gnome-extra/nm-applet: fix CVE-2017-6590, nma bindings and more

Grab patches from upstream nm-1-4 branch for fixing broken NMA bindings,
translations when used in gnome-control-center (gettext domain context issue),
CVE-2017-6590 (a physical access login screen bypass issue with lightdm), and
a certification file error message fix as requested by one of our users specifically.

Thanks-to: Martin Mokrejš
Gentoo-bug: 613646
Gentoo-bug: 613768

5 files changed, 472 insertions, 0 deletions

diff --git a/gnome-extra/nm-applet/files/1.4.6-CVE-2017-6590.patch b/gnome-extra/nm-applet/files/1.4.6-CVE-2017-6590.patch
new file mode 100644
index 000000000000..25270e1f4c83
--- /dev/null
+++ b/gnome-extra/nm-applet/files/1.4.6-CVE-2017-6590.patch
@@ -0,0 +1,253 @@
+This is a squashed to one diff of the following 3 upstream commits:
+
+From d1ebd01abfad506d9a8797a252d4549c2df2045a Mon Sep 17 00:00:00 2001
+From: Iain Lane <iain@orangesquash.org.uk>
+Date: Fri, 3 Mar 2017 12:27:23 +0000
+Subject: [PATCH 1/3] applet: check permissions before showing 802.1x wifi
+ dialog (CVE-2017-6590)
+
+In most places, we (or NM) check permissions before performing actions.
+One place we don't is when we need more information when connecting to
+and 802.1x network. In that case we pop up a dialog to ask for more
+information before initiaing the connection.
+
+The dialog contains a GTK+ filechooser. We don't want unprivileged users
+to have access to this as it allows opening files.
+
+Check for MODIFY_SYSTEM or MODIFY_OWN before showing the dialog for
+802.1x connections. If the user doesn't have or can't get it, don't show
+the dialog. They wouldn't have been able to create the connection
+anyway.
+
+This fixes CVE-2017-6590.
+
+https://mail.gnome.org/archives/networkmanager-list/2017-March/msg00032.html
+https://bugs.launchpad.net/bugs/1668321
+
+[bgalvani@redhat.com: changed commit subject line, added links]
+
+(cherry picked from commit 523d0439c9d5633daccc77474f793c82cbd731ee)
+
+From f1f61ade24296b93044b9719fb2de1b561955e83 Mon Sep 17 00:00:00 2001
+From: Beniamino Galvani <bgalvani@redhat.com>
+Date: Tue, 14 Mar 2017 14:18:06 +0100
+Subject: [PATCH 2/3] applet-device-wifi: remove unused functions
+
+They are not needed since commit 9b002809514a ("applet: remove usage
+of dbus-glib and private session D-Bus API").
+
+(cherry picked from commit d1c7f4d61f2eca23d90078c587059e4d8d11d3fc)
+
+From 7a582c5e6536b9e9a542d4791ae38a9d2840936b Mon Sep 17 00:00:00 2001
+From: Beniamino Galvani <bgalvani@redhat.com>
+Date: Tue, 14 Mar 2017 14:37:19 +0100
+Subject: [PATCH 3/3] applet-device-wifi: return FALSE on failure of
+ new_auto_connection() method
+
+If the permission check fails, we never run the callback: return FALSE
+so that the caller can free resources.
+
+(cherry picked from commit 38303e04cefb56a0a2176c5e30b399b14f21fc05)
+
+diff --git a/src/applet-device-wifi.c b/src/applet-device-wifi.c
+index 7b8fa6e..cd44e05 100644
+--- a/src/applet-device-wifi.c
++++ b/src/applet-device-wifi.c
+@@ -40,12 +40,6 @@ static void wifi_dialog_response_cb (GtkDialog *dialog, gint response, gpointer
+ 
+ static NMAccessPoint *update_active_ap (NMDevice *device, NMDeviceState state, NMApplet *applet);
+ 
+-static void _do_new_auto_connection (NMApplet *applet,
+-                                     NMDevice *device,
+-                                     NMAccessPoint *ap,
+-                                     AppletNewAutoConnectionCallback callback,
+-                                     gpointer callback_data);
+-
+ /*****************************************************************************/
+ 
+ typedef struct {
+@@ -292,74 +286,6 @@ nma_menu_add_create_network_item (GtkWidget *menu, NMApplet *applet)
+ 		gtk_widget_set_sensitive (GTK_WIDGET (menu_item), FALSE);
+ }
+ 
+-static void
+-dbus_8021x_add_and_activate_cb (GObject *client,
+-                                GAsyncResult *result,
+-                                gpointer user_data)
+-{
+-	GError *error = NULL;
+-	NMActiveConnection *active;
+-
+-	active = nm_client_add_and_activate_connection_finish (NM_CLIENT (client), result, &error);
+-	if (error)
+-		g_warning ("Failed to add/activate connection: (%d) %s", error->code, error->message);
+-
+-	g_clear_object (&active);
+-	g_clear_error (&error);
+-}
+-
+-typedef struct {
+-	NMApplet *applet;
+-	NMDevice *device;
+-	NMAccessPoint *ap;
+-} Dbus8021xInfo;
+-
+-static void
+-dbus_connect_8021x_cb (NMConnection *connection,
+-                       gboolean auto_created,
+-                       gboolean canceled,
+-                       gpointer user_data)
+-{
+-	Dbus8021xInfo *info = user_data;
+-
+-	if (canceled == FALSE) {
+-		g_return_if_fail (connection != NULL);
+-
+-		/* Ask NM to add the new connection and activate it; NM will fill in the
+-		 * missing details based on the specific object and the device.
+-		 */
+-		nm_client_add_and_activate_connection_async (info->applet->nm_client,
+-		                                             connection,
+-			                                     info->device,
+-			                                     nm_object_get_path (NM_OBJECT (info->ap)),
+-		                                             NULL,
+-			                                     dbus_8021x_add_and_activate_cb,
+-			                                     info->applet);
+-	}
+-
+-	g_object_unref (info->device);
+-	g_object_unref (info->ap);
+-	memset (info, 0, sizeof (*info));
+-	g_free (info);
+-}
+-
+-gboolean
+-applet_wifi_connect_to_8021x_network (NMApplet *applet,
+-                                      NMDevice *device,
+-                                      NMAccessPoint *ap)
+-{
+-	Dbus8021xInfo *info;
+-
+-	info = g_malloc0 (sizeof (*info));
+-	info->applet = applet;
+-	info->device = g_object_ref (device);
+-	info->ap = g_object_ref (ap);
+-
+-	_do_new_auto_connection (applet, device, ap, dbus_connect_8021x_cb, info);
+-	return TRUE;
+-}
+-
+-
+ typedef struct {
+ 	NMApplet *applet;
+ 	NMDeviceWifi *device;
+@@ -514,17 +440,28 @@ done:
+ 	gtk_widget_destroy (GTK_WIDGET (dialog));
+ }
+ 
+-static void
+-_do_new_auto_connection (NMApplet *applet,
+-                         NMDevice *device,
+-                         NMAccessPoint *ap,
+-                         AppletNewAutoConnectionCallback callback,
+-                         gpointer callback_data)
++static gboolean
++can_get_permission (NMApplet *applet, NMClientPermission perm)
+ {
+-	NMConnection *connection = NULL;
+-	NMSettingConnection *s_con = NULL;
++	if (   applet->permissions[perm] == NM_CLIENT_PERMISSION_RESULT_YES
++	    || applet->permissions[perm] == NM_CLIENT_PERMISSION_RESULT_AUTH)
++		return TRUE;
++	return FALSE;
++}
++
++static gboolean
++wifi_new_auto_connection (NMDevice *device,
++                          gpointer dclass_data,
++                          AppletNewAutoConnectionCallback callback,
++                          gpointer callback_data)
++{
++	WifiMenuItemInfo *info = (WifiMenuItemInfo *) dclass_data;
++	NMApplet *applet;
++	NMAccessPoint *ap;
++	NMConnection *connection;
++	NMSettingConnection *s_con;
+ 	NMSettingWireless *s_wifi = NULL;
+-	NMSettingWirelessSecurity *s_wsec = NULL;
++	NMSettingWirelessSecurity *s_wsec;
+ 	NMSetting8021x *s_8021x = NULL;
+ 	GBytes *ssid;
+ 	NM80211ApSecurityFlags wpa_flags, rsn_flags;
+@@ -532,9 +469,13 @@ _do_new_auto_connection (NMApplet *applet,
+ 	MoreInfo *more_info;
+ 	char *uuid;
+ 
+-	g_assert (applet);
+-	g_assert (device);
+-	g_assert (ap);
++	g_return_val_if_fail (dclass_data, FALSE);
++	g_return_val_if_fail (NM_IS_DEVICE (device), FALSE);
++	g_return_val_if_fail (NM_IS_ACCESS_POINT (info->ap), FALSE);
++	g_return_val_if_fail (NM_IS_APPLET (info->applet), FALSE);
++
++	applet = info->applet;
++	ap = info->ap;
+ 
+ 	connection = nm_simple_connection_new ();
+ 
+@@ -590,6 +531,15 @@ _do_new_auto_connection (NMApplet *applet,
+ 	 * Dialog Of Doom.
+ 	 */
+ 	if (s_8021x) {
++		if (!can_get_permission (applet, NM_CLIENT_PERMISSION_SETTINGS_MODIFY_SYSTEM) &&
++		    !can_get_permission (applet, NM_CLIENT_PERMISSION_SETTINGS_MODIFY_OWN)) {
++			const char *text = _("Failed to add new connection");
++			const char *err_text = _("Insufficient privileges.");
++			g_warning ("%s: %s", text, err_text);
++			utils_show_error_dialog (_("Connection failure"), text, err_text, FALSE, NULL);
++			g_clear_object (&connection);
++			return FALSE;
++		}
+ 		more_info = g_malloc0 (sizeof (*more_info));
+ 		more_info->applet = applet;
+ 		more_info->callback = callback;
+@@ -606,24 +556,10 @@ _do_new_auto_connection (NMApplet *applet,
+ 		/* Everything else can just get activated right away */
+ 		callback (connection, TRUE, FALSE, callback_data);
+ 	}
+-}
+ 
+-static gboolean
+-wifi_new_auto_connection (NMDevice *device,
+-                          gpointer dclass_data,
+-                          AppletNewAutoConnectionCallback callback,
+-                          gpointer callback_data)
+-{
+-	WifiMenuItemInfo *info = (WifiMenuItemInfo *) dclass_data;
+-
+-	g_return_val_if_fail (device != NULL, FALSE);
+-	g_return_val_if_fail (info->ap != NULL, FALSE);
+-
+-	_do_new_auto_connection (info->applet, device, info->ap, callback, callback_data);
+ 	return TRUE;
+ }
+ 
+-
+ static void
+ wifi_menu_item_activate (GtkMenuItem *item, gpointer user_data)
+ {
+diff --git a/src/applet.h b/src/applet.h
+index 41e95a1..b28dfa2 100644
+--- a/src/applet.h
++++ b/src/applet.h
+@@ -285,9 +285,6 @@ GdkPixbuf * nma_icon_check_and_load (const char *name,
+                                      NMApplet *applet);
+ 
+ gboolean applet_wifi_connect_to_hidden_network (NMApplet *applet);
+-gboolean applet_wifi_connect_to_8021x_network (NMApplet *applet,
+-                                               NMDevice *device,
+-                                               NMAccessPoint *ap);
+ gboolean applet_wifi_create_wifi_network (NMApplet *applet);
+ gboolean applet_wifi_can_create_wifi_network (NMApplet *applet);
+ 
diff --git a/gnome-extra/nm-applet/files/1.4.6-fix-nma-bindings.patch b/gnome-extra/nm-applet/files/1.4.6-fix-nma-bindings.patch
new file mode 100644
index 000000000000..2a04a5327394
--- /dev/null
+++ b/gnome-extra/nm-applet/files/1.4.6-fix-nma-bindings.patch
@@ -0,0 +1,38 @@
+From 58e47dc92d38974141e1053b25cae02d7c8414b0 Mon Sep 17 00:00:00 2001
+From: Thomas Haller <thaller@redhat.com>
+Date: Tue, 7 Mar 2017 09:43:03 +0100
+Subject: [PATCH] libnma/pygobject: libnma/NMA must use libnm/NM instead of
+ legacy libraries
+
+libnma uses libnm, and not libnm-util/libnm-glib. Hence, the python bindings
+must load "NM" and not "NMClient"/"NetworkManager".
+
+As it was, the generated bindings for libnma were unusable and loading
+them would fail with
+
+    libnm-ERROR **: libnm-util symbols detected; Mixing libnm with libnm-util/libnm-glib is not supported
+
+https://bugzilla.gnome.org/show_bug.cgi?id=779153
+
+Fixes: 76a12beac4e8692f30071169e11e2b521ec4eab7
+(cherry picked from commit 7a59d41e5f6666d0da51f1f7aae7518befdb1182)
+---
+ Makefile.am | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Makefile.am b/Makefile.am
+index a57e15f..e76c9ba 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -532,7 +532,7 @@ pkgconfig_DATA += src/libnma/libnma.pc
+ 
+ if HAVE_INTROSPECTION
+ src/libnma/NMA-1.0.gir: src/libnma/libnma.la
+-src_libnma_NMA_1_0_gir_INCLUDES = NMClient-1.0 NetworkManager-1.0 Gtk-3.0
++src_libnma_NMA_1_0_gir_INCLUDES = NM-1.0 Gtk-3.0
+ src_libnma_NMA_1_0_gir_EXPORT_PACKAGES = libnma
+ src_libnma_NMA_1_0_gir_CFLAGS = $(src_libnma_libnma_la_CFLAGS)
+ src_libnma_NMA_1_0_gir_LIBS = src/libnma/libnma.la
+-- 
+2.10.1
+
diff --git a/gnome-extra/nm-applet/files/1.4.6-fix-translations-in-g-c-c.patch b/gnome-extra/nm-applet/files/1.4.6-fix-translations-in-g-c-c.patch
new file mode 100644
index 000000000000..8a1fe825e38e
--- /dev/null
+++ b/gnome-extra/nm-applet/files/1.4.6-fix-translations-in-g-c-c.patch
@@ -0,0 +1,80 @@
+From 718b24286559169ba29f89536c3f6c81dcfe6e30 Mon Sep 17 00:00:00 2001
+From: Beniamino Galvani <bgalvani@redhat.com>
+Date: Mon, 13 Mar 2017 21:57:28 +0100
+Subject: [PATCH] libnma,libnm-gtk: use package-aware gettext() macro
+
+gettext("str") expands to dcgettext(NULL, "str") which gets
+translations from the last used domain, while _("str") is equivalent
+to g_dgettext(GETTEXT_PACKAGE, "str") which uses the library's
+translations.
+
+https://bugzilla.gnome.org/show_bug.cgi?id=772362
+(cherry picked from commit 9df10e2e758a7b78aa5a69a15900030f45e48fff)
+---
+ src/libnm-gtk/nm-ui-utils.c | 10 +++++-----
+ src/libnma/nma-ui-utils.c   | 10 +++++-----
+ 2 files changed, 10 insertions(+), 10 deletions(-)
+
+diff --git a/src/libnm-gtk/nm-ui-utils.c b/src/libnm-gtk/nm-ui-utils.c
+index e92ff80..eec9a5f 100644
+--- a/src/libnm-gtk/nm-ui-utils.c
++++ b/src/libnm-gtk/nm-ui-utils.c
+@@ -642,7 +642,7 @@ change_password_storage_icon (GtkWidget *passwd_entry, MenuItem item)
+ 	                                   icon_name_table[item]);
+ 	gtk_entry_set_icon_tooltip_text (GTK_ENTRY (passwd_entry),
+ 	                                 GTK_ENTRY_ICON_SECONDARY,
+-	                                 gettext (icon_desc_table[item]));
++	                                 _(icon_desc_table[item]));
+ 
+ 	/* We want to make entry insensitive when ITEM_STORAGE_ASK is selected
+ 	 * Unfortunately, making GtkEntry insensitive will also make the icon
+@@ -843,12 +843,12 @@ nma_utils_setup_password_storage (GtkWidget *passwd_entry,
+ 	g_object_set_data (G_OBJECT (popup_menu), PASSWORD_STORAGE_MENU_TAG, GUINT_TO_POINTER (TRUE));
+ 	g_object_set_data (G_OBJECT (popup_menu), MENU_WITH_NOT_REQUIRED_TAG, GUINT_TO_POINTER (with_not_required));
+ 	group = NULL;
+-	item[0] = gtk_radio_menu_item_new_with_label (group, gettext (icon_desc_table[0]));
++	item[0] = gtk_radio_menu_item_new_with_label (group, _(icon_desc_table[0]));
+ 	group = gtk_radio_menu_item_get_group (GTK_RADIO_MENU_ITEM (item[0]));
+-	item[1] = gtk_radio_menu_item_new_with_label (group, gettext (icon_desc_table[1]));
+-	item[2] = gtk_radio_menu_item_new_with_label (group, gettext (icon_desc_table[2]));
++	item[1] = gtk_radio_menu_item_new_with_label (group, _(icon_desc_table[1]));
++	item[2] = gtk_radio_menu_item_new_with_label (group, _(icon_desc_table[2]));
+ 	if (with_not_required)
+-		item[3] = gtk_radio_menu_item_new_with_label (group, gettext (icon_desc_table[3]));
++		item[3] = gtk_radio_menu_item_new_with_label (group, _(icon_desc_table[3]));
+ 
+ 	gtk_menu_shell_append (GTK_MENU_SHELL (popup_menu), item[0]);
+ 	gtk_menu_shell_append (GTK_MENU_SHELL (popup_menu), item[1]);
+diff --git a/src/libnma/nma-ui-utils.c b/src/libnma/nma-ui-utils.c
+index 99e2e97..418ef5f 100644
+--- a/src/libnma/nma-ui-utils.c
++++ b/src/libnma/nma-ui-utils.c
+@@ -76,7 +76,7 @@ change_password_storage_icon (GtkWidget *passwd_entry, MenuItem item)
+ 	                                   icon_name_table[item]);
+ 	gtk_entry_set_icon_tooltip_text (GTK_ENTRY (passwd_entry),
+ 	                                 GTK_ENTRY_ICON_SECONDARY,
+-	                                 gettext (icon_desc_table[item]));
++	                                 _(icon_desc_table[item]));
+ 
+ 	/* We want to make entry insensitive when ITEM_STORAGE_ASK is selected
+ 	 * Unfortunately, making GtkEntry insensitive will also make the icon
+@@ -277,12 +277,12 @@ nma_utils_setup_password_storage (GtkWidget *passwd_entry,
+ 	g_object_set_data (G_OBJECT (popup_menu), PASSWORD_STORAGE_MENU_TAG, GUINT_TO_POINTER (TRUE));
+ 	g_object_set_data (G_OBJECT (popup_menu), MENU_WITH_NOT_REQUIRED_TAG, GUINT_TO_POINTER (with_not_required));
+ 	group = NULL;
+-	item[0] = gtk_radio_menu_item_new_with_label (group, gettext (icon_desc_table[0]));
++	item[0] = gtk_radio_menu_item_new_with_label (group, _(icon_desc_table[0]));
+ 	group = gtk_radio_menu_item_get_group (GTK_RADIO_MENU_ITEM (item[0]));
+-	item[1] = gtk_radio_menu_item_new_with_label (group, gettext (icon_desc_table[1]));
+-	item[2] = gtk_radio_menu_item_new_with_label (group, gettext (icon_desc_table[2]));
++	item[1] = gtk_radio_menu_item_new_with_label (group, _(icon_desc_table[1]));
++	item[2] = gtk_radio_menu_item_new_with_label (group, _(icon_desc_table[2]));
+ 	if (with_not_required)
+-		item[3] = gtk_radio_menu_item_new_with_label (group, gettext (icon_desc_table[3]));
++		item[3] = gtk_radio_menu_item_new_with_label (group, _(icon_desc_table[3]));
+ 
+ 	gtk_menu_shell_append (GTK_MENU_SHELL (popup_menu), item[0]);
+ 	gtk_menu_shell_append (GTK_MENU_SHELL (popup_menu), item[1]);
+-- 
+2.10.1
+
diff --git a/gnome-extra/nm-applet/files/1.4.6-improved-certfile-error-msg.patch b/gnome-extra/nm-applet/files/1.4.6-improved-certfile-error-msg.patch
new file mode 100644
index 000000000000..e83d4c34ca0e
--- /dev/null
+++ b/gnome-extra/nm-applet/files/1.4.6-improved-certfile-error-msg.patch
@@ -0,0 +1,39 @@
+From 3609f9687728f2f7f8cdb33723c1d44660b81004 Mon Sep 17 00:00:00 2001
+From: Thomas Haller <thaller@redhat.com>
+Date: Thu, 23 Mar 2017 12:28:12 +0100
+Subject: [PATCH] c-e: improve error message for non-existing certificate file
+
+When the connection references a certifiate file that does not exist,
+the GUI's file picker button shows an "(None)", however the "Save"
+button is disable with message:
+
+  "Invalid setting Wi-Fi Security: invalid EAP-PEAP CA certificate: unspecified error validating eap-method file"
+
+Slightly improve that by showing instead
+
+  "Invalid setting Wi-Fi Security: invalid EAP-PEAP CA certificate: file "..." does not exist"
+
+The solution is not optimal because the GUI shows file "(None)",
+with is some hidden information that makes the connection invalid.
+
+https://bugzilla.gnome.org/show_bug.cgi?id=780423
+(cherry picked from commit b603844fc50679fc8683227bfa0f3b6c8e77c2c7)
+---
+ src/wireless-security/eap-method.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/wireless-security/eap-method.c b/src/wireless-security/eap-method.c
+index cb733e8..b5c6609 100644
+--- a/src/wireless-security/eap-method.c
++++ b/src/wireless-security/eap-method.c
+@@ -237,6 +237,7 @@ eap_method_validate_filepicker (GtkBuilder *builder,
+ 
+ 	if (!g_file_test (filename, G_FILE_TEST_EXISTS | G_FILE_TEST_IS_REGULAR)) {
+ 		success = FALSE;
++		g_set_error (error, NMA_ERROR, NMA_ERROR_GENERIC, _("file \"%s\" does not exist"), filename);
+ 		goto out;
+ 	}
+ 
+-- 
+2.10.1
+
diff --git a/gnome-extra/nm-applet/nm-applet-1.4.6-r1.ebuild b/gnome-extra/nm-applet/nm-applet-1.4.6-r1.ebuild
new file mode 100644
index 000000000000..4ce791171177
--- /dev/null
+++ b/gnome-extra/nm-applet/nm-applet-1.4.6-r1.ebuild
@@ -0,0 +1,62 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+GNOME2_EAUTORECONF="yes"
+GNOME2_LA_PUNT="yes"
+GNOME_ORG_MODULE="network-manager-applet"
+
+inherit gnome2
+
+DESCRIPTION="GNOME applet for NetworkManager"
+HOMEPAGE="https://wiki.gnome.org/Projects/NetworkManager"
+
+LICENSE="GPL-2+"
+SLOT="0"
+IUSE="+introspection modemmanager teamd"
+KEYWORDS="~alpha ~amd64 ~arm ~ppc ~ppc64 ~x86"
+
+RDEPEND="
+	app-crypt/libsecret
+	>=dev-libs/glib-2.32:2[dbus]
+	>=dev-libs/dbus-glib-0.88
+	>=sys-apps/dbus-1.4.1
+	>=sys-auth/polkit-0.96-r1
+	>=x11-libs/gtk+-3.4:3[introspection?]
+	>=x11-libs/libnotify-0.7.0
+
+	app-text/iso-codes
+	>=net-misc/networkmanager-1.3:=[introspection?,modemmanager?,teamd?]
+	net-misc/mobile-broadband-provider-info
+
+	introspection? ( >=dev-libs/gobject-introspection-0.9.6:= )
+	virtual/freedesktop-icon-theme
+	virtual/libgudev:=
+	modemmanager? ( net-misc/modemmanager )
+	teamd? ( >=dev-libs/jansson-2.3 )
+"
+DEPEND="${RDEPEND}
+	>=dev-util/gtk-doc-am-1.0
+	>=dev-util/intltool-0.50.1
+	virtual/pkgconfig
+"
+
+PDEPEND="virtual/notification-daemon" #546134
+
+PATCHES=(
+	"${FILESDIR}"/${PV}-fix-nma-bindings.patch # NMA bindings fix to be usable in python etc
+	"${FILESDIR}"/${PV}-fix-translations-in-g-c-c.patch # g-c-c == gnome-control-center
+	"${FILESDIR}"/${PV}-CVE-2017-6590.patch # bug 613768
+	"${FILESDIR}"/${PV}-improved-certfile-error-msg.patch # bug 613646
+)
+
+src_configure() {
+	gnome2_src_configure \
+		--without-appindicator \
+		--disable-more-warnings \
+		--disable-static \
+		--localstatedir=/var \
+		$(use_enable introspection) \
+		$(use_with modemmanager wwan) \
+		$(use_with teamd team)
+}