commit c6272c42f82f2fffc6b4110cf35af62b87249a78 Author: MSVSphere Packaging Team Date: Fri Mar 29 15:07:54 2024 +0300 import NetworkManager-1.40.16-15.el8 diff --git a/.NetworkManager.metadata b/.NetworkManager.metadata new file mode 100644 index 0000000..c2cbe5f --- /dev/null +++ b/.NetworkManager.metadata @@ -0,0 +1 @@ +c803db8a3480ed683e8f24424b38b08bb295013d SOURCES/NetworkManager-1.40.16.tar.xz diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..911106a --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/NetworkManager-1.40.16.tar.xz diff --git a/SOURCES/00-server.conf b/SOURCES/00-server.conf new file mode 100644 index 0000000..ba3d29f --- /dev/null +++ b/SOURCES/00-server.conf @@ -0,0 +1,14 @@ +# This configuration file changes NetworkManager's behavior to +# what's expected on "traditional UNIX server" type deployments. +# +# See "man NetworkManager.conf" for more information about these +# and other keys. + +[main] +# Do not do automatic (DHCP/SLAAC) configuration on ethernet devices +# with no other matching connections. +no-auto-default=* + +# Ignore the carrier (cable plugged in) state when attempting to +# activate static-IP connections. +ignore-carrier=* diff --git a/SOURCES/0001-cloud-setup-systemd-unit-rh1791758.patch b/SOURCES/0001-cloud-setup-systemd-unit-rh1791758.patch new file mode 100644 index 0000000..83c2455 --- /dev/null +++ b/SOURCES/0001-cloud-setup-systemd-unit-rh1791758.patch @@ -0,0 +1,37 @@ +From 45f33b5379c41f34fb1a27452e5f62e2d571e85e Mon Sep 17 00:00:00 2001 +From: Thomas Haller +Date: Thu, 16 Jan 2020 13:40:26 +0100 +Subject: [PATCH] cloud-setup: avoid unsupported systemd settings in + nm-cloud-setup.service init for rhel-8.2 + +https://bugzilla.redhat.com/show_bug.cgi?id=1791758 +--- + src/nm-cloud-setup/nm-cloud-setup.service.in | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/nm-cloud-setup/nm-cloud-setup.service.in b/src/nm-cloud-setup/nm-cloud-setup.service.in +index f4b0e2638f14..c59bd47574ba 100644 +--- a/src/nm-cloud-setup/nm-cloud-setup.service.in ++++ b/src/nm-cloud-setup/nm-cloud-setup.service.in +@@ -28,15 +28,15 @@ PrivateDevices=yes + PrivateTmp=yes + ProtectControlGroups=yes + ProtectHome=yes +-ProtectHostname=yes +-ProtectKernelLogs=yes ++#ProtectHostname=yes ++#ProtectKernelLogs=yes + ProtectKernelModules=yes + ProtectKernelTunables=yes + ProtectSystem=strict + RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6 + RestrictNamespaces=yes + RestrictRealtime=yes +-RestrictSUIDSGID=yes ++#RestrictSUIDSGID=yes + SystemCallFilter=@system-service + + [Install] +-- +2.31.1 + diff --git a/SOURCES/0002-firewall-Default-to-iptables-backend-to-preserve-behavior.patch b/SOURCES/0002-firewall-Default-to-iptables-backend-to-preserve-behavior.patch new file mode 100644 index 0000000..40aea35 --- /dev/null +++ b/SOURCES/0002-firewall-Default-to-iptables-backend-to-preserve-behavior.patch @@ -0,0 +1,34 @@ +From af25d85a43eb2aa59a80c13aa214cbc5509b6815 Mon Sep 17 00:00:00 2001 +From: Wen Liang +Date: Wed, 16 Jun 2021 22:43:32 +0200 +Subject: [PATCH] firewall: Default to iptables backend to preserve behavior + +For upsteam, the default is "nftables" (if nft is installed). On RHEL8, we will +always default to "iptables" to preserve behavior. +--- + src/core/nm-firewall-utils.c | 9 +++------ + 1 file changed, 3 insertions(+), 6 deletions(-) + +diff --git a/src/core/nm-firewall-utils.c b/src/core/nm-firewall-utils.c +index 1311f5039910..3284b5ebaa4b 100644 +--- a/src/core/nm-firewall-utils.c ++++ b/src/core/nm-firewall-utils.c +@@ -743,12 +743,9 @@ nm_firewall_config_apply(NMFirewallConfig *self, gboolean shared) + static NMFirewallBackend + _firewall_backend_detect(void) + { +- if (g_file_test(NFT_PATH, G_FILE_TEST_IS_EXECUTABLE)) +- return NM_FIREWALL_BACKEND_NFTABLES; +- if (g_file_test(IPTABLES_PATH, G_FILE_TEST_IS_EXECUTABLE)) +- return NM_FIREWALL_BACKEND_IPTABLES; +- +- return NM_FIREWALL_BACKEND_NFTABLES; ++ /* For upsteam, the default is "nftables" (if nft is installed). On RHEL8, we will ++ * always default to "iptables" to preserve behavior. */ ++ return NM_FIREWALL_BACKEND_IPTABLES; + } + + NMFirewallBackend +-- +2.31.1 + diff --git a/SOURCES/0003-order-ipv6-addresses.patch b/SOURCES/0003-order-ipv6-addresses.patch new file mode 100644 index 0000000..73c44b1 --- /dev/null +++ b/SOURCES/0003-order-ipv6-addresses.patch @@ -0,0 +1,75 @@ +From 94933a67129ea9d38010b58e4928ff41aa204692 Mon Sep 17 00:00:00 2001 +From: Thomas Haller +Date: Wed, 4 May 2022 15:22:33 +0200 +Subject: [PATCH 1/1] Revert changes to order of static IPv6 addresses + +Upstream 1.38.0 and newer changed behavior so that static addresses in +"ipv6.addresses" are sorted with most important first. That is then +consistent with "ipv4.addresses". + +Revert this change for downstream RHEL. + +https://bugzilla.redhat.com/show_bug.cgi?id=2097270 +--- + src/core/nm-l3-config-data.c | 3 ++- + src/libnm-core-impl/nm-setting-ip6-config.c | 2 +- + src/libnmc-setting/settings-docs.h.in | 2 +- + src/nmcli/generate-docs-nm-settings-nmcli.xml.in | 2 +- + 4 files changed, 5 insertions(+), 4 deletions(-) + +diff --git a/src/core/nm-l3-config-data.c b/src/core/nm-l3-config-data.c +index bcd0b62a8488..4640acad3796 100644 +--- a/src/core/nm-l3-config-data.c ++++ b/src/core/nm-l3-config-data.c +@@ -2753,7 +2753,8 @@ _init_from_connection_ip(NML3ConfigData *self, int addr_family, NMConnection *co + + naddresses = nm_setting_ip_config_get_num_addresses(s_ip); + for (i = 0; i < naddresses; i++) { +- NMIPAddress *s_addr = nm_setting_ip_config_get_address(s_ip, i); ++ const guint addr_idx = IS_IPv4 ? i : (naddresses - i - 1); ++ NMIPAddress *s_addr = nm_setting_ip_config_get_address(s_ip, addr_idx); + NMPlatformIPXAddress a; + NMIPAddr addr_bin; + GVariant *label; +diff --git a/src/libnm-core-impl/nm-setting-ip6-config.c b/src/libnm-core-impl/nm-setting-ip6-config.c +index 8b593b97336a..0356888da324 100644 +--- a/src/libnm-core-impl/nm-setting-ip6-config.c ++++ b/src/libnm-core-impl/nm-setting-ip6-config.c +@@ -998,7 +998,7 @@ nm_setting_ip6_config_class_init(NMSettingIP6ConfigClass *klass) + * format: a comma separated list of addresses + * description: A list of IPv6 addresses and their prefix length. Multiple addresses + * can be separated by comma. For example "2001:db8:85a3::8a2e:370:7334/64, 2001:db8:85a3::5/64". +- * The addresses are listed in decreasing priority, meaning the first address will ++ * The addresses are listed in increasing priority, meaning the last address will + * be the primary address. This can make a difference with IPv6 source address selection + * (RFC 6724, section 5). + * ---end--- +diff --git a/src/libnmc-setting/settings-docs.h.in b/src/libnmc-setting/settings-docs.h.in +index 1ed2f134196b..18e1ed28fc39 100644 +--- a/src/libnmc-setting/settings-docs.h.in ++++ b/src/libnmc-setting/settings-docs.h.in +@@ -184,7 +184,7 @@ + #define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_ROUTES N_("A list of IPv4 destination addresses, prefix length, optional IPv4 next hop addresses, optional route metric, optional attribute. The valid syntax is: \"ip[/prefix] [next-hop] [metric] [attribute=val]...[,ip[/prefix]...]\". For example \"192.0.2.0/24 10.1.1.1 77, 198.51.100.0/24\".") + #define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_ROUTING_RULES N_("A comma separated list of routing rules for policy routing.") + #define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_ADDR_GEN_MODE N_("Configure method for creating the address for use with RFC4862 IPv6 Stateless Address Autoconfiguration. The permitted values are: NM_SETTING_IP6_CONFIG_ADDR_GEN_MODE_EUI64 (0), NM_SETTING_IP6_CONFIG_ADDR_GEN_MODE_STABLE_PRIVACY (1). NM_SETTING_IP6_CONFIG_ADDR_GEN_MODE_DEFAULT_OR_EUI64 (2) or NM_SETTING_IP6_CONFIG_ADDR_GEN_MODE_DEFAULT (3). If the property is set to EUI64, the addresses will be generated using the interface tokens derived from hardware address. This makes the host part of the address to stay constant, making it possible to track host's presence when it changes networks. The address changes when the interface hardware is replaced. The value of stable-privacy enables use of cryptographically secure hash of a secret host-specific key along with the connection's stable-id and the network address as specified by RFC7217. This makes it impossible to use the address track host's presence, and makes the address stable when the network interface hardware is replaced. The special values \"default\" and \"default-or-eui64\" will fallback to the global connection default in as documented in NetworkManager.conf(5) manual. If the global default is not specified, the fallback value is \"stable-privacy\" or \"eui64\", respectively. For libnm, the property defaults to \"default\" since 1.40. Previously it defaulted to \"stable-privacy\". On D-Bus, the absence of an addr-gen-mode setting equals \"default\". For keyfile plugin, the absence of the setting on disk means \"default-or-eui64\" so that the property doesn't change on upgrade from older versions. Note that this setting is distinct from the Privacy Extensions as configured by \"ip6-privacy\" property and it does not affect the temporary addresses configured with this option.") +-#define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_ADDRESSES N_("A list of IPv6 addresses and their prefix length. Multiple addresses can be separated by comma. For example \"2001:db8:85a3::8a2e:370:7334/64, 2001:db8:85a3::5/64\". The addresses are listed in decreasing priority, meaning the first address will be the primary address. This can make a difference with IPv6 source address selection (RFC 6724, section 5).") ++#define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_ADDRESSES N_("A list of IPv6 addresses and their prefix length. Multiple addresses can be separated by comma. For example \"2001:db8:85a3::8a2e:370:7334/64, 2001:db8:85a3::5/64\". The addresses are listed in increasing priority, meaning the last address will be the primary address. This can make a difference with IPv6 source address selection (RFC 6724, section 5).") + #define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_DAD_TIMEOUT N_("Timeout in milliseconds used to check for the presence of duplicate IP addresses on the network. If an address conflict is detected, the activation will fail. A zero value means that no duplicate address detection is performed, -1 means the default value (either configuration ipvx.dad-timeout override or zero). A value greater than zero is a timeout in milliseconds. The property is currently implemented only for IPv4.") + #define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_DHCP_DUID N_("A string containing the DHCPv6 Unique Identifier (DUID) used by the dhcp client to identify itself to DHCPv6 servers (RFC 3315). The DUID is carried in the Client Identifier option. If the property is a hex string ('aa:bb:cc') it is interpreted as a binary DUID and filled as an opaque value in the Client Identifier option. The special value \"lease\" will retrieve the DUID previously used from the lease file belonging to the connection. If no DUID is found and \"dhclient\" is the configured dhcp client, the DUID is searched in the system-wide dhclient lease file. If still no DUID is found, or another dhcp client is used, a global and permanent DUID-UUID (RFC 6355) will be generated based on the machine-id. The special values \"llt\" and \"ll\" will generate a DUID of type LLT or LL (see RFC 3315) based on the current MAC address of the device. In order to try providing a stable DUID-LLT, the time field will contain a constant timestamp that is used globally (for all profiles) and persisted to disk. The special values \"stable-llt\", \"stable-ll\" and \"stable-uuid\" will generate a DUID of the corresponding type, derived from the connection's stable-id and a per-host unique key. You may want to include the \"${DEVICE}\" or \"${MAC}\" specifier in the stable-id, in case this profile gets activated on multiple devices. So, the link-layer address of \"stable-ll\" and \"stable-llt\" will be a generated address derived from the stable id. The DUID-LLT time value in the \"stable-llt\" option will be picked among a static timespan of three years (the upper bound of the interval is the same constant timestamp used in \"llt\"). When the property is unset, the global value provided for \"ipv6.dhcp-duid\" is used. If no global value is provided, the default \"lease\" value is assumed.") + #define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_DHCP_HOSTNAME N_("If the \"dhcp-send-hostname\" property is TRUE, then the specified name will be sent to the DHCP server when acquiring a lease. This property and \"dhcp-fqdn\" are mutually exclusive and cannot be set at the same time.") +diff --git a/src/nmcli/generate-docs-nm-settings-nmcli.xml.in b/src/nmcli/generate-docs-nm-settings-nmcli.xml.in +index 371081b0e0da..5c036ab60149 100644 +--- a/src/nmcli/generate-docs-nm-settings-nmcli.xml.in ++++ b/src/nmcli/generate-docs-nm-settings-nmcli.xml.in +@@ -718,7 +718,7 @@ + description="DNS servers priority. The relative priority for DNS servers specified by this setting. A lower numerical value is better (higher priority). Negative values have the special effect of excluding other configurations with a greater numerical priority value; so in presence of at least one negative priority, only DNS servers from connections with the lowest priority value will be used. To avoid all DNS leaks, set the priority of the profile that should be used to the most negative value of all active connections profiles. Zero selects a globally configured default value. If the latter is missing or zero too, it defaults to 50 for VPNs (including WireGuard) and 100 for other connections. Note that the priority is to order DNS settings for multiple active connections. It does not disambiguate multiple DNS servers within the same connection profile. When multiple devices have configurations with the same priority, VPNs will be considered first, then devices with the best (lowest metric) default route and then all other devices. When using dns=default, servers with higher priority will be on top of resolv.conf. To prioritize a given server over another one within the same connection, just specify them in the desired order. Note that commonly the resolver tries name servers in /etc/resolv.conf in the order listed, proceeding with the next server in the list on failure. See for example the "rotate" option of the dns-options setting. If there are any negative DNS priorities, then only name servers from the devices with that lowest priority will be considered. When using a DNS resolver that supports Conditional Forwarding or Split DNS (with dns=dnsmasq or dns=systemd-resolved settings), each connection is used to query domains in its search list. The search domains determine which name servers to ask, and the DNS priority is used to prioritize name servers based on the domain. Queries for domains not present in any search list are routed through connections having the '~.' special wildcard domain, which is added automatically to connections with the default route (or can be added manually). When multiple connections specify the same domain, the one with the best priority (lowest numerical value) wins. If a sub domain is configured on another interface it will be accepted regardless the priority, unless parent domain on the other interface has a negative priority, which causes the sub domain to be shadowed. With Split DNS one can avoid undesired DNS leaks by properly configuring DNS priorities and the search domains, so that only name servers of the desired interface are configured." /> + ++ description="A list of IPv6 addresses and their prefix length. Multiple addresses can be separated by comma. For example "2001:db8:85a3::8a2e:370:7334/64, 2001:db8:85a3::5/64". The addresses are listed in increasing priority, meaning the last address will be the primary address. This can make a difference with IPv6 source address selection (RFC 6724, section 5)." /> + +-- +2.36.1 + diff --git a/SOURCES/1001-cloud-setup-IMDSv2-rh2151987.patch b/SOURCES/1001-cloud-setup-IMDSv2-rh2151987.patch new file mode 100644 index 0000000..eefa70a --- /dev/null +++ b/SOURCES/1001-cloud-setup-IMDSv2-rh2151987.patch @@ -0,0 +1,1490 @@ +From 89a6ce575d52bbaa1b928275c39517a071449da7 Mon Sep 17 00:00:00 2001 +From: Thomas Haller +Date: Mon, 27 Feb 2023 09:14:10 +0100 +Subject: [PATCH 1/7] cloud-setup: use nm_strv_dup_packed() in + nm_http_client_poll_get() + +No need to do a deep clone. The strv array is not ever modified and we +pack it together in one memory allocation. + +(cherry picked from commit 599fe234ea4864396eb70530513b2646aa97f576) +(cherry picked from commit 3787eacac9c1fc9ff9b423f9d9cea9907e209ebb) +(cherry picked from commit 89a6ce575d52bbaa1b928275c39517a071449da7) +--- + src/nm-cloud-setup/nm-http-client.c | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +diff --git a/src/nm-cloud-setup/nm-http-client.c b/src/nm-cloud-setup/nm-http-client.c +index a0964e2165..98ede1e403 100644 +--- a/src/nm-cloud-setup/nm-http-client.c ++++ b/src/nm-cloud-setup/nm-http-client.c +@@ -419,7 +419,7 @@ _poll_get_data_free(gpointer data) + g_free(poll_get_data->uri); + + nm_clear_pointer(&poll_get_data->response_data, g_bytes_unref); +- g_strfreev((char **) poll_get_data->http_headers); ++ g_free((gpointer) poll_get_data->http_headers); + + nm_g_slice_free(poll_get_data); + } +@@ -552,9 +552,14 @@ nm_http_client_poll_get(NMHttpClient *self, + .check_fcn = check_fcn, + .check_user_data = check_user_data, + .response_code = -1, +- .http_headers = NM_CAST_STRV_CC(g_strdupv((char **) http_headers)), ++ .http_headers = NULL, + }; + ++ if (http_headers) { ++ poll_get_data->http_headers = ++ nm_strv_dup_packed(http_headers, -1) ?: g_new(const char *, 1); ++ } ++ + nmcs_wait_for_objects_register(poll_get_data->task); + + g_task_set_task_data(poll_get_data->task, poll_get_data, _poll_get_data_free); +-- +2.39.2 + + +From 36d417af60a2a09863e00cae869899883265ee8c Mon Sep 17 00:00:00 2001 +From: Lubomir Rintel +Date: Mon, 27 Feb 2023 00:09:13 +0100 +Subject: [PATCH 2/7] cloud_setup: unexport nm_http_client_get() + +It's not used anywhere. + +(cherry picked from commit ce225b2c06089adc402277f2b80afacb9da8cc5f) +(cherry picked from commit 23b9514080c0c578ec5a8e023081837240f41896) +(cherry picked from commit 36d417af60a2a09863e00cae869899883265ee8c) +--- + src/nm-cloud-setup/nm-http-client.c | 4 ++-- + src/nm-cloud-setup/nm-http-client.h | 15 --------------- + 2 files changed, 2 insertions(+), 17 deletions(-) + +diff --git a/src/nm-cloud-setup/nm-http-client.c b/src/nm-cloud-setup/nm-http-client.c +index 98ede1e403..e6cc20fa75 100644 +--- a/src/nm-cloud-setup/nm-http-client.c ++++ b/src/nm-cloud-setup/nm-http-client.c +@@ -256,7 +256,7 @@ _get_cancelled_cb(GObject *object, gpointer user_data) + _ehandle_complete(edata, error); + } + +-void ++static void + nm_http_client_get(NMHttpClient *self, + const char *url, + int timeout_msec, +@@ -366,7 +366,7 @@ nm_http_client_get(NMHttpClient *self, + * + * Returns: %TRUE on success or %FALSE with an error code. + */ +-gboolean ++static gboolean + nm_http_client_get_finish(NMHttpClient *self, + GAsyncResult *result, + long *out_response_code, +diff --git a/src/nm-cloud-setup/nm-http-client.h b/src/nm-cloud-setup/nm-http-client.h +index 0a7052ae25..6cc08ba97c 100644 +--- a/src/nm-cloud-setup/nm-http-client.h ++++ b/src/nm-cloud-setup/nm-http-client.h +@@ -27,21 +27,6 @@ GMainContext *nm_http_client_get_main_context(NMHttpClient *self); + + /*****************************************************************************/ + +-void nm_http_client_get(NMHttpClient *self, +- const char *uri, +- int timeout_msec, +- gssize max_data, +- const char *const *http_headers, +- GCancellable *cancellable, +- GAsyncReadyCallback callback, +- gpointer user_data); +- +-gboolean nm_http_client_get_finish(NMHttpClient *self, +- GAsyncResult *result, +- long *out_response_code, +- GBytes **out_response_data, +- GError **error); +- + typedef gboolean (*NMHttpClientPollGetCheckFcn)(long response_code, + GBytes *response_data, + gpointer check_user_data, +-- +2.39.2 + + +From 20cd11ee4974bb1690d523d5700492ad9c618688 Mon Sep 17 00:00:00 2001 +From: Lubomir Rintel +Date: Mon, 27 Feb 2023 00:09:40 +0100 +Subject: [PATCH 3/7] cloud-setup: rename get/Get identifiers to req and Req + +We're going to extend those to issue methods other than GET. +Also, "request" would've been too long, "req" looks nicer. + +(cherry picked from commit 85ce088616aae3d61c9bc51eb395d1f59ed9a503) +(cherry picked from commit 6e8cfbae32e22ba75693146039b53b516a4147e1) +(cherry picked from commit 20cd11ee4974bb1690d523d5700492ad9c618688) +--- + src/nm-cloud-setup/nm-http-client.c | 142 +++++++++++----------- + src/nm-cloud-setup/nm-http-client.h | 8 +- + src/nm-cloud-setup/nmcs-provider-aliyun.c | 20 +-- + src/nm-cloud-setup/nmcs-provider-azure.c | 24 ++-- + src/nm-cloud-setup/nmcs-provider-ec2.c | 14 +-- + src/nm-cloud-setup/nmcs-provider-gcp.c | 20 +-- + 6 files changed, 114 insertions(+), 114 deletions(-) + +diff --git a/src/nm-cloud-setup/nm-http-client.c b/src/nm-cloud-setup/nm-http-client.c +index e6cc20fa75..ed7914df8f 100644 +--- a/src/nm-cloud-setup/nm-http-client.c ++++ b/src/nm-cloud-setup/nm-http-client.c +@@ -104,12 +104,12 @@ typedef struct { + } GetResult; + + static void +-_get_result_free(gpointer data) ++_req_result_free(gpointer data) + { +- GetResult *get_result = data; ++ GetResult *req_result = data; + +- g_bytes_unref(get_result->response_data); +- nm_g_slice_free(get_result); ++ g_bytes_unref(req_result->response_data); ++ nm_g_slice_free(req_result); + } + + typedef struct { +@@ -154,7 +154,7 @@ _ehandle_free(EHandleData *edata) + static void + _ehandle_complete(EHandleData *edata, GError *error_take) + { +- GetResult *get_result; ++ GetResult *req_result; + gs_free char *str_tmp_1 = NULL; + long response_code = -1; + +@@ -200,15 +200,15 @@ _ehandle_complete(EHandleData *edata, GError *error_take) + + _ehandle_free_ehandle(edata); + +- get_result = g_slice_new(GetResult); +- *get_result = (GetResult){ ++ req_result = g_slice_new(GetResult); ++ *req_result = (GetResult){ + .response_code = response_code, + /* This ensures that response_data is always NUL terminated. This is an important guarantee + * that NMHttpClient makes. */ + .response_data = nm_str_buf_finalize_to_gbytes(&edata->recv_data), + }; + +- g_task_return_pointer(edata->task, get_result, _get_result_free); ++ g_task_return_pointer(edata->task, req_result, _req_result_free); + + _ehandle_free(edata); + } +@@ -257,7 +257,7 @@ _get_cancelled_cb(GObject *object, gpointer user_data) + } + + static void +-nm_http_client_get(NMHttpClient *self, ++nm_http_client_req(NMHttpClient *self, + const char *url, + int timeout_msec, + gssize max_data, +@@ -280,7 +280,7 @@ nm_http_client_get(NMHttpClient *self, + + edata = g_slice_new(EHandleData); + *edata = (EHandleData){ +- .task = nm_g_task_new(self, cancellable, nm_http_client_get, callback, user_data), ++ .task = nm_g_task_new(self, cancellable, nm_http_client_req, callback, user_data), + .recv_data = NM_STR_BUF_INIT(0, FALSE), + .max_data = max_data, + .url = g_strdup(url), +@@ -352,7 +352,7 @@ nm_http_client_get(NMHttpClient *self, + } + + /** +- * nm_http_client_get_finish: ++ * nm_http_client_req_finish: + * @self: the #NMHttpClient instance + * @result: the #GAsyncResult which to complete. + * @out_response_code: (allow-none) (out): the HTTP response code or -1 on other error. +@@ -367,33 +367,33 @@ nm_http_client_get(NMHttpClient *self, + * Returns: %TRUE on success or %FALSE with an error code. + */ + static gboolean +-nm_http_client_get_finish(NMHttpClient *self, ++nm_http_client_req_finish(NMHttpClient *self, + GAsyncResult *result, + long *out_response_code, + GBytes **out_response_data, + GError **error) + { +- GetResult *get_result; ++ GetResult *req_result; + + g_return_val_if_fail(NM_IS_HTTP_CLIENT(self), FALSE); +- g_return_val_if_fail(nm_g_task_is_valid(result, self, nm_http_client_get), FALSE); ++ g_return_val_if_fail(nm_g_task_is_valid(result, self, nm_http_client_req), FALSE); + +- get_result = g_task_propagate_pointer(G_TASK(result), error); ++ req_result = g_task_propagate_pointer(G_TASK(result), error); + +- nm_assert(!error || (!!get_result) == (!*error)); ++ nm_assert(!error || (!!req_result) == (!*error)); + +- if (!get_result) { ++ if (!req_result) { + NM_SET_OUT(out_response_code, -1); + NM_SET_OUT(out_response_data, NULL); + return FALSE; + } + +- NM_SET_OUT(out_response_code, get_result->response_code); ++ NM_SET_OUT(out_response_code, req_result->response_code); + + /* response_data is binary, but is also guaranteed to be NUL terminated! */ +- NM_SET_OUT(out_response_data, g_steal_pointer(&get_result->response_data)); ++ NM_SET_OUT(out_response_data, g_steal_pointer(&req_result->response_data)); + +- _get_result_free(get_result); ++ _req_result_free(req_result); + return TRUE; + } + +@@ -403,63 +403,63 @@ typedef struct { + GTask *task; + char *uri; + const char *const *http_headers; +- NMHttpClientPollGetCheckFcn check_fcn; ++ NMHttpClientPollReqCheckFcn check_fcn; + gpointer check_user_data; + GBytes *response_data; + gsize request_max_data; + long response_code; + int request_timeout_ms; +-} PollGetData; ++} PollReqData; + + static void +-_poll_get_data_free(gpointer data) ++_poll_req_data_free(gpointer data) + { +- PollGetData *poll_get_data = data; ++ PollReqData *poll_req_data = data; + +- g_free(poll_get_data->uri); ++ g_free(poll_req_data->uri); + +- nm_clear_pointer(&poll_get_data->response_data, g_bytes_unref); +- g_free((gpointer) poll_get_data->http_headers); ++ nm_clear_pointer(&poll_req_data->response_data, g_bytes_unref); ++ g_free((gpointer) poll_req_data->http_headers); + +- nm_g_slice_free(poll_get_data); ++ nm_g_slice_free(poll_req_data); + } + + static void +-_poll_get_probe_start_fcn(GCancellable *cancellable, ++_poll_req_probe_start_fcn(GCancellable *cancellable, + gpointer probe_user_data, + GAsyncReadyCallback callback, + gpointer user_data) + { +- PollGetData *poll_get_data = probe_user_data; ++ PollReqData *poll_req_data = probe_user_data; + +- /* balanced by _poll_get_probe_finish_fcn() */ +- g_object_ref(poll_get_data->task); ++ /* balanced by _poll_req_probe_finish_fcn() */ ++ g_object_ref(poll_req_data->task); + +- nm_http_client_get(g_task_get_source_object(poll_get_data->task), +- poll_get_data->uri, +- poll_get_data->request_timeout_ms, +- poll_get_data->request_max_data, +- poll_get_data->http_headers, ++ nm_http_client_req(g_task_get_source_object(poll_req_data->task), ++ poll_req_data->uri, ++ poll_req_data->request_timeout_ms, ++ poll_req_data->request_max_data, ++ poll_req_data->http_headers, + cancellable, + callback, + user_data); + } + + static gboolean +-_poll_get_probe_finish_fcn(GObject *source, ++_poll_req_probe_finish_fcn(GObject *source, + GAsyncResult *result, + gpointer probe_user_data, + GError **error) + { +- PollGetData *poll_get_data = probe_user_data; ++ PollReqData *poll_req_data = probe_user_data; + _nm_unused gs_unref_object GTask *task = +- poll_get_data->task; /* balance ref from _poll_get_probe_start_fcn() */ ++ poll_req_data->task; /* balance ref from _poll_req_probe_start_fcn() */ + gboolean success; + gs_free_error GError *local_error = NULL; + gs_unref_bytes GBytes *response_data = NULL; + long response_code = -1; + +- success = nm_http_client_get_finish(g_task_get_source_object(poll_get_data->task), ++ success = nm_http_client_req_finish(g_task_get_source_object(poll_req_data->task), + result, + &response_code, + &response_data, +@@ -476,10 +476,10 @@ _poll_get_probe_finish_fcn(GObject *source, + return FALSE; + } + +- if (poll_get_data->check_fcn) { +- success = poll_get_data->check_fcn(response_code, ++ if (poll_req_data->check_fcn) { ++ success = poll_req_data->check_fcn(response_code, + response_data, +- poll_get_data->check_user_data, ++ poll_req_data->check_user_data, + &local_error); + } else + success = (response_code == 200); +@@ -494,15 +494,15 @@ _poll_get_probe_finish_fcn(GObject *source, + return FALSE; + } + +- poll_get_data->response_code = response_code; +- poll_get_data->response_data = g_steal_pointer(&response_data); ++ poll_req_data->response_code = response_code; ++ poll_req_data->response_data = g_steal_pointer(&response_data); + return TRUE; + } + + static void +-_poll_get_done_cb(GObject *source, GAsyncResult *result, gpointer user_data) ++_poll_req_done_cb(GObject *source, GAsyncResult *result, gpointer user_data) + { +- PollGetData *poll_get_data = user_data; ++ PollReqData *poll_req_data = user_data; + gs_free_error GError *error = NULL; + gboolean success; + +@@ -511,15 +511,15 @@ _poll_get_done_cb(GObject *source, GAsyncResult *result, gpointer user_data) + nm_assert((!!success) == (!error)); + + if (error) +- g_task_return_error(poll_get_data->task, g_steal_pointer(&error)); ++ g_task_return_error(poll_req_data->task, g_steal_pointer(&error)); + else +- g_task_return_boolean(poll_get_data->task, TRUE); ++ g_task_return_boolean(poll_req_data->task, TRUE); + +- g_object_unref(poll_get_data->task); ++ g_object_unref(poll_req_data->task); + } + + void +-nm_http_client_poll_get(NMHttpClient *self, ++nm_http_client_poll_req(NMHttpClient *self, + const char *uri, + int request_timeout_ms, + gssize request_max_data, +@@ -527,13 +527,13 @@ nm_http_client_poll_get(NMHttpClient *self, + int ratelimit_timeout_ms, + const char *const *http_headers, + GCancellable *cancellable, +- NMHttpClientPollGetCheckFcn check_fcn, ++ NMHttpClientPollReqCheckFcn check_fcn, + gpointer check_user_data, + GAsyncReadyCallback callback, + gpointer user_data) + { + nm_auto_pop_gmaincontext GMainContext *context = NULL; +- PollGetData *poll_get_data; ++ PollReqData *poll_req_data; + + g_return_if_fail(NM_IS_HTTP_CLIENT(self)); + g_return_if_fail(uri && uri[0]); +@@ -543,9 +543,9 @@ nm_http_client_poll_get(NMHttpClient *self, + g_return_if_fail(ratelimit_timeout_ms >= -1); + g_return_if_fail(!cancellable || G_CANCELLABLE(cancellable)); + +- poll_get_data = g_slice_new(PollGetData); +- *poll_get_data = (PollGetData){ +- .task = nm_g_task_new(self, cancellable, nm_http_client_poll_get, callback, user_data), ++ poll_req_data = g_slice_new(PollReqData); ++ *poll_req_data = (PollReqData){ ++ .task = nm_g_task_new(self, cancellable, nm_http_client_poll_req, callback, user_data), + .uri = g_strdup(uri), + .request_timeout_ms = request_timeout_ms, + .request_max_data = request_max_data, +@@ -556,13 +556,13 @@ nm_http_client_poll_get(NMHttpClient *self, + }; + + if (http_headers) { +- poll_get_data->http_headers = ++ poll_req_data->http_headers = + nm_strv_dup_packed(http_headers, -1) ?: g_new(const char *, 1); + } + +- nmcs_wait_for_objects_register(poll_get_data->task); ++ nmcs_wait_for_objects_register(poll_req_data->task); + +- g_task_set_task_data(poll_get_data->task, poll_get_data, _poll_get_data_free); ++ g_task_set_task_data(poll_req_data->task, poll_req_data, _poll_req_data_free); + + context = + nm_g_main_context_push_thread_default_if_necessary(nm_http_client_get_main_context(self)); +@@ -570,28 +570,28 @@ nm_http_client_poll_get(NMHttpClient *self, + nmcs_utils_poll(poll_timeout_ms, + ratelimit_timeout_ms, + 0, +- _poll_get_probe_start_fcn, +- _poll_get_probe_finish_fcn, +- poll_get_data, ++ _poll_req_probe_start_fcn, ++ _poll_req_probe_finish_fcn, ++ poll_req_data, + cancellable, +- _poll_get_done_cb, +- poll_get_data); ++ _poll_req_done_cb, ++ poll_req_data); + } + + gboolean +-nm_http_client_poll_get_finish(NMHttpClient *self, ++nm_http_client_poll_req_finish(NMHttpClient *self, + GAsyncResult *result, + long *out_response_code, + GBytes **out_response_data, + GError **error) + { +- PollGetData *poll_get_data; ++ PollReqData *poll_req_data; + GTask *task; + gboolean success; + gs_free_error GError *local_error = NULL; + + g_return_val_if_fail(NM_HTTP_CLIENT(self), FALSE); +- g_return_val_if_fail(nm_g_task_is_valid(result, self, nm_http_client_poll_get), FALSE); ++ g_return_val_if_fail(nm_g_task_is_valid(result, self, nm_http_client_poll_req), FALSE); + + task = G_TASK(result); + +@@ -606,10 +606,10 @@ nm_http_client_poll_get_finish(NMHttpClient *self, + return FALSE; + } + +- poll_get_data = g_task_get_task_data(task); ++ poll_req_data = g_task_get_task_data(task); + +- NM_SET_OUT(out_response_code, poll_get_data->response_code); +- NM_SET_OUT(out_response_data, g_steal_pointer(&poll_get_data->response_data)); ++ NM_SET_OUT(out_response_code, poll_req_data->response_code); ++ NM_SET_OUT(out_response_data, g_steal_pointer(&poll_req_data->response_data)); + return TRUE; + } + +diff --git a/src/nm-cloud-setup/nm-http-client.h b/src/nm-cloud-setup/nm-http-client.h +index 6cc08ba97c..c8d3ffb458 100644 +--- a/src/nm-cloud-setup/nm-http-client.h ++++ b/src/nm-cloud-setup/nm-http-client.h +@@ -27,12 +27,12 @@ GMainContext *nm_http_client_get_main_context(NMHttpClient *self); + + /*****************************************************************************/ + +-typedef gboolean (*NMHttpClientPollGetCheckFcn)(long response_code, ++typedef gboolean (*NMHttpClientPollReqCheckFcn)(long response_code, + GBytes *response_data, + gpointer check_user_data, + GError **error); + +-void nm_http_client_poll_get(NMHttpClient *self, ++void nm_http_client_poll_req(NMHttpClient *self, + const char *uri, + int request_timeout_ms, + gssize request_max_data, +@@ -40,12 +40,12 @@ void nm_http_client_poll_get(NMHttpClient *self, + int ratelimit_timeout_ms, + const char *const *http_headers, + GCancellable *cancellable, +- NMHttpClientPollGetCheckFcn check_fcn, ++ NMHttpClientPollReqCheckFcn check_fcn, + gpointer check_user_data, + GAsyncReadyCallback callback, + gpointer user_data); + +-gboolean nm_http_client_poll_get_finish(NMHttpClient *self, ++gboolean nm_http_client_poll_req_finish(NMHttpClient *self, + GAsyncResult *result, + long *out_response_code, + GBytes **out_response_data, +diff --git a/src/nm-cloud-setup/nmcs-provider-aliyun.c b/src/nm-cloud-setup/nmcs-provider-aliyun.c +index 34ab5ecc87..93f26e7505 100644 +--- a/src/nm-cloud-setup/nmcs-provider-aliyun.c ++++ b/src/nm-cloud-setup/nmcs-provider-aliyun.c +@@ -77,7 +77,7 @@ _detect_get_meta_data_done_cb(GObject *source, GAsyncResult *result, gpointer us + gs_free_error GError *get_error = NULL; + gs_free_error GError *error = NULL; + +- nm_http_client_poll_get_finish(NM_HTTP_CLIENT(source), result, NULL, NULL, &get_error); ++ nm_http_client_poll_req_finish(NM_HTTP_CLIENT(source), result, NULL, NULL, &get_error); + + if (nm_utils_error_is_cancelled(get_error)) { + g_task_return_error(task, g_steal_pointer(&get_error)); +@@ -104,7 +104,7 @@ detect(NMCSProvider *provider, GTask *task) + + http_client = nmcs_provider_get_http_client(provider); + +- nm_http_client_poll_get(http_client, ++ nm_http_client_poll_req(http_client, + (uri = _aliyun_uri_concat(NM_ALIYUN_API_VERSION "/meta-data/")), + HTTP_TIMEOUT_MS, + 256 * 1024, +@@ -144,7 +144,7 @@ _get_config_fetch_done_cb(NMHttpClient *http_client, + gsize i; + gsize len; + +- nm_http_client_poll_get_finish(http_client, result, NULL, &response, &error); ++ nm_http_client_poll_req_finish(http_client, result, NULL, &response, &error); + + if (nm_utils_error_is_cancelled(error)) + return; +@@ -308,7 +308,7 @@ _get_config_metadata_ready_cb(GObject *source, GAsyncResult *result, gpointer us + GHashTableIter h_iter; + NMHttpClient *http_client; + +- nm_http_client_poll_get_finish(NM_HTTP_CLIENT(source), result, NULL, NULL, &error); ++ nm_http_client_poll_req_finish(NM_HTTP_CLIENT(source), result, NULL, NULL, &error); + + if (nm_utils_error_is_cancelled(error)) + return; +@@ -362,7 +362,7 @@ _get_config_metadata_ready_cb(GObject *source, GAsyncResult *result, gpointer us + v_mac_data->path); + + get_config_data->n_pending++; +- nm_http_client_poll_get( ++ nm_http_client_poll_req( + http_client, + (uri1 = _aliyun_uri_interfaces(v_mac_data->path, + NM_STR_HAS_SUFFIX(v_mac_data->path, "/") ? "" : "/", +@@ -379,7 +379,7 @@ _get_config_metadata_ready_cb(GObject *source, GAsyncResult *result, gpointer us + config_iface_data); + + get_config_data->n_pending++; +- nm_http_client_poll_get( ++ nm_http_client_poll_req( + http_client, + (uri2 = _aliyun_uri_interfaces(v_mac_data->path, + NM_STR_HAS_SUFFIX(v_mac_data->path, "/") ? "" : "/", +@@ -396,7 +396,7 @@ _get_config_metadata_ready_cb(GObject *source, GAsyncResult *result, gpointer us + config_iface_data); + + get_config_data->n_pending++; +- nm_http_client_poll_get( ++ nm_http_client_poll_req( + http_client, + (uri3 = _aliyun_uri_interfaces(v_mac_data->path, + NM_STR_HAS_SUFFIX(v_mac_data->path, "/") ? "" : "/", +@@ -413,7 +413,7 @@ _get_config_metadata_ready_cb(GObject *source, GAsyncResult *result, gpointer us + config_iface_data); + + get_config_data->n_pending++; +- nm_http_client_poll_get( ++ nm_http_client_poll_req( + http_client, + (uri4 = _aliyun_uri_interfaces(v_mac_data->path, + NM_STR_HAS_SUFFIX(v_mac_data->path, "/") ? "" : "/", +@@ -430,7 +430,7 @@ _get_config_metadata_ready_cb(GObject *source, GAsyncResult *result, gpointer us + config_iface_data); + + get_config_data->n_pending++; +- nm_http_client_poll_get( ++ nm_http_client_poll_req( + http_client, + (uri5 = _aliyun_uri_interfaces(v_mac_data->path, + NM_STR_HAS_SUFFIX(v_mac_data->path, "/") ? "" : "/", +@@ -530,7 +530,7 @@ get_config(NMCSProvider *provider, NMCSProviderGetConfigTaskData *get_config_dat + * MAC addresses, then we poll until we see them. They might not yet be + * around from the start... + */ +- nm_http_client_poll_get(nmcs_provider_get_http_client(provider), ++ nm_http_client_poll_req(nmcs_provider_get_http_client(provider), + (uri = _aliyun_uri_interfaces()), + HTTP_TIMEOUT_MS, + 256 * 1024, +diff --git a/src/nm-cloud-setup/nmcs-provider-azure.c b/src/nm-cloud-setup/nmcs-provider-azure.c +index 9b27af288a..b1f48f5c18 100644 +--- a/src/nm-cloud-setup/nmcs-provider-azure.c ++++ b/src/nm-cloud-setup/nmcs-provider-azure.c +@@ -42,7 +42,7 @@ _detect_get_meta_data_done_cb(GObject *source, GAsyncResult *result, gpointer us + gs_free_error GError *get_error = NULL; + gs_free_error GError *error = NULL; + +- nm_http_client_poll_get_finish(NM_HTTP_CLIENT(source), result, NULL, NULL, &get_error); ++ nm_http_client_poll_req_finish(NM_HTTP_CLIENT(source), result, NULL, NULL, &get_error); + + if (nm_utils_error_is_cancelled(get_error)) { + g_task_return_error(task, g_steal_pointer(&get_error)); +@@ -69,7 +69,7 @@ detect(NMCSProvider *provider, GTask *task) + + http_client = nmcs_provider_get_http_client(provider); + +- nm_http_client_poll_get(http_client, ++ nm_http_client_poll_req(http_client, + (uri = _azure_uri_concat("/metadata/instance")), + HTTP_TIMEOUT_MS, + 256 * 1024, +@@ -121,7 +121,7 @@ _get_config_fetch_done_cb(NMHttpClient *http_client, + in_addr_t tmp_addr; + int tmp_prefix = -1; + +- nm_http_client_poll_get_finish(http_client, result, NULL, &response, &error); ++ nm_http_client_poll_req_finish(http_client, result, NULL, &response, &error); + + if (nm_utils_error_is_cancelled(error)) + return; +@@ -241,7 +241,7 @@ _get_config_ips_prefix_list_cb(GObject *source, GAsyncResult *result, gpointer u + gsize line_len; + char iface_idx_str[30]; + +- nm_http_client_poll_get_finish(NM_HTTP_CLIENT(source), result, NULL, &response, &error); ++ nm_http_client_poll_req_finish(NM_HTTP_CLIENT(source), result, NULL, &response, &error); + + if (nm_utils_error_is_cancelled(error)) + return; +@@ -283,7 +283,7 @@ _get_config_ips_prefix_list_cb(GObject *source, GAsyncResult *result, gpointer u + + iface_data->n_iface_data_pending++; + +- nm_http_client_poll_get( ++ nm_http_client_poll_req( + NM_HTTP_CLIENT(source), + (uri = _azure_uri_interfaces(iface_idx_str, + "/ipv4/ipAddress/", +@@ -308,7 +308,7 @@ _get_config_ips_prefix_list_cb(GObject *source, GAsyncResult *result, gpointer u + gs_free char *uri = NULL; + + iface_data->n_iface_data_pending++; +- nm_http_client_poll_get( ++ nm_http_client_poll_req( + NM_HTTP_CLIENT(source), + (uri = _azure_uri_interfaces(iface_idx_str, "/ipv4/subnet/0/address/")), + HTTP_TIMEOUT_MS, +@@ -325,7 +325,7 @@ _get_config_ips_prefix_list_cb(GObject *source, GAsyncResult *result, gpointer u + nm_clear_g_free(&uri); + + iface_data->n_iface_data_pending++; +- nm_http_client_poll_get( ++ nm_http_client_poll_req( + NM_HTTP_CLIENT(source), + (uri = _azure_uri_interfaces(iface_idx_str, "/ipv4/subnet/0/prefix/")), + HTTP_TIMEOUT_MS, +@@ -357,7 +357,7 @@ _get_config_iface_cb(GObject *source, GAsyncResult *result, gpointer user_data) + gs_free const char *uri = NULL; + char buf[100]; + +- nm_http_client_poll_get_finish(NM_HTTP_CLIENT(source), result, NULL, &response, &error); ++ nm_http_client_poll_req_finish(NM_HTTP_CLIENT(source), result, NULL, &response, &error); + + if (nm_utils_error_is_cancelled(error)) + return; +@@ -408,7 +408,7 @@ _get_config_iface_cb(GObject *source, GAsyncResult *result, gpointer user_data) + + nm_sprintf_buf(buf, "%" G_GSSIZE_FORMAT "/ipv4/ipAddress/", iface_data->intern_iface_idx); + +- nm_http_client_poll_get(NM_HTTP_CLIENT(source), ++ nm_http_client_poll_req(NM_HTTP_CLIENT(source), + (uri = _azure_uri_interfaces(buf)), + HTTP_TIMEOUT_MS, + 512 * 1024, +@@ -441,7 +441,7 @@ _get_net_ifaces_list_cb(GObject *source, GAsyncResult *result, gpointer user_dat + guint i; + gssize extern_iface_idx_cnt = 0; + +- nm_http_client_poll_get_finish(NM_HTTP_CLIENT(source), result, NULL, &response, &error); ++ nm_http_client_poll_req_finish(NM_HTTP_CLIENT(source), result, NULL, &response, &error); + + if (nm_utils_error_is_cancelled(error)) + return; +@@ -508,7 +508,7 @@ _get_net_ifaces_list_cb(GObject *source, GAsyncResult *result, gpointer user_dat + nm_sprintf_buf(buf, "%" G_GSSIZE_FORMAT "/macAddress", iface_data->intern_iface_idx); + + get_config_data->n_pending++; +- nm_http_client_poll_get(NM_HTTP_CLIENT(source), ++ nm_http_client_poll_req(NM_HTTP_CLIENT(source), + (uri = _azure_uri_interfaces(buf)), + HTTP_TIMEOUT_MS, + 512 * 1024, +@@ -531,7 +531,7 @@ get_config(NMCSProvider *provider, NMCSProviderGetConfigTaskData *get_config_dat + { + gs_free const char *uri = NULL; + +- nm_http_client_poll_get(nmcs_provider_get_http_client(provider), ++ nm_http_client_poll_req(nmcs_provider_get_http_client(provider), + (uri = _azure_uri_interfaces()), + HTTP_TIMEOUT_MS, + 256 * 1024, +diff --git a/src/nm-cloud-setup/nmcs-provider-ec2.c b/src/nm-cloud-setup/nmcs-provider-ec2.c +index d6fa03118d..35f7176c4d 100644 +--- a/src/nm-cloud-setup/nmcs-provider-ec2.c ++++ b/src/nm-cloud-setup/nmcs-provider-ec2.c +@@ -72,7 +72,7 @@ _detect_get_meta_data_done_cb(GObject *source, GAsyncResult *result, gpointer us + gs_free_error GError *get_error = NULL; + gs_free_error GError *error = NULL; + +- nm_http_client_poll_get_finish(NM_HTTP_CLIENT(source), result, NULL, NULL, &get_error); ++ nm_http_client_poll_req_finish(NM_HTTP_CLIENT(source), result, NULL, NULL, &get_error); + + if (nm_utils_error_is_cancelled(get_error)) { + g_task_return_error(task, g_steal_pointer(&get_error)); +@@ -99,7 +99,7 @@ detect(NMCSProvider *provider, GTask *task) + + http_client = nmcs_provider_get_http_client(provider); + +- nm_http_client_poll_get(http_client, ++ nm_http_client_poll_req(http_client, + (uri = _ec2_uri_concat("latest/meta-data/")), + HTTP_TIMEOUT_MS, + 256 * 1024, +@@ -126,7 +126,7 @@ _get_config_fetch_done_cb(NMHttpClient *http_client, + in_addr_t tmp_addr; + int tmp_prefix; + +- nm_http_client_poll_get_finish(http_client, result, NULL, &response, &error); ++ nm_http_client_poll_req_finish(http_client, result, NULL, &response, &error); + + if (nm_utils_error_is_cancelled(error)) + return; +@@ -204,7 +204,7 @@ _get_config_metadata_ready_cb(GObject *source, GAsyncResult *result, gpointer us + GHashTableIter h_iter; + NMHttpClient *http_client; + +- nm_http_client_poll_get_finish(NM_HTTP_CLIENT(source), result, NULL, NULL, &error); ++ nm_http_client_poll_req_finish(NM_HTTP_CLIENT(source), result, NULL, NULL, &error); + + if (nm_utils_error_is_cancelled(error)) + return; +@@ -254,7 +254,7 @@ _get_config_metadata_ready_cb(GObject *source, GAsyncResult *result, gpointer us + v_mac_data->path); + + get_config_data->n_pending++; +- nm_http_client_poll_get( ++ nm_http_client_poll_req( + http_client, + (uri1 = _ec2_uri_interfaces(v_mac_data->path, + NM_STR_HAS_SUFFIX(v_mac_data->path, "/") ? "" : "/", +@@ -271,7 +271,7 @@ _get_config_metadata_ready_cb(GObject *source, GAsyncResult *result, gpointer us + config_iface_data); + + get_config_data->n_pending++; +- nm_http_client_poll_get( ++ nm_http_client_poll_req( + http_client, + (uri2 = _ec2_uri_interfaces(v_mac_data->path, + NM_STR_HAS_SUFFIX(v_mac_data->path, "/") ? "" : "/", +@@ -371,7 +371,7 @@ get_config(NMCSProvider *provider, NMCSProviderGetConfigTaskData *get_config_dat + * MAC addresses, then we poll until we see them. They might not yet be + * around from the start... + */ +- nm_http_client_poll_get(nmcs_provider_get_http_client(provider), ++ nm_http_client_poll_req(nmcs_provider_get_http_client(provider), + (uri = _ec2_uri_interfaces()), + HTTP_TIMEOUT_MS, + 256 * 1024, +diff --git a/src/nm-cloud-setup/nmcs-provider-gcp.c b/src/nm-cloud-setup/nmcs-provider-gcp.c +index a325f31a17..571c0fb826 100644 +--- a/src/nm-cloud-setup/nmcs-provider-gcp.c ++++ b/src/nm-cloud-setup/nmcs-provider-gcp.c +@@ -45,7 +45,7 @@ _detect_get_meta_data_done_cb(GObject *source, GAsyncResult *result, gpointer us + gs_free_error GError *get_error = NULL; + gs_free_error GError *error = NULL; + +- nm_http_client_poll_get_finish(NM_HTTP_CLIENT(source), result, NULL, NULL, &get_error); ++ nm_http_client_poll_req_finish(NM_HTTP_CLIENT(source), result, NULL, NULL, &get_error); + + if (nm_utils_error_is_cancelled(get_error)) { + g_task_return_error(task, g_steal_pointer(&get_error)); +@@ -72,7 +72,7 @@ detect(NMCSProvider *provider, GTask *task) + + http_client = nmcs_provider_get_http_client(provider); + +- nm_http_client_poll_get(http_client, ++ nm_http_client_poll_req(http_client, + (uri = _gcp_uri_concat("id")), + HTTP_TIMEOUT_MS, + 256 * 1024, +@@ -114,7 +114,7 @@ _get_config_fip_cb(GObject *source, GAsyncResult *result, gpointer user_data) + NMIPRoute **routes_arr; + NMIPRoute *route_new; + +- nm_http_client_poll_get_finish(NM_HTTP_CLIENT(source), result, NULL, &response, &error); ++ nm_http_client_poll_req_finish(NM_HTTP_CLIENT(source), result, NULL, &response, &error); + + if (nm_utils_error_is_cancelled(error)) + return; +@@ -171,7 +171,7 @@ _get_config_ips_list_cb(GObject *source, GAsyncResult *result, gpointer user_dat + gsize line_len; + guint i; + +- nm_http_client_poll_get_finish(NM_HTTP_CLIENT(source), result, NULL, &response, &error); ++ nm_http_client_poll_req_finish(NM_HTTP_CLIENT(source), result, NULL, &response, &error); + + if (nm_utils_error_is_cancelled(error)) + return; +@@ -220,7 +220,7 @@ _get_config_ips_list_cb(GObject *source, GAsyncResult *result, gpointer user_dat + const char *str = uri_arr->pdata[i]; + gs_free const char *uri = NULL; + +- nm_http_client_poll_get(NM_HTTP_CLIENT(source), ++ nm_http_client_poll_req(NM_HTTP_CLIENT(source), + (uri = _gcp_uri_interfaces(str)), + HTTP_TIMEOUT_MS, + HTTP_REQ_MAX_DATA, +@@ -252,7 +252,7 @@ _get_config_iface_cb(GObject *source, GAsyncResult *result, gpointer user_data) + NMCSProviderGetConfigTaskData *get_config_data; + gboolean is_requested; + +- nm_http_client_poll_get_finish(NM_HTTP_CLIENT(source), result, NULL, &response, &error); ++ nm_http_client_poll_req_finish(NM_HTTP_CLIENT(source), result, NULL, &response, &error); + + if (nm_utils_error_is_cancelled(error)) + return; +@@ -306,7 +306,7 @@ _get_config_iface_cb(GObject *source, GAsyncResult *result, gpointer user_data) + + nm_sprintf_buf(sbuf, "%" G_GSSIZE_FORMAT "/forwarded-ips/", iface_data->intern_iface_idx); + +- nm_http_client_poll_get(NM_HTTP_CLIENT(source), ++ nm_http_client_poll_req(NM_HTTP_CLIENT(source), + (uri = _gcp_uri_interfaces(sbuf)), + HTTP_TIMEOUT_MS, + HTTP_REQ_MAX_DATA, +@@ -339,7 +339,7 @@ _get_net_ifaces_list_cb(GObject *source, GAsyncResult *result, gpointer user_dat + guint i; + gssize extern_iface_idx_cnt = 0; + +- nm_http_client_poll_get_finish(NM_HTTP_CLIENT(source), result, NULL, &response, &error); ++ nm_http_client_poll_req_finish(NM_HTTP_CLIENT(source), result, NULL, &response, &error); + + if (nm_utils_error_is_cancelled(error)) + return; +@@ -405,7 +405,7 @@ _get_net_ifaces_list_cb(GObject *source, GAsyncResult *result, gpointer user_dat + nm_sprintf_buf(sbuf, "%" G_GSSIZE_FORMAT "/mac", data->intern_iface_idx); + + get_config_data->n_pending++; +- nm_http_client_poll_get(NM_HTTP_CLIENT(source), ++ nm_http_client_poll_req(NM_HTTP_CLIENT(source), + (uri = _gcp_uri_interfaces(sbuf)), + HTTP_TIMEOUT_MS, + HTTP_REQ_MAX_DATA, +@@ -428,7 +428,7 @@ get_config(NMCSProvider *provider, NMCSProviderGetConfigTaskData *get_config_dat + { + gs_free const char *uri = NULL; + +- nm_http_client_poll_get(nmcs_provider_get_http_client(provider), ++ nm_http_client_poll_req(nmcs_provider_get_http_client(provider), + (uri = _gcp_uri_interfaces()), + HTTP_TIMEOUT_MS, + HTTP_REQ_MAX_DATA, +-- +2.39.2 + + +From aaf66e9174eb04d2df1f45530ebdca16e77a6ec5 Mon Sep 17 00:00:00 2001 +From: Lubomir Rintel +Date: Mon, 27 Feb 2023 00:13:31 +0100 +Subject: [PATCH 4/7] cloud-setup: make nm_http_client_req() accept a method + argument + +We'll need to be able to issue PUT calls. + +(cherry picked from commit cd74d75002783a79d1a4fca24b2fbe99ced933a8) +(cherry picked from commit eff4372045290ad380bddf03e5075ab671a7cff6) +(cherry picked from commit aaf66e9174eb04d2df1f45530ebdca16e77a6ec5) +--- + src/nm-cloud-setup/nm-http-client.c | 7 +++++++ + src/nm-cloud-setup/nm-http-client.h | 1 + + src/nm-cloud-setup/nmcs-provider-aliyun.c | 7 +++++++ + src/nm-cloud-setup/nmcs-provider-azure.c | 7 +++++++ + src/nm-cloud-setup/nmcs-provider-ec2.c | 4 ++++ + src/nm-cloud-setup/nmcs-provider-gcp.c | 5 +++++ + 6 files changed, 31 insertions(+) + +diff --git a/src/nm-cloud-setup/nm-http-client.c b/src/nm-cloud-setup/nm-http-client.c +index ed7914df8f..b3db93e058 100644 +--- a/src/nm-cloud-setup/nm-http-client.c ++++ b/src/nm-cloud-setup/nm-http-client.c +@@ -262,6 +262,7 @@ nm_http_client_req(NMHttpClient *self, + int timeout_msec, + gssize max_data, + const char *const *http_headers, ++ const char *http_method, + GCancellable *cancellable, + GAsyncReadyCallback callback, + gpointer user_data) +@@ -328,6 +329,9 @@ nm_http_client_req(NMHttpClient *self, + curl_easy_setopt(edata->ehandle, CURLOPT_HTTPHEADER, edata->headers); + } + ++ if (http_method) ++ curl_easy_setopt(edata->ehandle, CURLOPT_CUSTOMREQUEST, http_method); ++ + if (timeout_msec > 0) { + edata->timeout_source = _source_attach(self, + nm_g_timeout_source_new(timeout_msec, +@@ -403,6 +407,7 @@ typedef struct { + GTask *task; + char *uri; + const char *const *http_headers; ++ const char *http_method; + NMHttpClientPollReqCheckFcn check_fcn; + gpointer check_user_data; + GBytes *response_data; +@@ -440,6 +445,7 @@ _poll_req_probe_start_fcn(GCancellable *cancellable, + poll_req_data->request_timeout_ms, + poll_req_data->request_max_data, + poll_req_data->http_headers, ++ poll_req_data->http_method, + cancellable, + callback, + user_data); +@@ -526,6 +532,7 @@ nm_http_client_poll_req(NMHttpClient *self, + int poll_timeout_ms, + int ratelimit_timeout_ms, + const char *const *http_headers, ++ const char *http_method, + GCancellable *cancellable, + NMHttpClientPollReqCheckFcn check_fcn, + gpointer check_user_data, +diff --git a/src/nm-cloud-setup/nm-http-client.h b/src/nm-cloud-setup/nm-http-client.h +index c8d3ffb458..641efb1f47 100644 +--- a/src/nm-cloud-setup/nm-http-client.h ++++ b/src/nm-cloud-setup/nm-http-client.h +@@ -39,6 +39,7 @@ void nm_http_client_poll_req(NMHttpClient *self, + int poll_timeout_ms, + int ratelimit_timeout_ms, + const char *const *http_headers, ++ const char *http_method, + GCancellable *cancellable, + NMHttpClientPollReqCheckFcn check_fcn, + gpointer check_user_data, +diff --git a/src/nm-cloud-setup/nmcs-provider-aliyun.c b/src/nm-cloud-setup/nmcs-provider-aliyun.c +index 93f26e7505..0500922058 100644 +--- a/src/nm-cloud-setup/nmcs-provider-aliyun.c ++++ b/src/nm-cloud-setup/nmcs-provider-aliyun.c +@@ -111,6 +111,7 @@ detect(NMCSProvider *provider, GTask *task) + 7000, + 1000, + NULL, ++ NULL, + g_task_get_cancellable(task), + NULL, + NULL, +@@ -372,6 +373,7 @@ _get_config_metadata_ready_cb(GObject *source, GAsyncResult *result, gpointer us + 10000, + 1000, + NULL, ++ NULL, + get_config_data->intern_cancellable, + NULL, + NULL, +@@ -389,6 +391,7 @@ _get_config_metadata_ready_cb(GObject *source, GAsyncResult *result, gpointer us + 10000, + 1000, + NULL, ++ NULL, + get_config_data->intern_cancellable, + NULL, + NULL, +@@ -406,6 +409,7 @@ _get_config_metadata_ready_cb(GObject *source, GAsyncResult *result, gpointer us + 10000, + 1000, + NULL, ++ NULL, + get_config_data->intern_cancellable, + NULL, + NULL, +@@ -423,6 +427,7 @@ _get_config_metadata_ready_cb(GObject *source, GAsyncResult *result, gpointer us + 10000, + 1000, + NULL, ++ NULL, + get_config_data->intern_cancellable, + NULL, + NULL, +@@ -440,6 +445,7 @@ _get_config_metadata_ready_cb(GObject *source, GAsyncResult *result, gpointer us + 10000, + 1000, + NULL, ++ NULL, + get_config_data->intern_cancellable, + NULL, + NULL, +@@ -537,6 +543,7 @@ get_config(NMCSProvider *provider, NMCSProviderGetConfigTaskData *get_config_dat + 15000, + 1000, + NULL, ++ NULL, + get_config_data->intern_cancellable, + _get_config_metadata_ready_check, + get_config_data, +diff --git a/src/nm-cloud-setup/nmcs-provider-azure.c b/src/nm-cloud-setup/nmcs-provider-azure.c +index b1f48f5c18..e74d042026 100644 +--- a/src/nm-cloud-setup/nmcs-provider-azure.c ++++ b/src/nm-cloud-setup/nmcs-provider-azure.c +@@ -76,6 +76,7 @@ detect(NMCSProvider *provider, GTask *task) + 7000, + 1000, + NM_MAKE_STRV(NM_AZURE_METADATA_HEADER), ++ NULL, + g_task_get_cancellable(task), + NULL, + NULL, +@@ -294,6 +295,7 @@ _get_config_ips_prefix_list_cb(GObject *source, GAsyncResult *result, gpointer u + 10000, + 1000, + NM_MAKE_STRV(NM_AZURE_METADATA_HEADER), ++ NULL, + get_config_data->intern_cancellable, + NULL, + NULL, +@@ -316,6 +318,7 @@ _get_config_ips_prefix_list_cb(GObject *source, GAsyncResult *result, gpointer u + 10000, + 1000, + NM_MAKE_STRV(NM_AZURE_METADATA_HEADER), ++ NULL, + get_config_data->intern_cancellable, + NULL, + NULL, +@@ -333,6 +336,7 @@ _get_config_ips_prefix_list_cb(GObject *source, GAsyncResult *result, gpointer u + 10000, + 1000, + NM_MAKE_STRV(NM_AZURE_METADATA_HEADER), ++ NULL, + get_config_data->intern_cancellable, + NULL, + NULL, +@@ -415,6 +419,7 @@ _get_config_iface_cb(GObject *source, GAsyncResult *result, gpointer user_data) + 10000, + 1000, + NM_MAKE_STRV(NM_AZURE_METADATA_HEADER), ++ NULL, + get_config_data->intern_cancellable, + NULL, + NULL, +@@ -515,6 +520,7 @@ _get_net_ifaces_list_cb(GObject *source, GAsyncResult *result, gpointer user_dat + 10000, + 1000, + NM_MAKE_STRV(NM_AZURE_METADATA_HEADER), ++ NULL, + get_config_data->intern_cancellable, + NULL, + NULL, +@@ -538,6 +544,7 @@ get_config(NMCSProvider *provider, NMCSProviderGetConfigTaskData *get_config_dat + 15000, + 1000, + NM_MAKE_STRV(NM_AZURE_METADATA_HEADER), ++ NULL, + get_config_data->intern_cancellable, + NULL, + NULL, +diff --git a/src/nm-cloud-setup/nmcs-provider-ec2.c b/src/nm-cloud-setup/nmcs-provider-ec2.c +index 35f7176c4d..c3c527cfd4 100644 +--- a/src/nm-cloud-setup/nmcs-provider-ec2.c ++++ b/src/nm-cloud-setup/nmcs-provider-ec2.c +@@ -106,6 +106,7 @@ detect(NMCSProvider *provider, GTask *task) + 7000, + 1000, + NULL, ++ NULL, + g_task_get_cancellable(task), + _detect_get_meta_data_check_cb, + NULL, +@@ -264,6 +265,7 @@ _get_config_metadata_ready_cb(GObject *source, GAsyncResult *result, gpointer us + 10000, + 1000, + NULL, ++ NULL, + get_config_data->intern_cancellable, + NULL, + NULL, +@@ -281,6 +283,7 @@ _get_config_metadata_ready_cb(GObject *source, GAsyncResult *result, gpointer us + 10000, + 1000, + NULL, ++ NULL, + get_config_data->intern_cancellable, + NULL, + NULL, +@@ -378,6 +381,7 @@ get_config(NMCSProvider *provider, NMCSProviderGetConfigTaskData *get_config_dat + 15000, + 1000, + NULL, ++ NULL, + get_config_data->intern_cancellable, + _get_config_metadata_ready_check, + get_config_data, +diff --git a/src/nm-cloud-setup/nmcs-provider-gcp.c b/src/nm-cloud-setup/nmcs-provider-gcp.c +index 571c0fb826..ca354865dd 100644 +--- a/src/nm-cloud-setup/nmcs-provider-gcp.c ++++ b/src/nm-cloud-setup/nmcs-provider-gcp.c +@@ -79,6 +79,7 @@ detect(NMCSProvider *provider, GTask *task) + 7000, + 1000, + NM_MAKE_STRV(NM_GCP_METADATA_HEADER), ++ NULL, + g_task_get_cancellable(task), + NULL, + NULL, +@@ -227,6 +228,7 @@ _get_config_ips_list_cb(GObject *source, GAsyncResult *result, gpointer user_dat + HTTP_POLL_TIMEOUT_MS, + HTTP_RATE_LIMIT_MS, + NM_MAKE_STRV(NM_GCP_METADATA_HEADER), ++ NULL, + get_config_data->intern_cancellable, + NULL, + NULL, +@@ -313,6 +315,7 @@ _get_config_iface_cb(GObject *source, GAsyncResult *result, gpointer user_data) + HTTP_POLL_TIMEOUT_MS, + HTTP_RATE_LIMIT_MS, + NM_MAKE_STRV(NM_GCP_METADATA_HEADER), ++ NULL, + get_config_data->intern_cancellable, + NULL, + NULL, +@@ -412,6 +415,7 @@ _get_net_ifaces_list_cb(GObject *source, GAsyncResult *result, gpointer user_dat + HTTP_POLL_TIMEOUT_MS, + HTTP_RATE_LIMIT_MS, + NM_MAKE_STRV(NM_GCP_METADATA_HEADER), ++ NULL, + get_config_data->intern_cancellable, + NULL, + NULL, +@@ -435,6 +439,7 @@ get_config(NMCSProvider *provider, NMCSProviderGetConfigTaskData *get_config_dat + HTTP_POLL_TIMEOUT_MS, + HTTP_RATE_LIMIT_MS, + NM_MAKE_STRV(NM_GCP_METADATA_HEADER), ++ NULL, + get_config_data->intern_cancellable, + NULL, + NULL, +-- +2.39.2 + + +From 06fc0ef35dc7e5e6295ab9beecba6071e556d55e Mon Sep 17 00:00:00 2001 +From: Lubomir Rintel +Date: Tue, 7 Mar 2023 13:51:57 +0100 +Subject: [PATCH 5/7] cloud-setup: document detect() and get_config() methods + +Clarify that detect() needs to succeed before get_config(). + +I thought it's sort of common sense, but it's better to be explicit as +we're going to rely on that. + +(cherry picked from commit 088bfd817ab5eb8aa0fb9cffe52fa3f456030ecc) +(cherry picked from commit d99864ccba6d7c9bac66dcbbcc49c01be0ddd719) +(cherry picked from commit 06fc0ef35dc7e5e6295ab9beecba6071e556d55e) +--- + src/nm-cloud-setup/nmcs-provider.h | 28 ++++++++++++++++++++++++++++ + 1 file changed, 28 insertions(+) + +diff --git a/src/nm-cloud-setup/nmcs-provider.h b/src/nm-cloud-setup/nmcs-provider.h +index 502f1d0323..3662fbe391 100644 +--- a/src/nm-cloud-setup/nmcs-provider.h ++++ b/src/nm-cloud-setup/nmcs-provider.h +@@ -152,8 +152,36 @@ typedef struct { + const char *_name; + const char *_env_provider_enabled; + ++ /** ++ * detect: ++ * @self: the #NMCSProvider ++ * @task: a #GTask that's completed when the detection finishes. ++ * ++ * Checks whether the metadata of a particular cloud provider is ++ * accessible on the host machine. The check runs asynchronously. ++ * ++ * When the check finishes, @task is completed. If the check was ++ * successful, @task returns a gboolean of %TRUE. Otherwise ++ * a %FALSE value or an error is returned. ++ * ++ * The routine has to be called before the get_config() can be ++ * used. ++ */ + void (*detect)(NMCSProvider *self, GTask *task); + ++ /** ++ * get_config: ++ * @self: the #NMCSProvider ++ * @get_config_data: encapsulates a #GTask and network configuration data ++ * ++ * Collects the network configuration from metadata service of a ++ * particular cloud provider. The metadata is traversed and checked ++ * asynchronously, completing a task encapsulated in @get_config_data ++ * upon finishing. ++ * ++ * Call to detect() with a successful result is necessary before ++ * using this routine. ++ */ + void (*get_config)(NMCSProvider *self, NMCSProviderGetConfigTaskData *get_config_data); + + } NMCSProviderClass; +-- +2.39.2 + + +From e3ac982b32361105708d489a73eaed2bc4dc5f9f Mon Sep 17 00:00:00 2001 +From: Lubomir Rintel +Date: Mon, 27 Feb 2023 00:15:11 +0100 +Subject: [PATCH 6/7] cloud-setup/ec2: start with requesting a IMDSv2 token + +The present version of the EC2 metadata API (IMDSv2) requires a header +with a token to be present in all requests. The token is essentially a +cookie that's not actually a cookie that's obtained with a PUT call that +doesn't put anything. Apparently it's too easy to trick someone into +calling a GET method. + +EC2 now supports IMDSv2 everywhere with IMDSv1 being optional, so let's +just use IMDSv2 unconditionally. Also, the presence of a token API can +be used to detect the AWS EC2 cloud. + +https://bugzilla.redhat.com/show_bug.cgi?id=2151986 +(cherry picked from commit 8b7e12c2d631c47292258c29429cd565715ea186) +(cherry picked from commit 429f36cd81ddbe337f04c09a352fd78cd29e394d) +(cherry picked from commit e3ac982b32361105708d489a73eaed2bc4dc5f9f) +--- + src/nm-cloud-setup/nmcs-provider-ec2.c | 74 +++++++++++++++++++------- + 1 file changed, 54 insertions(+), 20 deletions(-) + +diff --git a/src/nm-cloud-setup/nmcs-provider-ec2.c b/src/nm-cloud-setup/nmcs-provider-ec2.c +index c3c527cfd4..3a27a30e68 100644 +--- a/src/nm-cloud-setup/nmcs-provider-ec2.c ++++ b/src/nm-cloud-setup/nmcs-provider-ec2.c +@@ -16,6 +16,11 @@ + #define NM_EC2_METADATA_URL_BASE /* $NM_EC2_BASE/$NM_EC2_API_VERSION */ \ + "/meta-data/network/interfaces/macs/" + ++/* Token TTL of 180 seconds is chosen abitrarily, in hope that it is ++ * surely more than enough to read all relevant metadata. */ ++#define NM_EC2_TOKEN_TTL_HEADER "X-aws-ec2-metadata-token-ttl-seconds: 180" ++#define NM_EC2_TOKEN_HEADER "X-aws-ec2-metadata-token: " ++ + static const char * + _ec2_base(void) + { +@@ -44,8 +49,15 @@ again: + + /*****************************************************************************/ + ++enum { ++ NM_EC2_HTTP_HEADER_TOKEN, ++ NM_EC2_HTTP_HEADER_SENTINEL, ++ _NM_EC2_HTTP_HEADER_NUM, ++}; ++ + struct _NMCSProviderEC2 { + NMCSProvider parent; ++ char *token; + }; + + struct _NMCSProviderEC2Class { +@@ -56,23 +68,18 @@ G_DEFINE_TYPE(NMCSProviderEC2, nmcs_provider_ec2, NMCS_TYPE_PROVIDER); + + /*****************************************************************************/ + +-static gboolean +-_detect_get_meta_data_check_cb(long response_code, +- GBytes *response, +- gpointer check_user_data, +- GError **error) +-{ +- return response_code == 200 && nmcs_utils_parse_get_full_line(response, "ami-id"); +-} +- + static void +-_detect_get_meta_data_done_cb(GObject *source, GAsyncResult *result, gpointer user_data) ++_detect_get_token_done_cb(GObject *source, GAsyncResult *result, gpointer user_data) + { + gs_unref_object GTask *task = user_data; ++ NMCSProviderEC2 *self = NMCS_PROVIDER_EC2(g_task_get_source_object(task)); ++ gs_unref_bytes GBytes *response = NULL; + gs_free_error GError *get_error = NULL; + gs_free_error GError *error = NULL; + +- nm_http_client_poll_req_finish(NM_HTTP_CLIENT(source), result, NULL, NULL, &get_error); ++ nm_clear_g_free(&self->token); ++ ++ nm_http_client_poll_req_finish(NM_HTTP_CLIENT(source), result, NULL, &response, &get_error); + + if (nm_utils_error_is_cancelled(get_error)) { + g_task_return_error(task, g_steal_pointer(&get_error)); +@@ -88,6 +95,12 @@ _detect_get_meta_data_done_cb(GObject *source, GAsyncResult *result, gpointer us + return; + } + ++ /* We use the token as-is. Special characters can cause confusion (e.g. ++ * response splitting), but we're not crossing a security boundary. ++ * None of the examples in AWS documentation does any sort of ++ * sanitization either. */ ++ self->token = g_strconcat(NM_EC2_TOKEN_HEADER, g_bytes_get_data(response, NULL), NULL); ++ + g_task_return_boolean(task, TRUE); + } + +@@ -100,17 +113,17 @@ detect(NMCSProvider *provider, GTask *task) + http_client = nmcs_provider_get_http_client(provider); + + nm_http_client_poll_req(http_client, +- (uri = _ec2_uri_concat("latest/meta-data/")), ++ (uri = _ec2_uri_concat("latest/api/token")), + HTTP_TIMEOUT_MS, + 256 * 1024, + 7000, + 1000, +- NULL, +- NULL, ++ NM_MAKE_STRV(NM_EC2_TOKEN_TTL_HEADER), ++ "PUT", + g_task_get_cancellable(task), +- _detect_get_meta_data_check_cb, + NULL, +- _detect_get_meta_data_done_cb, ++ NULL, ++ _detect_get_token_done_cb, + task); + } + +@@ -198,6 +211,7 @@ static void + _get_config_metadata_ready_cb(GObject *source, GAsyncResult *result, gpointer user_data) + { + NMCSProviderGetConfigTaskData *get_config_data; ++ NMCSProviderEC2 *self; + gs_unref_hashtable GHashTable *response_parsed = NULL; + gs_free_error GError *error = NULL; + GetConfigMetadataMac *v_mac_data; +@@ -211,6 +225,7 @@ _get_config_metadata_ready_cb(GObject *source, GAsyncResult *result, gpointer us + return; + + get_config_data = user_data; ++ self = NMCS_PROVIDER_EC2(get_config_data->self); + + response_parsed = g_steal_pointer(&get_config_data->extra_data); + get_config_data->extra_data_destroy = NULL; +@@ -264,7 +279,7 @@ _get_config_metadata_ready_cb(GObject *source, GAsyncResult *result, gpointer us + 512 * 1024, + 10000, + 1000, +- NULL, ++ NM_MAKE_STRV(self->token), + NULL, + get_config_data->intern_cancellable, + NULL, +@@ -282,7 +297,7 @@ _get_config_metadata_ready_cb(GObject *source, GAsyncResult *result, gpointer us + 512 * 1024, + 10000, + 1000, +- NULL, ++ NM_MAKE_STRV(self->token), + NULL, + get_config_data->intern_cancellable, + NULL, +@@ -368,7 +383,13 @@ _get_config_metadata_ready_check(long response_code, + static void + get_config(NMCSProvider *provider, NMCSProviderGetConfigTaskData *get_config_data) + { +- gs_free char *uri = NULL; ++ NMCSProviderEC2 *self = NMCS_PROVIDER_EC2(provider); ++ gs_free char *uri = NULL; ++ ++ /* This can be called only if detect() succeeded, which implies ++ * there must be a token. ++ */ ++ nm_assert(self->token); + + /* First we fetch the "macs/". If the caller requested some particular + * MAC addresses, then we poll until we see them. They might not yet be +@@ -380,7 +401,7 @@ get_config(NMCSProvider *provider, NMCSProviderGetConfigTaskData *get_config_dat + 256 * 1024, + 15000, + 1000, +- NULL, ++ NM_MAKE_STRV(self->token), + NULL, + get_config_data->intern_cancellable, + _get_config_metadata_ready_check, +@@ -395,11 +416,24 @@ static void + nmcs_provider_ec2_init(NMCSProviderEC2 *self) + {} + ++static void ++dispose(GObject *object) ++{ ++ NMCSProviderEC2 *self = NMCS_PROVIDER_EC2(object); ++ ++ nm_clear_g_free(&self->token); ++ ++ G_OBJECT_CLASS(nmcs_provider_ec2_parent_class)->dispose(object); ++} ++ + static void + nmcs_provider_ec2_class_init(NMCSProviderEC2Class *klass) + { ++ GObjectClass *object_class = G_OBJECT_CLASS(klass); + NMCSProviderClass *provider_class = NMCS_PROVIDER_CLASS(klass); + ++ object_class->dispose = dispose; ++ + provider_class->_name = "ec2"; + provider_class->_env_provider_enabled = NMCS_ENV_VARIABLE("NM_CLOUD_SETUP_EC2"); + provider_class->detect = detect; +-- +2.39.2 + + +From 6abbdaaa64bad00acb65ba7049dcea6bb7ae1084 Mon Sep 17 00:00:00 2001 +From: Lubomir Rintel +Date: Tue, 21 Mar 2023 22:47:27 +0100 +Subject: [PATCH 7/7] cloud-setup: actually pass the HTTP method in + nm_http_client_poll_req() + +https://bugzilla.redhat.com/show_bug.cgi?id=2179718 +https://bugzilla.redhat.com/show_bug.cgi?id=2181466 + +Fixes: 8b7e12c2d631 ('cloud-setup/ec2: start with requesting a IMDSv2 token') +Fixes: cd74d7500278 ('cloud-setup: make nm_http_client_req() accept a method argument') +(cherry picked from commit f07da04cd9f16ac9e90d3d57d970ac935ad87b4d) +(cherry picked from commit d787c0c59dce57dfacc6602a4f1d5f8d8ed3b193) +(cherry picked from commit 6abbdaaa64bad00acb65ba7049dcea6bb7ae1084) +--- + src/nm-cloud-setup/nm-http-client.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/nm-cloud-setup/nm-http-client.c b/src/nm-cloud-setup/nm-http-client.c +index b3db93e058..db123f1033 100644 +--- a/src/nm-cloud-setup/nm-http-client.c ++++ b/src/nm-cloud-setup/nm-http-client.c +@@ -290,7 +290,7 @@ nm_http_client_req(NMHttpClient *self, + + nmcs_wait_for_objects_register(edata->task); + +- _LOG2D(edata, "start get ..."); ++ _LOG2D(edata, "start %s ...", http_method ?: "get"); + + edata->ehandle = curl_easy_init(); + if (!edata->ehandle) { +@@ -560,6 +560,7 @@ nm_http_client_poll_req(NMHttpClient *self, + .check_user_data = check_user_data, + .response_code = -1, + .http_headers = NULL, ++ .http_method = http_method, + }; + + if (http_headers) { +-- +2.39.2 + diff --git a/SOURCES/1002-dns-add-support-to-no-aaaa-option-rh2144521.patch b/SOURCES/1002-dns-add-support-to-no-aaaa-option-rh2144521.patch new file mode 100644 index 0000000..e6a42a4 --- /dev/null +++ b/SOURCES/1002-dns-add-support-to-no-aaaa-option-rh2144521.patch @@ -0,0 +1,104 @@ +From 53a9c6027f739daf8f49e2180e4ac51f73eae697 Mon Sep 17 00:00:00 2001 +From: Fernando Fernandez Mancera +Date: Tue, 21 Mar 2023 16:39:38 +0000 +Subject: [PATCH] dns: add support to no-aaaa option + +Users can set `no-aaaa` DNS option to suppress AAAA queries made by the +stub resolver, including AAAA lookups triggered by NSS-based interfaces +such as getaddrinfo. Only DNS lookups are affected. + +(cherry picked from commit 9d4bbf78f0b3a80eec9115663bd9db2c6460b369) +(cherry picked from commit f71cd2eb72d97ee9119e812bba7bbd581c587114) +(cherry picked from commit 920ab658b259d940072c61ae43f7013bbb431440) +--- + src/libnm-core-impl/nm-setting-ip-config.c | 8 +++++--- + src/libnm-core-public/nm-setting-ip-config.h | 1 + + src/libnmc-setting/settings-docs.h.in | 4 ++-- + src/nmcli/generate-docs-nm-settings-nmcli.xml.in | 4 ++-- + 4 files changed, 10 insertions(+), 7 deletions(-) + +diff --git a/src/libnm-core-impl/nm-setting-ip-config.c b/src/libnm-core-impl/nm-setting-ip-config.c +index c8fc461396..0e163094f5 100644 +--- a/src/libnm-core-impl/nm-setting-ip-config.c ++++ b/src/libnm-core-impl/nm-setting-ip-config.c +@@ -51,6 +51,7 @@ const NMUtilsDNSOptionDesc _nm_utils_dns_option_descs[] = { + {NM_SETTING_DNS_OPTION_USE_VC, FALSE, FALSE}, + {NM_SETTING_DNS_OPTION_NO_RELOAD, FALSE, FALSE}, + {NM_SETTING_DNS_OPTION_TRUST_AD, FALSE, FALSE}, ++ {NM_SETTING_DNS_OPTION_NO_AAAA, FALSE, FALSE}, + {NULL, FALSE, FALSE}}; + + static char * +@@ -6202,9 +6203,10 @@ nm_setting_ip_config_class_init(NMSettingIPConfigClass *klass) + * distinct from an empty list of properties. + * + * The currently supported options are "attempts", "debug", "edns0", +- * "inet6", "ip6-bytestring", "ip6-dotint", "ndots", "no-check-names", +- * "no-ip6-dotint", "no-reload", "no-tld-query", "rotate", "single-request", +- * "single-request-reopen", "timeout", "trust-ad", "use-vc". ++ * "inet6", "ip6-bytestring", "ip6-dotint", "ndots", "no-aaaa", ++ * "no-check-names", "no-ip6-dotint", "no-reload", "no-tld-query", ++ * "rotate", "single-request", "single-request-reopen", "timeout", ++ * "trust-ad", "use-vc". + * + * The "trust-ad" setting is only honored if the profile contributes + * name servers to resolv.conf, and if all contributing profiles have +diff --git a/src/libnm-core-public/nm-setting-ip-config.h b/src/libnm-core-public/nm-setting-ip-config.h +index acbdec0f61..b42c56a8f3 100644 +--- a/src/libnm-core-public/nm-setting-ip-config.h ++++ b/src/libnm-core-public/nm-setting-ip-config.h +@@ -359,6 +359,7 @@ char *nm_ip_routing_rule_to_string(const NMIPRoutingRule *self, + #define NM_SETTING_DNS_OPTION_USE_VC "use-vc" + #define NM_SETTING_DNS_OPTION_NO_RELOAD "no-reload" + #define NM_SETTING_DNS_OPTION_TRUST_AD "trust-ad" ++#define NM_SETTING_DNS_OPTION_NO_AAAA "no-aaaa" + + typedef struct _NMSettingIPConfigClass NMSettingIPConfigClass; + +diff --git a/src/libnmc-setting/settings-docs.h.in b/src/libnmc-setting/settings-docs.h.in +index 35dfa49f00..62edc77f6b 100644 +--- a/src/libnmc-setting/settings-docs.h.in ++++ b/src/libnmc-setting/settings-docs.h.in +@@ -168,7 +168,7 @@ + #define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_DHCP_TIMEOUT N_("A timeout for a DHCP transaction in seconds. If zero (the default), a globally configured default is used. If still unspecified, a device specific timeout is used (usually 45 seconds). Set to 2147483647 (MAXINT32) for infinity.") + #define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_DHCP_VENDOR_CLASS_IDENTIFIER N_("The Vendor Class Identifier DHCP option (60). Special characters in the data string may be escaped using C-style escapes, nevertheless this property cannot contain nul bytes. If the per-profile value is unspecified (the default), a global connection default gets consulted. If still unspecified, the DHCP option is not sent to the server.") + #define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_DNS N_("Array of IP addresses of DNS servers.") +-#define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_DNS_OPTIONS N_("Array of DNS options as described in man 5 resolv.conf. NULL means that the options are unset and left at the default. In this case NetworkManager will use default options. This is distinct from an empty list of properties. The currently supported options are \"attempts\", \"debug\", \"edns0\", \"inet6\", \"ip6-bytestring\", \"ip6-dotint\", \"ndots\", \"no-check-names\", \"no-ip6-dotint\", \"no-reload\", \"no-tld-query\", \"rotate\", \"single-request\", \"single-request-reopen\", \"timeout\", \"trust-ad\", \"use-vc\". The \"trust-ad\" setting is only honored if the profile contributes name servers to resolv.conf, and if all contributing profiles have \"trust-ad\" enabled. When using a caching DNS plugin (dnsmasq or systemd-resolved in NetworkManager.conf) then \"edns0\" and \"trust-ad\" are automatically added.") ++#define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_DNS_OPTIONS N_("Array of DNS options as described in man 5 resolv.conf. NULL means that the options are unset and left at the default. In this case NetworkManager will use default options. This is distinct from an empty list of properties. The currently supported options are \"attempts\", \"debug\", \"edns0\", \"inet6\", \"ip6-bytestring\", \"ip6-dotint\", \"ndots\", \"no-aaaa\", \"no-check-names\", \"no-ip6-dotint\", \"no-reload\", \"no-tld-query\", \"rotate\", \"single-request\", \"single-request-reopen\", \"timeout\", \"trust-ad\", \"use-vc\". The \"trust-ad\" setting is only honored if the profile contributes name servers to resolv.conf, and if all contributing profiles have \"trust-ad\" enabled. When using a caching DNS plugin (dnsmasq or systemd-resolved in NetworkManager.conf) then \"edns0\" and \"trust-ad\" are automatically added.") + #define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_DNS_PRIORITY N_("DNS servers priority. The relative priority for DNS servers specified by this setting. A lower numerical value is better (higher priority). Negative values have the special effect of excluding other configurations with a greater numerical priority value; so in presence of at least one negative priority, only DNS servers from connections with the lowest priority value will be used. To avoid all DNS leaks, set the priority of the profile that should be used to the most negative value of all active connections profiles. Zero selects a globally configured default value. If the latter is missing or zero too, it defaults to 50 for VPNs (including WireGuard) and 100 for other connections. Note that the priority is to order DNS settings for multiple active connections. It does not disambiguate multiple DNS servers within the same connection profile. When multiple devices have configurations with the same priority, VPNs will be considered first, then devices with the best (lowest metric) default route and then all other devices. When using dns=default, servers with higher priority will be on top of resolv.conf. To prioritize a given server over another one within the same connection, just specify them in the desired order. Note that commonly the resolver tries name servers in /etc/resolv.conf in the order listed, proceeding with the next server in the list on failure. See for example the \"rotate\" option of the dns-options setting. If there are any negative DNS priorities, then only name servers from the devices with that lowest priority will be considered. When using a DNS resolver that supports Conditional Forwarding or Split DNS (with dns=dnsmasq or dns=systemd-resolved settings), each connection is used to query domains in its search list. The search domains determine which name servers to ask, and the DNS priority is used to prioritize name servers based on the domain. Queries for domains not present in any search list are routed through connections having the '~.' special wildcard domain, which is added automatically to connections with the default route (or can be added manually). When multiple connections specify the same domain, the one with the best priority (lowest numerical value) wins. If a sub domain is configured on another interface it will be accepted regardless the priority, unless parent domain on the other interface has a negative priority, which causes the sub domain to be shadowed. With Split DNS one can avoid undesired DNS leaks by properly configuring DNS priorities and the search domains, so that only name servers of the desired interface are configured.") + #define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_DNS_SEARCH N_("List of DNS search domains. Domains starting with a tilde ('~') are considered 'routing' domains and are used only to decide the interface over which a query must be forwarded; they are not used to complete unqualified host names. When using a DNS plugin that supports Conditional Forwarding or Split DNS, then the search domains specify which name servers to query. This makes the behavior different from running with plain /etc/resolv.conf. For more information see also the dns-priority setting. When set on a profile that also enabled DHCP, the DNS search list received automatically (option 119 for DHCPv4 and option 24 for DHCPv6) gets merged with the manual list. This can be prevented by setting \"ignore-auto-dns\". Note that if no DNS searches are configured, the fallback will be derived from the domain from DHCP (option 15).") + #define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_GATEWAY N_("The gateway associated with this configuration. This is only meaningful if \"addresses\" is also set. Setting the gateway causes NetworkManager to configure a standard default route with the gateway as next hop. This is ignored if \"never-default\" is set. An alternative is to configure the default route explicitly with a manual route and /0 as prefix length. Note that the gateway usually conflicts with routing that NetworkManager configures for WireGuard interfaces, so usually it should not be set in that case. See \"ip4-auto-default-route\".") +@@ -194,7 +194,7 @@ + #define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_DHCP_SEND_HOSTNAME N_("If TRUE, a hostname is sent to the DHCP server when acquiring a lease. Some DHCP servers use this hostname to update DNS databases, essentially providing a static hostname for the computer. If the \"dhcp-hostname\" property is NULL and this property is TRUE, the current persistent hostname of the computer is sent.") + #define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_DHCP_TIMEOUT N_("A timeout for a DHCP transaction in seconds. If zero (the default), a globally configured default is used. If still unspecified, a device specific timeout is used (usually 45 seconds). Set to 2147483647 (MAXINT32) for infinity.") + #define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_DNS N_("Array of IP addresses of DNS servers.") +-#define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_DNS_OPTIONS N_("Array of DNS options as described in man 5 resolv.conf. NULL means that the options are unset and left at the default. In this case NetworkManager will use default options. This is distinct from an empty list of properties. The currently supported options are \"attempts\", \"debug\", \"edns0\", \"inet6\", \"ip6-bytestring\", \"ip6-dotint\", \"ndots\", \"no-check-names\", \"no-ip6-dotint\", \"no-reload\", \"no-tld-query\", \"rotate\", \"single-request\", \"single-request-reopen\", \"timeout\", \"trust-ad\", \"use-vc\". The \"trust-ad\" setting is only honored if the profile contributes name servers to resolv.conf, and if all contributing profiles have \"trust-ad\" enabled. When using a caching DNS plugin (dnsmasq or systemd-resolved in NetworkManager.conf) then \"edns0\" and \"trust-ad\" are automatically added.") ++#define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_DNS_OPTIONS N_("Array of DNS options as described in man 5 resolv.conf. NULL means that the options are unset and left at the default. In this case NetworkManager will use default options. This is distinct from an empty list of properties. The currently supported options are \"attempts\", \"debug\", \"edns0\", \"inet6\", \"ip6-bytestring\", \"ip6-dotint\", \"ndots\", \"no-aaaa\", \"no-check-names\", \"no-ip6-dotint\", \"no-reload\", \"no-tld-query\", \"rotate\", \"single-request\", \"single-request-reopen\", \"timeout\", \"trust-ad\", \"use-vc\". The \"trust-ad\" setting is only honored if the profile contributes name servers to resolv.conf, and if all contributing profiles have \"trust-ad\" enabled. When using a caching DNS plugin (dnsmasq or systemd-resolved in NetworkManager.conf) then \"edns0\" and \"trust-ad\" are automatically added.") + #define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_DNS_PRIORITY N_("DNS servers priority. The relative priority for DNS servers specified by this setting. A lower numerical value is better (higher priority). Negative values have the special effect of excluding other configurations with a greater numerical priority value; so in presence of at least one negative priority, only DNS servers from connections with the lowest priority value will be used. To avoid all DNS leaks, set the priority of the profile that should be used to the most negative value of all active connections profiles. Zero selects a globally configured default value. If the latter is missing or zero too, it defaults to 50 for VPNs (including WireGuard) and 100 for other connections. Note that the priority is to order DNS settings for multiple active connections. It does not disambiguate multiple DNS servers within the same connection profile. When multiple devices have configurations with the same priority, VPNs will be considered first, then devices with the best (lowest metric) default route and then all other devices. When using dns=default, servers with higher priority will be on top of resolv.conf. To prioritize a given server over another one within the same connection, just specify them in the desired order. Note that commonly the resolver tries name servers in /etc/resolv.conf in the order listed, proceeding with the next server in the list on failure. See for example the \"rotate\" option of the dns-options setting. If there are any negative DNS priorities, then only name servers from the devices with that lowest priority will be considered. When using a DNS resolver that supports Conditional Forwarding or Split DNS (with dns=dnsmasq or dns=systemd-resolved settings), each connection is used to query domains in its search list. The search domains determine which name servers to ask, and the DNS priority is used to prioritize name servers based on the domain. Queries for domains not present in any search list are routed through connections having the '~.' special wildcard domain, which is added automatically to connections with the default route (or can be added manually). When multiple connections specify the same domain, the one with the best priority (lowest numerical value) wins. If a sub domain is configured on another interface it will be accepted regardless the priority, unless parent domain on the other interface has a negative priority, which causes the sub domain to be shadowed. With Split DNS one can avoid undesired DNS leaks by properly configuring DNS priorities and the search domains, so that only name servers of the desired interface are configured.") + #define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_DNS_SEARCH N_("List of DNS search domains. Domains starting with a tilde ('~') are considered 'routing' domains and are used only to decide the interface over which a query must be forwarded; they are not used to complete unqualified host names. When using a DNS plugin that supports Conditional Forwarding or Split DNS, then the search domains specify which name servers to query. This makes the behavior different from running with plain /etc/resolv.conf. For more information see also the dns-priority setting. When set on a profile that also enabled DHCP, the DNS search list received automatically (option 119 for DHCPv4 and option 24 for DHCPv6) gets merged with the manual list. This can be prevented by setting \"ignore-auto-dns\". Note that if no DNS searches are configured, the fallback will be derived from the domain from DHCP (option 15).") + #define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_GATEWAY N_("The gateway associated with this configuration. This is only meaningful if \"addresses\" is also set. Setting the gateway causes NetworkManager to configure a standard default route with the gateway as next hop. This is ignored if \"never-default\" is set. An alternative is to configure the default route explicitly with a manual route and /0 as prefix length. Note that the gateway usually conflicts with routing that NetworkManager configures for WireGuard interfaces, so usually it should not be set in that case. See \"ip4-auto-default-route\".") +diff --git a/src/nmcli/generate-docs-nm-settings-nmcli.xml.in b/src/nmcli/generate-docs-nm-settings-nmcli.xml.in +index 9acb76481e..03e6c0b54b 100644 +--- a/src/nmcli/generate-docs-nm-settings-nmcli.xml.in ++++ b/src/nmcli/generate-docs-nm-settings-nmcli.xml.in +@@ -656,7 +656,7 @@ + + ++ description="Array of DNS options as described in man 5 resolv.conf. NULL means that the options are unset and left at the default. In this case NetworkManager will use default options. This is distinct from an empty list of properties. The currently supported options are "attempts", "debug", "edns0", "inet6", "ip6-bytestring", "ip6-dotint", "ndots", "no-aaaa", "no-check-names", "no-ip6-dotint", "no-reload", "no-tld-query", "rotate", "single-request", "single-request-reopen", "timeout", "trust-ad", "use-vc". The "trust-ad" setting is only honored if the profile contributes name servers to resolv.conf, and if all contributing profiles have "trust-ad" enabled. When using a caching DNS plugin (dnsmasq or systemd-resolved in NetworkManager.conf) then "edns0" and "trust-ad" are automatically added." /> + + + ++ description="Array of DNS options as described in man 5 resolv.conf. NULL means that the options are unset and left at the default. In this case NetworkManager will use default options. This is distinct from an empty list of properties. The currently supported options are "attempts", "debug", "edns0", "inet6", "ip6-bytestring", "ip6-dotint", "ndots", "no-aaaa", "no-check-names", "no-ip6-dotint", "no-reload", "no-tld-query", "rotate", "single-request", "single-request-reopen", "timeout", "trust-ad", "use-vc". The "trust-ad" setting is only honored if the profile contributes name servers to resolv.conf, and if all contributing profiles have "trust-ad" enabled. When using a caching DNS plugin (dnsmasq or systemd-resolved in NetworkManager.conf) then "edns0" and "trust-ad" are automatically added." /> + + +Date: Fri, 17 Mar 2023 15:59:27 +0100 +Subject: [PATCH 1/8] libnm: fix ifcfg variable documentation at queue-id + property + +The correct variable for queue-id in ifcfg is BOND_PORT_QUEUE_ID. + +(cherry picked from commit 762cd06ffa4ff56b096128c26c931843429dc8c5) +(cherry picked from commit 87316737f36202902df76e5da6ba130e7bec4dfe) +(cherry picked from commit 40c523cd78ff322954f7b696afee8baee37da810) +--- + src/libnm-core-impl/nm-setting-bond-port.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/libnm-core-impl/nm-setting-bond-port.c b/src/libnm-core-impl/nm-setting-bond-port.c +index 7ea82a763e..d1656a31ac 100644 +--- a/src/libnm-core-impl/nm-setting-bond-port.c ++++ b/src/libnm-core-impl/nm-setting-bond-port.c +@@ -148,7 +148,7 @@ nm_setting_bond_port_class_init(NMSettingBondPortClass *klass) + **/ + /* ---ifcfg-rh--- + * property: queue-id +- * variable: BONDING_OPTS: queue-id= ++ * variable: BOND_PORT_QUEUE_ID(+) + * values: 0 - 65535 + * default: 0 + * description: Queue ID. +-- +2.40.1 + + +From 495f3f1918bcde6105b74482613c51fd3b9185b0 Mon Sep 17 00:00:00 2001 +From: Beniamino Galvani +Date: Mon, 27 Feb 2023 10:55:29 +0100 +Subject: [PATCH 2/8] platform: rename link_change() to link_change_extra() + +There are many functions to replace properties of a link +(link_set_address, link_set_mtu, link_set_name, link_change, +etc.). Eventually, they will be replaced by a function that does +everything and removes all the code duplication. + +That function will be named link_change(); rename the current +link_change() to link_change_extra(). + +(cherry picked from commit babe2bacd3e23e03d5066b82ac0bb57c60b9db6f) +(cherry picked from commit 9ae85f6541505300ac811dff4671fe56a6d11ab7) +(cherry picked from commit 0a158141d3423173df0ba6983caed5d3aea8a9c8) +--- + src/libnm-platform/nm-linux-platform.c | 8 ++++---- + src/libnm-platform/nm-platform.c | 7 +++++-- + src/libnm-platform/nm-platform.h | 17 ++++++++++------- + 3 files changed, 19 insertions(+), 13 deletions(-) + +diff --git a/src/libnm-platform/nm-linux-platform.c b/src/libnm-platform/nm-linux-platform.c +index b798d12d2a..527d509498 100644 +--- a/src/libnm-platform/nm-linux-platform.c ++++ b/src/libnm-platform/nm-linux-platform.c +@@ -7984,7 +7984,7 @@ out: + } + + static int +-link_change(NMPlatform *platform, NMLinkType type, int ifindex, gconstpointer extra_data) ++link_change_extra(NMPlatform *platform, NMLinkType type, int ifindex, gconstpointer extra_data) + { + nm_auto_nlmsg struct nl_msg *nlmsg = NULL; + +@@ -10824,9 +10824,9 @@ nm_linux_platform_class_init(NMLinuxPlatformClass *klass) + platform_class->sysctl_set_async = sysctl_set_async; + platform_class->sysctl_get = sysctl_get; + +- platform_class->link_add = link_add; +- platform_class->link_change = link_change; +- platform_class->link_delete = link_delete; ++ platform_class->link_add = link_add; ++ platform_class->link_change_extra = link_change_extra; ++ platform_class->link_delete = link_delete; + + platform_class->link_refresh = link_refresh; + +diff --git a/src/libnm-platform/nm-platform.c b/src/libnm-platform/nm-platform.c +index 198e5f0afb..ab98491b45 100644 +--- a/src/libnm-platform/nm-platform.c ++++ b/src/libnm-platform/nm-platform.c +@@ -1388,7 +1388,10 @@ nm_platform_link_add(NMPlatform *self, + } + + int +-nm_platform_link_change(NMPlatform *self, NMLinkType type, int ifindex, gconstpointer extra_data) ++nm_platform_link_change_extra(NMPlatform *self, ++ NMLinkType type, ++ int ifindex, ++ gconstpointer extra_data) + { + char buf[512]; + const char *name = nm_platform_link_get_name(self, ifindex); +@@ -1429,7 +1432,7 @@ nm_platform_link_change(NMPlatform *self, NMLinkType type, int ifindex, gconstpo + buf; + })); + +- return klass->link_change(self, type, ifindex, extra_data); ++ return klass->link_change_extra(self, type, ifindex, extra_data); + } + + /** +diff --git a/src/libnm-platform/nm-platform.h b/src/libnm-platform/nm-platform.h +index 30d0b5067c..d87eba3a63 100644 +--- a/src/libnm-platform/nm-platform.h ++++ b/src/libnm-platform/nm-platform.h +@@ -1222,9 +1222,10 @@ typedef struct { + guint32 mtu, + gconstpointer extra_data, + const NMPlatformLink **out_link); +- +- int (*link_change)(NMPlatform *self, NMLinkType type, int ifindex, gconstpointer extra_data); +- ++ int (*link_change_extra)(NMPlatform *self, ++ NMLinkType type, ++ int ifindex, ++ gconstpointer extra_data); + gboolean (*link_delete)(NMPlatform *self, int ifindex); + gboolean (*link_refresh)(NMPlatform *self, int ifindex); + gboolean (*link_set_netns)(NMPlatform *self, int ifindex, int netns_fd); +@@ -1749,8 +1750,10 @@ int nm_platform_link_add(NMPlatform *self, + gconstpointer extra_data, + const NMPlatformLink **out_link); + +-int +-nm_platform_link_change(NMPlatform *self, NMLinkType type, int ifindex, gconstpointer extra_data); ++int nm_platform_link_change_extra(NMPlatform *self, ++ NMLinkType type, ++ int ifindex, ++ gconstpointer extra_data); + + static inline int + nm_platform_link_veth_add(NMPlatform *self, +@@ -1790,13 +1793,13 @@ nm_platform_link_bridge_add(NMPlatform *self, + static inline int + nm_platform_link_bridge_change(NMPlatform *self, int ifindex, const NMPlatformLnkBridge *props) + { +- return nm_platform_link_change(self, NM_LINK_TYPE_BRIDGE, ifindex, props); ++ return nm_platform_link_change_extra(self, NM_LINK_TYPE_BRIDGE, ifindex, props); + } + + static inline int + nm_platform_link_bond_change(NMPlatform *self, int ifindex, const NMPlatformLnkBond *props) + { +- return nm_platform_link_change(self, NM_LINK_TYPE_BOND, ifindex, props); ++ return nm_platform_link_change_extra(self, NM_LINK_TYPE_BOND, ifindex, props); + } + + static inline int +-- +2.40.1 + + +From b58c3ee56f67c6e6e1e4fe0358d95df57537e6b0 Mon Sep 17 00:00:00 2001 +From: Lubomir Rintel +Date: Fri, 30 Sep 2022 22:40:03 +0200 +Subject: [PATCH 3/8] bond,bridge,team: use uuid for con.master when generating + connection + +If we're generating a connection for an externally configured slave, +refer the master by the UUID instead of the device name. + +This doesn't matter most of the time. However, on a checkpoint restore +we need to make sure that a connection that is unambiguously the original +master is up. + +Otherwise it could happen that a different connection was activated on the +same master device and the slaves being restored don't agree on which master +connection to bring up. + +I can't think of any thing that would rely on this but I've been wrong +about more serious things before. + +Fixes-test: @libnm_snapshot_reattach_unmanaged_ports_to_bridge + +https://bugzilla.redhat.com/show_bug.cgi?id=2125615 +(cherry picked from commit dc254f90e2b306700a0b81f7194e9b0438c62f4c) +(cherry picked from commit 836d7511e8b7d9660b18ee9876c635b8512f6966) +--- + src/core/devices/nm-device-bond.c | 9 +++++---- + src/core/devices/nm-device-bridge.c | 9 +++++---- + src/core/devices/team/nm-device-team.c | 9 +++++---- + 3 files changed, 15 insertions(+), 12 deletions(-) + +diff --git a/src/core/devices/nm-device-bond.c b/src/core/devices/nm-device-bond.c +index 10765b609c..9556c57321 100644 +--- a/src/core/devices/nm-device-bond.c ++++ b/src/core/devices/nm-device-bond.c +@@ -224,9 +224,10 @@ controller_update_port_connection(NMDevice *self, + GError **error) + { + NMSettingBondPort *s_port; +- int ifindex_port = nm_device_get_ifindex(port); +- uint queue_id = NM_BOND_PORT_QUEUE_ID_DEF; +- gs_free char *queue_id_str = NULL; ++ int ifindex_port = nm_device_get_ifindex(port); ++ NMConnection *applied_connection = nm_device_get_applied_connection(self); ++ uint queue_id = NM_BOND_PORT_QUEUE_ID_DEF; ++ gs_free char *queue_id_str = NULL; + + g_return_val_if_fail(ifindex_port > 0, FALSE); + +@@ -243,7 +244,7 @@ controller_update_port_connection(NMDevice *self, + + g_object_set(nm_connection_get_setting_connection(connection), + NM_SETTING_CONNECTION_MASTER, +- nm_device_get_iface(self), ++ nm_connection_get_uuid(applied_connection), + NM_SETTING_CONNECTION_SLAVE_TYPE, + NM_SETTING_BOND_SETTING_NAME, + NULL); +diff --git a/src/core/devices/nm-device-bridge.c b/src/core/devices/nm-device-bridge.c +index 31cf361e8e..d8f1337058 100644 +--- a/src/core/devices/nm-device-bridge.c ++++ b/src/core/devices/nm-device-bridge.c +@@ -679,9 +679,10 @@ master_update_slave_connection(NMDevice *device, + NMDeviceBridge *self = NM_DEVICE_BRIDGE(device); + NMSettingConnection *s_con; + NMSettingBridgePort *s_port; +- int ifindex_slave = nm_device_get_ifindex(slave); +- const char *iface = nm_device_get_iface(device); +- const Option *option; ++ int ifindex_slave = nm_device_get_ifindex(slave); ++ NMConnection *applied_connection = nm_device_get_applied_connection(device); ++ ++ const Option *option; + + g_return_val_if_fail(ifindex_slave > 0, FALSE); + +@@ -717,7 +718,7 @@ master_update_slave_connection(NMDevice *device, + + g_object_set(s_con, + NM_SETTING_CONNECTION_MASTER, +- iface, ++ nm_connection_get_uuid(applied_connection), + NM_SETTING_CONNECTION_SLAVE_TYPE, + NM_SETTING_BRIDGE_SETTING_NAME, + NULL); +diff --git a/src/core/devices/team/nm-device-team.c b/src/core/devices/team/nm-device-team.c +index 9eca008a10..b745158ef8 100644 +--- a/src/core/devices/team/nm-device-team.c ++++ b/src/core/devices/team/nm-device-team.c +@@ -258,9 +258,10 @@ master_update_slave_connection(NMDevice *device, + gs_free_error GError *connect_error = NULL; + int err = 0; + struct teamdctl *tdc; +- const char *team_port_config = NULL; +- const char *iface = nm_device_get_iface(device); +- const char *iface_slave = nm_device_get_iface(slave); ++ const char *team_port_config = NULL; ++ const char *iface = nm_device_get_iface(device); ++ const char *iface_slave = nm_device_get_iface(slave); ++ NMConnection *applied_connection = nm_device_get_applied_connection(device); + + tdc = _tdc_connect_new(self, iface, &connect_error); + if (!tdc) { +@@ -299,7 +300,7 @@ master_update_slave_connection(NMDevice *device, + + g_object_set(nm_connection_get_setting_connection(connection), + NM_SETTING_CONNECTION_MASTER, +- iface, ++ nm_connection_get_uuid(applied_connection), + NM_SETTING_CONNECTION_SLAVE_TYPE, + NM_SETTING_TEAM_SETTING_NAME, + NULL); +-- +2.40.1 + + +From 8a02a950e1e23f584e5f3750ceb8a69efd7b3328 Mon Sep 17 00:00:00 2001 +From: Fernando Fernandez Mancera +Date: Fri, 3 Mar 2023 16:36:23 +0100 +Subject: [PATCH 4/8] platform: add netlink support for bond port options + +sysfs is deprecated and kernel will not add new bond port options to +sysfs. Netlink is a stable API and therefore is the right method to +communicate with kernel in order to set the link options. + +(cherry picked from commit bb435674b56e876084d4c31138ea95cb3174759f) +(cherry picked from commit 1bce7f0dec6c558fff8c6689d79cb7839eb925fe) +(cherry picked from commit ee592c02dd42ccf6bd45b8927716df5715fa45f8) +--- + src/core/devices/nm-device-bond.c | 42 ++++-------- + src/core/platform/nm-fake-platform.c | 24 +++++++ + src/core/platform/tests/test-link.c | 15 +++++ + src/libnm-glib-aux/nm-shared-utils.h | 8 +++ + src/libnm-platform/nm-linux-platform.c | 79 +++++++++++++++++++++- + src/libnm-platform/nm-platform.c | 90 ++++++++++++++++++++++++++ + src/libnm-platform/nm-platform.h | 25 +++++++ + 7 files changed, 250 insertions(+), 33 deletions(-) + +diff --git a/src/core/devices/nm-device-bond.c b/src/core/devices/nm-device-bond.c +index 9556c57321..0485689d10 100644 +--- a/src/core/devices/nm-device-bond.c ++++ b/src/core/devices/nm-device-bond.c +@@ -223,24 +223,18 @@ controller_update_port_connection(NMDevice *self, + NMConnection *connection, + GError **error) + { +- NMSettingBondPort *s_port; +- int ifindex_port = nm_device_get_ifindex(port); +- NMConnection *applied_connection = nm_device_get_applied_connection(self); +- uint queue_id = NM_BOND_PORT_QUEUE_ID_DEF; +- gs_free char *queue_id_str = NULL; ++ NMSettingBondPort *s_port; ++ int ifindex_port = nm_device_get_ifindex(port); ++ NMConnection *applied_connection = nm_device_get_applied_connection(self); ++ const NMPlatformLink *pllink; + + g_return_val_if_fail(ifindex_port > 0, FALSE); + + s_port = _nm_connection_ensure_setting(connection, NM_TYPE_SETTING_BOND_PORT); ++ pllink = nm_platform_link_get(nm_device_get_platform(port), ifindex_port); + +- queue_id_str = +- nm_platform_sysctl_slave_get_option(nm_device_get_platform(self), ifindex_port, "queue_id"); +- if (queue_id_str) { +- queue_id = +- _nm_utils_ascii_str_to_int64(queue_id_str, 10, 0, 65535, NM_BOND_PORT_QUEUE_ID_DEF); +- g_object_set(s_port, NM_SETTING_BOND_PORT_QUEUE_ID, queue_id, NULL); +- } else +- _LOGW(LOGD_BOND, "failed to read bond port setting '%s'", NM_SETTING_BOND_PORT_QUEUE_ID); ++ if (pllink && pllink->port_kind == NM_PORT_KIND_BOND) ++ g_object_set(s_port, NM_SETTING_BOND_PORT_QUEUE_ID, pllink->port_data.bond.queue_id, NULL); + + g_object_set(nm_connection_get_setting_connection(connection), + NM_SETTING_CONNECTION_MASTER, +@@ -501,23 +495,11 @@ act_stage1_prepare(NMDevice *device, NMDeviceStateReason *out_failure_reason) + static void + commit_port_options(NMDevice *bond_device, NMDevice *port, NMSettingBondPort *s_port) + { +- char queue_id_str[IFNAMSIZ + NM_STRLEN(":") + 5 + 100]; +- +- /* +- * The queue-id of bond port is read only, we should modify bond interface using: +- * echo "eth1:2" > /sys/class/net/bond0/bonding/queue_id +- * Kernel allows parital editing, so no need to care about other bond ports. +- */ +- g_snprintf(queue_id_str, +- sizeof(queue_id_str), +- "%s:%" G_GUINT32_FORMAT, +- nm_device_get_iface(port), +- s_port ? nm_setting_bond_port_get_queue_id(s_port) : NM_BOND_PORT_QUEUE_ID_DEF); +- +- nm_platform_sysctl_master_set_option(nm_device_get_platform(bond_device), +- nm_device_get_ifindex(bond_device), +- "queue_id", +- queue_id_str); ++ nm_platform_link_change( ++ nm_device_get_platform(port), ++ nm_device_get_ifindex(port), ++ &((NMPlatformLinkBondPort){.queue_id = s_port ? nm_setting_bond_port_get_queue_id(s_port) ++ : NM_BOND_PORT_QUEUE_ID_DEF})); + } + + static NMTernary +diff --git a/src/core/platform/nm-fake-platform.c b/src/core/platform/nm-fake-platform.c +index a1ca5434cb..c39c45e586 100644 +--- a/src/core/platform/nm-fake-platform.c ++++ b/src/core/platform/nm-fake-platform.c +@@ -667,6 +667,29 @@ link_supports_sriov(NMPlatform *platform, int ifindex) + } + } + ++static gboolean ++link_change(NMPlatform *platform, ++ int ifindex, ++ NMPortKind port_kind, ++ const NMPlatformLinkPortData *port_data) ++{ ++ NMFakePlatformLink *device = link_get(platform, ifindex); ++ nm_auto_nmpobj NMPObject *obj_tmp = NULL; ++ ++ switch (port_kind) { ++ case NM_PORT_KIND_BOND: ++ obj_tmp = nmp_object_clone(device->obj, FALSE); ++ obj_tmp->link.port_kind = NM_PORT_KIND_BOND; ++ obj_tmp->link.port_data.bond.queue_id = port_data->bond.queue_id; ++ link_set_obj(platform, device, obj_tmp); ++ return TRUE; ++ case NM_PORT_KIND_NONE: ++ return TRUE; ++ } ++ ++ return nm_assert_unreachable_val(TRUE); ++} ++ + static gboolean + link_enslave(NMPlatform *platform, int master, int slave) + { +@@ -1322,6 +1345,7 @@ nm_fake_platform_class_init(NMFakePlatformClass *klass) + platform_class->link_set_address = link_set_address; + platform_class->link_set_mtu = link_set_mtu; + ++ platform_class->link_change = link_change; + platform_class->link_change_flags = link_change_flags; + + platform_class->link_get_driver_info = link_get_driver_info; +diff --git a/src/core/platform/tests/test-link.c b/src/core/platform/tests/test-link.c +index b72bcb65b2..bdbfbea34f 100644 +--- a/src/core/platform/tests/test-link.c ++++ b/src/core/platform/tests/test-link.c +@@ -257,6 +257,21 @@ test_slave(int master, int type, SignalData *master_changed) + else + g_assert(!nm_platform_link_is_up(NM_PLATFORM_GET, ifindex)); + ++ if (NM_IN_SET(link_type, NM_LINK_TYPE_BOND)) { ++ const NMPlatformLink *link; ++ NMPlatformLinkBondPort bond_port; ++ ++ bond_port = (NMPlatformLinkBondPort){ ++ .queue_id = 5, ++ }; ++ g_assert(nm_platform_link_change(NM_PLATFORM_GET, ifindex, &bond_port)); ++ accept_signals(link_changed, 1, 3); ++ ++ link = nmtstp_link_get(NM_PLATFORM_GET, ifindex, SLAVE_NAME); ++ g_assert(link); ++ g_assert_cmpint(link->port_data.bond.queue_id, ==, 5); ++ } ++ + test_link_changed_signal_arg1 = FALSE; + test_link_changed_signal_arg2 = FALSE; + g_signal_connect(NM_PLATFORM_GET, +diff --git a/src/libnm-glib-aux/nm-shared-utils.h b/src/libnm-glib-aux/nm-shared-utils.h +index 53cf7f3e57..b6cbf95504 100644 +--- a/src/libnm-glib-aux/nm-shared-utils.h ++++ b/src/libnm-glib-aux/nm-shared-utils.h +@@ -93,6 +93,14 @@ G_STATIC_ASSERT(sizeof(int) == sizeof(gint32)); + + /*****************************************************************************/ + ++typedef enum _nm_packed { ++ /* No type, empty value */ ++ NM_PORT_KIND_NONE, ++ NM_PORT_KIND_BOND, ++} NMPortKind; ++ ++/*****************************************************************************/ ++ + typedef enum { + + /* No type, used as error value */ +diff --git a/src/libnm-platform/nm-linux-platform.c b/src/libnm-platform/nm-linux-platform.c +index 527d509498..8158f364d2 100644 +--- a/src/libnm-platform/nm-linux-platform.c ++++ b/src/libnm-platform/nm-linux-platform.c +@@ -3241,9 +3241,11 @@ _new_from_nl_link(NMPlatform *platform, + + if (tb[IFLA_LINKINFO]) { + static const struct nla_policy policy_link_info[] = { +- [IFLA_INFO_KIND] = {.type = NLA_STRING}, +- [IFLA_INFO_DATA] = {.type = NLA_NESTED}, +- [IFLA_INFO_XSTATS] = {.type = NLA_NESTED}, ++ [IFLA_INFO_KIND] = {.type = NLA_STRING}, ++ [IFLA_INFO_DATA] = {.type = NLA_NESTED}, ++ [IFLA_INFO_XSTATS] = {.type = NLA_NESTED}, ++ [IFLA_INFO_SLAVE_KIND] = {.type = NLA_STRING}, ++ [IFLA_INFO_SLAVE_DATA] = {.type = NLA_NESTED}, + }; + struct nlattr *li[G_N_ELEMENTS(policy_link_info)]; + +@@ -3254,6 +3256,33 @@ _new_from_nl_link(NMPlatform *platform, + nl_info_kind = nla_get_string(li[IFLA_INFO_KIND]); + + nl_info_data = li[IFLA_INFO_DATA]; ++ ++ if (li[IFLA_INFO_SLAVE_KIND]) { ++ const char *s = nla_get_string(li[IFLA_INFO_SLAVE_KIND]); ++ ++ if (nm_streq(s, "bond")) ++ obj->link.port_kind = NM_PORT_KIND_BOND; ++ } ++ ++ if (li[IFLA_INFO_SLAVE_DATA]) { ++ static const struct nla_policy policy_bond_port[] = { ++ [IFLA_BOND_SLAVE_QUEUE_ID] = {.type = NLA_U16}, ++ }; ++ struct nlattr *bp[G_N_ELEMENTS(policy_bond_port)]; ++ ++ switch (obj->link.port_kind) { ++ case NM_PORT_KIND_BOND: ++ if (nla_parse_nested_arr(bp, li[IFLA_INFO_SLAVE_DATA], policy_bond_port) < 0) ++ return NULL; ++ ++ if (bp[IFLA_BOND_SLAVE_QUEUE_ID]) ++ obj->link.port_data.bond.queue_id = nla_get_u16(bp[IFLA_BOND_SLAVE_QUEUE_ID]); ++ ++ break; ++ case NM_PORT_KIND_NONE: ++ break; ++ } ++ } + } + + if (tb[IFLA_STATS64]) { +@@ -8061,6 +8090,48 @@ link_delete(NMPlatform *platform, int ifindex) + return do_delete_object(platform, &obj_id, nlmsg); + } + ++static gboolean ++link_change(NMPlatform *platform, ++ int ifindex, ++ NMPortKind port_kind, ++ const NMPlatformLinkPortData *port_data) ++{ ++ nm_auto_nlmsg struct nl_msg *nlmsg = NULL; ++ struct nlattr *nl_info; ++ struct nlattr *nl_port_data; ++ ++ nlmsg = _nl_msg_new_link(RTM_NEWLINK, 0, ifindex, NULL); ++ if (!nlmsg) ++ return FALSE; ++ ++ switch (port_kind) { ++ case NM_PORT_KIND_BOND: ++ ++ nm_assert(port_data); ++ ++ if (!(nl_info = nla_nest_start(nlmsg, IFLA_LINKINFO))) ++ goto nla_put_failure; ++ ++ nm_assert(nm_streq0("bond", nm_link_type_to_rtnl_type_string(NM_LINK_TYPE_BOND))); ++ NLA_PUT_STRING(nlmsg, IFLA_INFO_SLAVE_KIND, "bond"); ++ ++ if (!(nl_port_data = nla_nest_start(nlmsg, IFLA_INFO_SLAVE_DATA))) ++ goto nla_put_failure; ++ ++ NLA_PUT_U16(nlmsg, IFLA_BOND_SLAVE_QUEUE_ID, port_data->bond.queue_id); ++ ++ nla_nest_end(nlmsg, nl_port_data); ++ nla_nest_end(nlmsg, nl_info); ++ break; ++ case NM_PORT_KIND_NONE: ++ break; ++ } ++ ++ return do_change_link(platform, CHANGE_LINK_TYPE_UNSPEC, ifindex, nlmsg, NULL) == 0; ++nla_put_failure: ++ g_return_val_if_reached(FALSE); ++} ++ + static gboolean + link_refresh(NMPlatform *platform, int ifindex) + { +@@ -10828,6 +10899,8 @@ nm_linux_platform_class_init(NMLinuxPlatformClass *klass) + platform_class->link_change_extra = link_change_extra; + platform_class->link_delete = link_delete; + ++ platform_class->link_change = link_change; ++ + platform_class->link_refresh = link_refresh; + + platform_class->link_set_netns = link_set_netns; +diff --git a/src/libnm-platform/nm-platform.c b/src/libnm-platform/nm-platform.c +index ab98491b45..01568243a3 100644 +--- a/src/libnm-platform/nm-platform.c ++++ b/src/libnm-platform/nm-platform.c +@@ -61,6 +61,31 @@ G_STATIC_ASSERT(sizeof(((NMPlatformLink *) NULL)->l_address.data) == _NM_UTILS_H + G_STATIC_ASSERT(sizeof(((NMPlatformLink *) NULL)->l_perm_address.data) == _NM_UTILS_HWADDR_LEN_MAX); + G_STATIC_ASSERT(sizeof(((NMPlatformLink *) NULL)->l_broadcast.data) == _NM_UTILS_HWADDR_LEN_MAX); + ++static const char * ++_nmp_link_port_data_to_string(NMPortKind port_kind, ++ const NMPlatformLinkPortData *port_data, ++ char *sbuf, ++ gsize sbuf_len) ++{ ++ const char *sbuf0 = sbuf; ++ ++ nm_assert(port_data); ++ ++ switch (port_kind) { ++ case NM_PORT_KIND_NONE: ++ nm_strbuf_append_c(&sbuf, &sbuf_len, '\0'); ++ goto out; ++ case NM_PORT_KIND_BOND: ++ nm_strbuf_append(&sbuf, &sbuf_len, "port bond queue-id %u", port_data->bond.queue_id); ++ goto out; ++ } ++ ++ nm_strbuf_append(&sbuf, &sbuf_len, "invalid-port-type %d", (int) port_kind); ++ ++out: ++ return sbuf0; ++} ++ + static const char * + _nmp_link_address_to_string(const NMPLinkAddress *addr, + char buf[static(_NM_UTILS_HWADDR_LEN_MAX * 3)]) +@@ -2092,6 +2117,31 @@ nm_platform_link_set_name(NMPlatform *self, int ifindex, const char *name) + return klass->link_set_name(self, ifindex, name); + } + ++gboolean ++nm_platform_link_change(NMPlatform *self, int ifindex, NMPlatformLinkBondPort *bond_port) ++{ ++ _CHECK_SELF(self, klass, FALSE); ++ ++ g_return_val_if_fail(ifindex >= 0, FALSE); ++ ++ if (_LOGD_ENABLED()) { ++ nm_auto_free_gstring GString *str = g_string_new(""); ++ ++ if (bond_port) ++ g_string_append_printf(str, "bond-port queue-id %d", bond_port->queue_id); ++ ++ if (str->len > 0 && str->str[str->len - 1] == ' ') ++ g_string_truncate(str, str->len - 1); ++ ++ _LOG3D("link: change: %s", str->str); ++ } ++ ++ return klass->link_change(self, ++ ifindex, ++ bond_port ? NM_PORT_KIND_BOND : NM_PORT_KIND_NONE, ++ (const NMPlatformLinkPortData *) bond_port); ++} ++ + /** + * nm_platform_link_get_physical_port_id: + * @self: platform instance +@@ -5893,6 +5943,7 @@ nm_platform_link_to_string(const NMPlatformLink *link, char *buf, gsize len) + char *s; + gsize l; + char str_addrmode[30]; ++ char str_port_data[200]; + char str_address[_NM_UTILS_HWADDR_LEN_MAX * 3]; + char str_perm_address[_NM_UTILS_HWADDR_LEN_MAX * 3]; + char str_broadcast[_NM_UTILS_HWADDR_LEN_MAX * 3]; +@@ -5936,6 +5987,11 @@ nm_platform_link_to_string(const NMPlatformLink *link, char *buf, gsize len) + _nmp_link_address_to_string(&link->l_perm_address, str_perm_address); + _nmp_link_address_to_string(&link->l_broadcast, str_broadcast); + ++ _nmp_link_port_data_to_string(link->port_kind, ++ &link->port_data, ++ str_port_data, ++ sizeof(str_port_data)); ++ + str_link_type = nm_link_type_to_string(link->type); + + g_snprintf( +@@ -5957,6 +6013,7 @@ nm_platform_link_to_string(const NMPlatformLink *link, char *buf, gsize len) + "%s%s" /* l_broadcast */ + "%s%s" /* inet6_token */ + "%s%s" /* driver */ ++ "%s%s" /* port_data */ + " rx:%" G_GUINT64_FORMAT ",%" G_GUINT64_FORMAT " tx:%" G_GUINT64_FORMAT + ",%" G_GUINT64_FORMAT, + link->ifindex, +@@ -5989,6 +6046,7 @@ nm_platform_link_to_string(const NMPlatformLink *link, char *buf, gsize len) + : "", + link->driver ? " driver " : "", + link->driver ?: "", ++ NM_PRINT_FMT_QUOTED2(str_port_data[0] != '\0', " ", str_port_data, ""), + link->rx_packets, + link->rx_bytes, + link->tx_packets, +@@ -7927,6 +7985,7 @@ nm_platform_link_hash_update(const NMPlatformLink *obj, NMHashState *h) + obj->arptype, + obj->inet6_addr_gen_mode_inv, + obj->inet6_token, ++ obj->port_kind, + obj->rx_packets, + obj->rx_bytes, + obj->tx_packets, +@@ -7945,6 +8004,20 @@ nm_platform_link_hash_update(const NMPlatformLink *obj, NMHashState *h) + nm_hash_update_mem(h, + obj->l_broadcast.data, + NM_MIN(obj->l_broadcast.len, sizeof(obj->l_broadcast.data))); ++ ++ switch (obj->port_kind) { ++ case NM_PORT_KIND_NONE: ++ break; ++ case NM_PORT_KIND_BOND: ++ nm_platform_link_bond_port_hash_update(&obj->port_data.bond, h); ++ break; ++ } ++} ++ ++void ++nm_platform_link_bond_port_hash_update(const NMPlatformLinkBondPort *obj, NMHashState *h) ++{ ++ nm_hash_update_vals(h, obj->queue_id); + } + + int +@@ -7974,6 +8047,14 @@ nm_platform_link_cmp(const NMPlatformLink *a, const NMPlatformLink *b) + if (a->l_broadcast.len) + NM_CMP_FIELD_MEMCMP_LEN(a, b, l_broadcast.data, a->l_broadcast.len); + NM_CMP_FIELD_MEMCMP(a, b, inet6_token); ++ NM_CMP_FIELD(a, b, port_kind); ++ switch (a->port_kind) { ++ case NM_PORT_KIND_NONE: ++ break; ++ case NM_PORT_KIND_BOND: ++ NM_CMP_RETURN(nm_platform_link_bond_port_cmp(&a->port_data.bond, &b->port_data.bond)); ++ break; ++ } + NM_CMP_FIELD(a, b, rx_packets); + NM_CMP_FIELD(a, b, rx_bytes); + NM_CMP_FIELD(a, b, tx_packets); +@@ -8053,6 +8134,15 @@ nm_platform_lnk_bond_hash_update(const NMPlatformLnkBond *obj, NMHashState *h) + nm_hash_update(h, obj->arp_ip_target, obj->arp_ip_targets_num * sizeof(obj->arp_ip_target[0])); + } + ++int ++nm_platform_link_bond_port_cmp(const NMPlatformLinkBondPort *a, const NMPlatformLinkBondPort *b) ++{ ++ NM_CMP_SELF(a, b); ++ NM_CMP_FIELD(a, b, queue_id); ++ ++ return 0; ++} ++ + int + nm_platform_lnk_bond_cmp(const NMPlatformLnkBond *a, const NMPlatformLnkBond *b) + { +diff --git a/src/libnm-platform/nm-platform.h b/src/libnm-platform/nm-platform.h +index d87eba3a63..f48662d900 100644 +--- a/src/libnm-platform/nm-platform.h ++++ b/src/libnm-platform/nm-platform.h +@@ -216,6 +216,14 @@ struct _NMPlatformObjWithIfindex { + __NMPlatformObjWithIfindex_COMMON; + }; + ++typedef struct { ++ guint16 queue_id; ++} NMPlatformLinkBondPort; ++ ++typedef union { ++ NMPlatformLinkBondPort bond; ++} NMPlatformLinkPortData; ++ + struct _NMPlatformLink { + __NMPlatformObjWithIfindex_COMMON; + char name[NMP_IFNAMSIZ]; +@@ -266,6 +274,12 @@ struct _NMPlatformLink { + guint64 tx_packets; + guint64 tx_bytes; + ++ /* IFLA_INFO_SLAVE_KIND */ ++ NMPortKind port_kind; ++ ++ /* an interface can only hold IFLA_INFO_SLAVE_DATA for one link type */ ++ NMPlatformLinkPortData port_data; ++ + /* @connected is mostly identical to (@n_ifi_flags & IFF_UP). Except for bridge/bond masters, + * where we coerce the link as disconnect if it has no slaves. */ + bool connected : 1; +@@ -1226,6 +1240,10 @@ typedef struct { + NMLinkType type, + int ifindex, + gconstpointer extra_data); ++ gboolean (*link_change)(NMPlatform *self, ++ int ifindex, ++ NMPortKind port_kind, ++ const NMPlatformLinkPortData *port_data); + gboolean (*link_delete)(NMPlatform *self, int ifindex); + gboolean (*link_refresh)(NMPlatform *self, int ifindex); + gboolean (*link_set_netns)(NMPlatform *self, int ifindex, int netns_fd); +@@ -2073,6 +2091,8 @@ nm_platform_link_change_flags(NMPlatform *self, int ifindex, unsigned value, gbo + return nm_platform_link_change_flags_full(self, ifindex, value, set ? value : 0u); + } + ++gboolean nm_platform_link_change(NMPlatform *self, int ifindex, NMPlatformLinkBondPort *bond_port); ++ + gboolean nm_platform_link_get_udev_property(NMPlatform *self, + int ifindex, + const char *name, +@@ -2563,6 +2583,11 @@ int nm_platform_tfilter_cmp(const NMPlatformTfilter *a, const NMPlatformTfilter + int nm_platform_mptcp_addr_cmp(const NMPlatformMptcpAddr *a, const NMPlatformMptcpAddr *b); + + void nm_platform_link_hash_update(const NMPlatformLink *obj, NMHashState *h); ++ ++void nm_platform_link_bond_port_hash_update(const NMPlatformLinkBondPort *obj, NMHashState *h); ++int nm_platform_link_bond_port_cmp(const NMPlatformLinkBondPort *a, ++ const NMPlatformLinkBondPort *b); ++ + void nm_platform_ip4_address_hash_update(const NMPlatformIP4Address *obj, NMHashState *h); + void nm_platform_ip6_address_hash_update(const NMPlatformIP6Address *obj, NMHashState *h); + void nm_platform_ip4_route_hash_update(const NMPlatformIP4Route *obj, +-- +2.40.1 + + +From 2ed620bce381b612cff7a14871b8939b48fdaca3 Mon Sep 17 00:00:00 2001 +From: Fernando Fernandez Mancera +Date: Thu, 9 Mar 2023 12:18:14 +0100 +Subject: [PATCH 5/8] platform: add support to prio property in bond ports + +(cherry picked from commit e200b162914d3bda4c03a19652124330a99bb3ae) +(cherry picked from commit 84f17a2fbb73d592a29645003d7d76a9e8b332ca) +(cherry picked from commit c787d22fc8194dc6d07c6b842b5a8a5944f42dc7) +--- + src/core/platform/nm-fake-platform.c | 2 ++ + src/core/platform/tests/test-link.c | 23 +++++++++++++++--- + src/libnm-platform/nm-linux-platform.c | 21 +++++++++++++++++ + src/libnm-platform/nm-platform.c | 32 ++++++++++++++++++++++---- + src/libnm-platform/nm-platform.h | 10 +++++--- + 5 files changed, 78 insertions(+), 10 deletions(-) + +diff --git a/src/core/platform/nm-fake-platform.c b/src/core/platform/nm-fake-platform.c +index c39c45e586..46f374d95c 100644 +--- a/src/core/platform/nm-fake-platform.c ++++ b/src/core/platform/nm-fake-platform.c +@@ -681,6 +681,8 @@ link_change(NMPlatform *platform, + obj_tmp = nmp_object_clone(device->obj, FALSE); + obj_tmp->link.port_kind = NM_PORT_KIND_BOND; + obj_tmp->link.port_data.bond.queue_id = port_data->bond.queue_id; ++ obj_tmp->link.port_data.bond.prio_has = port_data->bond.prio_has; ++ obj_tmp->link.port_data.bond.prio = port_data->bond.prio; + link_set_obj(platform, device, obj_tmp); + return TRUE; + case NM_PORT_KIND_NONE: +diff --git a/src/core/platform/tests/test-link.c b/src/core/platform/tests/test-link.c +index bdbfbea34f..ac1f0d6ff6 100644 +--- a/src/core/platform/tests/test-link.c ++++ b/src/core/platform/tests/test-link.c +@@ -112,7 +112,7 @@ software_add(NMLinkType link_type, const char *name) + gboolean bond0_exists = !!nm_platform_link_get_by_ifname(NM_PLATFORM_GET, "bond0"); + int r; + const NMPlatformLnkBond nm_platform_lnk_bond_default = { +- .mode = 3, ++ .mode = nmtst_rand_select(3, 1), + }; + + r = nm_platform_link_bond_add(NM_PLATFORM_GET, name, &nm_platform_lnk_bond_default, NULL); +@@ -258,18 +258,35 @@ test_slave(int master, int type, SignalData *master_changed) + g_assert(!nm_platform_link_is_up(NM_PLATFORM_GET, ifindex)); + + if (NM_IN_SET(link_type, NM_LINK_TYPE_BOND)) { +- const NMPlatformLink *link; +- NMPlatformLinkBondPort bond_port; ++ NMPlatformLinkBondPort bond_port; ++ gboolean prio_has; ++ gboolean prio_supported; ++ const NMPlatformLink *link; ++ const NMPlatformLnkBond *lnk; ++ ++ link = nmtstp_link_get_typed(NM_PLATFORM_GET, 0, SLAVE_NAME, NM_LINK_TYPE_DUMMY); ++ g_assert(link); ++ ++ lnk = nm_platform_link_get_lnk_bond(NM_PLATFORM_GET, master, NULL); ++ g_assert(lnk); ++ ++ g_assert(NM_IN_SET(lnk->mode, 3, 1)); ++ prio_supported = (lnk->mode == 1); ++ prio_has = nmtst_get_rand_bool() && prio_supported; + + bond_port = (NMPlatformLinkBondPort){ + .queue_id = 5, ++ .prio_has = prio_has, ++ .prio = prio_has ? 6 : 0, + }; ++ + g_assert(nm_platform_link_change(NM_PLATFORM_GET, ifindex, &bond_port)); + accept_signals(link_changed, 1, 3); + + link = nmtstp_link_get(NM_PLATFORM_GET, ifindex, SLAVE_NAME); + g_assert(link); + g_assert_cmpint(link->port_data.bond.queue_id, ==, 5); ++ g_assert(link->port_data.bond.prio_has || link->port_data.bond.prio == 0); + } + + test_link_changed_signal_arg1 = FALSE; +diff --git a/src/libnm-platform/nm-linux-platform.c b/src/libnm-platform/nm-linux-platform.c +index 8158f364d2..19ccb09a86 100644 +--- a/src/libnm-platform/nm-linux-platform.c ++++ b/src/libnm-platform/nm-linux-platform.c +@@ -177,6 +177,8 @@ G_STATIC_ASSERT(RTA_MAX == (__RTA_MAX - 1)); + + /*****************************************************************************/ + ++#define IFLA_BOND_SLAVE_PRIO 9 ++ + #define IFLA_BOND_PEER_NOTIF_DELAY 28 + + #undef IFLA_BOND_MAX +@@ -3267,6 +3269,7 @@ _new_from_nl_link(NMPlatform *platform, + if (li[IFLA_INFO_SLAVE_DATA]) { + static const struct nla_policy policy_bond_port[] = { + [IFLA_BOND_SLAVE_QUEUE_ID] = {.type = NLA_U16}, ++ [IFLA_BOND_SLAVE_PRIO] = {.type = NLA_S32}, + }; + struct nlattr *bp[G_N_ELEMENTS(policy_bond_port)]; + +@@ -3278,6 +3281,21 @@ _new_from_nl_link(NMPlatform *platform, + if (bp[IFLA_BOND_SLAVE_QUEUE_ID]) + obj->link.port_data.bond.queue_id = nla_get_u16(bp[IFLA_BOND_SLAVE_QUEUE_ID]); + ++ if (bp[IFLA_BOND_SLAVE_PRIO]) { ++ obj->link.port_data.bond.prio = nla_get_s32(bp[IFLA_BOND_SLAVE_PRIO]); ++ obj->link.port_data.bond.prio_has = TRUE; ++ if (!_nm_platform_kernel_support_detected( ++ NM_PLATFORM_KERNEL_SUPPORT_TYPE_IFLA_BOND_SLAVE_PRIO)) { ++ /* support for IFLA_BOND_SLAVE_PRIO was added in 0a2ff7cc8ad48a86939a91bd3457f38e59e741a1, ++ * kernel 6.0, 2 October 2022. ++ * ++ * We can only detect support if the attribute is present. A missing attribute ++ * is not conclusive. */ ++ _nm_platform_kernel_support_init( ++ NM_PLATFORM_KERNEL_SUPPORT_TYPE_IFLA_BOND_SLAVE_PRIO, ++ 1); ++ } ++ } + break; + case NM_PORT_KIND_NONE: + break; +@@ -8120,6 +8138,9 @@ link_change(NMPlatform *platform, + + NLA_PUT_U16(nlmsg, IFLA_BOND_SLAVE_QUEUE_ID, port_data->bond.queue_id); + ++ if (port_data->bond.prio_has) ++ NLA_PUT_S32(nlmsg, IFLA_BOND_SLAVE_PRIO, port_data->bond.prio); ++ + nla_nest_end(nlmsg, nl_port_data); + nla_nest_end(nlmsg, nl_info); + break; +diff --git a/src/libnm-platform/nm-platform.c b/src/libnm-platform/nm-platform.c +index 01568243a3..d64c85674a 100644 +--- a/src/libnm-platform/nm-platform.c ++++ b/src/libnm-platform/nm-platform.c +@@ -68,6 +68,7 @@ _nmp_link_port_data_to_string(NMPortKind port_kind, + gsize sbuf_len) + { + const char *sbuf0 = sbuf; ++ char s0[120]; + + nm_assert(port_data); + +@@ -76,7 +77,16 @@ _nmp_link_port_data_to_string(NMPortKind port_kind, + nm_strbuf_append_c(&sbuf, &sbuf_len, '\0'); + goto out; + case NM_PORT_KIND_BOND: +- nm_strbuf_append(&sbuf, &sbuf_len, "port bond queue-id %u", port_data->bond.queue_id); ++ nm_strbuf_append(&sbuf, ++ &sbuf_len, ++ "port bond queue-id %u%s", ++ port_data->bond.queue_id, ++ port_data->bond.prio_has || port_data->bond.prio != 0 ++ ? nm_sprintf_buf(s0, ++ " prio%s %u", ++ port_data->bond.prio_has ? "" : "?", ++ port_data->bond.prio) ++ : ""); + goto out; + } + +@@ -2120,6 +2130,8 @@ nm_platform_link_set_name(NMPlatform *self, int ifindex, const char *name) + gboolean + nm_platform_link_change(NMPlatform *self, int ifindex, NMPlatformLinkBondPort *bond_port) + { ++ char sbuf_prio[100]; ++ + _CHECK_SELF(self, klass, FALSE); + + g_return_val_if_fail(ifindex >= 0, FALSE); +@@ -2127,8 +2139,18 @@ nm_platform_link_change(NMPlatform *self, int ifindex, NMPlatformLinkBondPort *b + if (_LOGD_ENABLED()) { + nm_auto_free_gstring GString *str = g_string_new(""); + +- if (bond_port) +- g_string_append_printf(str, "bond-port queue-id %d", bond_port->queue_id); ++ if (bond_port) { ++ nm_assert(bond_port->prio_has || bond_port->prio == 0); ++ g_string_append_printf(str, ++ "bond-port queue-id %d %s", ++ bond_port->queue_id, ++ bond_port->prio_has || bond_port->prio != 0 ++ ? nm_sprintf_buf(sbuf_prio, ++ "prio%s %" G_GINT32_FORMAT, ++ !bond_port->prio_has ? "?" : "", ++ bond_port->prio) ++ : ""); ++ } + + if (str->len > 0 && str->str[str->len - 1] == ' ') + g_string_truncate(str, str->len - 1); +@@ -8017,7 +8039,7 @@ nm_platform_link_hash_update(const NMPlatformLink *obj, NMHashState *h) + void + nm_platform_link_bond_port_hash_update(const NMPlatformLinkBondPort *obj, NMHashState *h) + { +- nm_hash_update_vals(h, obj->queue_id); ++ nm_hash_update_vals(h, obj->prio, obj->queue_id, NM_HASH_COMBINE_BOOLS(guint8, obj->prio_has)); + } + + int +@@ -8139,6 +8161,8 @@ nm_platform_link_bond_port_cmp(const NMPlatformLinkBondPort *a, const NMPlatform + { + NM_CMP_SELF(a, b); + NM_CMP_FIELD(a, b, queue_id); ++ NM_CMP_FIELD(a, b, prio); ++ NM_CMP_FIELD_BOOL(a, b, prio_has); + + return 0; + } +diff --git a/src/libnm-platform/nm-platform.h b/src/libnm-platform/nm-platform.h +index f48662d900..611f50f901 100644 +--- a/src/libnm-platform/nm-platform.h ++++ b/src/libnm-platform/nm-platform.h +@@ -217,7 +217,9 @@ struct _NMPlatformObjWithIfindex { + }; + + typedef struct { ++ gint32 prio; + guint16 queue_id; ++ bool prio_has : 1; + } NMPlatformLinkBondPort; + + typedef union { +@@ -274,12 +276,12 @@ struct _NMPlatformLink { + guint64 tx_packets; + guint64 tx_bytes; + +- /* IFLA_INFO_SLAVE_KIND */ +- NMPortKind port_kind; +- + /* an interface can only hold IFLA_INFO_SLAVE_DATA for one link type */ + NMPlatformLinkPortData port_data; + ++ /* IFLA_INFO_SLAVE_KIND */ ++ NMPortKind port_kind; ++ + /* @connected is mostly identical to (@n_ifi_flags & IFF_UP). Except for bridge/bond masters, + * where we coerce the link as disconnect if it has no slaves. */ + bool connected : 1; +@@ -1140,6 +1142,8 @@ typedef enum { + * were added at the same time. */ + NM_PLATFORM_KERNEL_SUPPORT_TYPE_FRA_IP_PROTO, + ++ NM_PLATFORM_KERNEL_SUPPORT_TYPE_IFLA_BOND_SLAVE_PRIO, ++ + _NM_PLATFORM_KERNEL_SUPPORT_NUM, + } NMPlatformKernelSupportType; + +-- +2.40.1 + + +From 17badd932a2422a1d493ec3ad962d811f3854136 Mon Sep 17 00:00:00 2001 +From: Fernando Fernandez Mancera +Date: Tue, 9 May 2023 12:46:09 +0200 +Subject: [PATCH 6/8] libnm: add NM_VERSION_1_40_20 + +(cherry picked from commit 4fd186bbf6cf9f791c7166a04c9ef4b7ec101a80) +--- + src/libnm-core-public/nm-version-macros.h.in | 1 + + src/libnm-core-public/nm-version.h | 6 ++++++ + 2 files changed, 7 insertions(+) + +diff --git a/src/libnm-core-public/nm-version-macros.h.in b/src/libnm-core-public/nm-version-macros.h.in +index fc854aef86..cb3350f19c 100644 +--- a/src/libnm-core-public/nm-version-macros.h.in ++++ b/src/libnm-core-public/nm-version-macros.h.in +@@ -73,6 +73,7 @@ + #define NM_VERSION_1_38 (NM_ENCODE_VERSION (1, 38, 0)) + #define NM_VERSION_1_40 (NM_ENCODE_VERSION (1, 40, 0)) + #define NM_VERSION_1_40_4 (NM_ENCODE_VERSION (1, 40, 4)) ++#define NM_VERSION_1_40_20 (NM_ENCODE_VERSION (1, 40, 20)) + + /* For releases, NM_API_VERSION is equal to NM_VERSION. + * +diff --git a/src/libnm-core-public/nm-version.h b/src/libnm-core-public/nm-version.h +index d9f9a12121..5b924ce620 100644 +--- a/src/libnm-core-public/nm-version.h ++++ b/src/libnm-core-public/nm-version.h +@@ -347,6 +347,12 @@ + #define NM_AVAILABLE_IN_1_40_4 + #endif + ++#if NM_VERSION_MAX_ALLOWED < NM_VERSION_1_40_20 ++#define NM_AVAILABLE_IN_1_40_20 G_UNAVAILABLE(1, 40.20) ++#else ++#define NM_AVAILABLE_IN_1_40_20 ++#endif ++ + /* + * Synchronous API for calling D-Bus in libnm is deprecated. See + * https://networkmanager.dev/docs/libnm/latest/usage.html#sync-api +-- +2.40.1 + + +From 7f3f3f50cf7d71c16c532dd73e0d4a2d6ffc129f Mon Sep 17 00:00:00 2001 +From: Fernando Fernandez Mancera +Date: Thu, 9 Mar 2023 12:18:14 +0100 +Subject: [PATCH 7/8] bonding: add support to prio property in bond ports + +Add per port priority support for bond active port re-selection during +failover. A higher number means a higher priority in selection. The +primary port still has the highest priority. This option is only +compatible with active-backup, balance-tlb and balance-alb modes. + +(cherry picked from commit 2f0571f1930ff2c11de4f48b4433ca5fe6c897a0) +(cherry picked from commit 748f6388aa0217b2c1c8bf879697ce48bcba8317) +(cherry picked from commit d36620e654b20146e49209c191b7230936cc1596) +--- + src/core/devices/nm-device-bond.c | 58 +++++++++++++++++-- + .../plugins/ifcfg-rh/nms-ifcfg-rh-reader.c | 23 ++++++-- + .../plugins/ifcfg-rh/nms-ifcfg-rh-utils.c | 1 + + .../plugins/ifcfg-rh/nms-ifcfg-rh-utils.h | 2 +- + .../plugins/ifcfg-rh/nms-ifcfg-rh-writer.c | 4 +- + .../plugins/ifcfg-rh/tests/test-ifcfg-rh.c | 1 + + src/libnm-base/nm-base.h | 1 + + src/libnm-client-impl/libnm.ver | 5 ++ + src/libnm-client-impl/tests/test-gir.py | 4 +- + src/libnm-core-impl/nm-setting-bond-port.c | 48 ++++++++++++++- + src/libnm-core-public/nm-setting-bond-port.h | 4 ++ + src/libnmc-setting/nm-meta-setting-desc.c | 6 ++ + src/libnmc-setting/settings-docs.h.in | 1 + + .../generate-docs-nm-settings-nmcli.xml.in | 3 + + 14 files changed, 146 insertions(+), 15 deletions(-) + +diff --git a/src/core/devices/nm-device-bond.c b/src/core/devices/nm-device-bond.c +index 0485689d10..9ecb2ac7ae 100644 +--- a/src/core/devices/nm-device-bond.c ++++ b/src/core/devices/nm-device-bond.c +@@ -234,7 +234,12 @@ controller_update_port_connection(NMDevice *self, + pllink = nm_platform_link_get(nm_device_get_platform(port), ifindex_port); + + if (pllink && pllink->port_kind == NM_PORT_KIND_BOND) +- g_object_set(s_port, NM_SETTING_BOND_PORT_QUEUE_ID, pllink->port_data.bond.queue_id, NULL); ++ g_object_set(s_port, ++ NM_SETTING_BOND_PORT_QUEUE_ID, ++ pllink->port_data.bond.queue_id, ++ NM_SETTING_BOND_PORT_PRIO, ++ pllink->port_data.bond.prio, ++ NULL); + + g_object_set(nm_connection_get_setting_connection(connection), + NM_SETTING_CONNECTION_MASTER, +@@ -495,11 +500,52 @@ act_stage1_prepare(NMDevice *device, NMDeviceStateReason *out_failure_reason) + static void + commit_port_options(NMDevice *bond_device, NMDevice *port, NMSettingBondPort *s_port) + { +- nm_platform_link_change( +- nm_device_get_platform(port), +- nm_device_get_ifindex(port), +- &((NMPlatformLinkBondPort){.queue_id = s_port ? nm_setting_bond_port_get_queue_id(s_port) +- : NM_BOND_PORT_QUEUE_ID_DEF})); ++ NMBondMode mode = NM_BOND_MODE_UNKNOWN; ++ const char *value; ++ NMSettingBond *s_bond; ++ gint32 prio; ++ gboolean prio_has; ++ ++ s_bond = nm_device_get_applied_setting(bond_device, NM_TYPE_SETTING_BOND); ++ if (s_bond) { ++ value = nm_setting_bond_get_option_normalized(s_bond, NM_SETTING_BOND_OPTION_MODE); ++ mode = _nm_setting_bond_mode_from_string(value); ++ } ++ ++ prio = s_port ? nm_setting_bond_port_get_prio(s_port) : NM_BOND_PORT_PRIO_DEF; ++ ++ if (prio != 0) { ++ /* The profile explicitly sets the priority. No matter what, we try to set it ++ * in netlink. */ ++ prio_has = TRUE; ++ } else if (!NM_IN_SET(mode, NM_BOND_MODE_ACTIVEBACKUP, NM_BOND_MODE_TLB, NM_BOND_MODE_ALB)) { ++ /* The priority only is configurable with certain modes. If we don't have ++ * one of those modes, don't try to set the priority explicitly to zero. */ ++ prio_has = FALSE; ++ } else if (nm_platform_kernel_support_get_full( ++ NM_PLATFORM_KERNEL_SUPPORT_TYPE_IFLA_BOND_SLAVE_PRIO, ++ FALSE) ++ == NM_OPTION_BOOL_TRUE) { ++ /* We can only detect support if we have it. We cannot detect lack of support if ++ * we don't have it. ++ * ++ * But we did explicitly detect support, so explicitly set the prio to zero. */ ++ prio_has = TRUE; ++ } else { ++ /* We either have an unsuitable mode or didn't detect kernel support for the ++ * priority. Don't explicitly set priority to zero. It is already the default, ++ * so it shouldn't be necessary. */ ++ prio_has = FALSE; ++ } ++ ++ nm_platform_link_change(nm_device_get_platform(port), ++ nm_device_get_ifindex(port), ++ &((NMPlatformLinkBondPort){ ++ .queue_id = s_port ? nm_setting_bond_port_get_queue_id(s_port) ++ : NM_BOND_PORT_QUEUE_ID_DEF, ++ .prio = prio_has ? prio : 0, ++ .prio_has = prio_has, ++ })); + } + + static NMTernary +diff --git a/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c b/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c +index 4d8e7bd69b..02ba843201 100644 +--- a/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c ++++ b/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c +@@ -5557,6 +5557,7 @@ make_bond_port_setting(shvarFile *ifcfg) + gs_free char *value_to_free = NULL; + const char *value; + guint queue_id; ++ gint32 prio; + + g_return_val_if_fail(ifcfg != NULL, FALSE); + +@@ -5565,11 +5566,23 @@ make_bond_port_setting(shvarFile *ifcfg) + s_port = nm_setting_bond_port_new(); + queue_id = + _nm_utils_ascii_str_to_uint64(value, 10, 0, G_MAXUINT16, NM_BOND_PORT_QUEUE_ID_DEF); +- if (errno != 0) { +- PARSE_WARNING("Invalid bond port queue_id value '%s'", value); +- return s_port; +- } +- g_object_set(G_OBJECT(s_port), NM_SETTING_BOND_PORT_QUEUE_ID, queue_id, NULL); ++ if (errno != 0) ++ PARSE_WARNING("Invalid bond port queue_id value BOND_PORT_QUEUE_ID '%s'", value); ++ else ++ g_object_set(G_OBJECT(s_port), NM_SETTING_BOND_PORT_QUEUE_ID, queue_id, NULL); ++ } ++ ++ nm_clear_g_free(&value_to_free); ++ value = svGetValue(ifcfg, "BOND_PORT_PRIO", &value_to_free); ++ if (value) { ++ if (!s_port) ++ s_port = nm_setting_bond_port_new(); ++ prio = ++ _nm_utils_ascii_str_to_int64(value, 10, G_MININT32, G_MAXINT32, NM_BOND_PORT_PRIO_DEF); ++ if (errno != 0) ++ PARSE_WARNING("Invalid bond port prio value BOND_PORT_PRIO '%s'", value); ++ else ++ g_object_set(G_OBJECT(s_port), NM_SETTING_BOND_PORT_PRIO, prio, NULL); + } + + return s_port; +diff --git a/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-utils.c b/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-utils.c +index e1ef817478..ef4276da73 100644 +--- a/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-utils.c ++++ b/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-utils.c +@@ -827,6 +827,7 @@ const NMSIfcfgKeyTypeInfo nms_ifcfg_well_known_keys[] = { + _KEY_TYPE("BAND", NMS_IFCFG_KEY_TYPE_IS_PLAIN), + _KEY_TYPE("BONDING_MASTER", NMS_IFCFG_KEY_TYPE_IS_PLAIN), + _KEY_TYPE("BONDING_OPTS", NMS_IFCFG_KEY_TYPE_IS_PLAIN), ++ _KEY_TYPE("BOND_PORT_PRIO", NMS_IFCFG_KEY_TYPE_IS_PLAIN), + _KEY_TYPE("BOND_PORT_QUEUE_ID", NMS_IFCFG_KEY_TYPE_IS_PLAIN), + _KEY_TYPE("BOOTPROTO", NMS_IFCFG_KEY_TYPE_IS_PLAIN), + _KEY_TYPE("BRIDGE", NMS_IFCFG_KEY_TYPE_IS_PLAIN), +diff --git a/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-utils.h b/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-utils.h +index d1f8dbad9c..e3d3d87321 100644 +--- a/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-utils.h ++++ b/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-utils.h +@@ -33,7 +33,7 @@ typedef struct { + NMSIfcfgKeyTypeFlags key_flags; + } NMSIfcfgKeyTypeInfo; + +-extern const NMSIfcfgKeyTypeInfo nms_ifcfg_well_known_keys[256]; ++extern const NMSIfcfgKeyTypeInfo nms_ifcfg_well_known_keys[257]; + + const NMSIfcfgKeyTypeInfo *nms_ifcfg_well_known_key_find_info(const char *key, gssize *out_idx); + +diff --git a/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c b/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c +index e8948c3dd0..e340c9fe13 100644 +--- a/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c ++++ b/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c +@@ -1910,8 +1910,10 @@ write_bond_port_setting(NMConnection *connection, shvarFile *ifcfg) + NMSettingBondPort *s_port; + + s_port = _nm_connection_get_setting(connection, NM_TYPE_SETTING_BOND_PORT); +- if (s_port) ++ if (s_port) { + svSetValueInt64(ifcfg, "BOND_PORT_QUEUE_ID", nm_setting_bond_port_get_queue_id(s_port)); ++ svSetValueInt64(ifcfg, "BOND_PORT_PRIO", nm_setting_bond_port_get_prio(s_port)); ++ } + } + + static gboolean +diff --git a/src/core/settings/plugins/ifcfg-rh/tests/test-ifcfg-rh.c b/src/core/settings/plugins/ifcfg-rh/tests/test-ifcfg-rh.c +index 886a605fb2..d2ac2b29db 100644 +--- a/src/core/settings/plugins/ifcfg-rh/tests/test-ifcfg-rh.c ++++ b/src/core/settings/plugins/ifcfg-rh/tests/test-ifcfg-rh.c +@@ -8325,6 +8325,7 @@ test_write_bond_port(void) + + s_bond_port = _nm_connection_new_setting(connection, NM_TYPE_SETTING_BOND_PORT); + g_object_set(s_bond_port, NM_SETTING_BOND_PORT_QUEUE_ID, 1, NULL); ++ g_object_set(s_bond_port, NM_SETTING_BOND_PORT_PRIO, 10, NULL); + + nmtst_assert_connection_verifies(connection); + +diff --git a/src/libnm-base/nm-base.h b/src/libnm-base/nm-base.h +index 28feb48429..b9161c7680 100644 +--- a/src/libnm-base/nm-base.h ++++ b/src/libnm-base/nm-base.h +@@ -392,6 +392,7 @@ typedef struct { + /****************************************************************************/ + + #define NM_BOND_PORT_QUEUE_ID_DEF 0 ++#define NM_BOND_PORT_PRIO_DEF 0 + + /*****************************************************************************/ + +diff --git a/src/libnm-client-impl/libnm.ver b/src/libnm-client-impl/libnm.ver +index 2478defa34..7c98646253 100644 +--- a/src/libnm-client-impl/libnm.ver ++++ b/src/libnm-client-impl/libnm.ver +@@ -1878,3 +1878,8 @@ global: + nm_utils_ip_routes_to_variant; + nm_vpn_plugin_info_supports_multiple; + } libnm_1_40_0; ++ ++libnm_1_40_20_bondp { ++global: ++ nm_setting_bond_port_get_prio; ++} libnm_1_40_0; +diff --git a/src/libnm-client-impl/tests/test-gir.py b/src/libnm-client-impl/tests/test-gir.py +index d91849b8fe..84919dd533 100755 +--- a/src/libnm-client-impl/tests/test-gir.py ++++ b/src/libnm-client-impl/tests/test-gir.py +@@ -97,8 +97,10 @@ def syms_from_ver(verfile): + ): + c_syms[str_removesuffix(line, ";")] = version + +- # This one is... messy. ++ # These are exceptions and we cannot know the version for the symbol so we ++ # harcode it. + c_syms["nm_ethtool_optname_is_feature"] = "1.20" ++ c_syms["nm_setting_bond_port_get_prio"] = "1.44" + + return c_syms + +diff --git a/src/libnm-core-impl/nm-setting-bond-port.c b/src/libnm-core-impl/nm-setting-bond-port.c +index d1656a31ac..a6daad8b19 100644 +--- a/src/libnm-core-impl/nm-setting-bond-port.c ++++ b/src/libnm-core-impl/nm-setting-bond-port.c +@@ -22,9 +22,10 @@ + + /*****************************************************************************/ + +-NM_GOBJECT_PROPERTIES_DEFINE(NMSettingBondPort, PROP_QUEUE_ID, ); ++NM_GOBJECT_PROPERTIES_DEFINE(NMSettingBondPort, PROP_QUEUE_ID, PROP_PRIO, ); + + typedef struct { ++ gint32 prio; + guint32 queue_id; + } NMSettingBondPortPrivate; + +@@ -65,6 +66,22 @@ nm_setting_bond_port_get_queue_id(NMSettingBondPort *setting) + return NM_SETTING_BOND_PORT_GET_PRIVATE(setting)->queue_id; + } + ++/** ++ * nm_setting_bond_port_get_prio: ++ * @setting: the #NMSettingBondPort ++ * ++ * Returns: the #NMSettingBondPort:prio property of the setting ++ * ++ * Since: 1.44, 1.42.8, 1.40.20, rhel-8.9 ++ **/ ++gint32 ++nm_setting_bond_port_get_prio(NMSettingBondPort *setting) ++{ ++ g_return_val_if_fail(NM_IS_SETTING_BOND_PORT(setting), 0); ++ ++ return NM_SETTING_BOND_PORT_GET_PRIVATE(setting)->prio; ++} ++ + /*****************************************************************************/ + + static gboolean +@@ -165,6 +182,35 @@ nm_setting_bond_port_class_init(NMSettingBondPortClass *klass) + NMSettingBondPort, + _priv.queue_id); + ++ /** ++ * NMSettingBondPort:prio: ++ * ++ * The port priority for bond active port re-selection during failover. A ++ * higher number means a higher priority in selection. The primary port has ++ * the highest priority. This option is only compatible with active-backup, ++ * balance-tlb and balance-alb modes. ++ * ++ * Since: 1.44, 1.42.8, 1.40.20, rhel-8.9 ++ **/ ++ /* ---ifcfg-rh--- ++ * property: prio ++ * variable: BOND_PORT_PRIO(+) ++ * values: -2147483648 - 2147483647 ++ * default: 0 ++ * description: Port priority. ++ * ---end--- ++ */ ++ _nm_setting_property_define_direct_int32(properties_override, ++ obj_properties, ++ NM_SETTING_BOND_PORT_PRIO, ++ PROP_PRIO, ++ G_MININT32, ++ G_MAXINT32, ++ NM_BOND_PORT_PRIO_DEF, ++ NM_SETTING_PARAM_INFERRABLE, ++ NMSettingBondPort, ++ _priv.prio); ++ + g_object_class_install_properties(object_class, _PROPERTY_ENUMS_LAST, obj_properties); + + _nm_setting_class_commit(setting_class, +diff --git a/src/libnm-core-public/nm-setting-bond-port.h b/src/libnm-core-public/nm-setting-bond-port.h +index 0b20e4a8cb..abaedfcd6d 100644 +--- a/src/libnm-core-public/nm-setting-bond-port.h ++++ b/src/libnm-core-public/nm-setting-bond-port.h +@@ -29,6 +29,7 @@ G_BEGIN_DECLS + #define NM_SETTING_BOND_PORT_SETTING_NAME "bond-port" + + #define NM_SETTING_BOND_PORT_QUEUE_ID "queue-id" ++#define NM_SETTING_BOND_PORT_PRIO "prio" + + typedef struct _NMSettingBondPortClass NMSettingBondPortClass; + +@@ -41,6 +42,9 @@ NMSetting *nm_setting_bond_port_new(void); + NM_AVAILABLE_IN_1_34 + guint32 nm_setting_bond_port_get_queue_id(NMSettingBondPort *setting); + ++NM_AVAILABLE_IN_1_40_20 ++gint32 nm_setting_bond_port_get_prio(NMSettingBondPort *setting); ++ + G_END_DECLS + + #endif /* __NM_SETTING_BOND_PORT_H__ */ +diff --git a/src/libnmc-setting/nm-meta-setting-desc.c b/src/libnmc-setting/nm-meta-setting-desc.c +index 31beb65ef9..5714722de2 100644 +--- a/src/libnmc-setting/nm-meta-setting-desc.c ++++ b/src/libnmc-setting/nm-meta-setting-desc.c +@@ -5154,6 +5154,12 @@ static const NMMetaPropertyInfo *const property_infos_BOND_PORT[] = { + .prompt = N_("Queue ID"), + .property_type = &_pt_gobject_int, + ), ++ PROPERTY_INFO_WITH_DESC (NM_SETTING_BOND_PORT_PRIO, ++ .is_cli_option = TRUE, ++ .property_alias = "prio", ++ .prompt = N_("Port Priority"), ++ .property_type= &_pt_gobject_int, ++ ), + NULL + }; + +diff --git a/src/libnmc-setting/settings-docs.h.in b/src/libnmc-setting/settings-docs.h.in +index 62edc77f6b..6a5f416348 100644 +--- a/src/libnmc-setting/settings-docs.h.in ++++ b/src/libnmc-setting/settings-docs.h.in +@@ -426,6 +426,7 @@ + #define DESCRIBE_DOC_NM_SETTING_WPAN_PAGE N_("IEEE 802.15.4 channel page. A positive integer or -1, meaning \"do not set, use whatever the device is already set to\".") + #define DESCRIBE_DOC_NM_SETTING_WPAN_PAN_ID N_("IEEE 802.15.4 Personal Area Network (PAN) identifier.") + #define DESCRIBE_DOC_NM_SETTING_WPAN_SHORT_ADDRESS N_("Short IEEE 802.15.4 address to be used within a restricted environment.") ++#define DESCRIBE_DOC_NM_SETTING_BOND_PORT_PRIO N_("The port priority for bond active port re-selection during failover. A higher number means a higher priority in selection. The primary port has the highest priority. This option is only compatible with active-backup, balance-tlb and balance-alb modes.") + #define DESCRIBE_DOC_NM_SETTING_BOND_PORT_QUEUE_ID N_("The queue ID of this bond port. The maximum value of queue ID is the number of TX queues currently active in device.") + #define DESCRIBE_DOC_NM_SETTING_HOSTNAME_FROM_DHCP N_("Whether the system hostname can be determined from DHCP on this connection. When set to NM_TERNARY_DEFAULT (-1), the value from global configuration is used. If the property doesn't have a value in the global configuration, NetworkManager assumes the value to be NM_TERNARY_TRUE (1).") + #define DESCRIBE_DOC_NM_SETTING_HOSTNAME_FROM_DNS_LOOKUP N_("Whether the system hostname can be determined from reverse DNS lookup of addresses on this device. When set to NM_TERNARY_DEFAULT (-1), the value from global configuration is used. If the property doesn't have a value in the global configuration, NetworkManager assumes the value to be NM_TERNARY_TRUE (1).") +diff --git a/src/nmcli/generate-docs-nm-settings-nmcli.xml.in b/src/nmcli/generate-docs-nm-settings-nmcli.xml.in +index 03e6c0b54b..adf7895f0d 100644 +--- a/src/nmcli/generate-docs-nm-settings-nmcli.xml.in ++++ b/src/nmcli/generate-docs-nm-settings-nmcli.xml.in +@@ -271,6 +271,9 @@ + ++ + + + +Date: Wed, 10 May 2023 18:18:18 +0200 +Subject: [PATCH 8/8] tests: adjust test-gir.py to allow extra elements in + section name + +(cherry picked from commit 9b8220c9fa6c26257fe809171355b29219efe26a) +(cherry picked from commit 56e19bdf685ebc152eaf0cc8d2571387b8ea669b) +(cherry picked from commit ca41be98a075e03e61dc7e898d772792c0a65619) +--- + src/libnm-client-impl/tests/test-gir.py | 18 +++++------------- + 1 file changed, 5 insertions(+), 13 deletions(-) + +diff --git a/src/libnm-client-impl/tests/test-gir.py b/src/libnm-client-impl/tests/test-gir.py +index 84919dd533..50b2fade6b 100755 +--- a/src/libnm-client-impl/tests/test-gir.py ++++ b/src/libnm-client-impl/tests/test-gir.py +@@ -7,6 +7,7 @@ + from __future__ import print_function + import xml.etree.ElementTree as ET + import argparse ++import re + import sys + + C_NS = "http://www.gtk.org/introspection/c/1.0" +@@ -60,17 +61,6 @@ def str_removesuffix(string, suffix): + return string + + +-# Older Python doesn't have str.removeprefix() +-def str_removeprefix(string, prefix): +- try: +- return string.removeprefix(prefix) +- except AttributeError: +- if string.startswith(prefix): +- return string[len(prefix) :] +- else: +- return string +- +- + def syms_from_ver(verfile): + c_syms = {} + for line in open(verfile).readlines(): +@@ -78,8 +68,10 @@ def syms_from_ver(verfile): + + if line.endswith("{"): + line = str_removesuffix(line, " {") +- line = str_removeprefix(line, "libnm_") +- (major, minor, micro) = line.split("_") ++ m = re.search(r"^libnm_([0-9]+)_([0-9]+)_([0-9]+)$", line) ++ if not m: ++ continue ++ (major, minor, micro) = m.groups() + if int(major) > 1 or int(minor) > 0: + if int(micro) > 0: + # Snap to next major version. Perhaps not +-- +2.40.1 + diff --git a/SOURCES/1004-team-don-t-try-to-connect-to-teamd-in-update_connect-rh2182029.patch b/SOURCES/1004-team-don-t-try-to-connect-to-teamd-in-update_connect-rh2182029.patch new file mode 100644 index 0000000..48a3c92 --- /dev/null +++ b/SOURCES/1004-team-don-t-try-to-connect-to-teamd-in-update_connect-rh2182029.patch @@ -0,0 +1,52 @@ +From 4a9d5b23ab513f0ee0b8f490e522f60d4ef3e4cd Mon Sep 17 00:00:00 2001 +From: Beniamino Galvani +Date: Thu, 4 May 2023 15:11:49 +0200 +Subject: [PATCH] team: don't try to connect to teamd in update_connection() + +In constructed(), NMDevice starts watching the D-Bus name owner or +monitoring the unix socket, and so it is always aware if teamd is +running. When it is, NMDevice connects to it and initializes +priv->tdc. + +It is not useful to try to connect to teamd in update_connection() +because warnings will be generated by NM and by libteam if teamd is +not running. As explained above the connection is always initialized +when teamd is available, and so we can just check priv->tdc. + +Fixes: ab586236e36b ('core: implement update_connection() for Team') + +https://bugzilla.redhat.com/show_bug.cgi?id=2182029 +https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1631 +(cherry picked from commit 93430627c245a0b33b873edca329fa716ccfb7d6) +(cherry picked from commit b60f0dd0a20db232c7edc01faa4562ce510ed107) +(cherry picked from commit f6f1a44559990765a5cbc940a74f54df5d8a30d0) +--- + src/core/devices/team/nm-device-team.c | 9 +-------- + 1 file changed, 1 insertion(+), 8 deletions(-) + +diff --git a/src/core/devices/team/nm-device-team.c b/src/core/devices/team/nm-device-team.c +index b745158ef8..1d2beb5e8a 100644 +--- a/src/core/devices/team/nm-device-team.c ++++ b/src/core/devices/team/nm-device-team.c +@@ -228,17 +228,10 @@ update_connection(NMDevice *device, NMConnection *connection) + NMDeviceTeam *self = NM_DEVICE_TEAM(device); + NMSettingTeam *s_team = _nm_connection_ensure_setting(connection, NM_TYPE_SETTING_TEAM); + NMDeviceTeamPrivate *priv = NM_DEVICE_TEAM_GET_PRIVATE(self); +- struct teamdctl *tdc = priv->tdc; + + /* Read the configuration only if not already set */ +- if (!priv->config && ensure_teamd_connection(device)) ++ if (!priv->config && priv->tdc) { + teamd_read_config(self); +- +- /* Restore previous tdc state */ +- if (priv->tdc && !tdc) { +- teamdctl_disconnect(priv->tdc); +- teamdctl_free(priv->tdc); +- priv->tdc = NULL; + } + + g_object_set(G_OBJECT(s_team), NM_SETTING_TEAM_CONFIG, _get_config(self), NULL); +-- +2.40.1 + diff --git a/SOURCES/1005-ipv6ll-don-t-regenerate-the-address-when-removed-rh2209353.patch b/SOURCES/1005-ipv6ll-don-t-regenerate-the-address-when-removed-rh2209353.patch new file mode 100644 index 0000000..b322c77 --- /dev/null +++ b/SOURCES/1005-ipv6ll-don-t-regenerate-the-address-when-removed-rh2209353.patch @@ -0,0 +1,140 @@ +From 3fcb1a072f230b53c6fdf6e106e0972293a2f742 Mon Sep 17 00:00:00 2001 +From: Beniamino Galvani +Date: Thu, 11 May 2023 13:32:13 +0200 +Subject: [PATCH] ipv6ll: don't regenerate the address when it's removed + externally + +Currently if the IPv6 link-local address is removed after it passed +DAD, NetworkManager tries to generate a new link-local address. If +this fails, which is always the case for EUI64, ipv6ll is considered +as failed and the connection can go down (depending on may-fail). + +This is particularly bad for virtual interfaces because if somebody +removes the link-local address, the activation can fail and destroy +the interface, breaking all services that require it. Also, it's a +change in behavior introduced in 1.36.0. + +It seems that a better approach here is to re-add the address that was +removed externally. + +[bgalvani@redhat.com: since the branch is missing commit 7ca95cee15b3 +('platform: always reconfigure IP routes even if removed externally'), +we need to set flag NM_L3CFG_CONFIG_FLAGS_FORCE_ONCE when committing +the address, otherwise it's not re-added] + +Fixes: aa070fb82190 ('core: add NML3IPv6LL helper') +https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1622 +(cherry picked from commit 53ba9f4701f30b12637df2c7215a0b7da845b34c) +(cherry picked from commit 2976e4c3b7fcee06051ce83c9a7fa911ad192dc4) +(cherry picked from commit 4a13b5f52217c81ddf2329ba343796bfa4ed5ef9) +--- + src/core/nm-l3-ipv6ll.c | 34 ++++++++++++++++++++++------------ + 1 file changed, 22 insertions(+), 12 deletions(-) + +diff --git a/src/core/nm-l3-ipv6ll.c b/src/core/nm-l3-ipv6ll.c +index 2640c07554..6e5e460258 100644 +--- a/src/core/nm-l3-ipv6ll.c ++++ b/src/core/nm-l3-ipv6ll.c +@@ -391,7 +391,7 @@ _pladdr_find_ll(NML3IPv6LL *self, gboolean *out_cur_addr_failed) + /*****************************************************************************/ + + static void +-_lladdr_handle_changed(NML3IPv6LL *self) ++_lladdr_handle_changed(NML3IPv6LL *self, gboolean force_commit) + { + const NML3ConfigData *l3cd; + gboolean changed = FALSE; +@@ -420,7 +420,9 @@ _lladdr_handle_changed(NML3IPv6LL *self) + NM_DNS_PRIORITY_DEFAULT_NORMAL, + NM_L3_ACD_DEFEND_TYPE_ALWAYS, + 0, +- NM_L3CFG_CONFIG_FLAGS_NONE, ++ /* Even if the address was removed from platform, it must ++ * be re-added, hence FORCE_ONCE. */ ++ NM_L3CFG_CONFIG_FLAGS_FORCE_ONCE, + NM_L3_CONFIG_MERGE_FLAGS_NONE)) + changed = TRUE; + } else { +@@ -434,7 +436,7 @@ _lladdr_handle_changed(NML3IPv6LL *self) + self->l3cfg_commit_handle, + "ipv6ll"); + +- if (changed) ++ if (changed || force_commit) + nm_l3cfg_commit_on_idle_schedule(self->l3cfg, NM_L3_CFG_COMMIT_TYPE_AUTO); + + if (!self->emit_changed_idle_source) { +@@ -515,6 +517,7 @@ _check(NML3IPv6LL *self) + const NMPlatformIP6Address *pladdr; + char sbuf[INET6_ADDRSTRLEN]; + gboolean cur_addr_failed; ++ gboolean restarted = FALSE; + struct in6_addr lladdr; + + pladdr = _pladdr_find_ll(self, &cur_addr_failed); +@@ -526,14 +529,14 @@ _check(NML3IPv6LL *self) + if (_set_cur_lladdr_obj(self, NM_L3_IPV6LL_STATE_DAD_IN_PROGRESS, pladdr)) { + _LOGT("changed: waiting for address %s to complete DAD", + _nm_utils_inet6_ntop(&self->cur_lladdr, sbuf)); +- _lladdr_handle_changed(self); ++ _lladdr_handle_changed(self, FALSE); + } + return; + } + + if (_set_cur_lladdr_obj(self, NM_L3_IPV6LL_STATE_READY, pladdr)) { + _LOGT("changed: address %s is ready", _nm_utils_inet6_ntop(&self->cur_lladdr, sbuf)); +- _lladdr_handle_changed(self); ++ _lladdr_handle_changed(self, FALSE); + } + return; + } +@@ -543,11 +546,17 @@ _check(NML3IPv6LL *self) + * Prematurely abort DAD to generate a new address below. */ + nm_assert( + NM_IN_SET(self->state, NM_L3_IPV6LL_STATE_DAD_IN_PROGRESS, NM_L3_IPV6LL_STATE_READY)); +- if (self->state == NM_L3_IPV6LL_STATE_DAD_IN_PROGRESS) +- _LOGT("changed: address %s did not complete DAD", +- _nm_utils_inet6_ntop(&self->cur_lladdr, sbuf)); +- else { ++ ++ if (cur_addr_failed) { ++ /* On DAD failure, we always try to regenerate a new address. */ ++ _LOGT("changed: address %s failed", _nm_utils_inet6_ntop(&self->cur_lladdr, sbuf)); ++ } else { + _LOGT("changed: address %s is gone", _nm_utils_inet6_ntop(&self->cur_lladdr, sbuf)); ++ /* When the address is removed, we always try to re-add it. */ ++ nm_clear_g_source_inst(&self->wait_for_addr_source); ++ lladdr = self->cur_lladdr; ++ restarted = TRUE; ++ goto commit; + } + + /* reset the state here, so that we are sure that the following +@@ -569,19 +578,20 @@ _check(NML3IPv6LL *self) + if (_set_cur_lladdr_bin(self, NM_L3_IPV6LL_STATE_DAD_FAILED, NULL)) { + _LOGW("changed: no IPv6 link local address to retry after Duplicate Address Detection " + "failures (back off)"); +- _lladdr_handle_changed(self); ++ _lladdr_handle_changed(self, FALSE); + } + return; + } + ++commit: + /* we give NML3Cfg 2 seconds to configure the address on the interface. We + * thus very soon expect to see this address configured (and kernel started DAD). + * If that does not happen within timeout, we assume that this address failed DAD. */ + self->wait_for_addr_source = nm_g_timeout_add_source(2000, _wait_for_addr_timeout_cb, self); +- if (_set_cur_lladdr_bin(self, NM_L3_IPV6LL_STATE_DAD_IN_PROGRESS, &lladdr)) { ++ if (_set_cur_lladdr_bin(self, NM_L3_IPV6LL_STATE_DAD_IN_PROGRESS, &lladdr) || restarted) { + _LOGT("changed: starting DAD for address %s", + _nm_utils_inet6_ntop(&self->cur_lladdr, sbuf)); +- _lladdr_handle_changed(self); ++ _lladdr_handle_changed(self, restarted); + } + return; + } +-- +2.39.2 + diff --git a/SOURCES/1006-fix-read-infiniband-from-ifcfg-rh2209164.patch b/SOURCES/1006-fix-read-infiniband-from-ifcfg-rh2209164.patch new file mode 100644 index 0000000..78fe54f --- /dev/null +++ b/SOURCES/1006-fix-read-infiniband-from-ifcfg-rh2209164.patch @@ -0,0 +1,1299 @@ +From 651cdebe373603ec14d7268452d6661acfdc413f Mon Sep 17 00:00:00 2001 +From: Thomas Haller +Date: Wed, 24 May 2023 09:44:59 +0200 +Subject: [PATCH 1/8] Revert "infiniband: avoid normalizing the p-key when + reading from ifcfg" + +Historically, initscripts' ifup-ib would set the highest bit of +PKEY_ID=. That changed and needs to be restored. + +Note that it probably makes little sense to ever configure p-keys +without the highest bit set, because that flag indicates full membership +and kernel will automatically add it. At least, kernel will add the flag +for the p-key, but not for the automatically chosen interface name. + +Meaning, writing 0x00f0 to create_child sysctl, results in an interface +"$parent.00f0", but `ip -d link` shows pkey 0x80f0. + +As NetworkManager otherwise supports p-keys without the highest bit set, +and since that high bit is honored for the interface name, we cannot +just always add the high bit. NetworkManager always assuming the highest +bit is set, would change the interface names of existing configuration. + +With this revert, when a user configures a small p-key and the profile +is stored in ifcfg-rh format, the settings backend will automatically +mangle the profile and set 0x8000. That is different from when the +profile is stored in keyfile format. Since using small p-keys is +probably an odd case, we don't try to workaround that any other way +(like that ifcfg format could represent the orignal value of the profile +and not doing such mangling, or to add the high bit throughout +NetworkManager to the p-key). It's an inconsistency, but given the +existing behaviors it seems best to stick (revert) to it. + +This reverts commit a4fe16a426097eee263cb3ef831dcea468b1ca26. + +Affected versions were 1.42.2+ and 1.40.2+. + +See-also: https://src.fedoraproject.org/rpms/rdma/blob/05333c3602aa3c1d82a6363521bdd5a498eac6d0/f/rdma.ifup-ib#_75 + +https://bugzilla.redhat.com/show_bug.cgi?id=2209164 +(cherry picked from commit f8e5e07355e23b6d59b1b1c9cd2387c6b40b214b) +(cherry picked from commit a1b73d823f5ec30c240418137d62d183b6ff8ca7) +--- + .../plugins/ifcfg-rh/nms-ifcfg-rh-reader.c | 18 ++++++ + .../plugins/ifcfg-rh/tests/test-ifcfg-rh.c | 57 ++++++++++++++----- + 2 files changed, 60 insertions(+), 15 deletions(-) + +diff --git a/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c b/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c +index 02ba84320134..533379c67868 100644 +--- a/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c ++++ b/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c +@@ -5387,6 +5387,24 @@ parse_infiniband_p_key(shvarFile *ifcfg, int *out_p_key, char **out_parent, GErr + return FALSE; + } + ++ /* The highest bit 0x8000 indicates full membership, which kernel always ++ * automatically sets. ++ * ++ * NetworkManager supports p-keys without the high bit set. That affects ++ * the interface name (nmp_utils_new_infiniband_name()) and is what ++ * we write to "create_child"/"delete_child" sysctl. Kernel will honor ++ * such p-keys for the interface name, but for other purposes it adds the ++ * highest bit. That makes using p-keys without the highest bit odd. ++ * ++ * Historically, /etc/sysconfig/network-scripts/ifup-ib would always add "|=0x8000". ++ * The reader does that too. ++ * ++ * Note that this means ifcfg cannot handle p-keys without the highest bit set, ++ * and when trying to store that to ifcfg format, the profile will be mangled/modified ++ * by the ifcg plugin (unlike keyfile backend, which preserves the original p-key value). ++ */ ++ id |= 0x8000; ++ + *out_p_key = id; + *out_parent = g_steal_pointer(&physdev); + return TRUE; +diff --git a/src/core/settings/plugins/ifcfg-rh/tests/test-ifcfg-rh.c b/src/core/settings/plugins/ifcfg-rh/tests/test-ifcfg-rh.c +index d2ac2b29dbc8..01eb24216aec 100644 +--- a/src/core/settings/plugins/ifcfg-rh/tests/test-ifcfg-rh.c ++++ b/src/core/settings/plugins/ifcfg-rh/tests/test-ifcfg-rh.c +@@ -8383,21 +8383,21 @@ test_read_ipoib(void) + s_infiniband = nmtst_connection_assert_setting(connection, NM_TYPE_SETTING_INFINIBAND); + + pkey = nm_setting_infiniband_get_p_key(s_infiniband); +- g_assert(pkey); +- g_assert_cmpint(pkey, ==, 12); ++ g_assert_cmpint(pkey, ==, 0x800c); + + transport_mode = nm_setting_infiniband_get_transport_mode(s_infiniband); +- g_assert(transport_mode); + g_assert_cmpstr(transport_mode, ==, "connected"); + } + + static void + test_write_infiniband(gconstpointer test_data) + { +- const int TEST_IDX = GPOINTER_TO_INT(test_data); +- nmtst_auto_unlinkfile char *testfile = NULL; +- gs_unref_object NMConnection *connection = NULL; +- gs_unref_object NMConnection *reread = NULL; ++ const int TEST_IDX = GPOINTER_TO_INT(test_data); ++ nmtst_auto_unlinkfile char *testfile = NULL; ++ gs_unref_object NMConnection *connection = NULL; ++ gs_unref_object NMConnection *expected = NULL; ++ gs_unref_object NMConnection *reread = NULL; ++ gboolean reread_same = FALSE; + NMSettingConnection *s_con; + NMSettingInfiniband *s_infiniband; + NMSettingIPConfig *s_ip4; +@@ -8407,6 +8407,7 @@ test_write_infiniband(gconstpointer test_data) + NMIPAddress *addr; + GError *error = NULL; + const char *interface_name = NULL; ++ int p_key; + + connection = nm_simple_connection_new(); + +@@ -8422,14 +8423,21 @@ test_write_infiniband(gconstpointer test_data) + NM_SETTING_INFINIBAND_SETTING_NAME, + NULL); + +- if (NM_IN_SET(TEST_IDX, 1, 3)) +- interface_name = "ib0.000c"; ++ if (NM_IN_SET(TEST_IDX, 1, 2)) ++ p_key = nmtst_get_rand_bool() ? 0x000c : 0x800c; ++ else ++ p_key = -1; ++ ++ if (NM_IN_SET(TEST_IDX, 1, 3)) { ++ if (p_key >= 0x8000) ++ interface_name = "ib0.800c"; ++ } + + g_object_set(s_con, NM_SETTING_CONNECTION_INTERFACE_NAME, interface_name, NULL); + + s_infiniband = _nm_connection_new_setting(connection, NM_TYPE_SETTING_INFINIBAND); + g_object_set(s_infiniband, NM_SETTING_INFINIBAND_TRANSPORT_MODE, "connected", NULL); +- if (NM_IN_SET(TEST_IDX, 1, 2)) { ++ if (p_key == -1) { + g_object_set(s_infiniband, + NM_SETTING_INFINIBAND_MAC_ADDRESS, + mac, +@@ -8439,7 +8447,7 @@ test_write_infiniband(gconstpointer test_data) + } else { + g_object_set(s_infiniband, + NM_SETTING_INFINIBAND_P_KEY, +- 12, ++ p_key, + NM_SETTING_INFINIBAND_PARENT, + "ib0", + NULL); +@@ -8468,13 +8476,32 @@ test_write_infiniband(gconstpointer test_data) + + nmtst_assert_connection_verifies(connection); + +- _writer_new_connection(connection, TEST_SCRATCH_DIR, &testfile); +- +- reread = _connection_from_file(testfile, NULL, TYPE_INFINIBAND, NULL); ++ if (p_key != -1 && p_key < 0x8000) { ++ expected = nm_simple_connection_new_clone(connection); ++ g_object_set(nm_connection_get_setting(expected, NM_TYPE_SETTING_INFINIBAND), ++ NM_SETTING_INFINIBAND_P_KEY, ++ (int) (p_key | 0x8000), ++ NULL); ++ } else ++ expected = g_object_ref(connection); + +- nmtst_assert_connection_equals(connection, TRUE, reread, FALSE); ++ _writer_new_connection_reread(connection, ++ TEST_SCRATCH_DIR, ++ &testfile, ++ NO_EXPECTED, ++ &reread, ++ &reread_same); ++ _assert_reread_same(expected, reread); ++ if (p_key == -1 || p_key > 0x8000) ++ g_assert(reread_same); ++ else ++ g_assert(!reread_same); + + g_assert_cmpstr(interface_name, ==, nm_connection_get_interface_name(reread)); ++ g_assert_cmpint(nm_setting_infiniband_get_p_key( ++ _nm_connection_get_setting(reread, NM_TYPE_SETTING_INFINIBAND)), ++ ==, ++ p_key == -1 ? -1 : (p_key | 0x8000)); + } + + static void +-- +2.40.1 + + +From 9f0fe4115af06f434443e2f9a7409011f09bd383 Mon Sep 17 00:00:00 2001 +From: Thomas Haller +Date: Wed, 24 May 2023 10:44:58 +0200 +Subject: [PATCH 2/8] libnm/docs: clarify behavior of infiniband.p-key property + +(cherry picked from commit ea18e66ef657b55eca941dca3de4949b950e656b) +(cherry picked from commit 1e014d466a7008725e0b2c7cb41b1e00cb7868de) +--- + src/libnm-core-impl/nm-setting-infiniband.c | 19 ++++++++++++++++--- + src/libnmc-setting/settings-docs.h.in | 2 +- + .../generate-docs-nm-settings-nmcli.xml.in | 2 +- + 3 files changed, 18 insertions(+), 5 deletions(-) + +diff --git a/src/libnm-core-impl/nm-setting-infiniband.c b/src/libnm-core-impl/nm-setting-infiniband.c +index 787b838b7694..df296becbaae 100644 +--- a/src/libnm-core-impl/nm-setting-infiniband.c ++++ b/src/libnm-core-impl/nm-setting-infiniband.c +@@ -448,9 +448,20 @@ nm_setting_infiniband_class_init(NMSettingInfinibandClass *klass) + * NMSettingInfiniband:p-key: + * + * The InfiniBand P_Key to use for this device. A value of -1 means to use +- * the default P_Key (aka "the P_Key at index 0"). Otherwise, it is a 16-bit +- * unsigned integer, whose high bit is set if it is a "full membership" +- * P_Key. ++ * the default P_Key (aka "the P_Key at index 0"). Otherwise, it is a ++ * 16-bit unsigned integer, whose high bit 0x8000 is set if it is a "full ++ * membership" P_Key. The values 0 and 0x8000 are not allowed. ++ * ++ * With the p-key set, the interface name is always "$parent.$p_key". ++ * Setting "connection.interface-name" to another name is not supported. ++ * ++ * Note that kernel will internally always set the full membership bit, ++ * although the interface name does not reflect that. Thus, not setting ++ * the high bit is probably not useful. ++ * ++ * If the profile is stored in ifcfg-rh format, then the full membership ++ * bit is automatically added. To get consistent behavior, it is ++ * best to only use p-key values with the full membership bit set. + **/ + /* ---ifcfg-rh--- + * property: p-key +@@ -459,6 +470,8 @@ nm_setting_infiniband_class_init(NMSettingInfinibandClass *klass) + * description: InfiniBand P_Key. The value can be a hex number prefixed with "0x" + * or a decimal number. + * When PKEY_ID is specified, PHYSDEV and DEVICE also must be specified. ++ * Note that ifcfg-rh format will always automatically set the full membership ++ * bit 0x8000. Other p-key cannot be stored. + * example: PKEY=yes PKEY_ID=2 PHYSDEV=mlx4_ib0 DEVICE=mlx4_ib0.8002 + * ---end--- + */ +diff --git a/src/libnmc-setting/settings-docs.h.in b/src/libnmc-setting/settings-docs.h.in +index 6a5f4163485d..172f9b15bb98 100644 +--- a/src/libnmc-setting/settings-docs.h.in ++++ b/src/libnmc-setting/settings-docs.h.in +@@ -153,7 +153,7 @@ + #define DESCRIBE_DOC_NM_SETTING_GSM_USERNAME N_("The username used to authenticate with the network, if required. Many providers do not require a username, or accept any username. But if a username is required, it is specified here.") + #define DESCRIBE_DOC_NM_SETTING_INFINIBAND_MAC_ADDRESS N_("If specified, this connection will only apply to the IPoIB device whose permanent MAC address matches. This property does not change the MAC address of the device (i.e. MAC spoofing).") + #define DESCRIBE_DOC_NM_SETTING_INFINIBAND_MTU N_("If non-zero, only transmit packets of the specified size or smaller, breaking larger packets up into multiple frames.") +-#define DESCRIBE_DOC_NM_SETTING_INFINIBAND_P_KEY N_("The InfiniBand P_Key to use for this device. A value of -1 means to use the default P_Key (aka \"the P_Key at index 0\"). Otherwise, it is a 16-bit unsigned integer, whose high bit is set if it is a \"full membership\" P_Key.") ++#define DESCRIBE_DOC_NM_SETTING_INFINIBAND_P_KEY N_("The InfiniBand P_Key to use for this device. A value of -1 means to use the default P_Key (aka \"the P_Key at index 0\"). Otherwise, it is a 16-bit unsigned integer, whose high bit 0x8000 is set if it is a \"full membership\" P_Key. The values 0 and 0x8000 are not allowed. With the p-key set, the interface name is always \"$parent.$p_key\". Setting \"connection.interface-name\" to another name is not supported. Note that kernel will internally always set the full membership bit, although the interface name does not reflect that. Thus, not setting the high bit is probably not useful. If the profile is stored in ifcfg-rh format, then the full membership bit is automatically added. To get consistent behavior, it is best to only use p-key values with the full membership bit set.") + #define DESCRIBE_DOC_NM_SETTING_INFINIBAND_PARENT N_("The interface name of the parent device of this device. Normally NULL, but if the \"p_key\" property is set, then you must specify the base device by setting either this property or \"mac-address\".") + #define DESCRIBE_DOC_NM_SETTING_INFINIBAND_TRANSPORT_MODE N_("The IP-over-InfiniBand transport mode. Either \"datagram\" or \"connected\".") + #define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_ADDRESSES N_("A list of IPv4 addresses and their prefix length. Multiple addresses can be separated by comma. For example \"192.168.1.5/24, 10.1.0.5/24\". The addresses are listed in decreasing priority, meaning the first address will be the primary address.") +diff --git a/src/nmcli/generate-docs-nm-settings-nmcli.xml.in b/src/nmcli/generate-docs-nm-settings-nmcli.xml.in +index adf7895f0d02..a59dacf2430d 100644 +--- a/src/nmcli/generate-docs-nm-settings-nmcli.xml.in ++++ b/src/nmcli/generate-docs-nm-settings-nmcli.xml.in +@@ -614,7 +614,7 @@ + description="The IP-over-InfiniBand transport mode. Either "datagram" or "connected"." /> + ++ description="The InfiniBand P_Key to use for this device. A value of -1 means to use the default P_Key (aka "the P_Key at index 0"). Otherwise, it is a 16-bit unsigned integer, whose high bit 0x8000 is set if it is a "full membership" P_Key. The values 0 and 0x8000 are not allowed. With the p-key set, the interface name is always "$parent.$p_key". Setting "connection.interface-name" to another name is not supported. Note that kernel will internally always set the full membership bit, although the interface name does not reflect that. Thus, not setting the high bit is probably not useful. If the profile is stored in ifcfg-rh format, then the full membership bit is automatically added. To get consistent behavior, it is best to only use p-key values with the full membership bit set." /> + +-- +2.40.1 + + +From 703b0cf4eb355844821b9e6463458dcada692a65 Mon Sep 17 00:00:00 2001 +From: Thomas Haller +Date: Wed, 24 May 2023 17:32:19 +0200 +Subject: [PATCH 3/8] libnm: normalize interface-name for infiniband profiles + +NetworkManager does not support changing the interface name for +infiniband interfaces. Consequently, we verify that +"connection.interface-name" is either unset or set to the expected +"$parent.$p_key". Anything else wouldn't work anyway and is rejected as +invalid configuration. That brings problems however. + +Rejecting invalid configuration seems fine at first: + + $ nmcli --offline connection add type infiniband infiniband.parent ib0 infiniband.p-key 0x8010 connection.interface-name xxx + Error: Error writing connection: connection.interface-name: interface name of software infiniband device must be 'ib0.8010' or unset (instead it is 'xxx') + +However, when we modify the p-key, we also get an error message: + + $ nmcli --offline connection add type infiniband infiniband.parent ib0 infiniband.p-key 0x8010 connection.interface-name ib0.8010 | + nmcli --offline connection modify infiniband.p-key 5 + Error: Error writing connection: connection.interface-name: interface name of software infiniband device must be 'ib0.0005' or unset (instead it is 'ib0.8010') + +It's worse, because ifcfg-rh reader will mangle the PKEY_ID with |=0x8000 to set +the full membership flag. That means, if you add a profile like + + $ nmcli --offline connection add type infiniband infiniband.parent ib0 infiniband.p-key 0x0010 connection.interface-name ib0.0010 + +it gets written to ifcfg-rh file. Then upon reload it's invalid (as the +interface name mismatches). + +There are multiple solutions for this. For example, ifcfg-rh reader could also +mangle the connection.interface-name, so that the overall result is valid. Or +we could just not validate at all, and accept any bogus interface-name. + +With this patch instead we will just normalize the invalid configuration to +make it right. + + $ nmcli --offline connection add type infiniband infiniband.parent ib0 infiniband.p-key 0x8010 connection.interface-name ib0.8010 | + nmcli --offline connection modify infiniband.p-key 5 + ... + +The downside is that this happens silently, so a user doesn't +notice that configuration is ignored: + + $ nmcli --offline connection add type infiniband infiniband.parent ib0 infiniband.p-key 0x8010 connection.interface-name foo + ... + interface-name=ib0.8010 + +This approach still seems preferable, because setting +"connection.interface-name" for infiniband profiles makes little sense, +so what we care here is to avoid problems. + +(cherry picked from commit 4610fd67e6e795131a358b292ec3fc1ba2a2250f) +(cherry picked from commit 8b2612bfe630cdb676566a8249a14900910f82c5) +--- + src/libnm-core-impl/nm-connection.c | 39 ++++++++++++++++----- + src/libnm-core-impl/nm-setting-infiniband.c | 14 ++++---- + src/libnm-core-impl/tests/test-general.c | 30 +++++++++++++--- + 3 files changed, 63 insertions(+), 20 deletions(-) + +diff --git a/src/libnm-core-impl/nm-connection.c b/src/libnm-core-impl/nm-connection.c +index 2f5bf3570935..67a9034dccba 100644 +--- a/src/libnm-core-impl/nm-connection.c ++++ b/src/libnm-core-impl/nm-connection.c +@@ -1358,18 +1358,41 @@ _normalize_ip_config(NMConnection *self, GHashTable *parameters) + } + + static gboolean +-_normalize_infiniband_mtu(NMConnection *self) ++_normalize_infiniband(NMConnection *self) + { + NMSettingInfiniband *s_infini = nm_connection_get_setting_infiniband(self); ++ gboolean changed = FALSE; ++ const char *interface_name; ++ int p_key; + +- if (!s_infini || nm_setting_infiniband_get_mtu(s_infini) <= NM_INFINIBAND_MAX_MTU +- || !NM_IN_STRSET(nm_setting_infiniband_get_transport_mode(s_infini), +- "datagram", +- "connected")) ++ if (!s_infini) + return FALSE; + +- g_object_set(s_infini, NM_SETTING_INFINIBAND_MTU, (guint) NM_INFINIBAND_MAX_MTU, NULL); +- return TRUE; ++ if (nm_setting_infiniband_get_mtu(s_infini) > NM_INFINIBAND_MAX_MTU) { ++ if (NM_IN_STRSET(nm_setting_infiniband_get_transport_mode(s_infini), ++ "datagram", ++ "connected")) { ++ g_object_set(s_infini, NM_SETTING_INFINIBAND_MTU, (guint) NM_INFINIBAND_MAX_MTU, NULL); ++ changed = TRUE; ++ } ++ } ++ ++ if ((p_key = nm_setting_infiniband_get_p_key(s_infini)) != -1 ++ && (interface_name = nm_connection_get_interface_name(self))) { ++ const char *virtual_iface_name; ++ ++ virtual_iface_name = nm_setting_infiniband_get_virtual_interface_name(s_infini); ++ ++ if (!nm_streq0(interface_name, virtual_iface_name)) { ++ g_object_set(nm_connection_get_setting_connection(self), ++ NM_SETTING_CONNECTION_INTERFACE_NAME, ++ virtual_iface_name, ++ NULL); ++ changed = TRUE; ++ } ++ } ++ ++ return changed; + } + + static gboolean +@@ -2000,7 +2023,7 @@ _connection_normalize(NMConnection *connection, + was_modified |= _normalize_invalid_slave_port_settings(connection); + was_modified |= _normalize_ip_config(connection, parameters); + was_modified |= _normalize_ethernet_link_neg(connection); +- was_modified |= _normalize_infiniband_mtu(connection); ++ was_modified |= _normalize_infiniband(connection); + was_modified |= _normalize_bond_mode(connection); + was_modified |= _normalize_bond_options(connection); + was_modified |= _normalize_wireless_mac_address_randomization(connection); +diff --git a/src/libnm-core-impl/nm-setting-infiniband.c b/src/libnm-core-impl/nm-setting-infiniband.c +index df296becbaae..7b242a539314 100644 +--- a/src/libnm-core-impl/nm-setting-infiniband.c ++++ b/src/libnm-core-impl/nm-setting-infiniband.c +@@ -181,8 +181,8 @@ nm_setting_infiniband_get_virtual_interface_name(NMSettingInfiniband *setting) + static gboolean + verify(NMSetting *setting, NMConnection *connection, GError **error) + { +- NMSettingConnection *s_con = NULL; +- NMSettingInfinibandPrivate *priv = NM_SETTING_INFINIBAND_GET_PRIVATE(setting); ++ NMSettingConnection *s_con; ++ NMSettingInfinibandPrivate *priv = NM_SETTING_INFINIBAND_GET_PRIVATE(setting); + + if (priv->mac_address && !nm_utils_hwaddr_valid(priv->mac_address, INFINIBAND_ALEN)) { + g_set_error_literal(error, +@@ -251,8 +251,10 @@ verify(NMSetting *setting, NMConnection *connection, GError **error) + } + } + +- if (connection) +- s_con = nm_connection_get_setting_connection(connection); ++ /* *** errors above here should be always fatal, below NORMALIZABLE_ERROR *** */ ++ ++ s_con = connection ? nm_connection_get_setting_connection(connection) : NULL; ++ + if (s_con) { + const char *interface_name = nm_setting_connection_get_interface_name(s_con); + +@@ -287,13 +289,11 @@ verify(NMSetting *setting, NMConnection *connection, GError **error) + "%s.%s: ", + NM_SETTING_CONNECTION_SETTING_NAME, + NM_SETTING_CONNECTION_INTERFACE_NAME); +- return FALSE; ++ return NM_SETTING_VERIFY_NORMALIZABLE_ERROR; + } + } + } + +- /* *** errors above here should be always fatal, below NORMALIZABLE_ERROR *** */ +- + if (priv->mtu > NM_INFINIBAND_MAX_MTU) { + /* Traditionally, MTU for "datagram" mode was limited to 2044 + * and for "connected" mode it was 65520. +diff --git a/src/libnm-core-impl/tests/test-general.c b/src/libnm-core-impl/tests/test-general.c +index 1ff3b972a7a0..1feaae3ff5a7 100644 +--- a/src/libnm-core-impl/tests/test-general.c ++++ b/src/libnm-core-impl/tests/test-general.c +@@ -6149,16 +6149,17 @@ test_connection_normalize_slave_type_2(void) + } + + static void +-test_connection_normalize_infiniband_mtu(void) ++test_connection_normalize_infiniband(void) + { + gs_unref_object NMConnection *con = NULL; + NMSettingInfiniband *s_infini; ++ NMSettingConnection *s_con; + guint mtu_regular = nmtst_rand_select(2044, 2045, 65520); + +- con = nmtst_create_minimal_connection("test_connection_normalize_infiniband_mtu", ++ con = nmtst_create_minimal_connection("test_connection_normalize_infiniband", + NULL, + NM_SETTING_INFINIBAND_SETTING_NAME, +- NULL); ++ &s_con); + + s_infini = nm_connection_get_setting_infiniband(con); + g_object_set(s_infini, NM_SETTING_INFINIBAND_TRANSPORT_MODE, "connected", NULL); +@@ -6206,6 +6207,25 @@ test_connection_normalize_infiniband_mtu(void) + NM_CONNECTION_ERROR_INVALID_PROPERTY); + nmtst_connection_normalize(con); + g_assert_cmpint(65520, ==, nm_setting_infiniband_get_mtu(s_infini)); ++ ++ g_object_set(s_infini, ++ NM_SETTING_INFINIBAND_PARENT, ++ "foo", ++ NM_SETTING_INFINIBAND_P_KEY, ++ 0x005c, ++ NULL); ++ nmtst_assert_connection_verifies_without_normalization(con); ++ ++ g_object_set(s_con, NM_SETTING_CONNECTION_INTERFACE_NAME, "foo.005c", NULL); ++ nmtst_assert_connection_verifies_without_normalization(con); ++ ++ g_object_set(s_con, NM_SETTING_CONNECTION_INTERFACE_NAME, "foo", NULL); ++ nmtst_assert_connection_verifies_after_normalization(con, ++ NM_CONNECTION_ERROR, ++ NM_CONNECTION_ERROR_INVALID_PROPERTY); ++ ++ nmtst_connection_normalize(con); ++ g_assert_cmpstr(nm_connection_get_interface_name(con), ==, "foo.005c"); + } + + static void +@@ -11109,8 +11129,8 @@ main(int argc, char **argv) + test_connection_normalize_slave_type_1); + g_test_add_func("/core/general/test_connection_normalize_slave_type_2", + test_connection_normalize_slave_type_2); +- g_test_add_func("/core/general/test_connection_normalize_infiniband_mtu", +- test_connection_normalize_infiniband_mtu); ++ g_test_add_func("/core/general/test_connection_normalize_infiniband", ++ test_connection_normalize_infiniband); + g_test_add_func("/core/general/test_connection_normalize_gateway_never_default", + test_connection_normalize_gateway_never_default); + g_test_add_func("/core/general/test_connection_normalize_may_fail", +-- +2.40.1 + + +From 72e6cbce4a8cbd5060edc5503214dab5cd46ba88 Mon Sep 17 00:00:00 2001 +From: Thomas Haller +Date: Wed, 24 May 2023 21:33:57 +0200 +Subject: [PATCH 4/8] libnm: add + nm_setting_infiniband_create_virtual_interface_name() helper + +(cherry picked from commit fa05d1c1695aacd2d7144a71795463a1f793288a) +(cherry picked from commit e0ed06edefc3eac268f347a9c5aa6208bb9abb77) +--- + src/libnm-core-impl/nm-setting-infiniband.c | 9 ++++++++- + src/libnm-core-intern/nm-core-internal.h | 2 ++ + 2 files changed, 10 insertions(+), 1 deletion(-) + +diff --git a/src/libnm-core-impl/nm-setting-infiniband.c b/src/libnm-core-impl/nm-setting-infiniband.c +index 7b242a539314..6d2ed7fb4828 100644 +--- a/src/libnm-core-impl/nm-setting-infiniband.c ++++ b/src/libnm-core-impl/nm-setting-infiniband.c +@@ -144,6 +144,12 @@ nm_setting_infiniband_get_parent(NMSettingInfiniband *setting) + return NM_SETTING_INFINIBAND_GET_PRIVATE(setting)->parent; + } + ++char * ++nm_setting_infiniband_create_virtual_interface_name(const char *parent, int p_key) ++{ ++ return g_strdup_printf("%s.%04x", parent, p_key); ++} ++ + /** + * nm_setting_infiniband_get_virtual_interface_name: + * @setting: the #NMSettingInfiniband +@@ -172,7 +178,8 @@ nm_setting_infiniband_get_virtual_interface_name(NMSettingInfiniband *setting) + priv->virtual_iface_name_p_key = priv->p_key; + priv->virtual_iface_name_parent_length = len; + g_free(priv->virtual_iface_name); +- priv->virtual_iface_name = g_strdup_printf("%s.%04x", priv->parent, priv->p_key); ++ priv->virtual_iface_name = ++ nm_setting_infiniband_create_virtual_interface_name(priv->parent, priv->p_key); + } + + return priv->virtual_iface_name; +diff --git a/src/libnm-core-intern/nm-core-internal.h b/src/libnm-core-intern/nm-core-internal.h +index 4e1bab4723df..1857e03bbd60 100644 +--- a/src/libnm-core-intern/nm-core-internal.h ++++ b/src/libnm-core-intern/nm-core-internal.h +@@ -321,6 +321,8 @@ typedef gpointer (*NMUtilsCopyFunc)(gpointer); + const char ** + _nm_ip_address_get_attribute_names(const NMIPAddress *addr, gboolean sorted, guint *out_length); + ++char *nm_setting_infiniband_create_virtual_interface_name(const char *parent, int p_key); ++ + #define NM_SETTING_WIRED_S390_OPTION_MAX_LEN 200u + + void _nm_setting_wired_clear_s390_options(NMSettingWired *setting); +-- +2.40.1 + + +From 0bbaa344c57468a57b9f83887fd755fd67701f75 Mon Sep 17 00:00:00 2001 +From: Thomas Haller +Date: Wed, 24 May 2023 21:38:27 +0200 +Subject: [PATCH 5/8] libnm: truncate too long interface name in + nm_setting_infiniband_create_virtual_interface_name() + +This is the same what kernel does, when the parent name is so long +that it would result in a too long overall name. + +We need that the result is still a valid interface name. + +(cherry picked from commit 1009f1f11f991e41f856f2616c0972652f812a85) +(cherry picked from commit 37994cef357506c246f3061d50474c14e425d9a9) +--- + src/libnm-core-impl/nm-setting-infiniband.c | 9 +++++- + src/libnm-core-impl/tests/test-general.c | 32 +++++++++++++++++++++ + 2 files changed, 40 insertions(+), 1 deletion(-) + +diff --git a/src/libnm-core-impl/nm-setting-infiniband.c b/src/libnm-core-impl/nm-setting-infiniband.c +index 6d2ed7fb4828..0753a8db2d81 100644 +--- a/src/libnm-core-impl/nm-setting-infiniband.c ++++ b/src/libnm-core-impl/nm-setting-infiniband.c +@@ -8,8 +8,10 @@ + #include "nm-setting-infiniband.h" + + #include ++#include + #include + ++#include "libnm-platform/nmp-base.h" + #include "nm-utils.h" + #include "nm-utils-private.h" + #include "nm-setting-private.h" +@@ -147,7 +149,12 @@ nm_setting_infiniband_get_parent(NMSettingInfiniband *setting) + char * + nm_setting_infiniband_create_virtual_interface_name(const char *parent, int p_key) + { +- return g_strdup_printf("%s.%04x", parent, p_key); ++ char *s; ++ ++ s = g_strdup_printf("%s.%04x", parent, (guint) p_key); ++ if (strlen(s) >= IFNAMSIZ) ++ s[IFNAMSIZ - 1] = '\0'; ++ return s; + } + + /** +diff --git a/src/libnm-core-impl/tests/test-general.c b/src/libnm-core-impl/tests/test-general.c +index 1feaae3ff5a7..fe070c3ea1f3 100644 +--- a/src/libnm-core-impl/tests/test-general.c ++++ b/src/libnm-core-impl/tests/test-general.c +@@ -6226,6 +6226,38 @@ test_connection_normalize_infiniband(void) + + nmtst_connection_normalize(con); + g_assert_cmpstr(nm_connection_get_interface_name(con), ==, "foo.005c"); ++ ++ g_object_set(s_infini, ++ NM_SETTING_INFINIBAND_PARENT, ++ "x234567890123", ++ NM_SETTING_INFINIBAND_P_KEY, ++ 0x005c, ++ NULL); ++ nmtst_assert_connection_verifies_after_normalization(con, ++ NM_CONNECTION_ERROR, ++ NM_CONNECTION_ERROR_INVALID_PROPERTY); ++ ++ nmtst_connection_normalize(con); ++ g_assert_cmpstr(nm_connection_get_interface_name(con), ==, "x234567890123.0"); ++ ++#define iface_name(parent, p_key, expected) \ ++ G_STMT_START \ ++ { \ ++ gs_free char *_s = nm_setting_infiniband_create_virtual_interface_name((parent), (p_key)); \ ++ \ ++ g_assert(nm_utils_ifname_valid_kernel(_s, NULL)); \ ++ g_assert_cmpstr(_s, ==, (expected)); \ ++ } \ ++ G_STMT_END ++ ++ iface_name("foo", 15, "foo.000f"); ++ iface_name("x23456789012345", 15, "x23456789012345"); ++ iface_name("x2345678901234", 15, "x2345678901234."); ++ iface_name("x234567890123", 15, "x234567890123.0"); ++ iface_name("x23456789012", 15, "x23456789012.00"); ++ iface_name("x2345678901", 15, "x2345678901.000"); ++ iface_name("x234567890", 15, "x234567890.000f"); ++ iface_name("x23456789", 15, "x23456789.000f"); + } + + static void +-- +2.40.1 + + +From 15cb222ac1acfa0e40bcfb15747c32211337c76c Mon Sep 17 00:00:00 2001 +From: Thomas Haller +Date: Wed, 24 May 2023 21:34:00 +0200 +Subject: [PATCH 6/8] ifcfg-rh: adjust infiniband p-key for later normalization + when writing to file + +(cherry picked from commit 82f5bff882a58226c22df1b735d4b434af883102) +(cherry picked from commit a6316c61f09ab2cd169040815faae007077dcbe8) +--- + .../plugins/ifcfg-rh/nms-ifcfg-rh-writer.c | 36 +++++++++++++++---- + 1 file changed, 29 insertions(+), 7 deletions(-) + +diff --git a/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c b/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c +index e340c9fe1374..9610cd647114 100644 +--- a/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c ++++ b/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c +@@ -1023,7 +1023,10 @@ write_wireless_setting(NMConnection *connection, + } + + static gboolean +-write_infiniband_setting(NMConnection *connection, shvarFile *ifcfg, GError **error) ++write_infiniband_setting(NMConnection *connection, ++ shvarFile *ifcfg, ++ char **out_interface_name, ++ GError **error) + { + NMSettingInfiniband *s_infiniband; + const char *mac, *transport_mode, *parent; +@@ -1051,12 +1054,28 @@ write_infiniband_setting(NMConnection *connection, shvarFile *ifcfg, GError **er + + p_key = nm_setting_infiniband_get_p_key(s_infiniband); + if (p_key != -1) { ++ /* The reader normalizes KKEY_ID with |=0x8000. Also do that when ++ * writing the profile so that what we write, is consistent with what ++ * we would read. */ ++ p_key |= 0x8000; ++ + svSetValueStr(ifcfg, "PKEY", "yes"); + svSetValueInt64(ifcfg, "PKEY_ID", p_key); + + parent = nm_setting_infiniband_get_parent(s_infiniband); +- if (parent) +- svSetValueStr(ifcfg, "PHYSDEV", parent); ++ svSetValueStr(ifcfg, "PHYSDEV", parent); ++ ++ if (parent && nm_connection_get_interface_name(connection)) { ++ /* The connection.interface-name depends on the p-key. Also, ++ * nm_connection_normalize() will automatically adjust the ++ * interface-name to match the p-key. ++ * ++ * As we patched the p-key above, also anticipate that change, and ++ * don't write a DEVICE= to the file, which would we normalize ++ * differently, when reading it back. */ ++ *out_interface_name = ++ nm_setting_infiniband_create_virtual_interface_name(parent, p_key); ++ } + } + + svSetValueStr(ifcfg, "TYPE", TYPE_INFINIBAND); +@@ -2094,7 +2113,7 @@ write_dcb_setting(NMConnection *connection, shvarFile *ifcfg, GError **error) + } + + static void +-write_connection_setting(NMSettingConnection *s_con, shvarFile *ifcfg) ++write_connection_setting(NMSettingConnection *s_con, shvarFile *ifcfg, const char *interface_name) + { + guint32 n, i; + nm_auto_free_gstring GString *str = NULL; +@@ -2111,7 +2130,9 @@ write_connection_setting(NMSettingConnection *s_con, shvarFile *ifcfg) + svSetValueStr(ifcfg, "NAME", nm_setting_connection_get_id(s_con)); + svSetValueStr(ifcfg, "UUID", nm_setting_connection_get_uuid(s_con)); + svSetValueStr(ifcfg, "STABLE_ID", nm_setting_connection_get_stable_id(s_con)); +- svSetValueStr(ifcfg, "DEVICE", nm_setting_connection_get_interface_name(s_con)); ++ svSetValueStr(ifcfg, ++ "DEVICE", ++ interface_name ?: nm_setting_connection_get_interface_name(s_con)); + svSetValueBoolean(ifcfg, "ONBOOT", nm_setting_connection_get_autoconnect(s_con)); + + vint = nm_setting_connection_get_autoconnect_priority(s_con); +@@ -3294,6 +3315,7 @@ do_write_construct(NMConnection *connection, + nm_auto_shvar_file_close shvarFile *route_content_svformat = NULL; + nm_auto_free_gstring GString *route_content = NULL; + nm_auto_free_gstring GString *route6_content = NULL; ++ gs_free char *interface_name = NULL; + + nm_assert(NM_IS_CONNECTION(connection)); + nm_assert(_nm_connection_verify(connection, NULL) == NM_SETTING_VERIFY_SUCCESS); +@@ -3399,7 +3421,7 @@ do_write_construct(NMConnection *connection, + if (!write_wireless_setting(connection, ifcfg, secrets, &no_8021x, error)) + return FALSE; + } else if (!strcmp(type, NM_SETTING_INFINIBAND_SETTING_NAME)) { +- if (!write_infiniband_setting(connection, ifcfg, error)) ++ if (!write_infiniband_setting(connection, ifcfg, &interface_name, error)) + return FALSE; + } else if (!strcmp(type, NM_SETTING_BOND_SETTING_NAME)) { + if (!write_bond_setting(connection, ifcfg, &wired, error)) +@@ -3504,7 +3526,7 @@ do_write_construct(NMConnection *connection, + + write_ip_routing_rules(connection, ifcfg, route_ignore); + +- write_connection_setting(s_con, ifcfg); ++ write_connection_setting(s_con, ifcfg, interface_name); + + NM_SET_OUT(out_ifcfg, g_steal_pointer(&ifcfg)); + NM_SET_OUT(out_blobs, g_steal_pointer(&blobs)); +-- +2.40.1 + + +From fe3789da37f394112bdb07ffc7935d935449e17a Mon Sep 17 00:00:00 2001 +From: Thomas Haller +Date: Mon, 5 Jun 2023 08:52:09 +0200 +Subject: [PATCH 7/8] ifcfg-rh/tests: add test for infiniband profile with + PKEY_ID in ifcfg format + +https://bugzilla.redhat.com/show_bug.cgi?id=2209164 +(cherry picked from commit 0d0704eaa02c45e10917ce503f50b4ca885285aa) +(cherry picked from commit 0b56618b198c6cb3f99e84554487dc6eea66d468) +(cherry picked from commit 2cc34244e1d53b4f2ca8efa59755aa68cd663365) +--- + Makefile.am | 4 +- + ...test-infiniband => ifcfg-test-infiniband0} | 0 + .../network-scripts/ifcfg-test-infiniband1 | 12 ++++++ + .../network-scripts/ifcfg-test-infiniband2 | 12 ++++++ + .../plugins/ifcfg-rh/tests/test-ifcfg-rh.c | 38 ++++++++++++++++--- + 5 files changed, 59 insertions(+), 7 deletions(-) + rename src/core/settings/plugins/ifcfg-rh/tests/network-scripts/{ifcfg-test-infiniband => ifcfg-test-infiniband0} (100%) + create mode 100644 src/core/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-infiniband1 + create mode 100644 src/core/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-infiniband2 + +diff --git a/Makefile.am b/Makefile.am +index 7cdb1120ccc3..a42474b714be 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -3457,7 +3457,9 @@ EXTRA_DIST += \ + src/core/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-fcoe-fabric \ + src/core/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-fcoe-vn2vn \ + src/core/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-ibft \ +- src/core/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-infiniband \ ++ src/core/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-infiniband0 \ ++ src/core/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-infiniband1 \ ++ src/core/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-infiniband2 \ + src/core/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-ip6-disabled.cexpected \ + src/core/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-ipoib \ + src/core/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-link_local \ +diff --git a/src/core/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-infiniband b/src/core/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-infiniband0 +similarity index 100% +rename from src/core/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-infiniband +rename to src/core/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-infiniband0 +diff --git a/src/core/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-infiniband1 b/src/core/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-infiniband1 +new file mode 100644 +index 000000000000..dcb7758e6ed9 +--- /dev/null ++++ b/src/core/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-infiniband1 +@@ -0,0 +1,12 @@ ++TYPE=InfiniBand ++HWADDR=80:00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff:00:11:22 ++CONNECTED_MODE=yes ++MTU=65520 ++IPADDR=192.168.2.2 ++NETMASK=255.255.255.0 ++GATEWAY=192.168.2.1 ++ ++DEVICE=ib0.80c1 ++PKEY=yes ++PKEY_ID=0x00c1 ++PHYSDEV=ib0 +diff --git a/src/core/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-infiniband2 b/src/core/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-infiniband2 +new file mode 100644 +index 000000000000..2e6d9edf3ac4 +--- /dev/null ++++ b/src/core/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-infiniband2 +@@ -0,0 +1,12 @@ ++TYPE=InfiniBand ++HWADDR=80:00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff:00:11:22 ++CONNECTED_MODE=yes ++MTU=65520 ++IPADDR=192.168.2.2 ++NETMASK=255.255.255.0 ++GATEWAY=192.168.2.1 ++ ++DEVICE=ib0.00c1 ++PKEY=yes ++PKEY_ID=0x00c1 ++PHYSDEV=ib0 +diff --git a/src/core/settings/plugins/ifcfg-rh/tests/test-ifcfg-rh.c b/src/core/settings/plugins/ifcfg-rh/tests/test-ifcfg-rh.c +index 01eb24216aec..b391aa2392a8 100644 +--- a/src/core/settings/plugins/ifcfg-rh/tests/test-ifcfg-rh.c ++++ b/src/core/settings/plugins/ifcfg-rh/tests/test-ifcfg-rh.c +@@ -8337,8 +8337,9 @@ test_write_bond_port(void) + } + + static void +-test_read_infiniband(void) ++test_read_infiniband(gconstpointer test_data) + { ++ const guint TEST_IDX = GPOINTER_TO_UINT(test_data); + gs_unref_object NMConnection *connection = NULL; + NMSettingInfiniband *s_infiniband; + char *unmanaged = NULL; +@@ -8347,11 +8348,15 @@ test_read_infiniband(void) + 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, + 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22}; + const char *transport_mode; ++ const char *test_files[] = { ++ TEST_IFCFG_DIR "/ifcfg-test-infiniband0", ++ TEST_IFCFG_DIR "/ifcfg-test-infiniband1", ++ TEST_IFCFG_DIR "/ifcfg-test-infiniband2", ++ }; + +- connection = _connection_from_file(TEST_IFCFG_DIR "/ifcfg-test-infiniband", +- NULL, +- TYPE_INFINIBAND, +- &unmanaged); ++ g_assert(TEST_IDX < G_N_ELEMENTS(test_files)); ++ ++ connection = _connection_from_file(test_files[TEST_IDX], NULL, TYPE_INFINIBAND, &unmanaged); + g_assert(!unmanaged); + + s_infiniband = nmtst_connection_assert_setting(connection, NM_TYPE_SETTING_INFINIBAND); +@@ -8363,6 +8368,25 @@ test_read_infiniband(void) + transport_mode = nm_setting_infiniband_get_transport_mode(s_infiniband); + g_assert(transport_mode); + g_assert_cmpstr(transport_mode, ==, "connected"); ++ ++ nmtst_assert_connection_verifies_without_normalization(connection); ++ ++ switch (TEST_IDX) { ++ case 0: ++ g_assert_cmpint(nm_setting_infiniband_get_p_key(s_infiniband), ==, -1); ++ g_assert_cmpstr(nm_setting_infiniband_get_parent(s_infiniband), ==, NULL); ++ g_assert_cmpstr(nm_connection_get_interface_name(connection), ==, "ib0"); ++ break; ++ case 1: ++ case 2: ++ g_assert_cmpint(nm_setting_infiniband_get_p_key(s_infiniband), ==, 0x80c1); ++ g_assert_cmpstr(nm_setting_infiniband_get_parent(s_infiniband), ==, "ib0"); ++ g_assert_cmpstr(nm_connection_get_interface_name(connection), ==, "ib0.80c1"); ++ break; ++ default: ++ g_assert_not_reached(); ++ break; ++ } + } + + static void +@@ -10673,7 +10697,9 @@ main(int argc, char **argv) + + g_test_add_func(TPATH "wifi/read/wep-no-keys", test_read_wifi_wep_no_keys); + g_test_add_func(TPATH "wifi/read/wep-agent-keys", test_read_wifi_wep_agent_keys); +- g_test_add_func(TPATH "infiniband/read", test_read_infiniband); ++ g_test_add_data_func(TPATH "infiniband/read/0", GUINT_TO_POINTER(0), test_read_infiniband); ++ g_test_add_data_func(TPATH "infiniband/read/1", GUINT_TO_POINTER(1), test_read_infiniband); ++ g_test_add_data_func(TPATH "infiniband/read/2", GUINT_TO_POINTER(2), test_read_infiniband); + g_test_add_func(TPATH "ipoib/read", test_read_ipoib); + g_test_add_func(TPATH "vlan/read", test_read_vlan_interface); + g_test_add_func(TPATH "vlan/read-flags-1", test_read_vlan_flags_1); +-- +2.40.1 + + +From 5263adc4c930edb9b0a7e7e38d4fa5682c63fe2d Mon Sep 17 00:00:00 2001 +From: Thomas Haller +Date: Tue, 30 May 2023 17:51:02 +0200 +Subject: [PATCH 8/8] ifcfg: better handle non-full-membership PKEY_ID with new + PKEY_ID_NM variable + +Infiniband profiles can have a p-key set. Both in kernel API +("create_child" sysctl) and in NetworkManager API, that key can range +from 0x0001 to 0xFFFF (0x8000 excluded). NetworkManager does not support +renaming the interface, so kernel always assigns the interface name +"$PHYSDEV.$PKEY_ID" (with $PKEY_ID as 4 character hex digits). + +Note that the highest bit in the p-key (0x8000) is the full-membership +flag. Internally, kernel only supports full-membership so when we create +for example "ib0.00c1" and "ib0.80c1" interfaces, their actually used +p-key is in both cases 0x80c1 and you can see it with `ip -d link`. +Nonetheless, kernel and NetworkManager allow to configure the p-key +without the highest bit set, and the result differs in the interface +name. + +Note that initscripts' ifup-ib0 would always internally coerce the +PKEY_ID variable to have the high bit set ([1]). It also would require +that the `DEVICE=` variable is specified and matches the expected +interface name. So both these configurations are identical and valid: + + DEVICE=ib0.80c1 + PHYSDEV=ib0 + PKEY_ID=0x80c1 + +and + + DEVICE=ib0.80c1 + PHYSDEV=ib0 + PKEY_ID=0x00c1 + +Historically, NetworkManager would also implement the same restrictions +([2], [3], [4]). That meant, not all valid NetworkManager infiniband +profiles could be expressed as ifcfg file. For example, NetworkManager +allows to have "connection.interface-name" (`DEVICE=`) unset (which +ifup-ib and ifcfg reader did not allow). Also, NetworkManager would +allow configuring a "infiniband.p-key" without full membership flag, and +the reader would mangle that. + +This caused various problems to the point that when you configure an +infiniband.p-key with a non-full-membership key, the ifcfg-rh written by +NetworkManager was invalid. Either, you could leave +"connection.interface-name" unset, but then the reader would complain +about missing `DEVICE=`. Or, we could write `DEVICE=ib0.00c1; +PKEY_ID=0x00c1`, which was invalid as we expected `DEVICE=ib0.80c1`. + +This was addressed by rhbz 2122703 ([5]). The fix was to + + - not require a `DEVICE=` ([6]). + - don't mangle the `PKEY_ID=` in the reader ([7]). + +which happened in 1.41.2 and 1.40.2 (rhel-8.8). + +With this change, we could persist any valid infiniband profile to ifcfg +format. We also could read back any valid ifcfg file that NetworkManager +would have written in the past (note that it could not write valid ifcfg +files previously, if the p-key didn't have the full-membership key set). + +The problem is, that users were used to edit ifcfg files by hand, and +users would have files with: + + DEVICE=ib0.80c1 + PHYSDEV=ib0 + PKEY_ID=0x00c1 + +This files had worked before, but now failed to verify as we would +expect `DEVICE=ib0.00c1`. Also, there was a change in behavior that +PKEY_ID is now interpreted without the high bit set. This is reported as +rhbz 2209164 ([8]). + +We will do several things to fix that: + +1) we now normalize the "connection.interface-name" to be valid. It was + not useful to set it anyway, as it was redundant. Complaining about a + redundant setting, which makes little sense to configure, is not useful. + This is done by [9]. + +2) we now again treat PKEY_ID= as if it had 0x8000 flag set. This was done by + [10]. + +With step 1) and 2), we are able to read any existing ifcfg files out +there in the way we did before 1.41.2. + +There is however one piece missing. When we now create a profile using +nmcli/libnm/D-Bus, which has a non-full-membership p-key, then the +profile gets mangled in the process. + +If the user uses NetworkManager API to configure an interface and +chooses a non-full-membership p-key, then this should work the same as +with keyfile plugin (or on rhel-9, where keyfile is the default). Note +that before 1.41.2 it didn't work at all, when the user used ifcfg-rh +backend. Likely(?) there are no users who rely on creating such a profile +with nmcli/libnm/D-Bus and expect to automatically have the p-key +normalized. That didn't work before 1.41.2 and didn't behave that way +between 1.41.2 and now. + +This patch fixes that by introducing a new key PKEY_ID_NM= for holding +the real p-key. Now ifcfg backend is consistent with handling infiniband +profiles, and old, hand-written ifcfg files still work as before. + +There is of course change in behavior, that ifcfg files between 1.41.2 +and now were interpreted differently. But that is bug 2209164 ([8]) and +what we fix here. + +For now strong reasons, we keep writing the PKEY_ID to file too. It's +redundant, but that is what a human might expect there. + +[1] https://src.fedoraproject.org/rpms/rdma/blob/05333c3602aa3c1d82a6363521bdd5a498eac6d0/f/rdma.ifup-ib#_75 +[2] https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/blob/1.40.0/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c#L5386 +[3] https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/cb5606cf1c7a1638fea2858ddd3493a7364f5738#a7a78fccb2c8c945fd09038656ae734c1b0349ab_3493_3532 +[4] https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/cb5606cf1c7a1638fea2858ddd3493a7364f5738#a7a78fccb2c8c945fd09038656ae734c1b0349ab_3493_3506 +[5] https://bugzilla.redhat.com/show_bug.cgi?id=2122703 +[6] https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/4c32dd9d252959b9bab5de6277418939b64d1bb1 +[7] https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/a4fe16a426097eee263cb3ef831dcea468b1ca26 +[8] https://bugzilla.redhat.com/show_bug.cgi?id=2209164 +[9] https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/4610fd67e6e795131a358b292ec3fc1ba2a2250f +[10] https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/f8e5e07355e23b6d59b1b1c9cd2387c6b40b214b + +(cherry picked from commit 5e3e38f291a5bb1499602721401335b1cb585cab) +(cherry picked from commit d8f7fec9e0d395461eab58185398557dc476c716) +(cherry picked from commit cb73ae3f0bbc2a7e083f79f2a0c64a503dc85510) +--- + .../plugins/ifcfg-rh/nms-ifcfg-rh-reader.c | 28 +++++++---------- + .../plugins/ifcfg-rh/nms-ifcfg-rh-utils.c | 1 + + .../plugins/ifcfg-rh/nms-ifcfg-rh-utils.h | 2 +- + .../plugins/ifcfg-rh/nms-ifcfg-rh-writer.c | 30 ++++++++----------- + .../plugins/ifcfg-rh/tests/test-ifcfg-rh.c | 19 ++---------- + src/libnm-core-impl/nm-setting-infiniband.c | 24 +++++++-------- + src/libnmc-setting/settings-docs.h.in | 2 +- + .../generate-docs-nm-settings-nmcli.xml.in | 2 +- + 8 files changed, 42 insertions(+), 66 deletions(-) + +diff --git a/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c b/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c +index 533379c67868..ad14209a3c94 100644 +--- a/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c ++++ b/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c +@@ -5358,6 +5358,7 @@ parse_infiniband_p_key(shvarFile *ifcfg, int *out_p_key, char **out_parent, GErr + gs_free char *physdev = NULL; + gs_free char *pkey_id = NULL; + int id; ++ int fixup_id = 0; + + physdev = svGetValueStr_cp(ifcfg, "PHYSDEV"); + if (!physdev) { +@@ -5368,7 +5369,14 @@ parse_infiniband_p_key(shvarFile *ifcfg, int *out_p_key, char **out_parent, GErr + return FALSE; + } + +- pkey_id = svGetValueStr_cp(ifcfg, "PKEY_ID"); ++ pkey_id = svGetValueStr_cp(ifcfg, "PKEY_ID_NM"); ++ if (!pkey_id) { ++ /* Only check for "$PKEY_ID". That key is interpreted as having the ++ * full membership flag set ("fixup_id"). */ ++ fixup_id = 0x8000; ++ pkey_id = svGetValueStr_cp(ifcfg, "PKEY_ID"); ++ } ++ + if (!pkey_id) { + g_set_error(error, + NM_SETTINGS_ERROR, +@@ -5387,23 +5395,7 @@ parse_infiniband_p_key(shvarFile *ifcfg, int *out_p_key, char **out_parent, GErr + return FALSE; + } + +- /* The highest bit 0x8000 indicates full membership, which kernel always +- * automatically sets. +- * +- * NetworkManager supports p-keys without the high bit set. That affects +- * the interface name (nmp_utils_new_infiniband_name()) and is what +- * we write to "create_child"/"delete_child" sysctl. Kernel will honor +- * such p-keys for the interface name, but for other purposes it adds the +- * highest bit. That makes using p-keys without the highest bit odd. +- * +- * Historically, /etc/sysconfig/network-scripts/ifup-ib would always add "|=0x8000". +- * The reader does that too. +- * +- * Note that this means ifcfg cannot handle p-keys without the highest bit set, +- * and when trying to store that to ifcfg format, the profile will be mangled/modified +- * by the ifcg plugin (unlike keyfile backend, which preserves the original p-key value). +- */ +- id |= 0x8000; ++ id |= fixup_id; + + *out_p_key = id; + *out_parent = g_steal_pointer(&physdev); +diff --git a/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-utils.c b/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-utils.c +index ef4276da7377..7fc33967acb0 100644 +--- a/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-utils.c ++++ b/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-utils.c +@@ -1028,6 +1028,7 @@ const NMSIfcfgKeyTypeInfo nms_ifcfg_well_known_keys[] = { + _KEY_TYPE("PHYSDEV", NMS_IFCFG_KEY_TYPE_IS_PLAIN), + _KEY_TYPE("PKEY", NMS_IFCFG_KEY_TYPE_IS_PLAIN), + _KEY_TYPE("PKEY_ID", NMS_IFCFG_KEY_TYPE_IS_PLAIN), ++ _KEY_TYPE("PKEY_ID_NM", NMS_IFCFG_KEY_TYPE_IS_PLAIN), + _KEY_TYPE("PMF", NMS_IFCFG_KEY_TYPE_IS_PLAIN), + _KEY_TYPE("PORTNAME", NMS_IFCFG_KEY_TYPE_IS_PLAIN), + _KEY_TYPE("POWERSAVE", NMS_IFCFG_KEY_TYPE_IS_PLAIN), +diff --git a/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-utils.h b/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-utils.h +index e3d3d8732103..7302625cc13b 100644 +--- a/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-utils.h ++++ b/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-utils.h +@@ -33,7 +33,7 @@ typedef struct { + NMSIfcfgKeyTypeFlags key_flags; + } NMSIfcfgKeyTypeInfo; + +-extern const NMSIfcfgKeyTypeInfo nms_ifcfg_well_known_keys[257]; ++extern const NMSIfcfgKeyTypeInfo nms_ifcfg_well_known_keys[258]; + + const NMSIfcfgKeyTypeInfo *nms_ifcfg_well_known_key_find_info(const char *key, gssize *out_idx); + +diff --git a/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c b/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c +index 9610cd647114..b78bbe416655 100644 +--- a/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c ++++ b/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c +@@ -1054,28 +1054,24 @@ write_infiniband_setting(NMConnection *connection, + + p_key = nm_setting_infiniband_get_p_key(s_infiniband); + if (p_key != -1) { +- /* The reader normalizes KKEY_ID with |=0x8000. Also do that when +- * writing the profile so that what we write, is consistent with what +- * we would read. */ +- p_key |= 0x8000; +- + svSetValueStr(ifcfg, "PKEY", "yes"); +- svSetValueInt64(ifcfg, "PKEY_ID", p_key); + +- parent = nm_setting_infiniband_get_parent(s_infiniband); +- svSetValueStr(ifcfg, "PHYSDEV", parent); ++ svSetValueInt64(ifcfg, "PKEY_ID", p_key); + +- if (parent && nm_connection_get_interface_name(connection)) { +- /* The connection.interface-name depends on the p-key. Also, +- * nm_connection_normalize() will automatically adjust the +- * interface-name to match the p-key. ++ if (!NM_FLAGS_HAS(p_key, 0x8000)) { ++ /* initscripts' ifup-ib used to always interpret the PKEY_ID with ++ * the full membership flag (0x8000) set. For compatibility, we do ++ * interpret PKEY_ID as having that flag set. + * +- * As we patched the p-key above, also anticipate that change, and +- * don't write a DEVICE= to the file, which would we normalize +- * differently, when reading it back. */ +- *out_interface_name = +- nm_setting_infiniband_create_virtual_interface_name(parent, p_key); ++ * However, now we want to persist a p-key which doesn't have the ++ * flag. Use a NetworkManager specific variable for that. This configuration ++ * is not supported by initscripts' ifup-ib. ++ */ ++ svSetValueInt64(ifcfg, "PKEY_ID_NM", p_key); + } ++ ++ parent = nm_setting_infiniband_get_parent(s_infiniband); ++ svSetValueStr(ifcfg, "PHYSDEV", parent); + } + + svSetValueStr(ifcfg, "TYPE", TYPE_INFINIBAND); +diff --git a/src/core/settings/plugins/ifcfg-rh/tests/test-ifcfg-rh.c b/src/core/settings/plugins/ifcfg-rh/tests/test-ifcfg-rh.c +index b391aa2392a8..b5f830c8660a 100644 +--- a/src/core/settings/plugins/ifcfg-rh/tests/test-ifcfg-rh.c ++++ b/src/core/settings/plugins/ifcfg-rh/tests/test-ifcfg-rh.c +@@ -8419,7 +8419,6 @@ test_write_infiniband(gconstpointer test_data) + const int TEST_IDX = GPOINTER_TO_INT(test_data); + nmtst_auto_unlinkfile char *testfile = NULL; + gs_unref_object NMConnection *connection = NULL; +- gs_unref_object NMConnection *expected = NULL; + gs_unref_object NMConnection *reread = NULL; + gboolean reread_same = FALSE; + NMSettingConnection *s_con; +@@ -8500,32 +8499,20 @@ test_write_infiniband(gconstpointer test_data) + + nmtst_assert_connection_verifies(connection); + +- if (p_key != -1 && p_key < 0x8000) { +- expected = nm_simple_connection_new_clone(connection); +- g_object_set(nm_connection_get_setting(expected, NM_TYPE_SETTING_INFINIBAND), +- NM_SETTING_INFINIBAND_P_KEY, +- (int) (p_key | 0x8000), +- NULL); +- } else +- expected = g_object_ref(connection); +- + _writer_new_connection_reread(connection, + TEST_SCRATCH_DIR, + &testfile, + NO_EXPECTED, + &reread, + &reread_same); +- _assert_reread_same(expected, reread); +- if (p_key == -1 || p_key > 0x8000) +- g_assert(reread_same); +- else +- g_assert(!reread_same); ++ _assert_reread_same(connection, reread); ++ g_assert(reread_same); + + g_assert_cmpstr(interface_name, ==, nm_connection_get_interface_name(reread)); + g_assert_cmpint(nm_setting_infiniband_get_p_key( + _nm_connection_get_setting(reread, NM_TYPE_SETTING_INFINIBAND)), + ==, +- p_key == -1 ? -1 : (p_key | 0x8000)); ++ p_key); + } + + static void +diff --git a/src/libnm-core-impl/nm-setting-infiniband.c b/src/libnm-core-impl/nm-setting-infiniband.c +index 0753a8db2d81..6df92ceb4777 100644 +--- a/src/libnm-core-impl/nm-setting-infiniband.c ++++ b/src/libnm-core-impl/nm-setting-infiniband.c +@@ -461,31 +461,31 @@ nm_setting_infiniband_class_init(NMSettingInfinibandClass *klass) + /** + * NMSettingInfiniband:p-key: + * +- * The InfiniBand P_Key to use for this device. A value of -1 means to use +- * the default P_Key (aka "the P_Key at index 0"). Otherwise, it is a ++ * The InfiniBand p-key to use for this device. A value of -1 means to use ++ * the default p-key (aka "the p-key at index 0"). Otherwise, it is a + * 16-bit unsigned integer, whose high bit 0x8000 is set if it is a "full +- * membership" P_Key. The values 0 and 0x8000 are not allowed. ++ * membership" p-key. The values 0 and 0x8000 are not allowed. + * + * With the p-key set, the interface name is always "$parent.$p_key". + * Setting "connection.interface-name" to another name is not supported. + * + * Note that kernel will internally always set the full membership bit, +- * although the interface name does not reflect that. Thus, not setting +- * the high bit is probably not useful. +- * +- * If the profile is stored in ifcfg-rh format, then the full membership +- * bit is automatically added. To get consistent behavior, it is +- * best to only use p-key values with the full membership bit set. ++ * although the interface name does not reflect that. Usually the user ++ * would want to configure a full membership p-key with 0x8000 flag set. + **/ + /* ---ifcfg-rh--- + * property: p-key +- * variable: PKEY_ID (and PKEY=yes) ++ * variable: PKEY_ID or PKEY_ID_NM(*) (requires PKEY=yes) + * default: PKEY=no + * description: InfiniBand P_Key. The value can be a hex number prefixed with "0x" + * or a decimal number. +- * When PKEY_ID is specified, PHYSDEV and DEVICE also must be specified. ++ * When PKEY_ID is specified, PHYSDEV must be specified. + * Note that ifcfg-rh format will always automatically set the full membership +- * bit 0x8000. Other p-key cannot be stored. ++ * flag 0x8000 for the PKEY_ID variable. To express IDs without the full membership ++ * flag, use PKEY_ID_NM. Note that kernel internally treats the interface as ++ * having the full membership flag set, this mainly affects the interface name. ++ * For the ifcfg file to be supported by initscripts' ifup-ib, the DEVICE= ++ * must always be set. NetworkManager does not require that. + * example: PKEY=yes PKEY_ID=2 PHYSDEV=mlx4_ib0 DEVICE=mlx4_ib0.8002 + * ---end--- + */ +diff --git a/src/libnmc-setting/settings-docs.h.in b/src/libnmc-setting/settings-docs.h.in +index 172f9b15bb98..c3fa316cf65a 100644 +--- a/src/libnmc-setting/settings-docs.h.in ++++ b/src/libnmc-setting/settings-docs.h.in +@@ -153,7 +153,7 @@ + #define DESCRIBE_DOC_NM_SETTING_GSM_USERNAME N_("The username used to authenticate with the network, if required. Many providers do not require a username, or accept any username. But if a username is required, it is specified here.") + #define DESCRIBE_DOC_NM_SETTING_INFINIBAND_MAC_ADDRESS N_("If specified, this connection will only apply to the IPoIB device whose permanent MAC address matches. This property does not change the MAC address of the device (i.e. MAC spoofing).") + #define DESCRIBE_DOC_NM_SETTING_INFINIBAND_MTU N_("If non-zero, only transmit packets of the specified size or smaller, breaking larger packets up into multiple frames.") +-#define DESCRIBE_DOC_NM_SETTING_INFINIBAND_P_KEY N_("The InfiniBand P_Key to use for this device. A value of -1 means to use the default P_Key (aka \"the P_Key at index 0\"). Otherwise, it is a 16-bit unsigned integer, whose high bit 0x8000 is set if it is a \"full membership\" P_Key. The values 0 and 0x8000 are not allowed. With the p-key set, the interface name is always \"$parent.$p_key\". Setting \"connection.interface-name\" to another name is not supported. Note that kernel will internally always set the full membership bit, although the interface name does not reflect that. Thus, not setting the high bit is probably not useful. If the profile is stored in ifcfg-rh format, then the full membership bit is automatically added. To get consistent behavior, it is best to only use p-key values with the full membership bit set.") ++#define DESCRIBE_DOC_NM_SETTING_INFINIBAND_P_KEY N_("The InfiniBand p-key to use for this device. A value of -1 means to use the default p-key (aka \"the p-key at index 0\"). Otherwise, it is a 16-bit unsigned integer, whose high bit 0x8000 is set if it is a \"full membership\" p-key. The values 0 and 0x8000 are not allowed. With the p-key set, the interface name is always \"$parent.$p_key\". Setting \"connection.interface-name\" to another name is not supported. Note that kernel will internally always set the full membership bit, although the interface name does not reflect that. Usually the user would want to configure a full membership p-key with 0x8000 flag set.") + #define DESCRIBE_DOC_NM_SETTING_INFINIBAND_PARENT N_("The interface name of the parent device of this device. Normally NULL, but if the \"p_key\" property is set, then you must specify the base device by setting either this property or \"mac-address\".") + #define DESCRIBE_DOC_NM_SETTING_INFINIBAND_TRANSPORT_MODE N_("The IP-over-InfiniBand transport mode. Either \"datagram\" or \"connected\".") + #define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_ADDRESSES N_("A list of IPv4 addresses and their prefix length. Multiple addresses can be separated by comma. For example \"192.168.1.5/24, 10.1.0.5/24\". The addresses are listed in decreasing priority, meaning the first address will be the primary address.") +diff --git a/src/nmcli/generate-docs-nm-settings-nmcli.xml.in b/src/nmcli/generate-docs-nm-settings-nmcli.xml.in +index a59dacf2430d..373d39a60b9d 100644 +--- a/src/nmcli/generate-docs-nm-settings-nmcli.xml.in ++++ b/src/nmcli/generate-docs-nm-settings-nmcli.xml.in +@@ -614,7 +614,7 @@ + description="The IP-over-InfiniBand transport mode. Either "datagram" or "connected"." /> + ++ description="The InfiniBand p-key to use for this device. A value of -1 means to use the default p-key (aka "the p-key at index 0"). Otherwise, it is a 16-bit unsigned integer, whose high bit 0x8000 is set if it is a "full membership" p-key. The values 0 and 0x8000 are not allowed. With the p-key set, the interface name is always "$parent.$p_key". Setting "connection.interface-name" to another name is not supported. Note that kernel will internally always set the full membership bit, although the interface name does not reflect that. Usually the user would want to configure a full membership p-key with 0x8000 flag set." /> + +-- +2.40.1 + diff --git a/SOURCES/1007-unblock-autoconnect-on-reapply-rh2207690.patch b/SOURCES/1007-unblock-autoconnect-on-reapply-rh2207690.patch new file mode 100644 index 0000000..9349998 --- /dev/null +++ b/SOURCES/1007-unblock-autoconnect-on-reapply-rh2207690.patch @@ -0,0 +1,47 @@ +From 04c0fffdc3a24b66fcfd2e55714bc1308c219c24 Mon Sep 17 00:00:00 2001 +From: Gris Ge +Date: Tue, 27 Jun 2023 15:02:54 +0800 +Subject: [PATCH 1/1] setting-connection: Unblock autoconnect upon finish of + `Reapply` + +The activation of a connection will clear the block of autoconnect, +we should do the same for reapply. + +Signed-off-by: Gris Ge +(cherry picked from commit 0486efd3584c70179072f611e63b9c0ff6851b80) +(cherry picked from commit 18ce5f43bd16b3cc394424619652c782cb3795c3) +(cherry picked from commit 2695396939d2a867145f7db569aaf5cc6b0d742c) +--- + src/core/devices/nm-device.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git a/src/core/devices/nm-device.c b/src/core/devices/nm-device.c +index 31acc1c1fe6b..2ac55fa83cbe 100644 +--- a/src/core/devices/nm-device.c ++++ b/src/core/devices/nm-device.c +@@ -12826,6 +12826,7 @@ check_and_reapply_connection(NMDevice *self, + NMConnection *con_old; + NMConnection *con_new; + GHashTableIter iter; ++ NMSettingsConnection *sett_conn; + + if (priv->state < NM_DEVICE_STATE_PREPARE || priv->state > NM_DEVICE_STATE_ACTIVATED) { + g_set_error_literal(error, +@@ -12998,6 +12999,14 @@ check_and_reapply_connection(NMDevice *self, + if (priv->state >= NM_DEVICE_STATE_ACTIVATED) + nm_device_update_metered(self); + ++ sett_conn = nm_device_get_settings_connection(self); ++ if (sett_conn) { ++ nm_settings_connection_autoconnect_blocked_reason_set( ++ sett_conn, ++ NM_SETTINGS_AUTO_CONNECT_BLOCKED_REASON_USER_REQUEST, ++ FALSE); ++ } ++ + return TRUE; + } + +-- +2.40.1 + diff --git a/SOURCES/1008-cloud-setup-fix-terminating-in-reconfig-rh2221903.patch b/SOURCES/1008-cloud-setup-fix-terminating-in-reconfig-rh2221903.patch new file mode 100644 index 0000000..a9f7b86 --- /dev/null +++ b/SOURCES/1008-cloud-setup-fix-terminating-in-reconfig-rh2221903.patch @@ -0,0 +1,190 @@ +From 1e74f06a69d0f01753d6f2f071202a41b92239bc Mon Sep 17 00:00:00 2001 +From: Thomas Haller +Date: Wed, 31 May 2023 13:06:22 +0200 +Subject: [PATCH 1/2] cloud-setup: fix terminating in the middle of + reconfiguring the system + +Once we start reconfiguring the system, we need to finish on all +interfaces. Otherwise, we might reconfigure some interfaces, abort +and leave the network broken. When that happens, a subsequent run +might also be unable to recover, because we are unable to reach the +HTTP meta data service. + +https://bugzilla.redhat.com/show_bug.cgi?id=2207812 + +Fixes: 69f048bf0ca3 ('cloud-setup: add tool for automatic IP configuration in cloud') +(cherry picked from commit dab114f038f39e07080f71426d70e84449890088) +(cherry picked from commit 0a033798ac646c80669ab5d8a15362583f4d8ba4) +(cherry picked from commit fe243025e5751dda2e5a3694953f92c87372e008) +--- + src/nm-cloud-setup/main.c | 49 ++++++++++++++++++++++++++------------- + 1 file changed, 33 insertions(+), 16 deletions(-) + +diff --git a/src/nm-cloud-setup/main.c b/src/nm-cloud-setup/main.c +index e1cbd1d4d8..01e41bd72e 100644 +--- a/src/nm-cloud-setup/main.c ++++ b/src/nm-cloud-setup/main.c +@@ -15,6 +15,12 @@ + + /*****************************************************************************/ + ++typedef struct { ++ GCancellable *cancellable; ++ gboolean enabled; ++ gboolean signal_received; ++} SigTermData; ++ + typedef struct { + GMainLoop *main_loop; + GCancellable *cancellable; +@@ -444,7 +450,7 @@ _nmc_mangle_connection(NMDevice *device, + /*****************************************************************************/ + + static gboolean +-_config_one(GCancellable *sigterm_cancellable, ++_config_one(SigTermData *sigterm_data, + NMClient *nmc, + const NMCSProviderGetConfigResult *result, + guint idx) +@@ -464,7 +470,7 @@ _config_one(GCancellable *sigterm_cancellable, + + g_main_context_iteration(NULL, FALSE); + +- if (g_cancellable_is_cancelled(sigterm_cancellable)) ++ if (g_cancellable_is_cancelled(sigterm_data->cancellable)) + return FALSE; + + device = nm_g_object_ref(_nmc_get_device_by_hwaddr(nmc, hwaddr)); +@@ -498,7 +504,7 @@ try_again: + g_clear_error(&error); + + applied_connection = nmcs_device_get_applied_connection(device, +- sigterm_cancellable, ++ sigterm_data->cancellable, + &applied_version_id, + &error); + if (!applied_connection) { +@@ -560,8 +566,12 @@ try_again: + * during package upgrade. */ + maybe_no_preserved_external_ip = TRUE; + ++ /* Once we start reconfiguring the system, we cannot abort in the middle. From now on, ++ * any SIGTERM gets ignored until we are done. */ ++ sigterm_data->enabled = FALSE; ++ + if (!nmcs_device_reapply(device, +- sigterm_cancellable, ++ NULL, + applied_connection, + applied_version_id, + maybe_no_preserved_external_ip, +@@ -592,15 +602,13 @@ try_again: + } + + static gboolean +-_config_all(GCancellable *sigterm_cancellable, +- NMClient *nmc, +- const NMCSProviderGetConfigResult *result) ++_config_all(SigTermData *sigterm_data, NMClient *nmc, const NMCSProviderGetConfigResult *result) + { + gboolean any_changes = FALSE; + guint i; + + for (i = 0; i < result->n_iface_datas; i++) { +- if (_config_one(sigterm_cancellable, nmc, result, i)) ++ if (_config_one(sigterm_data, nmc, result, i)) + any_changes = TRUE; + } + +@@ -612,13 +620,16 @@ _config_all(GCancellable *sigterm_cancellable, + static gboolean + sigterm_handler(gpointer user_data) + { +- GCancellable *sigterm_cancellable = user_data; ++ SigTermData *sigterm_data = user_data; + +- if (!g_cancellable_is_cancelled(sigterm_cancellable)) { +- _LOGD("SIGTERM received"); +- g_cancellable_cancel(user_data); +- } else +- _LOGD("SIGTERM received (again)"); ++ _LOGD("SIGTERM received (%s) (%s)", ++ sigterm_data->signal_received ? "first time" : "again", ++ sigterm_data->enabled ? "cancel operation" : "ignore"); ++ ++ sigterm_data->signal_received = TRUE; ++ ++ if (sigterm_data->enabled) ++ g_cancellable_cancel(sigterm_data->cancellable); + return G_SOURCE_CONTINUE; + } + +@@ -633,6 +644,7 @@ main(int argc, const char *const *argv) + gs_unref_object NMClient *nmc = NULL; + nm_auto_free_nmcs_provider_get_config_result NMCSProviderGetConfigResult *result = NULL; + gs_free_error GError *error = NULL; ++ SigTermData sigterm_data; + + _nm_logging_enabled_init(g_getenv(NMCS_ENV_VARIABLE("NM_CLOUD_SETUP_LOG"))); + +@@ -645,7 +657,12 @@ main(int argc, const char *const *argv) + + sigterm_cancellable = g_cancellable_new(); + +- sigterm_source = nm_g_unix_signal_add_source(SIGTERM, sigterm_handler, sigterm_cancellable); ++ sigterm_data = (SigTermData){ ++ .cancellable = sigterm_cancellable, ++ .enabled = TRUE, ++ .signal_received = FALSE, ++ }; ++ sigterm_source = nm_g_unix_signal_add_source(SIGTERM, sigterm_handler, &sigterm_data); + + provider = _provider_detect(sigterm_cancellable); + if (!provider) +@@ -676,7 +693,7 @@ main(int argc, const char *const *argv) + if (!result) + goto done; + +- if (_config_all(sigterm_cancellable, nmc, result)) ++ if (_config_all(&sigterm_data, nmc, result)) + _LOGI("some changes were applied for provider %s", nmcs_provider_get_name(provider)); + else + _LOGD("no changes were applied for provider %s", nmcs_provider_get_name(provider)); +-- +2.40.1 + +From 1d148ee9592e1292a62f1d932c85d4ca94e9d642 Mon Sep 17 00:00:00 2001 +From: Thomas Haller +Date: Mon, 5 Jun 2023 13:04:53 +0200 +Subject: [PATCH 2/2] cloud-setup: clear error variable in + nmcs_device_reapply() + +This is rather bad, because if we reach the "goto again" case, +the error variable is not cleared. Subsequently passing the +error location to nm_device_reapply_finish() will trigger a glib +warning. + +Fixes: 29b0420be72f ('nm-cloud-setup: set preserve-external-ip flag during reapply') +(cherry picked from commit c70a5470be034c660b426ebdbef9e8e67609ece7) +(cherry picked from commit 98be3dd5acafa88e7477dcbb9d6420cb2e73ec01) +(cherry picked from commit 5cc38d1c6b1d76b1fa93cba021cf6a5472f12fa4) +--- + src/nm-cloud-setup/nm-cloud-setup-utils.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/nm-cloud-setup/nm-cloud-setup-utils.c b/src/nm-cloud-setup/nm-cloud-setup-utils.c +index 7cf7959241..1410ecf7c1 100644 +--- a/src/nm-cloud-setup/nm-cloud-setup-utils.c ++++ b/src/nm-cloud-setup/nm-cloud-setup-utils.c +@@ -833,6 +833,8 @@ nmcs_device_reapply(NMDevice *device, + NMDeviceReapplyFlags reapply_flags = NM_DEVICE_REAPPLY_FLAGS_PRESERVE_EXTERNAL_IP; + + again: ++ g_clear_error(&data.error); ++ + nm_device_reapply_async(device, + connection, + version_id, +-- +2.40.1 + diff --git a/SOURCES/1009-manager-allow-controller-activation-if-device-is-dea-rhel-5119.patch b/SOURCES/1009-manager-allow-controller-activation-if-device-is-dea-rhel-5119.patch new file mode 100644 index 0000000..f6c1921 --- /dev/null +++ b/SOURCES/1009-manager-allow-controller-activation-if-device-is-dea-rhel-5119.patch @@ -0,0 +1,50 @@ +From a5826caf0607ca3c490bdc76d1d453226ca2e191 Mon Sep 17 00:00:00 2001 +From: Fernando Fernandez Mancera +Date: Tue, 18 Jul 2023 13:46:30 +0200 +Subject: [PATCH] manager: allow controller activation if device is + deactivating + +When activating a port connection it will require the controller +connection is active or a valid controller device candidate is available +for activation. + +One of the conditions we consider for a controller device to be a valid +candidate for the connection is that it is not active, therefore we +should also consider as valid a device that is currently deactivating. +Otherwise, we could fail during the port activation just because the +deactivation of the controller device candidate didn't finish yet. + +https://bugzilla.redhat.com/show_bug.cgi?id=2125615 + +https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1693 +(cherry picked from commit fb362e0583fe9b75269220c7c8b966e2247084ea) +(cherry picked from commit 43f244ef2e4c4052fe708b77244444ee7eff238c) +(cherry picked from commit 401f153dfb52d12495bb39899f2b4dde7dfb72ce) +--- + src/core/nm-manager.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/src/core/nm-manager.c b/src/core/nm-manager.c +index 822df7ad3b..4ef87a5d83 100644 +--- a/src/core/nm-manager.c ++++ b/src/core/nm-manager.c +@@ -4608,11 +4608,11 @@ ensure_master_active_connection(NMManager *self, + NULL)) + continue; + +- if (!nm_device_is_software(candidate)) { +- master_state = nm_device_get_state(candidate); +- if (nm_device_is_real(candidate) && master_state != NM_DEVICE_STATE_DISCONNECTED) +- continue; +- } ++ if (nm_device_is_real(candidate) ++ && !NM_IN_SET(nm_device_get_state(candidate), ++ NM_DEVICE_STATE_DISCONNECTED, ++ NM_DEVICE_STATE_DEACTIVATING)) ++ continue; + + master_ac = nm_manager_activate_connection( + self, +-- +2.41.0 + diff --git a/SOURCES/1010-fix-l3cd-comparison-rhel-8423.patch b/SOURCES/1010-fix-l3cd-comparison-rhel-8423.patch new file mode 100644 index 0000000..e4c9326 --- /dev/null +++ b/SOURCES/1010-fix-l3cd-comparison-rhel-8423.patch @@ -0,0 +1,90 @@ +From a7005248bbd8d563962c6a68ed7f1ead58e9df26 Mon Sep 17 00:00:00 2001 +From: Beniamino Galvani +Date: Tue, 28 Mar 2023 09:32:13 +0200 +Subject: [PATCH] core: fix l3cd comparison + +NM_CMP_SELF(a, b) returns immediately if the objects are the same. + +Fixes: cb29244552af ('core: support compare flags in nm_l3_config_data_cmp_full()') +Fixes-test: @dracut_NM_iSCSI_ibft_table + +https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1583 +(cherry picked from commit 0a02995175e06e62924705393121a1c5efc3822d) +(cherry picked from commit 5d95c20787077a91d684259d67f2e0ff3a1d7a1a) +(cherry picked from commit 1395171326e84eafbf2f372c232bf27a4ed79481) +--- + src/core/nm-l3-config-data.c | 55 ++++++++++++++++++------------------ + 1 file changed, 28 insertions(+), 27 deletions(-) + +diff --git a/src/core/nm-l3-config-data.c b/src/core/nm-l3-config-data.c +index d4c7f0c5fb..afdd53920d 100644 +--- a/src/core/nm-l3-config-data.c ++++ b/src/core/nm-l3-config-data.c +@@ -2278,36 +2278,37 @@ nm_l3_config_data_cmp_full(const NML3ConfigData *a, + const NMPObject *def_route_a = a->best_default_route_x[IS_IPv4]; + const NMPObject *def_route_b = b->best_default_route_x[IS_IPv4]; + +- NM_CMP_SELF(def_route_a, def_route_b); +- +- if (NM_FLAGS_HAS(flags, NM_L3_CONFIG_CMP_FLAGS_ROUTES)) { +- NM_CMP_RETURN(nmp_object_cmp_full(def_route_a, +- def_route_b, +- NM_FLAGS_HAS(flags, NM_L3_CONFIG_CMP_FLAGS_IFINDEX) +- ? NMP_OBJECT_CMP_FLAGS_NONE +- : NMP_OBJECT_CMP_FLAGS_IGNORE_IFINDEX)); +- } else if (NM_FLAGS_HAS(flags, NM_L3_CONFIG_CMP_FLAGS_ROUTES_ID)) { +- if (NM_FLAGS_HAS(flags, NM_L3_CONFIG_CMP_FLAGS_IFINDEX)) { +- NM_CMP_DIRECT(def_route_a->obj_with_ifindex.ifindex, +- def_route_b->obj_with_ifindex.ifindex); +- } ++ if (def_route_a != def_route_b) { ++ if (NM_FLAGS_HAS(flags, NM_L3_CONFIG_CMP_FLAGS_ROUTES)) { ++ NM_CMP_RETURN( ++ nmp_object_cmp_full(def_route_a, ++ def_route_b, ++ NM_FLAGS_HAS(flags, NM_L3_CONFIG_CMP_FLAGS_IFINDEX) ++ ? NMP_OBJECT_CMP_FLAGS_NONE ++ : NMP_OBJECT_CMP_FLAGS_IGNORE_IFINDEX)); ++ } else if (NM_FLAGS_HAS(flags, NM_L3_CONFIG_CMP_FLAGS_ROUTES_ID)) { ++ if (NM_FLAGS_HAS(flags, NM_L3_CONFIG_CMP_FLAGS_IFINDEX)) { ++ NM_CMP_DIRECT(def_route_a->obj_with_ifindex.ifindex, ++ def_route_b->obj_with_ifindex.ifindex); ++ } + +- if (IS_IPv4) { +- NMPlatformIP4Route ra = def_route_a->ip4_route; +- NMPlatformIP4Route rb = def_route_b->ip4_route; ++ if (IS_IPv4) { ++ NMPlatformIP4Route ra = def_route_a->ip4_route; ++ NMPlatformIP4Route rb = def_route_b->ip4_route; + +- NM_CMP_DIRECT(ra.metric, rb.metric); +- NM_CMP_DIRECT(ra.plen, rb.plen); +- NM_CMP_RETURN_DIRECT( +- nm_utils_ip4_address_same_prefix_cmp(ra.network, rb.network, ra.plen)); +- } else { +- NMPlatformIP6Route ra = def_route_a->ip6_route; +- NMPlatformIP6Route rb = def_route_b->ip6_route; ++ NM_CMP_DIRECT(ra.metric, rb.metric); ++ NM_CMP_DIRECT(ra.plen, rb.plen); ++ NM_CMP_RETURN_DIRECT( ++ nm_utils_ip4_address_same_prefix_cmp(ra.network, rb.network, ra.plen)); ++ } else { ++ NMPlatformIP6Route ra = def_route_a->ip6_route; ++ NMPlatformIP6Route rb = def_route_b->ip6_route; + +- NM_CMP_DIRECT(ra.metric, rb.metric); +- NM_CMP_DIRECT(ra.plen, rb.plen); +- NM_CMP_RETURN_DIRECT( +- nm_utils_ip6_address_same_prefix_cmp(&ra.network, &rb.network, ra.plen)); ++ NM_CMP_DIRECT(ra.metric, rb.metric); ++ NM_CMP_DIRECT(ra.plen, rb.plen); ++ NM_CMP_RETURN_DIRECT( ++ nm_utils_ip6_address_same_prefix_cmp(&ra.network, &rb.network, ra.plen)); ++ } + } + } + +-- +2.41.0 + diff --git a/SOURCES/1011-dispatch-dns-change-event-rhel-10195.patch b/SOURCES/1011-dispatch-dns-change-event-rhel-10195.patch new file mode 100644 index 0000000..d4432bf --- /dev/null +++ b/SOURCES/1011-dispatch-dns-change-event-rhel-10195.patch @@ -0,0 +1,299 @@ +From 818352a0342358f4c62465aa5b3590b8e5fb924d Mon Sep 17 00:00:00 2001 +From: Gris Ge +Date: Tue, 26 Sep 2023 15:00:32 +0800 +Subject: [PATCH 1/2] emit DNS CONFIG_CHANGED signal even dns=none + +Instruct the `NMDnsManager` to emit `CONFIG_CHANGED` signal even +`dns=none` or failed to modify `/etc/resolv.conf`. + +The `NMPolicy` will only update hostname when DNS is managed. + +Signed-off-by: Gris Ge +(cherry picked from commit a847ba807572c3ef3682e833432f2f93e9d519a0) +(cherry picked from commit d10f20fd01a7bb3225c7e38ed80449e19156344b) +(cherry picked from commit e0f3a91a95d45f729bd42956617aafb84e26a47b) +(cherry picked from commit cd9ebfd2bb76b99b861af1272f5ef9bb0d279008) +--- + src/core/dns/nm-dns-manager.c | 12 +++++++++++- + src/core/dns/nm-dns-manager.h | 2 ++ + src/core/nm-policy.c | 10 ++++++---- + 3 files changed, 19 insertions(+), 5 deletions(-) + +diff --git a/src/core/dns/nm-dns-manager.c b/src/core/dns/nm-dns-manager.c +index 416a9bf915..2d5f1245b3 100644 +--- a/src/core/dns/nm-dns-manager.c ++++ b/src/core/dns/nm-dns-manager.c +@@ -1907,7 +1907,7 @@ plugin_skip:; + } + + /* signal that DNS resolution configs were changed */ +- if ((do_update || caching || force_emit) && result == SR_SUCCESS) ++ if ((caching || force_emit) && result == SR_SUCCESS) + g_signal_emit(self, signals[CONFIG_CHANGED], 0); + + nm_clear_pointer(&priv->config_variant, g_variant_unref); +@@ -1923,6 +1923,16 @@ plugin_skip:; + return TRUE; + } + ++gboolean ++nm_dns_manager_is_unmanaged(NMDnsManager *self) ++{ ++ NMDnsManagerPrivate *priv = NM_DNS_MANAGER_GET_PRIVATE(self); ++ ++ return NM_IN_SET(priv->rc_manager, ++ NM_DNS_MANAGER_RESOLV_CONF_MAN_UNMANAGED, ++ NM_DNS_MANAGER_RESOLV_CONF_MAN_IMMUTABLE); ++} ++ + /*****************************************************************************/ + + gboolean +diff --git a/src/core/dns/nm-dns-manager.h b/src/core/dns/nm-dns-manager.h +index b41bf1ccf2..b697b3e380 100644 +--- a/src/core/dns/nm-dns-manager.h ++++ b/src/core/dns/nm-dns-manager.h +@@ -148,4 +148,6 @@ char *nmtst_dns_create_resolv_conf(const char *const *searches, + const char *const *nameservers, + const char *const *options); + ++gboolean nm_dns_manager_is_unmanaged(NMDnsManager *self); ++ + #endif /* __NETWORKMANAGER_DNS_MANAGER_H__ */ +diff --git a/src/core/nm-policy.c b/src/core/nm-policy.c +index 0b7c9eddca..d9e7643fa2 100644 +--- a/src/core/nm-policy.c ++++ b/src/core/nm-policy.c +@@ -2563,11 +2563,13 @@ dns_config_changed(NMDnsManager *dns_manager, gpointer user_data) + if (priv->updating_dns) + return; + +- nm_manager_for_each_device (priv->manager, device, tmp_lst) { +- nm_device_clear_dns_lookup_data(device, "DNS configuration changed"); +- } ++ if (!nm_dns_manager_is_unmanaged(dns_manager)) { ++ nm_manager_for_each_device (priv->manager, device, tmp_lst) { ++ nm_device_clear_dns_lookup_data(device, "DNS configuration changed"); ++ } + +- update_system_hostname(self, "DNS configuration changed"); ++ update_system_hostname(self, "DNS configuration changed"); ++ } + } + + static void +-- +2.41.0 + + +From 206d974bfbd3f0496d2263ec8a12ee58ce085b0e Mon Sep 17 00:00:00 2001 +From: Gris Ge +Date: Wed, 18 Oct 2023 15:03:13 +0800 +Subject: [PATCH 2/2] dispatch `dns-change` dispatcher event + +Introducing new dispatcher event -- `dns-change` which will be emitted when +DNS configuration changed(even in `dns=none` mode). This is to solve two +use cases: + * Invoke dispatch script for DNS changes triggered by the global DNS + API. + + * Do not invoke [OpenShift resolv-prepender][1] for non-DNS changes. + +Bug reference: https://issues.redhat.com/browse/RHEL-1671 + +[1]: https://github.com/openshift/machine-config-operator/blob/master/templates/common/on-prem/files/resolv-prepender.yaml + +Signed-off-by: Gris Ge +(cherry picked from commit a1db61ebc9712d1faf2ef8f1b2cb14cd819346d3) +(cherry picked from commit 3cdce71b95cea11bf409d9353c35a4dea6f33984) +(cherry picked from commit 9ae535c61a5116179ba2f775458427b93518ac49) +(cherry picked from commit e74a349e1e88e06436a6809b92faa249910daabd) +--- + man/NetworkManager-dispatcher.xml | 5 +- + src/core/nm-dispatcher.c | 51 ++++++++++++++++--- + src/core/nm-dispatcher.h | 5 +- + src/core/nm-policy.c | 2 + + src/libnm-core-aux-extern/nm-dispatcher-api.h | 1 + + src/nm-dispatcher/nm-dispatcher-utils.c | 8 ++- + 6 files changed, 60 insertions(+), 12 deletions(-) + +diff --git a/man/NetworkManager-dispatcher.xml b/man/NetworkManager-dispatcher.xml +index 4a603b1566..8a3c0b46ed 100644 +--- a/man/NetworkManager-dispatcher.xml ++++ b/man/NetworkManager-dispatcher.xml +@@ -68,8 +68,9 @@ + device an operation just happened on, and second the action. For device actions, + the interface is the name of the kernel interface suitable for IP configuration. + Thus it is either VPN_IP_IFACE, DEVICE_IP_IFACE, or DEVICE_IFACE, as applicable. +- For the hostname action the device name is always "none" +- and for connectivity-change it is empty. ++ For the hostname action the device name is always "none". ++ For connectivity-change it is empty. ++ For dns-change it is empty. + + The actions are: + +diff --git a/src/core/nm-dispatcher.c b/src/core/nm-dispatcher.c +index d3529ee4de..a0ce4de80d 100644 +--- a/src/core/nm-dispatcher.c ++++ b/src/core/nm-dispatcher.c +@@ -49,6 +49,8 @@ + } \ + G_STMT_END + ++static gboolean nm_dispatcher_need_device(NMDispatcherAction action); ++ + /*****************************************************************************/ + + struct NMDispatcherCallId { +@@ -465,7 +467,8 @@ static const char *action_table[] = {[NM_DISPATCHER_ACTION_HOSTNAME] = NMD_ + [NM_DISPATCHER_ACTION_DHCP_CHANGE_4] = NMD_ACTION_DHCP4_CHANGE, + [NM_DISPATCHER_ACTION_DHCP_CHANGE_6] = NMD_ACTION_DHCP6_CHANGE, + [NM_DISPATCHER_ACTION_CONNECTIVITY_CHANGE] = +- NMD_ACTION_CONNECTIVITY_CHANGE}; ++ NMD_ACTION_CONNECTIVITY_CHANGE, ++ [NM_DISPATCHER_ACTION_DNS_CHANGE] = NMD_ACTION_DNS_CHANGE}; + + static const char * + action_to_string(NMDispatcherAction action) +@@ -526,9 +529,7 @@ _dispatcher_call(NMDispatcherAction action, + if (G_UNLIKELY(!request_id)) + request_id = ++gl.request_id_counter; + +- /* All actions except 'hostname' and 'connectivity-change' require a device */ +- if (action == NM_DISPATCHER_ACTION_HOSTNAME +- || action == NM_DISPATCHER_ACTION_CONNECTIVITY_CHANGE) { ++ if (!nm_dispatcher_need_device(action)) { + _LOG2D(request_id, + log_ifname, + log_con_uuid, +@@ -588,9 +589,8 @@ _dispatcher_call(NMDispatcherAction action, + g_variant_builder_init(&vpn_ip4_props, G_VARIANT_TYPE_VARDICT); + g_variant_builder_init(&vpn_ip6_props, G_VARIANT_TYPE_VARDICT); + +- /* hostname and connectivity-change actions don't send device data */ +- if (action != NM_DISPATCHER_ACTION_HOSTNAME +- && action != NM_DISPATCHER_ACTION_CONNECTIVITY_CHANGE) { ++ /* hostname, DNS and connectivity-change actions don't send device data */ ++ if (nm_dispatcher_need_device(action)) { + fill_device_props(device, + &device_props, + &device_proxy_props, +@@ -921,6 +921,30 @@ nm_dispatcher_call_connectivity(NMConnectivityState connectivity_state, + out_call_id); + } + ++/** ++ * nm_dispatcher_call_dns_change(): ++ * ++ * This method does not block the caller. ++ * ++ * Returns: %TRUE if the action was dispatched, %FALSE on failure ++ */ ++gboolean ++nm_dispatcher_call_dns_change(void) ++{ ++ return _dispatcher_call(NM_DISPATCHER_ACTION_DNS_CHANGE, ++ FALSE, ++ NULL, ++ NULL, ++ NULL, ++ FALSE, ++ NM_CONNECTIVITY_UNKNOWN, ++ NULL, ++ NULL, ++ NULL, ++ NULL, ++ NULL); ++} ++ + void + nm_dispatcher_call_cancel(NMDispatcherCallId *call_id) + { +@@ -933,3 +957,16 @@ nm_dispatcher_call_cancel(NMDispatcherCallId *call_id) + _LOG3D(call_id, "cancelling dispatcher callback action"); + call_id->callback = NULL; + } ++ ++/* All actions except 'hostname', 'connectivity-change' and 'dns-change' require ++ * a device */ ++static gboolean ++nm_dispatcher_need_device(NMDispatcherAction action) ++{ ++ if (action == NM_DISPATCHER_ACTION_HOSTNAME ++ || action == NM_DISPATCHER_ACTION_CONNECTIVITY_CHANGE ++ || action == NM_DISPATCHER_ACTION_DNS_CHANGE) { ++ return FALSE; ++ } ++ return TRUE; ++} +diff --git a/src/core/nm-dispatcher.h b/src/core/nm-dispatcher.h +index 73e0599a75..50d50e9a6a 100644 +--- a/src/core/nm-dispatcher.h ++++ b/src/core/nm-dispatcher.h +@@ -21,7 +21,8 @@ typedef enum { + NM_DISPATCHER_ACTION_VPN_DOWN, + NM_DISPATCHER_ACTION_DHCP_CHANGE_4, + NM_DISPATCHER_ACTION_DHCP_CHANGE_6, +- NM_DISPATCHER_ACTION_CONNECTIVITY_CHANGE ++ NM_DISPATCHER_ACTION_CONNECTIVITY_CHANGE, ++ NM_DISPATCHER_ACTION_DNS_CHANGE, + } NMDispatcherAction; + + #define NM_DISPATCHER_ACTION_DHCP_CHANGE_X(IS_IPv4) \ +@@ -68,6 +69,8 @@ gboolean nm_dispatcher_call_connectivity(NMConnectivityState state, + gpointer user_data, + NMDispatcherCallId **out_call_id); + ++gboolean nm_dispatcher_call_dns_change(void); ++ + void nm_dispatcher_call_cancel(NMDispatcherCallId *call_id); + + #endif /* __NM_DISPATCHER_H__ */ +diff --git a/src/core/nm-policy.c b/src/core/nm-policy.c +index d9e7643fa2..9316325c68 100644 +--- a/src/core/nm-policy.c ++++ b/src/core/nm-policy.c +@@ -2570,6 +2570,8 @@ dns_config_changed(NMDnsManager *dns_manager, gpointer user_data) + + update_system_hostname(self, "DNS configuration changed"); + } ++ ++ nm_dispatcher_call_dns_change(); + } + + static void +diff --git a/src/libnm-core-aux-extern/nm-dispatcher-api.h b/src/libnm-core-aux-extern/nm-dispatcher-api.h +index 7776c84f9a..d19caa0bb5 100644 +--- a/src/libnm-core-aux-extern/nm-dispatcher-api.h ++++ b/src/libnm-core-aux-extern/nm-dispatcher-api.h +@@ -33,6 +33,7 @@ + #define NMD_ACTION_DHCP4_CHANGE "dhcp4-change" + #define NMD_ACTION_DHCP6_CHANGE "dhcp6-change" + #define NMD_ACTION_CONNECTIVITY_CHANGE "connectivity-change" ++#define NMD_ACTION_DNS_CHANGE "dns-change" + + typedef enum { + DISPATCH_RESULT_UNKNOWN = 0, +diff --git a/src/nm-dispatcher/nm-dispatcher-utils.c b/src/nm-dispatcher/nm-dispatcher-utils.c +index 74ea4e4001..f8a4c28000 100644 +--- a/src/nm-dispatcher/nm-dispatcher-utils.c ++++ b/src/nm-dispatcher/nm-dispatcher-utils.c +@@ -453,8 +453,12 @@ nm_dispatcher_utils_construct_envp(const char *action, + + items = g_ptr_array_new_with_free_func(g_free); + +- /* Hostname and connectivity changes don't require a device nor contain a connection */ +- if (NM_IN_STRSET(action, NMD_ACTION_HOSTNAME, NMD_ACTION_CONNECTIVITY_CHANGE)) ++ /* Hostname, dns and connectivity changes don't require a device nor contain ++ * a connection */ ++ if (NM_IN_STRSET(action, ++ NMD_ACTION_HOSTNAME, ++ NMD_ACTION_CONNECTIVITY_CHANGE, ++ NMD_ACTION_DNS_CHANGE)) + goto done; + + /* Connection properties */ +-- +2.41.0 + diff --git a/SOURCES/1012-device-do-not-set-MAC-address-on-iface-with-index-0-rhel-16008.patch b/SOURCES/1012-device-do-not-set-MAC-address-on-iface-with-index-0-rhel-16008.patch new file mode 100644 index 0000000..9ea7525 --- /dev/null +++ b/SOURCES/1012-device-do-not-set-MAC-address-on-iface-with-index-0-rhel-16008.patch @@ -0,0 +1,51 @@ +From c62f49f07ed84b266427feb53469109d8878c496 Mon Sep 17 00:00:00 2001 +From: Gris Ge +Date: Wed, 12 Jul 2023 16:22:03 +0800 +Subject: [PATCH] device: do not set MAC address on iface with index <=0 + +The `nm_device_hw_addr_reset()` should only set MAC address on NIC +with valid(>0) interface index. + +The failure was found by `ovs_mtu` test of NMCI, failed to reproduce +the original problem (`ovs_mtu` test of NMCI) with 100 times retry. +And no trace log found for original test failure, hence cannot tell why +`nm_device_hw_addr_reset()` been invoked with iface index 0. + +Signed-off-by: Gris Ge +(cherry picked from commit 215bc1525501b22325c2a17090a5f911e01f06a9) +(cherry picked from commit 21f1e5cdc7d72376cdaa63112d8a134b714b2002) +(cherry picked from commit 37bd70034f7f43becf2cc64468143c5ea2666762) +--- + src/core/devices/nm-device.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff --git a/src/core/devices/nm-device.c b/src/core/devices/nm-device.c +index 2ac55fa83c..5748d80393 100644 +--- a/src/core/devices/nm-device.c ++++ b/src/core/devices/nm-device.c +@@ -16859,6 +16859,7 @@ nm_device_hw_addr_reset(NMDevice *self, const char *detail) + { + NMDevicePrivate *priv; + const char *addr; ++ int ifindex; + + g_return_val_if_fail(NM_IS_DEVICE(self), FALSE); + +@@ -16868,7 +16869,13 @@ nm_device_hw_addr_reset(NMDevice *self, const char *detail) + return TRUE; + + priv->hw_addr_type = HW_ADDR_TYPE_UNSET; +- addr = nm_device_get_initial_hw_address(self); ++ ++ ifindex = nm_device_get_ip_ifindex(self); ++ if (ifindex <= 0) { ++ return TRUE; ++ } ++ ++ addr = nm_device_get_initial_hw_address(self); + if (!addr) { + /* as hw_addr_type is not UNSET, we expect that we can get an + * initial address to which to reset. */ +-- +2.41.0 + diff --git a/SOURCES/1013-fix-matching-existing-connection-by-UUID-on-restart-rhel-5119.patch b/SOURCES/1013-fix-matching-existing-connection-by-UUID-on-restart-rhel-5119.patch new file mode 100644 index 0000000..063f944 --- /dev/null +++ b/SOURCES/1013-fix-matching-existing-connection-by-UUID-on-restart-rhel-5119.patch @@ -0,0 +1,822 @@ +From e49026b4856fd492eb6e30a18133414841eeb609 Mon Sep 17 00:00:00 2001 +From: Thomas Haller +Date: Wed, 3 May 2023 11:43:33 +0200 +Subject: [PATCH 1/5] libnm/trivial: rename internal connection-get-setting + methods + +This function will be exposed on the internal header. Rename to +_nm_connection_get_setting_by_metatype(). + +(cherry picked from commit 27cbf584bdb7451e196b03b706c4c4dfa266ba3e) +(cherry picked from commit c194db5755f18b3fd55a9a7b4b4d25882f05ce05) +(cherry picked from commit 39227612384c08da845a7d97a87de3b10277320a) +--- + src/libnm-core-impl/nm-connection.c | 81 ++++++++++++++--------------- + 1 file changed, 40 insertions(+), 41 deletions(-) + +diff --git a/src/libnm-core-impl/nm-connection.c b/src/libnm-core-impl/nm-connection.c +index 67a9034dcc..fc4bc51c17 100644 +--- a/src/libnm-core-impl/nm-connection.c ++++ b/src/libnm-core-impl/nm-connection.c +@@ -339,7 +339,7 @@ _connection_get_setting_check(NMConnection *connection, GType setting_type) + } + + static gpointer +-_connection_get_setting_by_meta_type_check(NMConnection *connection, NMMetaSettingType meta_type) ++_nm_connection_get_setting_by_metatype(NMConnection *connection, NMMetaSettingType meta_type) + { + g_return_val_if_fail(NM_IS_CONNECTION(connection), NULL); + +@@ -3231,7 +3231,7 @@ nm_connection_get_virtual_device_description(NMConnection *connection) + NMSetting8021x * + nm_connection_get_setting_802_1x(NMConnection *connection) + { +- return _connection_get_setting_by_meta_type_check(connection, NM_META_SETTING_TYPE_802_1X); ++ return _nm_connection_get_setting_by_metatype(connection, NM_META_SETTING_TYPE_802_1X); + } + + /** +@@ -3245,7 +3245,7 @@ nm_connection_get_setting_802_1x(NMConnection *connection) + NMSettingBluetooth * + nm_connection_get_setting_bluetooth(NMConnection *connection) + { +- return _connection_get_setting_by_meta_type_check(connection, NM_META_SETTING_TYPE_BLUETOOTH); ++ return _nm_connection_get_setting_by_metatype(connection, NM_META_SETTING_TYPE_BLUETOOTH); + } + + /** +@@ -3259,7 +3259,7 @@ nm_connection_get_setting_bluetooth(NMConnection *connection) + NMSettingBond * + nm_connection_get_setting_bond(NMConnection *connection) + { +- return _connection_get_setting_by_meta_type_check(connection, NM_META_SETTING_TYPE_BOND); ++ return _nm_connection_get_setting_by_metatype(connection, NM_META_SETTING_TYPE_BOND); + } + + /** +@@ -3273,7 +3273,7 @@ nm_connection_get_setting_bond(NMConnection *connection) + NMSettingTeam * + nm_connection_get_setting_team(NMConnection *connection) + { +- return _connection_get_setting_by_meta_type_check(connection, NM_META_SETTING_TYPE_TEAM); ++ return _nm_connection_get_setting_by_metatype(connection, NM_META_SETTING_TYPE_TEAM); + } + + /** +@@ -3287,7 +3287,7 @@ nm_connection_get_setting_team(NMConnection *connection) + NMSettingTeamPort * + nm_connection_get_setting_team_port(NMConnection *connection) + { +- return _connection_get_setting_by_meta_type_check(connection, NM_META_SETTING_TYPE_TEAM_PORT); ++ return _nm_connection_get_setting_by_metatype(connection, NM_META_SETTING_TYPE_TEAM_PORT); + } + + /** +@@ -3301,7 +3301,7 @@ nm_connection_get_setting_team_port(NMConnection *connection) + NMSettingBridge * + nm_connection_get_setting_bridge(NMConnection *connection) + { +- return _connection_get_setting_by_meta_type_check(connection, NM_META_SETTING_TYPE_BRIDGE); ++ return _nm_connection_get_setting_by_metatype(connection, NM_META_SETTING_TYPE_BRIDGE); + } + + /** +@@ -3315,7 +3315,7 @@ nm_connection_get_setting_bridge(NMConnection *connection) + NMSettingCdma * + nm_connection_get_setting_cdma(NMConnection *connection) + { +- return _connection_get_setting_by_meta_type_check(connection, NM_META_SETTING_TYPE_CDMA); ++ return _nm_connection_get_setting_by_metatype(connection, NM_META_SETTING_TYPE_CDMA); + } + + /** +@@ -3329,7 +3329,7 @@ nm_connection_get_setting_cdma(NMConnection *connection) + NMSettingConnection * + nm_connection_get_setting_connection(NMConnection *connection) + { +- return _connection_get_setting_by_meta_type_check(connection, NM_META_SETTING_TYPE_CONNECTION); ++ return _nm_connection_get_setting_by_metatype(connection, NM_META_SETTING_TYPE_CONNECTION); + } + + /** +@@ -3343,7 +3343,7 @@ nm_connection_get_setting_connection(NMConnection *connection) + NMSettingDcb * + nm_connection_get_setting_dcb(NMConnection *connection) + { +- return _connection_get_setting_by_meta_type_check(connection, NM_META_SETTING_TYPE_DCB); ++ return _nm_connection_get_setting_by_metatype(connection, NM_META_SETTING_TYPE_DCB); + } + + /** +@@ -3359,7 +3359,7 @@ nm_connection_get_setting_dcb(NMConnection *connection) + NMSettingDummy * + nm_connection_get_setting_dummy(NMConnection *connection) + { +- return _connection_get_setting_by_meta_type_check(connection, NM_META_SETTING_TYPE_DUMMY); ++ return _nm_connection_get_setting_by_metatype(connection, NM_META_SETTING_TYPE_DUMMY); + } + + /** +@@ -3373,7 +3373,7 @@ nm_connection_get_setting_dummy(NMConnection *connection) + NMSettingGeneric * + nm_connection_get_setting_generic(NMConnection *connection) + { +- return _connection_get_setting_by_meta_type_check(connection, NM_META_SETTING_TYPE_GENERIC); ++ return _nm_connection_get_setting_by_metatype(connection, NM_META_SETTING_TYPE_GENERIC); + } + + /** +@@ -3387,7 +3387,7 @@ nm_connection_get_setting_generic(NMConnection *connection) + NMSettingGsm * + nm_connection_get_setting_gsm(NMConnection *connection) + { +- return _connection_get_setting_by_meta_type_check(connection, NM_META_SETTING_TYPE_GSM); ++ return _nm_connection_get_setting_by_metatype(connection, NM_META_SETTING_TYPE_GSM); + } + + /** +@@ -3401,7 +3401,7 @@ nm_connection_get_setting_gsm(NMConnection *connection) + NMSettingInfiniband * + nm_connection_get_setting_infiniband(NMConnection *connection) + { +- return _connection_get_setting_by_meta_type_check(connection, NM_META_SETTING_TYPE_INFINIBAND); ++ return _nm_connection_get_setting_by_metatype(connection, NM_META_SETTING_TYPE_INFINIBAND); + } + + /** +@@ -3420,7 +3420,7 @@ nm_connection_get_setting_infiniband(NMConnection *connection) + NMSettingIPConfig * + nm_connection_get_setting_ip4_config(NMConnection *connection) + { +- return _connection_get_setting_by_meta_type_check(connection, NM_META_SETTING_TYPE_IP4_CONFIG); ++ return _nm_connection_get_setting_by_metatype(connection, NM_META_SETTING_TYPE_IP4_CONFIG); + } + + /** +@@ -3436,7 +3436,7 @@ nm_connection_get_setting_ip4_config(NMConnection *connection) + NMSettingIPTunnel * + nm_connection_get_setting_ip_tunnel(NMConnection *connection) + { +- return _connection_get_setting_by_meta_type_check(connection, NM_META_SETTING_TYPE_IP_TUNNEL); ++ return _nm_connection_get_setting_by_metatype(connection, NM_META_SETTING_TYPE_IP_TUNNEL); + } + + /** +@@ -3455,7 +3455,7 @@ nm_connection_get_setting_ip_tunnel(NMConnection *connection) + NMSettingIPConfig * + nm_connection_get_setting_ip6_config(NMConnection *connection) + { +- return _connection_get_setting_by_meta_type_check(connection, NM_META_SETTING_TYPE_IP6_CONFIG); ++ return _nm_connection_get_setting_by_metatype(connection, NM_META_SETTING_TYPE_IP6_CONFIG); + } + + /** +@@ -3471,7 +3471,7 @@ nm_connection_get_setting_ip6_config(NMConnection *connection) + NMSettingMacsec * + nm_connection_get_setting_macsec(NMConnection *connection) + { +- return _connection_get_setting_by_meta_type_check(connection, NM_META_SETTING_TYPE_MACSEC); ++ return _nm_connection_get_setting_by_metatype(connection, NM_META_SETTING_TYPE_MACSEC); + } + + /** +@@ -3487,7 +3487,7 @@ nm_connection_get_setting_macsec(NMConnection *connection) + NMSettingMacvlan * + nm_connection_get_setting_macvlan(NMConnection *connection) + { +- return _connection_get_setting_by_meta_type_check(connection, NM_META_SETTING_TYPE_MACVLAN); ++ return _nm_connection_get_setting_by_metatype(connection, NM_META_SETTING_TYPE_MACVLAN); + } + + /** +@@ -3501,7 +3501,7 @@ nm_connection_get_setting_macvlan(NMConnection *connection) + NMSettingOlpcMesh * + nm_connection_get_setting_olpc_mesh(NMConnection *connection) + { +- return _connection_get_setting_by_meta_type_check(connection, NM_META_SETTING_TYPE_OLPC_MESH); ++ return _nm_connection_get_setting_by_metatype(connection, NM_META_SETTING_TYPE_OLPC_MESH); + } + + /** +@@ -3517,7 +3517,7 @@ nm_connection_get_setting_olpc_mesh(NMConnection *connection) + NMSettingOvsBridge * + nm_connection_get_setting_ovs_bridge(NMConnection *connection) + { +- return _connection_get_setting_by_meta_type_check(connection, NM_META_SETTING_TYPE_OVS_BRIDGE); ++ return _nm_connection_get_setting_by_metatype(connection, NM_META_SETTING_TYPE_OVS_BRIDGE); + } + + /** +@@ -3533,8 +3533,7 @@ nm_connection_get_setting_ovs_bridge(NMConnection *connection) + NMSettingOvsInterface * + nm_connection_get_setting_ovs_interface(NMConnection *connection) + { +- return _connection_get_setting_by_meta_type_check(connection, +- NM_META_SETTING_TYPE_OVS_INTERFACE); ++ return _nm_connection_get_setting_by_metatype(connection, NM_META_SETTING_TYPE_OVS_INTERFACE); + } + + /** +@@ -3550,7 +3549,7 @@ nm_connection_get_setting_ovs_interface(NMConnection *connection) + NMSettingOvsPatch * + nm_connection_get_setting_ovs_patch(NMConnection *connection) + { +- return _connection_get_setting_by_meta_type_check(connection, NM_META_SETTING_TYPE_OVS_PATCH); ++ return _nm_connection_get_setting_by_metatype(connection, NM_META_SETTING_TYPE_OVS_PATCH); + } + + /** +@@ -3566,7 +3565,7 @@ nm_connection_get_setting_ovs_patch(NMConnection *connection) + NMSettingOvsPort * + nm_connection_get_setting_ovs_port(NMConnection *connection) + { +- return _connection_get_setting_by_meta_type_check(connection, NM_META_SETTING_TYPE_OVS_PORT); ++ return _nm_connection_get_setting_by_metatype(connection, NM_META_SETTING_TYPE_OVS_PORT); + } + + /** +@@ -3580,7 +3579,7 @@ nm_connection_get_setting_ovs_port(NMConnection *connection) + NMSettingPpp * + nm_connection_get_setting_ppp(NMConnection *connection) + { +- return _connection_get_setting_by_meta_type_check(connection, NM_META_SETTING_TYPE_PPP); ++ return _nm_connection_get_setting_by_metatype(connection, NM_META_SETTING_TYPE_PPP); + } + + /** +@@ -3594,7 +3593,7 @@ nm_connection_get_setting_ppp(NMConnection *connection) + NMSettingPppoe * + nm_connection_get_setting_pppoe(NMConnection *connection) + { +- return _connection_get_setting_by_meta_type_check(connection, NM_META_SETTING_TYPE_PPPOE); ++ return _nm_connection_get_setting_by_metatype(connection, NM_META_SETTING_TYPE_PPPOE); + } + + /** +@@ -3610,7 +3609,7 @@ nm_connection_get_setting_pppoe(NMConnection *connection) + NMSettingProxy * + nm_connection_get_setting_proxy(NMConnection *connection) + { +- return _connection_get_setting_by_meta_type_check(connection, NM_META_SETTING_TYPE_PROXY); ++ return _nm_connection_get_setting_by_metatype(connection, NM_META_SETTING_TYPE_PROXY); + } + + /** +@@ -3624,7 +3623,7 @@ nm_connection_get_setting_proxy(NMConnection *connection) + NMSettingSerial * + nm_connection_get_setting_serial(NMConnection *connection) + { +- return _connection_get_setting_by_meta_type_check(connection, NM_META_SETTING_TYPE_SERIAL); ++ return _nm_connection_get_setting_by_metatype(connection, NM_META_SETTING_TYPE_SERIAL); + } + + /** +@@ -3640,7 +3639,7 @@ nm_connection_get_setting_serial(NMConnection *connection) + NMSettingTCConfig * + nm_connection_get_setting_tc_config(NMConnection *connection) + { +- return _connection_get_setting_by_meta_type_check(connection, NM_META_SETTING_TYPE_TC_CONFIG); ++ return _nm_connection_get_setting_by_metatype(connection, NM_META_SETTING_TYPE_TC_CONFIG); + } + + /** +@@ -3656,7 +3655,7 @@ nm_connection_get_setting_tc_config(NMConnection *connection) + NMSettingTun * + nm_connection_get_setting_tun(NMConnection *connection) + { +- return _connection_get_setting_by_meta_type_check(connection, NM_META_SETTING_TYPE_TUN); ++ return _nm_connection_get_setting_by_metatype(connection, NM_META_SETTING_TYPE_TUN); + } + + /** +@@ -3670,7 +3669,7 @@ nm_connection_get_setting_tun(NMConnection *connection) + NMSettingVpn * + nm_connection_get_setting_vpn(NMConnection *connection) + { +- return _connection_get_setting_by_meta_type_check(connection, NM_META_SETTING_TYPE_VPN); ++ return _nm_connection_get_setting_by_metatype(connection, NM_META_SETTING_TYPE_VPN); + } + + /** +@@ -3686,7 +3685,7 @@ nm_connection_get_setting_vpn(NMConnection *connection) + NMSettingVxlan * + nm_connection_get_setting_vxlan(NMConnection *connection) + { +- return _connection_get_setting_by_meta_type_check(connection, NM_META_SETTING_TYPE_VXLAN); ++ return _nm_connection_get_setting_by_metatype(connection, NM_META_SETTING_TYPE_VXLAN); + } + + /** +@@ -3700,7 +3699,7 @@ nm_connection_get_setting_vxlan(NMConnection *connection) + NMSettingWimax * + nm_connection_get_setting_wimax(NMConnection *connection) + { +- return _connection_get_setting_by_meta_type_check(connection, NM_META_SETTING_TYPE_WIMAX); ++ return _nm_connection_get_setting_by_metatype(connection, NM_META_SETTING_TYPE_WIMAX); + } + + /** +@@ -3714,7 +3713,7 @@ nm_connection_get_setting_wimax(NMConnection *connection) + NMSettingWired * + nm_connection_get_setting_wired(NMConnection *connection) + { +- return _connection_get_setting_by_meta_type_check(connection, NM_META_SETTING_TYPE_WIRED); ++ return _nm_connection_get_setting_by_metatype(connection, NM_META_SETTING_TYPE_WIRED); + } + + /** +@@ -3728,7 +3727,7 @@ nm_connection_get_setting_wired(NMConnection *connection) + NMSettingAdsl * + nm_connection_get_setting_adsl(NMConnection *connection) + { +- return _connection_get_setting_by_meta_type_check(connection, NM_META_SETTING_TYPE_ADSL); ++ return _nm_connection_get_setting_by_metatype(connection, NM_META_SETTING_TYPE_ADSL); + } + + /** +@@ -3742,7 +3741,7 @@ nm_connection_get_setting_adsl(NMConnection *connection) + NMSettingWireless * + nm_connection_get_setting_wireless(NMConnection *connection) + { +- return _connection_get_setting_by_meta_type_check(connection, NM_META_SETTING_TYPE_WIRELESS); ++ return _nm_connection_get_setting_by_metatype(connection, NM_META_SETTING_TYPE_WIRELESS); + } + + /** +@@ -3756,8 +3755,8 @@ nm_connection_get_setting_wireless(NMConnection *connection) + NMSettingWirelessSecurity * + nm_connection_get_setting_wireless_security(NMConnection *connection) + { +- return _connection_get_setting_by_meta_type_check(connection, +- NM_META_SETTING_TYPE_WIRELESS_SECURITY); ++ return _nm_connection_get_setting_by_metatype(connection, ++ NM_META_SETTING_TYPE_WIRELESS_SECURITY); + } + + /** +@@ -3771,7 +3770,7 @@ nm_connection_get_setting_wireless_security(NMConnection *connection) + NMSettingBridgePort * + nm_connection_get_setting_bridge_port(NMConnection *connection) + { +- return _connection_get_setting_by_meta_type_check(connection, NM_META_SETTING_TYPE_BRIDGE_PORT); ++ return _nm_connection_get_setting_by_metatype(connection, NM_META_SETTING_TYPE_BRIDGE_PORT); + } + + /** +@@ -3785,7 +3784,7 @@ nm_connection_get_setting_bridge_port(NMConnection *connection) + NMSettingVlan * + nm_connection_get_setting_vlan(NMConnection *connection) + { +- return _connection_get_setting_by_meta_type_check(connection, NM_META_SETTING_TYPE_VLAN); ++ return _nm_connection_get_setting_by_metatype(connection, NM_META_SETTING_TYPE_VLAN); + } + + NMSettingBluetooth * +-- +2.41.0 + + +From 15f0394acf2b0866190a3f603150a7e1ee96833c Mon Sep 17 00:00:00 2001 +From: Thomas Haller +Date: Thu, 4 May 2023 11:34:58 +0200 +Subject: [PATCH 2/5] libnm: cleanup redundant nm_connection_get_setting + functions + +Refactor and cleanup the functions to get a setting from a connection. + +As the NMConnection tracks the settings in an array indexed by +NMMetaSettingType, the most direct and efficient way is to look up via +that enum. + +Previously, nm_connection_get_setting_by_name() would first look up the GType +(which already involved looking up the NMMetaSettingInfo), then based on the +GType it would look up the NMMetaSettingInfo again to get the meta_type. That +is unnecessary. Directly look up the NMMetaSettingInfo, which directly +gives the meta_type. + +(cherry picked from commit c60a4649b80e03f5b50e5d94f3d8c7c71c079af9) +(cherry picked from commit eebbd362701abb52d29a84f02ab57d81742e97ea) +(cherry picked from commit 58fd65c37e4eb2516faec22ea345457a59cfa9d7) +--- + src/libnm-core-impl/nm-connection.c | 76 +++++++++++++---------------- + src/libnm-core-impl/nm-setting.c | 4 ++ + 2 files changed, 37 insertions(+), 43 deletions(-) + +diff --git a/src/libnm-core-impl/nm-connection.c b/src/libnm-core-impl/nm-connection.c +index fc4bc51c17..08eab900d8 100644 +--- a/src/libnm-core-impl/nm-connection.c ++++ b/src/libnm-core-impl/nm-connection.c +@@ -302,26 +302,7 @@ nm_connection_remove_setting(NMConnection *connection, GType setting_type) + } + + static gpointer +-_connection_get_setting(NMConnection *connection, GType setting_type) +-{ +- NMSetting *setting; +- const NMMetaSettingInfo *setting_info; +- +- nm_assert(NM_IS_CONNECTION(connection)); +- nm_assert(g_type_is_a(setting_type, NM_TYPE_SETTING)); +- +- setting_info = _nm_meta_setting_info_from_gtype(setting_type); +- if (!setting_info) +- g_return_val_if_reached(NULL); +- +- setting = NM_CONNECTION_GET_PRIVATE(connection)->settings[setting_info->meta_type]; +- +- nm_assert(!setting || G_TYPE_CHECK_INSTANCE_TYPE(setting, setting_type)); +- return setting; +-} +- +-static gpointer +-_connection_get_setting_by_meta_type(NMConnectionPrivate *priv, NMMetaSettingType meta_type) ++_get_setting_by_metatype(NMConnectionPrivate *priv, NMMetaSettingType meta_type) + { + nm_assert(priv); + nm_assert(_NM_INT_NOT_NEGATIVE(meta_type)); +@@ -330,20 +311,12 @@ _connection_get_setting_by_meta_type(NMConnectionPrivate *priv, NMMetaSettingTyp + return priv->settings[meta_type]; + } + +-static gpointer +-_connection_get_setting_check(NMConnection *connection, GType setting_type) +-{ +- g_return_val_if_fail(NM_IS_CONNECTION(connection), NULL); +- +- return _connection_get_setting(connection, setting_type); +-} +- + static gpointer + _nm_connection_get_setting_by_metatype(NMConnection *connection, NMMetaSettingType meta_type) + { + g_return_val_if_fail(NM_IS_CONNECTION(connection), NULL); + +- return _connection_get_setting_by_meta_type(NM_CONNECTION_GET_PRIVATE(connection), meta_type); ++ return _get_setting_by_metatype(NM_CONNECTION_GET_PRIVATE(connection), meta_type); + } + + /** +@@ -360,19 +333,34 @@ _nm_connection_get_setting_by_metatype(NMConnection *connection, NMMetaSettingTy + NMSetting * + nm_connection_get_setting(NMConnection *connection, GType setting_type) + { +- g_return_val_if_fail(g_type_is_a(setting_type, NM_TYPE_SETTING), NULL); ++ NMSetting *setting; ++ const NMMetaSettingInfo *setting_info; ++ ++ g_return_val_if_fail(NM_IS_CONNECTION(connection), NULL); ++ ++ setting_info = _nm_meta_setting_info_from_gtype(setting_type); ++ ++ if (!setting_info) ++ g_return_val_if_reached(NULL); ++ ++ setting = NM_CONNECTION_GET_PRIVATE(connection)->settings[setting_info->meta_type]; ++ ++ nm_assert(!setting || G_TYPE_CHECK_INSTANCE_TYPE(setting, setting_type)); + +- return _connection_get_setting_check(connection, setting_type); ++ return setting; + } + + NMSettingIPConfig * + nm_connection_get_setting_ip_config(NMConnection *connection, int addr_family) + { ++ g_return_val_if_fail(NM_IS_CONNECTION(connection), NULL); ++ + nm_assert_addr_family(addr_family); + +- return NM_SETTING_IP_CONFIG(_connection_get_setting( +- connection, +- (addr_family == AF_INET) ? NM_TYPE_SETTING_IP4_CONFIG : NM_TYPE_SETTING_IP6_CONFIG)); ++ return NM_SETTING_IP_CONFIG(_get_setting_by_metatype(NM_CONNECTION_GET_PRIVATE(connection), ++ (addr_family == AF_INET) ++ ? NM_META_SETTING_TYPE_IP4_CONFIG ++ : NM_META_SETTING_TYPE_IP6_CONFIG)); + } + + /** +@@ -389,12 +377,14 @@ nm_connection_get_setting_ip_config(NMConnection *connection, int addr_family) + NMSetting * + nm_connection_get_setting_by_name(NMConnection *connection, const char *name) + { +- GType type; ++ const NMMetaSettingInfo *setting_info; + + g_return_val_if_fail(NM_IS_CONNECTION(connection), NULL); + +- type = nm_setting_lookup_type(name); +- return type ? _connection_get_setting(connection, type) : NULL; ++ setting_info = nm_meta_setting_infos_by_name(name); ++ return setting_info ? _get_setting_by_metatype(NM_CONNECTION_GET_PRIVATE(connection), ++ setting_info->meta_type) ++ : NULL; + } + + /*****************************************************************************/ +@@ -1672,8 +1662,8 @@ _normalize_802_1x_empty_strings(NMConnection *self) + NMSetting8021x *s_8021x; + gboolean changed = FALSE; + +- s_8021x = _connection_get_setting_by_meta_type(NM_CONNECTION_GET_PRIVATE(self), +- NM_META_SETTING_TYPE_802_1X); ++ s_8021x = ++ _get_setting_by_metatype(NM_CONNECTION_GET_PRIVATE(self), NM_META_SETTING_TYPE_802_1X); + if (!s_8021x) + return FALSE; + +@@ -1823,7 +1813,7 @@ _nm_connection_verify(NMConnection *connection, GError **error) + + priv = NM_CONNECTION_GET_PRIVATE(connection); + +- if (!_connection_get_setting_by_meta_type(priv, NM_META_SETTING_TYPE_CONNECTION)) { ++ if (!_get_setting_by_metatype(priv, NM_META_SETTING_TYPE_CONNECTION)) { + g_set_error_literal(error, + NM_CONNECTION_ERROR, + NM_CONNECTION_ERROR_MISSING_SETTING, +@@ -1868,9 +1858,9 @@ _nm_connection_verify(NMConnection *connection, GError **error) + g_clear_error(&verify_error); + } + +- s_ip4 = _connection_get_setting_by_meta_type(priv, NM_META_SETTING_TYPE_IP4_CONFIG); +- s_ip6 = _connection_get_setting_by_meta_type(priv, NM_META_SETTING_TYPE_IP6_CONFIG); +- s_proxy = _connection_get_setting_by_meta_type(priv, NM_META_SETTING_TYPE_PROXY); ++ s_ip4 = _get_setting_by_metatype(priv, NM_META_SETTING_TYPE_IP4_CONFIG); ++ s_ip6 = _get_setting_by_metatype(priv, NM_META_SETTING_TYPE_IP6_CONFIG); ++ s_proxy = _get_setting_by_metatype(priv, NM_META_SETTING_TYPE_PROXY); + + nm_assert(normalizable_error_type != NM_SETTING_VERIFY_ERROR); + if (NM_IN_SET(normalizable_error_type, +diff --git a/src/libnm-core-impl/nm-setting.c b/src/libnm-core-impl/nm-setting.c +index b6f721371f..a4404ba87b 100644 +--- a/src/libnm-core-impl/nm-setting.c ++++ b/src/libnm-core-impl/nm-setting.c +@@ -110,6 +110,10 @@ nm_setting_lookup_type(const char *name) + { + const NMMetaSettingInfo *setting_info; + ++ /* various callers check whether the result is valid with plain `if (gtype)`. ++ * Assert that G_TYPE_INVALID is zero. */ ++ G_STATIC_ASSERT(G_TYPE_INVALID == 0); ++ + g_return_val_if_fail(name, G_TYPE_INVALID); + + setting_info = nm_meta_setting_infos_by_name(name); +-- +2.41.0 + + +From fdf8ad3fdd8ddf03f8acd85a3e8eb4af67722699 Mon Sep 17 00:00:00 2001 +From: Thomas Haller +Date: Wed, 3 May 2023 12:01:14 +0200 +Subject: [PATCH 3/5] libnm: expose _nm_connection_get_setting_by_metatype() in + internal header + +We have several variants to get the NMSetting from an NMConnection. Some +of them are public API (nm_connection_get_setting(), nm_connection_get_setting_by_name()). + +The most efficient way is lookup by NMMetaSettingType. Expose that as +internal API, so it can be used. The NMMetaSettingType is internal, but +it exists because it's a very useful enum. Allow others to make use of +it. + +Also, add a static assert which prevents various wrong uses at compile +time, for example + + _nm_connection_get_setting_by_metatype(connection, NM_TYPE_SETTING_CONNECTION) + +(cherry picked from commit db5946ac2fc349269835b18c37f1df35ac326cda) +(cherry picked from commit 50b6c2d622f66d2fef187c6da1498b091f34df20) +(cherry picked from commit 1cd4f675c888a7d01f4920a07b4eab838fed8a2f) +--- + src/libnm-core-impl/nm-connection.c | 7 +++++-- + src/libnm-core-intern/nm-core-internal.h | 14 ++++++++++++++ + 2 files changed, 19 insertions(+), 2 deletions(-) + +diff --git a/src/libnm-core-impl/nm-connection.c b/src/libnm-core-impl/nm-connection.c +index 08eab900d8..9d94cf56cc 100644 +--- a/src/libnm-core-impl/nm-connection.c ++++ b/src/libnm-core-impl/nm-connection.c +@@ -311,8 +311,11 @@ _get_setting_by_metatype(NMConnectionPrivate *priv, NMMetaSettingType meta_type) + return priv->settings[meta_type]; + } + +-static gpointer +-_nm_connection_get_setting_by_metatype(NMConnection *connection, NMMetaSettingType meta_type) ++/* The "unsafe" part here is that _nm_connection_get_setting_by_metatype() has a compile ++ * time check that meta_type is valid. With the unsafe variant, the caller must ensure that, ++ * and we only get an nm_assert() check -- which is basically nothing. */ ++gpointer ++_nm_connection_get_setting_by_metatype_unsafe(NMConnection *connection, NMMetaSettingType meta_type) + { + g_return_val_if_fail(NM_IS_CONNECTION(connection), NULL); + +diff --git a/src/libnm-core-intern/nm-core-internal.h b/src/libnm-core-intern/nm-core-internal.h +index 1857e03bbd..695cd75c04 100644 +--- a/src/libnm-core-intern/nm-core-internal.h ++++ b/src/libnm-core-intern/nm-core-internal.h +@@ -479,6 +479,20 @@ _nm_connection_get_setting(NMConnection *connection, GType type) + return (gpointer) nm_connection_get_setting(connection, type); + } + ++gpointer _nm_connection_get_setting_by_metatype_unsafe(NMConnection *connection, ++ NMMetaSettingType meta_type); ++ ++/* This variant is the most efficient one, because it does not require resolving a ++ * name/GType first. The NMMetaSettingType enum allows for a direct lookup. */ ++#define _nm_connection_get_setting_by_metatype(connection, meta_type) \ ++ ({ \ ++ /* Static assert that meta_type is in the valid range. If you don't want that, ++ * because the argument is no a compile time constant, use _nm_connection_get_setting_by_metatype_unsafe(). */ \ ++ G_STATIC_ASSERT((meta_type) < _NM_META_SETTING_TYPE_NUM && ((int) meta_type) >= 0); \ ++ \ ++ _nm_connection_get_setting_by_metatype_unsafe((connection), (meta_type)); \ ++ }) ++ + NMSettingIPConfig *nm_connection_get_setting_ip_config(NMConnection *connection, int addr_family); + + /*****************************************************************************/ +-- +2.41.0 + + +From 0a8007057e5075df95a5dfc7ebb35269a2e99266 Mon Sep 17 00:00:00 2001 +From: Thomas Haller +Date: Wed, 3 May 2023 12:15:47 +0200 +Subject: [PATCH 4/5] core: add nm_settings_connection_get_setting() helper + +For efficiently and conveniently lookup an NMSetting from the +NMConnection inside the NMSettingsConnection. + +Note that this uses the NMMetaSettingType as lookup key. That is a novel +approach, compared to lookup by name (nm_connection_get_setting_by_name()) +or GType (nm_connection_get_setting()). + +Using the NMMetaSettingType enum is however faster, because it does not +require resolving the name/GType first. This is perfecly fine internal API, +we should use it. + +(cherry picked from commit 429cf416fd12f14d3a5639d7890f0d334c5e9328) +(cherry picked from commit 10e493bbe82ce06bd217a148fb0a6e531c8ee0a6) +(cherry picked from commit c2cf898c19627f7ec6ea645206d76a19b5821a07) +--- + src/core/settings/nm-settings-connection.c | 14 ++++++++++++++ + src/core/settings/nm-settings-connection.h | 4 ++++ + 2 files changed, 18 insertions(+) + +diff --git a/src/core/settings/nm-settings-connection.c b/src/core/settings/nm-settings-connection.c +index 1638efcd7e..c0137637ab 100644 +--- a/src/core/settings/nm-settings-connection.c ++++ b/src/core/settings/nm-settings-connection.c +@@ -361,6 +361,20 @@ nm_settings_connection_get_connection(NMSettingsConnection *self) + return NM_SETTINGS_CONNECTION_GET_PRIVATE(self)->connection; + } + ++gpointer ++nm_settings_connection_get_setting(NMSettingsConnection *self, NMMetaSettingType meta_type) ++{ ++ NMConnection *connection; ++ ++ nm_assert(NM_IS_SETTINGS_CONNECTION(self)); ++ ++ connection = NM_SETTINGS_CONNECTION_GET_PRIVATE(self)->connection; ++ ++ nm_assert(NM_IS_SIMPLE_CONNECTION(connection)); ++ ++ return _nm_connection_get_setting_by_metatype_unsafe(connection, meta_type); ++} ++ + void + _nm_settings_connection_set_connection(NMSettingsConnection *self, + NMConnection *new_connection, +diff --git a/src/core/settings/nm-settings-connection.h b/src/core/settings/nm-settings-connection.h +index 893b0d7b74..68d75ab6f4 100644 +--- a/src/core/settings/nm-settings-connection.h ++++ b/src/core/settings/nm-settings-connection.h +@@ -7,6 +7,8 @@ + #ifndef __NETWORKMANAGER_SETTINGS_CONNECTION_H__ + #define __NETWORKMANAGER_SETTINGS_CONNECTION_H__ + ++#include "libnm-core-intern/nm-meta-setting-base.h" ++ + #include "nm-dbus-object.h" + #include "nm-connection.h" + +@@ -218,6 +220,8 @@ GType nm_settings_connection_get_type(void); + NMSettingsConnection *nm_settings_connection_new(void); + + NMConnection *nm_settings_connection_get_connection(NMSettingsConnection *self); ++gpointer nm_settings_connection_get_setting(NMSettingsConnection *self, ++ NMMetaSettingType meta_type); + + void _nm_settings_connection_set_connection(NMSettingsConnection *self, + NMConnection *new_connection, +-- +2.41.0 + + +From 3608f7e2bbdd0e49450c55a7fbf882d360edfd74 Mon Sep 17 00:00:00 2001 +From: Fernando Fernandez Mancera +Date: Tue, 4 Jul 2023 12:50:29 +0200 +Subject: [PATCH 5/5] utils: extend connection matching function for UUID in + controller + +When matching two connections one might be using UUID and the other one +could be using interface-name for the controller property. When +recovering from a fresh start NM does not have any context and when +generating a connection we are using UUID as the controller. + +It is always hard to guess what is the right candidate to pick but at +least something NM can do is checking if the UUID matches a connection +with the same controller interface-name. If there are no other +conflicts, then we can assume that is a good canditate to activate. + +This is a follow up to `dc254f90e2b306700a0b81f7194e9b0438c62f4c`. + +https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1684 +(cherry picked from commit 5b8fdd25ab431dd1318eff00e725448f7c699a30) +(cherry picked from commit 5ca93db6928d7bbeb5ae378512843877359f06ba) +(cherry picked from commit 8c0f262549d5ab34fd06ec0594d0e8fab58fef70) +--- + src/core/NetworkManagerUtils.c | 51 ++++++++++++++++++++++++++++++++++ + 1 file changed, 51 insertions(+) + +diff --git a/src/core/NetworkManagerUtils.c b/src/core/NetworkManagerUtils.c +index f5b7666b0e..c58433e76d 100644 +--- a/src/core/NetworkManagerUtils.c ++++ b/src/core/NetworkManagerUtils.c +@@ -23,6 +23,7 @@ + #include "nm-setting-connection.h" + #include "nm-setting-ip4-config.h" + #include "nm-setting-ip6-config.h" ++#include "settings/nm-settings.h" + #include "libnm-core-intern/nm-core-internal.h" + #include "libnm-platform/nmp-object.h" + +@@ -683,6 +684,53 @@ check_connection_cloned_mac_address(NMConnection *orig, + return FALSE; + } + ++static gboolean ++check_connection_controller(NMConnection *orig, NMConnection *candidate, GHashTable *settings) ++{ ++ GHashTable *props; ++ const char *orig_controller = NULL, *cand_controller = NULL; ++ NMSettingConnection *s_con_orig, *s_con_cand, *s_con_controller; ++ NMSettingsConnection *con_controller; ++ ++ props = check_property_in_hash(settings, ++ NM_SETTING_CONNECTION_SETTING_NAME, ++ NM_SETTING_CONNECTION_MASTER); ++ if (!props) ++ return TRUE; ++ ++ s_con_orig = nm_connection_get_setting_connection(orig); ++ s_con_cand = nm_connection_get_setting_connection(candidate); ++ orig_controller = nm_setting_connection_get_master(s_con_orig); ++ cand_controller = nm_setting_connection_get_master(s_con_cand); ++ ++ /* A generated connection uses the UUID to specify the controller. Accept ++ * candidates that specify as controller an interface name matching that ++ * UUID */ ++ if (orig_controller && cand_controller) { ++ if (nm_utils_is_uuid(orig_controller)) { ++ con_controller = nm_settings_get_connection_by_uuid(NM_SETTINGS_GET, orig_controller); ++ /* no connection found for that uuid */ ++ if (!con_controller) ++ return FALSE; ++ ++ s_con_controller = ++ nm_settings_connection_get_setting(con_controller, NM_META_SETTING_TYPE_CONNECTION); ++ if (nm_streq0(nm_setting_connection_get_interface_name(s_con_controller), ++ cand_controller)) { ++ remove_from_hash(settings, ++ props, ++ NM_SETTING_CONNECTION_SETTING_NAME, ++ NM_SETTING_CONNECTION_MASTER); ++ return TRUE; ++ } else { ++ return FALSE; ++ } ++ } ++ } ++ ++ return FALSE; ++} ++ + static gboolean + check_connection_s390_props(NMConnection *orig, NMConnection *candidate, GHashTable *settings) + { +@@ -764,6 +812,9 @@ check_possible_match(NMConnection *orig, + if (!check_connection_cloned_mac_address(orig, candidate, settings)) + return NULL; + ++ if (!check_connection_controller(orig, candidate, settings)) ++ return NULL; ++ + if (!check_connection_s390_props(orig, candidate, settings)) + return NULL; + +-- +2.41.0 + diff --git a/SOURCES/1014-device-disable-IPv6-in-NetworkManager-when-disabled-rhel-10450.patch b/SOURCES/1014-device-disable-IPv6-in-NetworkManager-when-disabled-rhel-10450.patch new file mode 100644 index 0000000..ac0f5d7 --- /dev/null +++ b/SOURCES/1014-device-disable-IPv6-in-NetworkManager-when-disabled-rhel-10450.patch @@ -0,0 +1,130 @@ +From f240f3d6d901b78fd50b945f08aa4f9d39625c4e Mon Sep 17 00:00:00 2001 +From: Yuki Inoguchi +Date: Tue, 10 Oct 2023 17:50:37 +0900 +Subject: [PATCH] device: disable IPv6 in NetworkManager when disabled in + kernel + +When IPv6 is disabled in kernel but ipv6.method is set to auto, NetworkManager repeatedly attempts +IPv6 configuration internally, resulting in unnecessary warning messages being output infinitely. + + platform-linux: do-add-ip6-address[2: fe80::5054:ff:fe7c:4293]: failure 95 (Operation not supported) + ipv6ll[e898db403d9b5099,ifindex=2]: changed: no IPv6 link local address to retry after Duplicate Address Detection failures (back off) + platform-linux: do-add-ip6-address[2: fe80::5054:ff:fe7c:4293]: failure 95 (Operation not supported) + ipv6ll[e898db403d9b5099,ifindex=2]: changed: no IPv6 link local address to retry after Duplicate Address Detection failures (back off) + platform-linux: do-add-ip6-address[2: fe80::5054:ff:fe7c:4293]: failure 95 (Operation not supported) + ipv6ll[e898db403d9b5099,ifindex=2]: changed: no IPv6 link local address to retry after Duplicate Address Detection failures (back off) + +To prevent this issue, let's disable IPv6 in NetworkManager when it is disabled in the kernel. + +In order to do it in activate_stage3_ip_config() only once during activation, +the firewall initialization needed to be moved earlier. Otherwise, the IPv6 disablement could occur +twice during activation because activate_stage3_ip_config() is also executed from subsequent of fw_change_zone(). + +(cherry picked from commit 50a6386c3ba6ae9b0501e56bd78fd141636770a7) +(cherry picked from commit 4a9cf4c1dd972de11a2d7c6b0dd8328b2dc24f69) +(cherry picked from commit ffef5a47489ee65122a0c532fffdc77707d68231) +Solved some conflicts due to missing 61e1027cc783 ('device: preserve the DHCP lease during reapply') +(cherry picked from commit f407868ee25c06f9a41c72ecd54e83dd4317b4fe) +--- + src/core/devices/nm-device.c | 63 +++++++++++++++++++----------------- + 1 file changed, 33 insertions(+), 30 deletions(-) + +diff --git a/src/core/devices/nm-device.c b/src/core/devices/nm-device.c +index 5748d80393..e54942440f 100644 +--- a/src/core/devices/nm-device.c ++++ b/src/core/devices/nm-device.c +@@ -11556,16 +11556,8 @@ _dev_ipac6_start(NMDevice *self) + NMUtilsIPv6IfaceId iid; + gboolean is_token; + +- if (priv->ipac6_data.state == NM_DEVICE_IP_STATE_NONE) { +- if (!g_file_test("/proc/sys/net/ipv6", G_FILE_TEST_IS_DIR)) { +- _LOGI_ipac6("addrconf6: kernel does not support IPv6"); +- _dev_ipac6_set_state(self, NM_DEVICE_IP_STATE_FAILED); +- _dev_ip_state_check_async(self, AF_INET6); +- return; +- } +- ++ if (priv->ipac6_data.state == NM_DEVICE_IP_STATE_NONE) + _dev_ipac6_set_state(self, NM_DEVICE_IP_STATE_PENDING); +- } + + if (NM_IN_SET(priv->ipll_data_6.state, NM_DEVICE_IP_STATE_NONE, NM_DEVICE_IP_STATE_PENDING)) { + _dev_ipac6_grace_period_start(self, 30, TRUE); +@@ -12092,15 +12084,6 @@ activate_stage3_ip_config(NMDevice *self) + + ifindex = nm_device_get_ip_ifindex(self); + +- if (priv->ip_data_4.do_reapply) { +- _LOGD_ip(AF_INET, "reapply..."); +- _cleanup_ip_pre(self, AF_INET, CLEANUP_TYPE_DECONFIGURE, TRUE); +- } +- if (priv->ip_data_6.do_reapply) { +- _LOGD_ip(AF_INET6, "reapply..."); +- _cleanup_ip_pre(self, AF_INET6, CLEANUP_TYPE_DECONFIGURE, TRUE); +- } +- + /* Add the interface to the specified firewall zone */ + switch (priv->fw_state) { + case FIREWALL_STATE_UNMANAGED: +@@ -12125,6 +12108,38 @@ activate_stage3_ip_config(NMDevice *self) + } + nm_assert(ifindex <= 0 || priv->fw_state == FIREWALL_STATE_INITIALIZED); + ++ ipv4_method = nm_device_get_effective_ip_config_method(self, AF_INET); ++ if (nm_streq(ipv4_method, NM_SETTING_IP4_CONFIG_METHOD_AUTO)) { ++ /* "auto" usually means DHCPv4 or autoconf6, but it doesn't have to be. Subclasses ++ * can overwrite it. For example, you cannot run DHCPv4 on PPP/WireGuard links. */ ++ ipv4_method = klass->get_ip_method_auto(self, AF_INET); ++ } ++ ++ ipv6_method = nm_device_get_effective_ip_config_method(self, AF_INET6); ++ if (!g_file_test("/proc/sys/net/ipv6", G_FILE_TEST_IS_DIR)) { ++ _NMLOG_ip((nm_device_sys_iface_state_is_external(self) ++ || NM_IN_STRSET(ipv6_method, ++ NM_SETTING_IP6_CONFIG_METHOD_AUTO, ++ NM_SETTING_IP6_CONFIG_METHOD_DISABLED, ++ NM_SETTING_IP6_CONFIG_METHOD_IGNORE)) ++ ? LOGL_DEBUG ++ : LOGL_WARN, ++ AF_INET6, ++ "IPv6 not supported by kernel resulting in \"ipv6.method=disabled\""); ++ ipv6_method = NM_SETTING_IP6_CONFIG_METHOD_DISABLED; ++ } else if (nm_streq(ipv6_method, NM_SETTING_IP6_CONFIG_METHOD_AUTO)) { ++ ipv6_method = klass->get_ip_method_auto(self, AF_INET6); ++ } ++ ++ if (priv->ip_data_4.do_reapply) { ++ _LOGD_ip(AF_INET, "reapply..."); ++ _cleanup_ip_pre(self, AF_INET, CLEANUP_TYPE_DECONFIGURE, TRUE); ++ } ++ if (priv->ip_data_6.do_reapply) { ++ _LOGD_ip(AF_INET6, "reapply..."); ++ _cleanup_ip_pre(self, AF_INET6, CLEANUP_TYPE_DECONFIGURE, TRUE); ++ } ++ + if (priv->state < NM_DEVICE_STATE_IP_CONFIG) { + _dev_ip_state_req_timeout_schedule(self, AF_INET); + _dev_ip_state_req_timeout_schedule(self, AF_INET6); +@@ -12150,18 +12165,6 @@ activate_stage3_ip_config(NMDevice *self) + * let's do it! */ + _commit_mtu(self); + +- ipv4_method = nm_device_get_effective_ip_config_method(self, AF_INET); +- if (nm_streq(ipv4_method, NM_SETTING_IP4_CONFIG_METHOD_AUTO)) { +- /* "auto" usually means DHCPv4 or autoconf6, but it doesn't have to be. Subclasses +- * can overwrite it. For example, you cannot run DHCPv4 on PPP/WireGuard links. */ +- ipv4_method = klass->get_ip_method_auto(self, AF_INET); +- } +- +- ipv6_method = nm_device_get_effective_ip_config_method(self, AF_INET6); +- if (nm_streq(ipv6_method, NM_SETTING_IP6_CONFIG_METHOD_AUTO)) { +- ipv6_method = klass->get_ip_method_auto(self, AF_INET6); +- } +- + if (!nm_device_sys_iface_state_is_external(self) + && (!klass->ready_for_ip_config || klass->ready_for_ip_config(self, TRUE))) { + if (priv->ipmanual_data.state_6 == NM_DEVICE_IP_STATE_NONE +-- +2.43.0 + diff --git a/SOURCES/20-connectivity-fedora.conf b/SOURCES/20-connectivity-fedora.conf new file mode 100644 index 0000000..5c9476a --- /dev/null +++ b/SOURCES/20-connectivity-fedora.conf @@ -0,0 +1,10 @@ +# Enable connectivity checking for NetworkManager. +# See `man NetworkManager.conf`. +# +# Note that connectivity checking works badly with rp_filter set to +# strict. Check "/proc/sys/net/ipv4/conf/*/rp_filter". +[connectivity] +enabled=true +uri=http://fedoraproject.org/static/hotspot.txt +response=OK +interval=300 diff --git a/SOURCES/20-connectivity-redhat.conf b/SOURCES/20-connectivity-redhat.conf new file mode 100644 index 0000000..070f030 --- /dev/null +++ b/SOURCES/20-connectivity-redhat.conf @@ -0,0 +1,10 @@ +# Enable connectivity checking for NetworkManager. +# See `man NetworkManager.conf`. +# +# Note that connectivity checking works badly with rp_filter set to +# strict. Check "/proc/sys/net/ipv4/conf/*/rp_filter". +[connectivity] +enabled=true +uri=http://static.redhat.com/test/rhel-networkmanager.txt +response=OK +interval=300 diff --git a/SOURCES/70-nm-connectivity.conf b/SOURCES/70-nm-connectivity.conf new file mode 100644 index 0000000..0e4b0e2 --- /dev/null +++ b/SOURCES/70-nm-connectivity.conf @@ -0,0 +1,15 @@ +# The Strict mode of RFC3704 Reverse Path filtering breaks some pretty +# common and reasonable use cases. +# +# Notably, it makes it impossible for NetworkManager to do connectivity +# check on a newly arriving default route (it starts with a higher metric +# and is bumped lower if there's connectivity). +# +# Kernel's default is 0 (no filter), systemd configures a Loose filter since +# commit 230450d4e4f1 ('sysctl.d: switch net.ipv4.conf.all.rp_filter from 1 +# to 2'). However, RHEL systemd package happens to default to Strict mode +# for historic reasons. Let's override it if we're doing connectivity +# checking. + +# Source route verification +net.ipv4.conf.all.rp_filter = 0 diff --git a/SOURCES/NetworkManager.conf b/SOURCES/NetworkManager.conf new file mode 100644 index 0000000..2fd5127 --- /dev/null +++ b/SOURCES/NetworkManager.conf @@ -0,0 +1,52 @@ +# Configuration file for NetworkManager. +# +# See "man 5 NetworkManager.conf" for details. +# +# The directories /usr/lib/NetworkManager/conf.d/ and /run/NetworkManager/conf.d/ +# can contain additional .conf snippets installed by packages. These files are +# read before NetworkManager.conf and have thus lowest priority. +# The directory /etc/NetworkManager/conf.d/ can contain additional .conf +# snippets. Those snippets are merged last and overwrite the settings from this main +# file. +# +# The files within one conf.d/ directory are read in asciibetical order. +# +# You can prevent loading a file /usr/lib/NetworkManager/conf.d/NAME.conf +# by having a file NAME.conf in either /run/NetworkManager/conf.d/ or /etc/NetworkManager/conf.d/. +# Likewise, snippets from /run can be prevented from loading by placing +# a file with the same name in /etc/NetworkManager/conf.d/. +# +# If two files define the same key, the one that is read afterwards will overwrite +# the previous one. + +[main] +#plugins=ifcfg-rh + + +[logging] +# When debugging NetworkManager, enabling debug logging is of great help. +# +# Logfiles contain no passwords and little sensitive information. But please +# check before posting the file online. You can also personally hand over the +# logfile to a NM developer to treat it confidential. Meet us on #nm on Libera.Chat. +# +# You can also change the log-level at runtime via +# $ nmcli general logging level TRACE domains ALL +# However, usually it's cleaner to enable debug logging +# in the configuration and restart NetworkManager so that +# debug logging is enabled from the start. +# +# You will find the logfiles in syslog, for example via +# $ journalctl -u NetworkManager +# +# Please post full logfiles for bug reports without pre-filtering or truncation. +# Also, for debugging the entire `journalctl` output can be interesting. Don't +# limit unnecessarily with `journalctl -u`. Exceptions are if you are worried +# about private data. Check before posting logfiles! +# +# Note that debug logging of NetworkManager can be quite verbose. Some messages +# might be rate-limited by the logging daemon (see RateLimitIntervalSec, RateLimitBurst +# in man journald.conf). Please disable rate-limiting before collecting debug logs! +# +#level=TRACE +#domains=ALL diff --git a/SOURCES/readme-ifcfg-rh.txt b/SOURCES/readme-ifcfg-rh.txt new file mode 100644 index 0000000..b69a681 --- /dev/null +++ b/SOURCES/readme-ifcfg-rh.txt @@ -0,0 +1,31 @@ +NetworkManager stores new network profiles in keyfile format in the +/etc/NetworkManager/system-connections/ directory. + +Previously, NetworkManager stored network profiles in ifcfg format +in this directory (/etc/sysconfig/network-scripts/). However, the ifcfg +format is deprecated. By default, NetworkManager no longer creates +new profiles in this format. + +Connection profiles in keyfile format have many benefits. For example, +this format is INI file-based and can easily be parsed and generated. + +Each section in NetworkManager keyfiles corresponds to a NetworkManager +setting name as described in the nm-settings(5) and nm-settings-keyfile(5) +man pages. Each key-value-pair in a section is one of the properties +listed in the settings specification of the man page. + +If you still use network profiles in ifcfg format, consider migrating +them to keyfile format. To migrate all profiles at once, enter: + +# nmcli connection migrate + +This command migrates all profiles from ifcfg format to keyfile +format and stores them in /etc/NetworkManager/system-connections/. + +Alternatively, to migrate only a specific profile, enter: + +# nmcli connection migrate + +For further details, see: +* nm-settings-keyfile(5) +* nmcli(1) diff --git a/SPECS/NetworkManager.spec b/SPECS/NetworkManager.spec new file mode 100644 index 0000000..98b936f --- /dev/null +++ b/SPECS/NetworkManager.spec @@ -0,0 +1,4325 @@ +%global wpa_supplicant_version 1:1.1 + +%global ppp_version %(sed -n 's/^#define\\s*VERSION\\s*"\\([^\\s]*\\)"$/\\1/p' %{_includedir}/pppd/patchlevel.h 2>/dev/null | grep . || echo bad) +%global glib2_version %(pkg-config --modversion glib-2.0 2>/dev/null || echo bad) + +%global epoch_version 1 +%global real_version 1.40.16 +%global rpm_version %{real_version} +%global release_version 15 +%global snapshot %{nil} +%global git_sha %{nil} +%global bcond_default_debug 0 +%global bcond_default_test 0 + +%global obsoletes_device_plugins 1:0.9.9.95-1 +%global obsoletes_ppp_plugin 1:1.5.3 +%global obsoletes_initscripts_updown 1:1.36.0-0.6 +%global obsoletes_ifcfg_rh 1:1.36.2 + +%global nmlibdir %{_prefix}/lib/%{name} +%global nmplugindir %{_libdir}/%{name}/%{version}-%{release} + +%global _hardened_build 1 + +%if "x%{?snapshot}" != "x" +%global snapshot_dot .%{snapshot} +%endif +%if "x%{?git_sha}" != "x" +%global git_sha_dot .%{git_sha} +%endif + +%global snap %{?snapshot_dot}%{?git_sha_dot} + +%global real_version_major %(printf '%s' '%{real_version}' | sed -n 's/^\\([1-9][0-9]*\\.[0-9][0-9]*\\)\\.[0-9][0-9]*$/\\1/p') + +%global systemd_units NetworkManager.service NetworkManager-wait-online.service NetworkManager-dispatcher.service + +%global systemd_units_cloud_setup nm-cloud-setup.service nm-cloud-setup.timer + +############################################################################### + +%bcond_with meson +%bcond_without adsl +%bcond_without bluetooth +%bcond_without wwan +%bcond_without team +%bcond_without wifi +%bcond_without ovs +%bcond_without ppp +%bcond_without nmtui +%bcond_without nm_cloud_setup +%bcond_without regen_docs +%if %{bcond_default_debug} +%bcond_without debug +%else +%bcond_with debug +%endif +%if %{bcond_default_test} +%bcond_without test +%else +%bcond_with test +%endif +%if 0%{?fedora} >= 33 || 0%{?rhel} >= 9 +%bcond_without lto +%else +%bcond_with lto +%endif +%bcond_with sanitizer +%if 0%{?fedora} +%bcond_without connectivity_fedora +%else +%bcond_with connectivity_fedora +%endif +%if 0%{?rhel} && 0%{?rhel} >= 8 +%bcond_without connectivity_redhat +%else +%bcond_with connectivity_redhat +%endif +%if 0%{?fedora} >= 29 || 0%{?rhel} >= 8 +%bcond_without crypto_gnutls +%else +%bcond_with crypto_gnutls +%endif +%if 0%{?rhel} +%bcond_with iwd +%else +%bcond_without iwd +%endif +%if 0%{?fedora} >= 32 || 0%{?rhel} >= 8 +%bcond_without firewalld_zone +%else +%bcond_with firewalld_zone +%endif + +############################################################################### + +%if 0%{?fedora} || 0%{?rhel} >= 8 +%global dbus_version 1.9.18 +%global dbus_sys_dir %{_datadir}/dbus-1/system.d +%else +%global dbus_version 1.1 +%global dbus_sys_dir %{_sysconfdir}/dbus-1/system.d +%endif + +# Older libndp versions use select() (rh#1933041). On well known distros, +# choose a version that has the necessary fix. +%if 0%{?rhel} && 0%{?rhel} == 8 +%global libndp_version 1.7-4 +%else +%global libndp_version %{nil} +%endif + +%if %{with bluetooth} || %{with wwan} +%global with_modem_manager_1 1 +%else +%global with_modem_manager_1 0 +%endif + +%if 0%{?fedora} >= 31 || 0%{?rhel} >= 8 +%global dhcp_default internal +%else +%global dhcp_default dhclient +%endif + +%if 0%{?fedora} || 0%{?rhel} >= 8 +%global logging_backend_default journal +%if 0%{?fedora} || 0%{?rhel} >= 9 +%global dns_rc_manager_default auto +%else +%global dns_rc_manager_default symlink +%endif +%else +%global logging_backend_default syslog +%global dns_rc_manager_default file +%endif + +%if 0%{?fedora} >= 33 || 0%{?rhel} >= 9 +%global config_plugins_default_ifcfg_rh 0 +%else +%global config_plugins_default_ifcfg_rh 1 +%endif + +%if 0%{?fedora} >= 36 || 0%{?rhel} >= 10 +%global split_ifcfg_rh 1 +%else +%global split_ifcfg_rh 0 +%endif + +%if 0%{?fedora} >= 36 || 0%{?rhel} >= 9 +%global ifcfg_warning 1 +%else +%global ifcfg_warning 0 +%endif + +%if 0%{?fedora} +# Although eBPF would be available on Fedora's kernel, it seems +# we often get SELinux denials (rh#1651654). But even aside them, +# bpf(BPF_MAP_CREATE, ...) randomly fails with EPERM. That might +# be related to `ulimit -l`. Anyway, this is not usable at the +# moment. +%global ebpf_enabled "no" +%else +%global ebpf_enabled "no" +%endif + +# Fedora 33 enables LTO by default by setting CFLAGS="-flto -ffat-lto-objects". +# However, we also require "-flto -flto-partition=none", so disable Fedora's +# default and use our configure option --with-lto instead. +%define _lto_cflags %{nil} + +############################################################################### + +Name: NetworkManager +Summary: Network connection manager and user applications +Epoch: %{epoch_version} +Version: %{rpm_version} +Release: %{release_version}%{?snap}%{?dist} +Group: System Environment/Base +License: GPLv2+ and LGPLv2+ +URL: https://networkmanager.dev/ + +Source: https://download.gnome.org/sources/NetworkManager/%{real_version_major}/%{name}-%{real_version}.tar.xz +Source1: NetworkManager.conf +Source2: 00-server.conf +Source4: 20-connectivity-fedora.conf +Source5: 20-connectivity-redhat.conf +Source6: 70-nm-connectivity.conf +Source7: readme-ifcfg-rh.txt + +# RHEL downstream patches that change behavior from upstream. +# These are not bugfixes, hence they are also relevant after +# the next rebase of the source tarball. +Patch1: 0001-cloud-setup-systemd-unit-rh1791758.patch +Patch2: 0002-firewall-Default-to-iptables-backend-to-preserve-behavior.patch +Patch3: 0003-order-ipv6-addresses.patch + +# Bugfixes that are only relevant until next rebase of the package. +# Patch1001: 1001-some.patch +Patch1001: 1001-cloud-setup-IMDSv2-rh2151987.patch +Patch1002: 1002-dns-add-support-to-no-aaaa-option-rh2144521.patch +Patch1003: 1003-suppport-bond-port-prio-rh1920398.patch +Patch1004: 1004-team-don-t-try-to-connect-to-teamd-in-update_connect-rh2182029.patch +Patch1005: 1005-ipv6ll-don-t-regenerate-the-address-when-removed-rh2209353.patch +Patch1006: 1006-fix-read-infiniband-from-ifcfg-rh2209164.patch +Patch1007: 1007-unblock-autoconnect-on-reapply-rh2207690.patch +Patch1008: 1008-cloud-setup-fix-terminating-in-reconfig-rh2221903.patch +Patch1009: 1009-manager-allow-controller-activation-if-device-is-dea-rhel-5119.patch +Patch1010: 1010-fix-l3cd-comparison-rhel-8423.patch +Patch1011: 1011-dispatch-dns-change-event-rhel-10195.patch +Patch1012: 1012-device-do-not-set-MAC-address-on-iface-with-index-0-rhel-16008.patch +Patch1013: 1013-fix-matching-existing-connection-by-UUID-on-restart-rhel-5119.patch +Patch1014: 1014-device-disable-IPv6-in-NetworkManager-when-disabled-rhel-10450.patch + +Requires(post): systemd +%if 0%{?fedora} || 0%{?rhel} >= 8 +Requires(post): systemd-udev +%endif +Requires(post): /usr/sbin/update-alternatives +Requires(preun): systemd +Requires(preun): /usr/sbin/update-alternatives +Requires(postun): systemd + +Requires: dbus >= %{dbus_version} +Requires: glib2 >= %{glib2_version} +Requires: %{name}-libnm%{?_isa} = %{epoch}:%{version}-%{release} +%if "%{libndp_version}" != "" +Requires: libndp >= %{libndp_version} +%endif +Obsoletes: NetworkManager < %{obsoletes_device_plugins} +Obsoletes: NetworkManager < %{obsoletes_ppp_plugin} +Obsoletes: NetworkManager-wimax < 1.2 +%if 0%{?rhel} && 0%{?rhel} == 8 +Suggests: NetworkManager-initscripts-updown +%endif +Obsoletes: NetworkManager < %{obsoletes_initscripts_updown} +%if 0%{?split_ifcfg_rh} +Obsoletes: NetworkManager < %{obsoletes_ifcfg_rh} +%endif + +%if 0%{?rhel} && 0%{?rhel} <= 7 +# Kept for RHEL to ensure that wired 802.1x works out of the box +Requires: wpa_supplicant >= 1:1.1 +%endif + +Conflicts: NetworkManager-vpnc < 1:0.7.0.99-1 +Conflicts: NetworkManager-openvpn < 1:0.7.0.99-1 +Conflicts: NetworkManager-pptp < 1:0.7.0.99-1 +Conflicts: NetworkManager-openconnect < 0:0.7.0.99-1 +Conflicts: kde-plasma-networkmanagement < 1:0.9-0.49.20110527git.nm09 + +BuildRequires: make +BuildRequires: gcc +BuildRequires: libtool +BuildRequires: pkgconfig +%if %{with meson} +BuildRequires: meson +%else +BuildRequires: automake +BuildRequires: autoconf +%endif +BuildRequires: gettext-devel >= 0.19.8 + +BuildRequires: dbus-devel >= %{dbus_version} +BuildRequires: glib2-devel >= 2.40.0 +BuildRequires: gobject-introspection-devel >= 0.10.3 +%if %{with ppp} +BuildRequires: ppp-devel >= 2.4.5 +%endif +%if %{with crypto_gnutls} +BuildRequires: gnutls-devel >= 2.12 +%else +BuildRequires: nss-devel >= 3.11.7 +%endif +BuildRequires: dhclient +BuildRequires: readline-devel +BuildRequires: audit-libs-devel +%if %{with regen_docs} +BuildRequires: gtk-doc +%endif +BuildRequires: libudev-devel +BuildRequires: libuuid-devel +BuildRequires: /usr/bin/valac +BuildRequires: libxslt +%if %{with bluetooth} +BuildRequires: bluez-libs-devel +%endif +BuildRequires: systemd >= 200-3 systemd-devel +%if 0%{?fedora} +BuildRequires: libpsl-devel >= 0.1 +%endif +BuildRequires: libcurl-devel +BuildRequires: libndp-devel >= 1.0 +%if 0%{?with_modem_manager_1} +BuildRequires: ModemManager-glib-devel >= 1.0 +%endif +%if %{with wwan} +BuildRequires: mobile-broadband-provider-info-devel +%endif +%if %{with nmtui} +BuildRequires: newt-devel +%endif +BuildRequires: /usr/bin/dbus-launch +%if 0%{?fedora} >= 28 || 0%{?rhel} >= 8 +BuildRequires: python3 +BuildRequires: python3-gobject-base +BuildRequires: python3-dbus +BuildRequires: python3-pexpect +%else +BuildRequires: python2 +BuildRequires: pygobject3-base +BuildRequires: dbus-python +BuildRequires: pexpect +%endif +BuildRequires: libselinux-devel +BuildRequires: polkit-devel +BuildRequires: jansson-devel +%if %{with sanitizer} +BuildRequires: libasan +%if 0%{?fedora} || 0%{?rhel} >= 8 +BuildRequires: libubsan +%endif +%endif +%if %{with firewalld_zone} +BuildRequires: firewalld-filesystem +%endif +BuildRequires: iproute +%if 0%{?fedora} || 0%{?rhel} >= 8 +BuildRequires: iproute-tc +%endif + +Provides: %{name}-dispatcher%{?_isa} = %{epoch}:%{version}-%{release} + +# NetworkManager uses various parts of systemd-networkd internally, including +# DHCP client, IPv4 Link-Local address negotiation or LLDP support. +# This provide is essentially here so that NetworkManager shows on Security +# Response Team's radar in case a flaw is found. The code is frequently +# synchronized and thus it's not easy to establish a good version number +# here. The version of zero is there just to have something conservative so +# that the scripts that would parse the SPEC file naively would be unlikely +# to fail. Refer to git log for the real date and commit number of last +# synchronization: +# https://gitlab.freedesktop.org/NetworkManager/NetworkManager/commits/main/src/ +Provides: bundled(systemd) = 0 + + +%description +NetworkManager is a system service that manages network interfaces and +connections based on user or automatic configuration. It supports +Ethernet, Bridge, Bond, VLAN, Team, InfiniBand, Wi-Fi, mobile broadband +(WWAN), PPPoE and other devices, and supports a variety of different VPN +services. + + +%if %{with adsl} +%package adsl +Summary: ADSL device plugin for NetworkManager +Group: System Environment/Base +Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release} +Obsoletes: NetworkManager < %{obsoletes_device_plugins} + +%description adsl +This package contains NetworkManager support for ADSL devices. +%endif + + +%if %{with bluetooth} +%package bluetooth +Summary: Bluetooth device plugin for NetworkManager +Group: System Environment/Base +Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release} +Requires: NetworkManager-wwan = %{epoch}:%{version}-%{release} +%if 0%{?rhel} && 0%{?rhel} <= 7 +# No Requires:bluez to prevent it being installed when updating +# to the split NM package +%else +Requires: bluez >= 4.101-5 +%endif +Obsoletes: NetworkManager < %{obsoletes_device_plugins} + +%description bluetooth +This package contains NetworkManager support for Bluetooth devices. +%endif + + +%if %{with team} +%package team +Summary: Team device plugin for NetworkManager +Group: System Environment/Base +BuildRequires: teamd-devel +Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release} +Obsoletes: NetworkManager < %{obsoletes_device_plugins} +%if 0%{?fedora} || 0%{?rhel} >= 8 +# Team was split from main NM binary between 0.9.10 and 1.0 +# We need this Obsoletes in addition to the one above +# (git:3aede801521ef7bff039e6e3f1b3c7b566b4338d). +Obsoletes: NetworkManager < 1:1.0.0 +%endif + +%description team +This package contains NetworkManager support for team devices. +%endif + + +%if %{with wifi} +%package wifi +Summary: Wifi plugin for NetworkManager +Group: System Environment/Base +Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release} + +%if 0%{?fedora} >= 29 || 0%{?rhel} >= 9 +Requires: wireless-regdb +%else +Requires: crda +%endif + +%if %{with iwd} && (0%{?fedora} >= 25 || 0%{?rhel} >= 8) +Requires: (wpa_supplicant >= %{wpa_supplicant_version} or iwd) +Suggests: wpa_supplicant +%else +# Just require wpa_supplicant on platforms that don't support boolean +# dependencies even though the plugin supports both supplicant and +# iwd backend. +Requires: wpa_supplicant >= %{wpa_supplicant_version} +%endif + +Obsoletes: NetworkManager < %{obsoletes_device_plugins} + +%description wifi +This package contains NetworkManager support for Wifi and OLPC devices. +%endif + + +%if %{with wwan} +%package wwan +Summary: Mobile broadband device plugin for NetworkManager +Group: System Environment/Base +Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release} +%if 0%{?rhel} && 0%{?rhel} <= 7 +# No Requires:ModemManager to prevent it being installed when updating +# to the split NM package +%else +Requires: ModemManager +%endif +Obsoletes: NetworkManager < %{obsoletes_device_plugins} + +%description wwan +This package contains NetworkManager support for mobile broadband (WWAN) +devices. +%endif + + +%if %{with ovs} +%package ovs +Summary: Open vSwitch device plugin for NetworkManager +Group: System Environment/Base +Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release} +%if 0%{?rhel} == 0 +Requires: openvswitch +%endif + +%description ovs +This package contains NetworkManager support for Open vSwitch bridges. +%endif + + +%if %{with ppp} +%package ppp +Summary: PPP plugin for NetworkManager +Group: System Environment/Base +Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release} +Requires: ppp = %{ppp_version} +Requires: NetworkManager = %{epoch}:%{version}-%{release} +Obsoletes: NetworkManager < %{obsoletes_ppp_plugin} + +%description ppp +This package contains NetworkManager support for PPP. +%endif + + +%package libnm +Summary: Libraries for adding NetworkManager support to applications. +Group: Development/Libraries +Conflicts: NetworkManager-glib < 1:1.31.0 +License: LGPLv2+ + +%description libnm +This package contains the libraries that make it easier to use some +NetworkManager functionality from applications. + + +%package libnm-devel +Summary: Header files for adding NetworkManager support to applications. +Group: Development/Libraries +Requires: %{name}-libnm%{?_isa} = %{epoch}:%{version}-%{release} +Requires: glib2-devel +Requires: pkgconfig +License: LGPLv2+ + +%description libnm-devel +This package contains the header and pkg-config files for development +applications using NetworkManager functionality from applications. + + +%if %{with connectivity_fedora} +%package config-connectivity-fedora +Summary: NetworkManager config file for connectivity checking via Fedora servers +Group: System Environment/Base +BuildArch: noarch +Provides: NetworkManager-config-connectivity = %{epoch}:%{version}-%{release} + +%description config-connectivity-fedora +This adds a NetworkManager configuration file to enable connectivity checking +via Fedora infrastructure. +%endif + + +%if %{with connectivity_redhat} +%package config-connectivity-redhat +Summary: NetworkManager config file for connectivity checking via Red Hat servers +Group: System Environment/Base +BuildArch: noarch +Provides: NetworkManager-config-connectivity = %{epoch}:%{version}-%{release} + +%description config-connectivity-redhat +This adds a NetworkManager configuration file to enable connectivity checking +via Red Hat infrastructure. +%endif + + +%package config-server +Summary: NetworkManager config file for "server-like" defaults +Group: System Environment/Base +BuildArch: noarch + +%description config-server +This adds a NetworkManager configuration file to make it behave more +like the old "network" service. In particular, it stops NetworkManager +from automatically running DHCP on unconfigured ethernet devices, and +allows connections with static IP addresses to be brought up even on +ethernet devices with no carrier. + +This package is intended to be installed by default for server +deployments. + + +%package dispatcher-routing-rules +Summary: NetworkManager dispatcher file for advanced routing rules +Group: System Environment/Base +%if 0%{?split_ifcfg_rh} +Requires: %{name}-initscripts-ifcfg-rh +%endif +BuildArch: noarch +Provides: %{name}-config-routing-rules = %{epoch}:%{version}-%{release} +Obsoletes: %{name}-config-routing-rules < 1:1.31.0 + +%description dispatcher-routing-rules +This adds a NetworkManager dispatcher file to support networking +configurations using "/etc/sysconfig/network-scripts/rule-NAME" files +(eg, to do policy-based routing). + + +%if %{with nmtui} +%package tui +Summary: NetworkManager curses-based UI +Group: System Environment/Base +Requires: %{name} = %{epoch}:%{version}-%{release} +Requires: %{name}-libnm%{?_isa} = %{epoch}:%{version}-%{release} + +%description tui +This adds a curses-based "TUI" (Text User Interface) to +NetworkManager, to allow performing some of the operations supported +by nm-connection-editor and nm-applet in a non-graphical environment. +%endif + + +%if 0%{?split_ifcfg_rh} +%package initscripts-ifcfg-rh +Summary: NetworkManager plugin for reading and writing connections in ifcfg-rh format +Group: System Environment/Base +Requires: %{name} = %{epoch}:%{version}-%{release} +Obsoletes: NetworkManager < %{obsoletes_ifcfg_rh} + +%description initscripts-ifcfg-rh +Installs a plugin for reading and writing connection profiles using +the Red Hat ifcfg format in /etc/sysconfig/network-scripts/. +%endif + + +%if %{with nm_cloud_setup} +%package cloud-setup +Summary: Automatically configure NetworkManager in cloud +Group: System Environment/Base +Requires: %{name} = %{epoch}:%{version}-%{release} +Requires: %{name}-libnm%{?_isa} = %{epoch}:%{version}-%{release} + +%description cloud-setup +Installs a nm-cloud-setup tool that can automatically configure +NetworkManager in cloud setups. Currently only EC2 is supported. +This tool is still experimental. +%endif + + +%package initscripts-updown +Summary: Legacy ifup/ifdown scripts for NetworkManager that replace initscripts (network-scripts) +Group: System Environment/Base +BuildArch: noarch +Requires: NetworkManager +Requires: /usr/bin/nmcli +Obsoletes: NetworkManager < %{obsoletes_initscripts_updown} + +%description initscripts-updown +Installs alternative ifup/ifdown scripts that talk to NetworkManager. +This is only for backward compatibility with initscripts (network-scripts). +Preferably use nmcli instead. + + +%prep +%autosetup -p1 -n NetworkManager-%{real_version} + + +%build +%if %{with meson} +%meson \ + -Db_ndebug=false \ + --warnlevel 2 \ +%if %{with test} + --werror \ +%endif + -Dnft=/usr/sbin/nft \ + -Diptables=/usr/sbin/iptables \ + -Ddhcpcanon=no \ + -Ddhcpcd=no \ + -Dconfig_dhcp_default=%{dhcp_default} \ +%if %{with crypto_gnutls} + -Dcrypto=gnutls \ +%else + -Dcrypto=nss \ +%endif +%if %{with debug} + -Dmore_logging=true \ + -Dmore_asserts=10000 \ +%else + -Dmore_logging=false \ + -Dmore_asserts=0 \ +%endif + -Dld_gc=true \ +%if %{with lto} + -D b_lto=true \ +%else + -D b_lto=false \ +%endif + -Dlibaudit=yes-disabled-by-default \ +%if 0%{?with_modem_manager_1} + -Dmodem_manager=true \ +%else + -Dmodem_manager=false \ +%endif +%if %{with wifi} + -Dwifi=true \ +%if 0%{?fedora} + -Dwext=true \ +%else + -Dwext=false \ +%endif +%else + -Dwifi=false \ +%endif +%if %{with iwd} + -Diwd=true \ +%else + -Diwd=false \ +%endif +%if %{with bluetooth} + -Dbluez5_dun=true \ +%else + -Dbluez5_dun=false \ +%endif +%if %{with nmtui} + -Dnmtui=true \ +%else + -Dnmtui=false \ +%endif +%if %{with nm_cloud_setup} + -Dnm_cloud_setup=true \ +%else + -Dnm_cloud_setup=false \ +%endif + -Dvapi=true \ + -Dintrospection=true \ +%if %{with regen_docs} + -Ddocs=true \ +%else + -Ddocs=false \ +%endif +%if %{with team} + -Dteamdctl=true \ +%else + -Dteamdctl=false \ +%endif +%if %{with ovs} + -Dovs=true \ +%else + -Dovs=false \ +%endif + -Dselinux=true \ + -Dpolkit=true \ + -Dconfig_auth_polkit_default=true \ + -Dmodify_system=true \ + -Dconcheck=true \ +%if 0%{?fedora} + -Dlibpsl=true \ +%else + -Dlibpsl=false \ +%endif +%if %{ebpf_enabled} != "yes" + -Debpf=false \ +%else + -Debpf=true \ +%endif + -Dsession_tracking=systemd \ + -Dsuspend_resume=systemd \ + -Dsystem_ca_path=/etc/pki/tls/cert.pem \ + -Ddbus_conf_dir=%{dbus_sys_dir} \ + -Dtests=yes \ + -Dvalgrind=no \ + -Difcfg_rh=true \ + -Difupdown=false \ +%if %{with ppp} + -Dpppd_plugin_dir=%{_libdir}/pppd/%{ppp_version} \ + -Dppp=true \ +%endif +%if %{with firewalld_zone} + -Dfirewalld_zone=true \ +%else + -Dfirewalld_zone=false \ +%endif + -Ddist_version=%{version}-%{release} \ +%if %{?config_plugins_default_ifcfg_rh} + -Dconfig_plugins_default=ifcfg-rh \ +%endif + -Dresolvconf=no \ + -Dnetconfig=no \ + -Dconfig_dns_rc_manager_default=%{dns_rc_manager_default} \ + -Dconfig_logging_backend_default=%{logging_backend_default} + +%meson_build + +%else +# autotools +%if %{with regen_docs} +gtkdocize +%endif +autoreconf --install --force +%configure \ + --with-runstatedir=%{_rundir} \ + --enable-silent-rules=no \ + --enable-static=no \ + --with-nft=/usr/sbin/nft \ + --with-iptables=/usr/sbin/iptables \ + --with-dhclient=yes \ + --with-dhcpcd=no \ + --with-dhcpcanon=no \ + --with-config-dhcp-default=%{dhcp_default} \ +%if %{with crypto_gnutls} + --with-crypto=gnutls \ +%else + --with-crypto=nss \ +%endif +%if %{with sanitizer} + --with-address-sanitizer=exec \ +%if 0%{?fedora} || 0%{?rhel} >= 8 + --enable-undefined-sanitizer=yes \ +%else + --enable-undefined-sanitizer=no \ +%endif +%else + --with-address-sanitizer=no \ + --enable-undefined-sanitizer=no \ +%endif +%if %{with debug} + --enable-more-logging=yes \ + --with-more-asserts=10000 \ +%else + --enable-more-logging=no \ + --with-more-asserts=0 \ +%endif + --enable-ld-gc=yes \ +%if %{with lto} + --enable-lto=yes \ +%else + --enable-lto=no \ +%endif + --with-libaudit=yes-disabled-by-default \ +%if 0%{?with_modem_manager_1} + --with-modem-manager-1=yes \ +%else + --with-modem-manager-1=no \ +%endif +%if %{with wifi} + --enable-wifi=yes \ +%if 0%{?fedora} + --with-wext=yes \ +%else + --with-wext=no \ +%endif +%else + --enable-wifi=no \ +%endif +%if %{with iwd} + --with-iwd=yes \ +%else + --with-iwd=no \ +%endif +%if %{with bluetooth} + --enable-bluez5-dun=yes \ +%else + --enable-bluez5-dun=no \ +%endif +%if %{with nmtui} + --with-nmtui=yes \ +%else + --with-nmtui=no \ +%endif +%if %{with nm_cloud_setup} + --with-nm-cloud-setup=yes \ +%else + --with-nm-cloud-setup=no \ +%endif + --enable-vala=yes \ + --enable-introspection=yes \ +%if %{with regen_docs} + --enable-gtk-doc=yes \ +%else + --enable-gtk-doc=no \ +%endif +%if %{with team} + --enable-teamdctl=yes \ +%else + --enable-teamdctl=no \ +%endif +%if %{with ovs} + --enable-ovs=yes \ +%else + --enable-ovs=no \ +%endif + --with-selinux=yes \ + --enable-polkit=yes \ + --enable-modify-system=yes \ + --enable-concheck=yes \ +%if 0%{?fedora} + --with-libpsl=yes \ +%else + --with-libpsl=no \ +%endif + --with-ebpf=%{ebpf_enabled} \ + --with-session-tracking=systemd \ + --with-suspend-resume=systemd \ + --with-system-ca-path=/etc/pki/tls/cert.pem \ + --with-dbus-sys-dir=%{dbus_sys_dir} \ + --with-tests=yes \ +%if %{with test} + --enable-more-warnings=error \ +%else + --enable-more-warnings=yes \ +%endif + --with-valgrind=no \ + --enable-ifcfg-rh=yes \ + --enable-ifupdown=no \ +%if %{with ppp} + --with-pppd-plugin-dir=%{_libdir}/pppd/%{ppp_version} \ + --enable-ppp=yes \ +%endif +%if %{with firewalld_zone} + --enable-firewalld-zone=yes \ +%else + --enable-firewalld-zone=no \ +%endif + --with-dist-version=%{version}-%{release} \ +%if %{?config_plugins_default_ifcfg_rh} + --with-config-plugins-default=ifcfg-rh \ +%endif + --with-resolvconf=no \ + --with-netconfig=no \ + --with-config-dns-rc-manager-default=%{dns_rc_manager_default} \ + --with-config-logging-backend-default=%{logging_backend_default} + +%make_build + +%endif + +%install +%if %{with meson} +%meson_install +%else +%make_install +%endif + +cp %{SOURCE1} %{buildroot}%{_sysconfdir}/%{name}/ + +cp %{SOURCE2} %{buildroot}%{nmlibdir}/conf.d/ + +%if %{with connectivity_fedora} +cp %{SOURCE4} %{buildroot}%{nmlibdir}/conf.d/ +%endif + +%if %{with connectivity_redhat} +cp %{SOURCE5} %{buildroot}%{nmlibdir}/conf.d/ +mkdir -p %{buildroot}%{_sysctldir} +cp %{SOURCE6} %{buildroot}%{_sysctldir} +%endif + +%if 0%{?ifcfg_warning} +cp %{SOURCE7} %{buildroot}%{_sysconfdir}/sysconfig/network-scripts +%endif + +cp examples/dispatcher/10-ifcfg-rh-routes.sh %{buildroot}%{nmlibdir}/dispatcher.d/ +ln -s ../no-wait.d/10-ifcfg-rh-routes.sh %{buildroot}%{nmlibdir}/dispatcher.d/pre-up.d/ +ln -s ../10-ifcfg-rh-routes.sh %{buildroot}%{nmlibdir}/dispatcher.d/no-wait.d/ + +%find_lang %{name} + +rm -f %{buildroot}%{_libdir}/*.la +rm -f %{buildroot}%{_libdir}/pppd/%{ppp_version}/*.la +rm -f %{buildroot}%{nmplugindir}/*.la + +# Ensure the documentation timestamps are constant to avoid multilib conflicts +find %{buildroot}%{_datadir}/gtk-doc -exec touch --reference configure.ac '{}' \+ + +%if 0%{?__debug_package} +mkdir -p %{buildroot}%{_prefix}/src/debug/NetworkManager-%{real_version} +cp valgrind.suppressions %{buildroot}%{_prefix}/src/debug/NetworkManager-%{real_version} +%endif + +touch %{buildroot}%{_sbindir}/ifup +touch %{buildroot}%{_sbindir}/ifdown + + +%check +%if %{with meson} +%if %{with test} +%meson_test +%else +%ninja_test -C %{_vpath_builddir} || : +%endif +%else +# autotools +%if %{with test} +make -k %{?_smp_mflags} check +%else +make -k %{?_smp_mflags} check || : +%endif +%endif + + +%pre +if [ -f "%{_unitdir}/network-online.target.wants/NetworkManager-wait-online.service" ] ; then + # older versions used to install this file, effectively always enabling + # NetworkManager-wait-online.service. We no longer do that and rely on + # preset. + # But on package upgrade we must explicitly enable it (rh#1455704). + systemctl enable NetworkManager-wait-online.service || : +fi + + +%post +# skip triggering if udevd isn't even accessible, e.g. containers or +# rpm-ostree-based systems +if [ -S /run/udev/control ]; then + /usr/bin/udevadm control --reload-rules || : + /usr/bin/udevadm trigger --subsystem-match=net || : +fi +%if %{with firewalld_zone} +%firewalld_reload +%endif + +%systemd_post %{systemd_units} + + +%post initscripts-updown +if [ -f %{_sbindir}/ifup -a ! -L %{_sbindir}/ifup ]; then + # initscripts package too old, won't let us set an alternative + /usr/sbin/update-alternatives --remove ifup %{_libexecdir}/nm-ifup >/dev/null 2>&1 || : +else + /usr/sbin/update-alternatives --install %{_sbindir}/ifup ifup %{_libexecdir}/nm-ifup 50 \ + --slave %{_sbindir}/ifdown ifdown %{_libexecdir}/nm-ifdown +fi + + +%if %{with nm_cloud_setup} +%post cloud-setup +%systemd_post %{systemd_units_cloud_setup} +%endif + + +%preun +if [ $1 -eq 0 ]; then + # Package removal, not upgrade + /bin/systemctl --no-reload disable NetworkManager.service >/dev/null 2>&1 || : + + # Don't kill networking entirely just on package remove + #/bin/systemctl stop NetworkManager.service >/dev/null 2>&1 || : +fi +%systemd_preun NetworkManager-wait-online.service NetworkManager-dispatcher.service + + +%preun initscripts-updown +if [ $1 -eq 0 ]; then + /usr/sbin/update-alternatives --remove ifup %{_libexecdir}/nm-ifup >/dev/null 2>&1 || : +fi + + +%if %{with nm_cloud_setup} +%preun cloud-setup +%systemd_preun %{systemd_units_cloud_setup} +%endif + + +%postun +/usr/bin/udevadm control --reload-rules || : +/usr/bin/udevadm trigger --subsystem-match=net || : +%if %{with firewalld_zone} +%firewalld_reload +%endif + +%systemd_postun %{systemd_units} + + +%if (0%{?fedora} && 0%{?fedora} < 28) || 0%{?rhel} +%post libnm -p /sbin/ldconfig +%postun libnm -p /sbin/ldconfig +%endif + + +%if %{with nm_cloud_setup} +%postun cloud-setup +%systemd_postun %{systemd_units_cloud_setup} +%endif + + +%files +%{dbus_sys_dir}/org.freedesktop.NetworkManager.conf +%{dbus_sys_dir}/nm-dispatcher.conf +%exclude %{dbus_sys_dir}/nm-priv-helper.conf +%if 0%{?split_ifcfg_rh} == 0 +%{dbus_sys_dir}/nm-ifcfg-rh.conf +%endif +%{_sbindir}/%{name} +%{_bindir}/nmcli +%{_datadir}/bash-completion/completions/nmcli +%dir %{_sysconfdir}/%{name} +%dir %{_sysconfdir}/%{name}/conf.d +%dir %{_sysconfdir}/%{name}/dispatcher.d +%dir %{_sysconfdir}/%{name}/dispatcher.d/pre-down.d +%dir %{_sysconfdir}/%{name}/dispatcher.d/pre-up.d +%dir %{_sysconfdir}/%{name}/dispatcher.d/no-wait.d +%dir %{_sysconfdir}/%{name}/dnsmasq.d +%dir %{_sysconfdir}/%{name}/dnsmasq-shared.d +%dir %{_sysconfdir}/%{name}/system-connections +%config(noreplace) %{_sysconfdir}/%{name}/NetworkManager.conf +%ghost %{_sysconfdir}/%{name}/VPN +%{_bindir}/nm-online +%{_libexecdir}/nm-dhcp-helper +%{_libexecdir}/nm-dispatcher +%{_libexecdir}/nm-initrd-generator +%{_libexecdir}/nm-daemon-helper +%exclude %{_libexecdir}/nm-priv-helper +%dir %{_libdir}/%{name} +%dir %{nmplugindir} +%if 0%{?split_ifcfg_rh} == 0 +%{nmplugindir}/libnm-settings-plugin-ifcfg-rh.so +%endif +%if %{with nmtui} +%exclude %{_mandir}/man1/nmtui* +%endif +%dir %{nmlibdir} +%dir %{nmlibdir}/conf.d +%dir %{nmlibdir}/dispatcher.d +%dir %{nmlibdir}/dispatcher.d/pre-down.d +%dir %{nmlibdir}/dispatcher.d/pre-up.d +%dir %{nmlibdir}/dispatcher.d/no-wait.d +%dir %{nmlibdir}/VPN +%dir %{nmlibdir}/system-connections +%{_mandir}/man1/* +%{_mandir}/man5/* +%{_mandir}/man7/nmcli-examples.7* +%{_mandir}/man8/nm-initrd-generator.8.gz +%{_mandir}/man8/NetworkManager.8.gz +%{_mandir}/man8/NetworkManager-dispatcher.8.gz +%{_mandir}/man8/NetworkManager-wait-online.service.8.gz +%dir %{_localstatedir}/lib/NetworkManager +%dir %{_sysconfdir}/sysconfig/network-scripts +%{_datadir}/dbus-1/system-services/org.freedesktop.nm_dispatcher.service +%{_datadir}/dbus-1/system-services/org.freedesktop.nm_priv_helper.service +%{_datadir}/polkit-1/actions/*.policy +%{_prefix}/lib/udev/rules.d/*.rules +%if %{with firewalld_zone} +%{_prefix}/lib/firewalld/zones/nm-shared.xml +%endif +# systemd stuff +%{_unitdir}/NetworkManager.service +%{_unitdir}/NetworkManager-wait-online.service +%{_unitdir}/NetworkManager-dispatcher.service +%exclude %{_unitdir}/nm-priv-helper.service +%dir %{_datadir}/doc/NetworkManager/examples +%{_datadir}/doc/NetworkManager/examples/server.conf +%if 0%{?ifcfg_warning} +%{_sysconfdir}/sysconfig/network-scripts/readme-ifcfg-rh.txt +%endif +%doc NEWS AUTHORS README.md CONTRIBUTING.md +%license COPYING +%license COPYING.LGPL +%license COPYING.GFDL + + +%if %{with adsl} +%files adsl +%{nmplugindir}/libnm-device-plugin-adsl.so +%else +%exclude %{nmplugindir}/libnm-device-plugin-adsl.so +%endif + + +%if %{with bluetooth} +%files bluetooth +%{nmplugindir}/libnm-device-plugin-bluetooth.so +%endif + + +%if %{with team} +%files team +%{nmplugindir}/libnm-device-plugin-team.so +%endif + + +%if %{with wifi} +%files wifi +%{nmplugindir}/libnm-device-plugin-wifi.so +%endif + + +%if %{with wwan} +%files wwan +%{nmplugindir}/libnm-device-plugin-wwan.so +%{nmplugindir}/libnm-wwan.so +%endif + + +%if %{with ovs} +%files ovs +%{nmplugindir}/libnm-device-plugin-ovs.so +%{_unitdir}/NetworkManager.service.d/NetworkManager-ovs.conf +%{_mandir}/man7/nm-openvswitch.7* +%endif + + +%if %{with ppp} +%files ppp +%{_libdir}/pppd/%{ppp_version}/nm-pppd-plugin.so +%{nmplugindir}/libnm-ppp-plugin.so +%endif + + +%files libnm -f %{name}.lang +%{_libdir}/libnm.so.* +%{_libdir}/girepository-1.0/NM-1.0.typelib + + +%files libnm-devel +%dir %{_includedir}/libnm +%{_includedir}/libnm/*.h +%{_libdir}/pkgconfig/libnm.pc +%{_libdir}/libnm.so +%{_datadir}/gir-1.0/NM-1.0.gir +%dir %{_datadir}/gtk-doc/html/libnm +%{_datadir}/gtk-doc/html/libnm/* +%dir %{_datadir}/gtk-doc/html/NetworkManager +%{_datadir}/gtk-doc/html/NetworkManager/* +%{_datadir}/vala/vapi/libnm.deps +%{_datadir}/vala/vapi/libnm.vapi +%{_datadir}/dbus-1/interfaces/*.xml + + +%if %{with connectivity_fedora} +%files config-connectivity-fedora +%dir %{nmlibdir} +%dir %{nmlibdir}/conf.d +%{nmlibdir}/conf.d/20-connectivity-fedora.conf +%endif + + +%if %{with connectivity_redhat} +%files config-connectivity-redhat +%dir %{nmlibdir} +%dir %{nmlibdir}/conf.d +%{nmlibdir}/conf.d/20-connectivity-redhat.conf +%{_sysctldir}/70-nm-connectivity.conf +%endif + + +%files config-server +%dir %{nmlibdir} +%dir %{nmlibdir}/conf.d +%{nmlibdir}/conf.d/00-server.conf + + +%files dispatcher-routing-rules +%{nmlibdir}/dispatcher.d/10-ifcfg-rh-routes.sh +%{nmlibdir}/dispatcher.d/no-wait.d/10-ifcfg-rh-routes.sh +%{nmlibdir}/dispatcher.d/pre-up.d/10-ifcfg-rh-routes.sh + + +%if %{with nmtui} +%files tui +%{_bindir}/nmtui +%{_bindir}/nmtui-edit +%{_bindir}/nmtui-connect +%{_bindir}/nmtui-hostname +%{_mandir}/man1/nmtui* +%endif + + +%if 0%{?split_ifcfg_rh} +%files initscripts-ifcfg-rh +%{nmplugindir}/libnm-settings-plugin-ifcfg-rh.so +%{dbus_sys_dir}/nm-ifcfg-rh.conf +%endif + + +%if %{with nm_cloud_setup} +%files cloud-setup +%{_libexecdir}/nm-cloud-setup +%{_unitdir}/nm-cloud-setup.service +%{_unitdir}/nm-cloud-setup.timer +%{nmlibdir}/dispatcher.d/90-nm-cloud-setup.sh +%{nmlibdir}/dispatcher.d/no-wait.d/90-nm-cloud-setup.sh +%{_mandir}/man8/nm-cloud-setup.8* +%endif + + +%files initscripts-updown +%{_libexecdir}/nm-ifup +%ghost %attr(755, root, root) %{_sbindir}/ifup +%{_libexecdir}/nm-ifdown +%ghost %attr(755, root, root) %{_sbindir}/ifdown + + +%changelog +* Fri Mar 29 2024 MSVSphere Packaging Team - 1:1.40.16-15 +- Rebuilt for MSVSphere 8.10 beta + +* Fri Feb 09 2024 Íñigo Huguet - 1:1.40.16-15 +- Suppress NetworkManager's harmless warning when IPv6 is disabled at kernel level (RHEL-10450) + +* Tue Dec 12 2023 Wen Liang - 1:1.40.16-14 +- Fix matching existing connection by UUID on restart (RHEL-5119) + +* Mon Dec 04 2023 Fernando Fernandez - 1:1.40.16-13 +- device: do not set MAC address on iface with index <=0 (RHEL-16008) + +* Thu Oct 19 2023 Íñigo Huguet - 1:1.40.16-12 +- Dispatch "dns-change" event (RHEL-10195) + +* Wed Oct 18 2023 Íñigo Huguet - 1:1.40.16-11 +- Correctly update DNS changes retrieved from DHCPv4 (RHEL-8423) + +* Wed Oct 04 2023 Fernando Fernandez Mancera - 1:1.40.16-10 +- manager: allow controller activation if device is deactivating (RHEL-5119) + +* Wed Jul 19 2023 Beniamino Galvani - 1:1.40.16-9 +- cloud-setup: fix terminating in the middle of reconfiguration (rh #2221903) + +* Wed Jun 28 2023 Thomas Haller - 1:1.40.16-8 +- unblock autoconnect of profile on reapply (rh #2207690) + +* Mon Jun 5 2023 Thomas Haller - 1:1.40.16-7 +- fix reading infiniband p-key from ifcfg files (rh #2209164) + +* Wed May 24 2023 Beniamino Galvani - 1:1.40.16-6 +- don't fail when the IPv6 link-local address is removed (rh #2209353) + +* Wed May 17 2023 Fernando Fernandez Mancera - 1:1.40.16-5 +- support bond port prio property (rh #1920398) +- team: don't try to connect to teamd in update_connection() (rh #2182029) + +* Wed Apr 19 2023 Beniamino Galvani - 1:1.40.16-4 +- support the "no-aaaa" resolv.conf option (rh #2144521) + +* Mon Mar 13 2023 Lubomir Rintel - 1:1.40.16-3 +- cloud-setup/ec2: fix regression with IMDSv2 support (rh #2181466) + +* Mon Mar 13 2023 Lubomir Rintel - 1:1.40.16-2 +- cloud-setup/ec2: add IMDSv2 support (rh #2151986) + +* Thu Feb 23 2023 Beniamino Galvani - 1:1.40.16-1 +- Update to 1.40.16 release + +* Mon Feb 13 2023 Thomas Haller - 1:1.40.14-1 +- Update to 1.40.14 release + +* Thu Jan 26 2023 Lubomir Rintel - 1:1.40.12-1 +- Update to 1.40.12 release +- core: retry if a rtnetlink socket runs out of buffer space (rh #2154350) + +* Wed Jan 11 2023 Beniamino Galvani - 1:1.40.10-1 +- Update to 1.40.10 release +- cloud-setup: preserve addresses added externally (rh #2132754) +- veth: fix detection of existing interface and peer (rh #2129829) +- dns: ensure dnsmasq is stopped after disabling it and a restart (rh #2120763) + +* Wed Dec 21 2022 Thomas Haller - 1:1.40.8-2 +- core: avoid infinite autoconnect with multi-connect profiles (rh #2155531) + +* Fri Dec 16 2022 Lubomir Rintel - 1:1.40.8-1 +- Update to 1.40.8 release +- macsec: fix tracking of parent ifindex (rh #2122564) + +* Wed Nov 30 2022 Thomas Haller - 1:1.40.6-1 +- Update to 1.40.6 release +- team: fix configuring empty team port settings (rh #2102375) + +* Fri Nov 18 2022 Thomas Haller - 1:1.40.4-1 +- Update to 1.40.4 release +- ifcfg-rh: fix writing invalid ethtool pause settings (rh #2134569) + +* Tue Oct 11 2022 Beniamino Galvani - 1:1.40.2-1 +- Update to 1.40.2 release +- core: fix persisting Infiniband partition connections (rh #2122703) +- core: wait for carrier before resolving hostname via DNS (rh #2118817) +- core: fix handling of autoconnect-retries with multiconnect (rh #2039734) +- nmcli: allow removing a port connection from a bond (rh #2126262) +- initrd: decrease autoconnect priority for initrd connections (rh #2089707) +- dhcp: wait DAD completion for DHCPv6 addresses (send decline) (rh #2096386, rh #2099794) +- ovs: wait that links disappear during initial cleanup (rh #2060031) + +* Fri Aug 26 2022 Ana Cabral - 1:1.40.0-1 +- Update to 1.40.0 release + +* Tue Aug 16 2022 Ana Cabral - 1:1.39.90-1 +- Update to 1.39.90 release (release candidate) +- bridge: fix reapply of non-bridge properties (rh #2092762) +- bridge: fix wired.mtu reapply (rh #2076131) + +* Fri Jul 29 2022 Lubomir Rintel - 1:1.39.12-1 +- Update to 1.39.12 release (development) +- bridge: fix reapply support (rh #2092762) + +* Thu Jul 28 2022 Beniamino Galvani - 1:1.39.11-1 +- Update to 1.39.11 release (development) +- dhcp: fix EXTENDED DHCP event to accept lease for dhclient plugin (rh #2109285) +- ovs: honor unmanaged setting also for interfaces that fail (rh #2077950) + +* Thu Jul 14 2022 Vojtech Bubela - 1:1.39.10-1 +- Update to 1.39.10 release (development) +- initrd: set a default carrier timeout of 10 seconds in initrd (rh #2079277) +- dhcp: wait DAD completion for DHCPv6 addresses (rh #2096386) +- libnm: support wait-activation-delay property (rh #2008337) +- veth: fix veth activation on booting (rh #2105956) +- support a ipv6.addr-gen-mode knob in the global config (rh #208268) + +* Thu Jun 30 2022 Lubomir Rintel - 1:1.39.8-1 +- Update to 1.39.8 release (development) +- core: make ipv6.addr-gen-mode default configurable (rh #1743161) (rh #2082682) +- dhcpv6: finish DAD before considering a lease to be good (rh #2096386) +- core: add connection.wait-activation-delay property (rh #2008337) + +* Thu Jun 16 2022 Thomas Haller - 1:1.39.7-2 +- fix priority of IPv6 addresses to prefer manual over DHCPv6 over SLAAC (rh #2097270) + +* Wed Jun 15 2022 Lubomir Rintel - 1:1.39.7-1 +- Update to 1.39.7 release (development) +- core: cancel the IP check on deactivation (rh #2080928) +- core: ensure DHCP is restarted every time the link goes up (rh #2079406) +- core: fix a leak of L3 configuration memory (rh #2083453) +- ppp: fix a race with pppd when removing addresses (rh #2085382) +- wifi: fix a crash when checking WEP supplicant capability (rh #2092782) + +* Wed Jun 1 2022 Beniamino Galvani - 1:1.39.6-1 +- Update to 1.39.6 release (development) +- Implement ACD (address conflict detection) for DHCPv4 (rh #1713380) + +* Thu May 19 2022 Ana Cabral - 1:1.39.5-1 +- Update to 1.39.5 release (development) +- device: commit l3cfg on link change only when the device is activating (rh #2079054) +- l3cfg: during reapply, also clear IPv6 temporary addresses (rh #2082230) +- dhcp: support overlong DHCP host names (rh #2033643) +- cloud-setup: reorder addresses to honor "primary_ip_address" (rh #2082000) + +* Wed May 4 2022 Thomas Haller - 1:1.39.3-1 +- Update to 1.39.3 release (development) +- dhcp: save leases in /run (rh #1943153) +- ovs: use asynchronous attach-port (rh #2052441) +- device: set MTU after attaching bond port (rh #2071985) +- l3cfg: drop NM_L3_CFG_COMMIT_TYPE_ASSUME and assume_config_once (rh #2077605) + +* Thu Apr 21 2022 Thomas Haller - 1:1.39.2-2 +- generate docs during build instead of using pre-generated (2) (rh #1995915) + +* Thu Apr 21 2022 Thomas Haller - 1:1.39.2-1 +- Update to 1.39.2 release (development) +- dhcp: set "src" attribute for DHCP routes (rh #1995372) +- dhcp: drop internal DHCPv4 client based on systemd code (rh #2073067) +- core: delay startup complete for DNS update (rh #2049421) +- nmcli: support offline mode to create and edit keyfiles (rh #1361145) + +* Wed Apr 6 2022 Ana Cabral - 1:1.39.0-1 +- Update to 1.39.0 release (development) +- ovs, dpdk: fix creating ovs-interface when the ovs-bridge is netdev + (rh #2001792) + +* Thu Mar 24 2022 Lubomir Rintel - 1:1.37.3-1 +- Upgrade to 1.37.3 release (development) +- core: allow reapply on autoconnect-slaves property change (rh #2065049) +- wifi: do not advertise channels outside regulatory domain (rh #2062785) +- wifi: warn about WEP being phased out (rh #2030997) +- bond: reject reapply when fail_over_mac was changed (rh #2003214) + +* Wed Mar 9 2022 Beniamino Galvani - 1:1.37.2-1 +- Upgrade to 1.37.2 release (development) +- core: preserve external ports during checkpoint rollback (rh #2035519) +- core: fix ovs bridge deletion (rh #1935026) +- core: shorten hostname when too long (rh #2033643) +- nm-online: bump the timeout upper limit to 2073600 seconds (rh #2025617) +- cloud-setup: fix crash when handling sigterm (rh #2027674) + +* Mon Feb 28 2022 Beniamino Galvani - 1:1.36.0-2 +- core: fix setting DNS from WWAN and PPP (rh #2059138) + +* Thu Feb 24 2022 Lubomir Rintel - 1:1.36.0-1 +- Upgrade to 1.36.0 release +- core: avoid losing L3 configuration the second time it's applied (rh #2043514) +- ovs: avoid removing OVSDB entries on daemon shutdown (rh #2055665) +- nmcli: fix defaults for some properties on interactive add (rh #2053603) + +* Sat Feb 19 2022 Lubomir Rintel - 1:1.36.0-0.9 +- revert: generate docs during build instead of using pre-generated (rh #1995915) +- Upgrade to 1.35.92 (release candidate) +- ppp: increase disconnect timeout (rh #2049596) +- core: finish activation after all objects are committed (rh #2043133) +- ipv6: add support for multipath routes (rh #1837254) +- keyfile: do not write empty string list properties (rh #2022623) + +* Fri Feb 04 2022 Lubomir Rintel - 1:1.36.0-0.8 +- Upgrade to 1.35.91 release (release candidate) +- bond: fix duplicate IPv4 address detection (rh #2028751) +- core: add support for blackhole routes (rh #1937823) (rh #2013587) +- core: re-assess IP configuration if one IP family times out (rh #2051904) +- ovs: remove ovsdb entry on interface removal (rh #2047302) +- ovs: properly clean up devices on daemon shutdown (rh #2029937) +- core: avoid losing addresses on handover from initrd to ral root (rh #2047302) +- core: fix a possibe assertion failure in ACD (rh #2047788) + +* Fri Jan 28 2022 Thomas Haller - 1:1.36.0-0.7 +- Upgrade to 1.35.7 release (development) +- core: fix crash related to DHCPv6 leases (rh #2028849) +- wifi: fix stale ActiveAccessPoint in D-Bus (rh #1983747) +- libnm: fix dangling pointer in NMObject (rh #2039331) + +* Wed Jan 26 2022 Thomas Haller - 1:1.36.0-0.6 +- Upgrade to 1.35.6 release (development) +- Move ifup/ifdown scripts to new NetworkManager-initscripts-updown package (rh #2022418) +- wwan: fix assertion failure in modem/ppp code (rh #2028385) +- core: fix performance regression with 500vlans test (rh #2028849) +- core: drop defective BPF filter for netlink sockets that caused hangs (rh #2037411) +- initrd: add support for rd.znet_ifnames (rh #1980387) + +* Thu Jan 20 2022 Thomas Haller - 1:1.36.0-0.5 +- generate docs during build instead of using pre-generated (rh #1995915) + +* Wed Jan 12 2022 Wen Liang - 1:1.36.0-0.4 +- Upgrade to 1.35.4 release (development) +- ipv4ll: fix assert on external LL address removal (rh #2028404) +- openvswitch: add DPDK n_rxq configuration option (rh #2001563) +- device: ignore ndisc signal if device has no ifindex (rh #2013266) +- bluetooth: fix invalid assertion in NMBluezManager:dispose() (rh #2028427) +- supplicant: enable SAE-H2E (rh #2019396) + +* Thu Dec 16 2021 Wen Liang - 1:1.36.0-0.3 +- Upgrade to 1.35.3 release (development) +- device: fix update of the ip-iface property (rh #2027490) +- platform: add bpf filter to ignore routes from routing daemons (rh #1861527) + +* Wed Dec 1 2021 Wen Liang - 1:1.36.0-0.2 +- Upgrade to 1.35.2 release (development) +- initrd: handle ip=dhcp,dhcp6 specially to wait for both IPv4 and IPv6 (rh #1961666) +- bridge: fix ageing_time bridge option (rh #1871950) +- core: make sure Device and AC emit StateChanged a bit later (rh #2006677) +- ovsdb: deactivate removed device if does not have a master (rh #2022275) +- nmcli: fix setting wake-on-lan property on edit mode (rh #2016348) +- core: fix wrong DHCPv6 timeouts due to endianness problem (rh #2027267) + +* Thu Nov 18 2021 Beniamino Galvani - 1:1.36.0-0.1 +- Upgrade to 1.35.1 release (development) +- core: refactor IP configuration code (rh #1868254) +- core: fix deleting external route during service restart (rh #2010640) + +* Thu Oct 21 2021 Ana Cabral - 1:1.34.0-0.3 +- Upgrade to 1.33.4 release (development) +- Deprecate "master"/"slave" on bonding and bridge API (rh #1949023) +- core: Fix configuration reload for active devices (rh #1852445) +- Update systemd-udev dependency (rh #2012123) + +* Thu Sep 23 2021 Ana Cabral - 1:1.34.0-0.2 +- Upgrade to 1.33.3 release (development) +- platform: don't listen for tc netlink messages (rh #1753677) +- cloud-setup: better handle other route configuration (rh #2006370) +- Fix autoneg advertisement (rh #1897004) + +* Thu Sep 9 2021 Ana Cabral - 1:1.34.0-0.1 +- Upgrade to 1.33.2 release (development) (rh #1996617) +- Obtain permanent hardware address via netlink or lookup via ethtool (rh #1987286) +- Show more information about routes in nmcli (rh #1870059) +- Add test for creation and activation of new connection via interface (rh #1763054) +- ethtool: fix setting autonegotiation/speed on reactivation (rh #1897004) +- Fix MTU's decrease after the removal of 802-3-ethernet configuration (rh #1973536) + +* Thu Aug 19 2021 Wen Liang - 1:1.32.10-2 +- platform: fix capturing IPv4 addresses from platform for assuming after restart (rh #1988751) + +* Wed Aug 18 2021 Wen Liang - 1:1.32.10-1 +- update to 1.32.10 release +- nm-initrd-generator: add kernel command line options ethtool autoneg and speed (rh #1940934) +- IP: fix the order of IP addresses during service restart (rh #1988751) + +* Tue Aug 10 2021 Fernando Fernandez Mancera - 1:1.32.8-1 +- Upgrade to 1.32.8 release +- firewalld: configure zones on "Reloaded" signal (rh #1982403) +- ethtool: support configuring newer gigabit ethernet speeds (rh #1897004) +- core: fix wrong MTU for bridge interfaces (rh #1973536) +- cloud-setup: fix gateway address for Aliyun cloud (rh #1823315) + +* Thu Jul 29 2021 Gris Ge - 1:1.32.6-1 +- Upgrade to 1.32.6 release +- core: fix adding stale local routes when address changes (rh #1979192) +- dhcp: handle filename/bootfile_name DHCP option and write it to device state + file for initrd/kickstart (rh #1979387) +- initrd: add "ib.pkey=" command line option (rh #1805708) +- core: introduce "keep-configuration" device option to forcefully activate a + profile on start (rh #1934122) + +* Wed Jul 21 2021 Gris Ge - 1:1.32.4-1 +- Upgrade to 1.32.4 with fixes of: +- nmcli: show DNS SEARCH field in device information. (rh #1852317) +- device: avoid crash setting VPN config during unrealize. (rh #1912423) +- core: send ARP announcements when there is carrier. (rh #1956793) +- core: add ipv[46].required-timeout option to wait for IP configuration while activating. (rh #1961666) +- core: start DHCPv6 when a prefix delegation is needed for shared mode. (rh #1973199) +- ifcfg: log warning about invalid keys in ifcfg files. (rh #1959656) +- cloud-setup: add support for Aliyun cloud. (rh #1823315) + +* Thu Jul 1 2021 Wen Liang - 1:1.32.2-1 +- update to 1.32.2 release +- device: prefer IPv6 not-deprecated addresses for hostname lookup (rh #1820770) +- docs: describe qdiscs and tfilters in nm-settings manpage (rh #1847894) +- cloud-setup: preserve IPv4 addresses/routes/rules from profile (rh #1971527) +- daemon: performance improvements (rh #1847125) +- dhcp/systemd: ignore FORCERENEW requests for DHCPV4 (rh #1961251, CVE-2020-13529) +- Add bridge_role in 802-3-ethernet.s390-options using nmcli (rh #1935842) + +* Fri Jun 18 2021 Wen Liang - 1:1.32.0-1 +- update to 1.32.0 release +- veth: fix null error when deleting the device (rh #1915278) +- veth: fix crash when deleting the device profile (rh #1915276) +- firewall: add new "nftables" firewall-backend (rh #1548825) +- DNS: fix lookup of hostname via DNS (rh #1970335) + +* Mon Jun 7 2021 Thomas Haller - 1:1.32.0-0.5 +- update to 1.32-rc1 (1.31.90) (release candidate) +- core: allow to preserved external TFilter and QDisc settings (rh #1928078) +- bond: support "tlb_dynamic_lb" in "balance-alb" mode (rh #1959934) + +* Thu May 20 2021 Wen Liang - 1:1.32.0-0.4 +- Update to 1.31.5 (development) +- core: configure MTU early before DHCP completes (rh #1890234) +- core: fix activation handling for ports (rh #1955101, rh #1959961) +- core: add support for ethtool pause parameters (rh #1899372) +- dhcp: support option 249 (Microsoft Classless Static Route) (rh #1959461) + +* Wed May 5 2021 Beniamino Galvani - 1:1.32.0-0.3 +- Update to 1.31.4 (development) +- core: fix assertion failure in activation handling (rh #1933719) + +* Thu Apr 22 2021 Beniamino Galvani - 1:1.32.0-0.2 +- Update to 1.31.3 (development) + +* Thu Mar 25 2021 Beniamino Galvani - 1:1.32.0-0.1 +- Update to 1.31.2 (development) + +* Tue Mar 23 2021 Beniamino Galvani - 1:1.30.0-5 +- bond: restore MAC on release only when there is a cloned MAC address (rh #1933292) + +* Fri Mar 12 2021 Beniamino Galvani - 1:1.30.0-4 +- initrd: apply the MTU from bond= argument to the bond connection (rh #1936610) + +* Fri Mar 12 2021 Thomas Haller - 1:1.30.0-3 +- Increase LimitNOFILE to allow more than 1024 file descriptors (rh #1926599). + This requires a suitable libndp version that can handle many file descriptors (rh #1933041). + +* Tue Feb 23 2021 Thomas Haller - 1:1.30.0-2 +- Avoid logging warning setting bond ad_actor_system (rh #1923999) + +* Thu Feb 18 2021 Thomas Haller - 1:1.30.0-1 +- Update to 1.30.0 release + +* Thu Feb 11 2021 Thomas Haller - 1:1.30.0-0.10 +- Update to 1.30-rc1 (1.29.90-dev) (development) +- cloud-setup: fix removing IPv4 address (rh #1920838) + +* Mon Feb 8 2021 Antonio Cardace - 1:1.30.0-0.9 +- Update to 1.29.11 (development) +- bond: fix changing mode when the device is created externally (rh #1870691) +- ovs: fix firewalld configuration for ovs-ports (rh #1921107) +- ovs: avoid race condition when system interface is removed from ovsdb (rh #1923248) +- doc: mention NETMASK as alternative to PREFIX for addresses in `man nm-settings-ifcfg-rh` (rh #1925123) + +* Wed Jan 27 2021 Beniamino Galvani - 1:1.30.0-0.8 +- Update to 1.29.10 (development) +- bond: introduce new 'vlan+srcmac' xmit_hash_policy option (rh #1915457) +- ovs: clean up interfaces from ovsdb at startup (rh #1861296) + +* Tue Jan 19 2021 Thomas Haller - 1:1.30.0-0.7 +- Update to 1.29.9 (development) +- By default check all devices for hostname reverse DNS lookup (rh #1766944) + +* Thu Jan 14 2021 Thomas Haller - 1:1.30.0-0.6 +- Update to 1.29.8 (development) +- initrd: accept zero-byte prefix for BOOTIF MAC address (rh #1904099) +- core: fix bond port wrongly detached by dispather call (rh #1888348) +- cloud-setup: add manual page (rh #1867997) +- core: fix handling timeout for IPv6 RDNSS,DNSSL option in RA (rh #1874743) + +* Wed Dec 23 2020 Beniamino Galvani - 1:1.30.0-0.5 +- Update to 1.29.7 (development) +- Add WPA3-Enterprise support (rh #1883024) + +* Mon Dec 14 2020 Beniamino Galvani - 1:1.30.0-0.4 +- Update to 1.29.6 (development) +- initrd: disable ipv4 and ipv6 by default for vlan parent connection (rh #1903175) +- initrd: fix parsing of ip= argument with dotted interface name (rh #1898294) + +* Fri Nov 27 2020 Beniamino Galvani - 1:1.30.0-0.3 +- Update to 1.29.3 (development) +- Support changing external-ids of OVS bridges and interfaces (rh #1866227) +- Add a hostname setting (rh #1766944) +- Support creating veth interfaces (rh #1901523) +- initrd: fix parsing of ip= arguments with empty first token (rh #1900260) + +* Mon Nov 9 2020 Beniamino Galvani - 1:1.30.0-0.2 +- device: fix crash in nm_device_reactivate_ip_config() +- dns: fix crash in systemd-resolved DNS plugin (rh #1894839) + +* Mon Nov 2 2020 Antonio Cardace - 1:1.30.0-0.1 +- Update to 1.29.1 (development) +- add library for handling profiles in keyfile format (rh #1813334) +- initrd: allow disabling NICs during boot (rh #1883958) +- allow `NM.Device.get_applied_connection_async()` to run by non-privilege user (rh #1882380) +- nmcli ignores /etc/terminal-colors.d/nmcli.scheme (rh #1886336) +- pass bridge master to wpa_supplicant when Wlan is part of bridge (rh #1888051) +- add infiniband support in initrd (rh #1883173) + +* Fri Sep 18 2020 Beniamino Galvani - 1:1.28.0-0.1 +- Update to 1.27.3 (development) +- device: enforce the absence of a master during activation (rh #1869079) +- bond: fix race condition setting the "active_slave" option (rh #1856640) + +* Tue Sep 1 2020 Antonio Cardace - 1:1.26.0-7 +- dhcp: add dhcp-vendor-class-identifier option (rh #1871042) +- initrd: parse 'rd.net.dhcp.vendor-class' kernel cmdline arg (rh #1872299) + +* Mon Aug 17 2020 Thomas Haller - 1:1.26.0-6 +- core: fix handling of local routes as default route and on D-Bus (rh #1868982) + +* Thu Aug 13 2020 Thomas Haller - 1:1.26.0-5 +- core: fix wait-device-timeout race and support general device matches (rh #1853348) + +* Tue Aug 11 2020 Antonio Cardace - 1:1.26.0-4 +- bond: fix Reapply does not update bond options (rh #1847814) +- dhcp: support DHCPv6 fqdn_fqdn option for hostname (rh #1858344) + +* Thu Aug 6 2020 Thomas Haller - 1:1.26.0-3 +- core: fix managing devices after resuming from sleep (rh #1855563) +- dhcp: fix BPF filter for internal client on big endian arch (rh #1861488) +- core: support warning log setting IPv6 MTU with IPv6 disabled (rh #1840989) +- wifi: fix crash parsing incomplete BSS info (rh #1866395) + +* Fri Jul 17 2020 Antonio Cardace - 1:1.26.0-2 +- core: fix generation of local routes for VRF devices (rh #1857133) +- team: fix crash on failure to connect to teamd (rh #1856723) +- core: fix detecting failure of master active-connection (rh #1845018) +- core: fix warning about setting active_slave of bond when activating master (rh #1858326) +- import translations (rh #1820552) + +* Mon Jul 13 2020 Thomas Haller - 1:1.26.0-1 +- update to 1.26.0 +- device: reset SR-IOV parameters on activation failure (rh #1819587) +- initrd: enable ipv6.method=auto with ip=dhcp6 (rh #1854323) +- core: add "nm-shared" zone for firewalld for shared mode (rh #1834907) +- ppp: fix taking control of link (rh #1849386) + +* Mon Jul 6 2020 Beniamino Galvani - 1:1.26.0-0.2.1 +- device: restart DHCP only for devices that are active or activating (rh #1852612) +- initrd: fix generating default BOOTIF= connection (rh #1853277) +- ovs: fix race condition when setting MAC address for ovs interfaces (rh #1852106) + +* Sun Jun 28 2020 Beniamino Galvani - 1:1.26.0-0.2 +- update to 1.26-rc2 (1.25.91) +- initrd: set ipv6.method=auto when using IPv4 static configuration (rh #1848943) +- cloud-setup: add support for Google Cloud load-balancing routes (rh #1821787) + +* Mon Jun 15 2020 Thomas Haller - 1:1.26.0-0.1 +- update to 1.26-rc1 (1.25.90) +- core: support more tc qdiscs (tbf and sfq) (rh #1546802) +- core: support match devices for connection profile by PCI address (ID_PATH) (rh #1673321) +- ovs: fix peer property for OVS patch interface (rh #1845216) +- doc: add manual pages nm-settings-dbus and nm-settings-nmcli (rh #1614726) +- wifi: don't block autoconnect for profiles that never succeeded to connect (rh #1781253) +- dbus,nmcli: highlight externally managed devices (rh #1816202) + +* Fri May 29 2020 Beniamino Galvani - 1:1.25.2-1 +- update to 1.25.2 (development) +- support ethtool coalesce and ring options (rh #1614700) +- core: improve synchronization of qdiscs with kernel (rh #1815875) +- team: support running without D-Bus (rh #1784363) +- core: fix potential crash when autoactivating child connections (rh #1778073) +- ethernet: reset original autonegotiation/speed/duplex settings on deactivation (rh #1807171) +- core: fix setting IPv6 token in kernel (rh #1819680) + +* Fri May 8 2020 Thomas Haller - 1:1.25.1-1 +- update to 1.25.1 (development) +- improve documentation (rh #1651594, rh #1819259) +- vrf: add support (rh #1773908) +- bond: improve setting default options for miimon and updelay (rh #1805184, rh #1806549) +- bluetooth: fix crash handling DUN modem (rh #1826635) +- core: fix potential infinite loop with prefix delegation (rh #1488030) +- initrd: fixes for running NetworkManager in initrd (rh #1627820, #1710935, #1744935, #1771792) +- core: prevent multiple attempts to create default wired connection (rh #1687937) +- bridge: support more options (rh #1755768) +- libnm,dbus: expose HwAddress for all device types (rh #1786937) +- core: fix route priority for IPv6 (rh #1814557) +- core: fix crash during reapply (rh #1816067) +- core: clear IP address from bridge slave (rh #1816517) +- ovs: support changing MTU of OVS interfaces (rh #1820052) +- nm-online: support setting timeout for NetworkManager-wait-online (rh #1828458) + +* Fri Mar 6 2020 Thomas Haller - 1:1.22.8-4 +- core: fix leaking device state files in /run (rh #1810153) +- dhcp: fix crash in nettools client when leaking GSource (rh #1810188) + +* Mon Feb 24 2020 Beniamino Galvani - 1:1.22.8-3 +- dhcp: keep trying after a send failure (rh #1806516) +- ovs: fail port enslavement when the bridge is not found (rh #1797696) + +* Wed Feb 19 2020 Thomas Haller - 1:1.22.8-2 +- bond: fix setting arp_validate option for other bonding modes (rh #1789437) + +* Tue Feb 18 2020 Antonio Cardace - 1:1.22.8-1 +- Update to 1.22.8 +- Added configuration option to customize IPv6 RA timeout (rh #1801158) +- Removed length limitation for OVS Bridge, Patches and Interfaces (only Patch types) names (rh #1788432) +- Reworked asynchronous deactivation of OVS interfaces (rh #1787989, rh #1782701) +- Fixed failure when creating team interfaces (rh #1798947) +- ifcfg-rh: fix clearing ovs slave type from ifcfg-rh file (rh #1804167) +- Fixed bug causing virtual devices to not be available after AddConnection()/Update() (rh #1804350) + +* Fri Jan 31 2020 Antonio Cardace - 1:1.22.6-1 +- Update to 1.22.6 +- nm-device: add new pending action to keep the device busy when in between states (rh #1759956) +- cloud-setup: avoid unsupported settings in systemd service unit (rh #1791758) +- do not create virtual device if master is not present (rh #1795919) +- allow IPv6 RA timeout to be set to a value higher than 120 seconds (rh #1795957) +- fix behaviour when 'ipv4.dhcp-timeout' option is set to 'infinity' (rh #1791378) + +* Fri Jan 10 2020 Beniamino Galvani - 1:1.22.4-1 +- Update to 1.22.4 +- dhcp: fix behavior of internal DHCP client when the server sends a NAK (rh #1787219) + +* Sat Dec 28 2019 Thomas Haller - 1:1.22.2-1 +- Update to 1.22.2 +- core,libnm: expose capability for OVS support (rh #1785147) +- dhcp: various bugfixes for nettools n-dhcp4 plugin + +* Tue Dec 17 2019 Thomas Haller - 1:1.22.0-2 +- dhcp: fix parsing of DNS search domain with nettools plugin (rh #1783981) + +* Tue Dec 17 2019 Thomas Haller - 1:1.22.0-1 +- Update to 1.22.0 +- support main.auth-polkit=root-only setting to allow root only (rh #1762011) + +* Fri Nov 29 2019 Thomas Haller - 1:1.22.0-0.2 +- Update to 1.22-rc1 (1.21.90) +- large internal rework of libnm's NMClient +- dhcp: switch implementation of "internal" DHCP to nettools' n-dhcp4 +- add support for carrier state of devices on D-Bus/libnm (rh #1722024) +- cloud-setup: add initial and experimental tool for configuring in cloud (rh #1642461) +- dhcp: support configuring FQDN hostname flags (rh #1649368) + +* Wed Nov 13 2019 Beniamino Galvani - 1:1.22.0-0.1 +- Update to 1.21.3, a development snapshot of NetworkManager 1.22 +- support configuring default route as a regular, static route (rh #1714438) + +* Tue Oct 01 2019 Lubomir Rintel - 1:1.20.0-4 +- initrd: re-enable the generator (rh #1626348) + +* Tue Aug 27 2019 Thomas Haller - 1:1.20.0-3 +- wifi: detect FT support per device to fix issues with driver support (rh #1743730) +- doc: fix default values in pre-generated documentation (rh #1737945) + +* Thu Aug 15 2019 Lubomir Rintel - 1:1.20.0-2 +- Import translations (rh #1689999) + +* Tue Aug 6 2019 Thomas Haller - 1:1.20.0-1 +- Update to 1.20.0 release +- fix license comments for RPM package (rh #1723395) +- dhcp: disable experimental nettools DHCP plugin + +* Fri Jul 26 2019 Thomas Haller - 1:1.20.0-0.4 +- Update to 1.20-rc1 snapshot +- settings: support read-only directory for keyfile profiles (rh #1674545) +- settings: add AddConnection2 D-Bus API to suppress autoconnect (rh #1677068) +- settings: add no-reapply flat to Update2 D-Bus API (rh #1677070) +- openvswitch: don't release slaves on quit (rh #1733709) +- dhcp: expose private options for internal DHCP plugin (rh #1663253) +- device: fix route table setting when re-activating device (rh #1719318) +- man: clarify example in nm-openvswitch manual page (rh #1638038) +- man: various improvements of manual pages (rh #1612554) + +* Thu Jun 20 2019 Lubomir Rintel - 1:1.20.0-0.3 +- initrd: disable the generator again + +* Fri Jun 14 2019 Lubomir Rintel - 1:1.20.0-0.2 +- Update to a newer 1.20 snapshot +- ovs: support dpdk interfaces (rh #1612503) +- libnm-core: change unsupported modes for arp_ip_targets bond option (rh #1718173) +- ipv6: add 'disabled' method (rh #1643841) +- device: fix matching parent device by connection UUID (rh #1716438) +- cli: fix default value for team.runner-min-ports (rh #1716987) +- initrd: re-enable the generator (rh #1626348) + +* Wed Jun 5 2019 Lubomir Rintel - 1:1.20.0-0.1 +- Update to a 1.20 snapshot +- core: fix a possible crash on device removal (rh #1659790) +- core: fix automatic activation of software deviecs (rh #1667874) +- team: use strict JSON parsing for configuration (rh #1691619) +- team: don't kill teamd for external devices (rh #1693142) +- logging: don't misuse SYSLOG_FACILITY field in journal (rh #1709741) + +* Fri Feb 8 2019 Beniamino Galvani - 1:1.14.0-14 +- clients: fix string list setter (rh #1671200) + +* Thu Jan 10 2019 Francesco Giudici - 1:1.14.0-13 +- device: improve assuming bridges on startup (rh #1593939) + +* Wed Jan 9 2019 Thomas Haller - 1:1.14.0-12 +- dhcp: fix client-id and DUID for infiniband (2) (rh #1658057) + +* Tue Jan 8 2019 Beniamino Galvani - 1:1.14.0-11 +- device: ensure IP configuration is restored when link goes up (rh #1636715) +- dhcp: fix client-id and DUID for infiniband (rh #1658057) +- dhcp: change internal DHCP plugin's ipv4.dhcp-client-id setting to "mac" (rh #1661165) + +* Fri Dec 14 2018 Beniamino Galvani - 1:1.14.0-10 +- ifcfg-rh: fix reading SR-IOV settings +- dhcp: support client-id and DUID for infiniband (rh #1658057) + +* Thu Dec 13 2018 Thomas Haller - 1:1.14.0-9 +- dhcp: fix default client-id for NetworkManager-config-server (rh #1658057) +- connectivity: fix crash and portal detection (rh #1658217) +- core: combine secret-key with machine-id for host identity (rh #1642023) +- SR-IOV related fixes (rh #1651578, rh #1651576, rh #1651979) +- core: fix updating agent-owned secrets (rh #1658771) +- core: no longer set rp_filter sysctl (rh #1651097) +- device: don't take device down when changing MAC address (rh #1659063) +- doc: use pregenerated manual pages and gtk-doc from source tarball + +* Mon Dec 10 2018 Lubomir Rintel - 1:1.14.0-8 +- Update translations (rh #1608323) + +* Sat Nov 17 2018 Thomas Haller - 1:1.14.0-7 +- device: improve auto selection of device when activating profile (rh #1639254) + +* Fri Nov 16 2018 Thomas Haller - 1:1.14.0-6 +- dhcp: fix out-of-bounds heap write for DHCPv6 with internal plugin (CVE-2018-15688) +- dhcp: revert letting internal DHCP generate default client-id based on MAC address (rh #1640464) +- dhcp: support "duid" setting for ipv4.dhcp-client-id +- dhcp: support "${MAC}" identifier for connection.stable-id +- dhcp: support dhcp-plugin device spec for matching devices in NetworkManager.conf +- dhcp: install configuration snippet in config-server package for ipv4.dhcp-client-id=mac (rh #1640494) +- dns: remove limitation for six DNS search entries (rh #1649704) +- libnm: fix crash cancelling activation from within callback (rh #1643085) + +* Tue Oct 16 2018 Lubomir Rintel - 1:1.14.0-5 +- Update translations (rh #1608323) + +* Mon Oct 8 2018 Beniamino Galvani - 1:1.14.0-4 +- Don't depend on openvswitch (rh #1629178) +- device: don't remove routes when the interface is down (rh #1636715) + +* Tue Sep 18 2018 Thomas Haller - 1:1.14.0-3 +- dhcp: let internal DHCP generate default client-id based on MAC address (2) + +* Tue Sep 18 2018 Thomas Haller - 1:1.14.0-2 +- dhcp: let internal DHCP generate default client-id based on MAC address + +* Fri Sep 14 2018 Thomas Haller - 1:1.14.0-1 +- Update to 1.14.0 release + +* Tue Sep 4 2018 Thomas Haller - 1:1.14.0-0.4 +- dhcp: switch default DHCP plugin from dhclient to internal (rh #1571655) + +* Mon Aug 13 2018 Thomas Haller - 1:1.14.0-0.3 +- Update to 1.13.3, a development snapshot of NetworkManager 1.14 + +* Thu Jul 26 2018 Lubomir Rintel - 1:1.14.0-0.2 +- Update to 1.13.2, a development snapshot of NetworkManager 1.14 + +* Tue Jun 19 2018 Thomas Haller - 1:1.14.0-0.1 +- Update to 1.13.0, a development snapshot of NetworkManager 1.14 + +* Thu May 31 2018 Lubomir Rintel - 1:1.12.0-0.4 +- Update to 1.11.4, a development snapshot of NetworkManager 1.12 +- Switch to Python 3-only build root + +* Thu May 3 2018 Thomas Haller - 1:1.12.0-0.3 +- core: use gnutls crypto library instead of nss (rh #1581693) + +* Thu May 3 2018 Thomas Haller - 1:1.12.0-0.2 +- core: fix error destroying checkpoints (rh#1574565) + +* Mon Apr 23 2018 Thomas Haller - 1:1.12.0-0.1 +- Update to 1.11.3 release + +* Fri Dec 15 2017 Thomas Haller - 1:1.10.2-1 +- Update to 1.10.2 release + +* Fri Nov 17 2017 Björn Esser - 1:1.8.4-7 +- Apply patch from previous commit + +* Thu Nov 2 2017 Thomas Haller - 1:1.8.4-6 +- systemd: let NM-w-o.service require NetworkManager service (rh #1452866) +- platform: really treat dsa devices as regular wired ethernet (rh #1371289) +- libnm: fix accessing enabled and metered properties + +* Mon Oct 9 2017 Lubomir Rintel - 1:1.8.4-5 +- platform: treat dsa devices as regular wired ethernet (rh #1371289) + +* Thu Oct 5 2017 Thomas Haller - 1:1.8.4-4 +- device: fix frozen notify signals on unrealize error path +- device: fix delay startup complete for unrealized devices +- keyfile: fix handling routes with metric zero + +* Fri Sep 29 2017 Thomas Haller - 1:1.8.4-3 +- cli: fix crash in interactive mode for "describe ." +- libnm/{vpn,remote}-connection: disconnect signal handlers when disposed +- libnm/manager: disconnect from signals on the proxy when we're disposed + +* Wed Sep 27 2017 Thomas Haller - 1:1.8.4-2 +- enable NetworkManager-wait-online.service on package upgrade (rh#1455704) + +* Wed Sep 20 2017 Thomas Haller - 1:1.8.4-1 +- Update to 1.8.4 release +- don't install NetworkManager-wait-online in network-online.target.wants (rh#1455704) + +* Wed Aug 02 2017 Fedora Release Engineering - 1:1.8.2-3.2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Wed Jul 26 2017 Fedora Release Engineering - 1:1.8.2-3.1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Fri Jul 21 2017 Lubomir Rintel - 1:1.8.2-3 +- provide NetworkManager-devel + +* Thu Jul 20 2017 Stephen Gallagher - 1:1.8.2-2 +- NetworkManager-wifi and NetworkManager-glib-devel should require + NetworkManager, not provide it. + +* Mon Jul 17 2017 Beniamino Galvani - 1:1.8.2-1 +- Update to 1.8.2 release +- dhcp/dhclient: improve "interface" statement parsing +- dns: fix public suffix check on search domains (rh #1404350) + +* Thu Jun 22 2017 Lubomir Rintel - 1:1.8.0-6 +- device: don't change MTU unless explicitly configured (rh #1460760) +- core: don't remove external IPv4 addresses (rh #1459813) +- cli: fix output of iface in overview output (rh#1460219) +- ppp: unexport NMPPPManager instance on dispose (rh#1459579) +- cli: remove spurious device names from wifi subcommands output (rh#1460527) + +* Fri Jun 9 2017 Lubomir Rintel - 1:1.8.0-5 +- bond: fix crash comparing mode while generating bond connection (rh #1459580) +- connectivity: fix route penalty if WWAN and BT device using ip-ifindex (rh #1459932) +- device: persist nm-owned in run state (rh #1376199) +- device: fix assuming master device on restart (rh #1452062) +- device: apply route metric penality only when the default route exists (rh #1459604) +- connectivity: fix periodic connectivity check (rh #1458399) +- bond: improve option matching on daemon restart (rh #1457909) +- device: fix touching device after external activation (rh #1457242) + +* Sun Jun 4 2017 Thomas Haller - 1:1.8.0-4 +- ifcfg-rh: fix writing legacy NETMASK value (rh #1445414) +- tui: fix crash during connect (rh #1456826) +- libnm: fix libnm rejecting VLAN ID 4095 (rh #1456911) +- bluetooth: fix crash on connecting to a NAP (rh #1454385) +- device: release removed devices from master on cleanup (rh #1448907) +- nmcli: fix crash when setting 802-1x.password-raw (rh #1456362) + +* Mon May 22 2017 Thomas Haller - 1:1.8.0-3 +- device: update external configuration before commit (fix bug) (rh #1449873) + +* Sat May 20 2017 Thomas Haller - 1:1.8.0-2 +- dhcp: don't add route to DHCP4 server (rh #1448987) +- device: update external configuration before commit (rh #1449873) +- libnm: fix NUL termination of device's description (rh #1443114) +- libnm, core: ensure valid UTF-8 in device properties (rh #1443114) +- core: fix device's UDI property on D-Bus (rh #1443114) +- ifcfg-rh: omit empty next hop for routes in legacy format (rh #1452648) +- core: fix persisting managed state of device (rh #1440171) +- proxy: fix use-after-free (rh #1450459) +- device: don't wrongly delay startup complete waiting for carrier (rh #1450444) + +* Wed May 10 2017 Thomas Haller - 1:1.8.0-1 +- Update to 1.8.0 release + +* Thu Apr 20 2017 Lubomir Rintel - 1:1.8.0-0.2.rc3 +- Update to third Release Candidate of NetworkManager 1.8 + +* Thu Apr 6 2017 Lubomir Rintel - 1:1.8.0-0.2.rc2 +- Update to second Release Candidate of NetworkManager 1.8 + +* Fri Mar 24 2017 Lubomir Rintel - 1:1.8.0-0.1 +- Update to a snapshot of 1.8.x series + +* Thu Feb 16 2017 Lubomir Rintel - 1:1.6.2-1 +- Update to a 1.6.2 release + +* Fri Feb 10 2017 Fedora Release Engineering - 1:1.6.0-1.1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Wed Jan 25 2017 Lubomir Rintel - 1:1.6.0-1 +- Update to a 1.6.0 release + +* Fri Jan 20 2017 Thomas Haller - 1:1.6-0.2.rc1 +- Update with fixes from upstream nm-1-6 branch +- build: let libnm and glib package conflict (rh #1406454) + +* Tue Jan 17 2017 Lubomir Rintel - 1:1.6-0.1.rc1 +- Update to a 1.6-rc1 + +* Thu Jan 12 2017 Thomas Haller - 1:1.5.3-5 +- fix build failure due to clash of bitwise defines + +* Thu Jan 12 2017 Igor Gnatenko - 1:1.5.3-4.1 +- Rebuild for readline 7.x + +* Thu Dec 15 2016 Lubomir Rintel - 1:1.5.3-4 +- Update to a newer development snapshot + +* Tue Dec 6 2016 Thomas Haller - 1:1.5.2-4 +- Rebuild package for vala generation error (rh#1398738) + +* Fri Nov 25 2016 Thomas Haller - 1:1.5.2-3 +- fix enabling ifcfg-rh plugin by default for +=/-= operations (rh#1397938) +- fix missing symbol _nm_device_factory_no_default_settings + +* Wed Nov 23 2016 Thomas Haller - 1:1.5.2-2 +- fix enabling ifcfg-rh plugin by default (rh#1397938) +- move translation files from core to libnm/glib subpackages + +* Sun Nov 6 2016 Lubomir Rintel - 1:1.5.2-1 +- Update to a development snapshot + +* Mon Oct 10 2016 Lubomir Rintel - 1:1.4.2-1 +- Update to 1.4.2 + +* Tue Sep 13 2016 Thomas Haller - 1:1.4.0-4 +- wifi: fix another activation failure when changing MAC address (rh#1371478, bgo#770456, bgo#770504) + +* Thu Sep 8 2016 Thoams Haller - 1:1.4.0-3 +- dhcp: fix race to miss DHCP lease event (rh#1372854) + +* Tue Aug 30 2016 Thomas Haller - 1:1.4.0-2 +- wifi: fix activation failure due to error changing MAC address (rh#1371478, bgo#770456) + +* Wed Aug 24 2016 Lubomir Rintel - 1:1.4.0-1 +- Update to NetworkManager 1.4.0 release + +* Thu Aug 11 2016 Thomas Haller - 1:1.4.0-0.5.git20160621.072358da +- fix stale Wi-Fi after resume from suspend (rh#1362165) + +* Thu Jul 21 2016 Matthias Clasen - 1:1.4.0-0.4.git20160621.072358da +- Rebuild against newer GLib to overcome logging problems on i686 + +* Tue Jul 19 2016 Lubomir Rintel - 1:1.4.0-0.3.git20160621.072358da +- Update to a later Git snapshot + +* Thu Jun 2 2016 Thomas Haller - 1:1.2.2-2 +- dns: clear cache of dnsmasq when updating DNS configuration (rh#1338731) +- dns: fix restarting dnsmasq instance +- spec: depend bluetooth subpackage on exact wwan version +- all: fix some memleaks + +* Wed May 11 2016 Lubomir Rintel - 1:1.2.2-1 +- Update to NetworkManager 1.2.2 release + +* Wed Apr 20 2016 Lubomir Rintel - 1:1.2.0-1 +- Update to NetworkManager 1.2.0 release + +* Thu Apr 14 2016 Lubomir Rintel - 1:1.2.0-0.7.rc2 +- Update to NetworkManager 1.2-rc2 + +* Tue Apr 5 2016 Lubomir Rintel - 1:1.2.0-0.7.rc1 +- Update to NetworkManager 1.2-rc1 + +* Wed Mar 30 2016 Lubomir Rintel - 1:1.2.0-0.8.beta3 +- Fix link detection on 4.5 when build with 4.6 kernel + +* Tue Mar 29 2016 Lubomir Rintel - 1:1.2.0-0.7.beta3 +- Update to NetworkManager 1.2-beta3 + +* Tue Mar 22 2016 Lubomir Rintel - 1:1.2.0-0.7.beta2 +- Fix obtaining the hostname from DNS (rh #1308974) + +* Thu Mar 17 2016 Dan Williams - 1:1.2.0-0.6.beta2.1 +- Fix activating connections in some cases (rh #1316488) + +* Tue Mar 1 2016 Lubomir Rintel - 1:1.2.0-0.6.beta2 +- Update to NetworkManager 1.2-beta2 +- Resync with contrib/rpm + +* Wed Feb 3 2016 Thomas Haller - 1:1.2.0-0.6.beta1 +- specfile: remove no longer needed 10-ibft-plugin.conf and sync with contrib/rpm +- core: backport fix for missing braces bug in platform + +* Wed Feb 03 2016 Fedora Release Engineering - 1:1.2.0-0.5.beta1.1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Tue Jan 19 2016 Lubomir Rintel - 1:1.2.0-0.5.beta1 +- Update to NetworkManager 1.2-beta1 + +* Fri Jan 08 2016 David King - 1:1.2.0-0.4.20151007gite73e55c +- Add upstream fix for AP list hash function (#1288867) + +* Thu Nov 12 2015 Lubomir Rintel - 1:1.2.0-0.3.20151112gitec4d653 +- Update to a later snapshot +- Enables RFC7217 addressing for new IPv6 connections + +* Wed Oct 07 2015 Lubomir Rintel - 1:1.2.0-0.3.20151023gite01c175 +- Drop the NetworkManager-devel subpackage (folded into libnm-glib-devel) +- Update to a later snapshot + +* Wed Oct 07 2015 Lubomir Rintel - 1:1.2.0-0.2.20151007gite73e55c +- Import a newer 1.2 git snapshot + +* Fri Sep 04 2015 Lubomir Rintel - 1:1.2.0-0.2.20150903gitde5d981 +- Fix test run + +* Thu Sep 03 2015 Lubomir Rintel - 1:1.2.0-0.1.20150903gitde5d981 +- Import a 1.2 git snapshot + +* Fri Aug 28 2015 Lubomir Rintel - 1:1.0.6-2 +- Fix command line parsing + +* Thu Aug 27 2015 Lubomir Rintel - 1:1.0.6-1 +- Update to 1.0.6 release + +* Tue Aug 18 2015 Thomas Haller - 1:1.0.6-0.2.20150813git7e2caa2 +- fix crash when deactivating assumed device (rh #1253949) +- backport wifi scan options for ssid +- use plain HTTP URI for connectivity check + +* Thu Aug 13 2015 Lubomir Rintel - 1:1.0.6-0.1.20150813git7e2caa2 +- Update to a Git snapshot + +* Tue Jul 14 2015 Lubomir Rintel - 1:1.0.4-2 +- Fix an assertion failure in nmcli (rh #1244048) +- Fix default route handling on assumed connections (rh #1245648) + +* Tue Jul 14 2015 Lubomir Rintel - 1:1.0.4-1 +- Update to 1.0.4 release + +* Tue Jul 14 2015 Dan Horák - 1:1.0.4-0.5.git20150713.38bf2cb0 +- WEXT depends on enabled wifi + +* Mon Jul 13 2015 Lubomir Rintel - 1:1.0.4-0.4.git20150713.38bf2cb0 +- A bit more recent Git snapshot + +* Tue Jul 7 2015 Lubomir Rintel - 1:1.0.4-0.3.git20150707.e3bd4e1 +- A bit more recent Git snapshot +- This one fixes a regression with default route management + +* Tue Jul 7 2015 Jiří Klimeš - 1:1.0.4-0.2.git20150707.cf15f2a +- Update to a new 1.0.3 development snapshot (git20150707) +- core: fix handling of ignore-auto-* properties (rh #1239184) + +* Wed Jun 24 2015 Lubomir Rintel - 1:1.0.4-0.1.git20160624.f245b49a +- A bit more recent Git snapshot + +* Thu Jun 18 2015 Lubomir Rintel - 1:1.0.4-0.1.git20150618.8cffaf3bf5 +- Update to a recent Git snapshot + +* Tue Jun 16 2015 Fedora Release Engineering - 1:1.0.2-1.1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Tue May 5 2015 Lubomir Rintel - 1:1.0.2-1 +- Update to 1.0.2 release + +* Wed Apr 29 2015 Jiří Klimeš - 1:1.0.1-2.git20150429 +- Update to 1.0.2 development snapshot (git20150429) + +* Thu Mar 5 2015 Dan Williams - 1:1.0.1-1.git20150305 +- Update to 1.0.2 development snapshot + +* Thu Mar 5 2015 Dan Williams - 1:1.0.0-7 +- dns: revert resolv.conf symlink stuff (should only be in F23+, not F22) + +* Thu Mar 5 2015 Dan Williams - 1:1.0.0-6 +- connectivity: fix checking when no valid DNS servers are present (rh #1199098) + +* Wed Mar 4 2015 Dan Williams - 1:1.0.0-5 +- core: flush IPv6LL address when deconfiguring managed devices (rh #1193127) (rh #1184997) + +* Thu Jan 29 2015 Adam Williamson - 1:1.0.0-4 +- core: resume bridged connections properly (rh #1162636, backport from master) + +* Wed Jan 21 2015 Thomas Haller - 1:1.0.0-3 +- dns: manage resolv.conf as symlink to private file in /run directory (rh #1116999) + +* Fri Jan 9 2015 Dan Winship - 1:1.0.0-2 +- build: fix NetworkManager-bluetooth dep on NetworkManager-wwan +- build: re-enable hardware plugins on s390 + +* Mon Dec 22 2014 Dan Williams - 1:1.0.0-1 +- Update to 1.0 + +* Mon Nov 24 2014 Jiří Klimeš - 1:0.9.10.0-14.git20140704 +- vpn: propagate daemon exec error correctly (bgo #739436) +- core: do not assert when a device is enslaved externally (rh #1167345) + +* Thu Nov 6 2014 Jiří Klimeš - 1:0.9.10.0-13.git20140704 +- cli: fix crash in `nmcli device wifi` with multiple wifi devices (rh #1159408) + +* Wed Oct 29 2014 Dan Winship - 1:0.9.10.0-12.git20140704 +- platform: fix a routing-related bug that could cause NM and other apps to spin (rh #1151665) + +* Wed Oct 29 2014 Lubomir Rintel 1:0.9.10.0-11.git20140704 +- Fix IPv6 next hop default setting + +* Fri Oct 24 2014 Lubomir Rintel 1:0.9.10.0-10.git20140704 +- Avoid unowned /etc/NetworkManager in config-connectivity-fedora + +* Thu Oct 23 2014 Adam Williamson - 1:0.9.10.0-9.git20140704 +- connectivity-fedora: don't require NetworkManager (#1156198) + +* Thu Oct 16 2014 Lubomir Rintel 1:0.9.10.0-8.git20140704 +- bluetooth: Restore DUN support (rh #1055628) + +* Mon Oct 06 2014 Stef Walter - 1:0.9.10.0-7.git20140704 +- Allow non-local users network control after PolicyKit authentication (rh #1145646) + +* Fri Sep 5 2014 Jiří Klimeš - 1:0.9.10.0-6.git20140704 +- connectivity: use HTTPS for connectivity checking (rh #113577) + +* Sat Aug 30 2014 Peter Robinson 1:0.9.10.0-5.git20140704 +- adsl plugin needs rp-pppoe to work + +* Mon Aug 18 2014 Dan Horák - 1:0.9.10.0-4.git20140704 +- always include ModemManager-glib-devel (#1129632) + +* Fri Aug 15 2014 Fedora Release Engineering - 1:0.9.10.0-3.git20140704.1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Mon Aug 11 2014 Kalev Lember - 1:0.9.10.0-3.git20140704 +- Rebuilt for ppp 2.4.7 + +* Wed Jul 30 2014 Dan Williams - 1:0.9.10.0-2.git20140704 +- connectivity: ensure interval is set to enable connectivity checking (rh #1123772) + +* Tue Jul 22 2014 Kalev Lember - 1:0.9.10.0-1.git20140704.1 +- Rebuilt for gobject-introspection 1.41.4 + +* Fri Jul 4 2014 Thomas Haller - 0.9.10.0-1.git20140704 +- Update to upstream 0.9.10.0 release snapshot + +* Wed Jun 25 2014 Thomas Haller - 0.9.9.98-1.git20140620 +- Update to upstream 0.9.9.98 (0.9.10-rc1) release snapshot + +* Fri Jun 06 2014 Dan Williams - 0.9.9.95-1.git20140609 +- Update to upstream 0.9.9.95 (0.9.10-beta1) release snapshot + +* Fri Jun 06 2014 Fedora Release Engineering - 1:0.9.9.1-6.git20140319 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Fri Apr 11 2014 Dan Williams - 0.9.9.1-5.git20140319 +- Rebuild against pppd 2.4.6 + +* Wed Mar 19 2014 Dan Winship - 0.9.9.1-4.git20140319 +- Update to a git snapshot (git20140319 git:3980806) +- Rename NetworkManager-atm package to NetworkManager-adsl +- Rename NetworkManager-bt package to NetworkManager-bluetooth + +* Mon Mar 17 2014 Jiří Klimeš - 0.9.9.1-3.git20140317 +- Update to a git snapshot (git20140317 git:a1e89b4) +- platform: fix NM crash if link has no name (e.g. for failed VPN connection) +- libnm-util/cli: fix bridge priority default value (rh #1073664) + +* Fri Mar 14 2014 Jiří Klimeš - 0.9.9.1-2.git20140314 +- Update to a git snapshot (git20140314 git:45a326d) +- Fix Obsoletes and Requires to perform updates correctly + +* Mon Mar 10 2014 Jiří Klimeš - 0.9.9.1-1.git20140310 +- Update to a git snapshot (git20140310 git:350b6d6) + +* Fri Feb 28 2014 Thomas Haller - 0.9.9.1-0.git20140228 +- new upstream snapshot with development version 0.9.9.1 + +* Sat Feb 22 2014 Thomas Haller - 0.9.9.0-28.git20140131 +- add nmtui package +- bugfix caching of libnl objects (caused error with new libnl3 version when activating bridges) (rh #1063290) +- fix NMManager:startup tracking (pending action) (rh #1030583) + +* Sun Feb 2 2014 Thomas Haller - 0.9.9.0-27.git20140131 +- core: fix crash getting secrets in libnm-glib + +* Fri Jan 31 2014 Jiří Klimeš - 0.9.9.0-26.git20140131 +- Update to a git snapshot (git20140131) + +* Fri Jan 17 2014 Jiří Klimeš - 0.9.9.0-25.git20140117 +- Update to a git snapshot (git20140117) + +* Tue Jan 14 2014 Jiří Klimeš - 0.9.9.0-24.git20140114 +- Update to a git snapshot (git20140114) + +* Mon Jan 6 2014 Dan Winship - 0.9.9.0-23.git20131003 +- bluez-manager: fix a crash (rh #1048711) + +* Thu Dec 19 2013 Dan Williams - 0.9.9.0-22.git20131003 +- core: fix IPv6 router solicitation loop (rh #1044757) + +* Thu Dec 12 2013 Dan Williams - 0.9.9.0-21.git20131003 +- core: wait for link before declaring startup complete (rh #1034921) +- core: ignore RA-provided IPv6 default routes (rh #1029213) +- core: set IPv4 broadcast address correctly (rh #1032819) + +* Mon Dec 2 2013 Dan Winship - 0.9.9.0-20.git20131003 +- core: Fix PtP/peer address support, for OpenVPN (rh #1018317) + +* Wed Nov 20 2013 Jiří Klimeš - 0.9.9.0-19.git20131003 +- dispatcher: fix crash on exit while logging from signal handler (rh #1017884) +- core: workaround crash when connecting to wifi (rh #1025371) +- ethernet: don't crash if device doesn't have a MAC address (rh #1029053) +- libnm-glib: fix crash by taking additional ref in result_cb() (rh #1030403) +- ifcfg-rh: fix ignoring updates that don't change anything + +* Mon Nov 18 2013 Dan Winship - 0.9.9.0-18.git20131003 +- nmcli: add "con load" to manually load an ifcfg file +- vpn: fix logging to help debug rh #1018317 +- bridge: fix crash with bridge ports with empty settings (rh #1031170) + +* Thu Nov 14 2013 Dan Williams - 0.9.9.0-17.git20131003 +- core: fix detection of non-mac80211 devices that do not set DEVTYPE (rh #1015598) + +* Wed Nov 13 2013 Dan Williams - 0.9.9.0-16.git20131003 +- core: add some debugging to help diagnose netlink errors (rh #1029213) + +* Fri Nov 8 2013 Jiří Klimeš - 0.9.9.0-15.git20131003 +- ifcfg-rh: fix crash in ifcfg-rh plugin when reloading connections (rh #1023571) +- ifcfg-rh: fix crash when having connections with NEVER_DEFAULT (rh #1021112) +- core: fix segfault in nm-policy when setting default route for vpn (rh #1019021) +- ifcfg-rh: fix crash when reading connection (assert) (rh #1025007) +- core: allow IPv4 to proceed if IPv6 is globally disabled but set to "auto" (rh #1012151) + +* Thu Oct 3 2013 Dan Williams - 0.9.9.0-14.git20131003 +- core: fix DHCPv6 address prefix length (rh #1013583) +- cli: enhance bonding questionaire (rh #1007355) +- core: fix crash with Bluez5 if PAN connection is not defined (rh #1014770) +- libnm-glib: fix various memory leaks that could cause UIs to mis-report state +- core: fix issues with mis-configured IPv6 router advertisements (rh #1008104) +- cli: fix potential crash editing connections (rh #1011942) + +* Tue Oct 1 2013 Dan Winship - 0.9.9.0-13.git20131001 +- core: fix bridge device creation (#1012532) +- core,settings: do not call functions with connection==NULL (rh #1008151) +- cli: accept gateway in the IP questionnaire of 'nmcli -a con add' (rh #1007368) +- cli: always print success message (not only in --pretty mode) (rh #1006444) +- cli: fix bond questionnaire to be able to set miimon (rh #1007355) +- ifcfg-rh: if IPv4 is disabled put DNS domains (DOMAIN) into IPv6 (rh #1004866) +- platform: fix a crash when nm_platform_sysctl_get() returns NULL (rh #1010522) +- platform: fix InfiniBand partition handling (rh #1008568) +- infiniband: only check the last 8 bytes when doing hwaddr matches (rh #1008566) +- bluez: merge adding support for BlueZ 5 (bgo #701078) +- api: clarify lifetime and behavior of ActiveConnection's SpecificObject property (rh #1012309) +- vpn: fix connecting to VPN (bgo #708255) (rh #1014716) +- rdisc: do not crash on NDP init failures (rh #1012151) +- cli: be more verbose when adding IP addresses in questionnaire (rh #1006450) +- team: chain up parent dispose() in NMDeviceTeam dispose() (rh #1013593) +- translation updates + +* Fri Sep 20 2013 Bill Nottingham - 0.9.9.0-12.git20130913 +- drop wimax subpackage + +* Fri Sep 13 2013 Dan Williams - 0.9.9.0-11.git20130913 +- core: actually enable ModemManager 1.0 support +- libnm-glib: fix nm_remote_connection_delete() not calling callback (rh #997568) +- cli: ensure terminal is reset after quitting +- cli: set wep-key-type properly when editing (rh #1003945) +- man: fix typo in nmcli examples manpage (rh #1004117) +- core: fix setting VLAN ingress/egress mappings +- core: allow creating VLANs from interfaces other than Ethernet (rh #1003180) +- cli: fix input/output format conversion (rh #998929) + +* Fri Sep 6 2013 Dan Williams - 0.9.9.0-10.git20130906 +- core: fix bug which disallowed deleting connections (rh #997568) +- core: add support for Team devices +- core: enable NetworkManager-wait-online by default (rh #816655) +- core: fix crash when 'gre' and 'macvlan' links change (rh #997396) +- core: fail activation when invalid static routes are configured (rh #999544) +- core: enhance connectivity checking to include portal detection +- core: allow hyphens for MAC addresses (rh #1002553) +- core: remove NetworkManager-created software devices when they are deactivated (rh #953300) +- core: fix handling of some DHCP client identifiers (rh #999503) +- core: correctly handle Open vSwitch interfaces as generic interfaces (rh #1004356) +- core: better handle Layer-2-only connections (rh #979288) +- cli: enhanced bash completion +- cli: make the 'describe' command more visible (rh #998002) +- cli: fix bug rejecting changes to Wi-Fi channels (rh #999999) +- cli: update bash completion to suggest connection names (rh #997997) +- cli: fix tab completion for aliases in edit mode +- cli: ask whether to switch IP method to 'auto' when all addresses are deleted (rh #998137) +- cli: request missing information when --ask is passed (rh #953291) +- cli: add 'remove' command to edit mode +- cli: fix creation of secure Wi-Fi connections (rh #997969) (rh #997555) +- cli: default autoconnect to no and ask whether to activate on save (rh #953296) +- man: clarify manpage text (rh #960071) (rh #953299) +- man: fix errors in the nmcli help output and manpage (rh #997566) +- ifcfg-rh: only write IPV6_DEFAULTGW when there's actually a default gateway (rh #997759) +- ifcfg-rh: fix handling of legacy-format routes file with missing gateway + +* Wed Aug 7 2013 Dan Williams - 0.9.9.0-9.git20130807 +- core: fix assert on multi-hop routes (rh #989022) +- core: fix dispatcher systemd unit enabling (rh #948433) +- ifcfg-rh: ignore emacs temporary lockfiles (rh #987629) +- core: fix various routing issues and interaction with kernel events +- cli: confirm saving connections when autoconnect is enabled (rh #953296) +- cli: automatically change method when static IP addresses are added +- core: preserve externally added IPv4 routes and addresses + +* Thu Jul 25 2013 Dan Winship - 0.9.9.0-8.git20130724 +- Create NetworkManager-config-server package + +* Wed Jul 24 2013 Dan Williams - 0.9.9.0-7.git20130724 +- Update to git snapshot + +* Tue Jul 2 2013 Dan Winship - 0.9.9.0-6 +- Belatedly update udev directory for UsrMove +- Fix incorrect dates in old changelog entries to avoid rpm warnings + +* Wed Jun 26 2013 Dan Winship - 0.9.9.0-5 +- build support for connectivity checking (rh #810457) + +* Tue Jun 25 2013 Jiří Klimeš - 0.9.9.0-4.git20130603 +- disable building WiMax for RHEL + +* Mon Jun 3 2013 Dan Williams - 0.9.9.0-3.git20130603 +- Update to new 0.9.10 snapshot + +* Wed May 15 2013 Dan Williams - 0.9.9.0-2.git20130515 +- Update for systemd network-online.target (rh #787314) +- Add system service for the script dispatcher (rh #948433) + +* Tue May 14 2013 Dan Williams - 0.9.9.0-1.git20130514 +- Enable hardened build +- Update to 0.9.10 snapshot +- cli: new capabilities and somewhat re-arranged syntax +- core: generic interface support +- core: split config support; new "server mode" options +- core: allow locking connections to interface names + +* Tue May 7 2013 Dan Williams - 0.9.8.1-2.git20130507 +- core: fix issue with UI not showing disconnected on rfkill +- core: memory leak fixes +- core: silence warning about failure reading permanent MAC address (rh #907912) +- core: wait up to 120s for slow-connecting modems +- core: don't crash on PPPoE connections without a wired setting +- core: ensure the AvailableConnections property is always correct +- keyfile: ensure all-default VLAN connections are read correctly +- core: suppress kernel's automatic creation of bond0 (rh #953466) +- libnm-glib: make NMSecretAgent usable with GObject Introspection +- libnm-util: fix GObject Introspection annotations of nm_connection_need_secrets() +- core: documentation updates + +* Wed Mar 27 2013 Dan Williams - 0.9.8.1-1.git20130327 +- Update to 0.9.8.2 snapshot +- core: fix VLAN parent handling when identified by UUID +- core: quiet warning about invalid interface index (rh #920145) +- core: request 'static-routes' from DHCP servers (rh #922558) +- core: fix crash when dbus-daemon is restarted (rh #918273) +- core: copy leasefiles from /var/lib/dhclient to fix netboot (rh #916233) +- core: memory leak and potential crash fixes +- ifcfg-rh: ensure missing STP property is interpreted as off (rh #922702) + +* Wed Feb 27 2013 Jiří Klimeš - 0.9.8.0-1 +- Update to the 0.9.8.0 release +- cli: fix a possible crash + +* Sat Feb 9 2013 Dan Williams - 0.9.7.997-2 +- core: use systemd for suspend/resume, not upower + +* Fri Feb 8 2013 Dan Williams - 0.9.7.997-1 +- Update to 0.9.8-beta2 +- core: ignore bridges managed by other tools (rh #905035) +- core: fix libnl assert (rh #894653) +- wifi: always use Proactive Key Caching with WPA Enterprise (rh #834444) +- core: don't crash when Internet connection sharing fails to start (rh #883142) + +* Fri Jan 4 2013 Dan Winship - 0.9.7.0-12.git20121004 +- Set correct systemd KillMode to fix anaconda shutdown hangs (rh #876218) + +* Tue Dec 18 2012 Jiří Klimeš - 0.9.7.0-11.git20121004 +- ifcfg-rh: write missing IPv6 setting as IPv6 with "auto" method (rh #830434) + +* Wed Dec 5 2012 Dan Winship - 0.9.7.0-10.git20121004 +- Build vapi files and add them to the devel package + +* Wed Dec 5 2012 Dan Winship - 0.9.7.0-9.git20121004 +- Apply patch from master to read hostname from /etc/hostname (rh #831735) + +* Tue Nov 27 2012 Jiří Klimeš - 0.9.7.0-8.git20121004 +- Apply patch from master to update hostname (rh #875085) +- spec: create /etc/NetworkManager/dnsmasq.d (rh #873621) + +* Tue Nov 27 2012 Daniel Drake - 0.9.7.0-7.git20121004 +- Don't bring up uninitialized devices (fd #56929) + +* Mon Oct 15 2012 Dan Winship - 0.9.7.0-6.git20121004 +- Actually apply the patch from the previous commit... + +* Mon Oct 15 2012 Dan Winship - 0.9.7.0-5.git20121004 +- Apply patch from master to fix a crash (rh #865009) + +* Sat Oct 6 2012 Dan Winship - 0.9.7.0-4.git20121004 +- Apply patch from master so connections finish connecting properly (bgo #685581) + +* Fri Oct 5 2012 Dan Williams - 0.9.7.0-3.git20121004 +- Forward-port some forgotten fixes from F17 +- Fix networked-filesystem systemd dependencies (rh #787314) +- Don't restart NM on upgrade, don't stop NM on uninstall (rh #811200) + +* Thu Oct 4 2012 Dan Winship - 0.9.7.0-2.git20121004 +- Update to git snapshot + +* Tue Aug 21 2012 Dan Winship - 0.9.7.0-1.git20120820 +- Update to 0.9.7.0 snapshot + +* Fri Jul 27 2012 Fedora Release Engineering - 1:0.9.5.96-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Mon Jul 23 2012 Dan Williams - 0.9.5.96-1 +- Update to 0.9.6-rc2 +- core: fix race between parallel DHCP client invocations +- core: suppress a useless warning (rh #840580) +- ifcfg-rh: fix segfault with malformed values (rh #841391) +- ifcfg-rh: ignore IP config on bond slave configurations (rh #838907) + +* Fri Jul 13 2012 Jiří Klimeš - 0.9.5.95-1.git20120713 +- Update to 0.9.5.95 (0.9.6-rc1) snapshot +- core: add autoconnect, driver-versioni and firmware-version properties to NMDevice +- core: various IPv6 improvements +- core: reduce number of changes made to DNS information during connection setup +- core: add Vala language bindings +- vpn: support IPv6 over VPNs +- wifi: add on-demand WiFi scan support + +* Mon May 21 2012 Jiří Klimeš - 0.9.4-5.git20120521 +- Update to git snapshot + +* Tue May 8 2012 Dan Winship - 0.9.4-4.git20120502 +- NM no longer uses /var/run/NetworkManager, so don't claim to own it. + (rh #656638) + +* Wed May 2 2012 Jiří Klimeš - 0.9.4-3.git20120502 +- Update to git snapshot + +* Wed Mar 28 2012 Colin Walters - 1:0.9.4-2.git20120328_2 +- Add _isa for internal requires; otherwise depsolving may pull in an + arbitrary architecture. + +* Wed Mar 28 2012 Jiří Klimeš - 0.9.4-1.git20120328_2 +- Update to 0.9.4 + +* Mon Mar 19 2012 Dan Williams - 0.9.3.997-2 +- libnm-glib: updated for new symbols the applet wants + +* Mon Mar 19 2012 Dan Williams - 0.9.3.997-1 +- applet: move to network-manager-applet RPM +- editor: move to nm-connection-editor RPM +- libnm-gtk: move to libnm-gtk RPM + +* Mon Mar 19 2012 Dan Williams - 0.9.3.997-0.7 +- Update to 0.9.3.997 (0.9.4-rc1) +- core: fix possible WiFi hang when connecting to Ad-Hoc networks +- core: enhanced IPv6 compatibility +- core: proxy DNSSEC data when using the 'dnsmasq' caching nameserver plugin +- core: allow VPNs to specify multiple domain names given by the server +- core: fix an issue creating new InfiniBand connections +- core/applet/editor: disable WiFi Ad-Hoc WPA connections until kernel bugs are fixed + +* Wed Mar 14 2012 Dan Williams - 0.9.3.995-0.6 +- core: fix issue with carrier changes not being recognized (rh #800690) +- editor: warn user if CA certificate is left blank + +* Tue Mar 13 2012 Dan Williams - 0.9.3.995-0.5 +- core: fix a crash with ipw2200 devices and adhoc networks +- core: fix IPv6 addressing on newer kernels +- core: fix issue with VPN plugin passwords (rh #802540) +- cli: enhancements for Bonding, VLAN, and OLPC mesh devices +- ifcfg-rh: fix quoting WPA passphrases that include quotes (rh #798102) +- libnm-glib: fix some issues with duplicate devices shown in menus + +* Fri Mar 2 2012 Dan Williams - 0.9.3.995-0.4 +- Update to 0.9.3.995 (0.9.4-beta1) +- core: add support for bonding and VLAN interfaces +- core: add support for Internet connectivity detection +- core: add support for IPv6 Privacy Extensions +- core: fix interaction with firewalld restarts + +* Thu Mar 1 2012 Dan Horák - 0.9.3-0.3 +- disable WiMAX plugin on s390(x) + +* Thu Feb 16 2012 Dan Williams - 0.9.3-0.2 +- Put WiMAX plugin files in the right subpackage + +* Wed Feb 15 2012 Dan Williams - 0.9.3-0.1 +- Update to 0.9.4 snapshot +- wimax: enable optional support for Intel WiMAX devices +- core: use nl80211 for WiFi device control +- core: add basic support for Infiniband IP interfaces +- core: add basic support for bonded interfaces +- core: in-process IP configuration no longer blocks connected state + +* Thu Jan 19 2012 Matthias Clasen - 0.9.2-4 +- Rebuild + +* Thu Jan 12 2012 Fedora Release Engineering - 1:0.9.2-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Thu Nov 24 2011 Daniel Drake - 0.9.2-2 +- Rebuild for libgnome-bluetooth.so.9 + +* Wed Nov 09 2011 Dan Williams - 0.9.2-1 +- core: fix possible crash when talking to ModemManager +- core: improve handling of rfkill on some machines (eeepc 1005HA and others) +- ifcfg-rh: don't use spaces in ifcfg file names (rh #742273) +- core: accept IPv6 Router Advertisements when forwarding is on +- core: bump dnsmasq cache size to 400 entries +- core: ensure IPv6 static routes are flushed when device is deactivated +- ifcfg-rh: fix changing WPA connections to WEP +- core: fix setting hostname from DHCP (rh #719100) +- libnm-glib: fix various GObject introspection issues (rh #747302) +- core: don't change routing or DNS if no devices are managed +- core: ensure IPv6 RA-provided routes are honored + +* Wed Nov 9 2011 Adam Williamson - 1:0.9.1.90-5.git20110927 +- Rebuilt for glibc (rh #747377) +- core: fix setting hostname from DHCP options (rh #719100) +- skip a release to keep up with F16 + +* Tue Sep 27 2011 Dan Williams - 0.9.1.90-3.git20110927 +- core: fix location of wifi.ui (rh #741448) + +* Tue Sep 27 2011 Jiří Klimeš - 0.9.1.90-2.git20110927 +- core: ifcfg-rh: remove newlines when writing to ifcfg files (CVE-2011-3364) (rh #737338) +- core: change iscsiadm path to /sbin/iscsiadm in ifcfg-rh plugin (rh #740753) +- core: fix refcounting when deleting a default wired connection (lp:797868) + +* Mon Sep 19 2011 Dan Williams - 0.9.1.90-1 +- Update to 0.9.1.90 (0.9.2-beta1) +- core: fix IPv6 link-local DNS servers in the dnsmasq DNS plugin +- cli: add ability to delete connections +- keyfile: fix an issue with duplicated keyfile connections +- core: ensure the 'novj' option is passed through to pppd +- core: store timestamps for VPN connections too (rh #725353) + +* Fri Sep 9 2011 Tom Callaway - 0.9.0-2 +- fix systemd scriptlets and trigger + +* Tue Aug 23 2011 Dan Williams - 0.9.0-1 +- Update to 0.9 release +- core: fix issue where scan results could be ignored +- core: ensure agent secrets are preserved when updating connections +- core: don't autoconnect disabled modems +- core: fix race when checking modem enabled/disabled status after disabling +- core: ensure newly installed VPN plugins can actually talk to NM +- core: add support for 802.1X certificate subject matching +- libnm-glib: various introspection fixes +- applet/editor: updated translations + +* Fri Aug 05 2011 Ray Strode 0.8.9997-7.git20110721 +- Add some patches for some blocker (rh #727501) + +* Thu Jul 21 2011 Dan Williams - 0.8.9997-6.git20110721 +- core: updated Russian translation (rh #652904) +- core: fix possible crash if secrets are missing +- core: append interface name for IPv6 link-local DNS server addresses (rh #720001) +- core: fix setting hostname from DHCP options (rh #719100) +- libnm-util: GObject introspection annotation fixes +- libnm-util: ensure IP address/route prefixes are valid +- ifcfg-rh: read anonymous identity for 802.1x PEAP connections (rh #708436) +- applet: show notifications on CDMA home/roaming changes +- applet: fix various issues saving VPN secrets +- editor: allow exporting VPN secrets +- editor: default to IPv6 "automatic" addressing mode + +* Sat Jul 2 2011 Dan Williams - 0.8.9997-5.git20110702 +- core: ensure users are authorized for shared wifi connections (CVE-2011-2176) (rh #715492) +- core: retry failed connections after 5 minute timeout +- core: immediately request new 802.1x 'always ask' passwords if they fail +- core: add MAC blacklisting capability for WiFi and Wired connections +- core: retry failed connections when new users log in (rh #706204) +- applet: updated translations +- core: drop compat interface now that KDE bits are updated to NM 0.9 API + +* Mon Jun 20 2011 Dan Williams - 0.8.9997-4.git20110620 +- core: don't cache "(none)" hostname at startup (rh #706094) +- core: fix handling of VPN connections with only system-owned secrets +- core: fix optional waiting for networking at startup behavior (rh #710502) +- ifcfg-rh: fix possible crashes in error cases +- ifcfg-rh: fix various IPv4 and IPv6 handling issues +- applet: add notifications of GSM mobile broadband registration status +- editor: move secrets when making connections available to all users or private +- applet: don't show irrelevant options when asking for passwords + +* Mon Jun 13 2011 Dan Williams - 0.8.9997-3.git20110613 +- keyfile: better handling of missing certificates/private keys +- core: fix issues handling "always-ask" wired and WiFi 802.1x connections (rh #703785) +- core: fix automatic handling of hidden WiFi networks (rh #707406) +- editor: fix possible crash after reading network connections (rh #706906) +- editor: make Enter/Return key close WiFi password dialogs (rh #708666) + +* Fri Jun 3 2011 Dan Williams - 0.8.9997-2.git20110531 +- Bump for CVE-2011-1943 (no changes, only a rebuild) + +* Tue May 31 2011 Dan Williams - 0.8.9997-1.git20110531 +- editor: fix resizing of UI elements (rh #707269) +- core: retry wired connections when cable is replugged +- core: fix a few warnings and remove some left-over debugging code + +* Thu May 26 2011 Dan Williams - 0.8.999-3.git20110526 +- compat: fix activation/deactivation of VPN connections (rh #699786) +- core: fix autodetection of previously-used hidden wifi networks +- core: silence error if ConsoleKit database does not yet exist (rh #695617) +- core: fix Ad-Hoc frequency handling (rh #699203) +- core: fixes for migrated OpenConnect VPN plugin connections +- core: various fixes for VPN connection secrets handling +- core: send only short hostname to DHCP servers (rh #694758) +- core: better handling of PKCS#8 private keys +- core: fix dispatcher script interface name handling +- editor: fix potential crash when connection is invalid (rh #704848) +- editor: allow _ as a valid character for GSM APNs + +* Mon May 9 2011 Dan Williams - 0.8.999-2.git20110509 +- core: fix possible crash when connections are deleted +- core: fix exported symbols in libnm-util and libnm-glib +- core/applet: updated translations + +* Tue May 3 2011 Dan Williams - 0.8.999-1 +- core: ensure DER format certificates are correctly recognized (rh #699591) +- core: fix WINS server handling in client helper libraries +- core: enhance dispatcher script environment to include IPv6 and VPN details +- applet: migrate openswan connections to 0.9 +- editor: improve usability of editing IP addresses (rh #698199) + +* Wed Apr 27 2011 Dan Williams - 0.8.998-4.git20110427 +- core: enable optimized background roaming for WPA Enterprise configs +- core: better handling of WiFi and WiMAX rfkill (rh #599002) +- applet: fix crash detecting Bluetooth DUN devices a second time +- ifcfg-rh: fix managed/unmanaged changes when removing connections (rh #698202) + +* Tue Apr 19 2011 Dan Williams - 0.8.998-3.git20110419 +- core: systemd and startup enhancements for NFS mounts +- core: more efficient startup process +- core: fix handling of multiple logins when one is inactive +- core: fix handling of S390/Hercules CTC network interfaces (rh #641986) +- core: support Easytether interfaces for Android phones +- core: fix handling of WWAN enable/disable states +- ifcfg-rh: harmonize handling if IPADDR/PREFIX/NETMASK with initscripts (rh #658907) +- applet: fix connection to WPA Enterprise networks (rh #694765) + +* Wed Apr 06 2011 Dan Williams - 0.8.998-2.git20110406 +- core: fix handling of infinite IPv6 RDNSS timeouts (rh #689291) + +* Mon Apr 04 2011 Dan Williams - 0.8.998-1 +- Update to 0.8.998 (0.9.0-rc1) +- core: fix near-infinite requests for passwords (rh #692783) +- core: fix handling of wired 802.1x connections +- core: ignore Nokia PC-Suite ethernet devices we can't use yet +- applet: migrate 0.8 OpenVPN passwords to 0.9 formats + +* Thu Mar 31 2011 Dan Williams - 0.8.997-8.git20110331 +- core: resurrect default VPN username +- core: don't stomp on crypto library users by de-initing the crypto library + +* Wed Mar 30 2011 Dan Williams - 0.8.997-7.git20110330 +- core: fix creation of default wired connections +- core: fix requesting new secrets when old ones fail (ex changing WEP keys) +- editor: ensure all pages are sensitive after retrieving secrets +- editor: fix crash when scrolling through connection lists (rh #693446) +- applet: fix crash after using the wifi or wired secrets dialogs (rh #693446) + +* Mon Mar 28 2011 Christopher Aillon - 0.8.997-6.git20110328 +- Fix trigger to enable the systemd service for upgrades (rh #678553) + +* Mon Mar 28 2011 Dan Williams - 0.8.997-5.git20110328 +- core: fix connection deactivation on the compat interface +- core: give default wired connections a more friendly name +- core: fix base type of newly created wired connections +- applet: many updated translations + +* Fri Mar 25 2011 Dan Williams - 0.8.997-4.git20110325 +- core: fix possible libnm-glib crash when activating connections +- applet: fix various naming and dialog title issues + +* Thu Mar 24 2011 Dan Williams - 0.8.997-3.git20110324 +- nm-version.h should be in NetworkManager-devel, not -glib-devel (rh #685442) + +* Thu Mar 24 2011 Dan Williams - 0.8.997-2.git20110324 +- core: add compatibility layer for KDE Plasma network infrastructure + +* Mon Mar 21 2011 Dan Williams - 0.8.997-1 +- Update to 0.8.997 (0.9-beta3) +- ifcfg-rh: fix reading and writing of Dynamic WEP connections using LEAP as the eap method +- wifi: fix signal strength for scanned access points with some drivers +- applet: translation updates + +* Thu Mar 10 2011 Dan Williams - 0.8.996-1 +- Update to 0.8.996 (0.9-beta2) + +* Wed Mar 9 2011 Dan Williams - 0.8.995-4.git20110308 +- applet: fix bus name more + +* Wed Mar 9 2011 Dan Williams - 0.8.995-3.git20110308 +- applet: fix bus name + +* Tue Mar 8 2011 Matthias Clasen - 0.8.995-2.git20110308 +- Fix systemd requires + +* Mon Mar 7 2011 Dan Williams - 0.8.995-1.git20110308 +- Update to NetworkManager 0.9-beta1 +- core: consolidate user and system settings services into NM itself +- core: add WiMAX support +- applet: support Fast User Switching + +* Fri Feb 11 2011 Matthias Clasen - 0.8.2-8.git20101117 +- Rebuild against newer gtk + +* Mon Feb 07 2011 Fedora Release Engineering - 1:0.8.2-7.git20101117 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Wed Feb 2 2011 Matthias Clasen - 0.8.2-6.git20101117 +- Rebuild against new gtk + +* Tue Feb 1 2011 Dan Williams - 0.8.2-5.git20101117 +- Handle modem IP interface changes after device is recognized + +* Mon Jan 10 2011 Matthias Clasen - 0.8.2-4.git20101117 +- Rebuild against new gtk3 + +* Tue Dec 21 2010 Dan Horák - 0.8.2-3.git20101117 +- use --force in autoreconf to fix FTBFS + +* Fri Dec 3 2010 Matthias Clasen - 0.8.2-2.git20101117 +- Rebuild against newer gtk + +* Sat Nov 27 2010 Dan Williams - 0.8.2-1.git20101117 +- Update to 0.8.2 + +* Wed Nov 3 2010 Matthias Clasen - 0.8.1-10.1 +- Rebuild against libnotify 0.7 +- misc gtk build fixes + +* Mon Nov 1 2010 Dan Williams - 0.8.1-10 +- core: preserve WiFi Enabled state across reboot and suspend/resume + +* Fri Oct 15 2010 Dan Williams - 0.8.1-9 +- core: fix suspend/resume regression (rh #638640) +- core: fix issue causing some nmcli requests to be ignored + +* Thu Oct 7 2010 Dan Williams - 0.8.1-8 +- core: preserve custom local-mapped hostnames in /etc/hosts (rh #627269) + +* Thu Oct 7 2010 Dan Williams - 0.8.1-7 +- core: remove stale /etc/hosts mappings (rh #630146) + +* Tue Aug 31 2010 Dan Williams - 0.8.1-6 +- core: add dispatcher events on DHCPv4 and DHCPv6 lease changes +- core: enforce access permissions when enabling/disabling WiFi and WWAN (rh #626337) +- core: listen for UPower suspend/resume signals +- applet: fix disabled Enable Networking and Enable Wireless menu items (rh #627365) +- applet: updated translations +- applet: obscure Mobile Broadband PIN in secondary unlock dialog + +* Wed Aug 18 2010 Dan Williams - 0.8.1-5 +- core: fix some systemd interaction issues + +* Tue Aug 17 2010 Dan Williams - 0.8.1-4 +- core: rebuild to fix polkit 0.97 build issue +- applet: updated translations + +* Fri Aug 13 2010 Dan Williams - 0.8.1-3 +- core: rebuild to fix dbus-glib security issue (CVE-2010-1172) (rh #585394) + +* Fri Aug 13 2010 Dan Williams - 0.8.1-2 +- core: quiet annoying warnings (rh #612991) +- core: fix retrieval of various IP options in libnm-glib (rh #611141) +- core: ship NetworkManager.conf instead of deprecated nm-system-settings.conf (rh #606160) +- core: add short hostname to /etc/hosts too (rh #621910) +- core: recheck autoactivation when new system connections appear +- core: enable DHCPv6-only configurations (rh #612445) +- core: don't fail connection immediately if DHCP lease expires (rh #616084) (rh #590874) +- core: fix editing of PPPoE system connections +- core: work around twitchy frequency reporting of various wifi drivers +- core: don't tear down user connections on console changes (rh #614556) +- cli: wait a bit for NM's permissions check to complete (rh #614866) +- ifcfg-rh: ignore BRIDGE and VLAN configs and treat as unmanaged (rh #619863) +- man: add manpage for nm-online +- applet: fix crash saving ignore-missing-CA-cert preference (rh #619775) +- applet: hide PIN/PUK by default in the mobile PIN/PUK dialog (rh #615085) +- applet: ensure Enter closes the PIN/PUK dialog (rh #611831) +- applet: fix another crash in ignore-CA-certificate handling (rh #557495) +- editor: fix handling of Wired/s390 connections (rh #618620) +- editor: fix crash when canceling editing in IP address pages (rh #610891) +- editor: fix handling of s390-specific options +- editor: really fix crash when changing system connections (rh #603566) + +* Thu Jul 22 2010 Dan Williams - 0.8.1-1 +- core: read nm-system-settings.conf before NetworkManager.conf (rh #606160) +- core: fix editing system DSL connections when using keyfile plugin +- core: work around inconsistent proprietary driver associated AP reporting +- core: ensure empty VPN secrets are not used (rh #587784) +- core: don't request WiFi scans when connection is locked to a specific BSSID +- cli: show IPv6 settings and configuration +- applet: updated translations +- editor: fix a PolicyKit-related crash editing connections (rh #603566) +- applet: fix saving the ignore-missing-CA-cert preference (rh #610084) +- editor: fix listing connections on PPC64 (rh #608663) +- editor: ensure editor windows are destroyed when closed (rh #572466) + +* Thu Jul 1 2010 Matthias Clasen - 0.8.1-0.5 +- Rebuild against new gnome-bluetooth + +* Fri Jun 25 2010 Dan Williams - 0.8.1-0.4 +- Update to 0.8.1 release candidate +- core: fix WWAN hardware enable state tracking (rh #591622) +- core: fix Red Hat initscript return value on double-start (rh #584321) +- core: add multicast route entry for IPv4 link-local connections +- core: fix connection sharing in cases where a dnsmasq config file exists +- core: fix handling of Ad-Hoc wifi connections to indicate correct network +- core: ensure VPN interface name is passed to dispatcher when VPN goes down +- ifcfg-rh: fix handling of ASCII WEP keys +- ifcfg-rh: fix double-quoting of some SSIDs (rh #606518) +- applet: ensure deleted connections are actually forgotten (rh #618973) +- applet: don't crash if the AP's BSSID isn't availabe (rh #603236) +- editor: don't crash on PolicyKit events after windows are closed (rh #572466) + +* Wed May 26 2010 Dan Williams - 0.8.1-0.3 +- core: fix nm-online crash (rh #593677) +- core: fix failed suspend disables network (rh #589108) +- core: print out missing firmware errors (rh #594578) +- applet: fix device descriptions for some mobile broadband devices +- keyfile: bluetooth fixes +- applet: updated translations (rh #589230) + +* Wed May 19 2010 Dan Williams - 0.8.1-0.2.git20100519 +- core: use GIO in local mode only (rh #588745) +- core: updated translations (rh #589230) +- core: be more lenient in IPv6 RDNSS server expiry (rh #590202) +- core: fix headers to be C++ compatible (rh #592783) +- applet: updated translations (rh #589230) +- applet: lock connections with well-known SSIDs to their specific AP + +* Mon May 10 2010 Dan Williams - 0.8.1-0.1.git20100510 +- core: fix handling of IPv6 RA flags when router goes away (rh #588560) +- bluetooth: fix crash configuring DUN connections from the wizard (rh #590666) + +* Sun May 9 2010 Dan Williams - 0.8-13.git20100509 +- core: restore initial accept_ra value for IPv6 ignored connections (rh #588619) +- bluetooth: fix bad timeout on PAN connections (rh #586961) +- applet: updated translations + +* Tue May 4 2010 Dan Williams - 0.8-12.git20100504 +- core: treat missing IPv6 configuration as ignored (rh #588814) +- core: don't flush IPv6 link-local routes (rh #587836) +- cli: update output formatting + +* Mon May 3 2010 Dan Williams - 0.8-11.git20100503 +- core: allow IP configuration as long as one method completes (rh #567978) +- core: don't prematurely remove IPv6 RDNSS nameservers (rh #588192) +- core: ensure router advertisements are only used when needed (rh #588613) +- editor: add IPv6 gateway editing capability + +* Sun May 2 2010 Dan Williams - 0.8-10.git20100502 +- core: IPv6 autoconf, DHCP, link-local, and manual mode fixes +- editor: fix saving IPv6 address in user connections + +* Thu Apr 29 2010 Dan Williams - 0.8-9.git20100429 +- core: fix crash when IPv6 is enabled and interface is deactivated + +* Mon Apr 26 2010 Dan Williams - 0.8-8.git20100426 +- core: fix issues with IPv6 router advertisement mishandling (rh #530670) +- core: many fixes for IPv6 RA and DHCP handling (rh #538499) +- core: ignore WWAN ethernet devices until usable (rh #585214) +- ifcfg-rh: fix handling of WEP passphrases (rh #581718) +- applet: fix crashes (rh #582938) (rh #582428) +- applet: fix crash with multiple concurrent authorization requests (rh #585405) +- editor: allow disabling IPv4 on a per-connection basis +- editor: add support for IPv6 DHCP-only configurations + +* Thu Apr 22 2010 Dan Williams - 0.8-7.git20100422 +- core: fix crash during install (rh #581794) +- wifi: fix crash when supplicant segfaults after resume (rh #538717) +- ifcfg-rh: fix MTU handling for wired connections (rh #569319) +- applet: fix display of disabled mobile broadband devices + +* Thu Apr 8 2010 Dan Williams - 0.8-6.git20100408 +- core: fix automatic WiFi connections on resume (rh #578141) + +* Thu Apr 8 2010 Dan Williams - 0.8-5.git20100408 +- core: more flexible logging +- core: fix crash with OLPC mesh devices after suspend +- applet: updated translations +- applet: show mobile broadband signal strength and technology in the icon +- applet: fix continuous password requests for 802.1x connections (rh #576925) +- applet: many updated translations + +* Thu Mar 25 2010 Dan Williams - 0.8-4.git20100325 +- core: fix modem enable/disable +- core: fix modem default route handling + +* Tue Mar 23 2010 Dan Williams - 0.8-3.git20100323 +- core: don't exit early on non-fatal state file errors +- core: fix Bluetooth connection issues (rh #572340) +- applet: fix some translations (rh #576056) +- applet: better feedback when wrong PIN/PUK is entered +- applet: many updated translations +- applet: PIN2 unlock not required for normal modem functionality +- applet: fix wireless secrets dialog display + +* Wed Mar 17 2010 Dan Williams - 0.8-2.git20100317 +- man: many manpage updates +- core: determine classful prefix if non is given via DHCP +- core: ensure /etc/hosts is always up-to-date and correct (rh #569914) +- core: support GSM network and roaming preferences +- applet: startup speed enhancements +- applet: better support for OTP/token-based WiFi connections (rh #526383) +- applet: show GSM and CDMA registration status and signal strength when available +- applet: fix zombie GSM and CDMA devices in the menu +- applet: remove 4-character GSM PIN/PUK code limit +- applet: fix insensitive WiFi Create... button (rh #541163) +- applet: allow unlocking of mobile devices immediately when plugged in + +* Fri Feb 19 2010 Dan Williams - 0.8-1.git20100219 +- core: update to final 0.8 release +- core: fix Bluetooth DUN connections when secrets are needed +- ifcfg-rh: add helper for initscripts to determine ifcfg connection UUIDs +- applet: fix Bluetooth connection secrets requests +- applet: fix rare conflict with other gnome-bluetooth plugins + +* Thu Feb 11 2010 Dan Williams - 0.8-0.4.git20100211 +- core: fix mobile broadband PIN handling (rh #543088) (rh #560742) +- core: better handling of /etc/hosts if hostname was already added by the user +- applet: crash less on D-Bus property errors (rh #557007) +- applet: fix crash entering wired 802.1x connection details (rh #556763) + +* Tue Feb 09 2010 Kevin Kofler - 0.8-0.3.git20100129 +- core: validate the autostart .desktop file +- build: fix nmcli for the stricter ld (fixes FTBFS) +- build: fix nm-connection-editor for the stricter ld (fixes FTBFS) +- applet: don't autostart in KDE on F13+ (#541353) + +* Fri Jan 29 2010 Dan Williams - 0.8-0.2.git20100129 +- core: add Bluetooth Dial-Up Networking (DUN) support (rh #136663) +- core: start DHCPv6 on receipt of RA 'otherconf'/'managed' bits +- nmcli: allow enable/disable of WiFi and WWAN + +* Fri Jan 22 2010 Dan Williams - 0.8-0.1.git20100122 +- ifcfg-rh: read and write DHCPv6 enabled connections (rh #429710) +- nmcli: update + +* Thu Jan 21 2010 Dan Williams - 0.7.999-2.git20100120 +- core: clean NSS up later to preserve errors from crypto_init() + +* Wed Jan 20 2010 Dan Williams - 0.7.999-1.git20100120 +- core: support for managed-mode DHCPv6 (rh #429710) +- ifcfg-rh: gracefully handle missing PREFIX/NETMASK +- cli: initial preview of command-line client +- applet: add --help to explain what the applet is (rh #494641) + +* Wed Jan 6 2010 Dan Williams - 0.7.998-1.git20100106 +- build: fix for new pppd (rh #548520) +- core: add WWAN enable/disable functionality +- ifcfg-rh: IPv6 addressing and routes support (rh #523288) +- ifcfg-rh: ensure connection is updated when route/key files change +- applet: fix crash when active AP isn't found (rh #546901) +- editor: fix crash when editing connections (rh #549579) + +* Mon Dec 14 2009 Dan Williams - 0.7.997-2.git20091214 +- core: fix recognition of standalone 802.1x private keys +- applet: clean notification text to ensure it passes libnotify validation + +* Mon Dec 7 2009 Dan Williams - 0.7.997-1 +- core: remove haldaemon from initscript dependencies (rh #542078) +- core: handle PEM certificates without an ending newline (rh #507315) +- core: fix rfkill reporting for ipw2x00 devices +- core: increase PPPoE timeout to 30 seconds +- core: fix re-activating system connections with secrets +- core: fix crash when deleting automatically created wired connections +- core: ensure that a VPN's DNS servers are used when sharing the VPN connection +- ifcfg-rh: support routes files (rh #507307) +- ifcfg-rh: warn when device will be managed due to missing HWADDR (rh #545003) +- ifcfg-rh: interpret DEFROUTE as never-default (rh #528281) +- ifcfg-rh: handle MODE=Auto correctly +- rpm: fix rpmlint errors +- applet: don't crash on various D-Bus and other errors (rh #545011) (rh #542617) +- editor: fix various PolicyKit-related crashes (rh #462944) +- applet+editor: notify user that private keys must be protected + +* Fri Nov 13 2009 Dan Williams - 0.7.996-7.git20091113 +- nm: better pidfile handing (rh #517362) +- nm: save WiFi and Networking enabled/disabled states across reboot +- nm: fix crash with missing VPN secrets (rh #532084) +- applet: fix system connection usage from the "Connect to hidden..." dialog +- applet: show Bluetooth connections when no other devices are available (rh #532049) +- applet: don't die when autoconfigured connections can't be made (rh #532680) +- applet: allow system administrators to disable the "Create new wireless network..." menu item +- applet: fix missing username connecting to VPNs the second time +- applet: really fix animation stuttering +- editor: fix IP config widget tooltips +- editor: allow unlisted countries in the mobile broadband wizard (rh #530981) +- ifcfg-rh: ignore .rpmnew files (rh #509621) + +* Wed Nov 04 2009 Dan Williams - 0.7.996-6.git20091021 +- nm: fix PPPoE connection authentication (rh #532862) + +* Wed Oct 21 2009 Dan Williams - 0.7.996-5.git20091021 +- install: better fix for (rh #526519) +- install: don't build Bluetooth bits on s390 (rh #529854) +- nm: wired 802.1x connection activation fixes +- nm: fix crash after modifying default wired connections like "Auto eth0" +- nm: ensure VPN secrets are requested again after connection failure +- nm: reset 'accept_ra' to previous value after deactivating IPv6 connections +- nm: ensure random netlink events don't interfere with IPv6 connection activation +- ifcfg-rh: fix writing out LEAP connections +- ifcfg-rh: recognize 'static' as a valid BOOTPROTO (rh #528068) +- applet: fix "could not find required resources" error (rh #529766) + +* Fri Oct 2 2009 Dan Williams - 0.7.996-4.git20091002 +- install: fix -gnome package pre script failures (rh #526519) +- nm: fix failures validating private keys when using the NSS crypto backend +- applet: fix crashes when clicking on menu but not associated (rh #526535) +- editor: fix crash editing wired 802.1x settings +- editor: fix secrets retrieval when editing connections + +* Mon Sep 28 2009 Dan Williams - 0.7.996-3.git20090928 +- nm: fix connection takeover when carrier is not on +- nm: handle certificate paths (CA chain PEM files are now fully usable) +- nm: defer action for 4 seconds when wired carrier drops +- ifcfg-rh: fix writing WPA passphrases with odd characters +- editor: fix editing of IPv4 settings with new connections (rh #525819) +- editor: fix random crashes when editing due to bad widget refcounting +- applet: debut reworked menu layout (not final yet...) + +* Wed Sep 23 2009 Matthias Clasen - 0.7.996-3.git20090921 +- Install GConf schemas + +* Mon Sep 21 2009 Dan Williams - 0.7.996-2.git20090921 +- nm: allow disconnection of all device types +- nm: ensure that wired connections are torn down when their hardware goes away +- nm: fix crash when canceling a VPN's request for secrets +- editor: fix issues changing connections between system and user scopes +- editor: ensure changes are thrown away when editing is canceled +- applet: ensure connection changes are noticed by NetworkManager +- applet: fix crash when creating new connections +- applet: actually use wired 802.1x secrets after they are requested + +* Wed Aug 26 2009 Dan Williams - 0.7.996-1.git20090826 +- nm: IPv6 zeroconf support and fixes +- nm: port to polkit (rh #499965) +- nm: fixes for ehea devices (rh #511304) (rh #516591) +- nm: work around PPP bug causing bogus nameservers for mobile broadband connections +- editor: fix segfault with "Unlisted" plans in the mobile broadband assistant + +* Thu Aug 13 2009 Dan Williams - 0.7.995-3.git20090813 +- nm: add iSCSI support +- nm: add connection assume/takeover support for ethernet (rh #517333) +- nm: IPv6 fixes +- nm: re-add OLPC XO-1 mesh device support (removed with 0.7.0) +- applet: better WiFi dialog focus handling + +* Tue Aug 11 2009 Bastien Nocera 0.7.995-2.git20090804 +- Add patch to fix service detection on phones + +* Tue Aug 4 2009 Dan Williams - 0.7.995-1.git20090804 +- nm: IPv6 support for manual & router-advertisement modes + +* Sun Aug 2 2009 Matthias Clasen - 0.7.995-1.git20090728 +- Move some big docs to -devel to save space + +* Tue Jul 28 2009 Dan Williams - 0.7.995-0.git20090728 +- Update to upstream 'master' branch +- Use modem-manager for better 3G modem support +- Integrated system settings with NetworkManager itself +- Use udev instead of HAL + +* Fri Jul 24 2009 Fedora Release Engineering - 1:0.7.1-9.git20090708 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Thu Jul 9 2009 Dan Williams - 0.7.1-8.git20090708 +- applet: fix certificate validation in hidden wifi networks dialog (rh #508207) + +* Wed Jul 8 2009 Dan Williams - 0.7.1-7.git20090708 +- nm: fixes for ZTE/Onda modem detection +- nm: prevent re-opening serial port when the SIM has a PIN +- applet: updated translations +- editor: show list column headers + +* Thu Jun 25 2009 Dan Williams - 0.7.1-6.git20090617 +- nm: fix serial port settings + +* Wed Jun 17 2009 Dan Williams - 0.7.1-5.git20090617 +- nm: fix AT&T Quicksilver modem connections (rh #502002) +- nm: fix support for s390 bus types (rh #496820) +- nm: fix detection of some CMOtech modems +- nm: handle unsolicited wifi scans better +- nm: resolv.conf fixes when using DHCP and overriding search domains +- nm: handle WEP and WPA passphrases (rh #441070) +- nm: fix removal of old APs when none are scanned +- nm: fix Huawei EC121 and EC168C detection and handling (rh #496426) +- applet: save WEP and WPA passphrases instead of hashed keys (rh #441070) +- applet: fix broken notification bubble actions +- applet: default to WEP encryption for Ad-Hoc network creation +- applet: fix crash when connection editor dialogs are canceled +- applet: add a mobile broadband provider wizard + +* Tue May 19 2009 Karsten Hopp 0.7.1-4.git20090414.1 +- drop ExcludeArch s390 s390x, we need at least the header files + +* Tue May 05 2009 Adam Jackson 1:0.7.1-4.git20090414 +- nm-save-the-leases.patch: Use per-connection lease files, and don't delete + them on interface deactivate. + +* Thu Apr 16 2009 Dan Williams - 1:0.7.1-3.git20090414 +- ifcfg-rh: fix problems noticing changes via inotify (rh #495884) + +* Tue Apr 14 2009 Dan Williams - 1:0.7.1-2.git20090414 +- ifcfg-rh: enable write support for wired and wifi connections + +* Sun Apr 12 2009 Dan Williams - 1:0.7.1-1 +- nm: update to 0.7.1 +- nm: fix startup race with HAL causing unmanaged devices to sometimes be managed (rh #494527) + +* Wed Apr 8 2009 Dan Williams - 1:0.7.0.100-2.git20090408 +- nm: fix recognition of Option GT Fusion and Option GT HSDPA (nozomi) devices (rh #494069) +- nm: fix handling of spaces in DHCP 'domain-search' option +- nm: fix detection of newer Option 'hso' devices +- nm: ignore low MTUs returned by broken DHCP servers + +* Sun Apr 5 2009 Dan Williams - 1:0.7.0.100-1 +- Update to 0.7.1-rc4 +- nm: use PolicyKit for system connection secrets retrieval +- nm: correctly interpret errors returned from chmod(2) when saving keyfile system connections +- editor: use PolicyKit to get system connection secrets + +* Thu Mar 26 2009 Dan Williams - 1:0.7.0.99-5 +- nm: fix crashes with out-of-tree modules that provide no driver link (rh #492246) +- nm: fix USB modem probing on recent udev versions + +* Tue Mar 24 2009 Dan Williams - 1:0.7.0.99-4 +- nm: fix communication with Option GT Max 3.6 mobile broadband cards +- nm: fix communication with Huawei mobile broadband cards (rh #487663) +- nm: don't look up hostname when HOSTNAME=localhost unless asked (rh #490184) +- nm: fix crash during IP4 configuration (rh #491620) +- nm: ignore ONBOOT=no for minimal ifcfg files (f9 & f10 only) (rh #489398) +- applet: updated translations + +* Wed Mar 18 2009 Dan Williams - 1:0.7.0.99-3.5 +- nm: work around unhandled device removals due to missing HAL events (rh #484530) +- nm: improve handling of multiple modem ports +- nm: support for Sony Ericsson F3507g / MD300 and Dell 5530 +- applet: updated translations + +* Mon Mar 9 2009 Dan Williams - 1:0.7.0.99-3 +- Missing ONBOOT should actually mean ONBOOT=yes (rh #489422) + +* Mon Mar 9 2009 Dan Williams - 1:0.7.0.99-2 +- Fix conflict with NetworkManager-openconnect (rh #489271) +- Fix possible crash when resynchronizing devices if HAL restarts + +* Wed Mar 4 2009 Dan Williams - 1:0.7.0.99-1 +- nm: make default wired "Auto ethX" connection modifiable if an enabled system settings + plugin supports modifying connections (rh #485555) +- nm: manpage fixes (rh #447233) +- nm: CVE-2009-0365 - GetSecrets disclosure +- applet: CVE-2009-0578 - local users can modify the connection settings +- applet: fix inability to choose WPA Ad-Hoc networks from the menu +- ifcfg-rh: add read-only support for WPA-PSK connections + +* Wed Feb 25 2009 Dan Williams - 1:0.7.0.98-1.git20090225 +- Fix getting secrets for system connections (rh #486696) +- More compatible modem autodetection +- Better handle minimal ifcfg files + +* Mon Feb 23 2009 Fedora Release Engineering - 1:0.7.0.97-6.git20090220 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Fri Feb 20 2009 Dan Williams - 1:0.7.0.97-5.git20090220 +- Use IFF_LOWER_UP for carrier detect instead of IFF_RUNNING +- Add small delay before probing cdc-acm driven mobile broadband devices + +* Thu Feb 19 2009 Dan Williams - 1:0.7.0.97-4.git20090219 +- Fix PEAP version selection in the applet (rh #468844) +- Match hostname behavior to 'network' service when hostname is localhost (rh #441453) + +* Thu Feb 19 2009 Dan Williams - 1:0.7.0.97-2 +- Fix 'noreplace' for nm-system-settings.conf + +* Wed Feb 18 2009 Dan Williams - 1:0.7.0.97-1 +- Update to 0.7.1rc1 +- nm: support for Huawei E160G mobile broadband devices (rh #466177) +- nm: fix misleading routing error message (rh #477916) +- nm: fix issues with 32-character SSIDs (rh #485312) +- nm: allow root to activate user connections +- nm: automatic modem detection with udev-extras +- nm: massive manpage rewrite +- applet: fix crash when showing the CA certificate ignore dialog a second time +- applet: clear keyring items when deleting a connection +- applet: fix max signal strength calculation in menu (rh #475123) +- applet: fix VPN export (rh #480496) + +* Sat Feb 7 2009 Dan Williams - 1:0.7.0-2.git20090207 +- applet: fix blank VPN connection message bubbles +- applet: better handling of VPN routing on update +- applet: silence pointless warning (rh #484136) +- applet: desensitize devices in the menu until they are ready (rh #483879) +- nm: Expose WINS servers in the IP4Config over D-Bus +- nm: Better handling of GSM Mobile Broadband modem initialization +- nm: Handle DHCP Classless Static Routes (RFC 3442) +- nm: Fix Mobile Broadband and PPPoE to always use 'noauth' +- nm: Better compatibility with older dual-SSID AP configurations (rh #445369) +- nm: Mark nm-system-settings.conf as config (rh #465633) +- nm-tool: Show VPN connection information +- ifcfg-rh: Silence message about ignoring loopback config (rh #484060) +- ifcfg-rh: Fix issue with wrong gateway for system connections (rh #476089) + +* Fri Jan 2 2009 Dan Williams - 1:0.7.0-1.git20090102 +- Update to 0.7.1 pre-release +- Allow connections to be ignored when determining the default route (rh #476089) +- Own /usr/share/gnome-vpn-properties (rh #477155) +- Fix log flooding due to netlink errors (rh #459205) +- Pass connection UUID to dispatcher scripts via the environment +- Fix possible crash after deactivating a VPN connection +- Fix issues with editing wired 802.1x connections +- Fix issues when using PKCS#12 certificates with 802.1x connections + +* Fri Nov 21 2008 Dan Williams - 1:0.7.0-0.12.svn4326 +- API and documentation updates +- Fix PIN handling on 'hso' mobile broadband devices + +* Tue Nov 18 2008 Dan Williams - 1:0.7.0-0.12.svn4296 +- Fix PIN/PUK issues with high-speed Option HSDPA mobile broadband cards +- Fix desensitized OK button when asking for wireless keys + +* Mon Nov 17 2008 Dan Williams - 1:0.7.0-0.12.svn4295 +- Fix issues reading ifcfg files +- Previously fixed: +- Doesn't send DHCP hostname (rh #469336) +- 'Auto eth0' forgets settings (rh #468612) +- DHCP renewal sometimes breaks VPN (rh #471852) +- Connection editor menu item in the wrong place (rh #471495) +- Cannot make system-wide connections (rh #471308) + +* Fri Nov 14 2008 Dan Williams - 1:0.7.0-0.12.svn4293 +- Update to NetworkManager 0.7.0 RC2 +- Handle gateways on a different subnet from the interface +- Clear VPN secrets on connection failure to ensure they are requested again (rh #429287) +- Add support for PKCS#12 private keys (rh #462705) +- Fix mangling of VPN's default route on DHCP renew +- Fix type detection of qemu/kvm network devices (rh #466340) +- Clear up netmask/prefix confusion in the connection editor +- Make the secrets dialog go away when it's not needed +- Fix inability to add system connections (rh #471308) + +* Mon Oct 27 2008 Dan Williams - 1:0.7.0-0.11.svn4229 +- More reliable mobile broadband card initialization +- Handle mobile broadband PINs correctly when PPP passwords are also used +- Additional PolicyKit integration for editing system connections +- Close the applet menu if a keyring password is needed (rh #353451) + +* Tue Oct 21 2008 Dan Williams - 1:0.7.0-0.11.svn4201 +- Fix issues with hostname during anaconda installation (rh #461933) +- Fix Ad-Hoc WPA connections (rh #461197) +- Don't require gnome-panel or gnome-panel-devel (rh #427834) +- Fix determination of WPA encryption capabilities on some cards +- Fix conflicts with PPTP and vpnc plugins +- Allow .cer file extensions when choosing certificates + +* Sat Oct 11 2008 Dan Williams - 1:0.7.0-0.11.svn4175 +- Fix conflicts for older PPTP VPN plugins + +* Sat Oct 11 2008 Dan Williams - 1:0.7.0-0.11.svn4174 +- Ensure that mobile broadband cards are powered up before trying to use them +- Hostname changing support (rh #441453) +- Fix mobile broadband secret requests to happen less often +- Better handling of default devices and default routes +- Better information in tooltips and notifications +- Various UI cleanups; hide widgets that aren't used (rh #465397, rh #465395) +- Accept different separators for DNS servers and searches +- Make applet's icon accurately reflect signal strength of the current AP + +* Wed Oct 1 2008 Dan Williams - 1:0.7.0-0.11.svn4022.4 +- Fix connection comparison that could cause changes to get overwritten (rh #464417) + +* Tue Sep 30 2008 Dan Williams - 1:0.7.0-0.11.svn4022.3 +- Fix handling of VPN settings on upgrade (rh #460730, bgo #553465) + +* Thu Sep 11 2008 Dan Williams - 1:0.7.0-0.11.svn4022.2 +- Fix hang when reading system connections from ifcfg files + +* Thu Sep 4 2008 Dan Williams - 1:0.7.0-0.11.svn4022.1 +- Fix WPA Ad-Hoc connections + +* Wed Aug 27 2008 Dan Williams - 1:0.7.0-0.11.svn4022 +- Fix parsing of DOMAIN in ifcfg files (rh #459370) +- Fix reconnection to mobile broadband networks after an auth failure +- Fix recognition of timeouts of PPP during mobile broadband connection +- More compatible connection sharing (rh #458625) +- Fix DHCP in minimal environments without glibc locale information installed +- Add support for Option mobile broadband devices (like iCON 225 and iCON 7.2) +- Add IP4 config information to dispatcher script environment +- Merge WEP ASCII and Hex key types for cleaner UI +- Pre-fill PPPoE password when authentication fails +- Fixed some changes not getting saved in the connection editor +- Accept both prefix and netmask in the conection editor's IPv4 page + +* Mon Aug 11 2008 Dan Williams - 1:0.7.0-0.11.svn3930 +- Fix issue with mobile broadband connections that don't require authentication + +* Mon Aug 11 2008 Dan Williams - 1:0.7.0-0.11.svn3927 +- Expose DHCP-returned options over D-Bus and to dispatcher scripts +- Add support for customized static routes +- Handle multiple concurrent 3G or PPPoE connections +- Fix GSM/CDMA username and password issues +- Better handling of unmanaged devices from ifcfg files +- Fix timeout handling of errors during 3G connections +- Fix some routing issues (rh #456685) +- Fix applet crashes after removing a device (rh #457380) + +* Thu Jul 24 2008 Dan Williams - 1:0.7.0-0.11.svn3846 +- Convert stored IPv4 static IP addresses to new prefix-based scheme automatically +- Fix pppd connections to some 3G providers (rh #455348) +- Make PPPoE "Show Password" option work +- Hide IPv4 config options that don't make sense in certain configurations + +* Fri Jul 18 2008 Dan Williams - 1:0.7.0-0.11.svn3830 +- Expose server-returned DHCP options via D-Bus +- Use avahi-autoipd rather than old built-in IPv4LL implementation +- Send hostname to DHCP server if provided (DHCP_HOSTNAME ifcfg option) +- Support sending DHCP Client Identifier to DHCP server +- Allow forcing 802.1x PEAP Label to '0' +- Make connection sharing more robust +- Show status for shared and Ad-Hoc connections if no other connection is active + +* Fri Jul 11 2008 Matthias Clasen - 1:0.7.0-0.10.svn3801 +- Drop explicit hal dep in -gnome + +* Wed Jul 02 2008 Dan Williams - 1:0.7.0-0.10.svn3801 +- Move VPN configuration into connection editor +- Fix mobile broadband username/password issues +- Fix issues with broken rfkill setups (rh #448889) +- Honor APN setting for GSM mobile broadband configurations +- Fix adding CDMA connections in the connection editor + +* Wed Jun 11 2008 Dan Williams - 1:0.7.0-0.10.svn3747 +- Update to latest SVN +- Enable connection sharing +- Respect VPN-provided routes + +* Wed Jun 4 2008 Dan Williams - 1:0.7.0-0.9.4.svn3675 +- Move NM later in the shutdown process (rh #449070) +- Move libnm-util into a subpackage to allow NM to be removed more easily (rh #351101) + +* Mon May 19 2008 Dan Williams - 1:0.7.0-0.9.3.svn3675 +- Read global gateway from /etc/sysconfig/network if missing (rh #446527) +- nm-system-settings now terminates when dbus goes away (rh #444976) + +* Wed May 14 2008 Dan Williams - 1:0.7.0-0.9.3.svn3669 +- Fix initial carrier state detection on devices that are already up (rh #134886) + +* Tue May 13 2008 Dan Williams - 1:0.7.0-0.9.3.svn3667 +- Restore behavior of marking wifi devices as "down" when disabling wireless +- Fix a crash on resume when a VPN was active when going to sleep + +* Tue May 13 2008 Dan Williams - 1:0.7.0-0.9.3.svn3665 +- Fix issues with the Fedora plugin not noticing changes made by + system-config-network (rh #444502) +- Allow autoconnection of GSM and CDMA connections +- Multiple IP address support for user connections +- Fixes for Mobile Broadband cards that return line speed on connect +- Implement PIN entry for GSM mobile broadband connections +- Fix crash when editing unencrypted WiFi connections in the connection editor + +* Wed Apr 30 2008 Dan Williams - 1:0.7.0-0.9.3.svn3623 +- Clean up the dispatcher now that it's service is gone (rh #444798) + +* Wed Apr 30 2008 Dan Williams - 1:0.7.0-0.9.2.svn3623 +- Fix asking applets for the GSM PIN/PUK + +* Wed Apr 30 2008 Dan Williams - 1:0.7.0-0.9.2.svn3622 +- Guess WEP key type in applet when asking for new keys +- Correct OK button sensitivity in applet when asking for new WEP keys + +* Wed Apr 30 2008 Dan Williams - 1:0.7.0-0.9.2.svn3620 +- Fix issues with Mobile Broadband connections caused by device init race patch + +* Tue Apr 29 2008 Dan Williams - 1:0.7.0-0.9.2.svn3619 +- Fix device initialization race that caused ethernet devices to get stuck on + startup +- Fix PPPoE connections not showing up in the applet +- Fix disabled OK button in connection editor some wireless and IP4 settings +- Don't exit if HAL isn't up yet; wait for it +- Fix a suspend/resume crash + +* Sun Apr 27 2008 Dan Williams - 1:0.7.0-0.9.2.svn3614 +- Don't ask for wireless keys when the driver sends disconnect events during + association; wait until the entire assocation times out +- Replace dispatcher daemon with D-Bus activated callout +- Fix parsing of DNS2 and DNS3 ifcfg file items +- Execute dispatcher scripts in alphabetical order +- Be active at runlevel 2 +- Hook up MAC address widgets for wired & wireless; and BSSID widget for wireless +- Pre-populate anonymous identity and phase2 widgets correctly +- Clear out unused connection keys from GConf + +* Tue Apr 22 2008 Dan Williams - 1:0.7.0-0.9.2.svn3590 +- Don't select devices without a default gateway as the default route (rh #437338) +- Fill in broadcast address if not specified (rh #443474) +- Respect manual VPN IPv4 configuration options +- Show Connection Information for the device with the default route only + +* Fri Apr 18 2008 Dan Williams - 1:0.7.0-0.9.2.svn3578 +- Add dbus-glib-devel BuildRequires for NetworkManager-glib-devel (rh #442978) +- Add PPP settings page to connection editor +- Fix a few crashes with PPPoE +- Fix active connection state changes that confused clients + +* Thu Apr 17 2008 Dan Williams - 1:0.7.0-0.9.2.svn3571 +- Fix build in pppd-plugin + +* Thu Apr 17 2008 Dan Williams - 1:0.7.0-0.9.2.svn3570 +- PPPoE authentication fixes +- More robust handing of mobile broadband device communications + +* Wed Apr 16 2008 Dan Williams - 1:0.7.0-0.9.2.svn3566 +- Honor options from /etc/sysconfig/network for blocking until network is up + +* Wed Apr 16 2008 Dan Williams - 1:0.7.0-0.9.1.svn3566 +- Turn on Add/Edit in the connection editor +- Don't flush or change IPv6 addresses or routes +- Enhance nm-online tool +- Some serial communication fixes for mobile broadband + +* Wed Apr 9 2008 Dan Williams - 1:0.7.0-0.9.1.svn3549 +- Fix issues with VPN passwords not getting found + +* Tue Apr 8 2008 Dan Williams - 1:0.7.0-0.9.1.svn3548 +- Fix builds due to glib2 breakage of GStaticMutex with gcc 4.3 + +* Tue Apr 8 2008 Dan Williams - 1:0.7.0-0.9.1.svn3547 +- Fix WEP key index handling in UI +- Fix handling of NM_CONTROLLED in ifcfg files +- Show device managed state in applet menu +- Show wireless enabled state in applet menu +- Better handling of default DHCP connections for wired devices +- Fix loading of connection editor on KDE (rh #435344) + +* Wed Apr 2 2008 Dan Williams - 1:0.7.0-0.9.1.svn3527 +- Honor MAC address locking for wired & wireless devices + +* Mon Mar 31 2008 Dan Williams - 1:0.7.0-0.9.1.svn3521 +- Show VPN failures +- Support Static WEP key indexes +- Fix parsing of WEP keys from ifcfg files +- Pre-fill wireless security UI bits in connection editor and applet + +* Tue Mar 18 2008 Dan Williams - 1:0.7.0-0.9.1.svn3476 +- Grab system settings from /etc/sysconfig/network-scripts, not from profiles + +* Tue Mar 18 2008 Dan Williams - 1:0.7.0-0.9.1.svn3473 +- Fix crashes when returning VPN secrets from the applet to NM + +* Tue Mar 18 2008 Dan Williams - 1:0.7.0-0.9.1.svn3472 +- Fix crashes on suspend/resume and exit (rh #437426) +- Ensure there's always an option to chose the wired device +- Never set default route via an IPv4 link-local addressed device (rh #437338) + +* Wed Mar 12 2008 Dan Williams - 1:0.7.0-0.9.1.svn3440 +- Fix DHCP rebind behavior +- Preliminary PPPoE support + +* Mon Mar 10 2008 Dan Williams - 1:0.7.0-0.9.1.svn3417 +- Fix gnome-icon-theme Requires, should be on gnome subpackage + +* Mon Mar 10 2008 Dan Williams - 1:0.7.0-0.8.svn3417 +- Honor DHCP rebinds +- Multiple active device support +- Better error handling of mobile broadband connection failures +- Allow use of interface-specific dhclient config files +- Recognize system settings which have no TYPE item + +* Sun Mar 2 2008 Dan Williams - 1:0.7.0-0.8.svn3370 +- Fix crash of nm-system-settings on malformed ifcfg files (rh #434919) +- Require gnome-icon-theme to pick up lock.png (rh #435344) +- Fix applet segfault after connection removal via connection editor or GConf + +* Fri Feb 29 2008 Dan Williams - 1:0.7.0-0.8.svn3369 +- Don't create multiple connections for hidden access points +- Fix scanning behavior + +* Thu Feb 14 2008 Dan Williams - 1:0.7.0-0.8.svn3319 +- Rework connection editor connection list + +* Tue Feb 12 2008 Dan Williams - 1:0.7.0-0.8.svn3312 +- Better handling of changes in the profile directory by the system settings + serivce + +* Thu Feb 7 2008 Dan Williams - 1:0.7.0-0.8.svn3302 +- Enable system settings service +- Allow explicit disconnection of mobile broadband devices +- Fix applet memory leaks (rh #430178) +- Applet Connection Information dialog tweaks (gnome.org #505899) +- Filter input characters to passphrase/key entry (gnome.org #332951) +- Fix applet focus stealing prevention behavior + +* Mon Jan 21 2008 Dan Williams - 1:0.7.0-0.8.svn3261 +- Add CDMA mobile broadband support (if supported by HAL) +- Rework applet connection and icon handling +- Enable connection editor (only for deleting connections) + +* Fri Jan 11 2008 Dan Williams - 1:0.7.0-0.8.svn3235 +- Fix crash when activating a mobile broadband connection +- Better handling of non-SSID-broadcasting APs on kernels that support it + (gnome.org #464215) (rh #373841) +- Honor DHCP-server provided MTU if present (gnome.org #332953) +- Use previous DNS settings if the VPN concentrator doesn't provide any + (gnome.org #346833) + +* Fri Jan 4 2008 Dan Williams - 1:0.7.0-0.8.svn3204 +- Fix WPA passphrase hashing on big endian (PPC, Sparc, etc) (rh #426233) + +* Tue Dec 18 2007 Dan Williams - 1:0.7.0-0.8.svn3181 +- Fixes to work better with new libnl (rh #401761) + +* Tue Dec 18 2007 Dan Williams - 1:0.7.0-0.8.svn3180 +- Fix WPA/WPA2 Enterprise Phase2 connections (rh #388471) + +* Wed Dec 5 2007 Dan Williams - 1:0.7.0-0.8.svn3138 +- Fix applet connection comparison which failed to send connection updated + signals to NM in some cases +- Make VPN connection applet more robust against plugin failures + +* Tue Dec 4 2007 Dan Williams - 1:0.7.0-0.8.svn3134 +- 64-bit -Wall compile fixes + +* Tue Dec 4 2007 Dan Williams - 1:0.7.0-0.8.svn3133 +- Fix applet crash when choosing to ignore the CA certificate (rh #359001) +- Fix applet crash when editing VPN properties and VPN connection failures (rh #409351) +- Add file filter name in certificate file picker dialog (rh #410201) +- No longer start named when starting NM (rh #381571) + +* Tue Nov 27 2007 Jeremy Katz - 1:0.7.0-0.8.svn3109 +- Fix upgrading from an earlier rawhide snap + +* Mon Nov 26 2007 Dan Williams - 1:0.7.0-0.6.6.svn3109 +- Fix device descriptions shown in applet menu + +* Mon Nov 26 2007 Dan Williams - 1:0.7.0-0.6.5.svn3109 +- Fix crash when deactivating VPN connections + +* Mon Nov 19 2007 Dan Williams - 1:0.7.0-0.6.5.svn3096 +- Fix crash and potential infinite nag dialog loop when ignoring CA certificates + +* Mon Nov 19 2007 Dan Williams - 1:0.7.0-0.6.4.svn3096 +- Fix crash when ignoring CA certificate for EAP-TLS, EAP-TTLS, and EAP-PEAP + +* Mon Nov 19 2007 Dan Williams - 1:0.7.0-0.6.3.svn3096 +- Fix connections when picking a WPA Enterprise AP from the menu +- Fix issue where applet would provide multiple same connections to NM + +* Thu Nov 15 2007 Dan Williams - 1:0.7.0-0.6.3.svn3094 +- Add support for EAP-PEAP (rh #362251) +- Fix EAP-TLS private key handling + +* Tue Nov 13 2007 Dan Williams - 1:0.7.0-0.6.2.svn3080 +- Clarify naming of WPA & WPA2 Personal encryption options (rh #374861, rh #373831) +- Don't require a CA certificate for applicable EAP methods (rh #359001) +- Fix certificate and private key handling for EAP-TTLS and EAP-TLS (rh #323371) +- Fix applet crash with USB devices (rh #337191) +- Support upgrades from NM 0.6.x GConf settings + +* Thu Nov 1 2007 Dan Williams - 1:0.7.0-0.6.1.svn3030 +- Fix applet crash with USB devices that don't advertise a product or vendor + (rh #337191) + +* Sat Oct 27 2007 Dan Williams - 1:0.7.0-0.5.svn3030 +- Fix crash when getting WPA secrets (rh #355041) + +* Fri Oct 26 2007 Dan Williams - 1:0.7.0-0.4.svn3030 +- Bring up ethernet devices by default if no connections are defined (rh #339201) +- Fix crash when switching networks or bringing up secrets dialog (rh #353091) +- Fix crash when editing VPN connection properties a second time +- Fix crash when cancelling the secrets dialog if another connection was + activated in the mean time +- Fix disembodied notification bubbles (rh #333391) + +* Thu Oct 25 2007 Dan Williams - 1:0.7.0-0.4.svn3020 +- Handle PEM certificates +- Hide WPA-PSK Type combo since it's as yet unused +- Fix applet crash when AP security options changed and old secrets are still + in the keyring +- Fix applet crash connecting to unencrypted APs via the other network dialog + +* Wed Oct 24 2007 Dan Williams - 1:0.7.0-0.3.svn3020 +- Fix WPA Enterprise connections that use certificates +- Better display of SSIDs in the menu + +* Wed Oct 24 2007 Dan Williams - 1:0.7.0-0.3.svn3016 +- Fix getting current access point +- Fix WPA Enterprise connections +- Wireless dialog now defaults to sensible choices based on the connection +- Tell nscd to restart if needed, don't silently kill it + +* Tue Oct 23 2007 Dan Williams - 1:0.7.0-0.3.svn3014 +- Suppress excessive GConf updates which sometimes caused secrets to be cleared + at the wrong times, causing connections to fail +- Various EAP and LEAP related fixes + +* Tue Oct 23 2007 Dan Williams - 1:0.7.0-0.3.svn3008 +- Make WPA-EAP and Dynamic WEP options connect successfully +- Static IPs are now handled correctly in NM itself + +* Mon Oct 22 2007 Dan Williams - 1:0.7.0-0.3.svn2995 +- Add Dynamic WEP as a supported authentication/security option + +* Sun Oct 21 2007 Dan Williams - 1:0.7.0-0.3.svn2994 +- Re-enable "Connect to other network" +- Switch to new GUI bits for wireless security config and password entry + +* Tue Oct 16 2007 Dan Williams - 1:0.7.0-0.3.svn2983 +- Add rfkill functionality +- Fix applet crash when choosing wired networks from the menu + +* Wed Oct 10 2007 Dan Williams - 1:0.7.0-0.3.svn2970 +- Fix segfault with deferred connections +- Fix default username with vpnc VPN plugin +- Hidden SSID fixes + +* Tue Oct 9 2007 Dan Williams - 1:0.7.0-0.3.svn2962 +- Fix merging of non-SSID-broadcasting APs into a device's scan list +- Speed up opening of the applet menu + +* Tue Oct 9 2007 Dan Williams - 1:0.7.0-0.3.svn2961 +- New snapshot + - Add timestamps to networks to connect to last used wireless network + - Turn autoconnect on in the applet + - Hidden SSID support + - Invalidate failed or cancelled connections again + - Fix issues with reactivation of the same device + - Handle connection updates in the applet (ex. find new VPN connections) + - Fix vertical sizing of menu items + - Fix AP list on wireless devices other than the first device in the applet + - Fix matching of current AP with the right menu item + +* Fri Sep 28 2007 Dan Williams - 1:0.7.0-0.3.svn2914 +- New snapshot + - Add WPA passphrase support to password dialog + - Applet now reflects actual VPN behavior of one active connection + - Applet now notices VPN active connections on startup + - Fix connections with some WPA and WEP keys + +* Thu Sep 27 2007 Dan Williams - 1:0.7.0-0.3.svn2907 +- New snapshot + - VPN support (only vpnc plugin ported at this time) + +* Tue Sep 25 2007 Dan Williams - 1:0.7.0-0.3.svn2886 +- New snapshot + - Make wired device carrier state work in the applet + - Fix handling of errors with unencrypted APs + - Fix "frozen" applet icon by reporting NM state better + - Fix output of AP frequency in nm-tool + +* Tue Sep 25 2007 Dan Williams - 1:0.7.0-0.3.svn2880 +- New snapshot + - Fix applet icon sizing on start (mclasen) + - Fix nm-tool installation (mclasen) + - Fix 'state' method call return (#303271) + - Fix 40-bit WEP keys (again) + - Fix loop when secrets were wrong/invalid + - Fix applet crash when clicking Cancel in the password dialog + - Ensure NM doesn't get stuck waiting for the supplicant to re-appear + if it crashes or goes away + - Make VPN properties applet work again + - Increase timeout for network password entry + +* Fri Sep 21 2007 Dan Williams - 1:0.7.0-0.3.svn2852 +- New snapshot (fix unencrypted & 40 bit WEP) + +* Fri Sep 21 2007 Dan Williams - 1:0.7.0-0.3.svn2849 +- New snapshot + +* Fri Sep 21 2007 Dan Williams - 1:0.7.0-0.3.svn2844 +- New snapshot + +* Thu Sep 20 2007 Dan Williams - 1:0.7.0-0.2.svn2833 +- New SVN snapshot of 0.7 that sucks less + +* Thu Aug 30 2007 Dan Williams - 1:0.7.0-0.1.svn2736 +- Update to SVN snapshot of 0.7 + +* Mon Aug 13 2007 Christopher Aillon 1:0.6.5-9 +- Update the license tag + +* Wed Aug 8 2007 Christopher Aillon 1:0.6.5-8 +- Own /etc/NetworkManager/dispatcher.d and /etc/NetworkManager/VPN (#234004) + +* Wed Jun 27 2007 Dan Williams 1:0.6.5-7 +- Fix Wireless Enabled checkbox when no killswitches are present + +* Thu Jun 21 2007 Dan Williams 1:0.6.5-6 +- Update to stable branch snapshot: + - More fixes for ethernet link detection (gnome #354565, rh #194124) + - Support for HAL-detected rfkill switches + +* Sun Jun 10 2007 Dan Williams 1:0.6.5-5 +- Fix applet crash on 64-bit platforms when choosing + "Connect to other wireless network..." (gnome.org #435036) +- Add debug output for ethernet device link changes + +* Thu Jun 7 2007 Dan Williams 1:0.6.5-4 +- Fix ethernet link detection (gnome #354565, rh #194124) +- Fix perpetual credentials request with private key passwords in the applet +- Sleep a bit before activating wireless cards to work around driver bugs + +* Mon Jun 4 2007 Dan Williams 1:0.6.5-3 +- Don't spawn wpa_supplicant with -o + +* Wed Apr 25 2007 Christopher Aillon 1:0.6.5-2 +- Fix requires macro (237806) + +* Thu Apr 19 2007 Christopher Aillon 1:0.6.5-1 +- Update to 0.6.5 final +- Don't lose scanned security information + +* Mon Apr 9 2007 Dan Williams - 1:0.6.5-0.7.svn2547 +- Update from trunk + * Updated translations + * Cleaned-up VPN properties dialogs + * Fix 64-bit kernel leakage issues in WEXT + * Don't capture and redirect wpa_supplicant log output + +* Wed Mar 28 2007 Matthew Barnes 1:0.6.5-0.6.svn2474 +- Close private D-Bus connections. (#232691) + +* Sun Mar 25 2007 Matthias Clasen 1:0.6.5-0.5.svn2474 +- Fix a directory ownership issue. (#233763) + +* Thu Mar 15 2007 Dan Williams - 1:0.6.5-0.4.svn2474 +- Update to pre-0.6.5 snapshot + +* Thu Feb 8 2007 Christopher Aillon - 1:0.6.5-0.3.cvs20061025 +- Guard against D-Bus LimitExceeded messages + +* Fri Feb 2 2007 Christopher Aillon - 1:0.6.5-0.2.cvs20061025 +- Move .so file to -devel package + +* Sat Nov 25 2006 Matthias Clasen +- Own the /etc/NetworkManager/dispatcher.d directory +- Require pkgconfig for the -devel packages +- Fix compilation with dbus 1.0 + +* Wed Oct 25 2006 Dan Williams - 1:0.6.5-0.cvs20061025 +- Update to a stable branch snapshot + - Gnome applet timeout/redraw suppression when idle + - Backport of LEAP patch from HEAD (from Thiago Bauermann) + - Backport of asynchronous scanning patch from HEAD + - Make renaming of VPN connections work (from Tambet Ingo) + - Dial down wpa_supplicant debug spew + - Cleanup of key/passphrase request scenarios (from Valentine Sinitsyn) + - Shut down VPN connections on logout (from Robert Love) + - Fix WPA passphrase hashing on PPC + +* Thu Oct 19 2006 Christopher Aillon - 1:0.6.4-6 +- Own /usr/share/NetworkManager and /usr/include/NetworkManager + +* Mon Sep 4 2006 Christopher Aillon - 1:0.6.4-5 +- Don't wake up to redraw if NM is inactive (#204850) + +* Wed Aug 30 2006 Bill Nottingham - 1:0.6.4-4 +- add epochs in requirements + +* Wed Aug 30 2006 Dan Williams - 1:0.6.4-3 +- Fix FC-5 buildreqs + +* Wed Aug 30 2006 Dan Williams - 1:0.6.4-2 +- Revert FC6 to latest stable NM +- Update to stable snapshot +- Remove bind/caching-nameserver hard requirement + +* Tue Aug 29 2006 Christopher Aillon - 0.7.0-0.cvs20060529.7 +- BuildRequire wireless-tools-devel and perl-XML-Parser +- Update the BuildRoot tag + +* Wed Aug 16 2006 Ray Strode - 0.7.0-0.cvs20060529.6 +- add patch to make networkmanager less verbose (bug 202832) + +* Wed Aug 9 2006 Ray Strode - 0.7.0-0.cvs20060529.5 +- actually make the patch in 0.7.0-0.cvs20060529.4 apply + +* Fri Aug 4 2006 Ray Strode - 0.7.0-0.cvs20060529.4 +- Don't ever elect inactive wired devices (bug 194124). + +* Wed Jul 19 2006 John (J5) Palmieri - 0.7.0-0.cvs20060529.3 +- Add patch to fix deprecated dbus functions + +* Tue Jul 18 2006 John (J5) Palmieri - 0.7.0-0.cvs20060529.2 +- Add BR for dbus-glib-devel + +* Wed Jul 12 2006 Jesse Keating - 0.7.0-0.cvs20060529.1.1 +- rebuild + +* Mon May 29 2006 Dan Williams - 0.7.0-0.cvs20060529 +- Update to latest CVS + o Gnome.org #333420: dialog do not have window icons + o Gnome.org #336913: HIG tweaks for vpn properties pages + o Gnome.org #336846: HIG tweaks for nm-vpn-properties + o Gnome.org #336847: some bugs in nm-vpn-properties args parsing + o Gnome.org #341306: nm-vpn-properties crashes on startup + o Gnome.org #341263: Version 0.6.2-0ubuntu5 crashes on nm_device_802_11_wireless_get_type + o Gnome.org #341297: displays repeated keyring dialogs on resume from suspend + o Gnome.org #342400: Building libnm-util --without-gcrypt results in linker error + o Gnome.org #342398: Eleminate Gnome dependency for NetworkManager + o Gnome.org #336532: declaration of 'link' shadows a global declaration +- Specfile fixes (#rh187489#) + +* Sun May 21 2006 Dan Williams - 0.7.0-0.cvs20060521 +- Update to latest CVS +- Drop special-case-madwifi.patch, since WEXT code is in madwifi-ng trunk now + +* Fri May 19 2006 Bill Nottingham - 0.6.2-3.fc6 +- use the same 0.6.2 tarball as FC5, so we have the same VPN interface + (did he fire ten args, or only nine?) + +* Thu Apr 27 2006 Jeremy Katz - 0.6.2-2.fc6 +- use the hal device type instead of poking via ioctl so that wireless + devices are properly detected even if the kill switch has been used + +* Thu Mar 30 2006 Dan Williams - 0.6.2-1 +- Update to 0.6.2: + * Fix various WPA-related bugs + * Clean up leaks + * Increased DHCP timeout to account for slow DHCP servers, or STP-enabled + switches + * Allow applet to reconnect on dbus restarts + * Add "Dynamic WEP" support + * Allow hiding of password/key entry text + * More responsive connection switching + +* Tue Mar 14 2006 Peter Jones - 0.6.0-3 +- Fix device bringup on resume + +* Mon Mar 6 2006 Dan Williams 0.6.0-2 +- Don't let wpa_supplicant perform scanning with non-WPA drivers + +* Mon Mar 6 2006 Dan Williams 0.6.0-1 +- Update to 0.6.0 release +- Move autostart file to /usr/share/gnome/autostart + +* Thu Mar 2 2006 Jeremy Katz - 0.5.1-18.cvs20060302 +- updated cvs snapshot. seems to make airo much less neurotic + +* Thu Mar 2 2006 Christopher Aillon +- Move the unversioned libnm_glib.so to the -devel package + +* Wed Mar 1 2006 Dan Williams 0.5.1-18.cvs20060301 +- Fix VPN-related crash +- Fix issue where NM would refuse to activate a VPN connection once it had timed out +- Log wpa_supplicant output for better debugging + +* Tue Feb 28 2006 Christopher Aillon 0.5.1-17.cvs20060228 +- Tweak three-scan-prune.patch + +* Mon Feb 27 2006 Christopher Aillon 0.5.1-16.cvs20060227 +- Don't prune networks until they've gone MIA for three scans, not one. + +* Mon Feb 27 2006 Christopher Aillon 0.5.1-15.cvs20060227 +- Update snapshot, which fixes up the libnotify stuff. + +* Fri Feb 24 2006 Dan Williams 0.5.1-14.cvs20060221 +- Move libnotify requires to NetworkManager-gnome, not core NM package + +* Tue Feb 21 2006 Dan Williams 0.5.1-13.cvs20060221 +- Add BuildRequires: libnl-devel (#rh179438#) +- Fix libnm_glib to not clobber an application's existing dbus connection + (#rh177546#, gnome.org #326572) +- libnotify support +- AP compatibility fixes + +* Mon Feb 13 2006 Dan Williams 0.5.1-12.cvs20060213 +- Minor bug fixes +- Update to VPN dbus API for passing user-defined routes to vpn service + +* Sun Feb 12 2006 Christopher Aillon 0.5.1-11.cvs20060205 +- Rebuild + +* Tue Feb 07 2006 Jesse Keating 0.5.1-10.cvs20060205.1 +- rebuilt for new gcc4.1 snapshot and glibc changes + +* Sun Feb 5 2006 Dan Williams 0.5.1-10.cvs20060205 +- Workarounds for madwifi/Atheros cards +- Do better with non-SSID-broadcasting access points +- Fix hangs when access points change settings + +* Thu Feb 2 2006 Dan Williams 0.5.1-9.cvs20060202 +- Own /var/run/NetworkManager, fix SELinux issues + +* Tue Jan 31 2006 Dan Williams 0.5.1-8.cvs20060131 +- Switch to autostarting the applet instead of having it be session-managed +- Work better with non-broadcasting access points +- Add more manufacturer default SSIDs to the blacklist + +* Tue Jan 31 2006 Dan Williams 0.5.1-7.cvs20060131 +- Longer association timeout +- Fix some SELinux issues +- General bug and cosmetic fixes + +* Fri Jan 27 2006 Dan Williams 0.5.1-6.cvs20060127 +- Snapshot from CVS +- WPA Support! Woohoo! + +* Fri Dec 09 2005 Jesse Keating +- rebuilt + +* Thu Dec 01 2005 John (J5) Palmieri - 0.5.1-5 +- rebuild for new dbus + +* Fri Nov 18 2005 Peter Jones - 0.5.1-4 +- Don't kill the network connection when you upgrade the package. + +* Fri Oct 21 2005 Christopher Aillon - 0.5.1-3 +- Split out the -glib subpackage to have a -glib-devel package as well +- Add epoch to version requirements for bind and wireless-tools +- Update URL of project + +* Wed Oct 19 2005 Christopher Aillon - 0.5.1-2 +- NetworkManager 0.5.1 + +* Mon Oct 17 2005 Christopher Aillon - 0.5.0-2 +- NetworkManager 0.5.0 + +* Mon Oct 10 2005 Dan Williams - 0.4.1-5.cvs20051010 +- Fix automatic wireless connections +- Remove usage of NMLoadModules callout, no longer needed +- Try to fix deadlock when menu is down and keyring dialog pops up + +* Sun Oct 09 2005 Dan Williams - 0.4.1-4.cvs20051009 +- Update to latest CVS + o Integrate connection progress with applet icon (Chris Aillon) + o More information in "Connection Information" dialog (Robert Love) + o Shorten time taken to sleep + o Make applet icon wireless strength levels a bit more realistic + o Talk to named using DBUS rather than spawning our own + - You need to add "-D" to the OPTIONS line in /etc/sysconfig/named + - You need to set named to start as a service on startup + +* Thu Sep 22 2005 Dan Williams - 0.4.1-3.cvs20050922 +- Update to current CVS to fix issues with routing table and /sbin/ip + +* Mon Sep 12 2005 Jeremy Katz - 0.4.1-2.cvs20050912 +- update to current CVS and rebuild (workaround for #168120) + +* Fri Aug 19 2005 Dan Williams - 0.4.1-2.cvs20050819 +- Fix occasional hang in NM caused by the applet + +* Wed Aug 17 2005 Dan Williams - 0.4.1 +- Update to NetworkManager 0.4.1 + +* Tue Aug 16 2005 Dan Williams - 0.4-36.cvs20050811 +- Rebuild against new cairo/gtk + +* Thu Aug 11 2005 Dan Williams - 0.4-35.cvs20050811 +- Update to latest CVS + o Use DHCP server address as gateway address if the DHCP server doesn't give + us a gateway address #rh165698# + o Fixes to the applet (Robert Love) + o Better caching of information in the applet (Bill Moss) + o Generate automatic suggested Ad-Hoc network name from machine's hostname + (Robert Love) + o Update all network information on successfull connect, not just + authentication method + +* Fri Jul 29 2005 Ray Strode - 0.4-34.cvs20050729 +- Update to latest CVS to get fix for bug 165683. + +* Mon Jul 11 2005 Dan Williams - 0.4-34.cvs20050629 +- Move pkgconfig file to devel package (#162316, thanks to Michael Schwendt) + +* Wed Jun 29 2005 David Zeuthen - 0.4-33.cvs20050629 +- Update to latest CVS to get latest VPN interface settings to satisfy + BuildReq for NetworkManager-vpnc in Fedora Extras Development +- Latest CVS also contains various bug- and UI-fixes + +* Fri Jun 17 2005 Dan Williams - 0.4-32.cvs20050617 +- Update to latest CVS + o VPN connection import/export capability + o Fix up some menu item names +- Move nm-vpn-properties.glade to the gnome subpackage + +* Thu Jun 16 2005 Dan Williams - 0.4-31.cvs20050616 +- Update to latest CVS + o Clean up wording in Wireless Network Discovery menu + o Robert Love's applet beautify patch + +* Wed Jun 15 2005 Dan Williams - 0.4-30.cvs20050615 +- Update to latest CVS + +* Mon May 16 2005 Dan Williams - 0.4-15.cvs30050404 +- Fix dispatcher and applet CFLAGS so they gets compiled with FORTIFY_SOURCE + +* Mon May 16 2005 Dan Williams - 0.4-14.cvs30050404 +- Fix segfault in NetworkManagerDispatcher, add an initscript for it + +* Mon May 16 2005 Dan Williams - 0.4-13.cvs30050404 +- Fix condition that may have resulted in DHCP client returning success + when it really timed out + +* Sat May 14 2005 Dan Williams - 0.4-12.cvs20050404 +- Enable OK button correctly in Passphrase and Other Networks dialogs when + using ASCII or Hex WEP keys + +* Thu May 5 2005 Dan Williams - 0.4-11.cvs20050404 +- #rh154391# NetworkManager dies on startup (don't force-kill nifd) + +* Wed May 4 2005 Dan Williams - 0.4-10.cvs20050404 +- Fix leak of a socket in DHCP code + +* Wed May 4 2005 Dan Williams - 0.4-9.cvs20050404 +- Fix some memory leaks (Tom Parker) +- Join to threads rather than spinning for their completion (Tom Parker) +- Fix misuse of a g_assert() (Colin Walters) +- Fix return checking of an ioctl() (Bill Moss) +- Better detection and matching of hidden access points (Bill Moss) +- Don't use varargs, and therefore don't crash on PPC (Peter Jones) + +* Wed Apr 27 2005 Jeremy Katz - 0.4-8.cvs20050404 +- fix build with newer dbus + +* Wed Apr 27 2005 Jeremy Katz - 0.4-7.cvs20050404 +- silence %%post + +* Mon Apr 4 2005 Dan Williams 0.4-6.cvs20050404 +- #rh153234# NetworkManager quits/cores just as a connection is made + +* Sat Apr 2 2005 Dan Williams 0.4-5.cvs20050402 +- Update from latest CVS HEAD + +* Fri Mar 25 2005 Christopher Aillon 0.4-4.cvs20050315 +- Update the GTK+ theme icon cache on (un)install + +* Tue Mar 15 2005 Ray Strode 0.4-3.cvs20050315 +- Pull from latest CVS HEAD + +* Tue Mar 15 2005 Ray Strode 0.4-2.cvs20050315 +- Upload new source tarball (woops) + +* Tue Mar 15 2005 Ray Strode 0.4-1.cvs20050315 +- Pull from latest CVS HEAD (hopefully works again) + +* Mon Mar 7 2005 Ray Strode 0.4-1.cvs20050307 +- Pull from latest CVS HEAD +- Commit broken NetworkManager to satisfy to dbus dependency + +* Fri Mar 4 2005 Dan Williams 0.3.4-1.cvs20050304 +- Pull from latest CVS HEAD +- Rebuild for gcc 4.0 + +* Tue Feb 22 2005 Dan Williams 0.3.3-2.cvs20050222 +- Update from CVS + +* Mon Feb 14 2005 Dan Williams 0.3.3-2.cvs20050214.x.1 +- Fix free of invalid pointer for multiple search domains + +* Mon Feb 14 2005 Dan Williams 0.3.3-2.cvs20050214 +- Never automatically choose a device that doesn't support carrier detection +- Add right-click menu to applet, can now "Pause/Resume" scanning through it +- Fix DHCP Renew/Rebind timeouts +- Fix frequency cycling problem on some cards, even when scanning was off +- Play better with IPv6 +- Don't send kernel version in DHCP packets, and ensure DHCP packets are at + least 300 bytes in length to work around broken router +- New DHCP options D-BUS API by Dan Reed +- Handle multiple domain search options in DHCP responses + +* Wed Feb 2 2005 Dan Williams 0.3.3-1.cvs20050202 +- Display wireless network name in applet tooltip +- Hopefully fix double-default-route problem +- Write out valid resolv.conf when we exit +- Make multi-domain search options work +- Rework signal strength code to be WEXT conformant, if strength is + still wierd then its 95% surely a driver problem +- Fix annoying instances of suddenly dropping and reactivating a + wireless device (Cisco cards were worst offenders here) +- Fix some instances of NetworkManager not remembering your WEP key +- Fix some races between NetworkManager and NetworkManagerInfo where + NetworkManager wouldn't recognize changes in the allowed list +- Don't shove Ad-Hoc Access Point MAC addresses into GConf + +* Tue Jan 25 2005 Dan Williams 0.3.3-1.cvs20050125 +- Play nice with dbus 0.23 +- Update our list of Allowed Wireless Networks more quickly + +* Mon Jan 24 2005 Dan Williams 0.3.3-1.cvs20050124 +- Update to latest CVS +- Make sure we start as late as possible so that we ensure dbus & HAL + are already around +- Fix race in initial device activation + +* Mon Jan 24 2005 Than Ngo 0.3.3-1.cvs20050112.4 +- rebuilt against new wireless tool + +* Fri Jan 21 2005 - 0.3.3-1.cvs20050118 +- Fix issue where NM wouldn't recognize that access points were + encrypted, and then would try to connect without encryption +- Refine packaging to put client library in separate package +- Remove bind+caching-nameserver dep for FC-3, use 'nscd -i hosts' + instead. DNS queries may timeout now right after device + activation due to this change. + +* Wed Jan 12 2005 - 0.3.3-1.cvs20050112 +- Update to latest CVS +- Fixes to DHCP code +- Link-Local (ZeroConf/Rendezvous) support +- Use bind in "caching-nameserver" mode to work around stupidity + in glibc's resolver library not recognizing resolv.conf changes +- #rh144818# Clean up the specfile (Patch from Matthias Saou) +- Ad-Hoc mode support with Link-Local addressing only (for now) +- Fixes for device activation race conditions +- Wireless scanning in separate thread + +* Wed Dec 8 2004 - 0.3.2-4.3.cvs20041208 +- Update to CVS +- Updates to link detection, DHCP code +- Remove NMLaunchHelper so we start up faster and don't + block for a connection. This means services that depend + on the network may fail if they start right after NM +- Make sure DHCP renew/rebinding works + +* Wed Nov 17 2004 - 0.3.2-3.cvs20041117 +- Update to CVS +- Fixes to link detection +- Better detection of non-ESSID-broadcasting access points +- Don't dialog-spam the user if a connection fails + +* Thu Nov 11 2004 - 0.3.2-2.cvs20041115 +- Update to CVS +- Much better link detection, works with Open System authentication +- Blacklist wireless cards rather than whitelisting them + +* Fri Oct 29 2004 - 0.3.2-2.cvs20041029 +- #rh134893# NetworkManagerInfo and the panel-icon life-cycle +- #rh134895# Status icon should hide when in Wired-only mode +- #rh134896# Icon code needs rewrite +- #rh134897# "Other Networks..." dialog needs implementing +- #rh135055# Menu highlights incorrectly in NM +- #rh135648# segfault with cipsec0 +- #rh135722# NetworkManager will not allow zaurus to sync via usb0 +- #rh135999# NetworkManager-0.3.1 will not connect to 128 wep +- #rh136866# applet needs tooltips +- #rh137047# lots of applets, yay! +- #rh137341# Network Manager dies after disconnecting from wired network second time +- Better checking for wireless devices +- Fix some memleaks +- Fix issues with dhclient declining an offered address +- Fix an activation thread deadlock +- More accurately detect "Other wireless networks" that are encrypted +- Don't bring devices down as much, won't hotplug-spam as much anymore + about firmware +- Add a "network not found" dialog when the user chooses a network that could + not be connected to + +* Tue Oct 26 2004 - 0.3.1-2 +- Fix escaping of ESSIDs in gconf + +* Tue Oct 19 2004 - 0.3.1-1 +- minor point release to improve error handling and translations + +* Fri Oct 15 2004 Dan Williams 0.3-1 +- Update from CVS, version 0.3 + +* Tue Oct 12 2004 Dan Williams 0.2-4 +- Update from CVS +- Improvements: + o Better link checking on wireless cards + o Panel applet now a Notification Area icon + o Static IP configuration support + +* Mon Sep 13 2004 Dan Williams 0.2-3 +- Update from CVS + +* Sat Sep 11 2004 Dan Williams 0.2-2 +- Require gnome-panel, not gnome-panel-devel +- Turn off by default + +* Thu Aug 26 2004 Dan Williams 0.2-1 +- Update to 0.2 + +* Thu Aug 26 2004 Florian La Roche +- spec-changes to req glib2 instead of glib + +* Fri Aug 20 2004 Dan Williams 0.1-3 +- First public release