Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package NetworkManager for openSUSE:Factory checked in at 2025-11-01 23:34:11 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/NetworkManager (Old) and /work/SRC/openSUSE:Factory/.NetworkManager.new.1980 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "NetworkManager" Sat Nov 1 23:34:11 2025 rev:287 rq:1314829 version:1.54.1 Changes: -------- --- /work/SRC/openSUSE:Factory/NetworkManager/NetworkManager.changes 2025-09-30 17:39:29.349954280 +0200 +++ /work/SRC/openSUSE:Factory/.NetworkManager.new.1980/NetworkManager.changes 2025-11-01 23:34:18.409695790 +0100 @@ -1,0 +2,8 @@ +Fri Oct 31 10:05:44 UTC 2025 - Johannes Segitz <[email protected]> + +- Add patch 2298.patch to fix issue with SELinux labeling. Is already + upstream via + https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/2298 + and can be removed next release (bsc#1248136) + +------------------------------------------------------------------- New: ---- 2298.patch ----------(New B)---------- New: - Add patch 2298.patch to fix issue with SELinux labeling. Is already upstream via ----------(New E)---------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ NetworkManager.spec ++++++ --- /var/tmp/diff_new_pack.K1hRal/_old 2025-11-01 23:34:19.529742622 +0100 +++ /var/tmp/diff_new_pack.K1hRal/_new 2025-11-01 23:34:19.533742790 +0100 @@ -97,6 +97,8 @@ Patch9: NetworkManager-dont-renew-bridge-dhcp-if-no-mac-on-wakeup.patch # PATCH-FIX-OPENSUSE nm-initrd-generator document static ip setup bsc#1244072 Patch11: 0001-man-document-static-ip-setup-differences-to-dracut-n.patch +# PATCH-FIX-UPSTREAM https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/2298.patch +Patch12: 2298.patch BuildRequires: c++_compiler BuildRequires: dnsmasq @@ -322,6 +324,7 @@ %patch -P 9 -p1 %endif %patch -P 11 -p1 +%patch -P 12 -p1 # Fix server.conf's location, to end up in %%{_defaultdocdir}/%%{name}, # rather then %%{_datadir}/doc/%%{name}/examples: ++++++ 2298.patch ++++++ >From c312390932d1f1198baacca0de3c6a01811728a8 Mon Sep 17 00:00:00 2001 From: Beniamino Galvani <[email protected]> Date: Tue, 14 Oct 2025 10:41:26 +0200 Subject: [PATCH 1/2] libnm-glib-aux: add temp name argument to nm_utils_file_set_contents() In some cases it's useful to specify the name of the temporary file to be used. --- src/core/devices/wifi/nm-iwd-manager.c | 2 +- src/core/main-utils.c | 2 +- src/core/nm-core-utils.c | 1 + src/core/platform/tests/monitor.c | 1 + .../plugins/ifcfg-rh/nms-ifcfg-rh-writer.c | 1 + .../plugins/keyfile/nms-keyfile-utils.c | 1 + .../plugins/keyfile/nms-keyfile-writer.c | 10 +++++++++- src/libnm-glib-aux/nm-io-utils.c | 18 +++++++++++++----- src/libnm-glib-aux/nm-io-utils.h | 1 + src/nm-initrd-generator/nm-initrd-generator.c | 2 +- 10 files changed, 30 insertions(+), 9 deletions(-) diff --git a/src/core/devices/wifi/nm-iwd-manager.c b/src/core/devices/wifi/nm-iwd-manager.c index 76a342e206c..bb2e056d39c 100644 --- a/src/core/devices/wifi/nm-iwd-manager.c +++ b/src/core/devices/wifi/nm-iwd-manager.c @@ -684,7 +684,7 @@ iwd_config_write(GKeyFile *config, * in the last few filename characters -- it cannot end in .open, .psk * or .8021x. */ - return nm_utils_file_set_contents(filepath, data, length, 0600, times, NULL, error); + return nm_utils_file_set_contents(filepath, data, length, 0600, times, NULL, NULL, error); } static const char * diff --git a/src/core/main-utils.c b/src/core/main-utils.c index 0f62da29024..d1be6814875 100644 --- a/src/core/main-utils.c +++ b/src/core/main-utils.c @@ -81,7 +81,7 @@ nm_main_utils_write_pidfile(const char *pidfile) char pid[16]; nm_sprintf_buf(pid, "%lld", (long long) getpid()); - if (!nm_utils_file_set_contents(pidfile, pid, -1, 00644, NULL, NULL, &error)) { + if (!nm_utils_file_set_contents(pidfile, pid, -1, 00644, NULL, NULL, NULL, &error)) { fprintf(stderr, _("Writing to %s failed: %s\n"), pidfile, error->message); return FALSE; } diff --git a/src/core/nm-core-utils.c b/src/core/nm-core-utils.c index 8b7ee1ddf67..33f53a06358 100644 --- a/src/core/nm-core-utils.c +++ b/src/core/nm-core-utils.c @@ -2865,6 +2865,7 @@ _host_id_read(guint8 **out_host_id, gsize *out_host_id_len) 0600, NULL, NULL, + NULL, &error)) { nm_log_warn( LOGD_CORE, diff --git a/src/core/platform/tests/monitor.c b/src/core/platform/tests/monitor.c index c83192bbc92..f413facfcdc 100644 --- a/src/core/platform/tests/monitor.c +++ b/src/core/platform/tests/monitor.c @@ -186,6 +186,7 @@ ip_again: 00644, NULL, NULL, + NULL, NULL); nm_log_dbg(LOGD_PLATFORM, "dump to file complete"); diff --git a/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c b/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c index 42675cf222e..21908090f73 100644 --- a/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c +++ b/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c @@ -320,6 +320,7 @@ write_blobs(GHashTable *blobs, GError **error) 0600, NULL, NULL, + NULL, &write_error)) { g_set_error(error, NM_SETTINGS_ERROR, diff --git a/src/core/settings/plugins/keyfile/nms-keyfile-utils.c b/src/core/settings/plugins/keyfile/nms-keyfile-utils.c index 7c0e329e2d6..26fb34418d5 100644 --- a/src/core/settings/plugins/keyfile/nms-keyfile-utils.c +++ b/src/core/settings/plugins/keyfile/nms-keyfile-utils.c @@ -280,6 +280,7 @@ nms_keyfile_nmmeta_write(const char *dirname, length, 0600, NULL, + NULL, &errsv, NULL)) { NM_SET_OUT(out_full_filename, g_steal_pointer(&full_filename_tmp)); diff --git a/src/core/settings/plugins/keyfile/nms-keyfile-writer.c b/src/core/settings/plugins/keyfile/nms-keyfile-writer.c index b1dd2e446fd..c7c88260790 100644 --- a/src/core/settings/plugins/keyfile/nms-keyfile-writer.c +++ b/src/core/settings/plugins/keyfile/nms-keyfile-writer.c @@ -133,6 +133,7 @@ cert_writer(NMConnection *connection, 0600, NULL, NULL, + NULL, &local); if (success) { /* Write the path value to the keyfile. @@ -384,7 +385,14 @@ _internal_write_connection(NMConnection *connection, } } - nm_utils_file_set_contents(path, kf_content_buf, kf_content_len, 0600, NULL, NULL, &local_err); + nm_utils_file_set_contents(path, + kf_content_buf, + kf_content_len, + 0600, + NULL, + NULL, + NULL, + &local_err); if (local_err) { g_set_error(error, NM_SETTINGS_ERROR, diff --git a/src/libnm-glib-aux/nm-io-utils.c b/src/libnm-glib-aux/nm-io-utils.c index 9443172b46b..d26ecee4f05 100644 --- a/src/libnm-glib-aux/nm-io-utils.c +++ b/src/libnm-glib-aux/nm-io-utils.c @@ -415,8 +415,10 @@ nm_utils_file_get_contents(int dirfd, /* * Copied from GLib's g_file_set_contents() et al., but allows - * specifying a mode for the new file and optionally the last access - * and last modification times. + * specifying: + * - the file mode (@mode) + * - optionally, the last access and modification times (@times) + * - optionally, a fixed name for the temporary file (@tmp_name) */ gboolean nm_utils_file_set_contents(const char *filename, @@ -424,10 +426,11 @@ nm_utils_file_set_contents(const char *filename, gssize length, mode_t mode, const struct timespec *times, + const char *tmp_name, int *out_errsv, GError **error) { - gs_free char *tmp_name = NULL; + gs_free char *tmp_name_free = NULL; struct stat statbuf; int errsv; gssize s; @@ -442,8 +445,13 @@ nm_utils_file_set_contents(const char *filename, if (length == -1) length = strlen(contents); - tmp_name = g_strdup_printf("%s.XXXXXX", filename); - fd = g_mkstemp_full(tmp_name, O_RDWR | O_CLOEXEC, mode); + if (tmp_name) { + fd = open(tmp_name, O_CREAT | O_RDWR | O_TRUNC | O_CLOEXEC, mode); + } else { + tmp_name_free = g_strdup_printf("%s.XXXXXX", filename); + tmp_name = tmp_name_free; + fd = g_mkstemp_full(tmp_name_free, O_RDWR | O_CLOEXEC, mode); + } if (fd < 0) { return _get_contents_error_errno(error, out_errsv, "failed to create file %s", tmp_name); } diff --git a/src/libnm-glib-aux/nm-io-utils.h b/src/libnm-glib-aux/nm-io-utils.h index 0021138f464..ff02ecb108a 100644 --- a/src/libnm-glib-aux/nm-io-utils.h +++ b/src/libnm-glib-aux/nm-io-utils.h @@ -55,6 +55,7 @@ gboolean nm_utils_file_set_contents(const char *filename, gssize length, mode_t mode, const struct timespec *times, + const char *tmp_name, int *out_errsv, GError **error); diff --git a/src/nm-initrd-generator/nm-initrd-generator.c b/src/nm-initrd-generator/nm-initrd-generator.c index b89b4e413f5..68993c002f3 100644 --- a/src/nm-initrd-generator/nm-initrd-generator.c +++ b/src/nm-initrd-generator/nm-initrd-generator.c @@ -78,7 +78,7 @@ output_conn(gpointer key, gpointer value, gpointer user_data) filename = nm_keyfile_utils_create_filename(basename, TRUE); full_filename = g_build_filename(connections_dir, filename, NULL); - if (!nm_utils_file_set_contents(full_filename, data, len, 0600, NULL, NULL, &error)) + if (!nm_utils_file_set_contents(full_filename, data, len, 0600, NULL, NULL, NULL, &error)) goto err_out; } else g_print("\n*** Connection '%s' ***\n\n%s", basename, data); -- GitLab >From 2d438ebef840cc003e423d3d0ad10e5832b5b49a Mon Sep 17 00:00:00 2001 From: Beniamino Galvani <[email protected]> Date: Tue, 14 Oct 2025 10:42:53 +0200 Subject: [PATCH 2/2] dns: specify a temporary file name when writing no-stub-resolv.conf Using g_file_set_contents() makes it impossible to write a proper SELinux policy because the function creates a file with a random suffix, and SELinux file transitions can't match on wildcards. Use a fixed temporary file name. In this case it's fine because /run/NetworkManager is only writable by root and NetworkManager is the only process writing into it. --- src/core/dns/nm-dns-manager.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/src/core/dns/nm-dns-manager.c b/src/core/dns/nm-dns-manager.c index 57e732264cf..c746e714972 100644 --- a/src/core/dns/nm-dns-manager.c +++ b/src/core/dns/nm-dns-manager.c @@ -26,6 +26,7 @@ #include "libnm-core-intern/nm-core-internal.h" #include "libnm-glib-aux/nm-str-buf.h" +#include "libnm-glib-aux/nm-io-utils.h" #include "NetworkManagerUtils.h" #include "devices/nm-device.h" @@ -1006,7 +1007,8 @@ _read_link_cached(const char *path, gboolean *is_cached, char **cached) #define MY_RESOLV_CONF_TMP MY_RESOLV_CONF ".tmp" #define RESOLV_CONF_TMP "/etc/.resolv.conf.NetworkManager" -#define NO_STUB_RESOLV_CONF NMRUNDIR "/no-stub-resolv.conf" +#define NO_STUB_RESOLV_CONF NMRUNDIR "/no-stub-resolv.conf" +#define NO_STUB_RESOLV_CONF_TMP NMRUNDIR "/no-stub-resolv.conf.tmp" static void update_resolv_conf_no_stub(NMDnsManager *self, @@ -1019,7 +1021,14 @@ update_resolv_conf_no_stub(NMDnsManager *self, content = create_resolv_conf(searches, nameservers, options); - if (!g_file_set_contents(NO_STUB_RESOLV_CONF, content, -1, &local)) { + if (!nm_utils_file_set_contents(NO_STUB_RESOLV_CONF, + content, + -1, + 0644, + NULL, + NO_STUB_RESOLV_CONF_TMP, + NULL, + &local)) { _LOGD("update-resolv-no-stub: failure to write file: %s", local->message); g_error_free(local); return; -- GitLab
