import UBI NetworkManager-1.48.10-8.el9_5

SOURCES/1009-core-prevent-the-activation-of-unavailable-devices-rhel-78745.patch

@@ -0,0 +1,120 @@
+From a12b1dfdb0393687ae0fc505c57c76de2907209c Mon Sep 17 00:00:00 2001
+From: Beniamino Galvani <bgalvani@redhat.com>
+Date: Mon, 10 Feb 2025 15:15:18 +0100
+Subject: [PATCH 1/2] core: cleanup nm_manager_get_best_device_for_connection()
+
+Rename "unavailable_devices" to "exclude_devices", as the
+"unavailable" term has a specific, different meaning in NetworkManager
+(i.e. the device is in the UNAVAILABLE state). Also, use
+nm_g_hash_table_contains() when needed.
+
+(cherry picked from commit 6c1eb99d3258ac8cf969cb648a988565c205a205)
+(cherry picked from commit da866c4cda996b14d5ea8c3540c8ba0d5d798e9a)
+(cherry picked from commit 0045a0240cb64814126dc0f7adbcbaee9aca3b54)
+---
+ src/core/nm-manager.c | 10 ++++------
+ 1 file changed, 4 insertions(+), 6 deletions(-)
+
+diff --git a/src/core/nm-manager.c b/src/core/nm-manager.c
+index a673279712..cd79653078 100644
+--- a/src/core/nm-manager.c
++++ b/src/core/nm-manager.c
+@@ -4536,7 +4536,7 @@ nm_manager_get_best_device_for_connection(NMManager            *self,
+                                           NMSettingsConnection *sett_conn,
+                                           NMConnection         *connection,
+                                           gboolean              for_user_request,
+-                                          GHashTable           *unavailable_devices,
++                                          GHashTable           *exclude_devices,
+                                           GError              **error)
+ {
+     NMManagerPrivate       *priv = NM_MANAGER_GET_PRIVATE(self);
+@@ -4619,7 +4619,7 @@ nm_manager_get_best_device_for_connection(NMManager            *self,
+ 
+         ac_device = nm_active_connection_get_device(ac);
+         if (ac_device
+-            && ((unavailable_devices && g_hash_table_contains(unavailable_devices, ac_device))
++            && (nm_g_hash_table_contains(exclude_devices, ac_device)
+                 || !nm_device_check_connection_available(ac_device, connection, flags, NULL, NULL)))
+             ac_device = NULL;
+ 
+@@ -4635,9 +4635,7 @@ nm_manager_get_best_device_for_connection(NMManager            *self,
+                 NMDevice               *ac_device2 = nm_active_connection_get_device(ac2);
+                 NMActiveConnectionState ac_state2;
+ 
+-                if (!ac_device2
+-                    || (unavailable_devices
+-                        && g_hash_table_contains(unavailable_devices, ac_device2))
++                if (!ac_device2 || nm_g_hash_table_contains(exclude_devices, ac_device2)
+                     || !nm_device_check_connection_available(ac_device2,
+                                                              connection,
+                                                              flags,
+@@ -4698,7 +4696,7 @@ found_better:
+         GError              *local = NULL;
+         DeviceActivationPrio prio;
+ 
+-        if (unavailable_devices && g_hash_table_contains(unavailable_devices, device))
++        if (nm_g_hash_table_contains(exclude_devices, device))
+             continue;
+ 
+         /* determine the priority of this device. Currently, this priority is independent
+-- 
+2.48.1
+
+
+From 00a4e1cc0495e13ac72d0df82792654168e92781 Mon Sep 17 00:00:00 2001
+From: Beniamino Galvani <bgalvani@redhat.com>
+Date: Mon, 10 Feb 2025 15:27:43 +0100
+Subject: [PATCH 2/2] core: prevent the activation of unavailable devices
+
+When autoconnecting ports of a controller, we look for all candidate
+(device,connection) tuples through the following call trace:
+
+ -> autoconnect_ports()
+   -> find_ports()
+     -> nm_manager_get_best_device_for_connection()
+       -> nm_device_check_connection_available()
+         -> _nm_device_check_connection_available()
+
+The last function checks that a specific device is available to be
+activated with the given connection. For virtual devices, it only
+checks that the device is compatible with the connection based on the
+device type and characteristics, without considering any live network
+information.
+
+For OVS interfaces, this doesn't work as expected. During startup, NM
+performs a cleanup of the ovsdb to remove entries that were previously
+added by NM. When the cleanup is terminated, NMOvsdb sets the "ready"
+flag and is ready to start the activation of new OVS interfaces. With
+the current mechanism, it is possible that a OVS-interface connection
+gets activated via the autoconnect-ports mechanism without checking
+the "ready" flag.
+
+Fix that by also checking that the device is available for activation.
+
+(cherry picked from commit 774badb1519a76fb3b7c0f60cf46ee5ea25bce69)
+(cherry picked from commit f459c7fecce8445515d052b5b48f10d808e97fff)
+(cherry picked from commit b495d6bd55f4068596d380ce81614eb3d86943a3)
+---
+ src/core/nm-manager.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/src/core/nm-manager.c b/src/core/nm-manager.c
+index cd79653078..36b8bda0f5 100644
+--- a/src/core/nm-manager.c
++++ b/src/core/nm-manager.c
+@@ -4699,6 +4699,12 @@ found_better:
+         if (nm_g_hash_table_contains(exclude_devices, device))
+             continue;
+ 
++        if (!nm_device_is_available(device,
++                                    for_user_request
++                                        ? NM_DEVICE_CHECK_DEV_AVAILABLE_FOR_USER_REQUEST
++                                        : NM_DEVICE_CHECK_DEV_AVAILABLE_NONE))
++            continue;
++
+         /* determine the priority of this device. Currently, this priority is independent
+          * of the profile (connection) and the device's details (aside the state).
+          *
+-- 
+2.48.1
+

SOURCES/1010-fix-nmtui-segfault-adding-veth-rhel-75763.patch

@@ -0,0 +1,242 @@
+From dd50a5199f1661c9d2226d8d5c01b0b485a9bc86 Mon Sep 17 00:00:00 2001
+From: Jan Vaclav <jvaclav@redhat.com>
+Date: Wed, 15 May 2024 12:57:41 +0200
+Subject: [PATCH 1/2] nmtui: add veth page
+
+https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1943
+(cherry picked from commit 187ff4c73b9ae1c3c020bd999633306b09eabead)
+---
+ Makefile.am               |  2 +
+ src/nmtui/meson.build     |  1 +
+ src/nmtui/nmt-editor.c    |  3 ++
+ src/nmtui/nmt-page-veth.c | 92 +++++++++++++++++++++++++++++++++++++++
+ src/nmtui/nmt-page-veth.h | 32 ++++++++++++++
+ 5 files changed, 130 insertions(+)
+ create mode 100644 src/nmtui/nmt-page-veth.c
+ create mode 100644 src/nmtui/nmt-page-veth.h
+
+diff --git a/Makefile.am b/Makefile.am
+index a0daa95314..ee92a1de53 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -5304,6 +5304,8 @@ src_nmtui_nmtui_SOURCES = \
+ 	src/nmtui/nmt-page-team-port.h \
+ 	src/nmtui/nmt-page-team.c \
+ 	src/nmtui/nmt-page-team.h \
++	src/nmtui/nmt-page-veth.c \
++	src/nmtui/nmt-page-veth.h \
+ 	src/nmtui/nmt-page-vlan.c \
+ 	src/nmtui/nmt-page-vlan.h \
+ 	src/nmtui/nmt-page-wifi.c \
+diff --git a/src/nmtui/meson.build b/src/nmtui/meson.build
+index 13aa864750..eecfaa9927 100644
+--- a/src/nmtui/meson.build
++++ b/src/nmtui/meson.build
+@@ -32,6 +32,7 @@ executable(
+     'nmt-page-ppp.c',
+     'nmt-page-team.c',
+     'nmt-page-team-port.c',
++    'nmt-page-veth.c',
+     'nmt-page-vlan.c',
+     'nmt-page-wifi.c',
+     'nmt-page-wireguard.c',
+diff --git a/src/nmtui/nmt-editor.c b/src/nmtui/nmt-editor.c
+index 6e502778d1..6205736a78 100644
+--- a/src/nmtui/nmt-editor.c
++++ b/src/nmtui/nmt-editor.c
+@@ -39,6 +39,7 @@
+ #include "nmt-page-ppp.h"
+ #include "nmt-page-team.h"
+ #include "nmt-page-team-port.h"
++#include "nmt-page-veth.h"
+ #include "nmt-page-vlan.h"
+ #include "nmt-page-wifi.h"
+ #include "nmt-page-wireguard.h"
+@@ -369,6 +370,8 @@ nmt_editor_constructed(GObject *object)
+         page = nmt_page_dsl_new(priv->edit_connection, deventry);
+     else if (nm_connection_is_type(priv->edit_connection, NM_SETTING_TEAM_SETTING_NAME))
+         page = nmt_page_team_new(priv->edit_connection, deventry);
++    else if (nm_connection_is_type(priv->edit_connection, NM_SETTING_VETH_SETTING_NAME))
++        page = nmt_page_veth_new(priv->edit_connection, deventry);
+     else if (nm_connection_is_type(priv->edit_connection, NM_SETTING_VLAN_SETTING_NAME))
+         page = nmt_page_vlan_new(priv->edit_connection, deventry);
+     else if (nm_connection_is_type(priv->edit_connection, NM_SETTING_WIRED_SETTING_NAME))
+diff --git a/src/nmtui/nmt-page-veth.c b/src/nmtui/nmt-page-veth.c
+new file mode 100644
+index 0000000000..35d0d78d58
+--- /dev/null
++++ b/src/nmtui/nmt-page-veth.c
+@@ -0,0 +1,92 @@
++/* SPDX-License-Identifier: LGPL-2.1-or-later */
++/*
++ * Copyright (C) 2024 Red Hat, Inc.
++ */
++/**
++ * SECTION:nmt-page-veth
++ * @short_description: The editor page for veth connections
++ */
++
++#include "libnm-client-aux-extern/nm-default-client.h"
++
++#include <linux/if_ether.h>
++
++#include "nmt-page-veth.h"
++
++#include "libnm-core-aux-intern/nm-libnm-core-utils.h"
++#include "nmt-device-entry.h"
++#include "nmt-mac-entry.h"
++#include "nmt-mtu-entry.h"
++
++G_DEFINE_TYPE(NmtPageVeth, nmt_page_veth, NMT_TYPE_EDITOR_PAGE_DEVICE)
++
++#define NMT_PAGE_VETH_GET_PRIVATE(o) _NM_GET_PRIVATE(self, NmtPageVeth, NMT_IS_PAGE_VETH)
++
++static void
++nmt_page_veth_init(NmtPageVeth *veth)
++{}
++
++NmtEditorPage *
++nmt_page_veth_new(NMConnection *conn, NmtDeviceEntry *deventry)
++{
++    return g_object_new(NMT_TYPE_PAGE_VETH, "connection", conn, "device-entry", deventry, NULL);
++}
++
++static void
++nmt_page_veth_constructed(GObject *object)
++{
++    NmtPageVeth      *veth = NMT_PAGE_VETH(object);
++    NmtEditorSection *section;
++    NmtEditorGrid    *grid;
++    NMSettingVeth    *s_veth;
++    NMSettingWired   *s_wired;
++    NmtNewtWidget    *widget;
++    NMConnection     *conn;
++
++    conn    = nmt_editor_page_get_connection(NMT_EDITOR_PAGE(veth));
++    s_veth  = _nm_connection_ensure_setting(conn, NM_TYPE_SETTING_VETH);
++    s_wired = _nm_connection_ensure_setting(conn, NM_TYPE_SETTING_WIRED);
++
++    section = nmt_editor_section_new(_("VETH"), NULL, TRUE);
++    grid    = nmt_editor_section_get_body(section);
++
++    widget = nmt_newt_entry_new(40, 0);
++    nmt_editor_grid_append(grid, _("Peer"), widget, NULL);
++    g_object_bind_property(s_veth,
++                           NM_SETTING_VETH_PEER,
++                           widget,
++                           "text",
++                           G_BINDING_SYNC_CREATE | G_BINDING_BIDIRECTIONAL);
++
++    nmt_editor_page_add_section(NMT_EDITOR_PAGE(veth), section);
++
++    section = nmt_editor_section_new(_("ETHERNET"), NULL, FALSE);
++    grid    = nmt_editor_section_get_body(section);
++
++    widget = nmt_mac_entry_new(40, ETH_ALEN, NMT_MAC_ENTRY_TYPE_CLONED_ETHERNET);
++    g_object_bind_property(s_wired,
++                           NM_SETTING_WIRED_CLONED_MAC_ADDRESS,
++                           widget,
++                           "mac-address",
++                           G_BINDING_BIDIRECTIONAL | G_BINDING_SYNC_CREATE);
++    nmt_editor_grid_append(grid, _("Cloned MAC address"), widget, NULL);
++
++    widget = nmt_mtu_entry_new();
++    g_object_bind_property(s_wired,
++                           NM_SETTING_WIRED_MTU,
++                           widget,
++                           "mtu",
++                           G_BINDING_BIDIRECTIONAL | G_BINDING_SYNC_CREATE);
++    nmt_editor_grid_append(grid, _("MTU"), widget, NULL);
++
++    nmt_editor_page_add_section(NMT_EDITOR_PAGE(veth), section);
++
++    G_OBJECT_CLASS(nmt_page_veth_parent_class)->constructed(object);
++}
++
++static void
++nmt_page_veth_class_init(NmtPageVethClass *veth_class)
++{
++    GObjectClass *object_class = G_OBJECT_CLASS(veth_class);
++    object_class->constructed  = nmt_page_veth_constructed;
++}
+diff --git a/src/nmtui/nmt-page-veth.h b/src/nmtui/nmt-page-veth.h
+new file mode 100644
+index 0000000000..8822f3a27d
+--- /dev/null
++++ b/src/nmtui/nmt-page-veth.h
+@@ -0,0 +1,32 @@
++/* SPDX-License-Identifier: LGPL-2.1-or-later */
++/*
++ * Copyright (C) 2024 Red Hat, Inc.
++ */
++
++#ifndef NMT_PAGE_VETH_H
++#define NMT_PAGE_VETH_H
++
++#include "nmt-editor-page-device.h"
++
++#define NMT_TYPE_PAGE_VETH (nmt_page_veth_get_type())
++#define NMT_PAGE_VETH(obj) (_NM_G_TYPE_CHECK_INSTANCE_CAST((obj), NMT_TYPE_PAGE_VETH, NmtPageVeth))
++#define NMT_PAGE_VETH_CLASS(klass) \
++    (G_TYPE_CHECK_CLASS_CAST((klass), NMT_TYPE_PAGE_VETH, NmtPageVethClass))
++#define NMT_IS_PAGE_VETH(obj)         (G_TYPE_CHECK_INSTANCE_TYPE((obj), NMT_TYPE_PAGE_VETH))
++#define NMT_IS_PAGE_VETH_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE((klass), NMT_TYPE_PAGE_VETH))
++#define NMT_PAGE_VETH_GET_CLASS(obj) \
++    (G_TYPE_INSTANCE_GET_CLASS((obj), NMT_TYPE_PAGE_VETH, NmtPageVethClass))
++
++typedef struct {
++    NmtEditorPageDevice parent;
++} NmtPageVeth;
++
++typedef struct {
++    NmtEditorPageDeviceClass parent;
++} NmtPageVethClass;
++
++GType nmt_page_veth_get_type(void);
++
++NmtEditorPage *nmt_page_veth_new(NMConnection *conn, NmtDeviceEntry *deventry);
++
++#endif /* NMT_PAGE_VETH_H */
+-- 
+2.47.1
+
+
+From 7d9ed27897d90e6dbd97aef6e7bbb0a181c961df Mon Sep 17 00:00:00 2001
+From: Jan Vaclav <jvaclav@redhat.com>
+Date: Mon, 20 May 2024 14:04:18 +0200
+Subject: [PATCH 2/2] nmtui: include veth devices in activation dialog
+
+(cherry picked from commit e74f506b81595112893997f08cbad8482e7777aa)
+---
+ src/libnm-core-impl/nm-connection.c     | 2 ++
+ src/nmtui/nmt-connect-connection-list.c | 1 +
+ 2 files changed, 3 insertions(+)
+
+diff --git a/src/libnm-core-impl/nm-connection.c b/src/libnm-core-impl/nm-connection.c
+index 95fe89a87c..6dace2b73c 100644
+--- a/src/libnm-core-impl/nm-connection.c
++++ b/src/libnm-core-impl/nm-connection.c
+@@ -3258,6 +3258,8 @@ nm_connection_get_virtual_device_description(NMConnection *connection)
+         display_type = _("WireGuard");
+     else if (nm_streq(type, NM_SETTING_TUN_SETTING_NAME))
+         display_type = _("TUN/TAP");
++    else if (nm_streq(type, NM_SETTING_VETH_SETTING_NAME))
++        display_type = _("Veth");
+ 
+     if (!iface || !display_type)
+         return NULL;
+diff --git a/src/nmtui/nmt-connect-connection-list.c b/src/nmtui/nmt-connect-connection-list.c
+index 70264d3ec2..1fd44b2957 100644
+--- a/src/nmtui/nmt-connect-connection-list.c
++++ b/src/nmtui/nmt-connect-connection-list.c
+@@ -96,6 +96,7 @@ static const char *device_sort_order[]   = {"NMDeviceEthernet",
+                                             "NMDeviceInfiniband",
+                                             "NMDeviceWifi",
+                                             NM_SETTING_VLAN_SETTING_NAME,
++                                            NM_SETTING_VETH_SETTING_NAME,
+                                             NM_SETTING_BOND_SETTING_NAME,
+                                             NM_SETTING_TEAM_SETTING_NAME,
+                                             NM_SETTING_BRIDGE_SETTING_NAME,
+-- 
+2.47.1
+

SOURCES/1011-policy-always-reset-retries-when-unblocking-children-or-ports-rhel-78748.patch

@@ -0,0 +1,136 @@
+From d1545823e467aec816ed0073c4eec1bec669e98f Mon Sep 17 00:00:00 2001
+From: Fernando Fernandez Mancera <ffmancera@riseup.net>
+Date: Wed, 12 Feb 2025 10:58:39 +0100
+Subject: [PATCH] policy: always reset retries when unblocking children or
+ ports
+
+When calling activate_port_or_children_connections() we are unblocking
+the ports and children but we are not resetting the number of retries if
+it is an internal activation.
+
+This is wrong as even if it's an internal activation the number of
+retries should be reset. It won't interferfe with other blocking reasons
+like USER_REQUESTED or MISSING_SECRETS.
+
+(cherry picked from commit 7acc66699af9a1546c602082b6994b98cfea7c80)
+(cherry picked from commit 2daeef668d7d1e31d6165b89ef4222ce51ddeb89)
+(cherry picked from commit 52ed8567e2084a21727ac89c26dcd110be19c35a)
+(cherry picked from commit b870c94a4c319d1927f01107e01590c6ccc8342a)
+---
+ src/core/nm-policy.c | 33 +++++++++------------------------
+ 1 file changed, 9 insertions(+), 24 deletions(-)
+
+diff --git a/src/core/nm-policy.c b/src/core/nm-policy.c
+index 93b52526a2..e01a13fb8b 100644
+--- a/src/core/nm-policy.c
++++ b/src/core/nm-policy.c
+@@ -1873,8 +1873,7 @@ unblock_autoconnect_for_children(NMPolicy   *self,
+                                  const char *parent_device,
+                                  const char *parent_uuid_settings,
+                                  const char *parent_uuid_applied,
+-                                 const char *parent_mac_addr,
+-                                 gboolean    reset_devcon_autoconnect)
++                                 const char *parent_mac_addr)
+ {
+     NMPolicyPrivate             *priv = NM_POLICY_GET_PRIVATE(self);
+     NMSettingsConnection *const *connections;
+@@ -1915,10 +1914,8 @@ unblock_autoconnect_for_children(NMPolicy   *self,
+                           parent_mac_addr))
+             continue;
+ 
+-        if (reset_devcon_autoconnect) {
+-            if (nm_manager_devcon_autoconnect_retries_reset(priv->manager, NULL, sett_conn))
+-                changed = TRUE;
+-        }
++        if (nm_manager_devcon_autoconnect_retries_reset(priv->manager, NULL, sett_conn))
++            changed = TRUE;
+ 
+         /* unblock the devices associated with that connection */
+         if (nm_manager_devcon_autoconnect_blocked_reason_set(
+@@ -1940,8 +1937,7 @@ static void
+ unblock_autoconnect_for_ports(NMPolicy   *self,
+                               const char *controller_device,
+                               const char *controller_uuid_settings,
+-                              const char *controller_uuid_applied,
+-                              gboolean    reset_devcon_autoconnect)
++                              const char *controller_uuid_applied)
+ {
+     NMPolicyPrivate             *priv = NM_POLICY_GET_PRIVATE(self);
+     NMSettingsConnection *const *connections;
+@@ -1959,7 +1955,6 @@ unblock_autoconnect_for_ports(NMPolicy   *self,
+                               "\"",
+                               ""));
+ 
+-    changed     = FALSE;
+     connections = nm_settings_get_connections(priv->settings, NULL);
+     for (i = 0; connections[i]; i++) {
+         NMSettingsConnection *sett_conn = connections[i];
+@@ -1977,10 +1972,8 @@ unblock_autoconnect_for_ports(NMPolicy   *self,
+                           controller_uuid_settings))
+             continue;
+ 
+-        if (reset_devcon_autoconnect) {
+-            if (nm_manager_devcon_autoconnect_retries_reset(priv->manager, NULL, sett_conn))
+-                changed = TRUE;
+-        }
++        if (nm_manager_devcon_autoconnect_retries_reset(priv->manager, NULL, sett_conn))
++            changed = TRUE;
+ 
+         /* unblock the devices associated with that connection */
+         if (nm_manager_devcon_autoconnect_blocked_reason_set(
+@@ -2015,7 +2008,7 @@ unblock_autoconnect_for_ports_for_sett_conn(NMPolicy *self, NMSettingsConnection
+     controller_uuid_settings = nm_setting_connection_get_uuid(s_con);
+     controller_device        = nm_setting_connection_get_interface_name(s_con);
+ 
+-    unblock_autoconnect_for_ports(self, controller_device, controller_uuid_settings, NULL, TRUE);
++    unblock_autoconnect_for_ports(self, controller_device, controller_uuid_settings, NULL);
+ }
+ 
+ static void
+@@ -2028,7 +2021,6 @@ activate_port_or_children_connections(NMPolicy *self,
+     const char   *controller_uuid_applied  = NULL;
+     const char   *parent_mac_addr          = NULL;
+     NMActRequest *req;
+-    gboolean      internal_activation = FALSE;
+ 
+     controller_device = nm_device_get_iface(device);
+     nm_assert(controller_device);
+@@ -2039,7 +2031,6 @@ activate_port_or_children_connections(NMPolicy *self,
+     if (req) {
+         NMConnection         *connection;
+         NMSettingsConnection *sett_conn;
+-        NMAuthSubject        *subject;
+ 
+         sett_conn = nm_active_connection_get_settings_connection(NM_ACTIVE_CONNECTION(req));
+         if (sett_conn)
+@@ -2051,25 +2042,19 @@ activate_port_or_children_connections(NMPolicy *self,
+ 
+         if (nm_streq0(controller_uuid_settings, controller_uuid_applied))
+             controller_uuid_applied = NULL;
+-
+-        subject = nm_active_connection_get_subject(NM_ACTIVE_CONNECTION(req));
+-        internal_activation =
+-            subject && (nm_auth_subject_get_subject_type(subject) == NM_AUTH_SUBJECT_TYPE_INTERNAL);
+     }
+ 
+     if (!activate_children_connections_only) {
+         unblock_autoconnect_for_ports(self,
+                                       controller_device,
+                                       controller_uuid_settings,
+-                                      controller_uuid_applied,
+-                                      !internal_activation);
++                                      controller_uuid_applied);
+     }
+     unblock_autoconnect_for_children(self,
+                                      controller_device,
+                                      controller_uuid_settings,
+                                      controller_uuid_applied,
+-                                     parent_mac_addr,
+-                                     !internal_activation);
++                                     parent_mac_addr);
+ }
+ 
+ static gboolean
+-- 
+2.48.1
+

SOURCES/1012-core-prevent-the-activation-of-unavailable-ovs-interfaces-only-rhel-79995.patch

@@ -0,0 +1,53 @@
+From 11d2ec5d62fe061bb25db2343a51d9aa4239fb53 Mon Sep 17 00:00:00 2001
+From: Fernando Fernandez Mancera <ffmancera@riseup.net>
+Date: Mon, 17 Feb 2025 23:10:53 +0100
+Subject: [PATCH] core: prevent the activation of unavailable OVS interfaces
+ only
+
+Preventing the activation of unavailable devices for all device types is
+too aggresive and leads to race conditions, e.g when a non-virtual bond
+port gets a carrier, preventing the device to be a good candidate for
+the connection.
+
+Instead, enforce this check only on OVS interfaces as NetworkManager
+just makes sure that ovsdb->ready is set to TRUE.
+
+https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/2139
+
+Fixes: 774badb1519a ('core: prevent the activation of unavailable devices')
+(cherry picked from commit a1c05d2ce6f115c900ef21b69c3ee7e98ef4ddaf)
+(cherry picked from commit b8ef2a551e505b5ffb02cc5d4e3ab29e78ea1fac)
+(cherry picked from commit 8b39a79621435e0ea3c7b4caaa69640f268409ae)
+(cherry picked from commit 67e71a9d7f110607838c5633db81eb2ed0ea6992)
+---
+ src/core/nm-manager.c | 14 ++++++++++----
+ 1 file changed, 10 insertions(+), 4 deletions(-)
+
+diff --git a/src/core/nm-manager.c b/src/core/nm-manager.c
+index 36b8bda0f5..cae3dff613 100644
+--- a/src/core/nm-manager.c
++++ b/src/core/nm-manager.c
+@@ -4699,10 +4699,16 @@ found_better:
+         if (nm_g_hash_table_contains(exclude_devices, device))
+             continue;
+ 
+-        if (!nm_device_is_available(device,
+-                                    for_user_request
+-                                        ? NM_DEVICE_CHECK_DEV_AVAILABLE_FOR_USER_REQUEST
+-                                        : NM_DEVICE_CHECK_DEV_AVAILABLE_NONE))
++        /* During startup, NM performs a cleanup of the ovsdb to remove previous entries.
++         * Before the device is suitable for the connection, it must have ovsdb->ready set
++         * to TRUE. Performing this check in all kind of interfaces is too agressive and leads
++         * to race conditions, e.g when a non-virtual bond port gets a carrier, preventing the
++         * device to be a good candidate for the connection. */
++        if (nm_device_get_device_type(device) == NM_DEVICE_TYPE_OVS_INTERFACE
++            && !nm_device_is_available(device,
++                                       for_user_request
++                                           ? NM_DEVICE_CHECK_DEV_AVAILABLE_FOR_USER_REQUEST
++                                           : NM_DEVICE_CHECK_DEV_AVAILABLE_NONE))
+             continue;
+ 
+         /* determine the priority of this device. Currently, this priority is independent
+-- 
+2.48.1
+

SPECS/NetworkManager.spec

@@ -6,7 +6,7 @@
 %global epoch_version 1
 %global real_version 1.48.10
 %global rpm_version %{real_version}
-%global release_version 5
+%global release_version 8
 %global snapshot %{nil}
 %global git_sha %{nil}
 %global bcond_default_debug 0
@@ -219,6 +219,10 @@ Patch1005: 1005-fix-validation-of-ovs-dpdk-interface-name-rhel-60022.patch
 Patch1006: 1006-remove-routes-added-by-nm-on-reapply-rhel-73013.patch
 Patch1007: 1007-vpn-place-gateway-route-to-table-defined-in-ipvx-route-table-rhel-73166.patch
 Patch1008: 1008-vpn-support-routing-rules-in-vpn-conenctions-rhel-73167.patch
+Patch1009: 1009-core-prevent-the-activation-of-unavailable-devices-rhel-78745.patch
+Patch1010: 1010-fix-nmtui-segfault-adding-veth-rhel-75763.patch
+Patch1011: 1011-policy-always-reset-retries-when-unblocking-children-or-ports-rhel-78748.patch
+Patch1012: 1012-core-prevent-the-activation-of-unavailable-ovs-interfaces-only-rhel-79995.patch
 
 Requires(post): systemd
 %if 0%{?fedora} || 0%{?rhel} >= 8
@@ -1275,6 +1279,16 @@ fi
 
 
 %changelog
+* Tue Feb 18 2025 Fernando Fernandez Mancera <ferferna@redhat.com> - 1:1.48.10-8
+- policy: always reset retries when unblocking children or ports (RHEL-78748)
+- core: prevent the activation of unavailable OVS interfaces only (RHEL-79995)
+
+* Thu Feb 13 2025 Íñigo Huguet <ihuguet@redhat.com> - 1:1.48.10-7
+- nmtui: fix segfault when adding veth interface (RHEL-75763)
+
+* Wed Feb 12 2025 Fernando Fernandez Mancera <ferferna@redhat.com> - 1:1.48.10-6
+- core: prevent the activation of unavailable devices (RHEL-77167)
+
 * Thu Jan 09 2025 Wen Liang <wenliang@redhat.com> - 1:1.48.10-5
 - vpn: Support routing rules in vpn conenctions (RHEL-73167)
 - vpn: Place gateway route to table defined in ipvx.route-table (RHEL-73166)