diff --git a/.NetworkManager.metadata b/.NetworkManager.metadata index 433c062..78ac642 100644 --- a/.NetworkManager.metadata +++ b/.NetworkManager.metadata @@ -1 +1 @@ -3e228519d0c4fd4d407816f34bc5fce2efcabb1f SOURCES/NetworkManager-1.54.0.tar.xz +7e0ead0e13cb2c49702f4b07042dba3d5dd02866 SOURCES/NetworkManager-1.54.3.tar.xz diff --git a/.gitignore b/.gitignore index 100161a..5bbf9a1 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/NetworkManager-1.54.0.tar.xz +SOURCES/NetworkManager-1.54.3.tar.xz diff --git a/SOURCES/1001-ovs-don-t-remove-unrelated-external-ports-rhel-121103.patch b/SOURCES/1001-ovs-don-t-remove-unrelated-external-ports-rhel-121103.patch deleted file mode 100644 index 32fae0e..0000000 --- a/SOURCES/1001-ovs-don-t-remove-unrelated-external-ports-rhel-121103.patch +++ /dev/null @@ -1,92 +0,0 @@ -From bc8e8c4247bceffda6a9b3dcc7803b3ab84158a2 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?=C3=8D=C3=B1igo=20Huguet?= -Date: Thu, 9 Oct 2025 12:24:11 +0200 -Subject: [PATCH] ovs: don't remove unrelated external ports - -The commit linked below introduced a bug that caused that OVS ports -added externally to NM are always deleted when we delete any OVS -interface. It affects to all externally added ports, including those -that are not related to the deleted interface and even those in -different OVS bridges. - -Fix it by only modifying ports and bridges that are ascendants of the -deleted interface, leaving everything else untouched. - -Note that bridges and ports still need to have at least one NM-managed -interface, otherwise they will also be purged. For example, an NM-owned -OVS bridge with 2 ports+iface, one NM-owned and one external: if we -delete the NM-owned iface, both ports and the bridge will be deleted. -For now, this is a known limitation that is not being fixed here. - -Fixes: 476c89b6f2cd ('ovs: only keep bridges and ports with NM interfaces attached') -(cherry picked from commit 93491d76ecf75c202ff82369e3eb72e7e6d37c8a) -(cherry picked from commit 8326cc32d64441dd993b5b1e73ded21d548efa6d) ---- - src/core/devices/ovs/nm-ovsdb.c | 32 +++++++++++++++++--------------- - 1 file changed, 17 insertions(+), 15 deletions(-) - -diff --git a/src/core/devices/ovs/nm-ovsdb.c b/src/core/devices/ovs/nm-ovsdb.c -index 164bfd3565..1c9484c486 100644 ---- a/src/core/devices/ovs/nm-ovsdb.c -+++ b/src/core/devices/ovs/nm-ovsdb.c -@@ -1460,40 +1460,42 @@ _delete_interface(NMOvsdb *self, json_t *params, const char *ifname) - json_array_append_new(new_interfaces, json_pack("[s,s]", "uuid", interface_uuid)); - } - -- if (num_nm_interfaces == 0) { -- /* The port no longer has any NM interface. Don't add it to "new_ports" and set -- * ports_changed=TRUE, so that it will be deleted. */ -+ if (interfaces_changed && num_nm_interfaces == 0) { -+ /* We are deleting the last nm-interface of this port. Don't add it to "new_ports" -+ * and set ports_changed=TRUE, so that it will be deleted. */ - ports_changed = TRUE; - } else { -+ /* Keep this port: it's still alive, or it's unrelated to the deleted interface */ -+ json_array_append_new(new_ports, json_pack("[s,s]", "uuid", port_uuid)); -+ if (ovs_port->connection_uuid) -+ num_nm_ports++; -+ - if (interfaces_changed) { -- /* An interface needs to be deleted from this port */ -+ /* This port is still alive, but an interface needs to be deleted from it */ - _expect_port_interfaces(params, ovs_port->name, interfaces); - _set_port_interfaces(params, ovs_port->name, new_interfaces); - } -- /* The port is still alive */ -- json_array_append_new(new_ports, json_pack("[s,s]", "uuid", port_uuid)); -- if (ovs_port->connection_uuid) -- num_nm_ports++; - } - } - -- if (num_nm_ports == 0) { -- /* The bridge no longer has any NM port. Don't add it to "new_bridges" and set -- * bridges_changed=TRUE, so that it will be deleted. */ -+ if (ports_changed && num_nm_ports == 0) { -+ /* We are deleting the last nm-port of this bridge. Don't add it to "new_bridges" -+ * and set bridges_changed=TRUE, so that it will be deleted. */ - bridges_changed = TRUE; - } else { -+ /* Keep this bridge: it's still alive, or it's unrelated to the deleted interface */ -+ json_array_append_new(new_bridges, json_pack("[s,s]", "uuid", ovs_bridge->bridge_uuid)); -+ - if (ports_changed) { -- /* A port needs to be deleted from this bridge */ -+ /* This bridge is still alive, but a port needs to be deleted from it */ - _expect_bridge_ports(params, ovs_bridge->name, ports); - _set_bridge_ports(params, ovs_bridge->name, new_ports); - } -- /* The bridge is still alive */ -- json_array_append_new(new_bridges, json_pack("[s,s]", "uuid", ovs_bridge->bridge_uuid)); - } - } - - if (bridges_changed) { -- /* A port needs to be deleted from this bridge */ -+ /* A bridge needs to be deleted */ - _expect_ovs_bridges(params, priv->db_uuid, bridges); - _set_ovs_bridges(params, priv->db_uuid, new_bridges); - } --- -2.50.1 - diff --git a/SOURCES/1002-support-reapplying-sriov-vfs-rhel-113953.patch b/SOURCES/1002-support-reapplying-sriov-vfs-rhel-113953.patch deleted file mode 100644 index 02a156b..0000000 --- a/SOURCES/1002-support-reapplying-sriov-vfs-rhel-113953.patch +++ /dev/null @@ -1,178 +0,0 @@ -From 59a54e8f9431f730b0d99d737be821988d7d867e Mon Sep 17 00:00:00 2001 -From: Jan Vaclav -Date: Thu, 14 Aug 2025 12:52:09 +0200 -Subject: [PATCH 1/2] device: extract sriov platform vf generation to separate - function - -(cherry picked from commit 588a69cd1b0e5bab7371f297c6450d17f5de9ab2) -(cherry picked from commit b2d8f60c4970401b4e981604eceaa37520052fcf) ---- - src/core/devices/nm-device.c | 61 +++++++++++++++++++++++++----------- - 1 file changed, 43 insertions(+), 18 deletions(-) - -diff --git a/src/core/devices/nm-device.c b/src/core/devices/nm-device.c -index f6057e529f..d88d785422 100644 ---- a/src/core/devices/nm-device.c -+++ b/src/core/devices/nm-device.c -@@ -10390,6 +10390,43 @@ sriov_params_cb(GError *error, gpointer user_data) - nm_device_activate_schedule_stage1_device_prepare(self, FALSE); - } - -+static gboolean -+sriov_gen_platform_vfs(NMDevice *self, -+ NMSettingSriov *s_sriov, -+ NMPlatformVF ***plat_vfs_out, -+ GError **error) -+{ -+ nm_auto_freev NMPlatformVF **plat_vfs = NULL; -+ guint num; -+ -+ nm_assert(s_sriov); -+ nm_assert(plat_vfs_out && !*plat_vfs_out); -+ -+ num = nm_setting_sriov_get_num_vfs(s_sriov); -+ plat_vfs = g_new0(NMPlatformVF *, num + 1); -+ -+ for (int i = 0; i < num; i++) { -+ NMSriovVF *vf = nm_setting_sriov_get_vf(s_sriov, i); -+ gs_free_error GError *local = NULL; -+ -+ plat_vfs[i] = sriov_vf_config_to_platform(self, vf, &local); -+ -+ if (!plat_vfs[i]) { -+ g_set_error(error, -+ local->domain, -+ local->code, -+ "VF '%s' is invalid: %s", -+ nm_utils_sriov_vf_to_str(vf, FALSE, NULL), -+ local->message); -+ return FALSE; -+ } -+ } -+ -+ *plat_vfs_out = g_steal_pointer(&plat_vfs); -+ -+ return TRUE; -+} -+ - /* - * activate_stage1_device_prepare - * -@@ -10436,10 +10473,7 @@ activate_stage1_device_prepare(NMDevice *self) - if (s_sriov && nm_device_has_capability(self, NM_DEVICE_CAP_SRIOV)) { - nm_auto_freev NMPlatformVF **plat_vfs = NULL; - gs_free_error GError *error = NULL; -- NMSriovVF *vf; - NMTernary autoprobe; -- guint num; -- guint i; - - autoprobe = nm_setting_sriov_get_autoprobe_drivers(s_sriov); - if (autoprobe == NM_TERNARY_DEFAULT) { -@@ -10452,21 +10486,12 @@ activate_stage1_device_prepare(NMDevice *self) - NM_OPTION_BOOL_TRUE); - } - -- num = nm_setting_sriov_get_num_vfs(s_sriov); -- plat_vfs = g_new0(NMPlatformVF *, num + 1); -- for (i = 0; i < num; i++) { -- vf = nm_setting_sriov_get_vf(s_sriov, i); -- plat_vfs[i] = sriov_vf_config_to_platform(self, vf, &error); -- if (!plat_vfs[i]) { -- _LOGE(LOGD_DEVICE, -- "failed to apply SR-IOV VF '%s': %s", -- nm_utils_sriov_vf_to_str(vf, FALSE, NULL), -- error->message); -- nm_device_state_changed(self, -- NM_DEVICE_STATE_FAILED, -- NM_DEVICE_STATE_REASON_SRIOV_CONFIGURATION_FAILED); -- return; -- } -+ if (!sriov_gen_platform_vfs(self, s_sriov, &plat_vfs, &error)) { -+ _LOGE(LOGD_DEVICE, "cannot parse the VF list: %s", error->message); -+ nm_device_state_changed(self, -+ NM_DEVICE_STATE_FAILED, -+ NM_DEVICE_STATE_REASON_SRIOV_CONFIGURATION_FAILED); -+ return; - } - - /* When changing the number of VFs the kernel can block --- -2.50.1 - - -From 79e494539f6e0abfebb92f099c3c1242f13defec Mon Sep 17 00:00:00 2001 -From: Jan Vaclav -Date: Thu, 14 Aug 2025 13:00:53 +0200 -Subject: [PATCH 2/2] device: add support for reapplying the `sriov.vfs` - property - -Adds support for reapplying the `sriov.vfs` property. Note this -does not include `num_vfs`, as the configuration needs to be reset -and reconfigured from scratch in that case. - -Previously, if an existing VF is modified (e.g. if we change the `trust` -flag), we reset all VF configurations, and started from scratch. But in -some cases, this is unnecessarily disruptive. - -Resolves: https://issues.redhat.com/browse/RHEL-95844 -(cherry picked from commit 4ba3ffee6788e6d8b75aff6c7aa21f92e45d5b9c) -(cherry picked from commit 6f454c98a98818e96ecd4f228f1e42febd2b2b32) ---- - src/core/devices/nm-device.c | 31 +++++++++++++++++++++++++++++-- - 1 file changed, 29 insertions(+), 2 deletions(-) - -diff --git a/src/core/devices/nm-device.c b/src/core/devices/nm-device.c -index d88d785422..78301a9698 100644 ---- a/src/core/devices/nm-device.c -+++ b/src/core/devices/nm-device.c -@@ -14087,7 +14087,8 @@ can_reapply_change(NMDevice *self, - return nm_device_hash_check_invalid_keys(diffs, - NM_SETTING_SRIOV_SETTING_NAME, - error, -- NM_SETTING_SRIOV_PRESERVE_ON_DOWN); -+ NM_SETTING_SRIOV_PRESERVE_ON_DOWN, -+ NM_SETTING_SRIOV_VFS); - } - - out_fail: -@@ -14265,9 +14266,35 @@ check_and_reapply_connection(NMDevice *self, - - nm_device_link_properties_set(self, TRUE); - -- if (priv->state >= NM_DEVICE_STATE_CONFIG) -+ if (priv->state >= NM_DEVICE_STATE_CONFIG) { -+ GHashTable *sriov_diff; -+ - lldp_setup(self, NM_TERNARY_DEFAULT); - -+ sriov_diff = nm_g_hash_table_lookup(diffs, NM_SETTING_SRIOV_SETTING_NAME); -+ -+ if (sriov_diff && nm_g_hash_table_lookup(sriov_diff, NM_SETTING_SRIOV_VFS)) { -+ nm_auto_freev NMPlatformVF **plat_vfs = NULL; -+ NMSettingSriov *s_sriov; -+ -+ s_sriov = (NMSettingSriov *) nm_connection_get_setting(applied, NM_TYPE_SETTING_SRIOV); -+ -+ if (s_sriov) { -+ gs_free_error GError *local = NULL; -+ -+ if (!sriov_gen_platform_vfs(self, s_sriov, &plat_vfs, &local) -+ || !nm_platform_link_set_sriov_vfs(nm_device_get_platform(self), -+ priv->ifindex, -+ (const NMPlatformVF *const *) plat_vfs)) { -+ _LOGE(LOGD_DEVICE, -+ "failed to reapply SRIOV VFs%s%s", -+ local ? ": " : "", -+ local ? local->message : ""); -+ } -+ } -+ } -+ } -+ - if (priv->state >= NM_DEVICE_STATE_IP_CONFIG) { - /* Allow reapply of MTU */ - priv->mtu_source = NM_DEVICE_MTU_SOURCE_NONE; --- -2.50.1 - diff --git a/SOURCES/1003-remove-lacp-active-from-reapply-subset-rhel-154243.patch b/SOURCES/1003-remove-lacp-active-from-reapply-subset-rhel-154243.patch deleted file mode 100644 index 3bacecd..0000000 --- a/SOURCES/1003-remove-lacp-active-from-reapply-subset-rhel-154243.patch +++ /dev/null @@ -1,33 +0,0 @@ -From ec93c9d282dc9e73fc2566554a4114a2c86e79b2 Mon Sep 17 00:00:00 2001 -From: Pradyumn Rahar -Date: Tue, 9 Sep 2025 15:23:22 +0000 -Subject: [PATCH] bond: remove `lacp_active` option from reapply subset - -NM_SETTING_BOND_OPTION_LACP_ACTIVE is flagged as BOND_OPTFLAG_IFDOWN in -the kernel and hence should not be in OPTIONS_REAPPLY_SUBSET. - -Authored-by: Mohith Kumar Thummaluru -Signed-off-by: Mohith Kumar Thummaluru -Signed-off-by: Pradyumn Rahar -(cherry picked from commit 9c48bae3b2747fb182f74897c8b8251cb820c804) ---- - src/core/devices/nm-device-bond.c | 3 +-- - 1 file changed, 1 insertion(+), 2 deletions(-) - -diff --git a/src/core/devices/nm-device-bond.c b/src/core/devices/nm-device-bond.c -index 673d236194..39e68e966b 100644 ---- a/src/core/devices/nm-device-bond.c -+++ b/src/core/devices/nm-device-bond.c -@@ -52,8 +52,7 @@ - NM_SETTING_BOND_OPTION_PACKETS_PER_SLAVE, NM_SETTING_BOND_OPTION_PRIMARY_RESELECT, \ - NM_SETTING_BOND_OPTION_RESEND_IGMP, NM_SETTING_BOND_OPTION_USE_CARRIER, \ - NM_SETTING_BOND_OPTION_XMIT_HASH_POLICY, NM_SETTING_BOND_OPTION_NUM_GRAT_ARP, \ -- NM_SETTING_BOND_OPTION_PEER_NOTIF_DELAY, NM_SETTING_BOND_OPTION_ARP_MISSED_MAX, \ -- NM_SETTING_BOND_OPTION_LACP_ACTIVE -+ NM_SETTING_BOND_OPTION_PEER_NOTIF_DELAY, NM_SETTING_BOND_OPTION_ARP_MISSED_MAX - - #define OPTIONS_REAPPLY_FULL \ - OPTIONS_REAPPLY_SUBSET, NM_SETTING_BOND_OPTION_ACTIVE_SLAVE, \ --- -2.53.0 - diff --git a/SPECS/NetworkManager.spec b/SPECS/NetworkManager.spec index 2352615..405ccf2 100644 --- a/SPECS/NetworkManager.spec +++ b/SPECS/NetworkManager.spec @@ -4,10 +4,10 @@ %global glib2_version %(pkg-config --modversion glib-2.0 2>/dev/null || echo bad) %global epoch_version 1 -%global real_version 1.54.0 -%global git_tag_version 1.54.0 +%global real_version 1.54.3 +%global git_tag_version 1.54.3 %global rpm_version %{real_version} -%global release_version 4 +%global release_version 2 %global snapshot %{nil} %global git_sha %{nil} %global bcond_default_debug 0 @@ -189,9 +189,7 @@ Source9: readme-ifcfg-rh-migrated.txt Patch0001: 0001-revert-change-default-value-for-ipv4.dad-timeout-from-0-to-200ms.patch # Bugfixes that are only relevant until next rebase of the package. -Patch1001: 1001-ovs-don-t-remove-unrelated-external-ports-rhel-121103.patch -Patch1002: 1002-support-reapplying-sriov-vfs-rhel-113953.patch -Patch1003: 1003-remove-lacp-active-from-reapply-subset-rhel-154243.patch +# Patch1001: 1001-some.patch Requires(post): systemd Requires(post): systemd-udev @@ -203,8 +201,7 @@ Requires(postun): systemd Requires: dbus >= %{dbus_version} Requires: glib2 >= %{glib2_version} Requires: %{name}-libnm%{?_isa} = %{epoch}:%{version}-%{release} - -Recommends: iputils +Requires: iputils %if 0%{?rhel} == 8 # Older libndp versions use select() (rh#1933041). On well known distros, @@ -902,6 +899,7 @@ fi %{_libexecdir}/nm-dispatcher %{_libexecdir}/nm-initrd-generator %{_libexecdir}/nm-daemon-helper +%{_libexecdir}/nm-libnm-helper %{_libexecdir}/nm-priv-helper %dir %{_libdir}/%{name} %dir %{nmplugindir} @@ -1089,15 +1087,25 @@ fi %changelog -* Mon Mar 09 2026 Ján Václav - 1:1.54.0-4 -- Fix unexpected lacp_active error in logs (RHEL-154243) +* Wed Jan 7 2026 Beniamino Galvani - 1:1.54.3-2 +- Add hard dependency on iputils (RHEL-134751) -* Mon Oct 20 2025 Íñigo Huguet - 1:1.54.0-3 -- Rebuild due to wrong buildroot picked in last build +* Mon Dec 15 2025 Íñigo Huguet - 1:1.54.3-1 +- Update to 1.54.3 +- Fix CVE-2025-9615 (RHEL-111783) -* Wed Oct 15 2025 Íñigo Huguet - 1:1.54.0-2 -- Support reapplying sriov.vfs (RHEL-113953) -- Fix removing unrelated OVS ports (RHEL-121103) +* Tue Nov 18 2025 Íñigo Huguet - 1:1.54.2-1 +- Update to 1.54.2 +- Support setting protocol version of HSR/PRP (RHEL-122172) +- Support interlink for HSR/PRP (RHEL-122175) +- Improve logging of networking off (RHEL-122173 ) +- Don't delete unrelated OVS ports (RHEL-121104) + +* Thu Sep 18 2025 Vladimír Beneš - 1:1.54.1-1 +- Update to 1.54.1 +- Adding a VF configuration resets and re-configures all other VFs (RHEL-113954) +- Fix connection.autoconnect-ports of OVS ports (RHEL-114200) +- Global DNS config without domains silently ignored from D-Bus (RHEL-115973) * Mon Aug 04 2025 Filip Pokryvka - 1:1.54.0-1 - Update to 1.54.0 @@ -1130,6 +1138,14 @@ fi - NetworkManager does not add the `lock` attribute when `rto_min` is used (RHEL-85778) - Can not change `bridge.options.mcast-snooping-enable` on partial managemd OVS bridge (RHEL-87168) +Resolves: RHEL-83061 +Resolves: RHEL-59083 +Resolves: RHEL-87596 +Resolves: RHEL-85770 +Resolves: RHEL-85764 +Resolves: RHEL-85778 +Resolves: RHEL-87168 + * Mon Apr 14 2025 Filip Pokrývka - 1:1.53.3-1 - Update to 1.53.3 (dev) - Add more IPv6 prefix delegation options (RHEL-85765)