,12 +843,12 @@ nma_utils_setup_password_storage (GtkWidget *passwd_entry,
+ g_object_set_data (G_OBJECT (popup_menu), PASSWORD_STORAGE_MENU_TAG, GUINT_TO_POINTER (TRUE));
+ g_object_set_data (G_OBJECT (popup_menu), MENU_WITH_NOT_REQUIRED_TAG, GUINT_TO_POINTER (with_not_required));
+ group = NULL;
+- item[0] = gtk_radio_menu_item_new_with_label (group, gettext (icon_desc_table[0]));
++ item[0] = gtk_radio_menu_item_new_with_label (group, _(icon_desc_table[0]));
+ group = gtk_radio_menu_item_get_group (GTK_RADIO_MENU_ITEM (item[0]));
+- item[1] = gtk_radio_menu_item_new_with_label (group, gettext (icon_desc_table[1]));
+- item[2] = gtk_radio_menu_item_new_with_label (group, gettext (icon_desc_table[2]));
++ item[1] = gtk_radio_menu_item_new_with_label (group, _(icon_desc_table[1]));
++ item[2] = gtk_radio_menu_item_new_with_label (group, _(icon_desc_table[2]));
+ if (with_not_required)
+- item[3] = gtk_radio_menu_item_new_with_label (group, gettext (icon_desc_table[3]));
++ item[3] = gtk_radio_menu_item_new_with_label (group, _(icon_desc_table[3]));
+
+ gtk_menu_shell_append (GTK_MENU_SHELL (popup_menu), item[0]);
+ gtk_menu_shell_append (GTK_MENU_SHELL (popup_menu), item[1]);
+diff --git a/src/libnma/nma-ui-utils.c b/src/libnma/nma-ui-utils.c
+index 99e2e97..418ef5f 100644
+--- a/src/libnma/nma-ui-utils.c
++++ b/src/libnma/nma-ui-utils.c
+@@ -76,7 +76,7 @@ change_password_storage_icon (GtkWidget *passwd_entry, MenuItem item)
+ icon_name_table[item]);
+ gtk_entry_set_icon_tooltip_text (GTK_ENTRY (passwd_entry),
+ GTK_ENTRY_ICON_SECONDARY,
+- gettext (icon_desc_table[item]));
++ _(icon_desc_table[item]));
+
+ /* We want to make entry insensitive when ITEM_STORAGE_ASK is selected
+ * Unfortunately, making GtkEntry insensitive will also make the icon
+@@ -277,12 +277,12 @@ nma_utils_setup_password_storage (GtkWidget *passwd_entry,
+ g_object_set_data (G_OBJECT (popup_menu), PASSWORD_STORAGE_MENU_TAG, GUINT_TO_POINTER (TRUE));
+ g_object_set_data (G_OBJECT (popup_menu), MENU_WITH_NOT_REQUIRED_TAG, GUINT_TO_POINTER (with_not_required));
+ group = NULL;
+- item[0] = gtk_radio_menu_item_new_with_label (group, gettext (icon_desc_table[0]));
++ item[0] = gtk_radio_menu_item_new_with_label (group, _(icon_desc_table[0]));
+ group = gtk_radio_menu_item_get_group (GTK_RADIO_MENU_ITEM (item[0]));
+- item[1] = gtk_radio_menu_item_new_with_label (group, gettext (icon_desc_table[1]));
+- item[2] = gtk_radio_menu_item_new_with_label (group, gettext (icon_desc_table[2]));
++ item[1] = gtk_radio_menu_item_new_with_label (group, _(icon_desc_table[1]));
++ item[2] = gtk_radio_menu_item_new_with_label (group, _(icon_desc_table[2]));
+ if (with_not_required)
+- item[3] = gtk_radio_menu_item_new_with_label (group, gettext (icon_desc_table[3]));
++ item[3] = gtk_radio_menu_item_new_with_label (group, _(icon_desc_table[3]));
+
+ gtk_menu_shell_append (GTK_MENU_SHELL (popup_menu), item[0]);
+ gtk_menu_shell_append (GTK_MENU_SHELL (popup_menu), item[1]);
+--
+2.10.1
+
diff --git a/gnome-extra/nm-applet/files/1.4.6-improved-certfile-error-msg.patch b/gnome-extra/nm-applet/files/1.4.6-improved-certfile-error-msg.patch
new file mode 100644
index 000000000000..e83d4c34ca0e
--- /dev/null
+++ b/gnome-extra/nm-applet/files/1.4.6-improved-certfile-error-msg.patch
@@ -0,0 +1,39 @@
+From 3609f9687728f2f7f8cdb33723c1d44660b81004 Mon Sep 17 00:00:00 2001
+From: Thomas Haller <thaller@redhat.com>
+Date: Thu, 23 Mar 2017 12:28:12 +0100
+Subject: [PATCH] c-e: improve error message for non-existing certificate file
+
+When the connection references a certifiate file that does not exist,
+the GUI's file picker button shows an "(None)", however the "Save"
+button is disable with message:
+
+ "Invalid setting Wi-Fi Security: invalid EAP-PEAP CA certificate: unspecified error validating eap-method file"
+
+Slightly improve that by showing instead
+
+ "Invalid setting Wi-Fi Security: invalid EAP-PEAP CA certificate: file "..." does not exist"
+
+The solution is not optimal because the GUI shows file "(None)",
+with is some hidden information that makes the connection invalid.
+
+https://bugzilla.gnome.org/show_bug.cgi?id=780423
+(cherry picked from commit b603844fc50679fc8683227bfa0f3b6c8e77c2c7)
+---
+ src/wireless-security/eap-method.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/wireless-security/eap-method.c b/src/wireless-security/eap-method.c
+index cb733e8..b5c6609 100644
+--- a/src/wireless-security/eap-method.c
++++ b/src/wireless-security/eap-method.c
+@@ -237,6 +237,7 @@ eap_method_validate_filepicker (GtkBuilder *builder,
+
+ if (!g_file_test (filename, G_FILE_TEST_EXISTS | G_FILE_TEST_IS_REGULAR)) {
+ success = FALSE;
++ g_set_error (error, NMA_ERROR, NMA_ERROR_GENERIC, _("file \"%s\" does not exist"), filename);
+ goto out;
+ }
+
+--
+2.10.1
+
diff --git a/gnome-extra/nm-applet/files/nm-applet-1.8.10-cert-chooser.patch b/gnome-extra/nm-applet/files/nm-applet-1.8.10-cert-chooser.patch
new file mode 100644
index 000000000000..9aad2396953e
--- /dev/null
+++ b/gnome-extra/nm-applet/files/nm-applet-1.8.10-cert-chooser.patch
@@ -0,0 +1,38 @@
+From 4d2523b482ab78134dafc02c9b99bd15f1a9174a Mon Sep 17 00:00:00 2001
+From: Ben Wiederhake <BenWiederhake.GitHub@gmx.de>
+Date: Sun, 14 Jan 2018 23:28:15 +0100
+Subject: [PATCH 1/1] libnma/cert-chooser: handle case of no avalable modules
+
+Cause: Apparently it's perfectly okay if the list of modules is empty
+(e.g., NULL). However, the code assume that this indicates an error,
+tries to print the NULL error, and crashes.
+
+[lkundrak@v3.sk: cosmetic changes]
+
+https://bugzilla.gnome.org/show_bug.cgi?id=785674
+(cherry picked from commit a37483c1a364ef3cc1cfa29e7ad51ca108d75674)
+---
+ src/libnma/nma-cert-chooser-button.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/libnma/nma-cert-chooser-button.c b/src/libnma/nma-cert-chooser-button.c
+index c7089390..00651765 100644
+--- a/src/libnma/nma-cert-chooser-button.c
++++ b/src/libnma/nma-cert-chooser-button.c
+@@ -93,10 +93,10 @@ modules_initialized (GObject *object, GAsyncResult *res, gpointer user_data)
+ gchar *label;
+
+ modules = gck_modules_initialize_registered_finish (res, &error);
+- if (!modules) {
++ if (error) {
+ /* The Front Fell Off. */
+- g_critical ("Error getting registered modules: %s", error->message);
+- g_error_free (error);
++ g_warning ("Error getting registered modules: %s", error->message);
++ g_clear_error (&error);
+ }
+
+ model = GTK_LIST_STORE (gtk_combo_box_get_model (GTK_COMBO_BOX (self)));
+--
+2.14.3
+
diff --git a/gnome-extra/nm-applet/files/nm-applet-1.8.10-vpn-crash.patch b/gnome-extra/nm-applet/files/nm-applet-1.8.10-vpn-crash.patch
new file mode 100644
index 000000000000..8f217af2dac6
--- /dev/null
+++ b/gnome-extra/nm-applet/files/nm-applet-1.8.10-vpn-crash.patch
@@ -0,0 +1,137 @@
+From 46f99b295e59f44dfde50ec90e7c09627d32431e Mon Sep 17 00:00:00 2001
+From: "Jan Alexander Steffens (heftig)" <jan.steffens@gmail.com>
+Date: Wed, 20 Dec 2017 13:23:12 +0100
+Subject: [PATCH 1/2] shared/compat: fix memory handling of
+ nm_setting_vpn_get_*_keys
+
+The compat implementations return a (transfer none) strv instead of a
+(transfer container) one. This has caused double frees in nm-applet:
+https://bugs.archlinux.org/task/56772
+
+Don't copy the keys and don't free the container later.
+
+[thaller@redhat.com: patch adjusted to avoid compiler warning]
+
+Patch imported from NetworkManager commit 8ac8c01162235c2c198bfaf25fb7d1a57a595ce5.
+
+Fixes: e93ca7fc129ec0f29f5313a3aa12839914df8fa2
+(cherry picked from commit 0c90e08f77b71d2bda699cf032fceec0122bbf82)
+---
+ shared/nm-utils/nm-compat.c | 10 +---------
+ 1 file changed, 1 insertion(+), 9 deletions(-)
+
+diff --git a/shared/nm-utils/nm-compat.c b/shared/nm-utils/nm-compat.c
+index 22ab675d..47035e62 100644
+--- a/shared/nm-utils/nm-compat.c
++++ b/shared/nm-utils/nm-compat.c
+@@ -30,7 +30,7 @@ _get_keys_cb (const char *key, const char *val, gpointer user_data)
+ {
+ GPtrArray *a = user_data;
+
+- g_ptr_array_add (a, g_strdup (key));
++ g_ptr_array_add (a, (gpointer) key);
+ }
+
+ static const char **
+@@ -55,14 +55,6 @@ _get_keys (NMSettingVpn *setting,
+ g_ptr_array_sort (a, nm_strcmp_p);
+ g_ptr_array_add (a, NULL);
+ keys = (const char **) g_ptr_array_free (g_steal_pointer (&a), FALSE);
+-
+- /* we need to cache the keys *somewhere*. */
+- g_object_set_qdata_full (G_OBJECT (setting),
+- is_secrets
+- ? NM_CACHED_QUARK ("libnm._nm_setting_vpn_get_secret_keys")
+- : NM_CACHED_QUARK ("libnm._nm_setting_vpn_get_data_keys"),
+- keys,
+- (GDestroyNotify) g_strfreev);
+ }
+
+ NM_SET_OUT (out_length, len);
+--
+2.14.3
+
+
+From 0d13a8b4064c83146714ecee86b69042aca35f9e Mon Sep 17 00:00:00 2001
+From: "Jan Alexander Steffens (heftig)" <jan.steffens@gmail.com>
+Date: Thu, 21 Dec 2017 20:36:48 +0100
+Subject: [PATCH 2/2] shared/compat: fix memory handling of
+ nm_setting_vpn_get_*_keys()
+
+The previous fix was bad because the keys do not come from NMSettingVpn's hash
+table but are copies that are freed by nm_setting_vpn_foreach_* before
+it returns.
+
+[thaller@redhat.com: import shared code from NetworkManager, merging
+three patches together.]
+
+Fixes: e93ca7fc129ec0f29f5313a3aa12839914df8fa2
+Fixes: 0c90e08f77b71d2bda699cf032fceec0122bbf82
+
+https://mail.gnome.org/archives/networkmanager-list/2017-December/msg00069.html
+https://mail.gnome.org/archives/networkmanager-list/2017-December/msg00070.html
+(cherry picked from commit a52ccb2fe170558fc0aab4dd1d15ba8808b10951)
+---
+ shared/nm-utils/nm-compat.c | 29 ++++++++++++++++++++++-------
+ 1 file changed, 22 insertions(+), 7 deletions(-)
+
+diff --git a/shared/nm-utils/nm-compat.c b/shared/nm-utils/nm-compat.c
+index 47035e62..90328c06 100644
+--- a/shared/nm-utils/nm-compat.c
++++ b/shared/nm-utils/nm-compat.c
+@@ -30,7 +30,7 @@ _get_keys_cb (const char *key, const char *val, gpointer user_data)
+ {
+ GPtrArray *a = user_data;
+
+- g_ptr_array_add (a, (gpointer) key);
++ g_ptr_array_add (a, g_strdup (key));
+ }
+
+ static const char **
+@@ -40,22 +40,37 @@ _get_keys (NMSettingVpn *setting,
+ {
+ guint len;
+ const char **keys = NULL;
+- gs_unref_ptrarray GPtrArray *a = NULL;
++ GPtrArray *a;
+
+ nm_assert (NM_IS_SETTING_VPN (setting));
+
+- a = g_ptr_array_new ();
++ if (is_secrets)
++ len = nm_setting_vpn_get_num_secrets (setting);
++ else
++ len = nm_setting_vpn_get_num_data_items (setting);
++
++ a = g_ptr_array_sized_new (len + 1);
++
+ if (is_secrets)
+ nm_setting_vpn_foreach_secret (setting, _get_keys_cb, a);
+ else
+ nm_setting_vpn_foreach_data_item (setting, _get_keys_cb, a);
+- len = a->len;
+
+- if (a->len) {
++ len = a->len;
++ if (len) {
+ g_ptr_array_sort (a, nm_strcmp_p);
+ g_ptr_array_add (a, NULL);
+- keys = (const char **) g_ptr_array_free (g_steal_pointer (&a), FALSE);
+- }
++ keys = g_memdup (a->pdata, a->len * sizeof (gpointer));
++
++ /* we need to cache the keys *somewhere*. */
++ g_object_set_qdata_full (G_OBJECT (setting),
++ is_secrets
++ ? NM_CACHED_QUARK ("libnm._nm_setting_vpn_get_secret_keys")
++ : NM_CACHED_QUARK ("libnm._nm_setting_vpn_get_data_keys"),
++ g_ptr_array_free (a, FALSE),
++ (GDestroyNotify) g_strfreev);
++ } else
++ g_ptr_array_free (a, TRUE);
+
+ NM_SET_OUT (out_length, len);
+ return keys;
+--
+2.14.3
+
diff --git a/gnome-extra/nm-applet/metadata.xml b/gnome-extra/nm-applet/metadata.xml
new file mode 100644
index 000000000000..7cb30b744ca5
--- /dev/null
+++ b/gnome-extra/nm-applet/metadata.xml
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <maintainer type="project">
+ <email>gnome@gentoo.org</email>
+ <name>Gentoo GNOME Desktop</name>
+ </maintainer>
+ <use>
+ <flag name="gcr">Enable advanced certificate chooser, requires <pkg>app-crypt/gcr</pkg></flag>
+ <flag name="modemmanager">Enable support for mobile broadband devices
+ using <pkg>net-misc/modemmanager</pkg></flag>
+ <flag name="teamd">Enable teamd configuration editor</flag>
+ </use>
+</pkgmetadata>
diff --git a/gnome-extra/nm-applet/nm-applet-1.4.6-r1.ebuild b/gnome-extra/nm-applet/nm-applet-1.4.6-r1.ebuild
new file mode 100644
index 000000000000..6a00ca01df6b
--- /dev/null
+++ b/gnome-extra/nm-applet/nm-applet-1.4.6-r1.ebuild
@@ -0,0 +1,62 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+GNOME2_EAUTORECONF="yes"
+GNOME2_LA_PUNT="yes"
+GNOME_ORG_MODULE="network-manager-applet"
+
+inherit gnome2
+
+DESCRIPTION="GNOME applet for NetworkManager"
+HOMEPAGE="https://wiki.gnome.org/Projects/NetworkManager"
+
+LICENSE="GPL-2+"
+SLOT="0"
+IUSE="+introspection +modemmanager teamd"
+KEYWORDS="~alpha amd64 ~arm ~ia64 ~ppc ~ppc64 ~sparc x86"
+
+RDEPEND="
+ app-crypt/libsecret
+ >=dev-libs/glib-2.32:2[dbus]
+ >=dev-libs/dbus-glib-0.88
+ >=sys-apps/dbus-1.4.1
+ >=sys-auth/polkit-0.96-r1
+ >=x11-libs/gtk+-3.4:3[introspection?]
+ >=x11-libs/libnotify-0.7.0
+
+ app-text/iso-codes
+ >=net-misc/networkmanager-1.3:=[introspection?,modemmanager?,teamd?]
+ net-misc/mobile-broadband-provider-info
+
+ introspection? ( >=dev-libs/gobject-introspection-0.9.6:= )
+ virtual/freedesktop-icon-theme
+ virtual/libgudev:=
+ modemmanager? ( net-misc/modemmanager )
+ teamd? ( >=dev-libs/jansson-2.3 )
+"
+DEPEND="${RDEPEND}
+ >=dev-util/gtk-doc-am-1.0
+ >=dev-util/intltool-0.50.1
+ virtual/pkgconfig
+"
+
+PDEPEND="virtual/notification-daemon" #546134
+
+PATCHES=(
+ "${FILESDIR}"/${PV}-fix-nma-bindings.patch # NMA bindings fix to be usable in python etc
+ "${FILESDIR}"/${PV}-fix-translations-in-g-c-c.patch # g-c-c == gnome-control-center
+ "${FILESDIR}"/${PV}-CVE-2017-6590.patch # bug 613768
+ "${FILESDIR}"/${PV}-improved-certfile-error-msg.patch # bug 613646
+)
+
+src_configure() {
+ gnome2_src_configure \
+ --without-appindicator \
+ --disable-more-warnings \
+ --disable-static \
+ --localstatedir=/var \
+ $(use_enable introspection) \
+ $(use_with modemmanager wwan) \
+ $(use_with teamd team)
+}
diff --git a/gnome-extra/nm-applet/nm-applet-1.8.10-r1.ebuild b/gnome-extra/nm-applet/nm-applet-1.8.10-r1.ebuild
new file mode 100644
index 000000000000..7ce48b41917b
--- /dev/null
+++ b/gnome-extra/nm-applet/nm-applet-1.8.10-r1.ebuild
@@ -0,0 +1,72 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+GNOME2_LA_PUNT="yes"
+GNOME_ORG_MODULE="network-manager-applet"
+
+inherit gnome2
+
+DESCRIPTION="GNOME applet for NetworkManager"
+HOMEPAGE="https://wiki.gnome.org/Projects/NetworkManager"
+
+LICENSE="GPL-2+"
+SLOT="0"
+IUSE="+introspection +gcr +modemmanager selinux teamd"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~ia64 ~ppc ~ppc64 ~sparc x86"
+
+RDEPEND="
+ >=app-crypt/libsecret-0.18
+ >=dev-libs/glib-2.38:2[dbus]
+ >=dev-libs/dbus-glib-0.88
+ >=sys-apps/dbus-1.4.1
+ >=sys-auth/polkit-0.96-r1
+ >=x11-libs/gtk+-3.10:3[introspection?]
+ >=x11-libs/libnotify-0.7.0
+
+ app-text/iso-codes
+ >=net-misc/networkmanager-1.7:=[introspection?,modemmanager?,teamd?]
+ net-misc/mobile-broadband-provider-info
+
+ introspection? ( >=dev-libs/gobject-introspection-0.9.6:= )
+ virtual/freedesktop-icon-theme
+ virtual/libgudev:=
+ gcr? ( >=app-crypt/gcr-3.14:=[gtk] )
+ modemmanager? ( net-misc/modemmanager )
+ selinux? ( sys-libs/libselinux )
+ teamd? ( >=dev-libs/jansson-2.7 )
+"
+DEPEND="${RDEPEND}
+ >=dev-util/gtk-doc-am-1.0
+ >=dev-util/intltool-0.50.1
+ virtual/pkgconfig
+"
+
+PDEPEND="virtual/notification-daemon" #546134
+
+PATCHES=(
+ # shared/compat: fix memory handling of nm_setting_vpn_get_*_keys
+ # (from 'master')
+ "${FILESDIR}"/${P}-vpn-crash.patch
+
+ # libnma/cert-chooser: handle case of no avalable modules (from
+ # 'master')
+ "${FILESDIR}"/${P}-cert-chooser.patch
+)
+
+src_configure() {
+ local myconf=(
+ --without-appindicator
+ --disable-lto
+ --disable-ld-gc
+ --disable-more-warnings
+ --disable-static
+ --localstatedir=/var
+ $(use_enable introspection)
+ $(use_with gcr)
+ $(use_with modemmanager wwan)
+ $(use_with selinux)
+ $(use_with teamd team)
+ )
+ gnome2_src_configure "${myconf[@]}"
+}
diff --git a/gnome-extra/nm-applet/nm-applet-1.8.10.ebuild b/gnome-extra/nm-applet/nm-applet-1.8.10.ebuild
new file mode 100644
index 000000000000..52554e8a0baa
--- /dev/null
+++ b/gnome-extra/nm-applet/nm-applet-1.8.10.ebuild
@@ -0,0 +1,62 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+GNOME2_LA_PUNT="yes"
+GNOME_ORG_MODULE="network-manager-applet"
+
+inherit gnome2
+
+DESCRIPTION="GNOME applet for NetworkManager"
+HOMEPAGE="https://wiki.gnome.org/Projects/NetworkManager"
+
+LICENSE="GPL-2+"
+SLOT="0"
+IUSE="+introspection gcr +modemmanager selinux teamd"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~ia64 ~ppc ~ppc64 x86"
+
+RDEPEND="
+ >=app-crypt/libsecret-0.18
+ >=dev-libs/glib-2.38:2[dbus]
+ >=dev-libs/dbus-glib-0.88
+ >=sys-apps/dbus-1.4.1
+ >=sys-auth/polkit-0.96-r1
+ >=x11-libs/gtk+-3.10:3[introspection?]
+ >=x11-libs/libnotify-0.7.0
+
+ app-text/iso-codes
+ >=net-misc/networkmanager-1.7:=[introspection?,modemmanager?,teamd?]
+ net-misc/mobile-broadband-provider-info
+
+ introspection? ( >=dev-libs/gobject-introspection-0.9.6:= )
+ virtual/freedesktop-icon-theme
+ virtual/libgudev:=
+ gcr? ( >=app-crypt/gcr-3.14:=[gtk] )
+ modemmanager? ( net-misc/modemmanager )
+ selinux? ( sys-libs/libselinux )
+ teamd? ( >=dev-libs/jansson-2.7 )
+"
+DEPEND="${RDEPEND}
+ >=dev-util/gtk-doc-am-1.0
+ >=dev-util/intltool-0.50.1
+ virtual/pkgconfig
+"
+
+PDEPEND="virtual/notification-daemon" #546134
+
+src_configure() {
+ local myconf=(
+ --without-appindicator
+ --disable-lto
+ --disable-ld-gc
+ --disable-more-warnings
+ --disable-static
+ --localstatedir=/var
+ $(use_enable introspection)
+ $(use_with gcr)
+ $(use_with modemmanager wwan)
+ $(use_with selinux)
+ $(use_with teamd team)
+ )
+ gnome2_src_configure "${myconf[@]}"
+}